Re: [Qemu-devel] [PATCH v3] qemu-nbd: Implement socket activation.

[Paolo Bonzini]

On 03/02/2017 11:22, Richard W.M. Jones wrote:
> 
> I think that the --fork option is mainly intended for command line use
> of qemu-nbd.  If you're running qemu-nbd from a program there's no
> real reason to use --fork, since you can control the fork process
> better yourself.
> 
> LISTEN_PID isn't settable from the command line.  It's also not
> settable from a shell script (as far as I can tell when I was trying
> to write a shell script to test nbdkit).  It has to be set between the
> fork and exec calls, because it is set to the qemu-nbd PID.
> 
> So I don't think --fork and socket activation are really features that
> it makes any sense to mix.

I agree it doesn't really make sense, but I also don't see why it
wouldn't work.

Paolo

Re: [Qemu-devel] [PATCH v3] net: imx: limit buffer descriptor count

[Jason Wang]

On 2017年02月02日 18:46, P J P wrote:

From: Prasad J Pandit 

i.MX Fast Ethernet Controller uses buffer descriptors to manage
data flow to/fro receive & transmit queues. While transmitting
packets, it could continue to read buffer descriptors if a buffer
descriptor has length of zero and has crafted values in bd.flags.
Set an upper limit to number of buffer descriptors.

Reported-by: Li Qiang 
Signed-off-by: Prasad J Pandit 
---
  hw/net/imx_fec.c | 10 ++
  1 file changed, 6 insertions(+), 4 deletions(-)

Patch v2
   -> https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05554.html
   - Restrict loop in 'imx_enet_do_tx' to IMX_MAX_DESC descriptors.


Applied, thanks.



diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 50c7564..90e6ee3 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -55,6 +55,8 @@
  } \
  } while (0)
  
+#define IMX_MAX_DESC1024

+
  static const char *imx_default_reg_name(IMXFECState *s, uint32_t index)
  {
  static char tmp[20];
@@ -402,12 +404,12 @@ static void imx_eth_update(IMXFECState *s)
  
  static void imx_fec_do_tx(IMXFECState *s)

  {
-int frame_size = 0;
+int frame_size = 0, descnt = 0;
  uint8_t frame[ENET_MAX_FRAME_SIZE];
  uint8_t *ptr = frame;
  uint32_t addr = s->tx_descriptor;
  
-while (1) {

+while (descnt++ < IMX_MAX_DESC) {
  IMXFECBufDesc bd;
  int len;
  
@@ -453,12 +455,12 @@ static void imx_fec_do_tx(IMXFECState *s)
  
  static void imx_enet_do_tx(IMXFECState *s)

  {
-int frame_size = 0;
+int frame_size = 0, descnt = 0;
  uint8_t frame[ENET_MAX_FRAME_SIZE];
  uint8_t *ptr = frame;
  uint32_t addr = s->tx_descriptor;
  
-while (1) {

+while (descnt++ < IMX_MAX_DESC) {
  IMXENETBufDesc bd;
  int len;
  

Re: [Qemu-devel] [PATCH v6 kernel 3/5] virtio-balloon: speed up inflate/deflate process

[Li, Liang Z]

> 
> 
> > +static void free_extended_page_bitmap(struct virtio_balloon *vb) {
> > +   int i, bmap_count = vb->nr_page_bmap;
> > +
> > +   for (i = 1; i < bmap_count; i++) {
> > +   kfree(vb->page_bitmap[i]);
> > +   vb->page_bitmap[i] = NULL;
> > +   vb->nr_page_bmap--;
> > +   }
> > +}
> > +
> > +static void kfree_page_bitmap(struct virtio_balloon *vb) {
> > +   int i;
> > +
> > +   for (i = 0; i < vb->nr_page_bmap; i++)
> > +   kfree(vb->page_bitmap[i]);
> > +}
> 
> It might be worth commenting that pair of functions to make it clear why
> they are so different; I guess the kfree_page_bitmap is used just before you
> free the structure above it so you don't need to keep the count/pointers
> updated?
> 

Yes. I will add some comments for that. Thanks!

Liang
 
> Dave
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH Risu 7/7] risu_ppc64le: fix minor code style in assembly test code

[Jose Ricardo Ziviani]

Signed-off-by: Jose Ricardo Ziviani 
---
 test_ppc64le.s | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/test_ppc64le.s b/test_ppc64le.s
index af23ea3..4af770c 100644
--- a/test_ppc64le.s
+++ b/test_ppc64le.s
@@ -12,15 +12,15 @@
  */
 
 /* Initialise the gp regs */
-li 0,0
-li 2,2
-li 3,3
-li 4,4
-li 5,5
-li 6,6
-li 7,7
-li 8,8
-li 9,9
+li 0, 0
+li 2, 2
+li 3, 3
+li 4, 4
+li 5, 5
+li 6, 6
+li 7, 7
+li 8, 8
+li 9, 9
 li 10, 10
 li 11, 11
 li 12, 12
-- 
2.7.4

[Qemu-devel] [PATCH Risu 6/7] risu_ppc64le: remove fancy shell character cont from messages

[Jose Ricardo Ziviani]

Signed-off-by: Jose Ricardo Ziviani 
---
 risu_reginfo_ppc64le.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/risu_reginfo_ppc64le.c b/risu_reginfo_ppc64le.c
index 7a54eab..e6bc0e0 100644
--- a/risu_reginfo_ppc64le.c
+++ b/risu_reginfo_ppc64le.c
@@ -105,9 +105,9 @@ void reginfo_dump(struct reginfo *ri, int is_master)
 {
 int i;
 if (is_master) {
-fprintf(stderr, "  faulting insn \e[1;101;37m0x%x\e[0m\n", 
ri->faulting_insn);
-fprintf(stderr, "  prev insn \e[1;101;37m0x%x\e[0m\n", 
ri->prev_insn);
-fprintf(stderr, "  prev addr \e[1;101;37m0x%" PRIx64 "\e[0m\n\n", 
ri->prev_addr);
+fprintf(stderr, "  faulting insn 0x%x\n", ri->faulting_insn);
+fprintf(stderr, "  prev insn 0x%x\n", ri->prev_insn);
+fprintf(stderr, "  prev addr0x%" PRIx64 "\n\n", ri->nip);
 }
 
 for (i = 0; i < 16; i++) {
-- 
2.7.4

[Qemu-devel] [PATCH Risu 3/7] risu_ppc64le: implement sign extend for small neg constants

[Jose Ricardo Ziviani]

Signed-off-by: Jose Ricardo Ziviani 
---
 risugen_ppc64.pm | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/risugen_ppc64.pm b/risugen_ppc64.pm
index 40f3d4f..561c17b 100644
--- a/risugen_ppc64.pm
+++ b/risugen_ppc64.pm
@@ -75,6 +75,13 @@ sub write_add_ri($$$)
 insn32((0xe << 26) | ($rt << 21) | ($ra << 16) | ($imm & 0x));
 }
 
+sub write_sxt32($$)
+{
+my ($ra, $rs) = @_;
+
+insn32((0x1f << 26) | ($rs << 21) | ($ra << 16) | 0x7b4);
+}
+
 sub write_mov_ri($$)
 {
 # We always use a MOVW/MOVT pair, for simplicity.
@@ -87,10 +94,10 @@ sub write_mov_ri($$)
 write_mov_ri16($rd, $imm);
 }
 
-#if ($is_aarch64 && $imm < 0) {
+if ($imm < 0) {
 # sign extend to allow small negative imm constants
-#write_sxt32($rd, $rd);
-#}
+write_sxt32($rd, $rd);
+}
 }
 
 sub write_random_ppc64_fpdata()
-- 
2.7.4

[Qemu-devel] [PATCH Risu 5/7] risu_ppc64le: stop loading data to register 1 and 13

[Jose Ricardo Ziviani]

Register R1 is defined as the stack frame pointer and R13 is the thread
local storage by ABI. So, in order to let the program flows, they are
better to keep unchanged.

Signed-off-by: Jose Ricardo Ziviani 
---
 test_ppc64le.s | 2 --
 1 file changed, 2 deletions(-)

diff --git a/test_ppc64le.s b/test_ppc64le.s
index 4321751..af23ea3 100644
--- a/test_ppc64le.s
+++ b/test_ppc64le.s
@@ -13,7 +13,6 @@
 
 /* Initialise the gp regs */
 li 0,0
-li 1,1
 li 2,2
 li 3,3
 li 4,4
@@ -25,7 +24,6 @@ li 9,9
 li 10, 10
 li 11, 11
 li 12, 12
-li 13, 13
 li 14, 14
 li 15, 15
 li 16, 16
-- 
2.7.4

[Qemu-devel] [PATCH Risu 0/7] Risu PPC improvements

[Jose Ricardo Ziviani]

This patchset contains some fixes and improvements for ppc64le.

Jose Ricardo Ziviani (7):
  risu_ppc64le: improve xsrqpi[x] and xsrqpxp instructions
  risu_ppc64le: fix 32-bit mov immediate
  risu_ppc64le: implement sign extend for small neg constants
  risu_ppc64le: implement FP random data for test improvement
  risu_ppc64le: stop loading data to register 1 and 13
  risu_ppc64le: remove fancy shell character cont from messages
  risu_ppc64le: fix minor code style in assembly test code

 ppc64.risu |  9 ++---
 risu_reginfo_ppc64le.c |  6 +++---
 risugen_ppc64.pm   | 48 +++-
 test_ppc64le.s | 20 +---
 4 files changed, 61 insertions(+), 22 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH Risu 2/7] risu_ppc64le: fix 32-bit mov immediate

[Jose Ricardo Ziviani]

Two instructions are necessary but the high value should be written
first, shifted 16 bit left, and then or'ed the lower value. This commit
fixes the problem.

Signed-off-by: Jose Ricardo Ziviani 
---
 risugen_ppc64.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/risugen_ppc64.pm b/risugen_ppc64.pm
index ca052de..40f3d4f 100644
--- a/risugen_ppc64.pm
+++ b/risugen_ppc64.pm
@@ -61,8 +61,8 @@ sub write_mov_ri32($$)
 {
 my ($rd, $imm) = @_;
 
-# li rd,immediate@h
-write_mov_ri16($rd, ($imm >> 16) & 0x);
+# lis rd,immediate@h
+insn32(0xf << 26 | $rd << 21 | ($imm >> 16));
 # ori rd,rd,immediate@l
 insn32((0x18 << 26) | ($rd << 21) | ($rd << 16) | ($imm & 0x));
 }
-- 
2.7.4

[Qemu-devel] [PATCH Risu 4/7] risu_ppc64le: implement FP random data for test improvement

[Jose Ricardo Ziviani]

This commit replaces the simple FP data written for tests for a
randomically generated one. This functionality stores the same data in
FP register and VSX[VRB+32] registers.

Signed-off-by: Jose Ricardo Ziviani 
---
 risugen_ppc64.pm | 31 +++
 1 file changed, 31 insertions(+)

diff --git a/risugen_ppc64.pm b/risugen_ppc64.pm
index 561c17b..8e323a2 100644
--- a/risugen_ppc64.pm
+++ b/risugen_ppc64.pm
@@ -100,8 +100,39 @@ sub write_mov_ri($$)
 }
 }
 
+sub write_mov_ri64($$)
+{
+my ($imh, $iml) = @_;
+
+# number of bit to shift
+write_mov_ri16(19, 31);
+# load the highest 32 bits
+write_mov_ri32(20, $iml);
+# shift left 32 bits (sld r20, r20, r19
+insn32((0x1f << 26) | (20 << 21) | (20 << 16) | (19 << 11) | 0x36);
+# write the lowest 32bits
+write_mov_ri32(21, $imh);
+# or r20, r20, r21
+insn32((0x1f << 26) | (20 << 21) | (20 << 16) | (21 << 11) | 0x378);
+
+# std r20, 16(r1)
+insn32((0x3e << 26) | (20 << 21) | (1 << 16) | 0x10);
+}
+
 sub write_random_ppc64_fpdata()
 {
+for (my $i = 0; $i < 32; $i++) {
+# load a random doubleword value at r0
+write_mov_ri64(rand(0xf), rand(0xf));
+# since the EA is r1+16, load such value in FP reg
+insn32((0x32 << 26) | ($i << 21) | (0x1 << 16) | 0x10);
+insn32((0x39 << 26) | ($i << 21) | (0x1 << 16) | 0x12);
+
+}
+}
+
+sub write_random_ppc64_fpdata_i()
+{
 # get an space from the stack
 insn32(0x3ac10020); # addi r22, r1, 32
 insn32(0x3ee03ff0); # lis r23, 0x3ff0
-- 
2.7.4

[Qemu-devel] [PATCH Risu 1/7] risu_ppc64le: improve xsrqpi[x] and xsrqpxp instructions

[Jose Ricardo Ziviani]

New constraint added to the referred instructions in order to avoid
generation of reserved (not used today) rounding modes for floating
point operations.

Signed-off-by: Jose Ricardo Ziviani 
---
 ppc64.risu | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ppc64.risu b/ppc64.risu
index 7b2bfe3..f7fa3f4 100644
--- a/ppc64.risu
+++ b/ppc64.risu
@@ -3019,12 +3019,15 @@ XSREDP PPC64LE 00 t:5 0 b:5 00101 1010 bx:1 tx:1
 XSRESP PPC64LE 00 t:5 0 b:5 1 1010 bx:1 tx:1
 
 # format:Z23 book:I page:636 v3.0 xsrqpi[x] VSX Scalar Round QP to Integral
-XSRQPI PPC64LE 11 vrt:5  r:1 vrb:5 rmc:2 01010
+XSRQPI PPC64LE 11 vrt:5  r:1 vrb:5 rmc:2 01010 \
+!constraints { ($r == 0 && ($rmc != 1 && $rmc != 2)) || $r == 1; }
 # format:Z23 book:I page:636 v3.0 xsrqpi[x] VSX Scalar Round QP to Integral
-XSRQPIx PPC64LE 11 vrt:5  r:1 vrb:5 rmc:2 01011
+XSRQPIx PPC64LE 11 vrt:5  r:1 vrb:5 rmc:2 01011 \
+!constraints { ($r == 0 && ($rmc != 1 && $rmc != 2)) || $r == 1; }
 
 # format:Z23 book:I page:638 v3.0 xsrqpxp VSX Scalar Round QP to XP
-XSRQPXP PPC64LE 11 vrt:5  r:1 vrb:5 rmc:2 001001010
+XSRQPXP PPC64LE 11 vrt:5  r:1 vrb:5 rmc:2 001001010 \
+!constraints { ($r == 0 && ($rmc != 1 && $rmc != 2)) || $r == 1; }
 
 # format:XX2 book:I page:640 v2.07 xsrsp VSX Scalar Round DP to SP
 XSRSP PPC64LE 00 t:5 0 b:5 10001 1001 bx:1 tx:1
-- 
2.7.4

[Qemu-devel] QEMU Wiki

[Jonathan Michael Stryer]

Hello,


Could I have someone create me an account for the QEMU wiki?


Thank you.


Jonathan Stryer
Syracuse University Class of 2018
College of Engineering and Computer Science
Bachelor of Science - Computer Science
Renée Crown Honors Student

Re: [Qemu-devel] [Qemu-ppc] [PATCH 0/4] POWER9 TCG enablements - part 13

[joserz]

On Fri, Feb 03, 2017 at 02:11:31PM -0800, no-re...@patchew.org wrote:
> Hi,
> 
> Your series seems to have some coding style problems. See output below for
> more information:
> 
> Type: series
> Subject: [Qemu-devel] [PATCH 0/4] POWER9 TCG enablements - part 13
> Message-id: 1486159277-25949-1-git-send-email-jos...@linux.vnet.ibm.com
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> 
> BASE=base
> n=1
> total=$(git log --oneline $BASE.. | wc -l)
> failed=0
> 
> # Useful git options
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> 
> commits="$(git log --format=%H --reverse $BASE..)"
> for c in $commits; do
> echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
> if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; 
> then
> failed=1
> echo
> fi
> n=$((n+1))
> done
> 
> exit $failed
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> From https://github.com/patchew-project/qemu
>  * [new tag] 
> patchew/1486159277-25949-1-git-send-email-jos...@linux.vnet.ibm.com -> 
> patchew/1486159277-25949-1-git-send-email-jos...@linux.vnet.ibm.com
>  - [tag update]  patchew/20170203120254.15062-1-berra...@redhat.com -> 
> patchew/20170203120254.15062-1-berra...@redhat.com
> Switched to a new branch 'test'
> 52f618a ppc: implement xssubqp instruction
> f7dfdbf ppc: implement xssqrtqp instruction
> 4d895a4 ppc: implement xsrqpxp instruction
> 5d49c07 ppc: implement xsrqpi[x] instruction
> 
> === OUTPUT BEGIN ===
> Checking PATCH 1/4: ppc: implement xsrqpi[x] instruction...
> ERROR: Macros with complex values should be enclosed in parenthesis
> #125: FILE: target/ppc/translate/vsx-ops.inc.c:106:
> +#define GEN_VSX_Z23FORM_300(name, opc2, opc3, opc4, inval) \
> +GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x00, opc4 | 0x0, inval), \
> +GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x08, opc4 | 0x0, inval), \
> +GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x10, opc4 | 0x0, inval), \
> +GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x0, inval), \
> +GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x00, opc4 | 0x1, inval), \
> +GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x08, opc4 | 0x1, inval), \
> +GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x10, opc4 | 0x1, inval), \
> +GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x1, inval)
> 

I tried to improve it but this style is used everywhere

> total: 1 errors, 0 warnings, 103 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> Checking PATCH 2/4: ppc: implement xsrqpxp instruction...
> Checking PATCH 3/4: ppc: implement xssqrtqp instruction...
> Checking PATCH 4/4: ppc: implement xssubqp instruction...
> === OUTPUT END ===
> 
> Test command exited with code: 1
> 
> 
> ---
> Email generated automatically by Patchew [http://patchew.org/].
> Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH v2 6/6] qemu-img: copy *key-secret opts when opening newly created files

[Max Reitz]

On 03.02.2017 13:02, Daniel P. Berrange wrote:
> The qemu-img dd/convert commands will create a image file and
> then try to open it. Historically it has been possible to open
> new files without passing any options. With encrypted files
> though, the *key-secret options are mandatory, so we need to
> provide those options when opening the newly created file.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  qemu-img.c | 51 +++
>  1 file changed, 47 insertions(+), 4 deletions(-)
> 
> diff --git a/qemu-img.c b/qemu-img.c
> index dc4c6eb..98522dd 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -319,6 +319,49 @@ static BlockBackend *img_open_file(const char *filename,
>  }
>  
>  
> +static int img_add_key_secrets(void *opaque,
> +   const char *name, const char *value,
> +   Error **errp)
> +{
> +QDict **options = opaque;
> +
> +if (g_str_has_suffix(name, "key-secret")) {
> +if (!*options) {
> +*options = qdict_new();
> +}
> +qdict_put(*options, name, qstring_from_str(value));
> +}
> +
> +return 0;
> +}
> +
> +static BlockBackend *img_open_new_file(const char *filename,
> +   QemuOpts *create_opts,
> +   const char *fmt, int flags,
> +   bool writethrough, bool quiet)
> +{
> +BlockBackend *blk;
> +Error *local_err = NULL;
> +QDict *options = NULL;
> +
> +if (fmt) {
> +options = qdict_new();
> +qdict_put(options, "driver", qstring_from_str(fmt));
> +}
> +
> +qemu_opt_foreach(create_opts, img_add_key_secrets, , NULL);

It would probably be easier to just unconditionally create an options
QDict. It doesn't hurt if it's empty.

Anyway:

Reviewed-by: Max Reitz 

> +
> +blk = blk_new_open(filename, NULL, options, flags, _err);
> +if (!blk) {
> +error_reportf_err(local_err, "Could not open '%s': ", filename);
> +return NULL;
> +}
> +blk_set_enable_write_cache(blk, !writethrough);
> +
> +return blk;
> +}
> +
> +
>  static BlockBackend *img_open(bool image_opts,
>const char *filename,
>const char *fmt, int flags, bool writethrough,
> @@ -2115,8 +2158,8 @@ static int img_convert(int argc, char **argv)
>   * That has to wait for bdrv_create to be improved
>   * to allow filenames in option syntax
>   */
> -out_blk = img_open_file(out_filename, out_fmt,
> -flags, writethrough, quiet);
> +out_blk = img_open_new_file(out_filename, opts, out_fmt,
> +flags, writethrough, quiet);
>  }
>  if (!out_blk) {
>  ret = -1;
> @@ -4206,8 +4249,8 @@ static int img_dd(int argc, char **argv)
>   * That has to wait for bdrv_create to be improved
>   * to allow filenames in option syntax
>   */
> -blk2 = img_open_file(out.filename, out_fmt,
> - BDRV_O_RDWR, false, false);
> +blk2 = img_open_new_file(out.filename, opts, out_fmt,
> + BDRV_O_RDWR, false, false);
>  }
>  
>  if (!blk2) {
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 5/6] qemu-img: introduce --target-image-opts for 'convert' command

[Max Reitz]

On 03.02.2017 13:02, Daniel P. Berrange wrote:
> The '--image-opts' flags indicates whether the source filename
> includes options. The target filename has to remain in the
> plain filename format though, since it needs to be passed to
> bdrv_create().  When using --skip-create though, it would be
> possible to use image-opts syntax. This adds --target-image-opts
> to indicate that the target filename includes options. Currently
> this mandates use of the --skip-create flag too.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  qemu-img-cmds.hx |   6 +--
>  qemu-img.c   | 131 
> ---
>  qemu-img.texi|  12 -
>  3 files changed, 98 insertions(+), 51 deletions(-)

Apart from what the commit message says, it also introduces that switch
for dd, which I again don't like too much (quelle surprise), if only
because it requires conv=nocreat and thus patch 5 to be useful.

[...]

> diff --git a/qemu-img.c b/qemu-img.c
> index 39fcf09..dc4c6eb 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c

[...]

> @@ -1918,7 +1933,7 @@ static int img_convert(int argc, char **argv)
>  bs_n = argc - optind - 1;
>  out_filename = bs_n >= 1 ? argv[argc - 1] : NULL;
>  
> -if (options && has_help_option(options)) {
> +if (out_fmt && options && has_help_option(options)) {

"!out_fmt && options && has_help_option(options)" should probably be an
error.

>  ret = print_block_option_help(out_filename, out_fmt);
>  goto out;
>  }
> @@ -1987,22 +2002,22 @@ static int img_convert(int argc, char **argv)
>  goto out;
>  }
>  
> -/* Find driver and parse its options */
> -drv = bdrv_find_format(out_fmt);
> -if (!drv) {
> -error_report("Unknown file format '%s'", out_fmt);
> -ret = -1;
> -goto out;
> -}
> +if (!skip_create) {
> +/* Find driver and parse its options */
> +drv = bdrv_find_format(out_fmt);
> +if (!drv) {
> +error_report("Unknown file format '%s'", out_fmt);
> +ret = -1;
> +goto out;
> +}
>  
> -proto_drv = bdrv_find_protocol(out_filename, true, _err);
> -if (!proto_drv) {
> -error_report_err(local_err);
> -ret = -1;
> -goto out;
> -}
> +proto_drv = bdrv_find_protocol(out_filename, true, _err);
> +if (!proto_drv) {
> +error_report_err(local_err);
> +ret = -1;
> +goto out;
> +}
>  
> -if (!skip_create) {
>  if (!drv->create_opts) {
>  error_report("Format driver '%s' does not support image 
> creation",
>   drv->format_name);

Compression may be used with -n. This involves the check whether
drv->bdrv_co_pwritev_compressed is NULL or not -- which is bad if drv is
still NULL:

$ ./qemu-img create -f qcow2 foo.qcow2 64M
Formatting 'foo.qcow2', fmt=qcow2 size=67108864 encryption=off
cluster_size=65536 lazy_refcounts=off refcount_bits=16
$ ./qemu-img convert -c -O qcow2 -n null-co:// foo.qcow2
[1]17179 segmentation fault (core dumped)  ./qemu-img convert -c -O
qcow2 -n null-co:// foo.qcow

Therefore, you should probably only do the check whether compression is
supported if drv is non-NULL; and if it is NULL, do the check again
after the target image has been opened and its driver is known.

[...]

> @@ -4064,13 +4090,22 @@ static int img_dd(int argc, char **argv)
>  arg = NULL;
>  }
>  
> +if (tgt_image_opts && !(dd.flags & C_NOCREAT)) {
> +error_report("--target-image-opts requires use of -n flag");

*conv=nocreat

> +goto out;
> +}
> +
> +if (!out_fmt && !tgt_image_opts) {
> +out_fmt = "raw";
> +}
> +
>  if (!(dd.flags & C_IF && dd.flags & C_OF)) {
>  error_report("Must specify both input and output files");
>  ret = -1;
>  goto out;
>  }
>  
> -if (optionstr && has_help_option(optionstr)) {
> +if (out_fmt && optionstr && has_help_option(optionstr)) {

Same as in img_convert().

>  ret = print_block_option_help(out.filename, out_fmt);
>  goto out;
>  }

[...]

> @@ -4152,7 +4187,6 @@ static int img_dd(int argc, char **argv)
>  
>  if (!(dd.flags & C_NOCREAT)) {
>  qemu_opt_set_number(opts, BLOCK_OPT_SIZE, out_size, _abort);
> -
>  ret = bdrv_create(drv, out.filename, opts, _err);
>  if (ret < 0) {
>  error_reportf_err(local_err,

I'm not sure whether this hunk is necessary...

[...]

> diff --git a/qemu-img.texi b/qemu-img.texi
> index 01acfb8..bda3cc3 100644
> --- a/qemu-img.texi
> +++ b/qemu-img.texi
> @@ -45,9 +45,17 @@ keys.
>  
>  @item --image-opts
>  
> -Indicates that the @var{filename} parameter is to be interpreted as a
> +Indicates that the source @var{filename} parameter is to be interpreted as a
>  full option string, not a plain filename. This parameter is mutually
> -exclusive with the 

[Qemu-devel] [Bug 1661758] [NEW] qemu-nbd causes data corruption in VDI-format disk images

[Jean-Paul Larocque]

Public bug reported:

Hi,

This is a duplicate of #1422307.  I can't figure out a way to re-open
it--the status of "Fix Released" is changeable only by a project
maintainer or bug supervisor--so I'm opening a new bug to make sure
this gets looked at again.

qemu-nbd will sometimes corrupt VDI disk images.  The bug was thought
to be fixed in commit f0ab6f109630940146cbaf47d0cd3ddba824, but
I'm able to reproduce it in both that commit and in the latest commit
(a951316b8a5c3c63254f20a826afeed940dd4cba).  I just needed to run more
iterations of the test.  It's possible that it was partially fixed, or
that the added serialization made it harder to catch this
non-deterministic bug, but the same symptoms persist: data corruption
of VDI-format disk images.

This affects at least qemu-nbd.  I haven't tried reproducing the issue
with qemu proper or qemu-img, but the original bug report suggests
that the bug in the common VDI backend may corrupt data written by
those programs.

Please let me know if I can provide any further information or help
with testing.  Thank you very much for looking into this!

Test procedure
**

The procedure used is the one given by Max Reitz (xanclic) in the
original bug report, comment 3
(https://bugs.launchpad.net/qemu/+bug/1422307/comments/3), in the
section "VDI and NBD over /dev/nbd0", but with up to 1000 iterations
instead of 10:

  $ cd ~/qemu-origfix-f0ab6f1/bin
  $ dd if=/dev/urandom of=blob.raw bs=1M count=64
  64+0 records in
  64+0 records out
  67108864 bytes (67 MB) copied, 4.36475 s, 15.4 MB/s
  $ sudo sh -c 'for i in $(seq 0 999); do ./qemu-img create -f vdi test.vdi 64M 
> /dev/null; ./qemu-nbd -c /dev/nbd0 test.vdi; sleep 1; ./qemu-img convert -n 
blob.raw /dev/nbd0; ./qemu-img convert /dev/nbd0 test1.raw; sync; echo 1 > 
/proc/sys/vm/drop_caches; ./qemu-img convert /dev/nbd0 test2.raw; ./qemu-nbd -d 
/dev/nbd0 > /dev/null; if ! ./qemu-img compare -q test1.raw test2.raw; then 
md5sum test1.raw test2.raw; echo "$i failed"; break; fi; done; echo "done"'
27a66c3a8ac2cf06f2c925968ea9e964  test1.raw
2da9bf169041a7c2bd144c4ab3a29aea  test2.raw
64 failed
done

I've run this process a handful of times, and I've seen it take as
little as 10 iterations and as many as 161 (taking 32 minutes in the
latter case).  Please be patient.  Putting the images on tmpfs will
probably help it go faster, and I have successfully reproduced the
issue on tmpfs in addition to ext4.

Nothing different was needed to reproduce the issue in a directory
containing a build of the latest commit.  It still takes somewhere
around 1-200 iterations to find, in my testing.

Build procedure
***

  $ git clone git://git.qemu-project.org/qemu.git
  [omitted]
  $ git clone qemu qemu-origfix-f0ab6f1
  Cloning into 'qemu-origfix-f0ab6f1'...
  done.
  $ cd qemu-origfix-f0ab6f1
  $ git checkout f0ab6f109630940146cbaf47d0cd3ddba824
  Note: checking out 'f0ab6f109630940146cbaf47d0cd3ddba824'.
  
  You are in 'detached HEAD' state. You can look around, make experimental
  changes and commit them, and you can discard any commits you make in this
  state without impacting any branches by performing another checkout.
  
  If you want to create a new branch to retain commits you create, you may
  do so (now or later) by using -b with the checkout command again. Example:
  
git checkout -b new_branch_name
  
  HEAD is now at f0ab6f1... block/vdi: Add locking for parallel requests
  $ mkdir bin
  $ cd bin
  $ script -c'time (../configure --enable-debug --target-list=x86_64-softmmu && 
make -j6; echo "result: $?")'
  Script started, file is typescript
  [omitted; the build typescript is attached separately]
LINK  x86_64-softmmu/qemu-system-x86_64
  result: 0
  
  real1m5.733s
  user2m3.904s
  sys 0m13.828s
  Script done, file is typescript

Nothing different was done when building the latest commit (besides
cloning to a different directory, and not running `git checkout`).

Environment
***

  * Machine: x86_64
  
  * Hypervisor: Xen 4.4 (Debian package xen-hypervisor-4.4-amd64,
version 4.4.1-9+deb8u8)
  
  * A Xen domU (guest) for building QEMU and reproducing the issue.
All testing was done within the virtual machine for convenience
and access to better hardware than what I have for my development
machine (I expected the build to take much longer than it really
does).
  
  - x86_64 architecture with six VCPUs and 1.2 GiB RAM allocated,
operating in HVM (fully virtualized) mode.
  
  - Distribution: Debian 8.7 Jessie amd64
  
  - Kernel: Linux 3.16.0 x86_64 (Debian package
linux-image-3.16.0-4-amd64, version 3.16.39-1)
  
  - Compiler: GCC 4.9.2 (Debian package gcc-4.9, version 4.9.2-10)

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "Output of configure script and make"
   
https://bugs.launchpad.net/bugs/1661758/+attachment/4812784/+files/build-typescript.txt

Re: [Qemu-devel] [PATCH 0/4] POWER9 TCG enablements - part 13

[no-reply]

Hi,

Your series seems to have some coding style problems. See output below for
more information:

Type: series
Subject: [Qemu-devel] [PATCH 0/4] POWER9 TCG enablements - part 13
Message-id: 1486159277-25949-1-git-send-email-jos...@linux.vnet.ibm.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

# Useful git options
git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] 
patchew/1486159277-25949-1-git-send-email-jos...@linux.vnet.ibm.com -> 
patchew/1486159277-25949-1-git-send-email-jos...@linux.vnet.ibm.com
 - [tag update]  patchew/20170203120254.15062-1-berra...@redhat.com -> 
patchew/20170203120254.15062-1-berra...@redhat.com
Switched to a new branch 'test'
52f618a ppc: implement xssubqp instruction
f7dfdbf ppc: implement xssqrtqp instruction
4d895a4 ppc: implement xsrqpxp instruction
5d49c07 ppc: implement xsrqpi[x] instruction

=== OUTPUT BEGIN ===
Checking PATCH 1/4: ppc: implement xsrqpi[x] instruction...
ERROR: Macros with complex values should be enclosed in parenthesis
#125: FILE: target/ppc/translate/vsx-ops.inc.c:106:
+#define GEN_VSX_Z23FORM_300(name, opc2, opc3, opc4, inval) \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x00, opc4 | 0x0, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x08, opc4 | 0x0, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x10, opc4 | 0x0, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x0, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x00, opc4 | 0x1, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x08, opc4 | 0x1, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x10, opc4 | 0x1, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x1, inval)

total: 1 errors, 0 warnings, 103 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 2/4: ppc: implement xsrqpxp instruction...
Checking PATCH 3/4: ppc: implement xssqrtqp instruction...
Checking PATCH 4/4: ppc: implement xssubqp instruction...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

Re: [Qemu-devel] [PATCH v2 4/6] qemu-img: add support for -o arg to dd command

[Max Reitz]

On 03.02.2017 13:02, Daniel P. Berrange wrote:
> The -o arg to the convert command allows specification of format/protocol
> options for the newly created image. This adds a -o arg to the dd command
> to get feature parity.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  qemu-img-cmds.hx |  2 +-
>  qemu-img.c   | 32 +++-
>  qemu-img.texi|  6 --
>  3 files changed, 36 insertions(+), 4 deletions(-)

I don't like this patch for the same reasons as for patch 3, but I like
it a bit better. The code introduced here is exactly the same as for
img_convert(), so merging the two would (or "is going to", I hope) be
trivial.

So a pretty weak

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 3/4] ppc: implement xssqrtqp instruction

[Jose Ricardo Ziviani]

xssqrtqp: VSX Scalar Square Root Quad-Precision.

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/fpu_helper.c | 38 +
 target/ppc/helper.h |  1 +
 target/ppc/translate/vsx-impl.inc.c |  1 +
 target/ppc/translate/vsx-ops.inc.c  |  1 +
 4 files changed, 41 insertions(+)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index e032363..46ec0ec 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -3393,3 +3393,41 @@ void helper_xsrqpxp(CPUPPCState *env, uint32_t opcode)
 float_check_status(env);
 }
 
+void helper_xssqrtqp(CPUPPCState *env, uint32_t opcode)
+{
+ppc_vsr_t xb;
+ppc_vsr_t xt;
+float_status tstat;
+
+getVSR(rB(opcode) + 32, , env);
+memset(, 0, sizeof(xt));
+helper_reset_fpstatus(env);
+
+if (unlikely(Rc(opcode) != 0)) {
+/* TODO: Support xsadddpo after round-to-odd is implemented */
+abort();
+}
+
+tstat = env->fp_status;
+set_float_exception_flags(0, );
+xt.f128 = float128_sqrt(xb.f128, );
+env->fp_status.float_exception_flags |= tstat.float_exception_flags;
+
+if (unlikely(tstat.float_exception_flags & float_flag_invalid)) {
+if (float128_is_signaling_nan(xb.f128, )) {
+float_invalid_op_excp(env, POWERPC_EXCP_FP_VXSNAN, 1);
+xt.f128 = float128_snan_to_qnan(xb.f128);
+} else if  (float128_is_quiet_nan(xb.f128, )) {
+xt.f128 = xb.f128;
+} else if (float128_is_neg(xb.f128) && !float128_is_zero(xb.f128)) {
+float_invalid_op_excp(env, POWERPC_EXCP_FP_VXSQRT, 1);
+set_snan_bit_is_one(0, >fp_status);
+xt.f128 = float128_default_nan(>fp_status);
+}
+}
+
+helper_compute_fprf_float128(env, xt.f128);
+putVSR(rD(opcode) + 32, , env);
+float_check_status(env);
+}
+
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 9ce2e58..fbf80a7 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -461,6 +461,7 @@ DEF_HELPER_2(xsrdpip, void, env, i32)
 DEF_HELPER_2(xsrdpiz, void, env, i32)
 DEF_HELPER_2(xsrqpi, void, env, i32)
 DEF_HELPER_2(xsrqpxp, void, env, i32)
+DEF_HELPER_2(xssqrtqp, void, env, i32)
 
 DEF_HELPER_2(xsaddsp, void, env, i32)
 DEF_HELPER_2(xssubsp, void, env, i32)
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 91be201..bbd7d1a 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -835,6 +835,7 @@ GEN_VSX_HELPER_XT_XB_ENV(xsrsp, 0x12, 0x11, 0, PPC2_VSX207)
 
 GEN_VSX_HELPER_2(xsrqpi, 0x05, 0x00, 0, PPC2_ISA300)
 GEN_VSX_HELPER_2(xsrqpxp, 0x05, 0x01, 0, PPC2_ISA300)
+GEN_VSX_HELPER_2(xssqrtqp, 0x04, 0x19, 0x1B, PPC2_ISA300)
 
 GEN_VSX_HELPER_2(xsaddsp, 0x00, 0x00, 0, PPC2_VSX207)
 GEN_VSX_HELPER_2(xssubsp, 0x00, 0x01, 0, PPC2_VSX207)
diff --git a/target/ppc/translate/vsx-ops.inc.c 
b/target/ppc/translate/vsx-ops.inc.c
index e58740b..bac3db2 100644
--- a/target/ppc/translate/vsx-ops.inc.c
+++ b/target/ppc/translate/vsx-ops.inc.c
@@ -115,6 +115,7 @@ GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x1, 
inval)
 
 GEN_VSX_Z23FORM_300(xsrqpi, 0x05, 0x0, 0x0, 0x0),
 GEN_VSX_Z23FORM_300(xsrqpxp, 0x05, 0x1, 0x0, 0x0),
+GEN_VSX_XFORM_300_EO(xssqrtqp, 0x04, 0x19, 0x1B, 0x0001),
 
 GEN_XX2FORM(xsabsdp, 0x12, 0x15, PPC2_VSX),
 GEN_XX2FORM(xsnabsdp, 0x12, 0x16, PPC2_VSX),
-- 
2.7.4

[Qemu-devel] [PATCH 2/4] ppc: implement xsrqpxp instruction

[Jose Ricardo Ziviani]

xsrqpxp: VSX Scalar Round Quad-Precision to Double-Extended Precision.

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/fpu_helper.c | 56 +
 target/ppc/helper.h |  1 +
 target/ppc/translate/vsx-impl.inc.c |  1 +
 target/ppc/translate/vsx-ops.inc.c  |  1 +
 4 files changed, 59 insertions(+)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 593befa..e032363 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -3337,3 +3337,59 @@ void helper_xsrqpi(CPUPPCState *env, uint32_t opcode)
 putVSR(rD(opcode) + 32, , env);
 }
 
+void helper_xsrqpxp(CPUPPCState *env, uint32_t opcode)
+{
+ppc_vsr_t xb;
+ppc_vsr_t xt;
+uint8_t r = Rrm(opcode);
+uint8_t rmc = RMC(opcode);
+uint8_t rmode = 0;
+floatx80 round_res;
+float_status tstat;
+
+getVSR(rB(opcode) + 32, , env);
+memset(, 0, sizeof(xt));
+helper_reset_fpstatus(env);
+
+if (r == 0 && rmc == 0) {
+rmode = float_round_ties_away;
+} else if (r == 0 && rmc == 0x3) {
+rmode = fpscr_rn;
+} else if (r == 1) {
+switch (rmc) {
+case 0:
+rmode = float_round_nearest_even;
+break;
+case 1:
+rmode = float_round_to_zero;
+break;
+case 2:
+rmode = float_round_up;
+break;
+case 3:
+rmode = float_round_down;
+break;
+default:
+abort();
+}
+}
+
+tstat = env->fp_status;
+set_float_exception_flags(0, );
+set_float_rounding_mode(rmode, );
+round_res = float128_to_floatx80(xb.f128, );
+xt.f128 = floatx80_to_float128(round_res, );
+env->fp_status.float_exception_flags |= tstat.float_exception_flags;
+
+if (unlikely(tstat.float_exception_flags & float_flag_invalid)) {
+if (float128_is_signaling_nan(xb.f128, )) {
+float_invalid_op_excp(env, POWERPC_EXCP_FP_VXSNAN, 0);
+xt.f128 = float128_snan_to_qnan(xt.f128);
+}
+}
+
+helper_compute_fprf_float128(env, xt.f128);
+putVSR(rD(opcode) + 32, , env);
+float_check_status(env);
+}
+
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 6a53ae0..9ce2e58 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -460,6 +460,7 @@ DEF_HELPER_2(xsrdpim, void, env, i32)
 DEF_HELPER_2(xsrdpip, void, env, i32)
 DEF_HELPER_2(xsrdpiz, void, env, i32)
 DEF_HELPER_2(xsrqpi, void, env, i32)
+DEF_HELPER_2(xsrqpxp, void, env, i32)
 
 DEF_HELPER_2(xsaddsp, void, env, i32)
 DEF_HELPER_2(xssubsp, void, env, i32)
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index 9868f01..91be201 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -834,6 +834,7 @@ GEN_VSX_HELPER_2(xsrdpiz, 0x12, 0x05, 0, PPC2_VSX)
 GEN_VSX_HELPER_XT_XB_ENV(xsrsp, 0x12, 0x11, 0, PPC2_VSX207)
 
 GEN_VSX_HELPER_2(xsrqpi, 0x05, 0x00, 0, PPC2_ISA300)
+GEN_VSX_HELPER_2(xsrqpxp, 0x05, 0x01, 0, PPC2_ISA300)
 
 GEN_VSX_HELPER_2(xsaddsp, 0x00, 0x00, 0, PPC2_VSX207)
 GEN_VSX_HELPER_2(xssubsp, 0x00, 0x01, 0, PPC2_VSX207)
diff --git a/target/ppc/translate/vsx-ops.inc.c 
b/target/ppc/translate/vsx-ops.inc.c
index b095508..e58740b 100644
--- a/target/ppc/translate/vsx-ops.inc.c
+++ b/target/ppc/translate/vsx-ops.inc.c
@@ -114,6 +114,7 @@ GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x10, opc4 | 0x1, 
inval), \
 GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x1, inval)
 
 GEN_VSX_Z23FORM_300(xsrqpi, 0x05, 0x0, 0x0, 0x0),
+GEN_VSX_Z23FORM_300(xsrqpxp, 0x05, 0x1, 0x0, 0x0),
 
 GEN_XX2FORM(xsabsdp, 0x12, 0x15, PPC2_VSX),
 GEN_XX2FORM(xsnabsdp, 0x12, 0x16, PPC2_VSX),
-- 
2.7.4

[Qemu-devel] [PATCH 0/4] POWER9 TCG enablements - part 13

[Jose Ricardo Ziviani]

This set contains 4 new instructions

xsrqpi[x] - VSX Scalar Round to Quad-Precision Integer
xsrqpxp - VSX Scalar Round Quad-Precision to Double-Extended Precision
xssqrtqp - VSX Scalar Square Root Quad-Precision
xssubqp - VSX Scalar Subtract Quad-Precision

Note:
 - xssqrtqpo and xssubqpo will be implemented when round-to-odd is ready.

Jose Ricardo Ziviani (4):
  ppc: implement xsrqpi[x] instruction
  ppc: implement xsrqpxp instruction
  ppc: implement xssqrtqp instruction
  ppc: implement xssubqp instruction

 target/ppc/fpu_helper.c | 188 
 target/ppc/helper.h |   4 +
 target/ppc/internal.h   |   1 +
 target/ppc/translate/vsx-impl.inc.c |   5 +
 target/ppc/translate/vsx-ops.inc.c  |  15 +++
 5 files changed, 213 insertions(+)

-- 
2.7.4

[Qemu-devel] [PATCH 1/4] ppc: implement xsrqpi[x] instruction

[Jose Ricardo Ziviani]

xsrqpi[x]: VSX Scalar Round to Quad-Precision Integer
[with Inexact].

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/fpu_helper.c | 60 +
 target/ppc/helper.h |  1 +
 target/ppc/internal.h   |  1 +
 target/ppc/translate/vsx-impl.inc.c |  2 ++
 target/ppc/translate/vsx-ops.inc.c  | 12 
 5 files changed, 76 insertions(+)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 9f5cafd..593befa 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -3277,3 +3277,63 @@ void helper_xststdcsp(CPUPPCState *env, uint32_t opcode)
 env->fpscr |= cc << FPSCR_FPRF;
 env->crf[BF(opcode)] = cc;
 }
+
+void helper_xsrqpi(CPUPPCState *env, uint32_t opcode)
+{
+ppc_vsr_t xb;
+ppc_vsr_t xt;
+uint8_t r = Rrm(opcode);
+uint8_t ex = Rc(opcode);
+uint8_t rmc = RMC(opcode);
+uint8_t rmode = 0;
+float_status tstat;
+
+getVSR(rB(opcode) + 32, , env);
+memset(, 0, sizeof(xt));
+helper_reset_fpstatus(env);
+
+if (r == 0 && rmc == 0) {
+rmode = float_round_ties_away;
+} else if (r == 0 && rmc == 0x3) {
+rmode = fpscr_rn;
+} else if (r == 1) {
+switch (rmc) {
+case 0:
+rmode = float_round_nearest_even;
+break;
+case 1:
+rmode = float_round_to_zero;
+break;
+case 2:
+rmode = float_round_up;
+break;
+case 3:
+rmode = float_round_down;
+break;
+default:
+abort();
+}
+}
+
+tstat = env->fp_status;
+set_float_exception_flags(0, );
+set_float_rounding_mode(rmode, );
+xt.f128 = float128_round_to_int(xb.f128, );
+env->fp_status.float_exception_flags |= tstat.float_exception_flags;
+
+if (unlikely(tstat.float_exception_flags & float_flag_invalid)) {
+if (float128_is_signaling_nan(xb.f128, )) {
+float_invalid_op_excp(env, POWERPC_EXCP_FP_VXSNAN, 0);
+xt.f128 = float128_snan_to_qnan(xt.f128);
+}
+}
+
+if (ex == 0 && (tstat.float_exception_flags & float_flag_inexact)) {
+env->fp_status.float_exception_flags &= ~float_flag_inexact;
+}
+
+helper_compute_fprf_float128(env, xt.f128);
+float_check_status(env);
+putVSR(rD(opcode) + 32, , env);
+}
+
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index 85af9df..6a53ae0 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -459,6 +459,7 @@ DEF_HELPER_2(xsrdpic, void, env, i32)
 DEF_HELPER_2(xsrdpim, void, env, i32)
 DEF_HELPER_2(xsrdpip, void, env, i32)
 DEF_HELPER_2(xsrdpiz, void, env, i32)
+DEF_HELPER_2(xsrqpi, void, env, i32)
 
 DEF_HELPER_2(xsaddsp, void, env, i32)
 DEF_HELPER_2(xssubsp, void, env, i32)
diff --git a/target/ppc/internal.h b/target/ppc/internal.h
index 5a2fd68..5b5b180 100644
--- a/target/ppc/internal.h
+++ b/target/ppc/internal.h
@@ -186,6 +186,7 @@ EXTRACT_HELPER(DCM, 10, 6)
 
 /* DFP Z23-form */
 EXTRACT_HELPER(RMC, 9, 2)
+EXTRACT_HELPER(Rrm, 16, 1)
 
 EXTRACT_HELPER_SPLIT(DQxT, 3, 1, 21, 5);
 EXTRACT_HELPER_SPLIT(xT, 0, 1, 21, 5);
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index a44c003..9868f01 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -833,6 +833,8 @@ GEN_VSX_HELPER_2(xsrdpip, 0x12, 0x06, 0, PPC2_VSX)
 GEN_VSX_HELPER_2(xsrdpiz, 0x12, 0x05, 0, PPC2_VSX)
 GEN_VSX_HELPER_XT_XB_ENV(xsrsp, 0x12, 0x11, 0, PPC2_VSX207)
 
+GEN_VSX_HELPER_2(xsrqpi, 0x05, 0x00, 0, PPC2_ISA300)
+
 GEN_VSX_HELPER_2(xsaddsp, 0x00, 0x00, 0, PPC2_VSX207)
 GEN_VSX_HELPER_2(xssubsp, 0x00, 0x01, 0, PPC2_VSX207)
 GEN_VSX_HELPER_2(xsmulsp, 0x00, 0x02, 0, PPC2_VSX207)
diff --git a/target/ppc/translate/vsx-ops.inc.c 
b/target/ppc/translate/vsx-ops.inc.c
index 7dc9f6f..b095508 100644
--- a/target/ppc/translate/vsx-ops.inc.c
+++ b/target/ppc/translate/vsx-ops.inc.c
@@ -103,6 +103,18 @@ GEN_HANDLER_E(name, 0x3F, opc2, opc3, inval, PPC_NONE, 
PPC2_ISA300)
 #define GEN_VSX_XFORM_300_EO(name, opc2, opc3, opc4, inval) \
 GEN_HANDLER_E_2(name, 0x3F, opc2, opc3, opc4, inval, PPC_NONE, PPC2_ISA300)
 
+#define GEN_VSX_Z23FORM_300(name, opc2, opc3, opc4, inval) \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x00, opc4 | 0x0, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x08, opc4 | 0x0, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x10, opc4 | 0x0, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x0, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x00, opc4 | 0x1, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x08, opc4 | 0x1, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x10, opc4 | 0x1, inval), \
+GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x1, inval)
+
+GEN_VSX_Z23FORM_300(xsrqpi, 0x05, 0x0, 0x0, 0x0),
+
 GEN_XX2FORM(xsabsdp, 0x12, 0x15, PPC2_VSX),
 GEN_XX2FORM(xsnabsdp, 0x12, 0x16, 

[Qemu-devel] [PATCH 4/4] ppc: implement xssubqp instruction

[Jose Ricardo Ziviani]

xssubqp: VSX Scalar Subtract Quad-Precision.

Signed-off-by: Jose Ricardo Ziviani 
---
 target/ppc/fpu_helper.c | 34 ++
 target/ppc/helper.h |  1 +
 target/ppc/translate/vsx-impl.inc.c |  1 +
 target/ppc/translate/vsx-ops.inc.c  |  1 +
 4 files changed, 37 insertions(+)

diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c
index 46ec0ec..35a7bf2 100644
--- a/target/ppc/fpu_helper.c
+++ b/target/ppc/fpu_helper.c
@@ -3431,3 +3431,37 @@ void helper_xssqrtqp(CPUPPCState *env, uint32_t opcode)
 float_check_status(env);
 }
 
+void helper_xssubqp(CPUPPCState *env, uint32_t opcode)
+{
+ppc_vsr_t xt, xa, xb;
+float_status tstat;
+
+getVSR(rA(opcode) + 32, , env);
+getVSR(rB(opcode) + 32, , env);
+getVSR(rD(opcode) + 32, , env);
+helper_reset_fpstatus(env);
+
+if (unlikely(Rc(opcode) != 0)) {
+/* TODO: Support xssubqp after round-to-odd is implemented */
+abort();
+}
+
+tstat = env->fp_status;
+set_float_exception_flags(0, );
+xt.f128 = float128_sub(xa.f128, xb.f128, );
+env->fp_status.float_exception_flags |= tstat.float_exception_flags;
+
+if (unlikely(tstat.float_exception_flags & float_flag_invalid)) {
+if (float128_is_infinity(xa.f128) && float128_is_infinity(xb.f128)) {
+float_invalid_op_excp(env, POWERPC_EXCP_FP_VXISI, 1);
+} else if (float128_is_signaling_nan(xa.f128, ) ||
+   float128_is_signaling_nan(xb.f128, )) {
+float_invalid_op_excp(env, POWERPC_EXCP_FP_VXSNAN, 1);
+}
+}
+
+helper_compute_fprf_float128(env, xt.f128);
+putVSR(rD(opcode) + 32, , env);
+float_check_status(env);
+}
+
diff --git a/target/ppc/helper.h b/target/ppc/helper.h
index fbf80a7..3956fd1 100644
--- a/target/ppc/helper.h
+++ b/target/ppc/helper.h
@@ -462,6 +462,7 @@ DEF_HELPER_2(xsrdpiz, void, env, i32)
 DEF_HELPER_2(xsrqpi, void, env, i32)
 DEF_HELPER_2(xsrqpxp, void, env, i32)
 DEF_HELPER_2(xssqrtqp, void, env, i32)
+DEF_HELPER_2(xssubqp, void, env, i32)
 
 DEF_HELPER_2(xsaddsp, void, env, i32)
 DEF_HELPER_2(xssubsp, void, env, i32)
diff --git a/target/ppc/translate/vsx-impl.inc.c 
b/target/ppc/translate/vsx-impl.inc.c
index bbd7d1a..a062203 100644
--- a/target/ppc/translate/vsx-impl.inc.c
+++ b/target/ppc/translate/vsx-impl.inc.c
@@ -836,6 +836,7 @@ GEN_VSX_HELPER_XT_XB_ENV(xsrsp, 0x12, 0x11, 0, PPC2_VSX207)
 GEN_VSX_HELPER_2(xsrqpi, 0x05, 0x00, 0, PPC2_ISA300)
 GEN_VSX_HELPER_2(xsrqpxp, 0x05, 0x01, 0, PPC2_ISA300)
 GEN_VSX_HELPER_2(xssqrtqp, 0x04, 0x19, 0x1B, PPC2_ISA300)
+GEN_VSX_HELPER_2(xssubqp, 0x04, 0x10, 0, PPC2_ISA300)
 
 GEN_VSX_HELPER_2(xsaddsp, 0x00, 0x00, 0, PPC2_VSX207)
 GEN_VSX_HELPER_2(xssubsp, 0x00, 0x01, 0, PPC2_VSX207)
diff --git a/target/ppc/translate/vsx-ops.inc.c 
b/target/ppc/translate/vsx-ops.inc.c
index bac3db2..2202c0f 100644
--- a/target/ppc/translate/vsx-ops.inc.c
+++ b/target/ppc/translate/vsx-ops.inc.c
@@ -116,6 +116,7 @@ GEN_VSX_XFORM_300_EO(name, opc2, opc3 | 0x18, opc4 | 0x1, 
inval)
 GEN_VSX_Z23FORM_300(xsrqpi, 0x05, 0x0, 0x0, 0x0),
 GEN_VSX_Z23FORM_300(xsrqpxp, 0x05, 0x1, 0x0, 0x0),
 GEN_VSX_XFORM_300_EO(xssqrtqp, 0x04, 0x19, 0x1B, 0x0001),
+GEN_VSX_XFORM_300(xssubqp, 0x04, 0x10, 0x0),
 
 GEN_XX2FORM(xsabsdp, 0x12, 0x15, PPC2_VSX),
 GEN_XX2FORM(xsnabsdp, 0x12, 0x16, PPC2_VSX),
-- 
2.7.4

Re: [Qemu-devel] [RFC PATCH] linux-user: Add signal handling for x86_64

[Laurent Vivier]

Le 25/01/2017 à 01:10, Pranith Kumar a écrit :
> Adopted from a previous patch posting:
> https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg02079.html
> 
> CC: Allan Wirth 
> CC: Peter Maydell 
> Signed-off-by: Pranith Kumar 
> ---
>  linux-user/signal.c  | 264 
> ---
>  target/i386/cpu.h|   2 +
>  target/i386/fpu_helper.c |  12 +++
>  3 files changed, 242 insertions(+), 36 deletions(-)
> 
> diff --git a/linux-user/signal.c b/linux-user/signal.c
> index 0a5bb4e26b..0248621d66 100644
> --- a/linux-user/signal.c
> +++ b/linux-user/signal.c
> @@ -253,8 +253,7 @@ int do_sigprocmask(int how, const sigset_t *set, sigset_t 
> *oldset)
>  return 0;
>  }
>  
> -#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32) && \
> -!defined(TARGET_X86_64)
> +#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32)
>  /* Just set the guest's signal mask to the specified value; the
>   * caller is assumed to have called block_signals() already.
>   */
> @@ -512,7 +511,7 @@ void signal_init(void)
>  }
>  }
>  
> -#if !(defined(TARGET_X86_64) || defined(TARGET_UNICORE32))
> +#ifndef TARGET_UNICORE32
>  /* Force a synchronously taken signal. The kernel force_sig() function
>   * also forces the signal to "not blocked, not ignored", but for QEMU
>   * that work is done in process_pending_signals().
> @@ -819,9 +818,8 @@ int do_sigaction(int sig, const struct target_sigaction 
> *act,
>  return ret;
>  }
>  
> -#if defined(TARGET_I386) && TARGET_ABI_BITS == 32
> -
> -/* from the Linux kernel */
> +#if defined(TARGET_I386)
> +/* from the Linux kernel - /arch/x86/include/uapi/asm/sigcontext.h */
>  
>  struct target_fpreg {
>  uint16_t significand[4];
> @@ -835,7 +833,7 @@ struct target_fpxreg {
>  };
>  
>  struct target_xmmreg {
> -abi_ulong element[4];
> +uint32_t element[4];
>  };
>  
>  struct target_fpstate {
> @@ -860,33 +858,117 @@ struct target_fpstate {
>  abi_ulong padding[56];
>  };

I think you should remove the definition of the target_fpstate structure
as you overwrite it with #define below:
...
> +
> +#ifndef TARGET_X86_64
> +# define target_fpstate target_fpstate_32
> +#else
> +# define target_fpstate target_fpstate_64
> +#endif
> +
...
> @@ -959,12 +1052,49 @@ static void setup_sigcontext(struct target_sigcontext 
> *sc,
>  /* non-iBCS2 extensions.. */
>  __put_user(mask, >oldmask);
>  __put_user(env->cr[2], >cr2);
> +#else
> +__put_user(env->regs[8], >r8);
> +__put_user(env->regs[9], >r9);
> +__put_user(env->regs[10], >r10);
> +__put_user(env->regs[11], >r11);
> +__put_user(env->regs[12], >r12);
> +__put_user(env->regs[13], >r13);
> +__put_user(env->regs[14], >r14);
> +__put_user(env->regs[15], >r15);
> +
> +__put_user(env->regs[R_EDI], >rdi);
> +__put_user(env->regs[R_ESI], >rsi);
> +__put_user(env->regs[R_EBP], >rbp);
> +__put_user(env->regs[R_EBX], >rbx);
> +__put_user(env->regs[R_EDX], >rdx);
> +__put_user(env->regs[R_EAX], >rax);
> +__put_user(env->regs[R_ECX], >rcx);
> +__put_user(env->regs[R_ESP], >rsp);
> +__put_user(env->eip, >rip);
> +
> +__put_user(env->eflags, >eflags);
> +
> +__put_user(env->segs[R_CS].selector, >cs);
> +__put_user((uint16_t)0, >gs);
> +__put_user((uint16_t)0, >fs);
> +__put_user(env->segs[R_SS].selector, >ss);
> +
> +__put_user(env->error_code, >err);
> +__put_user(cs->exception_index, >trapno);
> +__put_user(mask, >oldmask);
> +__put_user(env->cr[2], >cr2);
> +
> +/* fpstate_addr must be 16 byte aligned for fxsave */
> +assert(!(fpstate_addr & 0xf));
> +
> +cpu_x86_fxsave(env, fpstate_addr);
> +__put_user(fpstate_addr, >fpstate);
> +#endif

This part would be more readable if the registers were in the same order
as  in the kernel function setup_sigcontext().
...
> +if (info) {
> +tswap_siginfo(>info, info);
> +}

kernel checks "ksig->ka.sa.sa_flags & SA_SIGINFO" to know if there is
siginfo structure.

...
>  /* Set up registers for signal handler */
>  env->regs[R_ESP] = frame_addr;
> +env->regs[R_EAX] = 0;
> +env->regs[R_EDI] = sig;
> +env->regs[R_ESI] = (unsigned long)>info;
> +env->regs[R_EDX] = (unsigned long)>uc;
>  env->eip = ka->_sa_handler;

In kernel, 32bit handler seems to not use the same registers as 64bit
handler, for instance ax is sig, info is dx and uc is cx.

...
> @@ -6181,11 +6371,13 @@ static void handle_pending_signal(CPUArchState 
> *cpu_env, int sig,
>  || defined(TARGET_PPC64) || defined(TARGET_HPPA)
>  /* These targets do not have traditional signals.  */
>  setup_rt_frame(sig, sa, >info, _old_set, cpu_env);
> -#else
> +#elif !defined(TARGET_X86_64)
>  if (sa->sa_flags & TARGET_SA_SIGINFO)
>  setup_rt_frame(sig, sa, >info, _old_set, cpu_env);
>  else
>  

Re: [Qemu-devel] [PATCH v2 3/6] qemu-img: add support for conv=nocreat, notrunc args to dd command

[Max Reitz]

On 03.02.2017 13:02, Daniel P. Berrange wrote:
> The -n arg to the convert command allows use of a pre-existing image,
> rather than creating a new image. This adds equivalent functionality
> to the dd command using the 'conv' arg. If 'conv=nocreat' is used,
> then it will assume the image already exists. The existing image
> will be truncated to match the required output size. 'conv=notrunc'
> cna be used to preserve the existing image size.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  qemu-img-cmds.hx |   4 +-
>  qemu-img.c   | 137 
> +--
>  qemu-img.texi|  10 +++-
>  3 files changed, 115 insertions(+), 36 deletions(-)

Quite frankly I don't like this patch very much. It's not bad in itself,
but I don't like the idea of giving qemu-img dd new features until it's
an interface for qemu-img convert. Everything that we add now encourages
new users to use it and will make the conversion a bit more difficult.

As long as qemu-img convert gets a --target-image-opts, I don't think we
need all of this functionality in qemu-img dd.

Anyway, I won't block/NACK this patch, so resuming review.

> diff --git a/qemu-img-cmds.hx b/qemu-img-cmds.hx
> index f054599..b2c5424 100644
> --- a/qemu-img-cmds.hx
> +++ b/qemu-img-cmds.hx
> @@ -46,9 +46,9 @@ STEXI
>  ETEXI
>  
>  DEF("dd", img_dd,
> -"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] 
> [count=blocks] [skip=blocks] if=input of=output")
> +"dd [--image-opts] [-f fmt] [-O output_fmt] [bs=block_size] 
> [count=blocks] [skip=blocks] [conv=nocreat,notrunc] if=input of=output")
>  STEXI
> -@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
> [bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] if=@var{input} 
> of=@var{output}
> +@item dd [--image-opts] [-f @var{fmt}] [-O @var{output_fmt}] 
> [bs=@var{block_size}] [count=@var{blocks}] [skip=@var{blocks}] 
> [conv=nocreat,notrunc] if=@var{input} of=@var{output}

I'd just write something like conv=@var{convs} or I don't know. There
are other conversion specifiers (or however it's called) that we may
want to support in the future, e.g. sparse or noerror.

>  ETEXI
>  
>  DEF("info", img_info,
> diff --git a/qemu-img.c b/qemu-img.c
> index 629f9e9..c9ab9e5 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c


[...]

> @@ -3906,6 +3910,31 @@ static int img_dd_skip(const char *arg,
>  return 0;
>  }
>  
> +static int img_dd_conv(const char *arg,
> +   struct DdIo *in, struct DdIo *out,
> +   struct DdInfo *dd)
> +{
> +char **flags, **tmp;
> +
> +tmp = flags = g_strsplit(arg, ",", 0);

"flag_pointer", "cur_flag_pointer" or "flat_iterator" instead of "tmp"
might be more suitable names.

> +
> +while (tmp && *tmp) {
> +if (g_str_equal(*tmp, "noconv")) {
> +dd->flags |= C_NOCREAT;
> +} else if (g_str_equal(*tmp, "notrunc")) {
> +dd->flags |= C_NOTRUNC;
> +} else {
> +error_report("invalid conv argument: '%s'", *tmp);
> +g_strfreev(flags);
> +return 1;
> +}
> +tmp++;
> +}
> +
> +g_strfreev(flags);
> +return 0;
> +}
> +
>  static int img_dd(int argc, char **argv)
>  {
>  int ret = 0;

[...]

> @@ -3954,7 +3984,7 @@ static int img_dd(int argc, char **argv)
>  { 0, 0, 0, 0 }
>  };
>  
> -while ((c = getopt_long(argc, argv, "hf:O:", long_options, NULL))) {
> +while ((c = getopt_long(argc, argv, "hnf:O:", long_options, NULL))) {

Looks like a relic from v1.

>  if (c == EOF) {
>  break;
>  }

[...]

> diff --git a/qemu-img.texi b/qemu-img.texi
> index 174aae3..9f10562 100644
> --- a/qemu-img.texi
> +++ b/qemu-img.texi
> @@ -326,7 +326,7 @@ skipped. This is useful for formats such as @code{rbd} if 
> the target
>  volume has already been created with site specific options that cannot
>  be supplied through qemu-img.
>  
> -@item dd [-f @var{fmt}] [-O @var{output_fmt}] [bs=@var{block_size}] 
> [count=@var{blocks}] [skip=@var{blocks}] if=@var{input} of=@var{output}
> +@item dd [-f @var{fmt}] [-O @var{output_fmt}] [bs=@var{block_size}] 
> [count=@var{blocks}] [skip=@var{blocks}] [conv=nocreat,notrunc] 
> if=@var{input} of=@var{output}
>  
>  Dd copies from @var{input} file to @var{output} file converting it from
>  @var{fmt} format to @var{output_fmt} format.
> @@ -337,6 +337,14 @@ dd will stop reading input after reading @var{blocks} 
> input blocks.
>  
>  The size syntax is similar to dd(1)'s size syntax.
>  
> +If the @code{conv=nocreat} option is specified, the target volume creation
> +will be skipped. Its length will be truncated to match data length, if it
> +is longer than the required data size. If the @code{conv=notrunc} option
> +is specified, no file size shrinking will be done. If the existing output
> +file is too small it will be enlarged to fit. These options are useful for
> +formats such as 

Re: [Qemu-devel] [PATCH v7 RFC] block/vxhs: Initial commit to add Veritas HyperScale VxHS block device support

[Ketan Nilangekar]

On 2/3/17, 1:45 AM, "Daniel P. Berrange"  wrote:

On Thu, Feb 02, 2017 at 09:22:46PM +, Ketan Nilangekar wrote:
> 
> On 2/2/17, 12:57 PM, "Ketan Nilangekar"  
wrote:
> 
> [Ketan]
> Does the QIO interface allow for readv/writev over network for 
unsecure sockets?
> 
> [Ketan]
> I checked the qio implementation and it seems that there is a pseudo
> implementation of readv/writev which iterates over the individual
> iovecs to make send/recv syscalls. This can’t be too good for performance.

I think you looked at the Win32 code - the qio_channel_socket_writev
and qio_channel_socket_readv methods which are built on non-Win32
platforms use recvmsg/sendmsg to handle iovecs in a single operation.

[Ketan]
Ok I see that.

> Are you suggesting we use the qio interface for secure communication only
> and leave the unsecure communication to libqnio?

If you expect non-QEMU apps to use libqnio, then you could keep support
for plain & TLS sockets in libqnio. Just provide the I/O callbacks facility
as an alternative approach which can be used by QEMU for secure & insecure
I/O handling.

[Ketan]
We do expect non-qemu applications to use libqnio. 
However, if this is a "nice to have" from QEMU perspective, I'd like to take 
this up later.


Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ 
:|
|: http://libvirt.org  -o- http://virt-manager.org 
:|
|: http://entangle-photo.org   -o-http://search.cpan.org/~danberr/ 
:|

Re: [Qemu-devel] [RFC 4/5] exec: allow to get a pointer for some mmio memory region

[Frederic Konrad]

On 02/03/2017 06:26 PM, Paolo Bonzini wrote:
> 
> 
> On 03/02/2017 09:06, fred.kon...@greensocs.com wrote:
>> +host = mr->ops->request_ptr(mr->opaque, addr - mr->addr, , 
>> );
>> +
>> +if (!host || !size) {
>> +memory_region_transaction_commit();
>> +return false;
>> +}
>> +
>> +sub = g_new(MemoryRegion, 1);
>> +memory_region_init_ram_ptr(sub, OBJECT(mr), "mmio-map", size, host);
>> +memory_region_add_subregion(mr, offset, sub);
>> +memory_region_transaction_commit();
>> +return true;
>> +}
>> +
>> +void memory_region_invalidate_mmio_ptr(MemoryRegion *mr, hwaddr offset,
>> +   unsigned size)
>> +{
>> +MemoryRegionSection section = memory_region_find(mr, offset, size);
>> +
>> +if (section.mr != mr) {
>> +memory_region_del_subregion(mr, section.mr);
>> +/* memory_region_find add a ref on section.mr */
>> +memory_region_unref(section.mr);
>> +object_unparent(OBJECT(section.mr));
> 
> I think this would cause a use-after-free when using MTTCG.  In general,
> creating and dropping MemoryRegions dynamically can cause bugs that are
> nondeterministic and hard to fix without rewriting everything.

Hi Paolo,

Thanks for your comment.
Yes, I read in the docs that dynamically dropping MemoryRegions is badly
broken when we use NULL as an owner because the machine owns it.
But it seems nothing said this is the case with an owner.

But I think I see your point here:
  * memory_region_unref will unref the owner.
  * object_unparent will unref the memory region (which should be 1).
  => the region will be dropped immediately.

Doesn't hotplug use dynamic MemoryRegion? In which case we better
make that work with MTTCG. I wonder if we can't simply handle that
with a safe_work for this case?

BTW the tests I have seems to pass without issues.

> 
> An alternative design could be:
> 
> - memory_region_request_mmio_ptr returns a MemoryRegionCache instead of
> a pointer, so that the device can map a subset of the device (e.g. a
> single page)

I'm not aware of this MemoryRegionCache yet, it seems pretty new.
I'll take a look.

Thanks,
Fred

> 
> - memory_region_request_mmio_ptr and MemoryRegionOps.request_ptr accept
> a Notifier
> 
> - the device adds the Notifier to a NotifierList.  Before invalidating,
> it invokes the Notifier and empties the NotifierList.
> 
> - for the TLB case, the Notifier calls tlb_flush_page.
> 
> I like the general idea though!
> 
> Paolo
> 
>> +}
>> +}

Re: [Qemu-devel] [PATCH v2 2/6] qemu-img: fix --image-opts usage with dd command

[Max Reitz]

On 03.02.2017 13:02, Daniel P. Berrange wrote:
> The --image-opts flag can only be used to affect the parsing
> of the source image. The target image has to be specified in
> the traditional style regardless, since it needs to be passed
> to the bdrv_create() API which does not support the new style
> opts.
> 
> Signed-off-by: Daniel P. Berrange 
> ---
>  qemu-img.c | 9 +++--
>  1 file changed, 7 insertions(+), 2 deletions(-)

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 1/6] qemu-img: add support for --object with 'dd' command

[Max Reitz]

On 03.02.2017 13:02, Daniel P. Berrange wrote:
> The qemu-img dd command added --image-opts support, but missed
> the corresponding --object support. This prevented passing
> secrets (eg auth passwords) needed by certain disk images.
> 
> Reviewed-by: Eric Blake 
> Signed-off-by: Daniel P. Berrange 
> ---
>  qemu-img.c | 16 
>  1 file changed, 16 insertions(+)
> 
> diff --git a/qemu-img.c b/qemu-img.c
> index 74e3362..391a141 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -3949,6 +3949,7 @@ static int img_dd(int argc, char **argv)
>  };
>  const struct option long_options[] = {
>  { "help", no_argument, 0, 'h'},
> +{ "object", required_argument, 0, OPTION_OBJECT},
>  { "image-opts", no_argument, 0, OPTION_IMAGE_OPTS},
>  { 0, 0, 0, 0 }
>  };
> @@ -3971,6 +3972,14 @@ static int img_dd(int argc, char **argv)
>  case 'h':
>  help();
>  break;
> +case OPTION_OBJECT: {
> +QemuOpts *opts;
> +opts = qemu_opts_parse_noisily(_object_opts,
> +   optarg, true);
> +if (!opts) {
> +return 1;
> +}
> +}   break;
>  case OPTION_IMAGE_OPTS:
>  image_opts = true;
>  break;
> @@ -4015,6 +4024,13 @@ static int img_dd(int argc, char **argv)
>  ret = -1;
>  goto out;
>  }
> +
> +if (qemu_opts_foreach(_object_opts,
> +  user_creatable_add_opts_foreach,
> +  NULL, NULL)) {
> +return 1;

Why not ret = -1; goto out; like the other code around this block?

(Same for the case block above.)

Max

> +}
> +
>  blk1 = img_open(image_opts, in.filename, fmt, 0, false, false);
>  
>  if (!blk1) {
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] QEMU + OVMF, bootable linux image

[Laszlo Ersek]

On 02/03/17 19:20, Jason Dickens wrote:
> I am trying to create a raw Linux image that is bootable by QEMU using
> the OVMF firmware image.
> 
> Basically, I have used a standard Ubuntu ISO  and a empty raw image.
> Executing qemu-system-x86_64 with the ISO as CD and the other image as a
> hardrive I have been able to install Ubuntu on the image, no problem.
> 
> However, when trying to boot the created image I simply get the UEFI shell?
> 
> I've noticed the following:
> 
> 1. The ISO image which boots with OVMF in UEFI just fine has the
> following format (from fdisk):
> 
> Disk ubuntu-14.04.3-desktop-amd64.iso: 1006 MiB, 1054867456 bytes,
> 2060288 sectors
> Units: sectors of 1 * 512 = 512 bytes
> Sector size (logical/physical): 512 bytes / 512 bytes
> I/O size (minimum/optimal): 512 bytes / 512 bytes
> Disklabel type: dos
> Disk identifier: 0x6a6216fc
> 
> Device   Boot   Start End Sectors Size Id Type
> ubuntu-14.04.3-desktop-amd64.iso1  *0 2060287 2060288 1006M  0
> Empty
> ubuntu-14.04.3-desktop-amd64.iso2 2038760 2043303 4544 2.2M ef EFI
> (FAT-12/16/32)
> 
> 2. The image created by the linux install has the following(from fdisk):
> 
> Disk ovmf_test_image: 10 GiB, 10737418240 bytes, 20971520 sectors
> Units: sectors of 1 * 512 = 512 bytes
> Sector size (logical/physical): 512 bytes / 512 bytes
> I/O size (minimum/optimal): 512 bytes / 512 bytes
> Disklabel type: gpt
> Disk identifier: 36240C48-C008-4619-BE31-26D271000490
> 
> Device  Start  End  Sectors  Size Type
> ovmf_test_image1 2048  1050623  1048576  512M EFI System
> ovmf_test_image2  1050624 12584959 11534336  5.5G Linux filesystem
> ovmf_test_image3 12584960 20969471  83845124G Linux swap
> 
> 
> Can someone help me understand the format requirements to boot using
> OVMF in UEFI mode? Clearly these two images are dramatically different.
> However, I would expect #2 to be the more modern method and more likely
> to work? As for QEMU command I use literally the same command switching
> only between the file names to get the different results it looks
> something like this:
> 
> qemu-system-x86_64 -drive file=ovmf_test_image,format=raw -m 4G
> --bios.bin -net none

"something like this" is quite likely where the bug is.

I downloaded "ubuntu-14.04.3-desktop-amd64.iso". I also have Gerd's
build of OVMF installed. The RPM is called "edk2.git-ovmf-x64", and the
repository is at  (see the instructions
there). Before running the test, I upgraded the package to
"20170126.b2442.gf1d91f3".

The following script works flawlessly for me. You can use the same
script both for installation and then to boot the installed guest.


ISO=ubuntu-14.04.3-desktop-amd64.iso
IMG=ubuntu-14.04.3-desktop-amd64.img
VARS=ubuntu-14.04.3-desktop-amd64.vars
DBG=ubuntu-14.04.3-desktop-amd64.dbg
CODE=/usr/share/edk2.git/ovmf-x64/OVMF_CODE-pure-efi.fd
TMPL=/usr/share/edk2.git/ovmf-x64/OVMF_VARS-pure-efi.fd

if ! [ -e "$VARS" ]; then
  cp $TMPL "$VARS"
fi

if ! [ -e "$IMG" ]; then
  qemu-img create -f raw "$IMG" 20G
fi

qemu-system-x86_64 \
  \
  -machine accel=kvm \
  -m 4096 \
  \
  -drive if=pflash,readonly,format=raw,file=$CODE \
  -drive if=pflash,format=raw,file="$VARS" \
  \
  -drive id=disk,if=none,format=raw,file=$IMG \
  -drive id=cdrom,if=none,readonly,format=raw,file=$ISO \
  \
  -device virtio-scsi-pci,id=scsi0 \
  -device scsi-hd,bus=scsi0.0,drive=disk,bootindex=0 \
  -device scsi-cd,bus=scsi0.0,drive=cdrom,bootindex=1 \
  \
  -chardev file,id=debug,path="$DBG" \
  -device isa-debugcon,iobase=0x402,chardev=debug


If you wish, after installation (and powering off the guest), you can
simply drop the two lines from the script that contain the word "cdrom";
the guest will remain bootable just the same.

In general, I strongly suggest using libvirt. The QEMU command line is
too complex if you don't know exactly what you are doing.

(I'm not being arrogant: the vast majority of the QEMU command line
options freak me out, so I insist on using libvirt even for my own
development purposes.)

HTH,
Laszlo

Re: [Qemu-devel] [RFC PATCH] linux-user: Add signal handling for x86_64

[Pranith Kumar]

On Fri, Feb 3, 2017 at 11:10 AM, Wirth, Allan  wrote:

> The patch LGTM. :)

Thanks for checking the latest patch and for the initial work. I am
happy it did not get lost :)

-- 
Pranith

Re: [Qemu-devel] [Qemu-block] Non-flat command line option argument syntax

[Max Reitz]

I like both JSON and dot syntax. But I like them differently in
different places.

I love JSON when it's in some file where I can turn out syntax
highlighting and let my $EDITOR match brackets and braces.

I hate JSON when it's on the command line. You have to escape, you get
strings in strings, and at least for QMP you sometimes even get strings
in strings in strings (yes, I like my "echo | qemu -qmp stdio" with
human-monitor-command). Apart from that, usually I don't format anything
nicely on the command line anyway, so JSON and dot syntax are equally
illegible then.

JSON is great for reading, when formatted correctly. If it's not
formatted nicely and you don't have a good editor with highlighting,
it's pretty bad.
It's good for writing in an editor. It's not so nice for writing in a shell.

OTOH, it's hard to read dot syntax when formatted correctly and it's
just as bad as JSON when it isn't. But even if you have an editor at
hand, you can't make it better.
It's very easy to write dot syntax, however. Just write down what you
want. Oh, forgot a parameter for that dict three arrays ago? Just write
it down now. Doesn't matter where you put it. How many braces do I need
to close now? Oh, right, I don't need to close any. Nice!

So dot syntax is pretty much a write-only syntax. But it's very good at
that.

On the command line I absolutely adore the dot syntax. It doesn't force
you to quote, you can put everything anywhere and you don't need to
count braces. I love it.

However, nobody can read what you wrote. Usually doesn't matter. But for
docs, that's bad. For scripts, it depends, but again, it usually is bad.
For configuration files, there is pretty much no excuse. So in general,
I'm very skeptic about dot syntax in files, to say the least.


So I think it would be good to allow full-JSON configuration. Put it in
a file, great.

But at the same time, I do not think that JSON is good for the command
line. Dot syntax works fine and in my opinion it often doesn't actually
matter whether it's legible or not.


I don't like structured values very much because to me they are just
"JSON light". Well, you don't have to quote keys and values (so no
"string in string" mess), but other than that you still have to quote
everything and you still have to count braces.

Max


PS: I personally actually think that structured representations such as
JSON may in some situations be less legible than the dot syntax if you
do not have syntax highlighting and it's not formatted nicely; and
that's because you have to count braces not just when writing but also
when reading. Imagine the following:

a.b.c.d.e.f=42,a.b.c.g=23

{"a":{"b":{"c":{"d":{"e":{"f":42}}},"g":23}}}

I can read the first one much better than the second one. Of course,
that's different with nice formatting and a good editor, but the above
is how I would write it on the command line.

I know it's a fabricated example and you'd just need to switch "g" and
"d", but "}}" actually makes me a bit dizzy, so that may be even
worse. Anyway, I just wanted to make the point that I think that compact
JSON and dot syntax are both pretty much illegible.



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [Qemu-block] Non-flat command line option argument syntax

[Max Reitz]

On 03.02.2017 08:50, Markus Armbruster wrote:
> "Dr. David Alan Gilbert"  writes:
> 
>> * Markus Armbruster (arm...@redhat.com) wrote:
>>> = Introduction =
>>>
>>
>> 
>>
>>> = Structured option argument syntax =
>>>
>>> == JSON ==
>>>
>>> The obvious way to provide the expressiveness of JSON on the command
>>> line is JSON.  Easy enough[2].  However, besides not being compatible,
>>> it's rather heavy on syntax, at least for simple cases.  Compare:
>>>
>>> -machine q35,accel=kvm
>>> -machine '{ "type": "q35", "accel": "kvm"}'
>>>
>>> It compares a bit more favourably in cases that use our non-flat hacks.
>>> Here's a flat list as KEY=VALUE,... with repeated keys, and as JSON:
>>>
>>> -semihosting-config enable,arg=eins,arg=zwei,arg=drei
>>> -semihosting-config '{ "enable": true, "arg": [ "eins", "zwei", "drei" 
>>> ] }'
>>>
>>> Arbitrary nesting with dotted key convention:
>>>
>>> -drive driver=qcow2,file.driver=gluster,
>>>file.volume=testvol,file.path=/path/a.qcow2,file.debug=9,
>>>file.server.0.type=tcp,
>>>file.server.0.host=1.2.3.4,
>>>file.server.0.port=24007,
>>>file.server.1.type=unix,
>>>file.server.1.socket=/var/run/glusterd.socket
>>> -drive '{ "driver": "qcow2",
>>>   "file": {
>>>   "driver": "gluster", "volume": "testvol",
>>>   "path": "/path/a.qcow2", "debug": 9,
>>>   "server": [ { "type": "tcp",
>>> "host": "1.2.3.4", "port": "24007"},
>>>   { "type": "unix",
>>> "socket": "/var/run/glusterd.socket" } ] } 
>>> }'
>>
>> So while I generally hate JSON, the -drive dotted key syntax makes
>> me mad when it gets like this;  have a look
>> at the block replication and quorum setups especially, that can end up
>> with (from docs/COLO-FT.txt):
>>
>>   -drive 
>> if=virtio,id=primary-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,\
>>  children.0.file.filename=1.raw,\
>>  children.0.driver=raw -S
>>
>>that's just way too many .'s to ever properly understand.
>> (I'm sure it used to be more complex).
> 
> Here's an idea to cut down on the dottery that drives you mad (and me
> too): if KEY starts with '.', combine it with a prefix of the previous
> one so that the result has the same number of name components.
> 
> Your example becomes
> 
> -drive 
> if=virtio,id=primary-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,\
>children.0.file.filename=1.raw,.driver=raw -S

No, the last option would be children.0.file.driver=raw when expanded
(which is wrong, it should be children.0.driver).

> 
> My example
> 
>  -drive driver=qcow2,file.driver=gluster,
> file.volume=testvol,file.path=/path/a.qcow2,file.debug=9,
> file.server.0.type=tcp,
> file.server.0.host=1.2.3.4,
> file.server.0.port=24007,
> file.server.1.type=unix,
> file.server.1.socket=/var/run/glusterd.socket
> 
> becomes
> 
>  -drive driver=qcow2,
> file.driver=gluster,
> .volume=testvol,
> .path=/path/a.qcow2,
> .debug=9,
> file.server.0.type=tcp,
>  .host=1.2.3.4,
>  .port=24007,
> file.server.1.type=unix,
>  .socket=/var/run/glusterd.socket
> 
> Mind, I'm not at all sure this is a *good* idea.  I suspect it's more
> magic than it's worth.

As someone who likes dot syntax very much, I don't like it. If you
structure it like this, it's OK, but then you can just write the full
prefix (which gets the point across just as well because I can quickly
tell from a glance that it's the same prefix).

OTOH, when joined into a single line it doesn't change much in terms of
legibility, in my opinion.

Max



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1661386] Re: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed

[Dr. David Alan Gilbert]

Ah well that is a bit better; you see now it's failing in kvm_**get**_msrs 
rather
than put; so the question is which of the two changes made it survive 
kvm_put_msrs

I'd hoped that the flags in (2) would have turned off the CPU flag and
thus made it go in both of them.

kvm_msr_entry_add: @103 index=20f value=0
qemu-system-x86_64: /home/matwey/lab/qemu/target/i386/kvm.c:2218:
kvm_get_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.

1) Was it the steal time or the pmu change that made it flip over to the 
get_msrs?
2) Can you get it to flip over to the get_msrs with the flag rather than the 
code change?

Dave

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1661386

Title:
  Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed

Status in QEMU:
  New

Bug description:
  Hello,

  
  I see the following when try to run qemu from master as the following:

  # ./x86_64-softmmu/qemu-system-x86_64 --version
  QEMU emulator version 2.8.50 (v2.8.0-1006-g4e9f524)
  Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers
  # ./x86_64-softmmu/qemu-system-x86_64 -machine accel=kvm -nodefaults
  -no-reboot -nographic -cpu host -vga none  -kernel .build.kernel.kvm
  -initrd .build.initrd.kvm -append 'panic=1 no-kvmclock console=ttyS0
  loglevel=7' -m 1024 -serial stdio
  qemu-system-x86_64: /home/matwey/lab/qemu/target/i386/kvm.c:1849:
  kvm_put_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.

  First broken commit has been bisected:

  commit 48e1a45c3166d659f781171a47dabf4a187ed7a5
  Author: Paolo Bonzini 
  Date:   Wed Mar 30 22:55:29 2016 +0200

  target-i386: assert that KVM_GET/SET_MSRS can set all requested MSRs
  
  This would have caught the bug in the previous patch.
  
  Signed-off-by: Paolo Bonzini 

  My cpuinfo is the following:

  processor   : 0
  vendor_id   : GenuineIntel
  cpu family  : 6
  model   : 44
  model name  : Intel(R) Xeon(R) CPU   X5675  @ 3.07GHz
  stepping: 2
  microcode   : 0x14
  cpu MHz : 3066.775
  cache size  : 12288 KB
  physical id : 0
  siblings: 2
  core id : 0
  cpu cores   : 2
  apicid  : 0
  initial apicid  : 0
  fpu : yes
  fpu_exception   : yes
  cpuid level : 11
  wp  : yes
  flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm 
constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc 
aperfmperf pni pclmulqdq vmx ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor 
lahf_lm ida arat epb dtherm tpr_shadow vnmi ept vpid
  bugs:
  bogomips: 6133.55
  clflush size: 64
  cache_alignment : 64
  address sizes   : 40 bits physical, 48 bits virtual
  power management:

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1661386/+subscriptions

[Qemu-devel] [PATCH] qemu-img: Do not truncate before preallocation

[Nir Soffer]

When using file system that does not support fallocate() (e.g. NFS <
4.2), truncating the file only when preallocation=OFF speeds up creating
raw file.

Here is example run, tested on Fedora 24 machine, creating raw file on
NFS version 3 server.

$ time ./qemu-img-master create -f raw -o preallocation=falloc mnt/test 1g
Formatting 'mnt/test', fmt=raw size=1073741824 preallocation=falloc

real0m21.185s
user0m0.022s
sys 0m0.574s

$ time ./qemu-img-fix create -f raw -o preallocation=falloc mnt/test 1g
Formatting 'mnt/test', fmt=raw size=1073741824 preallocation=falloc

real0m11.601s
user0m0.016s
sys 0m0.525s

$ time dd if=/dev/zero of=mnt/test bs=1M count=1024 oflag=direct
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 15.6627 s, 68.6 MB/s

real0m16.104s
user0m0.009s
sys 0m0.220s

Running with strace we can see that without this change we do one
pread() and one pwrite() for each block. With this change, we do only
one pwrite() per block.

$ strace ./qemu-img-master create -f raw -o preallocation=falloc mnt/test 8192
...
pread64(9, "\0", 1, 4095)   = 1
pwrite64(9, "\0", 1, 4095)  = 1
pread64(9, "\0", 1, 8191)   = 1
pwrite64(9, "\0", 1, 8191)  = 1

$ strace ./qemu-img-fix create -f raw -o preallocation=falloc mnt/test 8192
...
pwrite64(9, "\0", 1, 4095)  = 1
pwrite64(9, "\0", 1, 8191)  = 1

This happens because posix_fallocate is checking if each block is
allocated before writing a byte to the block, and when truncating the
file before preallocation, all blocks are unallocated.

Signed-off-by: Nir Soffer 
---

I sent this a week ago:
http://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg06123.html

Sending again with improved commit message.

 block/file-posix.c | 11 ---
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/block/file-posix.c b/block/file-posix.c
index 2134e0e..442f080 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -1591,12 +1591,6 @@ static int raw_create(const char *filename, QemuOpts 
*opts, Error **errp)
 #endif
 }
 
-if (ftruncate(fd, total_size) != 0) {
-result = -errno;
-error_setg_errno(errp, -result, "Could not resize file");
-goto out_close;
-}
-
 switch (prealloc) {
 #ifdef CONFIG_POSIX_FALLOCATE
 case PREALLOC_MODE_FALLOC:
@@ -1636,6 +1630,10 @@ static int raw_create(const char *filename, QemuOpts 
*opts, Error **errp)
 break;
 }
 case PREALLOC_MODE_OFF:
+if (ftruncate(fd, total_size) != 0) {
+result = -errno;
+error_setg_errno(errp, -result, "Could not resize file");
+}
 break;
 default:
 result = -EINVAL;
@@ -1644,7 +1642,6 @@ static int raw_create(const char *filename, QemuOpts 
*opts, Error **errp)
 break;
 }
 
-out_close:
 if (qemu_close(fd) != 0 && result == 0) {
 result = -errno;
 error_setg_errno(errp, -result, "Could not close the new file");
-- 
2.9.3

Re: [Qemu-devel] [PATCH v3] qemu-nbd: Implement socket activation.

[Richard W.M. Jones]

On Fri, Feb 03, 2017 at 10:58:15AM -0800, Paolo Bonzini wrote:
> On 03/02/2017 10:56, Richard W.M. Jones wrote:
> > On Fri, Feb 03, 2017 at 09:31:43AM -0800, Paolo Bonzini wrote:
> >> On 03/02/2017 09:09, Richard W.M. Jones wrote:
> >>> +if (fork_process) {
> >>> +return "Fork (--fork) can't be used with socket activation";
> >>> +}
> >>
> >> Why not?  You could have a Type=forking foo.service, which makes little
> >> sense but would work.
> > 
> > The answer, I think, is because systemd will lose track of the PID of
> > the qemu-nbd process.  This would be important because systemd can
> > kill a socket-activated service which is idle.
> > 
> > Normally you would work around that by using PIDFile=... in the unit
> > file, but it looks like qemu-nbd doesn't support pid files.
> 
> PIDFile is recommended indeed but GuessMainPID=yes (the default for no
> PIDFile) should work, since qemu-nbd only has one parent process.

Another reason:

I think that the --fork option is mainly intended for command line use
of qemu-nbd.  If you're running qemu-nbd from a program there's no
real reason to use --fork, since you can control the fork process
better yourself.

LISTEN_PID isn't settable from the command line.  It's also not
settable from a shell script (as far as I can tell when I was trying
to write a shell script to test nbdkit).  It has to be set between the
fork and exec calls, because it is set to the qemu-nbd PID.

So I don't think --fork and socket activation are really features that
it makes any sense to mix.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

Re: [Qemu-devel] [PATCH 16/17] iotests: add dirty bitmap migration test

[Max Reitz]

On 03.02.2017 12:08, Vladimir Sementsov-Ogievskiy wrote:
> 03.02.2017 13:10, Vladimir Sementsov-Ogievskiy wrote:
>> 02.02.2017 02:12, Max Reitz wrote:
>>> On 22.11.2016 18:54, Vladimir Sementsov-Ogievskiy wrote:
 The test starts two vms (vm_a, vm_b), create dirty bitmap in
 the first one, do several writes to corresponding device and
 then migrate vm_a to vm_b with dirty bitmaps.

 Signed-off-by: Vladimir Sementsov-Ogievskiy 
 ---
   tests/qemu-iotests/169 | 86
 ++
   tests/qemu-iotests/169.out |  5 +++
   tests/qemu-iotests/group   |  1 +
   3 files changed, 92 insertions(+)
   create mode 100755 tests/qemu-iotests/169
   create mode 100644 tests/qemu-iotests/169.out

 diff --git a/tests/qemu-iotests/169 b/tests/qemu-iotests/169
 new file mode 100755
 index 000..58b1ab1
 --- /dev/null
 +++ b/tests/qemu-iotests/169
 @@ -0,0 +1,86 @@
 +#!/usr/bin/env python
 +#
 +# Tests for dirty bitmaps migration.
 +#
 +# Copyright (C) Vladimir Sementsov-Ogievskiy 2015-2016
 +#
 +# This program is free software; you can redistribute it and/or modify
 +# it under the terms of the GNU General Public License as published by
 +# the Free Software Foundation; either version 2 of the License, or
 +# (at your option) any later version.
 +#
 +# This program is distributed in the hope that it will be useful,
 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +# GNU General Public License for more details.
 +#
 +# You should have received a copy of the GNU General Public License
 +# along with this program.  If not, see
 .
 +#
 +
 +import os
 +import iotests
 +import time
 +from iotests import qemu_img
 +
 +disk_a = os.path.join(iotests.test_dir, 'disk_a')
 +disk_b = os.path.join(iotests.test_dir, 'disk_b')
 +fifo = os.path.join(iotests.test_dir, 'mig_fifo')
 +
 +class TestDirtyBitmapMigration(iotests.QMPTestCase):
 +
 +def setUp(self):
 +size = 0x4 # 1G
>>> I can already see someone on macOS complaining that this test eats their
>>> hard drive when running it for raw images... But we can still amend it
>>> once somebody complains. O:-)
>>>
>>> I think 1 GB is not overly large, but it's reasonable to use such a
>>> rather large value for this test.
>>>
 +os.mkfifo(fifo)
 +qemu_img('create', '-f', iotests.imgfmt, disk_a, str(size))
 +qemu_img('create', '-f', iotests.imgfmt, disk_b, str(size))
 +self.vm_a = iotests.VM(path_suffix='a').add_drive(disk_a)
 +self.vm_b = iotests.VM(path_suffix='b').add_drive(disk_b)
 +self.vm_b.add_incoming_migration("exec: cat " + fifo)
>>> I guess this will break if the path contains white space. Is there
>>> something we can do about that?
>>>
>>> (You don't need to protect against quotes or something, just white
>>> space.)
>>>
 +self.vm_a.launch()
 +self.vm_b.launch()
 +
 +def tearDown(self):
 +self.vm_a.shutdown()
 +self.vm_b.shutdown()
 +os.remove(disk_a)
 +os.remove(disk_b)
 +os.remove(fifo)
 +
 +def test_migration(self):
 +granularity = 512
 +regions = [
 +{ 'start': 0,   'count': 0x10 },
 +{ 'start': 0x1, 'count': 0x20  },
 +{ 'start': 0x39990, 'count': 0x10  }
 +]
 +
 +result = self.vm_a.qmp('block-dirty-bitmap-add',
 node='drive0',
 +   name='bitmap', granularity=granularity)
 +self.assert_qmp(result, 'return', {});
 +
 +for r in regions:
 +  self.vm_a.hmp_qemu_io('drive0',
>>> This line isn't aligned to four spaces.
>>>
>>> With that fixed, and if you deem fixing the white space issue too
>>> complicated:
>>
>> may be, just add quotes, like
>>
>> self.vm_b.add_incoming_migration("exec: cat '" + fifo + "'")
>>
>>
>> ?
> 
> looks like ./check doesn't work with spaces anyway:
> 
> [root@kvm qemu-iotests]# ./check -qcow2 -nocache 169
> QEMU  -- "/work/src/post
> copy/tests/qemu-iotests/../../x86_64-softmmu/qemu-system-x86_64"
> -nodefaults -machine accel=qtest
> QEMU_IMG  -- "/work/src/post copy/tests/qemu-iotests/../../qemu-img"
> QEMU_IO   -- "/work/src/post copy/tests/qemu-iotests/../../qemu-io" 
> -f qcow2 --cache none
> QEMU_NBD  -- "/work/src/post copy/tests/qemu-iotests/../../qemu-nbd"
> IMGFMT-- qcow2 (compat=1.1)
> IMGPROTO  -- file
> PLATFORM  -- Linux/x86_64 kvm 3.10.0-327.36.1.vz7.20.9
> TEST_DIR  -- /work/src/post 

Re: [Qemu-devel] [PATCH 16/17] iotests: add dirty bitmap migration test

[Max Reitz]

On 03.02.2017 11:10, Vladimir Sementsov-Ogievskiy wrote:
> 02.02.2017 02:12, Max Reitz wrote:
>> On 22.11.2016 18:54, Vladimir Sementsov-Ogievskiy wrote:
>>> The test starts two vms (vm_a, vm_b), create dirty bitmap in
>>> the first one, do several writes to corresponding device and
>>> then migrate vm_a to vm_b with dirty bitmaps.
>>>
>>> Signed-off-by: Vladimir Sementsov-Ogievskiy 
>>> ---
>>>   tests/qemu-iotests/169 | 86
>>> ++
>>>   tests/qemu-iotests/169.out |  5 +++
>>>   tests/qemu-iotests/group   |  1 +
>>>   3 files changed, 92 insertions(+)
>>>   create mode 100755 tests/qemu-iotests/169
>>>   create mode 100644 tests/qemu-iotests/169.out
>>>
>>> diff --git a/tests/qemu-iotests/169 b/tests/qemu-iotests/169
>>> new file mode 100755
>>> index 000..58b1ab1
>>> --- /dev/null
>>> +++ b/tests/qemu-iotests/169
>>> @@ -0,0 +1,86 @@
>>> +#!/usr/bin/env python
>>> +#
>>> +# Tests for dirty bitmaps migration.
>>> +#
>>> +# Copyright (C) Vladimir Sementsov-Ogievskiy 2015-2016
>>> +#
>>> +# This program is free software; you can redistribute it and/or modify
>>> +# it under the terms of the GNU General Public License as published by
>>> +# the Free Software Foundation; either version 2 of the License, or
>>> +# (at your option) any later version.
>>> +#
>>> +# This program is distributed in the hope that it will be useful,
>>> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
>>> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>> +# GNU General Public License for more details.
>>> +#
>>> +# You should have received a copy of the GNU General Public License
>>> +# along with this program.  If not, see .
>>> +#
>>> +
>>> +import os
>>> +import iotests
>>> +import time
>>> +from iotests import qemu_img
>>> +
>>> +disk_a = os.path.join(iotests.test_dir, 'disk_a')
>>> +disk_b = os.path.join(iotests.test_dir, 'disk_b')
>>> +fifo = os.path.join(iotests.test_dir, 'mig_fifo')
>>> +
>>> +class TestDirtyBitmapMigration(iotests.QMPTestCase):
>>> +
>>> +def setUp(self):
>>> +size = 0x4 # 1G
>> I can already see someone on macOS complaining that this test eats their
>> hard drive when running it for raw images... But we can still amend it
>> once somebody complains. O:-)
>>
>> I think 1 GB is not overly large, but it's reasonable to use such a
>> rather large value for this test.
>>
>>> +os.mkfifo(fifo)
>>> +qemu_img('create', '-f', iotests.imgfmt, disk_a, str(size))
>>> +qemu_img('create', '-f', iotests.imgfmt, disk_b, str(size))
>>> +self.vm_a = iotests.VM(path_suffix='a').add_drive(disk_a)
>>> +self.vm_b = iotests.VM(path_suffix='b').add_drive(disk_b)
>>> +self.vm_b.add_incoming_migration("exec: cat " + fifo)
>> I guess this will break if the path contains white space. Is there
>> something we can do about that?
>>
>> (You don't need to protect against quotes or something, just white
>> space.)
>>
>>> +self.vm_a.launch()
>>> +self.vm_b.launch()
>>> +
>>> +def tearDown(self):
>>> +self.vm_a.shutdown()
>>> +self.vm_b.shutdown()
>>> +os.remove(disk_a)
>>> +os.remove(disk_b)
>>> +os.remove(fifo)
>>> +
>>> +def test_migration(self):
>>> +granularity = 512
>>> +regions = [
>>> +{ 'start': 0,   'count': 0x10 },
>>> +{ 'start': 0x1, 'count': 0x20  },
>>> +{ 'start': 0x39990, 'count': 0x10  }
>>> +]
>>> +
>>> +result = self.vm_a.qmp('block-dirty-bitmap-add', node='drive0',
>>> +   name='bitmap', granularity=granularity)
>>> +self.assert_qmp(result, 'return', {});
>>> +
>>> +for r in regions:
>>> +  self.vm_a.hmp_qemu_io('drive0',
>> This line isn't aligned to four spaces.
>>
>> With that fixed, and if you deem fixing the white space issue too
>> complicated:
> 
> may be, just add quotes, like
> 
> self.vm_b.add_incoming_migration("exec: cat '" + fifo + "'")

Yep, that would be fine with me.

Max

> 
> 
> ?
> 
>>
>> Reviewed-by: Max Reitz 
>>
>>> +'write %d %d' % (r['start'],
>>> r['count']))
>>> +
>>> +result = self.vm_a.qmp('x-debug-block-dirty-bitmap-sha256',
>>> +   node='drive0', name='bitmap')
>>> +sha256 = result['return']['sha256']
>>> +
>>> +result = self.vm_a.qmp('migrate-set-capabilities',
>>> +   capabilities=[{'capability':
>>> 'dirty-bitmaps',
>>> +  'state': True}])
>>> +self.assert_qmp(result, 'return', {})
>>> +
>>> +result = self.vm_a.qmp('migrate', uri='exec:cat>' + fifo)
>>> +self.assertNotEqual(self.vm_a.event_wait("STOP"), None)
>>> +

Re: [Qemu-devel] [PATCH 1/2] qemu-io: don't allow I/O operations larger than INT_MAX

[Max Reitz]

On 02.02.2017 09:52, Alberto Garcia wrote:
> On Wed 01 Feb 2017 11:16:38 PM CET, Max Reitz  wrote:
> 
>> Thanks, applied to my block tree, with
>> %s/INT_MAX/BDRV_REQUEST_MAX_BYTES/g:
> 
> I think you can use %d to print BDRV_REQUEST_MAX_BYTES, after all the
> definition guarantees that it won't be larger than MIN(SIZE_MAX,INT_MAX)

I'm not sure what C makes of that expression. I'd think it becomes a
size_t, probably, regardless of whether it would fit into an int.

Max



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 23/24] qcow2: add .bdrv_remove_persistent_dirty_bitmap

[Max Reitz]

On 02.02.2017 11:41, Vladimir Sementsov-Ogievskiy wrote:
> 01.02.2017 02:20, Max Reitz wrote:
>> On 23.01.2017 13:10, Vladimir Sementsov-Ogievskiy wrote:
>>> Realize .bdrv_remove_persistent_dirty_bitmap interface.
>>>
>>> Signed-off-by: Vladimir Sementsov-Ogievskiy 
>>> ---
>>>   block/qcow2-bitmap.c | 40 
>>>   block/qcow2.c|  1 +
>>>   block/qcow2.h|  3 +++
>>>   3 files changed, 44 insertions(+)
>>>
>>> diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
>>> index 2687a3acd5..be026fc80e 100644
>>> --- a/block/qcow2-bitmap.c
>>> +++ b/block/qcow2-bitmap.c
>>> @@ -1064,6 +1064,46 @@ static Qcow2Bitmap
>>> *find_bitmap_by_name(Qcow2BitmapList *bm_list,
>>>   return NULL;
>>>   }
>>>   +void qcow2_remove_persistent_dirty_bitmap(BlockDriverState *bs,
>>> +  const char *name,
>>> +  Error **errp)
>>> +{
>>> +int ret;
>>> +BDRVQcow2State *s = bs->opaque;
>>> +Qcow2Bitmap *bm;
>>> +Qcow2BitmapList *bm_list;
>>> +
>>> +if (s->nb_bitmaps == 0) {
>>> +/* No bitmaps - nothing to do */
>> Shouldn't it be an error? I.e. "bitmap not found"?
>>
>>> +return;
>>> +}
>>> +
>>> +bm_list = bitmap_list_load(bs, s->bitmap_directory_offset,
>>> +   s->bitmap_directory_size, errp);
>>> +if (bm_list == NULL) {
>>> +return;
>>> +}
>>> +
>>> +bm = find_bitmap_by_name(bm_list, name);
>>> +if (bm == NULL) {
>>> +goto fail;
>> What about setting errp? Or do you not consider this an error?
>>
>> I think it should be an error.
>>
>>> +}
>>> +
>>> +QSIMPLEQ_REMOVE(bm_list, bm, Qcow2Bitmap, entry);
>> bm->name is leaked here.
> 
> No, bitmap_free(bm) below will free it.

Oops, right. Well then:

Reviewed-by: Max Reitz 



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH RFC] mem-prealloc: Reduce large guest start-up and migration time.

[Paolo Bonzini]

On 02/02/2017 01:35, Jitendra Kolhe wrote:
>> Of course you'd still need the memset() trick if qemu was given
>> non-hugepages in combination with --mem-prealloc, as you don't
>> want to lock normal pages into ram permanently.
>>
> given above numbers, I think we can stick to memset() implementation for
> both hugepage and non-hugepage cases?

Yes, of course!

Paolo

Re: [Qemu-devel] [Bug 1661386] Re: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed

[Matwey V. Kornilov]

2017-02-03 21:34 GMT+03:00 Dr. David Alan Gilbert :
> Hi,
>   OK, lets see:
>
>  kvm_put_msrs: ret=18 expected=105
>
> so I think it's one of the MSRs around 18 that it's upset at:
>
> kvm_msr_entry_add: @17 index=4b564d03 value=0
>
>   41:#define MSR_KVM_STEAL_TIME  0x4b564d03
>
> kvm_msr_entry_add: @18 index=38d value=0
>
>  #define MSR_CORE_PERF_FIXED_CTR_CTRL0x38d
>
> So my guess is it's the steal time thing.
>
> 1) You didn't say what kernel your host was running - please tell me
>   I think that steal time thing went into the kernel ~3.0

Sorry, I've missed. I tested both 3.16 and 4.1.

> 2) try starting qemu   with -cpu host,-kvm_steal_time and/or -cpu
host,-perfctr_core

Nothing of this helps.

> 3) If those don't work, in kvm_put_msrs try hacking out the lines:
>
>   if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_STEAL_TIME)) {
> kvm_msr_entry_add(cpu, MSR_KVM_STEAL_TIME, env->steal_time_msr);
> }
>
> and turning the :
>
> if (has_msr_architectural_pmu) {
>
> intoif (0) {
>

This also doesn't helps. But It seems to be failed in other line now.

kvm_msr_entry_add: @0 index=174 value=0
kvm_msr_entry_add: @1 index=175 value=0
kvm_msr_entry_add: @2 index=176 value=0
kvm_msr_entry_add: @3 index=277 value=7040600070406
kvm_msr_entry_add: @4 index=c081 value=0
kvm_msr_entry_add: @5 index=c0010117 value=0
kvm_msr_entry_add: @6 index=3b value=0
kvm_msr_entry_add: @7 index=1a0 value=1
kvm_msr_entry_add: @8 index=c083 value=0
kvm_msr_entry_add: @9 index=c102 value=0
kvm_msr_entry_add: @10 index=c084 value=0
kvm_msr_entry_add: @11 index=c082 value=0
kvm_msr_entry_add: @12 index=10 value=0
kvm_msr_entry_add: @13 index=12 value=0
kvm_msr_entry_add: @14 index=11 value=0
kvm_msr_entry_add: @15 index=4b564d02 value=0
kvm_msr_entry_add: @16 index=4b564d04 value=0
kvm_msr_entry_add: @17 index=2ff value=0
kvm_msr_entry_add: @18 index=250 value=0
kvm_msr_entry_add: @19 index=258 value=0
kvm_msr_entry_add: @20 index=259 value=0
kvm_msr_entry_add: @21 index=268 value=0
kvm_msr_entry_add: @22 index=269 value=0
kvm_msr_entry_add: @23 index=26a value=0
kvm_msr_entry_add: @24 index=26b value=0
kvm_msr_entry_add: @25 index=26c value=0
kvm_msr_entry_add: @26 index=26d value=0
kvm_msr_entry_add: @27 index=26e value=0
kvm_msr_entry_add: @28 index=26f value=0
kvm_msr_entry_add: @29 index=200 value=0
kvm_msr_entry_add: @30 index=201 value=0
kvm_msr_entry_add: @31 index=202 value=0
kvm_msr_entry_add: @32 index=203 value=0
kvm_msr_entry_add: @33 index=204 value=0
kvm_msr_entry_add: @34 index=205 value=0
kvm_msr_entry_add: @35 index=206 value=0
kvm_msr_entry_add: @36 index=207 value=0
kvm_msr_entry_add: @37 index=208 value=0
kvm_msr_entry_add: @38 index=209 value=0
kvm_msr_entry_add: @39 index=20a value=0
kvm_msr_entry_add: @40 index=20b value=0
kvm_msr_entry_add: @41 index=20c value=0
kvm_msr_entry_add: @42 index=20d value=0
kvm_msr_entry_add: @43 index=20e value=0
kvm_msr_entry_add: @44 index=20f value=0
kvm_msr_entry_add: @45 index=17a value=0
kvm_msr_entry_add: @46 index=17b value=
kvm_msr_entry_add: @47 index=400 value=
kvm_msr_entry_add: @48 index=401 value=0
kvm_msr_entry_add: @49 index=402 value=0
kvm_msr_entry_add: @50 index=403 value=0
kvm_msr_entry_add: @51 index=404 value=
kvm_msr_entry_add: @52 index=405 value=0
kvm_msr_entry_add: @53 index=406 value=0
kvm_msr_entry_add: @54 index=407 value=0
kvm_msr_entry_add: @55 index=408 value=
kvm_msr_entry_add: @56 index=409 value=0
kvm_msr_entry_add: @57 index=40a value=0
kvm_msr_entry_add: @58 index=40b value=0
kvm_msr_entry_add: @59 index=40c value=
kvm_msr_entry_add: @60 index=40d value=0
kvm_msr_entry_add: @61 index=40e value=0
kvm_msr_entry_add: @62 index=40f value=0
kvm_msr_entry_add: @63 index=410 value=
kvm_msr_entry_add: @64 index=411 value=0
kvm_msr_entry_add: @65 index=412 value=0
kvm_msr_entry_add: @66 index=413 value=0
kvm_msr_entry_add: @67 index=414 value=
kvm_msr_entry_add: @68 index=415 value=0
kvm_msr_entry_add: @69 index=416 value=0
kvm_msr_entry_add: @70 index=417 value=0
kvm_msr_entry_add: @71 index=418 value=
kvm_msr_entry_add: @72 index=419 value=0
kvm_msr_entry_add: @73 index=41a value=0
kvm_msr_entry_add: @74 index=41b value=0
kvm_msr_entry_add: @75 index=41c value=
kvm_msr_entry_add: @76 index=41d value=0
kvm_msr_entry_add: @77 index=41e value=0
kvm_msr_entry_add: @78 index=41f value=0
kvm_msr_entry_add: @79 index=420 value=
kvm_msr_entry_add: @80 index=421 value=0
kvm_msr_entry_add: @81 index=422 value=0
kvm_msr_entry_add: @82 index=423 value=0
kvm_msr_entry_add: @83 index=424 value=
kvm_msr_entry_add: @84 index=425 value=0
kvm_msr_entry_add: @85 index=426 value=0
kvm_msr_entry_add: @86 index=427 value=0
kvm_put_msrs: ret=87 expected=87
kvm_msr_entry_add: @0 index=6e0 value=0

[Qemu-devel] [PATCH] softfloat: Use correct type in float64_to_uint64_round_to_zero()

[Peter Maydell]

In float64_to_uint64_round_to_zero() a typo meant that we were
taking the uint64_t return value from float64_to_uint64() and
putting it into an int64_t variable before returning it as
uint64_t again. Use uint64_t instead of pointlessly casting it
back and forth to int64_t.

Signed-off-by: Peter Maydell 
---
Spotted while reading the code...

 fpu/softfloat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index c295f31..218b375 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -7386,7 +7386,7 @@ uint64_t float64_to_uint64_round_to_zero(float64 a, 
float_status *status)
 {
 signed char current_rounding_mode = status->float_rounding_mode;
 set_float_rounding_mode(float_round_to_zero, status);
-int64_t v = float64_to_uint64(a, status);
+uint64_t v = float64_to_uint64(a, status);
 set_float_rounding_mode(current_rounding_mode, status);
 return v;
 }
-- 
2.7.4

Re: [Qemu-devel] [PATCH v3 1/1] qemu-char: socket backend: disconnect on write error

[Paolo Bonzini]

On 02/02/2017 06:26, Denis V. Lunev wrote:
> From: Anton Nefedov 
> 
> Socket backend read handler should normally perform a disconnect, however
> the read handler may not get a chance to run if the frontend is not ready
> (qemu_chr_be_can_write() == 0).
> 
> This means that in virtio-serial frontend case if
>  - the host has disconnected (giving EPIPE on socket write)
>  - and the guest has disconnected (-> frontend not ready -> backend
>will not read)
>  - and there is still data (frontend->backend) to flush (has to be a really
>tricky timing but nevertheless, we have observed the case in production)
> 
> This results in virtio-serial trying to flush this data continiously forming
> a busy loop.
> 
> Solution: react on write error in the socket write handler.
> errno is not reliable after qio_channel_writev_full(), so we may not get
> the exact EPIPE, so disconnect on any error but QIO_CHANNEL_ERR_BLOCK which
> io_channel_send_full() converts to errno EAGAIN.
> We must not disconnect right away though, there still may be data to read
> (see 4bf1cb0).
> 
> Signed-off-by: Anton Nefedov 
> Signed-off-by: Denis V. Lunev 
> CC: Paolo Bonzini 
> CC: Daniel P. Berrange 
> CC: Marc-André Lureau 
> ---
> Changes from v2:
> - fixed prototype of tcp_chr_disconnect
> 
> Changes from v1:
> - we do not rely on EPIPE anynore. Socket should be closed on all errors
>   except EAGAIN
> 
>  chardev/char-socket.c | 10 ++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> index 4068dc5..865c527 100644
> --- a/chardev/char-socket.c
> +++ b/chardev/char-socket.c
> @@ -97,6 +97,9 @@ static gboolean tcp_chr_accept(QIOChannel *chan,
> GIOCondition cond,
> void *opaque);
>  
> +static int tcp_chr_read_poll(void *opaque);
> +static void tcp_chr_disconnect(Chardev *chr);
> +
>  /* Called with chr_write_lock held.  */
>  static int tcp_chr_write(Chardev *chr, const uint8_t *buf, int len)
>  {
> @@ -114,6 +117,13 @@ static int tcp_chr_write(Chardev *chr, const uint8_t 
> *buf, int len)
>  s->write_msgfds_num = 0;
>  }
>  
> +if (ret < 0 && errno != EAGAIN) {
> +if (tcp_chr_read_poll(chr) <= 0) {
> +tcp_chr_disconnect(chr);
> +return len;
> +} /* else let the read handler finish it properly */
> +}
> +
>  return ret;
>  } else {
>  /* XXX: indicate an error ? */
> 

Queued, thanks.

Paolo

Re: [Qemu-devel] [PATCH v3] qemu-nbd: Implement socket activation.

[Paolo Bonzini]

On 03/02/2017 10:56, Richard W.M. Jones wrote:
> On Fri, Feb 03, 2017 at 09:31:43AM -0800, Paolo Bonzini wrote:
>>
>>
>> On 03/02/2017 09:09, Richard W.M. Jones wrote:
>>> +   const char *port,
>>> +   bool fork_process)
>>> +{
>>> +if (device != NULL) {
>>> +return "NBD device can't be set when using socket activation";
>>> +}
>>> +
>>> +if (sockpath != NULL) {
>>> +return "Unix socket can't be set when using socket activation";
>>> +}
>>> +
>>> +if (address != NULL) {
>>> +return "The interface can't be set when using socket activation";
>>> +}
>>> +
>>> +if (port != NULL) {
>>> +return "TCP port number can't be set when using socket activation";
>>> +}
>>> +
>>> +if (fork_process) {
>>> +return "Fork (--fork) can't be used with socket activation";
>>> +}
>>
>> Why not?  You could have a Type=forking foo.service, which makes little
>> sense but would work.
> 
> The answer, I think, is because systemd will lose track of the PID of
> the qemu-nbd process.  This would be important because systemd can
> kill a socket-activated service which is idle.
> 
> Normally you would work around that by using PIDFile=... in the unit
> file, but it looks like qemu-nbd doesn't support pid files.

PIDFile is recommended indeed but GuessMainPID=yes (the default for no
PIDFile) should work, since qemu-nbd only has one parent process.

Paolo

Re: [Qemu-devel] [PATCH v3] qemu-nbd: Implement socket activation.

[Richard W.M. Jones]

On Fri, Feb 03, 2017 at 09:31:43AM -0800, Paolo Bonzini wrote:
> 
> 
> On 03/02/2017 09:09, Richard W.M. Jones wrote:
> > +   const char *port,
> > +   bool fork_process)
> > +{
> > +if (device != NULL) {
> > +return "NBD device can't be set when using socket activation";
> > +}
> > +
> > +if (sockpath != NULL) {
> > +return "Unix socket can't be set when using socket activation";
> > +}
> > +
> > +if (address != NULL) {
> > +return "The interface can't be set when using socket activation";
> > +}
> > +
> > +if (port != NULL) {
> > +return "TCP port number can't be set when using socket activation";
> > +}
> > +
> > +if (fork_process) {
> > +return "Fork (--fork) can't be used with socket activation";
> > +}
> 
> Why not?  You could have a Type=forking foo.service, which makes little
> sense but would work.

The answer, I think, is because systemd will lose track of the PID of
the qemu-nbd process.  This would be important because systemd can
kill a socket-activated service which is idle.

Normally you would work around that by using PIDFile=... in the unit
file, but it looks like qemu-nbd doesn't support pid files.

Rich.

> Apart from this, the patch seems fine.
> 
> > +return NULL;
> > +}
> 
> 

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

Re: [Qemu-devel] [PATCH v1 3/6] qemu-img: add support for -n arg to dd command

[Max Reitz]

On 02.02.2017 08:32, Markus Armbruster wrote:
> Max Reitz  writes:
> 
>> On 01.02.2017 13:28, Daniel P. Berrange wrote:
>>> On Wed, Feb 01, 2017 at 01:23:54PM +0100, Max Reitz wrote:
 On 01.02.2017 13:16, Daniel P. Berrange wrote:
> On Wed, Feb 01, 2017 at 01:13:39PM +0100, Max Reitz wrote:
>> On 30.01.2017 19:37, Eric Blake wrote:
>>> On 01/26/2017 07:27 AM, Daniel P. Berrange wrote:
 On Thu, Jan 26, 2017 at 08:35:30PM +0800, Fam Zheng wrote:
> On Thu, 01/26 11:04, Daniel P. Berrange wrote:
>> The -n arg to the convert command allows use of a pre-existing image,
>> rather than creating a new image. This adds a -n arg to the dd 
>> command
>> to get feature parity.
>
> I remember there was a discussion about changing qemu-img dd's 
> default to a
> "conv=nocreat" semantic, if so, "-n" might not be that useful. But 
> that part
> hasn't made it into the tree, and I'm not sure which direction we 
> should take.
> (Personally I think default to nocreat is a good idea).

 Use nocreat by default would be semantically different from real "dd"
 binary which feels undesirable if the goal is to make "qemu-img dd"
 be as consistent with "dd" as possible.

 It would be trivial to rewrite this patch to add support for the "conv"
 option, allowing the user to explicitly give 'qemu-img dd conv=nocreat'
 instead of my 'qemu-img dd -n' syntax, without changing default 
 semantics.
>>>
>>> Adding 'conv=nocreat' (and not '-n') feels like the right way to me.
>>
>> The original idea was to make conv=nocreat a mandatory option, I think.
>> qemu-img was supposed error out if the user did not specify it.
>
> I'm not really seeing a benefit in doing that - it would just break
> existing usage of qemu-img dd for no obvious benefit.

 Well... Is there existing usage?
>>>
>>> It shipped in 2.8.0 though, so imho that means we have to assume there
>>> are users, and thus additions must to be backwards compatible from now
>>> on.
>>
>> Depends. I don't think there are too many users, so we could still
>> justify a change if there's a very good reason for it.
>>
>> I do agree that it's probably not a very good reason, though.
>>
 The benefit would be that one could (should?) expect qemu-img dd to
 behave on disk images as if they were block devices; and dd to a block
 device will not truncate or "recreate" it.

 If you don't give nocreat, it's thus a bit unclear whether you want to
 delete and recreate the target or whether you want to write into it.
 Some may expect qemu-img dd to behave as if the target is a normal file
 (delete and recreate it), others may expect it's treated like a block
 device (just write into it). If you force the user to specify nocreat,
 it would make the behavior clear.

 (And you can always delete+recreate the target with qemu-img create.)

 It's all a bit complicated. :-/
>>>
>>> If the goal is to be compatible with /usr/bin/dd then IIUC, the behaviour
>>> needs to be
>>>
>>>  - If target is a block device, then silently assume nocreat|notrunc
>>>is set, even if not specified by user
>>>
>>>  - If target is a file, then silently create & truncate the file
>>>unless nocreat or notrunc are set
>>
>> Yes. But you could easily argue that every image file is a "block device".
> 
> No.  /bin/dd treats exactly block special files as block special files,
> so the qemu-img command that tries to behave like it should do, too.

*/usr*/bin/dd (O:-)) also treats qcow2 files like raw files.

> In case you say that's inconvenient: pretty much everything about dd's
> archaic user interface is inconvenient.  If you want convenient, roll
> your own.  If you want familiar, stick to the original.

I agree. But qemu-img dd already is not dd. It interprets disk image
files as virtual disks instead of as plain files. The question is
whether virtual disks are to be treated as block devices or as files.

I don't have a strong opinion on the matter. Either way will surprise
some people. The original issue was whether to make nocreat/notrunc a
mandatory option, so if we didn't have any backwards compatibility
issues, it would be the following two surprises:

(1) Don't make nocreat/notrunc mandatory (as it is now). Then people
who expect qemu-img dd to treat image files as block devices will
be surprised that all their data is gone. Bad.

(2) Make it mandatory. Then people who don't expect this (i.e.
everyone) will be surprised about the error message "nocreat is
mandatory, please use it." Then they will fix their command line
and can proceed. Much less bad.

Of course, "much less bad" is offset by the fact that everyone is
affected. I think it's still less bad, though.

But we do have backwards 

Re: [Qemu-devel] [PATCH 0/3] kvm/ioapic: some tiny tweaks

[Paolo Bonzini]

On 02/02/2017 23:18, Peter Xu wrote:
> This series fixes the issue pointed out by PMM in thread:
> 
>   https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06323.html
> 
> Along with other two patches to make the version more accurate. Thanks,
> 
> Peter Xu (3):
>   kvm/ioapic: dump real object instead of a fake one
>   ioapic: fix error report value of def version
>   kvm/ioapic: correct kvm ioapic version
> 
>  hw/i386/kvm/ioapic.c | 13 +
>  hw/intc/ioapic.c |  6 --
>  2 files changed, 13 insertions(+), 6 deletions(-)
> 

Queued, thanks.

Paolo

[Qemu-devel] [Bug 1661386] Re: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed

[Dr. David Alan Gilbert]

Hi,
  OK, lets see:

 kvm_put_msrs: ret=18 expected=105

so I think it's one of the MSRs around 18 that it's upset at:

kvm_msr_entry_add: @17 index=4b564d03 value=0

  41:#define MSR_KVM_STEAL_TIME  0x4b564d03

kvm_msr_entry_add: @18 index=38d value=0

 #define MSR_CORE_PERF_FIXED_CTR_CTRL0x38d

So my guess is it's the steal time thing.

1) You didn't say what kernel your host was running - please tell me
  I think that steal time thing went into the kernel ~3.0
2) try starting qemu   with -cpu host,-kvm_steal_time and/or -cpu 
host,-perfctr_core
3) If those don't work, in kvm_put_msrs try hacking out the lines:

  if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_STEAL_TIME)) {
kvm_msr_entry_add(cpu, MSR_KVM_STEAL_TIME, env->steal_time_msr);
}

and turning the :

if (has_msr_architectural_pmu) {

intoif (0) {

Dave

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1661386

Title:
  Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed

Status in QEMU:
  New

Bug description:
  Hello,

  
  I see the following when try to run qemu from master as the following:

  # ./x86_64-softmmu/qemu-system-x86_64 --version
  QEMU emulator version 2.8.50 (v2.8.0-1006-g4e9f524)
  Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers
  # ./x86_64-softmmu/qemu-system-x86_64 -machine accel=kvm -nodefaults
  -no-reboot -nographic -cpu host -vga none  -kernel .build.kernel.kvm
  -initrd .build.initrd.kvm -append 'panic=1 no-kvmclock console=ttyS0
  loglevel=7' -m 1024 -serial stdio
  qemu-system-x86_64: /home/matwey/lab/qemu/target/i386/kvm.c:1849:
  kvm_put_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.

  First broken commit has been bisected:

  commit 48e1a45c3166d659f781171a47dabf4a187ed7a5
  Author: Paolo Bonzini 
  Date:   Wed Mar 30 22:55:29 2016 +0200

  target-i386: assert that KVM_GET/SET_MSRS can set all requested MSRs
  
  This would have caught the bug in the previous patch.
  
  Signed-off-by: Paolo Bonzini 

  My cpuinfo is the following:

  processor   : 0
  vendor_id   : GenuineIntel
  cpu family  : 6
  model   : 44
  model name  : Intel(R) Xeon(R) CPU   X5675  @ 3.07GHz
  stepping: 2
  microcode   : 0x14
  cpu MHz : 3066.775
  cache size  : 12288 KB
  physical id : 0
  siblings: 2
  core id : 0
  cpu cores   : 2
  apicid  : 0
  initial apicid  : 0
  fpu : yes
  fpu_exception   : yes
  cpuid level : 11
  wp  : yes
  flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca 
cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm 
constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc 
aperfmperf pni pclmulqdq vmx ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor 
lahf_lm ida arat epb dtherm tpr_shadow vnmi ept vpid
  bugs:
  bogomips: 6133.55
  clflush size: 64
  cache_alignment : 64
  address sizes   : 40 bits physical, 48 bits virtual
  power management:

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1661386/+subscriptions

Re: [Qemu-devel] [PATCH] qga: ignore EBUSY when freezing a filesystem

[Paolo Bonzini]

On 03/02/2017 00:20, Peter Lieven wrote:
> Am 02.02.2017 um 22:41 schrieb Paolo Bonzini:
>>
>> On 31/01/2017 07:36, Peter Lieven wrote:
>>> the current implementation fails if we try to freeze an
>>> already frozen filesystem. This can happen if a filesystem
>>> is mounted more than once (e.g. with a bind mount).
>>>
>>> Suggested-by: Christian Theune 
>>> Cc: qemu-sta...@nongnu.org
>>> Signed-off-by: Peter Lieven 
>> What happens when you thaw?
>>
>> Paolo
> 
> If you try to THAW an unfrozen FS you get EINVAL.
> The current code thaws until an error is returned.
> 
> So it should work as is.
> 
> If you feel uncomfortable with the EBUSY approach. The other idea would
> be to track all devices which have been successfully frozen and skip 
> consecutive
> tries to freeze them.

No, just asking.

Reeviewed-by: Paolo Bonzini 

[Qemu-devel] [PATCH] ui/vnc: Drop unused vnc_has_job() and vnc_jobs_clear()

[Peter Maydell]

The functions vnc_has_job() and vnc_jobs_clear() are
never used; remove them.

Signed-off-by: Peter Maydell 
---

I last had a go at this five years ago:
http://patchwork.ozlabs.org/patch/192335/

Since then vnc_stop_worker_thread() got removed anyway in
commit 09526058d, but the vnc_jobs_clear() function that
it was the only caller of got left behind.

vnc_has_job() has never been used by anybody, and it's
impossible to use in a non-racy way, so drop it too.

 ui/vnc-jobs.h |  2 --
 ui/vnc-jobs.c | 23 ---
 2 files changed, 25 deletions(-)

diff --git a/ui/vnc-jobs.h b/ui/vnc-jobs.h
index 044bf9f..59f66bc 100644
--- a/ui/vnc-jobs.h
+++ b/ui/vnc-jobs.h
@@ -34,8 +34,6 @@
 VncJob *vnc_job_new(VncState *vs);
 int vnc_job_add_rect(VncJob *job, int x, int y, int w, int h);
 void vnc_job_push(VncJob *job);
-bool vnc_has_job(VncState *vs);
-void vnc_jobs_clear(VncState *vs);
 void vnc_jobs_join(VncState *vs);
 
 void vnc_jobs_consume_buffer(VncState *vs);
diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c
index 98ca978..f786777 100644
--- a/ui/vnc-jobs.c
+++ b/ui/vnc-jobs.c
@@ -128,29 +128,6 @@ static bool vnc_has_job_locked(VncState *vs)
 return false;
 }
 
-bool vnc_has_job(VncState *vs)
-{
-bool ret;
-
-vnc_lock_queue(queue);
-ret = vnc_has_job_locked(vs);
-vnc_unlock_queue(queue);
-return ret;
-}
-
-void vnc_jobs_clear(VncState *vs)
-{
-VncJob *job, *tmp;
-
-vnc_lock_queue(queue);
-QTAILQ_FOREACH_SAFE(job, >jobs, next, tmp) {
-if (job->vs == vs || !vs) {
-QTAILQ_REMOVE(>jobs, job, next);
-}
-}
-vnc_unlock_queue(queue);
-}
-
 void vnc_jobs_join(VncState *vs)
 {
 vnc_lock_queue(queue);
-- 
2.7.4

[Qemu-devel] QEMU + OVMF, bootable linux image

[Jason Dickens]

I am trying to create a raw Linux image that is bootable by QEMU using 
the OVMF firmware image.


Basically, I have used a standard Ubuntu ISO  and a empty raw image. 
Executing qemu-system-x86_64 with the ISO as CD and the other image as a 
hardrive I have been able to install Ubuntu on the image, no problem.


However, when trying to boot the created image I simply get the UEFI shell?

I've noticed the following:

1. The ISO image which boots with OVMF in UEFI just fine has the 
following format (from fdisk):


Disk ubuntu-14.04.3-desktop-amd64.iso: 1006 MiB, 1054867456 bytes, 
2060288 sectors

Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x6a6216fc

Device   Boot   Start End Sectors Size Id Type
ubuntu-14.04.3-desktop-amd64.iso1  *0 2060287 2060288 1006M  0 
Empty
ubuntu-14.04.3-desktop-amd64.iso2 2038760 2043303 4544 2.2M ef EFI 
(FAT-12/16/32)


2. The image created by the linux install has the following(from fdisk):

Disk ovmf_test_image: 10 GiB, 10737418240 bytes, 20971520 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 36240C48-C008-4619-BE31-26D271000490

Device  Start  End  Sectors  Size Type
ovmf_test_image1 2048  1050623  1048576  512M EFI System
ovmf_test_image2  1050624 12584959 11534336  5.5G Linux filesystem
ovmf_test_image3 12584960 20969471  83845124G Linux swap


Can someone help me understand the format requirements to boot using 
OVMF in UEFI mode? Clearly these two images are dramatically different. 
However, I would expect #2 to be the more modern method and more likely 
to work? As for QEMU command I use literally the same command switching 
only between the file names to get the different results it looks 
something like this:


qemu-system-x86_64 -drive file=ovmf_test_image,format=raw -m 4G 
--bios.bin -net none


Thanks,

Jason

Re: [Qemu-devel] [PATCH] hw/vfio/pci-quirks: Set category of the "vfio-pci-igd-lpc-bridge" device

[Alex Williamson]

On Tue, 24 Jan 2017 09:02:38 +0100
Thomas Huth  wrote:

> The device has "bridge" in its name, so it should obviously be in
> the category DEVICE_CATEGORY_BRIDGE.

Well, physical device is a bridge, but this is really just a stub.
Does that count?  It doesn't create a subordinate bus that can actually
host devices.  Thanks,

Alex

> Signed-off-by: Thomas Huth 
> ---
>  hw/vfio/pci-quirks.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/vfio/pci-quirks.c b/hw/vfio/pci-quirks.c
> index 811eecd..4891b37 100644
> --- a/hw/vfio/pci-quirks.c
> +++ b/hw/vfio/pci-quirks.c
> @@ -1185,6 +1185,7 @@ static void 
> vfio_pci_igd_lpc_bridge_class_init(ObjectClass *klass, void *data)
>  DeviceClass *dc = DEVICE_CLASS(klass);
>  PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
>  
> +set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
>  dc->desc = "VFIO dummy ISA/LPC bridge for IGD assignment";
>  dc->hotpluggable = false;
>  k->realize = vfio_pci_igd_lpc_bridge_realize;

Re: [Qemu-devel] [PATCH v16 1/2] virtio-crypto: Add virtio crypto device specification

[Halil Pasic]

On 02/03/2017 04:37 PM, Michael S. Tsirkin wrote:
> On Fri, Feb 03, 2017 at 10:33:16AM +, Stefan Hajnoczi wrote:
>>> +\begin{description}
>>> +\item[0] dataq1
>>> +\item[\ldots]
>>> +\item[N-1] dataqN
>>> +\item[N] controlq
>>> +\end{description}
>>> +
>>> +N is set by \field{max_dataqueues}.
>>> +
>>> +\subsection{Feature bits}\label{sec:Device Types / Crypto Device / Feature 
>>> bits}
>>> +
>>> +VIRTIO_CRYPTO_F_NON_SESSION_MODE (0) non-session mode is available.
>>> +VIRTIO_CRYPTO_F_CIPHER_NON_SESSION_MODE (1) non-session mode is available 
>>> for CIPHER service.
>>> +VIRTIO_CRYPTO_F_HASH_NON_SESSION_MODE (2) non-session mode is available 
>>> for HASH service.
>>> +VIRTIO_CRYPTO_F_MAC_NON_SESSION_MODE (3) non-session mode is available for 
>>> MAC service.
>>> +VIRTIO_CRYPTO_F_AEAD_NON_SESSION_MODE (4) non-session mode is available 
>>> for AEAD service.
>>
>> Bits 1-4 require bit 0.  Is bit 0 necessary at all?  Or may bits 1-4 can
>> be eliminated in favor of just bit 0.
> 
> Too late to change it as QEMU released a device with that feature.
> 

When was this introduced to QEMU? Can't find it in current master
and I do not remember seeing the patches.

Regards,
Halil

[Qemu-devel] [PATCH] CODING_STYLE: Mention preferred comment form

[Peter Maydell]

Our defacto coding style strongly prefers /* */ style comments
over the single-line // style, and checkpatch enforces this,
but we don't actually document this. Mention it in CODING_STYLE.

Suggested-by: Thomas Huth 
Signed-off-by: Peter Maydell 
---
 CODING_STYLE | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/CODING_STYLE b/CODING_STYLE
index f53180b..2fa0c0b 100644
--- a/CODING_STYLE
+++ b/CODING_STYLE
@@ -116,3 +116,10 @@ if (a == 1) {
 Rationale: Yoda conditions (as in 'if (1 == a)') are awkward to read.
 Besides, good compilers already warn users when '==' is mis-typed as '=',
 even when the constant is on the right.
+
+7. Comment style
+
+We use traditional C-style /* */ comments and avoid // comments.
+
+Rationale: The // form is valid in C99, so this is purely a matter of
+consistency of style. The checkpatch script will warn you about this.
-- 
2.7.4

[Qemu-devel] [PATCH] migration: consolidate VMStateField.start

[Halil Pasic]

The member VMStateField.start is used for two things, partial data
migration for VBUFFER data (basically provide migration for a
sub-buffer) and for locating next in QTAILQ.

The implementation of the VBUFFER feature is broken when VMSTATE_ALLOC
is used. This however goes unnoticed because actually partial migration
for VBUFFER is not used at all.

Let's consolidate the usage of VMStateField.start by removing support
for partial migration for VBUFFER.

Signed-off-by: Halil Pasic 

---

I had a very similar patch named "migration: drop unused
VMStateField.start" on the list. What changed since then is that we need
to keep VMStateField.start now becasue of the new usage introduced in
the meanwhile. I dropped al r-b's the patch had.
---
 hw/char/exynos4210_uart.c   |  2 +-
 hw/display/g364fb.c |  2 +-
 hw/dma/pl330.c  |  8 
 hw/intc/exynos4210_gic.c|  2 +-
 hw/ipmi/isa_ipmi_bt.c   |  6 ++
 hw/net/vmxnet3.c|  2 +-
 hw/nvram/mac_nvram.c|  2 +-
 hw/nvram/spapr_nvram.c  |  2 +-
 hw/sd/sdhci.c   |  2 +-
 hw/timer/m48t59.c   |  2 +-
 include/migration/vmstate.h | 21 -
 migration/savevm.c  |  2 +-
 migration/vmstate.c |  4 ++--
 target/s390x/machine.c  |  2 +-
 util/fifo8.c|  2 +-
 15 files changed, 27 insertions(+), 34 deletions(-)

diff --git a/hw/char/exynos4210_uart.c b/hw/char/exynos4210_uart.c
index 7c16e89..b75f28d 100644
--- a/hw/char/exynos4210_uart.c
+++ b/hw/char/exynos4210_uart.c
@@ -561,7 +561,7 @@ static const VMStateDescription 
vmstate_exynos4210_uart_fifo = {
 .fields = (VMStateField[]) {
 VMSTATE_UINT32(sp, Exynos4210UartFIFO),
 VMSTATE_UINT32(rp, Exynos4210UartFIFO),
-VMSTATE_VBUFFER_UINT32(data, Exynos4210UartFIFO, 1, NULL, 0, size),
+VMSTATE_VBUFFER_UINT32(data, Exynos4210UartFIFO, 1, NULL, size),
 VMSTATE_END_OF_LIST()
 }
 };
diff --git a/hw/display/g364fb.c b/hw/display/g364fb.c
index 70ef2c7..8cdc205 100644
--- a/hw/display/g364fb.c
+++ b/hw/display/g364fb.c
@@ -464,7 +464,7 @@ static const VMStateDescription vmstate_g364fb = {
 .minimum_version_id = 1,
 .post_load = g364fb_post_load,
 .fields = (VMStateField[]) {
-VMSTATE_VBUFFER_UINT32(vram, G364State, 1, NULL, 0, vram_size),
+VMSTATE_VBUFFER_UINT32(vram, G364State, 1, NULL, vram_size),
 VMSTATE_BUFFER_UNSAFE(color_palette, G364State, 0, 256 * 3),
 VMSTATE_BUFFER_UNSAFE(cursor_palette, G364State, 0, 9),
 VMSTATE_UINT16_ARRAY(cursor, G364State, 512),
diff --git a/hw/dma/pl330.c b/hw/dma/pl330.c
index c0bd9fe..32cf839 100644
--- a/hw/dma/pl330.c
+++ b/hw/dma/pl330.c
@@ -173,8 +173,8 @@ static const VMStateDescription vmstate_pl330_fifo = {
 .version_id = 1,
 .minimum_version_id = 1,
 .fields = (VMStateField[]) {
-VMSTATE_VBUFFER_UINT32(buf, PL330Fifo, 1, NULL, 0, buf_size),
-VMSTATE_VBUFFER_UINT32(tag, PL330Fifo, 1, NULL, 0, buf_size),
+VMSTATE_VBUFFER_UINT32(buf, PL330Fifo, 1, NULL, buf_size),
+VMSTATE_VBUFFER_UINT32(tag, PL330Fifo, 1, NULL, buf_size),
 VMSTATE_UINT32(head, PL330Fifo),
 VMSTATE_UINT32(num, PL330Fifo),
 VMSTATE_UINT32(buf_size, PL330Fifo),
@@ -282,8 +282,8 @@ static const VMStateDescription vmstate_pl330 = {
 VMSTATE_STRUCT(manager, PL330State, 0, vmstate_pl330_chan, PL330Chan),
 VMSTATE_STRUCT_VARRAY_UINT32(chan, PL330State, num_chnls, 0,
  vmstate_pl330_chan, PL330Chan),
-VMSTATE_VBUFFER_UINT32(lo_seqn, PL330State, 1, NULL, 0, num_chnls),
-VMSTATE_VBUFFER_UINT32(hi_seqn, PL330State, 1, NULL, 0, num_chnls),
+VMSTATE_VBUFFER_UINT32(lo_seqn, PL330State, 1, NULL, num_chnls),
+VMSTATE_VBUFFER_UINT32(hi_seqn, PL330State, 1, NULL, num_chnls),
 VMSTATE_STRUCT(fifo, PL330State, 0, vmstate_pl330_fifo, PL330Fifo),
 VMSTATE_STRUCT(read_queue, PL330State, 0, vmstate_pl330_queue,
PL330Queue),
diff --git a/hw/intc/exynos4210_gic.c b/hw/intc/exynos4210_gic.c
index fd7a8f3..2a55817 100644
--- a/hw/intc/exynos4210_gic.c
+++ b/hw/intc/exynos4210_gic.c
@@ -393,7 +393,7 @@ static const VMStateDescription vmstate_exynos4210_irq_gate 
= {
 .version_id = 2,
 .minimum_version_id = 2,
 .fields = (VMStateField[]) {
-VMSTATE_VBUFFER_UINT32(level, Exynos4210IRQGateState, 1, NULL, 0, 
n_in),
+VMSTATE_VBUFFER_UINT32(level, Exynos4210IRQGateState, 1, NULL, n_in),
 VMSTATE_END_OF_LIST()
 }
 };
diff --git a/hw/ipmi/isa_ipmi_bt.c b/hw/ipmi/isa_ipmi_bt.c
index f036617..1c69cb3 100644
--- a/hw/ipmi/isa_ipmi_bt.c
+++ b/hw/ipmi/isa_ipmi_bt.c
@@ -471,10 +471,8 @@ static const VMStateDescription vmstate_ISAIPMIBTDevice = {
 VMSTATE_BOOL(bt.use_irq, ISAIPMIBTDevice),
 VMSTATE_BOOL(bt.irqs_enabled, ISAIPMIBTDevice),
 VMSTATE_UINT32(bt.outpos, 

[Qemu-devel] [PATCH v2 2/2] target/arm: A32, T32: Create Instruction Syndromes for Data Aborts

[Peter Maydell]

Add support for generating the ISS (Instruction Specific Syndrome)
for Data Abort exceptions taken from AArch32. These syndromes are
used by hypervisors for example to trap and emulate memory accesses.

This is the equivalent for AArch32 guests of the work done for AArch64
guests in commit aaa1f954d4cab243.

Signed-off-by: Peter Maydell 
---
 target/arm/translate.c | 198 +
 1 file changed, 149 insertions(+), 49 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 175b4c1..fc0ddcd 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -102,6 +102,63 @@ void arm_translate_init(void)
 a64_translate_init();
 }
 
+static void disas_set_insn_syndrome(DisasContext *s, uint32_t syn)
+{
+/* We don't need to save all of the syndrome so we mask and shift
+ * out uneeded bits to help the sleb128 encoder do a better job.
+ */
+syn &= ARM_INSN_START_WORD2_MASK;
+syn >>= ARM_INSN_START_WORD2_SHIFT;
+
+/* We check and clear insn_start_idx to catch multiple updates.  */
+assert(s->insn_start_idx != 0);
+tcg_set_insn_param(s->insn_start_idx, 2, syn);
+s->insn_start_idx = 0;
+}
+
+/* Flags for the disas_set_da_iss info argument:
+ * lower bits hold the Rt register number, higher bits are flags.
+ */
+typedef enum ISSInfo {
+ISSNone = 0,
+ISSRegMask = 0x1f,
+ISSInvalid = (1 << 5),
+ISSIsAcqRel = (1 << 6),
+ISSIsWrite = (1 << 7),
+ISSIs16Bit = (1 << 8),
+} ISSInfo;
+
+/* Save the syndrome information for a Data Abort */
+static void disas_set_da_iss(DisasContext *s, TCGMemOp memop, ISSInfo issinfo)
+{
+uint32_t syn;
+int sas = memop & MO_SIZE;
+bool sse = memop & MO_SIGN;
+bool is_acqrel = issinfo & ISSIsAcqRel;
+bool is_write = issinfo & ISSIsWrite;
+bool is_16bit = issinfo & ISSIs16Bit;
+int srt = issinfo & ISSRegMask;
+
+if (issinfo & ISSInvalid) {
+/* Some callsites want to conditionally provide ISS info,
+ * eg "only if this was not a writeback"
+ */
+return;
+}
+
+if (srt == 15) {
+/* For AArch32, insns where the src/dest is R15 never generate
+ * ISS information. Catching that here saves checking at all
+ * the call sites.
+ */
+return;
+}
+
+syn = syn_data_abort_with_iss(0, sas, sse, srt, 0, is_acqrel,
+  0, 0, 0, is_write, 0, is_16bit);
+disas_set_insn_syndrome(s, syn);
+}
+
 static inline ARMMMUIdx get_a32_user_mem_index(DisasContext *s)
 {
 /* Return the mmu_idx to use for A32/T32 "unprivileged load/store"
@@ -933,6 +990,14 @@ static inline void gen_aa32_ld##SUFF(DisasContext *s, 
TCGv_i32 val,  \
  TCGv_i32 a32, int index)\
 {\
 gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data);   \
+}\
+static inline void gen_aa32_ld##SUFF##_iss(DisasContext *s,  \
+   TCGv_i32 val, \
+   TCGv_i32 a32, int index,  \
+   ISSInfo issinfo)  \
+{\
+gen_aa32_ld_i32(s, val, a32, index, OPC | s->be_data);   \
+disas_set_da_iss(s, OPC, issinfo);   \
 }
 
 #define DO_GEN_ST(SUFF, OPC) \
@@ -940,6 +1005,14 @@ static inline void gen_aa32_st##SUFF(DisasContext *s, 
TCGv_i32 val,  \
  TCGv_i32 a32, int index)\
 {\
 gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data);   \
+}\
+static inline void gen_aa32_st##SUFF##_iss(DisasContext *s,  \
+   TCGv_i32 val, \
+   TCGv_i32 a32, int index,  \
+   ISSInfo issinfo)  \
+{\
+gen_aa32_st_i32(s, val, a32, index, OPC | s->be_data);   \
+disas_set_da_iss(s, OPC, issinfo | ISSIsWrite);  \
 }
 
 static inline void gen_aa32_frob64(DisasContext *s, TCGv_i64 val)
@@ -8682,16 +8755,19 @@ static void disas_arm_insn(DisasContext *s, unsigned 
int insn)
 tmp = tcg_temp_new_i32();
 switch (op1) {
 case 0: /* lda */
-gen_aa32_ld32u(s, 

[Qemu-devel] [PATCH v2 0/2] target/arm: Support EL1 AArch32 guest under AArch64 EL2

[Peter Maydell]

Add support for generating the ISS (Instruction Specific Syndrome)
for Data Abort exceptions taken from AArch32. These syndromes are
used by hypervisors for example to trap and emulate memory accesses.

This is a respin of patch 1/3 from the previous series.
Changes v1->v2:
 * other 2 patches are now in QEMU master
 * split out the "use pbit/wbit variables" change into its own patch
 * dropped a few stray blank line changes

Otherwise unchanged.

thanks
-- PMM


Peter Maydell (2):
  target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode
  target/arm: A32, T32: Create Instruction Syndromes for Data Aborts

 target/arm/translate.c | 207 -
 1 file changed, 155 insertions(+), 52 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH v2 1/2] target/arm: Abstract out pbit/wbit tests in ARM ldr/str decode

[Peter Maydell]

In the ARM ldr/str decode path, rather than directly testing
"insn & (1 << 21)" and "insn & (1 << 24)", abstract these
bits out into wbit and pbit local flags. (We will want to
do more tests against them to determine whether we need to
provide syndrome information.)

Signed-off-by: Peter Maydell 
---
 target/arm/translate.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 493c627..175b4c1 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -8782,6 +8782,8 @@ static void disas_arm_insn(DisasContext *s, unsigned int 
insn)
 } else {
 int address_offset;
 bool load = insn & (1 << 20);
+bool wbit = insn & (1 << 21);
+bool pbit = insn & (1 << 24);
 bool doubleword = false;
 /* Misc load/store */
 rn = (insn >> 16) & 0xf;
@@ -8799,8 +8801,9 @@ static void disas_arm_insn(DisasContext *s, unsigned int 
insn)
 }
 
 addr = load_reg(s, rn);
-if (insn & (1 << 24))
+if (pbit) {
 gen_add_datah_offset(s, insn, 0, addr);
+}
 address_offset = 0;
 
 if (doubleword) {
@@ -8849,10 +8852,10 @@ static void disas_arm_insn(DisasContext *s, unsigned 
int insn)
ensure correct behavior with overlapping index registers.
ldrd with base writeback is undefined if the
destination and index registers overlap.  */
-if (!(insn & (1 << 24))) {
+if (!pbit) {
 gen_add_datah_offset(s, insn, address_offset, addr);
 store_reg(s, rn, addr);
-} else if (insn & (1 << 21)) {
+} else if (wbit) {
 if (address_offset)
 tcg_gen_addi_i32(addr, addr, address_offset);
 store_reg(s, rn, addr);
-- 
2.7.4

Re: [Qemu-devel] Non-flat command line option argument syntax

[Richard W.M. Jones]

On Thu, Feb 02, 2017 at 08:42:33PM +0100, Markus Armbruster wrote:
> There's also the -drive file=json:... syntax.  It's a bad fit for
> QemuOpts, because QemuOpts and JSON fight for the comma.  I'd show you
> if I could get it to work.

I think this refers to the json: syntax for qemu URIs?

Anyway we're using this in virt-v2v
(https://github.com/libguestfs/libguestfs/blob/master/v2v/input_libvirt_xen_ssh.ml)

It's very useful, please try not to break it!

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

Re: [Qemu-devel] [PATCH v6 10/18] memory: add section range info for IOMMU notifier

[Alex Williamson]

On Fri,  3 Feb 2017 16:22:36 +0800
Peter Xu  wrote:

> In this patch, IOMMUNotifier.{start|end} are introduced to store section
> information for a specific notifier. When notification occurs, we not
> only check the notification type (MAP|UNMAP), but also check whether the
> notified iova range overlaps with the range of specific IOMMU notifier,
> and skip those notifiers if not in the listened range.
> 
> When removing an region, we need to make sure we removed the correct
> VFIOGuestIOMMU by checking the IOMMUNotifier.start address as well.
> 
> Suggested-by: David Gibson 
> Signed-off-by: Peter Xu 
> ---
>  hw/vfio/common.c  | 12 +---
>  hw/virtio/vhost.c |  4 ++--
>  include/exec/memory.h | 19 ++-
>  memory.c  |  9 +
>  4 files changed, 38 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index f3ba9b9..6b33b9f 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -478,8 +478,13 @@ static void vfio_listener_region_add(MemoryListener 
> *listener,
>  giommu->iommu_offset = section->offset_within_address_space -
> section->offset_within_region;
>  giommu->container = container;
> -giommu->n.notify = vfio_iommu_map_notify;
> -giommu->n.notifier_flags = IOMMU_NOTIFIER_ALL;
> +llend = int128_add(int128_make64(section->offset_within_region),
> +   section->size);
> +llend = int128_sub(llend, int128_one());
> +iommu_notifier_init(>n, vfio_iommu_map_notify,
> +IOMMU_NOTIFIER_ALL,
> +section->offset_within_region,
> +int128_get64(llend));
>  QLIST_INSERT_HEAD(>giommu_list, giommu, giommu_next);
>  
>  memory_region_register_iommu_notifier(giommu->iommu, >n);
> @@ -550,7 +555,8 @@ static void vfio_listener_region_del(MemoryListener 
> *listener,
>  VFIOGuestIOMMU *giommu;
>  
>  QLIST_FOREACH(giommu, >giommu_list, giommu_next) {
> -if (giommu->iommu == section->mr) {
> +if (giommu->iommu == section->mr &&
> +giommu->n.start == section->offset_within_region) {
>  memory_region_unregister_iommu_notifier(giommu->iommu,
>  >n);
>  QLIST_REMOVE(giommu, giommu_next);


Acked-by: Alex Williamson 

Re: [Qemu-devel] [PATCH v3] qemu-nbd: Implement socket activation.

[Paolo Bonzini]

On 03/02/2017 09:09, Richard W.M. Jones wrote:
> +   const char *port,
> +   bool fork_process)
> +{
> +if (device != NULL) {
> +return "NBD device can't be set when using socket activation";
> +}
> +
> +if (sockpath != NULL) {
> +return "Unix socket can't be set when using socket activation";
> +}
> +
> +if (address != NULL) {
> +return "The interface can't be set when using socket activation";
> +}
> +
> +if (port != NULL) {
> +return "TCP port number can't be set when using socket activation";
> +}
> +
> +if (fork_process) {
> +return "Fork (--fork) can't be used with socket activation";
> +}

Why not?  You could have a Type=forking foo.service, which makes little
sense but would work.

Apart from this, the patch seems fine.

> +return NULL;
> +}

Re: [Qemu-devel] [PATCH v6 02/18] vfio: introduce vfio_get_vaddr()

[Alex Williamson]

On Fri,  3 Feb 2017 16:22:28 +0800
Peter Xu  wrote:

> A cleanup for vfio_iommu_map_notify(). Now we will fetch vaddr even if
> the operation is unmap, but it won't hurt much.
> 
> One thing to mention is that we need the RCU read lock to protect the
> whole translation and map/unmap procedure.
> 
> Signed-off-by: Peter Xu 
> ---
>  hw/vfio/common.c | 65 
> +++-
>  1 file changed, 45 insertions(+), 20 deletions(-)


Acked-by: Alex Williamson 


> 
> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index 174f351..42c4790 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -294,54 +294,79 @@ static bool 
> vfio_listener_skipped_section(MemoryRegionSection *section)
> section->offset_within_address_space & (1ULL << 63);
>  }
>  
> -static void vfio_iommu_map_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
> +/* Called with rcu_read_lock held.  */
> +static bool vfio_get_vaddr(IOMMUTLBEntry *iotlb, void **vaddr,
> +   bool *read_only)
>  {
> -VFIOGuestIOMMU *giommu = container_of(n, VFIOGuestIOMMU, n);
> -VFIOContainer *container = giommu->container;
> -hwaddr iova = iotlb->iova + giommu->iommu_offset;
>  MemoryRegion *mr;
>  hwaddr xlat;
>  hwaddr len = iotlb->addr_mask + 1;
> -void *vaddr;
> -int ret;
> -
> -trace_vfio_iommu_map_notify(iotlb->perm == IOMMU_NONE ? "UNMAP" : "MAP",
> -iova, iova + iotlb->addr_mask);
> -
> -if (iotlb->target_as != _space_memory) {
> -error_report("Wrong target AS \"%s\", only system memory is allowed",
> - iotlb->target_as->name ? iotlb->target_as->name : 
> "none");
> -return;
> -}
> +bool writable = iotlb->perm & IOMMU_WO;
>  
>  /*
>   * The IOMMU TLB entry we have just covers translation through
>   * this IOMMU to its immediate target.  We need to translate
>   * it the rest of the way through to memory.
>   */
> -rcu_read_lock();
>  mr = address_space_translate(_space_memory,
>   iotlb->translated_addr,
> - , , iotlb->perm & IOMMU_WO);
> + , , writable);
>  if (!memory_region_is_ram(mr)) {
>  error_report("iommu map to non memory area %"HWADDR_PRIx"",
>   xlat);
> -goto out;
> +return false;
>  }
> +
>  /*
>   * Translation truncates length to the IOMMU page size,
>   * check that it did not truncate too much.
>   */
>  if (len & iotlb->addr_mask) {
>  error_report("iommu has granularity incompatible with target AS");
> +return false;
> +}
> +
> +*vaddr = memory_region_get_ram_ptr(mr) + xlat;
> +*read_only = !writable || mr->readonly;
> +
> +return true;
> +}
> +
> +static void vfio_iommu_map_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
> +{
> +VFIOGuestIOMMU *giommu = container_of(n, VFIOGuestIOMMU, n);
> +VFIOContainer *container = giommu->container;
> +hwaddr iova = iotlb->iova + giommu->iommu_offset;
> +bool read_only;
> +void *vaddr;
> +int ret;
> +
> +trace_vfio_iommu_map_notify(iotlb->perm == IOMMU_NONE ? "UNMAP" : "MAP",
> +iova, iova + iotlb->addr_mask);
> +
> +if (iotlb->target_as != _space_memory) {
> +error_report("Wrong target AS \"%s\", only system memory is allowed",
> + iotlb->target_as->name ? iotlb->target_as->name : 
> "none");
> +return;
> +}
> +
> +rcu_read_lock();
> +
> +if (!vfio_get_vaddr(iotlb, , _only)) {
>  goto out;
>  }
>  
>  if ((iotlb->perm & IOMMU_RW) != IOMMU_NONE) {
> -vaddr = memory_region_get_ram_ptr(mr) + xlat;
> +/*
> + * vaddr is only valid until rcu_read_unlock(). But after
> + * vfio_dma_map has set up the mapping the pages will be
> + * pinned by the kernel. This makes sure that the RAM backend
> + * of vaddr will always be there, even if the memory object is
> + * destroyed and its backing memory munmap-ed.
> + */
>  ret = vfio_dma_map(container, iova,
> iotlb->addr_mask + 1, vaddr,
> -   !(iotlb->perm & IOMMU_WO) || mr->readonly);
> +   read_only);
>  if (ret) {
>  error_report("vfio_dma_map(%p, 0x%"HWADDR_PRIx", "
>   "0x%"HWADDR_PRIx", %p) = %d (%m)",

Re: [Qemu-devel] [RFC 4/5] exec: allow to get a pointer for some mmio memory region

[Paolo Bonzini]

On 03/02/2017 09:06, fred.kon...@greensocs.com wrote:
> +host = mr->ops->request_ptr(mr->opaque, addr - mr->addr, , );
> +
> +if (!host || !size) {
> +memory_region_transaction_commit();
> +return false;
> +}
> +
> +sub = g_new(MemoryRegion, 1);
> +memory_region_init_ram_ptr(sub, OBJECT(mr), "mmio-map", size, host);
> +memory_region_add_subregion(mr, offset, sub);
> +memory_region_transaction_commit();
> +return true;
> +}
> +
> +void memory_region_invalidate_mmio_ptr(MemoryRegion *mr, hwaddr offset,
> +   unsigned size)
> +{
> +MemoryRegionSection section = memory_region_find(mr, offset, size);
> +
> +if (section.mr != mr) {
> +memory_region_del_subregion(mr, section.mr);
> +/* memory_region_find add a ref on section.mr */
> +memory_region_unref(section.mr);
> +object_unparent(OBJECT(section.mr));

I think this would cause a use-after-free when using MTTCG.  In general,
creating and dropping MemoryRegions dynamically can cause bugs that are
nondeterministic and hard to fix without rewriting everything.

An alternative design could be:

- memory_region_request_mmio_ptr returns a MemoryRegionCache instead of
a pointer, so that the device can map a subset of the device (e.g. a
single page)

- memory_region_request_mmio_ptr and MemoryRegionOps.request_ptr accept
a Notifier

- the device adds the Notifier to a NotifierList.  Before invalidating,
it invokes the Notifier and empties the NotifierList.

- for the TLB case, the Notifier calls tlb_flush_page.

I like the general idea though!

Paolo

> +}
> +}

Re: [Qemu-devel] [PATCH v2] migrate: Introduce zero RAM checks to skip RAM migration

[Ashijeet Acharya]

On Fri, Feb 3, 2017 at 10:44 PM, Paolo Bonzini  wrote:
>
>
> On 03/02/2017 02:36, Ashijeet Acharya wrote:
>> Migration of a "none" machine with no RAM crashes abruptly as
>> bitmap_new() fails and thus aborts. Instead place zero RAM checks at
>> appropriate places to skip migration of RAM in this case and complete
>> migration successfully for devices only.
>>
>> Signed-off-by: Ashijeet Acharya 
>> ---
>> Changes in v2:
>> - try to migrate successfully by skipping RAM (Paolo, Greg)
>> - drop the idea of erroring out and failing nicely
>>  migration/ram.c | 22 +++---
>>  1 file changed, 15 insertions(+), 7 deletions(-)
>>
>> diff --git a/migration/ram.c b/migration/ram.c
>> index ef8fadf..2f19566 100644
>> --- a/migration/ram.c
>> +++ b/migration/ram.c
>> @@ -1325,6 +1325,11 @@ static int ram_find_and_save_block(QEMUFile *f, bool 
>> last_stage,
>>  ram_addr_t dirty_ram_abs; /* Address of the start of the dirty page in
>>   ram_addr_t space */
>>
>> +/* No dirty page as there is zero RAM */
>> +if (!ram_bytes_total()) {
>> +return pages;
>> +}
>> +
>>  pss.block = last_seen_block;
>>  pss.offset = last_offset;
>>  pss.complete_round = false;
>> @@ -1912,14 +1917,17 @@ static int ram_save_init_globals(void)
>>  bytes_transferred = 0;
>>  reset_ram_globals();
>>
>> -ram_bitmap_pages = last_ram_offset() >> TARGET_PAGE_BITS;
>> -migration_bitmap_rcu = g_new0(struct BitmapRcu, 1);
>> -migration_bitmap_rcu->bmap = bitmap_new(ram_bitmap_pages);
>> -bitmap_set(migration_bitmap_rcu->bmap, 0, ram_bitmap_pages);
>> +/* Skip setting bitmap if there is no RAM */
>> +if (ram_bytes_total()) {
>> +ram_bitmap_pages = last_ram_offset() >> TARGET_PAGE_BITS;
>> +migration_bitmap_rcu = g_new0(struct BitmapRcu, 1);
>> +migration_bitmap_rcu->bmap = bitmap_new(ram_bitmap_pages);
>> +bitmap_set(migration_bitmap_rcu->bmap, 0, ram_bitmap_pages);
>>
>> -if (migrate_postcopy_ram()) {
>> -migration_bitmap_rcu->unsentmap = bitmap_new(ram_bitmap_pages);
>> -bitmap_set(migration_bitmap_rcu->unsentmap, 0, ram_bitmap_pages);
>> +if (migrate_postcopy_ram()) {
>> +migration_bitmap_rcu->unsentmap = bitmap_new(ram_bitmap_pages);
>> +bitmap_set(migration_bitmap_rcu->unsentmap, 0, 
>> ram_bitmap_pages);
>> +}
>>  }
>>
>>  /*
>>
>
> I didn't test it, but it looks good.

I did test it and it looks to be fine. Migration status shows
'complete' and transfers zero RAM as expected (I checked this with
'info migrate' on HMP) and Dave assured me that 'complete' means that
it completed successfully.

Ashijeet
>
> Paolo

Re: [Qemu-devel] [PATCH v2] migrate: Introduce zero RAM checks to skip RAM migration

[Paolo Bonzini]

On 03/02/2017 02:36, Ashijeet Acharya wrote:
> Migration of a "none" machine with no RAM crashes abruptly as
> bitmap_new() fails and thus aborts. Instead place zero RAM checks at
> appropriate places to skip migration of RAM in this case and complete
> migration successfully for devices only.
> 
> Signed-off-by: Ashijeet Acharya 
> ---
> Changes in v2:
> - try to migrate successfully by skipping RAM (Paolo, Greg)
> - drop the idea of erroring out and failing nicely
>  migration/ram.c | 22 +++---
>  1 file changed, 15 insertions(+), 7 deletions(-)
> 
> diff --git a/migration/ram.c b/migration/ram.c
> index ef8fadf..2f19566 100644
> --- a/migration/ram.c
> +++ b/migration/ram.c
> @@ -1325,6 +1325,11 @@ static int ram_find_and_save_block(QEMUFile *f, bool 
> last_stage,
>  ram_addr_t dirty_ram_abs; /* Address of the start of the dirty page in
>   ram_addr_t space */
>  
> +/* No dirty page as there is zero RAM */
> +if (!ram_bytes_total()) {
> +return pages;
> +}
> +
>  pss.block = last_seen_block;
>  pss.offset = last_offset;
>  pss.complete_round = false;
> @@ -1912,14 +1917,17 @@ static int ram_save_init_globals(void)
>  bytes_transferred = 0;
>  reset_ram_globals();
>  
> -ram_bitmap_pages = last_ram_offset() >> TARGET_PAGE_BITS;
> -migration_bitmap_rcu = g_new0(struct BitmapRcu, 1);
> -migration_bitmap_rcu->bmap = bitmap_new(ram_bitmap_pages);
> -bitmap_set(migration_bitmap_rcu->bmap, 0, ram_bitmap_pages);
> +/* Skip setting bitmap if there is no RAM */
> +if (ram_bytes_total()) {
> +ram_bitmap_pages = last_ram_offset() >> TARGET_PAGE_BITS;
> +migration_bitmap_rcu = g_new0(struct BitmapRcu, 1);
> +migration_bitmap_rcu->bmap = bitmap_new(ram_bitmap_pages);
> +bitmap_set(migration_bitmap_rcu->bmap, 0, ram_bitmap_pages);
>  
> -if (migrate_postcopy_ram()) {
> -migration_bitmap_rcu->unsentmap = bitmap_new(ram_bitmap_pages);
> -bitmap_set(migration_bitmap_rcu->unsentmap, 0, ram_bitmap_pages);
> +if (migrate_postcopy_ram()) {
> +migration_bitmap_rcu->unsentmap = bitmap_new(ram_bitmap_pages);
> +bitmap_set(migration_bitmap_rcu->unsentmap, 0, ram_bitmap_pages);
> +}
>  }
>  
>  /*
> 

I didn't test it, but it looks good.

Paolo

Re: [Qemu-devel] [PATCH v6 03/18] vfio: allow to notify unmap for very large region

[Alex Williamson]

On Fri,  3 Feb 2017 16:22:29 +0800
Peter Xu  wrote:

> Linux vfio driver supports to do VFIO_IOMMU_UNMAP_DMA for a very big
> region. This can be leveraged by QEMU IOMMU implementation to cleanup
> existing page mappings for an entire iova address space (by notifying
> with an IOTLB with extremely huge addr_mask). However current
> vfio_iommu_map_notify() does not allow that. It make sure that all the
> translated address in IOTLB is falling into RAM range.
> 
> The check makes sense, but it should only be a sensible checker for
> mapping operations, and mean little for unmap operations.
> 
> This patch moves this check into map logic only, so that we'll get
> faster unmap handling (no need to translate again), and also we can then
> better support unmapping a very big region when it covers non-ram ranges
> or even not-existing ranges.
> 
> Signed-off-by: Peter Xu 
> ---
>  hw/vfio/common.c | 7 +++
>  1 file changed, 3 insertions(+), 4 deletions(-)


Acked-by: Alex Williamson 


> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index 42c4790..f3ba9b9 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -352,11 +352,10 @@ static void vfio_iommu_map_notify(IOMMUNotifier *n, 
> IOMMUTLBEntry *iotlb)
>  
>  rcu_read_lock();
>  
> -if (!vfio_get_vaddr(iotlb, , _only)) {
> -goto out;
> -}
> -
>  if ((iotlb->perm & IOMMU_RW) != IOMMU_NONE) {
> +if (!vfio_get_vaddr(iotlb, , _only)) {
> +goto out;
> +}
>  /*
>   * vaddr is only valid until rcu_read_unlock(). But after
>   * vfio_dma_map has set up the mapping the pages will be

Re: [Qemu-devel] [RFC PATCH] configure: remove --enable-replication/--disable-replication

[Paolo Bonzini]

On 03/02/2017 07:00, Stefan Hajnoczi wrote:
> On Thu, Feb 02, 2017 at 07:05:30AM -0800, Paolo Bonzini wrote:
>> The replication feature is a small amount of code, does not
>> require any external library and unless used does not add
>> anything to the guest's attack surface.  Since any extra
>> configure option affects maintainability on the other hand
>> and is subject to bit rot, I think there is no need to
>> make it configurable.
> 
> I think the current state is good: replication is enabled by default but
> can be compiled out if desired.
> 
> Downstreams may not be comfortable supporting this feature yet since
> it's incomplete.  It's fair to offer an option to disable it, otherwise
> downstreams will have to patch this themselves.

I understand---I just am not sure where to draw the line because there's
plenty of other incomplete features, hence the RFC.  For example,
record/replay cannot be enabled or disabled on the configure command
line.  That was the case even in the beginning, where it didn't support
either block or character device replay.

--enable-coroutine-pool is a relic of when Windows builds needed it, but
all other --enable-* options require an external library or at least a
specific operating system.  See for example this patch:

commit 52b53c04faab9f7a9879c8dc014930649a3e698d
Author: Fam Zheng 
Date:   Wed Sep 10 14:17:51 2014 +0800

block: Always compile virtio-blk dataplane

Dataplane doesn't depend on linux-aio any more, so we don't need the
compiling condition now.

Configure options are kept but just print a message.

Signed-off-by: Fam Zheng 
Reviewed-by: Paolo Bonzini 
Message-id: 1410329871-28885-4-git-send-email-f...@redhat.com
Signed-off-by: Stefan Hajnoczi 


I would actually prefer to remove many of the latter
(--enable-vhost-net, --enable-vhost-scsi, --enable-vhost-socket) and
just use default-configs.  We are already doing it for ivshmem for example:

CONFIG_IVSHMEM=$(CONFIG_EVENTFD)

Paolo

[Qemu-devel] [PATCH] test-vmstate: remove yield_until_fd_readable

[Paolo Bonzini]

The function is not needed anymore now that migration is built on
top of QIOChannel.

Signed-off-by: Paolo Bonzini 
---
 tests/test-vmstate.c | 11 ---
 1 file changed, 11 deletions(-)

diff --git a/tests/test-vmstate.c b/tests/test-vmstate.c
index 9d87faf..0c2af4d 100644
--- a/tests/test-vmstate.c
+++ b/tests/test-vmstate.c
@@ -33,17 +33,6 @@
 static char temp_file[] = "/tmp/vmst.test.XX";
 static int temp_fd;
 
-/* Fake yield_until_fd_readable() implementation so we don't have to pull the
- * coroutine code as dependency.
- */
-void yield_until_fd_readable(int fd)
-{
-fd_set fds;
-FD_ZERO();
-FD_SET(fd, );
-select(fd + 1, , NULL, NULL, NULL);
-}
-
 
 /* Duplicate temp_fd and seek to the beginning of the file */
 static QEMUFile *open_test_file(bool write)
-- 
2.9.3

[Qemu-devel] [PATCH v3] qemu-nbd: Implement socket activation.

[Richard W.M. Jones]

Socket activation (sometimes known as systemd socket activation)
allows an Internet superserver to pass a pre-opened listening socket
to the process, instead of having qemu-nbd open a socket itself.  This
is done via the LISTEN_FDS and LISTEN_PID environment variables, and a
standard file descriptor range.

This change partially implements socket activation for qemu-nbd.  If
the environment variables are set correctly, then socket activation
will happen automatically, otherwise everything works as before.  The
limitation is that LISTEN_FDS must be 1.

Signed-off-by: Richard W.M. Jones.
---
 qemu-nbd.c | 181 ++---
 1 file changed, 172 insertions(+), 9 deletions(-)

diff --git a/qemu-nbd.c b/qemu-nbd.c
index c734f62..bde2740 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -463,6 +463,143 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, 
Error **errp)
 return creds;
 }
 
+#define MACRO_EXPAND_STRINGIFY(x) STRINGIFY(x)
+#define STRINGIFY(x) #x
+
+static void setup_address_and_port(const char **address, const char **port)
+{
+if (*address == NULL) {
+*address = "0.0.0.0";
+}
+
+if (*port == NULL) {
+*port = MACRO_EXPAND_STRINGIFY(NBD_DEFAULT_PORT);
+}
+}
+
+#define FIRST_SOCKET_ACTIVATION_FD 3 /* defined by systemd ABI */
+
+#ifndef _WIN32
+/*
+ * Check if socket activation was requested via use of the
+ * LISTEN_FDS and LISTEN_PID environment variables.
+ *
+ * Returns 0 if no socket activation, or the number of FDs.
+ */
+static unsigned int check_socket_activation(void)
+{
+const char *s;
+unsigned long pid;
+unsigned long nr_fds;
+unsigned int i;
+int fd;
+int err;
+
+s = getenv("LISTEN_PID");
+if (s == NULL) {
+return 0;
+}
+err = qemu_strtoul(s, NULL, 10, );
+if (err) {
+if (verbose) {
+fprintf(stderr, "malformed %s environment variable (ignored)\n",
+"LISTEN_PID");
+}
+return 0;
+}
+if (pid != getpid()) {
+if (verbose) {
+fprintf(stderr, "%s was not for us (ignored)\n",
+"LISTEN_PID");
+}
+return 0;
+}
+
+s = getenv("LISTEN_FDS");
+if (s == NULL) {
+return 0;
+}
+err = qemu_strtoul(s, NULL, 10, _fds);
+if (err) {
+if (verbose) {
+fprintf(stderr, "malformed %s environment variable (ignored)\n",
+"LISTEN_FDS");
+}
+return 0;
+}
+assert(nr_fds <= UINT_MAX);
+
+/* A limitation of current qemu-nbd is that it can only listen on
+ * a single socket.  When that limitation is lifted, we can change
+ * this function to allow LISTEN_FDS > 1, and remove the assertion
+ * in the main function below.
+ */
+if (nr_fds > 1) {
+error_report("qemu-nbd does not support socket activation with %s > 1",
+ "LISTEN_FDS");
+exit(EXIT_FAILURE);
+}
+
+/* So these are not passed to any child processes we might start. */
+unsetenv("LISTEN_FDS");
+unsetenv("LISTEN_PID");
+
+/* So the file descriptors don't leak into child processes. */
+for (i = 0; i < nr_fds; ++i) {
+fd = FIRST_SOCKET_ACTIVATION_FD + i;
+if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
+/* If we cannot set FD_CLOEXEC then it probably means the file
+ * descriptor is invalid, so socket activation has gone wrong
+ * and we should exit.
+ */
+error_report("Socket activation failed: "
+ "invalid file descriptor fd = %d: %m",
+ fd);
+exit(EXIT_FAILURE);
+}
+}
+
+return (unsigned int) nr_fds;
+}
+
+#else /* !_WIN32 */
+static unsigned int check_socket_activation(void)
+{
+return 0;
+}
+#endif
+
+/*
+ * Check socket parameters compatibility when socket activation is used.
+ */
+static const char *socket_activation_validate_opts(const char *device,
+   const char *sockpath,
+   const char *address,
+   const char *port,
+   bool fork_process)
+{
+if (device != NULL) {
+return "NBD device can't be set when using socket activation";
+}
+
+if (sockpath != NULL) {
+return "Unix socket can't be set when using socket activation";
+}
+
+if (address != NULL) {
+return "The interface can't be set when using socket activation";
+}
+
+if (port != NULL) {
+return "TCP port number can't be set when using socket activation";
+}
+
+if (fork_process) {
+return "Fork (--fork) can't be used with socket activation";
+}
+
+return NULL;
+}
 
 int main(int argc, char **argv)
 {
@@ -471,7 +608,7 @@ int main(int argc, char **argv)

Re: [Qemu-devel] [PATCH v2 0/3] migration capability to discard the migrated ram pages

[no-reply]

Hi,

Your series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Subject: [Qemu-devel] [PATCH v2 0/3] migration capability to discard the 
migrated ram pages
Message-id: 20170203152321.19739-1-pbutsy...@virtuozzo.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=16
make docker-test-quick@centos6
make docker-test-mingw@fedora
make docker-test-build@min-glib
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
ad60afe migration: discard non-dirty ram pages after the start of postcopy
96046dc add 'release-ram' migrate capability
aa07734 migration: add MigrationState arg for ram_save_/compressed_/page()

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
  BUILD   centos6
make[1]: Entering directory `/var/tmp/patchew-tester-tmp-o9kc_ni7/src'
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
ccache-3.1.6-2.el6.x86_64
epel-release-6-8.noarch
gcc-4.4.7-17.el6.x86_64
git-1.7.1-4.el6_7.1.x86_64
glib2-devel-2.28.8-5.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
make-3.81-23.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
tar-1.23-15.el6_8.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=libfdt-devel ccache tar git make gcc g++ zlib-devel 
glib2-devel SDL-devel pixman-devel epel-release
HOSTNAME=ff55140c8db0
TERM=xterm
MAKEFLAGS= -j16
HISTSIZE=1000
J=16
USER=root
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
MAIL=/var/spool/mail/root
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
LANG=en_US.UTF-8
TARGET_LIST=
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
FEATURES= dtc
DEBUG=
G_BROKEN_FILENAMES=1
CCACHE_HASHDIR=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/var/tmp/qemu-build/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/var/tmp/qemu-build/install
BIOS directory/var/tmp/qemu-build/install/share/qemu
binary directory  /var/tmp/qemu-build/install/bin
library directory /var/tmp/qemu-build/install/lib
module directory  /var/tmp/qemu-build/install/lib/qemu
libexec directory /var/tmp/qemu-build/install/libexec
include directory /var/tmp/qemu-build/install/include
config directory  /var/tmp/qemu-build/install/etc
local state directory   /var/tmp/qemu-build/install/var
Manual directory  /var/tmp/qemu-build/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1-pthread -I/usr/include/glib-2.0 
-I/usr/lib64/glib-2.0/include   -fPIE -DPIE -m64 -mcx16 -D_GNU_SOURCE 
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels -Wmissing-include-dirs 
-Wempty-body -Wnested-externs -Wformat-security -Wformat-y2k -Winit-self 
-Wignored-qualifiers -Wold-style-declaration -Wold-style-definition 
-Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde support   no
netmap supportno
Linux AIO support no
ATTR/XATTR support yes
Install blobs yes
KVM support   yes
HAX support   no
RDMA 

[Qemu-devel] [RFC 5/5] xilinx_spips: allow mmio execution

[fred . konrad]

From: KONRAD Frederic 

This allows to execute from the lqspi area.

When the request_ptr is called the device loads 1024bytes from the SPI device.
Then this code can be executed by the guest.

Signed-off-by: KONRAD Frederic 
---
 hw/ssi/xilinx_spips.c | 74 ++-
 1 file changed, 55 insertions(+), 19 deletions(-)

diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c
index da8adfa..e833028 100644
--- a/hw/ssi/xilinx_spips.c
+++ b/hw/ssi/xilinx_spips.c
@@ -496,6 +496,18 @@ static const MemoryRegionOps spips_ops = {
 .endianness = DEVICE_LITTLE_ENDIAN,
 };
 
+static void xilinx_qspips_invalidate_mmio_ptr(XilinxQSPIPS *q)
+{
+XilinxSPIPS *s = >parent_obj;
+
+if (q->lqspi_cached_addr != ~0ULL) {
+/* Invalidate the current mapped mmio */
+memory_region_invalidate_mmio_ptr(>mmlqspi, q->lqspi_cached_addr,
+  LQSPI_CACHE_SIZE);
+q->lqspi_cached_addr = ~0ULL;
+}
+}
+
 static void xilinx_qspips_write(void *opaque, hwaddr addr,
 uint64_t value, unsigned size)
 {
@@ -505,7 +517,7 @@ static void xilinx_qspips_write(void *opaque, hwaddr addr,
 addr >>= 2;
 
 if (addr == R_LQSPI_CFG) {
-q->lqspi_cached_addr = ~0ULL;
+xilinx_qspips_invalidate_mmio_ptr(q);
 }
 }
 
@@ -517,27 +529,20 @@ static const MemoryRegionOps qspips_ops = {
 
 #define LQSPI_CACHE_SIZE 1024
 
-static uint64_t
-lqspi_read(void *opaque, hwaddr addr, unsigned int size)
+static void lqspi_load_cache(void *opaque, hwaddr addr)
 {
-int i;
 XilinxQSPIPS *q = opaque;
 XilinxSPIPS *s = opaque;
-uint32_t ret;
-
-if (addr >= q->lqspi_cached_addr &&
-addr <= q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
-uint8_t *retp = >lqspi_buf[addr - q->lqspi_cached_addr];
-ret = cpu_to_le32(*(uint32_t *)retp);
-DB_PRINT_L(1, "addr: %08x, data: %08x\n", (unsigned)addr,
-   (unsigned)ret);
-return ret;
-} else {
-int flash_addr = (addr / num_effective_busses(s));
-int slave = flash_addr >> LQSPI_ADDRESS_BITS;
-int cache_entry = 0;
-uint32_t u_page_save = s->regs[R_LQSPI_STS] & ~LQSPI_CFG_U_PAGE;
-
+int i;
+int flash_addr = ((addr & ~(LQSPI_CACHE_SIZE - 1))
+   / num_effective_busses(s));
+int slave = flash_addr >> LQSPI_ADDRESS_BITS;
+int cache_entry = 0;
+uint32_t u_page_save = s->regs[R_LQSPI_STS] & ~LQSPI_CFG_U_PAGE;
+
+if (addr < q->lqspi_cached_addr ||
+addr > q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
+xilinx_qspips_invalidate_mmio_ptr(q);
 s->regs[R_LQSPI_STS] &= ~LQSPI_CFG_U_PAGE;
 s->regs[R_LQSPI_STS] |= slave ? LQSPI_CFG_U_PAGE : 0;
 
@@ -589,12 +594,43 @@ lqspi_read(void *opaque, hwaddr addr, unsigned int size)
 xilinx_spips_update_cs_lines(s);
 
 q->lqspi_cached_addr = flash_addr * num_effective_busses(s);
+}
+}
+
+static void *lqspi_request_mmio_ptr(void *opaque, hwaddr addr, unsigned *size,
+unsigned *offset)
+{
+XilinxQSPIPS *q = opaque;
+hwaddr offset_within_the_region = addr & ~(LQSPI_CACHE_SIZE - 1);
+
+lqspi_load_cache(opaque, offset_within_the_region);
+*size = LQSPI_CACHE_SIZE;
+*offset = offset_within_the_region;
+return q->lqspi_buf;
+}
+
+static uint64_t
+lqspi_read(void *opaque, hwaddr addr, unsigned int size)
+{
+XilinxQSPIPS *q = opaque;
+uint32_t ret;
+
+if (addr >= q->lqspi_cached_addr &&
+addr <= q->lqspi_cached_addr + LQSPI_CACHE_SIZE - 4) {
+uint8_t *retp = >lqspi_buf[addr - q->lqspi_cached_addr];
+ret = cpu_to_le32(*(uint32_t *)retp);
+DB_PRINT_L(1, "addr: %08x, data: %08x\n", (unsigned)addr,
+   (unsigned)ret);
+return ret;
+} else {
+lqspi_load_cache(opaque, addr);
 return lqspi_read(opaque, addr, size);
 }
 }
 
 static const MemoryRegionOps lqspi_ops = {
 .read = lqspi_read,
+.request_ptr = lqspi_request_mmio_ptr,
 .endianness = DEVICE_NATIVE_ENDIAN,
 .valid = {
 .min_access_size = 1,
-- 
1.8.3.1

[Qemu-devel] [PATCH v3] qemu-nbd: Implement socket activation.

[Richard W.M. Jones]

v2 -> v3:

- Changes suggested by Stefan.

- Retested it, using my socket activation code in virt-p2v:
  https://www.redhat.com/archives/libguestfs/2017-February/msg00036.html

Rich.

[Qemu-devel] [RFC 4/5] exec: allow to get a pointer for some mmio memory region

[fred . konrad]

From: KONRAD Frederic 

This introduces a special callback which allows to run code from some MMIO
devices.

SysBusDevice with a MemoryRegion which implements the request_ptr callback will
be notified when the guest try to execute code from their offset. Then it will
be able to eg: pre-load some code from an SPI device or ask a pointer from an
external simulator, etc..

When the pointer or the data in it are no longer valid the device has to
invalidate it.

Signed-off-by: KONRAD Frederic 
---
 cputlb.c  |  7 +++
 include/exec/memory.h | 35 +++
 memory.c  | 45 +
 3 files changed, 87 insertions(+)

diff --git a/cputlb.c b/cputlb.c
index 846341e..9077247 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -545,6 +545,13 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, 
target_ulong addr)
 if (memory_region_is_unassigned(mr)) {
 CPUClass *cc = CPU_GET_CLASS(cpu);
 
+if (memory_region_request_mmio_ptr(mr, addr)) {
+/* A MemoryRegion is potentially added so re-run the
+ * get_page_addr_code.
+ */
+return get_page_addr_code(env, addr);
+}
+
 if (cc->do_unassigned_access) {
 cc->do_unassigned_access(cpu, addr, false, true, 0, 4);
 } else {
diff --git a/include/exec/memory.h b/include/exec/memory.h
index 987f925..36b0eec 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -120,6 +120,15 @@ struct MemoryRegionOps {
 uint64_t data,
 unsigned size,
 MemTxAttrs attrs);
+/* Instruction execution pre-callback:
+ * @addr is the address of the access relative to the @mr.
+ * @size is the size of the area returned by the callback.
+ * @offset is the location of the pointer inside @mr.
+ *
+ * Returns a pointer to a location which contains guest code.
+ */
+void *(*request_ptr)(void *opaque, hwaddr addr, unsigned *size,
+ unsigned *offset);
 
 enum device_endian endianness;
 /* Guest-visible constraints: */
@@ -1253,6 +1262,32 @@ void memory_global_dirty_log_stop(void);
 void mtree_info(fprintf_function mon_printf, void *f, bool flatview);
 
 /**
+ * memory_region_request_mmio_ptr: request a pointer to an mmio
+ * MemoryRegion. If it is possible map a RAM MemoryRegion with this pointer.
+ * When the device wants to invalidate the pointer it will call
+ * memory_region_invalidate_mmio_ptr.
+ *
+ * @mr: #MemoryRegion to check
+ * @addr: address within that region
+ *
+ * Returns true on success, false otherwise.
+ */
+bool memory_region_request_mmio_ptr(MemoryRegion *mr, hwaddr addr);
+
+/**
+ * memory_region_invalidate_mmio_ptr: invalidate the pointer to an mmio
+ * previously requested.
+ * In the end that means that if something wants to execute from this area it
+ * will need to request the pointer again.
+ *
+ * @mr: #MemoryRegion associated to the pointer.
+ * @addr: address within that region
+ * @size: size of that area.
+ */
+void memory_region_invalidate_mmio_ptr(MemoryRegion *mr, hwaddr offset,
+   unsigned size);
+
+/**
  * memory_region_dispatch_read: perform a read directly to the specified
  * MemoryRegion.
  *
diff --git a/memory.c b/memory.c
index 6c58373..eb3e8ec 100644
--- a/memory.c
+++ b/memory.c
@@ -2375,6 +2375,51 @@ void memory_listener_unregister(MemoryListener *listener)
 QTAILQ_REMOVE(>address_space->listeners, listener, link_as);
 }
 
+bool memory_region_request_mmio_ptr(MemoryRegion *mr, hwaddr addr)
+{
+void *host;
+unsigned size = 0;
+unsigned offset = 0;
+MemoryRegion *sub;
+
+if (!mr || !mr->ops->request_ptr) {
+return false;
+}
+
+/*
+ * Avoid an update if the request_ptr call
+ * memory_region_invalidate_mmio_ptr which seems to be likely when we use
+ * a cache.
+ */
+memory_region_transaction_begin();
+
+host = mr->ops->request_ptr(mr->opaque, addr - mr->addr, , );
+
+if (!host || !size) {
+memory_region_transaction_commit();
+return false;
+}
+
+sub = g_new(MemoryRegion, 1);
+memory_region_init_ram_ptr(sub, OBJECT(mr), "mmio-map", size, host);
+memory_region_add_subregion(mr, offset, sub);
+memory_region_transaction_commit();
+return true;
+}
+
+void memory_region_invalidate_mmio_ptr(MemoryRegion *mr, hwaddr offset,
+   unsigned size)
+{
+MemoryRegionSection section = memory_region_find(mr, offset, size);
+
+if (section.mr != mr) {
+memory_region_del_subregion(mr, section.mr);
+/* memory_region_find add a ref on section.mr */
+memory_region_unref(section.mr);
+object_unparent(OBJECT(section.mr));
+}
+}
+
 void 

[Qemu-devel] [RFC 0/5] execute code from mmio area

[fred . konrad]

From: KONRAD Frederic 

This patch-set allows to execute code from mmio areas.
The main goal of this is to be able to run code for example from an SPI device.

The three first patch fixes the way get_page_addr_code fills the TLB.

The fourth patch implements the mmio execution helpers: the device must
implement the request_ptr callback of the MemoryRegion and will be notified when
the guest wants to execute code from it.

The fifth patch implements the execution from the SPI memories in the
xilinx_spips model.

Thanks,
Fred

KONRAD Frederic (5):
  cputlb: cleanup get_page_addr_code to use VICTIM_TLB_HIT
  cputlb: move get_page_addr_code
  cputlb: fix the way get_page_addr_code fills the tlb
  exec: allow to get a pointer for some mmio memory region
  xilinx_spips: allow mmio execution

 cputlb.c  | 81 ---
 hw/ssi/xilinx_spips.c | 74 ++
 include/exec/memory.h | 35 ++
 memory.c  | 45 
 4 files changed, 180 insertions(+), 55 deletions(-)

-- 
1.8.3.1

[Qemu-devel] [RFC 2/5] cputlb: move get_page_addr_code

[fred . konrad]

From: KONRAD Frederic 

This just moves the code before VICTIM_TLB_HIT macro definition
so we can use it.

Signed-off-by: KONRAD Frederic 
---
 cputlb.c | 72 
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index 665caea..b3a5f47 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -452,42 +452,6 @@ static void report_bad_exec(CPUState *cpu, target_ulong 
addr)
 log_cpu_state_mask(LOG_GUEST_ERROR, cpu, CPU_DUMP_FPU | CPU_DUMP_CCOP);
 }
 
-/* NOTE: this function can trigger an exception */
-/* NOTE2: the returned address is not exactly the physical address: it
- * is actually a ram_addr_t (in system mode; the user mode emulation
- * version of this function returns a guest virtual address).
- */
-tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
-{
-int mmu_idx, index, pd;
-void *p;
-MemoryRegion *mr;
-CPUState *cpu = ENV_GET_CPU(env);
-CPUIOTLBEntry *iotlbentry;
-
-index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-mmu_idx = cpu_mmu_index(env, true);
-if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
- (addr & TARGET_PAGE_MASK))) {
-cpu_ldub_code(env, addr);
-}
-iotlbentry = >iotlb[mmu_idx][index];
-pd = iotlbentry->addr & ~TARGET_PAGE_MASK;
-mr = iotlb_to_region(cpu, pd, iotlbentry->attrs);
-if (memory_region_is_unassigned(mr)) {
-CPUClass *cc = CPU_GET_CLASS(cpu);
-
-if (cc->do_unassigned_access) {
-cc->do_unassigned_access(cpu, addr, false, true, 0, 4);
-} else {
-report_bad_exec(cpu, addr);
-exit(1);
-}
-}
-p = (void *)((uintptr_t)addr + env->tlb_table[mmu_idx][index].addend);
-return qemu_ram_addr_from_host_nofail(p);
-}
-
 static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
  target_ulong addr, uintptr_t retaddr, int size)
 {
@@ -554,6 +518,42 @@ static bool victim_tlb_hit(CPUArchState *env, size_t 
mmu_idx, size_t index,
   victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
  (ADDR) & TARGET_PAGE_MASK)
 
+/* NOTE: this function can trigger an exception */
+/* NOTE2: the returned address is not exactly the physical address: it
+ * is actually a ram_addr_t (in system mode; the user mode emulation
+ * version of this function returns a guest virtual address).
+ */
+tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
+{
+int mmu_idx, index, pd;
+void *p;
+MemoryRegion *mr;
+CPUState *cpu = ENV_GET_CPU(env);
+CPUIOTLBEntry *iotlbentry;
+
+index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+mmu_idx = cpu_mmu_index(env, true);
+if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
+ (addr & TARGET_PAGE_MASK))) {
+cpu_ldub_code(env, addr);
+}
+iotlbentry = >iotlb[mmu_idx][index];
+pd = iotlbentry->addr & ~TARGET_PAGE_MASK;
+mr = iotlb_to_region(cpu, pd, iotlbentry->attrs);
+if (memory_region_is_unassigned(mr)) {
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+if (cc->do_unassigned_access) {
+cc->do_unassigned_access(cpu, addr, false, true, 0, 4);
+} else {
+report_bad_exec(cpu, addr);
+exit(1);
+}
+}
+p = (void *)((uintptr_t)addr + env->tlb_table[mmu_idx][index].addend);
+return qemu_ram_addr_from_host_nofail(p);
+}
+
 /* Probe for whether the specified guest write access is permitted.
  * If it is not permitted then an exception will be taken in the same
  * way as if this were a real write access (and we will not return).
-- 
1.8.3.1

[Qemu-devel] [RFC 3/5] cputlb: fix the way get_page_addr_code fills the tlb

[fred . konrad]

From: KONRAD Frederic 

get_page_addr_code(..) does a cpu_ldub_code to fill the tlb:
This can lead to some side effects if a device is mapped at this address.

So this patch replaces the cpu_memory_ld by a tlb_fill.

Signed-off-by: KONRAD Frederic 
---
 cputlb.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index b3a5f47..846341e 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -534,8 +534,10 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, 
target_ulong addr)
 index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
 mmu_idx = cpu_mmu_index(env, true);
 if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
- (addr & TARGET_PAGE_MASK))) {
-cpu_ldub_code(env, addr);
+ (addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK {
+if (!VICTIM_TLB_HIT(addr_read, addr)) {
+tlb_fill(ENV_GET_CPU(env), addr, MMU_INST_FETCH, mmu_idx, 0);
+}
 }
 iotlbentry = >iotlb[mmu_idx][index];
 pd = iotlbentry->addr & ~TARGET_PAGE_MASK;
-- 
1.8.3.1

[Qemu-devel] [RFC 1/5] cputlb: cleanup get_page_addr_code to use VICTIM_TLB_HIT

[fred . konrad]

From: KONRAD Frederic 

This replaces env1 and page_index variables by env and index
so we can use VICTIM_TLB_HIT macro later.

Signed-off-by: KONRAD Frederic 
---
 cputlb.c | 18 +-
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index 6c39927..665caea 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -457,21 +457,21 @@ static void report_bad_exec(CPUState *cpu, target_ulong 
addr)
  * is actually a ram_addr_t (in system mode; the user mode emulation
  * version of this function returns a guest virtual address).
  */
-tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr)
+tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
 {
-int mmu_idx, page_index, pd;
+int mmu_idx, index, pd;
 void *p;
 MemoryRegion *mr;
-CPUState *cpu = ENV_GET_CPU(env1);
+CPUState *cpu = ENV_GET_CPU(env);
 CPUIOTLBEntry *iotlbentry;
 
-page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
-mmu_idx = cpu_mmu_index(env1, true);
-if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code !=
+index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);
+mmu_idx = cpu_mmu_index(env, true);
+if (unlikely(env->tlb_table[mmu_idx][index].addr_code !=
  (addr & TARGET_PAGE_MASK))) {
-cpu_ldub_code(env1, addr);
+cpu_ldub_code(env, addr);
 }
-iotlbentry = >iotlb[mmu_idx][page_index];
+iotlbentry = >iotlb[mmu_idx][index];
 pd = iotlbentry->addr & ~TARGET_PAGE_MASK;
 mr = iotlb_to_region(cpu, pd, iotlbentry->attrs);
 if (memory_region_is_unassigned(mr)) {
@@ -484,7 +484,7 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, 
target_ulong addr)
 exit(1);
 }
 }
-p = (void *)((uintptr_t)addr + 
env1->tlb_table[mmu_idx][page_index].addend);
+p = (void *)((uintptr_t)addr + env->tlb_table[mmu_idx][index].addend);
 return qemu_ram_addr_from_host_nofail(p);
 }
 
-- 
1.8.3.1

Re: [Qemu-devel] Non-flat command line option argument syntax

[Dr. David Alan Gilbert]

* Markus Armbruster (arm...@redhat.com) wrote:
> "Dr. David Alan Gilbert"  writes:
> 
> > * Markus Armbruster (arm...@redhat.com) wrote:
> >> = Introduction =
> >> 
> >
> > 
> >
> >> = Structured option argument syntax =
> >> 
> >> == JSON ==
> >> 
> >> The obvious way to provide the expressiveness of JSON on the command
> >> line is JSON.  Easy enough[2].  However, besides not being compatible,
> >> it's rather heavy on syntax, at least for simple cases.  Compare:
> >> 
> >> -machine q35,accel=kvm
> >> -machine '{ "type": "q35", "accel": "kvm"}'
> >> 
> >> It compares a bit more favourably in cases that use our non-flat hacks.
> >> Here's a flat list as KEY=VALUE,... with repeated keys, and as JSON:
> >> 
> >> -semihosting-config enable,arg=eins,arg=zwei,arg=drei
> >> -semihosting-config '{ "enable": true, "arg": [ "eins", "zwei", "drei" 
> >> ] }'
> >> 
> >> Arbitrary nesting with dotted key convention:
> >> 
> >> -drive driver=qcow2,file.driver=gluster,
> >>file.volume=testvol,file.path=/path/a.qcow2,file.debug=9,
> >>file.server.0.type=tcp,
> >>file.server.0.host=1.2.3.4,
> >>file.server.0.port=24007,
> >>file.server.1.type=unix,
> >>file.server.1.socket=/var/run/glusterd.socket
> >> -drive '{ "driver": "qcow2",
> >>   "file": {
> >>   "driver": "gluster", "volume": "testvol",
> >>   "path": "/path/a.qcow2", "debug": 9,
> >>   "server": [ { "type": "tcp",
> >> "host": "1.2.3.4", "port": "24007"},
> >>   { "type": "unix",
> >> "socket": "/var/run/glusterd.socket" } ] } 
> >> }'
> >
> > So while I generally hate JSON, the -drive dotted key syntax makes
> > me mad when it gets like this;  have a look
> > at the block replication and quorum setups especially, that can end up
> > with (from docs/COLO-FT.txt):
> >
> >   -drive 
> > if=virtio,id=primary-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,\
> >  children.0.file.filename=1.raw,\
> >  children.0.driver=raw -S
> >
> >that's just way too many .'s to ever properly understand.
> > (I'm sure it used to be more complex).
> 
> Here's an idea to cut down on the dottery that drives you mad (and me
> too): if KEY starts with '.', combine it with a prefix of the previous
> one so that the result has the same number of name components.
> 
> Your example becomes
> 
> -drive 
> if=virtio,id=primary-disk0,driver=quorum,read-pattern=fifo,vote-threshold=1,\
>children.0.file.filename=1.raw,.driver=raw -S
> 
> My example
> 
>  -drive driver=qcow2,file.driver=gluster,
> file.volume=testvol,file.path=/path/a.qcow2,file.debug=9,
> file.server.0.type=tcp,
> file.server.0.host=1.2.3.4,
> file.server.0.port=24007,
> file.server.1.type=unix,
> file.server.1.socket=/var/run/glusterd.socket
> 
> becomes
> 
>  -drive driver=qcow2,
> file.driver=gluster,
> .volume=testvol,
> .path=/path/a.qcow2,
> .debug=9,
> file.server.0.type=tcp,
>  .host=1.2.3.4,
>  .port=24007,
> file.server.1.type=unix,
>  .socket=/var/run/glusterd.socket
> 
> Mind, I'm not at all sure this is a *good* idea.  I suspect it's more
> magic than it's worth.

That is actually quite a nice compaction; it still feels pretty easy to read,
and doesn't use any more magic characters.

> >> Lines broken and indented for legibility; you need to join them for
> >> actual use.
> >
> > Why? What's a \n between friends for JSON?
> 
> You're right, the JSON works as is.  Only the KEY=VALUE example doesn't.
> 
> >> Once you do, both variants are basically illegible.  This
> >> is simply something that belongs into a config file rather than the
> >> command line.  In a config file, JSON would be a better choice.
> >> 
> >> There's also the -drive file=json:... syntax.  It's a bad fit for
> >> QemuOpts, because QemuOpts and JSON fight for the comma.  I'd show you
> >> if I could get it to work.
> >> 
> >> We obviously can't replace QemuOpts with JSON.  But accepting JSON in
> >> addition to QemuOpts is a debatable feature: it lets management
> >> applications reuse the code to build QMP arguments for option arguments.
> >> 
> >> Since structured option arguments are always dictionaries, a JSON option
> >> argument always starts with '{'.  If no QemuOpts argument can ever start
> >> with '{', accepting either QemuOpts or a JSON object is unambiguous.
> >> For a more detailed discussion of the following argument, see [3].
> >> 
> >> A QemuOpts argument normally starts with KEY.  We need to outlaw KEYs
> >> starting with '{'.  QAPI outlaws such names, see docs/qapi-code-gen.txt.
> >> QOM 

[Qemu-devel] [PATCH v2 0/3] migration capability to discard the migrated ram pages

[Pavel Butsykin]

This feature frees the migrated memory on the source during postcopy-ram
migration. In the second step of postcopy-ram migration when the source vm
is put on pause we can free unnecessary memory. It will allow, in particular,
to start relaxing the memory stress on the source host in a load-balancing
scenario.

Changes from v1:
- changed name of the interfaces (discard to release)
- fix make check error
- add more comments to qemu_iovec_release_ram()
- rebase on "Postcopy: Hugepage support" (David's patch series)
- removed ram_discard_page for xbzrle 
- fix erroneous release memory in complete precopy (tie release-ram to postcopy)

Pavel Butsykin (3):
  migration: add MigrationState arg for ram_save_/compressed_/page()
  add 'release-ram' migrate capability
  migration: discard non-dirty ram pages after the start of postcopy

 include/migration/migration.h |  2 ++
 include/migration/qemu-file.h |  3 ++-
 migration/migration.c | 13 ++
 migration/qemu-file.c | 59 ++-
 migration/ram.c   | 56 ++--
 qapi-schema.json  |  5 +++-
 6 files changed, 121 insertions(+), 17 deletions(-)

-- 
2.11.0

Re: [Qemu-devel] [PATCH v2] qemu-nbd: Implement socket activation.

[Richard W.M. Jones]

On Fri, Feb 03, 2017 at 03:16:43PM +, Stefan Hajnoczi wrote:
> On Thu, Feb 02, 2017 at 05:16:25PM +, Richard W.M. Jones wrote:
> > +if (*port == NULL) {
> > +*port = g_strdup_printf("%d", NBD_DEFAULT_PORT);;
> 
> Please stringify NBD_DEFAULT_PORT instead of using g_strdup_printf().
> That avoids the memory leak.

Oops.

Do we have a macro for this already?  I couldn't see one, and the
best I could come up with is:

#define MACRO_EXPAND_STRINGIFY(x) STRINGIFY(x)
#define STRINGIFY(x) #x

static void setup_address_and_port(const char **address, const char **port)
{
if (*address == NULL) {
*address = "0.0.0.0";
}

if (*port == NULL) {
*port = MACRO_EXPAND_STRINGIFY(NBD_DEFAULT_PORT);
}
}

It works, but it's a bit of a mouthful.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v

Re: [Qemu-devel] [PATCH v3 5/7] ARM big-endian system-mode gdbstub support.

[Peter Maydell]

On 20 January 2017 at 16:32, Julian Brown  wrote:
> When debugging a big-endian (either BE8 or BE32) executable, GDB uses
> a big-endian byte ordering for its remote protocol.  The gdb stub
> code in QEMU needs to interpret data in host (little-endian) order in
> arm_cpu_gdb_read_register and arm_cpu_gdb_write_register, so this patch
> arranges to byte-swap the data to/from GDB in those cases.
>
> Signed-off-by: Julian Brown 
> ---
>  target/arm/gdbstub.c | 42 ++
>  1 file changed, 42 insertions(+)
>
> diff --git a/target/arm/gdbstub.c b/target/arm/gdbstub.c
> index 04c1208..1e9fe68 100644
> --- a/target/arm/gdbstub.c
> +++ b/target/arm/gdbstub.c
> @@ -21,6 +21,7 @@
>  #include "qemu-common.h"
>  #include "cpu.h"
>  #include "exec/gdbstub.h"
> +#include "exec/softmmu-arm-semi.h"
>
>  /* Old gdb always expect FPA registers.  Newer (xml-aware) gdb only expect
> whatever the target description contains.  Due to a historical mishap
> @@ -32,10 +33,22 @@ int arm_cpu_gdb_read_register(CPUState *cs, uint8_t 
> *mem_buf, int n)
>  {
>  ARMCPU *cpu = ARM_CPU(cs);
>  CPUARMState *env = >env;
> +#ifndef CONFIG_USER_ONLY
> +bool targ_bigendian = arm_bswap_needed(env);
> +#endif

This is a "what is the state of the CPU right this instant" test,
but surely gdb doesn't flip its protocol definition as the CPU
flips between big and little endian at runtime? I'm not sure
what the right check is but it probably isn't this.

>
>  if (n < 16) {
>  /* Core integer register.  */
> +#ifdef CONFIG_USER_ONLY
>  return gdb_get_reg32(mem_buf, env->regs[n]);
> +#else
> +if (targ_bigendian) {
> +stl_be_p(mem_buf, env->regs[n]);
> +} else {
> +stl_le_p(mem_buf, env->regs[n]);
> +}
> +return 4;
> +#endif

There's probably a phrasing here that avoids the ifdeffery...

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 0/7] ARM BE8/BE32 big-endian system-mode fixes (semihosting, gdbstub)

[Peter Maydell]

On 20 January 2017 at 16:30, Julian Brown  wrote:
> This is the third iteration of a series of patches to implement
> semihosting/gdbstub support for big-endian ARM system mode. The previous
> series started here:
>
>   http://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg00972.html
>
> I've (hopefully!) addressed all the comments from the second round of
> reviews, apologies in advance if I've missed anything.
>
> Thanks,
>
> Julian
>
> Julian Brown (7):
>   Add cfgend parameter for ARM CPU selection.
>   Honour reset_sctlr EE/B bits during reset.
>   Move target_memory_rw_debug function.
>   ARM big-endian semihosting support.
>   ARM big-endian system-mode gdbstub support.
>   Fix Thumb-1 BE32 execution and disassembly.
>   ARM BE32 watchpoint fix.

So to summarise:
I'm taking patches 1 (with some tweaks), 6 and 7 into target-arm.next.
2 isn't required. 3 is OK but should go in with the patches that
use it. 4 and 5 still need some work.

thanks
-- PMM

Re: [Qemu-devel] [Bug 1661386] Re: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed

[Matwey V. Kornilov]

Hello,

The output is the following:

kvm_msr_entry_add: @0 index=174 value=0
kvm_msr_entry_add: @1 index=175 value=0
kvm_msr_entry_add: @2 index=176 value=0
kvm_msr_entry_add: @3 index=277 value=7040600070406
kvm_msr_entry_add: @4 index=c081 value=0
kvm_msr_entry_add: @5 index=c0010117 value=0
kvm_msr_entry_add: @6 index=3b value=0
kvm_msr_entry_add: @7 index=1a0 value=1
kvm_msr_entry_add: @8 index=c083 value=0
kvm_msr_entry_add: @9 index=c102 value=0
kvm_msr_entry_add: @10 index=c084 value=0
kvm_msr_entry_add: @11 index=c082 value=0
kvm_msr_entry_add: @12 index=10 value=0
kvm_msr_entry_add: @13 index=12 value=0
kvm_msr_entry_add: @14 index=11 value=0
kvm_msr_entry_add: @15 index=4b564d02 value=0
kvm_msr_entry_add: @16 index=4b564d04 value=0
kvm_msr_entry_add: @17 index=4b564d03 value=0
kvm_msr_entry_add: @18 index=38d value=0
kvm_msr_entry_add: @19 index=38f value=0
kvm_msr_entry_add: @20 index=309 value=0
kvm_msr_entry_add: @21 index=30a value=0
kvm_msr_entry_add: @22 index=30b value=0
kvm_msr_entry_add: @23 index=c1 value=0
kvm_msr_entry_add: @24 index=186 value=0
kvm_msr_entry_add: @25 index=c2 value=0
kvm_msr_entry_add: @26 index=187 value=0
kvm_msr_entry_add: @27 index=c3 value=0
kvm_msr_entry_add: @28 index=188 value=0
kvm_msr_entry_add: @29 index=c4 value=0
kvm_msr_entry_add: @30 index=189 value=0
kvm_msr_entry_add: @31 index=38e value=0
kvm_msr_entry_add: @32 index=390 value=0
kvm_msr_entry_add: @33 index=38d value=0
kvm_msr_entry_add: @34 index=38f value=0
kvm_msr_entry_add: @35 index=2ff value=0
kvm_msr_entry_add: @36 index=250 value=0
kvm_msr_entry_add: @37 index=258 value=0
kvm_msr_entry_add: @38 index=259 value=0
kvm_msr_entry_add: @39 index=268 value=0
kvm_msr_entry_add: @40 index=269 value=0
kvm_msr_entry_add: @41 index=26a value=0
kvm_msr_entry_add: @42 index=26b value=0
kvm_msr_entry_add: @43 index=26c value=0
kvm_msr_entry_add: @44 index=26d value=0
kvm_msr_entry_add: @45 index=26e value=0
kvm_msr_entry_add: @46 index=26f value=0
kvm_msr_entry_add: @47 index=200 value=0
kvm_msr_entry_add: @48 index=201 value=0
kvm_msr_entry_add: @49 index=202 value=0
kvm_msr_entry_add: @50 index=203 value=0
kvm_msr_entry_add: @51 index=204 value=0
kvm_msr_entry_add: @52 index=205 value=0
kvm_msr_entry_add: @53 index=206 value=0
kvm_msr_entry_add: @54 index=207 value=0
kvm_msr_entry_add: @55 index=208 value=0
kvm_msr_entry_add: @56 index=209 value=0
kvm_msr_entry_add: @57 index=20a value=0
kvm_msr_entry_add: @58 index=20b value=0
kvm_msr_entry_add: @59 index=20c value=0
kvm_msr_entry_add: @60 index=20d value=0
kvm_msr_entry_add: @61 index=20e value=0
kvm_msr_entry_add: @62 index=20f value=0
kvm_msr_entry_add: @63 index=17a value=0
kvm_msr_entry_add: @64 index=17b value=
kvm_msr_entry_add: @65 index=400 value=
kvm_msr_entry_add: @66 index=401 value=0
kvm_msr_entry_add: @67 index=402 value=0
kvm_msr_entry_add: @68 index=403 value=0
kvm_msr_entry_add: @69 index=404 value=
kvm_msr_entry_add: @70 index=405 value=0
kvm_msr_entry_add: @71 index=406 value=0
kvm_msr_entry_add: @72 index=407 value=0
kvm_msr_entry_add: @73 index=408 value=
kvm_msr_entry_add: @74 index=409 value=0
kvm_msr_entry_add: @75 index=40a value=0
kvm_msr_entry_add: @76 index=40b value=0
kvm_msr_entry_add: @77 index=40c value=
kvm_msr_entry_add: @78 index=40d value=0
kvm_msr_entry_add: @79 index=40e value=0
kvm_msr_entry_add: @80 index=40f value=0
kvm_msr_entry_add: @81 index=410 value=
kvm_msr_entry_add: @82 index=411 value=0
kvm_msr_entry_add: @83 index=412 value=0
kvm_msr_entry_add: @84 index=413 value=0
kvm_msr_entry_add: @85 index=414 value=
kvm_msr_entry_add: @86 index=415 value=0
kvm_msr_entry_add: @87 index=416 value=0
kvm_msr_entry_add: @88 index=417 value=0
kvm_msr_entry_add: @89 index=418 value=
kvm_msr_entry_add: @90 index=419 value=0
kvm_msr_entry_add: @91 index=41a value=0
kvm_msr_entry_add: @92 index=41b value=0
kvm_msr_entry_add: @93 index=41c value=
kvm_msr_entry_add: @94 index=41d value=0
kvm_msr_entry_add: @95 index=41e value=0
kvm_msr_entry_add: @96 index=41f value=0
kvm_msr_entry_add: @97 index=420 value=
kvm_msr_entry_add: @98 index=421 value=0
kvm_msr_entry_add: @99 index=422 value=0
kvm_msr_entry_add: @100 index=423 value=0
kvm_msr_entry_add: @101 index=424 value=
kvm_msr_entry_add: @102 index=425 value=0
kvm_msr_entry_add: @103 index=426 value=0
kvm_msr_entry_add: @104 index=427 value=0
kvm_put_msrs: ret=18 expected=105
qemu-system-x86_64: /home/matwey/lab/qemu/target/i386/kvm.c:1852:
kvm_put_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.

2017-02-03 15:57 GMT+03:00 Dr. David Alan Gilbert :
> Hi Matwey,
>   That shouldn't happen!  The patch you've bisected to is just the one that 
> complains if the ioctl fails rather than silently ignoring the failure - it 
> means the failure probably 

[Qemu-devel] [PATCH 2/4] migration: Add VMSTATE_WITH_TMP

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

VMSTATE_WITH_TMP is for handling structures where some calculation
or rearrangement of the data needs to be performed before the data
hits the wire.
For example,  where the value on the wire is an offset from a
non-migrated base, but the data in the structure is the actual pointer.

To use it, a temporary type is created and a vmsd used on that type.
The first element of the type must be 'parent' a pointer back to the
type of the main structure.  VMSTATE_WITH_TMP takes care of allocating
and freeing the temporary before running the child vmsd.

The post_load/pre_save on the child vmsd can copy things from the parent
to the temporary using the parent pointer and do any other calculations
needed; it can then use normal VMSD entries to do the actual data
storage without having to fiddle around with qemu_get_*/qemu_put_*

Signed-off-by: Dr. David Alan Gilbert 
Reviewed-by: David Gibson 
---
 include/migration/vmstate.h | 19 +++
 migration/vmstate.c | 40 
 2 files changed, 59 insertions(+)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index cc66910..f2dfb85 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -259,6 +259,7 @@ extern const VMStateInfo vmstate_info_cpudouble;
 extern const VMStateInfo vmstate_info_timer;
 extern const VMStateInfo vmstate_info_buffer;
 extern const VMStateInfo vmstate_info_unused_buffer;
+extern const VMStateInfo vmstate_info_tmp;
 extern const VMStateInfo vmstate_info_bitmap;
 extern const VMStateInfo vmstate_info_qtailq;
 
@@ -651,6 +652,24 @@ extern const VMStateInfo vmstate_info_qtailq;
 .offset = offsetof(_state, _field),  \
 }
 
+/* Allocate a temporary of type 'tmp_type', set tmp->parent to _state
+ * and execute the vmsd on the temporary.  Note that we're working with
+ * the whole of _state here, not a field within it.
+ * We compile time check that:
+ *That _tmp_type contains a 'parent' member that's a pointer to the
+ *'_state' type
+ *That the pointer is right at the start of _tmp_type.
+ */
+#define VMSTATE_WITH_TMP(_state, _tmp_type, _vmsd) { \
+.name = "tmp",   \
+.size = sizeof(_tmp_type) +  \
+QEMU_BUILD_BUG_ON_ZERO(offsetof(_tmp_type, parent) != 0) + 
\
+type_check_pointer(_state,   \
+typeof_field(_tmp_type, parent)),\
+.vmsd = &(_vmsd),\
+.info = _info_tmp,   \
+}
+
 #define VMSTATE_UNUSED_BUFFER(_test, _version, _size) {  \
 .name = "unused",\
 .field_exists = (_test), \
diff --git a/migration/vmstate.c b/migration/vmstate.c
index 2b2b3a5..a3de20f 100644
--- a/migration/vmstate.c
+++ b/migration/vmstate.c
@@ -935,6 +935,46 @@ const VMStateInfo vmstate_info_unused_buffer = {
 .put  = put_unused_buffer,
 };
 
+/* vmstate_info_tmp, see VMSTATE_WITH_TMP, the idea is that we allocate
+ * a temporary buffer and the pre_load/pre_save methods in the child vmsd
+ * copy stuff from the parent into the child and do calculations to fill
+ * in fields that don't really exist in the parent but need to be in the
+ * stream.
+ */
+static int get_tmp(QEMUFile *f, void *pv, size_t size, VMStateField *field)
+{
+int ret;
+const VMStateDescription *vmsd = field->vmsd;
+int version_id = field->version_id;
+void *tmp = g_malloc(size);
+
+/* Writes the parent field which is at the start of the tmp */
+*(void **)tmp = pv;
+ret = vmstate_load_state(f, vmsd, tmp, version_id);
+g_free(tmp);
+return ret;
+}
+
+static int put_tmp(QEMUFile *f, void *pv, size_t size, VMStateField *field,
+QJSON *vmdesc)
+{
+const VMStateDescription *vmsd = field->vmsd;
+void *tmp = g_malloc(size);
+
+/* Writes the parent field which is at the start of the tmp */
+*(void **)tmp = pv;
+vmstate_save_state(f, vmsd, tmp, vmdesc);
+g_free(tmp);
+
+return 0;
+}
+
+const VMStateInfo vmstate_info_tmp = {
+.name = "tmp",
+.get = get_tmp,
+.put = put_tmp,
+};
+
 /* bitmaps (as defined by bitmap.h). Note that size here is the size
  * of the bitmap in bits. The on-the-wire format of a bitmap is 64
  * bit words with the bits in big endian order. The in-memory format
-- 
2.9.3

Re: [Qemu-devel] [PATCH v3 4/7] ARM big-endian semihosting support.

[Peter Maydell]

On 20 January 2017 at 16:32, Julian Brown  wrote:
> This patch introduces an ARM-specific version of the memory read/write,
> etc. functions used for semihosting, in order to byte-swap (big-endian)
> target memory that is to be interpreted by the (little-endian) host.
> The target_memory_rw_debug function is used that knows about the
> byte-reversal used for BE32 system mode.
>
> Signed-off-by: Julian Brown 
> ---
>  include/exec/softmmu-arm-semi.h | 131 
> 
>  target/arm/arm-semi.c   |   4 +-
>  target/arm/cpu.c|  24 
>  target/arm/cpu.h|   6 ++
>  4 files changed, 163 insertions(+), 2 deletions(-)
>  create mode 100644 include/exec/softmmu-arm-semi.h
>
> diff --git a/include/exec/softmmu-arm-semi.h b/include/exec/softmmu-arm-semi.h
> new file mode 100644
> index 000..bba9ca6
> --- /dev/null
> +++ b/include/exec/softmmu-arm-semi.h
> @@ -0,0 +1,131 @@
> +/*
> + * Helper routines to provide target memory access for ARM semihosting
> + * syscalls in system emulation mode.
> + *
> + * Copyright (c) 2007 CodeSourcery, (c) 2016 Mentor Graphics
> + *
> + * This code is licensed under the GPL
> + */
> +
> +#ifndef SOFTMMU_ARM_SEMI_H
> +#define SOFTMMU_ARM_SEMI_H 1
> +
> +/* In big-endian mode (either BE8 or BE32), values larger than a byte will be
> + * transferred to/from memory in big-endian format.  Assuming we're on a
> + * little-endian host machine, such values will need to be byteswapped before
> + * and after the host processes them.
> + *
> + * This means that byteswapping will occur *twice* in BE32 mode for
> + * halfword/word reads/writes.
> + */
> +
> +static inline bool arm_bswap_needed(CPUARMState *env)
> +{
> +#ifdef HOST_WORDS_BIGENDIAN
> +#error HOST_WORDS_BIGENDIAN is not supported for ARM semihosting at the 
> moment.
> +#else

This breaks compilation on big-endian systems, right? This needs
to be actually implemented... maybe

return
#ifdef BSWAP_NEEDED
1 ^
#endif
(arm_sctlr_b(env) || arm_cpsr_e(env));

(untested, and there may be a less ugly way to phrase that).

> +return arm_sctlr_b(env) || arm_cpsr_e(env);
> +#endif
> +}

Also, what about AArch64? Should we just be calling
arm_cpu_data_is_big_endian() here?

> +
> +static inline uint64_t softmmu_tget64(CPUArchState *env, target_ulong addr)
> +{
> +uint64_t val;
> +
> +target_memory_rw_debug(ENV_GET_CPU(env), addr, (uint8_t *), 8, 0);
> +if (arm_bswap_needed(env)) {
> +return bswap64(val);
> +} else {
> +return val;
> +}
> +}
> +
> +static inline uint32_t softmmu_tget32(CPUArchState *env, target_ulong addr)
> +{
> +uint32_t val;
> +
> +target_memory_rw_debug(ENV_GET_CPU(env), addr, (uint8_t *), 4, 0);
> +if (arm_bswap_needed(env)) {
> +return bswap32(val);
> +} else {
> +return val;
> +}
> +}
> +
> +static inline uint32_t softmmu_tget8(CPUArchState *env, target_ulong addr)
> +{
> +uint8_t val;
> +target_memory_rw_debug(ENV_GET_CPU(env), addr, , 1, 0);
> +return val;
> +}
> +
> +#define get_user_u64(arg, p) ({ arg = softmmu_tget64(env, p); 0; })
> +#define get_user_u32(arg, p) ({ arg = softmmu_tget32(env, p) ; 0; })
> +#define get_user_u8(arg, p) ({ arg = softmmu_tget8(env, p) ; 0; })
> +#define get_user_ual(arg, p) get_user_u32(arg, p)
> +
> +static inline void softmmu_tput64(CPUArchState *env,
> +  target_ulong addr, uint64_t val)
> +{
> +if (arm_bswap_needed(env)) {
> +val = bswap64(val);
> +}
> +cpu_memory_rw_debug(ENV_GET_CPU(env), addr, (uint8_t *), 8, 1);
> +}
> +
> +static inline void softmmu_tput32(CPUArchState *env,
> +  target_ulong addr, uint32_t val)
> +{
> +if (arm_bswap_needed(env)) {
> +val = bswap32(val);
> +}
> +target_memory_rw_debug(ENV_GET_CPU(env), addr, (uint8_t *), 4, 1);
> +}
> +#define put_user_u64(arg, p) ({ softmmu_tput64(env, p, arg) ; 0; })
> +#define put_user_u32(arg, p) ({ softmmu_tput32(env, p, arg) ; 0; })
> +#define put_user_ual(arg, p) put_user_u32(arg, p)
> +
> +static inline void *softmmu_lock_user(CPUArchState *env,
> +  target_ulong addr, target_ulong len,
> +  int copy)
> +{
> +uint8_t *p;
> +/* TODO: Make this something that isn't fixed size.  */
> +p = malloc(len);
> +if (p && copy) {
> +target_memory_rw_debug(ENV_GET_CPU(env), addr, p, len, 0);
> +}
> +return p;
> +}
> +#define lock_user(type, p, len, copy) softmmu_lock_user(env, p, len, copy)
> +static inline char *softmmu_lock_user_string(CPUArchState *env,
> + target_ulong addr)
> +{
> +char *p;
> +char *s;
> +uint8_t c;
> +/* TODO: Make this something that isn't fixed size.  */
> +s = p = malloc(1024);
> +if (!s) {
> +

Re: [Qemu-devel] [PATCH v3 7/7] ARM BE32 watchpoint fix.

[Peter Maydell]

On 20 January 2017 at 16:32, Julian Brown  wrote:
> In BE32 mode, sub-word size watchpoints can fail to trigger because the
> address of the access is adjusted in the opcode helpers before being
> compared with the watchpoint registers.  This patch reverses the address
> adjustment before performing the comparison with the help of a new CPUClass
> hook.
>
> This version of the patch augments and tidies up comments a little.
>
> Signed-off-by: Julian Brown 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [RFC PATCH] linux-user: Add signal handling for x86_64

[Pranith Kumar]

Peter Maydell writes:

> On 25 January 2017 at 00:10, Pranith Kumar  wrote:
>> Adopted from a previous patch posting:
>> https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg02079.html
>>
>> CC: Allan Wirth 
>> CC: Peter Maydell 
>> Signed-off-by: Pranith Kumar 
>
> Thanks for picking this patch up. A nit about commit message format:
> because this  is mostly Allan's work you need to add his signed-off-by:
> line (which he provided on his original patch posting), and make
> a brief not of what was changed, so it looks like:
>
>   Signed-off-by: Original Author 
>   [OP: changed X, Y, Z]
>   Signed-off-by: Other Person 
>
> It's also in this kind of situation worth considering whether the
> patch would be better attributed to Allan as the git commit 'author'.
> If I've taken somebody else's work and made mostly minor overhauls
> to it I tend to go for giving them credit in the git commit log.

OK, I'll add these SOB lines and attribute it to Allan as he did most of the 
work.

>
>> ---
>>  linux-user/signal.c  | 264 
>> ---
>>  target/i386/cpu.h|   2 +
>>  target/i386/fpu_helper.c |  12 +++
>>  3 files changed, 242 insertions(+), 36 deletions(-)
>>
>> diff --git a/linux-user/signal.c b/linux-user/signal.c
>> index 0a5bb4e26b..0248621d66 100644
>> --- a/linux-user/signal.c
>> +++ b/linux-user/signal.c
>> @@ -253,8 +253,7 @@ int do_sigprocmask(int how, const sigset_t *set, 
>> sigset_t *oldset)
>>  return 0;
>>  }
>>
>> -#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32) && \
>> -!defined(TARGET_X86_64)
>> +#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32)
>>  /* Just set the guest's signal mask to the specified value; the
>>   * caller is assumed to have called block_signals() already.
>>   */
>
> There's a minor conflict here with the Nios2 code that's now
> in master (which added another clause to this #if), but it's
> trivial to resolve.

I'll rebase my patch on master and fix up the conflicts and send a v2.

>
> Otherwise:
>
> Reviewed-by: Peter Maydell 

Thanks for the review!
-- 
Pranith

Re: [Qemu-devel] [RFC PATCH] linux-user: Add signal handling for x86_64

[Wirth, Allan]

Pranith,

Thanks for doing this. I totally forgot about this (my work has moved 
elsewhere) so thank you for picking it back up.

Please don’t worry about the attribution.

The patch LGTM. :)

Cheers,
Allan

On 2/3/17, 10:55 AM, "Pranith Kumar"  wrote:


Peter Maydell writes:

> On 25 January 2017 at 00:10, Pranith Kumar  wrote:
>> Adopted from a previous patch posting:
>> https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg02079.html
>>
>> CC: Allan Wirth 
>> CC: Peter Maydell 
>> Signed-off-by: Pranith Kumar 
>
> Thanks for picking this patch up. A nit about commit message format:
> because this  is mostly Allan's work you need to add his signed-off-by:
> line (which he provided on his original patch posting), and make
> a brief not of what was changed, so it looks like:
>
>   Signed-off-by: Original Author 
>   [OP: changed X, Y, Z]
>   Signed-off-by: Other Person 
>
> It's also in this kind of situation worth considering whether the
> patch would be better attributed to Allan as the git commit 'author'.
> If I've taken somebody else's work and made mostly minor overhauls
> to it I tend to go for giving them credit in the git commit log.

OK, I'll add these SOB lines and attribute it to Allan as he did most of 
the work.

>
>> ---
>>  linux-user/signal.c  | 264 
---
>>  target/i386/cpu.h|   2 +
>>  target/i386/fpu_helper.c |  12 +++
>>  3 files changed, 242 insertions(+), 36 deletions(-)
>>
>> diff --git a/linux-user/signal.c b/linux-user/signal.c
>> index 0a5bb4e26b..0248621d66 100644
>> --- a/linux-user/signal.c
>> +++ b/linux-user/signal.c
>> @@ -253,8 +253,7 @@ int do_sigprocmask(int how, const sigset_t *set, 
sigset_t *oldset)
>>  return 0;
>>  }
>>
>> -#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32) && \
>> -!defined(TARGET_X86_64)
>> +#if !defined(TARGET_OPENRISC) && !defined(TARGET_UNICORE32)
>>  /* Just set the guest's signal mask to the specified value; the
>>   * caller is assumed to have called block_signals() already.
>>   */
>
> There's a minor conflict here with the Nios2 code that's now
> in master (which added another clause to this #if), but it's
> trivial to resolve.

I'll rebase my patch on master and fix up the conflicts and send a v2.

>
> Otherwise:
>
> Reviewed-by: Peter Maydell 

Thanks for the review!
-- 
Pranith

[Qemu-devel] [PATCH 4/4] virtio/migration: Migrate virtio-net to VMState

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Signed-off-by: Dr. David Alan Gilbert 
---
 hw/net/virtio-net.c| 316 +++--
 include/hw/virtio/virtio-net.h |   4 +-
 2 files changed, 213 insertions(+), 107 deletions(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 7b3ad4a..41723a4 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1557,119 +1557,22 @@ static void virtio_net_set_multiqueue(VirtIONet *n, 
int multiqueue)
 virtio_net_set_queues(n);
 }
 
-static void virtio_net_save_device(VirtIODevice *vdev, QEMUFile *f)
+static int virtio_net_post_load_device(void *opaque, int version_id)
 {
-VirtIONet *n = VIRTIO_NET(vdev);
-int i;
-
-qemu_put_buffer(f, n->mac, ETH_ALEN);
-qemu_put_be32(f, n->vqs[0].tx_waiting);
-qemu_put_be32(f, n->mergeable_rx_bufs);
-qemu_put_be16(f, n->status);
-qemu_put_byte(f, n->promisc);
-qemu_put_byte(f, n->allmulti);
-qemu_put_be32(f, n->mac_table.in_use);
-qemu_put_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN);
-qemu_put_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
-qemu_put_be32(f, n->has_vnet_hdr);
-qemu_put_byte(f, n->mac_table.multi_overflow);
-qemu_put_byte(f, n->mac_table.uni_overflow);
-qemu_put_byte(f, n->alluni);
-qemu_put_byte(f, n->nomulti);
-qemu_put_byte(f, n->nouni);
-qemu_put_byte(f, n->nobcast);
-qemu_put_byte(f, n->has_ufo);
-if (n->max_queues > 1) {
-qemu_put_be16(f, n->max_queues);
-qemu_put_be16(f, n->curr_queues);
-for (i = 1; i < n->curr_queues; i++) {
-qemu_put_be32(f, n->vqs[i].tx_waiting);
-}
-}
-
-if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
-qemu_put_be64(f, n->curr_guest_offloads);
-}
-}
-
-static int virtio_net_load_device(VirtIODevice *vdev, QEMUFile *f,
-  int version_id)
-{
-VirtIONet *n = VIRTIO_NET(vdev);
+VirtIONet *n = opaque;
+VirtIODevice *vdev = VIRTIO_DEVICE(n);
 int i, link_down;
 
-qemu_get_buffer(f, n->mac, ETH_ALEN);
-n->vqs[0].tx_waiting = qemu_get_be32(f);
-
-virtio_net_set_mrg_rx_bufs(n, qemu_get_be32(f),
+virtio_net_set_mrg_rx_bufs(n, n->mergeable_rx_bufs,
virtio_vdev_has_feature(vdev,
VIRTIO_F_VERSION_1));
 
-n->status = qemu_get_be16(f);
-
-n->promisc = qemu_get_byte(f);
-n->allmulti = qemu_get_byte(f);
-
-n->mac_table.in_use = qemu_get_be32(f);
 /* MAC_TABLE_ENTRIES may be different from the saved image */
-if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) {
-qemu_get_buffer(f, n->mac_table.macs,
-n->mac_table.in_use * ETH_ALEN);
-} else {
-int64_t i;
-
-/* Overflow detected - can happen if source has a larger MAC table.
- * We simply set overflow flag so there's no need to maintain the
- * table of addresses, discard them all.
- * Note: 64 bit math to avoid integer overflow.
- */
-for (i = 0; i < (int64_t)n->mac_table.in_use * ETH_ALEN; ++i) {
-qemu_get_byte(f);
-}
-n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1;
+if (n->mac_table.in_use > MAC_TABLE_ENTRIES) {
 n->mac_table.in_use = 0;
 }
- 
-qemu_get_buffer(f, (uint8_t *)n->vlans, MAX_VLAN >> 3);
-
-if (qemu_get_be32(f) && !peer_has_vnet_hdr(n)) {
-error_report("virtio-net: saved image requires vnet_hdr=on");
-return -1;
-}
-
-n->mac_table.multi_overflow = qemu_get_byte(f);
-n->mac_table.uni_overflow = qemu_get_byte(f);
-
-n->alluni = qemu_get_byte(f);
-n->nomulti = qemu_get_byte(f);
-n->nouni = qemu_get_byte(f);
-n->nobcast = qemu_get_byte(f);
-
-if (qemu_get_byte(f) && !peer_has_ufo(n)) {
-error_report("virtio-net: saved image requires TUN_F_UFO support");
-return -1;
-}
 
-if (n->max_queues > 1) {
-if (n->max_queues != qemu_get_be16(f)) {
-error_report("virtio-net: different max_queues ");
-return -1;
-}
-
-n->curr_queues = qemu_get_be16(f);
-if (n->curr_queues > n->max_queues) {
-error_report("virtio-net: curr_queues %x > max_queues %x",
- n->curr_queues, n->max_queues);
-return -1;
-}
-for (i = 1; i < n->curr_queues; i++) {
-n->vqs[i].tx_waiting = qemu_get_be32(f);
-}
-}
-
-if (virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
-n->curr_guest_offloads = qemu_get_be64(f);
-} else {
+if (!virtio_vdev_has_feature(vdev, VIRTIO_NET_F_CTRL_GUEST_OFFLOADS)) {
 n->curr_guest_offloads = virtio_net_supported_guest_offloads(n);
 }
 
@@ -1703,6 +1606,210 @@ static int virtio_net_load_device(VirtIODevice *vdev, 

[Qemu-devel] [PATCH 11/18] nbd: BLOCK_STATUS for bitmap export: server part

[Vladimir Sementsov-Ogievskiy]

Only one meta context type is defined: qemu-bitmap:.
Maximum one query is allowed for NBD_OPT_{SET,LIST}_META_CONTEXT,
NBD_REP_ERR_TOO_BIG is returned otherwise.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/nbd.h |  15 ++
 nbd/nbd-internal.h  |   6 +
 nbd/server.c| 445 
 3 files changed, 466 insertions(+)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index dae2e4bd03..516a24765c 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -94,6 +94,16 @@ typedef struct NBDStructuredError {
 uint16_t message_length;
 } QEMU_PACKED NBDStructuredError;
 
+typedef struct NBDStructuredMeta {
+NBDStructuredReplyChunk h;
+uint32_t context_id;
+} QEMU_PACKED NBDStructuredMeta;
+
+typedef struct NBDExtent {
+uint32_t length;
+uint32_t flags;
+} QEMU_PACKED NBDExtent;
+
 /* Transmission (export) flags: sent from server to client during handshake,
but describe what will happen during transmission */
 #define NBD_FLAG_HAS_FLAGS  (1 << 0)/* Flags are there */
@@ -120,6 +130,7 @@ typedef struct NBDStructuredError {
 
 #define NBD_REP_ACK (1) /* Data sending finished. */
 #define NBD_REP_SERVER  (2) /* Export description. */
+#define NBD_REP_META_CONTEXT(4)
 
 #define NBD_REP_ERR_UNSUP   NBD_REP_ERR(1)  /* Unknown option */
 #define NBD_REP_ERR_POLICY  NBD_REP_ERR(2)  /* Server denied */
@@ -127,6 +138,8 @@ typedef struct NBDStructuredError {
 #define NBD_REP_ERR_PLATFORMNBD_REP_ERR(4)  /* Not compiled in */
 #define NBD_REP_ERR_TLS_REQDNBD_REP_ERR(5)  /* TLS required */
 #define NBD_REP_ERR_SHUTDOWNNBD_REP_ERR(7)  /* Server shutting down */
+#define NBD_REP_ERR_TOO_BIG NBD_REP_ERR(9)  /* The request or the reply is
+   too large to process */
 
 /* Request flags, sent from client to server during transmission phase */
 #define NBD_CMD_FLAG_FUA(1 << 0) /* 'force unit access' during write */
@@ -142,6 +155,7 @@ enum {
 NBD_CMD_TRIM = 4,
 /* 5 reserved for failed experiment NBD_CMD_CACHE */
 NBD_CMD_WRITE_ZEROES = 6,
+NBD_CMD_BLOCK_STATUS = 7
 };
 
 #define NBD_DEFAULT_PORT   10809
@@ -163,6 +177,7 @@ enum {
 #define NBD_REPLY_TYPE_NONE 0
 #define NBD_REPLY_TYPE_OFFSET_DATA 1
 #define NBD_REPLY_TYPE_OFFSET_HOLE 2
+#define NBD_REPLY_TYPE_BLOCK_STATUS 5
 #define NBD_REPLY_TYPE_ERROR ((1 << 15) + 1)
 #define NBD_REPLY_TYPE_ERROR_OFFSET ((1 << 15) + 2)
 
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 3284bfc85a..fbbcf69925 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -83,6 +83,10 @@
 #define NBD_OPT_PEEK_EXPORT (4)
 #define NBD_OPT_STARTTLS(5)
 #define NBD_OPT_STRUCTURED_REPLY (8)
+#define NBD_OPT_LIST_META_CONTEXT (9)
+#define NBD_OPT_SET_META_CONTEXT  (10)
+
+#define NBD_META_NS_BITMAPS "qemu-dirty-bitmap"
 
 /* NBD errors are based on errno numbers, so there is a 1:1 mapping,
  * but only a limited set of errno values is specified in the protocol.
@@ -105,6 +109,8 @@ static inline const char *nbd_opt_name(int opt)
 case NBD_OPT_PEEK_EXPORT: return "peek_export";
 case NBD_OPT_STARTTLS: return "tls";
 case NBD_OPT_STRUCTURED_REPLY: return "structured_reply";
+case NBD_OPT_LIST_META_CONTEXT: return "list_meta_context";
+case NBD_OPT_SET_META_CONTEXT: return "set_meta_context";
 }
 
 return "";
diff --git a/nbd/server.c b/nbd/server.c
index cb79a93c87..0b7b7230df 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -21,6 +21,8 @@
 #include "qapi/error.h"
 #include "nbd-internal.h"
 
+#define NBD_MAX_BITMAP_EXTENTS (0x10 / 8) /* 1 mb of extents data */
+
 static int system_errno_to_nbd_errno(int err)
 {
 switch (err) {
@@ -102,6 +104,7 @@ struct NBDClient {
 bool closing;
 
 bool structured_reply;
+BdrvDirtyBitmap *export_bitmap;
 };
 
 /* That's all folks */
@@ -421,7 +424,304 @@ static QIOChannel 
*nbd_negotiate_handle_starttls(NBDClient *client,
 return QIO_CHANNEL(tioc);
 }
 
+static int nbd_negotiate_read_size_string(QIOChannel *ioc, char **str,
+  uint32_t max_len)
+{
+uint32_t len;
+
+if (nbd_negotiate_read(ioc, , sizeof(len)) != sizeof(len)) {
+LOG("read failed");
+return -EIO;
+}
+
+cpu_to_be32s();
+
+if (max_len > 0 && len > max_len) {
+LOG("Bad length received");
+return -EINVAL;
+}
+
+*str = g_malloc(len + 1);
+
+if (nbd_negotiate_read(ioc, *str, len) != len) {
+LOG("read failed");
+g_free(str);
+return -EIO;
+}
+(*str)[len] = '\0';
+
+return sizeof(len) + len;
+}
+
+static int nbd_negotiate_send_meta_context(QIOChannel *ioc,
+   const char *context,
+   uint32_t opt)
+{
+int ret;
+size_t len = strlen(context);

Re: [Qemu-devel] [PATCH v3 6/7] Fix Thumb-1 BE32 execution and disassembly.

[Peter Maydell]

On 20 January 2017 at 16:32, Julian Brown  wrote:
> Thumb-1 code has some issues in BE32 mode (as currently implemented). In
> short, since bytes are swapped within words at load time for BE32
> executables, this also swaps pairs of adjacent Thumb-1 instructions.
>
> This patch un-swaps those pairs of instructions again, both for execution,
> and for disassembly. (The previous version of the patch always read four
> bytes in arm_read_memory_func and then extracted the proper two bytes,
> in a probably misguided attempt to match the behaviour of actual hardware
> as described by e.g. the ARM9TDMI TRM, section 3.3 "Endian effects for
> instruction fetches". It's less complicated to just read the correct
> two bytes though.)
>

Reviewed-by: Peter Maydell 

thanks
-- PMM

[Qemu-devel] [PATCH 3/4] tests/migration: Add test for VMSTATE_WITH_TMP

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Add a test for VMSTATE_WITH_TMP to tests/test-vmstate.c

Signed-off-by: Dr. David Alan Gilbert 
---
 tests/test-vmstate.c | 98 
 1 file changed, 92 insertions(+), 6 deletions(-)

diff --git a/tests/test-vmstate.c b/tests/test-vmstate.c
index 9d87faf..d0dd390 100644
--- a/tests/test-vmstate.c
+++ b/tests/test-vmstate.c
@@ -90,7 +90,7 @@ static void save_buffer(const uint8_t *buf, size_t buf_size)
 qemu_fclose(fsave);
 }
 
-static void compare_vmstate(uint8_t *wire, size_t size)
+static void compare_vmstate(const uint8_t *wire, size_t size)
 {
 QEMUFile *f = open_test_file(false);
 uint8_t result[size];
@@ -113,7 +113,7 @@ static void compare_vmstate(uint8_t *wire, size_t size)
 }
 
 static int load_vmstate_one(const VMStateDescription *desc, void *obj,
-int version, uint8_t *wire, size_t size)
+int version, const uint8_t *wire, size_t size)
 {
 QEMUFile *f;
 int ret;
@@ -137,7 +137,7 @@ static int load_vmstate_one(const VMStateDescription *desc, 
void *obj,
 static int load_vmstate(const VMStateDescription *desc,
 void *obj, void *obj_clone,
 void (*obj_copy)(void *, void*),
-int version, uint8_t *wire, size_t size)
+int version, const uint8_t *wire, size_t size)
 {
 /* We test with zero size */
 obj_copy(obj_clone, obj);
@@ -289,7 +289,6 @@ static void test_simple_primitive(void)
 FIELD_EQUAL(i64_1);
 FIELD_EQUAL(i64_2);
 }
-#undef FIELD_EQUAL
 
 typedef struct TestStruct {
 uint32_t a, b, c, e;
@@ -474,7 +473,6 @@ static void test_load_skip(void)
 qemu_fclose(loading);
 }
 
-
 typedef struct {
 int32_t i;
 } TestStructTriv;
@@ -688,6 +686,94 @@ static void test_load_q(void)
 qemu_fclose(fload);
 }
 
+typedef struct TmpTestStruct {
+TestStruct *parent;
+int64_t diff;
+} TmpTestStruct;
+
+static void tmp_child_pre_save(void *opaque)
+{
+struct TmpTestStruct *tts = opaque;
+
+tts->diff = tts->parent->b - tts->parent->a;
+}
+
+static int tmp_child_post_load(void *opaque, int version_id)
+{
+struct TmpTestStruct *tts = opaque;
+
+tts->parent->b = tts->parent->a + tts->diff;
+
+return 0;
+}
+
+static const VMStateDescription vmstate_tmp_back_to_parent = {
+.name = "test/tmp_child_parent",
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(f, TestStruct),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static const VMStateDescription vmstate_tmp_child = {
+.name = "test/tmp_child",
+.pre_save = tmp_child_pre_save,
+.post_load = tmp_child_post_load,
+.fields = (VMStateField[]) {
+VMSTATE_INT64(diff, TmpTestStruct),
+VMSTATE_STRUCT_POINTER(parent, TmpTestStruct,
+   vmstate_tmp_back_to_parent, TestStruct),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static const VMStateDescription vmstate_with_tmp = {
+.name = "test/with_tmp",
+.version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(a, TestStruct),
+VMSTATE_UINT64(d, TestStruct),
+VMSTATE_WITH_TMP(TestStruct, TmpTestStruct, vmstate_tmp_child),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void obj_tmp_copy(void *target, void *source)
+{
+memcpy(target, source, sizeof(TestStruct));
+}
+
+static void test_tmp_struct(void)
+{
+TestStruct obj, obj_clone;
+
+uint8_t const wire_with_tmp[] = {
+/* u32 a */ 0x00, 0x00, 0x00, 0x02,
+/* u64 d */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+/* diff  */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+/* u64 f */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
+QEMU_VM_EOF, /* just to ensure we won't get EOF reported prematurely */
+};
+
+memset(, 0, sizeof(obj));
+obj.a = 2;
+obj.b = 4;
+obj.d = 1;
+obj.f = 8;
+save_vmstate(_with_tmp, );
+
+compare_vmstate(wire_with_tmp, sizeof(wire_with_tmp));
+
+memset(, 0, sizeof(obj));
+SUCCESS(load_vmstate(_with_tmp, , _clone,
+ obj_tmp_copy, 1, wire_with_tmp,
+ sizeof(wire_with_tmp)));
+g_assert_cmpint(obj.a, ==, 2); /* From top level vmsd */
+g_assert_cmpint(obj.b, ==, 4); /* from the post_load */
+g_assert_cmpint(obj.d, ==, 1); /* From top level vmsd */
+g_assert_cmpint(obj.f, ==, 8); /* From the child->parent */
+}
+
 int main(int argc, char **argv)
 {
 temp_fd = mkstemp(temp_file);
@@ -708,7 +794,7 @@ int main(int argc, char **argv)
 test_arr_ptr_str_no0_load);
 g_test_add_func("/vmstate/qtailq/save/saveq", test_save_q);
 g_test_add_func("/vmstate/qtailq/load/loadq", test_load_q);
-
+g_test_add_func("/vmstate/tmp_struct", test_tmp_struct);
 g_test_run();
 
 close(temp_fd);
-- 
2.9.3

[Qemu-devel] [PATCH 1/4] migration: Add VMSTATE_UNUSED_VARRAY_UINT32

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

VMSTATE_UNUSED_VARRAY_UINT32 is used to skip a chunk of the stream
that's an n-element array;  note the array size and the dynamic value
read never get multiplied so there's no overflow risk.

Signed-off-by: Dr. David Alan Gilbert 
---
 include/migration/vmstate.h | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 6233fe2..cc66910 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -660,6 +660,17 @@ extern const VMStateInfo vmstate_info_qtailq;
 .flags= VMS_BUFFER,  \
 }
 
+/* Discard size * field_num bytes, where field_num is a uint32 member */
+#define VMSTATE_UNUSED_VARRAY_UINT32(_state, _test, _version, _field_num, 
_size) {\
+.name = "unused",\
+.field_exists = (_test), \
+.num_offset   = vmstate_offset_value(_state, _field_num, uint32_t),\
+.version_id   = (_version),  \
+.size = (_size), \
+.info = _info_unused_buffer, \
+.flags= VMS_VARRAY_UINT32 | VMS_BUFFER,  \
+}
+
 /* _field_size should be a int32_t field in the _state struct giving the
  * size of the bitmap _field in bits.
  */
-- 
2.9.3

[Qemu-devel] [PATCH 16/18] iotests: add test for nbd dirty bitmap export

[Vladimir Sementsov-Ogievskiy]

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/180 | 133 +
 tests/qemu-iotests/180.out |   5 ++
 tests/qemu-iotests/group   |   1 +
 3 files changed, 139 insertions(+)
 create mode 100755 tests/qemu-iotests/180
 create mode 100644 tests/qemu-iotests/180.out

diff --git a/tests/qemu-iotests/180 b/tests/qemu-iotests/180
new file mode 100755
index 00..e8238a064a
--- /dev/null
+++ b/tests/qemu-iotests/180
@@ -0,0 +1,133 @@
+#!/usr/bin/env python
+#
+# Test case for NBD's bitmap export
+# Copyright (C) 2017 Virtuozzo.
+#
+# derived from io test 147, original copyright:
+# Copyright (C) 2016 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import os
+import socket
+import stat
+import time
+import iotests
+from iotests import cachemode, imgfmt, qemu_img, qemu_nbd
+
+NBD_PORT = 10811
+
+test_img = os.path.join(iotests.test_dir, 'test.img')
+unix_socket = os.path.join(iotests.test_dir, 'nbd.socket')
+
+class NBDBlockdevAddBase(iotests.QMPTestCase):
+def blockdev_add_options(self, address, export=None):
+options = { 'node-name': 'nbd-blockdev',
+'driver': 'raw',
+'file': {
+'driver': 'nbd',
+'server': address,
+'bitmap': 'mega'
+} }
+if export is not None:
+options['file']['export'] = export
+return options
+
+def client_test(self, filename, address, sha256, export=None):
+bao = self.blockdev_add_options(address, export)
+result = self.vm.qmp('blockdev-add', **bao)
+self.assert_qmp(result, 'return', {})
+
+result = self.vm.qmp('query-named-block-nodes')
+for node in result['return']:
+if node['node-name'] == 'nbd-blockdev':
+if isinstance(filename, str):
+self.assert_qmp(node, 'image/filename', filename)
+else:
+self.assert_json_filename_equal(node['image']['filename'],
+filename)
+break
+
+result = self.vm.qmp('block-dirty-bitmap-load',
+ node='nbd-blockdev', name='mega')
+self.assert_qmp(result, 'return', {})
+
+result = self.vm.qmp('x-debug-block-dirty-bitmap-sha256',
+   node='nbd-blockdev', name='mega')
+self.assert_qmp(result, 'return/sha256', sha256);
+
+def setUp(self):
+qemu_img('create', '-f', iotests.imgfmt, test_img, '0x4')
+self.vm = iotests.VM()
+self.vm.launch()
+
+self.server = iotests.VM('.server')
+self.server.add_drive_raw('if=none,id=nbd-export,' +
+  'file=%s,' % test_img +
+  'format=%s,' % imgfmt +
+  'cache=%s' % cachemode)
+self.server.launch()
+
+def tearDown(self):
+self.vm.shutdown()
+self.server.shutdown()
+os.remove(test_img)
+
+def _server_up(self, address):
+result = self.server.qmp('nbd-server-start', addr=address)
+self.assert_qmp(result, 'return', {})
+
+result = self.server.qmp('nbd-server-add', device='nbd-export')
+self.assert_qmp(result, 'return', {})
+
+def _server_down(self):
+result = self.server.qmp('nbd-server-stop')
+self.assert_qmp(result, 'return', {})
+
+def test_export_bitmap(self):
+address = { 'type': 'inet',
+'data': {
+'host': 'localhost',
+'port': str(NBD_PORT)
+} }
+
+granularity = 65536
+regions = [
+{ 'start': 0,   'count': 0x10 },
+{ 'start': 0x1, 'count': 0x20  },
+{ 'start': 0x39990, 'count': 0x10  }
+]
+
+result = self.server.qmp('block-dirty-bitmap-add', node='nbd-export',
+ name='mega', granularity=granularity)
+self.assert_qmp(result, 'return', {});
+
+for r in regions:
+self.server.hmp_qemu_io('nbd-export',
+'write %d %d' % (r['start'], r['count']))
+
+

[Qemu-devel] [PATCH 12/18] nbd: BLOCK_STATUS for bitmap export: client part

[Vladimir Sementsov-Ogievskiy]

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/nbd-client.c   | 146 ++-
 block/nbd-client.h   |   6 +++
 block/nbd.c  |   9 +++-
 include/block/nbd.h  |   6 ++-
 nbd/client.c | 103 +++-
 nbd/server.c |   2 -
 qapi/block-core.json |   5 +-
 qemu-nbd.c   |   2 +-
 8 files changed, 270 insertions(+), 9 deletions(-)

diff --git a/block/nbd-client.c b/block/nbd-client.c
index ff96bd1635..c7eb21fb02 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -388,6 +388,147 @@ int nbd_client_co_pdiscard(BlockDriverState *bs, int64_t 
offset, int count)
 
 }
 
+static inline ssize_t read_sync(QIOChannel *ioc, void *buffer, size_t size)
+{
+struct iovec iov = { .iov_base = buffer, .iov_len = size };
+/* Sockets are kept in blocking mode in the negotiation phase.  After
+ * that, a non-readable socket simply means that another thread stole
+ * our request/reply.  Synchronization is done with recv_coroutine, so
+ * that this is coroutine-safe.
+ */
+return nbd_wr_syncv(ioc, , 1, size, true);
+}
+
+static int nbd_client_co_cmd_block_status(BlockDriverState *bs, uint64_t 
offset,
+  uint64_t bytes, NBDExtent **pextents,
+  unsigned *nb_extents)
+{
+int64_t ret;
+NBDReply reply;
+uint32_t context_id;
+int64_t nb, i;
+NBDExtent *extents = NULL;
+NBDClientSession *client = nbd_get_client_session(bs);
+NBDRequest request = {
+.type = NBD_CMD_BLOCK_STATUS,
+.from = offset,
+.len = bytes,
+.flags = 0,
+};
+
+nbd_coroutine_start(client, );
+
+ret = nbd_co_send_request(bs, , NULL);
+if (ret < 0) {
+goto fail;
+}
+
+nbd_co_receive_reply(client, , , NULL);
+if (reply.error != 0) {
+ret = -reply.error;
+}
+if (reply.simple) {
+ret = -EINVAL;
+goto fail;
+}
+if (reply.error != 0) {
+ret = -reply.error;
+goto fail;
+}
+if (reply.type != NBD_REPLY_TYPE_BLOCK_STATUS) {
+ret = -EINVAL;
+goto fail;
+}
+
+read_sync(client->ioc, _id, sizeof(context_id));
+cpu_to_be32s(_id);
+if (client->meta_data_context_id != context_id) {
+ret = -EINVAL;
+goto fail;
+}
+
+nb = (reply.length - sizeof(context_id)) / sizeof(NBDExtent);
+extents = g_new(NBDExtent, nb);
+if (read_sync(client->ioc, extents, nb * sizeof(NBDExtent)) !=
+nb * sizeof(NBDExtent))
+{
+ret = -EIO;
+goto fail;
+}
+
+if (!(reply.flags && NBD_REPLY_FLAG_DONE)) {
+nbd_co_receive_reply(client, , , NULL);
+if (reply.simple) {
+ret = -EINVAL;
+goto fail;
+}
+if (reply.error != 0) {
+ret = -reply.error;
+goto fail;
+}
+if (reply.type != NBD_REPLY_TYPE_NONE ||
+!(reply.flags && NBD_REPLY_FLAG_DONE)) {
+ret = -EINVAL;
+goto fail;
+}
+}
+
+for (i = 0; i < nb; ++i) {
+cpu_to_be32s([i].length);
+cpu_to_be32s([i].flags);
+}
+
+*pextents = extents;
+*nb_extents = nb;
+nbd_coroutine_end(client, );
+return 0;
+
+fail:
+g_free(extents);
+nbd_coroutine_end(client, );
+return ret;
+}
+
+/* nbd_client_co_load_bitmap_part() returns end of set area, i.e. first next
+ * byte of unknown status (may be >= disk size, which means that the bitmap was
+ * set up to the end).
+ */
+int64_t nbd_client_co_load_bitmap_part(BlockDriverState *bs, uint64_t offset,
+   uint64_t bytes, BdrvDirtyBitmap *bitmap)
+{
+int64_t ret;
+uint64_t start_byte;
+uint32_t nb_extents;
+int64_t i, start_sector, last_sector, nr_sectors;
+NBDExtent *extents = NULL;
+
+ret = nbd_client_co_cmd_block_status(bs, offset, bytes, ,
+ _extents);
+if (ret < 0) {
+return ret;
+}
+
+start_byte = offset;
+for (i = 0; i < nb_extents; ++i) {
+if (extents[i].flags == 1) {
+start_sector = start_byte >> BDRV_SECTOR_BITS;
+last_sector =
+(start_byte + extents[i].length - 1) >> BDRV_SECTOR_BITS;
+nr_sectors = last_sector - start_sector + 1;
+
+bdrv_set_dirty_bitmap(bitmap, start_sector, nr_sectors);
+}
+
+start_byte += extents[i].length;
+}
+
+g_free(extents);
+
+return ROUND_UP((uint64_t)start_byte,
+(uint64_t)bdrv_dirty_bitmap_granularity(bitmap));
+}
+
+
 void nbd_client_detach_aio_context(BlockDriverState *bs)
 {
 aio_set_fd_handler(bdrv_get_aio_context(bs),
@@ -421,6 +562,7 @@ int nbd_client_init(BlockDriverState *bs,
 const char *export,
 QCryptoTLSCreds *tlscreds,

Re: [Qemu-devel] [PATCH v3 3/7] Move target_memory_rw_debug function.

[Peter Maydell]

On 20 January 2017 at 16:30, Julian Brown  wrote:
> This patch moves the target_memory_rw_debug function to
> include/exec/cpu-all.h, so that it can be used by the ARM semihosting
> code as well as the gdbstub code. (I tried Peter Maydell's suggestion
> of include/qom/cpu.h as a location for the function, but that raised
> uncomfortably-many dependency problems for my taste).
>
> Signed-off-by: Julian Brown 
> ---
>  gdbstub.c  | 11 ---
>  include/exec/cpu-all.h | 22 ++
>  2 files changed, 22 insertions(+), 11 deletions(-)
>

Reviewed-by: Peter Maydell 

thanks
-- PMM

[Qemu-devel] [PATCH 14/18] qmp: add x-debug-block-dirty-bitmap-sha256

[Vladimir Sementsov-Ogievskiy]

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/dirty-bitmap.c |  5 +
 blockdev.c   | 29 +
 include/block/dirty-bitmap.h |  2 ++
 include/qemu/hbitmap.h   |  8 
 qapi/block-core.json | 27 +++
 tests/Makefile.include   |  2 +-
 util/hbitmap.c   | 11 +++
 7 files changed, 83 insertions(+), 1 deletion(-)

diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index 394d4328d5..a4f77dcf73 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -598,3 +598,8 @@ BdrvDirtyBitmap *bdrv_load_dirty_bitmap(BlockDriverState 
*bs, const char *name,
 
 return lbco.ret;
 }
+
+char *bdrv_dirty_bitmap_sha256(const BdrvDirtyBitmap *bitmap, Error **errp)
+{
+return hbitmap_sha256(bitmap->bitmap, errp);
+}
diff --git a/blockdev.c b/blockdev.c
index 245e1e1d17..1bc3fe386a 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -2790,6 +2790,35 @@ void qmp_block_dirty_bitmap_clear(const char *node, 
const char *name,
 aio_context_release(aio_context);
 }
 
+BlockDirtyBitmapSha256 *qmp_x_debug_block_dirty_bitmap_sha256(const char *node,
+  const char *name,
+  Error **errp)
+{
+AioContext *aio_context;
+BdrvDirtyBitmap *bitmap;
+BlockDriverState *bs;
+BlockDirtyBitmapSha256 *ret = NULL;
+char *sha256;
+
+bitmap = block_dirty_bitmap_lookup(node, name, , _context, errp);
+if (!bitmap || !bs) {
+return NULL;
+}
+
+sha256 = bdrv_dirty_bitmap_sha256(bitmap, errp);
+if (sha256 == NULL) {
+goto out;
+}
+
+ret = g_new(BlockDirtyBitmapSha256, 1);
+ret->sha256 = sha256;
+
+out:
+aio_context_release(aio_context);
+
+return ret;
+}
+
 void hmp_drive_del(Monitor *mon, const QDict *qdict)
 {
 const char *id = qdict_get_str(qdict, "id");
diff --git a/include/block/dirty-bitmap.h b/include/block/dirty-bitmap.h
index c0c70a8c67..0efb5591d6 100644
--- a/include/block/dirty-bitmap.h
+++ b/include/block/dirty-bitmap.h
@@ -80,4 +80,6 @@ BdrvDirtyBitmap *bdrv_dirty_bitmap_next(BlockDriverState *bs,
 BdrvDirtyBitmap *bdrv_load_dirty_bitmap(BlockDriverState *bs, const char *name,
 Error **errp);
 
+char *bdrv_dirty_bitmap_sha256(const BdrvDirtyBitmap *bitmap, Error **errp);
+
 #endif
diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index d6fe553b12..42685b4289 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -225,6 +225,14 @@ void hbitmap_deserialize_zeroes(HBitmap *hb, uint64_t 
start, uint64_t count,
 void hbitmap_deserialize_finish(HBitmap *hb);
 
 /**
+ * hbitmap_sha256:
+ * @bitmap: HBitmap to operate on.
+ *
+ * Returns SHA256 hash of the last level.
+ */
+char *hbitmap_sha256(const HBitmap *bitmap, Error **errp);
+
+/**
  * hbitmap_free:
  * @hb: HBitmap to operate on.
  *
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 0e15c73774..b258c45595 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -1280,6 +1280,33 @@
   'data': 'BlockDirtyBitmap' }
 
 ##
+# @BlockDirtyBitmapSha256:
+#
+# SHA256 hash of dirty bitmap data
+#
+# @sha256: bitmap SHA256 hash
+#
+# Since: 2.9
+##
+  { 'struct': 'BlockDirtyBitmapSha256',
+'data': {'sha256': 'str'} }
+
+##
+# @x-debug-block-dirty-bitmap-sha256:
+#
+# Get bitmap SHA256
+#
+# Returns: BlockDirtyBitmapSha256 on success
+#  If @node is not a valid block device, DeviceNotFound
+#  If @name is not found or if hashing is failed, GenericError with an
+#  explanation
+#
+# Since: 2.9
+##
+  { 'command': 'x-debug-block-dirty-bitmap-sha256',
+'data': 'BlockDirtyBitmap', 'returns': 'BlockDirtyBitmapSha256' }
+
+##
 # @blockdev-mirror:
 #
 # Start mirroring a block device's writes to a new destination.
diff --git a/tests/Makefile.include b/tests/Makefile.include
index 4841d582a1..0ee7e30a63 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -497,7 +497,7 @@ tests/test-blockjob$(EXESUF): tests/test-blockjob.o 
$(test-block-obj-y) $(test-u
 tests/test-blockjob-txn$(EXESUF): tests/test-blockjob-txn.o 
$(test-block-obj-y) $(test-util-obj-y)
 tests/test-thread-pool$(EXESUF): tests/test-thread-pool.o $(test-block-obj-y)
 tests/test-iov$(EXESUF): tests/test-iov.o $(test-util-obj-y)
-tests/test-hbitmap$(EXESUF): tests/test-hbitmap.o $(test-util-obj-y)
+tests/test-hbitmap$(EXESUF): tests/test-hbitmap.o $(test-util-obj-y) 
$(test-crypto-obj-y)
 tests/test-x86-cpuid$(EXESUF): tests/test-x86-cpuid.o
 tests/test-xbzrle$(EXESUF): tests/test-xbzrle.o migration/xbzrle.o 
page_cache.o $(test-util-obj-y)
 tests/test-cutils$(EXESUF): tests/test-cutils.o util/cutils.o
diff --git a/util/hbitmap.c b/util/hbitmap.c
index b850c2baf5..64078d94a1 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -13,6 +13,7 @@
 #include "qemu/hbitmap.h"
 

[Qemu-devel] [PATCH 03/18] nbd: Minimal structured read for server

[Vladimir Sementsov-Ogievskiy]

Minimal implementation of structured read: one data chunk + finishing
none chunk. No segmentation.
Minimal structured error implementation: no text message.
Support DF flag, but just ignore it, as there is no segmentation any
way.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/nbd.h |  31 +
 nbd/nbd-internal.h  |   2 +
 nbd/server.c| 125 ++--
 3 files changed, 154 insertions(+), 4 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index 3c65cf8d87..58b864f145 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -70,6 +70,25 @@ struct NBDSimpleReply {
 };
 typedef struct NBDSimpleReply NBDSimpleReply;
 
+typedef struct NBDStructuredReplyChunk {
+uint32_t magic;
+uint16_t flags;
+uint16_t type;
+uint64_t handle;
+uint32_t length;
+} QEMU_PACKED NBDStructuredReplyChunk;
+
+typedef struct NBDStructuredRead {
+NBDStructuredReplyChunk h;
+uint64_t offset;
+} QEMU_PACKED NBDStructuredRead;
+
+typedef struct NBDStructuredError {
+NBDStructuredReplyChunk h;
+uint32_t error;
+uint16_t message_length;
+} QEMU_PACKED NBDStructuredError;
+
 /* Transmission (export) flags: sent from server to client during handshake,
but describe what will happen during transmission */
 #define NBD_FLAG_HAS_FLAGS  (1 << 0)/* Flags are there */
@@ -79,6 +98,7 @@ typedef struct NBDSimpleReply NBDSimpleReply;
 #define NBD_FLAG_ROTATIONAL (1 << 4)/* Use elevator algorithm - 
rotational media */
 #define NBD_FLAG_SEND_TRIM  (1 << 5)/* Send TRIM (discard) */
 #define NBD_FLAG_SEND_WRITE_ZEROES (1 << 6) /* Send WRITE_ZEROES */
+#define NBD_FLAG_SEND_DF(1 << 7)/* Send DF (Do not Fragment) */
 
 /* New-style handshake (global) flags, sent from server to client, and
control what will happen during handshake phase. */
@@ -106,6 +126,7 @@ typedef struct NBDSimpleReply NBDSimpleReply;
 /* Request flags, sent from client to server during transmission phase */
 #define NBD_CMD_FLAG_FUA(1 << 0) /* 'force unit access' during write */
 #define NBD_CMD_FLAG_NO_HOLE(1 << 1) /* don't punch hole on zero run */
+#define NBD_CMD_FLAG_DF (1 << 2) /* don't fragment structured read */
 
 /* Supported request types */
 enum {
@@ -130,6 +151,16 @@ enum {
  * aren't overflowing some other buffer. */
 #define NBD_MAX_NAME_SIZE 256
 
+/* Structured reply flags */
+#define NBD_REPLY_FLAG_DONE 1
+
+/* Structured reply types */
+#define NBD_REPLY_TYPE_NONE 0
+#define NBD_REPLY_TYPE_OFFSET_DATA 1
+#define NBD_REPLY_TYPE_OFFSET_HOLE 2
+#define NBD_REPLY_TYPE_ERROR ((1 << 15) + 1)
+#define NBD_REPLY_TYPE_ERROR_OFFSET ((1 << 15) + 2)
+
 ssize_t nbd_wr_syncv(QIOChannel *ioc,
  struct iovec *iov,
  size_t niov,
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 49b66b6896..489eeaf887 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -60,6 +60,7 @@
 #define NBD_REPLY_SIZE  (4 + 4 + 8)
 #define NBD_REQUEST_MAGIC   0x25609513
 #define NBD_SIMPLE_REPLY_MAGIC  0x67446698
+#define NBD_STRUCTURED_REPLY_MAGIC 0x668e33ef
 #define NBD_OPTS_MAGIC  0x49484156454F5054LL
 #define NBD_CLIENT_MAGIC0x420281861253LL
 #define NBD_REP_MAGIC   0x0003e889045565a9LL
@@ -81,6 +82,7 @@
 #define NBD_OPT_LIST(3)
 #define NBD_OPT_PEEK_EXPORT (4)
 #define NBD_OPT_STARTTLS(5)
+#define NBD_OPT_STRUCTURED_REPLY (8)
 
 /* NBD errors are based on errno numbers, so there is a 1:1 mapping,
  * but only a limited set of errno values is specified in the protocol.
diff --git a/nbd/server.c b/nbd/server.c
index 4cfc02123b..cb79a93c87 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -100,6 +100,8 @@ struct NBDClient {
 QTAILQ_ENTRY(NBDClient) next;
 int nb_requests;
 bool closing;
+
+bool structured_reply;
 };
 
 /* That's all folks */
@@ -573,6 +575,16 @@ static int nbd_negotiate_options(NBDClient *client)
 return ret;
 }
 break;
+
+case NBD_OPT_STRUCTURED_REPLY:
+client->structured_reply = true;
+ret = nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK,
+ clientflags);
+if (ret < 0) {
+return ret;
+}
+break;
+
 default:
 if (nbd_negotiate_drop_sync(client->ioc, length) != length) {
 return -EIO;
@@ -1067,6 +1079,86 @@ static ssize_t nbd_co_send_simple_reply(NBDRequestData 
*req,
 return rc;
 }
 
+static void set_be_chunk(NBDStructuredReplyChunk *chunk, uint16_t flags,
+ uint16_t type, uint64_t handle, uint32_t length)
+{
+stl_be_p(>magic, NBD_STRUCTURED_REPLY_MAGIC);
+stw_be_p(>flags, flags);
+stw_be_p(>type, type);
+

[Qemu-devel] [PATCH 01/18] nbd: rename NBD_REPLY_MAGIC to NBD_SIMPLE_REPLY_MAGIC

[Vladimir Sementsov-Ogievskiy]

To be consistent when NBD_STRUCTURED_REPLY_MAGIC will be introduced.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 nbd/client.c | 4 ++--
 nbd/nbd-internal.h   | 2 +-
 nbd/server.c | 4 ++--
 tests/qemu-iotests/nbd-fault-injector.py | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/nbd/client.c b/nbd/client.c
index ffb0743bce..de5c9366c7 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -788,7 +788,7 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
 }
 
 /* Reply
-   [ 0 ..  3]magic   (NBD_REPLY_MAGIC)
+   [ 0 ..  3]magic   (NBD_SIMPLE_REPLY_MAGIC)
[ 4 ..  7]error   (0 == no error)
[ 7 .. 15]handle
  */
@@ -808,7 +808,7 @@ ssize_t nbd_receive_reply(QIOChannel *ioc, NBDReply *reply)
   ", handle = %" PRIu64" }",
   magic, reply->error, reply->handle);
 
-if (magic != NBD_REPLY_MAGIC) {
+if (magic != NBD_SIMPLE_REPLY_MAGIC) {
 LOG("invalid magic (got 0x%" PRIx32 ")", magic);
 return -EINVAL;
 }
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index eee20abc25..49b66b6896 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -59,7 +59,7 @@
 #define NBD_REQUEST_SIZE(4 + 2 + 2 + 8 + 8 + 4)
 #define NBD_REPLY_SIZE  (4 + 4 + 8)
 #define NBD_REQUEST_MAGIC   0x25609513
-#define NBD_REPLY_MAGIC 0x67446698
+#define NBD_SIMPLE_REPLY_MAGIC  0x67446698
 #define NBD_OPTS_MAGIC  0x49484156454F5054LL
 #define NBD_CLIENT_MAGIC0x420281861253LL
 #define NBD_REP_MAGIC   0x0003e889045565a9LL
diff --git a/nbd/server.c b/nbd/server.c
index 5b76261666..b63a8b85e3 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -750,11 +750,11 @@ static ssize_t nbd_send_reply(QIOChannel *ioc, NBDReply 
*reply)
   reply->error, reply->handle);
 
 /* Reply
-   [ 0 ..  3]magic   (NBD_REPLY_MAGIC)
+   [ 0 ..  3]magic   (NBD_SIMPLE_REPLY_MAGIC)
[ 4 ..  7]error   (0 == no error)
[ 7 .. 15]handle
  */
-stl_be_p(buf, NBD_REPLY_MAGIC);
+stl_be_p(buf, NBD_SIMPLE_REPLY_MAGIC);
 stl_be_p(buf + 4, reply->error);
 stq_be_p(buf + 8, reply->handle);
 
diff --git a/tests/qemu-iotests/nbd-fault-injector.py 
b/tests/qemu-iotests/nbd-fault-injector.py
index 6c07191a5a..5d092ee1f6 100755
--- a/tests/qemu-iotests/nbd-fault-injector.py
+++ b/tests/qemu-iotests/nbd-fault-injector.py
@@ -56,7 +56,7 @@ NBD_CMD_READ = 0
 NBD_CMD_WRITE = 1
 NBD_CMD_DISC = 2
 NBD_REQUEST_MAGIC = 0x25609513
-NBD_REPLY_MAGIC = 0x67446698
+NBD_SIMPLE_REPLY_MAGIC = 0x67446698
 NBD_PASSWD = 0x4e42444d41474943
 NBD_OPTS_MAGIC = 0x49484156454F5054
 NBD_CLIENT_MAGIC = 0x420281861253
@@ -166,7 +166,7 @@ def read_request(conn):
 return req
 
 def write_reply(conn, error, handle):
-buf = reply_struct.pack(NBD_REPLY_MAGIC, error, handle)
+buf = reply_struct.pack(NBD_SIMPLE_REPLY_MAGIC, error, handle)
 conn.send(buf, event='reply')
 
 def handle_connection(conn, use_export):
-- 
2.11.0