[Qemu-devel] [PATCH] docker: Be compatible with older docker

[Fam Zheng]

By not using "--format" with docker images command.

The option is not available on RHEL 7 docker command. Use an awk
matching command instead.

Reported-by: Paolo Bonzini 
Signed-off-by: Fam Zheng 
---
 tests/docker/Makefile.include | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index 78af468..4f4707d 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -107,9 +107,8 @@ docker-run-%: docker-qemu-src
fi
$(if $(filter $(TESTS),$(CMD)),$(if $(filter $(IMAGES),$(IMAGE)), \
$(call quiet-command,\
-   if $(SRC_PATH)/tests/docker/docker.py images \
-   --format={{.Repository}}:{{.Tag}} | \
-   grep -qx qemu:$(IMAGE); then \
+   if $(SRC_PATH)/tests/docker/docker.py images | \
+   awk '$$1=="qemu" && $$2=="$(IMAGE)"{found=1} 
END{exit(!found)}'; then \
$(SRC_PATH)/tests/docker/docker.py run $(if 
$V,,--rm) \
-t \
$(if $(DEBUG),-i,--net=none) \
-- 
2.7.4

[Qemu-devel] [PATCH v3] ppc: Fix signal delivery in ppc-user and ppc64-user

[Benjamin Herrenschmidt]

There were a number of bugs in the implementation:

 - The structure alignment was wrong for 64-bit.

 - Also 64-bit only does RT signals.

 - On 64-bit, we need to put a pointer to the (aligned) vector registers
   in the frame and use it for restoring

 - We had endian bugs when saving/restoring vector registers

 - My recent fixes for exception NIP broke sigreturn in user mode
   causing us to resume one instruction too far.

 - Add VSR second halves

Signed-off-by: Benjamin Herrenschmidt 
---
v2. Fix endian bugs too
Fix bad PC on sigreturn

v3. Add missing VSX second halves
Tested with ppc32, ppc64be and ppc64le, verified reading
and writing VSX and VMX registers from a signal handler
and observing the result in the main program. Compared
successfully to running in actual hardware.

 linux-user/main.c   |   2 +-
 linux-user/ppc/syscall_nr.h |   2 +
 linux-user/signal.c | 118 ++--
 3 files changed, 84 insertions(+), 38 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 1d149dc..24f34e6 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -2003,12 +2003,12 @@ void cpu_loop(CPUPPCState *env)
 if (ret == -TARGET_ERESTARTSYS) {
 break;
 }
-env->nip += 4;
 if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
 /* Returning from a successful sigreturn syscall.
Avoid corrupting register state.  */
 break;
 }
+env->nip += 4;
 if (ret > (target_ulong)(-515)) {
 env->crf[0] |= 0x1;
 ret = -ret;
diff --git a/linux-user/ppc/syscall_nr.h b/linux-user/ppc/syscall_nr.h
index 46ed8a6..afa3654 100644
--- a/linux-user/ppc/syscall_nr.h
+++ b/linux-user/ppc/syscall_nr.h
@@ -120,7 +120,9 @@
 #define TARGET_NR_sysinfo116
 #define TARGET_NR_ipc117
 #define TARGET_NR_fsync  118
+#if !defined(TARGET_PPC64)
 #define TARGET_NR_sigreturn  119
+#endif
 #define TARGET_NR_clone  120
 #define TARGET_NR_setdomainname  121
 #define TARGET_NR_uname  122
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 9a4d894..f01437e 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -4408,7 +4408,12 @@ struct target_mcontext {
 target_ulong mc_gregs[48];
 /* Includes fpscr.  */
 uint64_t mc_fregs[33];
+#if defined(TARGET_PPC64)
+/* Pointer to the vector regs */
+target_ulong v_regs;
+#else
 target_ulong mc_pad[2];
+#endif
 /* We need to handle Altivec and SPE at the same time, which no
kernel needs to do.  Fortunately, the kernel defines this bit to
be Altivec-register-large all the time, rather than trying to
@@ -4418,15 +4423,24 @@ struct target_mcontext {
 uint32_t spe[33];
 /* Altivec vector registers.  The packing of VSCR and VRSAVE
varies depending on whether we're PPC64 or not: PPC64 splits
-   them apart; PPC32 stuffs them together.  */
+   them apart; PPC32 stuffs them together.
+   We also need to account for the VSX registers on PPC64
+*/
 #if defined(TARGET_PPC64)
-#define QEMU_NVRREG 34
+#define QEMU_NVRREG (34 + 16)
+/* On ppc64, we need to align to 16 bytes by hand */
+target_ulong pad;
 #else
+/* On ppc32, we are already aligned to 16 bytes */
 #define QEMU_NVRREG 33
 #endif
-ppc_avr_t altivec[QEMU_NVRREG];
+/* We cannot use ppc_avr_t here as we do *not* want the implied
+ * 16-bytes alignment that would result from it. This would have
+ * the effect of making. The 32-bit variant is already aligned.
+ */
+uint64_t altivec[QEMU_NVRREG][2];
 #undef QEMU_NVRREG
-} mc_vregs __attribute__((__aligned__(16)));
+} mc_vregs;
 };
 
 /* See arch/powerpc/include/asm/sigcontext.h.  */
@@ -4580,6 +4594,16 @@ static target_ulong get_sigframe(struct target_sigaction 
*ka,
 return (oldsp - frame_size) & ~0xFUL;
 }
 
+#if ((defined(TARGET_WORDS_BIGENDIAN) && defined(HOST_WORDS_BIGENDIAN)) || \
+ (!defined(HOST_WORDS_BIGENDIAN) && !defined(TARGET_WORDS_BIGENDIAN)))
+#define PPC_VEC_HI  0
+#define PPC_VEC_LO  1
+#else
+#define PPC_VEC_HI  1
+#define PPC_VEC_LO  0
+#endif
+
+
 static void save_user_regs(CPUPPCState *env, struct target_mcontext *frame)
 {
 target_ulong msr = env->msr;
@@ -4606,18 +4630,33 @@ static void save_user_regs(CPUPPCState *env, struct 
target_mcontext *frame)
 
 /* Save Altivec registers if necessary.  */
 if (env->insns_flags & PPC_ALTIVEC) {
+uint32_t *vrsave;
 for (i = 0; i < ARRAY_SIZE(env->avr); i++) {
 ppc_avr_t *avr = >avr[i];
-ppc_avr_t *vreg = >mc_vregs.altivec[i];
+ppc_avr_t *vreg = (ppc_avr_t *)>mc_vregs.altivec[i];
 
-   

[Qemu-devel] [PULL 0/2] ppc-for-2.7 queue 20160803

[David Gibson]

The following changes since commit 8b54a6a6c63dc84f2744f6b125c1a6c5a16ee10b:

  Merge remote-tracking branch 'remotes/ehabkost/tags/numa-pull-request' into 
staging (2016-08-02 12:55:12 +0100)

are available in the git repository at:

  git://github.com/dgibson/qemu.git tags/ppc-for-2.7-20160803

for you to fetch changes up to 7005f7f81cef31bda895d3274c13854c143d3d8d:

  kvm-irqchip: only commit route when irqchip is used (2016-08-03 13:25:44 
+1000)


qemu-2.7: ppc patch queue 2016-08-03

Here's the current set of patches (only 2) for spapr, ppc and related
things.  These are important bugfixes for the stabilizing 2.7 tree.

One is for a regression where confusion between x86 only and generic
KVM irq handling resulted in breakage on KVM/Power.  The other is
fixing (yet another) problem in the vcpu hotplug code: older pseries
machine types which don't support vcpu hotplug weren't correctly
advertising that, potentially leading to crashes or other problems.


Bharata B Rao (1):
  spapr: Error out when CPU hotplug is attempted on older pseries machines

Peter Xu (1):
  kvm-irqchip: only commit route when irqchip is used

NOTE: The KVM irq fix is technically in generic, not ppc, code, but
Paolo suggested pulling it through this tree, since ppc is the main
affected platform.

 hw/ppc/spapr.c  |  7 ++-
 hw/ppc/spapr_cpu_core.c | 19 ++-
 kvm-all.c   |  8 
 3 files changed, 20 insertions(+), 14 deletions(-)

[Qemu-devel] [PULL 2/2] kvm-irqchip: only commit route when irqchip is used

[David Gibson]

From: Peter Xu 

Reported from Alexey Kardashevskiy:

3f1fea0fb5bf "kvm-irqchip: do explicit commit when update irq" produces
a crash on pseries guest running with VFIO on POWER8 machine as it does
not support KVM_CAP_IRQCHIP (KVM_CAP_IRQ_XICS is there instead). At the
result, KVMState::irq_routes is NULL when VFIO calls
kvm_irqchip_commit_routes.

This makes the routing update conditional.

Reported-by: Alexey Kardashevskiy 
Tested-by: Alexey Kardashevskiy 
Signed-off-by: Peter Xu 
Signed-off-by: David Gibson 
---
 kvm-all.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/kvm-all.c b/kvm-all.c
index ef81ca5..65608de 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1047,6 +1047,14 @@ void kvm_irqchip_commit_routes(KVMState *s)
 {
 int ret;
 
+if (kvm_gsi_direct_mapping()) {
+return;
+}
+
+if (!kvm_gsi_routing_enabled()) {
+return;
+}
+
 s->irq_routes->flags = 0;
 trace_kvm_irqchip_commit_routes();
 ret = kvm_vm_ioctl(s, KVM_SET_GSI_ROUTING, s->irq_routes);
-- 
2.7.4

[Qemu-devel] [PULL 1/2] spapr: Error out when CPU hotplug is attempted on older pseries machines

[David Gibson]

From: Bharata B Rao 

CPU hotplug and coldplug aren't supported prior to pseries-2.7.  Further,
earlier machine types don't use CPU core objects at all.  These mean that
query-hotpluggable-cpus and coldplug on older pseries machines will crash
QEMU.  It also means that hotpluggable_cpus flag in query-machines will
be incorrectly set to true for pseries < 2.7, since it is based on the
presence of the query_hotpluggable_cpus hook.

- Don't assign the query_hotpluggable_cpus hook for pseries < 2.7
- query_hotpluggable_cpus should therefore never be called on pseries <
  2.7, so add an assert
- spapr_core_pre_plug() should fail hot/cold plug attempts for pseries <
  2.7, since core objects are never used there
- spapr_core_plug() should therefore never be called for pseries < 2.7, so
  add an assert.

Signed-off-by: Bharata B Rao 
[dwg: Change from query_hotpluggable_cpus returning NULL for pseries < 2.7
 to not being called at all, reword commit message for accuracy]
Signed-off-by: David Gibson 
---
 hw/ppc/spapr.c  |  7 ++-
 hw/ppc/spapr_cpu_core.c | 19 ++-
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index fbbd051..bce2371 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -2376,8 +2376,11 @@ static HotpluggableCPUList 
*spapr_query_hotpluggable_cpus(MachineState *machine)
 int i;
 HotpluggableCPUList *head = NULL;
 sPAPRMachineState *spapr = SPAPR_MACHINE(machine);
+sPAPRMachineClass *smc = SPAPR_MACHINE_GET_CLASS(machine);
 int spapr_max_cores = max_cpus / smp_threads;
 
+g_assert(smc->dr_cpu_enabled);
+
 for (i = 0; i < spapr_max_cores; i++) {
 HotpluggableCPUList *list_item = g_new0(typeof(*list_item), 1);
 HotpluggableCPU *cpu_item = g_new0(typeof(*cpu_item), 1);
@@ -2432,7 +2435,9 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 hc->plug = spapr_machine_device_plug;
 hc->unplug = spapr_machine_device_unplug;
 mc->cpu_index_to_socket_id = spapr_cpu_index_to_socket_id;
-mc->query_hotpluggable_cpus = spapr_query_hotpluggable_cpus;
+if (smc->dr_cpu_enabled) {
+mc->query_hotpluggable_cpus = spapr_query_hotpluggable_cpus;
+}
 
 smc->dr_lmb_enabled = true;
 smc->dr_cpu_enabled = true;
diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
index ec81ee6..170ed15 100644
--- a/hw/ppc/spapr_cpu_core.c
+++ b/hw/ppc/spapr_cpu_core.c
@@ -166,18 +166,11 @@ void spapr_core_plug(HotplugHandler *hotplug_dev, 
DeviceState *dev,
 int index = cc->core_id / smp_threads;
 int smt = kvmppc_smt_threads();
 
+g_assert(smc->dr_cpu_enabled);
+
 drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, index * smt);
 spapr->cores[index] = OBJECT(dev);
 
-if (!smc->dr_cpu_enabled) {
-/*
- * This is a cold plugged CPU core but the machine doesn't support
- * DR. So skip the hotplug path ensuring that the core is brought
- * up online with out an associated DR connector.
- */
-return;
-}
-
 g_assert(drc);
 
 /*
@@ -225,13 +218,13 @@ void spapr_core_pre_plug(HotplugHandler *hotplug_dev, 
DeviceState *dev,
 char *base_core_type = spapr_get_cpu_core_type(machine->cpu_model);
 const char *type = object_get_typename(OBJECT(dev));
 
-if (strcmp(base_core_type, type)) {
-error_setg(_err, "CPU core type should be %s", base_core_type);
+if (!smc->dr_cpu_enabled) {
+error_setg(_err, "CPU hotplug not supported for this machine");
 goto out;
 }
 
-if (!smc->dr_cpu_enabled && dev->hotplugged) {
-error_setg(_err, "CPU hotplug not supported for this machine");
+if (strcmp(base_core_type, type)) {
+error_setg(_err, "CPU core type should be %s", base_core_type);
 goto out;
 }
 
-- 
2.7.4

[Qemu-devel] [PATCH] vhost: check for vhost_ops before using.

[Ilya Maximets]

'vhost_set_vring_enable()' tries to call function using pointer to
'vhost_ops' which can be already zeroized in 'vhost_dev_cleanup()'
while vhost disconnection.

Fix that by checking 'vhost_ops' before using. This fixes QEMU crash
on calling 'ethtool -L eth0 combined 2' if vhost disconnected.

Signed-off-by: Ilya Maximets 
---
 hw/net/vhost_net.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/vhost_net.c b/hw/net/vhost_net.c
index dc61dc1..f2d49ad 100644
--- a/hw/net/vhost_net.c
+++ b/hw/net/vhost_net.c
@@ -428,7 +428,7 @@ int vhost_set_vring_enable(NetClientState *nc, int enable)
 
 nc->vring_enable = enable;
 
-if (vhost_ops->vhost_set_vring_enable) {
+if (vhost_ops && vhost_ops->vhost_set_vring_enable) {
 return vhost_ops->vhost_set_vring_enable(>dev, enable);
 }
 
-- 
2.7.4

Re: [Qemu-devel] [PATCH] ide: fix DMA register transitions

[Stefan Weil]

Am 03.08.2016 um 00:05 schrieb John Snow:
> ATA8-APT defines the state transitions for both a host controller and
> for the hardware device during the lifecycle of a DMA transfer, in
> section 9.7 "DMA command protocol."
> 
> One of the interesting tidbits here is that when a device transitions
> from DDMA0 ("Prepare state") to DDMA1 ("Data_Transfer State"), it can
> choose to set either BSY or DRQ to signal this transition, but not both.
> 
> as ide_sector_dma_start is the last point in our preparation process
> before we begin the real data transfer process (for either AHCI or BMDMA),
> this is the correct transition point for DDMA0 to DDMA1.
> 
> I have chosen !BSY && DRQ for QEMU to make the transition from DDMA0 the
> most obvious.
> 
> Reported-by: Benjamin David Lunt 
> Signed-off-by: John Snow 
> ---
>  hw/ide/core.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/ide/core.c b/hw/ide/core.c
> index d117b7c..e961d42 100644
> --- a/hw/ide/core.c
> +++ b/hw/ide/core.c
> @@ -907,7 +907,7 @@ eot:
>  
>  static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
>  {
> -s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
> +s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
>  s->io_buffer_size = 0;
>  s->dma_cmd = dma_cmd;


This patch fixes the reported test case, thank you.

Tested-by: Stefan Weil 




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v2] ppc: Fix signal delivery in ppc-user and ppc64-user

[Benjamin Herrenschmidt]

There were a number of bugs in the implementation:

 - The structure alignment was wrong for 64-bit.

 - Also 64-bit only does RT signals.

 - On 64-bit, we need to put a pointer to the (aligned) vector registers
   in the frame and use it for restoring

 - We had endian bugs when saving/restoring vector registers

 - My recent fixes for exception NIP broke sigreturn in user mode
   causing us to resume one instruction too far.

This is still missing support for VSX which I will add separately.

Signed-off-by: Benjamin Herrenschmidt 
---

v2. Fix endian bugs too
Fix bad PC on sigreturn

 linux-user/main.c   |   2 +-
 linux-user/ppc/syscall_nr.h |   2 +
 linux-user/signal.c | 102 
 3 files changed, 68 insertions(+), 38 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index 1d149dc..24f34e6 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -2003,12 +2003,12 @@ void cpu_loop(CPUPPCState *env)
 if (ret == -TARGET_ERESTARTSYS) {
 break;
 }
-env->nip += 4;
 if (ret == (target_ulong)(-TARGET_QEMU_ESIGRETURN)) {
 /* Returning from a successful sigreturn syscall.
Avoid corrupting register state.  */
 break;
 }
+env->nip += 4;
 if (ret > (target_ulong)(-515)) {
 env->crf[0] |= 0x1;
 ret = -ret;
diff --git a/linux-user/ppc/syscall_nr.h b/linux-user/ppc/syscall_nr.h
index 46ed8a6..afa3654 100644
--- a/linux-user/ppc/syscall_nr.h
+++ b/linux-user/ppc/syscall_nr.h
@@ -120,7 +120,9 @@
 #define TARGET_NR_sysinfo116
 #define TARGET_NR_ipc117
 #define TARGET_NR_fsync  118
+#if !defined(TARGET_PPC64)
 #define TARGET_NR_sigreturn  119
+#endif
 #define TARGET_NR_clone  120
 #define TARGET_NR_setdomainname  121
 #define TARGET_NR_uname  122
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 9a4d894..9a9cf98 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -4408,7 +4408,12 @@ struct target_mcontext {
 target_ulong mc_gregs[48];
 /* Includes fpscr.  */
 uint64_t mc_fregs[33];
+#if defined(TARGET_PPC64)
+/* Pointer to the vector regs */
+target_ulong v_regs;
+#else
 target_ulong mc_pad[2];
+#endif
 /* We need to handle Altivec and SPE at the same time, which no
kernel needs to do.  Fortunately, the kernel defines this bit to
be Altivec-register-large all the time, rather than trying to
@@ -4418,15 +4423,24 @@ struct target_mcontext {
 uint32_t spe[33];
 /* Altivec vector registers.  The packing of VSCR and VRSAVE
varies depending on whether we're PPC64 or not: PPC64 splits
-   them apart; PPC32 stuffs them together.  */
+   them apart; PPC32 stuffs them together.
+   We also need to account for the VSX registers on PPC64
+*/
 #if defined(TARGET_PPC64)
-#define QEMU_NVRREG 34
+#define QEMU_NVRREG (34 + 16)
+/* On ppc64, we need to align to 16 bytes by hand */
+target_ulong pad;
 #else
+/* On ppc32, we are already aligned to 16 bytes */
 #define QEMU_NVRREG 33
 #endif
-ppc_avr_t altivec[QEMU_NVRREG];
+/* We cannot use ppc_avr_t here as we do *not* want the implied
+ * 16-bytes alignment that would result from it. This would have
+ * the effect of making. The 32-bit variant is already aligned.
+ */
+uint64_t altivec[QEMU_NVRREG][2];
 #undef QEMU_NVRREG
-} mc_vregs __attribute__((__aligned__(16)));
+} mc_vregs;
 };
 
 /* See arch/powerpc/include/asm/sigcontext.h.  */
@@ -4580,6 +4594,16 @@ static target_ulong get_sigframe(struct target_sigaction 
*ka,
 return (oldsp - frame_size) & ~0xFUL;
 }
 
+#if ((defined(TARGET_WORDS_BIGENDIAN) && defined(HOST_WORDS_BIGENDIAN)) || \
+ (!defined(HOST_WORDS_BIGENDIAN) && !defined(TARGET_WORDS_BIGENDIAN)))
+#define PPC_VEC_HI  0
+#define PPC_VEC_LO  1
+#else
+#define PPC_VEC_HI  1
+#define PPC_VEC_LO  0
+#endif
+
+
 static void save_user_regs(CPUPPCState *env, struct target_mcontext *frame)
 {
 target_ulong msr = env->msr;
@@ -4606,18 +4630,25 @@ static void save_user_regs(CPUPPCState *env, struct 
target_mcontext *frame)
 
 /* Save Altivec registers if necessary.  */
 if (env->insns_flags & PPC_ALTIVEC) {
+uint32_t *vrsave;
 for (i = 0; i < ARRAY_SIZE(env->avr); i++) {
 ppc_avr_t *avr = >avr[i];
-ppc_avr_t *vreg = >mc_vregs.altivec[i];
+ppc_avr_t *vreg = (ppc_avr_t *)>mc_vregs.altivec[i];
 
-__put_user(avr->u64[0], >u64[0]);
-__put_user(avr->u64[1], >u64[1]);
+__put_user(avr->u64[PPC_VEC_HI], >u64[0]);
+__put_user(avr->u64[PPC_VEC_LO], >u64[1]);
 }
 

Re: [Qemu-devel] [PATCH 1/7] util: Add UUID API

[Jeff Cody]

On Wed, Aug 03, 2016 at 10:36:40AM +0800, Fam Zheng wrote:
> On Tue, 08/02 15:45, Paolo Bonzini wrote:
> > 
> > 
> > - Original Message -
> > > From: "Fam Zheng" 
> > > To: qemu-devel@nongnu.org
> > > Cc: f...@redhat.com, berra...@redhat.com, pbonz...@redhat.com, 
> > > kw...@redhat.com, mre...@redhat.com,
> > > mdr...@linux.vnet.ibm.com, arm...@redhat.com, s...@weilnetz.de, 
> > > qemu-bl...@nongnu.org
> > > Sent: Tuesday, August 2, 2016 11:18:32 AM
> > > Subject: [PATCH 1/7] util: Add UUID API
> > > 
> > > A number of different places across the code base use CONFIG_UUID. Some
> > > of them are soft dependency, some are not built if libuuid is not
> > > available, some come with dummy fallback, some throws runtime error.
> > > 
> > > It is hard to maintain, and hard to reason for users.
> > > 
> > > Since UUID is a simple standard with only a small number of operations,
> > > it is cleaner to have a central support in libqemuutil. This patch adds
> > > qemu_uuid_* the functions so that all uuid users in the code base can
> > > rely on. Except for qemu_uuid_generate which is new code, all other
> > > functions are just copy from existing fallbacks from other files.
> > 
> > How is g_random_* seeded?
> 
> According to glib doc:
> 
> > GLib changed the seeding algorithm for the pseudo-random number generator
> > Mersenne Twister, as used by GRand.
> 
> The urandom source is /dev/urandom (or time based if unavailable).
> 
> (RFC 4122 explicitly accepts pseudo-random.)
> 
> Fam
>

To piggyback on Fam's answer:

It is as if qemu called g_rand_new() [1] for a global static GRand struct.

The g_random_* functions use the glib default global GRand struct. If
you don't set the global seed yourself with g_random_set_seed(), then the
first call into one of the g_random_ functions will create the
global GRand struct seeded from /dev/urandom (if available), or the current
time (if /dev/urandom is not available).

[1] https://developer.gnome.org/glib/stable/glib-Random-Numbers.html#g-rand-new


-Jeff

Re: [Qemu-devel] [PATCH 3/3] ppc: Fix signal delivery in 64-bit usermode qemu

[Benjamin Herrenschmidt]

On Wed, 2016-08-03 at 13:16 +1000, Benjamin Herrenschmidt wrote:
> There were a number of bugs in the implementation. The structure
> alignment was wrong for 64-bit. Also 64-bit only does RT signals.
> 
> Finally on 64-bit, we need to put a pointer to the (aligned)
> vector registers in the frame.
> 
> This is still missing support for VSX which I will add separately.
> 
> Signed-off-by: Benjamin Herrenschmidt 
> ---

Dont apply this just yet ... the patch is correct but doesn't fix all
the bugs :-) There's some endian crap too. Will post a new one.

>  linux-user/ppc/syscall_nr.h |  2 ++
>  linux-user/signal.c | 75 +
> 
>  2 files changed, 44 insertions(+), 33 deletions(-)
> 
> diff --git a/linux-user/ppc/syscall_nr.h b/linux-
> user/ppc/syscall_nr.h
> index 46ed8a6..afa3654 100644
> --- a/linux-user/ppc/syscall_nr.h
> +++ b/linux-user/ppc/syscall_nr.h
> @@ -120,7 +120,9 @@
>  #define TARGET_NR_sysinfo116
>  #define TARGET_NR_ipc117
>  #define TARGET_NR_fsync  118
> +#if !defined(TARGET_PPC64)
>  #define TARGET_NR_sigreturn  119
> +#endif
>  #define TARGET_NR_clone  120
>  #define TARGET_NR_setdomainname  121
>  #define TARGET_NR_uname  122
> diff --git a/linux-user/signal.c b/linux-user/signal.c
> index 9a4d894..af80a3e 100644
> --- a/linux-user/signal.c
> +++ b/linux-user/signal.c
> @@ -4408,7 +4408,12 @@ struct target_mcontext {
>  target_ulong mc_gregs[48];
>  /* Includes fpscr.  */
>  uint64_t mc_fregs[33];
> +#if defined(TARGET_PPC64)
> +/* Pointer to the vector regs */
> +target_ulong v_regs;
> +#else
>  target_ulong mc_pad[2];
> +#endif
>  /* We need to handle Altivec and SPE at the same time, which no
> kernel needs to do.  Fortunately, the kernel defines this bit
> to
> be Altivec-register-large all the time, rather than trying to
> @@ -4418,15 +4423,24 @@ struct target_mcontext {
>  uint32_t spe[33];
>  /* Altivec vector registers.  The packing of VSCR and VRSAVE
> varies depending on whether we're PPC64 or not: PPC64
> splits
> -   them apart; PPC32 stuffs them together.  */
> +   them apart; PPC32 stuffs them together.
> +   We also need to account for the VSX registers on PPC64
> +*/
>  #if defined(TARGET_PPC64)
> -#define QEMU_NVRREG 34
> +#define QEMU_NVRREG (34 + 16)
> +/* On ppc64, we need to align to 16 bytes by hand */
> +target_ulong pad;
>  #else
> +/* On ppc32, we are already aligned to 16 bytes */
>  #define QEMU_NVRREG 33
>  #endif
> -ppc_avr_t altivec[QEMU_NVRREG];
> +/* We cannot use ppc_avr_t here as we do *not* want the
> implied
> + * 16-bytes alignment that would result from it. This would
> have
> + * the effect of making. The 32-bit variant is already
> aligned.
> + */
> +uint64_t altivec[QEMU_NVRREG][2];
>  #undef QEMU_NVRREG
> -} mc_vregs __attribute__((__aligned__(16)));
> +} mc_vregs;
>  };
>  
>  /* See arch/powerpc/include/asm/sigcontext.h.  */
> @@ -4606,9 +4620,10 @@ static void save_user_regs(CPUPPCState *env,
> struct target_mcontext *frame)
>  
>  /* Save Altivec registers if necessary.  */
>  if (env->insns_flags & PPC_ALTIVEC) {
> +uint32_t *vrsave;
>  for (i = 0; i < ARRAY_SIZE(env->avr); i++) {
>  ppc_avr_t *avr = >avr[i];
> -ppc_avr_t *vreg = >mc_vregs.altivec[i];
> +ppc_avr_t *vreg = (ppc_avr_t *)
> >mc_vregs.altivec[i];
>  
>  __put_user(avr->u64[0], >u64[0]);
>  __put_user(avr->u64[1], >u64[1]);
> @@ -4616,8 +4631,14 @@ static void save_user_regs(CPUPPCState *env,
> struct target_mcontext *frame)
>  /* Set MSR_VR in the saved MSR value to indicate that
> frame->mc_vregs contains valid data.  */
>  msr |= MSR_VR;
> -__put_user((uint32_t)env->spr[SPR_VRSAVE],
> -   >mc_vregs.altivec[32].u32[3]);
> +#if defined(TARGET_PPC64)
> +vrsave = (uint32_t *)>mc_vregs.altivec[33];
> +/* 64-bit needs to put a pointer to the vectors in the frame
> */
> +__put_user(h2g(frame->mc_vregs.altivec), >v_regs);
> +#else
> +vrsave = (uint32_t *)>mc_vregs.altivec[32];
> +#endif
> +__put_user((uint32_t)env->spr[SPR_VRSAVE], vrsave);
>  }
>  
>  /* Save floating point registers.  */
> @@ -4697,17 +4718,22 @@ static void restore_user_regs(CPUPPCState
> *env,
>  
>  /* Restore Altivec registers if necessary.  */
>  if (env->insns_flags & PPC_ALTIVEC) {
> +uint32_t *vrsave;
>  for (i = 0; i < ARRAY_SIZE(env->avr); i++) {
>  ppc_avr_t *avr = >avr[i];
> -ppc_avr_t *vreg = >mc_vregs.altivec[i];
> +ppc_avr_t *vreg = (ppc_avr_t *)
> >mc_vregs.altivec[i];
>  
>  

Re: [Qemu-devel] [PATCH] xen: use a common function for pv and hvm guest backend register calls

[Juergen Gross]

On 02/08/16 20:27, Stefano Stabellini wrote:
> On Tue, 2 Aug 2016, Juergen Gross wrote:
>> Instead of calling xen_be_register() for each supported backend type
>> for hvm and pv guests in their machine init functions use a common
>> function in order not to have to add new backends twice.
>>
>> This at once fixes the error that hvm domains couldn't use the qusb
>> backend.
>>
>> Signed-off-by: Juergen Gross 
>> ---
>> Is it on purpose the qnic and vfb backends are not registered for HVM?
> 
> Yes, it is on purpose: there is no code in any toolstacks to use qnic,
> and the presence of vfb can cause problems to Linux HVM guests (or at
> least it used to), additionally vfb for HVM guests is also disabled in
> libxl.
> 
> In general, it is a good idea to disable code that is not supposed to be
> used.
> 
> Can qusb be used with HVM guests with libxl/xl?

Yes. You have to specify "type=qusb" for usbctrl, then it will work.
I have verified that.


Juergen

Re: [Qemu-devel] [PATCH v2] kvm-irqchip: only commit route when irqchip is used

[David Gibson]

On Wed, Aug 03, 2016 at 11:07:21AM +0800, Peter Xu wrote:
> Reported from Alexey Kardashevskiy:
> 
> 3f1fea0fb5bf "kvm-irqchip: do explicit commit when update irq" produces
> a crash on pseries guest running with VFIO on POWER8 machine as it does
> not support KVM_CAP_IRQCHIP (KVM_CAP_IRQ_XICS is there instead). At the
> result, KVMState::irq_routes is NULL when VFIO calls
> kvm_irqchip_commit_routes.
> 
> This makes the routing update conditional.
> 
> Reported-by: Alexey Kardashevskiy 
> Tested-by: Alexey Kardashevskiy 
> Signed-off-by: Peter Xu 

Applied to ppc-for-2.7, thanks.

> ---
>  kvm-all.c | 8 
>  1 file changed, 8 insertions(+)
> 
> diff --git a/kvm-all.c b/kvm-all.c
> index ef81ca5..65608de 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -1047,6 +1047,14 @@ void kvm_irqchip_commit_routes(KVMState *s)
>  {
>  int ret;
>  
> +if (kvm_gsi_direct_mapping()) {
> +return;
> +}
> +
> +if (!kvm_gsi_routing_enabled()) {
> +return;
> +}
> +
>  s->irq_routes->flags = 0;
>  trace_kvm_irqchip_commit_routes();
>  ret = kvm_vm_ioctl(s, KVM_SET_GSI_ROUTING, s->irq_routes);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH 3/3] ppc: Fix signal delivery in 64-bit usermode qemu

[Benjamin Herrenschmidt]

There were a number of bugs in the implementation. The structure
alignment was wrong for 64-bit. Also 64-bit only does RT signals.

Finally on 64-bit, we need to put a pointer to the (aligned)
vector registers in the frame.

This is still missing support for VSX which I will add separately.

Signed-off-by: Benjamin Herrenschmidt 
---
 linux-user/ppc/syscall_nr.h |  2 ++
 linux-user/signal.c | 75 +
 2 files changed, 44 insertions(+), 33 deletions(-)

diff --git a/linux-user/ppc/syscall_nr.h b/linux-user/ppc/syscall_nr.h
index 46ed8a6..afa3654 100644
--- a/linux-user/ppc/syscall_nr.h
+++ b/linux-user/ppc/syscall_nr.h
@@ -120,7 +120,9 @@
 #define TARGET_NR_sysinfo116
 #define TARGET_NR_ipc117
 #define TARGET_NR_fsync  118
+#if !defined(TARGET_PPC64)
 #define TARGET_NR_sigreturn  119
+#endif
 #define TARGET_NR_clone  120
 #define TARGET_NR_setdomainname  121
 #define TARGET_NR_uname  122
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 9a4d894..af80a3e 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -4408,7 +4408,12 @@ struct target_mcontext {
 target_ulong mc_gregs[48];
 /* Includes fpscr.  */
 uint64_t mc_fregs[33];
+#if defined(TARGET_PPC64)
+/* Pointer to the vector regs */
+target_ulong v_regs;
+#else
 target_ulong mc_pad[2];
+#endif
 /* We need to handle Altivec and SPE at the same time, which no
kernel needs to do.  Fortunately, the kernel defines this bit to
be Altivec-register-large all the time, rather than trying to
@@ -4418,15 +4423,24 @@ struct target_mcontext {
 uint32_t spe[33];
 /* Altivec vector registers.  The packing of VSCR and VRSAVE
varies depending on whether we're PPC64 or not: PPC64 splits
-   them apart; PPC32 stuffs them together.  */
+   them apart; PPC32 stuffs them together.
+   We also need to account for the VSX registers on PPC64
+*/
 #if defined(TARGET_PPC64)
-#define QEMU_NVRREG 34
+#define QEMU_NVRREG (34 + 16)
+/* On ppc64, we need to align to 16 bytes by hand */
+target_ulong pad;
 #else
+/* On ppc32, we are already aligned to 16 bytes */
 #define QEMU_NVRREG 33
 #endif
-ppc_avr_t altivec[QEMU_NVRREG];
+/* We cannot use ppc_avr_t here as we do *not* want the implied
+ * 16-bytes alignment that would result from it. This would have
+ * the effect of making. The 32-bit variant is already aligned.
+ */
+uint64_t altivec[QEMU_NVRREG][2];
 #undef QEMU_NVRREG
-} mc_vregs __attribute__((__aligned__(16)));
+} mc_vregs;
 };
 
 /* See arch/powerpc/include/asm/sigcontext.h.  */
@@ -4606,9 +4620,10 @@ static void save_user_regs(CPUPPCState *env, struct 
target_mcontext *frame)
 
 /* Save Altivec registers if necessary.  */
 if (env->insns_flags & PPC_ALTIVEC) {
+uint32_t *vrsave;
 for (i = 0; i < ARRAY_SIZE(env->avr); i++) {
 ppc_avr_t *avr = >avr[i];
-ppc_avr_t *vreg = >mc_vregs.altivec[i];
+ppc_avr_t *vreg = (ppc_avr_t *)>mc_vregs.altivec[i];
 
 __put_user(avr->u64[0], >u64[0]);
 __put_user(avr->u64[1], >u64[1]);
@@ -4616,8 +4631,14 @@ static void save_user_regs(CPUPPCState *env, struct 
target_mcontext *frame)
 /* Set MSR_VR in the saved MSR value to indicate that
frame->mc_vregs contains valid data.  */
 msr |= MSR_VR;
-__put_user((uint32_t)env->spr[SPR_VRSAVE],
-   >mc_vregs.altivec[32].u32[3]);
+#if defined(TARGET_PPC64)
+vrsave = (uint32_t *)>mc_vregs.altivec[33];
+/* 64-bit needs to put a pointer to the vectors in the frame */
+__put_user(h2g(frame->mc_vregs.altivec), >v_regs);
+#else
+vrsave = (uint32_t *)>mc_vregs.altivec[32];
+#endif
+__put_user((uint32_t)env->spr[SPR_VRSAVE], vrsave);
 }
 
 /* Save floating point registers.  */
@@ -4697,17 +4718,22 @@ static void restore_user_regs(CPUPPCState *env,
 
 /* Restore Altivec registers if necessary.  */
 if (env->insns_flags & PPC_ALTIVEC) {
+uint32_t *vrsave;
 for (i = 0; i < ARRAY_SIZE(env->avr); i++) {
 ppc_avr_t *avr = >avr[i];
-ppc_avr_t *vreg = >mc_vregs.altivec[i];
+ppc_avr_t *vreg = (ppc_avr_t *)>mc_vregs.altivec[i];
 
 __get_user(avr->u64[0], >u64[0]);
 __get_user(avr->u64[1], >u64[1]);
 }
 /* Set MSR_VEC in the saved MSR value to indicate that
frame->mc_vregs contains valid data.  */
-__get_user(env->spr[SPR_VRSAVE],
-   (target_ulong *)(>mc_vregs.altivec[32].u32[3]));
+#if defined(TARGET_PPC64)
+vrsave = (uint32_t *)>mc_vregs.altivec[33];
+#else
+vrsave = (uint32_t *)>mc_vregs.altivec[32];
+#endif
+ 

Re: [Qemu-devel] [PATCH for-2.7] block: Accept any target node for transactional blockdev-backup

[Fam Zheng]

On Tue, 08/02 19:22, Kevin Wolf wrote:
> Commit 0d978913 changed blockdev-backup to accept arbitrary node names
> instead of device names (i.e. root nodes) for the backup target.
> However, it forgot to make the same change in transactions and to update
> the documentation. This patch fixes these omissions.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  blockdev.c   | 8 
>  qapi/block-core.json | 2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/blockdev.c b/blockdev.c
> index eafeba9..2161400 100644
> --- a/blockdev.c
> +++ b/blockdev.c
> @@ -1937,7 +1937,8 @@ static void blockdev_backup_prepare(BlkActionState 
> *common, Error **errp)
>  {
>  BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, 
> common);
>  BlockdevBackup *backup;
> -BlockBackend *blk, *target;
> +BlockBackend *blk;
> +BlockDriverState *target;
>  Error *local_err = NULL;
>  
>  assert(common->action->type == TRANSACTION_ACTION_KIND_BLOCKDEV_BACKUP);
> @@ -1954,15 +1955,14 @@ static void blockdev_backup_prepare(BlkActionState 
> *common, Error **errp)
>  return;
>  }
>  
> -target = blk_by_name(backup->target);
> +target = bdrv_lookup_bs(backup->target, backup->target, errp);
>  if (!target) {
> -error_setg(errp, "Device '%s' not found", backup->target);
>  return;
>  }
>  
>  /* AioContext is released in .clean() */
>  state->aio_context = blk_get_aio_context(blk);
> -if (state->aio_context != blk_get_aio_context(target)) {
> +if (state->aio_context != bdrv_get_aio_context(target)) {
>  state->aio_context = NULL;
>  error_setg(errp, "Backup between two IO threads is not implemented");
>  return;
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index 2bbc027..5e2d7d7 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -927,7 +927,7 @@
>  #
>  # @device: the name of the device which should be copied.
>  #
> -# @target: the name of the backup target device.
> +# @target: the device name or node-name of the backup target node.
>  #
>  # @sync: what parts of the disk image should be copied to the destination
>  #(all the disk, only the sectors allocated in the topmost image, or
> -- 
> 1.8.3.1
> 
> 

Reviewed-by: Fam Zheng 

[Qemu-devel] [PATCH v6 8/8] MAINTAINERS: Add Alistair to the maintainers list

[Alistair Francis]

Add Alistair Francis as the maintainer for the Netduino 2
and SMM32F205 SoC.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Crosthwaite 
---

 MAINTAINERS | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/MAINTAINERS b/MAINTAINERS
index d1439a8..e55be55 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -475,6 +475,21 @@ S: Maintained
 F: hw/arm/virt-acpi-build.c
 F: include/hw/arm/virt-acpi-build.h
 
+STM32F205
+M: Alistair Francis 
+S: Maintained
+F: hw/arm/stm32f205_soc.c
+F: hw/misc/stm32f2xx_syscfg.c
+F: hw/char/stm32f2xx_usart.c
+F: hw/timer/stm32f2xx_timer.c
+F: hw/adc/*
+F: hw/ssi/stm32f2xx_spi.c
+
+Netduino 2
+M: Alistair Francis 
+S: Maintained
+F: hw/arm/netduino2.c
+
 CRIS Machines
 -
 Axis Dev88
-- 
2.7.4

[Qemu-devel] [PATCH 2/2] Fix g2h() for 32-bit targets on 64-bit hosts

[Benjamin Herrenschmidt]

The current constructs ends up cropping the host address to 32-bit
which crashes for me running 32-bit ppc programs on an x86_64.

Signed-off-by: Benjamin Herrenschmidt 
---

Not sure who to CC for this...

 include/exec/cpu_ldst.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 6eb5fe8..0164535 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -49,7 +49,7 @@
 
 #if defined(CONFIG_USER_ONLY)
 /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
-#define g2h(x) ((void *)((unsigned long)(target_ulong)(x) + guest_base))
+#define g2h(x) ((void *)(guest_base + (unsigned long)(target_ulong)(x)))
 
 #if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
 #define h2g_valid(x) 1

[Qemu-devel] [PATCH v6 5/8] irq: Add a new irq device that allows the ORing of lines

[Alistair Francis]

Signed-off-by: Alistair Francis 
---
As the migration framework is not included in user mode this needs to be a
new file.

V6:
 - Make the OR IRQ device a TYPE_DEVICE
 - Add vmstate

 hw/core/Makefile.objs |   1 +
 hw/core/irq.c |   1 +
 hw/core/or-irq.c  | 102 ++
 include/hw/irq.h  |  15 
 4 files changed, 119 insertions(+)
 create mode 100644 hw/core/or-irq.c

diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs
index cfd4840..b47241b 100644
--- a/hw/core/Makefile.objs
+++ b/hw/core/Makefile.objs
@@ -16,4 +16,5 @@ common-obj-$(CONFIG_SOFTMMU) += null-machine.o
 common-obj-$(CONFIG_SOFTMMU) += loader.o
 common-obj-$(CONFIG_SOFTMMU) += qdev-properties-system.o
 common-obj-$(CONFIG_SOFTMMU) += register.o
+common-obj-$(CONFIG_SOFTMMU) += or-irq.o
 common-obj-$(CONFIG_PLATFORM_BUS) += platform-bus.o
diff --git a/hw/core/irq.c b/hw/core/irq.c
index 49ff2e6..dc874cc 100644
--- a/hw/core/irq.c
+++ b/hw/core/irq.c
@@ -24,6 +24,7 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "hw/irq.h"
+#include "hw/sysbus.h"
 #include "qom/object.h"
 
 #define IRQ(obj) OBJECT_CHECK(struct IRQState, (obj), TYPE_IRQ)
diff --git a/hw/core/or-irq.c b/hw/core/or-irq.c
new file mode 100644
index 000..2bd181b
--- /dev/null
+++ b/hw/core/or-irq.c
@@ -0,0 +1,102 @@
+/*
+ * QEMU IRQ/GPIO common code.
+ *
+ * Copyright (c) 2016 Alistair Francis .
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "hw/irq.h"
+#include "hw/sysbus.h"
+#include "qom/object.h"
+
+#define OR_IRQ(obj) OBJECT_CHECK(qemu_or_irq, (obj), TYPE_OR_IRQ)
+
+struct OrIRQState {
+Object parent_obj;
+
+qemu_irq in_irq;
+qemu_irq *out_irqs;
+int16_t levels[MAX_OR_LINES];
+int n;
+};
+
+static void or_irq_handler(void *opaque, int n, int level)
+{
+qemu_or_irq *or_irq = OR_IRQ(opaque);
+int or_level = 0;
+int i;
+
+or_irq->levels[n] = level;
+
+for (i = 0; i < or_irq->n; i++) {
+or_level |= or_irq->levels[i];
+}
+
+qemu_set_irq(or_irq->in_irq, or_level);
+}
+
+qemu_irq *qemu_allocate_or_irqs(qemu_irq in_irq, int n)
+{
+qemu_or_irq *or_irq;
+
+assert(n < MAX_OR_LINES);
+
+or_irq = OR_IRQ(object_new(TYPE_OR_IRQ));
+object_initialize(or_irq, sizeof(qemu_or_irq),
+  TYPE_OR_IRQ);
+
+or_irq->out_irqs = qemu_allocate_irqs(or_irq_handler, or_irq, n);
+or_irq->in_irq = in_irq;
+or_irq->n = n;
+
+return or_irq->out_irqs;
+}
+
+static const VMStateDescription vmstate_or_irq = {
+.name = TYPE_OR_IRQ,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_INT16_ARRAY(levels, qemu_or_irq, MAX_OR_LINES),
+VMSTATE_END_OF_LIST(),
+}
+};
+
+static void or_irq_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->vmsd = _or_irq;
+}
+
+static const TypeInfo or_irq_type_info = {
+   .name = TYPE_OR_IRQ,
+   .parent = TYPE_DEVICE,
+   .instance_size = sizeof(qemu_or_irq),
+   .class_init = or_irq_class_init,
+};
+
+static void or_irq_register_types(void)
+{
+type_register_static(_irq_type_info);
+}
+
+type_init(or_irq_register_types)
diff --git a/include/hw/irq.h b/include/hw/irq.h
index 4c4c2ea..5e8a3b6 100644
--- a/include/hw/irq.h
+++ b/include/hw/irq.h
@@ -4,8 +4,12 @@
 /* Generic IRQ/GPIO pin infrastructure.  */
 
 #define TYPE_IRQ "irq"
+#define TYPE_OR_IRQ "or-irq"
+
+#define MAX_OR_LINES  16
 
 typedef struct IRQState *qemu_irq;
+typedef struct OrIRQState qemu_or_irq;
 
 typedef void (*qemu_irq_handler)(void *opaque, int n, int level);
 
@@ -38,6 +42,17 @@ qemu_irq *qemu_allocate_irqs(qemu_irq_handler handler, void 
*opaque, int n);
  */
 qemu_irq qemu_allocate_irq(qemu_irq_handler handler, void *opaque, int n);
 
+/*
+ * 

[Qemu-devel] [PATCH 1/2] Fix tlb_vaddr_to_host with CONFIG_USER_ONLY

[Benjamin Herrenschmidt]

We use the wrong argument name for the g2h() macro !

Signed-off-by: Benjamin Herrenschmidt 
---

Not sure who to CC for this...

 include/exec/cpu_ldst.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index b573df5..6eb5fe8 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -401,7 +401,7 @@ static inline void *tlb_vaddr_to_host(CPUArchState *env, 
target_ulong addr,
   int access_type, int mmu_idx)
 {
 #if defined(CONFIG_USER_ONLY)
-return g2h(vaddr);
+return g2h(addr);
 #else
 int index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
 CPUTLBEntry *tlbentry = >tlb_table[mmu_idx][index];

[Qemu-devel] [PATCH v6 3/8] STM32F2xx: Add the ADC device

[Alistair Francis]

Add the STM32F2xx ADC device. This device randomly
generates values on each read.

This also includes creating a hw/adc directory.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
V4:
 - Remove the rand() function
 - Add VMState
 - Small cleanups
V2:
 - Address Peter C's comments
 - Create a ADC folder and move the file in there
 - Move some of the registers into arrays

 default-configs/arm-softmmu.mak |   1 +
 hw/Makefile.objs|   1 +
 hw/adc/Makefile.objs|   1 +
 hw/adc/stm32f2xx_adc.c  | 306 
 include/hw/adc/stm32f2xx_adc.h  |  87 
 5 files changed, 396 insertions(+)
 create mode 100644 hw/adc/Makefile.objs
 create mode 100644 hw/adc/stm32f2xx_adc.c
 create mode 100644 include/hw/adc/stm32f2xx_adc.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 7a19863..5b1696d 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -87,6 +87,7 @@ CONFIG_ZYNQ=y
 CONFIG_STM32F2XX_TIMER=y
 CONFIG_STM32F2XX_USART=y
 CONFIG_STM32F2XX_SYSCFG=y
+CONFIG_STM32F2XX_ADC=y
 CONFIG_STM32F205_SOC=y
 
 CONFIG_VERSATILE_PCI=y
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 4a07ed4..0ffd281 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -1,5 +1,6 @@
 devices-dirs-$(call land, $(CONFIG_VIRTIO),$(call 
land,$(CONFIG_VIRTFS),$(CONFIG_PCI))) += 9pfs/
 devices-dirs-$(CONFIG_ACPI) += acpi/
+devices-dirs-$(CONFIG_SOFTMMU) += adc/
 devices-dirs-$(CONFIG_SOFTMMU) += audio/
 devices-dirs-$(CONFIG_SOFTMMU) += block/
 devices-dirs-$(CONFIG_SOFTMMU) += bt/
diff --git a/hw/adc/Makefile.objs b/hw/adc/Makefile.objs
new file mode 100644
index 000..3f6dfde
--- /dev/null
+++ b/hw/adc/Makefile.objs
@@ -0,0 +1 @@
+obj-$(CONFIG_STM32F2XX_ADC) += stm32f2xx_adc.o
diff --git a/hw/adc/stm32f2xx_adc.c b/hw/adc/stm32f2xx_adc.c
new file mode 100644
index 000..90fe9de
--- /dev/null
+++ b/hw/adc/stm32f2xx_adc.c
@@ -0,0 +1,306 @@
+/*
+ * STM32F2XX ADC
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "hw/adc/stm32f2xx_adc.h"
+
+#ifndef STM_ADC_ERR_DEBUG
+#define STM_ADC_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_ADC_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static void stm32f2xx_adc_reset(DeviceState *dev)
+{
+STM32F2XXADCState *s = STM32F2XX_ADC(dev);
+
+s->adc_sr = 0x;
+s->adc_cr1 = 0x;
+s->adc_cr2 = 0x;
+s->adc_smpr1 = 0x;
+s->adc_smpr2 = 0x;
+s->adc_jofr[0] = 0x;
+s->adc_jofr[1] = 0x;
+s->adc_jofr[2] = 0x;
+s->adc_jofr[3] = 0x;
+s->adc_htr = 0x0FFF;
+s->adc_ltr = 0x;
+s->adc_sqr1 = 0x;
+s->adc_sqr2 = 0x;
+s->adc_sqr3 = 0x;
+s->adc_jsqr = 0x;
+s->adc_jdr[0] = 0x;
+s->adc_jdr[1] = 0x;
+s->adc_jdr[2] = 0x;
+s->adc_jdr[3] = 0x;
+s->adc_dr = 0x;
+}
+
+static uint32_t stm32f2xx_adc_generate_value(STM32F2XXADCState *s)
+{
+/* Attempts to fake some ADC values */
+s->adc_dr = s->adc_dr + 7;
+
+switch ((s->adc_cr1 & ADC_CR1_RES) >> 24) {
+case 0:
+/* 12-bit */
+s->adc_dr &= 0xFFF;
+break;
+case 1:
+/* 10-bit */
+s->adc_dr &= 0x3FF;
+break;
+case 2:
+/* 8-bit */
+s->adc_dr &= 0xFF;
+break;
+default:
+/* 6-bit */
+s->adc_dr &= 0x3F;
+}
+
+if (s->adc_cr2 & ADC_CR2_ALIGN) {
+return 

[Qemu-devel] [PATCH v6 4/8] STM32F2xx: Add the SPI device

[Alistair Francis]

Add the STM32F2xx SPI device.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Maydell 
---
V4:
 - Add VMState
 - Small fixes
V2:
 - Address Peter C's comments

 default-configs/arm-softmmu.mak |   1 +
 hw/ssi/Makefile.objs|   1 +
 hw/ssi/stm32f2xx_spi.c  | 225 
 include/hw/ssi/stm32f2xx_spi.h  |  72 +
 4 files changed, 299 insertions(+)
 create mode 100644 hw/ssi/stm32f2xx_spi.c
 create mode 100644 include/hw/ssi/stm32f2xx_spi.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 5b1696d..e9e2de3 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -88,6 +88,7 @@ CONFIG_STM32F2XX_TIMER=y
 CONFIG_STM32F2XX_USART=y
 CONFIG_STM32F2XX_SYSCFG=y
 CONFIG_STM32F2XX_ADC=y
+CONFIG_STM32F2XX_SPI=y
 CONFIG_STM32F205_SOC=y
 
 CONFIG_VERSATILE_PCI=y
diff --git a/hw/ssi/Makefile.objs b/hw/ssi/Makefile.objs
index c79a8dc..487add2 100644
--- a/hw/ssi/Makefile.objs
+++ b/hw/ssi/Makefile.objs
@@ -3,6 +3,7 @@ common-obj-$(CONFIG_SSI) += ssi.o
 common-obj-$(CONFIG_XILINX_SPI) += xilinx_spi.o
 common-obj-$(CONFIG_XILINX_SPIPS) += xilinx_spips.o
 common-obj-$(CONFIG_ASPEED_SOC) += aspeed_smc.o
+common-obj-$(CONFIG_STM32F2XX_SPI) += stm32f2xx_spi.o
 
 obj-$(CONFIG_OMAP) += omap_spi.o
 obj-$(CONFIG_IMX) += imx_spi.o
diff --git a/hw/ssi/stm32f2xx_spi.c b/hw/ssi/stm32f2xx_spi.c
new file mode 100644
index 000..26a1b4d
--- /dev/null
+++ b/hw/ssi/stm32f2xx_spi.c
@@ -0,0 +1,225 @@
+/*
+ * STM32F405 SPI
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu/log.h"
+#include "hw/ssi/stm32f2xx_spi.h"
+
+#ifndef STM_SPI_ERR_DEBUG
+#define STM_SPI_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_SPI_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static void stm32f2xx_spi_reset(DeviceState *dev)
+{
+STM32F2XXSPIState *s = STM32F2XX_SPI(dev);
+
+s->spi_cr1 = 0x;
+s->spi_cr2 = 0x;
+s->spi_sr = 0x000A;
+s->spi_dr = 0x000C;
+s->spi_crcpr = 0x0007;
+s->spi_rxcrcr = 0x;
+s->spi_txcrcr = 0x;
+s->spi_i2scfgr = 0x;
+s->spi_i2spr = 0x0002;
+}
+
+static void stm32f2xx_spi_transfer(STM32F2XXSPIState *s)
+{
+DB_PRINT("Data to send: 0x%x\n", s->spi_dr);
+
+s->spi_dr = ssi_transfer(s->ssi, s->spi_dr);
+s->spi_sr |= STM_SPI_SR_RXNE;
+
+DB_PRINT("Data received: 0x%x\n", s->spi_dr);
+}
+
+static uint64_t stm32f2xx_spi_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+STM32F2XXSPIState *s = opaque;
+
+DB_PRINT("Address: 0x%" HWADDR_PRIx "\n", addr);
+
+switch (addr) {
+case STM_SPI_CR1:
+return s->spi_cr1;
+case STM_SPI_CR2:
+qemu_log_mask(LOG_UNIMP, "%s: Interrupts and DMA are not 
implemented\n",
+  __func__);
+return s->spi_cr2;
+case STM_SPI_SR:
+return s->spi_sr;
+case STM_SPI_DR:
+stm32f2xx_spi_transfer(s);
+s->spi_sr &= ~STM_SPI_SR_RXNE;
+return s->spi_dr;
+case STM_SPI_CRCPR:
+qemu_log_mask(LOG_UNIMP, "%s: CRC is not implemented, the registers " \
+  "are included for compatibility\n", __func__);
+return s->spi_crcpr;
+case STM_SPI_RXCRCR:
+qemu_log_mask(LOG_UNIMP, "%s: CRC is not implemented, the registers " \
+  "are included for compatibility\n", __func__);
+return s->spi_rxcrcr;
+case STM_SPI_TXCRCR:
+qemu_log_mask(LOG_UNIMP, "%s: CRC is not implemented, the registers " \
+  "are 

[Qemu-devel] [PATCH v6 1/8] STM32F205: Remove the individual device variables

[Alistair Francis]

Cleanup the individual DeviceState and SysBusDevice
variables to re-use the same variable for each
device.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Crosthwaite 
---

 hw/arm/stm32f205_soc.c | 35 +--
 1 file changed, 17 insertions(+), 18 deletions(-)

diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
index de26b8c..5b6fa3b 100644
--- a/hw/arm/stm32f205_soc.c
+++ b/hw/arm/stm32f205_soc.c
@@ -62,8 +62,8 @@ static void stm32f205_soc_initfn(Object *obj)
 static void stm32f205_soc_realize(DeviceState *dev_soc, Error **errp)
 {
 STM32F205State *s = STM32F205_SOC(dev_soc);
-DeviceState *syscfgdev, *usartdev, *timerdev, *nvic;
-SysBusDevice *syscfgbusdev, *usartbusdev, *timerbusdev;
+DeviceState *dev, *nvic;
+SysBusDevice *busdev;
 Error *err = NULL;
 int i;
 
@@ -94,44 +94,43 @@ static void stm32f205_soc_realize(DeviceState *dev_soc, 
Error **errp)
s->kernel_filename, s->cpu_model);
 
 /* System configuration controller */
-syscfgdev = DEVICE(>syscfg);
+dev = DEVICE(>syscfg);
 object_property_set_bool(OBJECT(>syscfg), true, "realized", );
 if (err != NULL) {
 error_propagate(errp, err);
 return;
 }
-syscfgbusdev = SYS_BUS_DEVICE(syscfgdev);
-sysbus_mmio_map(syscfgbusdev, 0, 0x40013800);
-sysbus_connect_irq(syscfgbusdev, 0, qdev_get_gpio_in(nvic, 71));
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, 0x40013800);
+sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(nvic, 71));
 
 /* Attach UART (uses USART registers) and USART controllers */
 for (i = 0; i < STM_NUM_USARTS; i++) {
-usartdev = DEVICE(&(s->usart[i]));
-qdev_prop_set_chr(usartdev, "chardev", i < MAX_SERIAL_PORTS ? 
serial_hds[i] : NULL);
+dev = DEVICE(&(s->usart[i]));
+qdev_prop_set_chr(dev, "chardev",
+  i < MAX_SERIAL_PORTS ? serial_hds[i] : NULL);
 object_property_set_bool(OBJECT(>usart[i]), true, "realized", );
 if (err != NULL) {
 error_propagate(errp, err);
 return;
 }
-usartbusdev = SYS_BUS_DEVICE(usartdev);
-sysbus_mmio_map(usartbusdev, 0, usart_addr[i]);
-sysbus_connect_irq(usartbusdev, 0,
-   qdev_get_gpio_in(nvic, usart_irq[i]));
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, usart_addr[i]);
+sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(nvic, usart_irq[i]));
 }
 
 /* Timer 2 to 5 */
 for (i = 0; i < STM_NUM_TIMERS; i++) {
-timerdev = DEVICE(&(s->timer[i]));
-qdev_prop_set_uint64(timerdev, "clock-frequency", 10);
+dev = DEVICE(&(s->timer[i]));
+qdev_prop_set_uint64(dev, "clock-frequency", 10);
 object_property_set_bool(OBJECT(>timer[i]), true, "realized", );
 if (err != NULL) {
 error_propagate(errp, err);
 return;
 }
-timerbusdev = SYS_BUS_DEVICE(timerdev);
-sysbus_mmio_map(timerbusdev, 0, timer_addr[i]);
-sysbus_connect_irq(timerbusdev, 0,
-   qdev_get_gpio_in(nvic, timer_irq[i]));
+busdev = SYS_BUS_DEVICE(dev);
+sysbus_mmio_map(busdev, 0, timer_addr[i]);
+sysbus_connect_irq(busdev, 0, qdev_get_gpio_in(nvic, timer_irq[i]));
 }
 }
 
-- 
2.7.4

[Qemu-devel] [PATCH v6 2/8] STM32F2xx: Display PWM duty cycle from timer

[Alistair Francis]

If correctly configured allow the STM32F2xx timer to print
out the PWM duty cycle information.

Signed-off-by: Alistair Francis 
Reviewed-by: Peter Crosthwaite 
---
V3:
 - Use OR instead of + for masking
 - Improve clarity of print statement
V2:
 - Fix up if statement braces
 - Remove stm32f2xx_timer_set_alarm() call

 hw/timer/stm32f2xx_timer.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/hw/timer/stm32f2xx_timer.c b/hw/timer/stm32f2xx_timer.c
index bf0fb28..8c4c1f9 100644
--- a/hw/timer/stm32f2xx_timer.c
+++ b/hw/timer/stm32f2xx_timer.c
@@ -51,6 +51,15 @@ static void stm32f2xx_timer_interrupt(void *opaque)
 qemu_irq_pulse(s->irq);
 stm32f2xx_timer_set_alarm(s, s->hit_time);
 }
+
+if (s->tim_ccmr1 & (TIM_CCMR1_OC2M2 | TIM_CCMR1_OC2M1) &&
+!(s->tim_ccmr1 & TIM_CCMR1_OC2M0) &&
+s->tim_ccmr1 & TIM_CCMR1_OC2PE &&
+s->tim_ccer & TIM_CCER_CC2E) {
+/* PWM 2 - Mode 1 */
+DB_PRINT("PWM2 Duty Cycle: %d%%\n",
+s->tim_ccr2 / (100 * (s->tim_psc + 1)));
+}
 }
 
 static inline int64_t stm32f2xx_ns_to_ticks(STM32F2XXTimerState *s, int64_t t)
-- 
2.7.4

[Qemu-devel] [PATCH v6 0/8] Update the Netduino 2 Machine

[Alistair Francis]

This patchset continues with the Netduino 2 and STM32F205 SoC
work.

This patch series makes a small change to the STM32F2xx
SoC to tidy up the code.

Next a feature is added to the STM32F2xx timer to display the
PWM duty cycle, when debugging is enabled.

Then the STM32F2xx SPI and ADC devices are added and connected
to the STM32F205 SoC.

Finally the maintainers file is updated to add myself as the
maintainer for the Netdunio 2 and STM32F2xx.

V6:
 - Add vmstate to the new OR IRQ device
V5:
 - Add a irq ORing function
V4:
 - Add VMState to the new devices
 - Remove rand() function
V3:
 - Rebase
V2:
 - Update based on Peter C's coments
 - Rebase
 - Create an ADC folder for the ADC device


Alistair Francis (8):
  STM32F205: Remove the individual device variables
  STM32F2xx: Display PWM duty cycle from timer
  STM32F2xx: Add the ADC device
  STM32F2xx: Add the SPI device
  irq: Add a new irq device that allows the ORing of lines
  STM32F205: Connect the ADC devices
  STM32F205: Connect the SPI devices
  MAINTAINERS: Add Alistair to the maintainers list

 MAINTAINERS |  15 ++
 default-configs/arm-softmmu.mak |   2 +
 hw/Makefile.objs|   1 +
 hw/adc/Makefile.objs|   1 +
 hw/adc/stm32f2xx_adc.c  | 306 
 hw/arm/stm32f205_soc.c  |  82 ---
 hw/core/Makefile.objs   |   1 +
 hw/core/irq.c   |   1 +
 hw/core/or-irq.c| 102 ++
 hw/ssi/Makefile.objs|   1 +
 hw/ssi/stm32f2xx_spi.c  | 225 +
 hw/timer/stm32f2xx_timer.c  |   9 ++
 include/hw/adc/stm32f2xx_adc.h  |  87 
 include/hw/arm/stm32f205_soc.h  |   6 +
 include/hw/irq.h|  15 ++
 include/hw/ssi/stm32f2xx_spi.h  |  72 ++
 16 files changed, 908 insertions(+), 18 deletions(-)
 create mode 100644 hw/adc/Makefile.objs
 create mode 100644 hw/adc/stm32f2xx_adc.c
 create mode 100644 hw/core/or-irq.c
 create mode 100644 hw/ssi/stm32f2xx_spi.c
 create mode 100644 include/hw/adc/stm32f2xx_adc.h
 create mode 100644 include/hw/ssi/stm32f2xx_spi.h

-- 
2.7.4

[Qemu-devel] [PATCH v2] kvm-irqchip: only commit route when irqchip is used

[Peter Xu]

Reported from Alexey Kardashevskiy:

3f1fea0fb5bf "kvm-irqchip: do explicit commit when update irq" produces
a crash on pseries guest running with VFIO on POWER8 machine as it does
not support KVM_CAP_IRQCHIP (KVM_CAP_IRQ_XICS is there instead). At the
result, KVMState::irq_routes is NULL when VFIO calls
kvm_irqchip_commit_routes.

This makes the routing update conditional.

Reported-by: Alexey Kardashevskiy 
Tested-by: Alexey Kardashevskiy 
Signed-off-by: Peter Xu 
---
 kvm-all.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/kvm-all.c b/kvm-all.c
index ef81ca5..65608de 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1047,6 +1047,14 @@ void kvm_irqchip_commit_routes(KVMState *s)
 {
 int ret;
 
+if (kvm_gsi_direct_mapping()) {
+return;
+}
+
+if (!kvm_gsi_routing_enabled()) {
+return;
+}
+
 s->irq_routes->flags = 0;
 trace_kvm_irqchip_commit_routes();
 ret = kvm_vm_ioctl(s, KVM_SET_GSI_ROUTING, s->irq_routes);
-- 
2.7.4

Re: [Qemu-devel] [PATCH qemu] kvm-irqchip: Only do explicit IRQ routing commit when IRQCHIP is in use

[Peter Xu]

On Tue, Aug 02, 2016 at 03:48:23PM -0400, Paolo Bonzini wrote:
> > > > This works too.
> > > > 
> > > > You may also want to copy if(!kvm_gsi_routing_enabled()) from
> > > > kvm_irqchip_add_msi_route() to align API (not needed in my case though).
> > > > Or
> > > > just check the result of these checks by if(!s->irq_routes) :)
> > > > Thanks.
> > > 
> > > Right. Do you like to post a v2 for this one? (since of course honor
> > > is yours and fault is mine :) Please let me know if you want me to do
> > > this for you. It'll be nice we have this fix asap so that less people
> > > suffers.
> > 
> > Btw, please ignore above message if you still prefer v1 and sure that
> > it works in all cases. :)
> 
> Peter, please post v2 according to your patch and Alexey's suggestion.
> David, can you handle it?

Sure, then let me send a v2 later. Will CC David. Thanks!

-- peterx

Re: [Qemu-devel] [RFC PATCH V10 1/7] colo-compare: introduce colo compare initialization

[Zhang Chen]

On 08/02/2016 02:26 PM, Jason Wang wrote:



On 2016年07月26日 09:49, Zhang Chen wrote:

This a COLO net ascii figure:

  Primary qemu Secondary qemu
+--+ 
++
| +-+ |   
| +---+ |
| | | |   
| |   | |
| |guest| |   
|  | guest  | |
| | | |   
| |   | |
| +---^--+--+ |   
| +-+++ |
| |  | |   |^ 
|  |
| |  | |   || 
|  |
| | +--+ 
||| |
|netfilter|  |   | ||  |   netfilter| 
|  |
| +--+ ---+ ||  | 
+---+ |
| |   |  |   || ||  |  
| ||  filter excute order   | |
| |   |  |   || ||  |  
| || +--->  | |
| |   |  |   || ||  |  
| || TCP  | |
| | +-+--+--+ +--v-+  | ++ ||  |  
| ++  +---++---v+rewriter++ ++ | |
| | |   | ||  | || ||  |  
| ||  ||  | || | |
| | |  filter   | |   filter   +>   colo <+ 
+>  filter   +--> adjust | adjust +-->   filter   | | |
| | |  mirror   | | redirector |  | |  compare   | | |
|  | | redirector |  | ack|   seq|  | redirector | | |
| | |   | ||  | || | |
|  | ||  ||  | || | |
| | +^--+ ++  | +-+--+ | |
|  | ++  ++--+ +---++ | |
| |  | tx rx  |   || |
|  |txall   | rx  | |
| |  ||   || |
| +---+ |
| |  ||   || |
| ||
| |  |   filter excute order  |   || |
| ||
| |  |  +---> |   || 
++ |

| +---+   | | | |
||| | | |
+--+ 
++

  |guest receive   |guest send
  ||
++v+
| |  NOTE: filter direction is rx/tx/all
| tap |  
rx:receive packets sent to the netdev

| |  tx:receive packets sent by the netdev
+--+

In COLO-compare.
Packets coming from the primary char indev will be sent to outdev
Packets coming from the secondary char dev will be dropped
colo-comapre need two input chardev and one output chardev:
primary_in=chardev1-id
secondary_in=chardev2-id
outdev=chardev3-id


Though it has 'compare' in its name, this description needs some key 
information still. e.g what it did (packet comparing). And then you 
can describe where were the data sources from.


OK, I will add some comments for this.




usage:

primary:
-netdev 
tap,id=hn0,vhost=off,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown

-device e1000,id=e0,netdev=hn0,mac=52:a4:00:12:78:66
-chardev socket,id=mirror0,host=3.3.3.3,port=9003,server,nowait
-chardev socket,id=compare1,host=3.3.3.3,port=9004,server,nowait
-chardev socket,id=compare0,host=3.3.3.3,port=9001,server,nowait
-chardev socket,id=compare0-0,host=3.3.3.3,port=9001
-chardev socket,id=compare_out,host=3.3.3.3,port=9005,server,nowait
-chardev socket,id=compare_out0,host=3.3.3.3,port=9005
-object 

Re: [Qemu-devel] [PULL 09/10] docker: Don't start a container that doesn't exist

[Fam Zheng]

On Tue, 08/02 20:59, Paolo Bonzini wrote:
> 
> 
> On 19/07/2016 16:31, Fam Zheng wrote:
> > Image building targets are dependencies of test running targets, so when
> > a docker image doesn't exist, it means it's skipped (due to dependency
> > checks in pre script). Therefore, skip the test too.
> > 
> > Signed-off-by: Fam Zheng 
> > Message-id: 1468934445-32183-10-git-send-email-f...@redhat.com
> > ---
> >  tests/docker/Makefile.include | 6 +-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> > 
> > diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
> > index c5546ee..e7f0023 100644
> > --- a/tests/docker/Makefile.include
> > +++ b/tests/docker/Makefile.include
> > @@ -105,7 +105,10 @@ docker-run-%: docker-qemu-src
> > fi
> > $(if $(filter $(TESTS),$(CMD)),$(if $(filter $(IMAGES),$(IMAGE)), \
> > $(call quiet-command,\
> > -   $(SRC_PATH)/tests/docker/docker.py run $(if $V,,--rm) \
> > +   if $(SRC_PATH)/tests/docker/docker.py images \
> > +   --format={{.Repository}}:{{.Tag}} | \
> > +   grep -qx qemu:$(IMAGE); then \
> > +   $(SRC_PATH)/tests/docker/docker.py run $(if 
> > $V,,--rm) \
> > -t \
> > $(if $(DEBUG),-i,--net=none) \
> > -e TARGET_LIST=$(TARGET_LIST) \
> > @@ -117,6 +120,7 @@ docker-run-%: docker-qemu-src
> > qemu:$(IMAGE) \
> > /var/tmp/qemu/run \
> > $(CMD); \
> > +   fi \
> > , "  RUN $(CMD) in $(IMAGE)")))
> >  
> >  docker-clean:
> > 
> 
> This breaks the version of Docker in RHEL7.2, which doesn't have
> --format.  Is it possible to revert it?

I'll work on a fix today.

Fam

Re: [Qemu-devel] [PATCH 1/7] util: Add UUID API

[Fam Zheng]

On Tue, 08/02 15:45, Paolo Bonzini wrote:
> 
> 
> - Original Message -
> > From: "Fam Zheng" 
> > To: qemu-devel@nongnu.org
> > Cc: f...@redhat.com, berra...@redhat.com, pbonz...@redhat.com, 
> > kw...@redhat.com, mre...@redhat.com,
> > mdr...@linux.vnet.ibm.com, arm...@redhat.com, s...@weilnetz.de, 
> > qemu-bl...@nongnu.org
> > Sent: Tuesday, August 2, 2016 11:18:32 AM
> > Subject: [PATCH 1/7] util: Add UUID API
> > 
> > A number of different places across the code base use CONFIG_UUID. Some
> > of them are soft dependency, some are not built if libuuid is not
> > available, some come with dummy fallback, some throws runtime error.
> > 
> > It is hard to maintain, and hard to reason for users.
> > 
> > Since UUID is a simple standard with only a small number of operations,
> > it is cleaner to have a central support in libqemuutil. This patch adds
> > qemu_uuid_* the functions so that all uuid users in the code base can
> > rely on. Except for qemu_uuid_generate which is new code, all other
> > functions are just copy from existing fallbacks from other files.
> 
> How is g_random_* seeded?

According to glib doc:

> GLib changed the seeding algorithm for the pseudo-random number generator
> Mersenne Twister, as used by GRand.

The urandom source is /dev/urandom (or time based if unavailable).

(RFC 4122 explicitly accepts pseudo-random.)

Fam

Re: [Qemu-devel] [PATCH v1 2/2] target-ppc: cmprb - truncate RA to 8bits

[David Gibson]

On Tue, Aug 02, 2016 at 01:23:00PM +0530, Nikunj A Dadhania wrote:
> Missed the following bit in the instruction coding.
> 
> src1 ← EXTZ(RA(56:63))
> 
> Reported-by: Anton Blanchard 
> Signed-off-by: Nikunj A Dadhania 
> ---
> 
> Can be squashed with the original commit

Done.

> 
>  target-ppc/translate.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index dc89e6a..14f4b68 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -867,6 +867,7 @@ static void gen_cmprb(DisasContext *ctx)
>  tcg_gen_trunc_tl_i32(src1, cpu_gpr[rA(ctx->opcode)]);
>  tcg_gen_trunc_tl_i32(src2, cpu_gpr[rB(ctx->opcode)]);
>  
> +tcg_gen_andi_i32(src1, src1, 0xFF);
>  tcg_gen_ext8u_i32(src2lo, src2);
>  tcg_gen_shri_i32(src2, src2, 8);
>  tcg_gen_ext8u_i32(src2hi, src2);

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 1/5] target-ppc: add vector insert instructions

[David Gibson]

On Mon, Aug 01, 2016 at 12:49:38PM +0530, Rajalakshmi Srinivasaraghavan wrote:
> The following vector insert instructions are added from ISA 3.0.
> 
> vinsertb - Vector Insert Byte
> vinserth - Vector Insert Halfword
> vinsertw - Vector Insert Word
> vinsertd - Vector Insert Doubleword
> 
> Signed-off-by: Rajalakshmi Srinivasaraghavan 
> ---
>  target-ppc/helper.h |4 
>  target-ppc/int_helper.c |   21 +
>  target-ppc/translate/vmx-impl.c |   10 ++
>  target-ppc/translate/vmx-ops.c  |   19 ++-
>  4 files changed, 49 insertions(+), 5 deletions(-)
> 
> diff --git a/target-ppc/helper.h b/target-ppc/helper.h
> index 93ac9e1..0923779 100644
> --- a/target-ppc/helper.h
> +++ b/target-ppc/helper.h
> @@ -250,6 +250,10 @@ DEF_HELPER_2(vspltisw, void, avr, i32)
>  DEF_HELPER_3(vspltb, void, avr, avr, i32)
>  DEF_HELPER_3(vsplth, void, avr, avr, i32)
>  DEF_HELPER_3(vspltw, void, avr, avr, i32)
> +DEF_HELPER_3(vinsertb, void, avr, avr, i32)
> +DEF_HELPER_3(vinserth, void, avr, avr, i32)
> +DEF_HELPER_3(vinsertw, void, avr, avr, i32)
> +DEF_HELPER_3(vinsertd, void, avr, avr, i32)
>  DEF_HELPER_2(vupkhpx, void, avr, avr)
>  DEF_HELPER_2(vupklpx, void, avr, avr)
>  DEF_HELPER_2(vupkhsb, void, avr, avr)
> diff --git a/target-ppc/int_helper.c b/target-ppc/int_helper.c
> index 552b2e0..637f0b1 100644
> --- a/target-ppc/int_helper.c
> +++ b/target-ppc/int_helper.c
> @@ -1790,6 +1790,27 @@ VSPLT(b, u8)
>  VSPLT(h, u16)
>  VSPLT(w, u32)
>  #undef VSPLT
> +#if defined(HOST_WORDS_BIGENDIAN)
> +#define VINSERT(suffix, element, index) \
> +void helper_vinsert##suffix(ppc_avr_t *r, ppc_avr_t *b, uint32_t splat) \
> +{   \
> +memcpy(>u8[SPLAT_ELEMENT(u8)], >element[index],   \
> +   sizeof(r->element[0]));  \
> +}
> +#else
> +#define VINSERT(suffix, element, index) \
> +void helper_vinsert##suffix(ppc_avr_t *r, ppc_avr_t *b, uint32_t splat) \
> +{   \
> +memcpy(>u8[(16 - splat) - sizeof(r->element[0])],\
> +   >element[(ARRAY_SIZE(r->element) - index) - 1],   \
> +   sizeof(r->element[0]));  \
> +}
> +#endif
> +VINSERT(b, u8, 7)
> +VINSERT(h, u16, 3)
> +VINSERT(w, u32, 1)
> +VINSERT(d, u64, 0)
> +#undef VINSERT
>  #undef SPLAT_ELEMENT
>  #undef _SPLAT_MASKED
>  
> diff --git a/target-ppc/translate/vmx-impl.c b/target-ppc/translate/vmx-impl.c
> index ac78caf..4940ae3 100644
> --- a/target-ppc/translate/vmx-impl.c
> +++ b/target-ppc/translate/vmx-impl.c
> @@ -626,10 +626,20 @@ static void glue(gen_, name)(DisasContext *ctx) 
> \
>  GEN_VXFORM_UIMM(vspltb, 6, 8);
>  GEN_VXFORM_UIMM(vsplth, 6, 9);
>  GEN_VXFORM_UIMM(vspltw, 6, 10);
> +GEN_VXFORM_UIMM(vinsertb, 6, 12);
> +GEN_VXFORM_UIMM(vinserth, 6, 13);
> +GEN_VXFORM_UIMM(vinsertw, 6, 14);
> +GEN_VXFORM_UIMM(vinsertd, 6, 15);
>  GEN_VXFORM_UIMM_ENV(vcfux, 5, 12);
>  GEN_VXFORM_UIMM_ENV(vcfsx, 5, 13);
>  GEN_VXFORM_UIMM_ENV(vctuxs, 5, 14);
>  GEN_VXFORM_UIMM_ENV(vctsxs, 5, 15);
> +GEN_VXFORM_DUAL(vspltisb, PPC_NONE, PPC2_ALTIVEC_207,
> +  vinsertb, PPC_NONE, PPC2_ISA300);
> +GEN_VXFORM_DUAL(vspltish, PPC_NONE, PPC2_ALTIVEC_207,
> +  vinserth, PPC_NONE, PPC2_ISA300);
> +GEN_VXFORM_DUAL(vspltisw, PPC_NONE, PPC2_ALTIVEC_207,
> +  vinsertw, PPC_NONE, PPC2_ISA300);
>  
>  static void gen_vsldoi(DisasContext *ctx)
>  {
> diff --git a/target-ppc/translate/vmx-ops.c b/target-ppc/translate/vmx-ops.c
> index 7449396..a5534da 100644
> --- a/target-ppc/translate/vmx-ops.c
> +++ b/target-ppc/translate/vmx-ops.c
> @@ -41,6 +41,9 @@ GEN_HANDLER_E(name, 0x04, opc2, opc3, 0x, PPC_NONE, 
> PPC2_ALTIVEC_207)
>  #define GEN_VXFORM_300(name, opc2, opc3)\
>  GEN_HANDLER_E(name, 0x04, opc2, opc3, 0x, PPC_NONE, PPC2_ISA300)
>  
> +#define GEN_VXFORM_300_EXT(name, opc2, opc3, inval) \
> +GEN_HANDLER_E(name, 0x04, opc2, opc3, inval, PPC_NONE, PPC2_ISA300)
> +
>  #define GEN_VXFORM_DUAL(name0, name1, opc2, opc3, type0, type1) \
>  GEN_HANDLER_E(name0##_##name1, 0x4, opc2, opc3, 0x, type0, type1)
>  
> @@ -191,11 +194,17 @@ GEN_VXRFORM(vcmpgefp, 3, 7)
>  GEN_VXRFORM_DUAL(vcmpgtfp, vcmpgtud, 3, 11, PPC_ALTIVEC, PPC_NONE)
>  GEN_VXRFORM_DUAL(vcmpbfp, vcmpgtsd, 3, 15, PPC_ALTIVEC, PPC_NONE)
>  
> -#define GEN_VXFORM_SIMM(name, opc2, opc3)   \
> -GEN_HANDLER(name, 0x04, opc2, opc3, 0x, PPC_ALTIVEC)
> -GEN_VXFORM_SIMM(vspltisb, 6, 12),
> -GEN_VXFORM_SIMM(vspltish, 6, 13),
> -GEN_VXFORM_SIMM(vspltisw, 6, 14),
> +#undef GEN_VXFORM_DUAL1

Why 

Re: [Qemu-devel] [PATCH] spapr: Don't support query-hotpluggable-cpus on earlier pseries machine types

[David Gibson]

On Tue, Aug 02, 2016 at 08:24:13AM +0200, Peter Krempa wrote:
> On Tue, Aug 02, 2016 at 16:20:50 +1000, David Gibson wrote:
> > On Tue, Aug 02, 2016 at 10:34:34AM +0530, Bharata B Rao wrote:
> > > On Tue, Aug 02, 2016 at 02:25:08PM +1000, David Gibson wrote:
> > > > On Power, support for vCPU hotplug is new in qemu 2.7.  However, we
> > > > currently implement the query_hotpluggable_cpus hook the same for all
> > > > pseries machine type versions.
> > > > 
> > > > However, the old-style CPU initialization doesn't work with the new 
> > > > query
> > > > code, meaning that attempting to use query-hotpluggable-cpus on a
> > > > pseries-2.6 or earlier VM will cause qemu to SEGV.
> > > > 
> > > > This fixes the problem by simply disabling the hook for earlier machine
> > > > types.
> > > 
> > > I had sent a patch to fix this and a couple of other related issues
> > > some time back and it indeed was accepted into your ppc-for-2.7 branch.
> > > 
> > > https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg01539.html
> > > 
> > > Only now I am realizing that somehow that patch didn't make it to 
> > > mainline.
> > 
> > Oh.. good point.  Sorry, that one somehow slipped through the cracks.
> > 
> > So, the remaining question is, what's the preferred behaviour for
> > older machine types:
> > 
> >   1) should query-hotpluggable-cpus give an error, the same as it does
> >  on machine types which have never supported it (this is what my
> >  patch does)
> > 
> > or
> > 
> >   2) Should query-hotpluggable-cpus succeed, but return an empty list?
> >  (this is what Bharata's patch does)
> > 
> > Igor and / or Peter, do you have an opinion on which behaviour is 
> > preferable?
> 
> I don't really care which option you select as long as the
> 'hotpluggable-cpus' field which is repored in 'query-machines' is set to
> false for machine types which don't support it. Libvirt then won't even
> call query-hotpluggable-cpus.

Ah.. and looking at it more closely, Bharata's older patch will also
get that wrong.  However, it does some other checks which might make
sense.  I'll try to merge his approach and mine.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v1 1/2] target-ppc: modsw - return 64-bit sign extended

[David Gibson]

On Tue, Aug 02, 2016 at 01:22:59PM +0530, Nikunj A Dadhania wrote:
> Reported-by: Anton Blanchard 
> Signed-off-by: Nikunj A Dadhania 
> ---
> 
> Can be squashed with the original commit

Done.

> 
>  target-ppc/translate.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target-ppc/translate.c b/target-ppc/translate.c
> index fc3d371..dc89e6a 100644
> --- a/target-ppc/translate.c
> +++ b/target-ppc/translate.c
> @@ -1243,7 +1243,7 @@ static inline void gen_op_arith_modw(DisasContext *ctx, 
> TCGv ret, TCGv arg1,
>  tcg_gen_movi_i32(t3, 0);
>  tcg_gen_movcond_i32(TCG_COND_NE, t1, t2, t3, t2, t1);
>  tcg_gen_rem_i32(t3, t0, t1);
> -tcg_gen_extu_i32_tl(ret, t3);
> +tcg_gen_ext_i32_tl(ret, t3);
>  tcg_temp_free_i32(t2);
>  tcg_temp_free_i32(t3);
>  } else {

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] vhost: don't set vring call if no vector

[Jason Wang]

On 2016年08月02日 14:37, Cornelia Huck wrote:

On Tue, 2 Aug 2016 10:39:22 +0800
Jason Wang  wrote:


On 2016年08月02日 02:00, Cornelia Huck wrote:

On Mon,  1 Aug 2016 16:07:58 +0800
Jason Wang  wrote:

+if (k->query_guest_notifiers &&
+k->query_guest_notifiers(qbus->parent) &&
+virtio_queue_vector(vdev, idx) == VIRTIO_NO_VECTOR) {

I'm trying to imagine what this means for virtio-ccw. Keep in mind that
we don't have the concept of setting a 'vector' by the OS (the vector
is setup internally to the queue index and the OS does not see it.)

->query_guest_notifiers() is true if the OS has enabled the subchannel
of the proxy device (i.e., if it is enabled for doing *anything* with
the subchannel, regardless whether the OS wants to be notified or is
planning to poll.) The second condition will never hold true for any
valid queue once the OS has setup the queues.

I see, so If I understand correctly, there's no way to detect whether or
not guest will use a specific virtqueue interrupt?

Yes. The guest will either be notified for any virtqueue (if it
registered indicators; this is always done for every vq of the device
at once), or for none.


So this won't break anything for virtio-ccw AFAICS, but I don't think
we gain anything.

Yes, but if we could infer whether or not polling is used in the driver,
this is probably all we can do for ccw.

What we could do is check whether the driver has registed indicators
and disable setting up notification for any vq of the device if not.
But I'm not sure an always-polling driver is worth optimizing for.


It's worth for at least pci transport. Consider virito-net pmd in guest, 
a NULL vring call can save unnecessary userspace memory access and 
memory barriers.

Re: [Qemu-devel] [RFC v5 7/7] hw/arm/virt-acpi-build: Add ITS description in ACPI MADT table

[Shannon Zhao]

Hi Eric,

On 2016/8/3 2:07, Eric Auger wrote:
> This patch exposes the GICv3 ITS to the ACPI guest. The ITS structure
> is added to the MADT table.
> 
> Signed-off-by: Eric Auger 
> 
> ---
> 
> v5: new
> 
> Tested with Tomasz' kernel series on guest side:
> - [PATCH V7 0/8] Introduce ACPI world to ITS,
>   https://lkml.org/lkml/2016/6/20/321
> - for running PCIe on the guest (virtio-pci-net or vhost-net)
>   the following series is also needed, although not directly ITS:
>   Support for ARM64 ACPI based PCI host controller,
>   https://lwn.net/Articles/690995/
> ---
>  hw/arm/virt-acpi-build.c|  7 +++
>  include/hw/acpi/acpi-defs.h | 13 -
>  2 files changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
> index 28fc59c..6cfedff 100644
> --- a/hw/arm/virt-acpi-build.c
> +++ b/hw/arm/virt-acpi-build.c
> @@ -546,6 +546,7 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
> VirtGuestInfo *guest_info)
>  }
>  
>  if (guest_info->gic_version == 3) {
> +AcpiMadtGicIts *gic_its;
>  AcpiMadtGenericRedistributor *gicr = acpi_data_push(table_data,
>   sizeof *gicr);
>  
> @@ -553,6 +554,12 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
> VirtGuestInfo *guest_info)
>  gicr->length = sizeof(*gicr);
>  gicr->base_address = cpu_to_le64(memmap[VIRT_GIC_REDIST].base);
>  gicr->range_length = cpu_to_le32(memmap[VIRT_GIC_REDIST].size);
> +
> +gic_its = acpi_data_push(table_data, sizeof *gic_its);
> +gic_its->type = ACPI_APIC_ITS_STRUCTURE;
> +gic_its->length = sizeof(*gic_its);
> +gic_its->gic_its_id = 0;
> +gic_its->base_address = cpu_to_le64(memmap[VIRT_GIC_ITS].base);
Since for TCG it doesn't support ITS yet, it should check here using
its_class_name().

>  } else {
>  gic_msi = acpi_data_push(table_data, sizeof *gic_msi);
>  gic_msi->type = ACPI_APIC_GENERIC_MSI_FRAME;
> diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
> index 41c1d95..ba3be1e 100644
> --- a/include/hw/acpi/acpi-defs.h
> +++ b/include/hw/acpi/acpi-defs.h
> @@ -294,7 +294,8 @@ typedef struct AcpiMultipleApicTable 
> AcpiMultipleApicTable;
>  #define ACPI_APIC_GENERIC_DISTRIBUTOR   12
>  #define ACPI_APIC_GENERIC_MSI_FRAME 13
>  #define ACPI_APIC_GENERIC_REDISTRIBUTOR 14
> -#define ACPI_APIC_RESERVED  15   /* 15 and greater are reserved 
> */
> +#define ACPI_APIC_ITS_STRUCTURE 15
use ACPI_APIC_GENERIC_TRANSLATOR instead.

> +#define ACPI_APIC_RESERVED  16   /* 16 and greater are reserved 
> */
>  
>  /*
>   * MADT sub-structures (Follow MULTIPLE_APIC_DESCRIPTION_TABLE)
> @@ -386,6 +387,16 @@ struct AcpiMadtGenericMsiFrame {
>  
>  typedef struct AcpiMadtGenericMsiFrame AcpiMadtGenericMsiFrame;
>  
> +struct AcpiMadtGicIts {
> +ACPI_SUB_HEADER_DEF
> +uint16_t reserved;
> +uint32_t gic_its_id;
> +uint64_t base_address;
> +uint32_t reserved2;
> +} QEMU_PACKED;
> +
> +typedef struct AcpiMadtGicIts AcpiMadtGicIts;
> +
Define it like below to respect the name in linux kernel and also keep
consistent with other structures.

+struct AcpiMadtGenericTranslator {
+ACPI_SUB_HEADER_DEF
+uint16_t reserved;
+uint32_t translation_id;
+uint64_t base_address;
+uint32_t reserved2;
+} QEMU_PACKED;
+
+typedef struct AcpiMadtGenericTranslator AcpiMadtGenericTranslator;

BTW, you could have a look at [1] which I sent before.

[1] https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06282.html

Thanks,
-- 
Shannon

Re: [Qemu-devel] [PATCH v2 1/2] virtio-blk: Release s->rq queue at system_reset

[Fam Zheng]

On Tue, 08/02 13:00, Paolo Bonzini wrote:
> 
> > I'd prefer if Paolo's remark (about blk_drain()'s ability to produce
> > more failed requests, stashed in s->rq) were captured in either the
> > commit message, or in a code comment. Something like:
> > 
> >   /* We drop queued requests after blk_drain() because blk_drain()
> >* itself can produce them. */
> 
> It's also (perhaps especially) because blk_drain() can consume them.  Fam's
> patch to do blk_drain() first would cause a double-free.

That "consume" part is what I don't understand.

Shouldn't blk_drain() only process submitted requests (and further requests
they dequeue indirectly), while s->rq only contains failed requests. They don't
look overlap, because I suppose failed requests are only going to be processed
by run state change.

What am I missing?

Fam

Re: [Qemu-devel] [PATCH v3 10/10] palmetto-bmc: remove extra no_sdcard assignement

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
>  hw/arm/aspeed.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
> index e71500c64bd3..6d7b70df70da 100644
> --- a/hw/arm/aspeed.c
> +++ b/hw/arm/aspeed.c
> @@ -145,7 +145,6 @@ static void palmetto_bmc_class_init(ObjectClass *oc, void 
> *data)
>  mc->no_sdcard = 1;
>  mc->no_floppy = 1;
>  mc->no_cdrom = 1;
> -mc->no_sdcard = 1;
>  mc->no_parallel = 1;
>  }
>  

signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH v3 09/10] arm: add support for an ast2500 evaluation board

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> The ast2500 eval board has a hardware strapping register value of
> 0xF100C2E6 which we use for a definition of AST2500_EVB_HW_STRAP1
> below.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
> 
>  Changes since v2:
> 
>  - removed silicon-rev and cpu-model. This is now in the SoC.
> 
>  Changes since v1:
> 
>  - changed AST2500_EDK to AST2500_EVB
>  - fixed white space issues
>  - added AST2500_HW_STRAP1 
> 
>  hw/arm/aspeed.c | 39 ++-
>  1 file changed, 38 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
> index 80907b4244ea..e71500c64bd3 100644
> --- a/hw/arm/aspeed.c
> +++ b/hw/arm/aspeed.c
> @@ -36,7 +36,8 @@ typedef struct AspeedBoardConfig {
>  } AspeedBoardConfig;
>  
>  enum {
> -PALMETTO_BMC
> +PALMETTO_BMC,
> +AST2500_EVB
>  };
>  
>  #define PALMETTO_BMC_HW_STRAP1 (\
> @@ -52,8 +53,19 @@ enum {
>  SCU_HW_STRAP_VGA_SIZE_SET(VGA_16M_DRAM) |   \
>  SCU_AST2400_HW_STRAP_BOOT_MODE(AST2400_SPI_BOOT))
>  
> +#define AST2500_EVB_HW_STRAP1 ((\
> +AST2500_HW_STRAP1_DEFAULTS |\
> +SCU_AST2500_HW_STRAP_SPI_AUTOFETCH_ENABLE | \
> +SCU_AST2500_HW_STRAP_GPIO_STRAP_ENABLE |\
> +SCU_AST2500_HW_STRAP_UART_DEBUG |   \
> +SCU_AST2500_HW_STRAP_DDR4_ENABLE |  \
> +SCU_HW_STRAP_MAC1_RGMII |   \
> +SCU_HW_STRAP_MAC0_RGMII) &  \
> +~SCU_HW_STRAP_2ND_BOOT_WDT)
> +
>  static const AspeedBoardConfig aspeed_boards[] = {
>  [PALMETTO_BMC] = { "ast2400-a0", PALMETTO_BMC_HW_STRAP1 },
> +[AST2500_EVB]  = { "ast2500-a1", AST2500_EVB_HW_STRAP1 },
>  };
>  
>  static void aspeed_board_init_flashes(AspeedSMCState *s, const char 
> *flashtype,
> @@ -143,9 +155,34 @@ static const TypeInfo palmetto_bmc_type = {
>  .class_init = palmetto_bmc_class_init,
>  };
>  
> +static void ast2500_evb_init(MachineState *machine)
> +{
> +aspeed_board_init(machine, _boards[AST2500_EVB]);
> +}
> +
> +static void ast2500_evb_class_init(ObjectClass *oc, void *data)
> +{
> +MachineClass *mc = MACHINE_CLASS(oc);
> +
> +mc->desc = "Aspeed AST2500 EVB (ARM1176)";
> +mc->init = ast2500_evb_init;
> +mc->max_cpus = 1;
> +mc->no_sdcard = 1;
> +mc->no_floppy = 1;
> +mc->no_cdrom = 1;
> +mc->no_parallel = 1;
> +}
> +
> +static const TypeInfo ast2500_evb_type = {
> +.name = MACHINE_TYPE_NAME("ast2500-evb"),
> +.parent = TYPE_MACHINE,
> +.class_init = ast2500_evb_class_init,
> +};
> +
>  static void aspeed_machine_init(void)
>  {
>  type_register_static(_bmc_type);
> +type_register_static(_evb_type);
>  }
>  
>  type_init(aspeed_machine_init)

signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH v3 08/10] aspeed: add a AST2500 SoC and support to the SCU and SDMC controllers controllers

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> Based on previous work done by Andrew Jeffery .
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
> 
>  Changes since v2:
> 
>  - more precise definitions of the hw-strap1 register
> 
>  hw/arm/aspeed_soc.c  |  2 ++
>  hw/misc/aspeed_scu.c | 45 +-
>  hw/misc/aspeed_sdmc.c|  1 +
>  include/hw/misc/aspeed_scu.h | 77 
> +++-
>  4 files changed, 123 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
> index ec6ec3546908..2408dfe70c51 100644
> --- a/hw/arm/aspeed_soc.c
> +++ b/hw/arm/aspeed_soc.c
> @@ -38,10 +38,12 @@ static const int uart_irqs[] = { 9, 32, 33, 34, 10 };
>  static const int timer_irqs[] = { 16, 17, 18, 35, 36, 37, 38, 39, };
>  
>  #define AST2400_SDRAM_BASE   0x4000
> +#define AST2500_SDRAM_BASE   0x8000
>  
>  static const AspeedSoCInfo aspeed_socs[] = {
>  { "ast2400-a0", "arm926", AST2400_A0_SILICON_REV, AST2400_SDRAM_BASE },
>  { "ast2400","arm926", AST2400_A0_SILICON_REV, AST2400_SDRAM_BASE },
> +{ "ast2500-a1", "arm1176", AST2500_A1_SILICON_REV, AST2500_SDRAM_BASE },
>  };
>  
>  /*
> diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
> index c7e2c8263f55..6dd7e1085420 100644
> --- a/hw/misc/aspeed_scu.c
> +++ b/hw/misc/aspeed_scu.c
> @@ -120,6 +120,41 @@ static const uint32_t 
> ast2400_a0_resets[ASPEED_SCU_NR_REGS] = {
>   [BMC_DEV_ID]  = 0x2402U
>  };
>  
> +/* SCU70 bit 23: 0 24Mhz. bit 11:9: 0b001 AXI:ABH ratio 2:1 */
> +/* AST2500 revision A1 */
> +
> +static const uint32_t ast2500_a1_resets[ASPEED_SCU_NR_REGS] = {
> + [SYS_RST_CTRL]= 0xFFCFFEDCU,
> + [CLK_SEL] = 0xF3F4U,
> + [CLK_STOP_CTRL]   = 0x19FC3E8BU,
> + [D2PLL_PARAM] = 0x00026108U,
> + [MPLL_PARAM]  = 0x00030291U,
> + [HPLL_PARAM]  = 0x93000400U,
> + [MISC_CTRL1]  = 0x0010U,
> + [PCI_CTRL1]   = 0x20001A03U,
> + [PCI_CTRL2]   = 0x20001A03U,
> + [PCI_CTRL3]   = 0x0430U,
> + [SYS_RST_STATUS]  = 0x0001U,
> + [SOC_SCRATCH1]= 0x00C0U, /* SoC completed DRAM init */
> + [MISC_CTRL2]  = 0x0023U,
> + [RNG_CTRL]= 0x000EU,
> + [PINMUX_CTRL2]= 0xF000U,
> + [PINMUX_CTRL3]= 0x0300U,
> + [PINMUX_CTRL4]= 0xU,
> + [PINMUX_CTRL5]= 0xA000U,
> + [WDT_RST_CTRL]= 0x0233U,
> + [PINMUX_CTRL8]= 0xU,
> + [PINMUX_CTRL9]= 0x000FU,
> + [FREE_CNTR4]  = 0x00FFU,
> + [FREE_CNTR4_EXT]  = 0x00FFU,
> + [CPU2_BASE_SEG1]  = 0x8000U,
> + [CPU2_BASE_SEG4]  = 0x1E60U,
> + [CPU2_BASE_SEG5]  = 0xC000U,
> + [UART_HPLL_CLK]   = 0x1903U,
> + [PCIE_CTRL]   = 0x007BU,
> + [BMC_DEV_ID]  = 0x2402U
> +};
> +
>  static uint64_t aspeed_scu_read(void *opaque, hwaddr offset, unsigned size)
>  {
>  AspeedSCUState *s = ASPEED_SCU(opaque);
> @@ -198,6 +233,10 @@ static void aspeed_scu_reset(DeviceState *dev)
>  case AST2400_A0_SILICON_REV:
>  reset = ast2400_a0_resets;
>  break;
> +case AST2500_A0_SILICON_REV:
> +case AST2500_A1_SILICON_REV:
> +reset = ast2500_a1_resets;
> +break;
>  default:
>  g_assert_not_reached();
>  }
> @@ -208,7 +247,11 @@ static void aspeed_scu_reset(DeviceState *dev)
>  s->regs[HW_STRAP2] = s->hw_strap2;
>  }
>  
> -static uint32_t aspeed_silicon_revs[] = { AST2400_A0_SILICON_REV, };
> +static uint32_t aspeed_silicon_revs[] = {
> +AST2400_A0_SILICON_REV,
> +AST2500_A0_SILICON_REV,
> +AST2500_A1_SILICON_REV
> +};
>  
>  bool is_supported_silicon_rev(uint32_t silicon_rev)
>  {
> diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
> index 6cc0301a6331..621d166890fa 100644
> --- a/hw/misc/aspeed_sdmc.c
> +++ b/hw/misc/aspeed_sdmc.c
> @@ -196,6 +196,7 @@ static void aspeed_sdmc_reset(DeviceState *dev)
>  break;
>  
>  case AST2500_A0_SILICON_REV:
> +case AST2500_A1_SILICON_REV:
>  s->regs[R_CONF] |=
>  ASPEED_SDMC_HW_VERSION(1) |
>  ASPEED_SDMC_VGA_APERTURE(ASPEED_SDMC_VGA_64MB) |
> diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
> index 0761f0880c69..20d7559d3395 100644
> --- a/include/hw/misc/aspeed_scu.h
> +++ b/include/hw/misc/aspeed_scu.h
> @@ -33,6 +33,7 @@ typedef struct AspeedSCUState {
>  
>  #define AST2400_A0_SILICON_REV   0x02000303U
>  #define AST2500_A0_SILICON_REV   0x04000303U
> +#define AST2500_A1_SILICON_REV   0x04010303U
>  
>  extern bool is_supported_silicon_rev(uint32_t silicon_rev);
>  
> @@ -53,7 +54,7 @@ extern bool is_supported_silicon_rev(uint32_t silicon_rev);
>   *   1. 2012/12/29 Ryan Chen Create
>   */
>  
> -/* Hardware Strapping Register definition (for 

Re: [Qemu-devel] [PATCH v3 07/10] hw/misc: use macros to define hw-strap1 register on the AST2400 Aspeed SoC

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> This gives some explanation behind the magic number 0x120CE416.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
> 
>  Changes since v2:
> 
>  - more precise definitions of the hw-strap1 register
>  - moved hw-strap1 to the board level.
> 
>  hw/arm/aspeed.c  |  15 +-
>  include/hw/misc/aspeed_scu.h | 118 
> +++
>  2 files changed, 132 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
> index 4226b8dcd95c..80907b4244ea 100644
> --- a/hw/arm/aspeed.c
> +++ b/hw/arm/aspeed.c
> @@ -39,8 +39,21 @@ enum {
>  PALMETTO_BMC
>  };
>  
> +#define PALMETTO_BMC_HW_STRAP1 (\
> +SCU_AST2400_HW_STRAP_DRAM_SIZE(DRAM_SIZE_256MB) |   \
> +SCU_AST2400_HW_STRAP_DRAM_CONFIG(2 /* DDR3 with CL=6, CWL=5 */) | \
> +SCU_AST2400_HW_STRAP_ACPI_DIS | \
> +SCU_AST2400_HW_STRAP_SET_CLK_SOURCE(AST2400_CLK_48M_IN) |   \
> +SCU_HW_STRAP_VGA_CLASS_CODE |   \
> +SCU_HW_STRAP_LPC_RESET_PIN |\
> +SCU_HW_STRAP_SPI_MODE(SCU_HW_STRAP_SPI_M_S_EN) |\
> +SCU_AST2400_HW_STRAP_SET_CPU_AHB_RATIO(AST2400_CPU_AHB_RATIO_2_1) | \
> +SCU_HW_STRAP_SPI_WIDTH |\
> +SCU_HW_STRAP_VGA_SIZE_SET(VGA_16M_DRAM) |   \
> +SCU_AST2400_HW_STRAP_BOOT_MODE(AST2400_SPI_BOOT))
> +
>  static const AspeedBoardConfig aspeed_boards[] = {
> -[PALMETTO_BMC] = { "ast2400-a0", 0x120CE416 },
> +[PALMETTO_BMC] = { "ast2400-a0", PALMETTO_BMC_HW_STRAP1 },
>  };
>  
>  static void aspeed_board_init_flashes(AspeedSMCState *s, const char 
> *flashtype,
> diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
> index fdfd982288f2..0761f0880c69 100644
> --- a/include/hw/misc/aspeed_scu.h
> +++ b/include/hw/misc/aspeed_scu.h
> @@ -36,4 +36,122 @@ typedef struct AspeedSCUState {
>  
>  extern bool is_supported_silicon_rev(uint32_t silicon_rev);
>  
> +/*
> + * Extracted from Aspeed SDK v00.03.21. Fixes and extra definitions
> + * were added.
> + *
> + * Original header file :
> + *arch/arm/mach-aspeed/include/mach/regs-scu.h
> + *
> + *Copyright (C) 2012-2020  ASPEED Technology Inc.
> + *
> + *This program is free software; you can redistribute it and/or modify
> + *it under the terms of the GNU General Public License version 2 as
> + *published by the Free Software Foundation.
> + *
> + *  History  :
> + *   1. 2012/12/29 Ryan Chen Create
> + */
> +
> +/* Hardware Strapping Register definition (for Aspeed AST2400 SOC)
> + *
> + * 31:29  Software defined strapping registers
> + * 28:27  DRAM size setting (for VGA driver use)
> + * 26:24  DRAM configuration setting
> + * 23 Enable 25 MHz reference clock input
> + * 22 Enable GPIOE pass-through mode
> + * 21 Enable GPIOD pass-through mode
> + * 20 Disable LPC to decode SuperIO 0x2E/0x4E address
> + * 19 Disable ACPI function
> + * 23,18  Clock source selection
> + * 17 Enable BMC 2nd boot watchdog timer
> + * 16 SuperIO configuration address selection
> + * 15 VGA Class Code selection
> + * 14 Enable LPC dedicated reset pin function
> + * 13:12  SPI mode selection
> + * 11:10  CPU/AHB clock frequency ratio selection
> + * 9:8H-PLL default clock frequency selection
> + * 7  Define MAC#2 interface
> + * 6  Define MAC#1 interface
> + * 5  Enable VGA BIOS ROM
> + * 4  Boot flash memory extended option
> + * 3:2VGA memory size selection
> + * 1:0BMC CPU boot code selection
> + */
> +#define SCU_AST2400_HW_STRAP_SW_DEFINE(x)  (x << 29)
> +#define SCU_AST2400_HW_STRAP_SW_DEFINE_MASK(0x7 << 29)
> +
> +#define SCU_AST2400_HW_STRAP_DRAM_SIZE(x)  (x << 27)
> +#define SCU_AST2400_HW_STRAP_DRAM_SIZE_MASK(0x3 << 27)
> +#define DRAM_SIZE_64MB 0
> +#define DRAM_SIZE_128MB1
> +#define DRAM_SIZE_256MB2
> +#define DRAM_SIZE_512MB3
> +
> +#define SCU_AST2400_HW_STRAP_DRAM_CONFIG(x)(x << 24)
> +#define SCU_AST2400_HW_STRAP_DRAM_CONFIG_MASK  (0x7 << 24)
> +
> +#define SCU_HW_STRAP_GPIOE_PT_EN   (0x1 << 22)
> +#define SCU_HW_STRAP_GPIOD_PT_EN   (0x1 << 21)
> +#define SCU_HW_STRAP_LPC_DEC_SUPER_IO  (0x1 << 20)
> +#define SCU_AST2400_HW_STRAP_ACPI_DIS  (0x1 << 19)
> +
> +/* bit 23, 18 [1,0] */
> +#define SCU_AST2400_HW_STRAP_SET_CLK_SOURCE(x) x & 0x3) >> 1) << 23) 
> | \
> +((x & 0x1) << 18))
> +#define SCU_AST2400_HW_STRAP_GET_CLK_SOURCE(x) 

Re: [Qemu-devel] [PATCH v3 06/10] palmetto-bmc: add board specific configuration

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> aspeed_board_init() now uses a board identifier to customize some values
> specific to the board.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
> 
>  Changes since v2:
> 
>  - removed silicon-rev and cpu-model. This is now in the SoC.
> 
>  Changes since v1:
> 
>  - changed aspeed_init() prototype to use a 'const AspeedBoardConfig *'
>  - fixed white space issues
> 
>  hw/arm/aspeed.c | 22 ++
>  1 file changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
> index ad0a062b5624..4226b8dcd95c 100644
> --- a/hw/arm/aspeed.c
> +++ b/hw/arm/aspeed.c
> @@ -30,6 +30,19 @@ typedef struct AspeedBoardState {
>  MemoryRegion ram;
>  } AspeedBoardState;
>  
> +typedef struct AspeedBoardConfig {
> +const char *soc_name;
> +uint32_t hw_strap1;
> +} AspeedBoardConfig;
> +
> +enum {
> +PALMETTO_BMC
> +};
> +
> +static const AspeedBoardConfig aspeed_boards[] = {
> +[PALMETTO_BMC] = { "ast2400-a0", 0x120CE416 },
> +};
> +
>  static void aspeed_board_init_flashes(AspeedSMCState *s, const char 
> *flashtype,
>    Error **errp)
>  {
> @@ -56,13 +69,14 @@ static void aspeed_board_init_flashes(AspeedSMCState *s, 
> const char *flashtype,
>  }
>  }
>  
> -static void aspeed_board_init(MachineState *machine)
> +static void aspeed_board_init(MachineState *machine,
> +  const AspeedBoardConfig *cfg)
>  {
>  AspeedBoardState *bmc;
>  AspeedSoCClass *sc;
>  
>  bmc = g_new0(AspeedBoardState, 1);
> -object_initialize(>soc, (sizeof(bmc->soc)), "ast2400-a0");
> +object_initialize(>soc, (sizeof(bmc->soc)), cfg->soc_name);
>  object_property_add_child(OBJECT(machine), "soc", OBJECT(>soc),
>    _abort);
>  
> @@ -73,7 +87,7 @@ static void aspeed_board_init(MachineState *machine)
>  >ram);
>  object_property_add_const_link(OBJECT(>soc), "ram", 
> OBJECT(>ram),
> _abort);
> -object_property_set_int(OBJECT(>soc), 0x120CE416, "hw-strap1",
> +object_property_set_int(OBJECT(>soc), cfg->hw_strap1, "hw-strap1",
>  _abort);
>  object_property_set_bool(OBJECT(>soc), true, "realized",
>   _abort);
> @@ -93,7 +107,7 @@ static void aspeed_board_init(MachineState *machine)
>  
>  static void palmetto_bmc_init(MachineState *machine)
>  {
> -aspeed_board_init(machine);
> +aspeed_board_init(machine, _boards[PALMETTO_BMC]);
>  }
>  
>  static void palmetto_bmc_class_init(ObjectClass *oc, void *data)

signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH v3 05/10] palmetto-bmc: replace palmetto_bmc with aspeed

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> This is mostly a name replacement to prepare ground for other SoCs
> specificities. It also adds a TypeInfo struct for the palmetto-bmc
> board with a custom initialization for the same reason.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
>  hw/arm/aspeed.c | 56 +---
>  1 file changed, 37 insertions(+), 19 deletions(-)
> 
> diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
> index 531c266d9449..ad0a062b5624 100644
> --- a/hw/arm/aspeed.c
> +++ b/hw/arm/aspeed.c
> @@ -21,16 +21,16 @@
>  #include "sysemu/block-backend.h"
>  #include "sysemu/blockdev.h"
>  
> -static struct arm_boot_info palmetto_bmc_binfo = {
> +static struct arm_boot_info aspeed_board_binfo = {
>  .nb_cpus = 1,
>  };
>  
> -typedef struct PalmettoBMCState {
> +typedef struct AspeedBoardState {
>  AspeedSoCState soc;
>  MemoryRegion ram;
> -} PalmettoBMCState;
> +} AspeedBoardState;
>  
> -static void palmetto_bmc_init_flashes(AspeedSMCState *s, const char 
> *flashtype,
> +static void aspeed_board_init_flashes(AspeedSMCState *s, const char 
> *flashtype,
>    Error **errp)
>  {
>  int i ;
> @@ -56,12 +56,12 @@ static void palmetto_bmc_init_flashes(AspeedSMCState *s, 
> const char *flashtype,
>  }
>  }
>  
> -static void palmetto_bmc_init(MachineState *machine)
> +static void aspeed_board_init(MachineState *machine)
>  {
> -PalmettoBMCState *bmc;
> +AspeedBoardState *bmc;
>  AspeedSoCClass *sc;
>  
> -bmc = g_new0(PalmettoBMCState, 1);
> +bmc = g_new0(AspeedBoardState, 1);
>  object_initialize(>soc, (sizeof(bmc->soc)), "ast2400-a0");
>  object_property_add_child(OBJECT(machine), "soc", OBJECT(>soc),
>    _abort);
> @@ -78,22 +78,29 @@ static void palmetto_bmc_init(MachineState *machine)
>  object_property_set_bool(OBJECT(>soc), true, "realized",
>   _abort);
>  
> -palmetto_bmc_init_flashes(>soc.smc, "n25q256a", _abort);
> -palmetto_bmc_init_flashes(>soc.spi, "mx25l25635e", _abort);
> +aspeed_board_init_flashes(>soc.smc, "n25q256a", _abort);
> +aspeed_board_init_flashes(>soc.spi, "mx25l25635e", _abort);
> +
> +aspeed_board_binfo.kernel_filename = machine->kernel_filename;
> +aspeed_board_binfo.initrd_filename = machine->initrd_filename;
> +aspeed_board_binfo.kernel_cmdline = machine->kernel_cmdline;
> +aspeed_board_binfo.ram_size = ram_size;
> +aspeed_board_binfo.board_id = sc->info->silicon_rev;
> +aspeed_board_binfo.loader_start = sc->info->sdram_base;
>  
> -palmetto_bmc_binfo.kernel_filename = machine->kernel_filename;
> -palmetto_bmc_binfo.initrd_filename = machine->initrd_filename;
> -palmetto_bmc_binfo.kernel_cmdline = machine->kernel_cmdline;
> -palmetto_bmc_binfo.ram_size = ram_size;
> -palmetto_bmc_binfo.board_id = sc->info->silicon_rev;
> -palmetto_bmc_binfo.loader_start = sc->info->sdram_base;
> +arm_load_kernel(ARM_CPU(first_cpu), _board_binfo);
> +}
>  
> -arm_load_kernel(ARM_CPU(first_cpu), _bmc_binfo);
> +static void palmetto_bmc_init(MachineState *machine)
> +{
> +aspeed_board_init(machine);
>  }
>  
> -static void palmetto_bmc_machine_init(MachineClass *mc)
> +static void palmetto_bmc_class_init(ObjectClass *oc, void *data)
>  {
> -mc->desc = "OpenPOWER Palmetto BMC";
> +MachineClass *mc = MACHINE_CLASS(oc);
> +
> +mc->desc = "OpenPOWER Palmetto BMC (ARM926EJ-S)";
>  mc->init = palmetto_bmc_init;
>  mc->max_cpus = 1;
>  mc->no_sdcard = 1;
> @@ -103,4 +110,15 @@ static void palmetto_bmc_machine_init(MachineClass *mc)
>  mc->no_parallel = 1;
>  }
>  
> -DEFINE_MACHINE("palmetto-bmc", palmetto_bmc_machine_init);
> +static const TypeInfo palmetto_bmc_type = {
> +.name = MACHINE_TYPE_NAME("palmetto-bmc"),
> +.parent = TYPE_MACHINE,
> +.class_init = palmetto_bmc_class_init,
> +};
> +
> +static void aspeed_machine_init(void)
> +{
> +type_register_static(_bmc_type);
> +}
> +
> +type_init(aspeed_machine_init)

signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH v3 04/10] palmetto-bmc: rename the Aspeed board file to aspeed.c

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> We plan to add more Aspeed boards to this file. There are no changes
> in the code.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
>  hw/arm/Makefile.objs  |   2 +-
>  hw/arm/aspeed.c   | 106 
> ++
>  hw/arm/palmetto-bmc.c | 106 
> --
>  3 files changed, 107 insertions(+), 107 deletions(-)
>  create mode 100644 hw/arm/aspeed.c
>  delete mode 100644 hw/arm/palmetto-bmc.c
> 
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index 7901294630b1..4c5c4ee76c12 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -17,4 +17,4 @@ obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
>  obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
>  obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
>  obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
> -obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o palmetto-bmc.o
> +obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o
> diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
> new file mode 100644
> index ..531c266d9449
> --- /dev/null
> +++ b/hw/arm/aspeed.c
> @@ -0,0 +1,106 @@
> +/*
> + * OpenPOWER Palmetto BMC
> + *
> + * Andrew Jeffery 
> + *
> + * Copyright 2016 IBM Corp.
> + *
> + * This code is licensed under the GPL version 2 or later.  See
> + * the COPYING file in the top-level directory.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qapi/error.h"
> +#include "qemu-common.h"
> +#include "cpu.h"
> +#include "exec/address-spaces.h"
> +#include "hw/arm/arm.h"
> +#include "hw/arm/aspeed_soc.h"
> +#include "hw/boards.h"
> +#include "qemu/log.h"
> +#include "sysemu/block-backend.h"
> +#include "sysemu/blockdev.h"
> +
> +static struct arm_boot_info palmetto_bmc_binfo = {
> +.nb_cpus = 1,
> +};
> +
> +typedef struct PalmettoBMCState {
> +AspeedSoCState soc;
> +MemoryRegion ram;
> +} PalmettoBMCState;
> +
> +static void palmetto_bmc_init_flashes(AspeedSMCState *s, const char 
> *flashtype,
> +  Error **errp)
> +{
> +int i ;
> +
> +for (i = 0; i < s->num_cs; ++i) {
> +AspeedSMCFlash *fl = >flashes[i];
> +DriveInfo *dinfo = drive_get_next(IF_MTD);
> +qemu_irq cs_line;
> +
> +/*
> + * FIXME: check that we are not using a flash module exceeding
> + * the controller segment size
> + */
> +fl->flash = ssi_create_slave_no_init(s->spi, flashtype);
> +if (dinfo) {
> +qdev_prop_set_drive(fl->flash, "drive", 
> blk_by_legacy_dinfo(dinfo),
> +errp);
> +}
> +qdev_init_nofail(fl->flash);
> +
> +cs_line = qdev_get_gpio_in_named(fl->flash, SSI_GPIO_CS, 0);
> +sysbus_connect_irq(SYS_BUS_DEVICE(s), i + 1, cs_line);
> +}
> +}
> +
> +static void palmetto_bmc_init(MachineState *machine)
> +{
> +PalmettoBMCState *bmc;
> +AspeedSoCClass *sc;
> +
> +bmc = g_new0(PalmettoBMCState, 1);
> +object_initialize(>soc, (sizeof(bmc->soc)), "ast2400-a0");
> +object_property_add_child(OBJECT(machine), "soc", OBJECT(>soc),
> +  _abort);
> +
> +sc = ASPEED_SOC_GET_CLASS(>soc);
> +
> +memory_region_allocate_system_memory(>ram, NULL, "ram", ram_size);
> +memory_region_add_subregion(get_system_memory(), sc->info->sdram_base,
> +>ram);
> +object_property_add_const_link(OBJECT(>soc), "ram", 
> OBJECT(>ram),
> +   _abort);
> +object_property_set_int(OBJECT(>soc), 0x120CE416, "hw-strap1",
> +_abort);
> +object_property_set_bool(OBJECT(>soc), true, "realized",
> + _abort);
> +
> +palmetto_bmc_init_flashes(>soc.smc, "n25q256a", _abort);
> +palmetto_bmc_init_flashes(>soc.spi, "mx25l25635e", _abort);
> +
> +palmetto_bmc_binfo.kernel_filename = machine->kernel_filename;
> +palmetto_bmc_binfo.initrd_filename = machine->initrd_filename;
> +palmetto_bmc_binfo.kernel_cmdline = machine->kernel_cmdline;
> +palmetto_bmc_binfo.ram_size = ram_size;
> +palmetto_bmc_binfo.board_id = sc->info->silicon_rev;
> +palmetto_bmc_binfo.loader_start = sc->info->sdram_base;
> +
> +arm_load_kernel(ARM_CPU(first_cpu), _bmc_binfo);
> +}
> +
> +static void palmetto_bmc_machine_init(MachineClass *mc)
> +{
> +mc->desc = "OpenPOWER Palmetto BMC";
> +mc->init = palmetto_bmc_init;
> +mc->max_cpus = 1;
> +mc->no_sdcard = 1;
> +mc->no_floppy = 1;
> +mc->no_cdrom = 1;
> +mc->no_sdcard = 1;
> +mc->no_parallel = 1;
> +}
> +
> +DEFINE_MACHINE("palmetto-bmc", palmetto_bmc_machine_init);
> diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
> deleted file mode 100644
> index 531c266d9449..
> --- a/hw/arm/palmetto-bmc.c
> +++ 

Re: [Qemu-devel] [PATCH v3 03/10] aspeed-soc: provide a framework to add new SoCs

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> Let's define an object class for each Aspeed SoC we support. A
> AspeedSoCInfo struct gathers the SoC specifications which can later
> be
> used by an instance of the class or by a board using the SoC.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
>  hw/arm/aspeed_soc.c | 27 ---
>  hw/arm/palmetto-bmc.c   | 12 
>  include/hw/arm/aspeed_soc.h | 17 -
>  3 files changed, 48 insertions(+), 8 deletions(-)
> 
> diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
> index 1bec478fef68..ec6ec3546908 100644
> --- a/hw/arm/aspeed_soc.c
> +++ b/hw/arm/aspeed_soc.c
> @@ -37,6 +37,13 @@
>  static const int uart_irqs[] = { 9, 32, 33, 34, 10 };
>  static const int timer_irqs[] = { 16, 17, 18, 35, 36, 37, 38, 39, };
>  
> +#define AST2400_SDRAM_BASE   0x4000
> +
> +static const AspeedSoCInfo aspeed_socs[] = {
> +{ "ast2400-a0", "arm926", AST2400_A0_SILICON_REV,
> AST2400_SDRAM_BASE },
> +{ "ast2400","arm926", AST2400_A0_SILICON_REV,
> AST2400_SDRAM_BASE },
> +};
> +
>  /*
>   * IO handlers: simply catch any reads/writes to IO addresses that
> aren't
>   * handled by a device mapping.
> @@ -65,8 +72,9 @@ static const MemoryRegionOps aspeed_soc_io_ops = {
>  static void aspeed_soc_init(Object *obj)
>  {
>  AspeedSoCState *s = ASPEED_SOC(obj);
> +AspeedSoCClass *sc = ASPEED_SOC_GET_CLASS(s);
>  
> -s->cpu = cpu_arm_init("arm926");
> +s->cpu = cpu_arm_init(sc->info->cpu_model);
>  
>  object_initialize(>vic, sizeof(s->vic), TYPE_ASPEED_VIC);
>  object_property_add_child(obj, "vic", OBJECT(>vic), NULL);
> @@ -84,7 +92,7 @@ static void aspeed_soc_init(Object *obj)
>  object_property_add_child(obj, "scu", OBJECT(>scu), NULL);
>  qdev_set_parent_bus(DEVICE(>scu), sysbus_get_default());
>  qdev_prop_set_uint32(DEVICE(>scu), "silicon-rev",
> - AST2400_A0_SILICON_REV);
> + sc->info->silicon_rev);
>  object_property_add_alias(obj, "hw-strap1", OBJECT(>scu),
>    "hw-strap1", _abort);
>  object_property_add_alias(obj, "hw-strap2", OBJECT(>scu),
> @@ -102,7 +110,7 @@ static void aspeed_soc_init(Object *obj)
>  object_property_add_child(obj, "sdmc", OBJECT(>sdmc), NULL);
>  qdev_set_parent_bus(DEVICE(>sdmc), sysbus_get_default());
>  qdev_prop_set_uint32(DEVICE(>sdmc), "silicon-rev",
> - AST2400_A0_SILICON_REV);
> + sc->info->silicon_rev);
>  }
>  
>  static void aspeed_soc_realize(DeviceState *dev, Error **errp)
> @@ -202,7 +210,9 @@ static void aspeed_soc_realize(DeviceState *dev,
> Error **errp)
>  static void aspeed_soc_class_init(ObjectClass *oc, void *data)
>  {
>  DeviceClass *dc = DEVICE_CLASS(oc);
> +AspeedSoCClass *sc = ASPEED_SOC_CLASS(oc);
>  
> +sc->info = (AspeedSoCInfo *) data;
>  dc->realize = aspeed_soc_realize;
>  
>  /*
> @@ -222,7 +232,18 @@ static const TypeInfo aspeed_soc_type_info = {
>  
>  static void aspeed_soc_register_types(void)
>  {
> +int i;
> +
>  type_register_static(_soc_type_info);
> +for (i = 0; i < ARRAY_SIZE(aspeed_socs); ++i) {
> +TypeInfo ti = {
> +.name   = aspeed_socs[i].name,
> +.parent = TYPE_ASPEED_SOC,
> +.class_init = aspeed_soc_class_init,
> +.class_data = (void *) _socs[i],
> +};
> +type_register();
> +}
>  }
>  
>  type_init(aspeed_soc_register_types)
> diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
> index 4d11905cfb18..531c266d9449 100644
> --- a/hw/arm/palmetto-bmc.c
> +++ b/hw/arm/palmetto-bmc.c
> @@ -22,8 +22,6 @@
>  #include "sysemu/blockdev.h"
>  
>  static struct arm_boot_info palmetto_bmc_binfo = {
> -.loader_start = AST2400_SDRAM_BASE,
> -.board_id = 0,
>  .nb_cpus = 1,
>  };
>  
> @@ -61,14 +59,17 @@ static void
> palmetto_bmc_init_flashes(AspeedSMCState *s, const char *flashtype,
>  static void palmetto_bmc_init(MachineState *machine)
>  {
>  PalmettoBMCState *bmc;
> +AspeedSoCClass *sc;
>  
>  bmc = g_new0(PalmettoBMCState, 1);
> -object_initialize(>soc, (sizeof(bmc->soc)),
> TYPE_ASPEED_SOC);
> +object_initialize(>soc, (sizeof(bmc->soc)), "ast2400-a0");
>  object_property_add_child(OBJECT(machine), "soc", OBJECT(
> >soc),
>    _abort);
>  
> +sc = ASPEED_SOC_GET_CLASS(>soc);
> +
>  memory_region_allocate_system_memory(>ram, NULL, "ram",
> ram_size);
> -memory_region_add_subregion(get_system_memory(),
> AST2400_SDRAM_BASE,
> +memory_region_add_subregion(get_system_memory(), sc->info-
> >sdram_base,
>  >ram);
>  object_property_add_const_link(OBJECT(>soc), "ram",
> OBJECT(>ram),
> _abort);
> @@ -84,6 +85,9 @@ static 

Re: [Qemu-devel] [PATCH v3 02/10] ast2400: replace ast2400 with aspeed_soc

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> This is a name replacement to prepare ground for other SoCs.
> 
> Let's also remove the AST2400_SMC_BASE definition from the address
> space mappings, as it is not used. This controller was removed from
> the Aspeed SoC AST2500, so this provides us a better common base for
> the address space mapping on both SoCs.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
>  hw/arm/aspeed_soc.c | 95 ++-
> --
>  hw/arm/palmetto-bmc.c   |  4 +-
>  include/hw/arm/aspeed_soc.h | 16 
>  3 files changed, 57 insertions(+), 58 deletions(-)
> 
> diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
> index b272f4e48cfc..1bec478fef68 100644
> --- a/hw/arm/aspeed_soc.c
> +++ b/hw/arm/aspeed_soc.c
> @@ -1,5 +1,5 @@
>  /*
> - * AST2400 SoC
> + * ASPEED SoC family
>   *
>   * Andrew Jeffery 
>   * Jeremy Kerr 
> @@ -20,20 +20,19 @@
>  #include "qemu/log.h"
>  #include "hw/i2c/aspeed_i2c.h"
>  
> -#define AST2400_UART_5_BASE  0x00184000
> -#define AST2400_IOMEM_SIZE   0x0020
> -#define AST2400_IOMEM_BASE   0x1E60
> -#define AST2400_SMC_BASE AST2400_IOMEM_BASE /* Legacy SMC */
> -#define AST2400_FMC_BASE 0X1E62
> -#define AST2400_SPI_BASE 0X1E63
> -#define AST2400_VIC_BASE 0x1E6C
> -#define AST2400_SDMC_BASE0x1E6E
> -#define AST2400_SCU_BASE 0x1E6E2000
> -#define AST2400_TIMER_BASE   0x1E782000
> -#define AST2400_I2C_BASE 0x1E78A000
> -
> -#define AST2400_FMC_FLASH_BASE   0x2000
> -#define AST2400_SPI_FLASH_BASE   0x3000
> +#define ASPEED_SOC_UART_5_BASE  0x00184000
> +#define ASPEED_SOC_IOMEM_SIZE   0x0020
> +#define ASPEED_SOC_IOMEM_BASE   0x1E60
> +#define ASPEED_SOC_FMC_BASE 0x1E62
> +#define ASPEED_SOC_SPI_BASE 0x1E63
> +#define ASPEED_SOC_VIC_BASE 0x1E6C
> +#define ASPEED_SOC_SDMC_BASE0x1E6E
> +#define ASPEED_SOC_SCU_BASE 0x1E6E2000
> +#define ASPEED_SOC_TIMER_BASE   0x1E782000
> +#define ASPEED_SOC_I2C_BASE 0x1E78A000
> +
> +#define ASPEED_SOC_FMC_FLASH_BASE   0x2000
> +#define ASPEED_SOC_SPI_FLASH_BASE   0x3000
>  
>  static const int uart_irqs[] = { 9, 32, 33, 34, 10 };
>  static const int timer_irqs[] = { 16, 17, 18, 35, 36, 37, 38, 39, };
> @@ -43,29 +42,29 @@ static const int timer_irqs[] = { 16, 17, 18, 35,
> 36, 37, 38, 39, };
>   * handled by a device mapping.
>   */
>  
> -static uint64_t ast2400_io_read(void *p, hwaddr offset, unsigned
> size)
> +static uint64_t aspeed_soc_io_read(void *p, hwaddr offset, unsigned
> size)
>  {
>  qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " [%u]\n",
>    __func__, offset, size);
>  return 0;
>  }
>  
> -static void ast2400_io_write(void *opaque, hwaddr offset, uint64_t
> value,
> +static void aspeed_soc_io_write(void *opaque, hwaddr offset,
> uint64_t value,
>  unsigned size)
>  {
>  qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " <- 0x%" PRIx64
> " [%u]\n",
>    __func__, offset, value, size);
>  }
>  
> -static const MemoryRegionOps ast2400_io_ops = {
> -.read = ast2400_io_read,
> -.write = ast2400_io_write,
> +static const MemoryRegionOps aspeed_soc_io_ops = {
> +.read = aspeed_soc_io_read,
> +.write = aspeed_soc_io_write,
>  .endianness = DEVICE_LITTLE_ENDIAN,
>  };
>  
> -static void ast2400_init(Object *obj)
> +static void aspeed_soc_init(Object *obj)
>  {
> -AST2400State *s = AST2400(obj);
> +AspeedSoCState *s = ASPEED_SOC(obj);
>  
>  s->cpu = cpu_arm_init("arm926");
>  
> @@ -106,17 +105,17 @@ static void ast2400_init(Object *obj)
>   AST2400_A0_SILICON_REV);
>  }
>  
> -static void ast2400_realize(DeviceState *dev, Error **errp)
> +static void aspeed_soc_realize(DeviceState *dev, Error **errp)
>  {
>  int i;
> -AST2400State *s = AST2400(dev);
> +AspeedSoCState *s = ASPEED_SOC(dev);
>  Error *err = NULL, *local_err = NULL;
>  
>  /* IO space */
> -memory_region_init_io(>iomem, NULL, _io_ops, NULL,
> -"ast2400.io", AST2400_IOMEM_SIZE);
> -memory_region_add_subregion_overlap(get_system_memory(),
> AST2400_IOMEM_BASE,
> ->iomem, -1);
> +memory_region_init_io(>iomem, NULL, _soc_io_ops, NULL,
> +"aspeed_soc.io", ASPEED_SOC_IOMEM_SIZE);
> +memory_region_add_subregion_overlap(get_system_memory(),
> +ASPEED_SOC_IOMEM_BASE, 
> >iomem, -1);
>  
>  /* VIC */
>  object_property_set_bool(OBJECT(>vic), true, "realized",
> );
> @@ -124,7 +123,7 @@ static void ast2400_realize(DeviceState *dev,
> Error **errp)
>  error_propagate(errp, err);
>  return;
>  }
> -sysbus_mmio_map(SYS_BUS_DEVICE(>vic), 0, AST2400_VIC_BASE);
> +   

Re: [Qemu-devel] [PATCH v3 01/10] ast2400: rename the Aspeed SoC files to aspeed_soc

[Andrew Jeffery]

On Tue, 2016-08-02 at 19:15 +0200, Cédric Le Goater wrote:
> Let's prepare for new Aspeed SoCs and rename the ast2400 file to a
> more generic one. There are no changes in the code apart from the
> header file include.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: Andrew Jeffery 

> ---
>  hw/arm/Makefile.objs|   2 +-
>  hw/arm/aspeed_soc.c | 229
> 
>  hw/arm/ast2400.c| 229 --
> --
>  hw/arm/palmetto-bmc.c   |   2 +-
>  include/hw/arm/aspeed_soc.h |  44 +
>  include/hw/arm/ast2400.h|  44 -
>  6 files changed, 275 insertions(+), 275 deletions(-)
>  create mode 100644 hw/arm/aspeed_soc.c
>  delete mode 100644 hw/arm/ast2400.c
>  create mode 100644 include/hw/arm/aspeed_soc.h
>  delete mode 100644 include/hw/arm/ast2400.h
> 
> diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
> index 12764ef2b719..7901294630b1 100644
> --- a/hw/arm/Makefile.objs
> +++ b/hw/arm/Makefile.objs
> @@ -17,4 +17,4 @@ obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-
> ep108.o
>  obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
>  obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
>  obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
> -obj-$(CONFIG_ASPEED_SOC) += ast2400.o palmetto-bmc.o
> +obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o palmetto-bmc.o
> diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
> new file mode 100644
> index ..b272f4e48cfc
> --- /dev/null
> +++ b/hw/arm/aspeed_soc.c
> @@ -0,0 +1,229 @@
> +/*
> + * AST2400 SoC
> + *
> + * Andrew Jeffery 
> + * Jeremy Kerr 
> + *
> + * Copyright 2016 IBM Corp.
> + *
> + * This code is licensed under the GPL version 2 or later.  See
> + * the COPYING file in the top-level directory.
> + */
> +
> +#include "qemu/osdep.h"
> +#include "qapi/error.h"
> +#include "qemu-common.h"
> +#include "cpu.h"
> +#include "exec/address-spaces.h"
> +#include "hw/arm/aspeed_soc.h"
> +#include "hw/char/serial.h"
> +#include "qemu/log.h"
> +#include "hw/i2c/aspeed_i2c.h"
> +
> +#define AST2400_UART_5_BASE  0x00184000
> +#define AST2400_IOMEM_SIZE   0x0020
> +#define AST2400_IOMEM_BASE   0x1E60
> +#define AST2400_SMC_BASE AST2400_IOMEM_BASE /* Legacy SMC */
> +#define AST2400_FMC_BASE 0X1E62
> +#define AST2400_SPI_BASE 0X1E63
> +#define AST2400_VIC_BASE 0x1E6C
> +#define AST2400_SDMC_BASE0x1E6E
> +#define AST2400_SCU_BASE 0x1E6E2000
> +#define AST2400_TIMER_BASE   0x1E782000
> +#define AST2400_I2C_BASE 0x1E78A000
> +
> +#define AST2400_FMC_FLASH_BASE   0x2000
> +#define AST2400_SPI_FLASH_BASE   0x3000
> +
> +static const int uart_irqs[] = { 9, 32, 33, 34, 10 };
> +static const int timer_irqs[] = { 16, 17, 18, 35, 36, 37, 38, 39, };
> +
> +/*
> + * IO handlers: simply catch any reads/writes to IO addresses that
> aren't
> + * handled by a device mapping.
> + */
> +
> +static uint64_t ast2400_io_read(void *p, hwaddr offset, unsigned
> size)
> +{
> +qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " [%u]\n",
> +  __func__, offset, size);
> +return 0;
> +}
> +
> +static void ast2400_io_write(void *opaque, hwaddr offset, uint64_t
> value,
> +unsigned size)
> +{
> +qemu_log_mask(LOG_UNIMP, "%s: 0x%" HWADDR_PRIx " <- 0x%" PRIx64
> " [%u]\n",
> +  __func__, offset, value, size);
> +}
> +
> +static const MemoryRegionOps ast2400_io_ops = {
> +.read = ast2400_io_read,
> +.write = ast2400_io_write,
> +.endianness = DEVICE_LITTLE_ENDIAN,
> +};
> +
> +static void ast2400_init(Object *obj)
> +{
> +AST2400State *s = AST2400(obj);
> +
> +s->cpu = cpu_arm_init("arm926");
> +
> +object_initialize(>vic, sizeof(s->vic), TYPE_ASPEED_VIC);
> +object_property_add_child(obj, "vic", OBJECT(>vic), NULL);
> +qdev_set_parent_bus(DEVICE(>vic), sysbus_get_default());
> +
> +object_initialize(>timerctrl, sizeof(s->timerctrl),
> TYPE_ASPEED_TIMER);
> +object_property_add_child(obj, "timerctrl", OBJECT(
> >timerctrl), NULL);
> +qdev_set_parent_bus(DEVICE(>timerctrl),
> sysbus_get_default());
> +
> +object_initialize(>i2c, sizeof(s->i2c), TYPE_ASPEED_I2C);
> +object_property_add_child(obj, "i2c", OBJECT(>i2c), NULL);
> +qdev_set_parent_bus(DEVICE(>i2c), sysbus_get_default());
> +
> +object_initialize(>scu, sizeof(s->scu), TYPE_ASPEED_SCU);
> +object_property_add_child(obj, "scu", OBJECT(>scu), NULL);
> +qdev_set_parent_bus(DEVICE(>scu), sysbus_get_default());
> +qdev_prop_set_uint32(DEVICE(>scu), "silicon-rev",
> + AST2400_A0_SILICON_REV);
> +object_property_add_alias(obj, "hw-strap1", OBJECT(>scu),
> +  "hw-strap1", _abort);
> +object_property_add_alias(obj, "hw-strap2", OBJECT(>scu),
> +  

Re: [Qemu-devel] [PATCH 0/2] hw/ppc: fdt cleanups

[David Gibson]

On Tue, Aug 02, 2016 at 07:37:59PM +0200, Cédric Le Goater wrote:
> Hello,
> 
> Here are a couple of enhancements for sPAPR but PowerNV should use
> them also.

Applied to ppc-for-2.8, thanks.

> 
> Thanks,
> 
> C. 
> 
> Cédric Le Goater (2):
>   hw/ppc: use error_report instead of fprintf
>   hw/ppc: add a ppc_create_page_sizes_prop() helper routine
> 
>  hw/ppc/Makefile.objs |  2 +-
>  hw/ppc/fdt.c | 49 +
>  hw/ppc/spapr.c   | 48 +++-
>  hw/ppc/spapr_drc.c   |  8 
>  hw/ppc/spapr_iommu.c |  4 ++--
>  hw/ppc/spapr_rtas.c  | 13 +++--
>  hw/ppc/spapr_vio.c   |  3 ++-
>  include/hw/ppc/fdt.h | 13 ++---
>  8 files changed, 82 insertions(+), 58 deletions(-)
>  create mode 100644 hw/ppc/fdt.c
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] ppc: Fix macio ESCC legacy mapping

[David Gibson]

On Tue, Aug 02, 2016 at 07:22:43PM +1000, Benjamin Herrenschmidt wrote:
> The current mapping, while correct for the base ports (which is all the
> driver uses these days), is wrong for the extended registers. 
> 
> I suspect the bugs come from incorrect tables in the CHRP IO Ref document,
> I have verified the new values here match Apple's MacTech.pdf.
> 
> Note: Nothing that I know of actually uses these registers so it's not a
> huge deal, but this patch has the added advantage of adding comments to
> document what the registers are.
> 
> Signed-off-by: Benjamin Herrenschmidt 

Applied to ppc-for-2.8, thanks.

> ---
> 
> diff --git a/hw/misc/macio/macio.c b/hw/misc/macio/macio.c
> index be03926..5d57f45 100644
> --- a/hw/misc/macio/macio.c
> +++ b/hw/misc/macio/macio.c
> @@ -89,22 +89,16 @@ static void macio_escc_legacy_setup(MacIOState 
> *macio_state)
>  MemoryRegion *bar = _state->bar;
>  int i;
>  static const int maps[] = {
> -0x00, 0x00,
> -0x02, 0x20,
> -0x04, 0x10,
> -0x06, 0x30,
> -0x08, 0x40,
> -0x0A, 0x50,
> -0x60, 0x60,
> -0x70, 0x70,
> -0x80, 0x70,
> -0x90, 0x80,
> -0xA0, 0x90,
> -0xB0, 0xA0,
> -0xC0, 0xB0,
> -0xD0, 0xC0,
> -0xE0, 0xD0,
> -0xF0, 0xE0,
> +0x00, 0x00, /* Command B */
> +0x02, 0x20, /* Command A */
> +0x04, 0x10, /* Data B */
> +0x06, 0x30, /* Data A */
> +0x08, 0x40, /* Enhancement B */
> +0x0A, 0x50, /* Enhancement A */
> +0x80, 0x80, /* Recovery count */
> +0x90, 0x90, /* Start A */
> +0xa0, 0xa0, /* Start B */
> +0xb0, 0xb0, /* Detect AB */
>  };
>  
>  memory_region_init(escc_legacy, OBJECT(macio_state), "escc-legacy", 256);
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v9 3/8] loader: Allow a custom AddressSpace when loading ROMs

[Alistair Francis]

On Fri, Jul 29, 2016 at 8:56 AM, Peter Maydell  wrote:
> On 14 July 2016 at 01:03, Alistair Francis  
> wrote:
>> When loading ROMs allow the caller to specify an AddressSpace to use for
>> the load.
>>
>> Signed-off-by: Alistair Francis 
>> ---
>> V9:
>>  - Fixup the ROM ordering
>>  - Don't allow address space and memory region to be specified
>> V8:
>>  - Introduce an RFC version of AddressSpace loading support
>>
>>  hw/core/loader.c | 39 ---
>>  include/hw/elf_ops.h |  2 +-
>>  include/hw/loader.h  | 10 ++
>>  3 files changed, 35 insertions(+), 16 deletions(-)
>>
>> diff --git a/hw/core/loader.c b/hw/core/loader.c
>> index 6b61f29..a024133 100644
>> --- a/hw/core/loader.c
>> +++ b/hw/core/loader.c
>> @@ -777,6 +777,7 @@ struct Rom {
>>
>>  uint8_t *data;
>>  MemoryRegion *mr;
>> +AddressSpace *as;
>>  int isrom;
>>  char *fw_dir;
>>  char *fw_file;
>> @@ -796,12 +797,15 @@ static void rom_insert(Rom *rom)
>>  hw_error ("ROM images must be loaded at startup\n");
>>  }
>>
>> -/* list is ordered by load address */
>> +/* List is ordered by load address in the same address space */
>>  QTAILQ_FOREACH(item, , next) {
>> -if (rom->addr >= item->addr)
>> -continue;
>> -QTAILQ_INSERT_BEFORE(item, rom, next);
>> -return;
>> +if (rom->addr >= item->addr && rom->as == item->as) {
>> +QTAILQ_INSERT_AFTER(, item, rom, next);
>> +return;
>> +} else if (rom->addr <= item->addr && rom->as == item->as) {
>> +QTAILQ_INSERT_BEFORE(item, rom, next);
>> +return;
>> +}
>>  }
>>  QTAILQ_INSERT_TAIL(, rom, next);
>
> This seems a somewhat confusing way of writing this. I think you
> should define a comparison function and then just replace the
> current "rom->addr >= item->addr" with "rom_order_compare(rom, item) >= 0".
> Then it's clear what the comparison you're using to define the
> sorted order is and that the loop will put things in in sorted
> position.

I tidied this up so it is easier to read and am now using the
rom_order_compare() function.

>
>>  }
>> @@ -833,16 +837,25 @@ static void *rom_set_mr(Rom *rom, Object *owner, const 
>> char *name)
>>
>>  int rom_add_file(const char *file, const char *fw_dir,
>>   hwaddr addr, int32_t bootindex,
>> - bool option_rom, MemoryRegion *mr)
>> + bool option_rom, MemoryRegion *mr,
>> + AddressSpace *as)
>>  {
>>  MachineClass *mc = MACHINE_GET_CLASS(qdev_get_machine());
>>  Rom *rom;
>>  int rc, fd = -1;
>>  char devpath[100];
>>
>> +if (as && mr) {
>> +fprintf(stderr, "Specifying an Address Space and Memory Region is " 
>> \
>> +"not valid when loading a rom\n");
>
> Some day we'll fix this up to use Errors, but that day need not be today.

Phew!

>
>> +/* We haven't allocated anything so we don't need any cleanup */
>> +return -1;
>> +}
>> +
>>  rom = g_malloc0(sizeof(*rom));
>>  rom->name = g_strdup(file);
>>  rom->path = qemu_find_file(QEMU_FILE_TYPE_BIOS, rom->name);
>> +rom->as = as;
>>  if (rom->path == NULL) {
>>  rom->path = g_strdup(file);
>>  }
>> @@ -969,7 +982,7 @@ MemoryRegion *rom_add_blob(const char *name, const void 
>> *blob, size_t len,
>>   * memory ownership of "data", so we don't have to allocate and copy the 
>> buffer.
>>   */
>>  int rom_add_elf_program(const char *name, void *data, size_t datasize,
>> -size_t romsize, hwaddr addr)
>> +size_t romsize, hwaddr addr, AddressSpace *as)
>>  {
>>  Rom *rom;
>>
>> @@ -979,18 +992,19 @@ int rom_add_elf_program(const char *name, void *data, 
>> size_t datasize,
>>  rom->datasize = datasize;
>>  rom->romsize  = romsize;
>>  rom->data = data;
>> +rom->as   = as;
>>  rom_insert(rom);
>>  return 0;
>>  }
>>
>>  int rom_add_vga(const char *file)
>>  {
>> -return rom_add_file(file, "vgaroms", 0, -1, true, NULL);
>> +return rom_add_file(file, "vgaroms", 0, -1, true, NULL, NULL);
>>  }
>>
>>  int rom_add_option(const char *file, int32_t bootindex)
>>  {
>> -return rom_add_file(file, "genroms", 0, bootindex, true, NULL);
>> +return rom_add_file(file, "genroms", 0, bootindex, true, NULL, NULL);
>>  }
>>
>>  static void rom_reset(void *unused)
>> @@ -1008,7 +1022,8 @@ static void rom_reset(void *unused)
>>  void *host = memory_region_get_ram_ptr(rom->mr);
>>  memcpy(host, rom->data, rom->datasize);
>>  } else {
>> -cpu_physical_memory_write_rom(_space_memory,
>> +cpu_physical_memory_write_rom(rom->as ? rom->as :
>> +_space_memory,
>
> Should we just make rom->as be 

Re: [Qemu-devel] [Qemu-block] [PATCH for-2.7] block: Accept any target node for transactional blockdev-backup

[John Snow]

On 08/02/2016 01:22 PM, Kevin Wolf wrote:

Commit 0d978913 changed blockdev-backup to accept arbitrary node names
instead of device names (i.e. root nodes) for the backup target.
However, it forgot to make the same change in transactions and to update


http://i.imgur.com/PfBxuOb.gif


the documentation. This patch fixes these omissions.

Signed-off-by: Kevin Wolf 
---
 blockdev.c   | 8 
 qapi/block-core.json | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index eafeba9..2161400 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1937,7 +1937,8 @@ static void blockdev_backup_prepare(BlkActionState 
*common, Error **errp)
 {
 BlockdevBackupState *state = DO_UPCAST(BlockdevBackupState, common, 
common);
 BlockdevBackup *backup;
-BlockBackend *blk, *target;
+BlockBackend *blk;
+BlockDriverState *target;
 Error *local_err = NULL;

 assert(common->action->type == TRANSACTION_ACTION_KIND_BLOCKDEV_BACKUP);
@@ -1954,15 +1955,14 @@ static void blockdev_backup_prepare(BlkActionState 
*common, Error **errp)
 return;
 }

-target = blk_by_name(backup->target);
+target = bdrv_lookup_bs(backup->target, backup->target, errp);
 if (!target) {
-error_setg(errp, "Device '%s' not found", backup->target);
 return;
 }

 /* AioContext is released in .clean() */
 state->aio_context = blk_get_aio_context(blk);
-if (state->aio_context != blk_get_aio_context(target)) {
+if (state->aio_context != bdrv_get_aio_context(target)) {
 state->aio_context = NULL;
 error_setg(errp, "Backup between two IO threads is not implemented");
 return;
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 2bbc027..5e2d7d7 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -927,7 +927,7 @@
 #
 # @device: the name of the device which should be copied.
 #
-# @target: the name of the backup target device.
+# @target: the device name or node-name of the backup target node.
 #
 # @sync: what parts of the disk image should be copied to the destination
 #(all the disk, only the sectors allocated in the topmost image, or



Reviewed-by: John Snow 

[Qemu-devel] [PATCH] ide: fix DMA register transitions

[John Snow]

ATA8-APT defines the state transitions for both a host controller and
for the hardware device during the lifecycle of a DMA transfer, in
section 9.7 "DMA command protocol."

One of the interesting tidbits here is that when a device transitions
from DDMA0 ("Prepare state") to DDMA1 ("Data_Transfer State"), it can
choose to set either BSY or DRQ to signal this transition, but not both.

as ide_sector_dma_start is the last point in our preparation process
before we begin the real data transfer process (for either AHCI or BMDMA),
this is the correct transition point for DDMA0 to DDMA1.

I have chosen !BSY && DRQ for QEMU to make the transition from DDMA0 the
most obvious.

Reported-by: Benjamin David Lunt 
Signed-off-by: John Snow 
---
 hw/ide/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index d117b7c..e961d42 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -907,7 +907,7 @@ eot:
 
 static void ide_sector_start_dma(IDEState *s, enum ide_dma_cmd dma_cmd)
 {
-s->status = READY_STAT | SEEK_STAT | DRQ_STAT | BUSY_STAT;
+s->status = READY_STAT | SEEK_STAT | DRQ_STAT;
 s->io_buffer_size = 0;
 s->dma_cmd = dma_cmd;
 
-- 
2.7.4

Re: [Qemu-devel] [PATCH v9 6/8] loader: Add AddressSpace loading support to targphys

[Alistair Francis]

On Fri, Jul 29, 2016 at 10:42 AM, Peter Maydell
 wrote:
> On 14 July 2016 at 01:03, Alistair Francis  
> wrote:
>> Add a new function load_image_targphys_as() that allows the caller
>> to specify an AddressSpace to use when loading a targphys. The
>> original load_image_targphys() function doesn't have any change in
>> functionality.
>>
>> Signed-off-by: Alistair Francis 
>> ---
>>
>>  hw/core/loader.c| 10 --
>>  include/hw/loader.h |  5 +
>>  2 files changed, 13 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/core/loader.c b/hw/core/loader.c
>> index 861dbc2..31a2d4a 100644
>> --- a/hw/core/loader.c
>> +++ b/hw/core/loader.c
>> @@ -133,10 +133,16 @@ ssize_t read_targphys(const char *name,
>>  return did;
>>  }
>>
>> -/* return the size or -1 if error */
>>  int load_image_targphys(const char *filename,
>>  hwaddr addr, uint64_t max_sz)
>>  {
>> +return load_image_targphys_as(filename, addr, max_sz, NULL);
>> +}
>> +
>> +/* return the size or -1 if error */
>> +int load_image_targphys_as(const char *filename,
>> +   hwaddr addr, uint64_t max_sz, AddressSpace *as)
>> +{
>>  int size;
>>
>>  size = get_image_size(filename);
>> @@ -144,7 +150,7 @@ int load_image_targphys(const char *filename,
>>  return -1;
>>  }
>>  if (size > 0) {
>> -rom_add_file_fixed(filename, addr, -1);
>> +rom_add_file_fixed_as(filename, addr, -1, as);
>>  }
>>  return size;
>>  }
>> diff --git a/include/hw/loader.h b/include/hw/loader.h
>> index ede98f6..1a9053f 100644
>> --- a/include/hw/loader.h
>> +++ b/include/hw/loader.h
>> @@ -16,6 +16,9 @@ int load_image(const char *filename, uint8_t *addr); /* 
>> deprecated */
>>  ssize_t load_image_size(const char *filename, void *addr, size_t size);
>>  int load_image_targphys(const char *filename, hwaddr,
>>  uint64_t max_sz);
>> +int load_image_targphys_as(const char *filename,
>> +   hwaddr addr, uint64_t max_sz, AddressSpace *as);
>> +
>
> Again, code changes are fine but could we have a doc comment?

I have added comments to both.

Thanks,

Alistair

>
> thanks
> -- PMM
>

Re: [Qemu-devel] [PULL 10/25] qdist: fix memory leak during binning

[Marc-André Lureau]

Hi

On Tue, Aug 2, 2016 at 11:53 PM Paolo Bonzini  wrote:

> From: "Emilio G. Cota" 
>
> In qdist_bin__internal(), to->entries is initialized to a 1-element array,
> which we then leak when n == from->n. Fix it.
>
> Signed-off-by: Emilio G. Cota 
> Message-Id: <1469459025-23606-2-git-send-email-c...@braap.org>
> Signed-off-by: Paolo Bonzini 
> ---
>  util/qdist.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/util/qdist.c b/util/qdist.c
> index 56f5738..eb2236c 100644
> --- a/util/qdist.c
> +++ b/util/qdist.c
> @@ -188,7 +188,7 @@ void qdist_bin__internal(struct qdist *to, const
> struct qdist *from, size_t n)
>  }
>  }
>  /* they're equally spaced, so copy the dist and bail out */
> -to->entries = g_new(struct qdist_entry, from->n);
> +to->entries = g_realloc_n(to->entries, n, sizeof(*to->entries));
>

I sent that patch earlier in the leak series, if it's still time, please:

Signed-off-by: Marc-André Lureau 




>  to->n = from->n;
>  memcpy(to->entries, from->entries, sizeof(*to->entries) * to->n);
>  return;
> --
> 2.7.4
>
>
>
>

[Qemu-devel] [Bug 1490611] Re: Using qemu >=2.2.1 to convert raw->VHD (fixed) adds extra padding to the result file, which Microsoft Azure rejects as invalid

[Nish Aravamudan]

** Description changed:

- Starting with a raw disk image, using "qemu-img convert" to convert from
- raw to VHD results in the output VHD file's virtual size being aligned
- to the nearest 516096 bytes (16 heads x 63 sectors per head x 512 bytes
- per sector), instead of preserving the input file's size as the output
- VHD's virtual disk size.
+ [Impact]
  
- Microsoft Azure requires that disk images (VHDs) submitted for upload
+  * Starting with a raw disk image, using "qemu-img convert" to convert
+ from raw to VHD results in the output VHD file's virtual size being
+ aligned to the nearest 516096 bytes (16 heads x 63 sectors per head x
+ 512 bytes per sector), instead of preserving the input file's size as
+ the output VHD's virtual disk size.
+ 
+  * Microsoft Azure requires that disk images (VHDs) submitted for upload
  have virtual sizes aligned to a megabyte boundary. (Ex. 4096MB, 4097MB,
  4098MB, etc. are OK, 4096.5MB is rejected with an error.) This is
  reflected in Microsoft's documentation: https://azure.microsoft.com/en-
  us/documentation/articles/virtual-machines-linux-create-upload-vhd-
  generic/
  
- This is reproducible with the following set of commands (including the
- Azure command line tools from https://github.com/Azure/azure-xplat-cli).
- For the following example, I used qemu version 2.2.1:
+  * The fix for this bug is a backport from upstream.
+ http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fb9245c2610932d33ce14
+ 
+ [Test Case]
+ 
+  * This is reproducible with the following set of commands (including
+ the Azure command line tools from https://github.com/Azure/azure-xplat-
+ cli). For the following example, I used qemu version 2.2.1:
  
  $ dd if=/dev/zero of=source-disk.img bs=1M count=4096
  
- $ stat source-disk.img 
-   File: ‘source-disk.img’
-   Size: 4294967296  Blocks: 798656 IO Block: 4096   regular file
+ $ stat source-disk.img
+   File: ‘source-disk.img’
+   Size: 4294967296  Blocks: 798656 IO Block: 4096   regular file
  Device: fc01h/64513dInode: 13247963Links: 1
  Access: (0644/-rw-r--r--)  Uid: ( 1000/  smkent)   Gid: ( 1000/  smkent)
  Access: 2015-08-18 09:48:02.613988480 -0700
  Modify: 2015-08-18 09:48:02.825985646 -0700
  Change: 2015-08-18 09:48:02.825985646 -0700
-  Birth: -
+  Birth: -
  
  $ qemu-img convert -f raw -o subformat=fixed -O vpc source-disk.img
  dest-disk.vhd
  
- $ stat dest-disk.vhd 
-   File: ‘dest-disk.vhd’
-   Size: 4296499712  Blocks: 535216 IO Block: 4096   regular file
+ $ stat dest-disk.vhd
+   File: ‘dest-disk.vhd’
+   Size: 4296499712  Blocks: 535216 IO Block: 4096   regular file
  Device: fc01h/64513dInode: 13247964Links: 1
  Access: (0644/-rw-r--r--)  Uid: ( 1000/  smkent)   Gid: ( 1000/  smkent)
  Access: 2015-08-18 09:50:22.252077624 -0700
  Modify: 2015-08-18 09:49:24.424868868 -0700
  Change: 2015-08-18 09:49:24.424868868 -0700
-  Birth: -
+  Birth: -
  
  $ azure vm image create testimage1 dest-disk.vhd -o linux -l "West US"
  info:Executing command vm image create
- + Retrieving storage accounts 
 
+ + Retrieving storage accounts
  info:VHD size : 4097 MB
  info:Uploading 4195800.5 KB
- Requested:100.0% Completed:100.0% Running:   0 Time: 1m 0s Speed:  6744 KB/s 
+ Requested:100.0% Completed:100.0% Running:   0 Time: 1m 0s Speed:  6744 KB/s
  info:https://[redacted].blob.core.windows.net/vm-images/dest-disk.vhd was 
uploaded successfully
  error:   The VHD 
https://[redacted].blob.core.windows.net/vm-images/dest-disk.vhd has an 
unsupported virtual size of 4296499200 bytes.  The size must be a whole number 
(in MBs).
  info:Error information has been recorded to /home/smkent/.azure/azure.err
  error:   vm image create command failed
+ 
+  * A fixed qemu-img will not result in an error during azure image
+ creation.
+ 
+ [Regression Potential]
+ 
+  * The upstream fix introduces a qemu-img option (-o force_size) which
+ is unset by default. The regression potential is very low, as a result.
+ 
+ ...
  
  I also ran the above commands using qemu 2.4.0, which resulted in the
  same error as the conversion behavior is the same.
  
  However, qemu 2.1.1 and earlier (including qemu 2.0.0 installed by
  Ubuntu 14.04) does not pad the virtual disk size during conversion.
  Using qemu-img convert from qemu versions <=2.1.1 results in a VHD that
  is exactly the size of the raw input file plus 512 bytes (for the VHD
  footer). Those qemu versions do not attempt to realign the disk. As a
  result, Azure accepts VHD files created using those versions of qemu-img
  convert for upload.
  
  Is there a reason why newer qemu realigns the converted VHD file? It
  would be useful if an option were added to disable this feature, as
  current versions of qemu cannot be used to create VHD files for Azure
  using Microsoft's official instructions.

-- 
You received this bug notification because you are a member of qemu-

[Qemu-devel] Shutting down x86 QEMU with ACPI from Userspace

[Jason A. Donenfeld]

Hi all,

This took a lot of fiddling, so I figured I'd document my findings
here in case it helps anybody else. If you don't want to have
CONFIG_ACPI in your kernel, but still would like to shutdown QEMU, the
following works for the q35 machine type:

ioperm(0x604, 2, 1);
outw(1 << 13, 0x604);

Fortunately it's quite simple in the end. This should save folks a lot
of future ACPI trudging for something so simple.

Enjoy,
Jason

Re: [Qemu-devel] [Bug 1608802] [NEW] READ_DMA (0xC8) command does not work correctly

[Benjamin David Lunt]

- Original Message - 

Am 02.08.2016 um 08:52 hat Stefan Weil geschrieben:

Am 02.08.2016 um 08:11 schrieb Stefan Weil:
> Public bug reported:
>
> The QEMU PC emulation of DMA does not behave like real hardware or other
> virtualization software.
>
> >From the original bug report (Benjamin David Lunt):
>
> Back to the READ_DMA command, it is my conclusion that the
> READ_DMA command, more precisely, the BUS Master part of QEMU is
> in error.  The tests that people have done to see if it works, is
> probably the guest finding out that DMA doesn't work and defaulting
> to PIO, but since the read was successful visually to the user, the
> user assumed the READ_DMA command works, where the guest actually
> defaulted back to PIO transfers without notice.
>
> My code works on real hardware (numerous machines), Bochs, and Oracle's
> Virtual Box.
>
> ...
>
> I have a small test suite, zipped and included at:
> www.fysnet.net/temp/c8bug.zip
>
> Within this zip file is a.img. This is a freeDOS bootable
> floppy.  Emulate it with QEMU and then at the DOS prompt, run
> c8bug.exe.

Hi John,

I got this bug report only recently from a Windows user,
but it also occurs on Linux.

As I don't know whether this is a regression or whether
it is relevant for QEMU 2.7, it would be good if you and
maybe more people could have a look on that problem,
too.


I don't think it's a regression. I commented with more detail in the bug
report, and despite the test case being buggy it seems to be true that
qemu doesn't get the flags completely right (we should set either BSY or
DRQ, but we do set both). Apparently none of the common drivers check
for this, though, so it never made any difference.

Kevin


I agree that the controller is either BSY && !DRQ or !BSY && DRQ.
This is explained in section 9.7 of ATAPI v6, Page 354 (doc page 340).

My test was to simply show that the status remains 0xD8.
BSY *and* DRQ always set.

If a patch is made to make QEMU either BSY && !DRQ or !BSY && DRQ
after the DMA command, then I believe it will be correct.

I would guess that the common drivers, as you put it, don't check
for the status at all, but simply wait to see if an interrupt fires.

Thank you,
Ben

Re: [Qemu-devel] [PATCH qemu] kvm-irqchip: Only do explicit IRQ routing commit when IRQCHIP is in use

[Paolo Bonzini]

> > > This works too.
> > > 
> > > You may also want to copy if(!kvm_gsi_routing_enabled()) from
> > > kvm_irqchip_add_msi_route() to align API (not needed in my case though).
> > > Or
> > > just check the result of these checks by if(!s->irq_routes) :)
> > > Thanks.
> > 
> > Right. Do you like to post a v2 for this one? (since of course honor
> > is yours and fault is mine :) Please let me know if you want me to do
> > this for you. It'll be nice we have this fix asap so that less people
> > suffers.
> 
> Btw, please ignore above message if you still prefer v1 and sure that
> it works in all cases. :)

Peter, please post v2 according to your patch and Alexey's suggestion.
David, can you handle it?

Thanks!

Paolo

Re: [Qemu-devel] [Patch v1 00/29] s390x CPU models: exposing features

[Eduardo Habkost]

On Tue, Aug 02, 2016 at 08:12:34PM +0200, David Hildenbrand wrote:
> > On Tue, Aug 02, 2016 at 01:58:46PM +0200, David Hildenbrand wrote:
> > [...]
> > > So we have:
> > > a) "query-cpu-model-expansion" - tell us what the "host" or another CPU
> > >model looks like. Either falling back to a static model or
> > >completely exposing all properties.  
> > 
> > The query-cpu-model-expansion interface looks good to me. I just
> > had a few comments about the interface documentation.
> > 
> > > b) "query-cpu-model-comparison" - tell us how two CPU models compare,
> > > indicating which properties were responsible for the decision.
> > > c) "query-cpu-model-baseline" - create a new model out of two models,
> > > taking a requested level of stability into account.  
> > 
> > I miss a clearer specifiction of what are the actual requirements
> > and use cases of query-cpu-model-baseline. Is it related to
> > runnability? If so, how exactly?
> 
> cpu-baseline and cpu-compare are only needed to make
> - "virsh cpu-compare"
> - "virsh cpu-baseline" work
> (see libvirt usecases below)
> 
> These commands are needed to find/test runnability of a CPU model for
> a cluster in bigger installations by tooling.
> 
> As libvirt won't have details about s390x models, we have to provide
> an interface so it can carry out these tasks.
> 
> > 
> > Related to that (as mentioned in my reply to patch 25/29), I
> > would like a clearer definintion of what "superset" and "subset"
> > mean exactly, in query-cpu-model-comparison. Likewise, I would
> > like to understand the requirements and use cases that make
> > "superset" and "subset" useful.
> 
> I took these definitions from libvirt directly.
> 
> Example: core2duo against my sandybridge
> $ virsh cpu-compare test.xml
> Host CPU is a superset of CPU described in test.xml
> 
> Usually, you do a "virsh cpu-compare" against your host cpu model. Chances
> that the result is identical are very low. So depending on which
> one is the first model, you get superset or subset.
> 
> So
> if A is a subset of B, A will run where B runs
> if A is a superset of B, B will run where A runs
> 
> That means, if "cpu-compare" (against your host!) returns "identical" or
> "superset", you're good to go. If they are "incompatible" or "subset",
> you will have to use cpu-baseline to create a compatible model.
> 
> Does that answer your question?

It does, thanks! We need this to be clearly specified in the QMP
command documentation.

Proably the "if A is a superset of B, [...]" rule is enough to
unambigiously specify the semantics, while the rest of your
explanation is useful to explain when/how exactly the command is
useful.

-- 
Eduardo

Re: [Qemu-devel] [PATCH 1/7] util: Add UUID API

[Paolo Bonzini]

- Original Message -
> From: "Fam Zheng" 
> To: qemu-devel@nongnu.org
> Cc: f...@redhat.com, berra...@redhat.com, pbonz...@redhat.com, 
> kw...@redhat.com, mre...@redhat.com,
> mdr...@linux.vnet.ibm.com, arm...@redhat.com, s...@weilnetz.de, 
> qemu-bl...@nongnu.org
> Sent: Tuesday, August 2, 2016 11:18:32 AM
> Subject: [PATCH 1/7] util: Add UUID API
> 
> A number of different places across the code base use CONFIG_UUID. Some
> of them are soft dependency, some are not built if libuuid is not
> available, some come with dummy fallback, some throws runtime error.
> 
> It is hard to maintain, and hard to reason for users.
> 
> Since UUID is a simple standard with only a small number of operations,
> it is cleaner to have a central support in libqemuutil. This patch adds
> qemu_uuid_* the functions so that all uuid users in the code base can
> rely on. Except for qemu_uuid_generate which is new code, all other
> functions are just copy from existing fallbacks from other files.

How is g_random_* seeded?

Paolo

[Qemu-devel] [PULL 24/25] qdev: Fix use after free in qdev_init_nofail error path

[Paolo Bonzini]

From: Fam Zheng 

Since 69382d8b (qdev: Fix object reference leak in case device.realize()
fails), object_property_set_bool could release the object. The error
path wants the type name, so hold an reference before realizing it.

Cc: Igor Mammedov 
Signed-off-by: Fam Zheng 
Message-Id: <1470109301-12966-1-git-send-email-f...@redhat.com>
Reviewed-by: John Snow 
Signed-off-by: Paolo Bonzini 
---
 hw/core/qdev.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index ee4a083..5783442 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -354,12 +354,14 @@ void qdev_init_nofail(DeviceState *dev)
 
 assert(!dev->realized);
 
+object_ref(OBJECT(dev));
 object_property_set_bool(OBJECT(dev), true, "realized", );
 if (err) {
 error_reportf_err(err, "Initialization of device %s failed: ",
   object_get_typename(OBJECT(dev)));
 exit(1);
 }
+object_unref(OBJECT(dev));
 }
 
 void qdev_machine_creation_done(void)
-- 
2.7.4

[Qemu-devel] [PULL 25/25] util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'

[Paolo Bonzini]

From: Shmulik Ladkani 

In cases where iov_copy() is passed with zero 'bytes' argument and a
non-zero 'offset' argument, nothing gets copied - as expected.

However no copy iterations are performed, so 'offset' is left
unaltered, leading to the final assert(offset == 0) to fail.

Instead, change the loop condition to continue as long as 'offset || bytes',
similar to other iov_* functions.

This ensures 'offset' gets zeroed (even if no actual copy is made),
unless it is beyond end of source iov - which is asserted.

Signed-off-by: Shmulik Ladkani 
Message-Id: <1470130880-1050-1-git-send-email-shmulik.ladk...@oracle.com>
Signed-off-by: Paolo Bonzini 
---
 util/iov.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/util/iov.c b/util/iov.c
index 003fcce..74e6ca8 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -247,7 +247,8 @@ unsigned iov_copy(struct iovec *dst_iov, unsigned int 
dst_iov_cnt,
 {
 size_t len;
 unsigned int i, j;
-for (i = 0, j = 0; i < iov_cnt && j < dst_iov_cnt && bytes; i++) {
+for (i = 0, j = 0;
+ i < iov_cnt && j < dst_iov_cnt && (offset || bytes); i++) {
 if (offset >= iov[i].iov_len) {
 offset -= iov[i].iov_len;
 continue;
-- 
2.7.4

Re: [Qemu-devel] [PATCH] numa: set the memory backend "is_mapped" field

[Eduardo Habkost]

On Tue, Aug 02, 2016 at 03:20:41PM -0400, Paolo Bonzini wrote:
[...]
> > I have just noticed that this fell through the cracks, sorry.
> > Applied to numa-next. Thanks!
> 
> Actually I am just finishing tests of a pull request that included it
> (because I was the one that caused the regression).  Ok for me to just
> handle this one patch?

Absolutely. It will save me the work of sending a pull request
just for this patch. Thanks!

-- 
Eduardo

[Qemu-devel] [PULL 21/25] x86: ioapic: ignore level irq during processing

[Paolo Bonzini]

From: Peter Xu 

For level triggered interrupts, we will get Remote IRR bit cleared after
guest kernel finished processing specific request. Before that, we
should ignore the same interrupt from triggering again.

Signed-off-by: Peter Xu 
Message-Id: <1469974685-4144-1-git-send-email-pet...@redhat.com>
[Push new "if" up so that it covers KVM split irqchip as well. - Paolo]
Signed-off-by: Paolo Bonzini 
---
 hw/intc/ioapic.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/intc/ioapic.c b/hw/intc/ioapic.c
index 2d3282a..a00d882 100644
--- a/hw/intc/ioapic.c
+++ b/hw/intc/ioapic.c
@@ -117,21 +117,25 @@ static void ioapic_service(IOAPICCommonState *s)
 s->ioredtbl[i] |= IOAPIC_LVT_REMOTE_IRR;
 }
 
+if (coalesce) {
+/* We are level triggered interrupts, and the
+ * guest should be still working on previous one,
+ * so skip it. */
+continue;
+}
+
 #ifdef CONFIG_KVM
 if (kvm_irqchip_is_split()) {
 if (info.trig_mode == IOAPIC_TRIGGER_EDGE) {
 kvm_set_irq(kvm_state, i, 1);
 kvm_set_irq(kvm_state, i, 0);
 } else {
-if (!coalesce) {
-kvm_set_irq(kvm_state, i, 1);
-}
+kvm_set_irq(kvm_state, i, 1);
 }
 continue;
 }
-#else
-(void)coalesce;
 #endif
+
 /* No matter whether IR is enabled, we translate
  * the IOAPIC message into a MSI one, and its
  * address space will decide whether we need a
-- 
2.7.4

[Qemu-devel] [PULL 23/25] Reorganize help output of '-display' option

[Paolo Bonzini]

From: Robert Ho 

The '-display' help information is not very correct. This patch sort
it a little.
Also, in its help information, reveals what implicit display option
will be chosen if no definition.

Signed-off-by: Robert Ho 
Message-Id: <1469528231-26206-1-git-send-email-robert...@intel.com>
Reviewed-by: Markus Armbruster 
Signed-off-by: Paolo Bonzini 
---
 qemu-options.hx | 29 ++---
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 8e0d9a5..a71aaf8 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -927,10 +927,25 @@ ETEXI
 
 DEF("display", HAS_ARG, QEMU_OPTION_display,
 "-display sdl[,frame=on|off][,alt_grab=on|off][,ctrl_grab=on|off]\n"
-"[,window_close=on|off]|curses|none|\n"
-"gtk[,grab_on_hover=on|off]|\n"
-"vnc=[,]\n"
-"select display type\n", QEMU_ARCH_ALL)
+"[,window_close=on|off][,gl=on|off]|curses|none|\n"
+"-display gtk[,grab_on_hover=on|off][,gl=on|off]|\n"
+"-display vnc=[,]\n"
+"-display curses\n"
+"-display none"
+"select display type\n"
+"The default display is equivalent to\n"
+#if defined(CONFIG_GTK)
+"\t\"-display gtk\"\n"
+#elif defined(CONFIG_SDL)
+"\t\"-display sdl\"\n"
+#elif defined(CONFIG_COCOA)
+"\t\"-display cocoa\"\n"
+#elif defined(CONFIG_VNC)
+"\t\"-vnc localhost:0,to=99,id=default\"\n"
+#else
+"\t\"-display none\"\n"
+#endif
+, QEMU_ARCH_ALL)
 STEXI
 @item -display @var{type}
 @findex -display
@@ -977,7 +992,7 @@ the console and monitor.
 ETEXI
 
 DEF("curses", 0, QEMU_OPTION_curses,
-"-curses use a curses/ncurses interface instead of SDL\n",
+"-curses shorthand for -display curses\n",
 QEMU_ARCH_ALL)
 STEXI
 @item -curses
@@ -1027,7 +1042,7 @@ Disable SDL window close capability.
 ETEXI
 
 DEF("sdl", 0, QEMU_OPTION_sdl,
-"-sdlenable SDL\n", QEMU_ARCH_ALL)
+"-sdlshorthand for -display sdl\n", QEMU_ARCH_ALL)
 STEXI
 @item -sdl
 @findex -sdl
@@ -1224,7 +1239,7 @@ Set the initial graphical resolution and depth (PPC, 
SPARC only).
 ETEXI
 
 DEF("vnc", HAS_ARG, QEMU_OPTION_vnc ,
-"-vnc displaystart a VNC server on display\n", QEMU_ARCH_ALL)
+"-vnc   shorthand for -display vnc=\n", QEMU_ARCH_ALL)
 STEXI
 @item -vnc @var{display}[,@var{option}[,@var{option}[,...]]]
 @findex -vnc
-- 
2.7.4

[Qemu-devel] [PULL 19/25] fw_cfg: Make base type "fw_cfg" abstract

[Paolo Bonzini]

From: Markus Armbruster 

Missed when commit 5712db6 split off "fw_cfg_io" and "fw_cfg_mem".

Signed-off-by: Markus Armbruster 
Message-Id: <1469777353-9383-1-git-send-email-arm...@redhat.com>
Reviewed-by: Laszlo Ersek 
Signed-off-by: Paolo Bonzini 
---
 hw/nvram/fw_cfg.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 2873030..f10d5ec 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -990,6 +990,7 @@ static void fw_cfg_class_init(ObjectClass *klass, void 
*data)
 static const TypeInfo fw_cfg_info = {
 .name  = TYPE_FW_CFG,
 .parent= TYPE_SYS_BUS_DEVICE,
+.abstract  = true,
 .instance_size = sizeof(FWCfgState),
 .class_init= fw_cfg_class_init,
 };
-- 
2.7.4

[Qemu-devel] [PULL 22/25] x86: ioapic: add support for explicit EOI

[Paolo Bonzini]

From: Peter Xu 

Some old Linux kernels (upstream before v4.0), or any released RHEL
kernels has problem in sending APIC EOI when IR is enabled. Meanwhile,
many of them only support explicit EOI for IOAPIC, which is only
introduced in IOAPIC version 0x20. This patch provide a way to boost
QEMU IOAPIC to version 0x20, in order for QEMU to correctly receive EOI
messages.

Without boosting IOAPIC version to 0x20, kernels before commit d32932d
("x86/irq: Convert IOAPIC to use hierarchical irqdomain interfaces")
will have trouble enabling both IR and level-triggered interrupt devices
(like e1000).

To upgrade IOAPIC to version 0x20, we need to specify:

  -global ioapic.version=0x20

To be compatible with old systems, 0x11 will still be the default IOAPIC
version. Here 0x11 and 0x20 are the only versions to be supported.

One thing to mention: this patch only applies to emulated IOAPIC. It
does not affect kernel IOAPIC behavior.

Signed-off-by: Peter Xu 
Message-Id: <1470059959-372-1-git-send-email-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/intc/ioapic.c  | 22 +-
 include/hw/i386/ioapic_internal.h |  4 ++--
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/hw/intc/ioapic.c b/hw/intc/ioapic.c
index a00d882..31791b0 100644
--- a/hw/intc/ioapic.c
+++ b/hw/intc/ioapic.c
@@ -21,6 +21,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qemu/error-report.h"
 #include "monitor/monitor.h"
 #include "hw/hw.h"
 #include "hw/i386/pc.h"
@@ -269,7 +270,7 @@ ioapic_mem_read(void *opaque, hwaddr addr, unsigned int 
size)
 val = s->id << IOAPIC_ID_SHIFT;
 break;
 case IOAPIC_REG_VER:
-val = IOAPIC_VERSION |
+val = s->version |
 ((IOAPIC_NUM_PINS - 1) << IOAPIC_VER_ENTRIES_SHIFT);
 break;
 default:
@@ -358,6 +359,13 @@ ioapic_mem_write(void *opaque, hwaddr addr, uint64_t val,
 }
 }
 break;
+case IOAPIC_EOI:
+/* Explicit EOI is only supported for IOAPIC version 0x20 */
+if (size != 4 || s->version != 0x20) {
+break;
+}
+ioapic_eoi_broadcast(val);
+break;
 }
 
 ioapic_update_kvm_routes(s);
@@ -391,6 +399,12 @@ static void ioapic_realize(DeviceState *dev, Error **errp)
 {
 IOAPICCommonState *s = IOAPIC_COMMON(dev);
 
+if (s->version != 0x11 && s->version != 0x20) {
+error_report("IOAPIC only supports version 0x11 or 0x20 "
+ "(default: 0x11).");
+exit(1);
+}
+
 memory_region_init_io(>io_memory, OBJECT(s), _io_ops, s,
   "ioapic", 0x1000);
 
@@ -401,6 +415,11 @@ static void ioapic_realize(DeviceState *dev, Error **errp)
 qemu_add_machine_init_done_notifier(>machine_done);
 }
 
+static Property ioapic_properties[] = {
+DEFINE_PROP_UINT8("version", IOAPICCommonState, version, 0x11),
+DEFINE_PROP_END_OF_LIST(),
+};
+
 static void ioapic_class_init(ObjectClass *klass, void *data)
 {
 IOAPICCommonClass *k = IOAPIC_COMMON_CLASS(klass);
@@ -408,6 +427,7 @@ static void ioapic_class_init(ObjectClass *klass, void 
*data)
 
 k->realize = ioapic_realize;
 dc->reset = ioapic_reset_common;
+dc->props = ioapic_properties;
 }
 
 static const TypeInfo ioapic_info = {
diff --git a/include/hw/i386/ioapic_internal.h 
b/include/hw/i386/ioapic_internal.h
index d89ea1b..a11d86d 100644
--- a/include/hw/i386/ioapic_internal.h
+++ b/include/hw/i386/ioapic_internal.h
@@ -29,8 +29,6 @@
 
 #define MAX_IOAPICS 1
 
-#define IOAPIC_VERSION  0x11
-
 #define IOAPIC_LVT_DEST_SHIFT   56
 #define IOAPIC_LVT_DEST_IDX_SHIFT   48
 #define IOAPIC_LVT_MASKED_SHIFT 16
@@ -71,6 +69,7 @@
 
 #define IOAPIC_IOREGSEL 0x00
 #define IOAPIC_IOWIN0x10
+#define IOAPIC_EOI  0x40
 
 #define IOAPIC_REG_ID   0x00
 #define IOAPIC_REG_VER  0x01
@@ -109,6 +108,7 @@ struct IOAPICCommonState {
 uint32_t irr;
 uint64_t ioredtbl[IOAPIC_NUM_PINS];
 Notifier machine_done;
+uint8_t version;
 };
 
 void ioapic_reset_common(DeviceState *dev);
-- 
2.7.4

[Qemu-devel] [PULL 18/25] block: Cater to iscsi with non-power-of-2 discard

[Paolo Bonzini]

From: Eric Blake 

Dell Equallogic iSCSI SANs have a very unusual advertised geometry:

$ iscsi-inq -e 1 -c $((0xb0)) iscsi://XXX/0
wsnz:0
maximum compare and write length:1
optimal transfer length granularity:0
maximum transfer length:0
optimal transfer length:0
maximum prefetch xdread xdwrite transfer length:0
maximum unmap lba count:30720
maximum unmap block descriptor count:2
optimal unmap granularity:30720
ugavalid:1
unmap granularity alignment:0
maximum write same length:30720

which says that both the maximum and the optimal discard size
is 15M.  It is not immediately apparent if the device allows
discard requests not aligned to the optimal size, nor if it
allows discards at a finer granularity than the optimal size.

I tried to find details in the SCSI Commands Reference Manual
Rev. A on what valid values of maximum and optimal sizes are
permitted, but while that document mentions a "Block Limits
VPD Page", I couldn't actually find documentation of that page
or what values it would have, or if a SCSI device has an
advertisement of its minimal unmap granularity.  So it is not
obvious to me whether the Dell Equallogic device is compliance
with the SCSI specification.

Fortunately, it is easy enough to support non-power-of-2 sizing,
even if it means we are less efficient than truly possible when
targetting that device (for example, it means that we refuse to
unmap anything that is not a multiple of 15M and aligned to a
15M boundary, even if the device truly does support a smaller
granularity where unmapping actually works).

Reported-by: Peter Lieven 
Signed-off-by: Eric Blake 
Message-Id: <1469129688-22848-5-git-send-email-ebl...@redhat.com>
Acked-by: Stefan Hajnoczi 
Signed-off-by: Paolo Bonzini 
---
 block/io.c| 15 +--
 include/block/block_int.h | 37 -
 2 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/block/io.c b/block/io.c
index 7323f0f..d5493ba 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1180,10 +1180,11 @@ static int coroutine_fn 
bdrv_co_do_pwrite_zeroes(BlockDriverState *bs,
 int alignment = MAX(bs->bl.pwrite_zeroes_alignment,
 bs->bl.request_alignment);
 
-assert(is_power_of_2(alignment));
-head = offset & (alignment - 1);
-tail = (offset + count) & (alignment - 1);
-max_write_zeroes &= ~(alignment - 1);
+assert(alignment % bs->bl.request_alignment == 0);
+head = offset % alignment;
+tail = (offset + count) % alignment;
+max_write_zeroes = QEMU_ALIGN_DOWN(max_write_zeroes, alignment);
+assert(max_write_zeroes >= bs->bl.request_alignment);
 
 while (count > 0 && !ret) {
 int num = count;
@@ -2429,9 +2430,10 @@ int coroutine_fn bdrv_co_pdiscard(BlockDriverState *bs, 
int64_t offset,
 
 /* Discard is advisory, so ignore any unaligned head or tail */
 align = MAX(bs->bl.pdiscard_alignment, bs->bl.request_alignment);
-assert(is_power_of_2(align));
-head = MIN(count, -offset & (align - 1));
+assert(align % bs->bl.request_alignment == 0);
+head = offset % align;
 if (head) {
+head = MIN(count, align - head);
 count -= head;
 offset += head;
 }
@@ -2449,6 +2451,7 @@ int coroutine_fn bdrv_co_pdiscard(BlockDriverState *bs, 
int64_t offset,
 
 max_pdiscard = QEMU_ALIGN_DOWN(MIN_NON_ZERO(bs->bl.max_pdiscard, INT_MAX),
align);
+assert(max_pdiscard);
 
 while (count > 0) {
 int ret;
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 1fe0fd9..47665be 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -330,36 +330,39 @@ typedef struct BlockLimits {
  * otherwise. */
 uint32_t request_alignment;
 
-/* maximum number of bytes that can be discarded at once (since it
- * is signed, it must be < 2G, if set), should be multiple of
+/* Maximum number of bytes that can be discarded at once (since it
+ * is signed, it must be < 2G, if set). Must be multiple of
  * pdiscard_alignment, but need not be power of 2. May be 0 if no
  * inherent 32-bit limit */
 int32_t max_pdiscard;
 
-/* optimal alignment for discard requests in bytes, must be power
- * of 2, less than max_pdiscard if that is set, and multiple of
- * bl.request_alignment. May be 0 if bl.request_alignment is good
- * enough */
+/* Optimal alignment for discard requests in bytes. A power of 2
+ * is best but not mandatory.  Must be a multiple of
+ * bl.request_alignment, and must be less than max_pdiscard if
+ * that is set. May be 0 if bl.request_alignment is good enough */
 uint32_t pdiscard_alignment;
 
-/* maximum number of bytes that can zeroized at once (since it is
- * signed, it must be < 2G, if set), should be multiple of
+/* Maximum number of bytes that can 

[Qemu-devel] [PULL 16/25] nbd: Limit nbdflags to 16 bits

[Paolo Bonzini]

From: Eric Blake 

Rather than asserting that nbdflags is within range, just give
it the correct type to begin with :)  nbdflags corresponds to
the per-export portion of NBD Protocol "transmission flags", which
is 16 bits in response to NBD_OPT_EXPORT_NAME and NBD_OPT_GO.

Furthermore, upstream NBD has never passed the global flags to
the kernel via ioctl(NBD_SET_FLAGS) (the ioctl was first
introduced in NBD 2.9.22; then a latent bug in NBD 3.1 actually
tried to OR the global flags with the transmission flags, with
the disaster that the addition of NBD_FLAG_NO_ZEROES in 3.9
caused all earlier NBD 3.x clients to treat every export as
read-only; NBD 3.10 and later intentionally clip things to 16
bits to pass only transmission flags).  Qemu should follow suit,
since the current two global flags (NBD_FLAG_FIXED_NEWSTYLE
and NBD_FLAG_NO_ZEROES) have no impact on the kernel's behavior
during transmission.

CC: qemu-sta...@nongnu.org
Signed-off-by: Eric Blake 

Message-Id: <1469129688-22848-3-git-send-email-ebl...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 block/nbd-client.h  |  2 +-
 include/block/nbd.h |  6 +++---
 nbd/client.c| 28 +++-
 nbd/server.c| 10 --
 qemu-nbd.c  |  4 ++--
 5 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/block/nbd-client.h b/block/nbd-client.h
index fa9817b..044aca4 100644
--- a/block/nbd-client.h
+++ b/block/nbd-client.h
@@ -20,7 +20,7 @@
 typedef struct NbdClientSession {
 QIOChannelSocket *sioc; /* The master data channel */
 QIOChannel *ioc; /* The current I/O channel which may differ (eg TLS) */
-uint32_t nbdflags;
+uint16_t nbdflags;
 off_t size;
 
 CoMutex send_mutex;
diff --git a/include/block/nbd.h b/include/block/nbd.h
index cb91820..1897557 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -90,11 +90,11 @@ ssize_t nbd_wr_syncv(QIOChannel *ioc,
  size_t niov,
  size_t length,
  bool do_read);
-int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint32_t *flags,
+int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
   QCryptoTLSCreds *tlscreds, const char *hostname,
   QIOChannel **outioc,
   off_t *size, Error **errp);
-int nbd_init(int fd, QIOChannelSocket *sioc, uint32_t flags, off_t size);
+int nbd_init(int fd, QIOChannelSocket *sioc, uint16_t flags, off_t size);
 ssize_t nbd_send_request(QIOChannel *ioc, struct nbd_request *request);
 ssize_t nbd_receive_reply(QIOChannel *ioc, struct nbd_reply *reply);
 int nbd_client(int fd);
@@ -104,7 +104,7 @@ typedef struct NBDExport NBDExport;
 typedef struct NBDClient NBDClient;
 
 NBDExport *nbd_export_new(BlockBackend *blk, off_t dev_offset, off_t size,
-  uint32_t nbdflags, void (*close)(NBDExport *),
+  uint16_t nbdflags, void (*close)(NBDExport *),
   Error **errp);
 void nbd_export_close(NBDExport *exp);
 void nbd_export_get(NBDExport *exp);
diff --git a/nbd/client.c b/nbd/client.c
index 78a7195..a92f1e2 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -408,7 +408,7 @@ static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
 }
 
 
-int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint32_t *flags,
+int nbd_receive_negotiate(QIOChannel *ioc, const char *name, uint16_t *flags,
   QCryptoTLSCreds *tlscreds, const char *hostname,
   QIOChannel **outioc,
   off_t *size, Error **errp)
@@ -468,7 +468,6 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char 
*name, uint32_t *flags,
 uint32_t opt;
 uint32_t namesize;
 uint16_t globalflags;
-uint16_t exportflags;
 bool fixedNewStyle = false;
 
 if (read_sync(ioc, , sizeof(globalflags)) !=
@@ -477,7 +476,6 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char 
*name, uint32_t *flags,
 goto fail;
 }
 globalflags = be16_to_cpu(globalflags);
-*flags = globalflags << 16;
 TRACE("Global flags are %" PRIx32, globalflags);
 if (globalflags & NBD_FLAG_FIXED_NEWSTYLE) {
 fixedNewStyle = true;
@@ -545,17 +543,15 @@ int nbd_receive_negotiate(QIOChannel *ioc, const char 
*name, uint32_t *flags,
 goto fail;
 }
 *size = be64_to_cpu(s);
-TRACE("Size is %" PRIu64, *size);
 
-if (read_sync(ioc, , sizeof(exportflags)) !=
-sizeof(exportflags)) {
+if (read_sync(ioc, flags, sizeof(*flags)) != sizeof(*flags)) {
 error_setg(errp, "Failed to read export flags");
 goto fail;
 }
-exportflags = be16_to_cpu(exportflags);
-*flags |= exportflags;
-TRACE("Export flags are %" PRIx16, exportflags);
+  

[Qemu-devel] [PULL 15/25] nbd: Fix bad flag detection on server

[Paolo Bonzini]

From: Eric Blake 

Commit ab7c548e added a check for invalid flags, but used an
early return on error instead of properly going through the
cleanup label.

Signed-off-by: Eric Blake 

Message-Id: <1469129688-22848-2-git-send-email-ebl...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 nbd/server.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nbd/server.c b/nbd/server.c
index 29e2099..3c1e2b3 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1057,7 +1057,8 @@ static ssize_t nbd_co_receive_request(NBDRequest *req,
 if (request->type & ~NBD_CMD_MASK_COMMAND & ~NBD_CMD_FLAG_FUA) {
 LOG("unsupported flags (got 0x%x)",
 request->type & ~NBD_CMD_MASK_COMMAND);
-return -EINVAL;
+rc = -EINVAL;
+goto out;
 }
 
 rc = 0;
-- 
2.7.4

[Qemu-devel] [PULL 12/25] qdist: return "(empty)" instead of NULL when printing an empty dist

[Paolo Bonzini]

From: "Emilio G. Cota" 

Printf'ing a NULL string is undefined behaviour. Avoid it.

Reported-by: Peter Maydell 
Signed-off-by: Emilio G. Cota 
Message-Id: <1469459025-23606-4-git-send-email-c...@braap.org>
Signed-off-by: Paolo Bonzini 
---
 tests/test-qdist.c | 10 --
 util/qdist.c   |  6 --
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/tests/test-qdist.c b/tests/test-qdist.c
index 0298986..9541ce3 100644
--- a/tests/test-qdist.c
+++ b/tests/test-qdist.c
@@ -360,10 +360,16 @@ static void test_none(void)
 g_assert(isnan(qdist_xmax()));
 
 pr = qdist_pr_plain(, 0);
-g_assert(pr == NULL);
+g_assert_cmpstr(pr, ==, "(empty)");
+g_free(pr);
 
 pr = qdist_pr_plain(, 2);
-g_assert(pr == NULL);
+g_assert_cmpstr(pr, ==, "(empty)");
+g_free(pr);
+
+pr = qdist_pr(, 0, QDIST_PR_BORDER);
+g_assert_cmpstr(pr, ==, "(empty)");
+g_free(pr);
 
 qdist_destroy();
 }
diff --git a/util/qdist.c b/util/qdist.c
index cc31140..41eff08 100644
--- a/util/qdist.c
+++ b/util/qdist.c
@@ -14,6 +14,8 @@
 #define NAN (0.0 / 0.0)
 #endif
 
+#define QDIST_EMPTY_STR "(empty)"
+
 void qdist_init(struct qdist *dist)
 {
 dist->entries = g_malloc(sizeof(*dist->entries));
@@ -234,7 +236,7 @@ char *qdist_pr_plain(const struct qdist *dist, size_t n)
 char *ret;
 
 if (dist->n == 0) {
-return NULL;
+return g_strdup(QDIST_EMPTY_STR);
 }
 qdist_bin__internal(, dist, n);
 ret = qdist_pr_internal();
@@ -309,7 +311,7 @@ char *qdist_pr(const struct qdist *dist, size_t n_bins, 
uint32_t opt)
 GString *s;
 
 if (dist->n == 0) {
-return NULL;
+return g_strdup(QDIST_EMPTY_STR);
 }
 
 s = g_string_new("");
-- 
2.7.4

[Qemu-devel] [PULL 14/25] i2c: fix migration regression introduced by broadcast support

[Paolo Bonzini]

From: Igor Mammedov 

QEMU fails migration with following error:

qemu-system-x86_64: Missing section footer for i2c_bus
qemu-system-x86_64: load of migration failed: Invalid argument

when migrating from:
  qemu-system-x86_64-v2.6.0 -m 256M rhel72.img -M pc-i440fx-2.6
to
  qemu-system-x86_64-v2.7.0-rc0 -m 256M rhel72.img -M pc-i440fx-2.6

Regression is added by commit 2293c27f (i2c: implement broadcast write)

Fix it by dropping 'broadcast' VMState introduced by 2293c27f and
reuse broadcast 0x00 address as broadcast flag in bus->saved_address.
Then if there were ongoing broadcast at migration time, set
bus->saved_address to it and at i2c_slave_post_load() time check
for it instead of transfering and using 'broadcast' VMState.

As result of reusing existing saved_address VMState, no compat
glue will be needed to keep forward/backward compatiblity. which
makes fix much less intrusive.

Signed-off-by: Igor Mammedov 
Message-Id: <1469623198-177227-1-git-send-email-imamm...@redhat.com>
Reviewed-by: Dr. David Alan Gilbert 
Signed-off-by: Paolo Bonzini 
---
 hw/i2c/core.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index abb3efb..4afbe0b 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -17,6 +17,8 @@ struct I2CNode {
 QLIST_ENTRY(I2CNode) next;
 };
 
+#define I2C_BROADCAST 0x00
+
 struct I2CBus
 {
 BusState qbus;
@@ -47,6 +49,8 @@ static void i2c_bus_pre_save(void *opaque)
 if (!QLIST_EMPTY(>current_devs)) {
 if (!bus->broadcast) {
 bus->saved_address = QLIST_FIRST(>current_devs)->elt->address;
+} else {
+bus->saved_address = I2C_BROADCAST;
 }
 }
 }
@@ -58,7 +62,6 @@ static const VMStateDescription vmstate_i2c_bus = {
 .pre_save = i2c_bus_pre_save,
 .fields = (VMStateField[]) {
 VMSTATE_UINT8(saved_address, I2CBus),
-VMSTATE_BOOL(broadcast, I2CBus),
 VMSTATE_END_OF_LIST()
 }
 };
@@ -93,7 +96,7 @@ int i2c_start_transfer(I2CBus *bus, uint8_t address, int recv)
 I2CSlaveClass *sc;
 I2CNode *node;
 
-if (address == 0x00) {
+if (address == I2C_BROADCAST) {
 /*
  * This is a broadcast, the current_devs will be all the devices of the
  * bus.
@@ -221,7 +224,8 @@ static int i2c_slave_post_load(void *opaque, int version_id)
 I2CNode *node;
 
 bus = I2C_BUS(qdev_get_parent_bus(DEVICE(dev)));
-if ((bus->saved_address == dev->address) || (bus->broadcast)) {
+if ((bus->saved_address == dev->address) ||
+(bus->saved_address == I2C_BROADCAST)) {
 node = g_malloc(sizeof(struct I2CNode));
 node->elt = dev;
 QLIST_INSERT_HEAD(>current_devs, node, next);
-- 
2.7.4

[Qemu-devel] [PULL 13/25] mptsas: really fix migration compatibility

[Paolo Bonzini]

Commit 2e2aa316 removed internal flag msi_in_use, but it
existed in vmstate.  Restore it for migration to older QEMU
versions.

Reported-by: Amit Shah 
Suggested-by: Amit Shah 
Cc: Markus Armbruster 
Cc: Marcel Apfelbaum 
Cc: Paolo Bonzini 
Cc: Michael S. Tsirkin 
Cc: Amit Shah 
Cc: Cao jin 
Signed-off-by: Paolo Bonzini 
---
 hw/scsi/mptsas.c | 4 +++-
 hw/scsi/mptsas.h | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c
index bebe513..0e0a22f 100644
--- a/hw/scsi/mptsas.c
+++ b/hw/scsi/mptsas.c
@@ -1295,6 +1295,8 @@ static void mptsas_scsi_init(PCIDevice *dev, Error **errp)
 /* With msi=auto, we fall back to MSI off silently */
 error_free(err);
 
+/* Only used for migration.  */
+s->msi_in_use = (ret == 0);
 }
 
 memory_region_init_io(>mmio_io, OBJECT(s), _mmio_ops, s,
@@ -1370,7 +1372,7 @@ static const VMStateDescription vmstate_mptsas = {
 .post_load = mptsas_post_load,
 .fields  = (VMStateField[]) {
 VMSTATE_PCI_DEVICE(dev, MPTSASState),
-VMSTATE_UNUSED(sizeof(bool)), /* Was msi_in_use */
+VMSTATE_BOOL(msi_in_use, MPTSASState),
 VMSTATE_UINT32(state, MPTSASState),
 VMSTATE_UINT8(who_init, MPTSASState),
 VMSTATE_UINT8(doorbell_state, MPTSASState),
diff --git a/hw/scsi/mptsas.h b/hw/scsi/mptsas.h
index da014a3..0436a33 100644
--- a/hw/scsi/mptsas.h
+++ b/hw/scsi/mptsas.h
@@ -31,6 +31,8 @@ struct MPTSASState {
 OnOffAuto msi;
 uint64_t sas_addr;
 
+bool msi_in_use;
+
 /* Doorbell register */
 uint32_t state;
 uint8_t who_init;
-- 
2.7.4

[Qemu-devel] [PULL 11/25] qdist: use g_realloc_n instead of g_realloc

[Paolo Bonzini]

From: "Emilio G. Cota" 

While at it, remove the unnecessary parentheses around dist->size.

Signed-off-by: Emilio G. Cota 
Message-Id: <1469459025-23606-3-git-send-email-c...@braap.org>
Signed-off-by: Paolo Bonzini 
---
 util/qdist.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/qdist.c b/util/qdist.c
index eb2236c..cc31140 100644
--- a/util/qdist.c
+++ b/util/qdist.c
@@ -62,8 +62,8 @@ void qdist_add(struct qdist *dist, double x, long count)
 
 if (unlikely(dist->n == dist->size)) {
 dist->size *= 2;
-dist->entries = g_realloc(dist->entries,
-  sizeof(*dist->entries) * (dist->size));
+dist->entries = g_realloc_n(dist->entries, dist->size,
+sizeof(*dist->entries));
 }
 dist->n++;
 entry = >entries[dist->n - 1];
-- 
2.7.4

[Qemu-devel] [PULL 20/25] apic: fix broken migration for kvm-apic

[Paolo Bonzini]

From: Igor Mammedov 

commit f6e98444 (apic: Use apic_id as apic's migration instance_id)
breaks migration when in kernel irqchip is used for 2.6 and older
machine types.

It applies compat property only for userspace 'apic' type
instead of applying it to all apic types inherited from
'apic-common' type as it was supposed to do.

Fix it by setting compat property 'legacy-instance-id' for
'apic-common' type which affects inherited types (i.e. not
only 'apic' but also 'kvm-apic' types)

Signed-off-by: Igor Mammedov 
Message-Id: <1469800542-11402-1-git-send-email-imamm...@redhat.com>
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Paolo Bonzini 
---
 include/hw/i386/pc.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index c87c5c1..74c175c 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -388,7 +388,7 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
 .value = "off",\
 },\
 {\
-.driver   = "apic",\
+.driver   = "apic-common",\
 .property = "legacy-instance-id",\
 .value= "on",\
 },
-- 
2.7.4

[Qemu-devel] [PULL 07/25] util: Drop inet_listen()

[Paolo Bonzini]

From: Cao jin 

Since commit e65c67e4, inet_listen() is not used anymore, and all
inet listen operation goes through QIOChannel.

Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 
Cc: Eric Blake 

Signed-off-by: Cao jin 
Message-Id: <1469451771-1173-3-git-send-email-caoj.f...@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini 
---
 include/qemu/sockets.h |  2 --
 util/qemu-sockets.c| 28 
 2 files changed, 30 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 28a28c0..9eb2470 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -33,8 +33,6 @@ int socket_set_fast_reuse(int fd);
 typedef void NonBlockingConnectHandler(int fd, Error *err, void *opaque);
 
 InetSocketAddress *inet_parse(const char *str, Error **errp);
-int inet_listen(const char *str, char *ostr, int olen,
-int socktype, int port_offset, Error **errp);
 int inet_connect(const char *str, Error **errp);
 
 NetworkAddressFamily inet_netfamily(int family);
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 58f9a2c..2aed799 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -624,34 +624,6 @@ fail:
 return NULL;
 }
 
-int inet_listen(const char *str, char *ostr, int olen,
-int socktype, int port_offset, Error **errp)
-{
-char *optstr;
-int sock = -1;
-InetSocketAddress *addr;
-
-addr = inet_parse(str, errp);
-if (addr != NULL) {
-sock = inet_listen_saddr(addr, port_offset, true, errp);
-if (sock != -1 && ostr) {
-optstr = strchr(str, ',');
-if (addr->ipv6) {
-snprintf(ostr, olen, "[%s]:%s%s",
- addr->host,
- addr->port,
- optstr ? optstr : "");
-} else {
-snprintf(ostr, olen, "%s:%s%s",
- addr->host,
- addr->port,
- optstr ? optstr : "");
-}
-}
-qapi_free_InetSocketAddress(addr);
-}
-return sock;
-}
 
 /**
  * Create a blocking socket and connect it to an address.
-- 
2.7.4

[Qemu-devel] [PULL 06/25] util: drop unix_nonblocking_connect()

[Paolo Bonzini]

From: Cao jin 

It is never used; all nonblocking connect now goes through
socket_connect(), which calls unix_connect_addr().

Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 
Signed-off-by: Cao jin 
Message-Id: <1469097213-26441-3-git-send-email-caoj.f...@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini 
---
 include/qemu/sockets.h |  3 ---
 util/qemu-sockets.c| 16 
 2 files changed, 19 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 2cbe643..28a28c0 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -41,9 +41,6 @@ NetworkAddressFamily inet_netfamily(int family);
 
 int unix_listen(const char *path, char *ostr, int olen, Error **errp);
 int unix_connect(const char *path, Error **errp);
-int unix_nonblocking_connect(const char *str,
- NonBlockingConnectHandler *callback,
- void *opaque, Error **errp);
 
 SocketAddress *socket_parse(const char *str, Error **errp);
 int socket_connect(SocketAddress *addr, Error **errp,
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 2e0570b..58f9a2c 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -863,22 +863,6 @@ int unix_connect(const char *path, Error **errp)
 }
 
 
-int unix_nonblocking_connect(const char *path,
- NonBlockingConnectHandler *callback,
- void *opaque, Error **errp)
-{
-UnixSocketAddress *saddr;
-int sock = -1;
-
-g_assert(callback != NULL);
-
-saddr = g_new0(UnixSocketAddress, 1);
-saddr->path = g_strdup(path);
-sock = unix_connect_saddr(saddr, errp, callback, opaque);
-qapi_free_UnixSocketAddress(saddr);
-return sock;
-}
-
 SocketAddress *socket_parse(const char *str, Error **errp)
 {
 SocketAddress *addr;
-- 
2.7.4

[Qemu-devel] [PULL 10/25] qdist: fix memory leak during binning

[Paolo Bonzini]

From: "Emilio G. Cota" 

In qdist_bin__internal(), to->entries is initialized to a 1-element array,
which we then leak when n == from->n. Fix it.

Signed-off-by: Emilio G. Cota 
Message-Id: <1469459025-23606-2-git-send-email-c...@braap.org>
Signed-off-by: Paolo Bonzini 
---
 util/qdist.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/qdist.c b/util/qdist.c
index 56f5738..eb2236c 100644
--- a/util/qdist.c
+++ b/util/qdist.c
@@ -188,7 +188,7 @@ void qdist_bin__internal(struct qdist *to, const struct 
qdist *from, size_t n)
 }
 }
 /* they're equally spaced, so copy the dist and bail out */
-to->entries = g_new(struct qdist_entry, from->n);
+to->entries = g_realloc_n(to->entries, n, sizeof(*to->entries));
 to->n = from->n;
 memcpy(to->entries, from->entries, sizeof(*to->entries) * to->n);
 return;
-- 
2.7.4

[Qemu-devel] [PULL 08/25] qht: do not segfault when gathering stats from an uninitialized qht

[Paolo Bonzini]

From: "Emilio G. Cota" 

So far, QHT functions assume that the passed qht has previously been
initialized--otherwise they segfault.

This patch makes an exception for qht_statistics_init, with the goal
of simplifying calling code. For instance, qht_statistics_init is
called from the 'info jit' dump, and given that under KVM the TB qht
is never initialized, we get a segfault. Thus, instead of complicating
the 'info jit' code with additional checks, let's allow passing an
uninitialized qht to qht_statistics_init.

While at it, add a test for this to test-qht.

Before the patch (for $ qemu -enable-kvm [...]):
(qemu) info jit
[...]
direct jump count   0 (0%) (2 jumps=0 0%)
Program received signal SIGSEGV, Segmentation fault.

After the patch the "TB hash buckets", "TB hash occupancy"
and "TB hash avg chain" lines are omitted.
(qemu) info jit
[...]
direct jump count   0 (0%) (2 jumps=0 0%)
TB hash buckets 0/0 (-nan% head buckets used)
TB hash occupancy   nan% avg chain occ. Histogram: (null)
TB hash avg chain   nan buckets. Histogram: (null)
[...]

Reported by: Changlong Xie 
Signed-off-by: Emilio G. Cota 
Message-Id: <1469205390-14369-1-git-send-email-c...@braap.org>
[Extract printing statistics to an entirely separate function. - Paolo]
Signed-off-by: Paolo Bonzini 
---
 tests/test-qht.c |  4 
 translate-all.c  | 70 +++-
 util/qht.c   |  7 +-
 3 files changed, 49 insertions(+), 32 deletions(-)

diff --git a/tests/test-qht.c b/tests/test-qht.c
index f1d6283..46a64b6 100644
--- a/tests/test-qht.c
+++ b/tests/test-qht.c
@@ -95,8 +95,12 @@ static void iter_check(unsigned int count)
 
 static void qht_do_test(unsigned int mode, size_t init_entries)
 {
+/* under KVM we might fetch stats from an uninitialized qht */
+check_n(0);
+
 qht_init(, 0, mode);
 
+check_n(0);
 insert(0, N);
 check(0, N, true);
 check_n(N);
diff --git a/translate-all.c b/translate-all.c
index 0d47c1c..efeba29 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1663,15 +1663,50 @@ void tb_flush_jmp_cache(CPUState *cpu, target_ulong 
addr)
TB_JMP_PAGE_SIZE * sizeof(TranslationBlock *));
 }
 
+static void print_qht_statistics(FILE *f, fprintf_function cpu_fprintf,
+ struct qht_stats hst)
+{
+uint32_t hgram_opts;
+size_t hgram_bins;
+char *hgram;
+
+if (!hst.head_buckets) {
+return;
+}
+cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n",
+hst.used_head_buckets, hst.head_buckets,
+(double)hst.used_head_buckets / hst.head_buckets * 100);
+
+hgram_opts =  QDIST_PR_BORDER | QDIST_PR_LABELS;
+hgram_opts |= QDIST_PR_100X   | QDIST_PR_PERCENT;
+if (qdist_xmax() - qdist_xmin() == 1) {
+hgram_opts |= QDIST_PR_NODECIMAL;
+}
+hgram = qdist_pr(, 10, hgram_opts);
+cpu_fprintf(f, "TB hash occupancy   %0.2f%% avg chain occ. Histogram: 
%s\n",
+qdist_avg() * 100, hgram);
+g_free(hgram);
+
+hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
+hgram_bins = qdist_xmax() - qdist_xmin();
+if (hgram_bins > 10) {
+hgram_bins = 10;
+} else {
+hgram_bins = 0;
+hgram_opts |= QDIST_PR_NODECIMAL | QDIST_PR_NOBINRANGE;
+}
+hgram = qdist_pr(, hgram_bins, hgram_opts);
+cpu_fprintf(f, "TB hash avg chain   %0.3f buckets. Histogram: %s\n",
+qdist_avg(), hgram);
+g_free(hgram);
+}
+
 void dump_exec_info(FILE *f, fprintf_function cpu_fprintf)
 {
 int i, target_code_size, max_target_code_size;
 int direct_jmp_count, direct_jmp2_count, cross_page;
 TranslationBlock *tb;
 struct qht_stats hst;
-uint32_t hgram_opts;
-size_t hgram_bins;
-char *hgram;
 
 target_code_size = 0;
 max_target_code_size = 0;
@@ -1724,34 +1759,7 @@ void dump_exec_info(FILE *f, fprintf_function 
cpu_fprintf)
 tcg_ctx.tb_ctx.nb_tbs : 0);
 
 qht_statistics_init(_ctx.tb_ctx.htable, );
-
-cpu_fprintf(f, "TB hash buckets %zu/%zu (%0.2f%% head buckets used)\n",
-hst.used_head_buckets, hst.head_buckets,
-(double)hst.used_head_buckets / hst.head_buckets * 100);
-
-hgram_opts =  QDIST_PR_BORDER | QDIST_PR_LABELS;
-hgram_opts |= QDIST_PR_100X   | QDIST_PR_PERCENT;
-if (qdist_xmax() - qdist_xmin() == 1) {
-hgram_opts |= QDIST_PR_NODECIMAL;
-}
-hgram = qdist_pr(, 10, hgram_opts);
-cpu_fprintf(f, "TB hash occupancy   %0.2f%% avg chain occ. Histogram: 
%s\n",
-qdist_avg() * 100, hgram);
-g_free(hgram);
-
-hgram_opts = QDIST_PR_BORDER | QDIST_PR_LABELS;
-hgram_bins = qdist_xmax() - qdist_xmin();
-if (hgram_bins > 10) {
-hgram_bins = 10;
-} else {
-hgram_bins = 0;
-hgram_opts |= QDIST_PR_NODECIMAL | 

[Qemu-devel] [PULL 17/25] osdep: Document differences in rounding macros

[Paolo Bonzini]

From: Eric Blake 

Make it obvious which macros are safe in which situations.

Useful since QEMU_ALIGN_UP and ROUND_UP both purport to do
the same thing, but differ on whether the alignment must be
a power of 2.

Signed-off-by: Eric Blake 
Message-Id: <1469129688-22848-4-git-send-email-ebl...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 include/qemu/osdep.h | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index d7c111d..9e9fa61 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -158,7 +158,8 @@ extern int daemon(int, int);
 /* Round number down to multiple */
 #define QEMU_ALIGN_DOWN(n, m) ((n) / (m) * (m))
 
-/* Round number up to multiple */
+/* Round number up to multiple. Safe when m is not a power of 2 (see
+ * ROUND_UP for a faster version when a power of 2 is guaranteed) */
 #define QEMU_ALIGN_UP(n, m) QEMU_ALIGN_DOWN((n) + (m) - 1, (m))
 
 /* Check if n is a multiple of m */
@@ -175,6 +176,9 @@ extern int daemon(int, int);
 /* Check if pointer p is n-bytes aligned */
 #define QEMU_PTR_IS_ALIGNED(p, n) QEMU_IS_ALIGNED((uintptr_t)(p), (n))
 
+/* Round number up to multiple. Requires that d be a power of 2 (see
+ * QEMU_ALIGN_UP for a safer but slower version on arbitrary
+ * numbers) */
 #ifndef ROUND_UP
 #define ROUND_UP(n,d) (((n) + (d) - 1) & -(d))
 #endif
-- 
2.7.4

[Qemu-devel] [PULL 04/25] checkpatch: add check for bzero

[Paolo Bonzini]

Tested-By: Peter Xu 
Signed-off-by: Paolo Bonzini 
---
 scripts/checkpatch.pl | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index afa7f79..b7cb4ab 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -2544,7 +2544,7 @@ sub process {
}
}
 
-# check for non-portable ffs() calls that have portable alternatives in QEMU
+# check for non-portable libc calls that have portable alternatives in QEMU
if ($line =~ /\bffs\(/) {
ERROR("use ctz32() instead of ffs()\n" . $herecurr);
}
@@ -2554,6 +2554,9 @@ sub process {
if ($line =~ /\bffsll\(/) {
ERROR("use ctz64() instead of ffsll()\n" . $herecurr);
}
+   if ($line =~ /\bbzero\(/) {
+   ERROR("use memset() instead of bzero()\n" . $herecurr);
+   }
}
 
# If we have no input at all, then there is nothing to report on
-- 
2.7.4

[Qemu-devel] [PULL 00/25] Misc QEMU fixes for 2016-08-02

[Paolo Bonzini]

The following changes since commit cc0100f464c94bf80ad36cd432f4a1ed58126b60:

  MAINTAINERS: Update the Xilinx maintainers (2016-08-01 15:31:32 +0100)

are available in the git repository at:

  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to 3531bd22792beae5eba181bf88337d2ff1444817:

  util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset' 
(2016-08-02 15:00:26 +0200)


* xsetbv fix (x86 targets TCG)
* remove unused functions
* qht segfault and memory leak fixes
* NBD fixes
* Fix for non-power-of-2 discard granularity
* Memory hotplug fixes
* Migration regressions
* IOAPIC fixes and (disabled by default) EOI register support
* Various other small fixes


Cao jin (3):
  util: drop inet_nonblocking_connect()
  util: drop unix_nonblocking_connect()
  util: Drop inet_listen()

Dave Hansen (1):
  target-i386: fix typo in xsetbv implementation

Emilio G. Cota (4):
  qht: do not segfault when gathering stats from an uninitialized qht
  qdist: fix memory leak during binning
  qdist: use g_realloc_n instead of g_realloc
  qdist: return "(empty)" instead of NULL when printing an empty dist

Eric Blake (4):
  nbd: Fix bad flag detection on server
  nbd: Limit nbdflags to 16 bits
  osdep: Document differences in rounding macros
  block: Cater to iscsi with non-power-of-2 discard

Fam Zheng (1):
  qdev: Fix use after free in qdev_init_nofail error path

Greg Kurz (1):
  numa: set the memory backend "is_mapped" field

Igor Mammedov (3):
  fix qemu exit on memory hotplug when allocation fails at prealloc time
  i2c: fix migration regression introduced by broadcast support
  apic: fix broken migration for kvm-apic

Markus Armbruster (1):
  fw_cfg: Make base type "fw_cfg" abstract

Paolo Bonzini (3):
  util/qht: Document memory ordering assumptions
  checkpatch: add check for bzero
  mptsas: really fix migration compatibility

Peter Xu (2):
  x86: ioapic: ignore level irq during processing
  x86: ioapic: add support for explicit EOI

Robert Ho (1):
  Reorganize help output of '-display' option

Shmulik Ladkani (1):
  util: Fix assertion in iov_copy() upon zero 'bytes' and non-zero 'offset'

 backends/hostmem.c| 18 +++---
 block/io.c| 15 
 block/nbd-client.h|  2 +-
 exec.c| 10 --
 hw/core/qdev.c|  2 ++
 hw/i2c/core.c | 10 --
 hw/intc/ioapic.c  | 36 +++
 hw/nvram/fw_cfg.c |  1 +
 hw/scsi/mptsas.c  |  4 ++-
 hw/scsi/mptsas.h  |  2 ++
 include/block/block_int.h | 37 +++-
 include/block/nbd.h   |  6 ++--
 include/hw/i386/ioapic_internal.h |  4 +--
 include/hw/i386/pc.h  |  2 +-
 include/qemu/osdep.h  |  8 +++--
 include/qemu/qht.h|  5 +++
 include/qemu/sockets.h|  8 -
 nbd/client.c  | 28 ---
 nbd/server.c  | 13 ---
 numa.c|  1 +
 qemu-nbd.c|  4 +--
 qemu-options.hx   | 29 +++
 scripts/checkpatch.pl |  5 ++-
 target-i386/translate.c   |  2 +-
 tests/test-qdist.c| 10 --
 tests/test-qht.c  |  4 +++
 translate-all.c   | 70 
 util/iov.c|  3 +-
 util/oslib-posix.c| 26 +++---
 util/oslib-win32.c|  2 +-
 util/qdist.c  | 12 ---
 util/qemu-sockets.c   | 74 ---
 util/qht.c| 14 ++--
 33 files changed, 251 insertions(+), 216 deletions(-)
-- 
2.7.4

[Qemu-devel] [PULL 09/25] target-i386: fix typo in xsetbv implementation

[Paolo Bonzini]

From: Dave Hansen 

QEMU 2.6 added support for the XSAVE family of instructions, which
includes the XSETBV instruction which allows setting the XCR0
register.

But, when booting Linux kernels with XSAVE support enabled, I was
getting very early crashes where the instruction pointer was set
to 0x3.  I tracked it down to a jump instruction generated by this:

gen_jmp_im(s->pc - pc_start);

where s->pc is pointing to the instruction after XSETBV and pc_start
is pointing _at_ XSETBV.  Subtract the two and you get 0x3.  Whoops.

The fix is to replace this typo with the pattern found everywhere
else in the file when folks want to end the translation buffer.

Richard Henderson confirmed that this is a bug and that this is the
correct fix.

Signed-off-by: Dave Hansen 
Cc: qemu-sta...@nongnu.org
Cc: Eduardo Habkost 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 target-i386/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index e81fce7..fa2ac48 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -7176,7 +7176,7 @@ static target_ulong disas_insn(CPUX86State *env, 
DisasContext *s,
 tcg_gen_trunc_tl_i32(cpu_tmp2_i32, cpu_regs[R_ECX]);
 gen_helper_xsetbv(cpu_env, cpu_tmp2_i32, cpu_tmp1_i64);
 /* End TB because translation flags may change.  */
-gen_jmp_im(s->pc - pc_start);
+gen_jmp_im(s->pc - s->cs_base);
 gen_eob(s);
 break;
 
-- 
2.7.4

[Qemu-devel] [PULL 03/25] fix qemu exit on memory hotplug when allocation fails at prealloc time

[Paolo Bonzini]

From: Igor Mammedov 

When adding hostmem backend at runtime, QEMU might exit with error:
  "os_mem_prealloc: Insufficient free host memory pages available to allocate 
guest RAM"

It happens due to os_mem_prealloc() not handling errors gracefully.

Fix it by passing errp argument so that os_mem_prealloc() could
report error to callers and undo performed allocation when
os_mem_prealloc() fails.

Signed-off-by: Igor Mammedov 
Message-Id: <1469008443-72059-1-git-send-email-imamm...@redhat.com>
Reviewed-by: Markus Armbruster 
Signed-off-by: Paolo Bonzini 
---
 backends/hostmem.c   | 18 ++
 exec.c   | 10 --
 include/qemu/osdep.h |  2 +-
 util/oslib-posix.c   | 26 +-
 util/oslib-win32.c   |  2 +-
 5 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/backends/hostmem.c b/backends/hostmem.c
index ac80257..b7a208d 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -203,6 +203,7 @@ static bool host_memory_backend_get_prealloc(Object *obj, 
Error **errp)
 static void host_memory_backend_set_prealloc(Object *obj, bool value,
  Error **errp)
 {
+Error *local_err = NULL;
 HostMemoryBackend *backend = MEMORY_BACKEND(obj);
 
 if (backend->force_prealloc) {
@@ -223,7 +224,11 @@ static void host_memory_backend_set_prealloc(Object *obj, 
bool value,
 void *ptr = memory_region_get_ram_ptr(>mr);
 uint64_t sz = memory_region_size(>mr);
 
-os_mem_prealloc(fd, ptr, sz);
+os_mem_prealloc(fd, ptr, sz, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
 backend->prealloc = true;
 }
 }
@@ -286,8 +291,7 @@ host_memory_backend_memory_complete(UserCreatable *uc, 
Error **errp)
 if (bc->alloc) {
 bc->alloc(backend, _err);
 if (local_err) {
-error_propagate(errp, local_err);
-return;
+goto out;
 }
 
 ptr = memory_region_get_ram_ptr(>mr);
@@ -343,9 +347,15 @@ host_memory_backend_memory_complete(UserCreatable *uc, 
Error **errp)
  * specified NUMA policy in place.
  */
 if (backend->prealloc) {
-os_mem_prealloc(memory_region_get_fd(>mr), ptr, sz);
+os_mem_prealloc(memory_region_get_fd(>mr), ptr, sz,
+_err);
+if (local_err) {
+goto out;
+}
 }
 }
+out:
+error_propagate(errp, local_err);
 }
 
 static bool
diff --git a/exec.c b/exec.c
index 50e3ee2..8ffde75 100644
--- a/exec.c
+++ b/exec.c
@@ -1226,7 +1226,7 @@ static void *file_ram_alloc(RAMBlock *block,
 char *filename;
 char *sanitized_name;
 char *c;
-void *area;
+void *area = MAP_FAILED;
 int fd = -1;
 int64_t page_size;
 
@@ -1314,13 +1314,19 @@ static void *file_ram_alloc(RAMBlock *block,
 }
 
 if (mem_prealloc) {
-os_mem_prealloc(fd, area, memory);
+os_mem_prealloc(fd, area, memory, errp);
+if (errp && *errp) {
+goto error;
+}
 }
 
 block->fd = fd;
 return area;
 
 error:
+if (area != MAP_FAILED) {
+qemu_ram_munmap(area, memory);
+}
 if (unlink_on_error) {
 unlink(path);
 }
diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index fbb8759..d7c111d 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -379,7 +379,7 @@ unsigned long qemu_getauxval(unsigned long type);
 
 void qemu_set_tty_echo(int fd, bool echo);
 
-void os_mem_prealloc(int fd, char *area, size_t sz);
+void os_mem_prealloc(int fd, char *area, size_t sz, Error **errp);
 
 int qemu_read_password(char *buf, int buf_size);
 
diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index 6d70d9a..f2d4e9e 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -318,7 +318,7 @@ static void sigbus_handler(int signal)
 siglongjmp(sigjump, 1);
 }
 
-void os_mem_prealloc(int fd, char *area, size_t memory)
+void os_mem_prealloc(int fd, char *area, size_t memory, Error **errp)
 {
 int ret;
 struct sigaction act, oldact;
@@ -330,8 +330,9 @@ void os_mem_prealloc(int fd, char *area, size_t memory)
 
 ret = sigaction(SIGBUS, , );
 if (ret) {
-perror("os_mem_prealloc: failed to install signal handler");
-exit(1);
+error_setg_errno(errp, errno,
+"os_mem_prealloc: failed to install signal handler");
+return;
 }
 
 /* unblock SIGBUS */
@@ -340,9 +341,8 @@ void os_mem_prealloc(int fd, char *area, size_t memory)
 pthread_sigmask(SIG_UNBLOCK, , );
 
 if (sigsetjmp(sigjump, 1)) {
-fprintf(stderr, "os_mem_prealloc: Insufficient free host memory "
-"pages available to allocate guest RAM\n");
-exit(1);
+error_setg(errp, "os_mem_prealloc: Insufficient free host memory 

[Qemu-devel] [PULL 02/25] numa: set the memory backend "is_mapped" field

[Paolo Bonzini]

From: Greg Kurz 

Commit 2aece63 "hostmem: detect host backend memory is being used properly"
added a way to know if a memory backend is busy or available for use. It
caused a slight regression if we pass the same backend to a NUMA node and
to a pc-dimm device:

-m 1G,slots=2,maxmem=2G \
-object memory-backend-ram,size=1G,id=mem-mem1 \
-device pc-dimm,id=dimm-mem1,memdev=mem-mem1 \
-numa node,nodeid=0,memdev=mem-mem1

Before commit 2aece63, this would cause QEMU to print an error message and
to exit gracefully:

qemu-system-ppc64: -device pc-dimm,id=dimm-mem1,memdev=mem-mem1:
can't use already busy memdev: mem-mem1

Since commit 2aece63, QEMU hits an assertion in the memory code:

qemu-system-ppc64: memory.c:1934: memory_region_add_subregion_common:
Assertion `!subregion->container' failed.
Aborted

This happens because pc-dimm devices don't use memory_region_is_mapped()
anymore and cannot guess the backend is already used by a NUMA node.

Let's revert to the previous behavior by turning the NUMA code to also
call host_memory_backend_set_mapped() when it uses a backend.

Fixes: 2aece63c8a9d2c3a8ff41d2febc4cdeff261
Signed-off-by: Greg Kurz 
Message-Id: <146891691503.15642.9817215371777203794.st...@bahia.lan>
Signed-off-by: Paolo Bonzini 
---
 numa.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/numa.c b/numa.c
index cbae430..7286171 100644
--- a/numa.c
+++ b/numa.c
@@ -463,6 +463,7 @@ void memory_region_allocate_system_memory(MemoryRegion *mr, 
Object *owner,
 exit(1);
 }
 
+host_memory_backend_set_mapped(backend, true);
 memory_region_add_subregion(mr, addr, seg);
 vmstate_register_ram_global(seg);
 addr += size;
-- 
2.7.4

[Qemu-devel] [PULL 01/25] util/qht: Document memory ordering assumptions

[Paolo Bonzini]

It is naturally expected that some memory ordering should be provided
around qht_insert() and qht_lookup(). Document these assumptions in the
header file and put some comments in the source to denote how that
memory ordering requirements are fulfilled.

Signed-off-by: Paolo Bonzini 
[Sergey Fedorov: commit title and message provided;
comment on qht_remove() elided]
Signed-off-by: Sergey Fedorov 
Message-Id: <20160715175852.30749-2-sergey.fedo...@linaro.org>
Signed-off-by: Paolo Bonzini 
---
 include/qemu/qht.h | 5 +
 util/qht.c | 7 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/include/qemu/qht.h b/include/qemu/qht.h
index 70bfc68..311139b 100644
--- a/include/qemu/qht.h
+++ b/include/qemu/qht.h
@@ -69,6 +69,9 @@ void qht_destroy(struct qht *ht);
  * Attempting to insert a NULL @p is a bug.
  * Inserting the same pointer @p with different @hash values is a bug.
  *
+ * In case of successful operation, smp_wmb() is implied before the pointer is
+ * inserted into the hash table.
+ *
  * Returns true on sucess.
  * Returns false if the @p-@hash pair already exists in the hash table.
  */
@@ -83,6 +86,8 @@ bool qht_insert(struct qht *ht, void *p, uint32_t hash);
  *
  * Needs to be called under an RCU read-critical section.
  *
+ * smp_read_barrier_depends() is implied before the call to @func.
+ *
  * The user-provided @func compares pointers in QHT against @userp.
  * If the function returns true, a match has been found.
  *
diff --git a/util/qht.c b/util/qht.c
index 40d6e21..28ce289 100644
--- a/util/qht.c
+++ b/util/qht.c
@@ -445,7 +445,11 @@ void *qht_do_lookup(struct qht_bucket *head, 
qht_lookup_func_t func,
 do {
 for (i = 0; i < QHT_BUCKET_ENTRIES; i++) {
 if (b->hashes[i] == hash) {
-void *p = atomic_read(>pointers[i]);
+/* The pointer is dereferenced before seqlock_read_retry,
+ * so (unlike qht_insert__locked) we need to use
+ * atomic_rcu_read here.
+ */
+void *p = atomic_rcu_read(>pointers[i]);
 
 if (likely(p) && likely(func(p, userp))) {
 return p;
@@ -535,6 +539,7 @@ static bool qht_insert__locked(struct qht *ht, struct 
qht_map *map,
 atomic_rcu_set(>next, b);
 }
 b->hashes[i] = hash;
+/* smp_wmb() implicit in seqlock_write_begin.  */
 atomic_set(>pointers[i], p);
 seqlock_write_end(>sequence);
 return true;
-- 
2.7.4

[Qemu-devel] [PULL 05/25] util: drop inet_nonblocking_connect()

[Paolo Bonzini]

From: Cao jin 

It is never used; all nonblocking connect now goes through
socket_connect(), which calls inet_connect_addr().

Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 
Signed-off-by: Cao jin 
Message-Id: <1469097213-26441-2-git-send-email-caoj.f...@cn.fujitsu.com>
Signed-off-by: Paolo Bonzini 
---
 include/qemu/sockets.h |  3 ---
 util/qemu-sockets.c| 30 --
 2 files changed, 33 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 5fe01fb..2cbe643 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -36,9 +36,6 @@ InetSocketAddress *inet_parse(const char *str, Error **errp);
 int inet_listen(const char *str, char *ostr, int olen,
 int socktype, int port_offset, Error **errp);
 int inet_connect(const char *str, Error **errp);
-int inet_nonblocking_connect(const char *str,
- NonBlockingConnectHandler *callback,
- void *opaque, Error **errp);
 
 NetworkAddressFamily inet_netfamily(int family);
 
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 777af49..2e0570b 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -674,36 +674,6 @@ int inet_connect(const char *str, Error **errp)
 return sock;
 }
 
-/**
- * Create a non-blocking socket and connect it to an address.
- * Calls the callback function with fd in case of success or -1 in case of
- * error.
- *
- * @str: address string
- * @callback: callback function that is called when connect completes,
- *cannot be NULL.
- * @opaque: opaque for callback function
- * @errp: set in case of an error
- *
- * Returns: -1 on immediate error, file descriptor on success.
- **/
-int inet_nonblocking_connect(const char *str,
- NonBlockingConnectHandler *callback,
- void *opaque, Error **errp)
-{
-int sock = -1;
-InetSocketAddress *addr;
-
-g_assert(callback != NULL);
-
-addr = inet_parse(str, errp);
-if (addr != NULL) {
-sock = inet_connect_saddr(addr, errp, callback, opaque);
-qapi_free_InetSocketAddress(addr);
-}
-return sock;
-}
-
 #ifndef _WIN32
 
 static int unix_listen_saddr(UnixSocketAddress *saddr,
-- 
2.7.4

Re: [Qemu-devel] [PATCH v5 11/13] cpu-exec-common: Introduce async_safe_run_on_cpu()

[Emilio G. Cota]

On Tue, Aug 02, 2016 at 18:27:42 +0100, Alex Bennée wrote:
> From: Sergey Fedorov 
> 
> This patch is based on the ideas found in work of KONRAD Frederic [1],
> Alex Bennée [2], and Alvise Rigo [3].
> 
> This mechanism allows to perform an operation safely in a quiescent
> state. Quiescent state means: (1) no vCPU is running and (2) BQL in
> system-mode or 'exclusive_lock' in user-mode emulation is held while
> performing the operation. This functionality is required e.g. for
> performing translation buffer flush safely in multi-threaded user-mode
> emulation.
> 
> The existing CPU work queue is used to schedule such safe operations. A
> new 'safe' flag is added into struct qemu_work_item to designate the
> special requirements of the safe work. An operation in a quiescent sate

s/sate/state/

(snip)
> index a233f01..6d5da15 100644
> --- a/cpu-exec-common.c
> +++ b/cpu-exec-common.c
> @@ -25,6 +25,7 @@
>  
>  bool exit_request;
>  CPUState *tcg_current_cpu;
> +int tcg_pending_threads;
>  
>  /* exit the current TB, but without causing any exception to be raised */
>  void cpu_loop_exit_noexc(CPUState *cpu)
> @@ -79,6 +80,35 @@ void cpu_loop_exit_restore(CPUState *cpu, uintptr_t pc)
>  }
>  
>  QemuCond qemu_work_cond;
> +QemuCond qemu_safe_work_cond;
> +QemuCond qemu_exclusive_cond;
> +
> +static int safe_work_pending;
> +
> +#ifdef CONFIG_USER_ONLY
> +#define can_wait_for_safe() (1)
> +#else
> +/*
> + * We never sleep in SoftMMU emulation because we would deadlock as
> + * all vCPUs are in the same thread. This will change for MTTCG
> + * however.
> + */
> +#define can_wait_for_safe() (0)
> +#endif
> +
> +void wait_safe_cpu_work(void)
> +{
> +while (can_wait_for_safe() && atomic_mb_read(_work_pending) > 0) {

The atomic here is puzzling, see below.

> +/*
> + * If there is pending safe work and no pending threads we
> + * need to signal another thread to start its work.
> + */
> +if (tcg_pending_threads == 0) {
> +qemu_cond_signal(_exclusive_cond);
> +}
> +qemu_cond_wait(_safe_work_cond, qemu_get_cpu_work_mutex());
> +}
> +}
>  
>  static void queue_work_on_cpu(CPUState *cpu, struct qemu_work_item *wi)
>  {
> @@ -91,9 +121,18 @@ static void queue_work_on_cpu(CPUState *cpu, struct 
> qemu_work_item *wi)
>  cpu->queued_work_last = wi;
>  wi->next = NULL;
>  wi->done = false;
> +if (wi->safe) {
> +atomic_inc(_work_pending);
> +}

This doesn't seem right. Operating on the condvar's shared 'state' variable
should always be done with the condvar's mutex held. Otherwise, there's
no guarantee that sleepers will always see a consistent state when they're
woken up, which can easily lead to deadlock.

I suspect this is what caused the deadlock you saw in the last iteration
of the series.

An additional requirement is the fact that new CPUs can come anytime in
user-mode (imagine we're flushing the TB while a new pthread was just
spawned). This is easily triggered by greatly reducing the size of the
translation buffer, and spawning dozens of threads. This patch, as it
stands, won't catch the new threads coming in, because at the time
"safe work" was assigned, the new threads might not be seen by
CPU_FOREACH (btw, the CPU list should be converted to RCU, but a
ppc machine might be affected, see [1])

A possible fix is to sched safe work after exiting the CPU loop, i.e.
with qemu_get_cpu_work_mutex held. I tried this on v4 of this patchset
and doesn't scale very well on 64 cores (too much contention
on tb_lock), although at least it doesn't deadlock.

An alternative is to have a separate lock for safe work, and check for
safe work once there are no other locks held; a good place to do this is
at the beginning of cpu_loop_exec. This scales better, and I'd argue
it's simpler. In fact, I posted a patch that does this about a year
ago (!):
  https://lists.nongnu.org/archive/html/qemu-devel/2015-08/msg02576.html
Paolo didn't like condvars, but now I see them coming up again. I guess
he still won't like the synchronize_rcu() call in there, and I don't like
it either, but I don't think that's an essential part of that patch.

Thanks,

Emilio

[1] https://lists.nongnu.org/archive/html/qemu-devel/2015-08/msg02581.html

Re: [Qemu-devel] [PATCH] numa: set the memory backend "is_mapped" field

[Paolo Bonzini]

- Original Message -
> From: "Eduardo Habkost" 
> To: "Igor Mammedov" 
> Cc: "Greg Kurz" , "Thomas Huth" , 
> qemu-devel@nongnu.org, pbonz...@redhat.com
> Sent: Tuesday, August 2, 2016 8:00:06 PM
> Subject: Re: [Qemu-devel] [PATCH] numa: set the memory backend "is_mapped" 
> field
> 
> On Tue, Jul 19, 2016 at 12:07:53PM +0200, Igor Mammedov wrote:
> > On Tue, 19 Jul 2016 10:28:35 +0200
> > Greg Kurz  wrote:
> > 
> > > Commit 2aece63 "hostmem: detect host backend memory is being used
> > > properly"
> > > added a way to know if a memory backend is busy or available for use. It
> > > caused a slight regression if we pass the same backend to a NUMA node and
> > > to a pc-dimm device:
> > > 
> > > -m 1G,slots=2,maxmem=2G \
> > > -object memory-backend-ram,size=1G,id=mem-mem1 \
> > > -device pc-dimm,id=dimm-mem1,memdev=mem-mem1 \
> > > -numa node,nodeid=0,memdev=mem-mem1
> > > 
> > > Before commit 2aece63, this would cause QEMU to print an error message
> > > and
> > > to exit gracefully:
> > > 
> > > qemu-system-ppc64: -device pc-dimm,id=dimm-mem1,memdev=mem-mem1:
> > > can't use already busy memdev: mem-mem1
> > > 
> > > Since commit 2aece63, QEMU hits an assertion in the memory code:
> > > 
> > > qemu-system-ppc64: memory.c:1934: memory_region_add_subregion_common:
> > > Assertion `!subregion->container' failed.
> > > Aborted
> > > 
> > > This happens because pc-dimm devices don't use memory_region_is_mapped()
> > > anymore and cannot guess the backend is already used by a NUMA node.
> > > 
> > > Let's revert to the previous behavior by turning the NUMA code to also
> > > call host_memory_backend_set_mapped() when it uses a backend.
> > > 
> > > Fixes: 2aece63c8a9d2c3a8ff41d2febc4cdeff261
> > > Signed-off-by: Greg Kurz 
> > Reviewed-by: Igor Mammedov 
> 
> I have just noticed that this fell through the cracks, sorry.
> Applied to numa-next. Thanks!

Actually I am just finishing tests of a pull request that included it
(because I was the one that caused the regression).  Ok for me to just
handle this one patch?

Paolo

Re: [Qemu-devel] [PULL 09/10] docker: Don't start a container that doesn't exist

[Paolo Bonzini]

On 19/07/2016 16:31, Fam Zheng wrote:
> Image building targets are dependencies of test running targets, so when
> a docker image doesn't exist, it means it's skipped (due to dependency
> checks in pre script). Therefore, skip the test too.
> 
> Signed-off-by: Fam Zheng 
> Message-id: 1468934445-32183-10-git-send-email-f...@redhat.com
> ---
>  tests/docker/Makefile.include | 6 +-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
> index c5546ee..e7f0023 100644
> --- a/tests/docker/Makefile.include
> +++ b/tests/docker/Makefile.include
> @@ -105,7 +105,10 @@ docker-run-%: docker-qemu-src
>   fi
>   $(if $(filter $(TESTS),$(CMD)),$(if $(filter $(IMAGES),$(IMAGE)), \
>   $(call quiet-command,\
> - $(SRC_PATH)/tests/docker/docker.py run $(if $V,,--rm) \
> + if $(SRC_PATH)/tests/docker/docker.py images \
> + --format={{.Repository}}:{{.Tag}} | \
> + grep -qx qemu:$(IMAGE); then \
> + $(SRC_PATH)/tests/docker/docker.py run $(if 
> $V,,--rm) \
>   -t \
>   $(if $(DEBUG),-i,--net=none) \
>   -e TARGET_LIST=$(TARGET_LIST) \
> @@ -117,6 +120,7 @@ docker-run-%: docker-qemu-src
>   qemu:$(IMAGE) \
>   /var/tmp/qemu/run \
>   $(CMD); \
> + fi \
>   , "  RUN $(CMD) in $(IMAGE)")))
>  
>  docker-clean:
> 

This breaks the version of Docker in RHEL7.2, which doesn't have
--format.  Is it possible to revert it?

Paolo

[Qemu-devel] [PATCH for-2.7] atapi: fix halted DMA reset

[John Snow]

Followup to 87ac25fd, this time for ATAPI DMA.

Reported-by: Paolo Bonzini 
Signed-off-by: John Snow 
---
 hw/ide/atapi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 95056d9..6189675 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -386,6 +386,7 @@ static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret)
 if (ret < 0) {
 if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
 if (s->bus->error_status) {
+s->bus->dma->aiocb = NULL;
 return;
 }
 goto eot;
-- 
2.7.4

Re: [Qemu-devel] [PATCH v5 13/13] cpu-exec: replace cpu->queued_work with GArray

[Emilio G. Cota]

On Tue, Aug 02, 2016 at 18:27:44 +0100, Alex Bennée wrote:
> Under times of high memory stress the additional small mallocs by a
> linked list are source of potential memory fragmentation. As we have
> worked hard to avoid mallocs elsewhere when queuing work we might as
> well do the same for the list. We convert the lists to a auto-resizeing
> GArray which will re-size in steps of powers of 2.

Would be nice to see numbers on how this compares to simply using
tcmalloc/jemalloc (or the glibc allocator, really).

Thanks,

Emilio

Re: [Qemu-devel] [PATCH] trace: add syslog tracing backend

[Dr. David Alan Gilbert]

* Daniel P. Berrange (berra...@redhat.com) wrote:
> On Tue, Aug 02, 2016 at 04:06:42PM +0100, Paul Durrant wrote:
> > This patch adds a tracing backend which sends output using syslog().
> > The syslog backend is limited to POSIX compliant systems.
> > 
> > openlog() is called with facility set to LOG_DAEMON, with the LOG_PID
> > option. Trace events are logged at level LOG_INFO.
> 
> I'm not entirely convinced that sending trace output to syslog
> is a great idea. Syslog is really for important system messages
> at low/moderate volumes, while the QEMU trace feature is really
> adhoc developer debugging at potentially huge message volume.
> Many syslog impls will rate limit and either drop or merge messages
> from the client. IMHO this makes syslog pretty undesirable as a
> tracing backend in general.

Not all uses of qemu trace are vast outputs; some of them are just
a handful per run (e.g. 'did we hit the . case' or 'did we fail before
or after the ').  I'd agree that lossy logging systems are a pain;
I can see why you'd want to do this.

Dave

> 
> > 
> > Signed-off-by: Paul Durrant 
> > Cc: Stefan Hajnoczi 
> > ---
> >  configure   | 19 
> >  scripts/tracetool/backend/syslog.py | 45 
> > +
> >  trace/control.c |  7 ++
> >  3 files changed, 71 insertions(+)
> >  create mode 100644 scripts/tracetool/backend/syslog.py
> > 
> > diff --git a/configure b/configure
> > index 879324b..fce00b8 100755
> > --- a/configure
> > +++ b/configure
> > @@ -4189,6 +4189,18 @@ if compile_prog "" "" ; then
> >  fi
> >  
> >  ##
> > +# check if we have posix_syslog
> > +
> > +posix_syslog=no
> > +cat > $TMPC << EOF
> > +#include 
> > +int main(void) { openlog("qemu", LOG_PID, LOG_DAEMON); syslog(LOG_INFO, 
> > "configure"); return 0; }
> > +EOF
> > +if compile_prog "" "" ; then
> > +posix_syslog=yes
> > +fi
> > +
> > +##
> >  # check if trace backend exists
> >  
> >  $python "$source_path/scripts/tracetool.py" "--backends=$trace_backends" 
> > --check-backends  > /dev/null 2> /dev/null
> > @@ -5456,6 +5468,13 @@ if have_backend "ftrace"; then
> >  feature_not_found "ftrace(trace backend)" "ftrace requires Linux"
> >fi
> >  fi
> > +if have_backend "syslog"; then
> > +  if test "$posix_syslog" = "yes" ; then
> > +echo "CONFIG_TRACE_SYSLOG=y" >> $config_host_mak
> > +  else
> > +feature_not_found "syslog(trace backend)" "syslog not available"
> > +  fi
> > +fi
> >  echo "CONFIG_TRACE_FILE=$trace_file" >> $config_host_mak
> >  
> >  if test "$rdma" = "yes" ; then
> > diff --git a/scripts/tracetool/backend/syslog.py 
> > b/scripts/tracetool/backend/syslog.py
> > new file mode 100644
> > index 000..2668947
> > --- /dev/null
> > +++ b/scripts/tracetool/backend/syslog.py
> > @@ -0,0 +1,45 @@
> > +#!/usr/bin/env python
> > +# -*- coding: utf-8 -*-
> > +
> > +"""
> > +Syslog built-in backend.
> > +"""
> > +
> > +__author__ = "Paul Durrant "
> > +__copyright__  = "Copyright 2016, Citrix Systems Inc."
> > +__license__= "GPL version 2 or (at your option) any later version"
> > +
> > +__maintainer__ = "Stefan Hajnoczi"
> > +__email__  = "stefa...@redhat.com"
> > +
> > +
> > +from tracetool import out
> > +
> > +
> > +PUBLIC = True
> > +
> > +
> > +def generate_h_begin(events):
> > +out('#include "trace/control.h"',
> > +'#include ',
> > +'')
> > +
> > +
> > +def generate_h(event):
> > +argnames = ", ".join(event.args.names())
> > +if len(event.args) > 0:
> > +argnames = ", " + argnames
> > +
> > +if "vcpu" in event.properties:
> > +# already checked on the generic format code
> > +cond = "true"
> > +else:
> > +cond = "trace_event_get_state(%s)" % ("TRACE_" + 
> > event.name.upper())
> > +
> > +out('if (%(cond)s) {',
> > +'syslog(LOG_INFO, "%(name)s " %(fmt)s %(argnames)s);',
> > +'}',
> > +cond=cond,
> > +name=event.name,
> > +fmt=event.fmt.rstrip("\n"),
> > +argnames=argnames)
> > diff --git a/trace/control.c b/trace/control.c
> > index d173c09..b179cde 100644
> > --- a/trace/control.c
> > +++ b/trace/control.c
> > @@ -19,6 +19,9 @@
> >  #ifdef CONFIG_TRACE_LOG
> >  #include "qemu/log.h"
> >  #endif
> > +#ifdef CONFIG_TRACE_SYSLOG
> > +#include 
> > +#endif
> >  #include "qapi/error.h"
> >  #include "qemu/error-report.h"
> >  #include "qemu/config-file.h"
> > @@ -250,6 +253,10 @@ bool trace_init_backends(void)
> >  }
> >  #endif
> >  
> > +#ifdef CONFIG_TRACE_SYSLOG
> > +openlog(NULL, LOG_PID, LOG_DAEMON);
> > +#endif
> > +
> >  return true;
> >  }
> >  
> > -- 
> > 2.1.4
> > 
> > 
> 
> Regards,
> Daniel
> -- 
> |: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|

Re: [Qemu-devel] [PATCH] xen: use a common function for pv and hvm guest backend register calls

[Stefano Stabellini]

On Tue, 2 Aug 2016, Gerd Hoffmann wrote:
> On Di, 2016-08-02 at 08:32 +0200, Juergen Gross wrote:
> > Instead of calling xen_be_register() for each supported backend type
> > for hvm and pv guests in their machine init functions use a common
> > function in order not to have to add new backends twice.
> > 
> > This at once fixes the error that hvm domains couldn't use the qusb
> > backend.
> 
> Looks good to me.  Should I take this through the usb patch queue,
> together with the other xen-usb fixes (once codestyle issues are fixed)?
> If so, can I get an ack from xen please, preferably fast enough for
> -rc2?

Hi Gerd, I am happy for you to handle all three patches (if for any
reasons you change your mind I can do it).
"xen: bug fixes in Xen backend handling" v2 is ready to be committed,
and I am just waiting for an answer on this patch.

Re: [Qemu-devel] [PATCH] xen: use a common function for pv and hvm guest backend register calls

[Stefano Stabellini]

On Tue, 2 Aug 2016, Juergen Gross wrote:
> Instead of calling xen_be_register() for each supported backend type
> for hvm and pv guests in their machine init functions use a common
> function in order not to have to add new backends twice.
> 
> This at once fixes the error that hvm domains couldn't use the qusb
> backend.
> 
> Signed-off-by: Juergen Gross 
> ---
> Is it on purpose the qnic and vfb backends are not registered for HVM?

Yes, it is on purpose: there is no code in any toolstacks to use qnic,
and the presence of vfb can cause problems to Linux HVM guests (or at
least it used to), additionally vfb for HVM guests is also disabled in
libxl.

In general, it is a good idea to disable code that is not supposed to be
used.

Can qusb be used with HVM guests with libxl/xl?


>  hw/xen/xen_backend.c | 10 ++
>  hw/xenpv/xen_machine_pv.c|  7 +--
>  include/hw/xen/xen_backend.h |  1 +
>  xen-hvm.c|  4 +---
>  4 files changed, 13 insertions(+), 9 deletions(-)
> 
> diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
> index bab79b1..1b88891 100644
> --- a/hw/xen/xen_backend.c
> +++ b/hw/xen/xen_backend.c
> @@ -800,6 +800,16 @@ int xen_be_register(const char *type, struct XenDevOps 
> *ops)
>  return xenstore_scan(type, xen_domid, ops);
>  }
>  
> +void xen_be_register_common(void)
> +{
> +xen_be_register("console", _console_ops);
> +xen_be_register("vkbd", _kbdmouse_ops);
> +xen_be_register("qdisk", _blkdev_ops);
> +#ifdef CONFIG_USB_LIBUSB
> +xen_be_register("qusb", _usb_ops);
> +#endif
> +}
> +
>  int xen_be_bind_evtchn(struct XenDevice *xendev)
>  {
>  if (xendev->local_port != -1) {
> diff --git a/hw/xenpv/xen_machine_pv.c b/hw/xenpv/xen_machine_pv.c
> index 48f725c..79aef4e 100644
> --- a/hw/xenpv/xen_machine_pv.c
> +++ b/hw/xenpv/xen_machine_pv.c
> @@ -67,14 +67,9 @@ static void xen_init_pv(MachineState *machine)
>  break;
>  }
>  
> -xen_be_register("console", _console_ops);
> -xen_be_register("vkbd", _kbdmouse_ops);
> +xen_be_register_common();
>  xen_be_register("vfb", _framebuffer_ops);
> -xen_be_register("qdisk", _blkdev_ops);
>  xen_be_register("qnic", _netdev_ops);
> -#ifdef CONFIG_USB_LIBUSB
> -xen_be_register("qusb", _usb_ops);
> -#endif
>  
>  /* configure framebuffer */
>  if (xenfb_enabled) {
> diff --git a/include/hw/xen/xen_backend.h b/include/hw/xen/xen_backend.h
> index 754c0a4..0df282a 100644
> --- a/include/hw/xen/xen_backend.h
> +++ b/include/hw/xen/xen_backend.h
> @@ -87,6 +87,7 @@ void xen_be_check_state(struct XenDevice *xendev);
>  
>  /* xen backend driver bits */
>  int xen_be_init(void);
> +void xen_be_register_common(void);
>  int xen_be_register(const char *type, struct XenDevOps *ops);
>  int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state);
>  int xen_be_bind_evtchn(struct XenDevice *xendev);
> diff --git a/xen-hvm.c b/xen-hvm.c
> index eb57792..3b0343a 100644
> --- a/xen-hvm.c
> +++ b/xen-hvm.c
> @@ -1318,9 +1318,7 @@ void xen_hvm_init(PCMachineState *pcms, MemoryRegion 
> **ram_memory)
>  error_report("xen backend core setup failed");
>  goto err;
>  }
> -xen_be_register("console", _console_ops);
> -xen_be_register("vkbd", _kbdmouse_ops);
> -xen_be_register("qdisk", _blkdev_ops);
> +xen_be_register_common();
>  xen_read_physmap(state);
>  return;
>  
> -- 
> 2.6.6
> 

Re: [Qemu-devel] [Patch v1 00/29] s390x CPU models: exposing features

[David Hildenbrand]

> On Tue, Aug 02, 2016 at 01:58:46PM +0200, David Hildenbrand wrote:
> [...]
> > So we have:
> > a) "query-cpu-model-expansion" - tell us what the "host" or another CPU
> >model looks like. Either falling back to a static model or
> >completely exposing all properties.  
> 
> The query-cpu-model-expansion interface looks good to me. I just
> had a few comments about the interface documentation.
> 
> > b) "query-cpu-model-comparison" - tell us how two CPU models compare,
> > indicating which properties were responsible for the decision.
> > c) "query-cpu-model-baseline" - create a new model out of two models,
> > taking a requested level of stability into account.  
> 
> I miss a clearer specifiction of what are the actual requirements
> and use cases of query-cpu-model-baseline. Is it related to
> runnability? If so, how exactly?

cpu-baseline and cpu-compare are only needed to make
- "virsh cpu-compare"
- "virsh cpu-baseline" work
(see libvirt usecases below)

These commands are needed to find/test runnability of a CPU model for
a cluster in bigger installations by tooling.

As libvirt won't have details about s390x models, we have to provide
an interface so it can carry out these tasks.

> 
> Related to that (as mentioned in my reply to patch 25/29), I
> would like a clearer definintion of what "superset" and "subset"
> mean exactly, in query-cpu-model-comparison. Likewise, I would
> like to understand the requirements and use cases that make
> "superset" and "subset" useful.

I took these definitions from libvirt directly.

Example: core2duo against my sandybridge
$ virsh cpu-compare test.xml
Host CPU is a superset of CPU described in test.xml

Usually, you do a "virsh cpu-compare" against your host cpu model. Chances
that the result is identical are very low. So depending on which
one is the first model, you get superset or subset.

So
if A is a subset of B, A will run where B runs
if A is a superset of B, B will run where A runs

That means, if "cpu-compare" (against your host!) returns "identical" or
"superset", you're good to go. If they are "incompatible" or "subset",
you will have to use cpu-baseline to create a compatible model.

Does that answer your question?

> 
> > 
> > Libvirt usecase
> > 
> > Testing for runability:
> > - Simply try to start QEMU with KVM, compat machine, CPU model
> > - Could be done using query-cpu-model-comparison in the future.
> > 
> > Identifying host model, e.g. "virsh capabilities"
> > - query-cpu-model-expansion on "host" with "-M none --enable-kvm"
> > 
> > :
> > - simply copy the identified host model  
> 
> AFAICS, this will work out of the box only if
>   query-cpu-model-expansion {name: "host"}
> return a static CPU model name in return.model.name.


Yes, that was also my impression.

Thanks again!

David

[Qemu-devel] [RFC v5 7/7] hw/arm/virt-acpi-build: Add ITS description in ACPI MADT table

[Eric Auger]

This patch exposes the GICv3 ITS to the ACPI guest. The ITS structure
is added to the MADT table.

Signed-off-by: Eric Auger 

---

v5: new

Tested with Tomasz' kernel series on guest side:
- [PATCH V7 0/8] Introduce ACPI world to ITS,
  https://lkml.org/lkml/2016/6/20/321
- for running PCIe on the guest (virtio-pci-net or vhost-net)
  the following series is also needed, although not directly ITS:
  Support for ARM64 ACPI based PCI host controller,
  https://lwn.net/Articles/690995/
---
 hw/arm/virt-acpi-build.c|  7 +++
 include/hw/acpi/acpi-defs.h | 13 -
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 28fc59c..6cfedff 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -546,6 +546,7 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
VirtGuestInfo *guest_info)
 }
 
 if (guest_info->gic_version == 3) {
+AcpiMadtGicIts *gic_its;
 AcpiMadtGenericRedistributor *gicr = acpi_data_push(table_data,
  sizeof *gicr);
 
@@ -553,6 +554,12 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
VirtGuestInfo *guest_info)
 gicr->length = sizeof(*gicr);
 gicr->base_address = cpu_to_le64(memmap[VIRT_GIC_REDIST].base);
 gicr->range_length = cpu_to_le32(memmap[VIRT_GIC_REDIST].size);
+
+gic_its = acpi_data_push(table_data, sizeof *gic_its);
+gic_its->type = ACPI_APIC_ITS_STRUCTURE;
+gic_its->length = sizeof(*gic_its);
+gic_its->gic_its_id = 0;
+gic_its->base_address = cpu_to_le64(memmap[VIRT_GIC_ITS].base);
 } else {
 gic_msi = acpi_data_push(table_data, sizeof *gic_msi);
 gic_msi->type = ACPI_APIC_GENERIC_MSI_FRAME;
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index 41c1d95..ba3be1e 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -294,7 +294,8 @@ typedef struct AcpiMultipleApicTable AcpiMultipleApicTable;
 #define ACPI_APIC_GENERIC_DISTRIBUTOR   12
 #define ACPI_APIC_GENERIC_MSI_FRAME 13
 #define ACPI_APIC_GENERIC_REDISTRIBUTOR 14
-#define ACPI_APIC_RESERVED  15   /* 15 and greater are reserved */
+#define ACPI_APIC_ITS_STRUCTURE 15
+#define ACPI_APIC_RESERVED  16   /* 16 and greater are reserved */
 
 /*
  * MADT sub-structures (Follow MULTIPLE_APIC_DESCRIPTION_TABLE)
@@ -386,6 +387,16 @@ struct AcpiMadtGenericMsiFrame {
 
 typedef struct AcpiMadtGenericMsiFrame AcpiMadtGenericMsiFrame;
 
+struct AcpiMadtGicIts {
+ACPI_SUB_HEADER_DEF
+uint16_t reserved;
+uint32_t gic_its_id;
+uint64_t base_address;
+uint32_t reserved2;
+} QEMU_PACKED;
+
+typedef struct AcpiMadtGicIts AcpiMadtGicIts;
+
 struct AcpiMadtGenericRedistributor {
 ACPI_SUB_HEADER_DEF
 uint16_t reserved;
-- 
2.5.5

Re: [Qemu-devel] [PATCH] target-i386: add more Intel AVX-512 instructions support

[Eduardo Habkost]

On Tue, Aug 02, 2016 at 04:10:39PM +0800, Luwei Kang wrote:
> Add more AVX512 feature bits, include AVX512DQ, AVX512IFMA,
> AVX512BW, AVX512VL, AVX512VBMI. Its spec can be found at:
> https://software.intel.com/sites/default/files/managed/b4/3a/319433-024.pdf
> 
> Signed-off-by: Luwei Kang 

As we're past hard freeze, I queued it for 2.8. Thanks.

> ---
>  target-i386/cpu.c | 14 +-
>  target-i386/cpu.h |  5 +
>  2 files changed, 14 insertions(+), 5 deletions(-)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 6a1afab..ec674dc 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -298,14 +298,18 @@ static const char *svm_feature_name[] = {
>  };
>  
>  static const char *cpuid_7_0_ebx_feature_name[] = {
> -"fsgsbase", "tsc_adjust", NULL, "bmi1", "hle", "avx2", NULL, "smep",
> -"bmi2", "erms", "invpcid", "rtm", NULL, NULL, "mpx", NULL,
> -"avx512f", NULL, "rdseed", "adx", "smap", NULL, "pcommit", "clflushopt",
> -"clwb", NULL, "avx512pf", "avx512er", "avx512cd", NULL, NULL, NULL,
> +"fsgsbase", "tsc_adjust", NULL, "bmi1",
> +"hle", "avx2", NULL, "smep",
> +"bmi2", "erms", "invpcid", "rtm",
> +NULL, NULL, "mpx", NULL,
> +"avx512f", "avx512dq", "rdseed", "adx",
> +"smap", "avx512ifma", "pcommit", "clflushopt",
> +"clwb", NULL, "avx512pf", "avx512er",
> +"avx512cd", NULL, "avx512bw", "avx512vl",
>  };
>  
>  static const char *cpuid_7_0_ecx_feature_name[] = {
> -NULL, NULL, "umip", "pku",
> +NULL, "avx512vbmi", "umip", "pku",
>  "ospke", NULL, NULL, NULL,
>  NULL, NULL, NULL, NULL,
>  NULL, NULL, NULL, NULL,
> diff --git a/target-i386/cpu.h b/target-i386/cpu.h
> index 65615c0..cf14bcb 100644
> --- a/target-i386/cpu.h
> +++ b/target-i386/cpu.h
> @@ -606,16 +606,21 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
>  #define CPUID_7_0_EBX_RTM  (1U << 11)
>  #define CPUID_7_0_EBX_MPX  (1U << 14)
>  #define CPUID_7_0_EBX_AVX512F  (1U << 16) /* AVX-512 Foundation */
> +#define CPUID_7_0_EBX_AVX512DQ (1U << 17) /* AVX-512 Doubleword & Quadword 
> Instrs */
>  #define CPUID_7_0_EBX_RDSEED   (1U << 18)
>  #define CPUID_7_0_EBX_ADX  (1U << 19)
>  #define CPUID_7_0_EBX_SMAP (1U << 20)
> +#define CPUID_7_0_EBX_AVX512IFMA (1U << 21) /* AVX-512 Integer Fused 
> Multiply Add */
>  #define CPUID_7_0_EBX_PCOMMIT  (1U << 22) /* Persistent Commit */
>  #define CPUID_7_0_EBX_CLFLUSHOPT (1U << 23) /* Flush a Cache Line Optimized 
> */
>  #define CPUID_7_0_EBX_CLWB (1U << 24) /* Cache Line Write Back */
>  #define CPUID_7_0_EBX_AVX512PF (1U << 26) /* AVX-512 Prefetch */
>  #define CPUID_7_0_EBX_AVX512ER (1U << 27) /* AVX-512 Exponential and 
> Reciprocal */
>  #define CPUID_7_0_EBX_AVX512CD (1U << 28) /* AVX-512 Conflict Detection */
> +#define CPUID_7_0_EBX_AVX512BW (1U << 30) /* AVX-512 Byte and Word 
> Instructions */
> +#define CPUID_7_0_EBX_AVX512VL (1U << 31) /* AVX-512 Vector Length 
> Extensions */
>  
> +#define CPUID_7_0_ECX_VBMI (1U << 1)  /* AVX-512 Vector Byte 
> Manipulation Instrs */
>  #define CPUID_7_0_ECX_UMIP (1U << 2)
>  #define CPUID_7_0_ECX_PKU  (1U << 3)
>  #define CPUID_7_0_ECX_OSPKE(1U << 4)
> -- 
> 2.7.4
> 

-- 
Eduardo

[Qemu-devel] [RFC v5 6/7] arm/virt: Add ITS to the virt board

[Eric Auger]

From: Pavel Fedin 

If supported by the configuration, ITS will be added automatically.

This patch also renames v2m_phandle to msi_phandle because it's now used
by both MSI implementations.

Signed-off-by: Pavel Fedin 
Signed-off-by: Eric Auger 
Reviewed-by: Peter Maydell 

--

v3 -> v4:
- added Peter's R-b
---
 hw/arm/virt.c | 47 +--
 1 file changed, 41 insertions(+), 6 deletions(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index a193b5a..c5f65dd 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -76,7 +76,7 @@ typedef struct VirtBoardInfo {
 int fdt_size;
 uint32_t clock_phandle;
 uint32_t gic_phandle;
-uint32_t v2m_phandle;
+uint32_t msi_phandle;
 bool using_psci;
 } VirtBoardInfo;
 
@@ -423,9 +423,22 @@ static void fdt_add_cpu_nodes(const VirtBoardInfo *vbi)
 }
 }
 
+static void fdt_add_its_gic_node(VirtBoardInfo *vbi)
+{
+vbi->msi_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
+qemu_fdt_add_subnode(vbi->fdt, "/intc/its");
+qemu_fdt_setprop_string(vbi->fdt, "/intc/its", "compatible",
+"arm,gic-v3-its");
+qemu_fdt_setprop(vbi->fdt, "/intc/its", "msi-controller", NULL, 0);
+qemu_fdt_setprop_sized_cells(vbi->fdt, "/intc/its", "reg",
+ 2, vbi->memmap[VIRT_GIC_ITS].base,
+ 2, vbi->memmap[VIRT_GIC_ITS].size);
+qemu_fdt_setprop_cell(vbi->fdt, "/intc/its", "phandle", vbi->msi_phandle);
+}
+
 static void fdt_add_v2m_gic_node(VirtBoardInfo *vbi)
 {
-vbi->v2m_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
+vbi->msi_phandle = qemu_fdt_alloc_phandle(vbi->fdt);
 qemu_fdt_add_subnode(vbi->fdt, "/intc/v2m");
 qemu_fdt_setprop_string(vbi->fdt, "/intc/v2m", "compatible",
 "arm,gic-v2m-frame");
@@ -433,7 +446,7 @@ static void fdt_add_v2m_gic_node(VirtBoardInfo *vbi)
 qemu_fdt_setprop_sized_cells(vbi->fdt, "/intc/v2m", "reg",
  2, vbi->memmap[VIRT_GIC_V2M].base,
  2, vbi->memmap[VIRT_GIC_V2M].size);
-qemu_fdt_setprop_cell(vbi->fdt, "/intc/v2m", "phandle", vbi->v2m_phandle);
+qemu_fdt_setprop_cell(vbi->fdt, "/intc/v2m", "phandle", vbi->msi_phandle);
 }
 
 static void fdt_add_gic_node(VirtBoardInfo *vbi, int type)
@@ -500,6 +513,26 @@ static void fdt_add_pmu_nodes(const VirtBoardInfo *vbi, 
int gictype)
 }
 }
 
+static void create_its(VirtBoardInfo *vbi, DeviceState *gicdev)
+{
+const char *itsclass = its_class_name();
+DeviceState *dev;
+
+if (!itsclass) {
+/* Do nothing if not supported */
+return;
+}
+
+dev = qdev_create(NULL, itsclass);
+
+object_property_set_link(OBJECT(dev), OBJECT(gicdev), "parent-gicv3",
+ _abort);
+qdev_init_nofail(dev);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, vbi->memmap[VIRT_GIC_ITS].base);
+
+fdt_add_its_gic_node(vbi);
+}
+
 static void create_v2m(VirtBoardInfo *vbi, qemu_irq *pic)
 {
 int i;
@@ -583,7 +616,9 @@ static void create_gic(VirtBoardInfo *vbi, qemu_irq *pic, 
int type, bool secure)
 
 fdt_add_gic_node(vbi, type);
 
-if (type == 2) {
+if (type == 3) {
+create_its(vbi, gicdev);
+} else {
 create_v2m(vbi, pic);
 }
 }
@@ -1025,9 +1060,9 @@ static void create_pcie(const VirtBoardInfo *vbi, 
qemu_irq *pic,
nr_pcie_buses - 1);
 qemu_fdt_setprop(vbi->fdt, nodename, "dma-coherent", NULL, 0);
 
-if (vbi->v2m_phandle) {
+if (vbi->msi_phandle) {
 qemu_fdt_setprop_cells(vbi->fdt, nodename, "msi-parent",
-   vbi->v2m_phandle);
+   vbi->msi_phandle);
 }
 
 qemu_fdt_setprop_sized_cells(vbi->fdt, nodename, "reg",
-- 
2.5.5

[Qemu-devel] [RFC v5 2/7] target-arm: move gicv3_class_name from machine to kvm_arm.h

[Eric Auger]

Machine.c contains code related to migration. Let's move
gicv3_class_name to kvm_arm.h instead.

Signed-off-by: Eric Auger 
Suggested-by: Peter Maydell 

---

v4 -> v5:
- add #include "qemu/error-report.h"
- rebased on target-arm: Fix unreachable code in gicv3_class_name()

v4: creation

Conflicts:
target-arm/machine.c
---
 target-arm/kvm_arm.h | 16 +++-
 target-arm/machine.c | 15 ---
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/target-arm/kvm_arm.h b/target-arm/kvm_arm.h
index 544e404..633d088 100644
--- a/target-arm/kvm_arm.h
+++ b/target-arm/kvm_arm.h
@@ -13,6 +13,7 @@
 
 #include "sysemu/kvm.h"
 #include "exec/memory.h"
+#include "qemu/error-report.h"
 
 /**
  * kvm_arm_vcpu_init:
@@ -223,7 +224,20 @@ static inline const char *gic_class_name(void)
  *
  * Returns: class name to use
  */
-const char *gicv3_class_name(void);
+static inline const char *gicv3_class_name(void)
+{
+if (kvm_irqchip_in_kernel()) {
+#ifdef TARGET_AARCH64
+return "kvm-arm-gicv3";
+#else
+error_report("KVM GICv3 acceleration is not supported on this "
+ "platform");
+exit(1);
+#endif
+} else {
+return "arm-gicv3";
+}
+}
 
 /**
  * kvm_arm_handle_debug:
diff --git a/target-arm/machine.c b/target-arm/machine.c
index 7a6ca31..d90943b 100644
--- a/target-arm/machine.c
+++ b/target-arm/machine.c
@@ -331,18 +331,3 @@ const VMStateDescription vmstate_arm_cpu = {
 NULL
 }
 };
-
-const char *gicv3_class_name(void)
-{
-if (kvm_irqchip_in_kernel()) {
-#ifdef TARGET_AARCH64
-return "kvm-arm-gicv3";
-#else
-error_report("KVM GICv3 acceleration is not supported on this "
- "platform");
-exit(1);
-#endif
-} else {
-return "arm-gicv3";
-}
-}
-- 
2.5.5

[Qemu-devel] [RFC v5 4/7] target-arm/kvm: Pass requester ID to MSI routing functions

[Eric Auger]

From: Pavel Fedin 

Introduce global kvm_arm_msi_use_devid flag and pass device IDs in
kvm_arch_fixup_msi_route(). Device IDs are required by the ITS.

Signed-off-by: Pavel Fedin 
Signed-off-by: Eric Auger 

---

v3 -> v4:
- OR route->flags with KVM_MSI_VALID_DEVID
---
 target-arm/kvm.c | 6 ++
 target-arm/kvm_arm.h | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index dbe393c..4675aa3 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -22,6 +22,7 @@
 #include "cpu.h"
 #include "internals.h"
 #include "hw/arm/arm.h"
+#include "hw/pci/pci.h"
 #include "exec/memattrs.h"
 #include "hw/boards.h"
 #include "qemu/log.h"
@@ -31,6 +32,7 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 };
 
 static bool cap_has_mp_state;
+bool kvm_arm_msi_use_devid;
 
 int kvm_arm_vcpu_init(CPUState *cs)
 {
@@ -619,6 +621,10 @@ int kvm_arm_vgic_probe(void)
 int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry *route,
  uint64_t address, uint32_t data, PCIDevice *dev)
 {
+if (kvm_arm_msi_use_devid) {
+route->flags |= KVM_MSI_VALID_DEVID;
+route->u.msi.devid = pci_requester_id(dev);
+}
 return 0;
 }
 
diff --git a/target-arm/kvm_arm.h b/target-arm/kvm_arm.h
index 633d088..befcfd1 100644
--- a/target-arm/kvm_arm.h
+++ b/target-arm/kvm_arm.h
@@ -121,6 +121,9 @@ bool write_kvmstate_to_list(ARMCPU *cpu);
 void kvm_arm_reset_vcpu(ARMCPU *cpu);
 
 #ifdef CONFIG_KVM
+
+extern bool kvm_arm_msi_use_devid;
+
 /**
  * kvm_arm_create_scratch_host_vcpu:
  * @cpus_to_try: array of QEMU_KVM_ARM_TARGET_* values (terminated with
-- 
2.5.5

[Qemu-devel] [RFC v5 5/7] hw/intc/arm_gicv3_its: Implement support for in-kernel ITS emulation

[Eric Auger]

From: Pavel Fedin 

The ITS control frame is in-kernel emulated while accesses to the
GITS_TRANSLATER are mediated through the KVM_SIGNAL_MSI ioctl (MSI
direct MSI injection advertised by the CAP_SIGNAL_MSI capability)

the kvm_gsi_direct_mapping is explicitly set to false to emphasize the
difference with GICv2M. Direct mapping cannot work with ITS since
the content of the MSI data is not the target interrupt ID but an
eventd id.

GSI routing is advertised (kvm_gsi_routing_allowed) as well as
msi/irqfd signaling (kvm_msi_via_irqfd_allowed).

Signed-off-by: Pavel Fedin 
Signed-off-by: Eric Auger 

---

v3 -> v4:
- include "qemu/osdep.h" and  "qapi/error.h"
- rename KVM_VGIC_V3_ADDR_TYPE_ITS into KVM_VGIC_ITS_ADDR_TYPE
- reword commit message
- change kvm_msi_via_irqfd_allowed definition (attached to irqfd dynamic
  availability + MSI controller availability)
- create the ITS KVM device (previously abstracted by the GICv3 KVM device)
- init sequence changed
- absolute GITS_TRANSLATER GPA stored
---
 hw/intc/Makefile.objs   |   1 +
 hw/intc/arm_gicv3_its_kvm.c | 145 
 2 files changed, 146 insertions(+)
 create mode 100644 hw/intc/arm_gicv3_its_kvm.c

diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 23a39f7..9cca280 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -22,6 +22,7 @@ common-obj-$(CONFIG_OPENPIC) += openpic.o
 obj-$(CONFIG_APIC) += apic.o apic_common.o
 obj-$(CONFIG_ARM_GIC_KVM) += arm_gic_kvm.o
 obj-$(call land,$(CONFIG_ARM_GIC_KVM),$(TARGET_AARCH64)) += arm_gicv3_kvm.o
+obj-$(call land,$(CONFIG_ARM_GIC_KVM),$(TARGET_AARCH64)) += arm_gicv3_its_kvm.o
 obj-$(CONFIG_STELLARIS) += armv7m_nvic.o
 obj-$(CONFIG_EXYNOS4) += exynos4210_gic.o exynos4210_combiner.o
 obj-$(CONFIG_GRLIB) += grlib_irqmp.o
diff --git a/hw/intc/arm_gicv3_its_kvm.c b/hw/intc/arm_gicv3_its_kvm.c
new file mode 100644
index 000..b6d92aa
--- /dev/null
+++ b/hw/intc/arm_gicv3_its_kvm.c
@@ -0,0 +1,145 @@
+/*
+ * KVM-based ITS implementation for a GICv3-based system
+ *
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd.
+ * Written by Pavel Fedin 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/intc/arm_gicv3_its_common.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/kvm.h"
+#include "kvm_arm.h"
+
+#define TYPE_KVM_ARM_ITS "arm-its-kvm"
+#define KVM_ARM_ITS(obj) OBJECT_CHECK(GICv3ITSState, (obj), TYPE_KVM_ARM_ITS)
+
+static int kvm_its_send_msi(GICv3ITSState *s, uint32_t value, uint16_t devid)
+{
+struct kvm_msi msi;
+
+msi.address_lo = s->gits_translater_gpa & 0xULL;
+msi.address_hi = s->gits_translater_gpa >> 32;
+msi.data = value;
+msi.flags = KVM_MSI_VALID_DEVID;
+msi.devid = devid;
+memset(msi.pad, 0, sizeof(msi.pad));
+
+return kvm_vm_ioctl(kvm_state, KVM_SIGNAL_MSI, );
+}
+
+typedef struct ItsInitNotifierParams {
+Notifier notifier;
+GICv3ITSState *s;
+} ItsInitNotifierParams;
+
+/**
+ *
+ * We currently do not use kvm_arm_register_device to provide
+ * the kernel with the vITS control frame base address since the
+ * KVM_DEV_ARM_VGIC_CTRL_INIT init MUST be called after the
+ * KVM_ARM_SET_DEVICE_ADDR and the kvm_arm_register_device
+ * infra does not allow this.
+ */
+static void its_notify(Notifier *notifier, void *data)
+{
+ItsInitNotifierParams *p = DO_UPCAST(ItsInitNotifierParams,
+ notifier, notifier);
+GICv3ITSState *s = p->s;
+MemoryRegion *mr = >iomem_its_cntrl;
+MemoryRegionSection mrs;
+struct kvm_device_attr attr;
+uint64_t addr;
+int ret;
+
+mrs = memory_region_find(mr, 0, 1);
+addr = mrs.offset_within_address_space;
+
+attr.flags = 0;
+attr.group = KVM_DEV_ARM_VGIC_GRP_ADDR;
+attr.attr = KVM_VGIC_ITS_ADDR_TYPE;
+attr.addr =  (uintptr_t)
+
+s->gits_translater_gpa = addr + ITS_CONTROL_SIZE + 0x40;
+
+ret = kvm_device_ioctl(s->dev_fd, KVM_SET_DEVICE_ATTR, attr);
+if (ret) {
+error_setg_errno(_fatal, -ret,
+ "not able to set base address for vITS ctrl frame");
+}
+
+kvm_device_access(s->dev_fd, KVM_DEV_ARM_VGIC_GRP_CTRL,
+  KVM_DEV_ARM_VGIC_CTRL_INIT,