Re: [Qemu-devel] [PATCH 1/2] blockjob: assert(cb) in the entry functions of blockjob

[Changlong Xie]

On 06/23/2016 02:21 PM, Kevin Wolf wrote:

Am 23.06.2016 um 03:04 hat Changlong Xie geschrieben:

On 06/23/2016 01:31 AM, Eric Blake wrote:

On 06/22/2016 04:19 AM, Paolo Bonzini wrote:



On 22/06/2016 12:12, Changlong Xie wrote:


commit/mirror/stream/backup use block_job_create(..., cb,..) to create
relevant blockjob. When they finished, these jobs will invoke
block_job_completed, then invoke job->cb() unconditionally. So i think
we need this to avoid segment fault. Actually backup has implemented this.


So this suggests that the right place to put the assertion would be
block_job_create.  But it's even better to add a

#define QEMU_NONNULL __attribute__((__nonnull__))

to include/qemu/compiler.h and declare the arguments as non-null.


Or alternatively fix things to only invoke job->cb() if it is non-NULL,
so that callers don't have to pass in a no-op callback just to appease a
non-NULL attribute.


Is there any reason, that we should invoke job->cb() unconditionally
without nonnull check? There is no relevant clue in the historical
commit messages. If yes, i prefer paolo's suggestion; otherwise
eric's solution is better.


I don't think no-op callbacks actually exist for jobs.



So, i'll put assert(cb) in block_job_create as Paolo suggested.

Thanks
-Xie


Kevin


.

Re: [Qemu-devel] [PATCH v2 1/3] hw/misc: Add a model for the ASPEED System Control Unit

[Cédric Le Goater]

On 06/23/2016 04:15 AM, Andrew Jeffery wrote:
> The SCU is a collection of chip-level control registers that manage the
> various functions supported by ASPEED SoCs. Typically the bits control
> interactions with clocks, external hardware or reset behaviour, and we
> can largly take a hands-off approach to reads and writes.
> 
> Firmware makes heavy use of the state to determine how to boot, but the
> reset values vary from SoC to SoC (eg AST2400 vs AST2500). A qdev
> property is exposed so that the integrating SoC model can configure the
> silicon revision, which in-turn selects the appropriate reset values.
> Further qdev properties are exposed so the board model can configure the
> board-dependent hardware strapping.
> 
> Almost all provided AST2400 reset values are specified by the datasheet.
> The notable exception is SOC_SCRATCH1, where we mark the DRAM as
> successfully initialised to avoid unnecessary dark corners in the SoC's
> u-boot support.
> 
> Signed-off-by: Andrew Jeffery 



Reviewed-by: Cédric Le Goater 

Thanks,

C.

Re: [Qemu-devel] [RFC 00/28] s390x CPU models: exposing features

[David Hildenbrand]

> On Wed, Jun 22, 2016 at 09:54:51 +0200, David Hildenbrand wrote:
> > > On Wed, Jun 22, 2016 at 09:34:49 +0200, David Hildenbrand wrote:  
> > > > I think the coffee didn't do its work already :) . I wanted to write 
> > > > that we can
> > > > _with_ this additional query. Meaning the involved overhead would be ok 
> > > > - in my
> > > > opinion for s390x.
> > > > 
> > > > What we could do to avoid one compare operation would be:
> > > > 
> > > > a) Expand the host model
> > > > b) Expand the target model (because on s390x we could have migration 
> > > > unsafe
> > > > model)
> > > > c) Work with the runnability information returned via 
> > > > query-cpu-definitions
> > > > 
> > > > But as we have to do b) either way on s390x, we can directly do a 
> > > > compare
> > > > operation. (which makes implementation a lot simpler, because libvirt 
> > > > then
> > > > doesn't have to deal with any feature/model names).
> > > 
> > > But why do you even need to do any comparison? Isn't it possible to let
> > > QEMU do it when a domain starts? The thing is we should avoid doing
> > > completely different things on each architecture.
> > >   
> > 
> > Sure, QEMU will of course double check when starting the guest! So trying to
> > start and failing is of course an option! So no check is needed if that is
> > acceptable.  
> 
> Yeah, I think it's the safest and easiest option now.
> 
> Jirka
> 

Alright then, this RFC already handles that properly, so that seems to be
solved. The question now is if you guys see a fundamental problem in the way we
want to handle CPU models.

Especially
a) Having flexible, not migration safe CPU models that can be expanded to
migration safe models (using the expansion interface).

b) Letting QEMU carry out the task of comparing and baselining to be used
for e.g. for "virsh cpu-baseline" or "virsh cpu-compare".

c) Indicating the host model as the expansion of "-cpu host", e.g. for "virsh
capabilities" (which says "host" for now for us).

Also, it will be good to know if the "expansion" interface with parameters
"full" or "migratable" is really helpful to you or if I should drop that and
you will come up with an own "query-host-cpu".

We are also planning to implement the "query-cpu-definitions" runnability
information in the future, because as you said, it might be a good way to
quickly indicate runnable CPU models. But we are most likely not going to use it
for e.g. comparing or baselining or detection of runnability of a more complex
cpu model (having a lot of feature changes).

Thanks!

David

Re: [Qemu-devel] [PATCH v2 01/10] ppc: Fix rfi/rfid/hrfi/... emulation

[David Gibson]

On Thu, Jun 23, 2016 at 08:08:38AM +0200, Cédric Le Goater wrote:
> On 06/23/2016 07:50 AM, David Gibson wrote:
> > On Wed, Jun 22, 2016 at 08:48:14AM +0200, Cédric Le Goater wrote:
> >> On 06/22/2016 04:46 AM, David Gibson wrote:
> >>> I'm not comfortable merging this until the openbios change is pulled
> >>> back into the qemu tree (submodule and pre-built binary).
> >>>
> >>> Again - sure you don't want to apply this with rfi still enabled for
> >>> 64-bit for now, letting the rest of this series go in as well, then
> >>> clean up the rfi/64 behaviour later?
> >>
> >> Sure. I don't think it has an impact on the serie anyway so we can keep
> >> it for later.
> > 
> > Ok, I modified 1/10 to leave rfi in for 64-bit cpus for now, and
> > applied the full series to ppc-for-2.7.  I've also now sent a pull
> > request including this.
> 
> Perfect. I was wondering if we should not just remove the instruction from 
> the 64bit set.

We should, but I don't want to do so until OpenBIOS is updated to
cope.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v1 7/8] [optional] tests: SMMUv3 unit tests

[Prem Mallappa]

 - initializes SMMU device
 - initializes Test device
 - allocates page tables 1:1 mapping va == pa
 - allocates STE/CD accordingly for S1, S2, S1+S2
 - initiates DMA via PCI test device
 - verifies transfered data

Signed-off-by: Prem Mallappa 
---
 tests/Makefile.include |   4 +
 tests/smmuv3-test.c| 905 +
 2 files changed, 909 insertions(+)
 create mode 100644 tests/smmuv3-test.c

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 7d63d16..08bee81 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -251,6 +251,8 @@ gcov-files-sparc-y += hw/timer/m48t59.c
 gcov-files-sparc64-y += hw/timer/m48t59.c
 check-qtest-arm-y = tests/tmp105-test$(EXESUF)
 check-qtest-arm-y = tests/ds1338-test$(EXESUF)
+check-qtest-aarch64-y += tests/smmuv3-test$(EXESUF)
+gcov-files-aarch64-y += hw/arm/smmu-v3.c
 gcov-files-arm-y += hw/misc/tmp105.c
 check-qtest-arm-y += tests/virtio-blk-test$(EXESUF)
 gcov-files-arm-y += arm-softmmu/hw/block/virtio-blk.c
@@ -535,6 +537,7 @@ tests/test-crypto-afsplit$(EXESUF): 
tests/test-crypto-afsplit.o $(test-crypto-ob
 tests/test-crypto-block$(EXESUF): tests/test-crypto-block.o 
$(test-crypto-obj-y)
 
 libqos-obj-y = tests/libqos/pci.o tests/libqos/fw_cfg.o tests/libqos/malloc.o
+libqos-obj-y += tests/libqos/pci-generic.o
 libqos-obj-y += tests/libqos/i2c.o tests/libqos/libqos.o
 libqos-pc-obj-y = $(libqos-obj-y) tests/libqos/pci-pc.o
 libqos-pc-obj-y += tests/libqos/malloc-pc.o tests/libqos/libqos-pc.o
@@ -608,6 +611,7 @@ tests/test-filter-mirror$(EXESUF): 
tests/test-filter-mirror.o $(qtest-obj-y)
 tests/test-filter-redirector$(EXESUF): tests/test-filter-redirector.o 
$(qtest-obj-y)
 tests/ivshmem-test$(EXESUF): tests/ivshmem-test.o 
contrib/ivshmem-server/ivshmem-server.o $(libqos-pc-obj-y)
 tests/vhost-user-bridge$(EXESUF): tests/vhost-user-bridge.o
+tests/smmuv3-test$(EXESUF): tests/smmuv3-test.o $(libqos-obj-y) 
tests/libqos/malloc-generic.o
 
 ifeq ($(CONFIG_POSIX),y)
 LIBS += -lutil
diff --git a/tests/smmuv3-test.c b/tests/smmuv3-test.c
new file mode 100644
index 000..dc8466b
--- /dev/null
+++ b/tests/smmuv3-test.c
@@ -0,0 +1,905 @@
+/*
+ * Copyright (C) 2014-2016 Broadcom
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Author: Prem Mallappa 
+ *   
+ */
+
+#include "qemu/osdep.h"
+
+#include 
+#include 
+
+#include "libqtest.h"
+#include "libqos/libqos.h"
+#include "libqos/pci-generic.h"
+#include "libqos/malloc-generic.h"
+
+#include "qemu-common.h"
+#include "hw/pci/pci_ids.h"
+#include "hw/pci/pci_regs.h"
+
+/* PCIe test device */
+#include "hw/misc/pci-testdev-smmu.h"
+
+/* SMMU */
+#include "hw/arm/smmu-common.h"
+#include "hw/arm/smmuv3-internal.h"
+
+
+/*
+ * STE/CD modification helpers
+ */
+#define ___SET(ste, off, start, len, val)   \
+({  \
+uint32_t *ptr = &(ste)->word[(off)];\
+*ptr = deposit32(*ptr, start, len, val);\
+})
+
+#define STE_SET_VALID(ste, val)   ___SET(ste, 0, 0, 1, val)
+#define STE_SET_CONFIG(ste, val)  ___SET(ste, 0, 1, 3, val)
+#define STE_SET_S1FMT(ste, val)   ___SET(ste, 0, 4, 2, val)
+#define STE_SET_S1CDMAX(ste, val) ___SET(ste, 1, 8, 2, val)
+#define STE_SET_EATS(ste, val)___SET(ste, 2, 28, 2, val)
+#define STE_SET_STRW(ste, val)___SET(ste, 2, 30, 2, val)
+#define STE_SET_S2VMID(ste, val)  ___SET(ste, 4, 0, 16, val) /* 4 */
+#define STE_SET_S2T0SZ(ste, val)  ___SET(ste, 5, 0, 6, val) /* 5 */
+#define STE_SET_S2TG(ste, val)___SET(ste, 5, 14, 2, val)
+#define STE_SET_S2PS(ste, val)___SET(ste, 5, 16, 3, val)
+#define STE_SET_S2AA64(ste, val)  ___SET(ste, 5, 19, 1, val)
+#define STE_SET_S2HD(ste, val)___SET(ste, 5, 24, 1, val)
+#define STE_SET_S2HA(ste, val)___SET(ste, 5, 25, 1, val)
+#define STE_SET_S2S(ste, val) ___SET(ste, 5, 26, 1, val)
+#define STE_SET_CTXPTR(ste, val)\
+({  \
+uint64_t __val = val;   \
+__val >>= 6;\
+___SET((ste), 0, 6, 26, __val); \
+__val >>= 32;   \
+___SET((ste), 1, 0, 16, __val); \
+})
+
+#define STE_SET_S2TTB(ste, val)   

[Qemu-devel] [PATCH v1 5/8] [optional] hw: misc: added testdev for smmu

[Prem Mallappa]

A simple PCI device which does DMA from 'src' to 'dst' given
src_addr, dst_addr and size, and is used by unit test. uses
pci_dma_read and pci_dma_write in a crude way but serves the purpose.

Signed-off-by: Prem Mallappa 
---
 hw/misc/Makefile.objs  |   2 +-
 hw/misc/pci-testdev-smmu.c | 239 +
 hw/misc/pci-testdev-smmu.h |  22 +
 3 files changed, 262 insertions(+), 1 deletion(-)
 create mode 100644 hw/misc/pci-testdev-smmu.c
 create mode 100644 hw/misc/pci-testdev-smmu.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index ffb49c1..fc34c5f 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -29,7 +29,6 @@ obj-$(CONFIG_IMX) += imx_ccm.o
 obj-$(CONFIG_IMX) += imx31_ccm.o
 obj-$(CONFIG_IMX) += imx25_ccm.o
 obj-$(CONFIG_IMX) += imx6_ccm.o
-obj-$(CONFIG_IMX) += imx6_src.o
 obj-$(CONFIG_MILKYMIST) += milkymist-hpdmc.o
 obj-$(CONFIG_MILKYMIST) += milkymist-pfpu.o
 obj-$(CONFIG_MAINSTONE) += mst_fpga.o
@@ -52,3 +51,4 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
 obj-$(CONFIG_EDU) += edu.o
 obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o
 obj-$(CONFIG_AUX) += aux.o
+obj-$(CONFIG_ARM_SMMUV3) += pci-testdev-smmu.o
diff --git a/hw/misc/pci-testdev-smmu.c b/hw/misc/pci-testdev-smmu.c
new file mode 100644
index 000..52334eb
--- /dev/null
+++ b/hw/misc/pci-testdev-smmu.c
@@ -0,0 +1,239 @@
+/*
+ * QEMU PCI test device
+ *
+ * Copyright (c) 2012 Red Hat Inc.
+ * Author: Michael S. Tsirkin 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+#include "qemu/osdep.h"
+#include "hw/hw.h"
+#include "hw/pci/pci.h"
+#include "qemu/event_notifier.h"
+
+#include "pci-testdev-smmu.h"
+
+/*
+ * pci-testdev-smmu:
+ *  Simple PCIe device, to enable read and write from memory.
+ * Architecture:
+ *  Following registers are supported.
+ *  TST_COMMAND = 0x0
+ *  TST_STATUS  = 0x4
+ *  TST_SRC_ADDRESS = 0x8
+ *  TST_SIZE= 0x10
+ *  TST_DST_ADDRESS = 0x18
+ */
+#define PCI_TSTDEV_NREGS 0x10
+
+/*
+ *  TST_COMMAND Register bits
+ *  OP[0]
+ *  READ = 0x0
+ *  WRITE = 0x1
+ */
+
+struct RegInfo {
+uint64_t data;
+char *name;
+};
+typedef struct RegInfo RegInfo;
+
+typedef struct PCITestDevState {
+/*< private >*/
+PCIDevice dev;
+/*< public >*/
+
+MemoryRegion mmio;
+RegInfo regs[PCI_TSTDEV_NREGS];
+} PCITestDevState;
+
+#define TYPE_PCI_TEST_DEV "pci-testdev-smmu"
+
+#define PCI_TEST_DEV(obj) \
+OBJECT_CHECK(PCITestDevState, (obj), TYPE_PCI_TEST_DEV)
+
+static void
+pci_tstdev_reset(PCITestDevState *d)
+{
+memset(d->regs, 0, sizeof(d->regs));
+}
+
+static inline void
+pci_tstdev_write_reg(PCITestDevState *pdev, hwaddr addr, uint64_t val)
+{
+RegInfo *reg = &pdev->regs[addr >> 2];
+reg->data = val;
+}
+
+static inline uint32_t
+pci_tstdev_read32_reg(PCITestDevState *pdev, hwaddr addr)
+{
+RegInfo *reg = &pdev->regs[addr >> 2];
+return (uint32_t) reg->data;
+}
+
+static inline uint64_t
+pci_tstdev_read64_reg(PCITestDevState *pdev, hwaddr addr)
+{
+RegInfo *reg = &pdev->regs[addr >> 2];
+return reg->data;
+}
+
+static void
+pci_tstdev_handle_cmd(PCITestDevState *pdev, hwaddr addr, uint64_t val,
+unsigned _unused_size)
+{
+uint64_t s = pci_tstdev_read64_reg(pdev, TST_REG_SRC_ADDR);
+uint64_t d = pci_tstdev_read64_reg(pdev, TST_REG_DST_ADDR);
+uint32_t size = pci_tstdev_read32_reg(pdev, TST_REG_SIZE);
+uint8_t buf[128];
+
+printf("+> src:%lx, dst:%lx size:%d\n",
+   s, d, size);
+while (size) {
+int nbytes = (size < sizeof(buf)) ? size: sizeof(buf);
+int ret = 0;
+printf("nbytes:%d\n", nbytes);
+if (val & CMD_READ) {
+printf("doing pci_dma_read\n");
+ret = pci_dma_read(&pdev->dev, s, (void*)buf, nbytes);
+}
+if (ret)
+return;
+
+if (val & CMD_WRITE) {
+printf("doing pci_dma_write\n");
+ret = pci_dma_write(&pdev->dev, d, (void*)buf, nbytes);
+}
+size -= nbytes;
+s += nbytes;
+d += nbytes;
+}
+}
+
+static void
+pci_tstdev_mmio_write(void *opaque, hwaddr addr,
+  uint64_t val, unsigned size)
+{
+PCITestDevState *d = opaque;
+uint64_t lo;
+
+printf("=

Re: [Qemu-devel] [PATCH v2 2/3] ast2400: Integrate the SCU model and set silicon revision

[Cédric Le Goater]

On 06/23/2016 04:15 AM, Andrew Jeffery wrote:
> By specifying the silicon revision we select the appropriate reset
> values for the SoC.
> 
> Additionally, expose hardware strapping properties aliasing those
> provided by the SCU for board-specific configuration.
> 
> Signed-off-by: Andrew Jeffery 
> ---


Reviewed-by: Cédric Le Goater 

Thanks,

C.

Re: [Qemu-devel] [RFC 00/28] s390x CPU models: exposing features

[David Hildenbrand]

> Question: KVM supports x2apic (and enables it by default) on any
> host CPU, because it is all emulated by KVM. Should "host-model"
> include x2apic on all hosts, or only when the host CPU has it?
> ("-cpu host" does include it).
> 
> Including x2apic sounds more useful, but it doesn't match the
> "get as close to the host CPU as possible" part of your
> description.
> 

From a s390x point of view, our "host" model is about indicating the maximum
possible configuration we are able to virtualize, not strictly limiting it only
to the real host features.

We also have a feature called "sthyi", emulated by KVM, which might not be
around for the real "host". We will include that in "host", because otherwise
things seem to get really complicated with no obvious benefit (to me :) ).

Not sure how you want to handle that.

David

[Qemu-devel] [PATCH v1 4/8] hw: arm: Add SMMUv3 to virt platform, create DTS accordingly

[Prem Mallappa]

Default virt platform now creates SMMU device.
Default config to build SMMU device along is in previous patches.

Signed-off-by: Prem Mallappa 
---
 hw/arm/virt.c | 62 +++
 include/hw/arm/smmu.h | 33 +++
 include/hw/arm/virt.h |  2 ++
 3 files changed, 97 insertions(+)
 create mode 100644 include/hw/arm/smmu.h

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index c5c125e..f3c7891 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -57,6 +57,7 @@
 #include "hw/smbios/smbios.h"
 #include "qapi/visitor.h"
 #include "standard-headers/linux/input.h"
+#include "hw/arm/smmu.h"
 
 /* Number of external interrupt lines to configure the GIC with */
 #define NUM_IRQS 256
@@ -77,6 +78,7 @@ typedef struct VirtBoardInfo {
 uint32_t gic_phandle;
 uint32_t v2m_phandle;
 bool using_psci;
+uint32_t smmu_phandle;
 } VirtBoardInfo;
 
 typedef struct {
@@ -175,6 +177,7 @@ static const MemMapEntry a15memmap[] = {
 [VIRT_FW_CFG] = { 0x0902, 0x0018 },
 [VIRT_GPIO] =   { 0x0903, 0x1000 },
 [VIRT_SECURE_UART] ={ 0x0904, 0x1000 },
+[VIRT_SMMU] =   { 0x0905, 0x0002 }, /* 128K, needed */
 [VIRT_MMIO] =   { 0x0a00, 0x0200 },
 /* ...repeating for a total of NUM_VIRTIO_TRANSPORTS, each of that size */
 [VIRT_PLATFORM_BUS] =   { 0x0c00, 0x0200 },
@@ -195,9 +198,19 @@ static const int a15irqmap[] = {
 [VIRT_SECURE_UART] = 8,
 [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
 [VIRT_GIC_V2M] = 48, /* ...to 48 + NUM_GICV2M_SPIS - 1 */
+[VIRT_SMMU] = 74,/* ...to 74 + NUM_SMMU_IRQS - 1 */
 [VIRT_PLATFORM_BUS] = 112, /* ...to 112 + PLATFORM_BUS_NUM_IRQS -1 */
 };
 
+static const struct smmuirq {
+const char *name;
+} smmuirqmap[NUM_SMMU_IRQS] = {
+[SMMU_IRQ_EVTQ] = {"eventq"},
+[SMMU_IRQ_PRIQ] = {"priq"},
+[SMMU_IRQ_CMD_SYNC] = {"cmdq-sync"},
+[SMMU_IRQ_GERROR] = {"gerror"},
+};
+
 static VirtBoardInfo machines[] = {
 {
 .cpu_model = "cortex-a15",
@@ -938,6 +951,50 @@ static void create_pcie_irq_map(const VirtBoardInfo *vbi, 
uint32_t gic_phandle,
0x7   /* PCI irq */);
 }
 
+static void alloc_smmu_phandle(VirtBoardInfo *vbi)
+{
+if (!vbi->smmu_phandle)
+vbi->smmu_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
+}
+
+static void create_smmu(VirtBoardInfo *vbi, qemu_irq *pic)
+{
+int i;
+char *smmu;
+const char compat[] = "arm,smmu-v3";
+int irq =  vbi->irqmap[VIRT_SMMU];
+hwaddr base = vbi->memmap[VIRT_SMMU].base;
+hwaddr size = vbi->memmap[VIRT_SMMU].size;
+int type = GIC_FDT_IRQ_TYPE_SPI;
+
+sysbus_create_varargs("smmuv3", base,
+  pic[irq],
+  pic[irq + 1],
+  pic[irq + 2],
+  pic[irq + 3],
+  NULL);
+
+smmu = g_strdup_printf("/smmuv3@%" PRIx64, base);
+qemu_fdt_add_subnode(vbi->fdt, smmu);
+qemu_fdt_setprop(vbi->fdt, smmu, "compatible", compat, sizeof(compat));
+qemu_fdt_setprop_sized_cells(vbi->fdt, smmu, "reg", 2, base, 2, size);
+
+for (i = 0; i < NUM_SMMU_IRQS; i++) {
+qemu_fdt_appendprop_cells(vbi->fdt, smmu, "interrupts",
+  type, irq + i,
+  GIC_FDT_IRQ_FLAGS_LEVEL_HI);
+qemu_fdt_appendprop_string(vbi->fdt, smmu, "interrupt-names",
+   smmuirqmap[i].name);
+}
+
+qemu_fdt_setprop_cell(vbi->fdt, smmu, "clocks", vbi->clock_phandle);
+qemu_fdt_setprop_cell(vbi->fdt, smmu, "#iommu-cells", 0);
+qemu_fdt_setprop_string(vbi->fdt, smmu, "clock-names", "apb_pclk");
+
+qemu_fdt_setprop_cell(vbi->fdt, smmu, "phandle", vbi->smmu_phandle);
+g_free(smmu);
+}
+
 static void create_pcie(const VirtBoardInfo *vbi, qemu_irq *pic,
 bool use_highmem)
 {
@@ -1048,6 +1105,7 @@ static void create_pcie(const VirtBoardInfo *vbi, 
qemu_irq *pic,
 }
 
 qemu_fdt_setprop_cell(vbi->fdt, nodename, "#interrupt-cells", 1);
+qemu_fdt_setprop_cells(vbi->fdt, nodename, "iommus", vbi->smmu_phandle);
 create_pcie_irq_map(vbi, vbi->gic_phandle, irq, nodename);
 
 g_free(nodename);
@@ -1332,8 +1390,12 @@ static void machvirt_init(MachineState *machine)
 
 create_rtc(vbi, pic);
 
+alloc_smmu_phandle(vbi);
+
 create_pcie(vbi, pic, vms->highmem);
 
+create_smmu(vbi, pic);
+
 create_gpio(vbi, pic);
 
 /* Create mmio transports, so the user can create virtio backends
diff --git a/include/hw/arm/smmu.h b/include/hw/arm/smmu.h
new file mode 100644
index 000..bbb5e5d
--- /dev/null
+++ b/include/hw/arm/smmu.h
@@ -0,0 +1,33 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * publish

[Qemu-devel] [PATCH v1 8/8] [optional] arm: smmu-v3: ACPI IORT initial support

[Prem Mallappa]

Added ACPI IORT tables, was needed for internal project purpose, but
posting here for anyone looking for testing ACPI on ARM platforms.
(P.S: Linux side IORT patches are WIP)

Signed-off-by: Prem Mallappa 
---
 hw/arm/virt-acpi-build.c| 43 +++
 include/hw/acpi/acpi-defs.h | 84 +
 2 files changed, 127 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 1fa0581..d5fb69e 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -382,6 +382,45 @@ build_rsdp(GArray *rsdp_table, BIOSLinker *linker, 
unsigned rsdt_tbl_offset)
 return rsdp_table;
 }
 
+/*
+ * TODO: Simple IORT for now, will add ID mappings as we go
+ * basic idea is to instantiate SMMU from ACPI
+ */
+static void
+build_iort(GArray *table_data, BIOSLinker *linker, VirtGuestInfo *guest_info)
+{
+int iort_start = table_data->len;
+AcpiIortTable *iort;
+AcpiIortNode *iort_node;
+AcpiIortSmmu3 *smmu;
+AcpiIortRC *rc;
+const MemMapEntry *memmap = guest_info->memmap;
+
+iort = acpi_data_push(table_data, sizeof(*iort));
+
+iort->length = sizeof(*iort);
+iort->node_offset = table_data->len - iort_start;
+iort->num_nodes++;
+
+smmu = acpi_data_push(table_data, sizeof(*smmu));
+iort_node = &smmu->iort_node;
+iort_node->type = 0x04;  /* SMMUv3 */
+iort_node->length = sizeof(*smmu);
+smmu->base_addr = cpu_to_le64(memmap[VIRT_SMMU].base);
+
+iort->num_nodes++;
+
+rc = acpi_data_push(table_data, sizeof(*rc));
+iort_node = &rc->iort_node;
+iort_node->type = 0x02;  /* RC */
+iort_node->length = sizeof(*rc);
+rc->ats_attr = 1;
+rc->pci_seg_num = 0;
+
+build_header(linker, table_data, (void *)(table_data->data + iort_start),
+ "IORT", table_data->len - iort_start, 0, NULL, NULL);
+}
+
 static void
 build_spcr(GArray *table_data, BIOSLinker *linker, VirtGuestInfo *guest_info)
 {
@@ -667,6 +706,7 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
  * MADT
  * MCFG
  * DSDT
+ * IORT = ACPI 6.0
  */
 
 /* DSDT is pointed to by FADT */
@@ -694,6 +734,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 build_srat(tables_blob, tables->linker, guest_info);
 }
 
+acpi_add_table(table_offsets, tables_blob);
+build_iort(tables_blob, tables->linker, guest_info);
+
 /* RSDT is pointed to by RSDP */
 rsdt = tables_blob->len;
 build_rsdt(tables_blob, tables->linker, table_offsets, NULL, NULL);
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index 850a962..d60f390 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -259,6 +259,90 @@ typedef struct AcpiFacsDescriptorRev1 
AcpiFacsDescriptorRev1;
  */
 
 /*
+ * IORT Table
+ */
+struct AcpiIortTable
+{
+ACPI_TABLE_HEADER_DEF /* ACPI common table header */
+uint32_t num_nodes;
+uint32_t node_offset;
+uint32_t reserved;
+} QEMU_PACKED;
+typedef struct AcpiIortTable AcpiIortTable;
+
+struct AcpiIortIdMapping
+{
+uint32_t input_base;
+uint32_t num_ids;
+uint32_t output_base;
+uint32_t output_ref;
+uint32_t flags;
+} QEMU_PACKED;
+typedef struct AcpiIortIdMapping AcpiIortIdMapping;
+
+struct AcpiIortNode
+{
+uint8_t  type;
+uint16_t length;
+uint8_t  revision;
+uint32_t reserved1;
+uint32_t num_id_maps;
+uint32_t id_array_offset;
+} QEMU_PACKED;
+typedef struct AcpiIortNode AcpiIortNode;
+
+struct AcpiIortSmmu2
+{
+AcpiIortNode iort_node;
+uint64_t base_addr;
+uint64_t span;
+uint32_t model;
+uint32_t flags;
+uint32_t gbl_intr_array_off;
+uint32_t ctx_intr_cnt;
+uint32_t ctx_intr_array_off;
+uint32_t pmr_intr_cnt;
+uint32_t pmr_intr_array_off;
+
+// Global interrupt array
+uint32_t gintr;
+uint32_t gintr_flags;
+uint32_t gcfgintr;
+uint32_t gcfgintr_flags;
+
+//AcpiIortIdMapping id_mapping_array[0];
+} QEMU_PACKED;
+typedef struct AcpiIortSmmu2 AcpiIortSmmu2;
+
+struct AcpiIortSmmu3
+{
+AcpiIortNode iort_node;
+uint64_t base_addr;
+uint32_t flags;
+uint32_t reserved2;
+uint64_t vatos_addr;
+uint32_t model;
+uint32_t event_irq;
+uint32_t pri_irq;
+uint32_t gerr_irq;
+uint32_t sync_irq;
+
+//AcpiIortIdMapping id_mapping_array[0];
+} QEMU_PACKED;
+typedef struct AcpiIortSmmu3 AcpiIortSmmu3;
+
+struct AcpiIortRC
+{
+AcpiIortNode iort_node;
+uint64_t mem_access_prop;
+uint32_t ats_attr;
+uint32_t pci_seg_num;
+
+AcpiIortIdMapping id_mapping_array[0];
+} QEMU_PACKED;
+typedef struct AcpiIortRC AcpiIortRC;
+
+/*
  * MADT values and structures
  */
 
-- 
2.9.0

Re: [Qemu-devel] [PATCH v2 3/3] palmetto-bmc: Configure the SCU's hardware strapping register

[Cédric Le Goater]

On 06/23/2016 04:15 AM, Andrew Jeffery wrote:
> The magic constant configures the following options:
> 
> * 28:27: Configure DRAM size as 256MB
> * 26:24: DDR3 SDRAM with CL = 6, CWL = 5
> * 23: Configure 24/48MHz CLKIN
> * 22: Disable GPIOE pass-through mode
> * 21: Disable GPIOD pass-through mode
> * 20: Enable LPC decode of SuperIO 0x2E/0x4E addresses
> * 19: Disable ACPI
> * 18: Configure 48MHz CLKIN
> * 17: Disable BMC 2nd boot watchdog timer
> * 16: Decode SuperIO address 0x2E
> * 15: VGA Class Code
> * 14: Enable LPC dedicated reset pin
> * 13:12: Enable SPI Master and SPI Slave to AHB Bridge
> * 11:10: Select CPU:AHB ratio = 2:1
> * 9:8: Select 384MHz H-PLL
> * 7: Configure MAC#2 for RMII/NCSI
> * 6: Configure MAC#1 for RMII/NCSI
> * 5: No VGA BIOS ROM
> * 4: Boot using 32bit SPI address mode
> * 3:2: Select 16MB VGA memory
> * 1:0: Boot from SPI flash memory
> 
> Signed-off-by: Andrew Jeffery 
> ---

Reviewed-by: Cédric Le Goater 

Thanks,

C.

[Qemu-devel] [PATCH v1 6/8] [optional] tests: libqos: generic pci probing helpers

[Prem Mallappa]

Current libqos PCI helpers are x86 only, this addes a generic interface.

Signed-off-by: Prem Mallappa 
---
 tests/libqos/pci-generic.c | 197 +
 tests/libqos/pci-generic.h |  58 +
 2 files changed, 255 insertions(+)
 create mode 100644 tests/libqos/pci-generic.c
 create mode 100644 tests/libqos/pci-generic.h

diff --git a/tests/libqos/pci-generic.c b/tests/libqos/pci-generic.c
new file mode 100644
index 000..1820c0e
--- /dev/null
+++ b/tests/libqos/pci-generic.c
@@ -0,0 +1,197 @@
+/*
+ * libqos PCI bindings for non-PC
+ *
+ * Copyright IBM, Corp. 2012-2013
+ *
+ * Authors:
+ *  Anthony Liguori   
+ *  Prem Mallappa 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "libqtest.h"
+#include "libqos/pci-generic.h"
+
+#include "hw/pci/pci_regs.h"
+
+#include "qemu-common.h"
+#include "qemu/host-utils.h"
+
+#include 
+
+static uint8_t qpci_generic_io_readb(QPCIBus *bus, void *addr)
+{
+return readb((uintptr_t)addr);
+}
+
+static uint16_t qpci_generic_io_readw(QPCIBus *bus, void *addr)
+{
+return readw((uintptr_t)addr);
+}
+
+static uint32_t qpci_generic_io_readl(QPCIBus *bus, void *addr)
+{
+return readl((uintptr_t)addr);
+}
+
+static void qpci_generic_io_writeb(QPCIBus *bus, void *addr, uint8_t value)
+{
+writeb((uintptr_t)addr, value);
+}
+
+static void qpci_generic_io_writew(QPCIBus *bus, void *addr, uint16_t value)
+{
+writew((uintptr_t)addr, value);
+}
+
+static void qpci_generic_io_writel(QPCIBus *bus, void *addr, uint32_t value)
+{
+writel((uintptr_t)addr, value);
+}
+
+#define devfn2addr(base, devfn, offset) \
+   ((base) | ((devfn) << 12) | (offset))
+
+#define bdf2offset(bus, devfn) \
+((bus) << 20 | (devfn) << 12)
+
+static uint8_t qpci_generic_config_readb(QPCIBus *bus, int devfn, uint8_t 
offset)
+{
+QPCIBusGen *s = container_of(bus, QPCIBusGen, bus);
+return readb(devfn2addr(s->base, devfn, offset));
+}
+
+static uint16_t qpci_generic_config_readw(QPCIBus *bus, int devfn, uint8_t 
offset)
+{ 
+QPCIBusGen *s = container_of(bus, QPCIBusGen, bus);
+return readw(devfn2addr(s->base, devfn, offset));
+}
+
+static uint32_t qpci_generic_config_readl(QPCIBus *bus, int devfn, uint8_t 
offset)
+{
+QPCIBusGen *s = container_of(bus, QPCIBusGen, bus);
+return readl(devfn2addr(s->base, devfn, offset));
+}
+
+static void qpci_generic_config_writeb(QPCIBus *bus, int devfn, uint8_t 
offset, uint8_t value)
+{
+QPCIBusGen *s = container_of(bus, QPCIBusGen, bus);
+writeb(devfn2addr(s->base, devfn, offset), value);
+}
+
+static void qpci_generic_config_writew(QPCIBus *bus, int devfn, uint8_t 
offset, uint16_t value)
+{
+QPCIBusGen *s = container_of(bus, QPCIBusGen, bus);
+writew(devfn2addr(s->base, devfn, offset), value);
+}
+
+static void qpci_generic_config_writel(QPCIBus *bus, int devfn, uint8_t 
offset, uint32_t value)
+{
+QPCIBusGen *s = container_of(bus, QPCIBusGen, bus);
+writel(devfn2addr(s->base, devfn, offset), value);
+}
+
+static void *qpci_generic_iomap(QPCIBus *bus, QPCIDevice *dev, int barno, 
uint64_t *sizeptr)
+{
+QPCIBusGen *s = container_of(bus, QPCIBusGen, bus);
+static const int bar_reg_map[] = {
+PCI_BASE_ADDRESS_0, PCI_BASE_ADDRESS_1, PCI_BASE_ADDRESS_2,
+PCI_BASE_ADDRESS_3, PCI_BASE_ADDRESS_4, PCI_BASE_ADDRESS_5,
+};
+int bar_reg;
+uint32_t addr;
+uint64_t size;
+uint32_t io_type;
+
+g_assert(barno >= 0 && barno <= 5);
+bar_reg = bar_reg_map[barno];
+
+qpci_config_writel(dev, bar_reg, 0x);
+addr = qpci_config_readl(dev, bar_reg);
+
+io_type = addr & PCI_BASE_ADDRESS_SPACE;
+if (io_type == PCI_BASE_ADDRESS_SPACE_IO) {
+addr &= PCI_BASE_ADDRESS_IO_MASK;
+} else {
+addr &= PCI_BASE_ADDRESS_MEM_MASK;
+}
+
+size = (1ULL << ctzl(addr));
+if (size == 0) {
+return NULL;
+}
+if (sizeptr) {
+*sizeptr = size;
+}
+
+if (io_type == PCI_BASE_ADDRESS_SPACE_IO) {
+uint16_t loc;
+
+g_assert(QEMU_ALIGN_UP(s->pci_iohole_alloc, size) + size
+ <= s->pci_iohole_size);
+s->pci_iohole_alloc = QEMU_ALIGN_UP(s->pci_iohole_alloc, size);
+loc = s->pci_iohole_start + s->pci_iohole_alloc;
+s->pci_iohole_alloc += size;
+
+qpci_config_writel(dev, bar_reg, loc | PCI_BASE_ADDRESS_SPACE_IO);
+
+return (void *)(intptr_t)loc;
+} else {
+uint64_t loc;
+
+g_assert(QEMU_ALIGN_UP(s->pci_hole_alloc, size) + size
+ <= s->pci_hole_size);
+s->pci_hole_alloc = QEMU_ALIGN_UP(s->pci_hole_alloc, size);
+loc = s->pci_hole_start + s->pci_hole_alloc;
+s->pci_hole_alloc += size;
+printf("%s: hole_start:%x hole_alloc:%x\n", __func__,
+   s->pci_hole_start, s->pci_hole_alloc);
+qpci_config_

[Qemu-devel] [Bug 1580459] Re: Windows (10?) guest freezes entire host on shutdown if using PCI passthrough

[Jimi]

I managed to fix that issue and properly load the VM with the rom file
(what had gone wrong was it inexplicably acted like it had no hard
drives, until I restored the libvirt XML file from a backup). I got a
good test out of it: played video games in Windows for 2 hours, with the
rom file loaded. It still froze on shutdown. So that's confirmedly not a
fix.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1580459

Title:
  Windows (10?) guest freezes entire host on shutdown if using PCI
  passthrough

Status in libvirt:
  New
Status in QEMU:
  New
Status in Arch Linux:
  New
Status in Debian:
  New
Status in Fedora:
  New

Bug description:
  Problem: after leaving a Windows VM that uses PCI passthrough (as we
  do for gaming graphics cards, sound cards, and in my case, a USB card)
  running for some amount of time between 1 and 2 hours (it's not
  consistent with exactly how long), and for any amount of time longer
  than that, shutting down that guest will, right as it finishes
  shutting down, freeze the host computer, making it require a hard
  reboot. Unbinding (or in the other user's case, unbinding and THEN
  binding) any PCI device in sysfs, even one that has nothing to do with
  the VM, also has the same effect as shutting down the VM (if the VM
  has been running long enough). So, it's probably an issue related to
  unbinding and binding PCI devices.

  There's a lot of info on this problem over at 
https://bbs.archlinux.org/viewtopic.php?id=206050
  Here's a better-organized list of main details:
  -at least 2 confirmed victims of this bug; 2 (including me) have provided 
lots of info in the link
  -I'm on Arch Linux and the other one is on Gentoo (distro-nonspecific)
  -issue affects my Windows 10 guest and others' Windows guests, but not my 
Arch Linux guest (the others don't have non-Windows guests to test)
  -I'm using libvirt but the other user is not, so it's not an issue with 
libvirt
  -It seems to be version non-specific, too. I first noticed it at, or when 
testing versions still had the issue at (whichever version is lower), Linux 4.1 
and qemu 2.4.0. It still persists in all releases of both since, including the 
newest ones.
  -I can't track down exactly what package downgrade can fix it, as downgrading 
further than Linux 4.1 and qemu 2.4.0 requires Herculean and system-destroying 
changes such as downgrading ncurses, meaning I don't know whether it's a bug in 
QEMU, the Linux kernel, or some weird seemingly unrelated thing.
  -According to the other user, "graphics intensive gameplay (GTA V) can cause 
the crash to happen sooner," as soon as "15 minutes"
  -Also, "bringing up a second passthrough VM with separate hardware will cause 
the same crash," and "bringing up another VM before the two-hour mark will not 
result in a crash," further cementing that it's triggered by the un/binding of 
PCI devices.
  -This is NOT related to the very similar bug that can be worked around by not 
passing through the HDMI device or sound card. Even when we removed all traces 
of any sort of sound card from the VM, it still had the same behavior.

To manage notifications about this bug go to:
https://bugs.launchpad.net/libvirt/+bug/1580459/+subscriptions

[Qemu-devel] [PATCH v1 2/8] hw: arm: Added SMMUv3 files for build

[Prem Mallappa]

Signed-off-by: Prem Mallappa 
---
 default-configs/aarch64-softmmu.mak | 1 +
 hw/arm/Makefile.objs| 1 +
 2 files changed, 2 insertions(+)

diff --git a/default-configs/aarch64-softmmu.mak 
b/default-configs/aarch64-softmmu.mak
index 2449483..83a2932 100644
--- a/default-configs/aarch64-softmmu.mak
+++ b/default-configs/aarch64-softmmu.mak
@@ -7,3 +7,4 @@ CONFIG_AUX=y
 CONFIG_DDC=y
 CONFIG_DPCD=y
 CONFIG_XLNX_ZYNQMP=y
+CONFIG_ARM_SMMUV3=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 12764ef..5207e99 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -18,3 +18,4 @@ obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
 obj-$(CONFIG_ASPEED_SOC) += ast2400.o palmetto-bmc.o
+obj-$(CONFIG_ARM_SMMUV3) += smmu-common.o smmu-v3.o
-- 
2.9.0

[Qemu-devel] [PATCH v1 3/8] devicetree: Added new APIs to make use of more fdt functions

[Prem Mallappa]

SMMUv3 needs device tree entry like below

 interrupt-names = "gerror", "priq", "eventq", "cmdq-sync";

This patch introduces helper function to add entries like above

Signed-off-by: Prem Mallappa 
---
 device_tree.c| 35 +++
 include/sysemu/device_tree.h | 18 ++
 2 files changed, 53 insertions(+)

diff --git a/device_tree.c b/device_tree.c
index 6e06320..5d5966e 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -297,6 +297,24 @@ int qemu_fdt_setprop(void *fdt, const char *node_path,
 return r;
 }
 
+int qemu_fdt_appendprop(void *fdt, const char *node_path,
+ const char *property, const void *val, int size)
+{
+int r;
+
+r = fdt_appendprop(fdt, findnode_nofail(fdt, node_path), property,
+   val, size);
+if (r < 0) {
+error_report("%s: Couldn't set %s/%s: %s", __func__, node_path,
+ property, fdt_strerror(r));
+exit(1);
+}
+
+return r;
+}
+
+
+
 int qemu_fdt_setprop_cell(void *fdt, const char *node_path,
   const char *property, uint32_t val)
 {
@@ -319,6 +337,23 @@ int qemu_fdt_setprop_u64(void *fdt, const char *node_path,
 return qemu_fdt_setprop(fdt, node_path, property, &val, sizeof(val));
 }
 
+int qemu_fdt_appendprop_string(void *fdt, const char *node_path,
+const char *property, const char *string)
+{
+int r;
+
+r = fdt_appendprop_string(fdt, findnode_nofail(fdt, node_path),
+  property, string);
+if (r < 0) {
+error_report("%s: Couldn't set %s/%s = %s: %s", __func__,
+ node_path, property, string, fdt_strerror(r));
+exit(1);
+}
+
+return r;
+}
+
+
 int qemu_fdt_setprop_string(void *fdt, const char *node_path,
 const char *property, const char *string)
 {
diff --git a/include/sysemu/device_tree.h b/include/sysemu/device_tree.h
index 705650a..5a0a297 100644
--- a/include/sysemu/device_tree.h
+++ b/include/sysemu/device_tree.h
@@ -45,12 +45,16 @@ char **qemu_fdt_node_path(void *fdt, const char *name, char 
*compat,
 
 int qemu_fdt_setprop(void *fdt, const char *node_path,
  const char *property, const void *val, int size);
+int qemu_fdt_appendprop(void *fdt, const char *node_path,
+ const char *property, const void *val, int size);
 int qemu_fdt_setprop_cell(void *fdt, const char *node_path,
   const char *property, uint32_t val);
 int qemu_fdt_setprop_u64(void *fdt, const char *node_path,
  const char *property, uint64_t val);
 int qemu_fdt_setprop_string(void *fdt, const char *node_path,
 const char *property, const char *string);
+int qemu_fdt_appendprop_string(void *fdt, const char *node_path,
+   const char *property, const char *string);
 int qemu_fdt_setprop_phandle(void *fdt, const char *node_path,
  const char *property,
  const char *target_node_path);
@@ -98,6 +102,20 @@ int qemu_fdt_add_subnode(void *fdt, const char *name);
  sizeof(qdt_tmp));\
 } while (0)
 
+
+#define qemu_fdt_appendprop_cells(fdt, node_path, property, ...)  \
+do {  \
+uint32_t qdt_tmp[] = { __VA_ARGS__ }; \
+int i;\
+  \
+for (i = 0; i < ARRAY_SIZE(qdt_tmp); i++) {   \
+qdt_tmp[i] = cpu_to_be32(qdt_tmp[i]); \
+} \
+qemu_fdt_appendprop(fdt, node_path, property, qdt_tmp,\
+ sizeof(qdt_tmp));\
+} while (0)
+
+
 void qemu_fdt_dumpdtb(void *fdt, int size);
 
 /**
-- 
2.9.0

[Qemu-devel] [PATCH v1 1/8] hw: arm: SMMUv3 emulation model

[Prem Mallappa]

Big patch adds SMMUv3 model to Qemu
  - As per SMMUv3 spec 16.0
  - Works with SMMUv3 driver in Linux 4.7rc1
  - Only LPAE mode translation supported
  - BE mode is not supported yet
  - Stage1, Stage2 and S1+S2
  - Suspend/resume not tested

Signed-off-by: Prem Mallappa 
---
 hw/arm/smmu-common.c |  142 +
 hw/arm/smmu-common.h |  135 +
 hw/arm/smmu-v3.c | 1461 ++
 hw/arm/smmuv3-internal.h |  417 +
 4 files changed, 2155 insertions(+)
 create mode 100644 hw/arm/smmu-common.c
 create mode 100644 hw/arm/smmu-common.h
 create mode 100644 hw/arm/smmu-v3.c
 create mode 100644 hw/arm/smmuv3-internal.h

diff --git a/hw/arm/smmu-common.c b/hw/arm/smmu-common.c
new file mode 100644
index 000..e4bb61c
--- /dev/null
+++ b/hw/arm/smmu-common.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright (C) 2014-2016 Broadcom
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * Author: Prem Mallappa 
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/sysemu.h"
+#include "exec/address-spaces.h"
+
+#include "smmu-common.h"
+
+inline MemTxResult smmu_read_sysmem(hwaddr addr, void *buf, int len)
+{
+switch (len) {
+case 4:
+*(uint32_t *)buf = ldl_le_phys(&address_space_memory, addr);
+break;
+case 8:
+*(uint64_t *)buf = ldq_le_phys(&address_space_memory, addr);
+break;
+default:
+return address_space_rw(&address_space_memory, addr,
+MEMTXATTRS_UNSPECIFIED, buf, len, false);
+}
+return MEMTX_OK;
+}
+
+inline void
+smmu_write_sysmem(hwaddr addr, void *buf, int len)
+{
+switch (len) {
+case 4:
+stl_le_phys(&address_space_memory, addr, *(uint32_t *)buf);
+break;
+case 8:
+stq_le_phys(&address_space_memory, addr, *(uint64_t *)buf);
+break;
+default:
+address_space_rw(&address_space_memory, addr,
+ MEMTXATTRS_UNSPECIFIED, buf, len, true);
+}
+}
+
+SMMUTransErr
+smmu_translate_lpae(SMMUTransCfg *cfg, uint32_t *pagesize,
+uint32_t *perm, bool is_write)
+{
+int ret, level;
+int granule_sz = cfg->granule_sz;
+int va_size = cfg->va_size;
+hwaddr  va, addr, mask;
+hwaddr *outaddr;
+
+va = addr = cfg->va;/* or ipa in Stage2 */
+
+assert(va_size == 64);  /* We dont support 32-bit yet */
+/* same location, for clearity */
+outaddr = cfg->s2_needed ? &cfg->opa : &cfg->pa;
+
+level = 4 - (va_size - cfg->tsz - 4) / granule_sz;
+
+mask = (1ULL << (granule_sz + 3)) - 1;
+
+addr = extract64(cfg->ttbr, 0, 48);
+addr &= ~((1ULL << (va_size - cfg->tsz - (granule_sz * (4 - level - 1);
+
+for (;;) {
+uint64_t desc;
+#ifdef SMMU_DEBUG
+uint64_t ored = (va >> (granule_sz * (4 - level))) & mask;
+SMMU_DPRINTF(TT_1,
+ "Level: %d va:%lx addr:%lx ored:%lx\n",
+ level, va, addr, ored);
+#endif
+addr |= (va >> (granule_sz * (4 - level))) & mask;
+addr &= ~7ULL;
+
+if (smmu_read_sysmem(addr, &desc, sizeof(desc))) {
+ret = SMMU_TRANS_ERR_WALK_EXT_ABRT;
+SMMU_DPRINTF(CRIT, "Translation table read error lvl:%d\n", level);
+break;
+}
+
+SMMU_DPRINTF(TT_1,
+ "Level: %d gran_sz:%d mask:%lx addr:%lx desc:%lx\n",
+ level, granule_sz, mask, addr, desc);
+
+if (!(desc & 1) ||
+(!(desc & 2) && (level == 3))) {
+ret = SMMU_TRANS_ERR_TRANS;
+break;
+}
+
+/* We call again to resolve address at this 'level' */
+if (cfg->s2_needed) {
+uint32_t perm_s2, pagesize_s2;
+SMMUTransCfg *s2cfg = cfg->s2cfg;
+
+s2cfg->ipa = desc;
+
+ret = smmu_translate_lpae(s2cfg, &pagesize_s2,
+  &perm_s2, is_write);
+if (ret) {
+break;
+}
+
+desc = (uint64_t)s2cfg->opa;
+SMMU_DPRINTF(TT_2, "addr:%lx pagesize:%x\n", addr, *pagesize);
+}
+
+addr = desc & 0x000ULL;
+if ((desc & 2) && (level < 3)) {
+level++;
+continue;
+}
+*pagesize = (1ULL << ((granule_sz * (4 - level)) + 3));
+addr

Re: [Qemu-devel] [PATCH 1/2] blockjob: assert(cb) in the entry functions of blockjob

[Kevin Wolf]

Am 23.06.2016 um 03:04 hat Changlong Xie geschrieben:
> On 06/23/2016 01:31 AM, Eric Blake wrote:
> >On 06/22/2016 04:19 AM, Paolo Bonzini wrote:
> >>
> >>
> >>On 22/06/2016 12:12, Changlong Xie wrote:
> >>>
> >>>commit/mirror/stream/backup use block_job_create(..., cb,..) to create
> >>>relevant blockjob. When they finished, these jobs will invoke
> >>>block_job_completed, then invoke job->cb() unconditionally. So i think
> >>>we need this to avoid segment fault. Actually backup has implemented this.
> >>
> >>So this suggests that the right place to put the assertion would be
> >>block_job_create.  But it's even better to add a
> >>
> >>#define QEMU_NONNULL __attribute__((__nonnull__))
> >>
> >>to include/qemu/compiler.h and declare the arguments as non-null.
> >
> >Or alternatively fix things to only invoke job->cb() if it is non-NULL,
> >so that callers don't have to pass in a no-op callback just to appease a
> >non-NULL attribute.
> 
> Is there any reason, that we should invoke job->cb() unconditionally
> without nonnull check? There is no relevant clue in the historical
> commit messages. If yes, i prefer paolo's suggestion; otherwise
> eric's solution is better.

I don't think no-op callbacks actually exist for jobs.

Kevin

[Qemu-devel] [PATCH v1 0/8] SMMUv3 Emulation support

[Prem Mallappa]

RFC -> v1:
- As per SMMUv3 spec 16.0 (only is_ste_consistant() is noticeable)
- Reworked register access/update logic
- Factored out translation code for
- single point bug fix
- sharing/removal in future
- (optional) Unit tests added, with PCI test device
- S1 with 4k/64k, S1+S2 with 4k/64k
- (S1 or S2) only can be verified by Linux 4.7 driver
- (optional) Priliminary ACPI support

RFC:
- Implements SMMUv3 spec 11.0
- Supported for PCIe devices, 
- Command Queue and Event Queue supported
- LPAE only, S1 is supported and Tested, S2 not tested
- BE mode Translation not supported
- IRQ support (legacy, no MSI)
- Tested with DPDK and e1000 

Patch 1: Adds SMMUv3 model to QEMU
Multiple files, big ones, translate functionality is split across to
accomodate SMMUv2 model, and to remove when common translation feature
(if) becomes available.

Patch 2: Adds SMMU build support

Patch 3: Some devicetree function to add support for SMMU's multiple interrupt
 assignment with names

Patch 4: Adds support in virt.c to create both SMMUv3 device and dts entries

<< optional patches >>
Optional patches are posted for completeness or for those who wants to test.

Patch 5: A simple PCI device which does DMA from 'src' to 'dst' given
 src_addr, dst_addr and size, and is used by unit test, uses
 pci_dma_read and pci_dma_write in a crude way but serves the purpose.

Patch 6: Current libqos PCI helpers are x86 only, this addes a generic interface

Patch 7: Unit tests for SMMU, 
- initializes SMMU device 
- initializes Test device
- allocates page tables 1:1 mapping va == pa
- allocates STE/CD accordingly for S1, S2, S1+S2
- initiates DMA via PCI test device
- verifies transfered data

Patch 8: Added ACPI IORT tables, was needed for internal project purpose, but 
 posting here for anyone looking for testing ACPI on ARM platforms.
 (P.S: Linux side IORT patches are WIP)

Repo:
https://github.com/pmallappa/qemu/tree/develop

To Test:
$ make tests/smmuv3-test
$ QTEST_QEMU_BINARY=aarch64-softmmu/qemu-system-aarch64 tests/smmuv3-test
<< expect lot of prints >>

Any comments welcome..

Cheers
/Prem

Prem Mallappa (8):
  hw: arm: SMMUv3 emulation model
  hw: arm: Added SMMUv3 files for build
  devicetree: Added new APIs to make use of more fdt functions
  hw: arm: Add SMMUv3 to virt platform, create DTS accordingly
  [optional] hw: misc: added testdev for smmu
  [optional] tests: libqos: generic pci probing helpers
  [optional] tests: SMMUv3 unit tests
  [optional] arm: smmu-v3: ACPI IORT initial support

 default-configs/aarch64-softmmu.mak |1 +
 device_tree.c   |   35 +
 hw/arm/Makefile.objs|1 +
 hw/arm/smmu-common.c|  142 
 hw/arm/smmu-common.h|  135 
 hw/arm/smmu-v3.c| 1461 +++
 hw/arm/smmuv3-internal.h|  417 ++
 hw/arm/virt-acpi-build.c|   43 ++
 hw/arm/virt.c   |   62 ++
 hw/misc/Makefile.objs   |2 +-
 hw/misc/pci-testdev-smmu.c  |  239 ++
 hw/misc/pci-testdev-smmu.h  |   22 +
 include/hw/acpi/acpi-defs.h |   84 ++
 include/hw/arm/smmu.h   |   33 +
 include/hw/arm/virt.h   |2 +
 include/sysemu/device_tree.h|   18 +
 tests/Makefile.include  |4 +
 tests/libqos/pci-generic.c  |  197 +
 tests/libqos/pci-generic.h  |   58 ++
 tests/smmuv3-test.c |  905 ++
 20 files changed, 3860 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/smmu-common.c
 create mode 100644 hw/arm/smmu-common.h
 create mode 100644 hw/arm/smmu-v3.c
 create mode 100644 hw/arm/smmuv3-internal.h
 create mode 100644 hw/misc/pci-testdev-smmu.c
 create mode 100644 hw/misc/pci-testdev-smmu.h
 create mode 100644 include/hw/arm/smmu.h
 create mode 100644 tests/libqos/pci-generic.c
 create mode 100644 tests/libqos/pci-generic.h
 create mode 100644 tests/smmuv3-test.c

-- 
2.9.0

[Qemu-devel] [RESEND PATCH v5 2/4] i386: publish advised value of MSR_IA32_FEATURE_CONTROL via fw_cfg

[Haozhong Zhang]

It's a prerequisite that certain bits of MSR_IA32_FEATURE_CONTROL should
be set before some features (e.g. VMX and LMCE) can be used, which is
usually done by the firmware. This patch adds a fw_cfg file
"etc/msr_feature_control" which contains the advised value of
MSR_IA32_FEATURE_CONTROL and can be used by guest firmware (e.g. SeaBIOS).

Suggested-by: Paolo Bonzini 
Signed-off-by: Haozhong Zhang 
Reviewed-by: Paolo Bonzini 
---
Changes in RESEND:
 * Use cpu_to_le64() to ensure file content is in little-endian.
---
 hw/i386/pc.c  | 29 +
 target-i386/cpu.h |  4 
 2 files changed, 33 insertions(+)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 7198ed5..0c30549 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1147,6 +1147,34 @@ void pc_cpus_init(PCMachineState *pcms)
 smbios_set_cpuid(cpu->env.cpuid_version, cpu->env.features[FEAT_1_EDX]);
 }
 
+static void pc_build_feature_control_file(PCMachineState *pcms)
+{
+X86CPU *cpu = X86_CPU(pcms->possible_cpus->cpus[0].cpu);
+CPUX86State *env = &cpu->env;
+uint32_t unused, ecx, edx;
+uint64_t feature_control_bits = 0;
+uint64_t *val;
+
+cpu_x86_cpuid(env, 1, 0, &unused, &unused, &ecx, &edx);
+if (ecx & CPUID_EXT_VMX) {
+feature_control_bits |= FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX;
+}
+
+if ((edx & (CPUID_EXT2_MCE | CPUID_EXT2_MCA)) ==
+(CPUID_EXT2_MCE | CPUID_EXT2_MCA) &&
+(env->mcg_cap & MCG_LMCE_P)) {
+feature_control_bits |= FEATURE_CONTROL_LMCE;
+}
+
+if (!feature_control_bits) {
+return;
+}
+
+val = g_malloc(sizeof(*val));
+*val = cpu_to_le64(feature_control_bits | FEATURE_CONTROL_LOCKED);
+fw_cfg_add_file(pcms->fw_cfg, "etc/msr_feature_control", val, 
sizeof(*val));
+}
+
 static
 void pc_machine_done(Notifier *notifier, void *data)
 {
@@ -1174,6 +1202,7 @@ void pc_machine_done(Notifier *notifier, void *data)
 acpi_setup();
 if (pcms->fw_cfg) {
 pc_build_smbios(pcms->fw_cfg);
+pc_build_feature_control_file(pcms);
 }
 }
 
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index cda3ea1..11291b6 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -332,6 +332,10 @@
 #define MSR_TSC_ADJUST  0x003b
 #define MSR_IA32_TSCDEADLINE0x6e0
 
+#define FEATURE_CONTROL_LOCKED(1<<0)
+#define FEATURE_CONTROL_VMXON_ENABLED_OUTSIDE_SMX (1<<2)
+#define FEATURE_CONTROL_LMCE  (1<<20)
+
 #define MSR_P6_PERFCTR0 0xc1
 
 #define MSR_IA32_SMBASE 0x9e
-- 
2.9.0

[Qemu-devel] [PULL 15/17] ppc: Move exception generation code out of line

[David Gibson]

From: Benjamin Herrenschmidt 

There's no point inlining this, if you hit the exception case you exit
anyway, and not inlining saves about 100K of code size (and cache
footprint).

Signed-off-by: Benjamin Herrenschmidt 
[clg: removed '__attribute__((noinline))' from original patch ]
Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 target-ppc/translate.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 55102bf..fcead98 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -284,7 +284,7 @@ void gen_update_current_nip(void *opaque)
 tcg_gen_movi_tl(cpu_nip, ctx->nip);
 }
 
-static inline void gen_exception_err(DisasContext *ctx, uint32_t excp, 
uint32_t error)
+static void gen_exception_err(DisasContext *ctx, uint32_t excp, uint32_t error)
 {
 TCGv_i32 t0, t1;
 if (ctx->exception == POWERPC_EXCP_NONE) {
@@ -298,7 +298,7 @@ static inline void gen_exception_err(DisasContext *ctx, 
uint32_t excp, uint32_t
 ctx->exception = (excp);
 }
 
-static inline void gen_exception(DisasContext *ctx, uint32_t excp)
+static void gen_exception(DisasContext *ctx, uint32_t excp)
 {
 TCGv_i32 t0;
 if (ctx->exception == POWERPC_EXCP_NONE) {
@@ -310,7 +310,7 @@ static inline void gen_exception(DisasContext *ctx, 
uint32_t excp)
 ctx->exception = (excp);
 }
 
-static inline void gen_debug_exception(DisasContext *ctx)
+static void gen_debug_exception(DisasContext *ctx)
 {
 TCGv_i32 t0;
 
-- 
2.5.5

Re: [Qemu-devel] [RFC PATCH v1 1/1] spapr: Support setting of compat CPU type for CPU cores

[David Gibson]

On Wed, Jun 22, 2016 at 12:53:49PM +0530, Bharata B Rao wrote:
> Compat CPU type is typically specified on -cpu cmdline option like:
> -cpu host,compat=power7 or -cpu POWER8E,compat=power7 etc.
> With the introduction of sPAPR CPU core devices, we need to support
> the same for core devices too.
> 
> Support the specification of CPU compat type on device_add command for
> sPAPRCPUCore devices like:
> (qemu) device_add POWER8E-spapr-cpu-core,id=core3,compat=power7,core-id=24
> 
> Signed-off-by: Bharata B Rao 
> ---
> Changes in v1:
> - In the routine that extracts "compat=" from -cpu cmdline, made the parsing
>   generic as suggested by Thomas Huth so that it works in the presence of
>   any other additional features.
> - Addressed review comments by David with major one being setting of
>   compat property directly instead of going via ->parse_features().
> 
> TODO:
> - Reconcile with Igor's work that make cpu features as global properties.
> - Find a way to export the compat infomation via query-hotpluggable-cpus.
> 
> v0: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg05279.html
>  
>  hw/ppc/spapr.c  |  8 +
>  hw/ppc/spapr_cpu_core.c | 78 
> +
>  include/hw/ppc/spapr_cpu_core.h |  2 ++
>  3 files changed, 88 insertions(+)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 778fa25..2049d7d 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1807,6 +1807,7 @@ static void ppc_spapr_init(MachineState *machine)
>  if (i < spapr_cores) {
>  char *type = spapr_get_cpu_core_type(machine->cpu_model);
>  Object *core;
> +char *compat;
>  
>  if (!object_class_by_name(type)) {
>  error_report("Unable to find sPAPR CPU Core definition");
> @@ -1818,6 +1819,13 @@ static void ppc_spapr_init(MachineState *machine)
>  &error_fatal);
>  object_property_set_int(core, core_dt_id, 
> CPU_CORE_PROP_CORE_ID,
>  &error_fatal);
> +compat = spapr_get_cpu_compat_type(machine->cpu_model);
> +if (compat) {
> +object_property_set_str(core, compat, "compat",
> +&error_fatal);
> +g_free(compat);
> +}
> +
>  object_property_set_bool(core, true, "realized", 
> &error_fatal);
>  }
>  }
> diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> index 3a5da09..d500cd6 100644
> --- a/hw/ppc/spapr_cpu_core.c
> +++ b/hw/ppc/spapr_cpu_core.c
> @@ -96,6 +96,31 @@ char *spapr_get_cpu_core_type(const char *model)
>  return core_type;
>  }
>  
> +/*
> + * Returns the CPU compat type specified in -cpu @model.
> + */
> +char *spapr_get_cpu_compat_type(const char *model)
> +{
> +char *model_str = g_strdup(model);
> +char *featurestr, *compat = NULL;
> +
> +featurestr = model_str ? strtok(model_str, ",") : NULL;

AFAICT strtok() is not thread-safe.

> +while (featurestr) {
> +char *val;
> +if (!strncmp(featurestr, "compat=", 7)) {
> +val = strchr(featurestr, '=');

You don't technically need the strchr(), since from the strncmp above,
you know the answer will be featurestr + 6.

> +val++;
> +compat = g_strdup(val);
> +goto out;
> +}
> +featurestr = strtok(NULL, ",");
> +}
> +
> +out:
> +g_free(model_str);
> +return compat;
> +}

Couldn't we use one of the existing opts parsing functions in qemu for
the above, anyway?

>  static void spapr_core_release(DeviceState *dev, void *opaque)
>  {
>  sPAPRCPUCore *sc = SPAPR_CPU_CORE(OBJECT(dev));
> @@ -223,12 +248,31 @@ void spapr_core_pre_plug(HotplugHandler *hotplug_dev, 
> DeviceState *dev,
>  CPUCore *cc = CPU_CORE(dev);
>  char *base_core_type = spapr_get_cpu_core_type(machine->cpu_model);
>  const char *type = object_get_typename(OBJECT(dev));
> +char *base_compat_type = NULL;
> +char *compat = NULL;
> +bool compat_set;
>  
>  if (strcmp(base_core_type, type)) {
>  error_setg(&local_err, "CPU core type should be %s", base_core_type);
>  goto out;
>  }
>  
> +base_compat_type = spapr_get_cpu_compat_type(machine->cpu_model);
> +compat = object_property_get_str(OBJECT(dev), "compat", NULL);
> +compat_set = compat && *compat;
> +
> +if (base_compat_type) {
> +if ((compat_set && strcmp(base_compat_type, compat)) ||
> +!compat_set) {
> +error_setg(&local_err, "CPU compat type should be %s",
> +   base_compat_type);
> +goto out;
> +}
> +} else if (compat_set) {
> +error_setg(&local_err, "CPU compat type shouldn't be set");
> +goto out;

I don't think we want this else clause, because it will 

Re: [Qemu-devel] [PATCH v2 01/10] ppc: Fix rfi/rfid/hrfi/... emulation

[Cédric Le Goater]

On 06/23/2016 07:50 AM, David Gibson wrote:
> On Wed, Jun 22, 2016 at 08:48:14AM +0200, Cédric Le Goater wrote:
>> On 06/22/2016 04:46 AM, David Gibson wrote:
>>> I'm not comfortable merging this until the openbios change is pulled
>>> back into the qemu tree (submodule and pre-built binary).
>>>
>>> Again - sure you don't want to apply this with rfi still enabled for
>>> 64-bit for now, letting the rest of this series go in as well, then
>>> clean up the rfi/64 behaviour later?
>>
>> Sure. I don't think it has an impact on the serie anyway so we can keep
>> it for later.
> 
> Ok, I modified 1/10 to leave rfi in for 64-bit cpus for now, and
> applied the full series to ppc-for-2.7.  I've also now sent a pull
> request including this.

Perfect. I was wondering if we should not just remove the instruction from 
the 64bit set.

Thanks,

C.

Re: [Qemu-devel] [PATCH v5 2/4] i386: publish advised value of MSR_IA32_FEATURE_CONTROL via fw_cfg

[Haozhong Zhang]

On 06/22/16 19:08, Paolo Bonzini wrote:
> 
> 
> On 22/06/2016 08:56, Haozhong Zhang wrote:
> > +
> > +val = g_malloc(sizeof(*val));
> > +*val = feature_control_bits | FEATURE_CONTROL_LOCKED;
> 
> As noticed by Laszlo, you need to use cpu_to_le64 here.  The maintainer
> can fix it, I think.
> 

Thanks for indicating this! I'll resend this one.

Haozhong

[Qemu-devel] [PULL 10/17] ppc: Fix POWER7 and POWER8 exception definitions

[David Gibson]

From: Benjamin Herrenschmidt 

We were initializing unused ones and missing some

Signed-off-by: Benjamin Herrenschmidt 
Reviewed-by: David Gibson 
[clg: fixed checkpatch.pl errors ]
Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 target-ppc/cpu.h| 11 ++-
 target-ppc/translate_init.c | 27 +--
 2 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 93c2dd5..f005549 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -116,6 +116,9 @@ enum {
 POWERPC_EXCP_HYPPRIV  = 41, /* Embedded hypervisor priv instruction  */
 /* Vectors 42 to 63 are reserved */
 /* Exceptions defined in the PowerPC server specification*/
+/* Server doorbell variants */
+#define POWERPC_EXCP_SDOOR  POWERPC_EXCP_GDOORI
+#define POWERPC_EXCP_SDOOR_HV   POWERPC_EXCP_DOORI
 POWERPC_EXCP_RESET= 64, /* System reset exception*/
 POWERPC_EXCP_DSEG = 65, /* Data segment exception*/
 POWERPC_EXCP_ISEG = 66, /* Instruction segment exception */
@@ -158,8 +161,12 @@ enum {
 /* VSX Unavailable (Power ISA 2.06 and later)*/
 POWERPC_EXCP_VSXU = 94, /* VSX Unavailable   */
 POWERPC_EXCP_FU   = 95, /* Facility Unavailable  */
+/* Additional ISA 2.06 and later server exceptions   */
+POWERPC_EXCP_HV_EMU   = 96, /* HV emulation assistance   */
+POWERPC_EXCP_HV_MAINT = 97, /* HMI   */
+POWERPC_EXCP_HV_FU= 98, /* Hypervisor Facility unavailable   */
 /* EOL   */
-POWERPC_EXCP_NB   = 96,
+POWERPC_EXCP_NB   = 99,
 /* QEMU exceptions: used internally during code translation  */
 POWERPC_EXCP_STOP = 0x200, /* stop translation   */
 POWERPC_EXCP_BRANCH   = 0x201, /* branch instruction */
@@ -2196,6 +2203,8 @@ enum {
 PPC_INTERRUPT_CDOORBELL,  /* Critical doorbell interrupt  */
 PPC_INTERRUPT_DOORBELL,   /* Doorbell interrupt   */
 PPC_INTERRUPT_PERFM,  /* Performance monitor interrupt*/
+PPC_INTERRUPT_HMI,/* Hypervisor Maintainance interrupt*/
+PPC_INTERRUPT_HDOORBELL,  /* Hypervisor Doorbell interrupt*/
 };
 
 /* Processor Compatibility mask (PCR) */
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index db56a39..01a490c 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -3180,18 +3180,30 @@ static void init_excp_POWER7 (CPUPPCState *env)
 env->excp_vectors[POWERPC_EXCP_HDECR]= 0x0980;
 env->excp_vectors[POWERPC_EXCP_SYSCALL]  = 0x0C00;
 env->excp_vectors[POWERPC_EXCP_TRACE]= 0x0D00;
+env->excp_vectors[POWERPC_EXCP_HDSI] = 0x0E00;
+env->excp_vectors[POWERPC_EXCP_HISI] = 0x0E20;
+env->excp_vectors[POWERPC_EXCP_HV_EMU]   = 0x0E40;
+env->excp_vectors[POWERPC_EXCP_HV_MAINT] = 0x0E60;
 env->excp_vectors[POWERPC_EXCP_PERFM]= 0x0F00;
 env->excp_vectors[POWERPC_EXCP_VPU]  = 0x0F20;
 env->excp_vectors[POWERPC_EXCP_VSXU] = 0x0F40;
-env->excp_vectors[POWERPC_EXCP_FU]   = 0x0F60;
-env->excp_vectors[POWERPC_EXCP_IABR] = 0x1300;
-env->excp_vectors[POWERPC_EXCP_MAINT]= 0x1600;
-env->excp_vectors[POWERPC_EXCP_VPUA] = 0x1700;
-env->excp_vectors[POWERPC_EXCP_THERM]= 0x1800;
 /* Hardware reset vector */
 env->hreset_vector = 0x0100ULL;
 #endif
 }
+
+static void init_excp_POWER8(CPUPPCState *env)
+{
+init_excp_POWER7(env);
+
+#if !defined(CONFIG_USER_ONLY)
+env->excp_vectors[POWERPC_EXCP_SDOOR]= 0x0A00;
+env->excp_vectors[POWERPC_EXCP_FU]   = 0x0F60;
+env->excp_vectors[POWERPC_EXCP_HV_FU]= 0x0F80;
+env->excp_vectors[POWERPC_EXCP_SDOOR_HV] = 0x0E80;
+#endif
+}
+
 #endif
 
 /*/
@@ -8132,10 +8144,13 @@ static void init_proc_book3s_64(CPUPPCState *env, int 
version)
 ppc970_irq_init(ppc_env_get_cpu(env));
 break;
 case BOOK3S_CPU_POWER7:
-case BOOK3S_CPU_POWER8:
 init_excp_POWER7(env);
 ppcPOWER7_irq_init(ppc_env_get_cpu(env));
 break;
+case BOOK3S_CPU_POWER8:
+init_excp_POWER8(env);
+ppcPOWER7_irq_init(ppc_env_get_cpu(env));
+break;
 default:
 g_assert_not_reached();
 }
-- 
2.5.5

Re: [Qemu-devel] [PATCH v2 01/10] ppc: Fix rfi/rfid/hrfi/... emulation

[David Gibson]

On Wed, Jun 22, 2016 at 08:48:14AM +0200, Cédric Le Goater wrote:
> On 06/22/2016 04:46 AM, David Gibson wrote:
> > I'm not comfortable merging this until the openbios change is pulled
> > back into the qemu tree (submodule and pre-built binary).
> > 
> > Again - sure you don't want to apply this with rfi still enabled for
> > 64-bit for now, letting the rest of this series go in as well, then
> > clean up the rfi/64 behaviour later?
> 
> Sure. I don't think it has an impact on the serie anyway so we can keep
> it for later.

Ok, I modified 1/10 to leave rfi in for 64-bit cpus for now, and
applied the full series to ppc-for-2.7.  I've also now sent a pull
request including this.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PULL 12/17] ppc: Rework generation of priv and inval interrupts

[David Gibson]

From: Benjamin Herrenschmidt 

Recent server processors use the Hypervisor Emulation Assistance
interrupt for illegal instructions and *some* type of SPR accesses.

Also the code was always generating inval instructions even for priv
violations due to setting the wrong flags

Finally, the checking for PR/HV was open coded everywhere.

This reworks it all, using little helper macros for checking, and
adding the HV interrupt (which gets converted back to program check
in the slow path of excp_helper.c on CPUs that don't want it).

Signed-off-by: Benjamin Herrenschmidt 
[clg: fixed checkpatch.pl errors ]
Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 linux-user/main.c|   1 +
 target-ppc/excp_helper.c |  19 ++
 target-ppc/translate.c   | 690 ---
 3 files changed, 311 insertions(+), 399 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 358ed01..fd88e22 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -1721,6 +1721,7 @@ void cpu_loop(CPUPPCState *env)
 queue_signal(env, info.si_signo, &info);
 break;
 case POWERPC_EXCP_PROGRAM:  /* Program exception */
+case POWERPC_EXCP_HV_EMU:   /* HV emulation  */
 /* XXX: check this */
 switch (env->error_code & ~0xF) {
 case POWERPC_EXCP_FP:
diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
index 7c44c10..054c12d 100644
--- a/target-ppc/excp_helper.c
+++ b/target-ppc/excp_helper.c
@@ -128,6 +128,19 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 ail = 0;
 }
 
+/* Hypervisor emulation assistance interrupt only exists on server
+ * arch 2.05 server or later. We also don't want to generate it if
+ * we don't have HVB in msr_mask (PAPR mode).
+ */
+if (excp == POWERPC_EXCP_HV_EMU
+#if defined(TARGET_PPC64)
+&& !((env->mmu_model & POWERPC_MMU_64) && (env->msr_mask & MSR_HVB))
+#endif /* defined(TARGET_PPC64) */
+
+) {
+excp = POWERPC_EXCP_PROGRAM;
+}
+
 switch (excp) {
 case POWERPC_EXCP_NONE:
 /* Should never happen */
@@ -249,6 +262,12 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 break;
 }
 goto store_current;
+case POWERPC_EXCP_HV_EMU:
+srr0 = SPR_HSRR0;
+srr1 = SPR_HSRR1;
+new_msr |= (target_ulong)MSR_HVB;
+new_msr |= env->msr & ((target_ulong)1 << MSR_RI);
+goto store_current;
 case POWERPC_EXCP_FPU:   /* Floating-point unavailable exception */
 goto store_current;
 case POWERPC_EXCP_SYSCALL:   /* System call exception*/
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 6398bad..9492d7a 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -326,7 +326,19 @@ static inline void gen_debug_exception(DisasContext *ctx)
 
 static inline void gen_inval_exception(DisasContext *ctx, uint32_t error)
 {
-gen_exception_err(ctx, POWERPC_EXCP_PROGRAM, POWERPC_EXCP_INVAL | error);
+/* Will be converted to program check if needed */
+gen_exception_err(ctx, POWERPC_EXCP_HV_EMU, POWERPC_EXCP_INVAL | error);
+}
+
+static inline void gen_priv_exception(DisasContext *ctx, uint32_t error)
+{
+gen_exception_err(ctx, POWERPC_EXCP_PROGRAM, POWERPC_EXCP_PRIV | error);
+}
+
+static inline void gen_hvpriv_exception(DisasContext *ctx, uint32_t error)
+{
+/* Will be converted to program check if needed */
+gen_exception_err(ctx, POWERPC_EXCP_HV_EMU, POWERPC_EXCP_PRIV | error);
 }
 
 /* Stop translation */
@@ -367,6 +379,33 @@ typedef struct opcode_t {
 const char *oname;
 } opcode_t;
 
+/* Helpers for priv. check */
+#define GEN_PRIV\
+do {\
+gen_priv_exception(ctx, POWERPC_EXCP_PRIV_OPC); return; \
+} while (0)
+
+#if defined(CONFIG_USER_ONLY)
+#define CHK_HV GEN_PRIV
+#define CHK_SV GEN_PRIV
+#else
+#define CHK_HV  \
+do {\
+if (unlikely(ctx->pr || !ctx->hv)) {\
+GEN_PRIV;   \
+}   \
+} while (0)
+#define CHK_SV   \
+do { \
+if (unlikely(ctx->pr)) { \
+GEN_PRIV;\
+}\
+} while (0)
+#endif
+
+#define CHK_NONE
+
+
 /*/
 /***   Instruction decoding***/
 #define EXTRACT_HELPER(name, shift, nb)  

[Qemu-devel] [PULL 04/17] target-ppc: Fix rlwimi, rlwinm, rlwnm again

[David Gibson]

From: Richard Henderson 

In 63ae0915f8ec, I arranged to use a 32-bit rotate, without
considering the effect of a mask value that wraps around to
the high bits of the word.

[dwg: In 2e11b15 this was partially fixed, but an edge case was still
incorrect, which this fixes]

Signed-off-by: Richard Henderson 
[dwg: Folded with a revert of 2e11b15, an earlier buggy version of
 this patch which already went upstream]
Tested-by: Anton Blanchard 
Signed-off-by: David Gibson 
---
 target-ppc/translate.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 72b67e4..395b885 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1696,9 +1696,7 @@ static void gen_rlwinm(DisasContext *ctx)
 #endif
 mask = MASK(mb, me);
 
-if (sh == 0) {
-tcg_gen_andi_tl(t_ra, t_rs, mask);
-} else if (mask <= 0xu) {
+if (mask <= 0xu) {
 TCGv_i32 t0 = tcg_temp_new_i32();
 tcg_gen_trunc_tl_i32(t0, t_rs);
 tcg_gen_rotli_i32(t0, t0, sh);
-- 
2.5.5

[Qemu-devel] [PULL 14/17] ppc: Turn a bunch of booleans from int to bool

[David Gibson]

From: Benjamin Herrenschmidt 

Signed-off-by: Benjamin Herrenschmidt 
Reviewed-by: David Gibson 
Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 target-ppc/translate.c | 37 ++---
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 2bbe210..55102bf 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -193,22 +193,21 @@ struct DisasContext {
 uint32_t opcode;
 uint32_t exception;
 /* Routine used to access memory */
-bool pr, hv, dr;
+bool pr, hv, dr, le_mode;
 bool lazy_tlb_flush;
 int mem_idx;
 int access_type;
 /* Translation flags */
-int le_mode;
 TCGMemOp default_tcg_memop_mask;
 #if defined(TARGET_PPC64)
-int sf_mode;
-int has_cfar;
+bool sf_mode;
+bool has_cfar;
 #endif
-int fpu_enabled;
-int altivec_enabled;
-int vsx_enabled;
-int spe_enabled;
-int tm_enabled;
+bool fpu_enabled;
+bool altivec_enabled;
+bool vsx_enabled;
+bool spe_enabled;
+bool tm_enabled;
 ppc_spr_t *spr_cb; /* Needed to check rights for mfspr/mtspr */
 int singlestep_enabled;
 uint64_t insns_flags;
@@ -11496,7 +11495,7 @@ void gen_intermediate_code(CPUPPCState *env, struct 
TranslationBlock *tb)
 ctx.insns_flags = env->insns_flags;
 ctx.insns_flags2 = env->insns_flags2;
 ctx.access_type = -1;
-ctx.le_mode = env->hflags & (1 << MSR_LE) ? 1 : 0;
+ctx.le_mode = !!(env->hflags & (1 << MSR_LE));
 ctx.default_tcg_memop_mask = ctx.le_mode ? MO_LE : MO_BE;
 #if defined(TARGET_PPC64)
 ctx.sf_mode = msr_is_64bit(env, env->msr);
@@ -11507,25 +11506,25 @@ void gen_intermediate_code(CPUPPCState *env, struct 
TranslationBlock *tb)
 (env->mmu_model & POWERPC_MMU_64B))
 ctx.lazy_tlb_flush = true;
 
-ctx.fpu_enabled = msr_fp;
+ctx.fpu_enabled = !!msr_fp;
 if ((env->flags & POWERPC_FLAG_SPE) && msr_spe)
-ctx.spe_enabled = msr_spe;
+ctx.spe_enabled = !!msr_spe;
 else
-ctx.spe_enabled = 0;
+ctx.spe_enabled = false;
 if ((env->flags & POWERPC_FLAG_VRE) && msr_vr)
-ctx.altivec_enabled = msr_vr;
+ctx.altivec_enabled = !!msr_vr;
 else
-ctx.altivec_enabled = 0;
+ctx.altivec_enabled = false;
 if ((env->flags & POWERPC_FLAG_VSX) && msr_vsx) {
-ctx.vsx_enabled = msr_vsx;
+ctx.vsx_enabled = !!msr_vsx;
 } else {
-ctx.vsx_enabled = 0;
+ctx.vsx_enabled = false;
 }
 #if defined(TARGET_PPC64)
 if ((env->flags & POWERPC_FLAG_TM) && msr_tm) {
-ctx.tm_enabled = msr_tm;
+ctx.tm_enabled = !!msr_tm;
 } else {
-ctx.tm_enabled = 0;
+ctx.tm_enabled = false;
 }
 #endif
 if ((env->flags & POWERPC_FLAG_SE) && msr_se)
-- 
2.5.5

[Qemu-devel] [PULL 05/17] ppc: Improve emulation of THRM registers

[David Gibson]

From: Benjamin Herrenschmidt 

The 75x and 74xx processors have some thermal monitoring SPRs that
some OSes such as MacOS do use. Our current "dumb" implementation
isn't good enough and will cause some versions of MacOS to hang during
boot.

This lifts an improved emulation from MacOnLinux and adapts it to
qemu, thus fixing the problem.

Signed-off-by: Benjamin Herrenschmidt 
[dwg: Fixed typo in comment, a number of minor checkpatch warnings,
 and a compile failure with CONFIG_USER_ONLY]
Signed-off-by: David Gibson 
---
 target-ppc/helper.h |  1 +
 target-ppc/misc_helper.c| 41 +
 target-ppc/translate_init.c | 15 ---
 3 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/target-ppc/helper.h b/target-ppc/helper.h
index f4410a8..18eb52f 100644
--- a/target-ppc/helper.h
+++ b/target-ppc/helper.h
@@ -670,3 +670,4 @@ DEF_HELPER_4(dscli, void, env, fprp, fprp, i32)
 DEF_HELPER_4(dscliq, void, env, fprp, fprp, i32)
 
 DEF_HELPER_1(tbegin, void, env)
+DEF_HELPER_1(fixup_thrm, void, env)
diff --git a/target-ppc/misc_helper.c b/target-ppc/misc_helper.c
index 7d41b01..cb5ebf5 100644
--- a/target-ppc/misc_helper.c
+++ b/target-ppc/misc_helper.c
@@ -166,3 +166,44 @@ void ppc_store_msr(CPUPPCState *env, target_ulong value)
 {
 hreg_store_msr(env, value, 0);
 }
+
+/* This code is lifted from MacOnLinux. It is called whenever
+ * THRM1,2 or 3 is read an fixes up the values in such a way
+ * that will make MacOS not hang. These registers exist on some
+ * 75x and 74xx processors.
+ */
+void helper_fixup_thrm(CPUPPCState *env)
+{
+target_ulong v, t;
+int i;
+
+#define THRM1_TIN   (1 << 31)
+#define THRM1_TIV   (1 << 30)
+#define THRM1_THRES(x)  (((x) & 0x7f) << 23)
+#define THRM1_TID   (1 << 2)
+#define THRM1_TIE   (1 << 1)
+#define THRM1_V (1 << 0)
+#define THRM3_E (1 << 0)
+
+if (!(env->spr[SPR_THRM3] & THRM3_E)) {
+return;
+}
+
+/* Note: Thermal interrupts are unimplemented */
+for (i = SPR_THRM1; i <= SPR_THRM2; i++) {
+v = env->spr[i];
+if (!(v & THRM1_V)) {
+continue;
+}
+v |= THRM1_TIV;
+v &= ~THRM1_TIN;
+t = v & THRM1_THRES(127);
+if ((v & THRM1_TID) && t < THRM1_THRES(24)) {
+v |= THRM1_TIN;
+}
+if (!(v & THRM1_TID) && t > THRM1_THRES(24)) {
+v |= THRM1_TIN;
+}
+env->spr[i] = v;
+}
+}
diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index ca894ff..c847a3e 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -1179,23 +1179,32 @@ static void gen_spr_amr(CPUPPCState *env, bool has_iamr)
 }
 #endif /* TARGET_PPC64 */
 
+#ifndef CONFIG_USER_ONLY
+static void spr_read_thrm(DisasContext *ctx, int gprn, int sprn)
+{
+gen_helper_fixup_thrm(cpu_env);
+gen_load_spr(cpu_gpr[gprn], sprn);
+spr_load_dump_spr(sprn);
+}
+#endif /* !CONFIG_USER_ONLY */
+
 static void gen_spr_thrm (CPUPPCState *env)
 {
 /* Thermal management */
 /* XXX : not implemented */
 spr_register(env, SPR_THRM1, "THRM1",
  SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_thrm, &spr_write_generic,
  0x);
 /* XXX : not implemented */
 spr_register(env, SPR_THRM2, "THRM2",
  SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_thrm, &spr_write_generic,
  0x);
 /* XXX : not implemented */
 spr_register(env, SPR_THRM3, "THRM3",
  SPR_NOACCESS, SPR_NOACCESS,
- &spr_read_generic, &spr_write_generic,
+ &spr_read_thrm, &spr_write_generic,
  0x);
 }
 
-- 
2.5.5

[Qemu-devel] [PULL 11/17] ppc: Fix generation if ISI/DSI vs. HV mode

[David Gibson]

From: Benjamin Herrenschmidt 

Under some circumstances, we need to direct ISI and DSI interrupts
at the hypervisor, turning them into HISI/HDSI, and using different
SPRs (HDSISR and HDAR) depending on the combination of MSR_DR and
the corresponding VPM bits in LPCR.

This moves part of the code into helpers that are fixed to select
the right exception type and registers. On pre-P7 processors, LPCR
is 0 which provides the old behaviour of directing the interrupts
at the supervisor.

Thanks to Andrei Warkentin for finding a bug when HV=1

Signed-off-by: Benjamin Herrenschmidt 
Reviewed-by: David Gibson 
[clg: Merged a fix on POWERPC_EXCP_HDSI fixing the condition on
  msr_hv, from Andrei Warkentin  ]
Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 target-ppc/mmu-hash64.c | 69 +++--
 1 file changed, 50 insertions(+), 19 deletions(-)

diff --git a/target-ppc/mmu-hash64.c b/target-ppc/mmu-hash64.c
index 668da5e..5b7b5e9 100644
--- a/target-ppc/mmu-hash64.c
+++ b/target-ppc/mmu-hash64.c
@@ -613,6 +613,47 @@ unsigned ppc_hash64_hpte_page_shift_noslb(PowerPCCPU *cpu,
 return 0;
 }
 
+static void ppc_hash64_set_isi(CPUState *cs, CPUPPCState *env,
+   uint64_t error_code)
+{
+bool vpm;
+
+if (msr_ir) {
+vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM1);
+} else {
+vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+}
+if (vpm && !msr_hv) {
+cs->exception_index = POWERPC_EXCP_HISI;
+} else {
+cs->exception_index = POWERPC_EXCP_ISI;
+}
+env->error_code = error_code;
+}
+
+static void ppc_hash64_set_dsi(CPUState *cs, CPUPPCState *env, uint64_t dar,
+   uint64_t dsisr)
+{
+bool vpm;
+
+if (msr_dr) {
+vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM1);
+} else {
+vpm = !!(env->spr[SPR_LPCR] & LPCR_VPM0);
+}
+if (vpm && !msr_hv) {
+cs->exception_index = POWERPC_EXCP_HDSI;
+env->spr[SPR_HDAR] = dar;
+env->spr[SPR_HDSISR] = dsisr;
+} else {
+cs->exception_index = POWERPC_EXCP_DSI;
+env->spr[SPR_DAR] = dar;
+env->spr[SPR_DSISR] = dsisr;
+   }
+env->error_code = 0;
+}
+
+
 int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr eaddr,
 int rwx, int mmu_idx)
 {
@@ -623,7 +664,7 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr 
eaddr,
 hwaddr pte_offset;
 ppc_hash_pte64_t pte;
 int pp_prot, amr_prot, prot;
-uint64_t new_pte1;
+uint64_t new_pte1, dsisr;
 const int need_prot[] = {PAGE_READ, PAGE_WRITE, PAGE_EXEC};
 hwaddr raddr;
 
@@ -657,26 +698,21 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr 
eaddr,
 
 /* 3. Check for segment level no-execute violation */
 if ((rwx == 2) && (slb->vsid & SLB_VSID_N)) {
-cs->exception_index = POWERPC_EXCP_ISI;
-env->error_code = 0x1000;
+ppc_hash64_set_isi(cs, env, 0x1000);
 return 1;
 }
 
 /* 4. Locate the PTE in the hash table */
 pte_offset = ppc_hash64_htab_lookup(cpu, slb, eaddr, &pte);
 if (pte_offset == -1) {
+dsisr = 0x4000;
 if (rwx == 2) {
-cs->exception_index = POWERPC_EXCP_ISI;
-env->error_code = 0x4000;
+ppc_hash64_set_isi(cs, env, dsisr);
 } else {
-cs->exception_index = POWERPC_EXCP_DSI;
-env->error_code = 0;
-env->spr[SPR_DAR] = eaddr;
 if (rwx == 1) {
-env->spr[SPR_DSISR] = 0x4200;
-} else {
-env->spr[SPR_DSISR] = 0x4000;
+dsisr |= 0x0200;
 }
+ppc_hash64_set_dsi(cs, env, eaddr, dsisr);
 }
 return 1;
 }
@@ -705,14 +741,9 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr 
eaddr,
 /* Access right violation */
 qemu_log_mask(CPU_LOG_MMU, "PTE access rejected\n");
 if (rwx == 2) {
-cs->exception_index = POWERPC_EXCP_ISI;
-env->error_code = 0x0800;
+ppc_hash64_set_isi(cs, env, 0x0800);
 } else {
-target_ulong dsisr = 0;
-
-cs->exception_index = POWERPC_EXCP_DSI;
-env->error_code = 0;
-env->spr[SPR_DAR] = eaddr;
+dsisr = 0;
 if (need_prot[rwx] & ~pp_prot) {
 dsisr |= 0x0800;
 }
@@ -722,7 +753,7 @@ int ppc_hash64_handle_mmu_fault(PowerPCCPU *cpu, vaddr 
eaddr,
 if (need_prot[rwx] & ~amr_prot) {
 dsisr |= 0x0020;
 }
-env->spr[SPR_DSISR] = dsisr;
+ppc_hash64_set_dsi(cs, env, eaddr, dsisr);
 }
 return 1;
 }
-- 
2.5.5

[Qemu-devel] [PULL 08/17] ppc: define a default LPCR value

[David Gibson]

From: Benjamin Herrenschmidt 

This allows us to set the appropriate LPCR bits which will be used
when fixing the exception model for the HV mode.

Signed-off-by: Benjamin Herrenschmidt 
Reviewed-by: David Gibson 
[clg: previous commit 26a7f1291bb5 did not include the LPCR setting as
  it was not needed at the time, adapted commit log ]
Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 target-ppc/translate_init.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/target-ppc/translate_init.c b/target-ppc/translate_init.c
index c847a3e..db56a39 100644
--- a/target-ppc/translate_init.c
+++ b/target-ppc/translate_init.c
@@ -8518,6 +8518,7 @@ POWERPC_FAMILY(POWER8)(ObjectClass *oc, void *data)
 void cpu_ppc_set_papr(PowerPCCPU *cpu)
 {
 CPUPPCState *env = &cpu->env;
+ppc_spr_t *lpcr = &env->spr_cb[SPR_LPCR];
 ppc_spr_t *amor = &env->spr_cb[SPR_AMOR];
 
 /* PAPR always has exception vectors in RAM not ROM. To ensure this,
@@ -8527,6 +8528,19 @@ void cpu_ppc_set_papr(PowerPCCPU *cpu)
  */
 env->msr_mask &= ~((1ull << MSR_EP) | MSR_HVB);
 
+/* Set emulated LPCR to not send interrupts to hypervisor. Note that
+ * under KVM, the actual HW LPCR will be set differently by KVM itself,
+ * the settings below ensure proper operations with TCG in absence of
+ * a real hypervisor
+ */
+lpcr->default_value &= ~(LPCR_VPM0 | LPCR_VPM1 | LPCR_ISL | LPCR_KBV);
+lpcr->default_value |= LPCR_LPES0 | LPCR_LPES1;
+
+/* We should be followed by a CPU reset but update the active value
+ * just in case...
+ */
+env->spr[SPR_LPCR] = lpcr->default_value;
+
 /* Set a full AMOR so guest can use the AMR as it sees fit */
 env->spr[SPR_AMOR] = amor->default_value = 0xull;
 
-- 
2.5.5

[Qemu-devel] [PULL 06/17] memory: Add reporting of supported page sizes

[David Gibson]

From: Alexey Kardashevskiy 

Every IOMMU has some granularity which MemoryRegionIOMMUOps::translate
uses when translating, however this information is not available outside
the translate context for various checks.

This adds a get_min_page_size callback to MemoryRegionIOMMUOps and
a wrapper for it so IOMMU users (such as VFIO) can know the minimum
actual page size supported by an IOMMU.

As IOMMU MR represents a guest IOMMU, this uses TARGET_PAGE_SIZE
as fallback.

This removes vfio_container_granularity() and uses new helper in
memory_region_iommu_replay() when replaying IOMMU mappings on added
IOMMU memory region.

Signed-off-by: Alexey Kardashevskiy 
Reviewed-by: David Gibson 
Acked-by: Alex Williamson 
[dwg: Removed an unnecessary calculation]
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_iommu.c  |  8 
 hw/vfio/common.c  |  9 +
 include/exec/memory.h | 19 +++
 memory.c  | 16 +---
 4 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c
index a3cc572..e230bac 100644
--- a/hw/ppc/spapr_iommu.c
+++ b/hw/ppc/spapr_iommu.c
@@ -149,6 +149,13 @@ static void spapr_tce_table_pre_save(void *opaque)
tcet->bus_offset, tcet->page_shift);
 }
 
+static uint64_t spapr_tce_get_min_page_size(MemoryRegion *iommu)
+{
+sPAPRTCETable *tcet = container_of(iommu, sPAPRTCETable, iommu);
+
+return 1ULL << tcet->page_shift;
+}
+
 static int spapr_tce_table_post_load(void *opaque, int version_id)
 {
 sPAPRTCETable *tcet = SPAPR_TCE_TABLE(opaque);
@@ -228,6 +235,7 @@ static const VMStateDescription vmstate_spapr_tce_table = {
 
 static MemoryRegionIOMMUOps spapr_iommu_ops = {
 .translate = spapr_tce_translate_iommu,
+.get_min_page_size = spapr_tce_get_min_page_size,
 };
 
 static int spapr_tce_table_realize(DeviceState *dev)
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index 1898f1f..27cc159 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -321,11 +321,6 @@ out:
 rcu_read_unlock();
 }
 
-static hwaddr vfio_container_granularity(VFIOContainer *container)
-{
-return (hwaddr)1 << ctz64(container->iova_pgsizes);
-}
-
 static void vfio_listener_region_add(MemoryListener *listener,
  MemoryRegionSection *section)
 {
@@ -392,9 +387,7 @@ static void vfio_listener_region_add(MemoryListener 
*listener,
 QLIST_INSERT_HEAD(&container->giommu_list, giommu, giommu_next);
 
 memory_region_register_iommu_notifier(giommu->iommu, &giommu->n);
-memory_region_iommu_replay(giommu->iommu, &giommu->n,
-   vfio_container_granularity(container),
-   false);
+memory_region_iommu_replay(giommu->iommu, &giommu->n, false);
 
 return;
 }
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 4ab6800..e3829f7 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -151,6 +151,8 @@ typedef struct MemoryRegionIOMMUOps MemoryRegionIOMMUOps;
 struct MemoryRegionIOMMUOps {
 /* Return a TLB entry that contains a given address. */
 IOMMUTLBEntry (*translate)(MemoryRegion *iommu, hwaddr addr, bool 
is_write);
+/* Returns minimum supported page size */
+uint64_t (*get_min_page_size)(MemoryRegion *iommu);
 };
 
 typedef struct CoalescedMemoryRange CoalescedMemoryRange;
@@ -573,6 +575,16 @@ static inline bool memory_region_is_iommu(MemoryRegion *mr)
 
 
 /**
+ * memory_region_iommu_get_min_page_size: get minimum supported page size
+ * for an iommu
+ *
+ * Returns minimum supported page size for an iommu.
+ *
+ * @mr: the memory region being queried
+ */
+uint64_t memory_region_iommu_get_min_page_size(MemoryRegion *mr);
+
+/**
  * memory_region_notify_iommu: notify a change in an IOMMU translation entry.
  *
  * @mr: the memory region that was changed
@@ -596,16 +608,15 @@ void memory_region_register_iommu_notifier(MemoryRegion 
*mr, Notifier *n);
 
 /**
  * memory_region_iommu_replay: replay existing IOMMU translations to
- * a notifier
+ * a notifier with the minimum page granularity returned by
+ * mr->iommu_ops->get_page_size().
  *
  * @mr: the memory region to observe
  * @n: the notifier to which to replay iommu mappings
- * @granularity: Minimum page granularity to replay notifications for
  * @is_write: Whether to treat the replay as a translate "write"
  * through the iommu
  */
-void memory_region_iommu_replay(MemoryRegion *mr, Notifier *n,
-hwaddr granularity, bool is_write);
+void memory_region_iommu_replay(MemoryRegion *mr, Notifier *n, bool is_write);
 
 /**
  * memory_region_unregister_iommu_notifier: unregister a notifier for
diff --git a/memory.c b/memory.c
index 8ba496d..8549c79 100644
--- a/memory.c
+++ b/memory.c
@@ -1502,12 +1502,22 @@ void memory_region_register_iommu_notifier(MemoryRegion 
*mr, Notifier *n)
 notifier_list_add(&mr->iommu_notify, n);

[Qemu-devel] [PULL 13/17] ppc: Add real mode CI load/store instructions for P7 and P8

[David Gibson]

From: Benjamin Herrenschmidt 

Those instructions are only available in hypervisor real mode and
allow cache inhibited garded access to devices in that mode.

Signed-off-by: Benjamin Herrenschmidt 
[clg: fixed checkpatch.pl errors ]
Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Signed-off-by: David Gibson 
---
 target-ppc/cpu.h|  4 ++-
 target-ppc/translate.c  | 59 -
 target-ppc/translate_init.c |  6 +++--
 3 files changed, 55 insertions(+), 14 deletions(-)

diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index f005549..61a24b1 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -1912,6 +1912,8 @@ enum {
 PPC_POPCNTB= 0x1000ULL,
 /*   string load / store */
 PPC_STRING = 0x2000ULL,
+/*   real mode cache inhibited load / store  */
+PPC_CILDST = 0x4000ULL,
 
 /* Floating-point unit extensions*/
 /*   Optional floating point instructions*/
@@ -2026,7 +2028,7 @@ enum {
 | PPC_MFAPIDI | PPC_TLBIVA | PPC_TLBIVAX \
 | PPC_4xx_COMMON | PPC_40x_ICBT | PPC_RFMCI \
 | PPC_RFDI | PPC_DCR | PPC_DCRX | PPC_DCRUX \
-| PPC_POPCNTWD)
+| PPC_POPCNTWD | PPC_CILDST)
 
 /* extended type values */
 
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 9492d7a..2bbe210 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -193,7 +193,7 @@ struct DisasContext {
 uint32_t opcode;
 uint32_t exception;
 /* Routine used to access memory */
-bool pr, hv;
+bool pr, hv, dr;
 bool lazy_tlb_flush;
 int mem_idx;
 int access_type;
@@ -388,6 +388,7 @@ typedef struct opcode_t {
 #if defined(CONFIG_USER_ONLY)
 #define CHK_HV GEN_PRIV
 #define CHK_SV GEN_PRIV
+#define CHK_HVRM GEN_PRIV
 #else
 #define CHK_HV  \
 do {\
@@ -401,6 +402,12 @@ typedef struct opcode_t {
 GEN_PRIV;\
 }\
 } while (0)
+#define CHK_HVRM\
+do {\
+if (unlikely(ctx->pr || !ctx->hv || ctx->dr)) { \
+GEN_PRIV;   \
+}   \
+} while (0)
 #endif
 
 #define CHK_NONE
@@ -2927,18 +2934,23 @@ static void glue(gen_, name##ux)(DisasContext *ctx)
 tcg_temp_free(EA);\
 }
 
-#define GEN_LDX_E(name, ldop, opc2, opc3, type, type2)\
+#define GEN_LDX_E(name, ldop, opc2, opc3, type, type2, chk)   \
 static void glue(gen_, name##x)(DisasContext *ctx)\
 { \
 TCGv EA;  \
+chk;  \
 gen_set_access_type(ctx, ACCESS_INT); \
 EA = tcg_temp_new();  \
 gen_addr_reg_index(ctx, EA);  \
 gen_qemu_##ldop(ctx, cpu_gpr[rD(ctx->opcode)], EA);   \
 tcg_temp_free(EA);\
 }
+
 #define GEN_LDX(name, ldop, opc2, opc3, type) \
-GEN_LDX_E(name, ldop, opc2, opc3, type, PPC_NONE)
+GEN_LDX_E(name, ldop, opc2, opc3, type, PPC_NONE, CHK_NONE)
+
+#define GEN_LDX_HVRM(name, ldop, opc2, opc3, type)\
+GEN_LDX_E(name, ldop, opc2, opc3, type, PPC_NONE, CHK_HVRM)
 
 #define GEN_LDS(name, ldop, op, type) \
 GEN_LD(name, ldop, op | 0x20, type);  \
@@ -2964,6 +2976,12 @@ GEN_LDUX(ld, ld64, 0x15, 0x01, PPC_64B);
 /* ldx */
 GEN_LDX(ld, ld64, 0x15, 0x00, PPC_64B);
 
+/* CI load/store variants */
+GEN_LDX_HVRM(ldcix, ld64, 0x15, 0x1b, PPC_CILDST)
+GEN_LDX_HVRM(lwzcix, ld32u, 0x15, 0x15, PPC_CILDST)
+GEN_LDX_HVRM(lhzcix, ld16u, 0x15, 0x19, PPC_CILDST)
+GEN_LDX_HVRM(lbzcix, ld8u, 0x15, 0x1a, PPC_CILDST)
+
 static void gen_ld(DisasContext *ctx)
 {
 TCGv EA;
@@ -3082,10 +3100,11 @@ static void glue(gen_, name##ux)(DisasContext *ctx)
 tcg_temp_free(EA);\
 }
 
-#define GEN_STX_E(name, stop, opc2, opc3, type, type2)\
+#define GEN_STX_E(name, stop, opc2, opc3, t

[Qemu-devel] [PULL 17/17] ppc: Disable huge page support if it is not available for main RAM

[David Gibson]

From: Thomas Huth 

On powerpc, we must only signal huge page support to the guest if
all memory areas are capable of supporting huge pages. The commit
2d103aae8765 ("fix hugepage support when using memory-backend-file")
already fixed the case when the user specified the mem-path property
for NUMA memory nodes instead of using the global "-mem-path" option.
However, there is one more case where it currently can go wrong.
When specifying additional memory DIMMs without using NUMA, e.g.

 qemu-system-ppc64 -enable-kvm ... -m 1G,slots=2,maxmem=2G \
-device pc-dimm,id=dimm-mem1,memdev=mem1 -object \
memory-backend-file,policy=default,mem-path=/...,size=1G,id=mem1

the code in getrampagesize() currently assumes that huge pages
are possible since they are enabled for the mem1 object. But
since the main RAM is not backed by a huge page filesystem,
the guest Linux kernel then crashes very quickly after being
started. So in case the we've got "normal" memory without NUMA
and without the global "-mem-path" option, we must not announce
huge pages to the guest. Since this is likely a mis-configuration
by the user, also spill out a message in this case.

Signed-off-by: Thomas Huth 
Signed-off-by: David Gibson 
---
 target-ppc/kvm.c | 17 -
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index e14da60..884d564 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -27,6 +27,7 @@
 #include "qemu/timer.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
+#include "sysemu/numa.h"
 #include "kvm_ppc.h"
 #include "sysemu/cpus.h"
 #include "sysemu/device_tree.h"
@@ -388,7 +389,21 @@ static long getrampagesize(void)
 
 object_child_foreach(memdev_root, find_max_supported_pagesize, &hpsize);
 
-return (hpsize == LONG_MAX) ? getpagesize() : hpsize;
+if (hpsize == LONG_MAX) {
+return getpagesize();
+}
+
+if (nb_numa_nodes == 0 && hpsize > getpagesize()) {
+/* No NUMA nodes and normal RAM without -mem-path ==> no huge pages! */
+static bool warned;
+if (!warned) {
+error_report("Huge page support disabled (n/a for main memory).");
+warned = true;
+}
+return getpagesize();
+}
+
+return hpsize;
 }
 
 static bool kvm_valid_page_size(uint32_t flags, long rampgsize, uint32_t shift)
-- 
2.5.5

[Qemu-devel] [PULL 07/17] ppc: Fix rfi/rfid/hrfi/... emulation

[David Gibson]

From: Benjamin Herrenschmidt 

This reworks emulation of the various "rfi" variants. I removed
some masking bits that I couldn't make sense of, the only bit that
I am aware we should mask here is POW, the CPU's MSR mask should
take care of the rest.

This also fixes some problems when running 32-bit userspace under
a 64-bit kernel.

This patch broke 32bit OpenBIOS when run under a 970 cpu. A fix was
proposed here :

https://www.coreboot.org/pipermail/openbios/2016-June/009452.html

Signed-off-by: Benjamin Herrenschmidt 
Reviewed-by: David Gibson 
[clg: updated the commit log with the reference of the openbios fix ]
Signed-off-by: Cédric Le Goater 
[dwg: Remove hunk which disabled rfi on 64-bit CPUS.  The change was
 correct, but we need to fix OpenBIOS before applying it]
Signed-off-by: David Gibson 
---
 target-ppc/excp_helper.c | 51 +++-
 target-ppc/translate.c   |  4 
 2 files changed, 24 insertions(+), 31 deletions(-)

diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
index 30e960e..aa0b63f 100644
--- a/target-ppc/excp_helper.c
+++ b/target-ppc/excp_helper.c
@@ -922,25 +922,20 @@ void helper_store_msr(CPUPPCState *env, target_ulong val)
 }
 }
 
-static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr,
-  target_ulong msrm, int keep_msrh)
+static inline void do_rfi(CPUPPCState *env, target_ulong nip, target_ulong msr)
 {
 CPUState *cs = CPU(ppc_env_get_cpu(env));
 
+/* MSR:POW cannot be set by any form of rfi */
+msr &= ~(1ULL << MSR_POW);
+
 #if defined(TARGET_PPC64)
-if (msr_is_64bit(env, msr)) {
-nip = (uint64_t)nip;
-msr &= (uint64_t)msrm;
-} else {
+/* Switching to 32-bit ? Crop the nip */
+if (!msr_is_64bit(env, msr)) {
 nip = (uint32_t)nip;
-msr = (uint32_t)(msr & msrm);
-if (keep_msrh) {
-msr |= env->msr & ~((uint64_t)0x);
-}
 }
 #else
 nip = (uint32_t)nip;
-msr &= (uint32_t)msrm;
 #endif
 /* XXX: beware: this is false if VLE is supported */
 env->nip = nip & ~((target_ulong)0x0003);
@@ -959,26 +954,24 @@ static inline void do_rfi(CPUPPCState *env, target_ulong 
nip, target_ulong msr,
 
 void helper_rfi(CPUPPCState *env)
 {
-if (env->excp_model == POWERPC_EXCP_BOOKE) {
-do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1],
-   ~((target_ulong)0), 0);
-} else {
-do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1],
-   ~((target_ulong)0x783F), 1);
-}
+do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1] & 0xul);
 }
 
+#define MSR_BOOK3S_MASK
 #if defined(TARGET_PPC64)
 void helper_rfid(CPUPPCState *env)
 {
-do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1],
-   ~((target_ulong)0x783F), 0);
+/* The architeture defines a number of rules for which bits
+ * can change but in practice, we handle this in hreg_store_msr()
+ * which will be called by do_rfi(), so there is no need to filter
+ * here
+ */
+do_rfi(env, env->spr[SPR_SRR0], env->spr[SPR_SRR1]);
 }
 
 void helper_hrfid(CPUPPCState *env)
 {
-do_rfi(env, env->spr[SPR_HSRR0], env->spr[SPR_HSRR1],
-   ~((target_ulong)0x783F), 0);
+do_rfi(env, env->spr[SPR_HSRR0], env->spr[SPR_HSRR1]);
 }
 #endif
 
@@ -986,28 +979,24 @@ void helper_hrfid(CPUPPCState *env)
 /* Embedded PowerPC specific helpers */
 void helper_40x_rfci(CPUPPCState *env)
 {
-do_rfi(env, env->spr[SPR_40x_SRR2], env->spr[SPR_40x_SRR3],
-   ~((target_ulong)0x), 0);
+do_rfi(env, env->spr[SPR_40x_SRR2], env->spr[SPR_40x_SRR3]);
 }
 
 void helper_rfci(CPUPPCState *env)
 {
-do_rfi(env, env->spr[SPR_BOOKE_CSRR0], env->spr[SPR_BOOKE_CSRR1],
-   ~((target_ulong)0), 0);
+do_rfi(env, env->spr[SPR_BOOKE_CSRR0], env->spr[SPR_BOOKE_CSRR1]);
 }
 
 void helper_rfdi(CPUPPCState *env)
 {
 /* FIXME: choose CSRR1 or DSRR1 based on cpu type */
-do_rfi(env, env->spr[SPR_BOOKE_DSRR0], env->spr[SPR_BOOKE_DSRR1],
-   ~((target_ulong)0), 0);
+do_rfi(env, env->spr[SPR_BOOKE_DSRR0], env->spr[SPR_BOOKE_DSRR1]);
 }
 
 void helper_rfmci(CPUPPCState *env)
 {
 /* FIXME: choose CSRR1 or MCSRR1 based on cpu type */
-do_rfi(env, env->spr[SPR_BOOKE_MCSRR0], env->spr[SPR_BOOKE_MCSRR1],
-   ~((target_ulong)0), 0);
+do_rfi(env, env->spr[SPR_BOOKE_MCSRR0], env->spr[SPR_BOOKE_MCSRR1]);
 }
 #endif
 
@@ -1045,7 +1034,7 @@ void helper_td(CPUPPCState *env, target_ulong arg1, 
target_ulong arg2,
 
 void helper_rfsvc(CPUPPCState *env)
 {
-do_rfi(env, env->lr, env->ctr, 0x, 0);
+do_rfi(env, env->lr, env->ctr & 0x);
 }
 
 /* Embedded.Processor Control */
diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 395b885..6398bad 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -4119,6 +4119,10 @@ static void gen_rfi(DisasContext *ctx)
 #if defined(CONF

[Qemu-devel] [PULL 16/17] ppc: Add P7/P8 Power Management instructions

[David Gibson]

From: Benjamin Herrenschmidt 

This adds the ISA 2.06 and later power management instructions
(doze, nap, sleep and rvwinkle) and associated wakeup cause testing
in LPCR

Signed-off-by: Benjamin Herrenschmidt 
[clg: fixed checkpatch.pl errors ]
Signed-off-by: Cédric Le Goater 
Reviewed-by: David Gibson 
Signed-off-by: David Gibson 
---
 target-ppc/cpu-qom.h|  9 +
 target-ppc/cpu.h| 17 -
 target-ppc/excp_helper.c| 59 +
 target-ppc/helper.h |  1 +
 target-ppc/translate.c  | 66 
 target-ppc/translate_init.c | 92 -
 6 files changed, 241 insertions(+), 3 deletions(-)

diff --git a/target-ppc/cpu-qom.h b/target-ppc/cpu-qom.h
index 969ecdf..0fad2de 100644
--- a/target-ppc/cpu-qom.h
+++ b/target-ppc/cpu-qom.h
@@ -126,6 +126,15 @@ enum powerpc_excp_t {
 };
 
 /*/
+/* PM instructions */
+typedef enum {
+PPC_PM_DOZE,
+PPC_PM_NAP,
+PPC_PM_SLEEP,
+PPC_PM_RVWINKLE,
+} powerpc_pm_insn_t;
+
+/*/
 /* Input pins model  */
 typedef enum powerpc_input_t powerpc_input_t;
 enum powerpc_input_t {
diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 61a24b1..b1354a4 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -383,6 +383,14 @@ struct ppc_slb_t {
 #define LPCR_LPES1(1ull << (63 - 61))
 #define LPCR_AIL_SHIFT(63 - 40)  /* Alternate interrupt location */
 #define LPCR_AIL  (3ull << LPCR_AIL_SHIFT)
+#define LPCR_P7_PECE0 (1ull << (63 - 49))
+#define LPCR_P7_PECE1 (1ull << (63 - 50))
+#define LPCR_P7_PECE2 (1ull << (63 - 51))
+#define LPCR_P8_PECE0 (1ull << (63 - 47))
+#define LPCR_P8_PECE1 (1ull << (63 - 48))
+#define LPCR_P8_PECE2 (1ull << (63 - 49))
+#define LPCR_P8_PECE3 (1ull << (63 - 50))
+#define LPCR_P8_PECE4 (1ull << (63 - 51))
 
 #define msr_sf   ((env->msr >> MSR_SF)   & 1)
 #define msr_isf  ((env->msr >> MSR_ISF)  & 1)
@@ -1059,6 +1067,11 @@ struct CPUPPCState {
  * instructions and SPRs are diallowed if MSR:HV is 0
  */
 bool has_hv_mode;
+/* On P7/P8, set when in PM state, we need to handle resume
+ * in a special way (such as routing some resume causes to
+ * 0x100), so flag this here.
+ */
+bool in_pm_state;
 #endif
 
 /* Those resources are used only during code translation */
@@ -2068,6 +2081,8 @@ enum {
 PPC2_FP_CVT_S64= 0x0001ULL,
 /* Transactional Memory (ISA 2.07, Book II)  */
 PPC2_TM= 0x0002ULL,
+/* Server PM instructgions (ISA 2.06, Book III)  */
+PPC2_PM_ISA206 = 0x0004ULL,
 
 #define PPC_TCG_INSNS2 (PPC2_BOOKE206 | PPC2_VSX | PPC2_PRCNTL | PPC2_DBRX | \
 PPC2_ISA205 | PPC2_VSX207 | PPC2_PERM_ISA206 | \
@@ -2075,7 +2090,7 @@ enum {
 PPC2_FP_CVT_ISA206 | PPC2_FP_TST_ISA206 | \
 PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | \
 PPC2_ALTIVEC_207 | PPC2_ISA207S | PPC2_DFP | \
-PPC2_FP_CVT_S64 | PPC2_TM)
+PPC2_FP_CVT_S64 | PPC2_TM | PPC2_PM_ISA206)
 };
 
 /*/
diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
index 054c12d..533866b 100644
--- a/target-ppc/excp_helper.c
+++ b/target-ppc/excp_helper.c
@@ -101,6 +101,44 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 asrr0 = -1;
 asrr1 = -1;
 
+/* check for special resume at 0x100 from doze/nap/sleep/winkle on P7/P8 */
+if (env->in_pm_state) {
+env->in_pm_state = false;
+
+/* Pretend to be returning from doze always as we don't lose state */
+msr |= (0x1ull << (63 - 47));
+
+/* Non-machine check are routed to 0x100 with a wakeup cause
+ * encoded in SRR1
+ */
+if (excp != POWERPC_EXCP_MCHECK) {
+switch (excp) {
+case POWERPC_EXCP_RESET:
+msr |= 0x4ull << (63 - 45);
+break;
+case POWERPC_EXCP_EXTERNAL:
+msr |= 0x8ull << (63 - 45);
+break;
+case POWERPC_EXCP_DECR:
+msr |= 0x6ull << (63 - 45);
+break;
+case POWERPC_EXCP_SDOOR:
+msr |= 0x5ull << (63 - 45);
+break;
+case POWERPC_EXCP_SDOOR_HV:
+msr |= 0x3ull << (63 - 45);
+break;
+case POWERPC_EXCP_HV_MAINT:
+msr |= 0xaull << (63 - 45);
+break;
+default:
+cpu_abort(cs, "Unsupported exception %d in Power

[Qemu-devel] [PULL 00/17] ppc-for-2.7 queue 20160623

[David Gibson]

The following changes since commit 6f1d2d1c5ad20d464705b17318cb7ca495f8078a:

  Merge remote-tracking branch 'remotes/stsquad/tags/pull-travis-20160621-1' 
into staging (2016-06-21 15:19:58 +0100)

are available in the git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.7-20160623

for you to fetch changes up to 86b50f2e1befc33407bdfeb6f45f7b0d2439a740:

  ppc: Disable huge page support if it is not available for main RAM 
(2016-06-23 12:53:42 +1000)


ppc patch queue for 2016-06-23

Currently outstanding patches for spapr, target-ppc and related
devices.  This batch has:
* Significant new progress towards full support for hypervisor
  mode
* Assorted bugfixes
* Some preliminary patches towards dynamic DMA window support

The last involves a change to memory.c, which Paolo has said I can
take through this tree.


Alexey Kardashevskiy (1):
  memory: Add reporting of supported page sizes

Aneesh Kumar K.V (1):
  powerpc/mm: Update the WIMG check during H_ENTER

Benjamin Herrenschmidt (11):
  ppc: Improve emulation of THRM registers
  ppc: Fix rfi/rfid/hrfi/... emulation
  ppc: define a default LPCR value
  ppc: fix exception model for HV mode
  ppc: Fix POWER7 and POWER8 exception definitions
  ppc: Fix generation if ISI/DSI vs. HV mode
  ppc: Rework generation of priv and inval interrupts
  ppc: Add real mode CI load/store instructions for P7 and P8
  ppc: Turn a bunch of booleans from int to bool
  ppc: Move exception generation code out of line
  ppc: Add P7/P8 Power Management instructions

Laurent Vivier (1):
  ppc64: disable gen_pause() for linux-user mode

Richard Henderson (1):
  target-ppc: Fix rlwimi, rlwinm, rlwnm again

Thomas Huth (2):
  tests: Use '+=' to add additional tests, not '='
  ppc: Disable huge page support if it is not available for main RAM

 hw/ppc/spapr_hcall.c|   6 +-
 hw/ppc/spapr_iommu.c|   8 +
 hw/vfio/common.c|   9 +-
 include/exec/memory.h   |  19 +-
 linux-user/main.c   |   1 +
 memory.c|  16 +-
 target-ppc/cpu-qom.h|   9 +
 target-ppc/cpu.h|  32 +-
 target-ppc/excp_helper.c| 263 +++--
 target-ppc/helper.h |   2 +
 target-ppc/kvm.c|  17 +-
 target-ppc/misc_helper.c|  41 +++
 target-ppc/mmu-hash64.c |  69 +++-
 target-ppc/translate.c  | 870 ++--
 target-ppc/translate_init.c | 154 +++-
 tests/Makefile.include  |   8 +-
 16 files changed, 912 insertions(+), 612 deletions(-)

[Qemu-devel] [PULL 09/17] ppc: fix exception model for HV mode

[David Gibson]

From: Benjamin Herrenschmidt 

This properly implements LPES0 handling for HV vs. !HV mode and
removes the unsupported LPES1. This has been removed from the specs
since ISA v2.07.

Signed-off-by: Benjamin Herrenschmidt 
[clg: AIL implementation was fixed in commit 5c94b2a5e5ef. This patch
  only contains the bits of the original patch related to LPES0
  handling, adapted commit log.
  fixed checkpatch.pl errors. ]
Signed-off-by: Cédric Le Goater 
Signed-off-by: David Gibson 
---
 target-ppc/excp_helper.c | 134 ---
 1 file changed, 45 insertions(+), 89 deletions(-)

diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
index aa0b63f..7c44c10 100644
--- a/target-ppc/excp_helper.c
+++ b/target-ppc/excp_helper.c
@@ -77,18 +77,8 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 CPUState *cs = CPU(cpu);
 CPUPPCState *env = &cpu->env;
 target_ulong msr, new_msr, vector;
-int srr0, srr1, asrr0, asrr1;
-int lpes0, lpes1, lev, ail;
-
-if (0) {
-/* XXX: find a suitable condition to enable the hypervisor mode */
-lpes0 = (env->spr[SPR_LPCR] >> 1) & 1;
-lpes1 = (env->spr[SPR_LPCR] >> 2) & 1;
-} else {
-/* Those values ensure we won't enter the hypervisor mode */
-lpes0 = 0;
-lpes1 = 1;
-}
+int srr0, srr1, asrr0, asrr1, lev, ail;
+bool lpes0;
 
 qemu_log_mask(CPU_LOG_INT, "Raise exception at " TARGET_FMT_lx
   " => %08x (%02x)\n", env->nip, excp, env->error_code);
@@ -100,8 +90,10 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 msr = env->msr & ~0x783fULL;
 }
 
-/* new interrupt handler msr */
-new_msr = env->msr & ((target_ulong)1 << MSR_ME);
+/* new interrupt handler msr preserves existing HV and ME unless
+ * explicitly overriden
+ */
+new_msr = env->msr & (((target_ulong)1 << MSR_ME) | MSR_HVB);
 
 /* target registers */
 srr0 = SPR_SRR0;
@@ -111,12 +103,19 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 
 /* Exception targetting modifiers
  *
+ * LPES0 is supported on POWER7/8
+ * LPES1 is not supported (old iSeries mode)
+ *
+ * On anything else, we behave as if LPES0 is 1
+ * (externals don't alter MSR:HV)
+ *
  * AIL is initialized here but can be cleared by
  * selected exceptions
  */
 #if defined(TARGET_PPC64)
 if (excp_model == POWERPC_EXCP_POWER7 ||
 excp_model == POWERPC_EXCP_POWER8) {
+lpes0 = !!(env->spr[SPR_LPCR] & LPCR_LPES0);
 if (excp_model == POWERPC_EXCP_POWER8) {
 ail = (env->spr[SPR_LPCR] & LPCR_AIL) >> LPCR_AIL_SHIFT;
 } else {
@@ -125,6 +124,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 } else
 #endif /* defined(TARGET_PPC64) */
 {
+lpes0 = true;
 ail = 0;
 }
 
@@ -162,10 +162,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 cs->halted = 1;
 cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
 }
-if (0) {
-/* XXX: find a suitable condition to enable the hypervisor mode */
-new_msr |= (target_ulong)MSR_HVB;
-}
+new_msr |= (target_ulong)MSR_HVB;
 ail = 0;
 
 /* machine check exceptions don't have ME set */
@@ -191,23 +188,20 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 case POWERPC_EXCP_DSI:   /* Data storage exception   */
 LOG_EXCP("DSI exception: DSISR=" TARGET_FMT_lx" DAR=" TARGET_FMT_lx
  "\n", env->spr[SPR_DSISR], env->spr[SPR_DAR]);
-if (lpes1 == 0) {
-new_msr |= (target_ulong)MSR_HVB;
-}
 goto store_next;
 case POWERPC_EXCP_ISI:   /* Instruction storage exception*/
 LOG_EXCP("ISI exception: msr=" TARGET_FMT_lx ", nip=" TARGET_FMT_lx
  "\n", msr, env->nip);
-if (lpes1 == 0) {
-new_msr |= (target_ulong)MSR_HVB;
-}
 msr |= env->error_code;
 goto store_next;
 case POWERPC_EXCP_EXTERNAL:  /* External input   */
 cs = CPU(cpu);
 
-if (lpes0 == 1) {
+if (!lpes0) {
 new_msr |= (target_ulong)MSR_HVB;
+new_msr |= env->msr & ((target_ulong)1 << MSR_RI);
+srr0 = SPR_HSRR0;
+srr1 = SPR_HSRR1;
 }
 if (env->mpic_proxy) {
 /* IACK the IRQ on delivery */
@@ -215,9 +209,6 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 }
 goto store_next;
 case POWERPC_EXCP_ALIGN: /* Alignment exception  */
-if (lpes1 == 0) {
-new_msr |= (target_ulong)MSR_HVB;
-}
 /* XXX: this is false */
 /

[Qemu-devel] [PULL 03/17] ppc64: disable gen_pause() for linux-user mode

[David Gibson]

From: Laurent Vivier 

While trying to install a fedora container with
"lxc-create -t fedora -- -I qemu-ppc64" the installation abort with
the following error:

qemu: fatal: Unknown exception 0x65537. Aborting

NIP 004000927924   LR 0040009e325c CTR 004000927480 XER 
 CPU#0
MSR 900102806000 HID0   HF 92806000 iidx 3 didx 3
TB 00248932 1069155773327487
GPR00 0040009e325c 0040007ff800 004000aba098 
GPR04 0040007ff878 004000dcb588 004000dcb830 004000a7a098
GPR08   0040007ff878 004000927960
GPR12 22022448 004000e2aef0  
GPR16   0002 0001
GPR20    004000800699
GPR24 004000e13320  004000ac9ad8 004000ac9ae0
GPR28 0001 100210a0  0038
CR 22022442  [ E  E  -  E  E  G  G  E  ] RES 
FPR00    
FPR04    
FPR08    
FPR12    
FPR16    
FPR20    
FPR24    
FPR28    
FPSCR 
/usr/share/lxc/templates/lxc-fedora: line 487: 26661 Aborted 
(core dumped) chroot . yum -y --nogpgcheck --installroot /run/install install 
python rpm yum

I've bisected until the commit:

commit b68e60e6f0d2865e961a800fb8db96a7fc6494c4
Author: Benjamin Herrenschmidt 
Date:   Tue May 3 18:03:33 2016 +0200

ppc: Get out of emulation on SMT "OR" ops

Otherwise tight loops at smt_low for example, which OPAL does,
eat so much CPU that we can't boot a kernel anymore. With that,
I can boot 8 CPUs just fine with powernv.

Signed-off-by: Benjamin Herrenschmidt 
Reviewed-by: David Gibson 
Signed-off-by: David Gibson 

We can fix that by preventing to send EXCP_HLT in the case of linux-user mode,
as the main loop doesn't know how to manage it.

Signed-off-by: Laurent Vivier 
Signed-off-by: David Gibson 
---
 target-ppc/translate.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index df4e0a3..72b67e4 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1394,7 +1394,7 @@ GEN_LOGICAL2(nand, tcg_gen_nand_tl, 0x0E, PPC_INTEGER);
 /* nor & nor. */
 GEN_LOGICAL2(nor, tcg_gen_nor_tl, 0x03, PPC_INTEGER);
 
-#if defined(TARGET_PPC64)
+#if defined(TARGET_PPC64) && !defined(CONFIG_USER_ONLY)
 static void gen_pause(DisasContext *ctx)
 {
 TCGv_i32 t0 = tcg_const_i32(0);
@@ -1482,7 +1482,9 @@ static void gen_or(DisasContext *ctx)
 /* Pause us out of TCG otherwise spin loops with smt_low
  * eat too much CPU and the kernel hangs
  */
+#if !defined(CONFIG_USER_ONLY)
 gen_pause(ctx);
+#endif
 }
 #endif
 }
-- 
2.5.5

[Qemu-devel] [PULL 01/17] powerpc/mm: Update the WIMG check during H_ENTER

[David Gibson]

From: "Aneesh Kumar K.V" 

Support for 0 value for memeory coherence is optional and with ppc64
we can always enable memory coherence. Linux kernel did that during
the development of 4.7 kernel. But that resulted in failure in Qemu
in H_ENTER hcall due to below check. The mentioned change was reverted
in the kernel and kernel right now enable memory coherence only if
cache inhibited is not set. Nevertheless update qemu WIMG flag check
to cover the case where we enable memory coherence along with cache
inhibited flag.

In order to handle older and newer kernel version consider both Cache
inhibitted and (cache inhibitted | memory conference) as valid values
for wimg flags.

Signed-off-by: Aneesh Kumar K.V 
Signed-off-by: David Gibson 
---
 hw/ppc/spapr_hcall.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 2ba5cbd..e011ed4 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -102,11 +102,15 @@ static target_ulong h_enter(PowerPCCPU *cpu, 
sPAPRMachineState *spapr,
 return H_PARAMETER;
 }
 } else {
+target_ulong wimg_flags;
 /* Looks like an IO address */
 /* FIXME: What WIMG combinations could be sensible for IO?
  * For now we allow WIMG=010x, but are there others? */
 /* FIXME: Should we check against registered IO addresses? */
-if ((ptel & (HPTE64_R_W | HPTE64_R_I | HPTE64_R_M)) != HPTE64_R_I) {
+wimg_flags = (ptel & (HPTE64_R_W | HPTE64_R_I | HPTE64_R_M));
+
+if (wimg_flags != HPTE64_R_I &&
+wimg_flags != (HPTE64_R_I | HPTE64_R_M)) {
 return H_PARAMETER;
 }
 }
-- 
2.5.5

[Qemu-devel] [PULL 02/17] tests: Use '+=' to add additional tests, not '='

[David Gibson]

From: Thomas Huth 

The recent commit that added the prom-env-test accidentially
overwrote the check-qtest-ppc-y, check-qtest-ppc64-y and
check-qtest-sparc-y variables instead of extending them.

Fixes: fcbf4a3c0c576eec1321f9cff4fa0dd8e0b1a82f
Signed-off-by: Thomas Huth 
Signed-off-by: David Gibson 
---
 tests/Makefile.include | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index a2ed83b..fd2dba4 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -259,11 +259,11 @@ check-qtest-ppc-y += tests/boot-order-test$(EXESUF)
 check-qtest-ppc64-y += tests/boot-order-test$(EXESUF)
 check-qtest-ppc64-y += tests/spapr-phb-test$(EXESUF)
 gcov-files-ppc64-y += ppc64-softmmu/hw/ppc/spapr_pci.c
-check-qtest-ppc-y = tests/prom-env-test$(EXESUF)
-check-qtest-ppc64-y = tests/prom-env-test$(EXESUF)
-check-qtest-sparc-y = tests/prom-env-test$(EXESUF)
+check-qtest-ppc-y += tests/prom-env-test$(EXESUF)
+check-qtest-ppc64-y += tests/prom-env-test$(EXESUF)
+check-qtest-sparc-y += tests/prom-env-test$(EXESUF)
 #Disabled for now, triggers a TCG bug on 32-bit hosts
-#check-qtest-sparc64-y = tests/prom-env-test$(EXESUF)
+#check-qtest-sparc64-y += tests/prom-env-test$(EXESUF)
 check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
 check-qtest-xtensaeb-y = $(check-qtest-xtensa-y)
 
-- 
2.5.5

Re: [Qemu-devel] [PATCH qemu v18 4/5] vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)

[Alexey Kardashevskiy]

On 23/06/16 13:59, Alexey Kardashevskiy wrote:

>> ret is not initialized and it is used in "fail:".
>>
>> hw/vfio/common.c: In function ‘vfio_listener_region_add’:
>> hw/vfio/common.c:493:30: error: ‘ret’ may be used uninitialized in this
>> function [-Werror=maybe-uninitialized]
>>  container->error = ret;
> 
> Oh. Thanks for reporting. I use cross gcc and there must be something I am
> doing wrong as I do not see these warnings but I do see them when compile
> with native compiler...

Ah, figured out - gcc -O2 enables the warning, and I always configure with
--enable-debug so gcc is not getting -O2. Will pay attention to this from
now on.


-- 
Alexey

Re: [Qemu-devel] [PATCH v2 3/3] socket: unlink unix socket on remove

[Michael S. Tsirkin]

On Thu, Jun 23, 2016 at 07:41:55AM +0300, Michael S. Tsirkin wrote:
> On Thu, Jun 16, 2016 at 09:28:52PM +0200, marcandre.lur...@redhat.com wrote:
> > From: Marc-André Lureau 
> > 
> > qemu leaves unix socket files behind when removing a listening chardev
> > or leaving. qemu could clean that up, even if doing so isn't race-free.
> > 
> > Fixes:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1347077
> > 
> > Signed-off-by: Marc-André Lureau 
> 
> We normally only unlink what we created.
> 
> unlinking files we didn't create
> looks like a silent change that might easily break
> existing users.

Maybe what you want is a need_unlink feature.
Set it for unix sockets only, that would make some sense.


> 
> > ---
> >  include/qemu/sockets.h |  1 +
> >  io/channel-socket.c| 10 ++
> >  tests/test-io-channel-socket.c |  2 +-
> >  util/qemu-sockets.c| 18 ++
> >  4 files changed, 30 insertions(+), 1 deletion(-)
> > 
> > diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
> > index 1bd9218..5dd2648 100644
> > --- a/include/qemu/sockets.h
> > +++ b/include/qemu/sockets.h
> > @@ -51,6 +51,7 @@ SocketAddress *socket_parse(const char *str, Error 
> > **errp);
> >  int socket_connect(SocketAddress *addr, Error **errp,
> > NonBlockingConnectHandler *callback, void *opaque);
> >  int socket_listen(SocketAddress *addr, Error **errp);
> > +void socket_listen_cleanup(int fd, Error **errp);
> >  int socket_dgram(SocketAddress *remote, SocketAddress *local, Error 
> > **errp);
> >  
> >  /* Old, ipv4 only bits.  Don't use for new code. */
> > diff --git a/io/channel-socket.c b/io/channel-socket.c
> > index 1cd5848..6ec87f8 100644
> > --- a/io/channel-socket.c
> > +++ b/io/channel-socket.c
> > @@ -400,7 +400,17 @@ static void qio_channel_socket_init(Object *obj)
> >  static void qio_channel_socket_finalize(Object *obj)
> >  {
> >  QIOChannelSocket *ioc = QIO_CHANNEL_SOCKET(obj);
> > +
> >  if (ioc->fd != -1) {
> > +if (QIO_CHANNEL(ioc)->features & QIO_CHANNEL_FEATURE_LISTEN) {
> > +Error *err = NULL;
> > +
> > +socket_listen_cleanup(ioc->fd, &err);
> > +if (err) {
> > +error_report_err(err);
> > +err = NULL;
> > +}
> > +}
> >  #ifdef WIN32
> >  WSAEventSelect(ioc->fd, NULL, 0);
> >  #endif
> > diff --git a/tests/test-io-channel-socket.c b/tests/test-io-channel-socket.c
> > index 855306b..f73e063 100644
> > --- a/tests/test-io-channel-socket.c
> > +++ b/tests/test-io-channel-socket.c
> > @@ -383,7 +383,7 @@ static void test_io_channel_unix(bool async)
> >  
> >  qapi_free_SocketAddress(listen_addr);
> >  qapi_free_SocketAddress(connect_addr);
> > -unlink(TEST_SOCKET);
> > +g_assert(g_file_test(TEST_SOCKET, G_FILE_TEST_EXISTS) == FALSE);
> >  }
> >  
> >  
> > diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
> > index 0d6cd1f..5d03695 100644
> > --- a/util/qemu-sockets.c
> > +++ b/util/qemu-sockets.c
> > @@ -997,6 +997,24 @@ int socket_listen(SocketAddress *addr, Error **errp)
> >  return fd;
> >  }
> >  
> > +void socket_listen_cleanup(int fd, Error **errp)
> > +{
> > +SocketAddress *addr;
> > +
> > +addr = socket_local_address(fd, errp);
> > +
> > +if (addr->type == SOCKET_ADDRESS_KIND_UNIX
> > +&& addr->u.q_unix.data->path) {
> > +if (unlink(addr->u.q_unix.data->path) < 0 && errno != ENOENT) {
> > +error_setg_errno(errp, errno,
> > + "Failed to unlink socket %s",
> > + addr->u.q_unix.data->path);
> > +}
> > +}
> > +
> > +g_free(addr);
> > +}
> > +
> >  int socket_dgram(SocketAddress *remote, SocketAddress *local, Error **errp)
> >  {
> >  int fd;
> > -- 
> > 2.7.4
> > 

Re: [Qemu-devel] [PATCH v2 3/3] socket: unlink unix socket on remove

[Michael S. Tsirkin]

On Thu, Jun 16, 2016 at 09:28:52PM +0200, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 
> 
> qemu leaves unix socket files behind when removing a listening chardev
> or leaving. qemu could clean that up, even if doing so isn't race-free.
> 
> Fixes:
> https://bugzilla.redhat.com/show_bug.cgi?id=1347077
> 
> Signed-off-by: Marc-André Lureau 

We normally only unlink what we created.

unlinking files we didn't create
looks like a silent change that might easily break
existing users.


> ---
>  include/qemu/sockets.h |  1 +
>  io/channel-socket.c| 10 ++
>  tests/test-io-channel-socket.c |  2 +-
>  util/qemu-sockets.c| 18 ++
>  4 files changed, 30 insertions(+), 1 deletion(-)
> 
> diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
> index 1bd9218..5dd2648 100644
> --- a/include/qemu/sockets.h
> +++ b/include/qemu/sockets.h
> @@ -51,6 +51,7 @@ SocketAddress *socket_parse(const char *str, Error **errp);
>  int socket_connect(SocketAddress *addr, Error **errp,
> NonBlockingConnectHandler *callback, void *opaque);
>  int socket_listen(SocketAddress *addr, Error **errp);
> +void socket_listen_cleanup(int fd, Error **errp);
>  int socket_dgram(SocketAddress *remote, SocketAddress *local, Error **errp);
>  
>  /* Old, ipv4 only bits.  Don't use for new code. */
> diff --git a/io/channel-socket.c b/io/channel-socket.c
> index 1cd5848..6ec87f8 100644
> --- a/io/channel-socket.c
> +++ b/io/channel-socket.c
> @@ -400,7 +400,17 @@ static void qio_channel_socket_init(Object *obj)
>  static void qio_channel_socket_finalize(Object *obj)
>  {
>  QIOChannelSocket *ioc = QIO_CHANNEL_SOCKET(obj);
> +
>  if (ioc->fd != -1) {
> +if (QIO_CHANNEL(ioc)->features & QIO_CHANNEL_FEATURE_LISTEN) {
> +Error *err = NULL;
> +
> +socket_listen_cleanup(ioc->fd, &err);
> +if (err) {
> +error_report_err(err);
> +err = NULL;
> +}
> +}
>  #ifdef WIN32
>  WSAEventSelect(ioc->fd, NULL, 0);
>  #endif
> diff --git a/tests/test-io-channel-socket.c b/tests/test-io-channel-socket.c
> index 855306b..f73e063 100644
> --- a/tests/test-io-channel-socket.c
> +++ b/tests/test-io-channel-socket.c
> @@ -383,7 +383,7 @@ static void test_io_channel_unix(bool async)
>  
>  qapi_free_SocketAddress(listen_addr);
>  qapi_free_SocketAddress(connect_addr);
> -unlink(TEST_SOCKET);
> +g_assert(g_file_test(TEST_SOCKET, G_FILE_TEST_EXISTS) == FALSE);
>  }
>  
>  
> diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
> index 0d6cd1f..5d03695 100644
> --- a/util/qemu-sockets.c
> +++ b/util/qemu-sockets.c
> @@ -997,6 +997,24 @@ int socket_listen(SocketAddress *addr, Error **errp)
>  return fd;
>  }
>  
> +void socket_listen_cleanup(int fd, Error **errp)
> +{
> +SocketAddress *addr;
> +
> +addr = socket_local_address(fd, errp);
> +
> +if (addr->type == SOCKET_ADDRESS_KIND_UNIX
> +&& addr->u.q_unix.data->path) {
> +if (unlink(addr->u.q_unix.data->path) < 0 && errno != ENOENT) {
> +error_setg_errno(errp, errno,
> + "Failed to unlink socket %s",
> + addr->u.q_unix.data->path);
> +}
> +}
> +
> +g_free(addr);
> +}
> +
>  int socket_dgram(SocketAddress *remote, SocketAddress *local, Error **errp)
>  {
>  int fd;
> -- 
> 2.7.4
> 

Re: [Qemu-devel] [PATCH 05/12] monitor: register the qapi generated commands

[Paolo Bonzini]

On 23/06/2016 02:08, marcandre.lur...@redhat.com wrote:
> 
> Stop using the so-called 'middle' mode. Instead, use qmp_find_command()
> from generated qapi commands registry.
> 
> Note: this commit requires a 'make clean' prior to make, since the
> generated files do not depend on Makefile (due to a cyclic rule
> introduced in 4115852bb0).
> 
> Signed-off-by: Marc-André Lureau 

What is the cyclic dependency?

Paolo

Re: [Qemu-devel] [PATCH 00/24] vhost-user reconnect fixes

[Michael S. Tsirkin]

On Tue, Jun 21, 2016 at 12:02:28PM +0200, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 
> 
> Hi,
> 
> Since 'vhost-user: simple reconnection support' was merged, it is
> possible to disconnect and reconnect a vhost-user backend. However,
> many code paths in qemu may trigger assert() when the backend is
> disconnected.
> 
> Some assert() could simply be replaced by error_report() or silently
> fail since they are recoverable cases. Some missing error checks can
> also help prevent later issues. In many cases, the code assumes
> get_vhost_net() will be non-NULL after a succesful connection, so I
> changed it to stay after a disconnect until the new connection comes
> (as suggested by Michael). There are also code paths that are wrong,
> see "don't assume opaque is a fd" patch for an example.

Can this be rarranged, first patches fixing the code paths that are wrong,
then patches handling the asserts etc?

> Since there is feature checks on reconnection, qemu should wait for
> the initial connection feature negotiation to complete. The test added
> demonstrates this.
> 
> For convenience, the series is also available on:
> https://github.com/elmarco/qemu, branch vhost-user-reconnect
> 
> Marc-André Lureau (24):
>   misc: indentation
>   vhost-user: minor simplification
>   qemu-char: check socket is actually connected
>   vhost-user: check qemu_chr_fe_set_msgfds() return value
>   vhost: change some assert() for error_report() or silent fail
>   vhost-user: check vhost_user_write() return value
>   vhost: use error_report() instead of fprintf(stderr,...)
>   vhost-user: return a read error
>   vhost: make vhost_log_put() idempotent
>   vhost: call vhost_log_put() on cleanup
>   vhost: add vhost device only after all success
>   vhost: make vhost_dev_cleanup() idempotent
>   vhost-net: always call vhost_dev_cleanup() on failure
>   vhost: don't assume opaque is a fd, use backend cleanup
>   vhost: fix calling vhost_dev_cleanup() after vhost_dev_init()
>   vhost-user: keep vhost_net after a disconnection
>   Revert "vhost-net: do not crash if backend is not present"
>   get_vhost_net() should be != null after vhost_user_init
>   vhost-net: success if backend has no ops->vhost_migration_done
>   vhost: add assert() to check runtime behaviour
>   char: add chr_wait_connected callback
>   char: add and use tcp_chr_wait_connected
>   vhost-user: wait until link is up
>   tests: add /vhost-user/connect-fail test
> 
>  hw/net/vhost_net.c  |  19 +++-
>  hw/virtio/vhost-user.c  |  54 +++
>  hw/virtio/vhost.c   | 114 
> +++-
>  include/sysemu/char.h   |   8 
>  net/tap.c   |   1 +
>  net/vhost-user.c|  36 ---
>  qemu-char.c |  82 --
>  tests/vhost-user-test.c |  37 
>  8 files changed, 233 insertions(+), 118 deletions(-)
> 
> -- 
> 2.7.4

Re: [Qemu-devel] [PATCH 00/24] vhost-user reconnect fixes

[Michael S. Tsirkin]

On Tue, Jun 21, 2016 at 12:02:28PM +0200, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 
> 
> Hi,
> 
> Since 'vhost-user: simple reconnection support' was merged, it is
> possible to disconnect and reconnect a vhost-user backend. However,
> many code paths in qemu may trigger assert() when the backend is
> disconnected.
> 
> Some assert() could simply be replaced by error_report() or silently
> fail since they are recoverable cases. Some missing error checks can
> also help prevent later issues. In many cases, the code assumes
> get_vhost_net() will be non-NULL after a succesful connection, so I
> changed it to stay after a disconnect until the new connection comes
> (as suggested by Michael). There are also code paths that are wrong,
> see "don't assume opaque is a fd" patch for an example.

OK so if it's ok for read or write to fail, then I think
the callback should just return success.
This will make sure backends such as vhost net in kernel
where failure indicates an internal bug are handled
correctly, while vhost user ignores errors and attempts
to go on.

> Since there is feature checks on reconnection, qemu should wait for
> the initial connection feature negotiation to complete. The test added
> demonstrates this.


So on disconnect, we keep the guest going? But then when connect is
attempted, then we for some reason block guest until negotiation
is done? Sounds rather strange to me.

> For convenience, the series is also available on:
> https://github.com/elmarco/qemu, branch vhost-user-reconnect
> 
> Marc-André Lureau (24):
>   misc: indentation
>   vhost-user: minor simplification
>   qemu-char: check socket is actually connected
>   vhost-user: check qemu_chr_fe_set_msgfds() return value
>   vhost: change some assert() for error_report() or silent fail
>   vhost-user: check vhost_user_write() return value
>   vhost: use error_report() instead of fprintf(stderr,...)
>   vhost-user: return a read error
>   vhost: make vhost_log_put() idempotent
>   vhost: call vhost_log_put() on cleanup
>   vhost: add vhost device only after all success
>   vhost: make vhost_dev_cleanup() idempotent
>   vhost-net: always call vhost_dev_cleanup() on failure
>   vhost: don't assume opaque is a fd, use backend cleanup
>   vhost: fix calling vhost_dev_cleanup() after vhost_dev_init()
>   vhost-user: keep vhost_net after a disconnection
>   Revert "vhost-net: do not crash if backend is not present"
>   get_vhost_net() should be != null after vhost_user_init
>   vhost-net: success if backend has no ops->vhost_migration_done
>   vhost: add assert() to check runtime behaviour
>   char: add chr_wait_connected callback
>   char: add and use tcp_chr_wait_connected
>   vhost-user: wait until link is up
>   tests: add /vhost-user/connect-fail test
> 
>  hw/net/vhost_net.c  |  19 +++-
>  hw/virtio/vhost-user.c  |  54 +++
>  hw/virtio/vhost.c   | 114 
> +++-
>  include/sysemu/char.h   |   8 
>  net/tap.c   |   1 +
>  net/vhost-user.c|  36 ---
>  qemu-char.c |  82 --
>  tests/vhost-user-test.c |  37 
>  8 files changed, 233 insertions(+), 118 deletions(-)
> 
> -- 
> 2.7.4

Re: [Qemu-devel] [PATCH 06/24] vhost-user: check vhost_user_write() return value

[Michael S. Tsirkin]

On Tue, Jun 21, 2016 at 12:02:34PM +0200, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 
> 
> Just some more error checking.
> 
> Signed-off-by: Marc-André Lureau 

Point being? Callers just ignore it afterwards ...


> ---
>  hw/virtio/vhost-user.c | 44 +++-
>  1 file changed, 31 insertions(+), 13 deletions(-)
> 
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index 5dae496..e51df27 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -214,7 +214,9 @@ static int vhost_user_set_log_base(struct vhost_dev *dev, 
> uint64_t base,
>  fds[fd_num++] = log->fd;
>  }
>  
> -vhost_user_write(dev, &msg, fds, fd_num);
> +if (vhost_user_write(dev, &msg, fds, fd_num) < 0) {
> +return -1;
> +}
>  
>  if (shmfd) {
>  msg.size = 0;
> @@ -275,7 +277,9 @@ static int vhost_user_set_mem_table(struct vhost_dev *dev,
>  msg.size += sizeof(msg.payload.memory.padding);
>  msg.size += fd_num * sizeof(VhostUserMemoryRegion);
>  
> -vhost_user_write(dev, &msg, fds, fd_num);
> +if (vhost_user_write(dev, &msg, fds, fd_num) < 0) {
> +return -1;
> +}
>  
>  return 0;
>  }
> @@ -290,7 +294,9 @@ static int vhost_user_set_vring_addr(struct vhost_dev 
> *dev,
>  .size = sizeof(msg.payload.addr),
>  };
>  
> -vhost_user_write(dev, &msg, NULL, 0);
> +if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
> +return -1;
> +}
>  
>  return 0;
>  }
> @@ -313,7 +319,9 @@ static int vhost_set_vring(struct vhost_dev *dev,
>  .size = sizeof(msg.payload.state),
>  };
>  
> -vhost_user_write(dev, &msg, NULL, 0);
> +if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
> +return -1;
> +}
>  
>  return 0;
>  }
> @@ -360,7 +368,9 @@ static int vhost_user_get_vring_base(struct vhost_dev 
> *dev,
>  .size = sizeof(msg.payload.state),
>  };
>  
> -vhost_user_write(dev, &msg, NULL, 0);
> +if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
> +return -1;
> +}
>  
>  if (vhost_user_read(dev, &msg) < 0) {
>  return 0;
> @@ -401,7 +411,9 @@ static int vhost_set_vring_file(struct vhost_dev *dev,
>  msg.payload.u64 |= VHOST_USER_VRING_NOFD_MASK;
>  }
>  
> -vhost_user_write(dev, &msg, fds, fd_num);
> +if (vhost_user_write(dev, &msg, fds, fd_num) < 0) {
> +return -1;
> +}
>  
>  return 0;
>  }
> @@ -427,7 +439,9 @@ static int vhost_user_set_u64(struct vhost_dev *dev, int 
> request, uint64_t u64)
>  .size = sizeof(msg.payload.u64),
>  };
>  
> -vhost_user_write(dev, &msg, NULL, 0);
> +if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
> +return -1;
> +}
>  
>  return 0;
>  }
> @@ -455,7 +469,9 @@ static int vhost_user_get_u64(struct vhost_dev *dev, int 
> request, uint64_t *u64)
>  return 0;
>  }
>  
> -vhost_user_write(dev, &msg, NULL, 0);
> +if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
> +return -1;
> +}
>  
>  if (vhost_user_read(dev, &msg) < 0) {
>  return 0;
> @@ -489,7 +505,9 @@ static int vhost_user_set_owner(struct vhost_dev *dev)
>  .flags = VHOST_USER_VERSION,
>  };
>  
> -vhost_user_write(dev, &msg, NULL, 0);
> +if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
> +return -1;
> +}
>  
>  return 0;
>  }
> @@ -501,7 +519,9 @@ static int vhost_user_reset_device(struct vhost_dev *dev)
>  .flags = VHOST_USER_VERSION,
>  };
>  
> -vhost_user_write(dev, &msg, NULL, 0);
> +if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
> +return -1;
> +}
>  
>  return 0;
>  }
> @@ -588,7 +608,6 @@ static bool vhost_user_requires_shm_log(struct vhost_dev 
> *dev)
>  static int vhost_user_migration_done(struct vhost_dev *dev, char* mac_addr)
>  {
>  VhostUserMsg msg = { 0 };
> -int err;
>  
>  assert(dev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_USER);
>  
> @@ -605,8 +624,7 @@ static int vhost_user_migration_done(struct vhost_dev 
> *dev, char* mac_addr)
>  memcpy((char *)&msg.payload.u64, mac_addr, 6);
>  msg.size = sizeof(msg.payload.u64);
>  
> -err = vhost_user_write(dev, &msg, NULL, 0);
> -return err;
> +return vhost_user_write(dev, &msg, NULL, 0);
>  }
>  return -1;
>  }
> -- 
> 2.7.4

Re: [Qemu-devel] [PATCH 08/24] vhost-user: return a read error

[Michael S. Tsirkin]

On Tue, Jun 21, 2016 at 12:02:36PM +0200, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 
> 
> Return read errors (not sure why those were ignored)
> 
> Signed-off-by: Marc-André Lureau 

why bother?  So callers can just ignore them in turn?


> ---
>  hw/virtio/vhost-user.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index e51df27..819481d 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -221,7 +221,7 @@ static int vhost_user_set_log_base(struct vhost_dev *dev, 
> uint64_t base,
>  if (shmfd) {
>  msg.size = 0;
>  if (vhost_user_read(dev, &msg) < 0) {
> -return 0;
> +return -1;
>  }
>  
>  if (msg.request != VHOST_USER_SET_LOG_BASE) {
> @@ -373,7 +373,7 @@ static int vhost_user_get_vring_base(struct vhost_dev 
> *dev,
>  }
>  
>  if (vhost_user_read(dev, &msg) < 0) {
> -return 0;
> +return -1;
>  }
>  
>  if (msg.request != VHOST_USER_GET_VRING_BASE) {
> @@ -474,7 +474,7 @@ static int vhost_user_get_u64(struct vhost_dev *dev, int 
> request, uint64_t *u64)
>  }
>  
>  if (vhost_user_read(dev, &msg) < 0) {
> -return 0;
> +return -1;
>  }
>  
>  if (msg.request != request) {
> -- 
> 2.7.4

Re: [Qemu-devel] [PATCH 05/24] vhost: change some assert() for error_report() or silent fail

[Michael S. Tsirkin]

On Tue, Jun 21, 2016 at 12:02:33PM +0200, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 
> 
> Calling a vhost operation may fail, especially with disconnectable
> backends. Treat some that look harmless as recoverable errors (print
> error, or ignore on error code path).
> 
> Signed-off-by: Marc-André Lureau 

If it's ok and we can recover, then why should we print errors?

> ---
>  hw/virtio/vhost.c | 32 +---
>  1 file changed, 21 insertions(+), 11 deletions(-)
> 
> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> index 81cc5b0..e2d1614 100644
> --- a/hw/virtio/vhost.c
> +++ b/hw/virtio/vhost.c
> @@ -398,7 +398,10 @@ static inline void vhost_dev_log_resize(struct vhost_dev 
> *dev, uint64_t size)
>  /* inform backend of log switching, this must be done before
> releasing the current log, to ensure no logging is lost */
>  r = dev->vhost_ops->vhost_set_log_base(dev, log_base, log);
> -assert(r >= 0);
> +if (r < 0) {
> +error_report("Failed to change backend log");
> +}
> +
>  vhost_log_put(dev, true);
>  dev->log = log;
>  dev->log_size = size;
> @@ -565,7 +568,9 @@ static void vhost_commit(MemoryListener *listener)
>  
>  if (!dev->log_enabled) {
>  r = dev->vhost_ops->vhost_set_mem_table(dev, dev->mem);
> -assert(r >= 0);
> +if (r < 0) {
> +error_report("Failed to set mem table");
> +}
>  dev->memory_changed = false;
>  return;
>  }
> @@ -578,7 +583,9 @@ static void vhost_commit(MemoryListener *listener)
>  vhost_dev_log_resize(dev, log_size + VHOST_LOG_BUFFER);
>  }
>  r = dev->vhost_ops->vhost_set_mem_table(dev, dev->mem);
> -assert(r >= 0);
> +if (r < 0) {
> +error_report("Failed to set mem table");
> +}
>  /* To log less, can only decrease log size after table update. */
>  if (dev->log_size > log_size + VHOST_LOG_BUFFER) {
>  vhost_dev_log_resize(dev, log_size);
> @@ -647,6 +654,7 @@ static int vhost_virtqueue_set_addr(struct vhost_dev *dev,
>  };
>  int r = dev->vhost_ops->vhost_set_vring_addr(dev, &addr);
>  if (r < 0) {
> +error_report("Failed to set vring addr");
>  return -errno;
>  }
>  return 0;
> @@ -660,12 +668,15 @@ static int vhost_dev_set_features(struct vhost_dev 
> *dev, bool enable_log)
>  features |= 0x1ULL << VHOST_F_LOG_ALL;
>  }
>  r = dev->vhost_ops->vhost_set_features(dev, features);
> +if (r < 0) {
> +error_report("Failed to set features");
> +}
>  return r < 0 ? -errno : 0;
>  }
>  
>  static int vhost_dev_set_log(struct vhost_dev *dev, bool enable_log)
>  {
> -int r, t, i, idx;
> +int r, i, idx;
>  r = vhost_dev_set_features(dev, enable_log);
>  if (r < 0) {
>  goto err_features;
> @@ -682,12 +693,10 @@ static int vhost_dev_set_log(struct vhost_dev *dev, 
> bool enable_log)
>  err_vq:
>  for (; i >= 0; --i) {
>  idx = dev->vhost_ops->vhost_get_vq_index(dev, dev->vq_index + i);
> -t = vhost_virtqueue_set_addr(dev, dev->vqs + i, idx,
> - dev->log_enabled);
> -assert(t >= 0);
> +vhost_virtqueue_set_addr(dev, dev->vqs + i, idx,
> + dev->log_enabled);
>  }
> -t = vhost_dev_set_features(dev, dev->log_enabled);
> -assert(t >= 0);
> +vhost_dev_set_features(dev, dev->log_enabled);
>  err_features:
>  return r;
>  }
> @@ -937,7 +946,6 @@ static void vhost_virtqueue_stop(struct vhost_dev *dev,
>  }
>  }
>  
> -assert (r >= 0);
>  cpu_physical_memory_unmap(vq->ring, virtio_queue_get_ring_size(vdev, 
> idx),
>0, virtio_queue_get_ring_size(vdev, idx));
>  cpu_physical_memory_unmap(vq->used, virtio_queue_get_used_size(vdev, 
> idx),
> @@ -1187,7 +1195,9 @@ void vhost_virtqueue_mask(struct vhost_dev *hdev, 
> VirtIODevice *vdev, int n,
>  
>  file.index = hdev->vhost_ops->vhost_get_vq_index(hdev, n);
>  r = hdev->vhost_ops->vhost_set_vring_call(hdev, &file);
> -assert(r >= 0);
> +if (r < 0) {
> +error_report("Failed to set vring call");
> +}
>  }
>  
>  uint64_t vhost_get_features(struct vhost_dev *hdev, const int *feature_bits,
> -- 
> 2.7.4

Re: [Qemu-devel] [PATCH 23/24] vhost-user: wait until link is up

[Michael S. Tsirkin]

On Tue, Jun 21, 2016 at 12:02:51PM +0200, marcandre.lur...@redhat.com wrote:
> From: Marc-André Lureau 
> 
> The chardev waits for an initial connection before starting qemu,
> vhost-user wants the backend negotiation to be completed. vhost-user is
> started in the net_vhost_user_event callback, which is synchronously
> called after the socket is connected.
> 
> Signed-off-by: Marc-André Lureau 
> ---
>  net/vhost-user.c | 10 +-
>  1 file changed, 9 insertions(+), 1 deletion(-)
> 
> diff --git a/net/vhost-user.c b/net/vhost-user.c
> index 95ed2d2..bb4a253 100644
> --- a/net/vhost-user.c
> +++ b/net/vhost-user.c
> @@ -248,7 +248,15 @@ static int net_vhost_user_init(NetClientState *peer, 
> const char *device,
>  s->chr = chr;
>  }
>  
> -qemu_chr_add_handlers(chr, NULL, NULL, net_vhost_user_event, nc[0].name);
> +do {
> +Error *err = NULL;
> +if (qemu_chr_wait_connected(chr, &err) < 0) {
> +error_report_err(err);
> +return -1;
> +}
> +qemu_chr_add_handlers(chr, NULL, NULL,
> +  net_vhost_user_event, nc[0].name);
> +} while (nc->link_down);
>  
>  assert(s->vhost_net != NULL);


I don't get why this makes sense.
Why should vhost user poke at link down at all?

> -- 
> 2.7.4

Re: [Qemu-devel] [PATCH qemu v18 4/5] vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)

[Alexey Kardashevskiy]

On 23/06/16 00:38, Laurent Vivier wrote:
> 
> 
> On 21/06/2016 03:14, Alexey Kardashevskiy wrote:
>> New VFIO_SPAPR_TCE_v2_IOMMU type supports dynamic DMA window management.
>> This adds ability to VFIO common code to dynamically allocate/remove
>> DMA windows in the host kernel when new VFIO container is added/removed.
>>
>> This adds a helper to vfio_listener_region_add which makes
>> VFIO_IOMMU_SPAPR_TCE_CREATE ioctl and adds just created IOMMU into
>> the host IOMMU list; the opposite action is taken in
>> vfio_listener_region_del.
>>
>> When creating a new window, this uses heuristic to decide on the TCE table
>> levels number.
>>
>> This should cause no guest visible change in behavior.
>>
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>> Changes:
>> v18:
>> * moved trace definitions under hw/vfio/spapr.c section
>> * moved trace_vfio_spapr_remove_window to vfio_spapr_remove_window()
>> * vfio_host_win_del() now checks for exact window size
>> * one ctz() less in vfio_spapr_create_window()
>>
>> v17:
>> * moved spapr window create/remove helpers to separate file
>> * added hw_error() if vfio_host_win_del() failed
>>
>> v16:
>> * used memory_region_iommu_get_page_sizes() in vfio_listener_region_add()
>> * enforced no intersections between windows
>>
>> v14:
>> * new to the series
>> ---
>>  hw/vfio/common.c  | 79 
>> +--
>>  hw/vfio/spapr.c   | 71 ++
>>  include/hw/vfio/vfio-common.h |  6 
>>  trace-events  |  2 ++
>>  4 files changed, 148 insertions(+), 10 deletions(-)
>>
>> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
>> index b53a1db..8e3466c 100644
>> --- a/hw/vfio/common.c
>> +++ b/hw/vfio/common.c
>> @@ -265,6 +265,21 @@ static void vfio_host_win_add(VFIOContainer *container,
>>  QLIST_INSERT_HEAD(&container->hostwin_list, hostwin, hostwin_next);
>>  }
>>  
>> +static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
>> + hwaddr max_iova)
>> +{
>> +VFIOHostDMAWindow *hostwin;
>> +
>> +QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
>> +if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) 
>> {
>> +QLIST_REMOVE(hostwin, hostwin_next);
>> +return 0;
>> +}
>> +}
>> +
>> +return -1;
>> +}
>> +
>>  static bool vfio_listener_skipped_section(MemoryRegionSection *section)
>>  {
>>  return (!memory_region_is_ram(section->mr) &&
>> @@ -380,6 +395,30 @@ static void vfio_listener_region_add(MemoryListener 
>> *listener,
>>  }
>>  end = int128_get64(int128_sub(llend, int128_one()));
>>  
>> +if (container->iommu_type == VFIO_SPAPR_TCE_v2_IOMMU) {
>> +VFIOHostDMAWindow *hostwin;
>> +hwaddr pgsize = 0;
>> +
>> +/* For now intersections are not allowed, we may relax this later */
>> +QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
>> +if (ranges_overlap(hostwin->min_iova,
>> +   hostwin->max_iova - hostwin->min_iova + 1,
>> +   section->offset_within_address_space,
>> +   int128_get64(section->size))) {
>> +goto fail;
> 
> ret is not initialized and it is used in "fail:".
> 
> hw/vfio/common.c: In function ‘vfio_listener_region_add’:
> hw/vfio/common.c:493:30: error: ‘ret’ may be used uninitialized in this
> function [-Werror=maybe-uninitialized]
>  container->error = ret;

Oh. Thanks for reporting. I use cross gcc and there must be something I am
doing wrong as I do not see these warnings but I do see them when compile
with native compiler...



-- 
Alexey

[Qemu-devel] [Bug 1580459] Re: Windows (10?) guest freezes entire host on shutdown if using PCI passthrough

[Jimi]

I got impatient and got the rom file from EVGA and loaded it in, but for
me and my GTX 960, I get no graphical output when it's loaded. I don't
know anything beyond that. I don't get any error messages in dmesg or
anything--just no video output whatsoever. It was also strangely booting
into the Tianocore UEFI command line instead of Windows, so there could
be something else going on here for me that stayed broken after I
removed the romfile option.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1580459

Title:
  Windows (10?) guest freezes entire host on shutdown if using PCI
  passthrough

Status in libvirt:
  New
Status in QEMU:
  New
Status in Arch Linux:
  New
Status in Debian:
  New
Status in Fedora:
  New

Bug description:
  Problem: after leaving a Windows VM that uses PCI passthrough (as we
  do for gaming graphics cards, sound cards, and in my case, a USB card)
  running for some amount of time between 1 and 2 hours (it's not
  consistent with exactly how long), and for any amount of time longer
  than that, shutting down that guest will, right as it finishes
  shutting down, freeze the host computer, making it require a hard
  reboot. Unbinding (or in the other user's case, unbinding and THEN
  binding) any PCI device in sysfs, even one that has nothing to do with
  the VM, also has the same effect as shutting down the VM (if the VM
  has been running long enough). So, it's probably an issue related to
  unbinding and binding PCI devices.

  There's a lot of info on this problem over at 
https://bbs.archlinux.org/viewtopic.php?id=206050
  Here's a better-organized list of main details:
  -at least 2 confirmed victims of this bug; 2 (including me) have provided 
lots of info in the link
  -I'm on Arch Linux and the other one is on Gentoo (distro-nonspecific)
  -issue affects my Windows 10 guest and others' Windows guests, but not my 
Arch Linux guest (the others don't have non-Windows guests to test)
  -I'm using libvirt but the other user is not, so it's not an issue with 
libvirt
  -It seems to be version non-specific, too. I first noticed it at, or when 
testing versions still had the issue at (whichever version is lower), Linux 4.1 
and qemu 2.4.0. It still persists in all releases of both since, including the 
newest ones.
  -I can't track down exactly what package downgrade can fix it, as downgrading 
further than Linux 4.1 and qemu 2.4.0 requires Herculean and system-destroying 
changes such as downgrading ncurses, meaning I don't know whether it's a bug in 
QEMU, the Linux kernel, or some weird seemingly unrelated thing.
  -According to the other user, "graphics intensive gameplay (GTA V) can cause 
the crash to happen sooner," as soon as "15 minutes"
  -Also, "bringing up a second passthrough VM with separate hardware will cause 
the same crash," and "bringing up another VM before the two-hour mark will not 
result in a crash," further cementing that it's triggered by the un/binding of 
PCI devices.
  -This is NOT related to the very similar bug that can be worked around by not 
passing through the HDMI device or sound card. Even when we removed all traces 
of any sort of sound card from the VM, it still had the same behavior.

To manage notifications about this bug go to:
https://bugs.launchpad.net/libvirt/+bug/1580459/+subscriptions

Re: [Qemu-devel] [PATCH RFC 1/1] qemu-img: add the 'dd' subcommand

[Fam Zheng]

On Wed, 06/22 19:21, Reda Sallahi wrote:
> This patch adds a basic dd subcommand analogous to dd(1) to qemu-img.
> 
> For the start, this implements the bs, if, of and count options and requires
> both if and of to be specified (no stdin/stdout if not specified) and doesn't
> support tty, pipes, etc.
> 
> The image format must be specified with -O for the output if the raw format
> is not the intended one.
> 
> get_size() and get_offset() were needed for the size syntax dd(1) supports
> which is different from qemu_strtosz_suffix.

Looks good in general! Comments below.

> 
> Signed-off-by: Reda Sallahi 
> ---
>  qemu-img-cmds.hx |   6 +
>  qemu-img.c   | 833 
> ++-
>  2 files changed, 838 insertions(+), 1 deletion(-)
> 
> diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
> index 7e95b2d..68f81b0 100644
> --- a/qemu-img-cmds.hx
> +++ b/qemu-img-cmds.hx
> @@ -45,6 +45,12 @@ STEXI
>  @item convert [--object @var{objectdef}] [--image-opts] [-c] [-p] [-q] [-n] 
> [-f @var{fmt}] [-t @var{cache}] [-T @var{src_cache}] [-O @var{output_fmt}] 
> [-o @var{options}] [-s @var{snapshot_id_or_name}] [-l @var{snapshot_param}] 
> [-S @var{sparse_size}] @var{filename} [@var{filename2} [...]] 
> @var{output_filename}
>  ETEXI
>  
> +DEF("dd", img_dd,
> +"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] 
> [ibs=in_block_size] [count=blocks] if=input of=output")
> +STEXI
> +@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
> [bs=@var{block_size}] [ibs=@var{in_block_size}] [count=@var{blocks}] 
> if=@var{input} of=@var{output}
> +ETEXI
> +
>  DEF("info", img_info,
>  "info [--object objectdef] [--image-opts] [-f fmt] [--output=ofmt] 
> [--backing-chain] filename")
>  STEXI
> diff --git a/qemu-img.c b/qemu-img.c
> index 14e2661..dace76b 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -159,7 +159,25 @@ static void QEMU_NORETURN help(void)
> "Parameters to compare subcommand:\n"
> "  '-f' first image format\n"
> "  '-F' second image format\n"
> -   "  '-s' run in Strict mode - fail on different image size or 
> sector allocation\n";
> +   "  '-s' run in Strict mode - fail on different image size or 
> sector allocation\n"
> +   "\n"
> +   "Parameters to dd subcommand:\n"
> +   "  'bs=BYTES' read and write up to BYTES bytes at a time\n"
> +/* "  'cbs=BYTES' convert BYTES bytes at a time\n"
> +   "  'conv=CONVS' convert the file as per the comma separated "
> +   "symbol list\n" */
> +   "  'count=N' copy only N input blocks\n"
> +   "  'ibs=BYTES' read up to BYTES bytes at a time (default: 512)\n"
> +   "  'if=FILE' read from FILE instead of stdin\n"
> +   "  'obs=BYTES' write BYTES bytes at a time (default: 512)\n"
> +   "  'of=FILE' write to FILE instead of stdout\n";
> +/* "  'seek=N' skip N obs-sized blocks at start of output\n"
> +   "  'skip=N' skip N ibs-sized blocks at start of input\n"
> +   "  'status=LEVEL' The LEVEL of information to print to stderr; "
> +   "'none' suppresses everything but error messages, 'noxfer' "
> +   "suppresses the final transfer statistics, 'progress' shows "
> +   "periodic transfer statistics\n" */

In next revisions please clean up unused code/document in this patch, and add
them in later patches when they are needed - so the initial change for "if, of
and bs" can be merged.

> +
>  
>  printf("%s\nSupported formats:", help_msg);
>  bdrv_iterate_format(format_print, NULL);
> @@ -3788,6 +3806,819 @@ out:
>  return 0;
>  }
>  
> +#define C_BS  01
> +#define C_CBS 02
> +#define C_CONV04
> +#define C_COUNT   010
> +#define C_IBS 020
> +#define C_IF  040
> +#define C_IFLAG   0100
> +#define C_OBS 0200
> +#define C_OF  0400
> +#define C_OFLAG   01000
> +#define C_SEEK02000
> +#define C_SKIP04000
> +#define C_STATUS  01

Set but not used, maybe remove?

> +
> +struct DdEss {
> +unsigned int flags;
> +unsigned int status;
> +unsigned int conv;
> +size_t count;
> +size_t cbsz; /* Conversion block size */
> +};
> +
> +struct DdIo {
> +size_t bsz;/* Block size */
> +off_t offset;
> +const char *filename;
> +unsigned int flags;
> +uint8_t *buf;
> +};
> +
> +struct DdOpts {
> +const char *name;
> +int (*f)(const char *, struct DdIo *, struct DdIo *, struct DdEss *);
> +unsigned int flag;
> +};
> +
> +static size_t get_size(const char *str)
> +{
> +/* XXX: handle {k,m,g}B notations */
> +unsigned long num;
> +size_t res = 0;
> +const char *buf;
> +
> +errno = 0;
> +qemu_strtoul(str, &buf, 0, &num);
> +
> +if (num == ULONG_MAX && errno == ERANGE) {

qemu_strtol returns error code in return value, instead of errno. And in the
case of error, no need to test num == ULONG_MAX.

> +error_report("inva

Re: [Qemu-devel] [PATCH] ppc: Disable huge page support if it is not available for main RAM

[David Gibson]

On Wed, Jun 22, 2016 at 10:50:05AM +0200, Thomas Huth wrote:
> On powerpc, we must only signal huge page support to the guest if
> all memory areas are capable of supporting huge pages. The commit
> 2d103aae8765 ("fix hugepage support when using memory-backend-file")
> already fixed the case when the user specified the mem-path property
> for NUMA memory nodes instead of using the global "-mem-path" option.
> However, there is one more case where it currently can go wrong.
> When specifying additional memory DIMMs without using NUMA, e.g.
> 
>  qemu-system-ppc64 -enable-kvm ... -m 1G,slots=2,maxmem=2G \
> -device pc-dimm,id=dimm-mem1,memdev=mem1 -object \
> memory-backend-file,policy=default,mem-path=/...,size=1G,id=mem1
> 
> the code in getrampagesize() currently assumes that huge pages
> are possible since they are enabled for the mem1 object. But
> since the main RAM is not backed by a huge page filesystem,
> the guest Linux kernel then crashes very quickly after being
> started. So in case the we've got "normal" memory without NUMA
> and without the global "-mem-path" option, we must not announce
> huge pages to the guest. Since this is likely a mis-configuration
> by the user, also spill out a message in this case.
> 
> Signed-off-by: Thomas Huth 

Applied to ppc-for-2.7.
-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 3/3] blockdev: Add dynamic module loading for block drivers

[Fam Zheng]

On Wed, 06/22 17:35, Colin Lord wrote:
> From: Marc Mari 
> 
> Extend the current module interface to allow for block drivers to be loaded
> dynamically on request.
> 
> The only block drivers that can be converted into modules are the drivers
> that don't perform any init operation except for registering themselves.
> 
> All the necessary module information is located in a new structure found in
> include/qemu/module_block.h
> 
> Signed-off-by: Marc Mari 
> Signed-off-by: Colin Lord 
> ---
>  Makefile  |  3 --
>  block.c   | 86 
> +--
>  include/qemu/module.h |  3 ++
>  util/module.c | 37 ++
>  4 files changed, 90 insertions(+), 39 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 8f8b6a2..461187c 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -247,9 +247,6 @@ Makefile: $(version-obj-y) $(version-lobj-y)
>  libqemustub.a: $(stub-obj-y)
>  libqemuutil.a: $(util-obj-y)
>  
> -block-modules = $(foreach o,$(block-obj-m),"$(basename $(subst /,-,$o))",) 
> NULL
> -util/module.o-cflags = -D'CONFIG_BLOCK_MODULES=$(block-modules)'
> -
>  ##
>  
>  qemu-img.o: qemu-img-cmds.h
> diff --git a/block.c b/block.c
> index f54bc25..7a91434 100644
> --- a/block.c
> +++ b/block.c
> @@ -26,6 +26,7 @@
>  #include "block/block_int.h"
>  #include "block/blockjob.h"
>  #include "qemu/error-report.h"
> +#include "qemu/module_block.h"
>  #include "qemu/module.h"
>  #include "qapi/qmp/qerror.h"
>  #include "qapi/qmp/qbool.h"
> @@ -242,11 +243,29 @@ BlockDriverState *bdrv_new(void)
>  BlockDriver *bdrv_find_format(const char *format_name)
>  {
>  BlockDriver *drv1;
> +size_t i;
> +
>  QLIST_FOREACH(drv1, &bdrv_drivers, list) {
>  if (!strcmp(drv1->format_name, format_name)) {
>  return drv1;
>  }
>  }
> +
> +for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
> +if (!strcmp(block_driver_modules[i].format_name, format_name)) {
> +block_module_load_one(block_driver_modules[i].library_name);
> +/* Copying code is not nice, but this way the current discovery 
> is
> + * not modified. Calling recursively could fail if the library
> + * has been deleted.
> + */
> +QLIST_FOREACH(drv1, &bdrv_drivers, list) {
> +if (!strcmp(drv1->format_name, format_name)) {
> +return drv1;
> +}
> +}
> +}
> +}
> +
>  return NULL;
>  }
>  
> @@ -447,8 +466,15 @@ int get_tmp_filename(char *filename, int size)
>  static BlockDriver *find_hdev_driver(const char *filename)
>  {
>  int score_max = 0, score;
> +size_t i;
>  BlockDriver *drv = NULL, *d;
>  
> +for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
> +if (block_driver_modules[i].has_probe_device) {
> +block_module_load_one(block_driver_modules[i].library_name);
> +}
> +}
> +
>  QLIST_FOREACH(d, &bdrv_drivers, list) {
>  if (d->bdrv_probe_device) {
>  score = d->bdrv_probe_device(filename);
> @@ -470,6 +496,7 @@ BlockDriver *bdrv_find_protocol(const char *filename,
>  char protocol[128];
>  int len;
>  const char *p;
> +size_t i;
>  
>  /* TODO Drivers without bdrv_file_open must be specified explicitly */
>  
> @@ -496,6 +523,7 @@ BlockDriver *bdrv_find_protocol(const char *filename,
>  len = sizeof(protocol) - 1;
>  memcpy(protocol, filename, len);
>  protocol[len] = '\0';
> +
>  QLIST_FOREACH(drv1, &bdrv_drivers, list) {
>  if (drv1->protocol_name &&
>  !strcmp(drv1->protocol_name, protocol)) {
> @@ -503,6 +531,23 @@ BlockDriver *bdrv_find_protocol(const char *filename,
>  }
>  }
>  
> +for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
> +if (block_driver_modules[i].protocol_name &&
> +!strcmp(block_driver_modules[i].protocol_name, protocol)) {
> +block_module_load_one(block_driver_modules[i].library_name);
> +/* Copying code is not nice, but this way the current discovery 
> is
> + * not modified. Calling recursively could fail if the library
> + * has been deleted.
> + */
> +QLIST_FOREACH(drv1, &bdrv_drivers, list) {
> +if (drv1->protocol_name &&
> +!strcmp(drv1->protocol_name, protocol)) {
> +return drv1;
> +}
> +}
> +}
> +}
> +
>  error_setg(errp, "Unknown protocol '%s'", protocol);
>  return NULL;
>  }
> @@ -525,8 +570,15 @@ BlockDriver *bdrv_probe_all(const uint8_t *buf, int 
> buf_size,
>  const char *filename)
>  {
>  int score_max = 0, score;
> +size_t i;
>  BlockDriver *drv = NULL, *d;
>  
> +for (i = 0; i < ARRAY_SIZ

[Qemu-devel] [PATCH v2 3/3] palmetto-bmc: Configure the SCU's hardware strapping register

[Andrew Jeffery]

The magic constant configures the following options:

* 28:27: Configure DRAM size as 256MB
* 26:24: DDR3 SDRAM with CL = 6, CWL = 5
* 23: Configure 24/48MHz CLKIN
* 22: Disable GPIOE pass-through mode
* 21: Disable GPIOD pass-through mode
* 20: Enable LPC decode of SuperIO 0x2E/0x4E addresses
* 19: Disable ACPI
* 18: Configure 48MHz CLKIN
* 17: Disable BMC 2nd boot watchdog timer
* 16: Decode SuperIO address 0x2E
* 15: VGA Class Code
* 14: Enable LPC dedicated reset pin
* 13:12: Enable SPI Master and SPI Slave to AHB Bridge
* 11:10: Select CPU:AHB ratio = 2:1
* 9:8: Select 384MHz H-PLL
* 7: Configure MAC#2 for RMII/NCSI
* 6: Configure MAC#1 for RMII/NCSI
* 5: No VGA BIOS ROM
* 4: Boot using 32bit SPI address mode
* 3:2: Select 16MB VGA memory
* 1:0: Boot from SPI flash memory

Signed-off-by: Andrew Jeffery 
---
 hw/arm/palmetto-bmc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
index a51d960510ee..b8eed21348d8 100644
--- a/hw/arm/palmetto-bmc.c
+++ b/hw/arm/palmetto-bmc.c
@@ -44,6 +44,8 @@ static void palmetto_bmc_init(MachineState *machine)
 &bmc->ram);
 object_property_add_const_link(OBJECT(&bmc->soc), "ram", OBJECT(&bmc->ram),
&error_abort);
+object_property_set_int(OBJECT(&bmc->soc), 0x120CE416, "hw-strap1",
+&error_abort);
 object_property_set_bool(OBJECT(&bmc->soc), true, "realized",
  &error_abort);
 
-- 
2.7.4

[Qemu-devel] [PATCH v2 2/3] ast2400: Integrate the SCU model and set silicon revision

[Andrew Jeffery]

By specifying the silicon revision we select the appropriate reset
values for the SoC.

Additionally, expose hardware strapping properties aliasing those
provided by the SCU for board-specific configuration.

Signed-off-by: Andrew Jeffery 
---

Since v1:

* Remove reset value configuration
* Configure SoC silicon revision in the SCU via property
* Alias the SCU's hardware strapping properties to expose them to boards

 hw/arm/ast2400.c | 17 +
 include/hw/arm/ast2400.h |  2 ++
 2 files changed, 19 insertions(+)

diff --git a/hw/arm/ast2400.c b/hw/arm/ast2400.c
index 4a9de0e10cbc..1a26d74e695c 100644
--- a/hw/arm/ast2400.c
+++ b/hw/arm/ast2400.c
@@ -24,6 +24,7 @@
 #define AST2400_IOMEM_SIZE   0x0020
 #define AST2400_IOMEM_BASE   0x1E60
 #define AST2400_VIC_BASE 0x1E6C
+#define AST2400_SCU_BASE 0x1E6E2000
 #define AST2400_TIMER_BASE   0x1E782000
 #define AST2400_I2C_BASE 0x1E78A000
 
@@ -72,6 +73,14 @@ static void ast2400_init(Object *obj)
 object_initialize(&s->i2c, sizeof(s->i2c), TYPE_ASPEED_I2C);
 object_property_add_child(obj, "i2c", OBJECT(&s->i2c), NULL);
 qdev_set_parent_bus(DEVICE(&s->i2c), sysbus_get_default());
+
+object_initialize(&s->scu, sizeof(s->scu), TYPE_ASPEED_SCU);
+object_property_add_child(obj, "scu", OBJECT(&s->scu), NULL);
+qdev_set_parent_bus(DEVICE(&s->scu), sysbus_get_default());
+object_property_add_alias(obj, "hw-strap1", OBJECT(&s->scu),
+  "hw-strap1", &error_abort);
+object_property_add_alias(obj, "hw-strap2", OBJECT(&s->scu),
+  "hw-strap2", &error_abort);
 }
 
 static void ast2400_realize(DeviceState *dev, Error **errp)
@@ -110,6 +119,14 @@ static void ast2400_realize(DeviceState *dev, Error **errp)
 sysbus_connect_irq(SYS_BUS_DEVICE(&s->timerctrl), i, irq);
 }
 
+/* SCU */
+object_property_set_bool(OBJECT(&s->scu), true, "realized", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+sysbus_mmio_map(SYS_BUS_DEVICE(&s->scu), 0, AST2400_SCU_BASE);
+
 /* UART - attach an 8250 to the IO space as our UART5 */
 if (serial_hds[0]) {
 qemu_irq uart5 = qdev_get_gpio_in(DEVICE(&s->vic), uart_irqs[4]);
diff --git a/include/hw/arm/ast2400.h b/include/hw/arm/ast2400.h
index c05ed5376736..f1a64fd3893d 100644
--- a/include/hw/arm/ast2400.h
+++ b/include/hw/arm/ast2400.h
@@ -14,6 +14,7 @@
 
 #include "hw/arm/arm.h"
 #include "hw/intc/aspeed_vic.h"
+#include "hw/misc/aspeed_scu.h"
 #include "hw/timer/aspeed_timer.h"
 #include "hw/i2c/aspeed_i2c.h"
 
@@ -27,6 +28,7 @@ typedef struct AST2400State {
 AspeedVICState vic;
 AspeedTimerCtrlState timerctrl;
 AspeedI2CState i2c;
+AspeedSCUState scu;
 } AST2400State;
 
 #define TYPE_AST2400 "ast2400"
-- 
2.7.4

[Qemu-devel] [PATCH v2 1/3] hw/misc: Add a model for the ASPEED System Control Unit

[Andrew Jeffery]

The SCU is a collection of chip-level control registers that manage the
various functions supported by ASPEED SoCs. Typically the bits control
interactions with clocks, external hardware or reset behaviour, and we
can largly take a hands-off approach to reads and writes.

Firmware makes heavy use of the state to determine how to boot, but the
reset values vary from SoC to SoC (eg AST2400 vs AST2500). A qdev
property is exposed so that the integrating SoC model can configure the
silicon revision, which in-turn selects the appropriate reset values.
Further qdev properties are exposed so the board model can configure the
board-dependent hardware strapping.

Almost all provided AST2400 reset values are specified by the datasheet.
The notable exception is SOC_SCRATCH1, where we mark the DRAM as
successfully initialised to avoid unnecessary dark corners in the SoC's
u-boot support.

Signed-off-by: Andrew Jeffery 
---

Since v1:

* Move reset values into SCU implementation (also make register defines private)
* Expose silicon-rev property which is used to select appropriate reset values
* Expose hw-strap1/hw-strap2 properties for board-specific SoC configuration

 hw/misc/Makefile.objs|   1 +
 hw/misc/aspeed_scu.c | 258 +++
 include/hw/misc/aspeed_scu.h |  34 ++
 trace-events |   3 +
 4 files changed, 296 insertions(+)
 create mode 100644 hw/misc/aspeed_scu.c
 create mode 100644 include/hw/misc/aspeed_scu.h

diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index ffb49c11aca6..54020aa06c00 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -52,3 +52,4 @@ obj-$(CONFIG_PVPANIC) += pvpanic.o
 obj-$(CONFIG_EDU) += edu.o
 obj-$(CONFIG_HYPERV_TESTDEV) += hyperv_testdev.o
 obj-$(CONFIG_AUX) += aux.o
+obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o
diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
new file mode 100644
index ..a714431c45c5
--- /dev/null
+++ b/hw/misc/aspeed_scu.c
@@ -0,0 +1,258 @@
+/*
+ * ASPEED System Control Unit
+ *
+ * Andrew Jeffery 
+ *
+ * Copyright 2016 IBM Corp.
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include 
+#include "hw/misc/aspeed_scu.h"
+#include "hw/qdev-properties.h"
+#include "qapi/error.h"
+#include "qapi/visitor.h"
+#include "qemu/bitops.h"
+#include "trace.h"
+
+#define TO_REG(offset) ((offset) >> 2)
+
+#define PROT_KEY TO_REG(0x00)
+#define SYS_RST_CTRL TO_REG(0x04)
+#define CLK_SEL  TO_REG(0x08)
+#define CLK_STOP_CTRLTO_REG(0x0C)
+#define FREQ_CNTR_CTRL   TO_REG(0x10)
+#define FREQ_CNTR_EVAL   TO_REG(0x14)
+#define IRQ_CTRL TO_REG(0x18)
+#define D2PLL_PARAM  TO_REG(0x1C)
+#define MPLL_PARAM   TO_REG(0x20)
+#define HPLL_PARAM   TO_REG(0x24)
+#define FREQ_CNTR_RANGE  TO_REG(0x28)
+#define MISC_CTRL1   TO_REG(0x2C)
+#define PCI_CTRL1TO_REG(0x30)
+#define PCI_CTRL2TO_REG(0x34)
+#define PCI_CTRL3TO_REG(0x38)
+#define SYS_RST_STATUS   TO_REG(0x3C)
+#define SOC_SCRATCH1 TO_REG(0x40)
+#define SOC_SCRATCH2 TO_REG(0x44)
+#define MAC_CLK_DELAYTO_REG(0x48)
+#define MISC_CTRL2   TO_REG(0x4C)
+#define VGA_SCRATCH1 TO_REG(0x50)
+#define VGA_SCRATCH2 TO_REG(0x54)
+#define VGA_SCRATCH3 TO_REG(0x58)
+#define VGA_SCRATCH4 TO_REG(0x5C)
+#define VGA_SCRATCH5 TO_REG(0x60)
+#define VGA_SCRATCH6 TO_REG(0x64)
+#define VGA_SCRATCH7 TO_REG(0x68)
+#define VGA_SCRATCH8 TO_REG(0x6C)
+#define HW_STRAP1TO_REG(0x70)
+#define RNG_CTRL TO_REG(0x74)
+#define RNG_DATA TO_REG(0x78)
+#define SILICON_REV  TO_REG(0x7C)
+#define PINMUX_CTRL1 TO_REG(0x80)
+#define PINMUX_CTRL2 TO_REG(0x84)
+#define PINMUX_CTRL3 TO_REG(0x88)
+#define PINMUX_CTRL4 TO_REG(0x8C)
+#define PINMUX_CTRL5 TO_REG(0x90)
+#define PINMUX_CTRL6 TO_REG(0x94)
+#define WDT_RST_CTRL TO_REG(0x9C)
+#define PINMUX_CTRL7 TO_REG(0xA0)
+#define PINMUX_CTRL8 TO_REG(0xA4)
+#define PINMUX_CTRL9 TO_REG(0xA8)
+#define WAKEUP_ENTO_REG(0xC0)
+#define WAKEUP_CTRL  TO_REG(0xC4)
+#define HW_STRAP2TO_REG(0xD0)
+#define FREE_CNTR4   TO_REG(0xE0)
+#define FREE_CNTR4_EXT   TO_REG(0xE4)
+#define CPU2_CTRLTO_REG(0x100)
+#define CPU2_BASE_SEG1   TO_REG(0x104)
+#define CPU2_BASE_SEG2   TO_REG(0x108)
+#define CPU2_BASE_SEG3   TO_REG(0x10C)
+#define CPU2_BASE_SEG4   TO_REG(0x110)
+#define CPU2_BASE_SEG5   TO_REG(0x114)
+#define CPU2_CACHE_CTRL  TO_REG(0x118)
+#define UART_HPLL_CLKTO_REG(0x160)
+#define PCIE_CTRLTO_REG(0x180)
+#define BMC_MMIO_CTRLTO_REG(0x184)
+#define RELOC_DECODE_BASE1   TO_REG(0x188)
+#defi

[Qemu-devel] [PATCH v2 0/3] Add ASPEED SCU device

[Andrew Jeffery]

Hi all,

These are three patches implementing minimal functionality for the ASPEED System
Control Unit device and integrating it into the AST2400 SoC model/palmetto-bmc
machine. The device is critical for initialisation of u-boot and the kernel as
it provides chip level control registers, influencing the configuration of the
software and the software's configuration of the SoC.

Since v1:

* Select reset values based on silicon ID
* Expose hardware strapping values via properties

Cheers,

Andrew

Andrew Jeffery (3):
  hw/misc: Add a model for the ASPEED System Control Unit
  ast2400: Integrate the SCU model and set silicon revision
  palmetto-bmc: Configure the SCU's hardware strapping register

 hw/arm/ast2400.c |  17 +++
 hw/arm/palmetto-bmc.c|   2 +
 hw/misc/Makefile.objs|   1 +
 hw/misc/aspeed_scu.c | 258 +++
 include/hw/arm/ast2400.h |   2 +
 include/hw/misc/aspeed_scu.h |  34 ++
 trace-events |   3 +
 7 files changed, 317 insertions(+)
 create mode 100644 hw/misc/aspeed_scu.c
 create mode 100644 include/hw/misc/aspeed_scu.h

-- 
2.7.4

Re: [Qemu-devel] [PATCH 3/3] blockdev: Add dynamic module loading for block drivers

[Fam Zheng]

On Wed, 06/22 17:35, Colin Lord wrote:
> From: Marc Mari 
> 
> Extend the current module interface to allow for block drivers to be loaded
> dynamically on request.
> 
> The only block drivers that can be converted into modules are the drivers
> that don't perform any init operation except for registering themselves.
> 
> All the necessary module information is located in a new structure found in
> include/qemu/module_block.h
> 
> Signed-off-by: Marc Mari 
> Signed-off-by: Colin Lord 
> ---
>  Makefile  |  3 --
>  block.c   | 86 
> +--
>  include/qemu/module.h |  3 ++
>  util/module.c | 37 ++
>  4 files changed, 90 insertions(+), 39 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 8f8b6a2..461187c 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -247,9 +247,6 @@ Makefile: $(version-obj-y) $(version-lobj-y)
>  libqemustub.a: $(stub-obj-y)
>  libqemuutil.a: $(util-obj-y)
>  
> -block-modules = $(foreach o,$(block-obj-m),"$(basename $(subst /,-,$o))",) 
> NULL
> -util/module.o-cflags = -D'CONFIG_BLOCK_MODULES=$(block-modules)'
> -
>  ##
>  
>  qemu-img.o: qemu-img-cmds.h
> diff --git a/block.c b/block.c
> index f54bc25..7a91434 100644
> --- a/block.c
> +++ b/block.c
> @@ -26,6 +26,7 @@
>  #include "block/block_int.h"
>  #include "block/blockjob.h"
>  #include "qemu/error-report.h"
> +#include "qemu/module_block.h"
>  #include "qemu/module.h"
>  #include "qapi/qmp/qerror.h"
>  #include "qapi/qmp/qbool.h"
> @@ -242,11 +243,29 @@ BlockDriverState *bdrv_new(void)
>  BlockDriver *bdrv_find_format(const char *format_name)
>  {
>  BlockDriver *drv1;
> +size_t i;
> +
>  QLIST_FOREACH(drv1, &bdrv_drivers, list) {
>  if (!strcmp(drv1->format_name, format_name)) {
>  return drv1;
>  }
>  }
> +
> +for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
> +if (!strcmp(block_driver_modules[i].format_name, format_name)) {
> +block_module_load_one(block_driver_modules[i].library_name);
> +/* Copying code is not nice, but this way the current discovery 
> is
> + * not modified. Calling recursively could fail if the library
> + * has been deleted.
> + */
> +QLIST_FOREACH(drv1, &bdrv_drivers, list) {
> +if (!strcmp(drv1->format_name, format_name)) {
> +return drv1;
> +}
> +}
> +}
> +}
> +
>  return NULL;
>  }
>  
> @@ -447,8 +466,15 @@ int get_tmp_filename(char *filename, int size)
>  static BlockDriver *find_hdev_driver(const char *filename)
>  {
>  int score_max = 0, score;
> +size_t i;
>  BlockDriver *drv = NULL, *d;
>  
> +for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
> +if (block_driver_modules[i].has_probe_device) {
> +block_module_load_one(block_driver_modules[i].library_name);
> +}
> +}
> +
>  QLIST_FOREACH(d, &bdrv_drivers, list) {
>  if (d->bdrv_probe_device) {
>  score = d->bdrv_probe_device(filename);
> @@ -470,6 +496,7 @@ BlockDriver *bdrv_find_protocol(const char *filename,
>  char protocol[128];
>  int len;
>  const char *p;
> +size_t i;
>  
>  /* TODO Drivers without bdrv_file_open must be specified explicitly */
>  
> @@ -496,6 +523,7 @@ BlockDriver *bdrv_find_protocol(const char *filename,
>  len = sizeof(protocol) - 1;
>  memcpy(protocol, filename, len);
>  protocol[len] = '\0';
> +
>  QLIST_FOREACH(drv1, &bdrv_drivers, list) {
>  if (drv1->protocol_name &&
>  !strcmp(drv1->protocol_name, protocol)) {
> @@ -503,6 +531,23 @@ BlockDriver *bdrv_find_protocol(const char *filename,
>  }
>  }
>  
> +for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
> +if (block_driver_modules[i].protocol_name &&
> +!strcmp(block_driver_modules[i].protocol_name, protocol)) {
> +block_module_load_one(block_driver_modules[i].library_name);
> +/* Copying code is not nice, but this way the current discovery 
> is
> + * not modified. Calling recursively could fail if the library
> + * has been deleted.
> + */
> +QLIST_FOREACH(drv1, &bdrv_drivers, list) {
> +if (drv1->protocol_name &&
> +!strcmp(drv1->protocol_name, protocol)) {
> +return drv1;
> +}
> +}
> +}
> +}
> +
>  error_setg(errp, "Unknown protocol '%s'", protocol);
>  return NULL;
>  }
> @@ -525,8 +570,15 @@ BlockDriver *bdrv_probe_all(const uint8_t *buf, int 
> buf_size,
>  const char *filename)
>  {
>  int score_max = 0, score;
> +size_t i;
>  BlockDriver *drv = NULL, *d;
>  
> +for (i = 0; i < ARRAY_SIZ

Re: [Qemu-devel] [PATCH qemu v18 5/5] spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows (DDW)

[Alexey Kardashevskiy]

On 22/06/16 19:44, Thomas Huth wrote:
> On 22.06.2016 05:23, Alexey Kardashevskiy wrote:
>> On 22/06/16 12:35, David Gibson wrote:
>>> On Tue, Jun 21, 2016 at 11:14:05AM +1000, Alexey Kardashevskiy wrote:
 This adds support for Dynamic DMA Windows (DDW) option defined by
 the SPAPR specification which allows to have additional DMA window(s)

 The "ddw" property is enabled by default on a PHB but for compatibility
 the pseries-2.6 machine and older disable it.
 This also creates a single DMA window for the older machines to
 maintain backward migration.

 This implements DDW for PHB with emulated and VFIO devices. The host
 kernel support is required. The advertised IOMMU page sizes are 4K and
 64K; 16M pages are supported but not advertised by default, in order to
 enable them, the user has to specify "pgsz" property for PHB and
 enable huge pages for RAM.

 The existing linux guests try creating one additional huge DMA window
 with 64K or 16MB pages and map the entire guest RAM to. If succeeded,
 the guest switches to dma_direct_ops and never calls TCE hypercalls
 (H_PUT_TCE,...) again. This enables VFIO devices to use the entire RAM
 and not waste time on map/unmap later. This adds a "dma64_win_addr"
 property which is a bus address for the 64bit window and by default
 set to 0x800... as this is what the modern POWER8 hardware
 uses and this allows having emulated and VFIO devices on the same bus.

 This adds 4 RTAS handlers:
 * ibm,query-pe-dma-window
 * ibm,create-pe-dma-window
 * ibm,remove-pe-dma-window
 * ibm,reset-pe-dma-window
 These are registered from type_init() callback.

 These RTAS handlers are implemented in a separate file to avoid polluting
 spapr_iommu.c with PCI.

 This changes sPAPRPHBState::dma_liobn to an array to allow 2 LIOBNs.

 Signed-off-by: Alexey Kardashevskiy 
> [...]
 diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
 index 9f28fb3..0cb51dd 100644
 --- a/hw/ppc/spapr_pci.c
 +++ b/hw/ppc/spapr_pci.c
> [...]
 @@ -1515,7 +1531,8 @@ static void spapr_phb_reset(DeviceState *qdev)
  static Property spapr_phb_properties[] = {
  DEFINE_PROP_UINT32("index", sPAPRPHBState, index, -1),
  DEFINE_PROP_UINT64("buid", sPAPRPHBState, buid, -1),
 -DEFINE_PROP_UINT32("liobn", sPAPRPHBState, dma_liobn, -1),
 +DEFINE_PROP_UINT32("liobn", sPAPRPHBState, dma_liobn[0], -1),
 +DEFINE_PROP_UINT32("liobn64", sPAPRPHBState, dma_liobn[1], -1),
  DEFINE_PROP_UINT64("mem_win_addr", sPAPRPHBState, mem_win_addr, -1),
  DEFINE_PROP_UINT64("mem_win_size", sPAPRPHBState, mem_win_size,
 SPAPR_PCI_MMIO_WIN_SIZE),
 @@ -1527,6 +1544,11 @@ static Property spapr_phb_properties[] = {
  /* Default DMA window is 0..1GB */
  DEFINE_PROP_UINT64("dma_win_addr", sPAPRPHBState, dma_win_addr, 0),
  DEFINE_PROP_UINT64("dma_win_size", sPAPRPHBState, dma_win_size, 
 0x4000),
 +DEFINE_PROP_UINT64("dma64_win_addr", sPAPRPHBState, dma64_win_addr,
 +   0x800ULL),
 +DEFINE_PROP_BOOL("ddw", sPAPRPHBState, ddw_enabled, true),
 +DEFINE_PROP_UINT64("pgsz", sPAPRPHBState, page_size_mask,
 +   (1ULL << 12) | (1ULL << 16)),
  DEFINE_PROP_END_OF_LIST(),
  };
  
 @@ -1603,7 +1625,7 @@ static const VMStateDescription vmstate_spapr_pci = {
  .post_load = spapr_pci_post_load,
  .fields = (VMStateField[]) {
  VMSTATE_UINT64_EQUAL(buid, sPAPRPHBState),
 -VMSTATE_UINT32_EQUAL(dma_liobn, sPAPRPHBState),
 +VMSTATE_UNUSED(4), /* dma_liobn */
>>>
>>> It's not obvious to me why this change is necessary.
>>
>> It is not. But I was touching liobn and this is a proper cleanup which
>> needs to be done anyway as _EQUAL() macros are sort of deprecated and
>> rather pointless.
> 
> Not sure, but if you mark this field as unused now, is migration
> backwards to an older version of QEMU still working? If not, you might
> need to bump the version number, too?

Oh. Correct, it will fail. So I still need this field here. Ok, will fix
when resend.



-- 
Alexey



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/3] Dynamic module loading for block drivers

[Fam Zheng]

On Wed, 06/22 17:35, Colin Lord wrote:
> This is v2 of the series I sent out last week. These are the changes I
> made based on the feedback I got:
> - Fixed typo and Marc's email address in the python script
> - Moved registration of iscsi_opts into vl.c
> 
> What I didn't do:
> - Remove copy-pasted loops
> 
> There was a bit of discussion about how to remove the need for the copy-
> paste loops that are in block.c. I attempted to solve it by using
> g_module_sym to load the BlockDriver struct directly at the time the
> module gets loaded and returning it so that the loops were not
> necessary. I accomplished this by adding a field to the struct which,
> for a given format/protocol configuration, had the name of the
> corresponding BlockDriver struct. Having the name allowed me to load the
> symbol right out of the loaded module. However, it turns out that, at
> least as far as I can tell, g_module_sym can't load the BlockDriver
> structs in this way because they are declared static.
> 
> I tested the attempt to remove the copy-pasted loops by using the
> qemu-iotests on it with ssh (which is modularized). The errors I got
> were along the lines of:
> 
> can't open device ssh://[address removed]: Unknown protocol 'ssh'
> Failed to find driver in module
> 
> To test my theory (I haven't had much luck finding reliable
> documentation about this) that it was because they were static, I
> changed the definition of the bdrv_ssh BlockDriver to not be static.
> Unfortunately I still got errors, but I believe the drivers got loaded.
> The errors were not the same, rather these ones were complaining about
> the host key not matching the one in known_hosts. I've had this issue
> while trying to set up ssh with qemu in the past, so I'm not quite as
> worried about it (although I'd love to hear a fix), and more importantly
> there aren't any messages about the driver not being found.

Maybe it's not a big deal to export the symbols.

For testing you can also test with iscsi.

Fam

> 
> That hopefully explains some of the issues, and why I'm submitting this
> with the duplicated loops still intact. If there are other ideas for
> dealing with this my ears are open, but this is what I have for now.
> 
> Colin Lord (1):
>   blockdev: prepare iSCSI block driver for dynamic loading
> 
> Marc Mari (2):
>   blockdev: Add dynamic generation of module_block.h
>   blockdev: Add dynamic module loading for block drivers
> 
>  .gitignore  |   1 +
>  Makefile|  11 +++-
>  block.c |  86 +++---
>  block/iscsi.c   |  36 ---
>  include/qemu/module.h   |   3 +
>  scripts/modules/module_block.py | 134 
> 
>  util/module.c   |  37 +++
>  vl.c|  36 +++
>  8 files changed, 269 insertions(+), 75 deletions(-)
>  create mode 100644 scripts/modules/module_block.py
> 
> -- 
> 2.5.5
> 
> 

Re: [Qemu-devel] [PATCH 2/3] blockdev: Add dynamic generation of module_block.h

[Fam Zheng]

On Wed, 06/22 17:35, Colin Lord wrote:
> From: Marc Mari 
> 
> To simplify the addition of new block modules, add a script that generates
> include/qemu/module_block.h automatically from the modules' source code.
> 
> This script assumes that the QEMU coding style rules are followed.
> 
> Signed-off-by: Marc Mari 
> Signed-off-by: Colin Lord 
> ---
>  .gitignore  |   1 +
>  Makefile|   8 +++
>  scripts/modules/module_block.py | 134 
> 
>  3 files changed, 143 insertions(+)
>  create mode 100644 scripts/modules/module_block.py
> 
> diff --git a/.gitignore b/.gitignore
> index 38ee1c5..06aa064 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -110,3 +110,4 @@ tags
>  TAGS
>  docker-src.*
>  *~
> +/include/qemu/module_block.h
> diff --git a/Makefile b/Makefile
> index ed4032a..8f8b6a2 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -76,6 +76,8 @@ GENERATED_HEADERS += trace/generated-ust-provider.h
>  GENERATED_SOURCES += trace/generated-ust.c
>  endif
>  
> +GENERATED_HEADERS += include/qemu/module_block.h
> +
>  # Don't try to regenerate Makefile or configure
>  # We don't generate any of them
>  Makefile: ;
> @@ -352,6 +354,12 @@ ivshmem-client$(EXESUF): $(ivshmem-client-obj-y) 
> libqemuutil.a libqemustub.a
>  ivshmem-server$(EXESUF): $(ivshmem-server-obj-y) libqemuutil.a libqemustub.a
>   $(call LINK, $^)
>  
> +include/qemu/module_block.h: $(SRC_PATH)/scripts/modules/module_block.py 
> config-host.mak
> + $(call quiet-command,$(PYTHON) \
> +$(SRC_PATH)/scripts/modules/module_block.py \
> + $(SRC_PATH)/"./include/qemu/" $(addprefix $(SRC_PATH)/,$(patsubst 
> %.mo,%.c,$(block-obj-m))), \

Please don't generate the header under $(SRC_PATH), instead generate in the
build dir. And the rule body should use $@ instead of repeating the target
name.

> + "  GEN   $@")
> +
>  clean:
>  # avoid old build problems by removing potentially incorrect old files
>   rm -f config.mak op-i386.h opc-i386.h gen-op-i386.h op-arm.h opc-arm.h 
> gen-op-arm.h
> diff --git a/scripts/modules/module_block.py b/scripts/modules/module_block.py
> new file mode 100644
> index 000..2b5d24c
> --- /dev/null
> +++ b/scripts/modules/module_block.py
> @@ -0,0 +1,134 @@
> +#!/usr/bin/python
> +#
> +# Module information generator
> +#
> +# Copyright Red Hat, Inc. 2015

* 2015 - 2016

> +#
> +# Authors:
> +#  Marc Mari 
> +#
> +# This work is licensed under the terms of the GNU GPL, version 2.
> +# See the COPYING file in the top-level directory.
> +
> +from __future__ import print_function
> +import sys
> +import os
> +
> +def get_string_struct(line):
> +data = line.split()
> +
> +# data[0] -> struct element name
> +# data[1] -> =
> +# data[2] -> value
> +
> +return data[2].replace('"', '')[:-1]
> +
> +def add_module(fheader, library, format_name, protocol_name,
> +probe, probe_device):
> +lines = []
> +lines.append('.library_name = "' + library + '",')
> +if format_name != "":
> +lines.append('.format_name = "' + format_name + '",')
> +if protocol_name != "":
> +lines.append('.protocol_name = "' + protocol_name + '",')
> +if probe:
> +lines.append('.has_probe = true,')
> +if probe_device:
> +lines.append('.has_probe_device = true,')
> +
> +text = '\n\t'.join(lines)
> +fheader.write('\n\t{\n\t' + text + '\n\t},')
> +
> +def process_file(fheader, filename):
> +# This parser assumes the coding style rules are being followed
> +with open(filename, "r") as cfile:
> +found_something = False
> +found_start = False
> +library, _ = os.path.splitext(os.path.basename(filename))
> +for line in cfile:
> +if found_start:
> +line = line.replace('\n', '')
> +if line.find(".format_name") != -1:
> +format_name = get_string_struct(line)
> +elif line.find(".protocol_name") != -1:
> +protocol_name = get_string_struct(line)
> +elif line.find(".bdrv_probe") != -1:
> +probe = True
> +elif line.find(".bdrv_probe_device") != -1:
> +probe_device = True
> +elif line == "};":
> +add_module(fheader, library, format_name, protocol_name,
> +probe, probe_device)
> +found_start = False
> +elif line.find("static BlockDriver") != -1:
> +found_something = True
> +found_start = True
> +format_name = ""
> +protocol_name = ""
> +probe = False
> +probe_device = False
> +
> +if not found_something:
> +print("No BlockDriver struct found in " + filename + ". \
> +Is this really a module?", file=sys.stderr)
> +sys.exit(1)
> +
> +def 

Re: [Qemu-devel] [PATCH v3 00/20] GICv3 emulation

[Shannon Zhao]

On 2016/6/23 5:45, Ed Maste wrote:
> On 22 June 2016 at 16:53, Peter Maydell  wrote:
>>
>> Yeah, it looks like the same bug is also present in UEFI itself
>> (it's super popular!). Laszlo, Ard, do you have a prebuilt
>> UEFI binary with Ard's fix?
>>
>> Probably you'll find that if UEFI is configuring the GIC interrupt
>> groups FreeBSD will boot even without doing it itself,
I try this with Ard's patch. Looks like UEFI already loader guest kernel
not like berfore. But the FreeBSD kernel still hangs.

FreeBSD/arm64 EFI loader, Revision 1.1
(r...@releng2.nyi.freebsd.org, Sat Jun 11 17:18:43 UTC 2016)
Loading /boot/defaults/loader.conf
/boot/kernel/kernel data=0x704ca8+0x32db74 syms=[0x8+0xda1c0+0x8+0xd6db0]
/boot/entropy size=0x1000

Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [/boot/kernel/kernel]...
Using DTB provided by EFI at 0x13ffb9000.
KDB: debugger backends: ddb
KDB: current backend: ddb
Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.0-ALPHA3 #0 r301815: Sat Jun 11 17:22:24 UTC 2016

r...@releng2.nyi.freebsd.org:/usr/obj/arm64.aarch64/usr/src/sys/GENERIC
arm64
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on
LLVM 3.8.0)
WARNING: WITNESS option enabled, expect reduced performance.

Thanks,
-- 
Shannon

Re: [Qemu-devel] [PATCH 1/3] blockdev: prepare iSCSI block driver for dynamic loading

[Fam Zheng]

On Wed, 06/22 17:35, Colin Lord wrote:
> This commit moves the initialization of the QemuOptsList qemu_iscsi_opts
> struct out of block/iscsi.c in order to allow it to be dynamically
> loaded. Drivers that perform init operations other than registering
> themselves can't be modularized, so this moves the initialization of
> this struct into the main binary.
> 
> Signed-off-by: Colin Lord 
> ---
>  block/iscsi.c | 36 
>  vl.c  | 36 
>  2 files changed, 36 insertions(+), 36 deletions(-)
> 
> diff --git a/block/iscsi.c b/block/iscsi.c
> index 7e78ade..6193499 100644
> --- a/block/iscsi.c
> +++ b/block/iscsi.c
> @@ -1879,45 +1879,9 @@ static BlockDriver bdrv_iscsi = {
>  .bdrv_attach_aio_context = iscsi_attach_aio_context,
>  };
>  
> -static QemuOptsList qemu_iscsi_opts = {
> -.name = "iscsi",
> -.head = QTAILQ_HEAD_INITIALIZER(qemu_iscsi_opts.head),
> -.desc = {
> -{
> -.name = "user",
> -.type = QEMU_OPT_STRING,
> -.help = "username for CHAP authentication to target",
> -},{
> -.name = "password",
> -.type = QEMU_OPT_STRING,
> -.help = "password for CHAP authentication to target",
> -},{
> -.name = "password-secret",
> -.type = QEMU_OPT_STRING,
> -.help = "ID of the secret providing password for CHAP "
> -"authentication to target",
> -},{
> -.name = "header-digest",
> -.type = QEMU_OPT_STRING,
> -.help = "HeaderDigest setting. "
> -"{CRC32C|CRC32C-NONE|NONE-CRC32C|NONE}",
> -},{
> -.name = "initiator-name",
> -.type = QEMU_OPT_STRING,
> -.help = "Initiator iqn name to use when connecting",
> -},{
> -.name = "timeout",
> -.type = QEMU_OPT_NUMBER,
> -.help = "Request timeout in seconds (default 0 = no timeout)",
> -},
> -{ /* end of list */ }
> -},
> -};
> -
>  static void iscsi_block_init(void)
>  {
>  bdrv_register(&bdrv_iscsi);
> -qemu_add_opts(&qemu_iscsi_opts);
>  }
>  
>  block_init(iscsi_block_init);
> diff --git a/vl.c b/vl.c
> index 45eff56..4f04daa 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -526,6 +526,41 @@ static QemuOptsList qemu_fw_cfg_opts = {
>  },
>  };
>  
> +static QemuOptsList qemu_iscsi_opts = {
> +.name = "iscsi",
> +.head = QTAILQ_HEAD_INITIALIZER(qemu_iscsi_opts.head),
> +.desc = {
> +{
> +.name = "user",
> +.type = QEMU_OPT_STRING,
> +.help = "username for CHAP authentication to target",
> +},{
> +.name = "password",
> +.type = QEMU_OPT_STRING,
> +.help = "password for CHAP authentication to target",
> +},{
> +.name = "password-secret",
> +.type = QEMU_OPT_STRING,
> +.help = "ID of the secret providing password for CHAP "
> +"authentication to target",
> +},{
> +.name = "header-digest",
> +.type = QEMU_OPT_STRING,
> +.help = "HeaderDigest setting. "
> +"{CRC32C|CRC32C-NONE|NONE-CRC32C|NONE}",
> +},{
> +.name = "initiator-name",
> +.type = QEMU_OPT_STRING,
> +.help = "Initiator iqn name to use when connecting",
> +},{
> +.name = "timeout",
> +.type = QEMU_OPT_NUMBER,
> +.help = "Request timeout in seconds (default 0 = no timeout)",
> +},
> +{ /* end of list */ }
> +},
> +};
> +
>  /**
>   * Get machine options
>   *
> @@ -3006,6 +3041,7 @@ int main(int argc, char **argv, char **envp)
>  qemu_add_opts(&qemu_icount_opts);
>  qemu_add_opts(&qemu_semihosting_config_opts);
>  qemu_add_opts(&qemu_fw_cfg_opts);
> +qemu_add_opts(&qemu_iscsi_opts);

Should the new code still be conditional on CONFIG_LIBISCSI?  Because
previously it was.

Fam

>  module_call_init(MODULE_INIT_OPTS);
>  
>  runstate_init();
> -- 
> 2.5.5
> 
> 

Re: [Qemu-devel] [PATCH 1/2] blockjob: assert(cb) in the entry functions of blockjob

[Changlong Xie]

On 06/23/2016 01:31 AM, Eric Blake wrote:

On 06/22/2016 04:19 AM, Paolo Bonzini wrote:



On 22/06/2016 12:12, Changlong Xie wrote:


commit/mirror/stream/backup use block_job_create(..., cb,..) to create
relevant blockjob. When they finished, these jobs will invoke
block_job_completed, then invoke job->cb() unconditionally. So i think
we need this to avoid segment fault. Actually backup has implemented this.


So this suggests that the right place to put the assertion would be
block_job_create.  But it's even better to add a

#define QEMU_NONNULL __attribute__((__nonnull__))

to include/qemu/compiler.h and declare the arguments as non-null.


Or alternatively fix things to only invoke job->cb() if it is non-NULL,
so that callers don't have to pass in a no-op callback just to appease a
non-NULL attribute.



Is there any reason, that we should invoke job->cb() unconditionally 
without nonnull check? There is no relevant clue in the historical 
commit messages. If yes, i prefer paolo's suggestion; otherwise eric's 
solution is better.


Thanks
-Xie

Re: [Qemu-devel] [PATCH 3/3] iotests: add small-granularity mirror test

[Fam Zheng]

On Wed, 06/22 15:51, John Snow wrote:
> Signed-off-by: John Snow 
> ---
>  tests/qemu-iotests/041 | 30 ++
>  tests/qemu-iotests/041.out |  4 ++--
>  2 files changed, 32 insertions(+), 2 deletions(-)

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCH 2/3] mirror: limit niov to IOV_MAX elements, again

[Fam Zheng]

On Wed, 06/22 15:51, John Snow wrote:
> During the refactor of mirror_iteration in e5b43573,
> we regressed the fix introduced in cae98cb8.
> 
> This patch re-adds IOV_MAX checking to cases where we
> aren't checking alignment (and size) already.
> 
> Signed-off-by: John Snow 
> ---
>  block/mirror.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/block/mirror.c b/block/mirror.c
> index 2ba9642..377339d 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -231,11 +231,14 @@ static int mirror_do_read(MirrorBlockJob *s, int64_t 
> sector_num,
>  int sectors_per_chunk, nb_chunks;
>  int ret;
>  MirrorOp *op;
> +int max_sectors;
>  
>  sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
> +max_sectors = sectors_per_chunk * s->max_iov;
>  
>  /* We can only handle as much as buf_size at a time. */
>  nb_sectors = MIN(s->buf_size >> BDRV_SECTOR_BITS, nb_sectors);
> +nb_sectors = MIN(max_sectors, nb_sectors);
>  assert(nb_sectors);
>  ret = nb_sectors;
>  
> -- 
> 2.4.11
> 

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCH 1/3] mirror: clarify mirror_do_read return code

[Fam Zheng]

On Wed, 06/22 15:51, John Snow wrote:
> mirror_do_read intends to return the number of sectors processed after
> the starting sector, without regard to how many sectors were processed
> before the starting sector due to alignment.
> 
> Clean up the comments and code to hopefully illustrate this more clearly.
> 
> This also fixes an issue in initialization where if the mirror buffer size
> is initialized to smaller than the number of sectors being requested for
> transfer, we report back an incorrectly large number to the caller.

Good catch!

Reviewed-by: Fam Zheng 

> 
> Signed-off-by: John Snow 
> ---
>  block/mirror.c | 7 +--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/block/mirror.c b/block/mirror.c
> index a04ed9c..2ba9642 100644
> --- a/block/mirror.c
> +++ b/block/mirror.c
> @@ -218,7 +218,9 @@ static inline void mirror_wait_for_io(MirrorBlockJob *s)
>  }
>  
>  /* Submit async read while handling COW.
> - * Returns: nb_sectors if no alignment is necessary, or
> + * Returns: The number of sectors copied after and including sector_num,
> + *  excluding any sectors copied prior to sector_num due to 
> alignment.
> + *  This will be nb_sectors if no alignment is necessary, or
>   *  (new_end - sector_num) if tail is rounded up or down due to
>   *  alignment or buffer limit.
>   */
> @@ -227,7 +229,7 @@ static int mirror_do_read(MirrorBlockJob *s, int64_t 
> sector_num,
>  {
>  BlockBackend *source = s->common.blk;
>  int sectors_per_chunk, nb_chunks;
> -int ret = nb_sectors;
> +int ret;
>  MirrorOp *op;
>  
>  sectors_per_chunk = s->granularity >> BDRV_SECTOR_BITS;
> @@ -235,6 +237,7 @@ static int mirror_do_read(MirrorBlockJob *s, int64_t 
> sector_num,
>  /* We can only handle as much as buf_size at a time. */
>  nb_sectors = MIN(s->buf_size >> BDRV_SECTOR_BITS, nb_sectors);
>  assert(nb_sectors);
> +ret = nb_sectors;
>  
>  if (s->cow_bitmap) {
>  ret += mirror_cow_align(s, §or_num, &nb_sectors);
> -- 
> 2.4.11
> 

[Qemu-devel] [PATCH 11/12] qmp: update qmp_query_spice fallback

[marcandre . lureau]

From: Marc-André Lureau 

There are a few commands that are undef #ifdef conditions in
qmp-commands.hx. Move all the qmp_query_spice fallback in the same
location, return an error and update the comment.

Signed-off-by: Marc-André Lureau 
---
 monitor.c | 14 ++
 qmp.c | 16 
 2 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/monitor.c b/monitor.c
index dd77701..bddf2ca 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4006,6 +4006,20 @@ QemuOptsList qemu_mon_opts = {
 },
 };
 
+/*
+ * the QAPI schema is blissfully unaware #ifdef FOO commands, and the
+ * QAPI code generator happily generates a dead qmp_marshal_foo_cmd()
+ * that calls qmp_foo_cmd().  Provide it one, or else linking fails.
+ * FIXME Educate the QAPI schema on #ifdef commands.
+ */
+#ifndef CONFIG_SPICE
+SpiceInfo *qmp_query_spice(Error **errp)
+{
+error_setg(errp, QERR_FEATURE_DISABLED, "spice");
+return NULL;
+};
+#endif
+
 #ifndef TARGET_I386
 void qmp_rtc_reset_reinjection(Error **errp)
 {
diff --git a/qmp.c b/qmp.c
index b6d531e..884d1ab 100644
--- a/qmp.c
+++ b/qmp.c
@@ -161,22 +161,6 @@ VncInfo2List *qmp_query_vnc_servers(Error **errp)
 };
 #endif
 
-#ifndef CONFIG_SPICE
-/*
- * qmp-commands.hx ensures that QMP command query-spice exists only
- * #ifdef CONFIG_SPICE.  Necessary for an accurate query-commands
- * result.  However, the QAPI schema is blissfully unaware of that,
- * and the QAPI code generator happily generates a dead
- * qmp_marshal_query_spice() that calls qmp_query_spice().  Provide it
- * one, or else linking fails.  FIXME Educate the QAPI schema on
- * CONFIG_SPICE.
- */
-SpiceInfo *qmp_query_spice(Error **errp)
-{
-abort();
-};
-#endif
-
 void qmp_cont(Error **errp)
 {
 Error *local_err = NULL;
-- 
2.9.0

[Qemu-devel] [PATCH 08/12] build-sys: remove qmp-commands-old.h

[marcandre . lureau]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
---
 Makefile.target | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index d720b3e..8c13294 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -159,7 +159,7 @@ else
 obj-y += hw/$(TARGET_BASE_ARCH)/
 endif
 
-GENERATED_HEADERS += hmp-commands.h hmp-commands-info.h qmp-commands-old.h
+GENERATED_HEADERS += hmp-commands.h hmp-commands-info.h
 
 endif # CONFIG_SOFTMMU
 
@@ -212,13 +212,10 @@ hmp-commands.h: $(SRC_PATH)/hmp-commands.hx 
$(SRC_PATH)/scripts/hxtool
 hmp-commands-info.h: $(SRC_PATH)/hmp-commands-info.hx 
$(SRC_PATH)/scripts/hxtool
$(call quiet-command,sh $(SRC_PATH)/scripts/hxtool -h < $< > $@,"  GEN  
 $(TARGET_DIR)$@")
 
-qmp-commands-old.h: $(SRC_PATH)/qmp-commands.hx $(SRC_PATH)/scripts/hxtool
-   $(call quiet-command,sh $(SRC_PATH)/scripts/hxtool -h < $< > $@,"  GEN  
 $(TARGET_DIR)$@")
-
 clean:
rm -f *.a *~ $(PROGS)
rm -f $(shell find . -name '*.[od]')
-   rm -f hmp-commands.h qmp-commands-old.h gdbstub-xml.c
+   rm -f hmp-commands.h gdbstub-xml.c
 ifdef CONFIG_TRACE_SYSTEMTAP
rm -f *.stp
 endif
-- 
2.9.0

[Qemu-devel] [PATCH 06/12] monitor: remove mhandler.cmd_new

[marcandre . lureau]

From: Marc-André Lureau 

This is no longer necessary, now that middle mode has been removed.

Signed-off-by: Marc-André Lureau 
---
 docs/writing-qmp-commands.txt |   8 +-
 hmp-commands-info.hx  | 118 
 hmp-commands.hx   | 206 +-
 monitor.c |  11 +--
 4 files changed, 168 insertions(+), 175 deletions(-)

diff --git a/docs/writing-qmp-commands.txt b/docs/writing-qmp-commands.txt
index 59aa77a..6208715 100644
--- a/docs/writing-qmp-commands.txt
+++ b/docs/writing-qmp-commands.txt
@@ -127,7 +127,6 @@ following at the bottom:
 {
 .name   = "hello-world",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_hello_world,
 },
 
 You're done. Now build qemu, run it as suggested in the "Testing" section,
@@ -179,7 +178,6 @@ The last step is to update the qmp-commands.hx file:
 {
 .name   = "hello-world",
 .args_type  = "message:s?",
-.mhandler.cmd_new = qmp_marshal_hello_world,
 },
 
 Notice that the "args_type" member got our "message" argument. The character
@@ -337,7 +335,7 @@ we should add it to the hmp-commands.hx file:
 .args_type  = "message:s?",
 .params = "hello-world [message]",
 .help   = "Print message to the standard output",
-.mhandler.cmd = hmp_hello_world,
+.cmd= hmp_hello_world,
 },
 
 STEXI
@@ -459,7 +457,6 @@ The last step is to add the correspoding entry in the 
qmp-commands.hx file:
 {
 .name   = "query-alarm-clock",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_query_alarm_clock,
 },
 
 Time to test the new command. Build qemu, run it as described in the "Testing"
@@ -518,7 +515,7 @@ in the monitor.c file. The entry for the "info alarmclock" 
follows:
 .args_type  = "",
 .params = "",
 .help   = "show information about the alarm clock",
-.mhandler.info = hmp_info_alarm_clock,
+.cmd= hmp_info_alarm_clock,
 },
 
 To test this, run qemu and type "info alarmclock" in the user monitor.
@@ -605,7 +602,6 @@ To test this you have to add the corresponding 
qmp-commands.hx entry:
 {
 .name   = "query-alarm-methods",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_query_alarm_methods,
 },
 
 Now Build qemu, run it as explained in the "Testing" section and try our new
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index 7da9e6c..9c095de 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -18,7 +18,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show the version of QEMU",
-.mhandler.cmd = hmp_info_version,
+.cmd= hmp_info_version,
 },
 
 STEXI
@@ -32,7 +32,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show the network state",
-.mhandler.cmd = hmp_info_network,
+.cmd= hmp_info_network,
 },
 
 STEXI
@@ -46,7 +46,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show the character devices",
-.mhandler.cmd = hmp_info_chardev,
+.cmd= hmp_info_chardev,
 },
 
 STEXI
@@ -61,7 +61,7 @@ ETEXI
 .params = "[-n] [-v] [device]",
 .help   = "show info of one block device or all block devices "
   "(-n: show named nodes; -v: show details)",
-.mhandler.cmd = hmp_info_block,
+.cmd= hmp_info_block,
 },
 
 STEXI
@@ -75,7 +75,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show block device statistics",
-.mhandler.cmd = hmp_info_blockstats,
+.cmd= hmp_info_blockstats,
 },
 
 STEXI
@@ -89,7 +89,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show progress of ongoing block device operations",
-.mhandler.cmd = hmp_info_block_jobs,
+.cmd= hmp_info_block_jobs,
 },
 
 STEXI
@@ -103,7 +103,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show the cpu registers",
-.mhandler.cmd = hmp_info_registers,
+.cmd= hmp_info_registers,
 },
 
 STEXI
@@ -118,7 +118,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show local apic state",
-.mhandler.cmd = hmp_info_local_apic,
+.cmd= hmp_info_local_apic,
 },
 #endif
 
@@ -134,7 +134,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show io apic state",
-.mhandler.cmd = hmp_info_io_apic,
+.cmd= hmp_info_io_apic,
 },
 #endif
 
@@ -149,7 +149,7 @@ ETEXI
 .args_type  = "",
 .params = "",
 .help   = "show infos for each CPU",
-.mhandler.cmd = hmp_info_cpus,
+  

[Qemu-devel] [PATCH 10/12] monitor: use qmp_dispatch()

[marcandre . lureau]

From: Marc-André Lureau 

Replace the old manual dispatch and validation code by the generic one
provided by qapi common code.

Signed-off-by: Marc-André Lureau 
---
 monitor.c| 319 +++
 trace-events |   1 -
 2 files changed, 34 insertions(+), 286 deletions(-)

diff --git a/monitor.c b/monitor.c
index 77dc439..dd77701 100644
--- a/monitor.c
+++ b/monitor.c
@@ -166,7 +166,6 @@ struct MonFdset {
 };
 
 typedef struct {
-QObject *id;
 JSONMessageParser parser;
 /*
  * When a client connects, we're in capabilities negotiation mode.
@@ -397,49 +396,6 @@ static void monitor_json_emitter(Monitor *mon, const 
QObject *data)
 QDECREF(json);
 }
 
-static QDict *build_qmp_error_dict(Error *err)
-{
-QObject *obj;
-
-obj = qobject_from_jsonf("{ 'error': { 'class': %s, 'desc': %s } }",
- QapiErrorClass_lookup[error_get_class(err)],
- error_get_pretty(err));
-
-return qobject_to_qdict(obj);
-}
-
-static void monitor_protocol_emitter(Monitor *mon, QObject *data,
- Error *err)
-{
-QDict *qmp;
-
-trace_monitor_protocol_emitter(mon);
-
-if (!err) {
-/* success response */
-qmp = qdict_new();
-if (data) {
-qobject_incref(data);
-qdict_put_obj(qmp, "return", data);
-} else {
-/* return an empty QDict by default */
-qdict_put(qmp, "return", qdict_new());
-}
-} else {
-/* error response */
-qmp = build_qmp_error_dict(err);
-}
-
-if (mon->qmp.id) {
-qdict_put_obj(qmp, "id", mon->qmp.id);
-mon->qmp.id = NULL;
-}
-
-monitor_json_emitter(mon, QOBJECT(qmp));
-QDECREF(qmp);
-}
-
-
 static MonitorQAPIEventConf monitor_qapi_event_conf[QAPI_EVENT__MAX] = {
 /* Limit guest-triggerable events to 1 per second */
 [QAPI_EVENT_RTC_CHANGE]= { 1000 * SCALE_MS },
@@ -2484,11 +2440,6 @@ static const mon_cmd_t *search_dispatch_table(const 
mon_cmd_t *disp_table,
 return NULL;
 }
 
-static const mon_cmd_t *qmp_find_cmd(const char *cmdname)
-{
-return search_dispatch_table(qmp_cmds, cmdname);
-}
-
 /*
  * Parse command name from @cmdp according to command table @table.
  * If blank, return NULL.
@@ -3622,199 +3573,6 @@ static bool invalid_qmp_mode(const Monitor *mon, const 
gchar *cmd,
 return false;
 }
 
-/*
- * Argument validation rules:
- *
- * 1. The argument must exist in cmd_args qdict
- * 2. The argument type must be the expected one
- *
- * Special case: If the argument doesn't exist in cmd_args and
- *   the QMP_ACCEPT_UNKNOWNS flag is set, then the
- *   checking is skipped for it.
- */
-static void check_client_args_type(const QDict *client_args,
-   const QDict *cmd_args, int flags,
-   Error **errp)
-{
-const QDictEntry *ent;
-
-for (ent = qdict_first(client_args); ent;ent = 
qdict_next(client_args,ent)){
-QObject *obj;
-QString *arg_type;
-const QObject *client_arg = qdict_entry_value(ent);
-const char *client_arg_name = qdict_entry_key(ent);
-
-obj = qdict_get(cmd_args, client_arg_name);
-if (!obj) {
-if (flags & QMP_ACCEPT_UNKNOWNS) {
-/* handler accepts unknowns */
-continue;
-}
-/* client arg doesn't exist */
-error_setg(errp, QERR_INVALID_PARAMETER, client_arg_name);
-return;
-}
-
-arg_type = qobject_to_qstring(obj);
-assert(arg_type != NULL);
-
-/* check if argument's type is correct */
-switch (qstring_get_str(arg_type)[0]) {
-case 'F':
-case 'B':
-case 's':
-if (qobject_type(client_arg) != QTYPE_QSTRING) {
-error_setg(errp, QERR_INVALID_PARAMETER_TYPE,
-   client_arg_name, "string");
-return;
-}
-break;
-case 'i':
-case 'l':
-case 'M':
-case 'o':
-if (qobject_type(client_arg) != QTYPE_QINT) {
-error_setg(errp, QERR_INVALID_PARAMETER_TYPE,
-   client_arg_name, "int");
-return;
-}
-break;
-case 'T':
-if (qobject_type(client_arg) != QTYPE_QINT &&
-qobject_type(client_arg) != QTYPE_QFLOAT) {
-error_setg(errp, QERR_INVALID_PARAMETER_TYPE,
-   client_arg_name, "number");
-return;
-}
-break;
-case 'b':
-case '-':
-if (qobject_type(client_arg) != QTYPE_QBOOL) {
-error_setg(errp, QERR_INVALID_PARAMETER_TYPE,
-   client_arg_name, "bool");
-return;
-}
-bre

[Qemu-devel] [PATCH 07/12] monitor: implement 'qmp_query_commands' without qmp_cmds

[marcandre . lureau]

From: Marc-André Lureau 

So we can get rid of the static qmp_cmds table.

Signed-off-by: Marc-André Lureau 
---
 monitor.c | 32 ++--
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/monitor.c b/monitor.c
index 71512e4..77dc439 100644
--- a/monitor.c
+++ b/monitor.c
@@ -229,8 +229,6 @@ static int mon_refcount;
 static mon_cmd_t mon_cmds[];
 static mon_cmd_t info_cmds[];
 
-static const mon_cmd_t qmp_cmds[];
-
 Monitor *cur_mon;
 
 static QEMUClockType event_clock_type = QEMU_CLOCK_REALTIME;
@@ -934,21 +932,24 @@ static void hmp_info_help(Monitor *mon, const QDict 
*qdict)
 help_cmd(mon, "info");
 }
 
-CommandInfoList *qmp_query_commands(Error **errp)
+static void query_commands_cb(QmpCommand *cmd, void *opaque)
 {
-CommandInfoList *info, *cmd_list = NULL;
-const mon_cmd_t *cmd;
+CommandInfoList *info, **list = opaque;
 
-for (cmd = qmp_cmds; cmd->name != NULL; cmd++) {
-info = g_malloc0(sizeof(*info));
-info->value = g_malloc0(sizeof(*info->value));
-info->value->name = g_strdup(cmd->name);
+info = g_malloc0(sizeof(*info));
+info->value = g_malloc0(sizeof(*info->value));
+info->value->name = g_strdup(cmd->name);
+info->next = *list;
+*list = info;
+}
 
-info->next = cmd_list;
-cmd_list = info;
-}
+CommandInfoList *qmp_query_commands(Error **errp)
+{
+CommandInfoList *list = NULL;
 
-return cmd_list;
+qmp_for_each_command(query_commands_cb, &list);
+
+return list;
 }
 
 EventInfoList *qmp_query_events(Error **errp)
@@ -2133,11 +2134,6 @@ static mon_cmd_t mon_cmds[] = {
 { NULL, NULL, },
 };
 
-static const mon_cmd_t qmp_cmds[] = {
-#include "qmp-commands-old.h"
-{ /* NULL */ },
-};
-
 /***/
 
 static const char *pch;
-- 
2.9.0

[Qemu-devel] [PATCH 12/12] Drop qmp-commands.hx

[marcandre . lureau]

From: Marc-André Lureau 

Only the documentation remains useful, so strip it. (a later update will
move the documentation in the respective json files and generate the
text file)

Signed-off-by: Marc-André Lureau 
---
 .gitignore  |1 -
 MAINTAINERS |2 +-
 Makefile|3 -
 docs/qapi-code-gen.txt  |6 +-
 docs/writing-qmp-commands.txt   |   38 --
 qmp-commands.hx => qmp-commands.txt |  ---
 6 files changed, 4 insertions(+), 1157 deletions(-)
 rename qmp-commands.hx => qmp-commands.txt (86%)

diff --git a/.gitignore b/.gitignore
index 6da7ac6..6a63e85 100644
--- a/.gitignore
+++ b/.gitignore
@@ -55,7 +55,6 @@
 /qemu-monitor-info.texi
 /qemu-version.h
 /qemu-version.h.tmp
-/qmp-commands.txt
 /vscclient
 /fsdev/virtfs-proxy-helper
 *.[1-9]
diff --git a/MAINTAINERS b/MAINTAINERS
index b7de5e6..232ceac 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1237,7 +1237,7 @@ M: Markus Armbruster 
 S: Supported
 F: qmp.c
 F: monitor.c
-F: qmp-commands.hx
+F: qmp-commands.txt
 F: docs/*qmp-*
 F: scripts/qmp/
 T: git git://repo.or.cz/qemu/armbru.git qapi-next
diff --git a/Makefile b/Makefile
index 81faf4b..3f19b23 100644
--- a/Makefile
+++ b/Makefile
@@ -553,9 +553,6 @@ qemu-monitor.texi: $(SRC_PATH)/hmp-commands.hx 
$(SRC_PATH)/scripts/hxtool
 qemu-monitor-info.texi: $(SRC_PATH)/hmp-commands-info.hx 
$(SRC_PATH)/scripts/hxtool
$(call quiet-command,sh $(SRC_PATH)/scripts/hxtool -t < $< > $@,"  GEN  
 $@")
 
-qmp-commands.txt: $(SRC_PATH)/qmp-commands.hx $(SRC_PATH)/scripts/hxtool
-   $(call quiet-command,sh $(SRC_PATH)/scripts/hxtool -q < $< > $@,"  GEN  
 $@")
-
 qemu-img-cmds.texi: $(SRC_PATH)/qemu-img-cmds.hx $(SRC_PATH)/scripts/hxtool
$(call quiet-command,sh $(SRC_PATH)/scripts/hxtool -t < $< > $@,"  GEN  
 $@")
 
diff --git a/docs/qapi-code-gen.txt b/docs/qapi-code-gen.txt
index a68ad39..f16d806 100644
--- a/docs/qapi-code-gen.txt
+++ b/docs/qapi-code-gen.txt
@@ -964,9 +964,9 @@ Example:
 
 Used to generate the marshaling/dispatch functions for the commands
 defined in the schema. The generated code implements
-qmp_marshal_COMMAND() (mentioned in qmp-commands.hx, and registered
-automatically), and declares qmp_COMMAND() that the user must
-implement.  The following files are generated:
+qmp_marshal_COMMAND() (registered automatically), and declares
+qmp_COMMAND() that the user must implement.  The following files are
+generated:
 
 $(prefix)qmp-marshal.c: command marshal/dispatch functions for each
 QMP command defined in the schema. Functions
diff --git a/docs/writing-qmp-commands.txt b/docs/writing-qmp-commands.txt
index 6208715..cfa6fe7 100644
--- a/docs/writing-qmp-commands.txt
+++ b/docs/writing-qmp-commands.txt
@@ -119,16 +119,6 @@ There are a few things to be noticed:
 5. Printing to the terminal is discouraged for QMP commands, we do it here
because it's the easiest way to demonstrate a QMP command
 
-Now a little hack is needed. As we're still using the old QMP server we need
-to add the new command to its internal dispatch table. This step won't be
-required in the near future. Open the qmp-commands.hx file and add the
-following at the bottom:
-
-{
-.name   = "hello-world",
-.args_type  = "",
-},
-
 You're done. Now build qemu, run it as suggested in the "Testing" section,
 and then type the following QMP command:
 
@@ -173,20 +163,6 @@ There are two important details to be noticed:
 2. The C implementation signature must follow the schema's argument ordering,
which is defined by the "data" member
 
-The last step is to update the qmp-commands.hx file:
-
-{
-.name   = "hello-world",
-.args_type  = "message:s?",
-},
-
-Notice that the "args_type" member got our "message" argument. The character
-"s" stands for "string" and "?" means it's optional. This too must be ordered
-according to the C implementation and schema file. You can look for more
-examples in the qmp-commands.hx file if you need to define more arguments.
-
-Again, this step won't be required in the future.
-
 Time to test our new version of the "hello-world" command. Build qemu, run it 
as
 described in the "Testing" section and then send two commands:
 
@@ -452,13 +428,6 @@ There are a number of things to be noticed:
 6. You have to include the "qmp-commands.h" header file in qemu-timer.c,
otherwise qemu won't build
 
-The last step is to add the correspoding entry in the qmp-commands.hx file:
-
-{
-.name   = "query-alarm-clock",
-.args_type  = "",
-},
-
 Time to test the new command. Build qemu, run it as described in the "Testing"
 section and try this:
 
@@ -597,13 +566,6 @@ iteration of the loop. That's because the alarm timer 
method in use is the
 first element of the alarm_timers array. Also notice that QAPI lists are 
handled
 by hand and we return the head of 

[Qemu-devel] [PATCH 04/12] monitor: remove usage of generated marshal functions

[marcandre . lureau]

From: Marc-André Lureau 

Once the middle mode is removed, the generated marshal functions will no
longer be exported.

Signed-off-by: Marc-André Lureau 
---
 monitor.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/monitor.c b/monitor.c
index fc691b9..585bc1f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3609,21 +3609,21 @@ static int monitor_can_read(void *opaque)
 return (mon->suspend_cnt == 0) ? 1 : 0;
 }
 
-static bool invalid_qmp_mode(const Monitor *mon, const mon_cmd_t *cmd,
+static bool invalid_qmp_mode(const Monitor *mon, const gchar *cmd,
  Error **errp)
 {
-bool is_cap = cmd->mhandler.cmd_new == qmp_marshal_qmp_capabilities;
+bool is_cap = !g_strcmp0(cmd, "qmp_capabilities");
 
 if (is_cap && mon->qmp.in_command_mode) {
 error_set(errp, ERROR_CLASS_COMMAND_NOT_FOUND,
   "Capabilities negotiation is already complete, command "
-  "'%s' ignored", cmd->name);
+  "'%s' ignored", cmd);
 return true;
 }
 if (!is_cap && !mon->qmp.in_command_mode) {
 error_set(errp, ERROR_CLASS_COMMAND_NOT_FOUND,
   "Expecting capabilities negotiation with "
-  "'qmp_capabilities' before command '%s'", cmd->name);
+  "'qmp_capabilities' before command '%s'", cmd);
 return true;
 }
 return false;
@@ -3914,7 +3914,7 @@ static void handle_qmp_command(JSONMessageParser *parser, 
GQueue *tokens)
   "The command %s has not been found", cmd_name);
 goto err_out;
 }
-if (invalid_qmp_mode(mon, cmd, &local_err)) {
+if (invalid_qmp_mode(mon, cmd_name, &local_err)) {
 goto err_out;
 }
 
-- 
2.9.0

[Qemu-devel] [PATCH 09/12] qapi: remove the "middle" mode

[marcandre . lureau]

From: Marc-André Lureau 

Now that the register function is always generated, we can
remove the so-called "middle" mode from the generator script.

Signed-off-by: Marc-André Lureau 
---
 scripts/qapi-commands.py | 29 +
 1 file changed, 5 insertions(+), 24 deletions(-)

diff --git a/scripts/qapi-commands.py b/scripts/qapi-commands.py
index 8d25701..70a07b3 100644
--- a/scripts/qapi-commands.py
+++ b/scripts/qapi-commands.py
@@ -84,17 +84,8 @@ static void qmp_marshal_output_%(c_name)s(%(c_type)s ret_in, 
QObject **ret_out,
 
 
 def gen_marshal_proto(name):
-ret = 'void qmp_marshal_%s(QDict *args, QObject **ret, Error **errp)' % 
c_name(name)
-if not middle_mode:
-ret = 'static ' + ret
-return ret
-
-
-def gen_marshal_decl(name):
-return mcgen('''
-%(proto)s;
-''',
- proto=gen_marshal_proto(name))
+return 'static void qmp_marshal_%s' % c_name(name) + \
+'(QDict *args, QObject **ret, Error **errp)'
 
 
 def gen_marshal(name, arg_type, box, ret_type):
@@ -209,8 +200,7 @@ class QAPISchemaGenCommandVisitor(QAPISchemaVisitor):
 self._visited_ret_types = set()
 
 def visit_end(self):
-if not middle_mode:
-self.defn += gen_registry(self._regy)
+self.defn += gen_registry(self._regy)
 self._regy = None
 self._visited_ret_types = None
 
@@ -222,21 +212,12 @@ class QAPISchemaGenCommandVisitor(QAPISchemaVisitor):
 if ret_type and ret_type not in self._visited_ret_types:
 self._visited_ret_types.add(ret_type)
 self.defn += gen_marshal_output(ret_type)
-if middle_mode:
-self.decl += gen_marshal_decl(name)
 self.defn += gen_marshal(name, arg_type, box, ret_type)
-if not middle_mode:
-self._regy += gen_register_command(name, success_response)
-
+self._regy += gen_register_command(name, success_response)
 
-middle_mode = False
 
 (input_file, output_dir, do_c, do_h, prefix, opts) = \
-parse_command_line("m", ["middle"])
-
-for o, a in opts:
-if o in ("-m", "--middle"):
-middle_mode = True
+parse_command_line()
 
 c_comment = '''
 /*
-- 
2.9.0

[Qemu-devel] [PATCH 00/12] qapi: remove the 'middle' mode

[marcandre . lureau]

From: Marc-André Lureau 

Hi,

Although some QMP commands are still not fully qapi'fied, it is
possible to use more qapi common and generated code by dropping the
'middle' mode.

This series of patches was sent last year as part of a larger series
'post-Eric's fixes, QAPI improvements'. It is still based on latest
Eric qapi series that should land in upstream soon.

Marc-André Lureau (12):
  qapi-schema: use generated marshaller for 'qmp_capabilities'
  qapi-schema: add 'device_add'
  monitor: register gen:false commands manually
  monitor: remove usage of generated marshal functions
  monitor: register the qapi generated commands
  monitor: remove mhandler.cmd_new
  monitor: implement 'qmp_query_commands' without qmp_cmds
  build-sys: remove qmp-commands-old.h
  qapi: remove the "middle" mode
  monitor: use qmp_dispatch()
  qmp: update qmp_query_spice fallback
  Drop qmp-commands.hx

 .gitignore  |1 -
 MAINTAINERS |2 +-
 Makefile|5 +-
 Makefile.target |7 +-
 docs/qapi-code-gen.txt  |6 +-
 docs/writing-qmp-commands.txt   |   46 +-
 hmp-commands-info.hx|  118 ++--
 hmp-commands.hx |  206 +++---
 monitor.c   |  401 +++
 qapi-schema.json|   45 ++
 qmp-commands.hx => qmp-commands.txt | 1254 ---
 qmp.c   |   16 -
 scripts/qapi-commands.py|   29 +-
 trace-events|1 -
 vl.c|1 +
 15 files changed, 309 insertions(+), 1829 deletions(-)
 rename qmp-commands.hx => qmp-commands.txt (81%)

-- 
2.9.0

[Qemu-devel] [PATCH 05/12] monitor: register the qapi generated commands

[marcandre . lureau]

From: Marc-André Lureau 

Stop using the so-called 'middle' mode. Instead, use qmp_find_command()
from generated qapi commands registry.

Note: this commit requires a 'make clean' prior to make, since the
generated files do not depend on Makefile (due to a cyclic rule
introduced in 4115852bb0).

Signed-off-by: Marc-André Lureau 
---
 Makefile|   2 +-
 monitor.c   |  12 +++--
 qmp-commands.hx | 143 
 vl.c|   1 +
 4 files changed, 11 insertions(+), 147 deletions(-)

diff --git a/Makefile b/Makefile
index 7087fc2..81faf4b 100644
--- a/Makefile
+++ b/Makefile
@@ -311,7 +311,7 @@ $(qapi-modules) $(SRC_PATH)/scripts/qapi-event.py $(qapi-py)
 qmp-commands.h qmp-marshal.c :\
 $(qapi-modules) $(SRC_PATH)/scripts/qapi-commands.py $(qapi-py)
$(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-commands.py \
-   $(gen-out-type) -o "." -m $<, \
+   $(gen-out-type) -o "." $<, \
"  GEN   $@")
 qmp-introspect.h qmp-introspect.c :\
 $(qapi-modules) $(SRC_PATH)/scripts/qapi-introspect.py $(qapi-py)
diff --git a/monitor.c b/monitor.c
index 585bc1f..1dadc2a 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3884,6 +3884,7 @@ static void handle_qmp_command(JSONMessageParser *parser, 
GQueue *tokens)
 QObject *obj, *data;
 QDict *input, *args;
 const mon_cmd_t *cmd;
+QmpCommand *qcmd;
 const char *cmd_name;
 Monitor *mon = cur_mon;
 
@@ -3909,7 +3910,8 @@ static void handle_qmp_command(JSONMessageParser *parser, 
GQueue *tokens)
 cmd_name = qdict_get_str(input, "execute");
 trace_handle_qmp_command(mon, cmd_name);
 cmd = qmp_find_cmd(cmd_name);
-if (!cmd) {
+qcmd = qmp_find_command(cmd_name);
+if (!qcmd || !cmd) {
 error_set(&local_err, ERROR_CLASS_COMMAND_NOT_FOUND,
   "The command %s has not been found", cmd_name);
 goto err_out;
@@ -3931,7 +3933,7 @@ static void handle_qmp_command(JSONMessageParser *parser, 
GQueue *tokens)
 goto err_out;
 }
 
-cmd->mhandler.cmd_new(args, &data, &local_err);
+qcmd->fn(args, &data, &local_err);
 
 err_out:
 monitor_protocol_emitter(mon, data, local_err);
@@ -4000,9 +4002,13 @@ void monitor_resume(Monitor *mon)
 
 static QObject *get_qmp_greeting(void)
 {
+QmpCommand *cmd;
 QObject *ver = NULL;
 
-qmp_marshal_query_version(NULL, &ver, NULL);
+cmd = qmp_find_command("query-version");
+assert(cmd && cmd->fn);
+cmd->fn(NULL, &ver, NULL);
+
 return qobject_from_jsonf("{'QMP':{'version': %p,'capabilities': 
[]}}",ver);
 }
 
diff --git a/qmp-commands.hx b/qmp-commands.hx
index ee88e48..95c1e7d 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -63,7 +63,6 @@ EQMP
 {
 .name   = "quit",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_quit,
 },
 
 SQMP
@@ -84,7 +83,6 @@ EQMP
 {
 .name   = "eject",
 .args_type  = "force:-f,device:B",
-.mhandler.cmd_new = qmp_marshal_eject,
 },
 
 SQMP
@@ -110,7 +108,6 @@ EQMP
 {
 .name   = "change",
 .args_type  = "device:B,target:F,arg:s?",
-.mhandler.cmd_new = qmp_marshal_change,
 },
 
 SQMP
@@ -146,7 +143,6 @@ EQMP
 {
 .name   = "screendump",
 .args_type  = "filename:F",
-.mhandler.cmd_new = qmp_marshal_screendump,
 },
 
 SQMP
@@ -169,7 +165,6 @@ EQMP
 {
 .name   = "stop",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_stop,
 },
 
 SQMP
@@ -190,7 +185,6 @@ EQMP
 {
 .name   = "cont",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_cont,
 },
 
 SQMP
@@ -211,7 +205,6 @@ EQMP
 {
 .name   = "system_wakeup",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_system_wakeup,
 },
 
 SQMP
@@ -232,7 +225,6 @@ EQMP
 {
 .name   = "system_reset",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_system_reset,
 },
 
 SQMP
@@ -253,7 +245,6 @@ EQMP
 {
 .name   = "system_powerdown",
 .args_type  = "",
-.mhandler.cmd_new = qmp_marshal_system_powerdown,
 },
 
 SQMP
@@ -276,7 +267,6 @@ EQMP
 .args_type  = "device:O",
 .params = "driver[,prop=value][,...]",
 .help   = "add device, like -device on the command line",
-.mhandler.cmd_new = qmp_device_add,
 },
 
 SQMP
@@ -310,7 +300,6 @@ EQMP
 {
 .name   = "device_del",
 .args_type  = "id:s",
-.mhandler.cmd_new = qmp_marshal_device_del,
 },
 
 SQMP
@@ -338,7 +327,6 @@ EQMP
 {
 .name   = "send-key",
 .args_type  = "keys:q,hold-time:i?",
-.mhandler.cmd_new = qmp_marshal_send_key,
 },
 
 SQMP
@@ -369,7 +357,6 @@ EQMP
 {
 .name   = "cpu",
 .args_type  = "index:i",
-.mhandler.cmd_new = qmp_marshal_cpu,
 },
 
 SQM

[Qemu-devel] [PATCH 01/12] qapi-schema: use generated marshaller for 'qmp_capabilities'

[marcandre . lureau]

From: Marc-André Lureau 

qapi'fy the 'qmp_capabilities' command.

Signed-off-by: Marc-André Lureau 
---
 monitor.c|  4 ++--
 qapi-schema.json | 19 +++
 qmp-commands.hx  |  2 +-
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/monitor.c b/monitor.c
index bbd5134..63f7086 100644
--- a/monitor.c
+++ b/monitor.c
@@ -615,7 +615,7 @@ static void monitor_qapi_event_init(void)
 qmp_event_set_func_emit(monitor_qapi_event_queue);
 }
 
-static void qmp_capabilities(QDict *params, QObject **ret_data, Error **errp)
+void qmp_qmp_capabilities(Error **errp)
 {
 cur_mon->qmp.in_command_mode = true;
 }
@@ -3601,7 +3601,7 @@ static int monitor_can_read(void *opaque)
 static bool invalid_qmp_mode(const Monitor *mon, const mon_cmd_t *cmd,
  Error **errp)
 {
-bool is_cap = cmd->mhandler.cmd_new == qmp_capabilities;
+bool is_cap = cmd->mhandler.cmd_new == qmp_marshal_qmp_capabilities;
 
 if (is_cap && mon->qmp.in_command_mode) {
 error_set(errp, ERROR_CLASS_COMMAND_NOT_FOUND,
diff --git a/qapi-schema.json b/qapi-schema.json
index 511c98b..73f0b6f 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -20,6 +20,25 @@
 # QAPI introspection
 { 'include': 'qapi/introspect.json' }
 
+##
+# @qmp_capabilities:
+#
+# Enable QMP capabilities.
+#
+# Arguments: None.
+#
+# Example:
+#
+# -> { "execute": "qmp_capabilities" }
+# <- { "return": {} }
+#
+# Notes: This command is valid exactly when first connecting: it must be
+# issued before any other command will be accepted, and will fail once the
+# monitor is accepting other commands.
+#
+##
+{ 'command': 'qmp_capabilities' }
+
 ##
 # @LostTickPolicy:
 #
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 09b1e38..ee88e48 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -2197,7 +2197,7 @@ EQMP
 .args_type  = "",
 .params = "",
 .help   = "enable QMP capabilities",
-.mhandler.cmd_new = qmp_capabilities,
+.mhandler.cmd_new = qmp_marshal_qmp_capabilities,
 },
 
 SQMP
-- 
2.9.0

[Qemu-devel] [PATCH 03/12] monitor: register gen:false commands manually

[marcandre . lureau]

From: Marc-André Lureau 

Since a few commands are using 'gen': false, they are not registered
automatically by the generator. Register manually instead.

This is in preparation for removal of qapi 'middle' mode generation.

Signed-off-by: Marc-André Lureau 
---
 monitor.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/monitor.c b/monitor.c
index 63f7086..fc691b9 100644
--- a/monitor.c
+++ b/monitor.c
@@ -79,6 +79,7 @@
 #include "sysemu/block-backend.h"
 #include "sysemu/qtest.h"
 #include "qemu/cutils.h"
+#include "qapi/qmp/dispatch.h"
 
 /* for hmp_info_irq/pic */
 #if defined(TARGET_SPARC)
@@ -987,6 +988,16 @@ static void qmp_query_qmp_schema(QDict *qdict, QObject 
**ret_data,
 *ret_data = qobject_from_json(qmp_schema_json);
 }
 
+static void qmp_init_marshal(void)
+{
+qmp_register_command("query-qmp-schema", qmp_query_qmp_schema,
+ QCO_NO_OPTIONS);
+qmp_register_command("device_add", qmp_device_add,
+ QCO_NO_OPTIONS);
+}
+
+qapi_init(qmp_init_marshal);
+
 /* set the current CPU defined by the user */
 int monitor_set_cpu(int cpu_index)
 {
-- 
2.9.0

[Qemu-devel] [PATCH 02/12] qapi-schema: add 'device_add'

[marcandre . lureau]

From: Marc-André Lureau 

Even though device_add is not fully qapi'fied, we may add it to the json
schema with 'gen': false, so registration and documentation can be
generated.

Signed-off-by: Marc-André Lureau 
---
 qapi-schema.json | 26 ++
 1 file changed, 26 insertions(+)

diff --git a/qapi-schema.json b/qapi-schema.json
index 73f0b6f..929f84e 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -2188,6 +2188,32 @@
 ##
 { 'command': 'xen-set-global-dirty-log', 'data': { 'enable': 'bool' } }
 
+##
+# @device_add:
+#
+# @driver: the name of the new device's driver
+# @bus: #optional the device's parent bus (device tree path)
+# @id: the device's ID, must be unique
+# @props: #optional a dictionary of properties to be passed to the backend
+#
+# Add a device.
+#
+# Notes:
+# 1. For detailed information about this command, please refer to the
+#'docs/qdev-device-use.txt' file.
+#
+# 2. It's possible to list device properties by running QEMU with the
+#"-device DEVICE,\?" command-line argument, where DEVICE is the device's 
name
+#
+# Example:
+#
+# -> { "execute": "device_add", "arguments": { "driver": "e1000", "id": "net1" 
} }
+# <- { "return": {} }
+#
+##
+{ 'command': 'device_add',
+  'data': {'driver': 'str', 'id': 'str'}, 'gen': false }
+
 ##
 # @device_del:
 #
-- 
2.9.0

Re: [Qemu-devel] Default for phys-addr-bits? (was Re: [PATCH 4/5] x86: Allow physical address bits to be set)

[Michael S. Tsirkin]

On Thu, Jun 23, 2016 at 01:23:08AM +0200, Andrea Arcangeli wrote:
> On Thu, Jun 23, 2016 at 01:44:06AM +0300, Michael S. Tsirkin wrote:
> > On Wed, Jun 22, 2016 at 04:24:14PM +0200, Andrea Arcangeli wrote:
> > > > cause malfunctioning, only crashes (and as Gerd said, if you cross your
> > > > fingers and hope the guest doesn't put anything so high in memory,
> > > > chances are you'll succeed), and this makes it "safer".  I'm not sure
> > > > which one is more likely to happen.
> > > 
> > > But the crash with guest phys bits > host phys bits is material, linux
> > > will definitely crash in such condition.
> > 
> > Why would it? Most GPA addresses are not guest controllable.
> > Don't give guest addresses that host can't access, you will not get
> > a crash.
> > 
> > The only exception I know of is PCI BARs but we can limit
> > these to a safe addressable range using _CRS method in ACPI.
> > 
> > Could you explain please?
> 
> Well the crash of guest phys bits > host phys bits, should be easy to
> reproduce by booting a 65GB guest on a 64GB RAM + 2GB swap host with
> 36 host phys bits using the upstream qemu that forces the guest phys
> bits to 40.

So you supply more RAM than host can address, and guest crashes?

Why are we worried about it?

I would say that's a management bug.


> Likely the guest won't boot properly regardless if the PCI bars are at
> the end, but it may have a chance to print something meaningful on the
> console while trying instead of failing in some unexpected way.
> 
> Now the production patch fixes it 100% by using the host bits instead
> of value 40. However you'd run into the instability if you migrate the
> same guest to the aformentioned host.
> 
> No amount of guest changes can fix the above. So then we can avoid any
> risk of breakages also during live migration introducing a "soft"
> guest phys bits set as low as possible. And live migration restore can
> check it against the host phys bits.

I don't think it's worth fixing. Just don't give more RAM than
host can address.

> The other case (guest phys bits < host phys bits) instead requires a
> guest doing something strange, definitely never going to be a problem
> with linux as guest at least.

Re: [Qemu-devel] Default for phys-addr-bits? (was Re: [PATCH 4/5] x86: Allow physical address bits to be set)

[Andrea Arcangeli]

On Thu, Jun 23, 2016 at 01:44:06AM +0300, Michael S. Tsirkin wrote:
> On Wed, Jun 22, 2016 at 04:24:14PM +0200, Andrea Arcangeli wrote:
> > > cause malfunctioning, only crashes (and as Gerd said, if you cross your
> > > fingers and hope the guest doesn't put anything so high in memory,
> > > chances are you'll succeed), and this makes it "safer".  I'm not sure
> > > which one is more likely to happen.
> > 
> > But the crash with guest phys bits > host phys bits is material, linux
> > will definitely crash in such condition.
> 
> Why would it? Most GPA addresses are not guest controllable.
> Don't give guest addresses that host can't access, you will not get
> a crash.
> 
> The only exception I know of is PCI BARs but we can limit
> these to a safe addressable range using _CRS method in ACPI.
> 
> Could you explain please?

Well the crash of guest phys bits > host phys bits, should be easy to
reproduce by booting a 65GB guest on a 64GB RAM + 2GB swap host with
36 host phys bits using the upstream qemu that forces the guest phys
bits to 40.

Likely the guest won't boot properly regardless if the PCI bars are at
the end, but it may have a chance to print something meaningful on the
console while trying instead of failing in some unexpected way.

Now the production patch fixes it 100% by using the host bits instead
of value 40. However you'd run into the instability if you migrate the
same guest to the aformentioned host.

No amount of guest changes can fix the above. So then we can avoid any
risk of breakages also during live migration introducing a "soft"
guest phys bits set as low as possible. And live migration restore can
check it against the host phys bits.

The other case (guest phys bits < host phys bits) instead requires a
guest doing something strange, definitely never going to be a problem
with linux as guest at least.

Re: [Qemu-devel] Default for phys-addr-bits? (was Re: [PATCH 4/5] x86: Allow physical address bits to be set)

[Andrea Arcangeli]

On Thu, Jun 23, 2016 at 01:40:42AM +0300, Michael S. Tsirkin wrote:
> Where's a problem then?

If EPT/NPT is enabled, the guest pagetables are parsed by the hardware
and not by the KVM shadow MMU in software. The hardware speaks host
phys bits and AFIK the hardware will behave different depending on the
host phys bits.

In fact the guest could probe those the host phys bits anyway.

Now the breakage with guest phys bits < host phys bits happens only
with EPT/NPT if the guest instead of "probing" the host phys bits, it
just runs cpuid and it assumes the value it receives would be the same
as the effect of a "probe".

Then guest could assume the probing effect would match the guest phys
bits returned by the guest cpuid insn, and do important stuff in
function of that (i.e. expecting a GPF which won't materialize if the
host phys bits is > guest phys bits).

The guest must do somewhat weird for any breakage to happen (notably
changing pagetable format in function of cpuid retval). The guest of
course could also be changed to stop being weird and then it wouldn't
break anymore.

So just in case there's any weird proprietary OS like that, we can
still add a -cpu=force_host_phys_bits fallback, to prevent the
discrepancy between cpuid and probing effect, in turn eliminating any
risk of guest failures (but then we should also prevent live migration
if source host phys bits != destination host phys bits to provide the
same guarantee to the weird guest, through live migration).

> So I think that all we need is a way to let libvirt control
> the _CRS range. Teach it that _CRS must fit within what
> host can support. Also check and fail kvm init if _CRS exceeds
> what host can support.

Right.

The production solution is such a simple patch that I certainly agree
it can be applied first, along with the mtrr fix.

The complexity in dealing with _CSR and all the up layers about this
subtle phys bits detail, to calculate the highest possible guest
physical address, is what makes the production solution attractive in
the short term.

Then if we implement the "soft" guest phys bits exercise, that is all
about adding robustness to live migration (and save/restore). So for
it not to risk to be futile, it'd be nice if the phys bits checks were
all contained inside qemu.

Initially libvirt/ovirt/OpenStack would just return some live
migration generic error to the user, in the unlikely case there's a
phys bits mismatch during the live migration or restore (i.e. "soft"
guest phys bits > destination host phys bits). That will still avoid
us getting weird bugreports and way more important it'll avoid any
risk of customer unexpected guest crashes.

The managers that load-balance the load in the cloud if they want they
can still do their own calculation on the host/guest phys bits
matching the qemu internal calculation and guarantee themselves that
they'll never run into the qemu live migration error because of too
low destination host phys bits (either that or they can check a proper
error from the migration command).

Thanks,
Andrea

Re: [Qemu-devel] Default for phys-addr-bits? (was Re: [PATCH 4/5] x86: Allow physical address bits to be set)

[Michael S. Tsirkin]

On Wed, Jun 22, 2016 at 04:24:14PM +0200, Andrea Arcangeli wrote:
> > cause malfunctioning, only crashes (and as Gerd said, if you cross your
> > fingers and hope the guest doesn't put anything so high in memory,
> > chances are you'll succeed), and this makes it "safer".  I'm not sure
> > which one is more likely to happen.
> 
> But the crash with guest phys bits > host phys bits is material, linux
> will definitely crash in such condition.

Why would it? Most GPA addresses are not guest controllable.
Don't give guest addresses that host can't access, you will not get
a crash.

The only exception I know of is PCI BARs but we can limit
these to a safe addressable range using _CRS method in ACPI.

Could you explain please?

-- 
MST

Re: [Qemu-devel] Default for phys-addr-bits? (was Re: [PATCH 4/5] x86: Allow physical address bits to be set)

[Michael S. Tsirkin]

On Wed, Jun 22, 2016 at 02:41:22PM +0200, Paolo Bonzini wrote:
> 
> 
> On 21/06/2016 21:44, Eduardo Habkost wrote:
> > The consequences of migrating (or having migration blocked) to a
> > host with smaller phys-addr-bits sound worse to me than the
> > consequences of just having guest's phys-addr-bits smaller than
> > the host's.
> 
> There is no correct answer.  We've been using host phys-addr-bits in
> RHEL for 6 years and no one has ever reported a bug.
> 
> Most data centers (the ones that actually use migration) will all have
> Xeon E5s and above, and pretty much all of them have 46-bits physical
> address bits since at least Sandy Bridge.  That probably helps.
> Save/restore is usually done on the same machine, which also helps
> because host phys-addr-bits doesn't change.
> 
> >From a semantics point of view, using a smaller phys-addr-bits than the
> host is the worst, because you tell the guest that some bits are
> must-be-zero, when they're not.  Using a larger phys-addr-bits cannot
> cause malfunctioning, only crashes (and as Gerd said, if you cross your
> fingers and hope the guest doesn't put anything so high in memory,
> chances are you'll succeed), and this makes it "safer".  I'm not sure
> which one is more likely to happen.
> 
> So there's no correct answer,


Wait a second:

1. Use CPUID to tell guest it can address 46 bits
2. use e820 to tell guest RAM has addresses below e.g. 39 bits
3. _CRS to tell guest not to put anything above e.g. 39 bits

will result in guest never using any addresses above 39 bits but
also always setting bits 39 to 46 to zero.

No crashes, no corruptions.

Where's a problem then?



> and that's why I think the lesser evil is
> to go with the time-tested alternative and use host phys-addr-bits as
> the default, even if it causes weird behavior on migration.  If a fixed
> phys-addr-bits is specified on the destination, it should match the
> value that was used on the source though.
> 
> Paolo


I agree, but I don't see a need to use host bits at all.
So I think that all we need is a way to let libvirt control
the _CRS range. Teach it that _CRS must fit within what
host can support. Also check and fail kvm init if _CRS exceeds
what host can support.

Hmm?

-- 
MST

[Qemu-devel] [PATCH 3/5] curses: use wide output functions

[Samuel Thibault]

This makes use of cchar_t instead of chtype when using ncursesw, which
allows to store a wide char as well as the WACS values.

This also allows to complete the printable glyphs list beyond ascii and the
ACS values.

Signed-off-by: Samuel Thibault 
---
 hw/display/vga.c |   4 +-
 include/ui/console.h |  19 +++-
 ui/curses.c  | 270 ---
 3 files changed, 278 insertions(+), 15 deletions(-)

diff --git a/hw/display/vga.c b/hw/display/vga.c
index 9ebc54f..53d3c9a 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -1968,7 +1968,7 @@ static void vga_update_text(void *opaque, console_ch_t 
*chardata)
 
 for (i = 0; i < size; src ++, dst ++, i ++) {
 console_write_ch(&val, VMEM2CHTYPE(le32_to_cpu(*src)));
-if (*dst != val) {
+if (memcmp(dst, &val, sizeof(val))) {
 *dst = val;
 c_max = i;
 break;
@@ -1977,7 +1977,7 @@ static void vga_update_text(void *opaque, console_ch_t 
*chardata)
 c_min = i;
 for (; i < size; src ++, dst ++, i ++) {
 console_write_ch(&val, VMEM2CHTYPE(le32_to_cpu(*src)));
-if (*dst != val) {
+if (memcmp(dst, &val, sizeof(val))) {
 *dst = val;
 c_max = i;
 }
diff --git a/include/ui/console.h b/include/ui/console.h
index 52a5f65..2939176 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -336,8 +336,12 @@ static inline pixman_format_code_t 
surface_format(DisplaySurface *s)
 
 #ifdef CONFIG_CURSES
 #include 
+#ifdef CONFIG_CURSESW
+typedef cchar_t console_ch_t;
+#else
 typedef chtype console_ch_t;
-extern chtype vga_to_curses[];
+#endif
+extern console_ch_t vga_to_curses[];
 #else
 typedef unsigned long console_ch_t;
 #endif
@@ -345,16 +349,27 @@ static inline void console_write_ch(console_ch_t *dest, 
uint32_t ch)
 {
 uint8_t c = ch;
 #ifdef CONFIG_CURSES
+#ifdef CONFIG_CURSESW
+if (vga_to_curses[c].chars[0]) {
+*dest = vga_to_curses[c];
+} else {
+dest->chars[0] = c;
+dest->attr = 0;
+}
+dest->attr |= ch & ~0xff;
+#else
 if (vga_to_curses[c]) {
 ch &= ~(console_ch_t)0xff;
 ch |= vga_to_curses[c];
 }
+*dest = ch;
+#endif
 #else
 if (c == '\0') {
 ch |= ' ';
 }
-#endif
 *dest = ch;
+#endif
 }
 
 typedef struct GraphicHwOps {
diff --git a/ui/curses.c b/ui/curses.c
index 438b8be..9ef54b5 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -28,6 +28,11 @@
 #include 
 #include 
 #endif
+#ifdef CONFIG_CURSESW
+#include 
+#include 
+#include 
+#endif
 
 #include "qemu-common.h"
 #include "ui/console.h"
@@ -43,16 +48,25 @@ static WINDOW *screenpad = NULL;
 static int width, height, gwidth, gheight, invalidate;
 static int px, py, sminx, sminy, smaxx, smaxy;
 
+#ifdef CONFIG_CURSESW
+console_ch_t vga_to_curses[256];
+#else
 chtype vga_to_curses[256];
+#endif
 
 static void curses_update(DisplayChangeListener *dcl,
   int x, int y, int w, int h)
 {
-chtype *line;
+console_ch_t *line;
 
-line = ((chtype *) screen) + y * width;
-for (h += y; y < h; y ++, line += width)
+line = ((console_ch_t *) screen) + y * width;
+for (h += y; y < h; y ++, line += width) {
+#ifdef CONFIG_CURSESW
+mvwadd_wchnstr(screenpad, y, 0, line, width);
+#else
 mvwaddchnstr(screenpad, y, 0, line, width);
+#endif
+}
 
 pnoutrefresh(screenpad, py, px, sminy, sminx, smaxy - 1, smaxx - 1);
 refresh();
@@ -362,15 +376,245 @@ static void curses_setup(void)
 
 /*
  * Setup mapping for vga to curses line graphics.
- * FIXME: for better font, have to use ncursesw and setlocale()
  */
-#if 0
-/* FIXME: map from where? */
-ACS_S1;
-ACS_S3;
-ACS_S7;
-ACS_S9;
-#endif
+
+#ifdef CONFIG_CURSESW
+vga_to_curses['\0'].chars[0] = L' ';
+vga_to_curses[0x01].chars[0] = L'\u263a';
+vga_to_curses[0x02].chars[0] = L'\u263b';
+vga_to_curses[0x03].chars[0] = L'\u2665';
+vga_to_curses[0x04].chars[0] = L'\u2666';
+vga_to_curses[0x05].chars[0] = L'\u2663';
+vga_to_curses[0x06].chars[0] = L'\u2660';
+vga_to_curses[0x07].chars[0] = L'\u2022';
+vga_to_curses[0x08].chars[0] = L'\u25d8';
+vga_to_curses[0x09].chars[0] = L'\u25cb';
+vga_to_curses[0x0a].chars[0] = L'\u25d9';
+vga_to_curses[0x0b].chars[0] = L'\u2642';
+vga_to_curses[0x0c].chars[0] = L'\u2640';
+vga_to_curses[0x0d].chars[0] = L'\u266a';
+vga_to_curses[0x0e].chars[0] = L'\u266b';
+vga_to_curses[0x0f].chars[0] = L'\u263c';
+vga_to_curses[0x10].chars[0] = L'\u25ba';
+vga_to_curses[0x11].chars[0] = L'\u25c4';
+vga_to_curses[0x12].chars[0] = L'\u2195';
+vga_to_curses[0x13].chars[0] = L'\u203c';
+vga_to_curses[0x14].chars[0] = L'\u00b6';
+vga_to_curses[0x15].chars[0] = L'\u00a7';
+vga_to_curses[0x16].chars[0]

[Qemu-devel] [PATCH 1/5] curses: fix left/right arrow translation

[Samuel Thibault]

In default VGA font, left/right arrow are glyphs 0x1a and 0x1b, not 0x0a and
0x0b.

Signed-off-by: Samuel Thibault 
---
 ui/curses.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/curses.c b/ui/curses.c
index 49d3ce6..438b8be 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -374,10 +374,10 @@ static void curses_setup(void)
 /* ACS_* is not constant. So, we can't initialize statically. */
 vga_to_curses['\0'] = ' ';
 vga_to_curses[0x04] = ACS_DIAMOND;
-vga_to_curses[0x0a] = ACS_RARROW;
-vga_to_curses[0x0b] = ACS_LARROW;
 vga_to_curses[0x18] = ACS_UARROW;
 vga_to_curses[0x19] = ACS_DARROW;
+vga_to_curses[0x1a] = ACS_RARROW;
+vga_to_curses[0x1b] = ACS_LARROW;
 vga_to_curses[0x9c] = ACS_STERLING;
 vga_to_curses[0xb0] = ACS_BOARD;
 vga_to_curses[0xb1] = ACS_CKBOARD;
-- 
2.8.1

[Qemu-devel] [PATCH 4/5] curses: add option to specify VGA font encoding

[Samuel Thibault]

This detects and uses iconv to convert glyphs from the specified VGA font
encoding to unicode.

Signed-off-by: Samuel Thibault 
---
 configure   | 37 +
 include/sysemu/sysemu.h |  1 +
 qemu-options.hx | 20 
 ui/curses.c | 40 
 vl.c|  4 
 5 files changed, 102 insertions(+)

diff --git a/configure b/configure
index ff10012..14e98f5 100755
--- a/configure
+++ b/configure
@@ -204,6 +204,7 @@ brlapi=""
 curl=""
 curses=""
 cursesw=""
+iconv=""
 docs=""
 fdt=""
 netmap="no"
@@ -983,6 +984,10 @@ for opt do
   ;;
   --enable-cursesw) cursesw="yes"
   ;;
+  --disable-iconv) iconv="no"
+  ;;
+  --enable-iconv) iconv="yes"
+  ;;
   --disable-curl) curl="no"
   ;;
   --enable-curl) curl="yes"
@@ -1333,6 +1338,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   vte vte support for the gtk UI
   curses  curses UI
   cursesw cursesw UI
+  iconv   font glyph conversion support
   vnc VNC UI support
   vnc-saslSASL encryption for VNC server
   vnc-jpegJPEG lossy compression for VNC server
@@ -2968,6 +2974,33 @@ EOF
 fi
 
 ##
+# iconv probe
+if test "$iconv" != "no" ; then
+  cat > $TMPC << EOF
+#include 
+int main(void) {
+  iconv_t conv = iconv_open("ISO-8859-1", "ISO-8859-1");
+  return conv != (iconv_t) -1;
+}
+EOF
+  for iconv_lib in '' -liconv; do
+if compile_prog "" "$iconv_lib" ; then
+  iconv_found=yes
+  libs_softmmu="$iconv_lib $libs_softmmu"
+  break
+fi
+  done
+  if test "$iconv_found" = "yes" ; then
+iconv=yes
+  else
+if test "$iconv" = "yes" ; then
+  feature_not_found "iconv" "Install iconv devel"
+fi
+iconv=no
+  fi
+fi
+
+##
 # curl probe
 if test "$curl" != "no" ; then
   if $pkg_config libcurl --exists; then
@@ -4859,6 +4892,7 @@ echo "nettle kdf$nettle_kdf"
 echo "libtasn1  $tasn1"
 echo "curses support$curses"
 echo "cursesw support   $cursesw"
+echo "iconv support $iconv"
 echo "virgl support $virglrenderer"
 echo "curl support  $curl"
 echo "mingw32 support   $mingw32"
@@ -5120,6 +5154,9 @@ fi
 if test "$cursesw" = "yes" ; then
   echo "CONFIG_CURSESW=y" >> $config_host_mak
 fi
+if test "$iconv" = "yes" ; then
+  echo "CONFIG_ICONV=y" >> $config_host_mak
+fi
 if test "$utimens" = "yes" ; then
   echo "CONFIG_UTIMENSAT=y" >> $config_host_mak
 fi
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 7313673..a690c18 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -147,6 +147,7 @@ extern int graphic_height;
 extern int graphic_depth;
 extern int display_opengl;
 extern const char *keyboard_layout;
+extern const char *font_encoding;
 extern int win2k_install_hack;
 extern int alt_grab;
 extern int ctrl_grab;
diff --git a/qemu-options.hx b/qemu-options.hx
index ce535a9..2187886 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -321,6 +321,26 @@ The default is @code{en-us}.
 ETEXI
 
 
+DEF("f", HAS_ARG, QEMU_OPTION_f,
+"-f encoding use font encoding (for example 'CP850' for IBM CP850 
encoding)\n",
+QEMU_ARCH_ALL)
+STEXI
+@item -h @var{encoding}
+@findex -h
+Use font encoding @var{encoding} (for example @code{CP850} for
+IBM CP/850 encoding). This option is only needed where output is text-only, 
i.e.
+with the curses display, to convert from text-mode output from the guest to
+proper text glyphs.
+
+The available encoding are provided by the libc, the full list can be obtained 
by
+@example
+iconv -l
+@end example
+
+The default is @code{CP437}.
+ETEXI
+
+
 DEF("audio-help", 0, QEMU_OPTION_audio_help,
 "-audio-help print list of audio drivers and their options\n",
 QEMU_ARCH_ALL)
diff --git a/ui/curses.c b/ui/curses.c
index 9ef54b5..a8dada9 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -33,6 +33,9 @@
 #include 
 #include 
 #endif
+#ifdef CONFIG_ICONV
+#include 
+#endif
 
 #include "qemu-common.h"
 #include "ui/console.h"
@@ -412,6 +415,43 @@ static void curses_setup(void)
 vga_to_curses[0x1e].chars[0] = L'\u25b2';
 vga_to_curses[0x1f].chars[0] = L'\u25bc';
 
+#ifdef CONFIG_ICONV
+if (font_encoding) {
+unsigned char ch;
+wchar_t wch;
+char *pch, *pwch;
+size_t sch, swch;
+iconv_t conv;
+
+conv = iconv_open("WCHAR_T", font_encoding);
+if (conv == (iconv_t) -1) {
+fprintf(stderr, "Could not convert font glyphs from %s: '%s'\n", 
font_encoding, strerror(errno));
+exit(1);
+}
+
+for (i = 0x20; i <= 0xff; i++)
+{
+ch = i;
+pch = (char*) &ch;
+pwch = (char*) &wch;
+sch = sizeof(ch);
+swch = sizeof(wch);
+if (iconv(conv, &pch, &sch, &pwch, &swch) == (size_t) -1) {
+  

[Qemu-devel] [PATCH 2/5] curses: Use cursesw when available

[Samuel Thibault]

Signed-off-by: Samuel Thibault 
---
 configure | 64 ++-
 1 file changed, 63 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 10cb212..ff10012 100755
--- a/configure
+++ b/configure
@@ -203,6 +203,7 @@ bluez=""
 brlapi=""
 curl=""
 curses=""
+cursesw=""
 docs=""
 fdt=""
 netmap="no"
@@ -978,6 +979,10 @@ for opt do
   ;;
   --enable-curses) curses="yes"
   ;;
+  --disable-cursesw) cursesw="no"
+  ;;
+  --enable-cursesw) cursesw="yes"
+  ;;
   --disable-curl) curl="no"
   ;;
   --enable-curl) curl="yes"
@@ -1327,6 +1332,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   --with-gtkabi select preferred GTK ABI 2.0 or 3.0
   vte vte support for the gtk UI
   curses  curses UI
+  cursesw cursesw UI
   vnc VNC UI support
   vnc-saslSASL encryption for VNC server
   vnc-jpegJPEG lossy compression for VNC server
@@ -2873,8 +2879,60 @@ EOF
 fi
 
 ##
+# cursesw probe
+if test "$cursesw" != "no" ; then
+  if test "$mingw32" = "yes" ; then
+cursesw_inc_list="$($pkg_config --cflags ncursesw 2>/dev/null):"
+cursesw_lib_list="$($pkg_config --libs ncursesw 2>/dev/null):-lpdcurses"
+  else
+cursesw_inc_list="$($pkg_config --cflags ncursesw 2>/dev/null):"
+cursesw_lib_list="$($pkg_config --libs ncursesw 
2>/dev/null):-lncursesw:-lcursesw:-lncurses:-lcurses"
+  fi
+  cursesw_found=no
+  cat > $TMPC << EOF
+#include 
+#include 
+#include 
+#include 
+int main(void) {
+  const char *s = curses_version();
+  const char *codeset;
+  wchar_t wch = L'w';
+  setlocale(LC_ALL, "");
+  resize_term(0, 0);
+  addwstr(L"wide chars\n");
+  addnwstr(&wch, 1);
+  codeset = nl_langinfo(CODESET);
+  return s != 0 && codeset != 0;
+}
+EOF
+  IFS=:
+  for cursesw_inc in $cursesw_inc_list; do
+for cursesw_lib in $cursesw_lib_list; do
+  unset IFS
+  if compile_prog "$cursesw_inc" "$cursesw_lib" ; then
+cursesw_found=yes
+QEMU_CFLAGS="$cursesw_inc $QEMU_CFLAGS"
+libs_softmmu="$cursesw_lib $libs_softmmu"
+break
+  fi
+done
+  done
+  unset IFS
+  if test "$cursesw_found" = "yes" ; then
+cursesw=yes
+curses=yes
+  else
+if test "$cursesw" = "yes" ; then
+  feature_not_found "cursesw" "Install ncursesw devel"
+fi
+cursesw=no
+  fi
+fi
+
+##
 # curses probe
-if test "$curses" != "no" ; then
+if test "$curses" != "no" -a "$cursesw" != "yes"; then
   if test "$mingw32" = "yes" ; then
 curses_list="$($pkg_config --libs ncurses 2>/dev/null):-lpdcurses"
   else
@@ -4800,6 +4858,7 @@ echo "nettle$nettle $(echo_version $nettle 
$nettle_version)"
 echo "nettle kdf$nettle_kdf"
 echo "libtasn1  $tasn1"
 echo "curses support$curses"
+echo "cursesw support   $cursesw"
 echo "virgl support $virglrenderer"
 echo "curl support  $curl"
 echo "mingw32 support   $mingw32"
@@ -5058,6 +5117,9 @@ fi
 if test "$curses" = "yes" ; then
   echo "CONFIG_CURSES=y" >> $config_host_mak
 fi
+if test "$cursesw" = "yes" ; then
+  echo "CONFIG_CURSESW=y" >> $config_host_mak
+fi
 if test "$utimens" = "yes" ; then
   echo "CONFIG_UTIMENSAT=y" >> $config_host_mak
 fi
-- 
2.8.1

[Qemu-devel] [PATCH 5/5] curses: support wide input

[Samuel Thibault]

This makes use of wide curses functions instead of 8bit functions. This
allows to type e.g. accented letters.

Unfortunately, key codes are then returned with values that could be
confused with wide characters by ncurses, so we need to add a maybe_keycode
variable to know whether the returned value is a key code or a character
(wide support), or possibly both (non-wide support).

The translation tables thus also need to be separated into key code
translation and character translation.  The curses2foo helper makes it easier
to use them.

Signed-off-by: Samuel Thibault 
---
 ui/curses.c  |  96 ++
 ui/curses_keys.h | 113 ---
 2 files changed, 145 insertions(+), 64 deletions(-)

diff --git a/ui/curses.c b/ui/curses.c
index a8dada9..c282677 100644
--- a/ui/curses.c
+++ b/ui/curses.c
@@ -45,6 +45,12 @@
 #define FONT_HEIGHT 16
 #define FONT_WIDTH 8
 
+enum maybe_keycode {
+CURSES_KEYCODE,
+CURSES_CHAR,
+CURSES_CHAR_OR_KEYCODE,
+};
+
 static DisplayChangeListener *dcl;
 static console_ch_t screen[160 * 100];
 static WINDOW *screenpad = NULL;
@@ -57,6 +63,36 @@ console_ch_t vga_to_curses[256];
 chtype vga_to_curses[256];
 #endif
 
+#ifdef CONFIG_CURSESW
+static wint_t console_getch(int *maybe_keycode)
+{
+wint_t ret;
+switch (get_wch(&ret)) {
+case KEY_CODE_YES:
+*maybe_keycode = CURSES_KEYCODE;
+break;
+case OK:
+*maybe_keycode = CURSES_CHAR;
+break;
+case ERR:
+ret = -1;
+break;
+}
+return ret;
+}
+#else
+static int console_getch(int *maybe_keycode)
+{
+int ret;
+*maybe_keycode = CURSES_CHAR_OR_KEYCODE;
+ret = getch();
+if (ret == ERR)
+return -1;
+else
+return ret;
+}
+#endif
+
 static void curses_update(DisplayChangeListener *dcl,
   int x, int y, int w, int h)
 {
@@ -196,9 +232,37 @@ static void curses_cursor_position(DisplayChangeListener 
*dcl,
 
 static kbd_layout_t *kbd_layout = NULL;
 
+static int curses2foo(const int _curses2foo[], const int _curseskey2foo[],
+  int chr, int maybe_keycode)
+{
+int ret = -1;
+if (maybe_keycode == CURSES_CHAR) {
+if (chr < CURSES_CHARS) {
+ret = _curses2foo[chr];
+}
+} else {
+if (chr < CURSES_KEYS) {
+ret = _curseskey2foo[chr];
+}
+if (ret == -1 && maybe_keycode == CURSES_CHAR_OR_KEYCODE &&
+chr < CURSES_CHARS) {
+ret = _curses2foo[chr];
+}
+}
+return ret;
+}
+
+#define curses2keycode(chr, maybe_keycode) \
+curses2foo(_curses2keycode, _curseskey2keycode, chr, maybe_keycode)
+#define curses2keysym(chr, maybe_keycode) \
+curses2foo(_curses2keysym, _curseskey2keysym, chr, maybe_keycode)
+#define curses2qemu(chr, maybe_keycode) \
+curses2foo(_curses2qemu, _curseskey2qemu, chr, maybe_keycode)
+
 static void curses_refresh(DisplayChangeListener *dcl)
 {
 int chr, nextchr, keysym, keycode, keycode_alt;
+int maybe_keycode, next_maybe_keycode;
 
 curses_winch_check();
 
@@ -212,22 +276,23 @@ static void curses_refresh(DisplayChangeListener *dcl)
 
 graphic_hw_text_update(NULL, screen);
 
-nextchr = ERR;
+nextchr = -1;
 while (1) {
 /* while there are any pending key strokes to process */
-if (nextchr == ERR)
-chr = getch();
-else {
+if (nextchr == -1) {
+chr = console_getch(&maybe_keycode);
+} else {
 chr = nextchr;
-nextchr = ERR;
+maybe_keycode = next_maybe_keycode;
+nextchr = -1;
 }
 
-if (chr == ERR)
+if (chr == -1)
 break;
 
 #ifdef KEY_RESIZE
 /* this shouldn't occur when we use a custom SIGWINCH handler */
-if (chr == KEY_RESIZE) {
+if (maybe_keycode != 0 && chr == KEY_RESIZE) {
 clear();
 refresh();
 curses_calc_pad();
@@ -236,18 +301,19 @@ static void curses_refresh(DisplayChangeListener *dcl)
 }
 #endif
 
-keycode = curses2keycode[chr];
+keycode = curses2keycode(chr, maybe_keycode);
 keycode_alt = 0;
 
 /* alt or esc key */
 if (keycode == 1) {
-nextchr = getch();
+nextchr = console_getch(&next_maybe_keycode);
 
-if (nextchr != ERR) {
+if (nextchr != -1) {
 chr = nextchr;
+maybe_keycode = next_maybe_keycode;
 keycode_alt = ALT;
-keycode = curses2keycode[nextchr];
-nextchr = ERR;
+keycode = curses2keycode(chr, maybe_keycode);
+nextchr = -1;
 
 if (keycode != -1) {
 keycode |= ALT;
@@ -267,9 +333,7 @@ static void curses_refresh(DisplayChangeListener *dcl)
 }
 
 if (kbd_layout) {
-keysym

[Qemu-devel] [PATCH 0/5] curses: wide character support

[Samuel Thibault]

Hello,

This patch series adds wide character support to the curses frontend of qemu,
thus allowing to fix a lot of input and output issues with e.g. accented letters
and semi-graphic glyphs. Since qemu can't know the encoding of the VGA font, the
user has to specify it (just like he has to specify the keyboard layout with
-k). I used option -f to make it simple for now, but I welcome any other idea :)

Samuel

Samuel Thibault (5):
  curses: fix left/right arrow translation
  curses: Use cursesw when available
  curses: use wide output functions
  curses: add option to specify VGA font encoding
  curses: support wide input

 configure   | 101 +++-
 hw/display/vga.c|   4 +-
 include/sysemu/sysemu.h |   1 +
 include/ui/console.h|  19 ++-
 qemu-options.hx |  20 +++
 ui/curses.c | 408 
 ui/curses_keys.h| 113 --
 vl.c|   4 +
 8 files changed, 589 insertions(+), 81 deletions(-)

-- 
2.8.1

Re: [Qemu-devel] [PATCH v2 00/10] globals: Clean up validation and error checking

[Eduardo Habkost]

Markus, all patches in this series got at least one Reviewed-by
line. I would like to have your Acked-by to merge it through my
tree, so I can apply Igor's -cpu + global property series that
depend on it.

On Mon, Jun 20, 2016 at 12:52:53PM -0300, Eduardo Habkost wrote:
> This series includes multiple changes to the way errors are
> handled by the global property system.
> 
> Git tree:
>   https://github.com/ehabkost/qemu-hacks.git work/global-error-handling
> 
> Changes v1 -> v2:
> * Fix test-qdev-global-props unit test
>   * Remove subprocess code and "nouser" test case
>   * Reported-by: Igor Mammedov 
> * Reword doc comments for GlobalProperty::errp
>   * Suggested-by: Markus Armbruster 
> * Squashed "Use error_prepend() for errors applying globals"
>   and "qdev: GlobalProperty.errp field"
>   * Suggested-by: Markus Armbruster 
> * Simplify object_class_dynamic_cast(oc, TYPE_DEVICE) checks
>   * Suggested-by: Markus Armbruster 
> * New patch: "qdev: Remove qdev_prop_register_global_list()"
> 
> Eduardo Habkost (10):
>   qdev: Don't stop applying globals on first error
>   qdev: Eliminate qemu_add_globals() function
>   vl: Reject invalid class names on -global
>   qdev: GlobalProperty.errp field
>   machine: Add machine_register_compat_props() function
>   vl: Set errp to &error_abort on machine compat_props
>   qdev: Eliminate "global not used" warning
>   qdev: Eliminate GlobalProperty 'used' and 'user_provided' fields
>   qdev: Remove qdev_prop_register_global_list()
>   machine: Skip global registration for non-existing classes
> 
>  hw/core/machine.c|  26 +
>  hw/core/qdev-properties-system.c |  21 +--
>  hw/core/qdev-properties.c|  55 +++
>  include/hw/boards.h  |   1 +
>  include/hw/qdev-core.h   |   9 ++-
>  include/hw/qdev-properties.h |   2 -
>  include/qemu/config-file.h   |   1 -
>  tests/test-qdev-global-props.c   | 115 
> ---
>  vl.c |  37 ++---
>  9 files changed, 80 insertions(+), 187 deletions(-)
> 
> -- 
> 2.5.5
> 

-- 
Eduardo

Re: [Qemu-devel] [PATCH v5 00/13] NVDIMM: introduce nvdimm label support

[Michael S. Tsirkin]

On Wed, Jun 22, 2016 at 08:19:46PM +0100, Stefan Hajnoczi wrote:
> On Fri, Jun 17, 2016 at 07:08:03PM +0800, Xiao Guangrong wrote:
> > Changelog in v5:
> >  fix string format error when it is compiled on 32 bit box
> > 
> > Xiao Guangrong (13):
> >   pc-dimm: introduce get_vmstate_memory_region callback
> >   nvdimm: support nvdimm label
> >   acpi: add aml_object_type
> >   acpi: add aml_call5
> >   nvdimm acpi: set HDLE properly
> >   nvdimm acpi: save arg3 of _DSM method
> >   nvdimm acpi: check UUID
> >   nvdimm acpi: abstract the operations for root & nvdimm devices
> >   nvdimm acpi: check revision
> >   nvdimm acpi: support Get Namespace Label Size function
> >   nvdimm acpi: support Get Namespace Label Data function
> >   nvdimm acpi: support Set Namespace Label Data function
> >   docs: add NVDIMM ACPI documentation
> > 
> >  docs/specs/acpi_nvdimm.txt  | 132 +++
> >  hw/acpi/aml-build.c |  22 +++
> >  hw/acpi/nvdimm.c| 400 
> > 
> >  hw/mem/nvdimm.c | 132 +++
> >  hw/mem/pc-dimm.c|  14 +-
> >  include/hw/acpi/aml-build.h |   3 +
> >  include/hw/mem/nvdimm.h |  55 +-
> >  include/hw/mem/pc-dimm.h|   5 +-
> >  8 files changed, 726 insertions(+), 37 deletions(-)
> >  create mode 100644 docs/specs/acpi_nvdimm.txt
> 
> This series builds successfully on Travis:
> https://travis-ci.org/stefanha/qemu/builds/139484489
> 
> Michael: Ping?  It should be safe to include in a pull request now.
> 
> Stefan

It's in my tree and will go out in the next pull.

-- 
MST

Re: [Qemu-devel] [PATCH v3 00/20] GICv3 emulation

[Peter Maydell]

On 22 June 2016 at 22:45, Ed Maste  wrote:
> On 22 June 2016 at 16:53, Peter Maydell  wrote:
>>
>> Yeah, it looks like the same bug is also present in UEFI itself
>> (it's super popular!). Laszlo, Ard, do you have a prebuilt
>> UEFI binary with Ard's fix?
>>
>> Probably you'll find that if UEFI is configuring the GIC interrupt
>> groups FreeBSD will boot even without doing it itself, but I
>> think ideally FreeBSD shouldn't assume the bootloader's done
>> that job for it.
>
> Oh, good point. Indeed FreeBSD should not make this assumption. I'm
> not sure how I'd test the FreeBSD fix then though (booting w/o the
> UEFI firmware doing this configuration).

Mmm, tricky. I guess you could hack UEFI to only put the
interrupts it is itself using into group 1 (presumably
the timer interrupt). [I'm guessing FreeBSD doesn't
support Linux-kernel-boot-protocol, or you could use
-kernel.]

-- PMM

Re: [Qemu-devel] [PATCH v3 00/20] GICv3 emulation

[Ed Maste]

On 22 June 2016 at 16:53, Peter Maydell  wrote:
>
> Yeah, it looks like the same bug is also present in UEFI itself
> (it's super popular!). Laszlo, Ard, do you have a prebuilt
> UEFI binary with Ard's fix?
>
> Probably you'll find that if UEFI is configuring the GIC interrupt
> groups FreeBSD will boot even without doing it itself, but I
> think ideally FreeBSD shouldn't assume the bootloader's done
> that job for it.

Oh, good point. Indeed FreeBSD should not make this assumption. I'm
not sure how I'd test the FreeBSD fix then though (booting w/o the
UEFI firmware doing this configuration).

Re: [Qemu-devel] [PATCH 0/3] Dynamic module loading for block drivers

[Colin Lord]

On 06/22/2016 05:35 PM, Colin Lord wrote:
> This is v2 of the series I sent out last week. These are the changes I
> made based on the feedback I got:
> - Fixed typo and Marc's email address in the python script
> - Moved registration of iscsi_opts into vl.c
> 
> What I didn't do:
> - Remove copy-pasted loops
> 
> There was a bit of discussion about how to remove the need for the copy-
> paste loops that are in block.c. I attempted to solve it by using
> g_module_sym to load the BlockDriver struct directly at the time the
> module gets loaded and returning it so that the loops were not
> necessary. I accomplished this by adding a field to the struct which,
> for a given format/protocol configuration, had the name of the
> corresponding BlockDriver struct. Having the name allowed me to load the
> symbol right out of the loaded module. However, it turns out that, at
> least as far as I can tell, g_module_sym can't load the BlockDriver
> structs in this way because they are declared static.
> 
> I tested the attempt to remove the copy-pasted loops by using the
> qemu-iotests on it with ssh (which is modularized). The errors I got
> were along the lines of:
> 
> can't open device ssh://[address removed]: Unknown protocol 'ssh'
> Failed to find driver in module
> 
> To test my theory (I haven't had much luck finding reliable
> documentation about this) that it was because they were static, I
> changed the definition of the bdrv_ssh BlockDriver to not be static.
> Unfortunately I still got errors, but I believe the drivers got loaded.
> The errors were not the same, rather these ones were complaining about
> the host key not matching the one in known_hosts. I've had this issue
> while trying to set up ssh with qemu in the past, so I'm not quite as
> worried about it (although I'd love to hear a fix), and more importantly
> there aren't any messages about the driver not being found.
> 
> That hopefully explains some of the issues, and why I'm submitting this
> with the duplicated loops still intact. If there are other ideas for
> dealing with this my ears are open, but this is what I have for now.
> 
> Colin Lord (1):
>   blockdev: prepare iSCSI block driver for dynamic loading
> 
> Marc Mari (2):
>   blockdev: Add dynamic generation of module_block.h
>   blockdev: Add dynamic module loading for block drivers
> 
>  .gitignore  |   1 +
>  Makefile|  11 +++-
>  block.c |  86 +++---
>  block/iscsi.c   |  36 ---
>  include/qemu/module.h   |   3 +
>  scripts/modules/module_block.py | 134 
> 
>  util/module.c   |  37 +++
>  vl.c|  36 +++
>  8 files changed, 269 insertions(+), 75 deletions(-)
>  create mode 100644 scripts/modules/module_block.py
> 
Hmm, apologies for not labeling this series as v2 in the subject line.
Still trying to get this process down properly. Also let me know if I
need to rebase with master again. Of course I'd forget these things and
remember only right after mailing the patches in.

[Qemu-devel] [PATCH 3/3] blockdev: Add dynamic module loading for block drivers

[Colin Lord]

From: Marc Mari 

Extend the current module interface to allow for block drivers to be loaded
dynamically on request.

The only block drivers that can be converted into modules are the drivers
that don't perform any init operation except for registering themselves.

All the necessary module information is located in a new structure found in
include/qemu/module_block.h

Signed-off-by: Marc Mari 
Signed-off-by: Colin Lord 
---
 Makefile  |  3 --
 block.c   | 86 +--
 include/qemu/module.h |  3 ++
 util/module.c | 37 ++
 4 files changed, 90 insertions(+), 39 deletions(-)

diff --git a/Makefile b/Makefile
index 8f8b6a2..461187c 100644
--- a/Makefile
+++ b/Makefile
@@ -247,9 +247,6 @@ Makefile: $(version-obj-y) $(version-lobj-y)
 libqemustub.a: $(stub-obj-y)
 libqemuutil.a: $(util-obj-y)
 
-block-modules = $(foreach o,$(block-obj-m),"$(basename $(subst /,-,$o))",) NULL
-util/module.o-cflags = -D'CONFIG_BLOCK_MODULES=$(block-modules)'
-
 ##
 
 qemu-img.o: qemu-img-cmds.h
diff --git a/block.c b/block.c
index f54bc25..7a91434 100644
--- a/block.c
+++ b/block.c
@@ -26,6 +26,7 @@
 #include "block/block_int.h"
 #include "block/blockjob.h"
 #include "qemu/error-report.h"
+#include "qemu/module_block.h"
 #include "qemu/module.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/qmp/qbool.h"
@@ -242,11 +243,29 @@ BlockDriverState *bdrv_new(void)
 BlockDriver *bdrv_find_format(const char *format_name)
 {
 BlockDriver *drv1;
+size_t i;
+
 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
 if (!strcmp(drv1->format_name, format_name)) {
 return drv1;
 }
 }
+
+for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
+if (!strcmp(block_driver_modules[i].format_name, format_name)) {
+block_module_load_one(block_driver_modules[i].library_name);
+/* Copying code is not nice, but this way the current discovery is
+ * not modified. Calling recursively could fail if the library
+ * has been deleted.
+ */
+QLIST_FOREACH(drv1, &bdrv_drivers, list) {
+if (!strcmp(drv1->format_name, format_name)) {
+return drv1;
+}
+}
+}
+}
+
 return NULL;
 }
 
@@ -447,8 +466,15 @@ int get_tmp_filename(char *filename, int size)
 static BlockDriver *find_hdev_driver(const char *filename)
 {
 int score_max = 0, score;
+size_t i;
 BlockDriver *drv = NULL, *d;
 
+for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
+if (block_driver_modules[i].has_probe_device) {
+block_module_load_one(block_driver_modules[i].library_name);
+}
+}
+
 QLIST_FOREACH(d, &bdrv_drivers, list) {
 if (d->bdrv_probe_device) {
 score = d->bdrv_probe_device(filename);
@@ -470,6 +496,7 @@ BlockDriver *bdrv_find_protocol(const char *filename,
 char protocol[128];
 int len;
 const char *p;
+size_t i;
 
 /* TODO Drivers without bdrv_file_open must be specified explicitly */
 
@@ -496,6 +523,7 @@ BlockDriver *bdrv_find_protocol(const char *filename,
 len = sizeof(protocol) - 1;
 memcpy(protocol, filename, len);
 protocol[len] = '\0';
+
 QLIST_FOREACH(drv1, &bdrv_drivers, list) {
 if (drv1->protocol_name &&
 !strcmp(drv1->protocol_name, protocol)) {
@@ -503,6 +531,23 @@ BlockDriver *bdrv_find_protocol(const char *filename,
 }
 }
 
+for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
+if (block_driver_modules[i].protocol_name &&
+!strcmp(block_driver_modules[i].protocol_name, protocol)) {
+block_module_load_one(block_driver_modules[i].library_name);
+/* Copying code is not nice, but this way the current discovery is
+ * not modified. Calling recursively could fail if the library
+ * has been deleted.
+ */
+QLIST_FOREACH(drv1, &bdrv_drivers, list) {
+if (drv1->protocol_name &&
+!strcmp(drv1->protocol_name, protocol)) {
+return drv1;
+}
+}
+}
+}
+
 error_setg(errp, "Unknown protocol '%s'", protocol);
 return NULL;
 }
@@ -525,8 +570,15 @@ BlockDriver *bdrv_probe_all(const uint8_t *buf, int 
buf_size,
 const char *filename)
 {
 int score_max = 0, score;
+size_t i;
 BlockDriver *drv = NULL, *d;
 
+for (i = 0; i < ARRAY_SIZE(block_driver_modules); ++i) {
+if (block_driver_modules[i].has_probe) {
+block_module_load_one(block_driver_modules[i].library_name);
+}
+}
+
 QLIST_FOREACH(d, &bdrv_drivers, list) {
 if (d->bdrv_probe) {
 score = d->bdrv_probe(buf, buf_size, filename);
@@ -2738,26 +2790,42