Re: [Qemu-devel] [PATCH v3 3/3] pc-dimm: factor out address space logic into MemoryDevice code

[Pankaj Gupta]

> 
> > >   
> > >> +/* we will need a new memory slot for kvm and vhost */
> > >> +if (kvm_enabled() && !kvm_has_free_slot(machine)) {
> > >> +error_setg(errp, "hypervisor has no free memory slots left");
> > >> +return;
> > >> +}
> > >> +if (!vhost_has_free_slot()) {
> > >> +error_setg(errp, "a used vhost backend has no free memory slots
> > >> left");
> > >> +return;
> > >> +}
> > > move these checks to pre_plug time
> > >   
> > >> +
> > >> +memory_region_add_subregion(>mr, addr - hpms->base, mr);
> > > missing vmstate registration?
> > 
> > Missed this one: To be called by the caller. Important because e.g. for
> > virtio-pmem we don't want this (I assume :) ).
> if pmem isn't on shared storage, then We'd probably want to migrate
> it as well, otherwise target would experience data loss.
> Anyways, I'd just reat it as normal RAM in migration case

Main difference between RAM and pmem it acts like combination of RAM and disk.
Saying this, in normal use-case size would be 100 GB's - few TB's range. 
I am not sure we really want to migrate it for non-shared storage use-case.

One reason why nvdimm added vmstate info could be: still there would be 
transient
writes in memory with fake DAX and there is no way(till now) to flush the guest 
writes. But with virtio-pmem we can flush such writes before migration and 
automatically
at destination host with shared disk we will have updated data.


Thanks,
Pankaj  

[Qemu-devel] [PATCH] checkpatch.pl: add common glib defines to typelist

[Peter Xu]

Otherwise it can warn this:

  ERROR: space prohibited between function name and open parenthesis '('

When with things like this:

  typedef gboolean (*it_tree_iterator)(ITValue start, ITValue end);

CC: Paolo Bonzini 
CC: Stefan Hajnoczi 
CC: "Daniel P. Berrangé" 
CC: Markus Armbruster 
CC: Vladimir Sementsov-Ogievskiy 
CC: Fam Zheng 
Signed-off-by: Peter Xu 
---
 scripts/checkpatch.pl | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index d52207a3cc..6c25449cd3 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -266,6 +266,20 @@ our @typeList = (
qr{target_(?:u)?long},
qr{hwaddr},
qr{xml${Ident}},
+   # Glib definitions
+   qr{gchar},
+   qr{gshort},
+   qr{glong},
+   qr{gint},
+   qr{gboolean},
+   qr{guchar},
+   qr{gushort},
+   qr{gulong},
+   qr{guint},
+   qr{gfloat},
+   qr{gdouble},
+   qr{gpointer},
+   qr{gconstpointer},
 );
 
 # This can be modified by sub possible.  Since it can be empty, be careful
-- 
2.14.3

[Qemu-devel] QEMU monitor banner printed multiple times

[Thomas Huth]

 Hi,

I just noticed that sometimes, the QEMU monitor banner is printed
multiple times when you press "CTRL-a c" to enter the monitor:

$ x86_64-softmmu/qemu-system-x86_64 -no-shutdown -nographic \
-nodefaults -virtioconsole mon:stdio
QEMU 2.12.0 monitor - type 'help' for more information
QEMU 2.12.0 monitor - type 'help' for more information
QEMU 2.12.0 monitor - type 'help' for more information
QEMU 2.12.0 monitor - type 'help' for more information
(qemu) q
QEMU 2.12.0 monitor - type 'help' for more information
(qemu)
$

That looks quite ugly. Anybody got an idea how to fix this?

 Thomas

Re: [Qemu-devel] [PATCH 00/10] intel-iommu: nested vIOMMU, cleanups, bug fixes

[Peter Xu]

On Tue, Apr 24, 2018 at 10:05:14PM -0700, no-re...@patchew.org wrote:

[...]

> === OUTPUT BEGIN ===
> Checking PATCH 1/10: intel-iommu: send PSI always even if across PDEs...
> Checking PATCH 2/10: intel-iommu: remove IntelIOMMUNotifierNode...
> Checking PATCH 3/10: intel-iommu: add iommu lock...
> Checking PATCH 4/10: intel-iommu: only do page walk for MAP notifiers...
> Checking PATCH 5/10: intel-iommu: introduce vtd_page_walk_info...
> Checking PATCH 6/10: intel-iommu: pass in address space when page walk...
> Checking PATCH 7/10: util: implement simple interval tree logic...
> WARNING: architecture specific defines should be avoided
> #34: FILE: include/qemu/interval-tree.h:11:
> +#ifndef __INTERVAL_TREE_H__

This is valid; I'll remove __ prefix/suffix and it'll fix.

> 
> ERROR: space prohibited between function name and open parenthesis '('
> #56: FILE: include/qemu/interval-tree.h:33:
> +typedef gboolean (*it_tree_iterator)(ITValue start, ITValue end);

While this is not; We possibly need the gboolean type into type list.
I'll post a standalone patch for checkpatch instead.

> 
> total: 1 errors, 1 warnings, 352 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> Checking PATCH 8/10: intel-iommu: maintain per-device iova ranges...
> Checking PATCH 9/10: intel-iommu: don't unmap all for shadow page table...
> Checking PATCH 10/10: intel-iommu: remove notify_unmap for page walk...
> === OUTPUT END ===
> 
> Test command exited with code: 1
> 
> 
> ---
> Email generated automatically by Patchew [http://patchew.org/].
> Please send your feedback to patchew-de...@redhat.com

-- 
Peter Xu

[Qemu-devel] [PATCH v1] hw/s390x: Allow to configure the consoles with the "-serial" parameter

[Thomas Huth]

The consoles ("sclpconsole" and "sclplmconsole") can only be configured
with "-device" and "-chardev" so far. Other machines use the convenience
option "-serial" to configure the default consoles, even for virtual
consoles like spapr-vty on the pseries machine. So let's support this
option on s390x, too. This way we can easily enable the serial console
here again with "-nodefaults", for example:

qemu-system-s390x -no-shutdown -nographic -nodefaults -serial mon:stdio

... which is way shorter than typing:

qemu-system-s390x -no-shutdown -nographic -nodefaults \
  -chardev stdio,id=c1,mux=on -device sclpconsole,chardev=c1 \
  -mon chardev=c1

The -serial parameter can also be used if you only want to see the QEMU
monitor on stdio without using -nodefaults, but not the console output.
That's something that is pretty impossible with the current code today:

qemu-system-s390x -no-shutdown -nographic -serial none

While we're at it, this patch also maps the second -serial option to the
"sclplmconsole", so that there is now an easy way to configure this second
console on s390x, too, for example:

qemu-system-s390x -no-shutdown -nographic -serial null -serial mon:stdio

Additionally, the new code is also smaller than the old one and we have
less s390x-specific code in vl.c :-)

I've also checked that migration still works as expected by migrating
a guest with console output back and forth between a qemu-system-s390x
that has this patch and an instance without this patch.

Signed-off-by: Thomas Huth 
---
 RFC -> v1:
 - Improved the patch description (provided examples)
 - Moved the "init consoles" hunk in ccw_init to a later point in time
   so that the output of "info qom-tree" shows the same order of devices
   in the "/machine/unattached" tree.

 hw/s390x/event-facility.c | 14 +++
 hw/s390x/s390-virtio-ccw.c| 19 +--
 include/hw/boards.h   |  1 -
 include/hw/s390x/event-facility.h |  2 ++
 vl.c  | 50 ---
 5 files changed, 33 insertions(+), 53 deletions(-)

diff --git a/hw/s390x/event-facility.c b/hw/s390x/event-facility.c
index 9c24bc6..e6940a2 100644
--- a/hw/s390x/event-facility.c
+++ b/hw/s390x/event-facility.c
@@ -511,3 +511,17 @@ static void register_types(void)
 }
 
 type_init(register_types)
+
+BusState *sclp_get_event_facility_bus(void)
+{
+Object *busobj;
+SCLPEventsBus *sbus;
+
+busobj = object_resolve_path_type("", TYPE_SCLP_EVENTS_BUS, NULL);
+sbus = OBJECT_CHECK(SCLPEventsBus, busobj, TYPE_SCLP_EVENTS_BUS);
+if (!sbus) {
+return NULL;
+}
+
+return >qbus;
+}
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 435f7c9..62d909e 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -288,6 +288,15 @@ static void s390_create_virtio_net(BusState *bus, const 
char *name)
 }
 }
 
+static void s390_create_sclpconsole(const char *type, Chardev *chardev)
+{
+DeviceState *dev;
+
+dev = qdev_create(sclp_get_event_facility_bus(), type);
+qdev_prop_set_chr(dev, "chardev", chardev);
+qdev_init_nofail(dev);
+}
+
 static void ccw_init(MachineState *machine)
 {
 int ret;
@@ -346,6 +355,14 @@ static void ccw_init(MachineState *machine)
 /* Create VirtIO network adapters */
 s390_create_virtio_net(BUS(css_bus), "virtio-net-ccw");
 
+/* init consoles */
+if (serial_hds[0]) {
+s390_create_sclpconsole("sclpconsole", serial_hds[0]);
+}
+if (serial_hds[1]) {
+s390_create_sclpconsole("sclplmconsole", serial_hds[1]);
+}
+
 /* Register savevm handler for guest TOD clock */
 register_savevm_live(NULL, "todclock", 0, 1, _gtod, NULL);
 }
@@ -470,10 +487,8 @@ static void ccw_machine_class_init(ObjectClass *oc, void 
*data)
 mc->block_default_type = IF_VIRTIO;
 mc->no_cdrom = 1;
 mc->no_floppy = 1;
-mc->no_serial = 1;
 mc->no_parallel = 1;
 mc->no_sdcard = 1;
-mc->use_sclp = 1;
 mc->max_cpus = S390_MAX_CPUS;
 mc->has_hotpluggable_cpus = true;
 mc->get_hotplug_handler = s390_get_hotplug_handler;
diff --git a/include/hw/boards.h b/include/hw/boards.h
index a609239..5c5eee5 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -180,7 +180,6 @@ struct MachineClass {
 unsigned int no_serial:1,
 no_parallel:1,
 use_virtcon:1,
-use_sclp:1,
 no_floppy:1,
 no_cdrom:1,
 no_sdcard:1,
diff --git a/include/hw/s390x/event-facility.h 
b/include/hw/s390x/event-facility.h
index 5698e5e..5cc16f6 100644
--- a/include/hw/s390x/event-facility.h
+++ b/include/hw/s390x/event-facility.h
@@ -210,4 +210,6 @@ typedef struct SCLPEventFacilityClass {
 bool (*event_pending)(SCLPEventFacility *ef);
 } SCLPEventFacilityClass;
 
+BusState *sclp_get_event_facility_bus(void);
+
 #endif
diff --git a/vl.c b/vl.c
index fce1fd1..b32340c 100644
--- a/vl.c
+++ b/vl.c
@@ -133,7 +133,6 @@ 

[Qemu-devel] [PATCH 10/10] intel-iommu: remove notify_unmap for page walk

[Peter Xu]

Now after previous changes, we will always pass that parameter as true
now.  Remove it. After removing that variable, now we can greatly
simplify the page walking logic.

No functional change at all.

Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 70 +--
 hw/i386/trace-events  |  1 -
 2 files changed, 28 insertions(+), 43 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index dedaebc46b..31e9b52452 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -762,7 +762,6 @@ typedef struct {
 VTDAddressSpace *as;
 vtd_page_walk_hook hook_fn;
 void *private;
-bool notify_unmap;
 } vtd_page_walk_info;
 
 static int vtd_page_walk_one(IOMMUTLBEntry *entry, int level,
@@ -858,45 +857,34 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t 
start,
  */
 entry_valid = read_cur | write_cur;
 
-entry.target_as = _space_memory;
-entry.iova = iova & subpage_mask;
-entry.perm = IOMMU_ACCESS_FLAG(read_cur, write_cur);
-entry.addr_mask = ~subpage_mask;
-
-if (vtd_is_last_slpte(slpte, level)) {
-/* NOTE: this is only meaningful if entry_valid == true */
-entry.translated_addr = vtd_get_slpte_addr(slpte, aw);
-if (!entry_valid && !info->notify_unmap) {
-trace_vtd_page_walk_skip_perm(iova, iova_next);
-goto next;
-}
-ret = vtd_page_walk_one(, level, info);
-if (ret < 0) {
-return ret;
-}
-} else {
-if (!entry_valid) {
-if (info->notify_unmap) {
-/*
- * The whole entry is invalid; unmap it all.
- * Translated address is meaningless, zero it.
- */
-entry.translated_addr = 0x0;
-ret = vtd_page_walk_one(, level, info);
-if (ret < 0) {
-return ret;
-}
-} else {
-trace_vtd_page_walk_skip_perm(iova, iova_next);
-}
-goto next;
-}
+if (!vtd_is_last_slpte(slpte, level) && entry_valid) {
+/*
+ * This is a valid PDE (or even bigger than PDE).  We need
+ * to walk one further level.
+ */
 ret = vtd_page_walk_level(vtd_get_slpte_addr(slpte, aw),
   iova, MIN(iova_next, end), level - 1,
   read_cur, write_cur, info);
-if (ret < 0) {
-return ret;
-}
+} else {
+/*
+ * This means we are either:
+ *
+ * (1) the real page entry (either 4K page, or huge page)
+ * (2) the whole range is invalid
+ *
+ * In either case, we send an IOTLB notification down.
+ */
+entry.target_as = _space_memory;
+entry.iova = iova & subpage_mask;
+entry.perm = IOMMU_ACCESS_FLAG(read_cur, write_cur);
+entry.addr_mask = ~subpage_mask;
+/* NOTE: this is only meaningful if entry_valid == true */
+entry.translated_addr = vtd_get_slpte_addr(slpte, aw);
+ret = vtd_page_walk_one(, level, info);
+}
+
+if (ret < 0) {
+return ret;
 }
 
 next:
@@ -918,7 +906,7 @@ next:
  */
 static int vtd_page_walk(VTDContextEntry *ce, uint64_t start, uint64_t end,
  vtd_page_walk_hook hook_fn, void *private,
- bool notify_unmap, VTDAddressSpace *as)
+ VTDAddressSpace *as)
 {
 dma_addr_t addr = vtd_ce_get_slpt_base(ce);
 uint32_t level = vtd_ce_get_level(ce);
@@ -926,7 +914,6 @@ static int vtd_page_walk(VTDContextEntry *ce, uint64_t 
start, uint64_t end,
 vtd_page_walk_info info = {
 .hook_fn = hook_fn,
 .private = private,
-.notify_unmap = notify_unmap,
 .as = as,
 };
 
@@ -1491,7 +1478,7 @@ static void 
vtd_iotlb_page_invalidate_notify(IntelIOMMUState *s,
  */
 vtd_page_walk(, addr, addr + size,
   vtd_page_invalidate_notify_hook,
-  (void *)_as->iommu, true, vtd_as);
+  (void *)_as->iommu, vtd_as);
 } else {
 /*
  * For UNMAP-only notifiers, we don't need to walk the
@@ -2962,8 +2949,7 @@ static void vtd_iommu_replay(IOMMUMemoryRegion *iommu_mr, 
IOMMUNotifier *n)
   ce.hi, ce.lo);
 if (vtd_as_notify_mappings(vtd_as)) {
 /* This is required only for MAP typed notifiers */
-vtd_page_walk(, 0, ~0ULL, vtd_replay_hook, (void *)n, true,
- 

[Qemu-devel] [PATCH 08/10] intel-iommu: maintain per-device iova ranges

[Peter Xu]

For each VTDAddressSpace, now we maintain what IOVA ranges we have
mapped and what we have not.  With that information, now we only send
MAP or UNMAP when necessary.  Say, we don't send MAP notifies if we know
we have already mapped the range, meanwhile we don't send UNMAP notifies
if we know we never mapped the range at all.

Signed-off-by: Peter Xu 
---
 include/hw/i386/intel_iommu.h |  2 ++
 hw/i386/intel_iommu.c | 28 
 hw/i386/trace-events  |  2 ++
 3 files changed, 32 insertions(+)

diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index 486e205e79..09a2e94404 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -27,6 +27,7 @@
 #include "hw/i386/ioapic.h"
 #include "hw/pci/msi.h"
 #include "hw/sysbus.h"
+#include "qemu/interval-tree.h"
 
 #define TYPE_INTEL_IOMMU_DEVICE "intel-iommu"
 #define INTEL_IOMMU_DEVICE(obj) \
@@ -95,6 +96,7 @@ struct VTDAddressSpace {
 QLIST_ENTRY(VTDAddressSpace) next;
 /* Superset of notifier flags that this address space has */
 IOMMUNotifierFlag notifier_flags;
+ITTree *iova_tree;  /* Traces mapped IOVA ranges */
 };
 
 struct VTDBus {
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index a19c18b8d4..8f396a5d13 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -768,12 +768,37 @@ typedef struct {
 static int vtd_page_walk_one(IOMMUTLBEntry *entry, int level,
  vtd_page_walk_info *info)
 {
+VTDAddressSpace *as = info->as;
 vtd_page_walk_hook hook_fn = info->hook_fn;
 void *private = info->private;
+ITRange *mapped = it_tree_find(as->iova_tree, entry->iova,
+   entry->iova + entry->addr_mask);
 
 assert(hook_fn);
+
+/* Update local IOVA mapped ranges */
+if (entry->perm) {
+if (mapped) {
+/* Skip since we have already mapped this range */
+trace_vtd_page_walk_one_skip_map(entry->iova, entry->addr_mask,
+ mapped->start, mapped->end);
+return 0;
+}
+it_tree_insert(as->iova_tree, entry->iova,
+   entry->iova + entry->addr_mask);
+} else {
+if (!mapped) {
+/* Skip since we didn't map this range at all */
+trace_vtd_page_walk_one_skip_unmap(entry->iova, entry->addr_mask);
+return 0;
+}
+it_tree_remove(as->iova_tree, entry->iova,
+   entry->iova + entry->addr_mask);
+}
+
 trace_vtd_page_walk_one(level, entry->iova, entry->translated_addr,
 entry->addr_mask, entry->perm);
+
 return hook_fn(entry, private);
 }
 
@@ -2798,6 +2823,7 @@ VTDAddressSpace *vtd_find_add_as(IntelIOMMUState *s, 
PCIBus *bus, int devfn)
 vtd_dev_as->devfn = (uint8_t)devfn;
 vtd_dev_as->iommu_state = s;
 vtd_dev_as->context_cache_entry.context_cache_gen = 0;
+vtd_dev_as->iova_tree = it_tree_new();
 
 /*
  * Memory region relationships looks like (Address range shows
@@ -2894,6 +2920,8 @@ static void vtd_address_space_unmap(VTDAddressSpace *as, 
IOMMUNotifier *n)
  VTD_PCI_FUNC(as->devfn),
  entry.iova, size);
 
+it_tree_remove(as->iova_tree, entry.iova, entry.iova + entry.addr_mask);
+
 memory_region_notify_one(n, );
 }
 
diff --git a/hw/i386/trace-events b/hw/i386/trace-events
index 22d44648af..677f83420d 100644
--- a/hw/i386/trace-events
+++ b/hw/i386/trace-events
@@ -40,6 +40,8 @@ vtd_replay_ce_valid(uint8_t bus, uint8_t dev, uint8_t fn, 
uint16_t domain, uint6
 vtd_replay_ce_invalid(uint8_t bus, uint8_t dev, uint8_t fn) "replay invalid 
context device %02"PRIx8":%02"PRIx8".%02"PRIx8
 vtd_page_walk_level(uint64_t addr, uint32_t level, uint64_t start, uint64_t 
end) "walk (base=0x%"PRIx64", level=%"PRIu32") iova range 0x%"PRIx64" - 
0x%"PRIx64
 vtd_page_walk_one(uint32_t level, uint64_t iova, uint64_t gpa, uint64_t mask, 
int perm) "detected page level 0x%"PRIx32" iova 0x%"PRIx64" -> gpa 0x%"PRIx64" 
mask 0x%"PRIx64" perm %d"
+vtd_page_walk_one_skip_map(uint64_t iova, uint64_t mask, uint64_t start, 
uint64_t end) "iova 0x%"PRIx64" mask 0x%"PRIx64" start 0x%"PRIx64" end 
0x%"PRIx64
+vtd_page_walk_one_skip_unmap(uint64_t iova, uint64_t mask) "iova 0x%"PRIx64" 
mask 0x%"PRIx64
 vtd_page_walk_skip_read(uint64_t iova, uint64_t next) "Page walk skip iova 
0x%"PRIx64" - 0x%"PRIx64" due to unable to read"
 vtd_page_walk_skip_perm(uint64_t iova, uint64_t next) "Page walk skip iova 
0x%"PRIx64" - 0x%"PRIx64" due to perm empty"
 vtd_page_walk_skip_reserve(uint64_t iova, uint64_t next) "Page walk skip iova 
0x%"PRIx64" - 0x%"PRIx64" due to rsrv set"
-- 
2.14.3

[Qemu-devel] [PATCH 09/10] intel-iommu: don't unmap all for shadow page table

[Peter Xu]

IOMMU replay was carried out before in many use cases, e.g., context
cache invalidations, domain flushes.  We used this mechanism to sync the
shadow page table by firstly (1) unmap the whole address space, then
(2) walk the page table to remap what's in the table.

This is very dangerous.

The problem is that we'll have a very small window (in my measurement,
it can be about 3ms) during above step (1) and (2) that the device will
see no (or incomplete) device page table.  Howerver the device never
knows that.  This can cause DMA error of devices, who assumes the page
table is always there.

So the point is that, for MAP typed notifiers (vfio-pci, for example)
they'll need the mapped page entries always be there.  We can never
unmap any existing page entries like what we did in (1) above.

The only solution is to remove step (1).  We can't do that before since
we didn't know what device page was mapped and what was not, so we unmap
them all.  Now with the new IOVA tree QEMU knows what has mapped and
what has not.  We don't need this step (1) any more.  Remove it.

Note that after removing that global unmap flushing, we'll need to
notify unmap now during page walkings.

This should fix the DMA error problem that Jintack Lim reported with
nested device assignment.  This problem won't not happen always, e.g., I
cannot reproduce the error.  However after collecting logs it shows that
this is the possible cause to Jintack's problem.

Reported-by: Jintack Lim 
Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 8f396a5d13..dedaebc46b 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -2952,10 +2952,8 @@ static void vtd_iommu_replay(IOMMUMemoryRegion 
*iommu_mr, IOMMUNotifier *n)
 
 /*
  * The replay can be triggered by either a invalidation or a newly
- * created entry. No matter what, we release existing mappings
- * (it means flushing caches for UNMAP-only registers).
+ * created entry.
  */
-vtd_address_space_unmap(vtd_as, n);
 
 if (vtd_dev_to_context_entry(s, bus_n, vtd_as->devfn, ) == 0) {
 trace_vtd_replay_ce_valid(bus_n, PCI_SLOT(vtd_as->devfn),
@@ -2964,8 +2962,10 @@ static void vtd_iommu_replay(IOMMUMemoryRegion 
*iommu_mr, IOMMUNotifier *n)
   ce.hi, ce.lo);
 if (vtd_as_notify_mappings(vtd_as)) {
 /* This is required only for MAP typed notifiers */
-vtd_page_walk(, 0, ~0ULL, vtd_replay_hook, (void *)n, false,
+vtd_page_walk(, 0, ~0ULL, vtd_replay_hook, (void *)n, true,
   vtd_as);
+} else {
+vtd_address_space_unmap(vtd_as, n);
 }
 } else {
 trace_vtd_replay_ce_invalid(bus_n, PCI_SLOT(vtd_as->devfn),
-- 
2.14.3

[Qemu-devel] [PATCH 07/10] util: implement simple interval tree logic

[Peter Xu]

Introduce a simplest interval tree implementation based on GTree.
Current implementation is mostly tailored to maintain and trace device
mapped IOVA ranges, but still it might be useful to other modules in the
future.

It is naive in that it even does not allow user to pass in private
structs along with the ranges.  However it's good in that the tree can
do mergings of ranges when necessary when without such information.

Signed-off-by: Peter Xu 
---
 include/qemu/interval-tree.h | 130 ++
 util/interval-tree.c | 217 +++
 util/Makefile.objs   |   1 +
 3 files changed, 348 insertions(+)
 create mode 100644 include/qemu/interval-tree.h
 create mode 100644 util/interval-tree.c

diff --git a/include/qemu/interval-tree.h b/include/qemu/interval-tree.h
new file mode 100644
index 00..4485f4b338
--- /dev/null
+++ b/include/qemu/interval-tree.h
@@ -0,0 +1,130 @@
+/*
+ * An very simplified interval tree implementation based on GTree.
+ *
+ * Copyright 2018 Red Hat, Inc.
+ *
+ * Authors:
+ *  Peter Xu 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ */
+#ifndef __INTERVAL_TREE_H__
+#define __INTERVAL_TREE_H__
+
+/*
+ * Currently the interval tree will only allow to keep ranges
+ * information, and no extra user data is allowed for each element.  A
+ * benefit is that we can merge adjacent ranges internally within the
+ * tree.  It can save a lot of memory when the ranges are splitted but
+ * mostly continuous.
+ *
+ * Note that current implementation does not provide any thread
+ * protections.  Callers of the interval tree should be responsible
+ * for the thread safety issue.
+ */
+
+#include 
+
+#define  IT_OK   (0)
+#define  IT_ERR_OVERLAP  (-1)
+
+typedef unsigned long long ITValue;
+typedef struct ITTree ITTree;
+typedef gboolean (*it_tree_iterator)(ITValue start, ITValue end);
+
+struct ITRange {
+ITValue start;
+ITValue end;
+};
+typedef struct ITRange ITRange;
+
+/**
+ * it_tree_new:
+ *
+ * Create a new interval tree.
+ *
+ * Returns: the tree pointer when succeeded, or NULL if error.
+ */
+ITTree *it_tree_new(void);
+
+/**
+ * it_tree_insert:
+ *
+ * @tree: the interval tree to insert
+ * @start: the start of range, inclusive
+ * @end: the end of range, inclusive
+ *
+ * Insert an interval range to the tree.  If there is overlapped
+ * ranges, IT_ERR_OVERLAP will be returned.
+ *
+ * Return: 0 if succeeded, or <0 if error.
+ */
+int it_tree_insert(ITTree *tree, ITValue start, ITValue end);
+
+/**
+ * it_tree_remove:
+ *
+ * @tree: the interval tree to remove range from
+ * @start: the start of range, inclusive
+ * @end: the end of range, inclusive
+ *
+ * Remove an range from the tree.  The range does not need to be
+ * exactly what has inserted.  All the ranges that are included in the
+ * provided range will be removed from the tree.
+ *
+ * Return: 0 if succeeded, or <0 if error.
+ */
+int it_tree_remove(ITTree *tree, ITValue start, ITValue end);
+
+/**
+ * it_tree_find:
+ *
+ * @tree: the interval tree to search from
+ * @start: the start of range, inclusive
+ * @end: the end of range, inclusive
+ *
+ * Search for a range in the interval tree that overlaps with the
+ * range specified.  Only the first found range will be returned.
+ *
+ * Return: ITRange if found, or NULL if not found.  Note: the returned
+ * ITRange pointer is maintained internally.  User should only read
+ * the content but never modify or free the content.
+ */
+ITRange *it_tree_find(ITTree *tree, ITValue start, ITValue end);
+
+/**
+ * it_tree_find_value:
+ *
+ * @tree: the interval tree to search from
+ * @value: the value to find
+ *
+ * Similar to it_tree_find(), but it tries to find range (value, value).
+ *
+ * Return: same as it_tree_find().
+ */
+ITRange *it_tree_find_value(ITTree *tree, ITValue value);
+
+/**
+ * it_tree_foreach:
+ *
+ * @tree: the interval tree to iterate on
+ * @iterator: the interator for the ranges, return true to stop
+ *
+ * Search for a range in the interval tree.
+ *
+ * Return: 1 if found any overlap, 0 if not, <0 if error.
+ */
+void it_tree_foreach(ITTree *tree, it_tree_iterator iterator);
+
+/**
+ * it_tree_destroy:
+ *
+ * @tree: the interval tree to destroy
+ *
+ * Destroy an existing interval tree.
+ *
+ * Return: None.
+ */
+void it_tree_destroy(ITTree *tree);
+
+#endif
diff --git a/util/interval-tree.c b/util/interval-tree.c
new file mode 100644
index 00..0e7a37c2c6
--- /dev/null
+++ b/util/interval-tree.c
@@ -0,0 +1,217 @@
+/*
+ * An very simplified interval tree implementation based on GTree.
+ *
+ * Copyright 2018 Red Hat, Inc.
+ *
+ * Authors:
+ *  Peter Xu 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ */
+
+#include 
+#include "qemu/interval-tree.h"
+
+/*
+ * Each element of the internal tree is an ITRange.  It is shared
+ * between the key and 

[Qemu-devel] [PATCH 04/10] intel-iommu: only do page walk for MAP notifiers

[Peter Xu]

For UNMAP-only IOMMU notifiers, we don't really need to walk the page
tables.  Fasten that procedure by skipping the page table walk.  That
should boost performance for UNMAP-only notifiers like vhost.

Signed-off-by: Peter Xu 
---
 include/hw/i386/intel_iommu.h |  2 ++
 hw/i386/intel_iommu.c | 43 ++-
 2 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index 1a8ba8e415..486e205e79 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -93,6 +93,8 @@ struct VTDAddressSpace {
 IntelIOMMUState *iommu_state;
 VTDContextCacheEntry context_cache_entry;
 QLIST_ENTRY(VTDAddressSpace) next;
+/* Superset of notifier flags that this address space has */
+IOMMUNotifierFlag notifier_flags;
 };
 
 struct VTDBus {
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index e4ee211dde..1c252414a9 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -138,6 +138,12 @@ static inline void vtd_iommu_unlock(IntelIOMMUState *s)
 qemu_mutex_unlock(>iommu_lock);
 }
 
+/* Whether the address space needs to notify new mappings */
+static inline gboolean vtd_as_notify_mappings(VTDAddressSpace *as)
+{
+return as->notifier_flags & IOMMU_NOTIFIER_MAP;
+}
+
 /* GHashTable functions */
 static gboolean vtd_uint64_equal(gconstpointer v1, gconstpointer v2)
 {
@@ -1427,14 +1433,35 @@ static void 
vtd_iotlb_page_invalidate_notify(IntelIOMMUState *s,
 VTDAddressSpace *vtd_as;
 VTDContextEntry ce;
 int ret;
+hwaddr size = (1 << am) * VTD_PAGE_SIZE;
 
 QLIST_FOREACH(vtd_as, &(s->notifiers_list), next) {
 ret = vtd_dev_to_context_entry(s, pci_bus_num(vtd_as->bus),
vtd_as->devfn, );
 if (!ret && domain_id == VTD_CONTEXT_ENTRY_DID(ce.hi)) {
-vtd_page_walk(, addr, addr + (1 << am) * VTD_PAGE_SIZE,
-  vtd_page_invalidate_notify_hook,
-  (void *)_as->iommu, true, s->aw_bits);
+if (vtd_as_notify_mappings(vtd_as)) {
+/*
+ * For MAP-inclusive notifiers, we need to walk the
+ * page table to sync the shadow page table.
+ */
+vtd_page_walk(, addr, addr + size,
+  vtd_page_invalidate_notify_hook,
+  (void *)_as->iommu, true, s->aw_bits);
+} else {
+/*
+ * For UNMAP-only notifiers, we don't need to walk the
+ * page tables.  We just deliver the PSI down to
+ * invalidate caches.
+ */
+IOMMUTLBEntry entry = {
+.target_as = _space_memory,
+.iova = addr,
+.translated_addr = 0,
+.addr_mask = size - 1,
+.perm = IOMMU_NONE,
+};
+memory_region_notify_iommu(_as->iommu, entry);
+}
 }
 }
 }
@@ -2374,6 +2401,9 @@ static void 
vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
 exit(1);
 }
 
+/* Update per-address-space notifier flags */
+vtd_as->notifier_flags = new;
+
 if (old == IOMMU_NOTIFIER_NONE) {
 /* Insert new ones */
 QLIST_INSERT_HEAD(>notifiers_list, vtd_as, next);
@@ -2884,8 +2914,11 @@ static void vtd_iommu_replay(IOMMUMemoryRegion 
*iommu_mr, IOMMUNotifier *n)
   PCI_FUNC(vtd_as->devfn),
   VTD_CONTEXT_ENTRY_DID(ce.hi),
   ce.hi, ce.lo);
-vtd_page_walk(, 0, ~0ULL, vtd_replay_hook, (void *)n, false,
-  s->aw_bits);
+if (vtd_as_notify_mappings(vtd_as)) {
+/* This is required only for MAP typed notifiers */
+vtd_page_walk(, 0, ~0ULL, vtd_replay_hook, (void *)n, false,
+  s->aw_bits);
+}
 } else {
 trace_vtd_replay_ce_invalid(bus_n, PCI_SLOT(vtd_as->devfn),
 PCI_FUNC(vtd_as->devfn));
-- 
2.14.3

[Qemu-devel] [PATCH 03/10] intel-iommu: add iommu lock

[Peter Xu]

Add a per-iommu big lock to protect IOMMU status.  Currently the only
thing to be protected is the IOTLB cache, since that can be accessed
even without BQL, e.g., in IO dataplane.

Note that device page tables should not need any protection.  The safety
of that should be provided by guest OS.  E.g., when a page entry is
freed, the guest OS should be responsible to make sure that no device
will be using that page any more.

Reported-by: Fam Zheng 
Signed-off-by: Peter Xu 
---
 include/hw/i386/intel_iommu.h |  8 
 hw/i386/intel_iommu.c | 31 +--
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index 220697253f..1a8ba8e415 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -262,6 +262,14 @@ struct IntelIOMMUState {
 uint8_t w1cmask[DMAR_REG_SIZE]; /* RW1C(Write 1 to Clear) bytes */
 uint8_t womask[DMAR_REG_SIZE];  /* WO (write only - read returns 0) */
 uint32_t version;
+/*
+ * Protects IOMMU states in general.  Normally we don't need to
+ * take this lock when we are with BQL held.  However we have code
+ * paths that may run even without BQL.  In those cases, we need
+ * to take the lock when we have access to IOMMU state
+ * informations, e.g., the IOTLB.
+ */
+QemuMutex iommu_lock;
 
 bool caching_mode;  /* RO - is cap CM enabled? */
 
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 5987b48d43..e4ee211dde 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -128,6 +128,16 @@ static uint64_t vtd_set_clear_mask_quad(IntelIOMMUState 
*s, hwaddr addr,
 return new_val;
 }
 
+static inline void vtd_iommu_lock(IntelIOMMUState *s)
+{
+qemu_mutex_lock(>iommu_lock);
+}
+
+static inline void vtd_iommu_unlock(IntelIOMMUState *s)
+{
+qemu_mutex_unlock(>iommu_lock);
+}
+
 /* GHashTable functions */
 static gboolean vtd_uint64_equal(gconstpointer v1, gconstpointer v2)
 {
@@ -197,12 +207,19 @@ static void vtd_reset_context_cache(IntelIOMMUState *s)
 s->context_cache_gen = 1;
 }
 
-static void vtd_reset_iotlb(IntelIOMMUState *s)
+static void vtd_reset_iotlb_locked(IntelIOMMUState *s)
 {
 assert(s->iotlb);
 g_hash_table_remove_all(s->iotlb);
 }
 
+static void vtd_reset_iotlb(IntelIOMMUState *s)
+{
+vtd_iommu_lock(s);
+vtd_reset_iotlb_locked(s);
+vtd_iommu_unlock(s);
+}
+
 static uint64_t vtd_get_iotlb_key(uint64_t gfn, uint16_t source_id,
   uint32_t level)
 {
@@ -222,6 +239,7 @@ static VTDIOTLBEntry *vtd_lookup_iotlb(IntelIOMMUState *s, 
uint16_t source_id,
 uint64_t key;
 int level;
 
+vtd_iommu_lock(s);
 for (level = VTD_SL_PT_LEVEL; level < VTD_SL_PML4_LEVEL; level++) {
 key = vtd_get_iotlb_key(vtd_get_iotlb_gfn(addr, level),
 source_id, level);
@@ -232,6 +250,7 @@ static VTDIOTLBEntry *vtd_lookup_iotlb(IntelIOMMUState *s, 
uint16_t source_id,
 }
 
 out:
+vtd_iommu_unlock(s);
 return entry;
 }
 
@@ -244,9 +263,11 @@ static void vtd_update_iotlb(IntelIOMMUState *s, uint16_t 
source_id,
 uint64_t gfn = vtd_get_iotlb_gfn(addr, level);
 
 trace_vtd_iotlb_page_update(source_id, addr, slpte, domain_id);
+
+vtd_iommu_lock(s);
 if (g_hash_table_size(s->iotlb) >= VTD_IOTLB_MAX_SIZE) {
 trace_vtd_iotlb_reset("iotlb exceeds size limit");
-vtd_reset_iotlb(s);
+vtd_reset_iotlb_locked(s);
 }
 
 entry->gfn = gfn;
@@ -256,6 +277,7 @@ static void vtd_update_iotlb(IntelIOMMUState *s, uint16_t 
source_id,
 entry->mask = vtd_slpt_level_page_mask(level);
 *key = vtd_get_iotlb_key(gfn, source_id, level);
 g_hash_table_replace(s->iotlb, key, entry);
+vtd_iommu_unlock(s);
 }
 
 /* Given the reg addr of both the message data and address, generate an
@@ -1377,8 +1399,10 @@ static void vtd_iotlb_domain_invalidate(IntelIOMMUState 
*s, uint16_t domain_id)
 
 trace_vtd_inv_desc_iotlb_domain(domain_id);
 
+vtd_iommu_lock(s);
 g_hash_table_foreach_remove(s->iotlb, vtd_hash_remove_by_domain,
 _id);
+vtd_iommu_unlock(s);
 
 QLIST_FOREACH(vtd_as, >notifiers_list, next) {
 if (!vtd_dev_to_context_entry(s, pci_bus_num(vtd_as->bus),
@@ -1426,7 +1450,9 @@ static void vtd_iotlb_page_invalidate(IntelIOMMUState *s, 
uint16_t domain_id,
 info.domain_id = domain_id;
 info.addr = addr;
 info.mask = ~((1 << am) - 1);
+vtd_iommu_lock(s);
 g_hash_table_foreach_remove(s->iotlb, vtd_hash_remove_by_page, );
+vtd_iommu_unlock(s);
 vtd_iotlb_page_invalidate_notify(s, domain_id, addr, am);
 }
 
@@ -3072,6 +3098,7 @@ static void vtd_realize(DeviceState *dev, Error **errp)
 }
 
 QLIST_INIT(>notifiers_list);
+qemu_mutex_init(>iommu_lock);
 memset(s->vtd_as_by_bus_num, 0, sizeof(s->vtd_as_by_bus_num));
 

[Qemu-devel] [PATCH 02/10] intel-iommu: remove IntelIOMMUNotifierNode

[Peter Xu]

That is not really necessary.  Removing that node struct and put the
list entry directly into VTDAddressSpace.  It simplfies the code a lot.

Signed-off-by: Peter Xu 
---
 include/hw/i386/intel_iommu.h |  9 ++---
 hw/i386/intel_iommu.c | 41 -
 2 files changed, 14 insertions(+), 36 deletions(-)

diff --git a/include/hw/i386/intel_iommu.h b/include/hw/i386/intel_iommu.h
index 45ec8919b6..220697253f 100644
--- a/include/hw/i386/intel_iommu.h
+++ b/include/hw/i386/intel_iommu.h
@@ -67,7 +67,6 @@ typedef union VTD_IR_TableEntry VTD_IR_TableEntry;
 typedef union VTD_IR_MSIAddress VTD_IR_MSIAddress;
 typedef struct VTDIrq VTDIrq;
 typedef struct VTD_MSIMessage VTD_MSIMessage;
-typedef struct IntelIOMMUNotifierNode IntelIOMMUNotifierNode;
 
 /* Context-Entry */
 struct VTDContextEntry {
@@ -93,6 +92,7 @@ struct VTDAddressSpace {
 MemoryRegion iommu_ir;  /* Interrupt region: 0xfeeX */
 IntelIOMMUState *iommu_state;
 VTDContextCacheEntry context_cache_entry;
+QLIST_ENTRY(VTDAddressSpace) next;
 };
 
 struct VTDBus {
@@ -253,11 +253,6 @@ struct VTD_MSIMessage {
 /* When IR is enabled, all MSI/MSI-X data bits should be zero */
 #define VTD_IR_MSI_DATA  (0)
 
-struct IntelIOMMUNotifierNode {
-VTDAddressSpace *vtd_as;
-QLIST_ENTRY(IntelIOMMUNotifierNode) next;
-};
-
 /* The iommu (DMAR) device state struct */
 struct IntelIOMMUState {
 X86IOMMUState x86_iommu;
@@ -295,7 +290,7 @@ struct IntelIOMMUState {
 GHashTable *vtd_as_by_busptr;   /* VTDBus objects indexed by PCIBus* 
reference */
 VTDBus *vtd_as_by_bus_num[VTD_PCI_BUS_MAX]; /* VTDBus objects indexed by 
bus number */
 /* list of registered notifiers */
-QLIST_HEAD(, IntelIOMMUNotifierNode) notifiers_list;
+QLIST_HEAD(, VTDAddressSpace) notifiers_list;
 
 /* interrupt remapping */
 bool intr_enabled;  /* Whether guest enabled IR */
diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index b359efd6f9..5987b48d43 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -1248,10 +1248,10 @@ static void 
vtd_interrupt_remap_table_setup(IntelIOMMUState *s)
 
 static void vtd_iommu_replay_all(IntelIOMMUState *s)
 {
-IntelIOMMUNotifierNode *node;
+VTDAddressSpace *vtd_as;
 
-QLIST_FOREACH(node, >notifiers_list, next) {
-memory_region_iommu_replay_all(>vtd_as->iommu);
+QLIST_FOREACH(vtd_as, >notifiers_list, next) {
+memory_region_iommu_replay_all(_as->iommu);
 }
 }
 
@@ -1372,7 +1372,6 @@ static void vtd_iotlb_global_invalidate(IntelIOMMUState 
*s)
 
 static void vtd_iotlb_domain_invalidate(IntelIOMMUState *s, uint16_t domain_id)
 {
-IntelIOMMUNotifierNode *node;
 VTDContextEntry ce;
 VTDAddressSpace *vtd_as;
 
@@ -1381,8 +1380,7 @@ static void vtd_iotlb_domain_invalidate(IntelIOMMUState 
*s, uint16_t domain_id)
 g_hash_table_foreach_remove(s->iotlb, vtd_hash_remove_by_domain,
 _id);
 
-QLIST_FOREACH(node, >notifiers_list, next) {
-vtd_as = node->vtd_as;
+QLIST_FOREACH(vtd_as, >notifiers_list, next) {
 if (!vtd_dev_to_context_entry(s, pci_bus_num(vtd_as->bus),
   vtd_as->devfn, ) &&
 domain_id == VTD_CONTEXT_ENTRY_DID(ce.hi)) {
@@ -1402,12 +1400,11 @@ static void 
vtd_iotlb_page_invalidate_notify(IntelIOMMUState *s,
uint16_t domain_id, hwaddr addr,
uint8_t am)
 {
-IntelIOMMUNotifierNode *node;
+VTDAddressSpace *vtd_as;
 VTDContextEntry ce;
 int ret;
 
-QLIST_FOREACH(node, &(s->notifiers_list), next) {
-VTDAddressSpace *vtd_as = node->vtd_as;
+QLIST_FOREACH(vtd_as, &(s->notifiers_list), next) {
 ret = vtd_dev_to_context_entry(s, pci_bus_num(vtd_as->bus),
vtd_as->devfn, );
 if (!ret && domain_id == VTD_CONTEXT_ENTRY_DID(ce.hi)) {
@@ -2344,8 +2341,6 @@ static void 
vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
 {
 VTDAddressSpace *vtd_as = container_of(iommu, VTDAddressSpace, iommu);
 IntelIOMMUState *s = vtd_as->iommu_state;
-IntelIOMMUNotifierNode *node = NULL;
-IntelIOMMUNotifierNode *next_node = NULL;
 
 if (!s->caching_mode && new & IOMMU_NOTIFIER_MAP) {
 error_report("We need to set caching-mode=1 for intel-iommu to enable "
@@ -2354,21 +2349,11 @@ static void 
vtd_iommu_notify_flag_changed(IOMMUMemoryRegion *iommu,
 }
 
 if (old == IOMMU_NOTIFIER_NONE) {
-node = g_malloc0(sizeof(*node));
-node->vtd_as = vtd_as;
-QLIST_INSERT_HEAD(>notifiers_list, node, next);
-return;
-}
-
-/* update notifier node with new flags */
-QLIST_FOREACH_SAFE(node, >notifiers_list, next, next_node) {
-if (node->vtd_as == vtd_as) {
-if (new == IOMMU_NOTIFIER_NONE) {
-

[Qemu-devel] [PATCH 06/10] intel-iommu: pass in address space when page walk

[Peter Xu]

We pass in the VTDAddressSpace to replace the aw bits when doing page
walk.  The VTDAddressSpace contains the aw bits information, meanwhile
we'll need to do something more in the follow up patches regarding to
the address spaces.

Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 20 +++-
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 42f607676c..a19c18b8d4 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -756,13 +756,13 @@ typedef int (*vtd_page_walk_hook)(IOMMUTLBEntry *entry, 
void *private);
  * @hook_fn: hook func to be called when detected page
  * @private: private data to be passed into hook func
  * @notify_unmap: whether we should notify invalid entries
- * @aw: maximum address width
+ * @as: VT-d address space of the device
  */
 typedef struct {
+VTDAddressSpace *as;
 vtd_page_walk_hook hook_fn;
 void *private;
 bool notify_unmap;
-uint8_t aw;
 } vtd_page_walk_info;
 
 static int vtd_page_walk_one(IOMMUTLBEntry *entry, int level,
@@ -799,6 +799,7 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t 
start,
 uint64_t iova = start;
 uint64_t iova_next;
 int ret = 0;
+uint8_t aw = info->as->iommu_state->aw_bits;
 
 trace_vtd_page_walk_level(addr, level, start, end);
 
@@ -839,7 +840,7 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t 
start,
 
 if (vtd_is_last_slpte(slpte, level)) {
 /* NOTE: this is only meaningful if entry_valid == true */
-entry.translated_addr = vtd_get_slpte_addr(slpte, info->aw);
+entry.translated_addr = vtd_get_slpte_addr(slpte, aw);
 if (!entry_valid && !info->notify_unmap) {
 trace_vtd_page_walk_skip_perm(iova, iova_next);
 goto next;
@@ -865,7 +866,7 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t 
start,
 }
 goto next;
 }
-ret = vtd_page_walk_level(vtd_get_slpte_addr(slpte, info->aw),
+ret = vtd_page_walk_level(vtd_get_slpte_addr(slpte, aw),
   iova, MIN(iova_next, end), level - 1,
   read_cur, write_cur, info);
 if (ret < 0) {
@@ -888,19 +889,20 @@ next:
  * @end: IOVA range end address (start <= addr < end)
  * @hook_fn: the hook that to be called for each detected area
  * @private: private data for the hook function
- * @aw: maximum address width
+ * @as: the VT-d address space of the device
  */
 static int vtd_page_walk(VTDContextEntry *ce, uint64_t start, uint64_t end,
  vtd_page_walk_hook hook_fn, void *private,
- bool notify_unmap, uint8_t aw)
+ bool notify_unmap, VTDAddressSpace *as)
 {
 dma_addr_t addr = vtd_ce_get_slpt_base(ce);
 uint32_t level = vtd_ce_get_level(ce);
+uint8_t aw = as->iommu_state->aw_bits;
 vtd_page_walk_info info = {
 .hook_fn = hook_fn,
 .private = private,
 .notify_unmap = notify_unmap,
-.aw = aw,
+.as = as,
 };
 
 if (!vtd_iova_range_check(start, ce, aw)) {
@@ -1464,7 +1466,7 @@ static void 
vtd_iotlb_page_invalidate_notify(IntelIOMMUState *s,
  */
 vtd_page_walk(, addr, addr + size,
   vtd_page_invalidate_notify_hook,
-  (void *)_as->iommu, true, s->aw_bits);
+  (void *)_as->iommu, true, vtd_as);
 } else {
 /*
  * For UNMAP-only notifiers, we don't need to walk the
@@ -2935,7 +2937,7 @@ static void vtd_iommu_replay(IOMMUMemoryRegion *iommu_mr, 
IOMMUNotifier *n)
 if (vtd_as_notify_mappings(vtd_as)) {
 /* This is required only for MAP typed notifiers */
 vtd_page_walk(, 0, ~0ULL, vtd_replay_hook, (void *)n, false,
-  s->aw_bits);
+  vtd_as);
 }
 } else {
 trace_vtd_replay_ce_invalid(bus_n, PCI_SLOT(vtd_as->devfn),
-- 
2.14.3

[Qemu-devel] [PATCH 05/10] intel-iommu: introduce vtd_page_walk_info

[Peter Xu]

During the recursive page walking of IOVA page tables, some stack
variables are constant variables and never changed during the whole page
walking procedure.  Isolate them into a struct so that we don't need to
pass those contants down the stack every time and multiple times.

Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 56 ++-
 1 file changed, 37 insertions(+), 19 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index 1c252414a9..42f607676c 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -750,9 +750,27 @@ static int vtd_iova_to_slpte(VTDContextEntry *ce, uint64_t 
iova, bool is_write,
 
 typedef int (*vtd_page_walk_hook)(IOMMUTLBEntry *entry, void *private);
 
+/**
+ * Constant information used during page walking
+ *
+ * @hook_fn: hook func to be called when detected page
+ * @private: private data to be passed into hook func
+ * @notify_unmap: whether we should notify invalid entries
+ * @aw: maximum address width
+ */
+typedef struct {
+vtd_page_walk_hook hook_fn;
+void *private;
+bool notify_unmap;
+uint8_t aw;
+} vtd_page_walk_info;
+
 static int vtd_page_walk_one(IOMMUTLBEntry *entry, int level,
- vtd_page_walk_hook hook_fn, void *private)
+ vtd_page_walk_info *info)
 {
+vtd_page_walk_hook hook_fn = info->hook_fn;
+void *private = info->private;
+
 assert(hook_fn);
 trace_vtd_page_walk_one(level, entry->iova, entry->translated_addr,
 entry->addr_mask, entry->perm);
@@ -765,17 +783,13 @@ static int vtd_page_walk_one(IOMMUTLBEntry *entry, int 
level,
  * @addr: base GPA addr to start the walk
  * @start: IOVA range start address
  * @end: IOVA range end address (start <= addr < end)
- * @hook_fn: hook func to be called when detected page
- * @private: private data to be passed into hook func
  * @read: whether parent level has read permission
  * @write: whether parent level has write permission
- * @notify_unmap: whether we should notify invalid entries
- * @aw: maximum address width
+ * @info: constant information for the page walk
  */
 static int vtd_page_walk_level(dma_addr_t addr, uint64_t start,
-   uint64_t end, vtd_page_walk_hook hook_fn,
-   void *private, uint32_t level, bool read,
-   bool write, bool notify_unmap, uint8_t aw)
+   uint64_t end, uint32_t level, bool read,
+   bool write, vtd_page_walk_info *info)
 {
 bool read_cur, write_cur, entry_valid;
 uint32_t offset;
@@ -825,24 +839,24 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t 
start,
 
 if (vtd_is_last_slpte(slpte, level)) {
 /* NOTE: this is only meaningful if entry_valid == true */
-entry.translated_addr = vtd_get_slpte_addr(slpte, aw);
-if (!entry_valid && !notify_unmap) {
+entry.translated_addr = vtd_get_slpte_addr(slpte, info->aw);
+if (!entry_valid && !info->notify_unmap) {
 trace_vtd_page_walk_skip_perm(iova, iova_next);
 goto next;
 }
-ret = vtd_page_walk_one(, level, hook_fn, private);
+ret = vtd_page_walk_one(, level, info);
 if (ret < 0) {
 return ret;
 }
 } else {
 if (!entry_valid) {
-if (notify_unmap) {
+if (info->notify_unmap) {
 /*
  * The whole entry is invalid; unmap it all.
  * Translated address is meaningless, zero it.
  */
 entry.translated_addr = 0x0;
-ret = vtd_page_walk_one(, level, hook_fn, private);
+ret = vtd_page_walk_one(, level, info);
 if (ret < 0) {
 return ret;
 }
@@ -851,10 +865,9 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t 
start,
 }
 goto next;
 }
-ret = vtd_page_walk_level(vtd_get_slpte_addr(slpte, aw), iova,
-  MIN(iova_next, end), hook_fn, private,
-  level - 1, read_cur, write_cur,
-  notify_unmap, aw);
+ret = vtd_page_walk_level(vtd_get_slpte_addr(slpte, info->aw),
+  iova, MIN(iova_next, end), level - 1,
+  read_cur, write_cur, info);
 if (ret < 0) {
 return ret;
 }
@@ -883,6 +896,12 @@ static int vtd_page_walk(VTDContextEntry *ce, uint64_t 
start, uint64_t end,
 {
 dma_addr_t addr = vtd_ce_get_slpt_base(ce);
 uint32_t level = vtd_ce_get_level(ce);
+

[Qemu-devel] [PATCH 00/10] intel-iommu: nested vIOMMU, cleanups, bug fixes

[Peter Xu]

Online repo:

  https://github.com/xzpeter/qemu/tree/fix-vtd-dma

This series fixes several major problems that current code has:

- Issue 1: when getting very big PSI UNMAP invalidations, the current
  code is buggy in that we might skip the notification while actually
  we should always send that notification.

- Issue 2: IOTLB is not thread safe, while block dataplane can be
  accessing and updating it in parallel.

- Issue 3: For devices that only registered with UNMAP-only notifiers,
  we don't really need to do page walking for PSIs, we can directly
  deliver the notification down.  For example, vhost.

- Issue 4: unsafe window for MAP notified devices like vfio-pci (and
  in the future, vDPA as well).  The problem is that, now for domain
  invalidations we do this to make sure the shadow page tables are
  correctly synced:

  1. unmap the whole address space
  2. replay the whole address space, map existing pages

  However during step 1 and 2 there will be a very tiny window (it can
  be as big as 3ms) that the shadow page table is either invalid or
  incomplete (since we're rebuilding it up).  That's fatal error since
  devices never know that happending and it's still possible to DMA to
  memories.

Patch 1 fixes issue 1.  I put it at the first since it's picked from
an old post.

Patch 2 is a cleanup to remove useless IntelIOMMUNotifierNode struct.

Patch 3 fixes issue 2.

Patch 4 fixes issue 3.

Patch 5-9 fix issue 4.  Here a very simple interval tree is
implemented based on Gtree.  It's different with general interval tree
in that it does not allow user to pass in private data (e.g.,
translated addresses).  However that benefits us that then we can
merge adjacent interval leaves so that hopefully we won't consume much
memory even if the mappings are a lot (that happens for nested virt -
when mapping the whole L2 guest RAM range, it can be at least in GBs).

Patch 10 is another big cleanup only can work after patch 9.

Tests:

- device assignments to L1, even L2 guests.  With this series applied
  (and the kernel IOMMU patches: https://lkml.org/lkml/2018/4/18/5),
  we can even nest vIOMMU now, e.g., we can specify vIOMMU in L2 guest
  with assigned devices and things will work.  We can't before.

- vhost smoke test for regression.

Please review.  Thanks,

Peter Xu (10):
  intel-iommu: send PSI always even if across PDEs
  intel-iommu: remove IntelIOMMUNotifierNode
  intel-iommu: add iommu lock
  intel-iommu: only do page walk for MAP notifiers
  intel-iommu: introduce vtd_page_walk_info
  intel-iommu: pass in address space when page walk
  util: implement simple interval tree logic
  intel-iommu: maintain per-device iova ranges
  intel-iommu: don't unmap all for shadow page table
  intel-iommu: remove notify_unmap for page walk

 include/hw/i386/intel_iommu.h |  21 ++--
 include/qemu/interval-tree.h  | 130 ++
 hw/i386/intel_iommu.c | 249 +-
 util/interval-tree.c  | 217 
 hw/i386/trace-events  |   3 +-
 util/Makefile.objs|   1 +
 6 files changed, 536 insertions(+), 85 deletions(-)
 create mode 100644 include/qemu/interval-tree.h
 create mode 100644 util/interval-tree.c

-- 
2.14.3

[Qemu-devel] [PATCH 01/10] intel-iommu: send PSI always even if across PDEs

[Peter Xu]

During IOVA page table walking, there is a special case when the PSI
covers one whole PDE (Page Directory Entry, which contains 512 Page
Table Entries) or more.  In the past, we skip that entry and we don't
notify the IOMMU notifiers.  This is not correct.  We should send UNMAP
notification to registered UNMAP notifiers in this case.

For UNMAP only notifiers, this might cause IOTLBs cached in the devices
even if they were already invalid.  For MAP/UNMAP notifiers like
vfio-pci, this will cause stale page mappings.

This special case doesn't trigger often, but it is very easy to be
triggered by nested device assignments, since in that case we'll
possibly map the whole L2 guest RAM region into the device's IOVA
address space (several GBs at least), which is far bigger than normal
kernel driver usages of the device (tens of MBs normally).

Without this patch applied to L1 QEMU, nested device assignment to L2
guests will dump some errors like:

qemu-system-x86_64: VFIO_MAP_DMA: -17
qemu-system-x86_64: vfio_dma_map(0x557305420c30, 0xad000, 0x1000,
0x7f89a920d000) = -17 (File exists)

Acked-by: Jason Wang 
[peterx: rewrite the commit message]
Signed-off-by: Peter Xu 
---
 hw/i386/intel_iommu.c | 42 ++
 1 file changed, 30 insertions(+), 12 deletions(-)

diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
index fb31de9416..b359efd6f9 100644
--- a/hw/i386/intel_iommu.c
+++ b/hw/i386/intel_iommu.c
@@ -722,6 +722,15 @@ static int vtd_iova_to_slpte(VTDContextEntry *ce, uint64_t 
iova, bool is_write,
 
 typedef int (*vtd_page_walk_hook)(IOMMUTLBEntry *entry, void *private);
 
+static int vtd_page_walk_one(IOMMUTLBEntry *entry, int level,
+ vtd_page_walk_hook hook_fn, void *private)
+{
+assert(hook_fn);
+trace_vtd_page_walk_one(level, entry->iova, entry->translated_addr,
+entry->addr_mask, entry->perm);
+return hook_fn(entry, private);
+}
+
 /**
  * vtd_page_walk_level - walk over specific level for IOVA range
  *
@@ -781,28 +790,37 @@ static int vtd_page_walk_level(dma_addr_t addr, uint64_t 
start,
  */
 entry_valid = read_cur | write_cur;
 
+entry.target_as = _space_memory;
+entry.iova = iova & subpage_mask;
+entry.perm = IOMMU_ACCESS_FLAG(read_cur, write_cur);
+entry.addr_mask = ~subpage_mask;
+
 if (vtd_is_last_slpte(slpte, level)) {
-entry.target_as = _space_memory;
-entry.iova = iova & subpage_mask;
 /* NOTE: this is only meaningful if entry_valid == true */
 entry.translated_addr = vtd_get_slpte_addr(slpte, aw);
-entry.addr_mask = ~subpage_mask;
-entry.perm = IOMMU_ACCESS_FLAG(read_cur, write_cur);
 if (!entry_valid && !notify_unmap) {
 trace_vtd_page_walk_skip_perm(iova, iova_next);
 goto next;
 }
-trace_vtd_page_walk_one(level, entry.iova, entry.translated_addr,
-entry.addr_mask, entry.perm);
-if (hook_fn) {
-ret = hook_fn(, private);
-if (ret < 0) {
-return ret;
-}
+ret = vtd_page_walk_one(, level, hook_fn, private);
+if (ret < 0) {
+return ret;
 }
 } else {
 if (!entry_valid) {
-trace_vtd_page_walk_skip_perm(iova, iova_next);
+if (notify_unmap) {
+/*
+ * The whole entry is invalid; unmap it all.
+ * Translated address is meaningless, zero it.
+ */
+entry.translated_addr = 0x0;
+ret = vtd_page_walk_one(, level, hook_fn, private);
+if (ret < 0) {
+return ret;
+}
+} else {
+trace_vtd_page_walk_skip_perm(iova, iova_next);
+}
 goto next;
 }
 ret = vtd_page_walk_level(vtd_get_slpte_addr(slpte, aw), iova,
-- 
2.14.3

Re: [Qemu-devel] [PATCH v3 14/46] tests/tcg/multiarch: enable additional linux-test tests

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> Un-comment the remaining tests.
> 
> I removed the itimer value tests because I'm fairly sure a re-arming
> timer will always have a different value in it when you grab it.
> 
> I've also fixed up the clone thread flags as QEMU will only allow a
> clone to use flags which match glibc.
> 
> Signed-off-by: Alex Bennée 

Tested-by: Philippe Mathieu-Daudé 

> 
> ---
> v3
>   - make clone flags match CLONE_THREAD_FLAGS
> ---
>  tests/tcg/multiarch/linux-test.c | 31 +--
>  1 file changed, 17 insertions(+), 14 deletions(-)
> 
> diff --git a/tests/tcg/multiarch/linux-test.c 
> b/tests/tcg/multiarch/linux-test.c
> index 4457bd04ba..754edf9910 100644
> --- a/tests/tcg/multiarch/linux-test.c
> +++ b/tests/tcg/multiarch/linux-test.c
> @@ -16,6 +16,7 @@
>   *  You should have received a copy of the GNU General Public License
>   *  along with this program; if not, see .
>   */
> +#define _GNU_SOURCE
>  #include 
>  #include 
>  #include 
> @@ -39,6 +40,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  #define TESTPATH "/tmp/linux-test.tmp"
>  #define TESTPORT 7654
> @@ -58,8 +60,8 @@ static void error1(const char *filename, int line, const 
> char *fmt, ...)
>  static int __chk_error(const char *filename, int line, int ret)
>  {
>  if (ret < 0) {
> -error1(filename, line, "%m (ret=%d, errno=%d)",
> -   ret, errno);
> +error1(filename, line, "%m (ret=%d, errno=%d/%s)",
> +   ret, errno, strerror(errno));
>  }
>  return ret;
>  }
> @@ -320,7 +322,6 @@ static void test_socket(void)
>  chk_error(close(server_fd));
>  }
>  
> -#if 0
>  #define WCOUNT_MAX 512
>  
>  static void test_pipe(void)
> @@ -355,7 +356,7 @@ static void test_pipe(void)
>  }
>  if (FD_ISSET(fds[1], )) {
>  ch = 'a';
> -chk_error(write(fds[0], , 1));
> +chk_error(write(fds[1], , 1));
>  wcount++;
>  }
>  }
> @@ -387,6 +388,9 @@ static int thread2_func(void *arg)
>  return 0;
>  }
>  
> +/* For test_clone we must match the clone flags used by glibc, see
> + * CLONE_THREAD_FLAGS in the QEMU source code.
> + */
>  void test_clone(void)
>  {
>  uint8_t *stack1, *stack2;
> @@ -394,11 +398,15 @@ void test_clone(void)
>  
>  stack1 = malloc(STACK_SIZE);
>  pid1 = chk_error(clone(thread1_func, stack1 + STACK_SIZE,
> -   CLONE_VM | CLONE_FS | CLONE_FILES | SIGCHLD, 
> "hello1"));
> +   CLONE_VM | CLONE_FS | CLONE_FILES |
> +   CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM,
> +"hello1"));
>  
>  stack2 = malloc(STACK_SIZE);
>  pid2 = chk_error(clone(thread2_func, stack2 + STACK_SIZE,
> -   CLONE_VM | CLONE_FS | CLONE_FILES | SIGCHLD, 
> "hello2"));
> +   CLONE_VM | CLONE_FS | CLONE_FILES |
> +   CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM,
> +   "hello2"));
>  
>  while (waitpid(pid1, , 0) != pid1);
>  free(stack1);
> @@ -408,7 +416,6 @@ void test_clone(void)
>  thread2_res != 6)
>  error("clone");
>  }
> -#endif
>  
>  /***/
>  
> @@ -449,12 +456,10 @@ static void test_signal(void)
>  it.it_value.tv_usec = 10 * 1000;
>  chk_error(setitimer(ITIMER_REAL, , NULL));
>  chk_error(getitimer(ITIMER_REAL, ));
> -if (oit.it_value.tv_sec != it.it_value.tv_sec ||
> -oit.it_value.tv_usec != it.it_value.tv_usec)
> -error("itimer");
>  
>  while (alarm_count < 5) {
>  usleep(10 * 1000);
> +getitimer(ITIMER_REAL, );
>  }
>  
>  it.it_interval.tv_sec = 0;
> @@ -463,9 +468,6 @@ static void test_signal(void)
>  it.it_value.tv_usec = 0;
>  memset(, 0xff, sizeof(oit));
>  chk_error(setitimer(ITIMER_REAL, , ));
> -if (oit.it_value.tv_sec != 0 ||
> -oit.it_value.tv_usec != 10 * 1000)
> -error("setitimer");
>  
>  /* SIGSEGV test */
>  act.sa_sigaction = sig_segv;
> @@ -503,10 +505,11 @@ static void test_shm(void)
>  int main(int argc, char **argv)
>  {
>  test_file();
> +test_pipe();
>  test_fork();
>  test_time();
>  test_socket();
> -//test_clone();
> +test_clone();
>  test_signal();
>  test_shm();
>  return 0;
> 

Re: [Qemu-devel] [PATCH v3 15/46] tests/tcg/multiarch: move most output to stdout

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> The default test run outputs to stdout so it can be re-directed.
> Errors are still reported to stderr.
> 
> Signed-off-by: Alex Bennée 

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

> ---
>  tests/tcg/multiarch/test-mmap.c | 38 -
>  1 file changed, 19 insertions(+), 19 deletions(-)
> 
> diff --git a/tests/tcg/multiarch/test-mmap.c b/tests/tcg/multiarch/test-mmap.c
> index cdefadfa4c..fd6ecc4880 100644
> --- a/tests/tcg/multiarch/test-mmap.c
> +++ b/tests/tcg/multiarch/test-mmap.c
> @@ -57,7 +57,7 @@ void check_aligned_anonymous_unfixed_mmaps(void)
>   uintptr_t p;
>   int i;
>  
> - fprintf (stderr, "%s", __func__);
> + fprintf (stdout, "%s", __func__);
>   for (i = 0; i < 0x1fff; i++)
>   {
>   size_t len;
> @@ -106,7 +106,7 @@ void check_aligned_anonymous_unfixed_mmaps(void)
>   munmap (p4, len);
>   munmap (p5, len);
>   }
> - fprintf (stderr, " passed\n");
> + fprintf (stdout, " passed\n");
>  }
>  
>  void check_large_anonymous_unfixed_mmap(void)
> @@ -115,7 +115,7 @@ void check_large_anonymous_unfixed_mmap(void)
>   uintptr_t p;
>   size_t len;
>  
> - fprintf (stderr, "%s", __func__);
> + fprintf (stdout, "%s", __func__);
>  
>   len = 0x0200;
>   p1 = mmap(NULL, len, PROT_READ, 
> @@ -130,7 +130,7 @@ void check_large_anonymous_unfixed_mmap(void)
>   /* Make sure we can read from the entire area.  */
>   memcpy (dummybuf, p1, pagesize);
>   munmap (p1, len);
> - fprintf (stderr, " passed\n");
> + fprintf (stdout, " passed\n");
>  }
>  
>  void check_aligned_anonymous_unfixed_colliding_mmaps(void)
> @@ -141,7 +141,7 @@ void check_aligned_anonymous_unfixed_colliding_mmaps(void)
>   uintptr_t p;
>   int i;
>  
> - fprintf (stderr, "%s", __func__);
> + fprintf (stdout, "%s", __func__);
>   for (i = 0; i < 0x2fff; i++)
>   {
>   int nlen;
> @@ -180,7 +180,7 @@ void check_aligned_anonymous_unfixed_colliding_mmaps(void)
>   munmap (p2, pagesize);
>   munmap (p3, nlen);
>   }
> - fprintf (stderr, " passed\n");
> + fprintf (stdout, " passed\n");
>  }
>  
>  void check_aligned_anonymous_fixed_mmaps(void)
> @@ -194,7 +194,7 @@ void check_aligned_anonymous_fixed_mmaps(void)
>   addr = mmap(NULL, pagesize * 40, PROT_READ | PROT_WRITE, 
>   MAP_PRIVATE | MAP_ANONYMOUS,
>   -1, 0);
> - fprintf (stderr, "%s addr=%p", __func__, addr);
> + fprintf (stdout, "%s addr=%p", __func__, addr);
>   fail_unless (addr != MAP_FAILED);
>  
>   for (i = 0; i < 40; i++)
> @@ -212,7 +212,7 @@ void check_aligned_anonymous_fixed_mmaps(void)
>   munmap (p1, pagesize);
>   addr += pagesize;
>   }
> - fprintf (stderr, " passed\n");
> + fprintf (stdout, " passed\n");
>  }
>  
>  void check_aligned_anonymous_fixed_mmaps_collide_with_host(void)
> @@ -225,8 +225,8 @@ void 
> check_aligned_anonymous_fixed_mmaps_collide_with_host(void)
>   /* Find a suitable address to start with.  Right were the x86 hosts
>stack is.  */
>   addr = ((void *)0x8000);
> - fprintf (stderr, "%s addr=%p", __func__, addr);
> - fprintf (stderr, "FIXME: QEMU fails to track pages used by the host.");
> + fprintf (stdout, "%s addr=%p", __func__, addr);
> + fprintf (stdout, "FIXME: QEMU fails to track pages used by the host.");
>  
>   for (i = 0; i < 20; i++)
>   {
> @@ -243,7 +243,7 @@ void 
> check_aligned_anonymous_fixed_mmaps_collide_with_host(void)
>   munmap (p1, pagesize);
>   addr += pagesize;
>   }
> - fprintf (stderr, " passed\n");
> + fprintf (stdout, " passed\n");
>  }
>  
>  void check_file_unfixed_mmaps(void)
> @@ -252,7 +252,7 @@ void check_file_unfixed_mmaps(void)
>   uintptr_t p;
>   int i;
>  
> - fprintf (stderr, "%s", __func__);
> + fprintf (stdout, "%s", __func__);
>   for (i = 0; i < 0x10; i++)
>   {
>   size_t len;
> @@ -294,7 +294,7 @@ void check_file_unfixed_mmaps(void)
>   munmap (p2, len);
>   munmap (p3, len);
>   }
> - fprintf (stderr, " passed\n");
> + fprintf (stdout, " passed\n");
>  }
>  
>  void check_file_unfixed_eof_mmaps(void)
> @@ -304,7 +304,7 @@ void check_file_unfixed_eof_mmaps(void)
>   uintptr_t p;
>   int i;
>  
> - fprintf (stderr, "%s", __func__);
> + fprintf (stdout, "%s", __func__);
>   for (i = 0; i < 0x10; i++)
>   {
>   p1 = mmap(NULL, pagesize, PROT_READ, 
> @@ -327,7 +327,7 @@ void check_file_unfixed_eof_mmaps(void)
>   fail_unless (cp[pagesize - 4] == 0);
>   munmap (p1, pagesize);
>   }
> - fprintf (stderr, " passed\n");
> + fprintf (stdout, " passed\n");
>  

Re: [Qemu-devel] [PATCH 09/16] os-posix: cleanup: Replace fprintfs with error_report in change_process_uid

[Thomas Huth]

On 24.04.2018 19:58, Ian Jackson wrote:
> I'm going to be editing this function and it makes sense to clean up
> this style problem in advance.
> 
> Signed-off-by: Ian Jackson 
> CC: Paolo Bonzini 
> CC: Markus Armbruster 
> CC: Daniel P. Berrange 
> CC: Michael Tokarev 
> ---
>  os-posix.c | 10 +-
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/os-posix.c b/os-posix.c
> index b9c2343..560db95 100644
> --- a/os-posix.c
> +++ b/os-posix.c
> @@ -167,20 +167,20 @@ static void change_process_uid(void)
>  {
>  if (user_pwd) {
>  if (setgid(user_pwd->pw_gid) < 0) {
> -fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
> +error_report("Failed to setgid(%d)", user_pwd->pw_gid);
>  exit(1);
>  }
>  if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
> -fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
> -user_pwd->pw_name, user_pwd->pw_gid);
> +error_report("Failed to initgroups(\"%s\", %d)",
> + user_pwd->pw_name, user_pwd->pw_gid);
>  exit(1);
>  }
>  if (setuid(user_pwd->pw_uid) < 0) {
> -fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid);
> +error_report("Failed to setuid(%d)", user_pwd->pw_uid);
>  exit(1);
>  }
>  if (setuid(0) != -1) {
> -fprintf(stderr, "Dropping privileges failed\n");
> +error_report("Dropping privileges failed");
>  exit(1);
>  }
>  }
> 

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH 14/16] os-posix: cleanup: Replace fprintf with error_report in remaining call sites

[Thomas Huth]

On 24.04.2018 19:58, Ian Jackson wrote:
> Signed-off-by: Ian Jackson 
> CC: Paolo Bonzini 
> CC: Markus Armbruster 
> CC: Daniel P. Berrange 
> CC: Michael Tokarev 
> Reviewed-by: Philippe Mathieu-Daudé 
> ---
> v8: Remove one remaining spurious "\n"
> v7: New patch
> ---
>  os-posix.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/os-posix.c b/os-posix.c
> index 0f59566..a2ba50d 100644
> --- a/os-posix.c
> +++ b/os-posix.c
> @@ -129,7 +129,7 @@ void os_set_proc_name(const char *s)
>  exit(1);
>  }
>  #else
> -fprintf(stderr, "Change of process name not supported by your OS\n");
> +error_report("Change of process name not supported by your OS");
>  exit(1);
>  #endif
>  }
> @@ -243,7 +243,7 @@ static void change_root(void)
>  {
>  if (chroot_dir) {
>  if (chroot(chroot_dir) < 0) {
> -fprintf(stderr, "chroot failed\n");
> +error_report("chroot failed");
>  exit(1);
>  }
>  if (chdir("/")) {
> 

Maybe merge this with patch 9/16?

Anyway:

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH v3 23/46] tests/tcg/x86_64: add Makefile.target

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> The sources for x86_64 are shared in the i386 directory which will be
> included thanks to TARGET_BASE_ARCH. However not all sources build so
> we need to filter out the ones we can't build in the 64 bit world.
> 
> Signed-off-by: Alex Bennée 
> ---
>  tests/tcg/i386/Makefile.target   |  2 +-
>  tests/tcg/x86_64/Makefile.target | 15 +++
>  2 files changed, 16 insertions(+), 1 deletion(-)
>  create mode 100644 tests/tcg/x86_64/Makefile.target
> 
> diff --git a/tests/tcg/i386/Makefile.target b/tests/tcg/i386/Makefile.target
> index 80ccad3d7b..27086c3f2b 100644
> --- a/tests/tcg/i386/Makefile.target
> +++ b/tests/tcg/i386/Makefile.target
> @@ -7,7 +7,7 @@ VPATH += $(I386_SRC)
>  
>  I386_SRCS=$(notdir $(wildcard $(I386_SRC)/*.c))
>  I386_TESTS=$(I386_SRCS:.c=)
> -
> +I386_ONLY_TESTS=$(filter-out test-i386-ssse3, $(I386_TESTS))
>  # Update TESTS
>  TESTS+=$(I386_ONLY_TESTS)
>  
> diff --git a/tests/tcg/x86_64/Makefile.target 
> b/tests/tcg/x86_64/Makefile.target
> new file mode 100644
> index 00..74f170b9ed
> --- /dev/null
> +++ b/tests/tcg/x86_64/Makefile.target
> @@ -0,0 +1,15 @@
> +# -*- Mode: makefile -*-
> +#
> +# x86_64 tests - included from tests/tcg/Makefile.target
> +#
> +# Currently we only build test-x86_64 and test-i386-ssse3 from
> +# $(SRC)/tests/tcg/i386/
> +#
> +
> +X86_64_TESTS=$(filter-out $(I386_ONLY_TESTS), $(TESTS))
> +X86_64_TESTS+=test-x86_64

The linux-test is taking long... I canceled it after ~15min on a i7
2GHz. Maybe it also belongs to the "BROKEN TEST" series on x86_64?
Currently it is only skipped if $(TARGET_NAME) == i386.

Reviewed-by: Philippe Mathieu-Daudé 

> +TESTS:=$(X86_64_TESTS)
> +
> +test-x86_64: LDFLAGS+=-lm -lc
> +test-x86_64: test-i386.c test-i386.h test-i386-shift.h test-i386-muldiv.h
> + $(CC) $(CFLAGS) $< -o $@ $(LDFLAGS)
> 

$ make run-tcg-tests-x86_64-linux-user
  RUN-TESTS for x86_64
  TESTtest-mmap (default) on x86_64
  TESTtest-mmap (8k pages) on x86_64
ASAN:DEADLYSIGNAL
=
==5717==ERROR: AddressSanitizer: SEGV on unknown address 0x7fcba47fc000
(pc 0x7fcba8a3bf4d bp 0x7ffd19d74700 sp 0x7ffd19d73e88 T0)
==5717==The signal is caused by a WRITE memory access.
#0 0x7fcba8a3bf4c  (/lib/x86_64-linux-gnu/libc.so.6+0x159f4c)
#1 0x7fcbab33f891  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5c891)
#2 0x55dd3ae4a7e0 in mmap_frag /source/qemu/linux-user/mmap.c:189
#3 0x55dd3ae4bbce in target_mmap /source/qemu/linux-user/mmap.c:533
#4 0x55dd3ae4b8cb in target_mmap /source/qemu/linux-user/mmap.c:501
#5 0x55dd3ae3895c in do_syscall /source/qemu/linux-user/syscall.c:9448
#6 0x55dd3adfaa57 in cpu_loop /source/qemu/linux-user/main.c:258
#7 0x55dd3ae005f5 in main /source/qemu/linux-user/main.c:5147
#8 0x7fcba8903a86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21a86)
#9 0x55dd3ad34a89 in _start
(/source/qemu/build/full/x86_64-linux-user/qemu-x86_64+0x350a89)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x159f4c)
==5717==ABORTING
make[2]: ***
[/home/phil/source/qemu/tests/tcg/multiarch/Makefile.target:27:
run-test-mmap] Error 1

Tested-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] [PATCH v3 28/46] tests/tcg/aarch64: add Makefile.target

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> Nothing much here yet.
> 
> Signed-off-by: Alex Bennée 
> ---
>  tests/tcg/aarch64/Makefile.target | 5 +
>  1 file changed, 5 insertions(+)
>  create mode 100644 tests/tcg/aarch64/Makefile.target
> 
> diff --git a/tests/tcg/aarch64/Makefile.target 
> b/tests/tcg/aarch64/Makefile.target
> new file mode 100644
> index 00..4ac8fbe73f
> --- /dev/null
> +++ b/tests/tcg/aarch64/Makefile.target
> @@ -0,0 +1,5 @@
> +# -*- Mode: makefile -*-
> +#
> +# AArch64 specific tweaks
> +
> +fcvt: LDFLAGS+=-lm
> 

You missed tests/tcg/aarch64/Makefile.include with:

DOCKER_IMAGE=debian-arm64-cross
DOCKER_CROSS_COMPILER=aarch64-linux-gnueabi-gcc

Re: [Qemu-devel] [PATCH v3 27/46] tests/tcg/arm: fix up test-arm-iwmmxt test

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> We need to rename the source file to a .S so we can do a single-line
> assemble and link invocation. We also specify the additional CFLAGS
> for the compile as it's a non-standard ARM binary.
> 
> Signed-off-by: Alex Bennée 

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

> ---
>  tests/tcg/arm/Makefile.target  | 5 +
>  tests/tcg/arm/{test-arm-iwmmxt.s => test-arm-iwmmxt.S} | 0
>  2 files changed, 5 insertions(+)
>  rename tests/tcg/arm/{test-arm-iwmmxt.s => test-arm-iwmmxt.S} (100%)
> 
> diff --git a/tests/tcg/arm/Makefile.target b/tests/tcg/arm/Makefile.target
> index bc6962ecc6..be9d3fb4a1 100644
> --- a/tests/tcg/arm/Makefile.target
> +++ b/tests/tcg/arm/Makefile.target
> @@ -8,6 +8,11 @@ ARM_SRC=$(SRC_PATH)/tests/tcg/arm
>  # Set search path for all sources
>  VPATH+= $(ARM_SRC)
>  
> +TESTS += hello-arm test-arm-iwmmxt
>  
>  hello-arm: CFLAGS+=-marm -ffreestanding
>  hello-arm: LDFLAGS+=-nostdlib
> +
> +test-arm-iwmmxt: CFLAGS+=-marm -march=iwmmxt -mabi=aapcs
> +test-arm-iwmmxt: test-arm-iwmmxt.S
> + $(CC) $(CFLAGS) $< -o $@ $(LDFLAGS)
> diff --git a/tests/tcg/arm/test-arm-iwmmxt.s b/tests/tcg/arm/test-arm-iwmmxt.S
> similarity index 100%
> rename from tests/tcg/arm/test-arm-iwmmxt.s
> rename to tests/tcg/arm/test-arm-iwmmxt.S
> 

Re: [Qemu-devel] [PATCH v3 24/46] tests/tcg/i386/test-i386: use modern vector_size attributes

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> The compiler complains about the old __mode__ style attributes.

old [school]

> 
> Signed-off-by: Alex Bennée 
> Reviewed-by: Richard Henderson 

Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

> ---
>  tests/tcg/i386/test-i386.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/tests/tcg/i386/test-i386.c b/tests/tcg/i386/test-i386.c
> index cae6a7773a..caef4da176 100644
> --- a/tests/tcg/i386/test-i386.c
> +++ b/tests/tcg/i386/test-i386.c
> @@ -2106,8 +2106,8 @@ static void test_enter(void)
>  
>  #ifdef TEST_SSE
>  
> -typedef int __m64 __attribute__ ((__mode__ (__V2SI__)));
> -typedef float __m128 __attribute__ ((__mode__(__V4SF__)));
> +typedef int __m64 __attribute__ ((vector_size(8)));
> +typedef float __m128 __attribute__ ((vector_size(16)));
>  
>  typedef union {
>  double d[2];
> 

[Qemu-devel] [qemu-web PATCH] Add a blog post about the release of version 2.12.0

[Thomas Huth]

Based on the contents of Michael Roth's announce e-mail for 2.12.0.

Signed-off-by: Thomas Huth 
---
 _posts/2018-04-25-qemu-2-12-0.md | 58 
 1 file changed, 58 insertions(+)
 create mode 100644 _posts/2018-04-25-qemu-2-12-0.md

diff --git a/_posts/2018-04-25-qemu-2-12-0.md b/_posts/2018-04-25-qemu-2-12-0.md
new file mode 100644
index 000..fdc4aea
--- /dev/null
+++ b/_posts/2018-04-25-qemu-2-12-0.md
@@ -0,0 +1,58 @@
+---
+layout: post
+title:  "QEMU version 2.12.0 released"
+date:   2018-04-25 05:30:00 +0200
+categories: [releases, 'qemu 2.12']
+---
+We'd like to announce the availability of the QEMU 2.12.0 release.
+This release contains 2700+ commits from 204 authors.
+
+You can grab the tarball from our 
+[download page](https://www.qemu.org/download/#source).
+The full list of changes are available
+[in the Wiki](https://wiki.qemu.org/ChangeLog/2.12).
+
+Highlights include:
+
+ * Spectre/Meltdown mitigation support for x86/pseries/s390 guests. For
+   more details see:
+ https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
+ * Numerous block support improvements, including support for directly
+   interacting with userspace NVMe driver, and general improvements to
+   NBD server/client including more efficient reads of sparse files
+ * Networking support for VMWare paravirtualized RDMA device (RDMA
+   HCA and Soft-RoCE supported), CAN bus support via Linux SocketCAN and
+   SJA1000-based PCI interfaces, and general improvements for dual-stack
+   IPv4/IPv6 environments
+ * GUI security/bug fixes, dmabufs support for GTK/Spice.
+ * Better IPMI support for Platform Events and SEL logging in internal
+   BMC emulation
+ * SMBIOS support for "OEM Strings", which can be used for automating
+   guest image activation without relying on network-based querying
+ * Disk cache information via virtio-balloon
+ * ARM: AArch64 new instructions for FCMA/RDM and SIMD/FP16/crypto/complex
+   number extensions
+ * ARM: initial support for Raspberry Pi 3 machine type
+ * ARM: Corex-M33/Armv8-M emulation via new mps2-an505 board and many
+   other improvements for M profile emulation
+ * HPPA: support for full machine emulation (hppa-softmmu)
+ * PowerPC: PPC4xx emulation improvements, including I2C bus support
+ * PowerPC: new Sam460ex machine type
+ * PowerPC: significant TCG performance improvements
+ * PowerPC: pseries: support for Spectre/Meltdown mitigations
+ * RISC-V: new RISC-V target via "spike_v1.9.1", "spike_v1.10", and "virt"
+   machine types
+ * s390: non-virtual devices no longer require dedicated channel subsystem
+   and guest support for multiple CSSs
+ * s390: general PCI improvements, MSI-X support for virtio-pci devices
+ * s390: improved TCG emulation support
+ * s390: KVM support for systems larger than 7.999TB
+ * SPARC: sun4u power device emulation
+ * SPARC: improved trace-event support and emulation/debug fixes
+ * Tricore: new instruction variants for JEQ/JNE and 64-bit MOV
+ * x86: Intel IOMMU support for 48-bit addresses
+ * Xtensa: backend now uses libisa for instruction decoding/disassebly
+ * Xtensa: multi-threaded TCG support and noMMU configuration variants
+ * and lots more...
+
+Thank you to everyone involved!
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v3 21/46] tests/tcg/i386: fix test-i386-fprem

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> Remove dependencies on QEMU's source tree and build directly.
> 
> Signed-off-by: Alex Bennée 
> ---
>  tests/tcg/i386/test-i386-fprem.c | 12 +---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/tests/tcg/i386/test-i386-fprem.c 
> b/tests/tcg/i386/test-i386-fprem.c
> index 1a71623204..66f5a9657d 100644
> --- a/tests/tcg/i386/test-i386-fprem.c
> +++ b/tests/tcg/i386/test-i386-fprem.c
> @@ -23,7 +23,10 @@
>   *  along with this program; if not, see .
>   */
>  
> -#include "qemu/osdep.h"
> +#include 
> +#include 
> +
> +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
>  
>  /*
>   * Inspired by 's union ieee854_long_double, but with single
> @@ -39,7 +42,7 @@ union float80u {
>  unsigned int exponent:15;
>  unsigned int negative:1;
>  unsigned int empty:16;
> -} QEMU_PACKED ieee;
> +} __attribute__((packed)) ieee;
>  
>  /* This is for NaNs in the IEEE 854 double-extended-precision format.  */
>  struct {
> @@ -49,7 +52,7 @@ union float80u {
>  unsigned int exponent:15;
>  unsigned int negative:1;
>  unsigned int empty:16;
> -} QEMU_PACKED ieee_nan;
> +} __attribute__((packed)) ieee_nan;
>  };
>  
>  #define IEEE854_LONG_DOUBLE_BIAS 0x3fff
> @@ -229,6 +232,7 @@ static void test_fprem_cases(void)
>  do_fprem_stack_underflow();
>  
>  printf("= invalid operation =\n");
> +do_fprem(q_nan.d, 1.0);
>  do_fprem(s_nan.d, 1.0);
>  do_fprem(1.0, 0.0);
>  do_fprem(pos_inf.d, 1.0);
> @@ -238,6 +242,8 @@ static void test_fprem_cases(void)
>  do_fprem(pos_denorm.d, 1.0);
>  do_fprem(1.0, pos_denorm.d);
>  
> +do_fprem(smallest_positive_norm.d, smallest_positive_norm.d);
> +
>  /* printf("= underflow =\n"); */
>  /* TODO: Is there a case where FPREM raises underflow? */
>  }
> 

This test is disabled in tests/tcg/i386/Makefile.target and it would be
nice to be able to run it without having to modify the Makefile, like
running "make SLOW=1" or "SPEED=slow" like for iotests maybe?

This test is too verbose and I wonder if we should redirect stdout to
/dev/null even for V=1.

Reviewed-by: Philippe Mathieu-Daudé 
Enabled via tcg/i386/Makefile.target:
Tested-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] [PATCH v3 18/46] tests/tcg: enable building for i386

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> While you can construct a compile command that does work using the
> x86_64 host compiler that most people use this is flakey. Different
> distros handle this is different ways so we default to using a known
> good i386 compiler via docker.
> 
> Signed-off-by: Alex Bennée 
> 
> ---
> v3
>   - add runner for runcom
> ---
>  tests/tcg/i386/Makefile.include | 9 +
>  tests/tcg/i386/Makefile.target  | 9 +
>  2 files changed, 18 insertions(+)
>  create mode 100644 tests/tcg/i386/Makefile.include
> 
> diff --git a/tests/tcg/i386/Makefile.include b/tests/tcg/i386/Makefile.include
> new file mode 100644
> index 00..be1c3008dd
> --- /dev/null
> +++ b/tests/tcg/i386/Makefile.include
> @@ -0,0 +1,9 @@
> +#
> +# Makefile.include for all i386
> +#
> +# There is enough brokeness in x86_64 compilers that we don't default
> +# to using the x86_64 system compiler for i386 binaries.
> +#
> +
> +DOCKER_IMAGE=fedora-i386-cross
> +DOCKER_CROSS_COMPILER=gcc
> diff --git a/tests/tcg/i386/Makefile.target b/tests/tcg/i386/Makefile.target
> index 2f27b65e2d..39a1627650 100644
> --- a/tests/tcg/i386/Makefile.target
> +++ b/tests/tcg/i386/Makefile.target
> @@ -28,3 +28,12 @@ hello-i386: LDFLAGS+=-nostdlib
>  test-i386: test-i386.c test-i386-code16.S test-i386-vm86.S test-i386.h 
> test-i386-shift.h test-i386-muldiv.h
>   $(CC) $(CFLAGS) $(LDFLAGS) -o $@ \
>  $( +
> +# Specialist test runners
> +.PHONY: pi_10.com
> +pi_10.com:
> + cp $(I386_SRC)/pi_10.com .
> +
> +run-runcom: runcom pi_10.com
> + $(call quiet-command, $(QEMU) ./runcom ./pi_10.com > runcom.out, 
> "TEST", "$< on $(TARGET_NAME)")
> +
Reviewed-by: Philippe Mathieu-Daudé 

"make run-tcg-tests-i386-linux-user" without ASan:
Tested-by: Philippe Mathieu-Daudé 

Re: [Qemu-devel] [PATCH] migration/fd: abort migration if receive POLLHUP event

[Peter Xu]

On Wed, Apr 25, 2018 at 11:14:23AM +0800, Peter Xu wrote:
> On Tue, Apr 24, 2018 at 07:24:05PM +0100, Daniel P. Berrangé wrote:
> > On Tue, Apr 24, 2018 at 06:16:31PM +0100, Dr. David Alan Gilbert wrote:
> > > * Wang Xin (wangxinxin.w...@huawei.com) wrote:
> > > > If the fd socket peer closed shortly, ppoll may receive a POLLHUP
> > > > event before the expected POLLIN event, and qemu will do nothing
> > > > but goes into an infinite loop of the POLLHUP event.
> > > > 
> > > > So, abort the migration if we receive a POLLHUP event.
> > > 
> > > Hi Wang Xin,
> > >   Can you explain how you manage to trigger this case; I've not hit it.
> > > 
> > > > Signed-off-by: Wang Xin 
> > > > 
> > > > diff --git a/migration/fd.c b/migration/fd.c
> > > > index cd06182..5932c87 100644
> > > > --- a/migration/fd.c
> > > > +++ b/migration/fd.c
> > > > @@ -15,6 +15,7 @@
> > > >   */
> > > >  
> > > >  #include "qemu/osdep.h"
> > > > +#include "qemu/error-report.h"
> > > >  #include "channel.h"
> > > >  #include "fd.h"
> > > >  #include "monitor/monitor.h"
> > > > @@ -46,6 +47,11 @@ static gboolean 
> > > > fd_accept_incoming_migration(QIOChannel *ioc,
> > > >   GIOCondition condition,
> > > >   gpointer opaque)
> > > >  {
> > > > +if (condition & G_IO_HUP) {
> > > > +error_report("The migration peer closed, job abort");
> > > > +exit(EXIT_FAILURE);
> > > > +}
> > > > +
> > > 
> > > OK,  I wish we had a nicer way for failing;  especially for the
> > > multifd/postcopy recovery worlds where one failed connection might not
> > > be fatal; but I don't see how to do that here.
> > 
> > This doesn't feel right to me.
> > 
> > We have passed in a pre-opened FD to QEMU, and we registered a watch
> > on it to detect when there is data from the src QEMU that is available
> > to read.  Normally the src will have sent something so we'll get G_IO_IN,
> > but you're suggesting the client has quit immediately, so we're getting
> > G_IO_HUP due to end of file.
> > 
> > The migration_channel_process_incoming() method that we pass the ioc
> > object to will be calling qio_channel_read(ioc) somewhere to try to
> > read that data.
> > 
> > For QEMU to spin in infinite loop there must be code in the
> > migration_channel_process_incoming() that is ignoring the return
> > value of qio_channel_read() in some manner causing it to retry
> > the read again & again I presume.
> > 
> > Putting this check for G_IO_HUP fixes your immediate problem scenario,
> > but whatever code was spinning in infinite loop is still broken and
> > I'd guess it was possible to still trigger the loop. eg by writing
> > 1 single byte and then closing the socket.
> > 
> > So, IMHO this fix is wrong - we need to find the root cause and fix
> > that, not try to avoid calling the buggy code.
> 
> I agree. AFAIU the first read should be in qemu_loadvm_state():
> 
> v = qemu_get_be32(f);
> if (v != QEMU_VM_FILE_MAGIC) {
> error_report("Not a migration stream");
> return -EINVAL;
> }
> 
> So I would be curious more about how that infinite loop happened.

Ah, wait.  I just noticed that Xin mentioned about the loop already -
it's an infinite loop of SIGHUP.  I suppose it means that we'll just
never go into fd_accept_incoming_migration() at all?

If so, I'm not sure whether we should just always watch on G_IO_HUP
(and possibly G_IO_ERR too) in qio_channel_create_watch():

  GSource *ret = klass->io_create_watch(ioc, condition | G_IO_HUP | G_IO_ERR);

Otherwise I'm not sure the same loop will happen for other users of
qio_channel_add_watch().

Regards,
-- 
Peter Xu

Re: [Qemu-devel] [PATCH v3 16/46] tests/tcg: move i386 specific tests into subdir

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> These only need to be built for i386 guests. This includes a stub
> tests/tcg/i386/Makfile.target which absorbs some of what was in
> tests/tcg/Makefile.
> 
> Signed-off-by: Alex Bennée 
> Reviewed-by: Thomas Huth 
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 
> ---
> v2
>   - move VPATH and TESTs setup into i386/Makefile.target
>   - set CFLAGS+=-m32 for cross building
> ---
>  tests/tcg/README|  39 
>  tests/tcg/i386/Makefile.target  |  30 ++
>  tests/tcg/i386/README   |  38 +++
>  tests/tcg/{ => i386}/hello-i386.c   |   0
>  tests/tcg/{ => i386}/pi_10.com  | Bin
>  tests/tcg/{ => i386}/runcom.c   |   0
>  tests/tcg/{ => i386}/test-i386-code16.S |   0
>  tests/tcg/{ => i386}/test-i386-fprem.c  |   0
>  tests/tcg/{ => i386}/test-i386-muldiv.h |   0
>  tests/tcg/{ => i386}/test-i386-shift.h  |   0
>  tests/tcg/{ => i386}/test-i386-ssse3.c  |   0
>  tests/tcg/{ => i386}/test-i386-vm86.S   |   0
>  tests/tcg/{ => i386}/test-i386.c|   0
>  tests/tcg/{ => i386}/test-i386.h|   0
>  14 files changed, 68 insertions(+), 39 deletions(-)
>  create mode 100644 tests/tcg/i386/Makefile.target
>  create mode 100644 tests/tcg/i386/README
>  rename tests/tcg/{ => i386}/hello-i386.c (100%)
>  rename tests/tcg/{ => i386}/pi_10.com (100%)
>  rename tests/tcg/{ => i386}/runcom.c (100%)
>  rename tests/tcg/{ => i386}/test-i386-code16.S (100%)
>  rename tests/tcg/{ => i386}/test-i386-fprem.c (100%)
>  rename tests/tcg/{ => i386}/test-i386-muldiv.h (100%)
>  rename tests/tcg/{ => i386}/test-i386-shift.h (100%)
>  rename tests/tcg/{ => i386}/test-i386-ssse3.c (100%)
>  rename tests/tcg/{ => i386}/test-i386-vm86.S (100%)
>  rename tests/tcg/{ => i386}/test-i386.c (100%)
>  rename tests/tcg/{ => i386}/test-i386.h (100%)
> 
> diff --git a/tests/tcg/README b/tests/tcg/README
> index 0890044cf0..469504c4cb 100644
> --- a/tests/tcg/README
> +++ b/tests/tcg/README
> @@ -3,45 +3,6 @@ regression testing. Tests are either multi-arch, meaning 
> they can be
>  built for all guest architectures that support linux-user executable,
>  or they are architecture specific.
>  
> -i386
> -
> -
> -test-i386
> --
> -
> -This program executes most of the 16 bit and 32 bit x86 instructions and
> -generates a text output, for comparison with the output obtained with
> -a real CPU or another emulator.
> -
> -The Linux system call modify_ldt() is used to create x86 selectors
> -to test some 16 bit addressing and 32 bit with segmentation cases.
> -
> -The Linux system call vm86() is used to test vm86 emulation.
> -
> -Various exceptions are raised to test most of the x86 user space
> -exception reporting.
> -
> -linux-test
> ---
> -
> -This program tests various Linux system calls. It is used to verify
> -that the system call parameters are correctly converted between target
> -and host CPUs.
> -
> -test-i386-fprem
> 
> -
> -runcom
> ---
> -
> -test-mmap
> --
> -
> -sha1
> -
> -
> -hello-i386
> ---
>  
>  
>  ARM
> diff --git a/tests/tcg/i386/Makefile.target b/tests/tcg/i386/Makefile.target
> new file mode 100644
> index 00..2f27b65e2d
> --- /dev/null
> +++ b/tests/tcg/i386/Makefile.target
> @@ -0,0 +1,30 @@
> +# i386 cross compile notes
> +
> +I386_SRC=$(SRC_PATH)/tests/tcg/i386
> +
> +# Set search path for all sources
> +VPATH+= $(I386_SRC)
> +
> +I386_SRCS=$(notdir $(wildcard $(I386_SRC)/*.c))
> +I386_TESTS=$(I386_SRCS:.c=)
> +
> +# Update TESTS
> +TESTS+=$(I386_TESTS)
> +
> +ifneq ($(TARGET_NAME),x86_64)
> +CFLAGS+=-m32
> +endif
> +
> +#
> +# hello-i386 is a barebones app
> +#
> +hello-i386: CFLAGS+=-ffreestanding
> +hello-i386: LDFLAGS+=-nostdlib
> +
> +#
> +# test-386 includes a couple of additional objects that need to be linked 
> together
> +#
> +
> +test-i386: test-i386.c test-i386-code16.S test-i386-vm86.S test-i386.h 
> test-i386-shift.h test-i386-muldiv.h
> + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ \
> +$( diff --git a/tests/tcg/i386/README b/tests/tcg/i386/README
> new file mode 100644
> index 00..7a0a47bf27
> --- /dev/null
> +++ b/tests/tcg/i386/README
> @@ -0,0 +1,38 @@
> +These are i386 specific guest programs
> +
> +test-i386
> +-
> +
> +This program executes most of the 16 bit and 32 bit x86 instructions and
> +generates a text output, for comparison with the output obtained with
> +a real CPU or another emulator.
> +
> +The Linux system call modify_ldt() is used to create x86 selectors
> +to test some 16 bit addressing and 32 bit with segmentation cases.
> +
> +The Linux system call vm86() is used to test vm86 emulation.
> +
> +Various exceptions are raised to test most of 

Re: [Qemu-devel] [PATCH v3 21/46] tests/tcg/i386: fix test-i386-fprem

[Thomas Huth]

On 24.04.2018 17:23, Alex Bennée wrote:
> Remove dependencies on QEMU's source tree and build directly.
> 
> Signed-off-by: Alex Bennée 
> ---
>  tests/tcg/i386/test-i386-fprem.c | 12 +---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/tests/tcg/i386/test-i386-fprem.c 
> b/tests/tcg/i386/test-i386-fprem.c
> index 1a71623204..66f5a9657d 100644
> --- a/tests/tcg/i386/test-i386-fprem.c
> +++ b/tests/tcg/i386/test-i386-fprem.c
> @@ -23,7 +23,10 @@
>   *  along with this program; if not, see .
>   */
>  
> -#include "qemu/osdep.h"
> +#include 
> +#include 
> +
> +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
>  
>  /*
>   * Inspired by 's union ieee854_long_double, but with single
> @@ -39,7 +42,7 @@ union float80u {
>  unsigned int exponent:15;
>  unsigned int negative:1;
>  unsigned int empty:16;
> -} QEMU_PACKED ieee;
> +} __attribute__((packed)) ieee;
>  
>  /* This is for NaNs in the IEEE 854 double-extended-precision format.  */
>  struct {
> @@ -49,7 +52,7 @@ union float80u {
>  unsigned int exponent:15;
>  unsigned int negative:1;
>  unsigned int empty:16;
> -} QEMU_PACKED ieee_nan;
> +} __attribute__((packed)) ieee_nan;
>  };
>  
>  #define IEEE854_LONG_DOUBLE_BIAS 0x3fff
> @@ -229,6 +232,7 @@ static void test_fprem_cases(void)
>  do_fprem_stack_underflow();
>  
>  printf("= invalid operation =\n");
> +do_fprem(q_nan.d, 1.0);
>  do_fprem(s_nan.d, 1.0);
>  do_fprem(1.0, 0.0);
>  do_fprem(pos_inf.d, 1.0);
> @@ -238,6 +242,8 @@ static void test_fprem_cases(void)
>  do_fprem(pos_denorm.d, 1.0);
>  do_fprem(1.0, pos_denorm.d);
>  
> +do_fprem(smallest_positive_norm.d, smallest_positive_norm.d);

How's that change related to the patch description? ... i.e. maybe you
should mention these changes in the patch description, too?

Apart from that:

Reviewed-by: Thomas Huth 

Re: [Qemu-devel] [PATCH v3 45/46] tests/Makefile.include: add [build|clean|check]-tcg targets

[Philippe Mathieu-Daudé]

On 04/24/2018 12:24 PM, Alex Bennée wrote:
> This will ensure all linux-user targets build their guest test
> programs and ensure check-tcg will run the respective tests.
> 
> Signed-off-by: Alex Bennée 
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 
> ---
> v2
>   - use -include instead of complex macro stuff
>   - also include TARGET_BASE_ARCH/Makefile
> v3
>   - add build-tcg, make check-tcg actually run tests
> ---
>  tests/Makefile.include | 26 ++-
>  tests/tcg/Makefile.include | 43 ++
>  2 files changed, 50 insertions(+), 19 deletions(-)
> 
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> index 3d2f0458ab..310ccefdd9 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> @@ -10,6 +10,7 @@ check-help:
>   @echo " $(MAKE) check-speed  Run qobject speed tests"
>   @echo " $(MAKE) check-qapi-schemaRun QAPI schema tests"
>   @echo " $(MAKE) check-block  Run block tests"
> + @echo " $(MAKE) check-tcgRun TCG tests"
>   @echo " $(MAKE) check-report.htmlGenerates an HTML test report"
>   @echo " $(MAKE) check-clean  Clean the tests"
>   @echo
> @@ -916,6 +917,30 @@ check-report.xml: $(patsubst %,check-report-qtest-%.xml, 
> $(QTEST_TARGETS)) check
>  check-report.html: check-report.xml
>   $(call quiet-command,gtester-report $< > $@,"GEN","$@")
>  
> +# Per guest TCG tests
> +
> +LINUX_USER_TARGETS=$(filter %-linux-user,$(TARGET_LIST))
> +BUILD_TCG_TARGET_RULES=$(patsubst %,build-tcg-tests-%, $(LINUX_USER_TARGETS))
> +CLEAN_TCG_TARGET_RULES=$(patsubst %,clean-tcg-tests-%, $(LINUX_USER_TARGETS))
> +RUN_TCG_TARGET_RULES=$(patsubst %,run-tcg-tests-%, $(LINUX_USER_TARGETS))
> +
> +build-tcg-tests-%:
> + $(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" 
> TARGET_DIR="$*/" guest-tests,)
> +
> +run-tcg-tests-%: build-tcg-tests-%
> + $(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" 
> TARGET_DIR="$*/" run-guest-tests,)
> +
> +clean-tcg-tests-%:
> + $(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" 
> TARGET_DIR="$*/" clean-guest-tests,)
> +
> +.PHONY: build-tcg
> +build-tcg: $(BUILD_TCG_TARGET_RULES)
> +
> +.PHONY: check-tcg
> +check-tcg: $(RUN_TCG_TARGET_RULES)
> +
> +.PHONY: clean-tcg
> +clean-tcg: $(CLEAN_TCG_TARGET_RULES)
>  
>  # Other tests
>  
> @@ -958,7 +983,6 @@ check-speed: $(patsubst %,check-%, $(check-speed-y))
>  check-block: $(patsubst %,check-%, $(check-block-y))
>  check: check-qapi-schema check-unit check-qtest check-decodetree
>  check-clean:
> - $(MAKE) -C tests/tcg clean
>   rm -rf $(check-unit-y) tests/*.o $(QEMU_IOTESTS_HELPERS-y)
>   rm -rf $(sort $(foreach target,$(SYSEMU_TARGET_LIST), 
> $(check-qtest-$(target)-y)) $(check-qtest-generic-y))
>   rm -f tests/test-qapi-gen-timestamp
> diff --git a/tests/tcg/Makefile.include b/tests/tcg/Makefile.include
> index cb8bb36026..67e89ecb67 100644
> --- a/tests/tcg/Makefile.include
> +++ b/tests/tcg/Makefile.include
> @@ -8,19 +8,14 @@
>  # guest compiler or calling one of our docker images to do it for us.
>  #
>  
> -# The per ARCH makefile, if it exists holds extra information about
> -# useful docker images or alternative compiler flags. Include it if it
> -# exists
> +# The per ARCH makefile, if it exists, holds extra information about
> +# useful docker images or alternative compiler flags.
>  
> -ARCH_MAKEFILE=$(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.include
> -CHECK_INCLUDE=$(wildcard $(ARCH_MAKEFILE))
> -
> -ifeq ($(ARCH_MAKEFILE),$(CHECK_INCLUDE))
> -include $(ARCH_MAKEFILE)
> -endif
> +-include $(SRC_PATH)/tests/tcg/$(TARGET_BASE_ARCH)/Makefile.include
> +-include $(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.include
>  
>  GUEST_BUILD=
> -
> +TCG_MAKE=$(SRC_PATH)/tests/tcg/Makefile
>  # Support installed Cross Compilers
>  
>  ifdef CROSS_CC_GUEST
> @@ -28,10 +23,10 @@ ifdef CROSS_CC_GUEST
>  .PHONY: cross-build-guest-tests
>  cross-build-guest-tests:
>   $(call quiet-command, \
> -  (mkdir -p tests && cd tests && \
> -make -f $(SRC_PATH)/tests/tcg/Makefile ARCH=$(TARGET_NAME) 
> CC=$(CROSS_CC_GUEST)), \
> -   "CROSS-BUILD","$(TARGET_NAME) guest-tests with $(CROSS_CC_GUEST)")
> -
> +(mkdir -p tests && cd tests && \
> + make -f $(TCG_MAKE) CC=$(CROSS_CC_GUEST) \
> + EXTRA_CFLAGS=$(CROSS_CC_GUEST_CFLAGS)), \
> + "CROSS-BUILD","$(TARGET_NAME) guest-tests with $(CROSS_CC_GUEST)")
>  
>  GUEST_BUILD=cross-build-guest-tests
>  
> @@ -54,9 +49,10 @@ DOCKER_PREREQ=docker-image-$(DOCKER_IMAGE)
>  .PHONY: docker-build-guest-tests
>  docker-build-guest-tests: $(DOCKER_PREREQ)
>   $(call quiet-command, \
> -  (mkdir -p tests && cd tests && \
> -make -f $(SRC_PATH)/tests/tcg/Makefile ARCH=$(TARGET_NAME) 
> CC=$(DOCKER_COMPILE_CMD)), \
> 

Re: [Qemu-devel] [PATCH] migration/fd: abort migration if receive POLLHUP event

[Peter Xu]

On Tue, Apr 24, 2018 at 07:24:05PM +0100, Daniel P. Berrangé wrote:
> On Tue, Apr 24, 2018 at 06:16:31PM +0100, Dr. David Alan Gilbert wrote:
> > * Wang Xin (wangxinxin.w...@huawei.com) wrote:
> > > If the fd socket peer closed shortly, ppoll may receive a POLLHUP
> > > event before the expected POLLIN event, and qemu will do nothing
> > > but goes into an infinite loop of the POLLHUP event.
> > > 
> > > So, abort the migration if we receive a POLLHUP event.
> > 
> > Hi Wang Xin,
> >   Can you explain how you manage to trigger this case; I've not hit it.
> > 
> > > Signed-off-by: Wang Xin 
> > > 
> > > diff --git a/migration/fd.c b/migration/fd.c
> > > index cd06182..5932c87 100644
> > > --- a/migration/fd.c
> > > +++ b/migration/fd.c
> > > @@ -15,6 +15,7 @@
> > >   */
> > >  
> > >  #include "qemu/osdep.h"
> > > +#include "qemu/error-report.h"
> > >  #include "channel.h"
> > >  #include "fd.h"
> > >  #include "monitor/monitor.h"
> > > @@ -46,6 +47,11 @@ static gboolean 
> > > fd_accept_incoming_migration(QIOChannel *ioc,
> > >   GIOCondition condition,
> > >   gpointer opaque)
> > >  {
> > > +if (condition & G_IO_HUP) {
> > > +error_report("The migration peer closed, job abort");
> > > +exit(EXIT_FAILURE);
> > > +}
> > > +
> > 
> > OK,  I wish we had a nicer way for failing;  especially for the
> > multifd/postcopy recovery worlds where one failed connection might not
> > be fatal; but I don't see how to do that here.
> 
> This doesn't feel right to me.
> 
> We have passed in a pre-opened FD to QEMU, and we registered a watch
> on it to detect when there is data from the src QEMU that is available
> to read.  Normally the src will have sent something so we'll get G_IO_IN,
> but you're suggesting the client has quit immediately, so we're getting
> G_IO_HUP due to end of file.
> 
> The migration_channel_process_incoming() method that we pass the ioc
> object to will be calling qio_channel_read(ioc) somewhere to try to
> read that data.
> 
> For QEMU to spin in infinite loop there must be code in the
> migration_channel_process_incoming() that is ignoring the return
> value of qio_channel_read() in some manner causing it to retry
> the read again & again I presume.
> 
> Putting this check for G_IO_HUP fixes your immediate problem scenario,
> but whatever code was spinning in infinite loop is still broken and
> I'd guess it was possible to still trigger the loop. eg by writing
> 1 single byte and then closing the socket.
> 
> So, IMHO this fix is wrong - we need to find the root cause and fix
> that, not try to avoid calling the buggy code.

I agree. AFAIU the first read should be in qemu_loadvm_state():

v = qemu_get_be32(f);
if (v != QEMU_VM_FILE_MAGIC) {
error_report("Not a migration stream");
return -EINVAL;
}

So I would be curious more about how that infinite loop happened.

-- 
Peter Xu

Re: [Qemu-devel] [PATCH 16/16] configure: do_compiler: Dump some extra info under bash

[Thomas Huth]

On 24.04.2018 19:58, Ian Jackson wrote:
> This makes it much easier to find a particular thing in config.log.
> 
> We have to use the ${BASH_LINENO[*]} syntax which is a syntax error in
> other shells, so test what shell we are running and use eval.
> 
> The extra output is only printed if configure is run with bash.  On
> systems where /bin/sh is not bash, it is necessary to say bash
> ./configure to get the extra debug info in the log.
> 
> Suggested-by: Eric Blake 
> Signed-off-by: Ian Jackson 
> CC: Kent R. Spillner 
> CC: Janosch Frank 
> CC: Thomas Huth 
> CC: Peter Maydell 
> CC: Paolo Bonzini 
> ---
> v8: Fix so that it actually works as intended with bash.
> v6: Fix commit message wording.
> v4: No longer tag this patch RFC.
> ---
>  configure | 5 +
>  1 file changed, 5 insertions(+)
> 
> diff --git a/configure b/configure
> index aa35aef..f9ba9ea 100755
> --- a/configure
> +++ b/configure
> @@ -60,6 +60,11 @@ do_compiler() {
>  # is compiler binary to execute.
>  local compiler="$1"
>  shift
> +if test -n "$BASH_VERSION"; then eval '
> +echo >>config.log "
> +funcs: ${FUNCNAME[*]}
> +lines: ${BASH_LINENO[*]}"
> +'; fi
>  echo $compiler "$@" >> config.log
>  $compiler "$@" >> config.log 2>&1 || return $?
>  # Test passed. If this is an --enable-werror build, rerun

I just applied the patch and had a look at config.log, and this looks
useful indeed.

Tested-by: Thomas Huth 

[Qemu-devel] [PATCH v6 0/4] qemu-thread: support --enable-debug-mutex

[Peter Xu]

v6:
- rename __QEMU_THREAD_COMMON_H__ to QEMU_THREAD_COMMON_H
- collect r-bs for Emilio

v5:
- init file/line [Emilio]

v4:
- cherrypick Emilio's patch to add "-m" parameter to atomic_add-bench
  tool.
- use inline functions [Emilio]

Micro benchmark result on "taskset -c 0 atomic_add-bench -m":

|+-+|
|| with --enable-debug | without --enable-debug |
|+-+|
| Before | 20 Mops/s   | 34 Mops/s  |
| After  | 18 Mops/s   | 34 Mops/s  |
|+-+|

Please review.  Thanks.

Emilio G. Cota (1):
  tests/atomic_add-bench: add -m option to use mutexes

Peter Xu (3):
  qemu-thread: introduce qemu-thread-common.h
  QemuMutex: support --enable-debug-mutex
  configure: enable debug-mutex if debug enabled

 configure   | 11 +
 include/qemu/thread-posix.h |  4 
 include/qemu/thread-win32.h |  4 
 util/qemu-thread-common.h   | 55 +
 tests/atomic_add-bench.c| 19 ++--
 util/qemu-thread-posix.c| 19 +++-
 util/qemu-thread-win32.c| 17 +++---
 7 files changed, 107 insertions(+), 22 deletions(-)
 create mode 100644 util/qemu-thread-common.h

-- 
2.14.3

[Qemu-devel] [PATCH v6 4/4] configure: enable debug-mutex if debug enabled

[Peter Xu]

Reviewed-by: Emilio G. Cota 
Signed-off-by: Peter Xu 
---
 configure | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure b/configure
index a80af735b2..87453edd88 100755
--- a/configure
+++ b/configure
@@ -1005,6 +1005,7 @@ for opt do
   --enable-debug)
   # Enable debugging options that aren't excessively noisy
   debug_tcg="yes"
+  debug_mutex="yes"
   debug="yes"
   strip_opt="no"
   fortify_source="no"
-- 
2.14.3

[Qemu-devel] [PATCH v6 2/4] qemu-thread: introduce qemu-thread-common.h

[Peter Xu]

Introduce some hooks for the shared part of qemu thread between POSIX
and Windows implementations.  Note that in qemu_mutex_unlock_impl() we
moved the call before unlock operation which should make more sense.
And we don't need qemu_mutex_post_unlock() hook.

Put all these shared hooks into the header files.  It should be internal
to qemu-thread but not for qemu-thread users, hence put into util/
directory.

Reviewed-by: Emilio G. Cota 
Signed-off-by: Peter Xu 
---
 util/qemu-thread-common.h | 43 +++
 util/qemu-thread-posix.c  | 19 ---
 util/qemu-thread-win32.c  | 17 -
 3 files changed, 59 insertions(+), 20 deletions(-)
 create mode 100644 util/qemu-thread-common.h

diff --git a/util/qemu-thread-common.h b/util/qemu-thread-common.h
new file mode 100644
index 00..d3292084d6
--- /dev/null
+++ b/util/qemu-thread-common.h
@@ -0,0 +1,43 @@
+/*
+ * Common qemu-thread implementation header file.
+ *
+ * Copyright Red Hat, Inc. 2018
+ *
+ * Authors:
+ *  Peter Xu ,
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#ifndef QEMU_THREAD_COMMON_H
+#define QEMU_THREAD_COMMON_H
+
+#include "qemu/typedefs.h"
+#include "qemu/thread.h"
+#include "trace.h"
+
+static inline void qemu_mutex_post_init(QemuMutex *mutex)
+{
+mutex->initialized = true;
+}
+
+static inline void qemu_mutex_pre_lock(QemuMutex *mutex,
+   const char *file, int line)
+{
+trace_qemu_mutex_lock(mutex, file, line);
+}
+
+static inline void qemu_mutex_post_lock(QemuMutex *mutex,
+const char *file, int line)
+{
+trace_qemu_mutex_locked(mutex, file, line);
+}
+
+static inline void qemu_mutex_pre_unlock(QemuMutex *mutex,
+ const char *file, int line)
+{
+trace_qemu_mutex_unlock(mutex, file, line);
+}
+
+#endif
diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index b789cf32e9..2056d5c530 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -14,7 +14,7 @@
 #include "qemu/thread.h"
 #include "qemu/atomic.h"
 #include "qemu/notify.h"
-#include "trace.h"
+#include "qemu-thread-common.h"
 
 static bool name_threads;
 
@@ -43,7 +43,7 @@ void qemu_mutex_init(QemuMutex *mutex)
 err = pthread_mutex_init(>lock, NULL);
 if (err)
 error_exit(err, __func__);
-mutex->initialized = true;
+qemu_mutex_post_init(mutex);
 }
 
 void qemu_mutex_destroy(QemuMutex *mutex)
@@ -62,13 +62,11 @@ void qemu_mutex_lock_impl(QemuMutex *mutex, const char 
*file, const int line)
 int err;
 
 assert(mutex->initialized);
-trace_qemu_mutex_lock(mutex, file, line);
-
+qemu_mutex_pre_lock(mutex, file, line);
 err = pthread_mutex_lock(>lock);
 if (err)
 error_exit(err, __func__);
-
-trace_qemu_mutex_locked(mutex, file, line);
+qemu_mutex_post_lock(mutex, file, line);
 }
 
 int qemu_mutex_trylock_impl(QemuMutex *mutex, const char *file, const int line)
@@ -78,7 +76,7 @@ int qemu_mutex_trylock_impl(QemuMutex *mutex, const char 
*file, const int line)
 assert(mutex->initialized);
 err = pthread_mutex_trylock(>lock);
 if (err == 0) {
-trace_qemu_mutex_locked(mutex, file, line);
+qemu_mutex_post_lock(mutex, file, line);
 return 0;
 }
 if (err != EBUSY) {
@@ -92,11 +90,10 @@ void qemu_mutex_unlock_impl(QemuMutex *mutex, const char 
*file, const int line)
 int err;
 
 assert(mutex->initialized);
+qemu_mutex_pre_unlock(mutex, file, line);
 err = pthread_mutex_unlock(>lock);
 if (err)
 error_exit(err, __func__);
-
-trace_qemu_mutex_unlock(mutex, file, line);
 }
 
 void qemu_rec_mutex_init(QemuRecMutex *mutex)
@@ -160,9 +157,9 @@ void qemu_cond_wait_impl(QemuCond *cond, QemuMutex *mutex, 
const char *file, con
 int err;
 
 assert(cond->initialized);
-trace_qemu_mutex_unlock(mutex, file, line);
+qemu_mutex_pre_unlock(mutex, file, line);
 err = pthread_cond_wait(>cond, >lock);
-trace_qemu_mutex_locked(mutex, file, line);
+qemu_mutex_post_lock(mutex, file, line);
 if (err)
 error_exit(err, __func__);
 }
diff --git a/util/qemu-thread-win32.c b/util/qemu-thread-win32.c
index ab60c0d557..b303188a36 100644
--- a/util/qemu-thread-win32.c
+++ b/util/qemu-thread-win32.c
@@ -19,7 +19,7 @@
 #include "qemu-common.h"
 #include "qemu/thread.h"
 #include "qemu/notify.h"
-#include "trace.h"
+#include "qemu-thread-common.h"
 #include 
 
 static bool name_threads;
@@ -46,7 +46,7 @@ static void error_exit(int err, const char *msg)
 void qemu_mutex_init(QemuMutex *mutex)
 {
 InitializeSRWLock(>lock);
-mutex->initialized = true;
+qemu_mutex_post_init(mutex);
 }
 
 void qemu_mutex_destroy(QemuMutex *mutex)
@@ -59,10 +59,9 @@ void 

[Qemu-devel] [PATCH v6 3/4] QemuMutex: support --enable-debug-mutex

[Peter Xu]

We have had some tracing tools for mutex but it's not easy to use them
for e.g. dead locks.  Let's provide "--enable-debug-mutex" parameter
when configure to allow QemuMutex to store the last owner that took
specific lock.  It will be easy to use this tool to debug deadlocks
since we can directly know who took the lock then as long as we can have
a debugger attached to the process.

Reviewed-by: Emilio G. Cota 
Signed-off-by: Peter Xu 
---
 configure   | 10 ++
 include/qemu/thread-posix.h |  4 
 include/qemu/thread-win32.h |  4 
 util/qemu-thread-common.h   | 12 
 4 files changed, 30 insertions(+)

diff --git a/configure b/configure
index 0a19b033bc..a80af735b2 100755
--- a/configure
+++ b/configure
@@ -451,6 +451,7 @@ jemalloc="no"
 replication="yes"
 vxhs=""
 libxml2=""
+debug_mutex="no"
 
 supported_cpu="no"
 supported_os="no"
@@ -1374,6 +1375,10 @@ for opt do
   ;;
   --disable-git-update) git_update=no
   ;;
+  --enable-debug-mutex) debug_mutex=yes
+  ;;
+  --disable-debug-mutex) debug_mutex=no
+  ;;
   *)
   echo "ERROR: unknown option $opt"
   echo "Try '$0 --help' for more information"
@@ -1631,6 +1636,7 @@ disabled with --disable-FEATURE, default is enabled if 
available:
   crypto-afalgLinux AF_ALG crypto backend driver
   vhost-user  vhost-user support
   capstonecapstone disassembler support
+  debug-mutex mutex debugging support
 
 NOTE: The object files are built at the place where configure is launched
 EOF
@@ -5874,6 +5880,7 @@ echo "avx2 optimization $avx2_opt"
 echo "replication support $replication"
 echo "VxHS block device $vxhs"
 echo "capstone  $capstone"
+echo "mutex debugging   $debug_mutex"
 
 if test "$sdl_too_old" = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -6602,6 +6609,9 @@ fi
 if test "$capstone" != "no" ; then
   echo "CONFIG_CAPSTONE=y" >> $config_host_mak
 fi
+if test "$debug_mutex" = "yes" ; then
+  echo "CONFIG_DEBUG_MUTEX=y" >> $config_host_mak
+fi
 
 # Hold two types of flag:
 #   CONFIG_THREAD_SETNAME_BYTHREAD  - we've got a way of setting the name on
diff --git a/include/qemu/thread-posix.h b/include/qemu/thread-posix.h
index f3f47e426f..fd27b34128 100644
--- a/include/qemu/thread-posix.h
+++ b/include/qemu/thread-posix.h
@@ -12,6 +12,10 @@ typedef QemuMutex QemuRecMutex;
 
 struct QemuMutex {
 pthread_mutex_t lock;
+#ifdef CONFIG_DEBUG_MUTEX
+const char *file;
+int line;
+#endif
 bool initialized;
 };
 
diff --git a/include/qemu/thread-win32.h b/include/qemu/thread-win32.h
index 3a05e3b3aa..d668d789b4 100644
--- a/include/qemu/thread-win32.h
+++ b/include/qemu/thread-win32.h
@@ -5,6 +5,10 @@
 
 struct QemuMutex {
 SRWLOCK lock;
+#ifdef CONFIG_DEBUG_MUTEX
+const char *file;
+int line;
+#endif
 bool initialized;
 };
 
diff --git a/util/qemu-thread-common.h b/util/qemu-thread-common.h
index d3292084d6..a0ea7c0d92 100644
--- a/util/qemu-thread-common.h
+++ b/util/qemu-thread-common.h
@@ -19,6 +19,10 @@
 
 static inline void qemu_mutex_post_init(QemuMutex *mutex)
 {
+#ifdef CONFIG_DEBUG_MUTEX
+mutex->file = NULL;
+mutex->line = 0;
+#endif
 mutex->initialized = true;
 }
 
@@ -31,12 +35,20 @@ static inline void qemu_mutex_pre_lock(QemuMutex *mutex,
 static inline void qemu_mutex_post_lock(QemuMutex *mutex,
 const char *file, int line)
 {
+#ifdef CONFIG_DEBUG_MUTEX
+mutex->file = file;
+mutex->line = line;
+#endif
 trace_qemu_mutex_locked(mutex, file, line);
 }
 
 static inline void qemu_mutex_pre_unlock(QemuMutex *mutex,
  const char *file, int line)
 {
+#ifdef CONFIG_DEBUG_MUTEX
+mutex->file = NULL;
+mutex->line = 0;
+#endif
 trace_qemu_mutex_unlock(mutex, file, line);
 }
 
-- 
2.14.3

[Qemu-devel] [PATCH v6 1/4] tests/atomic_add-bench: add -m option to use mutexes

[Peter Xu]

From: "Emilio G. Cota" 

This allows us to use atomic-add-bench as a microbenchmark
for evaluating qemu_mutex_lock's performance.

Signed-off-by: Emilio G. Cota 
[cherry picked from https://github.com/cota/qemu/commit/f04f34df]
Signed-off-by: Peter Xu 
---
 tests/atomic_add-bench.c | 19 +--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/tests/atomic_add-bench.c b/tests/atomic_add-bench.c
index caa1e8e689..f96d448f77 100644
--- a/tests/atomic_add-bench.c
+++ b/tests/atomic_add-bench.c
@@ -8,6 +8,7 @@ struct thread_info {
 } QEMU_ALIGNED(64);
 
 struct count {
+QemuMutex lock;
 unsigned long val;
 } QEMU_ALIGNED(64);
 
@@ -18,11 +19,13 @@ static unsigned int n_ready_threads;
 static struct count *counts;
 static unsigned int duration = 1;
 static unsigned int range = 1024;
+static bool use_mutex;
 static bool test_start;
 static bool test_stop;
 
 static const char commands_string[] =
 " -n = number of threads\n"
+" -m = use mutexes instead of atomic increments\n"
 " -d = duration in seconds\n"
 " -r = range (will be rounded up to pow2)";
 
@@ -59,7 +62,13 @@ static void *thread_func(void *arg)
 
 info->r = xorshift64star(info->r);
 index = info->r & (range - 1);
-atomic_inc([index].val);
+if (use_mutex) {
+qemu_mutex_lock([index].lock);
+counts[index].val += 1;
+qemu_mutex_unlock([index].lock);
+} else {
+atomic_inc([index].val);
+}
 }
 return NULL;
 }
@@ -91,6 +100,9 @@ static void create_threads(void)
 th_info = g_new(struct thread_info, n_threads);
 counts = qemu_memalign(64, sizeof(*counts) * range);
 memset(counts, 0, sizeof(*counts) * range);
+for (i = 0; i < range; i++) {
+qemu_mutex_init([i].lock);
+}
 
 for (i = 0; i < n_threads; i++) {
 struct thread_info *info = _info[i];
@@ -131,7 +143,7 @@ static void parse_args(int argc, char *argv[])
 int c;
 
 for (;;) {
-c = getopt(argc, argv, "hd:n:r:");
+c = getopt(argc, argv, "hd:n:mr:");
 if (c < 0) {
 break;
 }
@@ -145,6 +157,9 @@ static void parse_args(int argc, char *argv[])
 case 'n':
 n_threads = atoi(optarg);
 break;
+case 'm':
+use_mutex = true;
+break;
 case 'r':
 range = pow2ceil(atoi(optarg));
 break;
-- 
2.14.3

Re: [Qemu-devel] [PATCH 0/9] target/arm: Fixups for ARM_FEATURE_V8_FP16

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180425012300.14698-1-richard.hender...@linaro.org
Subject: [Qemu-devel] [PATCH 0/9] target/arm: Fixups for ARM_FEATURE_V8_FP16

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/1513160272-15921-1-git-send-email-christian.ehrha...@canonical.com -> 
patchew/1513160272-15921-1-git-send-email-christian.ehrha...@canonical.com
 t [tag update]
patchew/20180424152405.10304-1-alex.ben...@linaro.org -> 
patchew/20180424152405.10304-1-alex.ben...@linaro.org
 t [tag update]patchew/20180424160329.8089-1-alex.ben...@linaro.org 
-> patchew/20180424160329.8089-1-alex.ben...@linaro.org
 t [tag update]patchew/20180424214550.32549-1-ler...@redhat.com -> 
patchew/20180424214550.32549-1-ler...@redhat.com
 t [tag update]patchew/20180424222103.19946-1-f4...@amsat.org -> 
patchew/20180424222103.19946-1-f4...@amsat.org
 * [new tag]   
patchew/20180425012300.14698-1-richard.hender...@linaro.org -> 
patchew/20180425012300.14698-1-richard.hender...@linaro.org
Switched to a new branch 'test'
84efc5c3b1 target/arm: Implement FP data-processing (3 source) for fp16
10574670d9 target/arm: Implement FP data-processing (2 source) for fp16
2d4e187869 target/arm: Implement FCVT (scalar, fixed-point) for fp16
ec350065e4 target/arm: Implement FCVT (scalar, integer) for fp16
d157aaa589 target/arm: Implement FMOV (general) for fp16
7eeb78179f target/arm: Clear SVE high bits for FMOV
a7fed5d8a6 target/arm: Fix float16 to/from int16
72239133a0 target/arm: Implement vector shifted FCVT for fp16
5cb4ff2996 target/arm: Implement vector shifted SCVF/UCVF for fp16

=== OUTPUT BEGIN ===
Checking PATCH 1/9: target/arm: Implement vector shifted SCVF/UCVF for fp16...
Checking PATCH 2/9: target/arm: Implement vector shifted FCVT for fp16...
Checking PATCH 3/9: target/arm: Fix float16 to/from int16...
ERROR: spaces required around that '*' (ctx:WxV)
#40: FILE: target/arm/helper.c:11423:
+static float16 do_postscale_fp16(float64 f, int shift, float_status *fpst)
 ^

total: 1 errors, 0 warnings, 83 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 4/9: target/arm: Clear SVE high bits for FMOV...
Checking PATCH 5/9: target/arm: Implement FMOV (general) for fp16...
Checking PATCH 6/9: target/arm: Implement FCVT (scalar, integer) for fp16...
Checking PATCH 7/9: target/arm: Implement FCVT (scalar, fixed-point) for fp16...
Checking PATCH 8/9: target/arm: Implement FP data-processing (2 source) for 
fp16...
Checking PATCH 9/9: target/arm: Implement FP data-processing (3 source) for 
fp16...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH 5/9] target/arm: Implement FMOV (general) for fp16

[Philippe Mathieu-Daudé]

Hi Richard,

On 04/24/2018 10:22 PM, Richard Henderson wrote:
> Adding the fp16 moves to/from general registers.
> 
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/translate-a64.c | 22 +-
>  1 file changed, 21 insertions(+), 1 deletion(-)
> 
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index f2241d8174..36bb5f6f08 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -5375,6 +5375,15 @@ static void handle_fmov(DisasContext *s, int rd, int 
> rn, int type, bool itof)
>  tcg_gen_st_i64(tcg_rn, cpu_env, fp_reg_hi_offset(s, rd));
>  clear_vec_high(s, true, rd);
>  break;
> +case 3:
> +/* 16 bit */
> +tmp = tcg_temp_new_i64();
> +tcg_gen_ext16u_i64(tmp, tcg_rn);
> +write_fp_dreg(s, rd, tmp);
> +tcg_temp_free_i64(tmp);
> +break;
> +default:
> +g_assert_not_reached();
>  }
>  } else {
>  TCGv_i64 tcg_rd = cpu_reg(s, rd);
> @@ -5392,6 +5401,12 @@ static void handle_fmov(DisasContext *s, int rd, int 
> rn, int type, bool itof)
>  /* 64 bits from top half */
>  tcg_gen_ld_i64(tcg_rd, cpu_env, fp_reg_hi_offset(s, rn));
>  break;
> +case 3:
> +/* 16 bit */
> +tcg_gen_ld16u_i64(tcg_rd, cpu_env, fp_reg_offset(s, rn, MO_16));
> +break;
> +default:
> +g_assert_not_reached();
>  }
>  }
>  }
> @@ -5431,10 +5446,15 @@ static void disas_fp_int_conv(DisasContext *s, 
> uint32_t insn)
>  case 0xa: /* 64 bit */
>  case 0xd: /* 64 bit to top half of quad */
>  break;
> +case 0x6: /* 16-bit */
> +if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
> +break;
> +}
> +/* fallthru */
>  default:
>  /* all other sf/type/rmode combinations are invalid */
>  unallocated_encoding(s);
> -break;
> +return;

Agreed with this change, however shouldn't this be in a separate patch?

>  }
>  
>  if (!fp_access_check(s)) {
> 

[Qemu-devel] [PATCH 9/9] target/arm: Implement FP data-processing (3 source) for fp16

[Richard Henderson]

We missed all of the scalar fp16 fma operations.

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 48 ++
 1 file changed, 48 insertions(+)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 11b90b7eb0..0cb1fc4d67 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5154,6 +5154,44 @@ static void handle_fp_3src_double(DisasContext *s, bool 
o0, bool o1,
 tcg_temp_free_i64(tcg_res);
 }
 
+/* Floating-point data-processing (3 source) - half precision */
+static void handle_fp_3src_half(DisasContext *s, bool o0, bool o1,
+int rd, int rn, int rm, int ra)
+{
+TCGv_i32 tcg_op1, tcg_op2, tcg_op3;
+TCGv_i32 tcg_res = tcg_temp_new_i32();
+TCGv_ptr fpst = get_fpstatus_ptr(true);
+
+tcg_op1 = read_fp_hreg(s, rn);
+tcg_op2 = read_fp_hreg(s, rm);
+tcg_op3 = read_fp_hreg(s, ra);
+
+/* These are fused multiply-add, and must be done as one
+ * floating point operation with no rounding between the
+ * multiplication and addition steps.
+ * NB that doing the negations here as separate steps is
+ * correct : an input NaN should come out with its sign bit
+ * flipped if it is a negated-input.
+ */
+if (o1 == true) {
+tcg_gen_xori_i32(tcg_op3, tcg_op3, 0x8000);
+}
+
+if (o0 != o1) {
+tcg_gen_xori_i32(tcg_op1, tcg_op1, 0x8000);
+}
+
+gen_helper_advsimd_muladdh(tcg_res, tcg_op1, tcg_op2, tcg_op3, fpst);
+
+write_fp_sreg(s, rd, tcg_res);
+
+tcg_temp_free_ptr(fpst);
+tcg_temp_free_i32(tcg_op1);
+tcg_temp_free_i32(tcg_op2);
+tcg_temp_free_i32(tcg_op3);
+tcg_temp_free_i32(tcg_res);
+}
+
 /* Floating point data-processing (3 source)
  *   31  30  29 28   24 23  22  21  20  16  15  14  10 95 40
  * +---+---+---+---+--++--++--+--+--+
@@ -5183,6 +5221,16 @@ static void disas_fp_3src(DisasContext *s, uint32_t insn)
 }
 handle_fp_3src_double(s, o0, o1, rd, rn, rm, ra);
 break;
+case 3:
+if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
+unallocated_encoding(s);
+return;
+}
+if (!fp_access_check(s)) {
+return;
+}
+handle_fp_3src_half(s, o0, o1, rd, rn, rm, ra);
+break;
 default:
 unallocated_encoding(s);
 }
-- 
2.14.3

[Qemu-devel] [PATCH 7/9] target/arm: Implement FCVT (scalar, fixed-point) for fp16

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 4f6317aa0f..794ede7222 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5372,8 +5372,7 @@ static void disas_fp_fixed_conv(DisasContext *s, uint32_t 
insn)
 bool sf = extract32(insn, 31, 1);
 bool itof;
 
-if (sbit || (type > 1)
-|| (!sf && scale < 32)) {
+if (sbit || (!sf && scale < 32)) {
 unallocated_encoding(s);
 return;
 }
@@ -5392,6 +5391,20 @@ static void disas_fp_fixed_conv(DisasContext *s, 
uint32_t insn)
 return;
 }
 
+switch (type) {
+case 0: /* float32 */
+case 1: /* float64 */
+break;
+case 3: /* float16 */
+if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
+break;
+}
+/* fallthru */
+default:
+unallocated_encoding(s);
+return;
+}
+
 if (!fp_access_check(s)) {
 return;
 }
-- 
2.14.3

[Qemu-devel] [PATCH 6/9] target/arm: Implement FCVT (scalar, integer) for fp16

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 target/arm/helper.h|  6 +++
 target/arm/helper.c| 38 +-
 target/arm/translate-a64.c | 96 ++
 3 files changed, 122 insertions(+), 18 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index eafd5d746b..f494b10f1b 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -151,6 +151,10 @@ DEF_HELPER_3(vfp_touhd_round_to_zero, i64, f64, i32, ptr)
 DEF_HELPER_3(vfp_tould_round_to_zero, i64, f64, i32, ptr)
 DEF_HELPER_3(vfp_touhh, i32, f16, i32, ptr)
 DEF_HELPER_3(vfp_toshh, i32, f16, i32, ptr)
+DEF_HELPER_3(vfp_toulh, i32, f16, i32, ptr)
+DEF_HELPER_3(vfp_toslh, i32, f16, i32, ptr)
+DEF_HELPER_3(vfp_touqh, i64, f16, i32, ptr)
+DEF_HELPER_3(vfp_tosqh, i64, f16, i32, ptr)
 DEF_HELPER_3(vfp_toshs, i32, f32, i32, ptr)
 DEF_HELPER_3(vfp_tosls, i32, f32, i32, ptr)
 DEF_HELPER_3(vfp_tosqs, i64, f32, i32, ptr)
@@ -177,6 +181,8 @@ DEF_HELPER_3(vfp_ultod, f64, i64, i32, ptr)
 DEF_HELPER_3(vfp_uqtod, f64, i64, i32, ptr)
 DEF_HELPER_3(vfp_sltoh, f16, i32, i32, ptr)
 DEF_HELPER_3(vfp_ultoh, f16, i32, i32, ptr)
+DEF_HELPER_3(vfp_sqtoh, f16, i64, i32, ptr)
+DEF_HELPER_3(vfp_uqtoh, f16, i64, i32, ptr)
 
 DEF_HELPER_FLAGS_2(set_rmode, TCG_CALL_NO_RWG, i32, i32, ptr)
 DEF_HELPER_FLAGS_2(set_neon_rmode, TCG_CALL_NO_RWG, i32, i32, env)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 743f34bd0a..dbc10b454a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11416,8 +11416,12 @@ VFP_CONV_FIX_A64(uq, s, 32, 64, uint64)
 #undef VFP_CONV_FIX_A64
 
 /* Conversion to/from f16 can overflow to infinity before/after scaling.
- * Therefore we convert to f64 (which does not round), scale,
- * and then convert f64 to f16 (which may round).
+ * Therefore we convert to f64, scale, and then convert f64 to f16; or
+ * vice versa for conversion to integer.
+ *
+ * For 16- and 32-bit integers, the conversion to f64 never rounds.
+ * For 64-bit integers, any integer that would cause rounding will also
+ * overflow to f16 infinity, so there is no double rounding problem.
  */
 
 static float16 do_postscale_fp16(float64 f, int shift, float_status *fpst)
@@ -11435,6 +11439,16 @@ float16 HELPER(vfp_ultoh)(uint32_t x, uint32_t shift, 
void *fpst)
 return do_postscale_fp16(uint32_to_float64(x, fpst), shift, fpst);
 }
 
+float16 HELPER(vfp_sqtoh)(uint64_t x, uint32_t shift, void *fpst)
+{
+return do_postscale_fp16(int64_to_float64(x, fpst), shift, fpst);
+}
+
+float16 HELPER(vfp_uqtoh)(uint64_t x, uint32_t shift, void *fpst)
+{
+return do_postscale_fp16(uint64_to_float64(x, fpst), shift, fpst);
+}
+
 static float64 do_prescale_fp16(float16 f, int shift, float_status *fpst)
 {
 if (unlikely(float16_is_any_nan(f))) {
@@ -11464,6 +11478,26 @@ uint32_t HELPER(vfp_touhh)(float16 x, uint32_t shift, 
void *fpst)
 return float64_to_uint16(do_prescale_fp16(x, shift, fpst), fpst);
 }
 
+uint32_t HELPER(vfp_toslh)(float16 x, uint32_t shift, void *fpst)
+{
+return float64_to_int32(do_prescale_fp16(x, shift, fpst), fpst);
+}
+
+uint32_t HELPER(vfp_toulh)(float16 x, uint32_t shift, void *fpst)
+{
+return float64_to_uint32(do_prescale_fp16(x, shift, fpst), fpst);
+}
+
+uint64_t HELPER(vfp_tosqh)(float16 x, uint32_t shift, void *fpst)
+{
+return float64_to_int64(do_prescale_fp16(x, shift, fpst), fpst);
+}
+
+uint64_t HELPER(vfp_touqh)(float16 x, uint32_t shift, void *fpst)
+{
+return float64_to_uint64(do_prescale_fp16(x, shift, fpst), fpst);
+}
+
 /* Set the current fp rounding mode and return the old one.
  * The argument is a softfloat float_round_ value.
  */
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 36bb5f6f08..4f6317aa0f 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5186,11 +5186,11 @@ static void handle_fpfpcvt(DisasContext *s, int rd, int 
rn, int opcode,
bool itof, int rmode, int scale, int sf, int type)
 {
 bool is_signed = !(opcode & 1);
-bool is_double = type;
 TCGv_ptr tcg_fpstatus;
-TCGv_i32 tcg_shift;
+TCGv_i32 tcg_shift, tcg_single;
+TCGv_i64 tcg_double;
 
-tcg_fpstatus = get_fpstatus_ptr(false);
+tcg_fpstatus = get_fpstatus_ptr(type == 3);
 
 tcg_shift = tcg_const_i32(64 - scale);
 
@@ -5208,8 +5208,9 @@ static void handle_fpfpcvt(DisasContext *s, int rd, int 
rn, int opcode,
 tcg_int = tcg_extend;
 }
 
-if (is_double) {
-TCGv_i64 tcg_double = tcg_temp_new_i64();
+switch (type) {
+case 1: /* float64 */
+tcg_double = tcg_temp_new_i64();
 if (is_signed) {
 gen_helper_vfp_sqtod(tcg_double, tcg_int,
  tcg_shift, tcg_fpstatus);
@@ -5219,8 +5220,10 @@ static void handle_fpfpcvt(DisasContext *s, int rd, int 
rn, int opcode,
 }
 write_fp_dreg(s, rd, tcg_double);

[Qemu-devel] [PATCH 4/9] target/arm: Clear SVE high bits for FMOV

[Richard Henderson]

Use write_fp_dreg and clear_vec_high to zero the bits
that need zeroing for these cases.

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 17 +
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index b27892d971..f2241d8174 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5356,31 +5356,24 @@ static void handle_fmov(DisasContext *s, int rd, int 
rn, int type, bool itof)
 
 if (itof) {
 TCGv_i64 tcg_rn = cpu_reg(s, rn);
+TCGv_i64 tmp;
 
 switch (type) {
 case 0:
-{
 /* 32 bit */
-TCGv_i64 tmp = tcg_temp_new_i64();
+tmp = tcg_temp_new_i64();
 tcg_gen_ext32u_i64(tmp, tcg_rn);
-tcg_gen_st_i64(tmp, cpu_env, fp_reg_offset(s, rd, MO_64));
-tcg_gen_movi_i64(tmp, 0);
-tcg_gen_st_i64(tmp, cpu_env, fp_reg_hi_offset(s, rd));
+write_fp_dreg(s, rd, tmp);
 tcg_temp_free_i64(tmp);
 break;
-}
 case 1:
-{
 /* 64 bit */
-TCGv_i64 tmp = tcg_const_i64(0);
-tcg_gen_st_i64(tcg_rn, cpu_env, fp_reg_offset(s, rd, MO_64));
-tcg_gen_st_i64(tmp, cpu_env, fp_reg_hi_offset(s, rd));
-tcg_temp_free_i64(tmp);
+write_fp_dreg(s, rd, tcg_rn);
 break;
-}
 case 2:
 /* 64 bit to top half. */
 tcg_gen_st_i64(tcg_rn, cpu_env, fp_reg_hi_offset(s, rd));
+clear_vec_high(s, true, rd);
 break;
 }
 } else {
-- 
2.14.3

Re: [Qemu-devel] [PATCH v3 00/46] fix building of tests/tcg

[Philippe Mathieu-Daudé]

> This is starting to shape up pretty nicely. I was able to add a whole
> bunch of additional architectures thanks to cross compilers in Debian
> Sid which are there to support the Debian "ports". These may not be
> around for ever, most "ports" are on the way out, but they will be the
> last thing to drop out of the Sid repo. Maybe when Debian stops
> caring (and no other distro does) maybe we should to?

I *think* working with Sid is not recommended as very unstable and not
reproducible. A reproducible way is to use the Debian Snapshot Archive
(http://snapshot.debian.org/) eventually using package specific version
and holding packages at this version.

I found an example in the following post:
https://blog.sleeplessbeastie.eu/2017/07/17/how-to-install-packages-using-repository-snapshot/

(I Cc'ed Debian experts who might have a better idea).


For stable releases, this shouldn't be a problem since End of Life
Debian versions stay on archive.debian.org; as for Docker images:

https://hub.docker.com/r/debian/eol/

> However compiling big-endian targets continues to be a massive pain as
> even if compilers support switching endianess with flags you are
> usually let down by a partial set of headers or the linker not being
> able to link against wrong-endian crt.o or libgcc files. Ultimately

¯\_(ツ)_/¯ https://bugs.launchpad.net/gcc-arm-embedded/+bug/1718206

> any guests that are not supported by any distro are probably going to
> be stuck with bare metal or hand crafted tests like in
> tests/tcg/alpha.
> 
> The final patch (tests/tcg: override runners for broken tests)
> suppresses a bunch of tests that fail on different guest setups. This
> was to allow me to test "make check-tcg" could make it all the way
> through. I'm sure some of them are bugs that need fixing so it would
> be cool if maintainers could look through and see if there are any
> easy wins.
> 
> Major Changes:
>   - check-tcg now runs the tests (c.f build-tcg/clean-tcg)
>   - clean use of quiet-command for CROSS-BUILD/RUN-TESTS and TEST
>   - bunch of additional targets (alpha, hppa, m68k, sh4, sparc64, mips64)
>   - review comments and tags
>   - dropped fp-test and additional aarch64 tests for now
> 
> As usual detailed notes are bellow the --- in the commit messages.
> 
> Currently un-reviewed:
> 
> patch 0002/configure add test for docker availability.patch needs review
> patch 0003/configure add support for cross cc FOO.patch needs review
> patch 0004/configure move i386_cc to cross_cc_i386.patch needs review
> patch 0005/configure allow user to specify cross cc cflags f.patch needs 
> review
> patch 0014/tests tcg multiarch enable additional linux test .patch needs 
> review
> patch 0015/tests tcg multiarch move most output to stdout.patch needs review
> patch 0017/docker Add fedora i386 cross image.patch needs review
> patch 0018/tests tcg enable building for i386.patch needs review
> patch 0021/tests tcg i386 fix test i386 fprem.patch needs review
> patch 0022/tests tcg i386 disable i386 version of test i386 .patch needs 
> review
> patch 0023/tests tcg x86_64 add Makefile.target.patch needs review
> patch 0025/tests tcg i386 test i386 fix printf format.patch needs review
> patch 0027/tests tcg arm fix up test arm iwmmxt test.patch needs review
> patch 0028/tests tcg aarch64 add Makefile.target.patch needs review
> patch 0029/tests tcg aarch64 add fcvt test cases for AArch64.patch needs 
> review
> patch 0031/tests tcg enable building for MIPS.patch needs review
> patch 0032/tests tcg mips include common mips hello mips.patch needs review
> patch 0035/tests tcg enable building for Alpha.patch needs review
> patch 0036/tests tcg alpha add Alpha specific tests.patch needs review
> patch 0037/tests tcg alpha fix warnings about write.patch needs review
> patch 0038/tests tcg enable building for HPPA.patch needs review
> patch 0039/tests tcg enable building for m68k.patch needs review
> patch 0040/tests tcg enable building for sh4.patch needs review
> patch 0041/tests tcg enable building for sparc64.patch needs review
> patch 0042/tests tcg enable building for mips64.patch needs review
> patch 0043/tests tcg Makefile update to be called from Makef.patch needs 
> review
> patch 0044/Makefile.target add clean guest tests targets.patch needs review
> patch 0046/tests tcg override runners for broken tests UPSTR.patch needs 
> review
> 
> 
> Alex Bennée (41):
>   configure: add test for docker availability
>   configure: add support for --cross-cc-FOO
>   configure: move i386_cc to cross_cc_i386
>   configure: allow user to specify --cross-cc-cflags-foo=
>   configure: set cross_cc_FOO for host compiler
>   docker: Add "cc" subcommand
>   docker: extend "cc" command to accept compiler
>   docker: allow "cc" command to run in user context
>   docker: Makefile.include introduce DOCKER_SCRIPT
>   tests/tcg: move architecture independent tests into subdir
>   tests/tcg/multiarch: enable additional linux-test tests
>   tests/tcg/multiarch: move 

[Qemu-devel] [PATCH 8/9] target/arm: Implement FP data-processing (2 source) for fp16

[Richard Henderson]

We missed all of the scalar fp16 binary operations.

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 73 ++
 1 file changed, 73 insertions(+)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index 794ede7222..11b90b7eb0 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -532,6 +532,14 @@ static TCGv_i32 read_fp_sreg(DisasContext *s, int reg)
 return v;
 }
 
+static TCGv_i32 read_fp_hreg(DisasContext *s, int reg)
+{
+TCGv_i32 v = tcg_temp_new_i32();
+
+tcg_gen_ld16u_i32(v, cpu_env, fp_reg_offset(s, reg, MO_16));
+return v;
+}
+
 /* Clear the bits above an N-bit vector, for N = (is_q ? 128 : 64).
  * If SVE is not enabled, then there are only 128 bits in the vector.
  */
@@ -4968,6 +4976,61 @@ static void handle_fp_2src_double(DisasContext *s, int 
opcode,
 tcg_temp_free_i64(tcg_res);
 }
 
+/* Floating-point data-processing (2 source) - half precision */
+static void handle_fp_2src_half(DisasContext *s, int opcode,
+int rd, int rn, int rm)
+{
+TCGv_i32 tcg_op1;
+TCGv_i32 tcg_op2;
+TCGv_i32 tcg_res;
+TCGv_ptr fpst;
+
+tcg_res = tcg_temp_new_i32();
+fpst = get_fpstatus_ptr(true);
+tcg_op1 = read_fp_hreg(s, rn);
+tcg_op2 = read_fp_hreg(s, rm);
+
+switch (opcode) {
+case 0x0: /* FMUL */
+gen_helper_advsimd_mulh(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x1: /* FDIV */
+gen_helper_advsimd_divh(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x2: /* FADD */
+gen_helper_advsimd_addh(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x3: /* FSUB */
+gen_helper_advsimd_subh(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x4: /* FMAX */
+gen_helper_advsimd_maxh(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x5: /* FMIN */
+gen_helper_advsimd_minh(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x6: /* FMAXNM */
+gen_helper_advsimd_maxnumh(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x7: /* FMINNM */
+gen_helper_advsimd_minnumh(tcg_res, tcg_op1, tcg_op2, fpst);
+break;
+case 0x8: /* FNMUL */
+gen_helper_advsimd_mulh(tcg_res, tcg_op1, tcg_op2, fpst);
+tcg_gen_xori_i32(tcg_res, tcg_res, 0x8000);
+break;
+default:
+g_assert_not_reached();
+}
+
+write_fp_sreg(s, rd, tcg_res);
+
+tcg_temp_free_ptr(fpst);
+tcg_temp_free_i32(tcg_op1);
+tcg_temp_free_i32(tcg_op2);
+tcg_temp_free_i32(tcg_res);
+}
+
 /* Floating point data-processing (2 source)
  *   31  30  29 28   24 23  22  21 20  16 1512 11 10 95 40
  * +---+---+---+---+--+---+--++-+--+--+
@@ -5000,6 +5063,16 @@ static void disas_fp_2src(DisasContext *s, uint32_t insn)
 }
 handle_fp_2src_double(s, opcode, rd, rn, rm);
 break;
+case 3:
+if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
+unallocated_encoding(s);
+return;
+}
+if (!fp_access_check(s)) {
+return;
+}
+handle_fp_2src_half(s, opcode, rd, rn, rm);
+break;
 default:
 unallocated_encoding(s);
 }
-- 
2.14.3

[Qemu-devel] [PATCH 5/9] target/arm: Implement FMOV (general) for fp16

[Richard Henderson]

Adding the fp16 moves to/from general registers.

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 22 +-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index f2241d8174..36bb5f6f08 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -5375,6 +5375,15 @@ static void handle_fmov(DisasContext *s, int rd, int rn, 
int type, bool itof)
 tcg_gen_st_i64(tcg_rn, cpu_env, fp_reg_hi_offset(s, rd));
 clear_vec_high(s, true, rd);
 break;
+case 3:
+/* 16 bit */
+tmp = tcg_temp_new_i64();
+tcg_gen_ext16u_i64(tmp, tcg_rn);
+write_fp_dreg(s, rd, tmp);
+tcg_temp_free_i64(tmp);
+break;
+default:
+g_assert_not_reached();
 }
 } else {
 TCGv_i64 tcg_rd = cpu_reg(s, rd);
@@ -5392,6 +5401,12 @@ static void handle_fmov(DisasContext *s, int rd, int rn, 
int type, bool itof)
 /* 64 bits from top half */
 tcg_gen_ld_i64(tcg_rd, cpu_env, fp_reg_hi_offset(s, rn));
 break;
+case 3:
+/* 16 bit */
+tcg_gen_ld16u_i64(tcg_rd, cpu_env, fp_reg_offset(s, rn, MO_16));
+break;
+default:
+g_assert_not_reached();
 }
 }
 }
@@ -5431,10 +5446,15 @@ static void disas_fp_int_conv(DisasContext *s, uint32_t 
insn)
 case 0xa: /* 64 bit */
 case 0xd: /* 64 bit to top half of quad */
 break;
+case 0x6: /* 16-bit */
+if (arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
+break;
+}
+/* fallthru */
 default:
 /* all other sf/type/rmode combinations are invalid */
 unallocated_encoding(s);
-break;
+return;
 }
 
 if (!fp_access_check(s)) {
-- 
2.14.3

[Qemu-devel] [PATCH 1/9] target/arm: Implement vector shifted SCVF/UCVF for fp16

[Richard Henderson]

While we have some of the scalar paths for *CVF for fp16,
we failed to decode the fp16 version of these instructions.

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 33 -
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index b47319d437..c92e052686 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -7077,13 +7077,26 @@ static void handle_simd_shift_intfp_conv(DisasContext 
*s, bool is_scalar,
  int immh, int immb, int opcode,
  int rn, int rd)
 {
-bool is_double = extract32(immh, 3, 1);
-int size = is_double ? MO_64 : MO_32;
-int elements;
+int size, elements, fracbits;
 int immhb = immh << 3 | immb;
-int fracbits = (is_double ? 128 : 64) - immhb;
 
-if (!extract32(immh, 2, 2)) {
+if (immh & 8) {
+size = MO_64;
+if (!is_scalar && !is_q) {
+unallocated_encoding(s);
+return;
+}
+} else if (immh & 4) {
+size = MO_32;
+} else if (immh & 2) {
+size = MO_16;
+if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
+unallocated_encoding(s);
+return;
+}
+} else {
+/* immh == 0 would be a failure of the decode logic */
+g_assert(immh == 1);
 unallocated_encoding(s);
 return;
 }
@@ -7091,20 +7104,14 @@ static void handle_simd_shift_intfp_conv(DisasContext 
*s, bool is_scalar,
 if (is_scalar) {
 elements = 1;
 } else {
-elements = is_double ? 2 : is_q ? 4 : 2;
-if (is_double && !is_q) {
-unallocated_encoding(s);
-return;
-}
+elements = 8 << is_q >> size;
 }
+fracbits = (16 << size) - immhb;
 
 if (!fp_access_check(s)) {
 return;
 }
 
-/* immh == 0 would be a failure of the decode logic */
-g_assert(immh);
-
 handle_simd_intfp_conv(s, rd, rn, elements, !is_u, fracbits, size);
 }
 
-- 
2.14.3

[Qemu-devel] [PATCH 2/9] target/arm: Implement vector shifted FCVT for fp16

[Richard Henderson]

While we have some of the scalar paths for FCVT for fp16,
we failed to decode the fp16 version of these instructions.

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 65 --
 1 file changed, 46 insertions(+), 19 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index c92e052686..e2d11998bd 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -7120,19 +7120,28 @@ static void handle_simd_shift_fpint_conv(DisasContext 
*s, bool is_scalar,
  bool is_q, bool is_u,
  int immh, int immb, int rn, int rd)
 {
-bool is_double = extract32(immh, 3, 1);
 int immhb = immh << 3 | immb;
-int fracbits = (is_double ? 128 : 64) - immhb;
-int pass;
+int pass, size, fracbits;
 TCGv_ptr tcg_fpstatus;
 TCGv_i32 tcg_rmode, tcg_shift;
 
-if (!extract32(immh, 2, 2)) {
-unallocated_encoding(s);
-return;
-}
-
-if (!is_scalar && !is_q && is_double) {
+if (immh & 0x8) {
+size = MO_64;
+if (!is_scalar && !is_q) {
+unallocated_encoding(s);
+return;
+}
+} else if (immh & 0x4) {
+size = MO_32;
+} else if (immh & 0x2) {
+size = MO_16;
+if (!arm_dc_feature(s, ARM_FEATURE_V8_FP16)) {
+unallocated_encoding(s);
+return;
+}
+} else {
+/* Should have split out AdvSIMD modified immediate earlier.  */
+assert(immh == 1);
 unallocated_encoding(s);
 return;
 }
@@ -7144,11 +7153,12 @@ static void handle_simd_shift_fpint_conv(DisasContext 
*s, bool is_scalar,
 assert(!(is_scalar && is_q));
 
 tcg_rmode = tcg_const_i32(arm_rmode_to_sf(FPROUNDING_ZERO));
-tcg_fpstatus = get_fpstatus_ptr(false);
+tcg_fpstatus = get_fpstatus_ptr(size == MO_16);
 gen_helper_set_rmode(tcg_rmode, tcg_rmode, tcg_fpstatus);
+fracbits = (16 << size) - immhb;
 tcg_shift = tcg_const_i32(fracbits);
 
-if (is_double) {
+if (size == 3) {
 int maxpass = is_scalar ? 1 : 2;
 
 for (pass = 0; pass < maxpass; pass++) {
@@ -7165,20 +7175,37 @@ static void handle_simd_shift_fpint_conv(DisasContext 
*s, bool is_scalar,
 }
 clear_vec_high(s, is_q, rd);
 } else {
-int maxpass = is_scalar ? 1 : is_q ? 4 : 2;
+void (*fn)(TCGv_i32, TCGv_i32, TCGv_i32, TCGv_ptr);
+int maxpass = is_scalar ? 1 : (8 << is_q >> size);
+
+switch (size) {
+case MO_16:
+if (is_u) {
+fn = gen_helper_vfp_toulh;
+} else {
+fn = gen_helper_vfp_toslh;
+}
+break;
+case MO_32:
+if (is_u) {
+fn = gen_helper_vfp_touls;
+} else {
+fn = gen_helper_vfp_tosls;
+}
+break;
+default:
+g_assert_not_reached();
+}
+
 for (pass = 0; pass < maxpass; pass++) {
 TCGv_i32 tcg_op = tcg_temp_new_i32();
 
-read_vec_element_i32(s, tcg_op, rn, pass, MO_32);
-if (is_u) {
-gen_helper_vfp_touls(tcg_op, tcg_op, tcg_shift, tcg_fpstatus);
-} else {
-gen_helper_vfp_tosls(tcg_op, tcg_op, tcg_shift, tcg_fpstatus);
-}
+read_vec_element_i32(s, tcg_op, rn, pass, size);
+fn(tcg_op, tcg_op, tcg_shift, tcg_fpstatus);
 if (is_scalar) {
 write_fp_sreg(s, rd, tcg_op);
 } else {
-write_vec_element_i32(s, tcg_op, rd, pass, MO_32);
+write_vec_element_i32(s, tcg_op, rd, pass, size);
 }
 tcg_temp_free_i32(tcg_op);
 }
-- 
2.14.3

[Qemu-devel] [PATCH 0/9] target/arm: Fixups for ARM_FEATURE_V8_FP16

[Richard Henderson]

When running the gcc testsuite with current aarch64-linux-user,
the testsuite detects the presence of the fp16 extension and
enables lots of extra tests for builtins.

Quite a few of these new tests fail because we missed implementing
some instructions.  We really should go back and verify that nothing
else is missing from this (rather large) extension.

In addition, it tests some edge conditions on data that show flaws
in the way we were performing integer<->fp conversion; particularly
with respect to scaled conversion.


r~

PS: FWIW, this was written against my tgt-arm-sve-9 tree, since I
was trying to test sve as generated by gcc.  I don't *think* there
are any dependencies on any of the sve patches, but I didn't check.

PPS: There are two more failures that might be qemu fp16 failures,
but those are SIGSEGV.  This patch set cures all of the SIGILL and
(subsequent) SIGABRT type failures within the testsuite.


Richard Henderson (9):
  target/arm: Implement vector shifted SCVF/UCVF for fp16
  target/arm: Implement vector shifted FCVT for fp16
  target/arm: Fix float16 to/from int16
  target/arm: Clear SVE high bits for FMOV
  target/arm: Implement FMOV (general) for fp16
  target/arm: Implement FCVT (scalar,integer) for fp16
  target/arm: Implement FCVT (scalar,fixed-point) for fp16
  target/arm: Implement FP data-processing (2 source) for fp16
  target/arm: Implement FP data-processing (3 source) for fp16

 target/arm/helper.h|   6 +
 target/arm/helper.c|  87 ++-
 target/arm/translate-a64.c | 371 +
 3 files changed, 399 insertions(+), 65 deletions(-)

-- 
2.14.3

[Qemu-devel] [PATCH 3/9] target/arm: Fix float16 to/from int16

[Richard Henderson]

The instruction "ucvtf v0.4h, v04h, #2", with input 0x8000u,
overflows the intermediate float16 to infinity before we have a
chance to scale the output.  Use float64 as the intermediate type
so that no input argument (uint32_t in this case) can overflow
or round before scaling.  Given the declared argument, the signed
int32_t function has the same problem.

When converting from float16 to integer, using u/int32_t instead
of u/int16_t means that the bounding is incorrect.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.h|  4 ++--
 target/arm/helper.c| 53 --
 target/arm/translate-a64.c |  4 ++--
 3 files changed, 55 insertions(+), 6 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index b3ae394b4f..eafd5d746b 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -149,8 +149,8 @@ DEF_HELPER_3(vfp_toshd_round_to_zero, i64, f64, i32, ptr)
 DEF_HELPER_3(vfp_tosld_round_to_zero, i64, f64, i32, ptr)
 DEF_HELPER_3(vfp_touhd_round_to_zero, i64, f64, i32, ptr)
 DEF_HELPER_3(vfp_tould_round_to_zero, i64, f64, i32, ptr)
-DEF_HELPER_3(vfp_toulh, i32, f16, i32, ptr)
-DEF_HELPER_3(vfp_toslh, i32, f16, i32, ptr)
+DEF_HELPER_3(vfp_touhh, i32, f16, i32, ptr)
+DEF_HELPER_3(vfp_toshh, i32, f16, i32, ptr)
 DEF_HELPER_3(vfp_toshs, i32, f32, i32, ptr)
 DEF_HELPER_3(vfp_tosls, i32, f32, i32, ptr)
 DEF_HELPER_3(vfp_tosqs, i64, f32, i32, ptr)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index ea09510599..743f34bd0a 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -11409,11 +11409,60 @@ VFP_CONV_FIX_A64(sq, s, 32, 64, int64)
 VFP_CONV_FIX(uh, s, 32, 32, uint16)
 VFP_CONV_FIX(ul, s, 32, 32, uint32)
 VFP_CONV_FIX_A64(uq, s, 32, 64, uint64)
-VFP_CONV_FIX_A64(sl, h, 16, 32, int32)
-VFP_CONV_FIX_A64(ul, h, 16, 32, uint32)
+
 #undef VFP_CONV_FIX
 #undef VFP_CONV_FIX_FLOAT
 #undef VFP_CONV_FLOAT_FIX_ROUND
+#undef VFP_CONV_FIX_A64
+
+/* Conversion to/from f16 can overflow to infinity before/after scaling.
+ * Therefore we convert to f64 (which does not round), scale,
+ * and then convert f64 to f16 (which may round).
+ */
+
+static float16 do_postscale_fp16(float64 f, int shift, float_status *fpst)
+{
+return float64_to_float16(float64_scalbn(f, -shift, fpst), true, fpst);
+}
+
+float16 HELPER(vfp_sltoh)(uint32_t x, uint32_t shift, void *fpst)
+{
+return do_postscale_fp16(int32_to_float64(x, fpst), shift, fpst);
+}
+
+float16 HELPER(vfp_ultoh)(uint32_t x, uint32_t shift, void *fpst)
+{
+return do_postscale_fp16(uint32_to_float64(x, fpst), shift, fpst);
+}
+
+static float64 do_prescale_fp16(float16 f, int shift, float_status *fpst)
+{
+if (unlikely(float16_is_any_nan(f))) {
+float_raise(float_flag_invalid, fpst);
+return 0;
+} else {
+int old_exc_flags = get_float_exception_flags(fpst);
+float64 ret;
+
+ret = float16_to_float64(f, true, fpst);
+ret = float64_scalbn(ret, shift, fpst);
+old_exc_flags |= get_float_exception_flags(fpst)
+& float_flag_input_denormal;
+set_float_exception_flags(old_exc_flags, fpst);
+
+return ret;
+}
+}
+
+uint32_t HELPER(vfp_toshh)(float16 x, uint32_t shift, void *fpst)
+{
+return float64_to_int16(do_prescale_fp16(x, shift, fpst), fpst);
+}
+
+uint32_t HELPER(vfp_touhh)(float16 x, uint32_t shift, void *fpst)
+{
+return float64_to_uint16(do_prescale_fp16(x, shift, fpst), fpst);
+}
 
 /* Set the current fp rounding mode and return the old one.
  * The argument is a softfloat float_round_ value.
diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index e2d11998bd..b27892d971 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -7181,9 +7181,9 @@ static void handle_simd_shift_fpint_conv(DisasContext *s, 
bool is_scalar,
 switch (size) {
 case MO_16:
 if (is_u) {
-fn = gen_helper_vfp_toulh;
+fn = gen_helper_vfp_touhh;
 } else {
-fn = gen_helper_vfp_toslh;
+fn = gen_helper_vfp_toshh;
 }
 break;
 case MO_32:
-- 
2.14.3

Re: [Qemu-devel] [PATCH] qemu-guest-agent: freeze-hook to ignore dpkg files as well

[Philippe Mathieu-Daudé]

Hi Christian,

On 04/09/2018 04:18 AM, Christian Ehrhardt wrote:
> Re-Ping for consideration?
> 
> On Mon, Jan 22, 2018 at 3:03 PM, Christian Ehrhardt <
> christian.ehrha...@canonical.com> wrote:
> 
>> Hi,
>> maybe I missed a formal thing on this submission, but I don't see it right
>> away.

You missed to Cc the maintainer of this file:

$ ./scripts/get_maintainer.pl -f scripts/qemu-guest-agent/fsfreeze-hook
Michael Roth  (maintainer:QEMU Guest Agent)

(I Cc'ed him).

See https://wiki.qemu.org/Contribute/SubmitAPatch#CC_the_relevant_maintainer

>> So for now just a ping on any updates in regard to accept this?
>>
>> On Wed, Dec 13, 2017 at 11:17 AM, Christian Ehrhardt
>>  wrote:
>>> The hook already skips a set of rpm upgrade artifacts.
>>> Do the same with such files that might be created by dpkg.
>>>
>>> Fixes: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1484990
>>>
>>> Signed-off-by: Christian Ehrhardt 

Reviewed-by: Philippe Mathieu-Daudé 

>>> ---
>>>  scripts/qemu-guest-agent/fsfreeze-hook | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/scripts/qemu-guest-agent/fsfreeze-hook
>> b/scripts/qemu-guest-agent/fsfreeze-hook
>>> index c27b29f..13aafd4 100755
>>> --- a/scripts/qemu-guest-agent/fsfreeze-hook
>>> +++ b/scripts/qemu-guest-agent/fsfreeze-hook
>>> @@ -13,7 +13,7 @@ FSFREEZE_D=$(dirname -- "$0")/fsfreeze-hook.d
>>>  # Check whether file $1 is a backup or rpm-generated file and should be
>> ignored
>>>  is_ignored_file() {
>>>  case "$1" in
>>> -*~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave |
>> *.sample)
>>> +*~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave |
>> *.sample | *.dpkg-old | *.dpkg-new | *.dpkg-tmp | *.dpkg-dist | *.dpkg-bak
>> | *.dpkg-backup | *.dpkg-remove)
>>>  return 0 ;;
>>>  esac
>>>  return 1
>>> --
>>> 2.7.4

Re: [Qemu-devel] [PATCH] Show values and description when using "qom-list"

[QingFeng Hao]

在 2018/4/24 19:49, Dr. David Alan Gilbert 写道:
> * QingFeng Hao (ha...@linux.vnet.ibm.com) wrote:
>>
>>
>> 在 2018/4/13 16:05, Perez Blanco, Ricardo (Nokia - BE/Antwerp) 写道:
>>> Dear all,
>>>
>>> Here you can find my first contribution to qemu. Please, do not hesitate to 
>>> do any kind of remark.
>>>
>>> Based on ac4ba87ae0738d7a77708f8ce31ae2378ab99654
>>>
>>> Kind regards,
>>>
>>> Ricardo Perez Blanco
>>>
>>> >From 65df20cef2846d764a8a821574f5f3643391aac5 Mon Sep 17 00:00:00 2001
>>> From: Ricardo Perez Blanco 
>>> Date: Wed, 11 Apr 2018 12:09:11 +0200
>>> Subject: [PATCH] Show values and description when using "qom-list"
>>>
>>> For debugging purposes it is very useful to:
>>>  - See the description of the field. This information is already filled
>>>in but not shown in "qom-list" command.
>>>  - Display value of the field. So far, only well known types are
>>>implemented (string, str, int, uint, bool).
>> Need we support other types like QList and QDict? I think yes and suggest a 
>> new command
>> to be introduced like qom-list-property or qom-get. The resorts may be:
>>  1) print the json string just as Alan's former patch
>> 2) print the value step by step. Supposing property foo is a 
>> structure,
>>qom-list-property path foo prints its members as "mem1;mem2;mem3"
>>and qom-list-property path foo.mem1 prints mem1's value.
>> And some properties don't have get/set callback set, which prompts as below 
>> if doing
>> qom-get/set:
>> (qemu) qom-get /machine kernel-irqchip
>> Insufficient permission to perform this operation
>> For these properties I think we may need to not show the value in qom-list.
> 
> So while I think it would be good to handle all the cases, I'd be happy
> to take just the current enhancements to qom-list (once the cleanups that Eric
> suggested are fixed).  Being able to see even just the int/bool/strings
> is very useful and something I've wanted for a while.
> 
Yes, agree! Thanks!
> Dave
> 
>> Thanks!
>>
>>>
>>> Signed-off-by: Ricardo Perez Blanco 
>>> ---
>>>  hmp.c  | 13 +++--
>>>  qapi/misc.json |  4 +++-
>>>  qmp.c  | 26 ++
>>>  3 files changed, 40 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/hmp.c b/hmp.c
>>> index a25c7bd..967e0b2 100644
>>> --- a/hmp.c
>>> +++ b/hmp.c
>>> @@ -2490,8 +2490,17 @@ void hmp_qom_list(Monitor *mon, const QDict *qdict)
>>>  while (list != NULL) {
>>>  ObjectPropertyInfo *value = list->value;
>>>
>>> -monitor_printf(mon, "%s (%s)\n",
>>> -   value->name, value->type);
>>> +monitor_printf(mon, "%s", value->name);
>>> +if (value->value) {
>>> +monitor_printf(mon, "=%s", value->value);
>>> +}
>>> +monitor_printf(mon, " (%s)", value->type);
>>> +if (value->description) {
>>> +monitor_printf(mon, "\r\t\t\t\t\t\t\t\t\t[Description: 
>>> %s]",
>>> +   value->description);
>>> +}
>>> +monitor_printf(mon, "\n");
>>> +
>>>  list = list->next;
>>>  }
>>>  qapi_free_ObjectPropertyInfoList(start);
>>> diff --git a/qapi/misc.json b/qapi/misc.json
>>> index 5636f4a..6b3b4de 100644
>>> --- a/qapi/misc.json
>>> +++ b/qapi/misc.json
>>> @@ -1328,10 +1328,12 @@
>>>  #
>>>  # @description: if specified, the description of the property.
>>>  #
>>> +# @value: if specified, the value of the property.
>>> +#
>>>  # Since: 1.2
>>>  ##
>>>  { 'struct': 'ObjectPropertyInfo',
>>> -  'data': { 'name': 'str', 'type': 'str', '*description': 'str' } }
>>> +  'data': { 'name': 'str', 'type': 'str', '*description':'str', 
>>> '*value':'str' } }
>>>
>>>  ##
>>>  # @qom-list:
>>> diff --git a/qmp.c b/qmp.c
>>> index f722616..750b5d0 100644
>>> --- a/qmp.c
>>> +++ b/qmp.c
>>> @@ -237,6 +237,32 @@ ObjectPropertyInfoList *qmp_qom_list(const char *path, 
>>> Error **errp)
>>>
>>>  entry->value->name = g_strdup(prop->name);
>>>  entry->value->type = g_strdup(prop->type);
>>> +if (prop->description) {
>>> +entry->value->description = g_strdup(prop->description);
>>> +}
>>> +if ((g_ascii_strncasecmp(entry->value->type, "string", 6) == 0) ||
>>> +(g_ascii_strncasecmp(entry->value->type, "str", 3) == 0)) {
>>> +Error **errp = NULL;
>>> +entry->value->value = g_strdup_printf("\"%s\"",
>>> +object_property_get_str(obj, entry->value->name, errp));
>>> +}
>>> +if (g_ascii_strncasecmp(entry->value->type, "int", 3) == 0) {
>>> +Error **errp = NULL;
>>> +entry->value->value = g_strdup_printf("%ld",
>>> +object_property_get_int(obj, entry->value->name, errp));
>>> +}
>>> +if (g_ascii_strncasecmp(entry->value->type, "uint", 4) == 0) {

Re: [Qemu-devel] [PATCH v3 21/46] tests/tcg/i386: fix test-i386-fprem

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> Remove dependencies on QEMU's source tree and build directly.
> 
> Signed-off-by: Alex Bennée 
> ---
>  tests/tcg/i386/test-i386-fprem.c | 12 +---
>  1 file changed, 9 insertions(+), 3 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 19/46] tests/tcg/i386: Build fix for hello-i386

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> From: Fam Zheng 
> 
> We have -Werror=missing-prototype, add a dummy prototype to avoid that
> warning.
> 
> Signed-off-by: Fam Zheng 
> Reviewed-by: Thomas Huth 
> ---
>  tests/tcg/i386/hello-i386.c | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 16/46] tests/tcg: move i386 specific tests into subdir

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> These only need to be built for i386 guests. This includes a stub
> tests/tcg/i386/Makfile.target which absorbs some of what was in
> tests/tcg/Makefile.
> 
> Signed-off-by: Alex Bennée 
> Reviewed-by: Thomas Huth 
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 
> ---
> v2
>   - move VPATH and TESTs setup into i386/Makefile.target
>   - set CFLAGS+=-m32 for cross building
> ---

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 15/46] tests/tcg/multiarch: move most output to stdout

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> The default test run outputs to stdout so it can be re-directed.
> Errors are still reported to stderr.
> 
> Signed-off-by: Alex Bennée 
> ---
>  tests/tcg/multiarch/test-mmap.c | 38 -
>  1 file changed, 19 insertions(+), 19 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 14/46] tests/tcg/multiarch: enable additional linux-test tests

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> Un-comment the remaining tests.
> 
> I removed the itimer value tests because I'm fairly sure a re-arming
> timer will always have a different value in it when you grab it.
> 
> I've also fixed up the clone thread flags as QEMU will only allow a
> clone to use flags which match glibc.
> 
> Signed-off-by: Alex Bennée 
> 
> ---
> v3
>   - make clone flags match CLONE_THREAD_FLAGS
> ---
>  tests/tcg/multiarch/linux-test.c | 31 +--
>  1 file changed, 17 insertions(+), 14 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 13/46] tests/tcg/multiarch: Build fix for linux-test

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> From: Fam Zheng 
> 
> To keep the compiler happy, and to fit in our buildsys flags:
> 
> - Make local functions "static"
> - #ifdef out unused functions
> - drop cutils/osdep dependencies
> 
> Signed-off-by: Fam Zheng 
> [AJB: drop cutils/osdep dependencies]
> Signed-off-by: Alex Bennée 
> Reviewed-by: Thomas Huth 
> ---
>  tests/tcg/multiarch/linux-test.c | 68 ++--
>  1 file changed, 21 insertions(+), 47 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 05/46] configure: allow user to specify --cross-cc-cflags-foo=

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> As an individual compiler may be able to support several targets with
> the appropriate flags we need to expose this to the user as well.
> 
> Signed-off-by: Alex Bennée 
> 
> ---
> v3
>   - fix up the cross-cc
> ---
>  configure | 8 
>  1 file changed, 8 insertions(+)
> 
> diff --git a/configure b/configure
> index ffd96d930f..282e1f1e2b 100755
> --- a/configure
> +++ b/configure
> @@ -454,7 +454,10 @@ docker="no"
>  

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 04/46] configure: move i386_cc to cross_cc_i386

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> Also dont assume x86_64 compiler can build i386 binaries.
> 
> Signed-off-by: Alex Bennée 
> Tested-by: Philippe Mathieu-Daudé 
> 
> ---
> v2
>   - drop using system x86_64 compiler for i386 compiles
> v3
>   - fix cross_cc_i386 when on i386
> ---
>  configure | 24 
>  1 file changed, 16 insertions(+), 8 deletions(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 03/46] configure: add support for --cross-cc-FOO

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> @@ -675,10 +687,12 @@ case "$cpu" in
>i386|i486|i586|i686|i86pc|BePC)
>  cpu="i386"
>  supported_cpu="yes"
> +cross_cc_i386=gcc
>;;
>x86_64|amd64)
>  cpu="x86_64"
>  supported_cpu="yes"
> +cross_cc_x86_64=gcc
>;;
>armv*b|armv*l|arm)
>  cpu="arm"

Isn't this hunk taken care of in the next patch, where you set these to $cc?
And if not, surely bare "gcc" isn't correct...

Otherwise,
Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 02/46] configure: add test for docker availability

[Richard Henderson]

On 04/24/2018 05:23 AM, Alex Bennée wrote:
> This tests for a working docker installation without sudo and sets up
> config-host.mak accordingly. This will be useful from cross compiling
> things in the future.
> 
> Signed-off-by: Alex Bennée 
> ---
>  configure | 17 +
>  1 file changed, 17 insertions(+)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v4] loader: Fix misaligned member access

[Richard Henderson]

On 04/24/2018 12:21 PM, Philippe Mathieu-Daudé wrote:
> The libfdt does not guarantee than fdt_getprop() returns a pointer
> aligned to the property size.
> 
> Assuming the base of the fdt is aligned, a 32-bit property returns
> a 32-bit aligned pointer. This is however not guaranteed for 64-bit
> properties, where 64-bit loads might trigger unaligned access.
> 
> Fix the 64-bit access using the ldst (host) API, which uses a local
> copy on the stack, thus guaranteeing a safe aligned access.
> 
> This fixes the following ASan warning:
> 
>   $ qemu-system-mips64el -M boston -kernel vmlinux.gz.itb -nographic
>   hw/core/loader-fit.c:108:17: runtime error: load of misaligned address 
> 0x7f95cd7e4264 for type 'fdt64_t', which requires 8 byte alignment
>   0x7f95cd7e4264: note: pointer points here
> 00 00 00 3e ff ff ff ff  80 7d 2a c0 00 00 00 01  68 61 73 68 40 30 00 00 
>  00 00 00 03 00 00 00 14
> ^
> 
> Reported-by: AddressSanitizer
> Suggested-by: Peter Maydell 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> v4: do not change the 32-bit access, use ldq_he_p() for the 64-bit access
> v3: do not use memcpy(), incorrectly change ldl_he_p()
> v2: do not change the 32-bit access, use memcpy(), add comments (David Gibson)
> v1: use memcpy()

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH] linux-user: set minimum uname for RISC-V

[Richard Henderson]

On 04/24/2018 06:03 AM, Alex Bennée wrote:
> As support was merged into the mainline kernel at 4.15 it is unlikely
> 3.8.0 is the correct value. Indeed when I testing binaries created by
> the current Debian SID compiler the tests failed with:
> 
>   FATAL: kernel too old
> 
> Signed-off-by: Alex Bennée 
> ---
>  linux-user/riscv/target_syscall.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v3 45/46] tests/Makefile.include: add [build|clean|check]-tcg targets

[Philippe Mathieu-Daudé]

Hi Alex,

On 04/24/2018 12:24 PM, Alex Bennée wrote:
> This will ensure all linux-user targets build their guest test
> programs and ensure check-tcg will run the respective tests.
> 
> Signed-off-by: Alex Bennée 
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 
> ---
> v2
>   - use -include instead of complex macro stuff
>   - also include TARGET_BASE_ARCH/Makefile
> v3
>   - add build-tcg, make check-tcg actually run tests
> ---
>  tests/Makefile.include | 26 ++-
>  tests/tcg/Makefile.include | 43 ++
>  2 files changed, 50 insertions(+), 19 deletions(-)
> 
> diff --git a/tests/Makefile.include b/tests/Makefile.include
> index 3d2f0458ab..310ccefdd9 100644
> --- a/tests/Makefile.include
> +++ b/tests/Makefile.include
> @@ -10,6 +10,7 @@ check-help:
>   @echo " $(MAKE) check-speed  Run qobject speed tests"
>   @echo " $(MAKE) check-qapi-schemaRun QAPI schema tests"
>   @echo " $(MAKE) check-block  Run block tests"
> + @echo " $(MAKE) check-tcgRun TCG tests"
>   @echo " $(MAKE) check-report.htmlGenerates an HTML test report"
>   @echo " $(MAKE) check-clean  Clean the tests"
>   @echo
> @@ -916,6 +917,30 @@ check-report.xml: $(patsubst %,check-report-qtest-%.xml, 
> $(QTEST_TARGETS)) check
>  check-report.html: check-report.xml
>   $(call quiet-command,gtester-report $< > $@,"GEN","$@")
>  
> +# Per guest TCG tests
> +
> +LINUX_USER_TARGETS=$(filter %-linux-user,$(TARGET_LIST))
> +BUILD_TCG_TARGET_RULES=$(patsubst %,build-tcg-tests-%, $(LINUX_USER_TARGETS))
> +CLEAN_TCG_TARGET_RULES=$(patsubst %,clean-tcg-tests-%, $(LINUX_USER_TARGETS))
> +RUN_TCG_TARGET_RULES=$(patsubst %,run-tcg-tests-%, $(LINUX_USER_TARGETS))
> +
> +build-tcg-tests-%:
> + $(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" 
> TARGET_DIR="$*/" guest-tests,)
> +
> +run-tcg-tests-%: build-tcg-tests-%
> + $(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" 
> TARGET_DIR="$*/" run-guest-tests,)
> +
> +clean-tcg-tests-%:
> + $(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" 
> TARGET_DIR="$*/" clean-guest-tests,)
> +
> +.PHONY: build-tcg
> +build-tcg: $(BUILD_TCG_TARGET_RULES)
> +
> +.PHONY: check-tcg
> +check-tcg: $(RUN_TCG_TARGET_RULES)
> +
> +.PHONY: clean-tcg
> +clean-tcg: $(CLEAN_TCG_TARGET_RULES)
>  
>  # Other tests
>  
> @@ -958,7 +983,6 @@ check-speed: $(patsubst %,check-%, $(check-speed-y))
>  check-block: $(patsubst %,check-%, $(check-block-y))
>  check: check-qapi-schema check-unit check-qtest check-decodetree
>  check-clean:
> - $(MAKE) -C tests/tcg clean
>   rm -rf $(check-unit-y) tests/*.o $(QEMU_IOTESTS_HELPERS-y)
>   rm -rf $(sort $(foreach target,$(SYSEMU_TARGET_LIST), 
> $(check-qtest-$(target)-y)) $(check-qtest-generic-y))
>   rm -f tests/test-qapi-gen-timestamp
> diff --git a/tests/tcg/Makefile.include b/tests/tcg/Makefile.include
> index cb8bb36026..67e89ecb67 100644
> --- a/tests/tcg/Makefile.include
> +++ b/tests/tcg/Makefile.include
> @@ -8,19 +8,14 @@
>  # guest compiler or calling one of our docker images to do it for us.
>  #
>  
> -# The per ARCH makefile, if it exists holds extra information about
> -# useful docker images or alternative compiler flags. Include it if it
> -# exists
> +# The per ARCH makefile, if it exists, holds extra information about
> +# useful docker images or alternative compiler flags.
>  
> -ARCH_MAKEFILE=$(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.include
> -CHECK_INCLUDE=$(wildcard $(ARCH_MAKEFILE))
> -
> -ifeq ($(ARCH_MAKEFILE),$(CHECK_INCLUDE))
> -include $(ARCH_MAKEFILE)
> -endif
> +-include $(SRC_PATH)/tests/tcg/$(TARGET_BASE_ARCH)/Makefile.include
> +-include $(SRC_PATH)/tests/tcg/$(TARGET_NAME)/Makefile.include
>  
>  GUEST_BUILD=
> -
> +TCG_MAKE=$(SRC_PATH)/tests/tcg/Makefile
>  # Support installed Cross Compilers
>  
>  ifdef CROSS_CC_GUEST
> @@ -28,10 +23,10 @@ ifdef CROSS_CC_GUEST
>  .PHONY: cross-build-guest-tests
>  cross-build-guest-tests:
>   $(call quiet-command, \
> -  (mkdir -p tests && cd tests && \
> -make -f $(SRC_PATH)/tests/tcg/Makefile ARCH=$(TARGET_NAME) 
> CC=$(CROSS_CC_GUEST)), \
> -   "CROSS-BUILD","$(TARGET_NAME) guest-tests with $(CROSS_CC_GUEST)")
> -
> +(mkdir -p tests && cd tests && \
> + make -f $(TCG_MAKE) CC=$(CROSS_CC_GUEST) \
> + EXTRA_CFLAGS=$(CROSS_CC_GUEST_CFLAGS)), \
> + "CROSS-BUILD","$(TARGET_NAME) guest-tests with $(CROSS_CC_GUEST)")
>  
>  GUEST_BUILD=cross-build-guest-tests
>  
> @@ -54,9 +49,10 @@ DOCKER_PREREQ=docker-image-$(DOCKER_IMAGE)
>  .PHONY: docker-build-guest-tests
>  docker-build-guest-tests: $(DOCKER_PREREQ)
>   $(call quiet-command, \
> -  (mkdir -p tests && cd tests && \
> -make -f $(SRC_PATH)/tests/tcg/Makefile ARCH=$(TARGET_NAME) 
> 

Re: [Qemu-devel] [PATCH v3 17/46] docker: Add fedora-i386-cross image

[Philippe Mathieu-Daudé]

On 04/24/2018 12:23 PM, Alex Bennée wrote:
> From: Fam Zheng 
> 
> It has some basic *-devel.i686 packages to be used with "gcc -m32" as a
> 32 bit cross build environment.
> 
> Signed-off-by: Fam Zheng 
> [AJB: add glibc-static]
> Signed-off-by: Alex Bennée 

Tested-by: Philippe Mathieu-Daudé 

> 
> ---
> v2
>   - include static glibc package as well
> ---
>  tests/docker/dockerfiles/fedora-i386-cross.docker | 14 ++
>  1 file changed, 14 insertions(+)
>  create mode 100644 tests/docker/dockerfiles/fedora-i386-cross.docker
> 
> diff --git a/tests/docker/dockerfiles/fedora-i386-cross.docker 
> b/tests/docker/dockerfiles/fedora-i386-cross.docker
> new file mode 100644
> index 00..8fbef2fa53
> --- /dev/null
> +++ b/tests/docker/dockerfiles/fedora-i386-cross.docker
> @@ -0,0 +1,14 @@
> +FROM fedora:latest
> +ENV PACKAGES \
> +gcc \
> +glibc-static.i686 \
> +glibc-devel.i686 \
> +glib2-devel.i686 \
> +zlib-devel.i686 \
> +glib2-devel.i686 \
> +nettle-devel.i686 \
> +pixman-devel.i686 \
> +gnutls-devel.i686
> +
> +RUN dnf install -y $PACKAGES
> +RUN rpm -q $PACKAGES | sort > /packages.txt
> 

Re: [Qemu-devel] [PATCH 2/6] qapi: handle the riscv CpuInfoArch in query-cpus-fast

[Eric Blake]

On 04/24/2018 04:45 PM, Laszlo Ersek wrote:
> Commit 25fa194b7b11 added the @riscv enum constant to @CpuInfoArch (used
> in both @CpuInfo and @CpuInfoFast -- the return types of the @query-cpus
> and @query-cpus-fast commands, respectively), and assigned, in both return
> structures, the @CpuInfoRISCV sub-structure to the new enum value.
> 
> However, qmp_query_cpus_fast() would not populate either the @arch field
> or the @CpuInfoRISCV sub-structure, when TARGET_RISCV was defined; only
> qmp_query_cpus() would.
> 
> In theory, there are two ways to fix this:
> 
> (a) Fill in both the @arch field and the @CpuInfoRISCV sub-structure in
> qmp_query_cpus_fast(), by copying the logic from qmp_query_cpus().
> 
> (b) Assign @CpuInfoOther to the @riscv enum constant in @CpuInfoFast, and
> populate only the @arch field in qmp_query_cpus_fast().
> 
> Approach (b) seems more robust, because:
> 
> - clearly there has never been an attempt to get actual RISV CPU state
>   from qmp_query_cpus_fast(), so its lack of RISCV support is not actually
>   a problem,
> 
> - getting CPU state without interrupting KVM looks like an exceptional
>   thing to do (only S390X does it currently).
> 
...
> Cc: qemu-sta...@nongnu.org
> Fixes: 25fa194b7b11901561532e435beb83d046899f7a
> Signed-off-by: Laszlo Ersek 
> ---
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 1/6] qapi: fill in CpuInfoFast.arch in query-cpus-fast

[Eric Blake]

On 04/24/2018 04:45 PM, Laszlo Ersek wrote:
> Commit ca230ff33f89 added added the @arch field to @CpuInfoFast, but it

s/added added/added/

> failed to set the new field in qmp_query_cpus_fast(), when TARGET_S390X
> was not defined. The updated @query-cpus-fast example in
> "qapi-schema.json" showed "arch":"x86" only because qmp_query_cpus_fast()
> calls g_malloc0() to allocate CpuInfoFast, and the CPU_INFO_ARCH_X86 enum
> constant is generated with value 0.
> 
> All @arch values other than @s390 implied the @CpuInfoOther sub-struct for
> @CpuInfoFast -- at the time of writing the patch --, thus no fields other
> than @arch needed to be set when TARGET_S390X was not defined. Set @arch
> now, by copying the corresponding assignments from qmp_query_cpus().

Perhaps worth mentioning that the riscv architecture shows up as 'other'
in this patch?  (But that gets cleaned up in the next one, so no big deal)

> 
> Cc: Eric Blake 
> Cc: Markus Armbruster 
> Cc: Paolo Bonzini 
> Cc: Peter Crosthwaite 
> Cc: Richard Henderson 
> Cc: qemu-sta...@nongnu.org
> Fixes: ca230ff33f89bf7102cbfbc2328716da6750aaed
> Signed-off-by: Laszlo Ersek 
> ---
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 00/33] Generic background jobs

[Eric Blake]

On 04/24/2018 10:24 AM, Kevin Wolf wrote:
> Before we can make x-blockdev-create a background job, we need to
> generalise the job infrastructure so that it can be used without any
> associated block node.
> 
> This series extracts a Job object from the block job infrastructure,
> which should contain everything related to jobs that doesn't require the
> block layer to be involved.
> 
> The split between BlockJob and Job is reasonably complete as of this RFC
> (though there are still some rough edges). Missing are mainly:
> 
> * Some cleanups. This means mostly TODOs left for functions moved to
>   job.c that should become static again, but were still called from
>   blockjob.c. At this point, most of these public declarations aren't
>   actually necessary any more, or very little is missing to make them
>   unnecessary.
> 
> * A QMP interface that can be used with non-block job. The existing
>   block-job-* QMP commands will tell the user that they don't know the
>   job if you pass the ID of a non-block job.
> 
> * The actual conversion of x-blockdev-create to Job, as a proof of
>   concept that the generalised infrastructure actually works.

I didn't review the second half as closely, but did glance through the
whole series.  Overall, I like what I'm seeing; it looks like you have
indeed extracted the non-block portions into a reusable framework that
can be extended to other uses.  It would also be interesting to see what
other long-running operations we can map into this scheme, such as
migration or capturing a screenshot.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v4] loader: Fix misaligned member access

[Philippe Mathieu-Daudé]

The libfdt does not guarantee than fdt_getprop() returns a pointer
aligned to the property size.

Assuming the base of the fdt is aligned, a 32-bit property returns
a 32-bit aligned pointer. This is however not guaranteed for 64-bit
properties, where 64-bit loads might trigger unaligned access.

Fix the 64-bit access using the ldst (host) API, which uses a local
copy on the stack, thus guaranteeing a safe aligned access.

This fixes the following ASan warning:

  $ qemu-system-mips64el -M boston -kernel vmlinux.gz.itb -nographic
  hw/core/loader-fit.c:108:17: runtime error: load of misaligned address 
0x7f95cd7e4264 for type 'fdt64_t', which requires 8 byte alignment
  0x7f95cd7e4264: note: pointer points here
00 00 00 3e ff ff ff ff  80 7d 2a c0 00 00 00 01  68 61 73 68 40 30 00 00  
00 00 00 03 00 00 00 14
^

Reported-by: AddressSanitizer
Suggested-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
---
v4: do not change the 32-bit access, use ldq_he_p() for the 64-bit access
v3: do not use memcpy(), incorrectly change ldl_he_p()
v2: do not change the 32-bit access, use memcpy(), add comments (David Gibson)
v1: use memcpy()

 hw/core/loader-fit.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/core/loader-fit.c b/hw/core/loader-fit.c
index 0c4a7207f4..ed4140061b 100644
--- a/hw/core/loader-fit.c
+++ b/hw/core/loader-fit.c
@@ -102,10 +102,17 @@ static int fit_image_addr(const void *itb, int img, const 
char *name,
 
 switch (len) {
 case 4:
+/* Assuming the base of the fdt is aligned, then fdt_getprop()
+ * returns 32-bit aligned properties, so this load is guaranteed
+ * to be 32-bit aligned.
+ */
 *addr = fdt32_to_cpu(*(fdt32_t *)prop);
 return 0;
 case 8:
-*addr = fdt64_to_cpu(*(fdt64_t *)prop);
+/* Since the property is not guaranteed to be 64-bit aligned,
+ * use ldq_he_p()'s stack to avoid an unaligned load.
+ */
+*addr = fdt64_to_cpu(ldq_he_p(prop));
 return 0;
 default:
 error_printf("invalid %s address length %d\n", name, len);
-- 
2.17.0

Re: [Qemu-devel] [PATCH v3 1/2] bswap.h: Fix ldl_he_p() signedness

[Philippe Mathieu-Daudé]

On 04/23/2018 01:56 PM, Peter Maydell wrote:
> On 23 April 2018 at 17:25, Philippe Mathieu-Daudé  wrote:
>> As per the "Load and Store APIs" documentation (docs/devel/loads-stores.rst),
>> "No signed load operations are provided."
> 
> That phrase is used in the documentation sections for other
> kinds of load/store function, but not in the section for ld*_p
> and st*_p, which do provide both signed and unsigned flavours.
> 
>> Update lduw_he_p() to return as unsigned.
> 
> Code is changing a different function to the one named here...
> 
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>  include/qemu/bswap.h | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/qemu/bswap.h b/include/qemu/bswap.h
>> index 3f28f661b1..613978f838 100644
>> --- a/include/qemu/bswap.h
>> +++ b/include/qemu/bswap.h
>> @@ -330,9 +330,9 @@ static inline void stw_he_p(void *ptr, uint16_t v)
>>  memcpy(ptr, , sizeof(v));
>>  }
>>
>> -static inline int ldl_he_p(const void *ptr)
>> +static inline uint32_t ldl_he_p(const void *ptr)
> 
> This would make it not match the other ldl*_p functions
> (ldl_le_p, ldl_be_p).
> 
> The expectation with the ldl functions is that you're
> putting it into a variable of the right type and size,
> and so we don't need to provide both a signed 32 bit load
> and an unsigned 32 bit load.

OK, thank you for the clarification.

Regards,

Phil.

Re: [Qemu-devel] [RFC PATCH 10/33] job: Add job_delete()

[Eric Blake]

On 04/24/2018 10:24 AM, Kevin Wolf wrote:
> This moves freeing the Job object and its fields from block_job_unref()
> to job_delete().
> 
> Signed-off-by: Kevin Wolf 
> ---

> +++ b/job.c
> @@ -56,3 +56,9 @@ void *job_create(const char *job_id, const JobDriver 
> *driver, Error **errp)
>  
>  return job;
>  }
> +
> +void job_delete(Job *job)
> +{
> +g_free(job->id);
> +g_free(job);

Should this be free()-like, by being a no-op when NULL is passed in, on
the grounds that it might simplify some partial-construction error paths?

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 08/33] job: Rename BlockJobType into JobType

[Eric Blake]

On 04/24/2018 10:24 AM, Kevin Wolf wrote:
> QAPI types aren't externally visible, so we can rename them without
> causing problems. Before we add a job type to Job, rename the enum
> so it can be used for more than just block jobs.
> 
> Signed-off-by: Kevin Wolf 
> ---

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 05/33] blockjob: Add block_job_driver()

[Eric Blake]

On 04/24/2018 10:24 AM, Kevin Wolf wrote:
> The backup block job directly accesses the driver field in BlockJob. Add
> a wrapper for getting it.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  include/block/blockjob.h | 7 +++
>  block/backup.c   | 8 +---
>  blockjob.c   | 5 +
>  3 files changed, 17 insertions(+), 3 deletions(-)
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] block: Merge .bdrv_co_writev{, _flags} in drivers

[Eric Blake]

We have too many driver callback interfaces; simplify the mess
somewhat by merging the flags parameter of .bdrv_co_writev_flags()
into .bdrv_co_writev_flags().  Note that as long as a driver doesn't
set .supported_write_flags, the flags argument will be 0 and behavior
is identical.  Also note that the public function bdrv_co_writev()
still lacks a flags argument; so the driver signature is thus
intentionally slightly different.  But that's not the end of the
world, nor the first time that the driver interface differs slightly
from the public interface.

Ideally, we should be rewriting all of these drivers to use modern
byte-based interfaces.  But that's a more invasive patch to write
and audit, compared to the simplification done here.

Signed-off-by: Eric Blake 
---

Based-on: <20180424192506.149089-1-ebl...@redhat.com>
([PATCH v2 0/6] block: byte-based AIO read/write)

 include/block/block_int.h |  2 --
 block/io.c| 13 -
 block/gluster.c   |  4 +++-
 block/iscsi.c |  8 
 block/parallels.c |  4 +++-
 block/qcow.c  |  6 --
 block/qed.c   |  3 ++-
 block/replication.c   |  4 +++-
 block/sheepdog.c  |  4 +++-
 block/ssh.c   |  4 +++-
 block/vhdx.c  |  4 +++-
 11 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/include/block/block_int.h b/include/block/block_int.h
index 0bba7ed024a..e3d6219f4e3 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -174,8 +174,6 @@ struct BlockDriver {
 int coroutine_fn (*bdrv_co_preadv)(BlockDriverState *bs,
 uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags);
 int coroutine_fn (*bdrv_co_writev)(BlockDriverState *bs,
-int64_t sector_num, int nb_sectors, QEMUIOVector *qiov);
-int coroutine_fn (*bdrv_co_writev_flags)(BlockDriverState *bs,
 int64_t sector_num, int nb_sectors, QEMUIOVector *qiov, int flags);
 /**
  * @offset: position in bytes to write at
diff --git a/block/io.c b/block/io.c
index 6b110b207a0..4fad5ac2fef 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1000,15 +1000,10 @@ static int coroutine_fn 
bdrv_driver_pwritev(BlockDriverState *bs,
 assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
 assert((bytes >> BDRV_SECTOR_BITS) <= BDRV_REQUEST_MAX_SECTORS);

-if (drv->bdrv_co_writev_flags) {
-ret = drv->bdrv_co_writev_flags(bs, sector_num, nb_sectors, qiov,
-flags & bs->supported_write_flags);
-flags &= ~bs->supported_write_flags;
-} else {
-assert(drv->bdrv_co_writev);
-assert(!bs->supported_write_flags);
-ret = drv->bdrv_co_writev(bs, sector_num, nb_sectors, qiov);
-}
+assert(drv->bdrv_co_writev);
+ret = drv->bdrv_co_writev(bs, sector_num, nb_sectors, qiov,
+  flags & bs->supported_write_flags);
+flags &= ~bs->supported_write_flags;

 emulate_flags:
 if (ret == 0 && (flags & BDRV_REQ_FUA)) {
diff --git a/block/gluster.c b/block/gluster.c
index 4adc1a875b1..15e7d7fc351 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -1194,8 +1194,10 @@ static coroutine_fn int 
qemu_gluster_co_readv(BlockDriverState *bs,
 static coroutine_fn int qemu_gluster_co_writev(BlockDriverState *bs,
int64_t sector_num,
int nb_sectors,
-   QEMUIOVector *qiov)
+   QEMUIOVector *qiov,
+   int flags)
 {
+assert(!flags);
 return qemu_gluster_co_rw(bs, sector_num, nb_sectors, qiov, 1);
 }

diff --git a/block/iscsi.c b/block/iscsi.c
index f5aecfc8834..35423ded03b 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -556,8 +556,8 @@ static inline bool iscsi_allocmap_is_valid(IscsiLun 
*iscsilun,
 }

 static int coroutine_fn
-iscsi_co_writev_flags(BlockDriverState *bs, int64_t sector_num, int nb_sectors,
-  QEMUIOVector *iov, int flags)
+iscsi_co_writev(BlockDriverState *bs, int64_t sector_num, int nb_sectors,
+QEMUIOVector *iov, int flags)
 {
 IscsiLun *iscsilun = bs->opaque;
 struct IscsiTask iTask;
@@ -2220,7 +2220,7 @@ static BlockDriver bdrv_iscsi = {
 .bdrv_co_pdiscard  = iscsi_co_pdiscard,
 .bdrv_co_pwrite_zeroes = iscsi_co_pwrite_zeroes,
 .bdrv_co_readv = iscsi_co_readv,
-.bdrv_co_writev_flags  = iscsi_co_writev_flags,
+.bdrv_co_writev= iscsi_co_writev,
 .bdrv_co_flush_to_disk = iscsi_co_flush,

 #ifdef __linux__
@@ -2255,7 +2255,7 @@ static BlockDriver bdrv_iser = {
 .bdrv_co_pdiscard  = iscsi_co_pdiscard,
 .bdrv_co_pwrite_zeroes = iscsi_co_pwrite_zeroes,
 .bdrv_co_readv = iscsi_co_readv,
-.bdrv_co_writev_flags  = iscsi_co_writev_flags,
+.bdrv_co_writev= 

[Qemu-devel] [ANNOUNCE] QEMU 2.12.0 is now available

[Michael Roth]

Hello,

On behalf of the QEMU Team, I'd like to announce the availability of
the QEMU 2.12.0 release. This release contains 2700+ commits from 204 
authors.

You can grab the tarball from our download page here:

  https://www.qemu.org/download/#source

The full list of changes are available at:

  https://wiki.qemu.org/ChangeLog/2.12

Highlights include:

 * Spectre/Meltdown mitigation support for x86/pseries/s390 guests. For
   more details see:
 https://www.qemu.org/2018/02/14/qemu-2-11-1-and-spectre-update/
 * Numerous block support improvements, including support for directly
   interacting with userspace NVMe driver, and general improvements to
   NBD server/client including more efficient reads of sparse files
 * Networking support for VMWare paravirtualized RDMA device (RDMA
   HCA and Soft-RoCE supported), CAN bus support via Linux SocketCAN and
   SJA1000-based PCI interfaces, and general improvements for dual-stack
   IPv4/IPv6 environments
 * GUI security/bug fixes, dmabufs support for GTK/Spice.
 * Better IPMI support for Platform Events and SEL logging in internal
   BMC emulation
 * SMBIOS support for "OEM Strings", which can be used for automating
   guest image activation without relying on network-based querying
 * KVM support for systems larger than 7.999TB
 * Disk cache information via virtio-balloon

 * ARM: AArch64 new instructions for FCMA/RDM and SIMD/FP16/crypto/complex
   number extensions
 * ARM: initial support for Raspberry Pi 3 machine type
 * ARM: Corex-M33/Armv8-M emulation via new mps2-an505 board and many
   other improvements for M profile emulation
 * HPPA: support for full machine emulation (hppa-softmmu)
 * PowerPC: PPC4xx emulation improvements, including I2C bus support
 * PowerPC: new Sam460ex machine type
 * PowerPC: significant TCG performance improvements
 * PowerPC: pseries: support for Spectre/Meltdown mitigations
 * RISC-V: new RISC-V target via "spike_v1.9.1", "spike_v1.10", and "virt"
   machine types
 * s390: non-virtual devices no longer require dedicated channel subsystem
   and guest support for multiple CSSs
 * s390: general PCI improvements, MSI-X support for virtio-pci devices
 * s390: improved TCG emulation support
 * SPARC: sun4u power device emulation
 * SPARC: improved trace-event support and emulation/debug fixes
 * Tricore: new instruction variants for JEQ/JNE and 64-bit MOV
 * x86: Intel IOMMU support for 48-bit addresses
 * Xtensa: backend now uses libisa for instruction decoding/disassebly
 * Xtensa: multi-threaded TCG support and noMMU configuration variants

 * and lots more...

Thank you to everyone involved!

Re: [Qemu-devel] [RFC PATCH 04/33] blockjob: Introduce block_job_ratelimit_get_delay()

[Eric Blake]

On 04/24/2018 10:24 AM, Kevin Wolf wrote:
> This gets us rid of more direct accesses to BlockJob fields from the
> job drivers.
> 
> Signed-off-by: Kevin Wolf 
> ---

> +++ b/include/block/blockjob_int.h
> @@ -166,6 +166,14 @@ void block_job_sleep_ns(BlockJob *job, int64_t ns);
>  void block_job_yield(BlockJob *job);
>  
>  /**
> + * block_job_ratelimit_get_delay:
> + *
> + * Calculate and return delay for the next request in ns. See the 
> docuemntation

s/docuemntation/documentation/

> + * of ratelimit_calculate_delay() for details.
> + */
> +int64_t block_job_ratelimit_get_delay(BlockJob *job, uint64_t n);

Signed return type matches ratelimit_calculate_delay, but what does a
negative return really mean?  Hmm, it looks like it can't actually
return a negative, other than if qemu_clock_get_ns() returns a negative
on some sort of error (which appears to be unlikely - we don't even
bother checking for it, even though it would mess things up if it did
happen) - all other return paths are 0 or a subtraction between time
values that can't overflow a 64-bit integer in our lifetime.  Should we
audit the source to flip the callers to use an unsigned value, perhaps
as a separate cleanup?

> +
> +/**
>   * block_job_pause_all:
>   *
>   * Asynchronously pause all jobs.
> diff --git a/block/backup.c b/block/backup.c
> index 8468fd9f94..3f3ec6e408 100644
> --- a/block/backup.c
> +++ b/block/backup.c
> @@ -325,21 +325,17 @@ static void backup_complete(BlockJob *job, void *opaque)
>  
>  static bool coroutine_fn yield_and_check(BackupBlockJob *job)
>  {
> +uint64_t delay_ns;
> +
>  if (block_job_is_cancelled(>common)) {
>  return true;
>  }
>  
> -/* we need to yield so that bdrv_drain_all() returns.
> - * (without, VM does not reboot)
> - */
> -if (job->common.speed) {
> -uint64_t delay_ns = ratelimit_calculate_delay(>common.limit,
> -  job->bytes_read);
> -job->bytes_read = 0;
> -block_job_sleep_ns(>common, delay_ns);
> -} else {
> -block_job_sleep_ns(>common, 0);
> -}
> +/* we need to yield even for delay_ns = 0 so that bdrv_drain_all() 
> returns.
> + * (without it, the VM does not reboot) */

As long as you are touching this, is it worth further improving the grammar?

/* We need to yield even for delay_ns = 0 so that bdrv_drain_all() can
return; without a yield, the VM would not reboot. */

> +delay_ns = block_job_ratelimit_get_delay(>common, job->bytes_read);
> +job->bytes_read = 0;
> +block_job_sleep_ns(>common, delay_ns);
>  
>  if (block_job_is_cancelled(>common)) {
>  return true;

With typo fixes,
Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH 4/6] qapi: change the type of TargetInfo.arch from string to enum SysEmuTarget

[Laszlo Ersek]

Now that we have @SysEmuTarget, it makes sense to restict
@TargetInfo.@arch to valid sysemu targets at the schema level.

Cc: "Daniel P. Berrange" 
Cc: David Gibson 
Cc: Eric Blake 
Cc: Gerd Hoffmann 
Cc: Kashyap Chamarthy 
Cc: Markus Armbruster 
Cc: Paolo Bonzini 
Cc: Thomas Huth 
Signed-off-by: Laszlo Ersek 
---

Notes:
PATCHv1:

- qmp_query_target(): pass (-1) as fallback value [Markus]
- qmp_query_target(): catch lookup error with error_abort [Markus]

RFCv3:

- The patch is new in this version. [Markus]

 qapi/misc.json |  6 --
 arch_init.c| 10 +-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/qapi/misc.json b/qapi/misc.json
index 104d013adba6..460866cf542f 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -1,18 +1,20 @@
 # -*- Mode: Python -*-
 #
 
 ##
 # = Miscellanea
 ##
 
+{ 'include': 'common.json' }
+
 ##
 # @qmp_capabilities:
 #
 # Enable QMP capabilities.
 #
 # Arguments:
 #
 # @enable:   An optional list of QMPCapability values to enable.  The
 #client must not enable any capability that is not
 #mentioned in the QMP greeting message.  If the field is not
 #provided, it means no QMP capabilities will be enabled.
@@ -2441,28 +2443,28 @@
 #  ]
 #}
 #
 ##
 { 'command': 'query-fdsets', 'returns': ['FdsetInfo'] }
 
 ##
 # @TargetInfo:
 #
 # Information describing the QEMU target.
 #
-# @arch: the target architecture (eg "x86_64", "i386", etc)
+# @arch: the target architecture
 #
 # Since: 1.2.0
 ##
 { 'struct': 'TargetInfo',
-  'data': { 'arch': 'str' } }
+  'data': { 'arch': 'SysEmuTarget' } }
 
 ##
 # @query-target:
 #
 # Return information about the target for this QEMU
 #
 # Returns: TargetInfo
 #
 # Since: 1.2.0
 ##
 { 'command': 'query-target', 'returns': 'TargetInfo' }
diff --git a/arch_init.c b/arch_init.c
index 6ee07478bd11..ee3a57019000 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -21,22 +21,23 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "cpu.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/arch_init.h"
 #include "hw/pci/pci.h"
 #include "hw/audio/soundhw.h"
 #include "qapi/qapi-commands-misc.h"
+#include "qapi/error.h"
 #include "qemu/config-file.h"
 #include "qemu/error-report.h"
 #include "hw/acpi/acpi.h"
 #include "qemu/help_option.h"
 
 #ifdef TARGET_SPARC
 int graphic_width = 1024;
 int graphic_height = 768;
 int graphic_depth = 8;
 #else
 int graphic_width = 800;
@@ -104,15 +105,22 @@ int xen_available(void)
 return 1;
 #else
 return 0;
 #endif
 }
 
 
 TargetInfo *qmp_query_target(Error **errp)
 {
 TargetInfo *info = g_malloc0(sizeof(*info));
 
-info->arch = g_strdup(TARGET_NAME);
+/*
+ * The fallback enum value is irrelevant here (TARGET_NAME is a
+ * macro and can never be NULL), so simply pass (-1). Also, the
+ * lookup should never fail -- if it fails, then @SysEmuTarget needs
+ * extending. Catch that with "error_abort".
+ */
+info->arch = qapi_enum_parse(_lookup, TARGET_NAME, -1,
+ _abort);
 
 return info;
 }
-- 
2.14.1.3.gb7cf6e02401b

[Qemu-devel] [PATCH 6/6] qapi: discriminate CpuInfo[Fast] on SysEmuTarget, not CpuInfoArch

[Laszlo Ersek]

Add a new field @target (of type @SysEmuTarget) to the outputs of the
@query-cpus and @query-cpus-fast commands, which provides more information
about the emulation target than the field @arch (of type @CpuInfoArch).
Keep @arch for compatibility.

Make @target the new discriminator for the @CpuInfo and @CpuInfoFast
return structures. This lets us hoist @arch to @CpuInfoCommon, but it also
requires some gymnastics in qmp_query_cpus() and qmp_query_cpus_fast().

In particular, conditional compilation cannot be removed, because each
pair of CPU base arch structures, such as X86CPU/CPUX86State,
PowerPCCPU/CPUPPCState, SPARCCPU/CPUSPARCState, is only visible when
building QEMU for a target that maps to that CPU base arch.

Cc: Eric Blake 
Cc: Markus Armbruster 
Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 
Signed-off-by: Laszlo Ersek 
---

Notes:
PATCHv1:

- new patch

 qapi/misc.json | 118 ++---
 cpus.c | 275 ++---
 2 files changed, 291 insertions(+), 102 deletions(-)

diff --git a/qapi/misc.json b/qapi/misc.json
index d7b776a5af37..98c15880f9f0 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -361,77 +361,105 @@
 # Collects fields common to @CpuInfoBase and @CpuInfoFastBase; that is,
 # fields that are shared by @query-cpus and @query-cpus-fast, and not
 # specific to the target architecture.
 #
 # @qom-path: path to the CPU object in the QOM tree (since 2.4)
 #
 # @thread-id: ID of the underlying host thread
 #
 # @props: properties describing which node/socket/core/thread the
 # virtual CPU belongs to, if supported by the board (since 2.10)
 #
+# @arch: base architecture of the cpu (since 2.6)
+#
 # Since: 2.13
 ##
 { 'struct' : 'CpuInfoCommon',
   'data'   : { 'qom-path'  : 'str',
'thread-id' : 'int',
-   '*props': 'CpuInstanceProperties' } }
+   '*props': 'CpuInstanceProperties',
+   'arch'  : 'CpuInfoArch' } }
 
 ##
 # @CpuInfoBase:
 #
 # Extends @CpuInfoCommon with fields that are specific to the @query-cpus
 # command, but not specific to the target architecture.
 #
 # @CPU: the index of the virtual CPU
 #
 # @current: this only exists for backwards compatibility and should be ignored
 #
 # @halted: true if the virtual CPU is in the halt state.  Halt usually refers
 #  to a processor specific low power mode.
 #
-# @arch: architecture of the cpu, which determines which additional fields
-#will be listed (since 2.6)
+# @target: the QEMU system emulation target, which is more specific than
+#  @arch and determines which additional fields will be listed
+#
 #
 # Since: 2.13
 #
 # Notes: @halted is a transient state that changes frequently.  By the time the
 #data is sent to the client, the guest may no longer be halted.
-#Moreover, @arch cannot be moved up to @CpuInfoCommon because
+#Moreover, @target cannot be moved up to @CpuInfoCommon because
 #that would prevent its use as the discriminator in @CpuInfo.
 ##
 { 'struct' : 'CpuInfoBase',
   'base'   : 'CpuInfoCommon',
   'data'   : { 'CPU' : 'int',
'current' : 'bool',
'halted'  : 'bool',
-   'arch': 'CpuInfoArch' } }
+   'target'  : 'SysEmuTarget' } }
 
 ##
 # @CpuInfo:
 #
 # Information about a virtual CPU
 #
 # Since: 0.14.0
 ##
-{ 'union': 'CpuInfo',
-  'base': 'CpuInfoBase',
-  'discriminator': 'arch',
-  'data': { 'x86': 'CpuInfoX86',
-'sparc': 'CpuInfoSPARC',
-'ppc': 'CpuInfoPPC',
-'mips': 'CpuInfoMIPS',
-'tricore': 'CpuInfoTricore',
-'s390': 'CpuInfoS390',
-'riscv': 'CpuInfoRISCV',
-'other': 'CpuInfoOther' } }
+{ 'union' : 'CpuInfo',
+  'base'  : 'CpuInfoBase',
+  'discriminator' : 'target',
+  'data'  : { 'i386' : 'CpuInfoX86',
+  'x86_64'   : 'CpuInfoX86',
+  'sparc': 'CpuInfoSPARC',
+  'sparc64'  : 'CpuInfoSPARC',
+  'ppc'  : 'CpuInfoPPC',
+  'ppcemb'   : 'CpuInfoPPC',
+  'ppc64': 'CpuInfoPPC',
+  'mips' : 'CpuInfoMIPS',
+  'mipsel'   : 'CpuInfoMIPS',
+  'mips64'   : 'CpuInfoMIPS',
+  'mips64el' : 'CpuInfoMIPS',
+  'tricore'  : 'CpuInfoTricore',
+  's390x': 'CpuInfoS390',
+  'riscv32'  : 'CpuInfoRISCV',
+  'riscv64'  : 'CpuInfoRISCV',
+  'aarch64'  : 'CpuInfoOther',
+  'alpha': 'CpuInfoOther',
+ 

[Qemu-devel] [PATCH 2/6] qapi: handle the riscv CpuInfoArch in query-cpus-fast

[Laszlo Ersek]

Commit 25fa194b7b11 added the @riscv enum constant to @CpuInfoArch (used
in both @CpuInfo and @CpuInfoFast -- the return types of the @query-cpus
and @query-cpus-fast commands, respectively), and assigned, in both return
structures, the @CpuInfoRISCV sub-structure to the new enum value.

However, qmp_query_cpus_fast() would not populate either the @arch field
or the @CpuInfoRISCV sub-structure, when TARGET_RISCV was defined; only
qmp_query_cpus() would.

In theory, there are two ways to fix this:

(a) Fill in both the @arch field and the @CpuInfoRISCV sub-structure in
qmp_query_cpus_fast(), by copying the logic from qmp_query_cpus().

(b) Assign @CpuInfoOther to the @riscv enum constant in @CpuInfoFast, and
populate only the @arch field in qmp_query_cpus_fast().

Approach (b) seems more robust, because:

- clearly there has never been an attempt to get actual RISV CPU state
  from qmp_query_cpus_fast(), so its lack of RISCV support is not actually
  a problem,

- getting CPU state without interrupting KVM looks like an exceptional
  thing to do (only S390X does it currently).

Cc: Bastian Koppelmann 
Cc: Eric Blake 
Cc: Laurent Vivier 
Cc: Markus Armbruster 
Cc: Michael Clark 
Cc: Palmer Dabbelt 
Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 
Cc: Riku Voipio 
Cc: Sagar Karandikar 
Cc: qemu-sta...@nongnu.org
Fixes: 25fa194b7b11901561532e435beb83d046899f7a
Signed-off-by: Laszlo Ersek 
---

Notes:
PATCHv1:

- new patch

 qapi/misc.json | 2 +-
 cpus.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/qapi/misc.json b/qapi/misc.json
index 5636f4a14997..104d013adba6 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -565,23 +565,23 @@
 { 'union': 'CpuInfoFast',
   'base': {'cpu-index': 'int', 'qom-path': 'str',
'thread-id': 'int', '*props': 'CpuInstanceProperties',
'arch': 'CpuInfoArch' },
   'discriminator': 'arch',
   'data': { 'x86': 'CpuInfoOther',
 'sparc': 'CpuInfoOther',
 'ppc': 'CpuInfoOther',
 'mips': 'CpuInfoOther',
 'tricore': 'CpuInfoOther',
 's390': 'CpuInfoS390',
-'riscv': 'CpuInfoRISCV',
+'riscv': 'CpuInfoOther',
 'other': 'CpuInfoOther' } }
 
 ##
 # @query-cpus-fast:
 #
 # Returns information about all virtual CPUs. This command does not
 # incur a performance penalty and should be used in production
 # instead of query-cpus.
 #
 # Returns: list of @CpuInfoFast
 #
diff --git a/cpus.c b/cpus.c
index 1a9a2edee1f2..60563a6d54ec 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2225,22 +2225,24 @@ CpuInfoFastList *qmp_query_cpus_fast(Error **errp)
 #elif defined(TARGET_SPARC)
 info->value->arch = CPU_INFO_ARCH_SPARC;
 #elif defined(TARGET_MIPS)
 info->value->arch = CPU_INFO_ARCH_MIPS;
 #elif defined(TARGET_TRICORE)
 info->value->arch = CPU_INFO_ARCH_TRICORE;
 #elif defined(TARGET_S390X)
 s390_cpu = S390_CPU(cpu);
 env = _cpu->env;
 info->value->arch = CPU_INFO_ARCH_S390;
 info->value->u.s390.cpu_state = env->cpu_state;
+#elif defined(TARGET_RISCV)
+info->value->arch = CPU_INFO_ARCH_RISCV;
 #else
 info->value->arch = CPU_INFO_ARCH_OTHER;
 #endif
 if (!cur_item) {
 head = cur_item = info;
 } else {
 cur_item->next = info;
 cur_item = info;
 }
 }
 
-- 
2.14.1.3.gb7cf6e02401b

[Qemu-devel] [PATCH 5/6] qapi: extract CpuInfoCommon to mitigate schema duplication

[Laszlo Ersek]

@CpuInfo and @CpuInfoFast duplicate the following four fields: @qom-path,
@thread-id, @props and @arch. From these, extract the first three to a
common structure called @CpuInfoCommon. (More on @arch later.)

Introduce two new mid-layer structures, @CpuInfoBase and @CpuInfoFastBase,
to soak up the union base struct fields on top of @CpuInfoCommon that are
specific to @query-cpus and @query-cpus-fast, respectively. This is
necessary because the base struct spec in union definitions does not let
us mix named fields with a recursive base struct. (In other words, we
couldn't directly use @CpuInfoCommon *plus* some other fields within
@CpuInfo and @CpuInfoFast as base struct).

@arch cannot be hoisted higher than to @CpuInfoBase and @CpuInfoFastBase
because the union descriminator is only accepted from a direct base
struct, not from an indirect one.

Cc: Eric Blake 
Cc: Markus Armbruster 
Signed-off-by: Laszlo Ersek 
---

Notes:
PATCHv1:

- new patch

 qapi/misc.json  | 94 +
 qapi/qapi-schema.json   |  2 +-
 tests/test-x86-cpuid-compat.c   |  2 +-
 tests/migration/guestperf/engine.py |  2 +-
 4 files changed, 68 insertions(+), 32 deletions(-)

diff --git a/qapi/misc.json b/qapi/misc.json
index 460866cf542f..d7b776a5af37 100644
--- a/qapi/misc.json
+++ b/qapi/misc.json
@@ -348,52 +348,81 @@
 #
 # @s390: since 2.12
 #
 # @riscv: since 2.12
 #
 # Since: 2.6
 ##
 { 'enum': 'CpuInfoArch',
   'data': ['x86', 'sparc', 'ppc', 'mips', 'tricore', 's390', 'riscv', 'other' 
] }
 
 ##
-# @CpuInfo:
+# @CpuInfoCommon:
 #
-# Information about a virtual CPU
+# Collects fields common to @CpuInfoBase and @CpuInfoFastBase; that is,
+# fields that are shared by @query-cpus and @query-cpus-fast, and not
+# specific to the target architecture.
+#
+# @qom-path: path to the CPU object in the QOM tree (since 2.4)
+#
+# @thread-id: ID of the underlying host thread
+#
+# @props: properties describing which node/socket/core/thread the
+# virtual CPU belongs to, if supported by the board (since 2.10)
+#
+# Since: 2.13
+##
+{ 'struct' : 'CpuInfoCommon',
+  'data'   : { 'qom-path'  : 'str',
+   'thread-id' : 'int',
+   '*props': 'CpuInstanceProperties' } }
+
+##
+# @CpuInfoBase:
+#
+# Extends @CpuInfoCommon with fields that are specific to the @query-cpus
+# command, but not specific to the target architecture.
 #
 # @CPU: the index of the virtual CPU
 #
 # @current: this only exists for backwards compatibility and should be ignored
 #
 # @halted: true if the virtual CPU is in the halt state.  Halt usually refers
 #  to a processor specific low power mode.
 #
-# @qom_path: path to the CPU object in the QOM tree (since 2.4)
-#
-# @thread_id: ID of the underlying host thread
-#
-# @props: properties describing to which node/socket/core/thread
-# virtual CPU belongs to, provided if supported by board (since 2.10)
-#
 # @arch: architecture of the cpu, which determines which additional fields
 #will be listed (since 2.6)
 #
-# Since: 0.14.0
+# Since: 2.13
 #
 # Notes: @halted is a transient state that changes frequently.  By the time the
 #data is sent to the client, the guest may no longer be halted.
+#Moreover, @arch cannot be moved up to @CpuInfoCommon because
+#that would prevent its use as the discriminator in @CpuInfo.
+##
+{ 'struct' : 'CpuInfoBase',
+  'base'   : 'CpuInfoCommon',
+  'data'   : { 'CPU' : 'int',
+   'current' : 'bool',
+   'halted'  : 'bool',
+   'arch': 'CpuInfoArch' } }
+
+##
+# @CpuInfo:
+#
+# Information about a virtual CPU
+#
+# Since: 0.14.0
 ##
 { 'union': 'CpuInfo',
-  'base': {'CPU': 'int', 'current': 'bool', 'halted': 'bool',
-   'qom_path': 'str', 'thread_id': 'int',
-   '*props': 'CpuInstanceProperties', 'arch': 'CpuInfoArch' },
+  'base': 'CpuInfoBase',
   'discriminator': 'arch',
   'data': { 'x86': 'CpuInfoX86',
 'sparc': 'CpuInfoSPARC',
 'ppc': 'CpuInfoPPC',
 'mips': 'CpuInfoMIPS',
 'tricore': 'CpuInfoTricore',
 's390': 'CpuInfoS390',
 'riscv': 'CpuInfoRISCV',
 'other': 'CpuInfoOther' } }
 
 ##
@@ -512,70 +541,77 @@
 #
 # Since: 0.14.0
 #
 # Example:
 #
 # -> { "execute": "query-cpus" }
 # <- { "return": [
 #  {
 # "CPU":0,
 # "current":true,
 # "halted":false,
-# "qom_path":"/machine/unattached/device[0]",
+# "qom-path":"/machine/unattached/device[0]",
 # "arch":"x86",
 # "pc":3227107138,
-# "thread_id":3134
+# "thread-id":3134
 #  },
 #  {
 # "CPU":1,
 # "current":false,
 # "halted":true,
-# "qom_path":"/machine/unattached/device[2]",
+# 

[Qemu-devel] [PATCH 3/6] qapi: add SysEmuTarget to "common.json"

[Laszlo Ersek]

We'll soon need an enumeration type that lists all the softmmu targets
that QEMU (the project) supports. Introduce @SysEmuTarget to
"common.json".

Cc: "Daniel P. Berrange" 
Cc: David Gibson 
Cc: Eric Blake 
Cc: Gerd Hoffmann 
Cc: Kashyap Chamarthy 
Cc: Markus Armbruster 
Cc: Paolo Bonzini 
Cc: Thomas Huth 
Signed-off-by: Laszlo Ersek 
Reviewed-by: Markus Armbruster 
Reviewed-by: Kashyap Chamarthy 
---

Notes:
PATCHv1:

- pick up R-b's from Markus and Kashyap, no changes

RFCv3:

- The patch is new in this version. [Dan, Markus]

- The original idea was to call the new enum @Target; however, @Target
  generates exactly the TARGET_AARCH64, TARGET_ALPHA, TARGET_ARM, ...
  enumeration constants that conflict with the poisoned preprocessing
  macros of the same names. Hence @SysEmuTarget -- it's more accurate
  anyway, since we want it to stand for system emulation targets.

- Also, we discussed defining the new type in either "common.json" or
  "misc.json". "misc.json" turned out to be a problem: "firmware.json"
  would then include "misc.json" for the new type's sake, but that
  inclusion would become the first appearance of "misc.json" -- within
  "firmware.json". That messed up the generated documentation. By adding
  the new type to "common.json", "misc.json" (see the 2nd patch) and
  "firmware.json" (see the 3rd patch) can both consume the new type
  without problems.

 qapi/common.json | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/qapi/common.json b/qapi/common.json
index d9b14dd429f3..1fd63172754a 100644
--- a/qapi/common.json
+++ b/qapi/common.json
@@ -118,11 +118,30 @@
 #
 # @bar3: PCI BAR3 is used for the feature
 #
 # @bar4: PCI BAR4 is used for the feature
 #
 # @bar5: PCI BAR5 is used for the feature
 #
 # Since: 2.12
 ##
 { 'enum': 'OffAutoPCIBAR',
   'data': [ 'off', 'auto', 'bar0', 'bar1', 'bar2', 'bar3', 'bar4', 'bar5' ] }
+
+##
+# @SysEmuTarget:
+#
+# The comprehensive enumeration of QEMU system emulation ("softmmu")
+# targets. Run "./configure --help" in the project root directory, and
+# look for the *-softmmu targets near the "--target-list" option. The
+# individual target constants are not documented here, for the time
+# being.
+#
+# Since: 2.13
+##
+{ 'enum' : 'SysEmuTarget',
+  'data' : [ 'aarch64', 'alpha', 'arm', 'cris', 'hppa', 'i386', 'lm32',
+ 'm68k', 'microblaze', 'microblazeel', 'mips', 'mips64',
+ 'mips64el', 'mipsel', 'moxie', 'nios2', 'or1k', 'ppc',
+ 'ppc64', 'ppcemb', 'riscv32', 'riscv64', 's390x', 'sh4',
+ 'sh4eb', 'sparc', 'sparc64', 'tricore', 'unicore32',
+ 'x86_64', 'xtensa', 'xtensaeb' ] }
-- 
2.14.1.3.gb7cf6e02401b

[Qemu-devel] [PATCH 0/6] qapi: introduce the SysEmuTarget enumeration

[Laszlo Ersek]

This patch set adds the @SysEmuTarget enum type, and rebases a few other
types to it. Here's the "anatomy" of the series:

- Patches #1 and #2 fix QAPI bugs that have crept in in the 2.12
  development cycle. I noticed the bugs while working on patch #6; i.e.
  patch #6 depends on #1 and #2. The issues should likely be fixed in
  2.12.1, so patches #1 and #2 are CC'd to qemu-stable.

- Patch #3 is what I primarily care about in this series. It introduces
  the @SysEmuTarget enum, for the sake of my end-goal patch at:

[Qemu-devel] [qemu RFC v3 3/3] qapi: add "firmware.json"
20180420231246.23130-4-lersek@redhat.com">http://mid.mail-archive.com/20180420231246.23130-4-lersek@redhat.com

  (BTW review comments for that RFCv3 patch are still super welcome).

- Patch #4 is a small cleanup that utilizes @SysEmuTarget, rebasing
  @TargetInfo to it.

- Patch #5 is an attempt at normalizing @CpuInfo and @CpuInfoFast, by
  factoring out @CpuInfoCommon. I'm proposing this in order to save some
  busy-work for patch #6. If patch #5 is doing the wrong thing, it can
  be dropped, with relatively small updates to patch #6.

- Patch #6 demotes the current discriminator field of @CpuInfo and
  @CpuInfoFast, namely @arch (of type @CpuInfoArch), to "normal base
  struct field", and introduces @target (of type @SysEmuTarget) in its
  place. This is a pretty intrusive patch which caused me hours of
  struggle. Similarly to patch #4, the goal is to help clean up the fuzz
  around the "target architecture" concept in QAPI. I'm proposing this
  patch because Markus suggested that I might try :) If significantly
  more work was necessary to hammer this patch into acceptable shape,
  then I'd prefer to limit the scope, just add @target, and keep @arch
  as the discriminator.

Sorry about the humongous CC list.

Cc: "Daniel P. Berrange" 
Cc: Bastian Koppelmann 
Cc: David Gibson 
Cc: Eric Blake 
Cc: Gerd Hoffmann 
Cc: Kashyap Chamarthy 
Cc: Laurent Vivier 
Cc: Markus Armbruster 
Cc: Michael Clark 
Cc: Palmer Dabbelt 
Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 
Cc: Riku Voipio 
Cc: Sagar Karandikar 
Cc: Thomas Huth 

Thanks
Laszlo

Laszlo Ersek (6):
  qapi: fill in CpuInfoFast.arch in query-cpus-fast
  qapi: handle the riscv CpuInfoArch in query-cpus-fast
  qapi: add SysEmuTarget to "common.json"
  qapi: change the type of TargetInfo.arch from string to enum
SysEmuTarget
  qapi: extract CpuInfoCommon to mitigate schema duplication
  qapi: discriminate CpuInfo[Fast] on SysEmuTarget, not CpuInfoArch

 qapi/common.json|  19 +++
 qapi/misc.json  | 196 ---
 qapi/qapi-schema.json   |   2 +-
 arch_init.c |  10 +-
 cpus.c  | 261 
 tests/test-x86-cpuid-compat.c   |   2 +-
 tests/migration/guestperf/engine.py |   2 +-
 7 files changed, 380 insertions(+), 112 deletions(-)

-- 
2.14.1.3.gb7cf6e02401b

[Qemu-devel] [PATCH 1/6] qapi: fill in CpuInfoFast.arch in query-cpus-fast

[Laszlo Ersek]

Commit ca230ff33f89 added added the @arch field to @CpuInfoFast, but it
failed to set the new field in qmp_query_cpus_fast(), when TARGET_S390X
was not defined. The updated @query-cpus-fast example in
"qapi-schema.json" showed "arch":"x86" only because qmp_query_cpus_fast()
calls g_malloc0() to allocate CpuInfoFast, and the CPU_INFO_ARCH_X86 enum
constant is generated with value 0.

All @arch values other than @s390 implied the @CpuInfoOther sub-struct for
@CpuInfoFast -- at the time of writing the patch --, thus no fields other
than @arch needed to be set when TARGET_S390X was not defined. Set @arch
now, by copying the corresponding assignments from qmp_query_cpus().

Cc: Eric Blake 
Cc: Markus Armbruster 
Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Richard Henderson 
Cc: qemu-sta...@nongnu.org
Fixes: ca230ff33f89bf7102cbfbc2328716da6750aaed
Signed-off-by: Laszlo Ersek 
---

Notes:
PATCHv1:

- new patch

 cpus.c | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/cpus.c b/cpus.c
index 38eba8bff334..1a9a2edee1f2 100644
--- a/cpus.c
+++ b/cpus.c
@@ -2210,27 +2210,39 @@ CpuInfoFastList *qmp_query_cpus_fast(Error **errp)
 info->value->qom_path = object_get_canonical_path(OBJECT(cpu));
 info->value->thread_id = cpu->thread_id;
 
 info->value->has_props = !!mc->cpu_index_to_instance_props;
 if (info->value->has_props) {
 CpuInstanceProperties *props;
 props = g_malloc0(sizeof(*props));
 *props = mc->cpu_index_to_instance_props(ms, cpu->cpu_index);
 info->value->props = props;
 }
 
-#if defined(TARGET_S390X)
+#if defined(TARGET_I386)
+info->value->arch = CPU_INFO_ARCH_X86;
+#elif defined(TARGET_PPC)
+info->value->arch = CPU_INFO_ARCH_PPC;
+#elif defined(TARGET_SPARC)
+info->value->arch = CPU_INFO_ARCH_SPARC;
+#elif defined(TARGET_MIPS)
+info->value->arch = CPU_INFO_ARCH_MIPS;
+#elif defined(TARGET_TRICORE)
+info->value->arch = CPU_INFO_ARCH_TRICORE;
+#elif defined(TARGET_S390X)
 s390_cpu = S390_CPU(cpu);
 env = _cpu->env;
 info->value->arch = CPU_INFO_ARCH_S390;
 info->value->u.s390.cpu_state = env->cpu_state;
+#else
+info->value->arch = CPU_INFO_ARCH_OTHER;
 #endif
 if (!cur_item) {
 head = cur_item = info;
 } else {
 cur_item->next = info;
 cur_item = info;
 }
 }
 
 return head;
 }
-- 
2.14.1.3.gb7cf6e02401b

Re: [Qemu-devel] [RFC PATCH 03/33] blockjob: Implement block_job_set_speed() centrally

[Eric Blake]

On 04/24/2018 10:24 AM, Kevin Wolf wrote:
> All block job drivers support .set_speed and all of them duplicate the
> same code to implement it. Move that code to blockjob.c and remove the
> now useless callback.
> 
> Signed-off-by: Kevin Wolf 
> ---

> +++ b/include/block/blockjob.h
> @@ -29,6 +29,8 @@
>  #include "block/block.h"
>  #include "qemu/ratelimit.h"
>  
> +#define SLICE_TIME 1ULL /* ns */

I know this is just code motion; but would it be any more legible as:

#define SLICE_TIME (100ULL * 1000 * 1000) /* ns */

to make it easier to see as 100 ms without having to count the 0s?

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH 02/33] blockjob: Move RateLimit to BlockJob

[Eric Blake]

On 04/24/2018 10:24 AM, Kevin Wolf wrote:
> Every block job has a RateLimit, and they all do the exact same thing
> with it, so it should be common infrastructure. Move the struct field
> for a start.
> 
> Signed-off-by: Kevin Wolf 
> ---

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [Xen-devel] [PATCH 15/16] os-posix: cleanup: Replace perror with error_report

[Alistair Francis]

On Tue, Apr 24, 2018 at 10:58 AM, Ian Jackson  wrote:
> perror() is defined to fprintf(stderr,...).  HACKING says
> fprintf(stderr,...) is wrong.  So perror() is too.
>
> Signed-off-by: Ian Jackson 
> CC: Paolo Bonzini 
> CC: Markus Armbruster 
> CC: Daniel P. Berrange 
> CC: Michael Tokarev 
> CC: Alistair Francis 
> Reviewed-by: Philippe Mathieu-Daudé 

Reviewed-by: Alistair Francis 

Alistair

> ---
> v7: New patch
> ---
>  os-posix.c | 8 
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/os-posix.c b/os-posix.c
> index a2ba50d..24eb700 100644
> --- a/os-posix.c
> +++ b/os-posix.c
> @@ -125,7 +125,7 @@ void os_set_proc_name(const char *s)
>  /* Could rewrite argv[0] too, but that's a bit more complicated.
> This simple way is enough for `top'. */
>  if (prctl(PR_SET_NAME, name)) {
> -perror("unable to change process name");
> +error_report("unable to change process name: %s", strerror(errno));
>  exit(1);
>  }
>  #else
> @@ -247,7 +247,7 @@ static void change_root(void)
>  exit(1);
>  }
>  if (chdir("/")) {
> -perror("not able to chdir to /");
> +error_report("not able to chdir to /: %s", strerror(errno));
>  exit(1);
>  }
>  }
> @@ -309,7 +309,7 @@ void os_setup_post(void)
>
>  if (daemonize) {
>  if (chdir("/")) {
> -perror("not able to chdir to /");
> +error_report("not able to chdir to /: %s", strerror(errno));
>  exit(1);
>  }
>  TFR(fd = qemu_open("/dev/null", O_RDWR));
> @@ -383,7 +383,7 @@ int os_mlock(void)
>
>  ret = mlockall(MCL_CURRENT | MCL_FUTURE);
>  if (ret < 0) {
> -perror("mlockall");
> +error_report("mlockall: %s", strerror(errno));
>  }
>
>  return ret;
> --
> 2.1.4
>
>
> ___
> Xen-devel mailing list
> xen-de...@lists.xenproject.org
> https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Qemu-devel] [PATCH v2 1/2] ipmi: Use proper struct reference for KCS vmstate

[Corey Minyard]

On 04/24/2018 10:32 AM, Dr. David Alan Gilbert wrote:

* Corey Minyard (miny...@acm.org) wrote:

On 03/05/2018 08:09 AM, Dr. David Alan Gilbert wrote:

* miny...@acm.org (miny...@acm.org) wrote:

From: Corey Minyard 

The vmstate for isa_ipmi_kcs was referencing into the kcs structure,
instead create a kcs structure separate and use that.

There were also some issues in the state transfer.  The inlen field
was not being transferred, so if a transaction was in process during
the transfer it would be messed up.  And the use_irq field was
transferred, but that should come from the configuration.
And the
name on the man VMStateDescription was incorrect, it needed to be
differentiated from the BT one.

I think that's a bigger problem; lets see below.


To fix this, a new VMStateDescription is added that is hopefully
correct, and the old one is kept (modified to remove use_irq) in
a way that it can be received from the remote but will not be sent.
So an upgrade should work for KCS.

Signed-off-by: Corey Minyard 
Cc: Dr. David Alan Gilbert 
---
   hw/ipmi/isa_ipmi_kcs.c | 77 
--
   1 file changed, 75 insertions(+), 2 deletions(-)

diff --git a/hw/ipmi/isa_ipmi_kcs.c b/hw/ipmi/isa_ipmi_kcs.c
index 689587b..2a2784d 100644
--- a/hw/ipmi/isa_ipmi_kcs.c
+++ b/hw/ipmi/isa_ipmi_kcs.c
@@ -422,14 +422,86 @@ static void ipmi_isa_realize(DeviceState *dev, Error 
**errp)
   isa_register_ioport(isadev, >kcs.io, iik->kcs.io_base);
   }
-const VMStateDescription vmstate_ISAIPMIKCSDevice = {
+static int ipmi_kcs_vmstate_post_load(void *opaque, int version)
+{
+IPMIKCS *ik = opaque;
+
+/* Make sure all the values are sane. */
+if (ik->outpos >= MAX_IPMI_MSG_SIZE || ik->outlen >= MAX_IPMI_MSG_SIZE ||
+ik->outpos >= ik->outlen) {
+ik->outpos = 0;
+ik->outlen = 0;
+}
+
+if (ik->inlen >= MAX_IPMI_MSG_SIZE) {
+ik->inlen = 0;
+}
+
+return 0;
+}
+
+static const VMStateDescription vmstate_IPMIKCS = {
+.name = TYPE_IPMI_INTERFACE_PREFIX "kcs",
+.version_id = 1,
+.minimum_version_id = 1,
+.post_load = ipmi_kcs_vmstate_post_load,
+.fields  = (VMStateField[]) {
+VMSTATE_BOOL(obf_irq_set, IPMIKCS),
+VMSTATE_BOOL(atn_irq_set, IPMIKCS),
+VMSTATE_BOOL(irqs_enabled, IPMIKCS),
+VMSTATE_UINT32(outpos, IPMIKCS),
+VMSTATE_UINT32(outlen, IPMIKCS),
+VMSTATE_UINT8_ARRAY(outmsg, IPMIKCS, MAX_IPMI_MSG_SIZE),
+VMSTATE_UINT32(inlen, IPMIKCS),
+VMSTATE_UINT8_ARRAY(inmsg, IPMIKCS, MAX_IPMI_MSG_SIZE),
+VMSTATE_BOOL(write_end, IPMIKCS),
+VMSTATE_UINT8(status_reg, IPMIKCS),
+VMSTATE_UINT8(data_out_reg, IPMIKCS),
+VMSTATE_INT16(data_in_reg, IPMIKCS),
+VMSTATE_INT16(cmd_reg, IPMIKCS),
+VMSTATE_UINT8(waiting_rsp, IPMIKCS),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static const VMStateDescription vmstate_ISAIPMIKCSDevice = {
+.name = TYPE_IPMI_INTERFACE_PREFIX "isa-kcs",
+.version_id = 2,
+.minimum_version_id = 2,
+.fields  = (VMStateField[]) {
+VMSTATE_STRUCT(kcs, ISAIPMIKCSDevice, 1, vmstate_IPMIKCS, IPMIKCS),
+VMSTATE_END_OF_LIST()
+}
+};

I've got the following, which is only build tested but:

+static const VMStateDescription vmstate_IPMIKCS = {
+.name = TYPE_IPMI_INTERFACE_PREFIX "kcs",
+.version_id = 2,
+.minimum_version_id = 1,
+.post_load = ipmi_kcs_vmstate_post_load,
+.fields  = (VMStateField[]) {
+VMSTATE_BOOL(obf_irq_set, IPMIKCS),
+VMSTATE_BOOL(atn_irq_set, IPMIKCS),
+VMSTATE_UNUSED(1), /* Was use_irq */
+VMSTATE_BOOL(irqs_enabled, IPMIKCS),
+VMSTATE_UINT32(outpos, IPMIKCS),
+VMSTATE_UINT32_V(outlen, IPMIKCS,2),
+VMSTATE_UINT8_ARRAY(outmsg, IPMIKCS, MAX_IPMI_MSG_SIZE),
+VMSTATE_UINT32_V(inlen, IPMIKCS,2),
+VMSTATE_UINT8_ARRAY(inmsg, IPMIKCS, MAX_IPMI_MSG_SIZE),
+VMSTATE_BOOL(write_end, IPMIKCS),
+VMSTATE_UINT8(status_reg, IPMIKCS),
+VMSTATE_UINT8(data_out_reg, IPMIKCS),
+VMSTATE_INT16(data_in_reg, IPMIKCS),
+VMSTATE_INT16(cmd_reg, IPMIKCS),
+VMSTATE_UINT8(waiting_rsp, IPMIKCS),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static const VMStateDescription vmstate_ISAIPMIKCSDevice = {
+.name = TYPE_IPMI_INTERFACE_PREFIX "isa-kcs",
+.version_id = 2,
+.minimum_version_id = 2,
+.fields  = (VMStateField[]) {
+VMSTATE_STRUCT(kcs, ISAIPMIKCSDevice, 2, vmstate_IPMIKCS, IPMIKCS),
+VMSTATE_END_OF_LIST()
+}
+};

Note how the outlen and inlen fields use the _V modifier and are only
bound to v2, and I leave the UNUSED in for use_irq, that means we can
then mae the vmstate_v1_ISAIPMIKCSDevice just have:

const VMStateDescription vmstate_v1_ISAIPMIKCSDevice = {
  .name = TYPE_IPMI_INTERFACE,
  .version_id = 1,
  

Re: [Qemu-devel] [RFC PATCH 01/33] blockjob: Wrappers for progress counter access

[Eric Blake]

On 04/24/2018 10:24 AM, Kevin Wolf wrote:
> Block job drivers are not expected to mess with the internal of the

s/internal/internals/

> BlockJob object, so provide wrapper functions for one of the cases where
> they still do it: Updating the progress counter.
> 
> Signed-off-by: Kevin Wolf 
> ---

> +++ b/include/block/blockjob.h
> @@ -278,6 +278,25 @@ void block_job_finalize(BlockJob *job, Error **errp);
>  void block_job_dismiss(BlockJob **job, Error **errp);
>  
>  /**
> + * block_job_progress_update:
> + * @job: The job that has made progress
> + * @done: How much progress the job made
> + *
> + * Updates the progress counter of the job.
> + */
> +void block_job_progress_update(BlockJob *job, uint64_t done);

We already document (and libvirt does as well) that a job progress meter
does not necessarily represent anything obviously correlating to the
real job, other than that the ratio between them serves as an estimate
of completion; and that we are free to move not only the progress
indicator, but also the end goal, over the course of a job, and that a
job can even appear to move backwards when comparing the ratios (for
example, getting the pairs 0/1, 1/1000, 50/1000, 800/1200, 800/1300,
1200/1300, 1/1 over the life of a job is a valid possibility for a
sequence, including the apparent backwards motion at the 800/1300 step).
 But this new API only modifies one of the two (arbitrary) stats - is
that sufficient?

/me reads on...

> +
> +/**
> + * block_job_progress_set_remaining:
> + * @job: The job whose expected progress end value is set
> + * @remaining: Expected end value of the progress counter of the job
> + *
> + * Sets the expected end value of the progress counter of a job so that a
> + * completion percentage can be calculated when the progress is updated.
> + */
> +void block_job_progress_set_remaining(BlockJob *job, uint64_t remaining);

...Oh. You have two separate functions to modify the two arbitrary
values at will.  Why not just a single function?  Maybe seeing how the
callers use it will demonstrate that two separate functions is slightly
easier...

> +
> +/**
>   * block_job_query:
>   * @job: The job to get information about.
>   *
> diff --git a/block/backup.c b/block/backup.c
> index 453cd62c24..5d95805472 100644
> --- a/block/backup.c
> +++ b/block/backup.c
> @@ -39,6 +39,7 @@ typedef struct BackupBlockJob {
>  BlockdevOnError on_source_error;
>  BlockdevOnError on_target_error;
>  CoRwlock flush_rwlock;
> +uint64_t len;
>  uint64_t bytes_read;
>  int64_t cluster_size;
>  bool compress;
> @@ -118,7 +119,7 @@ static int coroutine_fn backup_do_cow(BackupBlockJob *job,
>  
>  trace_backup_do_cow_process(job, start);
>  
> -n = MIN(job->cluster_size, job->common.len - start);
> +n = MIN(job->cluster_size, job->len - start);
>  
>  if (!bounce_buffer) {
>  bounce_buffer = blk_blockalign(blk, job->cluster_size);
> @@ -159,7 +160,7 @@ static int coroutine_fn backup_do_cow(BackupBlockJob *job,
>   * offset field is an opaque progress value, it is not a disk offset.
>   */
>  job->bytes_read += n;
> -job->common.offset += n;
> +block_job_progress_update(>common, n);

...Okay, when the end goal isn't changing, updating just the progress is
indeed a bit easier.

>  }
>  
>  out:
> @@ -261,7 +262,7 @@ void backup_do_checkpoint(BlockJob *job, Error **errp)
>  return;
>  }
>  
> -len = DIV_ROUND_UP(backup_job->common.len, backup_job->cluster_size);
> +len = DIV_ROUND_UP(backup_job->len, backup_job->cluster_size);
>  hbitmap_set(backup_job->copy_bitmap, 0, len);
>  }
>  
> @@ -420,8 +421,9 @@ static void 
> backup_incremental_init_copy_bitmap(BackupBlockJob *job)
>  bdrv_set_dirty_iter(dbi, next_cluster * job->cluster_size);
>  }
>  
> -job->common.offset = job->common.len -
> - hbitmap_count(job->copy_bitmap) * job->cluster_size;
> +/* TODO block_job_progress_set_remaining() would make more sense */
> +block_job_progress_update(>common,
> +job->len - hbitmap_count(job->copy_bitmap) * job->cluster_size);

Hmm. The old code couldn't touch job->common.len; the new code now has
two separate lengths (job->len that can't be touched, and
job->common.len that is now internal to stat reporting and therefore no
longer something that we can't touch).  The old code makes the job skip
forward according to the size of the bitmap that is not set (since we
don't have to do any work on that portion), which could indeed be a
rapid skip followed by the rest of the job moving at a slower pace;
where the new code could perhaps instead modify the goal to match just
the size that the bitmap occupies, so that the progress is more linearly
related.  So you're right that
block_job_progress_set_remaining(-hbitmap_count(job->copy_bitmap) *
job->cluster_size) (the negative adjustment is intentional) might make

Re: [Qemu-devel] [PATCH v3 15/22] target/arm: Add ARM_FEATURE_V7VE for v7 Virtualization Extensions

[Aaron Lindsay]

On Apr 17 16:00, Peter Maydell wrote:
> On 17 April 2018 at 15:23, Aaron Lindsay  wrote:
> > On Apr 12 18:17, Peter Maydell wrote:
> >> What's the difference between this and ARM_FEATURE_EL2 ?
> >
> > I use ARM_FEATURE_V7VE in a later patch to guard against implementing
> > PMOVSSET on v7 machines which don't implement the virtualization
> > extensions
> > (http://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg04917.html).
> > I could use ARM_FEATURE_EL2, but declaring that v7 machines supported
> > EL2 didn't feel right. I don't feel strongly one way or the other - how
> > do you prefer to handle this?
> 
> So, the underlying issue here is that there's a QEMU specific
> fudge going on. Architecturally, if the CPU implements the
> Virtualization Extensions, then:
>  * it has Hyp mode
>  * it must also implement the Security Extensions
>  * on reset it starts in the Secure world
>  * it has LPAE
>  * it has some stuff that is not inherently tied to having EL2,
>like the SDIV and UDIV instructions, and the presence of
>PMOVSSET
> 
> In an ideal world, we'd just have a feature flag that turned
> all that on. Unfortunately, a combination of backwards compatibility
> issues, the order in which various features were implemented
> in QEMU, and the fact that KVM can't emulate a guest CPU with
> the Security Extensions means that we want to be able to model
> variants of some CPUs that don't really exist in real hardware:
> Cortex-A15 and -A7 which only implement EL0/EL1 but still have
> all the v7VE features that you can see from those ELs. But we
> didn't really properly lay out guidelines for how the feature
> bits should work in this case, with the result that we have
> a bunch of local hacks (for instance get_S1prot() has a check
> on the LPAE feature bit, since in practice that bit is set in
> exactly the CPUs that have v7VE; and the UDIV/SDIV insns have
> their own feature bits.)
> 
> So we should probably sort out this mess first, either by:
> 
> (a) state that we use ARM_FEATURE_LPAE for all checks for
> features that are architecturally v7VE but which we want to
> exist even on our v7VE-no-Hyp-no-Secure oddballs
Are you implying that this would only involve updating the comments to
match the existing implementation?

> (b) define an ARM_FEATURE_V7VE for them
This seems the most attractive to me, though perhaps that's partially
aspirational - it is closest to what would be happening in an ideal
world where QEMU fully supported V7VE for this hardware.

> (c) define separate feature bits for them individually

I'm hesitant to formulate a patch for this - I'm not confident I
understand the context and interactions of the pieces involved well
enough to contribute productively. That said, I understand your
motivation to fix this the right way and am willing to try with a little
more direction/hand-holding.

For instance, which CPUs are we talking about here - I only see both
ARM_FEATURE_ARM_DIV and ARM_FEATURE_LPAE advertised together (without
full V8) in cortex_a7_initfn and cortex_a15_initfn. I'm assuming that V8
implies the full set of V7VE features we're discussing here so whatever
we come up with as a solution would be automatically set in the
ARM_FEATURE_V8 "Some features automatically imply others:" `if`
statement in  arm_cpu_realizefn.

-Aaron

> In any case we'd retain ARM_FEATURE_EL2 for "and really
> has EL2/Hyp mode", and we'd want to do an audit of current
> uses of various feature bits to see whether they followed
> the new rules.
> 
> (For AArch64 things are a bit less awkward because the
> architecture allows the idea of an implementation that
> has EL2 but not EL3.)



-- 
Qualcomm Datacenter Technologies as an affiliate of Qualcomm Technologies, Inc.
Qualcomm Technologies, Inc. is a member of the
Code Aurora Forum, a Linux Foundation Collaborative Project.

Re: [Qemu-devel] [RFC PATCH 00/33] Generic background jobs

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180424152515.25664-1-kw...@redhat.com
Subject: [Qemu-devel] [RFC PATCH 00/33] Generic background jobs

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]patchew/20180424045112.12963-1-pet...@redhat.com -> 
patchew/20180424045112.12963-1-pet...@redhat.com
 * [new tag]   patchew/20180424152515.25664-1-kw...@redhat.com -> 
patchew/20180424152515.25664-1-kw...@redhat.com
Switched to a new branch 'test'
a535175023 job: Add job_dismiss()
0745f6ead0 job: Add job_yield()
30ec314f7c job: Move completion and cancellation to Job
55feb0dd01 job: Move transactions to Job
01fdee4ef4 job: Switch transactions to JobTxn
08f97e3203 job: Move job_finish_sync() to Job
29083331c0 job: Move .complete callback to Job
48109bdf06 job: Add job_drain()
9cf6eff254 job: Convert block_job_cancel_async() to Job
6f2e5d1e76 job: Move single job finalisation to Job
5484bd3641 job: Add job_event_*()
2b16ee88f7 blockjob: Split block_job_event_pending()
eff654a865 job: Move BlockJobCreateFlags to Job
29a541953f job: Replace BlockJob.completed with job_is_completed()
d8835d9376 job: Move pause/resume functions to Job
0f78a91558 job: Add job_sleep_ns()
8767231b63 job: Move coroutine and related code to Job
64d19df958 job: Move defer_to_main_loop to Job
bdfe0a2294 job: Add Job.aio_context
203771e4ce job: Move cancelled to Job
0b5941f5df job: Add reference counting
c7f701c66d job: Move state transitions to Job
bd4fa23c86 job: Maintain a list of all jobs
03fb0888f2 job: Add job_delete()
d3efb916b0 job: Add JobDriver.job_type
6a3ee68500 job: Rename BlockJobType into JobType
b1abdb48ca job: Create Job, JobDriver and job_create()
49bfc63bc0 blockjob: Remove block_job_pause/resume_all()
77ae27705e blockjob: Add block_job_driver()
6b3f90fab4 blockjob: Introduce block_job_ratelimit_get_delay()
6fb872a85f blockjob: Implement block_job_set_speed() centrally
8b39f71653 blockjob: Move RateLimit to BlockJob
7d836020ea blockjob: Wrappers for progress counter access

=== OUTPUT BEGIN ===
Checking PATCH 1/33: blockjob: Wrappers for progress counter access...
Checking PATCH 2/33: blockjob: Move RateLimit to BlockJob...
Checking PATCH 3/33: blockjob: Implement block_job_set_speed() centrally...
Checking PATCH 4/33: blockjob: Introduce block_job_ratelimit_get_delay()...
Checking PATCH 5/33: blockjob: Add block_job_driver()...
Checking PATCH 6/33: blockjob: Remove block_job_pause/resume_all()...
Checking PATCH 7/33: job: Create Job, JobDriver and job_create()...
Checking PATCH 8/33: job: Rename BlockJobType into JobType...
Checking PATCH 9/33: job: Add JobDriver.job_type...
Checking PATCH 10/33: job: Add job_delete()...
Checking PATCH 11/33: job: Maintain a list of all jobs...
Checking PATCH 12/33: job: Move state transitions to Job...
ERROR: space prohibited before open square bracket '['
#334: FILE: job.c:38:
+/* U: */ [JOB_STATUS_UNDEFINED] = {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0},

ERROR: space prohibited before open square bracket '['
#335: FILE: job.c:39:
+/* C: */ [JOB_STATUS_CREATED]   = {0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1},

ERROR: space prohibited before open square bracket '['
#336: FILE: job.c:40:
+/* R: */ [JOB_STATUS_RUNNING]   = {0, 0, 0, 1, 1, 0, 1, 0, 1, 0, 0},

ERROR: space prohibited before open square bracket '['
#337: FILE: job.c:41:
+/* P: */ [JOB_STATUS_PAUSED]= {0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},

ERROR: space prohibited before open square bracket '['
#338: FILE: job.c:42:
+/* Y: */ [JOB_STATUS_READY] = {0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 0},

ERROR: space prohibited before open square bracket '['
#339: FILE: job.c:43:
+/* S: */ [JOB_STATUS_STANDBY]   = {0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},

ERROR: space prohibited before open square bracket '['
#340: FILE: job.c:44:
+/* W: */ [JOB_STATUS_WAITING]   = {0, 0, 0, 0, 0, 0, 0, 1, 1, 0, 0},

ERROR: space prohibited before open square bracket '['
#341: FILE: job.c:45:
+/* D: */ [JOB_STATUS_PENDING]   = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0},

ERROR: space prohibited before open square bracket '['
#342: FILE: job.c:46:
+/* X: */ [JOB_STATUS_ABORTING]  = {0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 0},

ERROR: space prohibited before open square bracket '['
#343: FILE: job.c:47:
+/* E: */ [JOB_STATUS_CONCLUDED] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 

[Qemu-devel] [Bug 1763536] Re: go build fails under qemu-ppc64le-static (qemu-user)

[Murilo Opsfelder Araújo]

With QEMU from tag v2.12.0-rc4 on Fedora 27 x86_64, it works too.

muriloo@laptop$ docker run --rm -it qemutest
/go # qemu-ppc64le-static --version
qemu-ppc64le version 2.11.94 (v2.12.0-rc4)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers
/go # go version
go version go1.10.1 linux/ppc64le
/go # go build hello.go
/go # ./hello
hello world
/go #

muriloo@laptop$ uname -a
Linux laptop 4.15.17-300.fc27.x86_64 #1 SMP Thu Apr 12 18:19:17 UTC 2018 x86_64 
x86_64 x86_64 GNU/Linux

muriloo@laptop$ rpm -q docker
docker-1.13.1-51.git4032bd5.fc27.x86_64

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1763536

Title:
  go build fails under qemu-ppc64le-static (qemu-user)

Status in QEMU:
  New

Bug description:
  I am using qemu-user (built static) in a docker container environment.
  When running multi-threaded go commands in the container (go build for
  example) the process may hang, report segfaults or other errors.  I
  built qemu-ppc64le from the upstream git (master).

  I see the problem running on a multi core system with Intel i7 processors.
  # cat /proc/cpuinfo | grep "model name"
  model name: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
  model name: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
  model name: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
  model name: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
  model name: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
  model name: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
  model name: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
  model name: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz

  Steps to reproduce:
  1) Build qemu-ppc64le as static and copy into docker build directory named it 
qemu-ppc64le-static.

  2) Add hello.go to docker build dir.

  package main
  import "fmt"
  func main() {
fmt.Println("hello world")
  }

  3) Create the Dockerfile from below:

  FROM ppc64le/golang:1.10.1-alpine3.
  COPY qemu-ppc64le-static /usr/bin/
  COPY hello.go /go

  4) Build container
  $ docker build -t qemutest -f Dockerfile ./go 

  5) Run test
  $ docker run -it qemutest

  /go # /usr/bin/qemu-ppc64le-static --version
  qemu-ppc64le version 2.11.93 (v2.12.0-rc3-dirty)
  Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

  /go # go version
  go version go1.10.1 linux/ppc64le

  /go # go build hello.go
  fatal error: fatal error: stopm holding locksunexpected signal during runtime 
execution

  panic during panic
  [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1003528c]

  runtime stack:
  runtime: unexpected return pc for syscall.Syscall6 called from 0xc42007f500
  stack: frame={sp:0xc4203be840, fp:0xc4203be860} 
stack=[0x4000b7ecf0,0x4000b928f0)

  syscall.Syscall6(0x100744e8, 0x3d, 0xc42050c140, 0x20, 0x18, 0x10422b80, 
0xc4203be968[signal , 0x10012d88SIGSEGV: segmentation violation, 0xc420594000 
code=, 0x00x1 addr=0x0 pc=0x1003528c)
  ]

  runtime stack:

/usr/local/go/src/syscall/asm_linux_ppc64x.s:61runtime.throw(0x10472d19, 0x13)
   +/usr/local/go/src/runtime/panic.go:0x6c616 +0x68

  
  runtime.stopm()
/usr/local/go/src/runtime/proc.go:1939goroutine  +10x158
   [runtime.exitsyscall0semacquire(0xc42007f500)
/usr/local/go/src/runtime/proc.go:3129 +]:
  0x130
  runtime.mcall(0xc42007f500)
/usr/local/go/src/runtime/asm_ppc64x.s:183 +0x58sync.runtime_Semacquire
  (0xc4201fab1c)
/usr/local/go/src/runtime/sema.go:56 +0x38

  
  Note the results may differ between attempts,  hangs and other faults 
sometimes happen.
  
  If I run "go: single threaded I don't see the problem, for example:

  /go # GOMAXPROCS=1 go build -p 1 hello.go 
  /go # ./hello
  hello world

  I see the same issue with arm64.  I don't think this is a go issue,
  but don't have a real evidence to prove that.  This problem looks
  similar to other problem I have seen reported against qemu running
  multi-threaded applications.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1763536/+subscriptions

Re: [Qemu-devel] [Qemu-block] [PATCH v2 4/6] rbd: Switch to byte-based callbacks

[Jason Dillaman]

On Tue, Apr 24, 2018 at 3:25 PM, Eric Blake  wrote:
> We are gradually moving away from sector-based interfaces, towards
> byte-based.  Make the change for the last few sector-based callbacks
> in the rbd driver.
>
> Note that the driver was already using byte-based calls for
> performing actual I/O, so this just gets rid of a round trip
> of scaling; however, as I don't know if RBD is tolerant of
> non-sector AIO operations, I went with the conservate approach
> of adding .bdrv_refresh_limits to override the block layer
> defaults back to the pre-patch value of 512.
>
> Signed-off-by: Eric Blake 
>
> ---
> v2: override new block layer default alignment [Kevin]
> ---
>  block/rbd.c | 44 
>  1 file changed, 24 insertions(+), 20 deletions(-)
>
> diff --git a/block/rbd.c b/block/rbd.c
> index c9359d0ad84..638ecf8d986 100644
> --- a/block/rbd.c
> +++ b/block/rbd.c
> @@ -231,6 +231,13 @@ done:
>  }
>
>
> +static void qemu_rbd_refresh_limits(BlockDriverState *bs, Error **errp)
> +{
> +/* XXX Does RBD support AIO on less than 512-byte alignment? */

Yes, librbd internally supports 1-byte alignment for IO, but the
optimal alignment/length would be object size * stripe count.

> +bs->bl.request_alignment = 512;
> +}
> +
> +
>  static int qemu_rbd_set_auth(rados_t cluster, const char *secretid,
>   Error **errp)
>  {
> @@ -899,27 +906,23 @@ failed:
>  return NULL;
>  }
>
> -static BlockAIOCB *qemu_rbd_aio_readv(BlockDriverState *bs,
> -  int64_t sector_num,
> -  QEMUIOVector *qiov,
> -  int nb_sectors,
> -  BlockCompletionFunc *cb,
> -  void *opaque)
> -{
> -return rbd_start_aio(bs, sector_num << BDRV_SECTOR_BITS, qiov,
> - (int64_t) nb_sectors << BDRV_SECTOR_BITS, cb, 
> opaque,
> - RBD_AIO_READ);
> -}
> -
> -static BlockAIOCB *qemu_rbd_aio_writev(BlockDriverState *bs,
> -   int64_t sector_num,
> -   QEMUIOVector *qiov,
> -   int nb_sectors,
> +static BlockAIOCB *qemu_rbd_aio_preadv(BlockDriverState *bs,
> +   uint64_t offset, uint64_t bytes,
> +   QEMUIOVector *qiov, int flags,
> BlockCompletionFunc *cb,
> void *opaque)
>  {
> -return rbd_start_aio(bs, sector_num << BDRV_SECTOR_BITS, qiov,
> - (int64_t) nb_sectors << BDRV_SECTOR_BITS, cb, 
> opaque,
> +return rbd_start_aio(bs, offset, qiov, bytes, cb, opaque,
> + RBD_AIO_READ);
> +}
> +
> +static BlockAIOCB *qemu_rbd_aio_pwritev(BlockDriverState *bs,
> +uint64_t offset, uint64_t bytes,
> +QEMUIOVector *qiov, int flags,
> +BlockCompletionFunc *cb,
> +void *opaque)
> +{
> +return rbd_start_aio(bs, offset, qiov, bytes, cb, opaque,
>   RBD_AIO_WRITE);
>  }
>
> @@ -1158,6 +1161,7 @@ static BlockDriver bdrv_rbd = {
>  .format_name= "rbd",
>  .instance_size  = sizeof(BDRVRBDState),
>  .bdrv_parse_filename= qemu_rbd_parse_filename,
> +.bdrv_refresh_limits= qemu_rbd_refresh_limits,
>  .bdrv_file_open = qemu_rbd_open,
>  .bdrv_close = qemu_rbd_close,
>  .bdrv_reopen_prepare= qemu_rbd_reopen_prepare,
> @@ -1170,8 +1174,8 @@ static BlockDriver bdrv_rbd = {
>  .bdrv_truncate  = qemu_rbd_truncate,
>  .protocol_name  = "rbd",
>
> -.bdrv_aio_readv = qemu_rbd_aio_readv,
> -.bdrv_aio_writev= qemu_rbd_aio_writev,
> +.bdrv_aio_preadv= qemu_rbd_aio_preadv,
> +.bdrv_aio_pwritev   = qemu_rbd_aio_pwritev,
>
>  #ifdef LIBRBD_SUPPORTS_AIO_FLUSH
>  .bdrv_aio_flush = qemu_rbd_aio_flush,
> --
> 2.14.3
>
>



-- 
Jason

Re: [Qemu-devel] [PATCH] linux-user: set minimum uname for RISC-V

[Palmer Dabbelt]

On Tue, 24 Apr 2018 12:07:43 PDT (-0700), peter.mayd...@linaro.org wrote:

On 24 April 2018 at 17:40, Palmer Dabbelt  wrote:

On Tue, 24 Apr 2018 09:03:29 PDT (-0700), alex.ben...@linaro.org wrote:


As support was merged into the mainline kernel at 4.15 it is unlikely
3.8.0 is the correct value. Indeed when I testing binaries created by
the current Debian SID compiler the tests failed with:

  FATAL: kernel too old

Signed-off-by: Alex Bennée 
---
 linux-user/riscv/target_syscall.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/riscv/target_syscall.h
b/linux-user/riscv/target_syscall.h
index d4e109a27f..ee81d8bc88 100644
--- a/linux-user/riscv/target_syscall.h
+++ b/linux-user/riscv/target_syscall.h
@@ -45,7 +45,7 @@ struct target_pt_regs {
 #else
 #define UNAME_MACHINE "riscv64"
 #endif
-#define UNAME_MINIMUM_RELEASE "3.8.0"
+#define UNAME_MINIMUM_RELEASE "4.15.0"

 #define TARGET_MINSIGSTKSZ 2048
 #define TARGET_MLOCKALL_MCL_CURRENT 1



If I understand this correctly, this will make host kernels older than
4.15.0 look like 4.15.0 when a program running in user-mode emulation on a
RISC-V system?


Yes. Typically you want to set this to whatever glibc has
baked in as its arch_minimum_kernel, which in this case
does seem to be 4.15.0:

https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/riscv/configure.ac;h=4fae013ec91451370a6d14b15b7e6d37fcd669af;hb=HEAD


Sounds good, thanks!

[Qemu-devel] [PATCH v2 6/6] block: Drop last of the sector-based aio callbacks

[Eric Blake]

We are gradually moving away from sector-based interfaces, towards
byte-based.  Now that all drivers with aio callbacks are using the
byte-based interfaces, we can remove the sector-based versions.

Signed-off-by: Eric Blake 

---
v2: rearrange conditionals to put byte-based code first [Kevin]
---
 include/block/block_int.h |  6 
 block/io.c| 86 ---
 2 files changed, 37 insertions(+), 55 deletions(-)

diff --git a/include/block/block_int.h b/include/block/block_int.h
index e772e3502b1..0bba7ed024a 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -141,15 +141,9 @@ struct BlockDriver {
 void (*bdrv_refresh_filename)(BlockDriverState *bs, QDict *options);

 /* aio */
-BlockAIOCB *(*bdrv_aio_readv)(BlockDriverState *bs,
-int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
-BlockCompletionFunc *cb, void *opaque);
 BlockAIOCB *(*bdrv_aio_preadv)(BlockDriverState *bs,
 uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags,
 BlockCompletionFunc *cb, void *opaque);
-BlockAIOCB *(*bdrv_aio_writev)(BlockDriverState *bs,
-int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
-BlockCompletionFunc *cb, void *opaque);
 BlockAIOCB *(*bdrv_aio_pwritev)(BlockDriverState *bs,
 uint64_t offset, uint64_t bytes, QEMUIOVector *qiov, int flags,
 BlockCompletionFunc *cb, void *opaque);
diff --git a/block/io.c b/block/io.c
index 407bc25df41..6b110b207a0 100644
--- a/block/io.c
+++ b/block/io.c
@@ -925,31 +925,14 @@ static int coroutine_fn 
bdrv_driver_preadv(BlockDriverState *bs,
 return drv->bdrv_co_preadv(bs, offset, bytes, qiov, flags);
 }

-/* FIXME - no need to calculate these if .bdrv_aio_preadv exists */
-sector_num = offset >> BDRV_SECTOR_BITS;
-nb_sectors = bytes >> BDRV_SECTOR_BITS;
-
-if (!drv->bdrv_aio_preadv) {
-assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
-assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
-assert((bytes >> BDRV_SECTOR_BITS) <= BDRV_REQUEST_MAX_SECTORS);
-}
-
-if (drv->bdrv_co_readv) {
-return drv->bdrv_co_readv(bs, sector_num, nb_sectors, qiov);
-} else {
+if (drv->bdrv_aio_preadv) {
 BlockAIOCB *acb;
 CoroutineIOCompletion co = {
 .coroutine = qemu_coroutine_self(),
 };

-if (drv->bdrv_aio_preadv) {
-acb = drv->bdrv_aio_preadv(bs, offset, bytes, qiov, flags,
-   bdrv_co_io_em_complete, );
-} else {
-acb = drv->bdrv_aio_readv(bs, sector_num, qiov, nb_sectors,
-  bdrv_co_io_em_complete, );
-}
+acb = drv->bdrv_aio_preadv(bs, offset, bytes, qiov, flags,
+   bdrv_co_io_em_complete, );
 if (acb == NULL) {
 return -EIO;
 } else {
@@ -957,6 +940,16 @@ static int coroutine_fn 
bdrv_driver_preadv(BlockDriverState *bs,
 return co.ret;
 }
 }
+
+sector_num = offset >> BDRV_SECTOR_BITS;
+nb_sectors = bytes >> BDRV_SECTOR_BITS;
+
+assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
+assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
+assert((bytes >> BDRV_SECTOR_BITS) <= BDRV_REQUEST_MAX_SECTORS);
+assert(drv->bdrv_co_readv);
+
+return drv->bdrv_co_readv(bs, sector_num, nb_sectors, qiov);
 }

 static int coroutine_fn bdrv_driver_pwritev(BlockDriverState *bs,
@@ -981,45 +974,40 @@ static int coroutine_fn 
bdrv_driver_pwritev(BlockDriverState *bs,
 goto emulate_flags;
 }

-/* FIXME - no need to calculate these if .bdrv_aio_pwritev exists */
+if (drv->bdrv_aio_pwritev) {
+BlockAIOCB *acb;
+CoroutineIOCompletion co = {
+.coroutine = qemu_coroutine_self(),
+};
+
+acb = drv->bdrv_aio_pwritev(bs, offset, bytes, qiov,
+flags & bs->supported_write_flags,
+bdrv_co_io_em_complete, );
+flags &= ~bs->supported_write_flags;
+if (acb == NULL) {
+ret = -EIO;
+} else {
+qemu_coroutine_yield();
+ret = co.ret;
+}
+goto emulate_flags;
+}
+
 sector_num = offset >> BDRV_SECTOR_BITS;
 nb_sectors = bytes >> BDRV_SECTOR_BITS;

-if (!drv->bdrv_aio_pwritev) {
-assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
-assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
-assert((bytes >> BDRV_SECTOR_BITS) <= BDRV_REQUEST_MAX_SECTORS);
-}
+assert((offset & (BDRV_SECTOR_SIZE - 1)) == 0);
+assert((bytes & (BDRV_SECTOR_SIZE - 1)) == 0);
+assert((bytes >> BDRV_SECTOR_BITS) <= BDRV_REQUEST_MAX_SECTORS);

 if (drv->bdrv_co_writev_flags) {
 ret = drv->bdrv_co_writev_flags(bs, sector_num, nb_sectors, qiov,
 

[Qemu-devel] [PATCH v2 3/6] null: Switch to byte-based read/write

[Eric Blake]

We are gradually moving away from sector-based interfaces, towards
byte-based.  Make the change for the last few sector-based callbacks
in the null-co and null-aio drivers.

Note that since the null driver does nothing on writes, it trivially
supports the BDRV_REQ_FUA flag (all writes have already landed to
the same bit-bucket without needing an extra flush call).  Also, since
the null driver does just as well with byte-based requests, we can
now avoid cycles wasted on read-modify-write by taking advantage of
the block layer now defaulting the alignment to 1 instead of 512.

Signed-off-by: Eric Blake 

---
v2: rely on new block layer default alignment [Kevin]
---
 block/null.c | 59 ++-
 1 file changed, 30 insertions(+), 29 deletions(-)

diff --git a/block/null.c b/block/null.c
index 806a8631e4d..8fbbda52ea1 100644
--- a/block/null.c
+++ b/block/null.c
@@ -93,6 +93,7 @@ static int null_file_open(BlockDriverState *bs, QDict 
*options, int flags,
 }
 s->read_zeroes = qemu_opt_get_bool(opts, NULL_OPT_ZEROES, false);
 qemu_opts_del(opts);
+bs->supported_write_flags = BDRV_REQ_FUA;
 return ret;
 }

@@ -116,22 +117,22 @@ static coroutine_fn int null_co_common(BlockDriverState 
*bs)
 return 0;
 }

-static coroutine_fn int null_co_readv(BlockDriverState *bs,
-  int64_t sector_num, int nb_sectors,
-  QEMUIOVector *qiov)
+static coroutine_fn int null_co_preadv(BlockDriverState *bs,
+   uint64_t offset, uint64_t bytes,
+   QEMUIOVector *qiov, int flags)
 {
 BDRVNullState *s = bs->opaque;

 if (s->read_zeroes) {
-qemu_iovec_memset(qiov, 0, 0, nb_sectors * BDRV_SECTOR_SIZE);
+qemu_iovec_memset(qiov, 0, 0, bytes);
 }

 return null_co_common(bs);
 }

-static coroutine_fn int null_co_writev(BlockDriverState *bs,
-   int64_t sector_num, int nb_sectors,
-   QEMUIOVector *qiov)
+static coroutine_fn int null_co_pwritev(BlockDriverState *bs,
+uint64_t offset, uint64_t bytes,
+QEMUIOVector *qiov, int flags)
 {
 return null_co_common(bs);
 }
@@ -186,26 +187,26 @@ static inline BlockAIOCB 
*null_aio_common(BlockDriverState *bs,
 return >common;
 }

-static BlockAIOCB *null_aio_readv(BlockDriverState *bs,
-  int64_t sector_num, QEMUIOVector *qiov,
-  int nb_sectors,
-  BlockCompletionFunc *cb,
-  void *opaque)
-{
-BDRVNullState *s = bs->opaque;
-
-if (s->read_zeroes) {
-qemu_iovec_memset(qiov, 0, 0, nb_sectors * BDRV_SECTOR_SIZE);
-}
-
-return null_aio_common(bs, cb, opaque);
-}
-
-static BlockAIOCB *null_aio_writev(BlockDriverState *bs,
-   int64_t sector_num, QEMUIOVector *qiov,
-   int nb_sectors,
+static BlockAIOCB *null_aio_preadv(BlockDriverState *bs,
+   uint64_t offset, uint64_t bytes,
+   QEMUIOVector *qiov, int flags,
BlockCompletionFunc *cb,
void *opaque)
+{
+BDRVNullState *s = bs->opaque;
+
+if (s->read_zeroes) {
+qemu_iovec_memset(qiov, 0, 0, bytes);
+}
+
+return null_aio_common(bs, cb, opaque);
+}
+
+static BlockAIOCB *null_aio_pwritev(BlockDriverState *bs,
+uint64_t offset, uint64_t bytes,
+QEMUIOVector *qiov, int flags,
+BlockCompletionFunc *cb,
+void *opaque)
 {
 return null_aio_common(bs, cb, opaque);
 }
@@ -266,8 +267,8 @@ static BlockDriver bdrv_null_co = {
 .bdrv_close = null_close,
 .bdrv_getlength = null_getlength,

-.bdrv_co_readv  = null_co_readv,
-.bdrv_co_writev = null_co_writev,
+.bdrv_co_preadv = null_co_preadv,
+.bdrv_co_pwritev= null_co_pwritev,
 .bdrv_co_flush_to_disk  = null_co_flush,
 .bdrv_reopen_prepare= null_reopen_prepare,

@@ -286,8 +287,8 @@ static BlockDriver bdrv_null_aio = {
 .bdrv_close = null_close,
 .bdrv_getlength = null_getlength,

-.bdrv_aio_readv = null_aio_readv,
-.bdrv_aio_writev= null_aio_writev,
+.bdrv_aio_preadv= null_aio_preadv,
+.bdrv_aio_pwritev   = null_aio_pwritev,
 .bdrv_aio_flush = null_aio_flush,
 .bdrv_reopen_prepare= null_reopen_prepare,

-- 
2.14.3

[Qemu-devel] [PATCH v2 4/6] rbd: Switch to byte-based callbacks

[Eric Blake]

We are gradually moving away from sector-based interfaces, towards
byte-based.  Make the change for the last few sector-based callbacks
in the rbd driver.

Note that the driver was already using byte-based calls for
performing actual I/O, so this just gets rid of a round trip
of scaling; however, as I don't know if RBD is tolerant of
non-sector AIO operations, I went with the conservate approach
of adding .bdrv_refresh_limits to override the block layer
defaults back to the pre-patch value of 512.

Signed-off-by: Eric Blake 

---
v2: override new block layer default alignment [Kevin]
---
 block/rbd.c | 44 
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index c9359d0ad84..638ecf8d986 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -231,6 +231,13 @@ done:
 }


+static void qemu_rbd_refresh_limits(BlockDriverState *bs, Error **errp)
+{
+/* XXX Does RBD support AIO on less than 512-byte alignment? */
+bs->bl.request_alignment = 512;
+}
+
+
 static int qemu_rbd_set_auth(rados_t cluster, const char *secretid,
  Error **errp)
 {
@@ -899,27 +906,23 @@ failed:
 return NULL;
 }

-static BlockAIOCB *qemu_rbd_aio_readv(BlockDriverState *bs,
-  int64_t sector_num,
-  QEMUIOVector *qiov,
-  int nb_sectors,
-  BlockCompletionFunc *cb,
-  void *opaque)
-{
-return rbd_start_aio(bs, sector_num << BDRV_SECTOR_BITS, qiov,
- (int64_t) nb_sectors << BDRV_SECTOR_BITS, cb, opaque,
- RBD_AIO_READ);
-}
-
-static BlockAIOCB *qemu_rbd_aio_writev(BlockDriverState *bs,
-   int64_t sector_num,
-   QEMUIOVector *qiov,
-   int nb_sectors,
+static BlockAIOCB *qemu_rbd_aio_preadv(BlockDriverState *bs,
+   uint64_t offset, uint64_t bytes,
+   QEMUIOVector *qiov, int flags,
BlockCompletionFunc *cb,
void *opaque)
 {
-return rbd_start_aio(bs, sector_num << BDRV_SECTOR_BITS, qiov,
- (int64_t) nb_sectors << BDRV_SECTOR_BITS, cb, opaque,
+return rbd_start_aio(bs, offset, qiov, bytes, cb, opaque,
+ RBD_AIO_READ);
+}
+
+static BlockAIOCB *qemu_rbd_aio_pwritev(BlockDriverState *bs,
+uint64_t offset, uint64_t bytes,
+QEMUIOVector *qiov, int flags,
+BlockCompletionFunc *cb,
+void *opaque)
+{
+return rbd_start_aio(bs, offset, qiov, bytes, cb, opaque,
  RBD_AIO_WRITE);
 }

@@ -1158,6 +1161,7 @@ static BlockDriver bdrv_rbd = {
 .format_name= "rbd",
 .instance_size  = sizeof(BDRVRBDState),
 .bdrv_parse_filename= qemu_rbd_parse_filename,
+.bdrv_refresh_limits= qemu_rbd_refresh_limits,
 .bdrv_file_open = qemu_rbd_open,
 .bdrv_close = qemu_rbd_close,
 .bdrv_reopen_prepare= qemu_rbd_reopen_prepare,
@@ -1170,8 +1174,8 @@ static BlockDriver bdrv_rbd = {
 .bdrv_truncate  = qemu_rbd_truncate,
 .protocol_name  = "rbd",

-.bdrv_aio_readv = qemu_rbd_aio_readv,
-.bdrv_aio_writev= qemu_rbd_aio_writev,
+.bdrv_aio_preadv= qemu_rbd_aio_preadv,
+.bdrv_aio_pwritev   = qemu_rbd_aio_pwritev,

 #ifdef LIBRBD_SUPPORTS_AIO_FLUSH
 .bdrv_aio_flush = qemu_rbd_aio_flush,
-- 
2.14.3

[Qemu-devel] [PATCH for 2.13 v4 16/20] linux-user: move i386/x86_64 signal.c parts to i386 directory

[Laurent Vivier]

No code change, only move code from signal.c to
i386/signal.c, except adding includes and
exporting setup_frame() and setup_rt_frame().

x86_64/signal.c includes i386/signal.c

Signed-off-by: Laurent Vivier 
Reviewed-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---

Notes:
v3: expand tabs

 linux-user/i386/signal.c  | 584 ++
 linux-user/i386/target_signal.h   |   5 +
 linux-user/signal.c   | 582 +
 linux-user/x86_64/signal.c|   2 +
 linux-user/x86_64/target_signal.h |   3 +
 5 files changed, 595 insertions(+), 581 deletions(-)

diff --git a/linux-user/i386/signal.c b/linux-user/i386/signal.c
index 02ca338b6c..4a190e6435 100644
--- a/linux-user/i386/signal.c
+++ b/linux-user/i386/signal.c
@@ -16,3 +16,587 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, see .
  */
+#include "qemu/osdep.h"
+#include "qemu.h"
+#include "target_signal.h"
+#include "signal-common.h"
+#include "linux-user/trace.h"
+
+/* from the Linux kernel - /arch/x86/include/uapi/asm/sigcontext.h */
+
+struct target_fpreg {
+uint16_t significand[4];
+uint16_t exponent;
+};
+
+struct target_fpxreg {
+uint16_t significand[4];
+uint16_t exponent;
+uint16_t padding[3];
+};
+
+struct target_xmmreg {
+uint32_t element[4];
+};
+
+struct target_fpstate_32 {
+/* Regular FPU environment */
+uint32_t cw;
+uint32_t sw;
+uint32_t tag;
+uint32_t ipoff;
+uint32_t cssel;
+uint32_t dataoff;
+uint32_t datasel;
+struct target_fpreg st[8];
+uint16_t  status;
+uint16_t  magic;  /* 0x = regular FPU data only */
+
+/* FXSR FPU environment */
+uint32_t _fxsr_env[6];   /* FXSR FPU env is ignored */
+uint32_t mxcsr;
+uint32_t reserved;
+struct target_fpxreg fxsr_st[8]; /* FXSR FPU reg data is ignored */
+struct target_xmmreg xmm[8];
+uint32_t padding[56];
+};
+
+struct target_fpstate_64 {
+/* FXSAVE format */
+uint16_t cw;
+uint16_t sw;
+uint16_t twd;
+uint16_t fop;
+uint64_t rip;
+uint64_t rdp;
+uint32_t mxcsr;
+uint32_t mxcsr_mask;
+uint32_t st_space[32];
+uint32_t xmm_space[64];
+uint32_t reserved[24];
+};
+
+#ifndef TARGET_X86_64
+# define target_fpstate target_fpstate_32
+#else
+# define target_fpstate target_fpstate_64
+#endif
+
+struct target_sigcontext_32 {
+uint16_t gs, __gsh;
+uint16_t fs, __fsh;
+uint16_t es, __esh;
+uint16_t ds, __dsh;
+uint32_t edi;
+uint32_t esi;
+uint32_t ebp;
+uint32_t esp;
+uint32_t ebx;
+uint32_t edx;
+uint32_t ecx;
+uint32_t eax;
+uint32_t trapno;
+uint32_t err;
+uint32_t eip;
+uint16_t cs, __csh;
+uint32_t eflags;
+uint32_t esp_at_signal;
+uint16_t ss, __ssh;
+uint32_t fpstate; /* pointer */
+uint32_t oldmask;
+uint32_t cr2;
+};
+
+struct target_sigcontext_64 {
+uint64_t r8;
+uint64_t r9;
+uint64_t r10;
+uint64_t r11;
+uint64_t r12;
+uint64_t r13;
+uint64_t r14;
+uint64_t r15;
+
+uint64_t rdi;
+uint64_t rsi;
+uint64_t rbp;
+uint64_t rbx;
+uint64_t rdx;
+uint64_t rax;
+uint64_t rcx;
+uint64_t rsp;
+uint64_t rip;
+
+uint64_t eflags;
+
+uint16_t cs;
+uint16_t gs;
+uint16_t fs;
+uint16_t ss;
+
+uint64_t err;
+uint64_t trapno;
+uint64_t oldmask;
+uint64_t cr2;
+
+uint64_t fpstate; /* pointer */
+uint64_t padding[8];
+};
+
+#ifndef TARGET_X86_64
+# define target_sigcontext target_sigcontext_32
+#else
+# define target_sigcontext target_sigcontext_64
+#endif
+
+/* see Linux/include/uapi/asm-generic/ucontext.h */
+struct target_ucontext {
+abi_ulong tuc_flags;
+abi_ulong tuc_link;
+target_stack_ttuc_stack;
+struct target_sigcontext tuc_mcontext;
+target_sigset_t   tuc_sigmask;  /* mask last for extensibility */
+};
+
+#ifndef TARGET_X86_64
+struct sigframe {
+abi_ulong pretcode;
+int sig;
+struct target_sigcontext sc;
+struct target_fpstate fpstate;
+abi_ulong extramask[TARGET_NSIG_WORDS-1];
+char retcode[8];
+};
+
+struct rt_sigframe {
+abi_ulong pretcode;
+int sig;
+abi_ulong pinfo;
+abi_ulong puc;
+struct target_siginfo info;
+struct target_ucontext uc;
+struct target_fpstate fpstate;
+char retcode[8];
+};
+
+#else
+
+struct rt_sigframe {
+abi_ulong pretcode;
+struct target_ucontext uc;
+struct target_siginfo info;
+struct target_fpstate fpstate;
+};
+
+#endif
+
+/*
+ * Set up a signal frame.
+ */
+
+/* XXX: save x87 state */
+static void setup_sigcontext(struct target_sigcontext *sc,
+struct target_fpstate *fpstate, CPUX86State *env, abi_ulong mask,
+abi_ulong fpstate_addr)
+{
+CPUState 

Re: [Qemu-devel] What's the next QEMU version after 2.9 ? (or: when is a good point in time to get rid of old interfaces)

[Philippe Mathieu-Daudé]

Hi Yongbok Kim,

On 03/10/2017 08:58 AM, Yongbok Kim wrote:
> On 10/03/2017 11:53, Thomas Huth wrote:
>> On 10.03.2017 12:22, Peter Maydell wrote:
>>> On 10 March 2017 at 12:07, Jason Wang  wrote:
 On 2017年03月09日 18:20, Yongbok Kim wrote:
> Indeed but we still use the platform to verify architectural
> compatibilities even for newer MIPS architectures.
>>>
 I see, but I believe it may need some modifications in the code to support
 newer architectures? If yes, plan to send them upstream? Since it has been
 deprecated, if no new codes it makes sense to deprecate it in qemu too. You
 can still use exist qemu versions to do the verification.
>>>
>>> Taking a step back, the reason for deprecating and deleting
>>> code is to avoid having unmaintained and unused code in QEMU.
>>> If Yongbok is maintaining the mipssim board and devices
>>> and is willing to keep them up to spec with current QOM
>>> and other best practices, and there are test images to
>>> check they still work, I think that's fine.
>>
>> But the Mipssim machine is currently marked as "Orphan" in our
>> MAINTAINERS file ... Yongbok, if you're still using it, would you maybe
>> be interested in doing at least "Odd fixes" here?
>> BTW, I think "F: hw/net/mipsnet.c" should be added to the "Mipssim"
>> section, too.
>>
> Yes I am willing to maintain the machine. I will post a patch to the
> MAINTAINERS file for the machine and other MIPS machines.

I'm trying to setup Avocado [1] VM tests on Unsupported machines from
the MAINTAINERS file, which include the "Odd Fixes" status entry.

Do you have images I can use for the MIPSsim board? It has been very
hard to reproduce some.

- Linux dropped MIPSsim support in v3.18

- I checkouted longterm v3.2.101 kernel, then hit:

$ make mipssim_defconfig
$ make vmlinux
include/linux/compiler-gcc.h:105:30:
fatal error: linux/compiler-gcc6.h: No such file or directory

I backported include/linux/compiler-gcc.h from long term stable
v3.16.56, but then:

  AS  arch/mips/kernel/r4k_fpu.o

arch/mips/kernel/r4k_fpu.S: Assembler messages:

arch/mips/kernel/r4k_fpu.S:59: Error: opcode not supported on this
processor: mips3 (mips3) `sdc1 $f0,272+0($4)'

which is a binutils problem.

After reading https://lkml.org/lkml/2015/7/15/26, I backported commit
842dfc11ea9a2 but then hitting other problems I gave out and started a
different approach.

- I checkouted the more recent long term stable v3.16.56 kernel and
reverted commits b30fdd6f7395b and 270690e00cdb0.

I then could rebuild a kernel for this board.

You can find the signed tag I'll use for the Avocado tests here:
https://github.com/philmd/linux/releases/tag/linux-mipssim-3.16.56

So far this kernel doesn't boot far, but at least I could test the
console is working:

$ ./mipsel-softmmu/qemu-system-mipsel -M mipssim -kernel
/build/linux/mipssim/vmlinux -nographic
Linux version 3.16.56-2-g41a1a4f084a9 (phil@ugli) (gcc version 6.3.0
20170516 (Debian 6.3.0-18) ) #1 Tue Apr 24 15:20:39 -03 2018
Setting default memory size 0x0200
bootconsole [early0] enabled
CPU0 revision is: 00019300 (MIPS 24Kc)
FPU revision is: 00739300
...
CPU frequency 12.00 MHz
random: nonblocking pool is initialized
CPU 0 Unable to handle kernel paging request at virtual address
0080, epc == 80132d9c, ra == 801330a0
Oops[#1]:
CPU: 0 PID: 0 Comm: swapper Not tainted 3.16.56-2-g41a1a4f084a9 #1
Call Trace:
[<80132d9c>] __queue_work+0x3c/0x2b8
[<801330a0>] queue_work_on+0x88/0xb4
[<8029df08>] credit_entropy_bits+0x21c/0x300
[<8015239c>] handle_irq_event_percpu+0xc8/0x1a0
[<80155ac8>] handle_percpu_irq+0x54/0x84
[<80151ac8>] generic_handle_irq+0x34/0x4c
[<801056c0>] do_IRQ+0x18/0x28
[<80103628>] ret_from_irq+0x0/0x4
[<80120d80>] __do_softirq+0xc0/0x2dc
[<80121290>] irq_exit+0x90/0x98
[<80103628>] ret_from_irq+0x0/0x4
[<8040ca48>] start_kernel+0x2e4/0x3e4

My setup is a Debian/Sid with mipsel-linux-gnu-gcc (GCC 6.3),
I also used the following shell environment:

$ export CROSS_COMPILE=mips-linux-gnu- ARCH=mips

Regards,

Phil.

[1] http://lists.nongnu.org/archive/html/qemu-devel/2018-04/msg03355.html



signature.asc
Description: OpenPGP digital signature