Re: [Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop

[Christian Borntraeger]

On 03/16/2016 11:28 AM, Paolo Bonzini wrote:
> 
> 
> On 16/03/2016 11:10, Fam Zheng wrote:
>> These are some ideas originated from analyzing the Christian's crash report 
>> on
>> virtio-blk dataplane torture test:
>>
>> https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg02093.html
>>
>> The ideas are mostly inspired/suggested by Paolo. This doesn't fix the bug, 
>> but
>> the first and the last patches seem to make the crash less frequent.  Also
>> thanks Cornelia Huck for reviewing the draft version posted in that thread.
> 
> I see you have fixed the mutex and started check in patch 4, so perhaps
> this fixes the bug. :)  Bo or Christian, could you try it out---and if
> it works try patches 2 to 4 only?
> 
> Thanks,
> 
> Paolo
> 
Seems to lockup.

Thread 5 (Thread 0x3ff8b2ff910 (LWP 88956)):
#0  0x03ff8c97f13e in syscall () at /lib64/libc.so.6
#1  0x803d52fe in futex_wait (ev=0x80a4a104 , 
val=4294967295) at /home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:292
#2  0x803d558e in qemu_event_wait (ev=0x80a4a104 
) at 
/home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:399
#3  0x803f2c34 in call_rcu_thread (opaque=0x0) at 
/home/cborntra/REPOS/qemu/util/rcu.c:250
#4  0x03ff8ca87c2c in start_thread () at /lib64/libpthread.so.0
#5  0x03ff8c984c7a in thread_start () at /lib64/libc.so.6

Thread 4 (Thread 0x3ff8aaff910 (LWP 88957)):
#0  0x03ff8c9784d8 in ppoll () at /lib64/libc.so.6
#1  0x802efdca in qemu_poll_ns (fds=0x3ff84002240, nfds=2, timeout=-1) 
at /home/cborntra/REPOS/qemu/qemu-timer.c:313
#2  0x802f2528 in aio_poll (ctx=0xb9e94050, blocking=true) at 
/home/cborntra/REPOS/qemu/aio-posix.c:453
#3  0x8016392a in iothread_run (opaque=0xb9e93b10) at 
/home/cborntra/REPOS/qemu/iothread.c:46
#4  0x03ff8ca87c2c in start_thread () at /lib64/libpthread.so.0
#5  0x03ff8c984c7a in thread_start () at /lib64/libc.so.6

Thread 3 (Thread 0x3ff888dc910 (LWP 88958)):
#0  0x03ff8ca90cd4 in __lll_lock_wait () at /lib64/libpthread.so.0
#1  0x03ff8ca93e74 in __lll_lock_elision () at /lib64/libpthread.so.0
#2  0x803d49ce in qemu_mutex_lock (mutex=0x8061f260 
) at /home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:64
#3  0x80060ef4 in qemu_mutex_lock_iothread () at 
/home/cborntra/REPOS/qemu/cpus.c:1226
#4  0x80156af6 in kvm_arch_handle_exit (cs=0xba23b7f0, 
run=0x3ff8a20) at /home/cborntra/REPOS/qemu/target-s390x/kvm.c:2024
#5  0x800815de in kvm_cpu_exec (cpu=0xba23b7f0) at 
/home/cborntra/REPOS/qemu/kvm-all.c:1921
#6  0x8006074c in qemu_kvm_cpu_thread_fn (arg=0xba23b7f0) at 
/home/cborntra/REPOS/qemu/cpus.c:1050
#7  0x03ff8ca87c2c in start_thread () at /lib64/libpthread.so.0
#8  0x03ff8c984c7a in thread_start () at /lib64/libc.so.6

Thread 2 (Thread 0x3ff67fff910 (LWP 88959)):
#0  0x03ff8ca90d04 in __lll_lock_wait () at /lib64/libpthread.so.0
#1  0x03ff8ca93e74 in __lll_lock_elision () at /lib64/libpthread.so.0
#2  0x803d49ce in qemu_mutex_lock (mutex=0x8061f260 
) at /home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:64
#3  0x80060ef4 in qemu_mutex_lock_iothread () at 
/home/cborntra/REPOS/qemu/cpus.c:1226
#4  0x80156af6 in kvm_arch_handle_exit (cs=0xb9f2e970, 
run=0x3ff8808) at /home/cborntra/REPOS/qemu/target-s390x/kvm.c:2024
#5  0x800815de in kvm_cpu_exec (cpu=0xb9f2e970) at 
/home/cborntra/REPOS/qemu/kvm-all.c:1921
#6  0x8006074c in qemu_kvm_cpu_thread_fn (arg=0xb9f2e970) at 
/home/cborntra/REPOS/qemu/cpus.c:1050
#7  0x03ff8ca87c2c in start_thread () at /lib64/libpthread.so.0
#8  0x03ff8c984c7a in thread_start () at /lib64/libc.so.6

Thread 1 (Thread 0x3ff8e55bb90 (LWP 88953)):
#0  0x03ff8ca90cd4 in __lll_lock_wait () at /lib64/libpthread.so.0
#1  0x03ff8ca93e74 in __lll_lock_elision () at /lib64/libpthread.so.0
#2  0x803d49ce in qemu_mutex_lock (mutex=0xba232df8) at 
/home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:64
#3  0x800b713e in virtio_blk_data_plane_start (s=0xba232d80) at 
/home/cborntra/REPOS/qemu/hw/block/dataplane/virtio-blk.c:224
#4  0x800b4ea0 in virtio_blk_handle_output (vdev=0xb9eee7e8, 
vq=0xba305270) at /home/cborntra/REPOS/qemu/hw/block/virtio-blk.c:590
#5  0x800ef3dc in virtio_queue_notify_vq (vq=0xba305270) at 
/home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1095
#6  0x800f1c9c in virtio_queue_host_notifier_read (n=0xba3052c8) at 
/home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1785
#7  0x800f1e14 in virtio_queue_set_host_notifier_fd_handler 
(vq=0xba305270, assign=false, set_handler=false) at 
/home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1817
#8  0x80109c50 in virtio_ccw_set_guest2host_notifier (dev=0xb9eed6a0, 
n=0, assign=false, set_handler=false) at 
/home/cborntra/REPOS/qemu/hw/s390x/virtio-ccw.c:97
#9  0x80109ef2 in virtio_ccw_stop_ioeventfd (dev=0xb9eed6a0) at 
/home/cborntra/REPOS/qemu/hw/s390x/virtio-ccw.c:154
#10 

Re: [Qemu-devel] [PATCH 48/49] hw: remove pio_addr_t

[Peter Maydell]

On 16 March 2016 at 10:46, Paolo Bonzini  wrote:
> Using uint32_t is enough and avoids the need to include ioport.h everywhere.
>
> Signed-off-by: Paolo Bonzini 

I'm not hugely convinced by this patch -- I think it's nice
to have a typedef that indicates that you're dealing with an
IO port address (and not some other kind of address or number).

thanks
-- PMM

[Qemu-devel] [PATCH 16/49] target-sh4: make cpu-qom.h not target specific

[Paolo Bonzini]

Make SuperHCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-sh4/cpu-qom.h | 31 +--
 target-sh4/cpu.h | 32 +++-
 2 files changed, 32 insertions(+), 31 deletions(-)

diff --git a/target-sh4/cpu-qom.h b/target-sh4/cpu-qom.h
index 6341238..01abb20 100644
--- a/target-sh4/cpu-qom.h
+++ b/target-sh4/cpu-qom.h
@@ -60,35 +60,6 @@ typedef struct SuperHCPUClass {
 uint32_t cvr;
 } SuperHCPUClass;
 
-/**
- * SuperHCPU:
- * @env: #CPUSH4State
- *
- * A SuperH CPU.
- */
-typedef struct SuperHCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUSH4State env;
-} SuperHCPU;
-
-static inline SuperHCPU *sh_env_get_cpu(CPUSH4State *env)
-{
-return container_of(env, SuperHCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(sh_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(SuperHCPU, env)
-
-void superh_cpu_do_interrupt(CPUState *cpu);
-bool superh_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void superh_cpu_dump_state(CPUState *cpu, FILE *f,
-   fprintf_function cpu_fprintf, int flags);
-hwaddr superh_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int superh_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int superh_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+typedef struct SuperHCPU SuperHCPU;
 
 #endif
diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index 3b23e96..0acb60c 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -20,6 +20,7 @@
 #define _CPU_SH4_H
 
 #include "qemu-common.h"
+#include "cpu-qom.h"
 
 #define TARGET_LONG_BITS 32
 
@@ -187,7 +188,36 @@ typedef struct CPUSH4State {
 memory_content **movcal_backup_tail;
 } CPUSH4State;
 
-#include "cpu-qom.h"
+/**
+ * SuperHCPU:
+ * @env: #CPUSH4State
+ *
+ * A SuperH CPU.
+ */
+struct SuperHCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUSH4State env;
+};
+
+static inline SuperHCPU *sh_env_get_cpu(CPUSH4State *env)
+{
+return container_of(env, SuperHCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(sh_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(SuperHCPU, env)
+
+void superh_cpu_do_interrupt(CPUState *cpu);
+bool superh_cpu_exec_interrupt(CPUState *cpu, int int_req);
+void superh_cpu_dump_state(CPUState *cpu, FILE *f,
+   fprintf_function cpu_fprintf, int flags);
+hwaddr superh_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+int superh_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int superh_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
 void sh4_translate_init(void);
 SuperHCPU *cpu_sh4_init(const char *cpu_model);
-- 
1.8.3.1

[Qemu-devel] [PATCH 47/49] cpu: move exec-all.h inclusion out of cpu.h

[Paolo Bonzini]

exec-all.h contains TCG-specific definitions.  It is not needed outside
TCG-specific files such as translate.c, exec.c or *helper.c.

One generic function had snuck into include/exec/exec-all.h; move it to
include/qom/cpu.h.

Signed-off-by: Paolo Bonzini 
---
 bsd-user/main.c|  1 +
 bsd-user/qemu.h|  1 +
 cpu-exec-common.c  |  1 +
 cpu-exec.c |  1 +
 cpus.c |  1 +
 cputlb.c   |  1 +
 disas/tci.c|  1 +
 exec.c |  1 +
 gdbstub.c  |  1 +
 hw/i386/kvmvapic.c |  1 +
 hw/ppc/spapr_hcall.c   |  1 +
 hw/sh4/sh7750.c|  1 +
 include/exec/exec-all.h|  9 -
 include/qom/cpu.h  | 10 ++
 linux-user/main.c  |  1 +
 linux-user/qemu.h  |  1 +
 monitor.c  |  1 +
 target-alpha/cpu.c |  1 +
 target-alpha/cpu.h |  2 --
 target-alpha/fpu_helper.c  |  1 +
 target-alpha/helper.c  |  1 +
 target-alpha/int_helper.c  |  1 +
 target-alpha/mem_helper.c  |  1 +
 target-alpha/sys_helper.c  |  1 +
 target-alpha/translate.c   |  1 +
 target-alpha/vax_helper.c  |  1 +
 target-arm/arm_ldst.h  |  1 +
 target-arm/cpu.c   |  1 +
 target-arm/cpu.h   |  2 --
 target-arm/helper-a64.c|  1 +
 target-arm/helper.c|  1 +
 target-arm/op_helper.c |  1 +
 target-arm/psci.c  |  1 +
 target-arm/translate-a64.c |  1 +
 target-arm/translate.c |  1 +
 target-cris/cpu.c  |  1 +
 target-cris/cpu.h  |  2 --
 target-cris/helper.c   |  1 +
 target-cris/mmu.c  |  1 +
 target-cris/op_helper.c|  1 +
 target-cris/translate.c|  1 +
 target-i386/bpt_helper.c   |  1 +
 target-i386/cpu.c  |  1 +
 target-i386/cpu.h  |  2 --
 target-i386/excp_helper.c  |  1 +
 target-i386/fpu_helper.c   |  1 +
 target-i386/helper.c   |  1 +
 target-i386/int_helper.c   |  1 +
 target-i386/machine.c  |  3 +++
 target-i386/mem_helper.c   |  1 +
 target-i386/misc_helper.c  |  1 +
 target-i386/mpx_helper.c   |  1 +
 target-i386/seg_helper.c   |  1 +
 target-i386/svm_helper.c   |  1 +
 target-i386/translate.c|  1 +
 target-lm32/cpu.c  |  1 +
 target-lm32/cpu.h  |  2 --
 target-lm32/helper.c   |  1 +
 target-lm32/op_helper.c|  1 +
 target-lm32/translate.c|  1 +
 target-m68k/cpu.c  |  1 +
 target-m68k/cpu.h  |  2 --
 target-m68k/helper.c   |  1 +
 target-m68k/m68k-semi.c|  1 +
 target-m68k/op_helper.c|  1 +
 target-m68k/translate.c|  1 +
 target-microblaze/cpu.c|  1 +
 target-microblaze/cpu.h|  2 --
 target-microblaze/helper.c |  1 +
 target-microblaze/mmu.c|  1 +
 target-microblaze/op_helper.c  |  1 +
 target-microblaze/translate.c  |  1 +
 target-mips/cpu.c  |  1 +
 target-mips/cpu.h  |  2 --
 target-mips/helper.c   |  1 +
 target-mips/mips-semi.c|  1 +
 target-mips/msa_helper.c   |  1 +
 target-mips/op_helper.c|  1 +
 target-mips/translate.c|  1 +
 target-moxie/cpu.c |  1 +
 target-moxie/cpu.h |  1 -
 target-openrisc/cpu.c  |  1 +
 target-openrisc/cpu.h  |  2 --
 target-openrisc/exception.c|  1 +
 target-openrisc/interrupt.c|  1 +
 target-openrisc/interrupt_helper.c |  1 +
 target-openrisc/mmu.c  |  1 +
 target-openrisc/mmu_helper.c   |  1 +
 target-openrisc/sys_helper.c   |  1 +
 target-ppc/cpu.h   |  2 --
 target-ppc/excp_helper.c   |  1 +
 target-ppc/int_helper.c|  1 +
 target-ppc/machine.c   |  2 ++
 target-ppc/mem_helper.c|  2 ++
 target-ppc/misc_helper.c   |  1 +
 target-ppc/mmu-hash32.c|  1 +
 target-ppc/mmu-hash64.c|  1 +
 target-ppc/mmu_helper.c|  1 +
 target-ppc/timebase_helper.c   |  1 +
 target-ppc/translate.c |  1 +
 target-s390x/cc_helper.c   |  1 +
 target-s390x/cpu.c |  1 +
 target-s390x/cpu.h |  2 --
 target-s390x/fpu_helper.c  |  1 +
 target-s390x/gdbstub.c |  1 +
 target-s390x/helper.c  |  1 +
 target-s390x/int_helper.c  |  1 +
 target-s390x/mem_helper.c  |  1 +
 target-s390x/misc_helper.c |  1 

[Qemu-devel] [PATCH 44/49] mips: move CP0 functions out of cpu.h

[Paolo Bonzini]

These are here for historical reasons: they are needed from both gdbstub.c
and op_helper.c, and the latter was compiled with fixed AREG0.  It is
not needed anymore, so uninline them.

Signed-off-by: Paolo Bonzini 
---
 target-mips/cpu.h| 113 ++-
 target-mips/helper.c | 108 
 2 files changed, 112 insertions(+), 109 deletions(-)

diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index 4465a78..32231e3 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -1020,115 +1020,10 @@ static inline void compute_hflags(CPUMIPSState *env)
 }
 }
 
-#ifndef CONFIG_USER_ONLY
-static inline void cpu_mips_tlb_flush(CPUMIPSState *env, int flush_global)
-{
-MIPSCPU *cpu = mips_env_get_cpu(env);
-
-/* Flush qemu's TLB and discard all shadowed entries.  */
-tlb_flush(CPU(cpu), flush_global);
-env->tlb->tlb_in_use = env->tlb->nb_tlb;
-}
-
-/* Called for updates to CP0_Status.  */
-static inline void sync_c0_status(CPUMIPSState *env, CPUMIPSState *cpu, int tc)
-{
-int32_t tcstatus, *tcst;
-uint32_t v = cpu->CP0_Status;
-uint32_t cu, mx, asid, ksu;
-uint32_t mask = ((1 << CP0TCSt_TCU3)
-   | (1 << CP0TCSt_TCU2)
-   | (1 << CP0TCSt_TCU1)
-   | (1 << CP0TCSt_TCU0)
-   | (1 << CP0TCSt_TMX)
-   | (3 << CP0TCSt_TKSU)
-   | (0xff << CP0TCSt_TASID));
-
-cu = (v >> CP0St_CU0) & 0xf;
-mx = (v >> CP0St_MX) & 0x1;
-ksu = (v >> CP0St_KSU) & 0x3;
-asid = env->CP0_EntryHi & 0xff;
-
-tcstatus = cu << CP0TCSt_TCU0;
-tcstatus |= mx << CP0TCSt_TMX;
-tcstatus |= ksu << CP0TCSt_TKSU;
-tcstatus |= asid;
-
-if (tc == cpu->current_tc) {
-tcst = >active_tc.CP0_TCStatus;
-} else {
-tcst = >tcs[tc].CP0_TCStatus;
-}
-
-*tcst &= ~mask;
-*tcst |= tcstatus;
-compute_hflags(cpu);
-}
-
-static inline void cpu_mips_store_status(CPUMIPSState *env, target_ulong val)
-{
-uint32_t mask = env->CP0_Status_rw_bitmask;
-target_ulong old = env->CP0_Status;
-
-if (env->insn_flags & ISA_MIPS32R6) {
-bool has_supervisor = extract32(mask, CP0St_KSU, 2) == 0x3;
-#if defined(TARGET_MIPS64)
-uint32_t ksux = (1 << CP0St_KX) & val;
-ksux |= (ksux >> 1) & val; /* KX = 0 forces SX to be 0 */
-ksux |= (ksux >> 1) & val; /* SX = 0 forces UX to be 0 */
-val = (val & ~(7 << CP0St_UX)) | ksux;
-#endif
-if (has_supervisor && extract32(val, CP0St_KSU, 2) == 0x3) {
-mask &= ~(3 << CP0St_KSU);
-}
-mask &= ~(((1 << CP0St_SR) | (1 << CP0St_NMI)) & val);
-}
-
-env->CP0_Status = (old & ~mask) | (val & mask);
-#if defined(TARGET_MIPS64)
-if ((env->CP0_Status ^ old) & (old & (7 << CP0St_UX))) {
-/* Access to at least one of the 64-bit segments has been disabled */
-cpu_mips_tlb_flush(env, 1);
-}
-#endif
-if (env->CP0_Config3 & (1 << CP0C3_MT)) {
-sync_c0_status(env, env, env->current_tc);
-} else {
-compute_hflags(env);
-}
-}
-
-static inline void cpu_mips_store_cause(CPUMIPSState *env, target_ulong val)
-{
-uint32_t mask = 0x00C00300;
-uint32_t old = env->CP0_Cause;
-int i;
-
-if (env->insn_flags & ISA_MIPS32R2) {
-mask |= 1 << CP0Ca_DC;
-}
-if (env->insn_flags & ISA_MIPS32R6) {
-mask &= ~((1 << CP0Ca_WP) & val);
-}
-
-env->CP0_Cause = (env->CP0_Cause & ~mask) | (val & mask);
-
-if ((old ^ env->CP0_Cause) & (1 << CP0Ca_DC)) {
-if (env->CP0_Cause & (1 << CP0Ca_DC)) {
-cpu_mips_stop_count(env);
-} else {
-cpu_mips_start_count(env);
-}
-}
-
-/* Set/reset software interrupts */
-for (i = 0 ; i < 2 ; i++) {
-if ((old ^ env->CP0_Cause) & (1 << (CP0Ca_IP + i))) {
-cpu_mips_soft_irq(env, i, env->CP0_Cause & (1 << (CP0Ca_IP + i)));
-}
-}
-}
-#endif
+void cpu_mips_tlb_flush(CPUMIPSState *env, int flush_global);
+void sync_c0_status(CPUMIPSState *env, CPUMIPSState *cpu, int tc);
+void cpu_mips_store_status(CPUMIPSState *env, target_ulong val);
+void cpu_mips_store_cause(CPUMIPSState *env, target_ulong val);
 
 void QEMU_NORETURN do_raise_exception_err(CPUMIPSState *env, uint32_t 
exception,
   int error_code, uintptr_t pc);
diff --git a/target-mips/helper.c b/target-mips/helper.c
index 0fabfec..ac5771e 100644
--- a/target-mips/helper.c
+++ b/target-mips/helper.c
@@ -221,6 +221,114 @@ static int get_physical_address (CPUMIPSState *env, 
hwaddr *physical,
 }
 return ret;
 }
+
+void cpu_mips_tlb_flush(CPUMIPSState *env, int flush_global)
+{
+MIPSCPU *cpu = mips_env_get_cpu(env);
+
+/* Flush qemu's TLB and discard all shadowed entries.  */
+tlb_flush(CPU(cpu), flush_global);
+env->tlb->tlb_in_use = 

Re: [Qemu-devel] [PULL 08/16] virtio-balloon: export all balloon statistics

[Denis V. Lunev]

On 03/04/2016 10:49 AM, Michael S. Tsirkin wrote:

From: Igor Redko 

We are making experiments with different autoballooning strategies
based on the guest behavior. Thus we need to experiment with different
guest statistics. For now every counter change requires QEMU recompilation
and dances with Libvirt.

This patch introduces transport for unrecognized counters in virtio-balloon.
This transport can be used for measuring benefits from using new
balloon counters, before submitting any patches. Current alternative
is 'guest-exec' transport which isn't made for such delicate matters
and can influence test results.

Originally all counters with tag >= VIRTIO_BALLOON_S_NR were ignored.
Instead of this we keep first (VIRTIO_BALLOON_S_NR + 32) counters from the
queue and pass unrecognized ones with the following names: 'x-stat-',
where  is a tag number in hex. Defined counters are reported with their
regular names.

Signed-off-by: Igor Redko 
Signed-off-by: Denis V. Lunev 
CC: Michael S. Tsirkin 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
  configure  | 12 
  include/hw/virtio/virtio-balloon.h |  3 ++-
  hw/virtio/virtio-balloon.c | 32 ++--
  3 files changed, 40 insertions(+), 7 deletions(-)

diff --git a/configure b/configure
index 0c0472a..767d96e 100755
--- a/configure
+++ b/configure
@@ -315,6 +315,7 @@ vhdx=""
  numa=""
  tcmalloc="no"
  jemalloc="no"
+unknown_balloon_stats="no"
  
  # parse CC options first

  for opt do
@@ -1142,6 +1143,10 @@ for opt do
;;
--enable-jemalloc) jemalloc="yes"
;;
+  --enable-unknown-balloon-stats) unknown_balloon_stats="yes"
+  ;;
+  --disable-unknown-balloon-stats) unknown_balloon_stats="no"
+  ;;
*)
echo "ERROR: unknown option $opt"
echo "Try '$0 --help' for more information"
@@ -1364,6 +1369,8 @@ disabled with --disable-FEATURE, default is enabled if 
available:
numalibnuma support
tcmalloctcmalloc support
jemallocjemalloc support
+  unknown-balloon-stats  report unknown balloon statistics counters
+  ;;
  
  NOTE: The object files are built at the place where configure is launched

  EOF
@@ -4790,6 +4797,7 @@ echo "bzip2 support $bzip2"
  echo "NUMA host support $numa"
  echo "tcmalloc support  $tcmalloc"
  echo "jemalloc support  $jemalloc"
+echo "unknown balloon stat counters support  $unknown_balloon_stats"
  
  if test "$sdl_too_old" = "yes"; then

  echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -5342,6 +5350,10 @@ if test "$rdma" = "yes" ; then
echo "CONFIG_RDMA=y" >> $config_host_mak
  fi
  
+if test "$unknown_balloon_stats" = "yes" ; then

+  echo "CONFIG_UNKNOWN_BALLOON_STATS=y" >> $config_host_mak
+fi
+
  # Hold two types of flag:
  #   CONFIG_THREAD_SETNAME_BYTHREAD  - we've got a way of setting the name on
  # a thread we have a handle to
diff --git a/include/hw/virtio/virtio-balloon.h 
b/include/hw/virtio/virtio-balloon.h
index 35f62ac..5c8730e 100644
--- a/include/hw/virtio/virtio-balloon.h
+++ b/include/hw/virtio/virtio-balloon.h
@@ -36,7 +36,8 @@ typedef struct VirtIOBalloon {
  VirtQueue *ivq, *dvq, *svq;
  uint32_t num_pages;
  uint32_t actual;
-uint64_t stats[VIRTIO_BALLOON_S_NR];
+VirtIOBalloonStatModern stats[VIRTIO_BALLOON_S_NR + 32];
+uint16_t stats_cnt;
  VirtQueueElement *stats_vq_elem;
  size_t stats_vq_offset;
  QEMUTimer *stats_timer;
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index e97d403..64367ac 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -66,8 +66,7 @@ static const char *balloon_stat_names[] = {
   */
  static inline void reset_stats(VirtIOBalloon *dev)
  {
-int i;
-for (i = 0; i < VIRTIO_BALLOON_S_NR; dev->stats[i++] = -1);
+dev->stats_cnt = 0;
  }
  
  static bool balloon_stats_supported(const VirtIOBalloon *s)

@@ -133,12 +132,22 @@ static void balloon_stats_get_all(Object *obj, Visitor 
*v, const char *name,
  if (err) {
  goto out_end;
  }
-for (i = 0; i < VIRTIO_BALLOON_S_NR; i++) {
-visit_type_uint64(v, balloon_stat_names[i], >stats[i], );
+for (i = 0; i < s->stats_cnt; i++) {
+if (s->stats[i].tag < VIRTIO_BALLOON_S_NR) {
+visit_type_uint64(v, balloon_stat_names[s->stats[i].tag],
+  >stats[i].val, );
+} else {
+#if defined(CONFIG_UNKNOWN_BALLOON_STATS)
+gchar *str = g_strdup_printf("x-stat-%04x", s->stats[i].tag);
+visit_type_uint64(v, str, >stats[i].val, );
+g_free(str);
+#endif
+}
  if (err) {
  break;
  }
  }
+
  error_propagate(errp, err);
  err = NULL;
  visit_end_struct(v, );
@@ -282,10 

[Qemu-devel] [PATCH 09/49] target-lm32: make cpu-qom.h not target specific

[Paolo Bonzini]

Make LM32CPU an opaque type within cpu-qom.h, and move all definitions of
private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-lm32/cpu-qom.h | 41 +
 target-lm32/cpu.h | 44 ++--
 2 files changed, 43 insertions(+), 42 deletions(-)

diff --git a/target-lm32/cpu-qom.h b/target-lm32/cpu-qom.h
index 54989e4..b423d25 100644
--- a/target-lm32/cpu-qom.h
+++ b/target-lm32/cpu-qom.h
@@ -47,45 +47,6 @@ typedef struct LM32CPUClass {
 void (*parent_reset)(CPUState *cpu);
 } LM32CPUClass;
 
-/**
- * LM32CPU:
- * @env: #CPULM32State
- *
- * A LatticeMico32 CPU.
- */
-typedef struct LM32CPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPULM32State env;
-
-uint32_t revision;
-uint8_t num_interrupts;
-uint8_t num_breakpoints;
-uint8_t num_watchpoints;
-uint32_t features;
-} LM32CPU;
-
-static inline LM32CPU *lm32_env_get_cpu(CPULM32State *env)
-{
-return container_of(env, LM32CPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(lm32_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(LM32CPU, env)
-
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_lm32_cpu;
-#endif
-
-void lm32_cpu_do_interrupt(CPUState *cpu);
-bool lm32_cpu_exec_interrupt(CPUState *cs, int int_req);
-void lm32_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
- int flags);
-hwaddr lm32_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int lm32_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int lm32_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+typedef struct LM32CPU LM32CPU;
 
 #endif
diff --git a/target-lm32/cpu.h b/target-lm32/cpu.h
index f220fc0..22ffa68 100644
--- a/target-lm32/cpu.h
+++ b/target-lm32/cpu.h
@@ -25,6 +25,7 @@
 #define CPUArchState struct CPULM32State
 
 #include "qemu-common.h"
+#include "cpu-qom.h"
 #include "exec/cpu-defs.h"
 struct CPULM32State;
 typedef struct CPULM32State CPULM32State;
@@ -180,6 +181,47 @@ struct CPULM32State {
 
 };
 
+/**
+ * LM32CPU:
+ * @env: #CPULM32State
+ *
+ * A LatticeMico32 CPU.
+ */
+struct LM32CPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPULM32State env;
+
+uint32_t revision;
+uint8_t num_interrupts;
+uint8_t num_breakpoints;
+uint8_t num_watchpoints;
+uint32_t features;
+};
+
+static inline LM32CPU *lm32_env_get_cpu(CPULM32State *env)
+{
+return container_of(env, LM32CPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(lm32_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(LM32CPU, env)
+
+#ifndef CONFIG_USER_ONLY
+extern const struct VMStateDescription vmstate_lm32_cpu;
+#endif
+
+void lm32_cpu_do_interrupt(CPUState *cpu);
+bool lm32_cpu_exec_interrupt(CPUState *cs, int int_req);
+void lm32_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
+ int flags);
+hwaddr lm32_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+int lm32_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int lm32_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+
 typedef enum {
 LM32_WP_DISABLED = 0,
 LM32_WP_READ,
@@ -193,8 +235,6 @@ static inline lm32_wp_t lm32_wp_type(uint32_t dc, int idx)
 return (dc >> (idx+1)*2) & 0x3;
 }
 
-#include "cpu-qom.h"
-
 LM32CPU *cpu_lm32_init(const char *cpu_model);
 int cpu_lm32_exec(CPUState *cpu);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
-- 
1.8.3.1

[Qemu-devel] [PATCH 38/49] qemu-common: stop including qemu/host-utils.h from qemu-common.h

[Paolo Bonzini]

Move it to the actual users.  There are some inclusions of
qemu/host-utils.h in headers, but they are all necessary.

Signed-off-by: Paolo Bonzini 
---
 audio/noaudio.c | 1 +
 audio/wavaudio.c| 2 +-
 contrib/ivshmem-server/ivshmem-server.c | 1 +
 hw/acpi/core.c  | 6 ++
 hw/bt/sdp.c | 1 +
 hw/display/tc6393xb.c   | 1 +
 include/exec/cpu-defs.h | 1 +
 include/hw/acpi/acpi.h  | 7 ---
 include/qemu-common.h   | 1 -
 include/qemu/timer.h| 1 -
 page_cache.c| 1 +
 slirp/slirp.h   | 1 +
 stubs/slirp.c   | 1 +
 tests/libqos/malloc.c   | 1 +
 util/buffer.c   | 1 +
 15 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/audio/noaudio.c b/audio/noaudio.c
index 09588b9..fb11828 100644
--- a/audio/noaudio.c
+++ b/audio/noaudio.c
@@ -23,6 +23,7 @@
  */
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "qemu/host-utils.h"
 #include "audio.h"
 #include "qemu/timer.h"
 
diff --git a/audio/wavaudio.c b/audio/wavaudio.c
index 343b1a1..2b0b688 100644
--- a/audio/wavaudio.c
+++ b/audio/wavaudio.c
@@ -22,7 +22,7 @@
  * THE SOFTWARE.
  */
 #include "qemu/osdep.h"
-#include "hw/hw.h"
+#include "qemu/host-utils.h"
 #include "qemu/timer.h"
 #include "audio.h"
 
diff --git a/contrib/ivshmem-server/ivshmem-server.c 
b/contrib/ivshmem-server/ivshmem-server.c
index bfd0fad..5731c20 100644
--- a/contrib/ivshmem-server/ivshmem-server.c
+++ b/contrib/ivshmem-server/ivshmem-server.c
@@ -7,6 +7,7 @@
  */
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "qemu/host-utils.h"
 #include "qemu/sockets.h"
 
 #include 
diff --git a/hw/acpi/core.c b/hw/acpi/core.c
index 3d9e5c4..26c8cd8 100644
--- a/hw/acpi/core.c
+++ b/hw/acpi/core.c
@@ -491,6 +491,12 @@ void acpi_pm_tmr_update(ACPIREGS *ar, bool enable)
 }
 }
 
+static inline int64_t acpi_pm_tmr_get_clock(void)
+{
+return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), PM_TIMER_FREQUENCY,
+get_ticks_per_sec());
+}
+
 void acpi_pm_tmr_calc_overflow_time(ACPIREGS *ar)
 {
 int64_t d = acpi_pm_tmr_get_clock();
diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c
index be26009..f67b3b8 100644
--- a/hw/bt/sdp.c
+++ b/hw/bt/sdp.c
@@ -19,6 +19,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "qemu/host-utils.h"
 #include "hw/bt.h"
 
 struct bt_l2cap_sdp_state_s {
diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c
index da3cece..92f7120 100644
--- a/hw/display/tc6393xb.c
+++ b/hw/display/tc6393xb.c
@@ -12,6 +12,7 @@
  */
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qemu/host-utils.h"
 #include "hw/hw.h"
 #include "hw/devices.h"
 #include "hw/block/flash.h"
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 854e7e3..5f4e303 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -23,6 +23,7 @@
 #error cpu.h included from common code
 #endif
 
+#include "qemu/host-utils.h"
 #include "qemu/queue.h"
 #include "tcg-target.h"
 #ifndef CONFIG_USER_ONLY
diff --git a/include/hw/acpi/acpi.h b/include/hw/acpi/acpi.h
index 443687d..dc6ee00 100644
--- a/include/hw/acpi/acpi.h
+++ b/include/hw/acpi/acpi.h
@@ -150,13 +150,6 @@ void acpi_pm_tmr_init(ACPIREGS *ar, acpi_update_sci_fn 
update_sci,
   MemoryRegion *parent);
 void acpi_pm_tmr_reset(ACPIREGS *ar);
 
-#include "qemu/timer.h"
-static inline int64_t acpi_pm_tmr_get_clock(void)
-{
-return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), PM_TIMER_FREQUENCY,
-get_ticks_per_sec());
-}
-
 /* PM1a_EVT: piix and ich9 don't implement PM1b. */
 uint16_t acpi_pm1_evt_get_sts(ACPIREGS *ar);
 void acpi_pm1_evt_power_down(ACPIREGS *ar);
diff --git a/include/qemu-common.h b/include/qemu-common.h
index 24823be..6e2da3e 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -21,7 +21,6 @@
 #define TFR(expr) do { if ((expr) != -1) break; } while (errno == EINTR)
 
 #include "qemu/option.h"
-#include "qemu/host-utils.h"
 
 /* FIXME: Remove NEED_CPU_H.  */
 #ifdef NEED_CPU_H
diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index c37f74d..392aa34 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -3,7 +3,6 @@
 
 #include "qemu-common.h"
 #include "qemu/notify.h"
-#include "qemu/host-utils.h"
 #include "sysemu/cpus.h"
 
 #define NANOSECONDS_PER_SECOND 10LL
diff --git a/page_cache.c b/page_cache.c
index cb8a69e..37a66e4 100644
--- a/page_cache.c
+++ b/page_cache.c
@@ -16,6 +16,7 @@
 #include 
 
 #include "qemu-common.h"
+#include "qemu/host-utils.h"
 #include "migration/page_cache.h"
 
 #ifdef DEBUG_CACHE
diff --git a/slirp/slirp.h b/slirp/slirp.h
index a6741e7..077a80a 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -1,6 +1,7 @@
 #ifndef __COMMON_H__
 

[Qemu-devel] [PATCH 48/49] hw: remove pio_addr_t

[Paolo Bonzini]

Using uint32_t is enough and avoids the need to include ioport.h everywhere.

Signed-off-by: Paolo Bonzini 
---
 hw/core/sysbus.c  |  4 ++--
 include/exec/ioport.h | 15 ++-
 include/hw/sysbus.h   |  4 ++--
 ioport.c  | 12 ++--
 xen-hvm.c |  8 
 5 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index a7dbe2b..c0f560b 100644
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -190,9 +190,9 @@ MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int 
n)
 return dev->mmio[n].memory;
 }
 
-void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t size)
+void sysbus_init_ioports(SysBusDevice *dev, uint32_t ioport, uint32_t size)
 {
-pio_addr_t i;
+uint32_t i;
 
 for (i = 0; i < size; i++) {
 assert(dev->num_pio < QDEV_MAX_PIO);
diff --git a/include/exec/ioport.h b/include/exec/ioport.h
index 3bd6722..6a9639c 100644
--- a/include/exec/ioport.h
+++ b/include/exec/ioport.h
@@ -28,9 +28,6 @@
 #include "qom/object.h"
 #include "exec/memory.h"
 
-typedef uint32_t pio_addr_t;
-#define FMT_pioaddr PRIx32
-
 #define MAX_IOPORTS (64 * 1024)
 #define IOPORTS_MASK(MAX_IOPORTS - 1)
 
@@ -49,12 +46,12 @@ typedef struct MemoryRegionPortio {
 extern const MemoryRegionOps unassigned_io_ops;
 #endif
 
-void cpu_outb(pio_addr_t addr, uint8_t val);
-void cpu_outw(pio_addr_t addr, uint16_t val);
-void cpu_outl(pio_addr_t addr, uint32_t val);
-uint8_t cpu_inb(pio_addr_t addr);
-uint16_t cpu_inw(pio_addr_t addr);
-uint32_t cpu_inl(pio_addr_t addr);
+void cpu_outb(uint32_t addr, uint8_t val);
+void cpu_outw(uint32_t addr, uint16_t val);
+void cpu_outl(uint32_t addr, uint32_t val);
+uint8_t cpu_inb(uint32_t addr);
+uint16_t cpu_inw(uint32_t addr);
+uint32_t cpu_inl(uint32_t addr);
 
 typedef struct PortioList {
 const struct MemoryRegionPortio *ports;
diff --git a/include/hw/sysbus.h b/include/hw/sysbus.h
index cc1dba4..a495937 100644
--- a/include/hw/sysbus.h
+++ b/include/hw/sysbus.h
@@ -72,7 +72,7 @@ struct SysBusDevice {
 MemoryRegion *memory;
 } mmio[QDEV_MAX_MMIO];
 int num_pio;
-pio_addr_t pio[QDEV_MAX_PIO];
+uint32_t pio[QDEV_MAX_PIO];
 };
 
 typedef int FindSysbusDeviceFunc(SysBusDevice *sbdev, void *opaque);
@@ -81,7 +81,7 @@ void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion 
*memory);
 MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n);
 void sysbus_init_irq(SysBusDevice *dev, qemu_irq *p);
 void sysbus_pass_irq(SysBusDevice *dev, SysBusDevice *target);
-void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t 
size);
+void sysbus_init_ioports(SysBusDevice *dev, uint32_t ioport, uint32_t size);
 
 
 bool sysbus_has_irq(SysBusDevice *dev, int n);
diff --git a/ioport.c b/ioport.c
index 901a997..94e08ab 100644
--- a/ioport.c
+++ b/ioport.c
@@ -55,14 +55,14 @@ const MemoryRegionOps unassigned_io_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-void cpu_outb(pio_addr_t addr, uint8_t val)
+void cpu_outb(uint32_t addr, uint8_t val)
 {
 trace_cpu_out(addr, 'b', val);
 address_space_write(_space_io, addr, MEMTXATTRS_UNSPECIFIED,
 , 1);
 }
 
-void cpu_outw(pio_addr_t addr, uint16_t val)
+void cpu_outw(uint32_t addr, uint16_t val)
 {
 uint8_t buf[2];
 
@@ -72,7 +72,7 @@ void cpu_outw(pio_addr_t addr, uint16_t val)
 buf, 2);
 }
 
-void cpu_outl(pio_addr_t addr, uint32_t val)
+void cpu_outl(uint32_t addr, uint32_t val)
 {
 uint8_t buf[4];
 
@@ -82,7 +82,7 @@ void cpu_outl(pio_addr_t addr, uint32_t val)
 buf, 4);
 }
 
-uint8_t cpu_inb(pio_addr_t addr)
+uint8_t cpu_inb(uint32_t addr)
 {
 uint8_t val;
 
@@ -92,7 +92,7 @@ uint8_t cpu_inb(pio_addr_t addr)
 return val;
 }
 
-uint16_t cpu_inw(pio_addr_t addr)
+uint16_t cpu_inw(uint32_t addr)
 {
 uint8_t buf[2];
 uint16_t val;
@@ -103,7 +103,7 @@ uint16_t cpu_inw(pio_addr_t addr)
 return val;
 }
 
-uint32_t cpu_inl(pio_addr_t addr)
+uint32_t cpu_inl(uint32_t addr)
 {
 uint8_t buf[4];
 uint32_t val;
diff --git a/xen-hvm.c b/xen-hvm.c
index 039680a..76dd76f 100644
--- a/xen-hvm.c
+++ b/xen-hvm.c
@@ -725,7 +725,7 @@ static ioreq_t *cpu_get_ioreq(XenIOState *state)
 return NULL;
 }
 
-static uint32_t do_inp(pio_addr_t addr, unsigned long size)
+static uint32_t do_inp(uint32_t addr, unsigned long size)
 {
 switch (size) {
 case 1:
@@ -735,11 +735,11 @@ static uint32_t do_inp(pio_addr_t addr, unsigned long 
size)
 case 4:
 return cpu_inl(addr);
 default:
-hw_error("inp: bad size: %04"FMT_pioaddr" %lx", addr, size);
+hw_error("inp: bad size: %04x %lx", addr, size);
 }
 }
 
-static void do_outp(pio_addr_t addr,
+static void do_outp(uint32_t addr,
 unsigned long size, uint32_t val)
 {
 switch (size) {
@@ -750,7 +750,7 @@ static void do_outp(pio_addr_t addr,

[Qemu-devel] [PATCH 37/49] qemu-common: stop including qemu/bswap.h from qemu-common.h

[Paolo Bonzini]

Move it to the actual users.  There are still a few includes of
qemu/bswap.h in headers; removing them is left for future work.

Signed-off-by: Paolo Bonzini 
---
 audio/mixeng.c | 1 +
 block/bochs.c  | 1 +
 block/cloop.c  | 1 +
 block/parallels.c  | 1 +
 block/qcow.c   | 1 +
 block/qcow2-cluster.c  | 1 +
 block/qcow2-refcount.c | 1 +
 block/qcow2-snapshot.c | 1 +
 block/qcow2.c  | 1 +
 block/qed-table.c  | 1 +
 block/qed.c| 1 +
 block/vdi.c| 1 +
 block/vhdx-endian.c| 1 +
 block/vhdx-log.c   | 1 +
 block/vhdx.c   | 1 +
 block/vmdk.c   | 1 +
 block/vpc.c| 1 +
 block/vvfat.c  | 1 +
 device_tree.c  | 1 +
 hw/arm/nseries.c   | 1 +
 hw/block/hd-geometry.c | 1 +
 hw/bt/hci-csr.c| 1 +
 hw/bt/l2cap.c  | 1 +
 include/qemu-common.h  | 2 --
 io/channel-websock.c   | 1 +
 nbd/nbd-internal.h | 1 +
 qemu-nbd.c | 1 +
 tests/ide-test.c   | 1 +
 ui/vnc-ws.c| 1 +
 29 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/audio/mixeng.c b/audio/mixeng.c
index 981b97a..b4b3a4a 100644
--- a/audio/mixeng.c
+++ b/audio/mixeng.c
@@ -24,6 +24,7 @@
  */
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "qemu/bswap.h"
 #include "audio.h"
 
 #define AUDIO_CAP "mixeng"
diff --git a/block/bochs.c b/block/bochs.c
index af8b7ab..42d7c33 100644
--- a/block/bochs.c
+++ b/block/bochs.c
@@ -27,6 +27,7 @@
 #include "qemu-common.h"
 #include "block/block_int.h"
 #include "qemu/module.h"
+#include "qemu/bswap.h"
 
 /**/
 
diff --git a/block/cloop.c b/block/cloop.c
index a84f140..f5d3123 100644
--- a/block/cloop.c
+++ b/block/cloop.c
@@ -26,6 +26,7 @@
 #include "qemu-common.h"
 #include "block/block_int.h"
 #include "qemu/module.h"
+#include "qemu/bswap.h"
 #include 
 
 /* Maximum compressed block size */
diff --git a/block/parallels.c b/block/parallels.c
index dfba8d4..0e7e799 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -32,6 +32,7 @@
 #include "qemu-common.h"
 #include "block/block_int.h"
 #include "qemu/module.h"
+#include "qemu/bswap.h"
 #include "qemu/bitmap.h"
 #include "qapi/util.h"
 
diff --git a/block/qcow.c b/block/qcow.c
index 4485819..b4e2c09 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -26,6 +26,7 @@
 #include "qemu-common.h"
 #include "block/block_int.h"
 #include "qemu/module.h"
+#include "qemu/bswap.h"
 #include 
 #include "qapi/qmp/qerror.h"
 #include "crypto/cipher.h"
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 31ecc10..892e0fb 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -29,6 +29,7 @@
 #include "qemu-common.h"
 #include "block/block_int.h"
 #include "block/qcow2.h"
+#include "qemu/bswap.h"
 #include "trace.h"
 
 int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size,
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index ca6094f..7fa972a 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -28,6 +28,7 @@
 #include "block/block_int.h"
 #include "block/qcow2.h"
 #include "qemu/range.h"
+#include "qemu/bswap.h"
 
 static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size);
 static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs,
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 269acc2..8720f56 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -27,6 +27,7 @@
 #include "qemu-common.h"
 #include "block/block_int.h"
 #include "block/qcow2.h"
+#include "qemu/bswap.h"
 #include "qemu/error-report.h"
 
 void qcow2_free_snapshots(BlockDriverState *bs)
diff --git a/block/qcow2.c b/block/qcow2.c
index 8babecd..56781af 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -35,6 +35,7 @@
 #include "qapi-event.h"
 #include "trace.h"
 #include "qemu/option_int.h"
+#include "qemu/bswap.h"
 
 /*
   Differences with QCOW:
diff --git a/block/qed-table.c b/block/qed-table.c
index 802945f..c841ad1 100644
--- a/block/qed-table.c
+++ b/block/qed-table.c
@@ -16,6 +16,7 @@
 #include "trace.h"
 #include "qemu/sockets.h" /* for EINPROGRESS on Windows */
 #include "qed.h"
+#include "qemu/bswap.h"
 
 typedef struct {
 GenericCB gencb;
diff --git a/block/qed.c b/block/qed.c
index 3679a32..9b97c2c 100644
--- a/block/qed.c
+++ b/block/qed.c
@@ -15,6 +15,7 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu/timer.h"
+#include "qemu/bswap.h"
 #include "trace.h"
 #include "qed.h"
 #include "qapi/qmp/qerror.h"
diff --git a/block/vdi.c b/block/vdi.c
index 8b791f4..000fc43 100644
--- a/block/vdi.c
+++ b/block/vdi.c
@@ -54,6 +54,7 @@
 #include "qemu-common.h"
 #include "block/block_int.h"
 #include "qemu/module.h"
+#include "qemu/bswap.h"
 #include "migration/migration.h"
 #include "qemu/coroutine.h"
 
diff --git a/block/vhdx-endian.c b/block/vhdx-endian.c
index da33cd3..c306b90 100644
--- a/block/vhdx-endian.c
+++ 

Re: [Qemu-devel] [PULL 0/3] Monitor patches for 2016-03-16

[Peter Maydell]

On 16 March 2016 at 09:54, Markus Armbruster  wrote:
> The following changes since commit a6cdb77f816961f929d7934643febd2852230135:
>
>   Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into 
> staging (2016-03-15 17:09:52 +)
>
> are available in the git repository at:
>
>   git://repo.or.cz/qemu/armbru.git tags/pull-monitor-2016-03-16
>
> for you to fetch changes up to 588c36cac7a658758b3e0b60bfd62ebc2e4045c6:
>
>   qdev-monitor: add missing aliases for virtio device classes (2016-03-16 
> 10:13:10 +0100)
>
> 
> Monitor patches for 2016-03-16

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH 40/49] dma: do not depend on kvm_enabled()

[Paolo Bonzini]

Memory barriers are needed also by Xen and, when the ioeventfd
bugs are fixed, by TCG as well.

sysemu/kvm.h is not anymore needed in sysemu/dma.h, move it to
the actual users.

Signed-off-by: Paolo Bonzini 
---
 hw/intc/arm_gicv2m.c | 1 +
 hw/ppc/e500plat.c| 1 +
 hw/ppc/spapr_hcall.c | 1 +
 hw/ppc/spapr_rtas.c  | 1 +
 include/sysemu/dma.h | 5 +
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/hw/intc/arm_gicv2m.c b/hw/intc/arm_gicv2m.c
index 3e35915..e0003ba 100644
--- a/hw/intc/arm_gicv2m.c
+++ b/hw/intc/arm_gicv2m.c
@@ -29,6 +29,7 @@
 #include "qapi/error.h"
 #include "hw/sysbus.h"
 #include "hw/pci/msi.h"
+#include "sysemu/kvm.h"
 
 #define TYPE_ARM_GICV2M "arm-gicv2m"
 #define ARM_GICV2M(obj) OBJECT_CHECK(ARMGICv2mState, (obj), TYPE_ARM_GICV2M)
diff --git a/hw/ppc/e500plat.c b/hw/ppc/e500plat.c
index b00565c..94b4545 100644
--- a/hw/ppc/e500plat.c
+++ b/hw/ppc/e500plat.c
@@ -14,6 +14,7 @@
 #include "e500.h"
 #include "hw/boards.h"
 #include "sysemu/device_tree.h"
+#include "sysemu/kvm.h"
 #include "hw/pci/pci.h"
 #include "hw/ppc/openpic.h"
 #include "kvm_ppc.h"
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index fb448fb..8dd170f 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -7,6 +7,7 @@
 #include "mmu-hash64.h"
 #include "cpu-models.h"
 #include "trace.h"
+#include "sysemu/kvm.h"
 #include "kvm_ppc.h"
 
 struct SPRSyncState {
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index b7c5ebd..9490751 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -31,6 +31,7 @@
 #include "hw/qdev.h"
 #include "sysemu/device_tree.h"
 #include "sysemu/cpus.h"
+#include "sysemu/kvm.h"
 
 #include "hw/ppc/spapr.h"
 #include "hw/ppc/spapr_vio.h"
diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h
index b0fbb9b..8a06f7a 100644
--- a/include/sysemu/dma.h
+++ b/include/sysemu/dma.h
@@ -15,7 +15,6 @@
 #include "hw/hw.h"
 #include "block/block.h"
 #include "block/accounting.h"
-#include "sysemu/kvm.h"
 
 typedef struct ScatterGatherEntry ScatterGatherEntry;
 
@@ -67,9 +66,7 @@ static inline void dma_barrier(AddressSpace *as, DMADirection 
dir)
  * use lighter barriers based on the direction of the
  * transfer, the DMA context, etc...
  */
-if (kvm_enabled()) {
-smp_mb();
-}
+smp_mb();
 }
 
 /* Checks that the given range of addresses is valid for DMA.  This is
-- 
1.8.3.1

[Qemu-devel] [PATCH 39/49] gdbstub: remove includes from gdbstub-xml.c

[Paolo Bonzini]

gdbstub-xml.c defines a bunch of arrays of strings; there is no
need to include anything.

Signed-off-by: Paolo Bonzini 
---
 scripts/feature_to_c.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/scripts/feature_to_c.sh b/scripts/feature_to_c.sh
index fb1f336..0994d95 100644
--- a/scripts/feature_to_c.sh
+++ b/scripts/feature_to_c.sh
@@ -36,9 +36,6 @@ for input; do
   arrayname=xml_feature_`echo $input | sed 's,.*/,,; s/[-.]/_/g'`
 
   ${AWK:-awk} 'BEGIN { n = 0
-  printf "#include \"qemu/osdep.h\"\n"
-  printf "#include \"qemu-common.h\"\n"
-  printf "#include \"exec/gdbstub.h\"\n"
   print "static const char '$arrayname'[] = {"
   for (i = 0; i < 255; i++)
 _ord_[sprintf("%c", i)] = i
-- 
1.8.3.1

[Qemu-devel] [PATCH 35/49] hw: cannot include hw/hw.h from user emulation

[Paolo Bonzini]

All qdev definitions are available from other headers, user-mode
emulation does not need hw/hw.h.

By considering system emulation only, it is simpler to disentangle
hw/hw.h from NEED_CPU_H.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 21 +++--
 include/hw/hw.h|  5 +++--
 include/hw/ppc/openpic.h   |  2 +-
 kvm-stub.c |  1 -
 target-i386/cpu.c  |  2 +-
 target-s390x/cpu.c |  3 ++-
 target-s390x/mem_helper.c  |  3 +++
 target-s390x/misc_helper.c |  2 +-
 8 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/exec.c b/exec.c
index f0d1667..10408f2 100644
--- a/exec.c
+++ b/exec.c
@@ -25,23 +25,23 @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "tcg.h"
-#include "hw/hw.h"
+#include "hw/qdev-core.h"
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/boards.h"
 #endif
-#include "hw/qdev.h"
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
 #include "hw/xen/xen.h"
 #include "qemu/timer.h"
 #include "qemu/config-file.h"
 #include "qemu/error-report.h"
-#include "exec/memory.h"
-#include "sysemu/dma.h"
-#include "exec/address-spaces.h"
 #if defined(CONFIG_USER_ONLY)
 #include 
 #else /* !CONFIG_USER_ONLY */
+#include "hw/hw.h"
+#include "exec/memory.h"
+#include "sysemu/dma.h"
+#include "exec/address-spaces.h"
 #include "sysemu/xen-mapcache.h"
 #include "trace.h"
 #endif
@@ -641,7 +641,6 @@ void cpu_exec_exit(CPUState *cpu)
 void cpu_exec_init(CPUState *cpu, Error **errp)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
-int cpu_index;
 Error *local_err = NULL;
 
 cpu->as = NULL;
@@ -668,7 +667,7 @@ void cpu_exec_init(CPUState *cpu, Error **errp)
 #if defined(CONFIG_USER_ONLY)
 cpu_list_lock();
 #endif
-cpu_index = cpu->cpu_index = cpu_get_free_index(_err);
+cpu->cpu_index = cpu_get_free_index(_err);
 if (local_err) {
 error_propagate(errp, local_err);
 #if defined(CONFIG_USER_ONLY)
@@ -678,14 +677,16 @@ void cpu_exec_init(CPUState *cpu, Error **errp)
 }
 QTAILQ_INSERT_TAIL(, cpu, node);
 #if defined(CONFIG_USER_ONLY)
+(void) cc;
 cpu_list_unlock();
-#endif
+#else
 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
-vmstate_register(NULL, cpu_index, _cpu_common, cpu);
+vmstate_register(NULL, cpu->cpu_index, _cpu_common, cpu);
 }
 if (cc->vmsd != NULL) {
-vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
+vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
 }
+#endif
 }
 
 #if defined(CONFIG_USER_ONLY)
diff --git a/include/hw/hw.h b/include/hw/hw.h
index 0456fc3..29931d1 100644
--- a/include/hw/hw.h
+++ b/include/hw/hw.h
@@ -3,10 +3,11 @@
 #define QEMU_HW_H
 
 
-#if !defined(CONFIG_USER_ONLY) && !defined(NEED_CPU_H)
-#include "exec/cpu-common.h"
+#ifdef CONFIG_USER_ONLY
+#error Cannot include hw/hw.h from user emulation
 #endif
 
+#include "exec/cpu-common.h"
 #include "exec/ioport.h"
 #include "hw/irq.h"
 #include "block/aio.h"
diff --git a/include/hw/ppc/openpic.h b/include/hw/ppc/openpic.h
index 1cf188d..afe950b 100644
--- a/include/hw/ppc/openpic.h
+++ b/include/hw/ppc/openpic.h
@@ -2,7 +2,7 @@
 #define __OPENPIC_H__
 
 #include "qemu-common.h"
-#include "hw/qdev.h"
+#include "hw/qdev-core.h"
 #include "qom/cpu.h"
 
 #define TYPE_OPENPIC "openpic"
diff --git a/kvm-stub.c b/kvm-stub.c
index b962b24..63735a8 100644
--- a/kvm-stub.c
+++ b/kvm-stub.c
@@ -12,7 +12,6 @@
 
 #include "qemu/osdep.h"
 #include "qemu-common.h"
-#include "hw/hw.h"
 #include "cpu.h"
 #include "sysemu/kvm.h"
 
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 0f38d1e..30bf437 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -33,7 +33,6 @@
 #include "qapi/visitor.h"
 #include "sysemu/arch_init.h"
 
-#include "hw/hw.h"
 #if defined(CONFIG_KVM)
 #include 
 #endif
@@ -42,6 +41,7 @@
 #include "hw/qdev-properties.h"
 #ifndef CONFIG_USER_ONLY
 #include "exec/address-spaces.h"
+#include "hw/hw.h"
 #include "hw/xen/xen.h"
 #include "hw/i386/apic_internal.h"
 #endif
diff --git a/target-s390x/cpu.c b/target-s390x/cpu.c
index 9746b1d..2d491fb 100644
--- a/target-s390x/cpu.c
+++ b/target-s390x/cpu.c
@@ -29,10 +29,11 @@
 #include "qemu-common.h"
 #include "qemu/timer.h"
 #include "qemu/error-report.h"
-#include "hw/hw.h"
 #include "trace.h"
 #include "qapi/visitor.h"
+#include "migration/vmstate.h"
 #ifndef CONFIG_USER_ONLY
+#include "hw/hw.h"
 #include "sysemu/arch_init.h"
 #include "sysemu/sysemu.h"
 #include "hw/s390x/sclp.h"
diff --git a/target-s390x/mem_helper.c b/target-s390x/mem_helper.c
index 7078622..9d206a9 100644
--- a/target-s390x/mem_helper.c
+++ b/target-s390x/mem_helper.c
@@ -22,7 +22,10 @@
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "exec/cpu_ldst.h"
+
+#if !defined(CONFIG_USER_ONLY)
 #include "hw/s390x/storage-keys.h"
+#endif
 
 /*/
 /* Softmmu support */
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_helper.c
index 

Re: [Qemu-devel] [PATCH V1 0/2] Versioning ARM virt machine types

[Peter Maydell]

On 11 March 2016 at 17:36, Wei Huang  wrote:
> We start to see more features been added to ARM virtual machine models.
> For the purpose of backward compatibility (e.g. migration), it is time
> to consider versioning machine types for ARM VMs. As a beginning step, this
> patchset defines an abstract machine type for ARM VMs. The current
> "virt" machine is re-written based on this new abstract type accordingly.
> These patches have been verified by booting existing VMs.
>
> RFC->V1:
>  * Rename the machine type to "virt-2.6", matching the imminent QEMU version
>  * Remove mc->is_default (Peter's comment)



Applied to target-arm.next, thanks.

-- PMM

[Qemu-devel] [PATCH 49/49] hw: clean up hw/hw.h includes

[Paolo Bonzini]

Include qom/object.h and exec/memory.h instead of exec/ioport.h;
exec/ioport.h was almost everywhere required only for those two
includes, not for the content of the header itself.

Remove block/aio.h, everybody is already including it through
another path.

With this change, include/hw/hw.h is freed from qemu-common.h.

Signed-off-by: Paolo Bonzini 
---
 exec.c| 1 +
 include/exec/ioport.h | 4 
 include/hw/hw.h   | 4 ++--
 include/hw/isa/isa.h  | 2 +-
 4 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/exec.c b/exec.c
index b8493d8..798219e 100644
--- a/exec.c
+++ b/exec.c
@@ -41,6 +41,7 @@
 #else /* !CONFIG_USER_ONLY */
 #include "hw/hw.h"
 #include "exec/memory.h"
+#include "exec/ioport.h"
 #include "sysemu/dma.h"
 #include "exec/address-spaces.h"
 #include "sysemu/xen-mapcache.h"
diff --git a/include/exec/ioport.h b/include/exec/ioport.h
index 6a9639c..a298b89 100644
--- a/include/exec/ioport.h
+++ b/include/exec/ioport.h
@@ -24,10 +24,6 @@
 #ifndef IOPORT_H
 #define IOPORT_H
 
-#include "qemu-common.h"
-#include "qom/object.h"
-#include "exec/memory.h"
-
 #define MAX_IOPORTS (64 * 1024)
 #define IOPORTS_MASK(MAX_IOPORTS - 1)
 
diff --git a/include/hw/hw.h b/include/hw/hw.h
index 029b1e8..3669ebd 100644
--- a/include/hw/hw.h
+++ b/include/hw/hw.h
@@ -7,9 +7,9 @@
 #endif
 
 #include "exec/cpu-common.h"
-#include "exec/ioport.h"
+#include "qom/object.h"
+#include "exec/memory.h"
 #include "hw/irq.h"
-#include "block/aio.h"
 #include "migration/vmstate.h"
 #include "qemu/module.h"
 
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index ffb2ea7..c87fbad 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -3,8 +3,8 @@
 
 /* ISA bus */
 
-#include "exec/ioport.h"
 #include "exec/memory.h"
+#include "exec/ioport.h"
 #include "hw/qdev.h"
 
 #define ISA_NUM_IRQS 16
-- 
1.8.3.1

[Qemu-devel] [PATCH 36/49] cpu: move endian-dependent load/store functions to cpu-all.h

[Paolo Bonzini]

Disentangle cpu-common.h and memory.h from NEED_CPU_H.  Prototypes are
not defined for !NEED_CPU_H, so remove them from poison.h too.  Only
macros need poisoning.

Signed-off-by: Paolo Bonzini 
---
 include/exec/cpu-all.h| 25 +
 include/exec/cpu-common.h | 10 --
 include/exec/memory.h | 17 -
 include/exec/poison.h |  8 
 4 files changed, 25 insertions(+), 35 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index 08e5093..3911576 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -165,6 +165,31 @@ extern unsigned long reserved_va;
 
 #define GUEST_ADDR_MAX (reserved_va ? reserved_va : \
 (1ul << TARGET_VIRT_ADDR_SPACE_BITS) - 1)
+#else
+
+#include "exec/hwaddr.h"
+uint32_t lduw_phys(AddressSpace *as, hwaddr addr);
+uint32_t ldl_phys(AddressSpace *as, hwaddr addr);
+uint64_t ldq_phys(AddressSpace *as, hwaddr addr);
+void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val);
+void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val);
+void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val);
+void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val);
+
+uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
+MemTxAttrs attrs, MemTxResult *result);
+uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
+MemTxAttrs attrs, MemTxResult *result);
+uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
+MemTxAttrs attrs, MemTxResult *result);
+void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
+MemTxAttrs attrs, MemTxResult *result);
+void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
+MemTxAttrs attrs, MemTxResult *result);
+void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
+MemTxAttrs attrs, MemTxResult *result);
+void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
+MemTxAttrs attrs, MemTxResult *result);
 #endif
 
 /* page related stuff */
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 4f59034..04eade5 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -109,16 +109,6 @@ void stl_be_phys(AddressSpace *as, hwaddr addr, uint32_t 
val);
 void stq_le_phys(AddressSpace *as, hwaddr addr, uint64_t val);
 void stq_be_phys(AddressSpace *as, hwaddr addr, uint64_t val);
 
-#ifdef NEED_CPU_H
-uint32_t lduw_phys(AddressSpace *as, hwaddr addr);
-uint32_t ldl_phys(AddressSpace *as, hwaddr addr);
-uint64_t ldq_phys(AddressSpace *as, hwaddr addr);
-void stl_phys_notdirty(AddressSpace *as, hwaddr addr, uint32_t val);
-void stw_phys(AddressSpace *as, hwaddr addr, uint32_t val);
-void stl_phys(AddressSpace *as, hwaddr addr, uint32_t val);
-void stq_phys(AddressSpace *as, hwaddr addr, uint64_t val);
-#endif
-
 void cpu_physical_memory_write_rom(AddressSpace *as, hwaddr addr,
const uint8_t *buf, int len);
 void cpu_flush_icache_range(hwaddr start, int len);
diff --git a/include/exec/memory.h b/include/exec/memory.h
index e2a3e99..7fb9188 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -1292,23 +1292,6 @@ void address_space_stq_le(AddressSpace *as, hwaddr addr, 
uint64_t val,
 void address_space_stq_be(AddressSpace *as, hwaddr addr, uint64_t val,
 MemTxAttrs attrs, MemTxResult *result);
 
-#ifdef NEED_CPU_H
-uint32_t address_space_lduw(AddressSpace *as, hwaddr addr,
-MemTxAttrs attrs, MemTxResult *result);
-uint32_t address_space_ldl(AddressSpace *as, hwaddr addr,
-MemTxAttrs attrs, MemTxResult *result);
-uint64_t address_space_ldq(AddressSpace *as, hwaddr addr,
-MemTxAttrs attrs, MemTxResult *result);
-void address_space_stl_notdirty(AddressSpace *as, hwaddr addr, uint32_t val,
-MemTxAttrs attrs, MemTxResult *result);
-void address_space_stw(AddressSpace *as, hwaddr addr, uint32_t val,
-MemTxAttrs attrs, MemTxResult *result);
-void address_space_stl(AddressSpace *as, hwaddr addr, uint32_t val,
-MemTxAttrs attrs, MemTxResult *result);
-void address_space_stq(AddressSpace *as, hwaddr addr, uint64_t val,
-MemTxAttrs attrs, MemTxResult *result);
-#endif
-
 /* address_space_translate: translate an address range into an address space
  * into a MemoryRegion and an address range into that section.  Should be
  * called from an RCU critical section, to avoid that the last reference
diff --git a/include/exec/poison.h b/include/exec/poison.h
index a4b1eca..3ca7929 100644
--- a/include/exec/poison.h
+++ b/include/exec/poison.h
@@ -37,14 +37,6 @@
 
 #pragma GCC poison 

[Qemu-devel] [PATCH 30/49] explicitly include linux/kvm.h

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/i386/kvm/i8254.c  | 1 +
 hw/i386/kvm/pci-assign.c | 1 +
 hw/vfio/common.c | 3 +++
 3 files changed, 5 insertions(+)

diff --git a/hw/i386/kvm/i8254.c b/hw/i386/kvm/i8254.c
index a4462e5..734992e 100644
--- a/hw/i386/kvm/i8254.c
+++ b/hw/i386/kvm/i8254.c
@@ -29,6 +29,7 @@
 #include "hw/timer/i8254.h"
 #include "hw/timer/i8254_internal.h"
 #include "sysemu/kvm.h"
+#include "linux/kvm.h"
 
 #define KVM_PIT_REINJECT_BIT 0
 
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index bf425a2..db2cbd2 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -33,6 +33,7 @@
 #include "sysemu/sysemu.h"
 #include "hw/pci/pci.h"
 #include "hw/pci/msi.h"
+#include "linux/kvm.h"
 #include "kvm_i386.h"
 #include "hw/pci/pci-assign.h"
 
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 96ccb79..f8d6572 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -30,6 +30,9 @@
 #include "hw/hw.h"
 #include "qemu/error-report.h"
 #include "sysemu/kvm.h"
+#ifdef CONFIG_KVM
+#include "linux/kvm.h"
+#endif
 #include "trace.h"
 
 struct vfio_group_head vfio_group_list =
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH 1/4] block: Use drained section in bdrv_set_aio_context

[Fam Zheng]

On Wed, 03/16 11:27, Paolo Bonzini wrote:
> 
> 
> On 16/03/2016 11:10, Fam Zheng wrote:
> > An empty begin/end pair is almost the same as a bare bdrv_drain except
> > the aio_poll inside is wrapped by
> > aio_disable_external/aio_enable_external.
> > 
> > This is safer, and is the only way to achieve quiescence in this
> > aio_poll(), because bdrv_drained_begin/end pair cannot span across
> > context detach/attach options, so it's not possible to do by the caller.
> 
> I'm still not sure about this patch.
> 
> When starting dataplane, the ioeventfd is registered with iohandler.c so
> bdrv_drained_begin/end is not necessary.

You are right, and looks like the k->set_host_notifier() above
blk_set_aio_context would disable the fd anyway.

> 
> Likewise when stopping dataplane bdrv_set_aio_context is called after
> the thread has been stopped and thus the ioeventfd is not registered
> anymore as an external client.

Right.

Fam

[Qemu-devel] [PATCH 33/49] hw: do not use VMSTATE_*TL

[Paolo Bonzini]

Reserve this to CPU state serialization.

Luckily, they were only used by sPAPR devices and these are ppc64
only.  So there is no change to migration format.

Signed-off-by: Paolo Bonzini 
---
 hw/net/spapr_llan.c| 8 
 hw/ppc/spapr_vio.c | 2 +-
 include/hw/ppc/spapr_vio.h | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index 6aa06cc..e08c20e 100644
--- a/hw/net/spapr_llan.c
+++ b/hw/net/spapr_llan.c
@@ -93,9 +93,9 @@ typedef struct VIOsPAPRVLANDevice {
 NICConf nicconf;
 NICState *nic;
 bool isopen;
-target_ulong buf_list;
+hwaddr buf_list;
 uint32_t add_buf_ptr, use_buf_ptr, rx_bufs;
-target_ulong rxq_ptr;
+hwaddr rxq_ptr;
 } VIOsPAPRVLANDevice;
 
 static int spapr_vlan_can_receive(NetClientState *nc)
@@ -522,11 +522,11 @@ static const VMStateDescription vmstate_spapr_llan = {
 VMSTATE_SPAPR_VIO(sdev, VIOsPAPRVLANDevice),
 /* LLAN state */
 VMSTATE_BOOL(isopen, VIOsPAPRVLANDevice),
-VMSTATE_UINTTL(buf_list, VIOsPAPRVLANDevice),
+VMSTATE_UINT64(buf_list, VIOsPAPRVLANDevice),
 VMSTATE_UINT32(add_buf_ptr, VIOsPAPRVLANDevice),
 VMSTATE_UINT32(use_buf_ptr, VIOsPAPRVLANDevice),
 VMSTATE_UINT32(rx_bufs, VIOsPAPRVLANDevice),
-VMSTATE_UINTTL(rxq_ptr, VIOsPAPRVLANDevice),
+VMSTATE_UINT64(rxq_ptr, VIOsPAPRVLANDevice),
 
 VMSTATE_END_OF_LIST()
 },
diff --git a/hw/ppc/spapr_vio.c b/hw/ppc/spapr_vio.c
index 8aa021f..6b20b40 100644
--- a/hw/ppc/spapr_vio.c
+++ b/hw/ppc/spapr_vio.c
@@ -584,7 +584,7 @@ const VMStateDescription vmstate_spapr_vio = {
 VMSTATE_UINT32_EQUAL(irq, VIOsPAPRDevice),
 
 /* General VIO device state */
-VMSTATE_UINTTL(signal_state, VIOsPAPRDevice),
+VMSTATE_UINT64(signal_state, VIOsPAPRDevice),
 VMSTATE_UINT64(crq.qladdr, VIOsPAPRDevice),
 VMSTATE_UINT32(crq.qsize, VIOsPAPRDevice),
 VMSTATE_UINT32(crq.qnext, VIOsPAPRDevice),
diff --git a/include/hw/ppc/spapr_vio.h b/include/hw/ppc/spapr_vio.h
index c9733e7..5f8b042 100644
--- a/include/hw/ppc/spapr_vio.h
+++ b/include/hw/ppc/spapr_vio.h
@@ -61,7 +61,7 @@ struct VIOsPAPRDevice {
 DeviceState qdev;
 uint32_t reg;
 uint32_t irq;
-target_ulong signal_state;
+uint64_t signal_state;
 VIOsPAPR_CRQ crq;
 AddressSpace as;
 MemoryRegion mrroot;
-- 
1.8.3.1

[Qemu-devel] [PATCH 42/49] qemu-common: push cpu.h inclusion out of qemu-common.h

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 arch_init.c  |  2 ++
 cpus.c   |  3 ++-
 exec.c   |  2 +-
 gdbstub.c|  1 +
 hw/arm/nseries.c |  1 +
 hw/arm/pxa2xx_gpio.c |  1 +
 hw/core/nmi.c|  5 +
 hw/display/cg3.c |  1 +
 hw/i386/kvm/apic.c   |  2 ++
 hw/i386/kvm/clock.c  |  1 +
 hw/i386/kvmvapic.c   |  2 ++
 hw/intc/apic.c   |  2 ++
 hw/intc/apic_common.c|  2 ++
 hw/intc/arm_gic_kvm.c|  2 ++
 hw/intc/armv7m_nvic.c|  1 +
 hw/intc/openpic_kvm.c|  2 ++
 hw/intc/s390_flic_kvm.c  |  2 ++
 hw/ppc/ppc4xx_devs.c |  1 +
 hw/ppc/prep.c|  1 +
 hw/ppc/virtex_ml507.c|  1 +
 hw/xtensa/pic_cpu.c  |  1 +
 include/disas/disas.h|  2 ++
 include/exec/gdbstub.h   |  2 ++
 include/exec/hwaddr.h|  2 ++
 include/hw/arm/digic.h   |  1 +
 include/hw/arm/virt-acpi-build.h |  1 +
 include/hw/arm/virt.h|  1 +
 include/hw/hw.h  |  1 -
 include/hw/sd/sd.h   |  2 ++
 include/hw/xen/xen.h |  7 ---
 include/qemu-common.h|  5 -
 include/sysemu/kvm.h |  1 +
 ioport.c |  2 ++
 memory.c |  2 ++
 migration/ram.c  |  2 ++
 migration/savevm.c   |  1 +
 monitor.c|  2 ++
 qtest.c  |  2 ++
 scripts/tracetool/format/tcg_helper_c.py |  1 +
 target-alpha/gdbstub.c   |  1 +
 target-alpha/machine.c   |  2 ++
 target-arm/gdbstub.c |  1 +
 target-arm/gdbstub64.c   |  1 +
 target-arm/kvm-stub.c|  1 +
 target-arm/kvm32.c   |  2 +-
 target-arm/kvm64.c   |  2 +-
 target-arm/machine.c |  2 ++
 target-cris/gdbstub.c|  1 +
 target-cris/machine.c|  2 ++
 target-i386/gdbstub.c|  1 +
 target-i386/kvm-stub.c   |  1 +
 target-i386/kvm.c|  2 +-
 target-i386/machine.c|  2 ++
 target-lm32/gdbstub.c|  1 +
 target-lm32/machine.c|  2 ++
 target-m68k/gdbstub.c|  1 +
 target-microblaze/gdbstub.c  |  1 +
 target-mips/cpu.h| 18 ++
 target-mips/gdbstub.c|  1 +
 target-mips/helper.c | 17 +
 target-mips/kvm.c|  2 +-
 target-mips/machine.c|  2 ++
 target-moxie/machine.c   |  2 ++
 target-openrisc/gdbstub.c|  1 +
 target-openrisc/machine.c|  2 ++
 target-ppc/gdbstub.c |  1 +
 target-ppc/kvm-stub.c|  1 +
 target-ppc/kvm.c |  2 +-
 target-ppc/machine.c |  2 ++
 target-s390x/gdbstub.c   |  1 +
 target-s390x/kvm.c   |  2 +-
 target-sh4/gdbstub.c |  1 +
 target-sparc/gdbstub.c   |  1 +
 target-sparc/machine.c   |  2 ++
 target-xtensa/gdbstub.c  |  1 +
 tcg/optimize.c   |  3 +--
 tcg/tcg-op.c |  2 ++
 tcg/tcg.h|  1 +
 78 files changed, 129 insertions(+), 35 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index f6aba02..7537b36 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -22,6 +22,8 @@
  * THE SOFTWARE.
  */
 #include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/arch_init.h"
 #include "hw/pci/pci.h"
diff --git a/cpus.c b/cpus.c
index bc774e2..cdbe4ec 100644
--- a/cpus.c
+++ b/cpus.c
@@ -24,7 +24,8 @@
 
 /* Needed early for CONFIG_BSD etc. */
 #include "qemu/osdep.h"
-
+#include "qemu-common.h"
+#include "cpu.h"
 #include "monitor/monitor.h"
 #include "qapi/qmp/qerror.h"
 #include "qemu/error-report.h"
diff --git a/exec.c b/exec.c
index 10408f2..bd2b334 100644
--- a/exec.c
+++ b/exec.c
@@ -28,10 +28,10 @@
 #include "hw/qdev-core.h"
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/boards.h"
+#include "hw/xen/xen.h"
 #endif
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
-#include "hw/xen/xen.h"
 #include "qemu/timer.h"
 #include "qemu/config-file.h"
 #include 

[Qemu-devel] [PATCH 45/49] hw: explicitly include qemu/log.h

[Paolo Bonzini]

Move the inclusion out of hw/hw.h, most files do not need it.

Signed-off-by: Paolo Bonzini 
---
 hw/arm/nseries.c   | 1 +
 hw/arm/pxa2xx_gpio.c   | 1 +
 hw/arm/stellaris.c | 1 +
 hw/arm/strongarm.c | 1 +
 hw/arm/xlnx-ep108.c| 1 +
 hw/audio/pl041.c   | 1 +
 hw/block/m25p80.c  | 1 +
 hw/block/pflash_cfi01.c| 1 +
 hw/char/cadence_uart.c | 4 
 hw/char/digic-uart.c   | 1 +
 hw/char/imx_serial.c   | 1 +
 hw/char/pl011.c| 1 +
 hw/char/stm32f2xx_usart.c  | 1 +
 hw/display/cg3.c   | 1 +
 hw/display/pl110.c | 1 +
 hw/display/virtio-gpu.c| 1 +
 hw/dma/pl080.c | 1 +
 hw/dma/pl330.c | 1 +
 hw/dma/rc4030.c| 1 +
 hw/gpio/imx_gpio.c | 1 +
 hw/gpio/pl061.c| 1 +
 hw/i2c/imx_i2c.c   | 1 +
 hw/i2c/versatile_i2c.c | 1 +
 hw/input/pl050.c   | 1 +
 hw/intc/allwinner-a10-pic.c| 1 +
 hw/intc/arm_gic.c  | 1 +
 hw/intc/arm_gicv2m.c   | 1 +
 hw/intc/armv7m_nvic.c  | 1 +
 hw/intc/bcm2835_ic.c   | 1 +
 hw/intc/bcm2836_control.c  | 1 +
 hw/intc/i8259.c| 1 +
 hw/intc/imx_avic.c | 1 +
 hw/intc/openpic.c  | 1 +
 hw/intc/pl190.c| 1 +
 hw/misc/arm11scu.c | 1 +
 hw/misc/arm_integrator_debug.c | 1 +
 hw/misc/arm_l2x0.c | 1 +
 hw/misc/arm_sysctl.c   | 1 +
 hw/misc/bcm2835_mbox.c | 1 +
 hw/misc/bcm2835_property.c | 1 +
 hw/misc/imx25_ccm.c| 1 +
 hw/misc/imx31_ccm.c| 1 +
 hw/misc/imx_ccm.c  | 1 +
 hw/misc/macio/cuda.c   | 1 +
 hw/misc/macio/mac_dbdma.c  | 1 +
 hw/misc/stm32f2xx_syscfg.c | 1 +
 hw/misc/zynq-xadc.c| 1 +
 hw/misc/zynq_slcr.c| 1 +
 hw/net/allwinner_emac.c| 1 +
 hw/net/fsl_etsec/etsec.c   | 1 +
 hw/net/fsl_etsec/rings.c   | 2 +-
 hw/net/imx_fec.c   | 1 +
 hw/net/lan9118.c   | 1 +
 hw/net/spapr_llan.c| 1 +
 hw/pci-host/apb.c  | 1 +
 hw/pci-host/versatile.c| 1 +
 hw/ppc/spapr.c | 1 +
 hw/ppc/spapr_hcall.c   | 1 +
 hw/ppc/spapr_iommu.c   | 1 +
 hw/ppc/spapr_rtas.c| 1 +
 hw/ppc/spapr_vio.c | 1 +
 hw/sd/pl181.c  | 1 +
 hw/sd/sd.c | 1 +
 hw/sd/sdhci.c  | 1 +
 hw/ssi/pl022.c | 1 +
 hw/timer/allwinner-a10-pit.c   | 1 +
 hw/timer/arm_timer.c   | 1 +
 hw/timer/digic-timer.c | 1 +
 hw/timer/imx_epit.c| 1 +
 hw/timer/imx_gpt.c | 1 +
 hw/timer/pl031.c   | 1 +
 hw/timer/stm32f2xx_timer.c | 1 +
 hw/watchdog/wdt_diag288.c  | 1 +
 include/hw/hw.h| 1 -
 monitor.c  | 1 +
 vl.c   | 1 +
 76 files changed, 78 insertions(+), 2 deletions(-)

diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
index 1c074e4..f34aa5e 100644
--- a/hw/arm/nseries.c
+++ b/hw/arm/nseries.c
@@ -37,6 +37,7 @@
 #include "hw/loader.h"
 #include "sysemu/block-backend.h"
 #include "hw/sysbus.h"
+#include "qemu/log.h"
 #include "exec/address-spaces.h"
 
 /* Nokia N8x0 support */
diff --git a/hw/arm/pxa2xx_gpio.c b/hw/arm/pxa2xx_gpio.c
index 8c9626e..576a8eb 100644
--- a/hw/arm/pxa2xx_gpio.c
+++ b/hw/arm/pxa2xx_gpio.c
@@ -12,6 +12,7 @@
 #include "hw/hw.h"
 #include "hw/sysbus.h"
 #include "hw/arm/pxa.h"
+#include "qemu/log.h"
 
 #define PXA2XX_GPIO_BANKS  4
 
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index fe6a4f0..afa8f83 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -17,6 +17,7 @@
 #include "hw/i2c/i2c.h"
 #include "net/net.h"
 #include "hw/boards.h"
+#include "qemu/log.h"
 #include "exec/address-spaces.h"
 #include "sysemu/sysemu.h"
 
diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
index 2424099..6efbe9b 100644
--- a/hw/arm/strongarm.c
+++ b/hw/arm/strongarm.c
@@ -37,6 +37,7 @@
 #include "sysemu/char.h"
 #include "sysemu/sysemu.h"
 #include "hw/ssi/ssi.h"
+#include "qemu/log.h"
 
 //#define DEBUG
 
diff --git a/hw/arm/xlnx-ep108.c b/hw/arm/xlnx-ep108.c
index 5f48018..40f7cc1 100644
--- a/hw/arm/xlnx-ep108.c
+++ b/hw/arm/xlnx-ep108.c
@@ -23,6 +23,7 @@
 #include "hw/boards.h"
 #include "qemu/error-report.h"
 #include "exec/address-spaces.h"
+#include "qemu/log.h"
 
 typedef struct XlnxEP108 {
 XlnxZynqMPState soc;
diff --git a/hw/audio/pl041.c b/hw/audio/pl041.c
index 4717bc9..6e9c104 100644
--- a/hw/audio/pl041.c
+++ b/hw/audio/pl041.c
@@ -22,6 +22,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/sysbus.h"
+#include "qemu/log.h"
 
 #include "pl041.h"
 #include "lm4549.h"
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index de24f42..580f9d6 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -26,6 +26,7 @@
 #include 

[Qemu-devel] [PATCH 26/49] ppc: use PowerPCCPU instead of CPUPPCState

[Paolo Bonzini]

This changes a cpu.h dependency for hw/ppc/ppc.h into a cpu-qom.h
dependency.  For it to compile we also need to clean up a few unused
definitions.

Signed-off-by: Paolo Bonzini 
---
 hw/ppc/ppc.c| 20 +-
 include/hw/ppc/ppc.h| 24 +++-
 target-ppc/translate_init.c | 92 +++--
 3 files changed, 63 insertions(+), 73 deletions(-)

diff --git a/hw/ppc/ppc.c b/hw/ppc/ppc.c
index d2167bb..69289b7 100644
--- a/hw/ppc/ppc.c
+++ b/hw/ppc/ppc.c
@@ -164,9 +164,9 @@ static void ppc6xx_set_irq(void *opaque, int pin, int level)
 }
 }
 
-void ppc6xx_irq_init(CPUPPCState *env)
+void ppc6xx_irq_init(PowerPCCPU *cpu)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+CPUPPCState *env = >env;
 
 env->irq_inputs = (void **)qemu_allocate_irqs(_set_irq, cpu,
   PPC6xx_INPUT_NB);
@@ -251,9 +251,9 @@ static void ppc970_set_irq(void *opaque, int pin, int level)
 }
 }
 
-void ppc970_irq_init(CPUPPCState *env)
+void ppc970_irq_init(PowerPCCPU *cpu)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+CPUPPCState *env = >env;
 
 env->irq_inputs = (void **)qemu_allocate_irqs(_set_irq, cpu,
   PPC970_INPUT_NB);
@@ -287,9 +287,9 @@ static void power7_set_irq(void *opaque, int pin, int level)
 }
 }
 
-void ppcPOWER7_irq_init(CPUPPCState *env)
+void ppcPOWER7_irq_init(PowerPCCPU *cpu)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+CPUPPCState *env = >env;
 
 env->irq_inputs = (void **)qemu_allocate_irqs(_set_irq, cpu,
   POWER7_INPUT_NB);
@@ -372,9 +372,9 @@ static void ppc40x_set_irq(void *opaque, int pin, int level)
 }
 }
 
-void ppc40x_irq_init(CPUPPCState *env)
+void ppc40x_irq_init(PowerPCCPU *cpu)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+CPUPPCState *env = >env;
 
 env->irq_inputs = (void **)qemu_allocate_irqs(_set_irq,
   cpu, PPC40x_INPUT_NB);
@@ -436,9 +436,9 @@ static void ppce500_set_irq(void *opaque, int pin, int 
level)
 }
 }
 
-void ppce500_irq_init(CPUPPCState *env)
+void ppce500_irq_init(PowerPCCPU *cpu)
 {
-PowerPCCPU *cpu = ppc_env_get_cpu(env);
+CPUPPCState *env = >env;
 
 env->irq_inputs = (void **)qemu_allocate_irqs(_set_irq,
   cpu, PPCE500_INPUT_NB);
diff --git a/include/hw/ppc/ppc.h b/include/hw/ppc/ppc.h
index 14efd0c..5617dc4 100644
--- a/include/hw/ppc/ppc.h
+++ b/include/hw/ppc/ppc.h
@@ -1,6 +1,8 @@
 #ifndef HW_PPC_H
 #define HW_PPC_H 1
 
+#include "target-ppc/cpu-qom.h"
+
 void ppc_set_irq(PowerPCCPU *cpu, int n_IRQ, int level);
 
 /* PowerPC hardware exceptions management helpers */
@@ -64,17 +66,21 @@ clk_setup_cb ppc_40x_timers_init (CPUPPCState *env, 
uint32_t freq,
 void ppc40x_core_reset(PowerPCCPU *cpu);
 void ppc40x_chip_reset(PowerPCCPU *cpu);
 void ppc40x_system_reset(PowerPCCPU *cpu);
-void PREP_debug_write (void *opaque, uint32_t addr, uint32_t val);
-
-extern CPUWriteMemoryFunc * const PPC_io_write[];
-extern CPUReadMemoryFunc * const PPC_io_read[];
 void PPC_debug_write (void *opaque, uint32_t addr, uint32_t val);
 
-void ppc40x_irq_init (CPUPPCState *env);
-void ppce500_irq_init (CPUPPCState *env);
-void ppc6xx_irq_init (CPUPPCState *env);
-void ppc970_irq_init (CPUPPCState *env);
-void ppcPOWER7_irq_init (CPUPPCState *env);
+#if defined(CONFIG_USER_ONLY)
+static inline void ppc40x_irq_init(PowerPCCPU *cpu) {}
+static inline void ppc6xx_irq_init(PowerPCCPU *cpu) {}
+static inline void ppc970_irq_init(PowerPCCPU *cpu) {}
+static inline void ppcPOWER7_irq_init(PowerPCCPU *cpu) {}
+static inline void ppce500_irq_init(PowerPCCPU *cpu) {}
+#else
+void ppc40x_irq_init(PowerPCCPU *cpu);
+void ppce500_irq_init(PowerPCCPU *cpu);
+void ppc6xx_irq_init(PowerPCCPU *cpu);
+void ppc970_irq_init(PowerPCCPU *cpu);
+void ppcPOWER7_irq_init(PowerPCCPU *cpu);
+#endif
 
 /* PPC machines for OpenBIOS */
 enum {
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index bd0cffc..c1698da 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -31,29 +31,13 @@
 #include "qemu/error-report.h"
 #include "qapi/visitor.h"
 #include "hw/qdev-properties.h"
+#include "hw/ppc/ppc.h"
 
 //#define PPC_DUMP_CPU
 //#define PPC_DEBUG_SPR
 //#define PPC_DUMP_SPR_ACCESSES
 /* #define USE_APPLE_GDB */
 
-/* For user-mode emulation, we don't emulate any IRQ controller */
-#if defined(CONFIG_USER_ONLY)
-#define PPC_IRQ_INIT_FN(name) \
-static inline void glue(glue(ppc, name),_irq_init) (CPUPPCState *env) \
-{ \
-}
-#else
-#define PPC_IRQ_INIT_FN(name) \
-void glue(glue(ppc, name),_irq_init) (CPUPPCState *env);
-#endif
-

[Qemu-devel] [PATCH 43/49] arm: move arm_log_exception into .c file

[Paolo Bonzini]

Avoid need for qemu/log.h inclusion.

Signed-off-by: Paolo Bonzini 
---
 target-arm/helper.c| 14 ++
 target-arm/internals.h | 15 +--
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index eaded41..f71a78f 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -5810,6 +5810,20 @@ static void do_v7m_exception_exit(CPUARMState *env)
pointer.  */
 }
 
+void arm_log_exception(int idx)
+{
+if (qemu_loglevel_mask(CPU_LOG_INT)) {
+const char *exc = NULL;
+
+if (idx >= 0 && idx < ARRAY_SIZE(excnames)) {
+exc = excnames[idx];
+}
+if (!exc) {
+exc = "unknown";
+}
+qemu_log_mask(CPU_LOG_INT, "Taking exception %d [%s]\n", idx, exc);
+}
+}
 void arm_v7m_cpu_do_interrupt(CPUState *cs)
 {
 ARMCPU *cpu = ARM_CPU(cs);
diff --git a/target-arm/internals.h b/target-arm/internals.h
index 2e70272..5c7d146 100644
--- a/target-arm/internals.h
+++ b/target-arm/internals.h
@@ -72,20 +72,7 @@ static const char * const excnames[] = {
 [EXCP_SEMIHOST] = "Semihosting call",
 };
 
-static inline void arm_log_exception(int idx)
-{
-if (qemu_loglevel_mask(CPU_LOG_INT)) {
-const char *exc = NULL;
-
-if (idx >= 0 && idx < ARRAY_SIZE(excnames)) {
-exc = excnames[idx];
-}
-if (!exc) {
-exc = "unknown";
-}
-qemu_log_mask(CPU_LOG_INT, "Taking exception %d [%s]\n", idx, exc);
-}
-}
+void arm_log_exception(int idx);
 
 /* Scale factor for generic timers, ie number of ns per tick.
  * This gives a 62.5MHz timer.
-- 
1.8.3.1

[Qemu-devel] [PATCH 31/49] apic: move target-dependent definitions to cpu.h

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/intc/ioapic.c   | 1 +
 include/hw/i386/apic.h | 5 -
 target-i386/cpu.h  | 7 +++
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/hw/intc/ioapic.c b/hw/intc/ioapic.c
index 378e663..4f42b91 100644
--- a/hw/intc/ioapic.c
+++ b/hw/intc/ioapic.c
@@ -24,6 +24,7 @@
 #include "monitor/monitor.h"
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
+#include "hw/i386/apic.h"
 #include "hw/i386/ioapic.h"
 #include "hw/i386/ioapic_internal.h"
 #include "include/hw/pci/msi.h"
diff --git a/include/hw/i386/apic.h b/include/hw/i386/apic.h
index 51eb6d3..ea48ea9 100644
--- a/include/hw/i386/apic.h
+++ b/include/hw/i386/apic.h
@@ -18,15 +18,10 @@ void cpu_set_apic_tpr(DeviceState *s, uint8_t val);
 uint8_t cpu_get_apic_tpr(DeviceState *s);
 void apic_init_reset(DeviceState *s);
 void apic_sipi(DeviceState *s);
-void apic_handle_tpr_access_report(DeviceState *d, target_ulong ip,
-   TPRAccess access);
 void apic_poll_irq(DeviceState *d);
 void apic_designate_bsp(DeviceState *d, bool bsp);
 
 /* pc.c */
 DeviceState *cpu_get_current_apic(void);
 
-/* cpu.c */
-bool cpu_is_bsp(X86CPU *cpu);
-
 #endif
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index c2f4af4..60dc97c 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -1451,7 +1451,11 @@ void do_interrupt_x86_hardirq(CPUX86State *env, int 
intno, int is_hw);
 void do_smm_enter(X86CPU *cpu);
 void cpu_smm_update(X86CPU *cpu);
 
+/* apic.c */
 void cpu_report_tpr_access(CPUX86State *env, TPRAccess access);
+void apic_handle_tpr_access_report(DeviceState *d, target_ulong ip,
+   TPRAccess access);
+
 
 /* Change the value of a KVM-specific default
  *
@@ -1477,4 +1481,7 @@ void enable_compat_apic_id_mode(void);
 void x86_cpu_dump_local_apic_state(CPUState *cs, FILE *f,
fprintf_function cpu_fprintf, int flags);
 
+/* cpu.c */
+bool cpu_is_bsp(X86CPU *cpu);
+
 #endif /* CPU_I386_H */
-- 
1.8.3.1

[Qemu-devel] [PATCH 46/49] exec: extract exec/tb-context.h

[Paolo Bonzini]

TCG backends do not need most of exec-all.h; extract what they actually
need to a separate file or move it directly to tcg.h.  The next patch
will stop including exec-all.h from everywhere.

Signed-off-by: Paolo Bonzini 
---
 include/exec/exec-all.h   | 47 +--
 include/exec/tb-context.h | 46 ++
 tcg/optimize.c|  2 +-
 tcg/tcg-common.c  |  2 ++
 tcg/tcg.h | 22 ++
 5 files changed, 72 insertions(+), 47 deletions(-)
 create mode 100644 include/exec/tb-context.h

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 05a151d..3d3de76 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -21,6 +21,7 @@
 #define _EXEC_ALL_H_
 
 #include "qemu-common.h"
+#include "exec/tb-context.h"
 
 /* allow to see translation results - the slowdown should be negligible, so we 
leave it */
 #define DEBUG_DISAS
@@ -40,30 +41,6 @@ typedef ram_addr_t tb_page_addr_t;
 #define DISAS_UPDATE  2 /* cpu state was modified dynamically */
 #define DISAS_TB_JUMP 3 /* only pc was modified statically */
 
-struct TranslationBlock;
-typedef struct TranslationBlock TranslationBlock;
-
-/* XXX: make safe guess about sizes */
-#define MAX_OP_PER_INSTR 266
-
-#if HOST_LONG_BITS == 32
-#define MAX_OPC_PARAM_PER_ARG 2
-#else
-#define MAX_OPC_PARAM_PER_ARG 1
-#endif
-#define MAX_OPC_PARAM_IARGS 5
-#define MAX_OPC_PARAM_OARGS 1
-#define MAX_OPC_PARAM_ARGS (MAX_OPC_PARAM_IARGS + MAX_OPC_PARAM_OARGS)
-
-/* A Call op needs up to 4 + 2N parameters on 32-bit archs,
- * and up to 4 + N parameters on 64-bit archs
- * (N = number of input arguments + output arguments).  */
-#define MAX_OPC_PARAM (4 + (MAX_OPC_PARAM_PER_ARG * MAX_OPC_PARAM_ARGS))
-#define OPC_BUF_SIZE 640
-#define OPC_MAX_SIZE (OPC_BUF_SIZE - MAX_OP_PER_INSTR)
-
-#define OPPARAM_BUF_SIZE (OPC_BUF_SIZE * MAX_OPC_PARAM)
-
 #include "qemu/log.h"
 
 void gen_intermediate_code(CPUArchState *env, struct TranslationBlock *tb);
@@ -211,9 +188,6 @@ static inline void tlb_flush_by_mmuidx(CPUState *cpu, ...)
 
 #define CODE_GEN_ALIGN   16 /* must be >= of the size of a icache line 
*/
 
-#define CODE_GEN_PHYS_HASH_BITS 15
-#define CODE_GEN_PHYS_HASH_SIZE (1 << CODE_GEN_PHYS_HASH_BITS)
-
 /* Estimated block size for TB allocation.  */
 /* ??? The following is based on a 2015 survey of x86_64 host output.
Better would seem to be some sort of dynamically sized TB array,
@@ -273,25 +247,6 @@ struct TranslationBlock {
 struct TranslationBlock *jmp_first;
 };
 
-#include "qemu/thread.h"
-
-typedef struct TBContext TBContext;
-
-struct TBContext {
-
-TranslationBlock *tbs;
-TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
-int nb_tbs;
-/* any access to the tbs or the page table must use this lock */
-QemuMutex tb_lock;
-
-/* statistics */
-int tb_flush_count;
-int tb_phys_invalidate_count;
-
-int tb_invalidated_flag;
-};
-
 void tb_free(TranslationBlock *tb);
 void tb_flush(CPUState *cpu);
 void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
diff --git a/include/exec/tb-context.h b/include/exec/tb-context.h
new file mode 100644
index 000..c06204a
--- /dev/null
+++ b/include/exec/tb-context.h
@@ -0,0 +1,46 @@
+/*
+ * Internal structs that QEMU exports to TCG
+ *
+ *  Copyright (c) 2003 Fabrice Bellard
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef QEMU_TB_CONTEXT_H_
+#define QEMU_TB_CONTEXT_H_
+
+#include "qemu/thread.h"
+
+#define CODE_GEN_PHYS_HASH_BITS 15
+#define CODE_GEN_PHYS_HASH_SIZE (1 << CODE_GEN_PHYS_HASH_BITS)
+
+typedef struct TranslationBlock TranslationBlock;
+typedef struct TBContext TBContext;
+
+struct TBContext {
+
+TranslationBlock *tbs;
+TranslationBlock *tb_phys_hash[CODE_GEN_PHYS_HASH_SIZE];
+int nb_tbs;
+/* any access to the tbs or the page table must use this lock */
+QemuMutex tb_lock;
+
+/* statistics */
+int tb_flush_count;
+int tb_phys_invalidate_count;
+
+int tb_invalidated_flag;
+};
+
+#endif
diff --git a/tcg/optimize.c b/tcg/optimize.c
index 701f552..1d867f4 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -25,7 +25,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu-common.h"
-#include "cpu.h"
+#include 

[Qemu-devel] [PATCH 32/49] include: poison symbols in osdep.h

[Paolo Bonzini]

Ensure that all target-independent files ignore poisoned symbols,
and fix the fallout.

Signed-off-by: Paolo Bonzini 
---
 hw/core/Makefile.objs  |  2 +-
 include/exec/cpu-common.h  |  4 
 include/exec/helper-head.h | 23 +--
 include/qemu/osdep.h   |  2 ++
 scripts/create_config  |  2 +-
 5 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs
index abb3560..70951d4 100644
--- a/hw/core/Makefile.objs
+++ b/hw/core/Makefile.objs
@@ -4,7 +4,7 @@ common-obj-y += fw-path-provider.o
 # irq.o needed for qdev GPIO handling:
 common-obj-y += irq.o
 common-obj-y += hotplug.o
-common-obj-y += nmi.o
+obj-y += nmi.o
 
 common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
 common-obj-$(CONFIG_XILINX_AXI) += stream.o
diff --git a/include/exec/cpu-common.h b/include/exec/cpu-common.h
index 9e839e5..4f59034 100644
--- a/include/exec/cpu-common.h
+++ b/include/exec/cpu-common.h
@@ -7,10 +7,6 @@
 #include "exec/hwaddr.h"
 #endif
 
-#ifndef NEED_CPU_H
-#include "exec/poison.h"
-#endif
-
 #include "qemu/bswap.h"
 #include "qemu/queue.h"
 #include "qemu/fprintf-fn.h"
diff --git a/include/exec/helper-head.h b/include/exec/helper-head.h
index ec79043..74f8f03 100644
--- a/include/exec/helper-head.h
+++ b/include/exec/helper-head.h
@@ -33,17 +33,9 @@
 #define dh_alias_s64 i64
 #define dh_alias_f32 i32
 #define dh_alias_f64 i64
-#ifdef TARGET_LONG_BITS
-# if TARGET_LONG_BITS == 32
-#  define dh_alias_tl i32
-# else
-#  define dh_alias_tl i64
-# endif
-#endif
 #define dh_alias_ptr ptr
 #define dh_alias_void void
 #define dh_alias_noreturn noreturn
-#define dh_alias_env ptr
 #define dh_alias(t) glue(dh_alias_, t)
 
 #define dh_ctype_i32 uint32_t
@@ -53,13 +45,24 @@
 #define dh_ctype_s64 int64_t
 #define dh_ctype_f32 float32
 #define dh_ctype_f64 float64
-#define dh_ctype_tl target_ulong
 #define dh_ctype_ptr void *
 #define dh_ctype_void void
 #define dh_ctype_noreturn void QEMU_NORETURN
-#define dh_ctype_env CPUArchState *
 #define dh_ctype(t) dh_ctype_##t
 
+#ifdef NEED_CPU_H
+# ifdef TARGET_LONG_BITS
+#  if TARGET_LONG_BITS == 32
+#   define dh_alias_tl i32
+#  else
+#   define dh_alias_tl i64
+#  endif
+# endif
+# define dh_alias_env ptr
+# define dh_ctype_tl target_ulong
+# define dh_ctype_env CPUArchState *
+#endif
+
 /* We can't use glue() here because it falls foul of C preprocessor
recursive expansion rules.  */
 #define dh_retvar_decl0_void void
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 97a7fa2..39fd70a 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -30,6 +30,8 @@
 #include "config-host.h"
 #ifdef NEED_CPU_H
 #include "config-target.h"
+#else
+#include "exec/poison.h"
 #endif
 #include "qemu/compiler.h"
 
diff --git a/scripts/create_config b/scripts/create_config
index 9cb176f..b2d2ebb 100755
--- a/scripts/create_config
+++ b/scripts/create_config
@@ -52,7 +52,7 @@ case $line in
 done
 echo "NULL"
 ;;
- CONFIG_*=y) # configuration
+ CONFIG_*='$(CONFIG_SOFTMMU)'|CONFIG_*=y) # configuration
 name=${line%=*}
 echo "#define $name 1"
 ;;
-- 
1.8.3.1

[Qemu-devel] [PATCH 41/49] s390x: move stuff out of cpu.h

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/s390x/css.c  |   4 +-
 hw/s390x/s390-skeys.c   |   1 +
 hw/s390x/s390-virtio-ccw.c  |   4 +-
 hw/s390x/virtio-ccw.c   |   5 +-
 hw/s390x/virtio-ccw.h   |   3 +-
 {hw => include/hw}/s390x/css.h  |  31 +++-
 {target-s390x => include/hw/s390x}/ioinst.h |  16 +---
 target-s390x/cpu.h  | 117 ++--
 target-s390x/helper.c   |   1 +
 target-s390x/interrupt.c|  64 +++
 target-s390x/ioinst.c   |   2 +-
 11 files changed, 131 insertions(+), 117 deletions(-)
 rename {hw => include/hw}/s390x/css.h (76%)
 rename {target-s390x => include/hw/s390x}/ioinst.h (87%)

diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 3a1d919..1675a19 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -14,8 +14,8 @@
 #include "qemu/bitops.h"
 #include "exec/address-spaces.h"
 #include "cpu.h"
-#include "ioinst.h"
-#include "css.h"
+#include "hw/s390x/ioinst.h"
+#include "hw/s390x/css.h"
 #include "trace.h"
 #include "hw/s390x/s390_flic.h"
 
diff --git a/hw/s390x/s390-skeys.c b/hw/s390x/s390-skeys.c
index 6528ffe..d772cfc 100644
--- a/hw/s390x/s390-skeys.c
+++ b/hw/s390x/s390-skeys.c
@@ -15,6 +15,7 @@
 #include "migration/qemu-file.h"
 #include "hw/s390x/storage-keys.h"
 #include "qemu/error-report.h"
+#include "sysemu/kvm.h"
 
 #define S390_SKEYS_BUFFER_SIZE 131072  /* Room for 128k storage keys */
 #define S390_SKEYS_SAVE_FLAG_EOS 0x01
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index a45a97e..3b85a38 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -18,8 +18,8 @@
 #include "s390-virtio.h"
 #include "hw/s390x/sclp.h"
 #include "hw/s390x/s390_flic.h"
-#include "ioinst.h"
-#include "css.h"
+#include "hw/s390x/ioinst.h"
+#include "hw/s390x/css.h"
 #include "virtio-ccw.h"
 #include "qemu/config-file.h"
 #include "s390-pci-bus.h"
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index d51642d..a1c1ed9 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -16,6 +16,7 @@
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
 #include "net/net.h"
 #include "hw/virtio/virtio.h"
 #include "hw/virtio/virtio-serial.h"
@@ -28,8 +29,8 @@
 #include "hw/s390x/adapter.h"
 #include "hw/s390x/s390_flic.h"
 
-#include "ioinst.h"
-#include "css.h"
+#include "hw/s390x/ioinst.h"
+#include "hw/s390x/css.h"
 #include "virtio-ccw.h"
 #include "trace.h"
 
diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h
index 66c831b..86b9edb 100644
--- a/hw/s390x/virtio-ccw.h
+++ b/hw/s390x/virtio-ccw.h
@@ -24,7 +24,8 @@
 #include 
 #include 
 
-#include "css.h"
+#include 
+#include 
 
 #define VIRTUAL_CSSID 0xfe
 
diff --git a/hw/s390x/css.h b/include/hw/s390x/css.h
similarity index 76%
rename from hw/s390x/css.h
rename to include/hw/s390x/css.h
index a320eea..98b2e2c 100644
--- a/hw/s390x/css.h
+++ b/include/hw/s390x/css.h
@@ -14,7 +14,7 @@
 
 #include "hw/s390x/adapter.h"
 #include "hw/s390x/s390_flic.h"
-#include "ioinst.h"
+#include "hw/s390x/ioinst.h"
 
 /* Channel subsystem constants. */
 #define MAX_SCHID 65535
@@ -67,6 +67,7 @@ typedef struct CMBE {
 uint32_t reserved[7];
 } QEMU_PACKED CMBE;
 
+typedef struct SubchDev SubchDev;
 struct SubchDev {
 /* channel-subsystem related things: */
 uint8_t cssid;
@@ -123,4 +124,32 @@ void css_adapter_interrupt(uint8_t isc);
 #define CSS_IO_ADAPTER_VIRTIO 1
 int css_register_io_adapter(uint8_t type, uint8_t isc, bool swap,
 bool maskable, uint32_t *id);
+
+#ifndef CONFIG_USER_ONLY
+SubchDev *css_find_subch(uint8_t m, uint8_t cssid, uint8_t ssid,
+ uint16_t schid);
+bool css_subch_visible(SubchDev *sch);
+void css_conditional_io_interrupt(SubchDev *sch);
+int css_do_stsch(SubchDev *sch, SCHIB *schib);
+bool css_schid_final(int m, uint8_t cssid, uint8_t ssid, uint16_t schid);
+int css_do_msch(SubchDev *sch, const SCHIB *schib);
+int css_do_xsch(SubchDev *sch);
+int css_do_csch(SubchDev *sch);
+int css_do_hsch(SubchDev *sch);
+int css_do_ssch(SubchDev *sch, ORB *orb);
+int css_do_tsch_get_irb(SubchDev *sch, IRB *irb, int *irb_len);
+void css_do_tsch_update_subch(SubchDev *sch);
+int css_do_stcrw(CRW *crw);
+void css_undo_stcrw(CRW *crw);
+int css_do_tpi(IOIntCode *int_code, int lowcore);
+int css_collect_chp_desc(int m, uint8_t cssid, uint8_t f_chpid, uint8_t 
l_chpid,
+ int rfmt, void *buf);
+void css_do_schm(uint8_t mbk, int update, int dct, uint64_t mbo);
+int css_enable_mcsse(void);
+int css_enable_mss(void);
+int css_do_rsch(SubchDev *sch);
+int css_do_rchp(uint8_t cssid, uint8_t chpid);
+bool css_present(uint8_t cssid);
+#endif
+
 #endif
diff --git a/target-s390x/ioinst.h b/include/hw/s390x/ioinst.h

[Qemu-devel] [PATCH 23/49] sh4: include cpu-qom.h in files that require SuperHCPU

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 include/hw/sh4/sh.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/hw/sh4/sh.h b/include/hw/sh4/sh.h
index e61de9a..070312d 100644
--- a/include/hw/sh4/sh.h
+++ b/include/hw/sh4/sh.h
@@ -3,6 +3,7 @@
 /* Definitions for SH board emulation.  */
 
 #include "hw/sh4/sh_intc.h"
+#include "target-sh4/cpu-qom.h"
 
 #define A7ADDR(x) ((x) & 0x1fff)
 #define P4ADDR(x) ((x) | 0xe000)
-- 
1.8.3.1

[Qemu-devel] [PATCH 34/49] hw: move CPU state serialization to migration/cpu.h

[Paolo Bonzini]

Remove usage of NEED_CPU_H from hw/hw.h.

Signed-off-by: Paolo Bonzini 
---
 include/hw/hw.h   | 49 ---
 include/migration/cpu.h   | 48 ++
 target-alpha/machine.c|  1 +
 target-arm/machine.c  |  1 +
 target-cris/machine.c |  1 +
 target-i386/machine.c |  1 +
 target-lm32/machine.c |  1 +
 target-mips/machine.c |  2 +-
 target-moxie/machine.c|  1 +
 target-openrisc/machine.c |  1 +
 target-ppc/machine.c  |  1 +
 target-sparc/machine.c|  1 +
 12 files changed, 58 insertions(+), 50 deletions(-)
 create mode 100644 include/migration/cpu.h

diff --git a/include/hw/hw.h b/include/hw/hw.h
index 2cb69d5..0456fc3 100644
--- a/include/hw/hw.h
+++ b/include/hw/hw.h
@@ -14,28 +14,6 @@
 #include "qemu/log.h"
 #include "qemu/module.h"
 
-#ifdef NEED_CPU_H
-#if TARGET_LONG_BITS == 64
-#define qemu_put_betl qemu_put_be64
-#define qemu_get_betl qemu_get_be64
-#define qemu_put_betls qemu_put_be64s
-#define qemu_get_betls qemu_get_be64s
-#define qemu_put_sbetl qemu_put_sbe64
-#define qemu_get_sbetl qemu_get_sbe64
-#define qemu_put_sbetls qemu_put_sbe64s
-#define qemu_get_sbetls qemu_get_sbe64s
-#else
-#define qemu_put_betl qemu_put_be32
-#define qemu_get_betl qemu_get_be32
-#define qemu_put_betls qemu_put_be32s
-#define qemu_get_betls qemu_get_be32s
-#define qemu_put_sbetl qemu_put_sbe32
-#define qemu_get_sbetl qemu_get_sbe32
-#define qemu_put_sbetls qemu_put_sbe32s
-#define qemu_get_sbetls qemu_get_sbe32s
-#endif
-#endif
-
 typedef void QEMUResetHandler(void *opaque);
 
 void qemu_register_reset(QEMUResetHandler *func, void *opaque);
@@ -43,31 +21,4 @@ void qemu_unregister_reset(QEMUResetHandler *func, void 
*opaque);
 
 void QEMU_NORETURN hw_error(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
 
-#ifdef NEED_CPU_H
-#if TARGET_LONG_BITS == 64
-#define VMSTATE_UINTTL_V(_f, _s, _v)  \
-VMSTATE_UINT64_V(_f, _s, _v)
-#define VMSTATE_UINTTL_EQUAL_V(_f, _s, _v)\
-VMSTATE_UINT64_EQUAL_V(_f, _s, _v)
-#define VMSTATE_UINTTL_ARRAY_V(_f, _s, _n, _v)\
-VMSTATE_UINT64_ARRAY_V(_f, _s, _n, _v)
-#define vmstate_info_uinttl vmstate_info_uint64
-#else
-#define VMSTATE_UINTTL_V(_f, _s, _v)  \
-VMSTATE_UINT32_V(_f, _s, _v)
-#define VMSTATE_UINTTL_EQUAL_V(_f, _s, _v)\
-VMSTATE_UINT32_EQUAL_V(_f, _s, _v)
-#define VMSTATE_UINTTL_ARRAY_V(_f, _s, _n, _v)\
-VMSTATE_UINT32_ARRAY_V(_f, _s, _n, _v)
-#define vmstate_info_uinttl vmstate_info_uint32
-#endif
-#define VMSTATE_UINTTL(_f, _s)\
-VMSTATE_UINTTL_V(_f, _s, 0)
-#define VMSTATE_UINTTL_EQUAL(_f, _s)  \
-VMSTATE_UINTTL_EQUAL_V(_f, _s, 0)
-#define VMSTATE_UINTTL_ARRAY(_f, _s, _n)  \
-VMSTATE_UINTTL_ARRAY_V(_f, _s, _n, 0)
-
-#endif
-
 #endif
diff --git a/include/migration/cpu.h b/include/migration/cpu.h
new file mode 100644
index 000..f3abbab
--- /dev/null
+++ b/include/migration/cpu.h
@@ -0,0 +1,48 @@
+/* Declarations for use for CPU state serialization.  */
+#ifndef MIGRATION_CPU_H
+#define MIGRATION_CPU_H
+
+#if TARGET_LONG_BITS == 64
+#define qemu_put_betl qemu_put_be64
+#define qemu_get_betl qemu_get_be64
+#define qemu_put_betls qemu_put_be64s
+#define qemu_get_betls qemu_get_be64s
+#define qemu_put_sbetl qemu_put_sbe64
+#define qemu_get_sbetl qemu_get_sbe64
+#define qemu_put_sbetls qemu_put_sbe64s
+#define qemu_get_sbetls qemu_get_sbe64s
+
+#define VMSTATE_UINTTL_V(_f, _s, _v)  \
+VMSTATE_UINT64_V(_f, _s, _v)
+#define VMSTATE_UINTTL_EQUAL_V(_f, _s, _v)\
+VMSTATE_UINT64_EQUAL_V(_f, _s, _v)
+#define VMSTATE_UINTTL_ARRAY_V(_f, _s, _n, _v)\
+VMSTATE_UINT64_ARRAY_V(_f, _s, _n, _v)
+#define vmstate_info_uinttl vmstate_info_uint64
+#else
+#define qemu_put_betl qemu_put_be32
+#define qemu_get_betl qemu_get_be32
+#define qemu_put_betls qemu_put_be32s
+#define qemu_get_betls qemu_get_be32s
+#define qemu_put_sbetl qemu_put_sbe32
+#define qemu_get_sbetl qemu_get_sbe32
+#define qemu_put_sbetls qemu_put_sbe32s
+#define qemu_get_sbetls qemu_get_sbe32s
+
+#define VMSTATE_UINTTL_V(_f, _s, _v)  \
+VMSTATE_UINT32_V(_f, _s, _v)
+#define VMSTATE_UINTTL_EQUAL_V(_f, _s, _v)\
+VMSTATE_UINT32_EQUAL_V(_f, _s, _v)
+#define VMSTATE_UINTTL_ARRAY_V(_f, _s, _n, _v)\
+VMSTATE_UINT32_ARRAY_V(_f, _s, _n, _v)
+#define vmstate_info_uinttl vmstate_info_uint32
+#endif
+
+#define VMSTATE_UINTTL(_f, _s)\
+VMSTATE_UINTTL_V(_f, _s, 0)
+#define VMSTATE_UINTTL_EQUAL(_f, _s)  \
+VMSTATE_UINTTL_EQUAL_V(_f, _s, 0)
+#define 

[Qemu-devel] [PATCH 08/49] target-i386: make cpu-qom.h not target specific

[Paolo Bonzini]

Make X86CPU an opaque type within cpu-qom.h, and move all definitions of
private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-i386/cpu-qom.h | 97 +-
 target-i386/cpu.h | 98 ++-
 2 files changed, 98 insertions(+), 97 deletions(-)

diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
index 2ca7b9e..5dde658 100644
--- a/target-i386/cpu-qom.h
+++ b/target-i386/cpu-qom.h
@@ -67,101 +67,6 @@ typedef struct X86CPUClass {
 void (*parent_reset)(CPUState *cpu);
 } X86CPUClass;
 
-/**
- * X86CPU:
- * @env: #CPUX86State
- * @migratable: If set, only migratable flags will be accepted when "enforce"
- * mode is used, and only migratable flags will be included in the "host"
- * CPU model.
- *
- * An x86 CPU.
- */
-typedef struct X86CPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUX86State env;
-
-bool hyperv_vapic;
-bool hyperv_relaxed_timing;
-int hyperv_spinlock_attempts;
-char *hyperv_vendor_id;
-bool hyperv_time;
-bool hyperv_crash;
-bool hyperv_reset;
-bool hyperv_vpindex;
-bool hyperv_runtime;
-bool hyperv_synic;
-bool hyperv_stimer;
-bool check_cpuid;
-bool enforce_cpuid;
-bool expose_kvm;
-bool migratable;
-bool host_features;
-int64_t apic_id;
-
-/* if true the CPUID code directly forward host cache leaves to the guest 
*/
-bool cache_info_passthrough;
-
-/* Features that were filtered out because of missing host capabilities */
-uint32_t filtered_features[FEATURE_WORDS];
-
-/* Enable PMU CPUID bits. This can't be enabled by default yet because
- * it doesn't have ABI stability guarantees, as it passes all PMU CPUID
- * bits returned by GET_SUPPORTED_CPUID (that depend on host CPU and kernel
- * capabilities) directly to the guest.
- */
-bool enable_pmu;
-
-/* in order to simplify APIC support, we leave this pointer to the
-   user */
-struct DeviceState *apic_state;
-struct MemoryRegion *cpu_as_root, *cpu_as_mem, *smram;
-Notifier machine_done;
-} X86CPU;
-
-static inline X86CPU *x86_env_get_cpu(CPUX86State *env)
-{
-return container_of(env, X86CPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(x86_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(X86CPU, env)
-
-#ifndef CONFIG_USER_ONLY
-extern struct VMStateDescription vmstate_x86_cpu;
-#endif
-
-/**
- * x86_cpu_do_interrupt:
- * @cpu: vCPU the interrupt is to be handled by.
- */
-void x86_cpu_do_interrupt(CPUState *cpu);
-bool x86_cpu_exec_interrupt(CPUState *cpu, int int_req);
-
-int x86_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cpu,
- int cpuid, void *opaque);
-int x86_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cpu,
- int cpuid, void *opaque);
-int x86_cpu_write_elf64_qemunote(WriteCoreDumpFunction f, CPUState *cpu,
- void *opaque);
-int x86_cpu_write_elf32_qemunote(WriteCoreDumpFunction f, CPUState *cpu,
- void *opaque);
-
-void x86_cpu_get_memory_mapping(CPUState *cpu, MemoryMappingList *list,
-Error **errp);
-
-void x86_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-int flags);
-
-hwaddr x86_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-
-int x86_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int x86_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-
-void x86_cpu_exec_enter(CPUState *cpu);
-void x86_cpu_exec_exit(CPUState *cpu);
+typedef struct X86CPU X86CPU;
 
 #endif
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 5148c82..c2f4af4 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -20,6 +20,7 @@
 #define CPU_I386_H
 
 #include "qemu-common.h"
+#include "cpu-qom.h"
 #include "standard-headers/asm-x86/hyperv.h"
 
 #ifdef TARGET_X86_64
@@ -1024,7 +1025,102 @@ typedef struct CPUX86State {
 TPRAccess tpr_access_type;
 } CPUX86State;
 
-#include "cpu-qom.h"
+/**
+ * X86CPU:
+ * @env: #CPUX86State
+ * @migratable: If set, only migratable flags will be accepted when "enforce"
+ * mode is used, and only migratable flags will be included in the "host"
+ * CPU model.
+ *
+ * An x86 CPU.
+ */
+struct X86CPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUX86State env;
+
+bool hyperv_vapic;
+bool hyperv_relaxed_timing;
+int hyperv_spinlock_attempts;
+char *hyperv_vendor_id;
+bool hyperv_time;
+bool hyperv_crash;
+bool hyperv_reset;
+bool hyperv_vpindex;
+bool hyperv_runtime;
+bool hyperv_synic;
+bool hyperv_stimer;
+bool check_cpuid;
+bool 

[Qemu-devel] [PATCH 12/49] target-mips: make cpu-qom.h not target specific

[Paolo Bonzini]

Make MIPSCPU an opaque type within cpu-qom.h, and move all definitions of
private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-mips/cpu-qom.h | 37 +
 target-mips/cpu.h | 38 +-
 2 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/target-mips/cpu-qom.h b/target-mips/cpu-qom.h
index 4d6f9de..3f5bf23 100644
--- a/target-mips/cpu-qom.h
+++ b/target-mips/cpu-qom.h
@@ -51,41 +51,6 @@ typedef struct MIPSCPUClass {
 void (*parent_reset)(CPUState *cpu);
 } MIPSCPUClass;
 
-/**
- * MIPSCPU:
- * @env: #CPUMIPSState
- *
- * A MIPS CPU.
- */
-typedef struct MIPSCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUMIPSState env;
-} MIPSCPU;
-
-static inline MIPSCPU *mips_env_get_cpu(CPUMIPSState *env)
-{
-return container_of(env, MIPSCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(mips_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(MIPSCPU, env)
-
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_mips_cpu;
-#endif
-
-void mips_cpu_do_interrupt(CPUState *cpu);
-bool mips_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void mips_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
- int flags);
-hwaddr mips_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int mips_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int mips_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void mips_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
-  int is_write, int is_user, uintptr_t 
retaddr);
+typedef struct MIPSCPU MIPSCPU;
 
 #endif
diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index 1e2b070..1baa57a 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -8,6 +8,7 @@
 #define CPUArchState struct CPUMIPSState
 
 #include "qemu-common.h"
+#include "cpu-qom.h"
 #include "mips-defs.h"
 #include "exec/cpu-defs.h"
 #include "fpu/softfloat.h"
@@ -601,7 +602,42 @@ struct CPUMIPSState {
 QEMUTimer *timer; /* Internal timer */
 };
 
-#include "cpu-qom.h"
+/**
+ * MIPSCPU:
+ * @env: #CPUMIPSState
+ *
+ * A MIPS CPU.
+ */
+struct MIPSCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUMIPSState env;
+};
+
+static inline MIPSCPU *mips_env_get_cpu(CPUMIPSState *env)
+{
+return container_of(env, MIPSCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(mips_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(MIPSCPU, env)
+
+#ifndef CONFIG_USER_ONLY
+extern const struct VMStateDescription vmstate_mips_cpu;
+#endif
+
+void mips_cpu_do_interrupt(CPUState *cpu);
+bool mips_cpu_exec_interrupt(CPUState *cpu, int int_req);
+void mips_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
+ int flags);
+hwaddr mips_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+int mips_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int mips_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+void mips_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
+  int is_write, int is_user, uintptr_t 
retaddr);
 
 #if !defined(CONFIG_USER_ONLY)
 int no_mmu_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
-- 
1.8.3.1

[Qemu-devel] [PATCH 20/49] target-xtensa: make cpu-qom.h not target specific

[Paolo Bonzini]

Make XtensaCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  Conversely, move all definitions needed to
define a class to cpu-qom.h.  This helps making files independent of
NEED_CPU_H if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-xtensa/cpu-qom.h | 193 ++-
 target-xtensa/cpu.h | 194 +---
 2 files changed, 194 insertions(+), 193 deletions(-)

diff --git a/target-xtensa/cpu-qom.h b/target-xtensa/cpu-qom.h
index f5d9b9f..e7de30e 100644
--- a/target-xtensa/cpu-qom.h
+++ b/target-xtensa/cpu-qom.h
@@ -40,6 +40,163 @@
 #define XTENSA_CPU_GET_CLASS(obj) \
 OBJECT_GET_CLASS(XtensaCPUClass, (obj), TYPE_XTENSA_CPU)
 
+enum {
+/* Additional instructions */
+XTENSA_OPTION_CODE_DENSITY,
+XTENSA_OPTION_LOOP,
+XTENSA_OPTION_EXTENDED_L32R,
+XTENSA_OPTION_16_BIT_IMUL,
+XTENSA_OPTION_32_BIT_IMUL,
+XTENSA_OPTION_32_BIT_IMUL_HIGH,
+XTENSA_OPTION_32_BIT_IDIV,
+XTENSA_OPTION_MAC16,
+XTENSA_OPTION_MISC_OP_NSA,
+XTENSA_OPTION_MISC_OP_MINMAX,
+XTENSA_OPTION_MISC_OP_SEXT,
+XTENSA_OPTION_MISC_OP_CLAMPS,
+XTENSA_OPTION_COPROCESSOR,
+XTENSA_OPTION_BOOLEAN,
+XTENSA_OPTION_FP_COPROCESSOR,
+XTENSA_OPTION_MP_SYNCHRO,
+XTENSA_OPTION_CONDITIONAL_STORE,
+XTENSA_OPTION_ATOMCTL,
+XTENSA_OPTION_DEPBITS,
+
+/* Interrupts and exceptions */
+XTENSA_OPTION_EXCEPTION,
+XTENSA_OPTION_RELOCATABLE_VECTOR,
+XTENSA_OPTION_UNALIGNED_EXCEPTION,
+XTENSA_OPTION_INTERRUPT,
+XTENSA_OPTION_HIGH_PRIORITY_INTERRUPT,
+XTENSA_OPTION_TIMER_INTERRUPT,
+
+/* Local memory */
+XTENSA_OPTION_ICACHE,
+XTENSA_OPTION_ICACHE_TEST,
+XTENSA_OPTION_ICACHE_INDEX_LOCK,
+XTENSA_OPTION_DCACHE,
+XTENSA_OPTION_DCACHE_TEST,
+XTENSA_OPTION_DCACHE_INDEX_LOCK,
+XTENSA_OPTION_IRAM,
+XTENSA_OPTION_IROM,
+XTENSA_OPTION_DRAM,
+XTENSA_OPTION_DROM,
+XTENSA_OPTION_XLMI,
+XTENSA_OPTION_HW_ALIGNMENT,
+XTENSA_OPTION_MEMORY_ECC_PARITY,
+
+/* Memory protection and translation */
+XTENSA_OPTION_REGION_PROTECTION,
+XTENSA_OPTION_REGION_TRANSLATION,
+XTENSA_OPTION_MMU,
+XTENSA_OPTION_CACHEATTR,
+
+/* Other */
+XTENSA_OPTION_WINDOWED_REGISTER,
+XTENSA_OPTION_PROCESSOR_INTERFACE,
+XTENSA_OPTION_MISC_SR,
+XTENSA_OPTION_THREAD_POINTER,
+XTENSA_OPTION_PROCESSOR_ID,
+XTENSA_OPTION_DEBUG,
+XTENSA_OPTION_TRACE_PORT,
+};
+
+#define MAX_NAREG 64
+#define MAX_NINTERRUPT 32
+#define MAX_NLEVEL 6
+#define MAX_NNMI 1
+#define MAX_NCCOMPARE 3
+#define MAX_TLB_WAY_SIZE 8
+#define MAX_NDBREAK 2
+
+enum {
+/* Static vectors */
+EXC_RESET,
+EXC_MEMORY_ERROR,
+
+/* Dynamic vectors */
+EXC_WINDOW_OVERFLOW4,
+EXC_WINDOW_UNDERFLOW4,
+EXC_WINDOW_OVERFLOW8,
+EXC_WINDOW_UNDERFLOW8,
+EXC_WINDOW_OVERFLOW12,
+EXC_WINDOW_UNDERFLOW12,
+EXC_IRQ,
+EXC_KERNEL,
+EXC_USER,
+EXC_DOUBLE,
+EXC_DEBUG,
+EXC_MAX
+};
+
+typedef enum {
+INTTYPE_LEVEL,
+INTTYPE_EDGE,
+INTTYPE_NMI,
+INTTYPE_SOFTWARE,
+INTTYPE_TIMER,
+INTTYPE_DEBUG,
+INTTYPE_WRITE_ERR,
+INTTYPE_PROFILING,
+INTTYPE_MAX
+} interrupt_type;
+
+typedef struct xtensa_tlb {
+unsigned nways;
+const unsigned way_size[10];
+bool varway56;
+unsigned nrefillentries;
+} xtensa_tlb;
+
+typedef struct XtensaGdbReg {
+int targno;
+int type;
+int group;
+unsigned size;
+} XtensaGdbReg;
+
+typedef struct XtensaGdbRegmap {
+int num_regs;
+int num_core_regs;
+/* PC + a + ar + sr + ur */
+XtensaGdbReg reg[1 + 16 + 64 + 256 + 256];
+} XtensaGdbRegmap;
+
+typedef struct XtensaConfig {
+const char *name;
+uint64_t options;
+XtensaGdbRegmap gdb_regmap;
+unsigned nareg;
+int excm_level;
+int ndepc;
+uint32_t vecbase;
+uint32_t exception_vector[EXC_MAX];
+unsigned ninterrupt;
+unsigned nlevel;
+uint32_t interrupt_vector[MAX_NLEVEL + MAX_NNMI + 1];
+uint32_t level_mask[MAX_NLEVEL + MAX_NNMI + 1];
+uint32_t inttype_mask[INTTYPE_MAX];
+struct {
+uint32_t level;
+interrupt_type inttype;
+} interrupt[MAX_NINTERRUPT];
+unsigned nccompare;
+uint32_t timerint[MAX_NCCOMPARE];
+unsigned nextint;
+unsigned extint[MAX_NINTERRUPT];
+
+unsigned debug_level;
+unsigned nibreak;
+unsigned ndbreak;
+
+uint32_t configid[2];
+
+uint32_t clock_freq_khz;
+
+xtensa_tlb itlb;
+xtensa_tlb dtlb;
+} XtensaConfig;
+
 /**
  * XtensaCPUClass:
  * @parent_realize: The parent class' realize handler.
@@ -59,40 +216,6 @@ typedef struct XtensaCPUClass {
 const XtensaConfig *config;
 } XtensaCPUClass;
 
-/**
- * XtensaCPU:
- * @env: #CPUXtensaState
- *
- * An Xtensa CPU.
- */
-typedef struct 

[Qemu-devel] [PATCH 17/49] target-sparc: make cpu-qom.h not target specific

[Paolo Bonzini]

Make SPARCCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-sparc/cpu-qom.h | 37 +
 target-sparc/cpu.h | 38 +-
 2 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/target-sparc/cpu-qom.h b/target-sparc/cpu-qom.h
index 174dfd3..f63af72 100644
--- a/target-sparc/cpu-qom.h
+++ b/target-sparc/cpu-qom.h
@@ -51,41 +51,6 @@ typedef struct SPARCCPUClass {
 void (*parent_reset)(CPUState *cpu);
 } SPARCCPUClass;
 
-/**
- * SPARCCPU:
- * @env: #CPUSPARCState
- *
- * A SPARC CPU.
- */
-typedef struct SPARCCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUSPARCState env;
-} SPARCCPU;
-
-static inline SPARCCPU *sparc_env_get_cpu(CPUSPARCState *env)
-{
-return container_of(env, SPARCCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(sparc_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(SPARCCPU, env)
-
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_sparc_cpu;
-#endif
-
-void sparc_cpu_do_interrupt(CPUState *cpu);
-void sparc_cpu_dump_state(CPUState *cpu, FILE *f,
-  fprintf_function cpu_fprintf, int flags);
-hwaddr sparc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int sparc_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int sparc_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cpu,
- vaddr addr, int is_write,
- int is_user, uintptr_t 
retaddr);
+typedef struct SPARCCPU SPARCCPU;
 
 #endif
diff --git a/target-sparc/cpu.h b/target-sparc/cpu.h
index dc46122..55981b5 100644
--- a/target-sparc/cpu.h
+++ b/target-sparc/cpu.h
@@ -3,6 +3,7 @@
 
 #include "qemu-common.h"
 #include "qemu/bswap.h"
+#include "cpu-qom.h"
 
 #define ALIGNED_ONLY
 
@@ -506,7 +507,42 @@ struct CPUSPARCState {
 uint32_t cache_control;
 };
 
-#include "cpu-qom.h"
+/**
+ * SPARCCPU:
+ * @env: #CPUSPARCState
+ *
+ * A SPARC CPU.
+ */
+struct SPARCCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUSPARCState env;
+};
+
+static inline SPARCCPU *sparc_env_get_cpu(CPUSPARCState *env)
+{
+return container_of(env, SPARCCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(sparc_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(SPARCCPU, env)
+
+#ifndef CONFIG_USER_ONLY
+extern const struct VMStateDescription vmstate_sparc_cpu;
+#endif
+
+void sparc_cpu_do_interrupt(CPUState *cpu);
+void sparc_cpu_dump_state(CPUState *cpu, FILE *f,
+  fprintf_function cpu_fprintf, int flags);
+hwaddr sparc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+int sparc_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int sparc_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cpu,
+ vaddr addr, int is_write,
+ int is_user, uintptr_t 
retaddr);
 
 #ifndef NO_CPU_IO_DEFS
 /* cpu_init.c */
-- 
1.8.3.1

[Qemu-devel] [PATCH 15/49] target-s390x: make cpu-qom.h not target specific

[Paolo Bonzini]

Make S390XCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-s390x/cpu-qom.h | 45 +
 target-s390x/cpu.h | 47 ++-
 2 files changed, 47 insertions(+), 45 deletions(-)

diff --git a/target-s390x/cpu-qom.h b/target-s390x/cpu-qom.h
index 681e370..66b5d18 100644
--- a/target-s390x/cpu-qom.h
+++ b/target-s390x/cpu-qom.h
@@ -55,49 +55,6 @@ typedef struct S390CPUClass {
 void (*initial_cpu_reset)(CPUState *cpu);
 } S390CPUClass;
 
-/**
- * S390CPU:
- * @env: #CPUS390XState.
- *
- * An S/390 CPU.
- */
-typedef struct S390CPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUS390XState env;
-int64_t id;
-/* needed for live migration */
-void *irqstate;
-uint32_t irqstate_saved_size;
-} S390CPU;
-
-static inline S390CPU *s390_env_get_cpu(CPUS390XState *env)
-{
-return container_of(env, S390CPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(s390_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(S390CPU, env)
-
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_s390_cpu;
-#endif
-
-void s390_cpu_do_interrupt(CPUState *cpu);
-bool s390_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void s390_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
- int flags);
-int s390_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
-  int cpuid, void *opaque);
-
-hwaddr s390_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-hwaddr s390_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
-int s390_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int s390_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void s390_cpu_gdb_init(CPUState *cs);
-void s390x_cpu_debug_excp_handler(CPUState *cs);
+typedef struct S390CPU S390CPU;
 
 #endif
diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h
index 6d97c08..760eadf 100644
--- a/target-s390x/cpu.h
+++ b/target-s390x/cpu.h
@@ -23,6 +23,7 @@
 #define CPU_S390X_H
 
 #include "qemu-common.h"
+#include "cpu-qom.h"
 
 #define TARGET_LONG_BITS 64
 
@@ -171,7 +172,51 @@ static inline CPU_DoubleU *get_freg(CPUS390XState *cs, int 
nr)
 return >vregs[nr][0];
 }
 
-#include "cpu-qom.h"
+/**
+ * S390CPU:
+ * @env: #CPUS390XState.
+ *
+ * An S/390 CPU.
+ */
+struct S390CPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUS390XState env;
+int64_t id;
+/* needed for live migration */
+void *irqstate;
+uint32_t irqstate_saved_size;
+};
+
+static inline S390CPU *s390_env_get_cpu(CPUS390XState *env)
+{
+return container_of(env, S390CPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(s390_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(S390CPU, env)
+
+#ifndef CONFIG_USER_ONLY
+extern const struct VMStateDescription vmstate_s390_cpu;
+#endif
+
+void s390_cpu_do_interrupt(CPUState *cpu);
+bool s390_cpu_exec_interrupt(CPUState *cpu, int int_req);
+void s390_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
+ int flags);
+int s390_cpu_write_elf64_note(WriteCoreDumpFunction f, CPUState *cs,
+  int cpuid, void *opaque);
+
+hwaddr s390_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+hwaddr s390_cpu_get_phys_addr_debug(CPUState *cpu, vaddr addr);
+int s390_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int s390_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+void s390_cpu_gdb_init(CPUState *cs);
+void s390x_cpu_debug_excp_handler(CPUState *cs);
+
 #include 
 
 /* distinguish between 24 bit and 31 bit addressing */
-- 
1.8.3.1

[Qemu-devel] [PATCH 14/49] target-ppc: make cpu-qom.h not target specific

[Paolo Bonzini]

Make PowerPCCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  Conversely, move all definitions needed to define
a class to cpu-qom.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-ppc/cpu-qom.h | 155 
 target-ppc/cpu.h | 162 +--
 2 files changed, 157 insertions(+), 160 deletions(-)

diff --git a/target-ppc/cpu-qom.h b/target-ppc/cpu-qom.h
index bab501f..4062adc 100644
--- a/target-ppc/cpu-qom.h
+++ b/target-ppc/cpu-qom.h
@@ -38,6 +38,111 @@
 OBJECT_GET_CLASS(PowerPCCPUClass, (obj), TYPE_POWERPC_CPU)
 
 typedef struct PowerPCCPU PowerPCCPU;
+typedef struct CPUPPCState CPUPPCState;
+typedef struct ppc_tb_t ppc_tb_t;
+typedef struct ppc_dcr_t ppc_dcr_t;
+
+/*/
+/* MMU model */
+typedef enum powerpc_mmu_t powerpc_mmu_t;
+enum powerpc_mmu_t {
+POWERPC_MMU_UNKNOWN= 0x,
+/* Standard 32 bits PowerPC MMU*/
+POWERPC_MMU_32B= 0x0001,
+/* PowerPC 6xx MMU with software TLB   */
+POWERPC_MMU_SOFT_6xx   = 0x0002,
+/* PowerPC 74xx MMU with software TLB  */
+POWERPC_MMU_SOFT_74xx  = 0x0003,
+/* PowerPC 4xx MMU with software TLB   */
+POWERPC_MMU_SOFT_4xx   = 0x0004,
+/* PowerPC 4xx MMU with software TLB and zones protections */
+POWERPC_MMU_SOFT_4xx_Z = 0x0005,
+/* PowerPC MMU in real mode only   */
+POWERPC_MMU_REAL   = 0x0006,
+/* Freescale MPC8xx MMU model  */
+POWERPC_MMU_MPC8xx = 0x0007,
+/* BookE MMU model */
+POWERPC_MMU_BOOKE  = 0x0008,
+/* BookE 2.06 MMU model*/
+POWERPC_MMU_BOOKE206   = 0x0009,
+/* PowerPC 601 MMU model (specific BATs format)*/
+POWERPC_MMU_601= 0x000A,
+#define POWERPC_MMU_64   0x0001
+#define POWERPC_MMU_1TSEG0x0002
+#define POWERPC_MMU_AMR  0x0004
+/* 64 bits PowerPC MMU */
+POWERPC_MMU_64B= POWERPC_MMU_64 | 0x0001,
+/* Architecture 2.03 and later (has LPCR) */
+POWERPC_MMU_2_03   = POWERPC_MMU_64 | 0x0002,
+/* Architecture 2.06 variant   */
+POWERPC_MMU_2_06   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
+ | POWERPC_MMU_AMR | 0x0003,
+/* Architecture 2.06 "degraded" (no 1T segments)   */
+POWERPC_MMU_2_06a  = POWERPC_MMU_64 | POWERPC_MMU_AMR
+ | 0x0003,
+/* Architecture 2.07 variant   */
+POWERPC_MMU_2_07   = POWERPC_MMU_64 | POWERPC_MMU_1TSEG
+ | POWERPC_MMU_AMR | 0x0004,
+/* Architecture 2.07 "degraded" (no 1T segments)   */
+POWERPC_MMU_2_07a  = POWERPC_MMU_64 | POWERPC_MMU_AMR
+ | 0x0004,
+};
+
+/*/
+/* Exception model   */
+typedef enum powerpc_excp_t powerpc_excp_t;
+enum powerpc_excp_t {
+POWERPC_EXCP_UNKNOWN   = 0,
+/* Standard PowerPC exception model */
+POWERPC_EXCP_STD,
+/* PowerPC 40x exception model  */
+POWERPC_EXCP_40x,
+/* PowerPC 601 exception model  */
+POWERPC_EXCP_601,
+/* PowerPC 602 exception model  */
+POWERPC_EXCP_602,
+/* PowerPC 603 exception model  */
+POWERPC_EXCP_603,
+/* PowerPC 603e exception model */
+POWERPC_EXCP_603E,
+/* PowerPC G2 exception model   */
+POWERPC_EXCP_G2,
+/* PowerPC 604 exception model  */
+POWERPC_EXCP_604,
+/* PowerPC 7x0 exception model  */
+POWERPC_EXCP_7x0,
+/* PowerPC 7x5 exception model  */
+POWERPC_EXCP_7x5,
+/* PowerPC 74xx exception model */
+POWERPC_EXCP_74xx,
+/* BookE exception model*/
+POWERPC_EXCP_BOOKE,
+/* PowerPC 970 exception model  */
+POWERPC_EXCP_970,
+/* POWER7 exception model   */
+POWERPC_EXCP_POWER7,
+};
+
+/*/
+/* Input pins model  */
+typedef enum powerpc_input_t powerpc_input_t;
+enum powerpc_input_t {
+PPC_FLAGS_INPUT_UNKNOWN = 0,
+/* PowerPC 6xx bus  */
+

[Qemu-devel] [PATCH 07/49] target-cris: make cpu-qom.h not target specific

[Paolo Bonzini]

Make CRISCPU an opaque type within cpu-qom.h, and move all definitions of
private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-cris/cpu-qom.h | 40 +---
 target-cris/cpu.h | 41 -
 2 files changed, 41 insertions(+), 40 deletions(-)

diff --git a/target-cris/cpu-qom.h b/target-cris/cpu-qom.h
index df4c0b5..7556e9f 100644
--- a/target-cris/cpu-qom.h
+++ b/target-cris/cpu-qom.h
@@ -50,44 +50,6 @@ typedef struct CRISCPUClass {
 uint32_t vr;
 } CRISCPUClass;
 
-/**
- * CRISCPU:
- * @env: #CPUCRISState
- *
- * A CRIS CPU.
- */
-typedef struct CRISCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUCRISState env;
-} CRISCPU;
-
-static inline CRISCPU *cris_env_get_cpu(CPUCRISState *env)
-{
-return container_of(env, CRISCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(cris_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(CRISCPU, env)
-
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_cris_cpu;
-#endif
-
-void cris_cpu_do_interrupt(CPUState *cpu);
-void crisv10_cpu_do_interrupt(CPUState *cpu);
-bool cris_cpu_exec_interrupt(CPUState *cpu, int int_req);
-
-void cris_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
- int flags);
-
-hwaddr cris_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-
-int crisv10_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int cris_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int cris_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+typedef struct CRISCPU CRISCPU;
 
 #endif
diff --git a/target-cris/cpu.h b/target-cris/cpu.h
index 415cf91..e3411687 100644
--- a/target-cris/cpu.h
+++ b/target-cris/cpu.h
@@ -21,6 +21,7 @@
 #define CPU_CRIS_H
 
 #include "qemu-common.h"
+#include "cpu-qom.h"
 
 #define TARGET_LONG_BITS 32
 
@@ -171,7 +172,45 @@ typedef struct CPUCRISState {
 void *load_info;
 } CPUCRISState;
 
-#include "cpu-qom.h"
+/**
+ * CRISCPU:
+ * @env: #CPUCRISState
+ *
+ * A CRIS CPU.
+ */
+struct CRISCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUCRISState env;
+};
+
+static inline CRISCPU *cris_env_get_cpu(CPUCRISState *env)
+{
+return container_of(env, CRISCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(cris_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(CRISCPU, env)
+
+#ifndef CONFIG_USER_ONLY
+extern const struct VMStateDescription vmstate_cris_cpu;
+#endif
+
+void cris_cpu_do_interrupt(CPUState *cpu);
+void crisv10_cpu_do_interrupt(CPUState *cpu);
+bool cris_cpu_exec_interrupt(CPUState *cpu, int int_req);
+
+void cris_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
+ int flags);
+
+hwaddr cris_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+
+int crisv10_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int cris_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int cris_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
 CRISCPU *cpu_cris_init(const char *cpu_model);
 int cpu_cris_exec(CPUState *cpu);
-- 
1.8.3.1

[Qemu-devel] [PATCH 22/49] m68k: include cpu-qom.h in files that require M68KCPU

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 include/hw/m68k/mcf.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/hw/m68k/mcf.h b/include/hw/m68k/mcf.h
index fbc8dc2..0f0d228 100644
--- a/include/hw/m68k/mcf.h
+++ b/include/hw/m68k/mcf.h
@@ -2,6 +2,8 @@
 #define HW_MCF_H
 /* Motorola ColdFire device prototypes.  */
 
+#include "target-m68k/cpu-qom.h"
+
 struct MemoryRegion;
 
 /* mcf_uart.c */
-- 
1.8.3.1

[Qemu-devel] [PATCH 11/49] target-microblaze: make cpu-qom.h not target specific

[Paolo Bonzini]

Make MicroBlazeCPU an opaque type within cpu-qom.h, and move all
definitions of private methods, as well as all type definitions that
require knowledge of the layout to cpu.h.  This helps making files
independent of NEED_CPU_H if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-microblaze/cpu-qom.h | 44 +---
 target-microblaze/cpu.h | 45 -
 2 files changed, 45 insertions(+), 44 deletions(-)

diff --git a/target-microblaze/cpu-qom.h b/target-microblaze/cpu-qom.h
index 34f6273..1a61db7 100644
--- a/target-microblaze/cpu-qom.h
+++ b/target-microblaze/cpu-qom.h
@@ -47,48 +47,6 @@ typedef struct MicroBlazeCPUClass {
 void (*parent_reset)(CPUState *cpu);
 } MicroBlazeCPUClass;
 
-/**
- * MicroBlazeCPU:
- * @env: #CPUMBState
- *
- * A MicroBlaze CPU.
- */
-typedef struct MicroBlazeCPU {
-/*< private >*/
-CPUState parent_obj;
-
-/*< public >*/
-
-/* Microblaze Configuration Settings */
-struct {
-bool stackprot;
-uint32_t base_vectors;
-uint8_t use_fpu;
-bool use_mmu;
-bool dcache_writeback;
-bool endi;
-char *version;
-uint8_t pvr;
-} cfg;
-
-CPUMBState env;
-} MicroBlazeCPU;
-
-static inline MicroBlazeCPU *mb_env_get_cpu(CPUMBState *env)
-{
-return container_of(env, MicroBlazeCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(mb_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(MicroBlazeCPU, env)
-
-void mb_cpu_do_interrupt(CPUState *cs);
-bool mb_cpu_exec_interrupt(CPUState *cs, int int_req);
-void mb_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
-   int flags);
-hwaddr mb_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int mb_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int mb_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+typedef struct MicroBlazeCPU MicroBlazeCPU;
 
 #endif
diff --git a/target-microblaze/cpu.h b/target-microblaze/cpu.h
index 2f7335e..4c4db7f 100644
--- a/target-microblaze/cpu.h
+++ b/target-microblaze/cpu.h
@@ -20,6 +20,7 @@
 #define CPU_MICROBLAZE_H
 
 #include "qemu-common.h"
+#include "cpu-qom.h"
 
 #define TARGET_LONG_BITS 32
 
@@ -274,7 +275,49 @@ struct CPUMBState {
 } pvr;
 };
 
-#include "cpu-qom.h"
+/**
+ * MicroBlazeCPU:
+ * @env: #CPUMBState
+ *
+ * A MicroBlaze CPU.
+ */
+struct MicroBlazeCPU {
+/*< private >*/
+CPUState parent_obj;
+
+/*< public >*/
+
+/* Microblaze Configuration Settings */
+struct {
+bool stackprot;
+uint32_t base_vectors;
+uint8_t use_fpu;
+bool use_mmu;
+bool dcache_writeback;
+bool endi;
+char *version;
+uint8_t pvr;
+} cfg;
+
+CPUMBState env;
+};
+
+static inline MicroBlazeCPU *mb_env_get_cpu(CPUMBState *env)
+{
+return container_of(env, MicroBlazeCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(mb_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(MicroBlazeCPU, env)
+
+void mb_cpu_do_interrupt(CPUState *cs);
+bool mb_cpu_exec_interrupt(CPUState *cs, int int_req);
+void mb_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
+   int flags);
+hwaddr mb_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+int mb_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int mb_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
 
 void mb_tcg_init(void);
 MicroBlazeCPU *cpu_mb_init(const char *cpu_model);
-- 
1.8.3.1

[Qemu-devel] [PATCH 18/49] target-tricore: make cpu-qom.h not target specific

[Paolo Bonzini]

Make TriCoreCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-tricore/cpu-qom.h | 28 +---
 target-tricore/cpu.h | 30 +-
 2 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/target-tricore/cpu-qom.h b/target-tricore/cpu-qom.h
index 66c9664..399c98f 100644
--- a/target-tricore/cpu-qom.h
+++ b/target-tricore/cpu-qom.h
@@ -39,32 +39,6 @@ typedef struct TriCoreCPUClass {
 void (*parent_reset)(CPUState *cpu);
 } TriCoreCPUClass;
 
-/**
- * TriCoreCPU:
- * @env: #CPUTriCoreState
- *
- * A TriCore CPU.
- */
-typedef struct TriCoreCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUTriCoreState env;
-} TriCoreCPU;
-
-static inline TriCoreCPU *tricore_env_get_cpu(CPUTriCoreState *env)
-{
-return TRICORE_CPU(container_of(env, TriCoreCPU, env));
-}
-
-#define ENV_GET_CPU(e) CPU(tricore_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(TriCoreCPU, env)
-
-hwaddr tricore_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-void tricore_cpu_dump_state(CPUState *cpu, FILE *f,
-fprintf_function cpu_fprintf, int flags);
-
+typedef struct TriCoreCPU TriCoreCPU;
 
 #endif /*QEMU_TRICORE_CPU_QOM_H */
diff --git a/target-tricore/cpu.h b/target-tricore/cpu.h
index 5fee376..f0da68c 100644
--- a/target-tricore/cpu.h
+++ b/target-tricore/cpu.h
@@ -21,6 +21,7 @@
 
 #include "tricore-defs.h"
 #include "qemu-common.h"
+#include "cpu-qom.h"
 #include "exec/cpu-defs.h"
 #include "fpu/softfloat.h"
 
@@ -199,6 +200,34 @@ struct CPUTriCoreState {
 struct QEMUTimer *timer; /* Internal timer */
 };
 
+/**
+ * TriCoreCPU:
+ * @env: #CPUTriCoreState
+ *
+ * A TriCore CPU.
+ */
+struct TriCoreCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUTriCoreState env;
+};
+
+static inline TriCoreCPU *tricore_env_get_cpu(CPUTriCoreState *env)
+{
+return TRICORE_CPU(container_of(env, TriCoreCPU, env));
+}
+
+#define ENV_GET_CPU(e) CPU(tricore_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(TriCoreCPU, env)
+
+hwaddr tricore_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+void tricore_cpu_dump_state(CPUState *cpu, FILE *f,
+fprintf_function cpu_fprintf, int flags);
+
+
 #define MASK_PCXI_PCPN 0xff00
 #define MASK_PCXI_PIE  0x0080
 #define MASK_PCXI_UL   0x0040
@@ -339,7 +368,6 @@ enum {
 uint32_t psw_read(CPUTriCoreState *env);
 void psw_write(CPUTriCoreState *env, uint32_t val);
 
-#include "cpu-qom.h"
 #define MMU_USER_IDX 2
 
 void tricore_cpu_list(FILE *f, fprintf_function cpu_fprintf);
-- 
1.8.3.1

[Qemu-devel] [PATCH 05/49] target-alpha: make cpu-qom.h not target specific

[Paolo Bonzini]

Make AlphaCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-alpha/cpu-qom.h | 40 +---
 target-alpha/cpu.h | 42 +-
 2 files changed, 42 insertions(+), 40 deletions(-)

diff --git a/target-alpha/cpu-qom.h b/target-alpha/cpu-qom.h
index cf5264a..bae4945 100644
--- a/target-alpha/cpu-qom.h
+++ b/target-alpha/cpu-qom.h
@@ -47,44 +47,6 @@ typedef struct AlphaCPUClass {
 void (*parent_reset)(CPUState *cpu);
 } AlphaCPUClass;
 
-/**
- * AlphaCPU:
- * @env: #CPUAlphaState
- *
- * An Alpha CPU.
- */
-typedef struct AlphaCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUAlphaState env;
-
-/* This alarm doesn't exist in real hardware; we wish it did.  */
-QEMUTimer *alarm_timer;
-} AlphaCPU;
-
-static inline AlphaCPU *alpha_env_get_cpu(CPUAlphaState *env)
-{
-return container_of(env, AlphaCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(alpha_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(AlphaCPU, env)
-
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_alpha_cpu;
-#endif
-
-void alpha_cpu_do_interrupt(CPUState *cpu);
-bool alpha_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void alpha_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
-  int flags);
-hwaddr alpha_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int alpha_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int alpha_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void alpha_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
-   int is_write, int is_user, uintptr_t 
retaddr);
+typedef struct AlphaCPU AlphaCPU;
 
 #endif
diff --git a/target-alpha/cpu.h b/target-alpha/cpu.h
index 420f2a5..8353bda 100644
--- a/target-alpha/cpu.h
+++ b/target-alpha/cpu.h
@@ -21,6 +21,7 @@
 #define __CPU_ALPHA_H__
 
 #include "qemu-common.h"
+#include "cpu-qom.h"
 
 #define TARGET_LONG_BITS 64
 #define ALIGNED_ONLY
@@ -284,12 +285,51 @@ struct CPUAlphaState {
 int implver;
 };
 
+/**
+ * AlphaCPU:
+ * @env: #CPUAlphaState
+ *
+ * An Alpha CPU.
+ */
+struct AlphaCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUAlphaState env;
+
+/* This alarm doesn't exist in real hardware; we wish it did.  */
+QEMUTimer *alarm_timer;
+};
+
+static inline AlphaCPU *alpha_env_get_cpu(CPUAlphaState *env)
+{
+return container_of(env, AlphaCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(alpha_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(AlphaCPU, env)
+
+#ifndef CONFIG_USER_ONLY
+extern const struct VMStateDescription vmstate_alpha_cpu;
+#endif
+
+void alpha_cpu_do_interrupt(CPUState *cpu);
+bool alpha_cpu_exec_interrupt(CPUState *cpu, int int_req);
+void alpha_cpu_dump_state(CPUState *cs, FILE *f, fprintf_function cpu_fprintf,
+  int flags);
+hwaddr alpha_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+int alpha_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int alpha_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+void alpha_cpu_do_unaligned_access(CPUState *cpu, vaddr addr,
+   int is_write, int is_user, uintptr_t 
retaddr);
+
 #define cpu_list alpha_cpu_list
 #define cpu_exec cpu_alpha_exec
 #define cpu_signal_handler cpu_alpha_signal_handler
 
 #include "exec/cpu-all.h"
-#include "cpu-qom.h"
 
 enum {
 FEATURE_ASN= 0x0001,
-- 
1.8.3.1

[Qemu-devel] [PATCH 03/49] hw: explicitly include qemu-common.h and cpu.h

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/alpha/dp264.c | 2 ++
 hw/alpha/pci.c   | 2 ++
 hw/arm/allwinner-a10.c   | 2 ++
 hw/arm/armv7m.c  | 2 ++
 hw/arm/bcm2836.c | 2 ++
 hw/arm/cubieboard.c  | 2 ++
 hw/arm/digic_boards.c| 2 ++
 hw/arm/exynos4210.c  | 2 ++
 hw/arm/exynos4_boards.c  | 2 ++
 hw/arm/fsl-imx25.c   | 2 ++
 hw/arm/fsl-imx31.c   | 2 ++
 hw/arm/imx25_pdk.c   | 2 ++
 hw/arm/integratorcp.c| 2 ++
 hw/arm/kzm.c | 2 ++
 hw/arm/musicpal.c| 2 ++
 hw/arm/omap1.c   | 2 ++
 hw/arm/omap2.c   | 2 ++
 hw/arm/pxa2xx.c  | 2 ++
 hw/arm/pxa2xx_pic.c  | 2 ++
 hw/arm/raspi.c   | 2 ++
 hw/arm/realview.c| 2 ++
 hw/arm/stm32f205_soc.c   | 2 ++
 hw/arm/strongarm.c   | 1 +
 hw/arm/versatilepb.c | 2 ++
 hw/arm/vexpress.c| 2 ++
 hw/arm/xilinx_zynq.c | 2 ++
 hw/arm/xlnx-ep108.c  | 2 ++
 hw/arm/xlnx-zynqmp.c | 2 ++
 hw/char/spapr_vty.c  | 2 ++
 hw/cris/axis_dev88.c | 2 ++
 hw/cris/boot.c   | 2 ++
 hw/display/sm501.c   | 2 ++
 hw/display/tcx.c | 1 +
 hw/i386/multiboot.c  | 2 ++
 hw/intc/armv7m_nvic.c| 1 +
 hw/intc/sh_intc.c| 2 ++
 hw/intc/xics.c   | 2 ++
 hw/intc/xics_kvm.c   | 2 ++
 hw/isa/lpc_ich9.c| 1 +
 hw/lm32/lm32_boards.c| 2 ++
 hw/lm32/milkymist.c  | 2 ++
 hw/m68k/an5206.c | 2 ++
 hw/m68k/dummy_m68k.c | 2 ++
 hw/m68k/mcf5206.c| 2 ++
 hw/m68k/mcf5208.c| 2 ++
 hw/m68k/mcf_intc.c   | 2 ++
 hw/microblaze/boot.c | 2 ++
 hw/microblaze/petalogix_ml605_mmu.c  | 2 ++
 hw/microblaze/petalogix_s3adsp1800_mmu.c | 2 ++
 hw/mips/mips_malta.c | 2 ++
 hw/mips/mips_mipssim.c   | 2 ++
 hw/mips/mips_r4k.c   | 2 ++
 hw/moxie/moxiesim.c  | 2 ++
 hw/net/milkymist-minimac2.c  | 2 ++
 hw/net/spapr_llan.c  | 2 ++
 hw/net/xilinx_ethlite.c  | 2 ++
 hw/nvram/spapr_nvram.c   | 2 ++
 hw/openrisc/openrisc_sim.c   | 2 ++
 hw/ppc/mpc8544_guts.c| 2 ++
 hw/ppc/ppc.c | 2 ++
 hw/ppc/ppc405_boards.c   | 2 ++
 hw/ppc/ppc405_uc.c   | 2 ++
 hw/ppc/ppc_booke.c   | 2 ++
 hw/ppc/spapr_drc.c   | 2 ++
 hw/ppc/spapr_pci.c   | 2 ++
 hw/ppc/spapr_pci_vfio.c  | 2 ++
 hw/ppc/spapr_rng.c   | 2 ++
 hw/s390x/s390-pci-bus.c  | 2 ++
 hw/s390x/s390-pci-inst.c | 2 ++
 hw/s390x/s390-virtio-ccw.c   | 2 ++
 hw/scsi/spapr_vscsi.c| 2 ++
 hw/sh4/r2d.c | 2 ++
 hw/sh4/shix.c| 2 ++
 hw/sparc/leon3.c | 2 ++
 hw/sparc/sun4m.c | 2 ++
 hw/sparc64/sun4u.c   | 2 ++
 hw/timer/ds1338.c| 1 +
 hw/timer/mc146818rtc.c   | 1 +
 hw/tricore/tricore_testboard.c   | 2 ++
 hw/unicore32/puv3.c  | 2 ++
 hw/virtio/virtio.c   | 3 ++-
 hw/xtensa/sim.c  | 2 ++
 hw/xtensa/xtfpga.c   | 2 ++
 83 files changed, 160 insertions(+), 1 deletion(-)

diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 7c5989b..1eee68b 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -7,6 +7,8 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
 #include "hw/hw.h"
 #include "elf.h"
 #include "hw/loader.h"
diff --git a/hw/alpha/pci.c b/hw/alpha/pci.c
index fb902bb..5baa0ea 100644
--- a/hw/alpha/pci.c
+++ b/hw/alpha/pci.c
@@ -7,6 +7,8 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "cpu.h"
 #include "alpha_sys.h"
 #include "qemu/log.h"
 #include "sysemu/sysemu.h"
diff --git a/hw/arm/allwinner-a10.c b/hw/arm/allwinner-a10.c
index b4d3cf6..ca15d1c 100644
--- a/hw/arm/allwinner-a10.c
+++ b/hw/arm/allwinner-a10.c
@@ -17,6 +17,8 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
 

Re: [Qemu-devel] [PULL 18/40] hmp: 'drive_add -n' for creating a node without BB

[Kevin Wolf]

Am 16.03.2016 um 11:41 hat Paolo Bonzini geschrieben:
> > +void hmp_drive_add_node(Monitor *mon, const char *optstr)
> > +{
> > +QemuOpts *opts;
> > +QDict *qdict;
> > +Error *local_err = NULL;
> > +
> > +opts = qemu_opts_parse_noisily(_drive_opts, optstr, false);
> > +if (!opts) {
> > +return;
> > +}
> > +
> > +qdict = qemu_opts_to_qdict(opts, NULL);
> > +
> > +if (!qdict_get_try_str(qdict, "node-name")) {
> > +error_report("'node-name' needs to be specified");
> 
> qdict is leaked here, says Coverity.

I already sent a fix.

Kevin

[Qemu-devel] [PATCH 06/49] target-arm: make cpu-qom.h not target specific

[Paolo Bonzini]

Make ARMCPU an opaque type within cpu-qom.h, and move all definitions of
private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-arm/cpu-qom.h | 178 +-
 target-arm/cpu.h | 179 ++-
 2 files changed, 179 insertions(+), 178 deletions(-)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index 1061c08..3991173 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -22,6 +22,8 @@
 
 #include "qom/cpu.h"
 
+struct arm_boot_info;
+
 #define TYPE_ARM_CPU "arm-cpu"
 
 #define ARM_CPU_CLASS(klass) \
@@ -47,145 +49,7 @@ typedef struct ARMCPUClass {
 void (*parent_reset)(CPUState *cpu);
 } ARMCPUClass;
 
-/**
- * ARMCPU:
- * @env: #CPUARMState
- *
- * An ARM CPU core.
- */
-typedef struct ARMCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUARMState env;
-
-/* Coprocessor information */
-GHashTable *cp_regs;
-/* For marshalling (mostly coprocessor) register state between the
- * kernel and QEMU (for KVM) and between two QEMUs (for migration),
- * we use these arrays.
- */
-/* List of register indexes managed via these arrays; (full KVM style
- * 64 bit indexes, not CPRegInfo 32 bit indexes)
- */
-uint64_t *cpreg_indexes;
-/* Values of the registers (cpreg_indexes[i]'s value is cpreg_values[i]) */
-uint64_t *cpreg_values;
-/* Length of the indexes, values, reset_values arrays */
-int32_t cpreg_array_len;
-/* These are used only for migration: incoming data arrives in
- * these fields and is sanity checked in post_load before copying
- * to the working data structures above.
- */
-uint64_t *cpreg_vmstate_indexes;
-uint64_t *cpreg_vmstate_values;
-int32_t cpreg_vmstate_array_len;
-
-/* Timers used by the generic (architected) timer */
-QEMUTimer *gt_timer[NUM_GTIMERS];
-/* GPIO outputs for generic timer */
-qemu_irq gt_timer_outputs[NUM_GTIMERS];
-
-/* MemoryRegion to use for secure physical accesses */
-MemoryRegion *secure_memory;
-
-/* 'compatible' string for this CPU for Linux device trees */
-const char *dtb_compatible;
-
-/* PSCI version for this CPU
- * Bits[31:16] = Major Version
- * Bits[15:0] = Minor Version
- */
-uint32_t psci_version;
-
-/* Should CPU start in PSCI powered-off state? */
-bool start_powered_off;
-/* CPU currently in PSCI powered-off state */
-bool powered_off;
-/* CPU has security extension */
-bool has_el3;
-
-/* CPU has memory protection unit */
-bool has_mpu;
-/* PMSAv7 MPU number of supported regions */
-uint32_t pmsav7_dregion;
-
-/* PSCI conduit used to invoke PSCI methods
- * 0 - disabled, 1 - smc, 2 - hvc
- */
-uint32_t psci_conduit;
-
-/* [QEMU_]KVM_ARM_TARGET_* constant for this CPU, or
- * QEMU_KVM_ARM_TARGET_NONE if the kernel doesn't support this CPU type.
- */
-uint32_t kvm_target;
-
-/* KVM init features for this CPU */
-uint32_t kvm_init_features[7];
-
-/* Uniprocessor system with MP extensions */
-bool mp_is_up;
-
-/* The instance init functions for implementation-specific subclasses
- * set these fields to specify the implementation-dependent values of
- * various constant registers and reset values of non-constant
- * registers.
- * Some of these might become QOM properties eventually.
- * Field names match the official register names as defined in the
- * ARMv7AR ARM Architecture Reference Manual. A reset_ prefix
- * is used for reset values of non-constant registers; no reset_
- * prefix means a constant register.
- */
-uint32_t midr;
-uint32_t revidr;
-uint32_t reset_fpsid;
-uint32_t mvfr0;
-uint32_t mvfr1;
-uint32_t mvfr2;
-uint32_t ctr;
-uint32_t reset_sctlr;
-uint32_t id_pfr0;
-uint32_t id_pfr1;
-uint32_t id_dfr0;
-uint32_t pmceid0;
-uint32_t pmceid1;
-uint32_t id_afr0;
-uint32_t id_mmfr0;
-uint32_t id_mmfr1;
-uint32_t id_mmfr2;
-uint32_t id_mmfr3;
-uint32_t id_mmfr4;
-uint32_t id_isar0;
-uint32_t id_isar1;
-uint32_t id_isar2;
-uint32_t id_isar3;
-uint32_t id_isar4;
-uint32_t id_isar5;
-uint64_t id_aa64pfr0;
-uint64_t id_aa64pfr1;
-uint64_t id_aa64dfr0;
-uint64_t id_aa64dfr1;
-uint64_t id_aa64afr0;
-uint64_t id_aa64afr1;
-uint64_t id_aa64isar0;
-uint64_t id_aa64isar1;
-uint64_t id_aa64mmfr0;
-uint64_t id_aa64mmfr1;
-uint32_t dbgdidr;
-uint32_t clidr;
-uint64_t mp_affinity; /* MP ID without feature bits */
-/* The elements of this array are the CCSIDR values for each cache,
- * in the order L1DCache, 

[Qemu-devel] [PATCH 04/49] cpu: make cpu-qom.h only include-able from cpu.h

[Paolo Bonzini]

Make cpu-qom.h so that it is only included from cpu.h.  Then there
is no need for it to include cpu.h again.

Later we will make cpu-qom.h target independent and we will _want_
to include it from elsewhere, but for now reduce the number of cases
to handle.

Signed-off-by: Paolo Bonzini 
---
 target-alpha/cpu-qom.h | 1 -
 target-arm/psci.c  | 1 -
 target-i386/cpu-qom.h  | 1 -
 target-lm32/cpu-qom.h  | 1 -
 target-ppc/cpu-qom.h   | 1 -
 target-s390x/cpu-qom.h | 1 -
 target-sparc/cpu-qom.h | 1 -
 target-unicore32/cpu-qom.h | 1 -
 target-xtensa/cpu-qom.h| 1 -
 9 files changed, 9 deletions(-)

diff --git a/target-alpha/cpu-qom.h b/target-alpha/cpu-qom.h
index b01c6c8..cf5264a 100644
--- a/target-alpha/cpu-qom.h
+++ b/target-alpha/cpu-qom.h
@@ -21,7 +21,6 @@
 #define QEMU_ALPHA_CPU_QOM_H
 
 #include "qom/cpu.h"
-#include "cpu.h"
 
 #define TYPE_ALPHA_CPU "alpha-cpu"
 
diff --git a/target-arm/psci.c b/target-arm/psci.c
index c55487f..2b624b9 100644
--- a/target-arm/psci.c
+++ b/target-arm/psci.c
@@ -17,7 +17,6 @@
  */
 #include "qemu/osdep.h"
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
index cb75017..2ca7b9e 100644
--- a/target-i386/cpu-qom.h
+++ b/target-i386/cpu-qom.h
@@ -21,7 +21,6 @@
 #define QEMU_I386_CPU_QOM_H
 
 #include "qom/cpu.h"
-#include "cpu.h"
 #include "qemu/notify.h"
 
 #ifdef TARGET_X86_64
diff --git a/target-lm32/cpu-qom.h b/target-lm32/cpu-qom.h
index 77bc7b2..54989e4 100644
--- a/target-lm32/cpu-qom.h
+++ b/target-lm32/cpu-qom.h
@@ -21,7 +21,6 @@
 #define QEMU_LM32_CPU_QOM_H
 
 #include "qom/cpu.h"
-#include "cpu.h"
 
 #define TYPE_LM32_CPU "lm32-cpu"
 
diff --git a/target-ppc/cpu-qom.h b/target-ppc/cpu-qom.h
index 7d5e2b3..eb822a3 100644
--- a/target-ppc/cpu-qom.h
+++ b/target-ppc/cpu-qom.h
@@ -21,7 +21,6 @@
 #define QEMU_PPC_CPU_QOM_H
 
 #include "qom/cpu.h"
-#include "cpu.h"
 
 #ifdef TARGET_PPC64
 #define TYPE_POWERPC_CPU "powerpc64-cpu"
diff --git a/target-s390x/cpu-qom.h b/target-s390x/cpu-qom.h
index 1c90933..681e370 100644
--- a/target-s390x/cpu-qom.h
+++ b/target-s390x/cpu-qom.h
@@ -21,7 +21,6 @@
 #define QEMU_S390_CPU_QOM_H
 
 #include "qom/cpu.h"
-#include "cpu.h"
 
 #define TYPE_S390_CPU "s390-cpu"
 
diff --git a/target-sparc/cpu-qom.h b/target-sparc/cpu-qom.h
index 5096b10..174dfd3 100644
--- a/target-sparc/cpu-qom.h
+++ b/target-sparc/cpu-qom.h
@@ -21,7 +21,6 @@
 #define QEMU_SPARC_CPU_QOM_H
 
 #include "qom/cpu.h"
-#include "cpu.h"
 
 #ifdef TARGET_SPARC64
 #define TYPE_SPARC_CPU "sparc64-cpu"
diff --git a/target-unicore32/cpu-qom.h b/target-unicore32/cpu-qom.h
index ea65b83..e554f1f 100644
--- a/target-unicore32/cpu-qom.h
+++ b/target-unicore32/cpu-qom.h
@@ -12,7 +12,6 @@
 #define QEMU_UC32_CPU_QOM_H
 
 #include "qom/cpu.h"
-#include "cpu.h"
 
 #define TYPE_UNICORE32_CPU "unicore32-cpu"
 
diff --git a/target-xtensa/cpu-qom.h b/target-xtensa/cpu-qom.h
index 2258224..f5d9b9f 100644
--- a/target-xtensa/cpu-qom.h
+++ b/target-xtensa/cpu-qom.h
@@ -30,7 +30,6 @@
 #define QEMU_XTENSA_CPU_QOM_H
 
 #include "qom/cpu.h"
-#include "cpu.h"
 
 #define TYPE_XTENSA_CPU "xtensa-cpu"
 
-- 
1.8.3.1

[Qemu-devel] [PATCH 01/49] include: move CPU-related definitions out of qemu-common.h

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/core/qdev-properties.c |  1 +
 include/qemu-common.h | 24 
 include/qemu/timer.h  |  1 +
 include/qom/cpu.h |  9 +
 include/sysemu/cpus.h | 13 +
 stubs/cpu-get-icount.c|  1 +
 translate-common.c|  1 +
 vl.c  |  1 +
 8 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/hw/core/qdev-properties.c b/hw/core/qdev-properties.c
index a8c77ec..e775642 100644
--- a/hw/core/qdev-properties.c
+++ b/hw/core/qdev-properties.c
@@ -7,6 +7,7 @@
 #include "qemu/error-report.h"
 #include "sysemu/block-backend.h"
 #include "hw/block/block.h"
+#include "hw/pci/pci.h"
 #include "net/hub.h"
 #include "qapi/visitor.h"
 #include "sysemu/char.h"
diff --git a/include/qemu-common.h b/include/qemu-common.h
index bbb45b2..eccdb07 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -23,17 +23,6 @@
 #include "qemu/option.h"
 #include "qemu/host-utils.h"
 
-void cpu_ticks_init(void);
-
-/* icount */
-void configure_icount(QemuOpts *opts, Error **errp);
-extern int use_icount;
-extern int icount_align_option;
-/* drift information for info jit command */
-extern int64_t max_delay;
-extern int64_t max_advance;
-void dump_drift_info(FILE *f, fprintf_function cpu_fprintf);
-
 #include "qemu/bswap.h"
 
 /* FIXME: Remove NEED_CPU_H.  */
@@ -299,19 +288,6 @@ bool tcg_enabled(void);
 
 void cpu_exec_init_all(void);
 
-/* Unblock cpu */
-void qemu_cpu_kick_self(void);
-
-/* work queue */
-struct qemu_work_item {
-struct qemu_work_item *next;
-void (*func)(void *data);
-void *data;
-int done;
-bool free;
-};
-
-
 /**
  * Sends a (part of) iovec down a socket, yielding when the socket is full, or
  * Receives data into a (part of) iovec from a socket,
diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index 59a7169..c37f74d 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -4,6 +4,7 @@
 #include "qemu-common.h"
 #include "qemu/notify.h"
 #include "qemu/host-utils.h"
+#include "sysemu/cpus.h"
 
 #define NANOSECONDS_PER_SECOND 10LL
 
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 0b6fa25..bd51691 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -223,6 +223,15 @@ struct kvm_run;
 #define TB_JMP_CACHE_BITS 12
 #define TB_JMP_CACHE_SIZE (1 << TB_JMP_CACHE_BITS)
 
+/* work queue */
+struct qemu_work_item {
+struct qemu_work_item *next;
+void (*func)(void *data);
+void *data;
+int done;
+bool free;
+};
+
 /**
  * CPUState:
  * @cpu_index: CPU index (informative).
diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h
index 3d1e5ba..fe992a8 100644
--- a/include/sysemu/cpus.h
+++ b/include/sysemu/cpus.h
@@ -7,6 +7,19 @@ void qemu_init_cpu_loop(void);
 void resume_all_vcpus(void);
 void pause_all_vcpus(void);
 void cpu_stop_current(void);
+void cpu_ticks_init(void);
+
+void configure_icount(QemuOpts *opts, Error **errp);
+extern int use_icount;
+extern int icount_align_option;
+
+/* drift information for info jit command */
+extern int64_t max_delay;
+extern int64_t max_advance;
+void dump_drift_info(FILE *f, fprintf_function cpu_fprintf);
+
+/* Unblock cpu */
+void qemu_cpu_kick_self(void);
 
 void cpu_synchronize_all_states(void);
 void cpu_synchronize_all_post_reset(void);
diff --git a/stubs/cpu-get-icount.c b/stubs/cpu-get-icount.c
index 3a6f2ab..2e8b63b 100644
--- a/stubs/cpu-get-icount.c
+++ b/stubs/cpu-get-icount.c
@@ -1,6 +1,7 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qemu/timer.h"
+#include "sysemu/cpus.h"
 
 int use_icount;
 
diff --git a/translate-common.c b/translate-common.c
index ffbfe85..5e989cd 100644
--- a/translate-common.c
+++ b/translate-common.c
@@ -20,6 +20,7 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qom/cpu.h"
+#include "sysemu/cpus.h"
 
 uintptr_t qemu_real_host_page_size;
 intptr_t qemu_real_host_page_mask;
diff --git a/vl.c b/vl.c
index 7a28982..62f9a9c 100644
--- a/vl.c
+++ b/vl.c
@@ -86,6 +86,7 @@ int main(int argc, char **argv)
 #include "sysemu/dma.h"
 #include "audio/audio.h"
 #include "migration/migration.h"
+#include "sysemu/cpus.h"
 #include "sysemu/kvm.h"
 #include "qapi/qmp/qjson.h"
 #include "qemu/option.h"
-- 
1.8.3.1

[Qemu-devel] [PATCH 10/49] target-m68k: make cpu-qom.h not target specific

[Paolo Bonzini]

Make M68KCPU an opaque type within cpu-qom.h, and move all definitions of
private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-m68k/cpu-qom.h | 34 +-
 target-m68k/cpu.h | 36 ++--
 2 files changed, 35 insertions(+), 35 deletions(-)

diff --git a/target-m68k/cpu-qom.h b/target-m68k/cpu-qom.h
index c28e55d..9885bba 100644
--- a/target-m68k/cpu-qom.h
+++ b/target-m68k/cpu-qom.h
@@ -47,38 +47,6 @@ typedef struct M68kCPUClass {
 void (*parent_reset)(CPUState *cpu);
 } M68kCPUClass;
 
-/**
- * M68kCPU:
- * @env: #CPUM68KState
- *
- * A Motorola 68k CPU.
- */
-typedef struct M68kCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUM68KState env;
-} M68kCPU;
-
-static inline M68kCPU *m68k_env_get_cpu(CPUM68KState *env)
-{
-return container_of(env, M68kCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(m68k_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(M68kCPU, env)
-
-void m68k_cpu_do_interrupt(CPUState *cpu);
-bool m68k_cpu_exec_interrupt(CPUState *cpu, int int_req);
-void m68k_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
- int flags);
-hwaddr m68k_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int m68k_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int m68k_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-
-void m68k_cpu_exec_enter(CPUState *cs);
-void m68k_cpu_exec_exit(CPUState *cs);
+typedef struct M68kCPU M68kCPU;
 
 #endif
diff --git a/target-m68k/cpu.h b/target-m68k/cpu.h
index 48b4c87..57c2c8d 100644
--- a/target-m68k/cpu.h
+++ b/target-m68k/cpu.h
@@ -26,7 +26,7 @@
 
 #include "qemu-common.h"
 #include "exec/cpu-defs.h"
-
+#include "cpu-qom.h"
 #include "fpu/softfloat.h"
 
 #define MAX_QREGS 32
@@ -109,7 +109,39 @@ typedef struct CPUM68KState {
 uint32_t features;
 } CPUM68KState;
 
-#include "cpu-qom.h"
+/**
+ * M68kCPU:
+ * @env: #CPUM68KState
+ *
+ * A Motorola 68k CPU.
+ */
+struct M68kCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUM68KState env;
+};
+
+static inline M68kCPU *m68k_env_get_cpu(CPUM68KState *env)
+{
+return container_of(env, M68kCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(m68k_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(M68kCPU, env)
+
+void m68k_cpu_do_interrupt(CPUState *cpu);
+bool m68k_cpu_exec_interrupt(CPUState *cpu, int int_req);
+void m68k_cpu_dump_state(CPUState *cpu, FILE *f, fprintf_function cpu_fprintf,
+ int flags);
+hwaddr m68k_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+int m68k_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int m68k_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+
+void m68k_cpu_exec_enter(CPUState *cs);
+void m68k_cpu_exec_exit(CPUState *cs);
 
 void m68k_tcg_init(void);
 void m68k_cpu_init_gdb(M68kCPU *cpu);
-- 
1.8.3.1

[Qemu-devel] [PATCH 02/49] log: do not use CONFIG_USER_ONLY

[Paolo Bonzini]

This decouples logging further from config-target.h

Signed-off-by: Paolo Bonzini 
---
 bsd-user/main.c|  1 +
 include/qemu/log.h | 17 ++---
 linux-user/main.c  |  1 +
 util/log.c | 11 +--
 4 files changed, 13 insertions(+), 17 deletions(-)

diff --git a/bsd-user/main.c b/bsd-user/main.c
index 287ec1d..c83b43f 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -848,6 +848,7 @@ int main(int argc, char **argv)
 }
 
 /* init debug */
+qemu_log_needs_buffers();
 qemu_set_log_filename(log_file);
 if (log_mask) {
 int mask;
diff --git a/include/qemu/log.h b/include/qemu/log.h
index 40c24fd..1e59720 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -99,21 +99,8 @@ typedef struct QEMULogItem {
 
 extern const QEMULogItem qemu_log_items[];
 
-/* This is the function that actually does the work of
- * changing the log level; it should only be accessed via
- * the qemu_set_log() wrapper.
- */
-void do_qemu_set_log(int log_flags, bool use_own_buffers);
-
-static inline void qemu_set_log(int log_flags)
-{
-#ifdef CONFIG_USER_ONLY
-do_qemu_set_log(log_flags, true);
-#else
-do_qemu_set_log(log_flags, false);
-#endif
-}
-
+void qemu_set_log(int log_flags);
+void qemu_log_needs_buffers(void);
 void qemu_set_log_filename(const char *filename);
 int qemu_str_to_log_mask(const char *str);
 
diff --git a/linux-user/main.c b/linux-user/main.c
index 2b1e755..63bef30 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3752,6 +3752,7 @@ static void handle_arg_log(const char *arg)
 qemu_print_log_usage(stdout);
 exit(EXIT_FAILURE);
 }
+qemu_log_needs_buffers();
 qemu_set_log(mask);
 }
 
diff --git a/util/log.c b/util/log.c
index 8b921de..9dc8158 100644
--- a/util/log.c
+++ b/util/log.c
@@ -49,8 +49,10 @@ void qemu_log_mask(int mask, const char *fmt, ...)
 va_end(ap);
 }
 
+static bool log_uses_own_buffers;
+
 /* enable or disable low levels log */
-void do_qemu_set_log(int log_flags, bool use_own_buffers)
+void qemu_set_log(int log_flags)
 {
 qemu_loglevel = log_flags;
 #ifdef CONFIG_TRACE_LOG
@@ -77,7 +79,7 @@ void do_qemu_set_log(int log_flags, bool use_own_buffers)
 qemu_logfile = stderr;
 }
 /* must avoid mmap() usage of glibc by setting a buffer "by hand" */
-if (use_own_buffers) {
+if (log_uses_own_buffers) {
 static char logfile_buf[4096];
 
 setvbuf(qemu_logfile, logfile_buf, _IOLBF, sizeof(logfile_buf));
@@ -97,6 +99,11 @@ void do_qemu_set_log(int log_flags, bool use_own_buffers)
 }
 }
 
+void qemu_log_needs_buffers(void)
+{
+log_uses_own_buffers = true;
+}
+
 void qemu_set_log_filename(const char *filename)
 {
 g_free(logfilename);
-- 
1.8.3.1

[Qemu-devel] [PATCH for-2.7 00/49] NEED_CPU_H and cpu.h cleanups

[Paolo Bonzini]

(CCs only on cover letter due to huge series).

This series removes usage of NEED_CPU_H from several central
include files in QEMU, most notably hw/hw.h and qemu-common.h.
Definitions conditional on NEED_CPU_H remain only in disas/disas.h,
exec/gdbstub.h, exec/helper-head.h and exec/log.h.

The interesting patches are interspersed with other miscellaenous
cleanups that I won't really dwell on in the cover letter.  Most
of them are just making indirect inclusions explicit.

Patches 4 to 26 make sure that target-independent code can access
QOM objects for the CPU through an opaque type.  This is useful
because often target-independent code uses a target-specific header
file that happens to use pointers to ARMCPU* or similar.  The
target-independent code itself does not use the pointed-to object,
but the very presenece of the ARMCPU* name means that all users of
that header have to bring in cpu.h.  By providing the opaque type,
a much smaller API can be exposed to all these users in hw/.

Patches 33 to 36 remove NEED_CPU_H from hw/hw.h, exec/memory.h
and exec/cpu-common.h.

Patches 37 and 38 remove two nested inclusions from qemu-common.h.
This should make Markus's patch to remove unnecessary qemu-common.h
inclusions even more effective.

Patches 41 and 42 disentangle qemu-common.h and cpu.h, so that all
users of the latter have to be explicit.

Patches 45 to 49 remove more nested inclusions, and especially:
1) the inclusion of the (TCG-specific) exec-all.h header from
cpu.h, avoiding that non-TCG functions creep in again in
exec-all.h; 2) indirect qemu-common.h inclusion in hw/hw.h.

Paolo

Paolo Bonzini (49):
  include: move CPU-related definitions out of qemu-common.h
  log: do not use CONFIG_USER_ONLY
  hw: explicitly include qemu-common.h and cpu.h
  cpu: make cpu-qom.h only include-able from cpu.h
  target-alpha: make cpu-qom.h not target specific
  target-arm: make cpu-qom.h not target specific
  target-cris: make cpu-qom.h not target specific
  target-i386: make cpu-qom.h not target specific
  target-lm32: make cpu-qom.h not target specific
  target-m68k: make cpu-qom.h not target specific
  target-microblaze: make cpu-qom.h not target specific
  target-mips: make cpu-qom.h not target specific
  target-ppc: do not use target_ulong in cpu-qom.h
  target-ppc: make cpu-qom.h not target specific
  target-s390x: make cpu-qom.h not target specific
  target-sh4: make cpu-qom.h not target specific
  target-sparc: make cpu-qom.h not target specific
  target-tricore: make cpu-qom.h not target specific
  target-unicore32: make cpu-qom.h not target specific
  target-xtensa: make cpu-qom.h not target specific
  arm: include cpu-qom.h in files that require ARMCPU
  m68k: include cpu-qom.h in files that require M68KCPU
  sh4: include cpu-qom.h in files that require SuperHCPU
  alpha: include cpu-qom.h in files that require AlphaCPU
  mips: use MIPSCPU instead of CPUMIPSState
  ppc: use PowerPCCPU instead of CPUPPCState
  arm: remove useless cpu.h inclusion
  explicitly include qom/cpu.h
  explicitly include hw/qdev-core.h
  explicitly include linux/kvm.h
  apic: move target-dependent definitions to cpu.h
  include: poison symbols in osdep.h
  hw: do not use VMSTATE_*TL
  hw: move CPU state serialization to migration/cpu.h
  hw: cannot include hw/hw.h from user emulation
  cpu: move endian-dependent load/store functions to cpu-all.h
  qemu-common: stop including qemu/bswap.h from qemu-common.h
  qemu-common: stop including qemu/host-utils.h from qemu-common.h
  gdbstub: remove includes from gdbstub-xml.c
  dma: do not depend on kvm_enabled()
  s390x: move stuff out of cpu.h
  qemu-common: push cpu.h inclusion out of qemu-common.h
  arm: move arm_log_exception into .c file
  mips: move CP0 functions out of cpu.h
  hw: explicitly include qemu/log.h
  exec: extract exec/tb-context.h
  cpu: move exec-all.h inclusion out of cpu.h
  hw: remove pio_addr_t
  hw: clean up hw/hw.h includes

 arch_init.c |   2 +
 audio/mixeng.c  |   1 +
 audio/noaudio.c |   1 +
 audio/wavaudio.c|   2 +-
 block/bochs.c   |   1 +
 block/cloop.c   |   1 +
 block/parallels.c   |   1 +
 block/qcow.c|   1 +
 block/qcow2-cluster.c   |   1 +
 block/qcow2-refcount.c  |   1 +
 block/qcow2-snapshot.c  |   1 +
 block/qcow2.c   |   1 +
 block/qed-table.c   |   1 +
 block/qed.c |   1 +
 block/vdi.c |   1 +
 block/vhdx-endian.c |   1 +
 block/vhdx-log.c|   1 +
 block/vhdx.c|   1 +
 block/vmdk.c|   1 +
 block/vpc.c |  

Re: [Qemu-devel] [PATCH] ppc64: set MSR_SF bit

[Alexander Graf]

On 16.03.16 11:32, Thomas Huth wrote:
> On 16.03.2016 11:06, Alexander Graf wrote:
>>
>>
>> On 16.03.16 11:05, Laurent Vivier wrote:
>>> On 16/03/2016 10:48, Alexander Graf wrote:


 On 16.03.16 10:43, Laurent Vivier wrote:
> When a qemu-system-ppc64 is started, the 64-bit mode bit
> is not set in MSR.
>
> Signed-off-by: Laurent Vivier 

 I guess commit 2cf3eb6df552cee74b52de9989e270b74e42847e broke this. I'm
 surprised it didn't cause us more problems :).
>>>
>>> Linux kernel is ready to manage that: see enable_64b_mode in
>>> arch/powerpc/kernel/head_64.S
>>
>> We don't boot Linux directly though, only openBIOS and SLOF :).
> 
> Both, SLOF and OpenBIOS, seem to enable the SF bit manually, too, see:
> 
> https://github.com/qemu/openbios/blob/master/arch/ppc/qemu/start.S#L524
> 
> https://github.com/aik/SLOF/blob/master/board-qemu/llfw/startup.S#L91

Power up is slightly tricky, as machine state is pushed into the CPU
from the outside FWIW. I think we're "cleanest" if we just consider
power up a reset.

Reset is properly defined as an exception (0x100). For exceptions, the
970MP user manual for example says:

4.5 Exception Definitions
When an exception/interrupt is taken, all bits in the MSR are set to
‘0’, with the following exceptions:
• Exceptions always set MSR[SF] to ‘1’.


So the qemu fix is the correct one IMHO.

Alex

Re: [Qemu-devel] [PULL 08/16] virtio-balloon: export all balloon statistics

[Michael S. Tsirkin]

On Wed, Mar 16, 2016 at 01:33:31PM +0300, Denis V. Lunev wrote:
> On 03/04/2016 10:49 AM, Michael S. Tsirkin wrote:
> >From: Igor Redko 
> >
> >We are making experiments with different autoballooning strategies
> >based on the guest behavior. Thus we need to experiment with different
> >guest statistics. For now every counter change requires QEMU recompilation
> >and dances with Libvirt.
> >
> >This patch introduces transport for unrecognized counters in virtio-balloon.
> >This transport can be used for measuring benefits from using new
> >balloon counters, before submitting any patches. Current alternative
> >is 'guest-exec' transport which isn't made for such delicate matters
> >and can influence test results.
> >
> >Originally all counters with tag >= VIRTIO_BALLOON_S_NR were ignored.
> >Instead of this we keep first (VIRTIO_BALLOON_S_NR + 32) counters from the
> >queue and pass unrecognized ones with the following names: 'x-stat-',
> >where  is a tag number in hex. Defined counters are reported with their
> >regular names.
> >
> >Signed-off-by: Igor Redko 
> >Signed-off-by: Denis V. Lunev 
> >CC: Michael S. Tsirkin 
> >Reviewed-by: Michael S. Tsirkin 
> >Signed-off-by: Michael S. Tsirkin 
> >---
> >  configure  | 12 
> >  include/hw/virtio/virtio-balloon.h |  3 ++-
> >  hw/virtio/virtio-balloon.c | 32 ++--
> >  3 files changed, 40 insertions(+), 7 deletions(-)
> >
> >diff --git a/configure b/configure
> >index 0c0472a..767d96e 100755
> >--- a/configure
> >+++ b/configure
> >@@ -315,6 +315,7 @@ vhdx=""
> >  numa=""
> >  tcmalloc="no"
> >  jemalloc="no"
> >+unknown_balloon_stats="no"
> >  # parse CC options first
> >  for opt do
> >@@ -1142,6 +1143,10 @@ for opt do
> >;;
> >--enable-jemalloc) jemalloc="yes"
> >;;
> >+  --enable-unknown-balloon-stats) unknown_balloon_stats="yes"
> >+  ;;
> >+  --disable-unknown-balloon-stats) unknown_balloon_stats="no"
> >+  ;;
> >*)
> >echo "ERROR: unknown option $opt"
> >echo "Try '$0 --help' for more information"
> >@@ -1364,6 +1369,8 @@ disabled with --disable-FEATURE, default is enabled if 
> >available:
> >numalibnuma support
> >tcmalloctcmalloc support
> >jemallocjemalloc support
> >+  unknown-balloon-stats  report unknown balloon statistics counters
> >+  ;;
> >  NOTE: The object files are built at the place where configure is launched
> >  EOF
> >@@ -4790,6 +4797,7 @@ echo "bzip2 support $bzip2"
> >  echo "NUMA host support $numa"
> >  echo "tcmalloc support  $tcmalloc"
> >  echo "jemalloc support  $jemalloc"
> >+echo "unknown balloon stat counters support  $unknown_balloon_stats"
> >  if test "$sdl_too_old" = "yes"; then
> >  echo "-> Your SDL version is too old - please upgrade to have SDL support"
> >@@ -5342,6 +5350,10 @@ if test "$rdma" = "yes" ; then
> >echo "CONFIG_RDMA=y" >> $config_host_mak
> >  fi
> >+if test "$unknown_balloon_stats" = "yes" ; then
> >+  echo "CONFIG_UNKNOWN_BALLOON_STATS=y" >> $config_host_mak
> >+fi
> >+
> >  # Hold two types of flag:
> >  #   CONFIG_THREAD_SETNAME_BYTHREAD  - we've got a way of setting the name 
> > on
> >  # a thread we have a handle to
> >diff --git a/include/hw/virtio/virtio-balloon.h 
> >b/include/hw/virtio/virtio-balloon.h
> >index 35f62ac..5c8730e 100644
> >--- a/include/hw/virtio/virtio-balloon.h
> >+++ b/include/hw/virtio/virtio-balloon.h
> >@@ -36,7 +36,8 @@ typedef struct VirtIOBalloon {
> >  VirtQueue *ivq, *dvq, *svq;
> >  uint32_t num_pages;
> >  uint32_t actual;
> >-uint64_t stats[VIRTIO_BALLOON_S_NR];
> >+VirtIOBalloonStatModern stats[VIRTIO_BALLOON_S_NR + 32];
> >+uint16_t stats_cnt;
> >  VirtQueueElement *stats_vq_elem;
> >  size_t stats_vq_offset;
> >  QEMUTimer *stats_timer;
> >diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> >index e97d403..64367ac 100644
> >--- a/hw/virtio/virtio-balloon.c
> >+++ b/hw/virtio/virtio-balloon.c
> >@@ -66,8 +66,7 @@ static const char *balloon_stat_names[] = {
> >   */
> >  static inline void reset_stats(VirtIOBalloon *dev)
> >  {
> >-int i;
> >-for (i = 0; i < VIRTIO_BALLOON_S_NR; dev->stats[i++] = -1);
> >+dev->stats_cnt = 0;
> >  }
> >  static bool balloon_stats_supported(const VirtIOBalloon *s)
> >@@ -133,12 +132,22 @@ static void balloon_stats_get_all(Object *obj, Visitor 
> >*v, const char *name,
> >  if (err) {
> >  goto out_end;
> >  }
> >-for (i = 0; i < VIRTIO_BALLOON_S_NR; i++) {
> >-visit_type_uint64(v, balloon_stat_names[i], >stats[i], );
> >+for (i = 0; i < s->stats_cnt; i++) {
> >+if (s->stats[i].tag < VIRTIO_BALLOON_S_NR) {
> >+visit_type_uint64(v, balloon_stat_names[s->stats[i].tag],
> >+  

Re: [Qemu-devel] [PATCH v4 0/3] ARM: add query-gic-capabilities SMP command

[Andrea Bolognani]

On Wed, 2016-03-16 at 10:32 +, Peter Maydell wrote:
> On 8 March 2016 at 07:36, Peter Xu  wrote:
> > 
> > v4 changes:
> > - all: rename query-gic-capability to query-gic-capabilities [Andrea]
> > - patch 3: rename helper function to kvm_support_device, make it
> >   inline and lighter. [Drew]
> > 
> > v3 changes:
> > - patch 2: remove func declaration, add qmp header [Drew]
> > - patch 3: being able to detect KVM GIC capabilities even without
> >   kvm enabled [Andrea]: this is a little bit hacky, need some more
> >   review on this.
> > 
> > v2 changes:
> > - result layout change: use array and dict for the capability bits
> >   rather than a single array of strings [Andrea/Markus]
> > - spelling out what GIC is in doc [Eric]
> > 
> > This patch is to add ARM-specific command "query-gic-capability".
> > 
> > The new command can report which kind of GIC device the host/QEMU
> > support. The returned result is in the form of array.
> 
> Hi. I've made some code review comments on the specifics of the
> implementation, but really what I'd like to see is:
>  * an ack from the libvirt folks that this API meets their
>requirements

I have a working implementation of the libvirt part, but I need
to polish it up before it can be posted on the list; then other
libvirt folks will be able to provide feedback.

Cheers.

-- 
Andrea Bolognani
Software Engineer - Virtualization Team

Re: [Qemu-devel] [PULL 00/16] ppc-for-2.6 queue 20160316

[Peter Maydell]

On 16 March 2016 at 05:06, David Gibson <da...@gibson.dropbear.id.au> wrote:
> The following changes since commit a6cdb77f816961f929d7934643febd2852230135:
>
>   Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into 
> staging (2016-03-15 17:09:52 +)
>
> are available in the git repository at:
>
>   git://github.com/dgibson/qemu.git tags/ppc-for-2.6-20160316
>
> for you to fetch changes up to 3356128cd13d7ec7689b7cddd3efbfbc5339a262:
>
>   vfio: Eliminate vfio_container_ioctl() (2016-03-16 09:55:11 +1100)
>
> 
> ppc patch queue for 2016-03-16
>
> Accumulated patches for target-ppc, pseries machine type and related
> devices.  As we are now in soft freeze, these are mostly fixes.
>* Fix KVM migration for several SPRs that qemu didn't handle
>* Clean up handling of SDR1, which allows a fix to the gdbstub
>* Fix a race in spapr_rng
>* Fix a bug with multifunction hotplug
>
> The exception is the 7 patches to allow EEH on spapr-pci-host-bridge
> devices (rather than the special and poorly designed
> spapr-vfio-pci-host-bridge device).  I believe these are low risk of
> breaking non-EEH cases, and EEH cases were little used in practice
> previously (since libvirt did not support the special device amongst
> other things).  It did have a draft posted before the soft freeze,
> removes a very ugly VFIO interface, and removes device we'd like to
> deprecate sooner rather than later.  So, I'm hoping we can squeeze
> these in during the soft freeze.
>
> This includes two patches to the VFIO code, which Alex Williamson has
> indicated he's ok with coming through my tree.

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PULL 18/40] hmp: 'drive_add -n' for creating a node without BB

[Paolo Bonzini]

> +void hmp_drive_add_node(Monitor *mon, const char *optstr)
> +{
> +QemuOpts *opts;
> +QDict *qdict;
> +Error *local_err = NULL;
> +
> +opts = qemu_opts_parse_noisily(_drive_opts, optstr, false);
> +if (!opts) {
> +return;
> +}
> +
> +qdict = qemu_opts_to_qdict(opts, NULL);
> +
> +if (!qdict_get_try_str(qdict, "node-name")) {
> +error_report("'node-name' needs to be specified");

qdict is leaked here, says Coverity.

Paolo

> +goto out;
> +}
> +
> +BlockDriverState *bs = bds_tree_init(qdict, _err);
> +if (!bs) {
> +error_report_err(local_err);
> +goto out;
> +}
> +
> +QTAILQ_INSERT_TAIL(_bdrv_states, bs, monitor_list);
> +
> +out:
> +qemu_opts_del(opts);

Paolo

[Qemu-devel] [PATCH V5 1/2] net/filter-mirror: implement filter-redirector

[Zhang Chen]

Filter-redirector is a netfilter plugin.
It gives qemu the ability to redirect net packet.
redirector can redirect filter's net packet to outdev.
and redirect indev's packet to filter.

  filter
+
redirector  |
   +--+
   || |
  indev +---+   +-->  outdev
   || |
   +--+
|
v
  filter

usage:

-netdev user,id=hn0
-chardev socket,id=s0,host=ip_primary,port=X,server,nowait
-chardev socket,id=s1,host=ip_primary,port=Y,server,nowait
-filter-redirector,id=r0,netdev=hn0,queue=tx/rx/all,indev=s0,outdev=s1

Signed-off-by: Zhang Chen 
Signed-off-by: Wen Congyang 
Signed-off-by: Li Zhijian 
---
 net/filter-mirror.c | 245 
 qemu-options.hx |   9 ++
 vl.c|   3 +-
 3 files changed, 256 insertions(+), 1 deletion(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 1b1ec16..7b47c60 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -26,12 +26,23 @@
 #define FILTER_MIRROR(obj) \
 OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)
 
+#define FILTER_REDIRECTOR(obj) \
+OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_REDIRECTOR)
+
 #define TYPE_FILTER_MIRROR "filter-mirror"
+#define TYPE_FILTER_REDIRECTOR "filter-redirector"
+#define REDIRECTOR_MAX_LEN NET_BUFSIZE
 
 typedef struct MirrorState {
 NetFilterState parent_obj;
+char *indev;
 char *outdev;
+CharDriverState *chr_in;
 CharDriverState *chr_out;
+int state; /* 0 = getting length, 1 = getting data */
+unsigned int index;
+unsigned int packet_len;
+uint8_t buf[REDIRECTOR_MAX_LEN];
 } MirrorState;
 
 static int filter_mirror_send(CharDriverState *chr_out,
@@ -68,6 +79,97 @@ err:
 return ret < 0 ? ret : -EIO;
 }
 
+static void
+redirector_to_filter(NetFilterState *nf, const uint8_t *buf, int len)
+{
+struct iovec iov = {
+.iov_base = (void *)buf,
+.iov_len = len,
+};
+
+if (nf->direction == NET_FILTER_DIRECTION_ALL ||
+nf->direction == NET_FILTER_DIRECTION_TX) {
+qemu_netfilter_pass_to_next(nf->netdev, 0, , 1, nf);
+}
+
+if (nf->direction == NET_FILTER_DIRECTION_ALL ||
+nf->direction == NET_FILTER_DIRECTION_RX) {
+qemu_netfilter_pass_to_next(nf->netdev->peer, 0, , 1, nf);
+ }
+}
+
+static int redirector_chr_can_read(void *opaque)
+{
+return REDIRECTOR_MAX_LEN;
+}
+
+static void redirector_chr_read(void *opaque, const uint8_t *buf, int size)
+{
+NetFilterState *nf = opaque;
+MirrorState *s = FILTER_REDIRECTOR(nf);
+unsigned int l;
+
+while (size > 0) {
+/* reassemble a packet from the network */
+switch (s->state) { /* 0 = getting length, 1 = getting data */
+case 0:
+l = 4 - s->index;
+if (l > size) {
+l = size;
+}
+memcpy(s->buf + s->index, buf, l);
+buf += l;
+size -= l;
+s->index += l;
+if (s->index == 4) {
+/* got length */
+s->packet_len = ntohl(*(uint32_t *)s->buf);
+s->index = 0;
+s->state = 1;
+}
+break;
+case 1:
+l = s->packet_len - s->index;
+if (l > size) {
+l = size;
+}
+if (s->index + l <= sizeof(s->buf)) {
+memcpy(s->buf + s->index, buf, l);
+} else {
+error_report("%s, serious error: oversized packet received,"
+ "connection terminated.", __func__);
+s->index = s->state = 0;
+qemu_chr_add_handlers(s->chr_in, NULL, NULL, NULL, NULL);
+return;
+}
+
+s->index += l;
+buf += l;
+size -= l;
+if (s->index >= s->packet_len) {
+s->index = 0;
+s->state = 0;
+redirector_to_filter(nf, s->buf, s->packet_len);
+}
+break;
+}
+}
+}
+
+static void redirector_chr_event(void *opaque, int event)
+{
+NetFilterState *nf = opaque;
+MirrorState *s = FILTER_REDIRECTOR(nf);
+
+switch(event) {
+case CHR_EVENT_CLOSED:
+qemu_chr_add_handlers(s->chr_in, NULL, NULL, NULL, NULL);
+break;
+default:
+break;
+}
+}
+
 static ssize_t filter_mirror_receive_iov(NetFilterState *nf,
  NetClientState *sender,
  unsigned flags,
@@ -90,6 +192,27 @@ static ssize_t filter_mirror_receive_iov(NetFilterState *nf,
 return 0;
 }
 
+static ssize_t filter_redirector_receive_iov(NetFilterState *nf,
+  

[Qemu-devel] [PATCH V5 0/2] Introduce filter-redirector

[Zhang Chen]

Filter-redirector is a netfilter plugin.
It gives qemu the ability to redirect net packet.
redirector can redirect filter's net packet to outdev.
and redirect indev's packet to filter.

filter
  +
  redirector  |
 +--+
 || |
 || |
 || |
  indev +-+   +-->  outdev
 || |
 || |
 || |
 +--+
  |
  v
filter


v5:
 Address Jason's comments.
 - add event to handle connection close
 - fix some comments

v4:
 Address Jason's comments.
 - remove redirector's incoming queue
 - just pass packet come from in_dev to filter's next
 - rework redirector_chr_read, most code is stolen from net_socket_send
 - fix comments error
 - add some comments

v3:
 -Address Jason's comments.

v2:
 - Address Jason's comments.
 - Add filter-traffic.h to reuse parts of the codes
 - Add unit test case

v1:
 initial patch.


Zhang Chen (2):
  net/filter-mirror: implement filter-redirector
  tests/test-filter-redirector: Add unit test for filter-redirector

 net/filter-mirror.c| 245 +
 qemu-options.hx|   9 ++
 tests/.gitignore   |   1 +
 tests/Makefile |   2 +
 tests/test-filter-redirector.c | 221 +
 vl.c   |   3 +-
 6 files changed, 480 insertions(+), 1 deletion(-)
 create mode 100644 tests/test-filter-redirector.c

-- 
1.9.1

[Qemu-devel] [PATCH V5 2/2] tests/test-filter-redirector: Add unit test for filter-redirector

[Zhang Chen]

In this unit test,we will test the filter redirector function.

Case 1, tx traffic flow:

qemu side  | test side
   |
+-+|  +---+
| backend <---+ sock0 |
+++|  +---+
 | |
+v+  +---+ |
|  rd0+->+chardev| |
+-+  +---+---+ |
 | |
+-+  | |
|  rd1<--+ |
+++|
 | |
+v+|  +---+
|  rd2+--->sock1  |
+-+|  +---+
   +

a. we(sock0) inject packet to qemu socket backend
b. backend pass packet to filter redirector0(rd0)
c. rd0 redirect packet to out_dev(chardev) which is connected with
filter redirector1's(rd1) in_dev
d. rd1 read this packet from in_dev, and pass to next filter redirector2(rd2)
e. rd2 redirect packet to rd2's out_dev which is connected with an opened 
socketed(sock1)
f. we read packet from sock1 and compare to what we inject

Start qemu with:

"-netdev socket,id=qtest-bn0,fd=%d "
"-device rtl8139,netdev=qtest-bn0,id=qtest-e0 "
"-chardev socket,id=redirector0,path=%s,server,nowait "
"-chardev socket,id=redirector1,path=%s,server,nowait "
"-chardev socket,id=redirector2,path=%s,nowait "
"-object filter-redirector,id=qtest-f0,netdev=qtest-bn0,"
"queue=tx,outdev=redirector0 "
"-object filter-redirector,id=qtest-f1,netdev=qtest-bn0,"
"queue=tx,indev=redirector2 "
"-object filter-redirector,id=qtest-f2,netdev=qtest-bn0,"
"queue=tx,outdev=redirector1 "

--
Case 2, rx traffic flow
qemu side  | test side
   |
+-+|  +---+
| backend +---> sock1 |
+^+|  +---+
 | |
+++  +---+ |
|  rd0+<-+chardev| |
+-+  +---+---+ |
 ^ |
+-+  | |
|  rd1+--+ |
+^+|
 | |
+++|  +---+
|  rd2<---+sock0  |
+-+|  +---+

a. we(sock0) insert packet to filter redirector2(rd2)
b. rd2 pass packet to filter redirector1(rd1)
c. rd1 redirect packet to out_dev(chardev) which is connected with
   filter redirector0's(rd0) in_dev
d. rd0 read this packet from in_dev, and pass ti to qemu backend which is
   connected with an opened socketed(sock1)
e. we read packet from sock1 and compare to what we inject

Start qemu with:

"-netdev socket,id=qtest-bn0,fd=%d "
"-device rtl8139,netdev=qtest-bn0,id=qtest-e0 "
"-chardev socket,id=redirector0,path=%s,server,nowait "
"-chardev socket,id=redirector1,path=%s,server,nowait "
"-chardev socket,id=redirector2,path=%s,nowait "
"-object filter-redirector,id=qtest-f0,netdev=qtest-bn0,"
"queue=rx,outdev=redirector0 "
"-object filter-redirector,id=qtest-f1,netdev=qtest-bn0,"
"queue=rx,indev=redirector2 "
"-object filter-redirector,id=qtest-f2,netdev=qtest-bn0,"
"queue=rx,outdev=redirector1 "

Signed-off-by: Zhang Chen 
Signed-off-by: Wen Congyang 
Signed-off-by: Li Zhijian 
---
 tests/.gitignore   |   1 +
 tests/Makefile |   2 +
 tests/test-filter-redirector.c | 221 +
 3 files changed, 224 insertions(+)
 create mode 100644 tests/test-filter-redirector.c

diff --git a/tests/.gitignore b/tests/.gitignore
index 10df017..5069d5d 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -64,5 +64,6 @@ test-x86-cpuid
 test-xbzrle
 test-netfilter
 test-filter-mirror
+test-filter-redirector
 *-test
 qapi-schema/*.test.*
diff --git a/tests/Makefile b/tests/Makefile
index 5a8f590..ff212b6 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -214,6 +214,7 @@ check-qtest-x86_64-$(CONFIG_VHOST_NET_TEST_x86_64) += 
tests/vhost-user-test$(EXE
 endif
 check-qtest-i386-y += tests/test-netfilter$(EXESUF)
 check-qtest-i386-y += tests/test-filter-mirror$(EXESUF)
+check-qtest-i386-y += tests/test-filter-redirector$(EXESUF)
 check-qtest-x86_64-y = $(check-qtest-i386-y)
 gcov-files-i386-y += i386-softmmu/hw/timer/mc146818rtc.c
 gcov-files-x86_64-y = $(subst 
i386-softmmu/,x86_64-softmmu/,$(gcov-files-i386-y))
@@ -568,6 +569,7 @@ tests/test-qemu-opts$(EXESUF): tests/test-qemu-opts.o 
$(test-util-obj-y)
 tests/test-write-threshold$(EXESUF): tests/test-write-threshold.o 
$(test-block-obj-y)
 tests/test-netfilter$(EXESUF): tests/test-netfilter.o $(qtest-obj-y)
 tests/test-filter-mirror$(EXESUF): tests/test-filter-mirror.o $(qtest-obj-y)
+tests/test-filter-redirector$(EXESUF): tests/test-filter-redirector.o 
$(qtest-obj-y)
 tests/ivshmem-test$(EXESUF): tests/ivshmem-test.o 
contrib/ivshmem-server/ivshmem-server.o $(libqos-pc-obj-y)
 tests/vhost-user-bridge$(EXESUF): tests/vhost-user-bridge.o
 
diff --git a/tests/test-filter-redirector.c b/tests/test-filter-redirector.c
new file mode 

Re: [Qemu-devel] [PATCH v4 0/3] ARM: add query-gic-capabilities SMP command

[Peter Maydell]

On 8 March 2016 at 07:36, Peter Xu  wrote:
> v4 changes:
> - all: rename query-gic-capability to query-gic-capabilities [Andrea]
> - patch 3: rename helper function to kvm_support_device, make it
>   inline and lighter. [Drew]
>
> v3 changes:
> - patch 2: remove func declaration, add qmp header [Drew]
> - patch 3: being able to detect KVM GIC capabilities even without
>   kvm enabled [Andrea]: this is a little bit hacky, need some more
>   review on this.
>
> v2 changes:
> - result layout change: use array and dict for the capability bits
>   rather than a single array of strings [Andrea/Markus]
> - spelling out what GIC is in doc [Eric]
>
> This patch is to add ARM-specific command "query-gic-capability".
>
> The new command can report which kind of GIC device the host/QEMU
> support. The returned result is in the form of array.

Hi. I've made some code review comments on the specifics of the
implementation, but really what I'd like to see is:
 * an ack from the libvirt folks that this API meets their
   requirements
 * an ack/review frem Eric or somebody else familiar with qmp
   that it's OK from a protocol perspective

since I'm not really able to judge those aspects.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] ppc64: set MSR_SF bit

[Thomas Huth]

On 16.03.2016 11:06, Alexander Graf wrote:
> 
> 
> On 16.03.16 11:05, Laurent Vivier wrote:
>> On 16/03/2016 10:48, Alexander Graf wrote:
>>>
>>>
>>> On 16.03.16 10:43, Laurent Vivier wrote:
 When a qemu-system-ppc64 is started, the 64-bit mode bit
 is not set in MSR.

 Signed-off-by: Laurent Vivier 
>>>
>>> I guess commit 2cf3eb6df552cee74b52de9989e270b74e42847e broke this. I'm
>>> surprised it didn't cause us more problems :).
>>
>> Linux kernel is ready to manage that: see enable_64b_mode in
>> arch/powerpc/kernel/head_64.S
> 
> We don't boot Linux directly though, only openBIOS and SLOF :).

Both, SLOF and OpenBIOS, seem to enable the SF bit manually, too, see:

https://github.com/qemu/openbios/blob/master/arch/ppc/qemu/start.S#L524

https://github.com/aik/SLOF/blob/master/board-qemu/llfw/startup.S#L91

 Thomas

Re: [Qemu-devel] [PATCH v4 3/3] arm: implement query-gic-capabilities

[Peter Maydell]

On 8 March 2016 at 07:36, Peter Xu  wrote:
> For emulated GIC capabilities, currently only gicv2 is supported. We
> need to add gicv3 in when emulated gicv3 ready. For KVM accelerated ARM
> VM, we detect the capability bits using ioctls.
>
> When probing the KVM capabilities, we cannot leverage existing helper
> functions like kvm_create_device() since QEMU might be using TCG while
> probing (actually this is the case for libvirt probing). So, one
> temporary VM is created to do the probing.
>
> Signed-off-by: Peter Xu 
> ---
>  target-arm/machine.c | 94 
> +++-
>  1 file changed, 93 insertions(+), 1 deletion(-)
>
> diff --git a/target-arm/machine.c b/target-arm/machine.c
> index 813909e..8f52f74 100644
> --- a/target-arm/machine.c
> +++ b/target-arm/machine.c
> @@ -1,3 +1,5 @@
> +#include 

This will break compilation on non-Linux hosts; you can't include
linux headers like this.

(This is all in the wrong file anyway, machine.c is for migration.)

> +#include 
>  #include "qemu/osdep.h"
>  #include "hw/hw.h"
>  #include "hw/boards.h"
> @@ -347,7 +349,97 @@ const char *gicv3_class_name(void)
>  exit(1);
>  }
>
> +static GICCapability *gic_cap_new(int version)
> +{
> +GICCapability *cap = g_new0(GICCapability, 1);
> +cap->version = version;
> +/* by default, support none */
> +cap->emulated = false;
> +cap->kernel = false;
> +return cap;
> +}
> +
> +static GICCapabilityList *gic_cap_list_add(GICCapabilityList *head,
> +   GICCapability *cap)
> +{
> +GICCapabilityList *item = g_new0(GICCapabilityList, 1);
> +item->value = cap;
> +item->next = head;
> +return item;
> +}
> +
> +#ifdef CONFIG_KVM
> +/* Test whether KVM support specific device. */
> +static inline int kvm_support_device(int vmfd, uint64_t type)
> +{
> +struct kvm_create_device create_dev = {
> +.type = type,
> +.fd = -1,
> +.flags = KVM_CREATE_DEVICE_TEST,
> +};
> +return ioctl(vmfd, KVM_CREATE_DEVICE, _dev);
> +}
> +#endif

This is not ARM specific so it should go in kvm-all.c.

> +
>  GICCapabilityList *qmp_query_gic_capabilities(Error **errp)
>  {
> -return NULL;
> +GICCapabilityList *head = NULL;
> +GICCapability *v2 = gic_cap_new(2), *v3 = gic_cap_new(3);
> +
> +v2->emulated = true;
> +/* FIXME: we'd change to true after we get emulated GICv3. */
> +v3->emulated = false;
> +
> +#ifdef CONFIG_KVM

KVM specific code should be factored out and live in one of
the target-arm/kvm*.c files.

> +{
> +int kvm_fd = -1;
> +int vmfd = -1;
> +/*
> + * HACK: here we create one temporary VM, do the probing,
> + * then release it properly.
> + */
> +kvm_fd = qemu_open("/dev/kvm", O_RDWR);
> +if (kvm_fd == -1) {
> +/* KVM may not enabled on host, which is fine. */
> +goto out;
> +}
> +
> +do {
> +/* For ARM, VM type could only be zero now. */
> +vmfd = ioctl(kvm_fd, KVM_CREATE_VM, 0);
> +} while (vmfd == -EINTR);
> +
> +if (vmfd < 0) {
> +goto kvm_fd_close;
> +}

Rather than open-coding this you might as well use
kvm_arm_creat_scratch_host_vcpu() (you don't need the vcpu fd but
it's pretty harmless to create it.)


> +
> +if (ioctl(kvm_fd, KVM_CHECK_EXTENSION,
> +  KVM_CAP_DEVICE_CTRL) <= 0) {
> +/* older version of KVM possibly */
> +goto kvm_vmfd_close;
> +}

Do this in kvm_support_device() [mostly just to parallel how
kvm_create_device() does it.]

> +
> +/* Test KVM GICv2 */
> +if (kvm_support_device(vmfd, KVM_DEV_TYPE_ARM_VGIC_V2) >= 0) {
> +v2->kernel = true;
> +}
> +
> +/* Test KVM GICv3 */
> +if (kvm_support_device(vmfd, KVM_DEV_TYPE_ARM_VGIC_V3) >= 0) {
> +v3->kernel = true;
> +}
> +
> +kvm_vmfd_close:
> +close(vmfd);
> +kvm_fd_close:
> +close(kvm_fd);
> +out:
> +;
> +}
> +#endif
> +
> +head = gic_cap_list_add(head, v2);
> +head = gic_cap_list_add(head, v3);
> +
> +return head;
>  }
> --
> 2.4.3

thanks
-- PMM

Re: [Qemu-devel] [PATCH] ppc64: set MSR_SF bit

[Laurent Vivier]

On 16/03/2016 11:06, Alexander Graf wrote:
> 
> 
> On 16.03.16 11:05, Laurent Vivier wrote:
>> On 16/03/2016 10:48, Alexander Graf wrote:
>>>
>>>
>>> On 16.03.16 10:43, Laurent Vivier wrote:
 When a qemu-system-ppc64 is started, the 64-bit mode bit
 is not set in MSR.

 Signed-off-by: Laurent Vivier 
>>>
>>> I guess commit 2cf3eb6df552cee74b52de9989e270b74e42847e broke this. I'm
>>> surprised it didn't cause us more problems :).
>>
>> Linux kernel is ready to manage that: see enable_64b_mode in
>> arch/powerpc/kernel/head_64.S
> 
> We don't boot Linux directly though, only openBIOS and SLOF :).

Same thing in SLOF:

./board-qemu/llfw/startup.S

_start:
...
mfmsr   r11 /* grab the current MSR */
li  r12,(MSR_SF | MSR_ISF)@highest
sldir12,r12,48
or  r11,r11,r12
mtmsrd  r11
isync

And openbios seems to disable it explicitly:

./arch/ppc/qemu/start.S

_entry:
...
   /* clear MSR, disable MMU, SF */

[BTW, I've never been able to compile a 64bit version of openbios...]

Laurent

Re: [Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop

[Paolo Bonzini]

On 16/03/2016 11:10, Fam Zheng wrote:
> These are some ideas originated from analyzing the Christian's crash report on
> virtio-blk dataplane torture test:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg02093.html
> 
> The ideas are mostly inspired/suggested by Paolo. This doesn't fix the bug, 
> but
> the first and the last patches seem to make the crash less frequent.  Also
> thanks Cornelia Huck for reviewing the draft version posted in that thread.

I see you have fixed the mutex and started check in patch 4, so perhaps
this fixes the bug. :)  Bo or Christian, could you try it out---and if
it works try patches 2 to 4 only?

Thanks,

Paolo

Re: [Qemu-devel] [PATCH 1/4] block: Use drained section in bdrv_set_aio_context

[Paolo Bonzini]

On 16/03/2016 11:10, Fam Zheng wrote:
> An empty begin/end pair is almost the same as a bare bdrv_drain except
> the aio_poll inside is wrapped by
> aio_disable_external/aio_enable_external.
> 
> This is safer, and is the only way to achieve quiescence in this
> aio_poll(), because bdrv_drained_begin/end pair cannot span across
> context detach/attach options, so it's not possible to do by the caller.

I'm still not sure about this patch.

When starting dataplane, the ioeventfd is registered with iohandler.c so
bdrv_drained_begin/end is not necessary.

Likewise when stopping dataplane bdrv_set_aio_context is called after
the thread has been stopped and thus the ioeventfd is not registered
anymore as an external client.

Paolo

Re: [Qemu-devel] [PATCH v4 2/3] arm: qmp: add query-gic-capabilities interface

[Peter Maydell]

On 8 March 2016 at 07:36, Peter Xu  wrote:
> This patch adds the command "query-gic-capabilities" but not implemnet
> it. The command is ARM-only. Return of the command is a list of
> GICCapability struct that describes all GIC versions that current QEMU
> and system support.
>
> Signed-off-by: Peter Xu 
> ---
>  monitor.c|  8 
>  qapi-schema.json | 11 +++
>  qmp-commands.hx  | 26 ++
>  scripts/qapi.py  |  1 +
>  target-arm/machine.c |  6 ++
>  5 files changed, 52 insertions(+)
>
> diff --git a/monitor.c b/monitor.c
> index 73eac17..9e8cbdb 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -4241,3 +4241,11 @@ void qmp_dump_skeys(const char *filename, Error **errp)
>  error_setg(errp, QERR_FEATURE_DISABLED, "dump-skeys");
>  }
>  #endif
> +
> +#ifndef TARGET_ARM
> +GICCapabilityList *qmp_query_gic_capabilities(Error **errp)
> +{
> +error_setg(errp, QERR_FEATURE_DISABLED, "query-gic-capabilities");
> +return NULL;
> +}
> +#endif

Given where we are in the release cycle I guess we need to do this,
but longer term we should sort out a structure so we can add
target-specific qmp and hmp commands without having to add more
TARGET_* ifdefs to common files...

> diff --git a/target-arm/machine.c b/target-arm/machine.c
> index 03a73d9..813909e 100644
> --- a/target-arm/machine.c
> +++ b/target-arm/machine.c
> @@ -5,6 +5,7 @@
>  #include "sysemu/kvm.h"
>  #include "kvm_arm.h"
>  #include "internals.h"
> +#include "qmp-commands.h"
>
>  static bool vfp_needed(void *opaque)
>  {
> @@ -345,3 +346,8 @@ const char *gicv3_class_name(void)
>
>  exit(1);
>  }
> +
> +GICCapabilityList *qmp_query_gic_capabilities(Error **errp)
> +{
> +return NULL;
> +}

Why is this here? machine.c is for migration code.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 10/13] docker: Add travis tool

[Alex Bennée]

Fam Zheng  writes:

> On Wed, 03/16 09:09, Alex Bennée wrote:
>>
>> Fam Zheng  writes:
>>
>> > On Fri, 03/11 16:14, Alex Bennée wrote:
>> >>
>> >> Fam Zheng  writes:
>> >>
>> >> > The script is not named test-travis.sh so it won't run with "make
>> >> > docker-run", because it can take too long.
>> >> >
>> >> > Run it with "make docker-run-travis.sh@ubuntu".
>> >>
>> >> 16:08 alex@zen/x86_64  [qemu.git/review/docker-v3] >make 
>> >> docker-run-travis.sh@ubuntu
>> >> ARCHIVE qemu.tgz
>> >> COPY RUNNER
>> >> RUN travis.sh in ubuntu
>> >> ./run: line 49: /tmp/qemu-test/src/tests/docker/travis.sh: No such file 
>> >> or directory
>> >
>> > Will update the commit message.
>>
>> I had a bit of a further play with this while trying to help with the
>> recent Travis breakage.
>
> Did this help?

Daniel fixed it before I could get something up and running.

>
>> I realised we need to be clearer about what this
>> does. It's not the same as running on travis, just a way of iterating
>> through the travis build matrix on whatever image you happen to be on.
>
> Right. I have no idea how to precisely replicate travis environment, and I
> ignored python version, packages etc for simplicity, only the command matrix
> was simulated. But are there any major differences you are noticing? At least
> we are also on Ubuntu Trusty, the same as:
>
> https://docs.travis-ci.com/user/ci-environment/

No the current container based CI environment is Precise (Trusty is in
beta). I tried creating a precise image from scratch but apt got
confused about having both i386 and amd64 packages in package lists and
I didn't get the bottom of it before upstream was fixed.

>
> Fam
>
>>
>> It would be nice to have a travis image for local debug but that seems
>> to be harder to do than I thought. I couldn't find any such images on
>> the hub.


--
Alex Bennée

Re: [Qemu-devel] bogus bdrv_check_request in bdrv_co_discard

[Olaf Hering]

On Wed, Mar 09, Olaf Hering wrote:

> On Wed, Mar 09, Kevin Wolf wrote:
> 
> > Removing integer overflow checks without removing the potentially
> > overflowing operation doesn't feel like a particularly good idea,
> > though.
> 
> Why does the code use signed ints anyway for sectors and offset?!

Until this underlying bug is fixed a change like this works for me:

diff --git a/block/io.c b/block/io.c
index a69bfc4..df1e383 100644
--- a/block/io.c
+++ b/block/io.c
@@ -2464,7 +2464,7 @@ static void coroutine_fn bdrv_discard_co_entry(void 
*opaque)
 rwco->ret = bdrv_co_discard(rwco->bs, rwco->sector_num, rwco->nb_sectors);
 }

-int coroutine_fn bdrv_co_discard(BlockDriverState *bs, int64_t sector_num,
+static int __bdrv_co_discard(BlockDriverState *bs, int64_t sector_num,
  int nb_sectors)
 {   
 BdrvTrackedRequest req;
@@ -2546,6 +2546,26 @@ out:
 return ret;
 }

+int coroutine_fn bdrv_co_discard(BlockDriverState *bs, int64_t sector_num,
+ int nb_sectors)
+{
+int num, ret;
+int limit = BDRV_REQUEST_MAX_SECTORS;
+int remaining = nb_sectors;
+int64_t sector_offset = sector_num;
+
+do {
+num = remaining > limit ? limit : remaining;
+ret = __bdrv_co_discard(bs, sector_offset, num);
+if (ret < 0)
+break;
+remaining -= num;
+sector_offset += num;
+} while (remaining > 0);
+
+return ret;
+}
+
 int bdrv_discard(BlockDriverState *bs, int64_t sector_num, int nb_sectors)
 {   
 Coroutine *co;

Olaf

[Qemu-devel] [PATCH] block: Fix memory leak in hmp_drive_add_node()

[Kevin Wolf]

hmp_drive_add_node() leaked qdict in the error path when no node-name is
specified.

Signed-off-by: Kevin Wolf 
---
 blockdev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/blockdev.c b/blockdev.c
index e7b8676..50410bf 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -3898,6 +3898,7 @@ void hmp_drive_add_node(Monitor *mon, const char *optstr)
 qdict = qemu_opts_to_qdict(opts, NULL);
 
 if (!qdict_get_try_str(qdict, "node-name")) {
+QDECREF(qdict);
 error_report("'node-name' needs to be specified");
 goto out;
 }
-- 
1.8.3.1

[Qemu-devel] [PATCH 4/4] virtio-blk: Clean up start/stop with mutex and BH

[Fam Zheng]

This is to make the dataplane start logic simpler to understand.

Start/stop take the mutex so we don't need the starting flag. The bottom
half is scheduled in the iothread to actually hook up request handlers
with vq.

Suggested-by: Paolo Bonzini 
Signed-off-by: Fam Zheng 
---
 hw/block/dataplane/virtio-blk.c | 58 +++--
 1 file changed, 44 insertions(+), 14 deletions(-)

diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index 36f3d2b..9e5c543 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -26,7 +26,6 @@
 #include "qom/object_interfaces.h"
 
 struct VirtIOBlockDataPlane {
-bool starting;
 bool stopping;
 bool disabled;
 
@@ -49,6 +48,8 @@ struct VirtIOBlockDataPlane {
 
 /* Operation blocker on BDS */
 Error *blocker;
+
+QemuMutex start_stop_lock;
 };
 
 /* Raise an interrupt to signal guest, if necessary */
@@ -150,6 +151,7 @@ void virtio_blk_data_plane_create(VirtIODevice *vdev, 
VirtIOBlkConf *conf,
 s = g_new0(VirtIOBlockDataPlane, 1);
 s->vdev = vdev;
 s->conf = conf;
+qemu_mutex_init(>start_stop_lock);
 
 if (conf->iothread) {
 s->iothread = conf->iothread;
@@ -184,19 +186,47 @@ void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane 
*s)
 g_free(s);
 }
 
+typedef struct {
+VirtIOBlock *vblk;
+QEMUBH *bh;
+} VirtIOBlockStartData;
+
+static void virtio_blk_data_plane_start_bh_cb(void *opaque)
+{
+VirtIOBlockStartData *data = opaque;
+VirtIOBlockDataPlane *s = data->vblk->dataplane;
+
+qemu_mutex_lock(>start_stop_lock);
+if (!data->vblk->dataplane_started) {
+goto out;
+}
+/* Kick right away to begin processing requests already in vring */
+event_notifier_set(virtio_queue_get_host_notifier(s->vq));
+
+/* Get this show started by hooking up our callbacks */
+virtio_queue_aio_set_host_notifier_handler(s->vq, s->ctx, true, true);
+
+out:
+qemu_bh_delete(data->bh);
+g_free(data);
+qemu_mutex_unlock(>start_stop_lock);
+}
+
 /* Context: QEMU global mutex held */
 void virtio_blk_data_plane_start(VirtIOBlockDataPlane *s)
 {
 BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(s->vdev)));
 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
 VirtIOBlock *vblk = VIRTIO_BLK(s->vdev);
+VirtIOBlockStartData *data;
 int r;
 
-if (vblk->dataplane_started || s->starting) {
+qemu_mutex_lock(>start_stop_lock);
+if (vblk->dataplane_started) {
+qemu_mutex_unlock(>start_stop_lock);
 return;
 }
 
-s->starting = true;
 s->vq = virtio_get_queue(s->vdev, 0);
 
 /* Set up guest notifier (irq) */
@@ -215,27 +245,24 @@ void virtio_blk_data_plane_start(VirtIOBlockDataPlane *s)
 goto fail_host_notifier;
 }
 
-s->starting = false;
 vblk->dataplane_started = true;
 trace_virtio_blk_data_plane_start(s);
 
 blk_set_aio_context(s->conf->conf.blk, s->ctx);
 
-/* Kick right away to begin processing requests already in vring */
-event_notifier_set(virtio_queue_get_host_notifier(s->vq));
-
-/* Get this show started by hooking up our callbacks */
-aio_context_acquire(s->ctx);
-virtio_queue_aio_set_host_notifier_handler(s->vq, s->ctx, true, true);
-aio_context_release(s->ctx);
+data = g_new(VirtIOBlockStartData, 1);
+data->vblk = vblk;
+data->bh = aio_bh_new(s->ctx, virtio_blk_data_plane_start_bh_cb, data);
+qemu_bh_schedule(data->bh);
+qemu_mutex_unlock(>start_stop_lock);
 return;
 
   fail_host_notifier:
 k->set_guest_notifiers(qbus->parent, 1, false);
   fail_guest_notifiers:
 s->disabled = true;
-s->starting = false;
 vblk->dataplane_started = true;
+qemu_mutex_unlock(>start_stop_lock);
 }
 
 /* Context: QEMU global mutex held */
@@ -245,15 +272,16 @@ void virtio_blk_data_plane_stop(VirtIOBlockDataPlane *s)
 VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
 VirtIOBlock *vblk = VIRTIO_BLK(s->vdev);
 
+qemu_mutex_lock(>start_stop_lock);
 if (!vblk->dataplane_started || s->stopping) {
-return;
+goto out;
 }
 
 /* Better luck next time. */
 if (s->disabled) {
 s->disabled = false;
 vblk->dataplane_started = false;
-return;
+goto out;
 }
 s->stopping = true;
 trace_virtio_blk_data_plane_stop(s);
@@ -275,4 +303,6 @@ void virtio_blk_data_plane_stop(VirtIOBlockDataPlane *s)
 
 vblk->dataplane_started = false;
 s->stopping = false;
+out:
+qemu_mutex_unlock(>start_stop_lock);
 }
-- 
2.4.3

[Qemu-devel] [PATCH 3/4] virtio-blk: Use blk_drained_begin/end around dataplane stop

[Fam Zheng]

Signed-off-by: Fam Zheng 
---
 hw/block/virtio-blk.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index cb710f1..939ba79 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -653,11 +653,12 @@ static void virtio_blk_reset(VirtIODevice *vdev)
  */
 ctx = blk_get_aio_context(s->blk);
 aio_context_acquire(ctx);
-blk_drain(s->blk);
+blk_drained_begin(s->blk);
 
 if (s->dataplane) {
 virtio_blk_data_plane_stop(s->dataplane);
 }
+blk_drained_end(s->blk);
 aio_context_release(ctx);
 
 blk_set_enable_write_cache(s->blk, s->original_wce);
-- 
2.4.3

[Qemu-devel] [PATCH 2/4] block-backend: Introduce blk_drained_begin/end

[Fam Zheng]

They forward the call to bdrv_* counterparts.

Signed-off-by: Fam Zheng 
---
 block/block-backend.c  | 14 ++
 include/sysemu/block-backend.h |  2 ++
 2 files changed, 16 insertions(+)

diff --git a/block/block-backend.c b/block/block-backend.c
index 03e71b4..d686a63 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -891,6 +891,20 @@ void blk_drain(BlockBackend *blk)
 }
 }
 
+void blk_drained_begin(BlockBackend *blk)
+{
+if (blk->bs) {
+bdrv_drained_begin(blk->bs);
+}
+}
+
+void blk_drained_end(BlockBackend *blk)
+{
+if (blk->bs) {
+bdrv_drained_end(blk->bs);
+}
+}
+
 void blk_drain_all(void)
 {
 bdrv_drain_all();
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 00d69ba..2cd53d0 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -128,6 +128,8 @@ int blk_co_flush(BlockBackend *blk);
 int blk_flush(BlockBackend *blk);
 int blk_flush_all(void);
 void blk_drain(BlockBackend *blk);
+void blk_drained_begin(BlockBackend *blk);
+void blk_drained_end(BlockBackend *blk);
 void blk_drain_all(void);
 void blk_set_on_error(BlockBackend *blk, BlockdevOnError on_read_error,
   BlockdevOnError on_write_error);
-- 
2.4.3

[Qemu-devel] [PATCH 1/4] block: Use drained section in bdrv_set_aio_context

[Fam Zheng]

An empty begin/end pair is almost the same as a bare bdrv_drain except
the aio_poll inside is wrapped by
aio_disable_external/aio_enable_external.

This is safer, and is the only way to achieve quiescence in this
aio_poll(), because bdrv_drained_begin/end pair cannot span across
context detach/attach options, so it's not possible to do by the caller.

Signed-off-by: Fam Zheng 
---
 block.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/block.c b/block.c
index 59a18a3..31f4a9f 100644
--- a/block.c
+++ b/block.c
@@ -3747,7 +3747,9 @@ void bdrv_attach_aio_context(BlockDriverState *bs,
 
 void bdrv_set_aio_context(BlockDriverState *bs, AioContext *new_context)
 {
-bdrv_drain(bs); /* ensure there are no in-flight requests */
+/* ensure there are no in-flight requests */
+bdrv_drained_begin(bs);
+bdrv_drained_end(bs);
 
 bdrv_detach_aio_context(bs);
 
-- 
2.4.3

[Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop

[Fam Zheng]

These are some ideas originated from analyzing the Christian's crash report on
virtio-blk dataplane torture test:

https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg02093.html

The ideas are mostly inspired/suggested by Paolo. This doesn't fix the bug, but
the first and the last patches seem to make the crash less frequent.  Also
thanks Cornelia Huck for reviewing the draft version posted in that thread.


Fam Zheng (4):
  block: Use drained section in bdrv_set_aio_context
  block-backend: Introduce blk_drained_begin/end
  virtio-blk: Use blk_drained_begin/end around dataplane stop
  virtio-blk: Clean up start/stop with mutex and BH

 block.c |  4 ++-
 block/block-backend.c   | 14 ++
 hw/block/dataplane/virtio-blk.c | 58 +++--
 hw/block/virtio-blk.c   |  3 ++-
 include/sysemu/block-backend.h  |  2 ++
 5 files changed, 65 insertions(+), 16 deletions(-)

-- 
2.4.3

Re: [Qemu-devel] [PULL] acpi: minor fix

[Peter Maydell]

On 15 March 2016 at 21:27, Michael S. Tsirkin  wrote:
> The following changes since commit 6a991e07bb8eeb7d7799a949c0528dffb84b2a98:
>
>   hw/acpi: fix GSI links UID (2016-03-15 16:16:57 +0200)
>
> are available in the git repository at:
>
>   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
>
> for you to fetch changes up to 3ba6a710e6ca1fb52cfdb38f39268e5c6e380ef9:
>
>   acpi-test: update UID for GSI links (2016-03-15 23:25:52 +0200)
>
> 
> acpi: minor fix
>
> Since previous pull acpi test triggers warnings,
> fix it up.
>
> Signed-off-by: Michael S. Tsirkin 
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH V4 1/2] net/filter-mirror: implement filter-redirector

[Li Zhijian]

On 03/16/2016 05:34 PM, Wen Congyang wrote:

On 03/16/2016 04:18 PM, Jason Wang wrote:



On 03/15/2016 06:03 PM, Zhang Chen wrote:

Filter-redirector is a netfilter plugin.
It gives qemu the ability to redirect net packet.
redirector can redirect filter's net packet to outdev.
and redirect indev's packet to filter.

   filter
 +
 |
 |
 redirector  |
+--+
|| |
|| |
|| |
   indev +---+   +-->  outdev
|| |
|| |
|| |
+--+
 |
 |
 v
   filter

usage:

-netdev user,id=hn0
-chardev socket,id=s0,host=ip_primary,port=X,server,nowait
-chardev socket,id=s1,host=ip_primary,port=Y,server,nowait
-filter-redirector,id=r0,netdev=hn0,queue=tx/rx/all,indev=s0,outdev=s1

Signed-off-by: Zhang Chen 
Signed-off-by: Wen Congyang 
Signed-off-by: Li Zhijian 
---
  net/filter-mirror.c | 236 
  qemu-options.hx |   9 ++
  vl.c|   3 +-
  3 files changed, 247 insertions(+), 1 deletion(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 1b1ec16..77ece41 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -26,12 +26,23 @@
  #define FILTER_MIRROR(obj) \
  OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)

+#define FILTER_REDIRECTOR(obj) \
+OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_REDIRECTOR)
+
  #define TYPE_FILTER_MIRROR "filter-mirror"
+#define TYPE_FILTER_REDIRECTOR "filter-redirector"
+#define REDIRECTOR_MAX_LEN NET_BUFSIZE

  typedef struct MirrorState {
  NetFilterState parent_obj;
+char *indev;
  char *outdev;
+CharDriverState *chr_in;
  CharDriverState *chr_out;
+int state; /* 0 = getting length, 1 = getting data */
+unsigned int index;
+unsigned int packet_len;
+uint8_t buf[REDIRECTOR_MAX_LEN];
  } MirrorState;

  static int filter_mirror_send(CharDriverState *chr_out,
@@ -68,6 +79,89 @@ err:
  return ret < 0 ? ret : -EIO;
  }

+static void
+redirector_to_filter(NetFilterState *nf, const uint8_t *buf, int len)
+{
+struct iovec iov = {
+.iov_base = (void *)buf,
+.iov_len = len,
+};
+
+if (nf->direction == NET_FILTER_DIRECTION_ALL ||
+nf->direction == NET_FILTER_DIRECTION_TX) {
+qemu_netfilter_pass_to_next(nf->netdev, 0, , 1, nf);
+}
+
+if (nf->direction == NET_FILTER_DIRECTION_ALL ||
+nf->direction == NET_FILTER_DIRECTION_RX) {
+qemu_netfilter_pass_to_next(nf->netdev->peer, 0, , 1, nf);
+ }
+}
+
+static int redirector_chr_can_read(void *opaque)
+{
+return REDIRECTOR_MAX_LEN;
+}
+
+static void redirector_chr_read(void *opaque, const uint8_t *buf, int size)
+{
+NetFilterState *nf = opaque;
+MirrorState *s = FILTER_REDIRECTOR(nf);
+unsigned int l;
+
+if (size == 0) {
+/* the peer is closed ? */
+return ;
+}


Looks like if you want to handle connection close, you need use event
handler when calling qemu_chr_add_handlers().


In which case, we will see size is 0 if we don't have a event handler?


It seems that the caller will never passes a '0' size to it.
So the size will never be 0.

But I perfer to have a event handler.
e.g.
- peer is closed after sending the length part only
- read handler always expect the data part
- (another) peer is connected again(assume peer can connect successfully)
- peer will send a length part first, which will confuse the read handler




For redirector filter, I think we don't care about if the char device
is disconnected. If the char device is ready again, we will continue
to read from the char device.

So I think we just add more comments here.




+
+/* most of code is stolen from net_socket_send */


This comment seems redundant.


+while (size > 0) {
+/* reassemble a packet from the network */
+switch (s->state) {
+case 0:
+l = 4 - s->index;
+if (l > size) {
+l = size;
+}
+memcpy(s->buf + s->index, buf, l);
+buf += l;
+size -= l;
+s->index += l;
+if (s->index == 4) {
+/* got length */
+s->packet_len = ntohl(*(uint32_t *)s->buf);
+s->index = 0;
+s->state = 1;
+}
+break;
+case 1:
+l = s->packet_len - s->index;
+if (l > size) {
+l = size;
+}
+if (s->index + l <= sizeof(s->buf)) {
+memcpy(s->buf + s->index, buf, l);
+} else 

Re: [Qemu-devel] [PATCH] ppc64: set MSR_SF bit

[Alexander Graf]

On 16.03.16 11:05, Laurent Vivier wrote:
> On 16/03/2016 10:48, Alexander Graf wrote:
>>
>>
>> On 16.03.16 10:43, Laurent Vivier wrote:
>>> When a qemu-system-ppc64 is started, the 64-bit mode bit
>>> is not set in MSR.
>>>
>>> Signed-off-by: Laurent Vivier 
>>
>> I guess commit 2cf3eb6df552cee74b52de9989e270b74e42847e broke this. I'm
>> surprised it didn't cause us more problems :).
> 
> Linux kernel is ready to manage that: see enable_64b_mode in
> arch/powerpc/kernel/head_64.S

We don't boot Linux directly though, only openBIOS and SLOF :).


Alex

Re: [Qemu-devel] [PATCH] ppc64: set MSR_SF bit

[Laurent Vivier]

On 16/03/2016 10:48, Alexander Graf wrote:
> 
> 
> On 16.03.16 10:43, Laurent Vivier wrote:
>> When a qemu-system-ppc64 is started, the 64-bit mode bit
>> is not set in MSR.
>>
>> Signed-off-by: Laurent Vivier 
> 
> I guess commit 2cf3eb6df552cee74b52de9989e270b74e42847e broke this. I'm
> surprised it didn't cause us more problems :).

Linux kernel is ready to manage that: see enable_64b_mode in
arch/powerpc/kernel/head_64.S

> Reviewed-by: Alexander Graf 

Thanks,
Laurent

>> ---
>>  target-ppc/translate_init.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
>> index bd0cffc..d7a1aeb 100644
>> --- a/target-ppc/translate_init.c
>> +++ b/target-ppc/translate_init.c
>> @@ -9663,7 +9663,7 @@ static void ppc_cpu_reset(CPUState *s)
>>  
>>  #if defined(TARGET_PPC64)
>>  if (env->mmu_model & POWERPC_MMU_64) {
>> -env->msr |= (1ULL << MSR_SF);
>> +msr |= (1ULL << MSR_SF);
>>  }
>>  #endif
>>  
>>

[Qemu-devel] [PULL 1/1] error: ensure errno detail is printed with error_abort

[Markus Armbruster]

From: "Daniel P. Berrange" 

When _abort is passed in, the error reporting code
will print the current error message and then abort() the
process. Unfortunately at the time it aborts, we've not
yet appended the errno detail. This makes debugging certain
problems significantly harder as the log is incomplete.

Signed-off-by: Daniel P. Berrange 
Message-Id: <1457544504-8548-22-git-send-email-berra...@redhat.com>
Signed-off-by: Markus Armbruster 
---
 util/error.c | 42 --
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/util/error.c b/util/error.c
index 471b8b3..47f93af 100644
--- a/util/error.c
+++ b/util/error.c
@@ -44,7 +44,8 @@ static void error_handle_fatal(Error **errp, Error *err)
 
 static void error_setv(Error **errp,
const char *src, int line, const char *func,
-   ErrorClass err_class, const char *fmt, va_list ap)
+   ErrorClass err_class, const char *fmt, va_list ap,
+   const char *suffix)
 {
 Error *err;
 int saved_errno = errno;
@@ -56,6 +57,11 @@ static void error_setv(Error **errp,
 
 err = g_malloc0(sizeof(*err));
 err->msg = g_strdup_vprintf(fmt, ap);
+if (suffix) {
+char *msg = err->msg;
+err->msg = g_strdup_printf("%s: %s", msg, suffix);
+g_free(msg);
+}
 err->err_class = err_class;
 err->src = src;
 err->line = line;
@@ -74,7 +80,7 @@ void error_set_internal(Error **errp,
 va_list ap;
 
 va_start(ap, fmt);
-error_setv(errp, src, line, func, err_class, fmt, ap);
+error_setv(errp, src, line, func, err_class, fmt, ap, NULL);
 va_end(ap);
 }
 
@@ -85,7 +91,7 @@ void error_setg_internal(Error **errp,
 va_list ap;
 
 va_start(ap, fmt);
-error_setv(errp, src, line, func, ERROR_CLASS_GENERIC_ERROR, fmt, ap);
+error_setv(errp, src, line, func, ERROR_CLASS_GENERIC_ERROR, fmt, ap, 
NULL);
 va_end(ap);
 }
 
@@ -94,7 +100,6 @@ void error_setg_errno_internal(Error **errp,
int os_errno, const char *fmt, ...)
 {
 va_list ap;
-char *msg;
 int saved_errno = errno;
 
 if (errp == NULL) {
@@ -102,15 +107,10 @@ void error_setg_errno_internal(Error **errp,
 }
 
 va_start(ap, fmt);
-error_setv(errp, src, line, func, ERROR_CLASS_GENERIC_ERROR, fmt, ap);
+error_setv(errp, src, line, func, ERROR_CLASS_GENERIC_ERROR, fmt, ap,
+   os_errno != 0 ? strerror(os_errno) : NULL);
 va_end(ap);
 
-if (os_errno != 0) {
-msg = (*errp)->msg;
-(*errp)->msg = g_strdup_printf("%s: %s", msg, strerror(os_errno));
-g_free(msg);
-}
-
 errno = saved_errno;
 }
 
@@ -174,24 +174,22 @@ void error_setg_win32_internal(Error **errp,
int win32_err, const char *fmt, ...)
 {
 va_list ap;
-char *msg1, *msg2;
+char *suffix = NULL;
 
 if (errp == NULL) {
 return;
 }
 
-va_start(ap, fmt);
-error_setv(errp, src, line, func, ERROR_CLASS_GENERIC_ERROR, fmt, ap);
-va_end(ap);
-
 if (win32_err != 0) {
-msg1 = (*errp)->msg;
-msg2 = g_win32_error_message(win32_err);
-(*errp)->msg = g_strdup_printf("%s: %s (error: %x)", msg1, msg2,
-   (unsigned)win32_err);
-g_free(msg2);
-g_free(msg1);
+suffix = g_win32_error_message(win32_err);
 }
+
+va_start(ap, fmt);
+error_setv(errp, src, line, func, ERROR_CLASS_GENERIC_ERROR,
+   fmt, ap, suffix);
+va_end(ap);
+
+g_free(suffix);
 }
 
 #endif
-- 
2.4.3

[Qemu-devel] [PULL 0/1] Error reporting patches for 2016-03-16

[Markus Armbruster]

The following changes since commit a6cdb77f816961f929d7934643febd2852230135:

  Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into 
staging (2016-03-15 17:09:52 +)

are available in the git repository at:

  git://repo.or.cz/qemu/armbru.git tags/pull-error-2016-03-16

for you to fetch changes up to 20e2dec14954568848ad74e73aee9b3aeedd6584:

  error: ensure errno detail is printed with error_abort (2016-03-16 10:55:51 
+0100)


Error reporting patches for 2016-03-16


Daniel P. Berrange (1):
  error: ensure errno detail is printed with error_abort

 util/error.c | 42 --
 1 file changed, 20 insertions(+), 22 deletions(-)

-- 
2.4.3

[Qemu-devel] [PULL 1/3] qdev-monitor: improve error message when alias device is unavailable

[Markus Armbruster]

From: Sascha Silbe 

When trying to instantiate an alias that points to a device class that
doesn't exist, the error message looks like qemu misunderstood the
request:

$ s390x-softmmu/qemu-system-s390x -device virtio-gpu
qemu-system-s390x: -device virtio-gpu: 'virtio-gpu-ccw' is not a valid
device model name

Special-case the error message to make it explicit that alias
expansion is going on:

$ s390x-softmmu/qemu-system-s390x -device virtio-gpu
qemu-system-s390x: -device virtio-gpu: 'virtio-gpu' (alias
'virtio-gpu-ccw') is not a valid device model name

Suggested-By: Cornelia Huck 
Signed-off-by: Sascha Silbe 
Message-Id: <1455831854-49013-2-git-send-email-si...@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Markus Armbruster 
---
 qdev-monitor.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/qdev-monitor.c b/qdev-monitor.c
index 81e3ff3..e5136d7 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -188,6 +188,7 @@ static DeviceClass *qdev_get_device_class(const char 
**driver, Error **errp)
 {
 ObjectClass *oc;
 DeviceClass *dc;
+const char *original_name = *driver;
 
 oc = object_class_by_name(*driver);
 if (!oc) {
@@ -200,7 +201,12 @@ static DeviceClass *qdev_get_device_class(const char 
**driver, Error **errp)
 }
 
 if (!object_class_dynamic_cast(oc, TYPE_DEVICE)) {
-error_setg(errp, "'%s' is not a valid device model name", *driver);
+if (*driver != original_name) {
+error_setg(errp, "'%s' (alias '%s') is not a valid device model"
+   " name", original_name, *driver);
+} else {
+error_setg(errp, "'%s' is not a valid device model name", *driver);
+}
 return NULL;
 }
 
-- 
2.4.3

[Qemu-devel] [PULL 2/3] qdev-monitor: sort alias table by typename

[Markus Armbruster]

From: Sascha Silbe 

Sort the alias table by typename so it's easier to see which aliases
exist.

Signed-off-by: Sascha Silbe 
Message-Id: <1455831854-49013-3-git-send-email-si...@linux.vnet.ibm.com>
Reviewed-by: Halil Pasic 
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Markus Armbruster 
---
 qdev-monitor.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/qdev-monitor.c b/qdev-monitor.c
index e5136d7..4e3681c 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -39,19 +39,20 @@ typedef struct QDevAlias
 uint32_t arch_mask;
 } QDevAlias;
 
+/* Please keep this table sorted by typename. */
 static const QDevAlias qdev_alias_table[] = {
-{ "virtio-blk-pci", "virtio-blk", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
-{ "virtio-net-pci", "virtio-net", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
-{ "virtio-serial-pci", "virtio-serial", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "e1000", "e1000-82540em" },
+{ "ich9-ahci", "ahci" },
+{ "kvm-pci-assign", "pci-assign" },
+{ "lsi53c895a", "lsi" },
 { "virtio-balloon-pci", "virtio-balloon",
 QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
 { "virtio-blk-ccw", "virtio-blk", QEMU_ARCH_S390X },
+{ "virtio-blk-pci", "virtio-blk", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
 { "virtio-net-ccw", "virtio-net", QEMU_ARCH_S390X },
+{ "virtio-net-pci", "virtio-net", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
 { "virtio-serial-ccw", "virtio-serial", QEMU_ARCH_S390X },
-{ "lsi53c895a", "lsi" },
-{ "ich9-ahci", "ahci" },
-{ "kvm-pci-assign", "pci-assign" },
-{ "e1000", "e1000-82540em" },
+{ "virtio-serial-pci", "virtio-serial", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
 { }
 };
 
-- 
2.4.3

[Qemu-devel] [PULL 3/3] qdev-monitor: add missing aliases for virtio device classes

[Markus Armbruster]

From: Sascha Silbe 

virtio-{blk,balloon,net,serial} are aliases for their actual,
architecture-dependent implementations (*-ccw on s390x, *-pci on other
architectures supporting virtio). This makes it a lot easier to craft
qemu invocations that work on all supported architectures. Complete
the set to cover all existing non-abstract virtio device classes.

For virtio-balloon, only the CCW implementation was missing.

Signed-off-by: Sascha Silbe 
Message-Id: <1455831854-49013-4-git-send-email-si...@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Markus Armbruster 
---
 qdev-monitor.c | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/qdev-monitor.c b/qdev-monitor.c
index 4e3681c..be6a07e 100644
--- a/qdev-monitor.c
+++ b/qdev-monitor.c
@@ -45,14 +45,33 @@ static const QDevAlias qdev_alias_table[] = {
 { "ich9-ahci", "ahci" },
 { "kvm-pci-assign", "pci-assign" },
 { "lsi53c895a", "lsi" },
+{ "virtio-9p-ccw", "virtio-9p", QEMU_ARCH_S390X },
+{ "virtio-9p-pci", "virtio-9p", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "virtio-balloon-ccw", "virtio-balloon", QEMU_ARCH_S390X },
 { "virtio-balloon-pci", "virtio-balloon",
 QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
 { "virtio-blk-ccw", "virtio-blk", QEMU_ARCH_S390X },
 { "virtio-blk-pci", "virtio-blk", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "virtio-gpu-ccw", "virtio-gpu", QEMU_ARCH_S390X },
+{ "virtio-gpu-pci", "virtio-gpu", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "virtio-input-host-ccw", "virtio-input-host", QEMU_ARCH_S390X },
+{ "virtio-input-host-pci", "virtio-input-host",
+QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "virtio-keyboard-ccw", "virtio-keyboard", QEMU_ARCH_S390X },
+{ "virtio-keyboard-pci", "virtio-keyboard",
+QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "virtio-mouse-ccw", "virtio-mouse", QEMU_ARCH_S390X },
+{ "virtio-mouse-pci", "virtio-mouse", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
 { "virtio-net-ccw", "virtio-net", QEMU_ARCH_S390X },
 { "virtio-net-pci", "virtio-net", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "virtio-rng-ccw", "virtio-rng", QEMU_ARCH_S390X },
+{ "virtio-rng-pci", "virtio-rng", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "virtio-scsi-ccw", "virtio-scsi", QEMU_ARCH_S390X },
+{ "virtio-scsi-pci", "virtio-scsi", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
 { "virtio-serial-ccw", "virtio-serial", QEMU_ARCH_S390X },
 { "virtio-serial-pci", "virtio-serial", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
+{ "virtio-tablet-ccw", "virtio-tablet", QEMU_ARCH_S390X },
+{ "virtio-tablet-pci", "virtio-tablet", QEMU_ARCH_ALL & ~QEMU_ARCH_S390X },
 { }
 };
 
-- 
2.4.3

[Qemu-devel] [PULL 0/3] Monitor patches for 2016-03-16

[Markus Armbruster]

The following changes since commit a6cdb77f816961f929d7934643febd2852230135:

  Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into 
staging (2016-03-15 17:09:52 +)

are available in the git repository at:

  git://repo.or.cz/qemu/armbru.git tags/pull-monitor-2016-03-16

for you to fetch changes up to 588c36cac7a658758b3e0b60bfd62ebc2e4045c6:

  qdev-monitor: add missing aliases for virtio device classes (2016-03-16 
10:13:10 +0100)


Monitor patches for 2016-03-16


Sascha Silbe (3):
  qdev-monitor: improve error message when alias device is unavailable
  qdev-monitor: sort alias table by typename
  qdev-monitor: add missing aliases for virtio device classes

 qdev-monitor.c | 42 ++
 1 file changed, 34 insertions(+), 8 deletions(-)

-- 
2.4.3

Re: [Qemu-devel] [PATCH] ppc64: set MSR_SF bit

[Alexander Graf]

On 16.03.16 10:43, Laurent Vivier wrote:
> When a qemu-system-ppc64 is started, the 64-bit mode bit
> is not set in MSR.
> 
> Signed-off-by: Laurent Vivier 

I guess commit 2cf3eb6df552cee74b52de9989e270b74e42847e broke this. I'm
surprised it didn't cause us more problems :).

Reviewed-by: Alexander Graf 

> ---
>  target-ppc/translate_init.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
> index bd0cffc..d7a1aeb 100644
> --- a/target-ppc/translate_init.c
> +++ b/target-ppc/translate_init.c
> @@ -9663,7 +9663,7 @@ static void ppc_cpu_reset(CPUState *s)
>  
>  #if defined(TARGET_PPC64)
>  if (env->mmu_model & POWERPC_MMU_64) {
> -env->msr |= (1ULL << MSR_SF);
> +msr |= (1ULL << MSR_SF);
>  }
>  #endif
>  
> 

[Qemu-devel] [PATCH] ppc64: set MSR_SF bit

[Laurent Vivier]

When a qemu-system-ppc64 is started, the 64-bit mode bit
is not set in MSR.

Signed-off-by: Laurent Vivier 
---
 target-ppc/translate_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index bd0cffc..d7a1aeb 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -9663,7 +9663,7 @@ static void ppc_cpu_reset(CPUState *s)
 
 #if defined(TARGET_PPC64)
 if (env->mmu_model & POWERPC_MMU_64) {
-env->msr |= (1ULL << MSR_SF);
+msr |= (1ULL << MSR_SF);
 }
 #endif
 
-- 
2.5.0

[Qemu-devel] [PATCH] vl: fix comment about when parsing cpu definitions

[Wei Jiangang]

machine->init() was replaced with machine_class->init().

Signed-off-by: Wei Jiangang 
---
 vl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vl.c b/vl.c
index 7a28982..3c403d1 100644
--- a/vl.c
+++ b/vl.c
@@ -4079,7 +4079,7 @@ int main(int argc, char **argv, char **envp)
 /* Init CPU def lists, based on config
  * - Must be called after all the qemu_read_config_file() calls
  * - Must be called before list_cpus()
- * - Must be called before machine->init()
+ * - Must be called before machine_class->init()
  */
 cpudef_init();
 
-- 
1.9.3

Re: [Qemu-devel] [PATCH V4 1/2] net/filter-mirror: implement filter-redirector

[Wen Congyang]

On 03/16/2016 04:18 PM, Jason Wang wrote:
> 
> 
> On 03/15/2016 06:03 PM, Zhang Chen wrote:
>> Filter-redirector is a netfilter plugin.
>> It gives qemu the ability to redirect net packet.
>> redirector can redirect filter's net packet to outdev.
>> and redirect indev's packet to filter.
>>
>>   filter
>> +
>> |
>> |
>> redirector  |
>>+--+
>>|| |
>>|| |
>>|| |
>>   indev +---+   +-->  outdev
>>|| |
>>|| |
>>|| |
>>+--+
>> |
>> |
>> v
>>   filter
>>
>> usage:
>>
>> -netdev user,id=hn0
>> -chardev socket,id=s0,host=ip_primary,port=X,server,nowait
>> -chardev socket,id=s1,host=ip_primary,port=Y,server,nowait
>> -filter-redirector,id=r0,netdev=hn0,queue=tx/rx/all,indev=s0,outdev=s1
>>
>> Signed-off-by: Zhang Chen 
>> Signed-off-by: Wen Congyang 
>> Signed-off-by: Li Zhijian 
>> ---
>>  net/filter-mirror.c | 236 
>> 
>>  qemu-options.hx |   9 ++
>>  vl.c|   3 +-
>>  3 files changed, 247 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/filter-mirror.c b/net/filter-mirror.c
>> index 1b1ec16..77ece41 100644
>> --- a/net/filter-mirror.c
>> +++ b/net/filter-mirror.c
>> @@ -26,12 +26,23 @@
>>  #define FILTER_MIRROR(obj) \
>>  OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)
>>  
>> +#define FILTER_REDIRECTOR(obj) \
>> +OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_REDIRECTOR)
>> +
>>  #define TYPE_FILTER_MIRROR "filter-mirror"
>> +#define TYPE_FILTER_REDIRECTOR "filter-redirector"
>> +#define REDIRECTOR_MAX_LEN NET_BUFSIZE
>>  
>>  typedef struct MirrorState {
>>  NetFilterState parent_obj;
>> +char *indev;
>>  char *outdev;
>> +CharDriverState *chr_in;
>>  CharDriverState *chr_out;
>> +int state; /* 0 = getting length, 1 = getting data */
>> +unsigned int index;
>> +unsigned int packet_len;
>> +uint8_t buf[REDIRECTOR_MAX_LEN];
>>  } MirrorState;
>>  
>>  static int filter_mirror_send(CharDriverState *chr_out,
>> @@ -68,6 +79,89 @@ err:
>>  return ret < 0 ? ret : -EIO;
>>  }
>>  
>> +static void
>> +redirector_to_filter(NetFilterState *nf, const uint8_t *buf, int len)
>> +{
>> +struct iovec iov = {
>> +.iov_base = (void *)buf,
>> +.iov_len = len,
>> +};
>> +
>> +if (nf->direction == NET_FILTER_DIRECTION_ALL ||
>> +nf->direction == NET_FILTER_DIRECTION_TX) {
>> +qemu_netfilter_pass_to_next(nf->netdev, 0, , 1, nf);
>> +}
>> +
>> +if (nf->direction == NET_FILTER_DIRECTION_ALL ||
>> +nf->direction == NET_FILTER_DIRECTION_RX) {
>> +qemu_netfilter_pass_to_next(nf->netdev->peer, 0, , 1, nf);
>> + }
>> +}
>> +
>> +static int redirector_chr_can_read(void *opaque)
>> +{
>> +return REDIRECTOR_MAX_LEN;
>> +}
>> +
>> +static void redirector_chr_read(void *opaque, const uint8_t *buf, int size)
>> +{
>> +NetFilterState *nf = opaque;
>> +MirrorState *s = FILTER_REDIRECTOR(nf);
>> +unsigned int l;
>> +
>> +if (size == 0) {
>> +/* the peer is closed ? */
>> +return ;
>> +}
> 
> Looks like if you want to handle connection close, you need use event
> handler when calling qemu_chr_add_handlers().

In which case, we will see size is 0 if we don't have a event handler?

For redirector filter, I think we don't care about if the char device
is disconnected. If the char device is ready again, we will continue
to read from the char device.

So I think we just add more comments here.

> 
>> +
>> +/* most of code is stolen from net_socket_send */
> 
> This comment seems redundant.
> 
>> +while (size > 0) {
>> +/* reassemble a packet from the network */
>> +switch (s->state) {
>> +case 0:
>> +l = 4 - s->index;
>> +if (l > size) {
>> +l = size;
>> +}
>> +memcpy(s->buf + s->index, buf, l);
>> +buf += l;
>> +size -= l;
>> +s->index += l;
>> +if (s->index == 4) {
>> +/* got length */
>> +s->packet_len = ntohl(*(uint32_t *)s->buf);
>> +s->index = 0;
>> +s->state = 1;
>> +}
>> +break;
>> +case 1:
>> +l = s->packet_len - s->index;
>> +if (l > size) {
>> +l = size;
>> +}
>> +if (s->index + l <= sizeof(s->buf)) {
>> +memcpy(s->buf + s->index, buf, l);
>> +} else {
>> +fprintf(stderr, 

Re: [Qemu-devel] [PATCH v3 10/13] docker: Add travis tool

[Fam Zheng]

On Wed, 03/16 09:09, Alex Bennée wrote:
> 
> Fam Zheng  writes:
> 
> > On Fri, 03/11 16:14, Alex Bennée wrote:
> >>
> >> Fam Zheng  writes:
> >>
> >> > The script is not named test-travis.sh so it won't run with "make
> >> > docker-run", because it can take too long.
> >> >
> >> > Run it with "make docker-run-travis.sh@ubuntu".
> >>
> >> 16:08 alex@zen/x86_64  [qemu.git/review/docker-v3] >make 
> >> docker-run-travis.sh@ubuntu
> >> ARCHIVE qemu.tgz
> >> COPY RUNNER
> >> RUN travis.sh in ubuntu
> >> ./run: line 49: /tmp/qemu-test/src/tests/docker/travis.sh: No such file or 
> >> directory
> >
> > Will update the commit message.
> 
> I had a bit of a further play with this while trying to help with the
> recent Travis breakage.

Did this help?

> I realised we need to be clearer about what this
> does. It's not the same as running on travis, just a way of iterating
> through the travis build matrix on whatever image you happen to be on.

Right. I have no idea how to precisely replicate travis environment, and I
ignored python version, packages etc for simplicity, only the command matrix
was simulated. But are there any major differences you are noticing? At least
we are also on Ubuntu Trusty, the same as:

https://docs.travis-ci.com/user/ci-environment/

Fam

> 
> It would be nice to have a travis image for local debug but that seems
> to be harder to do than I thought. I couldn't find any such images on
> the hub.

[Qemu-devel] [PATCH 2/4] hw/audio: QOM cleanup for intel-hda

[xiaoqiang zhao]

drop the DO_UPCAST macro

Signed-off-by: xiaoqiang zhao 
---
 hw/audio/intel-hda.c | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
index d372d4a..5b1e760 100644
--- a/hw/audio/intel-hda.c
+++ b/hw/audio/intel-hda.c
@@ -52,8 +52,8 @@ void hda_codec_bus_init(DeviceState *dev, HDACodecBus *bus, 
size_t bus_size,
 
 static int hda_codec_dev_init(DeviceState *qdev)
 {
-HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, qdev->parent_bus);
-HDACodecDevice *dev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+HDACodecBus *bus = HDA_BUS(qdev->parent_bus);
+HDACodecDevice *dev = HDA_CODEC_DEVICE(qdev);
 HDACodecDeviceClass *cdc = HDA_CODEC_DEVICE_GET_CLASS(dev);
 
 if (dev->cad == -1) {
@@ -68,7 +68,7 @@ static int hda_codec_dev_init(DeviceState *qdev)
 
 static int hda_codec_dev_exit(DeviceState *qdev)
 {
-HDACodecDevice *dev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+HDACodecDevice *dev = HDA_CODEC_DEVICE(qdev);
 HDACodecDeviceClass *cdc = HDA_CODEC_DEVICE_GET_CLASS(dev);
 
 if (cdc->exit) {
@@ -84,7 +84,7 @@ HDACodecDevice *hda_codec_find(HDACodecBus *bus, uint32_t cad)
 
 QTAILQ_FOREACH(kid, >qbus.children, sibling) {
 DeviceState *qdev = kid->child;
-cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+cdev = HDA_CODEC_DEVICE(qdev);
 if (cdev->cad == cad) {
 return cdev;
 }
@@ -94,14 +94,14 @@ HDACodecDevice *hda_codec_find(HDACodecBus *bus, uint32_t 
cad)
 
 void hda_codec_response(HDACodecDevice *dev, bool solicited, uint32_t response)
 {
-HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
+HDACodecBus *bus = HDA_BUS(dev->qdev.parent_bus);
 bus->response(dev, solicited, response);
 }
 
 bool hda_codec_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
 uint8_t *buf, uint32_t len)
 {
-HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
+HDACodecBus *bus = HDA_BUS(dev->qdev.parent_bus);
 return bus->xfer(dev, stnr, output, buf, len);
 }
 
@@ -337,7 +337,7 @@ static void intel_hda_corb_run(IntelHDAState *d)
 
 static void intel_hda_response(HDACodecDevice *dev, bool solicited, uint32_t 
response)
 {
-HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
+HDACodecBus *bus = HDA_BUS(dev->qdev.parent_bus);
 IntelHDAState *d = container_of(bus, IntelHDAState, codecs);
 hwaddr addr;
 uint32_t wp, ex;
@@ -386,7 +386,7 @@ static void intel_hda_response(HDACodecDevice *dev, bool 
solicited, uint32_t res
 static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output,
uint8_t *buf, uint32_t len)
 {
-HDACodecBus *bus = DO_UPCAST(HDACodecBus, qbus, dev->qdev.parent_bus);
+HDACodecBus *bus = HDA_BUS(dev->qdev.parent_bus);
 IntelHDAState *d = container_of(bus, IntelHDAState, codecs);
 hwaddr addr;
 uint32_t s, copy, left;
@@ -493,7 +493,7 @@ static void intel_hda_notify_codecs(IntelHDAState *d, 
uint32_t stream, bool runn
 DeviceState *qdev = kid->child;
 HDACodecDeviceClass *cdc;
 
-cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+cdev = HDA_CODEC_DEVICE(qdev);
 cdc = HDA_CODEC_DEVICE_GET_CLASS(cdev);
 if (cdc->stream) {
 cdc->stream(cdev, stream, running, output);
@@ -1120,7 +1120,7 @@ static void intel_hda_reset(DeviceState *dev)
 /* reset codecs */
 QTAILQ_FOREACH(kid, >codecs.qbus.children, sibling) {
 DeviceState *qdev = kid->child;
-cdev = DO_UPCAST(HDACodecDevice, qdev, qdev);
+cdev = HDA_CODEC_DEVICE(qdev);
 device_reset(DEVICE(cdev));
 d->state_sts |= (1 << cdev->cad);
 }
-- 
2.1.4

Re: [Qemu-devel] [PULL 0/8] Memory, icount, chardev, KVM changes for 2016-03-15

[Peter Maydell]

On 15 March 2016 at 17:35, Paolo Bonzini  wrote:
> The following changes since commit a58a4cb18725117bf69e6bee0a753c8b73b09667:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
> (2016-03-15 16:43:48 +)
>
> are available in the git repository at:
>
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to e76d1798faa6d29f54c0930a034b67f3ecdb947d:
>
>   icount: decouple warp calls (2016-03-15 18:23:45 +0100)
>
> 
> * Miscellaneous exec.c fixes (Markus, myself)
> * Q35 support for -machine kernel_irqchip=split (Rita)
> * Chardev replay support (Pavel)
> * icount "warping" cleanups (Pavel)
>

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH 0/4] QOM'ify hw/audio files

[xiaoqiang zhao]

This patch set QOM'ify some files under hw/audio directory.
See each patch's commit message for details.

xiaoqiang zhao (4):
  hw/audio: QOM'ify cs4231.c
  hw/audio: QOM cleanup for intel-hda
  hw/audio: QOM'ify intel-hda
  hw/audio: QOM'ify milkymist-ac97.c

 hw/audio/cs4231.c | 12 +---
 hw/audio/intel-hda.c  | 30 --
 hw/audio/milkymist-ac97.c | 13 +
 3 files changed, 26 insertions(+), 29 deletions(-)

-- 
2.1.4

[Qemu-devel] [PATCH 3/4] hw/audio: QOM'ify intel-hda

[xiaoqiang zhao]

use DeviceClass::realize instead of DeviceClass::init

Signed-off-by: xiaoqiang zhao 
---
 hw/audio/intel-hda.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
index 5b1e760..36afbf2 100644
--- a/hw/audio/intel-hda.c
+++ b/hw/audio/intel-hda.c
@@ -50,7 +50,7 @@ void hda_codec_bus_init(DeviceState *dev, HDACodecBus *bus, 
size_t bus_size,
 bus->xfer = xfer;
 }
 
-static int hda_codec_dev_init(DeviceState *qdev)
+static void hda_codec_dev_realize(DeviceState *qdev, Error **errp)
 {
 HDACodecBus *bus = HDA_BUS(qdev->parent_bus);
 HDACodecDevice *dev = HDA_CODEC_DEVICE(qdev);
@@ -60,10 +60,12 @@ static int hda_codec_dev_init(DeviceState *qdev)
 dev->cad = bus->next_cad;
 }
 if (dev->cad >= 15) {
-return -1;
+error_setg(errp, "HDA audio codec address is full!");
+return;
 }
 bus->next_cad = dev->cad + 1;
-return cdc->init(dev);
+if (cdc->init(dev) != 0)
+error_setg(errp, "HDA audio init failed.");
 }
 
 static int hda_codec_dev_exit(DeviceState *qdev)
@@ -1298,7 +1300,7 @@ static const TypeInfo intel_hda_info_ich9 = {
 static void hda_codec_device_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *k = DEVICE_CLASS(klass);
-k->init = hda_codec_dev_init;
+k->realize = hda_codec_dev_realize;
 k->exit = hda_codec_dev_exit;
 set_bit(DEVICE_CATEGORY_SOUND, k->categories);
 k->bus_type = TYPE_HDA_BUS;
-- 
2.1.4

[Qemu-devel] [PATCH 1/4] hw/audio: QOM'ify cs4231.c

[xiaoqiang zhao]

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao 
---
 hw/audio/cs4231.c | 12 +---
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/hw/audio/cs4231.c b/hw/audio/cs4231.c
index caf97c1..30690f9 100644
--- a/hw/audio/cs4231.c
+++ b/hw/audio/cs4231.c
@@ -145,16 +145,15 @@ static const VMStateDescription vmstate_cs4231 = {
 }
 };
 
-static int cs4231_init1(SysBusDevice *dev)
+static void cs4231_init(Object *obj)
 {
-CSState *s = CS4231(dev);
+CSState *s = CS4231(obj);
+SysBusDevice *dev = SYS_BUS_DEVICE(obj);
 
-memory_region_init_io(>iomem, OBJECT(s), _mem_ops, s, "cs4321",
+memory_region_init_io(>iomem, obj, _mem_ops, s, "cs4321",
   CS_SIZE);
 sysbus_init_mmio(dev, >iomem);
 sysbus_init_irq(dev, >irq);
-
-return 0;
 }
 
 static Property cs4231_properties[] = {
@@ -164,9 +163,7 @@ static Property cs4231_properties[] = {
 static void cs4231_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
 
-k->init = cs4231_init1;
 dc->reset = cs_reset;
 dc->vmsd = _cs4231;
 dc->props = cs4231_properties;
@@ -176,6 +173,7 @@ static const TypeInfo cs4231_info = {
 .name  = TYPE_CS4231,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(CSState),
+.instance_init = cs4231_init,
 .class_init= cs4231_class_init,
 };
 
-- 
2.1.4

[Qemu-devel] [PATCH 4/4] hw/audio: QOM'ify milkymist-ac97.c

[xiaoqiang zhao]

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao 
---
 hw/audio/milkymist-ac97.c | 13 +
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/hw/audio/milkymist-ac97.c b/hw/audio/milkymist-ac97.c
index 6a3b536..ac78e00 100644
--- a/hw/audio/milkymist-ac97.c
+++ b/hw/audio/milkymist-ac97.c
@@ -284,10 +284,10 @@ static int ac97_post_load(void *opaque, int version_id)
 return 0;
 }
 
-static int milkymist_ac97_init(SysBusDevice *dev)
+static void milkymist_ac97_init(Object *obj)
 {
-MilkymistAC97State *s = MILKYMIST_AC97(dev);
-
+MilkymistAC97State *s = MILKYMIST_AC97(obj);
+SysBusDevice *dev = SYS_BUS_DEVICE(obj);
 struct audsettings as;
 sysbus_init_irq(dev, >crrequest_irq);
 sysbus_init_irq(dev, >crreply_irq);
@@ -306,11 +306,9 @@ static int milkymist_ac97_init(SysBusDevice *dev)
 s->voice_out = AUD_open_out(>card, s->voice_out,
 "mm_ac97.out", s, ac97_out_cb, );
 
-memory_region_init_io(>regs_region, OBJECT(s), _mmio_ops, s,
+memory_region_init_io(>regs_region, obj, _mmio_ops, s,
 "milkymist-ac97", R_MAX * 4);
 sysbus_init_mmio(dev, >regs_region);
-
-return 0;
 }
 
 static const VMStateDescription vmstate_milkymist_ac97 = {
@@ -327,9 +325,7 @@ static const VMStateDescription vmstate_milkymist_ac97 = {
 static void milkymist_ac97_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
 
-k->init = milkymist_ac97_init;
 dc->reset = milkymist_ac97_reset;
 dc->vmsd = _milkymist_ac97;
 }
@@ -338,6 +334,7 @@ static const TypeInfo milkymist_ac97_info = {
 .name  = TYPE_MILKYMIST_AC97,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(MilkymistAC97State),
+.instance_init = milkymist_ac97_init,
 .class_init= milkymist_ac97_class_init,
 };
 
-- 
2.1.4

Re: [Qemu-devel] [PATCH 15/17] ppc: Add dummy POWER8 MPPR register

[Cédric Le Goater]

On 03/16/2016 07:17 AM, Thomas Huth wrote:
> On 16.03.2016 02:14, David Gibson wrote:
>> On Mon, Mar 14, 2016 at 05:56:38PM +0100, Cédric Le Goater wrote:
>>> From: Benjamin Herrenschmidt 
>>>
>>> Controls the micropartition prefetch, this is pretty much meaningless
>>> in full emulation (used for priming the caches on real HW).
>>>
>>> Signed-off-by: Benjamin Herrenschmidt 
>>
>> So, this is readable with HV=0, so technically a fix even for non-HV
>> machines.  I'm guessing it's not actually read in practice outside the
>> HV, though.  Not sure if this should go in 2.6 or 2.7.
> 
> Patch looks simple (i.e. without risk) enough to be fine for 2.6, I think.
> But looking at this again, I wonder why there is no KVM_REG_PPC_*
> definition for this register, so that it could be sync'ed with the
> kernel, too? Is that on purpose or is it just missing by accident?

The spr was reverted : 


http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23316316c1af

I should have checked that. I guess we don't want to keep the patch for
2.6 then.

C.

>  Thomas
> 
>>> ---
>>>  target-ppc/cpu.h|  1 +
>>>  target-ppc/translate_init.c | 13 +
>>>  2 files changed, 14 insertions(+)
>>>
>>> diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
>>> index 81a3e6b5ed29..5203cc6a3bfb 100644
>>> --- a/target-ppc/cpu.h
>>> +++ b/target-ppc/cpu.h
>>> @@ -1398,6 +1398,7 @@ static inline int cpu_mmu_index (CPUPPCState *env, 
>>> bool ifetch)
>>>  #define SPR_DHDES (0x0B1)
>>>  #define SPR_DPDES (0x0B0)
>>>  #define SPR_DAWR  (0x0B4)
>>> +#define SPR_MPPR  (0x0B8)
>>>  #define SPR_RPR   (0x0BA)
>>>  #define SPR_DAWRX (0x0BC)
>>>  #define SPR_HFSCR (0x0BE)
>>> diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
>>> index 28a9c2e73156..cfb1bc088950 100644
>>> --- a/target-ppc/translate_init.c
>>> +++ b/target-ppc/translate_init.c
>>> @@ -8161,6 +8161,18 @@ static void gen_spr_power8_ic(CPUPPCState *env)
>>>  #endif
>>>  }
>>>  
>>> +static void gen_spr_power8_book4(CPUPPCState *env)
>>> +{
>>> +/* Add a number of P8 book4 registers */
>>> +#if !defined(CONFIG_USER_ONLY)
>>> +spr_register_hv(env, SPR_MPPR, "MPPR",
>>> +SPR_NOACCESS, SPR_NOACCESS,
>>> +_read_generic, SPR_NOACCESS,
>>> +_read_generic, _write_generic,
>>> +0);
>>> +#endif
>>> +}
>>> +
>>>  static void init_proc_book3s_64(CPUPPCState *env, int version)
>>>  {
>>>  gen_spr_ne_601(env);
>>> @@ -8216,6 +8228,7 @@ static void init_proc_book3s_64(CPUPPCState *env, int 
>>> version)
>>>  gen_spr_power8_rpr(env);
>>>  gen_spr_power8_dbell(env);
>>>  gen_spr_power8_ic(env);
>>> +gen_spr_power8_book4(env);
>>>  }
>>>  if (version < BOOK3S_CPU_POWER8) {
>>>  gen_spr_book3s_dbg(env);
>>
> 
> 

Re: [Qemu-devel] [PATCH V4 1/2] net/filter-mirror: implement filter-redirector

[Li Zhijian]

On 03/16/2016 04:18 PM, Jason Wang wrote:



On 03/15/2016 06:03 PM, Zhang Chen wrote:

Filter-redirector is a netfilter plugin.
It gives qemu the ability to redirect net packet.
redirector can redirect filter's net packet to outdev.
and redirect indev's packet to filter.

   filter
 +
 |
 |
 redirector  |
+--+
|| |
|| |
|| |
   indev +---+   +-->  outdev
|| |
|| |
|| |
+--+
 |
 |
 v
   filter

usage:

-netdev user,id=hn0
-chardev socket,id=s0,host=ip_primary,port=X,server,nowait
-chardev socket,id=s1,host=ip_primary,port=Y,server,nowait
-filter-redirector,id=r0,netdev=hn0,queue=tx/rx/all,indev=s0,outdev=s1

Signed-off-by: Zhang Chen 
Signed-off-by: Wen Congyang 
Signed-off-by: Li Zhijian 
---
  net/filter-mirror.c | 236 
  qemu-options.hx |   9 ++
  vl.c|   3 +-
  3 files changed, 247 insertions(+), 1 deletion(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 1b1ec16..77ece41 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -26,12 +26,23 @@
  #define FILTER_MIRROR(obj) \
  OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)

+#define FILTER_REDIRECTOR(obj) \
+OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_REDIRECTOR)
+
  #define TYPE_FILTER_MIRROR "filter-mirror"
+#define TYPE_FILTER_REDIRECTOR "filter-redirector"
+#define REDIRECTOR_MAX_LEN NET_BUFSIZE

  typedef struct MirrorState {
  NetFilterState parent_obj;
+char *indev;
  char *outdev;
+CharDriverState *chr_in;
  CharDriverState *chr_out;
+int state; /* 0 = getting length, 1 = getting data */
+unsigned int index;
+unsigned int packet_len;
+uint8_t buf[REDIRECTOR_MAX_LEN];
  } MirrorState;

  static int filter_mirror_send(CharDriverState *chr_out,
@@ -68,6 +79,89 @@ err:
  return ret < 0 ? ret : -EIO;
  }

+static void
+redirector_to_filter(NetFilterState *nf, const uint8_t *buf, int len)
+{
+struct iovec iov = {
+.iov_base = (void *)buf,
+.iov_len = len,
+};
+
+if (nf->direction == NET_FILTER_DIRECTION_ALL ||
+nf->direction == NET_FILTER_DIRECTION_TX) {
+qemu_netfilter_pass_to_next(nf->netdev, 0, , 1, nf);
+}
+
+if (nf->direction == NET_FILTER_DIRECTION_ALL ||
+nf->direction == NET_FILTER_DIRECTION_RX) {
+qemu_netfilter_pass_to_next(nf->netdev->peer, 0, , 1, nf);
+ }
+}
+
+static int redirector_chr_can_read(void *opaque)
+{
+return REDIRECTOR_MAX_LEN;
+}
+
+static void redirector_chr_read(void *opaque, const uint8_t *buf, int size)
+{
+NetFilterState *nf = opaque;
+MirrorState *s = FILTER_REDIRECTOR(nf);
+unsigned int l;
+
+if (size == 0) {
+/* the peer is closed ? */
+return ;
+}


Looks like if you want to handle connection close, you need use event
handler when calling qemu_chr_add_handlers().


That sounds good. we will remove this check and register a event handler to
deal with a close event.




+
+/* most of code is stolen from net_socket_send */


This comment seems redundant.


+while (size > 0) {
+/* reassemble a packet from the network */
+switch (s->state) {
+case 0:
+l = 4 - s->index;
+if (l > size) {
+l = size;
+}
+memcpy(s->buf + s->index, buf, l);
+buf += l;
+size -= l;
+s->index += l;
+if (s->index == 4) {
+/* got length */
+s->packet_len = ntohl(*(uint32_t *)s->buf);
+s->index = 0;
+s->state = 1;
+}
+break;
+case 1:
+l = s->packet_len - s->index;
+if (l > size) {
+l = size;
+}
+if (s->index + l <= sizeof(s->buf)) {
+memcpy(s->buf + s->index, buf, l);
+} else {
+fprintf(stderr, "serious error: oversized packet received,"
+"connection terminated.\n");


error_report() looks better.


OK




+s->state = 0;
+/* FIXME: do something ? */


This needs some thought, but at least reset the fd handler and state is
needed.


OK




+return;
+}
+
+s->index += l;
+buf += l;
+size -= l;
+if (s->index >= s->packet_len) {
+s->index = 0;
+s->state = 0;
+redirector_to_filter(nf, s->buf, 

Re: [Qemu-devel] [PATCH] spice: Disallow use of gl + TCP port

[Christophe Fergeau]

On Tue, Mar 15, 2016 at 03:32:31PM +0100, Gerd Hoffmann wrote:
> > We can do something similar once gl+tcp is available.
> 
> I don't expect adding gl+tcp support to spice needs changes in the
> spice-server API and qemu.  So ifdef'ing on the spice-server version is
> bogous,

Hmm, I expected some changes, at least wrt options if the user needs to
tweak the format of the video stream, hence the suggestion :)
Things get trickier then. Adding a runtime spice_get_version() would not
be that great either as the check would have to be updated with each
spice-server release.

I'd still like to have some failure when people try such configurations,
gathering all the pieces is complicated enough, better to let people
know when they try doing something that won't work.

Christophe


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 00/13] tests: Introducing docker tests

[Alex Bennée]

Fam Zheng  writes:

> On Fri, 03/11 16:16, Alex Bennée wrote:
>>
>> Fam Zheng  writes:
>>
>> > v3 changes:
>>
>> I think we are almost there. There a just a few tweaks to be made to
>> help text and prompts. Can you ensure that all examples in commit
>> messages and help text actually do run as expected?
>
> OK, I'm fixing these now and will send v4 very soon.
>
>>
>> Is it proposed this goes through Daniel's treee?
>
> I'm fine with that. So should I add Daniel in the MAINTAINERS patch? I can 
> also
> send a pull req my self if that's okay - I will then sign my gpg key with 
> Jason
> Wang.

It depends if Peter is happy to take the first pull request directly?

--
Alex Bennée

Re: [Qemu-devel] [PATCH v3 10/13] docker: Add travis tool

[Alex Bennée]

Fam Zheng  writes:

> On Fri, 03/11 16:14, Alex Bennée wrote:
>>
>> Fam Zheng  writes:
>>
>> > The script is not named test-travis.sh so it won't run with "make
>> > docker-run", because it can take too long.
>> >
>> > Run it with "make docker-run-travis.sh@ubuntu".
>>
>> 16:08 alex@zen/x86_64  [qemu.git/review/docker-v3] >make 
>> docker-run-travis.sh@ubuntu
>> ARCHIVE qemu.tgz
>> COPY RUNNER
>> RUN travis.sh in ubuntu
>> ./run: line 49: /tmp/qemu-test/src/tests/docker/travis.sh: No such file or 
>> directory
>
> Will update the commit message.

I had a bit of a further play with this while trying to help with the
recent Travis breakage. I realised we need to be clearer about what this
does. It's not the same as running on travis, just a way of iterating
through the travis build matrix on whatever image you happen to be on.

It would be nice to have a travis image for local debug but that seems
to be harder to do than I thought. I couldn't find any such images on
the hub.


>
> Fam


--
Alex Bennée

Re: [Qemu-devel] [PATCH 00/17] ppc: preparing pnv landing

[Cédric Le Goater]

On 03/16/2016 02:19 AM, David Gibson wrote:
> On Tue, Mar 15, 2016 at 09:11:31AM +0100, Cédric Le Goater wrote:
>> On 03/15/2016 01:39 AM, David Gibson wrote:
>>> On Mon, Mar 14, 2016 at 05:56:23PM +0100, Cédric Le Goater wrote:
 Hello,

 This is a first mini-serie of patches adding support for new ppc SPRs.
 They were taken from Ben's larger patchset adding the ppc powernv
 platform and they should already be useful for the pseries guest
 migration.

 Initial patches come from :

https://github.com/ozbenh/qemu/commits/powernv

 The changes are mostly due to the rebase on Dave's 2.6 branch:

https://github.com/dgibson/qemu/commits/ppc-for-2.6

 A couple more are bisect and checkpatch fixes and finally some patches
 were merge to reduce the noise.

   

 The patchset is also available here: 

https://github.com/legoater/qemu/commits/for-2.6

 It was quickly tested with a pseries guest using KVM and TCG.
>>>
>>> Hmm.. do these all fix bugs with migration, or only some of them?
>>
>> Probably only some. 
>>
>> Initially, Thomas gave a shorter list which I expanded to a larger one 
>> because of dependencies between patches and I didn't want to change too
>> much what Ben had sent. You had also reviewed a few.
>>
>>> The relevance is that things to fix migration should go into 2.6, but
>>> preparation work for powernv that doesn't fix bug shouldn't really be
>>> going in now, after the soft freeze and will need to wait for 2.7.
>>
>> OK. I will rework and keep the rest for 2.7. 
> 
> So, I'm ok with including (low risk) patches that aren't directly
> relevant to 2.6 if they're prereqs for patches that are relevant to
> 2.6.  After all, reworking the patches isn't risk free either.  Please
> mention why these patches are being included in the commit messages
> though.

Sure.  

>> Thomas, thanks for the review. I have identified a few things I need 
>> to work on but may be, the patchset is still too large for 2.6 ?
> 
> It's not really a question of being too large, it's that I'm nervous
> about applying patches which touch the core translation code
> (e.g. fixes to HV mode tests) during soft freeze if they're not
> addressing a bug that's relevant to 2.6.

Could you please take a look at these two patches to see if they are 
relevant for 2.6 ? From my readings, they seem to be the only ones on 
the edge.

06/17  ppc: Create cpu_ppc_set_papr() helper 
11/17  ppc: Initialize AMOR in PAPR mode  

but it makes sense to take them if we take :

12/17  ppc: Fix writing to AMR/UAMOR (move hunk to 13)
13/17  ppc: Add POWER8 IAMR register (rework hunk)

Thanks for the review,

C.

Re: [Qemu-devel] [PATCH v3 07/13] docker: Add full test

[Alex Bennée]

Fam Zheng  writes:

> On Fri, 03/11 16:10, Alex Bennée wrote:
>>
>> Fam Zheng  writes:
>>
>> > This builds all available targets.
>> >
>> > Signed-off-by: Fam Zheng 
>> > ---
>> >  tests/docker/test-full | 17 +
>> >  1 file changed, 17 insertions(+)
>> >  create mode 100755 tests/docker/test-full
>> >
>> > diff --git a/tests/docker/test-full b/tests/docker/test-full
>> > new file mode 100755
>> > index 000..fd9b798
>> > --- /dev/null
>> > +++ b/tests/docker/test-full
>> > @@ -0,0 +1,17 @@
>> > +#!/bin/bash -e
>> > +#
>> > +# Compile all the targets.
>> > +#
>> > +# Copyright (c) 2016 Red Hat Inc.
>> > +#
>> > +# Authors:
>> > +#  Fam Zheng 
>> > +#
>> > +# This work is licensed under the terms of the GNU GPL, version 2
>> > +# or (at your option) any later version. See the COPYING file in
>> > +# the top-level directory.
>> > +
>> > +. common.rc
>> > +
>> > +build_qemu
>>
>> If this is the full featured test how can we pass additional configure
>> flags to the build?
>
> Let's add an EXTRA_CONFIGURE_OPTS and use it in build_qemu. Works for
> you?

Sounds good to me.

>
>>
>> > +make check $MAKEFLAGS
>>
>>
>> --
>> Alex Bennée


--
Alex Bennée