Re: [PATCH v2 00/20] nvme: support NVMe v1.3d, SGLs and multiple namespaces

[Fam Zheng]

On Tue, 10/15 12:38, Klaus Jensen wrote:
> Hi,
> 
> (Quick note to Fam): most of this series is irrelevant to you as the
> maintainer of the nvme block driver, but patch "nvme: add support for
> scatter gather lists" touches block/nvme.c due to changes in the shared
> NvmeCmd struct.

Yeah, that part looks sane to me. For the block/nvme.c bit:

Acked-by: Fam Zheng 

Re: Python 2 and test/vm/netbsd

[Thomas Huth]

On 16/10/2019 05.00, Eduardo Habkost wrote:
> On Tue, Sep 17, 2019 at 08:31:40PM -0300, Eduardo Habkost wrote:
>> On Mon, Jul 01, 2019 at 07:25:27PM -0300, Eduardo Habkost wrote:
>>> On Mon, Jun 10, 2019 at 01:58:50PM +0100, Peter Maydell wrote:
> [...]
 The configure check also spits out deprecation warnings for
 the NetBSD/FreeBSD/OpenBSD tests/vm configurations. It would be nice
 to get those updated.
>>>
>>> CCing the test/vm maintainers.
>>>
>>> Fam, Alex, are you able to fix this and create new BSD VM images
>>> with Python 3 available?  I thought the VM image configurations
>>> were stored in the source tree, but they are downloaded from
>>> download.patchew.org.
>>
>> Fam, Alex, can you help us on this?  Python 2 won't be supported
>> anymore, so we need the VM images to be updated.
> 
> Anyone?
> 
> I'm about to submit patches to remove Python 2 support, and this
> will break tests/vm/netbsd.
> 
> I'm powerless to fix this issue, because the netbsd image is
> hosted at download.patchew.org.

Gerd had a patch to convert the netbsd VM script to ad hoc image
creation, too:

https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04459.html

But there was a regression with the serial port between QEMU v3.0 and
v4.x, so it was not included:

https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg06784.html

I guess someone™ needs to bisect that regression, so we can fix that bug
and finally include Gerd's patch...

 Thomas

Re: [PATCH v3 0/5] qcow2: advanced compression options

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/1571163625-642312-1-git-send-email-andrey.shinkev...@virtuozzo.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

--> Processing Dependency: perl(File::Copy) for package: 
git-1.8.3.1-20.el7.x86_64
--> Processing Dependency: perl(File::Basename) for package: 
git-1.8.3.1-20.el7.x86_64
--> Processing Dependency: perl(Exporter) for package: git-1.8.3.1-20.el7.x86_64
--> Processing Dependency: perl(Error) for package: git-1.8.3.1-20.el7.x86_64
--> Processing Dependency: openssh-clients for package: 
git-1.8.3.1-20.el7.x86_64
--> Processing Dependency: less for package: git-1.8.3.1-20.el7.x86_64
--> Processing Dependency: /usr/bin/perl for package: git-1.8.3.1-20.el7.x86_64
---
--> Processing Dependency: perl(Filter::Util::Call) for package: 
4:perl-5.16.3-294.el7_6.x86_64
--> Processing Dependency: libperl.so()(64bit) for package: 
4:perl-5.16.3-294.el7_6.x86_64
---> Package perl-Carp.noarch 0:1.26-244.el7 will be installed
---> Package perl-Error.noarch 1:0.17020-2.el7 will be installed
---> Package perl-Exporter.noarch 0:5.68-3.el7 will be installed
---> Package perl-File-Path.noarch 0:2.09-2.el7 will be installed
---> Package perl-File-Temp.noarch 0:0.23.01-3.el7 will be installed
---
 perl-Carpnoarch 1.26-244.el7   base   19 k
 perl-Data-Dumper x86_64 2.145-3.el7base   47 k
 perl-Encode  x86_64 2.51-7.el7 base  1.5 M
 perl-Error   noarch 1:0.17020-2.el7base   32 k
 perl-Exporternoarch 5.68-3.el7 base   28 k
 perl-File-Path   noarch 2.09-2.el7 base   26 k
 perl-File-Temp   noarch 0.23.01-3.el7  base   56 k
---
Total download size: 146 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/epel/packages/ccache-3.3.4-1.el7.x86_64.rpm: 
Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for ccache-3.3.4-1.el7.x86_64.rpm is not installed
warning: 
/var/cache/yum/x86_64/7/centos-virt-xen-48/packages/kernel-headers-4.9.188-35.el7.x86_64.rpm:
 Header V4 RSA/SHA1 Signature, key ID 61e8806c: NOKEY
Public key for kernel-headers-4.9.188-35.el7.x86_64.rpm is not installed

Total  7.5 MB/s | 146 MB  00:19 
---
  Updating   : glibc-common-2.17-292.el7.x86_64   2/315 
  Updating   : nss-softokn-freebl-3.44.0-5.el7.x86_64 3/315 
  Updating   : glibc-2.17-292.el7.x86_64  4/315 
warning: /etc/nsswitch.conf created as /etc/nsswitch.conf.rpmnew
  Updating   : nspr-4.21.0-1.el7.x86_64   5/315 
  Updating   : nss-util-3.44.0-3.el7.x86_64   6/315 
  Updating   : libstdc++-4.8.5-39.el7.x86_64  7/315 
---
  Installing : 1:perl-Pod-Simple-3.28-4.el7.noarch  118/315 
  Installing : perl-Getopt-Long-2.40-3.el7.noarch   119/315 
  Installing : 4:perl-5.16.3-294.el7_6.x86_64   120/315 
  Installing : 1:perl-Error-0.17020-2.el7.noarch121/315 
  Installing : perl-TermReadKey-2.30-20.el7.x86_64  122/315 
  Installing : perl-Data-Dumper-2.145-3.el7.x86_64  123/315 
  Installing : autoconf-2.69-11.el7.noarch  124/315 
---
  Installing : python-rpm-macros-3-32.el7.noarch193/315 
  Installing : libffi-devel-3.0.13-18.el7.x86_64194/315 
install-info: No such file or directory for /usr/share/info/libffi.info.gz
warning: %post(libffi-devel-3.0.13-18.el7.x86_64) scriptlet failed, exit status 
1
Non-fatal POSTIN scriptlet failure in rpm package 
libffi-devel-3.0.13-18.el7.x86_64
  Installing : xml-common-0.6.3-39.el7.noarch   195/315 
  Installing : iso-codes-3.46-2.el7.noarch  196/315 
---
  Verifying  : flac-libs-1.3.0-5.el7_1.x86_64   261/315 
  Verifying  : opus-1.0.2-6.el7.x86_64  262/315 
  Verifying  : libuuid-2.23.2-61.el7.x86_64 263/315 
  Verifying  : 1:perl-Error-0.17020-2.el7.noarch264/315 
  Verifying  : libXfixes-5.0.3-1.el7.x86_64 265/315 
  Verifying  : xml-common-0.6.3-39.el7.noarch  

Re: [PATCH v3 0/5] qcow2: advanced compression options

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/1571163625-642312-1-git-send-email-andrey.shinkev...@virtuozzo.com/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  block/blklogwrites.o
  CC  block/block-backend.o
/tmp/qemu-test/src/block/qcow2.c: In function 
'qcow2_co_pwritev_compressed_part':
/tmp/qemu-test/src/block/qcow2.c:4244:9: error: 'ret' may be used uninitialized 
in this function [-Werror=maybe-uninitialized]
 int ret;
 ^~~
cc1: all warnings being treated as errors
make: *** [/tmp/qemu-test/src/rules.mak:69: block/qcow2.o] Error 1
make: *** Waiting for unfinished jobs
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 664, in 
---
  File "/opt/rh/rh-python36/root/usr/lib64/python3.6/subprocess.py", line 291, 
in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=4299392cefd911e9addb68b59973b7d0', '-u', 
'1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-r2c14at8/src/docker-src.2019-10-16-01.53.08.3890:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit 
status 2.
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-r2c14at8/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real2m50.343s
user0m8.261s


The full log is available at
http://patchew.org/logs/1571163625-642312-1-git-send-email-andrey.shinkev...@virtuozzo.com/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH 00/32] hw/i386/pc: Split PIIX3 southbridge from i440FX northbridge

[no-reply]

Patchew URL: https://patchew.org/QEMU/20191015162705.28087-1-phi...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH 00/32] hw/i386/pc: Split PIIX3 southbridge from i440FX 
northbridge
Type: series
Message-id: 20191015162705.28087-1-phi...@redhat.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
e28fc07 hw/pci-host/i440fx: Remove the last PIIX3 traces
4278fc5 hw/pci-host: Rename incorrectly named 'piix' as 'i440fx'
b5bb11c hw/pci-host/piix: Extract PIIX3 functions to hw/isa/piix3.c
256b64d hw/pci-host/piix: Fix code style issues
e2e38d8 hw/pci-host/piix: Move i440FX declarations to hw/pci-host/i440fx.h
ec3e0e7 hw/pci-host/piix: Define and use the PIIX IRQ Route Control Registers
7da0dc4 hw/pci-host/piix: Move RCR_IOPORT register definition
de2f83b hw/pci-host/piix: Extract piix3_create()
1f33a16 hw/i386/pc: Remove kvm_i386.h include
120bf64 hw/i386/pc: Extract pc_i8259_create()
7f4aed6 hw/i386/pc: Move gsi_state creation code
af0863c hw/i386/pc: Reduce gsi_handler scope
a3f9ad9 hw/i386/pc: Extract pc_gsi_create()
933d1cd hw/isa/piix4: Move piix4_create() to hw/isa/piix4.c
223c701 hw/mips/mips_malta: Extract the PIIX4 creation code as piix4_create()
3db0574 hw/mips/mips_malta: Create IDE hard drive array dynamically
59225b9 piix4: add a mc146818rtc controller as specified in datasheet
da01d59 piix4: add a i8254 pit controller as specified in datasheet
40518db piix4: add a i8257 dma controller as specified in datasheet
015de71 piix4: convert reset function to QOM
3a68c8f piix4: rename PIIX4 object to piix4-isa
da51c52 Revert "irq: introduce qemu_irq_proxy()"
8cdeacf piix4: add a i8259 interrupt controller as specified in datasheet
ecc92c2 piix4: add Reset Control Register
c2cd556 piix4: rename some variables in realize function
67d9be5 MAINTAINERS: Keep PIIX4 South Bridge separate from PC Chipsets
0567e9d mc146818rtc: always register rtc to rtc list
3d9897a mc146818rtc: Include "mc146818rtc_regs.h" directly in mc146818rtc.c
4c0fde0 mc146818rtc: Move RTC_ISA_IRQ definition
1a8427e mc146818rtc: move structure to header file
0e65956 hw/i386/pc: Move kvm_i8259_init() declaration to sysemu/kvm.h
0201c90 hw/i386: Remove obsolete LoadStateHandler::load_state_old handlers

=== OUTPUT BEGIN ===
1/32 Checking commit 0201c90e8aaf (hw/i386: Remove obsolete 
LoadStateHandler::load_state_old handlers)
2/32 Checking commit 0e659563bbd2 (hw/i386/pc: Move kvm_i8259_init() 
declaration to sysemu/kvm.h)
3/32 Checking commit 1a8427ecaa92 (mc146818rtc: move structure to header file)
4/32 Checking commit 4c0fde00c150 (mc146818rtc: Move RTC_ISA_IRQ definition)
5/32 Checking commit 3d9897ae2cf0 (mc146818rtc: Include "mc146818rtc_regs.h" 
directly in mc146818rtc.c)
6/32 Checking commit 0567e9df0795 (mc146818rtc: always register rtc to rtc list)
7/32 Checking commit 67d9be561c0c (MAINTAINERS: Keep PIIX4 South Bridge 
separate from PC Chipsets)
8/32 Checking commit c2cd5561adf9 (piix4: rename some variables in realize 
function)
9/32 Checking commit ecc92c2678b0 (piix4: add Reset Control Register)
10/32 Checking commit 8cdeacff34b5 (piix4: add a i8259 interrupt controller as 
specified in datasheet)
11/32 Checking commit da51c5247d1f (Revert "irq: introduce qemu_irq_proxy()")
12/32 Checking commit 3a68c8f5ff30 (piix4: rename PIIX4 object to piix4-isa)
13/32 Checking commit 015de71b6e75 (piix4: convert reset function to QOM)
14/32 Checking commit 40518dbbdc82 (piix4: add a i8257 dma controller as 
specified in datasheet)
15/32 Checking commit da01d594d8dd (piix4: add a i8254 pit controller as 
specified in datasheet)
16/32 Checking commit 59225b98d0d6 (piix4: add a mc146818rtc controller as 
specified in datasheet)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#192: 
deleted file mode 100644

total: 0 errors, 1 warnings, 166 lines checked

Patch 16/32 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
17/32 Checking commit 3db0574cf65a (hw/mips/mips_malta: Create IDE hard drive 
array dynamically)
18/32 Checking commit 223c701490d0 (hw/mips/mips_malta: Extract the PIIX4 
creation code as piix4_create())
19/32 Checking commit 933d1cdd6cf9 (hw/isa/piix4: Move piix4_create() to 
hw/isa/piix4.c)
20/32 Checking commit a3f9ad9887ff (hw/i386/pc: Extract pc_gsi_create())
21/32 Checking commit af0863c35ccb (hw/i386/pc: Reduce gsi_handler scope)
22/32 Checking commit 7f4aed6122ba (hw/i386/pc: Move gsi_state creation code)
23/32 Checking commit 120bf64ae89c (hw/i386/pc: Extract pc_i8259_create())
24/32 Checking commit 1f33a16f966e (hw/i386/pc: Remove kvm_

Re: [PATCH v19 2/5] docs: APEI GHES generation and CPER record description

[Xiang Zheng]

On 2019/10/15 23:08, Peter Maydell wrote:
> On Tue, 15 Oct 2019 at 15:02, Xiang Zheng  wrote:
>>
>> From: Dongjiu Geng 
>>
>> Add APEI/GHES detailed design document
>>
>> Signed-off-by: Dongjiu Geng 
>> Signed-off-by: Xiang Zheng 
>> ---
>>  docs/specs/acpi_hest_ghes.rst | 94 
>> +++
>>  docs/specs/index.rst  |  1 +
>>  2 files changed, 95 insertions(+)
>>  create mode 100644 docs/specs/acpi_hest_ghes.rst
>>
>> diff --git a/docs/specs/acpi_hest_ghes.rst b/docs/specs/acpi_hest_ghes.rst
>> new file mode 100644
>> index 000..905b6d1
>> --- /dev/null
>> +++ b/docs/specs/acpi_hest_ghes.rst
>> @@ -0,0 +1,94 @@
>> +APEI tables generating and CPER record
>> +==
>> +
>> +Copyright (c) 2019 HUAWEI TECHNOLOGIES CO., LTD.
>> +
>> +This work is licensed under the terms of the GNU GPL, version 2 or later.
>> +See the COPYING file in the top-level directory.
> 
> This puts the copyright/license statement into the HTML rendered
> docs seen by the user. We generally put them into an RST comment,
> so they're in the source .rst but not the rendered views, like this:
> 
> diff --git a/docs/specs/acpi_hest_ghes.rst b/docs/specs/acpi_hest_ghes.rst
> index 5b43e4b0da2..348825f9d3e 100644
> --- a/docs/specs/acpi_hest_ghes.rst
> +++ b/docs/specs/acpi_hest_ghes.rst
> @@ -1,10 +1,11 @@
>  APEI tables generating and CPER record
>  ==
> 
> -Copyright (c) 2019 HUAWEI TECHNOLOGIES CO., LTD.
> +..
> +   Copyright (c) 2019 HUAWEI TECHNOLOGIES CO., LTD.
> 
> -This work is licensed under the terms of the GNU GPL, version 2 or later.
> -See the COPYING file in the top-level directory.
> +   This work is licensed under the terms of the GNU GPL, version 2 or later.
> +   See the COPYING file in the top-level directory.
> 

OK.

> 
>> +(9) When QEMU gets a SIGBUS from the kernel, QEMU formats the CPER right 
>> into
>> +guest memory, and then injects platform specific interrupt (in case of
>> +arm/virt machine it's Synchronous External Abort) as a notification 
>> which
>> +is necessary for notifying the guest.
>> +
>> +(10) This notification (in virtual hardware) will be handled by the guest
>> +kernel, guest APEI driver will read the CPER which is recorded by QEMU 
>> and
>> +do the recovery.
> 
> Sphinx thinks the indentation here is not syntactically valid:
> 
>   SPHINX  docs/specs
> 
> Warning, treated as error:
> /home/petmay01/linaro/qemu-from-laptop/qemu/docs/specs/acpi_hest_ghes.rst:93:Enumerated
> list ends without a blank line; unexpected unindent.
> Makefile:997: recipe for target 'docs/specs/index.html' failed
> 
> That's because for an enumerated list all the lines in the paragraph need to
> start at the same column. Moving in the two following lines in the (10) item
> fixes this:
> 
> --- a/docs/specs/acpi_hest_ghes.rst
> +++ b/docs/specs/acpi_hest_ghes.rst
> @@ -90,5 +90,5 @@ Design Details
>  is necessary for notifying the guest.
> 
>  (10) This notification (in virtual hardware) will be handled by the guest
> -kernel, guest APEI driver will read the CPER which is recorded by QEMU 
> and
> -do the recovery.
> + kernel, guest APEI driver will read the CPER which is recorded by QEMU 
> and
> + do the recovery.
> 

Thanks, I will fix them.


-- 

Thanks,
Xiang

Python 2 and test/vm/netbsd (was Re: [Qemu-devel] [PULL 0/8] Python queue, 2019-06-07)

[Eduardo Habkost]

On Tue, Sep 17, 2019 at 08:31:40PM -0300, Eduardo Habkost wrote:
> On Mon, Jul 01, 2019 at 07:25:27PM -0300, Eduardo Habkost wrote:
> > On Mon, Jun 10, 2019 at 01:58:50PM +0100, Peter Maydell wrote:
[...]
> > > The configure check also spits out deprecation warnings for
> > > the NetBSD/FreeBSD/OpenBSD tests/vm configurations. It would be nice
> > > to get those updated.
> > 
> > CCing the test/vm maintainers.
> > 
> > Fam, Alex, are you able to fix this and create new BSD VM images
> > with Python 3 available?  I thought the VM image configurations
> > were stored in the source tree, but they are downloaded from
> > download.patchew.org.
> 
> Fam, Alex, can you help us on this?  Python 2 won't be supported
> anymore, so we need the VM images to be updated.

Anyone?

I'm about to submit patches to remove Python 2 support, and this
will break tests/vm/netbsd.

I'm powerless to fix this issue, because the netbsd image is
hosted at download.patchew.org.

-- 
Eduardo

Re: [PATCH v2 3/4] apic: Use 32bit APIC ID for migration instance ID

[Eduardo Habkost]

On Wed, Oct 16, 2019 at 10:29:32AM +0800, Peter Xu wrote:
> Migration is silently broken now with x2apic config like this:
> 
>  -smp 200,maxcpus=288,sockets=2,cores=72,threads=2 \
>  -device intel-iommu,intremap=on,eim=on
> 
> After migration, the guest kernel could hang at anything, due to
> x2apic bit not migrated correctly in IA32_APIC_BASE on some vcpus, so
> any operations related to x2apic could be broken then (e.g., RDMSR on
> x2apic MSRs could fail because KVM would think that the vcpu hasn't
> enabled x2apic at all).
> 
> The issue is that the x2apic bit was never applied correctly for vcpus
> whose ID > 255 when migrate completes, and that's because when we
> migrate APIC we use the APICCommonState.id as instance ID of the
> migration stream, while that's too short for x2apic.
> 
> Let's use the newly introduced initial_apic_id for that.
> 
> Signed-off-by: Peter Xu 

Reviewed-by: Eduardo Habkost 

-- 
Eduardo

[PATCH v2 4/4] migration: Check in savevm_state_handler_insert for dups

[Peter Xu]

Before finally register one SaveStateEntry, we detect for duplicated
entries.  This could be helpful to notify us asap instead of get
silent migration failures which could be hard to diagnose.

For example, this patch will generate a message like this (if without
previous fixes on x2apic) as long as we wants to boot a VM instance
with "-smp 200,maxcpus=288,sockets=2,cores=72,threads=2" and QEMU will
bail out even before VM starts:

savevm_state_handler_insert: Detected duplicate SaveStateEntry: id=apic, 
instance_id=0x0

Suggested-by: Dr. David Alan Gilbert 
Signed-off-by: Peter Xu 
---
 migration/savevm.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/migration/savevm.c b/migration/savevm.c
index 1e44f06d7a..83e91ddafa 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -264,6 +264,8 @@ static SaveState savevm_state = {
 .global_section_id = 0,
 };
 
+static SaveStateEntry *find_se(const char *idstr, uint32_t instance_id);
+
 static bool should_validate_capability(int capability)
 {
 assert(capability >= 0 && capability < MIGRATION_CAPABILITY__MAX);
@@ -714,6 +716,18 @@ static void savevm_state_handler_insert(SaveStateEntry 
*nse)
 
 assert(priority <= MIG_PRI_MAX);
 
+/*
+ * This should never happen otherwise migration will probably fail
+ * silently somewhere because we can be wrongly applying one
+ * object properties upon another one.  Bail out ASAP.
+ */
+if (find_se(nse->idstr, nse->instance_id)) {
+error_report("%s: Detected duplicate SaveStateEntry: "
+ "id=%s, instance_id=0x%"PRIx32, __func__,
+ nse->idstr, nse->instance_id);
+exit(EXIT_FAILURE);
+}
+
 QTAILQ_FOREACH(se, &savevm_state.handlers, entry) {
 if (save_state_priority(se) < priority) {
 break;
-- 
2.21.0

[PATCH v2 3/4] apic: Use 32bit APIC ID for migration instance ID

[Peter Xu]

Migration is silently broken now with x2apic config like this:

 -smp 200,maxcpus=288,sockets=2,cores=72,threads=2 \
 -device intel-iommu,intremap=on,eim=on

After migration, the guest kernel could hang at anything, due to
x2apic bit not migrated correctly in IA32_APIC_BASE on some vcpus, so
any operations related to x2apic could be broken then (e.g., RDMSR on
x2apic MSRs could fail because KVM would think that the vcpu hasn't
enabled x2apic at all).

The issue is that the x2apic bit was never applied correctly for vcpus
whose ID > 255 when migrate completes, and that's because when we
migrate APIC we use the APICCommonState.id as instance ID of the
migration stream, while that's too short for x2apic.

Let's use the newly introduced initial_apic_id for that.

Signed-off-by: Peter Xu 
---
 hw/intc/apic_common.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
index fabfa7320b..f0d88a1b14 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -315,7 +315,10 @@ static void apic_common_realize(DeviceState *dev, Error 
**errp)
 APICCommonState *s = APIC_COMMON(dev);
 APICCommonClass *info;
 static DeviceState *vapic;
-uint32_t instance_id = s->id;
+uint32_t instance_id = s->initial_apic_id;
+
+/* Normally initial APIC ID should be no more than hundreds */
+assert(instance_id != VMSTATE_INSTANCE_ID_ANY);
 
 info = APIC_COMMON_GET_CLASS(s);
 info->realize(dev, errp);
-- 
2.21.0

[PATCH v2 2/4] migration: Change SaveStateEntry.instance_id into uint32_t

[Peter Xu]

It was always used as 32bit, so define it as used to be clear.
Instead of using -1 as the auto-gen magic value, we switch to
UINT32_MAX.  We also make sure that we don't auto-gen this value to
avoid overflowed instance IDs without being noticed.

Suggested-by: Juan Quintela 
Signed-off-by: Peter Xu 
---
 hw/intc/apic_common.c|  2 +-
 include/migration/register.h |  2 +-
 include/migration/vmstate.h  |  6 +++---
 migration/savevm.c   | 18 ++
 stubs/vmstate.c  |  2 +-
 5 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
index 22da53ce8a..fabfa7320b 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -315,7 +315,7 @@ static void apic_common_realize(DeviceState *dev, Error 
**errp)
 APICCommonState *s = APIC_COMMON(dev);
 APICCommonClass *info;
 static DeviceState *vapic;
-int instance_id = s->id;
+uint32_t instance_id = s->id;
 
 info = APIC_COMMON_GET_CLASS(s);
 info->realize(dev, errp);
diff --git a/include/migration/register.h b/include/migration/register.h
index a13359a08d..f3ba10b6ef 100644
--- a/include/migration/register.h
+++ b/include/migration/register.h
@@ -69,7 +69,7 @@ typedef struct SaveVMHandlers {
 } SaveVMHandlers;
 
 int register_savevm_live(const char *idstr,
- int instance_id,
+ uint32_t instance_id,
  int version_id,
  const SaveVMHandlers *ops,
  void *opaque);
diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h
index c551470299..67bc63e30e 100644
--- a/include/migration/vmstate.h
+++ b/include/migration/vmstate.h
@@ -1113,17 +1113,17 @@ int vmstate_save_state_v(QEMUFile *f, const 
VMStateDescription *vmsd,
 
 bool vmstate_save_needed(const VMStateDescription *vmsd, void *opaque);
 
-#define  VMSTATE_INSTANCE_ID_ANY  -1
+#define  VMSTATE_INSTANCE_ID_ANY  UINT32_MAX
 
 /* Returns: 0 on success, -1 on failure */
-int vmstate_register_with_alias_id(DeviceState *dev, int instance_id,
+int vmstate_register_with_alias_id(DeviceState *dev, uint32_t instance_id,
const VMStateDescription *vmsd,
void *base, int alias_id,
int required_for_version,
Error **errp);
 
 /* Returns: 0 on success, -1 on failure */
-static inline int vmstate_register(DeviceState *dev, int instance_id,
+static inline int vmstate_register(DeviceState *dev, uint32_t instance_id,
const VMStateDescription *vmsd,
void *opaque)
 {
diff --git a/migration/savevm.c b/migration/savevm.c
index 0074572a52..1e44f06d7a 100644
--- a/migration/savevm.c
+++ b/migration/savevm.c
@@ -233,7 +233,7 @@ typedef struct CompatEntry {
 typedef struct SaveStateEntry {
 QTAILQ_ENTRY(SaveStateEntry) entry;
 char idstr[256];
-int instance_id;
+uint32_t instance_id;
 int alias_id;
 int version_id;
 /* version id read from the stream */
@@ -665,10 +665,10 @@ void dump_vmstate_json_to_file(FILE *out_file)
 fclose(out_file);
 }
 
-static int calculate_new_instance_id(const char *idstr)
+static uint32_t calculate_new_instance_id(const char *idstr)
 {
 SaveStateEntry *se;
-int instance_id = 0;
+uint32_t instance_id = 0;
 
 QTAILQ_FOREACH(se, &savevm_state.handlers, entry) {
 if (strcmp(idstr, se->idstr) == 0
@@ -676,6 +676,8 @@ static int calculate_new_instance_id(const char *idstr)
 instance_id = se->instance_id + 1;
 }
 }
+/* Make sure we never loop over without being noticed */
+assert(instance_id != VMSTATE_INSTANCE_ID_ANY);
 return instance_id;
 }
 
@@ -730,7 +732,7 @@ static void savevm_state_handler_insert(SaveStateEntry *nse)
Meanwhile pass -1 as instance_id if you do not already have a clearly
distinguishing id for all instances of your device class. */
 int register_savevm_live(const char *idstr,
- int instance_id,
+ uint32_t instance_id,
  int version_id,
  const SaveVMHandlers *ops,
  void *opaque)
@@ -784,7 +786,7 @@ void unregister_savevm(DeviceState *dev, const char *idstr, 
void *opaque)
 }
 }
 
-int vmstate_register_with_alias_id(DeviceState *dev, int instance_id,
+int vmstate_register_with_alias_id(DeviceState *dev, uint32_t instance_id,
const VMStateDescription *vmsd,
void *opaque, int alias_id,
int required_for_version,
@@ -1566,7 +1568,7 @@ int qemu_save_device_state(QEMUFile *f)
 return qemu_file_get_error(f);
 }
 
-static SaveStateEntry *find_se(const char *idstr, int instance_id)
+static SaveStateEntry *find_se(cons

[PATCH v2 0/4] apic: Fix migration breakage of >255 vcpus

[Peter Xu]

v2:
- use uint32_t rather than int64_t [Juan]
- one more patch (patch 4) to check dup SaveStateEntry [Dave]
- one more patch to define a macro (patch 1) to simplify patch 2

Please review, thanks.

Peter Xu (4):
  migration: Define VMSTATE_INSTANCE_ID_ANY
  migration: Change SaveStateEntry.instance_id into uint32_t
  apic: Use 32bit APIC ID for migration instance ID
  migration: Check in savevm_state_handler_insert for dups

 hw/arm/stellaris.c   |  2 +-
 hw/core/qdev.c   |  3 ++-
 hw/display/ads7846.c |  2 +-
 hw/i2c/core.c|  2 +-
 hw/input/stellaris_input.c   |  3 ++-
 hw/intc/apic_common.c|  7 +--
 hw/misc/max111x.c|  2 +-
 hw/net/eepro100.c|  2 +-
 hw/pci/pci.c |  2 +-
 hw/ppc/spapr.c   |  2 +-
 hw/timer/arm_timer.c |  2 +-
 hw/tpm/tpm_emulator.c|  3 ++-
 include/migration/register.h |  2 +-
 include/migration/vmstate.h  |  6 --
 migration/savevm.c   | 40 +---
 stubs/vmstate.c  |  2 +-
 16 files changed, 53 insertions(+), 29 deletions(-)

-- 
2.21.0

[PATCH v2 1/4] migration: Define VMSTATE_INSTANCE_ID_ANY

[Peter Xu]

Define the new macro VMSTATE_INSTANCE_ID_ANY for callers who wants to
auto-generate the vmstate instance ID.  Previously it was hard coded
as -1 instead of this macro.  It helps to change this default value in
the follow up patches.  No functional change.

Signed-off-by: Peter Xu 
---
 hw/arm/stellaris.c  | 2 +-
 hw/core/qdev.c  | 3 ++-
 hw/display/ads7846.c| 2 +-
 hw/i2c/core.c   | 2 +-
 hw/input/stellaris_input.c  | 3 ++-
 hw/intc/apic_common.c   | 2 +-
 hw/misc/max111x.c   | 2 +-
 hw/net/eepro100.c   | 2 +-
 hw/pci/pci.c| 2 +-
 hw/ppc/spapr.c  | 2 +-
 hw/timer/arm_timer.c| 2 +-
 hw/tpm/tpm_emulator.c   | 3 ++-
 include/migration/vmstate.h | 2 ++
 migration/savevm.c  | 8 
 14 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index b198066b54..bb025e0bd0 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -708,7 +708,7 @@ static int stellaris_sys_init(uint32_t base, qemu_irq irq,
 memory_region_init_io(&s->iomem, NULL, &ssys_ops, s, "ssys", 0x1000);
 memory_region_add_subregion(get_system_memory(), base, &s->iomem);
 ssys_reset(s);
-vmstate_register(NULL, -1, &vmstate_stellaris_sys, s);
+vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_stellaris_sys, s);
 return 0;
 }
 
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index cbad6c1d55..86031f961d 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -866,7 +866,8 @@ static void device_set_realized(Object *obj, bool value, 
Error **errp)
 dev->canonical_path = object_get_canonical_path(OBJECT(dev));
 
 if (qdev_get_vmsd(dev)) {
-if (vmstate_register_with_alias_id(dev, -1, qdev_get_vmsd(dev), 
dev,
+if (vmstate_register_with_alias_id(dev, VMSTATE_INSTANCE_ID_ANY,
+   qdev_get_vmsd(dev), dev,
dev->instance_id_alias,
dev->alias_required_for_version,
&local_err) < 0) {
diff --git a/hw/display/ads7846.c b/hw/display/ads7846.c
index c12272ae72..9228b40b1a 100644
--- a/hw/display/ads7846.c
+++ b/hw/display/ads7846.c
@@ -154,7 +154,7 @@ static void ads7846_realize(SSISlave *d, Error **errp)
 
 ads7846_int_update(s);
 
-vmstate_register(NULL, -1, &vmstate_ads7846, s);
+vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_ads7846, s);
 }
 
 static void ads7846_class_init(ObjectClass *klass, void *data)
diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index 92cd489069..d770035ba0 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -61,7 +61,7 @@ I2CBus *i2c_init_bus(DeviceState *parent, const char *name)
 
 bus = I2C_BUS(qbus_create(TYPE_I2C_BUS, parent, name));
 QLIST_INIT(&bus->current_devs);
-vmstate_register(NULL, -1, &vmstate_i2c_bus, bus);
+vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_i2c_bus, bus);
 return bus;
 }
 
diff --git a/hw/input/stellaris_input.c b/hw/input/stellaris_input.c
index 59892b07fc..e6ee5e11f1 100644
--- a/hw/input/stellaris_input.c
+++ b/hw/input/stellaris_input.c
@@ -88,5 +88,6 @@ void stellaris_gamepad_init(int n, qemu_irq *irq, const int 
*keycode)
 }
 s->num_buttons = n;
 qemu_add_kbd_event_handler(stellaris_gamepad_put_key, s);
-vmstate_register(NULL, -1, &vmstate_stellaris_gamepad, s);
+vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY,
+ &vmstate_stellaris_gamepad, s);
 }
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
index aafd8e0e33..22da53ce8a 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -331,7 +331,7 @@ static void apic_common_realize(DeviceState *dev, Error 
**errp)
 }
 
 if (s->legacy_instance_id) {
-instance_id = -1;
+instance_id = VMSTATE_INSTANCE_ID_ANY;
 }
 vmstate_register_with_alias_id(NULL, instance_id, &vmstate_apic_common,
s, -1, 0, NULL);
diff --git a/hw/misc/max111x.c b/hw/misc/max111x.c
index a713149f16..81ee73e0da 100644
--- a/hw/misc/max111x.c
+++ b/hw/misc/max111x.c
@@ -146,7 +146,7 @@ static int max111x_init(SSISlave *d, int inputs)
 s->input[7] = 0x80;
 s->com = 0;
 
-vmstate_register(dev, -1, &vmstate_max111x, s);
+vmstate_register(dev, VMSTATE_INSTANCE_ID_ANY, &vmstate_max111x, s);
 return 0;
 }
 
diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
index cc2dd8b1c9..39920c6dc5 100644
--- a/hw/net/eepro100.c
+++ b/hw/net/eepro100.c
@@ -1874,7 +1874,7 @@ static void e100_nic_realize(PCIDevice *pci_dev, Error 
**errp)
 
 s->vmstate = g_memdup(&vmstate_eepro100, sizeof(vmstate_eepro100));
 s->vmstate->name = qemu_get_queue(s->nic)->model;
-vmstate_register(&pci_dev->qdev, -1, s->vmstate, s);
+vmstate_register(&pci_dev->qdev, VMSTATE_INSTANCE_ID_ANY, s->vmstate, s);
 }
 
 static

Re: [PATCH v3 10/10] vfio: unplug failover primary device before migration

[Alex Williamson]

On Fri, 11 Oct 2019 13:20:15 +0200
Jens Freimann  wrote:

> As usual block all vfio-pci devices from being migrated, but make an
> exception for failover primary devices. This is achieved by setting
> unmigratable to 0 but also add a migration blocker for all vfio-pci
> devices except failover primary devices. These will be unplugged before
> migration happens by the migration handler of the corresponding
> virtio-net standby device.
> 
> Signed-off-by: Jens Freimann 
> ---
>  hw/vfio/pci.c | 35 ++-
>  hw/vfio/pci.h |  2 ++
>  2 files changed, 36 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
> index c5e6fe61cb..64cf8e07d9 100644
> --- a/hw/vfio/pci.c
> +++ b/hw/vfio/pci.c
> @@ -40,6 +40,9 @@
>  #include "pci.h"
>  #include "trace.h"
>  #include "qapi/error.h"
> +#include "migration/blocker.h"
> +#include "qemu/option.h"
> +#include "qemu/option_int.h"
>  
>  #define TYPE_VFIO_PCI "vfio-pci"
>  #define PCI_VFIO(obj)OBJECT_CHECK(VFIOPCIDevice, obj, TYPE_VFIO_PCI)
> @@ -2698,6 +2701,12 @@ static void vfio_unregister_req_notifier(VFIOPCIDevice 
> *vdev)
>  vdev->req_enabled = false;
>  }
>  
> +static int has_net_failover_arg(void *opaque, const char *name,
> +   const char *value, Error **errp)
> +{
> +return (strcmp(name, "net_failover_pair_id") == 0);
> +}
> +
>  static void vfio_realize(PCIDevice *pdev, Error **errp)
>  {
>  VFIOPCIDevice *vdev = PCI_VFIO(pdev);
> @@ -2710,6 +2719,20 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
>  int groupid;
>  int i, ret;
>  bool is_mdev;
> +uint16_t class_id;
> +
> +if (qemu_opt_foreach(pdev->qdev.opts, has_net_failover_arg,
> + (void *) pdev->qdev.opts, &err) == 0) {

Why do we need a qemu_opt_foreach here versus testing
vdev->net_failover_pair_id as you do below or similar to how we test
sysfsdev immediately below this chunk?

> +error_setg(&vdev->migration_blocker,
> +"VFIO device doesn't support migration");
> +ret = migrate_add_blocker(vdev->migration_blocker, &err);

Where's the migrate_del_blocker()/error_free() for any other realize
error or device removal?

> +if (err) {
> +error_propagate(errp, err);
> +error_free(vdev->migration_blocker);
> +}

As Connie noted, unclear if this aborts or continues without a
migration blocker, which would be bad.

> +} else {
> +pdev->qdev.allow_unplug_during_migration = true;
> +}
>  
>  if (!vdev->vbasedev.sysfsdev) {
>  if (!(~vdev->host.domain || ~vdev->host.bus ||
> @@ -2812,6 +2835,14 @@ static void vfio_realize(PCIDevice *pdev, Error **errp)
>  goto error;
>  }
>  
> +if (vdev->net_failover_pair_id != NULL) {
> +class_id = pci_get_word(pdev->config + PCI_CLASS_DEVICE);
> +if (class_id != PCI_CLASS_NETWORK_ETHERNET) {
> +error_setg(errp, "failover device is not an Ethernet device");
> +goto error;
> +}
> +}

Not clear to me why we do this separate from setting up the migration
blocker or why we use a different mechanism to test for the property.

> +
>  /* vfio emulates a lot for us, but some bits need extra love */
>  vdev->emulated_config_bits = g_malloc0(vdev->config_size);
>  
> @@ -3110,6 +3141,8 @@ static Property vfio_pci_dev_properties[] = {
>  display, ON_OFF_AUTO_OFF),
>  DEFINE_PROP_UINT32("xres", VFIOPCIDevice, display_xres, 0),
>  DEFINE_PROP_UINT32("yres", VFIOPCIDevice, display_yres, 0),
> +DEFINE_PROP_STRING("net_failover_pair_id", VFIOPCIDevice,
> +net_failover_pair_id),

Should this and the Ethernet class test be done in PCIDevice?  The
migration aspect is the only thing unique to vfio since we don't
otherwise support it, right?  For instance, I should be able to
setup an emulated NIC with this failover pair id too, right?  Thanks,

Alex

>  DEFINE_PROP_UINT32("x-intx-mmap-timeout-ms", VFIOPCIDevice,
> intx.mmap_timeout, 1100),
>  DEFINE_PROP_BIT("x-vga", VFIOPCIDevice, features,
> @@ -3152,7 +3185,7 @@ static Property vfio_pci_dev_properties[] = {
>  
>  static const VMStateDescription vfio_pci_vmstate = {
>  .name = "vfio-pci",
> -.unmigratable = 1,
> +.unmigratable = 0,
>  };
>  
>  static void vfio_pci_dev_class_init(ObjectClass *klass, void *data)
> diff --git a/hw/vfio/pci.h b/hw/vfio/pci.h
> index 834a90d646..da4417071a 100644
> --- a/hw/vfio/pci.h
> +++ b/hw/vfio/pci.h
> @@ -134,6 +134,7 @@ typedef struct VFIOPCIDevice {
>  PCIHostDeviceAddress host;
>  EventNotifier err_notifier;
>  EventNotifier req_notifier;
> +char *net_failover_pair_id;
>  int (*resetfn)(struct VFIOPCIDevice *);
>  uint32_t vendor_id;
>  uint32_t device_id;
> @@ -168,6 +169,7 @@ typedef struct VFIOPCIDevice {
>  bool no_vfio_ioeventfd;
>  bool enable_ramfb;
> 

Re: [PATCH v3 02/10] pci: mark devices partially unplugged

[Alex Williamson]

On Fri, 11 Oct 2019 13:20:07 +0200
Jens Freimann  wrote:

> Only the guest unplug request was triggered. This is needed for
> the failover feature. In case of a failed migration we need to
> plug the device back to the guest.
> 
> Signed-off-by: Jens Freimann 
> ---
>  hw/pci/pci.c | 2 ++
>  hw/pci/pcie.c| 3 +++
>  include/hw/pci/pci.h | 1 +
>  3 files changed, 6 insertions(+)
> 
> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> index aa05c2b9b2..c140b37765 100644
> --- a/hw/pci/pci.c
> +++ b/hw/pci/pci.c
> @@ -2078,6 +2078,8 @@ static void pci_qdev_realize(DeviceState *qdev, Error 
> **errp)
>  Error *local_err = NULL;
>  bool is_default_rom;
>  
> +pci_dev->partially_hotplugged = false;

This is redundant though since the object is zero initialized on
allocation, right?  Thanks,

Alex

> +
>  /* initialize cap_present for pci_is_express() and pci_config_size(),
>   * Note that hybrid PCIs are not set automatically and need to manage
>   * QEMU_PCI_CAP_EXPRESS manually */
> diff --git a/hw/pci/pcie.c b/hw/pci/pcie.c
> index a6beb567bd..19363ff8ce 100644
> --- a/hw/pci/pcie.c
> +++ b/hw/pci/pcie.c
> @@ -456,6 +456,9 @@ static void pcie_unplug_device(PCIBus *bus, PCIDevice 
> *dev, void *opaque)
>  {
>  HotplugHandler *hotplug_ctrl = qdev_get_hotplug_handler(DEVICE(dev));
>  
> +if (dev->partially_hotplugged) {
> +return;
> +}
>  hotplug_handler_unplug(hotplug_ctrl, DEVICE(dev), &error_abort);
>  object_unparent(OBJECT(dev));
>  }
> diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
> index f3f0ffd5fb..f3a39c9bbd 100644
> --- a/include/hw/pci/pci.h
> +++ b/include/hw/pci/pci.h
> @@ -265,6 +265,7 @@ typedef struct PCIReqIDCache PCIReqIDCache;
>  
>  struct PCIDevice {
>  DeviceState qdev;
> +bool partially_hotplugged;
>  
>  /* PCI config space */
>  uint8_t *config;

Re: [PATCH 2/2] core: replace getpagesize() with qemu_real_host_page_size

[Wei Yang]

On Sun, Oct 13, 2019 at 08:28:41PM +1100, David Gibson wrote:
>On Sun, Oct 13, 2019 at 10:11:45AM +0800, Wei Yang wrote:
>> There are three page size in qemu:
>> 
>>   real host page size
>>   host page size
>>   target page size
>> 
>> All of them have dedicate variable to represent. For the last two, we
>> use the same form in the whole qemu project, while for the first one we
>> use two forms: qemu_real_host_page_size and getpagesize().
>> 
>> qemu_real_host_page_size is defined to be a replacement of
>> getpagesize(), so let it serve the role.
>> 
>> [Note] Not fully tested for some arch or device.
>> 
>> Signed-off-by: Wei Yang 
>
>Reviewed-by: David Gibson 
>
>Although the chances of someone messing this up again are almost 100%.
>

Hi, David

I found put a check in checkpatch.pl may be a good way to prevent it.

Just draft a patch, hope you would like it.

>-- 
>David Gibson   | I'll have my music baroque, and my code
>david AT gibson.dropbear.id.au | minimalist, thank you.  NOT _the_ _other_
>   | _way_ _around_!
>http://www.ozlabs.org/~dgibson



-- 
Wei Yang
Help you, Help me

[PATCH] checkpatch: sugguest to use qemu_real_host_page_size instead of getpagesize() or sysconf(_SC_PAGESIZE)

[Wei Yang]

Signed-off-by: Wei Yang 
CC: David Gibson 
---
 scripts/checkpatch.pl | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index aa9a354a0e..4b360ed310 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -2915,6 +2915,12 @@ sub process {
if ($line =~ /\bbzero\(/) {
ERROR("use memset() instead of bzero()\n" . $herecurr);
}
+   if ($line =~ /getpagesize\(\)/) {
+   ERROR("use qemu_real_host_page_size instead of 
getpagesize()\n" . $herecurr);
+   }
+   if ($line =~ /sysconf\(_SC_PAGESIZE\)/) {
+   ERROR("use qemu_real_host_page_size instead of 
sysconf(_SC_PAGESIZE)\n" . $herecurr);
+   }
my $non_exit_glib_asserts = qr{g_assert_cmpstr|
g_assert_cmpint|
g_assert_cmpuint|
-- 
2.17.1

Re: [PATCH 2/2] core: replace getpagesize() with qemu_real_host_page_size

[Wei Yang]

On Tue, Oct 15, 2019 at 02:45:15PM +0300, Yuval Shaia wrote:
>On Sun, Oct 13, 2019 at 10:11:45AM +0800, Wei Yang wrote:
>> There are three page size in qemu:
>> 
>>   real host page size
>>   host page size
>>   target page size
>> 
>> All of them have dedicate variable to represent. For the last two, we
>> use the same form in the whole qemu project, while for the first one we
>> use two forms: qemu_real_host_page_size and getpagesize().
>> 
>> qemu_real_host_page_size is defined to be a replacement of
>> getpagesize(), so let it serve the role.
>> 
>> [Note] Not fully tested for some arch or device.
>> 
>> Signed-off-by: Wei Yang 
>> ---
>>  accel/kvm/kvm-all.c|  6 +++---
>>  backends/hostmem.c |  2 +-
>>  block.c|  4 ++--
>>  block/file-posix.c |  9 +
>>  block/io.c |  2 +-
>>  block/parallels.c  |  2 +-
>>  block/qcow2-cache.c|  2 +-
>>  contrib/vhost-user-gpu/vugbm.c |  2 +-
>>  exec.c |  6 +++---
>>  hw/intc/s390_flic_kvm.c|  2 +-
>>  hw/ppc/mac_newworld.c  |  2 +-
>>  hw/ppc/spapr_pci.c |  2 +-
>>  hw/rdma/vmw/pvrdma_main.c  |  2 +-
>
>for pvrdma stuff:
>
>Reviewed-by: Yuval Shaia 
>Tested-by: Yuval Shaia 

Thanks

>
>>  hw/vfio/spapr.c|  7 ---
>>  include/exec/ram_addr.h|  2 +-
>>  include/qemu/osdep.h   |  4 ++--
>>  migration/migration.c  |  2 +-
>>  migration/postcopy-ram.c   |  4 ++--
>>  monitor/misc.c |  2 +-
>>  target/ppc/kvm.c   |  2 +-
>>  tests/vhost-user-bridge.c  |  8 
>>  util/mmap-alloc.c  | 10 +-
>>  util/oslib-posix.c |  4 ++--
>>  util/oslib-win32.c |  2 +-
>>  util/vfio-helpers.c| 12 ++--
>>  25 files changed, 52 insertions(+), 50 deletions(-)
>> 
>> diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
>> index d2d96d73e8..140b0bd8f6 100644
>> --- a/accel/kvm/kvm-all.c
>> +++ b/accel/kvm/kvm-all.c
>> @@ -52,7 +52,7 @@
>>  /* KVM uses PAGE_SIZE in its definition of KVM_COALESCED_MMIO_MAX. We
>>   * need to use the real host PAGE_SIZE, as that's what KVM will use.
>>   */
>> -#define PAGE_SIZE getpagesize()
>> +#define PAGE_SIZE qemu_real_host_page_size
>>  
>>  //#define DEBUG_KVM
>>  
>> @@ -507,7 +507,7 @@ static int 
>> kvm_get_dirty_pages_log_range(MemoryRegionSection *section,
>>  {
>>  ram_addr_t start = section->offset_within_region +
>> memory_region_get_ram_addr(section->mr);
>> -ram_addr_t pages = int128_get64(section->size) / getpagesize();
>> +ram_addr_t pages = int128_get64(section->size) / 
>> qemu_real_host_page_size;
>>  
>>  cpu_physical_memory_set_dirty_lebitmap(bitmap, start, pages);
>>  return 0;
>> @@ -1841,7 +1841,7 @@ static int kvm_init(MachineState *ms)
>>   * even with KVM.  TARGET_PAGE_SIZE is assumed to be the minimum
>>   * page size for the system though.
>>   */
>> -assert(TARGET_PAGE_SIZE <= getpagesize());
>> +assert(TARGET_PAGE_SIZE <= qemu_real_host_page_size);
>>  
>>  s->sigmask_len = 8;
>>  
>> diff --git a/backends/hostmem.c b/backends/hostmem.c
>> index 6d333dc23c..e773bdfa6e 100644
>> --- a/backends/hostmem.c
>> +++ b/backends/hostmem.c
>> @@ -304,7 +304,7 @@ size_t host_memory_backend_pagesize(HostMemoryBackend 
>> *memdev)
>>  #else
>>  size_t host_memory_backend_pagesize(HostMemoryBackend *memdev)
>>  {
>> -return getpagesize();
>> +return qemu_real_host_page_size;
>>  }
>>  #endif
>>  
>> diff --git a/block.c b/block.c
>> index 5944124845..98f47e2902 100644
>> --- a/block.c
>> +++ b/block.c
>> @@ -106,7 +106,7 @@ size_t bdrv_opt_mem_align(BlockDriverState *bs)
>>  {
>>  if (!bs || !bs->drv) {
>>  /* page size or 4k (hdd sector size) should be on the safe side */
>> -return MAX(4096, getpagesize());
>> +return MAX(4096, qemu_real_host_page_size);
>>  }
>>  
>>  return bs->bl.opt_mem_alignment;
>> @@ -116,7 +116,7 @@ size_t bdrv_min_mem_align(BlockDriverState *bs)
>>  {
>>  if (!bs || !bs->drv) {
>>  /* page size or 4k (hdd sector size) should be on the safe side */
>> -return MAX(4096, getpagesize());
>> +return MAX(4096, qemu_real_host_page_size);
>>  }
>>  
>>  return bs->bl.min_mem_alignment;
>> diff --git a/block/file-posix.c b/block/file-posix.c
>> index f12c06de2d..f60ac3f93f 100644
>> --- a/block/file-posix.c
>> +++ b/block/file-posix.c
>> @@ -322,7 +322,7 @@ static void raw_probe_alignment(BlockDriverState *bs, 
>> int fd, Error **errp)
>>  {
>>  BDRVRawState *s = bs->opaque;
>>  char *buf;
>> -size_t max_align = MAX(MAX_BLOCKSIZE, getpagesize());
>> +size_t max_align = MAX(MAX_BLOCKSIZE, qemu_real_host_page_size);
>>  size_t alignments[] = {1, 512, 1024, 2048, 4096};
>>  
>>  /* For SCSI generic devices the alignment is not really used.
>> @@ -

Re: [PATCH v2 00/21] iotests: Allow ./check -o data_file

[no-reply]

Patchew URL: https://patchew.org/QEMU/20191015142729.18123-1-mre...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH v2 00/21] iotests: Allow ./check -o data_file
Type: series
Message-id: 20191015142729.18123-1-mre...@redhat.com

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
7e75916 iotests: Allow check -o data_file
a21918d iotests: Disable data_file where it cannot be used
1eb7209 iotests: Make 198 work with data_file
02453ff iotests: Make 137 work with data_file
cdb651c iotests: Make 110 work with data_file
1b30e90 iotests: Make 091 work with data_file
26ebffa iotests: Avoid cp/mv of test images
5d6ba79 iotests: Use _rm_test_img for deleting test images
4c20fa0 iotests: Avoid qemu-img create
944555b iotests: Drop IMGOPTS use in 267
9037b83 iotests: Replace IMGOPTS='' by --no-opts
e62282b iotests: Replace IMGOPTS= by -o
26d39b5 iotests: Inject space into -ocompat=0.10 in 051
99d129e iotests: Add -o and --no-opts to _make_test_img
301f2c3 iotests: Let _make_test_img parse its parameters
53a8dea iotests: Drop compat=1.1 in 050
85b18f8 iotests: Replace IMGOPTS by _unsupported_imgopts
476fb23 iotests: Filter refcount_order in 036
67b9119 iotests: Add _filter_json_filename
fbf9402 iotests/qcow2.py: Split feature fields into bits
afe3486 iotests/qcow2.py: Add dump-header-exts

=== OUTPUT BEGIN ===
1/21 Checking commit afe348661672 (iotests/qcow2.py: Add dump-header-exts)
ERROR: line over 90 characters
#32: FILE: tests/qemu-iotests/qcow2.py:237:
+[ 'dump-header-exts', cmd_dump_header_exts, 0, 'Dump image header 
extensions' ],

total: 1 errors, 0 warnings, 17 lines checked

Patch 1/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

2/21 Checking commit fbf940255d05 (iotests/qcow2.py: Split feature fields into 
bits)
3/21 Checking commit 67b9119032ad (iotests: Add _filter_json_filename)
4/21 Checking commit 476fb233c777 (iotests: Filter refcount_order in 036)
5/21 Checking commit 85b18f83a826 (iotests: Replace IMGOPTS by 
_unsupported_imgopts)
6/21 Checking commit 53a8dea8fb7b (iotests: Drop compat=1.1 in 050)
7/21 Checking commit 301f2c32204c (iotests: Let _make_test_img parse its 
parameters)
8/21 Checking commit 99d129e91dbe (iotests: Add -o and --no-opts to 
_make_test_img)
9/21 Checking commit 26d39b59dfe1 (iotests: Inject space into -ocompat=0.10 in 
051)
10/21 Checking commit e62282b2ad38 (iotests: Replace IMGOPTS= by -o)
11/21 Checking commit 9037b83425c4 (iotests: Replace IMGOPTS='' by --no-opts)
12/21 Checking commit 944555b5c283 (iotests: Drop IMGOPTS use in 267)
13/21 Checking commit 4c20fa09b6c5 (iotests: Avoid qemu-img create)
14/21 Checking commit 5d6ba791204b (iotests: Use _rm_test_img for deleting test 
images)
15/21 Checking commit 26ebffafbd87 (iotests: Avoid cp/mv of test images)
16/21 Checking commit 1b30e9035908 (iotests: Make 091 work with data_file)
17/21 Checking commit cdb651c3c22b (iotests: Make 110 work with data_file)
18/21 Checking commit 02453ff71311 (iotests: Make 137 work with data_file)
19/21 Checking commit 1eb720910a65 (iotests: Make 198 work with data_file)
20/21 Checking commit a21918dcdf92 (iotests: Disable data_file where it cannot 
be used)
21/21 Checking commit 7e7591696382 (iotests: Allow check -o data_file)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20191015142729.18123-1-mre...@redhat.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v19 0/5] Add ARMv8 RAS virtualization support in QEMU

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20191015140140.34748-1-zhengxia...@huawei.com/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  qapi/qapi-events-trace.o
  CC  qapi/qapi-events-transaction.o

Warning, treated as error:
/tmp/qemu-test/src/docs/specs/acpi_hest_ghes.rst:93:Enumerated list ends 
without a blank line; unexpected unindent.
  CC  qobject/qnum.o
  CC  qobject/qnull.o
---
  CC  qobject/json-streamer.o
  CC  qobject/block-qdict.o
  CC  trace/simple.o
make: *** [Makefile:997: docs/specs/index.html] Error 2
make: *** Waiting for unfinished jobs
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 662, in 
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=f0520ffa9bd340e7adf975af01016b6f', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-_90naruk/src/docker-src.2019-10-15-19.26.07.24429:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=f0520ffa9bd340e7adf975af01016b6f
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-_90naruk/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real1m47.931s
user0m8.235s


The full log is available at
http://patchew.org/logs/20191015140140.34748-1-zhengxia...@huawei.com/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v5 00/22] target/arm: Implement ARMv8.5-MemTag, system mode

[Richard Henderson]

On 10/15/19 1:39 PM, Evgenii Stepanov wrote:
> Hi,
> 
> please find attached three random fixes for instruction translation
> and one for syscall emulation.

Thanks for the patches.

> @@ -2763,7 +2763,8 @@ static void disas_ldst_pair
>  return;
>  }
>  
> -offset <<= size;
> +// STGP offset is 16-scaled.
> +offset <<= (size + set_tag);

Right.  I'll fix this with

offset <<= (set_tag ? LOG2_TAG_GRANULE : size);

which I think is a bit clearer.

> @@ -3611,7 +3611,7 @@ static void disas_ldst_tag
>  int rt = extract32(insn, 0, 5);
>  int rn = extract32(insn, 5, 5);
>  uint64_t offset = sextract64(insn, 12, 9) << LOG2_TAG_GRANULE;
> -int op2 = extract32(insn, 10, 3);
> +int op2 = extract32(insn, 10, 2);

Yep.

> @@ -3679,7 +3679,7 @@ static void disas_ldst_tag(DisasContext *s, uint32_t 
> insn)
>  }
>  
>  dirty_addr = read_cpu_reg_sp(s, rn, true);
> -if (index <= 0) {
> +if (index >= 0) {
>  /* pre-index or signed offset */
>  tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
>  }
> @@ -3726,7 +3726,7 @@ static void disas_ldst_tag(DisasContext *s, uint32_t 
> insn)
>  
>  if (index != 0) {
>  /* pre-index or post-index */
> -if (index > 0) {
> +if (index < 0) {
>  /* post-index */
>  tcg_gen_addi_i64(dirty_addr, dirty_addr, offset);
>  }

Yep.

Ideally there'd be a kernel patch for MTE that works well enough to run RISU on
the fast model, and I'd be able to compare results.  I suppose in the meantime
more unit testing will have to do.

> +++ b/linux-user/qemu.h
> @@ -456,8 +456,16 @@ extern unsigned long guest_stack_size;
>  #define VERIFY_READ 0
>  #define VERIFY_WRITE 1 /* implies read access */
>  
> +static inline abi_ulong untagged_addr(abi_ulong addr) {
> +#if TARGET_ABI_BITS == 64
> +addr &= (((abi_ulong)-1) >> 8);
> +#endif
> +return addr;
> +}

At minimum this needs TARGET_AARCH64, because this kernel feature doesn't apply
to other targets.  But I'll see if I can do this such that it doesn't put
target-specific stuff in linux-user/qemu.h.


r~

[PULL 16/18] i386: Fix legacy guest with xsave panic on host kvm without update cpuid.

[Eduardo Habkost]

From: Bingsong Si 

without kvm commit 412a3c41, CPUID(EAX=0xd,ECX=0).EBX always equal to 0 even
through guest update xcr0, this will crash legacy guest(e.g., CentOS 6).
Below is the call trace on the guest.

[0.00] kernel BUG at mm/bootmem.c:469!
[0.00] invalid opcode:  [#1] SMP
[0.00] last sysfs file:
[0.00] CPU 0
[0.00] Modules linked in:
[0.00]
[0.00] Pid: 0, comm: swapper Tainted: G   --- H  
2.6.32-279#2 Red Hat KVM
[0.00] RIP: 0010:[]  [] 
alloc_bootmem_core+0x7b/0x29e
[0.00] RSP: 0018:81a01cd8  EFLAGS: 00010046
[0.00] RAX: 81cb1748 RBX: 81cb1720 RCX: 0100
[0.00] RDX: 0040 RSI:  RDI: 81cb1720
[0.00] RBP: 81a01d38 R08:  R09: 1000
[0.00] R10: 02008921da802087 R11: 8800 R12: 
[0.00] R13:  R14:  R15: 0100
[0.00] FS:  () GS:88000220() 
knlGS:
[0.00] CS:  0010 DS: 0018 ES: 0018 CR0: 80050033
[0.00] CR2:  CR3: 01a85000 CR4: 001406b0
[0.00] DR0:  DR1:  DR2: 
[0.00] DR3:  DR6: 0ff0 DR7: 0400
[0.00] Process swapper (pid: 0, threadinfo 81a0, task 
81a8d020)
[0.00] Stack:
[0.00]  0002 81a01dd881eaf060 7e5fe227 
1001
[0.00]  0040 0001 006c 
0100
[0.00]  81cb1720   

[0.00] Call Trace:
[0.00]  [] ___alloc_bootmem_nopanic+0x8d/0xca
[0.00]  [] ___alloc_bootmem+0x11/0x39
[0.00]  [] __alloc_bootmem+0xb/0xd
[0.00]  [] xsave_cntxt_init+0x249/0x2c0
[0.00]  [] init_thread_xstate+0x17/0x25
[0.00]  [] fpu_init+0x79/0xaa
[0.00]  [] cpu_init+0x301/0x344
[0.00]  [] ? sort+0x155/0x230
[0.00]  [] trap_init+0x24e/0x25f
[0.00]  [] start_kernel+0x21c/0x430
[0.00]  [] x86_64_start_reservations+0x125/0x129
[0.00]  [] x86_64_start_kernel+0xfa/0x109
[0.00] Code: 03 48 89 f1 49 c1 e8 0c 48 0f af d0 48 c7 c6 00 a6 61 81 
48 c7 c7 00 e5 79 81 31 c0 4c 89 74 24 08 e8 f2 d7 89 ff 4d 85 e4 75 04 <0f> 0b 
eb fe 48 8b 45 c0 48 83 e8 01 48 85 45
c0 74 04 0f 0b eb

Signed-off-by: Bingsong Si 
Message-Id: <20190822042901.16858-1-owen...@ucloud.cn>
Signed-off-by: Eduardo Habkost 
---
 target/i386/cpu.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index daece62c19..b821132b6a 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4693,7 +4693,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, 
uint32_t count,
 *ecx = xsave_area_size(x86_cpu_xsave_components(cpu));
 *eax = env->features[FEAT_XSAVE_COMP_LO];
 *edx = env->features[FEAT_XSAVE_COMP_HI];
-*ebx = xsave_area_size(env->xcr0);
+/*
+ * The initial value of xcr0 and ebx == 0, On host without kvm
+ * commit 412a3c41(e.g., CentOS 6), the ebx's value always == 0
+ * even through guest update xcr0, this will crash some legacy 
guest
+ * (e.g., CentOS 6), So set ebx == ecx to workaroud it.
+ */
+*ebx = kvm_enabled() ? *ecx : xsave_area_size(env->xcr0);
 } else if (count == 1) {
 *eax = env->features[FEAT_XSAVE];
 } else if (count < ARRAY_SIZE(x86_ext_save_areas)) {
-- 
2.21.0

[PULL 17/18] i386: Omit all-zeroes entries from KVM CPUID table

[Eduardo Habkost]

KVM has a 80-entry limit at KVM_SET_CPUID2.  With the
introduction of CPUID[0x1F], it is now possible to hit this limit
with unusual CPU configurations, e.g.:

  $ ./x86_64-softmmu/qemu-system-x86_64 \
-smp 1,dies=2,maxcpus=2 \
-cpu EPYC,check=off,enforce=off \
-machine accel=kvm
  qemu-system-x86_64: kvm_init_vcpu failed: Argument list too long

This happens because QEMU adds a lot of all-zeroes CPUID entries
for unused CPUID leaves.  In the example above, we end up
creating 48 all-zeroes CPUID entries.

KVM already returns all-zeroes when emulating the CPUID
instruction if an entry is missing, so the all-zeroes entries are
redundant.  Skip those entries.  This reduces the CPUID table
size by half while keeping CPUID output unchanged.

Reported-by: Yumei Huang 
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1741508
Signed-off-by: Eduardo Habkost 
Message-Id: <2019085210.32541-1-ehabk...@redhat.com>
Acked-by: Paolo Bonzini 
Signed-off-by: Eduardo Habkost 
---
 target/i386/kvm.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 11b9c854b5..8c73438c67 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1567,6 +1567,13 @@ int kvm_arch_init_vcpu(CPUState *cs)
 c->function = i;
 c->flags = 0;
 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
+if (!c->eax && !c->ebx && !c->ecx && !c->edx) {
+/*
+ * KVM already returns all zeroes if a CPUID entry is missing,
+ * so we can omit it and avoid hitting KVM's 80-entry limit.
+ */
+cpuid_i--;
+}
 break;
 }
 }
@@ -1631,6 +1638,13 @@ int kvm_arch_init_vcpu(CPUState *cs)
 c->function = i;
 c->flags = 0;
 cpu_x86_cpuid(env, i, 0, &c->eax, &c->ebx, &c->ecx, &c->edx);
+if (!c->eax && !c->ebx && !c->ecx && !c->edx) {
+/*
+ * KVM already returns all zeroes if a CPUID entry is missing,
+ * so we can omit it and avoid hitting KVM's 80-entry limit.
+ */
+cpuid_i--;
+}
 break;
 }
 }
-- 
2.21.0

[PULL 11/18] hw/misc/vmcoreinfo: Add comment about reset handler

[Eduardo Habkost]

From: Philippe Mathieu-Daudé 

The VM coreinfo device does not sit on a bus, so it won't be
reset automatically. This is why it calls qemu_register_reset().

Add a comment about it, so we don't convert its reset handler
to a DeviceReset method.

Reviewed-by: Marc-André Lureau 
Reviewed-by: Li Qiang 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20191010131527.32513-9-phi...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/misc/vmcoreinfo.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/misc/vmcoreinfo.c b/hw/misc/vmcoreinfo.c
index 326a3ce8f4..a9d718fc23 100644
--- a/hw/misc/vmcoreinfo.c
+++ b/hw/misc/vmcoreinfo.c
@@ -61,6 +61,10 @@ static void vmcoreinfo_realize(DeviceState *dev, Error 
**errp)
  NULL, fw_cfg_vmci_write, s,
  &s->vmcoreinfo, sizeof(s->vmcoreinfo), false);
 
+/*
+ * This device requires to register a global reset because it is
+ * not plugged to a bus (which, as its QOM parent, would reset it).
+ */
 qemu_register_reset(vmcoreinfo_reset, dev);
 vmcoreinfo_state = s;
 }
-- 
2.21.0

[PULL 15/18] target/i386: drop the duplicated definition of cpuid AVX512_VBMI macro

[Eduardo Habkost]

From: Tao Xu 

Drop the duplicated definition of cpuid AVX512_VBMI macro and rename
it as CPUID_7_0_ECX_AVX512_VBMI. Rename CPUID_7_0_ECX_VBMI2 as
CPUID_7_0_ECX_AVX512_VBMI2.

Acked-by: Stefano Garzarella 
Signed-off-by: Tao Xu 
Message-Id: <20190926021055.6970-3-tao3...@intel.com>
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Eduardo Habkost 
---
 target/i386/cpu.h   | 5 ++---
 target/i386/cpu.c   | 8 
 target/i386/hvf/x86_cpuid.c | 2 +-
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 93aad4655f..cedb5bc205 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -723,8 +723,7 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_7_0_EBX_AVX512VL  (1U << 31)
 
 /* AVX-512 Vector Byte Manipulation Instruction */
-#define CPUID_7_0_ECX_AVX512BMI (1U << 1)
-#define CPUID_7_0_ECX_VBMI  (1U << 1)
+#define CPUID_7_0_ECX_AVX512_VBMI   (1U << 1)
 /* User-Mode Instruction Prevention */
 #define CPUID_7_0_ECX_UMIP  (1U << 2)
 /* Protection Keys for User-mode Pages */
@@ -732,7 +731,7 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
 /* OS Enable Protection Keys */
 #define CPUID_7_0_ECX_OSPKE (1U << 4)
 /* Additional AVX-512 Vector Byte Manipulation Instruction */
-#define CPUID_7_0_ECX_VBMI2 (1U << 6)
+#define CPUID_7_0_ECX_AVX512_VBMI2  (1U << 6)
 /* Galois Field New Instructions */
 #define CPUID_7_0_ECX_GFNI  (1U << 8)
 /* Vector AES Instructions */
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 44f1bbdcac..daece62c19 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2645,8 +2645,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_RDSEED | CPUID_7_0_EBX_ADX |
 CPUID_7_0_EBX_SMAP,
 .features[FEAT_7_0_ECX] =
-CPUID_7_0_ECX_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
-CPUID_7_0_ECX_VBMI2 | CPUID_7_0_ECX_GFNI |
+CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU 
|
+CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
 CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
 CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
 CPUID_7_0_ECX_AVX512_VPOPCNTDQ,
@@ -2703,8 +2703,8 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_7_0_EBX_AVX512BW | CPUID_7_0_EBX_AVX512CD |
 CPUID_7_0_EBX_AVX512VL | CPUID_7_0_EBX_CLFLUSHOPT,
 .features[FEAT_7_0_ECX] =
-CPUID_7_0_ECX_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU |
-CPUID_7_0_ECX_VBMI2 | CPUID_7_0_ECX_GFNI |
+CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_UMIP | CPUID_7_0_ECX_PKU 
|
+CPUID_7_0_ECX_AVX512_VBMI2 | CPUID_7_0_ECX_GFNI |
 CPUID_7_0_ECX_VAES | CPUID_7_0_ECX_VPCLMULQDQ |
 CPUID_7_0_ECX_AVX512VNNI | CPUID_7_0_ECX_AVX512BITALG |
 CPUID_7_0_ECX_AVX512_VPOPCNTDQ | CPUID_7_0_ECX_LA57,
diff --git a/target/i386/hvf/x86_cpuid.c b/target/i386/hvf/x86_cpuid.c
index 4d957fe896..16762b6eb4 100644
--- a/target/i386/hvf/x86_cpuid.c
+++ b/target/i386/hvf/x86_cpuid.c
@@ -89,7 +89,7 @@ uint32_t hvf_get_supported_cpuid(uint32_t func, uint32_t idx,
 ebx &= ~CPUID_7_0_EBX_INVPCID;
 }
 
-ecx &= CPUID_7_0_ECX_AVX512BMI | CPUID_7_0_ECX_AVX512_VPOPCNTDQ;
+ecx &= CPUID_7_0_ECX_AVX512_VBMI | CPUID_7_0_ECX_AVX512_VPOPCNTDQ;
 edx &= CPUID_7_0_EDX_AVX512_4VNNIW | CPUID_7_0_EDX_AVX512_4FMAPS;
 } else {
 ebx = 0;
-- 
2.21.0

[PULL 09/18] hw/isa/vt82c686: Convert reset handler to DeviceReset

[Eduardo Habkost]

From: Philippe Mathieu-Daudé 

The VIA VT82C686 Southbridge is a PCI device, it will be reset
when the PCI bus it stands on is reset.

Convert its reset handler into a proper Device reset method.

Reviewed-by: Li Qiang 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20191010131527.32513-7-phi...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/isa/vt82c686.c | 11 ---
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index 50bd28fa82..616f67f347 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -23,7 +23,6 @@
 #include "hw/isa/apm.h"
 #include "hw/acpi/acpi.h"
 #include "hw/i2c/pm_smbus.h"
-#include "sysemu/reset.h"
 #include "qemu/module.h"
 #include "qemu/timer.h"
 #include "exec/address-spaces.h"
@@ -116,11 +115,10 @@ static const MemoryRegionOps superio_ops = {
 },
 };
 
-static void vt82c686b_reset(void * opaque)
+static void vt82c686b_isa_reset(DeviceState *dev)
 {
-PCIDevice *d = opaque;
-uint8_t *pci_conf = d->config;
-VT82C686BState *vt82c = VT82C686B_DEVICE(d);
+VT82C686BState *vt82c = VT82C686B_DEVICE(dev);
+uint8_t *pci_conf = vt82c->dev.config;
 
 pci_set_long(pci_conf + PCI_CAPABILITY_LIST, 0x00c0);
 pci_set_word(pci_conf + PCI_COMMAND, PCI_COMMAND_IO | PCI_COMMAND_MEMORY |
@@ -476,8 +474,6 @@ static void vt82c686b_realize(PCIDevice *d, Error **errp)
  * But we do not emulate a floppy, so just set it here. */
 memory_region_add_subregion(isa_bus->address_space_io, 0x3f0,
 &vt82c->superio);
-
-qemu_register_reset(vt82c686b_reset, d);
 }
 
 ISABus *vt82c686b_isa_init(PCIBus *bus, int devfn)
@@ -501,6 +497,7 @@ static void via_class_init(ObjectClass *klass, void *data)
 k->device_id = PCI_DEVICE_ID_VIA_ISA_BRIDGE;
 k->class_id = PCI_CLASS_BRIDGE_ISA;
 k->revision = 0x40;
+dc->reset = vt82c686b_isa_reset;
 dc->desc = "ISA bridge";
 dc->vmsd = &vmstate_via;
 /*
-- 
2.21.0

[PULL 12/18] memory-device: not necessary to use goto for the last check

[Eduardo Habkost]

From: Wei Yang 

We are already at the last condition check.

Signed-off-by: Wei Yang 
Reviewed-by: Igor Mammedov 
Reviewed-by: David Hildenbrand 
Message-Id: <20190730003740.20694-2-richardw.y...@linux.intel.com>
Signed-off-by: Eduardo Habkost 
---
 hw/mem/memory-device.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
index 53953fdc3a..5029890e06 100644
--- a/hw/mem/memory-device.c
+++ b/hw/mem/memory-device.c
@@ -185,7 +185,6 @@ static uint64_t memory_device_get_free_addr(MachineState 
*ms,
 if (!range_contains_range(&as, &new)) {
 error_setg(errp, "could not find position in guest address space for "
"memory device - memory fragmented due to alignments");
-goto out;
 }
 out:
 g_slist_free(list);
-- 
2.21.0

[PULL 06/18] hw/ide/piix: Convert reset handler to DeviceReset

[Eduardo Habkost]

From: Philippe Mathieu-Daudé 

The PIIX/IDE is a PCI device within a PIIX chipset, it will be reset
when the PCI bus it stands on is reset.

Convert its reset handler into a proper Device reset method.

Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20191010131527.32513-4-phi...@redhat.com>
Reviewed-by: Li Qiang 
Signed-off-by: Eduardo Habkost 
---
 hw/ide/piix.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/hw/ide/piix.c b/hw/ide/piix.c
index fba6bc8bff..db313dd3b1 100644
--- a/hw/ide/piix.c
+++ b/hw/ide/piix.c
@@ -30,7 +30,6 @@
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
 #include "sysemu/dma.h"
-#include "sysemu/reset.h"
 
 #include "hw/ide/pci.h"
 #include "trace.h"
@@ -103,9 +102,9 @@ static void bmdma_setup_bar(PCIIDEState *d)
 }
 }
 
-static void piix3_reset(void *opaque)
+static void piix_ide_reset(DeviceState *dev)
 {
-PCIIDEState *d = opaque;
+PCIIDEState *d = PCI_IDE(dev);
 PCIDevice *pd = PCI_DEVICE(d);
 uint8_t *pci_conf = pd->config;
 int i;
@@ -154,8 +153,6 @@ static void pci_piix_ide_realize(PCIDevice *dev, Error 
**errp)
 
 pci_conf[PCI_CLASS_PROG] = 0x80; // legacy ATA mode
 
-qemu_register_reset(piix3_reset, d);
-
 bmdma_setup_bar(d);
 pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, &d->bmdma_bar);
 
@@ -247,6 +244,7 @@ static void piix3_ide_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 
+dc->reset = piix_ide_reset;
 k->realize = pci_piix_ide_realize;
 k->exit = pci_piix_ide_exitfn;
 k->vendor_id = PCI_VENDOR_ID_INTEL;
@@ -273,6 +271,7 @@ static void piix4_ide_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 
+dc->reset = piix_ide_reset;
 k->realize = pci_piix_ide_realize;
 k->exit = pci_piix_ide_exitfn;
 k->vendor_id = PCI_VENDOR_ID_INTEL;
-- 
2.21.0

[PULL 13/18] memory-device: break the loop if tmp exceed the hinted range

[Eduardo Habkost]

From: Wei Yang 

The memory-device list built by memory_device_build_list is ordered by
its address, this means if the tmp range exceed the hinted range, all
the following range will not overlap with it.

And this won't change default pc-dimm mapping and address assignment stay
the same as before this change.

Signed-off-by: Wei Yang 
Message-Id: <20190730003740.20694-3-richardw.y...@linux.intel.com>
Reviewed-by: David Hildenbrand 
Reviewed-by: Igor Mammedov 
Signed-off-by: Eduardo Habkost 
---
 hw/mem/memory-device.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
index 5029890e06..aef148c1d7 100644
--- a/hw/mem/memory-device.c
+++ b/hw/mem/memory-device.c
@@ -179,6 +179,8 @@ static uint64_t memory_device_get_free_addr(MachineState 
*ms,
 range_make_empty(&new);
 break;
 }
+} else if (range_lob(&tmp) > range_upb(&new)) {
+break;
 }
 }
 
-- 
2.21.0

[PULL 10/18] hw/input/lm832x: Convert reset handler to DeviceReset

[Eduardo Habkost]

From: Philippe Mathieu-Daudé 

The LM8323 key-scan controller is a I2C device, it will be reset
when the I2C bus it stands on is reset.

Convert its reset handler into a proper Device reset method.

Reviewed-by: Li Qiang 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20191010131527.32513-8-phi...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/input/lm832x.c | 12 +---
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/hw/input/lm832x.c b/hw/input/lm832x.c
index a37eb854b9..aa629ddbf1 100644
--- a/hw/input/lm832x.c
+++ b/hw/input/lm832x.c
@@ -24,7 +24,6 @@
 #include "migration/vmstate.h"
 #include "qemu/module.h"
 #include "qemu/timer.h"
-#include "sysemu/reset.h"
 #include "ui/console.h"
 
 #define TYPE_LM8323 "lm8323"
@@ -94,8 +93,10 @@ static void lm_kbd_gpio_update(LM823KbdState *s)
 {
 }
 
-static void lm_kbd_reset(LM823KbdState *s)
+static void lm_kbd_reset(DeviceState *dev)
 {
+LM823KbdState *s = LM8323(dev);
+
 s->config = 0x80;
 s->status = INT_NOINIT;
 s->acttime = 125;
@@ -273,7 +274,7 @@ static void lm_kbd_write(LM823KbdState *s, int reg, int 
byte, uint8_t value)
 
 case LM832x_CMD_RESET:
 if (value == 0xaa)
-lm_kbd_reset(s);
+lm_kbd_reset(DEVICE(s));
 else
 lm_kbd_error(s, ERR_BADPAR);
 s->reg = LM832x_GENERAL_ERROR;
@@ -476,10 +477,6 @@ static void lm8323_realize(DeviceState *dev, Error **errp)
 s->pwm.tm[1] = timer_new_ns(QEMU_CLOCK_VIRTUAL, lm_kbd_pwm1_tick, s);
 s->pwm.tm[2] = timer_new_ns(QEMU_CLOCK_VIRTUAL, lm_kbd_pwm2_tick, s);
 qdev_init_gpio_out(dev, &s->nirq, 1);
-
-lm_kbd_reset(s);
-
-qemu_register_reset((void *) lm_kbd_reset, s);
 }
 
 void lm832x_key_event(DeviceState *dev, int key, int state)
@@ -507,6 +504,7 @@ static void lm8323_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
+dc->reset = lm_kbd_reset;
 dc->realize = lm8323_realize;
 k->event = lm_i2c_event;
 k->recv = lm_i2c_rx;
-- 
2.21.0

[PULL 08/18] hw/ide/via82c: Convert reset handler to DeviceReset

[Eduardo Habkost]

From: Philippe Mathieu-Daudé 

The VIA82C686B IDE controller is a PCI device, it will be reset
when the PCI bus it stands on is reset.

Convert its reset handler into a proper Device reset method.

Reviewed-by: Li Qiang 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20191010131527.32513-6-phi...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/ide/via.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/hw/ide/via.c b/hw/ide/via.c
index 7087dc676e..053622bd82 100644
--- a/hw/ide/via.c
+++ b/hw/ide/via.c
@@ -29,7 +29,6 @@
 #include "migration/vmstate.h"
 #include "qemu/module.h"
 #include "sysemu/dma.h"
-#include "sysemu/reset.h"
 
 #include "hw/ide/pci.h"
 #include "trace.h"
@@ -120,10 +119,10 @@ static void via_ide_set_irq(void *opaque, int n, int 
level)
 }
 }
 
-static void via_ide_reset(void *opaque)
+static void via_ide_reset(DeviceState *dev)
 {
-PCIIDEState *d = opaque;
-PCIDevice *pd = PCI_DEVICE(d);
+PCIIDEState *d = PCI_IDE(dev);
+PCIDevice *pd = PCI_DEVICE(dev);
 uint8_t *pci_conf = pd->config;
 int i;
 
@@ -172,8 +171,6 @@ static void via_ide_realize(PCIDevice *dev, Error **errp)
 pci_set_long(pci_conf + PCI_CAPABILITY_LIST, 0x00c0);
 dev->wmask[PCI_INTERRUPT_LINE] = 0xf;
 
-qemu_register_reset(via_ide_reset, d);
-
 memory_region_init_io(&d->data_bar[0], OBJECT(d), &pci_ide_data_le_ops,
   &d->bus[0], "via-ide0-data", 8);
 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &d->data_bar[0]);
@@ -229,6 +226,7 @@ static void via_ide_class_init(ObjectClass *klass, void 
*data)
 DeviceClass *dc = DEVICE_CLASS(klass);
 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
 
+dc->reset = via_ide_reset;
 k->realize = via_ide_realize;
 k->exit = via_ide_exitfn;
 k->vendor_id = PCI_VENDOR_ID_VIA;
-- 
2.21.0

[PULL 03/18] numa: Introduce MachineClass::auto_enable_numa for implicit NUMA node

[Eduardo Habkost]

From: Tao Xu 

Add MachineClass::auto_enable_numa field. When it is true, a NUMA node
is expected to be created implicitly.

Acked-by: David Gibson 
Suggested-by: Igor Mammedov 
Suggested-by: Eduardo Habkost 
Reviewed-by: Igor Mammedov 
Signed-off-by: Tao Xu 
Message-Id: <20190905083238.1799-1-tao3...@intel.com>
Signed-off-by: Eduardo Habkost 
---
 include/hw/boards.h |  1 +
 hw/core/numa.c  | 10 --
 hw/ppc/spapr.c  |  9 +
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/include/hw/boards.h b/include/hw/boards.h
index be18a5c032..de45087f34 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -228,6 +228,7 @@ struct MachineClass {
 bool smbus_no_migration_support;
 bool nvdimm_supported;
 bool numa_mem_supported;
+bool auto_enable_numa;
 
 HotplugHandler *(*get_hotplug_handler)(MachineState *machine,
DeviceState *dev);
diff --git a/hw/core/numa.c b/hw/core/numa.c
index 4dfec5c95b..038c96d4ab 100644
--- a/hw/core/numa.c
+++ b/hw/core/numa.c
@@ -378,11 +378,17 @@ void numa_complete_configuration(MachineState *ms)
  *   guest tries to use it with that drivers.
  *
  * Enable NUMA implicitly by adding a new NUMA node automatically.
+ *
+ * Or if MachineClass::auto_enable_numa is true and no NUMA nodes,
+ * assume there is just one node with whole RAM.
  */
-if (ms->ram_slots > 0 && ms->numa_state->num_nodes == 0 &&
-mc->auto_enable_numa_with_memhp) {
+if (ms->numa_state->num_nodes == 0 &&
+((ms->ram_slots > 0 &&
+mc->auto_enable_numa_with_memhp) ||
+mc->auto_enable_numa)) {
 NumaNodeOptions node = { };
 parse_numa_node(ms, &node, &error_abort);
+numa_info[0].node_mem = ram_size;
 }
 
 assert(max_numa_nodeid <= MAX_NODES);
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 514a17ae74..4eb97d3a9b 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -346,14 +346,6 @@ static int spapr_populate_memory(SpaprMachineState *spapr, 
void *fdt)
 hwaddr mem_start, node_size;
 int i, nb_nodes = machine->numa_state->num_nodes;
 NodeInfo *nodes = machine->numa_state->nodes;
-NodeInfo ramnode;
-
-/* No NUMA nodes, assume there is just one node with whole RAM */
-if (!nb_nodes) {
-nb_nodes = 1;
-ramnode.node_mem = machine->ram_size;
-nodes = &ramnode;
-}
 
 for (i = 0, mem_start = 0; i < nb_nodes; ++i) {
 if (!nodes[i].node_mem) {
@@ -4430,6 +4422,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
  */
 mc->numa_mem_align_shift = 28;
 mc->numa_mem_supported = true;
+mc->auto_enable_numa = true;
 
 smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
 smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
-- 
2.21.0

[PULL 18/18] target/i386: Add Snowridge-v2 (no MPX) CPU model

[Eduardo Habkost]

From: Xiaoyao Li 

Add new version of Snowridge CPU model that removes MPX feature.

MPX support is being phased out by Intel. GCC has dropped it, Linux kernel
and KVM are also going to do that in the future.

Signed-off-by: Xiaoyao Li 
Message-Id: <20191012024748.127135-1-xiaoyao...@intel.com>
Signed-off-by: Eduardo Habkost 
---
 target/i386/cpu.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index b821132b6a..47200b40c1 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -2793,6 +2793,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
 CPUID_6_EAX_ARAT,
 .xlevel = 0x8008,
 .model_id = "Intel Atom Processor (SnowRidge)",
+.versions = (X86CPUVersionDefinition[]) {
+{ .version = 1 },
+{
+.version = 2,
+.props = (PropValue[]) {
+{ "mpx", "off" },
+{ "model-id", "Intel Atom Processor (Snowridge, no MPX)" },
+{ /* end of list */ },
+},
+},
+{ /* end of list */ },
+},
 },
 {
 .name = "KnightsMill",
-- 
2.21.0

[PULL 05/18] hw/isa/piix4: Convert reset handler to DeviceReset

[Eduardo Habkost]

From: Philippe Mathieu-Daudé 

The PIIX4/ISA is a PCI device within the PIIX4 chipset, it will be reset
when the PCI bus it stands on is reset.

Convert its reset handler into a proper Device reset method.

Reviewed-by: Li Qiang 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20191010131527.32513-3-phi...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/isa/piix4.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 3294056cd5..890d999abf 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -28,7 +28,6 @@
 #include "hw/isa/isa.h"
 #include "hw/sysbus.h"
 #include "migration/vmstate.h"
-#include "sysemu/reset.h"
 
 PCIDevice *piix4_dev;
 
@@ -40,9 +39,9 @@ typedef struct PIIX4State {
 #define PIIX4_PCI_DEVICE(obj) \
 OBJECT_CHECK(PIIX4State, (obj), TYPE_PIIX4_PCI_DEVICE)
 
-static void piix4_reset(void *opaque)
+static void piix4_isa_reset(DeviceState *dev)
 {
-PIIX4State *d = opaque;
+PIIX4State *d = PIIX4_PCI_DEVICE(dev);
 uint8_t *pci_conf = d->dev.config;
 
 pci_conf[0x04] = 0x07; // master, memory and I/O
@@ -97,7 +96,6 @@ static void piix4_realize(PCIDevice *dev, Error **errp)
 return;
 }
 piix4_dev = &d->dev;
-qemu_register_reset(piix4_reset, d);
 }
 
 int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn)
@@ -118,6 +116,7 @@ static void piix4_class_init(ObjectClass *klass, void *data)
 k->vendor_id = PCI_VENDOR_ID_INTEL;
 k->device_id = PCI_DEVICE_ID_INTEL_82371AB_0;
 k->class_id = PCI_CLASS_BRIDGE_ISA;
+dc->reset = piix4_isa_reset;
 dc->desc = "ISA bridge";
 dc->vmsd = &vmstate_piix4;
 /*
-- 
2.21.0

[PULL 07/18] hw/ide/sii3112: Convert reset handler to DeviceReset

[Eduardo Habkost]

From: Philippe Mathieu-Daudé 

The SiI3112A SATA controller is a PCI device, it will be reset
when the PCI bus it stands on is reset.

Convert its reset handler into a proper Device reset method.

Reviewed-by: Li Qiang 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20191010131527.32513-5-phi...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/ide/sii3112.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/ide/sii3112.c b/hw/ide/sii3112.c
index 2181260531..06605d7af2 100644
--- a/hw/ide/sii3112.c
+++ b/hw/ide/sii3112.c
@@ -15,7 +15,6 @@
 #include "qemu/osdep.h"
 #include "hw/ide/pci.h"
 #include "qemu/module.h"
-#include "sysemu/reset.h"
 #include "trace.h"
 
 #define TYPE_SII3112_PCI "sii3112"
@@ -237,9 +236,9 @@ static void sii3112_set_irq(void *opaque, int channel, int 
level)
 sii3112_update_irq(s);
 }
 
-static void sii3112_reset(void *opaque)
+static void sii3112_reset(DeviceState *dev)
 {
-SiI3112PCIState *s = opaque;
+SiI3112PCIState *s = SII3112_PCI(dev);
 int i;
 
 for (i = 0; i < 2; i++) {
@@ -290,7 +289,6 @@ static void sii3112_pci_realize(PCIDevice *dev, Error 
**errp)
 s->bmdma[i].bus = &s->bus[i];
 ide_register_restart_cb(&s->bus[i]);
 }
-qemu_register_reset(sii3112_reset, s);
 }
 
 static void sii3112_pci_class_init(ObjectClass *klass, void *data)
@@ -303,6 +301,7 @@ static void sii3112_pci_class_init(ObjectClass *klass, void 
*data)
 pd->class_id = PCI_CLASS_STORAGE_RAID;
 pd->revision = 1;
 pd->realize = sii3112_pci_realize;
+dc->reset = sii3112_reset;
 dc->desc = "SiI3112A SATA controller";
 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
 }
-- 
2.21.0

[PULL 01/18] tests: add qtest_qmp_device_add_qdict() helper

[Eduardo Habkost]

From: Igor Mammedov 

Add an API that takes QDict directly, so users could skip steps
of first building json dictionary and converting it back to
QDict in existing qtest_qmp_device_add() and instead use QDict
directly without intermediate conversion.

Signed-off-by: Igor Mammedov 
Message-Id: <20190830110723.15096-2-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 tests/libqtest.h | 12 
 tests/libqtest.c | 29 +++--
 2 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/tests/libqtest.h b/tests/libqtest.h
index a177e502d9..c9e21e05b3 100644
--- a/tests/libqtest.h
+++ b/tests/libqtest.h
@@ -659,6 +659,18 @@ QDict *qmp_fd(int fd, const char *fmt, ...) 
GCC_FMT_ATTR(2, 3);
 void qtest_cb_for_every_machine(void (*cb)(const char *machine),
 bool skip_old_versioned);
 
+/**
+ * qtest_qmp_device_add_qdict:
+ * @qts: QTestState instance to operate on
+ * @drv: Name of the device that should be added
+ * @arguments: QDict with properties for the device to intialize
+ *
+ * Generic hot-plugging test via the device_add QMP command with properties
+ * supplied in form of QDict. Use NULL for empty properties list.
+ */
+void qtest_qmp_device_add_qdict(QTestState *qts, const char *drv,
+const QDict *arguments);
+
 /**
  * qtest_qmp_device_add:
  * @qts: QTestState instance to operate on
diff --git a/tests/libqtest.c b/tests/libqtest.c
index 38e4f5b587..3706bccd8d 100644
--- a/tests/libqtest.c
+++ b/tests/libqtest.c
@@ -1243,28 +1243,37 @@ QDict *qtest_qmp_receive_success(QTestState *s,
 }
 
 /*
- * Generic hot-plugging test via the device_add QMP command.
+ * Generic hot-plugging test via the device_add QMP commands.
  */
+void qtest_qmp_device_add_qdict(QTestState *qts, const char *drv,
+const QDict *arguments)
+{
+QDict *resp;
+QDict *args = arguments ? qdict_clone_shallow(arguments) : qdict_new();
+
+g_assert(!qdict_haskey(args, "driver"));
+qdict_put_str(args, "driver", drv);
+resp = qtest_qmp(qts, "{'execute': 'device_add', 'arguments': %p}", args);
+g_assert(resp);
+g_assert(!qdict_haskey(resp, "event")); /* We don't expect any events */
+g_assert(!qdict_haskey(resp, "error"));
+qobject_unref(resp);
+}
+
 void qtest_qmp_device_add(QTestState *qts, const char *driver, const char *id,
   const char *fmt, ...)
 {
-QDict *args, *response;
+QDict *args;
 va_list ap;
 
 va_start(ap, fmt);
 args = qdict_from_vjsonf_nofail(fmt, ap);
 va_end(ap);
 
-g_assert(!qdict_haskey(args, "driver") && !qdict_haskey(args, "id"));
-qdict_put_str(args, "driver", driver);
+g_assert(!qdict_haskey(args, "id"));
 qdict_put_str(args, "id", id);
 
-response = qtest_qmp(qts, "{'execute': 'device_add', 'arguments': %p}",
- args);
-g_assert(response);
-g_assert(!qdict_haskey(response, "event")); /* We don't expect any events 
*/
-g_assert(!qdict_haskey(response, "error"));
-qobject_unref(response);
+qtest_qmp_device_add_qdict(qts, driver, args);
 }
 
 static void device_deleted_cb(void *opaque, const char *name, QDict *data)
-- 
2.21.0

[PULL 14/18] target/i386: clean up comments over 80 chars per line

[Eduardo Habkost]

From: Tao Xu 

Add some comments, clean up comments over 80 chars per line. And there
is an extra line in comment of CPUID_8000_0008_EBX_WBNOINVD, remove
the extra enter and spaces.

Acked-by: Stefano Garzarella 
Signed-off-by: Tao Xu 
Message-Id: <20190926021055.6970-2-tao3...@intel.com>
[ehabkost: rebase to latest git master]
Signed-off-by: Eduardo Habkost 
---
 target/i386/cpu.h | 170 ++
 1 file changed, 111 insertions(+), 59 deletions(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index eaa5395aa5..93aad4655f 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -669,65 +669,117 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_SVM_PAUSEFILTER  (1U << 10)
 #define CPUID_SVM_PFTHRESHOLD  (1U << 12)
 
-#define CPUID_7_0_EBX_FSGSBASE (1U << 0)
-#define CPUID_7_0_EBX_BMI1 (1U << 3)
-#define CPUID_7_0_EBX_HLE  (1U << 4)
-#define CPUID_7_0_EBX_AVX2 (1U << 5)
-#define CPUID_7_0_EBX_SMEP (1U << 7)
-#define CPUID_7_0_EBX_BMI2 (1U << 8)
-#define CPUID_7_0_EBX_ERMS (1U << 9)
-#define CPUID_7_0_EBX_INVPCID  (1U << 10)
-#define CPUID_7_0_EBX_RTM  (1U << 11)
-#define CPUID_7_0_EBX_MPX  (1U << 14)
-#define CPUID_7_0_EBX_AVX512F  (1U << 16) /* AVX-512 Foundation */
-#define CPUID_7_0_EBX_AVX512DQ (1U << 17) /* AVX-512 Doubleword & Quadword 
Instrs */
-#define CPUID_7_0_EBX_RDSEED   (1U << 18)
-#define CPUID_7_0_EBX_ADX  (1U << 19)
-#define CPUID_7_0_EBX_SMAP (1U << 20)
-#define CPUID_7_0_EBX_AVX512IFMA (1U << 21) /* AVX-512 Integer Fused Multiply 
Add */
-#define CPUID_7_0_EBX_PCOMMIT  (1U << 22) /* Persistent Commit */
-#define CPUID_7_0_EBX_CLFLUSHOPT (1U << 23) /* Flush a Cache Line Optimized */
-#define CPUID_7_0_EBX_CLWB (1U << 24) /* Cache Line Write Back */
-#define CPUID_7_0_EBX_INTEL_PT (1U << 25) /* Intel Processor Trace */
-#define CPUID_7_0_EBX_AVX512PF (1U << 26) /* AVX-512 Prefetch */
-#define CPUID_7_0_EBX_AVX512ER (1U << 27) /* AVX-512 Exponential and 
Reciprocal */
-#define CPUID_7_0_EBX_AVX512CD (1U << 28) /* AVX-512 Conflict Detection */
-#define CPUID_7_0_EBX_SHA_NI   (1U << 29) /* SHA1/SHA256 Instruction 
Extensions */
-#define CPUID_7_0_EBX_AVX512BW (1U << 30) /* AVX-512 Byte and Word 
Instructions */
-#define CPUID_7_0_EBX_AVX512VL (1U << 31) /* AVX-512 Vector Length Extensions 
*/
-
-#define CPUID_7_0_ECX_AVX512BMI (1U << 1)
-#define CPUID_7_0_ECX_VBMI (1U << 1)  /* AVX-512 Vector Byte Manipulation 
Instrs */
-#define CPUID_7_0_ECX_UMIP (1U << 2)
-#define CPUID_7_0_ECX_PKU  (1U << 3)
-#define CPUID_7_0_ECX_OSPKE(1U << 4)
-#define CPUID_7_0_ECX_VBMI2(1U << 6) /* Additional VBMI Instrs */
-#define CPUID_7_0_ECX_GFNI (1U << 8)
-#define CPUID_7_0_ECX_VAES (1U << 9)
-#define CPUID_7_0_ECX_VPCLMULQDQ (1U << 10)
-#define CPUID_7_0_ECX_AVX512VNNI (1U << 11)
-#define CPUID_7_0_ECX_AVX512BITALG (1U << 12)
-#define CPUID_7_0_ECX_AVX512_VPOPCNTDQ (1U << 14) /* POPCNT for vectors of 
DW/QW */
-#define CPUID_7_0_ECX_LA57 (1U << 16)
-#define CPUID_7_0_ECX_RDPID(1U << 22)
-#define CPUID_7_0_ECX_CLDEMOTE (1U << 25)  /* CLDEMOTE Instruction */
-#define CPUID_7_0_ECX_MOVDIRI  (1U << 27)  /* MOVDIRI Instruction */
-#define CPUID_7_0_ECX_MOVDIR64B (1U << 28) /* MOVDIR64B Instruction */
-
-#define CPUID_7_0_EDX_AVX512_4VNNIW (1U << 2) /* AVX512 Neural Network 
Instructions */
-#define CPUID_7_0_EDX_AVX512_4FMAPS (1U << 3) /* AVX512 Multiply Accumulation 
Single Precision */
-#define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
-#define CPUID_7_0_EDX_ARCH_CAPABILITIES (1U << 29)  /*Arch Capabilities*/
-#define CPUID_7_0_EDX_CORE_CAPABILITY   (1U << 30)  /*Core Capability*/
-#define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store Bypass 
Disable */
-
-#define CPUID_7_1_EAX_AVX512_BF16 (1U << 5) /* AVX512 BFloat16 Instruction */
-
-#define CPUID_8000_0008_EBX_CLZERO (1U << 0) /* CLZERO instruction 
*/
-#define CPUID_8000_0008_EBX_XSAVEERPTR (1U << 2) /* Always save/restore FP 
error pointers */
-#define CPUID_8000_0008_EBX_WBNOINVD  (1U << 9)  /* Write back and
- 
do not invalidate cache */
-#define CPUID_8000_0008_EBX_IBPB(1U << 12) /* Indirect Branch Prediction 
Barrier */
+/* Support RDFSBASE/RDGSBASE/WRFSBASE/WRGSBASE */
+#define CPUID_7_0_EBX_FSGSBASE  (1U << 0)
+/* 1st Group of Advanced Bit Manipulation Extensions */
+#define CPUID_7_0_EBX_BMI1  (1U << 3)
+/* Hardware Lock Elision */
+#define CPUID_7_0_EBX_HLE   (1U << 4)
+/* Intel Advanced Vector Extensions 2 */
+#define CPUID_7_0_EBX_AVX2  (1U << 5)
+/* Supervisor-mode Execution Prevention */
+#define CPUID_7_0_EBX_SMEP  (1U << 7)
+/* 2nd Group of Advanced Bit Manipulation Extensions */
+#define CPUID_7_0_EBX_BMI2  (1U << 8)
+/* Enhanced REP MOVSB/STOSB */
+#define CPUID_7_0_EBX_ERMS  (1U << 9)
+/* Invalidat

[PULL 04/18] hw/acpi/piix4: Convert reset handler to DeviceReset

[Eduardo Habkost]

From: Philippe Mathieu-Daudé 

The PIIX4/PM is a PCI device within the PIIX4 chipset, it will be reset
when the PCI bus it stands on is reset.

Convert its reset handler into a proper Device reset method.

Reviewed-by: Igor Mammedov 
Reviewed-by: Li Qiang 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Philippe Mathieu-Daudé 
Message-Id: <20191010131527.32513-2-phi...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/acpi/piix4.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 5742c3df87..4e079b39bd 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -27,7 +27,6 @@
 #include "hw/pci/pci.h"
 #include "hw/qdev-properties.h"
 #include "hw/acpi/acpi.h"
-#include "sysemu/reset.h"
 #include "sysemu/runstate.h"
 #include "sysemu/sysemu.h"
 #include "qapi/error.h"
@@ -344,9 +343,9 @@ static const VMStateDescription vmstate_acpi = {
 }
 };
 
-static void piix4_reset(void *opaque)
+static void piix4_pm_reset(DeviceState *dev)
 {
-PIIX4PMState *s = opaque;
+PIIX4PMState *s = PIIX4_PM(dev);
 PCIDevice *d = PCI_DEVICE(s);
 uint8_t *pci_conf = d->config;
 
@@ -542,7 +541,6 @@ static void piix4_pm_realize(PCIDevice *dev, Error **errp)
 
 s->machine_ready.notify = piix4_pm_machine_ready;
 qemu_add_machine_init_done_notifier(&s->machine_ready);
-qemu_register_reset(piix4_reset, s);
 
 piix4_acpi_system_hot_add_init(pci_address_space_io(dev),
pci_get_bus(dev), s);
@@ -692,6 +690,7 @@ static void piix4_pm_class_init(ObjectClass *klass, void 
*data)
 k->device_id = PCI_DEVICE_ID_INTEL_82371AB_3;
 k->revision = 0x03;
 k->class_id = PCI_CLASS_BRIDGE_OTHER;
+dc->reset = piix4_pm_reset;
 dc->desc = "PM";
 dc->vmsd = &vmstate_acpi;
 dc->props = piix4_pm_properties;
-- 
2.21.0

[PULL 00/18] x86 and machine queue, 2019-10-15

[Eduardo Habkost]

The following changes since commit 69b81893bc28feb678188fbcdce52eff1609bdad:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20191015' 
into staging (2019-10-15 18:15:59 +0100)

are available in the Git repository at:

  git://github.com/ehabkost/qemu.git tags/machine-next-pull-request

for you to fetch changes up to 69edb0f37a52053978de65a81241ef171a6f2396:

  target/i386: Add Snowridge-v2 (no MPX) CPU model (2019-10-15 18:34:44 -0300)


x86 and machine queue, 2019-10-15

Features:
* Snowridge-v2 (no MPX) CPU model (Xiaoyao Li)

Bug fixes:
* cpu-plug-test: fix device_add for pc/q35 machines (Igor Mammedov)
* Fix legacy guest with xsave panic on older Linux kernel (Bingsong Si)
* Omit all-zeroes entries from KVM CPUID table (Eduardo Habkost)

Cleanups:
* Convert reset handlers to DeviceReset (Philippe Mathieu-Daudé)
* MachineClass::auto_enable_numa field (Tao Xu)
* target/i386/cpu.h cleanups (Tao Xu)
* memory_device_get_free_addr() cleanups (Wei Yang)




Bingsong Si (1):
  i386: Fix legacy guest with xsave panic on host kvm without update
cpuid.

Eduardo Habkost (1):
  i386: Omit all-zeroes entries from KVM CPUID table

Igor Mammedov (2):
  tests: add qtest_qmp_device_add_qdict() helper
  tests: cpu-plug-test: fix device_add for pc/q35 machines

Philippe Mathieu-Daudé (8):
  hw/acpi/piix4: Convert reset handler to DeviceReset
  hw/isa/piix4: Convert reset handler to DeviceReset
  hw/ide/piix: Convert reset handler to DeviceReset
  hw/ide/sii3112: Convert reset handler to DeviceReset
  hw/ide/via82c: Convert reset handler to DeviceReset
  hw/isa/vt82c686: Convert reset handler to DeviceReset
  hw/input/lm832x: Convert reset handler to DeviceReset
  hw/misc/vmcoreinfo: Add comment about reset handler

Tao Xu (3):
  numa: Introduce MachineClass::auto_enable_numa for implicit NUMA node
  target/i386: clean up comments over 80 chars per line
  target/i386: drop the duplicated definition of cpuid AVX512_VBMI macro

Wei Yang (2):
  memory-device: not necessary to use goto for the last check
  memory-device: break the loop if tmp exceed the hinted range

Xiaoyao Li (1):
  target/i386: Add Snowridge-v2 (no MPX) CPU model

 include/hw/boards.h |   1 +
 target/i386/cpu.h   | 169 +++-
 tests/libqtest.h|  12 +++
 hw/acpi/piix4.c |   7 +-
 hw/core/numa.c  |  10 ++-
 hw/ide/piix.c   |   9 +-
 hw/ide/sii3112.c|   7 +-
 hw/ide/via.c|  10 +--
 hw/input/lm832x.c   |  12 ++-
 hw/isa/piix4.c  |   7 +-
 hw/isa/vt82c686.c   |  11 +--
 hw/mem/memory-device.c  |   3 +-
 hw/misc/vmcoreinfo.c|   4 +
 hw/ppc/spapr.c  |   9 +-
 target/i386/cpu.c   |  28 --
 target/i386/hvf/x86_cpuid.c |   2 +-
 target/i386/kvm.c   |  14 +++
 tests/cpu-plug-test.c   |  62 ++---
 tests/libqtest.c|  29 ---
 19 files changed, 247 insertions(+), 159 deletions(-)

-- 
2.21.0

[PULL 02/18] tests: cpu-plug-test: fix device_add for pc/q35 machines

[Eduardo Habkost]

From: Igor Mammedov 

Commit bc1fb850a3 silently broke device_add test for CPU hotplug which
resulted in test successfully passing though it wasn't actually run.
Fix it by making sure that all non present CPUs reported
by "query-hotpluggable-cpus" are hotplugged instead of making up
and hardcoding values.

Use of query-hotpluggable-cpus also allows consolidatiate device_add
cpu testcases and reuse the same test function for all targets.

While at it also add a check that at least one CPU was hotplugged,
to avoid silent breakage in the future.

Fixes: bc1fb850a3 (vl.c deprecate incorrect CPUs topology)
Signed-off-by: Igor Mammedov 
Message-Id: <20190830110723.15096-3-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 tests/cpu-plug-test.c | 62 ++-
 1 file changed, 26 insertions(+), 36 deletions(-)

diff --git a/tests/cpu-plug-test.c b/tests/cpu-plug-test.c
index 776407e1b6..058cef5ac1 100644
--- a/tests/cpu-plug-test.c
+++ b/tests/cpu-plug-test.c
@@ -12,6 +12,7 @@
 #include "qemu-common.h"
 #include "libqtest-single.h"
 #include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qlist.h"
 
 struct PlugTestData {
 char *machine;
@@ -72,12 +73,15 @@ static void test_plug_without_cpu_add(gconstpointer data)
 g_free(args);
 }
 
-static void test_plug_with_device_add_x86(gconstpointer data)
+static void test_plug_with_device_add(gconstpointer data)
 {
 const PlugTestData *td = data;
 char *args;
-unsigned int s, c, t;
 QTestState *qts;
+QDict *resp;
+QList *cpus;
+QObject *e;
+int hotplugged = 0;
 
 args = g_strdup_printf("-machine %s -cpu %s "
"-smp 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
@@ -85,43 +89,29 @@ static void test_plug_with_device_add_x86(gconstpointer 
data)
td->sockets, td->cores, td->threads, td->maxcpus);
 qts = qtest_init(args);
 
-for (s = 1; s < td->sockets; s++) {
-for (c = 0; c < td->cores; c++) {
-for (t = 0; t < td->threads; t++) {
-char *id = g_strdup_printf("id-%i-%i-%i", s, c, t);
-qtest_qmp_device_add(qts, td->device_model, id,
- "{'socket-id':%u, 'core-id':%u,"
- " 'thread-id':%u}",
- s, c, t);
-g_free(id);
-}
-}
-}
+resp = qtest_qmp(qts, "{ 'execute': 'query-hotpluggable-cpus'}");
+g_assert(qdict_haskey(resp, "return"));
+cpus = qdict_get_qlist(resp, "return");
+g_assert(cpus);
 
-qtest_quit(qts);
-g_free(args);
-}
+while ((e = qlist_pop(cpus))) {
+const QDict *cpu, *props;
 
-static void test_plug_with_device_add_coreid(gconstpointer data)
-{
-const PlugTestData *td = data;
-char *args;
-unsigned int c;
-QTestState *qts;
+cpu = qobject_to(QDict, e);
+if (qdict_haskey(cpu, "qom-path")) {
+continue;
+}
 
-args = g_strdup_printf("-machine %s -cpu %s "
-   "-smp 1,sockets=%u,cores=%u,threads=%u,maxcpus=%u",
-   td->machine, td->cpu_model,
-   td->sockets, td->cores, td->threads, td->maxcpus);
-qts = qtest_init(args);
+g_assert(qdict_haskey(cpu, "props"));
+props = qdict_get_qdict(cpu, "props");
 
-for (c = 1; c < td->cores; c++) {
-char *id = g_strdup_printf("id-%i", c);
-qtest_qmp_device_add(qts, td->device_model, id,
- "{'core-id':%u}", c);
-g_free(id);
+qtest_qmp_device_add_qdict(qts, td->device_model, props);
+hotplugged++;
 }
 
+/* make sure that there were hotplugged CPUs */
+g_assert(hotplugged);
+qobject_unref(resp);
 qtest_quit(qts);
 g_free(args);
 }
@@ -182,7 +172,7 @@ static void add_pc_test_case(const char *mname)
 path = g_strdup_printf("cpu-plug/%s/device-add/%ux%ux%u&maxcpus=%u",
mname, data2->sockets, data2->cores,
data2->threads, data2->maxcpus);
-qtest_add_data_func_full(path, data2, test_plug_with_device_add_x86,
+qtest_add_data_func_full(path, data2, test_plug_with_device_add,
  test_data_free);
 g_free(path);
 }
@@ -209,7 +199,7 @@ static void add_pseries_test_case(const char *mname)
 path = g_strdup_printf("cpu-plug/%s/device-add/%ux%ux%u&maxcpus=%u",
mname, data->sockets, data->cores,
data->threads, data->maxcpus);
-qtest_add_data_func_full(path, data, test_plug_with_device_add_coreid,
+qtest_add_data_func_full(path, data, test_plug_with_device_add,
  test_data_free);
 g_free(path);
 }
@@ -246,7 +236,7 @@ static void add_s390x_test_case(const char *mname)
 path = g_strdup_printf("cpu-plug/%s/device-add/%ux%ux%u&max

Re: [PATCH v5 23/55] translator: add translator_ld{ub,sw,uw,l,q}

[Alex Bennée]

Alex Bennée  writes:

> Peter Maydell  writes:
>
>> On Mon, 14 Oct 2019 at 12:38, Alex Bennée  wrote:
>>>
>>> From: "Emilio G. Cota" 
>>>
>>> We don't bother with replicating the fast path (tlb_hit) of the old
>>> cpu_ldst helpers as it has no measurable effect on performance. This
>>> probably indicates we should consider flattening the whole set of
>>> helpers but that is out of scope for this change.
>>>
>>> Suggested-by: Richard Henderson 
>>> Signed-off-by: Emilio G. Cota 
>>> [AJB: directly plumb into softmmu/user helpers]
>>> Signed-off-by: Alex Bennée 
>>>
>>> diff --git a/tcg/tcg.h b/tcg/tcg.h
>>> index a38659ea5b..302533b463 100644
>>> --- a/tcg/tcg.h
>>> +++ b/tcg/tcg.h
>>> @@ -1317,6 +1317,7 @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, 
>>> target_ulong addr,
>>>  # define helper_ret_stl_mmu   helper_be_stl_mmu
>>>  # define helper_ret_stq_mmu   helper_be_stq_mmu
>>>  # define helper_ret_ldw_cmmu  helper_be_ldw_cmmu
>>> +# define helper_ret_lduw_cmmu helper_be_ldw_cmmu
>>>  # define helper_ret_ldl_cmmu  helper_be_ldl_cmmu
>>>  # define helper_ret_ldq_cmmu  helper_be_ldq_cmmu
>>>  #else
>>> @@ -1330,6 +1331,7 @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, 
>>> target_ulong addr,
>>>  # define helper_ret_stl_mmu   helper_le_stl_mmu
>>>  # define helper_ret_stq_mmu   helper_le_stq_mmu
>>>  # define helper_ret_ldw_cmmu  helper_le_ldw_cmmu
>>> +# define helper_ret_lduw_cmmu helper_le_ldw_cmmu
>>>  # define helper_ret_ldl_cmmu  helper_le_ldl_cmmu
>>>  # define helper_ret_ldq_cmmu  helper_le_ldq_cmmu
>>>  #endif
>>
>> This looks odd. Why is it ok to define a 'lduw' helper
>> as the 'ldw' cmmu helper ? One ought to be sign
>> extending and the other not...
>
> This was attempting to make things line up between the softmmu helpers
> and the user-mode ld*_p helpers that we need to expand to. I'm not sure
> a sign extending loader even makes sense for code load anyway.

That last bit is not true as sign extending helpers are used for loading
sign-extended immediate values.

>
>>
>> thanks
>> -- PMM


--
Alex Bennée

Re: [PATCH v3 0/10] add failover feature for assigned network devices

[Michael S. Tsirkin]

On Tue, Oct 15, 2019 at 01:03:17PM -0600, Alex Williamson wrote:
> On Fri, 11 Oct 2019 13:20:05 +0200
> Jens Freimann  wrote:
> 
> > This is implementing the host side of the net_failover concept
> > (https://www.kernel.org/doc/html/latest/networking/net_failover.html)
> > 
> > Changes since v2:
> > * back out of creating failover pair when it is a non-networking
> >   vfio-pci device (Alex W)
> > * handle migration state change from within the migration thread. I do a
> >   timed wait on a semaphore and then check if all unplugs were
> >   succesful. Added a new function to each device that checks the device
> >   if the unplug for it has happened. When all devices report the succesful
> >   unplug *or* the time/retries is up, continue with the migration or
> >   cancel. When not all devices could be unplugged I am cancelling at the
> >   moment. It is likely that we can't plug it back at the destination which
> >   would result in degraded network performance.
> > * fix a few bugs regarding re-plug on migration source and target 
> > * run full set of tests including migration tests
> > * add patch for libqos to tolerate new migration state
> > * squashed patch 1 and 2, added patch 8 
> >  
> > The general idea is that we have a pair of devices, a vfio-pci and a
> > virtio-net device. Before migration the vfio device is unplugged and data
> > flows to the virtio-net device, on the target side another vfio-pci device
> > is plugged in to take over the data-path. In the guest the net_failover
> > module will pair net devices with the same MAC address.
> > 
> > * Patch 1 adds the infrastructure to hide the device for the qbus and qdev 
> > APIs
> > 
> > * Patch 2 sets a new flag for PCIDevice 'partially_hotplugged' which we
> >   use to skip the unrealize code path when doing a unplug of the primary
> >   device
> > 
> > * Patch 3 sets the pending_deleted_event before triggering the guest
> >   unplug request
> 
> These only cover pcie hotplug, is this feature somehow dependent on
> pcie?  There's also ACPI-based PCI hotplug, SHPC hotplug, and it looks
> like s390 has it's own version (of course) of PCI hotplug.  IMO, we
> either need to make an attempt to support this universally or the
> option needs to fail if the hotplug controller doesn't support partial
> removal.  Thanks,
> 
> Alex


Alex, could you please comment a bit more on vfio patches?
Besides what you point out here, any other issues?

-- 
MST

Re: [PULL 00/19] virtio, vhost, acpi: features, fixes, tests

[Michael S. Tsirkin]

On Mon, Oct 07, 2019 at 05:31:32PM +0100, Peter Maydell wrote:
> On Sat, 5 Oct 2019 at 22:58, Michael S. Tsirkin  wrote:
> >
> > A couple of tweaks to the bios table test weren't
> > reviewed yet but as they are really helpful to
> > the arm tests I'm pushing, and affecting only the
> > test so fairly benign (dropped assert + a comment),
> > I cut a corner and pushed them straight away.
> > Will be easy to tweak with a patch on top or revert.
> >
> > The following changes since commit 4f59102571fce49af180cfc6d4cdd2b5df7bdb14:
> >
> >   Merge remote-tracking branch 
> > 'remotes/amarkovic/tags/mips-queue-oct-01-2019' into staging (2019-10-01 
> > 16:21:42 +0100)
> >
> > are available in the Git repository at:
> >
> >   git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_upstream
> >
> > for you to fetch changes up to 9d59bed1da5e5815987879346cf708344060ea63:
> >
> >   virtio: add vhost-user-fs-pci device (2019-10-05 17:43:55 -0400)
> >
> > 
> > virtio, vhost, acpi: features, fixes, tests
> >
> > Tests for arm/virt ACPI tables.
> > Virtio fs support (no migration).
> > A vhost-user reconnect bugfix.
> 
> Hi -- this summary of the changes just says it has
> updates to the test code, but the patches include:
> 
> > Shameer Kolothum (8):
> >   hw/arm/virt: Enable device memory cold/hot plug with ACPI boot
> 
> which is to say actually enabling the hotplug memory feature,
> not just tweaking tests. Did you mean to put the whole feature
> in this pullreq? (If you did, that's fine, it just doesn't
> match up with the cover letter so maybe it was an accident?)
> 
> thanks
> -- PMM

Yes this was intentional. I meant I was asked to merge it because of
the tests. But tests wouldn't pass without the feature :)
I've updated the description. Pls pull.

-- 
MST

Re: [PATCH v5 00/22] target/arm: Implement ARMv8.5-MemTag, system mode

[Evgenii Stepanov]

Hi,

please find attached three random fixes for instruction translation
and one for syscall emulation.

On Fri, Oct 11, 2019 at 6:48 AM Richard Henderson
 wrote:
>
> This is an update of the v4 patch from March.
>
> I believe I've fixed the address space issues that Peter noticed.
> If the board model does not supply tag memory, then I downgrade
> the cpu support to "instructions only" (id_aa64pfr1.mte == 1),
> which does not allow tag memory access to be enabled in the cpu.
>
> I did not update the arm_hcr_el2_eff comment re ARMv8.4, because
> I have not done a complete audit of all of the v8.5 bits.
>
> The hacky kernel testing patch has needed some updates since March.
> The following applies to v5.4-rc2.
>
>
> r~
>
>
> Richard Henderson (22):
>   target/arm: Add MTE_ACTIVE to tb_flags
>   target/arm: Add regime_has_2_ranges
>   target/arm: Add MTE system registers
>   target/arm: Add helper_mte_check{1,2,3}
>   target/arm: Suppress tag check for sp+offset
>   target/arm: Implement the IRG instruction
>   target/arm: Implement ADDG, SUBG instructions
>   target/arm: Implement the GMI instruction
>   target/arm: Implement the SUBP instruction
>   target/arm: Define arm_cpu_do_unaligned_access for CONFIG_USER_ONLY
>   target/arm: Implement LDG, STG, ST2G instructions
>   target/arm: Implement the STGP instruction
>   target/arm: Implement the LDGM and STGM instructions
>   target/arm: Implement the access tag cache flushes
>   target/arm: Clean address for DC ZVA
>   target/arm: Implement data cache set allocation tags
>   target/arm: Set PSTATE.TCO on exception entry
>   target/arm: Enable MTE
>   target/arm: Cache the Tagged bit for a page in MemTxAttrs
>   target/arm: Create tagged ram when MTE is enabled
>   target/arm: Add mmu indexes for tag memory
>   target/arm: Add allocation tag storage for system mode
>
>  target/arm/cpu-param.h |   2 +-
>  target/arm/cpu.h   |  37 ++-
>  target/arm/helper-a64.h|  17 ++
>  target/arm/internals.h |  45 +++
>  target/arm/translate.h |   2 +
>  hw/arm/virt.c  |  54 
>  target/arm/cpu.c   |  63 +++-
>  target/arm/cpu64.c |   1 +
>  target/arm/helper.c| 277 ++---
>  target/arm/mte_helper.c| 601 +
>  target/arm/tlb_helper.c|   3 +-
>  target/arm/translate-a64.c | 342 ++---
>  target/arm/Makefile.objs   |   1 +
>  13 files changed, 1345 insertions(+), 100 deletions(-)
>  create mode 100644 target/arm/mte_helper.c
>
> --- kernel patch
>
> diff --git a/arch/arm64/include/asm/cpucaps.h 
> b/arch/arm64/include/asm/cpucaps.h
> index f19fe4b9acc4..ee6b7f387a9a 100644
> --- a/arch/arm64/include/asm/cpucaps.h
> +++ b/arch/arm64/include/asm/cpucaps.h
> @@ -52,7 +52,8 @@
>  #define ARM64_HAS_IRQ_PRIO_MASKING 42
>  #define ARM64_HAS_DCPODP   43
>  #define ARM64_WORKAROUND_1463225   44
> +#define ARM64_HAS_MTE  45
>
> -#define ARM64_NCAPS45
> +#define ARM64_NCAPS46
>
>  #endif /* __ASM_CPUCAPS_H */
> diff --git a/arch/arm64/include/asm/kvm_arm.h 
> b/arch/arm64/include/asm/kvm_arm.h
> index ddf9d762ac62..5825130bd8eb 100644
> --- a/arch/arm64/include/asm/kvm_arm.h
> +++ b/arch/arm64/include/asm/kvm_arm.h
> @@ -12,6 +12,7 @@
>  #include 
>
>  /* Hyp Configuration Register (HCR) bits */
> +#define HCR_ATA(UL(1) << 56)
>  #define HCR_FWB(UL(1) << 46)
>  #define HCR_API(UL(1) << 41)
>  #define HCR_APK(UL(1) << 40)
> @@ -78,8 +79,8 @@
>  HCR_AMO | HCR_SWIO | HCR_TIDCP | HCR_RW | HCR_TLOR | 
> \
>  HCR_FMO | HCR_IMO)
>  #define HCR_VIRT_EXCP_MASK (HCR_VSE | HCR_VI | HCR_VF)
> -#define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK)
> -#define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H)
> +#define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK | HCR_ATA)
> +#define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H | HCR_ATA)
>
>  /* TCR_EL2 Registers bits */
>  #define TCR_EL2_RES1   ((1 << 31) | (1 << 23))
> diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
> index 972d196c7714..2a65831f6e0f 100644
> --- a/arch/arm64/include/asm/sysreg.h
> +++ b/arch/arm64/include/asm/sysreg.h
> @@ -482,6 +482,7 @@
>
>  /* Common SCTLR_ELx flags. */
>  #define SCTLR_ELx_DSSBS(BIT(44))
> +#define SCTLR_ELx_ATA  (BIT(43))
>  #define SCTLR_ELx_ENIA (BIT(31))
>  #define SCTLR_ELx_ENIB (BIT(30))
>  #define SCTLR_ELx_ENDA (BIT(27))
> @@ -510,6 +511,7 @@
>  #endif
>
>  /* SCTLR_EL1 specific flags. */
> +#define SCTLR_EL1_ATA0 (BIT(42))
>  #define SCTLR_EL1_UCI  (BIT(26))
>  #define SCTLR_EL1_E0E  (BIT(24))
>  #define SCTLR_EL1_SPAN (BIT(23))
> @@ -598,6 +600,7 @@
>  #define ID_AA64PFR0_EL0_32BIT_64BIT0x2
>
>  /* id_aa64pfr1 */
> +#define ID_AA64PFR1_MTE_SHIFT  

Re: [PATCH v26 00/21] Add RX archtecture support

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/20191014115757.51866-1-ys...@users.sourceforge.jp/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH v26 00/21] Add RX archtecture support
Type: series
Message-id: 20191014115757.51866-1-ys...@users.sourceforge.jp

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
505ff3c BootLinuxConsoleTest: Test the RX-Virt machine
870da65 Add rx-softmmu
fd6d0d7 hw/rx: Restrict the RX62N microcontroller to the RX62N CPU core
53383c1 hw/rx: Honor -accel qtest
22e9b46 hw/rx: RX Target hardware definition
54826a9 hw/char: RX62N serial communication interface (SCI)
503ddab hw/timer: RX62N internal timer modules
3a88365 hw/intc: RX62N interrupt controller (ICUa)
1e75d01 target/rx: Dump bytes for each insn during disassembly
32a5073 target/rx: Collect all bytes during disassembly
ef8739d target/rx: Emit all disassembly in one prt()
d139491 target/rx: Use prt_ldmi for XCHG_mr disassembly
fc42ea6 target/rx: Replace operand with prt_ldmi in disassembler
f69c26a target/rx: Disassemble rx_index_addr into a string
0f7826e target/rx: RX disassembler
a8ce030 target/rx: CPU definition
958916c target/rx: TCG helper
100069d target/rx: TCG translation
ef5069b hw/registerfields.h: Add 8bit and 16bit register macros
d4ac167 qemu/bitops.h: Add extract8 and extract16
2062135 MAINTAINERS: Add RX

=== OUTPUT BEGIN ===
1/21 Checking commit 206213548587 (MAINTAINERS: Add RX)
2/21 Checking commit d4ac1671bb35 (qemu/bitops.h: Add extract8 and extract16)
3/21 Checking commit ef5069b624b4 (hw/registerfields.h: Add 8bit and 16bit 
register macros)
Use of uninitialized value in concatenation (.) or string at 
./scripts/checkpatch.pl line 2484.
ERROR: Macros with multiple statements should be enclosed in a do - while loop
#27: FILE: include/hw/registerfields.h:25:
+#define REG8(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) };

ERROR: Macros with multiple statements should be enclosed in a do - while loop
#31: FILE: include/hw/registerfields.h:29:
+#define REG16(reg, addr)  \
+enum { A_ ## reg = (addr) };  \
+enum { R_ ## reg = (addr) / 2 };

total: 2 errors, 0 warnings, 56 lines checked

Patch 3/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

4/21 Checking commit 100069d81c69 (target/rx: TCG translation)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#20: 
new file mode 100644

total: 0 errors, 1 warnings, 3065 lines checked

Patch 4/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
5/21 Checking commit 958916cceffd (target/rx: TCG helper)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#21: 
new file mode 100644

total: 0 errors, 1 warnings, 650 lines checked

Patch 5/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/21 Checking commit a8ce03017900 (target/rx: CPU definition)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#32: 
new file mode 100644

total: 0 errors, 1 warnings, 588 lines checked

Patch 6/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
7/21 Checking commit 0f7826e600fd (target/rx: RX disassembler)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#38: 
new file mode 100644

total: 0 errors, 1 warnings, 1497 lines checked

Patch 7/21 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
8/21 Checking commit f69c26a9cf8b (target/rx: Disassemble rx_index_addr into a 
string)
9/21 Checking commit fc42ea6daa7f (target/rx: Replace operand with prt_ldmi in 
disassembler)
10/21 Checking commit d1394917d410 (target/rx: Use prt_ldmi for XCHG_mr 
disassembly)
11/21 Checking commit ef8739d5f3c3 (target/rx: Emit all disassembly in one 
prt())
12/21 Checking commit 32a5073242dd (target/rx: Collect all bytes during 
disassembly)
13/21 Checking commit 1e75d0171960 (target/rx: Dump bytes for each insn during 
disassembly)
14/21 Checking commit 3a8836534610 (hw/intc: RX62N interrupt controller (ICUa))
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#40: 
new file mode 100644

total: 0 errors, 1 warning

Re: [PATCH 2/2] apic: Use 32bit APIC ID for migration instance ID

[Eduardo Habkost]

On Tue, Oct 15, 2019 at 12:02:53PM +0100, Dr. David Alan Gilbert wrote:
> * Peter Xu (pet...@redhat.com) wrote:
> > On Tue, Oct 15, 2019 at 10:22:18AM +0100, Dr. David Alan Gilbert wrote:
> > > * Peter Xu (pet...@redhat.com) wrote:
> > > > Migration is silently broken now with x2apic config like this:
> > > > 
> > > >  -smp 200,maxcpus=288,sockets=2,cores=72,threads=2 \
> > > >  -device intel-iommu,intremap=on,eim=on
> > > > 
> > > > After migration, the guest kernel could hang at anything, due to
> > > > x2apic bit not migrated correctly in IA32_APIC_BASE on some vcpus, so
> > > > any operations related to x2apic could be broken then (e.g., RDMSR on
> > > > x2apic MSRs could fail because KVM would think that the vcpu hasn't
> > > > enabled x2apic at all).
> > > > 
> > > > The issue is that the x2apic bit was never applied correctly for vcpus
> > > > whose ID > 255 when migrate completes, and that's because when we
> > > > migrate APIC we use the APICCommonState.id as instance ID of the
> > > > migration stream, while that's too short for x2apic.
> > > > 
> > > > Let's use the newly introduced initial_apic_id for that.
> > > 
> > > I'd like to understand a few things:
> > >a) Does this change the instance ID of existing APICs on the
> > > migration stream? 
> > >  a1) Ever for <256 CPUs?
> > 
> > No.
> > 
> > >  a2) For >=256 CPUs?
> > 
> > Yes.
> > 
> > > 
> > > [Because changing the ID breaks migration]
> > 
> > But if we don't change it, the stream is broken too. :)
> > 
> > Then the destination VM will receive e.g. two apic_id==0 instances (I
> > think the apic_id==256 instance will wrongly overwrite the apic_id==0
> > one), while the vcpu with apic_id==256 will use the initial apic
> > values.
> > 
> > So IMHO we should still fix this, even if it changes the migration
> > stream.  At least we start to make it right.
> 
> Yes, that makes sense.
> It deserves a doc mention somewhere.
> 
> > > 
> > >   b) Is the instance ID constant - I can see it's a property on the
> > >  APIC, but I cna't see who sets it
> > 
> > For each vcpu, I think yes it should be a constant as long as the
> > topology is the same.  This is how I understand it to be set:
> > 
> > (1) In pc_cpus_init(), we init these:
> > 
> > possible_cpus = mc->possible_cpu_arch_ids(ms);
> > for (i = 0; i < ms->smp.cpus; i++) {
> > pc_new_cpu(pcms, possible_cpus->cpus[i].arch_id, &error_fatal);
> > }
> > 
> > (2) In x86_cpu_apic_create(), we apply the apic_id to "id" property:
> > 
> > qdev_prop_set_uint32(cpu->apic_state, "id", cpu->apic_id);
> 
> OK, that's fine - as long as it's constaatn and not guest influenced.

The guest may change the CPU APIC ID (although they rarely do),
but I believe X86CPU::apic_id is always going to be the initial
APIC ID.  I'll double check (and maybe send a patch to rename it
to initial_apic_id).

-- 
Eduardo

Re: [PATCH v5 53/55] plugins: add sparc64 instruction classification table

[Richard Henderson]

On 10/15/19 12:09 PM, Alex Bennée wrote:
> How similar are the sparc and sparc64 decodes? Is there a canonical
> table you can point to?

sparc64 is a superset of sparc32.

Appendix A of https://community.oracle.com/docs/DOC-1005258


r~

[PATCH v2 0/3] tests: More iotest 223 improvements

[Eric Blake]

[subject line kept for continuity with v1, but now touches much more]

Max suggested that instead of special-casing just 223 to trace QMP
input as well output, that we should instead patch common.qemu to do
it for all tests.  That in turn found that test 173 has been broken
since v3.0.  Max also suggested that 223 use a for loop rather than
massive code duplication, which does indeed look nicer.

Eric Blake (3):
  iotests: Fix 173
  iotests: Include QMP input in .out files
  tests: More iotest 223 improvements

 tests/qemu-iotests/common.qemu |   9 +++
 tests/qemu-iotests/085.out |  26 +
 tests/qemu-iotests/094.out |   4 ++
 tests/qemu-iotests/095.out |   2 +
 tests/qemu-iotests/109.out |  88 +
 tests/qemu-iotests/117.out |   5 ++
 tests/qemu-iotests/127.out |   4 ++
 tests/qemu-iotests/140.out |   5 ++
 tests/qemu-iotests/141.out |  26 +
 tests/qemu-iotests/143.out |   3 +
 tests/qemu-iotests/144.out |   5 ++
 tests/qemu-iotests/153.out |  11 
 tests/qemu-iotests/156.out |  11 
 tests/qemu-iotests/161.out |   8 +++
 tests/qemu-iotests/173 |   4 +-
 tests/qemu-iotests/173.out |  10 +++-
 tests/qemu-iotests/182.out |   8 +++
 tests/qemu-iotests/183.out |  11 
 tests/qemu-iotests/185.out |  18 ++
 tests/qemu-iotests/191.out |   8 +++
 tests/qemu-iotests/200.out |   1 +
 tests/qemu-iotests/223 |  16 +-
 tests/qemu-iotests/223.out | 100 +
 tests/qemu-iotests/229.out |   3 +
 tests/qemu-iotests/249.out |   6 ++
 25 files changed, 387 insertions(+), 5 deletions(-)

-- 
2.21.0

[PATCH v2 2/3] iotests: Include QMP input in .out files

[Eric Blake]

We generally include relevant HMP input in .out files, by virtue of
the fact that HMP echoes its input.  But QMP does not, so we have to
explicitly inject it in the output stream, in order to make it easier
to read .out files to see what behavior is being tested (especially
true where the output file is a sequence of {'return': {}}).

Suggested-by: Max Reitz 
Signed-off-by: Eric Blake 
---
 tests/qemu-iotests/common.qemu |  9 
 tests/qemu-iotests/085.out | 26 ++
 tests/qemu-iotests/094.out |  4 ++
 tests/qemu-iotests/095.out |  2 +
 tests/qemu-iotests/109.out | 88 ++
 tests/qemu-iotests/117.out |  5 ++
 tests/qemu-iotests/127.out |  4 ++
 tests/qemu-iotests/140.out |  5 ++
 tests/qemu-iotests/141.out | 26 ++
 tests/qemu-iotests/143.out |  3 ++
 tests/qemu-iotests/144.out |  5 ++
 tests/qemu-iotests/153.out | 11 +
 tests/qemu-iotests/156.out | 11 +
 tests/qemu-iotests/161.out |  8 
 tests/qemu-iotests/173.out |  4 ++
 tests/qemu-iotests/182.out |  8 
 tests/qemu-iotests/183.out | 11 +
 tests/qemu-iotests/185.out | 18 +++
 tests/qemu-iotests/191.out |  8 
 tests/qemu-iotests/200.out |  1 +
 tests/qemu-iotests/223.out | 19 
 tests/qemu-iotests/229.out |  3 ++
 tests/qemu-iotests/249.out |  6 +++
 23 files changed, 285 insertions(+)

diff --git a/tests/qemu-iotests/common.qemu b/tests/qemu-iotests/common.qemu
index 8d2021a7eb0c..abc231743e82 100644
--- a/tests/qemu-iotests/common.qemu
+++ b/tests/qemu-iotests/common.qemu
@@ -123,6 +123,9 @@ _timed_wait_for()
 # until either timeout, or a response.  If it is not set, or <=0,
 # then the command is only sent once.
 #
+# If neither $silent nor $mismatch_only is set, and $cmd begins with '{',
+# echo the command before sending it the first time.
+#
 # If $qemu_error_no_exit is set, then even if the expected response
 # is not seen, we will not exit.  $QEMU_STATUS[$1] will be set it -1 in
 # that case.
@@ -152,6 +155,12 @@ _send_qemu_cmd()
 shift $(($# - 2))
 fi

+# Display QMP being sent, but not HMP (since HMP already echoes its
+# input back to output); decide based on leading '{'
+if [ -z "$silent" ] && [ -z "$mismatch_only" ] &&
+[ "$cmd" != "${cmd#{}" ]; then
+echo "${cmd}" | _filter_testdir
+fi
 while [ ${count} -gt 0 ]
 do
 echo "${cmd}" >&${QEMU_IN[${h}]}
diff --git a/tests/qemu-iotests/085.out b/tests/qemu-iotests/085.out
index 2a5f256cd3ec..e92f125b63c4 100644
--- a/tests/qemu-iotests/085.out
+++ b/tests/qemu-iotests/085.out
@@ -7,48 +7,61 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728

 === Sending capabilities ===

+{ 'execute': 'qmp_capabilities' }
 {"return": {}}

 === Create a single snapshot on virtio0 ===

+{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 
'snapshot-file':'TEST_DIR/1-snapshot-v0.qcow2', 'format': 'qcow2' } }
 Formatting 'TEST_DIR/1-snapshot-v0.qcow2', fmt=qcow2 size=134217728 
backing_file=TEST_DIR/t.qcow2.1 backing_fmt=qcow2 cluster_size=65536 
lazy_refcounts=off refcount_bits=16
 {"return": {}}

 === Invalid command - missing device and nodename ===

+{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 
'snapshot-file':'TEST_DIR/1-snapshot-v0.qcow2', 'format': 'qcow2' } }
 {"error": {"class": "GenericError", "desc": "Cannot find device= nor 
node_name="}}

 === Invalid command - missing snapshot-file ===

+{ 'execute': 'blockdev-snapshot-sync', 'arguments': { 'device': 'virtio0', 
'format': 'qcow2' } }
 {"error": {"class": "GenericError", "desc": "Parameter 'snapshot-file' is 
missing"}}


 === Create several transactional group snapshots ===

+{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 
'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 
'TEST_DIR/2-snapshot-v0.qcow2' } }, { 'type': 'blockdev-snapshot-sync', 'data' 
: { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/2-snapshot-v1.qcow2' } } ] 
} }
 Formatting 'TEST_DIR/2-snapshot-v0.qcow2', fmt=qcow2 size=134217728 
backing_file=TEST_DIR/1-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 
lazy_refcounts=off refcount_bits=16
 Formatting 'TEST_DIR/2-snapshot-v1.qcow2', fmt=qcow2 size=134217728 
backing_file=TEST_DIR/t.qcow2.2 backing_fmt=qcow2 cluster_size=65536 
lazy_refcounts=off refcount_bits=16
 {"return": {}}
+{ 'execute': 'transaction', 'arguments': {'actions': [ { 'type': 
'blockdev-snapshot-sync', 'data' : { 'device': 'virtio0', 'snapshot-file': 
'TEST_DIR/3-snapshot-v0.qcow2' } }, { 'type': 'blockdev-snapshot-sync', 'data' 
: { 'device': 'virtio1', 'snapshot-file': 'TEST_DIR/3-snapshot-v1.qcow2' } } ] 
} }
 Formatting 'TEST_DIR/3-snapshot-v0.qcow2', fmt=qcow2 size=134217728 
backing_file=TEST_DIR/2-snapshot-v0.qcow2 backing_fmt=qcow2 cluster_size=65536 
lazy_refcounts=off refcount_bits=16
 Formatting 'TEST_DIR/3-snapshot-v1.qcow2', fmt=qcow2 

[PATCH v2 1/3] iotests: Fix 173

[Eric Blake]

This test has been broken since 3.0.  It used TEST_IMG to influence
the name of a file created during _make_test_img, but commit 655ae6bb
changed things so that the wrong file name is being created, which
then caused _launch_qemu to fail.  In the meantime, the set of events
issued for the actions of the test has increased.

Why haven't we noticed the failure? Because the test rarely gets run:
'./check -qcow2 173' is insufficient (that defaults to using file protocol)
'./check -nfs 173' is insufficient (that defaults to using raw format)
so the test is only run with:
./check -qcow2 -nfs 173

Note that we already have a number of other problems with -nfs:
./check -nfs (fails 18/30)
./check -qcow2 -nfs (fails 45/76 after this patch)
and it's not on my priority list to fix those.  Rather, I found this
because of my next patch's work on tests using _send_qemu_cmd.

Fixes: 655ae6b
Signed-off-by: Eric Blake 
---
 tests/qemu-iotests/173 | 4 ++--
 tests/qemu-iotests/173.out | 6 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/173 b/tests/qemu-iotests/173
index 9e2fa2e73cb9..29dcaa1960df 100755
--- a/tests/qemu-iotests/173
+++ b/tests/qemu-iotests/173
@@ -47,9 +47,9 @@ size=100M
 BASE_IMG="${TEST_DIR}/image.base"
 TOP_IMG="${TEST_DIR}/image.snp1"

-TEST_IMG="${BASE_IMG}" _make_test_img $size
+TEST_IMG_FILE="${BASE_IMG}" _make_test_img $size

-TEST_IMG="${TOP_IMG}" _make_test_img $size
+TEST_IMG_FILE="${TOP_IMG}" _make_test_img $size

 echo
 echo === Running QEMU, using block-stream to find backing image ===
diff --git a/tests/qemu-iotests/173.out b/tests/qemu-iotests/173.out
index f477a0099a32..e83d17ec2f64 100644
--- a/tests/qemu-iotests/173.out
+++ b/tests/qemu-iotests/173.out
@@ -7,6 +7,10 @@ Formatting 'TEST_DIR/image.snp1', fmt=IMGFMT size=104857600
 {"return": {}}
 {"return": {}}
 {"return": {}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"JOB_STATUS_CHANGE", "data": {"status": "created", "id": "disk2"}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"JOB_STATUS_CHANGE", "data": {"status": "running", "id": "disk2"}}
 {"return": {}}
-{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"BLOCK_JOB_COMPLETED", "data": {"device": "disk2", "len": 104857600, "offset": 
104857600, "speed": 0, "type": "stream"}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"JOB_STATUS_CHANGE", "data": {"status": "waiting", "id": "disk2"}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"JOB_STATUS_CHANGE", "data": {"status": "pending", "id": "disk2"}}
+{"timestamp": {"seconds":  TIMESTAMP, "microseconds":  TIMESTAMP}, "event": 
"BLOCK_JOB_COMPLETED", "data": {"device": "disk2", "len": 0, "offset": 0, 
"speed": 0, "type": "stream"}}
 *** done
-- 
2.21.0

[PATCH v2 3/3] tests: More iotest 223 improvements

[Eric Blake]

Run the core of the test twice, once without iothreads, and again
with, for more coverage of both setups.

Suggested-by: Nir Soffer 
Signed-off-by: Eric Blake 
---
 tests/qemu-iotests/223 | 16 ++-
 tests/qemu-iotests/223.out | 85 +-
 2 files changed, 97 insertions(+), 4 deletions(-)

diff --git a/tests/qemu-iotests/223 b/tests/qemu-iotests/223
index 2ba3d8124b4f..8b43ddb02b2c 100755
--- a/tests/qemu-iotests/223
+++ b/tests/qemu-iotests/223
@@ -117,10 +117,19 @@ _send_qemu_cmd $QEMU_HANDLE 
'{"execute":"qmp_capabilities"}' "return"
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"blockdev-add",
   "arguments":{"driver":"qcow2", "node-name":"n",
 "file":{"driver":"file", "filename":"'"$TEST_IMG"'"}}}' "return"
-_send_qemu_cmd $QEMU_HANDLE '{"execute":"x-blockdev-set-iothread",
-  "arguments":{"node-name":"n", "iothread":"io0"}}' "return"
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"block-dirty-bitmap-disable",
   "arguments":{"node":"n", "name":"b"}}' "return"
+
+for attempt in normal iothread; do
+
+echo
+echo "=== Set up NBD with $attempt access ==="
+echo
+if [ $attempt = iothread ]; then
+_send_qemu_cmd $QEMU_HANDLE '{"execute":"x-blockdev-set-iothread",
+  "arguments":{"node-name":"n", "iothread":"io0"}}' "return"
+fi
+
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-add",
   "arguments":{"device":"n"}}' "error" # Attempt add without server
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-start",
@@ -180,6 +189,9 @@ _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-remove",
   "arguments":{"name":"n2"}}' "error" # Attempt duplicate clean
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-stop"}' "return"
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"nbd-server-stop"}' "error" # Again
+
+done
+
 _send_qemu_cmd $QEMU_HANDLE '{"execute":"quit"}' "return"
 wait=yes _cleanup_qemu

diff --git a/tests/qemu-iotests/223.out b/tests/qemu-iotests/223.out
index 8bfc5072ea9d..ed543047956f 100644
--- a/tests/qemu-iotests/223.out
+++ b/tests/qemu-iotests/223.out
@@ -28,10 +28,91 @@ wrote 2097152/2097152 bytes at offset 2097152
 {"return": {}}
 {"execute":"blockdev-add", "arguments":{"driver":"qcow2", "node-name":"n", 
"file":{"driver":"file", "filename":"TEST_DIR/t.qcow2"}}}
 {"return": {}}
-{"execute":"x-blockdev-set-iothread", "arguments":{"node-name":"n", 
"iothread":"io0"}}
-{"return": {}}
 {"execute":"block-dirty-bitmap-disable", "arguments":{"node":"n", "name":"b"}}
 {"return": {}}
+
+=== Set up NBD with normal access ===
+
+{"execute":"nbd-server-add", "arguments":{"device":"n"}}
+{"error": {"class": "GenericError", "desc": "NBD server not running"}}
+{"execute":"nbd-server-start", "arguments":{"addr":{"type":"unix", 
"data":{"path":"TEST_DIR/nbd"
+{"return": {}}
+{"execute":"nbd-server-start", "arguments":{"addr":{"type":"unix", 
"data":{"path":"TEST_DIR/nbd1"
+{"error": {"class": "GenericError", "desc": "NBD server already running"}}
+exports available: 0
+{"execute":"nbd-server-add", "arguments":{"device":"n", "bitmap":"b"}}
+{"return": {}}
+{"execute":"nbd-server-add", "arguments":{"device":"nosuch"}}
+{"error": {"class": "GenericError", "desc": "Cannot find device=nosuch nor 
node_name=nosuch"}}
+{"execute":"nbd-server-add", "arguments":{"device":"n"}}
+{"error": {"class": "GenericError", "desc": "NBD server already has export 
named 'n'"}}
+{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", 
"bitmap":"b2"}}
+{"error": {"class": "GenericError", "desc": "Enabled bitmap 'b2' incompatible 
with readonly export"}}
+{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", 
"bitmap":"b3"}}
+{"error": {"class": "GenericError", "desc": "Bitmap 'b3' is not found"}}
+{"execute":"nbd-server-add", "arguments":{"device":"n", "name":"n2", 
"writable":true, "bitmap":"b2"}}
+{"return": {}}
+exports available: 2
+ export: 'n'
+  size:  4194304
+  flags: 0x58f ( readonly flush fua df multi cache )
+  min block: 1
+  opt block: 4096
+  max block: 33554432
+  available meta contexts: 2
+   base:allocation
+   qemu:dirty-bitmap:b
+ export: 'n2'
+  size:  4194304
+  flags: 0xced ( flush fua trim zeroes df cache fast-zero )
+  min block: 1
+  opt block: 4096
+  max block: 33554432
+  available meta contexts: 2
+   base:allocation
+   qemu:dirty-bitmap:b2
+
+=== Contrast normal status to large granularity dirty-bitmap ===
+
+read 512/512 bytes at offset 512
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 524288/524288 bytes at offset 524288
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 1048576/1048576 bytes at offset 1048576
+1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 2097152/2097152 bytes at offset 2097152
+2 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+[{ "start": 0, "length": 4096, "depth": 0, "zero": false, "data": true, 
"offset": OFFSET},
+{ "start": 4096, "length": 1044480, "depth": 0, "zero": true, "data": false, 
"offset": OFFSET},
+{ "start": 1048576, "length": 3145728, "dep

[Bug 1848244] [NEW] QEMU KVM IGD SandyBridge Passthrough crash

[Anastasios Vacharakis]

Public bug reported:

I try to passthrough my Intel GPU with this command:

qemu-system-x86_64 -nodefaults -parallel none -k de -rtc base=localtime
-serial unix:/run/qemu/win7-serial.sock,server,nowait -monitor
unix:/run/qemu/win7-monitor.sock,server,nowait -netdev user,id=net0
-device virtio-net-pci,netdev=net0,mac=52:54:00:00:00:07 -device vfio-
pci,host=:00:02.0,addr=0x2 -device vfio-pci,host=:00:1b.0
-device virtio-keyboard-pci -device virtio-mouse-pci -object input-
linux,id=kbd1,evdev=/dev/input/by-path/pci-:00:1a.0-usb-0:1.2.2:1.2
-event-kbd,grab_all=on,repeat=on -object input-
linux,id=mouse1,evdev=/dev/input/by-
path/pci-:00:1a.0-usb-0:1.2.2:1.2-event-mouse -enable-kvm -cpu host
-smp 4,sockets=1,cores=4,threads=1 -vga none -display none -m 2g -device
virtio-blk-pci,drive=boot,bootindex=1 -drive
file=/opt/vm/qcow2/win7.qcow2,format=qcow2,if=none,id=boot

This ONLY works if i remove "-enable-kvm" else the windows (7 and 10)
boot crashes in bluescreen "stop 0x003b" (probably while loading the
intel gpu driver (intel graphics 3000).

The system is an older ThinkPad T420 with Intel(R) Core(TM) i5-2520M CPU
@ 2.50GHz.

CMDLINE: BOOT_IMAGE=/vmlinuz-linux root=LABEL=root rw ipv6.disable=0
net.ifnames=0 intel_iommu=on iommu=pt video=LVDS-1:d

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848244

Title:
  QEMU KVM IGD SandyBridge Passthrough crash

Status in QEMU:
  New

Bug description:
  I try to passthrough my Intel GPU with this command:

  qemu-system-x86_64 -nodefaults -parallel none -k de -rtc
  base=localtime -serial unix:/run/qemu/win7-serial.sock,server,nowait
  -monitor unix:/run/qemu/win7-monitor.sock,server,nowait -netdev
  user,id=net0 -device virtio-net-pci,netdev=net0,mac=52:54:00:00:00:07
  -device vfio-pci,host=:00:02.0,addr=0x2 -device vfio-
  pci,host=:00:1b.0 -device virtio-keyboard-pci -device virtio-
  mouse-pci -object input-linux,id=kbd1,evdev=/dev/input/by-
  path/pci-:00:1a.0-usb-0:1.2.2:1.2-event-kbd,grab_all=on,repeat=on
  -object input-linux,id=mouse1,evdev=/dev/input/by-
  path/pci-:00:1a.0-usb-0:1.2.2:1.2-event-mouse -enable-kvm -cpu
  host -smp 4,sockets=1,cores=4,threads=1 -vga none -display none -m 2g
  -device virtio-blk-pci,drive=boot,bootindex=1 -drive
  file=/opt/vm/qcow2/win7.qcow2,format=qcow2,if=none,id=boot

  This ONLY works if i remove "-enable-kvm" else the windows (7 and 10)
  boot crashes in bluescreen "stop 0x003b" (probably while loading
  the intel gpu driver (intel graphics 3000).

  The system is an older ThinkPad T420 with Intel(R) Core(TM) i5-2520M
  CPU @ 2.50GHz.

  CMDLINE: BOOT_IMAGE=/vmlinuz-linux root=LABEL=root rw ipv6.disable=0
  net.ifnames=0 intel_iommu=on iommu=pt video=LVDS-1:d

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848244/+subscriptions

Re: [PATCH v3 3/3] capstone: Add s390x skipdata callback

[Richard Henderson]

On 10/15/19 11:46 AM, Thomas Huth wrote:
>> +cap_skipdata_s390x_cb(const uint8_t *code, size_t code_size,
>> +  size_t offset, void *user_data)
>> +{
>> +size_t ilen;
>> +
>> +/* See get_ilen() in target/s390x/internal.h.  */
>> +switch (code[offset] >> 6) {
>> +case 0:
>> +ilen = 2;
>> +break;
>> +case 1:
>> +case 2:
>> +ilen = 4;
>> +break;
>> +default:
>> +ilen = 6;
>> +break;
>> +}
>> +
>> +return ilen;
>> +}
> 
> The kernel has also a nice function to calculate this:
> 
> static inline int insn_length(unsigned char code)
> {
> return int) code + 64) >> 7) + 1) << 1;
> }
> 
> ... but the switch-case is likely easier to read, so anyway:

Clever.

I don't mind swapping to the kernel version, so long as we convert the
target/s390x/internal.h function as well.


r~

Re: [PATCH v3 01/10] qdev/qbus: add hidden device support

[Alex Williamson]

On Fri, 11 Oct 2019 13:20:06 +0200
Jens Freimann  wrote:

> This adds support for hiding a device to the qbus and qdev APIs.  The
> first user of this will be the virtio-net failover feature but the API
> introduced with this patch could be used to implement other features as
> well, for example hiding pci devices when a pci bus is powered off.
> 
> qdev_device_add() is modified to check for a net_failover_pair_id
> argument in the option string. A DeviceListener callback
> should_be_hidden() is added. It can be used by a standby device to
> inform qdev that this device should not be added now. The standby device
> handler can store the device options to plug the device in at a later
> point in time.
> 
> One reason for hiding the device is that we don't want to expose both
> devices to the guest kernel until the respective virtio feature bit
> VIRTIO_NET_F_STANDBY was negotiated and we know that the devices will be
> handled correctly by the guest.
> 
> More information on the kernel feature this is using:
>  https://www.kernel.org/doc/html/latest/networking/net_failover.html
> 
> An example where the primary device is a vfio-pci device and the standby
> device is a virtio-net device:
> 
> A device is hidden when it has an "net_failover_pair_id" option, e.g.
> 
>  -device virtio-net-pci,...,failover=on,...
>  -device vfio-pci,...,net_failover_pair_id=net1,...
> 
> Signed-off-by: Jens Freimann 
> ---
>  hw/core/qdev.c | 19 +++
>  include/hw/qdev-core.h |  9 +
>  qdev-monitor.c | 43 ++
>  vl.c   |  6 --
>  4 files changed, 71 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> index cbad6c1d55..84fac591ca 100644
> --- a/hw/core/qdev.c
> +++ b/hw/core/qdev.c
> @@ -212,6 +212,25 @@ void device_listener_unregister(DeviceListener *listener)
>  QTAILQ_REMOVE(&device_listeners, listener, link);
>  }
>  
> +bool qdev_should_hide_device(QemuOpts *opts, Error **errp)
> +{
> +bool res = false;
> +bool match_found = false;
> +DeviceListener *listener;
> +
> +QTAILQ_FOREACH(listener, &device_listeners, link) {
> +   if (listener->should_be_hidden) {
> +listener->should_be_hidden(listener, opts, &match_found, &res);
> +}
> +
> +if (match_found) {
> +break;
> +}

Calling convention here seems overly complicated, couldn't
should_be_hidden() just return >0 (should be hidden), 0 (should not be
hidden), <0 (don't care), ie. continue until >=0?  The errp arg is
unused and using "res" to return should/shouldn't hide is very unclear.
The virtio callback renames this to hide, which makes more sense, but
as above, both the stop and hidden state could be conveyed with a
simple int return value.  Thanks,

Alex

> +}
> +
> +return res;
> +}
> +
>  void qdev_set_legacy_instance_id(DeviceState *dev, int alias_id,
>   int required_for_version)
>  {
> diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
> index aa123f88cb..b61cf82ded 100644
> --- a/include/hw/qdev-core.h
> +++ b/include/hw/qdev-core.h
> @@ -154,6 +154,13 @@ struct DeviceState {
>  struct DeviceListener {
>  void (*realize)(DeviceListener *listener, DeviceState *dev);
>  void (*unrealize)(DeviceListener *listener, DeviceState *dev);
> +/*
> + * This callback is called just upon init of the DeviceState
> + * and can be used by a standby device for informing qdev if this
> + * device should be hidden by checking the device opts
> + */
> +void (*should_be_hidden)(DeviceListener *listener, QemuOpts *device_opts,
> +bool *match_found, bool *res);
>  QTAILQ_ENTRY(DeviceListener) link;
>  };
>  
> @@ -451,4 +458,6 @@ static inline bool qbus_is_hotpluggable(BusState *bus)
>  void device_listener_register(DeviceListener *listener);
>  void device_listener_unregister(DeviceListener *listener);
>  
> +bool qdev_should_hide_device(QemuOpts *opts, Error **errp);
> +
>  #endif
> diff --git a/qdev-monitor.c b/qdev-monitor.c
> index 148df9cacf..9fc8331157 100644
> --- a/qdev-monitor.c
> +++ b/qdev-monitor.c
> @@ -32,9 +32,11 @@
>  #include "qemu/help_option.h"
>  #include "qemu/option.h"
>  #include "qemu/qemu-print.h"
> +#include "qemu/option_int.h"
>  #include "sysemu/block-backend.h"
>  #include "sysemu/sysemu.h"
>  #include "migration/misc.h"
> +#include "migration/migration.h"
>  
>  /*
>   * Aliases were a bad idea from the start.  Let's keep them
> @@ -562,14 +564,45 @@ void qdev_set_id(DeviceState *dev, const char *id)
>  }
>  }
>  
> +static int is_failover_device(void *opaque, const char *name, const char 
> *value,
> +Error **errp)
> +{
> +if (strcmp(name, "net_failover_pair_id") == 0) {
> +QemuOpts *opts = (QemuOpts *)opaque;
> +
> +if (qdev_should_hide_device(opts, errp) && errp && !*errp) {
> +return 1;
> +} else 

Re: [PATCH v5 53/55] plugins: add sparc64 instruction classification table

[Alex Bennée]

Richard Henderson  writes:

> On 10/14/19 3:49 AM, Alex Bennée wrote:
>> +InsnClassExecCount sparc32_insn_classes[] = {
>> +{ "Call","call",   0xc000, 0x4000, COUNT_CLASS},
>> +{ "Branch ICond","bcc",0xc1c0, 0x0080, COUNT_CLASS},
>> +{ "Branch Fcond","fbcc",   0xc1c0, 0x0180, COUNT_CLASS},
>> +{ "SetHi",   "sethi",  0xc1c0, 0x0100, COUNT_CLASS},
>> +{ "FPU ALU", "fpu",0xc1f0, 0x81a0, COUNT_CLASS},
>> +{ "ALU", "alu",0xc000, 0x8000, COUNT_CLASS},
>> +{ "Load/Store",  "ldst",   0xc000, 0xc000, COUNT_CLASS},
>> +/* Unclassified */
>> +{ "Unclassified","unclas", 0x, 0x, 
>> COUNT_INDIVIDUAL},
>> +};
>> +
>
> Unused.  You'd see this if they were static.

How similar are the sparc and sparc64 decodes? Is there a canonical
table you can point to?

>
>
> r~


--
Alex Bennée

Re: [PATCH v3 0/10] add failover feature for assigned network devices

[Alex Williamson]

On Fri, 11 Oct 2019 13:20:05 +0200
Jens Freimann  wrote:

> This is implementing the host side of the net_failover concept
> (https://www.kernel.org/doc/html/latest/networking/net_failover.html)
> 
> Changes since v2:
> * back out of creating failover pair when it is a non-networking
>   vfio-pci device (Alex W)
> * handle migration state change from within the migration thread. I do a
>   timed wait on a semaphore and then check if all unplugs were
>   succesful. Added a new function to each device that checks the device
>   if the unplug for it has happened. When all devices report the succesful
>   unplug *or* the time/retries is up, continue with the migration or
>   cancel. When not all devices could be unplugged I am cancelling at the
>   moment. It is likely that we can't plug it back at the destination which
>   would result in degraded network performance.
> * fix a few bugs regarding re-plug on migration source and target 
> * run full set of tests including migration tests
> * add patch for libqos to tolerate new migration state
> * squashed patch 1 and 2, added patch 8 
>  
> The general idea is that we have a pair of devices, a vfio-pci and a
> virtio-net device. Before migration the vfio device is unplugged and data
> flows to the virtio-net device, on the target side another vfio-pci device
> is plugged in to take over the data-path. In the guest the net_failover
> module will pair net devices with the same MAC address.
> 
> * Patch 1 adds the infrastructure to hide the device for the qbus and qdev 
> APIs
> 
> * Patch 2 sets a new flag for PCIDevice 'partially_hotplugged' which we
>   use to skip the unrealize code path when doing a unplug of the primary
>   device
> 
> * Patch 3 sets the pending_deleted_event before triggering the guest
>   unplug request

These only cover pcie hotplug, is this feature somehow dependent on
pcie?  There's also ACPI-based PCI hotplug, SHPC hotplug, and it looks
like s390 has it's own version (of course) of PCI hotplug.  IMO, we
either need to make an attempt to support this universally or the
option needs to fail if the hotplug controller doesn't support partial
removal.  Thanks,

Alex

Re: [PATCH v5 23/55] translator: add translator_ld{ub,sw,uw,l,q}

[Alex Bennée]

Peter Maydell  writes:

> On Mon, 14 Oct 2019 at 12:38, Alex Bennée  wrote:
>>
>> From: "Emilio G. Cota" 
>>
>> We don't bother with replicating the fast path (tlb_hit) of the old
>> cpu_ldst helpers as it has no measurable effect on performance. This
>> probably indicates we should consider flattening the whole set of
>> helpers but that is out of scope for this change.
>>
>> Suggested-by: Richard Henderson 
>> Signed-off-by: Emilio G. Cota 
>> [AJB: directly plumb into softmmu/user helpers]
>> Signed-off-by: Alex Bennée 
>>
>> diff --git a/tcg/tcg.h b/tcg/tcg.h
>> index a38659ea5b..302533b463 100644
>> --- a/tcg/tcg.h
>> +++ b/tcg/tcg.h
>> @@ -1317,6 +1317,7 @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, 
>> target_ulong addr,
>>  # define helper_ret_stl_mmu   helper_be_stl_mmu
>>  # define helper_ret_stq_mmu   helper_be_stq_mmu
>>  # define helper_ret_ldw_cmmu  helper_be_ldw_cmmu
>> +# define helper_ret_lduw_cmmu helper_be_ldw_cmmu
>>  # define helper_ret_ldl_cmmu  helper_be_ldl_cmmu
>>  # define helper_ret_ldq_cmmu  helper_be_ldq_cmmu
>>  #else
>> @@ -1330,6 +1331,7 @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, 
>> target_ulong addr,
>>  # define helper_ret_stl_mmu   helper_le_stl_mmu
>>  # define helper_ret_stq_mmu   helper_le_stq_mmu
>>  # define helper_ret_ldw_cmmu  helper_le_ldw_cmmu
>> +# define helper_ret_lduw_cmmu helper_le_ldw_cmmu
>>  # define helper_ret_ldl_cmmu  helper_le_ldl_cmmu
>>  # define helper_ret_ldq_cmmu  helper_le_ldq_cmmu
>>  #endif
>
> This looks odd. Why is it ok to define a 'lduw' helper
> as the 'ldw' cmmu helper ? One ought to be sign
> extending and the other not...

This is the alternative:

3 files changed, 9 insertions(+), 17 deletions(-)
include/exec/translator.h | 19 +--
include/qemu/bswap.h  |  5 -
tcg/tcg.h |  2 --

modified   include/exec/translator.h
@@ -158,26 +158,26 @@ void translator_loop_temp_check(DisasContextBase *db);

 #ifdef CONFIG_USER_ONLY

-#define DO_LOAD(type, name, shift)   \
+#define DO_LOAD(type, name, uname, shift)\
 set_helper_retaddr(1);   \
-ret = name ## _p(g2h(pc));   \
+ret = uname ## _p(g2h(pc));  \
 clear_helper_retaddr();

 #else

-#define DO_LOAD(type, name, shift)   \
+#define DO_LOAD(type, name, uname, shift)\
 int mmu_idx = cpu_mmu_index(env, true);  \
 TCGMemOpIdx oi = make_memop_idx(shift, mmu_idx); \
 ret = helper_ret_ ## name ## _cmmu(env, pc, oi, 0);

 #endif

-#define GEN_TRANSLATOR_LD(fullname, name, type, shift, swap_fn) \
+#define GEN_TRANSLATOR_LD(fullname, name, uname, type, shift, swap_fn)  \
 static inline type  \
 fullname ## _swap(CPUArchState *env, abi_ptr pc, bool do_swap)  \
 {   \
 type ret;   \
-DO_LOAD(type, name, shift)  \
+DO_LOAD(type, name, uname, shift)   \
 \
 if (do_swap) {  \
 ret = swap_fn(ret); \
@@ -191,11 +191,10 @@ void translator_loop_temp_check(DisasContextBase *db);
 return fullname ## _swap(env, pc, false);   \
 }

-GEN_TRANSLATOR_LD(translator_ldub, ldb, uint8_t, 0, /* no swap needed */)
-GEN_TRANSLATOR_LD(translator_ldsw, lduw, int16_t, 1, bswap16)
-GEN_TRANSLATOR_LD(translator_lduw, lduw, uint16_t, 1, bswap16)
-GEN_TRANSLATOR_LD(translator_ldl, ldl, uint32_t, 2, bswap32)
-GEN_TRANSLATOR_LD(translator_ldq, ldq, uint64_t, 3, bswap64)
+GEN_TRANSLATOR_LD(translator_ldub, ldb, ldub, uint8_t, 0, /* no swap needed */)
+GEN_TRANSLATOR_LD(translator_ldw, ldw, lduw, uint16_t, 1, bswap16)
+GEN_TRANSLATOR_LD(translator_ldl, ldl, ldl, uint32_t, 2, bswap32)
+GEN_TRANSLATOR_LD(translator_ldq, ldq, ldl, uint64_t, 3, bswap64)
 #undef GEN_TRANSLATOR_LD

 #endif  /* EXEC__TRANSLATOR_H */
modified   include/qemu/bswap.h
@@ -306,11 +306,6 @@ static inline int ldub_p(const void *ptr)
 return *(uint8_t *)ptr;
 }

-static inline int ldb_p(const void *ptr)
-{
-return ldub_p(ptr);
-}
-
 static inline int ldsb_p(const void *ptr)
 {
 return *(int8_t *)ptr;
modified   tcg/tcg.h
@@ -1317,7 +1317,6 @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, 
target_ulong addr,
 # define helper_ret_stl_mmu   helper_be_stl_mmu
 # define helper_ret_stq_mmu   helper_be_stq_mmu
 # define helper_ret_ldw_cmmu  helper_be_ldw_cmmu
-# define helper_ret_lduw_cmmu helper_be_ldw_cmmu
 # define helper_ret_ldl_cmmu  helper_be_ldl_cmmu
 # define helper_ret_ldq_cmmu  helper_be_ldq_cmmu
 #else
@@ -1331,7 +1330,6 @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, 
target_ulong addr,

Re: [PATCH v5 23/55] translator: add translator_ld{ub,sw,uw,l,q}

[Alex Bennée]

Peter Maydell  writes:

> On Mon, 14 Oct 2019 at 12:38, Alex Bennée  wrote:
>>
>> From: "Emilio G. Cota" 
>>
>> We don't bother with replicating the fast path (tlb_hit) of the old
>> cpu_ldst helpers as it has no measurable effect on performance. This
>> probably indicates we should consider flattening the whole set of
>> helpers but that is out of scope for this change.
>>
>> Suggested-by: Richard Henderson 
>> Signed-off-by: Emilio G. Cota 
>> [AJB: directly plumb into softmmu/user helpers]
>> Signed-off-by: Alex Bennée 
>>
>> diff --git a/tcg/tcg.h b/tcg/tcg.h
>> index a38659ea5b..302533b463 100644
>> --- a/tcg/tcg.h
>> +++ b/tcg/tcg.h
>> @@ -1317,6 +1317,7 @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, 
>> target_ulong addr,
>>  # define helper_ret_stl_mmu   helper_be_stl_mmu
>>  # define helper_ret_stq_mmu   helper_be_stq_mmu
>>  # define helper_ret_ldw_cmmu  helper_be_ldw_cmmu
>> +# define helper_ret_lduw_cmmu helper_be_ldw_cmmu
>>  # define helper_ret_ldl_cmmu  helper_be_ldl_cmmu
>>  # define helper_ret_ldq_cmmu  helper_be_ldq_cmmu
>>  #else
>> @@ -1330,6 +1331,7 @@ uint64_t helper_be_ldq_cmmu(CPUArchState *env, 
>> target_ulong addr,
>>  # define helper_ret_stl_mmu   helper_le_stl_mmu
>>  # define helper_ret_stq_mmu   helper_le_stq_mmu
>>  # define helper_ret_ldw_cmmu  helper_le_ldw_cmmu
>> +# define helper_ret_lduw_cmmu helper_le_ldw_cmmu
>>  # define helper_ret_ldl_cmmu  helper_le_ldl_cmmu
>>  # define helper_ret_ldq_cmmu  helper_le_ldq_cmmu
>>  #endif
>
> This looks odd. Why is it ok to define a 'lduw' helper
> as the 'ldw' cmmu helper ? One ought to be sign
> extending and the other not...

This was attempting to make things line up between the softmmu helpers
and the user-mode ld*_p helpers that we need to expand to. I'm not sure
a sign extending loader even makes sense for code load anyway.

>
> thanks
> -- PMM


--
Alex Bennée

Re: [PATCH v3 1/3] capstone: Update to master

[Thomas Huth]

On 15/10/2019 19.51, Richard Henderson wrote:
> Update to 418d36d695e0.  Choose this over the 4.0.1 tag because
> master now includes the s390x z13 vector opcodes.
In case you respin, please mention that this (hopefully) also fixes
https://bugs.launchpad.net/qemu/+bug/1826175

 Thanks,
  Thomas

Re: [PATCH v3 3/3] capstone: Add s390x skipdata callback

[Thomas Huth]

On 15/10/2019 19.51, Richard Henderson wrote:
> Capstone assumes any unknown instruction is 2 bytes.
> Instead, use the ilen field in the first two bits of
> the instruction to stay in sync with the insn stream.
> 
> Signed-off-by: Richard Henderson 
> ---
>  disas.c | 37 +
>  1 file changed, 37 insertions(+)
> 
> diff --git a/disas.c b/disas.c
> index 51c71534a3..2a000cbeb0 100644
> --- a/disas.c
> +++ b/disas.c
> @@ -178,6 +178,39 @@ static int print_insn_od_target(bfd_vma pc, 
> disassemble_info *info)
> to share this across calls and across host vs target disassembly.  */
>  static __thread cs_insn *cap_insn;
>  
> +/*
> + * The capstone library always skips 2 bytes for S390X.
> + * This is less than ideal, since we can tell from the first two bits
> + * the size of the insn and thus stay in sync with the insn stream.
> + */
> +static size_t CAPSTONE_API
> +cap_skipdata_s390x_cb(const uint8_t *code, size_t code_size,
> +  size_t offset, void *user_data)
> +{
> +size_t ilen;
> +
> +/* See get_ilen() in target/s390x/internal.h.  */
> +switch (code[offset] >> 6) {
> +case 0:
> +ilen = 2;
> +break;
> +case 1:
> +case 2:
> +ilen = 4;
> +break;
> +default:
> +ilen = 6;
> +break;
> +}
> +
> +return ilen;
> +}

The kernel has also a nice function to calculate this:

static inline int insn_length(unsigned char code)
{
return int) code + 64) >> 7) + 1) << 1;
}

... but the switch-case is likely easier to read, so anyway:

Reviewed-by: Thomas Huth 

Re: [PULL v2 00/67] target-arm queue

[Peter Maydell]

On Tue, 15 Oct 2019 at 18:15, Peter Maydell  wrote:
>
> v1->v2 changes: dropped the patch adding the new ast2600
> board, as it doesn't pass "make check" on 32-bit hosts or
> low-memory hosts.
>
> thanks
> -- PMM
>
> The following changes since commit 3af78db68176a049e2570822f64604e0692c1447:
>
>   Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging 
> (2019-10-15 13:25:05 +0100)
>
> are available in the Git repository at:
>
>   https://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20191015
>
> for you to fetch changes up to 19845504da1bdee4be7d0fba33da5be9efa4c11b:
>
>   hw/misc/bcm2835_mbox: Add trace events (2019-10-15 18:09:05 +0100)
>
> 
> target-arm queue:
>  * Add Aspeed AST2600 SoC support (but no new board model yet)
>  * aspeed/wdt: Check correct register for clock source
>  * bcm2835: code cleanups, better logging, trace events
>  * implement v2.0 of the Arm semihosting specification
>  * provide new 'transaction-based' ptimer API and use it
>for the Arm devices that use ptimers
>  * ARM: KVM: support more than 256 CPUs
>



Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/4.2
for any user-visible changes.

-- PMM

[PATCH v3 0/5] qcow2: advanced compression options

[Andrey Shinkevich]

New enhancements for writing compressed data to QCOW2 image.

The preceding patches have been queued in the Max's block branch:

Based-on: <20190916175324.18478-1-vsement...@virtuozzo.com>

v2:
Instead of introducing multiple key options for many drivers, the
'compression' option has been introduced on generic block layer
as suggested by Roman Kagan. Discussed on the thread ID
<1570026166-748566-1-git-send-email-andrey.shinkev...@virtuozzo.com>

Andrey Shinkevich (5):
  qcow2: Allow writing compressed data of multiple clusters
  tests/qemu-iotests: add case to write compressed data of multiple
clusters
  block: support compressed write for copy-on-read
  block-stream: add compress option
  tests/qemu-iotests: add case for block-stream compress

 block.c|  12 -
 block/io.c |  23 +++---
 block/qcow2.c  | 106 +
 block/qcow2.h  |   1 +
 block/stream.c |  10 -
 block/trace-events |   2 +-
 blockdev.c |  16 ++-
 include/block/block.h  |   1 +
 include/block/block_int.h  |   2 +
 qapi/block-core.json   |   6 ++-
 qemu-options.hx|   6 ++-
 tests/qemu-iotests/030 |  51 +-
 tests/qemu-iotests/030.out |   4 +-
 tests/qemu-iotests/214 |  35 +++
 tests/qemu-iotests/214.out |  15 +++
 15 files changed, 246 insertions(+), 44 deletions(-)

-- 
1.8.3.1

[PATCH v3 2/5] tests/qemu-iotests: add case to write compressed data of multiple clusters

[Andrey Shinkevich]

Add the test case to the iotest #214 that checks possibility of writing
compressed data of more than one cluster size.

Signed-off-by: Andrey Shinkevich 
---
 tests/qemu-iotests/214 | 35 +++
 tests/qemu-iotests/214.out | 15 +++
 2 files changed, 50 insertions(+)

diff --git a/tests/qemu-iotests/214 b/tests/qemu-iotests/214
index 21ec8a2..0003dc2 100755
--- a/tests/qemu-iotests/214
+++ b/tests/qemu-iotests/214
@@ -89,6 +89,41 @@ _check_test_img -r all
 $QEMU_IO -c "read  -P 0x11  0 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
 $QEMU_IO -c "read  -P 0x22 4M 4M" "$TEST_IMG" 2>&1 | _filter_qemu_io | 
_filter_testdir
 
+echo
+echo "=== Write compressed data of multiple clusters ==="
+echo
+cluster_size=0x1
+_make_test_img 2M -o cluster_size=$cluster_size
+
+echo "Uncompressed data:"
+let data_size="8 * $cluster_size"
+$QEMU_IO -c "write -P 0xaa 0 $data_size" "$TEST_IMG" \
+ 2>&1 | _filter_qemu_io | _filter_testdir
+$QEMU_IMG info "$TEST_IMG" | sed -n '/disk size:/ s/^ *//p'
+
+_make_test_img 2M -o cluster_size=$cluster_size
+let data_size="3 * $cluster_size + ($cluster_size >> 1)"
+# Set compress=on. That will align the written data
+# by the cluster size and will write them compressed.
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT \
+$QEMU_IO -c "write -P 0xbb 0 $data_size" --image-opts \
+ driver=$IMGFMT,compress=on,file.filename=$TEST_IMG \
+ 2>&1 | _filter_qemu_io | _filter_testdir
+
+let offset="4 * $cluster_size"
+QEMU_IO_OPTIONS=$QEMU_IO_OPTIONS_NO_FMT \
+$QEMU_IO -c "write -P 0xcc $offset $data_size" "json:{\
+'driver': '$IMGFMT',
+'file': {
+'driver': 'file',
+'filename': '$TEST_IMG'
+},
+'compress': true
+}" | _filter_qemu_io | _filter_testdir
+
+echo "After the multiple cluster data have been written compressed,"
+$QEMU_IMG info "$TEST_IMG" | sed -n '/disk size:/ s/^ *//p'
+
 # success, all done
 echo '*** done'
 rm -f $seq.full
diff --git a/tests/qemu-iotests/214.out b/tests/qemu-iotests/214.out
index 0fcd8dc..09a2e9a 100644
--- a/tests/qemu-iotests/214.out
+++ b/tests/qemu-iotests/214.out
@@ -32,4 +32,19 @@ read 4194304/4194304 bytes at offset 0
 4 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
 read 4194304/4194304 bytes at offset 4194304
 4 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+
+=== Write compressed data of multiple clusters ===
+
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=2097152
+Uncompressed data:
+wrote 524288/524288 bytes at offset 0
+512 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+disk size: 772 KiB
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=2097152
+wrote 229376/229376 bytes at offset 0
+224 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+wrote 229376/229376 bytes at offset 262144
+224 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+After the multiple cluster data have been written compressed,
+disk size: 268 KiB
 *** done
-- 
1.8.3.1

[PATCH v3 3/5] block: support compressed write for copy-on-read

[Andrey Shinkevich]

Support the data compression during block-stream job over a backup
backing chain implemented in the following patch 'block-stream:
add compress option'.

Signed-off-by: Anton Nefedov 
Signed-off-by: Denis V. Lunev 
Signed-off-by: Andrey Shinkevich 
---
 block/io.c | 21 -
 block/trace-events |  2 +-
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/block/io.c b/block/io.c
index 6a5509c..fc7f157 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1264,12 +1264,13 @@ static int coroutine_fn 
bdrv_co_do_copy_on_readv(BdrvChild *child,
  * allocating cluster in the image file.  Note that this value may exceed
  * BDRV_REQUEST_MAX_BYTES (even when the original read did not), which
  * is one reason we loop rather than doing it all at once.
+ * Also, this is crucial for compressed copy-on-read.
  */
 bdrv_round_to_clusters(bs, offset, bytes, &cluster_offset, &cluster_bytes);
 skip_bytes = offset - cluster_offset;
 
 trace_bdrv_co_do_copy_on_readv(bs, offset, bytes,
-   cluster_offset, cluster_bytes);
+   cluster_offset, cluster_bytes, flags);
 
 while (cluster_bytes) {
 int64_t pnum;
@@ -1328,9 +1329,15 @@ static int coroutine_fn 
bdrv_co_do_copy_on_readv(BdrvChild *child,
 /* This does not change the data on the disk, it is not
  * necessary to flush even in cache=writethrough mode.
  */
-ret = bdrv_driver_pwritev(bs, cluster_offset, pnum,
-  &local_qiov, 0,
-  BDRV_REQ_WRITE_UNCHANGED);
+if (flags & BDRV_REQ_WRITE_COMPRESSED) {
+ret = bdrv_driver_pwritev_compressed(bs, cluster_offset,
+ pnum, &local_qiov,
+ qiov_offset);
+} else {
+ret = bdrv_driver_pwritev(bs, cluster_offset, pnum,
+  &local_qiov, 0,
+  BDRV_REQ_WRITE_UNCHANGED);
+}
 }
 
 if (ret < 0) {
@@ -1396,7 +1403,11 @@ static int coroutine_fn bdrv_aligned_preadv(BdrvChild 
*child,
  * to pass through to drivers.  For now, there aren't any
  * passthrough flags.  */
 assert(!(flags & ~(BDRV_REQ_NO_SERIALISING | BDRV_REQ_COPY_ON_READ |
-   BDRV_REQ_PREFETCH)));
+   BDRV_REQ_PREFETCH | BDRV_REQ_WRITE_COMPRESSED)));
+
+/* write compressed only makes sense with copy on read */
+assert(!(flags & BDRV_REQ_WRITE_COMPRESSED) ||
+   (flags & BDRV_REQ_COPY_ON_READ));
 
 /* Handle Copy on Read and associated serialisation */
 if (flags & BDRV_REQ_COPY_ON_READ) {
diff --git a/block/trace-events b/block/trace-events
index 3aa27e6..f444548 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -14,7 +14,7 @@ blk_root_detach(void *child, void *blk, void *bs) "child %p 
blk %p bs %p"
 bdrv_co_preadv(void *bs, int64_t offset, int64_t nbytes, unsigned int flags) 
"bs %p offset %"PRId64" nbytes %"PRId64" flags 0x%x"
 bdrv_co_pwritev(void *bs, int64_t offset, int64_t nbytes, unsigned int flags) 
"bs %p offset %"PRId64" nbytes %"PRId64" flags 0x%x"
 bdrv_co_pwrite_zeroes(void *bs, int64_t offset, int count, int flags) "bs %p 
offset %"PRId64" count %d flags 0x%x"
-bdrv_co_do_copy_on_readv(void *bs, int64_t offset, unsigned int bytes, int64_t 
cluster_offset, int64_t cluster_bytes) "bs %p offset %"PRId64" bytes %u 
cluster_offset %"PRId64" cluster_bytes %"PRId64
+bdrv_co_do_copy_on_readv(void *bs, int64_t offset, unsigned int bytes, int64_t 
cluster_offset, int64_t cluster_bytes, int flags) "bs %p offset %"PRId64" bytes 
%u cluster_offset %"PRId64" cluster_bytes %"PRId64" flags 0x%x"
 bdrv_co_copy_range_from(void *src, uint64_t src_offset, void *dst, uint64_t 
dst_offset, uint64_t bytes, int read_flags, int write_flags) "src %p offset 
%"PRIu64" dst %p offset %"PRIu64" bytes %"PRIu64" rw flags 0x%x 0x%x"
 bdrv_co_copy_range_to(void *src, uint64_t src_offset, void *dst, uint64_t 
dst_offset, uint64_t bytes, int read_flags, int write_flags) "src %p offset 
%"PRIu64" dst %p offset %"PRIu64" bytes %"PRIu64" rw flags 0x%x 0x%x"
 
-- 
1.8.3.1

[PATCH v3 1/5] qcow2: Allow writing compressed data of multiple clusters

[Andrey Shinkevich]

QEMU currently supports writing compressed data of the size equal to
one cluster. This patch allows writing QCOW2 compressed data that
exceed one cluster. Now, we split buffered data into separate clusters
and write them compressed using the existing functionality.
To inform the block layer about writing all the data compressed, we
introduce the 'compress' command line option. Based on that option, the
written data will be aligned by the cluster size at the generic layer.

Suggested-by: Pavel Butsykin 
Suggested-by: Vladimir Sementsov-Ogievskiy 
Suggested-by: Roman Kagan 
Signed-off-by: Andrey Shinkevich 
---
 block.c   |  12 +-
 block/io.c|   2 +-
 block/qcow2.c | 106 ++
 block/qcow2.h |   1 +
 blockdev.c|   4 ++
 include/block/block.h |   1 +
 include/block/block_int.h |   2 +
 qapi/block-core.json  |   6 ++-
 qemu-options.hx   |   6 ++-
 9 files changed, 108 insertions(+), 32 deletions(-)

diff --git a/block.c b/block.c
index 5944124..4cfbea2 100644
--- a/block.c
+++ b/block.c
@@ -1418,6 +1418,11 @@ QemuOptsList bdrv_runtime_opts = {
 .type = QEMU_OPT_BOOL,
 .help = "always accept other writers (default: off)",
 },
+{
+.name = BDRV_OPT_COMPRESS,
+.type = QEMU_OPT_BOOL,
+.help = "compress all writes to the image (default: off)",
+},
 { /* end of list */ }
 },
 };
@@ -2983,6 +2988,11 @@ static BlockDriverState *bdrv_open_inherit(const char 
*filename,
 flags &= ~BDRV_O_RDWR;
 }
 
+if (!g_strcmp0(qdict_get_try_str(options, BDRV_OPT_COMPRESS), "on") ||
+qdict_get_try_bool(options, BDRV_OPT_COMPRESS, false)) {
+bs->all_write_compressed = true;
+}
+
 if (flags & BDRV_O_SNAPSHOT) {
 snapshot_options = qdict_new();
 bdrv_temp_snapshot_options(&snapshot_flags, snapshot_options,
@@ -3208,7 +3218,7 @@ static int bdrv_reset_options_allowed(BlockDriverState 
*bs,
  * in bdrv_reopen_prepare() so they can be left out of @new_opts */
 const char *const common_options[] = {
 "node-name", "discard", "cache.direct", "cache.no-flush",
-"read-only", "auto-read-only", "detect-zeroes", NULL
+"read-only", "auto-read-only", "detect-zeroes", "compress", NULL
 };
 
 for (e = qdict_first(bs->options); e; e = qdict_next(bs->options, e)) {
diff --git a/block/io.c b/block/io.c
index f8c3596..6a5509c 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1922,7 +1922,7 @@ static int coroutine_fn bdrv_aligned_pwritev(BdrvChild 
*child,
 } else if (flags & BDRV_REQ_ZERO_WRITE) {
 bdrv_debug_event(bs, BLKDBG_PWRITEV_ZERO);
 ret = bdrv_co_do_pwrite_zeroes(bs, offset, bytes, flags);
-} else if (flags & BDRV_REQ_WRITE_COMPRESSED) {
+} else if (flags & BDRV_REQ_WRITE_COMPRESSED || bs->all_write_compressed) {
 ret = bdrv_driver_pwritev_compressed(bs, offset, bytes,
  qiov, qiov_offset);
 } else if (bytes <= max_transfer) {
diff --git a/block/qcow2.c b/block/qcow2.c
index 7961c05..9a85d73 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1787,6 +1787,10 @@ static void qcow2_refresh_limits(BlockDriverState *bs, 
Error **errp)
 /* Encryption works on a sector granularity */
 bs->bl.request_alignment = qcrypto_block_get_sector_size(s->crypto);
 }
+if (bs->all_write_compressed) {
+bs->bl.request_alignment = MAX(bs->bl.request_alignment,
+   s->cluster_size);
+}
 bs->bl.pwrite_zeroes_alignment = s->cluster_size;
 bs->bl.pdiscard_alignment = s->cluster_size;
 }
@@ -4152,10 +4156,8 @@ fail:
 return ret;
 }
 
-/* XXX: put compressed sectors first, then all the cluster aligned
-   tables to avoid losing bytes in alignment */
 static coroutine_fn int
-qcow2_co_pwritev_compressed_part(BlockDriverState *bs,
+qcow2_co_pwritev_compressed_task(BlockDriverState *bs,
  uint64_t offset, uint64_t bytes,
  QEMUIOVector *qiov, size_t qiov_offset)
 {
@@ -4165,32 +4167,11 @@ qcow2_co_pwritev_compressed_part(BlockDriverState *bs,
 uint8_t *buf, *out_buf;
 uint64_t cluster_offset;
 
-if (has_data_file(bs)) {
-return -ENOTSUP;
-}
-
-if (bytes == 0) {
-/* align end of file to a sector boundary to ease reading with
-   sector based I/Os */
-int64_t len = bdrv_getlength(bs->file->bs);
-if (len < 0) {
-return len;
-}
-return bdrv_co_truncate(bs->file, len, PREALLOC_MODE_OFF, NULL);
-}
-
-if (offset_into_cluster(s, offset)) {
-return -EINVAL;
-}
+assert(bytes == s->cluster_size || (bytes < s->cluster_size &&
+   (offset + bytes == bs->total_sectors << BDRV_SECTOR_BITS)));
 
 buf = qemu_blockalign(bs, s->cluster_

[PATCH v3 5/5] tests/qemu-iotests: add case for block-stream compress

[Andrey Shinkevich]

Add a case to the iotest #030 that tests the 'compress' option for a
block-stream job.

Signed-off-by: Andrey Shinkevich 
---
 tests/qemu-iotests/030 | 51 +-
 tests/qemu-iotests/030.out |  4 ++--
 2 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
index f3766f2..f0f0e26 100755
--- a/tests/qemu-iotests/030
+++ b/tests/qemu-iotests/030
@@ -21,7 +21,8 @@
 import time
 import os
 import iotests
-from iotests import qemu_img, qemu_io
+from iotests import qemu_img, qemu_io, qemu_img_pipe
+import json
 
 backing_img = os.path.join(iotests.test_dir, 'backing.img')
 mid_img = os.path.join(iotests.test_dir, 'mid.img')
@@ -956,6 +957,54 @@ class TestSetSpeed(iotests.QMPTestCase):
 
 self.cancel_and_wait(resume=True)
 
+class TestCompressed(iotests.QMPTestCase):
+test_img_init_size = 0
+
+def setUp(self):
+qemu_img('create', '-f', iotests.imgfmt, backing_img, '1M')
+qemu_img('create', '-f', iotests.imgfmt, '-o',
+ 'backing_file=%s' % backing_img, mid_img)
+qemu_img('create', '-f', iotests.imgfmt, '-o',
+ 'backing_file=%s' % mid_img, test_img)
+qemu_io('-c', 'write -P 0x1 0 512k', backing_img)
+top = json.loads(qemu_img_pipe('info', '--output=json', test_img))
+self.test_img_init_size = top['actual-size']
+self.vm = iotests.VM().add_drive(test_img, "backing.node-name=mid," +
+ "backing.backing.node-name=base," +
+ "compress=on")
+self.vm.launch()
+
+def tearDown(self):
+self.vm.shutdown()
+os.remove(test_img)
+os.remove(mid_img)
+os.remove(backing_img)
+
+def test_stream_compress(self):
+self.assert_no_active_block_jobs()
+
+result = self.vm.qmp('block-stream', device='mid', job_id='stream-mid')
+self.assert_qmp(result, 'return', {})
+
+self.wait_until_completed(drive='stream-mid')
+# Remove other 'JOB_STATUS_CHANGE' events for the job 'stream-mid'
+self.vm.get_qmp_events(wait=True)
+
+result = self.vm.qmp('block-stream', device='drive0',
+ job_id='stream-top')
+self.assert_qmp(result, 'return', {})
+
+self.wait_until_completed(drive='stream-top')
+self.vm.shutdown()
+
+top = json.loads(qemu_img_pipe('info', '--output=json', test_img))
+mid = json.loads(qemu_img_pipe('info', '--output=json', mid_img))
+base = json.loads(qemu_img_pipe('info', '--output=json', backing_img))
+
+self.assertEqual(mid['actual-size'], base['actual-size'])
+self.assertLess(top['actual-size'], mid['actual-size'])
+self.assertLess(self.test_img_init_size, top['actual-size'])
+
 if __name__ == '__main__':
 iotests.main(supported_fmts=['qcow2', 'qed'],
  supported_protocols=['file'])
diff --git a/tests/qemu-iotests/030.out b/tests/qemu-iotests/030.out
index 6d9bee1..af8dac1 100644
--- a/tests/qemu-iotests/030.out
+++ b/tests/qemu-iotests/030.out
@@ -1,5 +1,5 @@
-...
+
 --
-Ran 27 tests
+Ran 28 tests
 
 OK
-- 
1.8.3.1

[PATCH v3 4/5] block-stream: add compress option

[Andrey Shinkevich]

Allow data compression during block-stream job for backup backing chain.

Signed-off-by: Andrey Shinkevich 
---
 block/stream.c | 10 --
 blockdev.c | 12 +++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/block/stream.c b/block/stream.c
index 5562ccb..25f9324 100644
--- a/block/stream.c
+++ b/block/stream.c
@@ -41,10 +41,16 @@ typedef struct StreamBlockJob {
 static int coroutine_fn stream_populate(BlockBackend *blk,
 int64_t offset, uint64_t bytes)
 {
+BlockDriverState *bs = blk_bs(blk);
+int flags = BDRV_REQ_COPY_ON_READ | BDRV_REQ_PREFETCH;
+
+if (bs->all_write_compressed) {
+flags |= BDRV_REQ_WRITE_COMPRESSED;
+}
+
 assert(bytes < SIZE_MAX);
 
-return blk_co_preadv(blk, offset, bytes, NULL,
- BDRV_REQ_COPY_ON_READ | BDRV_REQ_PREFETCH);
+return blk_co_preadv(blk, offset, bytes, NULL, flags);
 }
 
 static void stream_abort(Job *job)
diff --git a/blockdev.c b/blockdev.c
index 2103730..fd824da 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -471,7 +471,7 @@ static BlockBackend *blockdev_init(const char *file, QDict 
*bs_opts,
 int bdrv_flags = 0;
 int on_read_error, on_write_error;
 bool account_invalid, account_failed;
-bool writethrough, read_only;
+bool writethrough, read_only, compress;
 BlockBackend *blk;
 BlockDriverState *bs;
 ThrottleConfig cfg;
@@ -570,6 +570,7 @@ static BlockBackend *blockdev_init(const char *file, QDict 
*bs_opts,
 }
 
 read_only = qemu_opt_get_bool(opts, BDRV_OPT_READ_ONLY, false);
+compress = qemu_opt_get_bool(opts, BDRV_OPT_COMPRESS, false);
 
 /* init */
 if ((!file || !*file) && !qdict_size(bs_opts)) {
@@ -595,6 +596,8 @@ static BlockBackend *blockdev_init(const char *file, QDict 
*bs_opts,
 qdict_set_default_str(bs_opts, BDRV_OPT_READ_ONLY,
   read_only ? "on" : "off");
 qdict_set_default_str(bs_opts, BDRV_OPT_AUTO_READ_ONLY, "on");
+qdict_set_default_str(bs_opts, BDRV_OPT_COMPRESS,
+  compress ? "on" : "off");
 assert((bdrv_flags & BDRV_O_CACHE_MASK) == 0);
 
 if (runstate_check(RUN_STATE_INMIGRATE)) {
@@ -3308,6 +3311,13 @@ void qmp_block_stream(bool has_job_id, const char 
*job_id, const char *device,
 goto out;
 }
 
+if (bs->all_write_compressed &&
+bs->drv->bdrv_co_pwritev_compressed_part == NULL) {
+error_setg(errp, "Compression is not supported for this drive %s",
+   bdrv_get_device_name(bs));
+goto out;
+}
+
 /* backing_file string overrides base bs filename */
 base_name = has_backing_file ? backing_file : base_name;
 
-- 
1.8.3.1

[PATCH v3 2/3] capstone: Enable disassembly for s390x

[Richard Henderson]

Enable s390x, aka SYSZ, in the git submodule build.
Set the capstone parameters for both s390x host and guest.

Signed-off-by: Richard Henderson 
---
 Makefile   | 1 +
 disas.c| 3 +++
 target/s390x/cpu.c | 4 
 3 files changed, 8 insertions(+)

diff --git a/Makefile b/Makefile
index 8ce48e0342..97e34be162 100644
--- a/Makefile
+++ b/Makefile
@@ -503,6 +503,7 @@ CAP_CFLAGS += -DCAPSTONE_USE_SYS_DYN_MEM
 CAP_CFLAGS += -DCAPSTONE_HAS_ARM
 CAP_CFLAGS += -DCAPSTONE_HAS_ARM64
 CAP_CFLAGS += -DCAPSTONE_HAS_POWERPC
+CAP_CFLAGS += -DCAPSTONE_HAS_SYSZ
 CAP_CFLAGS += -DCAPSTONE_HAS_X86
 
 .PHONY: capstone/all
diff --git a/disas.c b/disas.c
index 3e2bfa572b..51c71534a3 100644
--- a/disas.c
+++ b/disas.c
@@ -550,6 +550,9 @@ void disas(FILE *out, void *code, unsigned long size)
 print_insn = print_insn_m68k;
 #elif defined(__s390__)
 print_insn = print_insn_s390;
+s.info.cap_arch = CS_ARCH_SYSZ;
+s.info.cap_insn_unit = 2;
+s.info.cap_insn_split = 6;
 #elif defined(__hppa__)
 print_insn = print_insn_hppa;
 #endif
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 3abe7e80fd..44f40f1f8c 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -43,6 +43,7 @@
 #include "sysemu/tcg.h"
 #endif
 #include "fpu/softfloat-helpers.h"
+#include "disas/capstone.h"
 
 #define CR0_RESET   0xE0UL
 #define CR14_RESET  0xC200UL;
@@ -180,6 +181,9 @@ static void s390_cpu_disas_set_info(CPUState *cpu, 
disassemble_info *info)
 {
 info->mach = bfd_mach_s390_64;
 info->print_insn = print_insn_s390;
+info->cap_arch = CS_ARCH_SYSZ;
+info->cap_insn_unit = 2;
+info->cap_insn_split = 6;
 }
 
 static void s390_cpu_realizefn(DeviceState *dev, Error **errp)
-- 
2.17.1

Re: [PATCH v2 1/1] target/riscv/pmp: Fix bug preventing

[Chris Williams]

Hi,
Oct 11, 2019, 15:18 by alistai...@gmail.com:

> On Sun, Oct 6, 2019 at 1:32 AM Chris Williams  wrote:
>
> Also please use `git format-patch` to format the patch and then `git
> send-email` to send the patch. There is a whole heap of detail here:
> https://wiki.qemu.org/Contribute/SubmitAPatch 
> 
>
OK, I will do in future. I read the page but failed to get it right. Thanks for 
spotting my patch, and the advice, though.

>> This fixes an issue that prevents a RISC-V CPU from executing instructions
>> immediately from the base address of a PMP TOR region.
>>
>> When jumping to an instruction in a PMP TOR region, pmp_hart_has_privs() is
>> called to validate the access. If this instruction is the very first word of 
>> a
>> PMP TOR region, at address 0 relative to the start address of the region, 
>> then
>> the access will fail. This is because pmp_hart_has_privs() is called with 
>> size
>> 0 to perform this validation, causing this check...
>>
>> e = pmp_is_in_range(env, i, addr + size - 1);
>>
>> ... to fail, as (addr + size - 1) falls below the base address of the PMP
>> region. Really, the access should succeed. For example, if I have a region
>> spanning 0x80d96000 to 0x88d95fff and the CPU jumps to 0x80d96000, then:
>>
>> s = 0x80d96000
>> e = 0x80d95fff
>>
>> And the validation fails. The size check proposed below catches these 
>> zero-size
>> instruction fetch access probes. The word alignment in pmpaddr{0-15} and
>> earlier instruction alignment checks should prevent the execution of
>> instructions over the upper boundary of the PMP region, though I'm happy to 
>> give
>> this more attention if this is a concern.
>>
>
> This seems like a similar issue to this patch as well:
> https://lore.kernel.org/qemu-devel/20191007052813.25814-1-day...@berkeley.edu/
>  
> 
>
Yes, it appears Dayeol and I have encountered the same issue.

> From that discussion:
>
> "In general, size 0 means "unknown size".  In this case, the one tlb lookup is
> going to be used by lots of instructions -- everything that fits on the page."
>
> Richard's last comment seems like a better fix:
>
> "You certainly could do
>
>  if (size == 0) {
>  size = -(addr | TARGET_PAGE_MASK);
>  }
>
> to assume that all bytes from addr to the end of the page are accessed.  That
> would avoid changing too much of the rest of the logic.
>
> That said, this code will continue to not work for mis-aligned boundaries."
>
> So I don't think this is the correct solution. I'm not sure if Dayeol
> is planning on sending a follow up version. If not feel free to send
> it.
>
I'm happy for Dayeol to submit a better patch, if necessary. 
>> Signed-off-by: Chris Williams mailto:diodes...@tuta.io>>
>>
>
> It looks like this is a HTML patch, also ensure all patches are just
> plain text, `git send-email` will do this.
>
Yes, you're right: my webmail client isn't particularly neighborly with respect 
to Qemu's submission process.

C.

Re: [PATCH v2 6/6] tests/qemu-iotests: add case for block-stream compress

[Andrey Shinkevich]

On 03/10/2019 17:58, Vladimir Sementsov-Ogievskiy wrote:
> 02.10.2019 17:22, Andrey Shinkevich wrote:
>> Add a test case to the iotest #030 that checks 'compress' option for a
>> block-stream job.
>>
>> Signed-off-by: Andrey Shinkevich 
>> ---
>>tests/qemu-iotests/030 | 49 
>> +-
>>tests/qemu-iotests/030.out |  4 ++--
>>2 files changed, 50 insertions(+), 3 deletions(-)
>>
>> diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
>> index f3766f2..13fe5a2 100755
>> --- a/tests/qemu-iotests/030
>> +++ b/tests/qemu-iotests/030
>> @@ -21,7 +21,8 @@
>>import time
>>import os
>>import iotests
>> -from iotests import qemu_img, qemu_io
>> +from iotests import qemu_img, qemu_io, qemu_img_pipe
>> +import json
>>
>>backing_img = os.path.join(iotests.test_dir, 'backing.img')
>>mid_img = os.path.join(iotests.test_dir, 'mid.img')
>> @@ -956,6 +957,52 @@ class TestSetSpeed(iotests.QMPTestCase):
>>
>>self.cancel_and_wait(resume=True)
>>
>> +class TestCompressed(iotests.QMPTestCase):
>> +
>> +def setUp(self):
>> +qemu_img('create', '-f', iotests.imgfmt, backing_img, '1M')
>> +qemu_img('create', '-f', iotests.imgfmt, '-o',
>> + 'backing_file=%s' % backing_img, mid_img)
>> +qemu_img('create', '-f', iotests.imgfmt, '-o',
>> + 'backing_file=%s' % mid_img, test_img)
>> +qemu_io('-c', 'write -P 0x1 0 512k', backing_img)
>> +self.vm = iotests.VM().add_drive(test_img, "backing.node-name=mid," 
>> +
>> + "backing.backing.node-name=base")
>> +self.vm.launch()
> 
> Why you can't just add a test-case to TestSingleDrive class?

Their setUp() functions differ.

> 
>> +
>> +def tearDown(self):
>> +self.vm.shutdown()
>> +os.remove(test_img)
>> +os.remove(mid_img)
>> +os.remove(backing_img)
>> +
>> +def test_stream_compress(self):
>> +self.assert_no_active_block_jobs()
>> +
>> +result = self.vm.qmp('block-stream', device='mid', 
>> job_id='stream-mid')
>> +self.assert_qmp(result, 'return', {})
>> +
>> +self.wait_until_completed(drive='stream-mid')
>> +for event in self.vm.get_qmp_events(wait=True):
>> +if event['event'] == 'BLOCK_JOB_COMPLETED':
>> +self.dictpath(event, 'data/device')
>> +self.assert_qmp_absent(event, 'data/error')
> 
> COMPLETED event is for sure already waited by wait_until_completed
> 
>> +
>> +result = self.vm.qmp('block-stream', device='drive0', base=mid_img,
>> + job_id='stream-top', compress=True)
>> +self.assert_qmp(result, 'return', {})
>> +
>> +self.wait_until_completed(drive='stream-top')
>> +self.assert_no_active_block_jobs()
> 
> this assertion is done in wait_until_completed
> 
>> +self.vm.shutdown()
>> +
>> +top = json.loads(qemu_img_pipe('info', '--output=json', test_img))
>> +mid = json.loads(qemu_img_pipe('info', '--output=json', mid_img))
>> +base = json.loads(qemu_img_pipe('info', '--output=json', 
>> backing_img))
>> +
>> +self.assertEqual(mid['actual-size'], base['actual-size'])
>> +self.assertLess(top['actual-size'], mid['actual-size'])
>> +
>>if __name__ == '__main__':
>>iotests.main(supported_fmts=['qcow2', 'qed'],
>> supported_protocols=['file'])
>> diff --git a/tests/qemu-iotests/030.out b/tests/qemu-iotests/030.out
>> index 6d9bee1..af8dac1 100644
>> --- a/tests/qemu-iotests/030.out
>> +++ b/tests/qemu-iotests/030.out
>> @@ -1,5 +1,5 @@
>> -...
>> +
>>--
>> -Ran 27 tests
>> +Ran 28 tests
>>
>>OK
>>
> 
> 

-- 
With the best regards,
Andrey Shinkevich

Re: [PULL 59/68] aspeed: Add an AST2600 eval board

[Peter Maydell]

On Tue, 15 Oct 2019 at 18:43, Cédric Le Goater  wrote:
> On 15/10/2019 19:03, Peter Maydell wrote:
> > On Mon, 14 Oct 2019 at 17:05, Peter Maydell  
> > wrote:
> > (armhf)pmaydell@mustang-maydell:~/qemu$
> > ./build/all-a32/arm-softmmu/qemu-system-arm -M ast2600-evb
> > qemu-system-arm: at most 2047 MB RAM can be simulated
> >
> > It's also a pretty rudely large amount of RAM to allocate
> > by default: it caused 'make check' to fail on my OSX
> > box, which is 64-bits but doesn't have huge swathes
> > of free RAM.
> >
> > I'm going to drop this patch from my queue and redo
> > the pullreq.
>
> ok. We do have such a board.
>
> What do you suggest ? We can lower the RAM to 1G for QEMU.

1GB is OK -- we have several machines that set default_ram_size to that.

If we want to handle more generally boards which have a
larger ram size by default then we probably need to
work on the 'make check' infrastructure -- right now we
have a generic test that just checks "can we instantiate
every machine model", which is what's falling over.

thanks
-- PMM

Re: [for-4.2 PATCH 0/2] PCI DMA alias support

[Alex Williamson]

On Mon, 14 Oct 2019 10:59:57 +0800
Peter Xu  wrote:

> On Mon, Aug 19, 2019 at 03:23:16PM -0600, Alex Williamson wrote:
> > On Mon, 29 Jul 2019 15:15:29 -0400
> > "Michael S. Tsirkin"  wrote:
> >   
> > > On Fri, Jul 26, 2019 at 06:55:27PM -0600, Alex Williamson wrote:  
> > > > Please see patch 1/ for the motivation and utility of this series.
> > > > This v1 submission improves on the previous RFC with revised commit
> > > > logs, comments, and more testing, and the missing IVRS support for DMA
> > > > alias ranges is now included.  Testing has been done with Linux guests
> > > > with both SeaBIOS and OVMF with configurations of intel-iommu and
> > > > amd-iommu.  Intel-iommu testing includes device assignment, amd-iommu
> > > > is necessarily limited to emulated devices with interrupt remapping
> > > > disabled and iommu=pt in the guest (enabling interrupt remapping or
> > > > disabling guest passthrough mode fails to work regardless of this
> > > > series).  This series is NOT intended for QEMU v4.1.  Thanks,
> > > > 
> > > > Alex
> > > 
> > > 
> > > series looks good to me.
> > > pls ping when 4.1 is out and I'll queue it.  
> > 
> > Here's the requested ping :)  If you'd like a re-posting or comment
> > update, just say so.  I think Peter was ultimately satisfied enough to
> > not request a re-spin for comments alone.  Thanks,  
> 
> Hi, Michael,
> 
> Do you plan to merge this series?  Or do you still wait for an ack?
> 
> In all cases:
> 
> Reviewed-by: Peter Xu 

Thanks Peter, somehow I had it in my head that MST has already queued
these, but it seems not.  There's been hardly any churn in these files
upstream, so please consider these patches in play.  Thanks,

Alex

[PATCH v3 1/3] capstone: Update to master

[Richard Henderson]

Update to 418d36d695e0.  Choose this over the 4.0.1 tag because
master now includes the s390x z13 vector opcodes.

Acked-by: David Hildenbrand 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Richard Henderson 
---
 Makefile  | 1 +
 capstone  | 2 +-
 configure | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 30f0abfb42..8ce48e0342 100644
--- a/Makefile
+++ b/Makefile
@@ -498,6 +498,7 @@ dtc/%: .git-submodule-status
 # Remove all the extra -Warning flags that QEMU uses that Capstone doesn't;
 # no need to annoy QEMU developers with such things.
 CAP_CFLAGS = $(patsubst -W%,,$(CFLAGS) $(QEMU_CFLAGS))
+CAP_CFLAGS += -I$(SRC_PATH)/capstone/include
 CAP_CFLAGS += -DCAPSTONE_USE_SYS_DYN_MEM
 CAP_CFLAGS += -DCAPSTONE_HAS_ARM
 CAP_CFLAGS += -DCAPSTONE_HAS_ARM64
diff --git a/capstone b/capstone
index 22ead3e0bf..418d36d695 16
--- a/capstone
+++ b/capstone
@@ -1 +1 @@
-Subproject commit 22ead3e0bfdb87516656453336160e0a37b066bf
+Subproject commit 418d36d695e075955674ace5a1191b495da50f84
diff --git a/configure b/configure
index 08ca4bcb46..f4f1860065 100755
--- a/configure
+++ b/configure
@@ -5008,7 +5008,7 @@ case "$capstone" in
   git_submodules="${git_submodules} capstone"
 fi
 mkdir -p capstone
-QEMU_CFLAGS="$QEMU_CFLAGS -I\$(SRC_PATH)/capstone/include"
+QEMU_CFLAGS="$QEMU_CFLAGS -I\$(SRC_PATH)/capstone/include/capstone"
 if test "$mingw32" = "yes"; then
   LIBCAPSTONE=capstone.lib
 else
-- 
2.17.1

[PATCH v3 3/3] capstone: Add s390x skipdata callback

[Richard Henderson]

Capstone assumes any unknown instruction is 2 bytes.
Instead, use the ilen field in the first two bits of
the instruction to stay in sync with the insn stream.

Signed-off-by: Richard Henderson 
---
 disas.c | 37 +
 1 file changed, 37 insertions(+)

diff --git a/disas.c b/disas.c
index 51c71534a3..2a000cbeb0 100644
--- a/disas.c
+++ b/disas.c
@@ -178,6 +178,39 @@ static int print_insn_od_target(bfd_vma pc, 
disassemble_info *info)
to share this across calls and across host vs target disassembly.  */
 static __thread cs_insn *cap_insn;
 
+/*
+ * The capstone library always skips 2 bytes for S390X.
+ * This is less than ideal, since we can tell from the first two bits
+ * the size of the insn and thus stay in sync with the insn stream.
+ */
+static size_t CAPSTONE_API
+cap_skipdata_s390x_cb(const uint8_t *code, size_t code_size,
+  size_t offset, void *user_data)
+{
+size_t ilen;
+
+/* See get_ilen() in target/s390x/internal.h.  */
+switch (code[offset] >> 6) {
+case 0:
+ilen = 2;
+break;
+case 1:
+case 2:
+ilen = 4;
+break;
+default:
+ilen = 6;
+break;
+}
+
+return ilen;
+}
+
+static const cs_opt_skipdata cap_skipdata_s390x = {
+.mnemonic = ".byte",
+.callback = cap_skipdata_s390x_cb
+};
+
 /* Initialize the Capstone library.  */
 /* ??? It would be nice to cache this.  We would need one handle for the
host and one for the target.  For most targets we can reset specific
@@ -208,6 +241,10 @@ static cs_err cap_disas_start(disassemble_info *info, csh 
*handle)
 
 /* "Disassemble" unknown insns as ".byte W,X,Y,Z".  */
 cs_option(*handle, CS_OPT_SKIPDATA, CS_OPT_ON);
+if (info->cap_arch == CS_ARCH_SYSZ) {
+cs_option(*handle, CS_OPT_SKIPDATA_SETUP,
+  (uintptr_t)&cap_skipdata_s390x);
+}
 
 /* Allocate temp space for cs_disasm_iter.  */
 if (cap_insn == NULL) {
-- 
2.17.1

[PATCH v3 0/3] Update capstone module

[Richard Henderson]

Tested vs centos7, fedora30, and bionic (with and without
system capstone installed).

Changes for v3:
  * Work around the various include directory nonsense.
  * Re-add the s390 skipdata callback, as a separate patch.

Changes for v2:
  * Drop the installed directory change.  This does force a
different include change when building from git.
  * Drop the s390 skipdata callback for now.


r~


Richard Henderson (3):
  capstone: Update to master
  capstone: Enable disassembly for s390x
  capstone: Fix s390x skipdata

 Makefile   |  2 ++
 disas.c| 40 
 target/s390x/cpu.c |  4 
 capstone   |  2 +-
 configure  |  2 +-
 5 files changed, 48 insertions(+), 2 deletions(-)

-- 
2.17.1

Re: [PULL 59/68] aspeed: Add an AST2600 eval board

[Cédric Le Goater]

On 15/10/2019 19:03, Peter Maydell wrote:
> On Mon, 14 Oct 2019 at 17:05, Peter Maydell  wrote:
>>
>> From: Cédric Le Goater 
>>
>> Signed-off-by: Cédric Le Goater 
>> Reviewed-by: Joel Stanley 
>> Message-id: 20190925143248.1-21-...@kaod.org
>> Signed-off-by: Peter Maydell 
>> ---
>>  include/hw/arm/aspeed.h |  1 +
>>  hw/arm/aspeed.c | 23 +++
>>  2 files changed, 24 insertions(+)
> 
>> @@ -455,6 +467,17 @@ static const AspeedBoardConfig aspeed_boards[] = {
>>  .num_cs= 2,
>>  .i2c_init  = witherspoon_bmc_i2c_init,
>>  .ram   = 512 * MiB,
>> +}, {
>> +.name  = MACHINE_TYPE_NAME("ast2600-evb"),
>> +.desc  = "Aspeed AST2600 EVB (Cortex A7)",
>> +.soc_name  = "ast2600-a0",
>> +.hw_strap1 = AST2600_EVB_HW_STRAP1,
>> +.hw_strap2 = AST2600_EVB_HW_STRAP2,
>> +.fmc_model = "w25q512jv",
>> +.spi_model = "mx66u51235f",
>> +.num_cs= 1,
>> +.i2c_init  = ast2600_evb_i2c_init,
>> +.ram   = 2 * GiB,
> 
> Hi. I just discovered that this makes 'make check' fail on
> 32-bit systems, because you can't default to 2GB of RAM
> for a board:
> 
> (armhf)pmaydell@mustang-maydell:~/qemu$
> ./build/all-a32/arm-softmmu/qemu-system-arm -M ast2600-evb
> qemu-system-arm: at most 2047 MB RAM can be simulated
> 
> It's also a pretty rudely large amount of RAM to allocate
> by default: it caused 'make check' to fail on my OSX
> box, which is 64-bits but doesn't have huge swathes
> of free RAM.
> 
> I'm going to drop this patch from my queue and redo
> the pullreq.

ok. We do have such a board. 

What do you suggest ? We can lower the RAM to 1G for QEMU. 

Thanks,

C.  



U-Boot 2019.04-00299-g7eb9da617d8e (Aug 21 2019 - 17:46:13 +0930)

SOC : AST2600-A0 
RST : WDT1 SOC 
PCI RST : #1 #2 
eSPI Mode : SIO:Enable : SuperIO-2e
Eth :MAC0: RGMII ,MAC1: RGMII ,MAC2: RGMII ,MAC3: RGMII 
Model: Aspeed BMC
DRAM:  2 GiB
WARNING: Caches not enabled
MMC:   emmc_slot0@100: 0
Loading Environment from SPI Flash... SF: Detected w25q512jv with page size 256 
Bytes, erase size 4 KiB, total 64 MiB
OK
In:serial@1e784000
Out:   serial@1e784000
Err:   serial@1e784000
Model: Aspeed BMC
Net:   eth1: ftgmac@1e68, eth2: ftgmac@1e67
Warning: ftgmac@1e69 (eth3) using random MAC address - 96:5c:26:8e:5e:0a
, eth3: ftgmac@1e69
Hit any key to stop autoboot:  0 

[Bug 1848231] Re: serial/parallel character devices created for the none-machine

[Peter Maydell]

You can start 'none' without "-serial null". Examples:

qemu-system-x86_64 -machine none
qemu-system-x86_64 -machine none -monitor stdio
qemu-system-x86_64 -machine none -nographic
qemu-system-x86_64 -machine none -monitor stdio -display none

Your command line "qemu-system-x86_64 -machine none -nographic -monitor
stdio" fails because "-nographic" says "please create a serial port
using stdio" but "-monitor stdio" tries to use stdio for something else.
You get the same message for any machine (eg "pc"), not just "none". If
what you wanted was "just don't create the graphical display" that's
"-display none" -- "-nographic" is a collection of things including both
'no display' and also 'default to creating a serial device to stdio' and
'default to creating a monitor muxed with that serial'.


** Changed in: qemu
   Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848231

Title:
  serial/parallel character devices created for the none-machine

Status in QEMU:
  Invalid

Bug description:
  The none-machine can not be started unless using "-serial null":

  qemu-system-x86_64 -machine none -nographic -monitor stdio
  QEMU 3.1.1 monitor - type 'help' for more information
  (qemu) qemu-system-x86_64: cannot use stdio by multiple character devices
  qemu-system-x86_64: could not connect serial device to character backend 
'stdio'
  $

  $ qemu-system-mips -machine none -nographic -serial null -monitor stdio
  QEMU 4.1.50 monitor - type 'help' for more information
  (qemu) info chardev
  parallel0: filename=null
  compat_monitor0: filename=stdio
  serial0: filename=null
  (qemu)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848231/+subscriptions

Re: [PATCH v2 00/20] nvme: support NVMe v1.3d, SGLs and multiple namespaces

[no-reply]

Patchew URL: https://patchew.org/QEMU/20191015103900.313928-1-...@irrelevant.dk/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PATCH v2 00/20] nvme: support NVMe v1.3d, SGLs and multiple namespaces
Type: series
Message-id: 20191015103900.313928-1-...@irrelevant.dk

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
c68f7e0 nvme: handle dma errors
855f2b8 nvme: make lba data size configurable
68fc575 nvme: remove redundant NvmeCmd pointer parameter
eb585d1 nvme: bump controller pci device id
227280c nvme: support multiple namespaces
ccc877b nvme: add support for scatter gather lists
76d6fe6 nvme: allow multiple aios per command
73227cb nvme: refactor prp mapping
df5fd9f nvme: bump supported specification version to 1.3
c85c0ff nvme: add missing mandatory features
1188552 nvme: add logging to error information log page
714808c nvme: add support for the asynchronous event request command
88bdfce nvme: add support for the get log page command
7716649 nvme: refactor device realization
7d2d51e nvme: add support for the abort command
4ec0e81 nvme: allow completion queues in the cmb
68f00db nvme: populate the mandatory subnqn and ver fields
f08d66a nvme: add missing fields in the identify controller data structure
315a6eb nvme: move device parameters to separate struct
b94cf4a nvme: remove superfluous breaks

=== OUTPUT BEGIN ===
1/20 Checking commit b94cf4aea07b (nvme: remove superfluous breaks)
2/20 Checking commit 315a6eb1f09f (nvme: move device parameters to separate 
struct)
ERROR: Macros with complex values should be enclosed in parenthesis
#177: FILE: hw/block/nvme.h:6:
+#define DEFINE_NVME_PROPERTIES(_state, _props) \
+DEFINE_PROP_STRING("serial", _state, _props.serial), \
+DEFINE_PROP_UINT32("cmb_size_mb", _state, _props.cmb_size_mb, 0), \
+DEFINE_PROP_UINT32("num_queues", _state, _props.num_queues, 64)

total: 1 errors, 0 warnings, 181 lines checked

Patch 2/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

3/20 Checking commit f08d66aa761b (nvme: add missing fields in the identify 
controller data structure)
4/20 Checking commit 68f00db57e87 (nvme: populate the mandatory subnqn and ver 
fields)
5/20 Checking commit 4ec0e81a8ca5 (nvme: allow completion queues in the cmb)
6/20 Checking commit 7d2d51e5da89 (nvme: add support for the abort command)
7/20 Checking commit 7716649c3d6d (nvme: refactor device realization)
8/20 Checking commit 88bdfce1a599 (nvme: add support for the get log page 
command)
9/20 Checking commit 714808cd3ef8 (nvme: add support for the asynchronous event 
request command)
10/20 Checking commit 11885522fa87 (nvme: add logging to error information log 
page)
11/20 Checking commit c85c0ff5ea35 (nvme: add missing mandatory features)
12/20 Checking commit df5fd9f283a4 (nvme: bump supported specification version 
to 1.3)
13/20 Checking commit 73227cb3c83c (nvme: refactor prp mapping)
14/20 Checking commit 76d6fe6ea1cf (nvme: allow multiple aios per command)
15/20 Checking commit ccc877b6f72b (nvme: add support for scatter gather lists)
16/20 Checking commit 227280c8d08c (nvme: support multiple namespaces)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#42: 
new file mode 100644

total: 0 errors, 1 warnings, 801 lines checked

Patch 16/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
17/20 Checking commit eb585d1231e3 (nvme: bump controller pci device id)
18/20 Checking commit 68fc575b3fc7 (nvme: remove redundant NvmeCmd pointer 
parameter)
19/20 Checking commit 855f2b86dd6c (nvme: make lba data size configurable)
20/20 Checking commit c68f7e0d0c55 (nvme: handle dma errors)
WARNING: line over 80 characters
#77: FILE: hw/block/nvme.c:257:
+if (nvme_addr_read(n, prp_ent, (void *) prp_list, 
prp_trans)) {

WARNING: line over 80 characters
#103: FILE: hw/block/nvme.c:428:
+if (nvme_addr_read(n, addr, segment, nsgld * 
sizeof(NvmeSglDescriptor))) {

total: 0 errors, 2 warnings, 148 lines checked

Patch 20/20 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20191015103900.313928-1-...@irrelevant.dk/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v2 00/20] nvme: support NVMe v1.3d, SGLs and multiple namespaces

[no-reply]

Patchew URL: https://patchew.org/QEMU/20191015103900.313928-1-...@irrelevant.dk/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

  CC  hw/misc/imx7_gpr.o
  CC  hw/misc/mst_fpga.o
/tmp/qemu-test/src/hw/block/nvme.c: In function 'nvme_map_prp':
/tmp/qemu-test/src/hw/block/nvme.c:232:42: error: cast to pointer from integer 
of different size [-Werror=int-to-pointer-cast]
 trace_nvme_err_addr_read((void *) prp2);
  ^
/tmp/qemu-test/src/hw/block/nvme.c:258:50: error: cast to pointer from integer 
of different size [-Werror=int-to-pointer-cast]
 trace_nvme_err_addr_read((void *) prp_ent);
  ^
/tmp/qemu-test/src/hw/block/nvme.c: In function 'nvme_map_sgl':
/tmp/qemu-test/src/hw/block/nvme.c:414:42: error: cast to pointer from integer 
of different size [-Werror=int-to-pointer-cast]
 trace_nvme_err_addr_read((void *) addr);
  ^
/tmp/qemu-test/src/hw/block/nvme.c:429:38: error: cast to pointer from integer 
of different size [-Werror=int-to-pointer-cast]
 trace_nvme_err_addr_read((void *) addr);
  ^
/tmp/qemu-test/src/hw/block/nvme.c:478:38: error: cast to pointer from integer 
of different size [-Werror=int-to-pointer-cast]
 trace_nvme_err_addr_read((void *) addr);
  ^
/tmp/qemu-test/src/hw/block/nvme.c:493:34: error: cast to pointer from integer 
of different size [-Werror=int-to-pointer-cast]
 trace_nvme_err_addr_read((void *) addr);
  ^
/tmp/qemu-test/src/hw/block/nvme.c: In function 'nvme_post_cqes':
/tmp/qemu-test/src/hw/block/nvme.c:847:39: error: cast to pointer from integer 
of different size [-Werror=int-to-pointer-cast]
 trace_nvme_err_addr_write((void *) addr);
   ^
/tmp/qemu-test/src/hw/block/nvme.c: In function 'nvme_process_sq':
/tmp/qemu-test/src/hw/block/nvme.c:1971:38: error: cast to pointer from integer 
of different size [-Werror=int-to-pointer-cast]
 trace_nvme_err_addr_read((void *) addr);
  ^
cc1: all warnings being treated as errors
make: *** [/tmp/qemu-test/src/rules.mak:69: hw/block/nvme.o] Error 1
make: *** Waiting for unfinished jobs
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 662, in 
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=8aa0a85fff1f457c9dc7c826d7b3189d', '-u', 
'1001', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-2g1bl41s/src/docker-src.2019-10-15-13.13.48.993:/var/tmp/qemu:z,ro',
 'qemu:fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=8aa0a85fff1f457c9dc7c826d7b3189d
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-2g1bl41s/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real5m56.522s
user0m7.913s


The full log is available at
http://patchew.org/logs/20191015103900.313928-1-...@irrelevant.dk/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

[PULL v2 00/67] target-arm queue

[Peter Maydell]

v1->v2 changes: dropped the patch adding the new ast2600
board, as it doesn't pass "make check" on 32-bit hosts or
low-memory hosts.

thanks
-- PMM

The following changes since commit 3af78db68176a049e2570822f64604e0692c1447:

  Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging 
(2019-10-15 13:25:05 +0100)

are available in the Git repository at:

  https://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20191015

for you to fetch changes up to 19845504da1bdee4be7d0fba33da5be9efa4c11b:

  hw/misc/bcm2835_mbox: Add trace events (2019-10-15 18:09:05 +0100)


target-arm queue:
 * Add Aspeed AST2600 SoC support (but no new board model yet)
 * aspeed/wdt: Check correct register for clock source
 * bcm2835: code cleanups, better logging, trace events
 * implement v2.0 of the Arm semihosting specification
 * provide new 'transaction-based' ptimer API and use it
   for the Arm devices that use ptimers
 * ARM: KVM: support more than 256 CPUs


Amithash Prasad (1):
  aspeed/wdt: Check correct register for clock source

Cédric Le Goater (14):
  aspeed/timer: Introduce an object class per SoC
  aspeed/timer: Add support for control register 3
  aspeed/timer: Add AST2600 support
  aspeed/timer: Add support for IRQ status register on the AST2600
  aspeed/sdmc: Introduce an object class per SoC
  watchdog/aspeed: Introduce an object class per SoC
  aspeed/smc: Introduce segment operations
  aspeed/smc: Add AST2600 support
  aspeed/i2c: Introduce an object class per SoC
  aspeed/i2c: Add AST2600 support
  aspeed: Introduce an object class per SoC
  aspeed/soc: Add AST2600 support
  m25p80: Add support for w25q512jv
  aspeed: add support for the Aspeed MII controller of the AST2600

Eddie James (1):
  hw/sd/aspeed_sdhci: New device

Eric Auger (3):
  linux headers: update against v5.4-rc1
  intc/arm_gic: Support IRQ injection for more than 256 vpus
  ARM: KVM: Check KVM_CAP_ARM_IRQ_LINE_LAYOUT_2 for smp_cpus > 256

Joel Stanley (5):
  hw: aspeed_scu: Add AST2600 support
  aspeed/sdmc: Add AST2600 support
  hw: wdt_aspeed: Add AST2600 support
  aspeed: Parameterise number of MACs
  aspeed/soc: Add ASPEED Video stub

Peter Maydell (36):
  ptimer: Rename ptimer_init() to ptimer_init_with_bh()
  ptimer: Provide new transaction-based API
  tests/ptimer-test: Switch to transaction-based ptimer API
  hw/timer/arm_timer.c: Switch to transaction-based ptimer API
  hw/arm/musicpal.c: Switch to transaction-based ptimer API
  hw/timer/allwinner-a10-pit.c: Switch to transaction-based ptimer API
  hw/timer/arm_mptimer.c: Switch to transaction-based ptimer API
  hw/timer/cmsdk-apb-dualtimer.c: Switch to transaction-based ptimer API
  hw/timer/cmsdk-apb-timer.c: Switch to transaction-based ptimer API
  hw/timer/digic-timer.c: Switch to transaction-based ptimer API
  hw/timer/exynos4210_mct.c: Switch GFRC to transaction-based ptimer API
  hw/timer/exynos4210_mct.c: Switch LFRC to transaction-based ptimer API
  hw/timer/exynos4210_mct.c: Switch ltick to transaction-based ptimer API
  hw/timer/exynos4210_pwm.c: Switch to transaction-based ptimer API
  hw/timer/exynos4210_rtc.c: Switch 1Hz ptimer to transaction-based API
  hw/timer/exynos4210_rtc.c: Switch main ptimer to transaction-based API
  hw/timer/imx_epit.c: Switch to transaction-based ptimer API
  hw/timer/imx_gpt.c: Switch to transaction-based ptimer API
  hw/timer/mss-timerc: Switch to transaction-based ptimer API
  hw/watchdog/cmsdk-apb-watchdog.c: Switch to transaction-based ptimer API
  hw/net/lan9118.c: Switch to transaction-based ptimer API
  target/arm/arm-semi: Capture errno in softmmu version of set_swi_errno()
  target/arm/arm-semi: Always set some kind of errno for failed calls
  target/arm/arm-semi: Correct comment about gdb syscall races
  target/arm/arm-semi: Make semihosting code hand out its own file 
descriptors
  target/arm/arm-semi: Restrict use of TaskState*
  target/arm/arm-semi: Use set_swi_errno() in gdbstub callback functions
  target/arm/arm-semi: Factor out implementation of SYS_CLOSE
  target/arm/arm-semi: Factor out implementation of SYS_WRITE
  target/arm/arm-semi: Factor out implementation of SYS_READ
  target/arm/arm-semi: Factor out implementation of SYS_ISTTY
  target/arm/arm-semi: Factor out implementation of SYS_SEEK
  target/arm/arm-semi: Factor out implementation of SYS_FLEN
  target/arm/arm-semi: Implement support for semihosting feature detection
  target/arm/arm-semi: Implement SH_EXT_EXIT_EXTENDED extension
  target/arm/arm-semi: Implement SH_EXT_STDOUT_STDERR extension

Philippe Mathieu-Daudé (6

[Bug 1848231] [NEW] serial/parallel character devices created for the none-machine

[Philippe Mathieu-Daudé]

Public bug reported:

The none-machine can not be started unless using "-serial null":

qemu-system-x86_64 -machine none -nographic -monitor stdio
QEMU 3.1.1 monitor - type 'help' for more information
(qemu) qemu-system-x86_64: cannot use stdio by multiple character devices
qemu-system-x86_64: could not connect serial device to character backend 'stdio'
$

$ qemu-system-mips -machine none -nographic -serial null -monitor stdio
QEMU 4.1.50 monitor - type 'help' for more information
(qemu) info chardev
parallel0: filename=null
compat_monitor0: filename=stdio
serial0: filename=null
(qemu)

** Affects: qemu
 Importance: Undecided
 Status: New


** Tags: chardev

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1848231

Title:
  serial/parallel character devices created for the none-machine

Status in QEMU:
  New

Bug description:
  The none-machine can not be started unless using "-serial null":

  qemu-system-x86_64 -machine none -nographic -monitor stdio
  QEMU 3.1.1 monitor - type 'help' for more information
  (qemu) qemu-system-x86_64: cannot use stdio by multiple character devices
  qemu-system-x86_64: could not connect serial device to character backend 
'stdio'
  $

  $ qemu-system-mips -machine none -nographic -serial null -monitor stdio
  QEMU 4.1.50 monitor - type 'help' for more information
  (qemu) info chardev
  parallel0: filename=null
  compat_monitor0: filename=stdio
  serial0: filename=null
  (qemu)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1848231/+subscriptions

Re: [PATCH] target/riscv: PMP violation due to wrong size parameter

[Dayeol Lee]

Hi,

Could this patch go through?
If not please let me know so that I can fix.
Thank you!

Dayeol


On Sat, Oct 12, 2019, 11:30 AM Dayeol Lee  wrote:

> No it doesn't mean that.
> But the following code will make the size TARGET_PAGE_SIZE - (page offset)
> if the address is not aligned.
>
> pmp_size = -(address | TARGET_PAGE_MASK)
>
>
> On Fri, Oct 11, 2019, 7:37 PM Jonathan Behrens  wrote:
>
>> How do you know that the access won't straddle a page boundary? Is there
>> a guarantee somewhere that size=0 means that the access is naturally
>> aligned?
>>
>> Jonathan
>>
>>
>> On Fri, Oct 11, 2019 at 7:14 PM Dayeol Lee  wrote:
>>
>>> riscv_cpu_tlb_fill() uses the `size` parameter to check PMP violation
>>> using pmp_hart_has_privs().
>>> However, if the size is unknown (=0), the ending address will be
>>> `addr - 1` as it is `addr + size - 1` in `pmp_hart_has_privs()`.
>>> This always causes a false PMP violation on the starting address of the
>>> range, as `addr - 1` is not in the range.
>>>
>>> In order to fix, we just assume that all bytes from addr to the end of
>>> the page will be accessed if the size is unknown.
>>>
>>> Signed-off-by: Dayeol Lee 
>>> Reviewed-by: Richard Henderson 
>>> ---
>>>  target/riscv/cpu_helper.c | 13 -
>>>  1 file changed, 12 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
>>> index e32b6126af..7d9a22b601 100644
>>> --- a/target/riscv/cpu_helper.c
>>> +++ b/target/riscv/cpu_helper.c
>>> @@ -441,6 +441,7 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr address,
>>> int size,
>>>  CPURISCVState *env = &cpu->env;
>>>  hwaddr pa = 0;
>>>  int prot;
>>> +int pmp_size = 0;
>>>  bool pmp_violation = false;
>>>  int ret = TRANSLATE_FAIL;
>>>  int mode = mmu_idx;
>>> @@ -460,9 +461,19 @@ bool riscv_cpu_tlb_fill(CPUState *cs, vaddr
>>> address, int size,
>>>"%s address=%" VADDR_PRIx " ret %d physical "
>>> TARGET_FMT_plx
>>>" prot %d\n", __func__, address, ret, pa, prot);
>>>
>>> +/*
>>> + * if size is unknown (0), assume that all bytes
>>> + * from addr to the end of the page will be accessed.
>>> + */
>>> +if (size == 0) {
>>> +pmp_size = -(address | TARGET_PAGE_MASK);
>>> +} else {
>>> +pmp_size = size;
>>> +}
>>> +
>>>  if (riscv_feature(env, RISCV_FEATURE_PMP) &&
>>>  (ret == TRANSLATE_SUCCESS) &&
>>> -!pmp_hart_has_privs(env, pa, size, 1 << access_type, mode)) {
>>> +!pmp_hart_has_privs(env, pa, pmp_size, 1 << access_type, mode))
>>> {
>>>  ret = TRANSLATE_PMP_FAIL;
>>>  }
>>>  if (ret == TRANSLATE_PMP_FAIL) {
>>> --
>>> 2.20.1
>>>
>>>
>>>

Re: [RFC PATCH] hw/mem/Kconfig: NVDIMM device requires CONFIG_MEM_DEVICE

[Thomas Huth]

On 15/10/2019 18.46, Philippe Mathieu-Daudé wrote:
> When selecting only the NVDIMM device with "NVDIMM y", the
> device is not compiled/linked because it does not select MEM_DEVICE
> and hw/mem/Makefile.objs is not included:
> 
>   $ git grep mem/ hw/Makefile.objs
>   hw/Makefile.objs:39:devices-dirs-$(CONFIG_MEM_DEVICE) += mem/
> 
> Let NVDIMM config select MEM_DEVICE.
> 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> I'm not sure this is the best fix, maybe we should simply include
> mem/ regardless of CONFIG_MEM_DEVICE (all mem devices use it).
> ---
>  hw/mem/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/mem/Kconfig b/hw/mem/Kconfig
> index 620fd4cb59..5da724d7a2 100644
> --- a/hw/mem/Kconfig
> +++ b/hw/mem/Kconfig
> @@ -7,5 +7,6 @@ config MEM_DEVICE
>  
>  config NVDIMM
>  bool
> +select MEM_DEVICE
>  default y
>  depends on PC

Looks reasonable to me.

Reviewed-by: Thomas Huth 

Re: LEON3 networking

[Philippe Mathieu-Daudé]

Hi Joshua,

On 10/15/19 3:17 PM, Joshua Shaffer wrote:

Hello,

I've been using the LEON3 port of qemu, and am wondering if anyone has 
touched the networking setup for such since the thread here: 
https://lists.rtems.org/pipermail/users/2014-September/028224.html


Thanks for sharing this!

Good news, Jiri keeps rebasing his patch with the latest stable version.
Bad news, he didn't not signed his work with a "Signed-off-by" tag so we 
can not take this as it into the mainstream repository, see 
https://wiki.qemu.org/Contribute/SubmitAPatch#Patch_emails_must_include_a_Signed-off-by:_line


Note we have maintainers for the Leon3, I'm Cc'ing them:

$ ./scripts/get_maintainer.pl -f hw/sparc/leon3.c
Fabien Chouteau  (maintainer:Leon3)
KONRAD Frederic  (maintainer:Leon3)
Mark Cave-Ayland  (maintainer:SPARC TCG CPUs)
Artyom Tarasenko  (maintainer:SPARC TCG CPUs)
qemu-devel@nongnu.org (open list:All patches CC here)

Regards,

Phil.

LEON3 networking

[Joshua Shaffer]

Hello,

I've been using the LEON3 port of qemu, and am wondering if anyone has
touched the networking setup for such since the thread here:
https://lists.rtems.org/pipermail/users/2014-September/028224.html

-- 
Notice: This message is intended solely for use of the individual or entity 
to which it is addressed and may contain information that is proprietary, 
privileged, company confidential and/or exempt from disclosure under 
applicable law. If the reader is not the intended recipient or agent 
responsible for delivering the message to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. This communication may also contain 
data subject to the International Traffic in Arms Regulations or U.S. 
Export Administration Regulations and cannot be disseminated, distributed 
or copied to foreign nationals, residing in the U.S. or abroad, without the 
prior approval of the U.S. Department of State or appropriate export 
licensing authority. If you have received this communication in error, 
please notify the sender by reply e-mail or collect telephone call and 
delete or destroy all copies of this email message, any physical copies 
made of this e-mail message and/or any file attachment(s).

[PATCH v3 1/3] tcg: Introduce target-specific page data for user-only

[Richard Henderson]

At the same time, remember MAP_SHARED as PAGE_SHARED.  When mapping
new pages, make sure that old target-specific page data is removed.

Signed-off-by: Richard Henderson 
---
 include/exec/cpu-all.h| 10 --
 accel/tcg/translate-all.c | 28 
 linux-user/mmap.c |  8 +++-
 linux-user/syscall.c  |  4 ++--
 4 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index d23ced1d12..034773e319 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -243,10 +243,14 @@ extern intptr_t qemu_host_page_mask;
 #define PAGE_WRITE_ORG 0x0010
 /* Invalidate the TLB entry immediately, helpful for s390x
  * Low-Address-Protection. Used with PAGE_WRITE in tlb_set_page_with_attrs() */
-#define PAGE_WRITE_INV 0x0040
+#define PAGE_WRITE_INV 0x0020
+/* Page is mapped shared.  */
+#define PAGE_SHARED0x0040
+/* For use with page_set_flags: page is being replaced; target_data cleared. */
+#define PAGE_RESET 0x0080
 #if defined(CONFIG_BSD) && defined(CONFIG_USER_ONLY)
 /* FIXME: Code that sets/uses this is broken and needs to go away.  */
-#define PAGE_RESERVED  0x0020
+#define PAGE_RESERVED  0x0100
 #endif
 /* Target-specific bits that will be used via page_get_flags().  */
 #define PAGE_TARGET_1  0x0080
@@ -261,6 +265,8 @@ int walk_memory_regions(void *, walk_memory_regions_fn);
 int page_get_flags(target_ulong address);
 void page_set_flags(target_ulong start, target_ulong end, int flags);
 int page_check_range(target_ulong start, target_ulong len, int flags);
+void *page_get_target_data(target_ulong address);
+void *page_alloc_target_data(target_ulong address, size_t size);
 #endif
 
 CPUArchState *cpu_copy(CPUArchState *env);
diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index 66d4bc4341..dbf08b55e2 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -110,6 +110,7 @@ typedef struct PageDesc {
 unsigned int code_write_count;
 #else
 unsigned long flags;
+void *target_data;
 #endif
 #ifndef CONFIG_USER_ONLY
 QemuSpin lock;
@@ -2513,6 +2514,7 @@ int page_get_flags(target_ulong address)
 void page_set_flags(target_ulong start, target_ulong end, int flags)
 {
 target_ulong addr, len;
+bool reset_target_data;
 
 /* This function should never be called with addresses outside the
guest address space.  If this assert fires, it probably indicates
@@ -2529,6 +2531,8 @@ void page_set_flags(target_ulong start, target_ulong end, 
int flags)
 if (flags & PAGE_WRITE) {
 flags |= PAGE_WRITE_ORG;
 }
+reset_target_data = !(flags & PAGE_VALID) || (flags & PAGE_RESET);
+flags &= ~PAGE_RESET;
 
 for (addr = start, len = end - start;
  len != 0;
@@ -2542,10 +2546,34 @@ void page_set_flags(target_ulong start, target_ulong 
end, int flags)
 p->first_tb) {
 tb_invalidate_phys_page(addr, 0);
 }
+if (reset_target_data && p->target_data) {
+g_free(p->target_data);
+p->target_data = NULL;
+}
 p->flags = flags;
 }
 }
 
+void *page_get_target_data(target_ulong address)
+{
+PageDesc *p = page_find(address >> TARGET_PAGE_BITS);
+return p ? p->target_data : NULL;
+}
+
+void *page_alloc_target_data(target_ulong address, size_t size)
+{
+PageDesc *p = page_find(address >> TARGET_PAGE_BITS);
+void *ret = NULL;
+
+if (p) {
+ret = p->target_data;
+if (!ret && (p->flags & PAGE_VALID)) {
+p->target_data = ret = g_malloc0(size);
+}
+}
+return ret;
+}
+
 int page_check_range(target_ulong start, target_ulong len, int flags)
 {
 PageDesc *p;
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index c1bed290f6..75e0355ff7 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -626,6 +626,10 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
target_prot,
 }
 }
  the_end1:
+if ((flags & MAP_TYPE) == MAP_SHARED) {
+page_flags |= PAGE_SHARED;
+}
+page_flags |= PAGE_RESET;
 page_set_flags(start, start + len, page_flags);
  the_end:
 #ifdef DEBUG_MMAP
@@ -818,9 +822,11 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong 
old_size,
 new_addr = -1;
 } else {
 new_addr = h2g(host_addr);
+/* FIXME: Move page flags (and target_data?) for each page.  */
 prot = page_get_flags(old_addr);
 page_set_flags(old_addr, old_addr + old_size, 0);
-page_set_flags(new_addr, new_addr + new_size, prot | PAGE_VALID);
+page_set_flags(new_addr, new_addr + new_size,
+   prot | PAGE_VALID | PAGE_RESET);
 }
 tb_invalidate_phys_range(new_addr, new_addr + new_size);
 mmap_unlock();
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index e2af3c1494..52f50eca4b 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4061,8 +4061,8 @@ static inline abi_ulong do_shm

Re: [PULL 59/68] aspeed: Add an AST2600 eval board

[Peter Maydell]

On Mon, 14 Oct 2019 at 17:05, Peter Maydell  wrote:
>
> From: Cédric Le Goater 
>
> Signed-off-by: Cédric Le Goater 
> Reviewed-by: Joel Stanley 
> Message-id: 20190925143248.1-21-...@kaod.org
> Signed-off-by: Peter Maydell 
> ---
>  include/hw/arm/aspeed.h |  1 +
>  hw/arm/aspeed.c | 23 +++
>  2 files changed, 24 insertions(+)

> @@ -455,6 +467,17 @@ static const AspeedBoardConfig aspeed_boards[] = {
>  .num_cs= 2,
>  .i2c_init  = witherspoon_bmc_i2c_init,
>  .ram   = 512 * MiB,
> +}, {
> +.name  = MACHINE_TYPE_NAME("ast2600-evb"),
> +.desc  = "Aspeed AST2600 EVB (Cortex A7)",
> +.soc_name  = "ast2600-a0",
> +.hw_strap1 = AST2600_EVB_HW_STRAP1,
> +.hw_strap2 = AST2600_EVB_HW_STRAP2,
> +.fmc_model = "w25q512jv",
> +.spi_model = "mx66u51235f",
> +.num_cs= 1,
> +.i2c_init  = ast2600_evb_i2c_init,
> +.ram   = 2 * GiB,

Hi. I just discovered that this makes 'make check' fail on
32-bit systems, because you can't default to 2GB of RAM
for a board:

(armhf)pmaydell@mustang-maydell:~/qemu$
./build/all-a32/arm-softmmu/qemu-system-arm -M ast2600-evb
qemu-system-arm: at most 2047 MB RAM can be simulated

It's also a pretty rudely large amount of RAM to allocate
by default: it caused 'make check' to fail on my OSX
box, which is 64-bits but doesn't have huge swathes
of free RAM.

I'm going to drop this patch from my queue and redo
the pullreq.

thanks
-- PMM

[PATCH 0/3] target/arm: Implement ARMv8.5-MemTag, user mode

[Richard Henderson]

This is a refresh of the user-only patch set from March.

I do not attempt to implement any part of a kernel abi wrt mmap
and/or mprotect.  Instead, it uses a x-tagged-pages property to
assume that all anonymous pages have tags.

The tests added are disabled by default, but do pass if you have
binutils 2.32 installed.


r~


Based-on: <20191011134744.2477-1-richard.hender...@linaro.org>
("target/arm: Implement ARMv8.5-MemTag, system mode")

Based-on: <20190803210803.5701-1-richard.hender...@linaro.org>
("target/arm: Implement ARMv8.5-BTI for linux-user")

Complete tree: https://github.com/rth7680/qemu/tree/tgt-arm-mte-user


Richard Henderson (3):
  tcg: Introduce target-specific page data for user-only
  target/arm: Add allocation tag storage for user mode
  tests/tcg/aarch64: Add mte smoke tests

 include/exec/cpu-all.h| 10 ++--
 target/arm/cpu.h  |  4 
 accel/tcg/translate-all.c | 28 ++
 linux-user/mmap.c |  8 ++-
 linux-user/syscall.c  |  4 ++--
 target/arm/cpu64.c| 20 
 target/arm/mte_helper.c   | 35 +--
 tests/tcg/aarch64/mte-1.c | 27 +
 tests/tcg/aarch64/mte-2.c | 39 +++
 tests/tcg/aarch64/Makefile.target |  5 
 10 files changed, 173 insertions(+), 7 deletions(-)
 create mode 100644 tests/tcg/aarch64/mte-1.c
 create mode 100644 tests/tcg/aarch64/mte-2.c

-- 
2.17.1

Re: [PATCH V2 2/2] target/i386/kvm: Add Hyper-V direct tlb flush support

[Vitaly Kuznetsov]

lantianyu1...@gmail.com writes:

> From: Tianyu Lan 
>
> Hyper-V direct tlb flush targets KVM on Hyper-V guest.
> Enable direct TLB flush for its guests meaning that TLB
> flush hypercalls are handled by Level 0 hypervisor (Hyper-V)
> bypassing KVM in Level 1. Due to the different ABI for hypercall
> parameters between Hyper-V and KVM, KVM capabilities should be
> hidden when enable Hyper-V direct tlb flush otherwise KVM
> hypercalls may be intercepted by Hyper-V. Add new parameter
> "hv-direct-tlbflush". Check expose_kvm and Hyper-V tlb flush
> capability status before enabling the feature.
>
> Signed-off-by: Tianyu Lan 
> ---
> Change since V1:
>- Add direct tlb flush's Hyper-V property and use
>hv_cpuid_check_and_set() to check the dependency of tlbflush
>feature.
>- Make new feature work with Hyper-V passthrough mode.
> ---
>  docs/hyperv.txt   | 12 
>  target/i386/cpu.c |  2 ++
>  target/i386/cpu.h |  1 +
>  target/i386/kvm.c | 23 +++
>  4 files changed, 38 insertions(+)
>
> diff --git a/docs/hyperv.txt b/docs/hyperv.txt
> index 8fdf25c829..ceab8c21fe 100644
> --- a/docs/hyperv.txt
> +++ b/docs/hyperv.txt
> @@ -184,6 +184,18 @@ enabled.
>  
>  Requires: hv-vpindex, hv-synic, hv-time, hv-stimer
>  
> +3.18. hv-direct-tlbflush
> +===
> +The enlightenment targets KVM on Hyper-V guest. Enable direct TLB flush for
> +its guests meaning that TLB flush hypercalls are handled by Level 0 
> hypervisor
> +(Hyper-V) bypassing KVM in Level 1. Due to the different ABI for hypercall
> +parameters between Hyper-V and KVM, enabling this capability effectively
> +disables all hypercall handling by KVM (as some KVM hypercall may be 
> mistakenly
> +treated as TLB flush hypercalls by Hyper-V). So kvm capability should not 
> show
> +to guest when enable this capability. If not, user will fail to enable this
> +capability.


My take:

"Enable direct TLB flush for KVM when it is running as a nested
hypervisor on top Hyper-V. When enabled, TLB flush hypercalls from L2
guests are being passed through to L0 (Hyper-V) for handling. Due to ABI
differences between Hyper-V and KVM hypercalls, L2 guests will not be
able to issue KVM hypercalls (as those could be mishanled by L0
Hyper-V), this requires KVM hypervisor signature to be hidden."

It would be great if someone who doesn't know that the feature is would
read these two paragraphs and tell us how they sound :-)

> +
> +Requires: hv-tlbflush, -kvm
>  
>  4. Development features
>  
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 44f1bbdcac..7bc7fee512 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -6156,6 +6156,8 @@ static Property x86_cpu_properties[] = {
>HYPERV_FEAT_IPI, 0),
>  DEFINE_PROP_BIT64("hv-stimer-direct", X86CPU, hyperv_features,
>HYPERV_FEAT_STIMER_DIRECT, 0),
> +DEFINE_PROP_BIT64("hv-direct-tlbflush", X86CPU, hyperv_features,
> +  HYPERV_FEAT_DIRECT_TLBFLUSH, 0),
>  DEFINE_PROP_BOOL("hv-passthrough", X86CPU, hyperv_passthrough, false),
>  
>  DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true),
> diff --git a/target/i386/cpu.h b/target/i386/cpu.h
> index eaa5395aa5..3cb105f7d6 100644
> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -907,6 +907,7 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
>  #define HYPERV_FEAT_EVMCS   12
>  #define HYPERV_FEAT_IPI 13
>  #define HYPERV_FEAT_STIMER_DIRECT   14
> +#define HYPERV_FEAT_DIRECT_TLBFLUSH 15
>  
>  #ifndef HYPERV_SPINLOCK_NEVER_RETRY
>  #define HYPERV_SPINLOCK_NEVER_RETRY 0x
> diff --git a/target/i386/kvm.c b/target/i386/kvm.c
> index 11b9c854b5..7e0fbc730e 100644
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -900,6 +900,10 @@ static struct {
>  },
>  .dependencies = BIT(HYPERV_FEAT_STIMER)
>  },
> +[HYPERV_FEAT_DIRECT_TLBFLUSH] = {
> +.desc = "direct tlbflush (hv-direct-tlbflush)",

"direct TLB flush" (to be consistent with "paravirtualized TLB flush" above

> +.dependencies = BIT(HYPERV_FEAT_TLBFLUSH)
> +},
>  };
>  
>  static struct kvm_cpuid2 *try_get_hv_cpuid(CPUState *cs, int max)
> @@ -1224,6 +1228,7 @@ static int hyperv_handle_properties(CPUState *cs,
>  r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_EVMCS);
>  r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_IPI);
>  r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_STIMER_DIRECT);
> +r |= hv_cpuid_check_and_set(cs, cpuid, HYPERV_FEAT_DIRECT_TLBFLUSH);
>  
>  /* Additional dependencies not covered by kvm_hyperv_properties[] */
>  if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC) &&
> @@ -1243,6 +1248,24 @@ static int hyperv_handle_properties(CPUState *cs,
>  goto free;
>  }
>  
> +if (hyperv_feat_enabled(cpu, HYPERV_FEAT_DIRECT_TLBFLUSH) ||
> +cpu->hyperv_passth

[PATCH v3 2/3] target/arm: Add allocation tag storage for user mode

[Richard Henderson]

Control this with x-tagged-pages, which is off by default.

The limitation to non-shared pages is not part of a future kernel API,
but a limitation of linux-user not being able to map virtual pages back
to physical pages.

Signed-off-by: Richard Henderson 
---
v2: Add the x-tagged-pages cpu property
---
 target/arm/cpu.h|  4 
 target/arm/cpu64.c  | 20 
 target/arm/mte_helper.c | 35 +--
 3 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index c3609ef9d5..272df43d3c 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -912,6 +912,10 @@ struct ARMCPU {
  */
 bool cfgend;
 
+#ifdef CONFIG_USER_ONLY
+bool tagged_pages;
+#endif
+
 QLIST_HEAD(, ARMELChangeHook) pre_el_change_hooks;
 QLIST_HEAD(, ARMELChangeHook) el_change_hooks;
 
diff --git a/target/arm/cpu64.c b/target/arm/cpu64.c
index ac1e2dc2c4..4bf498f778 100644
--- a/target/arm/cpu64.c
+++ b/target/arm/cpu64.c
@@ -279,6 +279,20 @@ static void cpu_max_set_sve_vq(Object *obj, Visitor *v, 
const char *name,
 error_propagate(errp, err);
 }
 
+#ifdef CONFIG_USER_ONLY
+static bool aarch64_cpu_get_tagged_pages(Object *obj, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+return cpu->tagged_pages;
+}
+
+static void aarch64_cpu_set_tagged_pages(Object *obj, bool val, Error **errp)
+{
+ARMCPU *cpu = ARM_CPU(obj);
+cpu->tagged_pages = val;
+}
+#endif
+
 /* -cpu max: if KVM is enabled, like -cpu host (best possible with this host);
  * otherwise, a CPU with as many features enabled as our emulation supports.
  * The version of '-cpu max' for qemu-system-arm is defined in cpu.c;
@@ -389,6 +403,12 @@ static void aarch64_max_initfn(Object *obj)
  */
 cpu->ctr = 0x80038003; /* 32 byte I and D cacheline size, VIPT icache 
*/
 cpu->dcz_blocksize = 7; /*  512 bytes */
+
+object_property_add_bool(obj, "x-tagged-pages",
+ aarch64_cpu_get_tagged_pages,
+ aarch64_cpu_set_tagged_pages, NULL);
+object_property_set_description(obj, "x-tagged-pages",
+"Set on/off MemAttr Tagged for all pages", NULL);
 #endif
 
 cpu->sve_max_vq = ARM_MAX_VQ;
diff --git a/target/arm/mte_helper.c b/target/arm/mte_helper.c
index 657383ba0e..797c6229ab 100644
--- a/target/arm/mte_helper.c
+++ b/target/arm/mte_helper.c
@@ -29,8 +29,39 @@ static uint8_t *allocation_tag_mem(CPUARMState *env, 
uint64_t ptr,
bool write, uintptr_t ra)
 {
 #ifdef CONFIG_USER_ONLY
-/* Tag storage not implemented.  */
-return NULL;
+ARMCPU *cpu = env_archcpu(env);
+uint8_t *tags;
+uintptr_t index;
+int flags;
+
+flags = page_get_flags(ptr);
+
+if (!(flags & PAGE_VALID) || !(flags & (write ? PAGE_WRITE : PAGE_READ))) {
+/* SIGSEGV */
+env->exception.vaddress = ptr;
+cpu_restore_state(CPU(cpu), ra, true);
+raise_exception(env, EXCP_DATA_ABORT, 0, 1);
+}
+
+if (!cpu->tagged_pages) {
+/* Tag storage is disabled.  */
+return NULL;
+}
+if (flags & PAGE_SHARED) {
+/* There may be multiple mappings; pretend not implemented.  */
+return NULL;
+}
+
+tags = page_get_target_data(ptr);
+if (tags == NULL) {
+size_t alloc_size = TARGET_PAGE_SIZE >> (LOG2_TAG_GRANULE + 1);
+tags = page_alloc_target_data(ptr, alloc_size);
+assert(tags != NULL);
+}
+
+index = extract32(ptr, LOG2_TAG_GRANULE + 1,
+  TARGET_PAGE_BITS - LOG2_TAG_GRANULE - 1);
+return tags + index;
 #else
 CPUState *cs = env_cpu(env);
 uintptr_t index;
-- 
2.17.1

[PATCH 32/32] hw/pci-host/i440fx: Remove the last PIIX3 traces

[Philippe Mathieu-Daudé]

The PIIX3 is not tied to the i440FX and can even be used without it.
Move its creation to the machine code (pc_piix.c).
We have now removed the last trace of southbridge code in the i440FX
northbridge.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/i386/pc_piix.c| 8 +++-
 hw/pci-host/i440fx.c | 8 
 include/hw/pci-host/i440fx.h | 3 +--
 3 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 8ac4bf12ca..cb4f4fc94c 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -190,14 +190,20 @@ static void pc_init1(MachineState *machine,
 gsi_state = pc_gsi_create(&pcms->gsi, pcmc->pci_enabled);
 
 if (pcmc->pci_enabled) {
+PIIX3State *piix3;
+
 pci_bus = i440fx_init(host_type,
   pci_type,
-  &i440fx_state, &piix3_devfn, &isa_bus, pcms->gsi,
+  &i440fx_state,
   system_memory, system_io, machine->ram_size,
   pcms->below_4g_mem_size,
   pcms->above_4g_mem_size,
   pci_memory, ram_memory);
 pcms->bus = pci_bus;
+
+piix3 = piix3_create(pci_bus, &isa_bus);
+piix3->pic = pcms->gsi;
+piix3_devfn = piix3->dev.devfn;
 } else {
 pci_bus = NULL;
 i440fx_state = NULL;
diff --git a/hw/pci-host/i440fx.c b/hw/pci-host/i440fx.c
index 79ecd58a2b..f27131102d 100644
--- a/hw/pci-host/i440fx.c
+++ b/hw/pci-host/i440fx.c
@@ -27,7 +27,6 @@
 #include "hw/pci/pci.h"
 #include "hw/pci/pci_host.h"
 #include "hw/pci-host/i440fx.h"
-#include "hw/southbridge/piix.h"
 #include "hw/qdev-properties.h"
 #include "hw/sysbus.h"
 #include "qapi/error.h"
@@ -272,8 +271,6 @@ static void i440fx_realize(PCIDevice *dev, Error **errp)
 
 PCIBus *i440fx_init(const char *host_type, const char *pci_type,
 PCII440FXState **pi440fx_state,
-int *piix3_devfn,
-ISABus **isa_bus, qemu_irq *pic,
 MemoryRegion *address_space_mem,
 MemoryRegion *address_space_io,
 ram_addr_t ram_size,
@@ -286,7 +283,6 @@ PCIBus *i440fx_init(const char *host_type, const char 
*pci_type,
 PCIBus *b;
 PCIDevice *d;
 PCIHostState *s;
-PIIX3State *piix3;
 PCII440FXState *f;
 unsigned i;
 I440FXState *i440fx;
@@ -339,10 +335,6 @@ PCIBus *i440fx_init(const char *host_type, const char 
*pci_type,
  PAM_EXPAN_SIZE);
 }
 
-piix3 = piix3_create(b, isa_bus);
-piix3->pic = pic;
-*piix3_devfn = piix3->dev.devfn;
-
 ram_size = ram_size / 8 / 1024 / 1024;
 if (ram_size > 255) {
 ram_size = 255;
diff --git a/include/hw/pci-host/i440fx.h b/include/hw/pci-host/i440fx.h
index e327f9bf87..f54e6466e4 100644
--- a/include/hw/pci-host/i440fx.h
+++ b/include/hw/pci-host/i440fx.h
@@ -22,8 +22,7 @@ typedef struct PCII440FXState PCII440FXState;
 #define TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE "igd-passthrough-i440FX"
 
 PCIBus *i440fx_init(const char *host_type, const char *pci_type,
-PCII440FXState **pi440fx_state, int *piix_devfn,
-ISABus **isa_bus, qemu_irq *pic,
+PCII440FXState **pi440fx_state,
 MemoryRegion *address_space_mem,
 MemoryRegion *address_space_io,
 ram_addr_t ram_size,
-- 
2.21.0

[RFC PATCH] hw/mem/Kconfig: NVDIMM device requires CONFIG_MEM_DEVICE

[Philippe Mathieu-Daudé]

When selecting only the NVDIMM device with "NVDIMM y", the
device is not compiled/linked because it does not select MEM_DEVICE
and hw/mem/Makefile.objs is not included:

  $ git grep mem/ hw/Makefile.objs
  hw/Makefile.objs:39:devices-dirs-$(CONFIG_MEM_DEVICE) += mem/

Let NVDIMM config select MEM_DEVICE.

Signed-off-by: Philippe Mathieu-Daudé 
---
I'm not sure this is the best fix, maybe we should simply include
mem/ regardless of CONFIG_MEM_DEVICE (all mem devices use it).
---
 hw/mem/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/mem/Kconfig b/hw/mem/Kconfig
index 620fd4cb59..5da724d7a2 100644
--- a/hw/mem/Kconfig
+++ b/hw/mem/Kconfig
@@ -7,5 +7,6 @@ config MEM_DEVICE
 
 config NVDIMM
 bool
+select MEM_DEVICE
 default y
 depends on PC
-- 
2.21.0

[PATCH 29/32] hw/pci-host/piix: Fix code style issues

[Philippe Mathieu-Daudé]

We will move this code, fix its style first.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/pci-host/piix.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index 0b5da5bc94..61f91ff561 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -133,9 +133,10 @@ static PCIINTxRoute piix3_route_intx_pin_to_irq(void 
*opaque, int pci_intx);
 static void piix3_write_config_xen(PCIDevice *dev,
uint32_t address, uint32_t val, int len);
 
-/* return the global irq number corresponding to a given device irq
-   pin. We could also use the bus number to have a more precise
-   mapping. */
+/*
+ * Return the global irq number corresponding to a given device irq
+ * pin. We could also use the bus number to have a more precise mapping.
+ */
 static int pci_slot_get_pirq(PCIDevice *pci_dev, int pci_intx)
 {
 int slot_addend;
-- 
2.21.0

[PATCH v3 3/3] tests/tcg/aarch64: Add mte smoke tests

[Richard Henderson]

Signed-off-by: Richard Henderson 
---
 tests/tcg/aarch64/mte-1.c | 27 +
 tests/tcg/aarch64/mte-2.c | 39 +++
 tests/tcg/aarch64/Makefile.target |  5 
 3 files changed, 71 insertions(+)
 create mode 100644 tests/tcg/aarch64/mte-1.c
 create mode 100644 tests/tcg/aarch64/mte-2.c

diff --git a/tests/tcg/aarch64/mte-1.c b/tests/tcg/aarch64/mte-1.c
new file mode 100644
index 00..18bfb1120f
--- /dev/null
+++ b/tests/tcg/aarch64/mte-1.c
@@ -0,0 +1,27 @@
+/*
+ * Memory tagging, basic pass cases.
+ */
+
+#include 
+
+asm(".arch armv8.5-a+memtag");
+
+int data[16 / sizeof(int)] __attribute__((aligned(16)));
+
+int main(int ac, char **av)
+{
+int *p0 = data;
+int *p1, *p2;
+long c;
+
+asm("irg %0,%1,%2" : "=r"(p1) : "r"(p0), "r"(1));
+assert(p1 != p0);
+asm("subp %0,%1,%2" : "=r"(c) : "r"(p0), "r"(p1));
+assert(c == 0);
+
+asm("stg %0, [%0]" : : "r"(p1));
+asm("ldg %0, [%1]" : "=r"(p2) : "r"(p0), "0"(p0));
+assert(p1 == p2);
+
+return 0;
+}
diff --git a/tests/tcg/aarch64/mte-2.c b/tests/tcg/aarch64/mte-2.c
new file mode 100644
index 00..2991b7df69
--- /dev/null
+++ b/tests/tcg/aarch64/mte-2.c
@@ -0,0 +1,39 @@
+/*
+ * Memory tagging, basic fail cases.
+ */
+
+#include 
+#include 
+#include 
+
+asm(".arch armv8.5-a+memtag");
+
+int data[16 / sizeof(int)] __attribute__((aligned(16)));
+
+void pass(int sig)
+{
+exit(0);
+}
+
+int main(int ac, char **av)
+{
+int *p0 = data;
+int *p1, *p2;
+long excl = 1;
+
+/* Create two differently tagged pointers.  */
+asm("irg %0,%1,%2" : "=r"(p1) : "r"(p0), "r"(excl));
+asm("gmi %0,%1,%0" : "+r"(excl) : "r" (p1));
+assert(excl != 1);
+asm("irg %0,%1,%2" : "=r"(p2) : "r"(p0), "r"(excl));
+assert(p1 != p2);
+
+/* Store the tag from the first pointer.  */
+asm("stg %0, [%0]" : : "r"(p1));
+
+*p1 = 0;
+signal(SIGSEGV, pass);
+*p2 = 0;
+
+assert(0);
+}
diff --git a/tests/tcg/aarch64/Makefile.target 
b/tests/tcg/aarch64/Makefile.target
index 0040b68dd0..0971c244b7 100644
--- a/tests/tcg/aarch64/Makefile.target
+++ b/tests/tcg/aarch64/Makefile.target
@@ -32,4 +32,9 @@ run-semihosting: semihosting
 # AARCH64_TESTS += bti-1
 bti-1: LDFLAGS += -nostdlib -Wl,-T,$(AARCH64_SRC)/bti.ld
 
+# We need binutils-2.32 to assemble this test case.
+# AARCH64_TESTS += mte-1 mte-2
+mte-%: CFLAGS += -O -g
+run-mte-%: QEMU += -cpu max,x-tagged-pages=on
+
 TESTS += $(AARCH64_TESTS)
-- 
2.17.1

[PATCH 28/32] hw/pci-host/piix: Move i440FX declarations to hw/pci-host/i440fx.h

[Philippe Mathieu-Daudé]

From: Philippe Mathieu-Daudé 

The hw/pci-host/piix.c contains a mix of PIIX3 and i440FX chipsets
functions. To be able to split it, we need to export some
declarations first.

Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS  |  1 +
 hw/acpi/pcihp.c  |  2 +-
 hw/i386/pc_piix.c|  1 +
 hw/pci-host/piix.c   |  1 +
 include/hw/i386/pc.h | 22 -
 include/hw/pci-host/i440fx.h | 37 
 stubs/pci-host-piix.c|  3 ++-
 7 files changed, 43 insertions(+), 24 deletions(-)
 create mode 100644 include/hw/pci-host/i440fx.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 556f58bd8c..adf059a164 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1228,6 +1228,7 @@ F: hw/i386/
 F: hw/pci-host/piix.c
 F: hw/pci-host/q35.c
 F: hw/pci-host/pam.c
+F: include/hw/pci-host/i440fx.h
 F: include/hw/pci-host/q35.h
 F: include/hw/pci-host/pam.h
 F: hw/isa/lpc_ich9.c
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
index 82d295b6e8..8413348a33 100644
--- a/hw/acpi/pcihp.c
+++ b/hw/acpi/pcihp.c
@@ -27,7 +27,7 @@
 #include "qemu/osdep.h"
 #include "hw/acpi/pcihp.h"
 
-#include "hw/i386/pc.h"
+#include "hw/pci-host/i440fx.h"
 #include "hw/pci/pci.h"
 #include "hw/pci/pci_bridge.h"
 #include "hw/acpi/acpi.h"
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 5b35ff04c7..8ac4bf12ca 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -29,6 +29,7 @@
 #include "hw/loader.h"
 #include "hw/i386/pc.h"
 #include "hw/i386/apic.h"
+#include "hw/pci-host/i440fx.h"
 #include "hw/southbridge/piix.h"
 #include "hw/display/ramfb.h"
 #include "hw/firmware/smbios.h"
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index a450fc726e..0b5da5bc94 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -27,6 +27,7 @@
 #include "hw/irq.h"
 #include "hw/pci/pci.h"
 #include "hw/pci/pci_host.h"
+#include "hw/pci-host/i440fx.h"
 #include "hw/southbridge/piix.h"
 #include "hw/qdev-properties.h"
 #include "hw/isa/isa.h"
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 1c20b96571..cead2828de 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -248,28 +248,6 @@ int cmos_get_fd_drive_type(FloppyDriveType fd0);
 /* hpet.c */
 extern int no_hpet;
 
-/* piix_pci.c */
-struct PCII440FXState;
-typedef struct PCII440FXState PCII440FXState;
-
-#define TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost"
-#define TYPE_I440FX_PCI_DEVICE "i440FX"
-
-#define TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE "igd-passthrough-i440FX"
-
-PCIBus *i440fx_init(const char *host_type, const char *pci_type,
-PCII440FXState **pi440fx_state, int *piix_devfn,
-ISABus **isa_bus, qemu_irq *pic,
-MemoryRegion *address_space_mem,
-MemoryRegion *address_space_io,
-ram_addr_t ram_size,
-ram_addr_t below_4g_mem_size,
-ram_addr_t above_4g_mem_size,
-MemoryRegion *pci_memory,
-MemoryRegion *ram_memory);
-
-PCIBus *find_i440fx(void);
-
 /* pc_sysfw.c */
 void pc_system_flash_create(PCMachineState *pcms);
 void pc_system_firmware_init(PCMachineState *pcms, MemoryRegion *rom_memory);
diff --git a/include/hw/pci-host/i440fx.h b/include/hw/pci-host/i440fx.h
new file mode 100644
index 00..e327f9bf87
--- /dev/null
+++ b/include/hw/pci-host/i440fx.h
@@ -0,0 +1,37 @@
+/*
+ * QEMU i440FX North Bridge Emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#ifndef HW_PCI_I440FX_H
+#define HW_PCI_I440FX_H
+
+#include "hw/hw.h"
+#include "hw/pci/pci_bus.h"
+
+typedef struct PCII440FXState PCII440FXState;
+
+#define TYPE_I440FX_PCI_HOST_BRIDGE "i440FX-pcihost"
+#define TYPE_I440FX_PCI_DEVICE "i440FX"
+
+#define TYPE_IGD_PASSTHROUGH_I440FX_PCI_DEVICE "igd-passthrough-i440FX"
+
+PCIBus *i440fx_init(const char *host_type, const char *pci_type,
+PCII440FXState **pi440fx_state, int *piix_devfn,
+ISABus **isa_bus, qemu_irq *pic,
+MemoryRegion *address_space_mem,
+MemoryRegion *address_space_io,
+ram_addr_t ram_size,
+ram_addr_t below_4g_mem_size,
+ram_addr_t above_4g_mem_size,
+MemoryRegion *pci_memory,
+MemoryRegion *ram_memory);
+
+PCIBus *find_i440fx(void);
+
+#endif
diff --git a/stubs/pci-host-piix.c b/stubs/pci-host-piix.c
index 6ed81b1f21..93975adbfe 100644
--- a/stubs/pci-host-piix.c
+++ b/stubs/pci-host-piix.c
@@ -1,5 +1,6 @@
 #include "qemu/osdep.h"
-#include "hw/i386/pc.h"
+#include "hw/pci-host/i440fx.h"
+
 PCIBus *find_i440fx(void)
 {
 return NULL;
-- 
2.21.0

Re: LEON3 networking

[Joshua Shaffer]

Hello,

I've been using the LEON3 port of qemu, and am wondering if anyone has
touched the networking setup for such since the thread here:
https://lists.rtems.org/pipermail/users/2014-September/028224.html


On Tue, Oct 15, 2019 at 9:17 AM Joshua Shaffer
 wrote:
>
> Hello,
>
> I've been using the LEON3 port of qemu, and am wondering if anyone has 
> touched the networking setup for such since the thread here: 
> https://lists.rtems.org/pipermail/users/2014-September/028224.html
>
> Joshua Shaffer

-- 
Notice: This message is intended solely for use of the individual or entity 
to which it is addressed and may contain information that is proprietary, 
privileged, company confidential and/or exempt from disclosure under 
applicable law. If the reader is not the intended recipient or agent 
responsible for delivering the message to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. This communication may also contain 
data subject to the International Traffic in Arms Regulations or U.S. 
Export Administration Regulations and cannot be disseminated, distributed 
or copied to foreign nationals, residing in the U.S. or abroad, without the 
prior approval of the U.S. Department of State or appropriate export 
licensing authority. If you have received this communication in error, 
please notify the sender by reply e-mail or collect telephone call and 
delete or destroy all copies of this email message, any physical copies 
made of this e-mail message and/or any file attachment(s).

[PATCH 31/32] hw/pci-host: Rename incorrectly named 'piix' as 'i440fx'

[Philippe Mathieu-Daudé]

From: Philippe Mathieu-Daudé 

We moved all the PIIX3 southbridge code out of hw/pci-host/piix.c,
it now only contains i440FX northbridge code.
Rename it to match the chipset modelled.

Signed-off-by: Philippe Mathieu-Daudé 
---
 MAINTAINERS  | 2 +-
 hw/i386/Kconfig  | 2 +-
 hw/pci-host/Kconfig  | 2 +-
 hw/pci-host/Makefile.objs| 2 +-
 hw/pci-host/{piix.c => i440fx.c} | 0
 5 files changed, 4 insertions(+), 4 deletions(-)
 rename hw/pci-host/{piix.c => i440fx.c} (100%)

diff --git a/MAINTAINERS b/MAINTAINERS
index 4845f47d93..1bc9959b8a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1225,7 +1225,7 @@ M: Marcel Apfelbaum 
 S: Supported
 F: include/hw/i386/
 F: hw/i386/
-F: hw/pci-host/piix.c
+F: hw/pci-host/i440fx.c
 F: hw/pci-host/q35.c
 F: hw/pci-host/pam.c
 F: include/hw/pci-host/i440fx.h
diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
index 589d75e26a..cfe94aede7 100644
--- a/hw/i386/Kconfig
+++ b/hw/i386/Kconfig
@@ -60,7 +60,7 @@ config I440FX
 select PC_PCI
 select PC_ACPI
 select ACPI_SMBUS
-select PCI_PIIX
+select PCI_I440FX
 select PIIX3
 select IDE_PIIX
 select DIMM
diff --git a/hw/pci-host/Kconfig b/hw/pci-host/Kconfig
index 397043b289..b0aa8351c4 100644
--- a/hw/pci-host/Kconfig
+++ b/hw/pci-host/Kconfig
@@ -28,7 +28,7 @@ config PCI_SABRE
 select PCI
 bool
 
-config PCI_PIIX
+config PCI_I440FX
 bool
 select PCI
 select PAM
diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
index a9cd3e022d..efd752b766 100644
--- a/hw/pci-host/Makefile.objs
+++ b/hw/pci-host/Makefile.objs
@@ -13,7 +13,7 @@ common-obj-$(CONFIG_VERSATILE_PCI) += versatile.o
 
 common-obj-$(CONFIG_PCI_SABRE) += sabre.o
 common-obj-$(CONFIG_FULONG) += bonito.o
-common-obj-$(CONFIG_PCI_PIIX) += piix.o
+common-obj-$(CONFIG_PCI_I440FX) += i440fx.o
 common-obj-$(CONFIG_PCI_EXPRESS_Q35) += q35.o
 common-obj-$(CONFIG_PCI_EXPRESS_GENERIC_BRIDGE) += gpex.o
 common-obj-$(CONFIG_PCI_EXPRESS_XILINX) += xilinx-pcie.o
diff --git a/hw/pci-host/piix.c b/hw/pci-host/i440fx.c
similarity index 100%
rename from hw/pci-host/piix.c
rename to hw/pci-host/i440fx.c
-- 
2.21.0

[PATCH 0/3] target/arm: Implement ARMv8.5-MemTag, user mode

[Richard Henderson]

This is a refresh of the user-only patch set from March.

I do not attempt to implement any part of a kernel abi wrt mmap
and/or mprotect.  Instead, it uses a x-tagged-pages property to
assume that all anonymous pages have tags.

The tests added are disabled by default, but do pass if you have
binutils 2.32 installed.


r~


Based-on: <20191011134744.2477-1-richard.hender...@linaro.org>
("target/arm: Implement ARMv8.5-MemTag, system mode")

Based-on: <20190803210803.5701-1-richard.hender...@linaro.org>
("target/arm: Implement ARMv8.5-BTI for linux-user")

Complete tree: https://github.com/rth7680/qemu/tree/tgt-arm-mte-user


Richard Henderson (3):
  tcg: Introduce target-specific page data for user-only
  target/arm: Add allocation tag storage for user mode
  tests/tcg/aarch64: Add mte smoke tests

 include/exec/cpu-all.h| 10 ++--
 target/arm/cpu.h  |  4 
 accel/tcg/translate-all.c | 28 ++
 linux-user/mmap.c |  8 ++-
 linux-user/syscall.c  |  4 ++--
 target/arm/cpu64.c| 20 
 target/arm/mte_helper.c   | 35 +--
 tests/tcg/aarch64/mte-1.c | 27 +
 tests/tcg/aarch64/mte-2.c | 39 +++
 tests/tcg/aarch64/Makefile.target |  5 
 10 files changed, 173 insertions(+), 7 deletions(-)
 create mode 100644 tests/tcg/aarch64/mte-1.c
 create mode 100644 tests/tcg/aarch64/mte-2.c

-- 
2.17.1

Re: [Qemu-devel] [PATCH] hw/arm: set machine 'virt' as default

[Dan Streetman]

On Thu, Sep 19, 2019 at 5:34 AM Philippe Mathieu-Daudé
 wrote:
>
> On 9/18/19 11:56 PM, Dan Streetman wrote:
> > On Wed, Sep 18, 2019 at 4:34 PM Alex Bennée  wrote:
> >>
> >> Dan Streetman  writes:
> >>
> >>> From: Dan Streetman 
> >>>
> >>> There is currently no default machine type for arm so one must be 
> >>> specified
> >>> with --machine.  This sets the 'virt' machine type as default.
> >>
> >> We should really have a FAQ entry for why we don't have a default for
> >> ARM. In short unlike PC's every ARM device is different so it pays to be
> >> precise about what you want when you invoke QEMU. Because any given
> >> kernel/image is only likely to work on the machine it's built for.
> >
> > well, that's the problem, I have no idea at all what I want; and "I"
> > doesn't really apply completely in this situation, as the call to run
> > qemu comes from deep inside a test suite, and can run on multiple
> > archs, and could even be run by other people on other systems/archs.
> >
> > This is what I have (tentatively) come up with to handle this in the test 
> > suite:
> > https://github.com/systemd/systemd/pull/13409/files#diff-2ea30ffea3b108e0f9c50846cfdcd4e5R197
> >
> > To be fair, it's unlikely that other people would run this on an arm
> > system, unless they were a bit more familiar with arm, and maybe would
> > know what machine type to pick.  Similarly for the testbeds that I
> > handle for this test suite, I know that 'virt' seems to work.
> >
> >>
> >> Why is virt special? It's just one of the many machines we emulate and
> >> while it's probably the most popular these days for "something that
> >> boots a Linux distro" why not -machine sba (when that comes)?
>
> This was my first reaction too, why not use the SBSA machine as default?
>
> > I am certainly not the right person to pick what the default should
> > be, but I do think there should be *some* default.  If 'virt' is the
> > most popular and/or has the widest kernel support, then it probably
> > makes sense to make that the default.
> >
> > I would guess that users of qemu-system-aarch64 (or -arm) fall into 2 
> > groups:
> >
> > 1. people who know about arm and know exactly what machine they want to use
> > 2. people who don't know about arm and have no idea what machine to use
> >
> > group #1 of course can still pick whatever machine they want.  I'm in
> > group #2, and I suspect that like most others in the group, I did:
> >
> > $ qemu-system-aarch64 ...
> > qemu-system-aarch64: No machine specified, and there is no default
> > Use -machine help to list supported machines
> > $ qemu-system-aarch64 -M ?
> > ...shows long list of machines that i'm unfamiliar with...
> > virt-2.10QEMU 2.10 ARM Virtual Machine
> > virt-2.11QEMU 2.11 ARM Virtual Machine
> > virt-2.12QEMU 2.12 ARM Virtual Machine
> > virt-2.6 QEMU 2.6 ARM Virtual Machine
> > virt-2.7 QEMU 2.7 ARM Virtual Machine
> > virt-2.8 QEMU 2.8 ARM Virtual Machine
> > virt-2.9 QEMU 2.9 ARM Virtual Machine
> > virt-3.0 QEMU 3.0 ARM Virtual Machine
> > virt QEMU 3.1 ARM Virtual Machine (alias of virt-3.1)
> > virt-3.1 QEMU 3.1 ARM Virtual Machine
> >
> > (aha! those "virt" machines look generic enough that they'll work...)
> > $ qemu-system-aarch64 -M virt ...
> >
> > I honestly don't know if it would be better to have a FAQ on why there
> > is no default, or just to set a default.  Personally, I'd prefer just
> > having a default.
> >
> > If you do decide against a default, I would suggest at least printing
> > the url to the FAQ entry on why arm doesn't have a default, instead of
> > just asking users to pick one out of the -M ? list.
>
> We can also go all the way around to educate users to use the -M flag,
> by killing the 'default machine' on all targets.

To follow up on this; is the final desicion for arm to not include any default?

Also, will archs that currently do have defaults, have those defaults removed?

Thanks!

>
> Personally I also find the default ppc64 machine confusing.
>
> On the X86 side there is a long discussion/debt about when to change the
> default i440fx to q35, so having no default at all would fix this other
> issue.
>
> >>> Signed-off-by: Dan Streetman 
> >>> ---
> >>>  hw/arm/virt.c | 1 +
> >>>  1 file changed, 1 insertion(+)
> >>>
> >>> diff --git a/hw/arm/virt.c b/hw/arm/virt.c
> >>> index d74538b021..e9fe888ca2 100644
> >>> --- a/hw/arm/virt.c
> >>> +++ b/hw/arm/virt.c
> >>> @@ -78,6 +78,7 @@
> >>>  mc->desc = "QEMU " # major "." # minor " ARM Virtual Machine"; \
> >>>  if (latest) { \
> >>>  mc->alias = "virt"; \
> >>> +mc->is_default = 1; \
> >>>  } \
> >>>  } \
> >>>  static const TypeInfo machvirt_##major##_##minor##_info = { \
> >>
> >>
> >> --
> >> Alex Bennée
> >>
> >
>

[PATCH 30/32] hw/pci-host/piix: Extract PIIX3 functions to hw/isa/piix3.c

[Philippe Mathieu-Daudé]

From: Philippe Mathieu-Daudé 

Move all the PIIX3 functions to a new file: hw/isa/piix3.c.

Signed-off-by: Philippe Mathieu-Daudé 
---
Checkpatch warning:

 ERROR: spaces required around that '*' (ctx:VxV)
 #312: FILE: hw/isa/piix3.c:248:
 +.subsections = (const VMStateDescription*[]) {
  ^
---
 MAINTAINERS   |   1 +
 hw/i386/Kconfig   |   1 +
 hw/isa/Kconfig|   4 +
 hw/isa/Makefile.objs  |   1 +
 hw/isa/piix3.c| 399 +
 hw/pci-host/Kconfig   |   1 -
 hw/pci-host/piix.c| 402 --
 include/hw/southbridge/piix.h |  36 +++
 8 files changed, 442 insertions(+), 403 deletions(-)
 create mode 100644 hw/isa/piix3.c

diff --git a/MAINTAINERS b/MAINTAINERS
index adf059a164..4845f47d93 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -1231,6 +1231,7 @@ F: hw/pci-host/pam.c
 F: include/hw/pci-host/i440fx.h
 F: include/hw/pci-host/q35.h
 F: include/hw/pci-host/pam.h
+F: hw/isa/piix3.c
 F: hw/isa/lpc_ich9.c
 F: hw/i2c/smbus_ich9.c
 F: hw/acpi/piix4.c
diff --git a/hw/i386/Kconfig b/hw/i386/Kconfig
index c5c9d4900e..589d75e26a 100644
--- a/hw/i386/Kconfig
+++ b/hw/i386/Kconfig
@@ -61,6 +61,7 @@ config I440FX
 select PC_ACPI
 select ACPI_SMBUS
 select PCI_PIIX
+select PIIX3
 select IDE_PIIX
 select DIMM
 select SMBIOS
diff --git a/hw/isa/Kconfig b/hw/isa/Kconfig
index 98a289957e..8a38813cc1 100644
--- a/hw/isa/Kconfig
+++ b/hw/isa/Kconfig
@@ -29,6 +29,10 @@ config PC87312
 select FDC
 select IDE_ISA
 
+config PIIX3
+bool
+select ISA_BUS
+
 config PIIX4
 bool
 # For historical reasons, SuperIO devices are created in the board
diff --git a/hw/isa/Makefile.objs b/hw/isa/Makefile.objs
index ff97485504..8e73960a75 100644
--- a/hw/isa/Makefile.objs
+++ b/hw/isa/Makefile.objs
@@ -3,6 +3,7 @@ common-obj-$(CONFIG_ISA_SUPERIO) += isa-superio.o
 common-obj-$(CONFIG_APM) += apm.o
 common-obj-$(CONFIG_I82378) += i82378.o
 common-obj-$(CONFIG_PC87312) += pc87312.o
+common-obj-$(CONFIG_PIIX3) += piix3.o
 common-obj-$(CONFIG_PIIX4) += piix4.o
 common-obj-$(CONFIG_VT82C686) += vt82c686.o
 common-obj-$(CONFIG_SMC37C669) += smc37c669-superio.o
diff --git a/hw/isa/piix3.c b/hw/isa/piix3.c
new file mode 100644
index 00..05146447ef
--- /dev/null
+++ b/hw/isa/piix3.c
@@ -0,0 +1,399 @@
+/*
+ * QEMU PIIX PCI ISA Bridge Emulation
+ *
+ * Copyright (c) 2006 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/range.h"
+#include "hw/southbridge/piix.h"
+#include "hw/irq.h"
+#include "hw/isa/isa.h"
+#include "hw/xen/xen.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/reset.h"
+#include "sysemu/runstate.h"
+#include "migration/vmstate.h"
+
+#define XEN_PIIX_NUM_PIRQS  128ULL
+
+#define TYPE_PIIX3_PCI_DEVICE "pci-piix3"
+#define PIIX3_PCI_DEVICE(obj) \
+OBJECT_CHECK(PIIX3State, (obj), TYPE_PIIX3_PCI_DEVICE)
+
+#define TYPE_PIIX3_DEVICE "PIIX3"
+#define TYPE_PIIX3_XEN_DEVICE "PIIX3-xen"
+
+static void piix3_set_irq_pic(PIIX3State *piix3, int pic_irq)
+{
+qemu_set_irq(piix3->pic[pic_irq],
+ !!(piix3->pic_levels &
+(((1ULL << PIIX_NUM_PIRQS) - 1) <<
+ (pic_irq * PIIX_NUM_PIRQS;
+}
+
+static void piix3_set_irq_level_internal(PIIX3State *piix3, int pirq, int 
level)
+{
+int pic_irq;
+uint64_t mask;
+
+pic_irq = piix3->dev.config[PIIX_PIRQCA + pirq];
+if (pic_irq >= PIIX_NUM_PIC_IRQS) {
+return;
+}
+
+mask = 1ULL << ((pic_irq * PIIX_NUM_PIRQS) + pirq);
+piix3->pic_levels &= ~mask;
+piix3->pic_levels |= mask * !!level;
+}
+
+static void piix3_set_irq_level(PIIX3State *piix3, int pirq, int level)
+{
+int pic_irq;
+
+pic_irq = piix3->dev.config[PIIX_PIRQCA + pirq];
+if (pic_irq >= PIIX_NUM_PIC_IRQS) {
+