Re: [Qemu-devel] [PATCH v2] ide: ahci: reset ncq object to unused on error
+-- On Fri, 8 Jan 2016, John Snow wrote --+ | > ide_state->status = READY_STAT | ERR_STAT; | > ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); | > +ncq_tfs->used = 0; | > } | | Thanks, applied to my IDE tree: | | https://github.com/jnsnow/qemu/commits/ide | https://github.com/jnsnow/qemu.git Great! Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
[Qemu-devel] [PULL 10/11] qtest/ahci: ATAPI data tests
Simple I/O tests for DMA and PIO pathways in the AHCI HBA.
I believe at this point in time all of the common, major IO pathways
in BMDMA and AHCI are covered by qtests now.
Signed-off-by: John Snow
Message-id: 1452282920-21550-9-git-send-email-js...@redhat.com
---
tests/ahci-test.c | 97 +++
1 file changed, 97 insertions(+)
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index 2bee2a2..31fb1f9 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -1413,6 +1413,98 @@ static void test_ncq_simple(void)
ahci_shutdown(ahci);
}
+static int prepare_iso(size_t size, unsigned char **buf, char **name)
+{
+char cdrom_path[] = "/tmp/qtest.iso.XX";
+unsigned char *patt;
+ssize_t ret;
+int fd = mkstemp(cdrom_path);
+
+g_assert(buf);
+g_assert(name);
+patt = g_malloc(size);
+
+/* Generate a pattern and build a CDROM image to read from */
+generate_pattern(patt, size, ATAPI_SECTOR_SIZE);
+ret = write(fd, patt, size);
+g_assert(ret == size);
+
+*name = g_strdup(cdrom_path);
+*buf = patt;
+return fd;
+}
+
+static void remove_iso(int fd, char *name)
+{
+unlink(name);
+g_free(name);
+close(fd);
+}
+
+static int ahci_cb_cmp_buff(AHCIQState *ahci, AHCICommand *cmd,
+const AHCIOpts *opts)
+{
+unsigned char *tx = opts->opaque;
+unsigned char *rx = g_malloc0(opts->size);
+
+bufread(opts->buffer, rx, opts->size);
+g_assert_cmphex(memcmp(tx, rx, opts->size), ==, 0);
+g_free(rx);
+
+return 0;
+}
+
+static void ahci_test_cdrom(int nsectors, bool dma)
+{
+AHCIQState *ahci;
+unsigned char *tx;
+char *iso;
+int fd;
+AHCIOpts opts = {
+.size = (ATAPI_SECTOR_SIZE * nsectors),
+.atapi = true,
+.atapi_dma = dma,
+.post_cb = ahci_cb_cmp_buff,
+};
+
+/* Prepare ISO and fill 'tx' buffer */
+fd = prepare_iso(1024 * 1024, &tx, &iso);
+opts.opaque = tx;
+
+/* Standard startup wonkery, but use ide-cd and our special iso file */
+ahci = ahci_boot_and_enable("-drive if=none,id=drive0,file=%s,format=raw "
+"-M q35 "
+"-device ide-cd,drive=drive0 ", iso);
+
+/* Build & Send AHCI command */
+ahci_exec(ahci, ahci_port_select(ahci), CMD_ATAPI_READ_10, &opts);
+
+/* Cleanup */
+g_free(tx);
+ahci_shutdown(ahci);
+remove_iso(fd, iso);
+}
+
+static void test_cdrom_dma(void)
+{
+ahci_test_cdrom(1, true);
+}
+
+static void test_cdrom_dma_multi(void)
+{
+ahci_test_cdrom(3, true);
+}
+
+static void test_cdrom_pio(void)
+{
+ahci_test_cdrom(1, false);
+}
+
+static void test_cdrom_pio_multi(void)
+{
+ahci_test_cdrom(3, false);
+}
+
/**/
/* AHCI I/O Test Matrix Definitions
*/
@@ -1697,6 +1789,11 @@ int main(int argc, char **argv)
qtest_add_func("/ahci/io/ncq/retry", test_halted_ncq);
qtest_add_func("/ahci/migrate/ncq/halted", test_migrate_halted_ncq);
+qtest_add_func("/ahci/cdrom/dma/single", test_cdrom_dma);
+qtest_add_func("/ahci/cdrom/dma/multi", test_cdrom_dma_multi);
+qtest_add_func("/ahci/cdrom/pio/single", test_cdrom_pio);
+qtest_add_func("/ahci/cdrom/pio/multi", test_cdrom_pio_multi);
+
ret = g_test_run();
/* Cleanup */
--
2.4.3
[Qemu-devel] [PULL 11/11] libqos/ahci: organize header
Organize the prototypes into nice little sections. Signed-off-by: John Snow Message-id: 1452282920-21550-10-git-send-email-js...@redhat.com --- tests/libqos/ahci.h | 36 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/tests/libqos/ahci.h b/tests/libqos/ahci.h index 2c2d2fc..69dc4d7 100644 --- a/tests/libqos/ahci.h +++ b/tests/libqos/ahci.h @@ -553,14 +553,28 @@ static inline void ahci_px_clr(AHCIQState *ahci, uint8_t port, /*** Prototypes ***/ uint64_t ahci_alloc(AHCIQState *ahci, size_t bytes); void ahci_free(AHCIQState *ahci, uint64_t addr); +void ahci_clean_mem(AHCIQState *ahci); + +/* Device management */ QPCIDevice *get_ahci_device(uint32_t *fingerprint); void free_ahci_device(QPCIDevice *dev); -void ahci_clean_mem(AHCIQState *ahci); void ahci_pci_enable(AHCIQState *ahci); void start_ahci_device(AHCIQState *ahci); void ahci_hba_enable(AHCIQState *ahci); + +/* Port Management */ unsigned ahci_port_select(AHCIQState *ahci); void ahci_port_clear(AHCIQState *ahci, uint8_t port); + +/* Command header / table management */ +unsigned ahci_pick_cmd(AHCIQState *ahci, uint8_t port); +void ahci_get_command_header(AHCIQState *ahci, uint8_t port, + uint8_t slot, AHCICommandHeader *cmd); +void ahci_set_command_header(AHCIQState *ahci, uint8_t port, + uint8_t slot, AHCICommandHeader *cmd); +void ahci_destroy_command(AHCIQState *ahci, uint8_t port, uint8_t slot); + +/* AHCI sanity check routines */ void ahci_port_check_error(AHCIQState *ahci, uint8_t port); void ahci_port_check_interrupts(AHCIQState *ahci, uint8_t port, uint32_t intr_mask); @@ -569,14 +583,12 @@ void ahci_port_check_d2h_sanity(AHCIQState *ahci, uint8_t port, uint8_t slot); void ahci_port_check_pio_sanity(AHCIQState *ahci, uint8_t port, uint8_t slot, size_t buffsize); void ahci_port_check_cmd_sanity(AHCIQState *ahci, AHCICommand *cmd); -void ahci_get_command_header(AHCIQState *ahci, uint8_t port, - uint8_t slot, AHCICommandHeader *cmd); -void ahci_set_command_header(AHCIQState *ahci, uint8_t port, - uint8_t slot, AHCICommandHeader *cmd); -void ahci_destroy_command(AHCIQState *ahci, uint8_t port, uint8_t slot); -void ahci_write_fis(AHCIQState *ahci, AHCICommand *cmd); -unsigned ahci_pick_cmd(AHCIQState *ahci, uint8_t port); + +/* Misc */ +bool is_atapi(AHCIQState *ahci, uint8_t port); unsigned size_to_prdtl(unsigned bytes, unsigned bytes_per_prd); + +/* Command: Macro level execution */ void ahci_guest_io(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd, uint64_t gbuffer, size_t size, uint64_t sector); AHCICommand *ahci_guest_io_halt(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd, @@ -587,7 +599,7 @@ void ahci_io(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd, void ahci_exec(AHCIQState *ahci, uint8_t port, uint8_t op, const AHCIOpts *opts); -/* Command Lifecycle */ +/* Command: Fine-grained lifecycle */ AHCICommand *ahci_command_create(uint8_t command_name); AHCICommand *ahci_atapi_command_create(uint8_t scsi_cmd); void ahci_command_commit(AHCIQState *ahci, AHCICommand *cmd, uint8_t port); @@ -597,7 +609,7 @@ void ahci_command_wait(AHCIQState *ahci, AHCICommand *cmd); void ahci_command_verify(AHCIQState *ahci, AHCICommand *cmd); void ahci_command_free(AHCICommand *cmd); -/* Command adjustments */ +/* Command: adjustments */ void ahci_command_set_flags(AHCICommand *cmd, uint16_t cmdh_flags); void ahci_command_clr_flags(AHCICommand *cmd, uint16_t cmdh_flags); void ahci_command_set_offset(AHCICommand *cmd, uint64_t lba_sect); @@ -611,8 +623,8 @@ void ahci_command_enable_atapi_dma(AHCICommand *cmd); void ahci_command_adjust(AHCICommand *cmd, uint64_t lba_sect, uint64_t gbuffer, uint64_t xbytes, unsigned prd_size); -/* Command Misc */ +/* Command: Misc */ uint8_t ahci_command_slot(AHCICommand *cmd); -bool is_atapi(AHCIQState *ahci, uint8_t port); +void ahci_write_fis(AHCIQState *ahci, AHCICommand *cmd); #endif -- 2.4.3
[Qemu-devel] [PULL 09/11] libqos/ahci: add ahci_exec
add ahci_exec, which is a standard purpose flexible command dispatcher
and tester for the AHCI device. The intent is to eventually cut down on
the absurd amount of boilerplate inside of the AHCI qtest.
Signed-off-by: John Snow
Message-id: 1452282920-21550-8-git-send-email-js...@redhat.com
---
tests/libqos/ahci.c | 76 +
tests/libqos/ahci.h | 17
2 files changed, 93 insertions(+)
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index 0fa9bf2..6d1298b 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -601,6 +601,82 @@ inline unsigned size_to_prdtl(unsigned bytes, unsigned
bytes_per_prd)
return (bytes + bytes_per_prd - 1) / bytes_per_prd;
}
+const AHCIOpts default_opts = { .size = 0 };
+
+/**
+ * ahci_exec: execute a given command on a specific
+ * AHCI port.
+ *
+ * @ahci: The device to send the command to
+ * @port: The port number of the SATA device we wish
+ *to have execute this command
+ * @op: The S/ATA command to execute, or if opts.atapi
+ *is true, the SCSI command code.
+ * @opts: Optional arguments to modify execution behavior.
+ */
+void ahci_exec(AHCIQState *ahci, uint8_t port,
+ uint8_t op, const AHCIOpts *opts_in)
+{
+AHCICommand *cmd;
+int rc;
+AHCIOpts *opts;
+
+opts = g_memdup((opts_in == NULL ? &default_opts : opts_in),
+sizeof(AHCIOpts));
+
+/* No guest buffer provided, create one. */
+if (opts->size && !opts->buffer) {
+opts->buffer = ahci_alloc(ahci, opts->size);
+g_assert(opts->buffer);
+qmemset(opts->buffer, 0x00, opts->size);
+}
+
+/* Command creation */
+if (opts->atapi) {
+cmd = ahci_atapi_command_create(op);
+if (opts->atapi_dma) {
+ahci_command_enable_atapi_dma(cmd);
+}
+} else {
+cmd = ahci_command_create(op);
+}
+ahci_command_adjust(cmd, opts->lba, opts->buffer,
+opts->size, opts->prd_size);
+
+if (opts->pre_cb) {
+rc = opts->pre_cb(ahci, cmd, opts);
+g_assert_cmpint(rc, ==, 0);
+}
+
+/* Write command to memory and issue it */
+ahci_command_commit(ahci, cmd, port);
+ahci_command_issue_async(ahci, cmd);
+if (opts->error) {
+qmp_eventwait("STOP");
+}
+if (opts->mid_cb) {
+rc = opts->mid_cb(ahci, cmd, opts);
+g_assert_cmpint(rc, ==, 0);
+}
+if (opts->error) {
+qmp_async("{'execute':'cont' }");
+qmp_eventwait("RESUME");
+}
+
+/* Wait for command to complete and verify sanity */
+ahci_command_wait(ahci, cmd);
+ahci_command_verify(ahci, cmd);
+if (opts->post_cb) {
+rc = opts->post_cb(ahci, cmd, opts);
+g_assert_cmpint(rc, ==, 0);
+}
+ahci_command_free(cmd);
+if (opts->buffer != opts_in->buffer) {
+ahci_free(ahci, opts->buffer);
+}
+g_free(opts);
+}
+
/* Issue a command, expecting it to fail and STOP the VM */
AHCICommand *ahci_guest_io_halt(AHCIQState *ahci, uint8_t port,
uint8_t ide_cmd, uint64_t buffer,
diff --git a/tests/libqos/ahci.h b/tests/libqos/ahci.h
index 705fbd6..2c2d2fc 100644
--- a/tests/libqos/ahci.h
+++ b/tests/libqos/ahci.h
@@ -462,6 +462,21 @@ typedef struct PRD {
/* Opaque, defined within ahci.c */
typedef struct AHCICommand AHCICommand;
+/* Options to ahci_exec */
+typedef struct AHCIOpts {
+size_t size;
+unsigned prd_size;
+uint64_t lba;
+uint64_t buffer;
+bool atapi;
+bool atapi_dma;
+bool error;
+int (*pre_cb)(AHCIQState*, AHCICommand*, const struct AHCIOpts *);
+int (*mid_cb)(AHCIQState*, AHCICommand*, const struct AHCIOpts *);
+int (*post_cb)(AHCIQState*, AHCICommand*, const struct AHCIOpts *);
+void *opaque;
+} AHCIOpts;
+
/*** Macro Utilities ***/
#define BITANY(data, mask) (((data) & (mask)) != 0)
#define BITSET(data, mask) (((data) & (mask)) == (mask))
@@ -569,6 +584,8 @@ AHCICommand *ahci_guest_io_halt(AHCIQState *ahci, uint8_t
port, uint8_t ide_cmd,
void ahci_guest_io_resume(AHCIQState *ahci, AHCICommand *cmd);
void ahci_io(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd,
void *buffer, size_t bufsize, uint64_t sector);
+void ahci_exec(AHCIQState *ahci, uint8_t port,
+ uint8_t op, const AHCIOpts *opts);
/* Command Lifecycle */
AHCICommand *ahci_command_create(uint8_t command_name);
--
2.4.3
[Qemu-devel] [PULL 07/11] libqos: allow zero-size allocations
As part of streamlining the AHCI tests interface, it'd be nice
if specying a size of zero could be handled without special branches
and the allocator could handle this special case gracefully.
This lets me use the "ahci_io" macros for non-data commands, too,
which moves me forward towards shepherding all AHCI qtests into
a common set of commands in a unified pipeline.
Signed-off-by: John Snow
Message-id: 1452282920-21550-6-git-send-email-js...@redhat.com
---
tests/ahci-test.c | 8 +---
tests/libqos/ahci.c | 6 +++---
tests/libqos/malloc.c | 4
3 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index 8ebbd33..8c48587 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -890,18 +890,12 @@ static void ahci_test_io_rw_simple(AHCIQState *ahci,
unsigned bufsize,
static uint8_t ahci_test_nondata(AHCIQState *ahci, uint8_t ide_cmd)
{
uint8_t port;
-AHCICommand *cmd;
/* Sanitize */
port = ahci_port_select(ahci);
ahci_port_clear(ahci, port);
-/* Issue Command */
-cmd = ahci_command_create(ide_cmd);
-ahci_command_commit(ahci, cmd, port);
-ahci_command_issue(ahci, cmd);
-ahci_command_verify(ahci, cmd);
-ahci_command_free(cmd);
+ahci_io(ahci, port, ide_cmd, NULL, 0, 0);
return port;
}
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index a219f67..df29560 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -668,16 +668,16 @@ void ahci_io(AHCIQState *ahci, uint8_t port, uint8_t
ide_cmd,
props = ahci_command_find(ide_cmd);
g_assert(props);
ptr = ahci_alloc(ahci, bufsize);
-g_assert(ptr);
+g_assert(!bufsize || ptr);
qmemset(ptr, 0x00, bufsize);
-if (props->write) {
+if (bufsize && props->write) {
bufwrite(ptr, buffer, bufsize);
}
ahci_guest_io(ahci, port, ide_cmd, ptr, bufsize, sector);
-if (props->read) {
+if (bufsize && props->read) {
bufread(ptr, buffer, bufsize);
}
diff --git a/tests/libqos/malloc.c b/tests/libqos/malloc.c
index 82b9df5..19d05ca 100644
--- a/tests/libqos/malloc.c
+++ b/tests/libqos/malloc.c
@@ -270,6 +270,10 @@ uint64_t guest_alloc(QGuestAllocator *allocator, size_t
size)
uint64_t rsize = size;
uint64_t naddr;
+if (!size) {
+return 0;
+}
+
rsize += (allocator->page_size - 1);
rsize &= -allocator->page_size;
g_assert_cmpint((allocator->start + rsize), <=, allocator->end);
--
2.4.3
[Qemu-devel] [PULL 08/11] libqos/ahci: allow nondata commands for ahci_io variants
These variants try to set a data offset, even if you don't specify one.
In the cases where the offset is zero and it's a nondata command, just
ignore the instruction.
Signed-off-by: John Snow
Message-id: 1452282920-21550-7-git-send-email-js...@redhat.com
---
tests/ahci-test.c | 14 ++
tests/libqos/ahci.c | 3 +++
2 files changed, 5 insertions(+), 12 deletions(-)
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index 8c48587..2bee2a2 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -1080,7 +1080,6 @@ static void test_flush_retry(void)
AHCIQState *ahci;
AHCICommand *cmd;
uint8_t port;
-const char *s;
prepare_blkdebug_script(debug_path, "flush_to_disk");
ahci = ahci_boot_and_enable("-drive file=blkdebug:%s:%s,if=none,id=drive0,"
@@ -1094,19 +1093,10 @@ static void test_flush_retry(void)
/* Issue Flush Command and wait for error */
port = ahci_port_select(ahci);
ahci_port_clear(ahci, port);
-cmd = ahci_command_create(CMD_FLUSH_CACHE);
-ahci_command_commit(ahci, cmd, port);
-ahci_command_issue_async(ahci, cmd);
-qmp_eventwait("STOP");
-/* Complete the command */
-s = "{'execute':'cont' }";
-qmp_async(s);
-qmp_eventwait("RESUME");
-ahci_command_wait(ahci, cmd);
-ahci_command_verify(ahci, cmd);
+cmd = ahci_guest_io_halt(ahci, port, CMD_FLUSH_CACHE, 0, 0, 0);
+ahci_guest_io_resume(ahci, cmd);
-ahci_command_free(cmd);
ahci_shutdown(ahci);
}
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index df29560..0fa9bf2 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -844,6 +844,9 @@ void ahci_command_set_offset(AHCICommand *cmd, uint64_t
lba_sect)
if (cmd->props->atapi) {
ahci_atapi_command_set_offset(cmd, lba_sect);
return;
+} else if (!cmd->props->data && !lba_sect) {
+/* Not meaningful, ignore. */
+return;
} else if (cmd->props->lba28) {
g_assert_cmphex(lba_sect, <=, 0xFFF);
} else if (cmd->props->lba48 || cmd->props->ncq) {
--
2.4.3
[Qemu-devel] [PULL 03/11] ahci-test: fix memory leak
Use the proper free command to detroy an AHCICommand. Signed-off-by: John Snow Message-id: 1452282920-21550-2-git-send-email-js...@redhat.com --- tests/ahci-test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ahci-test.c b/tests/ahci-test.c index 0888506..f4945dc 100644 --- a/tests/ahci-test.c +++ b/tests/ahci-test.c @@ -1045,14 +1045,14 @@ static void test_dma_fragmented(void) ahci_command_commit(ahci, cmd, px); ahci_command_issue(ahci, cmd); ahci_command_verify(ahci, cmd); -g_free(cmd); +ahci_command_free(cmd); cmd = ahci_command_create(CMD_READ_DMA); ahci_command_adjust(cmd, 0, ptr, bufsize, 32); ahci_command_commit(ahci, cmd, px); ahci_command_issue(ahci, cmd); ahci_command_verify(ahci, cmd); -g_free(cmd); +ahci_command_free(cmd); /* Read back the guest's receive buffer into local memory */ bufread(ptr, rx, bufsize); -- 2.4.3
[Qemu-devel] [PULL 05/11] libqos/ahci: ATAPI identify
We need to say "hello!" to our ATAPI friends
in a slightly different manner.
Signed-off-by: John Snow
Message-id: 1452282920-21550-4-git-send-email-js...@redhat.com
---
tests/ahci-test.c | 8 +++-
tests/libqos/ahci.c | 5 +
tests/libqos/ahci.h | 1 +
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index f4945dc..8ebbd33 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -215,6 +215,7 @@ static AHCIQState *ahci_boot_and_enable(const char *cli,
...)
va_list ap;
uint16_t buff[256];
uint8_t port;
+uint8_t hello;
if (cli) {
va_start(ap, cli);
@@ -229,7 +230,12 @@ static AHCIQState *ahci_boot_and_enable(const char *cli,
...)
/* Initialize test device */
port = ahci_port_select(ahci);
ahci_port_clear(ahci, port);
-ahci_io(ahci, port, CMD_IDENTIFY, &buff, sizeof(buff), 0);
+if (is_atapi(ahci, port)) {
+hello = CMD_PACKET_ID;
+} else {
+hello = CMD_IDENTIFY;
+}
+ahci_io(ahci, port, hello, &buff, sizeof(buff), 0);
return ahci;
}
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index 59bf893..81edf34 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -114,6 +114,11 @@ void ahci_free(AHCIQState *ahci, uint64_t addr)
qfree(ahci->parent, addr);
}
+bool is_atapi(AHCIQState *ahci, uint8_t port)
+{
+return ahci_px_rreg(ahci, port, AHCI_PX_SIG) == AHCI_SIGNATURE_CDROM;
+}
+
/**
* Locate, verify, and return a handle to the AHCI device.
*/
diff --git a/tests/libqos/ahci.h b/tests/libqos/ahci.h
index 9ffd415..705fbd6 100644
--- a/tests/libqos/ahci.h
+++ b/tests/libqos/ahci.h
@@ -596,5 +596,6 @@ void ahci_command_adjust(AHCICommand *cmd, uint64_t
lba_sect, uint64_t gbuffer,
/* Command Misc */
uint8_t ahci_command_slot(AHCICommand *cmd);
+bool is_atapi(AHCIQState *ahci, uint8_t port);
#endif
--
2.4.3
[Qemu-devel] [PULL 04/11] libqos/ahci: ATAPI support
Add pathways to tolerate ATAPI commands.
Notably, unlike ATA, each SCSI command's layout is a little different,
so support will have to be patched in for each command as we want to
test them in e.g. ahci_command_set_sizes and ahci_command_set_offset.
For now, I'm adding support for 0x28, READ (10).
Signed-off-by: John Snow
Message-id: 1452282920-21550-3-git-send-email-js...@redhat.com
---
tests/libqos/ahci.c | 83 ++---
tests/libqos/ahci.h | 14 +
2 files changed, 93 insertions(+), 4 deletions(-)
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index adb2665..59bf893 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -74,7 +74,11 @@ AHCICommandProp ahci_command_properties[] = {
.lba48 = true, .write = true, .ncq = true },
{ .cmd = CMD_READ_MAX, .lba28 = true },
{ .cmd = CMD_READ_MAX_EXT, .lba48 = true },
-{ .cmd = CMD_FLUSH_CACHE,.data = false }
+{ .cmd = CMD_FLUSH_CACHE,.data = false },
+{ .cmd = CMD_PACKET, .data = true, .size = 16,
+ .atapi = true, },
+{ .cmd = CMD_PACKET_ID, .data = true, .pio = true,
+ .size = 512, .read = true }
};
struct AHCICommand {
@@ -90,7 +94,7 @@ struct AHCICommand {
/* Data to be transferred to the guest */
AHCICommandHeader header;
RegH2DFIS fis;
-void *atapi_cmd;
+unsigned char *atapi_cmd;
};
/**
@@ -731,6 +735,13 @@ static void command_table_init(AHCICommand *cmd)
memset(fis->aux, 0x00, ARRAY_SIZE(fis->aux));
}
+void ahci_command_enable_atapi_dma(AHCICommand *cmd)
+{
+RegH2DFIS *fis = &(cmd->fis);
+g_assert(cmd->props->atapi);
+fis->feature_low |= 0x01;
+}
+
AHCICommand *ahci_command_create(uint8_t command_name)
{
AHCICommandProp *props = ahci_command_find(command_name);
@@ -767,8 +778,22 @@ AHCICommand *ahci_command_create(uint8_t command_name)
return cmd;
}
+AHCICommand *ahci_atapi_command_create(uint8_t scsi_cmd)
+{
+AHCICommand *cmd = ahci_command_create(CMD_PACKET);
+cmd->atapi_cmd = g_malloc0(16);
+cmd->atapi_cmd[0] = scsi_cmd;
+/* ATAPI needs a PIO transfer chunk size set inside of the LBA registers.
+ * The block/sector size is a natural default. */
+cmd->fis.lba_lo[1] = ATAPI_SECTOR_SIZE >> 8 & 0xFF;
+cmd->fis.lba_lo[2] = ATAPI_SECTOR_SIZE & 0xFF;
+
+return cmd;
+}
+
void ahci_command_free(AHCICommand *cmd)
{
+g_free(cmd->atapi_cmd);
g_free(cmd);
}
@@ -782,10 +807,33 @@ void ahci_command_clr_flags(AHCICommand *cmd, uint16_t
cmdh_flags)
cmd->header.flags &= ~cmdh_flags;
}
+static void ahci_atapi_command_set_offset(AHCICommand *cmd, uint64_t lba)
+{
+unsigned char *cbd = cmd->atapi_cmd;
+uint32_t *lba32;
+g_assert(cbd);
+
+switch (cbd[0]) {
+case CMD_ATAPI_READ_10:
+g_assert_cmpuint(lba, <=, UINT32_MAX);
+lba32 = (uint32_t *)&(cbd[2]);
+*lba32 = cpu_to_be32(lba);
+break;
+default:
+/* SCSI doesn't have uniform packet formats,
+ * so you have to add support for it manually. Sorry! */
+g_assert_not_reached();
+}
+}
+
void ahci_command_set_offset(AHCICommand *cmd, uint64_t lba_sect)
{
RegH2DFIS *fis = &(cmd->fis);
-if (cmd->props->lba28) {
+
+if (cmd->props->atapi) {
+ahci_atapi_command_set_offset(cmd, lba_sect);
+return;
+} else if (cmd->props->lba28) {
g_assert_cmphex(lba_sect, <=, 0xFFF);
} else if (cmd->props->lba48 || cmd->props->ncq) {
g_assert_cmphex(lba_sect, <=, 0x);
@@ -811,6 +859,26 @@ void ahci_command_set_buffer(AHCICommand *cmd, uint64_t
buffer)
cmd->buffer = buffer;
}
+static void ahci_atapi_set_size(AHCICommand *cmd, uint64_t xbytes)
+{
+unsigned char *cbd = cmd->atapi_cmd;
+uint64_t nsectors = xbytes / 2048;
+uint16_t *nsector16;
+g_assert(cbd);
+
+switch (cbd[0]) {
+case CMD_ATAPI_READ_10:
+g_assert_cmpuint(nsectors, <=, UINT16_MAX);
+nsector16 = (uint16_t *)&(cbd[7]);
+*nsector16 = cpu_to_be16(nsectors);
+break;
+default:
+/* SCSI doesn't have uniform packet formats,
+ * so you have to add support for it manually. Sorry! */
+g_assert_not_reached();
+}
+}
+
void ahci_command_set_sizes(AHCICommand *cmd, uint64_t xbytes,
unsigned prd_size)
{
@@ -829,6 +897,8 @@ void ahci_command_set_sizes(AHCICommand *cmd, uint64_t
xbytes,
NCQFIS *nfis = (NCQFIS *)&(cmd->fis);
nfis->sector_low = sect_count & 0xFF;
nfis->sector_hi = (sect_count >> 8) & 0xFF;
+} else if (cmd->props->atapi) {
+ahci_atapi_set_size(cmd, xbytes);
} else {
cmd->fis.count = sect_count;
}
@@ -877,9 +947,14 @@ void ahci_command_commit(AHCIQState *ahci, AHCICommand
*cmd, uint8_t port)
g_assert((table_pt
[Qemu-devel] [PULL 06/11] libqos/ahci: Switch to mutable properties
ATAPI commands are, unfortunately, weird in that they can
be either DMA or PIO depending on a header bit. In order to
accommodate them, I'll need to make AHCI command properties
mutable so we can toggle between which "flavor" of ATAPI command
we want to test.
The default ATAPI transfer mechanism is PIO and the default
properties are adjusted accordingly.
Signed-off-by: John Snow
Message-id: 1452282920-21550-5-git-send-email-js...@redhat.com
---
tests/libqos/ahci.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index 81edf34..a219f67 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -76,7 +76,7 @@ AHCICommandProp ahci_command_properties[] = {
{ .cmd = CMD_READ_MAX_EXT, .lba48 = true },
{ .cmd = CMD_FLUSH_CACHE,.data = false },
{ .cmd = CMD_PACKET, .data = true, .size = 16,
- .atapi = true, },
+ .atapi = true, .pio = true },
{ .cmd = CMD_PACKET_ID, .data = true, .pio = true,
.size = 512, .read = true }
};
@@ -745,6 +745,11 @@ void ahci_command_enable_atapi_dma(AHCICommand *cmd)
RegH2DFIS *fis = &(cmd->fis);
g_assert(cmd->props->atapi);
fis->feature_low |= 0x01;
+cmd->interrupts &= ~AHCI_PX_IS_PSS;
+cmd->props->dma = true;
+cmd->props->pio = false;
+/* BUG: We expect the DMA Setup interrupt for DMA commands */
+/* cmd->interrupts |= AHCI_PX_IS_DSS; */
}
AHCICommand *ahci_command_create(uint8_t command_name)
@@ -761,7 +766,7 @@ AHCICommand *ahci_command_create(uint8_t command_name)
g_assert(!props->ncq || props->lba48);
/* Defaults and book-keeping */
-cmd->props = props;
+cmd->props = g_memdup(props, sizeof(AHCICommandProp));
cmd->name = command_name;
cmd->xbytes = props->size;
cmd->prd_size = 4096;
@@ -799,6 +804,7 @@ AHCICommand *ahci_atapi_command_create(uint8_t scsi_cmd)
void ahci_command_free(AHCICommand *cmd)
{
g_free(cmd->atapi_cmd);
+g_free(cmd->props);
g_free(cmd);
}
--
2.4.3
[Qemu-devel] [PULL 01/11] macio: fix overflow in lba to offset conversion for ATAPI devices
From: Mark Cave-Ayland As the IDEState lba field is an int32_t, make sure we cast to int64_t before shifting to calculate the offset. Otherwise we end up with an overflow when trying to access sectors beyond 2GB as can occur when using DVD images. [Maintainer edit: fixed extraneous parentheses. --js] Signed-off-by: Mark Cave-Ayland Reviewed-by: John Snow Message-id: 1451928613-29476-1-git-send-email-mark.cave-ayl...@ilande.co.uk Signed-off-by: John Snow --- hw/ide/macio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/ide/macio.c b/hw/ide/macio.c index 3ee962f..1678b2f 100644 --- a/hw/ide/macio.c +++ b/hw/ide/macio.c @@ -280,7 +280,7 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret) } /* Calculate current offset */ -offset = (int64_t)(s->lba << 11) + s->io_buffer_index; +offset = ((int64_t)s->lba << 11) + s->io_buffer_index; pmac_dma_read(s->blk, offset, io->len, pmac_ide_atapi_transfer_cb, io); return; -- 2.4.3
[Qemu-devel] [PULL 02/11] ide: ahci: reset ncq object to unused on error
From: Prasad J Pandit When processing NCQ commands, ACHI device emulation prepares a NCQ transfer object; To which an aio control block(aiocb) object is assigned in 'execute_ncq_command'. In case, when the NCQ command is invalid, the 'aiocb' object is not assigned, and NCQ transfer object is left as 'used'. This leads to a use after free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'. Reset NCQ transfer object to 'unused' to avoid it. Reported-by: Qinghao Tang Signed-off-by: Prasad J Pandit Reviewed-by: John Snow Message-id: 1452282511-4116-1-git-send-email-ppan...@redhat.com Signed-off-by: John Snow --- hw/ide/ahci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index dd1912e..17f1cbd 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs) ide_state->error = ABRT_ERR; ide_state->status = READY_STAT | ERR_STAT; ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); +ncq_tfs->used = 0; } static void ncq_finish(NCQTransferState *ncq_tfs) -- 2.4.3
[Qemu-devel] [PULL 00/11] Ide patches
The following changes since commit 38a762fec63fd5c035aae29ba9a77d357e21e4a7: Merge remote-tracking branch 'remotes/berrange/tags/pull-crypto-fixes-2015-12-23-1' into staging (2015-12-23 13:53:32 +) are available in the git repository at: https://github.com/jnsnow/qemu.git tags/ide-pull-request for you to fetch changes up to 4160ad843841df21de296016fb77f986e693bed2: libqos/ahci: organize header (2016-01-08 15:22:34 -0500) John Snow (9): ahci-test: fix memory leak libqos/ahci: ATAPI support libqos/ahci: ATAPI identify libqos/ahci: Switch to mutable properties libqos: allow zero-size allocations libqos/ahci: allow nondata commands for ahci_io variants libqos/ahci: add ahci_exec qtest/ahci: ATAPI data tests libqos/ahci: organize header Mark Cave-Ayland (1): macio: fix overflow in lba to offset conversion for ATAPI devices Prasad J Pandit (1): ide: ahci: reset ncq object to unused on error hw/ide/ahci.c | 1 + hw/ide/macio.c| 2 +- tests/ahci-test.c | 131 ++-- tests/libqos/ahci.c | 181 +++--- tests/libqos/ahci.h | 66 +++--- tests/libqos/malloc.c | 4 ++ 6 files changed, 343 insertions(+), 42 deletions(-) -- 2.4.3
Re: [Qemu-devel] [PATCH v4 2/5] Add Error **errp for xen_host_pci_device_get()
On 01/08/2016 01:37 AM, Cao jin wrote:
> To catch the error msg. Also modify the caller
>
> Signed-off-by: Cao jin
> ---
> hw/xen/xen-host-pci-device.c | 134
> ++-
> hw/xen/xen-host-pci-device.h | 5 +-
> hw/xen/xen_pt.c | 13 +++--
> 3 files changed, 81 insertions(+), 71 deletions(-)
>
> @@ -40,16 +40,16 @@ static int xen_host_pci_sysfs_path(const XenHostPCIDevice
> *d,
>d->domain, d->bus, d->dev, d->func, name);
>
> if (rc >= size || rc < 0) {
> -/* The output is truncated, or some other error was encountered */
> -return -ENODEV;
> +/* The output is truncated, or some other error was encountered.
> + * Assert here since user can do nothing in case of failure */
> +assert(0);
> }
Might be shorter to drop the 'if' block, and just write:
assert(rc >= 0 && rc < size);
where you then don't need a comment, because the body of the assert() is
then more specific on the caller's responsibility for passing in a
decent size argument.
> buf[rc] = 0;
> rc = qemu_strtoul(buf, &endptr, base, &value);
Do you still need a local 'value' variable, or can you just reuse pvalue
here?
> if (!rc) {
> *pvalue = value;
> +} else if (rc == -EINVAL) {
> +error_setg(errp, "strtoul: Invalid argument");
> +} else {
> +error_setg_errno(errp, errno, "strtoul err");
Still not quite right - you are not guaranteed that 'errno' is sane
after qemu_strtoul(), only that -rc is sane. And feels repetitive.
Better might be:
rc = qemu_strtoul(buf, &endptr, base, pvalue);
if (rc) {
error_setg_errno(errp, -rc, "failed to parse value '%s'", buf);
}
> -static inline int xen_host_pci_get_hex_value(XenHostPCIDevice *d,
> +static inline void xen_host_pci_get_hex_value(XenHostPCIDevice *d,
> const char *name,
> - unsigned int *pvalue)
> + unsigned int *pvalue,
> + Error **errp)
Indentation is off.
> {
> -return xen_host_pci_get_value(d, name, pvalue, 16);
> +xen_host_pci_get_value(d, name, pvalue, 16, errp);
> }
>
> -static inline int xen_host_pci_get_dec_value(XenHostPCIDevice *d,
> +static inline void xen_host_pci_get_dec_value(XenHostPCIDevice *d,
> const char *name,
> - unsigned int *pvalue)
> + unsigned int *pvalue,
> + Error **errp)
and again.
> -int xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t domain,
> -uint8_t bus, uint8_t dev, uint8_t func)
> +void xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t domain,
> +uint8_t bus, uint8_t dev, uint8_t func,
> +Error **errp)
and again.
> +++ b/hw/xen/xen-host-pci-device.h
> @@ -36,8 +36,9 @@ typedef struct XenHostPCIDevice {
> int config_fd;
> } XenHostPCIDevice;
>
> -int xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t domain,
> -uint8_t bus, uint8_t dev, uint8_t func);
> +void xen_host_pci_device_get(XenHostPCIDevice *d, uint16_t domain,
> +uint8_t bus, uint8_t dev, uint8_t func,
> +Error **errp);
and again
> @@ -774,11 +775,13 @@ static int xen_pt_initfn(PCIDevice *d)
> s->hostaddr.bus, s->hostaddr.slot, s->hostaddr.function,
> s->dev.devfn);
>
> -rc = xen_host_pci_device_get(&s->real_device,
> - s->hostaddr.domain, s->hostaddr.bus,
> - s->hostaddr.slot, s->hostaddr.function);
> -if (rc) {
> -XEN_PT_ERR(d, "Failed to \"open\" the real pci device. rc: %i\n",
> rc);
> +xen_host_pci_device_get(&s->real_device,
> +s->hostaddr.domain, s->hostaddr.bus,
> +s->hostaddr.slot, s->hostaddr.function,
> +&err);
> +if (err) {
> +error_append_hint(&err, "Failed to \"open\" the real pci device");
Markus may have an opinion on whether his new error_prepend code is a
better fit (error_append_hint lists _after_ the original failure, but it
sounds like you want "failed to open the real pci device: low level
details").
But looks like you're getting closer.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH 2/4] macio: add dma_active to VMStateDescription
On 01/06/2016 04:17 PM, Mark Cave-Ayland wrote:
> On 06/01/16 20:57, John Snow wrote:
>
>> On 01/06/2016 03:37 PM, Mark Cave-Ayland wrote:
>>> Make sure that we include the value of dma_active in the migration stream.
>>>
>>> Signed-off-by: Mark Cave-Ayland
>>> ---
>>> hw/ide/macio.c |3 ++-
>>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/hw/ide/macio.c b/hw/ide/macio.c
>>> index 560c071..695d4d2 100644
>>> --- a/hw/ide/macio.c
>>> +++ b/hw/ide/macio.c
>>> @@ -518,11 +518,12 @@ static const MemoryRegionOps pmac_ide_ops = {
>>>
>>> static const VMStateDescription vmstate_pmac = {
>>> .name = "ide",
>>> -.version_id = 3,
>>> +.version_id = 4,
>>> .minimum_version_id = 0,
>>> .fields = (VMStateField[]) {
>>> VMSTATE_IDE_BUS(bus, MACIOIDEState),
>>> VMSTATE_IDE_DRIVES(bus.ifs, MACIOIDEState),
>>> +VMSTATE_BOOL(dma_active, MACIOIDEState),
>>> VMSTATE_END_OF_LIST()
>>> }
>>> };
>>>
>>
>> Did you wind up ever observing this value to be non-zero when it was
>> written to the migration stream?
>>
>> I really did think that we should be able to assume this was always
>> false due to how migration will drain all outstanding AIO, but maybe I
>> am mistaken.
>
> I think this can happen because Darwin/MacOS sets the DBDMA processor
> running first *before* the IDE request is issued, compared to pretty
> much every other OS which issues the IDE request *first* which then in
> turn invokes the DMA engine (which is the general assumption in the QEMU
> IDE/DMA APIs).
>
> So there could be a window where the DBDMA is programmed and active but
> migration takes place before the corresponding IDE request has been
> issued (which is exactly the situation that this flag handles).
>
>
> ATB,
>
> Mark.
>
sadly that seems to be the case. ide_dbdma_start looks like it can yield
through DBDMA_kick, so there's time for things to go awry.
Acked-by: John Snow
I had an off-list discussion with David Gilbert on how the migration
fields work here -- this will introduce a hard incompatibility between
pre-2.5 and post-2.5, which might be fine since Mac has never really
quite worked correctly anyway.
If you want to worry about compatibility, David advised me that a
conditional subsection might be appropriate:
since dma_active is /usually/ false, we can use this as a flag for
deciding to migrate it or not: i.e. if it's false, we skip the field and
the receiver assumes it's false in post_load, or if we migrate to an
older version, it never has to worry about it.
If it's true, you get a migration error that says the subsection wasn't
found, but you get to try to migrate again -- it's kind of a cheesy way
to say that you can't migrate to older versions while the DMA is active.
Future versions can accept the true boolean, though.
HTH
--js
Re: [Qemu-devel] [PATCH v2 0/9] ahci: atapi qtests
On 01/08/2016 02:55 PM, John Snow wrote: > Add ATAPI support into libqos/ahci, and write a few tests for it. > > This is the last "batch" of planned qtests for s/ata -- basic i/o > testing of HDDs and CDROMs on both PCI and AHCI should be complete > after this series. > > v2: Rebase and resend for 2.6. > > > > For convenience, this branch is available at: > https://github.com/jnsnow/qemu.git branch ahci-atapi-qtests > https://github.com/jnsnow/qemu/tree/ahci-atapi-qtests > > This version is tagged ahci-atapi-qtests-v2: > https://github.com/jnsnow/qemu/releases/tag/ahci-atapi-qtests-v2 > > John Snow (9): > ahci-test: fix memory leak > libqos/ahci: ATAPI support > libqos/ahci: ATAPI identify > libqos/ahci: Switch to mutable properties > libqos: allow zero-size allocations > libqos/ahci: allow nondata commands for ahci_io variants > libqos/ahci: add ahci_exec > qtest/ahci: ATAPI data tests > libqos/ahci: organize header > > tests/ahci-test.c | 131 ++-- > tests/libqos/ahci.c | 181 > +++--- > tests/libqos/ahci.h | 66 +++--- > tests/libqos/malloc.c | 4 ++ > 4 files changed, 341 insertions(+), 41 deletions(-) > Staging these right away as they are unchanged from the 2.5 version which didn't arouse any ire, and they are just tests. Thanks, applied to my IDE tree: https://github.com/jnsnow/qemu/commits/ide https://github.com/jnsnow/qemu.git --js
Re: [Qemu-devel] [PATCH 2/8] ipmi: add get and set SENSOR_TYPE commands
Acked-by: Corey Minyard
I agree with Greg's comments, too.
-corey
On 01/05/2016 11:29 AM, Cédric Le Goater wrote:
Signed-off-by: Cédric Le Goater
---
hw/ipmi/ipmi_bmc_sim.c | 51 --
1 file changed, 49 insertions(+), 2 deletions(-)
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index 559e1398d669..061db8437479 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -37,13 +37,15 @@
#define IPMI_CMD_CHASSIS_CONTROL 0x02
#define IPMI_NETFN_SENSOR_EVENT 0x04
-#define IPMI_NETFN_SENSOR_EVENT_MAXCMD0x2e
+#define IPMI_NETFN_SENSOR_EVENT_MAXCMD0x30
#define IPMI_CMD_SET_SENSOR_EVT_ENABLE0x28
#define IPMI_CMD_GET_SENSOR_EVT_ENABLE0x29
#define IPMI_CMD_REARM_SENSOR_EVTS0x2a
#define IPMI_CMD_GET_SENSOR_EVT_STATUS0x2b
#define IPMI_CMD_GET_SENSOR_READING 0x2d
+#define IPMI_CMD_SET_SENSOR_TYPE 0x2e
+#define IPMI_CMD_GET_SENSOR_TYPE 0x2f
/* #define IPMI_NETFN_APP 0x06 In ipmi.h */
#define IPMI_NETFN_APP_MAXCMD 0x36
@@ -1576,6 +1578,49 @@ static void get_sensor_reading(IPMIBmcSim *ibs,
return;
}
+static void set_sensor_type(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+IPMISensor *sens;
+
+
+IPMI_CHECK_CMD_LEN(5);
+if ((cmd[2] > MAX_SENSORS) ||
+!IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT;
+goto out;
+}
+sens = ibs->sensors + cmd[2];
+sens->sensor_type = cmd[3];
+sens->evt_reading_type_code = cmd[4] & 0x7f;
+
+ out:
+return;
+}
+
+static void get_sensor_type(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+IPMISensor *sens;
+
+
+IPMI_CHECK_CMD_LEN(3);
+if ((cmd[2] > MAX_SENSORS) ||
+!IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT;
+goto out;
+}
+sens = ibs->sensors + cmd[2];
+IPMI_ADD_RSP_DATA(sens->sensor_type);
+IPMI_ADD_RSP_DATA(sens->evt_reading_type_code);
+ out:
+return;
+}
+
static const IPMICmdHandler chassis_cmds[IPMI_NETFN_CHASSIS_MAXCMD] = {
[IPMI_CMD_GET_CHASSIS_CAPABILITIES] = chassis_capabilities,
[IPMI_CMD_GET_CHASSIS_STATUS] = chassis_status,
@@ -1592,7 +1637,9 @@ sensor_event_cmds[IPMI_NETFN_SENSOR_EVENT_MAXCMD] = {
[IPMI_CMD_GET_SENSOR_EVT_ENABLE] = get_sensor_evt_enable,
[IPMI_CMD_REARM_SENSOR_EVTS] = rearm_sensor_evts,
[IPMI_CMD_GET_SENSOR_EVT_STATUS] = get_sensor_evt_status,
-[IPMI_CMD_GET_SENSOR_READING] = get_sensor_reading
+[IPMI_CMD_GET_SENSOR_READING] = get_sensor_reading,
+[IPMI_CMD_SET_SENSOR_TYPE] = set_sensor_type,
+[IPMI_CMD_GET_SENSOR_TYPE] = get_sensor_type,
};
static const IPMINetfn sensor_event_netfn = {
.cmd_nums = IPMI_NETFN_SENSOR_EVENT_MAXCMD,
Re: [Qemu-devel] [PATCH 3/8] ipmi: add GET_SYS_RESTART_CAUSE chassis command
Acked-by: Corey Minyard
On 01/05/2016 11:29 AM, Cédric Le Goater wrote:
This is a simulator. Just return an unknown cause (0).
Signed-off-by: Cédric Le Goater
---
hw/ipmi/ipmi_bmc_sim.c | 20 ++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index 061db8437479..5db94491b130 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -30,11 +30,12 @@
#include "qemu/error-report.h"
#define IPMI_NETFN_CHASSIS0x00
-#define IPMI_NETFN_CHASSIS_MAXCMD 0x03
+#define IPMI_NETFN_CHASSIS_MAXCMD 0x0a
#define IPMI_CMD_GET_CHASSIS_CAPABILITIES 0x00
#define IPMI_CMD_GET_CHASSIS_STATUS 0x01
#define IPMI_CMD_CHASSIS_CONTROL 0x02
+#define IPMI_CMD_GET_SYS_RESTART_CAUSE0x09
#define IPMI_NETFN_SENSOR_EVENT 0x04
#define IPMI_NETFN_SENSOR_EVENT_MAXCMD0x30
@@ -201,6 +202,8 @@ struct IPMIBmcSim {
uint8_t mfg_id[3];
uint8_t product_id[2];
+uint8_t restart_cause;
+
IPMISel sel;
IPMISdr sdr;
IPMISensor sensors[MAX_SENSORS];
@@ -754,6 +757,17 @@ static void chassis_control(IPMIBmcSim *ibs,
return;
}
+static void chassis_get_sys_restart_cause(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+IPMI_ADD_RSP_DATA(ibs->restart_cause & 0xf); /* Restart Cause */
+IPMI_ADD_RSP_DATA(0); /* Channel 0 */
+ out:
+return;
+}
+
static void get_device_id(IPMIBmcSim *ibs,
uint8_t *cmd, unsigned int cmd_len,
uint8_t *rsp, unsigned int *rsp_len,
@@ -1624,7 +1638,8 @@ static void get_sensor_type(IPMIBmcSim *ibs,
static const IPMICmdHandler chassis_cmds[IPMI_NETFN_CHASSIS_MAXCMD] = {
[IPMI_CMD_GET_CHASSIS_CAPABILITIES] = chassis_capabilities,
[IPMI_CMD_GET_CHASSIS_STATUS] = chassis_status,
-[IPMI_CMD_CHASSIS_CONTROL] = chassis_control
+[IPMI_CMD_CHASSIS_CONTROL] = chassis_control,
+[IPMI_CMD_GET_SYS_RESTART_CAUSE] = chassis_get_sys_restart_cause
};
static const IPMINetfn chassis_netfn = {
.cmd_nums = IPMI_NETFN_CHASSIS_MAXCMD,
@@ -1746,6 +1761,7 @@ static void ipmi_sim_init(Object *obj)
ibs->bmc_global_enables = (1 << IPMI_BMC_EVENT_LOG_BIT);
ibs->device_id = 0x20;
ibs->ipmi_version = 0x02; /* IPMI 2.0 */
+ibs->restart_cause = 0;
for (i = 0; i < 4; i++) {
ibs->sel.last_addition[i] = 0xff;
ibs->sel.last_clear[i] = 0xff;
Re: [Qemu-devel] [PATCH 1/8] ipmi: fix SDR length value
On 01/06/2016 02:14 AM, Cédric Le Goater wrote:
On 01/05/2016 08:59 PM, Eric Blake wrote:
On 01/05/2016 10:29 AM, Cédric Le Goater wrote:
[meta-comment] Your messages were not marked in-reply-to: the 0/8 cover
letter, but came through as separate threads. This makes it harder to
follow, especially in mail clients that sort top-level threads by most
recent activity on the thread.
Yes. My bad. I put 'thread = false' in my .gitconfig for some reason and
didn't check before sending. This is fixed.
The IPMI BMC simulator populates the SDR table with a set of initial
SDRs. The length of each SDR is taken from the record itself (byte 4)
which does not include the size of the header. But, the full length
(header + data) is required by the sdr_add_entry() routine.
Signed-off-by: Cédric Le Goater
---
Maybe we could use a sdr struct/typedef to clarify the code. See
patch 7: "ipmi: introduce an ipmi_bmc_init_sensor() API"
hw/ipmi/ipmi_bmc_sim.c | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index 0a59e539f549..559e1398d669 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -362,7 +362,7 @@ static int sdr_find_entry(IPMISdr *sdr, uint16_t recid,
while (pos < sdr->next_free) {
uint16_t trec = sdr->sdr[pos] | (sdr->sdr[pos + 1] << 8);
-unsigned int nextpos = pos + sdr->sdr[pos + 4];
+unsigned int nextpos = pos + sdr->sdr[pos + 4] + 5;
5 feels like a magic number; should you use a #define and name it?
Yes. 5 being the sdr header length.
The simulator uses a lot of these byte offsets and I think the code
would gain to use a struct as proposed in patch 7:
"ipmi: introduce an ipmi_bmc_init_sensor() API".
Corey, is there a reason for not doing so ?
I was just adding one and it didn't matter much at that point? Or I was
lazy?
I've commented a little earlier on patch 7, the struct is a better way
to go.
-corey
@@ -1709,20 +1709,20 @@ static void ipmi_sim_init(Object *obj)
for (i = 0;;) {
int len;
if ((i + 5) > sizeof(init_sdrs)) {
-error_report("Problem with recid 0x%4.4x: \n", i);
+error_report("Problem with recid 0x%4.4x\n", i);
Please drop the trailing \n as long as you are touching this.
Sure.
Thanks,
C.
Re: [Qemu-devel] [PATCH 7/8] ipmi: introduce an ipmi_bmc_init_sensor() API
The way the SDR and sensors are handled currently in the code I wrote is
far from ideal, it's not scalable. In my mind, the BMC in qemu would
never be a very elaborate one, you would use an external BMC for that.
There are a couple of issues to deal with here:
We need support for SDRs besides just sensor type 2, there are sensor
type 1 and 3, management device locator, FRU device locator, entity
association, and a few others. Those are not important for the BMC, but
they are important for management software using the BMC. If we need to
add all those, we probably need something more sophisticated, like using
the openipmi library SDR compiler and loading the SDRs externally. But
if your needs are basic, then this is ok.
It would be nice if the SDR repository time did not change every time
you restarted the system. It's not a big deal for a few SDRs, but it
could be for a larger system.
I'm ok with the patch as-is assuming your needs are simple, but if you
need something more extensive we probably should think about something else.
A few comments inline, too.
On 01/05/2016 11:30 AM, Cédric Le Goater wrote:
This routine will let qemu platforms populate the sdr/sensor tables of
the IPMI BMC simulator with their customs needs.
The patch adds a compact sensor record typedef to ease definition of
sdrs. To be used in the code the following way:
static ipmi_sdr_compact_buffer my_init_sdrs[] = {
{ /* Firmware Progress Sensor */
0xff, 0xff, 0x51, 0x02, 43, 0x20, 0x00, 0xff,
0x22, 0x00, 0xff, 0x40, 0x0f, 0x6f, 0x07, 0x00,
0x00, 0x00, 0xff, 0xff, 0xc0, 0x00, 0x00, 0x01,
0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd0,
'F', 'W', ' ', 'B', 'o', 'o', 't', ' ',
'P', 'r', 'o', 'g', 'r', 'e', 's', 's',
},
...
I assume the idea is that you use struct ipmi_sdr_compact to define
these so you can get names associated with the values. Is that the case?
};
struct ipmi_sdr_compact *sdr =
(struct ipmi_sdr_compact *) &my_init_sdrs[0];
ipmi_bmc_init_sensor(IPMI_BMC(obj), my_init_sdrs[0],
sdr->rec_length + 5, &sdr->sensor_owner_number);
Signed-off-by: Cédric Le Goater
---
hw/ipmi/ipmi_bmc_sim.c | 61 +-
include/hw/ipmi/ipmi.h | 37 ++
2 files changed, 87 insertions(+), 11 deletions(-)
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index 4f7c74da4b6b..9618db44ce69 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -527,6 +527,22 @@ static void sensor_set_discrete_bit(IPMIBmcSim *ibs,
unsigned int sensor,
}
}
+static void ipmi_init_sensor(IPMISensor *sens, const uint8_t *sdr)
+{
+IPMI_SENSOR_SET_PRESENT(sens, 1);
+IPMI_SENSOR_SET_SCAN_ON(sens, (sdr[10] >> 6) & 1);
+IPMI_SENSOR_SET_EVENTS_ON(sens, (sdr[10] >> 5) & 1);
+sens->assert_suppt = sdr[14] | (sdr[15] << 8);
+sens->deassert_suppt = sdr[16] | (sdr[17] << 8);
+sens->states_suppt = sdr[18] | (sdr[19] << 8);
+sens->sensor_type = sdr[12];
+sens->evt_reading_type_code = sdr[13] & 0x7f;
Can you use struct ipmi_sdr_compact to extract these?
+
+/* Enable all the events that are supported. */
+sens->assert_enable = sens->assert_suppt;
+sens->deassert_enable = sens->deassert_suppt;
+}
+
static void ipmi_init_sensors_from_sdrs(IPMIBmcSim *s)
{
unsigned int i, pos;
@@ -553,19 +569,42 @@ static void ipmi_init_sensors_from_sdrs(IPMIBmcSim *s)
}
sens = s->sensors + sdr[7];
-IPMI_SENSOR_SET_PRESENT(sens, 1);
-IPMI_SENSOR_SET_SCAN_ON(sens, (sdr[10] >> 6) & 1);
-IPMI_SENSOR_SET_EVENTS_ON(sens, (sdr[10] >> 5) & 1);
-sens->assert_suppt = sdr[14] | (sdr[15] << 8);
-sens->deassert_suppt = sdr[16] | (sdr[17] << 8);
-sens->states_suppt = sdr[18] | (sdr[19] << 8);
-sens->sensor_type = sdr[12];
-sens->evt_reading_type_code = sdr[13] & 0x7f;
+ipmi_init_sensor(sens, sdr);
+}
+}
+
+int ipmi_bmc_init_sensor(IPMIBmc *b, const uint8_t *sdr,
+ unsigned int len, uint8_t *sensor_num)
+{
+IPMIBmcSim *ibs = IPMI_BMC_SIMULATOR(b);
+int ret;
+unsigned int i;
+IPMISensor *sens;
-/* Enable all the events that are supported. */
-sens->assert_enable = sens->assert_suppt;
-sens->deassert_enable = sens->deassert_suppt;
+for (i = 0; i < MAX_SENSORS; i++) {
+sens = ibs->sensors + i;
+if (!IPMI_SENSOR_GET_PRESENT(sens)) {
+break;
+}
+}
+
+if (i == MAX_SENSORS) {
+return 1;
}
+
+ret = sdr_add_entry(ibs, sdr, len, NULL);
+if (ret) {
+return ret;
+}
+
+ipmi_init_sensor(sens, sdr);
+if (sensor_num) {
+*sensor_num = i;
+}
+
+/* patch sensor in sdr table. This is a little hac
Re: [Qemu-devel] [PATCH v2] ide: ahci: reset ncq object to unused on error
On 01/08/2016 02:48 PM, P J P wrote: > From: Prasad J Pandit > > When processing NCQ commands, ACHI device emulation prepares a > NCQ transfer object; To which an aio control block(aiocb) object > is assigned in 'execute_ncq_command'. In case, when the NCQ > command is invalid, the 'aiocb' object is not assigned, and NCQ > transfer object is left as 'used'. This leads to a use after > free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'. > Reset NCQ transfer object to 'unused' to avoid it. > > Reported-by: Qinghao Tang > Signed-off-by: Prasad J Pandit > --- > hw/ide/ahci.c | 1 + > 1 file changed, 1 insertion(+) > > Update as per review in > -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01175.html > > diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c > index dd1912e..17f1cbd 100644 > --- a/hw/ide/ahci.c > +++ b/hw/ide/ahci.c > @@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs) > ide_state->error = ABRT_ERR; > ide_state->status = READY_STAT | ERR_STAT; > ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); > +ncq_tfs->used = 0; > } > > static void ncq_finish(NCQTransferState *ncq_tfs) > Thanks, applied to my IDE tree: https://github.com/jnsnow/qemu/commits/ide https://github.com/jnsnow/qemu.git --js
[Qemu-devel] [PATCH v2 2/9] libqos/ahci: ATAPI support
Add pathways to tolerate ATAPI commands.
Notably, unlike ATA, each SCSI command's layout is a little different,
so support will have to be patched in for each command as we want to
test them in e.g. ahci_command_set_sizes and ahci_command_set_offset.
For now, I'm adding support for 0x28, READ (10).
Signed-off-by: John Snow
---
tests/libqos/ahci.c | 83 ++---
tests/libqos/ahci.h | 14 +
2 files changed, 93 insertions(+), 4 deletions(-)
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index adb2665..59bf893 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -74,7 +74,11 @@ AHCICommandProp ahci_command_properties[] = {
.lba48 = true, .write = true, .ncq = true },
{ .cmd = CMD_READ_MAX, .lba28 = true },
{ .cmd = CMD_READ_MAX_EXT, .lba48 = true },
-{ .cmd = CMD_FLUSH_CACHE,.data = false }
+{ .cmd = CMD_FLUSH_CACHE,.data = false },
+{ .cmd = CMD_PACKET, .data = true, .size = 16,
+ .atapi = true, },
+{ .cmd = CMD_PACKET_ID, .data = true, .pio = true,
+ .size = 512, .read = true }
};
struct AHCICommand {
@@ -90,7 +94,7 @@ struct AHCICommand {
/* Data to be transferred to the guest */
AHCICommandHeader header;
RegH2DFIS fis;
-void *atapi_cmd;
+unsigned char *atapi_cmd;
};
/**
@@ -731,6 +735,13 @@ static void command_table_init(AHCICommand *cmd)
memset(fis->aux, 0x00, ARRAY_SIZE(fis->aux));
}
+void ahci_command_enable_atapi_dma(AHCICommand *cmd)
+{
+RegH2DFIS *fis = &(cmd->fis);
+g_assert(cmd->props->atapi);
+fis->feature_low |= 0x01;
+}
+
AHCICommand *ahci_command_create(uint8_t command_name)
{
AHCICommandProp *props = ahci_command_find(command_name);
@@ -767,8 +778,22 @@ AHCICommand *ahci_command_create(uint8_t command_name)
return cmd;
}
+AHCICommand *ahci_atapi_command_create(uint8_t scsi_cmd)
+{
+AHCICommand *cmd = ahci_command_create(CMD_PACKET);
+cmd->atapi_cmd = g_malloc0(16);
+cmd->atapi_cmd[0] = scsi_cmd;
+/* ATAPI needs a PIO transfer chunk size set inside of the LBA registers.
+ * The block/sector size is a natural default. */
+cmd->fis.lba_lo[1] = ATAPI_SECTOR_SIZE >> 8 & 0xFF;
+cmd->fis.lba_lo[2] = ATAPI_SECTOR_SIZE & 0xFF;
+
+return cmd;
+}
+
void ahci_command_free(AHCICommand *cmd)
{
+g_free(cmd->atapi_cmd);
g_free(cmd);
}
@@ -782,10 +807,33 @@ void ahci_command_clr_flags(AHCICommand *cmd, uint16_t
cmdh_flags)
cmd->header.flags &= ~cmdh_flags;
}
+static void ahci_atapi_command_set_offset(AHCICommand *cmd, uint64_t lba)
+{
+unsigned char *cbd = cmd->atapi_cmd;
+uint32_t *lba32;
+g_assert(cbd);
+
+switch (cbd[0]) {
+case CMD_ATAPI_READ_10:
+g_assert_cmpuint(lba, <=, UINT32_MAX);
+lba32 = (uint32_t *)&(cbd[2]);
+*lba32 = cpu_to_be32(lba);
+break;
+default:
+/* SCSI doesn't have uniform packet formats,
+ * so you have to add support for it manually. Sorry! */
+g_assert_not_reached();
+}
+}
+
void ahci_command_set_offset(AHCICommand *cmd, uint64_t lba_sect)
{
RegH2DFIS *fis = &(cmd->fis);
-if (cmd->props->lba28) {
+
+if (cmd->props->atapi) {
+ahci_atapi_command_set_offset(cmd, lba_sect);
+return;
+} else if (cmd->props->lba28) {
g_assert_cmphex(lba_sect, <=, 0xFFF);
} else if (cmd->props->lba48 || cmd->props->ncq) {
g_assert_cmphex(lba_sect, <=, 0x);
@@ -811,6 +859,26 @@ void ahci_command_set_buffer(AHCICommand *cmd, uint64_t
buffer)
cmd->buffer = buffer;
}
+static void ahci_atapi_set_size(AHCICommand *cmd, uint64_t xbytes)
+{
+unsigned char *cbd = cmd->atapi_cmd;
+uint64_t nsectors = xbytes / 2048;
+uint16_t *nsector16;
+g_assert(cbd);
+
+switch (cbd[0]) {
+case CMD_ATAPI_READ_10:
+g_assert_cmpuint(nsectors, <=, UINT16_MAX);
+nsector16 = (uint16_t *)&(cbd[7]);
+*nsector16 = cpu_to_be16(nsectors);
+break;
+default:
+/* SCSI doesn't have uniform packet formats,
+ * so you have to add support for it manually. Sorry! */
+g_assert_not_reached();
+}
+}
+
void ahci_command_set_sizes(AHCICommand *cmd, uint64_t xbytes,
unsigned prd_size)
{
@@ -829,6 +897,8 @@ void ahci_command_set_sizes(AHCICommand *cmd, uint64_t
xbytes,
NCQFIS *nfis = (NCQFIS *)&(cmd->fis);
nfis->sector_low = sect_count & 0xFF;
nfis->sector_hi = (sect_count >> 8) & 0xFF;
+} else if (cmd->props->atapi) {
+ahci_atapi_set_size(cmd, xbytes);
} else {
cmd->fis.count = sect_count;
}
@@ -877,9 +947,14 @@ void ahci_command_commit(AHCIQState *ahci, AHCICommand
*cmd, uint8_t port)
g_assert((table_ptr & 0x7F) == 0x00);
cmd->header.ctba = table_ptr;
-/
[Qemu-devel] [PATCH v2 7/9] libqos/ahci: add ahci_exec
add ahci_exec, which is a standard purpose flexible command dispatcher
and tester for the AHCI device. The intent is to eventually cut down on
the absurd amount of boilerplate inside of the AHCI qtest.
Signed-off-by: John Snow
---
tests/libqos/ahci.c | 76 +
tests/libqos/ahci.h | 17
2 files changed, 93 insertions(+)
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index 0fa9bf2..6d1298b 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -601,6 +601,82 @@ inline unsigned size_to_prdtl(unsigned bytes, unsigned
bytes_per_prd)
return (bytes + bytes_per_prd - 1) / bytes_per_prd;
}
+const AHCIOpts default_opts = { .size = 0 };
+
+/**
+ * ahci_exec: execute a given command on a specific
+ * AHCI port.
+ *
+ * @ahci: The device to send the command to
+ * @port: The port number of the SATA device we wish
+ *to have execute this command
+ * @op: The S/ATA command to execute, or if opts.atapi
+ *is true, the SCSI command code.
+ * @opts: Optional arguments to modify execution behavior.
+ */
+void ahci_exec(AHCIQState *ahci, uint8_t port,
+ uint8_t op, const AHCIOpts *opts_in)
+{
+AHCICommand *cmd;
+int rc;
+AHCIOpts *opts;
+
+opts = g_memdup((opts_in == NULL ? &default_opts : opts_in),
+sizeof(AHCIOpts));
+
+/* No guest buffer provided, create one. */
+if (opts->size && !opts->buffer) {
+opts->buffer = ahci_alloc(ahci, opts->size);
+g_assert(opts->buffer);
+qmemset(opts->buffer, 0x00, opts->size);
+}
+
+/* Command creation */
+if (opts->atapi) {
+cmd = ahci_atapi_command_create(op);
+if (opts->atapi_dma) {
+ahci_command_enable_atapi_dma(cmd);
+}
+} else {
+cmd = ahci_command_create(op);
+}
+ahci_command_adjust(cmd, opts->lba, opts->buffer,
+opts->size, opts->prd_size);
+
+if (opts->pre_cb) {
+rc = opts->pre_cb(ahci, cmd, opts);
+g_assert_cmpint(rc, ==, 0);
+}
+
+/* Write command to memory and issue it */
+ahci_command_commit(ahci, cmd, port);
+ahci_command_issue_async(ahci, cmd);
+if (opts->error) {
+qmp_eventwait("STOP");
+}
+if (opts->mid_cb) {
+rc = opts->mid_cb(ahci, cmd, opts);
+g_assert_cmpint(rc, ==, 0);
+}
+if (opts->error) {
+qmp_async("{'execute':'cont' }");
+qmp_eventwait("RESUME");
+}
+
+/* Wait for command to complete and verify sanity */
+ahci_command_wait(ahci, cmd);
+ahci_command_verify(ahci, cmd);
+if (opts->post_cb) {
+rc = opts->post_cb(ahci, cmd, opts);
+g_assert_cmpint(rc, ==, 0);
+}
+ahci_command_free(cmd);
+if (opts->buffer != opts_in->buffer) {
+ahci_free(ahci, opts->buffer);
+}
+g_free(opts);
+}
+
/* Issue a command, expecting it to fail and STOP the VM */
AHCICommand *ahci_guest_io_halt(AHCIQState *ahci, uint8_t port,
uint8_t ide_cmd, uint64_t buffer,
diff --git a/tests/libqos/ahci.h b/tests/libqos/ahci.h
index 705fbd6..2c2d2fc 100644
--- a/tests/libqos/ahci.h
+++ b/tests/libqos/ahci.h
@@ -462,6 +462,21 @@ typedef struct PRD {
/* Opaque, defined within ahci.c */
typedef struct AHCICommand AHCICommand;
+/* Options to ahci_exec */
+typedef struct AHCIOpts {
+size_t size;
+unsigned prd_size;
+uint64_t lba;
+uint64_t buffer;
+bool atapi;
+bool atapi_dma;
+bool error;
+int (*pre_cb)(AHCIQState*, AHCICommand*, const struct AHCIOpts *);
+int (*mid_cb)(AHCIQState*, AHCICommand*, const struct AHCIOpts *);
+int (*post_cb)(AHCIQState*, AHCICommand*, const struct AHCIOpts *);
+void *opaque;
+} AHCIOpts;
+
/*** Macro Utilities ***/
#define BITANY(data, mask) (((data) & (mask)) != 0)
#define BITSET(data, mask) (((data) & (mask)) == (mask))
@@ -569,6 +584,8 @@ AHCICommand *ahci_guest_io_halt(AHCIQState *ahci, uint8_t
port, uint8_t ide_cmd,
void ahci_guest_io_resume(AHCIQState *ahci, AHCICommand *cmd);
void ahci_io(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd,
void *buffer, size_t bufsize, uint64_t sector);
+void ahci_exec(AHCIQState *ahci, uint8_t port,
+ uint8_t op, const AHCIOpts *opts);
/* Command Lifecycle */
AHCICommand *ahci_command_create(uint8_t command_name);
--
2.4.3
[Qemu-devel] [PATCH v2 9/9] libqos/ahci: organize header
Organize the prototypes into nice little sections. Signed-off-by: John Snow --- tests/libqos/ahci.h | 36 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/tests/libqos/ahci.h b/tests/libqos/ahci.h index 2c2d2fc..69dc4d7 100644 --- a/tests/libqos/ahci.h +++ b/tests/libqos/ahci.h @@ -553,14 +553,28 @@ static inline void ahci_px_clr(AHCIQState *ahci, uint8_t port, /*** Prototypes ***/ uint64_t ahci_alloc(AHCIQState *ahci, size_t bytes); void ahci_free(AHCIQState *ahci, uint64_t addr); +void ahci_clean_mem(AHCIQState *ahci); + +/* Device management */ QPCIDevice *get_ahci_device(uint32_t *fingerprint); void free_ahci_device(QPCIDevice *dev); -void ahci_clean_mem(AHCIQState *ahci); void ahci_pci_enable(AHCIQState *ahci); void start_ahci_device(AHCIQState *ahci); void ahci_hba_enable(AHCIQState *ahci); + +/* Port Management */ unsigned ahci_port_select(AHCIQState *ahci); void ahci_port_clear(AHCIQState *ahci, uint8_t port); + +/* Command header / table management */ +unsigned ahci_pick_cmd(AHCIQState *ahci, uint8_t port); +void ahci_get_command_header(AHCIQState *ahci, uint8_t port, + uint8_t slot, AHCICommandHeader *cmd); +void ahci_set_command_header(AHCIQState *ahci, uint8_t port, + uint8_t slot, AHCICommandHeader *cmd); +void ahci_destroy_command(AHCIQState *ahci, uint8_t port, uint8_t slot); + +/* AHCI sanity check routines */ void ahci_port_check_error(AHCIQState *ahci, uint8_t port); void ahci_port_check_interrupts(AHCIQState *ahci, uint8_t port, uint32_t intr_mask); @@ -569,14 +583,12 @@ void ahci_port_check_d2h_sanity(AHCIQState *ahci, uint8_t port, uint8_t slot); void ahci_port_check_pio_sanity(AHCIQState *ahci, uint8_t port, uint8_t slot, size_t buffsize); void ahci_port_check_cmd_sanity(AHCIQState *ahci, AHCICommand *cmd); -void ahci_get_command_header(AHCIQState *ahci, uint8_t port, - uint8_t slot, AHCICommandHeader *cmd); -void ahci_set_command_header(AHCIQState *ahci, uint8_t port, - uint8_t slot, AHCICommandHeader *cmd); -void ahci_destroy_command(AHCIQState *ahci, uint8_t port, uint8_t slot); -void ahci_write_fis(AHCIQState *ahci, AHCICommand *cmd); -unsigned ahci_pick_cmd(AHCIQState *ahci, uint8_t port); + +/* Misc */ +bool is_atapi(AHCIQState *ahci, uint8_t port); unsigned size_to_prdtl(unsigned bytes, unsigned bytes_per_prd); + +/* Command: Macro level execution */ void ahci_guest_io(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd, uint64_t gbuffer, size_t size, uint64_t sector); AHCICommand *ahci_guest_io_halt(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd, @@ -587,7 +599,7 @@ void ahci_io(AHCIQState *ahci, uint8_t port, uint8_t ide_cmd, void ahci_exec(AHCIQState *ahci, uint8_t port, uint8_t op, const AHCIOpts *opts); -/* Command Lifecycle */ +/* Command: Fine-grained lifecycle */ AHCICommand *ahci_command_create(uint8_t command_name); AHCICommand *ahci_atapi_command_create(uint8_t scsi_cmd); void ahci_command_commit(AHCIQState *ahci, AHCICommand *cmd, uint8_t port); @@ -597,7 +609,7 @@ void ahci_command_wait(AHCIQState *ahci, AHCICommand *cmd); void ahci_command_verify(AHCIQState *ahci, AHCICommand *cmd); void ahci_command_free(AHCICommand *cmd); -/* Command adjustments */ +/* Command: adjustments */ void ahci_command_set_flags(AHCICommand *cmd, uint16_t cmdh_flags); void ahci_command_clr_flags(AHCICommand *cmd, uint16_t cmdh_flags); void ahci_command_set_offset(AHCICommand *cmd, uint64_t lba_sect); @@ -611,8 +623,8 @@ void ahci_command_enable_atapi_dma(AHCICommand *cmd); void ahci_command_adjust(AHCICommand *cmd, uint64_t lba_sect, uint64_t gbuffer, uint64_t xbytes, unsigned prd_size); -/* Command Misc */ +/* Command: Misc */ uint8_t ahci_command_slot(AHCICommand *cmd); -bool is_atapi(AHCIQState *ahci, uint8_t port); +void ahci_write_fis(AHCIQState *ahci, AHCICommand *cmd); #endif -- 2.4.3
[Qemu-devel] [PATCH v2 4/9] libqos/ahci: Switch to mutable properties
ATAPI commands are, unfortunately, weird in that they can
be either DMA or PIO depending on a header bit. In order to
accommodate them, I'll need to make AHCI command properties
mutable so we can toggle between which "flavor" of ATAPI command
we want to test.
The default ATAPI transfer mechanism is PIO and the default
properties are adjusted accordingly.
Signed-off-by: John Snow
---
tests/libqos/ahci.c | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index 81edf34..a219f67 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -76,7 +76,7 @@ AHCICommandProp ahci_command_properties[] = {
{ .cmd = CMD_READ_MAX_EXT, .lba48 = true },
{ .cmd = CMD_FLUSH_CACHE,.data = false },
{ .cmd = CMD_PACKET, .data = true, .size = 16,
- .atapi = true, },
+ .atapi = true, .pio = true },
{ .cmd = CMD_PACKET_ID, .data = true, .pio = true,
.size = 512, .read = true }
};
@@ -745,6 +745,11 @@ void ahci_command_enable_atapi_dma(AHCICommand *cmd)
RegH2DFIS *fis = &(cmd->fis);
g_assert(cmd->props->atapi);
fis->feature_low |= 0x01;
+cmd->interrupts &= ~AHCI_PX_IS_PSS;
+cmd->props->dma = true;
+cmd->props->pio = false;
+/* BUG: We expect the DMA Setup interrupt for DMA commands */
+/* cmd->interrupts |= AHCI_PX_IS_DSS; */
}
AHCICommand *ahci_command_create(uint8_t command_name)
@@ -761,7 +766,7 @@ AHCICommand *ahci_command_create(uint8_t command_name)
g_assert(!props->ncq || props->lba48);
/* Defaults and book-keeping */
-cmd->props = props;
+cmd->props = g_memdup(props, sizeof(AHCICommandProp));
cmd->name = command_name;
cmd->xbytes = props->size;
cmd->prd_size = 4096;
@@ -799,6 +804,7 @@ AHCICommand *ahci_atapi_command_create(uint8_t scsi_cmd)
void ahci_command_free(AHCICommand *cmd)
{
g_free(cmd->atapi_cmd);
+g_free(cmd->props);
g_free(cmd);
}
--
2.4.3
[Qemu-devel] [PATCH v2 8/9] qtest/ahci: ATAPI data tests
Simple I/O tests for DMA and PIO pathways in the AHCI HBA.
I believe at this point in time all of the common, major IO pathways
in BMDMA and AHCI are covered by qtests now.
Signed-off-by: John Snow
---
tests/ahci-test.c | 97 +++
1 file changed, 97 insertions(+)
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index 2bee2a2..31fb1f9 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -1413,6 +1413,98 @@ static void test_ncq_simple(void)
ahci_shutdown(ahci);
}
+static int prepare_iso(size_t size, unsigned char **buf, char **name)
+{
+char cdrom_path[] = "/tmp/qtest.iso.XX";
+unsigned char *patt;
+ssize_t ret;
+int fd = mkstemp(cdrom_path);
+
+g_assert(buf);
+g_assert(name);
+patt = g_malloc(size);
+
+/* Generate a pattern and build a CDROM image to read from */
+generate_pattern(patt, size, ATAPI_SECTOR_SIZE);
+ret = write(fd, patt, size);
+g_assert(ret == size);
+
+*name = g_strdup(cdrom_path);
+*buf = patt;
+return fd;
+}
+
+static void remove_iso(int fd, char *name)
+{
+unlink(name);
+g_free(name);
+close(fd);
+}
+
+static int ahci_cb_cmp_buff(AHCIQState *ahci, AHCICommand *cmd,
+const AHCIOpts *opts)
+{
+unsigned char *tx = opts->opaque;
+unsigned char *rx = g_malloc0(opts->size);
+
+bufread(opts->buffer, rx, opts->size);
+g_assert_cmphex(memcmp(tx, rx, opts->size), ==, 0);
+g_free(rx);
+
+return 0;
+}
+
+static void ahci_test_cdrom(int nsectors, bool dma)
+{
+AHCIQState *ahci;
+unsigned char *tx;
+char *iso;
+int fd;
+AHCIOpts opts = {
+.size = (ATAPI_SECTOR_SIZE * nsectors),
+.atapi = true,
+.atapi_dma = dma,
+.post_cb = ahci_cb_cmp_buff,
+};
+
+/* Prepare ISO and fill 'tx' buffer */
+fd = prepare_iso(1024 * 1024, &tx, &iso);
+opts.opaque = tx;
+
+/* Standard startup wonkery, but use ide-cd and our special iso file */
+ahci = ahci_boot_and_enable("-drive if=none,id=drive0,file=%s,format=raw "
+"-M q35 "
+"-device ide-cd,drive=drive0 ", iso);
+
+/* Build & Send AHCI command */
+ahci_exec(ahci, ahci_port_select(ahci), CMD_ATAPI_READ_10, &opts);
+
+/* Cleanup */
+g_free(tx);
+ahci_shutdown(ahci);
+remove_iso(fd, iso);
+}
+
+static void test_cdrom_dma(void)
+{
+ahci_test_cdrom(1, true);
+}
+
+static void test_cdrom_dma_multi(void)
+{
+ahci_test_cdrom(3, true);
+}
+
+static void test_cdrom_pio(void)
+{
+ahci_test_cdrom(1, false);
+}
+
+static void test_cdrom_pio_multi(void)
+{
+ahci_test_cdrom(3, false);
+}
+
/**/
/* AHCI I/O Test Matrix Definitions
*/
@@ -1697,6 +1789,11 @@ int main(int argc, char **argv)
qtest_add_func("/ahci/io/ncq/retry", test_halted_ncq);
qtest_add_func("/ahci/migrate/ncq/halted", test_migrate_halted_ncq);
+qtest_add_func("/ahci/cdrom/dma/single", test_cdrom_dma);
+qtest_add_func("/ahci/cdrom/dma/multi", test_cdrom_dma_multi);
+qtest_add_func("/ahci/cdrom/pio/single", test_cdrom_pio);
+qtest_add_func("/ahci/cdrom/pio/multi", test_cdrom_pio_multi);
+
ret = g_test_run();
/* Cleanup */
--
2.4.3
[Qemu-devel] [PATCH v2 5/9] libqos: allow zero-size allocations
As part of streamlining the AHCI tests interface, it'd be nice
if specying a size of zero could be handled without special branches
and the allocator could handle this special case gracefully.
This lets me use the "ahci_io" macros for non-data commands, too,
which moves me forward towards shepherding all AHCI qtests into
a common set of commands in a unified pipeline.
Signed-off-by: John Snow
---
tests/ahci-test.c | 8 +---
tests/libqos/ahci.c | 6 +++---
tests/libqos/malloc.c | 4
3 files changed, 8 insertions(+), 10 deletions(-)
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index 8ebbd33..8c48587 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -890,18 +890,12 @@ static void ahci_test_io_rw_simple(AHCIQState *ahci,
unsigned bufsize,
static uint8_t ahci_test_nondata(AHCIQState *ahci, uint8_t ide_cmd)
{
uint8_t port;
-AHCICommand *cmd;
/* Sanitize */
port = ahci_port_select(ahci);
ahci_port_clear(ahci, port);
-/* Issue Command */
-cmd = ahci_command_create(ide_cmd);
-ahci_command_commit(ahci, cmd, port);
-ahci_command_issue(ahci, cmd);
-ahci_command_verify(ahci, cmd);
-ahci_command_free(cmd);
+ahci_io(ahci, port, ide_cmd, NULL, 0, 0);
return port;
}
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index a219f67..df29560 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -668,16 +668,16 @@ void ahci_io(AHCIQState *ahci, uint8_t port, uint8_t
ide_cmd,
props = ahci_command_find(ide_cmd);
g_assert(props);
ptr = ahci_alloc(ahci, bufsize);
-g_assert(ptr);
+g_assert(!bufsize || ptr);
qmemset(ptr, 0x00, bufsize);
-if (props->write) {
+if (bufsize && props->write) {
bufwrite(ptr, buffer, bufsize);
}
ahci_guest_io(ahci, port, ide_cmd, ptr, bufsize, sector);
-if (props->read) {
+if (bufsize && props->read) {
bufread(ptr, buffer, bufsize);
}
diff --git a/tests/libqos/malloc.c b/tests/libqos/malloc.c
index 82b9df5..19d05ca 100644
--- a/tests/libqos/malloc.c
+++ b/tests/libqos/malloc.c
@@ -270,6 +270,10 @@ uint64_t guest_alloc(QGuestAllocator *allocator, size_t
size)
uint64_t rsize = size;
uint64_t naddr;
+if (!size) {
+return 0;
+}
+
rsize += (allocator->page_size - 1);
rsize &= -allocator->page_size;
g_assert_cmpint((allocator->start + rsize), <=, allocator->end);
--
2.4.3
[Qemu-devel] [PATCH v2 3/9] libqos/ahci: ATAPI identify
We need to say "hello!" to our ATAPI friends
in a slightly different manner.
Signed-off-by: John Snow
---
tests/ahci-test.c | 8 +++-
tests/libqos/ahci.c | 5 +
tests/libqos/ahci.h | 1 +
3 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index f4945dc..8ebbd33 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -215,6 +215,7 @@ static AHCIQState *ahci_boot_and_enable(const char *cli,
...)
va_list ap;
uint16_t buff[256];
uint8_t port;
+uint8_t hello;
if (cli) {
va_start(ap, cli);
@@ -229,7 +230,12 @@ static AHCIQState *ahci_boot_and_enable(const char *cli,
...)
/* Initialize test device */
port = ahci_port_select(ahci);
ahci_port_clear(ahci, port);
-ahci_io(ahci, port, CMD_IDENTIFY, &buff, sizeof(buff), 0);
+if (is_atapi(ahci, port)) {
+hello = CMD_PACKET_ID;
+} else {
+hello = CMD_IDENTIFY;
+}
+ahci_io(ahci, port, hello, &buff, sizeof(buff), 0);
return ahci;
}
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index 59bf893..81edf34 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -114,6 +114,11 @@ void ahci_free(AHCIQState *ahci, uint64_t addr)
qfree(ahci->parent, addr);
}
+bool is_atapi(AHCIQState *ahci, uint8_t port)
+{
+return ahci_px_rreg(ahci, port, AHCI_PX_SIG) == AHCI_SIGNATURE_CDROM;
+}
+
/**
* Locate, verify, and return a handle to the AHCI device.
*/
diff --git a/tests/libqos/ahci.h b/tests/libqos/ahci.h
index 9ffd415..705fbd6 100644
--- a/tests/libqos/ahci.h
+++ b/tests/libqos/ahci.h
@@ -596,5 +596,6 @@ void ahci_command_adjust(AHCICommand *cmd, uint64_t
lba_sect, uint64_t gbuffer,
/* Command Misc */
uint8_t ahci_command_slot(AHCICommand *cmd);
+bool is_atapi(AHCIQState *ahci, uint8_t port);
#endif
--
2.4.3
[Qemu-devel] [PATCH v2 0/9] ahci: atapi qtests
Add ATAPI support into libqos/ahci, and write a few tests for it. This is the last "batch" of planned qtests for s/ata -- basic i/o testing of HDDs and CDROMs on both PCI and AHCI should be complete after this series. v2: Rebase and resend for 2.6. For convenience, this branch is available at: https://github.com/jnsnow/qemu.git branch ahci-atapi-qtests https://github.com/jnsnow/qemu/tree/ahci-atapi-qtests This version is tagged ahci-atapi-qtests-v2: https://github.com/jnsnow/qemu/releases/tag/ahci-atapi-qtests-v2 John Snow (9): ahci-test: fix memory leak libqos/ahci: ATAPI support libqos/ahci: ATAPI identify libqos/ahci: Switch to mutable properties libqos: allow zero-size allocations libqos/ahci: allow nondata commands for ahci_io variants libqos/ahci: add ahci_exec qtest/ahci: ATAPI data tests libqos/ahci: organize header tests/ahci-test.c | 131 ++-- tests/libqos/ahci.c | 181 +++--- tests/libqos/ahci.h | 66 +++--- tests/libqos/malloc.c | 4 ++ 4 files changed, 341 insertions(+), 41 deletions(-) -- 2.4.3
[Qemu-devel] [PATCH v2 6/9] libqos/ahci: allow nondata commands for ahci_io variants
These variants try to set a data offset, even if you don't specify one.
In the cases where the offset is zero and it's a nondata command, just
ignore the instruction.
Signed-off-by: John Snow
---
tests/ahci-test.c | 14 ++
tests/libqos/ahci.c | 3 +++
2 files changed, 5 insertions(+), 12 deletions(-)
diff --git a/tests/ahci-test.c b/tests/ahci-test.c
index 8c48587..2bee2a2 100644
--- a/tests/ahci-test.c
+++ b/tests/ahci-test.c
@@ -1080,7 +1080,6 @@ static void test_flush_retry(void)
AHCIQState *ahci;
AHCICommand *cmd;
uint8_t port;
-const char *s;
prepare_blkdebug_script(debug_path, "flush_to_disk");
ahci = ahci_boot_and_enable("-drive file=blkdebug:%s:%s,if=none,id=drive0,"
@@ -1094,19 +1093,10 @@ static void test_flush_retry(void)
/* Issue Flush Command and wait for error */
port = ahci_port_select(ahci);
ahci_port_clear(ahci, port);
-cmd = ahci_command_create(CMD_FLUSH_CACHE);
-ahci_command_commit(ahci, cmd, port);
-ahci_command_issue_async(ahci, cmd);
-qmp_eventwait("STOP");
-/* Complete the command */
-s = "{'execute':'cont' }";
-qmp_async(s);
-qmp_eventwait("RESUME");
-ahci_command_wait(ahci, cmd);
-ahci_command_verify(ahci, cmd);
+cmd = ahci_guest_io_halt(ahci, port, CMD_FLUSH_CACHE, 0, 0, 0);
+ahci_guest_io_resume(ahci, cmd);
-ahci_command_free(cmd);
ahci_shutdown(ahci);
}
diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c
index df29560..0fa9bf2 100644
--- a/tests/libqos/ahci.c
+++ b/tests/libqos/ahci.c
@@ -844,6 +844,9 @@ void ahci_command_set_offset(AHCICommand *cmd, uint64_t
lba_sect)
if (cmd->props->atapi) {
ahci_atapi_command_set_offset(cmd, lba_sect);
return;
+} else if (!cmd->props->data && !lba_sect) {
+/* Not meaningful, ignore. */
+return;
} else if (cmd->props->lba28) {
g_assert_cmphex(lba_sect, <=, 0xFFF);
} else if (cmd->props->lba48 || cmd->props->ncq) {
--
2.4.3
[Qemu-devel] [PATCH v2 1/9] ahci-test: fix memory leak
Use the proper free command to detroy an AHCICommand. Signed-off-by: John Snow --- tests/ahci-test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ahci-test.c b/tests/ahci-test.c index 0888506..f4945dc 100644 --- a/tests/ahci-test.c +++ b/tests/ahci-test.c @@ -1045,14 +1045,14 @@ static void test_dma_fragmented(void) ahci_command_commit(ahci, cmd, px); ahci_command_issue(ahci, cmd); ahci_command_verify(ahci, cmd); -g_free(cmd); +ahci_command_free(cmd); cmd = ahci_command_create(CMD_READ_DMA); ahci_command_adjust(cmd, 0, ptr, bufsize, 32); ahci_command_commit(ahci, cmd, px); ahci_command_issue(ahci, cmd); ahci_command_verify(ahci, cmd); -g_free(cmd); +ahci_command_free(cmd); /* Read back the guest's receive buffer into local memory */ bufread(ptr, rx, bufsize); -- 2.4.3
Re: [Qemu-devel] [PATCH v2] ide: ahci: reset ncq object to unused on error
On 01/08/2016 02:48 PM, P J P wrote: > From: Prasad J Pandit > > When processing NCQ commands, ACHI device emulation prepares a > NCQ transfer object; To which an aio control block(aiocb) object > is assigned in 'execute_ncq_command'. In case, when the NCQ > command is invalid, the 'aiocb' object is not assigned, and NCQ > transfer object is left as 'used'. This leads to a use after > free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'. > Reset NCQ transfer object to 'unused' to avoid it. > > Reported-by: Qinghao Tang > Signed-off-by: Prasad J Pandit > --- > hw/ide/ahci.c | 1 + > 1 file changed, 1 insertion(+) > > Update as per review in > -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01175.html > > diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c > index dd1912e..17f1cbd 100644 > --- a/hw/ide/ahci.c > +++ b/hw/ide/ahci.c > @@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs) > ide_state->error = ABRT_ERR; > ide_state->status = READY_STAT | ERR_STAT; > ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); > +ncq_tfs->used = 0; > } > > static void ncq_finish(NCQTransferState *ncq_tfs) > Reviewed-by: John Snow
Re: [Qemu-devel] [PATCH 6/8] ipmi: add SET_SENSOR_READING command (tentative try)
Acked-by: Corey Minyard
This looks good. Though this file is getting uncomfortably large, I may
have to look at splitting it up.
-corey
On 01/05/2016 11:30 AM, Cédric Le Goater wrote:
SET_SENSOR_READING is a complex IPMI command (IPMI spec : "35.17 Set
Sensor Reading And Event Status Command"). Here is a very minimum
framework fitting the Open PowerNV platform needs. This command is
used on this platform to set the "System Firmware Progress" sensor and
the "Boot Count" sensor.
Signed-off-by: Cédric Le Goater
---
hw/ipmi/ipmi_bmc_sim.c | 141 -
1 file changed, 140 insertions(+), 1 deletion(-)
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index c3a06d0ac7e4..4f7c74da4b6b 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -39,7 +39,7 @@
#define IPMI_CMD_GET_SYS_RESTART_CAUSE0x09
#define IPMI_NETFN_SENSOR_EVENT 0x04
-#define IPMI_NETFN_SENSOR_EVENT_MAXCMD0x30
+#define IPMI_NETFN_SENSOR_EVENT_MAXCMD0x31
#define IPMI_CMD_SET_SENSOR_EVT_ENABLE0x28
#define IPMI_CMD_GET_SENSOR_EVT_ENABLE0x29
@@ -48,6 +48,7 @@
#define IPMI_CMD_GET_SENSOR_READING 0x2d
#define IPMI_CMD_SET_SENSOR_TYPE 0x2e
#define IPMI_CMD_GET_SENSOR_TYPE 0x2f
+#define IPMI_CMD_SET_SENSOR_READING 0x30
/* #define IPMI_NETFN_APP 0x06 In ipmi.h */
#define IPMI_NETFN_APP_MAXCMD 0x36
@@ -1794,6 +1795,143 @@ static void get_sensor_type(IPMIBmcSim *ibs,
return;
}
+static void set_sensor_reading(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+IPMISensor *sens;
+uint8_t evd1;
+uint8_t evd2;
+uint8_t evd3;
+
+IPMI_CHECK_CMD_LEN(5);
+if ((cmd[2] > MAX_SENSORS) ||
+!IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) {
+rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT;
+goto out;
+}
+
+sens = ibs->sensors + cmd[2];
+
+/* Sensor Reading operation */
+switch ((cmd[3]) & 0x3) {
+case 0: /* Do not change */
+break;
+case 1: /* write given value to sensor reading byte */
+sens->reading = cmd[4];
+break;
+case 2:
+case 3:
+rsp[2] = IPMI_CC_INVALID_DATA_FIELD;
+goto out;
+}
+
+/* Deassertion bits operation */
+switch ((cmd[3] >> 2) & 0x3) {
+case 0: /* Do not change */
+break;
+case 1: /* write given value */
+if (cmd_len > 7) {
+sens->deassert_states = cmd[7];
+}
+if (cmd_len > 8) {
+sens->deassert_states = cmd[8] << 8;
+}
+
+case 2: /* mask on */
+if (cmd_len > 7) {
+sens->deassert_states |= cmd[7];
+}
+if (cmd_len > 8) {
+sens->deassert_states |= cmd[8] << 8;
+}
+break;
+case 3: /* mask off */
+if (cmd_len > 7) {
+sens->deassert_states &= cmd[7];
+}
+if (cmd_len > 8) {
+sens->deassert_states &= (cmd[8] << 8);
+}
+break;
+}
+
+/* Assertion bits operation */
+switch ((cmd[3] >> 4) & 0x3) {
+case 0: /* Do not change */
+break;
+case 1: /* write given value */
+if (cmd_len > 5) {
+sens->assert_states = cmd[5];
+}
+if (cmd_len > 6) {
+sens->assert_states = cmd[6] << 8;
+}
+
+case 2: /* mask on */
+if (cmd_len > 5) {
+sens->assert_states |= cmd[5];
+}
+if (cmd_len > 6) {
+sens->assert_states |= cmd[6] << 8;
+}
+break;
+case 3: /* mask off */
+if (cmd_len > 5) {
+sens->assert_states &= cmd[5];
+}
+if (cmd_len > 6) {
+sens->assert_states &= (cmd[6] << 8);
+}
+break;
+}
+
+evd1 = evd2 = evd3 = 0x0;
+if (cmd_len > 9) {
+evd1 = cmd[9];
+}
+if (cmd_len > 10) {
+evd2 = cmd[10];
+}
+if (cmd_len > 11) {
+evd3 = cmd[11];
+}
+
+/* Event Data Bytes operation */
+switch ((cmd[3] >> 6) & 0x3) {
+case 0: /* Do not use the event data in message */
+evd1 = evd2 = evd3 = 0x0;
+break;
+case 1: /* Write given values to event data bytes excluding bits
+ * [3:0] Event Data 1. */
+evd1 &= 0xf0;
+break;
+case 2: /* Write given values to event data bytes including bits
+ * [3:0] Event Data 1. */
+break;
+case 3:
+rsp[2] = IPMI_CC_INVALID_DATA_FIELD;
+goto out;
+}
+
+if (IPMI_SENSOR_IS_DISCRETE(sens)) {
+unsigned int bit = evd1 & 0xf;
+uint16_t mask = (1 << bit);
+
+if (sens->assert_states & mask & sens->assert_enable) {
+gen_event(ibs, cmd[2], 0, evd1, evd2, evd3);
+}
+
+
[Qemu-devel] [PATCH v2] ide: ahci: reset ncq object to unused on error
From: Prasad J Pandit When processing NCQ commands, ACHI device emulation prepares a NCQ transfer object; To which an aio control block(aiocb) object is assigned in 'execute_ncq_command'. In case, when the NCQ command is invalid, the 'aiocb' object is not assigned, and NCQ transfer object is left as 'used'. This leads to a use after free kind of error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'. Reset NCQ transfer object to 'unused' to avoid it. Reported-by: Qinghao Tang Signed-off-by: Prasad J Pandit --- hw/ide/ahci.c | 1 + 1 file changed, 1 insertion(+) Update as per review in -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01175.html diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index dd1912e..17f1cbd 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -910,6 +910,7 @@ static void ncq_err(NCQTransferState *ncq_tfs) ide_state->error = ABRT_ERR; ide_state->status = READY_STAT | ERR_STAT; ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag); +ncq_tfs->used = 0; } static void ncq_finish(NCQTransferState *ncq_tfs) -- 2.4.3
Re: [Qemu-devel] [PATCH 5/8] ipmi: add ACPI power and GUID commands
On 01/05/2016 11:29 AM, Cédric Le Goater wrote:
Signed-off-by: Cédric Le Goater
---
hw/ipmi/ipmi_bmc_sim.c | 55 ++
1 file changed, 55 insertions(+)
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index 60586a67104e..c3a06d0ac7e4 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -25,6 +25,7 @@
#include
#include
#include
+#include "sysemu/sysemu.h"
#include "qemu/timer.h"
#include "hw/ipmi/ipmi.h"
#include "qemu/error-report.h"
@@ -54,6 +55,9 @@
#define IPMI_CMD_GET_DEVICE_ID0x01
#define IPMI_CMD_COLD_RESET 0x02
#define IPMI_CMD_WARM_RESET 0x03
+#define IPMI_CMD_SET_POWER_STATE 0x06
+#define IPMI_CMD_GET_POWER_STATE 0x07
These are ACPI power state commands per the spec, can we add ACPI to the
name?
-corey
+#define IPMI_CMD_GET_DEVICE_GUID 0x08
#define IPMI_CMD_RESET_WATCHDOG_TIMER 0x22
#define IPMI_CMD_SET_WATCHDOG_TIMER 0x24
#define IPMI_CMD_GET_WATCHDOG_TIMER 0x25
@@ -215,6 +219,9 @@ struct IPMIBmcSim {
uint8_t restart_cause;
+uint8_t power_state[2];
+uint8_t uuid[16];
+
IPMISel sel;
IPMISdr sdr;
IPMIFru fru;
@@ -842,6 +849,42 @@ static void warm_reset(IPMIBmcSim *ibs,
k->reset(s, false);
}
}
+static void set_power_state(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+IPMI_CHECK_CMD_LEN(4);
+ibs->power_state[0] = cmd[2];
+ibs->power_state[1] = cmd[3];
+ out:
+return;
+}
+
+static void get_power_state(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+IPMI_ADD_RSP_DATA(ibs->power_state[0]);
+IPMI_ADD_RSP_DATA(ibs->power_state[1]);
+ out:
+return;
+}
+
+static void get_device_guid(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+unsigned int i;
+
+for (i = 0; i < 16; i++) {
+IPMI_ADD_RSP_DATA(ibs->uuid[i]);
+}
+ out:
+return;
+}
static void set_bmc_global_enables(IPMIBmcSim *ibs,
uint8_t *cmd, unsigned int cmd_len,
@@ -1781,6 +1824,9 @@ static const IPMICmdHandler
app_cmds[IPMI_NETFN_APP_MAXCMD] = {
[IPMI_CMD_GET_DEVICE_ID] = get_device_id,
[IPMI_CMD_COLD_RESET] = cold_reset,
[IPMI_CMD_WARM_RESET] = warm_reset,
+[IPMI_CMD_SET_POWER_STATE] = set_power_state,
+[IPMI_CMD_GET_POWER_STATE] = get_power_state,
+[IPMI_CMD_GET_DEVICE_GUID] = get_device_guid,
[IPMI_CMD_SET_BMC_GLOBAL_ENABLES] = set_bmc_global_enables,
[IPMI_CMD_GET_BMC_GLOBAL_ENABLES] = get_bmc_global_enables,
[IPMI_CMD_CLR_MSG_FLAGS] = clr_msg_flags,
@@ -1907,6 +1953,15 @@ static void ipmi_sim_init(Object *obj)
i += len;
}
+ibs->power_state[0] = 0;
+ibs->power_state[1] = 0;
+
+if (qemu_uuid_set) {
+memcpy(&ibs->uuid, qemu_uuid, 16);
+} else {
+memset(&ibs->uuid, 0, 16);
+}
+
ipmi_init_sensors_from_sdrs(ibs);
register_cmds(ibs);
Re: [Qemu-devel] [PATCH 4/8] ipmi: add FRU support
On 01/05/2016 11:29 AM, Cédric Le Goater wrote:
This patch provides a simplistic FRU support for the IPMI BMC
simulator. The FRU area contains 32 entries * 256 bytes which should
be enough to start some simulation.
Signed-off-by: Cédric Le Goater
---
hw/ipmi/ipmi_bmc_sim.c | 119 +
1 file changed, 119 insertions(+)
diff --git a/hw/ipmi/ipmi_bmc_sim.c b/hw/ipmi/ipmi_bmc_sim.c
index 5db94491b130..60586a67104e 100644
--- a/hw/ipmi/ipmi_bmc_sim.c
+++ b/hw/ipmi/ipmi_bmc_sim.c
@@ -81,6 +81,9 @@
#define IPMI_CMD_ENTER_SDR_REP_UPD_MODE 0x2A
#define IPMI_CMD_EXIT_SDR_REP_UPD_MODE0x2B
#define IPMI_CMD_RUN_INIT_AGENT 0x2C
+#define IPMI_CMD_GET_FRU_AREA_INFO0x10
+#define IPMI_CMD_READ_FRU_DATA0x11
+#define IPMI_CMD_WRITE_FRU_DATA 0x12
#define IPMI_CMD_GET_SEL_INFO 0x40
#define IPMI_CMD_GET_SEL_ALLOC_INFO 0x41
#define IPMI_CMD_RESERVE_SEL 0x42
@@ -123,6 +126,14 @@ typedef struct IPMISdr {
uint8_t overflow;
} IPMISdr;
+/* theoretically, the offset being 16bits, it should be 65536 */
+#define MAX_FRU_SIZE 256
+#define MAX_FRU_ID 32
+
+typedef struct IPMIFru {
+uint8_t data[MAX_FRU_SIZE][MAX_FRU_ID];
+} IPMIFru;
Instead of a static table like this, I think it would be better to make
this configurable somehow. I say this because I've never seen a system
with 32 FRU devices on a BMC, but I've seen plenty with FRU data larger
than 256 bytes. By default, 1 FRU device with 2048 bytes is pretty
reasonable, I think.
I'm not exactly sure the best way to make it configurable. I assume
that you need your platform code to be able to provide that information,
and it could be passed in as BMC configuration parameters. The ability
to load the FRU data at startup is probably also necessary.
-corey
+
typedef struct IPMISensor {
uint8_t status;
uint8_t reading;
@@ -206,6 +217,7 @@ struct IPMIBmcSim {
IPMISel sel;
IPMISdr sdr;
+IPMIFru fru;
IPMISensor sensors[MAX_SENSORS];
/* Odd netfns are for responses, so we only need the even ones. */
@@ -1305,6 +1317,110 @@ static void get_sel_info(IPMIBmcSim *ibs,
return;
}
+static void get_fru_area_info(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+uint8_t fruid;
+uint16_t fru_entry_size;
+
+IPMI_CHECK_CMD_LEN(3);
+
+fruid = cmd[2];
+
+if (fruid > MAX_FRU_ID) {
+rsp[2] = IPMI_CC_INVALID_DATA_FIELD;
+goto out;
+}
+
+fru_entry_size = MAX_FRU_SIZE;
+
+IPMI_ADD_RSP_DATA(fru_entry_size & 0xff);
+IPMI_ADD_RSP_DATA(fru_entry_size >> 8 & 0xff);
+IPMI_ADD_RSP_DATA(0x0);
+out:
+return;
+}
+
+#define min(x, y) ((x) < (y) ? (x) : (y))
+#define max(x, y) ((x) > (y) ? (x) : (y))
+
+static void read_fru_data(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+uint8_t fruid;
+uint16_t offset;
+int i;
+uint8_t *fru_entry;
+unsigned int count;
+
+IPMI_CHECK_CMD_LEN(5);
+
+fruid = cmd[2];
+offset = (cmd[3] | cmd[4] << 8);
+
+if (fruid > MAX_FRU_ID) {
+rsp[2] = IPMI_CC_INVALID_DATA_FIELD;
+goto out;
+}
+
+if (offset >= MAX_FRU_SIZE - 1) {
+rsp[2] = IPMI_CC_INVALID_DATA_FIELD;
+goto out;
+}
+
+fru_entry = ibs->fru.data[fruid];
+
+count = min(cmd[5], MAX_FRU_SIZE - offset);
+
+IPMI_ADD_RSP_DATA(count & 0xff);
+for (i = 0; i < count; i++) {
+IPMI_ADD_RSP_DATA(fru_entry[offset + i]);
+}
+
+ out:
+return;
+}
+
+static void write_fru_data(IPMIBmcSim *ibs,
+ uint8_t *cmd, unsigned int cmd_len,
+ uint8_t *rsp, unsigned int *rsp_len,
+ unsigned int max_rsp_len)
+{
+uint8_t fruid;
+uint16_t offset;
+uint8_t *fru_entry;
+unsigned int count;
+
+IPMI_CHECK_CMD_LEN(5);
+
+fruid = cmd[2];
+offset = (cmd[3] | cmd[4] << 8);
+
+if (fruid > MAX_FRU_ID) {
+rsp[2] = IPMI_CC_INVALID_DATA_FIELD;
+goto out;
+}
+
+if (offset >= MAX_FRU_SIZE - 1) {
+rsp[2] = IPMI_CC_INVALID_DATA_FIELD;
+goto out;
+}
+
+fru_entry = ibs->fru.data[fruid];
+
+count = min(cmd_len - 5, MAX_FRU_SIZE - offset);
+
+memcpy(fru_entry + offset, cmd + 5, count);
+
+IPMI_ADD_RSP_DATA(count & 0xff);
+ out:
+return;
+}
+
static void reserve_sel(IPMIBmcSim *ibs,
uint8_t *cmd, unsigned int cmd_len,
uint8_t *rsp, unsigned int *rsp_len,
@@ -1682,6 +1798,9 @@ static const IPMINetfn app_netfn = {
};
static const IPMICmdHandler storage_cmds[IPMI_NETFN_STORAGE_
Re: [Qemu-devel] [PATCH] ide: ahci: reset ncq object to unused on error
+-- On Fri, 8 Jan 2016, John Snow wrote --+ | In both of these error pathways, AIOCB is actually never assigned to | begin with. True, it's mentioned in the commit message. | So it's not necessarily a use-after-free. Yes, right. | I think it should be safe to put ncq_tfs->used = 0 directly inside of | ncq_err, and that way we won't have any other error pathways omitting | this in the future. Okay, I'll send an updated patch. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
[Qemu-devel] [PATCH v1 1/1] arm_gic: Include the GIC ArchRev in the ICPIDR2 register
The ARM GIC documentation (page 4-119) describes that bits
7 to 4 of the ICPIDR2 register should include the GIC architecture
version. This patche ORs the version into the existing return value.
Signed-off-by: Alistair Francis
Tested-by: Sören Brinkmann
---
hw/intc/arm_gic.c | 4
1 file changed, 4 insertions(+)
diff --git a/hw/intc/arm_gic.c b/hw/intc/arm_gic.c
index 13e297d..f47d606 100644
--- a/hw/intc/arm_gic.c
+++ b/hw/intc/arm_gic.c
@@ -688,6 +688,10 @@ static uint32_t gic_dist_readb(void *opaque, hwaddr
offset, MemTxAttrs attrs)
} else /* offset >= 0xfe0 */ {
if (offset & 3) {
res = 0;
+} else if (offset == 0xfe8 && s->revision != REV_11MPCORE &&
+ s->revision != REV_NVIC) {
+/* ICPIDR2 includes the GICv1 or GICv2 version information */
+res = gic_id[(offset - 0xfe0) >> 2] | (s->revision << 4);
} else {
res = gic_id[(offset - 0xfe0) >> 2];
}
--
2.5.0
Re: [Qemu-devel] [PATCH v2 00/27] 9pfs: disentangling virtio and generic code
On Fri, Jan 08, 2016 at 04:19:42PM +0530, Aneesh Kumar K.V wrote: > Wei Liu writes: > > > Hi all > > > > Version 2 of this series is even longer. :-) > > > > Back in 2015 summer one of our OPW interns Linda Jacobson explored the > > possibility of making 9pfs work on Xen. It turned out lots of code in QEMU > > can > > be reused. > > > > This patch series can be found at: > > > > git://xenbits.xen.org/people/liuw/qemu.git wip.9pfs-refactor-v2 > > > > I pushed most of the patches to > > https://github.com/kvaneesh/qemu/commits/upstream-v9fs > > Patches not yet applied are > > fsdev: 9p-marshal: introduce V9fsBlob > 9pfs: use V9fsBlob to transmit xattr > 9pfs: disentangle V9fsState > I will use your branch as my new baseline and work on the those three patches. > Test result for pjd-fstest: > > Test Summary Report > --- > ./tests/xacl/00.t(Wstat: 0 Tests: 45 Failed: 1) > Failed test: 45 > Files=191, Tests=2287, 109 wallclock secs ( 2.96 usr 1.36 sys + 13.96 cusr > 40.93 csys = 59.21 CPU) > > I will continue to run more tests with different security model and proxy > config before pushing this upstream. > Thank you very much. Wei. > -aneesh > >
Re: [Qemu-devel] [PATCH v2 12/27] 9pfs: use V9fsBlob to transmit xattr
On Sat, Jan 09, 2016 at 12:18:40AM +0530, Aneesh Kumar K.V wrote:
> Wei Liu writes:
>
> > On Fri, Jan 08, 2016 at 02:00:31PM +0530, Aneesh Kumar K.V wrote:
> >> Wei Liu writes:
> >>
> >> > And make v9fs_pack static function. Now we only need to export
> >> > v9fs_{,un}marshal to device.
> >> >
> >> > Signed-off-by: Wei Liu
> >> > ---
> >> > fsdev/virtio-9p-marshal.c | 4 ++--
> >> > fsdev/virtio-9p-marshal.h | 3 ---
> >> > hw/9pfs/virtio-9p.c | 21 +
> >> > 3 files changed, 15 insertions(+), 13 deletions(-)
> >> >
> >> > diff --git a/fsdev/virtio-9p-marshal.c b/fsdev/virtio-9p-marshal.c
> >> > index c3ac316..d120bd2 100644
> >> > --- a/fsdev/virtio-9p-marshal.c
> >> > +++ b/fsdev/virtio-9p-marshal.c
> >> > @@ -70,8 +70,8 @@ static ssize_t v9fs_unpack(void *dst, struct iovec
> >> > *out_sg, int out_num,
> >> > return v9fs_packunpack(dst, out_sg, out_num, offset, size, 0);
> >> > }
> >> >
> >> > -ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
> >> > - const void *src, size_t size)
> >> > +static ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
> >> > + const void *src, size_t size)
> >> > {
> >> > return v9fs_packunpack((void *)src, in_sg, in_num, offset, size, 1);
> >> > }
> >> > diff --git a/fsdev/virtio-9p-marshal.h b/fsdev/virtio-9p-marshal.h
> >> > index 0709bcd..766a48e 100644
> >> > --- a/fsdev/virtio-9p-marshal.h
> >> > +++ b/fsdev/virtio-9p-marshal.h
> >> > @@ -3,9 +3,6 @@
> >> >
> >> > #include "9p-marshal.h"
> >> >
> >> > -
> >> > -ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
> >> > - const void *src, size_t size);
> >> > ssize_t v9fs_unmarshal(struct iovec *out_sg, int out_num, size_t offset,
> >> > int bswap, const char *fmt, ...);
> >> > ssize_t v9fs_marshal(struct iovec *in_sg, int in_num, size_t offset,
> >> > diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
> >> > index 30ff828..654c103 100644
> >> > --- a/hw/9pfs/virtio-9p.c
> >> > +++ b/hw/9pfs/virtio-9p.c
> >> > @@ -1561,6 +1561,7 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU
> >> > *pdu, V9fsFidState *fidp,
> >> > size_t offset = 7;
> >> > int read_count;
> >> > int64_t xattr_len;
> >> > +V9fsBlob blob;
> >> >
> >> > xattr_len = fidp->fs.xattr.len;
> >> > read_count = xattr_len - off;
> >> > @@ -1572,14 +1573,18 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU
> >> > *pdu, V9fsFidState *fidp,
> >> > */
> >> > read_count = 0;
> >> > }
> >> > -err = pdu_marshal(pdu, offset, "d", read_count);
> >> > -if (err < 0) {
> >> > -return err;
> >> > -}
> >> > -offset += err;
> >> > -err = v9fs_pack(pdu->elem.in_sg, pdu->elem.in_num, offset,
> >> > -((char *)fidp->fs.xattr.value) + off,
> >> > -read_count);
> >> > +
> >> > +v9fs_blob_init(&blob);
> >> > +
> >> > +blob.data = g_malloc(read_count);
> >> > +memcpy(blob.data, ((char *)fidp->fs.xattr.value) + off,
> >> > + read_count);
> >> > +blob.size = read_count;
> >> > +
> >> > +err = pdu_marshal(pdu, offset, "dB", read_count, &blob);
> >>
> >> Is this correct ?
> >>
> >> earlier we had read_count
> >> now we have
> >> read_count, which is read_count, blob->size, data
> >>
> >
> > Yes, you're right. There is an error.
> >
> > The new code should be
> >
> > err = pdu_marshal(pdu, offset, "B", &blob);
> >
> > Thanks for your careful review.
> >
>
> We would then need 'B' to encode size as int ie, 'd' instead of 'w'
>
Ack. I will make the change.
Wei.
> -aneesh
>
>
Re: [Qemu-devel] [PATCH v2 27/27] 9pfs: disentangle V9fsState
On Fri, Jan 08, 2016 at 11:39:37AM +0530, Aneesh Kumar K.V wrote:
> Wei Liu writes:
>
> > V9fsState now only contains generic fields. Introduce V9fsVirtioState
> > for virtio transport. Change virtio-pci and virtio-ccw to use
> > V9fsVirtioState. Handle transport enumeration in generic routines.
> >
>
> Few comments below
>
>
> > Signed-off-by: Wei Liu
> > ---
> > hw/9pfs/9p.c | 41 ++-
> > hw/9pfs/9p.h | 19 +++
> > hw/9pfs/virtio-9p-device.c | 82
> > --
> > hw/9pfs/virtio-9p.h| 12 ++-
> > hw/s390x/virtio-ccw.h | 2 +-
> > hw/virtio/virtio-pci.h | 2 +-
> > 6 files changed, 109 insertions(+), 49 deletions(-)
> >
> > diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> > index 6858b21..2cf8580 100644
> > --- a/hw/9pfs/9p.c
> > +++ b/hw/9pfs/9p.c
> > @@ -45,7 +45,13 @@ ssize_t pdu_marshal(V9fsPDU *pdu, size_t offset, const
> > char *fmt, ...)
> > va_list ap;
> >
> > va_start(ap, fmt);
> > -ret = virtio_pdu_vmarshal(pdu, offset, fmt, ap);
> > +switch (pdu->transport) {
> > +case VIRTIO:
> > +ret = virtio_pdu_vmarshal(pdu, offset, fmt, ap);
> > +break;
> > +default:
> > +ret = -1;
> > +}
> > va_end(ap);
> >
>
>
> All that switch(pdu->transport) can go in the next series along with Xen
> support. It is not really needed now and when we complete Xen transport
> we will pull that.
>
No problem.
> > return ret;
> > @@ -57,7 +63,13 @@ ssize_t pdu_unmarshal(V9fsPDU *pdu, size_t offset, const
> > char *fmt, ...)
> > va_list ap;
> >
> > va_start(ap, fmt);
> > -ret = virtio_pdu_vunmarshal(pdu, offset, fmt, ap);
> > +switch (pdu->transport) {
> > +case VIRTIO:
> > +ret = virtio_pdu_vunmarshal(pdu, offset, fmt, ap);
> > +break;
> > +default:
> > +ret = -1;
> > +}
> > va_end(ap);
> >
> > return ret;
> > @@ -65,7 +77,11 @@ ssize_t pdu_unmarshal(V9fsPDU *pdu, size_t offset, const
> > char *fmt, ...)
> >
> > static void pdu_push_and_notify(V9fsPDU *pdu)
> > {
> > -virtio_9p_push_and_notify(pdu);
> > +switch (pdu->transport) {
> > +case VIRTIO:
> > +virtio_9p_push_and_notify(pdu);
> > +break;
> > +}
> > }
> >
> > static int omode_to_uflags(int8_t mode)
> > @@ -1696,7 +1712,11 @@ static void v9fs_init_qiov_from_pdu(QEMUIOVector
> > *qiov, V9fsPDU *pdu,
> > struct iovec *iov;
> > unsigned int niov;
> >
> > -virtio_init_iov_from_pdu(pdu, &iov, &niov, is_write);
> > +switch (pdu->transport) {
> > +case VIRTIO:
> > +virtio_init_iov_from_pdu(pdu, &iov, &niov, is_write);
> > +break;
> > +}
> >
> > qemu_iovec_init_external(&elem, iov, niov);
> > qemu_iovec_init(qiov, niov);
> > @@ -3272,8 +3292,10 @@ void pdu_submit(V9fsPDU *pdu)
> > }
> >
> > /* Returns 0 on success, 1 on failure. */
> > -int v9fs_device_realize_common(V9fsState *s, Error **errp)
> > +int v9fs_device_realize_common(V9fsState *s, enum p9_transport transport,
> > + Error **errp)
> > {
> > +V9fsVirtioState *v = container_of(s, V9fsVirtioState, state);
> > int i, len;
> > struct stat stat;
> > FsDriverEntry *fse;
> > @@ -3284,8 +3306,10 @@ int v9fs_device_realize_common(V9fsState *s, Error
> > **errp)
> > QLIST_INIT(&s->free_list);
> > QLIST_INIT(&s->active_list);
> > for (i = 0; i < (MAX_REQ - 1); i++) {
> > -QLIST_INSERT_HEAD(&s->free_list, &s->pdus[i], next);
> > -s->pdus[i].s = s;
> > +QLIST_INSERT_HEAD(&s->free_list, &v->pdus[i], next);
> > +v->pdus[i].s = s;
> > +v->pdus[i].idx = i;
> > +v->pdus[i].transport = transport;
> > }
> >
> > v9fs_path_init(&path);
> > @@ -3360,7 +3384,8 @@ out:
> > return rc;
> > }
> >
> > -void v9fs_device_unrealize_common(V9fsState *s, Error **errp)
> > +void v9fs_device_unrealize_common(V9fsState *s, enum p9_transport
> > transport,
> > + Error **errp)
> > {
> > g_free(s->ctx.fs_root);
> > g_free(s->tag);
> > diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
> > index 3fe4da4..bd8588d 100644
> > --- a/hw/9pfs/9p.h
> > +++ b/hw/9pfs/9p.h
> > @@ -14,6 +14,10 @@
> > #include "qemu/thread.h"
> > #include "qemu/coroutine.h"
> >
> > +enum p9_transport {
> > +VIRTIO = 0x1,
> > +};
> > +
> > enum {
> > P9_TLERROR = 6,
> > P9_RLERROR,
> > @@ -131,9 +135,10 @@ struct V9fsPDU
> > uint8_t id;
> > uint8_t cancelled;
> > CoQueue complete;
> > -VirtQueueElement elem;
> > struct V9fsState *s;
> > QLIST_ENTRY(V9fsPDU) next;
> > +uint32_t idx; /* index inside the array */
> > +enum p9_transport transport;
> > };
> >
>
>
> Can you do this change as a separate patch ? ie, Make V9fsPDU
> independent of virtio . Also introduce V9fsVirtioState
>
No problem.
Wei.
>
> >
> > @@ -205,16 +21
Re: [Qemu-devel] [PATCH v2 12/27] 9pfs: use V9fsBlob to transmit xattr
Wei Liu writes:
> On Fri, Jan 08, 2016 at 02:00:31PM +0530, Aneesh Kumar K.V wrote:
>> Wei Liu writes:
>>
>> > And make v9fs_pack static function. Now we only need to export
>> > v9fs_{,un}marshal to device.
>> >
>> > Signed-off-by: Wei Liu
>> > ---
>> > fsdev/virtio-9p-marshal.c | 4 ++--
>> > fsdev/virtio-9p-marshal.h | 3 ---
>> > hw/9pfs/virtio-9p.c | 21 +
>> > 3 files changed, 15 insertions(+), 13 deletions(-)
>> >
>> > diff --git a/fsdev/virtio-9p-marshal.c b/fsdev/virtio-9p-marshal.c
>> > index c3ac316..d120bd2 100644
>> > --- a/fsdev/virtio-9p-marshal.c
>> > +++ b/fsdev/virtio-9p-marshal.c
>> > @@ -70,8 +70,8 @@ static ssize_t v9fs_unpack(void *dst, struct iovec
>> > *out_sg, int out_num,
>> > return v9fs_packunpack(dst, out_sg, out_num, offset, size, 0);
>> > }
>> >
>> > -ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
>> > - const void *src, size_t size)
>> > +static ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
>> > + const void *src, size_t size)
>> > {
>> > return v9fs_packunpack((void *)src, in_sg, in_num, offset, size, 1);
>> > }
>> > diff --git a/fsdev/virtio-9p-marshal.h b/fsdev/virtio-9p-marshal.h
>> > index 0709bcd..766a48e 100644
>> > --- a/fsdev/virtio-9p-marshal.h
>> > +++ b/fsdev/virtio-9p-marshal.h
>> > @@ -3,9 +3,6 @@
>> >
>> > #include "9p-marshal.h"
>> >
>> > -
>> > -ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
>> > - const void *src, size_t size);
>> > ssize_t v9fs_unmarshal(struct iovec *out_sg, int out_num, size_t offset,
>> > int bswap, const char *fmt, ...);
>> > ssize_t v9fs_marshal(struct iovec *in_sg, int in_num, size_t offset,
>> > diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
>> > index 30ff828..654c103 100644
>> > --- a/hw/9pfs/virtio-9p.c
>> > +++ b/hw/9pfs/virtio-9p.c
>> > @@ -1561,6 +1561,7 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU
>> > *pdu, V9fsFidState *fidp,
>> > size_t offset = 7;
>> > int read_count;
>> > int64_t xattr_len;
>> > +V9fsBlob blob;
>> >
>> > xattr_len = fidp->fs.xattr.len;
>> > read_count = xattr_len - off;
>> > @@ -1572,14 +1573,18 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU
>> > *pdu, V9fsFidState *fidp,
>> > */
>> > read_count = 0;
>> > }
>> > -err = pdu_marshal(pdu, offset, "d", read_count);
>> > -if (err < 0) {
>> > -return err;
>> > -}
>> > -offset += err;
>> > -err = v9fs_pack(pdu->elem.in_sg, pdu->elem.in_num, offset,
>> > -((char *)fidp->fs.xattr.value) + off,
>> > -read_count);
>> > +
>> > +v9fs_blob_init(&blob);
>> > +
>> > +blob.data = g_malloc(read_count);
>> > +memcpy(blob.data, ((char *)fidp->fs.xattr.value) + off,
>> > + read_count);
>> > +blob.size = read_count;
>> > +
>> > +err = pdu_marshal(pdu, offset, "dB", read_count, &blob);
>>
>> Is this correct ?
>>
>> earlier we had read_count
>> now we have
>> read_count, which is read_count, blob->size, data
>>
>
> Yes, you're right. There is an error.
>
> The new code should be
>
> err = pdu_marshal(pdu, offset, "B", &blob);
>
> Thanks for your careful review.
>
We would then need 'B' to encode size as int ie, 'd' instead of 'w'
-aneesh
Re: [Qemu-devel] [PATCH] ide: ahci: reset ncq object to unused on error
On 01/08/2016 07:08 AM, P J P wrote: > From: Prasad J Pandit > > When processing NCQ commands, ACHI device emulation prepares a > NCQ transfer object; To which an aio control block(aiocb) object > is assigned in 'execute_ncq_command'. In case, when the NCQ > command is invalid, the 'aiocb' object is not assigned, and NCQ > transfer object is left as 'used'. This leads to a use after > free error in 'bdrv_aio_cancel_async' via 'ahci_reset_port'. > Reset NCQ transfer object to 'unused' to avoid it. > The commit message is a little misleading: In both of these error pathways, AIOCB is actually never assigned to begin with. However, neglecting to set used = 0 will indeed cause ahci_reset_port to try to read these values. So it's not necessarily a use-after-free. Regardless, good find! > Reported-by: Qinghao Tang > Signed-off-by: Prasad J Pandit > --- > hw/ide/ahci.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c > index dd1912e..e359127 100644 > --- a/hw/ide/ahci.c > +++ b/hw/ide/ahci.c > @@ -1014,6 +1014,7 @@ static void execute_ncq_command(NCQTransferState > *ncq_tfs) > DPRINTF(port, "error: unsupported NCQ command (0x%02x) received\n", > ncq_tfs->cmd); > qemu_sglist_destroy(&ncq_tfs->sglist); > +ncq_tfs->used = 0; > ncq_err(ncq_tfs); > } > } > @@ -1081,6 +1082,7 @@ static void process_ncq_command(AHCIState *s, int port, > uint8_t *cmd_fis, > "is smaller than the requested size (0x%zx)", > ncq_tfs->sglist.size, size); > qemu_sglist_destroy(&ncq_tfs->sglist); > +ncq_tfs->used = 0; > ncq_err(ncq_tfs); > ahci_trigger_irq(ad->hba, ad, PORT_IRQ_OVERFLOW); > return; > I think it should be safe to put ncq_tfs->used = 0 directly inside of ncq_err, and that way we won't have any other error pathways omitting this in the future. --js
Re: [Qemu-devel] [PATCH v2] pc: allow raising low memory via max-ram-below-4g option
On 01/08/16 18:45, Igor Mammedov wrote: > On Fri, 8 Jan 2016 13:58:03 +0100 > Gerd Hoffmann wrote: > >> This patch extends the functionality of the max-ram-below-4g option >> to also allow increasing lowmem. Use case: Give as much memory as >> possible to legacy non-PAE guests. >> >> While being at it also rework the lowmem calculation logic and add a >> longish comment describing how it works and what the compatibility >> constrains are. > CCing Laszlo as it might affect OVMF Thanks a lot for the CC, Igor! So I have to investigate this separately for i440fx and Q35. (1) For i440fx, OVMF determines the base of the 32-bit PCI hole like this: PciBase = (TopOfLowRam < BASE_2GB) ? BASE_2GB : TopOfLowRam; where TopOfLowRam is calculated from the CMOS registers 0x34 and 0x35. *If* QEMU is still sticking with the idea of git commit ddaaefb4dd, that is, the 32-bit PCI hole still starts immediately after the end of low RAM, then this change should be fine for i440fx. (The problem used to be the (TopOfLowRam > BASE_2GB) case, when OVMF allowed BAR allocation right above the end of low RAM, but QEMU didn't actually start the PCI hole until higher up.) Gerd, can you confirm that this new logic for the lowmem/highmem split doesn't affect the above? In other words, as long as there is no "void" left between the top of low RAM and the base of the PCI hole, it doesn't matter where exactly the split is. (2) For Q35, the OVMF code is different: // // A 3GB base will always fall into Q35's 32-bit PCI host aperture, // regardless of the Q35 MMCONFIG BAR. Correspondingly, QEMU never lets // the RAM below 4 GB exceed it. // PciBase = BASE_2GB + BASE_1GB; ASSERT (TopOfLowRam <= PciBase); (This is based on pc_q35_init() in QEMU.) This patch doesn't change "hw/i386/pc_q35.c", so that looks fine. The patch does change "hw/i386/pc.c", which I believe might still affect Q35... ... Hm, as far as I understand pc_q35_init(), the change in "hw/i386/pc.c" will only cause the default user limit to move *down* half a gig. The previous default user limit was 4G (i.e., not a limit at all), and the new default is 3.5 GB. And, in any case, the user limit continues to *lower* the split only, from the initial 0x8000 (2GB) or 0xb000 (3GB). So Q35 looks good too. Bottom line, I think the patch should be fine -- famous last words -- as long as the idea of git commit ddaaefb4dd is still intact in QEMU: - in Q35 the split cannot be raised - in i440fx the split *can* be raised, but OVMF deals with that, as long as QEMU's 32-bit PCI hole still starts right after the split. ... I propose to replace the "pc:" prefix in the subject with "piix:" or "i440fx:". Thanks Laszlo > >> >> Signed-off-by: Gerd Hoffmann >> --- >> hw/i386/pc.c | 2 +- >> hw/i386/pc_piix.c | 61 >> +++ >> 2 files changed, 40 insertions(+), 23 deletions(-) >> >> diff --git a/hw/i386/pc.c b/hw/i386/pc.c >> index 459260b..1332269 100644 >> --- a/hw/i386/pc.c >> +++ b/hw/i386/pc.c >> @@ -1887,7 +1887,7 @@ static void pc_machine_initfn(Object *obj) >> pc_machine_get_hotplug_memory_region_size, >> NULL, NULL, NULL, &error_abort); >> >> -pcms->max_ram_below_4g = 1ULL << 32; /* 4G */ >> +pcms->max_ram_below_4g = 0xe000; /* 3.5G */ >> object_property_add(obj, PC_MACHINE_MAX_RAM_BELOW_4G, "size", >> pc_machine_get_max_ram_below_4g, >> pc_machine_set_max_ram_below_4g, >> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c >> index 438cdae..3743736 100644 >> --- a/hw/i386/pc_piix.c >> +++ b/hw/i386/pc_piix.c >> @@ -87,29 +87,46 @@ static void pc_init1(MachineState *machine, >> PcGuestInfo *guest_info; >> ram_addr_t lowmem; >> >> -/* Check whether RAM fits below 4G (leaving 1/2 GByte for IO memory). >> - * If it doesn't, we need to split it in chunks below and above 4G. >> - * In any case, try to make sure that guest addresses aligned at >> - * 1G boundaries get mapped to host addresses aligned at 1G boundaries. >> - * For old machine types, use whatever split we used historically to >> avoid >> - * breaking migration. >> +/* >> + * Calculate ram split, for memory below and above 4G. It's a bit >> + * complicated for backward compatibility reasons ... >> + * >> + * - Traditional split is 3.5G (lowmem = 0xe000). This is the >> + *default value for max_ram_below_4g now. >> + * >> + * - Then, to gigabyte align the memory, we move the split to 3G >> + *(lowmem = 0xc000). But only in case we have to split in >> + *the first place, i.e. ram_size is larger than (traditional) >> + *lowmem. And for new machine types (gigabyte_align = true) >> + *only, for live migration compatibility reasons. >> + * >> + * - Next the max-ram-below-4g option was added, which allowed
Re: [Qemu-devel] [PATCH 1/2] nbd: Interface tweak of nbd_client_new
On 08/01/2016 17:24, Daniel P. Berrange wrote:
>> > if (nbd_send_negotiate(client)) {
>> > +shutdown(csock, 2);
>> > +close(csock);
>> > g_free(client);
>> > -return NULL;
>> > +ret = -1;
>> > +goto out;
> If you simply make this failure code branch call close_fn() then I
> think you can adding needing the new NBDClientNewCB entirely if
Good idea, but note that close_fn will call nbd_client_put, so the
close/g_free must be removed. It's probably cleanest to change csock to
client->sock in the shutdown call, too.
Paolo
Re: [Qemu-devel] [PATCH] qdev: free qemu-opts when the QOM path goes away
On 05/11/2015 13:06, Andreas Färber wrote:
> Am 04.11.2015 um 19:34 schrieb Markus Armbruster:
>> Paolo Bonzini writes:
>>
>>> Otherwise there is a race where the DEVICE_DELETED event has been sent but
>>> attempts to reuse the ID will fail.
>>>
>>> Reported-by: Michael S. Tsirkin
>>> Signed-off-by: Paolo Bonzini
>>
>> Let's see whether I understand this.
>>
>>> ---
>>> hw/core/qdev.c | 4 +++-
>>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/hw/core/qdev.c b/hw/core/qdev.c
>>> index 4ab04aa..92bd8bb 100644
>>> --- a/hw/core/qdev.c
>>> +++ b/hw/core/qdev.c
>>> @@ -1203,7 +1203,6 @@ static void device_finalize(Object *obj)
>>> NamedGPIOList *ngl, *next;
>>>
>>> DeviceState *dev = DEVICE(obj);
>>> -qemu_opts_del(dev->opts);
>>>
>>> QLIST_FOREACH_SAFE(ngl, &dev->gpios, node, next) {
>>> QLIST_REMOVE(ngl, node);
>>> @@ -1251,6 +1250,9 @@ static void device_unparent(Object *obj)
>>> qapi_event_send_device_deleted(!!dev->id, dev->id, path,
>>> &error_abort);
>>
>> DEVICE_DELETED sent here.
>>
>>> g_free(path);
>>> }
>>> +
>>> +qemu_opts_del(dev->opts);
>>> +dev->opts = NULL;
>>> }
>>>
>>> static void device_class_init(ObjectClass *class, void *data)
>>
>> object_finalize_child_property() runs during unplug:
>>
>> static void object_finalize_child_property(Object *obj, const char *name,
>>void *opaque)
>> {
>> Object *child = opaque;
>>
>> if (child->class->unparent) {
>> (child->class->unparent)(child); <--- calls device_unparent()
>> }
>> child->parent = NULL;
>> object_unref(child); <--- calls device_finalize()
>> }
>>
>> device_unparent() sends DEVICE_DELETED, but dev->opts gets only deleted
>> later, in device_finalize. If the client tries to reuse the ID in the
>> meantime, it fails.
>>
>> Two remarks:
>>
>> 1. Wouldn't it be cleaner to delete dev-opts *before* sending
>>DEVICE_DELETED? Like this:
>>
>> +++ b/hw/core/qdev.c
>> @@ -1244,6 +1244,9 @@ static void device_unparent(Object *obj)
>> dev->parent_bus = NULL;
>> }
>>
>> +qemu_opts_del(dev->opts);
>> +dev->opts = NULL;
>> +
>> /* Only send event if the device had been completely realized */
>> if (dev->pending_deleted_event) {
>> gchar *path = object_get_canonical_path(OBJECT(dev));
>
> To me this proposal sounds sane, but I did not get to tracing the code
> flow here. Paolo, which approach do you prefer and why?
>
>> 2. If the device is a block device, then unplugging it also deletes its
>>backend (ugly wart we keep for backward compatibility; *not* for
>>blockdev-add, though). This backend also has a QemuOpts. It gets
>>deleted in drive_info_del(). Just like device_finalize(), it runs
>>within object_unref(), i.e. after DEVICE_DELETED is sent. Same race,
>>different ID, or am I missing something?
>>
>>See also https://bugzilla.redhat.com/show_bug.cgi?id=1256044
>
> If we can leave this patch decoupled from block layer and decide soonish
> on the desired approach, I'd be happy to include it in my upcoming
> qom-devices pull.
Ping?
Paolo
Re: [Qemu-devel] [PATCH 1/5] migration: split hmp_savevm to do_savevm and hmp_savevm wrapper
On 01/08/2016 08:54 PM, Eric Blake wrote:
On 01/08/2016 09:40 AM, Denis V. Lunev wrote:
Markus' series to add a prefixing notation would be better to use here
(although I didn't check if he caught this one in that series already):
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03495.html
this series is not yet merged. I think that we could do this refactoring
later on.
This thing could be considered independent. Anyway, this series has its
own value
and it takes a lot of time to push it in. Could we do error setting
improvement later on?
I don't care who rebases on top of the other, but maybe Markus will have
an opinion when he gets back online next week.
why we have to wait with this set due to this reason?
One of you will have to rebase on the other - either you wait for
Markus' error_prepend to go in and you use it, or your patch goes in and
Markus updates his error_prepend patch to cover your additional instance
that will be benefitted by it. I don't care which, and the timing is
really up to the maintainers and how fast they send pull requests.
The code with error_prepend and current code are BOTH
correct. One is a bit shorter then other. Yes, it would
be nice to switch to it, but why this should be done in
this set?
Exactly, we're saying the same things.
+if (local_err != NULL) {
I would have just written 'if (local_err) {'; but that's minor style.
from my point of view explicit != NULL exposes that local_err is a
pointer rather than a boolean value.
But the code base already overwhelmingly relies on C's implicit
conversion of pointer to a boolean context, as it requires less typing;
being verbose doesn't make the code base any easier to read. However,
since HACKING doesn't say one way or the other, I won't make you change.
I do not understand your last words.
I am not agitating you with one approach or another. This
is a reason why I am writing code this way. The code written
this way looks better to me. This code is NEW and this does
not contradict any written rule in coding style policy.
If the code is working and correct, can we just move on with it?
Once again, we are saying the same thing. I pointed out a cosmetic
issue, but one where I do not have a strong enough leg to stand on to
force you to change your style, so what you did is fine as is.
ok. perfect to be on the same page :)
I'll promise to switch to error_prepend code when it will be
merged. I hope that v4 of the set is good enough to
proceed.
Den
Re: [Qemu-devel] [PATCH v2 21/27] 9pfs: factor out virtio_9p_push_and_notify
On Fri, Jan 08, 2016 at 03:27:49PM +0530, Aneesh Kumar K.V wrote: [...] > > How is this different from pdu_push_notify added by [PATCH 18/27] > #18 is encapsulating functionality into pdu_* function family. This patch is encapsulating virtio specific code into virtio specific function. The two patches reflect the process of code refactoring. There is no functional change. This patch just moves the code to virito specific file and gives it a proper name. Then the virtio_ function is called from pdu_ function. Wei. > -aneesh > >
Re: [Qemu-devel] [PATCH v2 12/27] 9pfs: use V9fsBlob to transmit xattr
On Fri, Jan 08, 2016 at 02:00:31PM +0530, Aneesh Kumar K.V wrote:
> Wei Liu writes:
>
> > And make v9fs_pack static function. Now we only need to export
> > v9fs_{,un}marshal to device.
> >
> > Signed-off-by: Wei Liu
> > ---
> > fsdev/virtio-9p-marshal.c | 4 ++--
> > fsdev/virtio-9p-marshal.h | 3 ---
> > hw/9pfs/virtio-9p.c | 21 +
> > 3 files changed, 15 insertions(+), 13 deletions(-)
> >
> > diff --git a/fsdev/virtio-9p-marshal.c b/fsdev/virtio-9p-marshal.c
> > index c3ac316..d120bd2 100644
> > --- a/fsdev/virtio-9p-marshal.c
> > +++ b/fsdev/virtio-9p-marshal.c
> > @@ -70,8 +70,8 @@ static ssize_t v9fs_unpack(void *dst, struct iovec
> > *out_sg, int out_num,
> > return v9fs_packunpack(dst, out_sg, out_num, offset, size, 0);
> > }
> >
> > -ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
> > - const void *src, size_t size)
> > +static ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
> > + const void *src, size_t size)
> > {
> > return v9fs_packunpack((void *)src, in_sg, in_num, offset, size, 1);
> > }
> > diff --git a/fsdev/virtio-9p-marshal.h b/fsdev/virtio-9p-marshal.h
> > index 0709bcd..766a48e 100644
> > --- a/fsdev/virtio-9p-marshal.h
> > +++ b/fsdev/virtio-9p-marshal.h
> > @@ -3,9 +3,6 @@
> >
> > #include "9p-marshal.h"
> >
> > -
> > -ssize_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
> > - const void *src, size_t size);
> > ssize_t v9fs_unmarshal(struct iovec *out_sg, int out_num, size_t offset,
> > int bswap, const char *fmt, ...);
> > ssize_t v9fs_marshal(struct iovec *in_sg, int in_num, size_t offset,
> > diff --git a/hw/9pfs/virtio-9p.c b/hw/9pfs/virtio-9p.c
> > index 30ff828..654c103 100644
> > --- a/hw/9pfs/virtio-9p.c
> > +++ b/hw/9pfs/virtio-9p.c
> > @@ -1561,6 +1561,7 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU
> > *pdu, V9fsFidState *fidp,
> > size_t offset = 7;
> > int read_count;
> > int64_t xattr_len;
> > +V9fsBlob blob;
> >
> > xattr_len = fidp->fs.xattr.len;
> > read_count = xattr_len - off;
> > @@ -1572,14 +1573,18 @@ static int v9fs_xattr_read(V9fsState *s, V9fsPDU
> > *pdu, V9fsFidState *fidp,
> > */
> > read_count = 0;
> > }
> > -err = pdu_marshal(pdu, offset, "d", read_count);
> > -if (err < 0) {
> > -return err;
> > -}
> > -offset += err;
> > -err = v9fs_pack(pdu->elem.in_sg, pdu->elem.in_num, offset,
> > -((char *)fidp->fs.xattr.value) + off,
> > -read_count);
> > +
> > +v9fs_blob_init(&blob);
> > +
> > +blob.data = g_malloc(read_count);
> > +memcpy(blob.data, ((char *)fidp->fs.xattr.value) + off,
> > + read_count);
> > +blob.size = read_count;
> > +
> > +err = pdu_marshal(pdu, offset, "dB", read_count, &blob);
>
> Is this correct ?
>
> earlier we had read_count
> now we have
> read_count, which is read_count, blob->size, data
>
Yes, you're right. There is an error.
The new code should be
err = pdu_marshal(pdu, offset, "B", &blob);
Thanks for your careful review.
Wei.
>
> -aneesh
>
Re: [Qemu-devel] [PATCH 1/5] migration: split hmp_savevm to do_savevm and hmp_savevm wrapper
On 01/08/2016 09:40 AM, Denis V. Lunev wrote:
Markus' series to add a prefixing notation would be better to use here
(although I didn't check if he caught this one in that series already):
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03495.html
>>> this series is not yet merged. I think that we could do this refactoring
>>> later on.
>>> This thing could be considered independent. Anyway, this series has its
>>> own value
>>> and it takes a lot of time to push it in. Could we do error setting
>>> improvement later on?
>> I don't care who rebases on top of the other, but maybe Markus will have
>> an opinion when he gets back online next week.
>>
> why we have to wait with this set due to this reason?
One of you will have to rebase on the other - either you wait for
Markus' error_prepend to go in and you use it, or your patch goes in and
Markus updates his error_prepend patch to cover your additional instance
that will be benefitted by it. I don't care which, and the timing is
really up to the maintainers and how fast they send pull requests.
> The code with error_prepend and current code are BOTH
> correct. One is a bit shorter then other. Yes, it would
> be nice to switch to it, but why this should be done in
> this set?
Exactly, we're saying the same things.
> +if (local_err != NULL) {
I would have just written 'if (local_err) {'; but that's minor style.
>>> from my point of view explicit != NULL exposes that local_err is a
>>> pointer rather than a boolean value.
>> But the code base already overwhelmingly relies on C's implicit
>> conversion of pointer to a boolean context, as it requires less typing;
>> being verbose doesn't make the code base any easier to read. However,
>> since HACKING doesn't say one way or the other, I won't make you change.
>>
> I do not understand your last words.
>
> I am not agitating you with one approach or another. This
> is a reason why I am writing code this way. The code written
> this way looks better to me. This code is NEW and this does
> not contradict any written rule in coding style policy.
>
> If the code is working and correct, can we just move on with it?
Once again, we are saying the same thing. I pointed out a cosmetic
issue, but one where I do not have a strong enough leg to stand on to
force you to change your style, so what you did is fine as is.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH v2] pc: allow raising low memory via max-ram-below-4g option
On Fri, 8 Jan 2016 13:58:03 +0100
Gerd Hoffmann wrote:
> This patch extends the functionality of the max-ram-below-4g option
> to also allow increasing lowmem. Use case: Give as much memory as
> possible to legacy non-PAE guests.
>
> While being at it also rework the lowmem calculation logic and add a
> longish comment describing how it works and what the compatibility
> constrains are.
CCing Laszlo as it might affect OVMF
>
> Signed-off-by: Gerd Hoffmann
> ---
> hw/i386/pc.c | 2 +-
> hw/i386/pc_piix.c | 61
> +++
> 2 files changed, 40 insertions(+), 23 deletions(-)
>
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 459260b..1332269 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -1887,7 +1887,7 @@ static void pc_machine_initfn(Object *obj)
> pc_machine_get_hotplug_memory_region_size,
> NULL, NULL, NULL, &error_abort);
>
> -pcms->max_ram_below_4g = 1ULL << 32; /* 4G */
> +pcms->max_ram_below_4g = 0xe000; /* 3.5G */
> object_property_add(obj, PC_MACHINE_MAX_RAM_BELOW_4G, "size",
> pc_machine_get_max_ram_below_4g,
> pc_machine_set_max_ram_below_4g,
> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> index 438cdae..3743736 100644
> --- a/hw/i386/pc_piix.c
> +++ b/hw/i386/pc_piix.c
> @@ -87,29 +87,46 @@ static void pc_init1(MachineState *machine,
> PcGuestInfo *guest_info;
> ram_addr_t lowmem;
>
> -/* Check whether RAM fits below 4G (leaving 1/2 GByte for IO memory).
> - * If it doesn't, we need to split it in chunks below and above 4G.
> - * In any case, try to make sure that guest addresses aligned at
> - * 1G boundaries get mapped to host addresses aligned at 1G boundaries.
> - * For old machine types, use whatever split we used historically to
> avoid
> - * breaking migration.
> +/*
> + * Calculate ram split, for memory below and above 4G. It's a bit
> + * complicated for backward compatibility reasons ...
> + *
> + * - Traditional split is 3.5G (lowmem = 0xe000). This is the
> + *default value for max_ram_below_4g now.
> + *
> + * - Then, to gigabyte align the memory, we move the split to 3G
> + *(lowmem = 0xc000). But only in case we have to split in
> + *the first place, i.e. ram_size is larger than (traditional)
> + *lowmem. And for new machine types (gigabyte_align = true)
> + *only, for live migration compatibility reasons.
> + *
> + * - Next the max-ram-below-4g option was added, which allowed to
> + *reduce lowmem to a smaller value, to allow a larger PCI I/O
> + *window below 4G. qemu doesn't enforce gigabyte alignment here,
> + *but prints a warning.
> + *
> + * - Finally max-ram-below-4g got updated to also allow raising lowmem,
> + *so legacy non-PAE guests can get as much memory as possible in
> + *the 32bit address space below 4G.
> + *
> + * Examples:
> + *qemu -M pc-1.7 -m 4G(old default)-> 3584M low, 512M high
> + *qemu -M pc -m 4G(new default)-> 3072M low, 1024M high
> + *qemu -M pc,max-ram-below-4g=2G -m 4G -> 2048M low, 2048M high
> + *qemu -M pc,max-ram-below-4g=4G -m 3968M -> 3968M low (=4G-128M)
> */
> -if (machine->ram_size >= 0xe000) {
> -lowmem = pcmc->gigabyte_align ? 0xc000 : 0xe000;
> -} else {
> -lowmem = 0xe000;
> -}
> -
> -/* Handle the machine opt max-ram-below-4g. It is basically doing
> - * min(qemu limit, user limit).
> - */
> -if (lowmem > pcms->max_ram_below_4g) {
> -lowmem = pcms->max_ram_below_4g;
> -if (machine->ram_size - lowmem > lowmem &&
> -lowmem & ((1ULL << 30) - 1)) {
> -error_report("Warning: Large machine and
> max_ram_below_4g(%"PRIu64
> - ") not a multiple of 1G; possible bad performance.",
> - pcms->max_ram_below_4g);
> +lowmem = pcms->max_ram_below_4g;
> +if (machine->ram_size >= pcms->max_ram_below_4g) {
> +if (pcmc->gigabyte_align) {
> +if (lowmem > 0xc000) {
> +lowmem = 0xc000;
> +}
> +if (lowmem & ((1ULL << 30) - 1)) {
> +error_report("Warning: Large machine and max_ram_below_4g "
> + "(%" PRIu64 ") not a multiple of 1G; "
> + "possible bad performance.",
> + pcms->max_ram_below_4g);
> +}
> }
> }
>
[Qemu-devel] [PATCH 2/2] block: remove legacy_dinfo at blk_detach_dev time
Currently, blockdev_del_drive does a blk_unref (and before it
blockdev_auto_del did the same) that will cause blk_delete to be called
and the DriveInfo to be freed. But really, we want to free the drive info
as soon as the device is detached, even if there are other references
for whatever reason, so that the QemuOpts are freed as well and the id
can be reused.
Signed-off-by: Paolo Bonzini
---
block/block-backend.c | 14 ++
blockdev.c| 7 ---
include/sysemu/blockdev.h | 1 +
3 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 9889e81..a1db52b 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -62,8 +62,6 @@ static const AIOCBInfo block_backend_aiocb_info = {
.aiocb_size = sizeof(BlockBackendAIOCB),
};
-static void drive_info_del(DriveInfo *dinfo);
-
/* All the BlockBackends (except for hidden ones) */
static QTAILQ_HEAD(, BlockBackend) blk_backends =
QTAILQ_HEAD_INITIALIZER(blk_backends);
@@ -160,6 +158,7 @@ static void blk_delete(BlockBackend *blk)
{
assert(!blk->refcnt);
assert(!blk->dev);
+assert(!blk->legacy_dinfo);
if (blk->bs) {
assert(blk->bs->blk == blk);
blk->bs->blk = NULL;
@@ -175,19 +174,26 @@ static void blk_delete(BlockBackend *blk)
QTAILQ_REMOVE(&blk_backends, blk, link);
}
g_free(blk->name);
-drive_info_del(blk->legacy_dinfo);
block_acct_cleanup(&blk->stats);
g_free(blk);
}
-static void drive_info_del(DriveInfo *dinfo)
+void blk_release_legacy_dinfo(BlockBackend *blk)
{
+DriveInfo *dinfo = blk->legacy_dinfo;
+
if (!dinfo) {
return;
}
qemu_opts_del(dinfo->opts);
g_free(dinfo->serial);
g_free(dinfo);
+blk->legacy_dinfo = NULL;
+
+/* We are not interested anymore in retrieving the BlockBackend
+ * via blk_by_legacy_dinfo, so let it die.
+ */
+blk_unref(blk);
}
int blk_get_refcnt(BlockBackend *blk)
diff --git a/blockdev.c b/blockdev.c
index a8309fb..d75be63 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -116,10 +116,10 @@ void override_max_devs(BlockInterfaceType type, int
max_devs)
*/
void blockdev_del_drive(BlockBackend *blk)
{
-DriveInfo *dinfo = blk_legacy_dinfo(blk);
BlockDriverState *bs = blk_bs(blk);
AioContext *aio_context;
+blk_ref(blk);
if (bs) {
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
@@ -131,9 +131,10 @@ void blockdev_del_drive(BlockBackend *blk)
aio_context_release(aio_context);
}
-if (dinfo) {
-blk_unref(blk);
+if (blk_legacy_dinfo(blk)) {
+blk_release_legacy_dinfo(blk);
}
+blk_unref(blk);
}
/**
diff --git a/include/sysemu/blockdev.h b/include/sysemu/blockdev.h
index ae7ad67..5722b9f 100644
--- a/include/sysemu/blockdev.h
+++ b/include/sysemu/blockdev.h
@@ -44,6 +44,7 @@ struct DriveInfo {
DriveInfo *blk_legacy_dinfo(BlockBackend *blk);
DriveInfo *blk_set_legacy_dinfo(BlockBackend *blk, DriveInfo *dinfo);
BlockBackend *blk_by_legacy_dinfo(DriveInfo *dinfo);
+void blk_release_legacy_dinfo(BlockBackend *blk);
void override_max_devs(BlockInterfaceType type, int max_devs);
--
2.5.0
[Qemu-devel] [PATCH 1/2] block: detach devices from DriveInfo at unrealize time
Instead of delaying blk_detach_dev and blockdev_auto_del until
the object is finalized and properties are released, do that
as soon as possible.
This patch replaces blockdev_mark_auto_del calls with blk_detach_dev
and blockdev_del_drive (the latter is a combination of the former
blockdev_mark_auto_del and blockdev_auto_del). We cannot make
blk_detach_dev do both tasks because of the USB mass storage hack.
Signed-off-by: Paolo Bonzini
---
blockdev.c | 21 +
hw/block/virtio-blk.c| 4 +++-
hw/block/xen_disk.c | 1 +
hw/core/qdev-properties-system.c | 2 +-
hw/ide/piix.c| 3 +++
hw/scsi/scsi-bus.c | 4 +++-
hw/usb/dev-storage.c | 3 ++-
include/sysemu/blockdev.h| 4 +---
8 files changed, 19 insertions(+), 23 deletions(-)
diff --git a/blockdev.c b/blockdev.c
index 917ae06..a8309fb 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -110,20 +110,16 @@ void override_max_devs(BlockInterfaceType type, int
max_devs)
/*
* We automatically delete the drive when a device using it gets
* unplugged. Questionable feature, but we can't just drop it.
- * Device models call blockdev_mark_auto_del() to schedule the
- * automatic deletion, and generic qdev code calls blockdev_auto_del()
- * when deletion is actually safe.
+ * Device models call blockdev_del_drive() to schedule the
+ * automatic deletion, and generic block layer code uses the
+ * refcount to do the deletion when it is actually safe.
*/
-void blockdev_mark_auto_del(BlockBackend *blk)
+void blockdev_del_drive(BlockBackend *blk)
{
DriveInfo *dinfo = blk_legacy_dinfo(blk);
BlockDriverState *bs = blk_bs(blk);
AioContext *aio_context;
-if (!dinfo) {
-return;
-}
-
if (bs) {
aio_context = bdrv_get_aio_context(bs);
aio_context_acquire(aio_context);
@@ -135,14 +131,7 @@ void blockdev_mark_auto_del(BlockBackend *blk)
aio_context_release(aio_context);
}
-dinfo->auto_del = 1;
-}
-
-void blockdev_auto_del(BlockBackend *blk)
-{
-DriveInfo *dinfo = blk_legacy_dinfo(blk);
-
-if (dinfo && dinfo->auto_del) {
+if (dinfo) {
blk_unref(blk);
}
}
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 848f3fe..6e51246 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -960,7 +960,9 @@ static void virtio_blk_device_unrealize(DeviceState *dev,
Error **errp)
s->dataplane = NULL;
qemu_del_vm_change_state_handler(s->change);
unregister_savevm(dev, "virtio-blk", s);
-blockdev_mark_auto_del(s->blk);
+blk_detach_dev(s->blk, dev);
+blockdev_del_drive(s->blk);
+s->blk = NULL;
virtio_cleanup(vdev);
}
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index 02eda6e..a6a0b7c 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -1054,6 +1054,7 @@ static void blk_disconnect(struct XenDevice *xendev)
if (blkdev->blk) {
blk_detach_dev(blkdev->blk, blkdev);
+blockdev_del_drive(blkdev->blk);
blk_unref(blkdev->blk);
blkdev->blk = NULL;
}
diff --git a/hw/core/qdev-properties-system.c b/hw/core/qdev-properties-system.c
index 921e799..cf147f4 100644
--- a/hw/core/qdev-properties-system.c
+++ b/hw/core/qdev-properties-system.c
@@ -102,7 +102,7 @@ static void release_drive(Object *obj, const char *name,
void *opaque)
if (*ptr) {
blk_detach_dev(*ptr, dev);
-blockdev_auto_del(*ptr);
+blockdev_del_drive(*ptr);
}
}
diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index 5a26c86..2b2d043 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -181,6 +181,9 @@ int pci_piix3_xen_ide_unplug(DeviceState *dev)
if (ds) {
blk_detach_dev(blk, ds);
}
+if (pci_ide->bus[di->bus].ifs[di->unit].blk) {
+blockdev_del_drive(blk);
+}
pci_ide->bus[di->bus].ifs[di->unit].blk = NULL;
if (!(i % 2)) {
idedev = pci_ide->bus[di->bus].master;
diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
index fd1171e..a805fad 100644
--- a/hw/scsi/scsi-bus.c
+++ b/hw/scsi/scsi-bus.c
@@ -213,7 +213,9 @@ static void scsi_qdev_unrealize(DeviceState *qdev, Error
**errp)
}
scsi_device_purge_requests(dev, SENSE_CODE(NO_SENSE));
-blockdev_mark_auto_del(dev->conf.blk);
+blk_detach_dev(dev->conf.blk, qdev);
+blockdev_del_drive(dev->conf.blk);
+dev->conf.blk = NULL;
}
/* handle legacy '-drive if=scsi,...' cmd line args */
diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c
index 597d8fd..f191011 100644
--- a/hw/usb/dev-storage.c
+++ b/hw/usb/dev-storage.c
@@ -642,7 +642,8 @@ static void usb_msd_realize_storage(USBDevice *dev, Error
**errp)
* blockdev, or else scsi_bus_legacy_add_drive() dies when it
* attaches again.
*
- * The hack is probably a bad idea.
+ * The hack is probably a bad i
Re: [Qemu-devel] [PATCH v4 1/5] Use qemu_strtoul instead of strtol
On 01/08/2016 01:37 AM, Cao jin wrote:
> strtol() don`t guarantee errno to be ERANGE on overflow.
I stand slightly corrected: C99 requires ERANGE on overflow, but not
EINVAL; it is POSIX that adds EINVAL, but does not properly require it.
At any rate, my main point was that errno is not always properly set by
all strtol implementations, and furthermore that you can't rely on it
being set to a sane value if you didn't pre-set it to 0.
> This wrapper returns either -EINVAL or the errno set by strtol()
> function (e.g -ERANGE).
The subject line doesn't start with a topic. Maybe a better commit
message would be:
xen: Use qemu_strtoul instead of strtol
No need to roll our own (with slightly incorrect handling of errno),
when we can use the common version.
>
> Signed-off-by: Cao jin
> ---
> hw/xen/xen-host-pci-device.c | 11 +++
> 1 file changed, 3 insertions(+), 8 deletions(-)
> buf[rc] = 0;
> -value = strtol(buf, &endptr, base);
> -if (endptr == buf || *endptr != '\n') {
> -rc = -1;
> -} else if ((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
> -rc = -errno;
> -} else {
> -rc = 0;
> +rc = qemu_strtoul(buf, &endptr, base, &value);
Why did you switch from strtol() to qemu_strtoul()? Was signed parsing
incorrect, and unsigned parsing a bug fix? If so, please mention it in
the commit message as intentional. Otherwise, use qemu_strtol() (and
adjust the commit message accordingly).
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
[Qemu-devel] [RFC PATCH 0/2] Early release of -drive QemuOpts
In short, this patch gets rid of blockdev_mark_auto_del and blockdev_auto_del. With these patches, it is possible to create a new -drive with the same id as soon as the DEVICE_DELETED event is delivered (which equals to unrealize). I'm sorry I'm not able to explain the history (and probably do not understand the full ramifications) of this. That's why this is just an RFC. The idea here is that reference counting the BlockBackend is enough to defer the deletion of the block device as much as necessary; anticipating the demise of the DriveInfo is not a problem, and has the desired effect of freeing the QemuOpts. Paolo Paolo Bonzini (2): block: detach devices from DriveInfo at unrealize time block: remove legacy_dinfo at blk_detach_dev time block/block-backend.c| 14 blockdev.c | 26 -- hw/block/virtio-blk.c| 4 +++- hw/block/xen_disk.c | 1 + hw/core/qdev-properties-system.c | 2 +- hw/ide/piix.c| 3 +++ hw/scsi/scsi-bus.c | 4 +++- hw/usb/dev-storage.c | 3 ++- include/sysemu/blockdev.h| 5 ++--- 9 files changed, 33 insertions(+), 29 deletions(-) -- 2.5.0
[Qemu-devel] [PATCH] pc: acpi: fix build fail on w32
build fail with warnings on w32 compiler:
hw/acpi/memory_hotplug_acpi_table.c:
In function ‘build_memory_hotplug_aml’:
hw/acpi/memory_hotplug_acpi_table.c:148:
warning: integer constant is too large for ‘long’ type
hw/acpi/memory_hotplug_acpi_table.c:149:
warning: integer constant is too large for ‘long’ type
fix it by expilictly saying that int const is 64bit number
Signed-off-by: Igor Mammedov
---
hw/acpi/memory_hotplug_acpi_table.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/acpi/memory_hotplug_acpi_table.c
b/hw/acpi/memory_hotplug_acpi_table.c
index 20728ac..080d9ad 100644
--- a/hw/acpi/memory_hotplug_acpi_table.c
+++ b/hw/acpi/memory_hotplug_acpi_table.c
@@ -145,8 +145,8 @@ void build_memory_hotplug_aml(Aml *ctx, uint32_t nr_mem,
aml_append(crs_tmpl,
aml_qword_memory(AML_POS_DECODE, AML_MIN_FIXED, AML_MAX_FIXED,
AML_CACHEABLE, AML_READ_WRITE,
- 0, 0x0, 0xFFFE, 0,
- 0x));
+ 0, 0x0, 0xFFFEULL, 0,
+ 0xULL));
aml_append(method, aml_name_decl("MR64", crs_tmpl));
aml_append(method,
aml_create_dword_field(mr64, aml_int(14), "MINL"));
--
1.8.3.1
Re: [Qemu-devel] [PATCH] hmp: avoid redundant null termination of buffer
+-- On Fri, 8 Jan 2016, Wolfgang Bumiller wrote --+
| On Fri, Jan 08, 2016 at 07:29:31PM +0530, P J P wrote:
| > + if (!strncmp(keyname_buf, "<-", 2))
| > and remove the 'keyname_len' altogether.
|
| This wouldn't catch '<' without '-'. (`sendkey <`)
| Also, strncmp with a length of 1 (in the original) seems weird.
Ah, true.
| keyname_len is not useless and perhaps it would be best to just do an
| early error check there as I do below.
|
| Alternatively the if() can simply happen after pstrcpy() as a cut-off
| error should be good enough anyway.
|
| @@ -1749,6 +1749,9 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
| while (1) {
| separator = strchr(keys, '-');
| keyname_len = separator ? separator - keys : strlen(keys);
| +if (keyname_len >= sizeof(keyname_buf))
| +goto err_out;
| +
| pstrcpy(keyname_buf, sizeof(keyname_buf), keys);
Yes, this looks good. With that, maybe 'keyname_len' could be sent to
pstrcpy() above, instead of sizeof(keyname_buf)? If so, then the subsequent if
could say: if (!strcmp(keyname_buf, "<")).
--
- P J P
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Re: [Qemu-devel] [PATCH 3/6] nvdimm acpi: introduce patched dsm memory
On Fri, 8 Jan 2016 11:40:53 +0800
Xiao Guangrong wrote:
> On 01/07/2016 07:04 PM, Igor Mammedov wrote:
> > On Wed, 6 Jan 2016 23:39:04 +0800
> > Xiao Guangrong wrote:
> >
> >> On 01/06/2016 11:23 PM, Igor Mammedov wrote:
> >>> On Tue, 5 Jan 2016 02:52:05 +0800
> >>> Xiao Guangrong wrote:
> >>>
> The dsm memory is used to save the input parameters and store
> the dsm result which is filled by QEMU.
>
> The address of dsm memory is decided by bios and patched into
> int64 object returned by "MEMA" method
>
> Signed-off-by: Xiao Guangrong
> ---
> hw/acpi/aml-build.c | 12
> hw/acpi/nvdimm.c| 24 ++--
> include/hw/acpi/aml-build.h | 1 +
> 3 files changed, 35 insertions(+), 2 deletions(-)
>
> diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
> index 78e1290..83eadb3 100644
> --- a/hw/acpi/aml-build.c
> +++ b/hw/acpi/aml-build.c
> @@ -394,6 +394,18 @@ Aml *aml_int(const uint64_t val)
> }
>
> /*
> + * ACPI 1.0b: 16.2.3 Data Objects Encoding:
> + * encode: QWordConst
> + */
> +Aml *aml_int64(const uint64_t val)
> +{
> +Aml *var = aml_alloc();
> +build_append_byte(var->buf, 0x0E); /* QWordPrefix */
> +build_append_int_noprefix(var->buf, val, 8);
> +return var;
> +}
> +
> +/*
> * helper to construct NameString, which returns Aml object
> * for using with aml_append or other aml_* terms
> */
> diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
> index bc7cd8f..a72104c 100644
> --- a/hw/acpi/nvdimm.c
> +++ b/hw/acpi/nvdimm.c
> @@ -28,6 +28,7 @@
>
> #include "hw/acpi/acpi.h"
> #include "hw/acpi/aml-build.h"
> +#include "hw/acpi/bios-linker-loader.h"
> #include "hw/nvram/fw_cfg.h"
> #include "hw/mem/nvdimm.h"
>
> @@ -402,7 +403,8 @@ void nvdimm_init_acpi_state(AcpiNVDIMMState *state,
> MemoryRegion *io,
> state->dsm_mem->len);
> }
>
> -#define NVDIMM_COMMON_DSM "NCAL"
> +#define NVDIMM_GET_DSM_MEM "MEMA"
> +#define NVDIMM_COMMON_DSM "NCAL"
>
> static void nvdimm_build_common_dsm(Aml *dev)
> {
> @@ -468,7 +470,8 @@ static void nvdimm_build_ssdt(GSList *device_list,
> GArray *table_offsets,
> GArray *table_data, GArray *linker,
> uint8_t revision)
> {
> -Aml *ssdt, *sb_scope, *dev;
> +Aml *ssdt, *sb_scope, *dev, *method;
> +int offset;
>
> acpi_add_table(table_offsets, table_data);
>
> @@ -499,9 +502,26 @@ static void nvdimm_build_ssdt(GSList *device_list,
> GArray *table_offsets,
>
> aml_append(sb_scope, dev);
>
> +/*
> + * leave it at the end of ssdt so that we can conveniently get the
> + * offset of int64 object returned by the function which will be
> + * patched with the real address of the dsm memory by BIOS.
> + */
> +method = aml_method(NVDIMM_GET_DSM_MEM, 0, AML_NOTSERIALIZED);
> +aml_append(method, aml_return(aml_int64(0x0)));
> >>> there is no need in dedicated aml_int64(), you can use
> >>> aml_int(0x64) trick
> >>
> >> We can not do this due to the trick in bios_linker_loader_add_pointer()
> >> which will
> >> issue a COMMAND_ADD_POINTER to BIOS, however, this request does:
> >> /*
> >>* COMMAND_ADD_POINTER - patch the table (originating from
> >>* @dest_file) at @pointer.offset, by adding a pointer to the
> >> table
> >>* originating from @src_file. 1,2,4 or 8 byte unsigned
> >>* addition is used depending on @pointer.size.
> >>*/
> >>
> >> that means the new-offset = old-offset + the address of the new table
> >> allocated by BIOS.
> >>
> >> So we expect 0 offset here.
> > perhaps I'm blind but I don't see bios_linker_loader_add_pointer() using
> > value stored in aml_int() in any way, see below.
> >
> >>
> >>>
> +aml_append(sb_scope, method);
> aml_append(ssdt, sb_scope);
> /* copy AML table into ACPI tables blob and patch header there */
> g_array_append_vals(table_data, ssdt->buf->data, ssdt->buf->len);
> +
> +offset = table_data->len - 8;
> +
> +bios_linker_loader_alloc(linker, NVDIMM_DSM_MEM_FILE,
> TARGET_PAGE_SIZE,
> + false /* high memory */);
> +bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
> + NVDIMM_DSM_MEM_FILE, table_data,
> + table_data->data + offset,
> > here table_data->data + offset is a
[Qemu-devel] [RFC PATCH 2/3] tb-annotation: Add control flow graph mapper
Added helper function at the start of every TranslationBlock
that maps the sequence of static basic blocks (obtained from
the XML file) to the current TranslationBlock. The helper also
accumulates the values that are annotated on the corresponding
edges of the control flow graph.
Signed-off-by: Peer Adelt
---
include/exec/gen-icount.h | 18 +
tcg-runtime.c | 99 +++
tcg/tcg-runtime.h | 4 ++
3 files changed, 121 insertions(+)
diff --git a/include/exec/gen-icount.h b/include/exec/gen-icount.h
index 05d89d3..0b8821b 100644
--- a/include/exec/gen-icount.h
+++ b/include/exec/gen-icount.h
@@ -14,6 +14,11 @@ static inline void gen_tb_start(TranslationBlock *tb)
TCGv_i32 count, flag, imm;
int i;
+#ifdef CONFIG_TB_ANNOTATION
+TCGv_ptr annotation_ptr;
+TCGv_i64 pc;
+#endif
+
exitreq_label = gen_new_label();
flag = tcg_temp_new_i32();
tcg_gen_ld_i32(flag, cpu_env,
@@ -21,6 +26,17 @@ static inline void gen_tb_start(TranslationBlock *tb)
tcg_gen_brcondi_i32(TCG_COND_NE, flag, 0, exitreq_label);
tcg_temp_free_i32(flag);
+#ifdef CONFIG_TB_ANNOTATION
+pc = tcg_const_i64(tb->pc);
+annotation_ptr = tcg_temp_new_ptr();
+tcg_gen_ld_ptr(annotation_ptr, cpu_env,
+ -ENV_OFFSET + offsetof(CPUState, tb_annotation));
+
+gen_helper_annotation(pc, annotation_ptr);
+tcg_temp_free_i64(pc);
+tcg_temp_free_ptr(annotation_ptr);
+#endif
+
if (!(tb->cflags & CF_USE_ICOUNT)) {
return;
}
@@ -45,6 +61,8 @@ static inline void gen_tb_start(TranslationBlock *tb)
tcg_gen_st16_i32(count, cpu_env,
-ENV_OFFSET + offsetof(CPUState, icount_decr.u16.low));
tcg_temp_free_i32(count);
+
+
}
static void gen_tb_end(TranslationBlock *tb, int num_insns)
diff --git a/tcg-runtime.c b/tcg-runtime.c
index 9daba69..fc2526c 100644
--- a/tcg-runtime.c
+++ b/tcg-runtime.c
@@ -29,6 +29,10 @@
#include "exec/helper-head.h"
+#ifdef CONFIG_TB_ANNOTATION
+#include "tb-annotation/tb-annotation.h"
+#endif
+
#define DEF_HELPER_FLAGS_2(name, flags, ret, t1, t2) \
dh_ctype(ret) HELPER(name) (dh_ctype(t1), dh_ctype(t2));
@@ -107,3 +111,98 @@ int64_t HELPER(mulsh_i64)(int64_t arg1, int64_t arg2)
muls64(&l, &h, arg1, arg2);
return h;
}
+
+#ifdef CONFIG_TB_ANNOTATION
+static inline void take_final_edge(TbAnnotation *env, TbAnnotationEdge *edge)
+{
+/* Store current context and block */
+env->last_ctx = edge->target_context;
+env->last_block = edge->target;
+/* Accumulate value */
+env->value_sum += edge->value;
+}
+
+static inline void take_edge(TbAnnotation *env, TbAnnotationEdge *edge)
+{
+TbAnnotationLeavingEdgeTuple *out;
+
+/* Store current context and block */
+env->last_ctx = edge->target_context;
+env->last_block = edge->target;
+/* Accumulate value */
+env->value_sum += edge->value;
+
+/* Check whether we are at the end of our analysis... */
+if (env->last_block->out_edges_hash_table != NULL) {
+out = g_hash_table_lookup(env->last_block->out_edges_hash_table,
+ env->last_ctx);
+if (out != NULL && out->out1->target->is_end_block) {
+take_final_edge(env, out->out1);
+}
+}
+}
+
+void HELPER(annotation)(uint64_t pc, void *opaque)
+{
+TbAnnotation *env = (TbAnnotation *) opaque;
+TbAnnotationBlock *b;
+TbAnnotationLeavingEdgeTuple *out;
+
+if (!env) {
+return;
+}
+
+/* does the block corresponding to pc exist? */
+if (!g_hash_table_contains(env->tb_annotation_blocks, &pc)) {
+return;
+}
+/* if last_block == NULL we're in the first block */
+if (env->last_block == NULL) {
+
+b = (TbAnnotationBlock *)g_hash_table_lookup(env->tb_annotation_blocks,
+ &pc);
+env->last_block = b;
+
+} else {
+/* while not reached block with current pc (target)
+ * take the next distinct edge if it exists
+ * otherwise we're one edge away from the target and
+ * take the edge directly leading to the target
+ */
+out = g_hash_table_lookup(env->last_block->out_edges_hash_table,
+ env->last_ctx);
+
+while (out != NULL && out->out2 == NULL) {
+/* We found a distinct path to "out1" */
+take_edge(env, out->out1);
+
+/* Have we reached our target? */
+if (env->last_block->address == pc) {
+return;
+}
+
+/* Get the current out edge tuple */
+out = g_hash_table_lookup(env->last_block->out_edges_hash_table,
+ env->last_ctx);
+}
+
+/* If we get here, we are on a branch block.
+ Take the edge leading to the target. */
+if (out != NULL && out->out1->target->address == pc)
[Qemu-devel] [RFC PATCH 0/3] TranslationBlock annotation mechanism
Hey guys We have developed a generic concept to annotate TranslationBlocks during runtime. The initial idea was to use it for time annotation with data from static analysis tools. However, we have kept this approach as generic as possible to allow other kinds of annotation (e.g. power consumption, etc.). Our extension expects an XML file specifying the CFG of the program (similar to what you get from "gcc -ftree-dump-cfg"), where the edges are annotated with the data, that QEMU ought to accumulate during program execution. Each edge has a source and target context in which it is executed. For example: a for-loop that runs several times has its own context dependent edge for each iteration. We plan on making this more flexible by allowing to specify iterative context edges, i.e. from context n to context n+1. This approach is not limited to one target architecture but we only tested it for ARM and TriCore so far. To show the current state of this patch we have attached a very small example consisting of an ARM STM32F205 program and a timing annotation XML file. You can provide the XML file to QEMU with the "-annotation " option. During execution, the "value_sum" field of the CPUState data structure will accumulate a total value of 70 (cycles). Are there any comments? Is this in general a good idea to be added to upstream QEMU? All the best, Peer Peer Adelt (3): tb-annotation: Added annotation XML file parser tb-annotation: Add control flow graph mapper tb-annotation: Activate annotation extension Makefile | 5 +- Makefile.objs| 4 + Makefile.target | 4 +- configure| 13 ++ include/exec/gen-icount.h| 18 +++ include/qom/cpu.h| 9 ++ include/tb-annotation/tb-annotation-parser.h | 29 + include/tb-annotation/tb-annotation.h| 64 ++ qemu-options.hx | 8 ++ tb-annotation/Makefile.objs | 1 + tb-annotation/tb-annotation-parser.c | 174 +++ tcg-runtime.c| 99 +++ tcg/tcg-runtime.h| 4 + vl.c | 25 14 files changed, 454 insertions(+), 3 deletions(-) create mode 100644 include/tb-annotation/tb-annotation-parser.h create mode 100644 include/tb-annotation/tb-annotation.h create mode 100644 tb-annotation/Makefile.objs create mode 100644 tb-annotation/tb-annotation-parser.c -- 2.5.0 annotation-example-project.tar.bz2 Description: application/bzip
[Qemu-devel] [RFC PATCH 3/3] tb-annotation: Activate annotation extension
This changeset activates the TranslationBlock annotation
mechanism for the QEMU system mode.
Signed-off-by: Peer Adelt
---
Makefile| 5 +++--
Makefile.objs | 4
Makefile.target | 4 +++-
configure | 13 +
qemu-options.hx | 8
tb-annotation/Makefile.objs | 1 +
vl.c| 25 +
7 files changed, 57 insertions(+), 3 deletions(-)
create mode 100644 tb-annotation/Makefile.objs
diff --git a/Makefile b/Makefile
index 82b2fc8..c351b31 100644
--- a/Makefile
+++ b/Makefile
@@ -161,7 +161,8 @@ dummy := $(call unnest-vars,, \
qom-obj-y \
io-obj-y \
common-obj-y \
-common-obj-m)
+common-obj-m \
+ annotation-obj-y)
ifneq ($(wildcard config-host.mak),)
include $(SRC_PATH)/tests/Makefile
@@ -204,7 +205,7 @@ subdir-dtc:dtc/libfdt dtc/tests
dtc/%:
mkdir -p $@
-$(SUBDIR_RULES): libqemuutil.a libqemustub.a $(common-obj-y) $(qom-obj-y)
$(crypto-aes-obj-$(CONFIG_USER_ONLY))
+$(SUBDIR_RULES): libqemuutil.a libqemustub.a $(common-obj-y) $(qom-obj-y)
$(crypto-aes-obj-$(CONFIG_USER_ONLY)) $(annotation-obj-$(CONFIG_TB_ANNOTATION))
ROMSUBDIR_RULES=$(patsubst %,romsubdir-%, $(ROMS))
romsubdir-%:
diff --git a/Makefile.objs b/Makefile.objs
index dac2c02..9b64358 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -116,3 +116,7 @@ qga-vss-dll-obj-y = qga/
# contrib
ivshmem-client-obj-y = contrib/ivshmem-client/
ivshmem-server-obj-y = contrib/ivshmem-server/
+
+##
+# annotation
+annotation-obj-y = tb-annotation/
\ No newline at end of file
diff --git a/Makefile.target b/Makefile.target
index 34ddb7e..50a969d 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -178,7 +178,8 @@ dummy := $(call unnest-vars,.., \
qom-obj-y \
io-obj-y \
common-obj-y \
- common-obj-m)
+ common-obj-m \
+ annotation-obj-y)
target-obj-y := $(target-obj-y-save)
all-obj-y += $(common-obj-y)
all-obj-y += $(target-obj-y)
@@ -187,6 +188,7 @@ all-obj-$(CONFIG_SOFTMMU) += $(block-obj-y)
all-obj-$(CONFIG_USER_ONLY) += $(crypto-aes-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(crypto-obj-y)
all-obj-$(CONFIG_SOFTMMU) += $(io-obj-y)
+all-obj-$(CONFIG_TB_ANNOTATION) += $(annotation-obj-y)
$(QEMU_PROG_BUILD): config-devices.mak
diff --git a/configure b/configure
index 83b40fc..5e72e06 100755
--- a/configure
+++ b/configure
@@ -345,6 +345,7 @@ vhdx=""
numa=""
tcmalloc="no"
jemalloc="no"
+tbannotation="no"
# parse CC options first
for opt do
@@ -1169,6 +1170,10 @@ for opt do
;;
--enable-jemalloc) jemalloc="yes"
;;
+ --disable-tbannotation) tbannotation="no"
+ ;;
+ --enable-tbannotation) tbannotation="yes"
+ ;;
*)
echo "ERROR: unknown option $opt"
echo "Try '$0 --help' for more information"
@@ -1391,6 +1396,7 @@ disabled with --disable-FEATURE, default is enabled if
available:
numalibnuma support
tcmalloctcmalloc support
jemallocjemalloc support
+ tbannotationTB annotation support
NOTE: The object files are built at the place where configure is launched
EOF
@@ -4855,6 +4861,7 @@ echo "bzip2 support $bzip2"
echo "NUMA host support $numa"
echo "tcmalloc support $tcmalloc"
echo "jemalloc support $jemalloc"
+echo "TB annotation support $tbannotation"
if test "$sdl_too_old" = "yes"; then
echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -5400,6 +5407,12 @@ if test "$rdma" = "yes" ; then
echo "CONFIG_RDMA=y" >> $config_host_mak
fi
+if test "$tbannotation" = "yes" ; then
+ echo "CONFIG_TB_ANNOTATION=y" >> $config_host_mak
+ echo "LIBS+=-lxml2" >> $config_host_mak
+ QEMU_CFLAGS="-I/usr/include/libxml2 $QEMU_CFLAGS"
+fi
+
# Hold two types of flag:
# CONFIG_THREAD_SETNAME_BYTHREAD - we've got a way of setting the name on
# a thread we have a handle to
diff --git a/qemu-options.hx b/qemu-options.hx
index 215d00d..e3d9df9 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2737,6 +2737,14 @@ Use @var{bzImage} as kernel image. The kernel can be
either a Linux kernel
or in multiboot format.
ETEXI
+DEF("annotation", HAS_ARG, QEMU_OPTION_annotation, \
+"-annotation tbAnnotation use 'tbAnnotation' as annotation file\n",
QEMU_ARCH_ALL)
+STEXI
+@item -annotation @var{tbAnnotation}
+@findex -annotation
+Use @var{tbAnnotation} as annotation file. TODO: specify file format...
+ETEXI
+
DEF("append", HAS_ARG, QEMU_OPTION_append, \
"-append cmdline use 'cmdline' as kernel command line\n", QEMU_ARCH_ALL)
STEXI
diff --git a/tb-annotation/Makefile.objs b/tb-annotation/Makefile.objs
new file mode 100644
index 000..468cd42
--- /dev/null
+++ b/tb-annotation/Makefile.objs
@@ -0,0 +1 @@
[Qemu-devel] [RFC PATCH 1/3] tb-annotation: Added annotation XML file parser
The XML file contains a control flow graph, where each edge
is annotated with a context-dependent value. The parser reads
this information into a data structure within CPUState.
Signed-off-by: Peer Adelt
---
include/qom/cpu.h| 9 ++
include/tb-annotation/tb-annotation-parser.h | 29 +
include/tb-annotation/tb-annotation.h| 64 ++
tb-annotation/tb-annotation-parser.c | 174 +++
4 files changed, 276 insertions(+)
create mode 100644 include/tb-annotation/tb-annotation-parser.h
create mode 100644 include/tb-annotation/tb-annotation.h
create mode 100644 tb-annotation/tb-annotation-parser.c
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 51a1323..afc532b 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -30,6 +30,10 @@
#include "qemu/thread.h"
#include "qemu/typedefs.h"
+#ifdef CONFIG_TB_ANNOTATION
+#include "tb-annotation/tb-annotation.h"
+#endif
+
typedef int (*WriteCoreDumpFunction)(const void *buf, size_t size,
void *opaque);
@@ -329,6 +333,11 @@ struct CPUState {
*/
bool throttle_thread_scheduled;
+#ifdef CONFIG_TB_ANNOTATION
+/* Used to annotate cpu state during tb execution */
+TbAnnotation *tb_annotation;
+#endif
+
/* Note that this is accessed at the start of every TB via a negative
offset from AREG0. Leave this field at the end so as to make the
(absolute value) offset as small as possible. This reduces code
diff --git a/include/tb-annotation/tb-annotation-parser.h
b/include/tb-annotation/tb-annotation-parser.h
new file mode 100644
index 000..aacab8e
--- /dev/null
+++ b/include/tb-annotation/tb-annotation-parser.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2015-2016 Bastian Koppelmann
+ * Peer Adelt
+ * C-Lab/Paderborn University
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
[Qemu-devel] [PATCH] qapi: Update docs to match recent generated changes, part 2
[Either worth squashing into a single patch with the posted
v8 14.5/35 and sinking it to the end of the series, or else
splitting it into pieces and squashing per patch that makes a
change to generated output]
Signed-off-by: Eric Blake
---
v9: new patch
---
docs/qapi-code-gen.txt | 51 ++
1 file changed, 31 insertions(+), 20 deletions(-)
diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
index f9b1d0c..b21e247 100644
--- a/docs/qapi-code-gen.txt
+++ b/docs/qapi-code-gen.txt
@@ -820,11 +820,8 @@ Example:
void qapi_free_UserDefOne(UserDefOne *obj);
struct UserDefOneList {
-union {
-UserDefOne *value;
-uint64_t padding;
-};
UserDefOneList *next;
+UserDefOne *value;
};
void qapi_free_UserDefOneList(UserDefOneList *obj);
@@ -878,8 +875,10 @@ Example:
void visit_type_UserDefOne(Visitor *v, const char *name, UserDefOne **obj,
Error **errp)
{
Error *err = NULL;
+bool allocated;
-visit_start_struct(v, name, (void **)obj, "UserDefOne",
sizeof(UserDefOne), &err);
+allocated = visit_start_struct(v, name, (void **)obj,
sizeof(UserDefOne),
+ &err);
if (err) {
goto out;
}
@@ -887,10 +886,16 @@ Example:
goto out_obj;
}
visit_type_UserDefOne_fields(v, obj, &err);
+if (err) {
+goto out_obj;
+}
+visit_check_struct(v, &err);
out_obj:
-error_propagate(errp, err);
-err = NULL;
-visit_end_struct(v, &err);
+visit_end_struct(v);
+if (allocated && err) {
+qapi_free_UserDefOne(*obj);
+*obj = NULL;
+}
out:
error_propagate(errp, err);
}
@@ -898,24 +903,30 @@ Example:
void visit_type_UserDefOneList(Visitor *v, const char *name,
UserDefOneList **obj, Error **errp)
{
Error *err = NULL;
-GenericList *i, **prev;
+UserDefOneList *eld;
+bool allocated;
-visit_start_list(v, name, &err);
+allocated = visit_start_list(v, name, (GenericList **)obj,
sizeof(UserDefOneList), &err);
if (err) {
goto out;
}
-
-for (prev = (GenericList **)obj;
- !err && (i = visit_next_list(v, prev, &err)) != NULL;
- prev = &i) {
-UserDefOneList *native_i = (UserDefOneList *)i;
-visit_type_UserDefOne(v, NULL, &native_i->value, &err);
+elt = *obj;
+while (elt) {
+visit_type_UserDefOne(v, NULL, &elt->value, &err);
+if (err) {
+break;
+}
+elt = (UserDefOneList *)visit_next_list(v, (GenericList *)elt,
sizeof(UserDefOneList), &err);
+if (err) {
+break;
+}
}
-
-error_propagate(errp, err);
-err = NULL;
-visit_end_list(v, &err);
+visit_end_list(v);
out:
+if (allocated && err) {
+qapi_free_UserDefOneList(*obj);
+*obj = NULL;
+}
error_propagate(errp, err);
}
$ cat qapi-generated/example-qapi-visit.h
--
2.4.3
Re: [Qemu-devel] [RFC 0/2] tcg-icount: Add and use tcg_set_insn_param to update tcg insn params
On 01/08/2016 08:25 AM, Edgar E. Iglesias wrote: > To do so, we'd need to first emit the insn_start and then after translating > the > given target-insn, update the insn_start parameters with the decoded insn > details. Fair enough. > Any thoughts on this approach? Or ideas on better options to achieve this? This looks like a nice cleanup already. Reviewed-by: Richard Henderson r~
Re: [Qemu-devel] [PATCH 1/5] migration: split hmp_savevm to do_savevm and hmp_savevm wrapper
On 01/08/2016 07:14 PM, Eric Blake wrote:
On 01/08/2016 04:27 AM, Denis V. Lunev wrote:
/* Delete old snapshots of the same name */
if (name && bdrv_all_delete_snapshot(name, &bs1, &local_err) <
0) {
-monitor_printf(mon,
- "Error while deleting snapshot on device
'%s': %s\n",
- bdrv_get_device_name(bs1),
error_get_pretty(local_err));
+error_setg(errp, "Error while deleting snapshot on device
'%s': %s",
+ bdrv_get_device_name(bs1),
error_get_pretty(local_err));
Markus' series to add a prefixing notation would be better to use here
(although I didn't check if he caught this one in that series already):
https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03495.html
this series is not yet merged. I think that we could do this refactoring
later on.
This thing could be considered independent. Anyway, this series has its
own value
and it takes a lot of time to push it in. Could we do error setting
improvement later on?
I don't care who rebases on top of the other, but maybe Markus will have
an opinion when he gets back online next week.
why we have to wait with this set due to this reason?
The code with error_prepend and current code are BOTH
correct. One is a bit shorter then other. Yes, it would
be nice to switch to it, but why this should be done in
this set?
This set solves real problem which has not been addressed
for a long time. Let's proceed, cool and shiny stuff
could be done later on, when it will be merged.
Moreover, merging this set will make my life easier
with merging these changes to our downstream.
Fixes will be merged while improvements will stay
in upstream only.
+
+if (local_err != NULL) {
I would have just written 'if (local_err) {'; but that's minor style.
from my point of view explicit != NULL exposes that local_err is a
pointer rather than a boolean value.
But the code base already overwhelmingly relies on C's implicit
conversion of pointer to a boolean context, as it requires less typing;
being verbose doesn't make the code base any easier to read. However,
since HACKING doesn't say one way or the other, I won't make you change.
I do not understand your last words.
I am not agitating you with one approach or another. This
is a reason why I am writing code this way. The code written
this way looks better to me. This code is NEW and this does
not contradict any written rule in coding style policy.
If the code is working and correct, can we just move on with it?
Den
Re: [Qemu-devel] [PATCH v2] target-mips: Fix ALIGN instruction when bp=0
Hi Miodrag,
Thanks for the fix; I've applied it to the target-mips queue (in future
please send patches inline).
Thanks,
Leon
On 04/01/16 15:52, Miodrag Dinic wrote:
> Hello Aurelien,
>
> thanks for your comments and review.
> Version 2 of the patch is in the attachment.
>
> Diff between versions 1 & 2 according to your comments is :
>
> diff --git a/target-mips/translate.c b/target-mips/translate.c
> index f20678c..d2443d3 100644
> --- a/target-mips/translate.c
> +++ b/target-mips/translate.c
> @@ -4632,12 +4632,13 @@ static void gen_align(DisasContext *ctx, int opc, int
> rd, int rs, int rt,
> if (bp == 0) {
> switch (opc) {
> case OPC_ALIGN:
> +tcg_gen_ext32s_tl(cpu_gpr[rd], t0);
> +break;
> #if defined(TARGET_MIPS64)
> -tcg_gen_ext32s_i64(cpu_gpr[rd], t0);
> +case OPC_DALIGN:
> +tcg_gen_mov_tl(cpu_gpr[rd], t0);
> break;
> #endif
> -default:
> -tcg_gen_mov_tl(cpu_gpr[rd], t0);
> }
> } else {
> TCGv t1 = tcg_temp_new();
>
> * As you suggested I used tcg_gen_ext32s_tl() instead of tcg_gen_ext32s_i64()
> for the OPC_ALIGN case.
>
> * I've kept the "TARGET_MIPS64" ifdef guard for the OPC_DALIGN case, to keep
> the change in-line with the rest of the code where this 64-bit instruction
> opcode is used.
>
> Thank you.
>
> Regards,
> Miodrag
>
>
> From: Aurelien Jarno [aurel...@aurel32.net]
> Sent: Friday, January 01, 2016 2:02 PM
> To: Miodrag Dinic
> Cc: qemu-devel@nongnu.org; Petar Jovanovic
> Subject: Re: [PATCH] target-mips: Fix ALIGN instruction when bp=0
>
> [snip]
>
>> From e01539a11061c447bece8dccde1715da9534024d Mon Sep 17 00:00:00 2001
>> From: Miodrag Dinic
>> Date: Thu, 3 Dec 2015 16:48:57 +0100
>> Subject: [PATCH] target-mips: Fix ALIGN instruction when bp=0
>>
>> If executing ALIGN with shift count bp=0 within mips64 emulation,
>> the result of the operation should be sign extended.
>>
>> Taken from the official documentation (pseudo code) :
>>
>> ALIGN:
>> tmp_rt_hi = unsigned_word(GPR[rt]) << (8*bp)
>> tmp_rs_lo = unsigned_word(GPR[rs]) >> (8*(4-bp))
>> tmp = tmp_rt_hi || tmp_rt_lo
>> GPR[rd] = sign_extend.32(tmp)
>>
>> Signed-off-by: Miodrag Dinic
>> ---
>> target-mips/translate.c | 10 +-
>> 1 file changed, 9 insertions(+), 1 deletion(-)
>>
>> diff --git a/target-mips/translate.c b/target-mips/translate.c
>> index 5626647..f20678c 100644
>> --- a/target-mips/translate.c
>> +++ b/target-mips/translate.c
>> @@ -4630,7 +4630,15 @@ static void gen_align(DisasContext *ctx, int opc, int
>> rd, int rs, int rt,
>> t0 = tcg_temp_new();
>> gen_load_gpr(t0, rt);
>> if (bp == 0) {
>> -tcg_gen_mov_tl(cpu_gpr[rd], t0);
>> +switch (opc) {
>> +case OPC_ALIGN:
>> +#if defined(TARGET_MIPS64)
>> +tcg_gen_ext32s_i64(cpu_gpr[rd], t0);
>> +break;
>> +#endif
>
> The way to fix that is basically ok. However you should just use
> tcg_gen_ext32s_tl instead of tcg_gen_ext32s_i64 and drop the
> TARGET_MIPS64 #ifdef.
>
>> +default:
>
> Then you can replace this by OPC_DALIGN for more clarity.
>
>> +tcg_gen_mov_tl(cpu_gpr[rd], t0);
>> +}
>> } else {
>> TCGv t1 = tcg_temp_new();
>> gen_load_gpr(t1, rs);
>
> The resulting binary code should be the same, but less #ifdef means less
> risk of breakage, as the code is always compiled.
>
> --
> Aurelien Jarno GPG: 4096R/1DDD8C9B
> aurel...@aurel32.net http://www.aurel32.net
>
[Qemu-devel] [RFC 2/2] gen-icount: Use tcg_set_insn_param
From: "Edgar E. Iglesias"
Use tcg_set_insn_param() instead of directly accessing internal
tcg data structures to update an insn param.
Signed-off-by: Edgar E. Iglesias
---
include/exec/gen-icount.h | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/include/exec/gen-icount.h b/include/exec/gen-icount.h
index 05d89d3..a011324 100644
--- a/include/exec/gen-icount.h
+++ b/include/exec/gen-icount.h
@@ -5,14 +5,13 @@
/* Helpers for instruction counting code generation. */
-static TCGArg *icount_arg;
+static int icount_start_insn_idx;
static TCGLabel *icount_label;
static TCGLabel *exitreq_label;
static inline void gen_tb_start(TranslationBlock *tb)
{
TCGv_i32 count, flag, imm;
-int i;
exitreq_label = gen_new_label();
flag = tcg_temp_new_i32();
@@ -31,13 +30,12 @@ static inline void gen_tb_start(TranslationBlock *tb)
-ENV_OFFSET + offsetof(CPUState, icount_decr.u32));
imm = tcg_temp_new_i32();
+/* We emit a movi with a dummy immediate argument. Keep the insn index
+ * of the movi so that we later (when we know the actual insn count)
+ * can update the immediate argument with the actual insn count. */
+icount_start_insn_idx = tcg_op_buf_count();
tcg_gen_movi_i32(imm, 0xdeadbeef);
-/* This is a horrid hack to allow fixing up the value later. */
-i = tcg_ctx.gen_last_op_idx;
-i = tcg_ctx.gen_op_buf[i].args;
-icount_arg = &tcg_ctx.gen_opparam_buf[i + 1];
-
tcg_gen_sub_i32(count, count, imm);
tcg_temp_free_i32(imm);
@@ -53,7 +51,9 @@ static void gen_tb_end(TranslationBlock *tb, int num_insns)
tcg_gen_exit_tb((uintptr_t)tb + TB_EXIT_REQUESTED);
if (tb->cflags & CF_USE_ICOUNT) {
-*icount_arg = num_insns;
+/* Update the num_insn immediate parameter now that we know
+ * the actual insn count. */
+tcg_set_insn_param(icount_start_insn_idx, 1, num_insns);
gen_set_label(icount_label);
tcg_gen_exit_tb((uintptr_t)tb + TB_EXIT_ICOUNT_EXPIRED);
}
--
1.9.1
[Qemu-devel] [RFC 1/2] tcg: Add tcg_set_insn_param
From: "Edgar E. Iglesias"
Add tcg_set_insn_param as a mechanism to modify an insn
parameter after emiting the insn. This is useful for icount
and also for embedding fault information for a specific insn.
Signed-off-by: Edgar E. Iglesias
---
tcg/tcg.h | 6 ++
1 file changed, 6 insertions(+)
diff --git a/tcg/tcg.h b/tcg/tcg.h
index a696922..9f2f4b8 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -585,6 +585,12 @@ struct TCGContext {
extern TCGContext tcg_ctx;
+static inline void tcg_set_insn_param(int op_idx, int arg, TCGArg v)
+{
+int op_argi = tcg_ctx.gen_op_buf[op_idx].args;
+tcg_ctx.gen_opparam_buf[op_argi + arg] = v;
+}
+
/* The number of opcodes emitted so far. */
static inline int tcg_op_buf_count(void)
{
--
1.9.1
[Qemu-devel] [RFC 0/2] tcg-icount: Add and use tcg_set_insn_param to update tcg insn params
From: "Edgar E. Iglesias" Hi, On AArch64, when some load/stores trap under specific conditions, a set of detailed info describing the insn is provided to the trap handler (e.g size of the access, target registers, insn-length mode etc). This specific info is known at translation time and Peter suggested that we have a look at the insn_start mechanism to see if we can reuse it to pass along the info to the exception handling models. This would avoid the need for moves that slow down the non-trapping case. To do so, we'd need to first emit the insn_start and then after translating the given target-insn, update the insn_start parameters with the decoded insn details. I noticed that icount does a similar thing where it emits a movi and later updates the immediate parameter with the real insn counter. These patches illustrate a possible change by updating the icount code to use a new tcg_set_insn_param() tcg call instead of directly peeking/poking into tcg structures. This same mechanism can be used in the AArch64 translator. Any thoughts on this approach? Or ideas on better options to achieve this? Best regards, Edgar Edgar E. Iglesias (2): tcg: Add tcg_set_insn_param gen-icount: Use tcg_set_insn_param include/exec/gen-icount.h | 16 tcg/tcg.h | 6 ++ 2 files changed, 14 insertions(+), 8 deletions(-) -- 1.9.1
Re: [Qemu-devel] [PATCH] ether/slirp: Avoid redefinition of the same constants
Dr. David Alan Gilbert (git) writes:
> From: "Dr. David Alan Gilbert"
>
> eth.h and slirp.h both define ETH_ALEN and ETH_P_IP
> rtl8139.c and eth.h both define ETH_HLEN
>
> Move the related constant (ETH_P_ARP) from slirp.h to eth.h, and
> remove the duplicates; make slirp.h include eth.h
Reviewed-by: Alex Bennée
>
> Signed-off-by: Dr. David Alan Gilbert
> ---
> hw/net/rtl8139.c | 1 -
> include/net/eth.h | 4 +++-
> slirp/slirp.h | 7 +--
> 3 files changed, 4 insertions(+), 8 deletions(-)
>
> diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
> index 68e43f3..d192d57 100644
> --- a/hw/net/rtl8139.c
> +++ b/hw/net/rtl8139.c
> @@ -74,7 +74,6 @@
> ( ( input ) & ( size - 1 ) )
>
> #define ETHER_TYPE_LEN 2
> -#define ETH_HLEN (ETH_ALEN * 2 + ETHER_TYPE_LEN)
> #define ETH_MTU 1500
>
> #define VLAN_TCI_LEN 2
> diff --git a/include/net/eth.h b/include/net/eth.h
> index b3273b8..84384fe 100644
> --- a/include/net/eth.h
> +++ b/include/net/eth.h
> @@ -32,6 +32,7 @@
> #include "qemu/iov.h"
>
> #define ETH_ALEN 6
> +#define ETH_HLEN 14
>
> struct eth_header {
> uint8_t h_dest[ETH_ALEN]; /* destination eth addr */
> @@ -170,7 +171,8 @@ struct tcp_hdr {
> #define IP_HEADER_VERSION(ip) \
> ((ip->ip_ver_len >> 4)&0xf)
>
> -#define ETH_P_IP (0x0800)
> +#define ETH_P_IP (0x0800) /* Internet Protocol packet
> */
> +#define ETH_P_ARP (0x0806) /* Address Resolution packet
> */
> #define ETH_P_IPV6(0x86dd)
> #define ETH_P_VLAN(0x8100)
> #define ETH_P_DVLAN (0x88a8)
> diff --git a/slirp/slirp.h b/slirp/slirp.h
> index 6589d7e..ec0a4c2 100644
> --- a/slirp/slirp.h
> +++ b/slirp/slirp.h
> @@ -135,6 +135,7 @@ void free(void *ptr);
>
> #include "qemu/queue.h"
> #include "qemu/sockets.h"
> +#include "net/eth.h"
>
> #include "libslirp.h"
> #include "ip.h"
> @@ -158,12 +159,6 @@ void free(void *ptr);
> #include "bootp.h"
> #include "tftp.h"
>
> -#define ETH_ALEN 6
> -#define ETH_HLEN 14
> -
> -#define ETH_P_IP 0x0800/* Internet Protocol packet */
> -#define ETH_P_ARP 0x0806/* Address Resolution packet */
> -
> #define ARPOP_REQUEST 1 /* ARP request */
> #define ARPOP_REPLY 2 /* ARP reply */
--
Alex Bennée
Re: [Qemu-devel] [PATCH 1/2] nbd: Interface tweak of nbd_client_new
On Wed, Dec 30, 2015 at 01:49:25PM +0800, Fam Zheng wrote:
> In preparation for an async implementation, introduce a callback and
> move the shutdown/close to the function.
>
> Signed-off-by: Fam Zheng
> ---
> blockdev-nbd.c | 5 ++---
> include/block/nbd.h | 6 --
> nbd.c | 20 +++-
> qemu-nbd.c | 16 +---
> 4 files changed, 30 insertions(+), 17 deletions(-)
>
> diff --git a/blockdev-nbd.c b/blockdev-nbd.c
> index bcdd18b..f708e0f 100644
> --- a/blockdev-nbd.c
> +++ b/blockdev-nbd.c
> @@ -27,9 +27,8 @@ static void nbd_accept(void *opaque)
> socklen_t addr_len = sizeof(addr);
>
> int fd = accept(server_fd, (struct sockaddr *)&addr, &addr_len);
> -if (fd >= 0 && !nbd_client_new(NULL, fd, nbd_client_put)) {
> -shutdown(fd, 2);
> -close(fd);
> +if (fd >= 0) {
> +nbd_client_new(NULL, fd, nbd_client_put, NULL);
> }
> }
>
> diff --git a/include/block/nbd.h b/include/block/nbd.h
> index 65f409d..11194e0 100644
> --- a/include/block/nbd.h
> +++ b/include/block/nbd.h
> @@ -98,8 +98,10 @@ NBDExport *nbd_export_find(const char *name);
> void nbd_export_set_name(NBDExport *exp, const char *name);
> void nbd_export_close_all(void);
>
> -NBDClient *nbd_client_new(NBDExport *exp, int csock,
> - void (*close)(NBDClient *));
> +typedef void (*NBDClientNewCB)(NBDExport *exp, int csock, int ret);
> +void nbd_client_new(NBDExport *exp, int csock,
> +void (*close_fn)(NBDClient *),
> +NBDClientNewCB cb);
> void nbd_client_get(NBDClient *client);
> void nbd_client_put(NBDClient *client);
>
> diff --git a/nbd.c b/nbd.c
> index b3d9654..bcb79d4 100644
> --- a/nbd.c
> +++ b/nbd.c
> @@ -1475,9 +1475,13 @@ static void nbd_update_can_read(NBDClient *client)
> }
> }
>
> -NBDClient *nbd_client_new(NBDExport *exp, int csock,
> - void (*close)(NBDClient *))
> +/* Create and initialize a new client. If it fails, @csock is closed.
> + * cb will be called with the status code when done. */
> +void nbd_client_new(NBDExport *exp, int csock,
> +void (*close_fn)(NBDClient *),
> +NBDClientNewCB cb)
> {
> +int ret = 0;
> NBDClient *client;
> client = g_malloc0(sizeof(NBDClient));
> client->refcount = 1;
> @@ -1485,10 +1489,13 @@ NBDClient *nbd_client_new(NBDExport *exp, int csock,
> client->sock = csock;
> client->can_read = true;
> if (nbd_send_negotiate(client)) {
> +shutdown(csock, 2);
> +close(csock);
> g_free(client);
> -return NULL;
> +ret = -1;
> +goto out;
If you simply make this failure code branch call close_fn() then I
think you can adding needing the new NBDClientNewCB entirely if
> diff --git a/qemu-nbd.c b/qemu-nbd.c
> index 65dc30c..bdec228 100644
> --- a/qemu-nbd.c
> +++ b/qemu-nbd.c
> @@ -319,6 +319,14 @@ static void nbd_client_closed(NBDClient *client)
> nbd_client_put(client);
> }
>
> +static void nbd_client_new_cb(NBDExport *exp, int fd, int ret)
> +{
> +if (ret == 0) {
> +nb_fds++;
> +nbd_update_server_fd_handler(server_fd);
> +}
> +}
> +
> static void nbd_accept(void *opaque)
> {
> struct sockaddr_in addr;
> @@ -335,13 +343,7 @@ static void nbd_accept(void *opaque)
> return;
> }
>
> -if (nbd_client_new(exp, fd, nbd_client_closed)) {
> -nb_fds++;
> -nbd_update_server_fd_handler(server_fd);
> -} else {
> -shutdown(fd, 2);
> -close(fd);
> -}
> +nbd_client_new(exp, fd, nbd_client_closed, nbd_client_new_cb);
...you make this do
nb_fds++;
nbd_update_server_fd_handler(server_fd);
nbd_client_new(exp, fd, nbd_client_closed, nbd_client_new_cb);
ie, you once guarantee that *every* invocation of nbd_client_new()
will eventually lead to a call to 'nbd_client_closed', you can
unconditionally increment nb_fds before calling nbd_client_new.
This has the added benefit in that the 'nb_fds' count now takes
account of client connections that are in the negotiate phase,
whereas your approach allows for an unlimited number of clients
to be in the negotiate phase, only limiting them post-negotiate
Regards,
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
Re: [Qemu-devel] [PULL 00/59] acpi dsdt rework, misc fixes
On 8 January 2016 at 15:08, Michael S. Tsirkin wrote: > The following changes since commit 6bb9ead762bf749af11ea225fc2a74db1b93c105: > > Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160108-1' into > staging (2016-01-08 12:50:19 +) > > are available in the git repository at: > > git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream > > for you to fetch changes up to 88e6cd937bc5dd4b972aaee18b6adc92b33b46c6: > > virtio: fix error message for number of queues (2016-01-08 16:01:40 +0200) > > > acpi dsdt rework, misc fixes > > This completes the dsdt rewrite, and includes misc fixes all over the place. > > Signed-off-by: Michael S. Tsirkin Still fails to build on w32 for the same reason: /home/petmay01/linaro/qemu-for-merges/hw/acpi/memory_hotplug_acpi_table.c: In function ‘build_memory_hotplug_aml’: /home/petmay01/linaro/qemu-for-merges/hw/acpi/memory_hotplug_acpi_table.c:148: warning: integer constant is too large for ‘long’ type /home/petmay01/linaro/qemu-for-merges/hw/acpi/memory_hotplug_acpi_table.c:149: warning: integer constant is too large for ‘long’ type thanks -- PMM
Re: [Qemu-devel] [PATCH] arm64: kernel: fix PMUv3 registers unconditional access
On Fri, Jan 08, 2016 at 03:33:00PM +, Will Deacon wrote: [...] > > /* EL2 debug */ > > + mrs x0, id_aa64dfr0_el1 // Check ID_AA64DFR0_EL1 PMUVer > > + ubfxx0, x0, #8, #4 > > + cmp x0, #1 > > + b.ne4f // Skip if no PMUv3 present > > This will fail if and when PMUVer gets newer revisions of the PMU > architecture (e.g. value 2 to indicate some extended PMU). It looks like > we should be treating it as a signed 4-bit field, so we can use sbfx to > extract a signed value and then we know the PMU is not present if the > value is (signed) less than 1. Sorry about that. Updated patch below, hopefully this time I have got it right (I restested on Juno and QEMU and kept Guenter tested-by tag). Please let me know. Thanks, Lorenzo -- >8 -- Subject: [PATCH] arm64: kernel: fix PMUv3 registers unconditional access The Performance Monitors extension is an optional feature of the AArch64 architecture, therefore, in order to access Performance Monitors registers safely, the kernel should detect the PMUv3 unit presence through the ID_AA64DFR0_EL1 register PMUVer field before accessing them. This patch implements a guard by reading the ID_AA64DFR0_EL1 register PMUVer field to detect the PMUv3 presence and prevent accessing PMUv3 system registers if the Performance Monitors extension is not implemented in the core. Signed-off-by: Lorenzo Pieralisi Reported-by: Guenter Roeck Tested-by: Guenter Roeck Cc: Will Deacon Cc: Peter Maydell Cc: Mark Rutland --- arch/arm64/kernel/head.S| 5 + arch/arm64/mm/proc-macros.S | 12 arch/arm64/mm/proc.S| 4 ++-- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S index 23cfc08..b685257 100644 --- a/arch/arm64/kernel/head.S +++ b/arch/arm64/kernel/head.S @@ -512,9 +512,14 @@ CPU_LE(movkx0, #0x30d0, lsl #16) // Clear EE and E0E on LE systems #endif /* EL2 debug */ + mrs x0, id_aa64dfr0_el1 // Check ID_AA64DFR0_EL1 PMUVer + sbfxx0, x0, #8, #4 + cmp x0, #1 + b.lt4f // Skip if no PMU present mrs x0, pmcr_el0// Disable debug access traps ubfxx0, x0, #11, #5 // to EL2 and allow access to msr mdcr_el2, x0// all PMU counters from EL1 +4: /* Stage-2 translation */ msr vttbr_el2, xzr diff --git a/arch/arm64/mm/proc-macros.S b/arch/arm64/mm/proc-macros.S index 4c4d93c..d69dfff 100644 --- a/arch/arm64/mm/proc-macros.S +++ b/arch/arm64/mm/proc-macros.S @@ -62,3 +62,15 @@ bfi \valreg, \tmpreg, #TCR_T0SZ_OFFSET, #TCR_TxSZ_WIDTH #endif .endm + +/* + * reset_pmuserenr_el0 - reset PMUSERENR_EL0 if PMUv3 present + */ + .macro reset_pmuserenr_el0, tmpreg + mrs \tmpreg, id_aa64dfr0_el1// Check ID_AA64DFR0_EL1 PMUVer + sbfx\tmpreg, \tmpreg, #8, #4 + cmp \tmpreg, #1 // Skip if no PMU present + b.lt9000f + msr pmuserenr_el0, xzr // Disable PMU access from EL0 +9000: + .endm diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 9c4dce3..b8f04b3 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -117,7 +117,7 @@ ENTRY(cpu_do_resume) */ ubfxx11, x11, #1, #1 msr oslar_el1, x11 - msr pmuserenr_el0, xzr // Disable PMU access from EL0 + reset_pmuserenr_el0 x0 // Disable PMU access from EL0 mov x0, x12 dsb nsh // Make sure local tlb invalidation completed isb @@ -156,7 +156,7 @@ ENTRY(__cpu_setup) msr cpacr_el1, x0 // Enable FP/ASIMD mov x0, #1 << 12// Reset mdscr_el1 and disable msr mdscr_el1, x0 // access to the DCC from EL0 - msr pmuserenr_el0, xzr // Disable PMU access from EL0 + reset_pmuserenr_el0 x0 // Disable PMU access from EL0 /* * Memory region attributes for LPAE: * -- 2.5.1
Re: [Qemu-devel] [PATCH] Add optionrom compatible with fw_cfg DMA version
On 08/01/2016 17:05, Marc Marí wrote: >> > Do you even need to go to 32-bit mode? The only reason to do so in >> > the original ROM was to do a "rep insb" above 1 GB, but here fw_cfg >> > can do DMA to high addresses for you. > There's no need of course. I was looking at the original ROM and I did > not think this through. Nice, this should make the code much simpler! Paolo
Re: [Qemu-devel] [PATCH 1/5] migration: split hmp_savevm to do_savevm and hmp_savevm wrapper
On 01/08/2016 04:27 AM, Denis V. Lunev wrote:
>>> /* Delete old snapshots of the same name */
>>> if (name && bdrv_all_delete_snapshot(name, &bs1, &local_err) <
>>> 0) {
>>> -monitor_printf(mon,
>>> - "Error while deleting snapshot on device
>>> '%s': %s\n",
>>> - bdrv_get_device_name(bs1),
>>> error_get_pretty(local_err));
>>> +error_setg(errp, "Error while deleting snapshot on device
>>> '%s': %s",
>>> + bdrv_get_device_name(bs1),
>>> error_get_pretty(local_err));
>> Markus' series to add a prefixing notation would be better to use here
>> (although I didn't check if he caught this one in that series already):
>> https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03495.html
>
> this series is not yet merged. I think that we could do this refactoring
> later on.
> This thing could be considered independent. Anyway, this series has its
> own value
> and it takes a lot of time to push it in. Could we do error setting
> improvement later on?
I don't care who rebases on top of the other, but maybe Markus will have
an opinion when he gets back online next week.
>>> +
>>> +if (local_err != NULL) {
>> I would have just written 'if (local_err) {'; but that's minor style.
> from my point of view explicit != NULL exposes that local_err is a
> pointer rather than a boolean value.
But the code base already overwhelmingly relies on C's implicit
conversion of pointer to a boolean context, as it requires less typing;
being verbose doesn't make the code base any easier to read. However,
since HACKING doesn't say one way or the other, I won't make you change.
--
Eric Blake eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
Re: [Qemu-devel] [PATCH 5/6] nvdimm acpi: let qemu handle _DSM method
On Fri, 8 Jan 2016 12:01:54 +0800 Xiao Guangrong wrote: > On 01/07/2016 10:22 PM, Igor Mammedov wrote: > > On Tue, 5 Jan 2016 02:52:07 +0800 > > Xiao Guangrong wrote: > > > >> If dsm memory is successfully patched, we let qemu fully emulate > >> the dsm method > >> > >> This patch saves _DSM input parameters into dsm memory, tell dsm > >> memory address to QEMU, then fetch the result from the dsm memory > > you also need to add NVDR._CRS method that would report > > resources used by operation regions. > > I can not understand this point, why we need to report the resource > of OperationRegion? It is ACPI internally used anyway. so that OSPM could see that particular range is in use and be able to notice conflicts if it happens some day. > > > > > NVDIMM_COMMON_DSM - probably should be serialized, otherwise > > there is a race risk, when several callers would write to > > control region. > > Yes, i did it in patch 6/6, but definitely i should more it to here. >
Re: [Qemu-devel] [PATCH] Add optionrom compatible with fw_cfg DMA version
On Fri, 8 Jan 2016 16:54:07 +0100
Paolo Bonzini wrote:
>
>
> On 08/01/2016 15:58, Marc Marí wrote:
> >
> > +static inline uint16_t readw_addr32(const void *addr) {
> > +uint16_t val;
> > +asm("addr32 movw %1, %0" : "=r"(val) : "g"(addr));
> > +barrier();
> > +return val;
> > +}
> > +
>
> Does SeaBIOS ensure that DS base is zero here?
DS = CS:
" movw %cs, %ax\n"
" movw %ax, %ds\n"
At the beginning of the ROM.
> > +static void transition32(void)
> > +{
> > +extern void *gdt;
> > +uint32_t data_segment;
> > +struct length_addr rombios_gdt;
> > +
> > +data_segment = read_ds();
> > +rombios_gdt.addr = (uint32_t)((data_segment << 4) +
> > (uint32_t)(&gdt));
> > +rombios_gdt.length = (3 * 8) - 1;
> > +
> > +/* Load GDT */
> > +asm("data32 lgdt %0" : : "m"(rombios_gdt): "memory");
> > +
> > + /* Get us to protected mode and set ES to a 32 bit segment
> > */
> > +asm("mov $1, %%eax\n"
> > +"mov %%eax, %%cr0\n"
> > +"mov $0x10, %%eax\n"
> > +"mov %%eax, %%es\n"
> > +: : : "eax");
> > +
> > +/* We're now running in 16-bit CS, but 32-bit ES! */
> > +}
>
> Do you even need to go to 32-bit mode? The only reason to do so in
> the original ROM was to do a "rep insb" above 1 GB, but here fw_cfg
> can do DMA to high addresses for you.
There's no need of course. I was looking at the original ROM and I did
not think this through.
Thanks for your comments
Marc
Re: [Qemu-devel] [PATCH 1/6] virtio-net: use the backend cross-endian capabilities
On Fri, 8 Jan 2016 16:25:18 +0100
Laurent Vivier wrote:
>
>
> On 08/01/2016 15:19, Greg Kurz wrote:
> > On Thu, 7 Jan 2016 19:32:37 +0100
> > Laurent Vivier wrote:
> >>
> >
> > Sorry for the late answer to this one, I got diverted :)
> >
> >>
> >> On 07/01/2016 12:32, Greg Kurz wrote:
> >>> When running a fully emulated device in cross-endian conditions, including
> >>> a virtio 1.0 device offered to a big endian guest, we need to fix the vnet
> >>> headers. This is currently handled by the virtio_net_hdr_swap() function
> >>> in the core virtio-net code but it should actually be handled by the net
> >>> backend.
> >>>
> >>> With this patch, virtio-net now tries to configure the backend to do the
> >>> endian fixing when the device starts. If the backend cannot support the
> >>> requested endiannes, we have to fall back on virtio_net_hdr_swap(): this
> >>> is recorded in the needs_vnet_hdr_swap flag, to be used in the TX and RX
> >>> paths.
> >>>
> >>> The current vhost-net code also tries to configure net backends. This will
> >>> be no more needed and will be addressed in a subsequent patch.
> >>>
> >>> Signed-off-by: Greg Kurz
> >>> ---
> >>> hw/net/virtio-net.c| 33 +++--
> >>> include/hw/virtio/virtio-net.h |1 +
> >>> 2 files changed, 32 insertions(+), 2 deletions(-)
> >>>
> >>> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> >>> index a877614e3e7a..d4cc94ea5e55 100644
> >>> --- a/hw/net/virtio-net.c
> >>> +++ b/hw/net/virtio-net.c
> >>> @@ -152,6 +152,31 @@ static void virtio_net_vhost_status(VirtIONet *n,
> >>> uint8_t status)
> >>> }
> >>> }
> >>>
> >>> +static void virtio_net_vnet_status(VirtIONet *n, uint8_t status)
> >>> +{
> >>> +VirtIODevice *vdev = VIRTIO_DEVICE(n);
> >>> +NetClientState *peer = qemu_get_queue(n->nic)->peer;
> >>> +
> >>> +if (virtio_net_started(n, status)) {
> >>> +int r;
> >>> +
> >>> +if (virtio_is_big_endian(vdev)) {
> >>> +r = qemu_set_vnet_be(peer, true);
> >>> +} else {
> >>> +r = qemu_set_vnet_le(peer, true);
> >>> +}
> >>> +
> >>> +n->needs_vnet_hdr_swap = !!r;
> >>> +} else if (virtio_net_started(n, vdev->status) &&
> >>> + !virtio_net_started(n, status)) {
> >>> +if (virtio_is_big_endian(vdev)) {
> >>> +qemu_set_vnet_be(peer, false);
> >>> +} else {
> >>> +qemu_set_vnet_le(peer, false);
> >>> +}
> >>> +}
> >>> +}
> >>
> >> Could you explain why check 'virtio_net_started(n, status)' and then
> >> 'virtio_net_started(n, vdev->status)' ?
> >>
> >
> > Before using the device, we need to inform the network backend about
> > the endianness to use when parsing vnet headers. We do this when the
> > driver activates the device (DRIVER_OK). This is the first check.
> >
> > After using the device, we need to reset the network backend to the
> > default (guest native endianness), otherwise the guest may loose network
> > connectivity if it is rebooted into a different endianness. We do this
> > when the driver deactivates the device (no DRIVER_OK). The second check
> > ensures the device was active before: if we don't check that, the 'else'
> > branch would be executed each time the driver updates the status with
> > something not containing DRIVER_OK... :-\
> >
> >> Why qemu_set_vnet_[bl]e() use "true" in the first case and "false" in
> >> the second case ?
> >>
> >
> > "true" tells the backend to enforce the corresponding endianness.
> > "false" tells the backed to reset to the default (guest native endianness).
> >
> >> Why don't you store the result (r) in the second case ?
> >>
> >
> > Because @needs_vnet_hdr_swap is only being used when the device is active.
> >
> > Thank you for the time you spent on reviewing this series !
>
> Thank you for the details, it's clear now.
> Perhaps this can be added in the commit log or in some comments ?
>
I realized when writing the mail that this is non-trivial indeed. I'm
currently adding comments and updating the changelog :)
> > Bonne Annee !
>
> Bonne Année ;)
> Laurent
>
> > --
> > Greg
> >
> >>> static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t
> >>> status)
> >>> {
> >>> VirtIONet *n = VIRTIO_NET(vdev);
> >>> @@ -159,6 +184,7 @@ static void virtio_net_set_status(struct VirtIODevice
> >>> *vdev, uint8_t status)
> >>> int i;
> >>> uint8_t queue_status;
> >>>
> >>> +virtio_net_vnet_status(n, status);
> >>> virtio_net_vhost_status(n, status);
> >>>
> >>> for (i = 0; i < n->max_queues; i++) {
> >>> @@ -957,7 +983,10 @@ static void receive_header(VirtIONet *n, const
> >>> struct iovec *iov, int iov_cnt,
> >>> void *wbuf = (void *)buf;
> >>> work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
> >>> size - n->host_hdr_len);
> >>> -virtio_net_hdr_swap(VIRTIO_DEVICE(n), wbuf);
> >>> +
Re: [Qemu-devel] How to reserve guest physical region for ACPI
On Fri, 8 Jan 2016 12:21:09 +0800
Xiao Guangrong wrote:
> On 01/07/2016 05:21 PM, Igor Mammedov wrote:
> > On Wed, 6 Jan 2016 01:07:45 +0800
> > Xiao Guangrong wrote:
> >
> >> On 01/06/2016 12:43 AM, Michael S. Tsirkin wrote:
> >>
> > Yes - if address is static, you need to put it outside
> > the table. Can come right before or right after this.
> >
> >> Also if OperationRegion() is used, then one has to patch
> >> DefOpRegion directly as RegionOffset must be Integer,
> >> using variable names is not permitted there.
> >
> > I am not sure the comment was understood correctly.
> > The comment says really "we can't use DataTableRegion
> > so here is an alternative".
> so how are you going to access data at which patched
> NameString point to?
> for that you'd need a normal patched OperationRegion
> as well since DataTableRegion isn't usable.
> >>>
> >>> For VMGENID you would patch the method that
> >>> returns the address - you do not need an op region
> >>> as you never access it.
> >>>
> >>> I don't know about NVDIMM. Maybe OperationRegion can
> >>> use the patched NameString? Will need some thought.
> >>
> >> The ACPI spec says that the offsetTerm in OperationRegion
> >> is evaluated as Int, so the named object is allowed to be
> >> used in OperationRegion, that is exact what my patchset
> >> is doing (http://marc.info/?l=kvm&m=145193395624537&w=2):
> > that's not my reading of spec:
> > "
> > DefOpRegion := OpRegionOp NameString RegionSpace RegionOffset RegionLen
> > RegionOffset := TermArg => Integer
> > TermArg := Type2Opcode | DataObject | ArgObj | LocalObj
> > "
> >
> > Named object is not allowed per spec, but you've used ArgObj which is
> > allowed, even Windows ok with such dynamic OperationRegion.
>
> Sorry, Named object i was talking about is something like this:
> Name("SOTH", int(0x1))
>
> I am checking acpi spec, and this is a formal NamedObj definition in
> that spec, my fault.
>
> >
> >>
> >> +dsm_mem = aml_arg(3);
> >> +aml_append(method, aml_store(aml_call0(NVDIMM_GET_DSM_MEM), dsm_mem));
> >>
> >> +aml_append(method, aml_operation_region("NRAM", AML_SYSTEM_MEMORY,
> >> +dsm_mem, TARGET_PAGE_SIZE));
> >>
> >> We hide the int64 object which is patched by BIOS in the method,
> >> NVDIMM_GET_DSM_MEM, to make windows XP happy.
> > considering that NRAM is allocated in low mem it's even fine to move
> > OperationRegion into object scope to get rid of IASL warnings
> > about declariong Named object inside method, but the you'd need to
> > patch it directly as the only choice for RegionOffset would be DataObject
> >
>
> Yes, it is. So it is depends on the question in my reply of another thread:
> http://marc.info/?l=kvm&m=145222487605390&w=2
> Can we assume that BIOS allocated address is always 32 bits?
>
> If yes, we also need not make ssdt as v2.
For SeaBIOS it's so for now.
[Qemu-devel] [RFC PATCH 1/2] softmmu_template: add smmu_helper, convert VICTIM_TLB_HIT
This lays the ground work for a re-factoring of the softmmu template
code. The patch introduces inline "smmu_helper" functions where
common (or almost common) code can be placed. Arguments that the
compiler picks up as constant can then be used to eliminate legs of code
in the inline fragments.
There is a minor wrinkle that we need to use a unique name for each
inline fragment as the template is included multiple times. For this the
smmu_helper macro does the appropriate glue magic.
I've tested the result with no change to functionality. Comparing the
the objdump of cputlb.o shows minimal changes in probe_write and
everything else is identical.
TODO: explain probe_write changes
Signed-off-by: Alex Bennée
---
softmmu_template.h | 75 +-
1 file changed, 46 insertions(+), 29 deletions(-)
diff --git a/softmmu_template.h b/softmmu_template.h
index 6803890..0074bd7 100644
--- a/softmmu_template.h
+++ b/softmmu_template.h
@@ -116,30 +116,47 @@
# define helper_te_st_name helper_le_st_name
#endif
-/* macro to check the victim tlb */
-#define VICTIM_TLB_HIT(ty)\
-({\
-/* we are about to do a page table walk. our last hope is the \
- * victim tlb. try to refill from the victim tlb before walking the \
- * page table. */ \
-int vidx; \
-CPUIOTLBEntry tmpiotlb; \
-CPUTLBEntry tmptlb; \
-for (vidx = CPU_VTLB_SIZE-1; vidx >= 0; --vidx) { \
-if (env->tlb_v_table[mmu_idx][vidx].ty == (addr & TARGET_PAGE_MASK)) {\
-/* found entry in victim tlb, swap tlb and iotlb */ \
-tmptlb = env->tlb_table[mmu_idx][index]; \
-env->tlb_table[mmu_idx][index] = env->tlb_v_table[mmu_idx][vidx]; \
-env->tlb_v_table[mmu_idx][vidx] = tmptlb; \
-tmpiotlb = env->iotlb[mmu_idx][index];\
-env->iotlb[mmu_idx][index] = env->iotlb_v[mmu_idx][vidx]; \
-env->iotlb_v[mmu_idx][vidx] = tmpiotlb; \
-break;\
-} \
-} \
-/* return true when there is a vtlb hit, i.e. vidx >=0 */ \
-vidx >= 0;\
-})
+/* Inline helper functions for SoftMMU
+ *
+ * These functions help reduce code duplication in the various main
+ * helper functions. Constant arguments (like endian state) will allow
+ * the compiler to skip code which is never called in a given inline.
+ */
+
+#define smmu_helper(name) glue(glue(glue(_smmu_helper_, SUFFIX),
MMUSUFFIX),name)
+
+static inline int smmu_helper(victim_tlb_hit) (const bool is_read,
CPUArchState *env,
+ unsigned mmu_idx, int index,
+ target_ulong addr)
+{
+/* we are about to do a page table walk. our last hope is the
+ * victim tlb. try to refill from the victim tlb before walking the
+ * page table. */
+int vidx;
+CPUIOTLBEntry tmpiotlb;
+CPUTLBEntry tmptlb;
+for (vidx = CPU_VTLB_SIZE-1; vidx >= 0; --vidx) {
+bool match;
+if (is_read) {
+match = env->tlb_v_table[mmu_idx][vidx].ADDR_READ == (addr &
TARGET_PAGE_MASK);
+} else {
+match = env->tlb_v_table[mmu_idx][vidx].addr_write == (addr &
TARGET_PAGE_MASK);
+}
+
+if (match) {
+/* found entry in victim tlb, swap tlb and iotlb */
+tmptlb = env->tlb_table[mmu_idx][index];
+env->tlb_table[mmu_idx][index] = env->tlb_v_table[mmu_idx][vidx];
+env->tlb_v_table[mmu_idx][vidx] = tmptlb;
+tmpiotlb = env->iotlb[mmu_idx][index];
+env->iotlb[mmu_idx][index] = env->iotlb_v[mmu_idx][vidx];
+env->iotlb_v[mmu_idx][vidx] = tmpiotlb;
+break;
+}
+}
+/* return true when there is a vtlb hit, i.e. vidx >=0 */
+return vidx >= 0;
+}
#ifndef SOFTMMU_CODE_ACCESS
static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState *env,
@@ -185,7 +202,7 @@ WORD_TYPE helper_le_ld_name(CPUArchState *env, target_ulong
addr,
cpu_unaligned_access(ENV_GET_CPU(env), addr, READ_ACCESS_TYPE,
mmu_idx, retaddr);
}
-if (!VICTIM_TLB_HIT(ADDR_READ)) {
+if (!smmu_helper(vi
Re: [Qemu-devel] [PATCH] Add optionrom compatible with fw_cfg DMA version
On 08/01/2016 15:58, Marc Marí wrote:
>
> +static inline uint16_t readw_addr32(const void *addr) {
> +uint16_t val;
> +asm("addr32 movw %1, %0" : "=r"(val) : "g"(addr));
> +barrier();
> +return val;
> +}
> +
Does SeaBIOS ensure that DS base is zero here?
> +static void transition32(void)
> +{
> +extern void *gdt;
> +uint32_t data_segment;
> +struct length_addr rombios_gdt;
> +
> +data_segment = read_ds();
> +rombios_gdt.addr = (uint32_t)((data_segment << 4) + (uint32_t)(&gdt));
> +rombios_gdt.length = (3 * 8) - 1;
> +
> +/* Load GDT */
> +asm("data32 lgdt %0" : : "m"(rombios_gdt): "memory");
> +
> + /* Get us to protected mode and set ES to a 32 bit segment */
> +asm("mov $1, %%eax\n"
> +"mov %%eax, %%cr0\n"
> +"mov $0x10, %%eax\n"
> +"mov %%eax, %%es\n"
> +: : : "eax");
> +
> +/* We're now running in 16-bit CS, but 32-bit ES! */
> +}
Do you even need to go to 32-bit mode? The only reason to do so in the
original ROM was to do a "rep insb" above 1 GB, but here fw_cfg can do
DMA to high addresses for you.
Paolo
[Qemu-devel] [RFC PATCH 2/2] softmmu: simplify helper_*_st_name with smmu_helper(do_unl_store)
From: Alvise Rigo
Attempting to simplify the helper_*_st_name, wrap the
do_unaligned_access code into an shared inline function. As this also
removes the goto statement the inline code is expanded twice in each
helper.
Suggested-by: Jani Kokkonen
Suggested-by: Claudio Fontana
CC: Alvise Rigo
Signed-off-by: Alex Bennée
---
v2
- based on original patch from Alvise
- uses a single shared inline function to reduce duplication
---
softmmu_template.h | 75 --
1 file changed, 39 insertions(+), 36 deletions(-)
diff --git a/softmmu_template.h b/softmmu_template.h
index 0074bd7..ac0b4ac 100644
--- a/softmmu_template.h
+++ b/softmmu_template.h
@@ -159,6 +159,39 @@ static inline int smmu_helper(victim_tlb_hit) (const bool
is_read, CPUArchState
}
#ifndef SOFTMMU_CODE_ACCESS
+
+static inline void smmu_helper(do_unl_store)(CPUArchState *env,
+ bool little_endian,
+ DATA_TYPE val,
+ target_ulong addr,
+ TCGMemOpIdx oi,
+ unsigned mmu_idx,
+ uintptr_t retaddr)
+{
+int i;
+
+if ((get_memop(oi) & MO_AMASK) == MO_ALIGN) {
+cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE,
+ mmu_idx, retaddr);
+}
+/* Note: relies on the fact that tlb_fill() does not remove the
+ * previous page from the TLB cache. */
+for (i = DATA_SIZE - 1; i >= 0; i--) {
+uint8_t val8;
+if (little_endian) {
+/* Little-endian extract. */
+val8 = val >> (i * 8);
+} else {
+/* Big-endian extract. */
+val8 = val >> (((DATA_SIZE - 1) * 8) - (i * 8));
+}
+/* Note the adjustment at the beginning of the function.
+ Undo that for the recursion. */
+glue(helper_ret_stb, MMUSUFFIX)(env, addr + i, val8,
+oi, retaddr + GETPC_ADJ);
+}
+}
+
static inline DATA_TYPE glue(io_read, SUFFIX)(CPUArchState *env,
CPUIOTLBEntry *iotlbentry,
target_ulong addr,
@@ -416,7 +449,8 @@ void helper_le_st_name(CPUArchState *env, target_ulong
addr, DATA_TYPE val,
if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
CPUIOTLBEntry *iotlbentry;
if ((addr & (DATA_SIZE - 1)) != 0) {
-goto do_unaligned_access;
+smmu_helper(do_unl_store)(env, true, val, addr, oi, mmu_idx,
retaddr);
+return;
}
iotlbentry = &env->iotlb[mmu_idx][index];
@@ -431,23 +465,7 @@ void helper_le_st_name(CPUArchState *env, target_ulong
addr, DATA_TYPE val,
if (DATA_SIZE > 1
&& unlikely((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1
>= TARGET_PAGE_SIZE)) {
-int i;
-do_unaligned_access:
-if ((get_memop(oi) & MO_AMASK) == MO_ALIGN) {
-cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE,
- mmu_idx, retaddr);
-}
-/* XXX: not efficient, but simple */
-/* Note: relies on the fact that tlb_fill() does not remove the
- * previous page from the TLB cache. */
-for (i = DATA_SIZE - 1; i >= 0; i--) {
-/* Little-endian extract. */
-uint8_t val8 = val >> (i * 8);
-/* Note the adjustment at the beginning of the function.
- Undo that for the recursion. */
-glue(helper_ret_stb, MMUSUFFIX)(env, addr + i, val8,
-oi, retaddr + GETPC_ADJ);
-}
+smmu_helper(do_unl_store)(env, true, val, addr, oi, mmu_idx, retaddr);
return;
}
@@ -496,7 +514,8 @@ void helper_be_st_name(CPUArchState *env, target_ulong
addr, DATA_TYPE val,
if (unlikely(tlb_addr & ~TARGET_PAGE_MASK)) {
CPUIOTLBEntry *iotlbentry;
if ((addr & (DATA_SIZE - 1)) != 0) {
-goto do_unaligned_access;
+smmu_helper(do_unl_store)(env, false, val, addr, oi, mmu_idx,
retaddr);
+return;
}
iotlbentry = &env->iotlb[mmu_idx][index];
@@ -511,23 +530,7 @@ void helper_be_st_name(CPUArchState *env, target_ulong
addr, DATA_TYPE val,
if (DATA_SIZE > 1
&& unlikely((addr & ~TARGET_PAGE_MASK) + DATA_SIZE - 1
>= TARGET_PAGE_SIZE)) {
-int i;
-do_unaligned_access:
-if ((get_memop(oi) & MO_AMASK) == MO_ALIGN) {
-cpu_unaligned_access(ENV_GET_CPU(env), addr, MMU_DATA_STORE,
- mmu_idx, retaddr);
-}
-/* XXX: not efficient, but simple */
-/* Note: relies on the fact that tlb_fill() does not remove the
- * previous page
[Qemu-devel] [RFC PATCH 0/2] Attempt to clean-up softmmu templates
Hi, While reviewing Alvise's LL/SC patches we were discussing how to avoid duplication in some of the re-factoring work. The softmmu_template.h code has a lot of duplication in due to BE and LE helpers. By pushing code into an inline helper we can let the compiler do the hard work of optimising away un-used branches but still keep broadly the same generated code. The VICTIM_TLB_HIT conversion was a proof of concept which only slightly changes the code ordering in probe_write. The do_unl_store() conversion changes a bit more as removing the goto means the code is inlined twice. This can be fixed. If this RFC seems a sane way to go then I can look at properly re-factoring the code to remove duplication and maybe make the code easier to follow and experiment with as well. Alex Bennée (1): softmmu_template: add smmu_helper, convert VICTIM_TLB_HIT Alvise Rigo (1): softmmu: simplify helper_*_st_name with smmu_helper(do_unl_store) softmmu_template.h | 150 ++--- 1 file changed, 85 insertions(+), 65 deletions(-) -- 2.6.4
[Qemu-devel] [PATCH] serial: transmit within the programmed baud rate
Code for throttling the serial port was removed by upstream commit fcfb4d6
("serial: add flow control to transmit", 2013-03-05). Add it back.
The only non-obvious change is that tsr_retry can now become nonzero
also in loopback mode, so the assignment is moved out of the "if".
Signed-off-by: Paolo Bonzini
---
hw/char/serial.c | 47 ++-
include/hw/char/serial.h | 1 +
2 files changed, 43 insertions(+), 5 deletions(-)
diff --git a/hw/char/serial.c b/hw/char/serial.c
index 513d73c..d96ec4f 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -222,6 +222,7 @@ static void serial_update_msl(SerialState *s)
static gboolean serial_xmit(GIOChannel *chan, GIOCondition cond, void *opaque)
{
SerialState *s = opaque;
+uint64_t new_xmit_ts;
do {
assert(!(s->lsr & UART_LSR_TEMT));
@@ -244,6 +245,16 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition
cond, void *opaque)
}
}
+new_xmit_ts = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+
+/* Do not transmit faster than the desired baud rate. */
+if (new_xmit_ts < s->last_xmit_ts + s->char_transmit_time) {
+assert(s->tsr_retry <= 0);
+s->tsr_retry++;
+timer_mod(s->transmit_timer, s->last_xmit_ts +
s->char_transmit_time);
+return FALSE;
+}
+
if (s->mcr & UART_MCR_LOOP) {
/* in loopback mode, say that we just received a char */
serial_receive1(s, &s->tsr, 1);
@@ -254,21 +265,26 @@ static gboolean serial_xmit(GIOChannel *chan,
GIOCondition cond, void *opaque)
s->tsr_retry++;
return FALSE;
}
-s->tsr_retry = 0;
-} else {
-s->tsr_retry = 0;
}
+s->tsr_retry = 0;
+s->last_xmit_ts = new_xmit_ts;
+
/* Transmit another byte if it is already available. It is only
possible when FIFO is enabled and not empty. */
} while (!(s->lsr & UART_LSR_THRE));
-s->last_xmit_ts = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
s->lsr |= UART_LSR_TEMT;
-
return FALSE;
}
+static void serial_xmit_timer_cb(void *opaque)
+{
+SerialState *s = opaque;
+
+serial_xmit(NULL, G_IO_OUT, s);
+}
+
/* Setter for FCR.
is_load flag means, that value is set while loading VM state
@@ -688,6 +704,23 @@ static const VMStateDescription vmstate_serial_tsr = {
}
};
+static bool serial_xmit_timer_needed(void *opaque)
+{
+SerialState *s = (SerialState *)opaque;
+return timer_pending(s->transmit_timer);
+}
+
+static const VMStateDescription vmstate_serial_xmit_timer = {
+.name = "serial/xmit_timer",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = serial_xmit_timer_needed,
+.fields = (VMStateField[]) {
+VMSTATE_TIMER_PTR(transmit_timer, SerialState),
+VMSTATE_END_OF_LIST()
+}
+};
+
static bool serial_recv_fifo_needed(void *opaque)
{
SerialState *s = (SerialState *)opaque;
@@ -803,6 +836,7 @@ const VMStateDescription vmstate_serial = {
&vmstate_serial_fifo_timeout_timer,
&vmstate_serial_timeout_ipending,
&vmstate_serial_poll,
+&vmstate_serial_xmit_timer,
NULL
}
};
@@ -828,6 +862,7 @@ static void serial_reset(void *opaque)
s->timeout_ipending = 0;
timer_del(s->fifo_timeout_timer);
timer_del(s->modem_status_poll);
+timer_del(s->transmit_timer);
fifo8_reset(&s->recv_fifo);
fifo8_reset(&s->xmit_fifo);
@@ -852,6 +887,7 @@ void serial_realize_core(SerialState *s, Error **errp)
s->modem_status_poll = timer_new_ns(QEMU_CLOCK_VIRTUAL, (QEMUTimerCB *)
serial_update_msl, s);
s->fifo_timeout_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, (QEMUTimerCB *)
fifo_timeout_int, s);
+s->transmit_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, (QEMUTimerCB *)
serial_xmit_timer_cb, s);
qemu_register_reset(serial_reset, s);
qemu_chr_add_handlers(s->chr, serial_can_receive1, serial_receive1,
@@ -863,6 +899,7 @@ void serial_realize_core(SerialState *s, Error **errp)
void serial_exit_core(SerialState *s)
{
+timer_del(s->transmit_timer);
qemu_chr_add_handlers(s->chr, NULL, NULL, NULL, NULL);
qemu_unregister_reset(serial_reset, s);
}
diff --git a/include/hw/char/serial.h b/include/hw/char/serial.h
index 15beb6b..9949ad0 100644
--- a/include/hw/char/serial.h
+++ b/include/hw/char/serial.h
@@ -68,6 +68,7 @@ struct SerialState {
QEMUTimer *fifo_timeout_timer;
int timeout_ipending; /* timeout interrupt pending state */
+QEMUTimer *transmit_timer;
uint64_t char_transmit_time;/* time to transmit a char in ticks */
int poll_msl;
--
2.5.0
Re: [Qemu-devel] [PATCH] arm64: kernel: fix PMUv3 registers unconditional access
Hi Lorenzo, On Fri, Jan 08, 2016 at 12:54:27PM +, Lorenzo Pieralisi wrote: > The Performance Monitors extension is an optional feature of the > AArch64 architecture, therefore, in order to access Performance > Monitors registers safely, the kernel should detect the PMUv3 unit > presence through the ID_AA64DFR0_EL1 register PMUVer field before > accessing them. > > This patch implements a guard by reading the ID_AA64DFR0_EL1 register > PMUVer field to detect the PMUv3 presence and prevent accessing PMUv3 > system registers if the Performance Monitors extension is not > implemented in the core. > > Signed-off-by: Lorenzo Pieralisi > Reported-by: Guenter Roeck > Cc: Will Deacon > Cc: Peter Maydell > Cc: Mark Rutland > --- > Based on arm64 for-next/perf branch. > > Tested on QEMU and Juno, I checked that the reported PMUVer field > is correct on both A57 and A53 (ie == 0x1), it should leave behaviour > unchanged on platforms implementing PMUv3. > > arch/arm64/kernel/head.S| 5 + > arch/arm64/mm/proc-macros.S | 12 > arch/arm64/mm/proc.S| 4 ++-- > 3 files changed, 19 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S > index 23cfc08..6146fea 100644 > --- a/arch/arm64/kernel/head.S > +++ b/arch/arm64/kernel/head.S > @@ -512,9 +512,14 @@ CPU_LE( movkx0, #0x30d0, lsl #16) // > Clear EE and E0E on LE systems > #endif > > /* EL2 debug */ > + mrs x0, id_aa64dfr0_el1 // Check ID_AA64DFR0_EL1 PMUVer > + ubfxx0, x0, #8, #4 > + cmp x0, #1 > + b.ne4f // Skip if no PMUv3 present This will fail if and when PMUVer gets newer revisions of the PMU architecture (e.g. value 2 to indicate some extended PMU). It looks like we should be treating it as a signed 4-bit field, so we can use sbfx to extract a signed value and then we know the PMU is not present if the value is (signed) less than 1. Will
Re: [Qemu-devel] Block I/O Tracing
Great summary Stefan. I think you are correct, and it is definitely non-trivial to get the accuracy of the trace as close as possible to real-world timings. Sometimes, like in the block driver IO responses or caching algorithm studies, having the IO trace of an application be 'close' enough could be still beneficial. I definitely agree with your statements, and I will start by checking first how blktrace does it. - Luis - Original Message - From: "Stefan Hajnoczi" To: "Luis Pabón" Cc: qemu-devel@nongnu.org Sent: Tuesday, December 22, 2015 10:21:52 PM Subject: Re: [Qemu-devel] Block I/O Tracing On Wed, Dec 16, 2015 at 12:37:39PM -0500, Luis Pabón wrote: > I am really interested in the following feature: > http://wiki.qemu.org/Features/Block/Todo#Trace_guest_block_I.2FO.2C_replay_with_qemu-io > . Is there any more information about this feature? Hi Luis, It's a useful idea but non-trivial to implement, I think. Often times when an I/O performance problem is reported: 1. Reproducing the poor performance is difficult due to the requirements of setting up the same VM and guest application on comparable storage hardware. Usually developers ask the bug reporter questions until the issue is narrowed down to essentially a microbenchmark that can easily be reproduced. This is really a funnel: only a fraction of cases makes it from the original bug report to a solution because the bug reporter or developer might give up during the back-and-forth stage of asking questions to narrow down the problem. 2. File system, volume manager, and operating system block layer developers need straightforward reproducible test cases that do not involve setting up a VM. It's hard to get a file system developer's attention if you ask them to set up a VM in the hopes of spotting a file system bug. 3. QEMU developers may implement performance optimizations which need to be evaluated against real-world I/O patterns. Again, if it takes too much effort setting up various VMs to benchmark against then less performance evaluation will end up being done. So the idea was to record I/O patterns from a real workload and then share them so others can replay them with qemu-io or fio (without running a VM). This is appealing because qemu-io and fio are small userspace programs that do not run a VM. They are much easier to run and analyze than QEMU. Unfortunately there are a few problems with the approach of replaying recorded I/O patterns: 1. Eliminating the VM also removes the storage controller emulation (e.g. virtio-blk) and its impact on performance. Some bottlenecks are related to the storage controller but they wouldn't be reproduced. 2. Eliminating the guest application that generates I/O makes it hard to replay the "think time" and dependencies between I/O requests. For example, a database application may submit a read request and a write request at the same time. When the write request completes it does some additional processing (the "think time" or delay before the next I/O request) and then submits a flush request. If you have a recorded I/O pattern it does not include the information that the flush request must happen n microseconds after the write request completes. So when you replay the I/O pattern the behavior will not be the same as the real application. Anyway, it's an interesting problem and I'd start with blktrace and fio. Then look at how to integrate that sort of trace with QEMU. Stefan
Re: [Qemu-devel] [PATCH 1/6] virtio-net: use the backend cross-endian capabilities
On 08/01/2016 15:19, Greg Kurz wrote:
> On Thu, 7 Jan 2016 19:32:37 +0100
> Laurent Vivier wrote:
>>
>
> Sorry for the late answer to this one, I got diverted :)
>
>>
>> On 07/01/2016 12:32, Greg Kurz wrote:
>>> When running a fully emulated device in cross-endian conditions, including
>>> a virtio 1.0 device offered to a big endian guest, we need to fix the vnet
>>> headers. This is currently handled by the virtio_net_hdr_swap() function
>>> in the core virtio-net code but it should actually be handled by the net
>>> backend.
>>>
>>> With this patch, virtio-net now tries to configure the backend to do the
>>> endian fixing when the device starts. If the backend cannot support the
>>> requested endiannes, we have to fall back on virtio_net_hdr_swap(): this
>>> is recorded in the needs_vnet_hdr_swap flag, to be used in the TX and RX
>>> paths.
>>>
>>> The current vhost-net code also tries to configure net backends. This will
>>> be no more needed and will be addressed in a subsequent patch.
>>>
>>> Signed-off-by: Greg Kurz
>>> ---
>>> hw/net/virtio-net.c| 33 +++--
>>> include/hw/virtio/virtio-net.h |1 +
>>> 2 files changed, 32 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
>>> index a877614e3e7a..d4cc94ea5e55 100644
>>> --- a/hw/net/virtio-net.c
>>> +++ b/hw/net/virtio-net.c
>>> @@ -152,6 +152,31 @@ static void virtio_net_vhost_status(VirtIONet *n,
>>> uint8_t status)
>>> }
>>> }
>>>
>>> +static void virtio_net_vnet_status(VirtIONet *n, uint8_t status)
>>> +{
>>> +VirtIODevice *vdev = VIRTIO_DEVICE(n);
>>> +NetClientState *peer = qemu_get_queue(n->nic)->peer;
>>> +
>>> +if (virtio_net_started(n, status)) {
>>> +int r;
>>> +
>>> +if (virtio_is_big_endian(vdev)) {
>>> +r = qemu_set_vnet_be(peer, true);
>>> +} else {
>>> +r = qemu_set_vnet_le(peer, true);
>>> +}
>>> +
>>> +n->needs_vnet_hdr_swap = !!r;
>>> +} else if (virtio_net_started(n, vdev->status) &&
>>> + !virtio_net_started(n, status)) {
>>> +if (virtio_is_big_endian(vdev)) {
>>> +qemu_set_vnet_be(peer, false);
>>> +} else {
>>> +qemu_set_vnet_le(peer, false);
>>> +}
>>> +}
>>> +}
>>
>> Could you explain why check 'virtio_net_started(n, status)' and then
>> 'virtio_net_started(n, vdev->status)' ?
>>
>
> Before using the device, we need to inform the network backend about
> the endianness to use when parsing vnet headers. We do this when the
> driver activates the device (DRIVER_OK). This is the first check.
>
> After using the device, we need to reset the network backend to the
> default (guest native endianness), otherwise the guest may loose network
> connectivity if it is rebooted into a different endianness. We do this
> when the driver deactivates the device (no DRIVER_OK). The second check
> ensures the device was active before: if we don't check that, the 'else'
> branch would be executed each time the driver updates the status with
> something not containing DRIVER_OK... :-\
>
>> Why qemu_set_vnet_[bl]e() use "true" in the first case and "false" in
>> the second case ?
>>
>
> "true" tells the backend to enforce the corresponding endianness.
> "false" tells the backed to reset to the default (guest native endianness).
>
>> Why don't you store the result (r) in the second case ?
>>
>
> Because @needs_vnet_hdr_swap is only being used when the device is active.
>
> Thank you for the time you spent on reviewing this series !
Thank you for the details, it's clear now.
Perhaps this can be added in the commit log or in some comments ?
> Bonne Annee !
Bonne Année ;)
Laurent
> --
> Greg
>
>>> static void virtio_net_set_status(struct VirtIODevice *vdev, uint8_t
>>> status)
>>> {
>>> VirtIONet *n = VIRTIO_NET(vdev);
>>> @@ -159,6 +184,7 @@ static void virtio_net_set_status(struct VirtIODevice
>>> *vdev, uint8_t status)
>>> int i;
>>> uint8_t queue_status;
>>>
>>> +virtio_net_vnet_status(n, status);
>>> virtio_net_vhost_status(n, status);
>>>
>>> for (i = 0; i < n->max_queues; i++) {
>>> @@ -957,7 +983,10 @@ static void receive_header(VirtIONet *n, const struct
>>> iovec *iov, int iov_cnt,
>>> void *wbuf = (void *)buf;
>>> work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len,
>>> size - n->host_hdr_len);
>>> -virtio_net_hdr_swap(VIRTIO_DEVICE(n), wbuf);
>>> +
>>> +if (n->needs_vnet_hdr_swap) {
>>> +virtio_net_hdr_swap(VIRTIO_DEVICE(n), wbuf);
>>> +}
>>> iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr));
>>> } else {
>>> struct virtio_net_hdr hdr = {
>>> @@ -1167,7 +1196,7 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q)
>>> error_report("virtio-net header incorrect");
>>> exit(1);
>>>
Re: [Qemu-devel] [PATCH 1/3] sun4u: split out NPT and INT_DIS into separate CPUTimer fields
On 08/01/16 14:55, Peter Maydell wrote: > On 8 January 2016 at 14:34, Mark Cave-Ayland > wrote: >> I'm not particularly worried about sun4u for the moment as there are >> already other reasons why migration would fail, e.g. no >> VMStateDescription for storing PCI interrupt state in the apb host bridge. >> >> Last time I checked sun4m migration appeared to work under some very >> light testing, so as long as this behaviour is preserved then I don't >> see a problem. > > OK. Does this apply to all 64-bit SPARC CPUs? (There are some > things I can simplify in the CPU migration code if we can break > 64-bit migration.) Yes, seems reasonable to me - I'm fairly sure that sun4u migration is incomplete so I'd be amazed if anyone were successfully using this out in the field. ATB, Mark.
[Qemu-devel] [PULL 03/59] hw/i386: fill in the CENTURY field of the FADT (FACP) ACPI table
From: Laszlo Ersek
The ACPI specification (minimally versions 1.0b through 6.0) define the
FADT.CENTURY field as:
The RTC CMOS RAM index to the century of data value (hundred and
thousand year decimals). If this field contains a zero, then the RTC
centenary feature is not supported. If this field has a non-zero value,
then this field contains an index into RTC RAM space that OSPM can use
to program the centenary field.
The x86 targets generate ACPI payload, emulate an RTC
(CONFIG_MC146818RTC), and that RTC supports the "centenary feature" (see
occurrences of RTC_CENTURY in cmos_ioport_write() and cmos_ioport_read()
in "hw/timer/mc146818rtc.c".)
However, FADT.CENTURY is left at zero currently:
[06Ch 0108 1]RTC Century Index : 00
which -- according to analysis done by Ruiyu Ni at Intel -- should cause
Linux and Windows 8+ to think the RTC centenary feature is unavailable,
and cause Windows 7 to (incorrectly) assume that the offset to use is
constant 0x32. (0x32 happens to be the right value on QEMU, but Windows 7
is wrong to assume anything at all).
Exposing the right nonzero offset in FADT.CENTURY informs Linux and
Windows 8+ about the right capabilities of the hardware, plus it retrofits
our FADT to Windows 7's behavior.
Regression tested with the following guests (all UEFI installs):
- i386 Q35: Fedora 21 ("Fedlet" edition)
- x86_64:
- i440fx:
- Fedora 21
- RHEL 6 and 7
- Windows 7 and 10
- Windows Server 2008 R2 and 2012 R2
- Q35:
- Fedora 22
- Windows 8.1
Cc: "Michael S. Tsirkin" (supporter:ACPI/SMBIOS)
Cc: Igor Mammedov (supporter:ACPI/SMBIOS)
Cc: Paolo Bonzini (maintainer:X86)
Cc: Richard Henderson (maintainer:X86)
Cc: Eduardo Habkost (maintainer:X86)
Cc: Ruiyu Ni
Signed-off-by: Laszlo Ersek
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
Reviewed-by: Igor Mammedov
Reviewed-by: Paolo Bonzini
---
hw/i386/acpi-build.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 4cc1440..a5a3e3c 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -43,6 +43,7 @@
#include "sysemu/tpm.h"
#include "hw/acpi/tpm.h"
#include "sysemu/tpm_backend.h"
+#include "hw/timer/mc146818rtc_regs.h"
/* Supported chipsets: */
#include "hw/acpi/piix4.h"
@@ -335,6 +336,7 @@ static void fadt_setup(AcpiFadtDescriptorRev1 *fadt,
AcpiPmInfo *pm)
if (max_cpus > 8) {
fadt->flags |= cpu_to_le32(1 << ACPI_FADT_F_FORCE_APIC_CLUSTER_MODEL);
}
+fadt->century = RTC_CENTURY;
}
--
MST
[Qemu-devel] [PULL 01/59] nvdimm: fix header pointer in nvdimm_build_nfit()
From: Haozhong Zhang
In the current nvdimm_build_nfit(), the pointer 'header' initially equals
to table_data->data + table_data->len. However, the following
g_array_append_vals(table_data, structures->data, structures->len)
may resize and relocate table_data->data[]. Therefore, the usage of 'header'
afterwards may be illegal.
This patch fixes this issue by storing an offset within table_data->data[]
(rather than an address) in 'header'.
Signed-off-by: Haozhong Zhang
Reviewed-by: Xiao Guangrong
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
---
hw/acpi/nvdimm.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/hw/acpi/nvdimm.c b/hw/acpi/nvdimm.c
index 9534418..df1b176 100644
--- a/hw/acpi/nvdimm.c
+++ b/hw/acpi/nvdimm.c
@@ -353,16 +353,18 @@ static void nvdimm_build_nfit(GSList *device_list, GArray
*table_offsets,
GArray *table_data, GArray *linker)
{
GArray *structures = nvdimm_build_device_structure(device_list);
-void *header;
+unsigned int header;
acpi_add_table(table_offsets, table_data);
/* NFIT header. */
-header = acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
+header = table_data->len;
+acpi_data_push(table_data, sizeof(NvdimmNfitHeader));
/* NVDIMM device structures. */
g_array_append_vals(table_data, structures->data, structures->len);
-build_header(linker, table_data, header, "NFIT",
+build_header(linker, table_data,
+ (void *)(table_data->data + header), "NFIT",
sizeof(NvdimmNfitHeader) + structures->len, 1, NULL);
g_array_free(structures, true);
}
--
MST
[Qemu-devel] [PULL 00/59] acpi dsdt rework, misc fixes
The following changes since commit 6bb9ead762bf749af11ea225fc2a74db1b93c105: Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160108-1' into staging (2016-01-08 12:50:19 +) are available in the git repository at: git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream for you to fetch changes up to 88e6cd937bc5dd4b972aaee18b6adc92b33b46c6: virtio: fix error message for number of queues (2016-01-08 16:01:40 +0200) acpi dsdt rework, misc fixes This completes the dsdt rewrite, and includes misc fixes all over the place. Signed-off-by: Michael S. Tsirkin Cao jin (1): igd-passthrough: fix use of host_pci_config_read Cornelia Huck (1): virtio: fix error message for number of queues Dr. David Alan Gilbert (2): Add VMSTATE_STRUCT_VARRAY_KNOWN migration/virtio: Remove simple .get/.put use Haozhong Zhang (1): nvdimm: fix header pointer in nvdimm_build_nfit() Igor Mammedov (51): tests: acpi: print ASL diff in verbose mode pc: acpi: memhp: prepare context in SSDT for moving memhp DSDT code pc: acpi: memhp: move MHPD._STA method into SSDT pc: acpi: memhp: move MHPD.MLCK mutex into SSDT pc: acpi: memhp: move MHPD.MSCN method into SSDT pc: acpi: memhp: move MHPD.MRST method into SSDT pc: acpi: memhp: move MHPD.MPXM method into SSDT pc: acpi: memhp: move MHPD.MOST method into SSDT pc: acpi: memhp: move MHPD.MEJ0 method into SSDT pc: acpi: memhp: move MHPD.MCRS method into SSDT pc: acpi: memhp: move MHPD Device into SSDT pc: acpi: factor out memhp code from build_ssdt() into separate function pc: acpi: memhp: move \_GPE._E03 into SSDT pc: acpi: memhp: drop not needed stringify(MEMORY_foo) usage pc: acpi: drop unused CPU_STATUS_LEN from DSDT pc: acpi: cpuhp: move CPEJ() method to SSDT pc: acpi: cpuhp: move CPMA() method into SSDT pc: acpi: cpuhp: move CPST() method into SSDT pc: acpi: cpuhp: move PRSC() method into SSDT pc: acpi: cpuhp: move \_GPE._E02() into SSDT pc: acpi: factor out cpu hotplug code from build_ssdt() into separate function pc: acpi: move HPET from DSDT to SSDT pc: acpi: move DBUG() from DSDT to SSDT pc: acpi: move RTC device from DSDT to SSDT pc: acpi: move KBD device from DSDT to SSDT pc: acpi: move MOU device from DSDT to SSDT pc: acpi: move FDC0 device from DSDT to SSDT pc: acpi: move LPT device from DSDT to SSDT pc: acpi: move COM devices from DSDT to SSDT pc: acpi: move PIIX4 isa-bridge and pm devices into SSDT pc: acpi: move remaining GPE handlers into SSDT pc: acpi: pci: move link devices into SSDT pc: acpi: piix4: move IQCR() into SSDT pc: acpi: piix4: move IQST() into SSDT pc: acpi: piix4: move PCI0._PRT() into SSDT pc: acpi: piix4: move remaining PCI hotplug bits into SSDT pc: acpi: piix4: acpi move PCI0 device to SSDT pc: acpi: q35: move GSI links to SSDT pc: acpi: q35: move link devices to SSDT pc: acpi: q35: move IQCR() into SSDT pc: acpi: q35: move IQST() into SSDT pc: acpi: q35: move ISA bridge into SSDT pc: acpi: q35: move _PRT() into SSDT pc: acpi: q35: move PRTA routing table into SSDT pc: acpi: q35: move PRTP routing table into SSDT pc: acpi: q35: move _PIC() method into SSDT pc: acpi: q35: move PCI0._OSC() method into SSDT pc: acpi: q35: move PCI0 device definition into SSDT pc: acpi: q35: PCST, PCSB opregions and PCIB field into SSDT pc: acpi: switch to AML API composed DSDT pc: acpi: remove unused ASL templates and related blobs/utils Laszlo Ersek (1): hw/i386: fill in the CENTURY field of the FADT (FACP) ACPI table Roman Kagan (1): i386/pc: expose identifying the floppy controller Tetsuya Mukawa (1): ivshmem: Store file descriptor for vhost-user negotiation include/exec/ram_addr.h |1 + include/hw/acpi/aml-build.h |3 + include/hw/acpi/cpu_hotplug.h | 10 + include/hw/acpi/memory_hotplug.h|9 + include/hw/acpi/pc-hotplug.h| 44 +- include/hw/i386/pc.h|2 + include/hw/timer/hpet.h |1 + include/migration/vmstate.h | 13 + exec.c | 10 + hw/acpi/cpu_hotplug_acpi_table.c| 135 + hw/acpi/memory_hotplug_acpi_table.c | 262 ++ hw/acpi/nvdimm.c|8 +- hw/i386/acpi-build.c| 1369 +-- hw/i386/pc.c| 44 +- hw/misc/ivshmem.c |9 +- hw/pci-host/piix.c |8 +- hw/timer/hpet.c |2 +- hw/virtio/virtio.c | 89 +- tests/bios-tables-test.c| 16 + hw/acpi/Mak
[Qemu-devel] [PULL 02/59] igd-passthrough: fix use of host_pci_config_read
From: Cao jin
Fix the bug introduced by 595a4f07: function host_pci_config_read() should be
pass-by-reference, not value.
This probably means this function never worked for anyone.
Signed-off-by: Cao jin
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
---
hw/pci-host/piix.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index 715208b..924f0fa 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -761,7 +761,7 @@ static const IGDHostInfo igd_host_bridge_infos[] = {
{0xa8, 4}, /* SNB: base of GTT stolen memory */
};
-static int host_pci_config_read(int pos, int len, uint32_t val)
+static int host_pci_config_read(int pos, int len, uint32_t *val)
{
char path[PATH_MAX];
int config_fd;
@@ -784,12 +784,14 @@ static int host_pci_config_read(int pos, int len,
uint32_t val)
ret = -errno;
goto out;
}
+
do {
-rc = read(config_fd, (uint8_t *)&val, len);
+rc = read(config_fd, (uint8_t *)val, len);
} while (rc < 0 && (errno == EINTR || errno == EAGAIN));
if (rc != len) {
ret = -errno;
}
+
out:
close(config_fd);
return ret;
@@ -805,7 +807,7 @@ static int igd_pt_i440fx_initfn(struct PCIDevice *pci_dev)
for (i = 0; i < num; i++) {
pos = igd_host_bridge_infos[i].offset;
len = igd_host_bridge_infos[i].len;
-rc = host_pci_config_read(pos, len, val);
+rc = host_pci_config_read(pos, len, &val);
if (rc) {
return -ENODEV;
}
--
MST
Re: [Qemu-devel] [PATCH 00/25] target-sparc improvements
On 12/29/2015 10:59 AM, Mark Cave-Ayland wrote: > If there are explicit bug-fixes related to above then my preference > would be to have them as a separate patchset outside of the performance > improvements, but then if this isn't feasible then I don't feel that > this should block getting this patches applied to master. Heh. If there are bugs fixed, it's accidental. I was attempting to preserve behaviour with each patch. I wonder what changed... r~
Re: [Qemu-devel] [PULL 00/55] acpi, pc features
On 8 January 2016 at 14:19, Michael S. Tsirkin wrote: > The following changes since commit 5dc42c186d63b7b338594fc071cf290805dcc5a5: > > Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' > into staging (2015-12-22 14:21:42 +) > > are available in the git repository at: > > git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream > > for you to fetch changes up to 5530427f0ca240b972f25ef0413fb966f96dfb05: > > acpi: extend aml_and() to accept target argument (2015-12-22 18:39:21 +0200) > > > acpi, pc features > > pxb support for q35 > nvdimm support > most of ipmi support > part of DSDT rewrite > > Signed-off-by: Michael S. Tsirkin > > Hi. I'm afraid this fails to build on the w32 compiler: /home/petmay01/linaro/qemu-for-merges/hw/acpi/memory_hotplug_acpi_table.c: In function ‘build_memory_hotplug_aml’: /home/petmay01/linaro/qemu-for-merges/hw/acpi/memory_hotplug_acpi_table.c:148: warning: integer constant is too large for ‘long’ type /home/petmay01/linaro/qemu-for-merges/hw/acpi/memory_hotplug_acpi_table.c:149: warning: integer constant is too large for ‘long’ type Usual 'missing ULL suffix on 64-bit constants' issue. thanks -- PMM
Re: [Qemu-devel] Qemu linux-user que
On 01/08/2016 03:03 PM, Laurent Vivier wrote: > I think you can add the ones from Adrian: > > [PATCH 1/2] linux-user: Update m68k syscall definitions to match Linux 4.4. > [PATCH 2/2] linux-user: Add SOCKOP_sendmmsg and SOCKOP_recvmmsg socket > call, wire them up. Oh, I'd really appreciate that and I'd be very proud to get my first official patches into qemu ;-). They've also been tested by me and reviewed by Laurent. Adrian -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer - glaub...@debian.org `. `' Freie Universitaet Berlin - glaub...@physik.fu-berlin.de `-GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913
[Qemu-devel] [PATCH] Add optionrom compatible with fw_cfg DMA version
This optionrom is based on linuxboot.S.
Signed-off-by: Marc Marí
---
.gitignore| 4 +
hw/i386/pc.c | 9 +-
hw/nvram/fw_cfg.c | 2 +-
include/hw/nvram/fw_cfg.h | 1 +
pc-bios/optionrom/Makefile| 8 +-
pc-bios/optionrom/linuxboot_dma.c | 338 ++
pc-bios/optionrom/optionrom.h | 4 +-
7 files changed, 361 insertions(+), 5 deletions(-)
create mode 100644 pc-bios/optionrom/linuxboot_dma.c
diff --git a/.gitignore b/.gitignore
index 88a80ff..101d1e0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -94,6 +94,10 @@
/pc-bios/optionrom/linuxboot.bin
/pc-bios/optionrom/linuxboot.raw
/pc-bios/optionrom/linuxboot.img
+/pc-bios/optionrom/linuxboot_dma.asm
+/pc-bios/optionrom/linuxboot_dma.bin
+/pc-bios/optionrom/linuxboot_dma.raw
+/pc-bios/optionrom/linuxboot_dma.img
/pc-bios/optionrom/multiboot.asm
/pc-bios/optionrom/multiboot.bin
/pc-bios/optionrom/multiboot.raw
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 459260b..00339fa 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1007,8 +1007,13 @@ static void load_linux(PCMachineState *pcms,
fw_cfg_add_i32(fw_cfg, FW_CFG_SETUP_SIZE, setup_size);
fw_cfg_add_bytes(fw_cfg, FW_CFG_SETUP_DATA, setup, setup_size);
-option_rom[nb_option_roms].name = "linuxboot.bin";
-option_rom[nb_option_roms].bootindex = 0;
+if (fw_cfg_dma_enabled(fw_cfg)) {
+option_rom[nb_option_roms].name = "linuxboot_dma.bin";
+option_rom[nb_option_roms].bootindex = 0;
+} else {
+option_rom[nb_option_roms].name = "linuxboot.bin";
+option_rom[nb_option_roms].bootindex = 0;
+}
nb_option_roms++;
}
diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index a1d650d..d0a5753 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -546,7 +546,7 @@ static bool is_version_1(void *opaque, int version_id)
return version_id == 1;
}
-static bool fw_cfg_dma_enabled(void *opaque)
+bool fw_cfg_dma_enabled(void *opaque)
{
FWCfgState *s = opaque;
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index 664eaf6..953e58d 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -219,6 +219,7 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
hwaddr dma_addr, AddressSpace *dma_as);
FWCfgState *fw_cfg_find(void);
+bool fw_cfg_dma_enabled(void *opaque);
#endif /* NO_QEMU_PROTOS */
diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index ce4852a..076f351 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -2,6 +2,7 @@ all: build-all
# Dummy command so that make thinks it has done something
@true
+BULD_DIR=$(CURDIR)
include ../../config-host.mak
include $(SRC_PATH)/rules.mak
@@ -11,15 +12,20 @@ $(call set-vpath, $(SRC_PATH)/pc-bios/optionrom)
CFLAGS := -Wall -Wstrict-prototypes -Werror -fomit-frame-pointer -fno-builtin
CFLAGS += -I$(SRC_PATH)
+CFLAGS += -I$(SRC_PATH)/include
CFLAGS += $(call cc-option, $(CFLAGS), -fno-stack-protector)
CFLAGS += $(CFLAGS_NOPIE)
+CFLAGS += -m32
QEMU_CFLAGS = $(CFLAGS)
-build-all: multiboot.bin linuxboot.bin kvmvapic.bin
+build-all: multiboot.bin linuxboot.bin linuxboot_dma.bin kvmvapic.bin
# suppress auto-removal of intermediate files
.SECONDARY:
+linuxboot_dma.img: linuxboot_dma.o
+ $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -m elf_i386 -static -Ttext
0 -e _start -s -o $@ $<," Building $(TARGET_DIR)$@")
+
%.img: %.o
$(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -Ttext 0 -e _start -s -o $@
$<," Building $(TARGET_DIR)$@")
diff --git a/pc-bios/optionrom/linuxboot_dma.c
b/pc-bios/optionrom/linuxboot_dma.c
new file mode 100644
index 000..c420398
--- /dev/null
+++ b/pc-bios/optionrom/linuxboot_dma.c
@@ -0,0 +1,338 @@
+/*
+ * Linux Boot Option ROM for fw_cfg DMA
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see
Re: [Qemu-devel] [PATCH] arm64: kernel: fix PMUv3 registers unconditional access
On Fri, Jan 08, 2016 at 12:54:27PM +, Lorenzo Pieralisi wrote: > The Performance Monitors extension is an optional feature of the > AArch64 architecture, therefore, in order to access Performance > Monitors registers safely, the kernel should detect the PMUv3 unit > presence through the ID_AA64DFR0_EL1 register PMUVer field before > accessing them. > > This patch implements a guard by reading the ID_AA64DFR0_EL1 register > PMUVer field to detect the PMUv3 presence and prevent accessing PMUv3 > system registers if the Performance Monitors extension is not > implemented in the core. > > Signed-off-by: Lorenzo Pieralisi > Reported-by: Guenter Roeck With qemu 2.5: Tested-by: Guenter Roeck > Cc: Will Deacon > Cc: Peter Maydell > Cc: Mark Rutland > --- > Based on arm64 for-next/perf branch. > > Tested on QEMU and Juno, I checked that the reported PMUVer field > is correct on both A57 and A53 (ie == 0x1), it should leave behaviour > unchanged on platforms implementing PMUv3. > > arch/arm64/kernel/head.S| 5 + > arch/arm64/mm/proc-macros.S | 12 > arch/arm64/mm/proc.S| 4 ++-- > 3 files changed, 19 insertions(+), 2 deletions(-) > > diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S > index 23cfc08..6146fea 100644 > --- a/arch/arm64/kernel/head.S > +++ b/arch/arm64/kernel/head.S > @@ -512,9 +512,14 @@ CPU_LE( movkx0, #0x30d0, lsl #16) // > Clear EE and E0E on LE systems > #endif > > /* EL2 debug */ > + mrs x0, id_aa64dfr0_el1 // Check ID_AA64DFR0_EL1 PMUVer > + ubfxx0, x0, #8, #4 > + cmp x0, #1 > + b.ne4f // Skip if no PMUv3 present > mrs x0, pmcr_el0// Disable debug access traps > ubfxx0, x0, #11, #5 // to EL2 and allow access to > msr mdcr_el2, x0// all PMU counters from EL1 > +4: > > /* Stage-2 translation */ > msr vttbr_el2, xzr > diff --git a/arch/arm64/mm/proc-macros.S b/arch/arm64/mm/proc-macros.S > index 4c4d93c..25b43c1 100644 > --- a/arch/arm64/mm/proc-macros.S > +++ b/arch/arm64/mm/proc-macros.S > @@ -62,3 +62,15 @@ > bfi \valreg, \tmpreg, #TCR_T0SZ_OFFSET, #TCR_TxSZ_WIDTH > #endif > .endm > + > +/* > + * reset_pmuserenr_el0 - reset PMUSERENR_EL0 if PMUv3 present > + */ > + .macro reset_pmuserenr_el0, tmpreg > + mrs \tmpreg, id_aa64dfr0_el1// Check ID_AA64DFR0_EL1 PMUVer > + ubfx\tmpreg, \tmpreg, #8, #4 > + cmp \tmpreg, #1 // Skip if no PMUv3 present > + b.ne9000f > + msr pmuserenr_el0, xzr // Disable PMU access from EL0 > +9000: > + .endm > diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S > index 9c4dce3..b8f04b3 100644 > --- a/arch/arm64/mm/proc.S > +++ b/arch/arm64/mm/proc.S > @@ -117,7 +117,7 @@ ENTRY(cpu_do_resume) >*/ > ubfxx11, x11, #1, #1 > msr oslar_el1, x11 > - msr pmuserenr_el0, xzr // Disable PMU access from EL0 > + reset_pmuserenr_el0 x0 // Disable PMU access from EL0 > mov x0, x12 > dsb nsh // Make sure local tlb invalidation completed > isb > @@ -156,7 +156,7 @@ ENTRY(__cpu_setup) > msr cpacr_el1, x0 // Enable FP/ASIMD > mov x0, #1 << 12// Reset mdscr_el1 and disable > msr mdscr_el1, x0 // access to the DCC from EL0 > - msr pmuserenr_el0, xzr // Disable PMU access from EL0 > + reset_pmuserenr_el0 x0 // Disable PMU access from EL0 > /* >* Memory region attributes for LPAE: >* > -- > 2.5.1 > > > - End forwarded message -
Re: [Qemu-devel] [PATCH 1/3] sun4u: split out NPT and INT_DIS into separate CPUTimer fields
On 8 January 2016 at 14:34, Mark Cave-Ayland wrote: > I'm not particularly worried about sun4u for the moment as there are > already other reasons why migration would fail, e.g. no > VMStateDescription for storing PCI interrupt state in the apb host bridge. > > Last time I checked sun4m migration appeared to work under some very > light testing, so as long as this behaviour is preserved then I don't > see a problem. OK. Does this apply to all 64-bit SPARC CPUs? (There are some things I can simplify in the CPU migration code if we can break 64-bit migration.) thanks -- PMM
Re: [Qemu-devel] [PATCH 04/10] hw/sd: Add QOM bus which SD cards plug in to
On Thu, Jan 7, 2016 at 10:09 AM, Peter Maydell wrote: > On 20 December 2015 at 20:51, Peter Crosthwaite > wrote: >> On Sun, Dec 20, 2015 at 9:10 AM, Peter Maydell >> wrote: >>> For user-level back compat I think we need to retain "might have >>> an sdcard object with no block backend, and that means >>> 'no-card-present'". This is both for the user facing >>> monitor commands to manipulate the sd card, and also >> >> What are the user-facing monitor commands? I tried using "change" and >> "eject", but they don't seem to work for SD, due to the tray being >> closed. Has this ever worked in a way that is user manipulatable for >> SD or is it just to handle the case of unconditional SD card creation >> (with the card never hotplugging over the system lifetime)? > > I investigated this, and it looks like we accidentally broke > 'change' for SD cards in 2.5 (specifically in commit de2c6c05). > I think we should fix that regression, which in turn implies that > we still want to support the "sd card object with no block backend" case. > Yes, saw the patches on list. I guess we are stuck with it. It would be good to do this in a way that supports use of the hotplug API alongside though, so SDIO device could all be ejected and inserted with the same way. Regards, Peter > thanks > -- PMM
[Qemu-devel] [PULL 54/59] pc: acpi: remove unused ASL templates and related blobs/utils
From: Igor Mammedov
QEMU now uses internally composed DSDT so drop now
empty *.dsl templates and related *.generated
binary blobs.
Also since templates are not used anymore/obolete
remove utility scripts used for extracting/patching
AML blobs compiled by IASL and for updating them
in git tree.
Signed-off-by: Igor Mammedov
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
---
hw/i386/Makefile.objs | 30 -
hw/i386/acpi-dsdt.dsl | 33 -
hw/i386/acpi-dsdt.hex.generated | 2972 --
hw/i386/q35-acpi-dsdt.dsl | 40 -
hw/i386/q35-acpi-dsdt.hex.generated | 7610 ---
scripts/acpi_extract.py | 367 --
scripts/acpi_extract_preprocess.py | 51 -
scripts/update-acpi.sh |4 -
8 files changed, 11107 deletions(-)
delete mode 100644 hw/i386/acpi-dsdt.dsl
delete mode 100644 hw/i386/acpi-dsdt.hex.generated
delete mode 100644 hw/i386/q35-acpi-dsdt.dsl
delete mode 100644 hw/i386/q35-acpi-dsdt.hex.generated
delete mode 100755 scripts/acpi_extract.py
delete mode 100755 scripts/acpi_extract_preprocess.py
delete mode 100644 scripts/update-acpi.sh
diff --git a/hw/i386/Makefile.objs b/hw/i386/Makefile.objs
index c250deb..b52d5b8 100644
--- a/hw/i386/Makefile.objs
+++ b/hw/i386/Makefile.objs
@@ -8,33 +8,3 @@ obj-$(CONFIG_XEN) += ../xenpv/ xen/
obj-y += kvmvapic.o
obj-y += acpi-build.o
obj-y += pci-assign-load-rom.o
-
-gen-hex-y += hw/i386/acpi-dsdt.hex
-gen-hex-y += hw/i386/q35-acpi-dsdt.hex
-
-hw/i386/acpi-build.o: hw/i386/acpi-build.c \
- $(gen-hex-y)
-
--include $(gen-hex-y:.hex=.d)
-
-iasl-option=$(shell if test -z "`$(1) $(2) 2>&1 > /dev/null`" \
-; then echo "$(2)"; else echo "$(3)"; fi ;)
-
-ifdef IASL
-#IASL Present. Generate hex files from .dsl
-hw/i386/%.hex: $(SRC_PATH)/hw/i386/%.dsl
$(SRC_PATH)/scripts/acpi_extract_preprocess.py
$(SRC_PATH)/scripts/acpi_extract.py
- $(call quiet-command, $(CPP) -x c -P $(QEMU_DGFLAGS) $(QEMU_INCLUDES)
$< -o $*.dsl.i.orig, " CPP $(TARGET_DIR)$*.dsl.i.orig")
- $(call quiet-command, $(PYTHON)
$(SRC_PATH)/scripts/acpi_extract_preprocess.py $*.dsl.i.orig > $*.dsl.i, "
ACPI_PREPROCESS $(TARGET_DIR)$*.dsl.i")
- $(call quiet-command, $(IASL) $(call iasl-option,$(IASL),-Pn,) -vs -l
-tc -p $* $*.dsl.i $(if $(V), , > /dev/null) 2>&1 ," IASL
$(TARGET_DIR)$*.dsl.i")
- $(call quiet-command, $(PYTHON) $(SRC_PATH)/scripts/acpi_extract.py
$*.lst > $*.off, " ACPI_EXTRACT $(TARGET_DIR)$*.off")
- $(call quiet-command, cat $*.off > $@, " CAT $(TARGET_DIR)$@")
-else
-#IASL Not present. Restore pre-generated hex files.
-hw/i386/%.hex: $(SRC_PATH)/hw/i386/%.hex.generated
- $(call quiet-command, cp -f $< $@, " CP $(TARGET_DIR)$@")
-endif
-
-.PHONY: cleanhex
-cleanhex:
- rm -f hw/i386/*hex
-clean: cleanhex
diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
deleted file mode 100644
index 82e4470..000
--- a/hw/i386/acpi-dsdt.dsl
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Bochs/QEMU ACPI DSDT ASL definition
- *
- * Copyright (c) 2006 Fabrice Bellard
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-
-ACPI_EXTRACT_ALL_CODE AcpiDsdtAmlCode
-
-DefinitionBlock (
-"acpi-dsdt.aml",// Output Filename
-"DSDT", // Signature
-0x01, // DSDT Compliance Revision
-"BXPC", // OEMID
-"BXDSDT", // TABLE ID
-0x1 // OEM Revision
-)
-{
-Scope(\_SB) {
-}
-}
diff --git a/hw/i386/acpi-dsdt.hex.generated b/hw/i386/acpi-dsdt.hex.generated
deleted file mode 100644
index ecaa4a5..000
--- a/hw/i386/acpi-dsdt.hex.generated
+++ /dev/null
@@ -1,2972 +0,0 @@
-static unsigned char AcpiDsdtAmlCode[] = {
-0x44,
-0x53,
-0x44,
-0x54,
-0x9a,
-0xb,
-0x0,
-0x0,
-0x1,
-0xf8,
-0x42,
-0x58,
-0x50,
-0x43,
-0x0,
-0x0,
-0x42,
-0x58,
-0x44,
-0x53,
-0x44,
-0x54,
-0x0,
-0x0,
-0x1,
-0x0,
-0x0,
-0x0,
-0x49,
-0x4e,
-0x54,
-0x4c,
-0x7,
-0x11,
-0x14,
-0x20,
-0x10,
-0x49,
-0x4,
-0x5c,
-0x0,
-0x5b,
-0x80,
-0x44,
-0x42,
-0x47,
-0x5f,
-0x1,
-0xb,
-0x2,
-0x4,
-0x1,
-0x5b,
-0x81,
-0xb,
-0x44,
-0x42,
-0x47,
-0x5f,
-0x1,
-0x44,
-0x42,
-0x47,
-0x42,
-0x8,
-0x14,
-0x2c,
-0x44,
-0x42,
-0x55,
-0x47,
-0x1,
-0x98,
-0x68,
-0x60,
-0x96,
-0x60,
-0x60,
-0x74,
-0x87,
-0x60,
-0x1,
-0x61,
-0x70,
-0x0,
-0x62,
-0xa2,
-0x10,
-0x95,
