[Qemu-devel] [PULL 01/21] hw/arm/aspeed: directly map the serial device to the system address space

[Peter Maydell]

From: Philippe Mathieu-Daudé 

(qemu) info mtree
 address-space: cpu-memory-0
   - (prio 0, i/o): system
 -07ff (prio 0, rom): aspeed.boot_rom
 1e60-1e7f (prio -1, i/o): aspeed_soc.io
-  1e784000-1e78401f (prio 0, i/o): serial
 1e62-1e6200ff (prio 0, i/o): aspeed.smc.ast2500-fmc
 1e63-1e6300ff (prio 0, i/o): aspeed.smc.ast2500-spi1
 [...]
 1e72-1e728fff (prio 0, ram): aspeed.sram
 1e782000-1e782fff (prio 0, i/o): aspeed.timer
+1e784000-1e78401f (prio 0, i/o): serial
 1e785000-1e78501f (prio 0, i/o): aspeed.wdt
 1e785020-1e78503f (prio 0, i/o): aspeed.wdt

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Cédric Le Goater 
Reviewed-by: Andrew Jeffery 
Message-id: 20180209085755.30414-2-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 hw/arm/aspeed_soc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/arm/aspeed_soc.c b/hw/arm/aspeed_soc.c
index c83b7e207b..2a5d041b3b 100644
--- a/hw/arm/aspeed_soc.c
+++ b/hw/arm/aspeed_soc.c
@@ -257,7 +257,8 @@ static void aspeed_soc_realize(DeviceState *dev, Error 
**errp)
 /* UART - attach an 8250 to the IO space as our UART5 */
 if (serial_hds[0]) {
 qemu_irq uart5 = qdev_get_gpio_in(DEVICE(>vic), uart_irqs[4]);
-serial_mm_init(>iomem, ASPEED_SOC_UART_5_BASE, 2,
+serial_mm_init(get_system_memory(),
+   ASPEED_SOC_IOMEM_BASE + ASPEED_SOC_UART_5_BASE, 2,
uart5, 38400, serial_hds[0], DEVICE_LITTLE_ENDIAN);
 }
 
-- 
2.16.1

[Qemu-devel] [PULL 15/21] hw/intc/armv7m_nvic: Implement cache ID registers

[Peter Maydell]

M profile cores have a similar setup for cache ID registers
to A profile:
 * Cache Level ID Register (CLIDR) is a fixed value
 * Cache Type Register (CTR) is a fixed value
 * Cache Size ID Registers (CCSIDR) are a bank of registers;
   which one you see is selected by the Cache Size Selection
   Register (CSSELR)

The only difference is that they're in the NVIC memory mapped
register space rather than being coprocessor registers.
Implement the M profile view of them.

Since neither Cortex-M3 nor Cortex-M4 implement caches,
we don't need to update their init functions and can leave
the ctr/clidr/ccsidr[] fields in their ARMCPU structs at zero.
Newer cores (like the Cortex-M33) will want to be able to
set these ID registers to non-zero values, though.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Message-id: 20180209165810.6668-6-peter.mayd...@linaro.org
---
 target/arm/cpu.h  | 26 ++
 hw/intc/armv7m_nvic.c | 16 
 target/arm/machine.c  | 36 
 3 files changed, 78 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 51a3e16275..8938a7c953 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -496,6 +496,7 @@ typedef struct CPUARMState {
 uint32_t faultmask[M_REG_NUM_BANKS];
 uint32_t aircr; /* only holds r/w state if security extn implemented */
 uint32_t secure; /* Is CPU in Secure state? (not guest visible) */
+uint32_t csselr[M_REG_NUM_BANKS];
 } v7m;
 
 /* Information associated with an exception about to be taken:
@@ -1325,6 +1326,23 @@ FIELD(V7M_MPU_CTRL, ENABLE, 0, 1)
 FIELD(V7M_MPU_CTRL, HFNMIENA, 1, 1)
 FIELD(V7M_MPU_CTRL, PRIVDEFENA, 2, 1)
 
+/* v7M CLIDR bits */
+FIELD(V7M_CLIDR, CTYPE_ALL, 0, 21)
+FIELD(V7M_CLIDR, LOUIS, 21, 3)
+FIELD(V7M_CLIDR, LOC, 24, 3)
+FIELD(V7M_CLIDR, LOUU, 27, 3)
+FIELD(V7M_CLIDR, ICB, 30, 2)
+
+FIELD(V7M_CSSELR, IND, 0, 1)
+FIELD(V7M_CSSELR, LEVEL, 1, 3)
+/* We use the combination of InD and Level to index into cpu->ccsidr[];
+ * define a mask for this and check that it doesn't permit running off
+ * the end of the array.
+ */
+FIELD(V7M_CSSELR, INDEX, 0, 4)
+
+QEMU_BUILD_BUG_ON(ARRAY_SIZE(((ARMCPU *)0)->ccsidr) <= 
R_V7M_CSSELR_INDEX_MASK);
+
 /* If adding a feature bit which corresponds to a Linux ELF
  * HWCAP bit, remember to update the feature-bit-to-hwcap
  * mapping in linux-user/elfload.c:get_elf_hwcap().
@@ -2487,6 +2505,14 @@ static inline int arm_debug_target_el(CPUARMState *env)
 }
 }
 
+static inline bool arm_v7m_csselr_razwi(ARMCPU *cpu)
+{
+/* If all the CLIDR.Ctypem bits are 0 there are no caches, and
+ * CSSELR is RAZ/WI.
+ */
+return (cpu->clidr & R_V7M_CLIDR_CTYPE_ALL_MASK) != 0;
+}
+
 static inline bool aa64_generate_debug_exceptions(CPUARMState *env)
 {
 if (arm_is_secure(env)) {
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index eb49fd77c7..040f3380ec 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1025,6 +1025,17 @@ static uint32_t nvic_readl(NVICState *s, uint32_t 
offset, MemTxAttrs attrs)
 return cpu->id_isar4;
 case 0xd74: /* ISAR5.  */
 return cpu->id_isar5;
+case 0xd78: /* CLIDR */
+return cpu->clidr;
+case 0xd7c: /* CTR */
+return cpu->ctr;
+case 0xd80: /* CSSIDR */
+{
+int idx = cpu->env.v7m.csselr[attrs.secure] & R_V7M_CSSELR_INDEX_MASK;
+return cpu->ccsidr[idx];
+}
+case 0xd84: /* CSSELR */
+return cpu->env.v7m.csselr[attrs.secure];
 /* TODO: Implement debug registers.  */
 case 0xd90: /* MPU_TYPE */
 /* Unified MPU; if the MPU is not present this value is zero */
@@ -1385,6 +1396,11 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 qemu_log_mask(LOG_UNIMP,
   "NVIC: Aux fault status registers unimplemented\n");
 break;
+case 0xd84: /* CSSELR */
+if (!arm_v7m_csselr_razwi(cpu)) {
+cpu->env.v7m.csselr[attrs.secure] = value & 
R_V7M_CSSELR_INDEX_MASK;
+}
+break;
 case 0xd90: /* MPU_TYPE */
 return; /* RO */
 case 0xd94: /* MPU_CTRL */
diff --git a/target/arm/machine.c b/target/arm/machine.c
index 2c8b43062f..cae63c2f98 100644
--- a/target/arm/machine.c
+++ b/target/arm/machine.c
@@ -191,6 +191,41 @@ static const VMStateDescription 
vmstate_m_faultmask_primask = {
 }
 };
 
+/* CSSELR is in a subsection because we didn't implement it previously.
+ * Migration from an old implementation will leave it at zero, which
+ * is OK since the only CPUs in the old implementation make the
+ * register RAZ/WI.
+ * Since there was no version of QEMU which implemented the CSSELR for
+ * just non-secure, we transfer both banks here rather than putting
+ * the secure banked version in the m-security subsection.
+ */
+static bool csselr_vmstate_validate(void *opaque, int 

[Qemu-devel] [PULL 04/21] raspi: Raspberry Pi 3 support

[Peter Maydell]

From: Pekka Enberg 

This patch adds Raspberry Pi 3 support to hw/arm/raspi.c. The
differences to Pi 2 are:

 - Firmware address
 - Board ID
 - Board revision

The CPU is different too, but that's going to be configured as part of
the machine default CPU when we introduce a new machine type.

The patch was written from scratch by me but the logic is similar to
Zoltán Baldaszti's previous work, which I used as a reference (with
permission from the author):

  https://github.com/bztsrc/qemu-raspi3

Signed-off-by: Pekka Enberg 
[PMM: fixed trailing whitespace on one line]
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/arm/raspi.c | 31 +--
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index c24a4a1b14..93121c56bf 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -5,6 +5,9 @@
  * Rasperry Pi 2 emulation Copyright (c) 2015, Microsoft
  * Written by Andrew Baumann
  *
+ * Raspberry Pi 3 emulation Copyright (c) 2018 Zoltán Baldaszti
+ * Upstream code cleanup (c) 2018 Pekka Enberg
+ *
  * This code is licensed under the GNU GPLv2 and later.
  */
 
@@ -22,10 +25,11 @@
 #define SMPBOOT_ADDR0x300 /* this should leave enough space for ATAGS */
 #define MVBAR_ADDR  0x400 /* secure vectors */
 #define BOARDSETUP_ADDR (MVBAR_ADDR + 0x20) /* board setup code */
-#define FIRMWARE_ADDR   0x8000 /* Pi loads kernel.img here by default */
+#define FIRMWARE_ADDR_2 0x8000 /* Pi 2 loads kernel.img here by default */
+#define FIRMWARE_ADDR_3 0x8 /* Pi 3 loads kernel.img here by default */
 
 /* Table of Linux board IDs for different Pi versions */
-static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43};
+static const int raspi_boardid[] = {[1] = 0xc42, [2] = 0xc43, [3] = 0xc44};
 
 typedef struct RasPiState {
 BCM2836State soc;
@@ -83,8 +87,8 @@ static void setup_boot(MachineState *machine, int version, 
size_t ram_size)
 binfo.secure_board_setup = true;
 binfo.secure_boot = true;
 
-/* Pi2 requires SMP setup */
-if (version == 2) {
+/* Pi2 and Pi3 requires SMP setup */
+if (version >= 2) {
 binfo.smp_loader_start = SMPBOOT_ADDR;
 binfo.write_secondary_boot = write_smpboot;
 binfo.secondary_cpu_reset_hook = reset_secondary;
@@ -94,15 +98,16 @@ static void setup_boot(MachineState *machine, int version, 
size_t ram_size)
  * the normal Linux boot process
  */
 if (machine->firmware) {
+hwaddr firmware_addr = version == 3 ? FIRMWARE_ADDR_3 : 
FIRMWARE_ADDR_2;
 /* load the firmware image (typically kernel.img) */
-r = load_image_targphys(machine->firmware, FIRMWARE_ADDR,
-ram_size - FIRMWARE_ADDR);
+r = load_image_targphys(machine->firmware, firmware_addr,
+ram_size - firmware_addr);
 if (r < 0) {
 error_report("Failed to load firmware from %s", machine->firmware);
 exit(1);
 }
 
-binfo.entry = FIRMWARE_ADDR;
+binfo.entry = firmware_addr;
 binfo.firmware_loaded = true;
 } else {
 binfo.kernel_filename = machine->kernel_filename;
@@ -113,7 +118,7 @@ static void setup_boot(MachineState *machine, int version, 
size_t ram_size)
 arm_load_kernel(ARM_CPU(first_cpu), );
 }
 
-static void raspi2_init(MachineState *machine)
+static void raspi_init(MachineState *machine, int version)
 {
 RasPiState *s = g_new0(RasPiState, 1);
 uint32_t vcram_size;
@@ -139,7 +144,8 @@ static void raspi2_init(MachineState *machine)
 _abort);
 object_property_set_int(OBJECT(>soc), smp_cpus, "enabled-cpus",
 _abort);
-object_property_set_int(OBJECT(>soc), 0xa21041, "board-rev",
+int board_rev = version == 3 ? 0xa02082 : 0xa21041;
+object_property_set_int(OBJECT(>soc), board_rev, "board-rev",
 _abort);
 object_property_set_bool(OBJECT(>soc), true, "realized", _abort);
 
@@ -157,7 +163,12 @@ static void raspi2_init(MachineState *machine)
 
 vcram_size = object_property_get_uint(OBJECT(>soc), "vcram-size",
   _abort);
-setup_boot(machine, 2, machine->ram_size - vcram_size);
+setup_boot(machine, version, machine->ram_size - vcram_size);
+}
+
+static void raspi2_init(MachineState *machine)
+{
+raspi_init(machine, 2);
 }
 
 static void raspi2_machine_init(MachineClass *mc)
-- 
2.16.1

[Qemu-devel] [PULL 10/21] target/arm: Handle SVE registers when using clear_vec_high

[Peter Maydell]

From: Richard Henderson 

When storing to an AdvSIMD FP register, all of the high
bits of the SVE register are zeroed.  Therefore, call it
more often with is_q as a parameter.

Signed-off-by: Richard Henderson 
Message-id: 20180211205848.4568-6-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/translate-a64.c | 162 +
 1 file changed, 62 insertions(+), 100 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index e3881d4999..1c88539d62 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -602,13 +602,30 @@ static TCGv_i32 read_fp_sreg(DisasContext *s, int reg)
 return v;
 }
 
+/* Clear the bits above an N-bit vector, for N = (is_q ? 128 : 64).
+ * If SVE is not enabled, then there are only 128 bits in the vector.
+ */
+static void clear_vec_high(DisasContext *s, bool is_q, int rd)
+{
+unsigned ofs = fp_reg_offset(s, rd, MO_64);
+unsigned vsz = vec_full_reg_size(s);
+
+if (!is_q) {
+TCGv_i64 tcg_zero = tcg_const_i64(0);
+tcg_gen_st_i64(tcg_zero, cpu_env, ofs + 8);
+tcg_temp_free_i64(tcg_zero);
+}
+if (vsz > 16) {
+tcg_gen_gvec_dup8i(ofs + 16, vsz - 16, vsz - 16, 0);
+}
+}
+
 static void write_fp_dreg(DisasContext *s, int reg, TCGv_i64 v)
 {
-TCGv_i64 tcg_zero = tcg_const_i64(0);
+unsigned ofs = fp_reg_offset(s, reg, MO_64);
 
-tcg_gen_st_i64(v, cpu_env, fp_reg_offset(s, reg, MO_64));
-tcg_gen_st_i64(tcg_zero, cpu_env, fp_reg_hi_offset(s, reg));
-tcg_temp_free_i64(tcg_zero);
+tcg_gen_st_i64(v, cpu_env, ofs);
+clear_vec_high(s, false, reg);
 }
 
 static void write_fp_sreg(DisasContext *s, int reg, TCGv_i32 v)
@@ -1009,6 +1026,8 @@ static void do_fp_ld(DisasContext *s, int destidx, 
TCGv_i64 tcg_addr, int size)
 
 tcg_temp_free_i64(tmplo);
 tcg_temp_free_i64(tmphi);
+
+clear_vec_high(s, true, destidx);
 }
 
 /*
@@ -1124,17 +1143,6 @@ static void write_vec_element_i32(DisasContext *s, 
TCGv_i32 tcg_src,
 }
 }
 
-/* Clear the high 64 bits of a 128 bit vector (in general non-quad
- * vector ops all need to do this).
- */
-static void clear_vec_high(DisasContext *s, int rd)
-{
-TCGv_i64 tcg_zero = tcg_const_i64(0);
-
-write_vec_element(s, tcg_zero, rd, 1, MO_64);
-tcg_temp_free_i64(tcg_zero);
-}
-
 /* Store from vector register to memory */
 static void do_vec_st(DisasContext *s, int srcidx, int element,
   TCGv_i64 tcg_addr, int size)
@@ -2794,12 +2802,13 @@ static void disas_ldst_multiple_struct(DisasContext *s, 
uint32_t insn)
 /* For non-quad operations, setting a slice of the low
  * 64 bits of the register clears the high 64 bits (in
  * the ARM ARM pseudocode this is implicit in the fact
- * that 'rval' is a 64 bit wide variable). We optimize
- * by noticing that we only need to do this the first
- * time we touch a register.
+ * that 'rval' is a 64 bit wide variable).
+ * For quad operations, we might still need to zero the
+ * high bits of SVE.  We optimize by noticing that we only
+ * need to do this the first time we touch a register.
  */
-if (!is_q && e == 0 && (r == 0 || xs == selem - 1)) {
-clear_vec_high(s, tt);
+if (e == 0 && (r == 0 || xs == selem - 1)) {
+clear_vec_high(s, is_q, tt);
 }
 }
 tcg_gen_addi_i64(tcg_addr, tcg_addr, ebytes);
@@ -2942,10 +2951,9 @@ static void disas_ldst_single_struct(DisasContext *s, 
uint32_t insn)
 write_vec_element(s, tcg_tmp, rt, 0, MO_64);
 if (is_q) {
 write_vec_element(s, tcg_tmp, rt, 1, MO_64);
-} else {
-clear_vec_high(s, rt);
 }
 tcg_temp_free_i64(tcg_tmp);
+clear_vec_high(s, is_q, rt);
 } else {
 /* Load/store one element per register */
 if (is_load) {
@@ -6718,7 +6726,6 @@ static void handle_vec_simd_sqshrn(DisasContext *s, bool 
is_scalar, bool is_q,
 }
 
 if (!is_q) {
-clear_vec_high(s, rd);
 write_vec_element(s, tcg_final, rd, 0, MO_64);
 } else {
 write_vec_element(s, tcg_final, rd, 1, MO_64);
@@ -6731,7 +6738,8 @@ static void handle_vec_simd_sqshrn(DisasContext *s, bool 
is_scalar, bool is_q,
 tcg_temp_free_i64(tcg_rd);
 tcg_temp_free_i32(tcg_rd_narrowed);
 tcg_temp_free_i64(tcg_final);
-return;
+
+clear_vec_high(s, is_q, rd);
 }
 
 /* SQSHLU, UQSHL, SQSHL: saturating left shifts */
@@ -6795,10 +6803,7 @@ static void 

[Qemu-devel] [PULL 07/21] target/arm: Enforce FP access to FPCR/FPSR

[Peter Maydell]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Message-id: 20180211205848.4568-3-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h   | 35 ++-
 target/arm/helper.c|  6 --
 target/arm/translate-a64.c |  3 +++
 3 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 521444a5a1..e966a57f8a 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1714,7 +1714,7 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 }
 
 /* ARMCPRegInfo type field bits. If the SPECIAL bit is set this is a
- * special-behaviour cp reg and bits [15..8] indicate what behaviour
+ * special-behaviour cp reg and bits [11..8] indicate what behaviour
  * it has. Otherwise it is a simple cp reg, where CONST indicates that
  * TCG can assume the value to be constant (ie load at translate time)
  * and 64BIT indicates a 64 bit wide coprocessor register. SUPPRESS_TB_END
@@ -1735,24 +1735,25 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
  * need to be surrounded by gen_io_start()/gen_io_end(). In particular,
  * registers which implement clocks or timers require this.
  */
-#define ARM_CP_SPECIAL 1
-#define ARM_CP_CONST 2
-#define ARM_CP_64BIT 4
-#define ARM_CP_SUPPRESS_TB_END 8
-#define ARM_CP_OVERRIDE 16
-#define ARM_CP_ALIAS 32
-#define ARM_CP_IO 64
-#define ARM_CP_NO_RAW 128
-#define ARM_CP_NOP (ARM_CP_SPECIAL | (1 << 8))
-#define ARM_CP_WFI (ARM_CP_SPECIAL | (2 << 8))
-#define ARM_CP_NZCV (ARM_CP_SPECIAL | (3 << 8))
-#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | (4 << 8))
-#define ARM_CP_DC_ZVA (ARM_CP_SPECIAL | (5 << 8))
-#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
+#define ARM_CP_SPECIAL   0x0001
+#define ARM_CP_CONST 0x0002
+#define ARM_CP_64BIT 0x0004
+#define ARM_CP_SUPPRESS_TB_END   0x0008
+#define ARM_CP_OVERRIDE  0x0010
+#define ARM_CP_ALIAS 0x0020
+#define ARM_CP_IO0x0040
+#define ARM_CP_NO_RAW0x0080
+#define ARM_CP_NOP   (ARM_CP_SPECIAL | 0x0100)
+#define ARM_CP_WFI   (ARM_CP_SPECIAL | 0x0200)
+#define ARM_CP_NZCV  (ARM_CP_SPECIAL | 0x0300)
+#define ARM_CP_CURRENTEL (ARM_CP_SPECIAL | 0x0400)
+#define ARM_CP_DC_ZVA(ARM_CP_SPECIAL | 0x0500)
+#define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
+#define ARM_CP_FPU   0x1000
 /* Used only as a terminator for ARMCPRegInfo lists */
-#define ARM_CP_SENTINEL 0x
+#define ARM_CP_SENTINEL  0x
 /* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK 0xff
+#define ARM_CP_FLAG_MASK 0x10ff
 
 /* Valid values for ARMCPRegInfo state field, indicating which of
  * the AArch32 and AArch64 execution states this register is visible in.
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 4b102ec356..d41fb8371f 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3356,10 +3356,12 @@ static const ARMCPRegInfo v8_cp_reginfo[] = {
   .writefn = aa64_daif_write, .resetfn = arm_cp_reset_ignore },
 { .name = "FPCR", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 0, .crn = 4, .crm = 4,
-  .access = PL0_RW, .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
+  .access = PL0_RW, .type = ARM_CP_FPU,
+  .readfn = aa64_fpcr_read, .writefn = aa64_fpcr_write },
 { .name = "FPSR", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 1, .crn = 4, .crm = 4,
-  .access = PL0_RW, .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
+  .access = PL0_RW, .type = ARM_CP_FPU,
+  .readfn = aa64_fpsr_read, .writefn = aa64_fpsr_write },
 { .name = "DCZID_EL0", .state = ARM_CP_STATE_AA64,
   .opc0 = 3, .opc1 = 3, .opc2 = 7, .crn = 0, .crm = 0,
   .access = PL0_R, .type = ARM_CP_NO_RAW,
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index fb1a4cb532..89f50558a7 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1631,6 +1631,9 @@ static void handle_sys(DisasContext *s, uint32_t insn, 
bool isread,
 default:
 break;
 }
+if ((ri->type & ARM_CP_FPU) && !fp_access_check(s)) {
+return;
+}
 
 if ((tb_cflags(s->base.tb) & CF_USE_ICOUNT) && (ri->type & ARM_CP_IO)) {
 gen_io_start();
-- 
2.16.1

[Qemu-devel] [PULL 13/21] hw/intc/armv7m_nvic: Implement M profile cache maintenance ops

[Peter Maydell]

For M profile cores, cache maintenance operations are done by
writing to special registers in the system register space.
For QEMU, cache operations are always NOPs, since we don't
implement the cache. Implementing these explicitly avoids
a spurious LOG_GUEST_ERROR when the guest uses them.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Message-id: 20180209165810.6668-4-peter.mayd...@linaro.org
---
 hw/intc/armv7m_nvic.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 06b9598fbe..74b25ce92c 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -1594,6 +1594,18 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 }
 break;
 }
+case 0xf50: /* ICIALLU */
+case 0xf58: /* ICIMVAU */
+case 0xf5c: /* DCIMVAC */
+case 0xf60: /* DCISW */
+case 0xf64: /* DCCMVAU */
+case 0xf68: /* DCCMVAC */
+case 0xf6c: /* DCCSW */
+case 0xf70: /* DCCIMVAC */
+case 0xf74: /* DCCISW */
+case 0xf78: /* BPIALL */
+/* Cache and branch predictor maintenance: for QEMU these always NOP */
+break;
 default:
 bad_offset:
 qemu_log_mask(LOG_GUEST_ERROR,
-- 
2.16.1

[Qemu-devel] [PULL 09/21] target/arm: Enforce access to ZCR_EL at translation

[Peter Maydell]

From: Richard Henderson 

This also makes sure that we get the correct ordering of
SVE vs FP exceptions.

Signed-off-by: Richard Henderson 
Message-id: 20180211205848.4568-5-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h   |  3 ++-
 target/arm/internals.h |  6 ++
 target/arm/helper.c| 22 --
 target/arm/translate-a64.c | 16 
 4 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index e966a57f8a..51a3e16275 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1750,10 +1750,11 @@ static inline uint64_t cpreg_to_kvm_id(uint32_t cpregid)
 #define ARM_CP_DC_ZVA(ARM_CP_SPECIAL | 0x0500)
 #define ARM_LAST_SPECIAL ARM_CP_DC_ZVA
 #define ARM_CP_FPU   0x1000
+#define ARM_CP_SVE   0x2000
 /* Used only as a terminator for ARMCPRegInfo lists */
 #define ARM_CP_SENTINEL  0x
 /* Mask of only the flag bits in a type field */
-#define ARM_CP_FLAG_MASK 0x10ff
+#define ARM_CP_FLAG_MASK 0x30ff
 
 /* Valid values for ARMCPRegInfo state field, indicating which of
  * the AArch32 and AArch64 execution states this register is visible in.
diff --git a/target/arm/internals.h b/target/arm/internals.h
index 89f5d2fe12..47cc224a46 100644
--- a/target/arm/internals.h
+++ b/target/arm/internals.h
@@ -243,6 +243,7 @@ enum arm_exception_class {
 EC_AA64_HVC   = 0x16,
 EC_AA64_SMC   = 0x17,
 EC_SYSTEMREGISTERTRAP = 0x18,
+EC_SVEACCESSTRAP  = 0x19,
 EC_INSNABORT  = 0x20,
 EC_INSNABORT_SAME_EL  = 0x21,
 EC_PCALIGNMENT= 0x22,
@@ -381,6 +382,11 @@ static inline uint32_t syn_fp_access_trap(int cv, int 
cond, bool is_16bit)
 | (cv << 24) | (cond << 20);
 }
 
+static inline uint32_t syn_sve_access_trap(void)
+{
+return EC_SVEACCESSTRAP << ARM_EL_EC_SHIFT;
+}
+
 static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)
 {
 return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index e0184c7162..550dc3d290 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4335,20 +4335,6 @@ static int sve_exception_el(CPUARMState *env)
 return 0;
 }
 
-static CPAccessResult zcr_access(CPUARMState *env, const ARMCPRegInfo *ri,
- bool isread)
-{
-switch (sve_exception_el(env)) {
-case 3:
-return CP_ACCESS_TRAP_EL3;
-case 2:
-return CP_ACCESS_TRAP_EL2;
-case 1:
-return CP_ACCESS_TRAP;
-}
-return CP_ACCESS_OK;
-}
-
 static void zcr_write(CPUARMState *env, const ARMCPRegInfo *ri,
   uint64_t value)
 {
@@ -4359,7 +4345,7 @@ static void zcr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 static const ARMCPRegInfo zcr_el1_reginfo = {
 .name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL1_RW, .accessfn = zcr_access,
+.access = PL1_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
@@ -4367,7 +4353,7 @@ static const ARMCPRegInfo zcr_el1_reginfo = {
 static const ARMCPRegInfo zcr_el2_reginfo = {
 .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL2_RW, .accessfn = zcr_access,
+.access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
@@ -4375,14 +4361,14 @@ static const ARMCPRegInfo zcr_el2_reginfo = {
 static const ARMCPRegInfo zcr_no_el2_reginfo = {
 .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL2_RW,
+.access = PL2_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
 .readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore
 };
 
 static const ARMCPRegInfo zcr_el3_reginfo = {
 .name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL3_RW, .accessfn = zcr_access,
+.access = PL3_RW, .type = ARM_CP_SVE | ARM_CP_FPU,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 89f50558a7..e3881d4999 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -1182,6 +1182,19 @@ static inline bool fp_access_check(DisasContext *s)
 return false;
 }
 
+/* Check that SVE access is enabled.  If it is, return true.
+ * If not, emit code to generate an appropriate 

[Qemu-devel] [PATCH 8/9] iotests: add file_path helper

[Vladimir Sementsov-Ogievskiy]

Simple way to have auto generated filenames with auto clenup. Like
FilePath but without using 'with' statement and without additional
indentation of the whole test.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/iotests.py | 32 
 1 file changed, 32 insertions(+)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index c1302a2f9b..f2d05ca3fd 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -27,6 +27,7 @@ import struct
 import json
 import signal
 import logging
+import atexit
 
 sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'scripts'))
 import qtest
@@ -250,6 +251,37 @@ class FilePath(object):
 return False
 
 
+def file_path_remover():
+for path in reversed(file_path_remover.paths):
+try:
+os.remove(path)
+except OSError:
+pass
+
+
+def file_path(*names):
+''' Another way to get auto-generated filename that cleans itself up.
+
+Use it as simple as:
+
+img_a, img_b = file_path('a.img', 'b.img')
+sock = file_path('socket')
+'''
+
+if not hasattr(file_path_remover, 'paths'):
+file_path_remover.paths = []
+atexit.register(file_path_remover)
+
+paths = []
+for name in names:
+filename = '{0}-{1}'.format(os.getpid(), name)
+path = os.path.join(test_dir, filename)
+file_path_remover.paths.append(path)
+paths.append(path)
+
+return paths[0] if len(paths) == 1 else paths
+
+
 class VM(qtest.QEMUQtestMachine):
 '''A QEMU VM'''
 
-- 
2.11.1

[Qemu-devel] [PULL 11/21] hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC

[Peter Maydell]

Instead of hardcoding the values of M profile ID registers in the
NVIC, use the fields in the CPU struct. This will allow us to
give different M profile CPU types different ID register values.

This commit includes the addition of the missing ID_ISAR5,
which exists as RES0 in both v7M and v8M.

(The values of the ID registers might be wrong for the M4 --
this commit leaves the behaviour there unchanged.)

Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
Message-id: 20180209165810.6668-2-peter.mayd...@linaro.org
---
 hw/intc/armv7m_nvic.c | 30 --
 target/arm/cpu.c  | 28 
 2 files changed, 44 insertions(+), 14 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 360889d30b..63da0fee34 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -990,31 +990,33 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, 
MemTxAttrs attrs)
   "Aux Fault status registers unimplemented\n");
 return 0;
 case 0xd40: /* PFR0.  */
-return 0x0030;
-case 0xd44: /* PRF1.  */
-return 0x0200;
+return cpu->id_pfr0;
+case 0xd44: /* PFR1.  */
+return cpu->id_pfr1;
 case 0xd48: /* DFR0.  */
-return 0x0010;
+return cpu->id_dfr0;
 case 0xd4c: /* AFR0.  */
-return 0x;
+return cpu->id_afr0;
 case 0xd50: /* MMFR0.  */
-return 0x0030;
+return cpu->id_mmfr0;
 case 0xd54: /* MMFR1.  */
-return 0x;
+return cpu->id_mmfr1;
 case 0xd58: /* MMFR2.  */
-return 0x;
+return cpu->id_mmfr2;
 case 0xd5c: /* MMFR3.  */
-return 0x;
+return cpu->id_mmfr3;
 case 0xd60: /* ISAR0.  */
-return 0x01141110;
+return cpu->id_isar0;
 case 0xd64: /* ISAR1.  */
-return 0x02111000;
+return cpu->id_isar1;
 case 0xd68: /* ISAR2.  */
-return 0x21112231;
+return cpu->id_isar2;
 case 0xd6c: /* ISAR3.  */
-return 0x0110;
+return cpu->id_isar3;
 case 0xd70: /* ISAR4.  */
-return 0x01310102;
+return cpu->id_isar4;
+case 0xd74: /* ISAR5.  */
+return cpu->id_isar5;
 /* TODO: Implement debug registers.  */
 case 0xd90: /* MPU_TYPE */
 /* Unified MPU; if the MPU is not present this value is zero */
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index 89ccdeae12..d796085be9 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -1146,6 +1146,20 @@ static void cortex_m3_initfn(Object *obj)
 set_feature(>env, ARM_FEATURE_M);
 cpu->midr = 0x410fc231;
 cpu->pmsav7_dregion = 8;
+cpu->id_pfr0 = 0x0030;
+cpu->id_pfr1 = 0x0200;
+cpu->id_dfr0 = 0x0010;
+cpu->id_afr0 = 0x;
+cpu->id_mmfr0 = 0x0030;
+cpu->id_mmfr1 = 0x;
+cpu->id_mmfr2 = 0x;
+cpu->id_mmfr3 = 0x;
+cpu->id_isar0 = 0x01141110;
+cpu->id_isar1 = 0x02111000;
+cpu->id_isar2 = 0x21112231;
+cpu->id_isar3 = 0x0110;
+cpu->id_isar4 = 0x01310102;
+cpu->id_isar5 = 0x;
 }
 
 static void cortex_m4_initfn(Object *obj)
@@ -1157,6 +1171,20 @@ static void cortex_m4_initfn(Object *obj)
 set_feature(>env, ARM_FEATURE_THUMB_DSP);
 cpu->midr = 0x410fc240; /* r0p0 */
 cpu->pmsav7_dregion = 8;
+cpu->id_pfr0 = 0x0030;
+cpu->id_pfr1 = 0x0200;
+cpu->id_dfr0 = 0x0010;
+cpu->id_afr0 = 0x;
+cpu->id_mmfr0 = 0x0030;
+cpu->id_mmfr1 = 0x;
+cpu->id_mmfr2 = 0x;
+cpu->id_mmfr3 = 0x;
+cpu->id_isar0 = 0x01141110;
+cpu->id_isar1 = 0x02111000;
+cpu->id_isar2 = 0x21112231;
+cpu->id_isar3 = 0x0110;
+cpu->id_isar4 = 0x01310102;
+cpu->id_isar5 = 0x;
 }
 
 static void arm_v7m_class_init(ObjectClass *oc, void *data)
-- 
2.16.1

[Qemu-devel] [PULL 12/21] hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling

[Peter Maydell]

The PENDNMISET/CLR bits in the ICSR should be RAZ/WI from
NonSecure state if the AIRCR.BFHFNMINS bit is zero. We had
misimplemented this as making the bits RAZ/WI from both
Secure and NonSecure states. Fix this bug by checking
attrs.secure so that Secure code can pend and unpend NMIs.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Message-id: 20180209165810.6668-3-peter.mayd...@linaro.org
---
 hw/intc/armv7m_nvic.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 63da0fee34..06b9598fbe 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -830,8 +830,8 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, 
MemTxAttrs attrs)
 }
 }
 /* NMIPENDSET */
-if ((cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) &&
-s->vectors[ARMV7M_EXCP_NMI].pending) {
+if ((attrs.secure || (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK))
+&& s->vectors[ARMV7M_EXCP_NMI].pending) {
 val |= (1 << 31);
 }
 /* ISRPREEMPT: RES0 when halting debug not implemented */
@@ -1193,7 +1193,7 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 break;
 }
 case 0xd04: /* Interrupt Control State (ICSR) */
-if (cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
+if (attrs.secure || cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK) {
 if (value & (1 << 31)) {
 armv7m_nvic_set_pending(s, ARMV7M_EXCP_NMI, false);
 } else if (value & (1 << 30) &&
-- 
2.16.1

[Qemu-devel] [PULL 06/21] target/arm: Remove ARM_CP_64BIT from ZCR_EL registers

[Peter Maydell]

From: Richard Henderson 

Because they are ARM_CP_STATE_AA64, ARM_CP_64BIT is implied.

Signed-off-by: Richard Henderson 
Message-id: 20180211205848.4568-2-richard.hender...@linaro.org
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 180ab75458..4b102ec356 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -4357,7 +4357,7 @@ static void zcr_write(CPUARMState *env, const 
ARMCPRegInfo *ri,
 static const ARMCPRegInfo zcr_el1_reginfo = {
 .name = "ZCR_EL1", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL1_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
+.access = PL1_RW, .accessfn = zcr_access,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[1]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
@@ -4365,7 +4365,7 @@ static const ARMCPRegInfo zcr_el1_reginfo = {
 static const ARMCPRegInfo zcr_el2_reginfo = {
 .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL2_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
+.access = PL2_RW, .accessfn = zcr_access,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[2]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
@@ -4373,14 +4373,14 @@ static const ARMCPRegInfo zcr_el2_reginfo = {
 static const ARMCPRegInfo zcr_no_el2_reginfo = {
 .name = "ZCR_EL2", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL2_RW, .type = ARM_CP_64BIT,
+.access = PL2_RW,
 .readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore
 };
 
 static const ARMCPRegInfo zcr_el3_reginfo = {
 .name = "ZCR_EL3", .state = ARM_CP_STATE_AA64,
 .opc0 = 3, .opc1 = 6, .crn = 1, .crm = 2, .opc2 = 0,
-.access = PL3_RW, .accessfn = zcr_access, .type = ARM_CP_64BIT,
+.access = PL3_RW, .accessfn = zcr_access,
 .fieldoffset = offsetof(CPUARMState, vfp.zcr_el[3]),
 .writefn = zcr_write, .raw_writefn = raw_write
 };
-- 
2.16.1

[Qemu-devel] [PULL 00/21] target-arm queue

[Peter Maydell]

target-arm queue: mostly just cleanup/minor stuff, but this does
include the raspi3 board model.

-- PMM

The following changes since commit 9f9c53368b219a9115eddb39f0ff5ad19c977134:

  Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-2.12-pull-request' 
into staging (2018-02-15 10:14:11 +)

are available in the Git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20180215

for you to fetch changes up to e545f0f9be1f9e60951017c1e6558216732cc14e:

  target/arm: Implement v8M MSPLIM and PSPLIM registers (2018-02-15 13:48:11 
+)


target-arm queue:
 * aspeed: code cleanup to use unimplemented_device
 * add 'raspi3' RaspberryPi 3 machine model
 * more SVE prep work
 * v8M: add minor missing registers
 * v7M: fix bug where we weren't migrating v7m.other_sp
 * v7M: fix bugs in handling of interrupt registers for
   external interrupts beyond 32


Pekka Enberg (3):
  bcm2836: Make CPU type configurable
  raspi: Raspberry Pi 3 support
  raspi: Add "raspi3" machine type

Peter Maydell (11):
  hw/intc/armv7m_nvic: Don't hardcode M profile ID registers in NVIC
  hw/intc/armv7m_nvic: Fix ICSR PENDNMISET/CLR handling
  hw/intc/armv7m_nvic: Implement M profile cache maintenance ops
  hw/intc/armv7m_nvic: Implement v8M CPPWR register
  hw/intc/armv7m_nvic: Implement cache ID registers
  hw/intc/armv7m_nvic: Implement SCR
  target/arm: Implement writing to CONTROL_NS for v8M
  hw/intc/armv7m_nvic: Fix byte-to-interrupt number conversions
  target/arm: Add AIRCR to vmstate struct
  target/arm: Migrate v7m.other_sp
  target/arm: Implement v8M MSPLIM and PSPLIM registers

Philippe Mathieu-Daudé (2):
  hw/arm/aspeed: directly map the serial device to the system address space
  hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io

Richard Henderson (5):
  target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
  target/arm: Enforce FP access to FPCR/FPSR
  target/arm: Suppress TB end for FPCR/FPSR
  target/arm: Enforce access to ZCR_EL at translation
  target/arm: Handle SVE registers when using clear_vec_high

 include/hw/arm/aspeed_soc.h |   1 -
 include/hw/arm/bcm2836.h|   1 +
 target/arm/cpu.h|  71 -
 target/arm/internals.h  |   6 ++
 hw/arm/aspeed_soc.c |  35 ++---
 hw/arm/bcm2836.c|  17 +++--
 hw/arm/raspi.c  |  57 +++---
 hw/intc/armv7m_nvic.c   |  98 ++--
 target/arm/cpu.c|  28 +++
 target/arm/helper.c |  84 +++-
 target/arm/machine.c|  84 
 target/arm/translate-a64.c  | 181 
 12 files changed, 452 insertions(+), 211 deletions(-)

[Qemu-devel] [PATCH 4/9] block/nbd-client: save first fatal error in nbd_iter_error

[Vladimir Sementsov-Ogievskiy]

It is ok, that fatal error hides previous not fatal, but hiding
first fatal error is a bad feature.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/nbd-client.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/block/nbd-client.c b/block/nbd-client.c
index 9206652e45..b1cbe95b13 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -481,6 +481,7 @@ static coroutine_fn int nbd_co_receive_one_chunk(
 
 typedef struct NBDReplyChunkIter {
 int ret;
+bool fatal;
 Error *err;
 bool done, only_structured;
 } NBDReplyChunkIter;
@@ -490,11 +491,12 @@ static void nbd_iter_error(NBDReplyChunkIter *iter, bool 
fatal,
 {
 assert(ret < 0);
 
-if (fatal || iter->ret == 0) {
+if ((fatal && !iter->fatal) || iter->ret == 0) {
 if (iter->ret != 0) {
 error_free(iter->err);
 iter->err = NULL;
 }
+iter->fatal = fatal;
 iter->ret = ret;
 error_propagate(>err, *local_err);
 } else {
-- 
2.11.1

[Qemu-devel] [PULL 05/21] raspi: Add "raspi3" machine type

[Peter Maydell]

From: Pekka Enberg 

This patch adds a "raspi3" machine type, which can now be selected as
the machine to run on by users via the "-M" command line option to QEMU.

The machine type does *not* ignore memory transaction failures so we
likely need to add some dummy devices later when people run something
more complicated than what I'm using for testing.

Signed-off-by: Pekka Enberg 
[PMM: added #ifdef TARGET_AARCH64 so we don't provide the 64-bit
 board in the 32-bit only arm-softmmu build.]
Reviewed-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Peter Maydell 
---
 hw/arm/raspi.c | 23 +++
 1 file changed, 23 insertions(+)

diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
index 93121c56bf..a37881433c 100644
--- a/hw/arm/raspi.c
+++ b/hw/arm/raspi.c
@@ -187,3 +187,26 @@ static void raspi2_machine_init(MachineClass *mc)
 mc->ignore_memory_transaction_failures = true;
 };
 DEFINE_MACHINE("raspi2", raspi2_machine_init)
+
+#ifdef TARGET_AARCH64
+static void raspi3_init(MachineState *machine)
+{
+raspi_init(machine, 3);
+}
+
+static void raspi3_machine_init(MachineClass *mc)
+{
+mc->desc = "Raspberry Pi 3";
+mc->init = raspi3_init;
+mc->block_default_type = IF_SD;
+mc->no_parallel = 1;
+mc->no_floppy = 1;
+mc->no_cdrom = 1;
+mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
+mc->max_cpus = BCM2836_NCPUS;
+mc->min_cpus = BCM2836_NCPUS;
+mc->default_cpus = BCM2836_NCPUS;
+mc->default_ram_size = 1024 * 1024 * 1024;
+}
+DEFINE_MACHINE("raspi3", raspi3_machine_init)
+#endif
-- 
2.16.1

[Qemu-devel] [PATCH 9/9] iotests: new test 206 for NBD BLOCK_STATUS

[Vladimir Sementsov-Ogievskiy]

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/206 | 34 ++
 tests/qemu-iotests/206.out |  2 ++
 tests/qemu-iotests/group   |  1 +
 3 files changed, 37 insertions(+)
 create mode 100644 tests/qemu-iotests/206
 create mode 100644 tests/qemu-iotests/206.out

diff --git a/tests/qemu-iotests/206 b/tests/qemu-iotests/206
new file mode 100644
index 00..259e991ec6
--- /dev/null
+++ b/tests/qemu-iotests/206
@@ -0,0 +1,34 @@
+#!/usr/bin/env python
+#
+# Tests for NBD BLOCK_STATUS extension
+#
+# Copyright (c) 2018 Virtuozzo International GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import iotests
+from iotests import qemu_img_create, qemu_io, qemu_img_verbose, qemu_nbd, \
+file_path
+
+iotests.verify_image_format(supported_fmts=['qcow2'])
+
+disk, nbd_sock = file_path('disk', 'nbd-sock')
+nbd_uri = 'nbd+unix:///exp?socket=' + nbd_sock
+
+qemu_img_create('-f', iotests.imgfmt, disk, '1M')
+qemu_io('-f', iotests.imgfmt, '-c', 'write 0 512K', disk)
+
+qemu_nbd('-k', nbd_sock, '-x', 'exp', '-f', iotests.imgfmt, disk)
+qemu_img_verbose('map', '-f', 'raw', '--output=json', nbd_uri)
diff --git a/tests/qemu-iotests/206.out b/tests/qemu-iotests/206.out
new file mode 100644
index 00..0d29724e84
--- /dev/null
+++ b/tests/qemu-iotests/206.out
@@ -0,0 +1,2 @@
+[{ "start": 0, "length": 524288, "depth": 0, "zero": false, "data": true},
+{ "start": 524288, "length": 524288, "depth": 0, "zero": true, "data": false}]
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index a2dfe79d86..2c3925566a 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -202,3 +202,4 @@
 203 rw auto
 204 rw auto quick
 205 rw auto quick
+206 rw auto quick
-- 
2.11.1

[Qemu-devel] [PATCH 5/9] nbd/client: fix error messages in nbd_handle_reply_err

[Vladimir Sementsov-Ogievskiy]

1. NBD_REP_ERR_INVALID is not only about length, so, make message more
   general

2. hex format is not very good: it's hard to read something like
   "option a (set meta context)", so switch to dec.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 nbd/client.c | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/nbd/client.c b/nbd/client.c
index 89f80f9590..1f730341c0 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -180,22 +180,22 @@ static int nbd_handle_reply_err(QIOChannel *ioc, 
NBDOptionReply *reply,
 goto cleanup;
 
 case NBD_REP_ERR_POLICY:
-error_setg(errp, "Denied by server for option %" PRIx32 " (%s)",
+error_setg(errp, "Denied by server for option %" PRIu32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
 break;
 
 case NBD_REP_ERR_INVALID:
-error_setg(errp, "Invalid data length for option %" PRIx32 " (%s)",
+error_setg(errp, "Invalid parameters for option %" PRIu32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
 break;
 
 case NBD_REP_ERR_PLATFORM:
-error_setg(errp, "Server lacks support for option %" PRIx32 " (%s)",
+error_setg(errp, "Server lacks support for option %" PRIu32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
 break;
 
 case NBD_REP_ERR_TLS_REQD:
-error_setg(errp, "TLS negotiation required before option %" PRIx32
+error_setg(errp, "TLS negotiation required before option %" PRIu32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
 break;
 
@@ -204,17 +204,17 @@ static int nbd_handle_reply_err(QIOChannel *ioc, 
NBDOptionReply *reply,
 break;
 
 case NBD_REP_ERR_SHUTDOWN:
-error_setg(errp, "Server shutting down before option %" PRIx32 " (%s)",
+error_setg(errp, "Server shutting down before option %" PRIu32 " (%s)",
reply->option, nbd_opt_lookup(reply->option));
 break;
 
 case NBD_REP_ERR_BLOCK_SIZE_REQD:
-error_setg(errp, "Server requires INFO_BLOCK_SIZE for option %" PRIx32
+error_setg(errp, "Server requires INFO_BLOCK_SIZE for option %" PRIu32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
 break;
 
 default:
-error_setg(errp, "Unknown error code when asking for option %" PRIx32
+error_setg(errp, "Unknown error code when asking for option %" PRIu32
" (%s)", reply->option, nbd_opt_lookup(reply->option));
 break;
 }
-- 
2.11.1

[Qemu-devel] [PATCH 7/9] iotests.py: tiny refactor: move system imports up

[Vladimir Sementsov-Ogievskiy]

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 tests/qemu-iotests/iotests.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 1bcc9ca57d..c1302a2f9b 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -23,13 +23,14 @@ import subprocess
 import string
 import unittest
 import sys
-sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'scripts'))
-import qtest
 import struct
 import json
 import signal
 import logging
 
+sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'scripts'))
+import qtest
+
 
 # This will not work if arguments contain spaces but is necessary if we
 # want to support the override options that ./check supports.
-- 
2.11.1

[Qemu-devel] [PULL 14/21] hw/intc/armv7m_nvic: Implement v8M CPPWR register

[Peter Maydell]

The Coprocessor Power Control Register (CPPWR) is new in v8M.
It allows software to control whether coprocessors are allowed
to power down and lose their state. QEMU doesn't have any
notion of power control, so we choose the IMPDEF option of
making the whole register RAZ/WI (indicating that no coprocessors
can ever power down and lose state).

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Message-id: 20180209165810.6668-5-peter.mayd...@linaro.org
---
 hw/intc/armv7m_nvic.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 74b25ce92c..eb49fd77c7 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -776,6 +776,14 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, 
MemTxAttrs attrs)
 switch (offset) {
 case 4: /* Interrupt Control Type.  */
 return ((s->num_irq - NVIC_FIRST_IRQ) / 32) - 1;
+case 0xc: /* CPPWR */
+if (!arm_feature(>env, ARM_FEATURE_V8)) {
+goto bad_offset;
+}
+/* We make the IMPDEF choice that nothing can ever go into a
+ * non-retentive power state, which allows us to RAZ/WI this.
+ */
+return 0;
 case 0x380 ... 0x3bf: /* NVIC_ITNS */
 {
 int startvec = 8 * (offset - 0x380) + NVIC_FIRST_IRQ;
@@ -1175,6 +1183,12 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 ARMCPU *cpu = s->cpu;
 
 switch (offset) {
+case 0xc: /* CPPWR */
+if (!arm_feature(>env, ARM_FEATURE_V8)) {
+goto bad_offset;
+}
+/* Make the IMPDEF choice to RAZ/WI this. */
+break;
 case 0x380 ... 0x3bf: /* NVIC_ITNS */
 {
 int startvec = 8 * (offset - 0x380) + NVIC_FIRST_IRQ;
-- 
2.16.1

[Qemu-devel] [PATCH 6/9] nbd: BLOCK_STATUS for standard get_block_status function: client part

[Vladimir Sementsov-Ogievskiy]

Minimal realization: only one extent in server answer is supported.
Flag NBD_CMD_FLAG_REQ_ONE is used to force this behavior.

Tests 140, 147 and 205 are fixed due to now server failed on searching
export in context of NBD_OPT_SET_META_CONTEXT option negotiation.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 block/nbd-client.h |   5 ++
 include/block/nbd.h|   3 +
 block/nbd-client.c | 139 +
 block/nbd.c|   3 +
 nbd/client.c   | 114 +
 tests/qemu-iotests/140.out |   2 +-
 tests/qemu-iotests/143.out |   2 +-
 tests/qemu-iotests/205 |   3 +-
 8 files changed, 268 insertions(+), 3 deletions(-)

diff --git a/block/nbd-client.h b/block/nbd-client.h
index 612c4c21a0..ca0cc141c0 100644
--- a/block/nbd-client.h
+++ b/block/nbd-client.h
@@ -61,4 +61,9 @@ void nbd_client_detach_aio_context(BlockDriverState *bs);
 void nbd_client_attach_aio_context(BlockDriverState *bs,
AioContext *new_context);
 
+int64_t coroutine_fn nbd_client_co_get_block_status(BlockDriverState *bs,
+int64_t sector_num,
+int nb_sectors, int *pnum,
+BlockDriverState **file);
+
 #endif /* NBD_CLIENT_H */
diff --git a/include/block/nbd.h b/include/block/nbd.h
index b16215d17a..baf12e5428 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -262,6 +262,7 @@ struct NBDExportInfo {
 /* In-out fields, set by client before nbd_receive_negotiate() and
  * updated by server results during nbd_receive_negotiate() */
 bool structured_reply;
+bool base_allocation; /* base:allocation context for NBD_CMD_BLOCK_STATUS 
*/
 
 /* Set by server results during nbd_receive_negotiate() */
 uint64_t size;
@@ -269,6 +270,8 @@ struct NBDExportInfo {
 uint32_t min_block;
 uint32_t opt_block;
 uint32_t max_block;
+
+uint32_t meta_base_allocation_id;
 };
 typedef struct NBDExportInfo NBDExportInfo;
 
diff --git a/block/nbd-client.c b/block/nbd-client.c
index b1cbe95b13..a80d69d3cd 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -228,6 +228,45 @@ static int 
nbd_parse_offset_hole_payload(NBDStructuredReplyChunk *chunk,
 return 0;
 }
 
+/* nbd_parse_blockstatus_payload
+ * support only one extent in reply and only for
+ * base:allocation context
+ */
+static int nbd_parse_blockstatus_payload(NBDClientSession *client,
+ NBDStructuredReplyChunk *chunk,
+ uint8_t *payload, uint64_t 
orig_length,
+ NBDExtent *extent, Error **errp)
+{
+uint32_t context_id;
+
+if (chunk->length != sizeof(context_id) + sizeof(extent)) {
+error_setg(errp, "Protocol error: invalid payload for "
+ "NBD_REPLY_TYPE_BLOCK_STATUS");
+return -EINVAL;
+}
+
+context_id = payload_advance32();
+if (client->info.meta_base_allocation_id != context_id) {
+error_setg(errp, "Protocol error: unexpected context id: %d for "
+ "NBD_REPLY_TYPE_BLOCK_STATUS, when negotiated context 
"
+ "id is %d", context_id,
+ client->info.meta_base_allocation_id);
+return -EINVAL;
+}
+
+memcpy(extent, payload, sizeof(*extent));
+be32_to_cpus(>length);
+be32_to_cpus(>flags);
+
+if (extent->length > orig_length) {
+error_setg(errp, "Protocol error: server sent chunk exceeding 
requested"
+ " region");
+return -EINVAL;
+}
+
+return 0;
+}
+
 /* nbd_parse_error_payload
  * on success @errp contains message describing nbd error reply
  */
@@ -642,6 +681,61 @@ static int nbd_co_receive_cmdread_reply(NBDClientSession 
*s, uint64_t handle,
 return iter.ret;
 }
 
+static int nbd_co_receive_blockstatus_reply(NBDClientSession *s,
+uint64_t handle, uint64_t length,
+NBDExtent *extent, Error **errp)
+{
+NBDReplyChunkIter iter;
+NBDReply reply;
+void *payload = NULL;
+Error *local_err = NULL;
+bool received = false;
+
+NBD_FOREACH_REPLY_CHUNK(s, iter, handle, s->info.structured_reply,
+NULL, , )
+{
+int ret;
+NBDStructuredReplyChunk *chunk = 
+
+assert(nbd_reply_is_structured());
+
+switch (chunk->type) {
+case NBD_REPLY_TYPE_BLOCK_STATUS:
+if (received) {
+s->quit = true;
+error_setg(_err, "Several BLOCK_STATUS chunks in reply");
+nbd_iter_error(, true, -EINVAL, _err);
+}
+received = true;
+
+ret = 

[Qemu-devel] [PATCH 2/9] nbd: change indenting in nbd.h

[Vladimir Sementsov-Ogievskiy]

Prepared indenting for the following patch.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/nbd.h | 22 +++---
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index fc50003003..ef1698914b 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -128,21 +128,21 @@ typedef struct NBDStructuredError {
 #define NBD_FLAG_C_NO_ZEROES  (1 << 1) /* End handshake without zeroes. */
 
 /* Option requests. */
-#define NBD_OPT_EXPORT_NAME  (1)
-#define NBD_OPT_ABORT(2)
-#define NBD_OPT_LIST (3)
-/* #define NBD_OPT_PEEK_EXPORT   (4) not in use */
-#define NBD_OPT_STARTTLS (5)
-#define NBD_OPT_INFO (6)
-#define NBD_OPT_GO   (7)
-#define NBD_OPT_STRUCTURED_REPLY (8)
+#define NBD_OPT_EXPORT_NAME   (1)
+#define NBD_OPT_ABORT (2)
+#define NBD_OPT_LIST  (3)
+/* #define NBD_OPT_PEEK_EXPORT(4) not in use */
+#define NBD_OPT_STARTTLS  (5)
+#define NBD_OPT_INFO  (6)
+#define NBD_OPT_GO(7)
+#define NBD_OPT_STRUCTURED_REPLY  (8)
 
 /* Option reply types. */
 #define NBD_REP_ERR(value) ((UINT32_C(1) << 31) | (value))
 
-#define NBD_REP_ACK (1) /* Data sending finished. */
-#define NBD_REP_SERVER  (2) /* Export description. */
-#define NBD_REP_INFO(3) /* NBD_OPT_INFO/GO. */
+#define NBD_REP_ACK (1)/* Data sending finished. */
+#define NBD_REP_SERVER  (2)/* Export description. */
+#define NBD_REP_INFO(3)/* NBD_OPT_INFO/GO. */
 
 #define NBD_REP_ERR_UNSUP   NBD_REP_ERR(1)  /* Unknown option */
 #define NBD_REP_ERR_POLICY  NBD_REP_ERR(2)  /* Server denied */
-- 
2.11.1

[Qemu-devel] [PATCH 3/9] nbd: BLOCK_STATUS for standard get_block_status function: server part

[Vladimir Sementsov-Ogievskiy]

Minimal realization: only one extent in server answer is supported.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/nbd.h |  33 ++
 nbd/common.c|  10 ++
 nbd/server.c| 310 +++-
 3 files changed, 352 insertions(+), 1 deletion(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index ef1698914b..b16215d17a 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -41,6 +41,12 @@ struct NBDOptionReply {
 } QEMU_PACKED;
 typedef struct NBDOptionReply NBDOptionReply;
 
+typedef struct NBDOptionReplyMetaContext {
+NBDOptionReply h; /* h.type = NBD_REP_META_CONTEXT, h.length > 4 */
+uint32_t context_id;
+/* meta context name follows */
+} QEMU_PACKED NBDOptionReplyMetaContext;
+
 /* Transmission phase structs
  *
  * Note: these are _NOT_ the same as the network representation of an NBD
@@ -105,6 +111,19 @@ typedef struct NBDStructuredError {
 uint16_t message_length;
 } QEMU_PACKED NBDStructuredError;
 
+/* Header of NBD_REPLY_TYPE_BLOCK_STATUS */
+typedef struct NBDStructuredMeta {
+NBDStructuredReplyChunk h; /* h.length >= 12 (at least one extent) */
+uint32_t context_id;
+/* extents follows */
+} QEMU_PACKED NBDStructuredMeta;
+
+/* Extent chunk for NBD_REPLY_TYPE_BLOCK_STATUS */
+typedef struct NBDExtent {
+uint32_t length;
+uint32_t flags; /* NBD_STATE_* */
+} QEMU_PACKED NBDExtent;
+
 /* Transmission (export) flags: sent from server to client during handshake,
but describe what will happen during transmission */
 #define NBD_FLAG_HAS_FLAGS (1 << 0) /* Flags are there */
@@ -136,6 +155,8 @@ typedef struct NBDStructuredError {
 #define NBD_OPT_INFO  (6)
 #define NBD_OPT_GO(7)
 #define NBD_OPT_STRUCTURED_REPLY  (8)
+#define NBD_OPT_LIST_META_CONTEXT (9)
+#define NBD_OPT_SET_META_CONTEXT  (10)
 
 /* Option reply types. */
 #define NBD_REP_ERR(value) ((UINT32_C(1) << 31) | (value))
@@ -143,6 +164,7 @@ typedef struct NBDStructuredError {
 #define NBD_REP_ACK (1)/* Data sending finished. */
 #define NBD_REP_SERVER  (2)/* Export description. */
 #define NBD_REP_INFO(3)/* NBD_OPT_INFO/GO. */
+#define NBD_REP_META_CONTEXT(4)/* NBD_OPT_{LIST,SET}_META_CONTEXT */
 
 #define NBD_REP_ERR_UNSUP   NBD_REP_ERR(1)  /* Unknown option */
 #define NBD_REP_ERR_POLICY  NBD_REP_ERR(2)  /* Server denied */
@@ -163,6 +185,10 @@ typedef struct NBDStructuredError {
 #define NBD_CMD_FLAG_FUA(1 << 0) /* 'force unit access' during write */
 #define NBD_CMD_FLAG_NO_HOLE(1 << 1) /* don't punch hole on zero run */
 #define NBD_CMD_FLAG_DF (1 << 2) /* don't fragment structured read */
+#define NBD_CMD_FLAG_REQ_ONE(1 << 3) /* only one extent in BLOCK_STATUS
+  * reply chunk */
+
+#define NBD_META_ID_BASE_ALLOCATION 0
 
 /* Supported request types */
 enum {
@@ -173,6 +199,7 @@ enum {
 NBD_CMD_TRIM = 4,
 /* 5 reserved for failed experiment NBD_CMD_CACHE */
 NBD_CMD_WRITE_ZEROES = 6,
+NBD_CMD_BLOCK_STATUS = 7,
 };
 
 #define NBD_DEFAULT_PORT   10809
@@ -200,9 +227,15 @@ enum {
 #define NBD_REPLY_TYPE_NONE  0
 #define NBD_REPLY_TYPE_OFFSET_DATA   1
 #define NBD_REPLY_TYPE_OFFSET_HOLE   2
+#define NBD_REPLY_TYPE_BLOCK_STATUS  5
 #define NBD_REPLY_TYPE_ERROR NBD_REPLY_ERR(1)
 #define NBD_REPLY_TYPE_ERROR_OFFSET  NBD_REPLY_ERR(2)
 
+/* Flags for extents (NBDExtent.flags) of NBD_REPLY_TYPE_BLOCK_STATUS,
+ * for base:allocation meta context */
+#define NBD_STATE_HOLE (1 << 0)
+#define NBD_STATE_ZERO (1 << 1)
+
 static inline bool nbd_reply_type_is_error(int type)
 {
 return type & (1 << 15);
diff --git a/nbd/common.c b/nbd/common.c
index 6295526dd1..8c95c1d606 100644
--- a/nbd/common.c
+++ b/nbd/common.c
@@ -75,6 +75,10 @@ const char *nbd_opt_lookup(uint32_t opt)
 return "go";
 case NBD_OPT_STRUCTURED_REPLY:
 return "structured reply";
+case NBD_OPT_LIST_META_CONTEXT:
+return "list meta context";
+case NBD_OPT_SET_META_CONTEXT:
+return "set meta context";
 default:
 return "";
 }
@@ -90,6 +94,8 @@ const char *nbd_rep_lookup(uint32_t rep)
 return "server";
 case NBD_REP_INFO:
 return "info";
+case NBD_REP_META_CONTEXT:
+return "meta context";
 case NBD_REP_ERR_UNSUP:
 return "unsupported";
 case NBD_REP_ERR_POLICY:
@@ -144,6 +150,8 @@ const char *nbd_cmd_lookup(uint16_t cmd)
 return "trim";
 case NBD_CMD_WRITE_ZEROES:
 return "write zeroes";
+case NBD_CMD_BLOCK_STATUS:
+return "block status";
 default:
 return "";
 }
@@ -159,6 +167,8 @@ const char *nbd_reply_type_lookup(uint16_t type)
 return "data";
 case NBD_REPLY_TYPE_OFFSET_HOLE:
 return "hole";
+case NBD_REPLY_TYPE_BLOCK_STATUS:
+return "block 

[Qemu-devel] [PATCH 1/9] nbd/server: add nbd_opt_invalid helper

[Vladimir Sementsov-Ogievskiy]

NBD_REP_ERR_INVALID is often parameter to nbd_opt_drop and it would
be used more in following patches. So, let's add a helper.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
 nbd/server.c | 50 --
 1 file changed, 36 insertions(+), 14 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index 112e3f69df..b9860a6dcf 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -218,22 +218,46 @@ nbd_negotiate_send_rep_err(NBDClient *client, uint32_t 
type,
 /* Drop remainder of the current option, and send a reply with the
  * given error type and message. Return -errno on read or write
  * failure; or 0 if connection is still live. */
-static int GCC_FMT_ATTR(4, 5)
-nbd_opt_drop(NBDClient *client, uint32_t type, Error **errp,
- const char *fmt, ...)
+static int GCC_FMT_ATTR(4, 0)
+nbd_opt_vdrop(NBDClient *client, uint32_t type, Error **errp,
+  const char *fmt, va_list va)
 {
 int ret = nbd_drop(client->ioc, client->optlen, errp);
-va_list va;
 
 client->optlen = 0;
 if (!ret) {
-va_start(va, fmt);
 ret = nbd_negotiate_send_rep_verr(client, type, errp, fmt, va);
-va_end(va);
 }
 return ret;
 }
 
+static int GCC_FMT_ATTR(4, 5)
+nbd_opt_drop(NBDClient *client, uint32_t type, Error **errp,
+ const char *fmt, ...)
+{
+int ret;
+va_list va;
+
+va_start(va, fmt);
+ret = nbd_opt_vdrop(client, type, errp, fmt, va);
+va_end(va);
+
+return ret;
+}
+
+static int GCC_FMT_ATTR(3, 4)
+nbd_opt_invalid(NBDClient *client, Error **errp, const char *fmt, ...)
+{
+int ret;
+va_list va;
+
+va_start(va, fmt);
+ret = nbd_opt_vdrop(client, NBD_REP_ERR_INVALID, errp, fmt, va);
+va_end(va);
+
+return ret;
+}
+
 /* Read size bytes from the unparsed payload of the current option.
  * Return -errno on I/O error, 0 if option was completely handled by
  * sending a reply about inconsistent lengths, or 1 on success. */
@@ -241,9 +265,9 @@ static int nbd_opt_read(NBDClient *client, void *buffer, 
size_t size,
 Error **errp)
 {
 if (size > client->optlen) {
-return nbd_opt_drop(client, NBD_REP_ERR_INVALID, errp,
-"Inconsistent lengths in option %s",
-nbd_opt_lookup(client->opt));
+return nbd_opt_invalid(client, errp,
+   "Inconsistent lengths in option %s",
+   nbd_opt_lookup(client->opt));
 }
 client->optlen -= size;
 return qio_channel_read_all(client->ioc, buffer, size, errp) < 0 ? -EIO : 
1;
@@ -398,9 +422,8 @@ static int nbd_reject_length(NBDClient *client, bool fatal, 
Error **errp)
 int ret;
 
 assert(client->optlen);
-ret = nbd_opt_drop(client, NBD_REP_ERR_INVALID, errp,
-   "option '%s' has unexpected length",
-   nbd_opt_lookup(client->opt));
+ret = nbd_opt_invalid(client, errp, "option '%s' has unexpected length",
+  nbd_opt_lookup(client->opt));
 if (fatal && !ret) {
 error_setg(errp, "option '%s' has unexpected length",
nbd_opt_lookup(client->opt));
@@ -438,8 +461,7 @@ static int nbd_negotiate_handle_info(NBDClient *client, 
uint16_t myflags,
 }
 be32_to_cpus();
 if (namelen >= sizeof(name)) {
-return nbd_opt_drop(client, NBD_REP_ERR_INVALID, errp,
-"name too long for qemu");
+return nbd_opt_invalid(client, errp, "name too long for qemu");
 }
 rc = nbd_opt_read(client, name, namelen, errp);
 if (rc <= 0) {
-- 
2.11.1

[Qemu-devel] [PATCH 0/9] nbd block status base:allocation

[Vladimir Sementsov-Ogievskiy]

Hi all.

Here is minimal realization of base:allocation context of NBD
block-status extension, which allows to get block status through
NBD.

Vladimir Sementsov-Ogievskiy (9):
  nbd/server: add nbd_opt_invalid helper
  nbd: change indenting in nbd.h
  nbd: BLOCK_STATUS for standard get_block_status function: server part
  block/nbd-client: save first fatal error in nbd_iter_error
  nbd/client: fix error messages in nbd_handle_reply_err
  nbd: BLOCK_STATUS for standard get_block_status function: client part
  iotests.py: tiny refactor: move system imports up
  iotests: add file_path helper
  iotests: new test 206 for NBD BLOCK_STATUS

 block/nbd-client.h|   5 +
 include/block/nbd.h   |  58 +--
 block/nbd-client.c| 143 -
 block/nbd.c   |   3 +
 nbd/client.c  | 128 ++-
 nbd/common.c  |  10 ++
 nbd/server.c  | 360 --
 tests/qemu-iotests/140.out|   2 +-
 tests/qemu-iotests/143.out|   2 +-
 tests/qemu-iotests/205|   3 +-
 tests/qemu-iotests/206|  34 
 tests/qemu-iotests/206.out|   2 +
 tests/qemu-iotests/group  |   1 +
 tests/qemu-iotests/iotests.py |  37 -
 14 files changed, 749 insertions(+), 39 deletions(-)
 create mode 100644 tests/qemu-iotests/206
 create mode 100644 tests/qemu-iotests/206.out

-- 
2.11.1

Re: [Qemu-devel] [PATCH v4 3/4] linux-user, m68k: select CPU according to ELF header values

[Laurent Vivier]

Le 24/01/2018 à 22:13, Laurent Vivier a écrit :
> M680x0 doesn't support the same set of instructions
> as ColdFire, so we can't use "any" CPU type to execute
> m68020 instructions.
> We select CPU type ("m68040" or "any" for ColdFire)
> according to the ELF header. If we can't, we
> use by default the value used until now: "any".
> 
> Signed-off-by: Laurent Vivier 
> Reviewed-by: Richard Henderson 
> ---
>  include/elf.h| 28 
>  linux-user/m68k/target_elf.h |  6 ++
>  2 files changed, 34 insertions(+)

Applied to my 'linux-user-for-2.12' branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v4 2/4] linux-user: introduce functions to detect CPU type

[Laurent Vivier]

Le 24/01/2018 à 22:12, Laurent Vivier a écrit :
> From: YunQiang Su 
> 
> Add a function to return ELF e_flags and use it
> to select the CPU model.
> 
> Signed-off-by: YunQiang Su 
> [lv: split the patch and some cleanup in get_elf_eflags()]
> Signed-off-by: Laurent Vivier 
> Reviewed-by: Richard Henderson 
> ---
>  linux-user/elfload.c | 35 +++
>  linux-user/main.c| 20 ++--
>  linux-user/qemu.h|  1 +
>  3 files changed, 46 insertions(+), 10 deletions(-)
> 

Applied to my 'linux-user-for-2.12' branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v4 1/4] linux-user: Move CPU type name selection to a function

[Laurent Vivier]

Le 24/01/2018 à 22:12, Laurent Vivier a écrit :
> Instead of a sequence of "#if ... #endif" move the
> selection to a function in linux-user/*/target_elf.h
> 
> We can't add them in linux-user/*/target_cpu.h
> because we will need to include "elf.h" to
> use ELF flags with eflags, and including
> "elf.h" in "target_cpu.h" introduces some
> conflicts in elfload.c
> 
> Suggested-by: Richard Henderson 
> Signed-off-by: Laurent Vivier 
> Reviewed-by: Richard Henderson 
> Reviewed-by: Philippe Mathieu-Daudé 
> ---
>  linux-user/aarch64/target_elf.h| 14 +
>  linux-user/alpha/target_elf.h  | 14 +
>  linux-user/arm/target_elf.h| 14 +
>  linux-user/cris/target_elf.h   | 14 +
>  linux-user/hppa/target_elf.h   | 14 +
>  linux-user/i386/target_elf.h   | 14 +
>  linux-user/m68k/target_elf.h   | 14 +
>  linux-user/main.c  | 41 
> ++
>  linux-user/microblaze/target_elf.h | 14 +
>  linux-user/mips/target_elf.h   | 14 +
>  linux-user/mips64/target_elf.h | 14 +
>  linux-user/nios2/target_elf.h  | 14 +
>  linux-user/openrisc/target_elf.h   | 14 +
>  linux-user/ppc/target_elf.h| 18 +
>  linux-user/s390x/target_elf.h  | 14 +
>  linux-user/sh4/target_elf.h| 14 +
>  linux-user/sparc/target_elf.h  | 14 +
>  linux-user/sparc64/target_elf.h| 14 +
>  linux-user/tilegx/target_elf.h | 14 +
>  linux-user/unicore32/target_elf.h  | 14 +
>  linux-user/x86_64/target_elf.h | 14 +
>  21 files changed, 286 insertions(+), 39 deletions(-)
>  create mode 100644 linux-user/aarch64/target_elf.h
>  create mode 100644 linux-user/alpha/target_elf.h
>  create mode 100644 linux-user/arm/target_elf.h
>  create mode 100644 linux-user/cris/target_elf.h
>  create mode 100644 linux-user/hppa/target_elf.h
>  create mode 100644 linux-user/i386/target_elf.h
>  create mode 100644 linux-user/m68k/target_elf.h
>  create mode 100644 linux-user/microblaze/target_elf.h
>  create mode 100644 linux-user/mips/target_elf.h
>  create mode 100644 linux-user/mips64/target_elf.h
>  create mode 100644 linux-user/nios2/target_elf.h
>  create mode 100644 linux-user/openrisc/target_elf.h
>  create mode 100644 linux-user/ppc/target_elf.h
>  create mode 100644 linux-user/s390x/target_elf.h
>  create mode 100644 linux-user/sh4/target_elf.h
>  create mode 100644 linux-user/sparc/target_elf.h
>  create mode 100644 linux-user/sparc64/target_elf.h
>  create mode 100644 linux-user/tilegx/target_elf.h
>  create mode 100644 linux-user/unicore32/target_elf.h
>  create mode 100644 linux-user/x86_64/target_elf.h
> 

Applied to my 'linux-user-for-2.12' branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v4 4/4] linux-user: MIPS set cpu to r6 CPU if binary is R6

[Laurent Vivier]

Le 24/01/2018 à 22:13, Laurent Vivier a écrit :
> From: YunQiang Su 
> 
> So here we need to detect the version of binaries and set
> cpu_model for it.
> 
> Signed-off-by: YunQiang Su 
> [lv: original patch modified to move code into cpu_get_model()]
> Signed-off-by: Laurent Vivier 
> Reviewed-by: Richard Henderson 
> ---
>  include/elf.h  | 4 
>  linux-user/mips/target_elf.h   | 3 +++
>  linux-user/mips64/target_elf.h | 3 +++
>  3 files changed, 10 insertions(+)
> 

Applied to my 'linux-user-for-2.12' branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH] linux-user: Remove THREAD macro

[Laurent Vivier]

Le 13/02/2018 à 14:22, Peter Maydell a écrit :
> Back when we used to support compiling either with or without
> NPTL threading library support, we used a macro THREAD which would
> expand either to nothing (no thread support) or to __thread (threads
> supported). For a long time now we have required thread support,
> so remove the macro and just use __thread directly as other parts
> of QEMU do.
> 
> Signed-off-by: Peter Maydell 
> ---
>  linux-user/qemu.h | 4 +---
>  linux-user/main.c | 2 +-
>  2 files changed, 2 insertions(+), 4 deletions(-)
> 

Applied to my 'linux-user-for-2.12' branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCHv2] linux-user: Fix sched_getaffinity mask size

[Laurent Vivier]

Le 11/02/2018 à 18:47, Samuel Thibault a écrit :
> We properly computed the capped mask size to be put to the application
> buffer, but didn't actually used it. Also, we need to return the capped mask
> size instead of 0 on success.
> 
> Signed-off-by: Samuel Thibault 
> 
> ---
> Difference from v1:
> - simplify fix
> ---
>  linux-user/syscall.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 82b35a6bdf..bcda3362fc 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -10493,7 +10493,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>  ret = arg2;
>  }
>  
> -ret = host_to_target_cpu_mask(mask, mask_size, arg3, arg2);
> +if (host_to_target_cpu_mask(mask, mask_size, arg3, ret)) {
> +goto efault;
> +}
>  }
>  }
>  break;
> 

Applied to my 'linux-user-for-2.12' branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH] tests: add test for TPM TIS device

[Stefan Berger]

On 02/15/2018 07:35 AM, Marc-André Lureau wrote:

+#define DPRINTF_STS \
>+DPRINTF("%s: %d: sts = 0x%08x\n", __func__, __LINE__, sts)
>+
>+typedef struct TestState {
>+CompatGMutex data_mutex;
>+CompatGCond data_cond;
>+SocketAddress *addr;
>+QIOChannel *tpm_ioc;
>+GThread *emu_tpm_thread;
>+struct tpm_hdr *tpm_msg;
>+} TestState;

We could avoid code duplication. What about adding a tests/tpm-emu.c/h ?


ok, let me give that a try.

Re: [Qemu-devel] [Xen-devel] [PATCH 30/30] xen: use the BYTE-based definitions

[Alan Robinson]

Hi Philippe,

On Thu, Feb 15, 2018 at 09:23:52AM -0300, Philippe Mathieu-Daudé wrote:
> 
> Can I add your R-b tag once fixed? Respin will be:
> 
> +xenstore_write_int(dom, "memory/target", ram_size / K_BYTE);
> +xenstore_write_int(vm, "memory", ram_size / M_BYTE);
> +xenstore_write_int(vm, "maxmem", ram_size / M_BYTE);
> 
Yes - Alan


smime.p7s
Description: S/MIME cryptographic signature

Re: [Qemu-devel] [PATCH v2 7/7] linux-user: Implement aarch64 PR_SVE_SET/GET_VL

[Peter Maydell]

On 11 February 2018 at 20:58, Richard Henderson
 wrote:
> As an implementation choice, widening VL has zeroed the
> previously inaccessible portion of the sve registers.
>
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/cpu.h |  2 ++
>  linux-user/syscall.c | 20 +
>  target/arm/cpu64.c   | 61 
> 
>  3 files changed, 83 insertions(+)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 51a3e16275..8e1016cfd6 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -842,6 +842,8 @@ int arm_cpu_write_elf32_note(WriteCoreDumpFunction f, 
> CPUState *cs,
>  #ifdef TARGET_AARCH64
>  int aarch64_cpu_gdb_read_register(CPUState *cpu, uint8_t *buf, int reg);
>  int aarch64_cpu_gdb_write_register(CPUState *cpu, uint8_t *buf, int reg);
> +unsigned aarch64_get_sve_vlen(CPUARMState *env);
> +unsigned aarch64_set_sve_vlen(CPUARMState *env, unsigned vlen);
>  #endif
>
>  target_ulong do_arm_semihosting(CPUARMState *env);
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 82b35a6bdf..4840bf502f 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -10659,6 +10659,26 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>  break;
>  }
>  #endif
> +#ifdef TARGET_AARCH64
> +case 50: /* PR_SVE_SET_VL */

Could you put an
#ifndef PR_SVE_SET_VL
#define PR_SVE_SET_VL 50
#endif
(ditto for PR_SVE_GET_VL) in somewhere suitable rather than using
hard-coded constants, please?

> +/* We cannot support either PR_SVE_SET_VL_ONEXEC
> +   or PR_SVE_VL_INHERIT.  Therefore, anything above
> +   ARM_MAX_VQ results in EINVAL.  */
> +if (!arm_feature(cpu_env, ARM_FEATURE_SVE)
> +|| arg2 > ARM_MAX_VQ * 16 || arg2 & 15) {
> +ret = -TARGET_EINVAL;
> +} else {
> +ret = aarch64_set_sve_vlen(cpu_env, arg2);
> +}
> +break;
> +case 51: /* PR_SVE_GET_VL */
> +if (arm_feature(cpu_env, ARM_FEATURE_SVE)) {
> +ret = aarch64_get_sve_vlen(cpu_env);
> +} else {
> +ret = -TARGET_EINVAL;
> +}

Seems a bit odd to write the if() with the working case first for one
of these and with the error case first for the other.

> +break;
> +#endif /* AARCH64 */
>  case PR_GET_SECCOMP:
>  case PR_SET_SECCOMP:
>  /* Disable seccomp to prevent the target disabling syscalls we
> diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
> index 1c330adc28..6dee78f006 100644
> --- a/target/arm/cpu64.c
> +++ b/target/arm/cpu64.c
> @@ -363,3 +363,64 @@ static void aarch64_cpu_register_types(void)
>  }
>
>  type_init(aarch64_cpu_register_types)
> +
> +/* Return the current cumulative SVE VLEN.  */
> +unsigned aarch64_get_sve_vlen(CPUARMState *env)
> +{
> +return ((env->vfp.zcr_el[1] & 0xf) + 1) * 16;

If this is supposed to also work for system-emulation mode it needs
to look at zcr_el[2] and [3]. If it's user-emulation mode only I
think we should #ifdef it and add a comment so that's clear.
Similarly with _set_. In fact if it's user-emulation only then it
probably belongs in linux-user/arm/ ?

> +}
> +
> +/* Set the cumulative ZCR.EL to VLEN, or the nearest supported value.
> +   Return the new value.  */
> +unsigned aarch64_set_sve_vlen(CPUARMState *env, unsigned vl)
> +{
> +unsigned vq = vl / 16;
> +unsigned old_vq = (env->vfp.zcr_el[1] & 0xf) + 1;
> +
> +if (vq < 1) {
> +vq = 1;
> +} else if (vq > ARM_MAX_VQ) {
> +vq = ARM_MAX_VQ;
> +}
> +env->vfp.zcr_el[1] = vq - 1;
> +
> +/* The manual sez that when SVE is enabled and VL is widened the

"says". "sez" will probably get picked up and fixed next time somebody
runs a spellcheck over the codebase, so we might as well save them the
work.

> + * implementation is allowed to zero the previously inaccessible
> + * portion of the registers.  The corollary to that is that when
> + * SVE is enabled and VL is narrowed we are also allowed to zero
> + * the now inaccessible portion of the registers.
> + *
> + * The intent of this is that no predicate bit beyond VL is ever set.
> + * Which means that some operations on predicate registers themselves
> + * may operate on full uint64_t or even unrolled across the maximum
> + * uint64_t[4].  Performing 4 bits of host arithmetic unconditionally
> + * may well be cheaper than conditionals to restrict to the operation

"restrict the operation" ?

> + * to the relevant portion of a uint16_t[16].
> + *
> + * ??? Need to move this somewhere else, so that it applies to
> + * changes to the real system registers and EL state changes.
> + */
> +if (vq < old_vq) {
> +unsigned i, j;
> +uint64_t pmask;
> +
> +/* 

Re: [Qemu-devel] [PATCH v2 0/7] target/arm: More SVE prep work

[Peter Maydell]

On 11 February 2018 at 20:58, Richard Henderson
 wrote:
> Changes for v2:
> Include signal frames and PR_SVE_SET/GET_VL.
>
>
> Blurb for v1:
> First, we had noted that ARM_CP_64BIT needed to be removed from
> the ZCR_EL registers, but the patch set was applied without
> actually fixing that.
>
> Second, there's an existing bug by which the FPCR/FPSR registers
> are not properly trapped when FP is disabled.  Fix that with a
> translation-time check.
>
> Third, my attempt at using .accessfn for ZCR_EL fails to take
> into account the two different exception syndromes that must be
> raised.  Although they probably aren't as important as FPCR/FPSR,
> handle them at translation time too.
>
> Fourth, when writing to an AdvSIMD register, zero the rest of
> the SVE register.
>
>
> r~
>
>
> Richard Henderson (7):
>   target/arm: Remove ARM_CP_64BIT from ZCR_EL registers
>   target/arm: Enforce FP access to FPCR/FPSR
>   target/arm: Suppress TB end for FPCR/FPSR
>   target/arm: Enforce access to ZCR_EL at translation
>   target/arm: Handle SVE registers when using clear_vec_high
>   linux-user: Support SVE in aarch64 signal frames
>   linux-user: Implement aarch64 PR_SVE_SET/GET_VL

Hi; I've applied patches 1..5 to target-arm.next, and left
review comments for 6 and 7.

thanks
-- PMM

Re: [Qemu-devel] [Xen-devel] [PATCH 30/30] xen: use the BYTE-based definitions

[Alan Robinson]

Hi Philippe,

On Thu, Feb 15, 2018 at 01:29:00AM -0300, Philippe Mathieu-Daudé wrote:
> From: Philippe Mathieu-Daudé 
> Subject: [Xen-devel] [PATCH 30/30] xen: use the BYTE-based definitions
> List-Id: Xen developer discussion 
> 
> It ease code review, unit is explicit.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  hw/block/xen_disk.c|  4 ++--
>  hw/xenpv/xen_domainbuild.c | 10 +-
>  2 files changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
> index f74fcd42d1..557005b5e5 100644
> --- a/hw/block/xen_disk.c
> +++ b/hw/block/xen_disk.c
> @@ -1153,9 +1153,9 @@ static int blk_connect(struct XenDevice *xendev)
>  }
>  
>  xen_pv_printf(xendev, 1, "type \"%s\", fileproto \"%s\", filename 
> \"%s\","
> -  " size %" PRId64 " (%" PRId64 " MB)\n",
> +  " size %" PRId64 " (%llu MB)\n",
>blkdev->type, blkdev->fileproto, blkdev->filename,
> -  blkdev->file_size, blkdev->file_size >> 20);
> +  blkdev->file_size, blkdev->file_size / M_BYTE);
>  
>  /* Fill in number of sector size and number of sectors */
>  xenstore_write_be_int(>xendev, "sector-size", blkdev->file_blk);
> diff --git a/hw/xenpv/xen_domainbuild.c b/hw/xenpv/xen_domainbuild.c
> index 027f76fad1..083fb80ee5 100644
> --- a/hw/xenpv/xen_domainbuild.c
> +++ b/hw/xenpv/xen_domainbuild.c
> @@ -75,9 +75,9 @@ int xenstore_domain_init1(const char *kernel, const char 
> *ramdisk,
>  xenstore_write_str(dom, "vm", vm);
>  
>  /* memory */
> -xenstore_write_int(dom, "memory/target", ram_size >> 10);  // kB
> -xenstore_write_int(vm, "memory", ram_size >> 20);  // MB
> -xenstore_write_int(vm, "maxmem", ram_size >> 20);  // MB
> +xenstore_write_int(dom, "memory/target", ram_size * K_BYTE);
> +xenstore_write_int(vm, "memory", ram_size * M_BYTE);
> +xenstore_write_int(vm, "maxmem", ram_size * M_BYTE);

These changes looks wrong, surely it must be 'ram_size / K_BYTE'...

Alan



smime.p7s
Description: S/MIME cryptographic signature

Re: [Qemu-devel] [Qemu-arm] [PATCH v1 3/3] raspi: Add "raspi3" machine type

[Philippe Mathieu-Daudé]

On 02/15/2018 10:18 AM, Peter Maydell wrote:
> On 15 February 2018 at 13:14, Philippe Mathieu-Daudé  wrote:
>> On 02/15/2018 09:49 AM, Philippe Mathieu-Daudé wrote:
>>> On 02/15/2018 09:39 AM, Peter Maydell wrote:
 On 8 February 2018 at 05:50, Pekka Enberg  wrote:
>>
>> Now I remember why I hesitated with this patch,
>>
>> This part {
>>
> +mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
> +mc->max_cpus = BCM2836_NCPUS;
> +mc->min_cpus = BCM2836_NCPUS;
> +mc->default_cpus = BCM2836_NCPUS;
>>
>> } is the BCM2837 SoC, very similar to the BCM2836.
> 
> Yeah, we had a whole go-around about whether we should have a
> BCM2837 object or just make the BCM2836 object have a configurable
> CPU type. You could argue either way...

Since both SoCs are clocked at the same freq (and we don't model the L2
cache, the only diff) your suggestion (#ifdef TARGET_AARCH64) is the
easiest/cleaner way to go and I'm happy with it :)

A one-line comment would be worthful although.

Regards,

Phil.

Re: [Qemu-devel] [PATCH v3] linux-user: Fix register used for 6th and 7th syscall argument on aarch64

[Laurent Vivier]

Le 02/02/2018 à 11:02, Guido Günther a écrit :
> This unbreaks the testcase from
> 
> http://lists.nongnu.org/archive/html/qemu-arm/2018-01/msg00514.html
> 
> Thanks to Laurent Vivier for spotting the 7th one.
> 
> Signed-off-by: Guido Günther 
> Tested-by: Philippe Mathieu-Daudé 
> Suggested-by: Laurent Vivier 
> Reviewed-by: Philippe Mathieu-Daudé 
> Reviewed-by: Richard Henderson 
> ---
> v3 collects *-by: replies. Anything else I can do to get this applied?
> 
>  linux-user/host/aarch64/safe-syscall.inc.S | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)

Applied to my 'linux-user-for-2.12' branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v3] linux-user: Implement ioctl cmd TIOCGPTPEER

[Laurent Vivier]

Le 29/01/2018 à 11:47, Andreas Schwab a écrit :
> With glibc 2.27 the openpty function prefers the TIOCGPTPEER ioctl.
> 
> Signed-off-by: Andreas Schwab 
> Reviewed-by: Laurent Vivier 
> ---
> v2: handle host with old kernel headers
> v3: fix sparc typos
> ---
>  linux-user/aarch64/termbits.h| 2 ++
>  linux-user/alpha/termbits.h  | 1 +
>  linux-user/arm/termbits.h| 1 +
>  linux-user/cris/termbits.h   | 1 +
>  linux-user/hppa/termbits.h   | 2 ++
>  linux-user/i386/termbits.h   | 1 +
>  linux-user/ioctls.h  | 3 +++
>  linux-user/m68k/termbits.h   | 1 +
>  linux-user/microblaze/termbits.h | 1 +
>  linux-user/mips/termbits.h   | 1 +
>  linux-user/nios2/termbits.h  | 2 ++
>  linux-user/openrisc/termbits.h   | 2 ++
>  linux-user/ppc/termbits.h| 1 +
>  linux-user/s390x/termbits.h  | 1 +
>  linux-user/sh4/termbits.h| 1 +
>  linux-user/sparc/termbits.h  | 1 +
>  linux-user/sparc64/termbits.h| 1 +
>  linux-user/syscall.c | 9 +
>  linux-user/tilegx/termbits.h | 1 +
>  linux-user/x86_64/termbits.h | 1 +
>  20 files changed, 34 insertions(+)

Applied to my 'linux-user-for-2.12' branch.

Thanks,
Laurent

Re: [Qemu-devel] [PATCH v5 3/6] bcm2836: Use the Cortex-A7 instead of Cortex-A15

[Philippe Mathieu-Daudé]

Hi Peter,

On 02/01/2018 09:42 PM, Alistair Francis wrote:
> The BCM2836 uses a Cortex-A7 not a Cortex-A15. Update the device to use
> the correct CPU.
> https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2836/QA7_rev3.4.pdf

Can you add these lines with reference to the commits?

  When the BCM2836 was introduced (bad5623690b) the Cortex-A7 was not
  available, so the very similar Cortex-A15 was used.

  Since dcf578ed8ce we can model the correct core.

Thanks!

Phil.

> Signed-off-by: Alistair Francis 
> Reviewed-by: Philippe Mathieu-Daudé 
> Reviewed-by: Igor Mammedov 
> ---
> V3:
>  - Use ARM_CPU_TYPE_NAME() macro
> V2:
>  - Fix the BCM2836 CPU
> 
>  hw/arm/bcm2836.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/arm/bcm2836.c b/hw/arm/bcm2836.c
> index 8c43291112..c42484 100644
> --- a/hw/arm/bcm2836.c
> +++ b/hw/arm/bcm2836.c
> @@ -30,7 +30,7 @@ static void bcm2836_init(Object *obj)
>  
>  for (n = 0; n < BCM2836_NCPUS; n++) {
>  object_initialize(>cpus[n], sizeof(s->cpus[n]),
> -  "cortex-a15-" TYPE_ARM_CPU);
> +  ARM_CPU_TYPE_NAME("cortex-a7"));
>  object_property_add_child(obj, "cpu[*]", OBJECT(>cpus[n]),
>_abort);
>  }
> 

Re: [Qemu-devel] [PATCH v2 6/7] linux-user: Support SVE in aarch64 signal frames

[Peter Maydell]

On 11 February 2018 at 20:58, Richard Henderson
 wrote:
> Signed-off-by: Richard Henderson 
> ---
>  linux-user/signal.c | 348 
> ++--
>  1 file changed, 283 insertions(+), 65 deletions(-)
>
> diff --git a/linux-user/signal.c b/linux-user/signal.c
> index 9a380b9e31..af953175db 100644
> --- a/linux-user/signal.c
> +++ b/linux-user/signal.c
> @@ -1443,35 +1443,61 @@ struct target_fpsimd_context {
>  uint64_t vregs[32 * 2]; /* really uint128_t vregs[32] */
>  };
>
> -/*
> - * Auxiliary context saved in the sigcontext.__reserved array. Not exported 
> to
> - * user space as it will change with the addition of new context. User space
> - * should check the magic/size information.
> - */
> -struct target_aux_context {
> -struct target_fpsimd_context fpsimd;
> -/* additional context to be added before "end" */
> -struct target_aarch64_ctx end;
> +#define TARGET_EXTRA_MAGIC  0x45585401
> +
> +struct target_extra_context {
> +struct target_aarch64_ctx head;
> +uint64_t datap; /* 16-byte aligned pointer to extra space cast to __u64 
> */
> +uint32_t size; /* size in bytes of the extra space */
> +uint32_t reserved[3];
> +};
> +
> +#define TARGET_SVE_MAGIC0x53564501
> +
> +struct target_sve_context {
> +struct target_aarch64_ctx head;
> +uint16_t vl;
> +uint16_t reserved[3];
>  };

I found this patch too hard to review. It looks like you've combined
a refactoring of how we handle the AArch64 "bunch of extra auxiliary
context records" sigframe information with the addition of the SVE
context record. Could you split that into separate patches, please?
A description of why the current code isn't sufficient would also
be helpful.

thanks
-- PMM

Re: [Qemu-devel] [Qemu-arm] [PATCH v1 3/3] raspi: Add "raspi3" machine type

[Peter Maydell]

On 15 February 2018 at 13:14, Philippe Mathieu-Daudé  wrote:
> On 02/15/2018 09:49 AM, Philippe Mathieu-Daudé wrote:
>> On 02/15/2018 09:39 AM, Peter Maydell wrote:
>>> On 8 February 2018 at 05:50, Pekka Enberg  wrote:
>
> Now I remember why I hesitated with this patch,
>
> This part {
>
 +mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
 +mc->max_cpus = BCM2836_NCPUS;
 +mc->min_cpus = BCM2836_NCPUS;
 +mc->default_cpus = BCM2836_NCPUS;
>
> } is the BCM2837 SoC, very similar to the BCM2836.

Yeah, we had a whole go-around about whether we should have a
BCM2837 object or just make the BCM2836 object have a configurable
CPU type. You could argue either way...

thanks
-- PMM

Re: [Qemu-devel] [PATCH v5 4/6] raspi: Specify the valid CPUs

[Peter Maydell]

On 15 February 2018 at 13:04, Philippe Mathieu-Daudé  wrote:
> Hi Peter,
>
> On 02/15/2018 08:29 AM, Peter Maydell wrote:
>> On 2 February 2018 at 00:42, Alistair Francis
>>  wrote:
>>> List all possible valid CPU options.
>>>
>>> Signed-off-by: Alistair Francis 
>>> Reviewed-by: Philippe Mathieu-Daudé 
>>> ---
>>>
>>> V5:
>>>  - Use cpu_model names
>>> V4:
>>>  - Remove spaces
>>> V3:
>>>  - Add static property
>>> V2:
>>>  - Fix the indentation
>>>
>>>  hw/arm/raspi.c | 7 +++
>>>  1 file changed, 7 insertions(+)
>>>
>>> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
>>> index cd5fa8c3dc..745a880726 100644
>>> --- a/hw/arm/raspi.c
>>> +++ b/hw/arm/raspi.c
>>> @@ -158,6 +158,11 @@ static void raspi2_init(MachineState *machine)
>>>  setup_boot(machine, 2, machine->ram_size - vcram_size);
>>>  }
>>>
>>> +static const char *raspi2_valid_cpus[] = {
>>> +"cortex-a7",
>>> +NULL
>>> +};
>>
>> Is this definitely right? Looking at the code, the raspi2 board
>> creates a TYPE_BCM2836, and that creates cortex-a15 CPUs...
>
> The BCM2836 use a cortex-a7 but this cpu was not available at the time
> of this commit (bad5623690b) and was added later in dcf578ed8ce "The A7
> is very similar to the A15."
>
> I can prepare a patch for it to apply before this series.

I noticed after I'd written that comment that patch 3 in this
series does exactly the change to cortex-a7...

thanks
-- PMM

Re: [Qemu-devel] [Qemu-arm] [PATCH v1 3/3] raspi: Add "raspi3" machine type

[Philippe Mathieu-Daudé]

On 02/15/2018 09:49 AM, Philippe Mathieu-Daudé wrote:
> On 02/15/2018 09:39 AM, Peter Maydell wrote:
>> On 8 February 2018 at 05:50, Pekka Enberg  wrote:
>>> This patch adds a "raspi3" machine type, which can now be selected as
>>> the machine to run on by users via the "-M" command line option to QEMU.
>>>
>>> The machine type does *not* ignore memory transaction failures so we
>>> likely need to add some dummy devices later when people run something
>>> more complicated than what I'm using for testing.
>>>
>>> Signed-off-by: Pekka Enberg 
>>> ---
>>>  hw/arm/raspi.c | 21 +
>>>  1 file changed, 21 insertions(+)
>>>
>>> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
>>> index 66fe10e376..048ff23a51 100644
>>> --- a/hw/arm/raspi.c
>>> +++ b/hw/arm/raspi.c
>>> @@ -187,3 +187,24 @@ static void raspi2_machine_init(MachineClass *mc)
>>>  mc->ignore_memory_transaction_failures = true;
>>>  };
>>>  DEFINE_MACHINE("raspi2", raspi2_machine_init)
>>> +
>>> +static void raspi3_init(MachineState *machine)
>>> +{
>>> +raspi_init(machine, 3);
>>> +}
>>> +
>>> +static void raspi3_machine_init(MachineClass *mc)
>>> +{
>>> +mc->desc = "Raspberry Pi 3";
>>> +mc->init = raspi3_init;
>>> +mc->block_default_type = IF_SD;
>>> +mc->no_parallel = 1;
>>> +mc->no_floppy = 1;
>>> +mc->no_cdrom = 1;

Now I remember why I hesitated with this patch,

This part {

>>> +mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
>>> +mc->max_cpus = BCM2836_NCPUS;
>>> +mc->min_cpus = BCM2836_NCPUS;
>>> +mc->default_cpus = BCM2836_NCPUS;

} is the BCM2837 SoC, very similar to the BCM2836.

>>> +mc->default_ram_size = 1024 * 1024 * 1024;
>>> +}
>>> +DEFINE_MACHINE("raspi3", raspi3_machine_init)
>>
>> Hi. This patch breaks "make check", because it adds the raspi3
>> to the arm-softmmu (32-bit guest CPUs only) build, where the
>> cortex-a53 CPU doesn't exist:
>>
>> e104462:xenial:qemu$ ./build/x86/arm-softmmu/qemu-system-arm -M raspi3
>> **
>> ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/qom/object.c:372:object_initialize_with_type:
>> assertion failed: (type != NULL)
>> Aborted (core dumped)
>>
>> The usual way we avoid this is that 64-bit only boards are
>> in their own source file, which is only compiled if the right
>> CONFIG_FOO is set by default-configs/aarch64-softmmu.mak.
>> In this case splitting the 64-bit board into its own source
>> file would be weird and awkward, so the simple thing is to
>> guard the raspi3 bits with #ifdef TARGET_AARCH64.
> 
> Reviewed-by: Philippe Mathieu-Daudé 
> 
>>
>> (You might think we could define a CONFIG_RASPI3 in
>> aarch64-softmmu.mak and #ifdef on it, but for some reason
>> we don't expose those CONFIG_* to C code, possibly just because
>> we've never needed to in the past...)
>>
>> Since this was the only code change needed, I'm just going to make
>> it and apply the patchset to target-arm.next, rather than ask
>> you to do a respin. (There was also a stray space-at-end-of-line
>> in patch 2 which checkpatch grumbles about; I'll fix that up too.)
>>
>> thanks
>> -- PMM
>>

[Qemu-devel] [PATCH v3] qcow2: Replace align_offset() with ROUND_UP()

[Alberto Garcia]

The align_offset() function is equivalent to the ROUND_UP() macro so
there's no need to use the former. The ROUND_UP() name is also a bit
more explicit.

This patch uses ROUND_UP() instead of the slower QEMU_ALIGN_UP()
because align_offset() already requires that the second parameter is a
power of two.

Signed-off-by: Alberto Garcia 
Reviewed-by: Eric Blake 
Reviewed-by: Philippe Mathieu-Daudé 
---
v3 is the same as v2, but rebased on top of the current master fixing
a merge conflict.
---
 block/qcow2-bitmap.c   |  4 ++--
 block/qcow2-cluster.c  |  4 ++--
 block/qcow2-refcount.c |  4 ++--
 block/qcow2-snapshot.c | 10 +-
 block/qcow2.c  | 14 +++---
 block/qcow2.h  |  6 --
 6 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index 4f6fd863ea..5127276f90 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -413,8 +413,8 @@ static inline void 
bitmap_dir_entry_to_be(Qcow2BitmapDirEntry *entry)
 
 static inline int calc_dir_entry_size(size_t name_size, size_t extra_data_size)
 {
-return align_offset(sizeof(Qcow2BitmapDirEntry) +
-name_size + extra_data_size, 8);
+int size = sizeof(Qcow2BitmapDirEntry) + name_size + extra_data_size;
+return ROUND_UP(size, 8);
 }
 
 static inline int dir_entry_size(Qcow2BitmapDirEntry *entry)
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index e406b0f3b9..98908c4264 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -126,11 +126,11 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t 
min_size,
 
 new_l1_size2 = sizeof(uint64_t) * new_l1_size;
 new_l1_table = qemu_try_blockalign(bs->file->bs,
-   align_offset(new_l1_size2, 512));
+   ROUND_UP(new_l1_size2, 512));
 if (new_l1_table == NULL) {
 return -ENOMEM;
 }
-memset(new_l1_table, 0, align_offset(new_l1_size2, 512));
+memset(new_l1_table, 0, ROUND_UP(new_l1_size2, 512));
 
 if (s->l1_size) {
 memcpy(new_l1_table, s->l1_table, s->l1_size * sizeof(uint64_t));
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index d46b69d7f3..126cca3276 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -1204,7 +1204,7 @@ int qcow2_update_snapshot_refcount(BlockDriverState *bs,
  * l1_table_offset when it is the current s->l1_table_offset! Be careful
  * when changing this! */
 if (l1_table_offset != s->l1_table_offset) {
-l1_table = g_try_malloc0(align_offset(l1_size2, 512));
+l1_table = g_try_malloc0(ROUND_UP(l1_size2, 512));
 if (l1_size2 && l1_table == NULL) {
 ret = -ENOMEM;
 goto fail;
@@ -2553,7 +2553,7 @@ int qcow2_check_metadata_overlap(BlockDriverState *bs, 
int ign, int64_t offset,
 }
 
 /* align range to test to cluster boundaries */
-size = align_offset(offset_into_cluster(s, offset) + size, 
s->cluster_size);
+size = ROUND_UP(offset_into_cluster(s, offset) + size, s->cluster_size);
 offset = start_of_cluster(s, offset);
 
 if ((chk & QCOW2_OL_ACTIVE_L1) && s->l1_size) {
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 44243e0e95..cee25f582b 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -66,7 +66,7 @@ int qcow2_read_snapshots(BlockDriverState *bs)
 
 for(i = 0; i < s->nb_snapshots; i++) {
 /* Read statically sized part of the snapshot header */
-offset = align_offset(offset, 8);
+offset = ROUND_UP(offset, 8);
 ret = bdrv_pread(bs->file, offset, , sizeof(h));
 if (ret < 0) {
 goto fail;
@@ -155,7 +155,7 @@ static int qcow2_write_snapshots(BlockDriverState *bs)
 offset = 0;
 for(i = 0; i < s->nb_snapshots; i++) {
 sn = s->snapshots + i;
-offset = align_offset(offset, 8);
+offset = ROUND_UP(offset, 8);
 offset += sizeof(h);
 offset += sizeof(extra);
 offset += strlen(sn->id_str);
@@ -215,7 +215,7 @@ static int qcow2_write_snapshots(BlockDriverState *bs)
 assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX);
 h.id_str_size = cpu_to_be16(id_str_size);
 h.name_size = cpu_to_be16(name_size);
-offset = align_offset(offset, 8);
+offset = ROUND_UP(offset, 8);
 
 ret = bdrv_pwrite(bs->file, offset, , sizeof(h));
 if (ret < 0) {
@@ -441,7 +441,7 @@ int qcow2_snapshot_create(BlockDriverState *bs, 
QEMUSnapshotInfo *sn_info)
 /* The VM state isn't needed any more in the active L1 table; in fact, it
  * hurts by causing expensive COW for the next snapshot. */
 qcow2_cluster_discard(bs, qcow2_vm_state_offset(s),
-  align_offset(sn->vm_state_size, s->cluster_size),
+  ROUND_UP(sn->vm_state_size, s->cluster_size),

Re: [Qemu-devel] [PATCH v5 4/6] raspi: Specify the valid CPUs

[Philippe Mathieu-Daudé]

Hi Peter,

On 02/15/2018 08:29 AM, Peter Maydell wrote:
> On 2 February 2018 at 00:42, Alistair Francis
>  wrote:
>> List all possible valid CPU options.
>>
>> Signed-off-by: Alistair Francis 
>> Reviewed-by: Philippe Mathieu-Daudé 
>> ---
>>
>> V5:
>>  - Use cpu_model names
>> V4:
>>  - Remove spaces
>> V3:
>>  - Add static property
>> V2:
>>  - Fix the indentation
>>
>>  hw/arm/raspi.c | 7 +++
>>  1 file changed, 7 insertions(+)
>>
>> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
>> index cd5fa8c3dc..745a880726 100644
>> --- a/hw/arm/raspi.c
>> +++ b/hw/arm/raspi.c
>> @@ -158,6 +158,11 @@ static void raspi2_init(MachineState *machine)
>>  setup_boot(machine, 2, machine->ram_size - vcram_size);
>>  }
>>
>> +static const char *raspi2_valid_cpus[] = {
>> +"cortex-a7",
>> +NULL
>> +};
> 
> Is this definitely right? Looking at the code, the raspi2 board
> creates a TYPE_BCM2836, and that creates cortex-a15 CPUs...

The BCM2836 use a cortex-a7 but this cpu was not available at the time
of this commit (bad5623690b) and was added later in dcf578ed8ce "The A7
is very similar to the A15."

I can prepare a patch for it to apply before this series.

> 
> thanks
> -- PMM
> 

Re: [Qemu-devel] [PULL 0/1] M68k for 2.12 patches

[Peter Maydell]

On 14 February 2018 at 10:39, Laurent Vivier  wrote:
> The following changes since commit bec9c64ef7be8063f1192608b83877bc5c9ea217:
>
>   Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into 
> staging (2018-02-13 18:24:08 +)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu-m68k.git tags/m68k-for-2.12-pull-request
>
> for you to fetch changes up to 1226e212292e271b8795265c9639d5c0553df199:
>
>   m68k: implement movep instruction (2018-02-14 11:09:13 +0100)
>
> 
>
> 
>
> Pavel Dovgalyuk (1):
>   m68k: implement movep instruction
>
>  target/m68k/cpu.c   |  2 ++
>  target/m68k/cpu.h   |  1 +
>  target/m68k/translate.c | 46 ++
>  3 files changed, 49 insertions(+)

Applied, thanks.

-- PMM

Re: [Qemu-devel] [Qemu-arm] [PATCH v1 3/3] raspi: Add "raspi3" machine type

[Philippe Mathieu-Daudé]

On 02/15/2018 09:39 AM, Peter Maydell wrote:
> On 8 February 2018 at 05:50, Pekka Enberg  wrote:
>> This patch adds a "raspi3" machine type, which can now be selected as
>> the machine to run on by users via the "-M" command line option to QEMU.
>>
>> The machine type does *not* ignore memory transaction failures so we
>> likely need to add some dummy devices later when people run something
>> more complicated than what I'm using for testing.
>>
>> Signed-off-by: Pekka Enberg 
>> ---
>>  hw/arm/raspi.c | 21 +
>>  1 file changed, 21 insertions(+)
>>
>> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
>> index 66fe10e376..048ff23a51 100644
>> --- a/hw/arm/raspi.c
>> +++ b/hw/arm/raspi.c
>> @@ -187,3 +187,24 @@ static void raspi2_machine_init(MachineClass *mc)
>>  mc->ignore_memory_transaction_failures = true;
>>  };
>>  DEFINE_MACHINE("raspi2", raspi2_machine_init)
>> +
>> +static void raspi3_init(MachineState *machine)
>> +{
>> +raspi_init(machine, 3);
>> +}
>> +
>> +static void raspi3_machine_init(MachineClass *mc)
>> +{
>> +mc->desc = "Raspberry Pi 3";
>> +mc->init = raspi3_init;
>> +mc->block_default_type = IF_SD;
>> +mc->no_parallel = 1;
>> +mc->no_floppy = 1;
>> +mc->no_cdrom = 1;
>> +mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
>> +mc->max_cpus = BCM2836_NCPUS;
>> +mc->min_cpus = BCM2836_NCPUS;
>> +mc->default_cpus = BCM2836_NCPUS;
>> +mc->default_ram_size = 1024 * 1024 * 1024;
>> +}
>> +DEFINE_MACHINE("raspi3", raspi3_machine_init)
> 
> Hi. This patch breaks "make check", because it adds the raspi3
> to the arm-softmmu (32-bit guest CPUs only) build, where the
> cortex-a53 CPU doesn't exist:
> 
> e104462:xenial:qemu$ ./build/x86/arm-softmmu/qemu-system-arm -M raspi3
> **
> ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/qom/object.c:372:object_initialize_with_type:
> assertion failed: (type != NULL)
> Aborted (core dumped)
> 
> The usual way we avoid this is that 64-bit only boards are
> in their own source file, which is only compiled if the right
> CONFIG_FOO is set by default-configs/aarch64-softmmu.mak.
> In this case splitting the 64-bit board into its own source
> file would be weird and awkward, so the simple thing is to
> guard the raspi3 bits with #ifdef TARGET_AARCH64.

Reviewed-by: Philippe Mathieu-Daudé 

> 
> (You might think we could define a CONFIG_RASPI3 in
> aarch64-softmmu.mak and #ifdef on it, but for some reason
> we don't expose those CONFIG_* to C code, possibly just because
> we've never needed to in the past...)
> 
> Since this was the only code change needed, I'm just going to make
> it and apply the patchset to target-arm.next, rather than ask
> you to do a respin. (There was also a stray space-at-end-of-line
> in patch 2 which checkpatch grumbles about; I'll fix that up too.)
> 
> thanks
> -- PMM
> 

Re: [Qemu-devel] [PATCH v1 3/3] raspi: Add "raspi3" machine type

[Peter Maydell]

On 8 February 2018 at 05:50, Pekka Enberg  wrote:
> This patch adds a "raspi3" machine type, which can now be selected as
> the machine to run on by users via the "-M" command line option to QEMU.
>
> The machine type does *not* ignore memory transaction failures so we
> likely need to add some dummy devices later when people run something
> more complicated than what I'm using for testing.
>
> Signed-off-by: Pekka Enberg 
> ---
>  hw/arm/raspi.c | 21 +
>  1 file changed, 21 insertions(+)
>
> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
> index 66fe10e376..048ff23a51 100644
> --- a/hw/arm/raspi.c
> +++ b/hw/arm/raspi.c
> @@ -187,3 +187,24 @@ static void raspi2_machine_init(MachineClass *mc)
>  mc->ignore_memory_transaction_failures = true;
>  };
>  DEFINE_MACHINE("raspi2", raspi2_machine_init)
> +
> +static void raspi3_init(MachineState *machine)
> +{
> +raspi_init(machine, 3);
> +}
> +
> +static void raspi3_machine_init(MachineClass *mc)
> +{
> +mc->desc = "Raspberry Pi 3";
> +mc->init = raspi3_init;
> +mc->block_default_type = IF_SD;
> +mc->no_parallel = 1;
> +mc->no_floppy = 1;
> +mc->no_cdrom = 1;
> +mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a53");
> +mc->max_cpus = BCM2836_NCPUS;
> +mc->min_cpus = BCM2836_NCPUS;
> +mc->default_cpus = BCM2836_NCPUS;
> +mc->default_ram_size = 1024 * 1024 * 1024;
> +}
> +DEFINE_MACHINE("raspi3", raspi3_machine_init)

Hi. This patch breaks "make check", because it adds the raspi3
to the arm-softmmu (32-bit guest CPUs only) build, where the
cortex-a53 CPU doesn't exist:

e104462:xenial:qemu$ ./build/x86/arm-softmmu/qemu-system-arm -M raspi3
**
ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/qom/object.c:372:object_initialize_with_type:
assertion failed: (type != NULL)
Aborted (core dumped)

The usual way we avoid this is that 64-bit only boards are
in their own source file, which is only compiled if the right
CONFIG_FOO is set by default-configs/aarch64-softmmu.mak.
In this case splitting the 64-bit board into its own source
file would be weird and awkward, so the simple thing is to
guard the raspi3 bits with #ifdef TARGET_AARCH64.

(You might think we could define a CONFIG_RASPI3 in
aarch64-softmmu.mak and #ifdef on it, but for some reason
we don't expose those CONFIG_* to C code, possibly just because
we've never needed to in the past...)

Since this was the only code change needed, I'm just going to make
it and apply the patchset to target-arm.next, rather than ask
you to do a respin. (There was also a stray space-at-end-of-line
in patch 2 which checkpatch grumbles about; I'll fix that up too.)

thanks
-- PMM

Re: [Qemu-devel] [PATCH] tests: add test for TPM TIS device

[Marc-André Lureau]

Hi

On Thu, Feb 15, 2018 at 2:21 AM, Stefan Berger
 wrote:
> Move the TPM TIS related register and flag #defines into
> include/hw/acpi/tpm.h for access by the test case.
>
> Write a test case that covers the TIS functionality.
>
> Add the tests cases to the MAINTAINERS file.
>
> Signed-off-by: Stefan Berger 
> ---
>  MAINTAINERS|   1 +
>  hw/tpm/tpm_tis.c   | 101 
>  include/hw/acpi/tpm.h  | 105 
>  tests/Makefile.include |   2 +
>  tests/tpm-tis-test.c   | 661 
> +
>  5 files changed, 769 insertions(+), 101 deletions(-)
>  create mode 100644 tests/tpm-tis-test.c
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 57358a0..60a9ae9 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -1633,6 +1633,7 @@ F: include/hw/acpi/tpm.h
>  F: include/sysemu/tpm*
>  F: qapi/tpm.json
>  F: backends/tpm.c
> +F: tests/tpm-*-test
>  T: git git://github.com/stefanberger/qemu-tpm.git tpm-next
>
>  Checkpatch
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index f81168a..834eef7 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -92,107 +92,6 @@ typedef struct TPMState {
>  } \
>  } while (0)
>
> -/* tis registers */
> -#define TPM_TIS_REG_ACCESS0x00
> -#define TPM_TIS_REG_INT_ENABLE0x08
> -#define TPM_TIS_REG_INT_VECTOR0x0c
> -#define TPM_TIS_REG_INT_STATUS0x10
> -#define TPM_TIS_REG_INTF_CAPABILITY   0x14
> -#define TPM_TIS_REG_STS   0x18
> -#define TPM_TIS_REG_DATA_FIFO 0x24
> -#define TPM_TIS_REG_INTERFACE_ID  0x30
> -#define TPM_TIS_REG_DATA_XFIFO0x80
> -#define TPM_TIS_REG_DATA_XFIFO_END0xbc
> -#define TPM_TIS_REG_DID_VID   0xf00
> -#define TPM_TIS_REG_RID   0xf04
> -
> -/* vendor-specific registers */
> -#define TPM_TIS_REG_DEBUG 0xf90
> -
> -#define TPM_TIS_STS_TPM_FAMILY_MASK (0x3 << 26)/* TPM 2.0 */
> -#define TPM_TIS_STS_TPM_FAMILY1_2   (0 << 26)  /* TPM 2.0 */
> -#define TPM_TIS_STS_TPM_FAMILY2_0   (1 << 26)  /* TPM 2.0 */
> -#define TPM_TIS_STS_RESET_ESTABLISHMENT_BIT (1 << 25)  /* TPM 2.0 */
> -#define TPM_TIS_STS_COMMAND_CANCEL  (1 << 24)  /* TPM 2.0 */
> -
> -#define TPM_TIS_STS_VALID (1 << 7)
> -#define TPM_TIS_STS_COMMAND_READY (1 << 6)
> -#define TPM_TIS_STS_TPM_GO(1 << 5)
> -#define TPM_TIS_STS_DATA_AVAILABLE(1 << 4)
> -#define TPM_TIS_STS_EXPECT(1 << 3)
> -#define TPM_TIS_STS_SELFTEST_DONE (1 << 2)
> -#define TPM_TIS_STS_RESPONSE_RETRY(1 << 1)
> -
> -#define TPM_TIS_BURST_COUNT_SHIFT 8
> -#define TPM_TIS_BURST_COUNT(X) \
> -((X) << TPM_TIS_BURST_COUNT_SHIFT)
> -
> -#define TPM_TIS_ACCESS_TPM_REG_VALID_STS  (1 << 7)
> -#define TPM_TIS_ACCESS_ACTIVE_LOCALITY(1 << 5)
> -#define TPM_TIS_ACCESS_BEEN_SEIZED(1 << 4)
> -#define TPM_TIS_ACCESS_SEIZE  (1 << 3)
> -#define TPM_TIS_ACCESS_PENDING_REQUEST(1 << 2)
> -#define TPM_TIS_ACCESS_REQUEST_USE(1 << 1)
> -#define TPM_TIS_ACCESS_TPM_ESTABLISHMENT  (1 << 0)
> -
> -#define TPM_TIS_INT_ENABLED   (1 << 31)
> -#define TPM_TIS_INT_DATA_AVAILABLE(1 << 0)
> -#define TPM_TIS_INT_STS_VALID (1 << 1)
> -#define TPM_TIS_INT_LOCALITY_CHANGED  (1 << 2)
> -#define TPM_TIS_INT_COMMAND_READY (1 << 7)
> -
> -#define TPM_TIS_INT_POLARITY_MASK (3 << 3)
> -#define TPM_TIS_INT_POLARITY_LOW_LEVEL(1 << 3)
> -
> -#define TPM_TIS_INTERRUPTS_SUPPORTED (TPM_TIS_INT_LOCALITY_CHANGED | \
> -  TPM_TIS_INT_DATA_AVAILABLE   | \
> -  TPM_TIS_INT_STS_VALID | \
> -  TPM_TIS_INT_COMMAND_READY)
> -
> -#define TPM_TIS_CAP_INTERFACE_VERSION1_3 (2 << 28)
> -#define TPM_TIS_CAP_INTERFACE_VERSION1_3_FOR_TPM2_0 (3 << 28)
> -#define TPM_TIS_CAP_DATA_TRANSFER_64B(3 << 9)
> -#define TPM_TIS_CAP_DATA_TRANSFER_LEGACY (0 << 9)
> -#define TPM_TIS_CAP_BURST_COUNT_DYNAMIC  (0 << 8)
> -#define TPM_TIS_CAP_INTERRUPT_LOW_LEVEL  (1 << 4) /* support is mandatory */
> -#define TPM_TIS_CAPABILITIES_SUPPORTED1_3 \
> -(TPM_TIS_CAP_INTERRUPT_LOW_LEVEL | \
> - TPM_TIS_CAP_BURST_COUNT_DYNAMIC | \
> - TPM_TIS_CAP_DATA_TRANSFER_64B | \
> - TPM_TIS_CAP_INTERFACE_VERSION1_3 | \
> - TPM_TIS_INTERRUPTS_SUPPORTED)
> -
> -#define TPM_TIS_CAPABILITIES_SUPPORTED2_0 \
> -(TPM_TIS_CAP_INTERRUPT_LOW_LEVEL | \
> - TPM_TIS_CAP_BURST_COUNT_DYNAMIC | \
> - TPM_TIS_CAP_DATA_TRANSFER_64B | \
> - TPM_TIS_CAP_INTERFACE_VERSION1_3_FOR_TPM2_0 | \
> - TPM_TIS_INTERRUPTS_SUPPORTED)
> -
> -#define TPM_TIS_IFACE_ID_INTERFACE_TIS1_3   (0xf) /* TPM 2.0 */
> -#define TPM_TIS_IFACE_ID_INTERFACE_FIFO (0x0) /* TPM 2.0 */
> -#define TPM_TIS_IFACE_ID_INTERFACE_VER_FIFO (0 << 4)  /* 

Re: [Qemu-devel] [PATCH 05/30] hw/mips/r4k: constify params_size

[Philippe Mathieu-Daudé]

Hi Thomas,

On 02/15/2018 03:19 AM, Thomas Huth wrote:
> On 15.02.2018 05:28, Philippe Mathieu-Daudé wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/mips/mips_r4k.c | 5 ++---
>>  1 file changed, 2 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
>> index 830ee7732c..5a74c44b9a 100644
>> --- a/hw/mips/mips_r4k.c
>> +++ b/hw/mips/mips_r4k.c
>> @@ -79,8 +79,9 @@ typedef struct ResetData {
>>  
>>  static int64_t load_kernel(void)
>>  {
>> +const size_t params_size = 264;
>>  int64_t entry, kernel_high;
>> -long kernel_size, initrd_size, params_size;
>> +long kernel_size, initrd_size;
>>  ram_addr_t initrd_offset;
>>  uint32_t *params_buf;
>>  int big_endian;
>> @@ -128,7 +129,6 @@ static int64_t load_kernel(void)
>>  }
>>  
>>  /* Store command line.  */
>> -params_size = 264;
>>  params_buf = g_malloc(params_size);
>>  
>>  params_buf[0] = tswap32(ram_size);
>> @@ -144,7 +144,6 @@ static int64_t load_kernel(void)
>>  
>>  rom_add_blob_fixed("params", params_buf, params_size,
>> (16 << 20) - 264);
>> -
>>  g_free(params_buf);
>>  return entry;
>>  }
> 
> The last hunk is an unnecessary white-space change. Did you maybe rather
> wanted to replace the 264 in the preceding line instead?

Yes :( Since this change was a bit different than the rest, I extracted
from the next patch "hw/mips: use the BYTE-based definitions" but missed.

Thanks for reviewing,

Phil.

> 
>  Thomas
> 

Re: [Qemu-devel] [Xen-devel] [PATCH 30/30] xen: use the BYTE-based definitions

[Philippe Mathieu-Daudé]

On 02/15/2018 08:00 AM, Alan Robinson wrote:
> Hi Philippe,
> 
> On Thu, Feb 15, 2018 at 01:29:00AM -0300, Philippe Mathieu-Daudé wrote:
>> From: Philippe Mathieu-Daudé 
>> Subject: [Xen-devel] [PATCH 30/30] xen: use the BYTE-based definitions
>> List-Id: Xen developer discussion 
>>
>> It ease code review, unit is explicit.
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  hw/block/xen_disk.c|  4 ++--
>>  hw/xenpv/xen_domainbuild.c | 10 +-
>>  2 files changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
>> index f74fcd42d1..557005b5e5 100644
>> --- a/hw/block/xen_disk.c
>> +++ b/hw/block/xen_disk.c
>> @@ -1153,9 +1153,9 @@ static int blk_connect(struct XenDevice *xendev)
>>  }
>>  
>>  xen_pv_printf(xendev, 1, "type \"%s\", fileproto \"%s\", filename 
>> \"%s\","
>> -  " size %" PRId64 " (%" PRId64 " MB)\n",
>> +  " size %" PRId64 " (%llu MB)\n",
>>blkdev->type, blkdev->fileproto, blkdev->filename,
>> -  blkdev->file_size, blkdev->file_size >> 20);
>> +  blkdev->file_size, blkdev->file_size / M_BYTE);
>>  
>>  /* Fill in number of sector size and number of sectors */
>>  xenstore_write_be_int(>xendev, "sector-size", blkdev->file_blk);
>> diff --git a/hw/xenpv/xen_domainbuild.c b/hw/xenpv/xen_domainbuild.c
>> index 027f76fad1..083fb80ee5 100644
>> --- a/hw/xenpv/xen_domainbuild.c
>> +++ b/hw/xenpv/xen_domainbuild.c
>> @@ -75,9 +75,9 @@ int xenstore_domain_init1(const char *kernel, const char 
>> *ramdisk,
>>  xenstore_write_str(dom, "vm", vm);
>>  
>>  /* memory */
>> -xenstore_write_int(dom, "memory/target", ram_size >> 10);  // kB
>> -xenstore_write_int(vm, "memory", ram_size >> 20);  // MB
>> -xenstore_write_int(vm, "maxmem", ram_size >> 20);  // MB
>> +xenstore_write_int(dom, "memory/target", ram_size * K_BYTE);
>> +xenstore_write_int(vm, "memory", ram_size * M_BYTE);
>> +xenstore_write_int(vm, "maxmem", ram_size * M_BYTE);
> 
> These changes looks wrong, surely it must be 'ram_size / K_BYTE'...

Oops... Thanks for noticing this mistake!

Can I add your R-b tag once fixed? Respin will be:

+xenstore_write_int(dom, "memory/target", ram_size / K_BYTE);
+xenstore_write_int(vm, "memory", ram_size / M_BYTE);
+xenstore_write_int(vm, "maxmem", ram_size / M_BYTE);

Regards,

Phil.

> 
> Alan
> 

[Qemu-devel] [Bug 1589272] Re: qemu-system-x86_64: There is no option group 'vnc'

[Thomas Huth]

Triaging old bug tickets... can you still reproduce this issue with the
latest version of QEMU? Or could we close this ticket nowadays?

** Changed in: qemu
   Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1589272

Title:
  qemu-system-x86_64: There is no option group 'vnc'

Status in QEMU:
  Incomplete

Bug description:
  build qemu from git (6b3532b20b787cbd697a68b383232f5c3b39bd1e)

  with this options:

  ./configure \
  --python=/usr/bin/python2 \
  --prefix=/usr \
  --sysconfdir=/etc \
  --localstatedir=/var \
  --libexecdir=/usr/lib/qemu \
  
--target-list=i386-softmmu,x86_64-softmmu,i386-linux-user,x86_64-linux-user \
  --audio-drv-list='pa alsa' \
  --enable-linux-aio \
  --enable-seccomp \
  --enable-tpm \
  --enable-modules \
  --disable-sdl \
  --disable-gtk \
  --disable-spice \
  --disable-rbd \
  --disable-libiscsi \
  --disable-libnfs \
  --disable-smartcard \
  --disable-glusterfs \
  --disable-docs \
  --disable-vnc{,-sasl,-jpeg,-png} \
  --disable-guest-agent

  i get:

  └───╼  qemu-system-x86_64
  qemu-system-x86_64: There is no option group 'vnc'
  Segment Fault (core dumped)

  └───╼  coredumpctl info 12932
 PID: 12932 (qemu-system-x86)
 UID: 1000 (sl1pkn07)
 GID: 100 (users)
  Signal: 11 (SEGV)
   Timestamp: dom 2016-06-05 18:05:51 CEST (17s ago)
Command Line: qemu-system-x86_64
  Executable: /usr/bin/qemu-system-x86_64
   Control Group: /user.slice/user-1000.slice/session-c1.scope
Unit: session-c1.scope
   Slice: user-1000.slice
 Session: c1
   Owner UID: 1000 (sl1pkn07)
 Boot ID: 5b205159fa6b4c25946fad7087bd366f
  Machine ID: c20ee0c57658685bfedf50384b0e3ec0
Hostname: sL1pKn07
Coredump: 
/var/lib/systemd/coredump/core.qemu-system-x86.1000.5b205159fa6b4c25946fad7087bd366f.12932.1465142751.lz4
 Message: Process 12932 (qemu-system-x86) of user 1000 dumped core.
  
  Stack trace of thread 12932:
  #0  0x55b269c2e245 qemu_opts_foreach (qemu-system-x86_64)
  #1  0x55b2698fb6b5 main (qemu-system-x86_64)
  #2  0x7fafc4e5a741 __libc_start_main (libc.so.6)
  #3  0x55b269900eb9 _start (qemu-system-x86_64)
  
  Stack trace of thread 12934:
  #0  0x7fafc51e80af pthread_cond_wait@@GLIBC_2.3.2 
(libpthread.so.0)
  #1  0x55b269c21b19 qemu_cond_wait (qemu-system-x86_64)
  #2  0x55b26992bff4 qemu_tcg_cpu_thread_fn 
(qemu-system-x86_64)
  #3  0x7fafc51e2484 start_thread (libpthread.so.0)
  #4  0x7fafc4f216dd __clone (libc.so.6)
  
  Stack trace of thread 12933:
  #0  0x7fafc51eaebc __lll_lock_wait (libpthread.so.0)
  #1  0x7fafc51e4b45 pthread_mutex_lock (libpthread.so.0)
  #2  0x55b269c21a39 qemu_mutex_lock (qemu-system-x86_64)
  #3  0x55b26992bf51 qemu_mutex_lock_iothread 
(qemu-system-x86_64)
  #4  0x55b269c30430 call_rcu_thread (qemu-system-x86_64)
  #5  0x7fafc51e2484 start_thread (libpthread.so.0)
  #6  0x7fafc4f216dd __clone (libc.so.6)

  builded with GCC 6.1.1

  greetings

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1589272/+subscriptions

Re: [Qemu-devel] [PATCH v2 4/4] acpi: build TPM Physical Presence interface

[Stefan Berger]

On 02/14/2018 01:39 PM, Kevin O'Connor wrote:

On Tue, Feb 13, 2018 at 03:29:20PM -0500, Stefan Berger wrote:
[...]

In these 0x400 bytes we have 256 bytes that are used for configuration flags
describing the supported opcode as you previously described. This array
allows us to decouple the firmware implementation from the ACPI code and we
need not hard code what is supported in the firmware inside the ACPI code
(which would be difficult to do anyway since in QEMU we would not what
firmware will be started and what PPI opcodes are support) and the ppi sysfs
entries in Linux for example show exactly those PPI opcodes that are
supported. The firmware needs to set those flags and the firmware knows what
it supports.

I hope we can settle that this device is the right path.

It seems that the primary purpose of the 0x400 virtual device is to
pass information from firmware to QEMU (specifically to pass the list
of supported PPI opcodes to the QEMU generated AML code).  Passing
information between firmware and QEMU is not new territory, and fw_cfg
was specifically built to do this.  I'd prefer to use fw_cfg if we
need to pass information between firmware and QEMU.

That said, I don't see why this list is needed - why not just
implement the same opcodes in both UEFI and SeaBIOS and be done with
it?  The spec defines 22 actions, and most of these are permutations
of 4 basic features (Enable, Activate, Clear, SetOwnerInstall).


... which may be a substantial amount of work to implement. There are 
another 23 or so defined for TPM 2, some of which are optional.




[...]

I initially had PPI SeaBIOS code write into the TPM TIS device's memory into
some custom addresses. I'd consider this a hack.

Well, sure, it could be considered a hack.  But, it seems to me the
whole PPI spec is a bit of a hack.  If elegance isn't an option,
settle for simplicity?

-Kevin

Re: [Qemu-devel] [PATCH v1 1/3] bcm2836: Make CPU type configurable

[Peter Maydell]

On 8 February 2018 at 05:50, Pekka Enberg  wrote:
> This patch adds a "cpu-type" property to BCM2836 SoC in preparation for
> reusing the code for the Raspberry Pi 3, which has a different processor
> model.
>
> Signed-off-by: Pekka Enberg 

> --- a/hw/arm/raspi.c
> +++ b/hw/arm/raspi.c
> @@ -135,6 +135,8 @@ static void raspi2_init(MachineState *machine)
>  /* Setup the SOC */
>  object_property_add_const_link(OBJECT(>soc), "ram", OBJECT(>ram),
> _abort);
> +object_property_set_str(OBJECT(>soc), machine->cpu_type, "cpu-type",
> +_abort);
>  object_property_set_int(OBJECT(>soc), smp_cpus, "enabled-cpus",
>  _abort);
>  object_property_set_int(OBJECT(>soc), 0xa21041, "board-rev",
> @@ -166,6 +168,7 @@ static void raspi2_machine_init(MachineClass *mc)
>  mc->no_parallel = 1;
>  mc->no_floppy = 1;
>  mc->no_cdrom = 1;
> +mc->default_cpu_type = ARM_CPU_TYPE_NAME("cortex-a15");
>  mc->max_cpus = BCM2836_NCPUS;
>  mc->min_cpus = BCM2836_NCPUS;
>  mc->default_cpus = BCM2836_NCPUS;

This change means that instead of ignoring the user's -cpu argument
we'll now unconditionally accept it even if it's nonsense for this
board. Neither behaviour is great. However, the patchset to allow
boards to easily specify the valid set of CPU types is still in
code review:
https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg00308.html

so I'm happy to take this as-is, and we'll add the validity check
when that patchset goes in.

thanks
-- PMM

[Qemu-devel] [Bug 1739413] Re: Hotplugged vcpu does not guarantee cpu compat mode(power8) on power9 host

[Thomas Huth]

David's patch has been included here:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=51f84465dd985fc21589b2e


** Changed in: qemu
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1739413

Title:
  Hotplugged vcpu does not guarantee cpu compat mode(power8) on power9
  host

Status in QEMU:
  Fix Committed

Bug description:
  ./ppc64-softmmu/qemu-system-ppc64 -version
  QEMU emulator version 2.11.50 (v2.11.0-254-gaf35267)

  1. Boot a power8 compat mode guest power9 HW.
  ./ppc64-softmmu/qemu-system-ppc64 -machine 
pseries,accel=kvm,max-cpu-compat=power8 -m 4096 /home/sath/images/guest.qcow2 
-smp 1,maxcpus=2 -serial /dev/pts/8  -monitor stdio -vga none -nographic
  QEMU 2.11.50 monitor - type 'help' for more information
  (qemu) 

  2. Check for cpuinfo

  # cat /proc/cpuinfo 
  processor : 0
  cpu   : POWER8 (architected), altivec supported
  clock : 2200.00MHz
  revision  : 2.1 (pvr 004e 1201)

  timebase  : 51200
  platform  : pSeries
  model : IBM pSeries (emulated by qemu)
  machine   : CHRP IBM pSeries (emulated by qemu)
  MMU   : Hash

  
  3. Run a small program invoking isa v3.0 instruction, it should complain 
'Illegal instruction' as it is a power8 compat guest
  # cat 1.c 
  #include 
  void main()
  {
  asm volatile (".long 0x7c0005e6");
  }
  # ./a.out 
  [   59.352795] a.out[1741]: unhandled signal 4 at 1600 nip 
1600 lr 7fffb4da5080 code 1
  Illegal instruction 

  4. Hotplug a vcpu
  (qemu) device_add host-spapr-cpu-core,id=core1,core-id=1
  (qemu) info cpus
  * CPU #0: nip=0xc00de42c thread_id=113110
CPU #1: nip=0xc00de42c thread_id=113348

  5. Try running the same program in the hotplugged vcpu and it does not
  complain as 'Illegal instruction'

  #taskset -c 1 ./a.out --NOK
  #  

  # taskset -c 0 ./a.out 
  [  356.618031] a.out[1755]: unhandled signal 4 at 1600 nip 
1600 lr 7fffae7f5080 code 1
  Illegal instruction

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1739413/+subscriptions

[Qemu-devel] [Bug 1726394] Re: Passes through prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, address)

[Thomas Huth]

Fix has been released with QEMU 2.11:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a8b154a637b586441b

** Changed in: qemu
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1726394

Title:
  Passes through prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, address)

Status in QEMU:
  Fix Released
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Xenial:
  Won't Fix
Status in qemu source package in Zesty:
  Won't Fix
Status in qemu source package in Artful:
  Won't Fix
Status in qemu package in Debian:
  Confirmed

Bug description:
  qemu-user passes through prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER,
  address) unmodified, but the third argument is an address to a BPF
  filter, causing an EFAULT. Now, the filter is architecture-specifc, so
  you can't just rewrite the addresses, so the safest bet is to just
  return an error here.

  I guess you should just return EINVAL, but not sure. I'd really like
  something that can be identified, so seccomp errors can be ignored
  when it's not supported.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1726394/+subscriptions

Re: [Qemu-devel] [PATCH v5 4/6] raspi: Specify the valid CPUs

[Peter Maydell]

On 2 February 2018 at 00:42, Alistair Francis
 wrote:
> List all possible valid CPU options.
>
> Signed-off-by: Alistair Francis 
> Reviewed-by: Philippe Mathieu-Daudé 
> ---
>
> V5:
>  - Use cpu_model names
> V4:
>  - Remove spaces
> V3:
>  - Add static property
> V2:
>  - Fix the indentation
>
>  hw/arm/raspi.c | 7 +++
>  1 file changed, 7 insertions(+)
>
> diff --git a/hw/arm/raspi.c b/hw/arm/raspi.c
> index cd5fa8c3dc..745a880726 100644
> --- a/hw/arm/raspi.c
> +++ b/hw/arm/raspi.c
> @@ -158,6 +158,11 @@ static void raspi2_init(MachineState *machine)
>  setup_boot(machine, 2, machine->ram_size - vcram_size);
>  }
>
> +static const char *raspi2_valid_cpus[] = {
> +"cortex-a7",
> +NULL
> +};

Is this definitely right? Looking at the code, the raspi2 board
creates a TYPE_BCM2836, and that creates cortex-a15 CPUs...

thanks
-- PMM

[Qemu-devel] [PATCH] block/iscsi: cancel libiscsi task when ABORT TASK TMF completes

[Stefan Hajnoczi]

The libiscsi iscsi_task_mgmt_async() API documentation says:

  abort_task will also cancel the scsi task. The callback for the scsi
  task will be invoked with SCSI_STATUS_CANCELLED

The libiscsi implementation does not fulfil this promise.  The task's
callback is not invoked and its struct iscsi_pdu remains in the internal
list (effectively leaked).

This patch invokes the libiscsi iscsi_scsi_cancel_task() API to force
the task's callback to be invoked with SCSI_STATUS_CANCELLED when the
ABORT TASK TMF completes and the task's callback hasn't been invoked
yet.

Signed-off-by: Stefan Hajnoczi 
---
 block/iscsi.c | 16 ++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/block/iscsi.c b/block/iscsi.c
index 41e67cb371..4cb188ac2b 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -292,8 +292,12 @@ iscsi_abort_task_cb(struct iscsi_context *iscsi, int 
status, void *command_data,
 {
 IscsiAIOCB *acb = private_data;
 
-acb->status = -ECANCELED;
-iscsi_schedule_bh(acb);
+/* If the command callback hasn't been called yet, drop the task */
+if (!acb->bh) {
+/* Call iscsi_aio_ioctl_cb() with SCSI_STATUS_CANCELLED */
+iscsi_scsi_cancel_task(iscsi, acb->task);
+}
+
 qemu_aio_unref(acb); /* acquired in iscsi_aio_cancel() */
 }
 
@@ -941,6 +945,14 @@ iscsi_aio_ioctl_cb(struct iscsi_context *iscsi, int status,
 {
 IscsiAIOCB *acb = opaque;
 
+if (status == SCSI_STATUS_CANCELLED) {
+if (!acb->bh) {
+acb->status = -ECANCELED;
+iscsi_schedule_bh(acb);
+}
+return;
+}
+
 acb->status = 0;
 if (status < 0) {
 error_report("Failed to ioctl(SG_IO) to iSCSI lun. %s",
-- 
2.14.3

Re: [Qemu-devel] [PATCH 3/3] block/ssh: Add basic .bdrv_truncate()

[Richard W.M. Jones]

The series looks fine to me:

  Reviewed-by: Richard W.M. Jones 

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

Re: [Qemu-devel] [PATCH 01/30] util/cutils: extract byte-based definitions into a new header: "qemu/cunits.h"

[Thomas Huth]

On 15.02.2018 10:55, Marc-André Lureau wrote:
> On Thu, Feb 15, 2018 at 5:28 AM, Philippe Mathieu-Daudé  
> wrote:
>> (added in 076b35b5a56)
>>
>> Signed-off-by: Philippe Mathieu-Daudé 
> 
> Or osdep.h?

No, osdep.h is for "OS includes and handling of OS dependencies", not
for declaring constants like this.

 Thomas

[Qemu-devel] [PATCH] Polish the version strings containing the package version

[Thomas Huth]

Since commit 67a1de0d195a there is no space anymore between the
version number and the parentheses when running configure with
--with-pkgversion=foo :

 $ qemu-system-s390x --version
 QEMU emulator version 2.11.50(foo)

But the space is included when building without that option
when building from a git checkout:

 $ qemu-system-s390x --version
 QEMU emulator version 2.11.50 (v2.11.0-1494-gbec9c64-dirty)

The same confusion exists with the "query-version" QMP command.
Let's fix this by introducing a proper QEMU_FULL_VERSION definition
that includes the space and parentheses, while the QEMU_PKGVERSION
should just cleanly contain the package version string itself.
Note that this also changes the behavior of the "query-version" QMP
command (the space and parentheses are not included there anymore),
but that's supposed to be OK since the strings there are not meant
to be parsed by other tools.

Fixes: 67a1de0d195a6185c39b436159c9ffc7720bf979
Buglink: https://bugs.launchpad.net/qemu/+bug/1673373
Signed-off-by: Thomas Huth 
---
 Makefile  | 20 +++-
 bsd-user/main.c   |  2 +-
 configure |  2 +-
 linux-user/main.c |  2 +-
 qemu-img.c|  2 +-
 qemu-io.c |  2 +-
 qemu-nbd.c|  2 +-
 qga/main.c|  2 +-
 scsi/qemu-pr-helper.c |  2 +-
 ui/cocoa.m|  2 +-
 vl.c  |  2 +-
 11 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/Makefile b/Makefile
index b5a6d60..e6afe5c 100644
--- a/Makefile
+++ b/Makefile
@@ -367,21 +367,23 @@ all: $(DOCS) $(TOOLS) $(HELPERS-y) recurse-all modules
 qemu-version.h: FORCE
$(call quiet-command, \
(cd $(SRC_PATH); \
-   printf '#define QEMU_PKGVERSION '; \
if test -n "$(PKGVERSION)"; then \
-   printf '"$(PKGVERSION)"\n'; \
+   pkgvers="$(PKGVERSION)"; \
else \
if test -d .git; then \
-   printf '" ('; \
-   git describe --match 'v*' 2>/dev/null | tr -d 
'\n'; \
+   pkgvers=$$(git describe --match 'v*' 
2>/dev/null | tr -d '\n');\
if ! git diff-index --quiet HEAD &>/dev/null; 
then \
-   printf -- '-dirty'; \
+   pkgvers="$${pkgvers}-dirty"; \
fi; \
-   printf ')"\n'; \
-   else \
-   printf '""\n'; \
fi; \
-   fi) > $@.tmp)
+   fi; \
+   printf "#define QEMU_PKGVERSION \"$${pkgvers}\"\n"; \
+   if test -n "$${pkgvers}"; then \
+   printf '#define QEMU_FULL_VERSION QEMU_VERSION " (" 
QEMU_PKGVERSION ")"\n'; \
+   else \
+   printf '#define QEMU_FULL_VERSION QEMU_VERSION\n'; \
+   fi; \
+   ) > $@.tmp)
$(call quiet-command, if ! cmp -s $@ $@.tmp; then \
  mv $@.tmp $@; \
 else \
diff --git a/bsd-user/main.c b/bsd-user/main.c
index efef5ff..05aa559 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -649,7 +649,7 @@ void cpu_loop(CPUSPARCState *env)
 
 static void usage(void)
 {
-printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
+printf("qemu-" TARGET_NAME " version " QEMU_FULL_VERSION
"\n" QEMU_COPYRIGHT "\n"
"usage: qemu-" TARGET_NAME " [options] program [arguments...]\n"
"BSD CPU emulator (compiled for %s emulation)\n"
diff --git a/configure b/configure
index 913e148..5be086a 100755
--- a/configure
+++ b/configure
@@ -1160,7 +1160,7 @@ for opt do
   ;;
   --disable-blobs) blobs="no"
   ;;
-  --with-pkgversion=*) pkgversion=" ($optarg)"
+  --with-pkgversion=*) pkgversion="$optarg"
   ;;
   --with-coroutine=*) coroutine="$optarg"
   ;;
diff --git a/linux-user/main.c b/linux-user/main.c
index 7de0e02..dfd4c98 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -4068,7 +4068,7 @@ static void handle_arg_strace(const char *arg)
 
 static void handle_arg_version(const char *arg)
 {
-printf("qemu-" TARGET_NAME " version " QEMU_VERSION QEMU_PKGVERSION
+printf("qemu-" TARGET_NAME " version " QEMU_FULL_VERSION
"\n" QEMU_COPYRIGHT "\n");
 exit(EXIT_SUCCESS);
 }
diff --git a/qemu-img.c b/qemu-img.c
index 56edc15..e56a15d 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -46,7 +46,7 @@
 #include "crypto/init.h"
 #include "trace/control.h"
 
-#define QEMU_IMG_VERSION "qemu-img version " QEMU_VERSION QEMU_PKGVERSION \
+#define QEMU_IMG_VERSION "qemu-img version " QEMU_FULL_VERSION \
   "\n" QEMU_COPYRIGHT "\n"
 
 typedef struct img_cmd_t {
diff --git a/qemu-io.c b/qemu-io.c
index f554ab6..b0efa96 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -534,7 +534,7 @@ int 

Re: [Qemu-devel] [PATCH v3] s390x/tcg: add various alignment checks

[David Hildenbrand]

On 15.02.2018 11:38, David Hildenbrand wrote:
> Let's add proper alignment checks for a handful of instructions that
> require a SPECIFICATION exception in case alignment is violated.
> 
> Introduce new wout/in functions. As we are right now only using them for
> privileged instructions, we have to add ugly ifdefs to silence
> compilers.
> 
> Convert STORE CPU ID right away to make use of the wout function.
> 
> Signed-off-by: David Hildenbrand 
> ---
>  target/s390x/insn-data.def | 16 
>  target/s390x/mem_helper.c  | 25 +
>  target/s390x/translate.c   | 43 ++-
>  3 files changed, 75 insertions(+), 9 deletions(-)
> 
> diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
> index 621e10d615..157619403d 100644
> --- a/target/s390x/insn-data.def
> +++ b/target/s390x/insn-data.def
> @@ -1000,13 +1000,13 @@
>  /* ??? Not implemented - is it necessary? */
>  C(0xb204, SCK, S, Z,   0, 0, 0, 0, 0, 0)
>  /* SET CLOCK COMPARATOR */
> -C(0xb206, SCKC,S, Z,   0, m2_64, 0, 0, sckc, 0)
> +C(0xb206, SCKC,S, Z,   0, m2_64a, 0, 0, sckc, 0)
>  /* SET CLOCK PROGRAMMABLE FIELD */
>  C(0x0107, SCKPF,   E, Z,   0, 0, 0, 0, sckpf, 0)
>  /* SET CPU TIMER */
> -C(0xb208, SPT, S, Z,   0, m2_64, 0, 0, spt, 0)
> +C(0xb208, SPT, S, Z,   0, m2_64a, 0, 0, spt, 0)
>  /* SET PREFIX */
> -C(0xb210, SPX, S, Z,   0, m2_32u, 0, 0, spx, 0)
> +C(0xb210, SPX, S, Z,   0, m2_32ua, 0, 0, spx, 0)
>  /* SET PSW KEY FROM ADDRESS */
>  C(0xb20a, SPKA,S, Z,   0, a2, 0, 0, spka, 0)
>  /* SET STORAGE KEY EXTENDED */
> @@ -1021,20 +1021,20 @@
>  /* STORE CLOCK EXTENDED */
>  C(0xb278, STCKE,   S, Z,   0, a2, 0, 0, stcke, 0)
>  /* STORE CLOCK COMPARATOR */
> -C(0xb207, STCKC,   S, Z,   la2, 0, new, m1_64, stckc, 0)
> +C(0xb207, STCKC,   S, Z,   la2, 0, new, m1_64a, stckc, 0)
>  /* STORE CONTROL */
>  C(0xb600, STCTL,   RS_a,  Z,   0, a2, 0, 0, stctl, 0)
>  C(0xeb25, STCTG,   RSY_a, Z,   0, a2, 0, 0, stctg, 0)
>  /* STORE CPU ADDRESS */
> -C(0xb212, STAP,S, Z,   la2, 0, new, m1_16, stap, 0)
> +C(0xb212, STAP,S, Z,   la2, 0, new, m1_16a, stap, 0)
>  /* STORE CPU ID */
> -C(0xb202, STIDP,   S, Z,   la2, 0, new, 0, stidp, 0)
> +C(0xb202, STIDP,   S, Z,   la2, 0, new, m1_64a, stidp, 0)
>  /* STORE CPU TIMER */
> -C(0xb209, STPT,S, Z,   la2, 0, new, m1_64, stpt, 0)
> +C(0xb209, STPT,S, Z,   la2, 0, new, m1_64a, stpt, 0)
>  /* STORE FACILITY LIST */
>  C(0xb2b1, STFL,S, Z,   0, 0, 0, 0, stfl, 0)
>  /* STORE PREFIX */
> -C(0xb211, STPX,S, Z,   la2, 0, new, m1_32, stpx, 0)
> +C(0xb211, STPX,S, Z,   la2, 0, new, m1_32a, stpx, 0)
>  /* STORE SYSTEM INFORMATION */
>  C(0xb27d, STSI,S, Z,   0, a2, 0, 0, stsi, 0)
>  /* STORE THEN AND SYSTEM MASK */
> diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
> index 427b795a78..d5291b246e 100644
> --- a/target/s390x/mem_helper.c
> +++ b/target/s390x/mem_helper.c
> @@ -693,6 +693,11 @@ void HELPER(lam)(CPUS390XState *env, uint32_t r1, 
> uint64_t a2, uint32_t r3)
>  uintptr_t ra = GETPC();
>  int i;
>  
> +if (a2 & 0x3) {
> +/* we either came here by lam or lamy, which have different lengths 
> */
> +s390_program_interrupt(env, PGM_SPECIFICATION, ILEN_AUTO, ra);
> +}
> +
>  for (i = r1;; i = (i + 1) % 16) {
>  env->aregs[i] = cpu_ldl_data_ra(env, a2, ra);
>  a2 += 4;
> @@ -709,6 +714,10 @@ void HELPER(stam)(CPUS390XState *env, uint32_t r1, 
> uint64_t a2, uint32_t r3)
>  uintptr_t ra = GETPC();
>  int i;
>  
> +if (a2 & 0x3) {
> +s390_program_interrupt(env, PGM_SPECIFICATION, 4, ra);
> +}
> +
>  for (i = r1;; i = (i + 1) % 16) {
>  cpu_stl_data_ra(env, a2, env->aregs[i], ra);
>  a2 += 4;
> @@ -1620,6 +1629,10 @@ void HELPER(lctlg)(CPUS390XState *env, uint32_t r1, 
> uint64_t a2, uint32_t r3)
>  uint64_t src = a2;
>  uint32_t i;
>  
> +if (src & 0x7) {
> +s390_program_interrupt(env, PGM_SPECIFICATION, 6, ra);
> +}
> +
>  for (i = r1;; i = (i + 1) % 16) {
>  uint64_t val = cpu_ldq_data_ra(env, src, ra);
>  if (env->cregs[i] != val && i >= 9 && i <= 11) {
> @@ -1650,6 +1663,10 @@ void HELPER(lctl)(CPUS390XState *env, uint32_t r1, 
> uint64_t a2, uint32_t r3)
>  uint64_t src = a2;
>  uint32_t i;
>  
> +if (src & 0x3) {
> +s390_program_interrupt(env, PGM_SPECIFICATION, 4, ra);
> +}
> +
>  for (i = r1;; i = (i + 1) % 16) {
>  uint32_t val = cpu_ldl_data_ra(env, src, ra);
>  if ((uint32_t)env->cregs[i] != val && i >= 9 && i <= 11) {
> @@ -1677,6 +1694,10 @@ void HELPER(stctg)(CPUS390XState *env, uint32_t r1, 
> uint64_t a2, uint32_t r3)
>  uint64_t dest = a2;
>  uint32_t i;

[Qemu-devel] [PATCH v3] s390x/tcg: add various alignment checks

[David Hildenbrand]

Let's add proper alignment checks for a handful of instructions that
require a SPECIFICATION exception in case alignment is violated.

Introduce new wout/in functions. As we are right now only using them for
privileged instructions, we have to add ugly ifdefs to silence
compilers.

Convert STORE CPU ID right away to make use of the wout function.

Signed-off-by: David Hildenbrand 
---
 target/s390x/insn-data.def | 16 
 target/s390x/mem_helper.c  | 25 +
 target/s390x/translate.c   | 43 ++-
 3 files changed, 75 insertions(+), 9 deletions(-)

diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 621e10d615..157619403d 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -1000,13 +1000,13 @@
 /* ??? Not implemented - is it necessary? */
 C(0xb204, SCK, S, Z,   0, 0, 0, 0, 0, 0)
 /* SET CLOCK COMPARATOR */
-C(0xb206, SCKC,S, Z,   0, m2_64, 0, 0, sckc, 0)
+C(0xb206, SCKC,S, Z,   0, m2_64a, 0, 0, sckc, 0)
 /* SET CLOCK PROGRAMMABLE FIELD */
 C(0x0107, SCKPF,   E, Z,   0, 0, 0, 0, sckpf, 0)
 /* SET CPU TIMER */
-C(0xb208, SPT, S, Z,   0, m2_64, 0, 0, spt, 0)
+C(0xb208, SPT, S, Z,   0, m2_64a, 0, 0, spt, 0)
 /* SET PREFIX */
-C(0xb210, SPX, S, Z,   0, m2_32u, 0, 0, spx, 0)
+C(0xb210, SPX, S, Z,   0, m2_32ua, 0, 0, spx, 0)
 /* SET PSW KEY FROM ADDRESS */
 C(0xb20a, SPKA,S, Z,   0, a2, 0, 0, spka, 0)
 /* SET STORAGE KEY EXTENDED */
@@ -1021,20 +1021,20 @@
 /* STORE CLOCK EXTENDED */
 C(0xb278, STCKE,   S, Z,   0, a2, 0, 0, stcke, 0)
 /* STORE CLOCK COMPARATOR */
-C(0xb207, STCKC,   S, Z,   la2, 0, new, m1_64, stckc, 0)
+C(0xb207, STCKC,   S, Z,   la2, 0, new, m1_64a, stckc, 0)
 /* STORE CONTROL */
 C(0xb600, STCTL,   RS_a,  Z,   0, a2, 0, 0, stctl, 0)
 C(0xeb25, STCTG,   RSY_a, Z,   0, a2, 0, 0, stctg, 0)
 /* STORE CPU ADDRESS */
-C(0xb212, STAP,S, Z,   la2, 0, new, m1_16, stap, 0)
+C(0xb212, STAP,S, Z,   la2, 0, new, m1_16a, stap, 0)
 /* STORE CPU ID */
-C(0xb202, STIDP,   S, Z,   la2, 0, new, 0, stidp, 0)
+C(0xb202, STIDP,   S, Z,   la2, 0, new, m1_64a, stidp, 0)
 /* STORE CPU TIMER */
-C(0xb209, STPT,S, Z,   la2, 0, new, m1_64, stpt, 0)
+C(0xb209, STPT,S, Z,   la2, 0, new, m1_64a, stpt, 0)
 /* STORE FACILITY LIST */
 C(0xb2b1, STFL,S, Z,   0, 0, 0, 0, stfl, 0)
 /* STORE PREFIX */
-C(0xb211, STPX,S, Z,   la2, 0, new, m1_32, stpx, 0)
+C(0xb211, STPX,S, Z,   la2, 0, new, m1_32a, stpx, 0)
 /* STORE SYSTEM INFORMATION */
 C(0xb27d, STSI,S, Z,   0, a2, 0, 0, stsi, 0)
 /* STORE THEN AND SYSTEM MASK */
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 427b795a78..d5291b246e 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -693,6 +693,11 @@ void HELPER(lam)(CPUS390XState *env, uint32_t r1, uint64_t 
a2, uint32_t r3)
 uintptr_t ra = GETPC();
 int i;
 
+if (a2 & 0x3) {
+/* we either came here by lam or lamy, which have different lengths */
+s390_program_interrupt(env, PGM_SPECIFICATION, ILEN_AUTO, ra);
+}
+
 for (i = r1;; i = (i + 1) % 16) {
 env->aregs[i] = cpu_ldl_data_ra(env, a2, ra);
 a2 += 4;
@@ -709,6 +714,10 @@ void HELPER(stam)(CPUS390XState *env, uint32_t r1, 
uint64_t a2, uint32_t r3)
 uintptr_t ra = GETPC();
 int i;
 
+if (a2 & 0x3) {
+s390_program_interrupt(env, PGM_SPECIFICATION, 4, ra);
+}
+
 for (i = r1;; i = (i + 1) % 16) {
 cpu_stl_data_ra(env, a2, env->aregs[i], ra);
 a2 += 4;
@@ -1620,6 +1629,10 @@ void HELPER(lctlg)(CPUS390XState *env, uint32_t r1, 
uint64_t a2, uint32_t r3)
 uint64_t src = a2;
 uint32_t i;
 
+if (src & 0x7) {
+s390_program_interrupt(env, PGM_SPECIFICATION, 6, ra);
+}
+
 for (i = r1;; i = (i + 1) % 16) {
 uint64_t val = cpu_ldq_data_ra(env, src, ra);
 if (env->cregs[i] != val && i >= 9 && i <= 11) {
@@ -1650,6 +1663,10 @@ void HELPER(lctl)(CPUS390XState *env, uint32_t r1, 
uint64_t a2, uint32_t r3)
 uint64_t src = a2;
 uint32_t i;
 
+if (src & 0x3) {
+s390_program_interrupt(env, PGM_SPECIFICATION, 4, ra);
+}
+
 for (i = r1;; i = (i + 1) % 16) {
 uint32_t val = cpu_ldl_data_ra(env, src, ra);
 if ((uint32_t)env->cregs[i] != val && i >= 9 && i <= 11) {
@@ -1677,6 +1694,10 @@ void HELPER(stctg)(CPUS390XState *env, uint32_t r1, 
uint64_t a2, uint32_t r3)
 uint64_t dest = a2;
 uint32_t i;
 
+if (dest & 0x7) {
+s390_program_interrupt(env, PGM_SPECIFICATION, 6, ra);
+}
+
 for (i = r1;; i = (i + 1) % 16) {
 cpu_stq_data_ra(env, dest, env->cregs[i], ra);
 dest += sizeof(uint64_t);
@@ -1693,6 +1714,10 @@ void HELPER(stctl)(CPUS390XState 

Re: [Qemu-devel] [PATCH v2 0/3] block/iscsi: fix ioctl cancel use-after-free

[Stefan Hajnoczi]

On Sat, Feb 03, 2018 at 07:16:18AM +0100, Stefan Hajnoczi wrote:
> v2:
>  * It was unnecessary to avoid duplicate iscsi_schedule_bh() calls since this
>function already protects against duplicate calls internally [Stefan]
> 
> Patches 1 & 2 are cleanups.
> 
> Patch 3 fixes cancellation of ioctls.  Felipe showed me a trace where an acb 
> is
> cancelled and then completes twice.  The second time around crashes QEMU.
> 
> Compile-tested only.
> 
> Felipe: Please let us know if this fixes the issue you are seeing.  Thanks!
> 
> Stefan Hajnoczi (3):
>   block/iscsi: drop unused IscsiAIOCB->buf field
>   block/iscsi: take iscsilun->mutex in iscsi_timed_check_events()
>   block/iscsi: fix ioctl cancel use-after-free
> 
>  block/iscsi.c | 33 ++---
>  1 file changed, 22 insertions(+), 11 deletions(-)

Thanks for the reviews, Paolo and Felipe.

Paolo: Please merge this, I'll send an additional patch that works
around libiscsi's missing cancellation callback.


signature.asc
Description: PGP signature

[Qemu-devel] GSoC project idea: iSCSI target in QEMU

[Stefan Hajnoczi]

There is currently no way to test the block/iscsi.c block driver.
Using a third-party iSCSI target isn't sufficient since we need fault
injection and control over I/O request execution in order to exercise
specific code paths in the initiator.

Are you willing to co-mentor a Google Summer of Code project to
implement an iSCSI target in QEMU?

There are two goals:
1. Runtime iSCSI target QMP commands to start/stop and add/remove LUNs.
2. qemu-iscsi wrapper program for easy command-line launching.

I think iSCSI target functionality will be useful beyond testing.  It
will make it possible to attach disk images to physical machines or
VMs using a widely implemented protocol.

QEMU already has blkdebug for fault injection and a SCSI target.
We're just missing the iSCSI wire protocol that wraps SCSI CDBs.  The
basic idea is to implement a runtime iSCSI server (similar to the NBD
server) that speaks the iSCSI protocol and passes SCSI requests to
QEMU's SCSI target.

I briefly looked at include/hw/scsi/scsi.h to check if this is
feasible.  It looks like it's possible to instantiate a SCSIBus
without a parent DeviceState.  The SCSI target is tied to device
emulation since every LUN is a SCSIDevice and it's also tied to live
migration.  But I don't think these things prevent iSCSI from reusing
this code.

The next step is to look at the iSCSI RFC to determine how feasible
this would be:
https://tools.ietf.org/html/rfc7143

Stefan

[Qemu-devel] [PATCH] vnc: remove bogus object_unref on client socket

[Daniel P . Berrangé]

vnc_listen_io() does not own the reference on the 'cioc' parameter is it
passed, so should not be unref'ing it.

Reported-by: Bandan Das 
Signed-off-by: Daniel P. Berrangé 
---
 ui/vnc.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index c715bae1cf..b97769aa9e 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -3152,7 +3152,6 @@ static void vnc_listen_io(QIONetListener *listener,
  isWebsock ? "vnc-ws-server" : "vnc-server");
 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
 vnc_connect(vd, cioc, false, isWebsock);
-object_unref(OBJECT(cioc));
 }
 
 static const DisplayChangeListenerOps dcl_ops = {
-- 
2.14.3

Re: [Qemu-devel] [PATCH v2 8/8] qapi: query-blockstat: add driver specific file-posix stats

[Anton Nefedov]

On 12/2/2018 7:38 PM, Anton Nefedov wrote:



On 3/2/2018 6:59 PM, Markus Armbruster wrote:

Eric Blake  writes:


On 01/19/2018 06:50 AM, Anton Nefedov wrote:

+
+##
+# @BlockDriverStats:
+#
+# Statistics of a block driver (driver-specific)
+#
+# Since: 2.12
+##
+{ 'union': 'BlockDriverStats',
+  'data': {
+  'file': 'BlockDriverStatsFile'
+  } }


Markus has been adamant that we add no new "simple unions" (unions with
a 'discriminator' field) - because they are anything but simple in the
long run.


Indeed.  You could make this a flat union, similar to BlockdevOptions:

{ 'union': 'BlockDriverStats':
   'base': { 'driver': 'BlockdevDriver' },
   'discriminator': 'driver',
   'data': {
   'file': 'BlockDriverStatsFile',
   ... } }

However:


+
+##
  # @BlockStats:
  #
  # Statistics of a virtual block device or a block backing device.
@@ -785,6 +819,8 @@
  #
  # @stats:  A @BlockDeviceStats for the device.
  #
+# @driver-stats: Optional driver-specific statistics. (Since 2.12)
+#
  # @parent: This describes the file block device if it has one.
  #  Contains recursively the statistics of the underlying
  #  protocol (e.g. the host file for a qcow2 image). If 
there is

@@ -798,6 +834,7 @@
  { 'struct': 'BlockStats',
    'data': {'*device': 'str', '*node-name': 'str',
 'stats': 'BlockDeviceStats',
+   '*driver-stats': 'BlockDriverStats',


You're adding a union of driver-specific stats to a struct of generic
stats.  That's unnecessarily complicated.  Instead, turn the struct of
generic stats into a flat union, like this:

{ 'union': 'BlockStats',
   'base': { ... the generic stats, i.e. the members of BlockStats
 before this patch ...
 'driver': 'BlockdevDriver' }
   'discriminator': 'driver',
   'data': {
   'file': 'BlockDriverStatsFile',
   ... } }


...[1] You are using it alongside a struct that already uses '-'
(node-name), so you should use dashes.

So, the difference between your proposal (a simple union) and using a
"flat union", on the wire, is yours:

"return": { ..., "driver-stats": { "type": "file", "data": {
"discard_nb_ok: ... } } }

vs. a flat union:

"return": { ..., "driver-stats": { "driver": "file", "discard-nb-ok":
... } }

where you can benefit from less nesting and a saner discriminator name.


My proposal peels off yet another level of nesting.



The output is better indeed, thanks; a little drawback is now we need to
pass the whole BlockStats to the driver so it fills its stats.

e.g. the interface:

     void (*bdrv_get_stats)(BlockDriverState *bs, BlockStats *stats);

And that BlockdevDriver subset type (or a generator patch) still seems
to be needed

   { 'enum' : 'BlockdevDriverWithStats',
     'data' : [ 'file' ] }


Hmm, actually it seems the driver-specific-stats should either be
optional, or we need to handle the rest of the drivers in the generated
code.

(i.e. with the dummy enum as above, what should the mandatory 'driver'
field be when there's e.g. nbd driver? It will default to 0, and that is
BLOCKDEV_DRIVER_WITH_STATS_FILE, so it will be interpreted as 'file' in
qmp output)


If we patch the generator, I guess we could add smth like a new tag to
the union that has no data for some discriminators?

e.g.

{ 'union': 'BlockStats',
  'base': {'*device': 'str', '*node-name': 'str',
   'stats': 'BlockDeviceStats',
   '*parent': 'BlockStats',
   '*backing': 'BlockStats',
   'driver': 'BlockdevDriver'},
  'discriminator': 'driver',
  'data-optional': { < instead of 'data'
  'file': 'BlockDriverStatsFile',
  } }

Then the generator would need to:
  - pick either 'data-optional' or 'data' members
  - skip 'data missing branch' check for such unions
  - do not abort() when visiting the union and discriminator pointing
to no data type

I can try and implement this if there's no other suggestion?

/Anton

[Qemu-devel] [PATCHv3 4/4] qemu-doc: deprecate query-cpus and info cpus

[Viktor Mihajlovski]

Start the deprecation period for QAPI query-cpus (replaced by
query-cpus-fast) and HMP 'info cpus' (replaced by 'info cpus_fast')
beginning with 2.12.0.

Signed-off-by: Viktor Mihajlovski 
---
 hmp-commands-info.hx |  4 ++--
 qapi-schema.json |  4 
 qemu-doc.texi| 10 ++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index 16ac602..2ccb9c7 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -149,14 +149,14 @@ ETEXI
 .name   = "cpus",
 .args_type  = "",
 .params = "",
-.help   = "show infos for each CPU",
+.help   = "show infos for each CPU (deprecated, use info cpus_fast 
instead)",
 .cmd= hmp_info_cpus,
 },
 
 STEXI
 @item info cpus
 @findex info cpus
-Show infos for each CPU.
+Show infos for each CPU. Deprecated, please use @code{info cpus_fast} instead.
 ETEXI
 
 {
diff --git a/qapi-schema.json b/qapi-schema.json
index e6ca63f..cd98a94 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -587,6 +587,10 @@
 #   ]
 #}
 #
+# Notes: This interface is deprecated (since 2.12.0), and it is strongly
+#recommended that you avoid using it. Use @query-cpus-fast to
+#obtain information about virtual CPUs.
+#
 ##
 { 'command': 'query-cpus', 'returns': ['CpuInfo'] }
 
diff --git a/qemu-doc.texi b/qemu-doc.texi
index 769968a..46aacb6 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -2757,6 +2757,12 @@ used and it will be removed with no replacement.
 The ``convert -s snapshot_id_or_name'' argument is obsoleted
 by the ``convert -l snapshot_param'' argument instead.
 
+@section System emulator monitor commands
+
+@subsection query-cpus (since 2.12.0)
+
+The ``query-cpus'' command is replaced by the ``query-cpus-fast'' command.
+
 @section System emulator human monitor commands
 
 @subsection host_net_add (since 2.10.0)
@@ -2767,6 +2773,10 @@ The ``host_net_add'' command is replaced by the 
``netdev_add'' command.
 
 The ``host_net_remove'' command is replaced by the ``netdev_del'' command.
 
+@subsection info cpus (since 2.12.0)
+
+The ``info cpus'' command is replaced by the ``info cpus_fast'' command.
+
 @section System emulator devices
 
 @subsection ivshmem (since 2.6.0)
-- 
1.9.1

[Qemu-devel] [PATCHv3 2/4] qmp: add query-cpus-fast

[Viktor Mihajlovski]

From: Luiz Capitulino 

The query-cpus command has an extremely serious side effect:
it always interrupts all running vCPUs so that they can run
ioctl calls. This can cause a huge performance degradation for
some workloads. And most of the information retrieved by the
ioctl calls are not even used by query-cpus.

This commit introduces a replacement for query-cpus called
query-cpus-fast, which has the following features:

 o Never interrupt vCPUs threads. query-cpus-fast only returns
   vCPU information maintained by QEMU itself, which should be
   sufficient for most management software needs

 o Drop "halted" field as it can not retrieved in a fast
   way on most architectures

 o Drop irrelevant fields such as "current", "pc" and "arch"

 o Rename some fields for better clarification & proper naming
   standard

Signed-off-by: Luiz Capitulino 
Signed-off-by: Viktor Mihajlovski 
Reviewed-by: Cornelia Huck 
Acked-by: Dr. David Alan Gilbert 
Acked-by: Eric Blake 
---
 cpus.c   | 38 
 hmp-commands-info.hx | 14 +++
 hmp.c| 14 +++
 hmp.h|  1 +
 qapi-schema.json | 70 
 5 files changed, 137 insertions(+)

diff --git a/cpus.c b/cpus.c
index 6006931..6df6660 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2156,6 +2156,44 @@ CpuInfoList *qmp_query_cpus(Error **errp)
 return head;
 }
 
+/*
+ * fast means: we NEVER interrupt vCPU threads to retrieve
+ * information from KVM.
+ */
+CpuInfoFastList *qmp_query_cpus_fast(Error **errp)
+{
+MachineState *ms = MACHINE(qdev_get_machine());
+MachineClass *mc = MACHINE_GET_CLASS(ms);
+CpuInfoFastList *head = NULL, *cur_item = NULL;
+CPUState *cpu;
+
+CPU_FOREACH(cpu) {
+CpuInfoFastList *info = g_malloc0(sizeof(*info));
+info->value = g_malloc0(sizeof(*info->value));
+
+info->value->cpu_index = cpu->cpu_index;
+info->value->qom_path = object_get_canonical_path(OBJECT(cpu));
+info->value->thread_id = cpu->thread_id;
+
+info->value->has_props = !!mc->cpu_index_to_instance_props;
+if (info->value->has_props) {
+CpuInstanceProperties *props;
+props = g_malloc0(sizeof(*props));
+*props = mc->cpu_index_to_instance_props(ms, cpu->cpu_index);
+info->value->props = props;
+}
+
+if (!cur_item) {
+head = cur_item = info;
+} else {
+cur_item->next = info;
+cur_item = info;
+}
+}
+
+return head;
+}
+
 void qmp_memsave(int64_t addr, int64_t size, const char *filename,
  bool has_cpu, int64_t cpu_index, Error **errp)
 {
diff --git a/hmp-commands-info.hx b/hmp-commands-info.hx
index ad590a4..16ac602 100644
--- a/hmp-commands-info.hx
+++ b/hmp-commands-info.hx
@@ -160,6 +160,20 @@ Show infos for each CPU.
 ETEXI
 
 {
+.name   = "cpus_fast",
+.args_type  = "",
+.params = "",
+.help   = "show information for each CPU without interrupting 
them",
+.cmd= hmp_info_cpus_fast,
+},
+
+STEXI
+@item info cpus_fast
+@findex info cpus_fast
+Show infos for each CPU without performance penalty.
+ETEXI
+
+{
 .name   = "history",
 .args_type  = "",
 .params = "",
diff --git a/hmp.c b/hmp.c
index a6b94b7..0bd3b3a 100644
--- a/hmp.c
+++ b/hmp.c
@@ -410,6 +410,20 @@ void hmp_info_cpus(Monitor *mon, const QDict *qdict)
 qapi_free_CpuInfoList(cpu_list);
 }
 
+void hmp_info_cpus_fast(Monitor *mon, const QDict *qdict)
+{
+CpuInfoFastList *head, *cpu;
+
+head = qmp_query_cpus_fast(NULL);
+
+for (cpu = head; cpu; cpu = cpu->next) {
+monitor_printf(mon, "  CPU #%" PRId64 ":", cpu->value->cpu_index);
+monitor_printf(mon, " thread-id=%" PRId64 "\n", cpu->value->thread_id);
+}
+
+qapi_free_CpuInfoFastList(head);
+}
+
 static void print_block_info(Monitor *mon, BlockInfo *info,
  BlockDeviceInfo *inserted, bool verbose)
 {
diff --git a/hmp.h b/hmp.h
index 1143db4..93fb4e4 100644
--- a/hmp.h
+++ b/hmp.h
@@ -29,6 +29,7 @@ void hmp_info_migrate_capabilities(Monitor *mon, const QDict 
*qdict);
 void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict);
 void hmp_info_migrate_cache_size(Monitor *mon, const QDict *qdict);
 void hmp_info_cpus(Monitor *mon, const QDict *qdict);
+void hmp_info_cpus_fast(Monitor *mon, const QDict *qdict);
 void hmp_info_block(Monitor *mon, const QDict *qdict);
 void hmp_info_blockstats(Monitor *mon, const QDict *qdict);
 void hmp_info_vnc(Monitor *mon, const QDict *qdict);
diff --git a/qapi-schema.json b/qapi-schema.json
index 94d560e..815f072 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -552,6 +552,12 @@
 #
 # Returns a list of 

[Qemu-devel] [PATCHv3 1/4] qmp: expose s390-specific CPU info

[Viktor Mihajlovski]

Presently s390x is the only architecture not exposing specific
CPU information via QMP query-cpus. Upstream discussion has shown
that it could make sense to report the architecture specific CPU
state, e.g. to detect that a CPU has been stopped.

With this change the output of query-cpus will look like this on
s390:

   [
 {"arch": "s390", "current": true,
  "props": {"core-id": 0}, "cpu-state": "operating", "CPU": 0,
  "qom_path": "/machine/unattached/device[0]",
  "halted": false, "thread_id": 63115},
 {"arch": "s390", "current": false,
  "props": {"core-id": 1}, "cpu-state": "stopped", "CPU": 1,
  "qom_path": "/machine/unattached/device[1]",
  "halted": true, "thread_id": 63116}
   ]

Signed-off-by: Viktor Mihajlovski 
Acked-by: Eric Blake 
Reviewed-by: David Hildenbrand 
Reviewed-by: Christian Borntraeger 
---
 cpus.c |  6 ++
 hmp.c  |  4 
 hw/intc/s390_flic.c|  4 ++--
 hw/s390x/s390-virtio-ccw.c |  2 +-
 qapi-schema.json   | 28 +++-
 target/s390x/cpu.c | 24 
 target/s390x/cpu.h |  7 ++-
 target/s390x/kvm.c |  8 
 target/s390x/sigp.c| 38 +++---
 9 files changed, 77 insertions(+), 44 deletions(-)

diff --git a/cpus.c b/cpus.c
index f298b65..6006931 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2100,6 +2100,9 @@ CpuInfoList *qmp_query_cpus(Error **errp)
 #elif defined(TARGET_TRICORE)
 TriCoreCPU *tricore_cpu = TRICORE_CPU(cpu);
 CPUTriCoreState *env = _cpu->env;
+#elif defined(TARGET_S390X)
+S390CPU *s390_cpu = S390_CPU(cpu);
+CPUS390XState *env = _cpu->env;
 #endif
 
 cpu_synchronize_state(cpu);
@@ -2127,6 +2130,9 @@ CpuInfoList *qmp_query_cpus(Error **errp)
 #elif defined(TARGET_TRICORE)
 info->value->arch = CPU_INFO_ARCH_TRICORE;
 info->value->u.tricore.PC = env->PC;
+#elif defined(TARGET_S390X)
+info->value->arch = CPU_INFO_ARCH_S390;
+info->value->u.s390.cpu_state = env->cpu_state;
 #else
 info->value->arch = CPU_INFO_ARCH_OTHER;
 #endif
diff --git a/hmp.c b/hmp.c
index 7870d6a..a6b94b7 100644
--- a/hmp.c
+++ b/hmp.c
@@ -392,6 +392,10 @@ void hmp_info_cpus(Monitor *mon, const QDict *qdict)
 case CPU_INFO_ARCH_TRICORE:
 monitor_printf(mon, " PC=0x%016" PRIx64, cpu->value->u.tricore.PC);
 break;
+case CPU_INFO_ARCH_S390:
+monitor_printf(mon, " state=%s",
+   CpuS390State_str(cpu->value->u.s390.cpu_state));
+break;
 default:
 break;
 }
diff --git a/hw/intc/s390_flic.c b/hw/intc/s390_flic.c
index a85a149..5f8168f 100644
--- a/hw/intc/s390_flic.c
+++ b/hw/intc/s390_flic.c
@@ -192,8 +192,8 @@ static void qemu_s390_flic_notify(uint32_t type)
 cs->interrupt_request |= CPU_INTERRUPT_HARD;
 
 /* ignore CPUs that are not sleeping */
-if (s390_cpu_get_state(cpu) != CPU_STATE_OPERATING &&
-s390_cpu_get_state(cpu) != CPU_STATE_LOAD) {
+if (s390_cpu_get_state(cpu) != S390_CPU_STATE_OPERATING &&
+s390_cpu_get_state(cpu) != S390_CPU_STATE_LOAD) {
 continue;
 }
 
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 4abbe89..4d0c3de 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -368,7 +368,7 @@ static void s390_machine_reset(void)
 
 /* all cpus are stopped - configure and start the ipl cpu only */
 s390_ipl_prepare_cpu(ipl_cpu);
-s390_cpu_set_state(CPU_STATE_OPERATING, ipl_cpu);
+s390_cpu_set_state(S390_CPU_STATE_OPERATING, ipl_cpu);
 }
 
 static void s390_machine_device_plug(HotplugHandler *hotplug_dev,
diff --git a/qapi-schema.json b/qapi-schema.json
index 0262b9f..94d560e 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -410,10 +410,12 @@
 # An enumeration of cpu types that enable additional information during
 # @query-cpus.
 #
+# @s390: since 2.12
+#
 # Since: 2.6
 ##
 { 'enum': 'CpuInfoArch',
-  'data': ['x86', 'sparc', 'ppc', 'mips', 'tricore', 'other' ] }
+  'data': ['x86', 'sparc', 'ppc', 'mips', 'tricore', 's390', 'other' ] }
 
 ##
 # @CpuInfo:
@@ -452,6 +454,7 @@
 'ppc': 'CpuInfoPPC',
 'mips': 'CpuInfoMIPS',
 'tricore': 'CpuInfoTricore',
+'s390': 'CpuInfoS390',
 'other': 'CpuInfoOther' } }
 
 ##
@@ -522,6 +525,29 @@
 { 'struct': 'CpuInfoOther', 'data': { } }
 
 ##
+# @CpuS390State:
+#
+# An enumeration of cpu states that can be assumed by a virtual
+# S390 CPU
+#
+# Since: 2.12
+##
+{ 'enum': 'CpuS390State',
+  'prefix': 'S390_CPU_STATE',
+  'data': [ 'uninitialized', 'stopped', 'check-stop', 'operating', 'load' ] }
+
+##
+# @CpuInfoS390:
+#
+# Additional information about a virtual S390 CPU
+#
+# @cpu-state: 

[Qemu-devel] [PATCHv3 3/4] qmp: add architecture specific cpu data for query-cpus-fast

[Viktor Mihajlovski]

The s390 CPU state can be retrieved without interrupting the
VM execution. Extendend the CpuInfoFast union with architecture
specific data and an implementation for s390.

Return data looks like this:
 [
   {"thread-id":64301,"props":{"core-id":0},
"arch":"s390","cpu-state":"operating",
"qom-path":"/machine/unattached/device[0]","cpu-index":0},
   {"thread-id":64302,"props":{"core-id":1},
"arch":"s390","cpu-state":"operating",
"qom-path":"/machine/unattached/device[1]","cpu-index":1}
]

Signed-off-by: Viktor Mihajlovski 
Reviewed-by: Cornelia Huck 
Acked-by: Dr. David Alan Gilbert 
Acked-by: Eric Blake 
---
 cpus.c   | 10 ++
 hmp.c| 10 ++
 qapi-schema.json | 25 ++---
 3 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/cpus.c b/cpus.c
index 6df6660..af67826 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2166,6 +2166,10 @@ CpuInfoFastList *qmp_query_cpus_fast(Error **errp)
 MachineClass *mc = MACHINE_GET_CLASS(ms);
 CpuInfoFastList *head = NULL, *cur_item = NULL;
 CPUState *cpu;
+#if defined(TARGET_S390X)
+S390CPU *s390_cpu;
+CPUS390XState *env;
+#endif
 
 CPU_FOREACH(cpu) {
 CpuInfoFastList *info = g_malloc0(sizeof(*info));
@@ -2183,6 +2187,12 @@ CpuInfoFastList *qmp_query_cpus_fast(Error **errp)
 info->value->props = props;
 }
 
+#if defined(TARGET_S390X)
+s390_cpu = S390_CPU(cpu);
+env = _cpu->env;
+info->value->arch = CPU_INFO_ARCH_S390;
+info->value->u.s390.cpu_state = env->cpu_state;
+#endif
 if (!cur_item) {
 head = cur_item = info;
 } else {
diff --git a/hmp.c b/hmp.c
index 0bd3b3a..e27433e 100644
--- a/hmp.c
+++ b/hmp.c
@@ -418,6 +418,16 @@ void hmp_info_cpus_fast(Monitor *mon, const QDict *qdict)
 
 for (cpu = head; cpu; cpu = cpu->next) {
 monitor_printf(mon, "  CPU #%" PRId64 ":", cpu->value->cpu_index);
+
+switch (cpu->value->arch) {
+case CPU_INFO_ARCH_S390:
+monitor_printf(mon, " state=%s",
+   CpuS390State_str(cpu->value->u.s390.cpu_state));
+break;
+default:
+break;
+}
+
 monitor_printf(mon, " thread-id=%" PRId64 "\n", cpu->value->thread_id);
 }
 
diff --git a/qapi-schema.json b/qapi-schema.json
index 815f072..e6ca63f 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -408,7 +408,7 @@
 # @CpuInfoArch:
 #
 # An enumeration of cpu types that enable additional information during
-# @query-cpus.
+# @query-cpus and @query-cpus-fast.
 #
 # @s390: since 2.12
 #
@@ -604,12 +604,24 @@
 # @props: properties describing to which node/socket/core/thread
 # virtual CPU belongs to, provided if supported by board
 #
+# @arch: architecture of the cpu, which determines which additional fields
+#will be listed
+#
 # Since: 2.12
 #
 ##
-{ 'struct': 'CpuInfoFast',
-  'data': {'cpu-index': 'int', 'qom-path': 'str',
-   'thread-id': 'int', '*props': 'CpuInstanceProperties' } }
+{ 'union': 'CpuInfoFast',
+  'base': {'cpu-index': 'int', 'qom-path': 'str',
+   'thread-id': 'int', '*props': 'CpuInstanceProperties',
+   'arch': 'CpuInfoArch' },
+  'discriminator': 'arch',
+  'data': { 'x86': 'CpuInfoOther',
+'sparc': 'CpuInfoOther',
+'ppc': 'CpuInfoOther',
+'mips': 'CpuInfoOther',
+'tricore': 'CpuInfoOther',
+'s390': 'CpuInfoS390',
+'other': 'CpuInfoOther' } }
 
 ##
 # @query-cpus-fast:
@@ -620,9 +632,6 @@
 #
 # Returns: list of @CpuInfoFast
 #
-# Notes: The CPU architecture name is not returned by query-cpus-fast.
-#Use query-target to retrieve that information.
-#
 # Since: 2.12
 #
 # Example:
@@ -637,6 +646,7 @@
 # "socket-id": 0
 # },
 # "qom-path": "/machine/unattached/device[0]",
+# "arch":"x86",
 # "cpu-index": 0
 # },
 # {
@@ -647,6 +657,7 @@
 # "socket-id": 1
 # },
 # "qom-path": "/machine/unattached/device[2]",
+# "arch":"x86",
 # "cpu-index": 1
 # }
 # ]
-- 
1.9.1

[Qemu-devel] [PATCHv3 0/4] ] add query-cpu-fast and related s390 changes

[Viktor Mihajlovski]

This series consolidates patches around a performance issue
caused by the usage of QMP query-cpus.

A performance issue was found in an OpenStack environment, where
ceilometer was collecting domain statistics with libvirt. The domain
statistics reported by libvirt include the vCPU halted state, which 
in turn is retrieved with QMP query-cpus.

This causes two issues:
1. Performance: on most architectures query-cpus needs to issue a KVM ioctl
   to find out whether a vCPU was halted. This is not the case for s390
   but query-cpus is always causing the vCPU to exit the VM.

2. Semantics: on x86 and other architectures, halted is a highly transient
   state, which is likely to have already changed shortly after the state
   information has been retrieved. This is not the case for s390, where
   halted is an indication that the vCPU is stopped, meaning its not
   available to the guest operating system until it has been restarted.

The following patches help to alleviate the issues:

Patch 1/4:
  Adds architecture specific data to the QMP CpuInfo type, exposing
  the existing s390 cpu-state in QMP. The cpu-state is a representation
  more adequate than the ambiguous 'halted' condition.

Patch 2/4:
  Adds a new QMP function query-cpus-fast, which will only retrieve
  vCPU information that can be obtained without interrupting the
  vCPUs of a running VM. It introduces a new return type CpuInfoFast
  with the subset of fields meeting this condition. Specifically, the
  halted state is not part of CpuInfoFast. QMP clients like libvirt
  are encouraged to switch to the new API for vCPU information.

Patch 3/4:
  Adds the s390-specific cpu state to CpuInfoFast, allowing management
  apps to find out whether a vCPU is in the stopped state. This extension
  leads to a partial duplication of field definitions from CpuInfo
  to CpuInfoFast. This should be tolerable if CpuInfo is deprecated and
  eventually removed.

Patch 4/4 (NEW):
  Starts the deprecation of query-cpus and hmp 'info cpus'. It wouldn't
  hurt to have QAPI and HMP maintainer reviews for this.

Series v2 -> v3:
Overall: Added r-b's and a-b's.

Patch 2/4:
  o Fixed commit message with respect to the halted field
disposition.
  o Fixed grammar in qapi-schema documentation.

Patch 3/4:
  o Use CpuInfoS390 type for both query-cpus and query-cpus-fast per
Eric Blake's comment.
  o Dropped 'duplication blurb' from commit message as it doesn't
provide relevant information other than query-cpus should be
deprecated, which is done in the next patch now.

Series v1 -> v2:
Patch 2/3:
  o Changed formatting of hmp info cpus_fast to match that of
info cpus. This makes it easier for clients to switch to
the fast call.

Patch 3/3:
  o Same formatting change for info cpus_fast as in 2/3, only
for s390-specific cpu state.

Luiz Capitulino (1):
  qmp: add query-cpus-fast

Viktor Mihajlovski (3):
  qmp: expose s390-specific CPU info
  qmp: add architecture specific cpu data for query-cpus-fast
  qemu-doc: deprecate query-cpus and info cpus

 cpus.c |  54 +
 hmp-commands-info.hx   |  18 ++-
 hmp.c  |  28 +++
 hmp.h  |   1 +
 hw/intc/s390_flic.c|   4 +-
 hw/s390x/s390-virtio-ccw.c |   2 +-
 qapi-schema.json   | 115 -
 qemu-doc.texi  |  10 
 target/s390x/cpu.c |  24 +-
 target/s390x/cpu.h |   7 +--
 target/s390x/kvm.c |   8 ++--
 target/s390x/sigp.c|  38 +++
 12 files changed, 262 insertions(+), 47 deletions(-)

-- 
1.9.1

Re: [Qemu-devel] [PULL 00/55] Block layer patches

[Peter Maydell]

On 13 February 2018 at 17:04, Kevin Wolf  wrote:
> The following changes since commit fb68096da3d35e64c88cd610c1fa42766c58e92a:
>
>   Revert "tests: use memfd in vhost-user-test" (2018-02-13 09:51:52 +)
>
> are available in the git repository at:
>
>   git://repo.or.cz/qemu/kevin.git tags/for-upstream
>
> for you to fetch changes up to 0a4dc980e6c935e9be745ce3ee1a4c71629ecd00:
>
>   Merge remote-tracking branch 'mreitz/tags/pull-block-2018-02-13' into 
> queue-block (2018-02-13 17:01:13 +0100)
>
> 
> Block layer patches
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] ERROR:qom/object.c:907:object_unref: assertion failed (obj->ref > 0): (0 > 0)

[Daniel P . Berrangé]

On Wed, Feb 14, 2018 at 08:27:10PM -0500, Bandan Das wrote:
> 
> I get the error mentioined in the subject line when using vncviewer with
> commit 13e1d0e71e78a925848258391a6e616b6b5ae219:
> 
> Author: Daniel P. Berrange 
> Date:   Thu Feb 1 16:45:14 2018 +
> 
> ui: convert VNC server to QIONetListener
> 
> The VNC server already has the ability to listen on multiple sockets.
> Converting it to use the QIONetListener APIs though, will reduce the
> amount of code in the VNC server and improve the clarity of what is
> left.
> 
> Signed-off-by: Daniel P. Berrange 
> Message-id: 20180201164514.10330-1-berra...@redhat.com
> Signed-off-by: Gerd Hoffmann 
> 
> 
> It appears to be related to the unconditional unref in vnc_listen_io:
> static void vnc_listen_io(QIONetListener *listener,
>   QIOChannelSocket *cioc,
>   void *opaque)
> {
> VncDisplay *vd = opaque;
> bool isWebsock = listener == vd->wslistener;
> 
> qio_channel_set_name(QIO_CHANNEL(cioc),
>  isWebsock ? "vnc-ws-server" : "vnc-server");
> qio_channel_set_delay(QIO_CHANNEL(cioc), false);
> vnc_connect(vd, cioc, false, isWebsock);
> object_unref(OBJECT(cioc));
> }

[snip]

> So, it looks like the unref is already being handled as part of the event
> handling stuff when the window is closed. Is this a known issue/Is the
> object_unref above required ?

Yeah, my bad. The vnc_listen_io fnuc does *not* own the reference it is
given in the cioc parameter, so should not be unref'ing it.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v2 1/4] block: extract AIO_WAIT_WHILE() from BlockDriverState

[Kevin Wolf]

Am 15.02.2018 um 10:27 hat Stefan Hajnoczi geschrieben:
> On Wed, Feb 14, 2018 at 04:31:45PM -0600, Eric Blake wrote:
> > On 02/14/2018 08:06 AM, Stefan Hajnoczi wrote:
> > > On Tue, Feb 13, 2018 at 10:01:06AM -0600, Eric Blake wrote:
> > > I hope this explains things!  The main issue that raised these questions
> > > was that aio_context_in_iothread() has a misleading name.  Shall we
> > > rename it?
> > 
> > Maybe, but that's a separate patch.  What name would we bikeshed, maybe
> > aio_context_correct_thread() (we are the correct thread if we are the
> > iothread that owns ctx, or if we are the main thread and have properly
> > acquired ctx) 
> 
> Having acquired the AioContext does not make this function return true.
> The semantics are:
> 1. Current thread is the IOThread that runs the AioContext
> 2. Current thread is the main loop and the AioContext is the global
>AioContext.
> 
> The function tests whether the current thread is the "native" or "home"
> thread for this AioContext.  Perhaps we could also call it the "poller"
> thread because only that thread is allowed to call aio_poll(ctx, true).
> 
>   if (aio_context_in_native_thread(ctx)) {
>   ...
>   } else {
>   ...
>   }
> 
> What do you think?

"home" or "native" both work for me. Or if we want to keep the name
short, maybe just changing the order and s/iothread/thread/ would be
enough: bool in_aio_context_thread(AioContext *ctx) - do you think that
would still be prone to misunderstandings?

Kevin


signature.asc
Description: PGP signature

Re: [Qemu-devel] [qemu-s390x] [PATCH v2] s390x/tcg: add various alignment check

[David Hildenbrand]

On 15.02.2018 10:49, Cornelia Huck wrote:
> On Thu, 15 Feb 2018 10:47:45 +0100
> David Hildenbrand  wrote:
> 
>> On 14.02.2018 20:04, Richard Henderson wrote:
>>> On 02/14/2018 09:31 AM, David Hildenbrand wrote:  
 Let's add proper alignment checks for a handful of instructions that
 require a SPECIFICATION exception in case alignment is violated.

 Introduce new wout/in functions. Declare them as "static inline" to avoid
 warnings about not being used for CONFIG_USER_ONLY (as we are right
 now only using them for privileged instructions).  
>>>
>>> Annoyingly, clang will still warn for this.
>>>   
>>
>> Hm, so the only solution is to add nasty idfefs then :(
> 
> Yup, very annoying indeed, but probably the only way to shut clang up...
> 

Will resend soon!

-- 

Thanks,

David / dhildenb

Re: [Qemu-devel] [PATCH V3 2/2] tests: Add migration test for aarch64

[Andrew Jones]

On Thu, Feb 15, 2018 at 01:07:25AM -0500, Wei Huang wrote:
> This patch adds migration test support for aarch64. The test code, which
> implements the same functionality as x86, is booted as a kernel in qemu.
> Here are the design choices we make for aarch64:
> 
>  * We choose this -kernel approach because aarch64 QEMU doesn't provide a
>built-in fw like x86 does. So instead of relying on a boot loader, we
>use -kernel approach for aarch64.
>  * The serial output is sent to PL011 directly.
>  * The physical memory base for mach-virt machine is 0x4000. We change
>the start_address and end_address for aarch64.
> 
> In addition to providing the binary, this patch also includes the source
> code and the build script in tests/migration/. So users can change the
> source and/or re-compile the binary as they wish.
> 
> Signed-off-by: Wei Huang 
> ---
>  tests/Makefile.include   |  1 +
>  tests/migration-test.c   | 39 ---
>  tests/migration/Makefile | 12 +-
>  tests/migration/aarch64-a-b-kernel.h | 19 +
>  tests/migration/aarch64-a-b-kernel.s | 74 
> 
>  5 files changed, 137 insertions(+), 8 deletions(-)
>  create mode 100644 tests/migration/aarch64-a-b-kernel.h
>  create mode 100644 tests/migration/aarch64-a-b-kernel.s
> 
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> index 278c13a..5b1605a 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> @@ -372,6 +372,7 @@ check-qtest-arm-y += tests/sdhci-test$(EXESUF)
>  
>  check-qtest-aarch64-y = tests/numa-test$(EXESUF)
>  check-qtest-aarch64-y += tests/sdhci-test$(EXESUF)
> +check-qtest-aarch64-y += tests/migration-test$(EXESUF)
>  
>  check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
>  
> diff --git a/tests/migration-test.c b/tests/migration-test.c
> index 97fdb19..0b6ab5c 100644
> --- a/tests/migration-test.c
> +++ b/tests/migration-test.c
> @@ -23,8 +23,8 @@
>  
>  #define MIN_NVRAM_SIZE 8192 /* from spapr_nvram.c */
>  
> -const unsigned start_address = 1024 * 1024;
> -const unsigned end_address = 100 * 1024 * 1024;
> +unsigned start_address = 1024 * 1024;
> +unsigned end_address = 100 * 1024 * 1024;
>  bool got_stop;
>  
>  #if defined(__linux__)
> @@ -81,12 +81,13 @@ static const char *tmpfs;
>   * outputting a 'B' every so often if it's still running.
>   */
>  #include "tests/migration/x86-a-b-bootblock.h"
> +#include "tests/migration/aarch64-a-b-kernel.h"
>  
> -static void init_bootfile_x86(const char *bootpath)
> +static void init_bootfile(const char *bootpath, void *content)
>  {
>  FILE *bootfile = fopen(bootpath, "wb");
>  
> -g_assert_cmpint(fwrite(x86_bootsect, 512, 1, bootfile), ==, 1);
> +g_assert_cmpint(fwrite(content, 512, 1, bootfile), ==, 1);
>  fclose(bootfile);
>  }
>  
> @@ -392,7 +393,7 @@ static void test_migrate_start(QTestState **from, 
> QTestState **to,
>  got_stop = false;
>  
>  if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
> -init_bootfile_x86(bootpath);
> +init_bootfile(bootpath, x86_bootsect);
>  cmd_src = g_strdup_printf("-machine accel=%s -m 150M"
>" -name source,debug-threads=on"
>" -serial file:%s/src_serial"
> @@ -421,6 +422,32 @@ static void test_migrate_start(QTestState **from, 
> QTestState **to,
>" -serial file:%s/dest_serial"
>" -incoming %s",
>accel, tmpfs, uri);
> +} else if (strcmp(arch, "aarch64") == 0) {
> +const char *cpu;
> +
> +if (access("/dev/kvm", F_OK)) {
> +accel = "kvm";
> +cpu = "host";

This won't work. I have /dev/kvm on my x86 notebook, but I can't
run aarch64 kvm guests there. You also need to check if the host
is aarch64. You can do that with uname(3), checking uname.machine.

> +} else {
> +accel = "tcg";
> +cpu = "cortex-a57";
> +}
> +
> +init_bootfile(bootpath, aarch64_kernel);
> +cmd_src = g_strdup_printf("-machine virt,accel=%s -m 150M "

You should also add ,gic-version=%s, where %s is either 'host' when kvm
is in use, or 2 or 3 (whichever) when tcg is in use.

> +  "-name vmsource,debug-threads=on -cpu %s "
> +  "-serial file:%s/src_serial "
> +  "-kernel %s ",
> +  accel, cpu, tmpfs, bootpath);
> +cmd_dst = g_strdup_printf("-machine virt,accel=%s -m 150M "
> +  "-name vmdest,debug-threads=on -cpu %s "
> +  "-serial file:%s/dest_serial "
> +  "-kernel %s "
> +  "-incoming %s ",
> +  accel, 

Re: [Qemu-devel] [Qemu-block] [RFC PATCH 0/2] s/size/entries/ when dealing with non-byte units

[Kevin Wolf]

Am 14.02.2018 um 00:33 hat Eric Blake geschrieben:
> I mentioned this while reviewing Berto's series on L2 slice handling;
> this is a first cut at patches that I think are worth doing throughout
> the qcow2 code base if we like the idea.

I agree it's a good change.

While we're at it, something I noticed in your block status series:
If something points to bytes, it should be an 'offset', and if it
points to entries, it's an 'index'. You changed a few things to byte
granularity, but still call them 'index'. Maybe we should clean that up
as well.

Kevin

Re: [Qemu-devel] [PATCH] configure: Add missing space when using --with-pkgversion

[Daniel P . Berrangé]

On Thu, Feb 15, 2018 at 07:02:40AM +0100, Thomas Huth wrote:
> On 14.02.2018 21:23, Eric Blake wrote:
> > On 02/14/2018 11:31 AM, Thomas Huth wrote:
> >> When running configure with --with-pkgversion=foo there is no
> >> space anymore between the version number and the parentheses:
> >>
> >> $ m68k-softmmu/qemu-system-m68k -version
> >> QEMU emulator version 2.11.50(foo)
> >>
> >> Fix it by moving the space from the configure script to the Makefile.
> >>
> >> Fixes: 67a1de0d195a6185c39b436159c9ffc7720bf979
> >> Buglink: https://bugs.launchpad.net/qemu/+bug/1673373
> >> Signed-off-by: Thomas Huth 
> >> ---
> >>   Makefile  | 2 +-
> >>   configure | 2 +-
> >>   2 files changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/Makefile b/Makefile
> >> index 4ec7a3c..41adbc9 100644
> >> --- a/Makefile
> >> +++ b/Makefile
> >> @@ -369,7 +369,7 @@ qemu-version.h: FORCE
> >>   (cd $(SRC_PATH); \
> >>   printf '#define QEMU_PKGVERSION '; \
> >>   if test -n "$(PKGVERSION)"; then \
> >> -    printf '"$(PKGVERSION)"\n'; \
> >> +    printf '" ($(PKGVERSION))"\n'; \
> > 
> > I would argue that putting a space here is awkward; wouldn't it instead
> > be easier to have all CLIENTS of QEMU_PKGVERSION in the source code
> > assume that the macro does NOT have a leading space, and to supply a
> > space themselves?
> > 
> > That is, change THESE locations:
> > 
> > bsd-user/main.c:    printf("qemu-" TARGET_NAME " version " QEMU_VERSION
> > QEMU_PKGVERSION
> > linux-user/main.c:    printf("qemu-" TARGET_NAME " version "
> > QEMU_VERSION QEMU_PKGVERSION
> > qemu-img.c:#define QEMU_IMG_VERSION "qemu-img version " QEMU_VERSION
> > QEMU_PKGVERSION \
> > qemu-io.c:    printf("%s version " QEMU_VERSION QEMU_PKGVERSION
> > "\n"
> > qemu-nbd.c:"%s " QEMU_VERSION QEMU_PKGVERSION "\n"
> > qga/main.c:"QEMU Guest Agent " QEMU_VERSION QEMU_PKGVERSION "\n"
> > scsi/qemu-pr-helper.c:"%s " QEMU_VERSION QEMU_PKGVERSION "\n"
> > ui/cocoa.m:    @"QEMU emulator version %s%s", QEMU_VERSION,
> > QEMU_PKGVERSION];
> > vl.c:    printf("QEMU emulator version " QEMU_VERSION QEMU_PKGVERSION "\n"
> > 
> > to instead supply the missing space, and have configure/Makefile always
> > generate without a leading space.
> > 
> >> +++ b/configure
> >> @@ -1162,7 +1162,7 @@ for opt do
> >>     ;;
> >>     --disable-blobs) blobs="no"
> >>     ;;
> >> -  --with-pkgversion=*) pkgversion=" ($optarg)"
> >> +  --with-pkgversion=*) pkgversion="$optarg"
> > 
> > Hmm - here you're changing who supplies the ().  But that argues that
> > maybe the callsites should supply " (" and ")" themselves.
> 
> Yeah, that's likely the saner way to do this. The question is: What
> about the query-version QMP command? Should it report parentheses or
> not? I think I'd look nicer if it reports "package": "foo" instead of
> "package": "(foo)" - but we maybe could break some users who expect
> parentheses there (no matter whether there is a preceding space or not)?

The pkgversion is an opaque string - users/apps should never try to
interpret its contents, because its format can vary arbitrarily between
distros.  It is merely intended as an informative string to help the
package maintainer identify which version of QEMU was used when someone
submits a bug reoprt.

IOW it is totally valid to change the command to omit '()', and if anything
breaks that is their own fault for trying to interpret an opaque blob of
data.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH 22/30] hw/display: use the BYTE-based definitions

[Gerd Hoffmann]

On Thu, Feb 15, 2018 at 01:28:52AM -0300, Philippe Mathieu-Daudé wrote:
> It ease code review, unit is explicit.

Reviewed-by: Gerd Hoffmann 

[Qemu-devel] [PULL v2 2/3] ratelimit: don't align wait time with slices

[Stefan Hajnoczi]

From: Wolfgang Bumiller 

It is possible for rate limited writes to keep overshooting a slice's
quota by a tiny amount causing the slice-aligned waiting period to
effectively halve the rate.

Signed-off-by: Wolfgang Bumiller 
Reviewed-by: Alberto Garcia 
Message-id: 20180207071758.6818-1-w.bumil...@proxmox.com
Signed-off-by: Stefan Hajnoczi 
---
 include/qemu/ratelimit.h | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/include/qemu/ratelimit.h b/include/qemu/ratelimit.h
index 8dece483f5..1b38291823 100644
--- a/include/qemu/ratelimit.h
+++ b/include/qemu/ratelimit.h
@@ -36,7 +36,7 @@ typedef struct {
 static inline int64_t ratelimit_calculate_delay(RateLimit *limit, uint64_t n)
 {
 int64_t now = qemu_clock_get_ns(QEMU_CLOCK_REALTIME);
-uint64_t delay_slices;
+double delay_slices;
 
 assert(limit->slice_quota && limit->slice_ns);
 
@@ -55,12 +55,11 @@ static inline int64_t ratelimit_calculate_delay(RateLimit 
*limit, uint64_t n)
 return 0;
 }
 
-/* Quota exceeded. Calculate the next time slice we may start
- * sending data again. */
-delay_slices = (limit->dispatched + limit->slice_quota - 1) /
-limit->slice_quota;
+/* Quota exceeded. Wait based on the excess amount and then start a new
+ * slice. */
+delay_slices = (double)limit->dispatched / limit->slice_quota;
 limit->slice_end_time = limit->slice_start_time +
-delay_slices * limit->slice_ns;
+(uint64_t)(delay_slices * limit->slice_ns);
 return limit->slice_end_time - now;
 }
 
-- 
2.14.3

Re: [Qemu-devel] [PATCH 01/30] util/cutils: extract byte-based definitions into a new header: "qemu/cunits.h"

[Marc-André Lureau]

On Thu, Feb 15, 2018 at 5:28 AM, Philippe Mathieu-Daudé  wrote:
> (added in 076b35b5a56)
>
> Signed-off-by: Philippe Mathieu-Daudé 

Or osdep.h?

Reviewed-by: Marc-André Lureau 


> ---
>  include/qemu/cunits.h | 11 +++
>  include/qemu/cutils.h |  8 +---
>  2 files changed, 12 insertions(+), 7 deletions(-)
>  create mode 100644 include/qemu/cunits.h
>
> diff --git a/include/qemu/cunits.h b/include/qemu/cunits.h
> new file mode 100644
> index 00..c0207b7611
> --- /dev/null
> +++ b/include/qemu/cunits.h
> @@ -0,0 +1,11 @@
> +#ifndef QEMU_CUNITS_H
> +#define QEMU_CUNITS_H
> +
> +#define K_BYTE (1ULL << 10)
> +#define M_BYTE (1ULL << 20)
> +#define G_BYTE (1ULL << 30)
> +#define T_BYTE (1ULL << 40)
> +#define P_BYTE (1ULL << 50)
> +#define E_BYTE (1ULL << 60)
> +
> +#endif
> diff --git a/include/qemu/cutils.h b/include/qemu/cutils.h
> index f0878eaafa..01184a70b3 100644
> --- a/include/qemu/cutils.h
> +++ b/include/qemu/cutils.h
> @@ -2,6 +2,7 @@
>  #define QEMU_CUTILS_H
>
>  #include "qemu/fprintf-fn.h"
> +#include "qemu/cunits.h"
>
>  /**
>   * pstrcpy:
> @@ -143,13 +144,6 @@ int qemu_strtosz(const char *nptr, char **end, uint64_t 
> *result);
>  int qemu_strtosz_MiB(const char *nptr, char **end, uint64_t *result);
>  int qemu_strtosz_metric(const char *nptr, char **end, uint64_t *result);
>
> -#define K_BYTE (1ULL << 10)
> -#define M_BYTE (1ULL << 20)
> -#define G_BYTE (1ULL << 30)
> -#define T_BYTE (1ULL << 40)
> -#define P_BYTE (1ULL << 50)
> -#define E_BYTE (1ULL << 60)
> -
>  /* used to print char* safely */
>  #define STR_OR_NULL(str) ((str) ? (str) : "null")
>
> --
> 2.16.1
>
>



-- 
Marc-André Lureau

[Qemu-devel] [PULL v2 0/3] Block patches

[Stefan Hajnoczi]

The following changes since commit bec9c64ef7be8063f1192608b83877bc5c9ea217:

  Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging 
(2018-02-13 18:24:08 +)

are available in the Git repository at:

  git://github.com/stefanha/qemu.git tags/block-pull-request

for you to fetch changes up to d2f668b74907cbd96d9df0774971768ed06de2f0:

  misc: fix spelling (2018-02-15 09:39:49 +)


Pull request

v2:
 * Dropped Fam's git-publish series because there is still ongoing discussion



Marc-André Lureau (1):
  misc: fix spelling

Stefan Hajnoczi (1):
  vl: pause vcpus before stopping iothreads

Wolfgang Bumiller (1):
  ratelimit: don't align wait time with slices

 include/qemu/ratelimit.h   | 11 +--
 util/qemu-coroutine-lock.c |  2 +-
 vl.c   | 12 ++--
 3 files changed, 16 insertions(+), 9 deletions(-)

-- 
2.14.3

[Qemu-devel] [PULL v2 3/3] misc: fix spelling

[Stefan Hajnoczi]

From: Marc-André Lureau 

s/pupulate/populate

Signed-off-by: Marc-André Lureau 
Reviewed-by: Peter Maydell 
Message-id: 20180208162447.10851-1-marcandre.lur...@redhat.com
Signed-off-by: Stefan Hajnoczi 
---
 util/qemu-coroutine-lock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
index 78fb79acf8..5a80c10690 100644
--- a/util/qemu-coroutine-lock.c
+++ b/util/qemu-coroutine-lock.c
@@ -89,7 +89,7 @@ void qemu_co_queue_run_restart(Coroutine *co)
  * invalid memory.  Therefore, use a temporary queue and do not touch
  * the "co" coroutine as soon as you enter another one.
  *
- * In its turn resumed "co" can pupulate "co_queue_wakeup" queue with
+ * In its turn resumed "co" can populate "co_queue_wakeup" queue with
  * new coroutines to be woken up.  The caller, who has resumed "co",
  * will be responsible for traversing the same queue, which may cause
  * a different wakeup order but not any missing wakeups.
-- 
2.14.3

Re: [Qemu-devel] [PATCH 29/30] tpm: use the BYTE-based definitions

[Marc-André Lureau]

On Thu, Feb 15, 2018 at 5:28 AM, Philippe Mathieu-Daudé  wrote:
> It ease code review, unit is explicit.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Marc-André Lureau 


> ---
>  include/hw/acpi/tpm.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/hw/acpi/tpm.h b/include/hw/acpi/tpm.h
> index 96fd3a92f7..751567a73a 100644
> --- a/include/hw/acpi/tpm.h
> +++ b/include/hw/acpi/tpm.h
> @@ -71,7 +71,7 @@ REG32(CRB_DATA_BUFFER, 0x80)
>  #define TPM_CRB_ADDR_CTRL   (TPM_CRB_ADDR_BASE + A_CRB_CTRL_REQ)
>  #define TPM_CRB_R_MAX   R_CRB_DATA_BUFFER
>
> -#define TPM_LOG_AREA_MINIMUM_SIZE   (64 * 1024)
> +#define TPM_LOG_AREA_MINIMUM_SIZE   (64 * K_BYTE)
>
>  #define TPM_TCPA_ACPI_CLASS_CLIENT  0
>  #define TPM_TCPA_ACPI_CLASS_SERVER  1
> --
> 2.16.1
>
>



-- 
Marc-André Lureau

Re: [Qemu-devel] [qemu-s390x] [PATCH v2] s390x/tcg: add various alignment check

[Cornelia Huck]

On Thu, 15 Feb 2018 10:47:45 +0100
David Hildenbrand  wrote:

> On 14.02.2018 20:04, Richard Henderson wrote:
> > On 02/14/2018 09:31 AM, David Hildenbrand wrote:  
> >> Let's add proper alignment checks for a handful of instructions that
> >> require a SPECIFICATION exception in case alignment is violated.
> >>
> >> Introduce new wout/in functions. Declare them as "static inline" to avoid
> >> warnings about not being used for CONFIG_USER_ONLY (as we are right
> >> now only using them for privileged instructions).  
> > 
> > Annoyingly, clang will still warn for this.
> >   
> 
> Hm, so the only solution is to add nasty idfefs then :(

Yup, very annoying indeed, but probably the only way to shut clang up...

Re: [Qemu-devel] [qemu-s390x] [PATCH v2] s390x/tcg: add various alignment check

[David Hildenbrand]

On 14.02.2018 20:04, Richard Henderson wrote:
> On 02/14/2018 09:31 AM, David Hildenbrand wrote:
>> Let's add proper alignment checks for a handful of instructions that
>> require a SPECIFICATION exception in case alignment is violated.
>>
>> Introduce new wout/in functions. Declare them as "static inline" to avoid
>> warnings about not being used for CONFIG_USER_ONLY (as we are right
>> now only using them for privileged instructions).
> 
> Annoyingly, clang will still warn for this.
> 

Hm, so the only solution is to add nasty idfefs then :(

Thanks!

> Otherwise,
> Reviewed-by: Richard Henderson 
> 
> 
> r~
> 


-- 

Thanks,

David / dhildenb

Re: [Qemu-devel] drive-mirroring to nbd is failing with multiple parallel jobs (qemu 2.9 -> 2.11)

[Wouter Verhelst]

Hi Eric,

On Wed, Feb 14, 2018 at 09:11:02AM -0600, Eric Blake wrote:
[NBD and keepalive]
> This is more food for thought on whether it even makes sense for NBD to
> worry about assisting in keepalive matters, or whether it would just be
> bloating the protocol.

I'm currently leaning towards the latter. I don't think it makes (much)
sense to run NBD over an unreliable transport. It uses TCP specifically
to not have to worry about that, under the expectation that it won't
break except in unusual circumstances; if you break that expectation, I
think it's not unfair to say "well, then you get to keep both pieces".

We already set the SO_KEEPALIVE socket option (at least nbd-server does;
don't know about qemu) to make the kernel send out TCP-level keepalive
probes. This happens only after two hours (by default), but it's
something you can configure on your system if you need it to be lower.

Having said that, I can always be convinced otherwise by good arguments
:-)

-- 
Could you people please use IRC like normal people?!?

  -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008
 Hacklab

[Qemu-devel] [PULL v2 1/3] vl: pause vcpus before stopping iothreads

[Stefan Hajnoczi]

Commit dce8921b2baaf95974af8176406881872067adfa ("iothread: Stop threads
before main() quits") introduced iothread_stop_all() to avoid the
following virtio-scsi assertion failure:

  assert(blk_get_aio_context(d->conf.blk) == s->ctx);

Back then the assertion failed because when bdrv_close_all() made
d->conf.blk NULL, blk_get_aio_context() returned the global AioContext
instead of s->ctx.

The same assertion can still fail today when vcpus submit new I/O
requests after iothread_stop_all() has moved the BDS to the global
AioContext.

This patch hardens the iothread_stop_all() approach by pausing vcpus
before calling iothread_stop_all().

Note that the assertion failure is a race condition.  It is not possible
to reproduce it reliably.

Signed-off-by: Stefan Hajnoczi 
Message-id: 20180201110708.8080-1-stefa...@redhat.com
Signed-off-by: Stefan Hajnoczi 
---
 vl.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/vl.c b/vl.c
index 21878496ec..7a5554bc41 100644
--- a/vl.c
+++ b/vl.c
@@ -4767,10 +4767,18 @@ int main(int argc, char **argv, char **envp)
 
 main_loop();
 replay_disable_events();
+
+/* The ordering of the following is delicate.  Stop vcpus to prevent new
+ * I/O requests being queued by the guest.  Then stop IOThreads (this
+ * includes a drain operation and completes all request processing).  At
+ * this point emulated devices are still associated with their IOThreads
+ * (if any) but no longer have any work to do.  Only then can we close
+ * block devices safely because we know there is no more I/O coming.
+ */
+pause_all_vcpus();
 iothread_stop_all();
-
-pause_all_vcpus();
 bdrv_close_all();
+
 res_free();
 
 /* vhost-user must be cleaned up before chardevs.  */
-- 
2.14.3

Re: [Qemu-devel] [PATCH 0/5] Block patches

[Stefan Hajnoczi]

On Wed, Feb 14, 2018 at 09:58:27PM +0800, Fam Zheng wrote:
> On Wed, Feb 14, 2018 at 9:25 PM, Stefan Hajnoczi  wrote:
> > On Wed, Feb 14, 2018 at 08:48:20AM +0800, Fam Zheng wrote:
> >> On Tue, 02/13 17:34, Stefan Hajnoczi wrote:
> >> > The following changes since commit 
> >> > fb68096da3d35e64c88cd610c1fa42766c58e92a:
> >> >
> >> >   Revert "tests: use memfd in vhost-user-test" (2018-02-13 09:51:52 
> >> > +)
> >> >
> >> > are available in the Git repository at:
> >> >
> >> >   git://github.com/stefanha/qemu.git tags/block-pull-request
> >> >
> >> > for you to fetch changes up to 64b01feca991e5b19a5d750ef77cdca92b68bdbb:
> >> >
> >> >   misc: fix spelling (2018-02-13 15:38:17 +)
> >>
> >> Did you mean "PULL" in the subject?
> >
> > git-publish is just obeying your profile settings:
> >
> > +[gitpublishprofile "default"]
> > +base = master
> > +prefix = PATCH
> >  ^ :)
> >
> > I used PULL myself in the past but am happy with using whatever we
> > decide the standard should be.
> >
> > Shall we remove prefix from the profiles (it defaults to "PATCH" for
> > regular patches and "PULL" for pull requests)?
> 
> Yes, this is a bug. In my ~/.gitconfig I had "prefix = PATCH ..." for
> all other qemu-* profiles but not the main one, "qemu". When I wrote
> the patch I didn't realize it is so for a reason, and "fixed" it!

Please resend your series once this email thread has run its course.

I am dropping it from the pull request because I'd like to merge the
other fixes in this pull request as soon as possible.

Stefan


signature.asc
Description: PGP signature

[Qemu-devel] ping Re: [PATCH v10 00/12] Dirty bitmaps postcopy migration

[Vladimir Sementsov-Ogievskiy]

ping
07.02.2018 18:58, Vladimir Sementsov-Ogievskiy wrote:

Hi all!

There is a new version of dirty bitmap postcopy migration series.

Now it is based on Max's block tree: 
https://github.com/XanClic/qemu/commits/block,
where it needs only one patch: "block: maintain persistent disabled bitmaps",
but I hope it is near to be merged.

v10

clone: tag postcopy-v10 from https://src.openvz.org/scm/~vsementsov/qemu.git
online: 
https://src.openvz.org/users/vsementsov/repos/qemu/browse?at=postcopy-v10

01,02: r-b Fam
03: adjust comments about locking
04: fixed 124 iotest (was broken because of small mistake in 
block/dirty-bitmap.c)
05: rebased on master, staff from migration_thread is moved to 
migration_iteration_run, so
 drop r-b by John and Juan
06: 2.11->2.12, r-b Fam
07,08,09,: r-b Fam

10: move to device names instead of node names, looks like libvirt don't care 
about
 same node-names.
 flag AUTOLOAD is ignored for now
 use QEMU_ALIGN_UP and DIV_ROUND_UP
 skip automatically inserted nodes, when search for dirty bitmaps
 allow migration of no bitmaps (see in dirty_bitmap_load_header new logic
with nothing variable, which avoids extra 
errors)
 handle return code of dirty_bitmap_load_header
 avoid iteration if there are no bitmaps (see new .no_bitmaps field of
  dirty_bitmap_mig_state)
 call dirty_bitmap_mig_before_vm_start from process_incoming_migration_bh 
too,
 to enable bitmaps in case of postcopy not actually started.
11: not add r-b Fam
 tiny reorganisation of do_test_migration parameters: remove useless default
 values and make shared_storage to be the last
 disable shared storage test for now, until it will be fixed (it will be 
separate
 series, more related to qcow2 than to migration)
12: r-b Fam

also, "iotests: add default node-name" is dropped, as not more needed.


v9

clone: tag postcopy-v9 from https://src.openvz.org/scm/~vsementsov/qemu.git
online: https://src.openvz.org/users/vsementsov/repos/qemu/browse?at=postcopy-v9

01: r-b John
02: was incomplete, now add here bdrv_reclaim_dirty_bitmap fix
03: new
04: new
05: r-b John
07: fix type in commit message, r-b John
09: add comment about is_active_iterate, r-b Snow and keep Juan's r-b, hope 
comment is ok
10: change copyright to Virtuozzo
 reword comment at the top of the file
 rewrite init_dirty_bitmap_migration, to not do same things twice (John)
   and skip _only_ unnamed bitmaps, error out for unnamed nodes (John)
 use new "locked" state of bitmaps instead of frozen on source vm
 do not support migrating bitmap to existent one with the same name,
   keep only create-new-bitmap way
 break loop in dirty_bitmap_load_complete when bitmap is found
 use bitmap locking instead of context acquire
12: rewrite, to add more cases. (note, that 169 iotest is also in my
 "[PATCH v2 0/3] fix bitmaps migration through shared storage", which 
probably should
 go to qemu-stable. So this patch should rewrite it, but here I make it 
like new patch,
 to simplify review. When "[PATCH v2..." merged I'll rebase this on it), 
drop r-b
13: move to separate test, drop r-b


v8.1

clone: tag postcopy-v8.1 from https://src.openvz.org/scm/~vsementsov/qemu.git
online: 
https://src.openvz.org/users/vsementsov/repos/qemu/browse?at=postcopy-v8.1

05: fix compilation, add new version for cmma_save_pending too.


v8

clone: tag postcopy-v8 from https://src.openvz.org/scm/~vsementsov/qemu.git
online: https://src.openvz.org/users/vsementsov/repos/qemu/browse?at=postcopy-v8

- rebased on master
- patches 01-03 from v7 are already merged to master
- patch order is changed to make it possible to merge block/dirty-bitmap patches
   in separate if is needed
01: new patch
03: fixed to use _locked version of bdrv_release_dirty_bitmap
06: qapi-schema.json -> qapi/migration.json
 2.9 -> 2.11
10: protocol changed a bit:
   instead of 1 byte "bitmap enabled flag" this byte becomes just "flags"
   and have "enabled", "persistent" and "autoloading" flags inside.
   also, make all migrated bitmaps to be not persistent (to prevent their
   storing on source vm)
14: new patch


patches status:
01-04 - are only about block/dirty-bitmap and have no r-b. Fam, John, Paolo 
(about bitmap lock),
 please look at. These patches are ok to be merged in separate (but before 
05-14)
other patches are about migration
05-09 has Juan's r-b (and some of them has John's and Eric's r-bs)
10 - the main patch (dirty bitmaps migration), has no r-b.
11 - preparation for tests, not related to migration directly, has Max's r-b, 
ok to be merged
 separately (but before 12-14)
12-14 - tests, 12 and 13 have Max's r-b, 14 is new


v7

clone: tag postcopy-v7 from https://src.openvz.org/scm/~vsementsov/qemu.git
online: https://src.openvz.org/users/vsementsov/repos/qemu/browse?at=postcopy-v7

- rebased on dirty-bitmap byte-based 

[Qemu-devel] ping Re: [PATCH v2 0/2] block latency histogram

[Vladimir Sementsov-Ogievskiy]

ping
07.02.2018 15:50, Vladimir Sementsov-Ogievskiy wrote:

v2:

01: add block_latency_histogram_clear()
02: fix spelling (sorry =()
 some rewordings
 remove histogram if latency parameter unspecified

Vladimir Sementsov-Ogievskiy (2):
   block/accounting: introduce latency histogram
   qapi: add block latency histogram interface

  qapi/block-core.json   | 73 +-
  include/block/accounting.h |  9 +
  block/accounting.c | 97 ++
  block/qapi.c   | 31 +++
  blockdev.c | 19 +
  5 files changed, 228 insertions(+), 1 deletion(-)




--
Best regards,
Vladimir

[Qemu-devel] [PATCH v3] PPC: e500: Fix duplicate kernel load and device tree overlap

[David Engraf]

This patch fixes an incorrect behavior when the -kernel argument has been
specified without -bios. In this case the kernel was loaded twice. At address
32M as a raw image and afterwards by load_elf/load_uimage at the
corresponding load address. In this case the region for the device tree and
the raw kernel image may overlap.

The patch fixes the behavior by loading the kernel image once with
load_elf/load_uimage and skips loading the raw image.

When here do not use bios_name/size for the kernel and use a more generic
name called payload_name/size.

New in v3: dtb must be stored between kernel and initrd because Linux can
   handle the dtb only within the first 64MB. Add a comment to
   clarify the behavior.

Signed-off-by: David Engraf 
---
 hw/ppc/e500.c | 116 +++---
 1 file changed, 70 insertions(+), 46 deletions(-)

diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c
index c4fe06ea2a..414c4beaab 100644
--- a/hw/ppc/e500.c
+++ b/hw/ppc/e500.c
@@ -784,8 +784,10 @@ void ppce500_init(MachineState *machine, PPCE500Params 
*params)
 int initrd_size = 0;
 hwaddr cur_base = 0;
 char *filename;
+const char *payload_name;
+bool kernel_as_payload;
 hwaddr bios_entry = 0;
-target_long bios_size;
+target_long payload_size;
 struct boot_info *boot_info;
 int dt_size;
 int i;
@@ -913,11 +915,6 @@ void ppce500_init(MachineState *machine, PPCE500Params 
*params)
 /* Register spinning region */
 sysbus_create_simple("e500-spin", params->spin_base, NULL);
 
-if (cur_base < (32 * 1024 * 1024)) {
-/* u-boot occupies memory up to 32MB, so load blobs above */
-cur_base = (32 * 1024 * 1024);
-}
-
 if (params->has_mpc8xxx_gpio) {
 qemu_irq poweroff_irq;
 
@@ -952,8 +949,61 @@ void ppce500_init(MachineState *machine, PPCE500Params 
*params)
 sysbus_mmio_get_region(s, 0));
 }
 
-/* Load kernel. */
-if (machine->kernel_filename) {
+/*
+ * Smart firmware defaults ahead!
+ *
+ * We follow the following table to select which payload we execute.
+ *
+ *  -kernel | -bios | payload
+ * -+---+-
+ * N|   Y   | u-boot
+ * N|   N   | u-boot
+ * Y|   Y   | u-boot
+ * Y|   N   | kernel
+ *
+ * This ensures backwards compatibility with how we used to expose
+ * -kernel to users but allows them to run through u-boot as well.
+ */
+kernel_as_payload = false;
+if (bios_name == NULL) {
+if (machine->kernel_filename) {
+payload_name = machine->kernel_filename;
+kernel_as_payload = true;
+} else {
+payload_name = "u-boot.e500";
+}
+} else {
+payload_name = bios_name;
+}
+
+filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, payload_name);
+
+payload_size = load_elf(filename, NULL, NULL, _entry, , NULL,
+1, PPC_ELF_MACHINE, 0, 0);
+if (payload_size < 0) {
+/*
+ * Hrm. No ELF image? Try a uImage, maybe someone is giving us an
+ * ePAPR compliant kernel
+ */
+payload_size = load_uimage(filename, _entry, , NULL,
+   NULL, NULL);
+if (payload_size < 0) {
+fprintf(stderr, "qemu: could not load firmware '%s'\n", filename);
+exit(1);
+}
+}
+
+g_free(filename);
+
+if (kernel_as_payload) {
+kernel_base = loadaddr;
+kernel_size = payload_size;
+}
+
+cur_base = loadaddr + payload_size;
+
+/* Load bare kernel only if no bios/u-boot has been provided */
+if (machine->kernel_filename && !kernel_as_payload) {
 kernel_base = cur_base;
 kernel_size = load_image_targphys(machine->kernel_filename,
   cur_base,
@@ -967,6 +1017,11 @@ void ppce500_init(MachineState *machine, PPCE500Params 
*params)
 cur_base += kernel_size;
 }
 
+if (cur_base < (32 * 1024 * 1024)) {
+/* u-boot occupies memory up to 32MB, so load blobs above */
+cur_base = (32 * 1024 * 1024);
+}
+
 /* Load initrd. */
 if (machine->initrd_filename) {
 initrd_base = (cur_base + INITRD_LOAD_PAD) & ~INITRD_PAD_MASK;
@@ -983,47 +1038,16 @@ void ppce500_init(MachineState *machine, PPCE500Params 
*params)
 }
 
 /*
- * Smart firmware defaults ahead!
- *
- * We follow the following table to select which payload we execute.
- *
- *  -kernel | -bios | payload
- * -+---+-
- * N|   Y   | u-boot
- * N|   N   | u-boot
- * Y|   Y   | u-boot
- * Y|   N   | kernel
- *
- * This ensures backwards compatibility with how we used to expose
- * -kernel to users but allows them to run through u-boot as well.
+ * 

Re: [Qemu-devel] [PATCH v2 0/4] block: fix blk_aio_*() segfault when blk->root == NULL

[Stefan Hajnoczi]

On Tue, Feb 13, 2018 at 02:20:58PM +, Stefan Hajnoczi wrote:
> v2:
>  * Introduce AIO_WAIT_WHILE() since aio_poll(ctx, true) is not allowed [Paolo]
> 
> Using bdrv_inc_in_flight(blk_bs(blk)) doesn't work since BlockBackend->root 
> may
> be NULL.
> 
> This patch series solves the issue by adding an BlockBackend->in_flight 
> counter
> so requests can be tracked even when there is no BlockDriverState.
> 
> This should fix the IDE and virtio-blk segfaults that have been encountered
> when there is no BlockDriverState.
> 
> The patch is based on work by Kevin Wolf.
> 
> Kevin Wolf (1):
>   block: test blk_aio_flush() with blk->root == NULL
> 
> Stefan Hajnoczi (3):
>   block: extract AIO_WAIT_WHILE() from BlockDriverState
>   block: add BlockBackend->in_flight counter
>   Revert "IDE: Do not flush empty CDROM drives"
> 
>  tests/Makefile.include |   2 +
>  util/Makefile.objs |   2 +-
>  include/block/aio-wait.h   | 116 
> +
>  include/block/block.h  |  40 +++-
>  include/block/block_int.h  |   7 ++-
>  block.c|   7 ++-
>  block/block-backend.c  |  60 ---
>  block/io.c |  10 +---
>  hw/ide/core.c  |  10 +---
>  tests/test-block-backend.c |  82 
>  util/aio-wait.c|  40 
>  11 files changed, 313 insertions(+), 63 deletions(-)
>  create mode 100644 include/block/aio-wait.h
>  create mode 100644 tests/test-block-backend.c
>  create mode 100644 util/aio-wait.c

Eric has posted R-b for all patches.

Kevin or Paolo: Are you happy with this series?


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v2 1/4] block: extract AIO_WAIT_WHILE() from BlockDriverState

[Stefan Hajnoczi]

On Wed, Feb 14, 2018 at 04:31:45PM -0600, Eric Blake wrote:
> On 02/14/2018 08:06 AM, Stefan Hajnoczi wrote:
> > On Tue, Feb 13, 2018 at 10:01:06AM -0600, Eric Blake wrote:
> > I hope this explains things!  The main issue that raised these questions
> > was that aio_context_in_iothread() has a misleading name.  Shall we
> > rename it?
> 
> Maybe, but that's a separate patch.  What name would we bikeshed, maybe
> aio_context_correct_thread() (we are the correct thread if we are the
> iothread that owns ctx, or if we are the main thread and have properly
> acquired ctx) 

Having acquired the AioContext does not make this function return true.
The semantics are:
1. Current thread is the IOThread that runs the AioContext
2. Current thread is the main loop and the AioContext is the global
   AioContext.

The function tests whether the current thread is the "native" or "home"
thread for this AioContext.  Perhaps we could also call it the "poller"
thread because only that thread is allowed to call aio_poll(ctx, true).

  if (aio_context_in_native_thread(ctx)) {
  ...
  } else {
  ...
  }

What do you think?


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH V2 1/1] tests: Add migration test for aarch64

[Andrew Jones]

On Wed, Feb 14, 2018 at 02:17:34PM -0600, Wei Huang wrote:
> 
> 
> On 02/12/2018 11:31 AM, Andrew Jones wrote:
> > On Fri, Feb 09, 2018 at 04:42:42PM -0500, Wei Huang wrote:
> >> This patch adds migration test support for aarch64. The test code, which
> >> implements the same functionality as x86, is booted as a kernel in qemu.
> >> Here are the design choices we make for aarch64:
> >>
> >>  * We choose this -kernel approach because aarch64 QEMU doesn't provide a
> >>built-in fw like x86 does. So instead of relying on a boot loader, we
> >>use -kernel approach for aarch64.
> >>  * The serial output is sent to PL011 directly.
> >>  * The physical memory base for mach-virt machine is 0x4000. We change
> >>the start_address and end_address for aarch64.
> >>
> >> In addition to providing the binary, this patch also includes the test 
> >> source
> >> and the build script in tests/migration. So users can change/re-compile
> >> the binary as they wish.
> >>
> >> Signed-off-by: Wei Huang 
> >> ---
> >>  tests/Makefile.include|  1 +
> >>  tests/migration-test.c| 29 ++---
> >>  tests/migration/aarch64-a-b-kernel.h  | 19 +
> >>  tests/migration/aarch64-a-b-kernel.s  | 67 
> >> +++
> >>  tests/migration/rebuild-aarch64-kernel.sh | 67 
> >> +++
> >>  5 files changed, 177 insertions(+), 6 deletions(-)
> >>  create mode 100644 tests/migration/aarch64-a-b-kernel.h
> >>  create mode 100644 tests/migration/aarch64-a-b-kernel.s
> >>  create mode 100755 tests/migration/rebuild-aarch64-kernel.sh
> >>
> >> diff --git a/tests/Makefile.include b/tests/Makefile.include
> >> index f41da23..0fd18fd 100644
> >> --- a/tests/Makefile.include
> >> +++ b/tests/Makefile.include
> >> @@ -369,6 +369,7 @@ gcov-files-arm-y += hw/timer/arm_mptimer.c
> >>  check-qtest-arm-y += tests/boot-serial-test$(EXESUF)
> >>  
> >>  check-qtest-aarch64-y = tests/numa-test$(EXESUF)
> >> +check-qtest-aarch64-y += tests/migration-test$(EXESUF)
> >>  
> >>  check-qtest-microblazeel-y = $(check-qtest-microblaze-y)
> >>  
> >> diff --git a/tests/migration-test.c b/tests/migration-test.c
> >> index 85d4014..b16944c 100644
> >> --- a/tests/migration-test.c
> >> +++ b/tests/migration-test.c
> >> @@ -22,8 +22,8 @@
> >>  
> >>  #define MIN_NVRAM_SIZE 8192 /* from spapr_nvram.c */
> >>  
> >> -const unsigned start_address = 1024 * 1024;
> >> -const unsigned end_address = 100 * 1024 * 1024;
> >> +unsigned start_address = 1024 * 1024;
> >> +unsigned end_address = 100 * 1024 * 1024;
> >>  bool got_stop;
> >>  
> >>  #if defined(__linux__)
> >> @@ -80,12 +80,13 @@ static const char *tmpfs;
> >>   * outputing a 'B' every so often if it's still running.
> >>   */
> >>  #include "tests/migration/x86-a-b-bootblock.h"
> >> +#include "tests/migration/aarch64-a-b-kernel.h"
> >>  
> >> -static void init_bootfile_x86(const char *bootpath)
> >> +static void init_bootfile(const char *bootpath, void *content)
> >>  {
> >>  FILE *bootfile = fopen(bootpath, "wb");
> >>  
> >> -g_assert_cmpint(fwrite(x86_bootsect, 512, 1, bootfile), ==, 1);
> >> +g_assert_cmpint(fwrite(content, 512, 1, bootfile), ==, 1);
> >>  fclose(bootfile);
> >>  }
> >>  
> >> @@ -391,7 +392,7 @@ static void test_migrate_start(QTestState **from, 
> >> QTestState **to,
> >>  got_stop = false;
> >>  
> >>  if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
> >> -init_bootfile_x86(bootpath);
> >> +init_bootfile(bootpath, x86_bootsect);
> >>  cmd_src = g_strdup_printf("-machine accel=%s -m 150M"
> >>" -name source,debug-threads=on"
> >>" -serial file:%s/src_serial"
> >> @@ -420,6 +421,22 @@ static void test_migrate_start(QTestState **from, 
> >> QTestState **to,
> >>" -serial file:%s/dest_serial"
> >>" -incoming %s",
> >>accel, tmpfs, uri);
> >> +} else if (strcmp(arch, "aarch64") == 0) {
> >> +init_bootfile(bootpath, aarch64_kernel);
> >> +cmd_src = g_strdup_printf("-machine virt,accel=kvm:tcg -m 150M "
> >> +  "-name vmsource,debug-threads=on -cpu 
> >> host "
> > 
> > We can't use '-cpu host' with tcg, so the accel fallback won't work.
> 
> Will fix
> 
> > 
> >> +  "-serial file:%s/src_serial "
> >> +  "-kernel %s ",
> >> +  tmpfs, bootpath);
> >> +cmd_dst = g_strdup_printf("-machine virt,accel=kvm:tcg -m 150M "
> >> +  "-name vmdest,debug-threads=on -cpu 
> >> host "
> >> +  "-serial file:%s/dest_serial "
> >> +  "-kernel %s "
> >> +  "-incoming %s 

[Qemu-devel] [PATCH] hw: Do not include "sysemu/block-backend.h" if it is not necessary

[Thomas Huth]

After reviewing a patch from Philippe that removes block-backend.h
from hw/lm32/milkymist.c, I noticed that this header is included
unnecessarily in a lot of other files, too. Remove those unneeded
includes to speed up the compilation process a little bit.

Signed-off-by: Thomas Huth 
---
 hw/arm/highbank.c  | 1 -
 hw/arm/msf2-soc.c  | 1 -
 hw/arm/realview.c  | 1 -
 hw/arm/tosa.c  | 1 -
 hw/i386/pc.c   | 2 --
 hw/i386/pc_piix.c  | 1 -
 hw/ide/ahci-allwinner.c| 1 -
 hw/ide/cmd646.c| 1 -
 hw/ide/ich.c   | 1 -
 hw/ide/isa.c   | 1 -
 hw/ide/microdrive.c| 1 -
 hw/ide/mmio.c  | 1 -
 hw/mips/mips_fulong2e.c| 1 -
 hw/mips/mips_jazz.c| 1 -
 hw/ppc/mac_newworld.c  | 1 -
 hw/ppc/mac_oldworld.c  | 1 -
 hw/ppc/prep.c  | 1 -
 hw/scsi/mptendian.c| 1 -
 hw/sd/core.c   | 1 -
 hw/sparc/sun4m.c   | 1 -
 hw/tricore/tricore_testboard.c | 2 --
 21 files changed, 23 deletions(-)

diff --git a/hw/arm/highbank.c b/hw/arm/highbank.c
index 287392b..1742cf6 100644
--- a/hw/arm/highbank.c
+++ b/hw/arm/highbank.c
@@ -27,7 +27,6 @@
 #include "sysemu/kvm.h"
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
-#include "sysemu/block-backend.h"
 #include "exec/address-spaces.h"
 #include "qemu/error-report.h"
 #include "hw/char/pl011.h"
diff --git a/hw/arm/msf2-soc.c b/hw/arm/msf2-soc.c
index a8ec2cd..f68df56 100644
--- a/hw/arm/msf2-soc.c
+++ b/hw/arm/msf2-soc.c
@@ -29,7 +29,6 @@
 #include "exec/address-spaces.h"
 #include "hw/char/serial.h"
 #include "hw/boards.h"
-#include "sysemu/block-backend.h"
 #include "qemu/cutils.h"
 #include "hw/arm/msf2-soc.h"
 #include "hw/misc/unimp.h"
diff --git a/hw/arm/realview.c b/hw/arm/realview.c
index 87cd1e5..2139a62 100644
--- a/hw/arm/realview.c
+++ b/hw/arm/realview.c
@@ -20,7 +20,6 @@
 #include "sysemu/sysemu.h"
 #include "hw/boards.h"
 #include "hw/i2c/i2c.h"
-#include "sysemu/block-backend.h"
 #include "exec/address-spaces.h"
 #include "qemu/error-report.h"
 #include "hw/char/pl011.h"
diff --git a/hw/arm/tosa.c b/hw/arm/tosa.c
index a55b1a3..7a925fa 100644
--- a/hw/arm/tosa.c
+++ b/hw/arm/tosa.c
@@ -22,7 +22,6 @@
 #include "hw/boards.h"
 #include "hw/i2c/i2c.h"
 #include "hw/ssi/ssi.h"
-#include "sysemu/block-backend.h"
 #include "hw/sysbus.h"
 #include "exec/address-spaces.h"
 #include "sysemu/sysemu.h"
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 55e69d6..7670b45 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -50,8 +50,6 @@
 #include "sysemu/qtest.h"
 #include "kvm_i386.h"
 #include "hw/xen/xen.h"
-#include "sysemu/block-backend.h"
-#include "hw/block/block.h"
 #include "ui/qemu-spice.h"
 #include "exec/memory.h"
 #include "exec/address-spaces.h"
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 456dc9e..527c922 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -40,7 +40,6 @@
 #include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
 #include "sysemu/arch_init.h"
-#include "sysemu/block-backend.h"
 #include "hw/i2c/smbus.h"
 #include "hw/xen/xen.h"
 #include "exec/memory.h"
diff --git a/hw/ide/ahci-allwinner.c b/hw/ide/ahci-allwinner.c
index c3f1604..5397483 100644
--- a/hw/ide/ahci-allwinner.c
+++ b/hw/ide/ahci-allwinner.c
@@ -18,7 +18,6 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "qemu/error-report.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
 #include "hw/ide/internal.h"
 #include "hw/ide/ahci_internal.h"
diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index 65aff51..6bb92d7 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -26,7 +26,6 @@
 #include "hw/hw.h"
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/dma.h"
 
diff --git a/hw/ide/ich.c b/hw/ide/ich.c
index c01b24e..134478e 100644
--- a/hw/ide/ich.c
+++ b/hw/ide/ich.c
@@ -65,7 +65,6 @@
 #include "hw/pci/msi.h"
 #include "hw/pci/pci.h"
 #include "hw/isa/isa.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
 #include "hw/ide/pci.h"
 #include "hw/ide/ahci_internal.h"
diff --git a/hw/ide/isa.c b/hw/ide/isa.c
index 9fb24fc..028bd61 100644
--- a/hw/ide/isa.c
+++ b/hw/ide/isa.c
@@ -25,7 +25,6 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "hw/isa/isa.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
 
 #include "hw/ide/internal.h"
diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c
index 58e4f52..34bb98d 100644
--- a/hw/ide/microdrive.c
+++ b/hw/ide/microdrive.c
@@ -25,7 +25,6 @@
 #include "qemu/osdep.h"
 #include "hw/hw.h"
 #include "hw/pcmcia.h"
-#include "sysemu/block-backend.h"
 #include "sysemu/dma.h"
 
 #include "hw/ide/internal.h"
diff --git a/hw/ide/mmio.c b/hw/ide/mmio.c
index 6f12f45..42fcf13 100644
--- a/hw/ide/mmio.c
+++ b/hw/ide/mmio.c
@@ -25,7 +25,6 @@
 #include "qemu/osdep.h"
 #include 

Re: [Qemu-devel] [PATCH] syscall: fix special case of write(fd, NULL, 0)

[Laurent Vivier]

Le 15/02/2018 à 00:33, Oliver Smith a écrit :
> Hello there,
> 
> I'm a little late to the party. But what is necessary to get this
> upstreamed, and how can I help?
> 
> PS: Sorry if I picked the wrong e-mail addresses, I wasn't subscribed to
> the ML at that point and used the addresses I could find for the people
> who answered to the original thread here:
> 
> https://lists.gnu.org/archive/html/qemu-devel/2017-09/msg08073.html

According to comments in the ML thread, you need to:

- update the patch to call write() with NULL and 0, something like:

--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7912,6 +7912,10 @@ abi_long do_syscall(void *cpu_env, int num,
abi_long arg1,
 }
 break;
 case TARGET_NR_write:
+if (arg2 == 0 && arg3 == 0) {
+ret = get_errno(safe_write(arg1, NULL, 0));
+break;
+}
 if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
 goto efault;
 if (fd_trans_target_to_host_data(arg1)) {

- change TARGET_NR_read to do the same

- check if we need to do the same for pread64/pwrite64

Thanks,
Laurent

Re: [Qemu-devel] [RFC PATCH 0/2] s/size/entries/ when dealing with non-byte units

[Alberto Garcia]

On Wed 14 Feb 2018 12:33:22 AM CET, Eric Blake wrote:
> I mentioned this while reviewing Berto's series on L2 slice handling;
> this is a first cut at patches that I think are worth doing throughout
> the qcow2 code base if we like the idea.
>
> Eric Blake (2):
>   qcow2: Prefer 'entries' over 'size' for non-byte values in spec
>   qcow2: Prefer 'entries' over 'size' during cache creation

I also like the idea. We'd need to change a lot of variables all over
the place, but things will look much more readable.

Berto

Re: [Qemu-devel] [PATCH 24/30] hw/ipack: use the BYTE-based definitions

[Alberto Garcia]

On Thu 15 Feb 2018 05:28:54 AM CET, Philippe Mathieu-Daudé wrote:
> It ease code review, unit is explicit.
>
> Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Alberto Garcia 

Berto