Re: [Qemu-devel] [PATCH v12 3/3] qcow2: list of bitmaps new test 242

[Vladimir Sementsov-Ogievskiy]

05.02.2019 23:14, Andrey Shinkevich wrote:
> A new test file 242 added to the qemu-iotests set. It checks
> the format of qcow2 specific information for the new added
> section that lists details of bitmaps.
> 
> Signed-off-by: Andrey Shinkevich 
> ---
>   tests/qemu-iotests/242 | 100 +++
>   tests/qemu-iotests/242.out | 167 
> +
>   tests/qemu-iotests/group   |   1 +
>   3 files changed, 268 insertions(+)
>   create mode 100755 tests/qemu-iotests/242
>   create mode 100644 tests/qemu-iotests/242.out
> 
> diff --git a/tests/qemu-iotests/242 b/tests/qemu-iotests/242
> new file mode 100755
> index 000..95c1f18
> --- /dev/null
> +++ b/tests/qemu-iotests/242

[..]

> +
> +def toggle_flag(offset):
> +f = open(disk, "r+b")
> +f.seek(offset, 0)
> +c = f.read(1)
> +toggled = chr(ord(c) ^ bitmap_flag_unknown)
> +f.seek(-1, 1)
> +f.write(toggled)
> +f.close()

ok, but better use "with", like
with open(disk, "r+b") as f:
...

as file will be closed on any exception


With or without that fixed:
Reviewed-by: Vladimir Sementsov-Ogievskiy 


-- 
Best regards,
Vladimir

Re: [Qemu-devel] sparc: crash when using initrd > 5M

[Mark Cave-Ayland]

On 06/02/2019 07:28, Corentin Labbe wrote:

>>> Hello
>>>
>>> Sorry even with the patch I still hit the issue.
>>>
>>> I have added some debug and at least qemu set initrd_size correctly now.
>>>
>>> I have tried to compile openbios-sparc32 for debugging but fail with
>>> arch/sparc32/context.c:116:5: error: PIC register clobbered by 'l7' in 'asm'
>>>  asm __volatile__ ("\n\tcall __switch_context"
>>>  ^~~
>>> make[1]: *** [rules.mak:219: target/arch/sparc32/context.o] Error 1
>>> (gcc 7.2 and gc 6.4 with binutils 2.30)
>>
>> Hmmm. One other thing I've noticed is that newer kernels tend need a minimum 
>> of 256M
>> RAM to start up - does it work if you add -m 256 to your command line?
>>
>>
> 
> I have already set 256M of RAM. (and tried 512)

I wonder then if this is being triggered by a recent kernel change? I tend to 
test
using the latest Debian ports ISOs which are currently running 4.9 and that 
booted
fine when I was testing the patches above.

Can you try with a few older kernels to see if this is the case?


ATB,

Mark.

Re: [Qemu-devel] [PATCH v2 09/18] tests/vm/openbsd: Install Bash from the ports

[Gerd Hoffmann]

On Tue, Feb 05, 2019 at 03:23:53PM +0100, Philippe Mathieu-Daudé wrote:
> Hi Brad,
> 
> On 2/5/19 2:57 PM, Brad Smith wrote:
> > If someone could point me in the right direction as to how the image is
> > created
> > I could look at coming up with something newer. I would prefer that over
> > some
> > of the workarounds I've seen to date.
> 
> I'm not an OpenBSD user, so I'm more than happy if you can help the
> upstream community to test QEMU codebase on this OS. Testing helps us to
> avoid code rot.
> 
> What we currently use to run tests is the 'tests/vm/openbsd' script.
> The script itself doesn't document how it was built, but looking at the
> commit of his introduction fdfaa33291eb we have:

There also is a patch floating around to auto-install openbsd:
https://patchwork.kernel.org/patch/10749459/

Not fully sure why this wasn't merged yet.  One problem is that this
patch depends on a new slirp feature (added in the 3.1 devel cycle,
needed to serve install.conf via http).  Which blocked merge during the
3.1 cycle, because depending on unreleased qemu for test builds isn't a
good idea.  But 3.1 is released, so maybe we can merge that for 4.0 now?

The openbsd installer trying to fetch install.conf not only via http but
also via tftp would also simplify things, maybe implementing that is an
option for the next openbsd release?

cheers,
  Gerd

Re: [Qemu-devel] sparc: crash when using initrd > 5M

[Corentin Labbe]

On Tue, Feb 05, 2019 at 04:45:16PM +, Mark Cave-Ayland wrote:
> On 05/02/2019 09:11, Corentin Labbe wrote:
> 
> > On Fri, Feb 01, 2019 at 02:15:15PM +, Mark Cave-Ayland wrote:
> >> On 18/01/2019 13:33, Mark Cave-Ayland wrote:
> >>
> >>> On 03/01/2019 15:48, Corentin Labbe wrote:
> >>>
>  Hello
> 
>  When using an initrd > 5M, I hit the following kernel crash:
>  qemu-system-sparc -kernel vmlinux -initrd rootfs.cpio.gz -nographic
>  Configuration device id QEMU version 1 machine id 32
>  Probing SBus slot 0 offset 0
>  Probing SBus slot 1 offset 0
>  Probing SBus slot 2 offset 0
>  Probing SBus slot 3 offset 0
>  Probing SBus slot 4 offset 0
>  Probing SBus slot 5 offset 0
>  Invalid FCode start byte
>  CPUs: 1 x FMI,MB86904
>  UUID: ----
>  Welcome to OpenBIOS v1.1 built on Oct 5 2018 08:20
>    Type 'help' for detailed information
>  [sparc] Kernel already loaded
>  switching to new context:
>  PROMLIB: obio_ranges 1
>  [0.00] PROMLIB: Sun Boot Prom Version 3 Revision 2
>  [0.00] Linux version 4.20.0-next-20190102+ (compile@Red) (gcc 
>  version 7.3.0 (Gentoo 7.3.0-r3 p1.4)) #148 Thu Jan 3 16:17:08 CET 2019
>  [0.00] printk: bootconsole [earlyprom0] enabled
>  [0.00] ARCH: SUN4M
>  [0.00] TYPE: SPARCstation 5
>  [0.00] Ethernet address: 52:54:00:12:34:56
>  [0.00] Unable to handle kernel NULL pointer dereference
>  [0.00] tsk->{mm,active_mm}->context = 
>  [0.00] tsk->{mm,active_mm}->pgd = 
>  [0.00]   \|/  \|/
>  [0.00]   "@'/ ,. \`@"
>  [0.00]   /_| \__/ |_\
>  [0.00]  \__U_/
>  [0.00] swapper(0): Oops [#1]
>  [0.00] CPU: 0 PID: 0 Comm: swapper Not tainted 
>  4.20.0-next-20190102+ #148
>  [0.00] PSR: 04001fc0 PC: f0010ef0 NPC: f0010ef4 Y: 
>  Not tainted
>  [0.00] PC: 
>  [0.00] %G: 000a 03c4  f05ece08 f05ecc00   
>  00e0  f05d4000 0001
>  [0.00] %O:  00e0  0080 00e0   
>  0002  f05d5bb8 f00bba58
>  [0.00] RPC: 
>  [0.00] %L: 0040 f05dfaf8  f05d5c68 0001  0003 
>  006951e0  f05ed014 f0674ab4
>  [0.00] %I: f05d5c80   0002 f100   
>    f05d5c20 f0007fd8
>  [0.00] Disabling lock debugging due to kernel taint
>  [0.00] Caller[f0007fd8]: srmmu_fault+0x58/0x68
>  [0.00] Caller[f0618598]: memblock_alloc_try_nid+0xb8/0xc8
>  [0.00] Caller[f0611094]: srmmu_paging_init+0x174/0xaf8
>  [0.00] Caller[f06106a8]: paging_init+0x4/0x24
>  [0.00] Caller[f060e4f0]: setup_arch+0x3e8/0x480
>  [0.00] Caller[f060ab50]: start_kernel+0x48/0x460
>  [0.00] Caller[f060a43c]: continue_boot+0x324/0x334
>  [0.00] Caller[]:   (null)
>  [0.00] Instruction DUMP:
>  [0.00]  c800a024 
>  [0.00]  83286002 
>  [0.00]  073c17b3 
>  [0.00] 
>  [0.00]  c600e22c 
>  [0.00]  8a08a003 
>  [0.00]  80a16001 
>  [0.00]  0280003b 
>  [0.00]  c600c001 
>  [0.00] 
>  [0.00] Kernel panic - not syncing: Attempted to kill the idle 
>  task!
>  [0.00] Press Stop-A (L1-A) from sun keyboard or send break
>  [0.00] twice on console to return to the boot prom
>  [0.00] ---[ end Kernel panic - not syncing: Attempted to kill 
>  the idle task! ]---
>  qemu-system-sparc: terminating on signal 15 from pid 13043 (killall)
> 
>  The NULL ptr dereference is done by memset() in srmmu_nocache_init() and 
>  memblock_alloc_try_nid().
>  If I comment both memset, the boot pass
> 
>  But since nothing explain the NULL ptr deref in memset(), I suspect 
>  something is overriden by the initrd
> >>>
> >>> Sorry about the delay in replying to this, I haven't been too well 
> >>> recently.
> >>>
> >>> Looking at the code I suspect the problem is that when loading a kernel 
> >>> directly,
> >>> OpenBIOS isn't adding the kernel/initrd memory ranges to the DT 
> >>> properties, and so
> >>> the kernel doesn't recreate its own mapping on boot.
> >>>
> >>> It shouldn't be too hard to make this happen, let me take and look and 
> >>> see how
> >>> difficult this would be.
> >>
> >> I think I now have a fix for this, with changes needed in both QEMU and 
> >> OpenBIOS.
> >>
> >> Firstly you'll need to apply the QEMU patch from
> >> https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06635.html and 
> >> then you'll
> >> need an updated OpenBIOS.
> >>
> >> I've 

Re: [Qemu-devel] [PATCH v2 00/10] tcg vector improvements

[Mark Cave-Ayland]

On 06/02/2019 03:37, Richard Henderson wrote:

> On 2/5/19 9:29 PM, Mark Cave-Ayland wrote:
>> The only minor question I had with the patchset in its current form is 
>> whether to use
>> the new VsrD() macro for vscr_sat, or whether we don't really care enough?
> 
> Given the comment
> 
>   /* Which bit we set is completely arbitrary, but clear the rest.  */
> 
> I don't think VsrD is helpful.

Okay, I can leave that for now.

> In "target/ppc: Split out VSCR_SAT to a vector field":
> 
>   ppc_vsr_t vsr[64] QEMU_ALIGNED(16);
> + /* Non-zero if and only if VSCR_SAT should be set.  */
> + ppc_vsr_t vscr_sat;
> 
> Better to add the QEMU_ALIGNED(16) to vscr_sat as well.  Yes, it will already
> happen to be aligned by placement, but this is also a bit documentation.

I've added this to my latest branch.

> In "target/ppc: convert vadd*s and vsub*s to vector operations":
> 
>   if (sat) {  \
> - set_vscr_sat(env);  \
> + vscr_sat->u32[0] = 1;   \
>   }   \
> 
> Changed in error?

It looks like this was in the original patch, presumably because GEN_VXFORM_SAT
doesn't include the env parameter which was present in GEN_VXFORM_ENV. Should 
the env
parameter be added to GEN_VXFORM_SAT?

Howard has also pointed out that he's still spotted some corruption in his 
tests, so
I will do a bit more investigation and report back.


ATB,

Mark.

Re: [Qemu-devel] [Qemu-block] Guest unresponsive after Virtqueue size exceeded error

[Fernando Casas Schössow]

I can now confirm that the same happens with virtio-blk and virtio-scsi.
Please find below the qemu log enhanced with the new information added by the 
patch provided by Stefan:

vdev 0x55d22b8e10f0 ("virtio-blk")
vq 0x55d22b8ebe40 (idx 0)
inuse 128 vring.num 128
2019-02-06T00:40:41.742552Z qemu-system-x86_64: Virtqueue size exceeded

I just changed the disk back to virtio-scsi so I can repro this again with the 
patched qemu and report back.

Thanks.

On lun, feb 4, 2019 at 8:24 AM, Fernando Casas Schössow 
 wrote:

I can test again with qemu 3.1 but with previous versions yes, it was happening 
the same with both virtio-blk and virtio-scsi.
For 3.1 I can confirm it happens for virtio-scsi (already tested it) and I can 
test with virtio-blk again if that will add value to the investigation.
Also I'm attaching a guest console screenshot showing the errors displayed by 
the guest when it goes unresponsive in case it can help.

Thanks for the patch. I will build the custom qemu binary and reproduce the 
issue. This may take a couple of days since I cannot reproduce it at will. 
Sometimes it takes 12 hours sometimes 2 days until it happens.
Hopefully the code below will add more light on to this problem.

Thanks,

Fernando

On lun, feb 4, 2019 at 7:06 AM, Stefan Hajnoczi  wrote:
Are you sure this happens with both virtio-blk and virtio-scsi? The following 
patch adds more debug output. You can build as follows: $ git clone 
https://git.qemu.org/git/qemu.git $ cd qemu $ patch apply -p1 ...paste the 
patch here... ^D # For info on build dependencies see 
https://wiki.qemu.org/Hosts/Linux $ ./configure --target-list=x86_64-softmmu $ 
make -j4 You can configure a libvirt domain to use your custom QEMU binary by 
changing the  tag to the 
qemu/x86_64-softmmu/qemu-system-x86_64 path. --- diff --git 
a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 22bd1ac34e..aa44bffa1f 100644 
--- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -879,6 +879,9 @@ void 
*virtqueue_pop(VirtQueue *vq, size_t sz) max = vq->vring.num; if (vq->inuse >= 
vq->vring.num) { + fprintf(stderr, "vdev %p (\"%s\")\n", vdev, vdev->name); + 
fprintf(stderr, "vq %p (idx %u)\n", vq, (unsigned int)(vq - vdev->vq)); + 
fprintf(stderr, "inuse %u vring.num %u\n", vq->inuse, vq->vring.num); 
virtio_error(vdev, "Virtqueue size exceeded"); goto done; }

Re: [Qemu-devel] [PATCH v2 3/3] target/arm: Implement ARMv8.3-JSConv

[Laurent Desnogues]

Hello,

On Wed, Feb 6, 2019 at 6:32 AM Richard Henderson
 wrote:
>
> Signed-off-by: Richard Henderson 

Tested-by: Laurent Desnogues 

Thanks,

Laurent

> ---
> v2: Return 0 for NaN
> ---
>  target/arm/cpu.h   | 10 +
>  target/arm/helper.h|  2 +
>  target/arm/cpu.c   |  1 +
>  target/arm/cpu64.c |  2 +
>  target/arm/op_helper.c | 76 ++
>  target/arm/translate-a64.c | 26 +
>  target/arm/translate.c | 15 
>  7 files changed, 132 insertions(+)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 47238e4245..bfc532f0ca 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -3227,6 +3227,11 @@ static inline bool isar_feature_aa32_vcma(const 
> ARMISARegisters *id)
>  return FIELD_EX32(id->id_isar5, ID_ISAR5, VCMA) != 0;
>  }
>
> +static inline bool isar_feature_aa32_jscvt(const ARMISARegisters *id)
> +{
> +return FIELD_EX32(id->id_isar6, ID_ISAR6, JSCVT) != 0;
> +}
> +
>  static inline bool isar_feature_aa32_dp(const ARMISARegisters *id)
>  {
>  return FIELD_EX32(id->id_isar6, ID_ISAR6, DP) != 0;
> @@ -3305,6 +3310,11 @@ static inline bool isar_feature_aa64_dp(const 
> ARMISARegisters *id)
>  return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, DP) != 0;
>  }
>
> +static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id)
> +{
> +return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0;
> +}
> +
>  static inline bool isar_feature_aa64_fcma(const ARMISARegisters *id)
>  {
>  return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, FCMA) != 0;
> diff --git a/target/arm/helper.h b/target/arm/helper.h
> index 53a38188c6..6998f7e8d5 100644
> --- a/target/arm/helper.h
> +++ b/target/arm/helper.h
> @@ -218,6 +218,8 @@ DEF_HELPER_FLAGS_2(rintd_exact, TCG_CALL_NO_RWG, f64, 
> f64, ptr)
>  DEF_HELPER_FLAGS_2(rints, TCG_CALL_NO_RWG, f32, f32, ptr)
>  DEF_HELPER_FLAGS_2(rintd, TCG_CALL_NO_RWG, f64, f64, ptr)
>
> +DEF_HELPER_FLAGS_2(fjcvtzs, TCG_CALL_NO_RWG, i64, f64, ptr)
> +
>  /* neon_helper.c */
>  DEF_HELPER_FLAGS_3(neon_qadd_u8, TCG_CALL_NO_RWG, i32, env, i32, i32)
>  DEF_HELPER_FLAGS_3(neon_qadd_s8, TCG_CALL_NO_RWG, i32, env, i32, i32)
> diff --git a/target/arm/cpu.c b/target/arm/cpu.c
> index edf6e0e1f1..8ea6569088 100644
> --- a/target/arm/cpu.c
> +++ b/target/arm/cpu.c
> @@ -2001,6 +2001,7 @@ static void arm_max_initfn(Object *obj)
>  cpu->isar.id_isar5 = t;
>
>  t = cpu->isar.id_isar6;
> +t = FIELD_DP32(t, ID_ISAR6, JSCVT, 1);
>  t = FIELD_DP32(t, ID_ISAR6, DP, 1);
>  cpu->isar.id_isar6 = t;
>
> diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
> index eff0f164dd..69e4134f79 100644
> --- a/target/arm/cpu64.c
> +++ b/target/arm/cpu64.c
> @@ -311,6 +311,7 @@ static void aarch64_max_initfn(Object *obj)
>  cpu->isar.id_aa64isar0 = t;
>
>  t = cpu->isar.id_aa64isar1;
> +t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);
>  t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1);
>  t = FIELD_DP64(t, ID_AA64ISAR1, APA, 1); /* PAuth, architected only 
> */
>  t = FIELD_DP64(t, ID_AA64ISAR1, API, 0);
> @@ -344,6 +345,7 @@ static void aarch64_max_initfn(Object *obj)
>  cpu->isar.id_isar5 = u;
>
>  u = cpu->isar.id_isar6;
> +u = FIELD_DP32(u, ID_ISAR6, JSCVT, 1);
>  u = FIELD_DP32(u, ID_ISAR6, DP, 1);
>  cpu->isar.id_isar6 = u;
>
> diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
> index c998eadfaa..be555c44e4 100644
> --- a/target/arm/op_helper.c
> +++ b/target/arm/op_helper.c
> @@ -24,6 +24,7 @@
>  #include "internals.h"
>  #include "exec/exec-all.h"
>  #include "exec/cpu_ldst.h"
> +#include "fpu/softfloat.h"
>
>  #define SIGNBIT (uint32_t)0x8000
>  #define SIGNBIT64 ((uint64_t)1 << 63)
> @@ -1376,3 +1377,78 @@ uint32_t HELPER(ror_cc)(CPUARMState *env, uint32_t x, 
> uint32_t i)
>  return ((uint32_t)x >> shift) | (x << (32 - shift));
>  }
>  }
> +
> +/*
> + * Implement float64 to int32_t conversion without saturation;
> + * the result is supplied modulo 2^32.
> + */
> +uint64_t HELPER(fjcvtzs)(float64 value, void *vstatus)
> +{
> +float_status *status = vstatus;
> +uint32_t exp, sign;
> +uint64_t frac;
> +uint32_t inexact = 1; /* !Z */
> +
> +sign = extract64(value, 63, 1);
> +exp = extract64(value, 52, 11);
> +frac = extract64(value, 0, 52);
> +
> +if (exp == 0) {
> +/* While not inexact for IEEE FP, -0.0 is inexact for JavaScript.  */
> +inexact = sign;
> +if (frac != 0) {
> +if (status->flush_inputs_to_zero) {
> +float_raise(float_flag_input_denormal, status);
> +} else {
> +float_raise(float_flag_inexact, status);
> +inexact = 1;
> +}
> +}
> +frac = 0;
> +} else if (exp == 0x7ff) {
> +/* This operation raises Invalid for both NaN and overflow (Inf).  */
> 

Re: [Qemu-devel] [PATCH v12 2/3] qcow2: Add list of bitmaps to ImageInfoSpecificQCow2

[Vladimir Sementsov-Ogievskiy]

05.02.2019 23:33, Eric Blake wrote:
> On 2/5/19 2:14 PM, Andrey Shinkevich wrote:
>> In the 'Format specific information' section of the 'qemu-img info'
>> command output, the supplemental information about existing QCOW2
>> bitmaps will be shown, such as a bitmap name, flags and granularity:
>>
> 
>> +##
>> +# @Qcow2BitmapInfo:
>> +#
>> +# Qcow2 bitmap information.
>> +#
>> +# @name: the name of the bitmap
>> +#
>> +# @granularity: granularity of the bitmap in bytes
>> +#
>> +# @flags: flags of the bitmap
>> +#
>> +# Since: 4.0
> 
> You got rid of the docs for unknown-flags,
> 
>> +##
>> +{ 'struct': 'Qcow2BitmapInfo',
>> +  'data': {'name': 'str', 'granularity': 'uint32',
>> +   'flags': ['Qcow2BitmapInfoFlags'],
>> +   '*unknown-flags': 'uint32' } }
> 
> but forgot to actually get rid of the field. That's a pretty simple
> cleanup, which I don't mind making if this series is otherwise ready to go.
> 
> Reviewed-by: Eric Blake 
> 

and with that fixed, it's OK for me too:
Reviewed-by: Vladimir Sementsov-Ogievskiy 

-- 
Best regards,
Vladimir

Re: [Qemu-devel] [PATCH] target/hppa: fix PSW Q bit behaviour to match hardware

[Richard Henderson]

On 1/29/19 7:14 PM, Sven Schnelle wrote:
> PA-RISC specification says: "Setting the PSW Q-bit, PSW{28}, to 1
> with this instruction, if it was not already 1, is an undefined
> operation." However, at least HP-UX 10.20 sets the Q bit from 0 to 1
> with the SSM instruction. Tested this both on HP9000/712 and
> HP9000/785/C3750, both machines set the Q bit from 0 to 1 without
> exception. This makes HP-UX 10.20 progress a little bit further.
> 
> Signed-off-by: Sven Schnelle 
> ---
>  target/hppa/op_helper.c | 5 -
>  1 file changed, 5 deletions(-)

Queued, with much of this text copied into a comment in the code.


r~

Re: [Qemu-devel] [PATCH] target/hppa: fix setting registers via gdb

[Richard Henderson]

On 1/28/19 4:53 PM, Sven Schnelle wrote:
> While doing 'set $pcoqh=0xf000' i triggered the assertion below. From 
> looking
> at the source, it looks like the argument order for deposit64() is wrong, and 
> val
> needs to be moved to the end.
> 
> Signed-off-by: Sven Schnelle 

Queued, thanks.


r~

Re: [Qemu-devel] [PATCH] target/i386: Generate #UD when applying LOCK to a register

[Richard Henderson]

Ping.

On 12/7/18 5:09 PM, Richard Henderson wrote:
> This covers inc, dec, and the bit test instructions.
> 
> I believe we've finally covered all of the cases for
> which we have an atomic path that would use the cpu_A0
> temp, which is only initialized for address sources.
> 
> Fixes: https://bugs.launchpad.net/qemu/+bug/1803160/comments/4
> Signed-off-by: Richard Henderson 
> ---
>  target/i386/translate.c | 11 +++
>  1 file changed, 11 insertions(+)
> 
> diff --git a/target/i386/translate.c b/target/i386/translate.c
> index 0dd5fbe45c..eb52322a47 100644
> --- a/target/i386/translate.c
> +++ b/target/i386/translate.c
> @@ -1398,6 +1398,11 @@ static void gen_op(DisasContext *s1, int op, TCGMemOp 
> ot, int d)
>  static void gen_inc(DisasContext *s1, TCGMemOp ot, int d, int c)
>  {
>  if (s1->prefix & PREFIX_LOCK) {
> +if (d != OR_TMP0) {
> +/* Lock prefix when destination is not memory.  */
> +gen_illegal_opcode(s1);
> +return;
> +}
>  tcg_gen_movi_tl(s1->T0, c > 0 ? 1 : -1);
>  tcg_gen_atomic_add_fetch_tl(s1->T0, s1->A0, s1->T0,
>  s1->mem_index, ot | MO_LE);
> @@ -6764,6 +6769,9 @@ static target_ulong disas_insn(DisasContext *s, 
> CPUState *cpu)
>  gen_op_ld_v(s, ot, s->T0, s->A0);
>  }
>  } else {
> +if (s->prefix & PREFIX_LOCK) {
> +goto illegal_op;
> +}
>  gen_op_mov_v_reg(s, ot, s->T0, rm);
>  }
>  /* load shift */
> @@ -6803,6 +6811,9 @@ static target_ulong disas_insn(DisasContext *s, 
> CPUState *cpu)
>  gen_op_ld_v(s, ot, s->T0, s->A0);
>  }
>  } else {
> +if (s->prefix & PREFIX_LOCK) {
> +goto illegal_op;
> +}
>  gen_op_mov_v_reg(s, ot, s->T0, rm);
>  }
>  bt_op:
> 

[Qemu-devel] [PATCH v2 3/3] target/arm: Implement ARMv8.3-JSConv

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
v2: Return 0 for NaN
---
 target/arm/cpu.h   | 10 +
 target/arm/helper.h|  2 +
 target/arm/cpu.c   |  1 +
 target/arm/cpu64.c |  2 +
 target/arm/op_helper.c | 76 ++
 target/arm/translate-a64.c | 26 +
 target/arm/translate.c | 15 
 7 files changed, 132 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 47238e4245..bfc532f0ca 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -3227,6 +3227,11 @@ static inline bool isar_feature_aa32_vcma(const 
ARMISARegisters *id)
 return FIELD_EX32(id->id_isar5, ID_ISAR5, VCMA) != 0;
 }
 
+static inline bool isar_feature_aa32_jscvt(const ARMISARegisters *id)
+{
+return FIELD_EX32(id->id_isar6, ID_ISAR6, JSCVT) != 0;
+}
+
 static inline bool isar_feature_aa32_dp(const ARMISARegisters *id)
 {
 return FIELD_EX32(id->id_isar6, ID_ISAR6, DP) != 0;
@@ -3305,6 +3310,11 @@ static inline bool isar_feature_aa64_dp(const 
ARMISARegisters *id)
 return FIELD_EX64(id->id_aa64isar0, ID_AA64ISAR0, DP) != 0;
 }
 
+static inline bool isar_feature_aa64_jscvt(const ARMISARegisters *id)
+{
+return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, JSCVT) != 0;
+}
+
 static inline bool isar_feature_aa64_fcma(const ARMISARegisters *id)
 {
 return FIELD_EX64(id->id_aa64isar1, ID_AA64ISAR1, FCMA) != 0;
diff --git a/target/arm/helper.h b/target/arm/helper.h
index 53a38188c6..6998f7e8d5 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -218,6 +218,8 @@ DEF_HELPER_FLAGS_2(rintd_exact, TCG_CALL_NO_RWG, f64, f64, 
ptr)
 DEF_HELPER_FLAGS_2(rints, TCG_CALL_NO_RWG, f32, f32, ptr)
 DEF_HELPER_FLAGS_2(rintd, TCG_CALL_NO_RWG, f64, f64, ptr)
 
+DEF_HELPER_FLAGS_2(fjcvtzs, TCG_CALL_NO_RWG, i64, f64, ptr)
+
 /* neon_helper.c */
 DEF_HELPER_FLAGS_3(neon_qadd_u8, TCG_CALL_NO_RWG, i32, env, i32, i32)
 DEF_HELPER_FLAGS_3(neon_qadd_s8, TCG_CALL_NO_RWG, i32, env, i32, i32)
diff --git a/target/arm/cpu.c b/target/arm/cpu.c
index edf6e0e1f1..8ea6569088 100644
--- a/target/arm/cpu.c
+++ b/target/arm/cpu.c
@@ -2001,6 +2001,7 @@ static void arm_max_initfn(Object *obj)
 cpu->isar.id_isar5 = t;
 
 t = cpu->isar.id_isar6;
+t = FIELD_DP32(t, ID_ISAR6, JSCVT, 1);
 t = FIELD_DP32(t, ID_ISAR6, DP, 1);
 cpu->isar.id_isar6 = t;
 
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index eff0f164dd..69e4134f79 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -311,6 +311,7 @@ static void aarch64_max_initfn(Object *obj)
 cpu->isar.id_aa64isar0 = t;
 
 t = cpu->isar.id_aa64isar1;
+t = FIELD_DP64(t, ID_AA64ISAR1, JSCVT, 1);
 t = FIELD_DP64(t, ID_AA64ISAR1, FCMA, 1);
 t = FIELD_DP64(t, ID_AA64ISAR1, APA, 1); /* PAuth, architected only */
 t = FIELD_DP64(t, ID_AA64ISAR1, API, 0);
@@ -344,6 +345,7 @@ static void aarch64_max_initfn(Object *obj)
 cpu->isar.id_isar5 = u;
 
 u = cpu->isar.id_isar6;
+u = FIELD_DP32(u, ID_ISAR6, JSCVT, 1);
 u = FIELD_DP32(u, ID_ISAR6, DP, 1);
 cpu->isar.id_isar6 = u;
 
diff --git a/target/arm/op_helper.c b/target/arm/op_helper.c
index c998eadfaa..be555c44e4 100644
--- a/target/arm/op_helper.c
+++ b/target/arm/op_helper.c
@@ -24,6 +24,7 @@
 #include "internals.h"
 #include "exec/exec-all.h"
 #include "exec/cpu_ldst.h"
+#include "fpu/softfloat.h"
 
 #define SIGNBIT (uint32_t)0x8000
 #define SIGNBIT64 ((uint64_t)1 << 63)
@@ -1376,3 +1377,78 @@ uint32_t HELPER(ror_cc)(CPUARMState *env, uint32_t x, 
uint32_t i)
 return ((uint32_t)x >> shift) | (x << (32 - shift));
 }
 }
+
+/*
+ * Implement float64 to int32_t conversion without saturation;
+ * the result is supplied modulo 2^32.
+ */
+uint64_t HELPER(fjcvtzs)(float64 value, void *vstatus)
+{
+float_status *status = vstatus;
+uint32_t exp, sign;
+uint64_t frac;
+uint32_t inexact = 1; /* !Z */
+
+sign = extract64(value, 63, 1);
+exp = extract64(value, 52, 11);
+frac = extract64(value, 0, 52);
+
+if (exp == 0) {
+/* While not inexact for IEEE FP, -0.0 is inexact for JavaScript.  */
+inexact = sign;
+if (frac != 0) {
+if (status->flush_inputs_to_zero) {
+float_raise(float_flag_input_denormal, status);
+} else {
+float_raise(float_flag_inexact, status);
+inexact = 1;
+}
+}
+frac = 0;
+} else if (exp == 0x7ff) {
+/* This operation raises Invalid for both NaN and overflow (Inf).  */
+float_raise(float_flag_invalid, status);
+frac = 0;
+} else {
+int true_exp = exp - 1023;
+int shift = true_exp - 52;
+
+/* Restore implicit bit.  */
+frac |= 1ull << 52;
+
+/* Shift the fraction into place.  */
+if (shift >= 0) {
+/* The number is so large we must shift the fraction left.  */

[Qemu-devel] [PATCH v2 0/3] target/arm: Implement ARMv8.3-JSConv

[Richard Henderson]

Changes since v1:
  * Typo fixed in patch 2, which had scrogged FMOV
  * Return 0 for NaN, as for any other ARM fp conversion.


r~


Richard Henderson (3):
  target/arm: Force result size into dp after operation
  target/arm: Restructure disas_fp_int_conv
  target/arm: Implement ARMv8.3-JSConv

 target/arm/cpu.h   |  10 
 target/arm/helper.h|   2 +
 target/arm/cpu.c   |   1 +
 target/arm/cpu64.c |   2 +
 target/arm/op_helper.c |  76 +++
 target/arm/translate-a64.c | 120 +++--
 target/arm/translate.c |  47 ++-
 7 files changed, 197 insertions(+), 61 deletions(-)

-- 
2.17.2

[Qemu-devel] [PATCH v2 2/3] target/arm: Restructure disas_fp_int_conv

[Richard Henderson]

For opcodes 0-5, move some if conditions into the structure
of a switch statement.  For opcodes 6 & 7, decode everything
at once with a second switch.

Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 94 --
 1 file changed, 49 insertions(+), 45 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index e002251ac6..2f849a6951 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -6541,68 +6541,72 @@ static void disas_fp_int_conv(DisasContext *s, uint32_t 
insn)
 int type = extract32(insn, 22, 2);
 bool sbit = extract32(insn, 29, 1);
 bool sf = extract32(insn, 31, 1);
+bool itof = false;
 
 if (sbit) {
-unallocated_encoding(s);
-return;
+goto do_unallocated;
 }
 
-if (opcode > 5) {
-/* FMOV */
-bool itof = opcode & 1;
-
-if (rmode >= 2) {
-unallocated_encoding(s);
-return;
-}
-
-switch (sf << 3 | type << 1 | rmode) {
-case 0x0: /* 32 bit */
-case 0xa: /* 64 bit */
-case 0xd: /* 64 bit to top half of quad */
-break;
-case 0x6: /* 16-bit float, 32-bit int */
-case 0xe: /* 16-bit float, 64-bit int */
-if (dc_isar_feature(aa64_fp16, s)) {
-break;
-}
-/* fallthru */
-default:
-/* all other sf/type/rmode combinations are invalid */
-unallocated_encoding(s);
-return;
-}
-
-if (!fp_access_check(s)) {
-return;
-}
-handle_fmov(s, rd, rn, type, itof);
-} else {
-/* actual FP conversions */
-bool itof = extract32(opcode, 1, 1);
-
-if (rmode != 0 && opcode > 1) {
-unallocated_encoding(s);
-return;
+switch (opcode) {
+case 2: /* SCVTF */
+case 3: /* UCVTF */
+itof = true;
+/* fallthru */
+case 4: /* FCVTAS */
+case 5: /* FCVTAU */
+if (rmode != 0) {
+goto do_unallocated;
 }
+/* fallthru */
+case 0: /* FCVT[NPMZ]S */
+case 1: /* FCVT[NPMZ]U */
 switch (type) {
 case 0: /* float32 */
 case 1: /* float64 */
 break;
 case 3: /* float16 */
-if (dc_isar_feature(aa64_fp16, s)) {
-break;
+if (!dc_isar_feature(aa64_fp16, s)) {
+goto do_unallocated;
 }
-/* fallthru */
+break;
 default:
-unallocated_encoding(s);
-return;
+goto do_unallocated;
 }
-
 if (!fp_access_check(s)) {
 return;
 }
 handle_fpfpcvt(s, rd, rn, opcode, itof, rmode, 64, sf, type);
+break;
+
+default:
+switch (sf << 7 | type << 5 | rmode << 3 | opcode) {
+case 0b01100110: /* FMOV half <-> 32-bit int */
+case 0b01100111:
+case 0b11100110: /* FMOV half <-> 64-bit int */
+case 0b11100111:
+if (!dc_isar_feature(aa64_fp16, s)) {
+goto do_unallocated;
+}
+/* fallthru */
+case 0b0110: /* FMOV 32-bit */
+case 0b0111:
+case 0b10100110: /* FMOV 64-bit */
+case 0b10100111:
+case 0b11001110: /* FMOV top half of 128-bit */
+case 0b1100:
+if (!fp_access_check(s)) {
+return;
+}
+itof = opcode & 1;
+handle_fmov(s, rd, rn, type, itof);
+break;
+
+default:
+do_unallocated:
+unallocated_encoding(s);
+return;
+}
+break;
 }
 }
 
-- 
2.17.2

[Qemu-devel] [PATCH v2 1/3] target/arm: Force result size into dp after operation

[Richard Henderson]

Rather than a complex set of cases testing for writeback,
adjust DP after performing the operation.

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate.c | 32 
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 66cf28c8cb..eb25895876 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -3970,6 +3970,7 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
 tcg_gen_or_i32(tmp, tmp, tmp2);
 tcg_temp_free_i32(tmp2);
 gen_vfp_msr(tmp);
+dp = 0; /* always a single precision result */
 break;
 }
 case 7: /* vcvtt.f16.f32, vcvtt.f16.f64 */
@@ -3993,20 +3994,25 @@ static int disas_vfp_insn(DisasContext *s, uint32_t 
insn)
 tcg_gen_or_i32(tmp, tmp, tmp2);
 tcg_temp_free_i32(tmp2);
 gen_vfp_msr(tmp);
+dp = 0; /* always a single precision result */
 break;
 }
 case 8: /* cmp */
 gen_vfp_cmp(dp);
+dp = -1; /* no write back */
 break;
 case 9: /* cmpe */
 gen_vfp_cmpe(dp);
+dp = -1; /* no write back */
 break;
 case 10: /* cmpz */
 gen_vfp_cmp(dp);
+dp = -1; /* no write back */
 break;
 case 11: /* cmpez */
 gen_vfp_F1_ld0(dp);
 gen_vfp_cmpe(dp);
+dp = -1; /* no write back */
 break;
 case 12: /* vrintr */
 {
@@ -4047,10 +4053,12 @@ static int disas_vfp_insn(DisasContext *s, uint32_t 
insn)
 break;
 }
 case 15: /* single<->double conversion */
-if (dp)
+if (dp) {
 gen_helper_vfp_fcvtsd(cpu_F0s, cpu_F0d, cpu_env);
-else
+} else {
 gen_helper_vfp_fcvtds(cpu_F0d, cpu_F0s, cpu_env);
+}
+dp = !dp; /* result size is opposite */
 break;
 case 16: /* fuito */
 gen_vfp_uito(dp, 0);
@@ -4084,15 +4092,19 @@ static int disas_vfp_insn(DisasContext *s, uint32_t 
insn)
 break;
 case 24: /* ftoui */
 gen_vfp_toui(dp, 0);
+dp = 0; /* always an integer result */
 break;
 case 25: /* ftouiz */
 gen_vfp_touiz(dp, 0);
+dp = 0; /* always an integer result */
 break;
 case 26: /* ftosi */
 gen_vfp_tosi(dp, 0);
+dp = 0; /* always an integer result */
 break;
 case 27: /* ftosiz */
 gen_vfp_tosiz(dp, 0);
+dp = 0; /* always an integer result */
 break;
 case 28: /* ftosh */
 if (!arm_dc_feature(s, ARM_FEATURE_VFP3)) {
@@ -4126,20 +4138,8 @@ static int disas_vfp_insn(DisasContext *s, uint32_t insn)
 return 1;
 }
 
-/* Write back the result.  */
-if (op == 15 && (rn >= 8 && rn <= 11)) {
-/* Comparison, do nothing.  */
-} else if (op == 15 && dp && ((rn & 0x1c) == 0x18 ||
-  (rn & 0x1e) == 0x6)) {
-/* VCVT double to int: always integer result.
- * VCVT double to half precision is always a single
- * precision result.
- */
-gen_mov_vreg_F0(0, rd);
-} else if (op == 15 && rn == 15) {
-/* conversion */
-gen_mov_vreg_F0(!dp, rd);
-} else {
+/* Write back the result, if any.  */
+if (dp >= 0) {
 gen_mov_vreg_F0(dp, rd);
 }
 
-- 
2.17.2

[Qemu-devel] [PATCH v2 0/5] target/arm: tcg vector cleanups

[Richard Henderson]

Generic tcg now has support for folding of OR,
and has grown min/max primitives.


r~


Richard Henderson (5):
  target/arm: Rely on optimization within tcg_gen_gvec_or
  target/arm: Use vector minmax expanders for aarch64
  target/arm: Use vector minmax expanders for aarch32
  target/arm: Use tcg integer min/max primitives for neon
  target/arm: Remove neon min/max helpers

 target/arm/helper.h| 12 --
 target/arm/neon_helper.c   | 12 --
 target/arm/translate-a64.c | 41 +-
 target/arm/translate-sve.c |  6 +
 target/arm/translate.c | 45 ++
 5 files changed, 42 insertions(+), 74 deletions(-)

-- 
2.17.2

[Qemu-devel] [PATCH v2 3/5] target/arm: Use vector minmax expanders for aarch32

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate.c | 25 +++--
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index 9d2dba7ed2..df1cd3fa3e 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6368,6 +6368,25 @@ static int disas_neon_data_insn(DisasContext *s, 
uint32_t insn)
 tcg_gen_gvec_cmp(u ? TCG_COND_GEU : TCG_COND_GE, size,
  rd_ofs, rn_ofs, rm_ofs, vec_size, vec_size);
 return 0;
+
+case NEON_3R_VMAX:
+if (u) {
+tcg_gen_gvec_umax(size, rd_ofs, rn_ofs, rm_ofs,
+  vec_size, vec_size);
+} else {
+tcg_gen_gvec_smax(size, rd_ofs, rn_ofs, rm_ofs,
+  vec_size, vec_size);
+}
+return 0;
+case NEON_3R_VMIN:
+if (u) {
+tcg_gen_gvec_umin(size, rd_ofs, rn_ofs, rm_ofs,
+  vec_size, vec_size);
+} else {
+tcg_gen_gvec_smin(size, rd_ofs, rn_ofs, rm_ofs,
+  vec_size, vec_size);
+}
+return 0;
 }
 
 if (size == 3) {
@@ -6533,12 +6552,6 @@ static int disas_neon_data_insn(DisasContext *s, 
uint32_t insn)
 case NEON_3R_VQRSHL:
 GEN_NEON_INTEGER_OP_ENV(qrshl);
 break;
-case NEON_3R_VMAX:
-GEN_NEON_INTEGER_OP(max);
-break;
-case NEON_3R_VMIN:
-GEN_NEON_INTEGER_OP(min);
-break;
 case NEON_3R_VABD:
 GEN_NEON_INTEGER_OP(abd);
 break;
-- 
2.17.2

[Qemu-devel] [PATCH v2 1/5] target/arm: Rely on optimization within tcg_gen_gvec_or

[Richard Henderson]

Since we're now handling a == b generically, we no longer need
to do it by hand within target/arm/.

Reviewed-by: David Gibson 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c |  6 +-
 target/arm/translate-sve.c |  6 +-
 target/arm/translate.c | 12 +++-
 3 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index e002251ac6..a12bfac719 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -10648,11 +10648,7 @@ static void disas_simd_3same_logic(DisasContext *s, 
uint32_t insn)
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_andc, 0);
 return;
 case 2: /* ORR */
-if (rn == rm) { /* MOV */
-gen_gvec_fn2(s, is_q, rd, rn, tcg_gen_gvec_mov, 0);
-} else {
-gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_or, 0);
-}
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_or, 0);
 return;
 case 3: /* ORN */
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_orc, 0);
diff --git a/target/arm/translate-sve.c b/target/arm/translate-sve.c
index b15b615ceb..3a2eb51566 100644
--- a/target/arm/translate-sve.c
+++ b/target/arm/translate-sve.c
@@ -280,11 +280,7 @@ static bool trans_AND_zzz(DisasContext *s, arg_rrr_esz *a)
 
 static bool trans_ORR_zzz(DisasContext *s, arg_rrr_esz *a)
 {
-if (a->rn == a->rm) { /* MOV */
-return do_mov_z(s, a->rd, a->rn);
-} else {
-return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
-}
+return do_vector3_z(s, tcg_gen_gvec_or, 0, a->rd, a->rn, a->rm);
 }
 
 static bool trans_EOR_zzz(DisasContext *s, arg_rrr_esz *a)
diff --git a/target/arm/translate.c b/target/arm/translate.c
index 66cf28c8cb..9d2dba7ed2 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -6294,15 +6294,9 @@ static int disas_neon_data_insn(DisasContext *s, 
uint32_t insn)
 tcg_gen_gvec_andc(0, rd_ofs, rn_ofs, rm_ofs,
   vec_size, vec_size);
 break;
-case 2:
-if (rn == rm) {
-/* VMOV */
-tcg_gen_gvec_mov(0, rd_ofs, rn_ofs, vec_size, vec_size);
-} else {
-/* VORR */
-tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
-vec_size, vec_size);
-}
+case 2: /* VORR */
+tcg_gen_gvec_or(0, rd_ofs, rn_ofs, rm_ofs,
+vec_size, vec_size);
 break;
 case 3: /* VORN */
 tcg_gen_gvec_orc(0, rd_ofs, rn_ofs, rm_ofs,
-- 
2.17.2

[Qemu-devel] [PATCH v2 5/5] target/arm: Remove neon min/max helpers

[Richard Henderson]

These are now unused.

Signed-off-by: Richard Henderson 
---
 target/arm/helper.h  | 12 
 target/arm/neon_helper.c | 12 
 2 files changed, 24 deletions(-)

diff --git a/target/arm/helper.h b/target/arm/helper.h
index 53a38188c6..9874c35ea9 100644
--- a/target/arm/helper.h
+++ b/target/arm/helper.h
@@ -276,18 +276,6 @@ DEF_HELPER_2(neon_cge_s16, i32, i32, i32)
 DEF_HELPER_2(neon_cge_u32, i32, i32, i32)
 DEF_HELPER_2(neon_cge_s32, i32, i32, i32)
 
-DEF_HELPER_2(neon_min_u8, i32, i32, i32)
-DEF_HELPER_2(neon_min_s8, i32, i32, i32)
-DEF_HELPER_2(neon_min_u16, i32, i32, i32)
-DEF_HELPER_2(neon_min_s16, i32, i32, i32)
-DEF_HELPER_2(neon_min_u32, i32, i32, i32)
-DEF_HELPER_2(neon_min_s32, i32, i32, i32)
-DEF_HELPER_2(neon_max_u8, i32, i32, i32)
-DEF_HELPER_2(neon_max_s8, i32, i32, i32)
-DEF_HELPER_2(neon_max_u16, i32, i32, i32)
-DEF_HELPER_2(neon_max_s16, i32, i32, i32)
-DEF_HELPER_2(neon_max_u32, i32, i32, i32)
-DEF_HELPER_2(neon_max_s32, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_u8, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_s8, i32, i32, i32)
 DEF_HELPER_2(neon_pmin_u16, i32, i32, i32)
diff --git a/target/arm/neon_helper.c b/target/arm/neon_helper.c
index c2c6491a83..3249005b62 100644
--- a/target/arm/neon_helper.c
+++ b/target/arm/neon_helper.c
@@ -581,12 +581,6 @@ NEON_VOP(cge_u32, neon_u32, 1)
 #undef NEON_FN
 
 #define NEON_FN(dest, src1, src2) dest = (src1 < src2) ? src1 : src2
-NEON_VOP(min_s8, neon_s8, 4)
-NEON_VOP(min_u8, neon_u8, 4)
-NEON_VOP(min_s16, neon_s16, 2)
-NEON_VOP(min_u16, neon_u16, 2)
-NEON_VOP(min_s32, neon_s32, 1)
-NEON_VOP(min_u32, neon_u32, 1)
 NEON_POP(pmin_s8, neon_s8, 4)
 NEON_POP(pmin_u8, neon_u8, 4)
 NEON_POP(pmin_s16, neon_s16, 2)
@@ -594,12 +588,6 @@ NEON_POP(pmin_u16, neon_u16, 2)
 #undef NEON_FN
 
 #define NEON_FN(dest, src1, src2) dest = (src1 > src2) ? src1 : src2
-NEON_VOP(max_s8, neon_s8, 4)
-NEON_VOP(max_u8, neon_u8, 4)
-NEON_VOP(max_s16, neon_s16, 2)
-NEON_VOP(max_u16, neon_u16, 2)
-NEON_VOP(max_s32, neon_s32, 1)
-NEON_VOP(max_u32, neon_u32, 1)
 NEON_POP(pmax_s8, neon_s8, 4)
 NEON_POP(pmax_u8, neon_u8, 4)
 NEON_POP(pmax_s16, neon_s16, 2)
-- 
2.17.2

[Qemu-devel] [PATCH v2 2/5] target/arm: Use vector minmax expanders for aarch64

[Richard Henderson]

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
---
 target/arm/translate-a64.c | 35 ++-
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index a12bfac719..fd5ceb6613 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -10948,6 +10948,20 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 }
 
 switch (opcode) {
+case 0x0c: /* SMAX, UMAX */
+if (u) {
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umax, size);
+} else {
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_smax, size);
+}
+return;
+case 0x0d: /* SMIN, UMIN */
+if (u) {
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_umin, size);
+} else {
+gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_smin, size);
+}
+return;
 case 0x10: /* ADD, SUB */
 if (u) {
 gen_gvec_fn3(s, is_q, rd, rn, rm, tcg_gen_gvec_sub, size);
@@ -11109,27 +11123,6 @@ static void disas_simd_3same_int(DisasContext *s, 
uint32_t insn)
 genenvfn = fns[size][u];
 break;
 }
-case 0xc: /* SMAX, UMAX */
-{
-static NeonGenTwoOpFn * const fns[3][2] = {
-{ gen_helper_neon_max_s8, gen_helper_neon_max_u8 },
-{ gen_helper_neon_max_s16, gen_helper_neon_max_u16 },
-{ tcg_gen_smax_i32, tcg_gen_umax_i32 },
-};
-genfn = fns[size][u];
-break;
-}
-
-case 0xd: /* SMIN, UMIN */
-{
-static NeonGenTwoOpFn * const fns[3][2] = {
-{ gen_helper_neon_min_s8, gen_helper_neon_min_u8 },
-{ gen_helper_neon_min_s16, gen_helper_neon_min_u16 },
-{ tcg_gen_smin_i32, tcg_gen_umin_i32 },
-};
-genfn = fns[size][u];
-break;
-}
 case 0xe: /* SABD, UABD */
 case 0xf: /* SABA, UABA */
 {
-- 
2.17.2

[Qemu-devel] [PATCH v2 4/5] target/arm: Use tcg integer min/max primitives for neon

[Richard Henderson]

The 32-bit PMIN/PMAX has been decomposed to scalars,
and so can be trivially expanded inline.

Signed-off-by: Richard Henderson 
---
 target/arm/translate.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/target/arm/translate.c b/target/arm/translate.c
index df1cd3fa3e..f0101d2788 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -4760,10 +4760,10 @@ static inline void gen_neon_rsb(int size, TCGv_i32 t0, 
TCGv_i32 t1)
 }
 
 /* 32-bit pairwise ops end up the same as the elementwise versions.  */
-#define gen_helper_neon_pmax_s32  gen_helper_neon_max_s32
-#define gen_helper_neon_pmax_u32  gen_helper_neon_max_u32
-#define gen_helper_neon_pmin_s32  gen_helper_neon_min_s32
-#define gen_helper_neon_pmin_u32  gen_helper_neon_min_u32
+#define gen_helper_neon_pmax_s32  tcg_gen_smax_i32
+#define gen_helper_neon_pmax_u32  tcg_gen_umax_i32
+#define gen_helper_neon_pmin_s32  tcg_gen_smin_i32
+#define gen_helper_neon_pmin_u32  tcg_gen_umin_i32
 
 #define GEN_NEON_INTEGER_OP_ENV(name) do { \
 switch ((size << 1) | u) { \
-- 
2.17.2

[Qemu-devel] [PULL 1/2] tcg: add early clober modifier in atomic16_cmpxchg on aarch64

[Richard Henderson]

From: Catherine Ho 

Without this patch, gcc might up the Input/Output registers and
cause unpredictable error.

Fixes: 1ec182c33379 ("target/arm: Convert to HAVE_CMPXCHG128")

Signed-off-by: Catherine Ho 
Message-Id: <1548838794-23757-1-git-send-email-catherine.h...@gmail.com>
Signed-off-by: Richard Henderson 
---
 include/qemu/atomic128.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/qemu/atomic128.h b/include/qemu/atomic128.h
index a6af22ff10..ddd0d55d31 100644
--- a/include/qemu/atomic128.h
+++ b/include/qemu/atomic128.h
@@ -68,7 +68,7 @@ static inline Int128 atomic16_cmpxchg(Int128 *ptr, Int128 
cmp, Int128 new)
 "cbnz %w[tmp], 0b\n"
 "1:"
 : [mem] "+m"(*ptr), [tmp] "="(tmp),
-  [oldl] "="(oldl), [oldh] "=r"(oldh)
+  [oldl] "="(oldl), [oldh] "="(oldh)
 : [cmpl] "r"(cmpl), [cmph] "r"(cmph),
   [newl] "r"(newl), [newh] "r"(newh)
 : "memory", "cc");
-- 
2.17.2

[Qemu-devel] [PULL 0/2] tcg queued patches

[Richard Henderson]

The following changes since commit 47994e16b1d66411953623e7c0bf0cdcd50bd507:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190205' 
into staging (2019-02-05 18:25:07 +)

are available in the Git repository at:

  https://github.com/rth7680/qemu.git tags/pull-tcg-20190206

for you to fetch changes up to 9fd9b7de61b24c70a8a82d9627a20ed95433e1b5:

  accel/tcg: Consider cluster index in tb_lookup__cpu_state() (2019-02-06 
03:39:24 +)


Queued accel/tcg patches


Catherine Ho (1):
  tcg: add early clober modifier in atomic16_cmpxchg on aarch64

Peter Maydell (1):
  accel/tcg: Consider cluster index in tb_lookup__cpu_state()

 include/exec/tb-lookup.h | 4 
 include/qemu/atomic128.h | 2 +-
 accel/tcg/cpu-exec.c | 3 ---
 3 files changed, 5 insertions(+), 4 deletions(-)

[Qemu-devel] [PULL 2/2] accel/tcg: Consider cluster index in tb_lookup__cpu_state()

[Richard Henderson]

From: Peter Maydell 

In commit f7b78602fdc6c6e4be we added the CPU cluster number to the
cflags field of the TB hash; this included adding it to the value
kept in tb->cflags, since we pass that field directly into the hash
calculation in some places. Unfortunately we forgot to check whether
other parts of the code were doing comparisons against tb->cflags
that would need to be updated.

It turns out that there is exactly one such place: the
tb_lookup__cpu_state() function checks whether the TB it has
found in the tb_jmp_cache has a tb->cflags matching the cf_mask
that is passed in. The tb->cflags has the cluster_index in it
but the cf_mask does not.

Hoist the "add cluster index to the cf_mask" code up from
tb_htable_lookup() to tb_lookup__cpu_state() so it can be considered
in the "did this TB match in the jmp cache" condition, as well as
when we do the full hash lookup by physical PC, flags, etc.
(tb_htable_lookup() is only called from tb_lookup__cpu_state(),
so this change doesn't require any further knock-on changes.)

Fixes: f7b78602fdc6c6e4be ("accel/tcg: Add cluster number to TCG TB hash")
Tested-by: Cleber Rosa 
Tested-by: Mark Cave-Ayland 
Reported-by: Howard Spoelstra 
Reported-by: Cleber Rosa 
Signed-off-by: Peter Maydell 
Message-Id: <20190205151810.571-1-peter.mayd...@linaro.org>
Reviewed-by: Richard Henderson 
Signed-off-by: Richard Henderson 
---
 include/exec/tb-lookup.h | 4 
 accel/tcg/cpu-exec.c | 3 ---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/include/exec/tb-lookup.h b/include/exec/tb-lookup.h
index 492cb68289..26921b6daf 100644
--- a/include/exec/tb-lookup.h
+++ b/include/exec/tb-lookup.h
@@ -28,6 +28,10 @@ tb_lookup__cpu_state(CPUState *cpu, target_ulong *pc, 
target_ulong *cs_base,
 cpu_get_tb_cpu_state(env, pc, cs_base, flags);
 hash = tb_jmp_cache_hash_func(*pc);
 tb = atomic_rcu_read(>tb_jmp_cache[hash]);
+
+cf_mask &= ~CF_CLUSTER_MASK;
+cf_mask |= cpu->cluster_index << CF_CLUSTER_SHIFT;
+
 if (likely(tb &&
tb->pc == *pc &&
tb->cs_base == *cs_base &&
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 7cf1292546..60d87d5a19 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -325,9 +325,6 @@ TranslationBlock *tb_htable_lookup(CPUState *cpu, 
target_ulong pc,
 struct tb_desc desc;
 uint32_t h;
 
-cf_mask &= ~CF_CLUSTER_MASK;
-cf_mask |= cpu->cluster_index << CF_CLUSTER_SHIFT;
-
 desc.env = (CPUArchState *)cpu->env_ptr;
 desc.cs_base = cs_base;
 desc.flags = flags;
-- 
2.17.2

Re: [Qemu-devel] [PATCH] accel/tcg: Consider cluster index in tb_lookup__cpu_state()

[Richard Henderson]

On 2/5/19 3:18 PM, Peter Maydell wrote:
> In commit f7b78602fdc6c6e4be we added the CPU cluster number to the
> cflags field of the TB hash; this included adding it to the value
> kept in tb->cflags, since we pass that field directly into the hash
> calculation in some places. Unfortunately we forgot to check whether
> other parts of the code were doing comparisons against tb->cflags
> that would need to be updated.
> 
> It turns out that there is exactly one such place: the
> tb_lookup__cpu_state() function checks whether the TB it has
> found in the tb_jmp_cache has a tb->cflags matching the cf_mask
> that is passed in. The tb->cflags has the cluster_index in it
> but the cf_mask does not.
> 
> Hoist the "add cluster index to the cf_mask" code up from
> tb_htable_lookup() to tb_lookup__cpu_state() so it can be considered
> in the "did this TB match in the jmp cache" condition, as well as
> when we do the full hash lookup by physical PC, flags, etc.
> (tb_htable_lookup() is only called from tb_lookup__cpu_state(),
> so this change doesn't require any further knock-on changes.)
> 
> Fixes: f7b78602fdc6c6e4be ("accel/tcg: Add cluster number to TCG TB hash")
> Reported-by: Howard Spoelstra 
> Reported-by: Cleber Rosa 
> Signed-off-by: Peter Maydell 
> ---

Queued, thanks.


r~

Re: [Qemu-devel] [PATCH v2 00/10] tcg vector improvements

[Richard Henderson]

On 2/5/19 9:29 PM, Mark Cave-Ayland wrote:
> The only minor question I had with the patchset in its current form is 
> whether to use
> the new VsrD() macro for vscr_sat, or whether we don't really care enough?

Given the comment

  /* Which bit we set is completely arbitrary, but clear the rest.  */

I don't think VsrD is helpful.


In "target/ppc: Split out VSCR_SAT to a vector field":

  ppc_vsr_t vsr[64] QEMU_ALIGNED(16);
+ /* Non-zero if and only if VSCR_SAT should be set.  */
+ ppc_vsr_t vscr_sat;

Better to add the QEMU_ALIGNED(16) to vscr_sat as well.  Yes, it will already
happen to be aligned by placement, but this is also a bit documentation.


In "target/ppc: convert vadd*s and vsub*s to vector operations":

  if (sat) {  \
- set_vscr_sat(env);  \
+ vscr_sat->u32[0] = 1;   \
  }   \

Changed in error?


r~

Re: [Qemu-devel] [PATCH] target/arm: Implement HACR_EL2

[Richard Henderson]

On 2/5/19 6:12 PM, Peter Maydell wrote:
> HACR_EL2 is a register with IMPDEF behaviour, which allows
> implementation specific trapping to EL2. Implement it as RAZ/WI,
> since QEMU's implementation has no extra traps. This also
> matches what h/w implementations like Cortex-A53 and A57 do.
> 
> Signed-off-by: Peter Maydell 
> ---
>  target/arm/helper.c | 6 ++
>  1 file changed, 6 insertions(+)

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 03/13] spapr/xive: add state synchronization with KVM

[David Gibson]

On Mon, Jan 07, 2019 at 07:39:36PM +0100, Cédric Le Goater wrote:
> This extends the KVM XIVE device backend with 'synchronize_state'
> methods used to retrieve the state from KVM. The HW state of the
> sources, the KVM device and the thread interrupt contexts are
> collected for the monitor usage and also migration.
> 
> These get operations rely on their KVM counterpart in the host kernel
> which acts as a proxy for OPAL, the host firmware. The set operations
> will be added for migration support later.
> 
> Signed-off-by: Cédric Le Goater 

Reviewed-by: David Gibson 

> ---
>  include/hw/ppc/spapr_xive.h |   9 ++
>  include/hw/ppc/xive.h   |   1 +
>  hw/intc/spapr_xive.c|  24 ++--
>  hw/intc/spapr_xive_kvm.c| 223 
>  hw/intc/xive.c  |  10 ++
>  5 files changed, 260 insertions(+), 7 deletions(-)
> 
> diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
> index 24a0be478039..02f2de20111c 100644
> --- a/include/hw/ppc/spapr_xive.h
> +++ b/include/hw/ppc/spapr_xive.h
> @@ -44,6 +44,14 @@ typedef struct sPAPRXive {
>  bool spapr_xive_irq_claim(sPAPRXive *xive, uint32_t lisn, bool lsi);
>  bool spapr_xive_irq_free(sPAPRXive *xive, uint32_t lisn);
>  void spapr_xive_pic_print_info(sPAPRXive *xive, Monitor *mon);
> +bool spapr_xive_priority_is_reserved(uint8_t priority);
> +
> +void spapr_xive_cpu_to_nvt(PowerPCCPU *cpu,
> +   uint8_t *out_nvt_blk, uint32_t *out_nvt_idx);
> +void spapr_xive_cpu_to_end(PowerPCCPU *cpu, uint8_t prio,
> +   uint8_t *out_end_blk, uint32_t *out_end_idx);
> +int spapr_xive_target_to_end(uint32_t target, uint8_t prio,
> + uint8_t *out_end_blk, uint32_t *out_end_idx);
>  
>  typedef struct sPAPRMachineState sPAPRMachineState;
>  
> @@ -58,5 +66,6 @@ void spapr_xive_map_mmio(sPAPRXive *xive);
>   * KVM XIVE device helpers
>   */
>  void kvmppc_xive_connect(sPAPRXive *xive, Error **errp);
> +void kvmppc_xive_synchronize_state(sPAPRXive *xive, Error **errp);
>  
>  #endif /* PPC_SPAPR_XIVE_H */
> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
> index 4bbba8d39a65..2e48d75a22e0 100644
> --- a/include/hw/ppc/xive.h
> +++ b/include/hw/ppc/xive.h
> @@ -442,5 +442,6 @@ static inline bool kvmppc_xive_enabled(void)
>  void kvmppc_xive_source_reset(XiveSource *xsrc, Error **errp);
>  void kvmppc_xive_source_set_irq(void *opaque, int srcno, int val);
>  void kvmppc_xive_cpu_connect(XiveTCTX *tctx, Error **errp);
> +void kvmppc_xive_cpu_synchronize_state(XiveTCTX *tctx, Error **errp);
>  
>  #endif /* PPC_XIVE_H */
> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
> index cf6d3a5f12e1..50dd66707968 100644
> --- a/hw/intc/spapr_xive.c
> +++ b/hw/intc/spapr_xive.c
> @@ -54,8 +54,8 @@ static uint32_t spapr_xive_nvt_to_target(uint8_t nvt_blk, 
> uint32_t nvt_idx)
>  return nvt_idx - SPAPR_XIVE_NVT_BASE;
>  }
>  
> -static void spapr_xive_cpu_to_nvt(PowerPCCPU *cpu,
> -  uint8_t *out_nvt_blk, uint32_t 
> *out_nvt_idx)
> +void spapr_xive_cpu_to_nvt(PowerPCCPU *cpu,
> +   uint8_t *out_nvt_blk, uint32_t *out_nvt_idx)
>  {
>  assert(cpu);
>  
> @@ -85,8 +85,8 @@ static int spapr_xive_target_to_nvt(uint32_t target,
>   * sPAPR END indexing uses a simple mapping of the CPU vcpu_id, 8
>   * priorities per CPU
>   */
> -static void spapr_xive_cpu_to_end(PowerPCCPU *cpu, uint8_t prio,
> -  uint8_t *out_end_blk, uint32_t 
> *out_end_idx)
> +void spapr_xive_cpu_to_end(PowerPCCPU *cpu, uint8_t prio,
> +   uint8_t *out_end_blk, uint32_t *out_end_idx)
>  {
>  assert(cpu);
>  
> @@ -99,8 +99,8 @@ static void spapr_xive_cpu_to_end(PowerPCCPU *cpu, uint8_t 
> prio,
>  }
>  }
>  
> -static int spapr_xive_target_to_end(uint32_t target, uint8_t prio,
> -uint8_t *out_end_blk, uint32_t 
> *out_end_idx)
> +int spapr_xive_target_to_end(uint32_t target, uint8_t prio,
> + uint8_t *out_end_blk, uint32_t *out_end_idx)
>  {
>  PowerPCCPU *cpu = spapr_find_cpu(target);
>  
> @@ -139,6 +139,16 @@ void spapr_xive_pic_print_info(sPAPRXive *xive, Monitor 
> *mon)
>  XiveSource *xsrc = >source;
>  int i;
>  
> +if (kvmppc_xive_enabled()) {
> +Error *local_err = NULL;
> +
> +kvmppc_xive_synchronize_state(xive, _err);
> +if (local_err) {
> +error_report_err(local_err);
> +return;
> +}
> +}
> +
>  monitor_printf(mon, "  LSIN PQEISN CPU/PRIO EQ\n");
>  
>  for (i = 0; i < xive->nr_irqs; i++) {
> @@ -529,7 +539,7 @@ bool spapr_xive_irq_free(sPAPRXive *xive, uint32_t lisn)
>   * interrupts (DD2.X POWER9). So we only allow the guest to use
>   * priorities [0..6].
>   */
> -static bool spapr_xive_priority_is_reserved(uint8_t priority)
> +bool spapr_xive_priority_is_reserved(uint8_t 

Re: [Qemu-devel] [PATCH 04/13] spapr/xive: introduce a VM state change handler

[David Gibson]

On Mon, Jan 07, 2019 at 07:39:37PM +0100, Cédric Le Goater wrote:
> This handler is in charge of stabilizing the flow of event notifications
> in the XIVE controller before migrating a guest. This is a requirement
> before transferring the guest EQ pages to a destination.
> 
> When the VM is stopped, the handler masks the sources (PQ=01) to stop
> the flow of events and saves their previous state. The XIVE controller
> is then synced through KVM to flush any in-flight event notification
> and to stabilize the EQs. At this stage, the EQ pages are marked dirty
> to make sure the EQ pages are transferred if a migration sequence is
> in progress.
> 
> The previous configuration of the sources is restored when the VM
> resumes, after a migration or a stop.
> 
> Signed-off-by: Cédric Le Goater 

Looks fine apart from interface details discussed on the kernel series.

> ---
>  include/hw/ppc/spapr_xive.h |   1 +
>  hw/intc/spapr_xive_kvm.c| 111 +++-
>  2 files changed, 111 insertions(+), 1 deletion(-)
> 
> diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
> index 02f2de20111c..8815ed5aa372 100644
> --- a/include/hw/ppc/spapr_xive.h
> +++ b/include/hw/ppc/spapr_xive.h
> @@ -39,6 +39,7 @@ typedef struct sPAPRXive {
>  /* KVM support */
>  int   fd;
>  void  *tm_mmap;
> +VMChangeStateEntry *change;
>  } sPAPRXive;
>  
>  bool spapr_xive_irq_claim(sPAPRXive *xive, uint32_t lisn, bool lsi);
> diff --git a/hw/intc/spapr_xive_kvm.c b/hw/intc/spapr_xive_kvm.c
> index f52bddc92a2a..c7639ffe7758 100644
> --- a/hw/intc/spapr_xive_kvm.c
> +++ b/hw/intc/spapr_xive_kvm.c
> @@ -350,13 +350,119 @@ static void kvmppc_xive_get_eas_state(sPAPRXive *xive, 
> Error **errp)
>  }
>  }
>  
> +/*
> + * Sync the XIVE controller through KVM to flush any in-flight event
> + * notification and stabilize the EQs.
> + */
> + static void kvmppc_xive_sync_all(sPAPRXive *xive, Error **errp)
> +{
> +XiveSource *xsrc = >source;
> +Error *local_err = NULL;
> +int i;
> +
> +/* Sync the KVM source. This reaches the XIVE HW through OPAL */
> +for (i = 0; i < xsrc->nr_irqs; i++) {
> +XiveEAS *eas = >eat[i];
> +
> +if (!xive_eas_is_valid(eas)) {
> +continue;
> +}
> +
> +kvm_device_access(xive->fd, KVM_DEV_XIVE_GRP_SYNC, i, NULL, true,
> +  _err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +}
> +}
> +
> +/*
> + * The primary goal of the XIVE VM change handler is to mark the EQ
> + * pages dirty when all XIVE event notifications have stopped.
> + *
> + * Whenever the VM is stopped, the VM change handler masks the sources
> + * (PQ=01) to stop the flow of events and saves the previous state in
> + * anticipation of a migration. The XIVE controller is then synced
> + * through KVM to flush any in-flight event notification and stabilize
> + * the EQs.
> + *
> + * At this stage, we can mark the EQ page dirty and let a migration
> + * sequence transfer the EQ pages to the destination, which is done
> + * just after the stop state.
> + *
> + * The previous configuration of the sources is restored when the VM
> + * runs again.
> + */
> +static void kvmppc_xive_change_state_handler(void *opaque, int running,
> + RunState state)
> +{
> +sPAPRXive *xive = opaque;
> +XiveSource *xsrc = >source;
> +Error *local_err = NULL;
> +int i;
> +
> +/*
> + * Restore the sources to their initial state. This is called when
> + * the VM resumes after a stop or a migration.
> + */
> +if (running) {
> +for (i = 0; i < xsrc->nr_irqs; i++) {
> +uint8_t pq = xive_source_esb_get(xsrc, i);
> +if (xive_esb_read(xsrc, i, XIVE_ESB_SET_PQ_00 + (pq << 8)) != 
> 0x1) {
> +error_report("XIVE: IRQ %d has an invalid state", i);
> +}
> +}
> +
> +return;
> +}
> +
> +/*
> + * Mask the sources, to stop the flow of event notifications, and
> + * save the PQs locally in the XiveSource object. The XiveSource
> + * state will be collected later on by its vmstate handler if a
> + * migration is in progress.
> + */
> +for (i = 0; i < xsrc->nr_irqs; i++) {
> +uint8_t pq = xive_esb_read(xsrc, i, XIVE_ESB_SET_PQ_01);
> +xive_source_esb_set(xsrc, i, pq);
> +}
> +
> +/*
> + * Sync the XIVE controller in KVM, to flush in-flight event
> + * notification that should be enqueued in the EQs.
> + */
> +kvmppc_xive_sync_all(xive, _err);
> +if (local_err) {
> +error_report_err(local_err);
> +return;
> +}
> +
> +/*
> + * Mark the XIVE EQ pages dirty to collect all updates.
> + */
> +kvm_device_access(xive->fd, KVM_DEV_XIVE_GRP_CTRL,
> +  KVM_DEV_XIVE_SAVE_EQ_PAGES, NULL, true, _err);

Re: [Qemu-devel] [PATCH 02/13] spapr/xive: add KVM support

[David Gibson]

On Mon, Jan 07, 2019 at 07:39:35PM +0100, Cédric Le Goater wrote:
> This introduces a set of helpers when KVM is in use, which create the
> KVM XIVE device, initialize the interrupt sources at a KVM level and
> connect the interrupt presenters to the vCPU.
> 
> They also handle the initialization of the TIMA and the source ESB
> memory regions of the controller. These have a different type under
> KVM. They are 'ram device' memory mappings, similarly to VFIO, exposed
> to the guest and the associated VMAs on the host are populated
> dynamically with the appropriate pages using a fault handler.
> 
> Signed-off-by: Cédric Le Goater 

Looks fine apart from the details of how the KVM interface works.

> ---
>  default-configs/ppc64-softmmu.mak |   1 +
>  include/hw/ppc/spapr_xive.h   |  10 ++
>  include/hw/ppc/xive.h |  22 +++
>  target/ppc/kvm_ppc.h  |   6 +
>  hw/intc/spapr_xive.c  |  31 ++--
>  hw/intc/spapr_xive_kvm.c  | 254 ++
>  hw/intc/xive.c|  22 ++-
>  hw/ppc/spapr_irq.c|  11 +-
>  target/ppc/kvm.c  |   7 +
>  hw/intc/Makefile.objs |   1 +
>  10 files changed, 349 insertions(+), 16 deletions(-)
>  create mode 100644 hw/intc/spapr_xive_kvm.c
> 
> diff --git a/default-configs/ppc64-softmmu.mak 
> b/default-configs/ppc64-softmmu.mak
> index 7f34ad0528ed..c1bf5cd951f5 100644
> --- a/default-configs/ppc64-softmmu.mak
> +++ b/default-configs/ppc64-softmmu.mak
> @@ -18,6 +18,7 @@ CONFIG_XICS_SPAPR=$(CONFIG_PSERIES)
>  CONFIG_XICS_KVM=$(call land,$(CONFIG_PSERIES),$(CONFIG_KVM))
>  CONFIG_XIVE=$(CONFIG_PSERIES)
>  CONFIG_XIVE_SPAPR=$(CONFIG_PSERIES)
> +CONFIG_XIVE_KVM=$(call land,$(CONFIG_PSERIES),$(CONFIG_KVM))
>  CONFIG_MEM_DEVICE=y
>  CONFIG_DIMM=y
>  CONFIG_SPAPR_RNG=y
> diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
> index 7fdc25057420..24a0be478039 100644
> --- a/include/hw/ppc/spapr_xive.h
> +++ b/include/hw/ppc/spapr_xive.h
> @@ -35,6 +35,10 @@ typedef struct sPAPRXive {
>  /* TIMA mapping address */
>  hwaddrtm_base;
>  MemoryRegion  tm_mmio;
> +
> +/* KVM support */
> +int   fd;
> +void  *tm_mmap;
>  } sPAPRXive;
>  
>  bool spapr_xive_irq_claim(sPAPRXive *xive, uint32_t lisn, bool lsi);
> @@ -48,5 +52,11 @@ void spapr_dt_xive(sPAPRMachineState *spapr, uint32_t 
> nr_servers, void *fdt,
> uint32_t phandle);
>  void spapr_xive_set_tctx_os_cam(XiveTCTX *tctx);
>  void spapr_xive_mmio_set_enabled(sPAPRXive *xive, bool enable);
> +void spapr_xive_map_mmio(sPAPRXive *xive);
> +
> +/*
> + * KVM XIVE device helpers
> + */
> +void kvmppc_xive_connect(sPAPRXive *xive, Error **errp);
>  
>  #endif /* PPC_SPAPR_XIVE_H */
> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
> index ec23253ba448..4bbba8d39a65 100644
> --- a/include/hw/ppc/xive.h
> +++ b/include/hw/ppc/xive.h
> @@ -140,6 +140,7 @@
>  #ifndef PPC_XIVE_H
>  #define PPC_XIVE_H
>  
> +#include "sysemu/kvm.h"
>  #include "hw/qdev-core.h"
>  #include "hw/sysbus.h"
>  #include "hw/ppc/xive_regs.h"
> @@ -194,6 +195,9 @@ typedef struct XiveSource {
>  uint32_tesb_shift;
>  MemoryRegionesb_mmio;
>  
> +/* KVM support */
> +void*esb_mmap;
> +
>  XiveNotifier*xive;
>  } XiveSource;
>  
> @@ -421,4 +425,22 @@ static inline uint32_t xive_nvt_cam_line(uint8_t 
> nvt_blk, uint32_t nvt_idx)
>  return (nvt_blk << 19) | nvt_idx;
>  }
>  
> +/*
> + * KVM XIVE device helpers
> + */
> +
> +/* Keep inlined to discard compile of KVM code sections */
> +static inline bool kvmppc_xive_enabled(void)
> +{
> +if (kvm_enabled()) {
> +return machine_kernel_irqchip_allowed(MACHINE(qdev_get_machine()));
> +} else {
> +return false;
> +}
> +}
> +
> +void kvmppc_xive_source_reset(XiveSource *xsrc, Error **errp);
> +void kvmppc_xive_source_set_irq(void *opaque, int srcno, int val);
> +void kvmppc_xive_cpu_connect(XiveTCTX *tctx, Error **errp);
> +
>  #endif /* PPC_XIVE_H */
> diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
> index bdfaa4e70a83..d2159660f9f2 100644
> --- a/target/ppc/kvm_ppc.h
> +++ b/target/ppc/kvm_ppc.h
> @@ -59,6 +59,7 @@ bool kvmppc_has_cap_fixup_hcalls(void);
>  bool kvmppc_has_cap_htm(void);
>  bool kvmppc_has_cap_mmu_radix(void);
>  bool kvmppc_has_cap_mmu_hash_v3(void);
> +bool kvmppc_has_cap_xive(void);
>  int kvmppc_get_cap_safe_cache(void);
>  int kvmppc_get_cap_safe_bounds_check(void);
>  int kvmppc_get_cap_safe_indirect_branch(void);
> @@ -307,6 +308,11 @@ static inline bool kvmppc_has_cap_mmu_hash_v3(void)
>  return false;
>  }
>  
> +static inline bool kvmppc_has_cap_xive(void)
> +{
> +return false;
> +}
> +
>  static inline int kvmppc_get_cap_safe_cache(void)
>  {
>  return 0;
> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
> index d391177ab81f..cf6d3a5f12e1 100644
> --- a/hw/intc/spapr_xive.c
> +++ 

Re: [Qemu-devel] [PATCH v1] softfloat: add float128_is_{normal, denormal}

[Richard Henderson]

On 2/5/19 4:22 PM, David Hildenbrand wrote:
> +static inline bool float128_is_normal(float128 a)
> +{
> +return ((a.high + (1ULL << 47)) & -1ULL >> 1) >= 1ULL << 48;

I believe this is off by one: 1 << 48 and >= 1 << 49.

The exponent is at [62:48].  The trick is adding 1, letting Inf+NaN overflow
into the sign, masking out the sign, and checking that the result >= 2 to
eliminate Inf+NaN (0) and Zero+Denormal (1).

I think this is clearer as

  (((a.high >> 48) + 1) & 0x7fff) >= 2.

It might be worth applying this to the other formats for clarity...


r~

Re: [Qemu-devel] [PATCH] accel/tcg: Consider cluster index in tb_lookup__cpu_state()

[Richard Henderson]

On 2/5/19 3:18 PM, Peter Maydell wrote:
> In commit f7b78602fdc6c6e4be we added the CPU cluster number to the
> cflags field of the TB hash; this included adding it to the value
> kept in tb->cflags, since we pass that field directly into the hash
> calculation in some places. Unfortunately we forgot to check whether
> other parts of the code were doing comparisons against tb->cflags
> that would need to be updated.
> 
> It turns out that there is exactly one such place: the
> tb_lookup__cpu_state() function checks whether the TB it has
> found in the tb_jmp_cache has a tb->cflags matching the cf_mask
> that is passed in. The tb->cflags has the cluster_index in it
> but the cf_mask does not.
> 
> Hoist the "add cluster index to the cf_mask" code up from
> tb_htable_lookup() to tb_lookup__cpu_state() so it can be considered
> in the "did this TB match in the jmp cache" condition, as well as
> when we do the full hash lookup by physical PC, flags, etc.
> (tb_htable_lookup() is only called from tb_lookup__cpu_state(),
> so this change doesn't require any further knock-on changes.)
> 
> Fixes: f7b78602fdc6c6e4be ("accel/tcg: Add cluster number to TCG TB hash")
> Reported-by: Howard Spoelstra 
> Reported-by: Cleber Rosa 
> Signed-off-by: Peter Maydell 

Reviewed-by: Richard Henderson 

> Does anybody know why tb_lookup__cpu_state() has that odd
> double-underscore in the middle of its name?

I'm inclined to think typo...  Emilio?


r~

Re: [Qemu-devel] [PATCH v3 03/19] xics: Disintricate allocation and type setting of interrupts

[David Gibson]

On Tue, Feb 05, 2019 at 03:59:15PM +0100, Greg Kurz wrote:
> On Tue, 5 Feb 2019 17:13:46 +1100
> David Gibson  wrote:
> 
> > On Thu, Jan 17, 2019 at 06:14:46PM +0100, Greg Kurz wrote:
> > > The current code assumes that an interrupt is allocated as soon as its
> > > type is set to MSI or LSI. PHB hotplug will require to be able to set
> > > the type of an interrupt before actually allocating it.  
> > 
> > Hm.. why?
> > 
> 
> The justification for that is given in patch 6 actually:
> 
> Every PHB needs to claim 4 LSIs to support legacy PCI devices. This is
> currently done at PHB realize. When using in-kernel XICS (or upcoming
> in-kernel XIVE), QEMU synchronizes the state of all irqs, including
> these LSIs, later on at machine reset.
> 
> In order to support PHB hotplug, we need a way to tell KVM about the
> LSIs that doesn't require a machine reset. Since these irq numbers are
> fixed values derived from the PHB index, let's identify them all at
> machine init. Older machines that don't have fixed irq numbers cannot
> support PHB hotplug and keep the existing behavior.

Sounds good.

> FYI, I'm currently reworking that part entirely. Maybe not worth wasting to
> much time on reviewing this v3.

Ok, I have plenty of other stuff to review, so I'll wait for the next spin.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] qmp-shell: fix nested json regression

[John Snow]

On 2/5/19 8:49 AM, Marc-André Lureau wrote:
> Commit fcfab7541 ("qmp-shell: learn to send commands with quoted
> arguments") introduces the usage of Python 'shlex' to handle quoted
> arguments, but it accidentally broke generation of nested JSON
> structs.
> 
> shlex drops quotes, which breaks parsing of the nested struct.
> 
> cmd='blockdev-create job-id="job0 foo" 
> options={"driver":"qcow2","size":16384,"file":{"driver":"file","filename":"foo.qcow2"}}'
> 
> shlex.split(cmd)
> ['blockdev-create',
>  'job-id=job0 foo',
>  'options={driver:qcow2,size:16384,file:{driver:file,filename:foo.qcow2}}']
> 
> Replace with a regexp to split while respecting quoted strings and preserving 
> quotes:
> 
> re.findall(r'''(?:[^\s"']|"(?:\\.|[^"])*"|'(?:\\.|[^'])*')+''', cmd)
> ['blockdev-create',
>  'job-id="job0 foo"',
>  
> 'options={"driver":"qcow2","size":16384,"file":{"driver":"file","filename":"foo.qcow2"}}']
> 
> Fixes: fcfab7541 ("qmp-shell: learn to send commands with quoted arguments")
> Reported-by: Kashyap Chamarthy 
> Signed-off-by: Marc-André Lureau 
> ---
>  scripts/qmp/qmp-shell | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/scripts/qmp/qmp-shell b/scripts/qmp/qmp-shell
> index 770140772d..813dd68232 100755
> --- a/scripts/qmp/qmp-shell
> +++ b/scripts/qmp/qmp-shell
> @@ -74,7 +74,7 @@ import sys
>  import os
>  import errno
>  import atexit
> -import shlex
> +import re
>  
>  class QMPCompleter(list):
>  def complete(self, text, state):
> @@ -220,7 +220,7 @@ class QMPShell(qmp.QEMUMonitorProtocol):
>  
>  < command-name > [ arg-name1=arg1 ] ... [ arg-nameN=argN ]
>  """
> -cmdargs = shlex.split(cmdline)
> +cmdargs = 
> re.findall(r'''(?:[^\s"']|"(?:\\.|[^"])*"|'(?:\\.|[^'])*')+''', cmdline)

It might really be nice to have a comment briefly explaining the regex.
This is pretty close to symbol soup.

Though I suppose we are approaching the limits of what this hacky little
debug script can do for us...

thank you for fixing it.

>  
>  # Transactional CLI entry/exit:
>  if cmdargs[0] == 'transaction(':
> 

[Qemu-devel] [PATCH] Do not update coalesced IO range in the case of NOP

[Jagannathan Raman]

Hi,

I noticed the following backtrace while launching upstream QEMU with
virtio devices.

#0  0x7fffdf7292c7 in raise () at /lib64/libc.so.6
#1  0x7fffdf72a9b8 in abort () at /lib64/libc.so.6
#2  0x5589a0c5 in kvm_mem_ioeventfd_add (listener=0x56946ac8, 
section=0x7ffdc5ff8140, match_data=false, data=0, e=0x7ffdd422e078) at 
/home/upstream/qemu/accel/kvm/kvm-all.c:866
#3  0x5587e3a3 in address_space_add_del_ioeventfds (as=0x567c92c0 
, fds_new=0x7ffdb4000e40, fds_new_nb=1, fds_old=0x0, 
fds_old_nb=0) at /home/upstream/qemu/memory.c:793
#4  0x5587e6ca in address_space_update_ioeventfds (as=0x567c92c0 
) at /home/upstream/qemu/memory.c:843
#5  0x5587f5db in memory_region_transaction_commit () at 
/home/upstream/qemu/memory.c:1094
#6  0x558825df in memory_region_add_eventfd (mr=0x576216d0, addr=0, 
size=0, match_data=false, data=0, e=0x7ffdd422e078) at 
/home/upstream/qemu/memory.c:2303
#7  0x55c155b2 in virtio_pci_ioeventfd_assign (d=0x57620a00, 
notifier=0x7ffdd422e078, n=0, assign=true) at 
/home/upstream/qemu/hw/virtio/virtio-pci.c:243
#8  0x55c136d6 in virtio_bus_set_host_notifier (bus=0x57628af8, 
n=0, assign=true) at /home/upstream/qemu/hw/virtio/virtio-bus.c:283
#9  0x558fa4c4 in virtio_scsi_vring_init (s=0x57628b70, 
vq=0x7ffdd422e010, n=0, fn=0x558fa2c3 ) 
at /home/upstream/qemu/hw/scsi/virtio-scsi-dataplane.c:98
#10 0x558fa78f in virtio_scsi_dataplane_start (vdev=0x57628b70) at 
/home/upstream/qemu/hw/scsi/virtio-scsi-dataplane.c:151
#11 0x55c133f4 in virtio_bus_start_ioeventfd (bus=0x57628af8) at 
/home/upstream/qemu/hw/virtio/virtio-bus.c:223
#12 0x55c15739 in virtio_pci_start_ioeventfd (proxy=0x57620a00) at 
/home/upstream/qemu/hw/virtio/virtio-pci.c:282
#13 0x55c17b75 in virtio_pci_common_write (opaque=0x57620a00, 
addr=20, val=15, size=1) at /home/upstream/qemu/hw/virtio/virtio-pci.c:1233
#14 0x5587d1f4 in memory_region_write_accessor (mr=0x576213d0, 
addr=20, value=0x7ffdc5ff8638, size=1, shift=0, mask=255, attrs=...) at 
/home/upstream/qemu/memory.c:502
#15 0x5587d3fe in access_with_adjusted_size (addr=20, 
value=0x7ffdc5ff8638, size=1, access_size_min=1, access_size_max=4, 
access_fn=0x5587d114 , mr=0x576213d0, 
attrs=...) at /home/upstream/qemu/memory.c:568
#16 0x5588056c in memory_region_dispatch_write (mr=0x576213d0, 
addr=20, data=15, size=1, attrs=...) at /home/upstream/qemu/memory.c:1499
#17 0x558157f9 in flatview_write_continue (fv=0x7ffdbc0008f0, 
addr=4261412884, attrs=..., buf=0x77e6b028 "\017?", len=1, addr1=20, l=1, 
mr=0x576213d0) at /home/upstream/qemu/exec.c:3249
#18 0x55815958 in flatview_write (fv=0x7ffdbc0008f0, addr=4261412884, 
attrs=..., buf=0x77e6b028 "\017?", len=1) at /home/upstream/qemu/exec.c:3288
#19 0x55815c78 in address_space_write (as=0x567c92c0 
, addr=4261412884, attrs=..., buf=0x77e6b028 "\017?", 
len=1) at /home/upstream/qemu/exec.c:3378
#20 0x55815cc9 in address_space_rw (as=0x567c92c0 
, addr=4261412884, attrs=..., buf=0x77e6b028 "\017?", 
len=1, is_write=true) at /home/upstream/qemu/exec.c:3389
#21 0x5589ca60 in kvm_cpu_exec (cpu=0x56aa5e70) at 
/home/upstream/qemu/accel/kvm/kvm-all.c:2031
#22 0x5586094d in qemu_kvm_cpu_thread_fn (arg=0x56aa5e70) at 
/home/upstream/qemu/cpus.c:1281
#23 0x55e02022 in qemu_thread_start (args=0x56ac8560) at 
/home/upstream/qemu/util/qemu-thread-posix.c:502
#24 0x7fffdfac7dd5 in start_thread () at /lib64/libpthread.so.0
#25 0x7fffdf7f0f6d in clone () at /lib64/libc.so.6


This bug was introduced by commit
3ac7d43a6fbb ("memory: update coalesced_range on transaction_commit")

Reviewing the above patch, it was found that we don't need to add/del
coalesced IO region in the case where the same FlatRanges are
present in the old and new FlatViews. The additional calls to add/del
coalesced IO regions affect the "dev_count" & "ioeventfd_count"
counters in kvm_io_bus data structure, resulting in the following
check to fail in the kernel. This is the cause of the above backtrace.

kvm_io_bus_register_dev():
if (bus->dev_count - bus->ioeventfd_count > NR_IOBUS_DEVS - 1)
return -ENOSPC;

Avoiding coalesced IO region update in the case of NOP fixes this issue.

Jagannathan Raman (1):
  memory: Do not update coalesced IO range in the case of NOP

 memory.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

-- 
1.8.3.1

[Qemu-devel] [PATCH] memory: Do not update coalesced IO range in the case of NOP

[Jagannathan Raman]

Do not add/del coalesced IO ranges in the case where the
same FlatRanges are present in both old and new FlatViews

Fixes: 3ac7d43a6fbb ("memory: update coalesced_range on transaction_commit")
Signed-off-by: Jagannathan Raman 
---
 memory.c | 5 +
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/memory.c b/memory.c
index 61d66e4..e49369d 100644
--- a/memory.c
+++ b/memory.c
@@ -932,9 +932,7 @@ static void address_space_update_topology_pass(AddressSpace 
*as,
 } else if (frold && frnew && flatrange_equal(frold, frnew)) {
 /* In both and unchanged (except logging may have changed) */
 
-if (!adding) {
-flat_range_coalesced_io_del(frold, as);
-} else {
+if (adding) {
 MEMORY_LISTENER_UPDATE_REGION(frnew, as, Forward, region_nop);
 if (frnew->dirty_log_mask & ~frold->dirty_log_mask) {
 MEMORY_LISTENER_UPDATE_REGION(frnew, as, Forward, 
log_start,
@@ -946,7 +944,6 @@ static void address_space_update_topology_pass(AddressSpace 
*as,
   frold->dirty_log_mask,
   frnew->dirty_log_mask);
 }
-flat_range_coalesced_io_add(frnew, as);
 }
 
 ++iold;
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v2 09/18] tests/vm/openbsd: Install Bash from the ports

[Brad Smith]

On 2/5/2019 9:23 AM, Philippe Mathieu-Daudé wrote:


Hi Brad,

On 2/5/19 2:57 PM, Brad Smith wrote:

If someone could point me in the right direction as to how the image is
created
I could look at coming up with something newer. I would prefer that over
some
of the workarounds I've seen to date.

I'm not an OpenBSD user, so I'm more than happy if you can help the
upstream community to test QEMU codebase on this OS. Testing helps us to
avoid code rot.

What we currently use to run tests is the 'tests/vm/openbsd' script.
The script itself doesn't document how it was built, but looking at the
commit of his introduction fdfaa33291eb we have:

 The image is prepared following instructions as in:

 https://wiki.qemu.org/Hosts/BSD


Ok, well that brings me to my next question. How do I get access to the 
Wiki to update

the instructions?

[Qemu-devel] [PATCH for-3.0.x/PATCH for-3.0.1] acpi: Make TPM 2.0 with TIS available as MSFT0101

[Stefan Berger]

From: Stefan Berger 

This is a backport of rev 24cf5413aa0 to 3.0.x and 3.1.x.

This patch makes the a TPM 2.0 with TIS interface available under the
HID 'MSF0101'. This is supported by Linux and also Windows now
recognizes the TPM 2.0 with TIS interface. Leave the TPM 1.2 as before.

Signed-off-by: Stefan Berger 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Igor Mammedov 
---
 hw/i386/acpi-build.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index e1ee8ae9e0..429d9b05e0 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -2134,8 +2134,16 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
 build_append_pci_bus_devices(scope, bus, pm->pcihp_bridge_en);
 
 if (TPM_IS_TIS(tpm_find())) {
-dev = aml_device("ISA.TPM");
-aml_append(dev, aml_name_decl("_HID", aml_eisaid("PNP0C31")));
+if (misc->tpm_version == TPM_VERSION_2_0) {
+dev = aml_device("TPM");
+aml_append(dev, aml_name_decl("_HID",
+  aml_string("MSFT0101")));
+} else {
+dev = aml_device("ISA.TPM");
+aml_append(dev, aml_name_decl("_HID",
+  aml_eisaid("PNP0C31")));
+}
+
 aml_append(dev, aml_name_decl("_STA", aml_int(0xF)));
 crs = aml_resource_template();
 aml_append(crs, aml_memory32_fixed(TPM_TIS_ADDR_BASE,
-- 
2.20.1

Re: [Qemu-devel] [PATCH v2 00/10] tcg vector improvements

[Mark Cave-Ayland]

On 23/01/2019 05:09, Richard Henderson wrote:

> On 1/7/19 5:11 AM, Mark Cave-Ayland wrote:
>> #7  0x55852e53 in expand_4_vec (vece=2, dofs=197872,
>> aofs=198288, bofs=197776, cofs=197792, oprsz=16, tysz=16,
>> type=TCG_TYPE_V128, write_aofs=true, fni=0x5599182a
>> ) at
>> /home/hsp/src/qemu-altivec-55/tcg/tcg-op-gvec.c:903
>> t0 = 0x1848
>> t1 = 0x1880
>> t2 = 0x18b8
>> t3 = 0x18f0
>> i = 0
>> #8  0x55853cc4 in tcg_gen_gvec_4 (dofs=197872, aofs=198288,
>> bofs=197776, cofs=197792, oprsz=16, maxsz=16, g=0x562d33c0 ) at
>> /home/hsp/src/qemu-altivec-55/tcg/tcg-op-gvec.c:1211
>> type = TCG_TYPE_V128
>> some = 21845
>> __PRETTY_FUNCTION__ = "tcg_gen_gvec_4"
>> __func__ = "tcg_gen_gvec_4"
>> #9  0x55991987 in gen_vaddsws (ctx=0x7fffe3ffe5f0) at
>> /home/hsp/src/qemu-altivec-55/target/ppc/translate/vmx-impl.inc.c:597
>> g = {fni8 = 0x0, fni4 = 0x0, fniv = 0x5599182a
>> , fno = 0x559601a1 , opc =
>> INDEX_op_add_vec, data = 0, vece = 2 '\002', prefer_i64 = false,
>> write_aofs = true}
>>
>>
>> Certainly according to patch 7 of the series only 8-bit and 16-bit accesses 
>> are
>> supported on i386 hosts, but shouldn't we be falling back to the previous
>> implementations rather than hitting an assert()?
> 
> In here:
> 
> #define GEN_VXFORM_SAT(NAME, VECE, NORM, SAT, OPC2, OPC3)   \
> static void glue(glue(gen_, NAME), _vec)(unsigned vece, TCGv_vec t, \
>  TCGv_vec sat, TCGv_vec a,  \
>  TCGv_vec b)\
> {   \
> TCGv_vec x = tcg_temp_new_vec_matching(t);  \
> glue(glue(tcg_gen_, NORM), _vec)(VECE, x, a, b);\
> glue(glue(tcg_gen_, SAT), _vec)(VECE, t, a, b); \
> tcg_gen_cmp_vec(TCG_COND_NE, VECE, x, x, t);\
> tcg_gen_or_vec(VECE, sat, sat, x);  \
> tcg_temp_free_vec(x);   \
> }   \
> static void glue(gen_, NAME)(DisasContext *ctx) \
> {   \
> static const GVecGen4 g = { \
> .fniv = glue(glue(gen_, NAME), _vec),   \
> .fno = glue(gen_helper_, NAME), \
> .opc = glue(glue(INDEX_op_, NORM), _vec),   \
> 
> s/NORM/SAT/, so that we query whether the saturated opcode is supported.  The
> normal arithmetic, cmp, and or opcodes are mandatory; we don't need to do
> anything with those.

Now that this and the other pre-requisite patches have been merged into master, 
I've
rebased the outstanding PPC parts of your "tcg, target/ppc vector improvements" 
on
master including the above fix and pushed the result to
https://github.com/mcayland/qemu/commits/ppc-altivec-v6.

The good news is that the graphics corruption I originally noticed caused by the
patch introducing the saturating add/sub vector ops has now gone, and with my
little-endian vsplt fix included then both OS X and MacOS 9 appear to run 
without any
obvious issues on an x86 host, and certainly feel smoother compared to before.

The only minor question I had with the patchset in its current form is whether 
to use
the new VsrD() macro for vscr_sat, or whether we don't really care enough?


ATB,

Mark.

Re: [Qemu-devel] [PATCH v2 2/5] virtio-blk: add "discard-wzeroes" boolean property

[Michael S. Tsirkin]

On Thu, Jan 31, 2019 at 06:37:13PM +0100, Stefano Garzarella wrote:
> On Thu, Jan 31, 2019 at 11:43:07AM -0500, Michael S. Tsirkin wrote:
> > On Thu, Jan 31, 2019 at 04:50:46PM +0100, Stefano Garzarella wrote:
> > > On Thu, Jan 31, 2019 at 03:40:38PM +, Dr. David Alan Gilbert wrote:
> > > > * Stefano Garzarella (sgarz...@redhat.com) wrote:
> > > > > In order to avoid migration issues, we enable DISCARD and
> > > > > WRITE ZEROES features only for machine type >= 4.0
> > > > > 
> > > > > Suggested-by: Dr. David Alan Gilbert 
> > > > > Signed-off-by: Stefano Garzarella 
> > > > > ---
> > > > >  hw/block/virtio-blk.c  | 2 ++
> > > > >  hw/core/machine.c  | 1 +
> > > > >  include/hw/virtio/virtio-blk.h | 1 +
> > > > >  3 files changed, 4 insertions(+)
> > > > > 
> > > > > diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
> > > > > index 8a6754d9a2..542ec52536 100644
> > > > > --- a/hw/block/virtio-blk.c
> > > > > +++ b/hw/block/virtio-blk.c
> > > > > @@ -1026,6 +1026,8 @@ static Property virtio_blk_properties[] = {
> > > > >  DEFINE_PROP_UINT16("queue-size", VirtIOBlock, conf.queue_size, 
> > > > > 128),
> > > > >  DEFINE_PROP_LINK("iothread", VirtIOBlock, conf.iothread, 
> > > > > TYPE_IOTHREAD,
> > > > >   IOThread *),
> > > > > +DEFINE_PROP_BIT("discard-wzeroes", VirtIOBlock, 
> > > > > conf.discard_wzeroes, 0,
> > > > > + true),
> > > > 
> > > > I think that's OK, but do you really want a DEFINE_PROP_BOOL and
> > > > a bool discard_wzeroes?
> > > > I think DEFINE_PROP_BIT is mostly used for a flag word where each
> > > > property is one more bit in the field.
> > > > 
> > > > Dave
> > > > 
> > > 
> > > Hi Dave,
> > > I was in doubt if to use DEFINE_PROP_BIT or DEFINE_PROP_BOOL, but
> > > looking in the virtio-blk.c, I found that also other boolean like
> > > "config-wce", "scsi", and "request-merging" was defined with
> > > DEFINE_PROP_BIT, so I followed this trand.
> > > 
> > > But I agree with you, DEFINE_PROP_BOOL should be better, so I will change 
> > > it!
> > > 
> > > Thanks,
> > > Stefano
> > 
> > I wonder why doesn't virtio-blk set bits directly in host_features?
> > For example this is how virtio-net does it.
> > This would remove the need for virtio_add_feature calls.
> 
> Maybe this should be the best approach!
> 
> What do you think if I send a trivial patch to add host_features
> variable like for virtio-net and change the "config_wce" and "scsi" 
> definition?
> Then I will change also this patch to set directly the bits.
> 
> Thanks,
> Stefano

Sounds good to me.

-- 
MST

Re: [Qemu-devel] [PULL 07/77] tap: flush STDOUT on newline

[Philippe Mathieu-Daudé]

On 2/4/19 7:35 PM, Paolo Bonzini wrote:
> This makes it easier to follow what is going on.
> 
> Signed-off-by: Paolo Bonzini 

This one also misses:
Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  scripts/tap-driver.pl | 1 +
>  scripts/tap-merge.pl  | 1 +
>  2 files changed, 2 insertions(+)
> 
> diff --git a/scripts/tap-driver.pl b/scripts/tap-driver.pl
> index 5e59b5d..6621a5c 100755
> --- a/scripts/tap-driver.pl
> +++ b/scripts/tap-driver.pl
> @@ -313,6 +313,7 @@ sub main ()
>my $iterator = TAP::Parser::Iterator::Stream->new(\*STDIN);
>my $parser = TAP::Parser->new ({iterator => $iterator });
>  
> +  STDOUT->autoflush(1);
>while (defined (my $cur = $parser->next))
>  {
># Parsing of TAP input should stop after a "Bail out!" directive.
> diff --git a/scripts/tap-merge.pl b/scripts/tap-merge.pl
> index 59e3fa5..10ccf57 100755
> --- a/scripts/tap-merge.pl
> +++ b/scripts/tap-merge.pl
> @@ -53,6 +53,7 @@ sub main ()
>my $testno = 0; # Number of test results seen so far.
>my $bailed_out = 0; # Whether a "Bail out!" directive has been seen.
>  
> +  STDOUT->autoflush(1);
>while (defined (my $cur = $parser->next))
>  {
>if ($cur->is_bailout)
> 

[Qemu-devel] [Bug 1813940] Re: kvm_mem_ioeventfd_add: error adding ioeventfd: No space left on device

[Paolo Bonzini]

Hmm that's not surprising because coalesced ranges were completely
broken before that commit.  I'll take a look.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1813940

Title:
  kvm_mem_ioeventfd_add: error adding ioeventfd: No space left on device

Status in QEMU:
  New

Bug description:
  Latest QEMU master fails to run with too many MMIO devices specified.

  After patch 3ac7d43a6fb [1] QEMU just prints an error message and exits.
  > kvm_mem_ioeventfd_add: error adding ioeventfd: No space left on device

  This is reproducible e.g. with the following setup:

  qemu-3.1.50-dirty \
  -machine pc-i440fx-2.7,accel=kvm \
  -cpu host -m 4096 \
  -smp 2,sockets=2,cores=1,threads=1 \
  -drive file=freebsd_vm_1.qcow2,format=qcow2,if=none,id=bootdr \
  -device ide-hd,drive=bootdr,bootindex=0 \
  -device virtio-scsi-pci,id=vc0 \
  -device virtio-scsi-pci,id=vc1 \
  -device virtio-scsi-pci,id=vc2 \
  -device virtio-scsi-pci,id=vc3 \

  Running with just 3 Virtio-SCSI controllers seems to work fine, adding
  more than that causes the error above. Note that this is not Virtio-
  SCSI specific. I've also reproduced this without any Virtio devices
  whatsoever.

  strace shows the following ioctl chain over and over:

  145787 ioctl(11, KVM_UNREGISTER_COALESCED_MMIO, 0x7f60a4985410) = 0
  145787 ioctl(11, KVM_UNREGISTER_COALESCED_MMIO, 0x7f60a4985410) = 0
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = 0
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)

  Which suggests there's some kind of MMIO region leak.

  [1]
  commit 3ac7d43a6fbb5d4a3d01fc9a055c218030af3727
  Author: Paolo Bonzini 
  AuthorDate: Wed Nov 28 17:28:45 2018 +0100
  Commit: Paolo Bonzini 
  CommitDate: Fri Jan 11 13:57:24 2019 +0100

  memory: update coalesced_range on transaction_commit

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1813940/+subscriptions

Re: [Qemu-devel] [PATCH v12 3/3] qcow2: list of bitmaps new test 242

[Eric Blake]

On 2/5/19 2:14 PM, Andrey Shinkevich wrote:
> A new test file 242 added to the qemu-iotests set. It checks
> the format of qcow2 specific information for the new added
> section that lists details of bitmaps.
> 
> Signed-off-by: Andrey Shinkevich 
> ---

> +
> +disk = file_path('disk')
> +chunk = 256*1024
> +bitmap_flag_unknown = 1 << 2
> +flag_offset = 0x10002f
> +

Fragile if something else changes where this cluster gets allocated, but
hopefully such a change would be caught quickly by the iotest failure;
so I'm fine with it.

> +
> +Test 5
> +Write bitmap flag '0x4' into the QCOW2 image at offset 1048623
> +qemu-img: Could not open 'TEST_IMG': Bitmap 'bitmap-2' doesn't satisfy the 
> constraints
> +
> +Unset the unknown bitmap flag '0x4' in the bitmap directory entry:

Perhaps the error message could be made more informative, but that's
outside the scope of this patch. Thanks for adding that negative test;
it's harder to remember to be resilient to bad input, and having
testsuite coverage of intentionally bad files is a good thing.

Reviewed-by: Eric Blake 

I'll wait a couple days to see if any other reviewers speak up; at which
point, I'll be happy to queue this series through my NBD tree, if no one
else picks it up sooner (John may pick it up through his bitmaps tree).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v12 2/3] qcow2: Add list of bitmaps to ImageInfoSpecificQCow2

[Eric Blake]

On 2/5/19 2:14 PM, Andrey Shinkevich wrote:
> In the 'Format specific information' section of the 'qemu-img info'
> command output, the supplemental information about existing QCOW2
> bitmaps will be shown, such as a bitmap name, flags and granularity:
> 

> +##
> +# @Qcow2BitmapInfo:
> +#
> +# Qcow2 bitmap information.
> +#
> +# @name: the name of the bitmap
> +#
> +# @granularity: granularity of the bitmap in bytes
> +#
> +# @flags: flags of the bitmap
> +#
> +# Since: 4.0

You got rid of the docs for unknown-flags,

> +##
> +{ 'struct': 'Qcow2BitmapInfo',
> +  'data': {'name': 'str', 'granularity': 'uint32',
> +   'flags': ['Qcow2BitmapInfoFlags'],
> +   '*unknown-flags': 'uint32' } }

but forgot to actually get rid of the field. That's a pretty simple
cleanup, which I don't mind making if this series is otherwise ready to go.

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL v2 00/76] misc patches for 2019-02-04

[Paolo Bonzini]

On 05/02/19 21:05, Peter Maydell wrote:
> This part looks like the usual "foo-softmmu/config-devices.mak isn't updated
> if a file that's #included from default-configs/foo-softmmu.mak is
> changed" dependency bug -- I guess the fix for that isn't in this
> patchset ?

No, this pull request is not the full Kconfig stuff.  I will at least
run it more closely past target maintainers before landing it. :)

Paolo

Re: [Qemu-devel] [PATCH] linux-user: Check sscanf return value in open_net_route()

[Philippe Mathieu-Daudé]

On 2/5/19 6:42 PM, Peter Maydell wrote:
> Coverity warns (CID 1390634) that open_net_route() is not
> checking the return value from sscanf(), which means that
> it might then use values that aren't initialized.
> 
> Errors here should in general not happen since we're passing
> an assumed-good /proc/net/route from the host kernel, but
> if we do fail to parse a line then just skip it in the output
> we pass to the guest.
> 
> Signed-off-by: Peter Maydell 

Reviewed-by: Philippe Mathieu-Daudé 

> ---
>  linux-user/syscall.c | 12 +---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index b5786d4fc1f..894678aa8b4 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -6762,9 +6762,15 @@ static int open_net_route(void *cpu_env, int fd)
>  char iface[16];
>  uint32_t dest, gw, mask;
>  unsigned int flags, refcnt, use, metric, mtu, window, irtt;
> -sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
> - iface, , , , , , ,
> - , , , );
> +int fields;
> +
> +fields = sscanf(line,
> +
> "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
> +iface, , , , , , ,
> +, , , );
> +if (fields != 11) {
> +continue;
> +}
>  dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
>  iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
>  metric, tswap32(mask), mtu, window, irtt);
> 

Re: [Qemu-devel] [PULLv3 00/32] More work towards libslirp

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190205182848.29887-1-samuel.thiba...@ens-lyon.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PULLv3 00/32] More work towards libslirp
Message-id: 20190205182848.29887-1-samuel.thiba...@ens-lyon.org
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   9669c97..47994e1  master -> master
 - [tag update]  patchew/1549371525-29899-1-git-send-email-th...@redhat.com 
-> patchew/1549371525-29899-1-git-send-email-th...@redhat.com
 * [new tag] 
patchew/20190205182848.29887-1-samuel.thiba...@ens-lyon.org -> 
patchew/20190205182848.29887-1-samuel.thiba...@ens-lyon.org
Submodule 'capstone' (https://git.qemu.org/git/capstone.git) registered for 
path 'capstone'
Submodule 'dtc' (https://git.qemu.org/git/dtc.git) registered for path 'dtc'
Submodule 'roms/QemuMacDrivers' (https://git.qemu.org/git/QemuMacDrivers.git) 
registered for path 'roms/QemuMacDrivers'
Submodule 'roms/SLOF' (https://git.qemu.org/git/SLOF.git) registered for path 
'roms/SLOF'
Submodule 'roms/ipxe' (https://git.qemu.org/git/ipxe.git) registered for path 
'roms/ipxe'
Submodule 'roms/openbios' (https://git.qemu.org/git/openbios.git) registered 
for path 'roms/openbios'
Submodule 'roms/openhackware' (https://git.qemu.org/git/openhackware.git) 
registered for path 'roms/openhackware'
Submodule 'roms/qemu-palcode' (https://git.qemu.org/git/qemu-palcode.git) 
registered for path 'roms/qemu-palcode'
Submodule 'roms/seabios' (https://git.qemu.org/git/seabios.git/) registered for 
path 'roms/seabios'
Submodule 'roms/seabios-hppa' (https://github.com/hdeller/seabios-hppa.git) 
registered for path 'roms/seabios-hppa'
Submodule 'roms/sgabios' (https://git.qemu.org/git/sgabios.git) registered for 
path 'roms/sgabios'
Submodule 'roms/skiboot' (https://git.qemu.org/git/skiboot.git) registered for 
path 'roms/skiboot'
Submodule 'roms/u-boot' (https://git.qemu.org/git/u-boot.git) registered for 
path 'roms/u-boot'
Submodule 'roms/u-boot-sam460ex' (https://git.qemu.org/git/u-boot-sam460ex.git) 
registered for path 'roms/u-boot-sam460ex'
Submodule 'tests/fp/berkeley-softfloat-3' 
(https://github.com/cota/berkeley-softfloat-3) registered for path 
'tests/fp/berkeley-softfloat-3'
Submodule 'tests/fp/berkeley-testfloat-3' 
(https://github.com/cota/berkeley-testfloat-3) registered for path 
'tests/fp/berkeley-testfloat-3'
Submodule 'ui/keycodemapdb' (https://git.qemu.org/git/keycodemapdb.git) 
registered for path 'ui/keycodemapdb'
Cloning into 'capstone'...
Submodule path 'capstone': checked out 
'22ead3e0bfdb87516656453336160e0a37b066bf'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '88f18909db731a627456f26d779445f84e449536'
Cloning into 'roms/QemuMacDrivers'...
Submodule path 'roms/QemuMacDrivers': checked out 
'90c488d5f4a407342247b9ea869df1c2d9c8e266'
Cloning into 'roms/SLOF'...
Submodule path 'roms/SLOF': checked out 
'a5b428e1c1eae703bdd62a3f527223c291ee3fdc'
Cloning into 'roms/ipxe'...
Submodule path 'roms/ipxe': checked out 
'de4565cbe76ea9f7913a01f331be3ee901bb6e17'
Cloning into 'roms/openbios'...
Submodule path 'roms/openbios': checked out 
'441a84d3a642a10b948369c63f32367e8ff6395b'
Cloning into 'roms/openhackware'...
Submodule path 'roms/openhackware': checked out 
'c559da7c8eec5e45ef1f67978827af6f0b9546f5'
Cloning into 'roms/qemu-palcode'...
Submodule path 'roms/qemu-palcode': checked out 
'51c237d7e20d05100eacadee2f61abc17e6bc097'
Cloning into 'roms/seabios'...
Submodule path 'roms/seabios': checked out 
'a698c8995ffb2838296ec284fe3c4ad33dfca307'
Cloning into 'roms/seabios-hppa'...
Submodule path 'roms/seabios-hppa': checked out 
'1ef99a01572c2581c30e16e6fe69e9ea2ef92ce0'
Cloning into 'roms/sgabios'...
Submodule path 'roms/sgabios': checked out 
'cbaee52287e5f32373181cff50a00b6c4ac9015a'
Cloning into 'roms/skiboot'...
Submodule path 'roms/skiboot': checked out 
'e0ee24c27a172bcf482f6f2bc905e6211c134bcc'
Cloning into 'roms/u-boot'...
Submodule path 'roms/u-boot': checked out 
'd85ca029f257b53a96da6c2fb421e78a003a9943'
Cloning into 'roms/u-boot-sam460ex'...
Submodule path 'roms/u-boot-sam460ex': checked out 
'60b3916f33e617a815973c5a6df77055b2e3a588'
Cloning into 'tests/fp/berkeley-softfloat-3'...
Submodule path 'tests/fp/berkeley-softfloat-3': checked out 
'b64af41c3276f97f0e181920400ee056b9c88037'
Cloning into 'tests/fp/berkeley-testfloat-3'...
Submodule path 'tests/fp/berkeley-testfloat-3': checked out 
'5a59dcec19327396a011a17fd924aed4fec416b3'
Cloning into 'ui/keycodemapdb'...
Submodule path 'ui/keycodemapdb': checked out 
'6b3d716e2b6472eb7189d3220552280ef3d832ce'
Switched to a new branch 'test'
48788f3 slirp: API is extern C

[Qemu-devel] [PATCH v12 3/3] qcow2: list of bitmaps new test 242

[Andrey Shinkevich]

A new test file 242 added to the qemu-iotests set. It checks
the format of qcow2 specific information for the new added
section that lists details of bitmaps.

Signed-off-by: Andrey Shinkevich 
---
 tests/qemu-iotests/242 | 100 +++
 tests/qemu-iotests/242.out | 167 +
 tests/qemu-iotests/group   |   1 +
 3 files changed, 268 insertions(+)
 create mode 100755 tests/qemu-iotests/242
 create mode 100644 tests/qemu-iotests/242.out

diff --git a/tests/qemu-iotests/242 b/tests/qemu-iotests/242
new file mode 100755
index 000..95c1f18
--- /dev/null
+++ b/tests/qemu-iotests/242
@@ -0,0 +1,100 @@
+#!/usr/bin/env python
+#
+# Test for qcow2 bitmap printed information
+#
+# Copyright (c) 2019 Virtuozzo International GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+import iotests
+import json
+from iotests import qemu_img_create, qemu_io, qemu_img_pipe, \
+file_path, img_info_log, log, filter_qemu_io
+
+iotests.verify_image_format(supported_fmts=['qcow2'])
+
+disk = file_path('disk')
+chunk = 256*1024
+bitmap_flag_unknown = 1 << 2
+flag_offset = 0x10002f
+
+
+def print_bitmap(extra_args):
+log('qemu-img info dump:\n')
+img_info_log(disk, extra_args=extra_args)
+result = json.loads(qemu_img_pipe('info', '--force-share',
+  '--output=json', disk))
+if 'bitmaps' in result['format-specific']['data']:
+bitmaps = result['format-specific']['data']['bitmaps']
+log('The same bitmaps in JSON format:')
+log(bitmaps, indent=2)
+else:
+log('No bitmap in JSON format output')
+
+
+def add_bitmap(bitmap_number, persistent, disabled):
+granularity = 2**(13 + bitmap_number)
+bitmap_name = 'bitmap-' + str(bitmap_number-1)
+vm = iotests.VM().add_drive(disk)
+vm.launch()
+vm.qmp_log('block-dirty-bitmap-add', node='drive0', name=bitmap_name,
+   granularity=granularity, persistent=persistent,
+   disabled=disabled)
+vm.shutdown()
+
+
+def write_to_disk(offset, size):
+write = 'write {} {}'.format(offset, size)
+log(qemu_io('-c', write, disk), filters=[filter_qemu_io])
+
+
+def toggle_flag(offset):
+f = open(disk, "r+b")
+f.seek(offset, 0)
+c = f.read(1)
+toggled = chr(ord(c) ^ bitmap_flag_unknown)
+f.seek(-1, 1)
+f.write(toggled)
+f.close()
+
+
+qemu_img_create('-f', iotests.imgfmt, disk, '1M')
+
+for num in range(1, 4):
+disabled = False
+if num == 2:
+disabled = True
+log('Test {}'.format(num))
+add_bitmap(num, num > 1, disabled)
+write_to_disk((num-1) * chunk, chunk)
+print_bitmap([])
+log('')
+
+vm = iotests.VM().add_drive(disk)
+vm.launch()
+num += 1
+log('Test {}\nChecking "in-use" flag...'.format(num))
+print_bitmap(['--force-share'])
+vm.shutdown()
+
+num += 1
+log('\nTest {}\nWrite bitmap flag \'{}\' into the QCOW2 image at offset {}'
+.format(num, hex(bitmap_flag_unknown), flag_offset))
+toggle_flag(flag_offset)
+img_info_log(disk)
+toggle_flag(flag_offset)
+log('Unset the unknown bitmap flag \'{}\' in the bitmap directory entry:\n'
+.format(hex(bitmap_flag_unknown)))
+img_info_log(disk)
diff --git a/tests/qemu-iotests/242.out b/tests/qemu-iotests/242.out
new file mode 100644
index 000..cf2b310
--- /dev/null
+++ b/tests/qemu-iotests/242.out
@@ -0,0 +1,167 @@
+Test 1
+{"execute": "block-dirty-bitmap-add", "arguments": {"disabled": false, 
"granularity": 16384, "name": "bitmap-0", "node": "drive0", "persistent": 
false}}
+{"return": {}}
+wrote 262144/262144 bytes at offset 0
+256 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+qemu-img info dump:
+
+image: TEST_IMG
+file format: IMGFMT
+virtual size: 1.0M (1048576 bytes)
+cluster_size: 65536
+Format specific information:
+compat: 1.1
+lazy refcounts: false
+refcount bits: 16
+corrupt: false
+
+No bitmap in JSON format output
+
+Test 2
+{"execute": "block-dirty-bitmap-add", "arguments": {"disabled": true, 
"granularity": 32768, "name": "bitmap-1", "node": "drive0", "persistent": true}}
+{"return": {}}
+wrote 262144/262144 bytes at offset 262144
+256 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+qemu-img info dump:
+
+image: TEST_IMG
+file format: IMGFMT
+virtual size: 1.0M (1048576 bytes)
+cluster_size: 65536
+Format specific information:
+compat: 1.1
+ 

Re: [Qemu-devel] [PULL v2 00/76] misc patches for 2019-02-04

[Peter Maydell]

On Tue, 5 Feb 2019 at 20:01, Peter Maydell  wrote:
>
> On Tue, 5 Feb 2019 at 18:18, Paolo Bonzini  wrote:
> >
> > The following changes since commit 1c3d45df5e94042d5fb2bb31416072563ab30e49:
> >
> >   Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-02-04' 
> > into staging (2019-02-05 12:46:18 +)
> >
> > are available in the git repository at:
> >
> >
> >   git://github.com/bonzini/qemu.git tags/for-upstream
> >
> > for you to fetch changes up to 5ed76a4c63db9295c6c5d67895925810050d4a46:
> >
> >   queue: fix QTAILQ_FOREACH_REVERSE_SAFE (2019-02-05 16:50:21 +0100)
> >
> > 
> > * cpu-exec fixes (Emilio, Laurent)
> > * TCG bugfix in queue.h (Paolo)
> > * high address load for linuxboot (Zhijian)
> > * PVH support (Liam, Stefano)
> > * misc i386 changes (Paolo, Robert, Doug)
> > * configure tweak for openpty (Thomas)
> > * elf2dmp port to Windows (Viktor)
> > * initial improvements to Makefile infrastructure (Yang + GSoC 2013)
> >
> > 
>
> The build tree where I do 'make clean' then 'make' failed when
> linking:

> and
>   LINKaarch64-softmmu/qemu-system-aarch64
> hw/arm/aspeed.o: In function `palmetto_bmc_i2c_init':
> /home/petmay01/linaro/qemu-for-merges/hw/arm/aspeed.c:249: undefined
> reference to `smbus_eeprom_init_one'
> hw/arm/aspeed.o: In function `ast2500_evb_i2c_init':
> /home/petmay01/linaro/qemu-for-merges/hw/arm/aspeed.c:266: undefined
> reference to `smbus_eeprom_init_one'
> hw/arm/aspeed.o: In function `witherspoon_bmc_i2c_init':
> /home/petmay01/linaro/qemu-for-merges/hw/arm/aspeed.c:303: undefined
> reference to `smbus_eeprom_init_one'
> collect2: error: ld returned 1 exit status

This part looks like the usual "foo-softmmu/config-devices.mak isn't updated
if a file that's #included from default-configs/foo-softmmu.mak is
changed" dependency bug -- I guess the fix for that isn't in this
patchset ?  The mips stuff is probably the same.

I'll delete the config-devices.mak files by hand, which should
suffice to get the build to go through.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 04/10] hw/rdma: Protect against concurrent execution of poll_cq

[Marcel Apfelbaum]

On 1/31/19 3:08 PM, Yuval Shaia wrote:

The function rdma_poll_cq is called from two contexts - completion
handler thread which sense new completion on backend channel and
explicitly as result of guest issuing poll_cq command.

Add lock to protect against concurrent executions.

Signed-off-by: Yuval Shaia 
---
  hw/rdma/rdma_backend.c | 2 ++
  hw/rdma/rdma_rm.c  | 4 
  hw/rdma/rdma_rm_defs.h | 1 +
  3 files changed, 7 insertions(+)

diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
index b7d6afb5da..bf8e889144 100644
--- a/hw/rdma/rdma_backend.c
+++ b/hw/rdma/rdma_backend.c
@@ -70,6 +70,7 @@ static int rdma_poll_cq(RdmaDeviceResources *rdma_dev_res, 
struct ibv_cq *ibcq)
  BackendCtx *bctx;
  struct ibv_wc wc[2];
  
+qemu_mutex_lock(_dev_res->lock);

  do {
  ne = ibv_poll_cq(ibcq, ARRAY_SIZE(wc), wc);
  
@@ -90,6 +91,7 @@ static int rdma_poll_cq(RdmaDeviceResources *rdma_dev_res, struct ibv_cq *ibcq)

  g_free(bctx);
  }
  } while (ne > 0);
+qemu_mutex_unlock(_dev_res->lock);
  
  if (ne < 0) {

  rdma_error_report("ibv_poll_cq fail, rc=%d, errno=%d", ne, errno);
diff --git a/hw/rdma/rdma_rm.c b/hw/rdma/rdma_rm.c
index 1ba77ac42c..9408bfb751 100644
--- a/hw/rdma/rdma_rm.c
+++ b/hw/rdma/rdma_rm.c
@@ -619,12 +619,16 @@ int rdma_rm_init(RdmaDeviceResources *dev_res, struct 
ibv_device_attr *dev_attr,
  
  init_ports(dev_res);
  
+qemu_mutex_init(_res->lock);

+
  return 0;
  }
  
  void rdma_rm_fini(RdmaDeviceResources *dev_res, RdmaBackendDev *backend_dev,

const char *ifname)
  {
+qemu_mutex_destroy(_res->lock);
+
  fini_ports(dev_res, backend_dev, ifname);
  
  res_tbl_free(_res->uc_tbl);

diff --git a/hw/rdma/rdma_rm_defs.h b/hw/rdma/rdma_rm_defs.h
index 08692e87d4..9e98565a28 100644
--- a/hw/rdma/rdma_rm_defs.h
+++ b/hw/rdma/rdma_rm_defs.h
@@ -109,6 +109,7 @@ typedef struct RdmaDeviceResources {
  RdmaRmResTbl cq_tbl;
  RdmaRmResTbl cqe_ctx_tbl;
  GHashTable *qp_hash; /* Keeps mapping between real and emulated */
+QemuMutex lock;
  } RdmaDeviceResources;
  
  #endif


Reviewed-by: Marcel Apfelbaum

Thanks,
Marcel

Re: [Qemu-devel] [PATCH 10/10] hw/pvrdma: Delete unneeded function argument

[Marcel Apfelbaum]

On 1/31/19 3:08 PM, Yuval Shaia wrote:

The function argument rdma_dev_res is not needed as it is stored in the
backend_dev object at init.

Signed-off-by: Yuval Shaia 
---
  hw/rdma/rdma_backend.c  | 13 ++---
  hw/rdma/rdma_backend.h  |  1 -
  hw/rdma/vmw/pvrdma_qp_ops.c |  3 +--
  3 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/hw/rdma/rdma_backend.c b/hw/rdma/rdma_backend.c
index 3283461b15..544b7d6148 100644
--- a/hw/rdma/rdma_backend.c
+++ b/hw/rdma/rdma_backend.c
@@ -586,7 +586,6 @@ static unsigned int save_mad_recv_buffer(RdmaBackendDev 
*backend_dev,
  }
  
  void rdma_backend_post_recv(RdmaBackendDev *backend_dev,

-RdmaDeviceResources *rdma_dev_res,
  RdmaBackendQP *qp, uint8_t qp_type,
  struct ibv_sge *sge, uint32_t num_sge, void *ctx)
  {
@@ -605,9 +604,9 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
  rc = save_mad_recv_buffer(backend_dev, sge, num_sge, ctx);
  if (rc) {
  complete_work(IBV_WC_GENERAL_ERR, rc, ctx);
-rdma_dev_res->stats.mad_rx_bufs_err++;
+backend_dev->rdma_dev_res->stats.mad_rx_bufs_err++;
  } else {
-rdma_dev_res->stats.mad_rx_bufs++;
+backend_dev->rdma_dev_res->stats.mad_rx_bufs++;
  }
  }
  return;
@@ -617,7 +616,7 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
  bctx->up_ctx = ctx;
  bctx->backend_qp = qp;
  
-rc = rdma_rm_alloc_cqe_ctx(rdma_dev_res, _id, bctx);

+rc = rdma_rm_alloc_cqe_ctx(backend_dev->rdma_dev_res, _id, bctx);
  if (unlikely(rc)) {
  complete_work(IBV_WC_GENERAL_ERR, VENDOR_ERR_NOMEM, ctx);
  goto err_free_bctx;
@@ -626,7 +625,7 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
  qp->cqe_ctx_list = g_slist_append(qp->cqe_ctx_list,
GINT_TO_POINTER(bctx_id));
  
-rc = build_host_sge_array(rdma_dev_res, new_sge, sge, num_sge,

+rc = build_host_sge_array(backend_dev->rdma_dev_res, new_sge, sge, num_sge,
_dev->rdma_dev_res->stats.rx_bufs_len);
  if (rc) {
  complete_work(IBV_WC_GENERAL_ERR, rc, ctx);
@@ -644,13 +643,13 @@ void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
  goto err_dealloc_cqe_ctx;
  }
  
-rdma_dev_res->stats.rx_bufs++;

+backend_dev->rdma_dev_res->stats.rx_bufs++;
  
  return;
  
  err_dealloc_cqe_ctx:

  backend_dev->rdma_dev_res->stats.rx_bufs_err++;
-rdma_rm_dealloc_cqe_ctx(rdma_dev_res, bctx_id);
+rdma_rm_dealloc_cqe_ctx(backend_dev->rdma_dev_res, bctx_id);
  
  err_free_bctx:

  g_free(bctx);
diff --git a/hw/rdma/rdma_backend.h b/hw/rdma/rdma_backend.h
index 798a12f28f..160b9e74db 100644
--- a/hw/rdma/rdma_backend.h
+++ b/hw/rdma/rdma_backend.h
@@ -112,7 +112,6 @@ void rdma_backend_post_send(RdmaBackendDev *backend_dev,
  union ibv_gid *dgid, uint32_t dqpn, uint32_t 
dqkey,
  void *ctx);
  void rdma_backend_post_recv(RdmaBackendDev *backend_dev,
-RdmaDeviceResources *rdma_dev_res,
  RdmaBackendQP *qp, uint8_t qp_type,
  struct ibv_sge *sge, uint32_t num_sge, void *ctx);
  
diff --git a/hw/rdma/vmw/pvrdma_qp_ops.c b/hw/rdma/vmw/pvrdma_qp_ops.c

index 5d650a4943..4ec1dacfd1 100644
--- a/hw/rdma/vmw/pvrdma_qp_ops.c
+++ b/hw/rdma/vmw/pvrdma_qp_ops.c
@@ -241,8 +241,7 @@ void pvrdma_qp_recv(PVRDMADev *dev, uint32_t qp_handle)
  }
  
  atomic_inc(>missing_cqe);

-rdma_backend_post_recv(>backend_dev, >rdma_dev_res,
-   >backend_qp, qp->qp_type,
+rdma_backend_post_recv(>backend_dev, >backend_qp, qp->qp_type,
 (struct ibv_sge *)>sge[0], 
wqe->hdr.num_sge,
 comp_ctx);
  


Reviewed-by: Marcel Apfelbaum

Thanks,
Marcel

Re: [Qemu-devel] [PULL v2 00/76] misc patches for 2019-02-04

[Peter Maydell]

On Tue, 5 Feb 2019 at 18:18, Paolo Bonzini  wrote:
>
> The following changes since commit 1c3d45df5e94042d5fb2bb31416072563ab30e49:
>
>   Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2019-02-04' into 
> staging (2019-02-05 12:46:18 +)
>
> are available in the git repository at:
>
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 5ed76a4c63db9295c6c5d67895925810050d4a46:
>
>   queue: fix QTAILQ_FOREACH_REVERSE_SAFE (2019-02-05 16:50:21 +0100)
>
> 
> * cpu-exec fixes (Emilio, Laurent)
> * TCG bugfix in queue.h (Paolo)
> * high address load for linuxboot (Zhijian)
> * PVH support (Liam, Stefano)
> * misc i386 changes (Paolo, Robert, Doug)
> * configure tweak for openpty (Thomas)
> * elf2dmp port to Windows (Viktor)
> * initial improvements to Makefile infrastructure (Yang + GSoC 2013)
>
> 

The build tree where I do 'make clean' then 'make' failed when
linking:

  LINKmips-softmmu/qemu-system-mips
../hw/acpi/piix4.o: In function `piix4_pm_realize':
/home/petmay01/linaro/qemu-for-merges/hw/acpi/piix4.c:515: undefined
reference to `pm_smbus_init'
../hw/i2c/smbus_ich9.o: In function `ich9_smbus_realize':
/home/petmay01/linaro/qemu-for-merges/hw/i2c/smbus_ich9.c:89:
undefined reference to `pm_smbus_init'

(ditto the other mips binaries)

and
  LINKaarch64-softmmu/qemu-system-aarch64
hw/arm/aspeed.o: In function `palmetto_bmc_i2c_init':
/home/petmay01/linaro/qemu-for-merges/hw/arm/aspeed.c:249: undefined
reference to `smbus_eeprom_init_one'
hw/arm/aspeed.o: In function `ast2500_evb_i2c_init':
/home/petmay01/linaro/qemu-for-merges/hw/arm/aspeed.c:266: undefined
reference to `smbus_eeprom_init_one'
hw/arm/aspeed.o: In function `witherspoon_bmc_i2c_init':
/home/petmay01/linaro/qemu-for-merges/hw/arm/aspeed.c:303: undefined
reference to `smbus_eeprom_init_one'
collect2: error: ld returned 1 exit status

thanks
-- PMM

Re: [Qemu-devel] [PULLv3 00/32] More work towards libslirp

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190205182848.29887-1-samuel.thiba...@ens-lyon.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PULLv3 00/32] More work towards libslirp
Type: series
Message-id: 20190205182848.29887-1-samuel.thiba...@ens-lyon.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   9669c97562..47994e16b1  master -> master
 t [tag update]
patchew/1549371525-29899-1-git-send-email-th...@redhat.com -> 
patchew/1549371525-29899-1-git-send-email-th...@redhat.com
 * [new tag]   
patchew/20190205181218.8995-1-peter.mayd...@linaro.org -> 
patchew/20190205181218.8995-1-peter.mayd...@linaro.org
 * [new tag]   
patchew/20190205182848.29887-1-samuel.thiba...@ens-lyon.org -> 
patchew/20190205182848.29887-1-samuel.thiba...@ens-lyon.org
Switched to a new branch 'test'
48788f32b8 slirp: API is extern C
3d1cdcf3da slirp: pass opaque to all callbacks
0d81dddc82 slirp: use polling callbacks, drop glib requirement
d01c351f90 slirp: remove slirp_instances list
1270fcc441 slirp: replace global polling with per-instance & notifier
b8897fc434 slirp: improve send_packet() callback
b664c28b37 slirp: prefer c99 types over BSD kind
09e965067c slirp: replace remaining qemu headers dependency
3724a91777 slirp: Move g_spawn_async_with_fds_qemu compatibility to slirp/
53b357d14c slirp: replace QEMU_BUILD_BUG_ON with G_STATIC_ASSERT
3ea01d196d slirp: replace qemu qtailq with slirp own copy
a481fdc029 slirp: replace net/eth.h inclusion with own defines
fa670ffa71 slirp: remove now useless QEMU headers inclusions
a30ea55480 slirp: remove qemu timer.h dependency
8d9af67bc6 slirp: add slirp own version of pstrcpy
8c230c3803 slirp: improve windows headers inclusion
ef56e8d421 slirp: do not include qemu headers in libslirp.h public API header
5ac5a10014 slirp: move QEMU state saving to a separate unit
0abf445228 slirp: replace qemu_notify_event() with a callback
12c6d0ef34 slirp: add unregister_poll_fd() callback
1985ed9e0c slirp: replace qemu_set_nonblock()
c6403fae65 slirp: replace most qemu socket utilities with slirp own version
bae9e17858 slirp: replace QEMU_PACKED with SLIRP_PACKED
cb52c8a00b slirp: replace trace functions with DEBUG calls
cc0a0b1889 slirp: add callbacks for timer
51a1cf007b net/slirp: fix leaks on forwarding rule registration error
9e775ae01f net/slirp: free forwarding rules on cleanup
2a3e11c41e net/slirp: simplify checking for cmd: prefix
18e1d03b03 slirp: generalize guestfwd with a callback based approach
60aeb1455e slirp: Don't mark struct ipq or struct ipasfrag as packed
81efc1aad8 slirp: Avoid marking naturally packed structs as QEMU_PACKED
9de8154ed7 slirp: Avoid unaligned 16bit memory access

=== OUTPUT BEGIN ===
1/32 Checking commit 9de8154ed708 (slirp: Avoid unaligned 16bit memory access)
2/32 Checking commit 81efc1aad888 (slirp: Avoid marking naturally packed 
structs as QEMU_PACKED)
3/32 Checking commit 60aeb1455ea7 (slirp: Don't mark struct ipq or struct 
ipasfrag as packed)
4/32 Checking commit 18e1d03b0387 (slirp: generalize guestfwd with a callback 
based approach)
ERROR: code indent should never use tabs
#148: FILE: slirp/misc.h:14:
+^ISlirpWriteCb write_cb;$

ERROR: code indent should never use tabs
#149: FILE: slirp/misc.h:15:
+^Ivoid *opaque;$

total: 2 errors, 0 warnings, 226 lines checked

Patch 4/32 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/32 Checking commit 2a3e11c41e31 (net/slirp: simplify checking for cmd: prefix)
6/32 Checking commit 9e775ae01fc4 (net/slirp: free forwarding rules on cleanup)
7/32 Checking commit 51a1cf007bb8 (net/slirp: fix leaks on forwarding rule 
registration error)
8/32 Checking commit cc0a0b1889f8 (slirp: add callbacks for timer)
9/32 Checking commit cb52c8a00b9f (slirp: replace trace functions with DEBUG 
calls)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#100: 
deleted file mode 100644

total: 0 errors, 1 warnings, 62 lines checked

Patch 9/32 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
10/32 Checking commit bae9e1785826 (slirp: replace QEMU_PACKED with 
SLIRP_PACKED)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#111: 
new file mode 100644

total: 0 errors, 1 warnings, 111 lines checked

Patch 10/32 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
11/32 Checking commit c6403fae651b (slirp: replace most qemu socket 

[Qemu-devel] [PATCH v12 1/3] bdrv_query_image_info Error parameter added

[Andrey Shinkevich]

Inform a user in case qcow2_get_specific_info fails to obtain
QCOW2 image specific information. This patch is preliminary to
the one "qcow2: Add list of bitmaps to ImageInfoSpecificQCow2".

Signed-off-by: Andrey Shinkevich 
Reviewed-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Kevin Wolf 
---
 block.c   |  5 +++--
 block/crypto.c|  9 +++--
 block/qapi.c  |  7 ++-
 block/qcow2.c | 10 --
 block/vmdk.c  |  3 ++-
 include/block/block.h |  3 ++-
 include/block/block_int.h |  3 ++-
 qemu-io-cmds.c|  7 ++-
 8 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/block.c b/block.c
index 4f5ff2c..1eb35ef 100644
--- a/block.c
+++ b/block.c
@@ -4307,11 +4307,12 @@ int bdrv_get_info(BlockDriverState *bs, BlockDriverInfo 
*bdi)
 return drv->bdrv_get_info(bs, bdi);
 }
 
-ImageInfoSpecific *bdrv_get_specific_info(BlockDriverState *bs)
+ImageInfoSpecific *bdrv_get_specific_info(BlockDriverState *bs,
+  Error **errp)
 {
 BlockDriver *drv = bs->drv;
 if (drv && drv->bdrv_get_specific_info) {
-return drv->bdrv_get_specific_info(bs);
+return drv->bdrv_get_specific_info(bs, errp);
 }
 return NULL;
 }
diff --git a/block/crypto.c b/block/crypto.c
index f0a5f6b..d5b1da6 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -594,20 +594,17 @@ static int block_crypto_get_info_luks(BlockDriverState 
*bs,
 }
 
 static ImageInfoSpecific *
-block_crypto_get_specific_info_luks(BlockDriverState *bs)
+block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp)
 {
 BlockCrypto *crypto = bs->opaque;
 ImageInfoSpecific *spec_info;
 QCryptoBlockInfo *info;
 
-info = qcrypto_block_get_info(crypto->block, NULL);
+info = qcrypto_block_get_info(crypto->block, errp);
 if (!info) {
 return NULL;
 }
-if (info->format != Q_CRYPTO_BLOCK_FORMAT_LUKS) {
-qapi_free_QCryptoBlockInfo(info);
-return NULL;
-}
+assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS);
 
 spec_info = g_new(ImageInfoSpecific, 1);
 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
diff --git a/block/qapi.c b/block/qapi.c
index c66f949..00291f9 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -282,7 +282,12 @@ void bdrv_query_image_info(BlockDriverState *bs,
 info->dirty_flag = bdi.is_dirty;
 info->has_dirty_flag = true;
 }
-info->format_specific = bdrv_get_specific_info(bs);
+info->format_specific = bdrv_get_specific_info(bs, );
+if (err) {
+error_propagate(errp, err);
+qapi_free_ImageInfo(info);
+goto out;
+}
 info->has_format_specific = info->format_specific != NULL;
 
 backing_filename = bs->backing_file;
diff --git a/block/qcow2.c b/block/qcow2.c
index 4897aba..27e5a2c 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4367,14 +4367,20 @@ static int qcow2_get_info(BlockDriverState *bs, 
BlockDriverInfo *bdi)
 return 0;
 }
 
-static ImageInfoSpecific *qcow2_get_specific_info(BlockDriverState *bs)
+static ImageInfoSpecific *qcow2_get_specific_info(BlockDriverState *bs,
+  Error **errp)
 {
 BDRVQcow2State *s = bs->opaque;
 ImageInfoSpecific *spec_info;
 QCryptoBlockInfo *encrypt_info = NULL;
+Error *local_err = NULL;
 
 if (s->crypto != NULL) {
-encrypt_info = qcrypto_block_get_info(s->crypto, _abort);
+encrypt_info = qcrypto_block_get_info(s->crypto, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+return NULL;
+}
 }
 
 spec_info = g_new(ImageInfoSpecific, 1);
diff --git a/block/vmdk.c b/block/vmdk.c
index 2c9e86d..544c10d 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -2314,7 +2314,8 @@ static int coroutine_fn vmdk_co_check(BlockDriverState 
*bs,
 return ret;
 }
 
-static ImageInfoSpecific *vmdk_get_specific_info(BlockDriverState *bs)
+static ImageInfoSpecific *vmdk_get_specific_info(BlockDriverState *bs,
+ Error **errp)
 {
 int i;
 BDRVVmdkState *s = bs->opaque;
diff --git a/include/block/block.h b/include/block/block.h
index f70a843..9899c24 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -477,7 +477,8 @@ const char *bdrv_get_device_name(const BlockDriverState 
*bs);
 const char *bdrv_get_device_or_node_name(const BlockDriverState *bs);
 int bdrv_get_flags(BlockDriverState *bs);
 int bdrv_get_info(BlockDriverState *bs, BlockDriverInfo *bdi);
-ImageInfoSpecific *bdrv_get_specific_info(BlockDriverState *bs);
+ImageInfoSpecific *bdrv_get_specific_info(BlockDriverState *bs,
+  Error **errp);
 void bdrv_round_to_clusters(BlockDriverState *bs,
 int64_t offset, int64_t bytes,
 int64_t *cluster_offset,
diff --git 

[Qemu-devel] [PATCH v2 0/6] HWCAP_CPUID registers for aarch64

[Alex Bennée]

Hi,

I've re-spun the cpuid patches with the changes suggested by Peter's
review. The biggest change is the squashing of bits is now all data
driven with ARMCPRegUserSpaceInfo being used to control how bits are
altered for userspace presentation. This includes using glob matching
to set whole bunches to RAZ.

The testcase isn't as comprehensive as it could be because you need a
fairly new compiler (binutils) to emit all the various system register
id's to test. I did look into upgrading debian-arm64-cross with Buster
but I managed to find a bug in Debian's dependencies which rules out
upgrading for now.

checkpatch is complaining about the _m macro I used to group together
words in the masks I defined. I'm not sure adding the spaces makes it
as readable though.

The following patches need review:
 patch 0001/target arm relax permission checks for HWCAP_CPUI.patch
 patch 0002/target arm expose CPUID registers to userspace.patch
 patch 0003/target arm expose MPIDR_EL1 to userspace.patch
 patch 0004/target arm expose remaining CPUID registers as RA.patch
 patch 0006/tests tcg aarch64 userspace system register test.patch


Alex Bennée (6):
  target/arm: relax permission checks for HWCAP_CPUID registers
  target/arm: expose CPUID registers to userspace
  target/arm: expose MPIDR_EL1 to userspace
  target/arm: expose remaining CPUID registers as RAZ
  linux-user/elfload: enable HWCAP_CPUID for AArch64
  tests/tcg/aarch64: userspace system register test

 linux-user/elfload.c  |   1 +
 target/arm/cpu.h  |  36 +++
 target/arm/helper.c   | 106 --
 tests/tcg/aarch64/Makefile.target |   4 +-
 tests/tcg/aarch64/sysregs.c   | 172 ++
 5 files changed, 310 insertions(+), 9 deletions(-)
 create mode 100644 tests/tcg/aarch64/sysregs.c

-- 
2.20.1

[Qemu-devel] [PATCH v12 2/3] qcow2: Add list of bitmaps to ImageInfoSpecificQCow2

[Andrey Shinkevich]

In the 'Format specific information' section of the 'qemu-img info'
command output, the supplemental information about existing QCOW2
bitmaps will be shown, such as a bitmap name, flags and granularity:

image: /vz/vmprivate/VM1/harddisk.hdd
file format: qcow2
virtual size: 64G (68719476736 bytes)
disk size: 3.0M
cluster_size: 1048576
Format specific information:
compat: 1.1
lazy refcounts: true
bitmaps:
[0]:
flags:
[0]: in-use
[1]: auto
name: back-up1
granularity: 65536
[1]:
flags:
[0]: in-use
[1]: auto
name: back-up2
granularity: 65536
refcount bits: 16
corrupt: false

Signed-off-by: Andrey Shinkevich 
---
 block/qcow2-bitmap.c | 76 
 block/qcow2.c| 11 +++-
 block/qcow2.h|  2 ++
 qapi/block-core.json | 42 -
 4 files changed, 129 insertions(+), 2 deletions(-)

diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index b946301..3ee524d 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -1006,6 +1006,82 @@ fail:
 return false;
 }
 
+
+static Qcow2BitmapInfoFlagsList *get_bitmap_info_flags(uint32_t flags)
+{
+Qcow2BitmapInfoFlagsList *list = NULL;
+Qcow2BitmapInfoFlagsList **plist = 
+int i;
+
+static const struct {
+int bme;  /* Bitmap directory entry flags */
+int info; /* The flags to report to the user */
+} map[] = {
+{ BME_FLAG_IN_USE, QCOW2_BITMAP_INFO_FLAGS_IN_USE },
+{ BME_FLAG_AUTO,   QCOW2_BITMAP_INFO_FLAGS_AUTO },
+};
+
+int map_size = ARRAY_SIZE(map);
+
+for (i = 0; i < map_size; ++i) {
+if (flags & map[i].bme) {
+Qcow2BitmapInfoFlagsList *entry =
+g_new0(Qcow2BitmapInfoFlagsList, 1);
+entry->value = map[i].info;
+*plist = entry;
+plist = >next;
+flags &= ~map[i].bme;
+}
+}
+/* Check if the BME_* mapping above is complete */
+assert(!flags);
+
+return list;
+}
+
+/*
+ * qcow2_get_bitmap_info_list()
+ * Returns a list of QCOW2 bitmap details.
+ * In case of no bitmaps, the function returns NULL and
+ * the @errp parameter is not set.
+ * When bitmap information can not be obtained, the function returns
+ * NULL and the @errp parameter is set.
+ */
+Qcow2BitmapInfoList *qcow2_get_bitmap_info_list(BlockDriverState *bs,
+Error **errp)
+{
+BDRVQcow2State *s = bs->opaque;
+Qcow2BitmapList *bm_list;
+Qcow2Bitmap *bm;
+Qcow2BitmapInfoList *list = NULL;
+Qcow2BitmapInfoList **plist = 
+
+if (s->nb_bitmaps == 0) {
+return NULL;
+}
+
+bm_list = bitmap_list_load(bs, s->bitmap_directory_offset,
+   s->bitmap_directory_size, errp);
+if (bm_list == NULL) {
+return NULL;
+}
+
+QSIMPLEQ_FOREACH(bm, bm_list, entry) {
+Qcow2BitmapInfo *info = g_new0(Qcow2BitmapInfo, 1);
+Qcow2BitmapInfoList *obj = g_new0(Qcow2BitmapInfoList, 1);
+info->granularity = 1U << bm->granularity_bits;
+info->name = g_strdup(bm->name);
+info->flags = get_bitmap_info_flags(bm->flags & ~BME_RESERVED_FLAGS);
+obj->value = info;
+*plist = obj;
+plist = >next;
+}
+
+bitmap_list_free(bm_list);
+
+return list;
+}
+
 int qcow2_reopen_bitmaps_rw_hint(BlockDriverState *bs, bool *header_updated,
  Error **errp)
 {
diff --git a/block/qcow2.c b/block/qcow2.c
index 27e5a2c..a5607f1 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -4386,7 +4386,7 @@ static ImageInfoSpecific 
*qcow2_get_specific_info(BlockDriverState *bs,
 spec_info = g_new(ImageInfoSpecific, 1);
 *spec_info = (ImageInfoSpecific){
 .type  = IMAGE_INFO_SPECIFIC_KIND_QCOW2,
-.u.qcow2.data = g_new(ImageInfoSpecificQCow2, 1),
+.u.qcow2.data = g_new0(ImageInfoSpecificQCow2, 1),
 };
 if (s->qcow_version == 2) {
 *spec_info->u.qcow2.data = (ImageInfoSpecificQCow2){
@@ -4394,6 +4394,13 @@ static ImageInfoSpecific 
*qcow2_get_specific_info(BlockDriverState *bs,
 .refcount_bits  = s->refcount_bits,
 };
 } else if (s->qcow_version == 3) {
+Qcow2BitmapInfoList *bitmaps;
+bitmaps = qcow2_get_bitmap_info_list(bs, _err);
+if (local_err) {
+error_propagate(errp, local_err);
+qapi_free_ImageInfoSpecific(spec_info);
+return NULL;
+}
 *spec_info->u.qcow2.data = (ImageInfoSpecificQCow2){
 .compat = g_strdup("1.1"),
 .lazy_refcounts = s->compatible_features &
@@ -4403,6 +4410,8 @@ static ImageInfoSpecific 
*qcow2_get_specific_info(BlockDriverState *bs,
   QCOW2_INCOMPAT_CORRUPT,
 

[Qemu-devel] [PATCH v12 0/3] qcow2: Add list of bitmaps to ImageInfoSpecificQCow2

[Andrey Shinkevich]

v12:
In the function block_crypto_get_specific_info_luks(),
checking the format was replaced with assertion.
The 'unknown flag' was removed from the structure Qcow2BitmapInfo.
A new case added to the test file 242 to check QEMU behavior in case of
unknown flag in a bitmap directory entry of QCOW2 image file.

v11:
An assertion was added to the get_bitmap_info_flags() to check the
completed mapping of all the reserved bitmap BME_ flags.
The heading comment of get_bitmap_info_flags() was changed to
describe the function design properly.
In qcow2_get_specific_info(), two function calls g_free() were
replaced with one call to qapi_free_ImageInfoSpecific() that does
all the cleaning work.
The version #11 was discussed in email thread with the message ID:
<1548942405-760115-1-git-send-email-andrey.shinkev...@virtuozzo.com>

v10:
The 'struct Error' parameter was added to the function prototype
bdrv_query_image_info().
The code refactoring of the function get_bitmap_info_flags().
The comments to the structures ImageInfoSpecificQCow2 and
Qcow2BitmapInfo in the file qapi/block-core.json were corrected.
The changes in the *.out files of the tests 060, 065 082, 198
and 206 were discarded. The new test 239 was enriched by adding human
readable format output and by checking the output with bitmap extra
parameters, such as  non-persistent and disabled.
The version #10 was discussed in email thread with the message ID:
<1548870690-647481-1-git-send-email-andrey.shinkev...@virtuozzo.com>

v9:
The new test 239 of the qemu-iotests set was amended to show the bitmaps
being added and to demonstrate the bitmap flag "in-use".
The version #9 was discussed with the message ID:
<1548705688-1027522-1-git-send-email-andrey.shinkev...@virtuozzo.com>

v8:
The output benchmark files for the qemu-iotests, namely 060, 065 082, 198
and 206, were modified to show the bitmap extension for the qemu specific
information. A new test file 239 was added to the test set that checks the
output for the fields of the bitmap section.
The backward compatibility of the output for images of the version 2
of qcow2 was added.
The version #8 was discussed in email thread with the message ID:
<1548700805-1016533-1-git-send-email-andrey.shinkev...@virtuozzo.com>

v7:
A description was added to the function qcow2_get_bitmap_info_list().
In the function qcow2_get_specific_info(), the comment was modified
so that we ignore any error in obtaining the list of bitmaps to
pass the rest of QCOW2 specific information to a caller.
The version #7 was discussed in email thread with the message ID:
<1544698788-52893-1-git-send-email-andrey.shinkev...@virtuozzo.com>

v6:
'[PATCH v6] qemu-img info lists bitmap directory entries'.
The error handling logic for the bitmaps empty list was reversed.

v5:
'[PATCH v5] qemu-img info lists bitmap directory entries'.
The error handling logic for the bitmaps empty list was fixed and documented.

v4:
'[PATCH v4] qemu-img info lists bitmap directory entries'.
Unknown flags are checked with the mask BME_RESERVED_FLAGS.
The code minor refactoring was made.

v3:
'[PATCH v3] qemu-img info lists bitmap directory entries'.
Now, qcow2_get_bitmap_info_list() is invoked under the condition of QCOW
version #3 to avoid memory leaks in case of QCOW version #2.
Furthermore, qcow2_get_bitmap_info_list() checks the number of existing bitmaps.
So, if no bitmap exists, no bitmap error message is printed in the output.
The data type of the bitmap 'granularity' parameter was left as 'uint32'
because bitmap_list_load() returns error if granularity_bits is grater than 31.

v2:
'[PATCH v2] qemu-img info lists bitmap directory entries'.
The targeted version of the release at 'Since' word of the comments to the new
structures changed to 4.0 in the file qapi/block-core.json.
A comment to the 'bitmaps' new member was supplied.
The 'unknown flags' parameter was introduced to indicate presence of QCOW2
bitmap unknown flags, if any.
The word 'dirty' was removed from the code and from the comments as we list all
the bitmaps.
The 'bitmaps' printed parameter was removed for the release versions earlier
than 3.x.
The example of the output was moved above the 'Signed-off-by' line.

The first version was '[PATCH] qemu-img info lists bitmap directory entries'.

Andrey Shinkevich (3):
  bdrv_query_image_info Error parameter added
  qcow2: Add list of bitmaps to ImageInfoSpecificQCow2
  qcow2: list of bitmaps new test 242

 block.c|   5 +-
 block/crypto.c |   9 +--
 block/qapi.c   |   7 +-
 block/qcow2-bitmap.c   |  76 +
 block/qcow2.c  |  21 +-
 block/qcow2.h  |   2 +
 block/vmdk.c   |   3 +-
 include/block/block.h  |   3 +-
 include/block/block_int.h  |   3 +-
 qapi/block-core.json   |  42 +++-
 qemu-io-cmds.c |   7 +-
 tests/qemu-iotests/242 | 100 +++
 tests/qemu-iotests/242.out | 167 

Re: [Qemu-devel] [PATCH 03/17] target/arm: Add MTE system registers

[Peter Maydell]

On Mon, 14 Jan 2019 at 01:11, Richard Henderson
 wrote:
>
> This is TFSRE0_EL1, TFSR_EL1, TFSR_EL2, TFSR_EL3,
> RGSR_EL1, GCR_EL1, and PSTATE.TCO.
>
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/cpu.h   |  5 +
>  target/arm/translate.h | 11 ++
>  target/arm/helper.c| 45 ++
>  target/arm/translate-a64.c | 11 ++
>  4 files changed, 72 insertions(+)
>
> diff --git a/target/arm/cpu.h b/target/arm/cpu.h
> index 22163c9c3f..c8b447e30a 100644
> --- a/target/arm/cpu.h
> +++ b/target/arm/cpu.h
> @@ -482,6 +482,11 @@ typedef struct CPUARMState {
>  uint64_t pmccfiltr_el0; /* Performance Monitor Filter Register */
>  uint64_t vpidr_el2; /* Virtualization Processor ID Register */
>  uint64_t vmpidr_el2; /* Virtualization Multiprocessor ID Register */
> +#ifdef TARGET_AARCH64
> +uint64_t tfsr_el[4]; /* tfsrel0_el1 is index 0.  */
> +uint64_t gcr_el1;
> +uint64_t rgsr_el1;
> +#endif

Are we going to add more fields inside this #ifdef or is it only
saving 12 words?

>  } cp15;
>
>  struct {
> diff --git a/target/arm/translate.h b/target/arm/translate.h
> index 5a101e1c6d..a24757d3d7 100644
> --- a/target/arm/translate.h
> +++ b/target/arm/translate.h
> @@ -204,6 +204,17 @@ static inline TCGv_i32 get_ahp_flag(void)
>  return ret;
>  }
>
> +/* Set bits within PSTATE.  */
> +static inline void set_pstate_bits(uint32_t bits)
> +{
> +TCGv_i32 p = tcg_temp_new_i32();
> +
> +tcg_gen_ld_i32(p, cpu_env, offsetof(CPUARMState, pstate));
> +tcg_gen_ori_i32(p, p, bits);
> +tcg_gen_st_i32(p, cpu_env, offsetof(CPUARMState, pstate));
> +tcg_temp_free_i32(p);

Maybe assert() that all the bits in the input are in the
set that we actually store in env->pstate, to catch attempts
to set NZCV, nRW, etc this way ?

> +}
> +
>  /* Clear bits within PSTATE.  */
>  static inline void clear_pstate_bits(uint32_t bits)
>  {
> diff --git a/target/arm/helper.c b/target/arm/helper.c
> index 5a59fc4315..df43deb0f8 100644
> --- a/target/arm/helper.c
> +++ b/target/arm/helper.c
> @@ -5132,6 +5132,48 @@ static const ARMCPRegInfo pauth_reginfo[] = {
>.fieldoffset = offsetof(CPUARMState, apib_key.hi) },
>  REGINFO_SENTINEL
>  };
> +
> +static uint64_t tco_read(CPUARMState *env, const ARMCPRegInfo *ri)
> +{
> +return env->pstate & PSTATE_TCO;
> +}
> +
> +static void tco_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t val)
> +{
> +env->pstate = (env->pstate & ~PSTATE_TCO) | (val & PSTATE_TCO);
> +}
> +
> +static const ARMCPRegInfo mte_reginfo[] = {
> +{ .name = "TFSRE0_EL1", .state = ARM_CP_STATE_AA64,
> +  .opc0 = 3, .opc1 = 0, .crn = 6, .crm = 6, .opc2 = 1,
> +  .access = PL1_RW,
> +  .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[0]) },
> +{ .name = "TFSR_EL1", .state = ARM_CP_STATE_AA64,
> +  .opc0 = 3, .opc1 = 0, .crn = 6, .crm = 5, .opc2 = 0,
> +  .access = PL1_RW,
> +  .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[1]) },
> +{ .name = "TFSR_EL2", .state = ARM_CP_STATE_AA64,
> +  .opc0 = 3, .opc1 = 4, .crn = 6, .crm = 5, .opc2 = 0,
> +  .access = PL2_RW,
> +  .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[2]) },
> +{ .name = "TFSR_EL3", .state = ARM_CP_STATE_AA64,
> +  .opc0 = 3, .opc1 = 6, .crn = 6, .crm = 6, .opc2 = 0,
> +  .access = PL3_RW,
> +  .fieldoffset = offsetof(CPUARMState, cp15.tfsr_el[3]) },
> +{ .name = "RGSR_EL1", .state = ARM_CP_STATE_AA64,
> +  .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 5,
> +  .access = PL1_RW,
> +  .fieldoffset = offsetof(CPUARMState, cp15.rgsr_el1) },
> +{ .name = "GCR_EL1", .state = ARM_CP_STATE_AA64,
> +  .opc0 = 3, .opc1 = 0, .crn = 1, .crm = 0, .opc2 = 6,
> +  .access = PL1_RW,
> +  .fieldoffset = offsetof(CPUARMState, cp15.gcr_el1) },
> +{ .name = "TCO", .state = ARM_CP_STATE_AA64,
> +  .opc0 = 0, .opc1 = 3, .crn = 4, .crm = 2, .opc2 = 7,

Shouldn't this have opc0 = 3 ?

> +  .type = ARM_CP_NO_RAW,
> +  .access = PL0_RW, .readfn = tco_read, .writefn = tco_write },
> +REGINFO_SENTINEL

Missing GMID_EL1 ?

> +};
>  #endif
>
>  void register_cp_regs_for_features(ARMCPU *cpu)
> @@ -5923,6 +5965,9 @@ void register_cp_regs_for_features(ARMCPU *cpu)
>  if (cpu_isar_feature(aa64_pauth, cpu)) {
>  define_arm_cp_regs(cpu, pauth_reginfo);
>  }
> +if (cpu_isar_feature(aa64_mte_insn_reg, cpu)) {
> +define_arm_cp_regs(cpu, mte_reginfo);
> +}
>  #endif
>  }
>
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index 0286507bae..5c2577a9ac 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -1668,6 +1668,17 @@ static void handle_msr_i(DisasContext *s, uint32_t 
> insn,
>  s->base.is_jmp = DISAS_UPDATE;
>  break;
>
> +case 0x1c: /* TCO */
> +if (!dc_isar_feature(aa64_mte_insn_reg, s)) {
> +  

Re: [Qemu-devel] [PATCH 00/17] target/arm: Implement ARMv8.5-MemTag

[Peter Maydell]

On Mon, 14 Jan 2019 at 01:11, Richard Henderson
 wrote:
>
> Based-on: 20190110124951.15473-1-richard.hender...@linaro.org
> aka the TBID patch set, which itself is based on the BTI patch set.
>
> The full tree is available at
>
>   https://github.org/rth7680/qemu.git tgt-arm-mte
>
> This extension isl also spelled MTE in the ARM.
>
> This patch set only attempts to implement linux-user emulation.
> For system emulation, I still miss the new cache flushing insns (easy)
> and the out-of-band physical memory for the allocation tags (harder).
>
> From a few mis-steps in writing the test cases for the extension,
> I might suggest that some future kernel's userland ABI for this have
> TCR.TCMA0 = 1, so that legacy code that is *not* MTE aware can use
> a frame pointer without accidentally tripping left over stack tags.
> (As seen in patch 5, SP+OFF is unchecked per the ISA but FP+OFF is not.)
>
> OTOH, depending on the application, that does make it easier for an
> attack vector to clean the tag off the top of a pointer to bypass
> store checking.  So, tricky.

I'm working through review of this, but feel free to rebase on
current master (which has now got a pile of your other patches
in it, since I've just merged target-arm.next) without waiting
for me to finish going through it.

thanks
-- PMM

[Qemu-devel] [PULLv3 28/32] slirp: replace global polling with per-instance & notifier

[Samuel Thibault]

From: Marc-André Lureau 

Remove hard-coded dependency on slirp in main-loop, and use a "poll"
notifier instead. The notifier is registered per slirp instance.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 include/qemu/main-loop.h |  15 ++
 net/slirp.c  |  24 ++
 slirp/libslirp.h |   4 +-
 slirp/slirp.c| 555 +++
 stubs/Makefile.objs  |   1 -
 stubs/slirp.c|  13 -
 util/main-loop.c |  30 ++-
 7 files changed, 333 insertions(+), 309 deletions(-)
 delete mode 100644 stubs/slirp.c

diff --git a/include/qemu/main-loop.h b/include/qemu/main-loop.h
index e59f9ae1e9..f6ba78ea73 100644
--- a/include/qemu/main-loop.h
+++ b/include/qemu/main-loop.h
@@ -302,4 +302,19 @@ void qemu_fd_register(int fd);
 QEMUBH *qemu_bh_new(QEMUBHFunc *cb, void *opaque);
 void qemu_bh_schedule_idle(QEMUBH *bh);
 
+enum {
+MAIN_LOOP_POLL_FILL,
+MAIN_LOOP_POLL_ERR,
+MAIN_LOOP_POLL_OK,
+};
+
+typedef struct MainLoopPoll {
+int state;
+uint32_t timeout;
+GArray *pollfds;
+} MainLoopPoll;
+
+void main_loop_poll_add_notifier(Notifier *notify);
+void main_loop_poll_remove_notifier(Notifier *notify);
+
 #endif
diff --git a/net/slirp.c b/net/slirp.c
index 664ff1c002..4d55f64168 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -86,6 +86,7 @@ typedef struct SlirpState {
 NetClientState nc;
 QTAILQ_ENTRY(SlirpState) entry;
 Slirp *slirp;
+Notifier poll_notifier;
 Notifier exit_notifier;
 #ifndef _WIN32
 gchar *smb_dir;
@@ -144,6 +145,7 @@ static void net_slirp_cleanup(NetClientState *nc)
 SlirpState *s = DO_UPCAST(SlirpState, nc, nc);
 
 g_slist_free_full(s->fwd, slirp_free_fwd);
+main_loop_poll_remove_notifier(>poll_notifier);
 slirp_cleanup(s->slirp);
 if (s->exit_notifier.notify) {
 qemu_remove_exit_notifier(>exit_notifier);
@@ -209,6 +211,25 @@ static const SlirpCb slirp_cb = {
 .notify = qemu_notify_event,
 };
 
+static void net_slirp_poll_notify(Notifier *notifier, void *data)
+{
+MainLoopPoll *poll = data;
+SlirpState *s = container_of(notifier, SlirpState, poll_notifier);
+
+switch (poll->state) {
+case MAIN_LOOP_POLL_FILL:
+slirp_pollfds_fill(s->slirp, poll->pollfds, >timeout);
+break;
+case MAIN_LOOP_POLL_OK:
+case MAIN_LOOP_POLL_ERR:
+slirp_pollfds_poll(s->slirp, poll->pollfds,
+   poll->state == MAIN_LOOP_POLL_ERR);
+break;
+default:
+g_assert_not_reached();
+}
+}
+
 static int net_slirp_init(NetClientState *peer, const char *model,
   const char *name, int restricted,
   bool ipv4, const char *vnetwork, const char *vhost,
@@ -429,6 +450,9 @@ static int net_slirp_init(NetClientState *peer, const char 
*model,
   _cb, s);
 QTAILQ_INSERT_TAIL(_stacks, s, entry);
 
+s->poll_notifier.notify = net_slirp_poll_notify;
+main_loop_poll_add_notifier(>poll_notifier);
+
 for (config = slirp_configs; config; config = config->next) {
 if (config->flags & SLIRP_CFG_HOSTFWD) {
 if (slirp_hostfwd(s, config->str, errp) < 0) {
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index 8e5d4ed11b..18d5fb0133 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -63,9 +63,9 @@ Slirp *slirp_init(int restricted, bool in_enabled, struct 
in_addr vnetwork,
   void *opaque);
 void slirp_cleanup(Slirp *slirp);
 
-void slirp_pollfds_fill(GArray *pollfds, uint32_t *timeout);
+void slirp_pollfds_fill(Slirp *slirp, GArray *pollfds, uint32_t *timeout);
 
-void slirp_pollfds_poll(GArray *pollfds, int select_error);
+void slirp_pollfds_poll(Slirp *slirp, GArray *pollfds, int select_error);
 
 void slirp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len);
 
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 60cd8249bf..a0de8b711c 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -368,9 +368,8 @@ void slirp_cleanup(Slirp *slirp)
 #define CONN_CANFSEND(so) (((so)->so_state & 
(SS_FCANTSENDMORE|SS_ISFCONNECTED)) == SS_ISFCONNECTED)
 #define CONN_CANFRCV(so) (((so)->so_state & (SS_FCANTRCVMORE|SS_ISFCONNECTED)) 
== SS_ISFCONNECTED)
 
-static void slirp_update_timeout(uint32_t *timeout)
+static void slirp_update_timeout(Slirp *slirp, uint32_t *timeout)
 {
-Slirp *slirp;
 uint32_t t;
 
 if (*timeout <= TIMEOUT_FAST) {
@@ -382,370 +381,352 @@ static void slirp_update_timeout(uint32_t *timeout)
 /* If we have tcp timeout with slirp, then we will fill @timeout with
  * more precise value.
  */
-QTAILQ_FOREACH(slirp, _instances, entry) {
-if (slirp->time_fasttimo) {
-*timeout = TIMEOUT_FAST;
-return;
-}
-if (slirp->do_slowtimo) {
-t = MIN(TIMEOUT_SLOW, t);
-}
+if (slirp->time_fasttimo) {
+*timeout = TIMEOUT_FAST;
+return;
+}
+if (slirp->do_slowtimo) {
+  

Re: [Qemu-devel] [PATCH] hw/cpu/cluster: Mark the cpu-cluster device with user_creatable = false

[Alistair Francis]

On Tue, Feb 5, 2019 at 7:22 AM Luc Michel  wrote:
>
>
>
> On 2/5/19 1:58 PM, Thomas Huth wrote:
> > The device can not be instantiated by the user and QEMU currently
> > aborts when you try to use it:
> >
> > $ x86_64-softmmu/qemu-system-x86_64 -device cpu-cluster
> > qemu-system-x86_64: hw/cpu/cluster.c:73: cpu_cluster_realize:
> >  Assertion `cbdata.cpu_count > 0' failed.
> > Aborted (core dumped)
> >
> > Since this is an internal device only, mark it with user_creatable = false.
> >
> > Signed-off-by: Thomas Huth 
> Reviewed-by: Luc Michel 

Reviewed-by: Alistair Francis 

Alistair

>
> > ---
> >  hw/cpu/cluster.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/hw/cpu/cluster.c b/hw/cpu/cluster.c
> > index 25f9070..6f5f037 100644
> > --- a/hw/cpu/cluster.c
> > +++ b/hw/cpu/cluster.c
> > @@ -79,6 +79,9 @@ static void cpu_cluster_class_init(ObjectClass *klass, 
> > void *data)
> >
> >  dc->props = cpu_cluster_properties;
> >  dc->realize = cpu_cluster_realize;
> > +
> > +/* This is not directly for users, CPU children must be attached by 
> > code */
> > +dc->user_creatable = false;
> >  }
> >
> >  static const TypeInfo cpu_cluster_type_info = {
> >
>

[Qemu-devel] [PULLv3 19/32] slirp: remove qemu timer.h dependency

[Samuel Thibault]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/if.c   | 1 -
 slirp/ip6_icmp.c | 1 -
 slirp/slirp.c| 1 -
 slirp/util.h | 2 ++
 4 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/slirp/if.c b/slirp/if.c
index 73e3705740..90b9078687 100644
--- a/slirp/if.c
+++ b/slirp/if.c
@@ -7,7 +7,6 @@
 
 #include "qemu/osdep.h"
 #include "slirp.h"
-#include "qemu/timer.h"
 
 static void
 ifs_insque(struct mbuf *ifm, struct mbuf *ifmhead)
diff --git a/slirp/ip6_icmp.c b/slirp/ip6_icmp.c
index e72c57a81d..682597e676 100644
--- a/slirp/ip6_icmp.c
+++ b/slirp/ip6_icmp.c
@@ -6,7 +6,6 @@
 #include "qemu/osdep.h"
 #include "slirp.h"
 #include "ip6_icmp.h"
-#include "qemu/timer.h"
 #include "qemu/error-report.h"
 #include "qemu/log.h"
 
diff --git a/slirp/slirp.c b/slirp/slirp.c
index b5c4788489..7a5d97c77f 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -23,7 +23,6 @@
  */
 #include "qemu/osdep.h"
 #include "qemu-common.h"
-#include "qemu/timer.h"
 #include "qemu/error-report.h"
 #include "migration/register.h"
 #include "slirp.h"
diff --git a/slirp/util.h b/slirp/util.h
index 586517bb30..922077435e 100644
--- a/slirp/util.h
+++ b/slirp/util.h
@@ -48,6 +48,8 @@
 # define SLIRP_PACKED __attribute__((packed))
 #endif
 
+#define SCALE_MS 100
+
 #ifdef _WIN32
 int slirp_closesocket(int fd);
 int slirp_ioctlsocket(int fd, int req, void *val);
-- 
2.20.1

Re: [Qemu-devel] [PULLv2 00/32] More work towards libslirp

[Samuel Thibault]

Peter Maydell, le mar. 05 févr. 2019 18:24:45 +, a ecrit:
> /home/pm215/qemu/slirp/misc.c:166:5: error: unknown type name ‘QemuGSpawnFds’

D'oh...

Fixed in v3.

Samuel

Re: [Qemu-devel] [PATCH 02/17] target/arm: Extract TCMA with ARMVAParameters

[Peter Maydell]

On Mon, 14 Jan 2019 at 01:11, Richard Henderson
 wrote:
>
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/internals.h | 1 +
>  target/arm/helper.c| 8 ++--
>  2 files changed, 7 insertions(+), 2 deletions(-)

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 01/17] target/arm: Add MTE_ACTIVE to tb_flags

[Peter Maydell]

On Mon, 14 Jan 2019 at 01:11, Richard Henderson
 wrote:
>
> When MTE is fully enabled, i.e. access to tags are enabled and
> tag checks affect the PE, then arrange to perform the check
> while stripping the TBI.
>
> The check is not yet implemented, just the plumbing to that point.
>
> Signed-off-by: Richard Henderson 


> @@ -0,0 +1,32 @@
> +/*
> + * ARM v8.5-MemTag Operations
> + *
> + * Copyright (c) 2019 Linaro, Ltd.
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.

Do you mean LGPL version 2.1 here, or GPL version 2?

> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see 
> .
> + */
> +
> +#include "qemu/osdep.h"
> +#include "cpu.h"
> +#include "internals.h"
> +#include "exec/exec-all.h"
> +#include "exec/cpu_ldst.h"
> +#include "exec/helper-proto.h"
> +
> +
> +uint64_t HELPER(mte_check)(CPUARMState *env, uint64_t ptr)
> +{
> +/* Only unchecked implemented so far.  */
> +return sextract64(ptr, 0, 55);

Are you sure this is right? I think that unchecked accesses
should work the same as if MTE isn't active at all, ie
do all the stuff gen_top_byte_ignore() does. If you look
at the pseudocode for AArch64.MemSingle[]:
https://developer.arm.com/docs/ddi0596/b/shared-pseudocode-functions/aarch64-functionsmemory-pseudocode#AArch64.MemSingle.write.4

the address (hidden inside 'memaddrdesc' passed down to the
_Mem[] accessor isn't changed by any of the code guarded by
the "if HaveMTEExt()" conditional.

In fact both checked and unchecked accesses ought to do this to
get the vaddr to use from the input vaddr.

> +}
> diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
> index ee6f71c98f..0286507bae 100644
> --- a/target/arm/translate-a64.c
> +++ b/target/arm/translate-a64.c
> @@ -339,7 +339,13 @@ static void gen_a64_set_pc(DisasContext *s, TCGv_i64 src)
>  static TCGv_i64 clean_data_tbi(DisasContext *s, TCGv_i64 addr)
>  {
>  TCGv_i64 clean = new_tmp_a64(s);
> -gen_top_byte_ignore(s, clean, addr, s->tbid);
> +
> +/* FIXME: SP+OFS is always unchecked.  */
> +if (s->tbid && s->mte_active) {
> +gen_helper_mte_check(clean, cpu_env, addr);
> +} else {
> +gen_top_byte_ignore(s, clean, addr, s->tbid);
> +}
>  return clean;
>  }

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

[Qemu-devel] [PULLv3 25/32] slirp: replace remaining qemu headers dependency

[Samuel Thibault]

From: Marc-André Lureau 

Except for the migration code which is gated by WITH_QEMU, only
include our own headers, so libslirp can be built standalone.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/arp_table.c  |  3 ++-
 slirp/bootp.c  |  1 -
 slirp/cksum.c  |  1 -
 slirp/dhcpv6.c |  1 -
 slirp/dnssearch.c  |  1 -
 slirp/if.c |  1 -
 slirp/ip6.h|  1 +
 slirp/ip6_icmp.c   |  1 -
 slirp/ip6_input.c  |  1 -
 slirp/ip6_output.c |  2 --
 slirp/ip_icmp.c|  1 -
 slirp/ip_input.c   |  1 -
 slirp/ip_output.c  |  1 -
 slirp/mbuf.c   |  1 -
 slirp/misc.c   |  2 --
 slirp/ncsi.c   |  1 -
 slirp/ndp_table.c  |  2 --
 slirp/sbuf.c   |  1 -
 slirp/slirp.c  |  2 --
 slirp/socket.c |  2 --
 slirp/tcp_input.c  |  1 -
 slirp/tcp_output.c |  1 -
 slirp/tcp_subr.c   |  1 -
 slirp/tcp_timer.c  |  1 -
 slirp/tftp.c   |  6 --
 slirp/udp.c|  1 -
 slirp/udp6.c   |  2 --
 slirp/util.h   | 21 +
 28 files changed, 28 insertions(+), 33 deletions(-)

diff --git a/slirp/arp_table.c b/slirp/arp_table.c
index bf71b984ad..58eafdcfd8 100644
--- a/slirp/arp_table.c
+++ b/slirp/arp_table.c
@@ -22,9 +22,10 @@
  * THE SOFTWARE.
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 
+#include 
+
 void arp_table_add(Slirp *slirp, uint32_t ip_addr, uint8_t ethaddr[ETH_ALEN])
 {
 const uint32_t broadcast_addr =
diff --git a/slirp/bootp.c b/slirp/bootp.c
index 4c9a77eb98..d396849a05 100644
--- a/slirp/bootp.c
+++ b/slirp/bootp.c
@@ -21,7 +21,6 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
-#include "qemu/osdep.h"
 #include "slirp.h"
 
 #if defined(_WIN32)
diff --git a/slirp/cksum.c b/slirp/cksum.c
index 84c858fafb..25bfa67348 100644
--- a/slirp/cksum.c
+++ b/slirp/cksum.c
@@ -30,7 +30,6 @@
  * in_cksum.c,v 1.2 1994/08/02 07:48:16 davidg Exp
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 
 /*
diff --git a/slirp/dhcpv6.c b/slirp/dhcpv6.c
index e27d9a46f8..9ffba38e8f 100644
--- a/slirp/dhcpv6.c
+++ b/slirp/dhcpv6.c
@@ -20,7 +20,6 @@
  * along with this program; if not, see .
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 #include "dhcpv6.h"
 
diff --git a/slirp/dnssearch.c b/slirp/dnssearch.c
index 8fb563321b..c459cece8d 100644
--- a/slirp/dnssearch.c
+++ b/slirp/dnssearch.c
@@ -22,7 +22,6 @@
  * THE SOFTWARE.
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 
 static const uint8_t RFC3397_OPT_DOMAIN_SEARCH = 119;
diff --git a/slirp/if.c b/slirp/if.c
index 90b9078687..2ad03b8a79 100644
--- a/slirp/if.c
+++ b/slirp/if.c
@@ -5,7 +5,6 @@
  * terms and conditions of the copyright.
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 
 static void
diff --git a/slirp/ip6.h b/slirp/ip6.h
index 5361bd7449..1b3364f960 100644
--- a/slirp/ip6.h
+++ b/slirp/ip6.h
@@ -7,6 +7,7 @@
 #define SLIRP_IP6_H
 
 #include 
+#include 
 
 #define ALLNODES_MULTICAST  { .s6_addr = \
 { 0xff, 0x02, 0x00, 0x00,\
diff --git a/slirp/ip6_icmp.c b/slirp/ip6_icmp.c
index b3b7e50a31..2a432ebbd4 100644
--- a/slirp/ip6_icmp.c
+++ b/slirp/ip6_icmp.c
@@ -3,7 +3,6 @@
  * Guillaume Subiron, Yann Bordenave, Serigne Modou Wagne.
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 #include "ip6_icmp.h"
 
diff --git a/slirp/ip6_input.c b/slirp/ip6_input.c
index ab656a0a9d..1b8c003c66 100644
--- a/slirp/ip6_input.c
+++ b/slirp/ip6_input.c
@@ -3,7 +3,6 @@
  * Guillaume Subiron, Yann Bordenave, Serigne Modou Wagne.
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 #include "ip6_icmp.h"
 
diff --git a/slirp/ip6_output.c b/slirp/ip6_output.c
index 52c88ad691..19d1ae7748 100644
--- a/slirp/ip6_output.c
+++ b/slirp/ip6_output.c
@@ -3,8 +3,6 @@
  * Guillaume Subiron, Yann Bordenave, Serigne Modou Wagne.
  */
 
-#include "qemu/osdep.h"
-#include "qemu-common.h"
 #include "slirp.h"
 
 /* Number of packets queued before we start sending
diff --git a/slirp/ip_icmp.c b/slirp/ip_icmp.c
index 19e247f773..6b6344b776 100644
--- a/slirp/ip_icmp.c
+++ b/slirp/ip_icmp.c
@@ -30,7 +30,6 @@
  * ip_icmp.c,v 1.7 1995/05/30 08:09:42 rgrimes Exp
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 #include "ip_icmp.h"
 
diff --git a/slirp/ip_input.c b/slirp/ip_input.c
index d360620838..774ce662e6 100644
--- a/slirp/ip_input.c
+++ b/slirp/ip_input.c
@@ -38,7 +38,6 @@
  * terms and conditions of the copyright.
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 #include "ip_icmp.h"
 
diff --git a/slirp/ip_output.c b/slirp/ip_output.c
index db403f04c1..f6ec141df5 100644
--- a/slirp/ip_output.c
+++ b/slirp/ip_output.c
@@ -38,7 +38,6 @@
  * terms and conditions of the copyright.
  */
 
-#include "qemu/osdep.h"
 #include "slirp.h"
 
 /* Number of packets queued before we start sending
diff --git a/slirp/mbuf.c b/slirp/mbuf.c
index d8d275e0e7..521c02c967 100644
--- a/slirp/mbuf.c
+++ b/slirp/mbuf.c
@@ -15,7 +15,6 @@
  * the flags
  */
 
-#include "qemu/osdep.h"
 

[Qemu-devel] [PATCH v2 5/6] linux-user/elfload: enable HWCAP_CPUID for AArch64

[Alex Bennée]

Userspace programs should (in theory) query the ELF HWCAP before
probing these registers. Now we have implemented them all make it
public.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 linux-user/elfload.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 775a36ccdd..3a50d587ff 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -580,6 +580,7 @@ static uint32_t get_elf_hwcap(void)
 
 hwcaps |= ARM_HWCAP_A64_FP;
 hwcaps |= ARM_HWCAP_A64_ASIMD;
+hwcaps |= ARM_HWCAP_A64_CPUID;
 
 /* probe for the extra features */
 #define GET_FEATURE_ID(feat, hwcap) \
-- 
2.20.1

[Qemu-devel] [PULLv3 26/32] slirp: prefer c99 types over BSD kind

[Samuel Thibault]

From: Marc-André Lureau 

Replace:
- u_char -> uint8_t
- u_short -> uint16_t
- u_long -> uint32_t
- u_int -> unsigned
- caddr_t -> char *

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/ip_icmp.c|  6 +++---
 slirp/ip_icmp.h| 18 +-
 slirp/ip_input.c   |  4 ++--
 slirp/main.h   |  2 +-
 slirp/mbuf.h   |  2 +-
 slirp/slirp.c  | 12 ++--
 slirp/slirp.h  |  8 +++-
 slirp/socket.c |  6 +++---
 slirp/socket.h |  4 ++--
 slirp/tcp_input.c  | 22 +++---
 slirp/tcp_output.c | 12 ++--
 slirp/tcp_subr.c   | 18 +-
 slirp/tcp_timer.c  |  2 +-
 slirp/tcp_var.h| 14 +++---
 slirp/udp.c|  6 +++---
 slirp/udp.h|  2 +-
 util/osdep.c   |  2 +-
 17 files changed, 69 insertions(+), 71 deletions(-)

diff --git a/slirp/ip_icmp.c b/slirp/ip_icmp.c
index 6b6344b776..7c5cb75ae5 100644
--- a/slirp/ip_icmp.c
+++ b/slirp/ip_icmp.c
@@ -240,7 +240,7 @@ end_error:
 
 #define ICMP_MAXDATALEN (IP_MSS-28)
 void
-icmp_send_error(struct mbuf *msrc, u_char type, u_char code, int minsize,
+icmp_send_error(struct mbuf *msrc, uint8_t type, uint8_t code, int minsize,
const char *message)
 {
   unsigned hlen, shlen, s_ip_len;
@@ -388,7 +388,7 @@ icmp_reflect(struct mbuf *m)
  * Strip out original options by copying rest of first
  * mbuf's data back, and adjust the IP length.
  */
-memmove((caddr_t)(ip + 1), (caddr_t)ip + hlen,
+memmove((char *)(ip + 1), (char *)ip + hlen,
(unsigned )(m->m_len - hlen));
 hlen -= optlen;
 ip->ip_hl = hlen >> 2;
@@ -412,7 +412,7 @@ void icmp_receive(struct socket *so)
 struct mbuf *m = so->so_m;
 struct ip *ip = mtod(m, struct ip *);
 int hlen = ip->ip_hl << 2;
-u_char error_code;
+uint8_t error_code;
 struct icmp *icp;
 int id, len;
 
diff --git a/slirp/ip_icmp.h b/slirp/ip_icmp.h
index d88ab34c1b..a4e5b8b265 100644
--- a/slirp/ip_icmp.h
+++ b/slirp/ip_icmp.h
@@ -44,22 +44,22 @@ typedef uint32_t n_time;
  * Structure of an icmp header.
  */
 struct icmp {
-   u_char  icmp_type;  /* type of message, see below */
-   u_char  icmp_code;  /* type sub code */
-   u_short icmp_cksum; /* ones complement cksum of struct */
+   uint8_t icmp_type;  /* type of message, see below */
+   uint8_t icmp_code;  /* type sub code */
+   uint16_ticmp_cksum; /* ones complement cksum of 
struct */
union {
-   u_char ih_pptr; /* ICMP_PARAMPROB */
+   uint8_t ih_pptr;/* ICMP_PARAMPROB */
struct in_addr ih_gwaddr;   /* ICMP_REDIRECT */
struct ih_idseq {
-   u_short icd_id;
-   u_short icd_seq;
+   uint16_ticd_id;
+   uint16_ticd_seq;
} ih_idseq;
int ih_void;
 
/* ICMP_UNREACH_NEEDFRAG -- Path MTU Discovery (RFC1191) */
struct ih_pmtu {
-   u_short ipm_void;
-   u_short ipm_nextmtu;
+   uint16_t ipm_void;
+   uint16_t ipm_nextmtu;
} ih_pmtu;
} icmp_hun;
 #defineicmp_pptr   icmp_hun.ih_pptr
@@ -156,7 +156,7 @@ struct icmp {
 void icmp_init(Slirp *slirp);
 void icmp_cleanup(Slirp *slirp);
 void icmp_input(struct mbuf *, int);
-void icmp_send_error(struct mbuf *msrc, u_char type, u_char code, int minsize,
+void icmp_send_error(struct mbuf *msrc, uint8_t type, uint8_t code, int 
minsize,
  const char *message);
 void icmp_reflect(struct mbuf *);
 void icmp_receive(struct socket *so);
diff --git a/slirp/ip_input.c b/slirp/ip_input.c
index 774ce662e6..e0b94b0e42 100644
--- a/slirp/ip_input.c
+++ b/slirp/ip_input.c
@@ -458,11 +458,11 @@ ip_stripoptions(register struct mbuf *m, struct mbuf 
*mopt)
 {
register int i;
struct ip *ip = mtod(m, struct ip *);
-   register caddr_t opts;
+   register char *opts;
int olen;
 
olen = (ip->ip_hl<<2) - sizeof (struct ip);
-   opts = (caddr_t)(ip + 1);
+   opts = (char *)(ip + 1);
i = m->m_len - (sizeof (struct ip) + olen);
memcpy(opts, opts  + olen, (unsigned)i);
m->m_len -= olen;
diff --git a/slirp/main.h b/slirp/main.h
index 4bc05fb904..f11d4572b7 100644
--- a/slirp/main.h
+++ b/slirp/main.h
@@ -8,7 +8,7 @@
 #ifndef SLIRP_MAIN_H
 #define SLIRP_MAIN_H
 
-extern u_int curtime;
+extern unsigned curtime;
 extern struct in_addr loopback_addr;
 extern unsigned long loopback_mask;
 
diff --git a/slirp/mbuf.h b/slirp/mbuf.h
index cbf17e136b..e2d443418a 100644
--- a/slirp/mbuf.h
+++ b/slirp/mbuf.h
@@ -85,7 +85,7 @@ struct mbuf {
int m_size; /* Size of mbuf, from m_dat or m_ext */

[Qemu-devel] [Bug 1813940] Re: kvm_mem_ioeventfd_add: error adding ioeventfd: No space left on device

[elmarco]

The bug is also reproducible with virtio-9p 
-fsdev local,id=r,path=/,security_model=none -device 
virtio-9p-pci,fsdev=r,mount_tag=r

I bisected it to the same commit.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1813940

Title:
  kvm_mem_ioeventfd_add: error adding ioeventfd: No space left on device

Status in QEMU:
  New

Bug description:
  Latest QEMU master fails to run with too many MMIO devices specified.

  After patch 3ac7d43a6fb [1] QEMU just prints an error message and exits.
  > kvm_mem_ioeventfd_add: error adding ioeventfd: No space left on device

  This is reproducible e.g. with the following setup:

  qemu-3.1.50-dirty \
  -machine pc-i440fx-2.7,accel=kvm \
  -cpu host -m 4096 \
  -smp 2,sockets=2,cores=1,threads=1 \
  -drive file=freebsd_vm_1.qcow2,format=qcow2,if=none,id=bootdr \
  -device ide-hd,drive=bootdr,bootindex=0 \
  -device virtio-scsi-pci,id=vc0 \
  -device virtio-scsi-pci,id=vc1 \
  -device virtio-scsi-pci,id=vc2 \
  -device virtio-scsi-pci,id=vc3 \

  Running with just 3 Virtio-SCSI controllers seems to work fine, adding
  more than that causes the error above. Note that this is not Virtio-
  SCSI specific. I've also reproduced this without any Virtio devices
  whatsoever.

  strace shows the following ioctl chain over and over:

  145787 ioctl(11, KVM_UNREGISTER_COALESCED_MMIO, 0x7f60a4985410) = 0
  145787 ioctl(11, KVM_UNREGISTER_COALESCED_MMIO, 0x7f60a4985410) = 0
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = 0
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)
  145787 ioctl(11, KVM_REGISTER_COALESCED_MMIO, 0x7f60a49853b0) = -1 ENOSPC (No 
space left on device)

  Which suggests there's some kind of MMIO region leak.

  [1]
  commit 3ac7d43a6fbb5d4a3d01fc9a055c218030af3727
  Author: Paolo Bonzini 
  AuthorDate: Wed Nov 28 17:28:45 2018 +0100
  Commit: Paolo Bonzini 
  CommitDate: Fri Jan 11 13:57:24 2019 +0100

  memory: update coalesced_range on transaction_commit

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1813940/+subscriptions

[Qemu-devel] [PULLv3 14/32] slirp: replace qemu_notify_event() with a callback

[Samuel Thibault]

From: Marc-André Lureau 

Introduce a SlirpCb callback to kick the main io-thread.

Add an intermediary sodrop() function that will call SlirpCb.notify
callback when sbdrop() returns true.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 net/slirp.c   | 1 +
 slirp/libslirp.h  | 2 ++
 slirp/sbuf.c  | 6 --
 slirp/sbuf.h  | 2 +-
 slirp/socket.c| 7 +++
 slirp/socket.h| 1 +
 slirp/tcp_input.c | 6 +++---
 7 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/net/slirp.c b/net/slirp.c
index 78ba96b63f..7b4f9f5c5e 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -205,6 +205,7 @@ static const SlirpCb slirp_cb = {
 .timer_mod = net_slirp_timer_mod,
 .register_poll_fd = net_slirp_register_poll_fd,
 .unregister_poll_fd = net_slirp_unregister_poll_fd,
+.notify = qemu_notify_event,
 };
 
 static int net_slirp_init(NetClientState *peer, const char *model,
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index 8ce69f0be3..679a25422b 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -31,6 +31,8 @@ typedef struct SlirpCb {
 void (*register_poll_fd)(int fd);
 /* Unregister a fd */
 void (*unregister_poll_fd)(int fd);
+/* Kick the io-thread, to signal that new events may be processed */
+void (*notify)(void);
 } SlirpCb;
 
 
diff --git a/slirp/sbuf.c b/slirp/sbuf.c
index 912f235f65..17f28e97a6 100644
--- a/slirp/sbuf.c
+++ b/slirp/sbuf.c
@@ -17,7 +17,7 @@ sbfree(struct sbuf *sb)
free(sb->sb_data);
 }
 
-void
+bool
 sbdrop(struct sbuf *sb, int num)
 {
 int limit = sb->sb_datalen / 2;
@@ -34,8 +34,10 @@ sbdrop(struct sbuf *sb, int num)
sb->sb_rptr -= sb->sb_datalen;
 
 if (sb->sb_cc < limit && sb->sb_cc + num >= limit) {
-qemu_notify_event();
+return true;
 }
+
+return false;
 }
 
 void
diff --git a/slirp/sbuf.h b/slirp/sbuf.h
index 644c201341..1cb9a42834 100644
--- a/slirp/sbuf.h
+++ b/slirp/sbuf.h
@@ -21,7 +21,7 @@ struct sbuf {
 };
 
 void sbfree(struct sbuf *);
-void sbdrop(struct sbuf *, int);
+bool sbdrop(struct sbuf *, int);
 void sbreserve(struct sbuf *, int);
 void sbappend(struct socket *, struct mbuf *);
 void sbcopy(struct sbuf *, int, int, char *);
diff --git a/slirp/socket.c b/slirp/socket.c
index 5805d30f3d..2e8dc22fb6 100644
--- a/slirp/socket.c
+++ b/slirp/socket.c
@@ -928,3 +928,10 @@ void sotranslate_accept(struct socket *so)
 break;
 }
 }
+
+void sodrop(struct socket *s, int num)
+{
+if (sbdrop(>so_snd, num)) {
+s->slirp->cb->notify();
+}
+}
diff --git a/slirp/socket.h b/slirp/socket.h
index fc35ca5f72..1c1c8b5871 100644
--- a/slirp/socket.h
+++ b/slirp/socket.h
@@ -156,6 +156,7 @@ int soreadbuf(struct socket *so, const char *buf, int size);
 void sotranslate_out(struct socket *, struct sockaddr_storage *);
 void sotranslate_in(struct socket *, struct sockaddr_storage *);
 void sotranslate_accept(struct socket *);
+void sodrop(struct socket *, int num);
 
 
 #endif /* SLIRP_SOCKET_H */
diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c
index de5b74a52b..7c1fe18fec 100644
--- a/slirp/tcp_input.c
+++ b/slirp/tcp_input.c
@@ -506,7 +506,7 @@ findso:
SEQ_GT(ti->ti_ack, tp->t_rtseq))
tcp_xmit_timer(tp, tp->t_rtt);
acked = ti->ti_ack - tp->snd_una;
-   sbdrop(>so_snd, acked);
+   sodrop(so, acked);
tp->snd_una = ti->ti_ack;
m_free(m);
 
@@ -1118,10 +1118,10 @@ trimthenstep6:
}
if (acked > so->so_snd.sb_cc) {
tp->snd_wnd -= so->so_snd.sb_cc;
-   sbdrop(>so_snd, (int )so->so_snd.sb_cc);
+   sodrop(so, (int)so->so_snd.sb_cc);
ourfinisacked = 1;
} else {
-   sbdrop(>so_snd, acked);
+   sodrop(so, acked);
tp->snd_wnd -= acked;
ourfinisacked = 0;
}
-- 
2.20.1

[Qemu-devel] [PATCH v2 3/6] target/arm: expose MPIDR_EL1 to userspace

[Alex Bennée]

As this is a single register we could expose it with a simple ifdef
but we use the existing modify_arm_cp_regs mechanism for consistency.

Signed-off-by: Alex Bennée 
---
 target/arm/helper.c | 21 ++---
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index f90754cc11..f2f868ff92 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -3657,13 +3657,6 @@ static uint64_t mpidr_read(CPUARMState *env, const 
ARMCPRegInfo *ri)
 return mpidr_read_val(env);
 }
 
-static const ARMCPRegInfo mpidr_cp_reginfo[] = {
-{ .name = "MPIDR", .state = ARM_CP_STATE_BOTH,
-  .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
-  .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
-REGINFO_SENTINEL
-};
-
 static const ARMCPRegInfo lpae_cp_reginfo[] = {
 /* NOP AMAIR0/1 */
 { .name = "AMAIR0", .state = ARM_CP_STATE_BOTH,
@@ -6445,6 +6438,20 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 }
 
 if (arm_feature(env, ARM_FEATURE_MPIDR)) {
+ARMCPRegInfo mpidr_cp_reginfo[] = {
+{ .name = "MPIDR_EL1", .state = ARM_CP_STATE_BOTH,
+  .opc0 = 3, .crn = 0, .crm = 0, .opc1 = 0, .opc2 = 5,
+  .access = PL1_R, .readfn = mpidr_read, .type = ARM_CP_NO_RAW },
+REGINFO_SENTINEL
+};
+#ifdef CONFIG_USER_ONLY
+ARMCPRegUserSpaceInfo mpidr_user_cp_reginfo[] = {
+{ .name = "MPIDR_EL1",
+  .fixed_bits = 0x8000 },
+REGUSERINFO_SENTINEL
+};
+modify_arm_cp_regs(mpidr_cp_reginfo, mpidr_user_cp_reginfo);
+#endif
 define_arm_cp_regs(cpu, mpidr_cp_reginfo);
 }
 
-- 
2.20.1

[Qemu-devel] [PULLv3 20/32] slirp: remove now useless QEMU headers inclusions

[Samuel Thibault]

From: Marc-André Lureau 

Some of those could have been squashed earlier, but it is easier to do
it all here.

Signed-off-by: Marc-André Lureau 
Signed-off-by: samuel Thibault 
---
 slirp/dhcpv6.c   | 1 -
 slirp/ip6_icmp.c | 2 --
 slirp/misc.c | 2 --
 slirp/sbuf.c | 1 -
 slirp/slirp.c| 4 
 slirp/slirp.h| 1 -
 slirp/tftp.c | 1 -
 slirp/util.h | 2 --
 8 files changed, 14 deletions(-)

diff --git a/slirp/dhcpv6.c b/slirp/dhcpv6.c
index 752df40536..e27d9a46f8 100644
--- a/slirp/dhcpv6.c
+++ b/slirp/dhcpv6.c
@@ -21,7 +21,6 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu/log.h"
 #include "slirp.h"
 #include "dhcpv6.h"
 
diff --git a/slirp/ip6_icmp.c b/slirp/ip6_icmp.c
index 682597e676..b3b7e50a31 100644
--- a/slirp/ip6_icmp.c
+++ b/slirp/ip6_icmp.c
@@ -6,8 +6,6 @@
 #include "qemu/osdep.h"
 #include "slirp.h"
 #include "ip6_icmp.h"
-#include "qemu/error-report.h"
-#include "qemu/log.h"
 
 #define NDP_Interval g_rand_int_range(slirp->grand, \
 NDP_MinRtrAdvInterval, NDP_MaxRtrAdvInterval)
diff --git a/slirp/misc.c b/slirp/misc.c
index 4ee20a10e4..a77cc34b30 100644
--- a/slirp/misc.c
+++ b/slirp/misc.c
@@ -8,8 +8,6 @@
 #include "qemu/osdep.h"
 #include "slirp.h"
 #include "libslirp.h"
-#include "qemu/error-report.h"
-#include "qemu/main-loop.h"
 
 inline void
 insque(void *a, void *b)
diff --git a/slirp/sbuf.c b/slirp/sbuf.c
index 17f28e97a6..c83e4dd8ed 100644
--- a/slirp/sbuf.c
+++ b/slirp/sbuf.c
@@ -7,7 +7,6 @@
 
 #include "qemu/osdep.h"
 #include "slirp.h"
-#include "qemu/main-loop.h"
 
 static void sbappendsb(struct sbuf *sb, struct mbuf *m);
 
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 7a5d97c77f..ec1f606d72 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -23,11 +23,7 @@
  */
 #include "qemu/osdep.h"
 #include "qemu-common.h"
-#include "qemu/error-report.h"
-#include "migration/register.h"
 #include "slirp.h"
-#include "hw/hw.h"
-#include "qemu/cutils.h"
 
 #ifdef WITH_QEMU
 #include "state.h"
diff --git a/slirp/slirp.h b/slirp/slirp.h
index 5a830ddcb8..5707805be2 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -48,7 +48,6 @@ typedef char *caddr_t;
 #include "util.h"
 
 #include "qemu/queue.h"
-#include "qemu/sockets.h"
 #include "net/eth.h"
 
 #include "libslirp.h"
diff --git a/slirp/tftp.c b/slirp/tftp.c
index f0bcc72c92..5c31886190 100644
--- a/slirp/tftp.c
+++ b/slirp/tftp.c
@@ -25,7 +25,6 @@
 #include "qemu/osdep.h"
 #include "slirp.h"
 #include "qemu-common.h"
-#include "qemu/cutils.h"
 
 static inline int tftp_session_in_use(struct tftp_session *spt)
 {
diff --git a/slirp/util.h b/slirp/util.h
index 922077435e..4664e8159b 100644
--- a/slirp/util.h
+++ b/slirp/util.h
@@ -53,9 +53,7 @@
 #ifdef _WIN32
 int slirp_closesocket(int fd);
 int slirp_ioctlsocket(int fd, int req, void *val);
-#ifndef WITH_QEMU
 int inet_aton(const char *cp, struct in_addr *ia);
-#endif
 #define slirp_getsockopt(sockfd, level, optname, optval, optlen) \
 getsockopt(sockfd, level, optname, (void *)optval, optlen)
 #define slirp_setsockopt(sockfd, level, optname, optval, optlen)\
-- 
2.20.1

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190205170510.21984-1-peter.mayd...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PULL 00/22] target-arm queue
Type: series
Message-id: 20190205170510.21984-1-peter.mayd...@linaro.org

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
   68df0c30ed..9669c97562  master -> master
 t [tag update]patchew/20190129175403.18017-1-phi...@redhat.com -> 
patchew/20190129175403.18017-1-phi...@redhat.com
 t [tag update]
patchew/20190205170510.21984-1-peter.mayd...@linaro.org -> 
patchew/20190205170510.21984-1-peter.mayd...@linaro.org
Auto packing the repository in background for optimum performance.
See "git help gc" for manual housekeeping.
Switched to a new branch 'test'
66423fc523 target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
a61dad4237 hw/arm/boot: Support DTB autoload for firmware-only boots
7688aee282 hw/arm/boot: Clarify why arm_setup_firmware_boot() doesn't set 
env->boot_info
80cc07245c hw/arm/boot: Factor out "set up firmware boot" code
7151744025 hw/arm/boot: Factor out "direct kernel boot" code into its own 
function
c12bf1852c hw/arm/boot: Fix block comment style in arm_load_kernel()
ce81361fe5 gdbstub: allow killing QEMU via vKill command
93b4d61e49 target/arm: Enable TBI for user-only
61fd950037 target/arm: Compute TB_FLAGS for TBI for user-only
0f01045999 target/arm: Clean TBI for data operations in the translator
53da7d98c9 target/arm: Add TBFLAG_A64_TBID, split out gen_top_byte_ignore
1815ecd95b tests/tcg/aarch64: Add pauth smoke test
7d72b64304 linux-user: Implement PR_PAC_RESET_KEYS
3ace79750d target/arm: Enable BTI for -cpu max
30d7f17830 target/arm: Set btype for indirect branches
073d6dfba5 target/arm: Reset btype for direct branches
db8941f759 target/arm: Default handling of BTYPE during translation
81ac570579 target/arm: Cache the GP bit for a page in MemTxAttrs
f214b66195 exec: Add target-specific tlb bits to MemTxAttrs
61280f6f09 target/arm: Add BT and BTYPE to tb->flags
eee1d0b7f2 target/arm: Add PSTATE.BTYPE
45b2d8472f target/arm: Introduce isar_feature_aa64_bti

=== OUTPUT BEGIN ===
1/22 Checking commit 45b2d8472f6a (target/arm: Introduce isar_feature_aa64_bti)
2/22 Checking commit eee1d0b7f24a (target/arm: Add PSTATE.BTYPE)
3/22 Checking commit 61280f6f09c7 (target/arm: Add BT and BTYPE to tb->flags)
4/22 Checking commit f214b66195e4 (exec: Add target-specific tlb bits to 
MemTxAttrs)
ERROR: spaces prohibited around that ':' (ctx:WxW)
#31: FILE: include/exec/memattrs.h:47:
+unsigned int target_tlb_bit0 : 1;
  ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#32: FILE: include/exec/memattrs.h:48:
+unsigned int target_tlb_bit1 : 1;
  ^

ERROR: spaces prohibited around that ':' (ctx:WxW)
#33: FILE: include/exec/memattrs.h:49:
+unsigned int target_tlb_bit2 : 1;
  ^

total: 3 errors, 0 warnings, 16 lines checked

Patch 4/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

5/22 Checking commit 81ac57057995 (target/arm: Cache the GP bit for a page in 
MemTxAttrs)
6/22 Checking commit db8941f759b6 (target/arm: Default handling of BTYPE during 
translation)
ERROR: return is not a function, parentheses are not required
#99: FILE: target/arm/translate-a64.c:13796:
+return (tlb_hit(entry->addr_code, addr) &&

total: 1 errors, 0 warnings, 196 lines checked

Patch 6/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

7/22 Checking commit 073d6dfba51c (target/arm: Reset btype for direct branches)
8/22 Checking commit 30d7f17830ae (target/arm: Set btype for indirect branches)
9/22 Checking commit 3ace79750d7a (target/arm: Enable BTI for -cpu max)
10/22 Checking commit 7d72b6430427 (linux-user: Implement PR_PAC_RESET_KEYS)
11/22 Checking commit 1815ecd95bfc (tests/tcg/aarch64: Add pauth smoke test)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#34: 
new file mode 100644

total: 0 errors, 1 warnings, 38 lines checked

Patch 11/22 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
12/22 Checking commit 53da7d98c9f3 (target/arm: Add TBFLAG_A64_TBID, split out 
gen_top_byte_ignore)
13/22 Checking commit 0f01045999c8 (target/arm: Clean TBI for data operations 
in the translator)
WARNING: Block comments use a leading /* on a separate line
#514: FILE: 

Re: [Qemu-devel] [PULL 00/22] target-arm queue

[Peter Maydell]

On Tue, 5 Feb 2019 at 17:05, Peter Maydell  wrote:
>
> Arm stuff, mostly patches from RTH.
>
> thanks
> -- PMM
>
> The following changes since commit 01a9a51ffaf4699827ea6425cb2b834a356e159d:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190205-pull-request' 
> into staging (2019-02-05 14:01:29 +)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20190205
>
> for you to fetch changes up to a15945d98d3a3390c3da344d1b47218e91e49d8b:
>
>   target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI (2019-02-05 
> 16:52:42 +)
>
> 
> target-arm queue:
>  * Implement Armv8.5-BTI extension for system emulation mode
>  * Implement the PR_PAC_RESET_KEYS prctl() for linux-user mode's 
> Armv8.3-PAuth support
>  * Support TBI (top-byte-ignore) properly for linux-user mode
>  * gdbstub: allow killing QEMU via vKill command
>  * hw/arm/boot: Support DTB autoload for firmware-only boots
>  * target/arm: Make FPSCR/FPCR trapped-exception bits RAZ/WI
>

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.0
for any user-visible changes.

-- PMM

[Qemu-devel] [PATCH v2 2/6] target/arm: expose CPUID registers to userspace

[Alex Bennée]

A number of CPUID registers are exposed to userspace by modern Linux
kernels thanks to the "ARM64 CPU Feature Registers" ABI. For QEMU's
user-mode emulation we don't need to emulate the kernels trap but just
return the value the trap would have done. To avoid too much #ifdef
hackery we process ARMCPRegInfo with a new helper (modify_arm_cp_regs)
before defining the registers. The modify routine is driven by a
simple data structure which describes which bits are exported and
which are fixed.

Signed-off-by: Alex Bennée 

---
v4
  - tweak commit message
  - use PL0U_R instead of PL1U_R to be less confusing
  - more CONFIG_USER logic for special cases
  - mask a bunch of bits for some registers
v5
  - use data driven modify_arm_cp_regs
---
 target/arm/cpu.h| 21 
 target/arm/helper.c | 59 +
 2 files changed, 80 insertions(+)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 1616632dcb..354df22102 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2449,6 +2449,27 @@ static inline void define_one_arm_cp_reg(ARMCPU *cpu, 
const ARMCPRegInfo *regs)
 }
 const ARMCPRegInfo *get_arm_cp_reginfo(GHashTable *cpregs, uint32_t 
encoded_cp);
 
+/*
+ * Definition of an ARM co-processor register as viewed from
+ * userspace. This is used for presenting sanitised versions of
+ * registers to userspace when emulating the Linux AArch64 CPU
+ * ID/feature ABI (advertised as HWCAP_CPUID).
+ */
+typedef struct ARMCPRegUserSpaceInfo {
+/* Name of register */
+const char *name;
+
+/* Only some bits are exported to user space */
+uint64_t exported_bits;
+
+/* Fixed bits are applied after the mask */
+uint64_t fixed_bits;
+} ARMCPRegUserSpaceInfo;
+
+#define REGUSERINFO_SENTINEL { .name = NULL }
+
+void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods);
+
 /* CPWriteFn that can be used to implement writes-ignored behaviour */
 void arm_cp_write_ignore(CPUARMState *env, const ARMCPRegInfo *ri,
  uint64_t value);
diff --git a/target/arm/helper.c b/target/arm/helper.c
index 5857c0ba96..f90754cc11 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6103,6 +6103,30 @@ void register_cp_regs_for_features(ARMCPU *cpu)
   .resetvalue = cpu->pmceid1 },
 REGINFO_SENTINEL
 };
+#ifdef CONFIG_USER_ONLY
+ARMCPRegUserSpaceInfo v8_user_idregs[] = {
+{ .name = "ID_AA64PFR0_EL1",
+  .exported_bits = 0x000f000f00ff,
+  .fixed_bits= 0x0011 },
+{ .name = "ID_AA64PFR1_EL1",
+  .exported_bits = 0x00f0 },
+{ .name = "ID_AA64ZFR0_EL1"   },
+{ .name = "ID_AA64MMFR0_EL1",
+  .fixed_bits= 0xff00 },
+{ .name = "ID_AA64MMFR1_EL1"  },
+{ .name = "ID_AA64DFR0_EL1",
+  .fixed_bits= 0x0006 },
+{ .name = "ID_AA64DFR1_EL1"   },
+{ .name = "ID_AA64AFR0_EL1"   },
+{ .name = "ID_AA64AFR1_EL1"   },
+{ .name = "ID_AA64ISAR0_EL1",
+  .exported_bits = 0x00fff0f0 },
+{ .name = "ID_AA64ISAR1_EL1",
+  .exported_bits = 0x00f0 },
+REGUSERINFO_SENTINEL
+};
+modify_arm_cp_regs(v8_idregs, v8_user_idregs);
+#endif
 /* RVBAR_EL1 is only implemented if EL1 is the highest EL */
 if (!arm_feature(env, ARM_FEATURE_EL3) &&
 !arm_feature(env, ARM_FEATURE_EL2)) {
@@ -6379,6 +6403,15 @@ void register_cp_regs_for_features(ARMCPU *cpu)
 .opc1 = CP_ANY, .opc2 = CP_ANY, .access = PL1_W,
 .type = ARM_CP_NOP | ARM_CP_OVERRIDE
 };
+#ifdef CONFIG_USER_ONLY
+ARMCPRegUserSpaceInfo id_v8_user_midr_cp_reginfo[] = {
+{ .name = "MIDR_EL1",
+  .exported_bits = 0x },
+{ .name = "REVIDR_EL1"},
+REGUSERINFO_SENTINEL
+};
+modify_arm_cp_regs(id_v8_midr_cp_reginfo, id_v8_user_midr_cp_reginfo);
+#endif
 if (arm_feature(env, ARM_FEATURE_OMAPCP) ||
 arm_feature(env, ARM_FEATURE_STRONGARM)) {
 ARMCPRegInfo *r;
@@ -6960,6 +6993,32 @@ void define_arm_cp_regs_with_opaque(ARMCPU *cpu,
 }
 }
 
+/*
+ * Modify ARMCPRegInfo for access from userspace.
+ *
+ * This is a data driven modification directed by
+ * ARMCPRegUserSpaceInfo. All registers become ARM_CP_CONST as
+ * user-space cannot alter any values and dynamic values pertaining to
+ * execution state are hidden from user space view anyway.
+ */
+void modify_arm_cp_regs(ARMCPRegInfo *regs, const ARMCPRegUserSpaceInfo *mods)
+{
+const ARMCPRegUserSpaceInfo *m;
+ARMCPRegInfo *r;
+
+for (m = mods; m->name; m++) {
+for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
+if (strcmp(r->name, 

[Qemu-devel] [PULLv3 10/32] slirp: replace QEMU_PACKED with SLIRP_PACKED

[Samuel Thibault]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/ip.h   | 10 +-
 slirp/ip6_icmp.h |  6 +++---
 slirp/slirp.h|  5 +++--
 slirp/util.h | 32 
 4 files changed, 43 insertions(+), 10 deletions(-)
 create mode 100644 slirp/util.h

diff --git a/slirp/ip.h b/slirp/ip.h
index 20614f3b53..2baeeb9a3a 100644
--- a/slirp/ip.h
+++ b/slirp/ip.h
@@ -89,7 +89,7 @@ struct ip {
uint8_t ip_p;   /* protocol */
uint16_tip_sum; /* checksum */
struct  in_addr ip_src,ip_dst;  /* source and dest address */
-} QEMU_PACKED;
+} SLIRP_PACKED;
 
 #defineIP_MAXPACKET65535   /* maximum packet size */
 
@@ -151,7 +151,7 @@ struct  ip_timestamp {
n_long ipt_time;
} ipt_ta[1];
} ipt_timestamp;
-} QEMU_PACKED;
+} SLIRP_PACKED;
 
 /* flag bits for ipt_flg */
 #defineIPOPT_TS_TSONLY 0   /* timestamps only */
@@ -181,11 +181,11 @@ structip_timestamp {
 struct mbuf_ptr {
struct mbuf *mptr;
uint32_t dummy;
-} QEMU_PACKED;
+} SLIRP_PACKED;
 #else
 struct mbuf_ptr {
struct mbuf *mptr;
-} QEMU_PACKED;
+} SLIRP_PACKED;
 #endif
 struct qlink {
void *next, *prev;
@@ -201,7 +201,7 @@ struct ipovly {
uint16_tih_len; /* protocol length */
struct  in_addr ih_src; /* source internet address */
struct  in_addr ih_dst; /* destination internet address */
-} QEMU_PACKED;
+} SLIRP_PACKED;
 
 /*
  * Ip reassembly queue structure.  Each fragment
diff --git a/slirp/ip6_icmp.h b/slirp/ip6_icmp.h
index 2ad2b75e67..3f44ed2f49 100644
--- a/slirp/ip6_icmp.h
+++ b/slirp/ip6_icmp.h
@@ -144,16 +144,16 @@ struct ndpopt {
 uint32_tpref_lt;/* Preferred Lifetime */
 uint32_treserved2;
 struct in6_addr prefix;
-} QEMU_PACKED prefixinfo;
+} SLIRP_PACKED prefixinfo;
 #define ndpopt_prefixinfo ndpopt_body.prefixinfo
 struct rdnss {
 uint16_t reserved;
 uint32_t lifetime;
 struct in6_addr addr;
-} QEMU_PACKED rdnss;
+} SLIRP_PACKED rdnss;
 #define ndpopt_rdnss ndpopt_body.rdnss
 } ndpopt_body;
-} QEMU_PACKED;
+} SLIRP_PACKED;
 
 /* NDP options type */
 #define NDPOPT_LINKLAYER_SOURCE 1   /* Source Link-Layer Address */
diff --git a/slirp/slirp.h b/slirp/slirp.h
index 17056f4b83..67ff4d610c 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -45,6 +45,7 @@ typedef char *caddr_t;
 #define quehead slirp_quehead
 
 #include "debug.h"
+#include "util.h"
 
 #include "qemu/queue.h"
 #include "qemu/sockets.h"
@@ -93,7 +94,7 @@ struct slirp_arphdr {
 uint32_t  ar_sip;   /* sender IP address   */
 unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
 uint32_t  ar_tip;   /* target IP address   */
-} QEMU_PACKED;
+} SLIRP_PACKED;
 
 #define ARP_TABLE_SIZE 16
 
@@ -110,7 +111,7 @@ bool arp_table_search(Slirp *slirp, uint32_t ip_addr,
 struct ndpentry {
 unsigned char   eth_addr[ETH_ALEN]; /* sender hardware address */
 struct in6_addr ip_addr;/* sender IP address   */
-} QEMU_PACKED;
+} SLIRP_PACKED;
 
 #define NDP_TABLE_SIZE 16
 
diff --git a/slirp/util.h b/slirp/util.h
new file mode 100644
index 00..00291c30a6
--- /dev/null
+++ b/slirp/util.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ * Copyright (c) 2010-2019 Red Hat, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#ifndef UTIL_H_
+#define UTIL_H_
+
+#if defined(_WIN32)
+# define SLIRP_PACKED __attribute__((gcc_struct, packed))
+#else
+# define SLIRP_PACKED __attribute__((packed))
+#endif
+
+#endif
-- 
2.20.1

[Qemu-devel] [PULLv3 18/32] slirp: add slirp own version of pstrcpy

[Samuel Thibault]

From: Marc-André Lureau 

Remove a dependency on qemu util.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/slirp.c |  4 ++--
 slirp/tftp.c  |  2 +-
 slirp/util.c  | 17 +
 slirp/util.h  |  2 ++
 4 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/slirp/slirp.c b/slirp/slirp.c
index 9ec1e4c62f..b5c4788489 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -320,8 +320,8 @@ Slirp *slirp_init(int restricted, bool in_enabled, struct 
in_addr vnetwork,
 slirp->vprefix_len = vprefix_len;
 slirp->vhost_addr6 = vhost6;
 if (vhostname) {
-pstrcpy(slirp->client_hostname, sizeof(slirp->client_hostname),
-vhostname);
+slirp_pstrcpy(slirp->client_hostname, sizeof(slirp->client_hostname),
+  vhostname);
 }
 slirp->tftp_prefix = g_strdup(tftp_path);
 slirp->bootp_filename = g_strdup(bootfile);
diff --git a/slirp/tftp.c b/slirp/tftp.c
index 6fb381ef33..f0bcc72c92 100644
--- a/slirp/tftp.c
+++ b/slirp/tftp.c
@@ -216,7 +216,7 @@ static void tftp_send_error(struct tftp_session *spt,
 
   tp->tp_op = htons(TFTP_ERROR);
   tp->x.tp_error.tp_error_code = htons(errorcode);
-  pstrcpy((char *)tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg), msg);
+  slirp_pstrcpy((char *)tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg), 
msg);
 
   m->m_len = sizeof(struct tftp_t) - (TFTP_BLOCKSIZE_MAX + 2) + 3 + strlen(msg)
  - sizeof(struct udphdr);
diff --git a/slirp/util.c b/slirp/util.c
index 59f6713c8b..84f5afdbc3 100644
--- a/slirp/util.c
+++ b/slirp/util.c
@@ -188,3 +188,20 @@ int slirp_closesocket(int fd)
 return ret;
 }
 #endif /* WIN32 */
+
+void slirp_pstrcpy(char *buf, int buf_size, const char *str)
+{
+int c;
+char *q = buf;
+
+if (buf_size <= 0)
+return;
+
+for(;;) {
+c = *str++;
+if (c == 0 || q >= buf + buf_size - 1)
+break;
+*q++ = c;
+}
+*q = '\0';
+}
diff --git a/slirp/util.h b/slirp/util.h
index 4f6e80c3ed..586517bb30 100644
--- a/slirp/util.h
+++ b/slirp/util.h
@@ -91,4 +91,6 @@ static inline int slirp_socket_set_fast_reuse(int fd)
 #endif
 }
 
+void slirp_pstrcpy(char *buf, int buf_size, const char *str);
+
 #endif
-- 
2.20.1

[Qemu-devel] [PULLv3 04/32] slirp: generalize guestfwd with a callback based approach

[Samuel Thibault]

From: Marc-André Lureau 

Instead of calling into QEMU chardev directly, and mixing it with
slirp_add_exec() handling, add a new function slirp_add_guestfwd()
which takes a write callback.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 net/slirp.c  | 14 ++
 slirp/libslirp.h |  6 +-
 slirp/misc.c | 37 +++--
 slirp/misc.h | 15 +--
 slirp/slirp.c| 27 +++
 slirp/socket.h   |  4 +++-
 slirp/tcp_subr.c |  4 ++--
 7 files changed, 75 insertions(+), 32 deletions(-)

diff --git a/net/slirp.c b/net/slirp.c
index f98425ee9f..ec07f662c0 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -704,8 +704,8 @@ static int slirp_smb(SlirpState* s, const char 
*exported_dir,
  CONFIG_SMBD_COMMAND, s->smb_dir, smb_conf);
 g_free(smb_conf);
 
-if (slirp_add_exec(s->slirp, NULL, smb_cmdline, _addr, 139) < 0 ||
-slirp_add_exec(s->slirp, NULL, smb_cmdline, _addr, 445) < 0) {
+if (slirp_add_exec(s->slirp, smb_cmdline, _addr, 139) < 0 ||
+slirp_add_exec(s->slirp, smb_cmdline, _addr, 445) < 0) {
 slirp_smb_cleanup(s);
 g_free(smb_cmdline);
 error_setg(errp, "Conflicting/invalid smbserver address");
@@ -736,6 +736,11 @@ static void guestfwd_read(void *opaque, const uint8_t 
*buf, int size)
 slirp_socket_recv(fwd->slirp, fwd->server, fwd->port, buf, size);
 }
 
+static int guestfwd_write(const void *buf, size_t len, void *chr)
+{
+return qemu_chr_fe_write_all(chr, buf, len);
+}
+
 static int slirp_guestfwd(SlirpState *s, const char *config_str, Error **errp)
 {
 struct in_addr server = { .s_addr = 0 };
@@ -769,7 +774,7 @@ static int slirp_guestfwd(SlirpState *s, const char 
*config_str, Error **errp)
 snprintf(buf, sizeof(buf), "guestfwd.tcp.%d", port);
 
 if ((strlen(p) > 4) && !strncmp(p, "cmd:", 4)) {
-if (slirp_add_exec(s->slirp, NULL, [4], , port) < 0) {
+if (slirp_add_exec(s->slirp, [4], , port) < 0) {
 error_setg(errp, "Conflicting/invalid host:port in guest "
"forwarding rule '%s'", config_str);
 return -1;
@@ -796,7 +801,8 @@ static int slirp_guestfwd(SlirpState *s, const char 
*config_str, Error **errp)
 return -1;
 }
 
-if (slirp_add_exec(s->slirp, >hd, NULL, , port) < 0) {
+if (slirp_add_guestfwd(s->slirp, guestfwd_write, >hd,
+   , port) < 0) {
 error_setg(errp, "Conflicting/invalid host:port in guest "
"forwarding rule '%s'", config_str);
 g_free(fwd);
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index 4611a7447b..ea019828e8 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -5,6 +5,8 @@
 
 typedef struct Slirp Slirp;
 
+typedef int (*SlirpWriteCb)(const void *buf, size_t len, void *opaque);
+
 /*
  * Callbacks from slirp
  *
@@ -45,7 +47,9 @@ int slirp_add_hostfwd(Slirp *slirp, int is_udp,
   struct in_addr guest_addr, int guest_port);
 int slirp_remove_hostfwd(Slirp *slirp, int is_udp,
  struct in_addr host_addr, int host_port);
-int slirp_add_exec(Slirp *slirp, void *chardev, const char *cmdline,
+int slirp_add_exec(Slirp *slirp, const char *cmdline,
+   struct in_addr *guest_addr, int guest_port);
+int slirp_add_guestfwd(Slirp *slirp, SlirpWriteCb write_cb, void *opaque,
struct in_addr *guest_addr, int guest_port);
 
 char *slirp_connection_info(Slirp *slirp);
diff --git a/slirp/misc.c b/slirp/misc.c
index eae9596a55..b8a2bf971a 100644
--- a/slirp/misc.c
+++ b/slirp/misc.c
@@ -32,24 +32,33 @@ remque(void *a)
   element->qh_rlink = NULL;
 }
 
-int add_exec(struct gfwd_list **ex_ptr, void *chardev, const char *cmdline,
+struct gfwd_list *
+add_guestfwd(struct gfwd_list **ex_ptr,
+ SlirpWriteCb write_cb, void *opaque,
  struct in_addr addr, int port)
 {
-   struct gfwd_list *tmp_ptr;
-
-   tmp_ptr = *ex_ptr;
-   *ex_ptr = g_new0(struct gfwd_list, 1);
-   (*ex_ptr)->ex_fport = port;
-   (*ex_ptr)->ex_addr = addr;
-   if (chardev) {
-   (*ex_ptr)->ex_chardev = chardev;
-   } else {
-   (*ex_ptr)->ex_exec = g_strdup(cmdline);
-   }
-   (*ex_ptr)->ex_next = tmp_ptr;
-   return 0;
+struct gfwd_list *f = g_new0(struct gfwd_list, 1);
+
+f->write_cb = write_cb;
+f->opaque = opaque;
+f->ex_fport = port;
+f->ex_addr = addr;
+f->ex_next = *ex_ptr;
+*ex_ptr = f;
+
+return f;
 }
 
+struct gfwd_list *
+add_exec(struct gfwd_list **ex_ptr, const char *cmdline,
+ struct in_addr addr, int port)
+{
+struct gfwd_list *f = add_guestfwd(ex_ptr, NULL, NULL, addr, port);
+
+f->ex_exec = g_strdup(cmdline);
+
+return f;
+}
 
 static int
 slirp_socketpair_with_oob(int sv[2])
diff --git a/slirp/misc.h b/slirp/misc.h
index 1df707c052..c2ceadb591 100644

[Qemu-devel] [PULLv3 32/32] slirp: API is extern C

[Samuel Thibault]

From: Marc-André Lureau 

Make it possible to use headers easily with C++ projects.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/libslirp.h | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index 9b13d8250c..fccab42518 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -12,6 +12,10 @@
 #include 
 #endif
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 typedef struct Slirp Slirp;
 
 enum {
@@ -96,5 +100,8 @@ void slirp_socket_recv(Slirp *slirp, struct in_addr 
guest_addr,
int guest_port, const uint8_t *buf, int size);
 size_t slirp_socket_can_recv(Slirp *slirp, struct in_addr guest_addr,
  int guest_port);
-
+#ifdef __cplusplus
+} /* extern "C" */
 #endif
+
+#endif /* LIBSLIRP_H */
-- 
2.20.1

[Qemu-devel] [PULLv3 08/32] slirp: add callbacks for timer

[Samuel Thibault]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 net/slirp.c  | 21 +
 slirp/ip6_icmp.c | 16 +++-
 slirp/libslirp.h | 14 +++---
 slirp/slirp.h|  2 +-
 4 files changed, 40 insertions(+), 13 deletions(-)

diff --git a/net/slirp.c b/net/slirp.c
index 0b15f427f5..c24a779425 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -168,10 +168,31 @@ static int64_t net_slirp_clock_get_ns(void)
 return qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
 }
 
+static void *net_slirp_timer_new(SlirpTimerCb cb, void *opaque)
+{
+return timer_new_full(NULL, QEMU_CLOCK_VIRTUAL,
+  SCALE_MS, QEMU_TIMER_ATTR_EXTERNAL,
+  cb, opaque);
+}
+
+static void net_slirp_timer_free(void *timer)
+{
+timer_del(timer);
+timer_free(timer);
+}
+
+static void net_slirp_timer_mod(void *timer, int64_t expire_timer)
+{
+timer_mod(timer, expire_timer);
+}
+
 static const SlirpCb slirp_cb = {
 .output = net_slirp_output,
 .guest_error = net_slirp_guest_error,
 .clock_get_ns = net_slirp_clock_get_ns,
+.timer_new = net_slirp_timer_new,
+.timer_free = net_slirp_timer_free,
+.timer_mod = net_slirp_timer_mod,
 };
 
 static int net_slirp_init(NetClientState *peer, const char *model,
diff --git a/slirp/ip6_icmp.c b/slirp/ip6_icmp.c
index 5261baae27..e72c57a81d 100644
--- a/slirp/ip6_icmp.c
+++ b/slirp/ip6_icmp.c
@@ -16,8 +16,9 @@
 static void ra_timer_handler(void *opaque)
 {
 Slirp *slirp = opaque;
-timer_mod(slirp->ra_timer,
-  slirp->cb->clock_get_ns() / SCALE_MS + NDP_Interval);
+
+slirp->cb->timer_mod(slirp->ra_timer,
+ slirp->cb->clock_get_ns() / SCALE_MS + NDP_Interval);
 ndp_send_ra(slirp);
 }
 
@@ -27,11 +28,9 @@ void icmp6_init(Slirp *slirp)
 return;
 }
 
-slirp->ra_timer = timer_new_full(NULL, QEMU_CLOCK_VIRTUAL,
- SCALE_MS, QEMU_TIMER_ATTR_EXTERNAL,
- ra_timer_handler, slirp);
-timer_mod(slirp->ra_timer,
-  slirp->cb->clock_get_ns() / SCALE_MS + NDP_Interval);
+slirp->ra_timer = slirp->cb->timer_new(ra_timer_handler, slirp);
+slirp->cb->timer_mod(slirp->ra_timer,
+ slirp->cb->clock_get_ns() / SCALE_MS + NDP_Interval);
 }
 
 void icmp6_cleanup(Slirp *slirp)
@@ -40,8 +39,7 @@ void icmp6_cleanup(Slirp *slirp)
 return;
 }
 
-timer_del(slirp->ra_timer);
-timer_free(slirp->ra_timer);
+slirp->cb->timer_free(slirp->ra_timer);
 }
 
 static void icmp6_send_echoreply(struct mbuf *m, Slirp *slirp, struct ip6 *ip,
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index ea019828e8..3e75dadfa3 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -6,19 +6,27 @@
 typedef struct Slirp Slirp;
 
 typedef int (*SlirpWriteCb)(const void *buf, size_t len, void *opaque);
+typedef void (*SlirpTimerCb)(void *opaque);
 
 /*
  * Callbacks from slirp
- *
- * The opaque parameter comes from the opaque parameter given to slirp_init().
  */
 typedef struct SlirpCb {
-/* Send an ethernet frame to the guest network.  */
+/*
+ * Send an ethernet frame to the guest network. The opaque parameter
+ * is the one given to slirp_init().
+ */
 void (*output)(void *opaque, const uint8_t *pkt, int pkt_len);
 /* Print a message for an error due to guest misbehavior.  */
 void (*guest_error)(const char *msg);
 /* Return the virtual clock value in nanoseconds */
 int64_t (*clock_get_ns)(void);
+/* Create a new timer with the given callback and opaque data */
+void *(*timer_new)(SlirpTimerCb cb, void *opaque);
+/* Remove and free a timer */
+void (*timer_free)(void *timer);
+/* Modify a timer to expire at @expire_time */
+void (*timer_mod)(void *timer, int64_t expire_time);
 } SlirpCb;
 
 
diff --git a/slirp/slirp.h b/slirp/slirp.h
index 9aa245715d..17056f4b83 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -193,7 +193,7 @@ struct Slirp {
 NdpTable ndp_table;
 
 GRand *grand;
-QEMUTimer *ra_timer;
+void *ra_timer;
 
 const SlirpCb *cb;
 void *opaque;
-- 
2.20.1

[Qemu-devel] [PATCH v2 6/6] tests/tcg/aarch64: userspace system register test

[Alex Bennée]

This tests a bunch of registers that the kernel allows userspace to
read including the CPUID registers.

Signed-off-by: Alex Bennée 

---
v4
  - also test for extra bits that shouldn't be exposed
v5
  - work around missing HWCAP_CPUID on older compilers
  - add more registers to test and some aarch32 regs
  - add more details commentary
  - fix up the masks (add a helper to help keep track)
  - add copyright header
---
 tests/tcg/aarch64/Makefile.target |   4 +-
 tests/tcg/aarch64/sysregs.c   | 172 ++
 2 files changed, 175 insertions(+), 1 deletion(-)
 create mode 100644 tests/tcg/aarch64/sysregs.c

diff --git a/tests/tcg/aarch64/Makefile.target 
b/tests/tcg/aarch64/Makefile.target
index 08c45b8470..fb40896e7b 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -7,11 +7,13 @@ VPATH += $(AARCH64_SRC)
 
 # we don't build any of the ARM tests
 AARCH64_TESTS=$(filter-out $(ARM_TESTS), $(TESTS))
-AARCH64_TESTS+=fcvt
+AARCH64_TESTS+=fcvt sysregs
 TESTS:=$(AARCH64_TESTS)
 
 fcvt: LDFLAGS+=-lm
 
+sysregs: CFLAGS+=-march=armv8.1-a+sve
+
 run-fcvt: fcvt
$(call run-test,$<,$(QEMU) $<, "$< on $(TARGET_NAME)")
$(call diff-out,$<,$(AARCH64_SRC)/fcvt.ref)
diff --git a/tests/tcg/aarch64/sysregs.c b/tests/tcg/aarch64/sysregs.c
new file mode 100644
index 00..40cf8d2877
--- /dev/null
+++ b/tests/tcg/aarch64/sysregs.c
@@ -0,0 +1,172 @@
+/*
+ * Check emulated system register access for linux-user mode.
+ *
+ * See: 
https://www.kernel.org/doc/Documentation/arm64/cpu-feature-registers.txt
+ *
+ * Copyright (c) 2019 Linaro
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#ifndef HWCAP_CPUID
+#define HWCAP_CPUID (1 << 11)
+#endif
+
+int failed_bit_count;
+
+/* Read and print system register `id' value */
+#define get_cpu_reg(id) ({  \
+unsigned long __val = 0xdeadbeef;   \
+asm("mrs %0, "#id : "=r" (__val));  \
+printf("%-20s: 0x%016lx\n", #id, __val);\
+__val;   \
+})
+
+/* As above but also check no bits outside of `mask' are set*/
+#define get_cpu_reg_check_mask(id, mask) ({ \
+unsigned long __cval = get_cpu_reg(id); \
+unsigned long __extra = __cval & ~mask; \
+if (__extra) {  \
+printf("%-20s: 0x%016lx\n", "  !!extra bits!!", __extra);   \
+failed_bit_count++;\
+}   \
+})
+
+/* As above but check RAZ */
+#define get_cpu_reg_check_zero(id) ({   \
+unsigned long __val = 0xdeadbeef;   \
+asm("mrs %0, "#id : "=r" (__val));  \
+if (__val) {\
+printf("%-20s: 0x%016lx (not RAZ!)\n", #id, __val);\
+failed_bit_count++;\
+}   \
+})
+
+/* Chunk up mask into 63:48, 47:32, 31:16, 15:0 to ease counting */
+#define _m(a, b, c, d) (0x ## a ## b ## c ## d ##ULL)
+
+bool should_fail;
+int should_fail_count;
+int should_not_fail_count;
+uintptr_t failed_pc[10];
+
+void sigill_handler(int signo, siginfo_t *si, void *data)
+{
+ucontext_t *uc = (ucontext_t *)data;
+
+if (should_fail) {
+should_fail_count++;
+} else {
+uintptr_t pc = (uintptr_t) uc->uc_mcontext.pc;
+failed_pc[should_not_fail_count++] =  pc;
+}
+uc->uc_mcontext.pc += 4;
+}
+
+int main(void)
+{
+struct sigaction sa;
+
+/* Hook in a SIGILL handler */
+memset(, 0, sizeof(struct sigaction));
+sa.sa_flags = SA_SIGINFO;
+sa.sa_sigaction = _handler;
+sigemptyset(_mask);
+
+if (sigaction(SIGILL, , 0) != 0) {
+perror("sigaction");
+return 1;
+}
+
+/* Counter values have been exposed since Linux 4.12 */
+printf("Checking Counter registers\n");
+
+get_cpu_reg(ctr_el0);
+get_cpu_reg(cntvct_el0);
+get_cpu_reg(cntfrq_el0);
+
+/* HWCAP_CPUID indicates we can read feature registers, since Linux 4.11 */
+if (!(getauxval(AT_HWCAP) & HWCAP_CPUID)) {
+printf("CPUID registers unavailable\n");
+return 1;
+} else {
+printf("Checking CPUID registers\n");
+}
+
+/*
+ * Some registers only expose some bits to user-space. Anything
+ * that is IMPDEF is exported as 0 to user-space. The _mask checks
+ * assert no extra bits are set.
+ *
+ * This check is 

[Qemu-devel] [PULLv3 17/32] slirp: improve windows headers inclusion

[Samuel Thibault]

From: Marc-André Lureau 

Our API usage requires Vista, set WIN32_LEAN_AND_MEAN to fix a number
of issues (winsock2.h include order for ex, which is better to include
first for legacy reasons).

While at it, group redundants #ifndef _WIN32 blocks.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/slirp.h | 22 +++---
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/slirp/slirp.h b/slirp/slirp.h
index 8d9d72ca9d..5a830ddcb8 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -3,10 +3,19 @@
 
 #ifdef _WIN32
 
+/* as defined in sdkddkver.h */
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0600 /* Vista */
+#endif
+/* reduces the number of implicitly included headers */
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+
 typedef char *caddr_t;
 
-# include 
 # include 
+# include 
 # include 
 # include 
 # include 
@@ -19,19 +28,10 @@ typedef char *caddr_t;
 
 #ifndef _WIN32
 #include 
-#endif
-
-#ifndef _WIN32
 #include 
 #include 
-#endif
-
-#ifndef _WIN32
 #include 
-#endif
-
-#ifndef _WIN32
-# include 
+#include 
 #endif
 
 #ifdef __APPLE__
-- 
2.20.1

[Qemu-devel] [PULLv3 01/32] slirp: Avoid unaligned 16bit memory access

[Samuel Thibault]

pkt parameter may be unaligned, so we must access it byte-wise.

This fixes sparc64 host SIGBUS during pxe boot.

Signed-off-by: Samuel Thibault 
Reviewed-by: Richard Henderson 
---
 slirp/slirp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/slirp/slirp.c b/slirp/slirp.c
index a9674ab090..739f364770 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -829,7 +829,7 @@ void slirp_input(Slirp *slirp, const uint8_t *pkt, int 
pkt_len)
 if (pkt_len < ETH_HLEN)
 return;
 
-proto = ntohs(*(uint16_t *)(pkt + 12));
+proto = (((uint16_t) pkt[12]) << 8) + pkt[13];
 switch(proto) {
 case ETH_P_ARP:
 arp_input(slirp, pkt, pkt_len);
-- 
2.20.1

[Qemu-devel] [PATCH v2 4/6] target/arm: expose remaining CPUID registers as RAZ

[Alex Bennée]

There are a whole bunch more registers in the CPUID space which are
currently not used but are exposed as RAZ. To avoid too much
duplication we expand ARMCPRegUserSpaceInfo to understand glob
patterns so we only need one entry to tweak whole ranges of registers.

Signed-off-by: Alex Bennée 
---
 target/arm/cpu.h|  3 +++
 target/arm/helper.c | 26 +++---
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 354df22102..ae8ccc7dec 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2459,6 +2459,9 @@ typedef struct ARMCPRegUserSpaceInfo {
 /* Name of register */
 const char *name;
 
+/* Is the name actually a glob pattern */
+bool is_glob;
+
 /* Only some bits are exported to user space */
 uint64_t exported_bits;
 
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f2f868ff92..e999da165b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6103,19 +6103,27 @@ void register_cp_regs_for_features(ARMCPU *cpu)
   .fixed_bits= 0x0011 },
 { .name = "ID_AA64PFR1_EL1",
   .exported_bits = 0x00f0 },
+{ .name = "ID_AA64PFR*_EL1_RESERVED",
+  .is_glob = true },
 { .name = "ID_AA64ZFR0_EL1"   },
 { .name = "ID_AA64MMFR0_EL1",
   .fixed_bits= 0xff00 },
 { .name = "ID_AA64MMFR1_EL1"  },
+{ .name = "ID_AA64MMFR*_EL1_RESERVED",
+  .is_glob = true },
 { .name = "ID_AA64DFR0_EL1",
   .fixed_bits= 0x0006 },
 { .name = "ID_AA64DFR1_EL1"   },
-{ .name = "ID_AA64AFR0_EL1"   },
-{ .name = "ID_AA64AFR1_EL1"   },
+{ .name = "ID_AA64DFR*_EL1_RESERVED",
+  .is_glob = true },
+{ .name = "ID_AA64AFR*",
+  .is_glob = true },
 { .name = "ID_AA64ISAR0_EL1",
   .exported_bits = 0x00fff0f0 },
 { .name = "ID_AA64ISAR1_EL1",
   .exported_bits = 0x00f0 },
+{ .name = "ID_AA64ISAR*_EL1_RESERVED",
+  .is_glob = true },
 REGUSERINFO_SENTINEL
 };
 modify_arm_cp_regs(v8_idregs, v8_user_idregs);
@@ -7014,8 +7022,17 @@ void modify_arm_cp_regs(ARMCPRegInfo *regs, const 
ARMCPRegUserSpaceInfo *mods)
 ARMCPRegInfo *r;
 
 for (m = mods; m->name; m++) {
+GPatternSpec *pat = NULL;
+if (m->is_glob) {
+pat = g_pattern_spec_new(m->name);
+}
 for (r = regs; r->type != ARM_CP_SENTINEL; r++) {
-if (strcmp(r->name, m->name) == 0) {
+if (pat && g_pattern_match_string(pat, r->name)) {
+r->type = ARM_CP_CONST;
+r->access = PL0U_R;
+r->resetvalue = 0;
+/* continue */
+} else if (strcmp(r->name, m->name) == 0) {
 r->type = ARM_CP_CONST;
 r->access = PL0U_R;
 r->resetvalue &= m->exported_bits;
@@ -7023,6 +7040,9 @@ void modify_arm_cp_regs(ARMCPRegInfo *regs, const 
ARMCPRegUserSpaceInfo *mods)
 break;
 }
 }
+if (pat) {
+g_pattern_spec_free(pat);
+}
 }
 }
 
-- 
2.20.1

[Qemu-devel] [PULLv3 27/32] slirp: improve send_packet() callback

[Samuel Thibault]

From: Marc-André Lureau 

Use a more descriptive name for the callback.

Reuse the SlirpWriteCb type. Wrap it to check that all data has been written.

Return a ssize_t for potential error handling and data-loss reporting.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 include/net/net.h |  2 +-
 net/net.c |  4 ++--
 net/slirp.c   |  9 +
 slirp/libslirp.h  | 11 +++
 slirp/ncsi.c  |  2 +-
 slirp/slirp.c | 17 ++---
 slirp/slirp.h |  2 ++
 7 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/include/net/net.h b/include/net/net.h
index 643295d163..075cc01267 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -146,7 +146,7 @@ ssize_t qemu_sendv_packet(NetClientState *nc, const struct 
iovec *iov,
   int iovcnt);
 ssize_t qemu_sendv_packet_async(NetClientState *nc, const struct iovec *iov,
 int iovcnt, NetPacketSent *sent_cb);
-void qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size);
+ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size);
 ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size);
 ssize_t qemu_send_packet_async(NetClientState *nc, const uint8_t *buf,
int size, NetPacketSent *sent_cb);
diff --git a/net/net.c b/net/net.c
index 3acbdccd61..5dcff7fe2a 100644
--- a/net/net.c
+++ b/net/net.c
@@ -668,9 +668,9 @@ ssize_t qemu_send_packet_async(NetClientState *sender,
  buf, size, sent_cb);
 }
 
-void qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size)
+ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size)
 {
-qemu_send_packet_async(nc, buf, size, NULL);
+return qemu_send_packet_async(nc, buf, size, NULL);
 }
 
 ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size)
diff --git a/net/slirp.c b/net/slirp.c
index 7b4f9f5c5e..664ff1c002 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -108,11 +108,12 @@ static void slirp_smb_cleanup(SlirpState *s);
 static inline void slirp_smb_cleanup(SlirpState *s) { }
 #endif
 
-static void net_slirp_output(void *opaque, const uint8_t *pkt, int pkt_len)
+static ssize_t net_slirp_send_packet(const void *pkt, size_t pkt_len,
+ void *opaque)
 {
 SlirpState *s = opaque;
 
-qemu_send_packet(>nc, pkt, pkt_len);
+return qemu_send_packet(>nc, pkt, pkt_len);
 }
 
 static ssize_t net_slirp_receive(NetClientState *nc, const uint8_t *buf, 
size_t size)
@@ -197,7 +198,7 @@ static void net_slirp_unregister_poll_fd(int fd)
 }
 
 static const SlirpCb slirp_cb = {
-.output = net_slirp_output,
+.send_packet = net_slirp_send_packet,
 .guest_error = net_slirp_guest_error,
 .clock_get_ns = net_slirp_clock_get_ns,
 .timer_new = net_slirp_timer_new,
@@ -780,7 +781,7 @@ static void guestfwd_read(void *opaque, const uint8_t *buf, 
int size)
 slirp_socket_recv(fwd->slirp, fwd->server, fwd->port, buf, size);
 }
 
-static int guestfwd_write(const void *buf, size_t len, void *chr)
+static ssize_t guestfwd_write(const void *buf, size_t len, void *chr)
 {
 return qemu_chr_fe_write_all(chr, buf, len);
 }
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index 02cbec9f8b..8e5d4ed11b 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -15,7 +15,7 @@
 
 typedef struct Slirp Slirp;
 
-typedef int (*SlirpWriteCb)(const void *buf, size_t len, void *opaque);
+typedef ssize_t (*SlirpWriteCb)(const void *buf, size_t len, void *opaque);
 typedef void (*SlirpTimerCb)(void *opaque);
 
 /*
@@ -23,10 +23,13 @@ typedef void (*SlirpTimerCb)(void *opaque);
  */
 typedef struct SlirpCb {
 /*
- * Send an ethernet frame to the guest network. The opaque parameter
- * is the one given to slirp_init().
+ * Send an ethernet frame to the guest network. The opaque
+ * parameter is the one given to slirp_init(). The function
+ * doesn't need to send all the data and may return cb->output(slirp->opaque, ncsi_reply, ETH_HLEN + ncsi_rsp_len);
+slirp_send_packet_all(slirp, ncsi_reply, ETH_HLEN + ncsi_rsp_len);
 }
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 3304c83001..60cd8249bf 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -800,7 +800,7 @@ static void arp_input(Slirp *slirp, const uint8_t *pkt, int 
pkt_len)
 rah->ar_sip = ah->ar_tip;
 memcpy(rah->ar_tha, ah->ar_sha, ETH_ALEN);
 rah->ar_tip = ah->ar_sip;
-slirp->cb->output(slirp->opaque, arp_reply, sizeof(arp_reply));
+slirp_send_packet_all(slirp, arp_reply, sizeof(arp_reply));
 }
 break;
 case ARPOP_REPLY:
@@ -900,7 +900,7 @@ static int if_encap4(Slirp *slirp, struct mbuf *ifm, struct 
ethhdr *eh,
 /* target IP */
 rah->ar_tip = iph->ip_dst.s_addr;
 slirp->client_ipaddr = iph->ip_dst;
-

[Qemu-devel] [PULLv3 30/32] slirp: use polling callbacks, drop glib requirement

[Samuel Thibault]

From: Marc-André Lureau 

It would be legitimate to use libslirp without glib. Let's
add_poll/get_revents pair of callbacks to provide the same
functionality.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 net/slirp.c  | 72 ++--
 slirp/libslirp.h | 17 ++--
 slirp/slirp.c| 72 +---
 3 files changed, 109 insertions(+), 52 deletions(-)

diff --git a/net/slirp.c b/net/slirp.c
index 4d55f64168..a85e42ff43 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -211,6 +211,71 @@ static const SlirpCb slirp_cb = {
 .notify = qemu_notify_event,
 };
 
+static int slirp_poll_to_gio(int events)
+{
+int ret = 0;
+
+if (events & SLIRP_POLL_IN) {
+ret |= G_IO_IN;
+}
+if (events & SLIRP_POLL_OUT) {
+ret |= G_IO_OUT;
+}
+if (events & SLIRP_POLL_PRI) {
+ret |= G_IO_PRI;
+}
+if (events & SLIRP_POLL_ERR) {
+ret |= G_IO_ERR;
+}
+if (events & SLIRP_POLL_HUP) {
+ret |= G_IO_HUP;
+}
+
+return ret;
+}
+
+static int net_slirp_add_poll(int fd, int events, void *opaque)
+{
+GArray *pollfds = opaque;
+GPollFD pfd = {
+.fd = fd,
+.events = slirp_poll_to_gio(events),
+};
+int idx = pollfds->len;
+g_array_append_val(pollfds, pfd);
+return idx;
+}
+
+static int slirp_gio_to_poll(int events)
+{
+int ret = 0;
+
+if (events & G_IO_IN) {
+ret |= SLIRP_POLL_IN;
+}
+if (events & G_IO_OUT) {
+ret |= SLIRP_POLL_OUT;
+}
+if (events & G_IO_PRI) {
+ret |= SLIRP_POLL_PRI;
+}
+if (events & G_IO_ERR) {
+ret |= SLIRP_POLL_ERR;
+}
+if (events & G_IO_HUP) {
+ret |= SLIRP_POLL_HUP;
+}
+
+return ret;
+}
+
+static int net_slirp_get_revents(int idx, void *opaque)
+{
+GArray *pollfds = opaque;
+
+return slirp_gio_to_poll(g_array_index(pollfds, GPollFD, idx).revents);
+}
+
 static void net_slirp_poll_notify(Notifier *notifier, void *data)
 {
 MainLoopPoll *poll = data;
@@ -218,12 +283,13 @@ static void net_slirp_poll_notify(Notifier *notifier, 
void *data)
 
 switch (poll->state) {
 case MAIN_LOOP_POLL_FILL:
-slirp_pollfds_fill(s->slirp, poll->pollfds, >timeout);
+slirp_pollfds_fill(s->slirp, >timeout,
+   net_slirp_add_poll, poll->pollfds);
 break;
 case MAIN_LOOP_POLL_OK:
 case MAIN_LOOP_POLL_ERR:
-slirp_pollfds_poll(s->slirp, poll->pollfds,
-   poll->state == MAIN_LOOP_POLL_ERR);
+slirp_pollfds_poll(s->slirp, poll->state == MAIN_LOOP_POLL_ERR,
+   net_slirp_get_revents, poll->pollfds);
 break;
 default:
 g_assert_not_reached();
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index 18d5fb0133..b5c1b2122b 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -1,7 +1,6 @@
 #ifndef LIBSLIRP_H
 #define LIBSLIRP_H
 
-#include 
 #include 
 #include 
 
@@ -15,8 +14,18 @@
 
 typedef struct Slirp Slirp;
 
+enum {
+SLIRP_POLL_IN  = 1 << 0,
+SLIRP_POLL_OUT = 1 << 1,
+SLIRP_POLL_PRI = 1 << 2,
+SLIRP_POLL_ERR = 1 << 3,
+SLIRP_POLL_HUP = 1 << 4,
+};
+
 typedef ssize_t (*SlirpWriteCb)(const void *buf, size_t len, void *opaque);
 typedef void (*SlirpTimerCb)(void *opaque);
+typedef int (*SlirpAddPollCb)(int fd, int events, void *opaque);
+typedef int (*SlirpGetREventsCb)(int idx, void *opaque);
 
 /*
  * Callbacks from slirp
@@ -63,9 +72,11 @@ Slirp *slirp_init(int restricted, bool in_enabled, struct 
in_addr vnetwork,
   void *opaque);
 void slirp_cleanup(Slirp *slirp);
 
-void slirp_pollfds_fill(Slirp *slirp, GArray *pollfds, uint32_t *timeout);
+void slirp_pollfds_fill(Slirp *slirp, uint32_t *timeout,
+SlirpAddPollCb add_poll, void *opaque);
 
-void slirp_pollfds_poll(Slirp *slirp, GArray *pollfds, int select_error);
+void slirp_pollfds_poll(Slirp *slirp, int select_error,
+SlirpGetREventsCb get_revents, void *opaque);
 
 void slirp_input(Slirp *slirp, const uint8_t *pkt, int pkt_len);
 
diff --git a/slirp/slirp.c b/slirp/slirp.c
index ecbb5c5b6c..04886d05fd 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -386,7 +386,8 @@ static void slirp_update_timeout(Slirp *slirp, uint32_t 
*timeout)
 *timeout = t;
 }
 
-void slirp_pollfds_fill(Slirp *slirp, GArray *pollfds, uint32_t *timeout)
+void slirp_pollfds_fill(Slirp *slirp, uint32_t *timeout,
+SlirpAddPollCb add_poll, void *opaque)
 {
 struct socket *so, *so_next;
 
@@ -428,12 +429,8 @@ void slirp_pollfds_fill(Slirp *slirp, GArray *pollfds, 
uint32_t *timeout)
  * Set for reading sockets which are accepting
  */
 if (so->so_state & SS_FACCEPTCONN) {
-GPollFD pfd = {
-.fd = so->s,
-.events = G_IO_IN | G_IO_HUP | G_IO_ERR,
-};
-

[Qemu-devel] [PULLv3 02/32] slirp: Avoid marking naturally packed structs as QEMU_PACKED

[Samuel Thibault]

From: Peter Maydell 

Various ipv6 structs in the slirp headers are marked QEMU_PACKED,
but they are actually naturally aligned and will have no padding
in them. Instead of marking them with the 'packed' attribute,
assert at compile time that they are the size we expect. This
allows us to take the address of fields within the structs
without risking undefined behaviour, and suppresses clang
-Waddress-of-packed-member warnings.

Signed-off-by: Peter Maydell 
Reviewed-by: Eric Blake 
Signed-off-by: Samuel Thibault 
---
 slirp/ip6.h  | 12 ++--
 slirp/ip6_icmp.h | 20 +++-
 2 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/slirp/ip6.h b/slirp/ip6.h
index 14e9c78735..1e3e329ce6 100644
--- a/slirp/ip6.h
+++ b/slirp/ip6.h
@@ -133,7 +133,7 @@ struct ip6 {
 uint8_t ip_nh;   /* next header */
 uint8_t ip_hl;   /* hop limit */
 struct in6_addr ip_src, ip_dst;  /* source and dest address */
-} QEMU_PACKED;
+};
 
 /*
  * IPv6 pseudo-header used by upper-layer protocols
@@ -145,7 +145,15 @@ struct ip6_pseudohdr {
 uint16_tih_zero_hi;   /* zero */
 uint8_t ih_zero_lo;   /* zero */
 uint8_t ih_nh;/* next header */
-} QEMU_PACKED;
+};
 
+/*
+ * We don't want to mark these ip6 structs as packed as they are naturally
+ * correctly aligned; instead assert that there is no stray padding.
+ * If we marked the struct as packed then we would be unable to take
+ * the address of any of the fields in it.
+ */
+QEMU_BUILD_BUG_ON(sizeof(struct ip6) != 40);
+QEMU_BUILD_BUG_ON(sizeof(struct ip6_pseudohdr) != 40);
 
 #endif
diff --git a/slirp/ip6_icmp.h b/slirp/ip6_icmp.h
index 32b0914055..2ad2b75e67 100644
--- a/slirp/ip6_icmp.h
+++ b/slirp/ip6_icmp.h
@@ -48,12 +48,16 @@ struct ndp_ra { /* Router Advertisement Message */
 uint16_t lifetime;  /* Router Lifetime */
 uint32_t reach_time;/* Reachable Time */
 uint32_t retrans_time;  /* Retrans Timer */
-} QEMU_PACKED;
+};
+
+QEMU_BUILD_BUG_ON(sizeof(struct ndp_ra) != 12);
 
 struct ndp_ns { /* Neighbor Solicitation Message */
 uint32_t reserved;
 struct in6_addr target; /* Target Address */
-} QEMU_PACKED;
+};
+
+QEMU_BUILD_BUG_ON(sizeof(struct ndp_ns) != 20);
 
 struct ndp_na { /* Neighbor Advertisement Message */
 #if G_BYTE_ORDER == G_BIG_ENDIAN
@@ -72,13 +76,17 @@ struct ndp_na { /* Neighbor Advertisement Message */
 reserved_lo:24;
 #endif
 struct in6_addr target; /* Target Address */
-} QEMU_PACKED;
+};
+
+QEMU_BUILD_BUG_ON(sizeof(struct ndp_na) != 20);
 
 struct ndp_redirect {
 uint32_t reserved;
 struct in6_addr target; /* Target Address */
 struct in6_addr dest;   /* Destination Address */
-} QEMU_PACKED;
+};
+
+QEMU_BUILD_BUG_ON(sizeof(struct ndp_redirect) != 36);
 
 /*
  * Structure of an icmpv6 header.
@@ -103,7 +111,9 @@ struct icmp6 {
 #define icmp6_nns icmp6_body.ndp_ns
 #define icmp6_nna icmp6_body.ndp_na
 #define icmp6_redirect icmp6_body.ndp_redirect
-} QEMU_PACKED;
+};
+
+QEMU_BUILD_BUG_ON(sizeof(struct icmp6) != 40);
 
 #define ICMP6_MINLEN4
 #define ICMP6_ERROR_MINLEN  8
-- 
2.20.1

[Qemu-devel] [PATCH v2 1/6] target/arm: relax permission checks for HWCAP_CPUID registers

[Alex Bennée]

Although technically not visible to userspace the kernel does make
them visible via a trap and emulate ABI. We provide a new permission
mask (PL0U_R) which maps to PL0_R for CONFIG_USER builds and adjust
the minimum permission check accordingly.

Signed-off-by: Alex Bennée 
---
 target/arm/cpu.h| 12 
 target/arm/helper.c |  6 +-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index a68bcc9fed..1616632dcb 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -2211,6 +2211,18 @@ static inline bool cptype_valid(int cptype)
 #define PL0_R (0x02 | PL1_R)
 #define PL0_W (0x01 | PL1_W)
 
+/*
+ * For user-mode some registers are accessible to EL0 via a kernel
+ * trap-and-emulate ABI. In this case we define the read permissions
+ * as actually being PL0_R. However some bits of any given register
+ * may still be masked.
+ */
+#ifdef CONFIG_USER_ONLY
+#define PL0U_R PL0_R
+#else
+#define PL0U_R PL1_R
+#endif
+
 #define PL3_RW (PL3_R | PL3_W)
 #define PL2_RW (PL2_R | PL2_W)
 #define PL1_RW (PL1_R | PL1_W)
diff --git a/target/arm/helper.c b/target/arm/helper.c
index d070879894..5857c0ba96 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6851,7 +6851,11 @@ void define_one_arm_cp_reg_with_opaque(ARMCPU *cpu,
 if (r->state != ARM_CP_STATE_AA32) {
 int mask = 0;
 switch (r->opc1) {
-case 0: case 1: case 2:
+case 0:
+/* min_EL EL1, but some accessible to EL0 via kernel ABI */
+mask = PL0U_R | PL1_RW;
+break;
+case 1: case 2:
 /* min_EL EL1 */
 mask = PL1_RW;
 break;
-- 
2.20.1

[Qemu-devel] [PULLv3 21/32] slirp: replace net/eth.h inclusion with own defines

[Samuel Thibault]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/ip6.h   |  1 -
 slirp/slirp.h |  1 -
 slirp/util.h  | 10 ++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/slirp/ip6.h b/slirp/ip6.h
index 1e3e329ce6..4e7c366505 100644
--- a/slirp/ip6.h
+++ b/slirp/ip6.h
@@ -7,7 +7,6 @@
 #define SLIRP_IP6_H
 
 #include 
-#include "net/eth.h"
 
 #define ALLNODES_MULTICAST  { .s6_addr = \
 { 0xff, 0x02, 0x00, 0x00,\
diff --git a/slirp/slirp.h b/slirp/slirp.h
index 5707805be2..c9f9143801 100644
--- a/slirp/slirp.h
+++ b/slirp/slirp.h
@@ -48,7 +48,6 @@ typedef char *caddr_t;
 #include "util.h"
 
 #include "qemu/queue.h"
-#include "net/eth.h"
 
 #include "libslirp.h"
 #include "ip.h"
diff --git a/slirp/util.h b/slirp/util.h
index 4664e8159b..ef75804560 100644
--- a/slirp/util.h
+++ b/slirp/util.h
@@ -50,6 +50,16 @@
 
 #define SCALE_MS 100
 
+#define ETH_ALEN6
+#define ETH_HLEN14
+#define ETH_P_IP  (0x0800)  /* Internet Protocol packet  */
+#define ETH_P_ARP (0x0806)  /* Address Resolution packet */
+#define ETH_P_IPV6(0x86dd)
+#define ETH_P_VLAN(0x8100)
+#define ETH_P_DVLAN   (0x88a8)
+#define ETH_P_NCSI(0x88f8)
+#define ETH_P_UNKNOWN (0x)
+
 #ifdef _WIN32
 int slirp_closesocket(int fd);
 int slirp_ioctlsocket(int fd, int req, void *val);
-- 
2.20.1

[Qemu-devel] [PULLv3 23/32] slirp: replace QEMU_BUILD_BUG_ON with G_STATIC_ASSERT

[Samuel Thibault]

to remove another dependency on qemu.

Signed-off-by: Samuel Thibault 
Reviewed-by: Marc-André Lureau 
Reviewed-by: Richard Henderson 
Reviewed-by: Stefano Garzarella 
Reviewed-by: Alex Bennée 
---
 slirp/ip.h   |  4 ++--
 slirp/ip6.h  |  4 ++--
 slirp/ip6_icmp.h | 10 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/slirp/ip.h b/slirp/ip.h
index 2baeeb9a3a..73a4d2a3d2 100644
--- a/slirp/ip.h
+++ b/slirp/ip.h
@@ -229,8 +229,8 @@ struct  ipasfrag {
struct ip ipf_ip;
 };
 
-QEMU_BUILD_BUG_ON(offsetof(struct ipq, frag_link) !=
-  offsetof(struct ipasfrag, ipf_link));
+G_STATIC_ASSERT(offsetof(struct ipq, frag_link) ==
+offsetof(struct ipasfrag, ipf_link));
 
 #define ipf_off  ipf_ip.ip_off
 #define ipf_tos  ipf_ip.ip_tos
diff --git a/slirp/ip6.h b/slirp/ip6.h
index 4e7c366505..5361bd7449 100644
--- a/slirp/ip6.h
+++ b/slirp/ip6.h
@@ -152,7 +152,7 @@ struct ip6_pseudohdr {
  * If we marked the struct as packed then we would be unable to take
  * the address of any of the fields in it.
  */
-QEMU_BUILD_BUG_ON(sizeof(struct ip6) != 40);
-QEMU_BUILD_BUG_ON(sizeof(struct ip6_pseudohdr) != 40);
+G_STATIC_ASSERT(sizeof(struct ip6) == 40);
+G_STATIC_ASSERT(sizeof(struct ip6_pseudohdr) == 40);
 
 #endif
diff --git a/slirp/ip6_icmp.h b/slirp/ip6_icmp.h
index 3f44ed2f49..e8ed753db5 100644
--- a/slirp/ip6_icmp.h
+++ b/slirp/ip6_icmp.h
@@ -50,14 +50,14 @@ struct ndp_ra { /* Router Advertisement Message */
 uint32_t retrans_time;  /* Retrans Timer */
 };
 
-QEMU_BUILD_BUG_ON(sizeof(struct ndp_ra) != 12);
+G_STATIC_ASSERT(sizeof(struct ndp_ra) == 12);
 
 struct ndp_ns { /* Neighbor Solicitation Message */
 uint32_t reserved;
 struct in6_addr target; /* Target Address */
 };
 
-QEMU_BUILD_BUG_ON(sizeof(struct ndp_ns) != 20);
+G_STATIC_ASSERT(sizeof(struct ndp_ns) == 20);
 
 struct ndp_na { /* Neighbor Advertisement Message */
 #if G_BYTE_ORDER == G_BIG_ENDIAN
@@ -78,7 +78,7 @@ struct ndp_na { /* Neighbor Advertisement Message */
 struct in6_addr target; /* Target Address */
 };
 
-QEMU_BUILD_BUG_ON(sizeof(struct ndp_na) != 20);
+G_STATIC_ASSERT(sizeof(struct ndp_na) == 20);
 
 struct ndp_redirect {
 uint32_t reserved;
@@ -86,7 +86,7 @@ struct ndp_redirect {
 struct in6_addr dest;   /* Destination Address */
 };
 
-QEMU_BUILD_BUG_ON(sizeof(struct ndp_redirect) != 36);
+G_STATIC_ASSERT(sizeof(struct ndp_redirect) == 36);
 
 /*
  * Structure of an icmpv6 header.
@@ -113,7 +113,7 @@ struct icmp6 {
 #define icmp6_redirect icmp6_body.ndp_redirect
 };
 
-QEMU_BUILD_BUG_ON(sizeof(struct icmp6) != 40);
+G_STATIC_ASSERT(sizeof(struct icmp6) == 40);
 
 #define ICMP6_MINLEN4
 #define ICMP6_ERROR_MINLEN  8
-- 
2.20.1

[Qemu-devel] [PULLv3 13/32] slirp: add unregister_poll_fd() callback

[Samuel Thibault]

From: Marc-André Lureau 

Add a counter-part to register_poll_fd() for completeness.

(so far, register_poll_fd() is called only on struct socket fd)

Suggested-by: Paolo Bonzini 
Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 net/slirp.c  | 6 ++
 slirp/ip_icmp.c  | 1 +
 slirp/libslirp.h | 2 ++
 slirp/slirp.c| 3 ++-
 slirp/tcp_subr.c | 2 ++
 slirp/udp.c  | 1 +
 6 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/net/slirp.c b/net/slirp.c
index 6f756a4dcc..78ba96b63f 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -191,6 +191,11 @@ static void net_slirp_register_poll_fd(int fd)
 qemu_fd_register(fd);
 }
 
+static void net_slirp_unregister_poll_fd(int fd)
+{
+/* no qemu_fd_unregister */
+}
+
 static const SlirpCb slirp_cb = {
 .output = net_slirp_output,
 .guest_error = net_slirp_guest_error,
@@ -199,6 +204,7 @@ static const SlirpCb slirp_cb = {
 .timer_free = net_slirp_timer_free,
 .timer_mod = net_slirp_timer_mod,
 .register_poll_fd = net_slirp_register_poll_fd,
+.unregister_poll_fd = net_slirp_unregister_poll_fd,
 };
 
 static int net_slirp_init(NetClientState *peer, const char *model,
diff --git a/slirp/ip_icmp.c b/slirp/ip_icmp.c
index b59daa801d..19e247f773 100644
--- a/slirp/ip_icmp.c
+++ b/slirp/ip_icmp.c
@@ -114,6 +114,7 @@ static int icmp_send(struct socket *so, struct mbuf *m, int 
hlen)
 
 void icmp_detach(struct socket *so)
 {
+so->slirp->cb->unregister_poll_fd(so->s);
 slirp_closesocket(so->s);
 sofree(so);
 }
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index 70e99139bf..8ce69f0be3 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -29,6 +29,8 @@ typedef struct SlirpCb {
 void (*timer_mod)(void *timer, int64_t expire_time);
 /* Register a fd for future polling */
 void (*register_poll_fd)(int fd);
+/* Unregister a fd */
+void (*unregister_poll_fd)(int fd);
 } SlirpCb;
 
 
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 12677e5da7..f0bd59fd6f 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -1015,7 +1015,8 @@ int slirp_remove_hostfwd(Slirp *slirp, int is_udp, struct 
in_addr host_addr,
 getsockname(so->s, (struct sockaddr *), _len) == 0 &&
 addr.sin_addr.s_addr == host_addr.s_addr &&
 addr.sin_port == port) {
-close(so->s);
+so->slirp->cb->unregister_poll_fd(so->s);
+slirp_closesocket(so->s);
 sofree(so);
 return 0;
 }
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index 8087ffc047..d8846a33b0 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -337,6 +337,7 @@ tcp_close(struct tcpcb *tp)
/* clobber input socket cache if we're closing the cached connection */
if (so == slirp->tcp_last_so)
slirp->tcp_last_so = >tcb;
+   so->slirp->cb->unregister_poll_fd(so->s);
slirp_closesocket(so->s);
sbfree(>so_rcv);
sbfree(>so_snd);
@@ -498,6 +499,7 @@ void tcp_connect(struct socket *inso)
 /* Close the accept() socket, set right state */
 if (inso->so_state & SS_FACCEPTONCE) {
 /* If we only accept once, close the accept() socket */
+so->slirp->cb->unregister_poll_fd(so->s);
 slirp_closesocket(so->s);
 
 /* Don't select it yet, even though we have an FD */
diff --git a/slirp/udp.c b/slirp/udp.c
index 6c3fb9a29f..3915971b50 100644
--- a/slirp/udp.c
+++ b/slirp/udp.c
@@ -292,6 +292,7 @@ udp_attach(struct socket *so, unsigned short af)
 void
 udp_detach(struct socket *so)
 {
+   so->slirp->cb->unregister_poll_fd(so->s);
slirp_closesocket(so->s);
sofree(so);
 }
-- 
2.20.1

[Qemu-devel] [PULL 73/76] pc: Use hotplug_handler_(plug|unplug|unplug_request)

[Paolo Bonzini]

From: David Hildenbrand 

Let's avoid manually looking up the hotplug handler class. Use the
existing wrappers instead.

Signed-off-by: David Hildenbrand 
Message-Id: <20181212095707.19358-1-da...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/i386/pc.c | 30 --
 1 file changed, 8 insertions(+), 22 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 7d8f351..3889ecc 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -2122,7 +2122,6 @@ static void pc_memory_pre_plug(HotplugHandler 
*hotplug_dev, DeviceState *dev,
 static void pc_memory_plug(HotplugHandler *hotplug_dev,
DeviceState *dev, Error **errp)
 {
-HotplugHandlerClass *hhc;
 Error *local_err = NULL;
 PCMachineState *pcms = PC_MACHINE(hotplug_dev);
 bool is_nvdimm = object_dynamic_cast(OBJECT(dev), TYPE_NVDIMM);
@@ -2136,8 +2135,7 @@ static void pc_memory_plug(HotplugHandler *hotplug_dev,
 nvdimm_plug(>acpi_nvdimm_state);
 }
 
-hhc = HOTPLUG_HANDLER_GET_CLASS(pcms->acpi_dev);
-hhc->plug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _abort);
+hotplug_handler_plug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _abort);
 out:
 error_propagate(errp, local_err);
 }
@@ -2145,7 +2143,6 @@ out:
 static void pc_memory_unplug_request(HotplugHandler *hotplug_dev,
  DeviceState *dev, Error **errp)
 {
-HotplugHandlerClass *hhc;
 Error *local_err = NULL;
 PCMachineState *pcms = PC_MACHINE(hotplug_dev);
 
@@ -2166,9 +2163,8 @@ static void pc_memory_unplug_request(HotplugHandler 
*hotplug_dev,
 goto out;
 }
 
-hhc = HOTPLUG_HANDLER_GET_CLASS(pcms->acpi_dev);
-hhc->unplug_request(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _err);
-
+hotplug_handler_unplug_request(HOTPLUG_HANDLER(pcms->acpi_dev), dev,
+   _err);
 out:
 error_propagate(errp, local_err);
 }
@@ -2177,12 +2173,9 @@ static void pc_memory_unplug(HotplugHandler *hotplug_dev,
  DeviceState *dev, Error **errp)
 {
 PCMachineState *pcms = PC_MACHINE(hotplug_dev);
-HotplugHandlerClass *hhc;
 Error *local_err = NULL;
 
-hhc = HOTPLUG_HANDLER_GET_CLASS(pcms->acpi_dev);
-hhc->unplug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _err);
-
+hotplug_handler_unplug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _err);
 if (local_err) {
 goto out;
 }
@@ -2224,14 +2217,12 @@ static void pc_cpu_plug(HotplugHandler *hotplug_dev,
 DeviceState *dev, Error **errp)
 {
 CPUArchId *found_cpu;
-HotplugHandlerClass *hhc;
 Error *local_err = NULL;
 X86CPU *cpu = X86_CPU(dev);
 PCMachineState *pcms = PC_MACHINE(hotplug_dev);
 
 if (pcms->acpi_dev) {
-hhc = HOTPLUG_HANDLER_GET_CLASS(pcms->acpi_dev);
-hhc->plug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _err);
+hotplug_handler_plug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _err);
 if (local_err) {
 goto out;
 }
@@ -2255,7 +2246,6 @@ static void pc_cpu_unplug_request_cb(HotplugHandler 
*hotplug_dev,
  DeviceState *dev, Error **errp)
 {
 int idx = -1;
-HotplugHandlerClass *hhc;
 Error *local_err = NULL;
 X86CPU *cpu = X86_CPU(dev);
 PCMachineState *pcms = PC_MACHINE(hotplug_dev);
@@ -2272,9 +2262,8 @@ static void pc_cpu_unplug_request_cb(HotplugHandler 
*hotplug_dev,
 goto out;
 }
 
-hhc = HOTPLUG_HANDLER_GET_CLASS(pcms->acpi_dev);
-hhc->unplug_request(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _err);
-
+hotplug_handler_unplug_request(HOTPLUG_HANDLER(pcms->acpi_dev), dev,
+   _err);
 if (local_err) {
 goto out;
 }
@@ -2288,14 +2277,11 @@ static void pc_cpu_unplug_cb(HotplugHandler 
*hotplug_dev,
  DeviceState *dev, Error **errp)
 {
 CPUArchId *found_cpu;
-HotplugHandlerClass *hhc;
 Error *local_err = NULL;
 X86CPU *cpu = X86_CPU(dev);
 PCMachineState *pcms = PC_MACHINE(hotplug_dev);
 
-hhc = HOTPLUG_HANDLER_GET_CLASS(pcms->acpi_dev);
-hhc->unplug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _err);
-
+hotplug_handler_unplug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, _err);
 if (local_err) {
 goto out;
 }
-- 
1.8.3.1

[Qemu-devel] [PULLv3 29/32] slirp: remove slirp_instances list

[Samuel Thibault]

From: Marc-André Lureau 

Now that polling is done per-instance, we don't need a global list of
slirp instances.

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/slirp.c | 5 -
 1 file changed, 5 deletions(-)

diff --git a/slirp/slirp.c b/slirp/slirp.c
index a0de8b711c..ecbb5c5b6c 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -48,9 +48,6 @@ static const uint8_t special_ethaddr[ETH_ALEN] = {
 
 unsigned curtime;
 
-static QTAILQ_HEAD(, Slirp) slirp_instances =
-QTAILQ_HEAD_INITIALIZER(slirp_instances);
-
 static struct in_addr dns_addr;
 #ifndef _WIN32
 static struct in6_addr dns6_addr;
@@ -333,7 +330,6 @@ Slirp *slirp_init(int restricted, bool in_enabled, struct 
in_addr vnetwork,
 #ifdef WITH_QEMU
 slirp_state_register(slirp);
 #endif
-QTAILQ_INSERT_TAIL(_instances, slirp, entry);
 
 return slirp;
 }
@@ -348,7 +344,6 @@ void slirp_cleanup(Slirp *slirp)
 g_free(e);
 }
 
-QTAILQ_REMOVE(_instances, slirp, entry);
 #ifdef WITH_QEMU
 slirp_state_unregister(slirp);
 #endif
-- 
2.20.1

Re: [Qemu-devel] [Bug 1814343] [NEW] Initrd not loaded on riscv32

[Alistair Francis]

On Fri, Feb 1, 2019 at 3:26 PM Philippe Mathieu-Daudé  wrote:
>
> Hi Jonathan,
>
> On 2/1/19 11:06 PM, Jonathan Behrens wrote:
> > Public bug reported:
> >
> > I attempted to run qemu with a ram disk. However, when reading the
> > contents of the disk from within the VM I only get back zeros.
> >
> > I was able to trace the issue to a mismatch of expectations on line 93
> > of hw/riscv/virt.c. Specifically, when running in 32-bit mode the value
> > of kernel_entry is sign extended to 64-bits, but load_image_targphys
> > expects the start address to not be sign extended.
> >
> > Straw man patch (works for 32-bit but would probably break 64-bit VMs?):
> >
> > diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
> > index e7f0716fb6..32216f993c 100644
> > --- a/hw/riscv/virt.c
> > +++ b/hw/riscv/virt.c
> > @@ -90,7 +90,7 @@ static hwaddr load_initrd(const char *filename, uint64_t 
> > mem_size,
> >   * halfway into RAM, and for boards with 256MB of RAM or more we put
> >   * the initrd at 128MB.
> >   */
> > -*start = kernel_entry + MIN(mem_size / 2, 128 * MiB);
> > +*start = (kernel_entry & 0x) + MIN(mem_size / 2, 128 * MiB);
> >
> >  size = load_ramdisk(filename, *start, mem_size - *start);
> >  if (size == -1) {
> >
> >
> > Run command:
> >
> > $ qemu/build/riscv32-softmmu/qemu-system-riscv32 -machine virt -kernel
> > mykernel.elf -nographic -initrd payload
> >
> > Commit hash:
> >
> > 3a183e330dbd7dbcac3841737ac874979552cca2
> >
> > ** Affects: qemu
> >  Importance: Undecided
> >  Status: New
>
> I believe this is fixed by the following patch:
> "Ensure the kernel start address is correctly cast"
> https://lists.gnu.org/archive/html/qemu-devel/2019-01/msg06358.html
>
> Can you test it?
> If if works you can reply to it with a
> "Tested-by: Jonathan Behrens "
> to increases the odds it get merged ;)

Did you get a chance to test this Jonathan?

Alistair

>
> Thanks,
>
> Phil.
>

[Qemu-devel] [PULLv3 00/32] More work towards libslirp

[Samuel Thibault]

The following changes since commit 01a9a51ffaf4699827ea6425cb2b834a356e159d:

  Merge remote-tracking branch 'remotes/kraxel/tags/ui-20190205-pull-request' 
into staging (2019-02-05 14:01:29 +)

are available in the Git repository at:

  https://people.debian.org/~sthibault/qemu.git tags/samuel-thibault

for you to fetch changes up to 1e924479dce65a26a7432bf5920f89c1bf957d74:

  slirp: API is extern C (2019-02-05 20:27:27 +0200)


More work towards libslirp

Marc-André Lureau (27):
  slirp: generalize guestfwd with a callback based approach
  net/slirp: simplify checking for cmd: prefix
  net/slirp: free forwarding rules on cleanup
  net/slirp: fix leaks on forwarding rule registration error
  slirp: add callbacks for timer
  slirp: replace trace functions with DEBUG calls
  slirp: replace QEMU_PACKED with SLIRP_PACKED
  slirp: replace most qemu socket utilities with slirp own version
  slirp: replace qemu_set_nonblock()
  slirp: add unregister_poll_fd() callback
  slirp: replace qemu_notify_event() with a callback
  slirp: move QEMU state saving to a separate unit
  slirp: do not include qemu headers in libslirp.h public API header
  slirp: improve windows headers inclusion
  slirp: add slirp own version of pstrcpy
  slirp: remove qemu timer.h dependency
  slirp: remove now useless QEMU headers inclusions
  slirp: replace net/eth.h inclusion with own defines
  slirp: replace qemu qtailq with slirp own copy
  slirp: replace remaining qemu headers dependency
  slirp: prefer c99 types over BSD kind
  slirp: improve send_packet() callback
  slirp: replace global polling with per-instance & notifier
  slirp: remove slirp_instances list
  slirp: use polling callbacks, drop glib requirement
  slirp: pass opaque to all callbacks
  slirp: API is extern C

Peter Maydell (2):
  slirp: Avoid marking naturally packed structs as QEMU_PACKED
  slirp: Don't mark struct ipq or struct ipasfrag as packed

Samuel Thibault (3):
  slirp: Avoid unaligned 16bit memory access
  slirp: replace QEMU_BUILD_BUG_ON with G_STATIC_ASSERT
  slirp: Move g_spawn_async_with_fds_qemu compatibility to slirp/


Marc-André Lureau (27):
  slirp: generalize guestfwd with a callback based approach
  net/slirp: simplify checking for cmd: prefix
  net/slirp: free forwarding rules on cleanup
  net/slirp: fix leaks on forwarding rule registration error
  slirp: add callbacks for timer
  slirp: replace trace functions with DEBUG calls
  slirp: replace QEMU_PACKED with SLIRP_PACKED
  slirp: replace most qemu socket utilities with slirp own version
  slirp: replace qemu_set_nonblock()
  slirp: add unregister_poll_fd() callback
  slirp: replace qemu_notify_event() with a callback
  slirp: move QEMU state saving to a separate unit
  slirp: do not include qemu headers in libslirp.h public API header
  slirp: improve windows headers inclusion
  slirp: add slirp own version of pstrcpy
  slirp: remove qemu timer.h dependency
  slirp: remove now useless QEMU headers inclusions
  slirp: replace net/eth.h inclusion with own defines
  slirp: replace qemu qtailq with slirp own copy
  slirp: replace remaining qemu headers dependency
  slirp: prefer c99 types over BSD kind
  slirp: improve send_packet() callback
  slirp: replace global polling with per-instance & notifier
  slirp: remove slirp_instances list
  slirp: use polling callbacks, drop glib requirement
  slirp: pass opaque to all callbacks
  slirp: API is extern C

Peter Maydell (2):
  slirp: Avoid marking naturally packed structs as QEMU_PACKED
  slirp: Don't mark struct ipq or struct ipasfrag as packed

Samuel Thibault (3):
  slirp: Avoid unaligned 16bit memory access
  slirp: replace QEMU_BUILD_BUG_ON with G_STATIC_ASSERT
  slirp: Move g_spawn_async_with_fds_qemu compatibility to slirp/

 Makefile.objs|   1 -
 include/glib-compat.h|  57 ---
 include/net/net.h|   2 +-
 include/qemu/main-loop.h |  15 +
 net/net.c|   4 +-
 net/slirp.c  | 185 -
 slirp/Makefile.objs  |   4 +-
 slirp/arp_table.c|   3 +-
 slirp/bootp.c|   1 -
 slirp/cksum.c|   1 -
 slirp/debug.h|  13 +-
 slirp/dhcpv6.c   |   4 +-
 slirp/dnssearch.c|   1 -
 slirp/if.c   |   4 +-
 slirp/ip.h   |  17 +-
 slirp/ip6.h  |  14 +-
 slirp/ip6_icmp.c |  27 +-
 slirp/ip6_icmp.h |  26 +-
 slirp/ip6_input.c|   1 -
 slirp/ip6_output.c   |   2 -
 slirp/ip_icmp.c  |  14 +-
 slirp/ip_icmp.h  |  18 +-
 slirp/ip_input.c |   5 +-
 slirp/ip_output.c|   1 -
 slirp/libslirp.h |  71 +++-
 slirp/main.h |   2 +-
 slirp/mbuf.c |   1 -
 slirp/mbuf.h  

[Qemu-devel] [PULLv3 22/32] slirp: replace qemu qtailq with slirp own copy

[Samuel Thibault]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/qtailq.h | 193 +
 slirp/slirp.h  |   3 +-
 2 files changed, 194 insertions(+), 2 deletions(-)
 create mode 100644 slirp/qtailq.h

diff --git a/slirp/qtailq.h b/slirp/qtailq.h
new file mode 100644
index 00..a89b0c439a
--- /dev/null
+++ b/slirp/qtailq.h
@@ -0,0 +1,193 @@
+/*  $NetBSD: queue.h,v 1.52 2009/04/20 09:56:08 mschuett Exp $ */
+
+/*
+ * slirp version: Copy from QEMU, removed all but tail queues.
+ */
+
+/*
+ * Copyright (c) 1991, 1993
+ *  The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *may be used to endorse or promote products derived from this software
+ *without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *  @(#)queue.h 8.5 (Berkeley) 8/20/94
+ */
+
+#ifndef QTAILQ_H
+#define QTAILQ_H
+
+/*
+ * A tail queue is headed by a pair of pointers, one to the head of the
+ * list and the other to the tail of the list. The elements are doubly
+ * linked so that an arbitrary element can be removed without a need to
+ * traverse the list. New elements can be added to the list before or
+ * after an existing element, at the head of the list, or at the end of
+ * the list. A tail queue may be traversed in either direction.
+ */
+typedef struct QTailQLink {
+void *tql_next;
+struct QTailQLink *tql_prev;
+} QTailQLink;
+
+/*
+ * Tail queue definitions.  The union acts as a poor man template, as if
+ * it were QTailQLink.
+ */
+#define QTAILQ_HEAD(name, type) \
+union name {\
+struct type *tqh_first;   /* first element */   \
+QTailQLink tqh_circ;  /* link for circular backwards list */ \
+}
+
+#define QTAILQ_HEAD_INITIALIZER(head)   \
+{ .tqh_circ = { NULL, &(head).tqh_circ } }
+
+#define QTAILQ_ENTRY(type)  \
+union { \
+struct type *tqe_next;/* next element */\
+QTailQLink tqe_circ;  /* link for circular backwards list */ \
+}
+
+#define QTAILQ_INIT(head) do {  \
+(head)->tqh_first = NULL;   \
+(head)->tqh_circ.tql_prev = &(head)->tqh_circ;  \
+} while (/*CONSTCOND*/0)
+
+#define QTAILQ_INSERT_HEAD(head, elm, field) do {   \
+if (((elm)->field.tqe_next = (head)->tqh_first) != NULL)\
+(head)->tqh_first->field.tqe_circ.tql_prev =\
+&(elm)->field.tqe_circ; \
+else\
+(head)->tqh_circ.tql_prev = &(elm)->field.tqe_circ; \
+(head)->tqh_first = (elm);  \
+(elm)->field.tqe_circ.tql_prev = &(head)->tqh_circ; \
+} while (/*CONSTCOND*/0)
+
+#define QTAILQ_INSERT_TAIL(head, elm, field) do {   \
+(elm)->field.tqe_next = NULL;   \
+(elm)->field.tqe_circ.tql_prev = (head)->tqh_circ.tql_prev; \
+(head)->tqh_circ.tql_prev->tql_next = (elm);\
+(head)->tqh_circ.tql_prev = &(elm)->field.tqe_circ; \
+} while (/*CONSTCOND*/0)
+
+#define QTAILQ_INSERT_AFTER(head, listelm, 

[Qemu-devel] [PULL 72/76] i386: hvf: Fix smp boot hangs

[Paolo Bonzini]

From: Heiher 

The machine that with hvf accelerator and smp sometimes boot hangs
because all processors are executing instructions at startup,
including early I/O emulations. We should just allow the bootstrap
processor to initialize the machine and then to wake up slave
processors by interrupt.

Signed-off-by: Heiher 
Message-Id: <20190123073402.28465-...@hev.cc>
Signed-off-by: Paolo Bonzini 
---
 target/i386/hvf/hvf.c | 5 -
 1 file changed, 5 deletions(-)

diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 689b585..42f9447 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -499,7 +499,6 @@ void hvf_reset_vcpu(CPUState *cpu) {
 }
 
 hv_vm_sync_tsc(0);
-cpu->halted = 0;
 hv_vcpu_invalidate_tlb(cpu->hvf_fd);
 hv_vcpu_flush(cpu->hvf_fd);
 }
@@ -582,8 +581,6 @@ int hvf_init_vcpu(CPUState *cpu)
 
 wvmcs(cpu->hvf_fd, VMCS_TPR_THRESHOLD, 0);
 
-hvf_reset_vcpu(cpu);
-
 x86cpu = X86_CPU(cpu);
 x86cpu->env.xsave_buf = qemu_memalign(4096, 4096);
 
@@ -659,8 +656,6 @@ int hvf_vcpu_exec(CPUState *cpu)
 int ret = 0;
 uint64_t rip = 0;
 
-cpu->halted = 0;
-
 if (hvf_process_events(cpu)) {
 return EXCP_HLT;
 }
-- 
1.8.3.1

[Qemu-devel] [PULLv3 15/32] slirp: move QEMU state saving to a separate unit

[Samuel Thibault]

From: Marc-André Lureau 

Make state saving optional: this will allow to build SLIRP without
QEMU. (eventually, the vmstate helpers will be extracted, so an
external project & process could save its state)

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 slirp/Makefile.objs |   1 +
 slirp/slirp.c   | 372 ++---
 slirp/slirp.h   |   3 +
 slirp/state.c   | 394 
 slirp/state.h   |   9 +
 5 files changed, 418 insertions(+), 361 deletions(-)
 create mode 100644 slirp/state.c
 create mode 100644 slirp/state.h

diff --git a/slirp/Makefile.objs b/slirp/Makefile.objs
index d2ead94b3b..88340a583b 100644
--- a/slirp/Makefile.objs
+++ b/slirp/Makefile.objs
@@ -20,6 +20,7 @@ slirp.mo-objs = \
sbuf.o \
slirp.o \
socket.o \
+   state.o \
tcp_input.o \
tcp_output.o \
tcp_subr.o \
diff --git a/slirp/slirp.c b/slirp/slirp.c
index f0bd59fd6f..9ec1e4c62f 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -30,6 +30,10 @@
 #include "hw/hw.h"
 #include "qemu/cutils.h"
 
+#ifdef WITH_QEMU
+#include "state.h"
+#endif
+
 #ifndef _WIN32
 #include 
 #endif
@@ -278,14 +282,6 @@ static void slirp_init_once(void)
 
 }
 
-static void slirp_state_save(QEMUFile *f, void *opaque);
-static int slirp_state_load(QEMUFile *f, void *opaque, int version_id);
-
-static SaveVMHandlers savevm_slirp_state = {
-.save_state = slirp_state_save,
-.load_state = slirp_state_load,
-};
-
 Slirp *slirp_init(int restricted, bool in_enabled, struct in_addr vnetwork,
   struct in_addr vnetmask, struct in_addr vhost,
   bool in6_enabled,
@@ -341,8 +337,9 @@ Slirp *slirp_init(int restricted, bool in_enabled, struct 
in_addr vnetwork,
 
 slirp->opaque = opaque;
 
-register_savevm_live(NULL, "slirp", 0, 4, _slirp_state, slirp);
-
+#ifdef WITH_QEMU
+slirp_state_register(slirp);
+#endif
 QTAILQ_INSERT_TAIL(_instances, slirp, entry);
 
 return slirp;
@@ -359,9 +356,9 @@ void slirp_cleanup(Slirp *slirp)
 }
 
 QTAILQ_REMOVE(_instances, slirp, entry);
-
-unregister_savevm(NULL, "slirp", slirp);
-
+#ifdef WITH_QEMU
+slirp_state_unregister(slirp);
+#endif
 ip_cleanup(slirp);
 ip6_cleanup(slirp);
 m_cleanup(slirp);
@@ -1115,7 +1112,7 @@ ssize_t slirp_send(struct socket *so, const void *buf, 
size_t len, int flags)
 return send(so->s, buf, len, flags);
 }
 
-static struct socket *
+struct socket *
 slirp_find_ctl_socket(Slirp *slirp, struct in_addr guest_addr, int guest_port)
 {
 struct socket *so;
@@ -1162,350 +1159,3 @@ void slirp_socket_recv(Slirp *slirp, struct in_addr 
guest_addr, int guest_port,
 if (ret > 0)
 tcp_output(sototcpcb(so));
 }
-
-static int slirp_tcp_post_load(void *opaque, int version)
-{
-tcp_template((struct tcpcb *)opaque);
-
-return 0;
-}
-
-static const VMStateDescription vmstate_slirp_tcp = {
-.name = "slirp-tcp",
-.version_id = 0,
-.post_load = slirp_tcp_post_load,
-.fields = (VMStateField[]) {
-VMSTATE_INT16(t_state, struct tcpcb),
-VMSTATE_INT16_ARRAY(t_timer, struct tcpcb, TCPT_NTIMERS),
-VMSTATE_INT16(t_rxtshift, struct tcpcb),
-VMSTATE_INT16(t_rxtcur, struct tcpcb),
-VMSTATE_INT16(t_dupacks, struct tcpcb),
-VMSTATE_UINT16(t_maxseg, struct tcpcb),
-VMSTATE_UINT8(t_force, struct tcpcb),
-VMSTATE_UINT16(t_flags, struct tcpcb),
-VMSTATE_UINT32(snd_una, struct tcpcb),
-VMSTATE_UINT32(snd_nxt, struct tcpcb),
-VMSTATE_UINT32(snd_up, struct tcpcb),
-VMSTATE_UINT32(snd_wl1, struct tcpcb),
-VMSTATE_UINT32(snd_wl2, struct tcpcb),
-VMSTATE_UINT32(iss, struct tcpcb),
-VMSTATE_UINT32(snd_wnd, struct tcpcb),
-VMSTATE_UINT32(rcv_wnd, struct tcpcb),
-VMSTATE_UINT32(rcv_nxt, struct tcpcb),
-VMSTATE_UINT32(rcv_up, struct tcpcb),
-VMSTATE_UINT32(irs, struct tcpcb),
-VMSTATE_UINT32(rcv_adv, struct tcpcb),
-VMSTATE_UINT32(snd_max, struct tcpcb),
-VMSTATE_UINT32(snd_cwnd, struct tcpcb),
-VMSTATE_UINT32(snd_ssthresh, struct tcpcb),
-VMSTATE_INT16(t_idle, struct tcpcb),
-VMSTATE_INT16(t_rtt, struct tcpcb),
-VMSTATE_UINT32(t_rtseq, struct tcpcb),
-VMSTATE_INT16(t_srtt, struct tcpcb),
-VMSTATE_INT16(t_rttvar, struct tcpcb),
-VMSTATE_UINT16(t_rttmin, struct tcpcb),
-VMSTATE_UINT32(max_sndwnd, struct tcpcb),
-VMSTATE_UINT8(t_oobflags, struct tcpcb),
-VMSTATE_UINT8(t_iobc, struct tcpcb),
-VMSTATE_INT16(t_softerror, struct tcpcb),
-VMSTATE_UINT8(snd_scale, struct tcpcb),
-VMSTATE_UINT8(rcv_scale, struct tcpcb),
-VMSTATE_UINT8(request_r_scale, struct tcpcb),
-VMSTATE_UINT8(requested_s_scale, struct tcpcb),
-VMSTATE_UINT32(ts_recent, struct tcpcb),
-

[Qemu-devel] [PULLv3 05/32] net/slirp: simplify checking for cmd: prefix

[Samuel Thibault]

From: Marc-André Lureau 

Signed-off-by: Marc-André Lureau 
Signed-off-by: Samuel Thibault 
---
 net/slirp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/slirp.c b/net/slirp.c
index ec07f662c0..b91741b8fc 100644
--- a/net/slirp.c
+++ b/net/slirp.c
@@ -773,7 +773,7 @@ static int slirp_guestfwd(SlirpState *s, const char 
*config_str, Error **errp)
 
 snprintf(buf, sizeof(buf), "guestfwd.tcp.%d", port);
 
-if ((strlen(p) > 4) && !strncmp(p, "cmd:", 4)) {
+if (g_str_has_prefix(p, "cmd:")) {
 if (slirp_add_exec(s->slirp, [4], , port) < 0) {
 error_setg(errp, "Conflicting/invalid host:port in guest "
"forwarding rule '%s'", config_str);
-- 
2.20.1

[Qemu-devel] [PULLv3 24/32] slirp: Move g_spawn_async_with_fds_qemu compatibility to slirp/

[Samuel Thibault]

Only slirp actually needs it, and will need it along in libslirp.

Signed-off-by: Samuel Thibault 
Reviewed-by: Marc-André Lureau 
---
 include/glib-compat.h | 57 ---
 slirp/misc.c  | 62 +++
 2 files changed, 62 insertions(+), 57 deletions(-)

diff --git a/include/glib-compat.h b/include/glib-compat.h
index 8a078c5288..1291628e09 100644
--- a/include/glib-compat.h
+++ b/include/glib-compat.h
@@ -83,63 +83,6 @@ static inline gboolean g_strv_contains_qemu(const gchar 
*const *strv,
 }
 #define g_strv_contains(a, b) g_strv_contains_qemu(a, b)
 
-#if !GLIB_CHECK_VERSION(2, 58, 0)
-typedef struct QemuGSpawnFds {
-GSpawnChildSetupFunc child_setup;
-gpointer user_data;
-gint stdin_fd;
-gint stdout_fd;
-gint stderr_fd;
-} QemuGSpawnFds;
-
-static inline void
-qemu_gspawn_fds_setup(gpointer user_data)
-{
-QemuGSpawnFds *q = (QemuGSpawnFds *)user_data;
-
-dup2(q->stdin_fd, 0);
-dup2(q->stdout_fd, 1);
-dup2(q->stderr_fd, 2);
-q->child_setup(q->user_data);
-}
-#endif
-
-static inline gboolean
-g_spawn_async_with_fds_qemu(const gchar *working_directory,
-gchar **argv,
-gchar **envp,
-GSpawnFlags flags,
-GSpawnChildSetupFunc child_setup,
-gpointer user_data,
-GPid *child_pid,
-gint stdin_fd,
-gint stdout_fd,
-gint stderr_fd,
-GError **error)
-{
-#if GLIB_CHECK_VERSION(2, 58, 0)
-return g_spawn_async_with_fds(working_directory, argv, envp, flags,
-  child_setup, user_data,
-  child_pid, stdin_fd, stdout_fd, stderr_fd,
-  error);
-#else
-QemuGSpawnFds setup = {
-.child_setup = child_setup,
-.user_data = user_data,
-.stdin_fd = stdin_fd,
-.stdout_fd = stdout_fd,
-.stderr_fd = stderr_fd,
-};
-
-return g_spawn_async(working_directory, argv, envp, flags,
- qemu_gspawn_fds_setup, ,
- child_pid, error);
-#endif
-}
-
-#define g_spawn_async_with_fds(wd, argv, env, f, c, d, p, ifd, ofd, efd, err) \
-g_spawn_async_with_fds_qemu(wd, argv, env, f, c, d, p, ifd, ofd, efd, err)
-
 #if defined(_WIN32) && !GLIB_CHECK_VERSION(2, 50, 0)
 /*
  * g_poll has a problem on Windows when using
diff --git a/slirp/misc.c b/slirp/misc.c
index a77cc34b30..ee77aff337 100644
--- a/slirp/misc.c
+++ b/slirp/misc.c
@@ -122,6 +122,68 @@ fork_exec_child_setup(gpointer data)
 #endif
 }
 
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+
+#if !GLIB_CHECK_VERSION(2, 58, 0)
+typedef struct SlirpGSpawnFds {
+GSpawnChildSetupFunc child_setup;
+gpointer user_data;
+gint stdin_fd;
+gint stdout_fd;
+gint stderr_fd;
+} SlirpGSpawnFds;
+
+static inline void
+slirp_gspawn_fds_setup(gpointer user_data)
+{
+SlirpGSpawnFds *q = (SlirpGSpawnFds *)user_data;
+
+dup2(q->stdin_fd, 0);
+dup2(q->stdout_fd, 1);
+dup2(q->stderr_fd, 2);
+q->child_setup(q->user_data);
+}
+#endif
+
+static inline gboolean
+g_spawn_async_with_fds_slirp(const gchar *working_directory,
+gchar **argv,
+gchar **envp,
+GSpawnFlags flags,
+GSpawnChildSetupFunc child_setup,
+gpointer user_data,
+GPid *child_pid,
+gint stdin_fd,
+gint stdout_fd,
+gint stderr_fd,
+GError **error)
+{
+#if GLIB_CHECK_VERSION(2, 58, 0)
+return g_spawn_async_with_fds(working_directory, argv, envp, flags,
+  child_setup, user_data,
+  child_pid, stdin_fd, stdout_fd, stderr_fd,
+  error);
+#else
+SlirpGSpawnFds setup = {
+.child_setup = child_setup,
+.user_data = user_data,
+.stdin_fd = stdin_fd,
+.stdout_fd = stdout_fd,
+.stderr_fd = stderr_fd,
+};
+
+return g_spawn_async(working_directory, argv, envp, flags,
+ slirp_gspawn_fds_setup, ,
+ child_pid, error);
+#endif
+}
+
+#define g_spawn_async_with_fds(wd, argv, env, f, c, d, p, ifd, ofd, efd, err) \
+g_spawn_async_with_fds_slirp(wd, argv, env, f, c, d, p, ifd, ofd, efd, err)
+
+#pragma GCC diagnostic pop
+
 int
 fork_exec(struct socket *so, const char *ex)
 {
-- 
2.20.1