[Qemu-devel] [PATCH v3] pci: fix pci_requester_id()

[Peter Xu]

This fix SID verification failure when IOMMU IR is enabled with PCI
bridges. Existing pci_requester_id() is more like getting BDF info
only. Renaming it to pci_get_bdf(). Meanwhile, we provide the correct
implementation to get requester ID. VT-d spec 5.1.1 is a good reference
to go, though it talks only about interrupt delivery, the rule works
exactly the same for non-interrupt cases.

Currently, there are three use cases for pci_requester_id():

- PCIX status bits: here we need BDF only, not requester ID. Replacing
  with pci_get_bdf().
- PCIe Error injection and MSI delivery: for both these cases, we are
  looking for requester IDs. Here we should use the new impl.

To avoid a PCI walk every time we send MSI message, one requester_id
field is added to PCIDevice to cache the result when we use it the first
time.  Here assumption is made that requester_id will never change
during device lifecycle.

Signed-off-by: Peter Xu 
---
 hw/i386/kvm/pci-assign.c |  2 +-
 hw/pci/pci.c | 46 ++
 include/hw/pci/pci.h | 11 +--
 3 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index bf425a2..c40ab36 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -1481,7 +1481,7 @@ static int assigned_device_pci_cap_init(PCIDevice 
*pci_dev, Error **errp)
  * error bits, leave the rest. */
 status = pci_get_long(pci_dev->config + pos + PCI_X_STATUS);
 status &= ~(PCI_X_STATUS_BUS | PCI_X_STATUS_DEVFN);
-status |= pci_requester_id(pci_dev);
+status |= pci_get_bdf(pci_dev);
 status &= ~(PCI_X_STATUS_SPL_DISC | PCI_X_STATUS_UNX_SPL |
 PCI_X_STATUS_SPL_ERR);
 pci_set_long(pci_dev->config + pos + PCI_X_STATUS, status);
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index bb605ef..0a35255 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -885,6 +885,7 @@ static PCIDevice *do_pci_register_device(PCIDevice 
*pci_dev, PCIBus *bus,
 }
 
 pci_dev->devfn = devfn;
+pci_dev->requester_id = 0;  /* Not cached */
 dma_as = pci_device_iommu_address_space(pci_dev);
 
 memory_region_init_alias(&pci_dev->bus_master_enable_region,
@@ -2498,6 +2499,51 @@ PCIDevice *pci_get_function_0(PCIDevice *pci_dev)
 }
 }
 
+/* Parse bridges up to the root complex and get final Requester ID
+ * for this device.  For full PCIe topology, this works exactly as
+ * what pci_get_bdf() does. However, several tricks are required
+ * when mixed up with legacy PCI devices and PCIe-to-PCI bridges. */
+static uint16_t pci_requester_id_no_cache(PCIDevice *dev)
+{
+uint8_t bus_n;
+uint16_t result = pci_get_bdf(dev);
+
+while (!pci_bus_is_root(dev->bus)) {
+/* We are under PCI/PCIe bridges, fetch bus number of
+ * current bus, which is the secondary bus number of
+ * parent bridge. */
+bus_n = pci_bus_num(dev->bus);
+dev = dev->bus->parent_dev;
+if (pci_is_express(dev)) {
+if (pcie_cap_get_type(dev) == PCI_EXP_TYPE_PCI_BRIDGE) {
+/* When we pass through PCIe-to-PCI/PCIX bridges, we
+ * override the requester ID using secondary bus
+ * number of parent bridge with zeroed devfn
+ * (pcie-to-pci bridge spec chap 2.3). */
+result = PCI_BUILD_BDF(bus_n, 0);
+}
+} else {
+/* Legacy PCI, override requester ID with the bridge's
+ * BDF upstream.  When the root complex connects to
+ * legacy PCI devices (including buses), it can only
+ * obtain requester ID info from directly attached
+ * devices.  If devices are attached under bridges, only
+ * the requester ID of the bridge that is directly
+ * attached to the root complex can be recognized. */
+result = pci_get_bdf(dev);
+}
+}
+return result;
+}
+
+uint16_t pci_requester_id(PCIDevice *dev)
+{
+if (unlikely(!dev->requester_id)) {
+dev->requester_id = pci_requester_id_no_cache(dev);
+}
+return dev->requester_id;
+}
+
 static const TypeInfo pci_device_type_info = {
 .name = TYPE_PCI_DEVICE,
 .parent = TYPE_DEVICE,
diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index ef6ba51..cb3ab3b 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -15,6 +15,7 @@
 #define PCI_DEVFN(slot, func)   slot) & 0x1f) << 3) | ((func) & 0x07))
 #define PCI_SLOT(devfn) (((devfn) >> 3) & 0x1f)
 #define PCI_FUNC(devfn) ((devfn) & 0x07)
+#define PCI_BUILD_BDF(bus, devfn) ((bus << 8) | (devfn))
 #define PCI_SLOT_MAX32
 #define PCI_FUNC_MAX8
 
@@ -252,6 +253,10 @@ struct PCIDevice {
 /* the following fields are read only */
 PCIBus *bus;
 int32_t devfn;
+/* Cached requester ID, to avoid the PCI tree walking every time
+ * we invoke PCI 

[Qemu-devel] [PATCH v3] fix pci_requester_id()

[Peter Xu]

This is v3 to fix pci_requester_id() issue.

I avoided detecting root bus type since it seems not matter much if
we will directly drop them for non-pcie cases.

Also, I used zero to indicate uncached requester_id (assuming that
BDF 0x is never used by any device).

v3 changes:
- add empty line after local var defines
- enhance comments to explain reason than what is done, also fix
  some english errors in comments
- add requester_id cache: Here I didn't cache the PCI device but
  requester ID directly, since for pcie-to-pci case we are not
  returning BDF but (secondary bus num, 0) pair. So if to cache with
  device, we need one more field, which is complicated. This is
  based on the assumption that requester_id will not change for a
  device lifecycle (is it possible that guest kernel modify
  bus number during runtime?). Anyway, please let me know if I am
  wrong.

Test done: IOMMU IR v7 (not yet posted) work with pci-pci bridges.

Thanks,

Peter Xu (1):
  pci: fix pci_requester_id()

 hw/i386/kvm/pci-assign.c |  2 +-
 hw/pci/pci.c | 46 ++
 include/hw/pci/pci.h | 11 +--
 3 files changed, 56 insertions(+), 3 deletions(-)

-- 
2.4.11

Re: [Qemu-devel] [PATCH v2] pci: fix pci_requester_id()

[Peter Xu]

On Mon, May 16, 2016 at 08:20:46PM +0300, Michael S. Tsirkin wrote:
[...]
> > > Actually I am curious about how generic PCI system delivers
> > > requester ID (if there is)... For PCIe, we have encoded TLP header,
> > > and requester ID is filled in the specific field of the header.
> > > However for legacy PCI system, all the data is transmitted via the
> > > parallel interface (no matter 32/64 bits) and I found no place that
> > > the requester ID can be included. I was assuming there is some way
> > > for the root complex to know it (when request comes, the root
> > > complex should be able to know where the request come from, or say,
> > > its connected BDF). Never digger into the details, or am I wrong?
> > 
> > There's no such thing as a requester ID on conventional PCI.  We should
> > probably be making use of pci_bus_is_express() to determine whether we
> > have a valid requester ID and error if we hit pci_bus_is_root() and we
> > still don't have an express bus.  And as MST says, testing for
> > bus number zero is not a valid test for the root bus.  Thanks,
> > 
> > Alex
> 
> Well MSI code sticks the requester ID in the MSI message
> unconditionally. It's typically later ignored by the the
> PC machine type though.

Yes, I can first detect root PCI bus type as mentioned by Alex, and
fill in SID_INVALID if it's a conventional PCI root complex.

-- peterx

Re: [Qemu-devel] [PATCH qemu v16 19/19] spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows (DDW)

[Bharata B Rao]

On Mon, May 16, 2016 at 11:55 AM, Alexey Kardashevskiy  wrote:
> On 05/13/2016 06:41 PM, Bharata B Rao wrote:
>>
>> On Wed, May 4, 2016 at 12:22 PM, Alexey Kardashevskiy 
>> wrote:
>
>
>>
>>> +
>>> +avail = SPAPR_PCI_DMA_MAX_WINDOWS -
>>> spapr_phb_get_active_win_num(sphb);
>>> +
>>> +rtas_st(rets, 0, RTAS_OUT_SUCCESS);
>>> +rtas_st(rets, 1, avail);
>>> +rtas_st(rets, 2, max_window_size);
>>> +rtas_st(rets, 3, pgmask);
>>> +rtas_st(rets, 4, 0); /* DMA migration mask, not supported */
>>> +
>>> +trace_spapr_iommu_ddw_query(buid, addr, avail, max_window_size,
>>> pgmask);
>>> +return;
>>> +
>>> +param_error_exit:
>>> +rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
>>> +}
>>> +
>>> +static void rtas_ibm_create_pe_dma_window(PowerPCCPU *cpu,
>>> +  sPAPRMachineState *spapr,
>>> +  uint32_t token, uint32_t
>>> nargs,
>>> +  target_ulong args,
>>> +  uint32_t nret, target_ulong
>>> rets)
>>> +{
>>> +sPAPRPHBState *sphb;
>>> +sPAPRTCETable *tcet = NULL;
>>> +uint32_t addr, page_shift, window_shift, liobn;
>>> +uint64_t buid;
>>> +
>>> +if ((nargs != 5) || (nret != 4)) {
>>> +goto param_error_exit;
>>> +}
>>> +
>>> +buid = ((uint64_t)rtas_ld(args, 1) << 32) | rtas_ld(args, 2);
>>> +addr = rtas_ld(args, 0);
>>> +sphb = spapr_pci_find_phb(spapr, buid);
>>> +if (!sphb || !sphb->ddw_enabled) {
>>> +goto param_error_exit;
>>> +}
>>> +
>>> +page_shift = rtas_ld(args, 3);
>>> +window_shift = rtas_ld(args, 4);
>>
>>
>> Kernel has a bug due to which wrong window_shift gets returned here. I
>> have posted possible fix here:
>> https://patchwork.ozlabs.org/patch/621497/
>>
>> I have tried to work around this issue in QEMU too
>> https://lists.nongnu.org/archive/html/qemu-ppc/2016-04/msg00226.html
>>
>> But the above work around involves changing the memory representation
>> in DT.
>
>
> What is wrong with this workaround?

The above workaround will result in different representations for
memory in DT before and after the workaround.

Currently for -m 2G, -numa node,nodeid=0,mem=1G -numa
node,nodeid=1,mem=0.5G, we will have the following nodes in DT:

memory@0
memory@4000
ibm,dynamic-reconfiguration-memory

ibm,dynamic-memory will have only DR LMBs:

[root@localhost ibm,dynamic-reconfiguration-memory]# hexdump ibm,dynamic-memory
000  000a   8000  8000 0008
010        
020 9000  8000 0009    
030     a000  8000 000a
040        
050 b000  8000 000b    
060     c000  8000 000c
070        
080 d000  8000 000d    
090     e000  8000 000e
0a0        
0b0 f000  8000 000f    
0c0    0001   8000 0010
0d0        0001
0e0 1000  8000 0011    
0f0  

The memory region looks like this:

memory-region: system
  - (prio 0, RW): system
-5fff (prio 0, RW): ppc_spapr.ram
8000-00011fff (prio 0, RW): hotplug-memory

After this workaround, all this will change like below:

memory@0
ibm,dynamic-reconfiguration-memory

All LMBs in ibm,dynamic-memory:

[root@localhost ibm,dynamic-reconfiguration-memory]# hexdump ibm,dynamic-memory

000  0010     8000 
010      0080  
020 1000  8000 0001    
030  0080   2000  8000 0002
040      0080  
050 3000  8000 0003    
060  0080   4000  8000 0004
070    0001  0008  
080 5000  8000 0005    0001
090  0008   6000  8000 0006
0a0        
0b0 7000  8000 0007    
0c0     8000  8000 0008
0d0        
0e0 9000  8000 0009    
0f0     a000  8000 000a
100        
110 b000  8000 000b    
120     c000  8000 000c
130        
140 d000  8000 000d    
150     e000  8000 000e
160        
170 f000  8000 000f    
180  

Hotplug memory region gets a new address range now:

memory-region: system
  - (pr

[Qemu-devel] [PATCH 2/2] qapi: Fix memleak in string visitors on int lists

[Eric Blake]

Commit 7f8f9ef1 introduced the ability to store a list of
integers as a sorted list of ranges, but when merging ranges,
it leaks one or more ranges.  It was also using range_get_last()
incorrectly within range_compare() (a range is a start/end pair,
but range_get_last() is for start/len pairs), and will also
mishandle a range ending in UINT64_MAX (remember, we document
that no range covers 2**64 bytes, but that ranges that end on
UINT64_MAX have end < begin).

The whole merge algorithm was rather complex, especially since
we are hard-coding things to a list of ranges; so just rewrite
the thing to open-code the traversal and comparisons, making
the range_compare() helper function give us a nicer answer,
avoiding the need to pass any callbacks to g_list_*(). And
reusing range_extend() ensures we cover the corner cases
correctly.

Drop the now-unused range_merge() and ranges_can_merge().

Doing this lets test-string-{input,output}-visitor pass under
valgrind without leaks.

CC: qemu-sta...@nongnu.org
Signed-off-by: Eric Blake 
---
 include/qemu/range.h | 78 +---
 1 file changed, 31 insertions(+), 47 deletions(-)

diff --git a/include/qemu/range.h b/include/qemu/range.h
index 4a4801b..9955cca 100644
--- a/include/qemu/range.h
+++ b/include/qemu/range.h
@@ -59,67 +59,51 @@ static inline int ranges_overlap(uint64_t first1, uint64_t 
len1,
 return !(last2 < first1 || last1 < first2);
 }

-/* 0,1 can merge with 1,2 but don't overlap */
-static inline bool ranges_can_merge(Range *range1, Range *range2)
+/* Return -1 if @a < b, 1 if greater, and 0 if they overlap. */
+static inline int range_compare(Range *a, Range *b)
 {
-return !(range1->end < range2->begin || range2->end < range1->begin);
-}
-
-static inline void range_merge(Range *range1, Range *range2)
-{
-if (range1->end < range2->end) {
-range1->end = range2->end;
-}
-if (range1->begin > range2->begin) {
-range1->begin = range2->begin;
-}
-}
-
-static inline gint range_compare(gconstpointer a, gconstpointer b)
-{
-Range *ra = (Range *)a, *rb = (Range *)b;
-if (ra->begin == rb->begin && ra->end == rb->end) {
-return 0;
-} else if (range_get_last(ra->begin, ra->end) <
-   range_get_last(rb->begin, rb->end)) {
+if (a->end && a->end < b->begin) {
 return -1;
-} else {
+}
+if (b->end && a->begin > b->end) {
 return 1;
 }
+return 0;
 }

+/* Insert @data into @list of ranges; caller no longer owns @data */
 static inline GList *range_list_insert(GList *list, Range *data)
 {
-GList *l, *next = NULL;
-Range *r, *nextr;
+GList *l = list;

-if (!list) {
-list = g_list_insert_sorted(list, data, range_compare);
-return list;
+/* Range lists require no empty ranges */
+assert(data->begin || data->end);
+
+/* Skip all list elements strictly less than data */
+while (l && range_compare(l->data, data) < 0) {
+l = l->next;
+}
+
+/* If no list, or rest of list exceeds data, insert data and done */
+if (!l || range_compare(l->data, data) > 0) {
+return g_list_insert_before(list, l, data);
 }

-nextr = data;
-l = list;
-while (l && l != next && nextr) {
-r = l->data;
-if (ranges_can_merge(r, nextr)) {
-range_merge(r, nextr);
-l = g_list_remove_link(l, next);
-next = g_list_next(l);
-if (next) {
-nextr = next->data;
-} else {
-nextr = NULL;
-}
-} else {
-l = g_list_next(l);
+/* Merge data into current list element */
+range_extend(l->data, data);
+g_free(data);
+
+/* Merge any subsequent list elements that now also overlap */
+while (l->next && range_compare(l->data, l->next->data) == 0) {
+range_extend(l->data, l->next->data);
+g_free(l->next->data);
+/* We know we aren't deleting the list head, so shave time
+ * by passing l instead of list */
+if (g_list_delete_link(l, l->next) != l) {
+abort();
 }
 }

-if (!l) {
-list = g_list_insert_sorted(list, data, range_compare);
-}
-
 return list;
 }

-- 
2.5.5

[Qemu-devel] [PATCH 1/2] qapi: Simplify use of range.h

[Eric Blake]

Calling our function g_list_insert_sorted_merged() is a misnomer,
since we are NOT writing a glib function.  Furthermore, we are
making every caller pass the same comparator function of
range_merge(): any caller that does otherwise would break
in weird ways since our internal call to ranges_can_merge() is
hard-coded to operate only on ranges, rather than paying
attention to the caller's comparator.

Better is to fix things so that callers don't have to care about
our internal comparator, and to pick a function name that makes
it obvious that we are operating specifically on a list of ranges
and not a generic list.  Plus, refactoring the code here will
make it easier to plug a memory leak in the next patch.

Note that no one used the return value of range_merge(), and that
it can only be called if its precondition was satisfied, so
simplify that while in the area.

The declaration of range_compare() had to be hoisted earlier
in the file.

CC: qemu-sta...@nongnu.org
Signed-off-by: Eric Blake 
---
 include/qemu/range.h | 49 +++-
 qapi/string-input-visitor.c  | 17 ---
 qapi/string-output-visitor.c |  4 ++--
 3 files changed, 27 insertions(+), 43 deletions(-)

diff --git a/include/qemu/range.h b/include/qemu/range.h
index c903eb5..4a4801b 100644
--- a/include/qemu/range.h
+++ b/include/qemu/range.h
@@ -65,30 +65,36 @@ static inline bool ranges_can_merge(Range *range1, Range 
*range2)
 return !(range1->end < range2->begin || range2->end < range1->begin);
 }

-static inline int range_merge(Range *range1, Range *range2)
+static inline void range_merge(Range *range1, Range *range2)
 {
-if (ranges_can_merge(range1, range2)) {
-if (range1->end < range2->end) {
-range1->end = range2->end;
-}
-if (range1->begin > range2->begin) {
-range1->begin = range2->begin;
-}
+if (range1->end < range2->end) {
+range1->end = range2->end;
+}
+if (range1->begin > range2->begin) {
+range1->begin = range2->begin;
+}
+}
+
+static inline gint range_compare(gconstpointer a, gconstpointer b)
+{
+Range *ra = (Range *)a, *rb = (Range *)b;
+if (ra->begin == rb->begin && ra->end == rb->end) {
 return 0;
+} else if (range_get_last(ra->begin, ra->end) <
+   range_get_last(rb->begin, rb->end)) {
+return -1;
+} else {
+return 1;
 }
-
-return -1;
 }

-static inline GList *g_list_insert_sorted_merged(GList *list,
- gpointer data,
- GCompareFunc func)
+static inline GList *range_list_insert(GList *list, Range *data)
 {
 GList *l, *next = NULL;
 Range *r, *nextr;

 if (!list) {
-list = g_list_insert_sorted(list, data, func);
+list = g_list_insert_sorted(list, data, range_compare);
 return list;
 }

@@ -111,23 +117,10 @@ static inline GList *g_list_insert_sorted_merged(GList 
*list,
 }

 if (!l) {
-list = g_list_insert_sorted(list, data, func);
+list = g_list_insert_sorted(list, data, range_compare);
 }

 return list;
 }

-static inline gint range_compare(gconstpointer a, gconstpointer b)
-{
-Range *ra = (Range *)a, *rb = (Range *)b;
-if (ra->begin == rb->begin && ra->end == rb->end) {
-return 0;
-} else if (range_get_last(ra->begin, ra->end) <
-   range_get_last(rb->begin, rb->end)) {
-return -1;
-} else {
-return 1;
-}
-}
-
 #endif
diff --git a/qapi/string-input-visitor.c b/qapi/string-input-visitor.c
index 30b5879..b546e5f 100644
--- a/qapi/string-input-visitor.c
+++ b/qapi/string-input-visitor.c
@@ -61,8 +61,7 @@ static int parse_str(StringInputVisitor *siv, const char 
*name, Error **errp)
 cur = g_malloc0(sizeof(*cur));
 cur->begin = start;
 cur->end = start + 1;
-siv->ranges = g_list_insert_sorted_merged(siv->ranges, cur,
-  range_compare);
+siv->ranges = range_list_insert(siv->ranges, cur);
 cur = NULL;
 str = NULL;
 } else if (*endptr == '-') {
@@ -76,10 +75,7 @@ static int parse_str(StringInputVisitor *siv, const char 
*name, Error **errp)
 cur = g_malloc0(sizeof(*cur));
 cur->begin = start;
 cur->end = end + 1;
-siv->ranges =
-g_list_insert_sorted_merged(siv->ranges,
-cur,
-range_compare);
+siv->ranges = range_list_insert(siv->ranges, cur);
 cur = NULL;
 str = NULL;
 } else if (*endptr == ',') {
@@ -87,10 +83,7 

[Qemu-devel] [PATCH 0/2] Fix leak in handling of integer lists as strings

[Eric Blake]

The qapi string-input and string-output visitors can leak memory
when used on integer lists that were set up such that the range
list needed to merge adjacent/overlapping ranges; detected by
valgrind on test-string-{input,output}-visitor.

It doesn't hurt that the overall series removes more code than it adds.

Eric Blake (2):
  qapi: Simplify use of range.h
  qapi: Fix memleak in string visitors on int lists

 include/qemu/range.h | 107 +--
 qapi/string-input-visitor.c  |  17 ++-
 qapi/string-output-visitor.c |   4 +-
 3 files changed, 48 insertions(+), 80 deletions(-)

-- 
2.5.5

Re: [Qemu-devel] Android-x86 virgl (Virgil3D) support

[Chih-Wei Huang]

2016-05-17 2:55 GMT+08:00 Romain Tisserand :
> Thanks !
>
> No luck so far on my own built-from-source ISO or
> android-x86-6.0-20160318.iso you provided.
> I am stuck at android boot logo into
> (qemu-system-x86_64:25666): Gdk-CRITICAL **: gdk_gl_context_make_current:
> assertion 'GDK_IS_GL_CONTEXT (context)' failed

After booting, you need to press Ctrl-Alt-2
as soon as possible.
(or from GUI menu choose View -> virtio-vga)
Otherwise the surfaceflinger will fail to initialize.

I doubt why it couldn't switch to virtio-vga automatically.
Should be considered a bug or defect of QEMU.

Re: [Qemu-devel] [PATCH v5 10/11] pci core: assert ENOSPC when add capability

[Cao jin]

On 05/15/2016 09:10 PM, Marcel Apfelbaum wrote:

On 05/06/2016 07:20 AM, Cao jin wrote:

ENOSPC is programming error, assert it for debugging.




+/* out of PCI config space should be programming error */


'is', not 'should be'


Will fix it. Thank You, Marcel.
I guess I should put this one as the 1st patch in the series, and remove 
the "ENOSPC" line in the comment of msi_init(), sorry for this stupid fault


--
Yours Sincerely,

Cao jin

Re: [Qemu-devel] [PATCH 2/4] dma-helpers: change BlockBackend to opaque value in DMAIOFunc

[Fam Zheng]

On Wed, 05/11 13:41, Paolo Bonzini wrote:
> diff --git a/include/sysemu/dma.h b/include/sysemu/dma.h
> index b0fbb9b..ddc4afc 100644
> --- a/include/sysemu/dma.h
> +++ b/include/sysemu/dma.h
> @@ -197,14 +197,15 @@ void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, 
> dma_addr_t len);
>  void qemu_sglist_destroy(QEMUSGList *qsg);
>  #endif
>  
> -typedef BlockAIOCB *DMAIOFunc(BlockBackend *blk, int64_t sector_num,
> +typedef BlockAIOCB *DMAIOFunc(int64_t sector_num,
>QEMUIOVector *iov, int nb_sectors,
> -  BlockCompletionFunc *cb, void *opaque);
> +  BlockCompletionFunc *cb, void *cb_opaque,
> +  void *opaque);
>  

The patch itself looks good, but I'm wondering if it's time to introduce:

typedef struct {
BlockCompletionFunc *cb;
void *opaque;
} BlockCompletion;

for more readability in such cases.

Fam

Re: [Qemu-devel] [PATCH v5 00/16] Introduce Intel 82574 GbE Controller Emulation (e1000e)

[Jason Wang]

On 2016年05月15日 21:49, Leonid Bloch wrote:

Hello All,

This is v5 of e1000e series.

For convenience, the same patches are available at:
https://github.com/daynix/qemu-e1000e/tree/e1000e-submit-v5

Best regards,
Dmitry.


Michael, any more comments on this series? If not, I plan to merge this 
series.


Thanks



Changes since v4:

1. Rebased to the latest master (2.6.0+)

Changes since v3:

1. Various code fixes as suggested by Jason and Michael
2. Rebased to the latest master

Changes since v2:

1. Interrupt storm on latest Linux kernels fixed
2. Device unit test added
3. Introduced code sharing between e1000 and e1000e
4. Various code fixes as suggested by Jason
5. Rebased to the latest master

Changes since v1:

1. PCI_PM_CAP_VER_1_1 is defined now in include/hw/pci/pci_regs.h and
not in include/standard-headers/linux/pci_regs.h.
2. Changes in naming and extra comments in hw/pci/pcie.c and in
include/hw/pci/pcie.h.
3. Defining pci_dsn_ver and pci_dsn_cap static const variables in
hw/pci/pcie.c, instead of PCI_DSN_VER and PCI_DSN_CAP symbolic
constants in include/hw/pci/pcie_regs.h.
4. Changing the vmxnet3_device_serial_num function in hw/net/vmxnet3.c
to avoid the cast when it is called.
5. Avoiding a preceding underscore in all the e1000e-related names.
6. Minor style changes.

===

Hello All,

This series is the final code of the e1000e device emulation, that we
have developed. Please review, and consider acceptance of these patches
to the upstream QEMU repository.

The code stability was verified by various traffic tests using Fedora 22
Linux, and Windows Server 2012R2 guests. Also, Microsoft Hardware
Certification Kit (HCK) tests were run on a Windows Server 2012R2 guest.

There was a discussion on the possibility of code sharing between the
e1000e, and the existing e1000 devices. We have reviewed the final code
for parts that may be shared between this device and the currently
available e1000 emulation. The device specifications are very different,
and there are almost no registers, nor functions, that were left as is
from e1000. The ring descriptor structures were changed as well, by the
introduction of extended and PS descriptors, as well as additional bits.

Additional differences stem from the fact that the e1000e device re-uses
network packet abstractions introduced by the vmxnet3 device, while the
e1000 has its own code for packet handling. BTW, it may be worth reusing
those abstractions in e1000 as well. (Following these changes the
vmxnet3 device was successfully tested for possible regressions.)

There are a few minor parts that may be shared, e.g. the default
register handlers, and the ring management functions. The total amount
of shared lines will be about 100--150, so we're not sure if it makes
sense bothering, and taking a risk of breaking e1000, which is a good,
old, and stable device.

Currently, the e1000e code is stand alone w.r.t. e1000.

Please share your thoughts.

Thanks in advance,
Dmitry.

Changes since RFCv2:

1. Device functionality verified using Microsoft Hardware Certification Test 
Kit (HCK)
2. Introduced a number of performance improvements
3. The code was cleaned, and rebased to the latest master
4. Patches verified with checkpatch.pl

===

Changes since RFCv1:

1. Added support for all the device features:
   - Interrupt moderation.
   - RSS.
   - Multiqueue.
2. Simulated exact PCI/PCIe configuration space layout.
3. Made fixes needed to pass Microsoft's HW certification tests (HCK).

This series is still an RFC, because the following tasks are not done yet:

1. See which code can be shared between this device and the existing e1000 
device.
2. Rebase patches to the latest master (current base is v2.3.0).

Please share your thoughts,
Thanks, Dmitry.

===

Hello qemu-devel,

This patch series is an RFC for the new networking device emulation
we're developing for QEMU.

This new device emulates the Intel 82574 GbE Controller and works
with unmodified Intel e1000e drivers from the Linux/Windows kernels.

The status of the current series is "Functional Device Ready, work
on Extended Features in Progress".

More precisely, these patches represent a functional device, which
is recognized by the standard Intel drivers, and is able to transfer
TX/RX packets with CSO/TSO offloads, according to the spec.

Extended features not supported yet (work in progress):
   1. TX/RX Interrupt moderation mechanisms
   2. RSS
   3. Full-featured multi-queue (use of multiqueued network backend)

Also, there will be some code refactoring and performance
optimization efforts.

This series was tested on Linux (Fedora 22) and Windows (2012R2)
guests, using Iperf, with TX/RX and TCP/UDP streams, and various
packet sizes.

More thorough testing, including data streams with different MTU
sizes, and Microsoft Certification (HLK) tests, are pending missing
features' development.

See commit messages (esp. "net: Introduce e1000e

Re: [Qemu-devel] [PATCH v3 3/3] memory: drop some wrappers that waste cpu cycle

[Fam Zheng]

On Thu, 05/12 18:07, Gonglei wrote:
> For better performance, we can use RAMblock
> directly stored in memory_region at present.
> 
> Signed-off-by: Gonglei 
> ---
>  exec.c  | 33 ++---
>  hw/misc/ivshmem.c   |  8 +---
>  hw/virtio/vhost-user.c  | 13 -
>  include/exec/ram_addr.h |  4 +---
>  memory.c|  2 +-
>  5 files changed, 17 insertions(+), 43 deletions(-)
> 
> diff --git a/exec.c b/exec.c
> index 117c9a8..f8de928 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1812,38 +1812,9 @@ void qemu_ram_remap(ram_addr_t addr, ram_addr_t length)
>  }
>  #endif /* !_WIN32 */
>  
> -int qemu_get_ram_fd(ram_addr_t addr)
> +void *qemu_get_ram_block_host_ptr(RAMBlock *ram_block)
>  {
> -RAMBlock *block;
> -int fd;
> -
> -rcu_read_lock();
> -block = qemu_get_ram_block(addr);
> -fd = block->fd;
> -rcu_read_unlock();
> -return fd;
> -}
> -
> -void qemu_set_ram_fd(ram_addr_t addr, int fd)
> -{
> -RAMBlock *block;
> -
> -rcu_read_lock();
> -block = qemu_get_ram_block(addr);
> -block->fd = fd;
> -rcu_read_unlock();
> -}
> -
> -void *qemu_get_ram_block_host_ptr(ram_addr_t addr)
> -{
> -RAMBlock *block;
> -void *ptr;
> -
> -rcu_read_lock();
> -block = qemu_get_ram_block(addr);
> -ptr = ramblock_ptr(block, 0);
> -rcu_read_unlock();
> -return ptr;
> +return ramblock_ptr(ram_block, 0);
>  }
>  
>  /* Return a host pointer to ram allocated with qemu_ram_alloc.
> diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
> index e40f23b..1e930fa 100644
> --- a/hw/misc/ivshmem.c
> +++ b/hw/misc/ivshmem.c
> @@ -533,7 +533,9 @@ static void process_msg_shmem(IVShmemState *s, int fd, 
> Error **errp)
>  }
>  memory_region_init_ram_ptr(&s->server_bar2, OBJECT(s),
> "ivshmem.bar2", size, ptr);
> -qemu_set_ram_fd(memory_region_get_ram_addr(&s->server_bar2), fd);
> +assert(s->server_bar2.ram_block);
> +s->server_bar2.ram_block->fd = fd;
> +
>  s->ivshmem_bar2 = &s->server_bar2;
>  }
>  
> @@ -939,8 +941,8 @@ static void ivshmem_exit(PCIDevice *dev)
>  error_report("Failed to munmap shared memory %s",
>   strerror(errno));
>  }
> -
> -fd = 
> qemu_get_ram_fd(memory_region_get_ram_addr(s->ivshmem_bar2));

Maybe this is okay but personally I think it is cleaner to add a
qemu_{set,get}_ramblock_fd pair.

Fam

[Qemu-devel] [PATCH] ICH9: fix typo

[Cao jin]

Signed-off-by: Cao jin 
---
it is 4th attempt to send this patch...
because of it wasn't delivered correctly by eggs.gnu.org

 hw/isa/lpc_ich9.c  | 4 ++--
 include/hw/i386/ich9.h | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index 99cd3ba..fafe367 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -96,8 +96,8 @@ static void ich9_cc_update(ICH9LPCState *lpc)
 
 /*
  * D30: DMI2PCI bridge
- * It is arbitrarily decided how INTx lines of PCI devicesbehind the bridge
- * are connected to pirq lines. Our choice is PIRQ[E-H].
+ * It is arbitrarily decided how INTx lines of PCI devices behind
+ * the bridge are connected to pirq lines. Our choice is PIRQ[E-H].
  * INT[A-D] are connected to PIRQ[E-H]
  */
 for (pci_intx = 0; pci_intx < PCI_NUM_PINS; pci_intx++) {
diff --git a/include/hw/i386/ich9.h b/include/hw/i386/ich9.h
index d04dcdc..88233c3 100644
--- a/include/hw/i386/ich9.h
+++ b/include/hw/i386/ich9.h
@@ -35,7 +35,7 @@ typedef struct ICH9LPCState {
 
 /* (pci device, intx) -> pirq
  * In real chipset case, the unused slots are never used
- * as ICH9 supports only D25-D32 irq routing.
+ * as ICH9 supports only D25-D31 irq routing.
  * On the other hand in qemu case, any slot/function can be populated
  * via command line option.
  * So fallback interrupt routing for any devices in any slots is necessary.
@@ -181,7 +181,7 @@ Object *ich9_lpc_find(void);
 #define ICH9_SATA1_DEV  31
 #define ICH9_SATA1_FUNC 2
 
-/* D30:F1 power management I/O registers
+/* D31:F0 power management I/O registers
offset from the address ICH9_LPC_PMBASE */
 
 /* ICH9 LPC PM I/O registers are 128 ports and 128-aligned */
-- 
2.1.0

[Qemu-devel] [PULL 1/1] rfifolock: no need to get thread identifier when nesting

[Stefan Hajnoczi]

From: Changlong Xie 

Signed-off-by: Changlong Xie 
Reviewed-by: Denis V. Lunev 
Message-id: 1462874348-32396-1-git-send-email-xiecl.f...@cn.fujitsu.com
Signed-off-by: Stefan Hajnoczi 
---
 util/rfifolock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/rfifolock.c b/util/rfifolock.c
index c22f5fe..084c2f0 100644
--- a/util/rfifolock.c
+++ b/util/rfifolock.c
@@ -58,9 +58,9 @@ void rfifolock_lock(RFifoLock *r)
 }
 qemu_cond_wait(&r->cond, &r->lock);
 }
+qemu_thread_get_self(&r->owner_thread);
 }
 
-qemu_thread_get_self(&r->owner_thread);
 r->nesting++;
 qemu_mutex_unlock(&r->lock);
 }
-- 
2.5.5

[Qemu-devel] [PULL 0/1] Block patches

[Stefan Hajnoczi]

The following changes since commit 70f87e0f0aa04f764dabaeb3ed71ff195748076a:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160513-1' into 
staging (2016-05-13 13:39:38 +0100)

are available in the git repository at:

  git://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to de3e15a705cbb4b54b2a749f8d5131c9f1666fb3:

  rfifolock: no need to get thread identifier when nesting (2016-05-16 15:29:44 
-0700)





Changlong Xie (1):
  rfifolock: no need to get thread identifier when nesting

 util/rfifolock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.5.5

Re: [Qemu-devel] RFC: Proposed vfio IGD assignment fw_cfg ABI

[Alex Williamson]

On Fri, 13 May 2016 10:21:00 +0200
Gerd Hoffmann  wrote:

> > #1: "etc/igd-opregion"
> > 
> > the IGD OpRegion is an area of memory which contains among other
> > things, the Video BIOS Table which is integral in allowing an assigned
> > IGD to configure and make use of the physical display outputs of the
> > system.  "etc/igd-opregion" is an opaque fw_cfg file which the BIOS
> > will use to allocate an appropriately sized reserved memory region,
> > copy the contents of the fw_cfg file into the allocated memory region,
> > and write the base address of the allocated memory region to the dword
> > registers at 0xFC in PCI config space on the IGD device itself.  The
> > BIOS will look for this fw_cfg file any time a PCI class VGA device is
> > found with Intel vendor ID.  Multiple IGD devices per VM, such as might
> > potentially be possible with Intel vGPU, is not within the scope of
> > this proposal.  The expected size of this fw_cfg file is on the order
> > of a few pages, 8KB is typical.  
> 
> Looks good to me.
> 
> > #2: "etc/igd-bdsm"  
> 
> > possibility of multiple BDSM per VM.  The expected size of this fw_cfg
> > file is from 1MB to multiple hundreds of MB with user specified stolen
> > video memory.  
> 
> Having a big fw_cfg file without using the content looks a bit odd to
> me.  I'd suggest to create a fw_cfg file with the size in it instead.
> Usual way to do this is to stick a 64bit value in little endian byte
> order into fw_cfg, then use romfile_loadint() in seabios to read it.

I think following this approach I'd rename the fw_cfg file to
"etc/igd-bdsm-size", otherwise looks reasonable, I'll make the change.

> > I'd appreciate any comments on these entries and I'd be happy to
> > describe them further.  Perhaps we should create a docs/api/
> > directory with these sorts of descriptions where we define how a
> > given API is intended to work.  
> 
> There is docs/specs/ already where this would fit, and it even has a
> fw_cfg.txt file.  It might make sense to have a separate igd-assign.txt
> though.

Yeah, even beyond these fw_cfg options there's probably enough oddity
with IGD assignment to have it's own docs file.  I'll cook something up
for the next posting.  Thanks for the review and comments.

Alex

Re: [Qemu-devel] [PATCH v3 00/14] block: Move I/O throttling to BlockBackend

[Stefan Hajnoczi]

On Wed, May 11, 2016 at 03:24:11PM +0200, Kevin Wolf wrote:
> This is another feature that was "logically" part of the BlockBackend, but
> implemented as a BlockDriverState feature. It was always kept on top using
> swap_feature_fields().
> 
> This series moves it to be actually implemented in the BlockBackend, removing
> another obstacle for removing bs->blk and allowing multiple BBs per BDS.
> 
> Applies to block-next.
> 
> 
> v3:
> - Patch 5: 'block: Move throttling fields from BDS to BB'
>   Fixed a few commentions still mentioning BDS instead of BB [Berto]
> 
> - Patch 9: 'block: Drain throttling queue with BdrvChild'
>   Documented the semantics of BdrvChildRole.drained_begin/end [Stefan]
> 
> - Patch 10 (new): 'block/io: Quiesce parents between drained_begin/end'
>   Fix that parent requests were allowed again too early [Stefan]
> 
> - Patch 14 (was 13): 'block: Don't check throttled reqs in
>   bdrv_requests_pending()'
>   Explained more cases in the commit message [Berto]
> 
> 
> v2:
> - Rebased on top of Paolo's 'bdrv_flush_io_queue removal, shared 
> LinuxAioState'
>   Most notable this includes a complete rewrite of patch 9 (was 10): 'block:
>   Drain throttling queue with BdrvChild'. Instead of a single drain_queue()
>   callback we now have a drained_begin/end() pair.
> 
> - Patch 2 (was 3): 'block: Introduce BlockBackendPublic'
>   Add int dummy to yet empty struct BlockBackendPublic [Eric]
> 
> - Patch 11: 'block: Remove bdrv_move_feature_fields()'
>   After the rebase, the function ended up empty, we can remove it now
> 
> - Patch 12: 'Revert "block: Forbid I/O throttling on nodes with
>  multiple parents for 2.6"'
>   This was committed to master after v1 had been posted, so this one is new as
>   well. The reason for forbidding this was that patch 6 ('block: Move actual
>   I/O throttling to BlockBackend') would change the behaviour of the non-BB
>   parents. Now that the final behaviour is implemented, we can allow the 
> setup.
> 
> Kevin Wolf (14):
>   block: Make sure throttled BDSes always have a BB
>   block: Introduce BlockBackendPublic
>   block: throttle-groups: Use BlockBackend pointers internally
>   block: Convert throttle_group_get_name() to BlockBackend
>   block: Move throttling fields from BDS to BB
>   block: Move actual I/O throttling to BlockBackend
>   block: Move I/O throttling configuration functions to BlockBackend
>   block: Introduce BdrvChild.opaque
>   block: Drain throttling queue with BdrvChild callback
>   block/io: Quiesce parents between drained_begin/end
>   block: Decouple throttling from BlockDriverState
>   block: Remove bdrv_move_feature_fields()
>   Revert "block: Forbid I/O throttling on nodes with multiple parents
> for 2.6"
>   block: Don't check throttled reqs in bdrv_requests_pending()
> 
>  block.c |  58 +-
>  block/block-backend.c   | 135 ++
>  block/io.c  |  86 --
>  block/qapi.c|   6 +-
>  block/throttle-groups.c | 244 
> +---
>  blockdev.c  |  50 +++-
>  include/block/block.h   |   4 -
>  include/block/block_int.h   |  35 ++
>  include/block/throttle-groups.h |  14 +--
>  include/sysemu/block-backend.h  |  27 +
>  tests/test-throttle.c   |  62 +-
>  11 files changed, 359 insertions(+), 362 deletions(-)

I'm happy with this series modulo the typos I mentioned in replies.


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 10/14] block/io: Quiesce parents between drained_begin/end

[Stefan Hajnoczi]

On Wed, May 11, 2016 at 03:24:21PM +0200, Kevin Wolf wrote:
> So far, bdrv_parent_drained_begin/end() was called for the duration of
> the actual bdrv_drain() at the beginning of a drained section, but we
> really should keep parents quiesced until the end of the drained
> section.
> 
> This does not actually change behaviour at this point because the only
> user of the .drained_begin/end BdrvChildRole callback is I/O throttling,
> which already doesn't send any new requests after flushing its queue in
> .drained_being. The patch merely removes a trap for future users.

s/being/begin/

> 
> Reported-by: Stefan Hajnoczi 
> Signed-off-by: Kevin Wolf 
> ---
>  block/io.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/block/io.c b/block/io.c
> index 7c213ec..23abbc5 100644
> --- a/block/io.c
> +++ b/block/io.c
> @@ -2749,11 +2749,14 @@ void bdrv_drained_begin(BlockDriverState *bs)
>  if (!bs->quiesce_counter++) {
>  aio_disable_external(bdrv_get_aio_context(bs));
>  }
> +bdrv_parent_drained_begin(bs);
>  bdrv_drain(bs);
>  }
>  
>  void bdrv_drained_end(BlockDriverState *bs)
>  {
> +bdrv_parent_drained_end(bs);
> +
>  assert(bs->quiesce_counter > 0);
>  if (--bs->quiesce_counter > 0) {
>  return;
> -- 
> 1.8.3.1
> 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 09/14] block: Drain throttling queue with BdrvChild callback

[Stefan Hajnoczi]

On Wed, May 11, 2016 at 03:24:20PM +0200, Kevin Wolf wrote:
> diff --git a/include/block/block_int.h b/include/block/block_int.h
> index 6af541e..461583b 100644
> --- a/include/block/block_int.h
> +++ b/include/block/block_int.h
> @@ -359,6 +359,17 @@ typedef struct BdrvAioNotifier {
>  struct BdrvChildRole {
>  void (*inherit_options)(int *child_flags, QDict *child_options,
>  int parent_flags, QDict *parent_options);
> +
> +/*
> + * If this pair of functions is implemented, the parent doesn't issue new
> + * requests after returning from .drained_being() until .drained_end() is

s/being/begin/


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 3/5] adb.c: correct several key assignments

[Programmingkid]

On May 16, 2016, at 4:48 PM, Peter Maydell wrote:

> On 16 May 2016 at 21:42, Programmingkid  wrote:
>> 
>> On May 16, 2016, at 2:04 PM, Peter Maydell wrote:
>> 
>>> On 6 May 2016 at 03:37, Programmingkid  wrote:
 /* ADB_KEY_RIGHT_COMMAND works as right super in Linux */
 /* Use ADB_KEY_LEFT_COMMAND for Mac OS compatibility */
 -[Q_KEY_CODE_META_R]= 0x7e,
 +[Q_KEY_CODE_META_R]= ADB_KEY_LEFT_COMMAND,
>>> 
>>> This looks weird. Given that the Apple Extended Keyboard
>>> hardware documentation just says that both left and right
>>> Command keys return 0x37, we should probably just call
>>> the #define ADB_KEY_COMMAND. (That in turn means that the
>>> comments are unnecessary and you can just delete them
>>> from the patch you put them in.)
>> 
>> I liked the idea of giving someone who might need to tell the
>> difference between left and right command keys a way to
>> accomplish their goal.
> 
> We're emulating a real bit of hardware here (ie the Apple
> Extended Keyboard). If that hardware does not have distinct
> left and right command keys then that's what we have to emulate.

I think the Apple Extended keyboard could tell the difference between
left and right command keys, but Apple just decided not to document
this feature. I know the USB keyboards can see the difference and
Apple did not document that feature. In the end I suppose it is just
easier to have just an ADB_KEY_COMMAND constant.  

Re: [Qemu-devel] [V10 1/4] hw/i386: Introduce AMD IOMMU

[Jan Kiszka]

On 2016-05-16 07:59, David Kiarie wrote:
> On Sun, May 15, 2016 at 10:29 PM, Jan Kiszka  wrote:
>> On 2016-05-09 14:15, David Kiarie wrote:
>>> +ret->iova = addr & AMDVI_PAGE_MASK_4K;
>>> +ret->translated_addr = (pte & AMDVI_DEV_PT_ROOT_MASK) &
>>> +AMDVI_PAGE_MASK_4K;
>>> +ret->addr_mask = ~AMDVI_PAGE_MASK_4K;
>>
>> This does not take huge pages (2M, 1G, ...) into account. Jailhouse
>> creates them, and its Linux guest goes mad. You need to use the correct
>> page size here, analogously to intel_iommu.c.
> 
> Yes, this was meant to work with normal pages only. Until recently
> intel iommu supported 4k pages only so I figured I could as well work
> with 4k pages. Anyway, will fix this.

Huge pages are optional on Intel. Not AMD.

Jan

Re: [Qemu-devel] [PATCH RFC 1/3] linux-user: add rtnetlink(7) support

[Laurent Vivier]

Le 13/05/2016 à 18:40, Peter Maydell a écrit :
> On 30 January 2016 at 22:26, Laurent Vivier  wrote:
>> rtnetlink is needed to use iproute package (ip addr, ip route)
>> and dhcp client.
>>
>> Examples:
>>
>> Without this patch:
>> # ip link
>> Cannot open netlink socket: Address family not supported by protocol
>> # ip addr
>> Cannot open netlink socket: Address family not supported by protocol
>> # ip route
>> Cannot open netlink socket: Address family not supported by protocol
>> # dhclient eth0
>> Cannot open netlink socket: Address family not supported by protocol
>> Cannot open netlink socket: Address family not supported by protocol
>>
>> With this patch:
>> # ip link
>> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN mode 
>> DEFAULT
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 51: eth0:  mtu 1500 qdisc fq_codel 
>> state UP mode DEFAULT qlen 1000
>> link/ether 00:16:3e:89:6b:d7 brd ff:ff:ff:ff:ff:ff
>> # ip addr show eth0
>> 51: eth0:  mtu 1500 qdisc fq_codel 
>> state UP qlen 1000
>> link/ether 00:16:3e:89:6b:d7 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.122.197/24 brd 192.168.122.255 scope global eth0
>>valid_lft forever preferred_lft forever
>> inet6 fe80::216:3eff:fe89:6bd7/64 scope link
>>valid_lft forever preferred_lft forever
>> # ip route
>> default via 192.168.122.1 dev eth0
>> 192.168.122.0/24 dev eth0  proto kernel  scope link  src 192.168.122.197
>> # ip addr flush eth0
>> # ip addr add 192.168.122.10 dev eth0
>> # ip addr show eth0
>> 51: eth0:  mtu 1500 qdisc fq_codel 
>> state UP qlen 1000
>> link/ether 00:16:3e:89:6b:d7 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.122.10/32 scope global eth0
>>valid_lft forever preferred_lft forever
>> # ip route add 192.168.122.0/24 via 192.168.122.10
>> # ip route
>> 192.168.122.0/24 via 192.168.122.10 dev eth0
>>
>> Signed-off-by: Laurent Vivier 
>> ---
>>  linux-user/syscall.c | 477 
>> ++-
>>  1 file changed, 471 insertions(+), 6 deletions(-)
> 
> Apologies for not getting to this patch earlier. Mostly it looks
> OK but I have a few questions/suggestions below.
> 
>> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
>> index dac5518..a1ed2f5 100644
>> --- a/linux-user/syscall.c
>> +++ b/linux-user/syscall.c
>> @@ -100,6 +100,8 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
>>  #include 
>>  #include 
>>  #include "linux_loop.h"
>> +#include 
>> +#include 
>>  #include "uname.h"
>>
>>  #include "qemu.h"
>> @@ -295,6 +297,14 @@ static TargetFdTrans **target_fd_trans;
>>
>>  static unsigned int target_fd_max;
>>
>> +static TargetFdDataFunc fd_trans_target_to_host_data(int fd)
>> +{
>> +if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
>> +return target_fd_trans[fd]->target_to_host_data;
>> +}
>> +return NULL;
>> +}
>> +
>>  static TargetFdDataFunc fd_trans_host_to_target_data(int fd)
>>  {
>>  if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
>> @@ -1222,6 +1232,11 @@ static inline abi_long 
>> host_to_target_sockaddr(abi_ulong target_addr,
>>  return -TARGET_EFAULT;
>>  memcpy(target_saddr, addr, len);
>>  target_saddr->sa_family = tswap16(addr->sa_family);
>> +if (addr->sa_family == AF_NETLINK) {
>> +struct sockaddr_nl *target_nl = (struct sockaddr_nl *)target_saddr;
>> +target_nl->nl_pid = tswap32(target_nl->nl_pid);
>> +target_nl->nl_groups = tswap32(target_nl->nl_groups);
>> +}
>>  unlock_user(target_saddr, target_addr, len);
>>
>>  return 0;
>> @@ -1453,6 +1468,416 @@ static inline abi_long host_to_target_cmsg(struct 
>> target_msghdr *target_msgh,
>>  return 0;
>>  }
>>
>> +static void tswap_nlmsghdr(struct nlmsghdr *nlh)
>> +{
>> +nlh->nlmsg_len = tswap32(nlh->nlmsg_len);
>> +nlh->nlmsg_type = tswap16(nlh->nlmsg_type);
>> +nlh->nlmsg_flags = tswap16(nlh->nlmsg_flags);
>> +nlh->nlmsg_seq = tswap32(nlh->nlmsg_seq);
>> +nlh->nlmsg_pid = tswap32(nlh->nlmsg_pid);
>> +}
>> +
>> +static abi_long host_to_target_for_each_nlmsg(struct nlmsghdr *nlh,
>> +  size_t len,
>> +  abi_long 
>> (*host_to_target_nlmsg)
>> +   (struct nlmsghdr *))
>> +{
>> +uint32_t nlmsg_len;
>> +abi_long ret;
>> +
>> +while (len > (int)sizeof(struct nlmsghdr)) {
> 
> What is this cast to int for ?
>

I agree it seems useless, I have copied some parts from the kernel :

/usr/include/linux/netlink.h

#define NLMSG_OK(nlh,len) ((len) >= (int)sizeof(struct nlmsghdr) && \
...

so the "(int)" comes from this.

>> +
>> +nlmsg_len = nlh->nlmsg_len;
>> +if (nlmsg_len < sizeof(struct nlmsghdr) ||
>> +nlmsg_len > len) {
>> + 

Re: [Qemu-devel] [PATCH] Fix QEMU PPC e500v1 efscmp* instructions

[Imran, Talha]

Adding some more basis to the patch:

I received some documentation from Freescale support relating to this:
Signal Processing Engine (SPE) Programming Environments Manual: 
http://cache.nxp.com/files/32bit/doc/ref_manual/SPEPEM.pdf.
Relevant info is on page #113.

According to the documentation, the value is CR (4 bits wide) is set as follows:
crD = undefined || cl || undefined || undefine

That is, if the condition is true, the crD[2] bit will be set to 1, else zero. 
The value for rest of the three bits is undefined.
Taking this information into account, we can set crD[1] bit as well, without 
violating architecture specification.

The existing logic in QEMU which interprets the value of CR (which is set by a 
number of different instructions) for branching decisions works well with all 
other instructions. This existing logic is also used for emulation of other 
CPUs which do not support efscmp* instructions.

Hence, I believe setting CR = 6 instead of CR = 4 is the most straightforward 
solution.

Comments and suggestions are welcome.


From: Imran, Talha
Sent: Friday, May 13, 2016 9:26 PM
To: qemu-triv...@nongnu.org
Subject: [PATCH] Fix QEMU PPC e500v1 efscmp* instructions

re-post with attachment.


From: Imran, Talha
Sent: Friday, May 13, 2016 9:04 AM
To: qemu-triv...@nongnu.org
Subject: [PATCH] Fix QEMU PPC e500v1 efscmp* instructions

ping


From: Imran, Talha
Sent: Tuesday, May 10, 2016 6:24 PM
To: qemu-...@nongnu.org; qemu-devel@nongnu.org
Subject: [PATCH] Fix QEMU PPC e500v1 efscmp* instructions

Hi Everyone,

Please find attached a patch which fixes handling in QEMU PPC e500v1 for efscmp*
instructions. This was the cause of over 400 FAILs for this CPU while running
GCC testsuite, which have been fixed.

Value for Condition Registers (CR) being set in QEMU was different from
the value observed on hardware.

I have not managed to find a documentation describing the behaviour of
e500 cores for these instructions. However, the behaviour on
MPC8548-CDS target was observed by dumping registers to stdout, while
running executables from uboot.

These instructions are used by GCC only when compiling for te500v1 multilib; 
hence no
effect on other PPC CPUs (603, 7400 etc.)

A comparison of GCC v5.2.0 testsuite results summary (number of FAILs) is as 
follows:

CPU = te500v1
without patch: 699
with patch: 193

CPU = e500v2
without patch: 225
with patch: 225

Is this OK to commit? Comments and suggestions are welcome.

Thanks,
Talha Imran


ppc-efscmpgt.patch
Description: ppc-efscmpgt.patch

Re: [Qemu-devel] [PATCH v3 3/5] adb.c: correct several key assignments

[Peter Maydell]

On 16 May 2016 at 21:42, Programmingkid  wrote:
>
> On May 16, 2016, at 2:04 PM, Peter Maydell wrote:
>
>> On 6 May 2016 at 03:37, Programmingkid  wrote:
>>>  /* ADB_KEY_RIGHT_COMMAND works as right super in Linux */
>>>  /* Use ADB_KEY_LEFT_COMMAND for Mac OS compatibility */
>>> -[Q_KEY_CODE_META_R]= 0x7e,
>>> +[Q_KEY_CODE_META_R]= ADB_KEY_LEFT_COMMAND,
>>
>> This looks weird. Given that the Apple Extended Keyboard
>> hardware documentation just says that both left and right
>> Command keys return 0x37, we should probably just call
>> the #define ADB_KEY_COMMAND. (That in turn means that the
>> comments are unnecessary and you can just delete them
>> from the patch you put them in.)
>
> I liked the idea of giving someone who might need to tell the
> difference between left and right command keys a way to
> accomplish their goal.

We're emulating a real bit of hardware here (ie the Apple
Extended Keyboard). If that hardware does not have distinct
left and right command keys then that's what we have to emulate.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 3/5] adb.c: correct several key assignments

[Programmingkid]

On May 16, 2016, at 2:04 PM, Peter Maydell wrote:

> On 6 May 2016 at 03:37, Programmingkid  wrote:
>> The original pc_to_adb_keycode mapping did have several keys that were
>> incorrectly mapped. This patch fixes these mappings.
>> 
>> Signed-off-by: John Arbuckle 
>> ---
>> hw/input/adb.c | 33 -
>> 1 file changed, 12 insertions(+), 21 deletions(-)
>> 
>> diff --git a/hw/input/adb.c b/hw/input/adb.c
>> index 715642f..6d4f4dc 100644
>> --- a/hw/input/adb.c
>> +++ b/hw/input/adb.c
>> @@ -62,6 +62,9 @@ do { printf("ADB: " fmt , ## __VA_ARGS__); } while (0)
>> /* error codes */
>> #define ADB_RET_NOTPRESENT (-2)
>> 
>> +/* The adb keyboard doesn't have every key imaginable */
>> +#define NO_KEY 0xff
>> +
> 
> This...
> 
>> static void adb_device_reset(ADBDevice *d)
>> {
>> qdev_reset_all(DEVICE(d));
>> @@ -191,19 +194,21 @@ typedef struct ADBKeyboardClass {
>> } ADBKeyboardClass;
>> 
>> int qcode_to_adb_keycode[] = {
>> + /* Make sure future additions are automatically set to NO_KEY */
>> +[0 ... 0xff]   = NO_KEY,
> 
> ...and this (and the removal of the "= 0" entries) should
> be in the same patch which adds the "don't send key if
> NO_KEY" check.
> 
>> [Q_KEY_CODE_SHIFT] = ADB_KEY_LEFT_SHIFT,
>> [Q_KEY_CODE_SHIFT_R]   = ADB_KEY_RIGHT_SHIFT,
>> [Q_KEY_CODE_ALT]   = ADB_KEY_LEFT_OPTION,
>> [Q_KEY_CODE_ALT_R] = ADB_KEY_RIGHT_OPTION,
>> -[Q_KEY_CODE_ALTGR] = 0,
>> +[Q_KEY_CODE_ALTGR] = ADB_KEY_RIGHT_OPTION,
>> [Q_KEY_CODE_CTRL]  = ADB_KEY_LEFT_CONTROL,
>> [Q_KEY_CODE_CTRL_R]= ADB_KEY_RIGHT_CONTROL,
>> [Q_KEY_CODE_META_L]= ADB_KEY_LEFT_COMMAND,
>> 
>>  /* ADB_KEY_RIGHT_COMMAND works as right super in Linux */
>>  /* Use ADB_KEY_LEFT_COMMAND for Mac OS compatibility */
>> -[Q_KEY_CODE_META_R]= 0x7e,
>> +[Q_KEY_CODE_META_R]= ADB_KEY_LEFT_COMMAND,
> 
> This looks weird. Given that the Apple Extended Keyboard
> hardware documentation just says that both left and right
> Command keys return 0x37, we should probably just call
> the #define ADB_KEY_COMMAND. (That in turn means that the
> comments are unnecessary and you can just delete them
> from the patch you put them in.)

I liked the idea of giving someone who might need to tell the
difference between left and right command keys a way to
accomplish their goal. 

If I did replace ADB_KEY_LEFT_COMMAND and ADB_KEY_RIGHT_COMMAND
with ADB_KEY_COMMAND, then patches 1 and 2 would have to be
changed.

> 
>> [Q_KEY_CODE_SPC]   = ADB_KEY_SPACEBAR,
>> 
>> [Q_KEY_CODE_ESC]   = ADB_KEY_ESC,
>> @@ -272,13 +277,13 @@ int qcode_to_adb_keycode[] = {
>> [Q_KEY_CODE_F10]   = ADB_KEY_F10,
>> [Q_KEY_CODE_F11]   = ADB_KEY_F11,
>> [Q_KEY_CODE_F12]   = ADB_KEY_F12,
>> -[Q_KEY_CODE_PRINT] = 0,
>> -[Q_KEY_CODE_SYSRQ] = 0,
>> +[Q_KEY_CODE_PRINT] = ADB_KEY_F13,
>> +[Q_KEY_CODE_SYSRQ] = ADB_KEY_F13,
>> [Q_KEY_CODE_SCROLL_LOCK]   = ADB_KEY_F14,
>> -[Q_KEY_CODE_PAUSE] = 0,
>> +[Q_KEY_CODE_PAUSE] = ADB_KEY_F15,
>> 
>> [Q_KEY_CODE_NUM_LOCK]  = ADB_KEY_KP_CLEAR,
>> -[Q_KEY_CODE_KP_EQUALS] = 0,
>> +[Q_KEY_CODE_KP_EQUALS] = ADB_KEY_KP_EQUAL,
>> [Q_KEY_CODE_KP_DIVIDE] = ADB_KEY_KP_DIVIDE,
>> [Q_KEY_CODE_KP_MULTIPLY]   = ADB_KEY_KP_MULTIPLY,
>> [Q_KEY_CODE_KP_SUBTRACT]   = ADB_KEY_KP_SUBTRACT,
>> @@ -301,27 +306,13 @@ int qcode_to_adb_keycode[] = {
>> [Q_KEY_CODE_LEFT]  = ADB_KEY_LEFT,
>> [Q_KEY_CODE_RIGHT] = ADB_KEY_RIGHT,
>> 
>> -[Q_KEY_CODE_HELP]  = 0,
>> +[Q_KEY_CODE_HELP]  = ADB_KEY_HELP,
>> [Q_KEY_CODE_INSERT]= ADB_KEY_HELP,
>> [Q_KEY_CODE_DELETE]= ADB_KEY_FORWARD_DELETE,
>> [Q_KEY_CODE_HOME]  = ADB_KEY_HOME,
>> [Q_KEY_CODE_END]   = ADB_KEY_END,
>> [Q_KEY_CODE_PGUP]  = ADB_KEY_PAGE_UP,
>> [Q_KEY_CODE_PGDN]  = ADB_KEY_PAGE_DOWN,
>> -
>> -[Q_KEY_CODE_LESS]  = 0xa,
>> -[Q_KEY_CODE_STOP]  = 0,
>> -[Q_KEY_CODE_AGAIN] = 0,
>> -[Q_KEY_CODE_PROPS] = 0,
>> -[Q_KEY_CODE_UNDO]  = 0,
>> -[Q_KEY_CODE_FRONT] = 0,
>> -[Q_KEY_CODE_COPY]  = 0,
>> -[Q_KEY_CODE_OPEN]  = 0,
>> -[Q_KEY_CODE_PASTE] = 0,
>> -[Q_KEY_CODE_FIND]  = 0,
>> -[Q_KEY_CODE_CUT]   = 0,
>> -[Q_KEY_CODE_LF]= 0,
>> -[Q_KEY_CODE_COMPOSE]   = 0,
> 
> The rest of these changes look OK.
> 
> thanks
> -- PMM

Re: [Qemu-devel] [PATCH v3 0/5] ADB improvements

[Programmingkid]

On May 16, 2016, at 2:09 PM, Peter Maydell wrote:

> On 6 May 2016 at 03:33, Programmingkid  wrote:
>> This patch series makes several improvements to the ADB code. To test this 
>> code,
>> please implement the patches in the order below.
>> 
>> John Arbuckle (5):
>>  adb-keys.h: initial commit
>>  adb.c: add support for QKeyCode
>>  adb.c: correct several key assignments
>>  adb.c: prevent NO_KEY value from going to guest
>>  adb.c: add power key support
>> 
>> hw/input/adb.c  | 239 
>> +++-
>> include/hw/input/adb-keys.h | 142 ++
>> 2 files changed, 335 insertions(+), 46 deletions(-)
>> create mode 100644 include/hw/input/adb-keys.h
> 
> Hi; I've reviewed this v3 patchset. For v4 I recommend you cc qemu-ppc,
> Alex and David, because the ADB input device is only used for the
> hw/ppc/mac* boards and I think patches for those are best routed
> via the PPC tree.

Ok.

> 
> Please also make sure you send the patches for v4 so that they
> are threaded correctly -- v3 did not come through threaded
> properly.

My git is broken in this regard. Sorry. 

Re: [Qemu-devel] [PATCH 5/5] target-i386: Move user-mode exception actions out of user-exec.c

[Peter Maydell]

On 16 May 2016 at 19:33, Peter Maydell  wrote:
> On 16 May 2016 at 18:54, Sergey Fedorov  wrote:
>> 'env->eip' was updated by restore_state_to_opc() from
>> cpu_restore_state_from_tb() from cpu_restore_state() from
>> handle_cpu_signal() _after_ calling 'handle_mmu_fault' hook but _before_
>> calling exception_action().
>
> Oops, nice catch. (I wonder if any of the other target architectures
> are not correctly doing things in their handle_mmu_fault function
> because the cpu_restore_state() call happens later?)

Looking at the other target architectures they're OK because
they don't do very much in the handle_mmu_fault function.
Since every single handle_mmu_fault function always returns 1
(ignoring one or two clearly softmmu-only versions) we could
in theory call cpu_restore_state() before the handle_mmu_fault
hook. However since in the softmmu case the equivalent code
is also called in a pre-restore-state setup it seems more
consistent to keep the user-exec.c code the order it is now.
So the target-i386 code needs rearranging a bit I guess
(perhaps to save the offset rather than the actual next eip?)

I think patches 1..4 are still worthwhile even if we drop
this one for now, though.

thanks
-- PMM

Re: [Qemu-devel] [PATCH qemu v16 14/19] vfio: spapr: Add DMA memory preregistering (SPAPR IOMMU v2)

[Alex Williamson]

On Mon, 16 May 2016 11:10:05 +1000
Alexey Kardashevskiy  wrote:

> On 05/14/2016 08:25 AM, Alex Williamson wrote:
> > On Wed,  4 May 2016 16:52:26 +1000
> > Alexey Kardashevskiy  wrote:
> >  
> >> This makes use of the new "memory registering" feature. The idea is
> >> to provide the userspace ability to notify the host kernel about pages
> >> which are going to be used for DMA. Having this information, the host
> >> kernel can pin them all once per user process, do locked pages
> >> accounting (once) and not spent time on doing that in real time with
> >> possible failures which cannot be handled nicely in some cases.
> >>
> >> This adds a prereg memory listener which listens on address_space_memory
> >> and notifies a VFIO container about memory which needs to be
> >> pinned/unpinned. VFIO MMIO regions (i.e. "skip dump" regions) are skipped.
> >>
> >> As there is no per-IOMMU-type release() callback anymore, this stores
> >> the IOMMU type in the container so vfio_listener_release() can determine
> >> if it needs to unregister @prereg_listener.
> >>
> >> The feature is only enabled for SPAPR IOMMU v2. The host kernel changes
> >> are required. Since v2 does not need/support VFIO_IOMMU_ENABLE, this does
> >> not call it when v2 is detected and enabled.
> >>
> >> This enforces guest RAM blocks to be host page size aligned; however
> >> this is not new as KVM already requires memory slots to be host page
> >> size aligned.
> >>
> >> Signed-off-by: Alexey Kardashevskiy 
> >> ---
> >> Changes:
> >> v16:
> >> * switched to 64bit math everywhere as there is no chance to see
> >> region_add on RAM blocks even remotely close to 1<<64bytes.
> >>
> >> v15:
> >> * banned unaligned sections
> >> * added an vfio_prereg_gpa_to_ua() helper
> >>
> >> v14:
> >> * s/free_container_exit/listener_release_exit/g
> >> * added "if memory_region_is_iommu()" to 
> >> vfio_prereg_listener_skipped_section
> >> ---
> >>  hw/vfio/Makefile.objs |   1 +
> >>  hw/vfio/common.c  |  38 +---
> >>  hw/vfio/prereg.c  | 137 
> >> ++
> >>  include/hw/vfio/vfio-common.h |   4 ++
> >>  trace-events  |   2 +
> >>  5 files changed, 172 insertions(+), 10 deletions(-)
> >>  create mode 100644 hw/vfio/prereg.c
> >>
> >> diff --git a/hw/vfio/Makefile.objs b/hw/vfio/Makefile.objs
> >> index ceddbb8..5800e0e 100644
> >> --- a/hw/vfio/Makefile.objs
> >> +++ b/hw/vfio/Makefile.objs
> >> @@ -4,4 +4,5 @@ obj-$(CONFIG_PCI) += pci.o pci-quirks.o
> >>  obj-$(CONFIG_SOFTMMU) += platform.o
> >>  obj-$(CONFIG_SOFTMMU) += calxeda-xgmac.o
> >>  obj-$(CONFIG_SOFTMMU) += amd-xgbe.o
> >> +obj-$(CONFIG_SOFTMMU) += prereg.o
> >>  endif
> >> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> >> index 2050040..496eb82 100644
> >> --- a/hw/vfio/common.c
> >> +++ b/hw/vfio/common.c
> >> @@ -501,6 +501,9 @@ static const MemoryListener vfio_memory_listener = {
> >>  static void vfio_listener_release(VFIOContainer *container)
> >>  {
> >>  memory_listener_unregister(&container->listener);
> >> +if (container->iommu_type == VFIO_SPAPR_TCE_v2_IOMMU) {
> >> +memory_listener_unregister(&container->prereg_listener);
> >> +}
> >>  }
> >>
> >>  int vfio_region_setup(Object *obj, VFIODevice *vbasedev, VFIORegion 
> >> *region,
> >> @@ -808,8 +811,8 @@ static int vfio_connect_container(VFIOGroup *group, 
> >> AddressSpace *as)
> >>  goto free_container_exit;
> >>  }
> >>
> >> -ret = ioctl(fd, VFIO_SET_IOMMU,
> >> -v2 ? VFIO_TYPE1v2_IOMMU : VFIO_TYPE1_IOMMU);
> >> +container->iommu_type = v2 ? VFIO_TYPE1v2_IOMMU : 
> >> VFIO_TYPE1_IOMMU;
> >> +ret = ioctl(fd, VFIO_SET_IOMMU, container->iommu_type);
> >>  if (ret) {
> >>  error_report("vfio: failed to set iommu for container: %m");
> >>  ret = -errno;
> >> @@ -834,8 +837,10 @@ static int vfio_connect_container(VFIOGroup *group, 
> >> AddressSpace *as)
> >>  if ((ret == 0) && (info.flags & VFIO_IOMMU_INFO_PGSIZES)) {
> >>  container->iova_pgsizes = info.iova_pgsizes;
> >>  }
> >> -} else if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_IOMMU)) {
> >> +} else if (ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_IOMMU) ||
> >> +   ioctl(fd, VFIO_CHECK_EXTENSION, VFIO_SPAPR_TCE_v2_IOMMU)) {
> >>  struct vfio_iommu_spapr_tce_info info;
> >> +bool v2 = !!ioctl(fd, VFIO_CHECK_EXTENSION, 
> >> VFIO_SPAPR_TCE_v2_IOMMU);
> >>
> >>  ret = ioctl(group->fd, VFIO_GROUP_SET_CONTAINER, &fd);
> >>  if (ret) {
> >> @@ -843,7 +848,9 @@ static int vfio_connect_container(VFIOGroup *group, 
> >> AddressSpace *as)
> >>  ret = -errno;
> >>  goto free_container_exit;
> >>  }
> >> -ret = ioctl(fd, VFIO_SET_IOMMU, VFIO_SPAPR_TCE_IOMMU);
> >> +container->iommu_type =
> >> +v2 ? VFIO_SPAPR_TCE_v2_IOMMU : VFIO_SPAPR_TCE_I

Re: [Qemu-devel] [PATCH qemu v16 18/19] vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)

[Alex Williamson]

On Mon, 16 May 2016 14:52:41 +1000
Alexey Kardashevskiy  wrote:

> On 05/14/2016 08:26 AM, Alex Williamson wrote:
> > On Wed,  4 May 2016 16:52:30 +1000
> > Alexey Kardashevskiy  wrote:
> >  
> >> New VFIO_SPAPR_TCE_v2_IOMMU type supports dynamic DMA window management.
> >> This adds ability to VFIO common code to dynamically allocate/remove
> >> DMA windows in the host kernel when new VFIO container is added/removed.
> >>
> >> This adds VFIO_IOMMU_SPAPR_TCE_CREATE ioctl to vfio_listener_region_add
> >> and adds just created IOMMU into the host IOMMU list; the opposite
> >> action is taken in vfio_listener_region_del.
> >>
> >> When creating a new window, this uses heuristic to decide on the TCE table
> >> levels number.
> >>
> >> This should cause no guest visible change in behavior.
> >>
> >> Signed-off-by: Alexey Kardashevskiy 
> >> ---
> >> Changes:
> >> v16:
> >> * used memory_region_iommu_get_page_sizes() in vfio_listener_region_add()
> >> * enforced no intersections between windows
> >>
> >> v14:
> >> * new to the series
> >> ---
> >>  hw/vfio/common.c | 133 
> >> ++-
> >>  trace-events |   2 +
> >>  2 files changed, 125 insertions(+), 10 deletions(-)
> >>
> >> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> >> index 03daf88..bd2dee8 100644
> >> --- a/hw/vfio/common.c
> >> +++ b/hw/vfio/common.c
> >> @@ -240,6 +240,18 @@ static int vfio_dma_map(VFIOContainer *container, 
> >> hwaddr iova,
> >>  return -errno;
> >>  }
> >>
> >> +static bool range_contains(hwaddr start, hwaddr end, hwaddr addr)
> >> +{
> >> +return start <= addr && addr <= end;
> >> +}  
> >
> > a) If you want a "range_foo" function then put it in range.h
> > b) I suspect there are already range.h functions that can do this.
> >  
> >> +
> >> +static bool vfio_host_win_intersects(VFIOHostDMAWindow *hostwin,
> >> + hwaddr min_iova, hwaddr max_iova)
> >> +{
> >> +return range_contains(hostwin->min_iova, hostwin->min_iova, min_iova) 
> >> ||
> >> +range_contains(min_iova, max_iova, hostwin->min_iova);
> >> +}  
> >
> > How is this different than ranges_overlap()?  
> >> +
> >>  static VFIOHostDMAWindow *vfio_host_win_lookup(VFIOContainer *container,
> >> hwaddr min_iova, hwaddr 
> >> max_iova)
> >>  {
> >> @@ -279,6 +291,14 @@ static int vfio_host_win_add(VFIOContainer *container,
> >>  return 0;
> >>  }
> >>
> >> +static void vfio_host_win_del(VFIOContainer *container, hwaddr min_iova)
> >> +{
> >> +VFIOHostDMAWindow *hostwin = vfio_host_win_lookup(container, 
> >> min_iova, 1);
> >> +
> >> +g_assert(hostwin);  
> >
> > Handle the error please.  
> 
> Will this be enough?
> 
>  if (!hostwin) {
>  error_report("%s: Cannot delete missing window at %"HWADDR_PRIx,
>   __func__, min_iova);
>  return;
>  }

Better.  I was really thinking to return error to the caller, but if
the caller has no return path, perhaps this is as good as we can do.
Expect that I will push back on any assert() calls added to vfio.


> >> +QLIST_REMOVE(hostwin, hostwin_next);
> >> +}
> >> +
> >>  static bool vfio_listener_skipped_section(MemoryRegionSection *section)
> >>  {
> >>  return (!memory_region_is_ram(section->mr) &&
> >> @@ -392,6 +412,69 @@ static void vfio_listener_region_add(MemoryListener 
> >> *listener,
> >>  }
> >>  end = int128_get64(int128_sub(llend, int128_one()));
> >>
> >> +if (container->iommu_type == VFIO_SPAPR_TCE_v2_IOMMU) {
> >> +VFIOHostDMAWindow *hostwin;
> >> +unsigned pagesizes = 
> >> memory_region_iommu_get_page_sizes(section->mr);
> >> +unsigned pagesize = (hwaddr)1 << ctz64(pagesizes);
> >> +unsigned entries, pages;
> >> +struct vfio_iommu_spapr_tce_create create = { .argsz = 
> >> sizeof(create) };
> >> +
> >> +trace_vfio_listener_region_add_iommu(iova, end);
> >> +/*
> >> + * FIXME: For VFIO iommu types which have KVM acceleration to
> >> + * avoid bouncing all map/unmaps through qemu this way, this
> >> + * would be the right place to wire that up (tell the KVM
> >> + * device emulation the VFIO iommu handles to use).
> >> + */
> >> +create.window_size = int128_get64(section->size);
> >> +create.page_shift = ctz64(pagesize);
> >> +/*
> >> + * SPAPR host supports multilevel TCE tables, there is some
> >> + * heuristic to decide how many levels we want for our table:
> >> + * 0..64 = 1; 65..4096 = 2; 4097..262144 = 3; 262145.. = 4
> >> + */
> >> +entries = create.window_size >> create.page_shift;
> >> +pages = MAX((entries * sizeof(uint64_t)) / getpagesize(), 1);
> >> +pages = MAX(pow2ceil(pages) - 1, 1); /* Round up */
> >> +create.levels = ctz64(pages) / 6 + 1;
> >> +
> >> +/* For now intersections are not 

Re: [Qemu-devel] [PATCH qemu v16 17/19] spapr_iommu, vfio, memory: Notify IOMMU about starting/stopping being used by VFIO

[Alex Williamson]

On Mon, 16 May 2016 18:35:14 +1000
Alexey Kardashevskiy  wrote:

> On 05/14/2016 08:26 AM, Alex Williamson wrote:
> > On Wed,  4 May 2016 16:52:29 +1000
> > Alexey Kardashevskiy  wrote:
> >  
> >> The sPAPR TCE tables manage 2 copies when VFIO is using an IOMMU -
> >> a guest view of the table and a hardware TCE table. If there is no VFIO
> >> presense in the address space, then just the guest view is used, if
> >> this is the case, it is allocated in the KVM. However since there is no
> >> support yet for VFIO in KVM TCE hypercalls, when we start using VFIO,
> >> we need to move the guest view from KVM to the userspace; and we need
> >> to do this for every IOMMU on a bus with VFIO devices.
> >>
> >> This adds vfio_start/vfio_stop callbacks in MemoryRegionIOMMUOps to
> >> notify IOMMU about changing environment so it can reallocate the table
> >> to/from KVM or (when available) hook the IOMMU groups with the logical
> >> bus (LIOBN) in the KVM.
> >>
> >> This removes explicit spapr_tce_set_need_vfio() call from PCI hotplug
> >> path as the new callbacks do this better - they notify IOMMU at
> >> the exact moment when the configuration is changed, and this also
> >> includes the case of PCI hot unplug.
> >>
> >> This postpones vfio_stop() till the end of region_del() as
> >> vfio_dma_unmap() has to execute before VFIO support is disabled.
> >>
> >> As there can be multiple containers attached to the same PHB/LIOBN,
> >> this adds a wrapper with a use counter for every IOMMU MR and
> >> stores them in a list in the VFIOAddressSpace.
> >>
> >> Signed-off-by: Alexey Kardashevskiy 
> >> ---
> >> Changes:
> >> v16:
> >> * added a use counter in VFIOAddressSpace->VFIOIOMMUMR
> >>
> >> v15:
> >> * s/need_vfio/vfio-Users/g
> >> ---
> >>  hw/ppc/spapr_iommu.c  | 12 
> >>  hw/ppc/spapr_pci.c|  6 --
> >>  hw/vfio/common.c  | 45 
> >> ++-
> >>  include/exec/memory.h |  4 
> >>  include/hw/vfio/vfio-common.h |  7 +++
> >>  5 files changed, 67 insertions(+), 7 deletions(-)
> >>
> >> diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
> >> index c945dba..7af2700 100644
> >> --- a/hw/ppc/spapr_iommu.c
> >> +++ b/hw/ppc/spapr_iommu.c
> >> @@ -155,6 +155,16 @@ static uint64_t spapr_tce_get_page_sizes(MemoryRegion 
> >> *iommu)
> >>  return 1ULL << tcet->page_shift;
> >>  }
> >>
> >> +static void spapr_tce_vfio_start(MemoryRegion *iommu)
> >> +{
> >> +spapr_tce_set_need_vfio(container_of(iommu, sPAPRTCETable, iommu), 
> >> true);
> >> +}
> >> +
> >> +static void spapr_tce_vfio_stop(MemoryRegion *iommu)
> >> +{
> >> +spapr_tce_set_need_vfio(container_of(iommu, sPAPRTCETable, iommu), 
> >> false);
> >> +}
> >> +
> >>  static void spapr_tce_table_do_enable(sPAPRTCETable *tcet);
> >>  static void spapr_tce_table_do_disable(sPAPRTCETable *tcet);
> >>
> >> @@ -239,6 +249,8 @@ static const VMStateDescription 
> >> vmstate_spapr_tce_table = {
> >>  static MemoryRegionIOMMUOps spapr_iommu_ops = {
> >>  .translate = spapr_tce_translate_iommu,
> >>  .get_page_sizes = spapr_tce_get_page_sizes,
> >> +.vfio_start = spapr_tce_vfio_start,
> >> +.vfio_stop = spapr_tce_vfio_stop,
> >>  };
> >>
> >>  static int spapr_tce_table_realize(DeviceState *dev)
> >> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
> >> index 5b9ccff..51e7d56 100644
> >> --- a/hw/ppc/spapr_pci.c
> >> +++ b/hw/ppc/spapr_pci.c
> >> @@ -1086,12 +1086,6 @@ static void 
> >> spapr_phb_add_pci_device(sPAPRDRConnector *drc,
> >>  void *fdt = NULL;
> >>  int fdt_start_offset = 0, fdt_size;
> >>
> >> -if (object_dynamic_cast(OBJECT(pdev), "vfio-pci")) {
> >> -sPAPRTCETable *tcet = spapr_tce_find_by_liobn(phb->dma_liobn);
> >> -
> >> -spapr_tce_set_need_vfio(tcet, true);
> >> -}
> >> -
> >>  if (dev->hotplugged) {
> >>  fdt = create_device_tree(&fdt_size);
> >>  fdt_start_offset = spapr_create_pci_child_dt(phb, pdev, fdt, 0);
> >> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> >> index 3f2fb23..03daf88 100644
> >> --- a/hw/vfio/common.c
> >> +++ b/hw/vfio/common.c
> >> @@ -421,6 +421,26 @@ static void vfio_listener_region_add(MemoryListener 
> >> *listener,
> >>  QLIST_INSERT_HEAD(&container->giommu_list, giommu, giommu_next);
> >>
> >>  memory_region_register_iommu_notifier(giommu->iommu, &giommu->n);
> >> +
> >> +if (section->mr->iommu_ops && section->mr->iommu_ops->vfio_start) 
> >> {
> >> +VFIOIOMMUMR *iommumr;
> >> +bool found = false;
> >> +
> >> +QLIST_FOREACH(iommumr, &container->space->iommumrs, 
> >> iommumr_next) {
> >> +if (iommumr->iommu == section->mr) {
> >> +found = true;
> >> +break;
> >> +}
> >> +}
> >> +if (!found) {
> >> +iommumr = g_malloc0(sizeof(*iommumr));
> >> +iommumr->iommu =

[Qemu-devel] boot HP Firmware Images of Router and Switches

[Dennis Schneck]

   Hi,
   can you make it possible to boot Firmware Images of Router and Switches
   from HP with qemu ?
   Thanks

   for example: 5540HI / 7510 and MSR2004 / HSR6808

   [1]http://www.techeia.com/2015/10/networking-hp-switches-firmware.html

References

   1. http://www.techeia.com/2015/10/networking-hp-switches-firmware.html

[Qemu-devel] [PULL 4/4] slirp: Clean up osdep.h related header inclusions

[Samuel Thibault]

From: Thomas Huth 

qemu/osdep.h is included in some headers twice - one time
should be sufficient.
Also remove the inclusion of time.h since that is already
done by osdep.h, too (this makes scripts/clean-includes
happy again).

Signed-off-by: Thomas Huth 
Reviewed-by: Peter Maydell 
Signed-off-by: Samuel Thibault 
---
 slirp/ip6_icmp.c | 1 -
 slirp/ip_input.c | 1 -
 slirp/udp6.c | 1 -
 3 files changed, 3 deletions(-)

diff --git a/slirp/ip6_icmp.c b/slirp/ip6_icmp.c
index 09571bc..48016a9 100644
--- a/slirp/ip6_icmp.c
+++ b/slirp/ip6_icmp.c
@@ -9,7 +9,6 @@
 #include "qemu/timer.h"
 #include "qemu/error-report.h"
 #include "qemu/log.h"
-#include 
 
 #define NDP_Interval g_rand_int_range(slirp->grand, \
 NDP_MinRtrAdvInterval, NDP_MaxRtrAdvInterval)
diff --git a/slirp/ip_input.c b/slirp/ip_input.c
index cdd5483..34fba2b 100644
--- a/slirp/ip_input.c
+++ b/slirp/ip_input.c
@@ -40,7 +40,6 @@
 
 #include "qemu/osdep.h"
 #include 
-#include 
 #include "ip_icmp.h"
 
 static struct ip *ip_reass(Slirp *slirp, struct ip *ip, struct ipq *fp);
diff --git a/slirp/udp6.c b/slirp/udp6.c
index a23026f..94efb13 100644
--- a/slirp/udp6.c
+++ b/slirp/udp6.c
@@ -6,7 +6,6 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "slirp.h"
-#include "qemu/osdep.h"
 #include "udp.h"
 
 void udp6_input(struct mbuf *m)
-- 
2.8.1

[Qemu-devel] [PULL 0/4] slirp updates

[Samuel Thibault]

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-ui-20160513-1' into 
staging (2016-05-13 13:39:38 +0100)

are available in the git repository at:

  http://people.debian.org/~sthibault/qemu.git tags/samuel-thibault

for you to fetch changes up to 9892663dc486755b5534ff8a77913edc5ea28c79:

  slirp: Clean up osdep.h related header inclusions (2016-05-16 21:01:16 +0200)


slirp updates


Thomas Huth (4):
  slirp: Clean up slirp_config.h
  slirp: Remove obsolete backward-compatibility cruft
  slirp: Remove some unused code from slirp.h
  slirp: Clean up osdep.h related header inclusions

 slirp/ip6_icmp.c |  1 -
 slirp/ip_input.c |  1 -
 slirp/misc.c | 21 ---
 slirp/slirp.h| 50 --
 slirp/slirp_config.h | 99 
 slirp/udp6.c |  1 -
 6 files changed, 173 deletions(-)

[Qemu-devel] [PULL 2/4] slirp: Remove obsolete backward-compatibility cruft

[Samuel Thibault]

From: Thomas Huth 

The slirp code does not use index() and gethostid() anymore,
so these parts can be removed without problems.
memmove() and strerror() should be available on each of the
supported platforms nowadays, too, so these wrappers are also
not needed anymore.
And we certainly also do not support Ultrix anymore, so no
need to keep the code for this platform anymore.

Signed-off-by: Thomas Huth 
Reviewed-by: Peter Maydell 
Signed-off-by: Samuel Thibault 
---
 slirp/misc.c | 21 -
 slirp/slirp.h| 28 
 slirp/slirp_config.h | 12 
 3 files changed, 61 deletions(-)

diff --git a/slirp/misc.c b/slirp/misc.c
index 2fbd048..1a0ea1b 100644
--- a/slirp/misc.c
+++ b/slirp/misc.c
@@ -60,27 +60,6 @@ int add_exec(struct ex_list **ex_ptr, int do_pty, char *exec,
return 0;
 }
 
-#ifndef HAVE_STRERROR
-
-/*
- * For systems with no strerror
- */
-
-extern int sys_nerr;
-extern char *sys_errlist[];
-
-char *
-strerror(error)
-   int error;
-{
-   if (error < sys_nerr)
-  return sys_errlist[error];
-   else
-  return "Unknown error.";
-}
-
-#endif
-
 
 #ifdef _WIN32
 
diff --git a/slirp/slirp.h b/slirp/slirp.h
index 203deec..5b5df59 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -23,11 +23,6 @@ typedef char *caddr_t;
 # include 
 #endif
 
-
-#ifndef HAVE_MEMMOVE
-#define memmove(x, y, z) bcopy(y, x, z)
-#endif
-
 #ifndef _WIN32
 #include 
 #endif
@@ -37,17 +32,6 @@ typedef char *caddr_t;
 #include 
 #endif
 
-/* Systems lacking strdup() definition in . */
-#if defined(ultrix)
-char *strdup(const char *);
-#endif
-
-/* Systems lacking malloc() definition in . */
-#if defined(ultrix) || defined(hcx)
-void *malloc(size_t arg);
-void free(void *ptr);
-#endif
-
 #ifndef NO_UNIX_SOCKETS
 #include 
 #endif
@@ -259,18 +243,6 @@ void if_start(Slirp *);
 void if_start(struct ttys *);
 #endif
 
-#ifndef HAVE_STRERROR
- char *strerror(int error);
-#endif
-
-#ifndef HAVE_INDEX
- char *index(const char *, int);
-#endif
-
-#ifndef HAVE_GETHOSTID
- long gethostid(void);
-#endif
-
 #ifndef _WIN32
 #include 
 #endif
diff --git a/slirp/slirp_config.h b/slirp/slirp_config.h
index a5fa36e..c59f655 100644
--- a/slirp/slirp_config.h
+++ b/slirp/slirp_config.h
@@ -34,9 +34,6 @@
 #define HAVE_SYS_FILIO_H
 #endif
 
-/* Define if you have strerror */
-#define HAVE_STRERROR
-
 /* Define if you have sys/bitypes.h */
 #undef HAVE_SYS_BITYPES_H
 
@@ -82,15 +79,6 @@
 #define HAVE_INET_ATON
 #endif
 
-/* Define if you have index() */
-#define HAVE_INDEX
-
-/* Define if you have memmove */
-#define HAVE_MEMMOVE
-
-/* Define if you have gethostid */
-#define HAVE_GETHOSTID
-
 /* Define if you DON'T have unix-domain sockets */
 #undef NO_UNIX_SOCKETS
 #ifdef _WIN32
-- 
2.8.1

[Qemu-devel] [PULL 1/4] slirp: Clean up slirp_config.h

[Samuel Thibault]

From: Thomas Huth 

There are a lot of unused #defines / #undefs in slirp_config.h,
which are apparently left-overs from the very early slirp code.
Since there is no more code that uses them, let's simply remove
them from our version of slirp.

Signed-off-by: Thomas Huth 
Reviewed-by: Peter Maydell 
Signed-off-by: Samuel Thibault 
---
 slirp/slirp_config.h | 87 
 1 file changed, 87 deletions(-)

diff --git a/slirp/slirp_config.h b/slirp/slirp_config.h
index 896d802..a5fa36e 100644
--- a/slirp/slirp_config.h
+++ b/slirp/slirp_config.h
@@ -9,19 +9,6 @@
 /* Define to 1 if you want KEEPALIVE timers */
 #define DO_KEEPALIVE 0
 
-/* Define to MAX interfaces you expect to use at once */
-/* MAX_INTERFACES determines the max. TOTAL number of interfaces (SLIP and 
PPP) */
-/* MAX_PPP_INTERFACES determines max. number of PPP interfaces */
-#define MAX_INTERFACES 1
-#define MAX_PPP_INTERFACES 1
-
-/* Define if you want slirp's socket in /tmp */
-/* XX Do this in ./configure */
-#undef USE_TMPSOCKET
-
-/* Define if you want slirp to use cfsetXspeed() on the terminal */
-#undef DO_CFSETSPEED
-
 /* Define this if you want slirp to write to the tty as fast as it can */
 /* This should only be set if you are using load-balancing, slirp does a */
 /* pretty good job on single modems already, and seting this will make */
@@ -29,34 +16,12 @@
 /* X Talk about having fast modem as unit 0 */
 #undef FULL_BOLT
 
-/*
- * Define if you want slirp to use less CPU
- * You will notice a small lag in interactive sessions, but it's not that bad
- * Things like Netscape/ftp/etc. are completely unaffected
- * This is mainly for sysadmins who have many slirp users
- */
-#undef USE_LOWCPU
-
-/* Define this if your compiler doesn't like prototypes */
-#ifndef __STDC__
-#define NO_PROTOTYPES
-#endif
-
 /*/
 /*
  * Autoconf defined configuration options
  * You shouldn't need to touch any of these
  */
 
-/* Ignore this */
-#undef DUMMY_PPP
-
-/* Define if you have unistd.h */
-#define HAVE_UNISTD_H
-
-/* Define if you have stdlib.h */
-#define HAVE_STDLIB_H
-
 /* Define if you have sys/ioctl.h */
 #undef HAVE_SYS_IOCTL_H
 #ifndef _WIN32
@@ -72,10 +37,6 @@
 /* Define if you have strerror */
 #define HAVE_STRERROR
 
-/* Define according to how time.h should be included */
-#define TIME_WITH_SYS_TIME 0
-#undef HAVE_SYS_TIME_H
-
 /* Define if you have sys/bitypes.h */
 #undef HAVE_SYS_BITYPES_H
 
@@ -100,9 +61,6 @@
 #define HAVE_SYS_SELECT_H
 #endif
 
-/* Define if you have strings.h */
-#define HAVE_STRING_H
-
 /* Define if you have arpa/inet.h */
 #undef HAVE_ARPA_INET_H
 #ifndef _WIN32
@@ -115,51 +73,18 @@
 /* Define if you have sys/stropts.h */
 #undef HAVE_SYS_STROPTS_H
 
-/* Define to whatever your compiler thinks inline should be */
-//#define inline inline
-
-/* Define to whatever your compiler thinks const should be */
-//#define const const
-
-/* Define if your compiler doesn't like prototypes */
-#undef NO_PROTOTYPES
-
-/* Define to sizeof(char) */
-#define SIZEOF_CHAR 1
-
-/* Define to sizeof(short) */
-#define SIZEOF_SHORT 2
-
-/* Define to sizeof(int) */
-#define SIZEOF_INT 4
-
 /* Define to sizeof(char *) */
 #define SIZEOF_CHAR_P (HOST_LONG_BITS / 8)
 
-/* Define if you have random() */
-#undef HAVE_RANDOM
-
-/* Define if you have srandom() */
-#undef HAVE_SRANDOM
-
 /* Define if you have inet_aton */
 #undef HAVE_INET_ATON
 #ifndef _WIN32
 #define HAVE_INET_ATON
 #endif
 
-/* Define if you have setenv */
-#undef HAVE_SETENV
-
 /* Define if you have index() */
 #define HAVE_INDEX
 
-/* Define if you have bcmp() */
-#undef HAVE_BCMP
-
-/* Define if you have drand48 */
-#undef HAVE_DRAND48
-
 /* Define if you have memmove */
 #define HAVE_MEMMOVE
 
@@ -171,15 +96,3 @@
 #ifdef _WIN32
 #define NO_UNIX_SOCKETS
 #endif
-
-/* Define if you have revoke() */
-#undef HAVE_REVOKE
-
-/* Define if you have the sysv method of opening pty's (/dev/ptmx, etc.) */
-#undef HAVE_GRANTPT
-
-/* Define if you have fchmod */
-#undef HAVE_FCHMOD
-
-/* Define if you have  */
-#undef HAVE_SYS_TYPES32_H
-- 
2.8.1

[Qemu-devel] [PULL 3/4] slirp: Remove some unused code from slirp.h

[Samuel Thibault]

From: Thomas Huth 

These hunks are apparently not used anymore, so let's delete them.

Signed-off-by: Thomas Huth 
Reviewed-by: Peter Maydell 
Signed-off-by: Samuel Thibault 
---
 slirp/slirp.h | 22 --
 1 file changed, 22 deletions(-)

diff --git a/slirp/slirp.h b/slirp/slirp.h
index 5b5df59..e373876 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -58,10 +58,6 @@ typedef char *caddr_t;
 # include 
 #endif
 
-#ifdef USE_PPP
-#include 
-#endif
-
 /* Avoid conflicting with the libc insque() and remque(), which
have different prototypes. */
 #define insque slirp_insque
@@ -96,10 +92,6 @@ typedef char *caddr_t;
 #include "if.h"
 #include "main.h"
 #include "misc.h"
-#ifdef USE_PPP
-#include "ppp/pppd.h"
-#include "ppp/ppp.h"
-#endif
 
 #include "bootp.h"
 #include "tftp.h"
@@ -237,18 +229,12 @@ extern Slirp *slirp_instance;
 #define NULL (void *)0
 #endif
 
-#ifndef FULL_BOLT
 void if_start(Slirp *);
-#else
-void if_start(struct ttys *);
-#endif
 
 #ifndef _WIN32
 #include 
 #endif
 
-#define DEFAULT_BAUD 115200
-
 #define SO_OPTIONS DO_KEEPALIVE
 #define TCP_MAXIDLE (TCPTV_KEEPCNT * TCPTV_KEEPINTVL)
 
@@ -306,14 +292,6 @@ int tcp_emu(struct socket *, struct mbuf *);
 int tcp_ctl(struct socket *);
 struct tcpcb *tcp_drop(struct tcpcb *tp, int err);
 
-#ifdef USE_PPP
-#define MIN_MRU MINMRU
-#define MAX_MRU MAXMRU
-#else
-#define MIN_MRU 128
-#define MAX_MRU 16384
-#endif
-
 #ifndef _WIN32
 #define min(x,y) ((x) < (y) ? (x) : (y))
 #define max(x,y) ((x) > (y) ? (x) : (y))
-- 
2.8.1

Re: [Qemu-devel] [PATCH 5/5] target-i386: Move user-mode exception actions out of user-exec.c

[Peter Maydell]

On 16 May 2016 at 18:54, Sergey Fedorov  wrote:
> On 16/05/16 19:09, Peter Maydell wrote:
>> The exception_action() function in user-exec.c is just a call to
>> cpu_loop_exit() for every target CPU except i386.  Since this
>> function is only called if the target's handle_mmu_fault() hook has
>> indicated an MMU fault, and that hook is only called from the
>> handle_cpu_signal() code path, we can simply move the x86-specific
>> setup into that hook, which allows us to remove the TARGET_I386
>> ifdef from user-exec.c.
>>
>> Of the actions that were done by the call to raise_interrupt_err():
>>  * cpu_svm_check_intercept_param() is a no-op in user mode
>>  * check_exception() is a no-op since double faults are impossible
>>for user-mode
>>  * assignments to cs->exception_index and env->error_code are no-ops
>>  * cpu_loop_exit_restore() is equivalent to cpu_loop_exit() since
>>pc is 0
>> which leaves just setting env_>exception_is_int and
>> env->exception_next_eip as actions that need to be added to
>> x86_cpu_handle_mmu_fault().
>>
>> Signed-off-by: Peter Maydell 
>> ---
>>  target-i386/helper.c |  2 ++
>>  user-exec.c  | 16 +---
>>  2 files changed, 3 insertions(+), 15 deletions(-)
>>
>> diff --git a/target-i386/helper.c b/target-i386/helper.c
>> index bf3e762..e1dde46 100644
>> --- a/target-i386/helper.c
>> +++ b/target-i386/helper.c
>> @@ -700,6 +700,8 @@ int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr,
>>  env->error_code = (is_write << PG_ERROR_W_BIT);
>>  env->error_code |= PG_ERROR_U_MASK;
>>  cs->exception_index = EXCP0E_PAGE;
>> +env->exception_is_int = 0;
>> +env->exception_next_eip = env->eip;
>
> 'env->eip' was updated by restore_state_to_opc() from
> cpu_restore_state_from_tb() from cpu_restore_state() from
> handle_cpu_signal() _after_ calling 'handle_mmu_fault' hook but _before_
> calling exception_action().

Oops, nice catch. (I wonder if any of the other target architectures
are not correctly doing things in their handle_mmu_fault function
because the cpu_restore_state() call happens later?)

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 06/18] atomics: add atomic_read_acquire and atomic_set_release

[Emilio G. Cota]

On Sun, May 15, 2016 at 06:22:36 -0400, Pranith Kumar wrote:
> On Fri, May 13, 2016 at 11:34 PM, Emilio G. Cota  wrote:
> > When __atomic is not available, we use full memory barriers instead
> > of smp/wmb, since acquire/release barriers apply to all memory
> > operations and not just to loads/stores, respectively.
> 
> If it is not too late can we rename this to
> atomic_load_acquire()/atomic_store_release() like in the linux kernel?

I'd keep read/set just for consistency with the rest of the file.

BTW in the kernel, atomic_{read/set}_{acquire/release} are defined
in include/linux/atomic.h:

#ifndef atomic_read_acquire
#define  atomic_read_acquire(v) smp_load_acquire(&(v)->counter)
#endif

#ifndef atomic_set_release
#define  atomic_set_release(v, i)   smp_store_release(&(v)->counter, 
(i))
#endif

The smp_load/store variants are called much more frequently, though.

Thanks,

Emilio

Re: [Qemu-devel] [PATCH 2/5] user-exec: Push resume-from-signal code out to handle_cpu_signal()

[Sergey Fedorov]

On 16/05/16 19:09, Peter Maydell wrote:
> Since the only caller of page_unprotect() which might cause it to
> need to call cpu_resume_from_signal() is handle_cpu_signal() in
> the user-mode code, push the longjump handling out to that function.
>
> Since this is the only caller of cpu_resume_from_signal() which
> passes a non-NULL puc argument, split the non-NULL handling into
> a new cpu_exit_tb_from_sighandler() function. This allows us
> to merge the softmmu and usermode implementations of the
> cpu_resume_from_signal() function, which are now identical.
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Sergey Fedorov 

> ---
>  cpu-exec-common.c |  2 +-
>  translate-all.c   | 12 
>  translate-all.h   |  2 +-
>  user-exec.c   | 41 +
>  4 files changed, 39 insertions(+), 18 deletions(-)
>
> diff --git a/cpu-exec-common.c b/cpu-exec-common.c
> index 6bdda6b..62f5d6b 100644
> --- a/cpu-exec-common.c
> +++ b/cpu-exec-common.c
> @@ -28,7 +28,6 @@ CPUState *tcg_current_cpu;
>  /* exit the current TB from a signal handler. The host registers are
> restored in a state compatible with the CPU emulator
>   */
> -#if defined(CONFIG_SOFTMMU)
>  void cpu_resume_from_signal(CPUState *cpu, void *puc)
>  {
>  /* XXX: restore cpu registers saved in host registers */
> @@ -37,6 +36,7 @@ void cpu_resume_from_signal(CPUState *cpu, void *puc)
>  siglongjmp(cpu->jmp_env, 1);
>  }
>  
> +#if defined(CONFIG_SOFTMMU)
>  void cpu_reloading_memory_map(void)
>  {
>  if (qemu_in_vcpu_thread()) {
> diff --git a/translate-all.c b/translate-all.c
> index 4820d2e..52a571e 100644
> --- a/translate-all.c
> +++ b/translate-all.c
> @@ -1955,7 +1955,7 @@ int page_check_range(target_ulong start, target_ulong 
> len, int flags)
>  /* unprotect the page if it was put read-only because it
> contains translated code */
>  if (!(p->flags & PAGE_WRITE)) {
> -if (!page_unprotect(addr, 0, NULL)) {
> +if (!page_unprotect(addr, 0)) {
>  return -1;
>  }
>  }
> @@ -1965,8 +1965,12 @@ int page_check_range(target_ulong start, target_ulong 
> len, int flags)
>  }
>  
>  /* called from signal handler: invalidate the code and unprotect the
> -   page. Return TRUE if the fault was successfully handled. */
> -int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
> + * page. Return 0 if the fault was not handled, 1 if it was handled,
> + * and 2 if it was handled but the caller must cause the TB to be
> + * immediately exited. (We can only return 2 if the 'pc' argument is
> + * non-zero.)
> + */
> +int page_unprotect(target_ulong address, uintptr_t pc)
>  {
>  unsigned int prot;
>  PageDesc *p;
> @@ -1999,7 +2003,7 @@ int page_unprotect(target_ulong address, uintptr_t pc, 
> void *puc)
> the corresponding translated code. */
>  if (tb_invalidate_phys_page(addr, pc)) {
>  mmap_unlock();
> -cpu_resume_from_signal(current_cpu, puc);
> +return 2;
>  }
>  #ifdef DEBUG_TB_CHECK
>  tb_invalidate_check(addr);
> diff --git a/translate-all.h b/translate-all.h
> index 0384640..ce6071b 100644
> --- a/translate-all.h
> +++ b/translate-all.h
> @@ -27,7 +27,7 @@ void tb_invalidate_phys_range(tb_page_addr_t start, 
> tb_page_addr_t end);
>  void tb_check_watchpoint(CPUState *cpu);
>  
>  #ifdef CONFIG_USER_ONLY
> -int page_unprotect(target_ulong address, uintptr_t pc, void *puc);
> +int page_unprotect(target_ulong address, uintptr_t pc);
>  #endif
>  
>  #endif /* TRANSLATE_ALL_H */
> diff --git a/user-exec.c b/user-exec.c
> index d8d597b..1d02e24 100644
> --- a/user-exec.c
> +++ b/user-exec.c
> @@ -54,7 +54,7 @@ static void exception_action(CPUState *cpu)
>  /* exit the current TB from a signal handler. The host registers are
> restored in a state compatible with the CPU emulator
>   */
> -void cpu_resume_from_signal(CPUState *cpu, void *puc)
> +static void cpu_exit_tb_from_sighandler(CPUState *cpu, void *puc)
>  {
>  #ifdef __linux__
>  struct ucontext *uc = puc;
> @@ -62,20 +62,18 @@ void cpu_resume_from_signal(CPUState *cpu, void *puc)
>  struct sigcontext *uc = puc;
>  #endif
>  
> -if (puc) {
> -/* XXX: use siglongjmp ? */
> +/* XXX: use siglongjmp ? */
>  #ifdef __linux__
>  #ifdef __ia64
> -sigprocmask(SIG_SETMASK, (sigset_t *)&uc->uc_sigmask, NULL);
> +sigprocmask(SIG_SETMASK, (sigset_t *)&uc->uc_sigmask, NULL);
>  #else
> -sigprocmask(SIG_SETMASK, &uc->uc_sigmask, NULL);
> +sigprocmask(SIG_SETMASK, &uc->uc_sigmask, NULL);
>  #endif
>  #elif defined(__OpenBSD__)
> -sigprocmask(SIG_SETMASK, &uc->sc_mask, NULL);
> +sigprocmask(SIG_SETMASK, &uc->sc_mask, NULL);
>  #endif
> -}
> -cpu->exception_index = -1;
> -siglongjmp(cpu->jmp_env, 1);
> +
> +cpu_resume_from_signal(cpu, NULL);
>  }
>  
>

Re: [Qemu-devel] Question about vNVDIMM file format

[Stefan Hajnoczi]

On Mon, May 16, 2016 at 04:04:01PM +0100, Richard W.M. Jones wrote:
> I'm playing with ext4 and DAX.
> 
> I'm using:
> 
>   -object memory-backend-file,id=mem1,share,mem-path=/var/tmp/pmem,size=4G \
>   -device nvdimm,memdev=mem1,id=nv1
> 
> where /var/tmp/pmem is a 4 GB ext4 filesystem image (no partition
> table).  I can mount this in the guest using:
> 
>   mount -o dax /dev/pmem0 /mnt
> 
> and everything appears to work.
> 
> I read in the mailing list that the pmem file has some internal
> structure for storing config data, stored in the last 128 KB of the
> file.  Is that still the case?

AFAICT qemu.git/master does not support the ACPI _DSM for namespace
configuration.  That means the entire /var/tmp/pmem should be visible.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] use timer for adding latency to each block I/O

[Stefan Hajnoczi]

On Thu, May 12, 2016 at 09:27:42AM -0500, Huaicheng Li wrote:
> My goal is to add latency for each I/O without blocking the submission path. 
> Now 
> I can know how long each I/O should wait before it’s submitted to the AIO 
> queue 
> via a model. Now the question is how can I make the I/O wait for that long 
> time
> before it’s finally handled by worker threads.

The "null" block driver supports latency simulation but the driver does
not perform real I/O.

The Linux kernel also offer latency simulation.  Take a look at the
dm-delay and scsi_debug drivers.

> I’m thinking about adding a timer for each block I/O and its callback 
> function will
> do the submission job. Below is some of my thought and questions about this 
> idea: 

The way it's done in the "null" block driver is:

static coroutine_fn int null_co_common(BlockDriverState *bs)
{
BDRVNullState *s = bs->opaque;

if (s->latency_ns) {
co_aio_sleep_ns(bdrv_get_aio_context(bs), QEMU_CLOCK_REALTIME,
s->latency_ns);
}
return 0;
}


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v3 5/5] adb.c: add power key support

[Peter Maydell]

On 6 May 2016 at 03:39, Programmingkid  wrote:
> Add support for the power key. It has to be handled differently from the other
> keys because it is the only 16-bit value key.
>
> Signed-off-by: John Arbuckle 
> ---
> v3 change
> Add several suggested comments.
> Moved the location of an else statement in the adb_keyboard_event() function.
>
>  hw/input/adb.c | 45 ++---
>  1 file changed, 34 insertions(+), 11 deletions(-)
>
> diff --git a/hw/input/adb.c b/hw/input/adb.c
> index 37728b3..b5e53c7 100644
> --- a/hw/input/adb.c
> +++ b/hw/input/adb.c
> @@ -343,10 +343,25 @@ static int adb_kbd_poll(ADBDevice *d, uint8_t *obuf)
>  s->rptr = 0;
>  }
>  s->count--;
> -obuf[0] = keycode;
> -/* NOTE: could put a second keycode if needed */
> -obuf[1] = 0xff;
> -olen = 2;
> +/*
> + * The power key is the only two byte value key, so it is a special case.
> + * Since 0x7f is not a used keycode for ADB we overload it to indicate 
> the
> + * power button when we're storing keycodes in our internal buffer, and
> + * expand it out to two bytes when we send to the guest."

Stray " at end of comment.

> + */
> +if (keycode == 0x7f) {
> +obuf[0] = 0x7f;
> +obuf[1] = 0x7f;
> +olen = 2;
> +} else {
> +obuf[0] = keycode;
> +/* NOTE: the power key key-up is the two byte sequence 0xff 0xff;
> + * otherwise we could in theory send a second keycode in the second
> + * byte, but choose not to bother.
> + */
> +obuf[1] = 0xff;
> +olen = 2;
> +}
>
>  return olen;
>  }
> @@ -424,15 +439,23 @@ static void adb_keyboard_event(DeviceState *dev, 
> QemuConsole *src,
>  return;
>  }
>  keycode = qcode_to_adb_keycode[qcode];
> -if (keycode == NO_KEY) {  /* We don't want to send this to the guest */
> -return;
> -}
>
> -if (evt->u.key.data->down == false) { /* if key release event */
> -keycode = keycode | 0x80;   /* create keyboard break code */
> +/* The power button is a special case because it is a 16-bit value */
> +if (qcode == Q_KEY_CODE_POWER) {
> +printf("Power Key detected\n");

Debug printf left in code.

> +if (evt->u.key.data->down == true) { /* Power button pushed keycode 
> */
> +adb_kbd_put_keycode(s, 0x7f);
> +} else {   /* Power button released keycode 
> */
> +adb_kbd_put_keycode(s, 0xff);
> +}
> +} else if (keycode == NO_KEY) { /* NO_KEY shouldn't be sent to guest */
> +return;
> +} else {   /* For all non-power keys - safe for 8-bit keycodes */
> +if (evt->u.key.data->down == false) { /* if key release event */
> +keycode = keycode | 0x80;   /* create keyboard break code */
> +}
> +adb_kbd_put_keycode(s, keycode);
>  }
> -
> -adb_kbd_put_keycode(s, keycode);
>  }
>
>  static const VMStateDescription vmstate_adb_kbd = {
> --
> 2.7.2

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [V10 1/4] hw/i386: Introduce AMD IOMMU

[Jan Kiszka]

On 2016-05-09 14:15, David Kiarie wrote:
> +static void amdvi_page_walk(AMDVIAddressSpace *as, uint64_t *dte,
> +   IOMMUTLBEntry *ret, unsigned perms,
> +   hwaddr addr)
> +{
> +unsigned level, present, pte_perms;
> +uint64_t pte = dte[0], pte_addr;
> +
> +/* make sure the DTE has TV = 1 */
> +if (pte & AMDVI_DEV_TRANSLATION_VALID) {
> +level = get_pte_translation_mode(pte);
> +if (level >= 7) {
> +AMDVI_DPRINTF(MMU, "error: translation level 0x%"PRIu8 " 
> detected"
> +" while translating 0x%"PRIx64, level, addr);
> +return;
> +}
> +if (level == 0) {
> +goto no_remap;
> +}
> +
> +while (level > 0) {
> +pte_perms = amdvi_get_perms(pte);
> +present = pte & 1;
> +if (!present || perms != (perms & pte_perms)) {
> +amdvi_page_fault(as->iommu_state, as->devfn, addr, perms);
> +AMDVI_DPRINTF(MMU, "error: page fault accessing virtual addr 
> "
> +  "0x%"PRIx64, addr);
> +return;
> +}
> +
> +/* go to the next lower level */
> +pte_addr = pte & AMDVI_DEV_PT_ROOT_MASK;
> +/* add offset and load pte */
> +pte_addr += ((addr >> (3 + 9 * level)) & 0x1FF) << 3;
> +pte = ldq_phys(&address_space_memory, pte_addr);
> +level = get_pte_translation_mode(pte);
> +}
> +/* get access permissions from pte */

That comment is only addressing the last assignment of the followings.

> +ret->iova = addr & AMDVI_PAGE_MASK_4K;
> +ret->translated_addr = (pte & AMDVI_DEV_PT_ROOT_MASK) &
> +AMDVI_PAGE_MASK_4K;
> +ret->addr_mask = ~AMDVI_PAGE_MASK_4K;

This does not take huge pages (2M, 1G, ...) into account. Jailhouse
creates them, and its Linux guest goes mad. You need to use the correct
page size here, analogously to intel_iommu.c.

> +ret->perm = amdvi_get_perms(pte);
> +return;
> +}
> +
> +no_remap:
> +ret->iova = addr & AMDVI_PAGE_MASK_4K;
> +ret->translated_addr = addr & AMDVI_PAGE_MASK_4K;
> +ret->addr_mask = ~AMDVI_PAGE_MASK_4K;
> +ret->perm = amdvi_get_perms(pte);
> +
> +}
> +
> +/* TODO : Mark addresses as Accessed and Dirty */
> +static void amdvi_do_translate(AMDVIAddressSpace *as, hwaddr addr,
> +   bool is_write, IOMMUTLBEntry *ret)
> +{
> +AMDVIState *s = as->iommu_state;
> +uint16_t devid = PCI_DEVID(as->bus_num, as->devfn);
> +AMDVIIOTLBEntry *iotlb_entry = amdvi_iotlb_lookup(s, addr, as->devfn);
> +uint64_t entry[4];
> +
> +if (iotlb_entry) {
> +AMDVI_DPRINTF(CACHE, "hit  iotlb devid: %02x:%02x.%x gpa 0x%"PRIx64
> +  " hpa 0x%"PRIx64, PCI_BUS_NUM(devid), PCI_SLOT(devid),
> +  PCI_FUNC(devid), addr, iotlb_entry->translated_addr);
> +ret->iova = addr & AMDVI_PAGE_MASK_4K;
> +ret->translated_addr = iotlb_entry->translated_addr;
> +ret->addr_mask = ~AMDVI_PAGE_MASK_4K;
> +ret->perm = iotlb_entry->perms;
> +return;
> +}
> +
> +/* devices with V = 0 are not translated */
> +if (!amdvi_get_dte(s, devid, entry)) {
> +goto out;
> +}
> +
> +amdvi_page_walk(as, entry, ret,
> +is_write ? AMDVI_PERM_WRITE : AMDVI_PERM_READ, addr);
> +
> +amdvi_update_iotlb(s, as->devfn, addr, ret->translated_addr,
> +   ret->perm, entry[1] & AMDVI_DEV_DOMID_ID_MASK);
> +return;
> +
> +out:
> +ret->iova = addr & AMDVI_PAGE_MASK_4K;
> +ret->translated_addr = addr & AMDVI_PAGE_MASK_4K;
> +ret->addr_mask = ~AMDVI_PAGE_MASK_4K;
> +ret->perm = IOMMU_RW;
> +}
> +
> +static inline bool amdvi_is_interrupt_addr(hwaddr addr)
> +{
> +return addr >= AMDVI_INT_ADDR_FIRST && addr <= AMDVI_INT_ADDR_LAST;
> +}
> +
> +static IOMMUTLBEntry amdvi_translate(MemoryRegion *iommu, hwaddr addr,
> + bool is_write)
> +{
> +AMDVI_DPRINTF(GENERAL, "");

Not a very helpful instrumentation, I would say.

> +
> +AMDVIAddressSpace *as = container_of(iommu, AMDVIAddressSpace, iommu);
> +AMDVIState *s = as->iommu_state;
> +IOMMUTLBEntry ret = {
> +.target_as = &address_space_memory,
> +.iova = addr,
> +.translated_addr = 0,
> +.addr_mask = ~(hwaddr)0,
> +.perm = IOMMU_NONE
> +};
> +
> +if (!s->enabled || amdvi_is_interrupt_addr(addr)) {
> +/* AMDVI disabled - corresponds to iommu=off not
> + * failure to provide any parameter
> + */
> +ret.iova = addr & AMDVI_PAGE_MASK_4K;
> +ret.translated_addr = addr & AMDVI_PAGE_MASK_4K;
> +ret.addr_mask = ~AMDVI_PAGE_MASK_4K;
> +ret.perm = IOMMU_RW;
> +return ret;
> +}
> +
> +amdvi_do_tr

Re: [Qemu-devel] [PATCH v3 3/5] adb.c: correct several key assignments

[Peter Maydell]

On 6 May 2016 at 03:37, Programmingkid  wrote:
> The original pc_to_adb_keycode mapping did have several keys that were
> incorrectly mapped. This patch fixes these mappings.
>
> Signed-off-by: John Arbuckle 
> ---
>  hw/input/adb.c | 33 -
>  1 file changed, 12 insertions(+), 21 deletions(-)
>
> diff --git a/hw/input/adb.c b/hw/input/adb.c
> index 715642f..6d4f4dc 100644
> --- a/hw/input/adb.c
> +++ b/hw/input/adb.c
> @@ -62,6 +62,9 @@ do { printf("ADB: " fmt , ## __VA_ARGS__); } while (0)
>  /* error codes */
>  #define ADB_RET_NOTPRESENT (-2)
>
> +/* The adb keyboard doesn't have every key imaginable */
> +#define NO_KEY 0xff
> +

This...

>  static void adb_device_reset(ADBDevice *d)
>  {
>  qdev_reset_all(DEVICE(d));
> @@ -191,19 +194,21 @@ typedef struct ADBKeyboardClass {
>  } ADBKeyboardClass;
>
>  int qcode_to_adb_keycode[] = {
> + /* Make sure future additions are automatically set to NO_KEY */
> +[0 ... 0xff]   = NO_KEY,

...and this (and the removal of the "= 0" entries) should
be in the same patch which adds the "don't send key if
NO_KEY" check.

>  [Q_KEY_CODE_SHIFT] = ADB_KEY_LEFT_SHIFT,
>  [Q_KEY_CODE_SHIFT_R]   = ADB_KEY_RIGHT_SHIFT,
>  [Q_KEY_CODE_ALT]   = ADB_KEY_LEFT_OPTION,
>  [Q_KEY_CODE_ALT_R] = ADB_KEY_RIGHT_OPTION,
> -[Q_KEY_CODE_ALTGR] = 0,
> +[Q_KEY_CODE_ALTGR] = ADB_KEY_RIGHT_OPTION,
>  [Q_KEY_CODE_CTRL]  = ADB_KEY_LEFT_CONTROL,
>  [Q_KEY_CODE_CTRL_R]= ADB_KEY_RIGHT_CONTROL,
>  [Q_KEY_CODE_META_L]= ADB_KEY_LEFT_COMMAND,
>
>   /* ADB_KEY_RIGHT_COMMAND works as right super in Linux */
>   /* Use ADB_KEY_LEFT_COMMAND for Mac OS compatibility */
> -[Q_KEY_CODE_META_R]= 0x7e,
> +[Q_KEY_CODE_META_R]= ADB_KEY_LEFT_COMMAND,

This looks weird. Given that the Apple Extended Keyboard
hardware documentation just says that both left and right
Command keys return 0x37, we should probably just call
the #define ADB_KEY_COMMAND. (That in turn means that the
comments are unnecessary and you can just delete them
from the patch you put them in.)

>  [Q_KEY_CODE_SPC]   = ADB_KEY_SPACEBAR,
>
>  [Q_KEY_CODE_ESC]   = ADB_KEY_ESC,
> @@ -272,13 +277,13 @@ int qcode_to_adb_keycode[] = {
>  [Q_KEY_CODE_F10]   = ADB_KEY_F10,
>  [Q_KEY_CODE_F11]   = ADB_KEY_F11,
>  [Q_KEY_CODE_F12]   = ADB_KEY_F12,
> -[Q_KEY_CODE_PRINT] = 0,
> -[Q_KEY_CODE_SYSRQ] = 0,
> +[Q_KEY_CODE_PRINT] = ADB_KEY_F13,
> +[Q_KEY_CODE_SYSRQ] = ADB_KEY_F13,
>  [Q_KEY_CODE_SCROLL_LOCK]   = ADB_KEY_F14,
> -[Q_KEY_CODE_PAUSE] = 0,
> +[Q_KEY_CODE_PAUSE] = ADB_KEY_F15,
>
>  [Q_KEY_CODE_NUM_LOCK]  = ADB_KEY_KP_CLEAR,
> -[Q_KEY_CODE_KP_EQUALS] = 0,
> +[Q_KEY_CODE_KP_EQUALS] = ADB_KEY_KP_EQUAL,
>  [Q_KEY_CODE_KP_DIVIDE] = ADB_KEY_KP_DIVIDE,
>  [Q_KEY_CODE_KP_MULTIPLY]   = ADB_KEY_KP_MULTIPLY,
>  [Q_KEY_CODE_KP_SUBTRACT]   = ADB_KEY_KP_SUBTRACT,
> @@ -301,27 +306,13 @@ int qcode_to_adb_keycode[] = {
>  [Q_KEY_CODE_LEFT]  = ADB_KEY_LEFT,
>  [Q_KEY_CODE_RIGHT] = ADB_KEY_RIGHT,
>
> -[Q_KEY_CODE_HELP]  = 0,
> +[Q_KEY_CODE_HELP]  = ADB_KEY_HELP,
>  [Q_KEY_CODE_INSERT]= ADB_KEY_HELP,
>  [Q_KEY_CODE_DELETE]= ADB_KEY_FORWARD_DELETE,
>  [Q_KEY_CODE_HOME]  = ADB_KEY_HOME,
>  [Q_KEY_CODE_END]   = ADB_KEY_END,
>  [Q_KEY_CODE_PGUP]  = ADB_KEY_PAGE_UP,
>  [Q_KEY_CODE_PGDN]  = ADB_KEY_PAGE_DOWN,
> -
> -[Q_KEY_CODE_LESS]  = 0xa,
> -[Q_KEY_CODE_STOP]  = 0,
> -[Q_KEY_CODE_AGAIN] = 0,
> -[Q_KEY_CODE_PROPS] = 0,
> -[Q_KEY_CODE_UNDO]  = 0,
> -[Q_KEY_CODE_FRONT] = 0,
> -[Q_KEY_CODE_COPY]  = 0,
> -[Q_KEY_CODE_OPEN]  = 0,
> -[Q_KEY_CODE_PASTE] = 0,
> -[Q_KEY_CODE_FIND]  = 0,
> -[Q_KEY_CODE_CUT]   = 0,
> -[Q_KEY_CODE_LF]= 0,
> -[Q_KEY_CODE_COMPOSE]   = 0,

The rest of these changes look OK.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 5/5] target-i386: Move user-mode exception actions out of user-exec.c

[Sergey Fedorov]

On 16/05/16 19:09, Peter Maydell wrote:
> The exception_action() function in user-exec.c is just a call to
> cpu_loop_exit() for every target CPU except i386.  Since this
> function is only called if the target's handle_mmu_fault() hook has
> indicated an MMU fault, and that hook is only called from the
> handle_cpu_signal() code path, we can simply move the x86-specific
> setup into that hook, which allows us to remove the TARGET_I386
> ifdef from user-exec.c.
>
> Of the actions that were done by the call to raise_interrupt_err():
>  * cpu_svm_check_intercept_param() is a no-op in user mode
>  * check_exception() is a no-op since double faults are impossible
>for user-mode
>  * assignments to cs->exception_index and env->error_code are no-ops
>  * cpu_loop_exit_restore() is equivalent to cpu_loop_exit() since
>pc is 0
> which leaves just setting env_>exception_is_int and
> env->exception_next_eip as actions that need to be added to
> x86_cpu_handle_mmu_fault().
>
> Signed-off-by: Peter Maydell 
> ---
>  target-i386/helper.c |  2 ++
>  user-exec.c  | 16 +---
>  2 files changed, 3 insertions(+), 15 deletions(-)
>
> diff --git a/target-i386/helper.c b/target-i386/helper.c
> index bf3e762..e1dde46 100644
> --- a/target-i386/helper.c
> +++ b/target-i386/helper.c
> @@ -700,6 +700,8 @@ int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr,
>  env->error_code = (is_write << PG_ERROR_W_BIT);
>  env->error_code |= PG_ERROR_U_MASK;
>  cs->exception_index = EXCP0E_PAGE;
> +env->exception_is_int = 0;
> +env->exception_next_eip = env->eip;

'env->eip' was updated by restore_state_to_opc() from
cpu_restore_state_from_tb() from cpu_restore_state() from
handle_cpu_signal() _after_ calling 'handle_mmu_fault' hook but _before_
calling exception_action().

Kind regards,
Sergey

>  return 1;
>  }
>  
> diff --git a/user-exec.c b/user-exec.c
> index ad669f4..439bb37 100644
> --- a/user-exec.c
> +++ b/user-exec.c
> @@ -39,18 +39,6 @@
>  
>  //#define DEBUG_SIGNAL
>  
> -static void exception_action(CPUState *cpu)
> -{
> -#if defined(TARGET_I386)
> -X86CPU *x86_cpu = X86_CPU(cpu);
> -CPUX86State *env1 = &x86_cpu->env;
> -
> -raise_exception_err(env1, cpu->exception_index, env1->error_code);
> -#else
> -cpu_loop_exit(cpu);
> -#endif
> -}
> -
>  /* exit the current TB from a signal handler. The host registers are
> restored in a state compatible with the CPU emulator
>   */
> @@ -119,10 +107,8 @@ static inline int handle_cpu_signal(uintptr_t pc, 
> unsigned long address,
>  /* now we have a real cpu fault */
>  cpu_restore_state(cpu, pc);
>  
> -/* we restore the process signal mask as the sigreturn should
> -   do it (XXX: use sigsetjmp) */
>  sigprocmask(SIG_SETMASK, old_set, NULL);
> -exception_action(cpu);
> +cpu_loop_exit(cpu);
>  
>  /* never comes here */
>  return 1;

Re: [Qemu-devel] [PATCH v3 0/5] ADB improvements

[Peter Maydell]

On 6 May 2016 at 03:33, Programmingkid  wrote:
> This patch series makes several improvements to the ADB code. To test this 
> code,
> please implement the patches in the order below.
>
> John Arbuckle (5):
>   adb-keys.h: initial commit
>   adb.c: add support for QKeyCode
>   adb.c: correct several key assignments
>   adb.c: prevent NO_KEY value from going to guest
>   adb.c: add power key support
>
>  hw/input/adb.c  | 239 
> +++-
>  include/hw/input/adb-keys.h | 142 ++
>  2 files changed, 335 insertions(+), 46 deletions(-)
>  create mode 100644 include/hw/input/adb-keys.h

Hi; I've reviewed this v3 patchset. For v4 I recommend you cc qemu-ppc,
Alex and David, because the ADB input device is only used for the
hw/ppc/mac* boards and I think patches for those are best routed
via the PPC tree.

Please also make sure you send the patches for v4 so that they
are threaded correctly -- v3 did not come through threaded
properly.

thanks
-- PMM

Re: [Qemu-devel] Question about vNVDIMM file format

[Richard W.M. Jones]

On Mon, May 16, 2016 at 09:53:36AM -0700, Stefan Hajnoczi wrote:
> On Mon, May 16, 2016 at 04:04:01PM +0100, Richard W.M. Jones wrote:
> > I'm playing with ext4 and DAX.
> > 
> > I'm using:
> > 
> >   -object memory-backend-file,id=mem1,share,mem-path=/var/tmp/pmem,size=4G \
> >   -device nvdimm,memdev=mem1,id=nv1
> > 
> > where /var/tmp/pmem is a 4 GB ext4 filesystem image (no partition
> > table).  I can mount this in the guest using:
> > 
> >   mount -o dax /dev/pmem0 /mnt
> > 
> > and everything appears to work.
> > 
> > I read in the mailing list that the pmem file has some internal
> > structure for storing config data, stored in the last 128 KB of the
> > file.  Is that still the case?
> 
> AFAICT qemu.git/master does not support the ACPI _DSM for namespace
> configuration.  That means the entire /var/tmp/pmem should be visible.

That's great, thanks both for your answers.

FWIW I was able to add support to libguestfs -- at least for the
"direct" backend where we run qemu directly.  Unfortunately libvirt
does not support the vNVDIMM device yet.

I have posted the two patches needed on our mailing list.  There seems
to be some delay in our mail server, so they aren't in the archives
yet:

  https://www.redhat.com/archives/libguestfs/2016-May/thread.html

There are a few possible problems / questions I have:

(a) How necessary is the ACPI dependency?  We disable ACPI because it
is quite slow, adding something like 150-200ms to the boot process
(every millisecond counts for us!).  Because I previously never needed
ACPI, I never really looked into why this is, and it could be
something quite simple, so I'm going to look at this issue next.  I
understand that NVDIMMs are not regular (eg) PCI devices, so ordinary
device probing isn't going to work, and that probably answers the
question why you need to use ACPI.

(b) Could you describe what the 3 modules (nd_btt, nd_pmem, nfit) do?
Are all 3 modules necessary in the guest kernel?

(c) I've got the root filesystem (which is actually ext2, but using
the ext4.ko driver) mounted with -o dax.  What benefits / differences
should I observe?  Just general reduced memory / page cache usage?

(d) If, in future, you add the namespace metadata, what tools will be
available on the host to create a packed filesystem + metadata?
Assuming that we won't be able to export just a filesystem as I am
doing now.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

Re: [Qemu-devel] [PATCH 4/5] user-exec: Don't reextract sigmask from usercontext pointer

[Sergey Fedorov]

On 16/05/16 19:09, Peter Maydell wrote:
> Extracting the old signal mask from the usercontext pointer passed to
> a signal handler is a pain because it is OS and CPU dependent.
> Since we've already done it once and passed it to handle_cpu_signal(),
> there's no need to do it again in cpu_exit_tb_from_sighandler().
> This then means we don't need to pass a usercontext pointer in to
> handle_cpu_signal() at all.
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Sergey Fedorov 

> ---
>  user-exec.c | 48 
>  1 file changed, 16 insertions(+), 32 deletions(-)
>
> diff --git a/user-exec.c b/user-exec.c
> index 40b5e7c..ad669f4 100644
> --- a/user-exec.c
> +++ b/user-exec.c
> @@ -54,25 +54,10 @@ static void exception_action(CPUState *cpu)
>  /* exit the current TB from a signal handler. The host registers are
> restored in a state compatible with the CPU emulator
>   */
> -static void cpu_exit_tb_from_sighandler(CPUState *cpu, void *puc)
> +static void cpu_exit_tb_from_sighandler(CPUState *cpu, sigset_t *old_set)
>  {
> -#ifdef __linux__
> -struct ucontext *uc = puc;
> -#elif defined(__OpenBSD__)
> -struct sigcontext *uc = puc;
> -#endif
> -
>  /* XXX: use siglongjmp ? */
> -#ifdef __linux__
> -#ifdef __ia64
> -sigprocmask(SIG_SETMASK, (sigset_t *)&uc->uc_sigmask, NULL);
> -#else
> -sigprocmask(SIG_SETMASK, &uc->uc_sigmask, NULL);
> -#endif
> -#elif defined(__OpenBSD__)
> -sigprocmask(SIG_SETMASK, &uc->sc_mask, NULL);
> -#endif
> -
> +sigprocmask(SIG_SETMASK, old_set, NULL);
>  cpu_loop_exit_noexc(cpu);
>  }
>  
> @@ -81,8 +66,7 @@ static void cpu_exit_tb_from_sighandler(CPUState *cpu, void 
> *puc)
> write caused the exception and otherwise 0'. 'old_set' is the
> signal set which should be restored */
>  static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
> -int is_write, sigset_t *old_set,
> -void *puc)
> +int is_write, sigset_t *old_set)
>  {
>  CPUState *cpu;
>  CPUClass *cc;
> @@ -110,7 +94,7 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned 
> long address,
>   * currently executing TB was modified and must be exited
>   * immediately.
>   */
> -cpu_exit_tb_from_sighandler(current_cpu, puc);
> +cpu_exit_tb_from_sighandler(current_cpu, old_set);
>  g_assert_not_reached();
>  default:
>  g_assert_not_reached();
> @@ -204,7 +188,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
>  return handle_cpu_signal(pc, (unsigned long)info->si_addr,
>   trapno == 0xe ?
>   (ERROR_sig(uc) >> 1) & 1 : 0,
> - &MASK_sig(uc), puc);
> + &MASK_sig(uc));
>  }
>  
>  #elif defined(__x86_64__)
> @@ -250,7 +234,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
>  return handle_cpu_signal(pc, (unsigned long)info->si_addr,
>   TRAP_sig(uc) == 0xe ?
>   (ERROR_sig(uc) >> 1) & 1 : 0,
> - &MASK_sig(uc), puc);
> + &MASK_sig(uc));
>  }
>  
>  #elif defined(_ARCH_PPC)
> @@ -366,7 +350,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
>  }
>  #endif
>  return handle_cpu_signal(pc, (unsigned long)info->si_addr,
> - is_write, &uc->uc_sigmask, puc);
> + is_write, &uc->uc_sigmask);
>  }
>  
>  #elif defined(__alpha__)
> @@ -397,7 +381,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
>  }
>  
>  return handle_cpu_signal(pc, (unsigned long)info->si_addr,
> - is_write, &uc->uc_sigmask, puc);
> + is_write, &uc->uc_sigmask);
>  }
>  #elif defined(__sparc__)
>  
> @@ -457,7 +441,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
>  }
>  }
>  return handle_cpu_signal(pc, (unsigned long)info->si_addr,
> - is_write, sigmask, NULL);
> + is_write, sigmask);
>  }
>  
>  #elif defined(__arm__)
> @@ -492,7 +476,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
>  is_write = extract32(uc->uc_mcontext.error_code, 11, 1);
>  return handle_cpu_signal(pc, (unsigned long)info->si_addr,
>   is_write,
> - &uc->uc_sigmask, puc);
> + &uc->uc_sigmask);
>  }
>  
>  #elif defined(__aarch64__)
> @@ -520,7 +504,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, void 
> *puc)
>  || (insn & 0x3a40) == 0x2800); /* C3.3.7,14-16 */
>  
>  return handle_cpu_signal(pc, (uintptr_t)info->si_addr,
> - is_write, &uc->uc_sigmask, puc);

Re: [Qemu-devel] Hot reload network configuration

[Stefan Hajnoczi]

On Wed, May 11, 2016 at 08:50:54PM +0800, Hu Keping wrote:
> Is there any possible that start qemu with --net=none and then change the
> configuration of the network, say using tap for example?

Yes.  If your machine type supports PCI hotplug then you can use the
netdev_add and device_add commands.  This is equivalent to hotplugging a
NIC into a running machine.

I don't have exact syntax because I haven't tested it, but it should be
similar to using the -netdev tap,id=netdev0 -device e1000,netdev=netdev0
command-line option syntax.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] Modify net/socket.c to use socket_* functions from include/qemu/sockets.h

[Stefan Hajnoczi]

On Thu, May 12, 2016 at 10:33:05PM +0530, Ashijeet Acharya wrote:
> Changed the listen(),connect(),parse_host_port() in net/socket.c with the 
> socket_*()functions in include/qemu/sockets.h.

What is the rationale for this change?  Please explain why this is
necessary or a good idea.

Please summarize the address syntax changes in this patch and update the
QEMU man page.

> 
> Signed-off-by: Ashijeet Acharya 
> ---
>  net/socket.c | 38 +++---
>  1 file changed, 19 insertions(+), 19 deletions(-)
> 
> diff --git a/net/socket.c b/net/socket.c
> index 9fa2cd8..b6e2f3e 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -522,10 +522,12 @@ static int net_socket_listen_init(NetClientState *peer,
>  {
>  NetClientState *nc;
>  NetSocketState *s;
> -struct sockaddr_in saddr;
> +SocketAddress *saddr;
>  int fd, ret;
> +Error *local_error = NULL;
> +saddr = g_new0(SocketAddress, 1);
>  
> -if (parse_host_port(&saddr, host_str) < 0)
> +if (socket_parse(host_str, &local_error) < 0)
>  return -1;

saddr is leaked.  Please check all return code paths and avoid memory
leaks.

I'm not sure if it makes sense to allocate a new SocketAddress object
since it is assigned a different object further down in the patch:

saddr = socket_local_address(fd, &local_error);


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 1/1] target-arm: Add the HSTR_EL2 register

[Peter Maydell]

On 13 May 2016 at 22:28, Alistair Francis  wrote:
> Add the Hypervisor System Trap Register for EL2.
>
> This register is used early in the Linux boot and without it the kernel
> aborts with a "Synchronous Abort" error.
>
> Signed-off-by: Alistair Francis 
> ---



Applied to target-arm.next, thanks.

-- PMM

Re: [Qemu-devel] [PATCH v2 1/1] target-arm: Add the HSTR_EL2 register

[Alistair Francis]

On Mon, May 16, 2016 at 10:43 AM, Peter Maydell
 wrote:
> On 13 May 2016 at 22:28, Alistair Francis  wrote:
>> Add the Hypervisor System Trap Register for EL2.
>>
>> This register is used early in the Linux boot and without it the kernel
>> aborts with a "Synchronous Abort" error.
>>
>> Signed-off-by: Alistair Francis 
>> ---
>
>
>
> Applied to target-arm.next, thanks.

Thanks Peter

Alistair

>
> -- PMM
>

Re: [Qemu-devel] [PATCH v4 0/1] arm: Steps towards EL2 support round 6

[Peter Maydell]

On 5 May 2016 at 17:10, Edgar E. Iglesias  wrote:
> From: "Edgar E. Iglesias" 
>
> Hi,
>
> Another round of patches towards EL2 support. This one adds partial
> Instruction Syndrome generation for Data Aborts while running in AArch64.
>
> I don't feel very confident with the way I collect the regsize info used
> to fill out the SF field. Feedback on that would be great.
>
> Once we sort out the details on how this should be implemented we can
> fill out the parts needed for AArch32. Possibly in a future version of
> this same series.

Applied to target-arm.next, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 3/5] cpu-exec: Rename cpu_resume_from_signal() to cpu_loop_exit_noexc()

[Sergey Fedorov]

On 16/05/16 19:09, Peter Maydell wrote:
> The function cpu_resume_from_signal() is now always called with a
> NULL puc argument, and is rather misnamed since it is never called
> from a signal handler. It is essentially forcing an exit to the
> top level cpu loop but without raising any exception, so rename
> it to cpu_loop_exit_noexc() and drop the useless unused argument.
>
> Signed-off-by: Peter Maydell 

Reviewed-by: Sergey Fedorov 

> ---
>  cpu-exec-common.c| 6 ++
>  exec.c   | 2 +-
>  hw/i386/kvmvapic.c   | 2 +-
>  include/exec/exec-all.h  | 2 +-
>  target-i386/bpt_helper.c | 2 +-
>  target-lm32/helper.c | 2 +-
>  target-s390x/helper.c| 2 +-
>  target-xtensa/helper.c   | 2 +-
>  translate-all.c  | 4 ++--
>  user-exec.c  | 2 +-
>  10 files changed, 12 insertions(+), 14 deletions(-)
>
> diff --git a/cpu-exec-common.c b/cpu-exec-common.c
> index 62f5d6b..fac3aa7 100644
> --- a/cpu-exec-common.c
> +++ b/cpu-exec-common.c
> @@ -25,10 +25,8 @@
>  bool exit_request;
>  CPUState *tcg_current_cpu;
>  
> -/* exit the current TB from a signal handler. The host registers are
> -   restored in a state compatible with the CPU emulator
> - */
> -void cpu_resume_from_signal(CPUState *cpu, void *puc)
> +/* exit the current TB, but without causing any exception to be raised */
> +void cpu_loop_exit_noexc(CPUState *cpu)
>  {
>  /* XXX: restore cpu registers saved in host registers */
>  
> diff --git a/exec.c b/exec.c
> index ee45472..c5c97ac 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -2121,7 +2121,7 @@ static void check_watchpoint(int offset, int len, 
> MemTxAttrs attrs, int flags)
>  } else {
>  cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
>  tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
> -cpu_resume_from_signal(cpu, NULL);
> +cpu_loop_exit_noexc(cpu);
>  }
>  }
>  } else {
> diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
> index f14445d..ee2f3fa 100644
> --- a/hw/i386/kvmvapic.c
> +++ b/hw/i386/kvmvapic.c
> @@ -447,7 +447,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU 
> *cpu, target_ulong ip)
>  
>  if (!kvm_enabled()) {
>  tb_gen_code(cs, current_pc, current_cs_base, current_flags, 1);
> -cpu_resume_from_signal(cs, NULL);
> +cpu_loop_exit_noexc(cs);
>  }
>  }
>  
> diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
> index 85528f9..1359f14 100644
> --- a/include/exec/exec-all.h
> +++ b/include/exec/exec-all.h
> @@ -73,7 +73,7 @@ void restore_state_to_opc(CPUArchState *env, struct 
> TranslationBlock *tb,
>  void cpu_gen_init(void);
>  bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc);
>  
> -void QEMU_NORETURN cpu_resume_from_signal(CPUState *cpu, void *puc);
> +void QEMU_NORETURN cpu_loop_exit_noexc(CPUState *cpu);
>  void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
>  TranslationBlock *tb_gen_code(CPUState *cpu,
>target_ulong pc, target_ulong cs_base,
> diff --git a/target-i386/bpt_helper.c b/target-i386/bpt_helper.c
> index f47df19..458170e 100644
> --- a/target-i386/bpt_helper.c
> +++ b/target-i386/bpt_helper.c
> @@ -217,7 +217,7 @@ void breakpoint_handler(CPUState *cs)
>  if (check_hw_breakpoints(env, false)) {
>  raise_exception(env, EXCP01_DB);
>  } else {
> -cpu_resume_from_signal(cs, NULL);
> +cpu_loop_exit_noexc(cs);
>  }
>  }
>  } else {
> diff --git a/target-lm32/helper.c b/target-lm32/helper.c
> index 655248f..accfa7c 100644
> --- a/target-lm32/helper.c
> +++ b/target-lm32/helper.c
> @@ -140,7 +140,7 @@ void lm32_debug_excp_handler(CPUState *cs)
>  if (check_watchpoints(env)) {
>  raise_exception(env, EXCP_WATCHPOINT);
>  } else {
> -cpu_resume_from_signal(cs, NULL);
> +cpu_loop_exit_noexc(cs);
>  }
>  }
>  } else {
> diff --git a/target-s390x/helper.c b/target-s390x/helper.c
> index 92abe7e..f1e0a43 100644
> --- a/target-s390x/helper.c
> +++ b/target-s390x/helper.c
> @@ -686,7 +686,7 @@ void s390x_cpu_debug_excp_handler(CPUState *cs)
> will be triggered, it will call load_psw which will recompute
> the watchpoints.  */
>  cpu_watchpoint_remove_all(cs, BP_CPU);
> -cpu_resume_from_signal(cs, NULL);
> +cpu_loop_exit_noexc(cs);
>  }
>  }
>  #endif /* CONFIG_USER_ONLY */
> diff --git a/target-xtensa/helper.c b/target-xtensa/helper.c
> index 839f4a7..768b32c 100644
> --- a/target-xtensa/helper.c
> +++ b/target-xtensa/helper.c
> @@ -108,7 +108,7 @@ void xtensa_breakpoint_handler(CPUState *cs)
>  if (cause) {
>  debug_exception_env(env, cause);
>  }
> -cpu_resume_from_signal(cs, NULL);
> + 

Re: [Qemu-devel] [PATCH v3 2/5] adb.c: add support for QKeyCode

[Peter Maydell]

On 6 May 2016 at 03:36, Programmingkid  wrote:
> The old pc scancode translation is replaced with QEMU's QKeyCode.
>
> Signed-off-by: John Arbuckle 
> ---

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 1/5] adb-keys.h: initial commit

[Peter Maydell]

On 6 May 2016 at 03:35, Programmingkid  wrote:
> Add the adb-keys.h file. It maps ADB transition key codes with values.
>
> Signed-off-by: John Arbuckle 
> ---

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] Question about vNVDIMM file format

[Xiao Guangrong]

On 05/16/2016 11:04 PM, Richard W.M. Jones wrote:

I'm playing with ext4 and DAX.


Thanks for your try, Rich! :)



I'm using:

   -object memory-backend-file,id=mem1,share,mem-path=/var/tmp/pmem,size=4G \
   -device nvdimm,memdev=mem1,id=nv1

where /var/tmp/pmem is a 4 GB ext4 filesystem image (no partition
table).  I can mount this in the guest using:

   mount -o dax /dev/pmem0 /mnt

and everything appears to work.

I read in the mailing list that the pmem file has some internal
structure for storing config data, stored in the last 128 KB of the
file.  Is that still the case?


The patchset supporting label data has not been merged yet so currently there
is no label data for vNVDIMM device.

[Qemu-devel] [PATCH] cpus.c: Use pthread_sigmask() rather than sigprocmask()

[Peter Maydell]

On Linux, sigprocmask() and pthread_sigmask() are in practice the
same thing (they only set the signal mask for the calling thread),
but the documentation states that the behaviour of sigprocmask() in a
multithreaded process is undefined. Use pthread_sigmask() instead
(which is what we do in almost all places in QEMU that alter the
signal mask already).

Signed-off-by: Peter Maydell 
---
 cpus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cpus.c b/cpus.c
index cbeb1f6..1d0fc53 100644
--- a/cpus.c
+++ b/cpus.c
@@ -778,7 +778,7 @@ static void sigbus_reraise(void)
 raise(SIGBUS);
 sigemptyset(&set);
 sigaddset(&set, SIGBUS);
-sigprocmask(SIG_UNBLOCK, &set, NULL);
+pthread_sigmask(SIG_UNBLOCK, &set, NULL);
 }
 perror("Failed to re-raise SIGBUS!\n");
 abort();
-- 
1.9.1

Re: [Qemu-devel] [PATCH] cpus.c: Use pthread_sigmask() rather than sigprocmask()

[Peter Maydell]

On 16 May 2016 at 18:33, Peter Maydell  wrote:
> On Linux, sigprocmask() and pthread_sigmask() are in practice the
> same thing (they only set the signal mask for the calling thread),
> but the documentation states that the behaviour of sigprocmask() in a
> multithreaded process is undefined. Use pthread_sigmask() instead
> (which is what we do in almost all places in QEMU that alter the
> signal mask already).

The only other sigprocmask() uses are in linux-user, apart from
a couple in net/tap.c, where they're used as part of forking and
spawning the helper process. I suspect this should be using
qemu_fork() instead of doing it all by hand, wrongly...

thanks
-- PMM

Re: [Qemu-devel] [PATCH 00/52] 680x0 instructions emulation

[Laurent Vivier]

Le 12/05/2016 à 23:23, Alexander Graf a écrit :
> 
> 
>> Am 12.05.2016 um 23:17 schrieb John Paul Adrian Glaubitz
>> :
>> 
>> Hi!
>> 
>> Now that qemu 2.6.0 has been released, what about making Laurent
>> the maintainer for the orphaned M68K target so that the 680x0
>> emulation support can be merged?
>> 
>> What do the qemu maintainers think? Is there anything which speaks 
>> against my suggestion?
> 
> I expect he'll send a v2 of the patch set that fixes all review
> comments and includes the patch to MAINTAINERS. I don't see how
> applying only the MAINTAINERS patch would help anyone? Would it speed
> up his work to get v2 out? :)

I'm not as efficient to fix them as Richard is to review them... but I'm
working on that, and I will add MAINTAINER patch in the series. :)

Thanks,
Laurent

Re: [Qemu-devel] [PATCH 1/5] translate-all.c: Don't pass puc, locked to tb_invalidate_phys_page()

[Sergey Fedorov]

On 16/05/16 20:15, Peter Maydell wrote:
> On 16 May 2016 at 18:13, Sergey Fedorov  wrote:
>> On 16/05/16 19:09, Peter Maydell wrote:
>>> @@ -1996,7 +1997,10 @@ int page_unprotect(target_ulong address, uintptr_t 
>>> pc, void *puc)
>>>
>>>  /* and since the content will be modified, we must invalidate
>>> the corresponding translated code. */
>>> -tb_invalidate_phys_page(addr, pc, puc, true);
>>> +if (tb_invalidate_phys_page(addr, pc)) {
>>> +mmap_unlock();
>>> +cpu_resume_from_signal(current_cpu, puc);
>>> +}
>>>  #ifdef DEBUG_TB_CHECK
>>>  tb_invalidate_check(addr);
>>>  #endif
>> Just my 2 cents: we could allow that cpu_resume_from_signal() call and
>> add mmap_lock_reset() similar to tb_lock_reset() to handle resetting
>> mmap_lock after a long jump.
> There's no need -- if you look at the rest of the patchset, that
> call goes away from this function entirely and ends up in the
> caller, at which point this function's handling of the mmap
> lock is the straightforward "lock on entry, unlock before return".

Reviewed-by: Sergey Fedorov 

Thanks,
Sergey

Re: [Qemu-devel] [PATCH 00/52] 680x0 instructions emulation

[Laurent Vivier]

Le 12/05/2016 à 23:17, John Paul Adrian Glaubitz a écrit :
> Hi!
> 
> Now that qemu 2.6.0 has been released, what about making Laurent the
> maintainer for the orphaned M68K target so that the 680x0 emulation
> support can be merged?
> 
> What do the qemu maintainers think? Is there anything which speaks
> against my suggestion?

I've sent a patch for that :)

https://patchwork.ozlabs.org/patch/619248/

Laurent

> Thanks,
> Adrian
> 
> On 05/06/2016 11:54 AM, Laurent Vivier wrote:
>>
>>
>> Le 06/05/2016 à 11:35, Andreas Schwab a écrit :
>>> When I bootstrap gcc with the qemu built from your 680x0-master-dev
>>> branch I get a bootstrap comparison failure for a lot of files.
>>> Rerunning the stage1 compiler in aranym then produces object files that
>>> are identical to what the stage2 compiler produced, thus some insn (or
>>> combination thereof) only used in the stage1 compiler (which is built
>>> unoptimized) isn't handled correctly yet.
>>
>> Yes, I know this is not perfect, but keeping all these patches in my own
>> tree doesn't help.
>>
>> It's why I try to have them merged.
>>
>> BTW, Adrian is using this branch (680x0-master-dev) for months to build
>> Debian packages.
>>
>> Thanks,
>> Laurent
>>
> 
> 

Re: [Qemu-devel] [PATCH v2] pci: fix pci_requester_id()

[Michael S. Tsirkin]

On Mon, May 16, 2016 at 09:44:28AM -0600, Alex Williamson wrote:
> On Mon, 16 May 2016 17:58:18 +0800
> Peter Xu  wrote:
> 
> > On Mon, May 16, 2016 at 12:21:54PM +0300, Michael S. Tsirkin wrote:
> > [...]
> > > > "Legacy PCI bus, override requester ID with the bridge's BDF
> > > > upstream.  The root complex of legacy PCI system can only get
> > > > requester ID from directly attached devices (including bridges).  
> > > 
> > > When do legacy pci systems use requester id at all?
> > > PCI spec does not mention this concept.  
> > 
> > I see some descriptions about this in vt-d spec, e.g., chap
> > 3.9.2. Maybe somewhere else too, but I cannot remember. In the spec,
> > it is told something like:
> > 
> > "...the source-id in the DMA requests is the requester-id of the
> > bridge device..."
> > 
> > Similar thing on interrupt remapping desc in 5.1.1.
> > 
> > Actually I am curious about how generic PCI system delivers
> > requester ID (if there is)... For PCIe, we have encoded TLP header,
> > and requester ID is filled in the specific field of the header.
> > However for legacy PCI system, all the data is transmitted via the
> > parallel interface (no matter 32/64 bits) and I found no place that
> > the requester ID can be included. I was assuming there is some way
> > for the root complex to know it (when request comes, the root
> > complex should be able to know where the request come from, or say,
> > its connected BDF). Never digger into the details, or am I wrong?
> 
> There's no such thing as a requester ID on conventional PCI.  We should
> probably be making use of pci_bus_is_express() to determine whether we
> have a valid requester ID and error if we hit pci_bus_is_root() and we
> still don't have an express bus.  And as MST says, testing for
> bus number zero is not a valid test for the root bus.  Thanks,
> 
> Alex

Well MSI code sticks the requester ID in the MSI message
unconditionally. It's typically later ignored by the the
PC machine type though.

> > >   
> > > > If
> > > > devices are attached under specific bridge (no matter  
> > > 
> > > should be "no matter if"
> > >   
> > > > there are one
> > > > or more bridges), only the requester ID of the bridge that directly  
> > > 
> > > should be "that is directly"  
> > 
> > Will fix above two.
> > 
> > >   
> > > > attached to the root complex can be recognized."
> > > >   
> > > > >   
> > > > > > +result = pci_get_bdf(dev);  
> > > > > 
> > > > > Won't dev be NULL for a root bus?  
> > > > 
> > > > Should not. The above while() is checking whether dev's parent bus
> > > > number (N) is zero,  
> > > 
> > > OK but from pci perspective it's not a given that it's zero.
> > > I think it isn't for pci expander.
> > > BTW did you try this with expander bridges?  
> > 
> > Nop... I used the same test in as in v1 (Radim's one, with IR
> > patchset applied, since until now IR seems the only one that uses
> > this field), since I found it hard to cover all the combinations
> > (include different PCI/PCIX/PCIe buses, PCI/PCIe devices, and all
> > kinds of topologies, etc.).  Do you think I should do thorough tests
> > for this change? If so, do you have suggestion on which test cases I
> > should (at least) cover?
> > 
> > >   
> > > > and reach here only if it's non-zero. Here, dev
> > > > is already re-used to store the PCIDevice struct for the bus device,
> > > > whose secondary bus number is N (as checked in the while
> > > > condition). So it should never be the root pci bus (which has
> > > > so-called secondary bus number 0).  
> > > 
> > > Pls don't make this assumption. If you want to know
> > > whether it's a root, call pci_bus_is_root.  
> > 
> > Ah, yes, I should use that.
> > 
> > Thanks,
> > 
> > -- peterx

[Qemu-devel] [PATCH 17/50] target-sparc: make cpu-qom.h not target specific

[Paolo Bonzini]

Make SPARCCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  This helps making files independent of NEED_CPU_H
if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-sparc/cpu-qom.h | 37 +
 target-sparc/cpu.h | 38 +-
 2 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/target-sparc/cpu-qom.h b/target-sparc/cpu-qom.h
index 174dfd3..f63af72 100644
--- a/target-sparc/cpu-qom.h
+++ b/target-sparc/cpu-qom.h
@@ -51,41 +51,6 @@ typedef struct SPARCCPUClass {
 void (*parent_reset)(CPUState *cpu);
 } SPARCCPUClass;
 
-/**
- * SPARCCPU:
- * @env: #CPUSPARCState
- *
- * A SPARC CPU.
- */
-typedef struct SPARCCPU {
-/*< private >*/
-CPUState parent_obj;
-/*< public >*/
-
-CPUSPARCState env;
-} SPARCCPU;
-
-static inline SPARCCPU *sparc_env_get_cpu(CPUSPARCState *env)
-{
-return container_of(env, SPARCCPU, env);
-}
-
-#define ENV_GET_CPU(e) CPU(sparc_env_get_cpu(e))
-
-#define ENV_OFFSET offsetof(SPARCCPU, env)
-
-#ifndef CONFIG_USER_ONLY
-extern const struct VMStateDescription vmstate_sparc_cpu;
-#endif
-
-void sparc_cpu_do_interrupt(CPUState *cpu);
-void sparc_cpu_dump_state(CPUState *cpu, FILE *f,
-  fprintf_function cpu_fprintf, int flags);
-hwaddr sparc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
-int sparc_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
-int sparc_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
-void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cpu,
- vaddr addr, int is_write,
- int is_user, uintptr_t 
retaddr);
+typedef struct SPARCCPU SPARCCPU;
 
 #endif
diff --git a/target-sparc/cpu.h b/target-sparc/cpu.h
index dc46122..55981b5 100644
--- a/target-sparc/cpu.h
+++ b/target-sparc/cpu.h
@@ -3,6 +3,7 @@
 
 #include "qemu-common.h"
 #include "qemu/bswap.h"
+#include "cpu-qom.h"
 
 #define ALIGNED_ONLY
 
@@ -506,7 +507,42 @@ struct CPUSPARCState {
 uint32_t cache_control;
 };
 
-#include "cpu-qom.h"
+/**
+ * SPARCCPU:
+ * @env: #CPUSPARCState
+ *
+ * A SPARC CPU.
+ */
+struct SPARCCPU {
+/*< private >*/
+CPUState parent_obj;
+/*< public >*/
+
+CPUSPARCState env;
+};
+
+static inline SPARCCPU *sparc_env_get_cpu(CPUSPARCState *env)
+{
+return container_of(env, SPARCCPU, env);
+}
+
+#define ENV_GET_CPU(e) CPU(sparc_env_get_cpu(e))
+
+#define ENV_OFFSET offsetof(SPARCCPU, env)
+
+#ifndef CONFIG_USER_ONLY
+extern const struct VMStateDescription vmstate_sparc_cpu;
+#endif
+
+void sparc_cpu_do_interrupt(CPUState *cpu);
+void sparc_cpu_dump_state(CPUState *cpu, FILE *f,
+  fprintf_function cpu_fprintf, int flags);
+hwaddr sparc_cpu_get_phys_page_debug(CPUState *cpu, vaddr addr);
+int sparc_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
+int sparc_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
+void QEMU_NORETURN sparc_cpu_do_unaligned_access(CPUState *cpu,
+ vaddr addr, int is_write,
+ int is_user, uintptr_t 
retaddr);
 
 #ifndef NO_CPU_IO_DEFS
 /* cpu_init.c */
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH 1/5] translate-all.c: Don't pass puc, locked to tb_invalidate_phys_page()

[Peter Maydell]

On 16 May 2016 at 18:13, Sergey Fedorov  wrote:
> On 16/05/16 19:09, Peter Maydell wrote:
>> @@ -1996,7 +1997,10 @@ int page_unprotect(target_ulong address, uintptr_t 
>> pc, void *puc)
>>
>>  /* and since the content will be modified, we must invalidate
>> the corresponding translated code. */
>> -tb_invalidate_phys_page(addr, pc, puc, true);
>> +if (tb_invalidate_phys_page(addr, pc)) {
>> +mmap_unlock();
>> +cpu_resume_from_signal(current_cpu, puc);
>> +}
>>  #ifdef DEBUG_TB_CHECK
>>  tb_invalidate_check(addr);
>>  #endif
>
> Just my 2 cents: we could allow that cpu_resume_from_signal() call and
> add mmap_lock_reset() similar to tb_lock_reset() to handle resetting
> mmap_lock after a long jump.

There's no need -- if you look at the rest of the patchset, that
call goes away from this function entirely and ends up in the
caller, at which point this function's handling of the mmap
lock is the straightforward "lock on entry, unlock before return".

thanks
-- PMM

Re: [Qemu-devel] [PATCH 1/5] translate-all.c: Don't pass puc, locked to tb_invalidate_phys_page()

[Sergey Fedorov]

On 16/05/16 19:09, Peter Maydell wrote:
> The user-mode-only function tb_invalidate_phys_page() is only
> called from two places:
>  * page_unprotect(), which passes in a non-zero pc, a puc pointer
>and the value 'true' for the locked argument
>  * page_set_flags(), which passes in a zero pc, a NULL puc pointer
>and a 'false' locked argument
>
> If the pc is non-zero then we may call cpu_resume_from_signal(),
> which does a longjmp out of the calling code (and out of the
> signal handler); this is to cover the case of a target CPU with
> "precise self-modifying code" (currently only x86) executing
> a store instruction which modifies code in the same TB as the
> store itself. Rather than doing the longjump directly here,
> return a flag to the caller which indicates whether the current
> TB was modified, and move the longjump to page_unprotect.
>
> Signed-off-by: Peter Maydell 
> ---
>  translate-all.c | 26 +++---
>  1 file changed, 15 insertions(+), 11 deletions(-)
>
> diff --git a/translate-all.c b/translate-all.c
> index b54f472..4820d2e 100644
> --- a/translate-all.c
> +++ b/translate-all.c
> @@ -1438,10 +1438,13 @@ void tb_invalidate_phys_page_fast(tb_page_addr_t 
> start, int len)
>  }
>  }
>  #else
> -/* Called with mmap_lock held.  */
> -static void tb_invalidate_phys_page(tb_page_addr_t addr,
> -uintptr_t pc, void *puc,
> -bool locked)
> +/* Called with mmap_lock held. If pc is not 0 then it indicates the
> + * host PC of the faulting store instruction that caused this invalidate.
> + * Returns true if the caller needs to abort execution of the current
> + * TB (because it was modified by this store and the guest CPU has
> + * precise-SMC semantics).
> + */
> +static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc)
>  {
>  TranslationBlock *tb;
>  PageDesc *p;
> @@ -1459,7 +1462,7 @@ static void tb_invalidate_phys_page(tb_page_addr_t addr,
>  addr &= TARGET_PAGE_MASK;
>  p = page_find(addr >> TARGET_PAGE_BITS);
>  if (!p) {
> -return;
> +return false;
>  }
>  tb = p->first_tb;
>  #ifdef TARGET_HAS_PRECISE_SMC
> @@ -1498,12 +1501,10 @@ static void tb_invalidate_phys_page(tb_page_addr_t 
> addr,
> modifying the memory. It will ensure that it cannot modify
> itself */
>  tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
> -if (locked) {
> -mmap_unlock();
> -}
> -cpu_resume_from_signal(cpu, puc);
> +return true;
>  }
>  #endif
> +return false;
>  }
>  #endif
>  
> @@ -1902,7 +1903,7 @@ void page_set_flags(target_ulong start, target_ulong 
> end, int flags)
>  if (!(p->flags & PAGE_WRITE) &&
>  (flags & PAGE_WRITE) &&
>  p->first_tb) {
> -tb_invalidate_phys_page(addr, 0, NULL, false);
> +tb_invalidate_phys_page(addr, 0);
>  }
>  p->flags = flags;
>  }
> @@ -1996,7 +1997,10 @@ int page_unprotect(target_ulong address, uintptr_t pc, 
> void *puc)
>  
>  /* and since the content will be modified, we must invalidate
> the corresponding translated code. */
> -tb_invalidate_phys_page(addr, pc, puc, true);
> +if (tb_invalidate_phys_page(addr, pc)) {
> +mmap_unlock();
> +cpu_resume_from_signal(current_cpu, puc);
> +}
>  #ifdef DEBUG_TB_CHECK
>  tb_invalidate_check(addr);
>  #endif

Just my 2 cents: we could allow that cpu_resume_from_signal() call and
add mmap_lock_reset() similar to tb_lock_reset() to handle resetting
mmap_lock after a long jump.

Kind regards,
Sergey

Re: [Qemu-devel] [PATCH 07/10] blockdev-backup: added support for data compression

[Eric Blake]

On 05/14/2016 06:45 AM, Denis V. Lunev wrote:
> From: Pavel Butsykin 
> 
> The idea is simple - backup is "written-once" data. It is written block
> by block and it is large enough. It would be nice to save storage
> space and compress it.
> 

> +++ b/qapi/block-core.json
> @@ -941,6 +941,7 @@
>'data': { 'device': 'str', 'target': 'str',
>  'sync': 'MirrorSyncMode',
>  '*speed': 'int',
> +'*compress': 'bool',

Missing documentation.

>  '*on-source-error': 'BlockdevOnError',
>  '*on-target-error': 'BlockdevOnError' } }
>  
> diff --git a/qmp-commands.hx b/qmp-commands.hx
> index 8915a0b..6eb5b43 100644
> --- a/qmp-commands.hx
> +++ b/qmp-commands.hx
> @@ -1241,7 +1241,7 @@ EQMP
>  
>  {
>  .name   = "blockdev-backup",
> -.args_type  = "sync:s,device:B,target:B,speed:i?,"
> +.args_type  = "sync:s,device:B,target:B,speed:i?,compress:b?,"
>"on-source-error:s?,on-target-error:s?",
>  .mhandler.cmd_new = qmp_marshal_blockdev_backup,
>  },
> @@ -1263,6 +1263,7 @@ Arguments:
>sectors allocated in the topmost image, or "none" to only replicate
>new I/O (MirrorSyncMode).
>  - "speed": the maximum speed, in bytes per second (json-int, optional)
> +- "compress": compress data blocks (if the target format supports it).

Missing mention that it is optional, default false.

>  - "on-source-error": the action to take on an error on the source, default
>   'report'.  'stop' and 'enospc' can only be used
>   if the block device supports io-status.
> 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 06/10] drive-backup: added support for data compression

[Eric Blake]

On 05/14/2016 06:45 AM, Denis V. Lunev wrote:
> From: Pavel Butsykin 
> 
> The idea is simple - backup is "written-once" data. It is written block
> by block and it is large enough. It would be nice to save storage
> space and compress it.
> 
> The patch adds a flag to the qmp/hmp drive-backup command which enables
> block compression. Compression should be implemented in the format driver
> to enable this feature.
> 
> There are some limitations of the format driver to allow compressed writes.
> We can write data only once. Though for backup this is perfectly fine.
> These limitations are maintained by the driver and the error will be
> reported if we are doing something wrong.
> 

> +++ b/qapi/block-core.json
> @@ -905,7 +905,7 @@
>  { 'struct': 'DriveBackup',
>'data': { 'device': 'str', 'target': 'str', '*format': 'str',
>  'sync': 'MirrorSyncMode', '*mode': 'NewImageMode',
> -'*speed': 'int', '*bitmap': 'str',
> +'*speed': 'int', '*bitmap': 'str', '*compress': 'bool',

Missing documentation of the new option.

>  '*on-source-error': 'BlockdevOnError',
>  '*on-target-error': 'BlockdevOnError' } }
>  
> diff --git a/qmp-commands.hx b/qmp-commands.hx
> index 94847e5..8915a0b 100644
> --- a/qmp-commands.hx
> +++ b/qmp-commands.hx
> @@ -1186,7 +1186,8 @@ EQMP
>  {
>  .name   = "drive-backup",
>  .args_type  = "sync:s,device:B,target:s,speed:i?,mode:s?,format:s?,"
> -  "bitmap:s?,on-source-error:s?,on-target-error:s?",
> +  "bitmap:s?,compress:b?,"
> +  "on-source-error:s?,on-target-error:s?",
>  .mhandler.cmd_new = qmp_marshal_drive_backup,
>  },
>  
> @@ -1220,6 +1221,7 @@ Arguments:
>  - "mode": whether and how QEMU should create a new image
>(NewImageMode, optional, default 'absolute-paths')
>  - "speed": the maximum speed, in bytes per second (json-int, optional)
> +- "compress": compress data blocks (if the target format supports it).

Missing mention that it is optional, default false.

>  - "on-source-error": the action to take on an error on the source, default
>   'report'.  'stop' and 'enospc' can only be used
>   if the block device supports io-status.
> 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH CFT v3 00/50] NEED_CPU_H / cpu.h / hw/hw.h cleanups

[Peter Maydell]

On 16 May 2016 at 17:53, Peter Maydell  wrote:
> ppc64 (this is the ppc64be host in the GCC compile farm if
> you have an account there):
>
> /home/pm215/qemu/hw/intc/xics_kvm.c: In function ‘icp_get_kvm_state’:
> /home/pm215/qemu/hw/intc/xics_kvm.c:54:12: error: variable ‘reg’ has
> initializer but incomplete type
>  struct kvm_one_reg reg = {
> ^
> /home/pm215/qemu/hw/intc/xics_kvm.c:55:9: error: unknown field ‘id’
> specified in initializer
>  .id = KVM_REG_PPC_ICP_STATE,
>  ^
> /home/pm215/qemu/hw/intc/xics_kvm.c:55:15: error:
> ‘KVM_REG_PPC_ICP_STATE’ undeclared (first use in this function)
>  .id = KVM_REG_PPC_ICP_STATE,
>^
>
> etc -- looks like missing a kvm include somewhere.

I logged in by hand to do a -k build; the only other error was:
/home/pm215/qemu/hw/ppc/spapr_pci.c: In function ‘spapr_phb_realize’:
/home/pm215/qemu/hw/ppc/spapr_pci.c:1426:5: error: implicit
declaration of function ‘kvm_enabled’
[-Werror=implicit-function-declaration]
 if (kvm_enabled()) {
 ^
/home/pm215/qemu/hw/ppc/spapr_pci.c:1426:5: error: nested extern
declaration of ‘kvm_enabled’ [-Werror=nested-externs]

bonus w32 build failure:

  CCtrace/control.o
In file included from
/home/petmay01/linaro/qemu-for-merges/include/block/aio.h:22:0,
 from
/home/petmay01/linaro/qemu-for-merges/include/block/block.h:4,
 from
/home/petmay01/linaro/qemu-for-merges/include/monitor/monitor.h:6,
 from /home/petmay01/linaro/qemu-for-merges/trace/control.c:23:
/home/petmay01/linaro/qemu-for-merges/include/qemu/timer.h: In
function ‘get_clock’:
/home/petmay01/linaro/qemu-for-merges/include/qemu/timer.h:818:5:
error: implicit declaration of function ‘muldiv64’
[-Werror=implicit-function-declaration]
 return muldiv64(ti.QuadPart, NANOSECONDS_PER_SECOND, clock_freq);
 ^
/home/petmay01/linaro/qemu-for-merges/include/qemu/timer.h:818:5:
error: nested extern declaration of ‘muldiv64’
[-Werror=nested-externs]
In file included from
/home/petmay01/linaro/qemu-for-merges/include/qemu/bitops.h:16:0,
 from
/home/petmay01/linaro/qemu-for-merges/include/qemu/hbitmap.h:15,
 from
/home/petmay01/linaro/qemu-for-merges/include/block/dirty-bitmap.h:5,
 from
/home/petmay01/linaro/qemu-for-merges/include/block/block.h:9,
 from
/home/petmay01/linaro/qemu-for-merges/include/monitor/monitor.h:6,
 from /home/petmay01/linaro/qemu-for-merges/trace/control.c:23:
/home/petmay01/linaro/qemu-for-merges/include/qemu/host-utils.h: At top level:
/home/petmay01/linaro/qemu-for-merges/include/qemu/host-utils.h:84:24:
error: conflicting types for ‘muldiv64’
 static inline uint64_t muldiv64(uint64_t a, uint32_t b, uint32_t c)
^
In file included from
/home/petmay01/linaro/qemu-for-merges/include/block/aio.h:22:0,
 from
/home/petmay01/linaro/qemu-for-merges/include/block/block.h:4,
 from
/home/petmay01/linaro/qemu-for-merges/include/monitor/monitor.h:6,
 from /home/petmay01/linaro/qemu-for-merges/trace/control.c:23:
/home/petmay01/linaro/qemu-for-merges/include/qemu/timer.h:818:12:
note: previous implicit declaration of ‘muldiv64’ was here
 return muldiv64(ti.QuadPart, NANOSECONDS_PER_SECOND, clock_freq);
^
cc1: all warnings being treated as errors

thanks
-- PMM

Re: [Qemu-devel] [PATCH 05/10] block: remove BlockDriver.bdrv_write_compressed

[Eric Blake]

On 05/14/2016 06:45 AM, Denis V. Lunev wrote:
> From: Pavel Butsykin 
> 
> There are no block drivers left that implement the old
> .bdrv_write_compressed interface, so it can be removed now.
> 
> Signed-off-by: Pavel Butsykin 
> Signed-off-by: Denis V. Lunev 
> CC: Jeff Cody 
> CC: Markus Armbruster 
> CC: Eric Blake 
> CC: John Snow 
> CC: Stefan Hajnoczi 
> CC: Kevin Wolf 
> ---

> +++ b/block/io.c
> @@ -1876,7 +1876,6 @@ static void bdrv_write_compressed_co_entry(void *opaque)
>  int bdrv_write_compressed(BlockDriverState *bs, int64_t sector_num,
>const uint8_t *buf, int nb_sectors)
>  {
> -BlockDriver *drv = bs->drv;
>  BdrvWriteCompressedCo data = {
>  .bs = bs,
>  .sector_num = sector_num,
> @@ -1885,19 +1884,6 @@ int bdrv_write_compressed(BlockDriverState *bs, 
> int64_t sector_num,
>  .ret= -EINPROGRESS,
>  };
>  
> -if (!drv) {
> -return -ENOMEDIUM;
> -}

Why are you deleting this check?

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH CFT v3 00/50] NEED_CPU_H / cpu.h / hw/hw.h cleanups

[Peter Maydell]

On 16 May 2016 at 16:35, Paolo Bonzini  wrote:
> This series removes usage of NEED_CPU_H from several central
> include files in QEMU, most notably hw/hw.h and qemu-common.h.
> Definitions conditional on NEED_CPU_H remain only in disas/disas.h,
> exec/gdbstub.h, exec/helper-head.h and exec/log.h.

> I compiled this on x64 Linux (all patches) and 32-bit ARM
> Linux, and I will compile it on Win32 before sending a pull
> request.  I would appreciate people compile-testing it on s390
> and PPC.  The changes are available in the git repository at
> git://github.com/bonzini/qemu.git, branch need-cpu-h (SHA1 for the top
> commit is b65f2d57b126883367fb81d54f383352b24029b1).

This branch has a merge conflict against current master; I
tried the obvious resolution but it was wrong. (I tried a
merge because it's the easiest way for me to run a build
test.) Anyway, build results for just your branch:

ppc64 (this is the ppc64be host in the GCC compile farm if
you have an account there):

/home/pm215/qemu/hw/intc/xics_kvm.c: In function ‘icp_get_kvm_state’:
/home/pm215/qemu/hw/intc/xics_kvm.c:54:12: error: variable ‘reg’ has
initializer but incomplete type
 struct kvm_one_reg reg = {
^
/home/pm215/qemu/hw/intc/xics_kvm.c:55:9: error: unknown field ‘id’
specified in initializer
 .id = KVM_REG_PPC_ICP_STATE,
 ^
/home/pm215/qemu/hw/intc/xics_kvm.c:55:15: error:
‘KVM_REG_PPC_ICP_STATE’ undeclared (first use in this function)
 .id = KVM_REG_PPC_ICP_STATE,
   ^

etc -- looks like missing a kvm include somewhere.

x86-64 Linux host build:

/home/petmay01/linaro/qemu-for-merges/xen-hvm.c: In function ‘xen_ram_alloc’:
/home/petmay01/linaro/qemu-for-merges/xen-hvm.c:260:22: error:
‘TARGET_PAGE_BITS’ undeclared (first use in this function)
 nr_pfn = size >> TARGET_PAGE_BITS;
  ^
/home/petmay01/linaro/qemu-for-merges/xen-hvm.c:260:22: note: each
undeclared identifier is reported only once for each function it
appears in
/home/petmay01/linaro/qemu-for-merges/xen-hvm.c: In function ‘get_physmapping’:
/home/petmay01/linaro/qemu-for-merges/xen-hvm.c:280:19: error:
‘TARGET_PAGE_MASK’ undeclared (first use in this function)
 start_addr &= TARGET_PAGE_MASK;
   ^
/home/petmay01/linaro/qemu-for-merges/xen-hvm.c: In function
‘xen_phys_offset_to_gaddr’:
/home/petmay01/linaro/qemu-for-merges/xen-hvm.c:293:32: error:
‘TARGET_PAGE_MASK’ undeclared (first use in this function)
 hwaddr addr = start_addr & TARGET_PAGE_MASK;
^

etc. (I guess your test machine doesn't have the relevant
xen headers installed.)

(My build scripts don't use -k, so they stop at the first
failing compilation unit, give or take the use of make -j.)

Built OK for OSX, 64-bit ARM, 32-bit ARM.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 01/10] block/io: add bdrv_co_write_compressed

[Eric Blake]

On 05/14/2016 06:45 AM, Denis V. Lunev wrote:
> From: Pavel Butsykin 
> 
> This patch just adds the interface to the bdrv_co_write_compressed, which
> is currently not used but will be useful for safe implementation of the
> bdrv_co_write_compressed callback in format drivers.
> 
> Signed-off-by: Pavel Butsykin 
> Signed-off-by: Denis V. Lunev 
> CC: Jeff Cody 
> CC: Markus Armbruster 
> CC: Eric Blake 
> CC: John Snow 
> CC: Stefan Hajnoczi 
> CC: Kevin Wolf 
> ---

> +++ b/block/io.c
> @@ -1828,8 +1828,8 @@ int bdrv_is_allocated_above(BlockDriverState *top,
>  return 0;
>  }
>  
> -int bdrv_write_compressed(BlockDriverState *bs, int64_t sector_num,
> -  const uint8_t *buf, int nb_sectors)
> +int bdrv_co_write_compressed(BlockDriverState *bs, int64_t sector_num,
> + int nb_sectors, QEMUIOVector *qiov)

As long as we're adding a new public interface, I'd really like us to
make it byte-based.  int64_t sector_num might be better represented as a
byte offset, and int nb_sectors seems redundant with qiov->size.

>  {
>  BlockDriver *drv = bs->drv;
>  int ret;
> @@ -1837,7 +1837,7 @@ int bdrv_write_compressed(BlockDriverState *bs, int64_t 
> sector_num,
>  if (!drv) {
>  return -ENOMEDIUM;
>  }
> -if (!drv->bdrv_write_compressed) {
> +if (!drv->bdrv_co_write_compressed) {
>  return -ENOTSUP;
>  }
>  ret = bdrv_check_request(bs, sector_num, nb_sectors);
> @@ -1846,8 +1846,71 @@ int bdrv_write_compressed(BlockDriverState *bs, 
> int64_t sector_num,
>  }
>  
>  assert(QLIST_EMPTY(&bs->dirty_bitmaps));
> +assert(qemu_in_coroutine());
> +
> +return drv->bdrv_co_write_compressed(bs, sector_num, nb_sectors, qiov);

Of course, if you make the public interface byte-based, then calling
into the back end will have to scale back to sectors (after first
asserting that we aren't violating the scaling); see how Kevin did it in
commit 166fe9605.

> +}
> +
> +typedef struct BdrvWriteCompressedCo {
> +BlockDriverState *bs;
> +int64_t sector_num;

Again, I think a byte offset is smarter than a sector number.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 4/6] qcow2: add tracepoints for qcow2_co_write_zeroes

[Denis V. Lunev]

On 05/16/2016 07:32 PM, Eric Blake wrote:

On 05/14/2016 06:01 AM, Denis V. Lunev wrote:

Signed-off-by: Denis V. Lunev 
CC: Kevin Wolf 
---
  block/qcow2.c | 5 +
  trace-events  | 2 ++
  2 files changed, 7 insertions(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index 9a54bbd..97bf870 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2435,6 +2435,9 @@ static coroutine_fn int 
qcow2_co_write_zeroes(BlockDriverState *bs,
  int head = sector_num % s->cluster_sectors;
  int tail = (sector_num + nb_sectors) % s->cluster_sectors;
  
+trace_qcow2_write_zeroes_start_req(qemu_coroutine_self(), sector_num,

+   nb_sectors);
+

Can we trace these by byte locations rather than by sector count?
Ultimately, I think we want to move write_zeroes to a byte-based
interface, even if we still assert internally that it is at least
sector-aligned.


we can, but this patches traces for qcow2_co_writev

static coroutine_fn int qcow2_co_writev(BlockDriverState *bs,
   int64_t sector_num,
   int remaining_sectors,
   QEMUIOVector *qiov)
{
[...]
trace_qcow2_writev_start_req(qemu_coroutine_self(), sector_num,
 remaining_sectors);

Thus I'd better either stick to this implementation or change
all tracepoints in QEMU code.

[Qemu-devel] [PATCH v2 2/3] qemu-iotests: Simplify 109 with unaligned qemu-img compare

[Eric Blake]

For some time now, qemu-img compare has been able to compare
unaligned images.  So we no longer need test 109's hack of
resizing to sector boundaries before invoking compare.

Signed-off-by: Eric Blake 
Reviewed-by: Max Reitz 

---
Note that qemu-img compare on unaligned images is still a bit
underwhelming on message quality:

$ printf abc > file1
$ printf ab > file2
$ qemu-img compare file1 file2
Content mismatch at offset 0!
$ printf 'ab\0' > file1
$ qemu-img compare file1 file2
Images are identical.

The first message should claim that the mismatch is at offset 2
(or in sector 0), rather than at offset 0; and the second message
might be wise to mention that the sizes differ even though the
contents read identically (since we pad out 0s to the end of the
sector for both raw files).  But improving that is unrelated to
this patch.
---
 tests/qemu-iotests/109 | 2 --
 tests/qemu-iotests/109.out | 4 
 2 files changed, 6 deletions(-)

diff --git a/tests/qemu-iotests/109 b/tests/qemu-iotests/109
index f980b0c..adf9889 100755
--- a/tests/qemu-iotests/109
+++ b/tests/qemu-iotests/109
@@ -104,8 +104,6 @@ for sample_img in empty.bochs iotest-dirtylog-10G-4M.vhdx 
parallels-v1 \
 $QEMU_IO -c 'read -P 0 0 64k' "$TEST_IMG" | _filter_qemu_io

 run_qemu "$TEST_IMG" "$TEST_IMG.src" "'format': 'raw'," "BLOCK_JOB_READY"
-# qemu-img compare can't handle unaligned file sizes
-$QEMU_IMG resize -f raw "$TEST_IMG.src" +0
 $QEMU_IMG compare -f raw -F raw "$TEST_IMG" "$TEST_IMG.src"
 done

diff --git a/tests/qemu-iotests/109.out b/tests/qemu-iotests/109.out
index 38bc073..7c797ed 100644
--- a/tests/qemu-iotests/109.out
+++ b/tests/qemu-iotests/109.out
@@ -143,7 +143,6 @@ read 65536/65536 bytes at offset 0
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"BLOCK_JOB_READY", "data": {"device": "src", "len": 2560, "offset": 2560, 
"speed": 0, "type": "mirror"}}
 {"return": [{"io-status": "ok", "device": "src", "busy": false, "len": 2560, 
"offset": 2560, "paused": false, "speed": 0, "ready": true, "type": "mirror"}]}
-Image resized.
 Warning: Image size mismatch!
 Images are identical.

@@ -164,7 +163,6 @@ read 65536/65536 bytes at offset 0
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"BLOCK_JOB_READY", "data": {"device": "src", "len": 31457280, "offset": 
31457280, "speed": 0, "type": "mirror"}}
 {"return": [{"io-status": "ok", "device": "src", "busy": false, "len": 
31457280, "offset": 31457280, "paused": false, "speed": 0, "ready": true, 
"type": "mirror"}]}
-Image resized.
 Warning: Image size mismatch!
 Images are identical.

@@ -185,7 +183,6 @@ read 65536/65536 bytes at offset 0
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"BLOCK_JOB_READY", "data": {"device": "src", "len": 327680, "offset": 327680, 
"speed": 0, "type": "mirror"}}
 {"return": [{"io-status": "ok", "device": "src", "busy": false, "len": 327680, 
"offset": 327680, "paused": false, "speed": 0, "ready": true, "type": 
"mirror"}]}
-Image resized.
 Warning: Image size mismatch!
 Images are identical.

@@ -206,7 +203,6 @@ read 65536/65536 bytes at offset 0
 {"return": {}}
 {"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"BLOCK_JOB_READY", "data": {"device": "src", "len": 2048, "offset": 2048, 
"speed": 0, "type": "mirror"}}
 {"return": [{"io-status": "ok", "device": "src", "busy": false, "len": 2048, 
"offset": 2048, "paused": false, "speed": 0, "ready": true, "type": "mirror"}]}
-Image resized.
 Warning: Image size mismatch!
 Images are identical.

-- 
2.5.5

[Qemu-devel] [PATCH v2 3/3] qemu-iotests: Fix regression in 136 on aio_read invalid

[Eric Blake]

Commit 093ea232 removed the ability for aio_read and aio_write
to artificially inflate the invalid statistics counters for
block devices, since it no longer flags unaligned offset or
length.  Add 'aio_read -i' and 'aio_write -i' to restore
the ability, and update test 136 to use it.

Reported-by: Kevin Wolf 
Signed-off-by: Eric Blake 

---
v2: drop useless comment [mreitz]
---
 qemu-io-cmds.c | 20 
 tests/qemu-iotests/136 | 15 ---
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 1c0b692..c7b2aec 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -1476,6 +1476,7 @@ static void aio_read_help(void)
 " used to ensure all outstanding aio requests have been completed.\n"
 " -C, -- report statistics in a machine parsable format\n"
 " -P, -- use a pattern to verify read data\n"
+" -i, -- treat request as invalid, for exercising stats\n"
 " -v, -- dump buffer to standard output\n"
 " -q, -- quiet mode, do not show I/O statistics\n"
 "\n");
@@ -1488,7 +1489,7 @@ static const cmdinfo_t aio_read_cmd = {
 .cfunc  = aio_read_f,
 .argmin = 2,
 .argmax = -1,
-.args   = "[-Cqv] [-P pattern] off len [len..]",
+.args   = "[-Ciqv] [-P pattern] off len [len..]",
 .oneline= "asynchronously reads a number of bytes",
 .help   = aio_read_help,
 };
@@ -1499,7 +1500,7 @@ static int aio_read_f(BlockBackend *blk, int argc, char 
**argv)
 struct aio_ctx *ctx = g_new0(struct aio_ctx, 1);

 ctx->blk = blk;
-while ((c = getopt(argc, argv, "CP:qv")) != -1) {
+while ((c = getopt(argc, argv, "CP:iqv")) != -1) {
 switch (c) {
 case 'C':
 ctx->Cflag = true;
@@ -1512,6 +1513,11 @@ static int aio_read_f(BlockBackend *blk, int argc, char 
**argv)
 return 0;
 }
 break;
+case 'i':
+printf("injecting invalid read request\n");
+block_acct_invalid(blk_get_stats(blk), BLOCK_ACCT_READ);
+g_free(ctx);
+return 0;
 case 'q':
 ctx->qflag = true;
 break;
@@ -1569,6 +1575,7 @@ static void aio_write_help(void)
 " -P, -- use different pattern to fill file\n"
 " -C, -- report statistics in a machine parsable format\n"
 " -f, -- use Force Unit Access semantics\n"
+" -i, -- treat request as invalid, for exercising stats\n"
 " -q, -- quiet mode, do not show I/O statistics\n"
 " -u, -- with -z, allow unmapping\n"
 " -z, -- write zeroes using blk_aio_write_zeroes\n"
@@ -1582,7 +1589,7 @@ static const cmdinfo_t aio_write_cmd = {
 .cfunc  = aio_write_f,
 .argmin = 2,
 .argmax = -1,
-.args   = "[-Cfquz] [-P pattern] off len [len..]",
+.args   = "[-Cfiquz] [-P pattern] off len [len..]",
 .oneline= "asynchronously writes a number of bytes",
 .help   = aio_write_help,
 };
@@ -1595,7 +1602,7 @@ static int aio_write_f(BlockBackend *blk, int argc, char 
**argv)
 int flags = 0;

 ctx->blk = blk;
-while ((c = getopt(argc, argv, "CfqP:uz")) != -1) {
+while ((c = getopt(argc, argv, "CfiqP:uz")) != -1) {
 switch (c) {
 case 'C':
 ctx->Cflag = true;
@@ -1616,6 +1623,11 @@ static int aio_write_f(BlockBackend *blk, int argc, char 
**argv)
 return 0;
 }
 break;
+case 'i':
+printf("injecting invalid write request\n");
+block_acct_invalid(blk_get_stats(blk), BLOCK_ACCT_WRITE);
+g_free(ctx);
+return 0;
 case 'z':
 ctx->zflag = true;
 break;
diff --git a/tests/qemu-iotests/136 b/tests/qemu-iotests/136
index e8c6937..6fdd268 100644
--- a/tests/qemu-iotests/136
+++ b/tests/qemu-iotests/136
@@ -226,18 +226,11 @@ sector = "%d"

 highest_offset = wr_ops * wr_size

-# Two types of invalid operations: unaligned length and unaligned 
offset
-for i in range(invalid_rd_ops / 2):
-ops.append("aio_read 0 511")
+for i in range(invalid_rd_ops):
+ops.append("aio_read -i 0 512")

-for i in range(invalid_rd_ops / 2, invalid_rd_ops):
-ops.append("aio_read 13 512")
-
-for i in range(invalid_wr_ops / 2):
-ops.append("aio_write 0 511")
-
-for i in range(invalid_wr_ops / 2, invalid_wr_ops):
-ops.append("aio_write 13 512")
+for i in range(invalid_wr_ops):
+ops.append("aio_write -i 0 512")

 for i in range(failed_rd_ops):
 ops.append("aio_read %d 512" % bad_offset)
-- 
2.5.5

[Qemu-devel] [PATCH v2 1/3] qemu-io: Fix recent UI updates

[Eric Blake]

Commit 770e0e0e [*] tried to add 'writev -f', but didn't tweak
the getopt() call to actually let it work.  Likewise, commit
c2e001c missed implementing 'aio_write -u -z'.  The latter commit
also introduced a leak of ctx.

[*] does it sound "ech0e" in here? :)

Signed-off-by: Eric Blake 

---
v2: retitle, fix commit id typo, also plug Coverity leak [mreitz]
---
 qemu-io-cmds.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 4a00bc6..1c0b692 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -1150,7 +1150,7 @@ static int writev_f(BlockBackend *blk, int argc, char 
**argv)
 int pattern = 0xcd;
 QEMUIOVector qiov;

-while ((c = getopt(argc, argv, "CqP:")) != -1) {
+while ((c = getopt(argc, argv, "CfqP:")) != -1) {
 switch (c) {
 case 'C':
 Cflag = true;
@@ -1595,7 +1595,7 @@ static int aio_write_f(BlockBackend *blk, int argc, char 
**argv)
 int flags = 0;

 ctx->blk = blk;
-while ((c = getopt(argc, argv, "CfqP:z")) != -1) {
+while ((c = getopt(argc, argv, "CfqP:uz")) != -1) {
 switch (c) {
 case 'C':
 ctx->Cflag = true;
@@ -1638,6 +1638,7 @@ static int aio_write_f(BlockBackend *blk, int argc, char 
**argv)

 if ((flags & BDRV_REQ_MAY_UNMAP) && !ctx->zflag) {
 printf("-u requires -z to be specified\n");
+g_free(ctx);
 return 0;
 }

-- 
2.5.5

[Qemu-devel] [PATCH v2 0/3] Fix recent qemu-iotests issues

[Eric Blake]

I introduced a couple of bugs in my recent qemu-io enhancements;
time to fix them back up now that the broken patches are already
part of mainline.

in v2:
- patch 1: retitle, fix id typo, also plug a coverity leak [mreitz]
- patch 3: drop dead comment [mreitz]

001/3:[down] 'qemu-io: Fix recent UI updates'
002/3:[] [--] 'qemu-iotests: Simplify 109 with unaligned qemu-img compare'
003/3:[0003] [FC] 'qemu-iotests: Fix regression in 136 on aio_read invalid'

Eric Blake (3):
  qemu-io: Fix recent UI updates
  qemu-iotests: Simplify 109 with unaligned qemu-img compare
  qemu-iotests: Fix regression in 136 on aio_read invalid

 qemu-io-cmds.c | 23 ++-
 tests/qemu-iotests/109 |  2 --
 tests/qemu-iotests/109.out |  4 
 tests/qemu-iotests/136 | 15 ---
 4 files changed, 22 insertions(+), 22 deletions(-)

-- 
2.5.5

[Qemu-devel] [PATCH 35/50] hw: cannot include hw/hw.h from user emulation

[Paolo Bonzini]

All qdev definitions are available from other headers, user-mode
emulation does not need hw/hw.h.

By considering system emulation only, it is simpler to disentangle
hw/hw.h from NEED_CPU_H.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 21 +++--
 include/hw/hw.h|  5 +++--
 include/hw/ppc/openpic.h   |  2 +-
 kvm-stub.c |  1 -
 target-i386/cpu.c  |  2 +-
 target-s390x/cpu.c |  3 ++-
 target-s390x/mem_helper.c  |  3 +++
 target-s390x/misc_helper.c |  2 +-
 8 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/exec.c b/exec.c
index c4f9036..fbfa02e 100644
--- a/exec.c
+++ b/exec.c
@@ -25,23 +25,23 @@
 #include "qemu/cutils.h"
 #include "cpu.h"
 #include "tcg.h"
-#include "hw/hw.h"
+#include "hw/qdev-core.h"
 #if !defined(CONFIG_USER_ONLY)
 #include "hw/boards.h"
 #endif
-#include "hw/qdev.h"
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
 #include "hw/xen/xen.h"
 #include "qemu/timer.h"
 #include "qemu/config-file.h"
 #include "qemu/error-report.h"
-#include "exec/memory.h"
-#include "sysemu/dma.h"
-#include "exec/address-spaces.h"
 #if defined(CONFIG_USER_ONLY)
 #include 
 #else /* !CONFIG_USER_ONLY */
+#include "hw/hw.h"
+#include "exec/memory.h"
+#include "sysemu/dma.h"
+#include "exec/address-spaces.h"
 #include "sysemu/xen-mapcache.h"
 #include "trace.h"
 #endif
@@ -641,7 +641,6 @@ void cpu_exec_exit(CPUState *cpu)
 void cpu_exec_init(CPUState *cpu, Error **errp)
 {
 CPUClass *cc = CPU_GET_CLASS(cpu);
-int cpu_index;
 Error *local_err = NULL;
 
 cpu->as = NULL;
@@ -668,7 +667,7 @@ void cpu_exec_init(CPUState *cpu, Error **errp)
 #if defined(CONFIG_USER_ONLY)
 cpu_list_lock();
 #endif
-cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
+cpu->cpu_index = cpu_get_free_index(&local_err);
 if (local_err) {
 error_propagate(errp, local_err);
 #if defined(CONFIG_USER_ONLY)
@@ -678,14 +677,16 @@ void cpu_exec_init(CPUState *cpu, Error **errp)
 }
 QTAILQ_INSERT_TAIL(&cpus, cpu, node);
 #if defined(CONFIG_USER_ONLY)
+(void) cc;
 cpu_list_unlock();
-#endif
+#else
 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
-vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
+vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
 }
 if (cc->vmsd != NULL) {
-vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
+vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
 }
+#endif
 }
 
 #if defined(CONFIG_USER_ONLY)
diff --git a/include/hw/hw.h b/include/hw/hw.h
index 0456fc3..29931d1 100644
--- a/include/hw/hw.h
+++ b/include/hw/hw.h
@@ -3,10 +3,11 @@
 #define QEMU_HW_H
 
 
-#if !defined(CONFIG_USER_ONLY) && !defined(NEED_CPU_H)
-#include "exec/cpu-common.h"
+#ifdef CONFIG_USER_ONLY
+#error Cannot include hw/hw.h from user emulation
 #endif
 
+#include "exec/cpu-common.h"
 #include "exec/ioport.h"
 #include "hw/irq.h"
 #include "block/aio.h"
diff --git a/include/hw/ppc/openpic.h b/include/hw/ppc/openpic.h
index 1cf188d..afe950b 100644
--- a/include/hw/ppc/openpic.h
+++ b/include/hw/ppc/openpic.h
@@ -2,7 +2,7 @@
 #define __OPENPIC_H__
 
 #include "qemu-common.h"
-#include "hw/qdev.h"
+#include "hw/qdev-core.h"
 #include "qom/cpu.h"
 
 #define TYPE_OPENPIC "openpic"
diff --git a/kvm-stub.c b/kvm-stub.c
index b962b24..63735a8 100644
--- a/kvm-stub.c
+++ b/kvm-stub.c
@@ -12,7 +12,6 @@
 
 #include "qemu/osdep.h"
 #include "qemu-common.h"
-#include "hw/hw.h"
 #include "cpu.h"
 #include "sysemu/kvm.h"
 
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index d0b5b69..2b1757f 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -34,7 +34,6 @@
 #include "qapi/visitor.h"
 #include "sysemu/arch_init.h"
 
-#include "hw/hw.h"
 #if defined(CONFIG_KVM)
 #include 
 #endif
@@ -43,6 +42,7 @@
 #include "hw/qdev-properties.h"
 #ifndef CONFIG_USER_ONLY
 #include "exec/address-spaces.h"
+#include "hw/hw.h"
 #include "hw/xen/xen.h"
 #include "hw/i386/apic_internal.h"
 #endif
diff --git a/target-s390x/cpu.c b/target-s390x/cpu.c
index 4bfff34..e665165 100644
--- a/target-s390x/cpu.c
+++ b/target-s390x/cpu.c
@@ -30,10 +30,11 @@
 #include "qemu/cutils.h"
 #include "qemu/timer.h"
 #include "qemu/error-report.h"
-#include "hw/hw.h"
 #include "trace.h"
 #include "qapi/visitor.h"
+#include "migration/vmstate.h"
 #ifndef CONFIG_USER_ONLY
+#include "hw/hw.h"
 #include "sysemu/arch_init.h"
 #include "sysemu/sysemu.h"
 #include "hw/s390x/sclp.h"
diff --git a/target-s390x/mem_helper.c b/target-s390x/mem_helper.c
index 7078622..9d206a9 100644
--- a/target-s390x/mem_helper.c
+++ b/target-s390x/mem_helper.c
@@ -22,7 +22,10 @@
 #include "cpu.h"
 #include "exec/helper-proto.h"
 #include "exec/cpu_ldst.h"
+
+#if !defined(CONFIG_USER_ONLY)
 #include "hw/s390x/storage-keys.h"
+#endif
 
 /*/
 /* Softmmu support */
diff --git a/target-s390x/misc_helper.c b/target-s390x/misc_help

[Qemu-devel] [PATCH v3] vl.c: Add '-L help' which lists data dirs.

[Richard W.M. Jones]

v2 -> v3:

- Use constants true/false for list_data_dirs variable.

Rich.

[Qemu-devel] [PATCH v3] vl.c: Add '-L help' which lists data dirs.

[Richard W.M. Jones]

QEMU compiles a list of data directories from various sources.  When
consuming a QEMU binary it's useful to be able to get this list of
data directories: a primary reason is so you can list what BIOSes or
keymaps ship with this version of QEMU.  However without reproducing
the method that QEMU uses internally, it's not possible to get the
list of data directories.

This commit adds a simple '-L help' option that just lists out the
data directories as qemu calculates them:

$ ./x86_64-softmmu/qemu-system-x86_64 -L help
/home/rjones/d/qemu/pc-bios
/usr/local/share/qemu

$ ./x86_64-softmmu/qemu-system-x86_64 -L /tmp -L help
/tmp
/home/rjones/d/qemu/pc-bios
/usr/local/share/qemu

Signed-off-by: Richard W.M. Jones 
Reviewed-by: Eric Blake 
---
 qemu-options.hx |  2 ++
 vl.c| 13 -
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 6106520..bec0210 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3199,6 +3199,8 @@ STEXI
 @item -L  @var{path}
 @findex -L
 Set the directory for the BIOS, VGA BIOS and keymaps.
+
+To list all the data directories, use @code{-L help}.
 ETEXI
 
 DEF("bios", HAS_ARG, QEMU_OPTION_bios, \
diff --git a/vl.c b/vl.c
index 5fd22cb..d25f2f7 100644
--- a/vl.c
+++ b/vl.c
@@ -2990,6 +2990,7 @@ int main(int argc, char **argv, char **envp)
 FILE *vmstate_dump_file = NULL;
 Error *main_loop_err = NULL;
 Error *err = NULL;
+bool list_data_dirs = false;
 
 qemu_init_cpu_loop();
 qemu_mutex_lock_iothread();
@@ -3371,7 +3372,9 @@ int main(int argc, char **argv, char **envp)
 add_device_config(DEV_GDB, optarg);
 break;
 case QEMU_OPTION_L:
-if (data_dir_idx < ARRAY_SIZE(data_dir)) {
+if (is_help_option(optarg)) {
+list_data_dirs = true;
+} else if (data_dir_idx < ARRAY_SIZE(data_dir)) {
 data_dir[data_dir_idx++] = optarg;
 }
 break;
@@ -4128,6 +4131,14 @@ int main(int argc, char **argv, char **envp)
 data_dir[data_dir_idx++] = CONFIG_QEMU_DATADIR;
 }
 
+/* -L help lists the data directories and exits. */
+if (list_data_dirs) {
+for (i = 0; i < data_dir_idx; i++) {
+printf("%s\n", data_dir[i]);
+}
+exit(0);
+}
+
 smp_parse(qemu_opts_find(qemu_find_opts("smp-opts"), NULL));
 
 machine_class->max_cpus = machine_class->max_cpus ?: 1; /* Default to UP */
-- 
2.7.4

Re: [Qemu-devel] [PATCH 4/6] qcow2: add tracepoints for qcow2_co_write_zeroes

[Eric Blake]

On 05/14/2016 06:01 AM, Denis V. Lunev wrote:
> Signed-off-by: Denis V. Lunev 
> CC: Kevin Wolf 
> ---
>  block/qcow2.c | 5 +
>  trace-events  | 2 ++
>  2 files changed, 7 insertions(+)
> 
> diff --git a/block/qcow2.c b/block/qcow2.c
> index 9a54bbd..97bf870 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -2435,6 +2435,9 @@ static coroutine_fn int 
> qcow2_co_write_zeroes(BlockDriverState *bs,
>  int head = sector_num % s->cluster_sectors;
>  int tail = (sector_num + nb_sectors) % s->cluster_sectors;
>  
> +trace_qcow2_write_zeroes_start_req(qemu_coroutine_self(), sector_num,
> +   nb_sectors);
> +

Can we trace these by byte locations rather than by sector count?
Ultimately, I think we want to move write_zeroes to a byte-based
interface, even if we still assert internally that it is at least
sector-aligned.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 2/5] user-exec: Push resume-from-signal code out to handle_cpu_signal()

[Peter Maydell]

Since the only caller of page_unprotect() which might cause it to
need to call cpu_resume_from_signal() is handle_cpu_signal() in
the user-mode code, push the longjump handling out to that function.

Since this is the only caller of cpu_resume_from_signal() which
passes a non-NULL puc argument, split the non-NULL handling into
a new cpu_exit_tb_from_sighandler() function. This allows us
to merge the softmmu and usermode implementations of the
cpu_resume_from_signal() function, which are now identical.

Signed-off-by: Peter Maydell 
---
 cpu-exec-common.c |  2 +-
 translate-all.c   | 12 
 translate-all.h   |  2 +-
 user-exec.c   | 41 +
 4 files changed, 39 insertions(+), 18 deletions(-)

diff --git a/cpu-exec-common.c b/cpu-exec-common.c
index 6bdda6b..62f5d6b 100644
--- a/cpu-exec-common.c
+++ b/cpu-exec-common.c
@@ -28,7 +28,6 @@ CPUState *tcg_current_cpu;
 /* exit the current TB from a signal handler. The host registers are
restored in a state compatible with the CPU emulator
  */
-#if defined(CONFIG_SOFTMMU)
 void cpu_resume_from_signal(CPUState *cpu, void *puc)
 {
 /* XXX: restore cpu registers saved in host registers */
@@ -37,6 +36,7 @@ void cpu_resume_from_signal(CPUState *cpu, void *puc)
 siglongjmp(cpu->jmp_env, 1);
 }
 
+#if defined(CONFIG_SOFTMMU)
 void cpu_reloading_memory_map(void)
 {
 if (qemu_in_vcpu_thread()) {
diff --git a/translate-all.c b/translate-all.c
index 4820d2e..52a571e 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1955,7 +1955,7 @@ int page_check_range(target_ulong start, target_ulong 
len, int flags)
 /* unprotect the page if it was put read-only because it
contains translated code */
 if (!(p->flags & PAGE_WRITE)) {
-if (!page_unprotect(addr, 0, NULL)) {
+if (!page_unprotect(addr, 0)) {
 return -1;
 }
 }
@@ -1965,8 +1965,12 @@ int page_check_range(target_ulong start, target_ulong 
len, int flags)
 }
 
 /* called from signal handler: invalidate the code and unprotect the
-   page. Return TRUE if the fault was successfully handled. */
-int page_unprotect(target_ulong address, uintptr_t pc, void *puc)
+ * page. Return 0 if the fault was not handled, 1 if it was handled,
+ * and 2 if it was handled but the caller must cause the TB to be
+ * immediately exited. (We can only return 2 if the 'pc' argument is
+ * non-zero.)
+ */
+int page_unprotect(target_ulong address, uintptr_t pc)
 {
 unsigned int prot;
 PageDesc *p;
@@ -1999,7 +2003,7 @@ int page_unprotect(target_ulong address, uintptr_t pc, 
void *puc)
the corresponding translated code. */
 if (tb_invalidate_phys_page(addr, pc)) {
 mmap_unlock();
-cpu_resume_from_signal(current_cpu, puc);
+return 2;
 }
 #ifdef DEBUG_TB_CHECK
 tb_invalidate_check(addr);
diff --git a/translate-all.h b/translate-all.h
index 0384640..ce6071b 100644
--- a/translate-all.h
+++ b/translate-all.h
@@ -27,7 +27,7 @@ void tb_invalidate_phys_range(tb_page_addr_t start, 
tb_page_addr_t end);
 void tb_check_watchpoint(CPUState *cpu);
 
 #ifdef CONFIG_USER_ONLY
-int page_unprotect(target_ulong address, uintptr_t pc, void *puc);
+int page_unprotect(target_ulong address, uintptr_t pc);
 #endif
 
 #endif /* TRANSLATE_ALL_H */
diff --git a/user-exec.c b/user-exec.c
index d8d597b..1d02e24 100644
--- a/user-exec.c
+++ b/user-exec.c
@@ -54,7 +54,7 @@ static void exception_action(CPUState *cpu)
 /* exit the current TB from a signal handler. The host registers are
restored in a state compatible with the CPU emulator
  */
-void cpu_resume_from_signal(CPUState *cpu, void *puc)
+static void cpu_exit_tb_from_sighandler(CPUState *cpu, void *puc)
 {
 #ifdef __linux__
 struct ucontext *uc = puc;
@@ -62,20 +62,18 @@ void cpu_resume_from_signal(CPUState *cpu, void *puc)
 struct sigcontext *uc = puc;
 #endif
 
-if (puc) {
-/* XXX: use siglongjmp ? */
+/* XXX: use siglongjmp ? */
 #ifdef __linux__
 #ifdef __ia64
-sigprocmask(SIG_SETMASK, (sigset_t *)&uc->uc_sigmask, NULL);
+sigprocmask(SIG_SETMASK, (sigset_t *)&uc->uc_sigmask, NULL);
 #else
-sigprocmask(SIG_SETMASK, &uc->uc_sigmask, NULL);
+sigprocmask(SIG_SETMASK, &uc->uc_sigmask, NULL);
 #endif
 #elif defined(__OpenBSD__)
-sigprocmask(SIG_SETMASK, &uc->sc_mask, NULL);
+sigprocmask(SIG_SETMASK, &uc->sc_mask, NULL);
 #endif
-}
-cpu->exception_index = -1;
-siglongjmp(cpu->jmp_env, 1);
+
+cpu_resume_from_signal(cpu, NULL);
 }
 
 /* 'pc' is the host PC at which the exception was raised. 'address' is
@@ -95,9 +93,28 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned 
long address,
pc, address, is_write, *(unsigned long *)old_set);
 #endif
 /* XXX: locking issue */
-if (is_write && h2g_valid(address)
-&& page_unprotec

[Qemu-devel] [PATCH 45/50] mips: move CP0 functions out of cpu.h

[Paolo Bonzini]

These are here for historical reasons: they are needed from both gdbstub.c
and op_helper.c, and the latter was compiled with fixed AREG0.  It is
not needed anymore, so uninline them.

Signed-off-by: Paolo Bonzini 
---
 target-mips/cpu.h| 113 ++-
 target-mips/helper.c | 108 
 2 files changed, 112 insertions(+), 109 deletions(-)

diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index 0636327..951267a 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -1035,115 +1035,10 @@ static inline void compute_hflags(CPUMIPSState *env)
 }
 }
 
-#ifndef CONFIG_USER_ONLY
-static inline void cpu_mips_tlb_flush(CPUMIPSState *env, int flush_global)
-{
-MIPSCPU *cpu = mips_env_get_cpu(env);
-
-/* Flush qemu's TLB and discard all shadowed entries.  */
-tlb_flush(CPU(cpu), flush_global);
-env->tlb->tlb_in_use = env->tlb->nb_tlb;
-}
-
-/* Called for updates to CP0_Status.  */
-static inline void sync_c0_status(CPUMIPSState *env, CPUMIPSState *cpu, int tc)
-{
-int32_t tcstatus, *tcst;
-uint32_t v = cpu->CP0_Status;
-uint32_t cu, mx, asid, ksu;
-uint32_t mask = ((1 << CP0TCSt_TCU3)
-   | (1 << CP0TCSt_TCU2)
-   | (1 << CP0TCSt_TCU1)
-   | (1 << CP0TCSt_TCU0)
-   | (1 << CP0TCSt_TMX)
-   | (3 << CP0TCSt_TKSU)
-   | (0xff << CP0TCSt_TASID));
-
-cu = (v >> CP0St_CU0) & 0xf;
-mx = (v >> CP0St_MX) & 0x1;
-ksu = (v >> CP0St_KSU) & 0x3;
-asid = env->CP0_EntryHi & 0xff;
-
-tcstatus = cu << CP0TCSt_TCU0;
-tcstatus |= mx << CP0TCSt_TMX;
-tcstatus |= ksu << CP0TCSt_TKSU;
-tcstatus |= asid;
-
-if (tc == cpu->current_tc) {
-tcst = &cpu->active_tc.CP0_TCStatus;
-} else {
-tcst = &cpu->tcs[tc].CP0_TCStatus;
-}
-
-*tcst &= ~mask;
-*tcst |= tcstatus;
-compute_hflags(cpu);
-}
-
-static inline void cpu_mips_store_status(CPUMIPSState *env, target_ulong val)
-{
-uint32_t mask = env->CP0_Status_rw_bitmask;
-target_ulong old = env->CP0_Status;
-
-if (env->insn_flags & ISA_MIPS32R6) {
-bool has_supervisor = extract32(mask, CP0St_KSU, 2) == 0x3;
-#if defined(TARGET_MIPS64)
-uint32_t ksux = (1 << CP0St_KX) & val;
-ksux |= (ksux >> 1) & val; /* KX = 0 forces SX to be 0 */
-ksux |= (ksux >> 1) & val; /* SX = 0 forces UX to be 0 */
-val = (val & ~(7 << CP0St_UX)) | ksux;
-#endif
-if (has_supervisor && extract32(val, CP0St_KSU, 2) == 0x3) {
-mask &= ~(3 << CP0St_KSU);
-}
-mask &= ~(((1 << CP0St_SR) | (1 << CP0St_NMI)) & val);
-}
-
-env->CP0_Status = (old & ~mask) | (val & mask);
-#if defined(TARGET_MIPS64)
-if ((env->CP0_Status ^ old) & (old & (7 << CP0St_UX))) {
-/* Access to at least one of the 64-bit segments has been disabled */
-cpu_mips_tlb_flush(env, 1);
-}
-#endif
-if (env->CP0_Config3 & (1 << CP0C3_MT)) {
-sync_c0_status(env, env, env->current_tc);
-} else {
-compute_hflags(env);
-}
-}
-
-static inline void cpu_mips_store_cause(CPUMIPSState *env, target_ulong val)
-{
-uint32_t mask = 0x00C00300;
-uint32_t old = env->CP0_Cause;
-int i;
-
-if (env->insn_flags & ISA_MIPS32R2) {
-mask |= 1 << CP0Ca_DC;
-}
-if (env->insn_flags & ISA_MIPS32R6) {
-mask &= ~((1 << CP0Ca_WP) & val);
-}
-
-env->CP0_Cause = (env->CP0_Cause & ~mask) | (val & mask);
-
-if ((old ^ env->CP0_Cause) & (1 << CP0Ca_DC)) {
-if (env->CP0_Cause & (1 << CP0Ca_DC)) {
-cpu_mips_stop_count(env);
-} else {
-cpu_mips_start_count(env);
-}
-}
-
-/* Set/reset software interrupts */
-for (i = 0 ; i < 2 ; i++) {
-if ((old ^ env->CP0_Cause) & (1 << (CP0Ca_IP + i))) {
-cpu_mips_soft_irq(env, i, env->CP0_Cause & (1 << (CP0Ca_IP + i)));
-}
-}
-}
-#endif
+void cpu_mips_tlb_flush(CPUMIPSState *env, int flush_global);
+void sync_c0_status(CPUMIPSState *env, CPUMIPSState *cpu, int tc);
+void cpu_mips_store_status(CPUMIPSState *env, target_ulong val);
+void cpu_mips_store_cause(CPUMIPSState *env, target_ulong val);
 
 void QEMU_NORETURN do_raise_exception_err(CPUMIPSState *env, uint32_t 
exception,
   int error_code, uintptr_t pc);
diff --git a/target-mips/helper.c b/target-mips/helper.c
index 0fabfec..ac5771e 100644
--- a/target-mips/helper.c
+++ b/target-mips/helper.c
@@ -221,6 +221,114 @@ static int get_physical_address (CPUMIPSState *env, 
hwaddr *physical,
 }
 return ret;
 }
+
+void cpu_mips_tlb_flush(CPUMIPSState *env, int flush_global)
+{
+MIPSCPU *cpu = mips_env_get_cpu(env);
+
+/* Flush qemu's TLB and discard all shadowed entries.  */
+tlb_flush(CPU(cpu), flush_global);
+env->tlb->tlb_in_use = env->tlb->nb_tlb;
+}
+
+/* 

Re: [Qemu-devel] [PATCH 01/50] scripts: add script to build QEMU and analyze inclusions

[Eric Blake]

On 05/16/2016 10:25 AM, Paolo Bonzini wrote:
> 
> 
> On 16/05/2016 18:20, Eric Blake wrote:
>>> +QEMU_CFLAGS=$(sed -n s/^QEMU_CFLAGS=//p config-host.mak)
>>> +QEMU_INCLUDES=$(sed -n s/^QEMU_INCLUDES=//p config-host.mak | \
>>> +sed 's/$(SRC_PATH)/../g' )
>>
>> Could avoid a 'sed | sed' by doing:
>>
>> QEMU_INCLUDES=$(sed -n '/^QEMU_INCLUDES=/ s/$(SRC_PATH)/../gp' \
>>   config-host.mak)
>>
> 
> Not quite, I'm removing the "QEMU_INCLUDES=" part even if it doesn't
> match $(SRC_PATH).

Serves me write for not testing.

QEMU_INCLUDES=$(sed -n '/^QEMU_INCLUDES=/ { s///; s/$(SRC_PATH)/../g; p
}' config-host.mak)

at which point maybe yours is more legible after all (especially since
there are portability worries about {} used without newlines).

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 48/50] cpu: move exec-all.h inclusion out of cpu.h

[Paolo Bonzini]

exec-all.h contains TCG-specific definitions.  It is not needed outside
TCG-specific files such as translate.c, exec.c or *helper.c.

One generic function had snuck into include/exec/exec-all.h; move it to
include/qom/cpu.h.

Signed-off-by: Paolo Bonzini 
---
 bsd-user/main.c|  1 +
 bsd-user/qemu.h|  1 +
 cpu-exec-common.c  |  1 +
 cpu-exec.c |  1 +
 cpus.c |  1 +
 cputlb.c   |  1 +
 disas/tci.c|  1 +
 exec.c |  1 +
 gdbstub.c  |  1 +
 hw/i386/kvmvapic.c |  1 +
 hw/misc/mips_itu.c |  1 +
 hw/ppc/spapr_hcall.c   |  1 +
 hw/sh4/sh7750.c|  1 +
 include/exec/exec-all.h|  9 -
 include/qom/cpu.h  | 10 ++
 linux-user/main.c  |  1 +
 linux-user/qemu.h  |  1 +
 monitor.c  |  1 +
 target-alpha/cpu.c |  1 +
 target-alpha/cpu.h |  2 --
 target-alpha/fpu_helper.c  |  1 +
 target-alpha/helper.c  |  1 +
 target-alpha/int_helper.c  |  1 +
 target-alpha/mem_helper.c  |  1 +
 target-alpha/sys_helper.c  |  1 +
 target-alpha/translate.c   |  1 +
 target-alpha/vax_helper.c  |  1 +
 target-arm/arm-powerctl.c  |  1 +
 target-arm/arm_ldst.h  |  1 +
 target-arm/cpu.c   |  1 +
 target-arm/cpu.h   |  2 --
 target-arm/helper-a64.c|  1 +
 target-arm/helper.c|  1 +
 target-arm/op_helper.c |  1 +
 target-arm/psci.c  |  1 +
 target-arm/translate-a64.c |  1 +
 target-arm/translate.c |  1 +
 target-cris/cpu.c  |  1 +
 target-cris/cpu.h  |  2 --
 target-cris/helper.c   |  1 +
 target-cris/mmu.c  |  1 +
 target-cris/op_helper.c|  1 +
 target-cris/translate.c|  1 +
 target-i386/bpt_helper.c   |  1 +
 target-i386/cpu.c  |  1 +
 target-i386/cpu.h  |  2 --
 target-i386/excp_helper.c  |  1 +
 target-i386/fpu_helper.c   |  1 +
 target-i386/helper.c   |  1 +
 target-i386/int_helper.c   |  1 +
 target-i386/machine.c  |  3 +++
 target-i386/mem_helper.c   |  1 +
 target-i386/misc_helper.c  |  1 +
 target-i386/mpx_helper.c   |  1 +
 target-i386/seg_helper.c   |  1 +
 target-i386/svm_helper.c   |  1 +
 target-i386/translate.c|  1 +
 target-lm32/cpu.c  |  1 +
 target-lm32/cpu.h  |  2 --
 target-lm32/helper.c   |  1 +
 target-lm32/op_helper.c|  1 +
 target-lm32/translate.c|  1 +
 target-m68k/cpu.c  |  1 +
 target-m68k/cpu.h  |  2 --
 target-m68k/helper.c   |  1 +
 target-m68k/m68k-semi.c|  1 +
 target-m68k/op_helper.c|  1 +
 target-m68k/translate.c|  1 +
 target-microblaze/cpu.c|  1 +
 target-microblaze/cpu.h|  2 --
 target-microblaze/helper.c |  1 +
 target-microblaze/mmu.c|  1 +
 target-microblaze/op_helper.c  |  1 +
 target-microblaze/translate.c  |  1 +
 target-mips/cpu.c  |  1 +
 target-mips/cpu.h  |  2 --
 target-mips/helper.c   |  1 +
 target-mips/mips-semi.c|  1 +
 target-mips/msa_helper.c   |  1 +
 target-mips/op_helper.c|  1 +
 target-mips/translate.c|  1 +
 target-moxie/cpu.c |  1 +
 target-moxie/cpu.h |  1 -
 target-openrisc/cpu.c  |  1 +
 target-openrisc/cpu.h  |  2 --
 target-openrisc/exception.c|  1 +
 target-openrisc/interrupt.c|  1 +
 target-openrisc/interrupt_helper.c |  1 +
 target-openrisc/mmu.c  |  1 +
 target-openrisc/mmu_helper.c   |  1 +
 target-openrisc/sys_helper.c   |  1 +
 target-ppc/cpu.h   |  2 --
 target-ppc/excp_helper.c   |  1 +
 target-ppc/int_helper.c|  1 +
 target-ppc/machine.c   |  2 ++
 target-ppc/mem_helper.c|  2 ++
 target-ppc/misc_helper.c   |  1 +
 target-ppc/mmu-hash32.c|  1 +
 target-ppc/mmu-hash64.c|  1 +
 target-ppc/mmu_helper.c|  1 +
 target-ppc/timebase_helper.c   |  1 +
 target-ppc/translate.c |  1 +
 target-s390x/cc_helper.c   |  1 +
 target-s390x/cpu.c |  1 +
 target-s390x/cpu.h |  2 --
 target-s390x/fpu_helper.c  |  1 +
 target-s390x/gdbstub.c |  1 +
 target-s390x/helper.c  |  1 +
 target-s390x/int_helper.c  |  1 +
 target-s390x/mem_he

Re: [Qemu-devel] [PATCH 3/6] qcow2: simplify logic in qcow2_co_write_zeroes

[Eric Blake]

On 05/14/2016 06:01 AM, Denis V. Lunev wrote:
> Unaligned request could occupy only one cluster. This is true since the

s/request could/requests will/

> previous commit. Simplify the code taking this considiration into

s/considiration/consideration/

> account.
> 
> There are no other changes so far.
> 
> Signed-off-by: Denis V. Lunev 
> CC: Kevin Wolf 
> ---
>  block/qcow2.c | 23 +--
>  1 file changed, 5 insertions(+), 18 deletions(-)
> 
> diff --git a/block/qcow2.c b/block/qcow2.c
> index 62febfc..9a54bbd 100644
> --- a/block/qcow2.c
> +++ b/block/qcow2.c
> @@ -2436,33 +2436,20 @@ static coroutine_fn int 
> qcow2_co_write_zeroes(BlockDriverState *bs,
>  int tail = (sector_num + nb_sectors) % s->cluster_sectors;
>  
>  if (head != 0 || tail != 0) {
> -int64_t cl_end = -1;
> +int64_t cl_start = sector_num - head;
>  
> -sector_num -= head;
> -nb_sectors += head;
> +assert(cl_start + s->cluster_sectors >= sector_num + nb_sectors);

In other words, the caller is now buggy if it ever passes us an
unaligned request that crosses cluster boundaries (the only requests
that can cross boundaries will be aligned).

With the grammar fix in the commit message,
Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 01/50] scripts: add script to build QEMU and analyze inclusions

[Paolo Bonzini]

On 16/05/2016 18:20, Eric Blake wrote:
>> +QEMU_CFLAGS=$(sed -n s/^QEMU_CFLAGS=//p config-host.mak)
>> +QEMU_INCLUDES=$(sed -n s/^QEMU_INCLUDES=//p config-host.mak | \
>> +sed 's/$(SRC_PATH)/../g' )
> 
> Could avoid a 'sed | sed' by doing:
> 
> QEMU_INCLUDES=$(sed -n '/^QEMU_INCLUDES=/ s/$(SRC_PATH)/../gp' \
>   config-host.mak)
> 

Not quite, I'm removing the "QEMU_INCLUDES=" part even if it doesn't
match $(SRC_PATH).

Paolo



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 44/50] arm: move arm_log_exception into .c file

[Paolo Bonzini]

Avoid need for qemu/log.h inclusion, and make the function static too.

Reviewed-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
---
 target-arm/helper.c| 15 +++
 target-arm/internals.h | 15 ---
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index a2ab701..d721c0c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -5819,6 +5819,21 @@ static void do_v7m_exception_exit(CPUARMState *env)
pointer.  */
 }
 
+static void arm_log_exception(int idx)
+{
+if (qemu_loglevel_mask(CPU_LOG_INT)) {
+const char *exc = NULL;
+
+if (idx >= 0 && idx < ARRAY_SIZE(excnames)) {
+exc = excnames[idx];
+}
+if (!exc) {
+exc = "unknown";
+}
+qemu_log_mask(CPU_LOG_INT, "Taking exception %d [%s]\n", idx, exc);
+}
+}
+
 void arm_v7m_cpu_do_interrupt(CPUState *cs)
 {
 ARMCPU *cpu = ARM_CPU(cs);
diff --git a/target-arm/internals.h b/target-arm/internals.h
index 54a0fb1..a125873 100644
--- a/target-arm/internals.h
+++ b/target-arm/internals.h
@@ -72,21 +72,6 @@ static const char * const excnames[] = {
 [EXCP_SEMIHOST] = "Semihosting call",
 };
 
-static inline void arm_log_exception(int idx)
-{
-if (qemu_loglevel_mask(CPU_LOG_INT)) {
-const char *exc = NULL;
-
-if (idx >= 0 && idx < ARRAY_SIZE(excnames)) {
-exc = excnames[idx];
-}
-if (!exc) {
-exc = "unknown";
-}
-qemu_log_mask(CPU_LOG_INT, "Taking exception %d [%s]\n", idx, exc);
-}
-}
-
 /* Scale factor for generic timers, ie number of ns per tick.
  * This gives a 62.5MHz timer.
  */
-- 
1.8.3.1

[Qemu-devel] [PATCH 20/50] target-xtensa: make cpu-qom.h not target specific

[Paolo Bonzini]

Make XtensaCPU an opaque type within cpu-qom.h, and move all definitions
of private methods, as well as all type definitions that require knowledge
of the layout to cpu.h.  Conversely, move all definitions needed to
define a class to cpu-qom.h.  This helps making files independent of
NEED_CPU_H if they only need to pass around CPU pointers.

Signed-off-by: Paolo Bonzini 
---
 target-xtensa/cpu-qom.h | 193 ++-
 target-xtensa/cpu.h | 194 +---
 2 files changed, 194 insertions(+), 193 deletions(-)

diff --git a/target-xtensa/cpu-qom.h b/target-xtensa/cpu-qom.h
index f5d9b9f..e7de30e 100644
--- a/target-xtensa/cpu-qom.h
+++ b/target-xtensa/cpu-qom.h
@@ -40,6 +40,163 @@
 #define XTENSA_CPU_GET_CLASS(obj) \
 OBJECT_GET_CLASS(XtensaCPUClass, (obj), TYPE_XTENSA_CPU)
 
+enum {
+/* Additional instructions */
+XTENSA_OPTION_CODE_DENSITY,
+XTENSA_OPTION_LOOP,
+XTENSA_OPTION_EXTENDED_L32R,
+XTENSA_OPTION_16_BIT_IMUL,
+XTENSA_OPTION_32_BIT_IMUL,
+XTENSA_OPTION_32_BIT_IMUL_HIGH,
+XTENSA_OPTION_32_BIT_IDIV,
+XTENSA_OPTION_MAC16,
+XTENSA_OPTION_MISC_OP_NSA,
+XTENSA_OPTION_MISC_OP_MINMAX,
+XTENSA_OPTION_MISC_OP_SEXT,
+XTENSA_OPTION_MISC_OP_CLAMPS,
+XTENSA_OPTION_COPROCESSOR,
+XTENSA_OPTION_BOOLEAN,
+XTENSA_OPTION_FP_COPROCESSOR,
+XTENSA_OPTION_MP_SYNCHRO,
+XTENSA_OPTION_CONDITIONAL_STORE,
+XTENSA_OPTION_ATOMCTL,
+XTENSA_OPTION_DEPBITS,
+
+/* Interrupts and exceptions */
+XTENSA_OPTION_EXCEPTION,
+XTENSA_OPTION_RELOCATABLE_VECTOR,
+XTENSA_OPTION_UNALIGNED_EXCEPTION,
+XTENSA_OPTION_INTERRUPT,
+XTENSA_OPTION_HIGH_PRIORITY_INTERRUPT,
+XTENSA_OPTION_TIMER_INTERRUPT,
+
+/* Local memory */
+XTENSA_OPTION_ICACHE,
+XTENSA_OPTION_ICACHE_TEST,
+XTENSA_OPTION_ICACHE_INDEX_LOCK,
+XTENSA_OPTION_DCACHE,
+XTENSA_OPTION_DCACHE_TEST,
+XTENSA_OPTION_DCACHE_INDEX_LOCK,
+XTENSA_OPTION_IRAM,
+XTENSA_OPTION_IROM,
+XTENSA_OPTION_DRAM,
+XTENSA_OPTION_DROM,
+XTENSA_OPTION_XLMI,
+XTENSA_OPTION_HW_ALIGNMENT,
+XTENSA_OPTION_MEMORY_ECC_PARITY,
+
+/* Memory protection and translation */
+XTENSA_OPTION_REGION_PROTECTION,
+XTENSA_OPTION_REGION_TRANSLATION,
+XTENSA_OPTION_MMU,
+XTENSA_OPTION_CACHEATTR,
+
+/* Other */
+XTENSA_OPTION_WINDOWED_REGISTER,
+XTENSA_OPTION_PROCESSOR_INTERFACE,
+XTENSA_OPTION_MISC_SR,
+XTENSA_OPTION_THREAD_POINTER,
+XTENSA_OPTION_PROCESSOR_ID,
+XTENSA_OPTION_DEBUG,
+XTENSA_OPTION_TRACE_PORT,
+};
+
+#define MAX_NAREG 64
+#define MAX_NINTERRUPT 32
+#define MAX_NLEVEL 6
+#define MAX_NNMI 1
+#define MAX_NCCOMPARE 3
+#define MAX_TLB_WAY_SIZE 8
+#define MAX_NDBREAK 2
+
+enum {
+/* Static vectors */
+EXC_RESET,
+EXC_MEMORY_ERROR,
+
+/* Dynamic vectors */
+EXC_WINDOW_OVERFLOW4,
+EXC_WINDOW_UNDERFLOW4,
+EXC_WINDOW_OVERFLOW8,
+EXC_WINDOW_UNDERFLOW8,
+EXC_WINDOW_OVERFLOW12,
+EXC_WINDOW_UNDERFLOW12,
+EXC_IRQ,
+EXC_KERNEL,
+EXC_USER,
+EXC_DOUBLE,
+EXC_DEBUG,
+EXC_MAX
+};
+
+typedef enum {
+INTTYPE_LEVEL,
+INTTYPE_EDGE,
+INTTYPE_NMI,
+INTTYPE_SOFTWARE,
+INTTYPE_TIMER,
+INTTYPE_DEBUG,
+INTTYPE_WRITE_ERR,
+INTTYPE_PROFILING,
+INTTYPE_MAX
+} interrupt_type;
+
+typedef struct xtensa_tlb {
+unsigned nways;
+const unsigned way_size[10];
+bool varway56;
+unsigned nrefillentries;
+} xtensa_tlb;
+
+typedef struct XtensaGdbReg {
+int targno;
+int type;
+int group;
+unsigned size;
+} XtensaGdbReg;
+
+typedef struct XtensaGdbRegmap {
+int num_regs;
+int num_core_regs;
+/* PC + a + ar + sr + ur */
+XtensaGdbReg reg[1 + 16 + 64 + 256 + 256];
+} XtensaGdbRegmap;
+
+typedef struct XtensaConfig {
+const char *name;
+uint64_t options;
+XtensaGdbRegmap gdb_regmap;
+unsigned nareg;
+int excm_level;
+int ndepc;
+uint32_t vecbase;
+uint32_t exception_vector[EXC_MAX];
+unsigned ninterrupt;
+unsigned nlevel;
+uint32_t interrupt_vector[MAX_NLEVEL + MAX_NNMI + 1];
+uint32_t level_mask[MAX_NLEVEL + MAX_NNMI + 1];
+uint32_t inttype_mask[INTTYPE_MAX];
+struct {
+uint32_t level;
+interrupt_type inttype;
+} interrupt[MAX_NINTERRUPT];
+unsigned nccompare;
+uint32_t timerint[MAX_NCCOMPARE];
+unsigned nextint;
+unsigned extint[MAX_NINTERRUPT];
+
+unsigned debug_level;
+unsigned nibreak;
+unsigned ndbreak;
+
+uint32_t configid[2];
+
+uint32_t clock_freq_khz;
+
+xtensa_tlb itlb;
+xtensa_tlb dtlb;
+} XtensaConfig;
+
 /**
  * XtensaCPUClass:
  * @parent_realize: The parent class' realize handler.
@@ -59,40 +216,6 @@ typedef struct XtensaCPUClass {
 const XtensaConfig *config;
 } XtensaCPUClass;
 
-/**
- * XtensaCPU:
- * @env: #CPUXtensaState
- *
- * An Xtensa CPU.
- */
-typedef struct XtensaCPU {
-/*< privat

[Qemu-devel] [PATCH 4/5] user-exec: Don't reextract sigmask from usercontext pointer

[Peter Maydell]

Extracting the old signal mask from the usercontext pointer passed to
a signal handler is a pain because it is OS and CPU dependent.
Since we've already done it once and passed it to handle_cpu_signal(),
there's no need to do it again in cpu_exit_tb_from_sighandler().
This then means we don't need to pass a usercontext pointer in to
handle_cpu_signal() at all.

Signed-off-by: Peter Maydell 
---
 user-exec.c | 48 
 1 file changed, 16 insertions(+), 32 deletions(-)

diff --git a/user-exec.c b/user-exec.c
index 40b5e7c..ad669f4 100644
--- a/user-exec.c
+++ b/user-exec.c
@@ -54,25 +54,10 @@ static void exception_action(CPUState *cpu)
 /* exit the current TB from a signal handler. The host registers are
restored in a state compatible with the CPU emulator
  */
-static void cpu_exit_tb_from_sighandler(CPUState *cpu, void *puc)
+static void cpu_exit_tb_from_sighandler(CPUState *cpu, sigset_t *old_set)
 {
-#ifdef __linux__
-struct ucontext *uc = puc;
-#elif defined(__OpenBSD__)
-struct sigcontext *uc = puc;
-#endif
-
 /* XXX: use siglongjmp ? */
-#ifdef __linux__
-#ifdef __ia64
-sigprocmask(SIG_SETMASK, (sigset_t *)&uc->uc_sigmask, NULL);
-#else
-sigprocmask(SIG_SETMASK, &uc->uc_sigmask, NULL);
-#endif
-#elif defined(__OpenBSD__)
-sigprocmask(SIG_SETMASK, &uc->sc_mask, NULL);
-#endif
-
+sigprocmask(SIG_SETMASK, old_set, NULL);
 cpu_loop_exit_noexc(cpu);
 }
 
@@ -81,8 +66,7 @@ static void cpu_exit_tb_from_sighandler(CPUState *cpu, void 
*puc)
write caused the exception and otherwise 0'. 'old_set' is the
signal set which should be restored */
 static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
-int is_write, sigset_t *old_set,
-void *puc)
+int is_write, sigset_t *old_set)
 {
 CPUState *cpu;
 CPUClass *cc;
@@ -110,7 +94,7 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned 
long address,
  * currently executing TB was modified and must be exited
  * immediately.
  */
-cpu_exit_tb_from_sighandler(current_cpu, puc);
+cpu_exit_tb_from_sighandler(current_cpu, old_set);
 g_assert_not_reached();
 default:
 g_assert_not_reached();
@@ -204,7 +188,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
  trapno == 0xe ?
  (ERROR_sig(uc) >> 1) & 1 : 0,
- &MASK_sig(uc), puc);
+ &MASK_sig(uc));
 }
 
 #elif defined(__x86_64__)
@@ -250,7 +234,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
  TRAP_sig(uc) == 0xe ?
  (ERROR_sig(uc) >> 1) & 1 : 0,
- &MASK_sig(uc), puc);
+ &MASK_sig(uc));
 }
 
 #elif defined(_ARCH_PPC)
@@ -366,7 +350,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
 }
 #endif
 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
- is_write, &uc->uc_sigmask, puc);
+ is_write, &uc->uc_sigmask);
 }
 
 #elif defined(__alpha__)
@@ -397,7 +381,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
 }
 
 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
- is_write, &uc->uc_sigmask, puc);
+ is_write, &uc->uc_sigmask);
 }
 #elif defined(__sparc__)
 
@@ -457,7 +441,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
 }
 }
 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
- is_write, sigmask, NULL);
+ is_write, sigmask);
 }
 
 #elif defined(__arm__)
@@ -492,7 +476,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
 is_write = extract32(uc->uc_mcontext.error_code, 11, 1);
 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
  is_write,
- &uc->uc_sigmask, puc);
+ &uc->uc_sigmask);
 }
 
 #elif defined(__aarch64__)
@@ -520,7 +504,7 @@ int cpu_signal_handler(int host_signum, void *pinfo, void 
*puc)
 || (insn & 0x3a40) == 0x2800); /* C3.3.7,14-16 */
 
 return handle_cpu_signal(pc, (uintptr_t)info->si_addr,
- is_write, &uc->uc_sigmask, puc);
+ is_write, &uc->uc_sigmask);
 }
 
 #elif defined(__mc68000)
@@ -538,7 +522,7 @@ int cpu_signal_handler(int host_signum, void *pinfo,
 is_write = 0;
 return handle_cpu_signal(pc, (unsigned long)info->si_addr,
  is_write,
- &uc-

[Qemu-devel] [PATCH 0/5] user-exec: cpu_resume_from_signal() cleanups

[Peter Maydell]

I was trying to reason about user-mode's handling of signal masks,
and I found our current code a bit confusing, so I cleaned it up.

At the moment for user-only mode cpu_resume_from_signal() takes a
usercontext pointer; if this is non-NULL then it has some awkward
OS and CPU specific code to set the signal mask from something
inside the usercontext before doing the same kind of siglongjmp()
that the softmmu cpu_resume_from_signal() does.

In fact the two use cases are completely separate:
 * almost all calls to cpu_resume_from_signal() pass a NULL puc
   argument (and most of those are softmmu-only anyway)
 * only the code path handle_cpu_signal -> page_unprotect ->
   tb_invalidate_phys_page -> cpu_resume_from_signal will pass
   a non-NULL puc.

The cleanups are:
 * pull the call to cpu_resume_from_signal() up through the
   callstack so we do the signal mask manipulation in
   handle_cpu_signal()
 * drop the OS/CPU spceific code to get a signal mask out of
   a usercontext, because in the specific case of handle_cpu_signal()
   we already have the signal mask value and can just use it
 * rename cpu_resume_from_signal() to cpu_loop_exit_noexc(),
   since all the remaining callsites are not in fact signal handlers
   or even called from signal handlers
 * get rid of an ugly TARGET_I386 ifdef in user-exec.c by moving
   the i386-specific code into its handle_mmu_fault hook.

Peter Maydell (5):
  translate-all.c: Don't pass puc, locked to tb_invalidate_phys_page()
  user-exec: Push resume-from-signal code out to handle_cpu_signal()
  cpu-exec: Rename cpu_resume_from_signal() to cpu_loop_exit_noexc()
  user-exec: Don't reextract sigmask from usercontext pointer
  target-i386: Move user-mode exception actions out of user-exec.c

 cpu-exec-common.c|  8 ++---
 exec.c   |  2 +-
 hw/i386/kvmvapic.c   |  2 +-
 include/exec/exec-all.h  |  2 +-
 target-i386/bpt_helper.c |  2 +-
 target-i386/helper.c |  2 ++
 target-lm32/helper.c |  2 +-
 target-s390x/helper.c|  2 +-
 target-xtensa/helper.c   |  2 +-
 translate-all.c  | 40 -
 translate-all.h  |  2 +-
 user-exec.c  | 93 +---
 12 files changed, 77 insertions(+), 82 deletions(-)

-- 
1.9.1

[Qemu-devel] [PATCH 5/5] target-i386: Move user-mode exception actions out of user-exec.c

[Peter Maydell]

The exception_action() function in user-exec.c is just a call to
cpu_loop_exit() for every target CPU except i386.  Since this
function is only called if the target's handle_mmu_fault() hook has
indicated an MMU fault, and that hook is only called from the
handle_cpu_signal() code path, we can simply move the x86-specific
setup into that hook, which allows us to remove the TARGET_I386
ifdef from user-exec.c.

Of the actions that were done by the call to raise_interrupt_err():
 * cpu_svm_check_intercept_param() is a no-op in user mode
 * check_exception() is a no-op since double faults are impossible
   for user-mode
 * assignments to cs->exception_index and env->error_code are no-ops
 * cpu_loop_exit_restore() is equivalent to cpu_loop_exit() since
   pc is 0
which leaves just setting env_>exception_is_int and
env->exception_next_eip as actions that need to be added to
x86_cpu_handle_mmu_fault().

Signed-off-by: Peter Maydell 
---
 target-i386/helper.c |  2 ++
 user-exec.c  | 16 +---
 2 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/target-i386/helper.c b/target-i386/helper.c
index bf3e762..e1dde46 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -700,6 +700,8 @@ int x86_cpu_handle_mmu_fault(CPUState *cs, vaddr addr,
 env->error_code = (is_write << PG_ERROR_W_BIT);
 env->error_code |= PG_ERROR_U_MASK;
 cs->exception_index = EXCP0E_PAGE;
+env->exception_is_int = 0;
+env->exception_next_eip = env->eip;
 return 1;
 }
 
diff --git a/user-exec.c b/user-exec.c
index ad669f4..439bb37 100644
--- a/user-exec.c
+++ b/user-exec.c
@@ -39,18 +39,6 @@
 
 //#define DEBUG_SIGNAL
 
-static void exception_action(CPUState *cpu)
-{
-#if defined(TARGET_I386)
-X86CPU *x86_cpu = X86_CPU(cpu);
-CPUX86State *env1 = &x86_cpu->env;
-
-raise_exception_err(env1, cpu->exception_index, env1->error_code);
-#else
-cpu_loop_exit(cpu);
-#endif
-}
-
 /* exit the current TB from a signal handler. The host registers are
restored in a state compatible with the CPU emulator
  */
@@ -119,10 +107,8 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned 
long address,
 /* now we have a real cpu fault */
 cpu_restore_state(cpu, pc);
 
-/* we restore the process signal mask as the sigreturn should
-   do it (XXX: use sigsetjmp) */
 sigprocmask(SIG_SETMASK, old_set, NULL);
-exception_action(cpu);
+cpu_loop_exit(cpu);
 
 /* never comes here */
 return 1;
-- 
1.9.1

Re: [Qemu-devel] [PATCH 2/6] block: split write_zeroes always

[Eric Blake]

On 05/14/2016 06:01 AM, Denis V. Lunev wrote:
> We should split requests even if they are less than write_zeroes_alignment.
> For example we can have the following request:
>   offset 62k
>   size   4k
>   write_zeroes_alignment 64k
> Original code will send 1 request covering 2 qcow2 clusters. One cluster
> could be zeroed as a whole, another could not be. In this case we will have
> both 2 clusters allocated.
> 
> After the patch 2 requests to qcow2 layer will be sent and thus only one
> cluster will be allocated.

Grammar suggestion:

The original code sent 1 request covering 2 qcow2 clusters, and resulted
in both clusters being allocated. But by splitting the request, we can
cater to the case where one of the two clusters can be zeroed as a
whole, for only 1 cluster allocated after the operation.

> 
> Signed-off-by: Denis V. Lunev 
> CC: Kevin Wolf 
> ---
>  block/io.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 

>  num -= sector_num % bs->bl.write_zeroes_alignment;
> -} else if ((sector_num + num) % bs->bl.write_zeroes_alignment != 
> 0) {
> +} else if (num > bs->bl.write_zeroes_alignment &&
> +(sector_num + num) % bs->bl.write_zeroes_alignment != 0) 
> {

Alignment looks off. Also, if it were me, I'd write 'a % b' rather than
'a % b != 0'.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 1/5] translate-all.c: Don't pass puc, locked to tb_invalidate_phys_page()

[Peter Maydell]

The user-mode-only function tb_invalidate_phys_page() is only
called from two places:
 * page_unprotect(), which passes in a non-zero pc, a puc pointer
   and the value 'true' for the locked argument
 * page_set_flags(), which passes in a zero pc, a NULL puc pointer
   and a 'false' locked argument

If the pc is non-zero then we may call cpu_resume_from_signal(),
which does a longjmp out of the calling code (and out of the
signal handler); this is to cover the case of a target CPU with
"precise self-modifying code" (currently only x86) executing
a store instruction which modifies code in the same TB as the
store itself. Rather than doing the longjump directly here,
return a flag to the caller which indicates whether the current
TB was modified, and move the longjump to page_unprotect.

Signed-off-by: Peter Maydell 
---
 translate-all.c | 26 +++---
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/translate-all.c b/translate-all.c
index b54f472..4820d2e 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1438,10 +1438,13 @@ void tb_invalidate_phys_page_fast(tb_page_addr_t start, 
int len)
 }
 }
 #else
-/* Called with mmap_lock held.  */
-static void tb_invalidate_phys_page(tb_page_addr_t addr,
-uintptr_t pc, void *puc,
-bool locked)
+/* Called with mmap_lock held. If pc is not 0 then it indicates the
+ * host PC of the faulting store instruction that caused this invalidate.
+ * Returns true if the caller needs to abort execution of the current
+ * TB (because it was modified by this store and the guest CPU has
+ * precise-SMC semantics).
+ */
+static bool tb_invalidate_phys_page(tb_page_addr_t addr, uintptr_t pc)
 {
 TranslationBlock *tb;
 PageDesc *p;
@@ -1459,7 +1462,7 @@ static void tb_invalidate_phys_page(tb_page_addr_t addr,
 addr &= TARGET_PAGE_MASK;
 p = page_find(addr >> TARGET_PAGE_BITS);
 if (!p) {
-return;
+return false;
 }
 tb = p->first_tb;
 #ifdef TARGET_HAS_PRECISE_SMC
@@ -1498,12 +1501,10 @@ static void tb_invalidate_phys_page(tb_page_addr_t addr,
modifying the memory. It will ensure that it cannot modify
itself */
 tb_gen_code(cpu, current_pc, current_cs_base, current_flags, 1);
-if (locked) {
-mmap_unlock();
-}
-cpu_resume_from_signal(cpu, puc);
+return true;
 }
 #endif
+return false;
 }
 #endif
 
@@ -1902,7 +1903,7 @@ void page_set_flags(target_ulong start, target_ulong end, 
int flags)
 if (!(p->flags & PAGE_WRITE) &&
 (flags & PAGE_WRITE) &&
 p->first_tb) {
-tb_invalidate_phys_page(addr, 0, NULL, false);
+tb_invalidate_phys_page(addr, 0);
 }
 p->flags = flags;
 }
@@ -1996,7 +1997,10 @@ int page_unprotect(target_ulong address, uintptr_t pc, 
void *puc)
 
 /* and since the content will be modified, we must invalidate
the corresponding translated code. */
-tb_invalidate_phys_page(addr, pc, puc, true);
+if (tb_invalidate_phys_page(addr, pc)) {
+mmap_unlock();
+cpu_resume_from_signal(current_cpu, puc);
+}
 #ifdef DEBUG_TB_CHECK
 tb_invalidate_check(addr);
 #endif
-- 
1.9.1

Re: [Qemu-devel] [PATCH 01/50] scripts: add script to build QEMU and analyze inclusions

[Eric Blake]

On 05/16/2016 09:35 AM, Paolo Bonzini wrote:
> Signed-off-by: Paolo Bonzini 
> ---
>  scripts/analyze-inclusions | 102 
> +
>  1 file changed, 102 insertions(+)
>  create mode 100644 scripts/analyze-inclusions
> 

> +#
> +# 2) otherwise, it will configure and builds QEMU itself in a

s/builds/build/

> +# "+build" subdirectory which is left around when the script
> +# exits.  In this case the command line is passed directly to
> +# "make" (typically used for a "-j" argument suitable for your
> +# system).
> +#
> +# Inspired by a post by Markus Armbruster.
> +
> +case "x$1" in
> +--)

This branch of the case isn't reachable. Did you mean x--) ?

> +  shift
> +  cd "$1" || exit $?
> +  ;;
> +x-* | x)
> +  mkdir -p +build
> +  cd +build

Is this safe even when CDPATH is set?  You can force it to be safe by
using cd ./+build

> +  test -f Makefile && make distclean
> +  ../configure
> +  make "$@"
> +  ;;
> +*)
> +  cd "$1" || exit $?
> +esac
> +
> +QEMU_CFLAGS=$(sed -n s/^QEMU_CFLAGS=//p config-host.mak)
> +QEMU_INCLUDES=$(sed -n s/^QEMU_INCLUDES=//p config-host.mak | \
> +sed 's/$(SRC_PATH)/../g' )

Could avoid a 'sed | sed' by doing:

QEMU_INCLUDES=$(sed -n '/^QEMU_INCLUDES=/ s/$(SRC_PATH)/../gp' \
  config-host.mak)

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 38/50] qemu-common: stop including qemu/host-utils.h from qemu-common.h

[Paolo Bonzini]

Move it to the actual users.  There are some inclusions of
qemu/host-utils.h in headers, but they are all necessary.

Signed-off-by: Paolo Bonzini 
---
 audio/noaudio.c | 1 +
 audio/spiceaudio.c  | 1 +
 audio/wavaudio.c| 2 +-
 contrib/ivshmem-server/ivshmem-server.c | 1 +
 hw/acpi/core.c  | 6 ++
 hw/bt/sdp.c | 1 +
 hw/display/tc6393xb.c   | 1 +
 include/exec/cpu-defs.h | 1 +
 include/hw/acpi/acpi.h  | 7 ---
 include/qemu-common.h   | 1 -
 include/qemu/timer.h| 1 -
 page_cache.c| 1 +
 slirp/slirp.h   | 1 +
 stubs/slirp.c   | 1 +
 tests/libqos/malloc.c   | 1 +
 util/buffer.c   | 1 +
 16 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/audio/noaudio.c b/audio/noaudio.c
index b360c19..9ca9eaf 100644
--- a/audio/noaudio.c
+++ b/audio/noaudio.c
@@ -23,6 +23,7 @@
  */
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "qemu/host-utils.h"
 #include "audio.h"
 #include "qemu/timer.h"
 
diff --git a/audio/spiceaudio.c b/audio/spiceaudio.c
index dea71d3..5580e76 100644
--- a/audio/spiceaudio.c
+++ b/audio/spiceaudio.c
@@ -19,6 +19,7 @@
 
 #include "qemu/osdep.h"
 #include "hw/hw.h"
+#include "qemu/host-utils.h"
 #include "qemu/error-report.h"
 #include "qemu/timer.h"
 #include "ui/qemu-spice.h"
diff --git a/audio/wavaudio.c b/audio/wavaudio.c
index 345952e..341eec3 100644
--- a/audio/wavaudio.c
+++ b/audio/wavaudio.c
@@ -22,7 +22,7 @@
  * THE SOFTWARE.
  */
 #include "qemu/osdep.h"
-#include "hw/hw.h"
+#include "qemu/host-utils.h"
 #include "qemu/timer.h"
 #include "audio.h"
 
diff --git a/contrib/ivshmem-server/ivshmem-server.c 
b/contrib/ivshmem-server/ivshmem-server.c
index 172db78..bf4ee0b 100644
--- a/contrib/ivshmem-server/ivshmem-server.c
+++ b/contrib/ivshmem-server/ivshmem-server.c
@@ -7,6 +7,7 @@
  */
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "qemu/host-utils.h"
 #include "qemu/sockets.h"
 
 #include 
diff --git a/hw/acpi/core.c b/hw/acpi/core.c
index 6a2f452..1ffd155 100644
--- a/hw/acpi/core.c
+++ b/hw/acpi/core.c
@@ -491,6 +491,12 @@ void acpi_pm_tmr_update(ACPIREGS *ar, bool enable)
 }
 }
 
+static inline int64_t acpi_pm_tmr_get_clock(void)
+{
+return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), PM_TIMER_FREQUENCY,
+NANOSECONDS_PER_SECOND);
+}
+
 void acpi_pm_tmr_calc_overflow_time(ACPIREGS *ar)
 {
 int64_t d = acpi_pm_tmr_get_clock();
diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c
index be26009..f67b3b8 100644
--- a/hw/bt/sdp.c
+++ b/hw/bt/sdp.c
@@ -19,6 +19,7 @@
 
 #include "qemu/osdep.h"
 #include "qemu-common.h"
+#include "qemu/host-utils.h"
 #include "hw/bt.h"
 
 struct bt_l2cap_sdp_state_s {
diff --git a/hw/display/tc6393xb.c b/hw/display/tc6393xb.c
index da3cece..92f7120 100644
--- a/hw/display/tc6393xb.c
+++ b/hw/display/tc6393xb.c
@@ -12,6 +12,7 @@
  */
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qemu/host-utils.h"
 #include "hw/hw.h"
 #include "hw/devices.h"
 #include "hw/block/flash.h"
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 854e7e3..5f4e303 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -23,6 +23,7 @@
 #error cpu.h included from common code
 #endif
 
+#include "qemu/host-utils.h"
 #include "qemu/queue.h"
 #include "tcg-target.h"
 #ifndef CONFIG_USER_ONLY
diff --git a/include/hw/acpi/acpi.h b/include/hw/acpi/acpi.h
index e0978c8..dc6ee00 100644
--- a/include/hw/acpi/acpi.h
+++ b/include/hw/acpi/acpi.h
@@ -150,13 +150,6 @@ void acpi_pm_tmr_init(ACPIREGS *ar, acpi_update_sci_fn 
update_sci,
   MemoryRegion *parent);
 void acpi_pm_tmr_reset(ACPIREGS *ar);
 
-#include "qemu/timer.h"
-static inline int64_t acpi_pm_tmr_get_clock(void)
-{
-return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), PM_TIMER_FREQUENCY,
-NANOSECONDS_PER_SECOND);
-}
-
 /* PM1a_EVT: piix and ich9 don't implement PM1b. */
 uint16_t acpi_pm1_evt_get_sts(ACPIREGS *ar);
 void acpi_pm1_evt_power_down(ACPIREGS *ar);
diff --git a/include/qemu-common.h b/include/qemu-common.h
index dc041fc..cd3139b 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -21,7 +21,6 @@
 #define TFR(expr) do { if ((expr) != -1) break; } while (errno == EINTR)
 
 #include "qemu/option.h"
-#include "qemu/host-utils.h"
 
 /* FIXME: Remove NEED_CPU_H.  */
 #ifdef NEED_CPU_H
diff --git a/include/qemu/timer.h b/include/qemu/timer.h
index 309f3d0..d97ddfb 100644
--- a/include/qemu/timer.h
+++ b/include/qemu/timer.h
@@ -3,7 +3,6 @@
 
 #include "qemu-common.h"
 #include "qemu/notify.h"
-#include "qemu/host-utils.h"
 #include "sysemu/cpus.h"
 
 #define NANOSECONDS_PER_SECOND 10LL
diff --git a/page_cache.c b/page_cache.c
index cb8a69e..37a66e4

Re: [Qemu-devel] [PATCH 1/6] qemu-io: enable tracing in qemu-io

[Eric Blake]

On 05/14/2016 06:01 AM, Denis V. Lunev wrote:
> It would be convinient to enable tracepoints in qemu-io binary. This would

s/convinient/convenient/

> allow to perform investigations without additional code recompilations.
> 
> The command line will be exactly the same as in qemu-system.

Reads awkwardly.  Grammar suggestion for the whole commit body:

For convenience, enable tracepoints in the qemu-io binary just like what
is done for qemu-system.  This allows trace investigations without
additional code recompilation.

> 
> Signed-off-by: Denis V. Lunev 
> CC: Kevin Wolf 
> CC: Paolo Bonzini 
> ---
>  qemu-io.c | 43 +++
>  1 file changed, 43 insertions(+)
> 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 49/50] hw: remove pio_addr_t

[Paolo Bonzini]

pio_addr_t is almost unused, because these days I/O ports are simply
accessed through the address space.  cpu_{in,out}[bwl] themselves are
almost unused; monitor.c and xen-hvm.c could use address_space_read/write
directly, since they have an integer size at hand.  This leaves qtest as
the only user of those functions.

On the other hand even portio_* functions use this type; the only
interesting use of pio_addr_t thus is include/hw/sysbus.h.  I guess I
could move it there, but I don't see much benefit in that either.  Using
uint32_t is enough and avoids the need to include ioport.h everywhere.

Signed-off-by: Paolo Bonzini 
---
 hw/core/sysbus.c  |  4 ++--
 include/exec/ioport.h | 15 ++-
 include/hw/sysbus.h   |  4 ++--
 ioport.c  | 12 ++--
 xen-hvm.c |  8 
 5 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index a7dbe2b..c0f560b 100644
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -190,9 +190,9 @@ MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int 
n)
 return dev->mmio[n].memory;
 }
 
-void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t size)
+void sysbus_init_ioports(SysBusDevice *dev, uint32_t ioport, uint32_t size)
 {
-pio_addr_t i;
+uint32_t i;
 
 for (i = 0; i < size; i++) {
 assert(dev->num_pio < QDEV_MAX_PIO);
diff --git a/include/exec/ioport.h b/include/exec/ioport.h
index 3bd6722..6a9639c 100644
--- a/include/exec/ioport.h
+++ b/include/exec/ioport.h
@@ -28,9 +28,6 @@
 #include "qom/object.h"
 #include "exec/memory.h"
 
-typedef uint32_t pio_addr_t;
-#define FMT_pioaddr PRIx32
-
 #define MAX_IOPORTS (64 * 1024)
 #define IOPORTS_MASK(MAX_IOPORTS - 1)
 
@@ -49,12 +46,12 @@ typedef struct MemoryRegionPortio {
 extern const MemoryRegionOps unassigned_io_ops;
 #endif
 
-void cpu_outb(pio_addr_t addr, uint8_t val);
-void cpu_outw(pio_addr_t addr, uint16_t val);
-void cpu_outl(pio_addr_t addr, uint32_t val);
-uint8_t cpu_inb(pio_addr_t addr);
-uint16_t cpu_inw(pio_addr_t addr);
-uint32_t cpu_inl(pio_addr_t addr);
+void cpu_outb(uint32_t addr, uint8_t val);
+void cpu_outw(uint32_t addr, uint16_t val);
+void cpu_outl(uint32_t addr, uint32_t val);
+uint8_t cpu_inb(uint32_t addr);
+uint16_t cpu_inw(uint32_t addr);
+uint32_t cpu_inl(uint32_t addr);
 
 typedef struct PortioList {
 const struct MemoryRegionPortio *ports;
diff --git a/include/hw/sysbus.h b/include/hw/sysbus.h
index cc1dba4..a495937 100644
--- a/include/hw/sysbus.h
+++ b/include/hw/sysbus.h
@@ -72,7 +72,7 @@ struct SysBusDevice {
 MemoryRegion *memory;
 } mmio[QDEV_MAX_MMIO];
 int num_pio;
-pio_addr_t pio[QDEV_MAX_PIO];
+uint32_t pio[QDEV_MAX_PIO];
 };
 
 typedef int FindSysbusDeviceFunc(SysBusDevice *sbdev, void *opaque);
@@ -81,7 +81,7 @@ void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion 
*memory);
 MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n);
 void sysbus_init_irq(SysBusDevice *dev, qemu_irq *p);
 void sysbus_pass_irq(SysBusDevice *dev, SysBusDevice *target);
-void sysbus_init_ioports(SysBusDevice *dev, pio_addr_t ioport, pio_addr_t 
size);
+void sysbus_init_ioports(SysBusDevice *dev, uint32_t ioport, uint32_t size);
 
 
 bool sysbus_has_irq(SysBusDevice *dev, int n);
diff --git a/ioport.c b/ioport.c
index 901a997..94e08ab 100644
--- a/ioport.c
+++ b/ioport.c
@@ -55,14 +55,14 @@ const MemoryRegionOps unassigned_io_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-void cpu_outb(pio_addr_t addr, uint8_t val)
+void cpu_outb(uint32_t addr, uint8_t val)
 {
 trace_cpu_out(addr, 'b', val);
 address_space_write(&address_space_io, addr, MEMTXATTRS_UNSPECIFIED,
 &val, 1);
 }
 
-void cpu_outw(pio_addr_t addr, uint16_t val)
+void cpu_outw(uint32_t addr, uint16_t val)
 {
 uint8_t buf[2];
 
@@ -72,7 +72,7 @@ void cpu_outw(pio_addr_t addr, uint16_t val)
 buf, 2);
 }
 
-void cpu_outl(pio_addr_t addr, uint32_t val)
+void cpu_outl(uint32_t addr, uint32_t val)
 {
 uint8_t buf[4];
 
@@ -82,7 +82,7 @@ void cpu_outl(pio_addr_t addr, uint32_t val)
 buf, 4);
 }
 
-uint8_t cpu_inb(pio_addr_t addr)
+uint8_t cpu_inb(uint32_t addr)
 {
 uint8_t val;
 
@@ -92,7 +92,7 @@ uint8_t cpu_inb(pio_addr_t addr)
 return val;
 }
 
-uint16_t cpu_inw(pio_addr_t addr)
+uint16_t cpu_inw(uint32_t addr)
 {
 uint8_t buf[2];
 uint16_t val;
@@ -103,7 +103,7 @@ uint16_t cpu_inw(pio_addr_t addr)
 return val;
 }
 
-uint32_t cpu_inl(pio_addr_t addr)
+uint32_t cpu_inl(uint32_t addr)
 {
 uint8_t buf[4];
 uint32_t val;
diff --git a/xen-hvm.c b/xen-hvm.c
index 039680a..76dd76f 100644
--- a/xen-hvm.c
+++ b/xen-hvm.c
@@ -725,7 +725,7 @@ static ioreq_t *cpu_get_ioreq(XenIOState *state)
 return NULL;
 }
 
-static uint32_t do_inp(pio_addr_t addr, unsigned long size)
+static uint32_t do_inp(uint32_t addr, unsigned long size)
 {
 switch (size) {
 

[Qemu-devel] [PATCH 46/50] hw: explicitly include qemu/log.h

[Paolo Bonzini]

Move the inclusion out of hw/hw.h, most files do not need it.

Signed-off-by: Paolo Bonzini 
---
 hw/arm/ast2400.c   | 1 +
 hw/arm/nseries.c   | 1 +
 hw/arm/palmetto-bmc.c  | 1 +
 hw/arm/pxa2xx_gpio.c   | 1 +
 hw/arm/stellaris.c | 1 +
 hw/arm/strongarm.c | 1 +
 hw/arm/xlnx-ep108.c| 1 +
 hw/audio/pl041.c   | 1 +
 hw/block/m25p80.c  | 1 +
 hw/block/pflash_cfi01.c| 1 +
 hw/char/bcm2835_aux.c  | 1 +
 hw/char/cadence_uart.c | 4 
 hw/char/digic-uart.c   | 1 +
 hw/char/imx_serial.c   | 1 +
 hw/char/pl011.c| 1 +
 hw/char/stm32f2xx_usart.c  | 1 +
 hw/display/bcm2835_fb.c| 1 +
 hw/display/cg3.c   | 1 +
 hw/display/pl110.c | 1 +
 hw/display/virtio-gpu.c| 1 +
 hw/dma/bcm2835_dma.c   | 1 +
 hw/dma/pl080.c | 1 +
 hw/dma/pl330.c | 1 +
 hw/dma/rc4030.c| 1 +
 hw/gpio/imx_gpio.c | 1 +
 hw/gpio/pl061.c| 1 +
 hw/i2c/imx_i2c.c   | 1 +
 hw/i2c/versatile_i2c.c | 1 +
 hw/input/pl050.c   | 1 +
 hw/intc/allwinner-a10-pic.c| 1 +
 hw/intc/arm_gic.c  | 1 +
 hw/intc/arm_gicv2m.c   | 1 +
 hw/intc/armv7m_nvic.c  | 1 +
 hw/intc/bcm2835_ic.c   | 1 +
 hw/intc/bcm2836_control.c  | 1 +
 hw/intc/i8259.c| 1 +
 hw/intc/imx_avic.c | 1 +
 hw/intc/openpic.c  | 1 +
 hw/intc/pl190.c| 1 +
 hw/misc/arm11scu.c | 1 +
 hw/misc/arm_integrator_debug.c | 1 +
 hw/misc/arm_l2x0.c | 1 +
 hw/misc/arm_sysctl.c   | 1 +
 hw/misc/bcm2835_mbox.c | 1 +
 hw/misc/bcm2835_property.c | 1 +
 hw/misc/imx25_ccm.c| 1 +
 hw/misc/imx31_ccm.c| 1 +
 hw/misc/imx6_ccm.c | 1 +
 hw/misc/imx6_src.c | 1 +
 hw/misc/imx_ccm.c  | 1 +
 hw/misc/macio/cuda.c   | 1 +
 hw/misc/macio/mac_dbdma.c  | 1 +
 hw/misc/mips_cmgcr.c   | 1 +
 hw/misc/mips_cpc.c | 1 +
 hw/misc/mips_itu.c | 1 +
 hw/misc/stm32f2xx_syscfg.c | 1 +
 hw/misc/zynq-xadc.c| 1 +
 hw/misc/zynq_slcr.c| 1 +
 hw/net/allwinner_emac.c| 1 +
 hw/net/fsl_etsec/etsec.c   | 1 +
 hw/net/fsl_etsec/rings.c   | 2 +-
 hw/net/imx_fec.c   | 1 +
 hw/net/lan9118.c   | 1 +
 hw/net/spapr_llan.c| 1 +
 hw/pci-host/apb.c  | 1 +
 hw/pci-host/versatile.c| 1 +
 hw/ppc/spapr.c | 1 +
 hw/ppc/spapr_hcall.c   | 1 +
 hw/ppc/spapr_iommu.c   | 1 +
 hw/ppc/spapr_rtas.c| 1 +
 hw/ppc/spapr_vio.c | 1 +
 hw/sd/pl181.c  | 1 +
 hw/sd/sd.c | 1 +
 hw/sd/sdhci.c  | 1 +
 hw/ssi/imx_spi.c   | 1 +
 hw/ssi/pl022.c | 1 +
 hw/timer/allwinner-a10-pit.c   | 1 +
 hw/timer/arm_timer.c   | 1 +
 hw/timer/digic-timer.c | 1 +
 hw/timer/imx_epit.c| 1 +
 hw/timer/imx_gpt.c | 1 +
 hw/timer/pl031.c   | 1 +
 hw/timer/stm32f2xx_timer.c | 1 +
 hw/watchdog/wdt_diag288.c  | 1 +
 include/hw/hw.h| 1 -
 monitor.c  | 1 +
 target-arm/arm-powerctl.c  | 1 +
 target-arm/kvm.c   | 1 +
 target-arm/kvm32.c | 1 +
 vl.c   | 1 +
 90 files changed, 92 insertions(+), 2 deletions(-)

diff --git a/hw/arm/ast2400.c b/hw/arm/ast2400.c
index 03f9938..5510a8a 100644
--- a/hw/arm/ast2400.c
+++ b/hw/arm/ast2400.c
@@ -17,6 +17,7 @@
 #include "exec/address-spaces.h"
 #include "hw/arm/ast2400.h"
 #include "hw/char/serial.h"
+#include "qemu/log.h"
 
 #define AST2400_UART_5_BASE  0x00184000
 #define AST2400_IOMEM_SIZE   0x0020
diff --git a/hw/arm/nseries.c b/hw/arm/nseries.c
index 6131c34..d4eb141 100644
--- a/hw/arm/nseries.c
+++ b/hw/arm/nseries.c
@@ -37,6 +37,7 @@
 #include "hw/loader.h"
 #include "sysemu/block-backend.h"
 #include "hw/sysbus.h"
+#include "qemu/log.h"
 #include "exec/address-spaces.h"
 
 /* Nokia N8x0 support */
diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
index 89ebd92..a51d960 100644
--- a/hw/arm/palmetto-bmc.c
+++ b/hw/arm/palmetto-bmc.c
@@ -17,6 +17,7 @@
 #include "hw/arm/arm.h"
 #include "hw/arm/ast2400.h"
 #include "hw/boards.h"
+#include "qemu/log.h"
 
 static struct arm_boot_info palmetto_bmc_binfo = {
 .loader_start = AST2400_SDRAM_BASE,
diff --git a/hw/arm/pxa2xx_gpio.c b/hw/arm/pxa2xx_gpio.c
index 8c9626e..576a8eb 100644
--- a/hw/arm/pxa2xx_gpio.c
+++ b/hw/arm/pxa2xx_gpio.c
@@ -12,6 +12,7 @@
 #include "hw/hw.h"
 #include "hw/sysbus.h"
 #include "hw/arm/pxa.h"
+#include "qemu/log.h"
 
 #define PXA2XX_GPIO_BANKS  4
 
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index f90b9fd..4459171 100644
--- a/hw/arm/stellaris.c
+++ b/hw

[Qemu-devel] [PATCH 3/5] cpu-exec: Rename cpu_resume_from_signal() to cpu_loop_exit_noexc()

[Peter Maydell]

The function cpu_resume_from_signal() is now always called with a
NULL puc argument, and is rather misnamed since it is never called
from a signal handler. It is essentially forcing an exit to the
top level cpu loop but without raising any exception, so rename
it to cpu_loop_exit_noexc() and drop the useless unused argument.

Signed-off-by: Peter Maydell 
---
 cpu-exec-common.c| 6 ++
 exec.c   | 2 +-
 hw/i386/kvmvapic.c   | 2 +-
 include/exec/exec-all.h  | 2 +-
 target-i386/bpt_helper.c | 2 +-
 target-lm32/helper.c | 2 +-
 target-s390x/helper.c| 2 +-
 target-xtensa/helper.c   | 2 +-
 translate-all.c  | 4 ++--
 user-exec.c  | 2 +-
 10 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/cpu-exec-common.c b/cpu-exec-common.c
index 62f5d6b..fac3aa7 100644
--- a/cpu-exec-common.c
+++ b/cpu-exec-common.c
@@ -25,10 +25,8 @@
 bool exit_request;
 CPUState *tcg_current_cpu;
 
-/* exit the current TB from a signal handler. The host registers are
-   restored in a state compatible with the CPU emulator
- */
-void cpu_resume_from_signal(CPUState *cpu, void *puc)
+/* exit the current TB, but without causing any exception to be raised */
+void cpu_loop_exit_noexc(CPUState *cpu)
 {
 /* XXX: restore cpu registers saved in host registers */
 
diff --git a/exec.c b/exec.c
index ee45472..c5c97ac 100644
--- a/exec.c
+++ b/exec.c
@@ -2121,7 +2121,7 @@ static void check_watchpoint(int offset, int len, 
MemTxAttrs attrs, int flags)
 } else {
 cpu_get_tb_cpu_state(env, &pc, &cs_base, &cpu_flags);
 tb_gen_code(cpu, pc, cs_base, cpu_flags, 1);
-cpu_resume_from_signal(cpu, NULL);
+cpu_loop_exit_noexc(cpu);
 }
 }
 } else {
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index f14445d..ee2f3fa 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -447,7 +447,7 @@ static void patch_instruction(VAPICROMState *s, X86CPU 
*cpu, target_ulong ip)
 
 if (!kvm_enabled()) {
 tb_gen_code(cs, current_pc, current_cs_base, current_flags, 1);
-cpu_resume_from_signal(cs, NULL);
+cpu_loop_exit_noexc(cs);
 }
 }
 
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 85528f9..1359f14 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -73,7 +73,7 @@ void restore_state_to_opc(CPUArchState *env, struct 
TranslationBlock *tb,
 void cpu_gen_init(void);
 bool cpu_restore_state(CPUState *cpu, uintptr_t searched_pc);
 
-void QEMU_NORETURN cpu_resume_from_signal(CPUState *cpu, void *puc);
+void QEMU_NORETURN cpu_loop_exit_noexc(CPUState *cpu);
 void QEMU_NORETURN cpu_io_recompile(CPUState *cpu, uintptr_t retaddr);
 TranslationBlock *tb_gen_code(CPUState *cpu,
   target_ulong pc, target_ulong cs_base,
diff --git a/target-i386/bpt_helper.c b/target-i386/bpt_helper.c
index f47df19..458170e 100644
--- a/target-i386/bpt_helper.c
+++ b/target-i386/bpt_helper.c
@@ -217,7 +217,7 @@ void breakpoint_handler(CPUState *cs)
 if (check_hw_breakpoints(env, false)) {
 raise_exception(env, EXCP01_DB);
 } else {
-cpu_resume_from_signal(cs, NULL);
+cpu_loop_exit_noexc(cs);
 }
 }
 } else {
diff --git a/target-lm32/helper.c b/target-lm32/helper.c
index 655248f..accfa7c 100644
--- a/target-lm32/helper.c
+++ b/target-lm32/helper.c
@@ -140,7 +140,7 @@ void lm32_debug_excp_handler(CPUState *cs)
 if (check_watchpoints(env)) {
 raise_exception(env, EXCP_WATCHPOINT);
 } else {
-cpu_resume_from_signal(cs, NULL);
+cpu_loop_exit_noexc(cs);
 }
 }
 } else {
diff --git a/target-s390x/helper.c b/target-s390x/helper.c
index 92abe7e..f1e0a43 100644
--- a/target-s390x/helper.c
+++ b/target-s390x/helper.c
@@ -686,7 +686,7 @@ void s390x_cpu_debug_excp_handler(CPUState *cs)
will be triggered, it will call load_psw which will recompute
the watchpoints.  */
 cpu_watchpoint_remove_all(cs, BP_CPU);
-cpu_resume_from_signal(cs, NULL);
+cpu_loop_exit_noexc(cs);
 }
 }
 #endif /* CONFIG_USER_ONLY */
diff --git a/target-xtensa/helper.c b/target-xtensa/helper.c
index 839f4a7..768b32c 100644
--- a/target-xtensa/helper.c
+++ b/target-xtensa/helper.c
@@ -108,7 +108,7 @@ void xtensa_breakpoint_handler(CPUState *cs)
 if (cause) {
 debug_exception_env(env, cause);
 }
-cpu_resume_from_signal(cs, NULL);
+cpu_loop_exit_noexc(cs);
 }
 }
 }
diff --git a/translate-all.c b/translate-all.c
index 52a571e..3a0d10f 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1394,7 +1394,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, 
tb_page_addr_t end,
modifying the memory. It will ensur