Re: [Qemu-devel] [PATCH 2/3] hw/net/spapr_llan: Fix receive buffer handling for better performance

[David Gibson]

On Fri, Mar 18, 2016 at 08:56:56AM +0100, Thomas Huth wrote:
> On 17.03.2016 23:33, David Gibson wrote:
> > On Thu, Mar 17, 2016 at 04:15:38PM +0100, Thomas Huth wrote:
> >> On 17.03.2016 08:30, Thomas Huth wrote:
> >>> On 17.03.2016 07:23, David Gibson wrote:
>  On Wed, Mar 16, 2016 at 01:16:50PM +0100, Thomas Huth wrote:
> >
> > This patch introduces an alternate way of handling the receive
> > buffers of the spapr-vlan device, resulting in much better
> > receive performance for the guest.
> >> [...]
> > +/**
> > + * Enqueuing receive buffer by adding it to one of our receive buffer 
> > pools
> > + */
> > +static target_long spapr_vlan_add_rxbuf_to_pool(VIOsPAPRVLANDevice 
> > *dev,
> > +target_ulong buf)
> > +{
> > +int size = VLAN_BD_LEN(buf);
> > +int pool;
> > +
> > +pool = spapr_vlan_get_rx_pool_id(dev, size);
> > +
> > +/* No matching pool found? Try to create a new one */
> > +if (pool < 0) {
> > +for (pool = RX_MAX_POOLS - 1; pool >= 0 ; pool--) {
> 
>  I don't think this loop actually accomplishes anything.  Either the
>  last slot is free, in which case you use it, then sort into place, or
>  it's not, in which case you've hit the maximum number of buffer pools.
> >>>
> >>> Oh, you're right. Well spotted! I'll rework my patch to do it without
> >>> that loop.
> >>
> >> Wait, no, there was a case where this loop is actually really required:
> >>
> >> 1) All pools are in use and filled with at least one BD
> >> 2) User in the guest suddenly decides to change the buffer size of
> >>one of the pools in the /sys fs of the guest.
> >> 3) Guest driver tries to add buffers with a new size that do not
> >>match any size of one of the pools in the host
> >> 4) After the pool on the host runs empty which contained the BDs with
> >>the size that is not in use anymore, we should recycle that pool
> >>for the buffers with the new size instead. Since that buffer pool
> >>might not be at the end of the list, we've got to scan all buffers
> >>here to make sure we find it.
> >>
> >> So I think the for-loop should stay as it is.
> > 
> > Ah, good point.  I think I was assuming that the pools got sorted when
> > one was emptied as well, but they're not and I suspect it's not a good
> > idea to do so.
> > 
> > Hmm.. I wonder if there's a brief way of explaining the above to put
> > in the comment.
> 
> Something like:
> 
> /*
>  * If the guest used all pools, but changed the size of one pool
>  * inbetween, we might need to recycle that pool here (if it has
>  * already been emptied). Thus we need to scan all buffer pools
>  * here, not only the last one (which has the highest probability
>  * of being empty)
>  */
> 
> ?
> 
> Or is that too verbose already?

Eh, it's written might as well throw it in.


-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop

[Christian Borntraeger]

On 03/16/2016 12:09 PM, Paolo Bonzini wrote:
> 
> 
> On 16/03/2016 11:49, Christian Borntraeger wrote:
>> Seems to lockup.
> 
> That's an improvement actually. :)
> 
>> Thread 3 (Thread 0x3ff888dc910 (LWP 88958)):
>> #0  0x03ff8ca90cd4 in __lll_lock_wait () at /lib64/libpthread.so.0
>> #1  0x03ff8ca93e74 in __lll_lock_elision () at /lib64/libpthread.so.0
> 
> Off-topic, I love how s390 backtraces always have a little bit of
> showing off in them! :)

So I understood your first remark (about _working_ transactional memory) but  I 
cannot parse your 2nd one. For Conny it is exactly the opposite, so I will let
Conny answer belows discussion ;-)



> 
>> #3  0x800b713e in virtio_blk_data_plane_start (s=0xba232d80) at 
>> /home/cborntra/REPOS/qemu/hw/block/dataplane/virtio-blk.c:224
>> #4  0x800b4ea0 in virtio_blk_handle_output (vdev=0xb9eee7e8, 
>> vq=0xba305270) at /home/cborntra/REPOS/qemu/hw/block/virtio-blk.c:590
>> #5  0x800ef3dc in virtio_queue_notify_vq (vq=0xba305270) at 
>> /home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1095
>> #6  0x800f1c9c in virtio_queue_host_notifier_read (n=0xba3052c8) at 
>> /home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1785
>> #7  0x800f1e14 in virtio_queue_set_host_notifier_fd_handler 
>> (vq=0xba305270, assign=false, set_handler=false) at 
>> /home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1817
>> #8  0x80109c50 in virtio_ccw_set_guest2host_notifier 
>> (dev=0xb9eed6a0, n=0, assign=false, set_handler=false) at 
>> /home/cborntra/REPOS/qemu/hw/s390x/virtio-ccw.c:97
>> #9  0x80109ef2 in virtio_ccw_stop_ioeventfd (dev=0xb9eed6a0) at 
>> /home/cborntra/REPOS/qemu/hw/s390x/virtio-ccw.c:154
> 
> One bug is here: virtio_ccw_stop_ioeventfd, in this case, should pass
> assign=true to virtio_ccw_set_guest2host_notifier.  (Assuming my
> understanding of assign=true is correct; I think it means "I'm going to
> set up another host notifier handler").
> 
> In dataplane, instead, all calls to
> virtio_queue_set_host_notifier_fd_handler and
> virtio_queue_aio_set_host_notifier_handler should have assign=true.  The
> ioeventfd is just being moved from one aiocontext to another.
> 
> Paolo
> 
>> #10 0x8010d5aa in virtio_ccw_set_host_notifier (d=0xb9eed6a0, n=0, 
>> assign=true) at /home/cborntra/REPOS/qemu/hw/s390x/virtio-ccw.c:1211
>> #11 0x800b722c in virtio_blk_data_plane_start (s=0xba232d80) at 
>> /home/cborntra/REPOS/qemu/hw/block/dataplane/virtio-blk.c:242
>> #12 0x800b4ea0 in virtio_blk_handle_output (vdev=0xb9eee7e8, 
>> vq=0xba305270) at /home/cborntra/REPOS/qemu/hw/block/virtio-blk.c:590
>> #13 0x800ef3dc in virtio_queue_notify_vq (vq=0xba305270) at 
>> /home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1095
>> #14 0x800f1c9c in virtio_queue_host_notifier_read (n=0xba3052c8) at 
>> /home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1785
>> #15 0x802f1cd4 in aio_dispatch (ctx=0xb9e81c70) at 
>> /home/cborntra/REPOS/qemu/aio-posix.c:327
>> #16 0x802df31c in aio_ctx_dispatch (source=0xb9e81c70, callback=0x0, 
>> user_data=0x0) at /home/cborntra/REPOS/qemu/async.c:232
> 

Re: [Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop

[Paolo Bonzini]

On 16/03/2016 14:38, Christian Borntraeger wrote:
> > If you just remove the calls to virtio_queue_host_notifier_read, here
> > and in virtio_queue_aio_set_host_notifier_fd_handler, does it work
> > (keeping patches 2-4 in)?
> 
> With these changes and patch 2-4 it does no longer locks up. 
> I keep it running some hour to check if a crash happens.
> 
> Tu Bo, your setup is currently better suited for reproducing. Can you also 
> check?

Great, I'll prepare a patch to virtio then sketching the solution that
Conny agreed with.

While Fam and I agreed that patch 1 is not required, I'm not sure if the
mutex is necessary in the end.

So if Tu Bo can check without the virtio_queue_host_notifier_read calls,
and both with/without Fam's patches, it would be great.

Paolo

[Qemu-devel] [PATCH V7 1/2] net/filter-mirror: implement filter-redirector

[Zhang Chen]

Filter-redirector is a netfilter plugin.
It gives qemu the ability to redirect net packet.
redirector can redirect filter's net packet to outdev.
and redirect indev's packet to filter.

  filter
+
redirector  |
   +--+
   || |
  indev +---+   +-->  outdev
   || |
   +--+
|
v
  filter

usage:

-netdev user,id=hn0
-chardev socket,id=s0,host=ip_primary,port=X,server,nowait
-chardev socket,id=s1,host=ip_primary,port=Y,server,nowait
-filter-redirector,id=r0,netdev=hn0,queue=tx/rx/all,indev=s0,outdev=s1

Signed-off-by: Zhang Chen 
Signed-off-by: Wen Congyang 
Signed-off-by: Li Zhijian 
---
 net/filter-mirror.c | 244 
 qemu-options.hx |   9 ++
 vl.c|   3 +-
 3 files changed, 255 insertions(+), 1 deletion(-)

diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index 1b1ec16..f063906 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -26,12 +26,23 @@
 #define FILTER_MIRROR(obj) \
 OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_MIRROR)
 
+#define FILTER_REDIRECTOR(obj) \
+OBJECT_CHECK(MirrorState, (obj), TYPE_FILTER_REDIRECTOR)
+
 #define TYPE_FILTER_MIRROR "filter-mirror"
+#define TYPE_FILTER_REDIRECTOR "filter-redirector"
+#define REDIRECTOR_MAX_LEN NET_BUFSIZE
 
 typedef struct MirrorState {
 NetFilterState parent_obj;
+char *indev;
 char *outdev;
+CharDriverState *chr_in;
 CharDriverState *chr_out;
+int state; /* 0 = getting length, 1 = getting data */
+unsigned int index;
+unsigned int packet_len;
+uint8_t buf[REDIRECTOR_MAX_LEN];
 } MirrorState;
 
 static int filter_mirror_send(CharDriverState *chr_out,
@@ -68,6 +79,96 @@ err:
 return ret < 0 ? ret : -EIO;
 }
 
+static void
+redirector_to_filter(NetFilterState *nf, const uint8_t *buf, int len)
+{
+struct iovec iov = {
+.iov_base = (void *)buf,
+.iov_len = len,
+};
+
+if (nf->direction == NET_FILTER_DIRECTION_ALL ||
+nf->direction == NET_FILTER_DIRECTION_TX) {
+qemu_netfilter_pass_to_next(nf->netdev, 0, , 1, nf);
+}
+
+if (nf->direction == NET_FILTER_DIRECTION_ALL ||
+nf->direction == NET_FILTER_DIRECTION_RX) {
+qemu_netfilter_pass_to_next(nf->netdev->peer, 0, , 1, nf);
+ }
+}
+
+static int redirector_chr_can_read(void *opaque)
+{
+return REDIRECTOR_MAX_LEN;
+}
+
+static void redirector_chr_read(void *opaque, const uint8_t *buf, int size)
+{
+NetFilterState *nf = opaque;
+MirrorState *s = FILTER_REDIRECTOR(nf);
+unsigned int l;
+
+while (size > 0) {
+/* reassemble a packet from the network */
+switch (s->state) { /* 0 = getting length, 1 = getting data */
+case 0:
+l = 4 - s->index;
+if (l > size) {
+l = size;
+}
+memcpy(s->buf + s->index, buf, l);
+buf += l;
+size -= l;
+s->index += l;
+if (s->index == 4) {
+/* got length */
+s->packet_len = ntohl(*(uint32_t *)s->buf);
+s->index = 0;
+s->state = 1;
+}
+break;
+case 1:
+l = s->packet_len - s->index;
+if (l > size) {
+l = size;
+}
+if (s->index + l <= sizeof(s->buf)) {
+memcpy(s->buf + s->index, buf, l);
+} else {
+error_report("serious error: oversized packet received.");
+s->index = s->state = 0;
+qemu_chr_add_handlers(s->chr_in, NULL, NULL, NULL, NULL);
+return;
+}
+
+s->index += l;
+buf += l;
+size -= l;
+if (s->index >= s->packet_len) {
+s->index = 0;
+s->state = 0;
+redirector_to_filter(nf, s->buf, s->packet_len);
+}
+break;
+}
+}
+}
+
+static void redirector_chr_event(void *opaque, int event)
+{
+NetFilterState *nf = opaque;
+MirrorState *s = FILTER_REDIRECTOR(nf);
+
+switch (event) {
+case CHR_EVENT_CLOSED:
+qemu_chr_add_handlers(s->chr_in, NULL, NULL, NULL, NULL);
+break;
+default:
+break;
+}
+}
+
 static ssize_t filter_mirror_receive_iov(NetFilterState *nf,
  NetClientState *sender,
  unsigned flags,
@@ -90,6 +191,27 @@ static ssize_t filter_mirror_receive_iov(NetFilterState *nf,
 return 0;
 }
 
+static ssize_t filter_redirector_receive_iov(NetFilterState *nf,
+ NetClientState *sender,
+

[Qemu-devel] [PULL 15/29] block: Add bdrv_next_monitor_owned()

[Kevin Wolf]

From: Max Reitz 

Add a function for iterating over all monitor-owned BlockDriverStates so
the generic block layer can do so.

Signed-off-by: Max Reitz 
Signed-off-by: Kevin Wolf 
---
 blockdev.c  | 7 +++
 include/block/block.h   | 1 +
 stubs/Makefile.objs | 1 +
 stubs/bdrv-next-monitor-owned.c | 8 
 4 files changed, 17 insertions(+)
 create mode 100644 stubs/bdrv-next-monitor-owned.c

diff --git a/blockdev.c b/blockdev.c
index b6d2444..a5df7e7 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -723,6 +723,13 @@ void blockdev_close_all_bdrv_states(void)
 }
 }
 
+/* Iterates over the list of monitor-owned BlockDriverStates */
+BlockDriverState *bdrv_next_monitor_owned(BlockDriverState *bs)
+{
+return bs ? QTAILQ_NEXT(bs, monitor_list)
+  : QTAILQ_FIRST(_bdrv_states);
+}
+
 static void qemu_opt_rename(QemuOpts *opts, const char *from, const char *to,
 Error **errp)
 {
diff --git a/include/block/block.h b/include/block/block.h
index ea5be0f..09272c3 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -412,6 +412,7 @@ BlockDriverState *bdrv_lookup_bs(const char *device,
 bool bdrv_chain_contains(BlockDriverState *top, BlockDriverState *base);
 BlockDriverState *bdrv_next_node(BlockDriverState *bs);
 BlockDriverState *bdrv_next(BlockDriverState *bs);
+BlockDriverState *bdrv_next_monitor_owned(BlockDriverState *bs);
 int bdrv_is_encrypted(BlockDriverState *bs);
 int bdrv_key_required(BlockDriverState *bs);
 int bdrv_set_key(BlockDriverState *bs, const char *key);
diff --git a/stubs/Makefile.objs b/stubs/Makefile.objs
index 9d9f1d0..b6d1e65 100644
--- a/stubs/Makefile.objs
+++ b/stubs/Makefile.objs
@@ -1,4 +1,5 @@
 stub-obj-y += arch-query-cpu-def.o
+stub-obj-y += bdrv-next-monitor-owned.o
 stub-obj-y += blk-commit-all.o
 stub-obj-y += blockdev-close-all-bdrv-states.o
 stub-obj-y += clock-warp.o
diff --git a/stubs/bdrv-next-monitor-owned.c b/stubs/bdrv-next-monitor-owned.c
new file mode 100644
index 000..2acf6c3
--- /dev/null
+++ b/stubs/bdrv-next-monitor-owned.c
@@ -0,0 +1,8 @@
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "block/block.h"
+
+BlockDriverState *bdrv_next_monitor_owned(BlockDriverState *bs)
+{
+return NULL;
+}
-- 
1.8.3.1

[Qemu-devel] [PATCH v4 01/17] monitor: Use BB list for BB name completion

[Max Reitz]

Signed-off-by: Max Reitz 
---
 monitor.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/monitor.c b/monitor.c
index 894f862..4c02f0f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -42,6 +42,7 @@
 #include "ui/console.h"
 #include "ui/input.h"
 #include "sysemu/blockdev.h"
+#include "sysemu/block-backend.h"
 #include "audio/audio.h"
 #include "disas/disas.h"
 #include "sysemu/balloon.h"
@@ -3483,7 +3484,7 @@ static void monitor_find_completion_by_table(Monitor *mon,
 int i;
 const char *ptype, *str, *name;
 const mon_cmd_t *cmd;
-BlockDriverState *bs;
+BlockBackend *blk = NULL;
 
 if (nb_args <= 1) {
 /* command completion */
@@ -3538,8 +3539,8 @@ static void monitor_find_completion_by_table(Monitor *mon,
 case 'B':
 /* block device name completion */
 readline_set_completion_index(mon->rs, strlen(str));
-for (bs = bdrv_next(NULL); bs; bs = bdrv_next(bs)) {
-name = bdrv_get_device_name(bs);
+while ((blk = blk_next(blk)) != NULL) {
+name = blk_name(blk);
 if (str[0] == '\0' ||
 !strncmp(name, str, strlen(str))) {
 readline_add_completion(mon->rs, name);
-- 
2.7.3

[Qemu-devel] [PULL 08/40] ivshmem-test: Clean up wait for devices to become operational

[Markus Armbruster]

test_ivshmem_server() waits until the first byte in BAR 2 contains the
0x42 we put into shared memory.  Works because the byte reads zero
until the device maps the shared memory gotten from the server.

Check the IVPosition register instead: it's initially -1, and becomes
non-negative right when the device maps the share memory, so no
change, just cleaner, because it's what guest software is supposed to
do.

Signed-off-by: Markus Armbruster 
Reviewed-by: Marc-André Lureau 
Message-Id: <1458066895-20632-9-git-send-email-arm...@redhat.com>
---
 tests/ivshmem-test.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/tests/ivshmem-test.c b/tests/ivshmem-test.c
index a48dc49..bbea8cd 100644
--- a/tests/ivshmem-test.c
+++ b/tests/ivshmem-test.c
@@ -301,7 +301,6 @@ static void test_ivshmem_server(bool msi)
 int nvectors = 2;
 guint64 end_time = g_get_monotonic_time() + 5 * G_TIME_SPAN_SECOND;
 
-memset(tmpshmem, 0x42, TMPSHMSIZE);
 ret = ivshmem_server_init(, tmpserver, tmpshm, true,
   TMPSHMSIZE, nvectors,
   g_test_verbose());
@@ -315,9 +314,9 @@ static void test_ivshmem_server(bool msi)
 setup_vm_with_server(, nvectors, msi);
 s2 = 
 
+/* check state before server sends stuff */
 g_assert_cmpuint(in_reg(s1, IVPOSITION), ==, 0x);
 g_assert_cmpuint(in_reg(s2, IVPOSITION), ==, 0x);
-
 g_assert_cmpuint(qtest_readb(s1->qtest, (uintptr_t)s1->mem_base), ==, 
0x00);
 
 thread.server = 
@@ -326,12 +325,11 @@ static void test_ivshmem_server(bool msi)
 thread.thread = g_thread_new("ivshmem-server", server_thread, );
 g_assert(thread.thread != NULL);
 
-/* waiting until mapping is done */
+/* waiting for devices to become operational */
 while (g_get_monotonic_time() < end_time) {
 g_usleep(1000);
-
-if (qtest_readb(s1->qtest, (uintptr_t)s1->mem_base) == 0x42 &&
-qtest_readb(s2->qtest, (uintptr_t)s2->mem_base) == 0x42) {
+if ((int)in_reg(s1, IVPOSITION) >= 0 &&
+(int)in_reg(s2, IVPOSITION) >= 0) {
 break;
 }
 }
-- 
2.4.3

Re: [Qemu-devel] [ Patch 0/2] Support Receive-Segment-Offload(RSC) for WHQL test of Window guest

[Wei Xu]

On 2016年03月17日 23:44, Michael S. Tsirkin wrote:

On Thu, Mar 17, 2016 at 11:21:28PM +0800, Wei Xu wrote:


On 2016年03月17日 14:47, Jason Wang wrote:

On 03/15/2016 05:17 PM,w...@redhat.com  wrote:

From: Wei Xu

Fixed issues based on rfc patch v2:
1. Removed big param list, replace it with 'NetRscUnit'
2. Different virtio header size
3. Modify callback function to direct call.
4. Needn't check the failure of g_malloc()
5. Other code format adjustment, macro naming, etc

This patch is to support WHQL test for Windows guest, while this feature also
benifits other guest works as a kernel 'gro' like feature with userspace 
implementation.
Feature information:
   http://msdn.microsoft.com/en-us/library/windows/hardware/jj853324

Both IPv4 and IPv6 are supported, though performance with userspace virtio
is slow than vhost-net, there is about 1x to 3x performance improvement to
userspace virtio, this is done by turning this feature on and disable
'tso/gso/gro' on corresponding tap interface and guest interface, while get
less improment with all these feature on.

Test steps:
Although this feature is mainly used for window guest, i used linux guest to 
help test
the feature, to make things simple, i used 3 steps to test the patch as i moved 
on.
1. With a tcp socket client/server pair running on 2 linux guest, thus i can 
control
the traffic and debugging the code as i want.
2. Netperf on linux guest test the throughput.
3. WHQL test with 2 Windows guests.

Current status:
IPv4 pass all the above tests.
IPv6 just passed test step 1 and 2 as described ahead, the virtio nic cannot
receive any packet in WHQL test, looks like the test traffic is not sent from
on the support machine, test device can access both host and another linux
guest, tried a lot of ways to work it out but failed, maybe debug from windows
guest driver side can help figuring it out.

I think you need figure out where was the packet dropped first. If the
packet was not dropped by windows guest, you may want to try dropmonitor.

Yes, there is something wrong with my previous description, i add some debug
code and did new test, the packets are received by virtio_net_receive() and
are finished putting to the vring with no error and sent to win guest
already, but wireshark on win guest doesn't get it, because the test case
did some hacking on the filter, it installed another lightweight filter, i'm
not sure how these packets go in the guest, maybe they are received but
dropped by driver or stack, etc.

Add some debug output in the driver, rebuild it and see packets
as they are received and passed up the stack.
Yes, but this is to win guest, i tried to build a windows debug binary 
but failed, is there any possible missing path in virtio between pushed 
it to vring and notified the guest successfully? i'm sure at this by 
debugging it with gdb.



I tried 'dropmonitor', it's very interesting but it helps very limitedly for
windows guest, i can only use it with qemu on the host.

Note:
A 'MessageDevice' nic chose as 'Realtek' will panic the system sometimes during 
setup,
this can be figured out by replacing it with an 'e1000' nic.

Todo:
More sanity check and tcp 'ecn' and 'window' scale test.

Wei Xu (2):
   virtio-net rsc: support coalescing ipv4 tcp traffic
   virtio-net rsc: support coalescing ipv6 tcp traffic

  hw/net/virtio-net.c| 602 -
  include/hw/virtio/virtio-net.h |   1 +
  include/hw/virtio/virtio.h |  75 +
  3 files changed, 677 insertions(+), 1 deletion(-)

Re: [Qemu-devel] [PATCH v4 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters

[Dr. David Alan Gilbert]

* Daniel P. Berrange (berra...@redhat.com) wrote:
> Define two new migration parameters to be used with TLS encryption.
> The 'tls-creds' parameter provides the ID of an instance of the
> 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'.
> Providing these credentials will enable use of TLS on the migration
> data stream.
> 
> If using x509 certificates, together with a migration URI that does
> not include a hostname, the 'tls-hostname' parameter provides the
> hostname to use when verifying the server's x509 certificate. This
> allows TLS to be used in combination with fd: and exec: protocols
> where a TCP connection is established by a 3rd party outside of
> QEMU.
> 
> NB, this requires changing the migrate_set_parameter method in the
> HMP to accept a 's' (string) value instead of 'i' (integer). This
> is backwards compatible, because the parsing of strings allows the
> quotes to be optional, thus any integer is also a valid string.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  hmp-commands.hx   |  2 +-
>  hmp.c | 36 ++--
>  migration/migration.c | 14 +
>  qapi-schema.json  | 58 
> ---
>  4 files changed, 100 insertions(+), 10 deletions(-)
> 
> diff --git a/hmp-commands.hx b/hmp-commands.hx
> index 664d794..47939b5 100644
> --- a/hmp-commands.hx
> +++ b/hmp-commands.hx
> @@ -1008,7 +1008,7 @@ ETEXI
>  
>  {
>  .name   = "migrate_set_parameter",
> -.args_type  = "parameter:s,value:i",
> +.args_type  = "parameter:s,value:s",
>  .params = "parameter value",
>  .help   = "Set the parameter for migration",
>  .mhandler.cmd = hmp_migrate_set_parameter,
> diff --git a/hmp.c b/hmp.c
> index 7126f17..885b514 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -293,6 +293,12 @@ void hmp_info_migrate_parameters(Monitor *mon, const 
> QDict *qdict)
>  monitor_printf(mon, " %s: %" PRId64,
>  
> MigrationParameter_lookup[MIGRATION_PARAMETER_X_CPU_THROTTLE_INCREMENT],
>  params->x_cpu_throttle_increment);
> +monitor_printf(mon, " %s: '%s'",
> +MigrationParameter_lookup[MIGRATION_PARAMETER_TLS_CREDS],
> +params->tls_creds ? : "");
> +monitor_printf(mon, " %s: '%s'",
> +MigrationParameter_lookup[MIGRATION_PARAMETER_TLS_HOSTNAME],
> +params->tls_hostname ? : "");
>  monitor_printf(mon, "\n");
>  }
>  
> @@ -1242,13 +1248,16 @@ void hmp_migrate_set_capability(Monitor *mon, const 
> QDict *qdict)
>  void hmp_migrate_set_parameter(Monitor *mon, const QDict *qdict)
>  {
>  const char *param = qdict_get_str(qdict, "parameter");
> -int value = qdict_get_int(qdict, "value");
> +int valueint = 0;
> +const char *valuestr = NULL;
>  Error *err = NULL;
>  bool has_compress_level = false;
>  bool has_compress_threads = false;
>  bool has_decompress_threads = false;
>  bool has_x_cpu_throttle_initial = false;
>  bool has_x_cpu_throttle_increment = false;
> +bool has_tls_creds = false;
> +bool has_tls_hostname = false;
>  int i;
>  
>  for (i = 0; i < MIGRATION_PARAMETER__MAX; i++) {
> @@ -1256,25 +1265,40 @@ void hmp_migrate_set_parameter(Monitor *mon, const 
> QDict *qdict)
>  switch (i) {
>  case MIGRATION_PARAMETER_COMPRESS_LEVEL:
>  has_compress_level = true;
> +valueint = qdict_get_int(qdict, "value");

As discussed; those need to be checked to see if they're actually
valid integers.

Other than that, this looks good.

Dave

>  break;
>  case MIGRATION_PARAMETER_COMPRESS_THREADS:
>  has_compress_threads = true;
> +valueint = qdict_get_int(qdict, "value");
>  break;
>  case MIGRATION_PARAMETER_DECOMPRESS_THREADS:
>  has_decompress_threads = true;
> +valueint = qdict_get_int(qdict, "value");
>  break;
>  case MIGRATION_PARAMETER_X_CPU_THROTTLE_INITIAL:
>  has_x_cpu_throttle_initial = true;
> +valueint = qdict_get_int(qdict, "value");
>  break;
>  case MIGRATION_PARAMETER_X_CPU_THROTTLE_INCREMENT:
>  has_x_cpu_throttle_increment = true;
> +valueint = qdict_get_int(qdict, "value");
> +break;
> +case MIGRATION_PARAMETER_TLS_CREDS:
> +has_tls_creds = true;
> +valuestr = qdict_get_str(qdict, "value");
> +break;
> +case MIGRATION_PARAMETER_TLS_HOSTNAME:
> +has_tls_hostname = true;
> +valuestr = qdict_get_str(qdict, "value");
>  break;
>  }
> -qmp_migrate_set_parameters(has_compress_level, value,
> -

Re: [Qemu-devel] [PATCH v4 09/11] block: m25p80: Implemented FSR register

[Peter Crosthwaite]

On Mon, Feb 22, 2016 at 12:03 AM,   wrote:
> From: Marcin Krzeminski 
>
> Implements FSR register, it is used for busy waits.
>
> Signed-off-by: Marcin Krzeminski 
> ---
>  hw/block/m25p80.c | 11 +++
>  1 file changed, 11 insertions(+)
>
> diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
> index 4acc79a..bc0dadb 100644
> --- a/hw/block/m25p80.c
> +++ b/hw/block/m25p80.c
> @@ -222,6 +222,7 @@ typedef enum {
>  WREN = 0x6,
>  JEDEC_READ = 0x9f,
>  BULK_ERASE = 0xc7,
> +READ_FSR = 0x70,
>
>  READ = 0x3,
>  READ4 = 0x13,
> @@ -678,6 +679,16 @@ static void decode_new_cmd(Flash *s, uint32_t value)
>  s->state = STATE_READING_DATA;
>  break;
>
> +case READ_FSR:
> +s->data[0] = (1 << 7); /*Indicates flash is ready */
> +if (s->four_bytes_address_mode) {
> +s->data[0] |= 0x1;
> +}
> +s->pos = 0;
> +s->len = 1;
> +s->state = STATE_READING_DATA;
> +break;
> +

To be consistent with recommendation on CFG register macros it should
be done here too.

Otherwise:

Reviewed-by: Peter Crosthwaite 

>  case JEDEC_READ:
>  DB_PRINT_L(0, "populated jedec code\n");
>  s->data[0] = (s->pi->jedec >> 16) & 0xff;
> --
> 2.5.0
>

[Qemu-devel] [PATCH v5 26/28] migration: add support for encrypting data with TLS

[Daniel P. Berrange]

This extends the migration_set_incoming_channel and
migration_set_outgoing_channel methods so that they
will automatically wrap the QIOChannel in a
QIOChannelTLS instance if TLS credentials are configured
in the migration parameters.

This allows TLS to work for tcp, unix, fd and exec
migration protocols. It does not (currently) work for
RDMA since it does not use these APIs, but it is
unlikely that TLS would be desired with RDMA anyway
since it would degrade the performance to that seen
with TCP defeating the purpose of using RDMA.

On the target host, QEMU would be launched with a set
of TLS credentials for a server endpoint

 $ qemu-system-x86_64 -monitor stdio -incoming defer \
-object 
tls-creds-x509,dir=/home/berrange/security/qemutls,endpoint=server,id=tls0 \
...other args...

To enable incoming TLS migration 2 monitor commands are
then used

  (qemu) migrate_set_str_parameter tls-creds tls0
  (qemu) migrate_incoming tcp:myhostname:9000

On the source host, QEMU is launched in a similar
manner but using client endpoint credentials

 $ qemu-system-x86_64 -monitor stdio \
-object 
tls-creds-x509,dir=/home/berrange/security/qemutls,endpoint=client,id=tls0 \
...other args...

To enable outgoing TLS migration 2 monitor commands are
then used

  (qemu) migrate_set_str_parameter tls-creds tls0
  (qemu) migrate tcp:otherhostname:9000

Thanks to earlier improvements to error reporting,
TLS errors can be seen 'info migrate' when doing a
detached migration. For example:

  (qemu) info migrate
  capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: 
off compress: off events: off x-postcopy-ram: off
  Migration status: failed
  total time: 0 milliseconds
  error description: TLS handshake failed: The TLS connection was non-properly 
terminated.

Or

  (qemu) info migrate
  capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: 
off compress: off events: off x-postcopy-ram: off
  Migration status: failed
  total time: 0 milliseconds
  error description: Certificate does not match the hostname localhost

Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Daniel P. Berrange 
---
 include/migration/migration.h |  12 +++-
 migration/Makefile.objs   |   1 +
 migration/exec.c  |   2 +-
 migration/fd.c|   2 +-
 migration/migration.c |  40 +--
 migration/socket.c|  34 +++--
 migration/tls.c   | 160 ++
 trace-events  |  12 +++-
 8 files changed, 246 insertions(+), 17 deletions(-)
 create mode 100644 migration/tls.c

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 9c5a002..332b198 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -188,8 +188,18 @@ void qemu_start_incoming_migration(const char *uri, Error 
**errp);
 void migration_set_incoming_channel(MigrationState *s,
 QIOChannel *ioc);
 
+void migration_tls_set_incoming_channel(MigrationState *s,
+QIOChannel *ioc,
+Error **errp);
+
 void migration_set_outgoing_channel(MigrationState *s,
-QIOChannel *ioc);
+QIOChannel *ioc,
+const char *hostname);
+
+void migration_tls_set_outgoing_channel(MigrationState *s,
+QIOChannel *ioc,
+const char *hostname,
+Error **errp);
 
 uint64_t migrate_max_downtime(void);
 
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index 7b9051c..e68b54d 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -1,4 +1,5 @@
 common-obj-y += migration.o socket.o fd.o exec.o
+common-obj-y += tls.o
 common-obj-y += vmstate.o
 common-obj-y += qemu-file.o
 common-obj-y += qemu-file-channel.o
diff --git a/migration/exec.c b/migration/exec.c
index 4f439b4..a5debc6 100644
--- a/migration/exec.c
+++ b/migration/exec.c
@@ -36,7 +36,7 @@ void exec_start_outgoing_migration(MigrationState *s, const 
char *command, Error
 return;
 }
 
-migration_set_outgoing_channel(s, ioc);
+migration_set_outgoing_channel(s, ioc, NULL);
 object_unref(OBJECT(ioc));
 }
 
diff --git a/migration/fd.c b/migration/fd.c
index 1a7fd43..e089bf4 100644
--- a/migration/fd.c
+++ b/migration/fd.c
@@ -36,7 +36,7 @@ void fd_start_outgoing_migration(MigrationState *s, const 
char *fdname, Error **
 return;
 }
 
-migration_set_outgoing_channel(s, ioc);
+migration_set_outgoing_channel(s, ioc, NULL);
 object_unref(OBJECT(ioc));
 }
 
diff --git a/migration/migration.c b/migration/migration.c
index a2b0fb5..f3cd2c4 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -35,6 +35,7 @@
 

Re: [Qemu-devel] [Qemu-block] [PATCH 00/16] AioContext fine-grained locking, part 1 of 3, including bdrv_drain rewrite

[Stefan Hajnoczi]

On Thu, Mar 17, 2016 at 02:48:00PM +0100, Paolo Bonzini wrote:
> 
> 
> On 17/03/2016 14:44, Stefan Hajnoczi wrote:
> > > For example, each part will probably have an uncontroversial and
> > > generally useful prefix---for example patches 1-4 in this case, or the
> > > change to a single linux-aio context per iothread.  You could merge
> > > those only, and for the rest, I will maintain myself a branch with R-b
> > > from maintainers.  Master will be periodically merged into it, but not
> > > too frequently---it could be only after each part is accepted, or when
> > > there is some important bugfix to catch.  Once the whole multiqueue
> > > thing gets somewhere I would send you a pull request with the entire
> > > feature, which would consist of say 200 patches all with a Reviewed-by
> > > already.
> > > 
> > > This is just a possibility; if you have any other idea, I'd be happy to
> > > follow it.
> >
> > That sounds reasonable.  I guess you are sending a) infrastructure and safe
> > changes alongside b) longer-term work.  If you indicate which patches
> > are a) then that makes it easier to merge parts into qemu.git before all
> > the long-term work is complete.
> 
> Great, let's try it then.  For this series (well, for v2 of this series)
> only patches 1-4 would be considered infrastructure.  They were sent
> before soft freeze, would they be acceptable for 2.6?
> 
> In general I would send "safe" patches as [PATCH mm/nn] and everything
> else as [PATCH multiqueue mm/nn] or similar, but in either case I'd be
> seeking formal maintainer review as soon as I send them.

Okay.  I'll hope over to the v2 series to take a look.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PULL 00/15] QAPI patches for 2016-03-18

[Peter Maydell]

On 18 March 2016 at 10:04, Markus Armbruster  wrote:
> The following changes since commit 6741d38ad0f2405a6e999ebc9550801b01aca479:
>
>   Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging 
> (2016-03-17 15:59:42 +)
>
> are available in the git repository at:
>
>   git://repo.or.cz/qemu/armbru.git tags/pull-qapi-2016-03-18
>
> for you to fetch changes up to 3666a97f78704b941c360dc917acb14c8774eca7:
>
>   qapi: Use anonymous bases in QMP flat unions (2016-03-18 10:29:26 +0100)
>
> 
> QAPI patches for 2016-03-18

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 32/40] ivshmem: Simplify memory regions for BAR 2 (shared memory)

[Markus Armbruster]

ivshmem_realize() puts the shared memory region in a container region.
Used to be necessary to permit delayed mapping of the shared memory.
However, we recently moved to synchronous mapping, in "ivshmem:
Receive shared memory synchronously in realize()" and the commit
following it.  The container is redundant since then.  Drop it.

Signed-off-by: Markus Armbruster 
Reviewed-by: Marc-André Lureau 
Reviewed-by: Paolo Bonzini 
Message-Id: <1458066895-20632-33-git-send-email-arm...@redhat.com>
---
 hw/misc/ivshmem.c | 47 +--
 1 file changed, 17 insertions(+), 30 deletions(-)

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 138ae9d..1b1de65 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -82,12 +82,8 @@ typedef struct IVShmemState {
 CharDriverState *server_chr;
 MemoryRegion ivshmem_mmio;
 
-/* We might need to register the BAR before we actually have the memory.
- * So prepare a container MemoryRegion for the BAR immediately and
- * add a subregion when we have the memory.
- */
-MemoryRegion bar;
-MemoryRegion ivshmem;
+MemoryRegion *ivshmem_bar2; /* BAR 2 (shared memory) */
+MemoryRegion server_bar2;   /* used with server_chr */
 size_t ivshmem_size; /* size of shared memory region */
 uint32_t ivshmem_64bit;
 
@@ -487,7 +483,7 @@ static void process_msg_shmem(IVShmemState *s, int fd, 
Error **errp)
 Error *err = NULL;
 void *ptr;
 
-if (memory_region_is_mapped(>ivshmem)) {
+if (s->ivshmem_bar2) {
 error_setg(errp, "server sent unexpected shared memory message");
 close(fd);
 return;
@@ -506,11 +502,10 @@ static void process_msg_shmem(IVShmemState *s, int fd, 
Error **errp)
 close(fd);
 return;
 }
-memory_region_init_ram_ptr(>ivshmem, OBJECT(s),
+memory_region_init_ram_ptr(>server_bar2, OBJECT(s),
"ivshmem.bar2", s->ivshmem_size, ptr);
-qemu_set_ram_fd(memory_region_get_ram_addr(>ivshmem), fd);
-vmstate_register_ram(>ivshmem, DEVICE(s));
-memory_region_add_subregion(>bar, 0, >ivshmem);
+qemu_set_ram_fd(memory_region_get_ram_addr(>server_bar2), fd);
+s->ivshmem_bar2 = >server_bar2;
 }
 
 static void process_msg_disconnect(IVShmemState *s, uint16_t posn,
@@ -702,7 +697,7 @@ static void ivshmem_recv_setup(IVShmemState *s, Error 
**errp)
  * successfully processed the server's shared memory message.
  * Assert that actually mapped the shared memory:
  */
-assert(memory_region_is_mapped(>ivshmem));
+assert(s->ivshmem_bar2);
 }
 
 /* Select the MSI-X vectors used by device.
@@ -903,7 +898,6 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error 
**errp)
 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY,
  >ivshmem_mmio);
 
-memory_region_init(>bar, OBJECT(s), "ivshmem-bar2-container", 
s->ivshmem_size);
 if (s->ivshmem_64bit) {
 attr |= PCI_BASE_ADDRESS_MEM_TYPE_64;
 }
@@ -913,15 +907,10 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error 
**errp)
 }
 
 if (s->hostmem != NULL) {
-MemoryRegion *mr;
-
 IVSHMEM_DPRINTF("using hostmem\n");
 
-mr = host_memory_backend_get_memory(MEMORY_BACKEND(s->hostmem),
-_abort);
-vmstate_register_ram(mr, DEVICE(s));
-memory_region_add_subregion(>bar, 0, mr);
-pci_register_bar(PCI_DEVICE(s), 2, attr, >bar);
+s->ivshmem_bar2 = host_memory_backend_get_memory(s->hostmem,
+ _abort);
 } else {
 IVSHMEM_DPRINTF("using shared memory server (socket = %s)\n",
 s->server_chr->filename);
@@ -929,8 +918,6 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error 
**errp)
 /* we allocate enough space for 16 peers and grow as needed */
 resize_peers(s, 16);
 
-pci_register_bar(dev, 2, attr, >bar);
-
 /*
  * Receive setup messages from server synchronously.
  * Older versions did it asynchronously, but that creates a
@@ -951,6 +938,9 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error 
**errp)
 }
 }
 
+vmstate_register_ram(s->ivshmem_bar2, DEVICE(s));
+pci_register_bar(PCI_DEVICE(s), 2, attr, s->ivshmem_bar2);
+
 if (s->role_val == IVSHMEM_PEER) {
 error_setg(>migration_blocker,
"Migration is disabled when using feature 'peer mode' in 
device 'ivshmem'");
@@ -968,9 +958,9 @@ static void pci_ivshmem_exit(PCIDevice *dev)
 error_free(s->migration_blocker);
 }
 
-if (memory_region_is_mapped(>ivshmem)) {
+if (memory_region_is_mapped(s->ivshmem_bar2)) {
 if (!s->hostmem) {
-void *addr = memory_region_get_ram_ptr(>ivshmem);
+void *addr = memory_region_get_ram_ptr(s->ivshmem_bar2);

[Qemu-devel] [PULL 11/21] i.MX: Add missing descriptions in devices.

[Peter Maydell]

From: Jean-Christophe Dubois 

Reviewed-by: Peter Maydell 
Signed-off-by: Jean-Christophe Dubois 
Message-id: 
f1f565eb9dffdeb582feb1b15ba9e8b0afcf5468.1456868959.git@tribudubois.net
Signed-off-by: Peter Maydell 
---
 hw/arm/fsl-imx25.c | 1 +
 hw/arm/fsl-imx31.c | 1 +
 hw/i2c/imx_i2c.c   | 1 +
 hw/net/imx_fec.c   | 1 +
 4 files changed, 4 insertions(+)

diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
index fb743bf..1fbc317 100644
--- a/hw/arm/fsl-imx25.c
+++ b/hw/arm/fsl-imx25.c
@@ -291,6 +291,7 @@ static void fsl_imx25_class_init(ObjectClass *oc, void 
*data)
  * arm_cpu_class_init()
  */
 dc->cannot_destroy_with_object_finalize_yet = true;
+dc->desc = "i.MX25 SOC";
 }
 
 static const TypeInfo fsl_imx25_type_info = {
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
index f2c2ce5..0d69a2c 100644
--- a/hw/arm/fsl-imx31.c
+++ b/hw/arm/fsl-imx31.c
@@ -265,6 +265,7 @@ static void fsl_imx31_class_init(ObjectClass *oc, void 
*data)
  * arm_cpu_class_init()
  */
 dc->cannot_destroy_with_object_finalize_yet = true;
+dc->desc = "i.MX31 SOC";
 }
 
 static const TypeInfo fsl_imx31_type_info = {
diff --git a/hw/i2c/imx_i2c.c b/hw/i2c/imx_i2c.c
index e435448..a01e43e 100644
--- a/hw/i2c/imx_i2c.c
+++ b/hw/i2c/imx_i2c.c
@@ -319,6 +319,7 @@ static void imx_i2c_class_init(ObjectClass *klass, void 
*data)
 dc->vmsd = _i2c_vmstate;
 dc->reset = imx_i2c_reset;
 dc->realize = imx_i2c_realize;
+dc->desc = "i.MX I2C Controller";
 }
 
 static const TypeInfo imx_i2c_type_info = {
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 3bd5517..e60e338 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -693,6 +693,7 @@ static void imx_fec_class_init(ObjectClass *klass, void 
*data)
 dc->reset = imx_fec_reset;
 dc->props = imx_fec_properties;
 dc->realize = imx_fec_realize;
+dc->desc = "i.MX FEC Ethernet Controller";
 }
 
 static const TypeInfo imx_fec_info = {
-- 
1.9.1

[Qemu-devel] [PULL 17/29] block: Rewrite bdrv_next()

[Kevin Wolf]

From: Max Reitz 

Instead of using the bdrv_states list, iterate over all the
BlockDriverStates attached to BlockBackends, and over all the
monitor-owned BDSs afterwards (except for those attached to a BB).

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Signed-off-by: Kevin Wolf 
---
 block.c | 17 ++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/block.c b/block.c
index 91c006a..8f700f1 100644
--- a/block.c
+++ b/block.c
@@ -2969,12 +2969,23 @@ BlockDriverState *bdrv_next_node(BlockDriverState *bs)
 return QTAILQ_NEXT(bs, node_list);
 }
 
+/* Iterates over all top-level BlockDriverStates, i.e. BDSs that are owned by
+ * the monitor or attached to a BlockBackend */
 BlockDriverState *bdrv_next(BlockDriverState *bs)
 {
-if (!bs) {
-return QTAILQ_FIRST(_states);
+if (!bs || bs->blk) {
+bs = blk_next_root_bs(bs);
+if (bs) {
+return bs;
+}
 }
-return QTAILQ_NEXT(bs, device_list);
+
+/* Ignore all BDSs that are attached to a BlockBackend here; they have been
+ * handled by the above block already */
+do {
+bs = bdrv_next_monitor_owned(bs);
+} while (bs && bs->blk);
+return bs;
 }
 
 const char *bdrv_get_node_name(const BlockDriverState *bs)
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v3] net: Allocating Large sized arrays to heap

[Stefan Hajnoczi]

On Tue, Mar 15, 2016 at 11:55:13PM +0530, Pooja Dhannawat wrote:
> nc_sendv_compat has a huge stack usage of 69680 bytes approx.
> Moving large arrays to heap to reduce stack usage.
> 
> Signed-off-by: Pooja Dhannawat 
> ---
>  net/net.c | 14 ++
>  1 file changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/net/net.c b/net/net.c
> index b0c832e..f03c571 100644
> --- a/net/net.c
> +++ b/net/net.c
> @@ -709,23 +709,29 @@ ssize_t qemu_send_packet_raw(NetClientState *nc, const 
> uint8_t *buf, int size)
>  static ssize_t nc_sendv_compat(NetClientState *nc, const struct iovec *iov,
> int iovcnt, unsigned flags)
>  {
> -uint8_t buf[NET_BUFSIZE];
> +uint8_t *buf;
>  uint8_t *buffer;
>  size_t offset;
> +ssize_t ret;
> +
> +buf = g_new(uint8_t, NET_BUFSIZE);

The linear buffer is only needed when iovcnt > 1.  I suggest the
following instead:

uint8_t *buf = NULL;

if (iovcnt == 1) {
buffer = iov[0].iov_base;
offset = iov[0].iov_len;
} else {
buf = g_new(uint8_t, NET_BUFSIZE);
buffer = buf;
offset = iov_to_buf(iov, iovcnt, 0, buf, NET_BUFSIZE);
}

This way the allocation is only made when we actually need to linearize
the buffer.


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v4 14/17] block: Add blk_next_root_bs()

[Max Reitz]

This function iterates over all BDSs attached to a BB. We are going to
need it when rewriting bdrv_next() so it no longer uses bdrv_states.

Signed-off-by: Max Reitz 
---
 block/block-backend.c  | 24 
 include/sysemu/block-backend.h |  1 +
 2 files changed, 25 insertions(+)

diff --git a/block/block-backend.c b/block/block-backend.c
index b3c3d39..7818aa2 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -250,6 +250,30 @@ BlockBackend *blk_next(BlockBackend *blk)
 }
 
 /*
+ * Iterates over all BlockDriverStates which are attached to a BlockBackend.
+ * This function is for use by bdrv_next().
+ *
+ * @bs must be NULL or a BDS that is attached to a BB.
+ */
+BlockDriverState *blk_next_root_bs(BlockDriverState *bs)
+{
+BlockBackend *blk;
+
+if (bs) {
+assert(bs->blk);
+blk = bs->blk;
+} else {
+blk = NULL;
+}
+
+do {
+blk = blk_all_next(blk);
+} while (blk && !blk->bs);
+
+return blk ? blk->bs : NULL;
+}
+
+/*
  * Add a BlockBackend into the list of backends referenced by the monitor, with
  * the given @name acting as the handle for the monitor.
  * Strictly for use by blockdev.c.
diff --git a/include/sysemu/block-backend.h b/include/sysemu/block-backend.h
index 60c4b07..d839bff 100644
--- a/include/sysemu/block-backend.h
+++ b/include/sysemu/block-backend.h
@@ -70,6 +70,7 @@ void blk_remove_all_bs(void);
 const char *blk_name(BlockBackend *blk);
 BlockBackend *blk_by_name(const char *name);
 BlockBackend *blk_next(BlockBackend *blk);
+BlockDriverState *blk_next_root_bs(BlockDriverState *bs);
 bool monitor_add_blk(BlockBackend *blk, const char *name, Error **errp);
 void monitor_remove_blk(BlockBackend *blk);
 
-- 
2.7.3

[Qemu-devel] [PATCH V7 2/2] tests/test-filter-redirector: Add unit test for filter-redirector

[Zhang Chen]

In this unit test,we will test the filter redirector function.

Case 1, tx traffic flow:

qemu side  | test side
   |
+-+|  +---+
| backend <---+ sock0 |
+++|  +---+
 | |
+v+  +---+ |
|  rd0+->+chardev| |
+-+  +---+---+ |
 | |
+-+  | |
|  rd1<--+ |
+++|
 | |
+v+|  +---+
|  rd2+--->sock1  |
+-+|  +---+
   +

a. we(sock0) inject packet to qemu socket backend
b. backend pass packet to filter redirector0(rd0)
c. rd0 redirect packet to out_dev(chardev) which is connected with
filter redirector1's(rd1) in_dev
d. rd1 read this packet from in_dev, and pass to next filter redirector2(rd2)
e. rd2 redirect packet to rd2's out_dev which is connected with an opened 
socketed(sock1)
f. we read packet from sock1 and compare to what we inject

Start qemu with:

"-netdev socket,id=qtest-bn0,fd=%d "
"-device rtl8139,netdev=qtest-bn0,id=qtest-e0 "
"-chardev socket,id=redirector0,path=%s,server,nowait "
"-chardev socket,id=redirector1,path=%s,server,nowait "
"-chardev socket,id=redirector2,path=%s,nowait "
"-object filter-redirector,id=qtest-f0,netdev=qtest-bn0,"
"queue=tx,outdev=redirector0 "
"-object filter-redirector,id=qtest-f1,netdev=qtest-bn0,"
"queue=tx,indev=redirector2 "
"-object filter-redirector,id=qtest-f2,netdev=qtest-bn0,"
"queue=tx,outdev=redirector1 "

--
Case 2, rx traffic flow
qemu side  | test side
   |
+-+|  +---+
| backend +---> sock1 |
+^+|  +---+
 | |
+++  +---+ |
|  rd0+<-+chardev| |
+-+  +---+---+ |
 ^ |
+-+  | |
|  rd1+--+ |
+^+|
 | |
+++|  +---+
|  rd2<---+sock0  |
+-+|  +---+

a. we(sock0) insert packet to filter redirector2(rd2)
b. rd2 pass packet to filter redirector1(rd1)
c. rd1 redirect packet to out_dev(chardev) which is connected with
   filter redirector0's(rd0) in_dev
d. rd0 read this packet from in_dev, and pass ti to qemu backend which is
   connected with an opened socketed(sock1)
e. we read packet from sock1 and compare to what we inject

Start qemu with:

"-netdev socket,id=qtest-bn0,fd=%d "
"-device rtl8139,netdev=qtest-bn0,id=qtest-e0 "
"-chardev socket,id=redirector0,path=%s,server,nowait "
"-chardev socket,id=redirector1,path=%s,server,nowait "
"-chardev socket,id=redirector2,path=%s,nowait "
"-object filter-redirector,id=qtest-f0,netdev=qtest-bn0,"
"queue=rx,outdev=redirector0 "
"-object filter-redirector,id=qtest-f1,netdev=qtest-bn0,"
"queue=rx,indev=redirector2 "
"-object filter-redirector,id=qtest-f2,netdev=qtest-bn0,"
"queue=rx,outdev=redirector1 "

Signed-off-by: Zhang Chen 
Signed-off-by: Wen Congyang 
Signed-off-by: Li Zhijian 
---
 tests/.gitignore   |   1 +
 tests/Makefile |   2 +
 tests/test-filter-redirector.c | 221 +
 3 files changed, 224 insertions(+)
 create mode 100644 tests/test-filter-redirector.c

diff --git a/tests/.gitignore b/tests/.gitignore
index 10df017..5069d5d 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -64,5 +64,6 @@ test-x86-cpuid
 test-xbzrle
 test-netfilter
 test-filter-mirror
+test-filter-redirector
 *-test
 qapi-schema/*.test.*
diff --git a/tests/Makefile b/tests/Makefile
index 5a8f590..ff212b6 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -214,6 +214,7 @@ check-qtest-x86_64-$(CONFIG_VHOST_NET_TEST_x86_64) += 
tests/vhost-user-test$(EXE
 endif
 check-qtest-i386-y += tests/test-netfilter$(EXESUF)
 check-qtest-i386-y += tests/test-filter-mirror$(EXESUF)
+check-qtest-i386-y += tests/test-filter-redirector$(EXESUF)
 check-qtest-x86_64-y = $(check-qtest-i386-y)
 gcov-files-i386-y += i386-softmmu/hw/timer/mc146818rtc.c
 gcov-files-x86_64-y = $(subst 
i386-softmmu/,x86_64-softmmu/,$(gcov-files-i386-y))
@@ -568,6 +569,7 @@ tests/test-qemu-opts$(EXESUF): tests/test-qemu-opts.o 
$(test-util-obj-y)
 tests/test-write-threshold$(EXESUF): tests/test-write-threshold.o 
$(test-block-obj-y)
 tests/test-netfilter$(EXESUF): tests/test-netfilter.o $(qtest-obj-y)
 tests/test-filter-mirror$(EXESUF): tests/test-filter-mirror.o $(qtest-obj-y)
+tests/test-filter-redirector$(EXESUF): tests/test-filter-redirector.o 
$(qtest-obj-y)
 tests/ivshmem-test$(EXESUF): tests/ivshmem-test.o 
contrib/ivshmem-server/ivshmem-server.o $(libqos-pc-obj-y)
 tests/vhost-user-bridge$(EXESUF): tests/vhost-user-bridge.o
 
diff --git a/tests/test-filter-redirector.c b/tests/test-filter-redirector.c
new file mode 

Re: [Qemu-devel] [ Patch 2/2] virtio-net rsc: support coalescing ipv6 tcp traffic

[Wei Xu]

On 2016年03月17日 16:50, Jason Wang wrote:


On 03/15/2016 05:17 PM, w...@redhat.com wrote:

From: Wei Xu 

Most things like ipv4 except there is a significant difference between ipv4
and ipv6, the fragment lenght in ipv4 header includes itself, while it's not
included for ipv6, thus means ipv6 can carry a real '65535' unit.

Signed-off-by: Wei Xu 
---
  hw/net/virtio-net.c| 146 -
  include/hw/virtio/virtio.h |   5 +-
  2 files changed, 135 insertions(+), 16 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index c23b45f..ef61b74 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -52,9 +52,14 @@
  #define MAX_IP4_PAYLOAD (65535 - IP4_HDR_SZ)
  #define MAX_TCP_PAYLOAD 65535
  
-/* max payload with virtio header */

+#define IP6_HDR_SZ (sizeof(struct ip6_header))
+#define ETH_IP6_HDR_SZ (ETH_HDR_SZ + IP6_HDR_SZ)
+#define IP6_ADDR_SIZE   32  /* ipv6 saddr + daddr */
+#define MAX_IP6_PAYLOAD MAX_TCP_PAYLOAD
+
+/* ip6 max payload, payload in ipv6 don't include the  header */
  #define MAX_VIRTIO_PAYLOAD  (sizeof(struct virtio_net_hdr_mrg_rxbuf) \
-+ ETH_HDR_SZ + MAX_TCP_PAYLOAD)
++ ETH_IP6_HDR_SZ + MAX_IP6_PAYLOAD)
  
  #define IP4_HEADER_LEN 5 /* header lenght value in ip header without option */
  
@@ -1722,14 +1727,27 @@ static void virtio_net_rsc_extract_unit4(NetRscChain *chain,

  {
  uint16_t ip_hdrlen;
  
-unit->ip = (struct ip_header *)(buf + chain->hdr_size + ETH_HDR_SZ);

-ip_hdrlen = ((0xF & unit->ip->ip_ver_len) << 2);
-unit->ip_plen = >ip->ip_len;
-unit->tcp = (struct tcp_header *)(((uint8_t *)unit->ip) + ip_hdrlen);
+unit->u_ip.ip = (struct ip_header *)(buf + chain->hdr_size + ETH_HDR_SZ);
+ip_hdrlen = ((0xF & unit->u_ip.ip->ip_ver_len) << 2);
+unit->ip_plen = >u_ip.ip->ip_len;
+unit->tcp = (struct tcp_header *)(((uint8_t *)unit->u_ip.ip) + ip_hdrlen);
  unit->tcp_hdrlen = (htons(unit->tcp->th_offset_flags) & 0xF000) >> 10;
  unit->payload = htons(*unit->ip_plen) - ip_hdrlen - unit->tcp_hdrlen;
  }
  
+static void virtio_net_rsc_extract_unit6(NetRscChain *chain,

+ const uint8_t *buf, NetRscUnit* unit)
+{
+unit->u_ip.ip6 = (struct ip6_header *)(buf + chain->hdr_size + ETH_HDR_SZ);

The u_ip seems a little bit redundant. How about use a simple void * and
cast it to ipv4/ipv6 in proto specific callbacks?

The introducing of u_ip leads unnecessary ipv4 codes changes for ipv6
coalescing implementation.

Sure.

+unit->ip_plen = &(unit->u_ip.ip6->ip6_ctlun.ip6_un1.ip6_un1_plen);
+unit->tcp = (struct tcp_header *)(((uint8_t *)unit->u_ip.ip6)\
++ IP6_HDR_SZ);
+unit->tcp_hdrlen = (htons(unit->tcp->th_offset_flags) & 0xF000) >> 10;
+/* There is a difference between payload lenght in ipv4 and v6,
+   ip header is excluded in ipv6 */
+unit->payload = htons(*unit->ip_plen) - unit->tcp_hdrlen;
+}
+
  static void virtio_net_rsc_ipv4_checksum(struct ip_header *ip)
  {
  uint32_t sum;
@@ -1743,7 +1761,10 @@ static size_t virtio_net_rsc_drain_seg(NetRscChain 
*chain, NetRscSeg *seg)
  {
  int ret;
  
-virtio_net_rsc_ipv4_checksum(seg->unit.ip);

+if ((chain->proto == ETH_P_IP) && seg->is_coalesced) {
+virtio_net_rsc_ipv4_checksum(seg->unit.u_ip.ip);
+}
+
  ret = virtio_net_do_receive(seg->nc, seg->buf, seg->size);
  QTAILQ_REMOVE(>buffers, seg, next);
  g_free(seg->buf);
@@ -1807,7 +1828,11 @@ static void virtio_net_rsc_cache_buf(NetRscChain *chain, 
NetClientState *nc,
  QTAILQ_INSERT_TAIL(>buffers, seg, next);
  chain->stat.cache++;
  
-virtio_net_rsc_extract_unit4(chain, seg->buf, >unit);

+if (chain->proto == ETH_P_IP) {
+virtio_net_rsc_extract_unit4(chain, seg->buf, >unit);
+} else {

A switch and a g_assert_not_reached() is better than this.

sure.



+virtio_net_rsc_extract_unit6(chain, seg->buf, >unit);
+}
  }
  
  static int32_t virtio_net_rsc_handle_ack(NetRscChain *chain, NetRscSeg *seg,

@@ -1930,8 +1955,8 @@ coalesce:
  static int32_t virtio_net_rsc_coalesce4(NetRscChain *chain, NetRscSeg *seg,
  const uint8_t *buf, size_t size, NetRscUnit *unit)
  {
-if ((unit->ip->ip_src ^ seg->unit.ip->ip_src)
-|| (unit->ip->ip_dst ^ seg->unit.ip->ip_dst)
+if ((unit->u_ip.ip->ip_src ^ seg->unit.u_ip.ip->ip_src)
+|| (unit->u_ip.ip->ip_dst ^ seg->unit.u_ip.ip->ip_dst)
  || (unit->tcp->th_sport ^ seg->unit.tcp->th_sport)
  || (unit->tcp->th_dport ^ seg->unit.tcp->th_dport)) {
  chain->stat.no_match++;
@@ -1941,6 +1966,22 @@ static int32_t virtio_net_rsc_coalesce4(NetRscChain 
*chain, NetRscSeg *seg,
  return virtio_net_rsc_coalesce_data(chain, seg, buf, unit);
  }
  
+static int32_t virtio_net_rsc_coalesce6(NetRscChain *chain, NetRscSeg 

Re: [Qemu-devel] [PATCH v3 0/2] spapr: QMP: add query-hotpluggable-cpus

[Christian Borntraeger]

On 03/15/2016 02:24 PM, Igor Mammedov wrote:
> Changes since v2:
>  - rebase on top of hte lates spapr cpu hotpug series
>  - add 'vcpus-count' field, pkre...@redhat.com
>  - s/CpuInstanceProps/CpuInstanceProperties/
>  - use '#optional' marker
>  - make "props" as always present even if it's empty
>  - fix JSON examples
>  - fix minor typos
>  - drop pre_plug spapr impl out of series as not related to QMP command
>  - drop generic pre hotplug callback as not related to QMP command
> 
> Changes since RFC:
>  - drop arch_id
>  - move CPU properties into separate structure
>  - target implements its own qmp callback version
>  - rebased on top of [RFC PATCH v1 00/10] Core based CPU hotplug for PowerPC 
> sPAPR
>   
> https://www.mail-archive.com/qemu-devel@nongnu.org/msg357567.html
> - convert slot name to core id hack
> - drop links
> - add generic pre hotplug callback
> - implement query-hotpluggable-cpus
> 
> The first patch (QMP API) in this series could go in first
> allowing individual targets to post their hotplug
> implementation independently on top of it.
> 
> Igor Mammedov (2):
>   QMP: add query-hotpluggable-cpus
>   spapr: implement query-hotpluggable-cpus QMP command
> 
>  hw/ppc/spapr.c  | 32 +++

i might have just missed that, do we also have the x86 implementation already 
available as
RFC somewhere?

Re: [Qemu-devel] [PATCH] acpi: Add missing GCC_FMT_ATTR

[Igor Mammedov]

On Wed, 16 Mar 2016 20:43:37 +0100
Stefan Weil  wrote:

> This fixes a compiler warning when compiling with -Wextra.
> 
> Signed-off-by: Stefan Weil 
Reviewed-by: Igor Mammedov 

> ---
>  include/hw/acpi/aml-build.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
> index 66f48ec..2c994b3 100644
> --- a/include/hw/acpi/aml-build.h
> +++ b/include/hw/acpi/aml-build.h
> @@ -369,6 +369,7 @@ build_rsdt(GArray *table_data, GArray *linker, GArray 
> *table_offsets,
> const char *oem_id, const char *oem_table_id);
>  
>  int
> -build_append_named_dword(GArray *array, const char *name_format, ...);
> +build_append_named_dword(GArray *array, const char *name_format, ...)
> +GCC_FMT_ATTR(2, 3);
>  
>  #endif

Re: [Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop

[Christian Borntraeger]

Good (or bad?) news is the assert also triggers on F23, it just seems to take 
longer.

trace 1 (compiled on F20)

Thread 5 (Thread 0x3ff84b7f910 (LWP 33030)):
#0  0x03ff86a817b8 in ppoll () at /lib64/libc.so.6
#1  0x102c712e in qemu_poll_ns (fds=0x3ff80001e70, nfds=3, timeout=-1) 
at /home/cborntra/REPOS/qemu/qemu-timer.c:313
#2  0x102c96d6 in aio_poll (ctx=0x10a7b050, blocking=true) at 
/home/cborntra/REPOS/qemu/aio-posix.c:453
#3  0x1014fb1e in iothread_run (opaque=0x10a7ab10) at 
/home/cborntra/REPOS/qemu/iothread.c:46
#4  0x03ff86b87c2c in start_thread () at /lib64/libpthread.so.0
#5  0x03ff86a8ec9a in thread_start () at /lib64/libc.so.6

Thread 4 (Thread 0x3ff8537f910 (LWP 33029)):
#0  0x03ff86a8841e in syscall () at /lib64/libc.so.6
#1  0x1039cbe8 in futex_wait (ev=0x10a140ec , 
val=4294967295) at /home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:292
#2  0x1039ce1e in qemu_event_wait (ev=0x10a140ec 
) at 
/home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:399
#3  0x103b9678 in call_rcu_thread (opaque=0x0) at 
/home/cborntra/REPOS/qemu/util/rcu.c:250
#4  0x03ff86b87c2c in start_thread () at /lib64/libpthread.so.0
#5  0x03ff86a8ec9a in thread_start () at /lib64/libc.so.6

Thread 3 (Thread 0x3ff66428910 (LWP 33041)):
#0  0x03ff86a8334a in ioctl () at /lib64/libc.so.6
#1  0x1007b97a in kvm_vcpu_ioctl (cpu=0x10b15970, type=44672) at 
/home/cborntra/REPOS/qemu/kvm-all.c:1984
#2  0x1007b2f0 in kvm_cpu_exec (cpu=0x10b15970) at 
/home/cborntra/REPOS/qemu/kvm-all.c:1834
#3  0x1005bd92 in qemu_kvm_cpu_thread_fn (arg=0x10b15970) at 
/home/cborntra/REPOS/qemu/cpus.c:1050
#4  0x03ff86b87c2c in start_thread () at /lib64/libpthread.so.0
#5  0x03ff86a8ec9a in thread_start () at /lib64/libc.so.6

Thread 2 (Thread 0x3ff885dbb90 (LWP 32970)):
#0  0x03ff86a817b8 in ppoll () at /lib64/libc.so.6
#1  0x102c7244 in qemu_poll_ns (fds=0x10a77a90, nfds=5, 
timeout=96500) at /home/cborntra/REPOS/qemu/qemu-timer.c:325
#2  0x102c5ef2 in os_host_main_loop_wait (timeout=96500) at 
/home/cborntra/REPOS/qemu/main-loop.c:251
#3  0x102c6006 in main_loop_wait (nonblocking=0) at 
/home/cborntra/REPOS/qemu/main-loop.c:505
#4  0x101667e4 in main_loop () at /home/cborntra/REPOS/qemu/vl.c:1933
#5  0x1016e8ea in main (argc=72, argv=0x3ffe977e978, 
envp=0x3ffe977ebc0) at /home/cborntra/REPOS/qemu/vl.c:4656

Thread 1 (Thread 0x3ff66c28910 (LWP 33033)):
#0  0x03ff869be2c0 in raise () at /lib64/libc.so.6
#1  0x03ff869bfc26 in abort () at /lib64/libc.so.6
#2  0x03ff869b5bce in __assert_fail_base () at /lib64/libc.so.6
#3  0x03ff869b5c5c in  () at /lib64/libc.so.6
#4  0x100ab8f2 in virtio_blk_handle_output (vdev=0x10ad57e8, 
vq=0x10eec270) at /home/cborntra/REPOS/qemu/hw/block/virtio-blk.c:595
#5  0x100e18a4 in virtio_queue_notify_vq (vq=0x10eec270) at 
/home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1095
#6  0x100e1906 in virtio_queue_notify (vdev=0x10ad57e8, n=0) at 
/home/cborntra/REPOS/qemu/hw/virtio/virtio.c:1101
#7  0x100f921c in virtio_ccw_hcall_notify (args=0x10e2aad0) at 
/home/cborntra/REPOS/qemu/hw/s390x/s390-virtio-ccw.c:66
#8  0x100ee518 in s390_virtio_hypercall (env=0x10e2aac0) at 
/home/cborntra/REPOS/qemu/hw/s390x/s390-virtio-hcall.c:35
#9  0x1014192e in handle_hypercall (cpu=0x10e227f0, run=0x3ff8428) 
at /home/cborntra/REPOS/qemu/target-s390x/kvm.c:1283
#10 0x10141c36 in handle_diag (cpu=0x10e227f0, run=0x3ff8428, 
ipb=83886080) at /home/cborntra/REPOS/qemu/target-s390x/kvm.c:1352
#11 0x101431b6 in handle_instruction (cpu=0x10e227f0, 
run=0x3ff8428) at /home/cborntra/REPOS/qemu/target-s390x/kvm.c:1799
#12 0x101433ee in handle_intercept (cpu=0x10e227f0) at 
/home/cborntra/REPOS/qemu/target-s390x/kvm.c:1842
#13 0x10143c22 in kvm_arch_handle_exit (cs=0x10e227f0, 
run=0x3ff8428) at /home/cborntra/REPOS/qemu/target-s390x/kvm.c:2028
#14 0x1007b5aa in kvm_cpu_exec (cpu=0x10e227f0) at 
/home/cborntra/REPOS/qemu/kvm-all.c:1921
#15 0x1005bd92 in qemu_kvm_cpu_thread_fn (arg=0x10e227f0) at 
/home/cborntra/REPOS/qemu/cpus.c:1050
#16 0x03ff86b87c2c in start_thread () at /lib64/libpthread.so.0
#17 0x03ff86a8ec9a in thread_start () at /lib64/libc.so.6


trace 2 (compiled on F23)

Thread 5 (Thread 0x3ffb897f910 (LWP 37895)):
#0  0x03ffba00841e in syscall () at /lib64/libc.so.6
#1  0x803d5306 in futex_wait (ev=0x80a4a104 , 
val=4294967295) at /home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:292
#2  0x803d5596 in qemu_event_wait (ev=0x80a4a104 
) at 
/home/cborntra/REPOS/qemu/util/qemu-thread-posix.c:399
#3  0x803f2c3c in call_rcu_thread (opaque=0x0) at 
/home/cborntra/REPOS/qemu/util/rcu.c:250
#4  0x03ffba107c2c in start_thread () at /lib64/libpthread.so.0
#5  0x03ffba00ec9a in thread_start () at /lib64/libc.so.6

Thread 

Re: [Qemu-devel] [PATCH] vfio/pci: replace 1 with PCI_CAP_LIST_NEXT to make code self-explain

[Michael Tokarev]

11.02.2016 03:54, Wei Yang wrote:
> Use the macro PCI_CAP_LIST_NEXT instead of 1, so that the code would be
> more self-explain.
> 
> This patch makes this change and also fixs one typo in comment.
> 

>  for (tmp = pdev->config[PCI_CAPABILITY_LIST]; tmp;
> - tmp = pdev->config[tmp + 1]) {
> + tmp = pdev->config[tmp + PCI_CAP_LIST_NEXT]) {

> -next = pdev->config[pos + 1];
> +next = pdev->config[pos + PCI_CAP_LIST_NEXT];

Hmm. I'm not sure the new version is better, to me "+1" reads
easier than the new symbolic constant variant.

If it were something like pdev->config[PCI_CAP_LIST_NEXT], that'd be
nice, but not "pos + PCI_CAP_LIST_NEXT".

But again, I'm not pci config space expert and don't understand
the basics :)

Thanks,

/mjt

Re: [Qemu-devel] [PATCH v12 0/9] PTimer fixes/features and ARM MPTimer conversion

[Peter Maydell]

On 30 January 2016 at 16:43, Dmitry Osipenko  wrote:
> Changelog for ARM MPTimer QEMUTimer to ptimer conversion:

So, where are we with this series? It looked from the mailing list
threads as if there were still a few things Peter C hadn't got
closure on, but we're rapidly running out of time before hard
freeze :-(  I'd really rather not have to push it out by yet
another release, especially since it got posted back in January..

thanks
-- PMM

[Qemu-devel] [PULL 07/21] i.MX: Rename CCM NOCLK to CLK_NONE for naming consistency.

[Peter Maydell]

From: Jean-Christophe Dubois 

This way all CCM clock defines/enums are named CLK_XXX

Reviewed-by: Peter Maydell 
Signed-off-by: Jean-Christophe Dubois 
Message-id: 
8537df765c1713625c7a8b9aca4c7ca60b42e0c0.1456868959.git@tribudubois.net
Signed-off-by: Peter Maydell 
---
 hw/misc/imx25_ccm.c   |  2 +-
 hw/misc/imx31_ccm.c   |  2 +-
 hw/timer/imx_epit.c   |  2 +-
 hw/timer/imx_gpt.c| 10 +-
 include/hw/misc/imx_ccm.h |  2 +-
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/hw/misc/imx25_ccm.c b/hw/misc/imx25_ccm.c
index 498e84c..7a29c19 100644
--- a/hw/misc/imx25_ccm.c
+++ b/hw/misc/imx25_ccm.c
@@ -182,7 +182,7 @@ static uint32_t imx25_ccm_get_clock_frequency(IMXCCMState 
*dev, IMXClk clock)
 DPRINTF("Clock = %d)\n", clock);
 
 switch (clock) {
-case NOCLK:
+case CLK_NONE:
 break;
 case CLK_MPLL:
 freq = imx25_ccm_get_mpll_clk(dev);
diff --git a/hw/misc/imx31_ccm.c b/hw/misc/imx31_ccm.c
index 17640bf..7a8fcd2 100644
--- a/hw/misc/imx31_ccm.c
+++ b/hw/misc/imx31_ccm.c
@@ -209,7 +209,7 @@ static uint32_t imx31_ccm_get_clock_frequency(IMXCCMState 
*dev, IMXClk clock)
 uint32_t freq = 0;
 
 switch (clock) {
-case NOCLK:
+case CLK_NONE:
 break;
 case CLK_MCU:
 freq = imx31_ccm_get_mcu_clk(dev);
diff --git a/hw/timer/imx_epit.c b/hw/timer/imx_epit.c
index 38fbf27..9f26ba8 100644
--- a/hw/timer/imx_epit.c
+++ b/hw/timer/imx_epit.c
@@ -52,7 +52,7 @@ static char const *imx_epit_reg_name(uint32_t reg)
  * These are typical.
  */
 static const IMXClk imx_epit_clocks[] =  {
-NOCLK,/* 00 disabled */
+CLK_NONE, /* 00 disabled */
 CLK_IPG,  /* 01 ipg_clk, ~532MHz */
 CLK_IPG,  /* 10 ipg_clk_highfreq */
 CLK_32k,  /* 11 ipg_clk_32k -- ~32kHz */
diff --git a/hw/timer/imx_gpt.c b/hw/timer/imx_gpt.c
index 916577b..40db63c 100644
--- a/hw/timer/imx_gpt.c
+++ b/hw/timer/imx_gpt.c
@@ -81,14 +81,14 @@ static const VMStateDescription vmstate_imx_timer_gpt = {
 };
 
 static const IMXClk imx_gpt_clocks[] = {
-NOCLK,/* 000 No clock source */
+CLK_NONE, /* 000 No clock source */
 CLK_IPG,  /* 001 ipg_clk, 532MHz*/
 CLK_IPG,  /* 010 ipg_clk_highfreq */
-NOCLK,/* 011 not defined */
+CLK_NONE, /* 011 not defined */
 CLK_32k,  /* 100 ipg_clk_32k */
-NOCLK,/* 101 not defined */
-NOCLK,/* 110 not defined */
-NOCLK,/* 111 not defined */
+CLK_NONE, /* 101 not defined */
+CLK_NONE, /* 110 not defined */
+CLK_NONE, /* 111 not defined */
 };
 
 static void imx_gpt_set_freq(IMXGPTState *s)
diff --git a/include/hw/misc/imx_ccm.h b/include/hw/misc/imx_ccm.h
index 5c4b795..74e2705 100644
--- a/include/hw/misc/imx_ccm.h
+++ b/include/hw/misc/imx_ccm.h
@@ -43,7 +43,7 @@ typedef struct IMXCCMState {
 } IMXCCMState;
 
 typedef enum  {
-NOCLK,
+CLK_NONE,
 CLK_MPLL,
 CLK_UPLL,
 CLK_MCU,
-- 
1.9.1

[Qemu-devel] [PULL v1 10/13] crypto: refactor code for dealing with AES cipher

[Daniel P. Berrange]

The built-in and nettle cipher backends for AES maintain
two separate AES contexts, one for encryption and one for
decryption. This is going to be inconvenient for the future
code dealing with XTS, so wrap them up in a single struct
so there is just one pointer to pass around for both
encryption and decryption.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 crypto/cipher-builtin.c | 126 ++--
 crypto/cipher-nettle.c  |  57 +++---
 2 files changed, 109 insertions(+), 74 deletions(-)

diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 138b7a0..836ed1a 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -22,10 +22,14 @@
 #include "crypto/aes.h"
 #include "crypto/desrfb.h"
 
+typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext;
+struct QCryptoCipherBuiltinAESContext {
+AES_KEY enc;
+AES_KEY dec;
+};
 typedef struct QCryptoCipherBuiltinAES QCryptoCipherBuiltinAES;
 struct QCryptoCipherBuiltinAES {
-AES_KEY encrypt_key;
-AES_KEY decrypt_key;
+QCryptoCipherBuiltinAESContext key;
 uint8_t iv[AES_BLOCK_SIZE];
 };
 typedef struct QCryptoCipherBuiltinDESRFB QCryptoCipherBuiltinDESRFB;
@@ -67,6 +71,58 @@ static void qcrypto_cipher_free_aes(QCryptoCipher *cipher)
 }
 
 
+static void qcrypto_cipher_aes_ecb_encrypt(AES_KEY *key,
+   const void *in,
+   void *out,
+   size_t len)
+{
+const uint8_t *inptr = in;
+uint8_t *outptr = out;
+while (len) {
+if (len > AES_BLOCK_SIZE) {
+AES_encrypt(inptr, outptr, key);
+inptr += AES_BLOCK_SIZE;
+outptr += AES_BLOCK_SIZE;
+len -= AES_BLOCK_SIZE;
+} else {
+uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
+memcpy(tmp1, inptr, len);
+/* Fill with 0 to avoid valgrind uninitialized reads */
+memset(tmp1 + len, 0, sizeof(tmp1) - len);
+AES_encrypt(tmp1, tmp2, key);
+memcpy(outptr, tmp2, len);
+len = 0;
+}
+}
+}
+
+
+static void qcrypto_cipher_aes_ecb_decrypt(AES_KEY *key,
+   const void *in,
+   void *out,
+   size_t len)
+{
+const uint8_t *inptr = in;
+uint8_t *outptr = out;
+while (len) {
+if (len > AES_BLOCK_SIZE) {
+AES_decrypt(inptr, outptr, key);
+inptr += AES_BLOCK_SIZE;
+outptr += AES_BLOCK_SIZE;
+len -= AES_BLOCK_SIZE;
+} else {
+uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
+memcpy(tmp1, inptr, len);
+/* Fill with 0 to avoid valgrind uninitialized reads */
+memset(tmp1 + len, 0, sizeof(tmp1) - len);
+AES_decrypt(tmp1, tmp2, key);
+memcpy(outptr, tmp2, len);
+len = 0;
+}
+}
+}
+
+
 static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher,
   const void *in,
   void *out,
@@ -75,29 +131,18 @@ static int qcrypto_cipher_encrypt_aes(QCryptoCipher 
*cipher,
 {
 QCryptoCipherBuiltin *ctxt = cipher->opaque;
 
-if (cipher->mode == QCRYPTO_CIPHER_MODE_ECB) {
-const uint8_t *inptr = in;
-uint8_t *outptr = out;
-while (len) {
-if (len > AES_BLOCK_SIZE) {
-AES_encrypt(inptr, outptr, >state.aes.encrypt_key);
-inptr += AES_BLOCK_SIZE;
-outptr += AES_BLOCK_SIZE;
-len -= AES_BLOCK_SIZE;
-} else {
-uint8_t tmp1[AES_BLOCK_SIZE], tmp2[AES_BLOCK_SIZE];
-memcpy(tmp1, inptr, len);
-/* Fill with 0 to avoid valgrind uninitialized reads */
-memset(tmp1 + len, 0, sizeof(tmp1) - len);
-AES_encrypt(tmp1, tmp2, >state.aes.encrypt_key);
-memcpy(outptr, tmp2, len);
-len = 0;
-}
-}
-} else {
+switch (cipher->mode) {
+case QCRYPTO_CIPHER_MODE_ECB:
+qcrypto_cipher_aes_ecb_encrypt(>state.aes.key.enc,
+   in, out, len);
+break;
+case QCRYPTO_CIPHER_MODE_CBC:
 AES_cbc_encrypt(in, out, len,
->state.aes.encrypt_key,
+>state.aes.key.enc,
 ctxt->state.aes.iv, 1);
+break;
+default:
+g_assert_not_reached();
 }
 
 return 0;
@@ -112,29 +157,18 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher 
*cipher,
 {
 QCryptoCipherBuiltin *ctxt = cipher->opaque;
 
-if (cipher->mode == QCRYPTO_CIPHER_MODE_ECB) {
-const uint8_t *inptr = in;

Re: [Qemu-devel] [PATCH 5/9] hw/arm: QOM'ify pxa2xx_pic.c

[Peter Maydell]

On 7 March 2016 at 07:05, xiaoqiang zhao  wrote:
> Remove the empty 'pxa2xx_pic_initfn' and it's
> setup code in the 'pxa2xx_pic_class_init'
>
> Signed-off-by: xiaoqiang zhao 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 03/10] ppc: Add a bunch of hypervisor SPRs to Book3s

[Thomas Huth]

On 16.03.2016 14:13, Cédric Le Goater wrote:
> From: Benjamin Herrenschmidt 
> 
> We don't give them a KVM reg number to most of the registers yet as no
> current KVM version supports HV mode. For DAWR and DAWRX, the KVM reg
> number is needed since this register can be set by the guest via the
> H_SET_MODE hypercall.
> 
> Signed-off-by: Benjamin Herrenschmidt 
> [clg: squashed in patch 'ppc: Add KVM numbers to some P8 SPRs'
>   changed the commit log with a proposal of Thomas Huth
>   removed all hunks except those related to AMOR and DAWR* ]
> Signed-off-by: Cédric Le Goater 
> ---
>  target-ppc/translate_init.c | 21 +
>  1 file changed, 21 insertions(+)
> 
> diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
> index 6a11b41206e5..4cb3dd5076c1 100644
> --- a/target-ppc/translate_init.c
> +++ b/target-ppc/translate_init.c
> @@ -1105,6 +1105,11 @@ static void gen_spr_amr (CPUPPCState *env)
>   SPR_NOACCESS, SPR_NOACCESS,
>   _read_generic, _write_generic,
>   KVM_REG_PPC_UAMOR, 0);
> +spr_register_hv(env, SPR_AMOR, "AMOR",
> +SPR_NOACCESS, SPR_NOACCESS,
> +SPR_NOACCESS, SPR_NOACCESS,
> +_read_generic, _write_generic,
> +0);
>  #endif /* !CONFIG_USER_ONLY */
>  }
>  #endif /* TARGET_PPC64 */
> @@ -7491,6 +7496,20 @@ static void gen_spr_book3s_dbg(CPUPPCState *env)
>   KVM_REG_PPC_DABRX, 0x);
>  }
>  
> +static void gen_spr_book3s_207_dbg(CPUPPCState *env)
> +{
> +spr_register_kvm_hv(env, SPR_DAWR, "DAWR",
> +SPR_NOACCESS, SPR_NOACCESS,
> +SPR_NOACCESS, SPR_NOACCESS,
> +_read_generic, _write_generic,
> +KVM_REG_PPC_DAWR, 0x);
> +spr_register_kvm_hv(env, SPR_DAWRX, "DAWRX",
> +SPR_NOACCESS, SPR_NOACCESS,
> +SPR_NOACCESS, SPR_NOACCESS,
> +_read_generic, _write_generic,
> +KVM_REG_PPC_DAWRX, 0x);
> +}
> +
>  static void gen_spr_970_dbg(CPUPPCState *env)
>  {
>  /* Breakpoints */
> @@ -7960,6 +7979,8 @@ static void init_proc_book3s_64(CPUPPCState *env, int 
> version)
>  }
>  if (version < BOOK3S_CPU_POWER8) {
>  gen_spr_book3s_dbg(env);
> +} else {
> +gen_spr_book3s_207_dbg(env);
>  }
>  #if !defined(CONFIG_USER_ONLY)
>  switch (version) {

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH v5 7/7] block: drop support for using qcow[2] encryption with system emulators

[Daniel P. Berrange]

On Fri, Mar 18, 2016 at 01:11:27PM +0100, Kevin Wolf wrote:
> Am 17.03.2016 um 18:51 hat Daniel P. Berrange geschrieben:
> > For a couple of releases we have been warning
> > 
> >   Encrypted images are deprecated
> >   Support for them will be removed in a future release.
> >   You can use 'qemu-img convert' to convert your image to an unencrypted 
> > one.
> > 
> > This warning was issued by system emulators, qemu-img, qemu-nbd
> > and qemu-io. Such a broad warning was issued because the original
> > intention was to rip out all the code for dealing with encryption
> > inside the QEMU block layer APIs.
> > 
> > The new block encryption framework used for the LUKS driver does
> > not rely on the unloved block layer API for encryption keys,
> > instead using the QOM 'secret' object type. It is thus no longer
> > appropriate to warn about encryption unconditionally.
> > 
> > When the qcow/qcow2 drivers are converted to use the new encryption
> > framework too, it will be practical to keep AES-CBC support present
> > for use in qemu-img, qemu-io & qemu-nbd to allow for interoperability
> > with older QEMU versions and liberation of data from existing encrypted
> > qcow2 files.
> > 
> > Thus this change, removes the deprecation warning, in its place adding
> > a fatal error preventing use of qcow[2] built-in encryption inside the
> > system emulators. Use of qcow[2] encryption in qemu-img, qemu-io, qemu-nbd
> > no longer triggers any warning message, since that support is now expected
> > to remain available long term, given the maint burden has been eliminated.
> > 
> > Signed-off-by: Daniel P. Berrange 
> 
> Let's do this only after the qcow2 LUKS support has been merged so that
> users have an alternative to switch to.

Ok, I'll need to respin this to just move the deprecation warning
then

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

[Qemu-devel] [PULL v3 01/13] crypto: add cryptographic random byte source

[Daniel P. Berrange]

There are three backend impls provided. The preferred
is gnutls, which is backed by nettle in modern distros.
The gcrypt impl is provided for cases where QEMU build
against gnutls is disabled, but crypto is still desired.
No nettle impl is provided, since it is non-trivial to
use the nettle APIs for random numbers. Users of nettle
should ensure gnutls is enabled for QEMU.

Reviewed-by: Fam Zheng 
Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 Makefile.objs   |  2 +-
 configure   | 14 ++
 crypto/Makefile.objs|  4 
 crypto/random-gcrypt.c  | 33 +
 crypto/random-gnutls.c  | 43 +++
 crypto/random-stub.c| 31 +++
 include/crypto/random.h | 44 
 7 files changed, 170 insertions(+), 1 deletion(-)
 create mode 100644 crypto/random-gcrypt.c
 create mode 100644 crypto/random-gnutls.c
 create mode 100644 crypto/random-stub.c
 create mode 100644 include/crypto/random.h

diff --git a/Makefile.objs b/Makefile.objs
index fbcaa74..8f705f6 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -1,6 +1,6 @@
 ###
 # Common libraries for tools and emulators
-stub-obj-y = stubs/
+stub-obj-y = stubs/ crypto/
 util-obj-y = util/ qobject/ qapi/
 util-obj-y += qmp-introspect.o qapi-types.o qapi-visit.o qapi-event.o
 
diff --git a/configure b/configure
index 2b32876..71c1e2b 100755
--- a/configure
+++ b/configure
@@ -306,6 +306,7 @@ gtkabi=""
 gtk_gl="no"
 gnutls=""
 gnutls_hash=""
+gnutls_rnd=""
 nettle=""
 gcrypt=""
 vte=""
@@ -2201,6 +2202,13 @@ if test "$gnutls" != "no"; then
gnutls_hash="no"
fi
 
+   # gnutls_rnd requires >= 2.11.0
+   if $pkg_config --exists "gnutls >= 2.11.0"; then
+   gnutls_rnd="yes"
+   else
+   gnutls_rnd="no"
+   fi
+
if $pkg_config --exists 'gnutls >= 3.0'; then
gnutls_gcrypt=no
gnutls_nettle=yes
@@ -2228,9 +2236,11 @@ if test "$gnutls" != "no"; then
 else
 gnutls="no"
 gnutls_hash="no"
+gnutls_rnd="no"
 fi
 else
 gnutls_hash="no"
+gnutls_rnd="no"
 fi
 
 
@@ -4714,6 +4724,7 @@ echo "GTK support   $gtk"
 echo "GTK GL support$gtk_gl"
 echo "GNUTLS support$gnutls"
 echo "GNUTLS hash   $gnutls_hash"
+echo "GNUTLS rnd$gnutls_rnd"
 echo "libgcrypt $gcrypt"
 if test "$nettle" = "yes"; then
 echo "nettle$nettle ($nettle_version)"
@@ -5092,6 +5103,9 @@ fi
 if test "$gnutls_hash" = "yes" ; then
   echo "CONFIG_GNUTLS_HASH=y" >> $config_host_mak
 fi
+if test "$gnutls_rnd" = "yes" ; then
+  echo "CONFIG_GNUTLS_RND=y" >> $config_host_mak
+fi
 if test "$gcrypt" = "yes" ; then
   echo "CONFIG_GCRYPT=y" >> $config_host_mak
 fi
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index a3135f1..967418c 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -8,6 +8,10 @@ crypto-obj-y += tlscredsanon.o
 crypto-obj-y += tlscredsx509.o
 crypto-obj-y += tlssession.o
 crypto-obj-y += secret.o
+crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
+crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
 
 # Let the userspace emulators avoid linking gnutls/etc
 crypto-aes-obj-y = aes.o
+
+stub-obj-y += random-stub.o
diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c
new file mode 100644
index 000..0de9a09
--- /dev/null
+++ b/crypto/random-gcrypt.c
@@ -0,0 +1,33 @@
+/*
+ * QEMU Crypto random number provider
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#include "qemu/osdep.h"
+
+#include "crypto/random.h"
+
+#include 
+
+int qcrypto_random_bytes(uint8_t *buf,
+ size_t buflen,
+ Error **errp G_GNUC_UNUSED)
+{
+gcry_randomize(buf, buflen, GCRY_STRONG_RANDOM);
+return 0;
+}
diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c
new file mode 100644
index 000..04b45a8
--- /dev/null
+++ b/crypto/random-gnutls.c
@@ -0,0 +1,43 @@
+/*
+ * QEMU Crypto random number provider
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you 

[Qemu-devel] [PATCH v2 02/10] ppc: Add macros to register hypervisor mode SPRs

[Cédric Le Goater]

From: Benjamin Herrenschmidt 

The current set of spr_register_* macros only take the user and
supervisor function pointers. To make the transition easy, we
don't change that but we add "_hv" variants that can be used to
register all 3 sets.

To simplify the transition, users of the "old" macro will set the
hypervisor callback to be the same as the supervisor one. The new
registration function only needs to be used for registers that are
either hypervisor only or behave differently in HV mode.

Signed-off-by: Benjamin Herrenschmidt 
Reviewed-by: David Gibson 
[clg: fixed else if condition in gen_op_mfspr() ]
Signed-off-by: Cédric Le Goater 
---
 target-ppc/translate.c  | 26 --
 target-ppc/translate_init.c | 35 +++
 2 files changed, 47 insertions(+), 14 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index e402ff920314..6f0e7b4face6 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -4282,14 +4282,17 @@ static inline void gen_op_mfspr(DisasContext *ctx)
 void (*read_cb)(DisasContext *ctx, int gprn, int sprn);
 uint32_t sprn = SPR(ctx->opcode);
 
-#if !defined(CONFIG_USER_ONLY)
-if (ctx->hv)
+#if defined(CONFIG_USER_ONLY)
+read_cb = ctx->spr_cb[sprn].uea_read;
+#else
+if (ctx->pr) {
+read_cb = ctx->spr_cb[sprn].uea_read;
+} else if (ctx->hv) {
 read_cb = ctx->spr_cb[sprn].hea_read;
-else if (!ctx->pr)
+} else {
 read_cb = ctx->spr_cb[sprn].oea_read;
-else
+}
 #endif
-read_cb = ctx->spr_cb[sprn].uea_read;
 if (likely(read_cb != NULL)) {
 if (likely(read_cb != SPR_NOACCESS)) {
 (*read_cb)(ctx, rD(ctx->opcode), sprn);
@@ -4437,14 +4440,17 @@ static void gen_mtspr(DisasContext *ctx)
 void (*write_cb)(DisasContext *ctx, int sprn, int gprn);
 uint32_t sprn = SPR(ctx->opcode);
 
-#if !defined(CONFIG_USER_ONLY)
-if (ctx->hv)
+#if defined(CONFIG_USER_ONLY)
+write_cb = ctx->spr_cb[sprn].uea_write;
+#else
+if (ctx->pr) {
+write_cb = ctx->spr_cb[sprn].uea_write;
+} else if (ctx->hv) {
 write_cb = ctx->spr_cb[sprn].hea_write;
-else if (!ctx->pr)
+} else {
 write_cb = ctx->spr_cb[sprn].oea_write;
-else
+}
 #endif
-write_cb = ctx->spr_cb[sprn].uea_write;
 if (likely(write_cb != NULL)) {
 if (likely(write_cb != SPR_NOACCESS)) {
 (*write_cb)(ctx, sprn, rS(ctx->opcode));
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index fb206aff29ad..6a11b41206e5 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -579,17 +579,33 @@ static inline void vscr_init (CPUPPCState *env, uint32_t 
val)
 #define spr_register_kvm(env, num, name, uea_read, uea_write,  
\
  oea_read, oea_write, one_reg_id, initial_value)   
\
 _spr_register(env, num, name, uea_read, uea_write, initial_value)
+#define spr_register_kvm_hv(env, num, name, uea_read, uea_write,   
\
+oea_read, oea_write, hea_read, hea_write,  
\
+one_reg_id, initial_value) 
\
+_spr_register(env, num, name, uea_read, uea_write, initial_value)
 #else
 #if !defined(CONFIG_KVM)
 #define spr_register_kvm(env, num, name, uea_read, uea_write,  
\
- oea_read, oea_write, one_reg_id, initial_value) \
+ oea_read, oea_write, one_reg_id, initial_value)   
\
+_spr_register(env, num, name, uea_read, uea_write, 
\
+  oea_read, oea_write, oea_read, oea_write, initial_value)
+#define spr_register_kvm_hv(env, num, name, uea_read, uea_write,   
\
+oea_read, oea_write, hea_read, hea_write,  
\
+one_reg_id, initial_value) 
\
 _spr_register(env, num, name, uea_read, uea_write, 
\
-  oea_read, oea_write, initial_value)
+  oea_read, oea_write, hea_read, hea_write, initial_value)
 #else
 #define spr_register_kvm(env, num, name, uea_read, uea_write,  
\
- oea_read, oea_write, one_reg_id, initial_value) \
+ oea_read, oea_write, one_reg_id, initial_value)   
\
+_spr_register(env, num, name, uea_read, uea_write, 
\
+  oea_read, oea_write, oea_read, oea_write,
\
+  one_reg_id, initial_value)
+#define spr_register_kvm_hv(env, num, name, uea_read, uea_write,   
\
+oea_read, oea_write, hea_read, hea_write,  
\
+one_reg_id, initial_value)   

[Qemu-devel] [PULL 24/29] block: Use blk_co_pwritev() in blk_write_zeroes()

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
---
 block/block-backend.c | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index 475d27a..886c2f4 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -744,7 +744,8 @@ static void blk_write_entry(void *opaque)
 }
 
 static int blk_rw(BlockBackend *blk, int64_t sector_num, uint8_t *buf,
-  int nb_sectors, CoroutineEntry co_entry)
+  int nb_sectors, CoroutineEntry co_entry,
+  BdrvRequestFlags flags)
 {
 AioContext *aio_context;
 QEMUIOVector qiov;
@@ -766,6 +767,7 @@ static int blk_rw(BlockBackend *blk, int64_t sector_num, 
uint8_t *buf,
 .blk= blk,
 .offset = sector_num << BDRV_SECTOR_BITS,
 .qiov   = ,
+.flags  = flags,
 .ret= NOT_DONE,
 };
 
@@ -783,7 +785,7 @@ static int blk_rw(BlockBackend *blk, int64_t sector_num, 
uint8_t *buf,
 int blk_read(BlockBackend *blk, int64_t sector_num, uint8_t *buf,
  int nb_sectors)
 {
-return blk_rw(blk, sector_num, buf, nb_sectors, blk_read_entry);
+return blk_rw(blk, sector_num, buf, nb_sectors, blk_read_entry, 0);
 }
 
 int blk_read_unthrottled(BlockBackend *blk, int64_t sector_num, uint8_t *buf,
@@ -808,18 +810,15 @@ int blk_read_unthrottled(BlockBackend *blk, int64_t 
sector_num, uint8_t *buf,
 int blk_write(BlockBackend *blk, int64_t sector_num, const uint8_t *buf,
   int nb_sectors)
 {
-return blk_rw(blk, sector_num, (uint8_t*) buf, nb_sectors, 
blk_write_entry);
+return blk_rw(blk, sector_num, (uint8_t*) buf, nb_sectors,
+  blk_write_entry, 0);
 }
 
 int blk_write_zeroes(BlockBackend *blk, int64_t sector_num,
  int nb_sectors, BdrvRequestFlags flags)
 {
-int ret = blk_check_request(blk, sector_num, nb_sectors);
-if (ret < 0) {
-return ret;
-}
-
-return bdrv_write_zeroes(blk_bs(blk), sector_num, nb_sectors, flags);
+return blk_rw(blk, sector_num, NULL, nb_sectors, blk_write_entry,
+  BDRV_REQ_ZERO_WRITE);
 }
 
 static void error_callback_bh(void *opaque)
-- 
1.8.3.1

[Qemu-devel] [PATCH v4 04/17] block: Use blk_{commit, flush}_all() consistently

[Max Reitz]

Replace bdrv_commmit_all() and bdrv_flush_all() by their BlockBackend
equivalents.

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
---
 blockdev.c  | 2 +-
 cpus.c  | 5 +++--
 qemu-char.c | 3 ++-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index 50410bf..5be7d4b 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1173,7 +1173,7 @@ void hmp_commit(Monitor *mon, const QDict *qdict)
 int ret;
 
 if (!strcmp(device, "all")) {
-ret = bdrv_commit_all();
+ret = blk_commit_all();
 } else {
 BlockDriverState *bs;
 AioContext *aio_context;
diff --git a/cpus.c b/cpus.c
index 4052be5..23cf7aa 100644
--- a/cpus.c
+++ b/cpus.c
@@ -29,6 +29,7 @@
 #include "qapi/qmp/qerror.h"
 #include "qemu/error-report.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/block-backend.h"
 #include "exec/gdbstub.h"
 #include "sysemu/dma.h"
 #include "sysemu/kvm.h"
@@ -734,7 +735,7 @@ static int do_vm_stop(RunState state)
 }
 
 bdrv_drain_all();
-ret = bdrv_flush_all();
+ret = blk_flush_all();
 
 return ret;
 }
@@ -1433,7 +1434,7 @@ int vm_stop_force_state(RunState state)
 bdrv_drain_all();
 /* Make sure to return an error if the flush in a previous vm_stop()
  * failed. */
-return bdrv_flush_all();
+return blk_flush_all();
 }
 }
 
diff --git a/qemu-char.c b/qemu-char.c
index 0a14e57..bfcf80d 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -25,6 +25,7 @@
 #include "qemu-common.h"
 #include "monitor/monitor.h"
 #include "sysemu/sysemu.h"
+#include "sysemu/block-backend.h"
 #include "qemu/error-report.h"
 #include "qemu/timer.h"
 #include "sysemu/char.h"
@@ -628,7 +629,7 @@ static int mux_proc_byte(CharDriverState *chr, MuxDriver 
*d, int ch)
  break;
 }
 case 's':
-bdrv_commit_all();
+blk_commit_all();
 break;
 case 'b':
 qemu_chr_be_event(chr, CHR_EVENT_BREAK);
-- 
2.7.3

[Qemu-devel] [PULL v2 03/13] crypto: add support for generating initialization vectors

[Daniel P. Berrange]

There are a number of different algorithms that can be used
to generate initialization vectors for disk encryption. This
introduces a simple internal QCryptoBlockIV object to provide
a consistent internal API to the different algorithms. The
initially implemented algorithms are 'plain', 'plain64' and
'essiv', each matching the same named algorithm provided
by the Linux kernel dm-crypt driver.

Reviewed-by: Eric Blake 
Reviewed-by: Fam Zheng 
Signed-off-by: Daniel P. Berrange 
---
 crypto/Makefile.objs  |   4 +
 crypto/ivgen-essiv.c  | 118 ++
 crypto/ivgen-essiv.h  |  28 +++
 crypto/ivgen-plain.c  |  59 +
 crypto/ivgen-plain.h  |  28 +++
 crypto/ivgen-plain64.c|  59 +
 crypto/ivgen-plain64.h|  28 +++
 crypto/ivgen.c|  99 ++
 crypto/ivgenpriv.h|  49 +++
 include/crypto/ivgen.h| 206 ++
 qapi/crypto.json  |  19 +
 tests/.gitignore  |   1 +
 tests/Makefile|   2 +
 tests/test-crypto-ivgen.c | 173 ++
 14 files changed, 873 insertions(+)
 create mode 100644 crypto/ivgen-essiv.c
 create mode 100644 crypto/ivgen-essiv.h
 create mode 100644 crypto/ivgen-plain.c
 create mode 100644 crypto/ivgen-plain.h
 create mode 100644 crypto/ivgen-plain64.c
 create mode 100644 crypto/ivgen-plain64.h
 create mode 100644 crypto/ivgen.c
 create mode 100644 crypto/ivgenpriv.h
 create mode 100644 include/crypto/ivgen.h
 create mode 100644 tests/test-crypto-ivgen.c

diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 7122cc8..f28b00e 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -13,6 +13,10 @@ crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += 
random-gnutls.o
 crypto-obj-y += pbkdf.o
 crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
 crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
+crypto-obj-y += ivgen.o
+crypto-obj-y += ivgen-essiv.o
+crypto-obj-y += ivgen-plain.o
+crypto-obj-y += ivgen-plain64.o
 
 # Let the userspace emulators avoid linking gnutls/etc
 crypto-aes-obj-y = aes.o
diff --git a/crypto/ivgen-essiv.c b/crypto/ivgen-essiv.c
new file mode 100644
index 000..5649c01
--- /dev/null
+++ b/crypto/ivgen-essiv.c
@@ -0,0 +1,118 @@
+/*
+ * QEMU Crypto block IV generator - essiv
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/ivgen-essiv.h"
+
+typedef struct QCryptoIVGenESSIV QCryptoIVGenESSIV;
+struct QCryptoIVGenESSIV {
+QCryptoCipher *cipher;
+};
+
+static int qcrypto_ivgen_essiv_init(QCryptoIVGen *ivgen,
+const uint8_t *key, size_t nkey,
+Error **errp)
+{
+uint8_t *salt;
+size_t nhash;
+size_t nsalt;
+QCryptoIVGenESSIV *essiv = g_new0(QCryptoIVGenESSIV, 1);
+
+/* Not necessarily the same as nkey */
+nsalt = qcrypto_cipher_get_key_len(ivgen->cipher);
+
+nhash = qcrypto_hash_digest_len(ivgen->hash);
+/* Salt must be larger of hash size or key size */
+salt = g_new0(uint8_t, MAX(nhash, nsalt));
+
+if (qcrypto_hash_bytes(ivgen->hash, (const gchar *)key, nkey,
+   , ,
+   errp) < 0) {
+g_free(essiv);
+return -1;
+}
+
+/* Now potentially truncate salt to match cipher key len */
+essiv->cipher = qcrypto_cipher_new(ivgen->cipher,
+   QCRYPTO_CIPHER_MODE_ECB,
+   salt, MIN(nhash, nsalt),
+   errp);
+if (!essiv->cipher) {
+g_free(essiv);
+g_free(salt);
+return -1;
+}
+
+g_free(salt);
+ivgen->private = essiv;
+
+return 0;
+}
+
+static int qcrypto_ivgen_essiv_calculate(QCryptoIVGen *ivgen,
+ uint64_t sector,
+ uint8_t *iv, size_t niv,
+ Error **errp)
+{
+QCryptoIVGenESSIV *essiv = ivgen->private;
+size_t ndata = qcrypto_cipher_get_block_len(ivgen->cipher);
+uint8_t *data = 

Re: [Qemu-devel] [PATCH 0/2] Emit QUORUM_REPORT_BAD for reads in fifo mode

[Max Reitz]

On 15.03.2016 10:41, Alberto Garcia wrote:
> This is a follow-up to the "Separate QUORUM_REPORT_BAD events" series:
> 
>https://lists.gnu.org/archive/html/qemu-devel/2016-03/msg02402.html
> 
> If there's an I/O error in one of Quorum children then QEMU should
> emit QUORUM_REPORT_BAD. However this is not working with
> read-pattern=fifo. This patch fixes this problem.
> 
> This applies on top of Kevin's block branch.
> 
> Regards,
> 
> Berto
> 
> Alberto Garcia (2):
>   quorum: Emit QUORUM_REPORT_BAD for reads in fifo mode
>   iotests: Test QUORUM_REPORT_BAD in fifo mode
> 
>  block/quorum.c | 17 +
>  tests/qemu-iotests/148 | 17 +++--
>  tests/qemu-iotests/148.out |  4 ++--
>  3 files changed, 26 insertions(+), 12 deletions(-)

Thanks, applied to my block tree:

https://github.com/XanClic/qemu/commits/block

Max



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 1/1] backend: multi-client-socket

[Baptiste Reynal]

This patch introduces a new socket for QEMU, called multi-client-socket. This
socket allows multiple QEMU instances to communicate by sharing messages
and file descriptors.

A socket can be instantiated with the following parameters:
-object multi-socket-backend,id=,path=,listen=

If listen is set, the socket will act as a listener and register new
clients.

This patch is a follow-up to "[RFC PATCH 0/8] Towards an Heterogeneous QEMU":
https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg00171.html

This work has been sponsored by Huawei Technologies Duesseldorf GmbH.

Signed-off-by: Baptiste Reynal 
---
 backends/Makefile.objs  |   2 +
 backends/multi-socket.c | 355 
 include/qemu/multi-socket.h | 124 
 3 files changed, 481 insertions(+)
 create mode 100644 backends/multi-socket.c
 create mode 100644 include/qemu/multi-socket.h

diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 31a3a89..689eac3 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -9,3 +9,5 @@ common-obj-$(CONFIG_TPM) += tpm.o
 
 common-obj-y += hostmem.o hostmem-ram.o
 common-obj-$(CONFIG_LINUX) += hostmem-file.o
+
+common-obj-y += multi-socket.o
diff --git a/backends/multi-socket.c b/backends/multi-socket.c
new file mode 100644
index 000..2cfbb50
--- /dev/null
+++ b/backends/multi-socket.c
@@ -0,0 +1,355 @@
+/*
+ * QEMU Multi Client socket
+ *
+ * Copyright (C) 2015 - Virtual Open Systems
+ *
+ * Author: Baptiste Reynal 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/multi-socket.h"
+#include "qemu/error-report.h"
+
+typedef struct MSHandler MSHandler;
+typedef struct MSRegHandler MSRegHandler;
+
+struct MSHandler {
+char *name;
+void (*read)(MSClient *client, const char *message, void *opaque);
+void *opaque;
+
+QLIST_ENTRY(MSHandler) next;
+};
+
+struct MSRegHandler {
+void (*reg)(MSClient *client, void *opaque);
+void *opaque;
+
+QLIST_ENTRY(MSRegHandler) next;
+};
+
+static void multi_socket_get_fds(MSClient *client, struct msghdr msg)
+{
+struct cmsghdr *cmsg;
+
+/* process fds */
+for (cmsg = CMSG_FIRSTHDR(); cmsg; cmsg = CMSG_NXTHDR(, cmsg)) {
+int fd_size;
+
+if (cmsg->cmsg_len < CMSG_LEN(sizeof(int)) ||
+cmsg->cmsg_level != SOL_SOCKET ||
+cmsg->cmsg_type != SCM_RIGHTS) {
+continue;
+}
+
+fd_size = cmsg->cmsg_len - CMSG_LEN(0);
+
+if (!fd_size) {
+continue;
+}
+
+g_free(client->rcvfds);
+
+client->rcvfds_num = fd_size / sizeof(int);
+client->rcvfds = g_malloc(fd_size);
+memcpy(client->rcvfds, CMSG_DATA(cmsg), fd_size);
+}
+}
+
+static gboolean
+multi_socket_read_handler(GIOChannel *channel, GIOCondition cond, void *opaque)
+{
+MSClient *client = (MSClient *) opaque;
+MSBackend *backend = client->backend;
+
+char message[BUFFER_SIZE];
+struct MSHandler *h;
+
+struct msghdr msg = { NULL, };
+struct iovec iov[1];
+union {
+struct cmsghdr cmsg;
+char control[CMSG_SPACE(sizeof(int) * MAX_FDS)];
+} msg_control;
+int flags = 0;
+ssize_t ret;
+
+iov[0].iov_base = message;
+iov[0].iov_len = BUFFER_SIZE;
+
+msg.msg_iov = iov;
+msg.msg_iovlen = 1;
+msg.msg_control = _control;
+msg.msg_controllen = sizeof(msg_control);
+
+ret = recvmsg(client->fd, , flags);
+
+if (ret > 0) {
+multi_socket_get_fds(client, msg);
+
+/* handler callback */
+QLIST_FOREACH(h, >handlers, next) {
+if (!strncmp(h->name, message, strlen(h->name))) {
+h->read(client, message + strlen(h->name) + 1, h->opaque);
+return TRUE;
+}
+}
+error_report("Unrecognized message: %s", message);
+}
+
+return FALSE;
+}
+
+void multi_socket_add_reg_handler(MSBackend *backend,
+void (*reg)(MSClient *client, void *opaque), void *opaque)
+{
+struct MSRegHandler *h;
+
+h = g_malloc(sizeof(struct MSRegHandler));
+
+h->reg = reg;
+h->opaque = opaque;
+
+QLIST_INSERT_HEAD(>reg_handlers, h, next);
+}
+
+void multi_socket_add_handler(MSBackend *backend,
+const char *name,
+void (*read)(MSClient *c, const char *message, void *opaque),
+void *opaque)
+{
+struct MSHandler *h;
+
+/* check that the handler name is not taken */
+QLIST_FOREACH(h, >handlers, next) {
+if (!strcmp(h->name, name)) {
+error_report("Handler %s already exists", name);
+return;
+}
+}
+
+h = g_malloc(sizeof(struct MSHandler));
+
+h->name = g_strdup(name);
+h->read = read;
+h->opaque = opaque;
+
+QLIST_INSERT_HEAD(>handlers, h, next);
+}
+
+static void 

[Qemu-devel] [PATCH v2 09/10] ppc: Add dummy CIABR SPR

[Cédric Le Goater]

From: Benjamin Herrenschmidt 

We should implement HW breakpoint/watchpoint, qemu supports them...

Signed-off-by: Benjamin Herrenschmidt 
Reviewed-by: Thomas Huth 
Reviewed-by: David Gibson 
---
 target-ppc/cpu.h| 1 +
 target-ppc/translate_init.c | 5 +
 2 files changed, 6 insertions(+)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index a3c4fb112a3e..29c48600d950 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1393,6 +1393,7 @@ static inline int cpu_mmu_index (CPUPPCState *env, bool 
ifetch)
 #define SPR_PSPB  (0x09F)
 #define SPR_DAWR  (0x0B4)
 #define SPR_RPR   (0x0BA)
+#define SPR_CIABR (0x0BB)
 #define SPR_DAWRX (0x0BC)
 #define SPR_HFSCR (0x0BE)
 #define SPR_VRSAVE(0x100)
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index c78b532e8f3c..5f53098faef7 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -7589,6 +7589,11 @@ static void gen_spr_book3s_207_dbg(CPUPPCState *env)
 SPR_NOACCESS, SPR_NOACCESS,
 _read_generic, _write_generic,
 KVM_REG_PPC_DAWRX, 0x);
+spr_register_kvm_hv(env, SPR_CIABR, "CIABR",
+SPR_NOACCESS, SPR_NOACCESS,
+SPR_NOACCESS, SPR_NOACCESS,
+_read_generic, _write_generic,
+KVM_REG_PPC_CIABR, 0x);
 }
 
 static void gen_spr_970_dbg(CPUPPCState *env)
-- 
2.1.4

Re: [Qemu-devel] [PATCH v2 02/16] block: move restarting of throttled reqs to block/throttle-groups.c

[Fam Zheng]

On Wed, 03/16 15:16, Paolo Bonzini wrote:
> We want to remove throttled_reqs from block/io.c.  This is the easy
> part---hide the handling of throttled_reqs during disable/enable of
> throttling within throttle-groups.c.
> 
> Signed-off-by: Paolo Bonzini 

Reviewed-by: Fam Zheng 

[Qemu-devel] [PATCH for-2.6 04/14] pc-bios/s390-ccw: qemuize types

[Cornelia Huck]

From: "Eugene (jno) Dvurechenski" 

Turn [the most of] existing declarations from
struct type_name { ... };
into
struct TypeName { ... };
typedef struct TypeName TypeName;
and make use of them.

Also switch u{8,16,32,64} to uint{8,16,32,64}_t.

Acked-by: Cornelia Huck 
Signed-off-by: Eugene (jno) Dvurechenski 
Signed-off-by: Cornelia Huck 
---
 pc-bios/s390-ccw/main.c |   8 +--
 pc-bios/s390-ccw/s390-ccw.h |  12 +++-
 pc-bios/s390-ccw/virtio.c   |  46 +++---
 pc-bios/s390-ccw/virtio.h   | 145 
 4 files changed, 116 insertions(+), 95 deletions(-)

diff --git a/pc-bios/s390-ccw/main.c b/pc-bios/s390-ccw/main.c
index 11cb803..7f192f3 100644
--- a/pc-bios/s390-ccw/main.c
+++ b/pc-bios/s390-ccw/main.c
@@ -14,7 +14,7 @@
 char stack[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
 char ring_area[PAGE_SIZE * 8] __attribute__((__aligned__(PAGE_SIZE)));
 uint64_t boot_value;
-static struct subchannel_id blk_schid = { .one = 1 };
+static SubChannelId blk_schid = { .one = 1 };
 
 /*
  * Priniciples of Operations (SA22-7832-09) chapter 17 requires that
@@ -23,7 +23,7 @@ static struct subchannel_id blk_schid = { .one = 1 };
  */
 void write_subsystem_identification(void)
 {
-struct subchannel_id *schid = (struct subchannel_id *) 184;
+SubChannelId *schid = (SubChannelId *) 184;
 uint32_t *zeroes = (uint32_t *) 188;
 
 *schid = blk_schid;
@@ -38,7 +38,7 @@ void panic(const char *string)
 while (1) { }
 }
 
-static bool find_dev(struct schib *schib, int dev_no)
+static bool find_dev(Schib *schib, int dev_no)
 {
 int i, r;
 
@@ -64,7 +64,7 @@ static bool find_dev(struct schib *schib, int dev_no)
 
 static void virtio_setup(uint64_t dev_info)
 {
-struct schib schib;
+Schib schib;
 int ssid;
 bool found = false;
 uint16_t dev_no;
diff --git a/pc-bios/s390-ccw/s390-ccw.h b/pc-bios/s390-ccw/s390-ccw.h
index 5135911..a5c0684 100644
--- a/pc-bios/s390-ccw/s390-ccw.h
+++ b/pc-bios/s390-ccw/s390-ccw.h
@@ -45,6 +45,14 @@ typedef unsigned long long __u64;
 
 #include "cio.h"
 
+typedef struct irb Irb;
+typedef struct ccw1 Ccw1;
+typedef struct cmd_orb CmdOrb;
+typedef struct schib Schib;
+typedef struct chsc_area_sda ChscAreaSda;
+typedef struct senseid SenseId;
+typedef struct subchannel_id SubChannelId;
+
 /* start.s */
 void disabled_wait(void);
 void consume_sclp_int(void);
@@ -63,8 +71,8 @@ void sclp_setup(void);
 /* virtio.c */
 unsigned long virtio_load_direct(ulong rec_list1, ulong rec_list2,
  ulong subchan_id, void *load_addr);
-bool virtio_is_blk(struct subchannel_id schid);
-void virtio_setup_block(struct subchannel_id schid);
+bool virtio_is_blk(SubChannelId schid);
+void virtio_setup_block(SubChannelId schid);
 int virtio_read(ulong sector, void *load_addr);
 int enable_mss_facility(void);
 ulong get_second(void);
diff --git a/pc-bios/s390-ccw/virtio.c b/pc-bios/s390-ccw/virtio.c
index da51fb7..64c6e07 100644
--- a/pc-bios/s390-ccw/virtio.c
+++ b/pc-bios/s390-ccw/virtio.c
@@ -11,7 +11,7 @@
 #include "s390-ccw.h"
 #include "virtio.h"
 
-static struct vring block;
+static VRing block;
 
 static char chsc_page[PAGE_SIZE] __attribute__((__aligned__(PAGE_SIZE)));
 
@@ -31,7 +31,7 @@ static long kvm_hypercall(unsigned long nr, unsigned long 
param1,
 return retval;
 }
 
-static void virtio_notify(struct subchannel_id schid)
+static void virtio_notify(SubChannelId schid)
 {
 kvm_hypercall(KVM_S390_VIRTIO_CCW_NOTIFY, *(u32 *), 0);
 }
@@ -40,9 +40,9 @@ static void virtio_notify(struct subchannel_id schid)
  * Virtio functions*
  ***/
 
-static int drain_irqs(struct subchannel_id schid)
+static int drain_irqs(SubChannelId schid)
 {
-struct irb irb = {};
+Irb irb = {};
 int r = 0;
 
 while (1) {
@@ -59,11 +59,11 @@ static int drain_irqs(struct subchannel_id schid)
 }
 }
 
-static int run_ccw(struct subchannel_id schid, int cmd, void *ptr, int len)
+static int run_ccw(SubChannelId schid, int cmd, void *ptr, int len)
 {
-struct ccw1 ccw = {};
-struct cmd_orb orb = {};
-struct schib schib;
+Ccw1 ccw = {};
+CmdOrb orb = {};
+Schib schib;
 int r;
 
 /* start command processing */
@@ -92,7 +92,7 @@ static int run_ccw(struct subchannel_id schid, int cmd, void 
*ptr, int len)
 return r;
 }
 
-static void virtio_set_status(struct subchannel_id schid,
+static void virtio_set_status(SubChannelId schid,
   unsigned long dev_addr)
 {
 unsigned char status = dev_addr;
@@ -101,18 +101,18 @@ static void virtio_set_status(struct subchannel_id schid,
 }
 }
 
-static void virtio_reset(struct subchannel_id schid)
+static void virtio_reset(SubChannelId schid)
 {
 run_ccw(schid, CCW_CMD_VDEV_RESET, NULL, 0);
 }
 
-static void 

[Qemu-devel] [PULL 18/29] block: Use bdrv_next() instead of bdrv_states

[Kevin Wolf]

From: Max Reitz 

There is no point in manually iterating through the bdrv_states list
when there is bdrv_next().

Signed-off-by: Max Reitz 
Reviewed-by: Kevin Wolf 
Signed-off-by: Kevin Wolf 
---
 block.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/block.c b/block.c
index 8f700f1..5d848fb 100644
--- a/block.c
+++ b/block.c
@@ -3293,10 +3293,10 @@ void bdrv_invalidate_cache(BlockDriverState *bs, Error 
**errp)
 
 void bdrv_invalidate_cache_all(Error **errp)
 {
-BlockDriverState *bs;
+BlockDriverState *bs = NULL;
 Error *local_err = NULL;
 
-QTAILQ_FOREACH(bs, _states, device_list) {
+while ((bs = bdrv_next(bs)) != NULL) {
 AioContext *aio_context = bdrv_get_aio_context(bs);
 
 aio_context_acquire(aio_context);
@@ -3326,10 +3326,10 @@ static int bdrv_inactivate(BlockDriverState *bs)
 
 int bdrv_inactivate_all(void)
 {
-BlockDriverState *bs;
+BlockDriverState *bs = NULL;
 int ret;
 
-QTAILQ_FOREACH(bs, _states, device_list) {
+while ((bs = bdrv_next(bs)) != NULL) {
 AioContext *aio_context = bdrv_get_aio_context(bs);
 
 aio_context_acquire(aio_context);
@@ -3835,10 +3835,10 @@ bool bdrv_recurse_is_first_non_filter(BlockDriverState 
*bs,
  */
 bool bdrv_is_first_non_filter(BlockDriverState *candidate)
 {
-BlockDriverState *bs;
+BlockDriverState *bs = NULL;
 
 /* walk down the bs forest recursively */
-QTAILQ_FOREACH(bs, _states, device_list) {
+while ((bs = bdrv_next(bs)) != NULL) {
 bool perm;
 
 /* try to recurse in this top level bs */
-- 
1.8.3.1

[Qemu-devel] GSoC Application 2016 (Postcopy Migration: Recovery from a broken network connection)

[Ashi]

Hi all,

I have completed my GSoC Application for the project idea regarding 
postcopy migration. I would like to get views from the qemu community 
before I finally post it.


Proposal Timeline:

The progress will be tracked through weekly email updates and blog posts
documenting the work.


-> Before April 30th:

1. Familiarize myself with QEMU source code of postcopy migration 
process and identify the parts of the code which will need modifications.


-> April 30th - May 23rd:

2. Familiarize myself with the live migration process as a whole and its
real time statistics.
3. Remain in constant touch with the community and finalize the design.

-> May 23rd - June 28th:

1. Stage 1: Pausing the VM (10-14 days)
At network failure, don't kill the destination by calling
qemu_file_shutdown, else pause the VMs and make the destination listen 
to a connection by some socket_listen and migration_incoming functions 
to setup a different network. The source should try and remember its 
migration state.

2. Stage 2: Re-establish the network (10-12 days)
Try to reconnect source to the destination to carry on the 
transfer of remaining requested pages.
3. Testing the working of above changes and prepare a prototype of a 
backup migration file.


-> June 21st - 28th:

Midterm evaluations of the work done so far. Making required changes in 
the code to improve its functionality and bug fixes. Document the work done.


-> June 28th - July 20th:

1. Stage 3: Hunting the missing pages: (14-20 days)
While the connection is getting re-established, start a recovery
thread find_missing_pages at the destination VM that iterates all the
memory to find all the missing pages by page fault mechanism and 
requests the same using the reverse communication channel when the 
connection resumes. Fit the received pages in the slots using 
remap_anon_pages atomically.


-> July 20th - August 16th:

1. Stage 4: Backup migration file (20-25 days)
Use a migration backup file to be used for recovery if we fail 
to resume the network in several attempts. The file will be used only in

emergency after a certain time boundary so that we don't lose the device
state and complete the migration. The tricky bit will be to keep the 
file size small.
2. Prepare the documentation of the project, write tests, cleanup the 
code and final evaluation of the mentor.


-> August 16th - August 30th:
1. Most of the time will be used in rigorous testing and bug fixes.
2. Complete the documentation.
3. Final submission of the code, documentation and test results to Google.


Any small suggestions are welcomed and will be very helpful.

Thanks!

Ashijeet Acharya

[Qemu-devel] [PATCH 10/20] block: Move enable_write_cache to BB level

[Kevin Wolf]

Whether a write cache is used or not is a decision that concerns the
user (e.g. the guest device) rather than the backend. It was already
logically part of the BB level as bdrv_move_feature_fields() always kept
it on top of the BDS tree; with this patch, the core of it (the actual
flag and the additional flushes) is also implemented there.

Direct callers of bdrv_open() must pass BDRV_O_CACHE_WB now if bs
doesn't have a BlockBackend attached.

Signed-off-by: Kevin Wolf 
---
 block.c| 26 +-
 block/block-backend.c  | 42 +++---
 block/io.c |  2 +-
 block/iscsi.c  |  2 +-
 include/block/block.h  |  1 +
 include/block/block_int.h  |  3 ---
 tests/qemu-iotests/142 |  4 ++--
 tests/qemu-iotests/142.out |  8 
 8 files changed, 53 insertions(+), 35 deletions(-)

diff --git a/block.c b/block.c
index 172f865..9271dbb 100644
--- a/block.c
+++ b/block.c
@@ -2038,6 +2038,11 @@ int bdrv_reopen_prepare(BDRVReopenState *reopen_state, 
BlockReopenQueue *queue,
 goto error;
 }
 }
+if (!reopen_state->bs->blk && !(reopen_state->flags & BDRV_O_CACHE_WB)) {
+error_setg(errp, "Cannot disable cache.writeback: No BlockBackend");
+ret = -EINVAL;
+goto error;
+}
 
 /* node-name and driver must be unchanged. Put them back into the QDict, so
  * that they are checked at the end of this function. */
@@ -2138,10 +2143,10 @@ void bdrv_reopen_commit(BDRVReopenState *reopen_state)
 
 reopen_state->bs->explicit_options   = reopen_state->explicit_options;
 reopen_state->bs->open_flags = reopen_state->flags;
-reopen_state->bs->enable_write_cache = !!(reopen_state->flags &
-  BDRV_O_CACHE_WB);
 reopen_state->bs->read_only = !(reopen_state->flags & BDRV_O_RDWR);
 
+bdrv_set_enable_write_cache(reopen_state->bs,
+!!(reopen_state->flags & BDRV_O_CACHE_WB));
 bdrv_refresh_limits(reopen_state->bs, NULL);
 }
 
@@ -2271,9 +2276,6 @@ static void bdrv_move_feature_fields(BlockDriverState 
*bs_dest,
  BlockDriverState *bs_src)
 {
 /* move some fields that need to stay attached to the device */
-
-/* dev info */
-bs_dest->enable_write_cache = bs_src->enable_write_cache;
 }
 
 static void change_parent_backing_link(BlockDriverState *from,
@@ -2753,12 +2755,18 @@ int bdrv_is_sg(BlockDriverState *bs)
 
 int bdrv_enable_write_cache(BlockDriverState *bs)
 {
-return bs->enable_write_cache;
+if (bs->blk) {
+return blk_enable_write_cache(bs->blk);
+} else {
+return true;
+}
 }
 
 void bdrv_set_enable_write_cache(BlockDriverState *bs, bool wce)
 {
-bs->enable_write_cache = wce;
+if (bs->blk) {
+blk_set_enable_write_cache(bs->blk, wce);
+}
 
 /* so a reopen() will preserve wce */
 if (wce) {
@@ -3618,8 +3626,8 @@ void bdrv_img_create(const char *filename, const char 
*fmt,
 }
 
 /* backing files always opened read-only */
-back_flags =
-flags & ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
+back_flags = flags | BDRV_O_CACHE_WB;
+back_flags &= ~(BDRV_O_RDWR | BDRV_O_SNAPSHOT | BDRV_O_NO_BACKING);
 
 if (backing_fmt) {
 backing_options = qdict_new();
diff --git a/block/block-backend.c b/block/block-backend.c
index ffa5856..4ef4b03 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -46,6 +46,8 @@ struct BlockBackend {
  * can be used to restore those options in the new BDS on insert) */
 BlockBackendRootState root_state;
 
+bool enable_write_cache;
+
 /* I/O stats (display with "info blockstats"). */
 BlockAcctStats stats;
 
@@ -715,11 +717,17 @@ static int coroutine_fn blk_co_pwritev(BlockBackend *blk, 
int64_t offset,
   unsigned int bytes, QEMUIOVector *qiov,
   BdrvRequestFlags flags)
 {
-int ret = blk_check_byte_request(blk, offset, bytes);
+int ret;
+
+ret = blk_check_byte_request(blk, offset, bytes);
 if (ret < 0) {
 return ret;
 }
 
+if (!blk->enable_write_cache) {
+flags |= BDRV_REQ_FUA;
+}
+
 return bdrv_co_do_pwritev(blk_bs(blk), offset, bytes, qiov, flags);
 }
 
@@ -1226,26 +1234,19 @@ int blk_is_sg(BlockBackend *blk)
 
 int blk_enable_write_cache(BlockBackend *blk)
 {
-BlockDriverState *bs = blk_bs(blk);
-
-if (bs) {
-return bdrv_enable_write_cache(bs);
-} else {
-return !!(blk->root_state.open_flags & BDRV_O_CACHE_WB);
-}
+return blk->enable_write_cache;
 }
 
 void blk_set_enable_write_cache(BlockBackend *blk, bool wce)
 {
-BlockDriverState *bs = blk_bs(blk);
+blk->enable_write_cache = wce;
 
-if (bs) {
-

[Qemu-devel] [PATCH v2 01/16] block: make bdrv_start_throttled_reqs return void

[Paolo Bonzini]

The return value is unused and I am not sure why it would be useful.

Reviewed-by: Fam Zheng 
Signed-off-by: Paolo Bonzini 
---
 block/io.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/block/io.c b/block/io.c
index a69bfc4..e58cfe2 100644
--- a/block/io.c
+++ b/block/io.c
@@ -75,10 +75,8 @@ void bdrv_set_io_limits(BlockDriverState *bs,
 }
 }
 
-/* this function drain all the throttled IOs */
-static bool bdrv_start_throttled_reqs(BlockDriverState *bs)
+static void bdrv_start_throttled_reqs(BlockDriverState *bs)
 {
-bool drained = false;
 bool enabled = bs->io_limits_enabled;
 int i;
 
@@ -86,13 +84,11 @@ static bool bdrv_start_throttled_reqs(BlockDriverState *bs)
 
 for (i = 0; i < 2; i++) {
 while (qemu_co_enter_next(>throttled_reqs[i])) {
-drained = true;
+;
 }
 }
 
 bs->io_limits_enabled = enabled;
-
-return drained;
 }
 
 void bdrv_io_limits_disable(BlockDriverState *bs)
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v2] Sort the fw_cfg file list

[Corey Minyard]

On 03/15/2016 12:01 PM, Michael S. Tsirkin wrote:

On Tue, Mar 15, 2016 at 11:36:39AM -0500, Corey Minyard wrote:


I've hit a bit of a snag here.  For 0.11 and before, PCI option ROMs
were loaded via fw_cfg, not in the PCI ROM BAR.  This causes two
issues:

* The order depends on the device initialization order,
which I'm not sure is quantifiable.  I believe it depends on
how they are listed on the command line.

* Users can load their own romfile with their own name, which
means it can't be in the list.

Also, for the ISA VGA ROMs, their order will also depend on the
device list order.

Outside of that, I have an order of file names.

I think if I treat the device ROMs separately and handle them
in init order, and then stick that device list in the proper location,
that will work.  Does that sound reasonable?

Thanks,

-corey

I think so. By the time this becomes an issue we might decide to
disable migration from 0.11



One more thing here.  I've realized that this is used for
non-x86, too, and I'm wondering how much those matter.
It's going to be really hard to figure out an order for these,
as different boards/arches use the same names and install
them in different orders.

For legacy mode, can I just put them in order for non-x86?
Is there an easy way to detect that you are running x86?

-corey

[Qemu-devel] [PULL 03/40] ivshmem-server: Don't overload POSIX shmem and file name

[Markus Armbruster]

Option -m NAME is interpreted as directory name if we can statfs() it
and its on hugetlbfs.  Else it's interpreted as POSIX shared memory
object name.  This is nuts.

Always interpret -m as directory.  Create new -M for POSIX shared
memory.  Last of -m or -M wins.

Signed-off-by: Markus Armbruster 
Message-Id: <1458066895-20632-4-git-send-email-arm...@redhat.com>
Reviewed-by: Marc-André Lureau 
---
 contrib/ivshmem-server/ivshmem-server.c | 56 ++---
 contrib/ivshmem-server/ivshmem-server.h |  4 ++-
 contrib/ivshmem-server/main.c   | 14 ++---
 tests/ivshmem-test.c|  2 +-
 4 files changed, 24 insertions(+), 52 deletions(-)

diff --git a/contrib/ivshmem-server/ivshmem-server.c 
b/contrib/ivshmem-server/ivshmem-server.c
index bfd0fad..172db78 100644
--- a/contrib/ivshmem-server/ivshmem-server.c
+++ b/contrib/ivshmem-server/ivshmem-server.c
@@ -12,9 +12,6 @@
 #include 
 #include 
 #include 
-#ifdef CONFIG_LINUX
-#include 
-#endif
 
 #include "ivshmem-server.h"
 
@@ -257,7 +254,8 @@ ivshmem_server_ftruncate(int fd, unsigned shmsize)
 /* Init a new ivshmem server */
 int
 ivshmem_server_init(IvshmemServer *server, const char *unix_sock_path,
-const char *shm_path, size_t shm_size, unsigned n_vectors,
+const char *shm_path, bool use_shm_open,
+size_t shm_size, unsigned n_vectors,
 bool verbose)
 {
 int ret;
@@ -278,6 +276,7 @@ ivshmem_server_init(IvshmemServer *server, const char 
*unix_sock_path,
 return -1;
 }
 
+server->use_shm_open = use_shm_open;
 server->shm_size = shm_size;
 server->n_vectors = n_vectors;
 
@@ -286,31 +285,6 @@ ivshmem_server_init(IvshmemServer *server, const char 
*unix_sock_path,
 return 0;
 }
 
-#ifdef CONFIG_LINUX
-
-#define HUGETLBFS_MAGIC   0x958458f6
-
-static long gethugepagesize(const char *path)
-{
-struct statfs fs;
-int ret;
-
-do {
-ret = statfs(path, );
-} while (ret != 0 && errno == EINTR);
-
-if (ret != 0) {
-return -1;
-}
-
-if (fs.f_type != HUGETLBFS_MAGIC) {
-return -1;
-}
-
-return fs.f_bsize;
-}
-#endif
-
 /* open shm, create and bind to the unix socket */
 int
 ivshmem_server_start(IvshmemServer *server)
@@ -319,27 +293,17 @@ ivshmem_server_start(IvshmemServer *server)
 int shm_fd, sock_fd, ret;
 
 /* open shm file */
-#ifdef CONFIG_LINUX
-long hpagesize;
-
-hpagesize = gethugepagesize(server->shm_path);
-if (hpagesize < 0 && errno != ENOENT) {
-IVSHMEM_SERVER_DEBUG(server, "cannot stat shm file %s: %s\n",
- server->shm_path, strerror(errno));
-}
-
-if (hpagesize > 0) {
+if (server->use_shm_open) {
+IVSHMEM_SERVER_DEBUG(server, "Using POSIX shared memory: %s\n",
+ server->shm_path);
+shm_fd = shm_open(server->shm_path, O_CREAT | O_RDWR, S_IRWXU);
+} else {
 gchar *filename = g_strdup_printf("%s/ivshmem.XX", 
server->shm_path);
-IVSHMEM_SERVER_DEBUG(server, "Using hugepages: %s\n", 
server->shm_path);
+IVSHMEM_SERVER_DEBUG(server, "Using file-backed shared memory: %s\n",
+ server->shm_path);
 shm_fd = mkstemp(filename);
 unlink(filename);
 g_free(filename);
-} else
-#endif
-{
-IVSHMEM_SERVER_DEBUG(server, "Using POSIX shared memory: %s\n",
- server->shm_path);
-shm_fd = shm_open(server->shm_path, O_CREAT|O_RDWR, S_IRWXU);
 }
 
 if (shm_fd < 0) {
diff --git a/contrib/ivshmem-server/ivshmem-server.h 
b/contrib/ivshmem-server/ivshmem-server.h
index e9de8a3..3851639 100644
--- a/contrib/ivshmem-server/ivshmem-server.h
+++ b/contrib/ivshmem-server/ivshmem-server.h
@@ -66,6 +66,7 @@ typedef struct IvshmemServer {
 char unix_sock_path[PATH_MAX];   /**< path to unix socket */
 int sock_fd; /**< unix sock file descriptor */
 char shm_path[PATH_MAX]; /**< path to shm */
+bool use_shm_open;
 size_t shm_size; /**< size of shm */
 int shm_fd;  /**< shm file descriptor */
 unsigned n_vectors;  /**< number of vectors */
@@ -89,7 +90,8 @@ typedef struct IvshmemServer {
  */
 int
 ivshmem_server_init(IvshmemServer *server, const char *unix_sock_path,
-const char *shm_path, size_t shm_size, unsigned n_vectors,
+const char *shm_path, bool use_shm_open,
+size_t shm_size, unsigned n_vectors,
 bool verbose);
 
 /**
diff --git a/contrib/ivshmem-server/main.c b/contrib/ivshmem-server/main.c
index 3332a8c..5afa8ee 100644
--- a/contrib/ivshmem-server/main.c
+++ b/contrib/ivshmem-server/main.c
@@ -29,6 +29,7 @@ typedef struct IvshmemServerArgs {
 const char *pid_file;
 const 

Re: [Qemu-devel] [PULL v1 00/13] Merge crypto code for LUKS encryption

[Peter Maydell]

On 17 March 2016 at 13:51, Peter Maydell  wrote:
> On 17 March 2016 at 13:42, Daniel P. Berrange  wrote:
>> The following changes since commit 8c4575472494a5dfedfe05e7b58ca9ce3872ad56:
>>
>>   Merge remote-tracking branch 'remotes/ehabkost/tags/machine-pull-request' 
>> into staging (2016-03-17 08:52:58 +)
>>
>> are available in the git repository at:
>>
>>   git://github.com/berrange/qemu tags/pull-qcrypto-2016-03-17-1
>>
>> for you to fetch changes up to 0a3d53cfda6f200c84c13c3818017e56edc761ba:
>>
>>   crypto: implement the LUKS block encryption format (2016-03-17 12:42:33 
>> +)
>>
>> 
>> Merge QCrypto 2016/03/17 v1
>>
>> 
>
> This doesn't build on OSX, I'm afraid:
>
> /Users/pm215/src/qemu-for-merges/crypto/pbkdf.c:37:23: error: use of
> undeclared identifier 'RUSAGE_THREAD'
> if (getrusage(RUSAGE_THREAD, ) < 0) {
>   ^
> /Users/pm215/src/qemu-for-merges/crypto/pbkdf.c:49:23: error: use of
> undeclared identifier 'RUSAGE_THREAD'
> if (getrusage(RUSAGE_THREAD, ) < 0) {
>   ^

Also a w32 build failure:
crypto/pbkdf.c:23:26: fatal error: sys/resource.h: No such file or directory
 #include 
  ^

thanks
-- PMM

[Qemu-devel] [PULL 19/40] ivshmem: Clean up MSI-X conditions

[Markus Armbruster]

There are three predicates related to MSI-X:

* ivshmem_has_feature(s, IVSHMEM_MSI) is true unless the non-MSI-X
  variant of the device is selected with msi=off.

* msix_present() is true when the device has the PCI capability MSI-X.
  It's initially false, and becomes true during successful realize of
  the MSI-X variant of the device.  Thus, it's the same as
  ivshmem_has_feature(s, IVSHMEM_MSI) for realized devices.

* msix_enabled() is true when msix_present() is true and guest software
  has enabled MSI-X.

Code that differs between the non-MSI-X and the MSI-X variant of the
device needs to be guarded by ivshmem_has_feature(s, IVSHMEM_MSI) or
by msix_present(), except the latter works only for realized devices.

Code that depends on whether MSI-X is in use needs to be guarded with
msix_enabled().

Code review led me to two minor messes:

* ivshmem_vector_notify() calls msix_notify() even when
  !msix_enabled(), unlike most other MSI-X-capable devices.  As far as
  I can tell, msix_notify() does nothing when !msix_enabled().  Add
  the guard anyway.

* Most callers of ivshmem_use_msix() guard it with
  ivshmem_has_feature(s, IVSHMEM_MSI).  Not necessary, because
  ivshmem_use_msix() does nothing when !msix_present().  That's
  ivshmem's only use of msix_present(), though.  Guard it
  consistently, and drop the now redundant msix_present() check.
  While there, rename ivshmem_use_msix() to ivshmem_msix_vector_use().

Signed-off-by: Markus Armbruster 
Message-Id: <1458066895-20632-20-git-send-email-arm...@redhat.com>
Reviewed-by: Marc-André Lureau 
---
 hw/misc/ivshmem.c | 22 ++
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 1debce3..abcb1c1 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -274,7 +274,9 @@ static void ivshmem_vector_notify(void *opaque)
 
 IVSHMEM_DPRINTF("interrupt on vector %p %d\n", pdev, vector);
 if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
-msix_notify(pdev, vector);
+if (msix_enabled(pdev)) {
+msix_notify(pdev, vector);
+}
 } else {
 ivshmem_IntrStatus_write(s, 1);
 }
@@ -713,16 +715,11 @@ static void ivshmem_check_version(void *opaque, const 
uint8_t * buf, int size)
 /* Select the MSI-X vectors used by device.
  * ivshmem maps events to vectors statically, so
  * we just enable all vectors on init and after reset. */
-static void ivshmem_use_msix(IVShmemState * s)
+static void ivshmem_msix_vector_use(IVShmemState *s)
 {
 PCIDevice *d = PCI_DEVICE(s);
 int i;
 
-IVSHMEM_DPRINTF("%s, msix present: %d\n", __func__, msix_present(d));
-if (!msix_present(d)) {
-return;
-}
-
 for (i = 0; i < s->vectors; i++) {
 msix_vector_use(d, i);
 }
@@ -734,7 +731,9 @@ static void ivshmem_reset(DeviceState *d)
 
 s->intrstatus = 0;
 s->intrmask = 0;
-ivshmem_use_msix(s);
+if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
+ivshmem_msix_vector_use(s);
+}
 }
 
 static int ivshmem_setup_interrupts(IVShmemState *s)
@@ -748,7 +747,7 @@ static int ivshmem_setup_interrupts(IVShmemState *s)
 }
 
 IVSHMEM_DPRINTF("msix initialized (%d vectors)\n", s->vectors);
-ivshmem_use_msix(s);
+ivshmem_msix_vector_use(s);
 }
 
 return 0;
@@ -1040,9 +1039,8 @@ static int ivshmem_post_load(void *opaque, int version_id)
 IVShmemState *s = opaque;
 
 if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
-ivshmem_use_msix(s);
+ivshmem_msix_vector_use(s);
 }
-
 return 0;
 }
 
@@ -1070,7 +1068,7 @@ static int ivshmem_load_old(QEMUFile *f, void *opaque, 
int version_id)
 
 if (ivshmem_has_feature(s, IVSHMEM_MSI)) {
 msix_load(pdev, f);
-ivshmem_use_msix(s);
+ivshmem_msix_vector_use(s);
 } else {
 s->intrstatus = qemu_get_be32(f);
 s->intrmask = qemu_get_be32(f);
-- 
2.4.3

Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/

[Paolo Bonzini]

On 17/03/2016 14:35, Michael S. Tsirkin wrote:
> > We meant just two partitions of the namespace. "opt/" and non-"opt/".
> > The latter belongs to QEMU, the former belongs to everything else, and
> > the subdivision of everything else doesn't belong into QEMU. OVMF is
> > part of everything else.
>
> This is where we made a design mistake.  There are 3 kinds of users
> adding entries: QEMU, QEMU firmware developers and QEMU users.

I can definitely agree with this.

Paolo

> And QEMU users could be further subdivided.

[Qemu-devel] [PATCH 05/20] qemu-img: Call blk_set_enable_write_cache() explicitly

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
---
 qemu-img.c | 79 ++
 1 file changed, 48 insertions(+), 31 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 839e05b..96b51d4 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -245,7 +245,7 @@ static int img_open_password(BlockBackend *blk, const char 
*filename,
 
 
 static BlockBackend *img_open_opts(const char *optstr,
-   QemuOpts *opts, int flags,
+   QemuOpts *opts, int flags, bool 
writethrough,
bool require_io, bool quiet)
 {
 QDict *options;
@@ -257,6 +257,7 @@ static BlockBackend *img_open_opts(const char *optstr,
 error_reportf_err(local_err, "Could not open '%s'", optstr);
 return NULL;
 }
+blk_set_enable_write_cache(blk, !writethrough);
 
 if (img_open_password(blk, optstr, require_io, quiet) < 0) {
 blk_unref(blk);
@@ -267,7 +268,8 @@ static BlockBackend *img_open_opts(const char *optstr,
 
 static BlockBackend *img_open_file(const char *filename,
const char *fmt, int flags,
-   bool require_io, bool quiet)
+   bool writethrough, bool require_io,
+   bool quiet)
 {
 BlockBackend *blk;
 Error *local_err = NULL;
@@ -283,6 +285,7 @@ static BlockBackend *img_open_file(const char *filename,
 error_reportf_err(local_err, "Could not open '%s': ", filename);
 return NULL;
 }
+blk_set_enable_write_cache(blk, !writethrough);
 
 if (img_open_password(blk, filename, require_io, quiet) < 0) {
 blk_unref(blk);
@@ -294,7 +297,7 @@ static BlockBackend *img_open_file(const char *filename,
 
 static BlockBackend *img_open(bool image_opts,
   const char *filename,
-  const char *fmt, int flags,
+  const char *fmt, int flags, bool writethrough,
   bool require_io, bool quiet)
 {
 BlockBackend *blk;
@@ -309,9 +312,9 @@ static BlockBackend *img_open(bool image_opts,
 if (!opts) {
 return NULL;
 }
-blk = img_open_opts(filename, opts, flags, true, quiet);
+blk = img_open_opts(filename, opts, flags, writethrough, true, quiet);
 } else {
-blk = img_open_file(filename, fmt, flags, true, quiet);
+blk = img_open_file(filename, fmt, flags, writethrough, true, quiet);
 }
 return blk;
 }
@@ -589,7 +592,8 @@ static int img_check(int argc, char **argv)
 BlockBackend *blk;
 BlockDriverState *bs;
 int fix = 0;
-int flags = BDRV_O_CACHE_WB | BDRV_O_CHECK;
+int flags = BDRV_O_CHECK;
+bool writethrough;
 ImageCheck *check;
 bool quiet = false;
 Error *local_err = NULL;
@@ -598,6 +602,7 @@ static int img_check(int argc, char **argv)
 fmt = NULL;
 output = NULL;
 cache = BDRV_DEFAULT_CACHE;
+
 for(;;) {
 int option_index = 0;
 static const struct option long_options[] = {
@@ -677,13 +682,13 @@ static int img_check(int argc, char **argv)
 return 1;
 }
 
-ret = bdrv_parse_cache_flags(cache, );
+ret = bdrv_parse_cache_mode(cache, , );
 if (ret < 0) {
 error_report("Invalid source cache option: %s", cache);
 return 1;
 }
 
-blk = img_open(image_opts, filename, fmt, flags, true, quiet);
+blk = img_open(image_opts, filename, fmt, flags, writethrough, true, 
quiet);
 if (!blk) {
 return 1;
 }
@@ -793,6 +798,7 @@ static int img_commit(int argc, char **argv)
 BlockBackend *blk;
 BlockDriverState *bs, *base_bs;
 bool progress = false, quiet = false, drop = false;
+bool writethrough;
 Error *local_err = NULL;
 CommonBlockJobCBInfo cbi;
 bool image_opts = false;
@@ -869,13 +875,13 @@ static int img_commit(int argc, char **argv)
 }
 
 flags = BDRV_O_RDWR | BDRV_O_UNMAP;
-ret = bdrv_parse_cache_flags(cache, );
+ret = bdrv_parse_cache_mode(cache, , );
 if (ret < 0) {
 error_report("Invalid cache option: %s", cache);
 return 1;
 }
 
-blk = img_open(image_opts, filename, fmt, flags, true, quiet);
+blk = img_open(image_opts, filename, fmt, flags, writethrough, true, 
quiet);
 if (!blk) {
 return 1;
 }
@@ -1119,6 +1125,7 @@ static int img_compare(int argc, char **argv)
 int ret = 0; /* return value - 0 Ident, 1 Different, >1 Error */
 bool progress = false, quiet = false, strict = false;
 int flags;
+bool writethrough;
 int64_t total_sectors;
 int64_t sector_num = 0;
 int64_t nb_sectors;
@@ -1201,21 +1208,23 @@ static int img_compare(int argc, char **argv)
 /* Initialize before goto out */
 qemu_progress_init(progress, 2.0);
 
-flags = BDRV_O_CACHE_WB;
-ret = 

[Qemu-devel] [PATCH v6 16/16] qapi: Consolidate object visitors

[Eric Blake]

Rather than having two separate visitor callbacks with items
already broken out, pass the actual QAPISchemaObjectType object
to the visitor.  This lets the visitor access things like
type.is_implicit() without needing another parameter, resolving
a TODO from previous patches.

For convenience and consistency, the 'name' and 'info' parameters
are still provided, even though they are now redundant with
'typ.name' and 'typ.info'.

Signed-off-by: Eric Blake 

---
v6: new patch
---
 scripts/qapi.py| 10 ++
 scripts/qapi-introspect.py | 10 +-
 scripts/qapi-types.py  | 13 ++---
 scripts/qapi-visit.py  | 12 ++--
 4 files changed, 19 insertions(+), 26 deletions(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index b13ae47..4dde43a 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -808,10 +808,7 @@ class QAPISchemaVisitor(object):
 def visit_array_type(self, name, info, element_type):
 pass

-def visit_object_type(self, name, info, base, members, variants):
-pass
-
-def visit_object_type_flat(self, name, info, members, variants):
+def visit_object_type(self, name, info, typ):
 pass

 def visit_alternate_type(self, name, info, variants):
@@ -1005,10 +1002,7 @@ class QAPISchemaObjectType(QAPISchemaType):
 return 'object'

 def visit(self, visitor):
-visitor.visit_object_type(self.name, self.info,
-  self.base, self.local_members, self.variants)
-visitor.visit_object_type_flat(self.name, self.info,
-   self.members, self.variants)
+visitor.visit_object_type(self.name, self.info, self)


 class QAPISchemaMember(object):
diff --git a/scripts/qapi-introspect.py b/scripts/qapi-introspect.py
index e0f926b..474eafd 100644
--- a/scripts/qapi-introspect.py
+++ b/scripts/qapi-introspect.py
@@ -141,11 +141,11 @@ const char %(c_name)s[] = %(c_string)s;
 element = self._use_type(element_type)
 self._gen_json('[' + element + ']', 'array', {'element-type': element})

-def visit_object_type_flat(self, name, info, members, variants):
-obj = {'members': [self._gen_member(m) for m in members]}
-if variants:
-obj.update(self._gen_variants(variants.tag_member.name,
-  variants.variants))
+def visit_object_type(self, name, info, typ):
+obj = {'members': [self._gen_member(m) for m in typ.members]}
+if typ.variants:
+obj.update(self._gen_variants(typ.variants.tag_member.name,
+  typ.variants.variants))
 self._gen_json(name, 'object', obj)

 def visit_alternate_type(self, name, info, variants):
diff --git a/scripts/qapi-types.py b/scripts/qapi-types.py
index e09c875..40c4c1d 100644
--- a/scripts/qapi-types.py
+++ b/scripts/qapi-types.py
@@ -220,17 +220,16 @@ class QAPISchemaGenTypeVisitor(QAPISchemaVisitor):
 self.decl += gen_array(name, element_type)
 self._gen_type_cleanup(name)

-def visit_object_type(self, name, info, base, members, variants):
+def visit_object_type(self, name, info, typ):
 # Nothing to do for the special empty builtin
 if name == 'q_empty':
 return
 self._fwdecl += gen_fwd_object_or_array(name)
-self.decl += gen_object(name, base, members, variants)
-if base and not base.is_implicit():
-self.decl += gen_upcast(name, base)
-# TODO Worth changing the visitor signature, so we could
-# directly use rather than repeat type.is_implicit()?
-if not name.startswith('q_'):
+self.decl += gen_object(name, typ.base, typ.local_members,
+typ.variants)
+if typ.base and not typ.base.is_implicit():
+self.decl += gen_upcast(name, typ.base)
+if not typ.is_implicit():
 # implicit types won't be directly allocated/freed
 self._gen_type_cleanup(name)

diff --git a/scripts/qapi-visit.py b/scripts/qapi-visit.py
index c147990..e756545 100644
--- a/scripts/qapi-visit.py
+++ b/scripts/qapi-visit.py
@@ -289,18 +289,18 @@ class QAPISchemaGenVisitVisitor(QAPISchemaVisitor):
 self.decl += decl
 self.defn += defn

-def visit_object_type(self, name, info, base, members, variants):
+def visit_object_type(self, name, info, typ):
 # Nothing to do for the special empty builtin
 if name == 'q_empty':
 return
 self.decl += gen_visit_members_decl(name)
-self.defn += gen_visit_object_members(name, base, members, variants)
-# TODO Worth changing the visitor signature, so we could
-# directly use rather than repeat type.is_implicit()?
-if not name.startswith('q_'):
+self.defn += gen_visit_object_members(name, typ.base,
+ 

Re: [Qemu-devel] [PATCH v2 0/2] usb, xen: add pvUSB backend

[Juergen Gross]

On 18/03/16 13:52, Gerd Hoffmann wrote:
> On Do, 2016-03-10 at 16:19 +0100, Juergen Gross wrote:
>> This series adds a Xen pvUSB backend driver to qemu. USB devices
>> connected to the host can be passed through to a Xen guest. The
>> devices are specified via Xenstore. Access to the devices is done
>> via host-libusb.c
> 
>> I've tested the backend with various USB devices (memory sticks,
>> keyboard, ...).
> 
> Patches look sane to me.
> 
> Have you tested both virtual and physical devices?  Given how it is
> written devices such as the virtual usb tablet should work just fine
> too.

I tested with physical devices only.

TBH, I don't think a virtual device would work, given how the to be used
device is selected (driver="usb-host", hostbus, hostport).

> I can take that through the usb queue, but I'd like to see someone from
> xen have a look at this too.  Reviews anyone?

Awesome, thanks for the thumbs up!


Juergen

[Qemu-devel] [PULL v3 11/13] crypto: wire up XTS mode for cipher APIs

[Daniel P. Berrange]

Introduce 'XTS' as a permitted mode for the cipher APIs.
With XTS the key provided must be twice the size of the
key normally required for any given algorithm. This is
because the key will be split into two pieces for use
in XTS mode.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 crypto/cipher-builtin.c|  85 +---
 crypto/cipher-gcrypt.c | 123 -
 crypto/cipher-nettle.c |  79 --
 crypto/cipher.c|  27 +++--
 qapi/crypto.json   |   3 +-
 tests/test-crypto-cipher.c | 134 -
 6 files changed, 405 insertions(+), 46 deletions(-)

diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index 836ed1a..88963f6 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -21,6 +21,7 @@
 #include "qemu/osdep.h"
 #include "crypto/aes.h"
 #include "crypto/desrfb.h"
+#include "crypto/xts.h"
 
 typedef struct QCryptoCipherBuiltinAESContext QCryptoCipherBuiltinAESContext;
 struct QCryptoCipherBuiltinAESContext {
@@ -30,6 +31,7 @@ struct QCryptoCipherBuiltinAESContext {
 typedef struct QCryptoCipherBuiltinAES QCryptoCipherBuiltinAES;
 struct QCryptoCipherBuiltinAES {
 QCryptoCipherBuiltinAESContext key;
+QCryptoCipherBuiltinAESContext key_tweak;
 uint8_t iv[AES_BLOCK_SIZE];
 };
 typedef struct QCryptoCipherBuiltinDESRFB QCryptoCipherBuiltinDESRFB;
@@ -123,6 +125,30 @@ static void qcrypto_cipher_aes_ecb_decrypt(AES_KEY *key,
 }
 
 
+static void qcrypto_cipher_aes_xts_encrypt(const void *ctx,
+   size_t length,
+   uint8_t *dst,
+   const uint8_t *src)
+{
+const QCryptoCipherBuiltinAESContext *aesctx = ctx;
+
+qcrypto_cipher_aes_ecb_encrypt((AES_KEY *)>enc,
+   src, dst, length);
+}
+
+
+static void qcrypto_cipher_aes_xts_decrypt(const void *ctx,
+   size_t length,
+   uint8_t *dst,
+   const uint8_t *src)
+{
+const QCryptoCipherBuiltinAESContext *aesctx = ctx;
+
+qcrypto_cipher_aes_ecb_decrypt((AES_KEY *)>dec,
+   src, dst, length);
+}
+
+
 static int qcrypto_cipher_encrypt_aes(QCryptoCipher *cipher,
   const void *in,
   void *out,
@@ -141,6 +167,14 @@ static int qcrypto_cipher_encrypt_aes(QCryptoCipher 
*cipher,
 >state.aes.key.enc,
 ctxt->state.aes.iv, 1);
 break;
+case QCRYPTO_CIPHER_MODE_XTS:
+xts_encrypt(>state.aes.key,
+>state.aes.key_tweak,
+qcrypto_cipher_aes_xts_encrypt,
+qcrypto_cipher_aes_xts_decrypt,
+ctxt->state.aes.iv,
+len, out, in);
+break;
 default:
 g_assert_not_reached();
 }
@@ -167,6 +201,14 @@ static int qcrypto_cipher_decrypt_aes(QCryptoCipher 
*cipher,
 >state.aes.key.dec,
 ctxt->state.aes.iv, 0);
 break;
+case QCRYPTO_CIPHER_MODE_XTS:
+xts_decrypt(>state.aes.key,
+>state.aes.key_tweak,
+qcrypto_cipher_aes_xts_encrypt,
+qcrypto_cipher_aes_xts_decrypt,
+ctxt->state.aes.iv,
+len, out, in);
+break;
 default:
 g_assert_not_reached();
 }
@@ -200,21 +242,46 @@ static int qcrypto_cipher_init_aes(QCryptoCipher *cipher,
 QCryptoCipherBuiltin *ctxt;
 
 if (cipher->mode != QCRYPTO_CIPHER_MODE_CBC &&
-cipher->mode != QCRYPTO_CIPHER_MODE_ECB) {
+cipher->mode != QCRYPTO_CIPHER_MODE_ECB &&
+cipher->mode != QCRYPTO_CIPHER_MODE_XTS) {
 error_setg(errp, "Unsupported cipher mode %d", cipher->mode);
 return -1;
 }
 
 ctxt = g_new0(QCryptoCipherBuiltin, 1);
 
-if (AES_set_encrypt_key(key, nkey * 8, >state.aes.key.enc) != 0) {
-error_setg(errp, "Failed to set encryption key");
-goto error;
-}
+if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+if (AES_set_encrypt_key(key, nkey * 4, >state.aes.key.enc) != 0) 
{
+error_setg(errp, "Failed to set encryption key");
+goto error;
+}
 
-if (AES_set_decrypt_key(key, nkey * 8, >state.aes.key.dec) != 0) {
-error_setg(errp, "Failed to set decryption key");
-goto error;
+if (AES_set_decrypt_key(key, nkey * 4, >state.aes.key.dec) != 0) 
{
+error_setg(errp, "Failed to set decryption key");
+goto error;
+}
+
+if (AES_set_encrypt_key(key + (nkey / 2), nkey * 4,
+

Re: [Qemu-devel] [PATCH 00/16] AioContext fine-grained locking, part 1 of 3, including bdrv_drain rewrite

[Paolo Bonzini]

On 16/03/2016 19:18, Stefan Hajnoczi wrote:
> Looks good overall.  I'm a little nervous about merging it for QEMU 2.6
> but the block job, NBD, and data plane tests should give it a good
> workout.

Apart from QEMU nearing hard freeze, I totally understand not wanting to
commit to merging part 1 of n where n will probably be a dozen or so.
I'm open to experimenting with different models for handling long-term
contributions.

For example, each part will probably have an uncontroversial and
generally useful prefix---for example patches 1-4 in this case, or the
change to a single linux-aio context per iothread.  You could merge
those only, and for the rest, I will maintain myself a branch with R-b
from maintainers.  Master will be periodically merged into it, but not
too frequently---it could be only after each part is accepted, or when
there is some important bugfix to catch.  Once the whole multiqueue
thing gets somewhere I would send you a pull request with the entire
feature, which would consist of say 200 patches all with a Reviewed-by
already.

This is just a possibility; if you have any other idea, I'd be happy to
follow it.

Paolo

[Qemu-devel] [PULL v3 03/13] crypto: add support for generating initialization vectors

[Daniel P. Berrange]

There are a number of different algorithms that can be used
to generate initialization vectors for disk encryption. This
introduces a simple internal QCryptoBlockIV object to provide
a consistent internal API to the different algorithms. The
initially implemented algorithms are 'plain', 'plain64' and
'essiv', each matching the same named algorithm provided
by the Linux kernel dm-crypt driver.

Reviewed-by: Eric Blake 
Reviewed-by: Fam Zheng 
Signed-off-by: Daniel P. Berrange 
---
 crypto/Makefile.objs  |   4 +
 crypto/ivgen-essiv.c  | 118 ++
 crypto/ivgen-essiv.h  |  28 +++
 crypto/ivgen-plain.c  |  59 +
 crypto/ivgen-plain.h  |  28 +++
 crypto/ivgen-plain64.c|  59 +
 crypto/ivgen-plain64.h|  28 +++
 crypto/ivgen.c|  99 ++
 crypto/ivgenpriv.h|  49 +++
 include/crypto/ivgen.h| 206 ++
 qapi/crypto.json  |  19 +
 tests/.gitignore  |   1 +
 tests/Makefile|   2 +
 tests/test-crypto-ivgen.c | 173 ++
 14 files changed, 873 insertions(+)
 create mode 100644 crypto/ivgen-essiv.c
 create mode 100644 crypto/ivgen-essiv.h
 create mode 100644 crypto/ivgen-plain.c
 create mode 100644 crypto/ivgen-plain.h
 create mode 100644 crypto/ivgen-plain64.c
 create mode 100644 crypto/ivgen-plain64.h
 create mode 100644 crypto/ivgen.c
 create mode 100644 crypto/ivgenpriv.h
 create mode 100644 include/crypto/ivgen.h
 create mode 100644 tests/test-crypto-ivgen.c

diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 7122cc8..f28b00e 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -13,6 +13,10 @@ crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += 
random-gnutls.o
 crypto-obj-y += pbkdf.o
 crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
 crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
+crypto-obj-y += ivgen.o
+crypto-obj-y += ivgen-essiv.o
+crypto-obj-y += ivgen-plain.o
+crypto-obj-y += ivgen-plain64.o
 
 # Let the userspace emulators avoid linking gnutls/etc
 crypto-aes-obj-y = aes.o
diff --git a/crypto/ivgen-essiv.c b/crypto/ivgen-essiv.c
new file mode 100644
index 000..5649c01
--- /dev/null
+++ b/crypto/ivgen-essiv.c
@@ -0,0 +1,118 @@
+/*
+ * QEMU Crypto block IV generator - essiv
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/ivgen-essiv.h"
+
+typedef struct QCryptoIVGenESSIV QCryptoIVGenESSIV;
+struct QCryptoIVGenESSIV {
+QCryptoCipher *cipher;
+};
+
+static int qcrypto_ivgen_essiv_init(QCryptoIVGen *ivgen,
+const uint8_t *key, size_t nkey,
+Error **errp)
+{
+uint8_t *salt;
+size_t nhash;
+size_t nsalt;
+QCryptoIVGenESSIV *essiv = g_new0(QCryptoIVGenESSIV, 1);
+
+/* Not necessarily the same as nkey */
+nsalt = qcrypto_cipher_get_key_len(ivgen->cipher);
+
+nhash = qcrypto_hash_digest_len(ivgen->hash);
+/* Salt must be larger of hash size or key size */
+salt = g_new0(uint8_t, MAX(nhash, nsalt));
+
+if (qcrypto_hash_bytes(ivgen->hash, (const gchar *)key, nkey,
+   , ,
+   errp) < 0) {
+g_free(essiv);
+return -1;
+}
+
+/* Now potentially truncate salt to match cipher key len */
+essiv->cipher = qcrypto_cipher_new(ivgen->cipher,
+   QCRYPTO_CIPHER_MODE_ECB,
+   salt, MIN(nhash, nsalt),
+   errp);
+if (!essiv->cipher) {
+g_free(essiv);
+g_free(salt);
+return -1;
+}
+
+g_free(salt);
+ivgen->private = essiv;
+
+return 0;
+}
+
+static int qcrypto_ivgen_essiv_calculate(QCryptoIVGen *ivgen,
+ uint64_t sector,
+ uint8_t *iv, size_t niv,
+ Error **errp)
+{
+QCryptoIVGenESSIV *essiv = ivgen->private;
+size_t ndata = qcrypto_cipher_get_block_len(ivgen->cipher);
+uint8_t *data = 

Re: [Qemu-devel] [PATCH 06/17] ppc: Create cpu_ppc_set_papr() helper

[David Gibson]

On Thu, Mar 17, 2016 at 01:33:31PM +0100, Cédric Le Goater wrote:
> On 03/17/2016 03:34 AM, David Gibson wrote:
> > On Mon, Mar 14, 2016 at 05:56:29PM +0100, Cédric Le Goater wrote:
> >> From: Benjamin Herrenschmidt 
> >>
> >> And move the code adjusting the MSR mask and calling kvmppc_set_papr()
> >> to it. This allows us to add a few more things such as disabling setting
> >> of MSR:HV and appropriate LPCR bits which will be used when fixing
> >> the exception model.
> >>
> >> Signed-off-by: Benjamin Herrenschmidt 
> >> Reviewed-by: David Gibson 
> > 
> > I'm a little nervous about applying this before 2.6.  This affects the
> > value of the LPCR which is used to control exception behaviour in some
> > cases.  I'm pretty sure the current behaviour is wrong, but we do know
> > it doesn't break horribly for existing machines, which we'd have to
> > retest with the new behaviour.
> 
> Yes. I agree.
> 
> > I'm certainly willing to hear a case for this if it makes other
> > patches in the series significantly easier though.
> 
> I think we should split this patch in two. Put the cpu_ppc_set_papr() helper 
> and the MSR change in the first one and keep the LPCR changes for the second. 
> The latter belong to another set of fixes related the exception
> models.

Yes, I think that makes sense.

> 
> C.
> 
> >> ---
> >>  hw/ppc/spapr.c  | 11 ++-
> >>  target-ppc/cpu.h|  1 +
> >>  target-ppc/translate_init.c | 37 -
> >>  3 files changed, 39 insertions(+), 10 deletions(-)
> >>
> >> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> >> index 43708a2a9086..9c01872ce4d3 100644
> >> --- a/hw/ppc/spapr.c
> >> +++ b/hw/ppc/spapr.c
> >> @@ -1612,15 +1612,8 @@ static void spapr_cpu_init(sPAPRMachineState 
> >> *spapr, PowerPCCPU *cpu,
> >>  /* Set time-base frequency to 512 MHz */
> >>  cpu_ppc_tb_init(env, TIMEBASE_FREQ);
> >>  
> >> -/* PAPR always has exception vectors in RAM not ROM. To ensure this,
> >> - * MSR[IP] should never be set.
> >> - */
> >> -env->msr_mask &= ~(1 << 6);
> >> -
> >> -/* Tell KVM that we're in PAPR mode */
> >> -if (kvm_enabled()) {
> >> -kvmppc_set_papr(cpu);
> >> -}
> >> +/* Enable PAPR mode in TCG or KVM */
> >> +cpu_ppc_set_papr(cpu);
> >>  
> >>  if (cpu->max_compat) {
> >>  Error *local_err = NULL;
> >> diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
> >> index 9ce301f18922..a7da0d3e95a9 100644
> >> --- a/target-ppc/cpu.h
> >> +++ b/target-ppc/cpu.h
> >> @@ -1268,6 +1268,7 @@ void store_booke_tcr (CPUPPCState *env, target_ulong 
> >> val);
> >>  void store_booke_tsr (CPUPPCState *env, target_ulong val);
> >>  void ppc_tlb_invalidate_all (CPUPPCState *env);
> >>  void ppc_tlb_invalidate_one (CPUPPCState *env, target_ulong addr);
> >> +void cpu_ppc_set_papr(PowerPCCPU *cpu);
> >>  #endif
> >>  #endif
> >>  
> >> diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
> >> index 46dabe58783a..093ef036320d 100644
> >> --- a/target-ppc/translate_init.c
> >> +++ b/target-ppc/translate_init.c
> >> @@ -8496,8 +8496,43 @@ POWERPC_FAMILY(POWER8)(ObjectClass *oc, void *data)
> >>  pcc->interrupts_big_endian = ppc_cpu_interrupts_big_endian_lpcr;
> >>  pcc->threads_per_core = 8;
> >>  }
> >> -#endif /* defined (TARGET_PPC64) */
> >>  
> >> +#if !defined(CONFIG_USER_ONLY)
> >> +
> >> +void cpu_ppc_set_papr(PowerPCCPU *cpu)
> >> +{
> >> +CPUPPCState *env = >env;
> >> +ppc_spr_t *lpcr = >spr_cb[SPR_LPCR];
> >> +
> >> +/* PAPR always has exception vectors in RAM not ROM. To ensure this,
> >> + * MSR[IP] should never be set.
> >> + *
> >> + * We also disallow setting of MSR_HV
> >> + */
> >> +env->msr_mask &= ~((1ull << MSR_EP) | MSR_HVB);
> >> +
> >> +/* Set emulated LPCR to not send interrupts to hypervisor. Note that
> >> + * under KVM, the actual HW LPCR will be set differently by KVM 
> >> itself,
> >> + * the settings below ensure proper operations with TCG in absence of
> >> + * a real hypervisor
> >> + */
> >> +lpcr->default_value &= ~(LPCR_VPM0 | LPCR_VPM1 | LPCR_ISL | LPCR_KBV);
> >> +lpcr->default_value |= LPCR_LPES0 | LPCR_LPES1;
> >> +
> >> +/* We should be followed by a CPU reset but update the active value
> >> + * just in case...
> >> + */
> >> +env->spr[SPR_LPCR] = lpcr->default_value;
> >> +
> >> +/* Tell KVM that we're in PAPR mode */
> >> +if (kvm_enabled()) {
> >> +kvmppc_set_papr(cpu);
> >> +}
> >> +}
> >> +
> >> +#endif /* !defined(CONFIG_USER_ONLY) */
> >> +
> >> +#endif /* defined (TARGET_PPC64) */
> >>  
> >>  
> >> /*/
> >>  /* Generic CPU instantiation routine  
> >>*/
> > 
> 

-- 
David Gibson| I'll have my music 

Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/

[Michael S. Tsirkin]

On Thu, Mar 17, 2016 at 02:55:52PM +0100, Paolo Bonzini wrote:
> 
> 
> On 17/03/2016 14:49, Michael S. Tsirkin wrote:
> >> On 17/03/2016 14:13, Michael S. Tsirkin wrote:
> >>>
> >>> QEMU command line:
> >>>   A. -fw-cfg RFQDN/PATH prepends usr/. So users will not get conflicts
> >>>  with QEMU hardware
> >>
> >> Alternative: no need to prepend usr/, I think.
> > 
> > I personally dislike telling user "do X". I don't see a reason not to be
> > friendly and do X. The rare case where users do not want X can be
> > easily enabled.
> 
> I wouldn't include usr/ at all in the paths.  The RFQDN recommendation
> is enough to avoid clashes with etc/ and opt/.

Yes but then we need a blacklist. And usr/ is not visible to
users so I do not see a problem with it.


> >>>   B. -fw-cfg org.qemu/unsupported/XXX as a hack, removes
> >>>   org.qemu/unsupported/ and leaves just XXX,
> >>>   for people who want to break^?^?^?^?^?debug QEMU hardware
> >>
> >> Alternative: fail on:
> >>
> >> - a blacklist of etc/* files including etc/system-states,
> >> etc/smbios/smbios-tables, etc/smbios/smbios-anchor,
> >> etc/reserved-memory-end, etc/pvpanic-port, etc/e820, and possibly
> >> etc/boot-menu-wait
> > 
> > We can not predict the future. Future firmware will look for
> > files under etc/mst. Users using this firmware with
> > current QEMU will get a nasty surprise where it previously
> > worked.
> > 
> > Besides, it is way easier to maintain and understand a simple rule than
> > a blacklist.
> 
> The reason for the blacklist is that these are files owned by QEMU but
> traditionally under etc/.  The error can be simply "fw_cfg file %s is
> provided by QEMU".  If a file is added in the future that is owned by
> QEMU, it will be under org.qemu/* so the blacklist will not grow.


Yes, but a new prefix seems like a cleaner way.

> >> Likewise SeaBIOS would switch from etc/ to an org.seabios/ prefix (for
> >> stuff usable from both Coreboot and QEMU, e.g.
> >> org.seabios/bootsplash.bmp) or org.qemu/ (for stuff that is specific to
> >> QEMU).
> >>
> >> Files that could be moved from etc/ to org.qemu/ correspond to the ones
> >> that are blacklisted in (B), e.g. etc/system-states ->
> >> org.qemu/system-states.
> > 
> > I am not sure about moving things into usr/org.qemu.
> > These are system files, not user-provided ones.
> > But we can argue about future plans down the road.
> 
> Does it make more sense if it's just org.qemu, not usr/org.qemu?
> 
> Thanks,
> 
> Paolo

I am not sure, let's discuss after 2.6.

-- 
MST

[Qemu-devel] [PULL v3 07/13] crypto: add support for the serpent cipher algorithm

[Daniel P. Berrange]

New cipher algorithms 'serpent-128', 'serpent-192' and
'serpent-256' are defined for the Serpent algorithm.

The nettle and gcrypt cipher backends are updated to
support the new cipher and a test vector added to the
cipher test suite. The new algorithm is enabled in the
LUKS block encryption driver.

Reviewed-by: Eric Blake 
Reviewed-by: Fam Zheng 
Signed-off-by: Daniel P. Berrange 
---
 crypto/cipher-gcrypt.c | 18 ++
 crypto/cipher-nettle.c | 31 +++
 crypto/cipher.c|  6 ++
 qapi/crypto.json   |  6 +-
 tests/test-crypto-cipher.c | 39 +++
 5 files changed, 99 insertions(+), 1 deletion(-)

diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index aa1d8c5..a667d59 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -30,6 +30,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
 case QCRYPTO_CIPHER_ALG_AES_192:
 case QCRYPTO_CIPHER_ALG_AES_256:
 case QCRYPTO_CIPHER_ALG_CAST5_128:
+case QCRYPTO_CIPHER_ALG_SERPENT_128:
+case QCRYPTO_CIPHER_ALG_SERPENT_192:
+case QCRYPTO_CIPHER_ALG_SERPENT_256:
 return true;
 default:
 return false;
@@ -89,6 +92,18 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 gcryalg = GCRY_CIPHER_CAST5;
 break;
 
+case QCRYPTO_CIPHER_ALG_SERPENT_128:
+gcryalg = GCRY_CIPHER_SERPENT128;
+break;
+
+case QCRYPTO_CIPHER_ALG_SERPENT_192:
+gcryalg = GCRY_CIPHER_SERPENT192;
+break;
+
+case QCRYPTO_CIPHER_ALG_SERPENT_256:
+gcryalg = GCRY_CIPHER_SERPENT256;
+break;
+
 default:
 error_setg(errp, "Unsupported cipher algorithm %d", alg);
 return NULL;
@@ -122,6 +137,9 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
 case QCRYPTO_CIPHER_ALG_AES_128:
 case QCRYPTO_CIPHER_ALG_AES_192:
 case QCRYPTO_CIPHER_ALG_AES_256:
+case QCRYPTO_CIPHER_ALG_SERPENT_128:
+case QCRYPTO_CIPHER_ALG_SERPENT_192:
+case QCRYPTO_CIPHER_ALG_SERPENT_256:
 ctx->blocksize = 16;
 break;
 case QCRYPTO_CIPHER_ALG_CAST5_128:
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index cfa69cc..74b55ab 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -24,6 +24,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #if CONFIG_NETTLE_VERSION_MAJOR < 3
 typedef nettle_crypt_func nettle_cipher_func;
@@ -76,6 +77,18 @@ static void cast128_decrypt_wrapper(cipher_ctx_t ctx, 
cipher_length_t length,
 cast128_decrypt(ctx, length, dst, src);
 }
 
+static void serpent_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+uint8_t *dst, const uint8_t *src)
+{
+serpent_encrypt(ctx, length, dst, src);
+}
+
+static void serpent_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+uint8_t *dst, const uint8_t *src)
+{
+serpent_decrypt(ctx, length, dst, src);
+}
+
 typedef struct QCryptoCipherNettle QCryptoCipherNettle;
 struct QCryptoCipherNettle {
 void *ctx_encrypt;
@@ -94,6 +107,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg)
 case QCRYPTO_CIPHER_ALG_AES_192:
 case QCRYPTO_CIPHER_ALG_AES_256:
 case QCRYPTO_CIPHER_ALG_CAST5_128:
+case QCRYPTO_CIPHER_ALG_SERPENT_128:
+case QCRYPTO_CIPHER_ALG_SERPENT_192:
+case QCRYPTO_CIPHER_ALG_SERPENT_256:
 return true;
 default:
 return false;
@@ -169,6 +185,21 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
 
 ctx->blocksize = CAST128_BLOCK_SIZE;
 break;
+
+case QCRYPTO_CIPHER_ALG_SERPENT_128:
+case QCRYPTO_CIPHER_ALG_SERPENT_192:
+case QCRYPTO_CIPHER_ALG_SERPENT_256:
+ctx->ctx_encrypt = g_new0(struct serpent_ctx, 1);
+ctx->ctx_decrypt = NULL; /* 1 ctx can do both */
+
+serpent_set_key(ctx->ctx_encrypt, nkey, key);
+
+ctx->alg_encrypt = serpent_encrypt_wrapper;
+ctx->alg_decrypt = serpent_decrypt_wrapper;
+
+ctx->blocksize = SERPENT_BLOCK_SIZE;
+break;
+
 default:
 error_setg(errp, "Unsupported cipher algorithm %d", alg);
 goto error;
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 9e0a226..0f6fe98 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -28,6 +28,9 @@ static size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
 [QCRYPTO_CIPHER_ALG_AES_256] = 32,
 [QCRYPTO_CIPHER_ALG_DES_RFB] = 8,
 [QCRYPTO_CIPHER_ALG_CAST5_128] = 16,
+[QCRYPTO_CIPHER_ALG_SERPENT_128] = 16,
+[QCRYPTO_CIPHER_ALG_SERPENT_192] = 24,
+[QCRYPTO_CIPHER_ALG_SERPENT_256] = 32,
 };
 
 static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
@@ -36,6 +39,9 @@ static size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
 [QCRYPTO_CIPHER_ALG_AES_256] = 16,
 

Re: [Qemu-devel] [PATCH 1/9] hw/arm: QOM'ify armv7m.c

[Peter Maydell]

On 7 March 2016 at 07:05, xiaoqiang zhao  wrote:
> Drop the use of old SysBus init function and use instance_init
>
> Signed-off-by: xiaoqiang zhao 
> ---
>  hw/arm/armv7m.c | 11 +--
>  1 file changed, 5 insertions(+), 6 deletions(-)

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] Our use of #include is undisciplined, and what to do about it

[Paolo Bonzini]

On 17/03/2016 17:29, Dr. David Alan Gilbert wrote:
> OK, so I see TraceEvent has a TraceEventID field; so yes that works easily;
> it turns out to be a little more expensive though since what was a:
> 
>trace_events_dstate[id]
> 
> is now
>trace_events_dstate[te->id]

That however makes you waste a lot of cache on trace_events_dstate
(commit 585ec72, "trace: track enabled events in a separate array",
2016-02-03).

Perhaps we get the linker to do compute the id, for example by using a
separate data section and then use te-_first to compute the id...
Richard, do you have ideas on how to do this in a reasonably portable
manner?

> But hang on, what's the 'sstate' in TraceEvent; do we actually need two
> state fields if we're passing a TraceEvent pointer around?

sstate means the event is unavailable, it's basically just a way to
provide better error messages.

Paolo

[Qemu-devel] [PATCH 3/3] hw/net/spapr_llan: Enable the RX buffer pools by default for new machines

[Thomas Huth]

RX buffer pools are now enabled by default for new machine types.
For older machine types, they are still disabled to avoid breaking
migration.

Signed-off-by: Thomas Huth 
---
 hw/net/spapr_llan.c | 2 +-
 hw/ppc/spapr.c  | 7 ++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index 74c8b1e..4e28b89 100644
--- a/hw/net/spapr_llan.c
+++ b/hw/net/spapr_llan.c
@@ -709,7 +709,7 @@ static Property spapr_vlan_properties[] = {
 DEFINE_SPAPR_PROPERTIES(VIOsPAPRVLANDevice, sdev),
 DEFINE_NIC_PROPERTIES(VIOsPAPRVLANDevice, nicconf),
 DEFINE_PROP_BIT("use-rx-buffer-pools", VIOsPAPRVLANDevice,
-compat_flags, SPAPRVLAN_FLAG_RX_BUF_POOLS_BIT, false),
+compat_flags, SPAPRVLAN_FLAG_RX_BUF_POOLS_BIT, true),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 79a70a9..50d5a62 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2362,7 +2362,12 @@ DEFINE_SPAPR_MACHINE(2_6, "2.6", true);
  * pseries-2.5
  */
 #define SPAPR_COMPAT_2_5 \
-HW_COMPAT_2_5
+HW_COMPAT_2_5 \
+{ \
+.driver   = "spapr-vlan", \
+.property = "use-rx-buffer-pools", \
+.value= "off", \
+},
 
 static void spapr_machine_2_5_instance_options(MachineState *machine)
 {
-- 
1.8.3.1

Re: [Qemu-devel] basic block tracing question

[Peter Maydell]

On 16 March 2016 at 20:28, Tim Newsham  wrote:
> Hi,  I would like to create an accurate trace of basic blocks that get
> executed.  I'm interested in a trace of what a CPU would execute, and not
> for the purposes of studying qemu itself.
>
> I'm currently emitting trace data from cpu_tb_exec
> https://github.com/qemu/qemu/blob/master/cpu-exec.c#L136
> by printing out the env->eip (x86_64 only).  This seems to be roughly
> the right place -- there's already cpu tracing in this function.
> I do notice that some basic blocks get printed twice here though, and
> I tracked it down to basic blocks being rescheduled if execution returns
> with TB_EXIT_* flags set
> https://github.com/qemu/qemu/blob/master/cpu-exec.c#L163
> So I capture the PC before execution and only emit them if this is
> not the case, after execution.  This gets rid of the duplicate edges in
> the trace, but there is still one problem left that I don't understand!

If you only emit tracing information after the TB has executed and
returned then you will miss the case where we execute half a TB
and take an exception (eg load/store that page faulted, or system call),
because in that case we'll longjmp() out of the generated code. That's
one of the reasons why the tracing we have in upstream traces before
TB execution.

> Sometimes, when running the same program twice in a situation that
> should give the exact same trace, I see differences:
>
>  exec 8100450a
>  exec 81091130
> -exec 812f2930
> + basic block ff812f2930 returned with flag 3, setting pc to
> 812f285d
> +exec 812f285d
>  exec 812f293d
>  exec 81091142
>
> In this case the basic block wasn't merely restarted.  The PC was updated
> to a different value after the next_tb had the TB_EXIT_REQUESTED flag set.
> The particular basic block in question at 812f2930 ends with a callq
> to 0x812f2850 and then falls through to 0x812f293d.  So I
> would
> expect to see the "..2930" and "..293d" in the trace, but not the "..285d"
> in
> the trace, unless it was just continuing mid-basic block after the exit?

Firstly, are you running with -d nochain to disable QEMU's chaining
of TBs? (If not, then when we chain TBs together you'll only get
exec tracing for the first one, which is a good way to get confused.
The default tracing will tell you when we chain TBs together so you
can sort of unconfuse yourself, but it's easier to just turn it off
if you care about the TB logging.)

> What exactly is going on here.  What is the purpose of the TB_EXIT_REQUESTED
> here?

TB_EXIT_REQUESTED means "something asynchronous to execution requested
that we stop executing code". Usually this means "pending interrupt",
though some other things can cause it too. At the start of every TB
we check a flag to see if we need to stop; if the flag is set then
we drop out of generated code with the TB_EXIT_REQUESTED status
(and the main loop then takes care of identifying pending interrupts
or whatever it was that needed our attention.)

If you haven't disabled chaining of TBs, then we might drop out
before executing a chained TB; in this case we need to fix up
the CPU state to correctly represent the fact that we executed
the first TB in the chain but not the second one (or whatever).
This requires (among other things) setting the PC to the guest
address of the start of the TB we didn't execute.

(We may also exit mid-TB if icount is enabled and we're doing
exact instruction counting; in that case if we've said "execute
50 instructions" then we have to stop in the middle of a TB
when we hit the 50 instruction mark. icount isn't the default
though so unless your QEMU command line is enabling it then you
won't be hitting that; this is flag 2 (TB_EXIT_ICOUNT_EXPIRED).)

thanks
-- PMM

[Qemu-devel] [PULL 38/40] ivshmem: Drop ivshmem property x-memdev

[Markus Armbruster]

Use ivshmem-plain instead.

Signed-off-by: Markus Armbruster 
Reviewed-by: Marc-André Lureau 
Message-Id: <1458066895-20632-39-git-send-email-arm...@redhat.com>
---
 hw/misc/ivshmem.c | 23 +++
 1 file changed, 3 insertions(+), 20 deletions(-)

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 49e363e..90930f2 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -1197,17 +1197,12 @@ static void ivshmem_realize(PCIDevice *dev, Error 
**errp)
  " or ivshmem-doorbell instead");
 }
 
-if (!!s->server_chr + !!s->shmobj + !!s->hostmem != 1) {
-error_setg(errp,
-   "You must specify either 'shm', 'chardev' or 'x-memdev'");
+if (!!s->server_chr + !!s->shmobj != 1) {
+error_setg(errp, "You must specify either 'shm' or 'chardev'");
 return;
 }
 
-if (s->hostmem) {
-if (s->sizearg) {
-g_warning("size argument ignored with hostmem");
-}
-} else if (s->sizearg == NULL) {
+if (s->sizearg == NULL) {
 s->legacy_size = 4 << 20; /* 4 MB default */
 } else {
 char *end;
@@ -1247,17 +1242,6 @@ static void ivshmem_realize(PCIDevice *dev, Error **errp)
 ivshmem_common_realize(dev, errp);
 }
 
-static void ivshmem_init(Object *obj)
-{
-IVShmemState *s = IVSHMEM(obj);
-
-object_property_add_link(obj, "x-memdev", TYPE_MEMORY_BACKEND,
- (Object **)>hostmem,
- ivshmem_check_memdev_is_busy,
- OBJ_PROP_LINK_UNREF_ON_RELEASE,
- _abort);
-}
-
 static void ivshmem_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -1274,7 +1258,6 @@ static const TypeInfo ivshmem_info = {
 .name  = TYPE_IVSHMEM,
 .parent= TYPE_IVSHMEM_COMMON,
 .instance_size = sizeof(IVShmemState),
-.instance_init = ivshmem_init,
 .class_init= ivshmem_class_init,
 };
 
-- 
2.4.3

[Qemu-devel] [PULL 01/29] block: Fix qemu_root_bds_opts.head initialisation

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
Reviewed-by: Max Reitz 
---
 blockdev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blockdev.c b/blockdev.c
index 322ca03..e7b8676 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -4221,7 +4221,7 @@ QemuOptsList qemu_common_drive_opts = {
 
 static QemuOptsList qemu_root_bds_opts = {
 .name = "root-bds",
-.head = QTAILQ_HEAD_INITIALIZER(qemu_common_drive_opts.head),
+.head = QTAILQ_HEAD_INITIALIZER(qemu_root_bds_opts.head),
 .desc = {
 {
 .name = "discard",
-- 
1.8.3.1

[Qemu-devel] [PATCH v6 13/16] qapi: Make BlockdevOptions doc example closer to reality

[Eric Blake]

Although we don't want to repeat the entire BlockdevOptions
QMP command in the example, it helps if we aren't needlessly
diverging (the initial example was written before we had
committed the actual QMP interface).  Use names that match what
is found in qapi/block-core.json, such as '*read-only' rather
than 'readonly', or 'BlockdevRef' rather than 'BlockRef'.

For the simple union example, invent BlockdevOptionsSimple so
that later text is unambiguous which of the two union forms is
meant (telling the user to refer back to two 'BlockdevOptions'
wasn't nice, and QMP has only the flat union form).

Also, mention that the discriminator of a flat union is
non-optional.

Signed-off-by: Eric Blake 

---
v6: no change
v5: split out from patch 8/10, sync more naming
---
 docs/qapi-code-gen.txt | 74 +-
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
index c648f76..12af1b8 100644
--- a/docs/qapi-code-gen.txt
+++ b/docs/qapi-code-gen.txt
@@ -297,22 +297,22 @@ be empty.
 A simple union type defines a mapping from automatic discriminator
 values to data types like in this example:

- { 'struct': 'FileOptions', 'data': { 'filename': 'str' } }
- { 'struct': 'Qcow2Options',
-   'data': { 'backing-file': 'str', 'lazy-refcounts': 'bool' } }
+ { 'struct': 'BlockdevOptionsFile', 'data': { 'filename': 'str' } }
+ { 'struct': 'BlockdevOptionsQcow2',
+   'data': { 'backing': 'str', '*lazy-refcounts': 'bool' } }

- { 'union': 'BlockdevOptions',
-   'data': { 'file': 'FileOptions',
- 'qcow2': 'Qcow2Options' } }
+ { 'union': 'BlockdevOptionsSimple',
+   'data': { 'file': 'BlockdevOptionsFile',
+ 'qcow2': 'BlockdevOptionsQcow2' } }

 In the Client JSON Protocol, a simple union is represented by a
 dictionary that contains the 'type' member as a discriminator, and a
 'data' member that is of the specified data type corresponding to the
 discriminator value, as in these examples:

- { "type": "file", "data" : { "filename": "/some/place/my-image" } }
- { "type": "qcow2", "data" : { "backing-file": "/some/place/my-image",
-   "lazy-refcounts": true } }
+ { "type": "file", "data": { "filename": "/some/place/my-image" } }
+ { "type": "qcow2", "data": { "backing": "/some/place/my-image",
+  "lazy-refcounts": true } }

 The generated C code uses a struct containing a union. Additionally,
 an implicit C enum 'NameKind' is created, corresponding to the union
@@ -325,29 +325,29 @@ avoids nesting on the wire.  All branches of the union 
must be
 complex types, and the top-level members of the union dictionary on
 the wire will be combination of members from both the base type and the
 appropriate branch type (when merging two dictionaries, there must be
-no keys in common).  The 'discriminator' member must be the name of an
-enum-typed member of the base struct.
+no keys in common).  The 'discriminator' member must be the name of a
+non-optional enum-typed member of the base struct.

 The following example enhances the above simple union example by
-adding a common member 'readonly', renaming the discriminator to
-something more applicable, and reducing the number of {} required on
-the wire:
+adding an optional common member 'read-only', renaming the
+discriminator to something more applicable than the simple union's
+default of 'type', and reducing the number of {} required on the wire:

  { 'enum': 'BlockdevDriver', 'data': [ 'file', 'qcow2' ] }
- { 'struct': 'BlockdevCommonOptions',
-   'data': { 'driver': 'BlockdevDriver', 'readonly': 'bool' } }
+ { 'struct': 'BlockdevOptionsBase',
+   'data': { 'driver': 'BlockdevDriver', '*read-only': 'bool' } }
  { 'union': 'BlockdevOptions',
-   'base': 'BlockdevCommonOptions',
+   'base': 'BlockdevOptionsBase',
'discriminator': 'driver',
-   'data': { 'file': 'FileOptions',
- 'qcow2': 'Qcow2Options' } }
+   'data': { 'file': 'BlockdevOptionsFile',
+ 'qcow2': 'BlockdevOptionsQcow2' } }

 Resulting in these JSON objects:

- { "driver": "file", "readonly": true,
+ { "driver": "file", "read-only": true,
"filename": "/some/place/my-image" }
- { "driver": "qcow2", "readonly": false,
-   "backing-file": "/some/place/my-image", "lazy-refcounts": true }
+ { "driver": "qcow2", "read-only": false,
+   "backing": "/some/place/my-image", "lazy-refcounts": true }

 Notice that in a flat union, the discriminator name is controlled by
 the user, but because it must map to a base member with enum type, the
@@ -382,7 +382,7 @@ data types (string, integer, number, or object, but 
currently not
 array) on the wire.  The definition is similar to a simple union type,
 where each branch of the union names a QAPI type.  For example:

- { 'alternate': 'BlockRef',
+ { 'alternate': 'BlockdevRef',
'data': { 'definition': 'BlockdevOptions',
  'reference': 'str' } }

@@ 

Re: [Qemu-devel] [PATCH 16/17] ppc: Add dummy CIABR SPR

[David Gibson]

On Wed, Mar 16, 2016 at 07:24:01AM +0100, Thomas Huth wrote:
> On 16.03.2016 02:14, David Gibson wrote:
> > On Mon, Mar 14, 2016 at 05:56:39PM +0100, Cédric Le Goater wrote:
> >> From: Benjamin Herrenschmidt 
> >>
> >> We should implement HW breakpoint/watchpoint, qemu supports them...
> >>
> >> Signed-off-by: Benjamin Herrenschmidt 
> > 
> > Reviewed-by: David Gibson 
> > 
> > But I'm assuming 2.7, not 2.6.
> 
> Looks like this register can be set by the guest using the H_SET_MODE
> hypercall, too (search for H_SET_MODE_RESOURCE_SET_CIABR in the KVM
> kernel sources), similar to the DAWR register.
> And this patch is using KVM_REG_PPC_CIABR to link this register with the
> KVM code in the kernel ... so I think this patch should still go into
> 2.6 to make sure that the register is migrated properly.

Good point, not sure how I missed that.

> 
>  Thomas
> 
> >> ---
> >>  target-ppc/cpu.h| 1 +
> >>  target-ppc/translate_init.c | 5 +
> >>  2 files changed, 6 insertions(+)
> >>
> >> diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
> >> index 5203cc6a3bfb..9e1ef10b7dc6 100644
> >> --- a/target-ppc/cpu.h
> >> +++ b/target-ppc/cpu.h
> >> @@ -1400,6 +1400,7 @@ static inline int cpu_mmu_index (CPUPPCState *env, 
> >> bool ifetch)
> >>  #define SPR_DAWR  (0x0B4)
> >>  #define SPR_MPPR  (0x0B8)
> >>  #define SPR_RPR   (0x0BA)
> >> +#define SPR_CIABR (0x0BB)
> >>  #define SPR_DAWRX (0x0BC)
> >>  #define SPR_HFSCR (0x0BE)
> >>  #define SPR_VRSAVE(0x100)
> >> diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
> >> index cfb1bc088950..f88bdf7b3cd1 100644
> >> --- a/target-ppc/translate_init.c
> >> +++ b/target-ppc/translate_init.c
> >> @@ -7603,6 +7603,11 @@ static void gen_spr_book3s_207_dbg(CPUPPCState *env)
> >>  SPR_NOACCESS, SPR_NOACCESS,
> >>  _read_generic, _write_generic,
> >>  KVM_REG_PPC_DAWRX, 0x);
> >> +spr_register_kvm_hv(env, SPR_CIABR, "CIABR",
> >> +SPR_NOACCESS, SPR_NOACCESS,
> >> +SPR_NOACCESS, SPR_NOACCESS,
> >> +_read_generic, _write_generic,
> >> +KVM_REG_PPC_CIABR, 0x);
> >>  }
> >>  
> >>  static void gen_spr_970_dbg(CPUPPCState *env)
> > 
> 
> 



-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v6 04/16] qapi: Adjust names of implicit types

[Eric Blake]

The original choice of ':obj-' as the prefix for implicit types
made it obvious that we weren't going to clash with any user-defined
names, which cannot contain ':'.  But now we want to create structs
for implicit types, to get rid of special cases in the generators,
and our use of ':' in implicit names needs a tweak to produce valid
C code.

We could transliterate ':' to '_', except that C99 mandates that
"identifiers that begin with an underscore are always reserved for
use as identifiers with file scope in both the ordinary and tag name
spaces".  So it's time to change our naming convention: we can
instead use the 'q_' prefix that we reserved for ourselves back in
commit 9fb081e0.  Technically, since we aren't planning on exposing
the empty type in generated code, we could keep the name ':empty',
but renaming it to 'q_empty' makes the check for startswith('q_')
cover all implicit types, whether or not code is generated for them.

As long as we don't declare 'empty' or 'obj' ticklish, it shouldn't
clash with c_name() prepending 'q_' to the user's ticklish names.

Signed-off-by: Eric Blake 

---
v6: improve commit message
v5: new patch
---
 scripts/qapi.py  |  18 ++--
 docs/qapi-code-gen.txt   |  14 +--
 tests/qapi-schema/comments.out   |   2 +-
 tests/qapi-schema/empty.out  |   2 +-
 tests/qapi-schema/event-case.out |   2 +-
 tests/qapi-schema/ident-with-escape.out  |   8 +-
 tests/qapi-schema/include-relpath.out|   2 +-
 tests/qapi-schema/include-repetition.out |   2 +-
 tests/qapi-schema/include-simple.out |   2 +-
 tests/qapi-schema/indented-expr.out  |   2 +-
 tests/qapi-schema/qapi-schema-test.out   | 154 +++
 11 files changed, 105 insertions(+), 103 deletions(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index b7fbdae..f6701f5 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -391,7 +391,8 @@ def check_name(expr_info, source, name, 
allow_optional=False,
 # code always prefixes it with the enum name
 if enum_member and membername[0].isdigit():
 membername = 'D' + membername
-# Reserve the entire 'q_' namespace for c_name()
+# Reserve the entire 'q_' namespace for c_name(), and for 'q_empty'
+# and 'q_obj_*' implicit type names.
 if not valid_name.match(membername) or \
c_name(membername, False).startswith('q_'):
 raise QAPIExprError(expr_info,
@@ -994,8 +995,9 @@ class QAPISchemaObjectType(QAPISchemaType):
 m.check_clash(info, seen)

 def is_implicit(self):
-# See QAPISchema._make_implicit_object_type()
-return self.name[0] == ':'
+# See QAPISchema._make_implicit_object_type(), as well as
+# _def_predefineds()
+return self.name.startswith('q_')

 def c_name(self):
 assert not self.is_implicit()
@@ -1044,10 +1046,10 @@ class QAPISchemaMember(object):

 def _pretty_owner(self):
 owner = self.owner
-if owner.startswith(':obj-'):
+if owner.startswith('q_obj_'):
 # See QAPISchema._make_implicit_object_type() - reverse the
 # mapping there to create a nice human-readable description
-owner = owner[5:]
+owner = owner[6:]
 if owner.endswith('-arg'):
 return '(parameter of %s)' % owner[:-4]
 else:
@@ -1266,8 +1268,8 @@ class QAPISchema(object):
   ('bool',   'boolean', 'bool', 'false'),
   ('any','value',   'QObject' + pointer_suffix, 'NULL')]:
 self._def_builtin_type(*t)
-self.the_empty_object_type = QAPISchemaObjectType(':empty', None, None,
-  [], None)
+self.the_empty_object_type = QAPISchemaObjectType('q_empty', None,
+  None, [], None)
 self._def_entity(self.the_empty_object_type)
 qtype_values = self._make_enum_members(['none', 'qnull', 'qint',
 'qstring', 'qdict', 'qlist',
@@ -1295,7 +1297,7 @@ class QAPISchema(object):
 if not members:
 return None
 # See also QAPISchemaObjectTypeMember._pretty_owner()
-name = ':obj-%s-%s' % (name, role)
+name = 'q_obj_%s-%s' % (name, role)
 if not self.lookup_entity(name, QAPISchemaObjectType):
 self._def_entity(QAPISchemaObjectType(name, info, None,
   members, None))
diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
index e0b2ef1..c648f76 100644
--- a/docs/qapi-code-gen.txt
+++ b/docs/qapi-code-gen.txt
@@ -575,9 +575,9 @@ names an object type without members.
 Example: the SchemaInfo for command query-qmp-schema

 { "name": "query-qmp-schema", "meta-type": "command",
-  "arg-type": ":empty", "ret-type": "SchemaInfoList" }
+  

Re: [Qemu-devel] [PATCH v4 08/28] migration: introduce a new QEMUFile impl based on QIOChannel

[Dr. David Alan Gilbert]

* Daniel P. Berrange (berra...@redhat.com) wrote:
> Introduce a new QEMUFile implementation that is based on
> the QIOChannel objects. This impl is different from existing
> impls in that there is no file descriptor that can be made
> available, as some channels may be based on higher level
> protocols such as TLS.
> 
> Although the QIOChannel based implementation can trivially
> provide a bi-directional stream, initially we have separate
> functions for opening input & output directions to fit with
> the expectation of the current QEMUFile interface.
> 
> Signed-off-by: Daniel P. Berrange 

Reviewed-by: Dr. David Alan Gilbert 

> ---
>  include/migration/qemu-file.h |   4 +
>  migration/Makefile.objs   |   1 +
>  migration/qemu-file-channel.c | 180 
> ++
>  3 files changed, 185 insertions(+)
>  create mode 100644 migration/qemu-file-channel.c
> 
> diff --git a/include/migration/qemu-file.h b/include/migration/qemu-file.h
> index 2dea81f..0329ccc 100644
> --- a/include/migration/qemu-file.h
> +++ b/include/migration/qemu-file.h
> @@ -23,7 +23,9 @@
>   */
>  #ifndef QEMU_FILE_H
>  #define QEMU_FILE_H 1
> +#include "qemu-common.h"
>  #include "exec/cpu-common.h"
> +#include "io/channel.h"
>  
>  
>  /* This function writes a chunk of data to a file at the given position.
> @@ -135,6 +137,8 @@ QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps 
> *ops);
>  QEMUFile *qemu_fopen(const char *filename, const char *mode);
>  QEMUFile *qemu_fdopen(int fd, const char *mode);
>  QEMUFile *qemu_fopen_socket(int fd, const char *mode);
> +QEMUFile *qemu_fopen_channel_input(QIOChannel *ioc);
> +QEMUFile *qemu_fopen_channel_output(QIOChannel *ioc);
>  QEMUFile *qemu_popen_cmd(const char *command, const char *mode);
>  QEMUFile *qemu_bufopen(const char *mode, QEMUSizedBuffer *input);
>  void qemu_file_set_hooks(QEMUFile *f, const QEMUFileHooks *hooks);
> diff --git a/migration/Makefile.objs b/migration/Makefile.objs
> index 0cac6d7..b357e2f 100644
> --- a/migration/Makefile.objs
> +++ b/migration/Makefile.objs
> @@ -1,6 +1,7 @@
>  common-obj-y += migration.o tcp.o
>  common-obj-y += vmstate.o
>  common-obj-y += qemu-file.o qemu-file-buf.o qemu-file-unix.o 
> qemu-file-stdio.o
> +common-obj-y += qemu-file-channel.o
>  common-obj-y += xbzrle.o postcopy-ram.o
>  
>  common-obj-$(CONFIG_RDMA) += rdma.o
> diff --git a/migration/qemu-file-channel.c b/migration/qemu-file-channel.c
> new file mode 100644
> index 000..45c13f1
> --- /dev/null
> +++ b/migration/qemu-file-channel.c
> @@ -0,0 +1,180 @@
> +/*
> + * QEMUFile backend for QIOChannel objects
> + *
> + * Copyright (c) 2015-2016 Red Hat, Inc
> + *
> + * Permission is hereby granted, free of charge, to any person obtaining a 
> copy
> + * of this software and associated documentation files (the "Software"), to 
> deal
> + * in the Software without restriction, including without limitation the 
> rights
> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
> + * copies of the Software, and to permit persons to whom the Software is
> + * furnished to do so, subject to the following conditions:
> + *
> + * The above copyright notice and this permission notice shall be included in
> + * all copies or substantial portions of the Software.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
> FROM,
> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
> + * THE SOFTWARE.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "migration/qemu-file.h"
> +#include "io/channel-socket.h"
> +#include "qemu/iov.h"
> +
> +
> +static ssize_t channel_writev_buffer(void *opaque,
> + struct iovec *iov,
> + int iovcnt,
> + int64_t pos)
> +{
> +QIOChannel *ioc = QIO_CHANNEL(opaque);
> +ssize_t done = 0;
> +struct iovec *local_iov = g_new(struct iovec, iovcnt);
> +struct iovec *local_iov_head = local_iov;
> +unsigned int nlocal_iov = iovcnt;
> +
> +nlocal_iov = iov_copy(local_iov, nlocal_iov,
> +  iov, iovcnt,
> +  0, iov_size(iov, iovcnt));
> +
> +while (nlocal_iov > 0) {
> +ssize_t len;
> +len = qio_channel_writev(ioc, local_iov, nlocal_iov, NULL);
> +if (len == QIO_CHANNEL_ERR_BLOCK) {
> +qio_channel_wait(ioc, G_IO_OUT);
> +continue;
> +}
> +if (len < 0) {
> +/* XXX handle Error objects */
> +done = -EIO;
> +goto cleanup;
> +  

Re: [Qemu-devel] [PATCH 07/16] block: change drain to look only at one child at a time

[Paolo Bonzini]

On 16/03/2016 17:39, Stefan Hajnoczi wrote:
> The tree looks like this:
> 
>   [NBD export]
>  /
> v
> [guest] temporary qcow2
>\/
> v  v
> disk
> 
> Block backend access is in square brackets.  Nodes without square
> brackets are BDS nodes.
> 
> If the guest wants to drain the disk, it's possible for new I/O requests
> to enter the disk BDS while we're recursing to disk's children because
> the NBD export socket fd is in the same AIOContext.  The socket fd is
> therefore handled during aio_poll() calls.
> 
> I'm not 100% sure that this is a problem, but I wonder if you've thought
> about this?

I hadn't, but I think this is handled by using
bdrv_drained_begin/bdrv_drained_end instead of bdrv_drain.  The NBD
export registers its callback as "external", and it is thus disabled
between bdrv_drained_begin and bdrv_drained_end.

It will indeed become more complex when BDSes won't have anymore a "home
AioContext" due to multiqueue.  I suspect that we should rethink the
strategy for enabling and disabling external callbacks.  For example we
could add callbacks to each BlockBackend that enable/disable external
callbacks, and when bdrv_drained_begin is called on a BDS, we call the
callbacks for all BlockBackends that are included in this BDS.  I'm not
sure if there's a way to go from a BDS to all the BBs above it.

Paolo

[Qemu-devel] Ubuntu 14.04 LTS Arm for Raspberry - QEMU Support

[Vincenzo Calabrò]

Hi Andrew,
I got your contact from Peter Maydell on the IRC channel #qemu.

I would like to submit the following bug affecting the Raspberry 2 platform
under the specified os.

Let me explain what I'm trying to do and where I'm failing:

1. I'm using the "official" arm ubuntu 14.04 (
https://wiki.ubuntu.com/ARM/RaspberryPi) - you can download the image from
that link and follow the instruction to flash a SD card yes I'm using
the SD card instead of the image on the host. The reason is I want to
emulate the RPi with its real SD card.

2. after copying the kernel7.img and the bcm2709-rpi-2-b.dtb file into a
"boot" folder, I use the following command with the lastest (up to one day
ago) qemu:


qemu-system-arm \
-kernel boot/kernel7.img \
-dtb boot/bcm2709-rpi-2-b.dtb \
-M raspi2 -m 256 \
-no-reboot -serial stdio \
-append "rw earlyprintk loglevel=8 console=ttyAMA0,115200
dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 panic=1 rootfstype=ext4" \
-hda /dev/sdb \
-net nic -net user,net=
10.0.0.0/8,host=10.0.0.1,hostfwd=tcp:127.0.0.1:-10.0.0.2:22

note that in this particular case I'm using /dev/sdb (which is the SD
card). You can adjust accordingly.
If you try the following command this is the expected output:

WARNING: Image format was not specified for '/dev/sdb' and probing guessed
raw.
 Automatically detecting the format is dangerous for raw images,
write operations on block 0 will be restricted.
 Specify the 'raw' format explicitly to remove the restrictions.
Warning: hub port hub0port0 has no peer
Warning: vlan 0 with no nics
Warning: netdev hub0port0 has no peer
Warning: requested NIC (anonymous, model unspecified) was not created (not
supported by this machine?)
Uncompressing Linux... done, booting the kernel.
[0.00] Booting Linux on physical CPU 0xf00
[0.00] Initializing cgroup subsys cpuset
[0.00] Initializing cgroup subsys cpu
[0.00] Initializing cgroup subsys cpuacct
[0.00] Linux version 3.18.0-20-rpi2 (buildd@lgw01-09) (gcc version
4.8.2 (Ubuntu/Linaro 4.8.2-19ubuntu1) ) #21-Ubuntu SMP PREEMPT Sun Apr 5
01:56:02 UTC 2015 (Ubuntu 3.18.0-20.21-rpi2 3.18.11)
[0.00] CPU: ARMv7 Processor [412fc0f1] revision 1 (ARMv7),
cr=10c5387d
[0.00] CPU: PIPT / VIPT nonaliasing data cache, PIPT instruction
cache
[0.00] Machine model: Raspberry Pi 2 Model B
[0.00] bootconsole [earlycon0] enabled
[0.00] cma: Reserved 8 MiB at 0x0f80
[0.00] Memory policy: Data cache writealloc
[0.00] On node 0 totalpages: 65536
[0.00] free_area_init_node: node 0, pgdat 8095cc40, node_mem_map
8f5f3000
[0.00]   Normal zone: 512 pages used for memmap
[0.00]   Normal zone: 0 pages reserved
[0.00]   Normal zone: 65536 pages, LIFO batch:15
[0.00] [bcm2709_smp_init_cpus] enter (85c0->f3003010)
[0.00] [bcm2709_smp_init_cpus] ncores=4
[0.00] PERCPU: Embedded 11 pages/cpu @8f5c1000 s12928 r8192 d23936
u45056
[0.00] pcpu-alloc: s12928 r8192 d23936 u45056 alloc=11*4096
[0.00] pcpu-alloc: [0] 0 [0] 1 [0] 2 [0] 3
[0.00] Built 1 zonelists in Zone order, mobility grouping on.
Total pages: 65024
[0.00] Kernel command line: rw earlyprintk loglevel=8
console=ttyAMA0,115200 dwc_otg.lpm_enable=0 root=/dev/mmcblk0p2 panic=1
rootfstype=ext4
[0.00] PID hash table entries: 1024 (order: 0, 4096 bytes)
[0.00] Dentry cache hash table entries: 32768 (order: 5, 131072
bytes)
[0.00] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[0.00] allocated 524288 bytes of page_cgroup
[0.00] please try 'cgroup_disable=memory' option if you don't want
memory cgroups
[0.00] Memory: 240468K/262144K available (6339K kernel code, 564K
rwdata, 2352K rodata, 364K init, 806K bss, 21676K reserved)
[0.00] Virtual kernel memory layout:
[0.00] vector  : 0x - 0x1000   (   4 kB)
[0.00] fixmap  : 0xffc0 - 0xffe0   (2048 kB)
[0.00] vmalloc : 0x9080 - 0xff00   (1768 MB)
[0.00] lowmem  : 0x8000 - 0x9000   ( 256 MB)
[0.00] modules : 0x7f00 - 0x8000   (  16 MB)
[0.00]   .text : 0x80008000 - 0x80884f4c   (8692 kB)
[0.00]   .init : 0x80885000 - 0x808e   ( 364 kB)
[0.00]   .data : 0x808e - 0x8096d2ec   ( 565 kB)
[0.00].bss : 0x8096d2ec - 0x80a36d20   ( 807 kB)
[0.00] Preemptible hierarchical RCU implementation.
[0.00]  RCU dyntick-idle grace-period acceleration is enabled.
[0.00] NR_IRQS:480
[0.00] Architected cp15 timer(s) running at 19.20MHz (virt).
[0.000771] sched_clock: 56 bits at 19MHz, resolution 52ns, wraps every
3579139424256ns
[0.002598] Switching to timer-based delay loop, resolution 52ns
[0.035758] Console: colour dummy device 80x30
[0.038813] Calibrating delay loop (skipped), value calculated using
timer 

[Qemu-devel] [PULL v2 04/13] crypto: add support for anti-forensic split algorithm

[Daniel P. Berrange]

The LUKS format specifies an anti-forensic split algorithm which
is used to artificially expand the size of the key material on
disk. This is an implementation of that algorithm.

Reviewed-by: Fam Zheng 
Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 crypto/Makefile.objs|   1 +
 crypto/afsplit.c| 158 
 include/crypto/afsplit.h| 135 +++
 tests/.gitignore|   1 +
 tests/Makefile  |   2 +
 tests/test-crypto-afsplit.c | 193 
 6 files changed, 490 insertions(+)
 create mode 100644 crypto/afsplit.c
 create mode 100644 include/crypto/afsplit.h
 create mode 100644 tests/test-crypto-afsplit.c

diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index f28b00e..454f9db 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -17,6 +17,7 @@ crypto-obj-y += ivgen.o
 crypto-obj-y += ivgen-essiv.o
 crypto-obj-y += ivgen-plain.o
 crypto-obj-y += ivgen-plain64.o
+crypto-obj-y += afsplit.o
 
 # Let the userspace emulators avoid linking gnutls/etc
 crypto-aes-obj-y = aes.o
diff --git a/crypto/afsplit.c b/crypto/afsplit.c
new file mode 100644
index 000..8074913
--- /dev/null
+++ b/crypto/afsplit.c
@@ -0,0 +1,158 @@
+/*
+ * QEMU Crypto anti forensic information splitter
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * Derived from cryptsetup package lib/luks1/af.c
+ *
+ * Copyright (C) 2004, Clemens Fruhwirth 
+ * Copyright (C) 2009-2012, Red Hat, Inc. All rights reserved.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/afsplit.h"
+#include "crypto/random.h"
+
+
+static void qcrypto_afsplit_xor(size_t blocklen,
+const uint8_t *in1,
+const uint8_t *in2,
+uint8_t *out)
+{
+size_t i;
+for (i = 0; i < blocklen; i++) {
+out[i] = in1[i] ^ in2[i];
+}
+}
+
+
+static int qcrypto_afsplit_hash(QCryptoHashAlgorithm hash,
+size_t blocklen,
+uint8_t *block,
+Error **errp)
+{
+size_t digestlen = qcrypto_hash_digest_len(hash);
+
+size_t hashcount = blocklen / digestlen;
+size_t finallen = blocklen % digestlen;
+uint32_t i;
+
+if (finallen) {
+hashcount++;
+} else {
+finallen = digestlen;
+}
+
+for (i = 0; i < hashcount; i++) {
+uint8_t *out = NULL;
+size_t outlen = 0;
+uint32_t iv = cpu_to_be32(i);
+struct iovec in[] = {
+{ .iov_base = ,
+  .iov_len = sizeof(iv) },
+{ .iov_base = block + (i * digestlen),
+  .iov_len = (i == (hashcount - 1)) ? finallen : digestlen },
+};
+
+if (qcrypto_hash_bytesv(hash,
+in,
+G_N_ELEMENTS(in),
+, ,
+errp) < 0) {
+return -1;
+}
+
+assert(outlen == digestlen);
+memcpy(block + (i * digestlen), out,
+   (i == (hashcount - 1)) ? finallen : digestlen);
+g_free(out);
+}
+
+return 0;
+}
+
+
+int qcrypto_afsplit_encode(QCryptoHashAlgorithm hash,
+   size_t blocklen,
+   uint32_t stripes,
+   const uint8_t *in,
+   uint8_t *out,
+   Error **errp)
+{
+uint8_t *block = g_new0(uint8_t, blocklen);
+size_t i;
+int ret = -1;
+
+for (i = 0; i < (stripes - 1); i++) {
+if (qcrypto_random_bytes(out + (i * blocklen), blocklen, errp) < 0) {
+goto cleanup;
+}
+
+qcrypto_afsplit_xor(blocklen,
+out + (i * blocklen),
+block,
+block);
+if (qcrypto_afsplit_hash(hash, blocklen, block,
+ errp) < 0) {
+goto cleanup;
+}
+}
+qcrypto_afsplit_xor(blocklen,
+in,
+block,
+out + (i * 

Re: [Qemu-devel] [PULL 0/1] Error reporting patches for 2016-03-16

[Peter Maydell]

On 16 March 2016 at 10:04, Markus Armbruster  wrote:
> The following changes since commit a6cdb77f816961f929d7934643febd2852230135:
>
>   Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into 
> staging (2016-03-15 17:09:52 +)
>
> are available in the git repository at:
>
>   git://repo.or.cz/qemu/armbru.git tags/pull-error-2016-03-16
>
> for you to fetch changes up to 20e2dec14954568848ad74e73aee9b3aeedd6584:
>
>   error: ensure errno detail is printed with error_abort (2016-03-16 10:55:51 
> +0100)
>
> 
> Error reporting patches for 2016-03-16

Applied, thanks.

-- PMM

[Qemu-devel] [PULL 10/29] blockdev: Add list of all BlockBackends

[Kevin Wolf]

From: Max Reitz 

While monitor_block_backends contains nearly all BBs, we sometimes
really need all BBs. To this end, this patch adds the block_backend
list.

Signed-off-by: Max Reitz 
Signed-off-by: Kevin Wolf 
---
 block/block-backend.c | 24 +++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index 3bb2a6a..35206be 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -29,6 +29,7 @@ struct BlockBackend {
 int refcnt;
 BlockDriverState *bs;
 DriveInfo *legacy_dinfo;/* null unless created by drive_new() */
+QTAILQ_ENTRY(BlockBackend) link; /* for block_backends */
 QTAILQ_ENTRY(BlockBackend) monitor_link; /* for monitor_block_backends */
 
 void *dev;  /* attached device model, if any */
@@ -69,6 +70,10 @@ static const AIOCBInfo block_backend_aiocb_info = {
 
 static void drive_info_del(DriveInfo *dinfo);
 
+/* All BlockBackends */
+static QTAILQ_HEAD(, BlockBackend) block_backends =
+QTAILQ_HEAD_INITIALIZER(block_backends);
+
 /* All BlockBackends referenced by the monitor and which are iterated through 
by
  * blk_next() */
 static QTAILQ_HEAD(, BlockBackend) monitor_block_backends =
@@ -106,7 +111,10 @@ BlockBackend *blk_new(const char *name, Error **errp)
 blk->refcnt = 1;
 notifier_list_init(>remove_bs_notifiers);
 notifier_list_init(>insert_bs_notifiers);
+
+QTAILQ_INSERT_TAIL(_backends, blk, link);
 QTAILQ_INSERT_TAIL(_block_backends, blk, monitor_link);
+
 return blk;
 }
 
@@ -177,11 +185,15 @@ static void blk_delete(BlockBackend *blk)
 g_free(blk->root_state.throttle_group);
 throttle_group_unref(blk->root_state.throttle_state);
 }
+
 /* Avoid double-remove after blk_hide_on_behalf_of_hmp_drive_del() */
 if (blk->name[0]) {
 QTAILQ_REMOVE(_block_backends, blk, monitor_link);
 }
 g_free(blk->name);
+
+QTAILQ_REMOVE(_backends, blk, link);
+
 drive_info_del(blk->legacy_dinfo);
 block_acct_cleanup(>stats);
 g_free(blk);
@@ -226,11 +238,21 @@ void blk_unref(BlockBackend *blk)
 }
 }
 
+/*
+ * Behaves similarly to blk_next() but iterates over all BlockBackends, even 
the
+ * ones which are hidden (i.e. are not referenced by the monitor).
+ */
+static BlockBackend *blk_all_next(BlockBackend *blk)
+{
+return blk ? QTAILQ_NEXT(blk, link)
+   : QTAILQ_FIRST(_backends);
+}
+
 void blk_remove_all_bs(void)
 {
 BlockBackend *blk = NULL;
 
-while ((blk = blk_next(blk)) != NULL) {
+while ((blk = blk_all_next(blk)) != NULL) {
 AioContext *ctx = blk_get_aio_context(blk);
 
 aio_context_acquire(ctx);
-- 
1.8.3.1

[Qemu-devel] [PATCH v2 07/16] block: change drain to look only at one child at a time

[Paolo Bonzini]

bdrv_requests_pending is checking children to also wait until internal
requests (such as metadata writes) have completed.  However, checking
children is in general overkill.  Children requests can be of two kinds:

- requests caused by an operation on bs, e.g. a bdrv_aio_write to bs
causing a write to bs->file->bs.  In this case, the parent's in_flight
count will always be incremented by at least one for every request in
the child.

- asynchronous metadata writes or flushes.  Such writes can be started
even if bs's in_flight count is zero, but not after the .bdrv_drain
callback has been invoked.

This patch therefore changes bdrv_drain to finish I/O in the parent
(after which the parent's in_flight will be locked to zero), call
bdrv_drain (after which the parent will not generate I/O on the child
anymore), and then wait for internal I/O in the children to complete.

Signed-off-by: Paolo Bonzini 
---
v1->v2: moved bdrv_drain callback after in_flight is 0
in the parent [from QED drain discussion]
  
 block/io.c | 25 +
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/block/io.c b/block/io.c
index a9a23a6..db975ab 100644
--- a/block/io.c
+++ b/block/io.c
@@ -237,16 +237,25 @@ bool bdrv_requests_pending(BlockDriverState *bs)
 return false;
 }
 
-static void bdrv_drain_recurse(BlockDriverState *bs)
+static bool bdrv_drain_io_recurse(BlockDriverState *bs)
 {
 BdrvChild *child;
+bool waited = false;
+
+while (atomic_read(>in_flight) > 0) {
+aio_poll(bdrv_get_aio_context(bs), true);
+waited = true;
+}
 
 if (bs->drv && bs->drv->bdrv_drain) {
 bs->drv->bdrv_drain(bs);
 }
+
 QLIST_FOREACH(child, >children, next) {
-bdrv_drain_recurse(child->bs);
+waited |= bdrv_drain_io_recurse(child->bs);
 }
+
+return waited;
 }
 
 /*
@@ -264,11 +273,7 @@ void bdrv_drain(BlockDriverState *bs)
 {
 bdrv_no_throttling_begin(bs);
 bdrv_io_unplugged_begin(bs);
-bdrv_drain_recurse(bs);
-while (bdrv_requests_pending(bs)) {
-/* Keep iterating */
- aio_poll(bdrv_get_aio_context(bs), true);
-}
+bdrv_drain_io_recurse(bs);
 bdrv_io_unplugged_end(bs);
 bdrv_no_throttling_end(bs);
 }
@@ -295,7 +300,6 @@ void bdrv_drain_all(void)
 }
 bdrv_no_throttling_begin(bs);
 bdrv_io_unplugged_begin(bs);
-bdrv_drain_recurse(bs);
 aio_context_release(aio_context);
 
 if (!g_slist_find(aio_ctxs, aio_context)) {
@@ -319,10 +323,7 @@ void bdrv_drain_all(void)
 aio_context_acquire(aio_context);
 while ((bs = bdrv_next(bs))) {
 if (aio_context == bdrv_get_aio_context(bs)) {
-if (bdrv_requests_pending(bs)) {
-aio_poll(aio_context, true);
-waited = true;
-}
+waited |= bdrv_drain_io_recurse(bs);
 }
 }
 aio_context_release(aio_context);
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH] target-arm: Fix descriptor address masking in ARM address translation

[Peter Maydell]

On 13 March 2016 at 18:28, Sergey Sorokin  wrote:
> 12.03.2016, 03:18, "Peter Maydell" :
>>(I agree we have a bug here, I'm just trying to work out when it
>>can trigger; if it's only possible for S2 page tables then it's
>>not a visible bug yet because no CPUs have EL2 support enabled.)
>
> I can not anwer you to this question. The bug was found by our internal
> corporate test suite with EL2 enabled.

OK, sounds like it is the stage-2 only stuff. Thanks for
helping to flush out the bugs.

>>If you want to implement the AddressSize checks that's fine,
>>but otherwise please leave this bit of the code alone.
>
> You said me that my code is not correct, I have proved that it conforms
> to the documentation.
> It's a bit obfuscating when the doc explicitly says to take bits up to 39
> from the descriptor, but in QEMU we take bits up to 47 relying on the check in
> another part of the code, even if both ways are correct.

The way the code in QEMU is structured is that we extract the
descriptor field in one go and then will operate on it
(checking for need to AddressSize fault, etc) as a second
action. The field descriptors themselves are the sizes I said.

> Nevertheless there is another bug in descaddrmask in QEMU.
> From ARM ARM:
> baseaddress = desc<39:grainsize>:Zeros(grainsize);
>
> But currently QEMU does:
> descaddrmask = 0xf000ULL;
>
> It assumes that grainsize is always 12, but it can be greater
> in AArch64 translation regime.

Yes, we get that wrong at the moment and should fix it.

> The patch fixes the bug,
> and completely conforms to the doc, doesn't it?

It doesn't structure the code the way I would prefer it to
be structured though.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 5/6] hw/char: QOM'ify sclpconsole-lm.c

[Cornelia Huck]

On Thu, 17 Mar 2016 17:20:29 +0800
xiaoqiang zhao  wrote:

> Drop the DO_UPCAST macro
> 
> Signed-off-by: xiaoqiang zhao 
> ---
>  hw/char/sclpconsole-lm.c | 14 +-
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/hw/char/sclpconsole-lm.c b/hw/char/sclpconsole-lm.c
> index 7d4ff81..3dcc5a5 100644
> --- a/hw/char/sclpconsole-lm.c
> +++ b/hw/char/sclpconsole-lm.c
> @@ -44,6 +44,10 @@ typedef struct SCLPConsoleLM {
>  uint8_t buf[SIZE_CONSOLE_BUFFER];
>  } SCLPConsoleLM;
> 
> +#define TYPE_SCLP_LM_CONSOLE "sclplmconsole"
> +#define SCLP_LM_CONSOLE(obj) \
> +OBJECT_CHECK(SCLPConsoleLM, (obj), TYPE_SCLP_LM_CONSOLE)

I'd prefer SCLPLM over SCLP_LM (don't know, but the 'LM' looks a bit
lonely ;)

Re: [Qemu-devel] [Qemu-block] [PATCH 00/16] AioContext fine-grained locking, part 1 of 3, including bdrv_drain rewrite

[Stefan Hajnoczi]

On Wed, Mar 16, 2016 at 11:29:02PM +0100, Paolo Bonzini wrote:
> On 16/03/2016 19:18, Stefan Hajnoczi wrote:
> > Looks good overall.  I'm a little nervous about merging it for QEMU 2.6
> > but the block job, NBD, and data plane tests should give it a good
> > workout.
> 
> Apart from QEMU nearing hard freeze, I totally understand not wanting to
> commit to merging part 1 of n where n will probably be a dozen or so.
> I'm open to experimenting with different models for handling long-term
> contributions.
> 
> For example, each part will probably have an uncontroversial and
> generally useful prefix---for example patches 1-4 in this case, or the
> change to a single linux-aio context per iothread.  You could merge
> those only, and for the rest, I will maintain myself a branch with R-b
> from maintainers.  Master will be periodically merged into it, but not
> too frequently---it could be only after each part is accepted, or when
> there is some important bugfix to catch.  Once the whole multiqueue
> thing gets somewhere I would send you a pull request with the entire
> feature, which would consist of say 200 patches all with a Reviewed-by
> already.
> 
> This is just a possibility; if you have any other idea, I'd be happy to
> follow it.

That sounds reasonable.  I guess you are sending a) infrastructure and safe
changes alongside b) longer-term work.  If you indicate which patches
are a) then that makes it easier to merge parts into qemu.git before all
the long-term work is complete.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v5 00/14] easier unboxed visits/qapi implicit types

[Eric Blake]

On 03/16/2016 09:24 AM, Markus Armbruster wrote:
> I think the additional changes I'd like to see are small enough to not
> require a full respin.  I took the liberty to work them in, and pushed
> the result to my qapi-not-next branch.  Let me know whether you like
> them.

The code changes looked okay, but I think there were still some tweaks
to commit messages that you pointed out during review that might be
worth making; I'll go ahead and post a v6 to make it easier.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v5 00/28] Convert migration to QIOChannel & support TLS

[Daniel P. Berrange]

This is an update of patches that were previously posted

  FYI: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg00829.html
   v1: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01914.html
   v2: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03509.html
   v3: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg06279.html

The primary goal of this series of patches is to support TLS on the
migration data channel. The bulk of the work in this series though,
is converting the various QEMUFile implementations to be based on the
new QIOChannel framework.

At the end of this current series there is just one remaining impl
of QEMUFileOps that is not based on QIOChannel - the one in savevm.c
that is using BlockDriverState. It would be possible to create a
QIOChannel wrapper around BlockDriverState too, at which point all
QEMUFile impls would be QIOChannel based. This would then let us
cut out the QEMUFileOps driver callbacks entirely and thus simply
code even more. This patch series is already too large, so I left
that for now.

The first 7 patches are some basic clean ups/fixes mostly to
the QEMUFile code

The 8th patch introduces the QIOChannel based QEMUFile impl
and the 9th adds helpers for using it to start migrations.

Patch 10 adds very long overdue support for reporting errors
during migration back to the management app, which is critical
for TLS otherwise it is impossible to debug any failures.

Patches 11-18 convert the various migration protocols to use
the QIOChannel based QEMUFile impl. In this refactoring the
TCP and UNIX implementations were able to be merged into a
generic sockets impl.

Patches 19-22 remove the now unused QEMUFile impls that do
not use QIOChanel
Patches 23 & 24 do some more cleanup

Patch 25 defines some new migration parameters which are used
to enable use of TLS

Patch 26 actually implements support for TLS with migration,
working with tcp, unix, fd and exec migration backend protocols.
Only RDMA is unsupported with TLS. The commit message shows the
example usage via the HMP

Patches 27 & 28 do some final cleanup.

Overall we have a net win of deleting ~350 lines of code,
despite adding more features, which is always nice.

I have been testing the various migration protocols, including
RDMA and appear to be still functional.

In terms of performance, I have tested TCP with TLS migration
enabled over a 10 Gig-E network interface.

With plain TCP we were able to reach 8500mbs (according to
'info migrate' stats).

With TCP and TLS enabled, we are only able to reach 1800 mbs.
IOW, we can max out 1 Gig-E NICs with TLS, but not 10 Gig-E
where we only reach 21% of potential plain text throughput.

The source host migration thread is only hitting 60% CPU
utilization, but the target host incoming migration thread
is hitting 100% CPU.

The source migration thread is dominated solely by GNUTLS
AES encryption functions as would be expected.

The target migration thread is dominated by the same GNUTLS
AES encryption functions, but also memcpy(). IIUC, the memcpy
is QEMU generic migration code copying RAM pages into place.

In talking with Dave Gilbert we thought it might be possible
to use two threads for incoming migration on the target host.
The first would be responsible for doing network I/O into
local buffers, including the TLS decryption. The second
would be responsible for processing the data. That way the
memcpy() of RAM would move into another thread, allowing the
first thread to spend 100% of its time doing TLS decryption.

If we assume the decryption + encryption take equal amounts
of time, then it ought to let us raise TLS throughput from
1800 mbs, to approx 3000 mbs. Still a good way off 8500mbs
from non-TLS migration, but a worth while improvement none
the less.

NB, these TLS migration results were on a CPU with native AES
instructionset support. CPUs with AES instructions would be
even worse performance.

Changed in v5:

  (Only patch 25 has changed since v3)

 - Resolve conflicts with removal of socket_errno() in
   git master
 - Fix crash in migrate_set_parameters HMP impl

Changed in v4:

 (Only patches 2, 8, 10 & 25 have changes since v3)

 - Expanded docs for new 'error_desc' field in query-migrate
 - Drop new HMP migrate_set_str_parameter command and just
   change migrate_set_parameter to accept a string instead
   of only int
 - Add 'get_return_path' impl for QIOChannel based QEMUFile
   to make post-copy work
 - Replace logic which tried to modify struct iovec elements
   in-replace, with iov_copy + iov_discard_front to avoid
   issue with niov == 0
 - Fix double-free in QIOChannelBuffer triggered by post-copy
 - Reset error_desc field in migrate_init so old errors don't
   persist when restarting a failed migrate
 - Keep the first reported migration error message instead of
   the last reported on.

Changed in v3:

 - Rebase to resolve conflicts with recent merged
   patches
 - Fix up include qemu/osdep.h in various new files

[Qemu-devel] [PATCH v5 21/28] migration: delete QEMUFile sockets implementation

[Daniel P. Berrange]

Now that the tcp, unix and fd migration backends have converted
to use the QIOChannel based QEMUFile, there is no user remaining
for the sockets based QEMUFile impl and it can be deleted.

Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Daniel P. Berrange 
---
 include/migration/qemu-file.h |   2 -
 migration/Makefile.objs   |   2 +-
 migration/qemu-file-unix.c| 323 --
 3 files changed, 1 insertion(+), 326 deletions(-)
 delete mode 100644 migration/qemu-file-unix.c

diff --git a/include/migration/qemu-file.h b/include/migration/qemu-file.h
index edaf598..ba5fe08 100644
--- a/include/migration/qemu-file.h
+++ b/include/migration/qemu-file.h
@@ -128,8 +128,6 @@ typedef struct QEMUFileHooks {
 
 QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops);
 QEMUFile *qemu_fopen(const char *filename, const char *mode);
-QEMUFile *qemu_fdopen(int fd, const char *mode);
-QEMUFile *qemu_fopen_socket(int fd, const char *mode);
 QEMUFile *qemu_fopen_channel_input(QIOChannel *ioc);
 QEMUFile *qemu_fopen_channel_output(QIOChannel *ioc);
 QEMUFile *qemu_popen_cmd(const char *command, const char *mode);
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index 3e5a57c..2f9bf12 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -1,6 +1,6 @@
 common-obj-y += migration.o socket.o fd.o exec.o
 common-obj-y += vmstate.o
-common-obj-y += qemu-file.o qemu-file-unix.o qemu-file-stdio.o
+common-obj-y += qemu-file.o qemu-file-stdio.o
 common-obj-y += qemu-file-channel.o
 common-obj-y += xbzrle.o postcopy-ram.o
 
diff --git a/migration/qemu-file-unix.c b/migration/qemu-file-unix.c
deleted file mode 100644
index 4474e18..000
--- a/migration/qemu-file-unix.c
+++ /dev/null
@@ -1,323 +0,0 @@
-/*
- * QEMU System Emulator
- *
- * Copyright (c) 2003-2008 Fabrice Bellard
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to 
deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "qemu/osdep.h"
-#include "qemu-common.h"
-#include "qemu/error-report.h"
-#include "qemu/iov.h"
-#include "qemu/sockets.h"
-#include "qemu/coroutine.h"
-#include "migration/qemu-file.h"
-#include "migration/qemu-file-internal.h"
-
-typedef struct QEMUFileSocket {
-int fd;
-QEMUFile *file;
-} QEMUFileSocket;
-
-static ssize_t socket_writev_buffer(void *opaque, struct iovec *iov, int 
iovcnt,
-int64_t pos)
-{
-QEMUFileSocket *s = opaque;
-ssize_t len;
-ssize_t size = iov_size(iov, iovcnt);
-ssize_t offset = 0;
-int err;
-
-while (size > 0) {
-len = iov_send(s->fd, iov, iovcnt, offset, size);
-
-if (len > 0) {
-size -= len;
-offset += len;
-}
-
-if (size > 0) {
-if (errno != EAGAIN && errno != EWOULDBLOCK) {
-error_report("socket_writev_buffer: Got err=%d for (%zu/%zu)",
- errno, (size_t)size, (size_t)len);
-/*
- * If I've already sent some but only just got the error, I
- * could return the amount validly sent so far and wait for the
- * next call to report the error, but I'd rather flag the error
- * immediately.
- */
-return -errno;
-}
-
-/* Emulate blocking */
-GPollFD pfd;
-
-pfd.fd = s->fd;
-pfd.events = G_IO_OUT | G_IO_ERR;
-pfd.revents = 0;
-TFR(err = g_poll(, 1, -1 /* no timeout */));
-/* Errors other than EINTR intentionally ignored */
-}
- }
-
-return offset;
-}
-
-static int socket_get_fd(void *opaque)
-{
-QEMUFileSocket *s = opaque;
-
-return s->fd;
-}
-
-static ssize_t socket_get_buffer(void *opaque, uint8_t *buf, int64_t pos,
- size_t size)
-{
-QEMUFileSocket *s = opaque;
-ssize_t len;
-
-

Re: [Qemu-devel] [PATCH v4 05/11] block: m25p80: 4byte address mode

[Krzeminski, Marcin (Nokia - PL/Wroclaw)]

> -Original Message-
> From: EXT Peter Crosthwaite [mailto:crosthwaitepe...@gmail.com]
> Sent: Thursday, March 17, 2016 6:27 PM
> To: Krzeminski, Marcin (Nokia - PL/Wroclaw)
> 
> Cc: qemu-devel@nongnu.org Developers ;
> Cédric Le Goater ; pawel.len...@itlen.com
> Subject: Re: [PATCH v4 05/11] block: m25p80: 4byte address mode
> 
> On Mon, Feb 22, 2016 at 12:03 AM,   wrote:
> > From: Marcin Krzeminski 
> >
> > This patch adds only 4byte address mode (does not cover dummy cycles).
> > This mode is needed to access more than 16 MiB of flash.
> >
> > Signed-off-by: Marcin Krzeminski 
> > ---
> >  hw/block/m25p80.c | 41 +++-
> -
> >  1 file changed, 35 insertions(+), 6 deletions(-)
> >
> > diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c index
> > 0540dde..0698e7b 100644
> > --- a/hw/block/m25p80.c
> > +++ b/hw/block/m25p80.c
> > @@ -237,6 +237,9 @@ typedef enum {
> >  ERASE_32K = 0x52,
> >  ERASE_SECTOR = 0xd8,
> >
> > +EN_4BYTE_ADDR = 0xB7,
> > +EX_4BYTE_ADDR = 0xE9,
> > +
> >  EXTEND_ADDR_READ = 0xC8,
> >  EXTEND_ADDR_WRITE = 0xC5,
> >
> > @@ -269,6 +272,7 @@ typedef struct Flash {
> >  uint8_t cmd_in_progress;
> >  uint64_t cur_addr;
> >  bool write_enable;
> > +bool four_bytes_address_mode;
> >  bool reset_enable;
> >  uint8_t ear;
> >
> > @@ -406,12 +410,25 @@ void flash_write8(Flash *s, uint64_t addr, uint8_t
> data)
> >  s->dirty_page = page;
> >  }
> >
> > +static inline int get_addr_length(Flash *s) {
> > +return s->four_bytes_address_mode ? 4 : 3; }
> > +
> >  static void complete_collecting_data(Flash *s)  {
> > -s->cur_addr = s->data[0] << 16;
> > -s->cur_addr |= s->data[1] << 8;
> > -s->cur_addr |= s->data[2];
> > -s->cur_addr += (s->ear & 0x3) * MAX_3BYTES_SIZE;
> > +int i;
> > +
> > +s->cur_addr = 0;
> > +
> > +for (i = 0; i < get_addr_length(s); ++i) {
> > +s->cur_addr <<= 8;
> > +s->cur_addr |= s->data[i];
> > +}
> > +
> > +if (get_addr_length(s) == 3) {
> > +s->cur_addr += (s->ear & 0x3) * MAX_3BYTES_SIZE;
> > +}
> >
> >  s->state = STATE_IDLE;
> >
> > @@ -452,6 +469,7 @@ static void reset_memory(Flash *s)
> >  s->cmd_in_progress = NOP;
> >  s->cur_addr = 0;
> >  s->ear = 0;
> > +s->four_bytes_address_mode = false;
> >  s->len = 0;
> >  s->needed_bytes = 0;
> >  s->pos = 0;
> > @@ -480,7 +498,7 @@ static void decode_new_cmd(Flash *s, uint32_t
> value)
> >  case DPP:
> >  case QPP:
> >  case PP:
> > -s->needed_bytes = 3;
> > +s->needed_bytes = get_addr_length(s);
> >  s->pos = 0;
> >  s->len = 0;
> >  s->state = STATE_COLLECTING_DATA; @@ -489,7 +507,7 @@ static
> > void decode_new_cmd(Flash *s, uint32_t value)
> >  case FAST_READ:
> >  case DOR:
> >  case QOR:
> > -s->needed_bytes = 4;
> > +s->needed_bytes = get_addr_length(s);
> 
> You fix this later with the configuration of dummy cycles, but you should
> preserve the existing behaviour until your fix lands. This means that you
> should have +1 here.
True, all is that because there is a 11 patches for one file. From logical 
point of view
this make sense, but from device emulation point of view applying not whole
series it does not.
> 
> >  s->pos = 0;
> >  s->len = 0;
> >  s->state = STATE_COLLECTING_DATA; @@ -502,6 +520,8 @@ static
> > void decode_new_cmd(Flash *s, uint32_t value)
> >  s->needed_bytes = 4;
> >  break;
> >  case JEDEC_NUMONYX:
> > +s->needed_bytes = get_addr_length(s);
> > +break;
> 
> This change ...
> 
> >  default:
> >  s->needed_bytes = 5;
> 
> Should be here, with a +2 (I think?).
Yes, but I would not prefer this in default, but since there is not much time 
and it
does not change functionality I will put all in default, but change it with 
Macronix
and Spansion future patch series (for those I reworked a bit all that switches 
so it is
already changed there).

Thanks,
Marcin
> 
> >  }
> > @@ -517,6 +537,8 @@ static void decode_new_cmd(Flash *s, uint32_t
> value)
> >  s->needed_bytes = 6;
> >  break;
> >  case JEDEC_NUMONYX:
> > +s->needed_bytes = get_addr_length(s);
> > +break;
> 
> Similar.
> 
> Otherwise,
> 
> Reviewed-by: Peter Crosthwaite 
> 
> Regards,
> Peter
> 
> >  default:
> >  s->needed_bytes = 8;
> >  }
> > @@ -575,6 +597,12 @@ static void decode_new_cmd(Flash *s, uint32_t
> value)
> >  break;
> >  case NOP:
> >  break;
> > +case EN_4BYTE_ADDR:
> > +s->four_bytes_address_mode = true;
> > +break;
> > +case 

[Qemu-devel] [PULL v1 05/13] crypto: skip testing of unsupported cipher algorithms

[Daniel P. Berrange]

We don't guarantee that all crypto backends will support
all cipher algorithms, so we should skip tests unless
the crypto backend indicates support.

Reviewed-by: Fam Zheng 
Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 tests/test-crypto-cipher.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
index 9f912ec..7a073e9 100644
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@@ -380,7 +380,9 @@ int main(int argc, char **argv)
 g_assert(qcrypto_init(NULL) == 0);
 
 for (i = 0; i < G_N_ELEMENTS(test_data); i++) {
-g_test_add_data_func(test_data[i].path, _data[i], test_cipher);
+if (qcrypto_cipher_supports(test_data[i].alg)) {
+g_test_add_data_func(test_data[i].path, _data[i], 
test_cipher);
+}
 }
 
 g_test_add_func("/crypto/cipher/null-iv",
-- 
2.5.0

[Qemu-devel] [PULL 0/2] Block patches for 2.6

[Jeff Cody]

The following changes since commit 0ebc03bc065329eaefb6493f5fa7df08df528f2a:

  util/base64.c: Clean includes (2016-03-16 12:48:11 +)

are available in the git repository at:

  g...@github.com:codyprime/qemu-kvm-jtc.git tags/block-pull-request

for you to fetch changes up to 773460256bb65b7ef5948cedc31aa8bc889ac86f:

  MAINTAINERS: Fix typo, block/stream.h -> block/stream.c (2016-03-16 13:25:29 
-0400)


Block patches for 2.6


Jeff Cody (2):
  block/sheepdog: fix argument passed to qemu_strtoul()
  MAINTAINERS: Fix typo, block/stream.h -> block/stream.c

 MAINTAINERS  |  2 +-
 block/sheepdog.c | 11 +++
 2 files changed, 8 insertions(+), 5 deletions(-)

-- 
1.9.3

Re: [Qemu-devel] [PATCH] block/sheepdog: add error handling to sd_snapshot_delete()

[Jeff Cody]

On Fri, Mar 18, 2016 at 05:54:38PM +0900, Takashi Menjo wrote:
> Errors have been ignored in some code paths in sd_snapshot_delete().
> This patch adds error handling.
> 
> Signed-off-by: Takashi Menjo 

Thank you for the patch!

> ---
>  block/sheepdog.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/block/sheepdog.c b/block/sheepdog.c
> index a3aeae4..6492405 100644
> --- a/block/sheepdog.c
> +++ b/block/sheepdog.c
> @@ -2565,6 +2565,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
>  SheepdogVdiRsp *rsp = (SheepdogVdiRsp *)
>  
>  if (!remove_objects(s)) {
> +error_report("failed to discard snapshot inode");

We want to set errp, so that the error is picked up correctly.  It is
assumed in QEMU that if there is an Error object passed, that it is
sufficient to check it for error (as opposed to checking the return
value).

You can use error_setg() here to do this, e.g.:

   error_setg(errp, "failed to discard snapshot inode");

>  return -1;
>  }
>  
> @@ -2588,6 +2589,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
>  ret = find_vdi_name(s, s->name, snap_id, snap_tag, , true,
>  _err);
>  if (ret) {
> +error_report_err(local_err);

To propagate the local_err value to errp, use error_propagate:

error_propagate(errp, local_err);

>  return ret;
>  }


There is another hunk that is missing an error_propagate in
sd_snapshot_delete:

2594 fd = connect_to_sdog(s, _err);
2595 if (fd < 0) {
2596 error_report_err(local_err);
2597 return -1;
2598 }
2599

>  
> @@ -2601,6 +2603,7 @@ static int sd_snapshot_delete(BlockDriverState *bs,
>   buf, , );
>  closesocket(fd);
>  if (ret) {
> +error_setg_errno(errp, -ret, "failed to delete %s", s->name);
>  return ret;
>  }

We also need to set errp in the switch statement on rsp->result:

2607 switch (rsp->result) {

[...]

2612 default:
2613 error_report("%s, %s", sd_strerror(rsp->result), s->name);
2614 return -1;
2615 }

Re: [Qemu-devel] [PATCH 0/4] Tweaks around virtio-blk start/stop

[Paolo Bonzini]

On 17/03/2016 13:39, Christian Borntraeger wrote:
> As an interesting side note, I updated my system from F20 to F23 some days ago
> (after the initial report). While To Bo is still on a F20 system. I was not 
> able
> to reproduce the original crash on f23. but going back to F20 made this
> problem re-appear.
>  
>   Stack trace of thread 26429:
> #0  0x802008aa tracked_request_begin 
> (qemu-system-s390x)
> #1  0x80203f3c bdrv_co_do_preadv (qemu-system-s390x)
> #2  0x8020567c bdrv_co_do_readv (qemu-system-s390x)
> #3  0x8025d0f4 coroutine_trampoline 
> (qemu-system-s390x)
> #4  0x03ff943d150a __makecontext_ret (libc.so.6)
> 
> this is with patch 2-4 plus the removal of virtio_queue_host_notifier_read.
> 
> Without removing virtio_queue_host_notifier_read, I get the same mutex lockup 
> (as expected).
> 
> Maybe we have two independent issues here and this is some old bug in glibc or
> whatever?

I'm happy to try and reproduce on x86 if you give me some instruction
(RHEL7 should be close enough to Fedora 20).

Can you add an assert in virtio_blk_handle_output to catch reentrancy, like

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index a7ec572..96ea896 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -591,6 +591,8 @@ static void virtio_blk_handle_output(VirtIODevice
*vdev, VirtQueue *vq)
 return;
 }

+int x = atomic_fetch_inc(>test);
+assert(x == 0);
 blk_io_plug(s->blk);

 while ((req = virtio_blk_get_request(s))) {
@@ -602,6 +604,7 @@ static void virtio_blk_handle_output(VirtIODevice
*vdev, VirtQueue *vq)
 }

 blk_io_unplug(s->blk);
+atomic_dec(>test);
 }

 static void virtio_blk_dma_restart_bh(void *opaque)
diff --git a/include/hw/virtio/virtio-blk.h b/include/hw/virtio/virtio-blk.h
index ae84d92..6472503 100644
--- a/include/hw/virtio/virtio-blk.h
+++ b/include/hw/virtio/virtio-blk.h
@@ -48,6 +48,7 @@ typedef struct VirtIOBlock {
 BlockBackend *blk;
 VirtQueue *vq;
 void *rq;
+int test;
 QEMUBH *bh;
 VirtIOBlkConf conf;
 unsigned short sector_mask;

?

Paolo

[Qemu-devel] commit 084a85e breaks build

[Gabriel L. Somlo]

Hi Daniel,

I get the error below when I try to build QEMU, and bisect claims it
started with commit 084a85e (crypto: add support for the cast5-128
cipher algorithm).

Sorry if this is already a known issue. Let me know if there's
anything you'd like me to test.

My command line is:
~/KVM-OSX/SCRATCH/qemu/configure --prefix=/home/somlo/KVM-OSX/SCRATCH 
--audio-drv-list=pa 
--target-list=x86_64-softmmu,i386-softmmu,aarch64-softmmu,arm-softmmu; make 
install

Thanks,
--Gabriel

...
  CCcrypto/cipher.o
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:0:
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c: In function
‘qcrypto_cipher_new’:
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:229:13: error:
implicit declaration of function ‘cast5_set_key’
[-Werror=implicit-function-declaration]
 cast5_set_key(ctx->ctx, nkey, key);
 ^
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:229:13: error:
nested extern declaration of ‘cast5_set_key’ [-Werror=nested-externs]
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:0:
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c: In function
‘qcrypto_cipher_encrypt’:
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:344:21: error:
passing argument 3 of ‘xts_encrypt’ from incompatible pointer type
[-Werror=incompatible-pointer-types]
 ctx->alg_encrypt, ctx->alg_encrypt,
 ^
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:22:0,
 from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:
/home/somlo/KVM-OSX/SCRATCH/qemu/include/crypto/xts.h:76:6: note:
expected ‘void (*)(const void *, size_t,  uint8_t *, const uint8_t *)
{aka void (*)(const void *, long unsigned int,  unsigned char *, const
unsigned char *)}’ but argument is of type ‘void (*)(void *, unsigned
int,  uint8_t *, const uint8_t *) {aka void (*)(void *, unsigned int,
unsigned char *, const unsigned char *)}’
 void xts_encrypt(const void *datactx,
  ^
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:0:
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:344:39: error:
passing argument 4 of ‘xts_encrypt’ from incompatible pointer type
[-Werror=incompatible-pointer-types]
 ctx->alg_encrypt, ctx->alg_encrypt,
   ^
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:22:0,
 from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:
/home/somlo/KVM-OSX/SCRATCH/qemu/include/crypto/xts.h:76:6: note:
expected ‘void (*)(const void *, size_t,  uint8_t *, const uint8_t *)
{aka void (*)(const void *, long unsigned int,  unsigned char *, const
unsigned char *)}’ but argument is of type ‘void (*)(void *, unsigned
int,  uint8_t *, const uint8_t *) {aka void (*)(void *, unsigned int,
unsigned char *, const unsigned char *)}’
 void xts_encrypt(const void *datactx,
  ^
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:0:
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c: In function
‘qcrypto_cipher_decrypt’:
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:389:21: error:
passing argument 3 of ‘xts_decrypt’ from incompatible pointer type
[-Werror=incompatible-pointer-types]
 ctx->alg_encrypt, ctx->alg_decrypt,
 ^
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:22:0,
 from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:
/home/somlo/KVM-OSX/SCRATCH/qemu/include/crypto/xts.h:54:6: note:
expected ‘void (*)(const void *, size_t,  uint8_t *, const uint8_t *)
{aka void (*)(const void *, long unsigned int,  unsigned char *, const
unsigned char *)}’ but argument is of type ‘void (*)(void *, unsigned
int,  uint8_t *, const uint8_t *) {aka void (*)(void *, unsigned int,
unsigned char *, const unsigned char *)}’
 void xts_decrypt(const void *datactx,
  ^
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:0:
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:389:39: error:
passing argument 4 of ‘xts_decrypt’ from incompatible pointer type
[-Werror=incompatible-pointer-types]
 ctx->alg_encrypt, ctx->alg_decrypt,
   ^
In file included from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher-nettle.c:22:0,
 from
/home/somlo/KVM-OSX/SCRATCH/qemu/crypto/cipher.c:153:
/home/somlo/KVM-OSX/SCRATCH/qemu/include/crypto/xts.h:54:6: note:
expected ‘void (*)(const void *, size_t,  uint8_t *, const uint8_t *)
{aka void (*)(const void *, long unsigned int,  unsigned char *, const
unsigned char *)}’ but argument is of type ‘void (*)(void *, unsigned
int,  uint8_t *, const uint8_t *) {aka void (*)(void *, unsigned int,
unsigned char *, const unsigned char *)}’
 void xts_decrypt(const void *datactx,
  ^
cc1: all 

[Qemu-devel] [PULL v2 02/13] crypto: add support for PBKDF2 algorithm

[Daniel P. Berrange]

The LUKS data format includes use of PBKDF2 (Password-Based
Key Derivation Function). The Nettle library can provide
an implementation of this, but we don't want code directly
depending on a specific crypto library backend. Introduce
a new include/crypto/pbkdf.h header which defines a QEMU
API for invoking PBKDK2. The initial implementations are
backed by nettle & gcrypt, which are commonly available
with distros shipping GNUTLS.

The test suite data is taken from the cryptsetup codebase
under the LGPLv2.1+ license. This merely aims to verify
that whatever backend we provide for this function in QEMU
will comply with the spec.

Reviewed-by: Fam Zheng 
Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 configure |  18 +++
 crypto/Makefile.objs  |   4 +
 crypto/pbkdf-gcrypt.c |  68 
 crypto/pbkdf-nettle.c |  65 
 crypto/pbkdf-stub.c   |  42 +
 crypto/pbkdf.c| 109 +
 include/crypto/pbkdf.h| 152 ++
 tests/.gitignore  |   1 +
 tests/Makefile|   2 +
 tests/test-crypto-pbkdf.c | 392 ++
 10 files changed, 853 insertions(+)
 create mode 100644 crypto/pbkdf-gcrypt.c
 create mode 100644 crypto/pbkdf-nettle.c
 create mode 100644 crypto/pbkdf-stub.c
 create mode 100644 crypto/pbkdf.c
 create mode 100644 include/crypto/pbkdf.h
 create mode 100644 tests/test-crypto-pbkdf.c

diff --git a/configure b/configure
index 71c1e2b..b88d0db 100755
--- a/configure
+++ b/configure
@@ -309,6 +309,7 @@ gnutls_hash=""
 gnutls_rnd=""
 nettle=""
 gcrypt=""
+gcrypt_kdf="no"
 vte=""
 virglrenderer=""
 tpm="yes"
@@ -2302,6 +2303,19 @@ if test "$gcrypt" != "no"; then
 if test -z "$nettle"; then
nettle="no"
 fi
+
+cat > $TMPC << EOF
+#include 
+int main(void) {
+  gcry_kdf_derive(NULL, 0, GCRY_KDF_PBKDF2,
+  GCRY_MD_SHA256,
+  NULL, 0, 0, 0, NULL);
+ return 0;
+}
+EOF
+if compile_prog "$gcrypt_cflags" "$gcrypt_libs" ; then
+gcrypt_kdf=yes
+fi
 else
 if test "$gcrypt" = "yes"; then
 feature_not_found "gcrypt" "Install gcrypt devel"
@@ -4726,6 +4740,7 @@ echo "GNUTLS support$gnutls"
 echo "GNUTLS hash   $gnutls_hash"
 echo "GNUTLS rnd$gnutls_rnd"
 echo "libgcrypt $gcrypt"
+echo "libgcrypt kdf $gcrypt_kdf"
 if test "$nettle" = "yes"; then
 echo "nettle$nettle ($nettle_version)"
 else
@@ -5108,6 +5123,9 @@ if test "$gnutls_rnd" = "yes" ; then
 fi
 if test "$gcrypt" = "yes" ; then
   echo "CONFIG_GCRYPT=y" >> $config_host_mak
+  if test "$gcrypt_kdf" = "yes" ; then
+echo "CONFIG_GCRYPT_KDF=y" >> $config_host_mak
+  fi
 fi
 if test "$nettle" = "yes" ; then
   echo "CONFIG_NETTLE=y" >> $config_host_mak
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index 967418c..7122cc8 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -10,8 +10,12 @@ crypto-obj-y += tlssession.o
 crypto-obj-y += secret.o
 crypto-obj-$(CONFIG_GCRYPT) += random-gcrypt.o
 crypto-obj-$(if $(CONFIG_GCRYPT),n,$(CONFIG_GNUTLS_RND)) += random-gnutls.o
+crypto-obj-y += pbkdf.o
+crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
+crypto-obj-$(if $(CONFIG_NETTLE),n,$(CONFIG_GCRYPT_KDF)) += pbkdf-gcrypt.o
 
 # Let the userspace emulators avoid linking gnutls/etc
 crypto-aes-obj-y = aes.o
 
 stub-obj-y += random-stub.o
+stub-obj-y += pbkdf-stub.o
diff --git a/crypto/pbkdf-gcrypt.c b/crypto/pbkdf-gcrypt.c
new file mode 100644
index 000..885614d
--- /dev/null
+++ b/crypto/pbkdf-gcrypt.c
@@ -0,0 +1,68 @@
+/*
+ * QEMU Crypto PBKDF support (Password-Based Key Derivation Function)
+ *
+ * Copyright (c) 2015-2016 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/pbkdf.h"
+#include "gcrypt.h"
+
+bool qcrypto_pbkdf2_supports(QCryptoHashAlgorithm hash)
+{
+switch (hash) {
+case QCRYPTO_HASH_ALG_MD5:
+case QCRYPTO_HASH_ALG_SHA1:
+case QCRYPTO_HASH_ALG_SHA256:
+return true;
+default:
+return false;
+}
+}
+
+int qcrypto_pbkdf2(QCryptoHashAlgorithm hash,
+   const uint8_t *key, size_t nkey,
+   const uint8_t *salt, size_t nsalt,
+  

Re: [Qemu-devel] [PATCH 0/5] block: API changes for 2.6

[Kevin Wolf]

Am 14.03.2016 um 16:44 hat Kevin Wolf geschrieben:
> This series contains those part of my current work that I want to be in
> the 2.6 release because they change the semantics of some QMP
> interfaces.
> 
> This is especially true for the WCE changes, which concern things that
> weren't even accessible in 2.5 yet, so we're still completely free to
> change them until 2.6. The other two parts have existed for a bit
> longer, but the changes can reasonably be considered bug fixes.

Applied to the block branch.

Kevin

Re: [Qemu-devel] [PATCH v5 10/28] migration: add reporting of errors for outgoing migration

[Dr. David Alan Gilbert]

* Daniel P. Berrange (berra...@redhat.com) wrote:
> Currently if an application initiates an outgoing migration,
> it may or may not, get an error reported back on failure. If
> the error occurs synchronously to the 'migrate' command
> execution, the client app will see the error message. This
> is the case for DNS lookup failures. If the error occurs
> asynchronously to the monitor command though, the error
> will be thrown away and the client left guessing about
> what went wrong. This is the case for failure to connect
> to the TCP server (eg due to wrong port, or firewall
> rules, or other similar errors).
> 
> In the future we'll be adding more scope for errors to
> happen asynchronously with the TLS protocol handshake.
> TLS errors are hard to diagnose even when they are well
> reported, so discarding errors entirely will make it
> impossible to debug TLS connection problems.
> 
> Management apps which do migration are already using
> 'query-migrate' / 'info migrate' to check up on progress
> of background migration operations and to see their end
> status. This is a fine place to also include the error
> message when things go wrong.
> 
> This patch thus adds an 'error-desc' field to the
> MigrationInfo struct, which will be populated when
> the 'status' is set to 'failed':

Reviewed-by: Dr. David Alan Gilbert 

> (qemu) migrate -d tcp:localhost:9001
> (qemu) info migrate
> capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: 
> off compress: off events: off x-postcopy-ram: off
> Migration status: failed (Error connecting to socket: Connection refused)
> total time: 0 milliseconds
> 
> In the HMP, when doing non-detached migration, it is
> also possible to display this error message directly
> to the app.
> 
> (qemu) migrate tcp:localhost:9001
> Error connecting to socket: Connection refused
> 
> Or with QMP
> 
>   {
> "execute": "query-migrate",
> "arguments": {}
>   }
>   {
> "return": {
>   "status": "failed",
>   "error-desc": "address resolution failed for myhost:9000: No address 
> associated with hostname"
> }
>   }
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  hmp.c | 13 -
>  include/migration/migration.h |  5 -
>  include/qapi/error.h  |  2 +-
>  migration/migration.c | 15 ---
>  migration/rdma.c  | 10 +++---
>  migration/tcp.c   |  2 +-
>  migration/unix.c  |  2 +-
>  qapi-schema.json  |  7 ++-
>  trace-events  |  2 +-
>  util/error.c  |  2 +-
>  10 files changed, 42 insertions(+), 18 deletions(-)
> 
> diff --git a/hmp.c b/hmp.c
> index 5b6084a..7126f17 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -34,6 +34,7 @@
>  #include "ui/console.h"
>  #include "block/qapi.h"
>  #include "qemu-io.h"
> +#include "qemu/error-report.h"
>  
>  #ifdef CONFIG_SPICE
>  #include 
> @@ -167,8 +168,15 @@ void hmp_info_migrate(Monitor *mon, const QDict *qdict)
>  }
>  
>  if (info->has_status) {
> -monitor_printf(mon, "Migration status: %s\n",
> +monitor_printf(mon, "Migration status: %s",
> MigrationStatus_lookup[info->status]);
> +if (info->status == MIGRATION_STATUS_FAILED &&
> +info->has_error_desc) {
> +monitor_printf(mon, " (%s)\n", info->error_desc);
> +} else {
> +monitor_printf(mon, "\n");
> +}
> +
>  monitor_printf(mon, "total time: %" PRIu64 " milliseconds\n",
> info->total_time);
>  if (info->has_expected_downtime) {
> @@ -1532,6 +1540,9 @@ static void hmp_migrate_status_cb(void *opaque)
>  if (status->is_block_migration) {
>  monitor_printf(status->mon, "\n");
>  }
> +if (info->has_error_desc) {
> +error_report("%s", info->error_desc);
> +}
>  monitor_resume(status->mon);
>  timer_del(status->timer);
>  g_free(status);
> diff --git a/include/migration/migration.h b/include/migration/migration.h
> index e335380..46c1bbe 100644
> --- a/include/migration/migration.h
> +++ b/include/migration/migration.h
> @@ -171,6 +171,9 @@ struct MigrationState
>  QSIMPLEQ_HEAD(src_page_requests, MigrationSrcPageRequest) 
> src_page_requests;
>  /* The RAMBlock used in the last src_page_request */
>  RAMBlock *last_req_rb;
> +
> +/* The last error that occurred */
> +Error *error;
>  };
>  
>  void migrate_set_state(int *state, int old_state, int new_state);
> @@ -207,7 +210,7 @@ void rdma_start_outgoing_migration(void *opaque, const 
> char *host_port, Error **
>  
>  void rdma_start_incoming_migration(const char *host_port, Error **errp);
>  
> -void migrate_fd_error(MigrationState *s);
> +void migrate_fd_error(MigrationState *s, const Error *error);
>  
>  void migrate_fd_connect(MigrationState *s);
>  
> diff --git 

[Qemu-devel] [PATCH for-2.6 10/14] pc-bios/s390-ccw: add virtio-scsi implementation

[Cornelia Huck]

From: "Eugene (jno) Dvurechenski" 

Add virtio-scsi.[ch] with primary implementation of virtio-scsi.

Signed-off-by: Eugene (jno) Dvurechenski 
Signed-off-by: Cornelia Huck 
---
 pc-bios/s390-ccw/virtio-scsi.c | 342 +
 pc-bios/s390-ccw/virtio-scsi.h |  72 +
 2 files changed, 414 insertions(+)
 create mode 100644 pc-bios/s390-ccw/virtio-scsi.c
 create mode 100644 pc-bios/s390-ccw/virtio-scsi.h

diff --git a/pc-bios/s390-ccw/virtio-scsi.c b/pc-bios/s390-ccw/virtio-scsi.c
new file mode 100644
index 000..3bb48e9
--- /dev/null
+++ b/pc-bios/s390-ccw/virtio-scsi.c
@@ -0,0 +1,342 @@
+/*
+ * Virtio-SCSI implementation for s390 machine loader for qemu
+ *
+ * Copyright 2015 IBM Corp.
+ * Author: Eugene "jno" Dvurechenski 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or (at
+ * your option) any later version. See the COPYING file in the top-level
+ * directory.
+ */
+
+#include "s390-ccw.h"
+#include "virtio.h"
+#include "scsi.h"
+#include "virtio-scsi.h"
+
+static ScsiDevice default_scsi_device;
+static VirtioScsiCmdReq req;
+static VirtioScsiCmdResp resp;
+
+static uint8_t scsi_inquiry_std_response[256];
+
+static inline void vs_assert(bool term, const char **msgs)
+{
+if (!term) {
+int i = 0;
+
+sclp_print("\n! ");
+while (msgs[i]) {
+sclp_print(msgs[i++]);
+}
+panic(" !\n");
+}
+}
+
+static void virtio_scsi_verify_response(VirtioScsiCmdResp *resp,
+const char *title)
+{
+const char *mr[] = {
+title, ": response ", virtio_scsi_response_msg(resp), 0
+};
+const char *ms[] = {
+title,
+CDB_STATUS_VALID(resp->status) ? ": " : ": invalid ",
+scsi_cdb_status_msg(resp->status),
+resp->status == CDB_STATUS_CHECK_CONDITION ? " " : 0,
+resp->sense_len ? scsi_cdb_asc_msg(resp->sense)
+: "no sense data",
+scsi_sense_response(resp->sense)  == 0x70 ? ", sure" : "?",
+0
+};
+
+vs_assert(resp->response == VIRTIO_SCSI_S_OK, mr);
+vs_assert(resp->status == CDB_STATUS_GOOD, ms);
+}
+
+static void prepare_request(VDev *vdev, const void *cdb, int cdb_size,
+void *data, uint32_t data_size)
+{
+const ScsiDevice *sdev = vdev->scsi_device;
+
+memset(, 0, sizeof(req));
+req.lun = make_lun(sdev->channel, sdev->target, sdev->lun);
+memcpy(, cdb, cdb_size);
+
+memset(, 0, sizeof(resp));
+resp.status = 0xff; /* set invalid  */
+resp.response = 0xff;   /*  */
+
+if (data && data_size) {
+memset(data, 0, data_size);
+}
+}
+
+static inline void vs_io_assert(bool term, const char *msg)
+{
+if (!term) {
+virtio_scsi_verify_response(, msg);
+}
+}
+
+static void vs_run(const char *title, VirtioCmd *cmd, VDev *vdev,
+   const void *cdb, int cdb_size,
+   void *data, uint32_t data_size)
+{
+prepare_request(vdev, cdb, cdb_size, data, data_size);
+vs_io_assert(virtio_run(vdev, VR_REQUEST, cmd) == 0, title);
+}
+
+/* SCSI protocol implementation routines */
+
+static bool scsi_inquiry(VDev *vdev, void *data, uint32_t data_size)
+{
+ScsiCdbInquiry cdb = {
+.command = 0x12,
+.alloc_len = data_size < 65535 ? data_size : 65535,
+};
+VirtioCmd inquiry[] = {
+{ , sizeof(req), VRING_DESC_F_NEXT },
+{ , sizeof(resp), VRING_DESC_F_WRITE | VRING_DESC_F_NEXT },
+{ data, data_size, VRING_DESC_F_WRITE },
+};
+
+vs_run("inquiry", inquiry, vdev, , sizeof(cdb), data, data_size);
+
+return virtio_scsi_response_ok();
+}
+
+static bool scsi_test_unit_ready(VDev *vdev)
+{
+ScsiCdbTestUnitReady cdb = {
+.command = 0x00,
+};
+VirtioCmd test_unit_ready[] = {
+{ , sizeof(req), VRING_DESC_F_NEXT },
+{ , sizeof(resp), VRING_DESC_F_WRITE },
+};
+
+prepare_request(vdev, , sizeof(cdb), 0, 0);
+virtio_run(vdev, VR_REQUEST, test_unit_ready); /* ignore errors here */
+
+return virtio_scsi_response_ok();
+}
+
+static bool scsi_report_luns(VDev *vdev, void *data, uint32_t data_size)
+{
+ScsiCdbReportLuns cdb = {
+.command = 0xa0,
+.select_report = 0x02, /* REPORT ALL */
+.alloc_len = data_size,
+};
+VirtioCmd report_luns[] = {
+{ , sizeof(req), VRING_DESC_F_NEXT },
+{ , sizeof(resp), VRING_DESC_F_WRITE | VRING_DESC_F_NEXT },
+{ data, data_size, VRING_DESC_F_WRITE },
+};
+
+vs_run("report luns", report_luns,
+   vdev, , sizeof(cdb), data, data_size);
+
+return virtio_scsi_response_ok();
+}
+
+static bool scsi_read_10(VDev *vdev,
+ ulong sector, int sectors, void *data)
+{
+int f = vdev->blk_factor;
+unsigned int data_size = sectors * 

Re: [Qemu-devel] [PATCH] remove comment for nonexistent structure member

[Michael Tokarev]

18 Feb 2016 11:18, Cao jin wrote
> - * @id: unique identification string in memdev namespace

Applied to -trivial, thanks!

Re: [Qemu-devel] [PATCH] hw/usb/dev-mtp: Guard inotify usage with CONFIG_INOTIFY1

[Gerd Hoffmann]

On Di, 2016-02-23 at 15:44 +, Matthew Fortune wrote:
> inotify_init1 usage was guarded by a check for linux but does not
> exist on older distributions like CentOS 5 resulting in build
> failures.

Added to usb patch queue.

thanks,
  Gerd

Re: [Qemu-devel] [PATCH v3 1/2] QMP: add query-hotpluggable-cpus

[Eduardo Habkost]

On Tue, Mar 15, 2016 at 02:24:07PM +0100, Igor Mammedov wrote:
[...]
> diff --git a/stubs/qmp_query_hotpluggable_cpus.c 
> b/stubs/qmp_query_hotpluggable_cpus.c
> new file mode 100644
> index 000..21a75a3
> --- /dev/null
> +++ b/stubs/qmp_query_hotpluggable_cpus.c
> @@ -0,0 +1,9 @@
> +#include "qemu/osdep.h"
> +#include "qapi/qmp/qerror.h"
> +#include "qmp-commands.h"
> +
> +HotpluggableCPUList *qmp_query_hotpluggable_cpus(Error **errp)
> +{
> +error_setg(errp, QERR_FEATURE_DISABLED, "query-hotpluggable-cpus");
> +return NULL;
> +}

Sorry if this was discussed in previous threads that I haven't
read, but: isn't this supposed to be a MachineClass method?  I
remember David saying once that we have the habit of assuming
that a single QEMU binary can run only one family of machines
that are very similar (like x86), but that's not always true.

-- 
Eduardo

[Qemu-devel] [PULL 23/29] block: Pull up blk_read_unthrottled() implementation

[Kevin Wolf]

Use blk_read(), so that it goes through blk_co_preadv() like all read
requests from the BB to the BDS.

Signed-off-by: Kevin Wolf 
---
 block/block-backend.c | 12 ++--
 block/io.c| 14 --
 include/block/block.h |  2 --
 3 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index 5b15475..475d27a 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -789,12 +789,20 @@ int blk_read(BlockBackend *blk, int64_t sector_num, 
uint8_t *buf,
 int blk_read_unthrottled(BlockBackend *blk, int64_t sector_num, uint8_t *buf,
  int nb_sectors)
 {
-int ret = blk_check_request(blk, sector_num, nb_sectors);
+BlockDriverState *bs = blk_bs(blk);
+bool enabled;
+int ret;
+
+ret = blk_check_request(blk, sector_num, nb_sectors);
 if (ret < 0) {
 return ret;
 }
 
-return bdrv_read_unthrottled(blk_bs(blk), sector_num, buf, nb_sectors);
+enabled = bs->io_limits_enabled;
+bs->io_limits_enabled = false;
+ret = blk_read(blk, sector_num, buf, nb_sectors);
+bs->io_limits_enabled = enabled;
+return ret;
 }
 
 int blk_write(BlockBackend *blk, int64_t sector_num, const uint8_t *buf,
diff --git a/block/io.c b/block/io.c
index aa8537c..41d954ca 100644
--- a/block/io.c
+++ b/block/io.c
@@ -615,20 +615,6 @@ int bdrv_read(BlockDriverState *bs, int64_t sector_num,
 return bdrv_rw_co(bs, sector_num, buf, nb_sectors, false, 0);
 }
 
-/* Just like bdrv_read(), but with I/O throttling temporarily disabled */
-int bdrv_read_unthrottled(BlockDriverState *bs, int64_t sector_num,
-  uint8_t *buf, int nb_sectors)
-{
-bool enabled;
-int ret;
-
-enabled = bs->io_limits_enabled;
-bs->io_limits_enabled = false;
-ret = bdrv_read(bs, sector_num, buf, nb_sectors);
-bs->io_limits_enabled = enabled;
-return ret;
-}
-
 /* Return < 0 if error. Important errors are:
   -EIO generic I/O error (may happen for all errors)
   -ENOMEDIUM   No media inserted.
diff --git a/include/block/block.h b/include/block/block.h
index ea8ed04..01349ef 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -229,8 +229,6 @@ void bdrv_reopen_commit(BDRVReopenState *reopen_state);
 void bdrv_reopen_abort(BDRVReopenState *reopen_state);
 int bdrv_read(BlockDriverState *bs, int64_t sector_num,
   uint8_t *buf, int nb_sectors);
-int bdrv_read_unthrottled(BlockDriverState *bs, int64_t sector_num,
-  uint8_t *buf, int nb_sectors);
 int bdrv_write(BlockDriverState *bs, int64_t sector_num,
const uint8_t *buf, int nb_sectors);
 int bdrv_write_zeroes(BlockDriverState *bs, int64_t sector_num,
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v12 2/3] quorum: implement bdrv_add_child() and bdrv_del_child()

[Wen Congyang]

On 03/17/2016 05:48 PM, Dr. David Alan Gilbert wrote:
> * Wen Congyang (we...@cn.fujitsu.com) wrote:
>> On 03/17/2016 05:10 PM, Alberto Garcia wrote:
>>> On Thu 17 Mar 2016 02:22:40 AM CET, Wen Congyang  
>>> wrote:
 @@ -81,6 +82,8 @@ typedef struct BDRVQuorumState {
   bool rewrite_corrupted;/* true if the driver must 
 rewrite-on-read corrupted
   * block if Quorum is reached.
   */
 +unsigned long *index_bitmap;
>>
>> Hi Berto
>>
>> *NOTE*, In the old version, we just used "bs->node_name", but in the
>> lastest one, as Kevin suggested we introduce
>> "child->child_name"(formart as "children.xxx"), this is the key cause
>> why we need this two functions here.
>
> I'm sorry I missed this discussion earlier. Your code seems technically
> correct but I have several questions:
>
> - I read that one of the reasons for this change is that "In theory, the
>   same node could be attached twice to the same parent in different
>   roles.". Is there any example of that? What's the use case?

 Kevin may know the case.
>>>
>>> Kevin, do you have an example?
>>>
> - How do you obtain the child name?

 IIRC, the answer is no now. I think we can improve 'info block' output
>>>
>>> Okay, but then we should extend that first, otherwise this API cannot be
>>> used.
>>>
> - I see that if you have children.0 and children.1 (let's say hd0.qcow2
>   and hd1.qcow2), then you remove children.0 and add it again, it will
>   keep the 'children.0' name (that's what the bitmap is for if I'm
>   understanding it correctly). However the position in the s->children
>   array will change because you do memmove() when you remove children.0
>   and then add it again to the end of the array.
>
>   Initial status:
>
> s->children[0] <--> "children.0" (hd0.qcow2)
> s->children[1] <--> "children.1" (hd1.qcow2)
>
>   children.0 (hd0.qcow2) is removed:
>
> s->children[0] <--> "children.1" (hd1.qcow2)
>
>   children.0 (hd0.qcow2) is added again:
>
> s->children[0] <--> "children.1" (hd1.qcow2)
> s->children[1] <--> "children.0" (hd0.qcow2)

 Yes, it is correct.

>
>   Is this correct? Is this the indented behavior? Since you are reading
>   in FIFO mode, now hd1.qcow2 will always be read first, so if
>   children.1 was the secondary disk, it has just become the primary.

 Yes.
>>>
>>> And don't you need a way to control the order in which the disks must be
>>> read for COLO?
>>
>> I think in fifo mode, we should read the disk first that is added earlier.
>>
>> We don't need a way to control the order now.
> 
> Can you document fully how it's used in COLO then?

Do you mean document it in docs/block-replication.txt?

> We should have the failure modes documented, and how you'll use
> it after failover etc   Without that it's really difficult to tell
> if this naming is right.

For COLO, children.0 is the real disk, children.1 is replication driver.
After failure, children.1 will be removed by the user. If we want to
continue do COLO, we need add a new children.1 again.

> The children.0 notation is really confusing in the way that Berto
> describes; I hit this a couple of months ago and it really doesn't
> make sense.

Do you mean: read from children.1 first, and then read from children.0 in
fifo mode? Yes, the behavior is very strange.

Thanks
Wen Congyang

> 
> Dave
> 
>>
>> Thanks
>> Wen Congyang
>>
>>>
>>> Berto
>>>
>>>
>>> .
>>>
>>
>>
>>
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
> 
> 
> .
> 

[Qemu-devel] [PATCH v2 04/16] block: plug whole tree at once, introduce bdrv_io_unplugged_begin/end

[Paolo Bonzini]

Extract the handling of io_plug "depth" from linux-aio.c and let the
main bdrv_drain loop do nothing but wait on I/O.

Like the two newly introduced functions, bdrv_io_plug and bdrv_io_unplug
now operate on all children.  The visit order is now symmetrical between
plug and unplug, making it possible for formats to implement plug/unplug.

Reviewed-by: Fam Zheng 
Signed-off-by: Paolo Bonzini 
---
 block/io.c| 72 +++
 block/linux-aio.c | 13 -
 block/raw-aio.h   |  2 +-
 block/raw-posix.c | 16 +--
 include/block/block.h |  3 +-
 include/block/block_int.h |  5 +++-
 6 files changed, 67 insertions(+), 44 deletions(-)

diff --git a/block/io.c b/block/io.c
index 272caac..d8d50b7 100644
--- a/block/io.c
+++ b/block/io.c
@@ -271,13 +271,14 @@ void bdrv_drain(BlockDriverState *bs)
 bool busy = true;
 
 bdrv_no_throttling_begin(bs);
+bdrv_io_unplugged_begin(bs);
 bdrv_drain_recurse(bs);
 while (busy) {
 /* Keep iterating */
- bdrv_flush_io_queue(bs);
  busy = bdrv_requests_pending(bs);
  busy |= aio_poll(bdrv_get_aio_context(bs), busy);
 }
+bdrv_io_unplugged_end(bs);
 bdrv_no_throttling_end(bs);
 }
 
@@ -302,6 +303,7 @@ void bdrv_drain_all(void)
 block_job_pause(bs->job);
 }
 bdrv_no_throttling_begin(bs);
+bdrv_io_unplugged_begin(bs);
 bdrv_drain_recurse(bs);
 aio_context_release(aio_context);
 
@@ -326,7 +328,6 @@ void bdrv_drain_all(void)
 aio_context_acquire(aio_context);
 while ((bs = bdrv_next(bs))) {
 if (aio_context == bdrv_get_aio_context(bs)) {
-bdrv_flush_io_queue(bs);
 if (bdrv_requests_pending(bs)) {
 busy = true;
 aio_poll(aio_context, busy);
@@ -343,6 +344,7 @@ void bdrv_drain_all(void)
 AioContext *aio_context = bdrv_get_aio_context(bs);
 
 aio_context_acquire(aio_context);
+bdrv_io_unplugged_end(bs);
 bdrv_no_throttling_end(bs);
 if (bs->job) {
 block_job_resume(bs->job);
@@ -2738,31 +2740,65 @@ void bdrv_add_before_write_notifier(BlockDriverState 
*bs,
 
 void bdrv_io_plug(BlockDriverState *bs)
 {
-BlockDriver *drv = bs->drv;
-if (drv && drv->bdrv_io_plug) {
-drv->bdrv_io_plug(bs);
-} else if (bs->file) {
-bdrv_io_plug(bs->file->bs);
+BdrvChild *child;
+
+if (bs->io_plugged++ == 0 && bs->io_plug_disabled == 0) {
+BlockDriver *drv = bs->drv;
+if (drv && drv->bdrv_io_plug) {
+drv->bdrv_io_plug(bs);
+}
+}
+
+QLIST_FOREACH(child, >children, next) {
+bdrv_io_plug(child->bs);
 }
 }
 
 void bdrv_io_unplug(BlockDriverState *bs)
 {
-BlockDriver *drv = bs->drv;
-if (drv && drv->bdrv_io_unplug) {
-drv->bdrv_io_unplug(bs);
-} else if (bs->file) {
-bdrv_io_unplug(bs->file->bs);
+BdrvChild *child;
+
+QLIST_FOREACH(child, >children, next) {
+bdrv_io_unplug(child->bs);
+}
+
+if (--bs->io_plugged == 0 && bs->io_plug_disabled == 0) {
+BlockDriver *drv = bs->drv;
+if (drv && drv->bdrv_io_unplug) {
+drv->bdrv_io_unplug(bs);
+}
 }
 }
 
-void bdrv_flush_io_queue(BlockDriverState *bs)
+void bdrv_io_unplugged_begin(BlockDriverState *bs)
 {
-BlockDriver *drv = bs->drv;
-if (drv && drv->bdrv_flush_io_queue) {
-drv->bdrv_flush_io_queue(bs);
-} else if (bs->file) {
-bdrv_flush_io_queue(bs->file->bs);
+BdrvChild *child;
+
+if (bs->io_plug_disabled++ == 0 && bs->io_plugged > 0) {
+BlockDriver *drv = bs->drv;
+if (drv && drv->bdrv_io_unplug) {
+drv->bdrv_io_unplug(bs);
+}
+}
+
+QLIST_FOREACH(child, >children, next) {
+bdrv_io_unplugged_begin(child->bs);
+}
+}
+
+void bdrv_io_unplugged_end(BlockDriverState *bs)
+{
+BdrvChild *child;
+
+QLIST_FOREACH(child, >children, next) {
+bdrv_io_unplugged_end(child->bs);
+}
+
+if (--bs->io_plug_disabled == 0 && bs->io_plugged > 0) {
+BlockDriver *drv = bs->drv;
+if (drv && drv->bdrv_io_plug) {
+drv->bdrv_io_plug(bs);
+}
 }
 }
 
diff --git a/block/linux-aio.c b/block/linux-aio.c
index 805757e..102bf92 100644
--- a/block/linux-aio.c
+++ b/block/linux-aio.c
@@ -220,19 +220,16 @@ void laio_io_plug(BlockDriverState *bs, void *aio_ctx)
 {
 struct qemu_laio_state *s = aio_ctx;
 
-s->io_q.plugged++;
+assert(!s->io_q.plugged);
+s->io_q.plugged = 1;
 }
 
-void laio_io_unplug(BlockDriverState *bs, void *aio_ctx, bool unplug)
+void laio_io_unplug(BlockDriverState *bs, void *aio_ctx)
 {
 struct qemu_laio_state *s = aio_ctx;
 
-assert(s->io_q.plugged > 0 || !unplug);
-
-if (unplug && --s->io_q.plugged > 0) {
-

Re: [Qemu-devel] [PATCH v3 33/40] ivshmem: Inline check_shm_size() into its only caller

[Marc-André Lureau]

Hi

On Tue, Mar 15, 2016 at 7:34 PM, Markus Armbruster  wrote:
> Improve the error messages while there.
>
> Signed-off-by: Markus Armbruster 

I'd prefer we keep a seperate function to handle the shm checks, but I
don't mind much so:

Reviewed-by: Marc-André Lureau 


> ---
>  hw/misc/ivshmem.c | 37 +++--
>  1 file changed, 11 insertions(+), 26 deletions(-)
>
> diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
> index 1b1de65..e6282ab 100644
> --- a/hw/misc/ivshmem.c
> +++ b/hw/misc/ivshmem.c
> @@ -343,29 +343,6 @@ static void watch_vector_notifier(IVShmemState *s, 
> EventNotifier *n,
>  NULL, >msi_vectors[vector]);
>  }
>
> -static int check_shm_size(IVShmemState *s, int fd, Error **errp)
> -{
> -/* check that the guest isn't going to try and map more memory than the
> - * the object has allocated return -1 to indicate error */
> -
> -struct stat buf;
> -
> -if (fstat(fd, ) < 0) {
> -error_setg(errp, "exiting: fstat on fd %d failed: %s",
> -   fd, strerror(errno));
> -return -1;
> -}
> -
> -if (s->ivshmem_size > buf.st_size) {
> -error_setg(errp, "Requested memory size greater"
> -   " than shared object size (%zu > %" PRIu64")",
> -   s->ivshmem_size, (uint64_t)buf.st_size);
> -return -1;
> -} else {
> -return 0;
> -}
> -}
> -
>  static void ivshmem_add_eventfd(IVShmemState *s, int posn, int i)
>  {
>  memory_region_add_eventfd(>ivshmem_mmio,
> @@ -480,7 +457,7 @@ static void setup_interrupt(IVShmemState *s, int vector, 
> Error **errp)
>
>  static void process_msg_shmem(IVShmemState *s, int fd, Error **errp)
>  {
> -Error *err = NULL;
> +struct stat buf;
>  void *ptr;
>
>  if (s->ivshmem_bar2) {
> @@ -489,8 +466,16 @@ static void process_msg_shmem(IVShmemState *s, int fd, 
> Error **errp)
>  return;
>  }
>
> -if (check_shm_size(s, fd, ) == -1) {
> -error_propagate(errp, err);
> +if (fstat(fd, ) < 0) {
> +error_setg_errno(errp, errno,
> +"can't determine size of shared memory sent by server");
> +close(fd);
> +return;
> +}
> +
> +if (s->ivshmem_size > buf.st_size) {
> +error_setg(errp, "server sent only %zd bytes of shared memory",
> +   (size_t)buf.st_size);
>  close(fd);
>  return;
>  }
> --
> 2.4.3
>
>



-- 
Marc-André Lureau

[Qemu-devel] [PATCH 3/6] hw/char: QOM'ify lm32_juart.c

[xiaoqiang zhao]

Drop the old SysBus init function and use instance_init

Signed-off-by: xiaoqiang zhao 
---
 hw/char/lm32_juart.c | 9 +++--
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/hw/char/lm32_juart.c b/hw/char/lm32_juart.c
index 5bf8acf..cd8d0ee 100644
--- a/hw/char/lm32_juart.c
+++ b/hw/char/lm32_juart.c
@@ -114,17 +114,15 @@ static void juart_reset(DeviceState *d)
 s->jrx = 0;
 }
 
-static int lm32_juart_init(SysBusDevice *dev)
+static void lm32_juart_init(Object *obj)
 {
-LM32JuartState *s = LM32_JUART(dev);
+LM32JuartState *s = LM32_JUART(obj);
 
 /* FIXME use a qdev chardev prop instead of qemu_char_get_next_serial() */
 s->chr = qemu_char_get_next_serial();
 if (s->chr) {
 qemu_chr_add_handlers(s->chr, juart_can_rx, juart_rx, juart_event, s);
 }
-
-return 0;
 }
 
 static const VMStateDescription vmstate_lm32_juart = {
@@ -141,9 +139,7 @@ static const VMStateDescription vmstate_lm32_juart = {
 static void lm32_juart_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
-SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
 
-k->init = lm32_juart_init;
 dc->reset = juart_reset;
 dc->vmsd = _lm32_juart;
 /* Reason: init() method uses qemu_char_get_next_serial() */
@@ -154,6 +150,7 @@ static const TypeInfo lm32_juart_info = {
 .name  = TYPE_LM32_JUART,
 .parent= TYPE_SYS_BUS_DEVICE,
 .instance_size = sizeof(LM32JuartState),
+.instance_init = lm32_juart_init,
 .class_init= lm32_juart_class_init,
 };
 
-- 
2.1.4

[Qemu-devel] [PULL 02/15] qapi: Fix command with named empty argument type

[Markus Armbruster]

From: Eric Blake 

The generator special-cased

 { 'command':'foo', 'data': {} }

to avoid emitting a visitor variable, but failed to see that

 { 'struct':'NamedEmptyType, 'data': {} }
 { 'command':'foo', 'data':'NamedEmptyType' }

needs the same treatment.  There, the generator happily generates a
visitor to get no arguments, and a visitor to destroy no arguments;
and the compiler isn't happy with that, as demonstrated by the updated
qapi-schema-test.json:

  tests/test-qmp-marshal.c: In function ‘qmp_marshal_user_def_cmd0’:
  tests/test-qmp-marshal.c:264:14: error: variable ‘v’ set but not used 
[-Werror=unused-but-set-variable]
   Visitor *v;
^

No change to generated code except for the testsuite addition.

Signed-off-by: Eric Blake 
Message-Id: <1458254921-17042-3-git-send-email-ebl...@redhat.com>
Signed-off-by: Markus Armbruster 
---
 scripts/qapi-commands.py| 4 ++--
 tests/qapi-schema/qapi-schema-test.json | 2 ++
 tests/qapi-schema/qapi-schema-test.out  | 2 ++
 tests/test-qmp-commands.c   | 5 +
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/scripts/qapi-commands.py b/scripts/qapi-commands.py
index edcbd10..3784f33 100644
--- a/scripts/qapi-commands.py
+++ b/scripts/qapi-commands.py
@@ -66,7 +66,7 @@ def gen_marshal_vars(arg_type, ret_type):
 ''',
  c_type=ret_type.c_type())
 
-if arg_type:
+if arg_type and arg_type.members:
 ret += mcgen('''
 QmpInputVisitor *qiv = qmp_input_visitor_new_strict(QOBJECT(args));
 QapiDeallocVisitor *qdv;
@@ -98,7 +98,7 @@ def gen_marshal_vars(arg_type, ret_type):
 def gen_marshal_input_visit(arg_type, dealloc=False):
 ret = ''
 
-if not arg_type:
+if not arg_type or not arg_type.members:
 return ret
 
 if dealloc:
diff --git a/tests/qapi-schema/qapi-schema-test.json 
b/tests/qapi-schema/qapi-schema-test.json
index 728659e..e722748 100644
--- a/tests/qapi-schema/qapi-schema-test.json
+++ b/tests/qapi-schema/qapi-schema-test.json
@@ -18,6 +18,8 @@
 { 'struct': 'Empty1', 'data': { } }
 { 'struct': 'Empty2', 'base': 'Empty1', 'data': { } }
 
+{ 'command': 'user_def_cmd0', 'data': 'Empty2', 'returns': 'Empty2' }
+
 # for testing override of default naming heuristic
 { 'enum': 'QEnumTwo',
   'prefix': 'QENUM_TWO',
diff --git a/tests/qapi-schema/qapi-schema-test.out 
b/tests/qapi-schema/qapi-schema-test.out
index f5e2a73..f531961 100644
--- a/tests/qapi-schema/qapi-schema-test.out
+++ b/tests/qapi-schema/qapi-schema-test.out
@@ -203,6 +203,8 @@ command guest-sync :obj-guest-sync-arg -> any
gen=True success_response=True
 command user_def_cmd None -> None
gen=True success_response=True
+command user_def_cmd0 Empty2 -> Empty2
+   gen=True success_response=True
 command user_def_cmd1 :obj-user_def_cmd1-arg -> None
gen=True success_response=True
 command user_def_cmd2 :obj-user_def_cmd2-arg -> UserDefTwo
diff --git a/tests/test-qmp-commands.c b/tests/test-qmp-commands.c
index d6171f2..650ba46 100644
--- a/tests/test-qmp-commands.c
+++ b/tests/test-qmp-commands.c
@@ -13,6 +13,11 @@ void qmp_user_def_cmd(Error **errp)
 {
 }
 
+Empty2 *qmp_user_def_cmd0(Error **errp)
+{
+return g_new0(Empty2, 1);
+}
+
 void qmp_user_def_cmd1(UserDefOne * ud1, Error **errp)
 {
 }
-- 
2.4.3

[Qemu-devel] [PATCH v5 20/28] migration: delete QEMUSizedBuffer struct

[Daniel P. Berrange]

Now that we don't have have a buffer based QemuFile
implementation, the QEMUSizedBuffer code is also
unused and can be deleted. A simpler buffer class
also exists in util/buffer.c which other code can
used as needed.

Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Daniel P. Berrange 
---
 include/migration/qemu-file.h |  16 --
 include/qemu/typedefs.h   |   1 -
 migration/Makefile.objs   |   2 +-
 migration/qemu-file-buf.c | 368 --
 4 files changed, 1 insertion(+), 386 deletions(-)
 delete mode 100644 migration/qemu-file-buf.c

diff --git a/include/migration/qemu-file.h b/include/migration/qemu-file.h
index 6618d19..edaf598 100644
--- a/include/migration/qemu-file.h
+++ b/include/migration/qemu-file.h
@@ -126,13 +126,6 @@ typedef struct QEMUFileHooks {
 QEMURamSaveFunc *save_page;
 } QEMUFileHooks;
 
-struct QEMUSizedBuffer {
-struct iovec *iov;
-size_t n_iov;
-size_t size; /* total allocated size in all iov's */
-size_t used; /* number of used bytes */
-};
-
 QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops);
 QEMUFile *qemu_fopen(const char *filename, const char *mode);
 QEMUFile *qemu_fdopen(int fd, const char *mode);
@@ -155,15 +148,6 @@ void qemu_put_buffer_async(QEMUFile *f, const uint8_t 
*buf, size_t size);
 bool qemu_file_mode_is_not_valid(const char *mode);
 bool qemu_file_is_writable(QEMUFile *f);
 
-QEMUSizedBuffer *qsb_create(const uint8_t *buffer, size_t len);
-void qsb_free(QEMUSizedBuffer *);
-size_t qsb_set_length(QEMUSizedBuffer *qsb, size_t length);
-size_t qsb_get_length(const QEMUSizedBuffer *qsb);
-ssize_t qsb_get_buffer(const QEMUSizedBuffer *, off_t start, size_t count,
-   uint8_t *buf);
-ssize_t qsb_write_at(QEMUSizedBuffer *qsb, const uint8_t *buf,
- off_t pos, size_t count);
-
 
 static inline void qemu_put_ubyte(QEMUFile *f, unsigned int v)
 {
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index fd039e0..d14d559 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -80,7 +80,6 @@ typedef struct QemuOpt QemuOpt;
 typedef struct QemuOpts QemuOpts;
 typedef struct QemuOptsList QemuOptsList;
 typedef struct QEMUSGList QEMUSGList;
-typedef struct QEMUSizedBuffer QEMUSizedBuffer;
 typedef struct QEMUTimer QEMUTimer;
 typedef struct QEMUTimerListGroup QEMUTimerListGroup;
 typedef struct QObject QObject;
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index 86dd050..3e5a57c 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -1,6 +1,6 @@
 common-obj-y += migration.o socket.o fd.o exec.o
 common-obj-y += vmstate.o
-common-obj-y += qemu-file.o qemu-file-buf.o qemu-file-unix.o qemu-file-stdio.o
+common-obj-y += qemu-file.o qemu-file-unix.o qemu-file-stdio.o
 common-obj-y += qemu-file-channel.o
 common-obj-y += xbzrle.o postcopy-ram.o
 
diff --git a/migration/qemu-file-buf.c b/migration/qemu-file-buf.c
deleted file mode 100644
index 668ab35..000
--- a/migration/qemu-file-buf.c
+++ /dev/null
@@ -1,368 +0,0 @@
-/*
- * QEMU System Emulator
- *
- * Copyright (c) 2003-2008 Fabrice Bellard
- * Copyright (c) 2014 IBM Corp.
- *
- * Authors:
- *  Stefan Berger 
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to 
deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
- * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-#include "qemu/osdep.h"
-#include "qemu-common.h"
-#include "qemu/error-report.h"
-#include "qemu/iov.h"
-#include "qemu/sockets.h"
-#include "qemu/coroutine.h"
-#include "migration/migration.h"
-#include "migration/qemu-file.h"
-#include "migration/qemu-file-internal.h"
-#include "trace.h"
-
-#define QSB_CHUNK_SIZE  (1 << 10)
-#define QSB_MAX_CHUNK_SIZE  (16 * QSB_CHUNK_SIZE)
-
-/**
- * Create a QEMUSizedBuffer
- * This type of buffer uses scatter-gather lists internally and
- * can grow to any size. Any data array in the scatter-gather list
- * can hold different amount of bytes.
- *
- *