Re: [Qemu-devel] [RFC DEBUG PATCH 3/3] translate-a64: fix lookup_tb_ptr hang (DEBUG!)

[Emilio G. Cota]

On Sat, Jun 10, 2017 at 09:59:19 -0700, Richard Henderson wrote:
> On 06/10/2017 01:51 AM, Alex Bennée wrote:
> >I would agree with Emilio that we revert but I can't quite shake the
> >feeling we are missing an underlying problem. Would just skipping the
> >htable lookup (but keeping the tb_jmp_cache) be an OK fix for now?
> 
> I agree.  It seems like there's some real problem that this is uncovering.
> 
> Dropping the htable lookup is certainly ok by me.  If that's enough to
> un-stick your regression testing for aarch64 guest.

Unfortunately not checking the htable isn't enough to fix it for me.

I spent a few hours on Friday trying (and failing) to understand
what's going on. Regarding interrupts, I see *more* TB_EXIT_INTERRUPT
exits than without the patch, so my current best guess is that this is
a livelock kind of thing.

I'll keep digging, but regardless I think we should revert
e75449a346 ("target/aarch64: optimize indirect branches") ASAP, and
then reenable the feature ("revert the revert") once we get to the
bottom of this.

E.

Re: [Qemu-devel] [PATCH] bdrv_inc_in_flight and bdrv_dec_in_flight:

[Eric Blake]

On 06/10/2017 02:04 AM, Zhengui Li wrote:
> Avoid empty pointer access if the bs is NULL.
> 
> Signed-off-by: Zhengui Li 
> ---
>  block/io.c | 10 +++---
>  1 file changed, 7 insertions(+), 3 deletions(-)

NACK; this is fixing a symptom, not the problem. If you have a coredump
due to a bad caller passing in NULL, then post the backtrace and let's
fix the broken caller instead.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH RFC v2 0/2] IO throttling block filter driver

[Manos Pitsidianakis]

On Sat, Jun 10, 2017 at 06:28:42PM -0700, no-re...@patchew.org wrote:

Hi,



/tmp/qemu-test/src/tests/test-throttle.c:144: error: static declaration of 
‘read_timer_cb’ follows non-static declaration
/tmp/qemu-test/src/include/block/throttle-groups.h:50: note: previous 
declaration of ‘read_timer_cb’ was here
/tmp/qemu-test/src/tests/test-throttle.c:148: error: static declaration of 
‘write_timer_cb’ follows non-static declaration
/tmp/qemu-test/src/include/block/throttle-groups.h:51: note: previous 
declaration of ‘write_timer_cb’ was here
make: *** [tests/test-throttle.o] Error 1
make: *** Waiting for unfinished jobs


Looks like I forgot to port a last minute change to test-throttle.c, 
will clean it up.


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-block] [PATCH] bdrv_inc_in_flight and bdrv_dec_in_flight:

[Manos Pitsidianakis]

On Sat, Jun 10, 2017 at 03:04:10PM +0800, Zhengui Li wrote:

Avoid empty pointer access if the bs is NULL.


Looks like most (if not all) of the places these are called dereference 
bs anyway. Can it ever be NULL? Perhaps a check for each of those case 
(if any) would be a better idea.



Signed-off-by: Zhengui Li 
---
block/io.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/block/io.c b/block/io.c
index ed31810..b12d7cf 100644
--- a/block/io.c
+++ b/block/io.c
@@ -492,7 +492,9 @@ static bool tracked_request_overlaps(BdrvTrackedRequest 
*req,

void bdrv_inc_in_flight(BlockDriverState *bs)
{
-atomic_inc(>in_flight);
+if (bs) {
+atomic_inc(>in_flight);
+}
}

static void dummy_bh_cb(void *opaque)
@@ -508,8 +510,10 @@ void bdrv_wakeup(BlockDriverState *bs)

void bdrv_dec_in_flight(BlockDriverState *bs)
{
-atomic_dec(>in_flight);
-bdrv_wakeup(bs);
+if (bs) {
+atomic_dec(>in_flight);
+bdrv_wakeup(bs);
+}
}

static bool coroutine_fn wait_serialising_requests(BdrvTrackedRequest *self)
--
1.8.3.1





signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH RFC v2 0/2] IO throttling block filter driver

[no-reply]

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Type: series
Message-id: 20170611011427.6713-1-el13...@mail.ntua.gr
Subject: [Qemu-devel] [PATCH RFC v2 0/2] IO throttling block filter driver

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-mingw@fedora
time make docker-test-build@min-glib
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20170611011427.6713-1-el13...@mail.ntua.gr -> 
patchew/20170611011427.6713-1-el13...@mail.ntua.gr
Switched to a new branch 'test'
3d679a2 block: add throttle block filter driver
1ce33bd block: move ThrottleGroup membership to ThrottleGroupMember

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-1sb30q_4/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-1sb30q_4/src'
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
ccache-3.1.6-2.el6.x86_64
epel-release-6-8.noarch
gcc-4.4.7-17.el6.x86_64
git-1.7.1-4.el6_7.1.x86_64
glib2-devel-2.28.8-5.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
make-3.81-23.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
tar-1.23-15.el6_8.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=libfdt-devel ccache tar git make gcc g++ zlib-devel 
glib2-devel SDL-devel pixman-devel epel-release
HOSTNAME=952851f3178e
TERM=xterm
MAKEFLAGS= -j8
HISTSIZE=1000
J=8
USER=root
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
MAIL=/var/spool/mail/root
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
LANG=en_US.UTF-8
TARGET_LIST=
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
FEATURES= dtc
DEBUG=
G_BROKEN_FILENAMES=1
CCACHE_HASHDIR=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/var/tmp/qemu-build/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/var/tmp/qemu-build/install
BIOS directory/var/tmp/qemu-build/install/share/qemu
binary directory  /var/tmp/qemu-build/install/bin
library directory /var/tmp/qemu-build/install/lib
module directory  /var/tmp/qemu-build/install/lib/qemu
libexec directory /var/tmp/qemu-build/install/libexec
include directory /var/tmp/qemu-build/install/include
config directory  /var/tmp/qemu-build/install/etc
local state directory   /var/tmp/qemu-build/install/var
Manual directory  /var/tmp/qemu-build/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   rv
CFLAGS-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -g 
QEMU_CFLAGS   -I/usr/include/pixman-1   -I$(SRC_PATH)/dtc/libfdt -pthread 
-I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include   -fPIE -DPIE -m64 -mcx16 
-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes 
-Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes 
-fno-strict-aliasing -fno-common -fwrapv  -Wendif-labels 
-Wno-missing-include-dirs -Wempty-body -Wnested-externs -Wformat-security 
-Wformat-y2k -Winit-self -Wignored-qualifiers -Wold-style-declaration 
-Wold-style-definition -Wtype-limits -fstack-protector-all
LDFLAGS   -Wl,--warn-common -Wl,-z,relro -Wl,-z,now -pie -m64 -g 
make  make
install   install
pythonpython -B
smbd  /usr/sbin/smbd
module supportno
host CPU  x86_64
host big endian   no
target list   x86_64-softmmu aarch64-softmmu
tcg debug enabled no
gprof enabled no
sparse enabledno
strip binariesyes
profiler  no
static build  no
pixmansystem
SDL support   yes (1.2.14)
GTK support   no 
GTK GL supportno
VTE support   no 
TLS priority  NORMAL
GNUTLS supportno
GNUTLS rndno
libgcrypt no
libgcrypt kdf no
nettleno 
nettle kdfno
libtasn1  no
curses supportno
virgl support no
curl support  no
mingw32 support   no
Audio drivers oss
Block whitelist (rw) 
Block whitelist (ro) 
VirtFS supportno
VNC support   yes
VNC SASL support  no
VNC JPEG support  no
VNC PNG support   no
xen support   no
brlapi supportno
bluez  supportno
Documentation no
PIE   yes
vde 

[Qemu-devel] [PATCH RFC v2 2/2] block: add throttle block filter driver

[Manos Pitsidianakis]

block/throttle.c uses existing I/O throttle infrastructure inside a
block filter driver. I/O operations are intercepted in the filter's
read/write coroutines, and referred to block/throttle-groups.c

The driver can be used with the command
-drive driver=throttle,file.filename=foo.qcow2,iops-total=...
The configuration flags and semantics are identical to the hardcoded
throttling ones.

Signed-off-by: Manos Pitsidianakis 
---
 block/Makefile.objs |   1 +
 block/throttle-groups.c |  16 +-
 block/throttle.c| 364 
 include/block/throttle-groups.h |   6 +-
 include/qemu/throttle-options.h |  60 ---
 5 files changed, 419 insertions(+), 28 deletions(-)
 create mode 100644 block/throttle.c

diff --git a/block/Makefile.objs b/block/Makefile.objs
index ea955302c8..bb811a4d01 100644
--- a/block/Makefile.objs
+++ b/block/Makefile.objs
@@ -25,6 +25,7 @@ block-obj-y += accounting.o dirty-bitmap.o
 block-obj-y += write-threshold.o
 block-obj-y += backup.o
 block-obj-$(CONFIG_REPLICATION) += replication.o
+block-obj-y += throttle.o
 
 block-obj-y += crypto.o
 
diff --git a/block/throttle-groups.c b/block/throttle-groups.c
index d8bf990ccb..9008b73cc9 100644
--- a/block/throttle-groups.c
+++ b/block/throttle-groups.c
@@ -29,11 +29,11 @@
 #include "qemu/thread.h"
 #include "sysemu/qtest.h"
 
-
-static QemuMutex throttle_groups_lock;
-static QTAILQ_HEAD(, ThrottleGroup) throttle_groups =
+QemuMutex throttle_groups_lock;
+QTAILQ_HEAD(throttle_groups_head, ThrottleGroup) throttle_groups =
 QTAILQ_HEAD_INITIALIZER(throttle_groups);
 
+
 /* Increments the reference count of a ThrottleGroup given its name.
  *
  * If no ThrottleGroup is found with the given name a new one is
@@ -117,7 +117,7 @@ const char *throttle_group_get_name(ThrottleGroupMember 
*tgm)
  * @tgm: the current ThrottleGroupMember
  * @ret: the next ThrottleGroupMember in the sequence
  */
-static ThrottleGroupMember *throttle_group_next_tgm(ThrottleGroupMember *tgm)
+ThrottleGroupMember *throttle_group_next_tgm(ThrottleGroupMember *tgm)
 {
 ThrottleState *ts = tgm->throttle_state;
 ThrottleGroup *tg = container_of(ts, ThrottleGroup, ts);
@@ -229,7 +229,7 @@ static bool 
throttle_group_schedule_timer(ThrottleGroupMember *tgm,
  * @tgm:   the current ThrottleGroupMember
  * @is_write:  the type of operation (read/write)
  */
-static void schedule_next_request(ThrottleGroupMember *tgm, bool is_write)
+void schedule_next_request(ThrottleGroupMember *tgm, bool is_write)
 {
 ThrottleState *ts = tgm->throttle_state;
 ThrottleGroup *tg = container_of(ts, ThrottleGroup, ts);
@@ -358,7 +358,7 @@ void throttle_group_get_config(ThrottleGroupMember *tgm, 
ThrottleConfig *cfg)
  * @tgm:   the ThrottleGroupMember whose request had been throttled
  * @is_write:  the type of operation (read/write)
  */
-static void timer_cb(ThrottleGroupMember *tgm, bool is_write)
+void timer_cb(ThrottleGroupMember *tgm, bool is_write)
 {
 ThrottleState *ts = tgm->throttle_state;
 ThrottleGroup *tg = container_of(ts, ThrottleGroup, ts);
@@ -383,12 +383,12 @@ static void timer_cb(ThrottleGroupMember *tgm, bool 
is_write)
 }
 }
 
-static void read_timer_cb(void *opaque)
+void read_timer_cb(void *opaque)
 {
 timer_cb(opaque, false);
 }
 
-static void write_timer_cb(void *opaque)
+void write_timer_cb(void *opaque)
 {
 timer_cb(opaque, true);
 }
diff --git a/block/throttle.c b/block/throttle.c
new file mode 100644
index 00..6be5d3de59
--- /dev/null
+++ b/block/throttle.c
@@ -0,0 +1,364 @@
+/*
+ * QEMU block throttling filter driver infrastructure
+ *
+ * Copyright (C) Nodalink, EURL. 2014
+ * Copyright (C) Igalia, S.L. 2015
+ *
+ * Authors:
+ *   Benoît Canet 
+ *   Alberto Garcia 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 or
+ * (at your option) version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include "qemu/osdep.h"
+#include "block/throttle-groups.h"
+#include "qemu/throttle-options.h"
+#include "qapi/error.h"
+
+
+static QemuOptsList throttle_opts = {
+.name = "throttle",
+.head = QTAILQ_HEAD_INITIALIZER(throttle_opts.head),
+.desc = {
+{
+.name = QEMU_OPT_IOPS_TOTAL,
+.type = QEMU_OPT_NUMBER,
+.help = "limit total I/O operations per second",
+},{
+.name = QEMU_OPT_IOPS_READ,
+   

[Qemu-devel] [PATCH RFC v2 0/2] IO throttling block filter driver

[Manos Pitsidianakis]

  block: move ThrottleGroup membership to ThrottleGroupMember
  block: add throttle block filter driver

 block/Makefile.objs |   1 +
 block/block-backend.c   |  75 +
 block/qapi.c|   8 +-
 block/throttle-groups.c | 315 +++---
 block/throttle.c| 364 
 blockdev.c  |   4 +-
 include/block/throttle-groups.h |  21 ++-
 include/qemu/throttle-options.h |  60 ---
 include/qemu/throttle.h |  64 +++
 include/sysemu/block-backend.h  |  22 +--
 tests/test-throttle.c   |  53 +++---
 util/throttle.c |   5 +
 12 files changed, 709 insertions(+), 283 deletions(-)
 create mode 100644 block/throttle.c

-- 
2.11.0

[Qemu-devel] [PATCH RFC v2 1/2] block: move ThrottleGroup membership to ThrottleGroupMember

[Manos Pitsidianakis]

This commit gathers ThrottleGroup membership details from BlockBackendPublic
into ThrottleGroupMember and refactors existing code to use the structure.

Signed-off-by: Manos Pitsidianakis 
---
 block/block-backend.c   |  75 ++
 block/qapi.c|   8 +-
 block/throttle-groups.c | 305 +---
 blockdev.c  |   4 +-
 include/block/throttle-groups.h |  15 +-
 include/qemu/throttle.h |  64 +
 include/sysemu/block-backend.h  |  22 +--
 tests/test-throttle.c   |  53 +++
 util/throttle.c |   5 +
 9 files changed, 293 insertions(+), 258 deletions(-)

diff --git a/block/block-backend.c b/block/block-backend.c
index f3a60081a7..1d6b35c34d 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -209,6 +209,7 @@ static const BdrvChildRole child_root = {
 BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm)
 {
 BlockBackend *blk;
+BlockBackendPublic *blkp;
 
 blk = g_new0(BlockBackend, 1);
 blk->refcnt = 1;
@@ -216,8 +217,9 @@ BlockBackend *blk_new(uint64_t perm, uint64_t shared_perm)
 blk->shared_perm = shared_perm;
 blk_set_enable_write_cache(blk, true);
 
-qemu_co_queue_init(>public.throttled_reqs[0]);
-qemu_co_queue_init(>public.throttled_reqs[1]);
+blkp = blk_get_public(blk);
+qemu_co_queue_init(>throttle_group_member.throttled_reqs[0]);
+qemu_co_queue_init(>throttle_group_member.throttled_reqs[1]);
 
 notifier_list_init(>remove_bs_notifiers);
 notifier_list_init(>insert_bs_notifiers);
@@ -284,7 +286,7 @@ static void blk_delete(BlockBackend *blk)
 assert(!blk->refcnt);
 assert(!blk->name);
 assert(!blk->dev);
-if (blk->public.throttle_state) {
+if (blk_get_public(blk)->throttle_group_member.throttle_state) {
 blk_io_limits_disable(blk);
 }
 if (blk->root) {
@@ -596,8 +598,10 @@ BlockBackend *blk_by_public(BlockBackendPublic *public)
 void blk_remove_bs(BlockBackend *blk)
 {
 notifier_list_notify(>remove_bs_notifiers, blk);
-if (blk->public.throttle_state) {
-throttle_timers_detach_aio_context(>public.throttle_timers);
+BlockBackendPublic *blkp = blk_get_public(blk);
+if (blkp->throttle_group_member.throttle_state) {
+ThrottleTimers *tt = >throttle_group_member.throttle_timers;
+throttle_timers_detach_aio_context(tt);
 }
 
 blk_update_root_state(blk);
@@ -619,9 +623,10 @@ int blk_insert_bs(BlockBackend *blk, BlockDriverState *bs, 
Error **errp)
 bdrv_ref(bs);
 
 notifier_list_notify(>insert_bs_notifiers, blk);
-if (blk->public.throttle_state) {
+if (blk_get_public(blk)->throttle_group_member.throttle_state) {
 throttle_timers_attach_aio_context(
->public.throttle_timers, bdrv_get_aio_context(bs));
+_get_public(blk)->throttle_group_member.throttle_timers,
+bdrv_get_aio_context(bs));
 }
 
 return 0;
@@ -972,6 +977,7 @@ int coroutine_fn blk_co_preadv(BlockBackend *blk, int64_t 
offset,
 {
 int ret;
 BlockDriverState *bs = blk_bs(blk);
+BlockBackendPublic *blkp;
 
 trace_blk_co_preadv(blk, bs, offset, bytes, flags);
 
@@ -981,10 +987,12 @@ int coroutine_fn blk_co_preadv(BlockBackend *blk, int64_t 
offset,
 }
 
 bdrv_inc_in_flight(bs);
+blkp = blk_get_public(blk);
 
 /* throttling disk I/O */
-if (blk->public.throttle_state) {
-throttle_group_co_io_limits_intercept(blk, bytes, false);
+if (blkp->throttle_group_member.throttle_state) {
+throttle_group_co_io_limits_intercept(>throttle_group_member,
+bytes, false);
 }
 
 ret = bdrv_co_preadv(blk->root, offset, bytes, qiov, flags);
@@ -998,6 +1006,7 @@ int coroutine_fn blk_co_pwritev(BlockBackend *blk, int64_t 
offset,
 {
 int ret;
 BlockDriverState *bs = blk_bs(blk);
+BlockBackendPublic *blkp;
 
 trace_blk_co_pwritev(blk, bs, offset, bytes, flags);
 
@@ -1007,10 +1016,11 @@ int coroutine_fn blk_co_pwritev(BlockBackend *blk, 
int64_t offset,
 }
 
 bdrv_inc_in_flight(bs);
-
+blkp = blk_get_public(blk);
 /* throttling disk I/O */
-if (blk->public.throttle_state) {
-throttle_group_co_io_limits_intercept(blk, bytes, true);
+if (blkp->throttle_group_member.throttle_state) {
+throttle_group_co_io_limits_intercept(>throttle_group_member,
+bytes, true);
 }
 
 if (!blk->enable_write_cache) {
@@ -1681,13 +1691,15 @@ void blk_set_aio_context(BlockBackend *blk, AioContext 
*new_context)
 BlockDriverState *bs = blk_bs(blk);
 
 if (bs) {
-if (blk->public.throttle_state) {
-throttle_timers_detach_aio_context(>public.throttle_timers);
+BlockBackendPublic *blkp = blk_get_public(blk);
+if (blkp->throttle_group_member.throttle_state) {
+ThrottleTimers *tt = >throttle_group_member.throttle_timers;
+

[Qemu-devel] [PATCH] tcg/tci: enable bswap16_i64

[Philippe Mathieu-Daudé]

remove some copy/paste leftover, code seems sane.

while running Alex Bennée's image aarch64-linux-3.15rc2-buildroot.img:

Trace 0x7fa1904b0890 [0: ffc00036cd04]

IN:
0xffc00036cd24:  5ac00694  rev16 w20, w20

OP:
  ffc00036cd24  
 ext32u_i64 tmp3,x20
 ext16u_i64 tmp2,tmp3
 bswap16_i64 x20,tmp2
 movi_i64 tmp4,$0x10
 shr_i64 tmp2,tmp3,tmp4
 ext16u_i64 tmp2,tmp2
 bswap16_i64 tmp2,tmp2
 deposit_i64 x20,x20,tmp2,$0x10,$0x10

Linking TBs 0x7fa1904b0890 [ffc00036cd04] index 0 -> 0x7fa1904b0aa0 
[ffc00036cd24]
Trace 0x7fa1904b0aa0 [0: ffc00036cd24]
TODO qemu/tci.c:1049: tcg_qemu_tb_exec()
qemu/tci.c:1049: tcg fatal error
Aborted

Signed-off-by: Philippe Mathieu-Daudé 
---

there is no entry in MAINTAINERS for this file, I think it should it go under:
"Tiny Code Generator (TCG) / Common code"

 tci.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tci.c b/tci.c
index 4bdc645f2a..f39bfb95c0 100644
--- a/tci.c
+++ b/tci.c
@@ -1046,7 +1046,6 @@ uintptr_t tcg_qemu_tb_exec(CPUArchState *env, uint8_t 
*tb_ptr)
 break;
 #if TCG_TARGET_HAS_bswap16_i64
 case INDEX_op_bswap16_i64:
-TODO();
 t0 = *tb_ptr++;
 t1 = tci_read_r16(_ptr);
 tci_write_reg64(t0, bswap16(t1));
-- 
2.11.0

Re: [Qemu-devel] [PATCH 0/6] fw_cfg: qdev-related tidy-ups

[Philippe Mathieu-Daudé]

Hi Mark,

Is it possible to reorder the 3rd patch (FW_CFG_ID) first or 2nd in the 
series? Mostly for cosmetic :)


On 06/10/2017 09:30 AM, Mark Cave-Ayland wrote:

As part of some ongoing sun4u work, I need to be able to wire the fw_cfg
IO interface to a separate IO space by instantiating the qdev device instead
of calling fw_cfg_init_io(). This patchset brings FW_CFG_IO in line with
FW_CFG_MEM and tidies up the realize methods accordingly.

Signed-off-by: Mark Cave-Ayland 

Mark Cave-Ayland (6):
  fw_cfg: move initialisation of FWCfgState into instance_init
  fw_cfg: move qdev_init_nofail() out from fw_cfg_init1() into callers
  fw_cfg: move setting of FW_CFG_ID into fw_cfg_init1()
  fw_cfg: move fw_cfg_init1() into the fw_cfg_*_realize() functions
  fw_cfg: use sysbus_init_mmio() in fw_cfg_io_realize()
  fw_cfg: move QOM type defines into fw_cfg.h

 hw/nvram/fw_cfg.c |   60 -
 include/hw/nvram/fw_cfg.h |8 ++
 2 files changed, 40 insertions(+), 28 deletions(-)

Re: [Qemu-devel] [PATCH 3/6] fw_cfg: move setting of FW_CFG_ID into fw_cfg_init1()

[Philippe Mathieu-Daudé]

On 06/10/2017 09:30 AM, Mark Cave-Ayland wrote:

The dma_enabled property enables us to set the FW_CFG_ID version
accordingly.

Signed-off-by: Mark Cave-Ayland 


Reviewed-by: Philippe Mathieu-Daudé 


---
 hw/nvram/fw_cfg.c |   16 +++-
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 1313bfd..f7b78a9 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -914,12 +914,19 @@ static void fw_cfg_init1(DeviceState *dev)
 {
 FWCfgState *s = FW_CFG(dev);
 MachineState *machine = MACHINE(qdev_get_machine());
+uint32_t version = FW_CFG_VERSION;

 assert(!object_resolve_path(FW_CFG_PATH, NULL));

 object_property_add_child(OBJECT(machine), FW_CFG_NAME, OBJECT(s), NULL);

 fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4);
+
+if (s->dma_enabled) {
+version |= FW_CFG_VERSION_DMA;
+}
+
+fw_cfg_add_i32(s, FW_CFG_ID, version);
 fw_cfg_add_bytes(s, FW_CFG_UUID, _uuid, 16);
 fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)!machine->enable_graphics);
 fw_cfg_add_i16(s, FW_CFG_BOOT_MENU, (uint16_t)boot_menu);
@@ -935,7 +942,6 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t 
dma_iobase,
 {
 DeviceState *dev;
 FWCfgState *s;
-uint32_t version = FW_CFG_VERSION;
 bool dma_requested = dma_iobase && dma_as;

 dev = qdev_create(NULL, TYPE_FW_CFG_IO);
@@ -954,12 +960,8 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t 
dma_iobase,
 /* 64 bits for the address field */
 s->dma_as = dma_as;
 s->dma_addr = 0;
-
-version |= FW_CFG_VERSION_DMA;
 }

-fw_cfg_add_i32(s, FW_CFG_ID, version);
-
 return s;
 }

@@ -975,7 +977,6 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
 DeviceState *dev;
 SysBusDevice *sbd;
 FWCfgState *s;
-uint32_t version = FW_CFG_VERSION;
 bool dma_requested = dma_addr && dma_as;

 dev = qdev_create(NULL, TYPE_FW_CFG_MEM);
@@ -997,11 +998,8 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
 s->dma_as = dma_as;
 s->dma_addr = 0;
 sysbus_mmio_map(sbd, 2, dma_addr);
-version |= FW_CFG_VERSION_DMA;
 }

-fw_cfg_add_i32(s, FW_CFG_ID, version);
-
 return s;
 }

Re: [Qemu-devel] [PATCH 1/6] fw_cfg: move initialisation of FWCfgState into instance_init

[Philippe Mathieu-Daudé]

On 06/10/2017 09:30 AM, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 


Reviewed-by: Philippe Mathieu-Daudé 


---
 hw/nvram/fw_cfg.c |   14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 316fca9..144e0c6 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -1017,6 +1017,15 @@ FWCfgState *fw_cfg_find(void)
 return FW_CFG(object_resolve_path(FW_CFG_PATH, NULL));
 }

+static void fw_cfg_init(Object *obj)
+{
+FWCfgState *s = FW_CFG(obj);
+
+s->entries[0] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
+s->entries[1] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
+s->entry_order = g_new0(int, fw_cfg_max_entry(s));
+}
+
 static void fw_cfg_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -1030,6 +1039,7 @@ static const TypeInfo fw_cfg_info = {
 .parent= TYPE_SYS_BUS_DEVICE,
 .abstract  = true,
 .instance_size = sizeof(FWCfgState),
+.instance_init = fw_cfg_init,
 .class_init= fw_cfg_class_init,
 };

@@ -1052,10 +1062,6 @@ static void fw_cfg_file_slots_allocate(FWCfgState *s, 
Error **errp)
file_slots_max);
 return;
 }
-
-s->entries[0] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
-s->entries[1] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
-s->entry_order = g_new0(int, fw_cfg_max_entry(s));
 }

 static Property fw_cfg_io_properties[] = {

Re: [Qemu-devel] [PATCH 3/3] sun4u: expose NVRAM on ebus PCI IO address space

[Philippe Mathieu-Daudé]

Hi Mark,

I'm not sure having this patch split from the previous (2/3) really 
helps bisecting, I'd rather squash them altogether.


Either way:

Reviewed-by: Philippe Mathieu-Daudé 

On 06/10/2017 10:00 AM, Mark Cave-Ayland wrote:

To allow future changes to the sun4u PCI topology.

Signed-off-by: Mark Cave-Ayland 
---
 hw/sparc64/sun4u.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 19e64be..bf738f8 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -492,7 +492,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 /* Map NVRAM into I/O (ebus) space */
 nvram = m48t59_init(NULL, 0, 0, NVRAM_SIZE, 1968, 59);
 s = SYS_BUS_DEVICE(nvram);
-memory_region_add_subregion(get_system_io(), 0x2000,
+memory_region_add_subregion(pci_address_space_io(ebus), 0x2000,
 sysbus_mmio_get_region(s, 0));

 initrd_size = 0;

Re: [Qemu-devel] [PATCH 2/3] sun4u: expose fw_cfg on ebus PCI IO address space

[Philippe Mathieu-Daudé]

On 06/10/2017 10:00 AM, Mark Cave-Ayland wrote:

To allow future changes to the sun4u PCI topology.

Signed-off-by: Mark Cave-Ayland 


Reviewed-by: Philippe Mathieu-Daudé 


---
 hw/sparc64/sun4u.c |   10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 98ee6f5..19e64be 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -224,13 +224,11 @@ static void isa_irq_handler(void *opaque, int n, int 
level)

 /* EBUS (Eight bit bus) bridge */
 static ISABus *
-pci_ebus_init(PCIBus *bus, int devfn, qemu_irq *irqs)
+pci_ebus_init(PCIDevice *pci_dev, qemu_irq *irqs)
 {
 qemu_irq *isa_irq;
-PCIDevice *pci_dev;
 ISABus *isa_bus;

-pci_dev = pci_create_simple(bus, devfn, "ebus");
 isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci_dev), "isa.0"));
 isa_irq = qemu_allocate_irqs(isa_irq_handler, irqs, 16);
 isa_bus_irqs(isa_bus, isa_irq);
@@ -429,6 +427,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 unsigned int i;
 uint64_t initrd_addr, initrd_size, kernel_addr, kernel_size, kernel_entry;
 PCIBus *pci_bus, *pci_bus2, *pci_bus3;
+PCIDevice *ebus;
 ISABus *isa_bus;
 SysBusDevice *s;
 qemu_irq *ivec_irqs, *pbm_irqs;
@@ -452,7 +451,8 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 pci_vga_init(pci_bus);

 // XXX Should be pci_bus3
-isa_bus = pci_ebus_init(pci_bus, -1, pbm_irqs);
+ebus = pci_create_simple(pci_bus, -1, "ebus");
+isa_bus = pci_ebus_init(ebus, pbm_irqs);

 i = 0;
 if (hwdef->console_serial_base) {
@@ -517,7 +517,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 qdev_prop_set_bit(dev, "dma_enabled", false);
 qdev_init_nofail(dev);
 s = SYS_BUS_DEVICE(dev);
-memory_region_add_subregion(get_system_io(), BIOS_CFG_IOPORT,
+memory_region_add_subregion(pci_address_space_io(ebus), BIOS_CFG_IOPORT,
 sysbus_mmio_get_region(s, 0));

 fw_cfg = FW_CFG(dev);

Re: [Qemu-devel] [PATCH 1/3] sun4u: switch to using qdev to instantiate fw_cfg interface

[Philippe Mathieu-Daudé]

Hi Mark,

On 06/10/2017 10:00 AM, Mark Cave-Ayland wrote:

Signed-off-by: Mark Cave-Ayland 
---
 hw/sparc64/sun4u.c |   10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 69f565d..98ee6f5 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -512,7 +512,15 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
graphic_width, graphic_height, graphic_depth,
(uint8_t *)_table[0].macaddr);

-fw_cfg = fw_cfg_init_io(BIOS_CFG_IOPORT);
+dev = qdev_create(NULL, TYPE_FW_CFG_IO);
+qdev_prop_set_uint32(dev, "iobase", BIOS_CFG_IOPORT);
+qdev_prop_set_bit(dev, "dma_enabled", false);
+qdev_init_nofail(dev);
+s = SYS_BUS_DEVICE(dev);
+memory_region_add_subregion(get_system_io(), BIOS_CFG_IOPORT,
+sysbus_mmio_get_region(s, 0));


Now that you exported TYPE_FW_CFG_IO I think this might be 
useful/cleaner to have that code in an static inlined function in fw_cfg.h:


DeviceState *fw_cfg_create(uint32_t iobase[, bool dma_enabled]);

What do you think?

Anyway:

Reviewed-by: Philippe Mathieu-Daudé 


+
+fw_cfg = FW_CFG(dev);
 fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
 fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
 fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);

Re: [Qemu-devel] [PATCH 6/6] fw_cfg: move QOM type defines into fw_cfg.h

[Philippe Mathieu-Daudé]

On 06/10/2017 09:30 AM, Mark Cave-Ayland wrote:

This allows the device to be instantiated externally.

Signed-off-by: Mark Cave-Ayland 


Reviewed-by: Philippe Mathieu-Daudé 


---
 hw/nvram/fw_cfg.c |8 
 include/hw/nvram/fw_cfg.h |8 
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 4159316..b77de00 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -40,14 +40,6 @@
 #define FW_CFG_NAME "fw_cfg"
 #define FW_CFG_PATH "/machine/" FW_CFG_NAME

-#define TYPE_FW_CFG "fw_cfg"
-#define TYPE_FW_CFG_IO  "fw_cfg_io"
-#define TYPE_FW_CFG_MEM "fw_cfg_mem"
-
-#define FW_CFG(obj) OBJECT_CHECK(FWCfgState,(obj), TYPE_FW_CFG)
-#define FW_CFG_IO(obj)  OBJECT_CHECK(FWCfgIoState,  (obj), TYPE_FW_CFG_IO)
-#define FW_CFG_MEM(obj) OBJECT_CHECK(FWCfgMemState, (obj), TYPE_FW_CFG_MEM)
-
 /* FW_CFG_VERSION bits */
 #define FW_CFG_VERSION  0x01
 #define FW_CFG_VERSION_DMA  0x02
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index b980cba..e515698 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -4,6 +4,14 @@
 #include "exec/hwaddr.h"
 #include "hw/nvram/fw_cfg_keys.h"

+#define TYPE_FW_CFG "fw_cfg"
+#define TYPE_FW_CFG_IO  "fw_cfg_io"
+#define TYPE_FW_CFG_MEM "fw_cfg_mem"
+
+#define FW_CFG(obj) OBJECT_CHECK(FWCfgState,(obj), TYPE_FW_CFG)
+#define FW_CFG_IO(obj)  OBJECT_CHECK(FWCfgIoState,  (obj), TYPE_FW_CFG_IO)
+#define FW_CFG_MEM(obj) OBJECT_CHECK(FWCfgMemState, (obj), TYPE_FW_CFG_MEM)
+
 typedef struct FWCfgFile {
 uint32_t  size;/* file size */
 uint16_t  select;  /* write this to 0x510 to read it */

Re: [Qemu-devel] [RFC DEBUG PATCH 3/3] translate-a64: fix lookup_tb_ptr hang (DEBUG!)

[Richard Henderson]

On 06/10/2017 01:51 AM, Alex Bennée wrote:


Richard Henderson  writes:


On 06/09/2017 10:01 AM, Alex Bennée wrote:

THIS IS A DEBUG PATCH DO NOT MERGE

I include all the comments to show my working. I was trying to
isolate which instructions cause the problem. It turns out it is the
RET instruction. I don't understand why because AFAICT it is a
pretty much a BR instruction.


Yeah, same thing for Alpha.

It has been my guess that not chaining through RET means that we get
back to the main loop regularly and often, letting interrupts be
recognized in a timely manner.

I can't figure out why that would be, however, since interrupts
*ought* to be setting icount_decr, and the TB to which we chain *is*
checking that to return to the main loop.


Indeed - if that was broken a lot more stuff wouldn't work.


Since changing the timing affects the outcome (e.g. -d exec), it
follows that this *must* be some sort of race condition.  But since
this still happens with single-threaded mode, I can't imagine what
sort of race condition it might be.


Apart from timer expiry I can't think what other interactions the other
threads have on the main TCG thread. I guess there is IO but my test
hangs way before the kernel starts poking the disk. Is there an
interaction between IRQs and QEMU's serial driver?


The Alpha hang appears to be timer expiry.  In that it happens as soon as the 
kernel spawns some kthreads to finish up the boot process.  The kernel then 
sits in the idle loop for an unreasonably long time.


But, bizarrely, it will complete the boot eventually.  But it takes ~5 minutes 
to do so, when we ought to be able to boot to prompt in seconds.



More data points.  I removed the tb_htable_lookup, and that by itself
is enough to fix Alpha booting.  But it doesn't help the aarch64
kernel+image that I have.  Which does still boot with -d nochain
(which, along with disabling goto_tb chaining, also disables all
goto_ptr).


I wonder what is different about your aarch64 image and mine then?
Because mine works just with suppressing the chaining for RET.


Oh I just tried -d nochain because it doesn't require source modification.


Not really sure where to go from here.


I would agree with Emilio that we revert but I can't quite shake the
feeling we are missing an underlying problem. Would just skipping the
htable lookup (but keeping the tb_jmp_cache) be an OK fix for now?


I agree.  It seems like there's some real problem that this is uncovering.

Dropping the htable lookup is certainly ok by me.  If that's enough to un-stick 
your regression testing for aarch64 guest.



r~

Re: [Qemu-devel] [PATCH v3 0/5] Fix handling of IPv4/IPv6 dual stack

[Vlad Yasevich]

On 06/01/2017 04:29 AM, Daniel P. Berrange wrote:
> This is a followup to:
> 
>   v1: https://lists.nongnu.org/archive/html/qemu-devel/2017-04/msg05659.html
>   v2: https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg04706.html
> 
> This series aims to fix a lot of bugs related to handling of IPv4 / IPv6
> dual stack.
> 
>  - The VNC server mistakenly listened on two separate ports 5900+5901
>when the to= parameter was given
>  - IPv6 sockets are accepting IPv4 clients even when IPv4 is set to
>be disabled
>  - IPv6 sockets are failing to accept IPv4 clients when IPv4 is not set
>to be disabled
>  - The VNC server was loosing the ipv4=/ipv6= settings due to a bug
>in the DNS resolver
> 
> The behaviour of all this is really subtle and hard to get working correctly
> across all the different network backends. Thus, the most important part of
> this patch series is the last patch which adds a test case covering the
> backends for -vnc, -chardev tcp, -net socket, and -incoming socket, with
> a 120 entry matrix.
> 
> IOW, if you think any of the first 4 patches are applying the wrong logic,
> then take a look at the last patch and indicate which test matrix entries
> are believed to be defining wrong behaviour :-)
> 
> Changed in v2:
> 
>  - Clarified error message in commit message
>  - Replace assert with exit (Eric)
>  - Fix typo in test comment (Eric)
>  - Fix wierd copyright line (Eric)
> 
> Daniel P. Berrange (5):
>   sockets: ensure we can bind to both ipv4 & ipv6 separately
>   sockets: don't block IPv4 clients when listening on "::"
>   sockets: ensure we don't accept IPv4 clients when IPv4 is disabled
>   io: preserve ipv4/ipv6 flags when resolving InetSocketAddress
>   tests: add functional test validating ipv4/ipv6 address flag handling
> 
>  io/dns-resolver.c  |   6 +-
>  tests/.gitignore   |   1 +
>  tests/Makefile.include |   4 +
>  tests/test-sockets-proto.c | 855 
> +
>  util/qemu-sockets.c|  71 +++-
>  5 files changed, 916 insertions(+), 21 deletions(-)
>  create mode 100644 tests/test-sockets-proto.c
> 

Series Reviewed-by: Vlad Yasevich 

-vlad

Re: [Qemu-devel] [PATCHv5 0/4] Clean up compatibility mode handling

[Andrea Bolognani]

On Fri, 2017-06-02 at 13:15 +1000, David Gibson wrote:
> This is a rebased and revised version of my patches revising CPU
> compatiblity mode handling on ppc, last posted in November.  Since
> then, many of the patches have already been merged (some for 2.9, some
> since).  This is what's left.

I've tested this the same way I had tested one of the
previous respins, eg. for basic usage and general sanity
of the interface. All the issues I pointed out last time
seems to have been addressed.


Tested-by: Andrea Bolognani 

-- 
Andrea Bolognani / Red Hat / Virtualization

Re: [Qemu-devel] [Qemu-trivial] [PATCH v3] ivshmem-server: ivshmem-client: Build when eventfd() is available

[Kamil Rytarowski]

On 10.06.2017 17:15, Markus Armbruster wrote:
> Kamil Rytarowski  writes:
> 
>> On 06.06.2017 16:56, Kamil Rytarowski wrote:
>>> On 06.06.2017 16:34, Peter Maydell wrote:
 On 6 June 2017 at 14:38, Kamil Rytarowski  wrote:
> I've linked qemu with the original patch and:
> ./configure --disable-linux-user --disable-system --static
>
> I got some warnings, I think they are originated from our libc and are
> not related to qemu:
>   LINKsparc64-bsd-user/qemu-sparc64
> /usr/lib/libc.a(initfini.o): warning: common of `__ps_strings'
> overridden by definition
> /usr/lib/crt0.o: warning: defined here
> /usr/lib/libc.a(_env.o): warning: multiple common of `environ'
> /usr/lib/crt0.o: warning: previous common is here
> /usr/lib/libc.a(getprogname.o): warning: common of `__progname'
> overridden by definition
> /usr/lib/crt0.o: warning: defined here

 Yes, I think I've seen those before on NetBSD -- they look
 like a bug in your libc to me, it shouldn't be confusing itself
 with itself like that :-)

 thanks
 -- PMM

>>>
>>> I have filed this bug upstream: http://gnats.netbsd.org/52278
>>>
>>>
>>
>>
>> What's the status with this patch?
>>
>> NetBSD build still breaks due to ivshmem-*.
> 
> I guess Michael expects a v4 that doesn't break the static build.
> 

-static works for me, I have restricted options to test build on !NetBSD
systems.

Was this patch ok?

diff --git a/Makefile b/Makefile
index c830d7a..2ef5a78 100644
--- a/Makefile
+++ b/Makefile
@@ -469,10 +469,12 @@ ifneq ($(EXESUF),)
 qemu-ga: qemu-ga$(EXESUF) $(QGA_VSS_PROVIDER) $(QEMU_GA_MSI)
 endif

+ifdef CONFIG_IVSHMEM
 ivshmem-client$(EXESUF): $(ivshmem-client-obj-y) $(COMMON_LDADDS)
$(call LINK, $^)
 ivshmem-server$(EXESUF): $(ivshmem-server-obj-y) $(COMMON_LDADDS)
$(call LINK, $^)
+endif


So I could amend it.



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v3] ivshmem-server: ivshmem-client: Build when eventfd() is available

[Markus Armbruster]

Kamil Rytarowski  writes:

> On 06.06.2017 16:56, Kamil Rytarowski wrote:
>> On 06.06.2017 16:34, Peter Maydell wrote:
>>> On 6 June 2017 at 14:38, Kamil Rytarowski  wrote:
 I've linked qemu with the original patch and:
 ./configure --disable-linux-user --disable-system --static

 I got some warnings, I think they are originated from our libc and are
 not related to qemu:
   LINKsparc64-bsd-user/qemu-sparc64
 /usr/lib/libc.a(initfini.o): warning: common of `__ps_strings'
 overridden by definition
 /usr/lib/crt0.o: warning: defined here
 /usr/lib/libc.a(_env.o): warning: multiple common of `environ'
 /usr/lib/crt0.o: warning: previous common is here
 /usr/lib/libc.a(getprogname.o): warning: common of `__progname'
 overridden by definition
 /usr/lib/crt0.o: warning: defined here
>>>
>>> Yes, I think I've seen those before on NetBSD -- they look
>>> like a bug in your libc to me, it shouldn't be confusing itself
>>> with itself like that :-)
>>>
>>> thanks
>>> -- PMM
>>>
>> 
>> I have filed this bug upstream: http://gnats.netbsd.org/52278
>> 
>> 
>
>
> What's the status with this patch?
>
> NetBSD build still breaks due to ivshmem-*.

I guess Michael expects a v4 that doesn't break the static build.

[Qemu-devel] why guest memory size not equal to my setting?

[??6????A]

Hello Qemu-devel,

Recently I'm trying to study vm memory allocation on qemu-kvm environment.
I found some interesting here:

I have create a 8GB(8388608 k) memory guest using Centos 7. but when I using 
dmesg to show the init memory,
it was 9437184 k,around 9216MB. I would like to know the gap?

I know qemu will init two memory region:
system_memory = g_malloc(sizeof(*system_memory));
and system_io = g_malloc(sizeof(*system_io));

Does those gap point to the region of system_io ?


Below is my environment.  


[root@qi-jiong-ming-test ~]# dmesg |grep Memory
[0.00] Memory: 7372140k/9437184k available (6244k kernel code, 1049100k 
absent, 1015944k reserved, 4178k data, 1604k init)


virsh # qemu-monitor-command 4 --hmp info version
2.1.2 (qemu-kvm-ev-2.1.2-23.el7.1)

qemu  201492   1  0 Jun02 ?01:06:42 /usr/libexec/qemu-kvm -name 
instance-632f -S -machine pc-i440fx-rhel7.1.0,accel=kvm,usb=off -cpu 
Haswell,+abm,+pdpe1gb,+rdrand,+f16c,+osxsave,+dca,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme,-rtm,-hle
 -m 8192 -realtime mlock=off -smp 4,sockets=4,cores=1,threads=1 -uuid 
75e1234c-6c56-42e1-ae45-190a090bfc04 -smbios type=1,manufacturer=Fedora 
Project,product=OpenStack 
Nova,version=12.0.5-2.el7.centos.ustack,serial=d83d324e-0a6c-4336-9d40-dd8f97783ede,uuid=75e1234c-6c56-42e1-ae45-190a090bfc04,family=Virtual
 Machine -no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-instance-632f/monitor.sock,server,nowait
 -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew 
-global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on 
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device 
virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x4 -drive 
file=rbd:pool-c261dc1709484e01b533156506aab091/75e1234c-6c56-42e1-ae45-190a090bfc04_disk.config:auth_supported=none:mon_host=55.3.53.19\:6789\;55.3.53.59\:6789\;55.3.53.99\:6789,if=none,id=drive-ide0-1-1,readonly=on,format=raw,cache=writeback
 -device ide-cd,bus=ide.1,unit=1,drive=drive-ide0-1-1,id=ide0-1-1 -drive 
file=rbd:pool-c261dc1709484e01b533156506aab091/volume-e2924c66-9815-46d5-9a01-af355a333975:auth_supported=none:mon_host=55.3.53.19\:6789\;55.3.53.59\:6789\;55.3.53.99\:6789,if=none,id=drive-virtio-disk0,format=raw,serial=e2924c66-9815-46d5-9a01-af355a333975,cache=writeback
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
 -drive 
file=rbd:pool-c261dc1709484e01b533156506aab091/volume-e7e96136-ad57-44a0-925e-0c59f6bd878a:auth_supported=none:mon_host=55.3.53.19\:6789\;55.3.53.59\:6789\;55.3.53.99\:6789,if=none,id=drive-virtio-disk1,format=raw,serial=e7e96136-ad57-44a0-925e-0c59f6bd878a,cache=writeback
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk1,id=virtio-disk1
 -drive 
file=rbd:pool-c261dc1709484e01b533156506aab091/volume-8cdf28d4-c4f7-4b9c-9dfc-8fc55d1b8692:auth_supported=none:mon_host=55.3.53.19\:6789\;55.3.53.59\:6789\;55.3.53.99\:6789,if=none,id=drive-virtio-disk2,format=raw,serial=8cdf28d4-c4f7-4b9c-9dfc-8fc55d1b8692,cache=writeback
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk2,id=virtio-disk2
 -netdev tap,fd=25,id=hostnet0,vhost=on,vhostfd=26 -device 
virtio-net-pci,netdev=hostnet0,id=net0,mac=fa:16:3e:a7:3d:de,bus=pci.0,addr=0x3 
-chardev 
file,id=charserial0,path=/var/lib/nova/instances/75e1234c-6c56-42e1-ae45-190a090bfc04/console.log
 -device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1 
-device isa-serial,chardev=charserial1,id=serial1 -chardev 
socket,id=charchannel0,path=/var/lib/libvirt/qemu/org.qemu.guest_agent.0.instance-632f.sock,server,nowait
 -device 
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -k en-us -device 
cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg timestamp=on


virsh # dominfo instance-632f
Id: 4
Name:   instance-632f
UUID:   75e1234c-6c56-42e1-ae45-190a090bfc04
OS Type:hvm
State:  running
CPU(s): 4
CPU time:   4003.0s
Max memory: 8388608 KiB
Used memory:8388608 KiB
Persistent: yes
Autostart:  disable
Managed save:   no
Security model: none
Security DOI:   0


Thanks in advance.

Re: [Qemu-devel] [PATCH v3] ivshmem-server: ivshmem-client: Build when eventfd() is available

[Kamil Rytarowski]

On 06.06.2017 16:56, Kamil Rytarowski wrote:
> On 06.06.2017 16:34, Peter Maydell wrote:
>> On 6 June 2017 at 14:38, Kamil Rytarowski  wrote:
>>> I've linked qemu with the original patch and:
>>> ./configure --disable-linux-user --disable-system --static
>>>
>>> I got some warnings, I think they are originated from our libc and are
>>> not related to qemu:
>>>   LINKsparc64-bsd-user/qemu-sparc64
>>> /usr/lib/libc.a(initfini.o): warning: common of `__ps_strings'
>>> overridden by definition
>>> /usr/lib/crt0.o: warning: defined here
>>> /usr/lib/libc.a(_env.o): warning: multiple common of `environ'
>>> /usr/lib/crt0.o: warning: previous common is here
>>> /usr/lib/libc.a(getprogname.o): warning: common of `__progname'
>>> overridden by definition
>>> /usr/lib/crt0.o: warning: defined here
>>
>> Yes, I think I've seen those before on NetBSD -- they look
>> like a bug in your libc to me, it shouldn't be confusing itself
>> with itself like that :-)
>>
>> thanks
>> -- PMM
>>
> 
> I have filed this bug upstream: http://gnats.netbsd.org/52278
> 
> 


What's the status with this patch?

NetBSD build still breaks due to ivshmem-*.



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/3] sun4u: move fw_cfg/NVRAM devices to ebus PCI IO address space

[Mark Cave-Ayland]

On 10/06/17 14:27, no-re...@patchew.org wrote:

> Hi,
> 
> This series failed build test on s390x host. Please find the details below.

Well given that it's dependent upon the fw_cfg patchset I posted
earlier, it's probably going to fail on all hosts :)

Is there a way to express patch dependencies for the patchew builds that
I'm not aware of?


ATB,

Mark.

[Qemu-devel] [PATCH 3/3] sun4u: expose NVRAM on ebus PCI IO address space

[Mark Cave-Ayland]

To allow future changes to the sun4u PCI topology.

Signed-off-by: Mark Cave-Ayland 
---
 hw/sparc64/sun4u.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 19e64be..bf738f8 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -492,7 +492,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 /* Map NVRAM into I/O (ebus) space */
 nvram = m48t59_init(NULL, 0, 0, NVRAM_SIZE, 1968, 59);
 s = SYS_BUS_DEVICE(nvram);
-memory_region_add_subregion(get_system_io(), 0x2000,
+memory_region_add_subregion(pci_address_space_io(ebus), 0x2000,
 sysbus_mmio_get_region(s, 0));
  
 initrd_size = 0;
-- 
1.7.10.4

[Qemu-devel] [PATCH 0/3] sun4u: move fw_cfg/NVRAM devices to ebus PCI IO address space

[Mark Cave-Ayland]

The sun4u ebus is currently attached directly to the PCI host bridge meaning
some access is split between the ebus (ISA) IO space and system IO space. This
patchset moves the remaining fw_cfg/NVRAM devices into the ebus IO space in
preparation for moving the ebus device behind a PCI-PCI bridge.

Note: this patchset is dependent upon the fw_cfg patchset I recently
posted.

Signed-off-by: Mark Cave-Ayland 

Mark Cave-Ayland (3):
  sun4u: switch to using qdev to instantiate fw_cfg interface
  sun4u: expose fw_cfg on ebus PCI IO address space
  sun4u: expose NVRAM on ebus PCI IO address space

 hw/sparc64/sun4u.c |   20 ++--
 1 file changed, 14 insertions(+), 6 deletions(-)

-- 
1.7.10.4

[Qemu-devel] [PATCH 2/3] sun4u: expose fw_cfg on ebus PCI IO address space

[Mark Cave-Ayland]

To allow future changes to the sun4u PCI topology.

Signed-off-by: Mark Cave-Ayland 
---
 hw/sparc64/sun4u.c |   10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 98ee6f5..19e64be 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -224,13 +224,11 @@ static void isa_irq_handler(void *opaque, int n, int 
level)
 
 /* EBUS (Eight bit bus) bridge */
 static ISABus *
-pci_ebus_init(PCIBus *bus, int devfn, qemu_irq *irqs)
+pci_ebus_init(PCIDevice *pci_dev, qemu_irq *irqs)
 {
 qemu_irq *isa_irq;
-PCIDevice *pci_dev;
 ISABus *isa_bus;
 
-pci_dev = pci_create_simple(bus, devfn, "ebus");
 isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci_dev), "isa.0"));
 isa_irq = qemu_allocate_irqs(isa_irq_handler, irqs, 16);
 isa_bus_irqs(isa_bus, isa_irq);
@@ -429,6 +427,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 unsigned int i;
 uint64_t initrd_addr, initrd_size, kernel_addr, kernel_size, kernel_entry;
 PCIBus *pci_bus, *pci_bus2, *pci_bus3;
+PCIDevice *ebus;
 ISABus *isa_bus;
 SysBusDevice *s;
 qemu_irq *ivec_irqs, *pbm_irqs;
@@ -452,7 +451,8 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 pci_vga_init(pci_bus);
 
 // XXX Should be pci_bus3
-isa_bus = pci_ebus_init(pci_bus, -1, pbm_irqs);
+ebus = pci_create_simple(pci_bus, -1, "ebus");
+isa_bus = pci_ebus_init(ebus, pbm_irqs);
 
 i = 0;
 if (hwdef->console_serial_base) {
@@ -517,7 +517,7 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
 qdev_prop_set_bit(dev, "dma_enabled", false);
 qdev_init_nofail(dev);
 s = SYS_BUS_DEVICE(dev);
-memory_region_add_subregion(get_system_io(), BIOS_CFG_IOPORT,
+memory_region_add_subregion(pci_address_space_io(ebus), BIOS_CFG_IOPORT,
 sysbus_mmio_get_region(s, 0));
 
 fw_cfg = FW_CFG(dev);
-- 
1.7.10.4

[Qemu-devel] [PATCH 1/3] sun4u: switch to using qdev to instantiate fw_cfg interface

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
---
 hw/sparc64/sun4u.c |   10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 69f565d..98ee6f5 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -512,7 +512,15 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
graphic_width, graphic_height, graphic_depth,
(uint8_t *)_table[0].macaddr);
 
-fw_cfg = fw_cfg_init_io(BIOS_CFG_IOPORT);
+dev = qdev_create(NULL, TYPE_FW_CFG_IO);
+qdev_prop_set_uint32(dev, "iobase", BIOS_CFG_IOPORT);
+qdev_prop_set_bit(dev, "dma_enabled", false);
+qdev_init_nofail(dev);
+s = SYS_BUS_DEVICE(dev);
+memory_region_add_subregion(get_system_io(), BIOS_CFG_IOPORT,
+sysbus_mmio_get_region(s, 0));
+
+fw_cfg = FW_CFG(dev);
 fw_cfg_add_i16(fw_cfg, FW_CFG_NB_CPUS, (uint16_t)smp_cpus);
 fw_cfg_add_i16(fw_cfg, FW_CFG_MAX_CPUS, (uint16_t)max_cpus);
 fw_cfg_add_i64(fw_cfg, FW_CFG_RAM_SIZE, (uint64_t)ram_size);
-- 
1.7.10.4

[Qemu-devel] [PATCH 4/6] fw_cfg: move fw_cfg_init1() into the fw_cfg_*_realize() functions

[Mark Cave-Ayland]

And rename to fw_cfg_common_realize() which better describes its role.

Signed-off-by: Mark Cave-Ayland 
---
 hw/nvram/fw_cfg.c |8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index f7b78a9..87b4392 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -910,7 +910,7 @@ static void fw_cfg_machine_ready(struct Notifier *n, void 
*data)
 
 
 
-static void fw_cfg_init1(DeviceState *dev)
+static void fw_cfg_common_realize(DeviceState *dev)
 {
 FWCfgState *s = FW_CFG(dev);
 MachineState *machine = MACHINE(qdev_get_machine());
@@ -951,7 +951,6 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t 
dma_iobase,
 qdev_prop_set_bit(dev, "dma_enabled", false);
 }
 
-fw_cfg_init1(dev);
 qdev_init_nofail(dev);
 
 s = FW_CFG(dev);
@@ -985,7 +984,6 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
 qdev_prop_set_bit(dev, "dma_enabled", false);
 }
 
-fw_cfg_init1(dev);
 qdev_init_nofail(dev);
 
 sbd = SYS_BUS_DEVICE(dev);
@@ -1085,6 +1083,8 @@ static void fw_cfg_io_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
+fw_cfg_common_realize(dev);
+
 /* when using port i/o, the 8-bit data register ALWAYS overlaps
  * with half of the 16-bit control register. Hence, the total size
  * of the i/o region used is FW_CFG_CTL_SIZE */
@@ -1138,6 +1138,8 @@ static void fw_cfg_mem_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
+fw_cfg_common_realize(dev);
+
 memory_region_init_io(>ctl_iomem, OBJECT(s), _cfg_ctl_mem_ops,
   FW_CFG(s), "fwcfg.ctl", FW_CFG_CTL_SIZE);
 sysbus_init_mmio(sbd, >ctl_iomem);
-- 
1.7.10.4

[Qemu-devel] [PATCH 3/6] fw_cfg: move setting of FW_CFG_ID into fw_cfg_init1()

[Mark Cave-Ayland]

The dma_enabled property enables us to set the FW_CFG_ID version
accordingly.

Signed-off-by: Mark Cave-Ayland 
---
 hw/nvram/fw_cfg.c |   16 +++-
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 1313bfd..f7b78a9 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -914,12 +914,19 @@ static void fw_cfg_init1(DeviceState *dev)
 {
 FWCfgState *s = FW_CFG(dev);
 MachineState *machine = MACHINE(qdev_get_machine());
+uint32_t version = FW_CFG_VERSION;
 
 assert(!object_resolve_path(FW_CFG_PATH, NULL));
 
 object_property_add_child(OBJECT(machine), FW_CFG_NAME, OBJECT(s), NULL);
 
 fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4);
+
+if (s->dma_enabled) {
+version |= FW_CFG_VERSION_DMA;
+}
+
+fw_cfg_add_i32(s, FW_CFG_ID, version);
 fw_cfg_add_bytes(s, FW_CFG_UUID, _uuid, 16);
 fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)!machine->enable_graphics);
 fw_cfg_add_i16(s, FW_CFG_BOOT_MENU, (uint16_t)boot_menu);
@@ -935,7 +942,6 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t 
dma_iobase,
 {
 DeviceState *dev;
 FWCfgState *s;
-uint32_t version = FW_CFG_VERSION;
 bool dma_requested = dma_iobase && dma_as;
 
 dev = qdev_create(NULL, TYPE_FW_CFG_IO);
@@ -954,12 +960,8 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t 
dma_iobase,
 /* 64 bits for the address field */
 s->dma_as = dma_as;
 s->dma_addr = 0;
-
-version |= FW_CFG_VERSION_DMA;
 }
 
-fw_cfg_add_i32(s, FW_CFG_ID, version);
-
 return s;
 }
 
@@ -975,7 +977,6 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
 DeviceState *dev;
 SysBusDevice *sbd;
 FWCfgState *s;
-uint32_t version = FW_CFG_VERSION;
 bool dma_requested = dma_addr && dma_as;
 
 dev = qdev_create(NULL, TYPE_FW_CFG_MEM);
@@ -997,11 +998,8 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
 s->dma_as = dma_as;
 s->dma_addr = 0;
 sysbus_mmio_map(sbd, 2, dma_addr);
-version |= FW_CFG_VERSION_DMA;
 }
 
-fw_cfg_add_i32(s, FW_CFG_ID, version);
-
 return s;
 }
 
-- 
1.7.10.4

[Qemu-devel] [PATCH 2/6] fw_cfg: move qdev_init_nofail() out from fw_cfg_init1() into callers

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
---
 hw/nvram/fw_cfg.c |5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 144e0c6..1313bfd 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -919,8 +919,6 @@ static void fw_cfg_init1(DeviceState *dev)
 
 object_property_add_child(OBJECT(machine), FW_CFG_NAME, OBJECT(s), NULL);
 
-qdev_init_nofail(dev);
-
 fw_cfg_add_bytes(s, FW_CFG_SIGNATURE, (char *)"QEMU", 4);
 fw_cfg_add_bytes(s, FW_CFG_UUID, _uuid, 16);
 fw_cfg_add_i16(s, FW_CFG_NOGRAPHIC, (uint16_t)!machine->enable_graphics);
@@ -948,6 +946,8 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t 
dma_iobase,
 }
 
 fw_cfg_init1(dev);
+qdev_init_nofail(dev);
+
 s = FW_CFG(dev);
 
 if (s->dma_enabled) {
@@ -985,6 +985,7 @@ FWCfgState *fw_cfg_init_mem_wide(hwaddr ctl_addr,
 }
 
 fw_cfg_init1(dev);
+qdev_init_nofail(dev);
 
 sbd = SYS_BUS_DEVICE(dev);
 sysbus_mmio_map(sbd, 0, ctl_addr);
-- 
1.7.10.4

[Qemu-devel] [PATCH 1/6] fw_cfg: move initialisation of FWCfgState into instance_init

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
---
 hw/nvram/fw_cfg.c |   14 ++
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 316fca9..144e0c6 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -1017,6 +1017,15 @@ FWCfgState *fw_cfg_find(void)
 return FW_CFG(object_resolve_path(FW_CFG_PATH, NULL));
 }
 
+static void fw_cfg_init(Object *obj)
+{
+FWCfgState *s = FW_CFG(obj);
+
+s->entries[0] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
+s->entries[1] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
+s->entry_order = g_new0(int, fw_cfg_max_entry(s));
+}
+
 static void fw_cfg_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -1030,6 +1039,7 @@ static const TypeInfo fw_cfg_info = {
 .parent= TYPE_SYS_BUS_DEVICE,
 .abstract  = true,
 .instance_size = sizeof(FWCfgState),
+.instance_init = fw_cfg_init,
 .class_init= fw_cfg_class_init,
 };
 
@@ -1052,10 +1062,6 @@ static void fw_cfg_file_slots_allocate(FWCfgState *s, 
Error **errp)
file_slots_max);
 return;
 }
-
-s->entries[0] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
-s->entries[1] = g_new0(FWCfgEntry, fw_cfg_max_entry(s));
-s->entry_order = g_new0(int, fw_cfg_max_entry(s));
 }
 
 static Property fw_cfg_io_properties[] = {
-- 
1.7.10.4

[Qemu-devel] [PATCH 6/6] fw_cfg: move QOM type defines into fw_cfg.h

[Mark Cave-Ayland]

This allows the device to be instantiated externally.

Signed-off-by: Mark Cave-Ayland 
---
 hw/nvram/fw_cfg.c |8 
 include/hw/nvram/fw_cfg.h |8 
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 4159316..b77de00 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -40,14 +40,6 @@
 #define FW_CFG_NAME "fw_cfg"
 #define FW_CFG_PATH "/machine/" FW_CFG_NAME
 
-#define TYPE_FW_CFG "fw_cfg"
-#define TYPE_FW_CFG_IO  "fw_cfg_io"
-#define TYPE_FW_CFG_MEM "fw_cfg_mem"
-
-#define FW_CFG(obj) OBJECT_CHECK(FWCfgState,(obj), TYPE_FW_CFG)
-#define FW_CFG_IO(obj)  OBJECT_CHECK(FWCfgIoState,  (obj), TYPE_FW_CFG_IO)
-#define FW_CFG_MEM(obj) OBJECT_CHECK(FWCfgMemState, (obj), TYPE_FW_CFG_MEM)
-
 /* FW_CFG_VERSION bits */
 #define FW_CFG_VERSION  0x01
 #define FW_CFG_VERSION_DMA  0x02
diff --git a/include/hw/nvram/fw_cfg.h b/include/hw/nvram/fw_cfg.h
index b980cba..e515698 100644
--- a/include/hw/nvram/fw_cfg.h
+++ b/include/hw/nvram/fw_cfg.h
@@ -4,6 +4,14 @@
 #include "exec/hwaddr.h"
 #include "hw/nvram/fw_cfg_keys.h"
 
+#define TYPE_FW_CFG "fw_cfg"
+#define TYPE_FW_CFG_IO  "fw_cfg_io"
+#define TYPE_FW_CFG_MEM "fw_cfg_mem"
+
+#define FW_CFG(obj) OBJECT_CHECK(FWCfgState,(obj), TYPE_FW_CFG)
+#define FW_CFG_IO(obj)  OBJECT_CHECK(FWCfgIoState,  (obj), TYPE_FW_CFG_IO)
+#define FW_CFG_MEM(obj) OBJECT_CHECK(FWCfgMemState, (obj), TYPE_FW_CFG_MEM)
+
 typedef struct FWCfgFile {
 uint32_t  size;/* file size */
 uint16_t  select;  /* write this to 0x510 to read it */
-- 
1.7.10.4

[Qemu-devel] [PATCH 5/6] fw_cfg: use sysbus_init_mmio() in fw_cfg_io_realize()

[Mark Cave-Ayland]

This brings the function in line with fw_cfg_mem_realize(), deferring the
actual mapping until outside of the realize function.

Signed-off-by: Mark Cave-Ayland 
---
 hw/nvram/fw_cfg.c |9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c
index 87b4392..4159316 100644
--- a/hw/nvram/fw_cfg.c
+++ b/hw/nvram/fw_cfg.c
@@ -941,6 +941,7 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t 
dma_iobase,
 AddressSpace *dma_as)
 {
 DeviceState *dev;
+SysBusDevice *sbd;
 FWCfgState *s;
 bool dma_requested = dma_iobase && dma_as;
 
@@ -953,12 +954,16 @@ FWCfgState *fw_cfg_init_io_dma(uint32_t iobase, uint32_t 
dma_iobase,
 
 qdev_init_nofail(dev);
 
+sbd = SYS_BUS_DEVICE(dev);
+sysbus_add_io(sbd, iobase, sysbus_mmio_get_region(sbd, 0));
+
 s = FW_CFG(dev);
 
 if (s->dma_enabled) {
 /* 64 bits for the address field */
 s->dma_as = dma_as;
 s->dma_addr = 0;
+sysbus_add_io(sbd, dma_iobase, sysbus_mmio_get_region(sbd, 1));
 }
 
 return s;
@@ -1090,13 +1095,13 @@ static void fw_cfg_io_realize(DeviceState *dev, Error 
**errp)
  * of the i/o region used is FW_CFG_CTL_SIZE */
 memory_region_init_io(>comb_iomem, OBJECT(s), _cfg_comb_mem_ops,
   FW_CFG(s), "fwcfg", FW_CFG_CTL_SIZE);
-sysbus_add_io(sbd, s->iobase, >comb_iomem);
+sysbus_init_mmio(sbd, >comb_iomem);
 
 if (FW_CFG(s)->dma_enabled) {
 memory_region_init_io(_CFG(s)->dma_iomem, OBJECT(s),
   _cfg_dma_mem_ops, FW_CFG(s), "fwcfg.dma",
   sizeof(dma_addr_t));
-sysbus_add_io(sbd, s->dma_iobase, _CFG(s)->dma_iomem);
+sysbus_init_mmio(sbd, _CFG(s)->dma_iomem);
 }
 }
 
-- 
1.7.10.4

[Qemu-devel] [PATCH 0/6] fw_cfg: qdev-related tidy-ups

[Mark Cave-Ayland]

As part of some ongoing sun4u work, I need to be able to wire the fw_cfg
IO interface to a separate IO space by instantiating the qdev device instead
of calling fw_cfg_init_io(). This patchset brings FW_CFG_IO in line with
FW_CFG_MEM and tidies up the realize methods accordingly.

Signed-off-by: Mark Cave-Ayland 

Mark Cave-Ayland (6):
  fw_cfg: move initialisation of FWCfgState into instance_init
  fw_cfg: move qdev_init_nofail() out from fw_cfg_init1() into callers
  fw_cfg: move setting of FW_CFG_ID into fw_cfg_init1()
  fw_cfg: move fw_cfg_init1() into the fw_cfg_*_realize() functions
  fw_cfg: use sysbus_init_mmio() in fw_cfg_io_realize()
  fw_cfg: move QOM type defines into fw_cfg.h

 hw/nvram/fw_cfg.c |   60 -
 include/hw/nvram/fw_cfg.h |8 ++
 2 files changed, 40 insertions(+), 28 deletions(-)

-- 
1.7.10.4

[Qemu-devel] [PATCH] bdrv_inc_in_flight and bdrv_dec_in_flight:

[Zhengui Li]

Avoid empty pointer access if the bs is NULL.

Signed-off-by: Zhengui Li 
---
 block/io.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/block/io.c b/block/io.c
index ed31810..b12d7cf 100644
--- a/block/io.c
+++ b/block/io.c
@@ -492,7 +492,9 @@ static bool tracked_request_overlaps(BdrvTrackedRequest 
*req,
 
 void bdrv_inc_in_flight(BlockDriverState *bs)
 {
-atomic_inc(>in_flight);
+if (bs) {
+atomic_inc(>in_flight);
+}
 }
 
 static void dummy_bh_cb(void *opaque)
@@ -508,8 +510,10 @@ void bdrv_wakeup(BlockDriverState *bs)
 
 void bdrv_dec_in_flight(BlockDriverState *bs)
 {
-atomic_dec(>in_flight);
-bdrv_wakeup(bs);
+if (bs) {
+atomic_dec(>in_flight);
+bdrv_wakeup(bs);
+}
 }
 
 static bool coroutine_fn wait_serialising_requests(BdrvTrackedRequest *self)
-- 
1.8.3.1

Re: [Qemu-devel] Memory dirty event

[ali saeedi]

Hello
thanks for your answer
Do i code in kernel space for writing this API?
Please give me more guide about what should i do to write this API.
thanks a lot

On Thu, May 25, 2017 at 5:50 PM, Xiao Guangrong 
wrote:

>
> No API directly supports your case, but you can do it in KVM by using
> page-track mechanism.
>
>
>
> On 05/25/2017 08:26 PM, ali saeedi wrote:
>
>> Hello
>> How can i receive an event when a page or block is dirtied in qemu code?
>> thanks a lot
>>
>>

Re: [Qemu-devel] [RFC DEBUG PATCH 3/3] translate-a64: fix lookup_tb_ptr hang (DEBUG!)

[Alex Bennée]

Richard Henderson  writes:

> On 06/09/2017 10:01 AM, Alex Bennée wrote:
>> THIS IS A DEBUG PATCH DO NOT MERGE
>>
>> I include all the comments to show my working. I was trying to
>> isolate which instructions cause the problem. It turns out it is the
>> RET instruction. I don't understand why because AFAICT it is a
>> pretty much a BR instruction.
>
> Yeah, same thing for Alpha.
>
> It has been my guess that not chaining through RET means that we get
> back to the main loop regularly and often, letting interrupts be
> recognized in a timely manner.
>
> I can't figure out why that would be, however, since interrupts
> *ought* to be setting icount_decr, and the TB to which we chain *is*
> checking that to return to the main loop.

Indeed - if that was broken a lot more stuff wouldn't work.

> Since changing the timing affects the outcome (e.g. -d exec), it
> follows that this *must* be some sort of race condition.  But since
> this still happens with single-threaded mode, I can't imagine what
> sort of race condition it might be.

Apart from timer expiry I can't think what other interactions the other
threads have on the main TCG thread. I guess there is IO but my test
hangs way before the kernel starts poking the disk. Is there an
interaction between IRQs and QEMU's serial driver?

>
> More data points.  I removed the tb_htable_lookup, and that by itself
> is enough to fix Alpha booting.  But it doesn't help the aarch64
> kernel+image that I have.  Which does still boot with -d nochain
> (which, along with disabling goto_tb chaining, also disables all
> goto_ptr).

I wonder what is different about your aarch64 image and mine then?
Because mine works just with suppressing the chaining for RET.

>
> Not really sure where to go from here.

I would agree with Emilio that we revert but I can't quite shake the
feeling we are missing an underlying problem. Would just skipping the
htable lookup (but keeping the tb_jmp_cache) be an OK fix for now? Have
we just been lucky that whatever mechanism causes the "hang" wasn't due
to?

>
>
> r~


--
Alex Bennée

[Qemu-devel] [Bug 904308] Re: x86: BT/BTS/BTR/BTC: ZF flag is unaffected

[Thomas Huth]

Looking at the previous comments ... is there anything left to do here?
Or can we close this bug nowadays?

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/904308

Title:
  x86: BT/BTS/BTR/BTC: ZF flag is unaffected

Status in QEMU:
  Incomplete

Bug description:
  Hello!

  Bug was found in qemu.git.
  See target-i386/translate.c:

  case 0x1ba: /* bt/bts/btr/btc Gv, im */
  ot = dflag + OT_WORD;
  modrm = ldub_code(s->pc++);
  op = (modrm >> 3) & 7;
  mod = (modrm >> 6) & 3;
  rm = (modrm & 7) | REX_B(s);
  if (mod != 3) {
  s->rip_offset = 1;
  gen_lea_modrm(s, modrm, _addr, _addr);
  gen_op_ld_T0_A0(ot + s->mem_index);
  } else {
  gen_op_mov_TN_reg(ot, 0, rm);
  }
  /* load shift */
  val = ldub_code(s->pc++);
  gen_op_movl_T1_im(val);
  if (op < 4)
  goto illegal_op;
  op -= 4;
  goto bt_op;
  case 0x1a3: /* bt Gv, Ev */
  op = 0;
  goto do_btx;
  case 0x1ab: /* bts */
  op = 1;
  goto do_btx;
  case 0x1b3: /* btr */
  op = 2;
  goto do_btx;
  case 0x1bb: /* btc */
  op = 3;
  do_btx:
  ot = dflag + OT_WORD;
  modrm = ldub_code(s->pc++);
  reg = ((modrm >> 3) & 7) | rex_r;
  mod = (modrm >> 6) & 3;
  rm = (modrm & 7) | REX_B(s);
  gen_op_mov_TN_reg(OT_LONG, 1, reg);
  if (mod != 3) {
  gen_lea_modrm(s, modrm, _addr, _addr);
  /* specific case: we need to add a displacement */
  gen_exts(ot, cpu_T[1]);
  tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot);
  tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot);
  tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
  gen_op_ld_T0_A0(ot + s->mem_index);
  } else {
  gen_op_mov_TN_reg(ot, 0, rm);
  }
  bt_op:
  tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1);
  switch(op) {
  case 0:
  tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]);
  tcg_gen_movi_tl(cpu_cc_dst, 0);   
<< always set zf
  break;
  case 1:
  tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
  tcg_gen_movi_tl(cpu_tmp0, 1);
  tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
  tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
  break;
  case 2:
  tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
  tcg_gen_movi_tl(cpu_tmp0, 1);
  tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
  tcg_gen_not_tl(cpu_tmp0, cpu_tmp0);
  tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
  break;
  default:
  case 3:
  tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]);
  tcg_gen_movi_tl(cpu_tmp0, 1);
  tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]);
  tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0);
  break;
  }
  s->cc_op = CC_OP_SARB + ot;
  if (op != 0) {
  if (mod != 3)
  gen_op_st_T0_A0(ot + s->mem_index);
  else
  gen_op_mov_reg_T0(ot, rm);
  tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4);
  tcg_gen_movi_tl(cpu_cc_dst, 0);   
<< always set zf
  }
  break;

  always set zf...

  There is fixed patch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/904308/+subscriptions

[Qemu-devel] [Bug 1639322] Re: pasting into ppc64 serial console kills qemu

[Thomas Huth]

** Changed in: qemu
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1639322

Title:
  pasting into ppc64 serial console kills qemu

Status in QEMU:
  Fix Released

Bug description:
  - run qemu-system-ppc64
  - when X window appears press Ctrl+Alt+3
  - paste any text longer than 16 characters

  
  qemu-system-ppc64: 
/home/abuild/rpmbuild/BUILD/qemu-2.6.1/hw/char/spapr_vty.c:40: vty_receive: 
Assertion `(dev->in - dev->out) < 16' failed.
  Aborted (core dumped)

  Broken in SUSE Leap 42.2 and git
  4eb28abd52d48657cff6ff45e8dbbbefe4dbb414

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1639322/+subscriptions