Re: [Qemu-devel] [PATCH 1/3] ppc/pnv: add skeleton PowerNV platform

[Benjamin Herrenschmidt]

On Fri, 2016-08-26 at 16:47 +0200, Cédric Le Goater wrote:
> >> +static void powernv_machine_class_init(ObjectClass *oc, void
> *data)
> >> +{
> >> +    MachineClass *mc = MACHINE_CLASS(oc);
> >> +
> >> +    mc->init = ppc_powernv_init;
> >> +    mc->reset = ppc_powernv_reset;
> >> +    mc->block_default_type = IF_IDE;
> > 
> > IDE?  Really?
> 
> nah :) It's SCSI again now.
> 
> I was trying to reconcile all the little hunks in the different 
> patches of Ben. IF_IDE was introduced at the end of the patchset. 
> I suppose that adding a ISA bus to PowerNV had some influence :)

It's meant to be IF_IDE, the default interface is AHCI.

Cheers,
Ben.

Re: [Qemu-devel] [PATCH v2 5/5] 9p: forbid empty extension string

[Michael S. Tsirkin]

On Fri, Aug 26, 2016 at 02:00:37PM -0500, Eric Blake wrote:
> On 08/26/2016 10:07 AM, Greg Kurz wrote:
> > A buggy guest using the 9p2000.u protocol can issue a create request and
> > pass an empty string as the extension argument. This causes QEMU to crash
> > in the case of a hard link or a special file, and leads to undefined
> > behavior, depending on the backend, in the case of a symbolic link.
> > 
> > This patch causes the request to fail with EINVAL in these scenarios.
> > 
> > Signed-off-by: Greg Kurz 
> > ---
> >  hw/9pfs/9p.c |   21 +++--
> >  1 file changed, 19 insertions(+), 2 deletions(-)
> > 
> > diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> > index 7b1dfe4e47cb..dc65c3125006 100644
> > --- a/hw/9pfs/9p.c
> > +++ b/hw/9pfs/9p.c
> > @@ -2150,6 +2150,11 @@ static void v9fs_create(void *opaque)
> >  }
> >  fidp->fid_type = P9_FID_DIR;
> >  } else if (perm & P9_STAT_MODE_SYMLINK) {
> > +if (extension.data == NULL) {
> > +err = -EINVAL;
> > +goto out;
> > +}
> 
> POSIX specifically requires implementations to support creating a
> symlink whose target is the empty string.  Linux doesn't [yet] permit
> it, but BSD does.  On systems where creating such a symlink is legal,
> POSIX requires that such a symlink either be treated as "." if
> dereferenced, or be treated as ENOENT on attempt to dereference.  But
> since such links can be created, readlink() should be able to read them
> without error.
> 
> I would argue that we should NOT forbid empty symlinks on creation (but
> pass back any error from the underlying host OS); but instead check that
> dereferencing such a symlink behaves sanely if it was created.
> Meanwhile, a client should not be relying on the behavior (since Linux
> disobeys POSIX, portable clients should already be avoiding empty symlinks).
> 
> http://austingroupbugs.net/view.php?id=649

Given 9p is only supported on Linux hosts, I think this patch's approach
is OK for now, and it's certainly much simpler than worrying about
the fallout of allowing empty names.

A TODO that documents your suggestions, and including
the considerations in the comment would be
a good idea.



> > @@ -2161,8 +2166,15 @@ static void v9fs_create(void *opaque)
> >  }
> >  v9fs_path_copy(&fidp->path, &path);
> >  } else if (perm & P9_STAT_MODE_LINK) {
> > -int32_t ofid = atoi(extension.data);
> > -V9fsFidState *ofidp = get_fid(pdu, ofid);
> > +V9fsFidState *ofidp;
> > +
> > +if (extension.data == NULL) {
> > +err = -EINVAL;
> > +goto out;
> > +}
> 
> Rejecting an empty destination on hard link or device creation, however,
> is indeed appropriate.
> 
> -- 
> Eric Blake   eblake redhat com+1-919-301-3266
> Libvirt virtualization library http://libvirt.org
> 

Re: [Qemu-devel] [PATCH v3] tcg: Optimize fence instructions

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Subject: [Qemu-devel] [PATCH v3] tcg: Optimize fence instructions
Type: series
Message-id: 20160823134825.32578-1-bobby.pr...@gmail.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
make J=8 docker-test-quick@centos6
make J=8 docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
c829f78 tcg: Optimize fence instructions

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD centos6
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPY RUNNER
  RUN test-quick in centos6
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/src/tests/docker/install
BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
binary directory  /tmp/qemu-test/src/tests/docker/install/bin
library directory /tmp/qemu-test/src/tests/docker/install/lib
module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
include directory /tmp/qemu-test/src/tests/docker/install/include
config directory  /tmp/qemu-test/src/tests/docker/install/etc
local state directory   /tmp/qemu-test/src/tests/docker/install/var
Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde support   no
netmap supportno
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
RDMA support  no
TCG interpreter   no
fdt support   yes
preadv supportyes
fdatasync yes
madvise   yes
posix_madvise yes
uuid support  no
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
Trace backendslog
spice support no 
rbd support   no
xfsctl supportno
smartcard support no
libusbno
usb net redir no
OpenGL supportno
OpenGL dmabufsno
libiscsi support  no
libnfs supportno
build guest agent yes
QGA VSS support   no
QGA w32 disk info no
QGA MSI support   no
seccomp support   no
coroutine backend ucontext
coroutine poolyes
GlusterFS support no
Archipelago support no
gcov  gcov
gcov enabled  no
TPM support   yes
libssh2 support   no
TPM passthrough   yes
QOM debugging yes
vhdx  no
lzo support   no
snappy supportno
bzip2 support no
NUMA host support no
tcmalloc support  no
jemalloc support  no
avx2 optimization no
  GEN   x86_64-softmmu/config-devices.mak.tmp
  GEN   aarch64-softmmu/config-devices.mak.tmp
  GEN   config-host.h
  GEN   qemu-options.def
  GEN   qmp-commands.h
  GEN   qapi-types.h
  GEN   qapi-visit.h
  GEN   qapi-event.h
  GEN   x86_64-softmmu/config-devices.mak
  GEN   aarch64-softmmu/config-devices.mak
  GEN   qmp-introspect.h
  GEN   tests/test-qapi-types.h
  GEN   tests/test-qapi-visit.h
  GEN   tests/test-qmp-commands

Re: [Qemu-devel] [PATCH v2 5/5] 9p: forbid empty extension string

[Eric Blake]

On 08/26/2016 10:07 AM, Greg Kurz wrote:
> A buggy guest using the 9p2000.u protocol can issue a create request and
> pass an empty string as the extension argument. This causes QEMU to crash
> in the case of a hard link or a special file, and leads to undefined
> behavior, depending on the backend, in the case of a symbolic link.
> 
> This patch causes the request to fail with EINVAL in these scenarios.
> 
> Signed-off-by: Greg Kurz 
> ---
>  hw/9pfs/9p.c |   21 +++--
>  1 file changed, 19 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index 7b1dfe4e47cb..dc65c3125006 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -2150,6 +2150,11 @@ static void v9fs_create(void *opaque)
>  }
>  fidp->fid_type = P9_FID_DIR;
>  } else if (perm & P9_STAT_MODE_SYMLINK) {
> +if (extension.data == NULL) {
> +err = -EINVAL;
> +goto out;
> +}

POSIX specifically requires implementations to support creating a
symlink whose target is the empty string.  Linux doesn't [yet] permit
it, but BSD does.  On systems where creating such a symlink is legal,
POSIX requires that such a symlink either be treated as "." if
dereferenced, or be treated as ENOENT on attempt to dereference.  But
since such links can be created, readlink() should be able to read them
without error.

I would argue that we should NOT forbid empty symlinks on creation (but
pass back any error from the underlying host OS); but instead check that
dereferencing such a symlink behaves sanely if it was created.
Meanwhile, a client should not be relying on the behavior (since Linux
disobeys POSIX, portable clients should already be avoiding empty symlinks).

http://austingroupbugs.net/view.php?id=649

> @@ -2161,8 +2166,15 @@ static void v9fs_create(void *opaque)
>  }
>  v9fs_path_copy(&fidp->path, &path);
>  } else if (perm & P9_STAT_MODE_LINK) {
> -int32_t ofid = atoi(extension.data);
> -V9fsFidState *ofidp = get_fid(pdu, ofid);
> +V9fsFidState *ofidp;
> +
> +if (extension.data == NULL) {
> +err = -EINVAL;
> +goto out;
> +}

Rejecting an empty destination on hard link or device creation, however,
is indeed appropriate.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 4/5] 9p: handle walk of ".." in the root directory

[Eric Blake]

On 08/26/2016 10:07 AM, Greg Kurz wrote:
> The 9P spec at http://man.cat-v.org/plan_9/5/intro says:
> 
> All directories must support walks to the directory .. (dot-dot) meaning
> parent directory, although by convention directories contain no explicit
> entry for .. or . (dot).  The parent of the root directory of a server's
> tree is itself.
> 
> This means that a client cannot walk further than the root directory
> exported by the server. In other words, if the client wants to walk
> "/.." or "/foo/../..", the server shoud answer like the request was

s/shoud/should/

> to walk "/".
> 
> This patch just does that:
> - we cache the QID of the root directory at attach time
> - during the walk we compare the QID of each path component with the root
>   QID to detect if we're in a "/.." situation
> - if so, we skip the current component and go to the next one
> 
> Signed-off-by: Greg Kurz 
> ---
>  hw/9pfs/9p.c |   40 +++-
>  hw/9pfs/9p.h |1 +
>  2 files changed, 32 insertions(+), 9 deletions(-)
> 

Reviewed-by: Eric Blake 


-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 3/5] 9p: forbid . and .. in file names

[Eric Blake]

On 08/26/2016 10:07 AM, Greg Kurz wrote:
> According to the 9P spec http://man.cat-v.org/plan_9/5/open about the
> create request:
> 
> The names . and .. are special; it is illegal to create files with these
> names.
> 
> This patch causes the create and lcreate requests to fail with EINVAL if
> the file name is either "." or "..".
> 
> Even if it isn't explicitly written in the spec, this patch extends the
> checking to all requests that may cause a filename to be created:
> 
> - mknod
> - rename
> - renameat
> - mkdir
> - link
> - symlink
> 
> The unlinkat request also gets patched for consistency (even if
> rmdir("foo/..") is expected to fail according to POSIX.1-2001).
> 
> The various error values come from the linux manual pages.

Linux doesn't always obey the POSIX rules for which errno to use, but I
think your choices here are mostly okay.

> 
> Suggested-by: Peter Maydell 
> Signed-off-by: Greg Kurz 
> ---
>  hw/9pfs/9p.c |   51 +++
>  1 file changed, 51 insertions(+)
> 
> @@ -2545,6 +2575,11 @@ static void v9fs_rename(void *opaque)
>  goto out_nofid;
>  }
>  
> +if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
> +err = -EBUSY;
> +goto out_nofid;
> +}

POSIX suggests that EISDIR is better than EBUSY here.

> +
>  fidp = get_fid(pdu, fid);
>  if (fidp == NULL) {
>  err = -ENOENT;
> @@ -2662,6 +2697,12 @@ static void v9fs_renameat(void *opaque)
>  goto out_err;
>  }
>  
> +if (!strcmp(".", old_name.data) || !strcmp("..", old_name.data) ||
> +!strcmp(".", new_name.data) || !strcmp("..", new_name.data)) {
> +err = -EBUSY;

Ditto.

Wait. Why is v9fs_rename() only checking one name, but v9fs_renameat()
checking both old_name and new_name?  Also, should link be checking both
the source and destination name?

> @@ -3033,6 +3079,11 @@ static void v9fs_mkdir(void *opaque)
>  goto out_nofid;
>  }
>  
> +if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
> +err = -EEXIST;
> +goto out_nofid;
> +}
> +

Unrelated to this patch, but why do we have v9fs_renameat but not
v9fs_mkdirat?

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 2/5] 9p: disallow the NUL character in all strings

[Eric Blake]

On 08/26/2016 10:07 AM, Greg Kurz wrote:
> According to the 9P spec at http://man.cat-v.org/plan_9/5/intro :
> 
> Data items of larger or variable lengths are represented by a
> two-byte field specifying a count, n, followed by n bytes of
> data.  Text strings are represented this way, with the text
> itself stored as a UTF-8 encoded sequence of Unicode charac-
> ters (see utf(6)). Text strings in 9P messages are not NUL-
> terminated: n counts the bytes of UTF-8 data, which include
> no final zero byte.  The NUL character is illegal in all
> text strings in 9P, and is therefore excluded from file
> names, user names, and so on.
> 
> With this patch, if a 9P client sends a text string containing a NUL
> character, the request will fail and the client is returned EINVAL.
> 
> The checking is done in v9fs_iov_vunmarshal() because it is a convenient
> place to check all client originated strings.
> 
> Suggested-by: Peter Maydell 
> Signed-off-by: Greg Kurz 
> ---
>  fsdev/9p-iov-marshal.c |7 ++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
> index 663cad542900..9bcdc370231d 100644
> --- a/fsdev/9p-iov-marshal.c
> +++ b/fsdev/9p-iov-marshal.c
> @@ -127,7 +127,12 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int 
> out_num, size_t offset,
>   str->size);
>  if (copied > 0) {
>  str->data[str->size] = 0;
> -} else {
> +/* 9P forbids NUL characters in all text strings */
> +if (strlen(str->data) != str->size) {

If this were glibc, we could micro-optimize and do:

if (rawmemchr(str->data, 0) != str->data + str->size)

so that strlen() doesn't have to visit the tail end of the string if a
NUL is present early.  But your code is just fine as-is, and doesn't
have to worry about rawmemchr() being present.

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 1/5] 9p: forbid illegal path names

[Eric Blake]

On 08/26/2016 10:07 AM, Greg Kurz wrote:
> Empty path components don't make sense and may cause undefined behavior,
> depending on the backend.
> 
> Also, the walk request described in the 9P spec [1] clearly shows that
> the client is supposed to send individual path components: the official
> linux client never sends portions of path containing the / character for
> example.
> 
> Moreover, the 9P spec [2] also states that a system can decide to restrict
> the set of supported characters used in path components, with an explicit
> mention "to remove slashes from name components".
> 
> This patch introduces a new name_is_illegal() helper that checks the
> names sent by the client are not empty and don't contain unwanted chars.
> Since 9pfs is only supported on linux hosts, only the / character is
> checked at the moment. When support for other hosts (AKA. win32) is added,
> other chars may need to be blacklisted as well.
> 
> If a client sends an illegal path component, the request will fail and
> EINVAL is returned to the client.
> 
> [1] http://man.cat-v.org/plan_9/5/walk
> [2] http://man.cat-v.org/plan_9/5/intro
> 
> Suggested-by: Peter Maydell 
> Signed-off-by: Greg Kurz 
> ---
>  hw/9pfs/9p.c |   56 
>  1 file changed, 56 insertions(+)
> 
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index b6b02b46a9da..dba11773699b 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -1256,6 +1256,11 @@ static int v9fs_walk_marshal(V9fsPDU *pdu, uint16_t 
> nwnames, V9fsQID *qids)
>  return offset;
>  }
>  
> +static bool name_is_illegal(const char *name)
> +{
> +return name == NULL || strchr(name, '/') != NULL;

Is anyone actually passing NULL?  And the commit message says you are
blacklisting the empty string "", but that is not what you did here.
Depending on whether callers can even pass NULL, you may be able to just
s/name == NULL/!*name/

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] crypto: ensure XTS is only used with ciphers with 16 byte blocks

[Daniel P. Berrange]

On Fri, Aug 26, 2016 at 01:21:50PM -0500, Eric Blake wrote:
> On 08/26/2016 07:47 AM, Daniel P. Berrange wrote:
> > The XTS cipher mode needs to be used with a cipher which has
> > a block size of 16 bytes. If a mis-matching block size is used,
> > the code will either corrupt memory beyond the IV array, or
> > not fully encrypt/decrypt the IV.
> > 
> > This fixes a memory curruption crash when attempting to use
> 
> s/curruption/corruption/
> 
> > cast5-128 with xts, since the former has an 8 byte block size.
> > 
> > A test case is added to ensure the cipher creation fails with
> > such an invalid combination.
> > 
> > Signed-off-by: Daniel P. Berrange 
> > ---
> >  crypto/cipher-gcrypt.c |  6 ++
> >  crypto/cipher-nettle.c | 12 +++-
> >  tests/test-crypto-cipher.c | 44 
> > 
> >  3 files changed, 49 insertions(+), 13 deletions(-)
> 
> Are you aiming for a last-minute 2.7 fix, or should this just be 2.8
> material and cc qemu-stable?

This isn't critical for 2.7, as this is already invalid usage. IOW anyone
who hits the crash, simply shouldn't use this combination.

> Reviewed-by: Eric Blake 
> 
> 
> > +++ b/tests/test-crypto-cipher.c
> > @@ -370,6 +370,17 @@ static QCryptoCipherTestData test_data[] = {
> 
> > @@ -449,8 +468,16 @@ static void test_cipher(const void *opaque)
> >  cipher = qcrypto_cipher_new(
> >  data->alg, data->mode,
> >  key, nkey,
> > -&error_abort);
> > -g_assert(cipher != NULL);
> > +&err);
> > +if (data->plaintext) {
> > +g_assert(err == NULL);
> > +g_assert(cipher != NULL);
> > +} else {
> > +g_assert(err != NULL);
> > +error_free(err);
> 
> Could shorten these two lines as error_free_or_abort(&err), but that's
> cosmetic.

Will do.


Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH] crypto: ensure XTS is only used with ciphers with 16 byte blocks

[Eric Blake]

On 08/26/2016 07:47 AM, Daniel P. Berrange wrote:
> The XTS cipher mode needs to be used with a cipher which has
> a block size of 16 bytes. If a mis-matching block size is used,
> the code will either corrupt memory beyond the IV array, or
> not fully encrypt/decrypt the IV.
> 
> This fixes a memory curruption crash when attempting to use

s/curruption/corruption/

> cast5-128 with xts, since the former has an 8 byte block size.
> 
> A test case is added to ensure the cipher creation fails with
> such an invalid combination.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  crypto/cipher-gcrypt.c |  6 ++
>  crypto/cipher-nettle.c | 12 +++-
>  tests/test-crypto-cipher.c | 44 
>  3 files changed, 49 insertions(+), 13 deletions(-)

Are you aiming for a last-minute 2.7 fix, or should this just be 2.8
material and cc qemu-stable?

Reviewed-by: Eric Blake 


> +++ b/tests/test-crypto-cipher.c
> @@ -370,6 +370,17 @@ static QCryptoCipherTestData test_data[] = {

> @@ -449,8 +468,16 @@ static void test_cipher(const void *opaque)
>  cipher = qcrypto_cipher_new(
>  data->alg, data->mode,
>  key, nkey,
> -&error_abort);
> -g_assert(cipher != NULL);
> +&err);
> +if (data->plaintext) {
> +g_assert(err == NULL);
> +g_assert(cipher != NULL);
> +} else {
> +g_assert(err != NULL);
> +error_free(err);

Could shorten these two lines as error_free_or_abort(&err), but that's
cosmetic.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 3/3] ppc/pnv: add a PowerNVCPUCore object

[Cédric Le Goater]

On 08/16/2016 07:02 AM, Benjamin Herrenschmidt wrote:
> On Tue, 2016-08-16 at 12:39 +1000, David Gibson wrote:
>> On Fri, Aug 05, 2016 at 11:15:37AM +0200, Cédric Le Goater wrote:
>>>
>>> This is largy inspired by sPAPRCPUCore with some simplification, no
>>> hotplug for instance. But the differences are small and the objects
>>> could possibly be merged.
>>>
>>> A set of PowerNVCPUCore objects is added to the PnvChip and the device
>>> tree is populated looping on these cores. Core ids in the device tree
>>> are still a little fuzy. To be checked.
> 
> What about P9 where cores are in pairs to form EX and in pairs of EX
> (ie, quads) to form EPs ?

Sounds fun ! I need to dig in the P9 specs to have a better idea. I lack 
the knowledge right now.

>>> So, it's not immediately obvious to me if you want an actual core
>> object.  You could potentially create the actual vcpu objects directly
>> from the chip object.  That assumes that any hotplug will only be at
>> chip granularity, not core granularity, but I'm guessing that's the
>> case anyway.
> 
> Well we want to add some of the core XSCOMs so it makes sense to have
> a core object that is a XSCOM device

ok. I have will look into that. 

Thanks,

C. 

>>> That said, if having the intermediate core object is helpful, you're
>> certainly free to have it.
>>
>>>
> Signed-off-by: Cédric Le Goater 
>>> ---
>>>  hw/ppc/Makefile.objs  |   2 +-
>>>  hw/ppc/pnv.c  | 160 ++-
>>>  hw/ppc/pnv_core.c | 171 
>>> ++
>>>  include/hw/ppc/pnv.h  |   7 ++
>>>  include/hw/ppc/pnv_core.h |  47 +
>>>  5 files changed, 383 insertions(+), 4 deletions(-)
>>>  create mode 100644 hw/ppc/pnv_core.c
>>>  create mode 100644 include/hw/ppc/pnv_core.h
>>>
>>> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
>>> index 8105db7d5600..f8c7d1db9ade 100644
>>> --- a/hw/ppc/Makefile.objs
>>> +++ b/hw/ppc/Makefile.objs
>>> @@ -6,7 +6,7 @@ obj-$(CONFIG_PSERIES) += spapr_hcall.o spapr_iommu.o 
>>> spapr_rtas.o
>>>  obj-$(CONFIG_PSERIES) += spapr_pci.o spapr_rtc.o spapr_drc.o spapr_rng.o
>>>  obj-$(CONFIG_PSERIES) += spapr_cpu_core.o
>>>  # IBM PowerNV
>>> -obj-$(CONFIG_POWERNV) += pnv.o
>>> +obj-$(CONFIG_POWERNV) += pnv.o pnv_core.o
>>>  ifeq ($(CONFIG_PCI)$(CONFIG_PSERIES)$(CONFIG_LINUX), yyy)
>>>  obj-y += spapr_pci_vfio.o
>>>  endif
>>> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
>>> index a680780e9dea..1219493c7218 100644
>>> --- a/hw/ppc/pnv.c
>>> +++ b/hw/ppc/pnv.c
>>> @@ -35,6 +35,7 @@
>>>  #include "hw/ppc/fdt.h"
>>>  #include "hw/ppc/ppc.h"
>>>  #include "hw/ppc/pnv.h"
>>> +#include "hw/ppc/pnv_core.h"
>>>  #include "hw/loader.h"
>>>  #include "exec/address-spaces.h"
>>>  #include "qemu/cutils.h"
>>> @@ -112,6 +113,114 @@ static int powernv_populate_memory(void *fdt)
>>>  return 0;
>>>  }
>>>  
>>> +static void powernv_create_core_node(void *fdt, CPUState *cs, uint32_t 
>>> chip_id)
>>> +{
>>> +PowerPCCPU *cpu = POWERPC_CPU(cs);
>>> +int smt_threads = ppc_get_compat_smt_threads(cpu);
>>> +CPUPPCState *env = &cpu->env;
>>> +DeviceClass *dc = DEVICE_GET_CLASS(cs);
>>> +PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cs);
>>> +uint32_t servers_prop[smt_threads];
>>> +uint32_t gservers_prop[smt_threads * 2];
>>> +int i, index = ppc_get_vcpu_dt_id(cpu);
>>> +uint32_t segs[] = {cpu_to_be32(28), cpu_to_be32(40),
>>> +   0x, 0x};
>>> +uint32_t tbfreq = PNV_TIMEBASE_FREQ;
>>> +uint32_t cpufreq = 10;
>>> +uint32_t page_sizes_prop[64];
>>> +size_t page_sizes_prop_size;
>>> +char *nodename;
>>> +
>>> +nodename = g_strdup_printf("%s@%x", dc->fw_name, index);
>>> +
>>> +_FDT((fdt_begin_node(fdt, nodename)));
>>> +
>>> +g_free(nodename);
>>> +
>>> +_FDT((fdt_property_cell(fdt, "reg", index)));
>>> +_FDT((fdt_property_string(fdt, "device_type", "cpu")));
>>
>> The handling of dt_id is going to collide with cleanups I want to do
>> in this area (for spapr and the ppc cpu core).  Not sure there's a lot
>> you can do to avoid that at this stage.
>>
>>>
>>> +_FDT((fdt_property_cell(fdt, "cpu-version", env->spr[SPR_PVR])));
>>> +_FDT((fdt_property_cell(fdt, "d-cache-block-size",
>>> +env->dcache_line_size)));
>>> +_FDT((fdt_property_cell(fdt, "d-cache-line-size",
>>> +env->dcache_line_size)));
>>> +_FDT((fdt_property_cell(fdt, "i-cache-block-size",
>>> +env->icache_line_size)));
>>> +_FDT((fdt_property_cell(fdt, "i-cache-line-size",
>>> +env->icache_line_size)));
>>> +
>>> +if (pcc->l1_dcache_size) {
>>> +_FDT((fdt_property_cell(fdt, "d-cache-size", 
>>> pcc->l1_dcache_size)));
>>> +} else {
>>> +error_report("Warning: Unknown L1 dcache size for cpu");
>>> +}
>>> +if (pcc->l1_icache_size) {
>>> +

Re: [Qemu-devel] [PATCH 3/3] ppc/pnv: add a PowerNVCPUCore object

[Cédric Le Goater]

On 08/16/2016 04:39 AM, David Gibson wrote:
> On Fri, Aug 05, 2016 at 11:15:37AM +0200, Cédric Le Goater wrote:
>> This is largy inspired by sPAPRCPUCore with some simplification, no
>> hotplug for instance. But the differences are small and the objects
>> could possibly be merged.
>>
>> A set of PowerNVCPUCore objects is added to the PnvChip and the device
>> tree is populated looping on these cores. Core ids in the device tree
>> are still a little fuzy. To be checked.
> 
> So, it's not immediately obvious to me if you want an actual core
> object.  You could potentially create the actual vcpu objects directly
> from the chip object.  That assumes that any hotplug will only be at
> chip granularity, not core granularity, but I'm guessing that's the
> case anyway.
> 
> That said, if having the intermediate core object is helpful, you're
> certainly free to have it.

I would like to find some common ground with the spapr core. It should
be possible but for the sake of simplicity let's keep it that way.

>> Signed-off-by: Cédric Le Goater 
>> ---
>>  hw/ppc/Makefile.objs  |   2 +-
>>  hw/ppc/pnv.c  | 160 ++-
>>  hw/ppc/pnv_core.c | 171 
>> ++
>>  include/hw/ppc/pnv.h  |   7 ++
>>  include/hw/ppc/pnv_core.h |  47 +
>>  5 files changed, 383 insertions(+), 4 deletions(-)
>>  create mode 100644 hw/ppc/pnv_core.c
>>  create mode 100644 include/hw/ppc/pnv_core.h
>>
>> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
>> index 8105db7d5600..f8c7d1db9ade 100644
>> --- a/hw/ppc/Makefile.objs
>> +++ b/hw/ppc/Makefile.objs
>> @@ -6,7 +6,7 @@ obj-$(CONFIG_PSERIES) += spapr_hcall.o spapr_iommu.o 
>> spapr_rtas.o
>>  obj-$(CONFIG_PSERIES) += spapr_pci.o spapr_rtc.o spapr_drc.o spapr_rng.o
>>  obj-$(CONFIG_PSERIES) += spapr_cpu_core.o
>>  # IBM PowerNV
>> -obj-$(CONFIG_POWERNV) += pnv.o
>> +obj-$(CONFIG_POWERNV) += pnv.o pnv_core.o
>>  ifeq ($(CONFIG_PCI)$(CONFIG_PSERIES)$(CONFIG_LINUX), yyy)
>>  obj-y += spapr_pci_vfio.o
>>  endif
>> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
>> index a680780e9dea..1219493c7218 100644
>> --- a/hw/ppc/pnv.c
>> +++ b/hw/ppc/pnv.c
>> @@ -35,6 +35,7 @@
>>  #include "hw/ppc/fdt.h"
>>  #include "hw/ppc/ppc.h"
>>  #include "hw/ppc/pnv.h"
>> +#include "hw/ppc/pnv_core.h"
>>  #include "hw/loader.h"
>>  #include "exec/address-spaces.h"
>>  #include "qemu/cutils.h"
>> @@ -112,6 +113,114 @@ static int powernv_populate_memory(void *fdt)
>>  return 0;
>>  }
>>  
>> +static void powernv_create_core_node(void *fdt, CPUState *cs, uint32_t 
>> chip_id)
>> +{
>> +PowerPCCPU *cpu = POWERPC_CPU(cs);
>> +int smt_threads = ppc_get_compat_smt_threads(cpu);
>> +CPUPPCState *env = &cpu->env;
>> +DeviceClass *dc = DEVICE_GET_CLASS(cs);
>> +PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cs);
>> +uint32_t servers_prop[smt_threads];
>> +uint32_t gservers_prop[smt_threads * 2];
>> +int i, index = ppc_get_vcpu_dt_id(cpu);
>> +uint32_t segs[] = {cpu_to_be32(28), cpu_to_be32(40),
>> +   0x, 0x};
>> +uint32_t tbfreq = PNV_TIMEBASE_FREQ;
>> +uint32_t cpufreq = 10;
>> +uint32_t page_sizes_prop[64];
>> +size_t page_sizes_prop_size;
>> +char *nodename;
>> +
>> +nodename = g_strdup_printf("%s@%x", dc->fw_name, index);
>> +
>> +_FDT((fdt_begin_node(fdt, nodename)));
>> +
>> +g_free(nodename);
>> +
>> +_FDT((fdt_property_cell(fdt, "reg", index)));
>> +_FDT((fdt_property_string(fdt, "device_type", "cpu")));
> 
> The handling of dt_id is going to collide with cleanups I want to do
> in this area (for spapr and the ppc cpu core).  Not sure there's a lot
> you can do to avoid that at this stage.

We will adapt. When I reworked the device tree to use the "rw" functions, 
I took a closer look at the powernv needs. Nothing alarming.

The cores are numbered in the (processor) chip. The maximum number of 
cores depends on the model (the max of the max is 12 for Venice) and 
they are not contiguous so we should be activating them with a bitmap 
per chip. 

The core id plus the chip id make a PIR, which is what we use as a dt_id.
For example :

PowerPC,POWER8@8a8/ibm,chip-id
 0011 (17)
PowerPC,POWER8@8a8/reg
 08a8 (2216)
PowerPC,POWER8@8a8/ibm,pir
 08a8 (2216)

Ben provided a good summary in skiboot, here :

https://github.com/open-power/skiboot/blob/master/include/chip.h

May be we can find a good formula for cpu->cpu_dt_id. to be studied.


>> +_FDT((fdt_property_cell(fdt, "cpu-version", env->spr[SPR_PVR])));
>> +_FDT((fdt_property_cell(fdt, "d-cache-block-size",
>> +env->dcache_line_size)));
>> +_FDT((fdt_property_cell(fdt, "d-cache-line-size",
>> +env->dcache_line_size)));
>> +_FDT((fdt_property_c

Re: [Qemu-devel] [PATCH 2/3] ppc/pnv: add a PnvChip object

[Cédric Le Goater]

On 08/16/2016 04:21 AM, David Gibson wrote:
> On Fri, Aug 05, 2016 at 11:15:36AM +0200, Cédric Le Goater wrote:
>> This is is an abstraction of a P8 chip which is a set of cores plus
>> other 'units', like the pervasive unit, the interrupt controller, the
>> memory controller, the on-chip microcontroller, etc. The whole can be
>> seen as a socket.
>>
>> We start with an empty PnvChip which we will grow in the subsequent
>> patches with controllers required to run the system.
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  hw/ppc/pnv.c | 47 +++
>>  include/hw/ppc/pnv.h | 15 +++
>>  2 files changed, 62 insertions(+)
>>
>> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
>> index 3bb6a240c25b..a680780e9dea 100644
>> --- a/hw/ppc/pnv.c
>> +++ b/hw/ppc/pnv.c
>> @@ -185,6 +185,7 @@ static void ppc_powernv_init(MachineState *machine)
>>  sPowerNVMachineState *pnv = POWERNV_MACHINE(machine);
>>  long fw_size;
>>  char *filename;
>> +int i;
>>  
>>  if (ram_size < (1 * G_BYTE)) {
>>  error_report("Warning: skiboot may not work with < 1GB of RAM");
>> @@ -236,6 +237,23 @@ static void ppc_powernv_init(MachineState *machine)
>>  pnv->initrd_base = 0;
>>  pnv->initrd_size = 0;
>>  }
>> +
>> +/* Create PowerNV chips
>> + *
>> + * FIXME: We should decide how many chips to create based on
>> + * #cores and Venice vs. Murano vs. Naples chip type etc..., for
>> + * now, just create one chip, with all the cores.
>> + */
>> +pnv->num_chips = 1;
>> +
>> +pnv->chips = g_new0(PnvChip, pnv->num_chips);
>> +for (i = 0; i < pnv->num_chips; i++) {
>> +PnvChip *chip = &pnv->chips[i];
>> +
>> +object_initialize(chip, sizeof(*chip), TYPE_PNV_CHIP);
> 
> I think you'd be better off having an array of pointers, each one you
> allocate with object_new() rather than doing an explicit g_new0() for
> the whole array then using object_initialize().
> 
> For one thing, if certain chip subtypes need to allocate more space
> for their instance, then this approach will break, whereas
> object_new() will get that right.

ok. I did not know that. This is the approach I have taken in the 
new patchset but for another reason. I made the type of the PnvChip
object depend on the cpu_model. It should be useful for other chiplets 
which can behave differently.  

A first specificity to handle is the support of the LPC interrupts via 
the LPC controller for the Power8NVL chip. Ben just worked that out. 
I need to see how this comes together with the model I have.

Thanks,

C. 


>> +object_property_set_int(OBJECT(chip), i, "chip-id", &error_abort);
>> +object_property_set_bool(OBJECT(chip), true, "realized", 
>> &error_abort);
>> +}
>>  }
>>  
>>  static void powernv_machine_class_init(ObjectClass *oc, void *data)
>> @@ -274,10 +292,39 @@ static const TypeInfo powernv_machine_2_8_info = {
>>  .class_init= powernv_machine_2_8_class_init,
>>  };
>>  
>> +
>> +static void pnv_chip_realize(DeviceState *dev, Error **errp)
>> +{
>> +;
>> +}
>> +
>> +static Property pnv_chip_properties[] = {
>> +DEFINE_PROP_UINT32("chip-id", PnvChip, chip_id, 0),
>> +DEFINE_PROP_END_OF_LIST(),
>> +};
>> +
>> +static void pnv_chip_class_init(ObjectClass *klass, void *data)
>> +{
>> +DeviceClass *dc = DEVICE_CLASS(klass);
>> +
>> +dc->realize = pnv_chip_realize;
>> +dc->props = pnv_chip_properties;
>> +dc->desc = "PowerNV Chip";
>> + }
>> +
>> +static const TypeInfo pnv_chip_info = {
>> +.name  = TYPE_PNV_CHIP,
>> +.parent= TYPE_SYS_BUS_DEVICE,
>> +.instance_size = sizeof(PnvChip),
>> +.class_init= pnv_chip_class_init,
>> +};
>> +
>> +
>>  static void powernv_machine_register_types(void)
>>  {
>>  type_register_static(&powernv_machine_info);
>>  type_register_static(&powernv_machine_2_8_info);
>> +type_register_static(&pnv_chip_info);
>>  }
>>  
>>  type_init(powernv_machine_register_types)
>> diff --git a/include/hw/ppc/pnv.h b/include/hw/ppc/pnv.h
>> index 2990f691672d..6907dc9e5c3d 100644
>> --- a/include/hw/ppc/pnv.h
>> +++ b/include/hw/ppc/pnv.h
>> @@ -20,6 +20,18 @@
>>  #define _PPC_PNV_H
>>  
>>  #include "hw/boards.h"
>> +#include "hw/sysbus.h"
>> +
>> +#define TYPE_PNV_CHIP "powernv-chip"
>> +#define PNV_CHIP(obj) OBJECT_CHECK(PnvChip, (obj), TYPE_PNV_CHIP)
>> +
>> +typedef struct PnvChip {
>> +/*< private >*/
>> +SysBusDevice parent_obj;
>> +
>> +/*< public >*/
>> +uint32_t chip_id;
>> +} PnvChip;
>>  
>>  #define TYPE_POWERNV_MACHINE  "powernv-machine"
>>  #define POWERNV_MACHINE(obj) \
>> @@ -31,6 +43,9 @@ typedef struct sPowerNVMachineState {
>>  
>>  uint32_t initrd_base;
>>  long initrd_size;
>> +
>> +uint32_t  num_chips;
>> +PnvChip   *chips;
>>  } sPowerNVMachineState;
>>  
>>  #endif /* _PPC_PNV_H */
> 

[Qemu-devel] KVM call for agenda for 2016-08-30

[Juan Quintela]

Hi

Please, send any topic that you are interested in covering.

At the end of Monday I will send an email with the agenda or the
cancellation of the call, so hurry up.

After discussions on the QEMU Summit, we are going to have always open a
KVM call where you can add topics.

 Call details:

By popular demand, a google calendar public entry with it

  
https://www.google.com/calendar/embed?src=dG9iMXRqcXAzN3Y4ZXZwNzRoMHE4a3BqcXNAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ

(Let me know if you have any problems with the calendar entry.  I just
gave up about getting right at the same time CEST, CET, EDT and DST).

If you need phone number details,  contact me privately

Thanks, Juan.

[Qemu-devel] [PATCH] ipmi: chassis poweroff should use qemu_system_shutdown_request()

[Cédric Le Goater]

When issuing a chassis 'powerdown' control command, the routine
qemu_system_shutdown_request() should be used to exit the guest.
qemu_system_powerdown_request() will initiate a soft shutdown which is
not what is required by the IPMI (28.3 Chassis Control Command):

0h = power down. Force system into soft off (S4/S45) state. This
is for 'emergency' management power down actions. The command does
not initiate a clean shut-down of the operating system prior to
powering down the system

Signed-off-by: Cédric Le Goater 
---

 We could use qemu_system_powerdown_request() under 
 IPMI_SHUTDOWN_VIA_ACPI_OVERTEMP which is what is expected I think.

 hw/ipmi/ipmi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ipmi/ipmi.c b/hw/ipmi/ipmi.c
index f09f217e7835..f91c7b74ca38 100644
--- a/hw/ipmi/ipmi.c
+++ b/hw/ipmi/ipmi.c
@@ -51,7 +51,7 @@ static int ipmi_do_hw_op(IPMIInterface *s, enum ipmi_op op, 
int checkonly)
 if (checkonly) {
 return 0;
 }
-qemu_system_powerdown_request();
+qemu_system_shutdown_request();
 return 0;
 
 case IPMI_SEND_NMI:
-- 
2.7.4

[Qemu-devel] [Bug 1617385] [NEW] No snapshot possible with virtio-gpu activated

[feuerkogel1]

Public bug reported:

I'm using "Qemu" and "Virtual Machine Manager" on Debian-8-Stretch -
both newest versions out of the Debian-testing-repository (state
26.08.2016).

If I try to save a virtual machine, it fails and I'll get the following
error:

libvirtError: internal error: unable to execute QEMU command 'migrate':
State blocked by non-migratable device ':00:02.0/virtio-gpu'

This only happens, if I chose "Virtio" as graphics-driver (no matter if
I use "Spice" or "Vnc" as Server by the way). If I switch to any other
driver (Cirrus, Qxl, Vga, VMvga...) there is no problem to take a
snapshot and save the virtual machine.

Unfortunately "virtio-gpu" (together with "Spice-Server") is the only
driver that provides proper working/running my virtual machines on my
PC.

feuerkogel1

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1617385

Title:
  No snapshot possible with virtio-gpu activated

Status in QEMU:
  New

Bug description:
  I'm using "Qemu" and "Virtual Machine Manager" on Debian-8-Stretch -
  both newest versions out of the Debian-testing-repository (state
  26.08.2016).

  If I try to save a virtual machine, it fails and I'll get the
  following error:

  libvirtError: internal error: unable to execute QEMU command
  'migrate': State blocked by non-migratable device ':00:02.0
  /virtio-gpu'

  This only happens, if I chose "Virtio" as graphics-driver (no matter
  if I use "Spice" or "Vnc" as Server by the way). If I switch to any
  other driver (Cirrus, Qxl, Vga, VMvga...) there is no problem to take
  a snapshot and save the virtual machine.

  Unfortunately "virtio-gpu" (together with "Spice-Server") is the only
  driver that provides proper working/running my virtual machines on my
  PC.

  feuerkogel1

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1617385/+subscriptions

Re: [Qemu-devel] a question

[Peter Maydell]

On 26 August 2016 at 10:31, Michael Rolnik  wrote:
> I want to partially implement AT STK500 board  in order to run FreeRTOS AVR
> / ATMegaAVR demo.
> if you look into ATmega32 documentation you will see that, for example,
> Timer/Countet1 registers are held together at memory addresses [0x46 ..
> 0xff], but interrupt masks and enable bits are at some other place, actually
> 0x58 .. 0x59.

(0x58..0x59 is a subset of 0x46..0xff -- I think from the docs
that you meant 0x46..0x4f.)

I think I would treat this set of timers as a single device that
implements all the timers, and which implements also the timer
interrupt mask/enable registers. Where there are multiple disjoint
register sets you can do this by having the device provide multiple
MemoryRegions, which the SoC container device then maps into the
memory space at the right places.

If you plan to support multiple CPUs which reuse some of the
individual timer modules but not all of them, you can structure
the code to allow convenient reuse, but that is an internal
detail of the overall "timers" device.

> create non memory mapped devices. Each device will export the following
> functions
>
> avr__init
> avr__read_
> avr__write_
>
> create "big" memory mapped device, which will cover the whole IO space and
> it will call _read_/_write_ functions of the devices when there is an access
> to specific address in the IO memory space.

You can do all this with the memory region API. Your various
devices can provide multiple memory regions (implementing the bits
of memory space that they care about), and then a higher level
SoC container device can map those into the right places in a
container memory region which it then exports to the board level.
You don't need to invent a new API for having devices provide registers.

thanks
-- PMM

[Qemu-devel] [Qemu-ppc] eTSEC device on ppce500

[Alin Rauta]

Hi,
I am interested in using the eTSEC for ppce500, but looking through the code 
tree it seems the "etsec_create" function is never called.
Perhaps I'm not using the right command when starting QEMU, do we have an 
example for eTSEC ?
What I tried so far is:
qemu-system-ppc -M ppce500 -cpu e500mc -nographic -kernel  image.elf -netdev 
user,id=hostnet0 -device eTSEC,netdev=hostnet0,id=net0,mac=52:54:00:fe:16:96
Is there smth I miss ?
Thanks in advance,
Alin

[Qemu-devel] [PATCH v2 0/5] 9P security fixes

[Greg Kurz]

As reported by Felix Wilhelm, at various places in 9pfs, full paths are
created by concatenating a guest originated string to the export path. A
malicious guest could forge a relative path and access files outside the
export path.

A tentative fix was sent recently by Prasad J Pandit, but it was only
focused on the local backend and did not get a positive review. This series
tries to address the issue more globally, based on the official 9P spec.

This v2 is actually a complete rework of my previous post, based on the
feedback I had from Peter Maydell:

http://patchwork.ozlabs.org/patch/662324/

Note that xattrwalk and xattrcreate are no longer part of the pictures
since they are being passed attribute names, not file names actually.

The official linux client only sends 1 path component at a time, without
any / nor NULs nor "." nor ".." and we don't have a functional qtest yet
for 9P, so I had to do limited manual testing using GDB to hack strings
coming from a linux client. It is no longer possible to access files
outside the export path if this series is applied.

I could also run the POSIX file system test suite from TUXERA:

http://www.tuxera.com/community/open-source-posix/

and did not observe any regression with this patch (at least with
the local backend and the none/passthrough/mapped security models).

Patch 5/5 isn't related to the initial path traversal issue but I found it
while working on empty strings, so I send it along anyway.

---

Greg Kurz (5):
  9p: forbid illegal path names
  9p: disallow the NUL character in all strings
  9p: forbid . and .. in file names
  9p: handle walk of ".." in the root directory
  9p: forbid empty extension string


 fsdev/9p-iov-marshal.c |7 ++
 hw/9pfs/9p.c   |  168 +---
 hw/9pfs/9p.h   |1 
 3 files changed, 164 insertions(+), 12 deletions(-)

--
Greg

[Qemu-devel] [PATCH v2 5/5] 9p: forbid empty extension string

[Greg Kurz]

A buggy guest using the 9p2000.u protocol can issue a create request and
pass an empty string as the extension argument. This causes QEMU to crash
in the case of a hard link or a special file, and leads to undefined
behavior, depending on the backend, in the case of a symbolic link.

This patch causes the request to fail with EINVAL in these scenarios.

Signed-off-by: Greg Kurz 
---
 hw/9pfs/9p.c |   21 +++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 7b1dfe4e47cb..dc65c3125006 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -2150,6 +2150,11 @@ static void v9fs_create(void *opaque)
 }
 fidp->fid_type = P9_FID_DIR;
 } else if (perm & P9_STAT_MODE_SYMLINK) {
+if (extension.data == NULL) {
+err = -EINVAL;
+goto out;
+}
+
 err = v9fs_co_symlink(pdu, fidp, &name,
   extension.data, -1 , &stbuf);
 if (err < 0) {
@@ -2161,8 +2166,15 @@ static void v9fs_create(void *opaque)
 }
 v9fs_path_copy(&fidp->path, &path);
 } else if (perm & P9_STAT_MODE_LINK) {
-int32_t ofid = atoi(extension.data);
-V9fsFidState *ofidp = get_fid(pdu, ofid);
+V9fsFidState *ofidp;
+
+if (extension.data == NULL) {
+err = -EINVAL;
+goto out;
+}
+
+ofidp = get_fid(pdu, atoi(extension.data));
+
 if (ofidp == NULL) {
 err = -EINVAL;
 goto out;
@@ -2188,6 +2200,11 @@ static void v9fs_create(void *opaque)
 uint32_t major, minor;
 mode_t nmode = 0;
 
+if (extension.data == NULL) {
+err = -EINVAL;
+goto out;
+}
+
 if (sscanf(extension.data, "%c %u %u", &ctype, &major, &minor) != 3) {
 err = -errno;
 goto out;

[Qemu-devel] [PATCH v2 2/5] 9p: disallow the NUL character in all strings

[Greg Kurz]

According to the 9P spec at http://man.cat-v.org/plan_9/5/intro :

Data items of larger or variable lengths are represented by a
two-byte field specifying a count, n, followed by n bytes of
data.  Text strings are represented this way, with the text
itself stored as a UTF-8 encoded sequence of Unicode charac-
ters (see utf(6)). Text strings in 9P messages are not NUL-
terminated: n counts the bytes of UTF-8 data, which include
no final zero byte.  The NUL character is illegal in all
text strings in 9P, and is therefore excluded from file
names, user names, and so on.

With this patch, if a 9P client sends a text string containing a NUL
character, the request will fail and the client is returned EINVAL.

The checking is done in v9fs_iov_vunmarshal() because it is a convenient
place to check all client originated strings.

Suggested-by: Peter Maydell 
Signed-off-by: Greg Kurz 
---
 fsdev/9p-iov-marshal.c |7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
index 663cad542900..9bcdc370231d 100644
--- a/fsdev/9p-iov-marshal.c
+++ b/fsdev/9p-iov-marshal.c
@@ -127,7 +127,12 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int 
out_num, size_t offset,
  str->size);
 if (copied > 0) {
 str->data[str->size] = 0;
-} else {
+/* 9P forbids NUL characters in all text strings */
+if (strlen(str->data) != str->size) {
+copied = -EINVAL;
+}
+}
+if (copied <= 0) {
 v9fs_string_free(str);
 }
 }

[Qemu-devel] [PATCH v2 1/5] 9p: forbid illegal path names

[Greg Kurz]

Empty path components don't make sense and may cause undefined behavior,
depending on the backend.

Also, the walk request described in the 9P spec [1] clearly shows that
the client is supposed to send individual path components: the official
linux client never sends portions of path containing the / character for
example.

Moreover, the 9P spec [2] also states that a system can decide to restrict
the set of supported characters used in path components, with an explicit
mention "to remove slashes from name components".

This patch introduces a new name_is_illegal() helper that checks the
names sent by the client are not empty and don't contain unwanted chars.
Since 9pfs is only supported on linux hosts, only the / character is
checked at the moment. When support for other hosts (AKA. win32) is added,
other chars may need to be blacklisted as well.

If a client sends an illegal path component, the request will fail and
EINVAL is returned to the client.

[1] http://man.cat-v.org/plan_9/5/walk
[2] http://man.cat-v.org/plan_9/5/intro

Suggested-by: Peter Maydell 
Signed-off-by: Greg Kurz 
---
 hw/9pfs/9p.c |   56 
 1 file changed, 56 insertions(+)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index b6b02b46a9da..dba11773699b 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1256,6 +1256,11 @@ static int v9fs_walk_marshal(V9fsPDU *pdu, uint16_t 
nwnames, V9fsQID *qids)
 return offset;
 }
 
+static bool name_is_illegal(const char *name)
+{
+return name == NULL || strchr(name, '/') != NULL;
+}
+
 static void v9fs_walk(void *opaque)
 {
 int name_idx;
@@ -1289,6 +1294,10 @@ static void v9fs_walk(void *opaque)
 if (err < 0) {
 goto out_nofid;
 }
+if (name_is_illegal(wnames[i].data)) {
+err = -EINVAL;
+goto out_nofid;
+}
 offset += err;
 }
 } else if (nwnames > P9_MAXWELEM) {
@@ -1483,6 +1492,11 @@ static void v9fs_lcreate(void *opaque)
 }
 trace_v9fs_lcreate(pdu->tag, pdu->id, dfid, flags, mode, gid);
 
+if (name_is_illegal(name.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, dfid);
 if (fidp == NULL) {
 err = -ENOENT;
@@ -2077,6 +2091,11 @@ static void v9fs_create(void *opaque)
 }
 trace_v9fs_create(pdu->tag, pdu->id, fid, name.data, perm, mode);
 
+if (name_is_illegal(name.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, fid);
 if (fidp == NULL) {
 err = -EINVAL;
@@ -2242,6 +2261,11 @@ static void v9fs_symlink(void *opaque)
 }
 trace_v9fs_symlink(pdu->tag, pdu->id, dfid, name.data, symname.data, gid);
 
+if (name_is_illegal(name.data) || name_is_illegal(symname.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
 dfidp = get_fid(pdu, dfid);
 if (dfidp == NULL) {
 err = -EINVAL;
@@ -2316,6 +2340,11 @@ static void v9fs_link(void *opaque)
 }
 trace_v9fs_link(pdu->tag, pdu->id, dfid, oldfid, name.data);
 
+if (name_is_illegal(name.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
 dfidp = get_fid(pdu, dfid);
 if (dfidp == NULL) {
 err = -ENOENT;
@@ -2398,6 +2427,12 @@ static void v9fs_unlinkat(void *opaque)
 if (err < 0) {
 goto out_nofid;
 }
+
+if (name_is_illegal(name.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
 dfidp = get_fid(pdu, dfid);
 if (dfidp == NULL) {
 err = -EINVAL;
@@ -2504,6 +2539,12 @@ static void v9fs_rename(void *opaque)
 if (err < 0) {
 goto out_nofid;
 }
+
+if (name_is_illegal(name.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, fid);
 if (fidp == NULL) {
 err = -ENOENT;
@@ -2616,6 +2657,11 @@ static void v9fs_renameat(void *opaque)
 goto out_err;
 }
 
+if (name_is_illegal(old_name.data) || name_is_illegal(new_name.data)) {
+err = -EINVAL;
+goto out_err;
+}
+
 v9fs_path_write_lock(s);
 err = v9fs_complete_renameat(pdu, olddirfid,
  &old_name, newdirfid, &new_name);
@@ -2826,6 +2872,11 @@ static void v9fs_mknod(void *opaque)
 }
 trace_v9fs_mknod(pdu->tag, pdu->id, fid, mode, major, minor);
 
+if (name_is_illegal(name.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, fid);
 if (fidp == NULL) {
 err = -ENOENT;
@@ -2977,6 +3028,11 @@ static void v9fs_mkdir(void *opaque)
 }
 trace_v9fs_mkdir(pdu->tag, pdu->id, fid, name.data, mode, gid);
 
+if (name_is_illegal(name.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, fid);
 if (fidp == NULL) {
 err = -ENOENT;

[Qemu-devel] [PATCH v2 4/5] 9p: handle walk of ".." in the root directory

[Greg Kurz]

The 9P spec at http://man.cat-v.org/plan_9/5/intro says:

All directories must support walks to the directory .. (dot-dot) meaning
parent directory, although by convention directories contain no explicit
entry for .. or . (dot).  The parent of the root directory of a server's
tree is itself.

This means that a client cannot walk further than the root directory
exported by the server. In other words, if the client wants to walk
"/.." or "/foo/../..", the server shoud answer like the request was
to walk "/".

This patch just does that:
- we cache the QID of the root directory at attach time
- during the walk we compare the QID of each path component with the root
  QID to detect if we're in a "/.." situation
- if so, we skip the current component and go to the next one

Signed-off-by: Greg Kurz 
---
 hw/9pfs/9p.c |   40 +++-
 hw/9pfs/9p.h |1 +
 2 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index f4184cae805f..7b1dfe4e47cb 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1010,6 +1010,7 @@ static void v9fs_attach(void *opaque)
 goto out;
 }
 err += offset;
+memcpy(&s->root_qid, &qid, sizeof(qid));
 trace_v9fs_attach_return(pdu->tag, pdu->id,
  qid.type, qid.version, qid.path);
 /*
@@ -1261,6 +1262,14 @@ static bool name_is_illegal(const char *name)
 return name == NULL || strchr(name, '/') != NULL;
 }
 
+static bool not_same_qid(const V9fsQID *qid1, const V9fsQID *qid2)
+{
+return
+qid1->type != qid2->type ||
+qid1->version != qid2->version ||
+qid1->path != qid2->path;
+}
+
 static void v9fs_walk(void *opaque)
 {
 int name_idx;
@@ -1276,6 +1285,7 @@ static void v9fs_walk(void *opaque)
 V9fsFidState *newfidp = NULL;
 V9fsPDU *pdu = opaque;
 V9fsState *s = pdu->s;
+V9fsQID qid;
 
 err = pdu_unmarshal(pdu, offset, "ddw", &fid, &newfid, &nwnames);
 if (err < 0) {
@@ -1309,6 +1319,12 @@ static void v9fs_walk(void *opaque)
 err = -ENOENT;
 goto out_nofid;
 }
+
+err = fid_to_qid(pdu, fidp, &qid);
+if (err < 0) {
+goto out;
+}
+
 v9fs_path_init(&dpath);
 v9fs_path_init(&path);
 /*
@@ -1318,16 +1334,22 @@ static void v9fs_walk(void *opaque)
 v9fs_path_copy(&dpath, &fidp->path);
 v9fs_path_copy(&path, &fidp->path);
 for (name_idx = 0; name_idx < nwnames; name_idx++) {
-err = v9fs_co_name_to_path(pdu, &dpath, wnames[name_idx].data, &path);
-if (err < 0) {
-goto out;
-}
-err = v9fs_co_lstat(pdu, &path, &stbuf);
-if (err < 0) {
-goto out;
+if (not_same_qid(&pdu->s->root_qid, &qid) ||
+strcmp("..", wnames[name_idx].data)) {
+err = v9fs_co_name_to_path(pdu, &dpath, wnames[name_idx].data,
+   &path);
+if (err < 0) {
+goto out;
+}
+
+err = v9fs_co_lstat(pdu, &path, &stbuf);
+if (err < 0) {
+goto out;
+}
+stat_to_qid(&stbuf, &qid);
+v9fs_path_copy(&dpath, &path);
 }
-stat_to_qid(&stbuf, &qids[name_idx]);
-v9fs_path_copy(&dpath, &path);
+memcpy(&qids[name_idx], &qid, sizeof(qid));
 }
 if (fid == newfid) {
 BUG_ON(fidp->fid_type != P9_FID_NONE);
diff --git a/hw/9pfs/9p.h b/hw/9pfs/9p.h
index b4f757ab5449..a38603398ef5 100644
--- a/hw/9pfs/9p.h
+++ b/hw/9pfs/9p.h
@@ -236,6 +236,7 @@ typedef struct V9fsState
 int32_t root_fid;
 Error *migration_blocker;
 V9fsConf fsconf;
+V9fsQID root_qid;
 } V9fsState;
 
 /* 9p2000.L open flags */

[Qemu-devel] [PATCH v2 3/5] 9p: forbid . and .. in file names

[Greg Kurz]

According to the 9P spec http://man.cat-v.org/plan_9/5/open about the
create request:

The names . and .. are special; it is illegal to create files with these
names.

This patch causes the create and lcreate requests to fail with EINVAL if
the file name is either "." or "..".

Even if it isn't explicitly written in the spec, this patch extends the
checking to all requests that may cause a filename to be created:

- mknod
- rename
- renameat
- mkdir
- link
- symlink

The unlinkat request also gets patched for consistency (even if
rmdir("foo/..") is expected to fail according to POSIX.1-2001).

The various error values come from the linux manual pages.

Suggested-by: Peter Maydell 
Signed-off-by: Greg Kurz 
---
 hw/9pfs/9p.c |   51 +++
 1 file changed, 51 insertions(+)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index dba11773699b..f4184cae805f 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1497,6 +1497,11 @@ static void v9fs_lcreate(void *opaque)
 goto out_nofid;
 }
 
+if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+err = -EEXIST;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, dfid);
 if (fidp == NULL) {
 err = -ENOENT;
@@ -2096,6 +2101,11 @@ static void v9fs_create(void *opaque)
 goto out_nofid;
 }
 
+if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+err = -EEXIST;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, fid);
 if (fidp == NULL) {
 err = -EINVAL;
@@ -2266,6 +2276,11 @@ static void v9fs_symlink(void *opaque)
 goto out_nofid;
 }
 
+if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+err = -EEXIST;
+goto out_nofid;
+}
+
 dfidp = get_fid(pdu, dfid);
 if (dfidp == NULL) {
 err = -EINVAL;
@@ -2345,6 +2360,11 @@ static void v9fs_link(void *opaque)
 goto out_nofid;
 }
 
+if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+err = -EEXIST;
+goto out_nofid;
+}
+
 dfidp = get_fid(pdu, dfid);
 if (dfidp == NULL) {
 err = -ENOENT;
@@ -2433,6 +2453,16 @@ static void v9fs_unlinkat(void *opaque)
 goto out_nofid;
 }
 
+if (!strcmp(".", name.data)) {
+err = -EINVAL;
+goto out_nofid;
+}
+
+if (!strcmp("..", name.data)) {
+err = -ENOTEMPTY;
+goto out_nofid;
+}
+
 dfidp = get_fid(pdu, dfid);
 if (dfidp == NULL) {
 err = -EINVAL;
@@ -2545,6 +2575,11 @@ static void v9fs_rename(void *opaque)
 goto out_nofid;
 }
 
+if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+err = -EBUSY;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, fid);
 if (fidp == NULL) {
 err = -ENOENT;
@@ -2662,6 +2697,12 @@ static void v9fs_renameat(void *opaque)
 goto out_err;
 }
 
+if (!strcmp(".", old_name.data) || !strcmp("..", old_name.data) ||
+!strcmp(".", new_name.data) || !strcmp("..", new_name.data)) {
+err = -EBUSY;
+goto out_err;
+}
+
 v9fs_path_write_lock(s);
 err = v9fs_complete_renameat(pdu, olddirfid,
  &old_name, newdirfid, &new_name);
@@ -2877,6 +2918,11 @@ static void v9fs_mknod(void *opaque)
 goto out_nofid;
 }
 
+if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+err = -EEXIST;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, fid);
 if (fidp == NULL) {
 err = -ENOENT;
@@ -3033,6 +3079,11 @@ static void v9fs_mkdir(void *opaque)
 goto out_nofid;
 }
 
+if (!strcmp(".", name.data) || !strcmp("..", name.data)) {
+err = -EEXIST;
+goto out_nofid;
+}
+
 fidp = get_fid(pdu, fid);
 if (fidp == NULL) {
 err = -ENOENT;

Re: [Qemu-devel] [PATCH 1/3] ppc/pnv: add skeleton PowerNV platform

[Cédric Le Goater]

On 08/16/2016 04:12 AM, David Gibson wrote:
> On Fri, Aug 05, 2016 at 11:15:35AM +0200, Cédric Le Goater wrote:
>> From: Benjamin Herrenschmidt 
>>
>> The goal is to emulate a PowerNV system at the level of the skiboot
>> firmware, which loads the OS and provides some runtime services. Power
>> Systems have a lower firmware (HostBoot) that does low level system
>> initialization, like DRAM training. This is beyond the scope of what
>> qemu will address in a PowerNV guest.
>>
>> No devices yet, not even an interrupt controller. Just to get started,
>> some RAM to load the skiboot firmware, the kernel and initrd. The
>> device tree is fully created in the machine reset op.
>>
>> Signed-off-by: Benjamin Herrenschmidt 
>> [clg: - updated for qemu-2.7
>>   - replaced fprintf by error_report
>>   - used a common definition of _FDT macro
>>   - removed VMStateDescription as migration is not yet supported
>>   - added IBM Copyright statements
>>   - reworked kernel_filename handling
>>   - merged PnvSystem and sPowerNVMachineState
>>   - removed PHANDLE_XICP
>>   - added ppc_create_page_sizes_prop helper
>>   - removed nmi support
>>   - removed kvm support
>>   - updated powernv machine to version 2.8
>>   - removed chips and cpus, They will be provided in another patches
>>   - added a machine reset routine to initialize the device tree (also)
>>   - french has a squelette and english a skeleton.
>>   - improved commit log.
>>   - reworked prototypes parameters
>>   - added a check on the ram size (thanks to Michael Ellerman)
>>   - fixed chip-id cell
>>   - and then, I got lost with the changes.
>> ]
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  default-configs/ppc64-softmmu.mak |   1 +
>>  hw/ppc/Makefile.objs  |   2 +
>>  hw/ppc/pnv.c  | 283 
>> ++
>>  include/hw/ppc/pnv.h  |  36 +
>>  4 files changed, 322 insertions(+)
>>  create mode 100644 hw/ppc/pnv.c
>>  create mode 100644 include/hw/ppc/pnv.h
>>
>> diff --git a/default-configs/ppc64-softmmu.mak 
>> b/default-configs/ppc64-softmmu.mak
>> index c4be59f638ed..516a6e25aba3 100644
>> --- a/default-configs/ppc64-softmmu.mak
>> +++ b/default-configs/ppc64-softmmu.mak
>> @@ -40,6 +40,7 @@ CONFIG_I8259=y
>>  CONFIG_XILINX=y
>>  CONFIG_XILINX_ETHLITE=y
>>  CONFIG_PSERIES=y
>> +CONFIG_POWERNV=y
>>  CONFIG_PREP=y
>>  CONFIG_MAC=y
>>  CONFIG_E500=y
>> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
>> index 99a0d4e581bf..8105db7d5600 100644
>> --- a/hw/ppc/Makefile.objs
>> +++ b/hw/ppc/Makefile.objs
>> @@ -5,6 +5,8 @@ obj-$(CONFIG_PSERIES) += spapr.o spapr_vio.o spapr_events.o
>>  obj-$(CONFIG_PSERIES) += spapr_hcall.o spapr_iommu.o spapr_rtas.o
>>  obj-$(CONFIG_PSERIES) += spapr_pci.o spapr_rtc.o spapr_drc.o spapr_rng.o
>>  obj-$(CONFIG_PSERIES) += spapr_cpu_core.o
>> +# IBM PowerNV
>> +obj-$(CONFIG_POWERNV) += pnv.o
>>  ifeq ($(CONFIG_PCI)$(CONFIG_PSERIES)$(CONFIG_LINUX), yyy)
>>  obj-y += spapr_pci_vfio.o
>>  endif
>> diff --git a/hw/ppc/pnv.c b/hw/ppc/pnv.c
>> new file mode 100644
>> index ..3bb6a240c25b
>> --- /dev/null
>> +++ b/hw/ppc/pnv.c
>> @@ -0,0 +1,283 @@
>> +/*
>> + * QEMU PowerPC PowerNV model
>> + *
>> + * Copyright (c) 2004-2007 Fabrice Bellard
>> + * Copyright (c) 2007 Jocelyn Mayer
>> + * Copyright (c) 2010 David Gibson, IBM Corporation.
>> + * Copyright (c) 2014-2016 BenH, IBM Corporation.
>> + *
>> + * Permission is hereby granted, free of charge, to any person obtaining a 
>> copy
>> + * of this software and associated documentation files (the "Software"), to 
>> deal
>> + * in the Software without restriction, including without limitation the 
>> rights
>> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
>> + * copies of the Software, and to permit persons to whom the Software is
>> + * furnished to do so, subject to the following conditions:
>> + *
>> + * The above copyright notice and this permission notice shall be included 
>> in
>> + * all copies or substantial portions of the Software.
>> + *
>> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 
>> OR
>> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
>> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
>> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 
>> OTHER
>> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
>> FROM,
>> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>> + * THE SOFTWARE.
>> + *
>> + */
>> +#include "qemu/osdep.h"
>> +#include "qapi/error.h"
>> +#include "sysemu/sysemu.h"
>> +#include "sysemu/numa.h"
>> +#include "hw/hw.h"
>> +#include "target-ppc/cpu.h"
>> +#include "qemu/log.h"
>> +#include "hw/ppc/fdt.h"
>> +#include "hw/ppc/ppc.h"
>> +#include "hw/ppc/pnv.h"
>> +#include "hw/loader.h"
>> +#inclu

[Qemu-devel] Problem at confirm test 2.6 -> 2.7-RCx

[Holger Schranz]

Hello,

at our test (upgrade from qemu 2.6 -> 2.7[rc2/3/4]) the following
problem occur:

2016-08-25T09:42:32.066972+02:00 etcsvms3 systemd[1]: Starting Virtual
Machine qemu-8-VTC61CST.
2016-08-25T09:42:32.067331+02:00 etcsvms3 systemd-machined[16661]: New
machine qemu-8-VTC61CST.
2016-08-25T09:42:32.067717+02:00 etcsvms3 systemd[1]: Started Virtual
Machine qemu-8-VTC61CST.
!!!
2016-08-25T09:42:32.102026+02:00 etcsvms3 kernel: [230549.858468] traps:
qemu-system-x86[16660] trap divide error ip:5556593186ea sp:7ffda48f49d0
error:0 in qemu-system-x86_64[555658d98000+7ae000]

2016-08-25T09:42:32.102046+02:00 etcsvms3 kernel: [230549.860054] br0:
port 2(vnet0) entered disabled state
2016-08-25T09:42:32.103840+02:00 etcsvms3 avahi-daemon[1022]:
Withdrawing workstation service for vnet0.

Environment:
SuSE SLES11-SP4. It seems the problem occur together with the iscsi/tgtd
environment,
because if we disable the drives and the media changer, the virtual
machine runs
well.

Are there any changes from qemu 2.6 to 2.7-rc3 which have an influence
in the iscsi/tgt environment?
Which material is necessary to start a diagnose about this issue please?

Best regards

Holger


---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
https://www.avast.com/antivirus

[Qemu-devel] a question

[Michael Rolnik]

Hi all,

I want to partially implement AT STK500
 board  in order to
run FreeRTOS AVR / ATMegaAVR 
demo.
if you look into ATmega32 
documentation you will see that, for example, Timer/Countet1 registers are
held together at memory addresses [0x46 .. 0xff], but interrupt masks and
enable bits are at some other place, actually 0x58 .. 0x59. Every board has
its own interrupt masks and enable registers, because number of devices and
their types may vary.

what is the right solution?

A:

   1. create every device as a true memory mapped QEMU device, which will
   expose all its interrupts as gpio lines
   2. create architecture specific "interrupt controller", which will
   consume all interrupts and aggregate them.


unless there is no device with registers/bits scattered between different
locations.


B:

   1. create non memory mapped devices. Each device will export the
   following functions
   1. avr__init
  2. avr__read_
  3. avr__write_
   2. create "big" memory mapped device, which will cover the whole IO
   space and it will call _read_/_write_ functions of the devices when there
   is an access to specific address in the IO memory space.




-- 
Best Regards,
Michael Rolnik

Re: [Qemu-devel] [PATCH v7 2/4] vfio: VFIO driver for mediated devices

[Kirti Wankhede]

On 8/25/2016 2:52 PM, Dong Jia wrote:
> On Thu, 25 Aug 2016 09:23:53 +0530
> Kirti Wankhede  wrote:
> 
> [...]
> 
> Dear Kirti,
> 
> I just rebased my vfio-ccw patches to this series.
> With a little fix, which was pointed it out in my reply to the #3
> patch, it works fine.
> 

Thanks for update. Glad to know this works for you.


>> +static long vfio_mdev_unlocked_ioctl(void *device_data,
>> + unsigned int cmd, unsigned long arg)
>> +{
>> +int ret = 0;
>> +struct vfio_mdev *vmdev = device_data;
>> +struct parent_device *parent = vmdev->mdev->parent;
>> +unsigned long minsz;
>> +
>> +switch (cmd) {
>> +case VFIO_DEVICE_GET_INFO:
>> +{
>> +struct vfio_device_info info;
>> +
>> +minsz = offsetofend(struct vfio_device_info, num_irqs);
>> +
>> +if (copy_from_user(&info, (void __user *)arg, minsz))
>> +return -EFAULT;
>> +
>> +if (info.argsz < minsz)
>> +return -EINVAL;
>> +
>> +if (parent->ops->get_device_info)
>> +ret = parent->ops->get_device_info(vmdev->mdev, &info);
>> +else
>> +return -EINVAL;
>> +
>> +if (ret)
>> +return ret;
>> +
>> +if (parent->ops->reset)
>> +info.flags |= VFIO_DEVICE_FLAGS_RESET;
> Shouldn't this be done inside the get_device_info callback?
> 

I would like Vendor driver to set device type only. Reset flag should be
set on basis of reset() callback provided.

>> +
>> +memcpy(&vmdev->dev_info, &info, sizeof(info));
>> +
>> +return copy_to_user((void __user *)arg, &info, minsz);
>> +}
> [...]
> 
>> +
>> +static ssize_t vfio_mdev_read(void *device_data, char __user *buf,
>> +  size_t count, loff_t *ppos)
>> +{
>> +struct vfio_mdev *vmdev = device_data;
>> +struct mdev_device *mdev = vmdev->mdev;
>> +struct parent_device *parent = mdev->parent;
>> +unsigned int done = 0;
>> +int ret;
>> +
>> +if (!parent->ops->read)
>> +return -EINVAL;
>> +
>> +while (count) {
> Here, I have to say sorry to you guys for that I didn't notice the
> bad impact of this change to my patches during the v6 discussion.
> 
> For vfio-ccw, I introduced an I/O region to input/output I/O
> instruction parameters and results for Qemu. The @count of these data
> currently is 140. So supporting arbitrary lengths in one shot here, and
> also in vfio_mdev_write, seems the better option for this case.
> 
> I believe that if the pci drivers want to iterate in a 4 bytes step, you
> can do that in the parent read/write callbacks instead.
> 
> What do you think?
> 

I would like to know Alex's thought on this. He raised concern with this
approach in v6 reviews:
"But I think this is exploitable, it lets the user make the kernel
allocate an arbitrarily sized buffer."

Thanks,
Kirti

>> +size_t filled;
>> +
>> +if (count >= 4 && !(*ppos % 4)) {
>> +u32 val;
>> +
>> +ret = parent->ops->read(mdev, (char *)&val, sizeof(val),
>> +*ppos);
>> +if (ret <= 0)
>> +goto read_err;
>> +
>> +if (copy_to_user(buf, &val, sizeof(val)))
>> +goto read_err;
>> +
>> +filled = 4;
>> +} else if (count >= 2 && !(*ppos % 2)) {
>> +u16 val;
>> +
>> +ret = parent->ops->read(mdev, (char *)&val, sizeof(val),
>> +*ppos);
>> +if (ret <= 0)
>> +goto read_err;
>> +
>> +if (copy_to_user(buf, &val, sizeof(val)))
>> +goto read_err;
>> +
>> +filled = 2;
>> +} else {
>> +u8 val;
>> +
>> +ret = parent->ops->read(mdev, &val, sizeof(val), *ppos);
>> +if (ret <= 0)
>> +goto read_err;
>> +
>> +if (copy_to_user(buf, &val, sizeof(val)))
>> +goto read_err;
>> +
>> +filled = 1;
>> +}
>> +
>> +count -= filled;
>> +done += filled;
>> +*ppos += filled;
>> +buf += filled;
>> +}
>> +
>> +return done;
>> +
>> +read_err:
>> +return -EFAULT;
>> +}
> [...]
> 
> 
> Dong Jia
> 

Re: [Qemu-devel] [PATCH v7 3/4] vfio iommu: Add support for mediated devices

[Kirti Wankhede]

Oh, that's the last minute change after running checkpatch.pl :(
Thanks for catching that. I'll correct that.

Thanks,
Kirti

On 8/25/2016 12:59 PM, Dong Jia wrote:
> On Thu, 25 Aug 2016 09:23:54 +0530
> Kirti Wankhede  wrote:
> 
>> @@ -769,6 +1090,33 @@ static int vfio_iommu_type1_attach_group(void 
>> *iommu_data,
>>  if (ret)
>>  goto out_free;
>>
>> +if (IS_ENABLED(CONFIF_VFIO_MDEV) && !iommu_present(bus) &&
> s/CONFIF_VFIO_MDEV/CONFIG_VFIO_MDEV/
> 
>> +(bus == &mdev_bus_type)) {
>> +if (iommu->local_domain) {
>> +list_add(&group->next,
>> + &iommu->local_domain->group_list);
>> +kfree(domain);
>> +mutex_unlock(&iommu->lock);
>> +return 0;
>> +}
>> +
> 
> 
> 
> Dong Jia
> 

Re: [Qemu-devel] [Qemu-stable] [ANNOUNCE] QEMU 2.6.1 Stable released

[Peter Lieven]

Am 25.08.2016 um 19:23 schrieb Michael Roth:

Quoting Peter Lieven (2016-08-25 01:38:13)

Am 17.08.2016 um 21:30 schrieb Michael Roth:

Hi everyone,

I am pleased to announce that the QEMU v2.6.1 stable release is now
available:

http://wiki.qemu.org/download/qemu-2.6.1.tar.bz2

v2.6.1 is now tagged in the official qemu.git repository,
and the stable-2.6 branch has been updated accordingly:

http://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/heads/stable-2.6

This is a fairly large update that addresses a broad range of bugs
and security issues. Users should upgrade accordingly.

Thank you to everyone involved!

Hi Michael,

thanks for putting this together. Unfortunately, I was on holiday during
the patch round up for 2.6.1

I additionally have the following 5 patches in case you want or need to
release a 2.6.1.1 or 2.6.2:

bd9f480 ui: fix refresh of VNC server surface
4c23084 net: limit allocation in nc_sendv_compat


the vnc fix was also on the list during the freeze. Looking at it at the moment.
There seems to be a second issue with the VNC server as well..
The otherone indeed is missing. Its not critical there is just to much memory
allocated. I will ping Stefan to PULL it for 2.8.


I don't see these in master yet.


bf97c17 iscsi: pass SCSI status back for SG_IO

I'll pull this in if there's another release, but doesn't look
like a regression from 2.6.0 at least.


No, it was not there all the time.




7c509d1 virtio: decrement vq->inuse in virtqueue_discard()
700f26b virtio: recalculate vq->inuse after migration

Looks like these got posted during the freeze :(


The virtio thing is important because live migration is broken without
the fix as  86cc089 is in 2.6.1.

Not sure I understand the relation to 86cc089. Wouldn't the check
introduced there always pass due to target initializing inuse to 0?

Or is the issue that the fix introduced in 86cc089 is only partially
effective due to inuse not being recalculated properly on target? That might
warrant a 2.6.1.1...


This is what Stefan wrote in the cover letter to the series:

"I should mention this is for QEMU 2.7. These fixes are needed if the
CVE-2016-5403 patch has been applied. Without these patches any device that 
holds VirtQueueElements acros
live migration will terminate with a "Virtqueue size exceeded" error message. 
virtio-balloon and virtio-scsi are affected. virtio-bl
probably too but I haven't tested it."

Maybe

Re: [Qemu-devel] Effective way to test PowerPC lwbrx instruction

[G 3]

On Aug 25, 2016, at 10:30 PM, Thomas Huth wrote:


On 25.08.2016 18:55, G 3 wrote:


On Aug 25, 2016, at 6:03 PM, Thomas Huth wrote:


On 25.08.2016 14:54, G 3 wrote:
I'm chasing down a bug with QEMU that causes audio to fail on a  
Mac OS

guest. In this file:
https://github.com/nixxcode/AppleUSBAudio-273.4.1/blob/master/ 
AppleUSBAudioClip.cpp


is where a lot of assembly language code is located. I think one  
or more
of the PowerPC instructions might be incorrectly implemented so  
I am
checking each one that the file uses. Starting with lwbrx I made  
this
program that gives this instruction sample inputs and checks  
them with
real outputs. According to the program QEMU implements this  
instruction
correctly. Does this program effectively check the lwbrx  
instruction or

is it missing something?

...

// Go thru each rA value
for(rA = 0; rA <=12; rA=rA+4)
{
// set the correct answer array for each rA value
if(rA == 0)
answer_array = answer_array0;
else if(rA == 4)
answer_array = answer_array4;
else if(rA == 8)
answer_array = answer_array8;
else
answer_array = answer_array12;

// Go thru each rB value
for(index = 0; index < rB_size; index++)
{
asm volatile("lwbrx %0, %1, %2" : "=r" (result) : "b 
%" (rA),

"r" (&(rB[index])));


I think you're not testing the case where rA is r0 here (only  
where the

content of rA is 0) ... and rA == r0 is a special case for this
instruction, see the PowerISA for details. So you'd need a  
separate asm

volatile statement to test this.
(Also a question: What is the "%" here good for? I did not quite
understand why you're using that here)

 Thomas


Thank you very much for commenting. For the case where rA is r0,  
are you

saying something like this:

asm volatile("lwbrx %0, 0, %1" : "=r" (result) :  "r" (&(rB 
[index])));


Yes, this is what I had in mind.


Didn't find the text 'r0' here, but it did mention this:
"If GPR RA is 0, then the EA is the contents of GPR RB". Is that the
same thing?


Yes, I am normally using "r0" instead of "0" so that it can not be
confused that easily with an immediate value.

By the way, if you don't know it yet, you can get the official  
Power ISA

here:

https://www.power.org/wp-content/uploads/2013/05/ 
PowerISA_V2.07_PUBLIC.pdf


The percent is for me to quickly see if any of the test failed.  
QEMU is

at 100% for this test.


I didn't mean the printf statement, but the % character in the "b%"  
part

of the asm volatile statement.


That is something that I copied from Apple's source code I am working  
on.

Re: [Qemu-devel] [Qemu-stable] [PATCH v2 for 2.7] ui: fix refresh of VNC server surface

[Peter Lieven]

Am 25.08.2016 um 14:46 schrieb Daniel P. Berrange:

On Thu, Aug 25, 2016 at 09:15:52AM +0200, Peter Lieven wrote:

Am 24.08.2016 um 17:49 schrieb Daniel P. Berrange:

On Wed, Aug 24, 2016 at 04:46:31PM +0100, Peter Maydell wrote:

On 23 August 2016 at 07:50, Peter Lieven  wrote:

Am 16.08.2016 um 18:30 schrieb Daniel P. Berrange:

In previous commit

 commit c7628bff4138ce906a3620d12e0820c1cf6c140d
 Author: Gerd Hoffmann 
 Date:   Fri Oct 30 12:10:09 2015 +0100

   vnc: only alloc server surface with clients connected

the VNC server was changed so that the 'vd->server' pixman
image was only allocated when a client is connected.

Since then if a client disconnects and then reconnects to
the VNC server all they will see is a black screen until
they do something that triggers a refresh. On a graphical
desktop this is not often noticed since there's many things
going on which cause a refresh. On a plain text console it
is really obvious since nothing refreshes frequently.

The problem is that the VNC server didn't update the guest
dirty bitmap, so still believes its server image is in sync
with the guest contents.

To fix this we must explicitly mark the entire guest desktop
as dirty after re-creating the server surface. Move this
logic into vnc_update_server_surface() so it is guaranteed
to be call in all code paths that re-create the surface
instead of only in vnc_dpy_switch()

Signed-off-by: Daniel P. Berrange 

I noticed that these patches is as well not in master yet and therefore
not included in the 2.7.0-rc4 tagged yesterday.

Dan, Gerd -- we're going to need an rc5 anyway -- can you
comment on whether this patch is "should be in rc5"
material? (If it is I can commit it to master directly.)

I think it should be, as the VNC server is pretty unusable when it does
not refresh the screen when you connect, but I'll let Gerd decide in case
there's some implication in my patch that I've mis-understood.

Hi Daniel,

I have had a look at the code and currently I do not understand why you
ran into a blank screen. The server surface is not created if there is no
client connected, this is correct. But the dirty bitmap for the server
exists even if there is no client connected. So the status of the dirty bitmap
should be the same with or without your patch.

IIUC, the dirty bitmap is used to decide when to update the server surface
from the guest framebuffer.  When the new client connects and we create a
new server surface, the dirty bitmap is clean, so QEMU never copies the
guest framebuffer into the new server surface hence I just get a blank
screen.


Okay, but this can only happen at the second connection. The first
vnc connection works, you disconnect, reconnect and then get a blank screen.
Indeed in this case there is in theory no vnc_dpy_switch in between. However,
I have the feeling that something else is additionally wrong - see below.




Can you tell what exactly you tried out to reproduce a potential issue?

Boot a Fedora guest, in text mode (ie no Xorg graphics). Then simply
disconnect & connect and I'll always get a black screen until I do something
that causes Linux to update the screen.


I can reproduce an issue if I have 2 VNC connections in paralell.

If I open the first VNC connection to a VM that does not update the screen, I 
have the following
calls to vnc_dpy_switch and vnc_update_server_surface.

# qemu start
vnc_update_server_surface: no clients
vnc_dpy_switch: 640 480

# first vnc client connects
vnc_update_server_surface: no clients
vnc_dpy_switch: 720 400
vnc_connect: 0x5582ceb56000
vnc_init_state: 0x5582ceb56000 (first_client 1)
vnc_update_server_surface
vnc_update_server_surface
vnc_dpy_switch: 720 400

# first client disconnects
vnc_disconnect_finished: 0x562b79aa3850 (last_client 1)
vnc_update_server_surface: no clients

# first client connects again
vnc_connect: 0x562b79aa3850
vnc_init_state: 0x562b79aa3850 (first_client 1)
vnc_update_server_surface
vnc_update_server_surface
vnc_dpy_switch: 720 400

# second client connects
vnc_connect: 0x562b79a6d890
vnc_init_state: 0x562b79a6d890 (first_client 0)
vnc_update_server_surface
vnc_dpy_switch: 720 400

# second client disconnects
vnc_disconnect_finished: 0x562b79a6d890 (last_client 0)

# first client disconnects
vnc_disconnect_finished: 0x562b79aa3850 (last_client 1)
vnc_update_server_surface: no clients

Strange enough, I see no issues with the first client, but I wonder why each vnc
connect triggers multiple vnc_update_server_surface and vnc_dpy_switch and 
secondly
my second client has a blank screen.

So at first I think your patch is correct, we need to mark the server surface 
dirty
in vnc_update_server_surface cause there are other callers to it than 
vnc_dpy_switch.

But there seems to be another issue. I try to figure out what it is.

Peter

Re: [Qemu-devel] [PATCH 2/3] qemu: Implement virtio-pstore device

[Daniel P. Berrange]

On Fri, Aug 26, 2016 at 01:48:40PM +0900, Namhyung Kim wrote:
> Hi Daniel,
> 
> On Wed, Aug 24, 2016 at 06:00:51PM -0400, Daniel P. Berrange wrote:

> > > +fd = open(filename, O_RDONLY);
> > > +if (fd < 0) {
> > > +error_report("cannot open %s", filename);
> > > +goto out;
> > > +}
> > > +
> > > +if (fstat(fd, &stbuf) < 0) {
> > > +goto out;
> > > +}
> > > +
> > > +rarg->vps= s;
> > > +rarg->elem   = elem;
> > > +rarg->info.id= cpu_to_le64(rarg->info.id);
> > > +rarg->info.type  = cpu_to_le16(rarg->info.type);
> > > +rarg->info.flags = cpu_to_le32(rarg->info.flags);
> > > +rarg->info.time_sec  = cpu_to_le64(stbuf.st_ctim.tv_sec);
> > > +rarg->info.time_nsec = cpu_to_le32(stbuf.st_ctim.tv_nsec);
> > > +
> > > +rarg->ioc = qio_channel_new_fd(fd, &err);
> > 
> > You should just use qio_channel_open_path() and avoid the earlier
> > call to open()
> 
> I did it because to call fstat() using the fd and wanted to keep the
> generic ioc pointer.

I'd suggest just using a cast inline, eg

  fstat(QIO_CHANNEL_FILE(ioc)->fd, &stbuf)


Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH RFC 00/22] I/O prefetch cache

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Subject: [Qemu-devel] [PATCH RFC 00/22] I/O prefetch cache
Type: series
Message-id: 20160825134421.20231-1-pbutsy...@virtuozzo.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
make J=8 docker-test-quick@centos6
make J=8 docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
7226042 block/pcache: drop used pcache node
49e8943 block/pcache: add write through node
a2ce0c1 block/pcache: implement pcache error handling of aio cb
62de27d block/pcache: add pcache node assert
471b475 block/pcache: add pcache skip large aio read
ee93134 block/pcache: skip readahead for non-sequential requests
c0d6d25 block/pcache: pcache readahead node around
3054d23 block/pcache: simple readahead one chunk forward
c02537e block/pcache: add support for rescheduling requests
eed473a block/pcache: add generic request complete
3bcdf07 block/pcache: implement read cache to qiov and drop node during aio 
write
a28adc1 add QEMU style defines for __sync_add_and_fetch
426b16d block/pcache: add check node leak
fcf8167 block/pcache: separation AIOCB on requests
8673c7a block/pcache: implement pickup parts of the cache
0ee98e7 block/pcache: introduce LRU as method of memory
378ced9 block/pcache: restrict cache size
ddeed39 block/pcache: add aio requests into cache
9fd86fb block/pcache: add pcache debug build
5cd18e3 util/rbtree: add rbtree from linux kernel
f8aaf99 block/pcache: add own AIOCB block
74d53c5 block/pcache: empty pcache driver filter

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD centos6
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPY RUNNER
  RUN test-quick in centos6
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/src/tests/docker/install
BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
binary directory  /tmp/qemu-test/src/tests/docker/install/bin
library directory /tmp/qemu-test/src/tests/docker/install/lib
module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
include directory /tmp/qemu-test/src/tests/docker/install/include
config directory  /tmp/qemu-test/src/tests/docker/install/etc
local state directory   /tmp/qemu-test/src/tests/docker/install/var
Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde support   no
netmap supportno
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
RDMA support  no
TCG interpreter   no
fdt support   yes
preadv supportyes
fdatasync yes
madvise   yes
posix_madvise yes
uuid support  no
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
Trace backendslog
spice support no 
rbd s

Re: [Qemu-devel] [PATCH] fixup! int128: Use __int128 if available

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Subject: [Qemu-devel] [PATCH] fixup! int128: Use __int128 if available
Type: series
Message-id: 1472152170-18562-1-git-send-email-alex.ben...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
make J=8 docker-test-quick@centos6
make J=8 docker-test-mingw@fedora
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
afef908 fixup! int128: Use __int128 if available

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD centos6
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPY RUNNER
  RUN test-quick in centos6
No C++ compiler available; disabling C++ specific optional code
Install prefix/tmp/qemu-test/src/tests/docker/install
BIOS directory/tmp/qemu-test/src/tests/docker/install/share/qemu
binary directory  /tmp/qemu-test/src/tests/docker/install/bin
library directory /tmp/qemu-test/src/tests/docker/install/lib
module directory  /tmp/qemu-test/src/tests/docker/install/lib/qemu
libexec directory /tmp/qemu-test/src/tests/docker/install/libexec
include directory /tmp/qemu-test/src/tests/docker/install/include
config directory  /tmp/qemu-test/src/tests/docker/install/etc
local state directory   /tmp/qemu-test/src/tests/docker/install/var
Manual directory  /tmp/qemu-test/src/tests/docker/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-fPIE -DPIE -m64 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde support   no
netmap supportno
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
RDMA support  no
TCG interpreter   no
fdt support   yes
preadv supportyes
fdatasync yes
madvise   yes
posix_madvise yes
uuid support  no
libcap-ng support no
vhost-net support yes
vhost-scsi support yes
Trace backendslog
spice support no 
rbd support   no
xfsctl supportno
smartcard support no
libusbno
usb net redir no
OpenGL supportno
OpenGL dmabufsno
libiscsi support  no
libnfs supportno
build guest agent yes
QGA VSS support   no
QGA w32 disk info no
QGA MSI support   no
seccomp support   no
coroutine backend ucontext
coroutine poolyes
GlusterFS support no
Archipelago support no
gcov  gcov
gcov enabled  no
TPM support   yes
libssh2 support   no
TPM passthrough   yes
QOM debugging yes
vhdx  no
lzo support   no
snappy supportno
bzip2 support no
NUMA host support no
tcmalloc support  no
jemalloc support  no
avx2 optimization no
  GEN   x86_64-softmmu/config-devices.mak.tmp
  GEN   aarch64-softmmu/config-devices.mak.tmp
  GEN   config-host.h
  GEN   qemu-options.def
  GEN   qmp-commands.h
  GEN   qapi-types.h
  GEN   qapi-visit.h
  GEN   qapi-event.h
  GEN   x86_64-softmmu/config-devices.mak
  GEN   aarch64-softmmu/config-devices.mak
  GEN   qmp-introspect.h
  GEN   tests/test-qapi-types.h
  GEN   tests/test-qapi-visit.h
  GEN 

[Qemu-devel] [PATCH] crypto: ensure XTS is only used with ciphers with 16 byte blocks

[Daniel P. Berrange]

The XTS cipher mode needs to be used with a cipher which has
a block size of 16 bytes. If a mis-matching block size is used,
the code will either corrupt memory beyond the IV array, or
not fully encrypt/decrypt the IV.

This fixes a memory curruption crash when attempting to use
cast5-128 with xts, since the former has an 8 byte block size.

A test case is added to ensure the cipher creation fails with
such an invalid combination.

Signed-off-by: Daniel P. Berrange 
---
 crypto/cipher-gcrypt.c |  6 ++
 crypto/cipher-nettle.c | 12 +++-
 tests/test-crypto-cipher.c | 44 
 3 files changed, 49 insertions(+), 13 deletions(-)

diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c
index ede2f70..3652aa1 100644
--- a/crypto/cipher-gcrypt.c
+++ b/crypto/cipher-gcrypt.c
@@ -192,6 +192,12 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
 }
 
 if (cipher->mode == QCRYPTO_CIPHER_MODE_XTS) {
+if (ctx->blocksize != XTS_BLOCK_SIZE) {
+error_setg(errp,
+   "Cipher block size %zu must equal XTS block size %d",
+   ctx->blocksize, XTS_BLOCK_SIZE);
+goto error;
+}
 ctx->iv = g_new0(uint8_t, ctx->blocksize);
 }
 
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index 70909fb..0267da5 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -361,6 +361,13 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm 
alg,
 goto error;
 }
 
+if (mode == QCRYPTO_CIPHER_MODE_XTS &&
+ctx->blocksize != XTS_BLOCK_SIZE) {
+error_setg(errp, "Cipher block size %zu must equal XTS block size %d",
+   ctx->blocksize, XTS_BLOCK_SIZE);
+goto error;
+}
+
 ctx->iv = g_new0(uint8_t, ctx->blocksize);
 cipher->opaque = ctx;
 
@@ -456,11 +463,6 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher,
 break;
 
 case QCRYPTO_CIPHER_MODE_XTS:
-if (ctx->blocksize != XTS_BLOCK_SIZE) {
-error_setg(errp, "Block size must be %d not %zu",
-   XTS_BLOCK_SIZE, ctx->blocksize);
-return -1;
-}
 xts_decrypt(ctx->ctx, ctx->ctx_tweak,
 ctx->alg_encrypt_wrapper, ctx->alg_decrypt_wrapper,
 ctx->iv, len, out, in);
diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
index 1b5130d..51e9700 100644
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@@ -370,6 +370,17 @@ static QCryptoCipherTestData test_data[] = {
 "eb4a427d1923ce3ff262735779a418f2"
 "0a282df920147beabe421ee5319d0568",
 },
+{
+/* Bad config - cast5-128 has 8 byte block size
+ * which is incompatible with XTS
+ */
+.path = "/crypto/cipher/cast5-xts-128",
+.alg = QCRYPTO_CIPHER_ALG_CAST5_128,
+.mode = QCRYPTO_CIPHER_MODE_XTS,
+.key =
+"27182818284590452353602874713526"
+"31415926535897932384626433832795",
+}
 };
 
 
@@ -432,15 +443,23 @@ static void test_cipher(const void *opaque)
 const QCryptoCipherTestData *data = opaque;
 
 QCryptoCipher *cipher;
-uint8_t *key, *iv, *ciphertext, *plaintext, *outtext;
-size_t nkey, niv, nciphertext, nplaintext;
-char *outtexthex;
+uint8_t *key, *iv = NULL, *ciphertext = NULL,
+*plaintext = NULL, *outtext = NULL;
+size_t nkey, niv = 0, nciphertext = 0, nplaintext = 0;
+char *outtexthex = NULL;
 size_t ivsize, keysize, blocksize;
+Error *err = NULL;
 
 nkey = unhex_string(data->key, &key);
-niv = unhex_string(data->iv, &iv);
-nciphertext = unhex_string(data->ciphertext, &ciphertext);
-nplaintext = unhex_string(data->plaintext, &plaintext);
+if (data->iv) {
+niv = unhex_string(data->iv, &iv);
+}
+if (data->ciphertext) {
+nciphertext = unhex_string(data->ciphertext, &ciphertext);
+}
+if (data->plaintext) {
+nplaintext = unhex_string(data->plaintext, &plaintext);
+}
 
 g_assert(nciphertext == nplaintext);
 
@@ -449,8 +468,16 @@ static void test_cipher(const void *opaque)
 cipher = qcrypto_cipher_new(
 data->alg, data->mode,
 key, nkey,
-&error_abort);
-g_assert(cipher != NULL);
+&err);
+if (data->plaintext) {
+g_assert(err == NULL);
+g_assert(cipher != NULL);
+} else {
+g_assert(err != NULL);
+error_free(err);
+g_assert(cipher == NULL);
+goto cleanup;
+}
 
 keysize = qcrypto_cipher_get_key_len(data->alg);
 blocksize = qcrypto_cipher_get_block_len(data->alg);
@@ -498,6 +525,7 @@ static void test_cipher(const void *opaque)
 
 g_assert_cmpstr(outtexthex, ==, data->plaintext);
 
+ cleanup:
 g_free(outtext);
 g_free(outtexthex);
 g_free(key);
-- 
2.7.4

[Qemu-devel] [PATCH] console: skip same-size resize

[Marc-André Lureau]

virtio-gpu does a set-scanout at each frame (it might be a driver
regression). qemu_console_resize() recreate a surface even if the size
didn't change, and this shows up in profiling reports because the
surface is cleared. With this patch, I get a +15-20% glmark2
improvement.

Signed-off-by: Marc-André Lureau 
---
 ui/console.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/ui/console.c b/ui/console.c
index c24bfe4..2407b48 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -2100,6 +2100,13 @@ void qemu_console_resize(QemuConsole *s, int width, int 
height)
 DisplaySurface *surface;
 
 assert(s->console_type == GRAPHIC_CONSOLE);
+
+if (s->surface &&
+pixman_image_get_width(s->surface->image) == width &&
+pixman_image_get_height(s->surface->image) == height) {
+return;
+}
+
 surface = qemu_create_displaysurface(width, height);
 dpy_gfx_replace_surface(s, surface);
 }
-- 
2.9.0

[Qemu-devel] [PATCH v2 6/7] qemu-img: clean up dd documentation

[Reda Sallahi]

The dd section on qemu-img --help was a bit hard to read since it was not
well aligned. This patch fixes the display problem and also makes the
sentences on the .texi file more consistent with one another (uppercase and
conjugasion).

Signed-off-by: Reda Sallahi 
Reviewed-by: Stefan Hajnoczi 
---
 qemu-img.c| 48 +---
 qemu-img.texi | 48 
 2 files changed, 49 insertions(+), 47 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index 55977ff..207e16c 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -169,37 +169,39 @@ static void QEMU_NORETURN help(void)
"  '-s' run in Strict mode - fail on different image size or sector 
allocation\n"
"\n"
"Parameters to dd subcommand:\n"
-   "  'bs=BYTES' read and write up to BYTES bytes at a time "
+   "  'bs=BYTES' read and write up to BYTES bytes at a time "
"(default: 512)\n"
-   "  'count=N' copy only N input blocks\n"
-   "  'if=FILE' read from FILE\n"
-   "  'of=FILE' write to FILE\n"
-   "  'skip=N' skip N bs-sized blocks at the start of input\n"
-   "  'seek=N' seek N bs-sized blocks at the start of output\n"
-   "  'conv=CONVS' do not truncate the output file\n"
+   "  'count=N'  copy only N input blocks\n"
+   "  'if=FILE'  read from FILE\n"
+   "  'of=FILE'  write to FILE\n"
+   "  'skip=N'   skip N bs-sized blocks at the start of input\n"
+   "  'seek=N'   seek N bs-sized blocks at the start of output\n"
+   "  'conv=CONVS'   do not truncate the output file\n"
"  'iflags=FLAGS' read using the comma-separated flags list\n"
"  'oflags=FLAGS' read using the comma-separated flags list\n"
"  'status=LEVEL' the LEVEL of information to print to stderr\n\n"
"List of LEVELS for dd:\n"
-   "  'none'   surpresses everything but error messages\n"
-   "  'noxfer' surpresses the final transfer statistics\n\n"
+   "  'none' surpress everything but error messages\n"
+   "  'noxfer'   surpress the final transfer statistics\n\n"
"List of CONVS for dd:\n"
-   "  'notrunc'   do not truncate the output file\n"
-   "  'noerror'   continue in the event of read errors\n"
-   "  'excl'  fail if output already exists\n"
-   "  'nocreat'   do not create the output file\n"
-   "  'fsync' physically write output file data before finishing\n"
-   "  'fdatasync' physically write output file data before finishing\n"
-   "  'sync'  pad every input block with NULs\n"
-   "  'sparse'seek rather than write the output for NUL input"
+   "  'notrunc'  do not truncate the output file\n"
+   "  'noerror'  continue in the event of read errors\n"
+   "  'excl' fail if output already exists\n"
+   "  'nocreat'  do not create the output file\n"
+   "  'fsync'physically write output file data before"
+   " finishing\n"
+   "  'fdatasync'physically write output file data before"
+   " finishing\n"
+   "  'sync' pad every input block with NULs\n"
+   "  'sparse'   seek rather than write the output for NUL input"
" blocks\n\n"
"List of FLAGS for dd:\n"
-   "  'direct'  use direct I/O for data\n"
-   "  'dsync'   use synchronized I/O for data\n"
-   "  'sync'use synchronized I/O for data\n"
-   "  'count_bytes' use 'count=N' as a byte count (iflag only)\n"
-   "  'skip_bytes'  use 'skip=N' as a byte count (iflag only)\n"
-   "  'seek_bytes'  use 'seek=N' as a byte count (oflag only)\n";
+   "  'direct'   use direct I/O for data\n"
+   "  'dsync'use synchronized I/O for data\n"
+   "  'sync' use synchronized I/O for data\n"
+   "  'count_bytes'  use 'count=N' as a byte count (iflag only)\n"
+   "  'skip_bytes'   use 'skip=N' as a byte count (iflag only)\n"
+   "  'seek_bytes'   use 'seek=N' as a byte count (oflag only)\n";
 
 printf("%s\nSupported formats:", help_msg);
 bdrv_iterate_format(format_print, NULL);
diff --git a/qemu-img.texi b/qemu-img.texi
index c8905c6..a1a17f3 100644
--- a/qemu-img.texi
+++ b/qemu-img.texi
@@ -144,20 +144,20 @@ Parameters to dd subcommand:
 @table @option
 
 @item bs=@var{block_size}
-defines the block size
+Defines the block size
 @item count=@var{blocks}
-sets the number of input blocks to copy. In case 'iflags=count_bytes' is
+Sets the number of input blocks to copy. In case 'iflags=count_bytes' is
 specified, 'blocks' is interpreted as a byte count instead of a block count.
 @item if=@var{input}
-sets the input file
+Sets the input file
 @ite

[Qemu-devel] [PATCH v2 4/7] qemu-img: delete not used variable and an unecessary check

[Reda Sallahi]

block_count is not used in img_dd() and the C_SKIP check is unecessary so
this patch removes both of them.

Signed-off-by: Reda Sallahi 
Reviewed-by: Stefan Hajnoczi 
---
 qemu-img.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index a4d0556..bd3e80d 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -4066,7 +4066,7 @@ static int img_dd(int argc, char **argv)
 const char *fmt = NULL;
 const char *out_filename;
 int64_t size = 0, out_size = 0;
-int64_t block_count = 0, out_pos, in_pos, sparse_count = 0;
+int64_t out_pos, in_pos, sparse_count = 0;
 bool writethrough = false;
 int flags = 0;
 int ibsz = 0, obsz = 0, bsz;
@@ -4344,8 +4344,7 @@ static int img_dd(int argc, char **argv)
 }
 }
 
-if (dd.flags & C_SKIP && (in.offset > INT64_MAX / ibsz ||
-  size < in.offset * ibsz)) {
+if (in.offset > INT64_MAX / ibsz || size < in.offset * ibsz) {
 /* We give a warning if the skip option is bigger than the input
  * size and create an empty output disk image (i.e. like dd(1)).
  */
@@ -4357,7 +4356,7 @@ static int img_dd(int argc, char **argv)
 
 in.buf = g_new(uint8_t, in.bsz);
 
-for (out_pos = out.offset * obsz; in_pos < size; block_count++) {
+for (out_pos = out.offset * obsz; in_pos < size;) {
 int in_ret, out_ret;
 bsz = in.bsz;
 
-- 
2.9.3

[Qemu-devel] [PATCH v2 7/7] qemu-img: add a test suite for the count option

[Reda Sallahi]

The count option for dd lacked a test suite so this adds one with four test
cases.

Signed-off-by: Reda Sallahi 
Reviewed-by: Stefan Hajnoczi 
---
 tests/qemu-iotests/168 | 75 ++
 tests/qemu-iotests/168.out | 51 +++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 127 insertions(+)
 create mode 100755 tests/qemu-iotests/168
 create mode 100644 tests/qemu-iotests/168.out

diff --git a/tests/qemu-iotests/168 b/tests/qemu-iotests/168
new file mode 100755
index 000..3ed655e
--- /dev/null
+++ b/tests/qemu-iotests/168
@@ -0,0 +1,75 @@
+#! /bin/bash
+#
+# qemu-img dd test for count option
+#
+# Copyright (C) 2016 Reda Sallahi
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+owner=fullma...@gmail.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+status=1
+
+_cleanup()
+{
+_cleanup_test_img
+rm -f "$TEST_IMG.out" "$TEST_IMG.out.dd"
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+. ./common.rc
+. ./common.filter
+. ./common.pattern
+
+_supported_fmt raw
+_supported_proto file
+_supported_os Linux
+
+TEST_COUNT_BLOCKS="1 4 19 43K"
+
+for count in $TEST_COUNT_BLOCKS; do
+echo
+echo "== Creating image =="
+
+size=1M
+_make_test_img $size
+_check_test_img
+
+$QEMU_IO -c "write -P 0xa 565k 384k" "$TEST_IMG" | _filter_qemu_io
+
+echo
+echo "== Converting the image with dd with count=$count =="
+
+$QEMU_IMG dd if="$TEST_IMG" of="$TEST_IMG.out" count=$count \
+  -O "$IMGFMT" status=none conv=notrunc
+
+TEST_IMG="$TEST_IMG.out" _check_test_img
+
+dd if="$TEST_IMG" of="$TEST_IMG.out.dd" count=$count status=none
+
+echo
+echo "== Compare the images with qemu-img compare =="
+
+$QEMU_IMG compare "$TEST_IMG.out.dd" "$TEST_IMG.out"
+done
+
+echo
+echo "*** done"
+rm -f "$seq.full"
+status=0
diff --git a/tests/qemu-iotests/168.out b/tests/qemu-iotests/168.out
new file mode 100644
index 000..768a687
--- /dev/null
+++ b/tests/qemu-iotests/168.out
@@ -0,0 +1,51 @@
+QA output created by 168
+
+== Creating image ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
+No errors were found on the image.
+wrote 393216/393216 bytes at offset 578560
+384 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== Converting the image with dd with count=1 ==
+No errors were found on the image.
+
+== Compare the images with qemu-img compare ==
+Images are identical.
+
+== Creating image ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
+No errors were found on the image.
+wrote 393216/393216 bytes at offset 578560
+384 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== Converting the image with dd with count=4 ==
+No errors were found on the image.
+
+== Compare the images with qemu-img compare ==
+Images are identical.
+
+== Creating image ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
+No errors were found on the image.
+wrote 393216/393216 bytes at offset 578560
+384 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== Converting the image with dd with count=19 ==
+No errors were found on the image.
+
+== Compare the images with qemu-img compare ==
+Images are identical.
+
+== Creating image ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1048576
+No errors were found on the image.
+wrote 393216/393216 bytes at offset 578560
+384 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+== Converting the image with dd with count=43K ==
+No errors were found on the image.
+
+== Compare the images with qemu-img compare ==
+Images are identical.
+
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index fbe0ffe..9e47975 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -167,3 +167,4 @@
 165 rw auto quick
 166 rw auto quick
 167 rw auto quick
+168 rw auto quick
-- 
2.9.3

[Qemu-devel] [PATCH v2 5/7] qemu-img: add status option to dd

[Reda Sallahi]

This patch adds the status option to the subcommand dd. With this dd will
display by default the number of blocks read/written, the transfer rate, etc.
like dd(1).

The noxfer and none levels will allow the user to surpress the final transfer
statistics and everything except error messages respectively.

A test case was added to test the status option.

Signed-off-by: Reda Sallahi 
---
 qemu-img-cmds.hx   |  4 +--
 qemu-img.c | 87 ++
 qemu-img.texi  |  9 -
 tests/qemu-iotests/159 |  2 +-
 tests/qemu-iotests/160 |  2 +-
 tests/qemu-iotests/161 |  2 +-
 tests/qemu-iotests/163 |  4 +--
 tests/qemu-iotests/164 |  4 +--
 tests/qemu-iotests/165 | 11 +++---
 tests/qemu-iotests/166 |  2 +-
 tests/qemu-iotests/167 | 77 
 tests/qemu-iotests/167.out | 17 +
 tests/qemu-iotests/group   |  1 +
 13 files changed, 200 insertions(+), 22 deletions(-)
 create mode 100755 tests/qemu-iotests/167
 create mode 100644 tests/qemu-iotests/167.out

diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index 933ce3c..6315c64 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -46,9 +46,9 @@ STEXI
 ETEXI
 
 DEF("dd", img_dd,
-"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] [count=blocks] 
[skip=blocks] [seek=blocks] [conv=convs] [iflag=flags] [oflag=flags] if=input 
of=output")
+"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] [count=blocks] 
[skip=blocks] [seek=blocks] [conv=convs] [iflag=flags] [oflag=flags] 
[status=level] if=input of=output")
 STEXI
-@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
[bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] 
[seek=@var{blocks}] [conv=@var{convs}] [iflag=@var{flags}] [oflag=@var{flags}] 
if=@var{input} of=@var{output}
+@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
[bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] 
[seek=@var{blocks}] [conv=@var{convs}] [iflag=@var{flags}] [oflag=@var{flags}] 
[status=@var{level}] if=@var{input} of=@var{output}
 ETEXI
 
 DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
index bd3e80d..55977ff 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -178,7 +178,11 @@ static void QEMU_NORETURN help(void)
"  'seek=N' seek N bs-sized blocks at the start of output\n"
"  'conv=CONVS' do not truncate the output file\n"
"  'iflags=FLAGS' read using the comma-separated flags list\n"
-   "  'oflags=FLAGS' read using the comma-separated flags list\n\n"
+   "  'oflags=FLAGS' read using the comma-separated flags list\n"
+   "  'status=LEVEL' the LEVEL of information to print to stderr\n\n"
+   "List of LEVELS for dd:\n"
+   "  'none'   surpresses everything but error messages\n"
+   "  'noxfer' surpresses the final transfer statistics\n\n"
"List of CONVS for dd:\n"
"  'notrunc'   do not truncate the output file\n"
"  'noerror'   continue in the event of read errors\n"
@@ -3832,11 +3836,13 @@ out:
 #define C_CONV0100
 #define C_IFLAG   0200
 #define C_OFLAG   0400
+#define C_STATUS  01000
 
 struct DdInfo {
 unsigned int flags;
 int64_t count;
 unsigned int conv;
+unsigned int status;
 };
 
 struct DdIo {
@@ -4049,6 +4055,30 @@ static int img_dd_conv(const char *arg,
 return ret;
 }
 
+#define C_STATUS_DEFAULT  00
+#define C_STATUS_NONE 01
+#define C_STATUS_NOXFER   02
+
+static int img_dd_status(const char *arg,
+ struct DdIo *in, struct DdIo *out,
+ struct DdInfo *dd)
+{
+const struct DdSymbols dd_status[] = {
+{ "none", C_STATUS_NONE },
+{ "noxfer", C_STATUS_NOXFER },
+{ NULL, 0 }
+};
+
+for (int j = 0; dd_status[j].name != NULL; j++) {
+if (!strcmp(arg, dd_status[j].name)) {
+dd->status = dd_status[j].value;
+return 0;
+}
+}
+
+error_report("invalid status level: '%s'", arg);
+return 1;
+}
 
 static int img_dd(int argc, char **argv)
 {
@@ -4067,13 +4097,16 @@ static int img_dd(int argc, char **argv)
 const char *out_filename;
 int64_t size = 0, out_size = 0;
 int64_t out_pos, in_pos, sparse_count = 0;
+int64_t in_read = 0, out_wrt = 0; /* Read/write count for status= */
 bool writethrough = false;
 int flags = 0;
 int ibsz = 0, obsz = 0, bsz;
+struct timeval starttv, endtv;
 struct DdInfo dd = {
 .flags = 0,
 .count = 0,
-.conv = 0
+.conv = 0,
+.status = C_STATUS_DEFAULT
 };
 struct DdIo in = {
 .bsz = 512, /* Block size is by default 512 bytes */
@@ -4100,6 +4133,7 @@ static int img_dd(int argc, char **argv)
 { "conv", img_dd_conv, C_CONV },
 { "iflag", img_dd_iflag, C_IFLAG },
 { "oflag", img_dd_oflag, C_OFLAG },
+{ "s

[Qemu-devel] [PATCH v2 1/7] qemu-img: add seek option to dd

[Reda Sallahi]

This patch adds the seek option which allows qemu-img dd to skip a number of
blocks on the output before copying the input.

A test case was added to test the seek option.

Signed-off-by: Reda Sallahi 
Reviewed-by: Stefan Hajnoczi 
---
 qemu-img-cmds.hx   |  4 +--
 qemu-img.c | 45 +++-
 qemu-img.texi  |  4 ++-
 tests/qemu-iotests/161 | 73 ++
 tests/qemu-iotests/161.out | 51 
 tests/qemu-iotests/group   |  1 +
 6 files changed, 167 insertions(+), 11 deletions(-)
 create mode 100755 tests/qemu-iotests/161
 create mode 100644 tests/qemu-iotests/161.out

diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index 18685ac..e79a577 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -46,9 +46,9 @@ STEXI
 ETEXI
 
 DEF("dd", img_dd,
-"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] [count=blocks] 
[skip=blocks] [conv=notrunc] if=input of=output")
+"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] [count=blocks] 
[skip=blocks] [seek=blocks] [conv=notrunc] if=input of=output")
 STEXI
-@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
[bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] [conv=notrunc] 
if=@var{input} of=@var{output}
+@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
[bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] 
[seek=@var{blocks}] [conv=notrunc] if=@var{input} of=@var{output}
 ETEXI
 
 DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
index 816a406..7d313fd 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -175,6 +175,7 @@ static void QEMU_NORETURN help(void)
"  'if=FILE' read from FILE\n"
"  'of=FILE' write to FILE\n"
"  'skip=N' skip N bs-sized blocks at the start of input\n"
+   "  'seek=N' seek N bs-sized blocks at the start of output\n"
"  'conv=notrunc' do not truncate the output file\n";
 
 printf("%s\nSupported formats:", help_msg);
@@ -3808,7 +3809,8 @@ out:
 #define C_IF  04
 #define C_OF  010
 #define C_SKIP020
-#define C_CONV040
+#define C_SEEK040
+#define C_CONV0100
 
 struct DdInfo {
 unsigned int flags;
@@ -3897,6 +3899,22 @@ static int img_dd_skip(const char *arg,
 return 0;
 }
 
+static int img_dd_seek(const char *arg,
+   struct DdIo *in, struct DdIo *out,
+   struct DdInfo *dd)
+{
+char *end;
+
+out->offset = qemu_strtosz_suffix(arg, &end, QEMU_STRTOSZ_DEFSUFFIX_B);
+
+if (out->offset < 0 || *end) {
+error_report("invalid number: '%s'", arg);
+return 1;
+}
+
+return 0;
+}
+
 #define C_NOTRUNC 01
 
 static int img_dd_conv(const char *arg,
@@ -3927,7 +3945,7 @@ static int img_dd(int argc, char **argv)
 const char *out_fmt = "raw";
 const char *fmt = NULL;
 const char *out_filename;
-int64_t size = 0, out_size;
+int64_t size = 0, out_size = 0;
 int64_t block_count = 0, out_pos, in_pos;
 struct DdInfo dd = {
 .flags = 0,
@@ -3953,6 +3971,7 @@ static int img_dd(int argc, char **argv)
 { "if", img_dd_if, C_IF },
 { "of", img_dd_of, C_OF },
 { "skip", img_dd_skip, C_SKIP },
+{ "seek", img_dd_seek, C_SEEK },
 { "conv", img_dd_conv, C_CONV },
 { NULL, NULL, 0 }
 };
@@ -4019,6 +4038,14 @@ static int img_dd(int argc, char **argv)
 arg = NULL;
 }
 
+/* Overflow check for seek */
+if (out.offset > INT64_MAX / out.bsz) {
+error_report("seek with the block size specified is too large "
+ "for data type used");
+ret = -1;
+goto out;
+}
+
 if (!(dd.flags & C_IF && dd.flags & C_OF)) {
 error_report("Must specify both input and output files");
 ret = -1;
@@ -4044,9 +4071,9 @@ static int img_dd(int argc, char **argv)
 }
 /* Overflow means the specified offset is beyond input image's size */
 if (in.offset > INT64_MAX / in.bsz || size < in.offset * in.bsz) {
-out_size = 0;
+out_size = out.offset * out.bsz;
 } else {
-out_size = size - in.offset * in.bsz;
+out_size = size - in.offset * in.bsz + out.offset * out.bsz;
 }
 
 out_filename = out.filename;
@@ -4132,10 +4159,12 @@ static int img_dd(int argc, char **argv)
 goto out;
 }
 
-if (in.offset <= INT64_MAX / in.bsz && size >= in.offset * in.bsz) {
-if (blk2sz < out_size) {
-blk_truncate(blk2, out_size);
+if (in.offset > INT64_MAX / in.bsz || size < in.offset * in.bsz) {
+if (blk2sz < out.offset * out.bsz) {
+blk_truncate(blk2, out.offset * out.bsz);
 }
+} else if (blk2sz < out_size) {
+blk_truncate(blk2, out_size);
 }
 }
 
@@ -4152,7 +4181,7 @@ static int img_dd(int argc, char **argv)
 
 in.buf = g_n

[Qemu-devel] [PATCH v2 3/7] qemu-img: add more conv= conversions to dd

[Reda Sallahi]

This patch adds excl, nocreat, noerror, sync, fsync, fdatasync and sparse to
the conversion list. They have the same meaning as the ones on GNU dd(1).

Two tests were added to test the conv= option.

Signed-off-by: Reda Sallahi 
---
 qemu-img-cmds.hx   |   4 +-
 qemu-img.c | 129 +++--
 qemu-img.texi  |  26 +++--
 tests/qemu-iotests/165 | 109 ++
 tests/qemu-iotests/165.out |  33 
 tests/qemu-iotests/166 |  73 +
 tests/qemu-iotests/166.out |  19 +++
 tests/qemu-iotests/group   |   2 +
 8 files changed, 363 insertions(+), 32 deletions(-)
 create mode 100755 tests/qemu-iotests/165
 create mode 100644 tests/qemu-iotests/165.out
 create mode 100755 tests/qemu-iotests/166
 create mode 100644 tests/qemu-iotests/166.out

diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index 25eaf71..933ce3c 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -46,9 +46,9 @@ STEXI
 ETEXI
 
 DEF("dd", img_dd,
-"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] [count=blocks] 
[skip=blocks] [seek=blocks] [conv=notrunc] [iflag=flags] [oflag=flags] if=input 
of=output")
+"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] [count=blocks] 
[skip=blocks] [seek=blocks] [conv=convs] [iflag=flags] [oflag=flags] if=input 
of=output")
 STEXI
-@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
[bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] 
[seek=@var{blocks}] [conv=notrunc] [iflag=@var{flags}] [oflag=@var{flags}] 
if=@var{input} of=@var{output}
+@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
[bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] 
[seek=@var{blocks}] [conv=@var{convs}] [iflag=@var{flags}] [oflag=@var{flags}] 
if=@var{input} of=@var{output}
 ETEXI
 
 DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
index 7b2c525..a4d0556 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -176,9 +176,19 @@ static void QEMU_NORETURN help(void)
"  'of=FILE' write to FILE\n"
"  'skip=N' skip N bs-sized blocks at the start of input\n"
"  'seek=N' seek N bs-sized blocks at the start of output\n"
-   "  'conv=notrunc' do not truncate the output file\n"
+   "  'conv=CONVS' do not truncate the output file\n"
"  'iflags=FLAGS' read using the comma-separated flags list\n"
"  'oflags=FLAGS' read using the comma-separated flags list\n\n"
+   "List of CONVS for dd:\n"
+   "  'notrunc'   do not truncate the output file\n"
+   "  'noerror'   continue in the event of read errors\n"
+   "  'excl'  fail if output already exists\n"
+   "  'nocreat'   do not create the output file\n"
+   "  'fsync' physically write output file data before finishing\n"
+   "  'fdatasync' physically write output file data before finishing\n"
+   "  'sync'  pad every input block with NULs\n"
+   "  'sparse'seek rather than write the output for NUL input"
+   " blocks\n\n"
"List of FLAGS for dd:\n"
"  'direct'  use direct I/O for data\n"
"  'dsync'   use synchronized I/O for data\n"
@@ -3932,21 +3942,6 @@ static int img_dd_seek(const char *arg,
 return 0;
 }
 
-#define C_NOTRUNC 01
-
-static int img_dd_conv(const char *arg,
-   struct DdIo *in, struct DdIo *out,
-   struct DdInfo *dd)
-{
-if (!strcmp(arg, "notrunc")) {
-dd->conv |= C_NOTRUNC;
-return 0;
-} else {
-error_report("invalid conversion: '%s'", arg);
-return 1;
-}
-}
-
 #define C_DIRECT  01
 #define C_IOFLAG_SYNC 02
 #define C_DSYNC   04
@@ -3954,7 +3949,7 @@ static int img_dd_conv(const char *arg,
 #define C_SKIP_BYTES  020
 #define C_SEEK_BYTES  040
 
-static int img_dd_flag(const char *arg, struct DdIo *io,
+static int img_dd_flag(const char *arg, struct DdIo *io, struct DdInfo *dd,
const struct DdSymbols *flags, const char *err_str)
 {
 int ret = 0;
@@ -3968,7 +3963,11 @@ static int img_dd_flag(const char *arg, struct DdIo *io,
 int j;
 for (j = 0; flags[j].name != NULL; j++) {
 if (!strcmp(tok, flags[j].name)) {
-io->flags |= flags[j].value;
+if (dd) {
+dd->conv |= flags[j].value;
+} else {
+io->flags |= flags[j].value;
+}
 break;
 }
 }
@@ -3996,7 +3995,7 @@ static int img_dd_iflag(const char *arg,
 { NULL, 0}
 };
 
-return img_dd_flag(arg, in, flags, "invalid input flag");
+return img_dd_flag(arg, in, NULL, flags, "invalid input flag");
 }
 
 static int img_dd_oflag(const char *arg,
@@ -4011,9 +4010,46 @@ static int img_dd_oflag(const char *arg,
 

[Qemu-devel] [PATCH v2 2/7] qemu-img: add iflag and oflag options to dd

[Reda Sallahi]

This adds the iflag and oflag options which defines the list of flags used
for reading and writing respectively. The list is comma-separated.

The iflag option supports direct, dsync, sync, count_bytes and skip_bytes
and oflag supports direct, dsync, sync and seek_bytes. They are similar to
their counterparts on GNU dd(1).

Two tests were added to test iflag and oflag.

Signed-off-by: Reda Sallahi 
---
 qemu-img-cmds.hx   |   4 +-
 qemu-img.c | 172 +++--
 qemu-img.texi  |  32 +++--
 tests/qemu-iotests/163 | 103 +++
 tests/qemu-iotests/163.out | 135 +++
 tests/qemu-iotests/164 | 100 ++
 tests/qemu-iotests/164.out |  75 
 tests/qemu-iotests/group   |   2 +
 8 files changed, 595 insertions(+), 28 deletions(-)
 create mode 100755 tests/qemu-iotests/163
 create mode 100644 tests/qemu-iotests/163.out
 create mode 100755 tests/qemu-iotests/164
 create mode 100644 tests/qemu-iotests/164.out

diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
index e79a577..25eaf71 100644
--- a/qemu-img-cmds.hx
+++ b/qemu-img-cmds.hx
@@ -46,9 +46,9 @@ STEXI
 ETEXI
 
 DEF("dd", img_dd,
-"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] [count=blocks] 
[skip=blocks] [seek=blocks] [conv=notrunc] if=input of=output")
+"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] [count=blocks] 
[skip=blocks] [seek=blocks] [conv=notrunc] [iflag=flags] [oflag=flags] if=input 
of=output")
 STEXI
-@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
[bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] 
[seek=@var{blocks}] [conv=notrunc] if=@var{input} of=@var{output}
+@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
[bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] 
[seek=@var{blocks}] [conv=notrunc] [iflag=@var{flags}] [oflag=@var{flags}] 
if=@var{input} of=@var{output}
 ETEXI
 
 DEF("info", img_info,
diff --git a/qemu-img.c b/qemu-img.c
index 7d313fd..7b2c525 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -176,7 +176,16 @@ static void QEMU_NORETURN help(void)
"  'of=FILE' write to FILE\n"
"  'skip=N' skip N bs-sized blocks at the start of input\n"
"  'seek=N' seek N bs-sized blocks at the start of output\n"
-   "  'conv=notrunc' do not truncate the output file\n";
+   "  'conv=notrunc' do not truncate the output file\n"
+   "  'iflags=FLAGS' read using the comma-separated flags list\n"
+   "  'oflags=FLAGS' read using the comma-separated flags list\n\n"
+   "List of FLAGS for dd:\n"
+   "  'direct'  use direct I/O for data\n"
+   "  'dsync'   use synchronized I/O for data\n"
+   "  'sync'use synchronized I/O for data\n"
+   "  'count_bytes' use 'count=N' as a byte count (iflag only)\n"
+   "  'skip_bytes'  use 'skip=N' as a byte count (iflag only)\n"
+   "  'seek_bytes'  use 'seek=N' as a byte count (oflag only)\n";
 
 printf("%s\nSupported formats:", help_msg);
 bdrv_iterate_format(format_print, NULL);
@@ -3811,6 +3820,8 @@ out:
 #define C_SKIP020
 #define C_SEEK040
 #define C_CONV0100
+#define C_IFLAG   0200
+#define C_OFLAG   0400
 
 struct DdInfo {
 unsigned int flags;
@@ -3823,6 +3834,7 @@ struct DdIo {
 char *filename;
 uint8_t *buf;
 int64_t offset;
+unsigned int flags;
 };
 
 struct DdOpts {
@@ -3831,6 +3843,11 @@ struct DdOpts {
 unsigned int flag;
 };
 
+struct DdSymbols {
+const char *name;
+unsigned int value;
+};
+
 static int img_dd_bs(const char *arg,
  struct DdIo *in, struct DdIo *out,
  struct DdInfo *dd)
@@ -3930,6 +3947,73 @@ static int img_dd_conv(const char *arg,
 }
 }
 
+#define C_DIRECT  01
+#define C_IOFLAG_SYNC 02
+#define C_DSYNC   04
+#define C_COUNT_BYTES 010
+#define C_SKIP_BYTES  020
+#define C_SEEK_BYTES  040
+
+static int img_dd_flag(const char *arg, struct DdIo *io,
+   const struct DdSymbols *flags, const char *err_str)
+{
+int ret = 0;
+const char *tok;
+char *str, *tmp;
+
+tmp = str = g_strdup(arg);
+
+while (tmp != NULL && !ret) {
+tok = qemu_strsep(&tmp, ",");
+int j;
+for (j = 0; flags[j].name != NULL; j++) {
+if (!strcmp(tok, flags[j].name)) {
+io->flags |= flags[j].value;
+break;
+}
+}
+if (flags[j].name == NULL) {
+error_report("%s: '%s'", err_str, tok);
+ret = 1;
+}
+}
+
+g_free(str);
+
+return ret;
+}
+
+static int img_dd_iflag(const char *arg,
+struct DdIo *in, struct DdIo *out,
+struct DdInfo *dd)
+{
+const struct DdSymbols flags[] = {
+{ "direct", C_DIRECT },
+

[Qemu-devel] [PATCH v2 0/7] qemu-img dd

[Reda Sallahi]

Hi everyone,

This patchset adds additional options to qemu-img dd.

Depends on:
[PATCH v5] qemu-img: change opening method for the output in dd

Changes from v1:
* Use for qemu_{timersub,gettimeofday} instead of timersub and gettimeofday.
* Add skip= and seek= options for test case 167.
* Put the common part in img_dd_iflag(), img_dd_oflag() and img_dd_conv()
into a new function img_dd_flag().

Reda Sallahi (7):
  qemu-img: add seek option to dd
  qemu-img: add iflag and oflag options to dd
  qemu-img: add more conv= conversions to dd
  qemu-img: delete not used variable and an unecessary check
  qemu-img: add status option to dd
  qemu-img: clean up dd documentation
  qemu-img: add a test suite for the count option

 qemu-img-cmds.hx   |   4 +-
 qemu-img.c | 400 +++--
 qemu-img.texi  |  69 +++-
 tests/qemu-iotests/159 |   2 +-
 tests/qemu-iotests/160 |   2 +-
 tests/qemu-iotests/161 |  73 +
 tests/qemu-iotests/161.out |  51 ++
 tests/qemu-iotests/163 | 103 
 tests/qemu-iotests/163.out | 135 +++
 tests/qemu-iotests/164 | 100 
 tests/qemu-iotests/164.out |  75 +
 tests/qemu-iotests/165 | 110 +
 tests/qemu-iotests/165.out |  33 
 tests/qemu-iotests/166 |  73 +
 tests/qemu-iotests/166.out |  19 +++
 tests/qemu-iotests/167 |  77 +
 tests/qemu-iotests/167.out |  17 ++
 tests/qemu-iotests/168 |  75 +
 tests/qemu-iotests/168.out |  51 ++
 tests/qemu-iotests/group   |   7 +
 20 files changed, 1418 insertions(+), 58 deletions(-)
 create mode 100755 tests/qemu-iotests/161
 create mode 100644 tests/qemu-iotests/161.out
 create mode 100755 tests/qemu-iotests/163
 create mode 100644 tests/qemu-iotests/163.out
 create mode 100755 tests/qemu-iotests/164
 create mode 100644 tests/qemu-iotests/164.out
 create mode 100755 tests/qemu-iotests/165
 create mode 100644 tests/qemu-iotests/165.out
 create mode 100755 tests/qemu-iotests/166
 create mode 100644 tests/qemu-iotests/166.out
 create mode 100755 tests/qemu-iotests/167
 create mode 100644 tests/qemu-iotests/167.out
 create mode 100755 tests/qemu-iotests/168
 create mode 100644 tests/qemu-iotests/168.out

-- 
2.9.3

[Qemu-devel] [PATCH] trace: Allow events without arguments

[Lluís Vilanova]

Signed-off-by: Lluís Vilanova 
---
 scripts/tracetool/__init__.py |5 +
 1 file changed, 5 insertions(+)

diff --git a/scripts/tracetool/__init__.py b/scripts/tracetool/__init__.py
index be24039..96657e6 100644
--- a/scripts/tracetool/__init__.py
+++ b/scripts/tracetool/__init__.py
@@ -72,6 +72,11 @@ class Arguments:
 arg_str : str
 String describing the event arguments.
 """
+# check for empty argument list
+arg_str = arg_str.strip()
+if arg_str == "":
+return Arguments([])
+
 res = []
 for arg in arg_str.split(","):
 arg = arg.strip()

[Qemu-devel] [PATCH v5] qemu-img: change opening method for the output in dd

[Reda Sallahi]

The subcommand dd was creating an output image regardless of whether there
was one already created. With this patch we try to check first if the output
image exists and resize it if necessary.

We also make it mandatory to specify conv=notrunc when the file already
exists.

Signed-off-by: Reda Sallahi 
---
Depends on:
[PATCH v3] qemu-img: add conv=notrunc option to dd

Changes from v4:
* Use access() to check file existence first and remove blk_new_open()
Changes from v3:
* Remove unnecessary checks
Changes from v2:
* Remove redundant code
Changes from v1:
* add --image-opts handling

 qemu-img.c | 142 +++--
 1 file changed, 92 insertions(+), 50 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index f8ba5e5..816a406 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -3919,14 +3919,15 @@ static int img_dd(int argc, char **argv)
 char *tmp;
 BlockDriver *drv = NULL, *proto_drv = NULL;
 BlockBackend *blk1 = NULL, *blk2 = NULL;
-QemuOpts *opts = NULL;
+QemuOpts *opts = NULL, *qopts = NULL;
 QemuOptsList *create_opts = NULL;
 Error *local_err = NULL;
 bool image_opts = false;
 int c, i;
 const char *out_fmt = "raw";
 const char *fmt = NULL;
-int64_t size = 0;
+const char *out_filename;
+int64_t size = 0, out_size;
 int64_t block_count = 0, out_pos, in_pos;
 struct DdInfo dd = {
 .flags = 0,
@@ -4030,36 +4031,6 @@ static int img_dd(int argc, char **argv)
 goto out;
 }
 
-drv = bdrv_find_format(out_fmt);
-if (!drv) {
-error_report("Unknown file format");
-ret = -1;
-goto out;
-}
-proto_drv = bdrv_find_protocol(out.filename, true, &local_err);
-
-if (!proto_drv) {
-error_report_err(local_err);
-ret = -1;
-goto out;
-}
-if (!drv->create_opts) {
-error_report("Format driver '%s' does not support image creation",
- drv->format_name);
-ret = -1;
-goto out;
-}
-if (!proto_drv->create_opts) {
-error_report("Protocol driver '%s' does not support image creation",
- proto_drv->format_name);
-ret = -1;
-goto out;
-}
-create_opts = qemu_opts_append(create_opts, drv->create_opts);
-create_opts = qemu_opts_append(create_opts, proto_drv->create_opts);
-
-opts = qemu_opts_create(create_opts, NULL, 0, &error_abort);
-
 size = blk_getlength(blk1);
 if (size < 0) {
 error_report("Failed to get size for '%s'", in.filename);
@@ -4071,31 +4042,101 @@ static int img_dd(int argc, char **argv)
 dd.count * in.bsz < size) {
 size = dd.count * in.bsz;
 }
-
 /* Overflow means the specified offset is beyond input image's size */
-if (dd.flags & C_SKIP && (in.offset > INT64_MAX / in.bsz ||
-  size < in.bsz * in.offset)) {
-qemu_opt_set_number(opts, BLOCK_OPT_SIZE, 0, &error_abort);
+if (in.offset > INT64_MAX / in.bsz || size < in.offset * in.bsz) {
+out_size = 0;
 } else {
-qemu_opt_set_number(opts, BLOCK_OPT_SIZE,
-size - in.bsz * in.offset, &error_abort);
+out_size = size - in.offset * in.bsz;
 }
 
-ret = bdrv_create(drv, out.filename, opts, &local_err);
-if (ret < 0) {
-error_reportf_err(local_err,
-  "%s: error while creating output image: ",
-  out.filename);
-ret = -1;
-goto out;
+out_filename = out.filename;
+if (image_opts) {
+qopts = qemu_opts_parse_noisily(qemu_find_opts("source"),
+out.filename, true);
+out_filename = qemu_opt_get(qopts, "filename");
 }
 
-blk2 = img_open(image_opts, out.filename, out_fmt, BDRV_O_RDWR,
-false, false);
+ret = access(out_filename, F_OK); /* Check if file exists */
 
-if (!blk2) {
-ret = -1;
-goto out;
+if (ret == -1) {
+ret = 0; /* Reset */
+drv = bdrv_find_format(out_fmt);
+if (!drv) {
+error_report("Unknown file format");
+ret = -1;
+goto out;
+}
+proto_drv = bdrv_find_protocol(out.filename, true, &local_err);
+
+if (!proto_drv) {
+error_report_err(local_err);
+ret = -1;
+goto out;
+}
+if (!drv->create_opts) {
+error_report("Format driver '%s' does not support image creation",
+ drv->format_name);
+ret = -1;
+goto out;
+}
+if (!proto_drv->create_opts) {
+error_report("Protocol driver '%s' does not support image 
creation",
+ proto_drv->format_name);
+ret = -1;
+goto out;
+}
+create_opts = qemu_opts_append(create_opts, drv->create_opts);
+create_opts = qem