Re: [Qemu-devel] [PATCH v3] net: cadence_gem: fix compilation error when debug is on

[Ramon Fried]

On June 15, 2019 8:38:35 AM GMT+03:00, "Philippe Mathieu-Daudé" 
 wrote:
>Hi Ramon,
>
>On 6/15/19 7:15 AM, Ramon Fried wrote:
>> defining CADENCE_GEM_ERR_DEBUG causes compilation
>> errors, fix that.
>> 
>> Signed-off-by: Ramon Fried 
>> ---
>> v2: change %lx to HWADDR_PRIx and %lx to %zdx
>> v3: change %zdx to %zx
>> 
>>  hw/net/cadence_gem.c | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>> 
>> diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
>> index 7f63411430..ecee22525c 100644
>> --- a/hw/net/cadence_gem.c
>> +++ b/hw/net/cadence_gem.c
>> @@ -982,8 +982,8 @@ static ssize_t gem_receive(NetClientState *nc,
>const uint8_t *buf, size_t size)
>>  return -1;
>>  }
>>  
>> -DB_PRINT("copy %d bytes to 0x%x\n", MIN(bytes_to_copy,
>rxbufsize),
>> -rx_desc_get_buffer(s->rx_desc[q]));
>> +DB_PRINT("copy %d bytes to 0x%" HWADDR_PRIx "\n",
>MIN(bytes_to_copy, rxbufsize),
>> +rx_desc_get_buffer(s, s->rx_desc[q]));
>>  
>>  /* Copy packet data to emulated DMA buffer */
>>  address_space_write(&s->dma_as, rx_desc_get_buffer(s,
>s->rx_desc[q]) +
>> @@ -1156,7 +1156,7 @@ static void gem_transmit(CadenceGEMState *s)
>>  if (tx_desc_get_length(desc) > sizeof(tx_packet) -
>> (p - tx_packet)) {
>>  DB_PRINT("TX descriptor @ 0x%x too large: size 0x%x
>space " \
>> - "0x%x\n", (unsigned)packet_desc_addr,
>> + "0x%zx\n", (unsigned)packet_desc_addr,
>>   (unsigned)tx_desc_get_length(desc),
>>   sizeof(tx_packet) - (p - tx_packet));
>>  break;
>> 
>
>I still get an error when trying to build on 32bit host with
>CADENCE_GEM_ERR_DEBUG enabled (pre-existing to your patch):
>
>  CC  hw/net/cadence_gem.o
>./hw/net/cadence_gem.c: In function 'gem_receive':
>./hw/net/cadence_gem.c:973:14: error: format '%ld' expects argument of
>type 'long int', but argument 4 has type 'size_t {aka unsigned int}'
>[-Werror=format=]
>DB_PRINT("config bufsize: %d packet size: %ld\n", rxbufsize, size);
>  ^
>./hw/net/cadence_gem.c:38:24: note: in definition of macro 'DB_PRINT'
> fprintf(stderr, ## __VA_ARGS__); \
>^
>cc1: all warnings being treated as errors
>./rules.mak:69: recipe for target 'hw/net/cadence_gem.o' failed
>make: *** [hw/net/cadence_gem.o] Error 1
>
>However the 64bit host is indeed fixed, so I'm fine with your patch:
>Reviewed-by: Philippe Mathieu-Daudé 
>Tested-by: Philippe Mathieu-Daudé 
>
>Regards,
>
>Phil.
Thanks! 

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [Qemu-devel] [PATCH] MAINTAINERS: Change maintership of Xen code under hw/9pfs

[Philippe Mathieu-Daudé]

Cc'ing qemu-trivial@

On 6/14/19 6:50 PM, Greg Kurz wrote:
[...]
> Markus, Xen maintainers,
> 
> All needed Acked-by have been provided. I don't plan to send a 9pfs PR
> anytime soon. Can this go through someone else's tree please ?
> 
> Cheers,
> 
> --
> Greg
> 

Re: [Qemu-devel] [PATCH v3] net: cadence_gem: fix compilation error when debug is on

[Philippe Mathieu-Daudé]

Hi Ramon,

On 6/15/19 7:15 AM, Ramon Fried wrote:
> defining CADENCE_GEM_ERR_DEBUG causes compilation
> errors, fix that.
> 
> Signed-off-by: Ramon Fried 
> ---
> v2: change %lx to HWADDR_PRIx and %lx to %zdx
> v3: change %zdx to %zx
> 
>  hw/net/cadence_gem.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
> index 7f63411430..ecee22525c 100644
> --- a/hw/net/cadence_gem.c
> +++ b/hw/net/cadence_gem.c
> @@ -982,8 +982,8 @@ static ssize_t gem_receive(NetClientState *nc, const 
> uint8_t *buf, size_t size)
>  return -1;
>  }
>  
> -DB_PRINT("copy %d bytes to 0x%x\n", MIN(bytes_to_copy, rxbufsize),
> -rx_desc_get_buffer(s->rx_desc[q]));
> +DB_PRINT("copy %d bytes to 0x%" HWADDR_PRIx "\n", MIN(bytes_to_copy, 
> rxbufsize),
> +rx_desc_get_buffer(s, s->rx_desc[q]));
>  
>  /* Copy packet data to emulated DMA buffer */
>  address_space_write(&s->dma_as, rx_desc_get_buffer(s, s->rx_desc[q]) 
> +
> @@ -1156,7 +1156,7 @@ static void gem_transmit(CadenceGEMState *s)
>  if (tx_desc_get_length(desc) > sizeof(tx_packet) -
> (p - tx_packet)) {
>  DB_PRINT("TX descriptor @ 0x%x too large: size 0x%x space " \
> - "0x%x\n", (unsigned)packet_desc_addr,
> + "0x%zx\n", (unsigned)packet_desc_addr,
>   (unsigned)tx_desc_get_length(desc),
>   sizeof(tx_packet) - (p - tx_packet));
>  break;
> 

I still get an error when trying to build on 32bit host with
CADENCE_GEM_ERR_DEBUG enabled (pre-existing to your patch):

  CC  hw/net/cadence_gem.o
./hw/net/cadence_gem.c: In function 'gem_receive':
./hw/net/cadence_gem.c:973:14: error: format '%ld' expects argument of
type 'long int', but argument 4 has type 'size_t {aka unsigned int}'
[-Werror=format=]
 DB_PRINT("config bufsize: %d packet size: %ld\n", rxbufsize, size);
  ^
./hw/net/cadence_gem.c:38:24: note: in definition of macro 'DB_PRINT'
 fprintf(stderr, ## __VA_ARGS__); \
^
cc1: all warnings being treated as errors
./rules.mak:69: recipe for target 'hw/net/cadence_gem.o' failed
make: *** [hw/net/cadence_gem.o] Error 1

However the 64bit host is indeed fixed, so I'm fine with your patch:
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 

Regards,

Phil.

Re: [Qemu-devel] [PATCH v2] net: cadence_gem: fix compilation error when debug is on

[Ramon Fried]

On Wed, Jun 12, 2019 at 10:40 AM Laurent Vivier  wrote:

> Le 12/06/2019 à 06:27, Ramon Fried a écrit :
> >
> >
> > On Tue, Jun 11, 2019 at 7:21 PM Laurent Vivier  > > wrote:
> >
> > Le 11/06/2019 à 16:55, Ramon Fried a écrit :
> > > defining CADENCE_GEM_ERR_DEBUG causes compilation
> > > errors, fix that.
> > >
> > > Signed-off-by: Ramon Fried  > >
> > > ---
> > > v2: change %lx to HWADDR_PRIx and %lx to %zdx
> >
> > HWADDR_PRIx is to use with hwaddr type (packet_desc_addr).
> > rx_desc_get_buffer() is uint64_t, you must use PRIx64.
> > It may be better to remove also the cast to unsigned.
> >
> > Other places in the code also use HWADDR_PRIx with  rx_desc_get_buffer().
> > Should I change them also ?
>
> No, in fact you should change the return type of rx_desc_get_buffer() to
> hwaddr.
>
Make sense.
I'll do it in a different patch.

>
> Thanks,
> Laurent
>

[Qemu-devel] [PATCH v3] net: cadence_gem: fix compilation error when debug is on

[Ramon Fried]

defining CADENCE_GEM_ERR_DEBUG causes compilation
errors, fix that.

Signed-off-by: Ramon Fried 
---
v2: change %lx to HWADDR_PRIx and %lx to %zdx
v3: change %zdx to %zx

 hw/net/cadence_gem.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 7f63411430..ecee22525c 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -982,8 +982,8 @@ static ssize_t gem_receive(NetClientState *nc, const 
uint8_t *buf, size_t size)
 return -1;
 }
 
-DB_PRINT("copy %d bytes to 0x%x\n", MIN(bytes_to_copy, rxbufsize),
-rx_desc_get_buffer(s->rx_desc[q]));
+DB_PRINT("copy %d bytes to 0x%" HWADDR_PRIx "\n", MIN(bytes_to_copy, 
rxbufsize),
+rx_desc_get_buffer(s, s->rx_desc[q]));
 
 /* Copy packet data to emulated DMA buffer */
 address_space_write(&s->dma_as, rx_desc_get_buffer(s, s->rx_desc[q]) +
@@ -1156,7 +1156,7 @@ static void gem_transmit(CadenceGEMState *s)
 if (tx_desc_get_length(desc) > sizeof(tx_packet) -
(p - tx_packet)) {
 DB_PRINT("TX descriptor @ 0x%x too large: size 0x%x space " \
- "0x%x\n", (unsigned)packet_desc_addr,
+ "0x%zx\n", (unsigned)packet_desc_addr,
  (unsigned)tx_desc_get_length(desc),
  sizeof(tx_packet) - (p - tx_packet));
 break;
-- 
2.21.0

[Qemu-devel] [PATCH] net: cadence_gem: clear RX control descriptor

[Ramon Fried]

The RX ring descriptors control field is used for setting
SOF and EOF (start of frame and end of frame).
The SOF and EOF weren't cleared from the previous descriptors,
causing inconsistencies in ring buffer.
Fix that by clearing the control field of every descriptors we're
processing.

Signed-off-by: Ramon Fried 
---
 hw/net/cadence_gem.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index ecee22525c..d83a82bdb0 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -406,6 +406,11 @@ static inline void rx_desc_set_sof(uint32_t *desc)
 desc[1] |= DESC_1_RX_SOF;
 }
 
+static inline void rx_desc_clear(uint32_t *desc)
+{
+desc[1]  = 0;
+}
+
 static inline void rx_desc_set_eof(uint32_t *desc)
 {
 desc[1] |= DESC_1_RX_EOF;
@@ -994,6 +999,8 @@ static ssize_t gem_receive(NetClientState *nc, const 
uint8_t *buf, size_t size)
 bytes_to_copy -= MIN(bytes_to_copy, rxbufsize);
 
 /* Update the descriptor.  */
+rx_desc_clear(s->rx_desc[q]);
+
 if (first_desc) {
 rx_desc_set_sof(s->rx_desc[q]);
 first_desc = false;
-- 
2.21.0

[Qemu-devel] [Bug 1722074] Re: warning: host doesn't support requested feature: CPUID.01H:ECX.vmx

[Ken Sharp]

How is this a bug?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1722074

Title:
  warning: host doesn't support requested feature: CPUID.01H:ECX.vmx

Status in QEMU:
  Invalid
Status in qemu package in Ubuntu:
  Confirmed

Bug description:
  
  I encountered the bug today (when using qemu to boot up images - which used 
to work on my Intel CPU box):

  warning: host doesn't support requested feature: CPUID.01H:ECX.vmx

  The bug is a show-stopper - I completely cannot load my kernel images
  at all.

  My Ubuntu have this version of QEMU installed:

  qemu-system-x86_64 --version

  QEMU emulator version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.16),
  Copyright (c) 2003-2008 Fabrice Bellard

  And PC is a AMD Ryzen7 CPU built, and this is the first time I am
  using it to load QEMU images.   My host information:

  cat /proc/cpuinfo |more

  processor : 0
  vendor_id : AuthenticAMD
  cpu family: 23
  model : 1
  model name: AMD Ryzen 7 1700X Eight-Core Processor
  stepping  : 1
  microcode : 0x800110e
  cpu MHz   : 2200.000
  cache size: 512 KB
  physical id   : 0
  siblings  : 16
  core id   : 0
  cpu cores : 8
  apicid: 0
  initial apicid: 0
  fpu   : yes
  fpu_exception : yes
  cpuid level   : 13
  wp: yes
  flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov
  pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb 
rdtscp
   lm constant_tsc rep_good nopl nonstop_tsc extd_apicid aperfmperf pni 
pclmulqdq
  monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand 
lahf
  _lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch 
osvw s
  kinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_l2 mwaitx 
hw_pstate
  vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni 
xsaveopt
  xsavec xgetbv1 xsaves clzero irperf arat npt lbrv svm_lock nrip_save 
tsc_scale v
  mcb_clean flushbyasid decodeassists pausefilter pfthreshold avic 
overflow_recov
  succor smca
  bugs  : fxsave_leak sysret_ss_attrs null_seg
  bogomips  : 6787.24
  TLB size  : 2560 4K pages
  clflush size  : 64
  cache_alignment   : 64
  address sizes : 48 bits physical, 48 bits virtual
  power management: ts ttp tm hwpstate eff_freq_ro [13] [14]

  processor : 1
  vendor_id : AuthenticAMD
  cpu family: 23
  model : 1
  model name: AMD Ryzen 7 1700X Eight-Core Processor
  stepping  : 1
  microcode : 0x800110e
  cpu MHz   : 2200.000
  cache size: 512 KB

  From other places, it can be seen that this is an AMD CPU issue:

  https://www.virtualmin.com/node/52227

  not sure?

  The bug will also affect the host negatively:  it will completely go
  into a hung mode - the entire host becomes completely unsable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1722074/+subscriptions

[Qemu-devel] [Bug 1832914] [NEW] Wrong error log when drive is specified qcow but qcow2 image file used.

[saeed]

Public bug reported:

On archlinux qemu version 4.0.0 when I type:

$ qemu-system-x86_64 -drive format=qcow,file=image.qcow2 ...

I get this output in stderr

qemu-system-x86_64 -drive format=qcow,file=image.qcow2 ...: Unsupported
qcow version 3

image.qcow2 is a qcow2 image created by qemu-img. error states that
problem is with lack support with qcow3 format but real problem is that
foramt=qcow is wrong option.

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1832914

Title:
  Wrong error log when drive is specified qcow but qcow2 image file
  used.

Status in QEMU:
  New

Bug description:
  On archlinux qemu version 4.0.0 when I type:

  $ qemu-system-x86_64 -drive format=qcow,file=image.qcow2 ...

  I get this output in stderr

  qemu-system-x86_64 -drive format=qcow,file=image.qcow2 ...:
  Unsupported qcow version 3

  image.qcow2 is a qcow2 image created by qemu-img. error states that
  problem is with lack support with qcow3 format but real problem is
  that foramt=qcow is wrong option.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1832914/+subscriptions

Re: [Qemu-devel] [PATCH 6/7] KVM: i386: Add support for save and restore nested state

[Liran Alon]

> On 15 Jun 2019, at 3:42, Paolo Bonzini  wrote:
> 
> From: Liran Alon 
> 
> Kernel commit 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE")
> introduced new IOCTLs to extract and restore KVM internal state used to
> run a VM that is in VMX operation.
> 
> Utilize these IOCTLs to add support of migration of VMs which are
> running nested hypervisors.
> 
> Reviewed-by: Nikita Leshenko 
> Signed-off-by: Liran Alon 
> [Simplified subsection needed functions and computation of
> kvm_min_nested_state_len(); adjusted for upstream kernel field
> names; fixed !CONFIG_KVM compilation. - Paolo]
> Signed-off-by: Paolo Bonzini 
> ---
> accel/kvm/kvm-all.c   |   8 ++
> include/sysemu/kvm.h  |   1 +
> target/i386/cpu.h |   3 +
> target/i386/kvm.c |  52 
> target/i386/machine.c | 182 ++
> 5 files changed, 246 insertions(+)
> 
> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
> index e4ac3386cb..e1c6c067e8 100644
> --- a/accel/kvm/kvm-all.c
> +++ b/accel/kvm/kvm-all.c
> @@ -88,6 +88,7 @@ struct KVMState
> #ifdef KVM_CAP_SET_GUEST_DEBUG
> QTAILQ_HEAD(, kvm_sw_breakpoint) kvm_sw_breakpoints;
> #endif
> +uint32_t max_nested_state_len;

Note: In my next patch-series I have changed this to be “int”.

> int many_ioeventfds;
> int intx_set_mask;
> bool sync_mmu;
> @@ -1677,6 +1678,8 @@ static int kvm_init(MachineState *ms)
> s->debugregs = kvm_check_extension(s, KVM_CAP_DEBUGREGS);
> #endif
> 
> +s->max_nested_state_len = kvm_check_extension(s, KVM_CAP_NESTED_STATE);
> +
> #ifdef KVM_CAP_IRQ_ROUTING
> kvm_direct_msi_allowed = (kvm_check_extension(s, KVM_CAP_SIGNAL_MSI) > 0);
> #endif
> @@ -2244,6 +2247,11 @@ int kvm_has_debugregs(void)
> return kvm_state->debugregs;
> }
> 
> +uint32_t kvm_max_nested_state_length(void)
> +{
> +return kvm_state->max_nested_state_len;
> +}
> +
> int kvm_has_many_ioeventfds(void)
> {
> if (!kvm_enabled()) {
> diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
> index a6d1cd190f..5eb79b594c 100644
> --- a/include/sysemu/kvm.h
> +++ b/include/sysemu/kvm.h
> @@ -210,6 +210,7 @@ bool kvm_has_sync_mmu(void);
> int kvm_has_vcpu_events(void);
> int kvm_has_robust_singlestep(void);
> int kvm_has_debugregs(void);
> +uint32_t kvm_max_nested_state_length(void);
> int kvm_has_pit_state2(void);
> int kvm_has_many_ioeventfds(void);
> int kvm_has_gsi_routing(void);
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index bbeb7a9521..550d397807 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -1355,6 +1355,9 @@ typedef struct CPUX86State {
> #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
> void *xsave_buf;
> #endif
> +#if defined(CONFIG_KVM)
> +struct kvm_nested_state *nested_state;
> +#endif

Nice catch regarding CONFIG_KVM. Thanks for that. :)

> #if defined(CONFIG_HVF)
> HVFX86EmulatorState *hvf_emul;
> #endif
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index dca76830ec..d48fafa22b 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -968,6 +968,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
> struct kvm_cpuid_entry2 *c;
> uint32_t signature[3];
> int kvm_base = KVM_CPUID_SIGNATURE;
> +uint32_t nested_state_len;
> int r;
> Error *local_err = NULL;
> 
> @@ -1368,6 +1369,13 @@ int kvm_arch_init_vcpu(CPUState *cs)
> if (has_xsave) {
> env->xsave_buf = qemu_memalign(4096, sizeof(struct kvm_xsave));
> }
> +
> +nested_state_len = kvm_max_nested_state_length();
> +if (nested_state_len > 0) {
> +assert(nested_state_len >= offsetof(struct kvm_nested_state, data));
> +env->nested_state = g_malloc0(nested_state_len);

Paolo, why have you removed setting “env->nested_state->size = 
max_nested_state_len;”?

In addition, in my next patch-series I also added the following code here which 
is required:

+if (IS_INTEL_CPU(env)) {
+struct kvm_vmx_nested_state_hdr *vmx_hdr =
+&env->nested_state->hdr.vmx_hdr;
+
+vmx_hdr->vmxon_pa = -1ull;
+vmx_hdr->vmcs12_pa = -1ull;
+}

> +}
> +
> cpu->kvm_msr_buf = g_malloc0(MSR_BUF_SIZE);

Note: In my next patch-series I have also added a new kvm_arch_destroy_vcpu() 
method which is called from kvm_destroy_vcpu().
Similar to how kvm_arch_init_vcpu() is called from kvm_init_vcpu().
I use it to free both cpu->kvm_msr_buf and env->nested_state.

> 
> if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_RDTSCP)) {
> @@ -3125,6 +3133,41 @@ static int kvm_get_debugregs(X86CPU *cpu)
> return 0;
> }
> 
> +static int kvm_put_nested_state(X86CPU *cpu)
> +{
> +CPUX86State *env = &cpu->env;
> +uint32_t nested_state_len = kvm_max_nested_state_length();
> +
> +if (nested_state_len == 0) {
> +return 0;
> +}
> +
> +assert(env->nested_state->size <= nested_state_len);
> +return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_NESTED_STATE, env->nested_state);
> +}
> +
> +static

Re: [Qemu-devel] [PATCH 3/7] KVM: i386: Add support for KVM_CAP_EXCEPTION_PAYLOAD

[Liran Alon]

> On 15 Jun 2019, at 3:42, Paolo Bonzini  wrote:
> 
> From: Liran Alon 
> 
> Kernel commit c4f55198c7c2 ("kvm: x86: Introduce KVM_CAP_EXCEPTION_PAYLOAD")
> introduced a new KVM capability which allows userspace to correctly
> distinguish between pending and injected exceptions.
> 
> This distinguish is important in case of nested virtualization scenarios
> because a L2 pending exception can still be intercepted by the L1 hypervisor
> while a L2 injected exception cannot.
> 
> Furthermore, when an exception is attempted to be injected by QEMU,
> QEMU should specify the exception payload (CR2 in case of #PF or
> DR6 in case of #DB) instead of having the payload already delivered in
> the respective vCPU register. Because in case exception is injected to
> L2 guest and is intercepted by L1 hypervisor, then payload needs to be
> reported to L1 intercept (VMExit handler) while still preserving
> respective vCPU register unchanged.
> 
> This commit adds support for QEMU to properly utilise this new KVM
> capability (KVM_CAP_EXCEPTION_PAYLOAD).
> 
> Reviewed-by: Nikita Leshenko 
> Signed-off-by: Liran Alon 
> Signed-off-by: Paolo Bonzini 
> ---
> target/i386/cpu.c| 10 ++---
> target/i386/cpu.h| 13 +-
> target/i386/hvf/hvf.c| 10 +++--
> target/i386/hvf/x86hvf.c |  4 +-
> target/i386/kvm.c| 95 +---
> target/i386/machine.c| 61 +-
> 6 files changed, 163 insertions(+), 30 deletions(-)
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index c1ab86d63e..4e19969111 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -4777,7 +4777,9 @@ static void x86_cpu_reset(CPUState *s)
> memset(env->mtrr_fixed, 0, sizeof(env->mtrr_fixed));
> 
> env->interrupt_injected = -1;
> -env->exception_injected = -1;
> +env->exception_nr = -1;
> +env->exception_pending = 0;
> +env->exception_injected = 0;

Note: I the patch-series I will submit I will add here:
+env->exception_has_payload = false;
+env->exception_payload = 0;

> env->nmi_injected = false;
> #if !defined(CONFIG_USER_ONLY)
> /* We hard-wire the BSP to the first CPU. */
> @@ -5173,12 +5175,6 @@ static int x86_cpu_filter_features(X86CPU *cpu)
> return rv;
> }
> 
> -#define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \
> -   (env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \
> -   (env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)
> -#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \
> - (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \
> - (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)
> static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
> {
> CPUState *cs = CPU(dev);
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index bd06523a53..bbeb7a9521 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -729,6 +729,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
> 
> #define CPUID_VENDOR_HYGON"HygonGenuine"
> 
> +#define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \
> +   (env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \
> +   (env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)
> +#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \
> + (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \
> + (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)
> +
> #define CPUID_MWAIT_IBE (1U << 1) /* Interrupts can exit capability */
> #define CPUID_MWAIT_EMX (1U << 0) /* enumeration supported */
> 
> @@ -1332,10 +1339,14 @@ typedef struct CPUX86State {
> 
> /* For KVM */
> uint32_t mp_state;
> -int32_t exception_injected;
> +int32_t exception_nr;
> int32_t interrupt_injected;
> uint8_t soft_interrupt;
> +uint8_t exception_pending;
> +uint8_t exception_injected;
> uint8_t has_error_code;
> +uint8_t exception_has_payload;
> +uint64_t exception_payload;
> uint32_t ins_len;
> uint32_t sipi_vector;
> bool tsc_valid;
> diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
> index 2751c8125c..dc4bb63536 100644
> --- a/target/i386/hvf/hvf.c
> +++ b/target/i386/hvf/hvf.c
> @@ -605,7 +605,9 @@ static void hvf_store_events(CPUState *cpu, uint32_t 
> ins_len, uint64_t idtvec_in
> X86CPU *x86_cpu = X86_CPU(cpu);
> CPUX86State *env = &x86_cpu->env;
> 
> -env->exception_injected = -1;
> +env->exception_nr = -1;
> +env->exception_pending = 0;
> +env->exception_injected = 0;
> env->interrupt_injected = -1;
> env->nmi_injected = false;
> if (idtvec_info & VMCS_IDT_VEC_VALID) {
> @@ -619,7 +621,8 @@ static void hvf_store_events(CPUState *cpu, uint32_t 
> ins_len, uint64_t idtvec_in
> break;
> case VMCS_IDT_VEC_HWEXCEPTION:
> case VMCS_IDT_VEC

Re: [Qemu-devel] [PATCH 1/7] KVM: i386: Use symbolic constant for #DB/#BP exception constants

[Liran Alon]

> On 15 Jun 2019, at 3:42, Paolo Bonzini  wrote:
> 
> From: Liran Alon 
> 
> Reviewed-by: Nikita Leshenko 
> Signed-off-by: Liran Alon 
> Signed-off-by: Paolo Bonzini 
> ---
> target/i386/kvm.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index 3b29ce5c0d..c8d8196e71 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -2994,9 +2994,9 @@ static int kvm_guest_debug_workarounds(X86CPU *cpu)
> unsigned long reinject_trap = 0;
> 
> if (!kvm_has_vcpu_events()) {
> -if (env->exception_injected == 1) {
> +if (env->exception_injected == EXCP01_DB) {
> reinject_trap = KVM_GUESTDBG_INJECT_DB;
> -} else if (env->exception_injected == 3) {
> +} else if (env->exception_injected == EXCP03_INT3) {
> reinject_trap = KVM_GUESTDBG_INJECT_BP;
> }
> env->exception_injected = -1;
> @@ -3508,7 +3508,7 @@ static int kvm_handle_debug(X86CPU *cpu,
> int ret = 0;
> int n;
> 
> -if (arch_info->exception == 1) {
> +if (arch_info->exception == EXCP01_DB) {
> if (arch_info->dr6 & (1 << 14)) {

Note: In the patch-series I will submit, I also replaced this “1 << 14” with 
DR6_BS.

> if (cs->singlestep_enabled) {
> ret = EXCP_DEBUG;
> -- 
> 2.21.0
> 
> 

[Qemu-devel] [PATCH 3/7] KVM: i386: Add support for KVM_CAP_EXCEPTION_PAYLOAD

[Paolo Bonzini]

From: Liran Alon 

Kernel commit c4f55198c7c2 ("kvm: x86: Introduce KVM_CAP_EXCEPTION_PAYLOAD")
introduced a new KVM capability which allows userspace to correctly
distinguish between pending and injected exceptions.

This distinguish is important in case of nested virtualization scenarios
because a L2 pending exception can still be intercepted by the L1 hypervisor
while a L2 injected exception cannot.

Furthermore, when an exception is attempted to be injected by QEMU,
QEMU should specify the exception payload (CR2 in case of #PF or
DR6 in case of #DB) instead of having the payload already delivered in
the respective vCPU register. Because in case exception is injected to
L2 guest and is intercepted by L1 hypervisor, then payload needs to be
reported to L1 intercept (VMExit handler) while still preserving
respective vCPU register unchanged.

This commit adds support for QEMU to properly utilise this new KVM
capability (KVM_CAP_EXCEPTION_PAYLOAD).

Reviewed-by: Nikita Leshenko 
Signed-off-by: Liran Alon 
Signed-off-by: Paolo Bonzini 
---
 target/i386/cpu.c| 10 ++---
 target/i386/cpu.h| 13 +-
 target/i386/hvf/hvf.c| 10 +++--
 target/i386/hvf/x86hvf.c |  4 +-
 target/i386/kvm.c| 95 +---
 target/i386/machine.c| 61 +-
 6 files changed, 163 insertions(+), 30 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index c1ab86d63e..4e19969111 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4777,7 +4777,9 @@ static void x86_cpu_reset(CPUState *s)
 memset(env->mtrr_fixed, 0, sizeof(env->mtrr_fixed));
 
 env->interrupt_injected = -1;
-env->exception_injected = -1;
+env->exception_nr = -1;
+env->exception_pending = 0;
+env->exception_injected = 0;
 env->nmi_injected = false;
 #if !defined(CONFIG_USER_ONLY)
 /* We hard-wire the BSP to the first CPU. */
@@ -5173,12 +5175,6 @@ static int x86_cpu_filter_features(X86CPU *cpu)
 return rv;
 }
 
-#define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \
-   (env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \
-   (env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)
-#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \
- (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \
- (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)
 static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index bd06523a53..bbeb7a9521 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -729,6 +729,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
 
 #define CPUID_VENDOR_HYGON"HygonGenuine"
 
+#define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \
+   (env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \
+   (env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)
+#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \
+ (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \
+ (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)
+
 #define CPUID_MWAIT_IBE (1U << 1) /* Interrupts can exit capability */
 #define CPUID_MWAIT_EMX (1U << 0) /* enumeration supported */
 
@@ -1332,10 +1339,14 @@ typedef struct CPUX86State {
 
 /* For KVM */
 uint32_t mp_state;
-int32_t exception_injected;
+int32_t exception_nr;
 int32_t interrupt_injected;
 uint8_t soft_interrupt;
+uint8_t exception_pending;
+uint8_t exception_injected;
 uint8_t has_error_code;
+uint8_t exception_has_payload;
+uint64_t exception_payload;
 uint32_t ins_len;
 uint32_t sipi_vector;
 bool tsc_valid;
diff --git a/target/i386/hvf/hvf.c b/target/i386/hvf/hvf.c
index 2751c8125c..dc4bb63536 100644
--- a/target/i386/hvf/hvf.c
+++ b/target/i386/hvf/hvf.c
@@ -605,7 +605,9 @@ static void hvf_store_events(CPUState *cpu, uint32_t 
ins_len, uint64_t idtvec_in
 X86CPU *x86_cpu = X86_CPU(cpu);
 CPUX86State *env = &x86_cpu->env;
 
-env->exception_injected = -1;
+env->exception_nr = -1;
+env->exception_pending = 0;
+env->exception_injected = 0;
 env->interrupt_injected = -1;
 env->nmi_injected = false;
 if (idtvec_info & VMCS_IDT_VEC_VALID) {
@@ -619,7 +621,8 @@ static void hvf_store_events(CPUState *cpu, uint32_t 
ins_len, uint64_t idtvec_in
 break;
 case VMCS_IDT_VEC_HWEXCEPTION:
 case VMCS_IDT_VEC_SWEXCEPTION:
-env->exception_injected = idtvec_info & VMCS_IDT_VEC_VECNUM;
+env->exception_nr = idtvec_info & VMCS_IDT_VEC_VECNUM;
+env->exception_injected = 1;
 break;
 case VMCS_IDT_VEC_PRIV_SWEXCEPTION:
 default:
@@ -912,7 +915,8 @@ int hvf_vcpu_exec(CPUState *cpu)
 macvm_set_rip(cpu, rip + ins_

[Qemu-devel] [PATCH 1/7] KVM: i386: Use symbolic constant for #DB/#BP exception constants

[Paolo Bonzini]

From: Liran Alon 

Reviewed-by: Nikita Leshenko 
Signed-off-by: Liran Alon 
Signed-off-by: Paolo Bonzini 
---
 target/i386/kvm.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 3b29ce5c0d..c8d8196e71 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -2994,9 +2994,9 @@ static int kvm_guest_debug_workarounds(X86CPU *cpu)
 unsigned long reinject_trap = 0;
 
 if (!kvm_has_vcpu_events()) {
-if (env->exception_injected == 1) {
+if (env->exception_injected == EXCP01_DB) {
 reinject_trap = KVM_GUESTDBG_INJECT_DB;
-} else if (env->exception_injected == 3) {
+} else if (env->exception_injected == EXCP03_INT3) {
 reinject_trap = KVM_GUESTDBG_INJECT_BP;
 }
 env->exception_injected = -1;
@@ -3508,7 +3508,7 @@ static int kvm_handle_debug(X86CPU *cpu,
 int ret = 0;
 int n;
 
-if (arch_info->exception == 1) {
+if (arch_info->exception == EXCP01_DB) {
 if (arch_info->dr6 & (1 << 14)) {
 if (cs->singlestep_enabled) {
 ret = EXCP_DEBUG;
-- 
2.21.0

[Qemu-devel] [PATCH 7/7] Revert "target/i386: kvm: add VMX migration blocker"

[Paolo Bonzini]

From: Liran Alon 

This reverts commit d98f26073bebddcd3da0ba1b86c3a34e840c0fb8.
The commit should be reverted because we now support nVMX migration.

Reviewed-by: Nikita Leshenko 
Signed-off-by: Liran Alon 
Signed-off-by: Paolo Bonzini 
---
 target/i386/kvm.c | 12 
 1 file changed, 12 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index d48fafa22b..0a01f40e73 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -943,7 +943,6 @@ static int hyperv_init_vcpu(X86CPU *cpu)
 }
 
 static Error *invtsc_mig_blocker;
-static Error *vmx_mig_blocker;
 
 #define KVM_MAX_CPUID_ENTRIES  100
 
@@ -1308,17 +1307,6 @@ int kvm_arch_init_vcpu(CPUState *cs)
   !!(c->ecx & CPUID_EXT_SMX);
 }
 
-if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {
-error_setg(&vmx_mig_blocker,
-   "Nested VMX virtualization does not support live migration 
yet");
-r = migrate_add_blocker(vmx_mig_blocker, &local_err);
-if (local_err) {
-error_report_err(local_err);
-error_free(vmx_mig_blocker);
-return r;
-}
-}
-
 if (env->mcg_cap & MCG_LMCE_P) {
 has_msr_mcg_ext_ctl = has_msr_feature_control = true;
 }
-- 
2.21.0

[Qemu-devel] [PATCH preliminary 0/7] target-i386/kvm: live migration support for nested VMX

[Paolo Bonzini]

This is mostly Liran's work.  It's preliminary because he found some cases
that break but he hasn't debugged them fully yet (a kernel bug is suspected
though) and because my version, which only requires a very small and
backwards-compatible linux-headers change (patch 4), has seen even less testing.

Paolo

Liran Alon (6):
  KVM: i386: Use symbolic constant for #DB/#BP exception constants
  KVM: i386: Re-inject #DB to guest with updated DR6
  KVM: i386: Add support for KVM_CAP_EXCEPTION_PAYLOAD
  vmstate: Add support for kernel integer types
  KVM: i386: Add support for save and restore nested state
  Revert "target/i386: kvm: add VMX migration blocker"

Paolo Bonzini (1):
  linux-headers: import improved definition of KVM_GET/SET_NESTED_STATE
structs

 accel/kvm/kvm-all.c |   8 ++
 include/migration/vmstate.h |  18 +++
 include/sysemu/kvm.h|   1 +
 linux-headers/asm-x86/kvm.h |  11 ++
 target/i386/cpu.c   |  10 +-
 target/i386/cpu.h   |  16 ++-
 target/i386/hvf/hvf.c   |  10 +-
 target/i386/hvf/x86hvf.c|   4 +-
 target/i386/kvm.c   | 160 
 target/i386/machine.c   | 243 +++-
 10 files changed, 440 insertions(+), 41 deletions(-)

-- 
2.21.0

[Qemu-devel] [PATCH 4/7] linux-headers: import improved definition of KVM_GET/SET_NESTED_STATE structs

[Paolo Bonzini]

This patch improves the KVM_GET/SET_NESTED_STATE structs by detailing
the format of VMX nested state in a struct.  The VMX nested state is
accessible through struct kvm_vmx_nested_state though, to avoid
changing the size of the structs, it has to be accessed as "vmx.data[0]"
rather than just "vmx.data".

Also, the values of the "format" field are defined as macros.  This
patch should be sent to Linus very shortly.

Signed-off-by: Paolo Bonzini 
---
 linux-headers/asm-x86/kvm.h | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
index 7a0e64ccd6..06b8727a3b 100644
--- a/linux-headers/asm-x86/kvm.h
+++ b/linux-headers/asm-x86/kvm.h
@@ -383,6 +383,9 @@ struct kvm_sync_regs {
 #define KVM_X86_QUIRK_LAPIC_MMIO_HOLE  (1 << 2)
 #define KVM_X86_QUIRK_OUT_7E_INC_RIP   (1 << 3)
 
+#define KVM_STATE_NESTED_FORMAT_VMX0
+#define KVM_STATE_NESTED_FORMAT_SVM1
+
 #define KVM_STATE_NESTED_GUEST_MODE0x0001
 #define KVM_STATE_NESTED_RUN_PENDING   0x0002
 #define KVM_STATE_NESTED_EVMCS 0x0004
@@ -390,6 +393,11 @@ struct kvm_sync_regs {
 #define KVM_STATE_NESTED_SMM_GUEST_MODE0x0001
 #define KVM_STATE_NESTED_SMM_VMXON 0x0002
 
+struct kvm_vmx_nested_state_data {
+   __u8 vmcs12[0x1000];
+   __u8 shadow_vmcs12[0x1000];
+};
+
 struct kvm_vmx_nested_state {
__u64 vmxon_pa;
__u64 vmcs_pa;
@@ -397,6 +405,9 @@ struct kvm_vmx_nested_state {
struct {
__u16 flags;
} smm;
+
+   __u8 pad[120 - 18];
+   struct kvm_vmx_nested_state_data data[0];
 };
 
 /* for KVM_CAP_NESTED_STATE */
-- 
2.21.0

[Qemu-devel] [PATCH 5/7] vmstate: Add support for kernel integer types

[Paolo Bonzini]

From: Liran Alon 

Reviewed-by: Nikita Leshenko 
Signed-off-by: Liran Alon 
Signed-off-by: Paolo Bonzini 
---
 include/migration/vmstate.h | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index 9224370ed5..a85424fb04 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -797,6 +797,15 @@ extern const VMStateInfo vmstate_info_qtailq;
 #define VMSTATE_UINT64_V(_f, _s, _v)  \
 VMSTATE_SINGLE(_f, _s, _v, vmstate_info_uint64, uint64_t)
 
+#define VMSTATE_U8_V(_f, _s, _v)   \
+VMSTATE_SINGLE(_f, _s, _v, vmstate_info_uint8, __u8)
+#define VMSTATE_U16_V(_f, _s, _v)  \
+VMSTATE_SINGLE(_f, _s, _v, vmstate_info_uint16, __u16)
+#define VMSTATE_U32_V(_f, _s, _v)  \
+VMSTATE_SINGLE(_f, _s, _v, vmstate_info_uint32, __u32)
+#define VMSTATE_U64_V(_f, _s, _v)  \
+VMSTATE_SINGLE(_f, _s, _v, vmstate_info_uint64, __u64)
+
 #define VMSTATE_BOOL(_f, _s)  \
 VMSTATE_BOOL_V(_f, _s, 0)
 
@@ -818,6 +827,15 @@ extern const VMStateInfo vmstate_info_qtailq;
 #define VMSTATE_UINT64(_f, _s)\
 VMSTATE_UINT64_V(_f, _s, 0)
 
+#define VMSTATE_U8(_f, _s) \
+VMSTATE_U8_V(_f, _s, 0)
+#define VMSTATE_U16(_f, _s)\
+VMSTATE_U16_V(_f, _s, 0)
+#define VMSTATE_U32(_f, _s)\
+VMSTATE_U32_V(_f, _s, 0)
+#define VMSTATE_U64(_f, _s)\
+VMSTATE_U64_V(_f, _s, 0)
+
 #define VMSTATE_UINT8_EQUAL(_f, _s, _err_hint)\
 VMSTATE_SINGLE_FULL(_f, _s, 0, 0, \
 vmstate_info_uint8_equal, uint8_t, _err_hint)
-- 
2.21.0

[Qemu-devel] [PATCH 6/7] KVM: i386: Add support for save and restore nested state

[Paolo Bonzini]

From: Liran Alon 

Kernel commit 8fcc4b5923af ("kvm: nVMX: Introduce KVM_CAP_NESTED_STATE")
introduced new IOCTLs to extract and restore KVM internal state used to
run a VM that is in VMX operation.

Utilize these IOCTLs to add support of migration of VMs which are
running nested hypervisors.

Reviewed-by: Nikita Leshenko 
Signed-off-by: Liran Alon 
[Simplified subsection needed functions and computation of
 kvm_min_nested_state_len(); adjusted for upstream kernel field
 names; fixed !CONFIG_KVM compilation. - Paolo]
Signed-off-by: Paolo Bonzini 
---
 accel/kvm/kvm-all.c   |   8 ++
 include/sysemu/kvm.h  |   1 +
 target/i386/cpu.h |   3 +
 target/i386/kvm.c |  52 
 target/i386/machine.c | 182 ++
 5 files changed, 246 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index e4ac3386cb..e1c6c067e8 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -88,6 +88,7 @@ struct KVMState
 #ifdef KVM_CAP_SET_GUEST_DEBUG
 QTAILQ_HEAD(, kvm_sw_breakpoint) kvm_sw_breakpoints;
 #endif
+uint32_t max_nested_state_len;
 int many_ioeventfds;
 int intx_set_mask;
 bool sync_mmu;
@@ -1677,6 +1678,8 @@ static int kvm_init(MachineState *ms)
 s->debugregs = kvm_check_extension(s, KVM_CAP_DEBUGREGS);
 #endif
 
+s->max_nested_state_len = kvm_check_extension(s, KVM_CAP_NESTED_STATE);
+
 #ifdef KVM_CAP_IRQ_ROUTING
 kvm_direct_msi_allowed = (kvm_check_extension(s, KVM_CAP_SIGNAL_MSI) > 0);
 #endif
@@ -2244,6 +2247,11 @@ int kvm_has_debugregs(void)
 return kvm_state->debugregs;
 }
 
+uint32_t kvm_max_nested_state_length(void)
+{
+return kvm_state->max_nested_state_len;
+}
+
 int kvm_has_many_ioeventfds(void)
 {
 if (!kvm_enabled()) {
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index a6d1cd190f..5eb79b594c 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -210,6 +210,7 @@ bool kvm_has_sync_mmu(void);
 int kvm_has_vcpu_events(void);
 int kvm_has_robust_singlestep(void);
 int kvm_has_debugregs(void);
+uint32_t kvm_max_nested_state_length(void);
 int kvm_has_pit_state2(void);
 int kvm_has_many_ioeventfds(void);
 int kvm_has_gsi_routing(void);
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index bbeb7a9521..550d397807 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1355,6 +1355,9 @@ typedef struct CPUX86State {
 #if defined(CONFIG_KVM) || defined(CONFIG_HVF)
 void *xsave_buf;
 #endif
+#if defined(CONFIG_KVM)
+struct kvm_nested_state *nested_state;
+#endif
 #if defined(CONFIG_HVF)
 HVFX86EmulatorState *hvf_emul;
 #endif
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index dca76830ec..d48fafa22b 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -968,6 +968,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
 struct kvm_cpuid_entry2 *c;
 uint32_t signature[3];
 int kvm_base = KVM_CPUID_SIGNATURE;
+uint32_t nested_state_len;
 int r;
 Error *local_err = NULL;
 
@@ -1368,6 +1369,13 @@ int kvm_arch_init_vcpu(CPUState *cs)
 if (has_xsave) {
 env->xsave_buf = qemu_memalign(4096, sizeof(struct kvm_xsave));
 }
+
+nested_state_len = kvm_max_nested_state_length();
+if (nested_state_len > 0) {
+assert(nested_state_len >= offsetof(struct kvm_nested_state, data));
+env->nested_state = g_malloc0(nested_state_len);
+}
+
 cpu->kvm_msr_buf = g_malloc0(MSR_BUF_SIZE);
 
 if (!(env->features[FEAT_8000_0001_EDX] & CPUID_EXT2_RDTSCP)) {
@@ -3125,6 +3133,41 @@ static int kvm_get_debugregs(X86CPU *cpu)
 return 0;
 }
 
+static int kvm_put_nested_state(X86CPU *cpu)
+{
+CPUX86State *env = &cpu->env;
+uint32_t nested_state_len = kvm_max_nested_state_length();
+
+if (nested_state_len == 0) {
+return 0;
+}
+
+assert(env->nested_state->size <= nested_state_len);
+return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_NESTED_STATE, env->nested_state);
+}
+
+static int kvm_get_nested_state(X86CPU *cpu)
+{
+CPUX86State *env = &cpu->env;
+uint32_t nested_state_len = kvm_max_nested_state_length();
+
+if (nested_state_len == 0) {
+return 0;
+}
+
+/*
+ * It is possible that migration restored a smaller size into
+ * nested_state->size than what our kernel supports.
+ * We preserve migration origin nested_state->size for
+ * the call to KVM_SET_NESTED_STATE but wish that our next call
+ * to KVM_GET_NESTED_STATE will use the maximum size supported by
+ * the kernel we're running on.
+ */
+env->nested_state->size = nested_state_len;
+
+return kvm_vcpu_ioctl(CPU(cpu), KVM_GET_NESTED_STATE, env->nested_state);
+}
+
 int kvm_arch_put_registers(CPUState *cpu, int level)
 {
 X86CPU *x86_cpu = X86_CPU(cpu);
@@ -3132,6 +3175,11 @@ int kvm_arch_put_registers(CPUState *cpu, int level)
 
 assert(cpu_is_stopped(cpu) || qemu_cpu_is_self(cpu));
 
+ret = kvm_put_nested_state(x86_cpu);
+if (ret < 0) {
+return ret;
+}
+
 if (

[Qemu-devel] [PATCH 2/7] KVM: i386: Re-inject #DB to guest with updated DR6

[Paolo Bonzini]

From: Liran Alon 

If userspace (QEMU) debug guest, when #DB is raised in guest and
intercepted by KVM, KVM forwards information on #DB to userspace
instead of injecting #DB to guest.
While doing so, KVM don't update vCPU DR6 but instead report the #DB DR6
value to userspace for further handling.
See KVM's handle_exception() DB_VECTOR handler.

QEMU handler for this case is kvm_handle_debug(). This handler basically
checks if #DB is related to one of user set hardware breakpoints and if
not, it re-inject #DB into guest.
The re-injection is done by setting env->exception_injected to #DB which
will later be passed as events.exception.nr to KVM_SET_VCPU_EVENTS ioctl
by kvm_put_vcpu_events().

However, in case userspace re-injects #DB, KVM expects userspace to set
vCPU DR6 as reported to userspace when #DB was intercepted! Otherwise,
KVM_REQ_EVENT handler will inject #DB with wrong DR6 to guest.

Fix this issue by updating vCPU DR6 appropriately when re-inject #DB to
guest.

Reviewed-by: Nikita Leshenko 
Signed-off-by: Liran Alon 
Signed-off-by: Paolo Bonzini 
---
 target/i386/kvm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index c8d8196e71..53f95b02a0 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -3546,6 +3546,9 @@ static int kvm_handle_debug(X86CPU *cpu,
 /* pass to guest */
 env->exception_injected = arch_info->exception;
 env->has_error_code = 0;
+if (arch_info->exception == EXCP01_DB) {
+env->dr[6] = arch_info->dr6;
+}
 }
 
 return ret;
-- 
2.21.0

Re: [Qemu-devel] [PATCH] hw: Nuke hw_compat_4_0_1 and pc_compat_4_0_1

[Michael S. Tsirkin]

On Fri, Jun 14, 2019 at 03:09:02PM +0200, Greg Kurz wrote:
> Commit c87759ce876a fixed a regression affecting pc-q35 machines by
> introducing a new pc-q35-4.0.1 machine version to be used instead
> of pc-q35-4.0. The only purpose was to revert the default behaviour
> of not using split irqchip, but the change also introduced the usual
> hw_compat and pc_compat bits, and wired them for pc-q35 only.
> 
> This raises questions when it comes to add new compat properties for
> 4.0* machine versions of any architecture. Where to add them ? In
> 4.0, 4.0.1 or both ? Error prone. Another possibility would be to teach
> all other architectures about 4.0.1. This solution isn't satisfying,
> especially since this is a pc-q35 specific issue.
> 
> It turns out that the split irqchip default is handled in the machine
> option function and doesn't involve compat lists at all.
> 
> Drop all the 4.0.1 compat lists and use the 4.0 ones instead in the 4.0.1
> machine option function.
> 
> Move the compat props that were added to the 4.0.1 since c87759ce876a to
> 4.0.
> 
> Even if only hw_compat_4_0_1 had an impact on other architectures,
> drop pc_compat_4_0_1 as well for consistency.
> 
> Fixes: c87759ce876a "q35: Revert to kernel irqchip"
> Suggested-by: Dr. David Alan Gilbert 
> Signed-off-by: Greg Kurz 

Reviewed-by: Michael S. Tsirkin 

Paolo are you merging this?

> ---
>  hw/core/machine.c|5 +
>  hw/i386/pc.c |3 ---
>  hw/i386/pc_q35.c |   12 
>  include/hw/boards.h  |3 ---
>  include/hw/i386/pc.h |3 ---
>  5 files changed, 9 insertions(+), 17 deletions(-)
> 
> diff --git a/hw/core/machine.c b/hw/core/machine.c
> index 84ebb8d24701..ea5a01aa49bc 100644
> --- a/hw/core/machine.c
> +++ b/hw/core/machine.c
> @@ -24,16 +24,13 @@
>  #include "hw/pci/pci.h"
>  #include "hw/mem/nvdimm.h"
>  
> -GlobalProperty hw_compat_4_0_1[] = {
> +GlobalProperty hw_compat_4_0[] = {
>  { "VGA","edid", "false" },
>  { "secondary-vga",  "edid", "false" },
>  { "bochs-display",  "edid", "false" },
>  { "virtio-vga", "edid", "false" },
>  { "virtio-gpu-pci", "edid", "false" },
>  };
> -const size_t hw_compat_4_0_1_len = G_N_ELEMENTS(hw_compat_4_0_1);
> -
> -GlobalProperty hw_compat_4_0[] = {};
>  const size_t hw_compat_4_0_len = G_N_ELEMENTS(hw_compat_4_0);
>  
>  GlobalProperty hw_compat_3_1[] = {
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index 2c5446b0951e..1a1935825ad2 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -111,9 +111,6 @@ struct hpet_fw_config hpet_cfg = {.count = UINT8_MAX};
>  /* Physical Address of PVH entry point read from kernel ELF NOTE */
>  static size_t pvh_start_addr;
>  
> -GlobalProperty pc_compat_4_0_1[] = {};
> -const size_t pc_compat_4_0_1_len = G_N_ELEMENTS(pc_compat_4_0_1);
> -
>  GlobalProperty pc_compat_4_0[] = {};
>  const size_t pc_compat_4_0_len = G_N_ELEMENTS(pc_compat_4_0);
>  
> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
> index dcddc6466200..57232aed6b6c 100644
> --- a/hw/i386/pc_q35.c
> +++ b/hw/i386/pc_q35.c
> @@ -378,8 +378,13 @@ static void pc_q35_4_0_1_machine_options(MachineClass *m)
>  {
>  pc_q35_4_1_machine_options(m);
>  m->alias = NULL;
> -compat_props_add(m->compat_props, hw_compat_4_0_1, hw_compat_4_0_1_len);
> -compat_props_add(m->compat_props, pc_compat_4_0_1, pc_compat_4_0_1_len);
> +/*
> + * This is the default machine for the 4.0-stable branch. It is basically
> + * a 4.0 that doesn't use split irqchip by default. It MUST hence apply 
> the
> + * 4.0 compat props.
> + */
> +compat_props_add(m->compat_props, hw_compat_4_0, hw_compat_4_0_len);
> +compat_props_add(m->compat_props, pc_compat_4_0, pc_compat_4_0_len);
>  }
>  
>  DEFINE_Q35_MACHINE(v4_0_1, "pc-q35-4.0.1", NULL,
> @@ -390,8 +395,7 @@ static void pc_q35_4_0_machine_options(MachineClass *m)
>  pc_q35_4_0_1_machine_options(m);
>  m->default_kernel_irqchip_split = true;
>  m->alias = NULL;
> -compat_props_add(m->compat_props, hw_compat_4_0, hw_compat_4_0_len);
> -compat_props_add(m->compat_props, pc_compat_4_0, pc_compat_4_0_len);
> +/* Compat props are applied by the 4.0.1 machine */
>  }
>  
>  DEFINE_Q35_MACHINE(v4_0, "pc-q35-4.0", NULL,
> diff --git a/include/hw/boards.h b/include/hw/boards.h
> index b7362af3f1d2..eaa050a7ab50 100644
> --- a/include/hw/boards.h
> +++ b/include/hw/boards.h
> @@ -293,9 +293,6 @@ struct MachineState {
>  } \
>  type_init(machine_initfn##_register_types)
>  
> -extern GlobalProperty hw_compat_4_0_1[];
> -extern const size_t hw_compat_4_0_1_len;
> -
>  extern GlobalProperty hw_compat_4_0[];
>  extern const size_t hw_compat_4_0_len;
>  
> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
> index a7d0b8716604..c54cc54a4799 100644
> --- a/include/hw/i386/pc.h
> +++ b/include/hw/i386/pc.h
> @@ -293,9 +293,6 @@ int e820_add_entry(uint64_t, uint64_t, uint32_t);
>  int e820_get_num_entries(void);
>  bool e820_get_entry(int, u

[Qemu-devel] [Bug 1832916] [NEW] linux-user does not check PROT_EXEC

[Richard Henderson]

Public bug reported:

At no point do we actually verify that a page is PROT_EXEC before
translating.  All we end up verifying is that the page is readable.  Not
the same thing, obviously.

The following test case should work for any architecture, though I've
only validated it for x86_64 and aarch64.

** Affects: qemu
 Importance: Undecided
 Assignee: Richard Henderson (rth)
 Status: New

** Attachment added: "z.c"
   https://bugs.launchpad.net/bugs/1832916/+attachment/5270854/+files/z.c

** Changed in: qemu
 Assignee: (unassigned) => Richard Henderson (rth)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1832916

Title:
  linux-user does not check PROT_EXEC

Status in QEMU:
  New

Bug description:
  At no point do we actually verify that a page is PROT_EXEC before
  translating.  All we end up verifying is that the page is readable.
  Not the same thing, obviously.

  The following test case should work for any architecture, though I've
  only validated it for x86_64 and aarch64.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1832916/+subscriptions

Re: [Qemu-devel] [PATCH 2/2] target/arm: Only implement doubles if the FPU supports them

[Richard Henderson]

On 6/14/19 10:52 AM, Peter Maydell wrote:
> On Fri, 14 Jun 2019 at 18:21, Richard Henderson
>  wrote:
>>
>> On 6/14/19 3:44 AM, Peter Maydell wrote:
>>> @@ -173,6 +173,11 @@ static bool trans_VSEL(DisasContext *s, arg_VSEL *a)
>>>  ((a->vm | a->vn | a->vd) & 0x10)) {
>>>  return false;
>>>  }
>>> +
>>> +if (dp && !dc_isar_feature(aa32_fpdp, s)) {
>>> +return false;
>>> +}
>>
>> Would it be cleaner to define something like
>>
>> static bool vfp_dp_enabled(DisasContext *s, int regmask)
>> {
>> if (!dc_isar_feature(aa32_fpdp, s)) {
>> /* All double-precision disabled.  */
>> return false;
>> }
>> if (!dc_isar_feature(aa32_fp_d32, s) && (regmask & 0x10)) {
>> /* D16-D31 do not exist.  */
>> return false;
>> }
>> return true;
>> }
>>
>> Then use
>>
>> if (dp && !vfp_dp_enabled(s, a->vm | a->vn | a->vd))
>>
>> ?
> 
> It would be less code, but I don't think the "are we using
> a register than doesn't exist" and the "do we have dp support"
> checks are really related, and splitting the "OR the register
> numbers together" from the "test the top bit" makes that
> part look rather less clear I think.

Fair enough.

Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH] nvme: do not advertise support for unsupported arbitration mechanism

[Max Reitz]

On 06.06.19 11:25, Klaus Birkelund Jensen wrote:
> The device mistakenly reports that the Weighted Round Robin with Urgent
> Priority Class arbitration mechanism is supported.
> 
> It is not.

I believe you based on the fact that there is no “weight” or “priority”
anywhere in nvme.c, and that it does not evaluate the Arbitration
Mechanism Selected field.

> Signed-off-by: Klaus Birkelund Jensen 
> ---
>  hw/block/nvme.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/hw/block/nvme.c b/hw/block/nvme.c
> index 30e50f7a3853..415b4641d6b4 100644
> --- a/hw/block/nvme.c
> +++ b/hw/block/nvme.c
> @@ -1383,7 +1383,6 @@ static void nvme_realize(PCIDevice *pci_dev, Error 
> **errp)
>  n->bar.cap = 0;
>  NVME_CAP_SET_MQES(n->bar.cap, 0x7ff);
>  NVME_CAP_SET_CQR(n->bar.cap, 1);
> -NVME_CAP_SET_AMS(n->bar.cap, 1);

I suppose the better way would be to pass 0, so it is more explicit, I
think.

(Just removing it looks like it may have just been forgotten.)

Max

>  NVME_CAP_SET_TO(n->bar.cap, 0xf);
>  NVME_CAP_SET_CSS(n->bar.cap, 1);
>  NVME_CAP_SET_MPSMAX(n->bar.cap, 4);
> 




signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1831477] Re: update edk2 submodule & binaries to edk2-stable201905

[Laszlo Ersek (Red Hat)]

[PULL 0/6] update edk2 submodule & binaries to edk2-stable201905
20190614202333.19355-1-lersek@redhat.com">http://mid.mail-archive.com/20190614202333.19355-1-lersek@redhat.com

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1831477

Title:
  update edk2 submodule & binaries to edk2-stable201905

Status in QEMU:
  In Progress

Bug description:
  The edk2 project will soon release edk2-stable201905. Update the edk2
  submodule in QEMU, and the bundled edk2 binaries, accordingly.

  
https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Release-Planning#edk2-stable201905-tag-planning
  https://github.com/tianocore/edk2/releases/tag/edk2-stable201905 [upcoming 
link]

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1831477/+subscriptions

Re: [Qemu-devel] [PATCH v5 21/42] block: Use CAFs for debug breakpoints

[Eric Blake]

On 6/14/19 11:12 AM, Max Reitz wrote:
> On 14.06.19 17:29, Vladimir Sementsov-Ogievskiy wrote:
>> 13.06.2019 1:09, Max Reitz wrote:
>>> When looking for a blkdebug node (which implements debug breakpoints),
>>> use bdrv_primary_bs() to iterate through the graph, because that is
>>> where a blkdebug node would be.
>>>
>>> Signed-off-by: Max Reitz 
>>
>> Honestly, don't know why blkdebug is always searched in ->file sequence,
> 
> Usually, blkdebug is just above the protocol node.  So
> 
> $format --file--> $protocol
> 
> becomes
> 
> $format --file--> blkdebug --file--> $protocol
> 
> This is why the existing code generally looks for blkdebug under the
> ->file link.

blkdebug is an interesting beast; there are use cases for both:

blkdebug -> qcow2 -> file

for debugging only guest-visible actions, and

qcow2 -> blkdebug -> file

for debugging specific qcow2 metadata actions.


-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3226
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 5/6] pc-bios: refresh edk2 build artifacts for edk2-stable201905

[Laszlo Ersek]

Rebuild the pc-bios/edk2-*.fd.bz2 binaries, and regenerate
pc-bios/edk2-licenses.txt, based on the edk2-stable201905 release.

Cc: Philippe Mathieu-Daudé 
Ref: https://bugs.launchpad.net/qemu/+bug/1831477
Signed-off-by: Laszlo Ersek 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 pc-bios/edk2-licenses.txt  | 752 ++--
 pc-bios/edk2-aarch64-code.fd.bz2   | Bin 1177603 -> 1178070 bytes
 pc-bios/edk2-arm-code.fd.bz2   | Bin 1173662 -> 1172752 bytes
 pc-bios/edk2-i386-code.fd.bz2  | Bin 1688659 -> 1736199 bytes
 pc-bios/edk2-i386-secure-code.fd.bz2   | Bin 1881979 -> 1943949 bytes
 pc-bios/edk2-x86_64-code.fd.bz2| Bin 1669280 -> 1717094 bytes
 pc-bios/edk2-x86_64-secure-code.fd.bz2 | Bin 1901210 -> 1958037 bytes
 7 files changed, 693 insertions(+), 59 deletions(-)

diff --git a/pc-bios/edk2-licenses.txt b/pc-bios/edk2-licenses.txt
index 8bdb1abc993e..0a4136eebc68 100644
--- a/pc-bios/edk2-licenses.txt
+++ b/pc-bios/edk2-licenses.txt
@@ -1,67 +1,661 @@
 ==> edk2/License.txt <==
-Copyright (c) 2004 - 2016, Intel Corporation. All rights reserved.
-Copyright (c) 2008 - 2010, Apple Inc. All rights reserved.
-Copyright (c) 2011 - 2015, ARM Limited. All rights reserved.
-Copyright (c) 2014 - 2015, Linaro Limited. All rights reserved.
-Copyright (c) 2013 - 2015, Red Hat, Inc.
+Copyright (c) 2019, TianoCore and contributors.  All rights reserved.
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
 
 Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-* Redistributions of source code must retain the above copyright
-  notice, this list of conditions and the following disclaimer.
-* Redistributions in binary form must reproduce the above copyright
-  notice, this list of conditions and the following disclaimer in
-  the documentation and/or other materials provided with the
-  distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+Subject to the terms and conditions of this license, each copyright holder
+and contributor hereby grants to those receiving rights under this license
+a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+(except for failure to satisfy the conditions of this license) patent
+license to make, have made, use, offer to sell, sell, import, and otherwise
+transfer this software, where such license applies only to those patent
+claims, already acquired or hereafter acquired, licensable by such copyright
+holder or contributor that are necessarily infringed by:
+
+(a) their Contribution(s) (the licensed copyrights of copyright holders and
+non-copyrightable additions of contributors, in source or binary form)
+alone; or
+
+(b) combination of their Contribution(s) with the work of authorship to
+which such Contribution(s) was added by such copyright holder or
+contributor, if, at the time the Contribution is added, such addition
+causes such combination to be necessarily infringed. The patent license
+shall not apply to any other combinations which include the
+Contribution.
+
+Except as expressly stated above, no rights or licenses from any copyright
+holder or contributor is granted under this license, whether expressly, by
+implication, estoppel or otherwise.
+
+DISCLAIMER
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PR

[Qemu-devel] [PULL 6/6] pc-bios: update the README file with edk2-stable201905 information

[Laszlo Ersek]

Refresh the "pc-bios/README" file with edk2, OpenSSL, and Berkeley
SoftFloat release info, matching the edk2-stable201905 firmware images
added in the previous patch.

Cc: Philippe Mathieu-Daudé 
Ref: https://bugs.launchpad.net/qemu/+bug/1831477
Signed-off-by: Laszlo Ersek 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 pc-bios/README | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/pc-bios/README b/pc-bios/README
index 807d95dd5418..180795a55b8a 100644
--- a/pc-bios/README
+++ b/pc-bios/README
@@ -55,9 +55,11 @@
   variable store templates built from the TianoCore community's EFI Development
   Kit II project
   . The images
-  were built at git tag "edk2-stable201903". The firmware binaries bundle parts
-  of the OpenSSL project, at git tag "OpenSSL_1_1_0j" (the OpenSSL tag is a
-  function of the edk2 tag). Licensing information is given in
-  "edk2-licenses.txt". The image files are described by the JSON documents in
-  the "pc-bios/descriptors" directory, which conform to the
-  "docs/interop/firmware.json" schema.
+  were built at git tag "edk2-stable201905". The firmware binaries bundle parts
+  of the OpenSSL project, at git tag "OpenSSL_1_1_1b" (the OpenSSL tag is a
+  function of the edk2 tag). Parts of the Berkeley SoftFloat library are
+  bundled as well, at Release 3e plus a subsequent typo fix (commit
+  b64af41c3276f97f0e181920400ee056b9c88037), as an OpenSSL dependency on 32-bit
+  ARM. Licensing information is given in "edk2-licenses.txt". The image files
+  are described by the JSON documents in the "pc-bios/descriptors" directory,
+  which conform to the "docs/interop/firmware.json" schema.
-- 
2.19.1.3.g30247aa5d201

[Qemu-devel] [PULL 2/6] roms/edk2: update submodule from edk2-stable201903 to edk2-stable201905

[Laszlo Ersek]

Update the edk2 submodule from release edk2-stable201903 to
edk2-stable201905. The release notes can be read at

  https://github.com/tianocore/edk2/releases/tag/edk2-stable201905

Below is a list of commits in the new release:

1 c9e1e28b6195 Maintainers.txt: clarify Reviewer requirements and 
responsibilities
2 a24a37dba42c StdLib: Update resolv.conf to use Google's DNS servers
3 690d60c0ada5 MdeModulePkg/SdMmcPciHcDxe: Add V3 64b DMA Support
4 326598e9b759 StandaloneMmPkg/Library: Install Variable Arch Protocol
5 56edfb174ad6 StandaloneMmPkg: drop redundant definition of 
gEfiMmConfigurationProtocolGuid
6 8edde27a3835 StandaloneMmPkg: switch to NULL DebugLib resolution
7 4b771927c801 StandaloneMmPkg/StandaloneMmCoreEntryPoint: drop explicit 
SerialPortLib call
8 d65e0e4881b7 StandaloneMmPkg/Core: permit encapsulated firmware volumes
9 84249babd703 StandaloneMmPkg/Core: dispatch all drivers at init time
   10 094c0bc7d7a5 StandaloneMmPkg/Core: drop support for dispatching FVs into 
MM
   11 b2877855c7ec StandaloneMmPkg/Core: remove legacy boot support
   12 4d275961d8d6 StandaloneMmPkg: drop unused PCD PcdStandaloneMmEnable
   13 d6253d2f9a33 StandaloneMmPkg: remove redundant 
StandaloneMmDriverEntryPoint driver
   14 fb94f83131f0 BaseTools: Enable compiler cache support in edk2 build
   15 c8eada5ca07b SecurityPkg: Remove duplicated BSD license
   16 5835c054f4ce Vlv2TbltDevicePkg: Remove duplicated BSD license
   17 b2a0a4ffd4d6 ShellPkg/UefiShellAcpiViewCommandLib: Change the note in uni
   18 d868846a4ecc BaseTool/Build: Add --disable-include-path-check.
   19 dbe05cb1c038 BaseTools: Fixed the issue of BaseTools Make cleanall failed.
   20 b0189eac00a5 BaseTools: Explicitly close files after readlines
   21 c49f298d28cb EmbeddedPkg/MmcDxe: Enable 4-bit mode even if SD_HIGH_SPEED 
is not supported
   22 34b162d078aa UefiCpuPkg/CpuCommonFeaturesLib: Aesni.c uses BIT0 and BIT1 
reversedly
   23 d0abf8bb3e09 MdePkg/MdePkg.uni: Add the prompt and help information
   24 6ef95e4da714 SecurityPkg/SecurityPkg.uni: Add the prompt and help 
information
   25 792396bec919 UefiCpuPkg/UefiCpuPkg.uni: Add the prompt and help 
information
   26 43b1be74a8f6 ShellPkg: Correct a parameter's name
   27 2ac896a67b8e MdePkg/PciSegmentLibSegmentInfo: Change parameters type
   28 7681a891cec6 BaseTools: Add missing license and copyright info
   29 432a2ba1a0d7 DynamicTablesPkg: correct LibraryClass dependencies for 
Arm/DBG2
   30 fbdfef35cb82 DynamicTablesPkg: add package .dsc file
   31 a4712bea79a7 Vlv2TbltDevicePkg: ECP Cleanup.
   32 46002a4a379b Vlv2TbltDevicePkg: Fix build failure issue after ECP cleanup
   33 2cb2b6d6fa9c Vlv2TbltDevicePkg: Fix 32bit BIOS build failure issue
   34 4f93ff22b983 DynamicTablesPkg: Fix protocol section
   35 98a4a7a99bf5 DynamicTablesPkg: Rename enum used for ID Mapping
   36 e12bdeb1c2ad DynamicTablesPkg: Add OEM Info
   37 1018bd4c79a6 DynamicTablesPkg: DGB2: Update DBG2_DEBUG_PORT_DDI
   38 24534823b281 DynamicTablesPkg: Remove GIC Distributor Id field
   39 c606f47291e4 DynamicTablesPkg: Minor updates and fix typos
   40 6c27a4d337d0 MdeModulePkg/UefiBootManangerLib: Fix exception issue
   41 bb2c9ccb3388 MdeModulePkg/PiSmmCore: Control S3 related functionality 
through flag.
   42 f4c5200926df SecurityPkg/OpalPassword: Fix incorrect line ending issue.
   43 210bd16aff81 Document: Remove obsolete user manuals
   44 f293841f9335 BaseTools: Remove EDKI related logic from Trim tool
   45 2f2c51acfb70 BaseTools: Remove the logic SourceOverridePath
   46 b669adebd01d Fix links in Maintainers.txt and remove slow outdated 
sourceforge git mirror
   47 cf85ba23d58c OvmfPkg: retire "create-release.py"
   48 4da419e2deb9 IntelSiliconPkg/IntelSiliconPkg.dsc: Add a driver to build
   49 fa888c7ee9ba PcAtChipsetPkg/PcatChipsetPkg.dsc: Add a driver to build
   50 4a1f6b85c184 MdeModulePkg: add LockBoxNullLib for !IA32/X64 in .dsc
   51 a004d17d01a9 BaseTool: Fixed an issue of Structure PCD
   52 fdebdc961bfd Nt32Pkg/Nt32Pkg.dsc: Remove EdkCompatibilityPkg information
   53 5bca07268aca Maintainers.txt: Remove EdkCompatibilityPkg information
   54 c455bc8c8d78 EdkCompatibilityPkg: Remove EdkCompatibilityPkg
   55 e259ad9b6452 OvmfPkg: Drop the ISA Floppy device support
   56 a5cc178aeb1a OvmfPkg: Add an Super IO bus driver
   57 a06810229618 OvmfPkg: Add a build flag to select ISA driver stack
   58 f67786e38171 BaseTools/TianoCompress: Improve performance of boundary 
validation
   59 55756c88aec9 BaseTools/C/Common: Improve performance of boundary 
validation
   60 8028f0303218 MdePkg/BaseUefiDecompressLib: Improve performance of 
boundary validation
   61 58742d79457e BaseTools:Trim will trig exception when input asl UTF8 
format file
   62 1c27ec423635 BaseTools:Coding problems caused by special characters
   63 b02873340b2d Vlv2TbltDevicePkg: Remove PACKAGES_PATH
   64 a89fd3a359b8 MdeModulePkg/CapsuleRuntimeDxe: Add cache flush for IA32 and 
X64
   65 933

[Qemu-devel] [PULL 4/6] roms/Makefile.edk2: update input file list for "pc-bios/edk2-licenses.txt"

[Laszlo Ersek]

(1) For TianoCore Bugzilla

  https://bugzilla.tianocore.org/show_bug.cgi?id=1373

the majority of the edk2 tree was relicensed under the
BSD-2-Clause-Patent license:

  https://spdx.org/licenses/BSD-2-Clause-Patent.html>

Edk2 commit f53de8aecb12 ("edk2: Add License-History.txt", 2019-04-09)
added a new file called "License-History.txt", describing license and
contributor agreement changes over time.

(2) For advacing edk2's OpenSSL git submodule to the 1.1.1b release, a
more up-to-date ArmSoftFloatLib instance became necessary, on 32-bit
ARM. Therefore, the embedded (and by now, obsolete) Berkeley SoftFloat
library was replaced with a git submodule of the same, checked out at
the latest release ("3e", plus a typo fix on top -- commit
b64af41c3276). This was implemented for TianoCore Bugzilla

  https://bugzilla.tianocore.org/show_bug.cgi?id=1845

in edk2 commit range b6cfa686e42d..371e7001e8d5.

Include the edk2 project's "License-History.txt" file, and the Berkeley
SoftFloat library's "COPYING.txt", in our generated
"pc-bios/edk2-licenses.txt" text file.

Cc: Philippe Mathieu-Daudé 
Ref: https://bugs.launchpad.net/qemu/+bug/1831477
Signed-off-by: Laszlo Ersek 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 roms/Makefile.edk2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roms/Makefile.edk2 b/roms/Makefile.edk2
index 6a19498d0738..c2f2ff59d5b1 100644
--- a/roms/Makefile.edk2
+++ b/roms/Makefile.edk2
@@ -17,7 +17,9 @@ toolchain = $(shell source ./edk2-funcs.sh && 
qemu_edk2_get_toolchain $(1))
 
 licenses := \
edk2/License.txt \
+   edk2/License-History.txt \
edk2/OvmfPkg/License.txt \
+   edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/COPYING.txt \
edk2/CryptoPkg/Library/OpensslLib/openssl/LICENSE
 
 # The "edk2-arm-vars.fd" varstore template is suitable for aarch64 as well.
-- 
2.19.1.3.g30247aa5d201

[Qemu-devel] [PULL 3/6] roms/Makefile.edk2: remove edk2-stable201903 network feature test macros

[Laszlo Ersek]

At tag "edk2-stable201905", the build flags HTTP_BOOT_ENABLE and
TLS_ENABLE have become useless. Their roles have been taken by
NETWORK_HTTP_BOOT_ENABLE and NETWORK_TLS_ENABLE, respectively. Remove the
old build flags.

Cc: Philippe Mathieu-Daudé 
Ref: https://bugs.launchpad.net/qemu/+bug/1831477
Signed-off-by: Laszlo Ersek 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 roms/Makefile.edk2 | 14 ++
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/roms/Makefile.edk2 b/roms/Makefile.edk2
index 071d6e454b68..6a19498d0738 100644
--- a/roms/Makefile.edk2
+++ b/roms/Makefile.edk2
@@ -57,8 +57,7 @@ submodules:
--arch=AARCH64 \
--platform=ArmVirtPkg/ArmVirtQemu.dsc \
-D NETWORK_IP6_ENABLE \
-   -D NETWORK_HTTP_BOOT_ENABLE \
-   -D HTTP_BOOT_ENABLE
+   -D NETWORK_HTTP_BOOT_ENABLE
cp edk2/Build/ArmVirtQemu-AARCH64/DEBUG_$(call 
toolchain,aarch64)/FV/QEMU_EFI.fd \
$@
truncate --size=64M $@
@@ -69,8 +68,7 @@ submodules:
--arch=ARM \
--platform=ArmVirtPkg/ArmVirtQemu.dsc \
-D NETWORK_IP6_ENABLE \
-   -D NETWORK_HTTP_BOOT_ENABLE \
-   -D HTTP_BOOT_ENABLE
+   -D NETWORK_HTTP_BOOT_ENABLE
cp edk2/Build/ArmVirtQemu-ARM/DEBUG_$(call 
toolchain,arm)/FV/QEMU_EFI.fd \
$@
truncate --size=64M $@
@@ -82,9 +80,7 @@ submodules:
--platform=OvmfPkg/OvmfPkgIa32.dsc \
-D NETWORK_IP6_ENABLE \
-D NETWORK_HTTP_BOOT_ENABLE \
-   -D HTTP_BOOT_ENABLE \
-D NETWORK_TLS_ENABLE \
-   -D TLS_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE
cp edk2/Build/OvmfIa32/DEBUG_$(call toolchain,i386)/FV/OVMF_CODE.fd $@
@@ -96,9 +92,7 @@ submodules:
--platform=OvmfPkg/OvmfPkgIa32.dsc \
-D NETWORK_IP6_ENABLE \
-D NETWORK_HTTP_BOOT_ENABLE \
-   -D HTTP_BOOT_ENABLE \
-D NETWORK_TLS_ENABLE \
-   -D TLS_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE \
-D SECURE_BOOT_ENABLE \
@@ -112,9 +106,7 @@ submodules:
--platform=OvmfPkg/OvmfPkgX64.dsc \
-D NETWORK_IP6_ENABLE \
-D NETWORK_HTTP_BOOT_ENABLE \
-   -D HTTP_BOOT_ENABLE \
-D NETWORK_TLS_ENABLE \
-   -D TLS_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE
cp edk2/Build/OvmfX64/DEBUG_$(call toolchain,x86_64)/FV/OVMF_CODE.fd $@
@@ -127,9 +119,7 @@ submodules:
--platform=OvmfPkg/OvmfPkgIa32X64.dsc \
-D NETWORK_IP6_ENABLE \
-D NETWORK_HTTP_BOOT_ENABLE \
-   -D HTTP_BOOT_ENABLE \
-D NETWORK_TLS_ENABLE \
-   -D TLS_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE \
-D SECURE_BOOT_ENABLE \
-- 
2.19.1.3.g30247aa5d201

[Qemu-devel] [PULL 1/6] roms/Makefile.edk2: define edk2-stable201905 network feature test macros

[Laszlo Ersek]

Due to edk2 commits 631195044ff0 ("OvmfPkg: Update DSC/FDF to use
NetworkPkg's include fragment file.", 2019-05-16) and 157a3b1aa50f
("ArmVirtPkg: Update DSC/FDF to use NetworkPkg's include fragment file.",
2019-05-16), we'll have to pefix the HTTP_BOOT_ENABLE and TLS_ENABLE build
flags with "NETWORK_", for building edk2 at tag "edk2-stable201905".

Right now the new flags are no-ops, so we can insert them separately,
before advancing our edk2 submodule reference. We will remove the old
flags afterwards.

Cc: Philippe Mathieu-Daudé 
Ref: https://bugs.launchpad.net/qemu/+bug/1831477
Signed-off-by: Laszlo Ersek 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
---
 roms/Makefile.edk2 | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/roms/Makefile.edk2 b/roms/Makefile.edk2
index 822c547fec64..071d6e454b68 100644
--- a/roms/Makefile.edk2
+++ b/roms/Makefile.edk2
@@ -57,6 +57,7 @@ submodules:
--arch=AARCH64 \
--platform=ArmVirtPkg/ArmVirtQemu.dsc \
-D NETWORK_IP6_ENABLE \
+   -D NETWORK_HTTP_BOOT_ENABLE \
-D HTTP_BOOT_ENABLE
cp edk2/Build/ArmVirtQemu-AARCH64/DEBUG_$(call 
toolchain,aarch64)/FV/QEMU_EFI.fd \
$@
@@ -68,6 +69,7 @@ submodules:
--arch=ARM \
--platform=ArmVirtPkg/ArmVirtQemu.dsc \
-D NETWORK_IP6_ENABLE \
+   -D NETWORK_HTTP_BOOT_ENABLE \
-D HTTP_BOOT_ENABLE
cp edk2/Build/ArmVirtQemu-ARM/DEBUG_$(call 
toolchain,arm)/FV/QEMU_EFI.fd \
$@
@@ -79,7 +81,9 @@ submodules:
--arch=IA32 \
--platform=OvmfPkg/OvmfPkgIa32.dsc \
-D NETWORK_IP6_ENABLE \
+   -D NETWORK_HTTP_BOOT_ENABLE \
-D HTTP_BOOT_ENABLE \
+   -D NETWORK_TLS_ENABLE \
-D TLS_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE
@@ -91,7 +95,9 @@ submodules:
--arch=IA32 \
--platform=OvmfPkg/OvmfPkgIa32.dsc \
-D NETWORK_IP6_ENABLE \
+   -D NETWORK_HTTP_BOOT_ENABLE \
-D HTTP_BOOT_ENABLE \
+   -D NETWORK_TLS_ENABLE \
-D TLS_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE \
@@ -105,7 +111,9 @@ submodules:
--arch=X64 \
--platform=OvmfPkg/OvmfPkgX64.dsc \
-D NETWORK_IP6_ENABLE \
+   -D NETWORK_HTTP_BOOT_ENABLE \
-D HTTP_BOOT_ENABLE \
+   -D NETWORK_TLS_ENABLE \
-D TLS_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE
@@ -118,7 +126,9 @@ submodules:
--arch=X64 \
--platform=OvmfPkg/OvmfPkgIa32X64.dsc \
-D NETWORK_IP6_ENABLE \
+   -D NETWORK_HTTP_BOOT_ENABLE \
-D HTTP_BOOT_ENABLE \
+   -D NETWORK_TLS_ENABLE \
-D TLS_ENABLE \
-D TPM2_ENABLE \
-D TPM2_CONFIG_ENABLE \
-- 
2.19.1.3.g30247aa5d201

[Qemu-devel] [PULL 0/6] update edk2 submodule & binaries to edk2-stable201905

[Laszlo Ersek]

The following changes since commit f3d0bec9f80e4ed7796fffa834ba0a53f2094f7f:

  Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2019-06-14' 
into staging (2019-06-14 14:46:13 +0100)

are available in the Git repository at:

  https://github.com/lersek/qemu.git tags/edk2-pull-2019-06-14

for you to fetch changes up to 541617cad3445fdc6735e9e5752e1f698e337737:

  pc-bios: update the README file with edk2-stable201905 information 
(2019-06-14 21:48:00 +0200)


edk2-stable201905 was released on 2019-06-06:

  https://github.com/tianocore/edk2/releases/tag/edk2-stable201905

Advance QEMU's edk2 submodule to edk2-stable201905, and rebuild the
firmware binaries. This should be the edk2 release that goes into QEMU
4.1.

Launchpad: https://bugs.launchpad.net/qemu/+bug/1831477


Laszlo Ersek (6):
  roms/Makefile.edk2: define edk2-stable201905 network feature test macros
  roms/edk2: update submodule from edk2-stable201903 to edk2-stable201905
  roms/Makefile.edk2: remove edk2-stable201903 network feature test macros
  roms/Makefile.edk2: update input file list for "pc-bios/edk2-licenses.txt"
  pc-bios: refresh edk2 build artifacts for edk2-stable201905
  pc-bios: update the README file with edk2-stable201905 information

 pc-bios/README |  14 +-
 pc-bios/edk2-aarch64-code.fd.bz2   | Bin 1177603 -> 1178070 bytes
 pc-bios/edk2-arm-code.fd.bz2   | Bin 1173662 -> 1172752 bytes
 pc-bios/edk2-i386-code.fd.bz2  | Bin 1688659 -> 1736199 bytes
 pc-bios/edk2-i386-secure-code.fd.bz2   | Bin 1881979 -> 1943949 bytes
 pc-bios/edk2-licenses.txt  | 752 ++---
 pc-bios/edk2-x86_64-code.fd.bz2| Bin 1669280 -> 1717094 bytes
 pc-bios/edk2-x86_64-secure-code.fd.bz2 | Bin 1901210 -> 1958037 bytes
 roms/Makefile.edk2 |  22 +-
 roms/edk2  |   2 +-
 10 files changed, 714 insertions(+), 76 deletions(-)

-- 
2.19.1.3.g30247aa5d201

Re: [Qemu-devel] [PATCH v8 4/7] block: introduce backup-top filter driver

[Max Reitz]

On 14.06.19 18:22, Vladimir Sementsov-Ogievskiy wrote:
> 14.06.2019 15:57, Max Reitz wrote:
>> On 14.06.19 11:04, Vladimir Sementsov-Ogievskiy wrote:
>>> 13.06.2019 18:57, Max Reitz wrote:
 On 29.05.19 17:46, Vladimir Sementsov-Ogievskiy wrote:
> Backup-top filter does copy-before-write operation. It should be
> inserted above active disk and has a target node for CBW, like the
> following:
>
>   +---+
>   | Guest |
>   +---+
>   |r,w
>   v
>   ++  target   +---+
>   | backup_top |-->| target(qcow2) |
>   ++   CBW +---+
>   |
> backing |r,w
>   v
>   +-+
>   | Active disk |
>   +-+
>
> The driver will be used in backup instead of write-notifiers.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy 
> ---
>block/backup-top.h  |  64 +
>block/backup-top.c  | 322 
>block/Makefile.objs |   2 +
>3 files changed, 388 insertions(+)
>create mode 100644 block/backup-top.h
>create mode 100644 block/backup-top.c
>
> diff --git a/block/backup-top.h b/block/backup-top.h
> new file mode 100644
> index 00..788e18c358
> --- /dev/null
> +++ b/block/backup-top.h
>>
>> [...]
>>
> +/*
> + * bdrv_backup_top_append
> + *
> + * Append backup_top filter node above @source node. @target node will 
> receive
> + * the data backed up during CBE operations. New filter together with 
> @target
> + * node are attached to @source aio context.
> + *
> + * The resulting filter node is implicit.

 Why?  It’s just as easy for the caller to just make it implicit if it
 should be.  (And usually the caller should decide that.)
>>>
>>> Personally, I don't know what are the reasons for filters to bi implicit or 
>>> not,
>>> I just made it like other job-filters.. I can move making-implicit to the 
>>> caller
>>> or drop it at all (if it will work).
>>
>> Nodes are implicit if they haven’t been added consciously by the user.
>> A node added by a block job can be non-implicit, too, as mirror shows;
>> If the user specifies the filter-node-name option, they will know about
>> the node, thus it is no longer implicit.
>>
>> If the user doesn’t know about the node (they didn’t give the
>> filter-node-name option), the node is implicit.
>>
> 
> Ok, I understand it. But it doesn't show, why it should be implicit?
> Isn't it less buggy to make all filters explicit? We don't hide implicit nodes
> from query-named-block-nodes (the only interface to explore the whole graph 
> for now)
> anyway. And we can't absolutely hide side effects of additional node in the 
> graph.

Well, we try, at least.  At least we hide them from query-block.

> So, is there any real benefit of supporting separation into implicit and 
> explicit filters?
> It seems for me that it only complicates things...
> In other words, what will break if we make all filters explicit?

The theory is that qemu may decide to add nodes at any point, but at
least when managing chains etc., they may not be visible to the user.  I
don’t think we can get rid of them so easily.

One example that isn’t implemented yet is copy-on-read.  In theory,
specifying copy-on-read=on for -drive should create an implicit COR node
on top.  The user shouldn’t see that node when inspecting the drive or
when issuing block jobs on it, etc.  And this node has to stay there
when the user does e.g. an active commit somewhere down the chain.

That sounds like a horrible ordeal to implement, so it hasn’t been done
yet.  Maybe it never will.  It isn’t that bad for the job filters,
because they generally freeze the block graph, so there is no problem
with potential modifications.

All in all I do think having implicit nodes makes sense.  Maybe not so
much now, but in the future (if someone implements converting -drive COR
and throttle options to implicit nodes...).

>> [...]
>>
> +static int coroutine_fn backup_top_co_flush(BlockDriverState *bs)
> +{
> +if (!bs->backing) {
> +return 0;
> +}
> +
> +return bdrv_co_flush(bs->backing->bs);

 Should we flush the target, too?
>>>
>>> Hm, you've asked it already, on previous version :)
>>
>> I wasn’t sure...
>>
>>> Backup don't do it,
>>> so I just keep old behavior. And what is the reason to flush backup target
>>> on any guest flush?
>>
>> Hm, well, what’s the reason not to do it?
> 
> guest flushes will be slowed down?

Hm, the user could specify cache=unsafe if they don’t care.  Which gives
me second thoughs... [1]

>> Also, there are not only guest flushes.  bdrv_flush_all() exists, which
>> is called when the guest is stopped.  So who is going to flush the
>> target if not its parent?
>>
>> [..

Re: [Qemu-devel] [PATCH v3 00/50] tcg plugin support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190614171200.21078-1-alex.ben...@linaro.org/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190614171200.21078-1-alex.ben...@linaro.org
Type: series
Subject: [Qemu-devel] [PATCH  v3 00/50] tcg plugin support

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
049048f TODO: API changes to make?
ed124e9 include/exec/cpu-defs.h: fix typo
f5a1e5b include/exec: wrap cpu_ldst.h in CONFIG_TCG
9ba123b accel/stubs: reduce headers from tcg-stub
df9793f tests/plugin: add hotpages plugin to breakdown memory access patterns
d1f355e tests/plugin: add instruction execution breakdown
6d4683c plugin: add qemu_plugin_insn_disas helper
e3145c6 tests/plugin: add a hotblocks plugin
473cace tests/tcg: enable plugin testing
c99d2ca tests/plugin: add sample plugins
f92b641 linux-user: support -plugin option
f81dc94 vl: support -plugin option
11d158f plugin: add API symbols to qemu-plugins.symbols
d0af116 translator: inject instrumentation from plugins
075f779 target/openrisc: fetch code with translator_ld
6426594 target/xtensa: fetch code with translator_ld
38fa0bd target/sparc: fetch code with translator_ld
96a7c87 target/riscv: fetch code with translator_ld
2bbeaea target/alpha: fetch code with translator_ld
2a3f91f target/m68k: fetch code with translator_ld
86b0923 target/hppa: fetch code with translator_ld
206cd1e target/i386: fetch code with translator_ld
c7ffbb8 target/sh4: fetch code with translator_ld
23bae27 target/ppc: fetch code with translator_ld
04e9634 target/arm: call qemu_plugin_insn_append
90c2eaa translator: add translator_ld{ub, sw, uw, l, q}
9681e1f plugin-gen: add plugin_insn_append
6c03f40 cpu: hook plugin vcpu events
aa70581 *-user: plugin syscalls
d9de19e *-user: notify plugin of exit
2a222c5 translate-all: notify plugin code of tb_flush
fa91333 tcg: let plugins instrument memory accesses
3644ead cpu_ldst_useronly_template: remove redundant #ifndef CODE_ACCESS
ab9dbec atomic_template: add inline trace/plugin helpers
e4aef56 atomic_template: fix indentation in GEN_ATOMIC_HELPER
ee3eba8 tcg: add MO_HADDR to TCGMemOp
3760a15 tcg: add tcg_gen_st_ptr
a4af748 plugin-gen: add module for TCG-related code
7f9020a cputlb: introduce get_page_addr_code_hostp
9a46037 cputlb: document get_page_addr_code
6d8e505 queue: add QTAILQ_REMOVE_SEVERAL
a3f7fb1 plugin: add implementation of the api
1bd3802 plugin: add core code
eb7a5d5 plugin: add user-facing API
33d885f configure: add --enable-plugins (MOVE TO END)
3fd3aeb docs/devel: add plugins.rst design document
dd4b2c0 translate-all: use cpu_in_exclusive_work_context() in tb_flush
6ef20c7 cpu: introduce cpu_in_exclusive_work_context()
8995c5a tcg/README: fix typo s/afterwise/afterwards/
b13029e trace: expand mem_info:size_shift to 3 bits

=== OUTPUT BEGIN ===
1/50 Checking commit b13029ec3c61 (trace: expand mem_info:size_shift to 3 bits)
2/50 Checking commit 8995c5a5814a (tcg/README: fix typo s/afterwise/afterwards/)
3/50 Checking commit 6ef20c7ac84b (cpu: introduce 
cpu_in_exclusive_work_context())
4/50 Checking commit dd4b2c0b5d58 (translate-all: use 
cpu_in_exclusive_work_context() in tb_flush)
5/50 Checking commit 3fd3aeb92699 (docs/devel: add plugins.rst design document)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#23: 
new file mode 100644

total: 0 errors, 1 warnings, 103 lines checked

Patch 5/50 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/50 Checking commit 33d885f24794 (configure: add --enable-plugins (MOVE TO 
END))
7/50 Checking commit eb7a5d579131 (plugin: add user-facing API)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

WARNING: architecture specific defines should be avoided
#41: FILE: include/qemu/qemu-plugin.h:22:
+#if defined _WIN32 || defined __CYGWIN__

WARNING: architecture specific defines should be avoided
#49: FILE: include/qemu/qemu-plugin.h:30:
+  #if __GNUC__ >= 4

total: 0 errors, 3 warnings, 339 lines checked

Patch 7/50 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/50 Checking commit 1bd3802f7e55 (plugin: add core code)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#56: 
new file mode 100644

ERROR: "foo * bar" should be "foo *bar"
#197: FILE: include/qemu/plugin.h:137:
+static inline struct qemu_plugin_insn * qemu_plugin_insn_alloc(void)

WARNING: Block comments use a leading /* on a separate line
#371: FILE: plugins/core.c:1:
+/* plugin.c 

Re: [Qemu-devel] [PATCH v3 00/50] tcg plugin support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190614171200.21078-1-alex.ben...@linaro.org/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  x86_64-softmmu/balloon.o
  CC  x86_64-softmmu/ioport.o
  CC  x86_64-softmmu/numa.o
/tmp/qemu-test/src/disas.c:502:5: error: use of undeclared identifier 'csh'
csh handle;
^
/tmp/qemu-test/src/disas.c:503:5: error: use of undeclared identifier 'cs_insn'
cs_insn *insn;
^
/tmp/qemu-test/src/disas.c:503:14: error: use of undeclared identifier 'insn'; 
did you mean 'info'?
cs_insn *insn;
 ^~~~
 info
/tmp/qemu-test/src/disas.c:499:53: note: 'info' declared here
static bool plugin_cap_disas_insn(disassemble_info *info, uint64_t pc, size_t 
size)
^
/tmp/qemu-test/src/disas.c:508:9: error: implicit declaration of function 
'cap_disas_start' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
if (cap_disas_start(info, &handle) != CS_ERR_OK) {
^
/tmp/qemu-test/src/disas.c:508:9: error: this function declaration is not a 
prototype [-Werror,-Wstrict-prototypes]
/tmp/qemu-test/src/disas.c:508:32: error: use of undeclared identifier 'handle'
if (cap_disas_start(info, &handle) != CS_ERR_OK) {
   ^
/tmp/qemu-test/src/disas.c:508:43: error: use of undeclared identifier 
'CS_ERR_OK'
if (cap_disas_start(info, &handle) != CS_ERR_OK) {
  ^
/tmp/qemu-test/src/disas.c:511:5: error: use of undeclared identifier 'insn'
insn = cap_insn;
^
/tmp/qemu-test/src/disas.c:511:12: error: use of undeclared identifier 
'cap_insn'
insn = cap_insn;
   ^
/tmp/qemu-test/src/disas.c:517:13: error: implicit declaration of function 
'cs_disasm' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
count = cs_disasm(handle, cbuf, size, 0, 1, &insn);
^
/tmp/qemu-test/src/disas.c:517:13: error: this function declaration is not a 
prototype [-Werror,-Wstrict-prototypes]
/tmp/qemu-test/src/disas.c:517:23: error: use of undeclared identifier 'handle'
count = cs_disasm(handle, cbuf, size, 0, 1, &insn);
  ^
/tmp/qemu-test/src/disas.c:517:50: error: use of undeclared identifier 'insn'
count = cs_disasm(handle, cbuf, size, 0, 1, &insn);
 ^
/tmp/qemu-test/src/disas.c:520:37: error: use of undeclared identifier 'insn'
g_string_printf(s, "%s %s", insn->mnemonic, insn->op_str);
^
/tmp/qemu-test/src/disas.c:520:53: error: use of undeclared identifier 'insn'
g_string_printf(s, "%s %s", insn->mnemonic, insn->op_str);
^
/tmp/qemu-test/src/disas.c:525:5: error: implicit declaration of function 
'cs_close' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
cs_close(&handle);
^
/tmp/qemu-test/src/disas.c:525:5: error: this function declaration is not a 
prototype [-Werror,-Wstrict-prototypes]
/tmp/qemu-test/src/disas.c:525:15: error: use of undeclared identifier 'handle'
cs_close(&handle);
  ^
18 errors generated.


The full log is available at
http://patchew.org/logs/20190614171200.21078-1-alex.ben...@linaro.org/testing.asan/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH 0/6] update edk2 submodule & binaries to edk2-stable201905

[Laszlo Ersek]

On 06/13/19 19:41, Philippe Mathieu-Daudé wrote:
> On 6/13/19 5:12 PM, Laszlo Ersek wrote:
>> On 06/06/19 15:31, Laszlo Ersek wrote:
>>> Launchpad: https://bugs.launchpad.net/qemu/+bug/1831477
>>> Repo:  https://github.com/lersek/qemu.git
>>> Branch:edk2-stable201905-lp-1831477
>>>
>>> edk2-stable201905 has been released today; let's update QEMU's
>>> submodule, and the binaries built thereof. This should be the edk2
>>> release that goes into QEMU 4.1.
>>>
>>> Cc: Philippe Mathieu-Daudé 
>>>
>>> Thanks
>>> Laszlo
>>>
>>> Laszlo Ersek (6):
>>>   roms/Makefile.edk2: define edk2-stable201905 network feature test
>>> macros
>>>   roms/edk2: update submodule from edk2-stable201903 to
>>> edk2-stable201905
>>>   roms/Makefile.edk2: remove edk2-stable201903 network feature test
>>> macros
>>>   roms/Makefile.edk2: update input file list for
>>> "pc-bios/edk2-licenses.txt"
>>>   pc-bios: refresh edk2 build artifacts for edk2-stable201905
>>>   pc-bios: update the README file with edk2-stable201905 information
>>>
>>>  pc-bios/README |  14 +-
>>>  pc-bios/edk2-aarch64-code.fd.bz2   | Bin 1177603 -> 1178070 bytes
>>>  pc-bios/edk2-arm-code.fd.bz2   | Bin 1173662 -> 1172752 bytes
>>>  pc-bios/edk2-i386-code.fd.bz2  | Bin 1688659 -> 1736199 bytes
>>>  pc-bios/edk2-i386-secure-code.fd.bz2   | Bin 1881979 -> 1943949 bytes
>>>  pc-bios/edk2-licenses.txt  | 752 ++--
>>>  pc-bios/edk2-x86_64-code.fd.bz2| Bin 1669280 -> 1717094 bytes
>>>  pc-bios/edk2-x86_64-secure-code.fd.bz2 | Bin 1901210 -> 1958037 bytes
>>>  roms/Makefile.edk2 |  22 +-
>>>  roms/edk2  |   2 +-
>>>  10 files changed, 714 insertions(+), 76 deletions(-)
>>>
>>
>> Ping :)
> 
> Oops sorry ...
> 
> Series:
> Reviewed-by: Philippe Mathieu-Daudé 
> Tested-by: Philippe Mathieu-Daudé 

Thanks! I'll send a pull req soon.

> (Definitively not a series you want to test on your laptop...)

Can you please clarify? I did test the series on my laptop...

Thanks,
Laszlo

Re: [Qemu-devel] [PATCH 5/5] .travis.yml: Build and install EDK2 roms

[Alex Bennée]

Laszlo Ersek  writes:

> On 06/13/19 18:59, Philippe Mathieu-Daudé wrote:
>> Hi Laszlo,
>>
>> On 3/12/19 5:29 PM, Laszlo Ersek wrote:
>>> On 03/11/19 01:30, Philippe Mathieu-Daudé wrote:
 Add a job to build and install the EDK2 platform firmware binaries.

 This job is only triggered if the last commit matches the EDK2
 name (case insensitive), or when tag are created (such releases
 or release candidates).

 Signed-off-by: Philippe Mathieu-Daudé 
 ---
  .travis.yml | 21 +
  1 file changed, 21 insertions(+)

 diff --git a/.travis.yml b/.travis.yml
 index e942175dd3..628cc52c99 100644
 --- a/.travis.yml
 +++ b/.travis.yml
 @@ -258,3 +258,24 @@ matrix:
  - env:
  - CONFIG="--disable-system"
  - TEST_CMD="make -j3 check-tcg V=1"
 +
 +
 +# EDK2 roms builds
 +- if: tag IS present OR commit_message =~ /(edk2|EDK2)/
 +  env:
 +- CONFIG="--disable-system --disable-user --prefix=$PWD/dist"
 +- EDK2_BUILD_OPTIONS="--quiet --silent"
 +  script:
 +- git submodule update --init roms/edk2
 +- make -j3
 +- make -C roms efi -j2
 +- make install
 +  addons:
 +apt:
 +  packages:
 +- dos2unix
 +- gcc-aarch64-linux-gnu
 +- gcc-arm-linux-gnueabihf
 +- iasl
 +- nasm
 +- uuid-dev

>>>
>>> Regardless of what problem we're trying to address with "--quiet
>>> --silent", those options are wrong. You certainly want detailed build
>>> logs for the case a CI job fails (at build time or at runtime).
>>
>> On Travis we get:
>>
>> The job exceeded the maximum log length, and has been terminated.
>> (https://travis-ci.org/philmd/qemu/jobs/545329905)
>>
>> So I moved to GitLab, but we still get:
>>
>> "Job's log exceeded limit of 4194304 bytes."
>> (https://gitlab.com/philmd/qemu/-/jobs/230772314)
>>
>> Regarding the options to pass to edk2-build.sh,
>>
>> $ build --help
>>   -j LOGFILE, --log=LOGFILE
>>Put log in specified file as well as on console.
>>   -s, --silent Make use of silent mode of (n)make.
>>   -q, --quiet  Disable all messages except FATAL ERRORS.
>>   -v, --verboseTurn on verbose output with informational messages
>>printed, including library instances selected, final
>>dependency expression, and warning messages, etc.
>>
>> '--log' duplicate the output, and I don't want to reduce the log
>> details, so I understand I should use:
>>
>>   ./edk2-build.sh [...] --log=build.log >/dev/null || cat build.log
>>
>> Is that correct? But then I'd need to modify Makefile.edk2 to redirect
>> stdout.
>
> Would it be possible to invoke the outermost make like this?
>
>   make -C roms -j2 efi >make.roms.efi.log 2>&1 \
>   || ( tail -c 2M make.roms.efi.log; false )

Or something like:

 after_failure:
   - tail -c 2M make.roms.efi.log

as Cleber suggested for his acceptance tests. Generally we want to try
and make the builds less noisy and only echo relevant details when it
fails. However we've tended to turn up the noise so we can debug stuff
and that is just painful to browser on the Travis website.


>
> Thanks
> Laszlo
>
>>
>>> The reason why I only include DEBUG firmware builds in the edk2 bundling
>>> series is similar -- RELEASE builds lack DEBUG messages and ASSERT()s,
>>> and as such they are 100% unsupportable in my book. Bugs in software are
>>> the norm, not the exception, so we should allow (even force) the user
>>> (and remote systems) to provide as much information as they can.
>>
>> Sure, we have the same book here ;)
>>
>> Regards,
>>
>> Phil.
>>


--
Alex Bennée

Re: [Qemu-devel] [PATCH 5/5] .travis.yml: Build and install EDK2 roms

[Laszlo Ersek]

On 06/13/19 18:59, Philippe Mathieu-Daudé wrote:
> Hi Laszlo,
> 
> On 3/12/19 5:29 PM, Laszlo Ersek wrote:
>> On 03/11/19 01:30, Philippe Mathieu-Daudé wrote:
>>> Add a job to build and install the EDK2 platform firmware binaries.
>>>
>>> This job is only triggered if the last commit matches the EDK2
>>> name (case insensitive), or when tag are created (such releases
>>> or release candidates).
>>>
>>> Signed-off-by: Philippe Mathieu-Daudé 
>>> ---
>>>  .travis.yml | 21 +
>>>  1 file changed, 21 insertions(+)
>>>
>>> diff --git a/.travis.yml b/.travis.yml
>>> index e942175dd3..628cc52c99 100644
>>> --- a/.travis.yml
>>> +++ b/.travis.yml
>>> @@ -258,3 +258,24 @@ matrix:
>>>  - env:
>>>  - CONFIG="--disable-system"
>>>  - TEST_CMD="make -j3 check-tcg V=1"
>>> +
>>> +
>>> +# EDK2 roms builds
>>> +- if: tag IS present OR commit_message =~ /(edk2|EDK2)/
>>> +  env:
>>> +- CONFIG="--disable-system --disable-user --prefix=$PWD/dist"
>>> +- EDK2_BUILD_OPTIONS="--quiet --silent"
>>> +  script:
>>> +- git submodule update --init roms/edk2
>>> +- make -j3
>>> +- make -C roms efi -j2
>>> +- make install
>>> +  addons:
>>> +apt:
>>> +  packages:
>>> +- dos2unix
>>> +- gcc-aarch64-linux-gnu
>>> +- gcc-arm-linux-gnueabihf
>>> +- iasl
>>> +- nasm
>>> +- uuid-dev
>>>
>>
>> Regardless of what problem we're trying to address with "--quiet
>> --silent", those options are wrong. You certainly want detailed build
>> logs for the case a CI job fails (at build time or at runtime).
> 
> On Travis we get:
> 
> The job exceeded the maximum log length, and has been terminated.
> (https://travis-ci.org/philmd/qemu/jobs/545329905)
> 
> So I moved to GitLab, but we still get:
> 
> "Job's log exceeded limit of 4194304 bytes."
> (https://gitlab.com/philmd/qemu/-/jobs/230772314)
> 
> Regarding the options to pass to edk2-build.sh,
> 
> $ build --help
>   -j LOGFILE, --log=LOGFILE
>Put log in specified file as well as on console.
>   -s, --silent Make use of silent mode of (n)make.
>   -q, --quiet  Disable all messages except FATAL ERRORS.
>   -v, --verboseTurn on verbose output with informational messages
>printed, including library instances selected, final
>dependency expression, and warning messages, etc.
> 
> '--log' duplicate the output, and I don't want to reduce the log
> details, so I understand I should use:
> 
>   ./edk2-build.sh [...] --log=build.log >/dev/null || cat build.log
> 
> Is that correct? But then I'd need to modify Makefile.edk2 to redirect
> stdout.

Would it be possible to invoke the outermost make like this?

  make -C roms -j2 efi >make.roms.efi.log 2>&1 \
  || ( tail -c 2M make.roms.efi.log; false )

Thanks
Laszlo

> 
>> The reason why I only include DEBUG firmware builds in the edk2 bundling
>> series is similar -- RELEASE builds lack DEBUG messages and ASSERT()s,
>> and as such they are 100% unsupportable in my book. Bugs in software are
>> the norm, not the exception, so we should allow (even force) the user
>> (and remote systems) to provide as much information as they can.
> 
> Sure, we have the same book here ;)
> 
> Regards,
> 
> Phil.
> 

Re: [Qemu-devel] [PATCH 5/5] .travis.yml: Build and install EDK2 roms

[Laszlo Ersek]

On 06/13/19 18:59, Philippe Mathieu-Daudé wrote:
> Hi Laszlo,
> 
> On 3/12/19 5:29 PM, Laszlo Ersek wrote:
>> On 03/11/19 01:30, Philippe Mathieu-Daudé wrote:
>>> Add a job to build and install the EDK2 platform firmware binaries.
>>>
>>> This job is only triggered if the last commit matches the EDK2
>>> name (case insensitive), or when tag are created (such releases
>>> or release candidates).
>>>
>>> Signed-off-by: Philippe Mathieu-Daudé 
>>> ---
>>>  .travis.yml | 21 +
>>>  1 file changed, 21 insertions(+)
>>>
>>> diff --git a/.travis.yml b/.travis.yml
>>> index e942175dd3..628cc52c99 100644
>>> --- a/.travis.yml
>>> +++ b/.travis.yml
>>> @@ -258,3 +258,24 @@ matrix:
>>>  - env:
>>>  - CONFIG="--disable-system"
>>>  - TEST_CMD="make -j3 check-tcg V=1"
>>> +
>>> +
>>> +# EDK2 roms builds
>>> +- if: tag IS present OR commit_message =~ /(edk2|EDK2)/
>>> +  env:
>>> +- CONFIG="--disable-system --disable-user --prefix=$PWD/dist"
>>> +- EDK2_BUILD_OPTIONS="--quiet --silent"
>>> +  script:
>>> +- git submodule update --init roms/edk2
>>> +- make -j3
>>> +- make -C roms efi -j2
>>> +- make install
>>> +  addons:
>>> +apt:
>>> +  packages:
>>> +- dos2unix
>>> +- gcc-aarch64-linux-gnu
>>> +- gcc-arm-linux-gnueabihf
>>> +- iasl
>>> +- nasm
>>> +- uuid-dev
>>>
>>
>> Regardless of what problem we're trying to address with "--quiet
>> --silent", those options are wrong. You certainly want detailed build
>> logs for the case a CI job fails (at build time or at runtime).
> 
> On Travis we get:
> 
> The job exceeded the maximum log length, and has been terminated.
> (https://travis-ci.org/philmd/qemu/jobs/545329905)
> 
> So I moved to GitLab, but we still get:
> 
> "Job's log exceeded limit of 4194304 bytes."
> (https://gitlab.com/philmd/qemu/-/jobs/230772314)
> 
> Regarding the options to pass to edk2-build.sh,
> 
> $ build --help
>   -j LOGFILE, --log=LOGFILE
>Put log in specified file as well as on console.
>   -s, --silent Make use of silent mode of (n)make.
>   -q, --quiet  Disable all messages except FATAL ERRORS.
>   -v, --verboseTurn on verbose output with informational messages
>printed, including library instances selected, final
>dependency expression, and warning messages, etc.
> 
> '--log' duplicate the output, and I don't want to reduce the log
> details, so I understand I should use:
> 
>   ./edk2-build.sh [...] --log=build.log >/dev/null || cat build.log
> 
> Is that correct? But then I'd need to modify Makefile.edk2 to redirect
> stdout.

Would it be possible to invoke the outermost make like this?

  make -C roms -j2 efi >make.roms.efi.log 2>&1 \
  || ( tail -c 2M make.roms.efi.log; false )

Thanks
Laszlo

> 
>> The reason why I only include DEBUG firmware builds in the edk2 bundling
>> series is similar -- RELEASE builds lack DEBUG messages and ASSERT()s,
>> and as such they are 100% unsupportable in my book. Bugs in software are
>> the norm, not the exception, so we should allow (even force) the user
>> (and remote systems) to provide as much information as they can.
> 
> Sure, we have the same book here ;)
> 
> Regards,
> 
> Phil.
> 

Re: [Qemu-devel] [PATCH 2/2] target/arm: Only implement doubles if the FPU supports them

[Peter Maydell]

On Fri, 14 Jun 2019 at 18:21, Richard Henderson
 wrote:
>
> On 6/14/19 3:44 AM, Peter Maydell wrote:
> > @@ -173,6 +173,11 @@ static bool trans_VSEL(DisasContext *s, arg_VSEL *a)
> >  ((a->vm | a->vn | a->vd) & 0x10)) {
> >  return false;
> >  }
> > +
> > +if (dp && !dc_isar_feature(aa32_fpdp, s)) {
> > +return false;
> > +}
>
> Would it be cleaner to define something like
>
> static bool vfp_dp_enabled(DisasContext *s, int regmask)
> {
> if (!dc_isar_feature(aa32_fpdp, s)) {
> /* All double-precision disabled.  */
> return false;
> }
> if (!dc_isar_feature(aa32_fp_d32, s) && (regmask & 0x10)) {
> /* D16-D31 do not exist.  */
> return false;
> }
> return true;
> }
>
> Then use
>
> if (dp && !vfp_dp_enabled(s, a->vm | a->vn | a->vd))
>
> ?

It would be less code, but I don't think the "are we using
a register than doesn't exist" and the "do we have dp support"
checks are really related, and splitting the "OR the register
numbers together" from the "test the top bit" makes that
part look rather less clear I think.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] migration: Improve accuracy of vCPU throttling with per-vCPU timers

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20190614161106.218854-1-cos...@nutanix.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Message-id: 20190614161106.218854-1-cos...@nutanix.com
Subject: [Qemu-devel] [PATCH] migration: Improve accuracy of vCPU throttling 
with per-vCPU timers
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

From https://github.com/patchew-project/qemu
 * [new tag] patchew/20190614161106.218854-1-cos...@nutanix.com -> 
patchew/20190614161106.218854-1-cos...@nutanix.com
Switched to a new branch 'test'
4497032 migration: Improve accuracy of vCPU throttling with per-vCPU timers

=== OUTPUT BEGIN ===
ERROR: trailing whitespace
#91: FILE: cpus.c:805:
+$

ERROR: spaces required around that '/' (ctx:VxV)
#113: FILE: cpus.c:824:
+pct = (double)new_throttle_pct/100;
   ^

ERROR: spaces required around that '-' (ctx:VxV)
#117: FILE: cpus.c:828:
+CPU_THROTTLE_TIMESLICE_NS / (1-pct));
   ^

WARNING: Block comments use a leading /* on a separate line
#149: FILE: include/qom/cpu.h:442:
+/* Used to cyclically trigger vCPU throttling during VM migration

total: 3 errors, 1 warnings, 88 lines checked

Commit 4497032a7d79 (migration: Improve accuracy of vCPU throttling with 
per-vCPU timers) has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190614161106.218854-1-cos...@nutanix.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[Qemu-devel] [PATCH v3 41/50] tests/plugin: add sample plugins

[Alex Bennée]

From: "Emilio G. Cota" 

Pass arguments with -plugin=libfoo.so,arg=bar,arg=baz

Signed-off-by: Emilio G. Cota 
---
 configure |  4 +-
 tests/plugin/Makefile | 28 +
 tests/plugin/bb.c | 66 ++
 tests/plugin/empty.c  | 30 ++
 tests/plugin/insn.c   | 63 +
 tests/plugin/mem.c| 93 +++
 6 files changed, 282 insertions(+), 2 deletions(-)
 create mode 100644 tests/plugin/Makefile
 create mode 100644 tests/plugin/bb.c
 create mode 100644 tests/plugin/empty.c
 create mode 100644 tests/plugin/insn.c
 create mode 100644 tests/plugin/mem.c

diff --git a/configure b/configure
index d3bf254191..2af8c436f2 100755
--- a/configure
+++ b/configure
@@ -7995,14 +7995,14 @@ fi
 # tests might fail. Prefer to keep the relevant files in their own
 # directory and symlink the directory instead.
 DIRS="tests tests/tcg tests/tcg/cris tests/tcg/lm32 tests/libqos 
tests/qapi-schema tests/tcg/xtensa tests/qemu-iotests tests/vm"
-DIRS="$DIRS tests/fp tests/qgraph"
+DIRS="$DIRS tests/fp tests/qgraph tests/plugin"
 DIRS="$DIRS docs docs/interop fsdev scsi"
 DIRS="$DIRS pc-bios/optionrom pc-bios/spapr-rtas pc-bios/s390-ccw"
 DIRS="$DIRS roms/seabios roms/vgabios"
 LINKS="Makefile tests/tcg/Makefile"
 LINKS="$LINKS tests/tcg/cris/Makefile tests/tcg/cris/.gdbinit"
 LINKS="$LINKS tests/tcg/lm32/Makefile tests/tcg/xtensa/Makefile po/Makefile"
-LINKS="$LINKS tests/fp/Makefile"
+LINKS="$LINKS tests/fp/Makefile tests/plugin/Makefile"
 LINKS="$LINKS pc-bios/optionrom/Makefile pc-bios/keymaps"
 LINKS="$LINKS pc-bios/spapr-rtas/Makefile"
 LINKS="$LINKS pc-bios/s390-ccw/Makefile"
diff --git a/tests/plugin/Makefile b/tests/plugin/Makefile
new file mode 100644
index 00..f9a3546ea3
--- /dev/null
+++ b/tests/plugin/Makefile
@@ -0,0 +1,28 @@
+BUILD_DIR := $(CURDIR)/../..
+
+include $(BUILD_DIR)/config-host.mak
+include $(SRC_PATH)/rules.mak
+
+$(call set-vpath, $(SRC_PATH)/tests/plugin)
+
+NAMES :=
+NAMES += bb
+NAMES += empty
+NAMES += insn
+NAMES += mem
+
+SONAMES := $(addsuffix .so,$(addprefix lib,$(NAMES)))
+
+QEMU_CFLAGS += -fPIC
+QEMU_CFLAGS += -I$(SRC_PATH)/include/qemu
+
+all: $(SONAMES)
+
+lib%.so: %.o
+   $(CC) -shared -Wl,-soname,$@ -o $@ $^ $(LDLIBS)
+
+clean:
+   rm -f *.o *.so *.d
+   rm -Rf .libs
+
+.PHONY: all clean
diff --git a/tests/plugin/bb.c b/tests/plugin/bb.c
new file mode 100644
index 00..bb868599a9
--- /dev/null
+++ b/tests/plugin/bb.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2018, Emilio G. Cota 
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+static uint64_t bb_count;
+static uint64_t insn_count;
+static int stdout_fd;
+static bool do_inline;
+
+static void plugin_exit(qemu_plugin_id_t id, void *p)
+{
+dprintf(stdout_fd, "bb's: %" PRIu64", insns: %" PRIu64 "\n",
+bb_count, insn_count);
+}
+
+static void vcpu_tb_exec(unsigned int cpu_index, void *udata)
+{
+unsigned long n_insns = (unsigned long)udata;
+
+insn_count += n_insns;
+bb_count++;
+}
+
+static void vcpu_tb_trans(qemu_plugin_id_t id, unsigned int cpu_index,
+  struct qemu_plugin_tb *tb)
+{
+unsigned long n_insns = qemu_plugin_tb_n_insns(tb);
+
+if (do_inline) {
+qemu_plugin_register_vcpu_tb_exec_inline(tb, 
QEMU_PLUGIN_INLINE_ADD_U64,
+ &bb_count, 1);
+qemu_plugin_register_vcpu_tb_exec_inline(tb, 
QEMU_PLUGIN_INLINE_ADD_U64,
+ &insn_count, n_insns);
+} else {
+qemu_plugin_register_vcpu_tb_exec_cb(tb, vcpu_tb_exec,
+ QEMU_PLUGIN_CB_NO_REGS,
+ (void *)n_insns);
+}
+}
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, int argc,
+   char **argv)
+{
+if (argc && strcmp(argv[0], "inline") == 0) {
+do_inline = true;
+}
+
+/* to be used when in the exit hook */
+stdout_fd = dup(STDOUT_FILENO);
+assert(stdout_fd);
+
+qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
+qemu_plugin_register_atexit_cb(id, plugin_exit, NULL);
+return 0;
+}
diff --git a/tests/plugin/empty.c b/tests/plugin/empty.c
new file mode 100644
index 00..b2e30bddb2
--- /dev/null
+++ b/tests/plugin/empty.c
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2018, Emilio G. Cota 
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+/*
+ * Empty TB translation callback.
+ * This allows us to measure the overhead of injecting and then
+ * removing empty instrumentation.
+ */
+static void vcpu_tb_trans(qemu_plugin_id_t 

Re: [Qemu-devel] [PATCH v4 5/6] migration: Make no compression operations into its own structure

[Juan Quintela]

"Dr. David Alan Gilbert"  wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> It will be used later.
>> 
>> Signed-off-by: Juan Quintela 
>> + */
>> +static int nocomp_recv_pages(MultiFDRecvParams *p, uint32_t used, Error 
>> **errp)
>> +{
>> +if (p->flags != 0) {
>> +error_setg(errp, "multifd %d: flags received %x flags expected %x",
>> +   p->id, MULTIFD_FLAG_ZLIB, p->flags);
>
> Can you just explain that a bit - the 'received' seems to be constant
> while the expected is p->flags - is that the right way around?
> Why would you expect FLAG_ZLIB in nocomp?

When I changed printf's to error_setg I did a bit *too much* of copy
paste.  Then I decided to put consistently received/expected in all
messages and clearly I failed.

Fixing, Thanks.

[Qemu-devel] [PATCH v3 45/50] tests/plugin: add instruction execution breakdown

[Alex Bennée]

This gives a break down of instruction classes and individual
instruction types.

Signed-off-by: Alex Bennée 
---
 tests/plugin/Makefile |   1 +
 tests/plugin/howvec.c | 297 ++
 2 files changed, 298 insertions(+)
 create mode 100644 tests/plugin/howvec.c

diff --git a/tests/plugin/Makefile b/tests/plugin/Makefile
index e74940eaac..3656429d46 100644
--- a/tests/plugin/Makefile
+++ b/tests/plugin/Makefile
@@ -11,6 +11,7 @@ NAMES += empty
 NAMES += insn
 NAMES += mem
 NAMES += hotblocks
+NAMES += howvec
 
 SONAMES := $(addsuffix .so,$(addprefix lib,$(NAMES)))
 
diff --git a/tests/plugin/howvec.c b/tests/plugin/howvec.c
new file mode 100644
index 00..0796523af3
--- /dev/null
+++ b/tests/plugin/howvec.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright (C) 2019, Alex Bennée 
+ *
+ * How vectorised is this code?
+ *
+ * Attempt to measure the amount of vectorisation that has been done
+ * on some code by counting classes of instruction. This is very much
+ * ARM specific.
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
+typedef enum {
+COUNT_CLASS,
+COUNT_INDIVIDUAL,
+COUNT_NONE
+} CountType;
+
+static int limit = 50;
+static int stdout_fd;
+static bool do_inline;
+static bool verbose;
+
+static GMutex lock;
+static GHashTable *insns;
+
+typedef struct {
+const char *class;
+const char *opt;
+uint32_t mask;
+uint32_t pattern;
+CountType what;
+uint64_t count;
+} InsnClassExecCount;
+
+typedef struct {
+char *insn;
+uint32_t opcode;
+uint64_t count;
+InsnClassExecCount *class;
+} InsnExecCount;
+
+/*
+ * Matchers for classes of instructions, order is important.
+ *
+ * Your most precise match must be before looser matches. If no match
+ * is found in the table we can create an individual entry.
+ */
+InsnClassExecCount insn_classes[] = {
+/* "Reserved"" */
+{ "  UDEF",  "udef",   0x, 0x, COUNT_NONE},
+{ "  SVE",   "sve",0x1e00, 0x0400, COUNT_CLASS},
+{ "Reserved","res",0x1e00, 0x, COUNT_CLASS},
+/* Data Processing Immediate */
+{ "  PCrel addr","pcrel",  0x1f00, 0x1000, COUNT_CLASS},
+{ "  Add/Sub (imm,tags)","asit",   0x1f80, 0x1180, COUNT_CLASS},
+{ "  Add/Sub (imm)", "asi",0x1f00, 0x1100, COUNT_CLASS},
+{ "  Logical (imm)", "logi",   0x1f80, 0x1200, COUNT_CLASS},
+{ "  Move Wide (imm)",   "movwi",  0x1f80, 0x1280, COUNT_CLASS},
+{ "  Bitfield",  "bitf",   0x1f80, 0x1300, COUNT_CLASS},
+{ "  Extract",   "extr",   0x1f80, 0x1380, COUNT_CLASS},
+{ "Data Proc Imm",   "dpri",   0x1c00, 0x1000, COUNT_CLASS},
+/* Branches */
+{ "  Cond Branch (imm)", "cndb",   0xfe00, 0x5400, COUNT_CLASS},
+{ "  Exception Gen", "excp",   0xff00, 0xd400, COUNT_CLASS},
+{ "NOP", "nop",0x, 0xd503201f, COUNT_NONE},
+{ "  Hints", "hint",   0xf000, 0xd5032000, COUNT_CLASS},
+{ "  Barriers",  "barr",   0xf000, 0xd5033000, COUNT_CLASS},
+{ "  PSTATE","psta",   0xfff8f000, 0xd5004000, COUNT_CLASS},
+{ "  System Insn",   "sins",   0xffd8, 0xd508, COUNT_CLASS},
+{ "  System Reg","sreg",   0xffd0, 0xd510, COUNT_CLASS},
+{ "  Branch (reg)",  "breg",   0xfe00, 0xd600, COUNT_CLASS},
+{ "  Branch (imm)",  "bimm",   0x7c00, 0x1400, COUNT_CLASS},
+{ "  Cmp & Branch",  "cmpb",   0x7e00, 0x3400, COUNT_CLASS},
+{ "  Tst & Branch",  "tstb",   0x7e00, 0x3600, COUNT_CLASS},
+{ "Branches","branch", 0x1c00, 0x1400, COUNT_CLASS},
+/* Loads and Stores */
+{ "  AdvSimd ldstmult",  "advlsm", 0xbfbf, 0x0c00, COUNT_CLASS},
+{ "  AdvSimd ldstmult++","advlsmp",0xbfb0, 0x0c80, COUNT_CLASS},
+{ "  AdvSimd ldst",  "advlss", 0xbf9f, 0x0d00, COUNT_CLASS},
+{ "  AdvSimd ldst++","advlssp",0xbf80, 0x0d80, COUNT_CLASS},
+{ "  ldst excl", "ldstx",  0x3f00, 0x0800, COUNT_CLASS},
+{ "Prefetch","prfm",   0xff00, 0xd800, COUNT_CLASS},
+{ "  Load Reg (lit)","ldlit",  0x1b00, 0x1800, COUNT_CLASS},
+{ "  ldst noalloc pair", "ldstnap",0x3b80, 0x2800, COUNT_CLASS},
+{ "  ldst pair", "ldstp",  0x3800, 0x2800, COUNT_CLASS},
+{ "  ldst reg",  "ldstr",  0x3b20, 0x3800, COUNT_CLASS},
+{ "  Atomic ldst",   "atomic", 0x3b200c00, 0x3820, COUNT_CLASS},
+{ "  ldst reg (reg off)","ldstro", 0x3b200b00, 0x38200800, COUNT_CLASS},
+{ "  ldst reg (pac

Re: [Qemu-devel] [PATCH 2/2] spapr/xive: simplify spapr_irq_init_device() to remove the emulated init

[Greg Kurz]

On Fri, 14 Jun 2019 18:59:20 +0200
Cédric Le Goater  wrote:

> The init_emu() handles are now empty. Remove them and rename
> spapr_irq_init_device() to spapr_irq_init_kvm().
> 
> Signed-off-by: Cédric Le Goater 
> ---

Reviewed-by: Greg Kurz 

>  include/hw/ppc/spapr_irq.h |  1 -
>  hw/ppc/spapr_irq.c | 20 +++-
>  2 files changed, 3 insertions(+), 18 deletions(-)
> 
> diff --git a/include/hw/ppc/spapr_irq.h b/include/hw/ppc/spapr_irq.h
> index 14cab73c9c07..f965a58f8954 100644
> --- a/include/hw/ppc/spapr_irq.h
> +++ b/include/hw/ppc/spapr_irq.h
> @@ -48,7 +48,6 @@ typedef struct SpaprIrq {
>  void (*reset)(SpaprMachineState *spapr, Error **errp);
>  void (*set_irq)(void *opaque, int srcno, int val);
>  const char *(*get_nodename)(SpaprMachineState *spapr);
> -void (*init_emu)(SpaprMachineState *spapr, Error **errp);
>  void (*init_kvm)(SpaprMachineState *spapr, Error **errp);
>  } SpaprIrq;
>  
> diff --git a/hw/ppc/spapr_irq.c b/hw/ppc/spapr_irq.c
> index 73e6f10da165..84b9b32fe40f 100644
> --- a/hw/ppc/spapr_irq.c
> +++ b/hw/ppc/spapr_irq.c
> @@ -62,7 +62,7 @@ void spapr_irq_msi_reset(SpaprMachineState *spapr)
>  bitmap_clear(spapr->irq_map, 0, spapr->irq_map_nr);
>  }
>  
> -static void spapr_irq_init_device(SpaprMachineState *spapr,
> +static void spapr_irq_init_kvm(SpaprMachineState *spapr,
>SpaprIrq *irq, Error **errp)
>  {
>  MachineState *machine = MACHINE(spapr);
> @@ -88,8 +88,6 @@ static void spapr_irq_init_device(SpaprMachineState *spapr,
>  error_prepend(&local_err, "kernel_irqchip allowed but unavailable: 
> ");
>  warn_report_err(local_err);
>  }
> -
> -irq->init_emu(spapr, errp);
>  }
>  
>  /*
> @@ -224,7 +222,7 @@ static void spapr_irq_reset_xics(SpaprMachineState 
> *spapr, Error **errp)
>  {
>  Error *local_err = NULL;
>  
> -spapr_irq_init_device(spapr, &spapr_irq_xics, &local_err);
> +spapr_irq_init_kvm(spapr, &spapr_irq_xics, &local_err);
>  if (local_err) {
>  error_propagate(errp, local_err);
>  return;
> @@ -236,10 +234,6 @@ static const char 
> *spapr_irq_get_nodename_xics(SpaprMachineState *spapr)
>  return XICS_NODENAME;
>  }
>  
> -static void spapr_irq_init_emu_xics(SpaprMachineState *spapr, Error **errp)
> -{
> -}
> -
>  static void spapr_irq_init_kvm_xics(SpaprMachineState *spapr, Error **errp)
>  {
>  if (kvm_enabled()) {
> @@ -267,7 +261,6 @@ SpaprIrq spapr_irq_xics = {
>  .reset   = spapr_irq_reset_xics,
>  .set_irq = spapr_irq_set_irq_xics,
>  .get_nodename = spapr_irq_get_nodename_xics,
> -.init_emu= spapr_irq_init_emu_xics,
>  .init_kvm= spapr_irq_init_kvm_xics,
>  };
>  
> @@ -385,7 +378,7 @@ static void spapr_irq_reset_xive(SpaprMachineState 
> *spapr, Error **errp)
>  spapr_xive_set_tctx_os_cam(spapr_cpu_state(cpu)->tctx);
>  }
>  
> -spapr_irq_init_device(spapr, &spapr_irq_xive, &local_err);
> +spapr_irq_init_kvm(spapr, &spapr_irq_xive, &local_err);
>  if (local_err) {
>  error_propagate(errp, local_err);
>  return;
> @@ -411,10 +404,6 @@ static const char 
> *spapr_irq_get_nodename_xive(SpaprMachineState *spapr)
>  return spapr->xive->nodename;
>  }
>  
> -static void spapr_irq_init_emu_xive(SpaprMachineState *spapr, Error **errp)
> -{
> -}
> -
>  static void spapr_irq_init_kvm_xive(SpaprMachineState *spapr, Error **errp)
>  {
>  if (kvm_enabled()) {
> @@ -446,7 +435,6 @@ SpaprIrq spapr_irq_xive = {
>  .reset   = spapr_irq_reset_xive,
>  .set_irq = spapr_irq_set_irq_xive,
>  .get_nodename = spapr_irq_get_nodename_xive,
> -.init_emu= spapr_irq_init_emu_xive,
>  .init_kvm= spapr_irq_init_kvm_xive,
>  };
>  
> @@ -624,7 +612,6 @@ SpaprIrq spapr_irq_dual = {
>  .reset   = spapr_irq_reset_dual,
>  .set_irq = spapr_irq_set_irq_dual,
>  .get_nodename = spapr_irq_get_nodename_dual,
> -.init_emu= NULL, /* should not be used */
>  .init_kvm= NULL, /* should not be used */
>  };
>  
> @@ -840,6 +827,5 @@ SpaprIrq spapr_irq_xics_legacy = {
>  .reset   = spapr_irq_reset_xics,
>  .set_irq = spapr_irq_set_irq_xics,
>  .get_nodename = spapr_irq_get_nodename_xics,
> -.init_emu= spapr_irq_init_emu_xics,
>  .init_kvm= spapr_irq_init_kvm_xics,
>  };

[Qemu-devel] [PATCH v3 31/50] target/m68k: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/m68k/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/m68k/translate.c b/target/m68k/translate.c
index 2ae537461f..dc05c0d2ad 100644
--- a/target/m68k/translate.c
+++ b/target/m68k/translate.c
@@ -378,7 +378,7 @@ static TCGv gen_ldst(DisasContext *s, int opsize, TCGv 
addr, TCGv val,
 static inline uint16_t read_im16(CPUM68KState *env, DisasContext *s)
 {
 uint16_t im;
-im = cpu_lduw_code(env, s->pc);
+im = translator_lduw(env, s->pc);
 s->pc += 2;
 return im;
 }
-- 
2.20.1

Re: [Qemu-devel] [PATCH v3 00/50] tcg plugin support

[Alex Bennée]

Aleksandar Markovic  writes:

> On Fri, Jun 14, 2019 at 7:22 PM Alex Bennée  wrote:
>>
>> Hi,
>>
>> This is v3 of the proposed plugins API for QEMU. As Emilio is busy
>> having finished his time at Columbia I have volunteered to take the
>> patch series forward. Emilio's RFC v2 was posted last year:
>>
>>   Subject: [RFC v2 00/38] Plugin support
>>   Date: Sun,  9 Dec 2018 14:37:11 -0500
>>   Message-Id: <20181209193749.12277-1-c...@braap.org>
>>
>> The idea is to present a plugin interface that allows for interesting
>> experiments to be written while not exposing the internal details of
>> how the TCG works to the wider world.
>>
>> Changes from last year
>>
>>   - re-basing and fixing up conflicts
>>   - moved to plugins/ and split files up (core/api/loader)
>>   - added a design document (docs/devel/plugins.rst)
>>   - replaced auto-growing structures with glib GArray and friends
>>   - expanded API to include access to disassembly
>>   - wrote some more example plugins
>>   - dropped the RFC tag ;-)
>>
>> There are a few things left to sort out. Currently the haddr
>> calculation relies on the softmmu TLB code for each architecture to
>> dump it in a cpu_env location. Currently this is only done on x86 and
>> we would require some tweaking to each backend. I think it would
>> probably be better to just have a wrapper helper which could do the
>> lookup of the (hot) TLB in C to calculate the address before calling
>> the helpers.
>>
>
> Great to see this series!
>
> Is there any particular conceptual reason why not all targets are included
> (i.e. mips, s390, etc.)? Or it was just, let's say, lack of your time 
> resources
> to complete everything?

There are two things.

Firstly this only supports guests that have been converted to the common
translator_loop code. This is to avoid having hooks in all the various
guest front-ends. I think we are slowly moving to having the common
translator_loop as mandatory and once that's done the guest gets plugins
"for free".

The only other change needed for each guest is to use the common
translator_ld function to read instructions. This again avoids us having
to have too many tendrils into the guests. arm's handling of endian
switching being the exception in this case.

AFAICT both mips and s390 are using the common loop stuff so it should
just be a case of adding the relevant translator_ld calls. The only
minor wrinkle would be if they do anything fancy like SH4's gUSA
sequence.

>
> Yours,
> Aleksandar
>
>> I also ended up adding a bunch of miscellaneous fixes at the end while
>> I was re-spinning. If they get some review I'll try and get the
>> non-controversial stuff up-streamed first.
>>
>> The area that needs the most review is the single pass TCG op
>> insertion code. When plugins are enabled each instruction gets dummy
>> ops inserted and then at the end we swap those out for the actual
>> calls or remove them from the stream. Hopefully this is not too much
>> of an abuse of TCG mechanisms.
>>
>> I'm aiming to get this in for 4.1 but I guess that will depend on how
>> the review and iteration goes.
>>
>> Alex Bennée (12):
>>   docs/devel: add plugins.rst design document
>>   configure: add --enable-plugins (MOVE TO END)
>>   plugin: add implementation of the api
>>   tests/tcg: enable plugin testing
>>   tests/plugin: add a hotblocks plugin
>>   plugin: add qemu_plugin_insn_disas helper
>>   tests/plugin: add instruction execution breakdown
>>   tests/plugin: add hotpages plugin to breakdown memory access patterns
>>   accel/stubs: reduce headers from tcg-stub
>>   include/exec: wrap cpu_ldst.h in CONFIG_TCG
>>   include/exec/cpu-defs.h: fix typo
>>   TODO: API changes to make?
>>
>> Emilio G. Cota (36):
>>   trace: expand mem_info:size_shift to 3 bits
>>   tcg/README: fix typo s/afterwise/afterwards/
>>   cpu: introduce cpu_in_exclusive_work_context()
>>   translate-all: use cpu_in_exclusive_work_context() in tb_flush
>>   plugin: add user-facing API
>>   plugin: add core code
>>   queue: add QTAILQ_REMOVE_SEVERAL
>>   cputlb: document get_page_addr_code
>>   cputlb: introduce get_page_addr_code_hostp
>>   plugin-gen: add module for TCG-related code
>>   tcg: add tcg_gen_st_ptr
>>   tcg: add MO_HADDR to TCGMemOp
>>   atomic_template: fix indentation in GEN_ATOMIC_HELPER
>>   atomic_template: add inline trace/plugin helpers
>>   cpu_ldst_useronly_template: remove redundant #ifndef CODE_ACCESS
>>   tcg: let plugins instrument memory accesses
>>   translate-all: notify plugin code of tb_flush
>>   *-user: notify plugin of exit
>>   *-user: plugin syscalls
>>   cpu: hook plugin vcpu events
>>   plugin-gen: add plugin_insn_append
>>   translator: add translator_ld{ub,sw,uw,l,q}
>>   target/arm: call qemu_plugin_insn_append
>>   target/ppc: fetch code with translator_ld
>>   target/sh4: fetch code with translator_ld
>>   target/i386: fetch code with translator_ld
>>   target/hppa: fetch code with translator_ld
>>   target/m68k: fetch code with translator_ld

[Qemu-devel] [PATCH v3 36/50] target/openrisc: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/openrisc/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/openrisc/translate.c b/target/openrisc/translate.c
index 4360ce4045..7df4c68d15 100644
--- a/target/openrisc/translate.c
+++ b/target/openrisc/translate.c
@@ -1305,7 +1305,7 @@ static void openrisc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 {
 DisasContext *dc = container_of(dcbase, DisasContext, base);
 OpenRISCCPU *cpu = OPENRISC_CPU(cs);
-uint32_t insn = cpu_ldl_code(&cpu->env, dc->base.pc_next);
+uint32_t insn = translator_ldl(&cpu->env, dc->base.pc_next);
 
 if (!decode(dc, insn)) {
 gen_illegal_exception(dc);
-- 
2.20.1

Re: [Qemu-devel] [PATCH v3 00/50] tcg plugin support

[Aleksandar Markovic]

On Fri, Jun 14, 2019 at 7:22 PM Alex Bennée  wrote:
>
> Hi,
>
> This is v3 of the proposed plugins API for QEMU. As Emilio is busy
> having finished his time at Columbia I have volunteered to take the
> patch series forward. Emilio's RFC v2 was posted last year:
>
>   Subject: [RFC v2 00/38] Plugin support
>   Date: Sun,  9 Dec 2018 14:37:11 -0500
>   Message-Id: <20181209193749.12277-1-c...@braap.org>
>
> The idea is to present a plugin interface that allows for interesting
> experiments to be written while not exposing the internal details of
> how the TCG works to the wider world.
>
> Changes from last year
>
>   - re-basing and fixing up conflicts
>   - moved to plugins/ and split files up (core/api/loader)
>   - added a design document (docs/devel/plugins.rst)
>   - replaced auto-growing structures with glib GArray and friends
>   - expanded API to include access to disassembly
>   - wrote some more example plugins
>   - dropped the RFC tag ;-)
>
> There are a few things left to sort out. Currently the haddr
> calculation relies on the softmmu TLB code for each architecture to
> dump it in a cpu_env location. Currently this is only done on x86 and
> we would require some tweaking to each backend. I think it would
> probably be better to just have a wrapper helper which could do the
> lookup of the (hot) TLB in C to calculate the address before calling
> the helpers.
>

Great to see this series!

Is there any particular conceptual reason why not all targets are included
(i.e. mips, s390, etc.)? Or it was just, let's say, lack of your time resources
to complete everything?

Yours,
Aleksandar

> I also ended up adding a bunch of miscellaneous fixes at the end while
> I was re-spinning. If they get some review I'll try and get the
> non-controversial stuff up-streamed first.
>
> The area that needs the most review is the single pass TCG op
> insertion code. When plugins are enabled each instruction gets dummy
> ops inserted and then at the end we swap those out for the actual
> calls or remove them from the stream. Hopefully this is not too much
> of an abuse of TCG mechanisms.
>
> I'm aiming to get this in for 4.1 but I guess that will depend on how
> the review and iteration goes.
>
> Alex Bennée (12):
>   docs/devel: add plugins.rst design document
>   configure: add --enable-plugins (MOVE TO END)
>   plugin: add implementation of the api
>   tests/tcg: enable plugin testing
>   tests/plugin: add a hotblocks plugin
>   plugin: add qemu_plugin_insn_disas helper
>   tests/plugin: add instruction execution breakdown
>   tests/plugin: add hotpages plugin to breakdown memory access patterns
>   accel/stubs: reduce headers from tcg-stub
>   include/exec: wrap cpu_ldst.h in CONFIG_TCG
>   include/exec/cpu-defs.h: fix typo
>   TODO: API changes to make?
>
> Emilio G. Cota (36):
>   trace: expand mem_info:size_shift to 3 bits
>   tcg/README: fix typo s/afterwise/afterwards/
>   cpu: introduce cpu_in_exclusive_work_context()
>   translate-all: use cpu_in_exclusive_work_context() in tb_flush
>   plugin: add user-facing API
>   plugin: add core code
>   queue: add QTAILQ_REMOVE_SEVERAL
>   cputlb: document get_page_addr_code
>   cputlb: introduce get_page_addr_code_hostp
>   plugin-gen: add module for TCG-related code
>   tcg: add tcg_gen_st_ptr
>   tcg: add MO_HADDR to TCGMemOp
>   atomic_template: fix indentation in GEN_ATOMIC_HELPER
>   atomic_template: add inline trace/plugin helpers
>   cpu_ldst_useronly_template: remove redundant #ifndef CODE_ACCESS
>   tcg: let plugins instrument memory accesses
>   translate-all: notify plugin code of tb_flush
>   *-user: notify plugin of exit
>   *-user: plugin syscalls
>   cpu: hook plugin vcpu events
>   plugin-gen: add plugin_insn_append
>   translator: add translator_ld{ub,sw,uw,l,q}
>   target/arm: call qemu_plugin_insn_append
>   target/ppc: fetch code with translator_ld
>   target/sh4: fetch code with translator_ld
>   target/i386: fetch code with translator_ld
>   target/hppa: fetch code with translator_ld
>   target/m68k: fetch code with translator_ld
>   target/alpha: fetch code with translator_ld
>   target/riscv: fetch code with translator_ld
>   target/sparc: fetch code with translator_ld
>   target/xtensa: fetch code with translator_ld
>   target/openrisc: fetch code with translator_ld
>   translator: inject instrumentation from plugins
>   plugin: add API symbols to qemu-plugins.symbols
>   tests/plugin: add sample plugins
>
> Lluís Vilanova (2):
>   vl: support -plugin option
>   linux-user: support -plugin option
>
>  Makefile  |   11 +-
>  Makefile.target   |2 +
>  accel/stubs/tcg-stub.c|3 -
>  accel/tcg/Makefile.objs   |1 +
>  accel/tcg/atomic_template.h   |  117 ++-
>  accel/tcg/cpu-exec.c  |3 +
>  accel/tcg/cputlb.c|   56 +-
>  accel/tcg/plugin-gen.c| 1079 ++

[Qemu-devel] [PATCH v3 50/50] TODO: API changes to make?

[Alex Bennée]

---
 include/qemu/qemu-plugin.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
index 21f056d4ab..655640fe54 100644
--- a/include/qemu/qemu-plugin.h
+++ b/include/qemu/qemu-plugin.h
@@ -169,6 +169,7 @@ enum qemu_plugin_mem_rw {
  * callbacks to be triggered when the block or individual instruction
  * executes.
  */
+/* ??? - should we expose vcpu_index here? */
 typedef void (*qemu_plugin_vcpu_tb_trans_cb_t)(qemu_plugin_id_t id,
unsigned int vcpu_index,
struct qemu_plugin_tb *tb);
-- 
2.20.1

[Qemu-devel] [PATCH] helpers: build vhost-user-gpu only for softmmu

[Laurent Vivier]

with

  ./configure --enable-user --disable-tools --disable-system

it fails with:

  /usr/bin/ld: contrib/vhost-user-gpu/main.o: in function `vg_resource_destroy':
  .../contrib/vhost-user-gpu/main.c:382: undefined reference to 
`pixman_image_unref'
  /usr/bin/ld: contrib/vhost-user-gpu/main.o: in function `vg_resource_flush':
  .../contrib/vhost-user-gpu/main.c:694: undefined reference to 
`pixman_region_init_rect'
  /usr/bin/ld: .../contrib/vhost-user-gpu/main.c:763: undefined reference to 
`pixman_region_fini'

Fixes: d52c454aadcd ("contrib: add vhost-user-gpu")
Cc: marcandre.lur...@redhat.com
Signed-off-by: Laurent Vivier 
---
 Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Makefile b/Makefile
index 8e2fc6624c31..49ddec1dcf35 100644
--- a/Makefile
+++ b/Makefile
@@ -322,11 +322,13 @@ HELPERS-$(call land,$(CONFIG_SOFTMMU),$(CONFIG_LINUX)) = 
qemu-bridge-helper$(EXE
 ifdef CONFIG_LINUX
 ifdef CONFIG_VIRGL
 ifdef CONFIG_GBM
+ifdef CONFIG_SOFTMMU
 HELPERS-y += vhost-user-gpu$(EXESUF)
 vhost-user-json-y += contrib/vhost-user-gpu/50-qemu-gpu.json
 endif
 endif
 endif
+endif
 
 ifdef BUILD_DOCS
 DOCS=qemu-doc.html qemu-doc.txt qemu.1 qemu-img.1 qemu-nbd.8 qemu-ga.8
-- 
2.21.0

Re: [Qemu-devel] [PATCH] roms/edk2-build.sh: Allow to run edk2-build.sh from command line

[Laszlo Ersek]

On 06/14/19 15:55, Philippe Mathieu-Daudé wrote:
> On 6/14/19 3:29 PM, Eric Blake wrote:
>> On 6/14/19 5:16 AM, Philippe Mathieu-Daudé wrote:
>>> Cc'ing Eric :)
>>>
>>
 When running this script out of 'make', we get:

   $ cd roms
   $ ./edk2-build.sh aarch64 --arch=AARCH64 
 --platform=ArmVirtPkg/ArmVirtQemu.dsc > /dev/null
   ./edk2-build.sh: line 46: MAKEFLAGS: unbound variable

 Fix this by checking the variable is defined before using it,
 else use a default value.

 Signed-off-by: Philippe Mathieu-Daudé 
 ---
  roms/edk2-build.sh | 8 +++-
  1 file changed, 7 insertions(+), 1 deletion(-)

(1) "allow to run" is not correct English, to my understanding. This
form of "allow" requires an object. You could reformulate the subject
line as "allow edk2-build.sh to be invoked from the command line".


 diff --git a/roms/edk2-build.sh b/roms/edk2-build.sh
 index 4f46f8a6a2..5390228b4e 100755
 --- a/roms/edk2-build.sh
 +++ b/roms/edk2-build.sh
>>
>> This is running under /bin/bash (hmm - not '/bin/env bash' like other
>> scripts in qemu?), so...
>>
 @@ -43,7 +43,13 @@ fi
  # any), for the edk2 "build" utility.
  source ../edk2-funcs.sh
  edk2_toolchain=$(qemu_edk2_get_toolchain "$emulation_target")
 -edk2_thread_count=$(qemu_edk2_get_thread_count "$MAKEFLAGS")
 +if [ -v MAKEFLAGS ]; then
>>
>> the non-portable bashism '[ -v' works. However, it's just as easy to
> 
> Ah, OK.
> 
>> work around this problem portably for all POSIX shells without needing 'if':
>>
 +  edk2_thread_count=$(qemu_edk2_get_thread_count "$MAKEFLAGS")
 +else
 +  # We are not running within 'make', let the edk2 "build" utility to 
 fetch
 +  # the logical CPU count with Python's multiprocessing.cpu_count() 
 method.
 +  edk2_thread_count=0
 +fi

(2) "let" doesn't take the preposition "to". I'd suggest:

  Let the edk2 "build" utility [] fetch ...


>>
>> edk2_thread_count=$(qemu_edk2_get_thread_count "${MAKEFLAGS:-0}")

(3) The expression

  edk2_thread_count=$(qemu_edk2_get_thread_count "${MAKEFLAGS:-0}")

would pass the string "0" as $1 to the qemu_edk2_get_thread_count()
function. That doesn't seem useful (please see the docs on said shell
function).

We could write

  edk2_thread_count=$(qemu_edk2_get_thread_count "${MAKEFLAGS:-}")

instead, to pass "". But that would cause qemu_edk2_get_thread_count()
to print "1", which is not what we want here, AIUI.


I think I prefer the approach with "[ -v". While it's nonportable,
"edk2-build.sh" is already -- consciously -- so: it uses an array
variable, for example.


(4) Phil, did you regression-test this change with plain "make" (i.e.,
no "-j" option)? The behavior shouldn't change for that case (i.e.
qemu_edk2_get_thread_count() should be invoked, and it should print "1").


With (1) and (2) fixed, and (4) confirmed:

Reviewed-by: Laszlo Ersek 

Thanks
Laszlo

[Qemu-devel] [PATCH v3 25/50] translator: add translator_ld{ub, sw, uw, l, q}

[Alex Bennée]

From: "Emilio G. Cota" 

Suggested-by: Richard Henderson 
Signed-off-by: Emilio G. Cota 
---
 include/exec/translator.h | 30 +-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/include/exec/translator.h b/include/exec/translator.h
index 180c51d509..33fa709ba6 100644
--- a/include/exec/translator.h
+++ b/include/exec/translator.h
@@ -19,7 +19,10 @@
  */
 
 
+#include "qemu/bswap.h"
 #include "exec/exec-all.h"
+#include "exec/cpu_ldst.h"
+#include "exec/plugin-gen.h"
 #include "tcg/tcg.h"
 
 
@@ -142,4 +145,29 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
 
 void translator_loop_temp_check(DisasContextBase *db);
 
-#endif /* EXEC__TRANSLATOR_H */
+#define GEN_TRANSLATOR_LD(fullname, name, type, swap_fn)\
+static inline type  \
+fullname ## _swap(CPUArchState *env, abi_ptr pc, bool do_swap)  \
+{   \
+type ret = cpu_ ## name ## _code(env, pc);  \
+\
+if (do_swap) {  \
+ret = swap_fn(ret); \
+}   \
+plugin_insn_append(&ret, sizeof(ret));  \
+return ret; \
+}   \
+\
+static inline type fullname(CPUArchState *env, abi_ptr pc)  \
+{   \
+return fullname ## _swap(env, pc, false);   \
+}
+
+GEN_TRANSLATOR_LD(translator_ldub, ldub, uint8_t, /* no swap needed */)
+GEN_TRANSLATOR_LD(translator_ldsw, ldsw, int16_t, bswap16)
+GEN_TRANSLATOR_LD(translator_lduw, lduw, uint16_t, bswap16)
+GEN_TRANSLATOR_LD(translator_ldl, ldl, uint32_t, bswap32)
+GEN_TRANSLATOR_LD(translator_ldq, ldq, uint64_t, bswap64)
+#undef GEN_TRANSLATOR_LD
+
+#endif  /* EXEC__TRANSLATOR_H */
-- 
2.20.1

[Qemu-devel] [PATCH v3] qapi: Add InetSocketAddress member keep-alive

[Vladimir Sementsov-Ogievskiy]

It's needed to provide keepalive for nbd client to track server
availability.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---

v3: [by Markus's comments]

- Fix commit subject
- Add comment to qapi and restrict server-side connections
- Fix s/"keep-alive="/",keep-alive"/


 qapi/sockets.json   |  6 +-
 util/qemu-sockets.c | 28 
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/qapi/sockets.json b/qapi/sockets.json
index fc81d8d5e8..c44af481a1 100644
--- a/qapi/sockets.json
+++ b/qapi/sockets.json
@@ -53,6 +53,9 @@
 #
 # @ipv6: whether to accept IPv6 addresses, default try both IPv4 and IPv6
 #
+# @keep-alive: enable keep-alive when connecting to this socket. Not supported
+#  for server-side connections. (Since 4.1)
+#
 # Since: 1.3
 ##
 { 'struct': 'InetSocketAddress',
@@ -61,7 +64,8 @@
 '*numeric':  'bool',
 '*to': 'uint16',
 '*ipv4': 'bool',
-'*ipv6': 'bool' } }
+'*ipv6': 'bool',
+'*keep-alive': 'bool' } }
 
 ##
 # @UnixSocketAddress:
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 8850a280a8..813063761b 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -438,6 +438,12 @@ int inet_connect_saddr(InetSocketAddress *saddr, Error 
**errp)
 struct addrinfo *res, *e;
 int sock = -1;
 
+if (saddr->keep_alive) {
+error_setg(errp, "keep-alive options is not supported for server-side "
+   "connection");
+return -1;
+}
+
 res = inet_parse_connect_saddr(saddr, errp);
 if (!res) {
 return -1;
@@ -457,6 +463,19 @@ int inet_connect_saddr(InetSocketAddress *saddr, Error 
**errp)
 }
 
 freeaddrinfo(res);
+
+if (saddr->keep_alive) {
+int val = 1;
+int ret = qemu_setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+  &val, sizeof(val));
+
+if (ret < 0) {
+error_setg_errno(errp, errno, "Unable to set KEEPALIVE");
+close(sock);
+return -1;
+}
+}
+
 return sock;
 }
 
@@ -652,6 +671,15 @@ int inet_parse(InetSocketAddress *addr, const char *str, 
Error **errp)
 }
 addr->has_ipv6 = true;
 }
+begin = strstr(optstr, ",keep-alive");
+if (begin) {
+if (inet_parse_flag("keep-alive", begin + strlen(",keep-alive"),
+&addr->keep_alive, errp) < 0)
+{
+return -1;
+}
+addr->has_keep_alive = true;
+}
 return 0;
 }
 
-- 
2.18.0

[Qemu-devel] [PATCH v3 47/50] accel/stubs: reduce headers from tcg-stub

[Alex Bennée]

We don't need much for these. However I do wonder why these aren't
just null inlines in exec-all.h

Signed-off-by: Alex Bennée 
---
 accel/stubs/tcg-stub.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/accel/stubs/tcg-stub.c b/accel/stubs/tcg-stub.c
index 76ae461749..431ec7d7e6 100644
--- a/accel/stubs/tcg-stub.c
+++ b/accel/stubs/tcg-stub.c
@@ -11,10 +11,7 @@
  */
 
 #include "qemu/osdep.h"
-#include "qemu-common.h"
 #include "cpu.h"
-#include "tcg/tcg.h"
-#include "exec/cpu-common.h"
 #include "exec/exec-all.h"
 
 void tb_flush(CPUState *cpu)
-- 
2.20.1

[Qemu-devel] [PATCH v3 22/50] *-user: plugin syscalls

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 bsd-user/syscall.c   | 9 +
 linux-user/syscall.c | 3 +++
 2 files changed, 12 insertions(+)

diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
index 84a983a9a1..50e47d217c 100644
--- a/bsd-user/syscall.c
+++ b/bsd-user/syscall.c
@@ -323,6 +323,8 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 gemu_log("freebsd syscall %d\n", num);
 #endif
 trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
arg7, arg8);
+qemu_plugin_vcpu_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
arg7,
+ arg8);
 if(do_strace)
 print_freebsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
 
@@ -404,6 +406,7 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 if (do_strace)
 print_freebsd_syscall_ret(num, ret);
 trace_guest_user_syscall_ret(cpu, num, ret);
+qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
 return ret;
  efault:
 ret = -TARGET_EFAULT;
@@ -422,6 +425,8 @@ abi_long do_netbsd_syscall(void *cpu_env, int num, abi_long 
arg1,
 gemu_log("netbsd syscall %d\n", num);
 #endif
 trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 0, 
0);
+qemu_plugin_vcpu_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 0,
+ 0);
 if(do_strace)
 print_netbsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
 
@@ -480,6 +485,7 @@ abi_long do_netbsd_syscall(void *cpu_env, int num, abi_long 
arg1,
 if (do_strace)
 print_netbsd_syscall_ret(num, ret);
 trace_guest_user_syscall_ret(cpu, num, ret);
+qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
 return ret;
  efault:
 ret = -TARGET_EFAULT;
@@ -498,6 +504,8 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 gemu_log("openbsd syscall %d\n", num);
 #endif
 trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 0, 
0);
+qemu_plugin_vcpu_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 0,
+ 0);
 if(do_strace)
 print_openbsd_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
 
@@ -556,6 +564,7 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 if (do_strace)
 print_openbsd_syscall_ret(num, ret);
 trace_guest_user_syscall_ret(cpu, num, ret);
+qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
 return ret;
  efault:
 ret = -TARGET_EFAULT;
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b187c1281d..7f3cfdee84 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -11724,6 +11724,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 
 trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4,
  arg5, arg6, arg7, arg8);
+qemu_plugin_vcpu_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, 
arg7,
+ arg8);
 
 if (unlikely(do_strace)) {
 print_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
@@ -11736,5 +11738,6 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 }
 
 trace_guest_user_syscall_ret(cpu, num, ret);
+qemu_plugin_vcpu_syscall_ret(cpu, num, ret);
 return ret;
 }
-- 
2.20.1

[Qemu-devel] [PATCH v3 16/50] atomic_template: fix indentation in GEN_ATOMIC_HELPER

[Alex Bennée]

From: "Emilio G. Cota" 

Reviewed-by: Alex Bennée 
Signed-off-by: Emilio G. Cota 
---
 accel/tcg/atomic_template.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
index 5aaf186253..df9c838817 100644
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -284,7 +284,7 @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, target_ulong 
addr,
 
 #define GEN_ATOMIC_HELPER(X)\
 ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong addr,   \
- ABI_TYPE val EXTRA_ARGS)   \
+ABI_TYPE val EXTRA_ARGS)\
 {   \
 ATOMIC_MMU_DECLS;   \
 DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;   \
-- 
2.20.1

Re: [Qemu-devel] [PATCH 1/2] spapr/xive: rework the mapping the KVM memory regions

[Greg Kurz]

On Fri, 14 Jun 2019 18:59:19 +0200
Cédric Le Goater  wrote:

> Today, the interrupt device is fully initialized at reset when the CAS
> negotiation process has completed. Depending on the KVM capabilities,
> the SpaprXive memory regions (ESB, TIMA) are initialized with a host
> MMIO backend or a QEMU emulated backend. This results in a complex
> initialization sequence partially done at realize and later at reset,
> and some memory region leaks.
> 
> To simplify this sequence and to remove of the late initialization of
> the emulated device which is required to be done only once, we
> introduce new memory regions specific for KVM. These regions are
> mapped as overlaps on top of the emulated device to make use of the
> host MMIOs. Also provide proper cleanups of these regions when the
> XIVE KVM device is destroyed to fix the leaks.
> 
> Signed-off-by: Cédric Le Goater 
> ---

Nice !

Reviewed-by: Greg Kurz 

>  include/hw/ppc/spapr_xive.h |  2 +-
>  include/hw/ppc/xive.h   |  1 +
>  hw/intc/spapr_xive.c| 38 ++---
>  hw/intc/spapr_xive_kvm.c| 21 +++-
>  hw/ppc/spapr_irq.c  |  1 -
>  5 files changed, 24 insertions(+), 39 deletions(-)
> 
> diff --git a/include/hw/ppc/spapr_xive.h b/include/hw/ppc/spapr_xive.h
> index b26befcf6b56..719714426524 100644
> --- a/include/hw/ppc/spapr_xive.h
> +++ b/include/hw/ppc/spapr_xive.h
> @@ -42,6 +42,7 @@ typedef struct SpaprXive {
>  /* KVM support */
>  int   fd;
>  void  *tm_mmap;
> +MemoryRegion  tm_mmio_kvm;
>  VMChangeStateEntry *change;
>  } SpaprXive;
>  
> @@ -66,7 +67,6 @@ void spapr_xive_map_mmio(SpaprXive *xive);
>  
>  int spapr_xive_end_to_target(uint8_t end_blk, uint32_t end_idx,
>   uint32_t *out_server, uint8_t *out_prio);
> -void spapr_xive_init(SpaprXive *xive, Error **errp);
>  
>  /*
>   * KVM XIVE device helpers
> diff --git a/include/hw/ppc/xive.h b/include/hw/ppc/xive.h
> index a6ee7e831d8b..55c53c741776 100644
> --- a/include/hw/ppc/xive.h
> +++ b/include/hw/ppc/xive.h
> @@ -197,6 +197,7 @@ typedef struct XiveSource {
>  
>  /* KVM support */
>  void*esb_mmap;
> +MemoryRegionesb_mmio_kvm;
>  
>  XiveNotifier*xive;
>  } XiveSource;
> diff --git a/hw/intc/spapr_xive.c b/hw/intc/spapr_xive.c
> index 58c2e5d890bd..3ae311d9ff7f 100644
> --- a/hw/intc/spapr_xive.c
> +++ b/hw/intc/spapr_xive.c
> @@ -194,13 +194,6 @@ void spapr_xive_pic_print_info(SpaprXive *xive, Monitor 
> *mon)
>  }
>  }
>  
> -void spapr_xive_map_mmio(SpaprXive *xive)
> -{
> -sysbus_mmio_map(SYS_BUS_DEVICE(xive), 0, xive->vc_base);
> -sysbus_mmio_map(SYS_BUS_DEVICE(xive), 1, xive->end_base);
> -sysbus_mmio_map(SYS_BUS_DEVICE(xive), 2, xive->tm_base);
> -}
> -
>  void spapr_xive_mmio_set_enabled(SpaprXive *xive, bool enable)
>  {
>  memory_region_set_enabled(&xive->source.esb_mmio, enable);
> @@ -305,6 +298,7 @@ static void spapr_xive_realize(DeviceState *dev, Error 
> **errp)
>  error_propagate(errp, local_err);
>  return;
>  }
> +sysbus_init_mmio(SYS_BUS_DEVICE(xive), &xsrc->esb_mmio);
>  
>  /*
>   * Initialize the END ESB source
> @@ -318,6 +312,7 @@ static void spapr_xive_realize(DeviceState *dev, Error 
> **errp)
>  error_propagate(errp, local_err);
>  return;
>  }
> +sysbus_init_mmio(SYS_BUS_DEVICE(xive), &end_xsrc->esb_mmio);
>  
>  /* Set the mapping address of the END ESB pages after the source ESBs */
>  xive->end_base = xive->vc_base + (1ull << xsrc->esb_shift) * 
> xsrc->nr_irqs;
> @@ -333,31 +328,18 @@ static void spapr_xive_realize(DeviceState *dev, Error 
> **errp)
>  
>  qemu_register_reset(spapr_xive_reset, dev);
>  
> -/* Define all XIVE MMIO regions on SysBus */
> -sysbus_init_mmio(SYS_BUS_DEVICE(xive), &xsrc->esb_mmio);
> -sysbus_init_mmio(SYS_BUS_DEVICE(xive), &end_xsrc->esb_mmio);
> -sysbus_init_mmio(SYS_BUS_DEVICE(xive), &xive->tm_mmio);
> -}
> -
> -void spapr_xive_init(SpaprXive *xive, Error **errp)
> -{
> -XiveSource *xsrc = &xive->source;
> -
> -/*
> - * The emulated XIVE device can only be initialized once. If the
> - * ESB memory region has been already mapped, it means we have been
> - * through there.
> - */
> -if (memory_region_is_mapped(&xsrc->esb_mmio)) {
> -return;
> -}
> -
>  /* TIMA initialization */
>  memory_region_init_io(&xive->tm_mmio, OBJECT(xive), &xive_tm_ops, xive,
>"xive.tima", 4ull << TM_SHIFT);
> +sysbus_init_mmio(SYS_BUS_DEVICE(xive), &xive->tm_mmio);
>  
> -/* Map all regions */
> -spapr_xive_map_mmio(xive);
> +/*
> + * Map all regions. These will be enabled or disabled at reset and
> + * can also be overridden by KVM memory regions if active
> + */
> +sysbus_mmio_map(SYS_BUS_DEVICE(xive), 0, xive->vc_base);
> +sysbus_mmio_map(SYS_BUS_DEVICE(xive), 1, xive

[Qemu-devel] [PATCH v3 15/50] tcg: add MO_HADDR to TCGMemOp

[Alex Bennée]

From: "Emilio G. Cota" 

We will use this from plugins to mark mem accesses so that
we can later obtain their host address.

Signed-off-by: Emilio G. Cota 
---
 tcg/tcg.h | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 2385e758e5..966e89104d 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -367,6 +367,13 @@ typedef enum TCGMemOp {
 MO_ALIGN_32 = 5 << MO_ASHIFT,
 MO_ALIGN_64 = 6 << MO_ASHIFT,
 
+/*
+ * SoftMMU-only: if set, the TCG backend puts the corresponding host 
address
+ * in CPUArchState.hostaddr.
+ */
+MO_HSHIFT = MO_ASHIFT + 3,
+MO_HADDR = 1 << MO_HSHIFT,
+
 /* Combinations of the above, for ease of use.  */
 MO_UB= MO_8,
 MO_UW= MO_16,
-- 
2.20.1

[Qemu-devel] [PATCH v3 27/50] target/ppc: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/ppc/translate.c | 8 +++-
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index 4a5de28036..a27b5659f4 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -7864,11 +7864,9 @@ static void ppc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 LOG_DISAS("nip=" TARGET_FMT_lx " super=%d ir=%d\n",
   ctx->base.pc_next, ctx->mem_idx, (int)msr_ir);
 
-if (unlikely(need_byteswap(ctx))) {
-ctx->opcode = bswap32(cpu_ldl_code(env, ctx->base.pc_next));
-} else {
-ctx->opcode = cpu_ldl_code(env, ctx->base.pc_next);
-}
+ctx->opcode = translator_ldl_swap(env, ctx->base.pc_next,
+  need_byteswap(ctx));
+
 LOG_DISAS("translate opcode %08x (%02x %02x %02x %02x) (%s)\n",
   ctx->opcode, opc1(ctx->opcode), opc2(ctx->opcode),
   opc3(ctx->opcode), opc4(ctx->opcode),
-- 
2.20.1

[Qemu-devel] [PATCH v3 34/50] target/sparc: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/sparc/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/sparc/translate.c b/target/sparc/translate.c
index 091bab53af..c91ff11809 100644
--- a/target/sparc/translate.c
+++ b/target/sparc/translate.c
@@ -5900,7 +5900,7 @@ static void sparc_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 CPUSPARCState *env = cs->env_ptr;
 unsigned int insn;
 
-insn = cpu_ldl_code(env, dc->pc);
+insn = translator_ldl(env, dc->pc);
 dc->base.pc_next += 4;
 disas_sparc_insn(dc, insn);
 
-- 
2.20.1

[Qemu-devel] [PATCH v3 39/50] vl: support -plugin option

[Alex Bennée]

From: Lluís Vilanova 

Signed-off-by: Lluís Vilanova 
[ cota: s/instrument/plugin ]
Signed-off-by: Emilio G. Cota 
---
 qemu-options.hx | 17 +
 vl.c| 11 +++
 2 files changed, 28 insertions(+)

diff --git a/qemu-options.hx b/qemu-options.hx
index 0d8beb4afd..47bbf358db 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -4130,6 +4130,23 @@ HXCOMM HX does not support conditional compilation of 
text.
 @findex -trace
 @include qemu-option-trace.texi
 ETEXI
+DEF("plugin", HAS_ARG, QEMU_OPTION_plugin,
+"-plugin [file=][,arg=]\n"
+"load a plugin\n",
+QEMU_ARCH_ALL)
+STEXI
+@item -plugin file=@var{file}[,arg=@var{string}]
+@findex -plugin
+
+Load a plugin.
+
+@table @option
+@item file=@var{file}
+Load the given plugin from a shared library file.
+@item arg=@var{string}
+Argument string passed to the plugin. (Can be given multiple times.)
+@end table
+ETEXI
 
 HXCOMM Internal use
 DEF("qtest", HAS_ARG, QEMU_OPTION_qtest, "", QEMU_ARCH_ALL)
diff --git a/vl.c b/vl.c
index 005468cbfb..0be9667315 100644
--- a/vl.c
+++ b/vl.c
@@ -110,6 +110,7 @@ int main(int argc, char **argv)
 
 #include "trace-root.h"
 #include "trace/control.h"
+#include "qemu/plugin.h"
 #include "qemu/queue.h"
 #include "sysemu/arch_init.h"
 
@@ -2954,6 +2955,7 @@ int main(int argc, char **argv, char **envp)
 bool list_data_dirs = false;
 char *dir, **dirs;
 BlockdevOptionsQueue bdo_queue = QSIMPLEQ_HEAD_INITIALIZER(bdo_queue);
+QemuPluginList plugin_list = QTAILQ_HEAD_INITIALIZER(plugin_list);
 
 error_init(argv[0]);
 module_call_init(MODULE_INIT_TRACE);
@@ -2982,6 +2984,7 @@ int main(int argc, char **argv, char **envp)
 qemu_add_opts(&qemu_global_opts);
 qemu_add_opts(&qemu_mon_opts);
 qemu_add_opts(&qemu_trace_opts);
+qemu_plugin_add_opts();
 qemu_add_opts(&qemu_option_rom_opts);
 qemu_add_opts(&qemu_machine_opts);
 qemu_add_opts(&qemu_accel_opts);
@@ -3760,6 +3763,9 @@ int main(int argc, char **argv, char **envp)
 g_free(trace_file);
 trace_file = trace_opt_parse(optarg);
 break;
+case QEMU_OPTION_plugin:
+qemu_plugin_opt_parse(optarg, &plugin_list);
+break;
 case QEMU_OPTION_readconfig:
 {
 int ret = qemu_read_config_file(optarg);
@@ -4068,6 +4074,11 @@ int main(int argc, char **argv, char **envp)
machine_class->default_machine_opts, 0);
 }
 
+/* process plugin before CPUs are created, but once -smp has been parsed */
+if (qemu_plugin_load_list(&plugin_list)) {
+exit(1);
+}
+
 qemu_opts_foreach(qemu_find_opts("device"),
   default_driver_check, NULL, NULL);
 qemu_opts_foreach(qemu_find_opts("global"),
-- 
2.20.1

[Qemu-devel] [PATCH v3 13/50] plugin-gen: add module for TCG-related code

[Alex Bennée]

From: "Emilio G. Cota" 

We first inject empty instrumentation from translator_loop.
After translation, we go through the plugins to see what
they want to register for, filling in the empty instrumentation.
If if turns out that some instrumentation remains unused, we
remove it.

This approach supports the following features:

- Inlining TCG code for simple operations. Note that we do not
  export TCG ops to plugins. Instead, we give them a C API to
  insert inlined ops. So far we only support adding an immediate
  to a u64, e.g. to count events.

- "Direct" callbacks. These are callbacks that do not go via
  a helper. Instead, the helper is defined at run-time, so that
  the plugin code is directly called from TCG. This makes direct
  callbacks as efficient as possible; they are therefore used
  for very frequent events, e.g. memory callbacks.

- Passing the host address to memory callbacks. Most of this
  is implemented in a later patch though.

- Instrumentation of memory accesses performed from helpers.
  See the corresponding comment, as well as a later patch.

Signed-off-by: Emilio G. Cota 
[AJB: add alloc_tcg_plugin_context, use glib]
Signed-off-by: Alex Bennée 

---
v3
  - introduce alloc_tcg_plugin_context
  - allocate GPtrArray for tracking insns
---
 accel/tcg/Makefile.objs |1 +
 accel/tcg/plugin-gen.c  | 1072 +++
 accel/tcg/plugin-helpers.h  |6 +
 include/exec/helper-gen.h   |1 +
 include/exec/helper-proto.h |1 +
 include/exec/helper-tcg.h   |1 +
 include/exec/plugin-gen.h   |   66 +++
 tcg/tcg-op.h|   11 +
 tcg/tcg-opc.h   |3 +
 tcg/tcg.c   |   22 +
 tcg/tcg.h   |   20 +
 11 files changed, 1204 insertions(+)
 create mode 100644 accel/tcg/plugin-gen.c
 create mode 100644 accel/tcg/plugin-helpers.h
 create mode 100644 include/exec/plugin-gen.h

diff --git a/accel/tcg/Makefile.objs b/accel/tcg/Makefile.objs
index d381a02f34..a92f2c454b 100644
--- a/accel/tcg/Makefile.objs
+++ b/accel/tcg/Makefile.objs
@@ -6,3 +6,4 @@ obj-y += translator.o
 
 obj-$(CONFIG_USER_ONLY) += user-exec.o
 obj-$(call lnot,$(CONFIG_SOFTMMU)) += user-exec-stub.o
+obj-$(CONFIG_PLUGIN) += plugin-gen.o
diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
new file mode 100644
index 00..7994819fe6
--- /dev/null
+++ b/accel/tcg/plugin-gen.c
@@ -0,0 +1,1072 @@
+/*
+ * plugin-gen.c - TCG-related bits of plugin infrastructure
+ *
+ * Copyright (C) 2018, Emilio G. Cota 
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ *
+ * We support instrumentation at an instruction granularity. That is,
+ * if a plugin wants to instrument the memory accesses performed by a
+ * particular instruction, it can just do that instead of instrumenting
+ * all memory accesses. Thus, in order to do this we first have to
+ * translate a TB, so that plugins can decide what/where to instrument.
+ *
+ * Injecting the desired instrumentation could be done with a second
+ * translation pass that combined the instrumentation requests, but that
+ * would be ugly and inefficient since we would decode the guest code twice.
+ * Instead, during TB translation we add "empty" instrumentation calls for all
+ * possible instrumentation events, and then once we collect the 
instrumentation
+ * requests from plugins, we either "fill in" those empty events or remove them
+ * if they have no requests.
+ *
+ * When "filling in" an event we first copy the empty callback's TCG ops. This
+ * might seem unnecessary, but it is done to support an arbitrary number
+ * of callbacks per event. Take for example a regular instruction callback.
+ * We first generate a callback to an empty helper function. Then, if two
+ * plugins register one callback each for this instruction, we make two copies
+ * of the TCG ops generated for the empty callback, substituting the function
+ * pointer that points to the empty helper function with the plugins' desired
+ * callback functions. After that we remove the empty callback's ops.
+ *
+ * Note that the location in TCGOp.args[] of the pointer to a helper function
+ * varies across different guest and host architectures. Instead of duplicating
+ * the logic that figures this out, we rely on the fact that the empty
+ * callbacks point to empty functions that are unique pointers in the program.
+ * Thus, to find the right location we just have to look for a match in
+ * TCGOp.args[]. This is the main reason why we first copy an empty callback's
+ * TCG ops and then fill them in; regardless of whether we have one or many
+ * callbacks for that event, the logic to add all of them is the same.
+ *
+ * When generating more than one callback per event, we make a small
+ * optimization to avoid generating redundant operations. For instance, for the
+ * second and all subsequent callbacks of an event, we do not need to reload 
the
+ * CPU's index into a TCG temp, since the 

[Qemu-devel] [PATCH v3 17/50] atomic_template: add inline trace/plugin helpers

[Alex Bennée]

From: "Emilio G. Cota" 

In preparation for plugin support.

Signed-off-by: Emilio G. Cota 
---
 accel/tcg/atomic_template.h | 110 
 1 file changed, 75 insertions(+), 35 deletions(-)

diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
index df9c838817..04c4c7b0d2 100644
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -59,25 +59,44 @@
 # define ABI_TYPE  uint32_t
 #endif
 
-#define ATOMIC_TRACE_RMW do {   \
-uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false); \
-\
-trace_guest_mem_before_exec(env_cpu(env), addr, info);  \
-trace_guest_mem_before_exec(env_cpu(env), addr, \
-info | TRACE_MEM_ST);   \
-} while (0)
-
-#define ATOMIC_TRACE_LD do {\
-uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false); \
-\
-trace_guest_mem_before_exec(env_cpu(env), addr, info);  \
-} while (0)
-
-# define ATOMIC_TRACE_ST do {   \
-uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, true); \
-\
-trace_guest_mem_before_exec(env_cpu(env), addr, info);  \
-} while (0)
+#ifndef ATOMIC_TEMPLATE_COMMON
+#define ATOMIC_TEMPLATE_COMMON
+static inline
+void atomic_trace_rmw_pre(CPUArchState *env, target_ulong addr, uint8_t info)
+{
+CPUState *cpu = env_cpu(env);
+
+trace_guest_mem_before_exec(cpu, addr, info);
+trace_guest_mem_before_exec(cpu, addr, info | TRACE_MEM_ST);
+}
+
+static inline void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
+ void *haddr, uint8_t info)
+{
+}
+
+static inline
+void atomic_trace_ld_pre(CPUArchState *env, target_ulong addr, uint8_t info)
+{
+trace_guest_mem_before_exec(env_cpu(env), addr, info);
+}
+
+static inline void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
+void *haddr, uint8_t info)
+{
+}
+
+static inline
+void atomic_trace_st_pre(CPUArchState *env, target_ulong addr, uint8_t info)
+{
+trace_guest_mem_before_exec(env_cpu(env), addr, info);
+}
+
+static inline void atomic_trace_st_post(CPUArchState *env, target_ulong addr,
+void *haddr, uint8_t info)
+{
+}
+#endif /* ATOMIC_TEMPLATE_COMMON */
 
 /* Define host-endian atomic operations.  Note that END is used within
the ATOMIC_NAME macro, and redefined below.  */
@@ -98,14 +117,16 @@ ABI_TYPE ATOMIC_NAME(cmpxchg)(CPUArchState *env, 
target_ulong addr,
 ATOMIC_MMU_DECLS;
 DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;
 DATA_TYPE ret;
+uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false);
 
-ATOMIC_TRACE_RMW;
+atomic_trace_rmw_pre(env, addr, info);
 #if DATA_SIZE == 16
 ret = atomic16_cmpxchg(haddr, cmpv, newv);
 #else
 ret = atomic_cmpxchg__nocheck(haddr, cmpv, newv);
 #endif
 ATOMIC_MMU_CLEANUP;
+atomic_trace_rmw_post(env, addr, haddr, info);
 return ret;
 }
 
@@ -115,10 +136,12 @@ ABI_TYPE ATOMIC_NAME(ld)(CPUArchState *env, target_ulong 
addr EXTRA_ARGS)
 {
 ATOMIC_MMU_DECLS;
 DATA_TYPE val, *haddr = ATOMIC_MMU_LOOKUP;
+uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false);
 
-ATOMIC_TRACE_LD;
+atomic_trace_ld_pre(env, addr, info);
 val = atomic16_read(haddr);
 ATOMIC_MMU_CLEANUP;
+atomic_trace_ld_post(env, addr, haddr, info);
 return val;
 }
 
@@ -127,10 +150,12 @@ void ATOMIC_NAME(st)(CPUArchState *env, target_ulong addr,
 {
 ATOMIC_MMU_DECLS;
 DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;
+uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, true);
 
-ATOMIC_TRACE_ST;
+atomic_trace_st_pre(env, addr, info);
 atomic16_set(haddr, val);
 ATOMIC_MMU_CLEANUP;
+atomic_trace_st_post(env, addr, haddr, info);
 }
 #endif
 #else
@@ -140,10 +165,12 @@ ABI_TYPE ATOMIC_NAME(xchg)(CPUArchState *env, 
target_ulong addr,
 ATOMIC_MMU_DECLS;
 DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;
 DATA_TYPE ret;
+uint8_t info = glue(trace_mem_build_info_no_se, MEND)(SHIFT, false);
 
-ATOMIC_TRACE_RMW;
+atomic_trace_rmw_pre(env, addr, info);
 ret = atomic_xchg__nocheck(haddr, val);
 ATOMIC_MMU_CLEANUP;
+atomic_trace_rmw_post(env, addr, haddr, info);
 return ret;
 }
 
@@ -154,10 +181,12 @@ ABI_TYPE ATOMIC_NAME(X)(CPUArchState *env, target_ulong 
addr,   \
 ATOMIC_MMU_DECLS;   \
 DATA_TYPE *haddr = ATOMIC_MMU_LOOKUP;   \
 DATA_TYPE ret;  

[Qemu-devel] [PATCH v3 19/50] tcg: let plugins instrument memory accesses

[Alex Bennée]

From: "Emilio G. Cota" 

XXX: store hostaddr from non-i386 TCG backends (do it in a helper?)
XXX: what hostaddr to return for I/O accesses?
XXX: what hostaddr to return for cross-page accesses?

Here the trickiest feature is passing the host address to
memory callbacks that request it. Perhaps it would be more
appropriate to pass a "physical" address to plugins, but since
in QEMU host addr ~= guest physical, I'm going with that for
simplicity.

To keep the implementation simple we piggy-back on the TLB fast path,
and thus can only provide the host address _after_ memory accesses
have occurred. For the slow path, it's a bit tedious because there
are many places to update, but it's fairly simple.

However, note that cross-page accesses are tricky, since the
access might be to non-contiguous host addresses. So I'm punting
on that and just passing NULL.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Alex Bennée 

---
v3
  - fixes for cpu_neg()
---
 accel/tcg/atomic_template.h   |  5 +++
 accel/tcg/cpu-exec.c  |  3 ++
 accel/tcg/cputlb.c| 37 +
 accel/tcg/plugin-gen.c| 17 +-
 include/exec/cpu-defs.h   |  9 +
 include/exec/cpu_ldst.h   |  9 +
 include/exec/cpu_ldst_template.h  | 40 ++-
 include/exec/cpu_ldst_useronly_template.h | 34 ---
 tcg/i386/tcg-target.inc.c |  8 +
 tcg/tcg-op.c  | 40 ++-
 tcg/tcg.h |  1 +
 11 files changed, 153 insertions(+), 50 deletions(-)

diff --git a/accel/tcg/atomic_template.h b/accel/tcg/atomic_template.h
index 04c4c7b0d2..33ddfd498c 100644
--- a/accel/tcg/atomic_template.h
+++ b/accel/tcg/atomic_template.h
@@ -18,6 +18,7 @@
  * License along with this library; if not, see .
  */
 
+#include "qemu/plugin.h"
 #include "trace/mem.h"
 
 #if DATA_SIZE == 16
@@ -73,6 +74,8 @@ void atomic_trace_rmw_pre(CPUArchState *env, target_ulong 
addr, uint8_t info)
 static inline void atomic_trace_rmw_post(CPUArchState *env, target_ulong addr,
  void *haddr, uint8_t info)
 {
+qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, haddr, info);
+qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, haddr, info | TRACE_MEM_ST);
 }
 
 static inline
@@ -84,6 +87,7 @@ void atomic_trace_ld_pre(CPUArchState *env, target_ulong 
addr, uint8_t info)
 static inline void atomic_trace_ld_post(CPUArchState *env, target_ulong addr,
 void *haddr, uint8_t info)
 {
+qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, haddr, info);
 }
 
 static inline
@@ -95,6 +99,7 @@ void atomic_trace_st_pre(CPUArchState *env, target_ulong 
addr, uint8_t info)
 static inline void atomic_trace_st_post(CPUArchState *env, target_ulong addr,
 void *haddr, uint8_t info)
 {
+qemu_plugin_vcpu_mem_cb(env_cpu(env), addr, haddr, info);
 }
 #endif /* ATOMIC_TEMPLATE_COMMON */
 
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
index 6c85c3ee1e..c21353e54f 100644
--- a/accel/tcg/cpu-exec.c
+++ b/accel/tcg/cpu-exec.c
@@ -272,6 +272,7 @@ void cpu_exec_step_atomic(CPUState *cpu)
 qemu_mutex_unlock_iothread();
 }
 assert_no_pages_locked();
+qemu_plugin_disable_mem_helpers(cpu);
 }
 
 if (in_exclusive_region) {
@@ -705,6 +706,8 @@ int cpu_exec(CPUState *cpu)
 if (qemu_mutex_iothread_locked()) {
 qemu_mutex_unlock_iothread();
 }
+qemu_plugin_disable_mem_helpers(cpu);
+
 assert_no_pages_locked();
 }
 
diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 6a0dc438ff..b39c1f06f7 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -879,9 +879,18 @@ static void tlb_fill(CPUState *cpu, target_ulong addr, int 
size,
 assert(ok);
 }
 
+static inline void set_hostaddr(CPUArchState *env, TCGMemOp mo, void *haddr)
+{
+#ifdef CONFIG_PLUGIN
+if (mo & MO_HADDR) {
+env_tlb(env)->c.hostaddr = haddr;
+}
+#endif
+}
+
 static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry *iotlbentry,
  int mmu_idx, target_ulong addr, uintptr_t retaddr,
- MMUAccessType access_type, int size)
+ TCGMemOp mo, MMUAccessType access_type, int size)
 {
 CPUState *cpu = env_cpu(env);
 hwaddr mr_offset;
@@ -891,6 +900,9 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry 
*iotlbentry,
 bool locked = false;
 MemTxResult r;
 
+/* XXX Any sensible choice other than NULL? */
+set_hostaddr(env, mo, NULL);
+
 section = iotlb_to_section(cpu, iotlbentry->addr, iotlbentry->attrs);
 mr = section->mr;
 mr_offset = (iotlbentry->addr & TARGET_PAGE_MASK) + addr;
@@ -925,7 +937,7 @@ static uint64_t io_readx(CPUArchState *env, CPUIOTLBEntry 
*iot

[Qemu-devel] [PATCH v3 24/50] plugin-gen: add plugin_insn_append

[Alex Bennée]

From: "Emilio G. Cota" 

By adding it to plugin-gen's header file, we can export is as
an inline, since tcg.h is included in the header (we need tcg_ctx).

Signed-off-by: Emilio G. Cota 

---
v3
  - use g_byte_array
---
 accel/tcg/plugin-gen.c| 10 +-
 include/exec/plugin-gen.h | 23 ++-
 2 files changed, 23 insertions(+), 10 deletions(-)

diff --git a/accel/tcg/plugin-gen.c b/accel/tcg/plugin-gen.c
index 9d9ec29765..758fc5d099 100644
--- a/accel/tcg/plugin-gen.c
+++ b/accel/tcg/plugin-gen.c
@@ -60,9 +60,17 @@
 /*
  * plugin_cb_start TCG op args[]:
  * 0: enum plugin_gen_from
- * 1: enum plugin_gen_cb (defined below)
+ * 1: enum plugin_gen_cb
  * 2: set to 1 if it's a mem callback and it's a write, 0 otherwise.
  */
+enum plugin_gen_from {
+PLUGIN_GEN_FROM_TB,
+PLUGIN_GEN_FROM_INSN,
+PLUGIN_GEN_FROM_MEM,
+PLUGIN_GEN_AFTER_INSN,
+PLUGIN_GEN_N_FROMS,
+};
+
 enum plugin_gen_cb {
 PLUGIN_GEN_CB_UDATA,
 PLUGIN_GEN_CB_INLINE,
diff --git a/include/exec/plugin-gen.h b/include/exec/plugin-gen.h
index 449ea16034..316638c736 100644
--- a/include/exec/plugin-gen.h
+++ b/include/exec/plugin-gen.h
@@ -15,15 +15,6 @@
 #include "qemu/plugin.h"
 #include "tcg/tcg.h"
 
-/* used by plugin_callback_start and plugin_callback_end TCG ops */
-enum plugin_gen_from {
-PLUGIN_GEN_FROM_TB,
-PLUGIN_GEN_FROM_INSN,
-PLUGIN_GEN_FROM_MEM,
-PLUGIN_GEN_AFTER_INSN,
-PLUGIN_GEN_N_FROMS,
-};
-
 struct DisasContextBase;
 
 #ifdef CONFIG_PLUGIN
@@ -36,6 +27,17 @@ void plugin_gen_insn_end(void);
 void plugin_gen_disable_mem_helpers(void);
 void plugin_gen_empty_mem_callback(TCGv addr, uint8_t info);
 
+static inline void plugin_insn_append(const void *from, size_t size)
+{
+struct qemu_plugin_insn *insn = tcg_ctx->plugin_insn;
+
+if (insn == NULL) {
+return;
+}
+
+insn->data = g_byte_array_append(insn->data, from, size);
+}
+
 #else /* !CONFIG_PLUGIN */
 
 static inline
@@ -60,6 +62,9 @@ static inline void plugin_gen_disable_mem_helpers(void)
 static inline void plugin_gen_empty_mem_callback(TCGv addr, uint8_t info)
 { }
 
+static inline void plugin_insn_append(const void *from, size_t size)
+{ }
+
 #endif /* CONFIG_PLUGIN */
 
 #endif /* QEMU_PLUGIN_GEN_H */
-- 
2.20.1

[Qemu-devel] [PATCH v3 32/50] target/alpha: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/alpha/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/alpha/translate.c b/target/alpha/translate.c
index 2c9cccf6c1..daf1e05cba 100644
--- a/target/alpha/translate.c
+++ b/target/alpha/translate.c
@@ -2989,7 +2989,7 @@ static void alpha_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cpu)
 {
 DisasContext *ctx = container_of(dcbase, DisasContext, base);
 CPUAlphaState *env = cpu->env_ptr;
-uint32_t insn = cpu_ldl_code(env, ctx->base.pc_next);
+uint32_t insn = translator_ldl(env, ctx->base.pc_next);
 
 ctx->base.pc_next += 4;
 ctx->base.is_jmp = translate_one(ctx, insn);
-- 
2.20.1

[Qemu-devel] [PATCH v3 37/50] translator: inject instrumentation from plugins

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 accel/tcg/translator.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/accel/tcg/translator.c b/accel/tcg/translator.c
index 9226a348a3..161b494a54 100644
--- a/accel/tcg/translator.c
+++ b/accel/tcg/translator.c
@@ -16,6 +16,7 @@
 #include "exec/gen-icount.h"
 #include "exec/log.h"
 #include "exec/translator.h"
+#include "exec/plugin-gen.h"
 
 /* Pairs with tcg_clear_temp_count.
To be called by #TranslatorOps.{translate_insn,tb_stop} if
@@ -34,6 +35,7 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
  CPUState *cpu, TranslationBlock *tb, int max_insns)
 {
 int bp_insn = 0;
+bool plugin_enabled;
 
 /* Initialize DisasContext */
 db->tb = tb;
@@ -55,11 +57,17 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
 ops->tb_start(db, cpu);
 tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
 
+plugin_enabled = plugin_gen_tb_start(cpu, tb);
+
 while (true) {
 db->num_insns++;
 ops->insn_start(db, cpu);
 tcg_debug_assert(db->is_jmp == DISAS_NEXT);  /* no early exit */
 
+if (plugin_enabled) {
+plugin_gen_insn_start(cpu, db);
+}
+
 /* Pass breakpoint hits to target for further processing */
 if (!db->singlestep_enabled
 && unlikely(!QTAILQ_EMPTY(&cpu->breakpoints))) {
@@ -95,6 +103,10 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
 ops->translate_insn(db, cpu);
 }
 
+if (plugin_enabled) {
+plugin_gen_insn_end();
+}
+
 /* Stop translation if translate_insn so indicated.  */
 if (db->is_jmp != DISAS_NEXT) {
 break;
@@ -112,6 +124,10 @@ void translator_loop(const TranslatorOps *ops, 
DisasContextBase *db,
 ops->tb_stop(db, cpu);
 gen_tb_end(db->tb, db->num_insns - bp_insn);
 
+if (plugin_enabled) {
+plugin_gen_tb_end(cpu);
+}
+
 /* The disas_log hook may use these values rather than recompute.  */
 db->tb->size = db->pc_next - db->pc_first;
 db->tb->icount = db->num_insns;
-- 
2.20.1

[Qemu-devel] [PATCH v3 48/50] include/exec: wrap cpu_ldst.h in CONFIG_TCG

[Alex Bennée]

This gets around a build problem with --disable-tcg.

Signed-off-by: Alex Bennée 
---
 include/exec/exec-all.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 90045e77c1..fa4d5b9533 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -21,7 +21,9 @@
 #define EXEC_ALL_H
 
 #include "exec/tb-context.h"
+#ifdef CONFIG_TCG
 #include "exec/cpu_ldst.h"
+#endif
 #include "sysemu/cpus.h"
 
 /* allow to see translation results - the slowdown should be negligible, so we 
leave it */
-- 
2.20.1

[Qemu-devel] [PATCH v3 49/50] include/exec/cpu-defs.h: fix typo

[Alex Bennée]

Signed-off-by: Alex Bennée 
---
 include/exec/cpu-defs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 354788385b..b529c2013e 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -241,7 +241,7 @@ typedef struct CPUTLB { } CPUTLB;
 #endif  /* !CONFIG_USER_ONLY && CONFIG_TCG */
 
 /*
- * This structure must be placed in ArchCPU immedately
+ * This structure must be placed in ArchCPU immediately
  * before CPUArchState, as a field named "neg".
  */
 typedef struct CPUNegativeOffsetState {
-- 
2.20.1

[Qemu-devel] [PATCH v3 30/50] target/hppa: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/hppa/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/hppa/translate.c b/target/hppa/translate.c
index 188fe688cb..36a784e293 100644
--- a/target/hppa/translate.c
+++ b/target/hppa/translate.c
@@ -4217,7 +4217,7 @@ static void hppa_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 {
 /* Always fetch the insn, even if nullified, so that we check
the page permissions for execute.  */
-uint32_t insn = cpu_ldl_code(env, ctx->base.pc_next);
+uint32_t insn = translator_ldl(env, ctx->base.pc_next);
 
 /* Set up the IA queue for the next insn.
This will be overwritten by a branch.  */
-- 
2.20.1

Re: [Qemu-devel] [PATCH 2/2] target/arm: Only implement doubles if the FPU supports them

[Richard Henderson]

On 6/14/19 3:44 AM, Peter Maydell wrote:
> @@ -173,6 +173,11 @@ static bool trans_VSEL(DisasContext *s, arg_VSEL *a)
>  ((a->vm | a->vn | a->vd) & 0x10)) {
>  return false;
>  }
> +
> +if (dp && !dc_isar_feature(aa32_fpdp, s)) {
> +return false;
> +}

Would it be cleaner to define something like

static bool vfp_dp_enabled(DisasContext *s, int regmask)
{
if (!dc_isar_feature(aa32_fpdp, s)) {
/* All double-precision disabled.  */
return false;
}
if (!dc_isar_feature(aa32_fp_d32, s) && (regmask & 0x10)) {
/* D16-D31 do not exist.  */
return false;
}
return true;
}

Then use

if (dp && !vfp_dp_enabled(s, a->vm | a->vn | a->vd))

?


r~

Re: [Qemu-devel] [PATCH v2] qapi: InitSocketAddress: add keepalive option

[Vladimir Sementsov-Ogievskiy]

11.06.2019 16:48, Markus Armbruster wrote:
> You misspelled InetSocketAddress and keep-alive in the subject.  Suggest
> 
>  qapi: Add InetSocketAddress member keep-alive

Ohh, I feel stupid

> 
> Vladimir Sementsov-Ogievskiy  writes:
> 
>> It's needed to provide keepalive for nbd client to track server
>> availability.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy 
>> ---
>>
>> v2: [by Markus's comments]
>>   - improve commit message
>>   - s/keepalive/keep-alive
>>   - update inet_parse()
>>
>>
>>   qapi/sockets.json   |  5 -
>>   util/qemu-sockets.c | 22 ++
>>   2 files changed, 26 insertions(+), 1 deletion(-)
>>
>> diff --git a/qapi/sockets.json b/qapi/sockets.json
>> index fc81d8d5e8..13a2627e1d 100644
>> --- a/qapi/sockets.json
>> +++ b/qapi/sockets.json
>> @@ -53,6 +53,8 @@
>>   #
>>   # @ipv6: whether to accept IPv6 addresses, default try both IPv4 and IPv6
>>   #
>> +# @keep-alive: enable keep-alive when connecting to this socket (Since 4.1)
>> +#
>>   # Since: 1.3
>>   ##
>>   { 'struct': 'InetSocketAddress',
> 
> Please document that @keep-alive is silently ignored for passive
> sockets.
> 
> Even better would be rejecting it then, of course.

Ok

> 
>> @@ -61,7 +63,8 @@
>>   '*numeric':  'bool',
>>   '*to': 'uint16',
>>   '*ipv4': 'bool',
>> -'*ipv6': 'bool' } }
>> +'*ipv6': 'bool',
>> +'*keep-alive': 'bool' } }
>>   
>>   ##
>>   # @UnixSocketAddress:
>> diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
>> index 8850a280a8..9c842c4a93 100644
>> --- a/util/qemu-sockets.c
>> +++ b/util/qemu-sockets.c
>> @@ -457,6 +457,19 @@ int inet_connect_saddr(InetSocketAddress *saddr, Error 
>> **errp)
>>   }
>>   
>>   freeaddrinfo(res);
>> +
>> +if (saddr->keep_alive) {
>> +int val = 1;
>> +int ret = qemu_setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
>> +  &val, sizeof(val));
>> +
>> +if (ret < 0) {
>> +error_setg_errno(errp, errno, "Unable to set KEEPALIVE");
>> +close(sock);
>> +return -1;
>> +}
>> +}
>> +
>>   return sock;
>>   }
>>   
>> @@ -652,6 +665,15 @@ int inet_parse(InetSocketAddress *addr, const char 
>> *str, Error **errp)
>>   }
>>   addr->has_ipv6 = true;
>>   }
>> +begin = strstr(optstr, ",keep-alive");
>> +if (begin) {
>> +if (inet_parse_flag("keep-alive", begin + strlen("keep-alive="),
> 
> Shouldn't you use strlen(",keep-alive")?

Hmm yes.

> 
>> +&addr->keep_alive, errp) < 0)
>> +{
>> +return -1;
>> +}
>> +addr->has_keep_alive = true;
>> +}
>>   return 0;
>>   }

Thanks for reviewing, I'll resend soon.

-- 
Best regards,
Vladimir

[Qemu-devel] [Bug 1832877] Re: qemu-bridge-helper undocumented and broken

[Michal Suchanek]

Also this is what bridge.conf contains:

# Access control file for qemu bridge helper
# Syntax consists of:
#   # comment (ignored)
#   allow all
#   allow 
#   deny all
#   deny 
#   include /path/to/additional/ACL/file
# Users are blacklisted by default and 'deny' takes precedence over 'allow'.
# Including additional ACL files allows file access permissions to be used as
# a component of the policy to allow access or deny access to specific bridges.

How are users specified? Or is the mention of users bogus?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1832877

Title:
  qemu-bridge-helper undocumented and broken

Status in QEMU:
  New

Bug description:
  qemu output:

  access denied by acl file
  qemu-system-ppc64: bridge helper failed

  Option description:

-netdev bridge,id=id[,br=bridge][,helper=helper]
 Connect a host TAP network interface to a host bridge device.

 Use the network helper helper to configure the TAP interface and 
attach it to the bridge. The default network
 helper executable is /path/to/qemu-bridge-helper and the default 
bridge device is br0.

 Examples:

 #launch a QEMU instance with the default network helper to
 #connect a TAP device to bridge br0
 qemu-system-i386 linux.img -netdev bridge,id=n1 -device 
virtio-net,netdev=n1


 #launch a QEMU instance with the default network helper to
 #connect a TAP device to bridge qemubr0
 qemu-system-i386 linux.img -netdev bridge,br=qemubr0,id=n1 
-device virtio-net,netdev=n1

  
  What is the acl file? What is the interface to qemu-bridge-helper?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1832877/+subscriptions

[Qemu-devel] [PATCH v3 43/50] tests/plugin: add a hotblocks plugin

[Alex Bennée]

This is a simple plugin to track which translation blocks are call
most often. As we don't have a view of the internals of TCG we can
only work by the address of the start of the block so we also need to
tracks how often the address is translated.

As there will be multiple blocks starting at the same address. We can
try and work around this by futzing the value to feed to the hash with
the insn count.

Signed-off-by: Alex Bennée 
---
 tests/plugin/Makefile|   1 +
 tests/plugin/hotblocks.c | 145 +++
 2 files changed, 146 insertions(+)
 create mode 100644 tests/plugin/hotblocks.c

diff --git a/tests/plugin/Makefile b/tests/plugin/Makefile
index f9a3546ea3..e74940eaac 100644
--- a/tests/plugin/Makefile
+++ b/tests/plugin/Makefile
@@ -10,6 +10,7 @@ NAMES += bb
 NAMES += empty
 NAMES += insn
 NAMES += mem
+NAMES += hotblocks
 
 SONAMES := $(addsuffix .so,$(addprefix lib,$(NAMES)))
 
diff --git a/tests/plugin/hotblocks.c b/tests/plugin/hotblocks.c
new file mode 100644
index 00..acb890e320
--- /dev/null
+++ b/tests/plugin/hotblocks.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright (C) 2019, Alex Bennée 
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+static bool do_inline;
+static int stdout_fd;
+
+/* Plugins need to take care of their own locking */
+static GMutex lock;
+static GHashTable *hotblocks;
+static guint64 limit = 20;
+
+/*
+ * Counting Structure
+ *
+ * The internals of the TCG are not exposed to plugins so we can only
+ * get the starting PC for each block. As a result we will see
+ * multiple translations at the same PC, we aggregate them here.
+ */
+typedef struct {
+uint64_t start_addr;
+uint64_t exec_count;
+int  trans_count;
+unsigned long insns;
+} ExecCount;
+
+static gint cmp_exec_count(gconstpointer a, gconstpointer b)
+{
+ExecCount *ea = (ExecCount *) a;
+ExecCount *eb = (ExecCount *) b;
+return ea->exec_count > eb->exec_count ? -1 : 1;
+}
+
+static void plugin_exit(qemu_plugin_id_t id, void *p)
+{
+GString *report = g_string_new("collected ");
+GList *counts, *it;
+int i;
+
+g_mutex_lock(&lock);
+g_string_append_printf(report, "%d entries in the hash table\n",
+   g_hash_table_size(hotblocks));
+counts = g_hash_table_get_values(hotblocks);
+it = g_list_sort(counts, cmp_exec_count);
+
+for (i = 0; i < limit && it->next; i++, it = it->next) {
+ExecCount *rec = (ExecCount *) it->data;
+g_string_append_printf(report, "  pc: %#" PRIx64 " (%d block%s, %ld 
insns, %" PRId64" total hits)\n",
+   rec->start_addr,
+   rec->trans_count, rec->trans_count < 2 ? "" : 
"s",
+   rec->insns, rec->exec_count);
+}
+
+g_mutex_unlock(&lock);
+g_list_free(it);
+
+dprintf(stdout_fd, "%s", report->str);
+g_string_free(report, true);
+}
+
+static void plugin_init(void)
+{
+hotblocks = g_hash_table_new(NULL, g_direct_equal);
+}
+
+static void vcpu_tb_exec(unsigned int cpu_index, void *udata)
+{
+ExecCount *cnt;
+uint64_t cheap_hash = (uint64_t) udata;
+
+g_mutex_lock(&lock);
+cnt = (ExecCount *) g_hash_table_lookup(hotblocks, (gconstpointer) 
cheap_hash);
+/* should always succeed */
+g_assert(cnt);
+cnt->exec_count++;
+g_mutex_unlock(&lock);
+}
+
+/*
+ * When do_inline we ask the plugin to increment the counter for us.
+ * Otherwise a helper is inserted which calls the vcpu_tb_exec
+ * callback.
+ */
+static void vcpu_tb_trans(qemu_plugin_id_t id, unsigned int cpu_index,
+  struct qemu_plugin_tb *tb)
+{
+ExecCount *cnt;
+uint64_t pc = qemu_plugin_tb_vaddr(tb);
+unsigned long insns = qemu_plugin_tb_n_insns(tb);
+uint64_t cheap_hash = pc ^ insns;
+
+g_mutex_lock(&lock);
+cnt = (ExecCount *) g_hash_table_lookup(hotblocks, (gconstpointer) 
cheap_hash);
+if (cnt) {
+cnt->trans_count++;
+} else {
+cnt = g_new0(ExecCount, 1);
+cnt->start_addr = pc;
+cnt->trans_count = 1;
+cnt->insns = insns;
+g_hash_table_insert(hotblocks, (gpointer) cheap_hash, (gpointer) cnt);
+}
+
+g_mutex_unlock(&lock);
+
+if (do_inline) {
+qemu_plugin_register_vcpu_tb_exec_inline(tb, 
QEMU_PLUGIN_INLINE_ADD_U64,
+ &cnt->exec_count, 1);
+} else {
+qemu_plugin_register_vcpu_tb_exec_cb(tb, vcpu_tb_exec,
+ QEMU_PLUGIN_CB_NO_REGS,
+ (void *)cheap_hash);
+}
+}
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, int argc,
+   char **argv)
+{
+if (argc && strcmp(argv[0], "inline") == 0) {
+

[Qemu-devel] [PATCH v3 26/50] target/arm: call qemu_plugin_insn_append

[Alex Bennée]

From: "Emilio G. Cota" 

I considered using translator_ld* from arm_ldl_code
et al. However, note that there's a helper that also calls
arm_ldl_code, so we'd have to change that caller.

In thumb's case I'm also calling plugin_insn_append directly,
since we can't assume that all instructions are 16 bits long.

Signed-off-by: Emilio G. Cota 
---
 target/arm/translate-a64.c | 2 ++
 target/arm/translate.c | 8 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/target/arm/translate-a64.c b/target/arm/translate-a64.c
index ae739f6575..25dd34a745 100644
--- a/target/arm/translate-a64.c
+++ b/target/arm/translate-a64.c
@@ -39,6 +39,7 @@
 #include "trace-tcg.h"
 #include "translate-a64.h"
 #include "qemu/atomic128.h"
+#include "qemu/plugin.h"
 
 static TCGv_i64 cpu_X[32];
 static TCGv_i64 cpu_pc;
@@ -14205,6 +14206,7 @@ static void disas_a64_insn(CPUARMState *env, 
DisasContext *s)
 uint32_t insn;
 
 insn = arm_ldl_code(env, s->pc, s->sctlr_b);
+plugin_insn_append(&insn, sizeof(insn));
 s->insn = insn;
 s->pc += 4;
 
diff --git a/target/arm/translate.c b/target/arm/translate.c
index c274c8b460..d049844b4a 100644
--- a/target/arm/translate.c
+++ b/target/arm/translate.c
@@ -12122,6 +12122,7 @@ static void arm_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cpu)
 }
 
 insn = arm_ldl_code(env, dc->pc, dc->sctlr_b);
+plugin_insn_append(&insn, sizeof(insn));
 dc->insn = insn;
 dc->pc += 4;
 disas_arm_insn(dc, insn);
@@ -12192,11 +12193,16 @@ static void thumb_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cpu)
 insn = arm_lduw_code(env, dc->pc, dc->sctlr_b);
 is_16bit = thumb_insn_is_16bit(dc, insn);
 dc->pc += 2;
-if (!is_16bit) {
+if (is_16bit) {
+uint16_t insn16 = insn;
+
+plugin_insn_append(&insn16, sizeof(insn16));
+} else {
 uint32_t insn2 = arm_lduw_code(env, dc->pc, dc->sctlr_b);
 
 insn = insn << 16 | insn2;
 dc->pc += 2;
+plugin_insn_append(&insn, sizeof(insn));
 }
 dc->insn = insn;
 
-- 
2.20.1

[Qemu-devel] [PATCH v3 20/50] translate-all: notify plugin code of tb_flush

[Alex Bennée]

From: "Emilio G. Cota" 

Plugins might allocate per-TB data that then they get passed each
time a TB is executed (via the *userdata pointer).

Notify plugin code every time a code cache flush occurs, so
that plugins can then reclaim the memory of the per-TB data.

Reviewed-by: Alex Bennée 
Signed-off-by: Emilio G. Cota 
---
 accel/tcg/translate-all.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 54998e39c6..28a92e6d8b 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1231,6 +1231,8 @@ static gboolean tb_host_size_iter(gpointer key, gpointer 
value, gpointer data)
 /* flush all the translation blocks */
 static void do_tb_flush(CPUState *cpu, run_on_cpu_data tb_flush_count)
 {
+bool did_flush = false;
+
 mmap_lock();
 /* If it is already been done on request of another CPU,
  * just retry.
@@ -1238,6 +1240,7 @@ static void do_tb_flush(CPUState *cpu, run_on_cpu_data 
tb_flush_count)
 if (tb_ctx.tb_flush_count != tb_flush_count.host_int) {
 goto done;
 }
+did_flush = true;
 
 if (DEBUG_TB_FLUSH_GATE) {
 size_t nb_tbs = tcg_nb_tbs();
@@ -1262,6 +1265,9 @@ static void do_tb_flush(CPUState *cpu, run_on_cpu_data 
tb_flush_count)
 
 done:
 mmap_unlock();
+if (did_flush) {
+qemu_plugin_flush_cb();
+}
 }
 
 void tb_flush(CPUState *cpu)
-- 
2.20.1

[Qemu-devel] [PATCH v3 29/50] target/i386: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/i386/translate.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/target/i386/translate.c b/target/i386/translate.c
index 03150a86e2..bf4cd875ab 100644
--- a/target/i386/translate.c
+++ b/target/i386/translate.c
@@ -1925,28 +1925,28 @@ static uint64_t advance_pc(CPUX86State *env, 
DisasContext *s, int num_bytes)
 
 static inline uint8_t x86_ldub_code(CPUX86State *env, DisasContext *s)
 {
-return cpu_ldub_code(env, advance_pc(env, s, 1));
+return translator_ldub(env, advance_pc(env, s, 1));
 }
 
 static inline int16_t x86_ldsw_code(CPUX86State *env, DisasContext *s)
 {
-return cpu_ldsw_code(env, advance_pc(env, s, 2));
+return translator_ldsw(env, advance_pc(env, s, 2));
 }
 
 static inline uint16_t x86_lduw_code(CPUX86State *env, DisasContext *s)
 {
-return cpu_lduw_code(env, advance_pc(env, s, 2));
+return translator_lduw(env, advance_pc(env, s, 2));
 }
 
 static inline uint32_t x86_ldl_code(CPUX86State *env, DisasContext *s)
 {
-return cpu_ldl_code(env, advance_pc(env, s, 4));
+return translator_ldl(env, advance_pc(env, s, 4));
 }
 
 #ifdef TARGET_X86_64
 static inline uint64_t x86_ldq_code(CPUX86State *env, DisasContext *s)
 {
-return cpu_ldq_code(env, advance_pc(env, s, 8));
+return translator_ldq(env, advance_pc(env, s, 8));
 }
 #endif
 
-- 
2.20.1

[Qemu-devel] [PATCH v3 11/50] cputlb: document get_page_addr_code

[Alex Bennée]

From: "Emilio G. Cota" 

Suggested-by: Alex Bennée 
Signed-off-by: Emilio G. Cota 
---
 accel/tcg/cputlb.c  |  5 -
 include/exec/exec-all.h | 24 +---
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index bb9897b25a..3237ff4def 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1015,11 +1015,6 @@ static bool victim_tlb_hit(CPUArchState *env, size_t 
mmu_idx, size_t index,
   victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
  (ADDR) & TARGET_PAGE_MASK)
 
-/* NOTE: this function can trigger an exception */
-/* NOTE2: the returned address is not exactly the physical address: it
- * is actually a ram_addr_t (in system mode; the user mode emulation
- * version of this function returns a guest virtual address).
- */
 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
 {
 uintptr_t mmu_idx = cpu_mmu_index(env, true);
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 16034ee651..8b1c3d5b9d 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -480,7 +480,15 @@ void mmap_lock(void);
 void mmap_unlock(void);
 bool have_mmap_lock(void);
 
-static inline tb_page_addr_t get_page_addr_code(CPUArchState *env1, 
target_ulong addr)
+/**
+ * get_page_addr_code() - user-mode version
+ * @env: CPUArchState
+ * @addr: guest virtual address of guest code
+ *
+ * Returns @addr.
+ */
+static inline tb_page_addr_t get_page_addr_code(CPUArchState *env,
+target_ulong addr)
 {
 return addr;
 }
@@ -488,8 +496,18 @@ static inline tb_page_addr_t 
get_page_addr_code(CPUArchState *env1, target_ulong
 static inline void mmap_lock(void) {}
 static inline void mmap_unlock(void) {}
 
-/* cputlb.c */
-tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr);
+/**
+ * get_page_addr_code() - full-system version
+ * @env: CPUArchState
+ * @addr: guest virtual address of guest code
+ *
+ * If we cannot translate and execute from the entire RAM page, or if
+ * the region is not backed by RAM, returns -1. Otherwise, returns the
+ * ram_addr_t corresponding to the guest code at @addr.
+ *
+ * Note: this function can trigger an exception.
+ */
+tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr);
 
 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length);
 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr);
-- 
2.20.1

[Qemu-devel] [PATCH v3 33/50] target/riscv: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/riscv/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/translate.c b/target/riscv/translate.c
index 313c27b700..899abf41fa 100644
--- a/target/riscv/translate.c
+++ b/target/riscv/translate.c
@@ -793,7 +793,7 @@ static void riscv_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cpu)
 DisasContext *ctx = container_of(dcbase, DisasContext, base);
 CPURISCVState *env = cpu->env_ptr;
 
-ctx->opcode = cpu_ldl_code(env, ctx->base.pc_next);
+ctx->opcode = translator_ldl(env, ctx->base.pc_next);
 decode_opc(ctx);
 ctx->base.pc_next = ctx->pc_succ_insn;
 
-- 
2.20.1

[Qemu-devel] [PATCH v3 35/50] target/xtensa: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 target/xtensa/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/xtensa/translate.c b/target/xtensa/translate.c
index 6f1da87875..cb849ae2d9 100644
--- a/target/xtensa/translate.c
+++ b/target/xtensa/translate.c
@@ -863,7 +863,7 @@ static int arg_copy_compare(const void *a, const void *b)
 static void disas_xtensa_insn(CPUXtensaState *env, DisasContext *dc)
 {
 xtensa_isa isa = dc->config->isa;
-unsigned char b[MAX_INSN_LENGTH] = {cpu_ldub_code(env, dc->pc)};
+unsigned char b[MAX_INSN_LENGTH] = {translator_ldub(env, dc->pc)};
 unsigned len = xtensa_op0_insn_len(dc, b[0]);
 xtensa_format fmt;
 int slot, slots;
@@ -887,7 +887,7 @@ static void disas_xtensa_insn(CPUXtensaState *env, 
DisasContext *dc)
 
 dc->base.pc_next = dc->pc + len;
 for (i = 1; i < len; ++i) {
-b[i] = cpu_ldub_code(env, dc->pc + i);
+b[i] = translator_ldub(env, dc->pc + i);
 }
 xtensa_insnbuf_from_chars(isa, dc->insnbuf, b, len);
 fmt = xtensa_format_decode(isa, dc->insnbuf);
-- 
2.20.1

[Qemu-devel] [PATCH v3 38/50] plugin: add API symbols to qemu-plugins.symbols

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
[AJB: moved into plugins]
Signed-off-by: Alex Bennée 

---
v3
  - moved to plugins/
  - include qemu_plugin_reset
---
 Makefile |  1 +
 configure| 69 
 plugins/.gitignore   |  2 ++
 plugins/Makefile.objs| 14 
 plugins/qemu-plugins.symbols | 35 ++
 5 files changed, 121 insertions(+)
 create mode 100644 plugins/.gitignore
 create mode 100644 plugins/qemu-plugins.symbols

diff --git a/Makefile b/Makefile
index 37d396ab88..f3f0c68e85 100644
--- a/Makefile
+++ b/Makefile
@@ -718,6 +718,7 @@ distclean: clean
rm -f qemu-doc.fn qemu-doc.fns qemu-doc.info qemu-doc.ky qemu-doc.kys
rm -f qemu-doc.log qemu-doc.pdf qemu-doc.pg qemu-doc.toc qemu-doc.tp
rm -f qemu-doc.vr qemu-doc.txt
+   rm -f qemu-plugins-ld.symbols qemu-plugins-ld64.symbols
rm -f config.log
rm -f linux-headers/asm
rm -f docs/version.texi
diff --git a/configure b/configure
index 48f3263e55..d3bf254191 100755
--- a/configure
+++ b/configure
@@ -30,6 +30,7 @@ TMPO="${TMPDIR1}/${TMPB}.o"
 TMPCXX="${TMPDIR1}/${TMPB}.cxx"
 TMPE="${TMPDIR1}/${TMPB}.exe"
 TMPMO="${TMPDIR1}/${TMPB}.mo"
+TMPTXT="${TMPDIR1}/${TMPB}.txt"
 
 rm -f config.log
 
@@ -5496,6 +5497,58 @@ if compile_prog "" "" ; then
   atomic64=yes
 fi
 
+#
+# See if --dynamic-list is supported by the linker
+
+cat > $TMPTXT < $TMPC <
+void foo(void);
+
+void foo(void)
+{
+  printf("foo\n");
+}
+
+int main(void)
+{
+  foo();
+  return 0;
+}
+EOF
+
+ld_dynamic_list="no"
+if compile_prog "" "-Wl,--dynamic-list=$TMPTXT" ; then
+  ld_dynamic_list="yes"
+fi
+
+#
+# See if -exported_symbols_list is supported by the linker
+
+cat > $TMPTXT <> $config_host_mak
 LIBS="-ldl $LIBS"
+# Copy the export object list to the build dir
+if test "$ld_dynamic_list" = "yes" ; then
+   echo "CONFIG_HAS_LD_DYNAMIC_LIST=yes" >> $config_host_mak
+   ld_symbols=qemu-plugins-ld.symbols
+   cp "$source_path/plugins/qemu-plugins.symbols" $ld_symbols
+elif test "$ld_exported_symbols_list" = "yes" ; then
+   echo "CONFIG_HAS_LD_EXPORTED_SYMBOLS_LIST=yes" >> $config_host_mak
+   ld64_symbols=qemu-plugins-ld64.symbols
+   echo "# Automatically generated by configure - do not modify" > 
$ld64_symbols
+   grep 'qemu_' "$source_path/plugins/qemu-plugins.symbols" | sed 's/;//g' 
| \
+   sed -E 's/^[[:space:]]*(.*)/_\1/' >> $ld64_symbols
+else
+   error_exit \
+   "If \$plugins=yes, either \$ld_dynamic_list or " \
+   "\$ld_exported_symbols_list should have been set to 'yes'."
+fi
 fi
 
 if test "$tcg_interpreter" = "yes"; then
diff --git a/plugins/.gitignore b/plugins/.gitignore
new file mode 100644
index 00..7b8aaa1f10
--- /dev/null
+++ b/plugins/.gitignore
@@ -0,0 +1,2 @@
+qemu-plugins-ld.symbols
+qemu-plugins-ld64.symbols
diff --git a/plugins/Makefile.objs b/plugins/Makefile.objs
index 95baabf3d2..6f14d91ccb 100644
--- a/plugins/Makefile.objs
+++ b/plugins/Makefile.objs
@@ -5,3 +5,17 @@
 obj-y += loader.o
 obj-y += core.o
 obj-y += api.o
+
+# Abuse -libs suffix to only link with --dynamic-list/-exported_symbols_list
+# when the final binary includes the plugin object.
+#
+# Note that simply setting LDFLAGS is not enough: we build binaries that
+# never link plugin.o, and the linker might fail (at least ld64 does)
+# if the symbols in the list are not in the output binary.
+ifdef CONFIG_HAS_LD_DYNAMIC_LIST
+api.o-libs := -Wl,--dynamic-list=$(BUILD_DIR)/qemu-plugins-ld.symbols
+else
+ifdef CONFIG_HAS_LD_EXPORTED_SYMBOLS_LIST
+api.o-libs := -Wl,-exported_symbols_list,$(BUILD_DIR)/qemu-plugins-ld64.symbols
+endif
+endif
diff --git a/plugins/qemu-plugins.symbols b/plugins/qemu-plugins.symbols
new file mode 100644
index 00..38d47b7922
--- /dev/null
+++ b/plugins/qemu-plugins.symbols
@@ -0,0 +1,35 @@
+{
+  qemu_plugin_uninstall;
+  qemu_plugin_reset;
+  qemu_plugin_register_vcpu_init_cb;
+  qemu_plugin_register_vcpu_exit_cb;
+  qemu_plugin_register_vcpu_idle_cb;
+  qemu_plugin_register_vcpu_resume_cb;
+  qemu_plugin_register_vcpu_insn_exec_cb;
+  qemu_plugin_register_vcpu_insn_exec_inline;
+  qemu_plugin_register_vcpu_mem_cb;
+  qemu_plugin_register_vcpu_mem_haddr_cb;
+  qemu_plugin_register_vcpu_mem_inline;
+  qemu_plugin_ram_addr_from_host;
+  qemu_plugin_register_vcpu_tb_trans_cb;
+  qemu_plugin_register_vcpu_tb_exec_cb;
+  qemu_plugin_register_vcpu_tb_exec_inline;
+  qemu_plugin_register_flush_cb;
+  qemu_plugin_register_vcpu_syscall_cb;
+  qemu_plugin_register_vcpu_syscall_ret_cb;
+  qemu_plugin_register_atexit_cb;
+  qemu_plugin_tb_n_insns;
+  qemu_plugin_tb_get_insn;
+  qemu_plugin_tb_vaddr;
+  qemu_plugin_insn_data;
+  qemu_plugin_insn_size;
+  qemu_plugin_insn_vaddr;
+  qemu_plugin_insn_haddr;
+  qemu_plugin_mem_size_shift;
+  qemu_plugin_mem

[Qemu-devel] [PATCH v3 06/50] configure: add --enable-plugins (MOVE TO END)

[Alex Bennée]

This adds the basic boilerplate feature enable option for the build.
We shall expand it later.

XXX: currently this patch is included at the start of development to
aid with incremental building. It should be moved to the end once the
plugins are feature complete.

[AJB: split from larger patch]
Signed-off-by: Alex Bennée 
---
 configure | 13 +
 1 file changed, 13 insertions(+)

diff --git a/configure b/configure
index b091b82cb3..48f3263e55 100755
--- a/configure
+++ b/configure
@@ -493,6 +493,7 @@ docker="no"
 debug_mutex="no"
 libpmem=""
 default_devices="yes"
+plugins="no"
 
 # cross compilers defaults, can be overridden with --cross-cc-ARCH
 cross_cc_aarch64="aarch64-linux-gnu-gcc"
@@ -1537,6 +1538,10 @@ for opt do
   ;;
   --disable-libpmem) libpmem=no
   ;;
+  --enable-plugins) plugins="yes"
+  ;;
+  --disable-plugins) plugins="no"
+  ;;
   *)
   echo "ERROR: unknown option $opt"
   echo "Try '$0 --help' for more information"
@@ -1734,6 +1739,8 @@ Advanced options (experts only):
   --enable-profilerprofiler support
   --enable-debug-stack-usage
track the maximum stack usage of stacks created by 
qemu_alloc_stack
+  --enable-plugins
+   enable plugins via shared library loading
 
 Optional features, enabled with --enable-FEATURE and
 disabled with --disable-FEATURE, default is enabled if available:
@@ -6479,6 +6486,7 @@ echo "docker$docker"
 echo "libpmem support   $libpmem"
 echo "libudev   $libudev"
 echo "default devices   $default_devices"
+echo "plugin support$plugins"
 
 if test "$supported_cpu" = "no"; then
 echo
@@ -7296,6 +7304,11 @@ if test "$sheepdog" = "yes" ; then
   echo "CONFIG_SHEEPDOG=y" >> $config_host_mak
 fi
 
+if test "$plugins" = "yes" ; then
+echo "CONFIG_PLUGIN=y" >> $config_host_mak
+LIBS="-ldl $LIBS"
+fi
+
 if test "$tcg_interpreter" = "yes"; then
   QEMU_INCLUDES="-iquote \$(SRC_PATH)/tcg/tci $QEMU_INCLUDES"
 elif test "$ARCH" = "sparc64" ; then
-- 
2.20.1

[Qemu-devel] [PATCH v3 18/50] cpu_ldst_useronly_template: remove redundant #ifndef CODE_ACCESS

[Alex Bennée]

From: "Emilio G. Cota" 

This function is already under #ifndef CODE_ACCESS.

Signed-off-by: Emilio G. Cota 
---
 include/exec/cpu_ldst_useronly_template.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/exec/cpu_ldst_useronly_template.h 
b/include/exec/cpu_ldst_useronly_template.h
index bc45e2b8d4..42a95237f1 100644
--- a/include/exec/cpu_ldst_useronly_template.h
+++ b/include/exec/cpu_ldst_useronly_template.h
@@ -114,11 +114,9 @@ static inline void
 glue(glue(cpu_st, SUFFIX), MEMSUFFIX)(CPUArchState *env, abi_ptr ptr,
   RES_TYPE v)
 {
-#if !defined(CODE_ACCESS)
 trace_guest_mem_before_exec(
 env_cpu(env), ptr,
 trace_mem_build_info(SHIFT, false, MO_TE, true));
-#endif
 glue(glue(st, SUFFIX), _p)(g2h(ptr), v);
 }
 
-- 
2.20.1

[Qemu-devel] [PATCH v3 42/50] tests/tcg: enable plugin testing

[Alex Bennée]

If CONFIG_PLUGINS is enabled then lets enable testing for all our TCG
targets. This is a simple smoke test that ensure we don't crash or
otherwise barf out by running each plugin against each test.

There is a minor knock on effect for additional runners which need
specialised QEMU_OPTS which will also need to declare a plugin version
of the runner. If this gets onerous we might need to add another
helper.

Checking the results of the plugins is left for a later exercise.

Signed-off-by: Alex Bennée 
---
 tests/Makefile.include| 10 +++-
 tests/tcg/Makefile| 34 +++
 tests/tcg/arm/Makefile.softmmu-target |  1 +
 3 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index db750dd6d0..04b0460262 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -1047,6 +1047,14 @@ check-softfloat:
"SKIPPED for non-TCG builds")
 endif
 
+# Plugins
+ifeq ($(CONFIG_PLUGIN),y)
+plugins:
+   $(call quiet-command,\
+   $(MAKE) $(SUBDIR_MAKEFLAGS) -C tests/plugin V="$(V)", \
+   "BUILD", "plugins")
+endif
+
 # Per guest TCG tests
 
 BUILD_TCG_TARGET_RULES=$(patsubst %,build-tcg-tests-%, $(TARGET_DIRS))
@@ -1061,7 +1069,7 @@ $(foreach PROBE_TARGET,$(TARGET_DIRS),
\
$(eval build-tcg-tests-$(PROBE_TARGET): $(DOCKER_PREREQ
 endif
 
-build-tcg-tests-%:
+build-tcg-tests-%: $(if $(CONFIG_PLUGIN),plugins)
$(call quiet-command,$(MAKE) $(SUBDIR_MAKEFLAGS) -C $* V="$(V)" \
SKIP_DOCKER_BUILD=1 TARGET_DIR="$*/" guest-tests, \
"BUILD", "TCG tests for $*")
diff --git a/tests/tcg/Makefile b/tests/tcg/Makefile
index 6fa63cc8d5..9474ab2900 100644
--- a/tests/tcg/Makefile
+++ b/tests/tcg/Makefile
@@ -116,11 +116,37 @@ all: $(TESTS)
 #
 
 RUN_TESTS=$(patsubst %,run-%, $(TESTS))
+
+# If plugins exist also include those in the tests
+ifeq ($(CONFIG_PLUGIN),y)
+PLUGIN_DIR=../../tests/plugin
+VPATH+=$(PLUGIN_DIR)
+PLUGINS=$(notdir $(wildcard $(PLUGIN_DIR)/*.so))
+
+# We need to ensure expand the run-plugin-TEST-with-PLUGIN
+# pre-requistes manually here as we can't use stems to handle it. We
+# also add some special helpers the run-plugin- rules can use bellow.
+
+$(foreach p,$(PLUGINS), \
+   $(foreach t,$(TESTS),\
+   $(eval run-plugin-$(t)-with-$(p): $t $p) \
+   $(eval RUN_TESTS+=run-plugin-$(t)-with-$(p
+endif
+
+strip-plugin = $(wordlist 1, 1, $(subst -with-, ,$1))
+extract-plugin = $(wordlist 2, 2, $(subst -with-, ,$1))
+
 RUN_TESTS+=$(EXTRA_RUNS)
 
 ifdef CONFIG_USER_ONLY
 run-%: %
$(call run-test, $<, $(QEMU) $(QEMU_OPTS) $<, "$< on $(TARGET_NAME)")
+
+run-plugin-%:
+   $(call run-test, $@, $(QEMU) $(QEMU_OPTS) \
+   -plugin $(PLUGIN_DIR)/$(call extract-plugin,$@) \
+$(call strip-plugin,$<), \
+   "$< on $(TARGET_NAME)")
 else
 run-%: %
$(call run-test, $<, \
@@ -128,6 +154,14 @@ run-%: %
  -chardev file$(COMMA)path=$<.out$(COMMA)id=output \
  $(QEMU_OPTS) $<, \
  "$< on $(TARGET_NAME)")
+
+run-plugin-%:
+   $(call run-test, $@, \
+ $(QEMU) -monitor none -display none \
+ -chardev file$(COMMA)path=$@.out$(COMMA)id=output \
+ -plugin $(PLUGIN_DIR)/$(call extract-plugin,$@) \
+ $(QEMU_OPTS) $(call strip-plugin,$<), \
+ "$< on $(TARGET_NAME)")
 endif
 
 gdb-%: %
diff --git a/tests/tcg/arm/Makefile.softmmu-target 
b/tests/tcg/arm/Makefile.softmmu-target
index 49d48d8a1c..cd628306b3 100644
--- a/tests/tcg/arm/Makefile.softmmu-target
+++ b/tests/tcg/arm/Makefile.softmmu-target
@@ -25,5 +25,6 @@ LDFLAGS+=-nostdlib -N -static
 test-armv6m-undef: EXTRA_CFLAGS+=-mcpu=cortex-m0
 
 run-test-armv6m-undef: QEMU_OPTS+=-semihosting -M microbit -kernel
+run-plugin-test-armv6m-undef-%: QEMU_OPTS+=-semihosting -M microbit -kernel
 
 endif
-- 
2.20.1

[Qemu-devel] [PATCH v3 28/50] target/sh4: fetch code with translator_ld

[Alex Bennée]

From: "Emilio G. Cota" 

There is a small wrinkle with the gUSA instruction. The translator
effectively treats a (known) gUSA sequence as a single instruction.
For the purposes of the plugin we end up with a long multi-instruction
qemu_plugin_insn.

If the known sequence isn't detected we shall never run this
translation anyway.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Alex Bennée 
---
 target/sh4/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/sh4/translate.c b/target/sh4/translate.c
index 5a7d8c4535..922785e225 100644
--- a/target/sh4/translate.c
+++ b/target/sh4/translate.c
@@ -1917,7 +1917,7 @@ static void decode_gusa(DisasContext *ctx, CPUSH4State 
*env)
 
 /* Read all of the insns for the region.  */
 for (i = 0; i < max_insns; ++i) {
-insns[i] = cpu_lduw_code(env, pc + i * 2);
+insns[i] = translator_lduw(env, pc + i * 2);
 }
 
 ld_adr = ld_dst = ld_mop = -1;
@@ -2332,7 +2332,7 @@ static void sh4_tr_translate_insn(DisasContextBase 
*dcbase, CPUState *cs)
 }
 #endif
 
-ctx->opcode = cpu_lduw_code(env, ctx->base.pc_next);
+ctx->opcode = translator_lduw(env, ctx->base.pc_next);
 decode_opc(ctx);
 ctx->base.pc_next += 2;
 }
-- 
2.20.1

[Qemu-devel] [PATCH v3 04/50] translate-all: use cpu_in_exclusive_work_context() in tb_flush

[Alex Bennée]

From: "Emilio G. Cota" 

tb_flush will be called by the plugin module from a safe
work environment. Prepare for that.

Suggested-by: Alex Bennée 
Reviewed-by: Alex Bennée 
Signed-off-by: Emilio G. Cota 
---
 accel/tcg/translate-all.c | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 5d1e08b169..54998e39c6 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -1268,8 +1268,13 @@ void tb_flush(CPUState *cpu)
 {
 if (tcg_enabled()) {
 unsigned tb_flush_count = atomic_mb_read(&tb_ctx.tb_flush_count);
-async_safe_run_on_cpu(cpu, do_tb_flush,
-  RUN_ON_CPU_HOST_INT(tb_flush_count));
+
+if (cpu_in_exclusive_work_context(cpu)) {
+do_tb_flush(cpu, RUN_ON_CPU_HOST_INT(tb_flush_count));
+} else {
+async_safe_run_on_cpu(cpu, do_tb_flush,
+  RUN_ON_CPU_HOST_INT(tb_flush_count));
+}
 }
 }
 
-- 
2.20.1

[Qemu-devel] [PATCH v3 23/50] cpu: hook plugin vcpu events

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
---
 cpus.c| 10 ++
 exec.c|  2 ++
 qom/cpu.c |  2 ++
 3 files changed, 14 insertions(+)

diff --git a/cpus.c b/cpus.c
index dde3b7b981..2f86af9a87 100644
--- a/cpus.c
+++ b/cpus.c
@@ -46,6 +46,7 @@
 #include "exec/exec-all.h"
 
 #include "qemu/thread.h"
+#include "qemu/plugin.h"
 #include "sysemu/cpus.h"
 #include "sysemu/qtest.h"
 #include "qemu/main-loop.h"
@@ -1243,9 +1244,18 @@ static void qemu_tcg_rr_wait_io_event(void)
 
 static void qemu_wait_io_event(CPUState *cpu)
 {
+bool slept = false;
+
 while (cpu_thread_is_idle(cpu)) {
+if (!slept) {
+slept = true;
+qemu_plugin_vcpu_idle_cb(cpu);
+}
 qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
 }
+if (slept) {
+qemu_plugin_vcpu_resume_cb(cpu);
+}
 
 #ifdef _WIN32
 /* Eat dummy APC queued by qemu_cpu_kick_thread.  */
diff --git a/exec.c b/exec.c
index e7622d1956..4a29471c3d 100644
--- a/exec.c
+++ b/exec.c
@@ -974,6 +974,8 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
 }
 tlb_init(cpu);
 
+qemu_plugin_vcpu_init_hook(cpu);
+
 #ifndef CONFIG_USER_ONLY
 if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
 vmstate_register(NULL, cpu->cpu_index, &vmstate_cpu_common, cpu);
diff --git a/qom/cpu.c b/qom/cpu.c
index f376f782d8..90ebb214bb 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -33,6 +33,7 @@
 #include "hw/boards.h"
 #include "hw/qdev-properties.h"
 #include "trace-root.h"
+#include "qemu/plugin.h"
 
 CPUInterruptHandler cpu_interrupt_handler;
 
@@ -354,6 +355,7 @@ static void cpu_common_unrealizefn(DeviceState *dev, Error 
**errp)
 CPUState *cpu = CPU(dev);
 /* NOTE: latest generic point before the cpu is fully unrealized */
 trace_fini_vcpu(cpu);
+qemu_plugin_vcpu_exit_hook(cpu);
 cpu_exec_unrealizefn(cpu);
 }
 
-- 
2.20.1

[Qemu-devel] [PATCH v3 44/50] plugin: add qemu_plugin_insn_disas helper

[Alex Bennée]

Give the plugins access to the QEMU dissasembler so they don't have to
re-invent the wheel.

Signed-off-by: Alex Bennée 
---
 disas.c  | 103 +++
 include/disas/disas.h|   2 +
 include/qemu/qemu-plugin.h   |   9 +++
 plugins/api.c|   7 +++
 plugins/qemu-plugins.symbols |   1 +
 5 files changed, 122 insertions(+)

diff --git a/disas.c b/disas.c
index 3e2bfa572b..d8b75f0b73 100644
--- a/disas.c
+++ b/disas.c
@@ -475,6 +475,109 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong 
code,
 }
 }
 
+static GString plugin_disas_output;
+
+static int plugin_printf(FILE *stream, const char *fmt, ...)
+{
+va_list va;
+GString *s = &plugin_disas_output;
+int initial_len = s->len;
+
+va_start(va, fmt);
+g_string_append_printf(s, fmt, va);
+va_end(va);
+
+return s->len - initial_len;
+}
+
+static void plugin_print_address (bfd_vma addr, struct disassemble_info *info)
+{
+/* does nothing */
+}
+
+/* Disassemble a single instruction directly into plugin output */
+static bool plugin_cap_disas_insn(disassemble_info *info, uint64_t pc, size_t 
size)
+{
+uint8_t cap_buf[1024];
+csh handle;
+cs_insn *insn;
+size_t csize = 0;
+int count;
+GString *s = &plugin_disas_output;
+
+if (cap_disas_start(info, &handle) != CS_ERR_OK) {
+return false;
+}
+insn = cap_insn;
+
+size_t tsize = MIN(sizeof(cap_buf) - csize, size);
+const uint8_t *cbuf = cap_buf;
+target_read_memory(pc, cap_buf, tsize, info);
+
+count = cs_disasm(handle, cbuf, size, 0, 1, &insn);
+
+if (count) {
+g_string_printf(s, "%s %s", insn->mnemonic, insn->op_str);
+} else {
+g_string_printf(s, "cs_disasm failed");
+}
+
+cs_close(&handle);
+return true;
+}
+
+char * plugin_disas(CPUState *cpu, uint64_t addr, size_t size)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+target_ulong pc;
+int count;
+CPUDebug s;
+GString *ds = g_string_set_size(&plugin_disas_output, 0);
+
+g_assert(ds == &plugin_disas_output);
+
+INIT_DISASSEMBLE_INFO(s.info, NULL, plugin_printf);
+
+s.cpu = cpu;
+s.info.read_memory_func = target_read_memory;
+s.info.buffer_vma = addr;
+s.info.buffer_length = size;
+s.info.print_address_func = plugin_print_address;
+s.info.cap_arch = -1;
+s.info.cap_mode = 0;
+s.info.cap_insn_unit = 4;
+s.info.cap_insn_split = 4;
+
+#ifdef TARGET_WORDS_BIGENDIAN
+s.info.endian = BFD_ENDIAN_BIG;
+#else
+s.info.endian = BFD_ENDIAN_LITTLE;
+#endif
+
+if (cc->disas_set_info) {
+cc->disas_set_info(cpu, &s.info);
+}
+
+if (s.info.cap_arch >= 0 && plugin_cap_disas_insn(&s.info, addr, size)) {
+return g_strdup(ds->str);
+}
+
+if (s.info.print_insn == NULL) {
+s.info.print_insn = print_insn_od_target;
+}
+
+for (pc = addr; size > 0; pc += count, size -= count) {
+count = s.info.print_insn(pc, &s.info);
+
+if (count < 0)
+break;
+
+g_assert(size >= count);
+}
+
+return g_strdup(ds->str);
+}
+
 /* Disassemble this for me please... (debugging). */
 void disas(FILE *out, void *code, unsigned long size)
 {
diff --git a/include/disas/disas.h b/include/disas/disas.h
index 15da511f49..119df9e9bd 100644
--- a/include/disas/disas.h
+++ b/include/disas/disas.h
@@ -13,6 +13,8 @@ void target_disas(FILE *out, CPUState *cpu, target_ulong code,
 void monitor_disas(Monitor *mon, CPUState *cpu,
target_ulong pc, int nb_insn, int is_physical);
 
+char * plugin_disas(CPUState *cpu, uint64_t addr, size_t size);
+
 /* Look up symbol for debugging purpose.  Returns "" if unknown. */
 const char *lookup_symbol(target_ulong orig_addr);
 #endif
diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
index 0db1ef9714..21f056d4ab 100644
--- a/include/qemu/qemu-plugin.h
+++ b/include/qemu/qemu-plugin.h
@@ -312,6 +312,15 @@ qemu_plugin_register_vcpu_syscall_ret_cb(qemu_plugin_id_t 
id,
  qemu_plugin_vcpu_syscall_ret_cb_t cb);
 
 
+/**
+ * qemu_plugin_insn_disas() - return disassembly string for instruction
+ * @insn: instruction reference
+ *
+ * Returns an allocated string containing the disassembly
+ */
+
+char * qemu_plugin_insn_disas(const struct qemu_plugin_insn *insn);
+
 /**
  * qemu_plugin_vcpu_for_each() - iterate over the existing vCPU
  * @id: plugin ID
diff --git a/plugins/api.c b/plugins/api.c
index 1c3aa64702..c0a1e98e68 100644
--- a/plugins/api.c
+++ b/plugins/api.c
@@ -40,6 +40,7 @@
 #include "sysemu/sysemu.h"
 #include "tcg/tcg.h"
 #include "trace/mem-internal.h" /* mem_info macros */
+#include "disas/disas.h"
 #include "plugin.h"
 
 /* Uninstall and Reset handlers */
@@ -218,6 +219,12 @@ void *qemu_plugin_insn_haddr(const struct qemu_plugin_insn 
*insn)
 return insn->haddr;
 }
 
+char *qemu_plugin_insn_disas(const struct qemu_plugin_insn *insn)
+{
+C

[Qemu-devel] [PATCH v3 46/50] tests/plugin: add hotpages plugin to breakdown memory access patterns

[Alex Bennée]

This plugin gives a break down of access patterns grouped into pages.

Signed-off-by: Alex Bennée 
---
 tests/plugin/Makefile   |   1 +
 tests/plugin/hotpages.c | 152 
 2 files changed, 153 insertions(+)
 create mode 100644 tests/plugin/hotpages.c

diff --git a/tests/plugin/Makefile b/tests/plugin/Makefile
index 3656429d46..75467b6db8 100644
--- a/tests/plugin/Makefile
+++ b/tests/plugin/Makefile
@@ -12,6 +12,7 @@ NAMES += insn
 NAMES += mem
 NAMES += hotblocks
 NAMES += howvec
+NAMES += hotpages
 
 SONAMES := $(addsuffix .so,$(addprefix lib,$(NAMES)))
 
diff --git a/tests/plugin/hotpages.c b/tests/plugin/hotpages.c
new file mode 100644
index 00..ddeaad077b
--- /dev/null
+++ b/tests/plugin/hotpages.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2019, Alex Bennée 
+ *
+ * Hot Pages - show which pages saw the most memory accesses.
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
+static bool do_inline;
+static uint64_t page_size;
+static uint64_t page_mask;
+static int stdout_fd;
+static int limit = 50;
+static enum qemu_plugin_mem_rw rw = QEMU_PLUGIN_MEM_RW;
+
+typedef struct {
+uint64_t page_address;
+int cpu_read;
+int cpu_write;
+uint64_t reads;
+uint64_t writes;
+} PageCounters;
+
+static GMutex lock;
+static GHashTable *pages;
+
+static gint cmp_access_count(gconstpointer a, gconstpointer b)
+{
+PageCounters *ea = (PageCounters *) a;
+PageCounters *eb = (PageCounters *) b;
+return (ea->reads + ea->writes) > (eb->reads + eb->writes) ? -1 : 1;
+}
+
+
+static void plugin_exit(qemu_plugin_id_t id, void *p)
+{
+GString *report = g_string_new("Pages:\n");
+int i;
+GList *counts;
+
+counts = g_hash_table_get_values(pages);
+if (counts && g_list_next(counts)) {
+GList *it;
+
+g_string_append_printf(report,"Individual Instructions:\n");
+
+it = g_list_sort(counts, cmp_access_count);
+
+for (i = 0; i < limit && it->next; i++, it = it->next) {
+PageCounters *rec = (PageCounters *) it->data;
+g_string_append_printf(report, "Page: %"PRIx64" cpus:%#04x/%#04x 
%"PRId64"/%"PRId64"\n",
+   rec->page_address,
+   rec->cpu_read, rec->cpu_write,
+   rec->reads, rec->writes);
+}
+g_list_free(it);
+}
+
+dprintf(stdout_fd, "%s", report->str);
+g_string_free(report, true);
+}
+
+static void plugin_init(void)
+{
+page_mask = (page_size - 1);
+pages = g_hash_table_new(NULL, g_direct_equal);
+}
+
+static void vcpu_haddr(unsigned int cpu_index, qemu_plugin_meminfo_t meminfo,
+   uint64_t vaddr, void *haddr, void *udata)
+{
+uint64_t page = (uint64_t) haddr & page_mask;
+PageCounters *count;
+
+g_mutex_lock(&lock);
+count = (PageCounters *) g_hash_table_lookup(pages, 
GUINT_TO_POINTER(page));
+
+if (!count) {
+count = g_new0(PageCounters, 1);
+count->page_address = page;
+g_hash_table_insert(pages, GUINT_TO_POINTER(page), (gpointer) count);
+}
+if (qemu_plugin_mem_is_store(meminfo)) {
+count->writes++;
+count->cpu_write |= (1 << cpu_index);
+} else {
+count->reads++;
+count->cpu_read |= (1 << cpu_index);
+}
+
+g_mutex_unlock(&lock);
+}
+
+static void vcpu_tb_trans(qemu_plugin_id_t id, unsigned int cpu_index,
+  struct qemu_plugin_tb *tb)
+{
+size_t n = qemu_plugin_tb_n_insns(tb);
+size_t i;
+
+for (i = 0; i < n; i++) {
+struct qemu_plugin_insn *insn = qemu_plugin_tb_get_insn(tb, i);
+qemu_plugin_register_vcpu_mem_haddr_cb(insn, vcpu_haddr,
+   QEMU_PLUGIN_CB_NO_REGS,
+   rw, NULL);
+}
+}
+
+static GOptionEntry entries[] =
+{
+{ "pagesize", 'r', 0, G_OPTION_ARG_INT, &page_size, "Page Size", "N" },
+{ "inline", 'i', 0, G_OPTION_ARG_NONE, &do_inline, "Inline counters", NULL 
},
+{ NULL }
+};
+
+QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, int argc,
+   char **argv)
+{
+GOptionContext *context;
+GError *error;
+
+context = g_option_context_new ("- hot pages tool");
+g_option_context_add_main_entries (context, entries, NULL);
+if (!g_option_context_parse (context, &argc, &argv, &error))
+{
+dprintf(stdout_fd, "option parsing failed: %s\n", error->message);
+return -1;
+}
+
+/* to be used when in the exit hook */
+stdout_fd = dup(STDOUT_FILENO);
+assert(stdout_fd);
+
+plugin_init();
+
+qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans);
+qemu_plugin_

[Qemu-devel] [PATCH v3 01/50] trace: expand mem_info:size_shift to 3 bits

[Alex Bennée]

From: "Emilio G. Cota" 

This will allow us to trace 16B-long memory accesses.

Reviewed-by: Alex Bennée 
Signed-off-by: Emilio G. Cota 
---
 trace-events | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/trace-events b/trace-events
index 844ee58dd9..037169aab3 100644
--- a/trace-events
+++ b/trace-events
@@ -159,7 +159,7 @@ vcpu guest_cpu_reset(void)
 # Access information can be parsed as:
 #
 # struct mem_info {
-# uint8_t size_shift : 2; /* interpreted as "1 << size_shift" bytes */
+# uint8_t size_shift : 3; /* interpreted as "1 << size_shift" bytes */
 # boolsign_extend: 1; /* sign-extended */
 # uint8_t endianness : 1; /* 0: little, 1: big */
 # boolstore  : 1; /* wheter it's a store operation */
-- 
2.20.1

[Qemu-devel] [Bug 1832877] [NEW] qemu-bridge-helper undocumented and broken

[Michal Suchanek]

Public bug reported:

qemu output:

access denied by acl file
qemu-system-ppc64: bridge helper failed

Option description:

  -netdev bridge,id=id[,br=bridge][,helper=helper]
   Connect a host TAP network interface to a host bridge device.

   Use the network helper helper to configure the TAP interface and 
attach it to the bridge. The default network
   helper executable is /path/to/qemu-bridge-helper and the default 
bridge device is br0.

   Examples:

   #launch a QEMU instance with the default network helper to
   #connect a TAP device to bridge br0
   qemu-system-i386 linux.img -netdev bridge,id=n1 -device 
virtio-net,netdev=n1


   #launch a QEMU instance with the default network helper to
   #connect a TAP device to bridge qemubr0
   qemu-system-i386 linux.img -netdev bridge,br=qemubr0,id=n1 
-device virtio-net,netdev=n1


What is the acl file? What is the interface to qemu-bridge-helper?

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1832877

Title:
  qemu-bridge-helper undocumented and broken

Status in QEMU:
  New

Bug description:
  qemu output:

  access denied by acl file
  qemu-system-ppc64: bridge helper failed

  Option description:

-netdev bridge,id=id[,br=bridge][,helper=helper]
 Connect a host TAP network interface to a host bridge device.

 Use the network helper helper to configure the TAP interface and 
attach it to the bridge. The default network
 helper executable is /path/to/qemu-bridge-helper and the default 
bridge device is br0.

 Examples:

 #launch a QEMU instance with the default network helper to
 #connect a TAP device to bridge br0
 qemu-system-i386 linux.img -netdev bridge,id=n1 -device 
virtio-net,netdev=n1


 #launch a QEMU instance with the default network helper to
 #connect a TAP device to bridge qemubr0
 qemu-system-i386 linux.img -netdev bridge,br=qemubr0,id=n1 
-device virtio-net,netdev=n1

  
  What is the acl file? What is the interface to qemu-bridge-helper?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1832877/+subscriptions

[Qemu-devel] [PATCH v3 21/50] *-user: notify plugin of exit

[Alex Bennée]

From: "Emilio G. Cota" 

Reviewed-by: Alex Bennée 
Signed-off-by: Emilio G. Cota 
---
 bsd-user/syscall.c | 3 +++
 linux-user/exit.c  | 1 +
 2 files changed, 4 insertions(+)

diff --git a/bsd-user/syscall.c b/bsd-user/syscall.c
index 1ee6195d9f..84a983a9a1 100644
--- a/bsd-user/syscall.c
+++ b/bsd-user/syscall.c
@@ -332,6 +332,7 @@ abi_long do_freebsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 _mcleanup();
 #endif
 gdb_exit(cpu_env, arg1);
+qemu_plugin_atexit_cb();
 /* XXX: should free thread stack and CPU env */
 _exit(arg1);
 ret = 0; /* avoid warning */
@@ -430,6 +431,7 @@ abi_long do_netbsd_syscall(void *cpu_env, int num, abi_long 
arg1,
 _mcleanup();
 #endif
 gdb_exit(cpu_env, arg1);
+qemu_plugin_atexit_cb();
 /* XXX: should free thread stack and CPU env */
 _exit(arg1);
 ret = 0; /* avoid warning */
@@ -505,6 +507,7 @@ abi_long do_openbsd_syscall(void *cpu_env, int num, 
abi_long arg1,
 _mcleanup();
 #endif
 gdb_exit(cpu_env, arg1);
+qemu_plugin_atexit_cb();
 /* XXX: should free thread stack and CPU env */
 _exit(arg1);
 ret = 0; /* avoid warning */
diff --git a/linux-user/exit.c b/linux-user/exit.c
index bdda720553..a362ef67d2 100644
--- a/linux-user/exit.c
+++ b/linux-user/exit.c
@@ -35,4 +35,5 @@ void preexit_cleanup(CPUArchState *env, int code)
 __gcov_dump();
 #endif
 gdb_exit(env, code);
+qemu_plugin_atexit_cb();
 }
-- 
2.20.1

[Qemu-devel] [PATCH v3 10/50] queue: add QTAILQ_REMOVE_SEVERAL

[Alex Bennée]

From: "Emilio G. Cota" 

This is faster than removing elements one by one.

Will gain a user soon.

Signed-off-by: Emilio G. Cota 
---
 include/qemu/queue.h | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index 0379bd8fdb..66e834dad1 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -422,6 +422,16 @@ union {
 \
 (elm)->field.tqe_circ.tql_prev = NULL;  \
 } while (/*CONSTCOND*/0)
 
+/* remove @left, @right and all elements in between from @head */
+#define QTAILQ_REMOVE_SEVERAL(head, left, right, field) do {\
+if (((right)->field.tqe_next) != NULL)  \
+(right)->field.tqe_next->field.tqe_circ.tql_prev =  \
+(left)->field.tqe_circ.tql_prev;\
+else\
+(head)->tqh_circ.tql_prev = (left)->field.tqe_circ.tql_prev; \
+(left)->field.tqe_circ.tql_prev->tql_next = (right)->field.tqe_next; \
+} while (/*CONSTCOND*/0)
+
 #define QTAILQ_FOREACH(var, head, field)\
 for ((var) = ((head)->tqh_first);   \
 (var);  \
-- 
2.20.1

[Qemu-devel] [PATCH v3 08/50] plugin: add core code

[Alex Bennée]

From: "Emilio G. Cota" 

Signed-off-by: Emilio G. Cota 
[AJB: moved directory and merged various fixes]
Signed-off-by: Alex Bennée 

---
v3
  - moved to plugins/
  - merged
plugin: remove uninstall_cb_t and just use simple_cb_t
plugin: handle uninstall when !current_cpu
plugin: introduce qemu_plugin_reset
  - split into core/loader
  - use GArray/GByteArray/GPtrArray instead of homegrown funcs
---
 Makefile  |  10 +-
 Makefile.target   |   2 +
 include/qemu/plugin.h | 261 +
 include/qom/cpu.h |   6 +
 plugins/Makefile.objs |   6 +
 plugins/core.c| 524 ++
 plugins/loader.c  | 353 
 plugins/plugin.h  |  95 
 8 files changed, 1256 insertions(+), 1 deletion(-)
 create mode 100644 include/qemu/plugin.h
 create mode 100644 plugins/Makefile.objs
 create mode 100644 plugins/core.c
 create mode 100644 plugins/loader.c
 create mode 100644 plugins/plugin.h

diff --git a/Makefile b/Makefile
index 8e2fc6624c..37d396ab88 100644
--- a/Makefile
+++ b/Makefile
@@ -827,8 +827,13 @@ endif
 
 ICON_SIZES=16x16 24x24 32x32 48x48 64x64 128x128 256x256 512x512
 
-install: all $(if $(BUILD_DOCS),install-doc) install-datadir 
install-localstatedir \
+install-includedir:
+   $(INSTALL_DIR) "$(DESTDIR)$(includedir)"
+
+install: all $(if $(BUILD_DOCS),install-doc) \
+   install-datadir install-localstatedir install-includedir \
$(if $(INSTALL_BLOBS),$(edk2-decompressed))
+
 ifneq ($(TOOLS),)
$(call install-prog,$(subst 
qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
 endif
@@ -888,6 +893,9 @@ endif
"$(DESTDIR)/$(qemu_desktopdir)/qemu.desktop"
 ifdef CONFIG_GTK
$(MAKE) -C po $@
+endif
+ifeq ($(CONFIG_PLUGIN),y)
+   $(INSTALL_DATA) $(SRC_PATH)/include/qemu/qemu-plugin.h 
"$(DESTDIR)$(includedir)/qemu-plugin.h"
 endif
$(INSTALL_DIR) "$(DESTDIR)$(qemu_datadir)/keymaps"
set -e; for x in $(KEYMAPS); do \
diff --git a/Makefile.target b/Makefile.target
index ecd856e3a3..d492e24da2 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -118,6 +118,8 @@ obj-y += target/$(TARGET_BASE_ARCH)/
 obj-y += disas.o
 obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o
 
+obj-$(CONFIG_PLUGIN) += plugins/
+
 #
 # Linux user emulator target
 
diff --git a/include/qemu/plugin.h b/include/qemu/plugin.h
new file mode 100644
index 00..93e39f44d2
--- /dev/null
+++ b/include/qemu/plugin.h
@@ -0,0 +1,261 @@
+/*
+ * Copyright (C) 2017, Emilio G. Cota 
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ */
+#ifndef QEMU_PLUGIN_H
+#define QEMU_PLUGIN_H
+
+#include "qemu/config-file.h"
+#include "qemu/qemu-plugin.h"
+#include "qemu/error-report.h"
+#include "qemu/queue.h"
+#include "qemu/option.h"
+
+/*
+ * Option parsing/processing.
+ * Note that we can load an arbitrary number of plugins.
+ */
+struct qemu_plugin_desc;
+typedef QTAILQ_HEAD(, qemu_plugin_desc) QemuPluginList;
+
+#ifdef CONFIG_PLUGIN
+extern QemuOptsList qemu_plugin_opts;
+
+static inline void qemu_plugin_add_opts(void)
+{
+qemu_add_opts(&qemu_plugin_opts);
+}
+
+void qemu_plugin_opt_parse(const char *optarg, QemuPluginList *head);
+int qemu_plugin_load_list(QemuPluginList *head);
+#else /* !CONFIG_PLUGIN */
+static inline void qemu_plugin_add_opts(void)
+{ }
+
+static inline void qemu_plugin_opt_parse(const char *optarg,
+ QemuPluginList *head)
+{
+error_report("plugin interface not enabled in this build");
+exit(1);
+}
+
+static inline int qemu_plugin_load_list(QemuPluginList *head)
+{
+return 0;
+}
+#endif /* !CONFIG_PLUGIN */
+
+/*
+ * Events that plugins can subscribe to.
+ */
+enum qemu_plugin_event {
+QEMU_PLUGIN_EV_VCPU_INIT,
+QEMU_PLUGIN_EV_VCPU_EXIT,
+QEMU_PLUGIN_EV_VCPU_TB_TRANS,
+QEMU_PLUGIN_EV_VCPU_IDLE,
+QEMU_PLUGIN_EV_VCPU_RESUME,
+QEMU_PLUGIN_EV_VCPU_SYSCALL,
+QEMU_PLUGIN_EV_VCPU_SYSCALL_RET,
+QEMU_PLUGIN_EV_FLUSH,
+QEMU_PLUGIN_EV_ATEXIT,
+QEMU_PLUGIN_EV_MAX,
+};
+
+union qemu_plugin_cb_sig {
+qemu_plugin_simple_cb_t  simple;
+qemu_plugin_udata_cb_t   udata;
+qemu_plugin_vcpu_simple_cb_t vcpu_simple;
+qemu_plugin_vcpu_udata_cb_t  vcpu_udata;
+qemu_plugin_vcpu_tb_trans_cb_t   vcpu_tb_trans;
+qemu_plugin_vcpu_mem_cb_tvcpu_mem;
+qemu_plugin_vcpu_mem_haddr_cb_t  vcpu_mem_haddr;
+qemu_plugin_vcpu_syscall_cb_tvcpu_syscall;
+qemu_plugin_vcpu_syscall_ret_cb_t vcpu_syscall_ret;
+void *generic;
+};
+
+enum plugin_dyn_cb_type {
+PLUGIN_CB_INSN,
+PLUGIN_CB_MEM,
+PLUGIN_CB_HADDR,
+PLUGIN_N_CB_TYPES,
+};
+
+enum plugin_dyn_cb_subtype {
+PLUGIN_CB_REGULAR,
+PLUGIN_CB_INLINE,
+PLUGIN_N_CB_SUBTYPES,
+};
+
+/*
+ * A dynamic callback has an insertion point that is determin

[Qemu-devel] [PATCH v3 12/50] cputlb: introduce get_page_addr_code_hostp

[Alex Bennée]

From: "Emilio G. Cota" 

This will be used by plugins to get the host address
of instructions.

Signed-off-by: Emilio G. Cota 
---
 accel/tcg/cputlb.c  | 14 +-
 include/exec/exec-all.h | 38 ++
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/accel/tcg/cputlb.c b/accel/tcg/cputlb.c
index 3237ff4def..6a0dc438ff 100644
--- a/accel/tcg/cputlb.c
+++ b/accel/tcg/cputlb.c
@@ -1015,7 +1015,8 @@ static bool victim_tlb_hit(CPUArchState *env, size_t 
mmu_idx, size_t index,
   victim_tlb_hit(env, mmu_idx, index, offsetof(CPUTLBEntry, TY), \
  (ADDR) & TARGET_PAGE_MASK)
 
-tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
+tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
+void **hostp)
 {
 uintptr_t mmu_idx = cpu_mmu_index(env, true);
 uintptr_t index = tlb_index(env, mmu_idx, addr);
@@ -1040,13 +1041,24 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env, 
target_ulong addr)
  *than a target page, so we must redo the MMU check every insn
  *  - TLB_MMIO: region is not backed by RAM
  */
+if (hostp) {
+*hostp = NULL;
+}
 return -1;
 }
 
 p = (void *)((uintptr_t)addr + entry->addend);
+if (hostp) {
+*hostp = p;
+}
 return qemu_ram_addr_from_host_nofail(p);
 }
 
+tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr)
+{
+return get_page_addr_code_hostp(env, addr, NULL);
+}
+
 /* Probe for whether the specified guest write access is permitted.
  * If it is not permitted then an exception will be taken in the same
  * way as if this were a real write access (and we will not return).
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 8b1c3d5b9d..90045e77c1 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -21,6 +21,7 @@
 #define EXEC_ALL_H
 
 #include "exec/tb-context.h"
+#include "exec/cpu_ldst.h"
 #include "sysemu/cpus.h"
 
 /* allow to see translation results - the slowdown should be negligible, so we 
leave it */
@@ -492,6 +493,26 @@ static inline tb_page_addr_t 
get_page_addr_code(CPUArchState *env,
 {
 return addr;
 }
+
+/**
+ * get_page_addr_code_hostp() - user-mode version
+ * @env: CPUArchState
+ * @addr: guest virtual address of guest code
+ *
+ * Returns @addr.
+ *
+ * If @hostp is non-NULL, sets *@hostp to the host address where @addr's 
content
+ * is kept.
+ */
+static inline tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env,
+  target_ulong addr,
+  void **hostp)
+{
+if (hostp) {
+*hostp = g2h(addr);
+}
+return addr;
+}
 #else
 static inline void mmap_lock(void) {}
 static inline void mmap_unlock(void) {}
@@ -509,6 +530,23 @@ static inline void mmap_unlock(void) {}
  */
 tb_page_addr_t get_page_addr_code(CPUArchState *env, target_ulong addr);
 
+/**
+ * get_page_addr_code_hostp() - full-system version
+ * @env: CPUArchState
+ * @addr: guest virtual address of guest code
+ *
+ * See get_page_addr_code() (full-system version) for documentation on the
+ * return value.
+ *
+ * Sets *@hostp (when @hostp is non-NULL) as follows.
+ * If the return value is -1, sets *@hostp to NULL. Otherwise, sets *@hostp
+ * to the host address where @addr's content is kept.
+ *
+ * Note: this function can trigger an exception.
+ */
+tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, target_ulong addr,
+void **hostp);
+
 void tlb_reset_dirty(CPUState *cpu, ram_addr_t start1, ram_addr_t length);
 void tlb_set_dirty(CPUState *cpu, target_ulong vaddr);
 
-- 
2.20.1

[Qemu-devel] [PATCH v3 40/50] linux-user: support -plugin option

[Alex Bennée]

From: Lluís Vilanova 

Signed-off-by: Lluís Vilanova 
[ cota: s/instrument/plugin ]
Signed-off-by: Emilio G. Cota 
---
 linux-user/main.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/linux-user/main.c b/linux-user/main.c
index a59ae9439d..1009eab92d 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -33,6 +33,7 @@
 #include "qemu/error-report.h"
 #include "qemu/help_option.h"
 #include "qemu/module.h"
+#include "qemu/plugin.h"
 #include "cpu.h"
 #include "exec/exec-all.h"
 #include "tcg.h"
@@ -387,6 +388,15 @@ static void handle_arg_trace(const char *arg)
 trace_file = trace_opt_parse(arg);
 }
 
+static QemuPluginList plugins = QTAILQ_HEAD_INITIALIZER(plugins);
+
+#ifdef CONFIG_PLUGIN
+static void handle_arg_plugin(const char *arg)
+{
+qemu_plugin_opt_parse(arg, &plugins);
+}
+#endif
+
 struct qemu_argument {
 const char *argv;
 const char *env;
@@ -438,6 +448,10 @@ static const struct qemu_argument arg_table[] = {
  "",   "Seed for pseudo-random number generator"},
 {"trace",  "QEMU_TRACE",   true,  handle_arg_trace,
  "",   "[[enable=]][,events=][,file=]"},
+#ifdef CONFIG_PLUGIN
+{"plugin", "QEMU_PLUGIN",  true,  handle_arg_plugin,
+ "",   "[file=][,arg=]"},
+#endif
 {"version","QEMU_VERSION", false, handle_arg_version,
  "",   "display version information and exit"},
 {NULL, NULL, false, NULL, NULL, NULL}
@@ -628,6 +642,7 @@ int main(int argc, char **argv, char **envp)
 cpu_model = NULL;
 
 qemu_add_opts(&qemu_trace_opts);
+qemu_plugin_add_opts();
 
 optind = parse_args(argc, argv);
 
@@ -635,6 +650,9 @@ int main(int argc, char **argv, char **envp)
 exit(1);
 }
 trace_init_file(trace_file);
+if (qemu_plugin_load_list(&plugins)) {
+exit(1);
+}
 
 /* Zero out regs */
 memset(regs, 0, sizeof(struct target_pt_regs));
-- 
2.20.1

[Qemu-devel] [PATCH v3 07/50] plugin: add user-facing API

[Alex Bennée]

From: "Emilio G. Cota" 

Add the API first to ease review.

Signed-off-by: Emilio G. Cota 
Signed-off-by: Alex Bennée 

---
v3
  - merge in changes to plugin install/reset/uninstall
  - split api file
---
 include/qemu/qemu-plugin.h | 339 +
 1 file changed, 339 insertions(+)
 create mode 100644 include/qemu/qemu-plugin.h

diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h
new file mode 100644
index 00..0db1ef9714
--- /dev/null
+++ b/include/qemu/qemu-plugin.h
@@ -0,0 +1,339 @@
+/*
+ * Copyright (C) 2017, Emilio G. Cota 
+ * Copyright (C) 2019, Linaro
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+#ifndef QEMU_PLUGIN_API_H
+#define QEMU_PLUGIN_API_H
+
+#include 
+#include 
+
+/*
+ * For best performance, build the plugin with -fvisibility=hidden so that
+ * QEMU_PLUGIN_LOCAL is implicit. Then, just mark qemu_plugin_install with
+ * QEMU_PLUGIN_EXPORT. For more info, see
+ *   https://gcc.gnu.org/wiki/Visibility
+ */
+#if defined _WIN32 || defined __CYGWIN__
+  #ifdef BUILDING_DLL
+#define QEMU_PLUGIN_EXPORT __declspec(dllexport)
+  #else
+#define QEMU_PLUGIN_EXPORT __declspec(dllimport)
+  #endif
+  #define QEMU_PLUGIN_LOCAL
+#else
+  #if __GNUC__ >= 4
+#define QEMU_PLUGIN_EXPORT __attribute__((visibility("default")))
+#define QEMU_PLUGIN_LOCAL  __attribute__((visibility("hidden")))
+  #else
+#define QEMU_PLUGIN_EXPORT
+#define QEMU_PLUGIN_LOCAL
+  #endif
+#endif
+
+typedef uint64_t qemu_plugin_id_t;
+
+/**
+ * qemu_plugin_install() - Install a plugin
+ * @id: this plugin's opaque ID
+ * @argc: number of arguments
+ * @argv: array of arguments (@argc elements)
+ *
+ * All plugins must export this symbol.
+ *
+ * Note: Calling qemu_plugin_uninstall() from this function is a bug. To raise
+ * an error during install, return !0.
+ *
+ * Note: @argv remains valid throughout the lifetime of the loaded plugin.
+ */
+QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, int argc,
+   char **argv);
+
+/*
+ * Prototypes for the various callback styles we will be registering
+ * in the following functions.
+ */
+typedef void (*qemu_plugin_simple_cb_t)(qemu_plugin_id_t id);
+
+typedef void (*qemu_plugin_udata_cb_t)(qemu_plugin_id_t id, void *userdata);
+
+typedef void (*qemu_plugin_vcpu_simple_cb_t)(qemu_plugin_id_t id,
+ unsigned int vcpu_index);
+
+typedef void (*qemu_plugin_vcpu_udata_cb_t)(unsigned int vcpu_index,
+void *userdata);
+
+/**
+ * qemu_plugin_uninstall() - Uninstall a plugin
+ * @id: this plugin's opaque ID
+ * @cb: callback to be called once the plugin has been removed
+ *
+ * Do NOT assume that the plugin has been uninstalled once this function
+ * returns. Plugins are uninstalled asynchronously, and therefore the given
+ * plugin receives callbacks until @cb is called.
+ *
+ * Note: Calling this function from qemu_plugin_install() is a bug.
+ */
+void qemu_plugin_uninstall(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb);
+
+/**
+ * qemu_plugin_reset() - Reset a plugin
+ * @id: this plugin's opaque ID
+ * @cb: callback to be called once the plugin has been reset
+ *
+ * Unregisters all callbacks for the plugin given by @id.
+ *
+ * Do NOT assume that the plugin has been reset once this function returns.
+ * Plugins are reset asynchronously, and therefore the given plugin receives
+ * callbacks until @cb is called.
+ */
+void qemu_plugin_reset(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb);
+
+/**
+ * qemu_plugin_register_vcpu_init_cb() - register a vCPU initialization 
callback
+ * @id: plugin ID
+ * @cb: callback function
+ *
+ * The @cb function is called every time a vCPU is initialized.
+ *
+ * See also: qemu_plugin_register_vcpu_exit_cb()
+ */
+void qemu_plugin_register_vcpu_init_cb(qemu_plugin_id_t id,
+   qemu_plugin_vcpu_simple_cb_t cb);
+
+/**
+ * qemu_plugin_register_vcpu_exit_cb() - register a vCPU exit callback
+ * @id: plugin ID
+ * @cb: callback function
+ *
+ * The @cb function is called every time a vCPU exits.
+ *
+ * See also: qemu_plugin_register_vcpu_init_cb()
+ */
+void qemu_plugin_register_vcpu_exit_cb(qemu_plugin_id_t id,
+   qemu_plugin_vcpu_simple_cb_t cb);
+
+/**
+ * qemu_plugin_register_vcpu_idle_cb() - register a vCPU idle callback
+ * @id: plugin ID
+ * @cb: callback function
+ *
+ * The @cb function is called every time a vCPU idles.
+ */
+void qemu_plugin_register_vcpu_idle_cb(qemu_plugin_id_t id,
+   qemu_plugin_vcpu_simple_cb_t cb);
+
+/**
+ * qemu_plugin_register_vcpu_resume_cb() - register a vCPU resume callback
+ * @id: plugin ID
+ * @cb: callback function
+ *
+ * The @cb function is called every time a vCPU resumes execution.
+

Re: [Qemu-devel] [PATCH v5 23/42] blockdev: Use CAF in external_snapshot_prepare()

[Vladimir Sementsov-Ogievskiy]

14.06.2019 19:20, Max Reitz wrote:
> On 14.06.19 17:46, Vladimir Sementsov-Ogievskiy wrote:
>> 13.06.2019 1:09, Max Reitz wrote:
>>> This allows us to differentiate between filters and nodes with COW
>>> backing files: Filters cannot be used as overlays at all (for this
>>> function).
>>>
>>> Signed-off-by: Max Reitz 
>>
>> Overlay created in snapshot operation assumed to consume following writes
>> and it's filtered child becomes readonly.. And filter works in completely 
>> another
>> way.
>>
>> Reviewed-by: Vladimir Sementsov-Ogievskiy 
>>
>> [hmm, I start to like using "filtered child" collocation when I say about 
>> this thing.
>>didn't you think about renaming backing chain to filtered chain?]
> 
> Hm.  There are backing chains and there are backing chains.  There are
> qemu-internal backing chains that consist of a healthy mix of filters
> and COW overlays, and then there are the more high-level backing chains
> the user actually manages, where only the overlays are important.
> 
> I think it would make sense to rename the “qemu-internal backing chains"
> to “filter chains” or something.  But that makes it sound a bit like it
> would only mean R/W filters...  Maybe just “chain”?
> 
> Actually, the only functions I find are is_backing_chain_frozen & Co,
> and they could simply become is_chain_frozen.  Is there anything else?

Chain is too general, may be, blockchain? :)))

And to be serious, one more reason to rename it is yours
bdrv_backing_chain_next which is about user-backing-chain and differs from
frozen-chain related functions.

However, I don't think that these series is good place for this renaming,
it's rather big already.

-- 
Best regards,
Vladimir

[Qemu-devel] [PATCH v3 09/50] plugin: add implementation of the api

[Alex Bennée]

[AJB: split from the core code commit]
Signed-off-by: Alex Bennée 
---
 plugins/Makefile.objs |   1 +
 plugins/api.c | 267 ++
 2 files changed, 268 insertions(+)
 create mode 100644 plugins/api.c

diff --git a/plugins/Makefile.objs b/plugins/Makefile.objs
index 58940335bc..95baabf3d2 100644
--- a/plugins/Makefile.objs
+++ b/plugins/Makefile.objs
@@ -4,3 +4,4 @@
 
 obj-y += loader.o
 obj-y += core.o
+obj-y += api.o
diff --git a/plugins/api.c b/plugins/api.c
new file mode 100644
index 00..1c3aa64702
--- /dev/null
+++ b/plugins/api.c
@@ -0,0 +1,267 @@
+/*
+ * QEMU Plugin API
+ *
+ * This provides the API that is available to the plugins to interact
+ * with QEMU. We have to be careful not to expose internal details of
+ * how QEMU works so we abstract out things like translation and
+ * instructions to anonymous data types:
+ *
+ *  qemu_plugin_tb
+ *  qemu_plugin_insn
+ *
+ * Which can then be passed back into the API to do additional things.
+ * As such all the public functions in here are exported in
+ * qemu-plugin.h.
+ *
+ * The general life-cycle of a plugin is:
+ *
+ *  - plugin is loaded, public qemu_plugin_install called
+ *- the install func registers callbacks for events
+ *- usually an atexit_cb is registered to dump info at the end
+ *  - when a registered event occurs the plugin is called
+ * - some events pass additional info
+ * - during translation the plugin can decide to instrument any
+ *   instruction
+ *  - when QEMU exits all the registered atexit callbacks are called
+ *
+ * Copyright (C) 2017, Emilio G. Cota 
+ * Copyright (C) 2019, Linaro
+ *
+ * License: GNU GPL, version 2 or later.
+ *   See the COPYING file in the top-level directory.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/plugin.h"
+#include "cpu.h"
+#include "sysemu/sysemu.h"
+#include "tcg/tcg.h"
+#include "trace/mem-internal.h" /* mem_info macros */
+#include "plugin.h"
+
+/* Uninstall and Reset handlers */
+
+void qemu_plugin_uninstall(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb)
+{
+plugin_reset_uninstall(id, cb, false);
+}
+
+void qemu_plugin_reset(qemu_plugin_id_t id, qemu_plugin_simple_cb_t cb)
+{
+plugin_reset_uninstall(id, cb, true);
+}
+
+/*
+ * Plugin Register Functions
+ *
+ * This allows the plugin to register callbacks for various events
+ * during the translation.
+ */
+
+void qemu_plugin_register_vcpu_init_cb(qemu_plugin_id_t id,
+   qemu_plugin_vcpu_simple_cb_t cb)
+{
+plugin_register_cb(id, QEMU_PLUGIN_EV_VCPU_INIT, cb);
+}
+
+void qemu_plugin_register_vcpu_exit_cb(qemu_plugin_id_t id,
+   qemu_plugin_vcpu_simple_cb_t cb)
+{
+plugin_register_cb(id, QEMU_PLUGIN_EV_VCPU_EXIT, cb);
+}
+
+void qemu_plugin_register_vcpu_tb_exec_cb(struct qemu_plugin_tb *tb,
+  qemu_plugin_vcpu_udata_cb_t cb,
+  enum qemu_plugin_cb_flags flags,
+  void *udata)
+{
+plugin_register_dyn_cb__udata(&tb->cbs[PLUGIN_CB_REGULAR],
+  cb, flags, udata);
+}
+
+void qemu_plugin_register_vcpu_tb_exec_inline(struct qemu_plugin_tb *tb,
+  enum qemu_plugin_op op,
+  void *ptr, uint64_t imm)
+{
+plugin_register_inline_op(&tb->cbs[PLUGIN_CB_INLINE], 0, op, ptr, imm);
+}
+
+void qemu_plugin_register_vcpu_insn_exec_cb(struct qemu_plugin_insn *insn,
+qemu_plugin_vcpu_udata_cb_t cb,
+enum qemu_plugin_cb_flags flags,
+void *udata)
+{
+
plugin_register_dyn_cb__udata(&insn->cbs[PLUGIN_CB_INSN][PLUGIN_CB_REGULAR],
+cb, flags, udata);
+}
+
+void qemu_plugin_register_vcpu_insn_exec_inline(struct qemu_plugin_insn *insn,
+enum qemu_plugin_op op,
+void *ptr, uint64_t imm)
+{
+plugin_register_inline_op(&insn->cbs[PLUGIN_CB_INSN][PLUGIN_CB_INLINE],
+  0, op, ptr, imm);
+}
+
+
+
+void qemu_plugin_register_vcpu_mem_cb(struct qemu_plugin_insn *insn,
+  qemu_plugin_vcpu_mem_cb_t cb,
+  enum qemu_plugin_cb_flags flags,
+  enum qemu_plugin_mem_rw rw,
+  void *udata)
+{
+plugin_register_vcpu_mem_cb(&insn->cbs[PLUGIN_CB_MEM][PLUGIN_CB_REGULAR],
+cb, flags, rw, udata, false);
+}
+
+void qemu_plugin_register_vcpu_mem_haddr_cb(struct qemu_plugin_insn *insn,
+qemu_plugin_vcpu_mem_haddr_cb_t cb,
+enum q