[PATCH] i386/cpu: Expand MAX_FIXED_COUNTERS from 3 to 4 to for Icelake

[Like Xu]

In the Intel SDM, "Table 18-2. Association of Fixed-Function
Performance Counters with Architectural Performance Events",
we may have a new fixed counter 'TOPDOWN.SLOTS' (since Icelake),
which counts the number of available slots for an unhalted
logical processor. Check commit 6017608936 in the kernel tree.

Signed-off-by: Like Xu 
---
 target/i386/cpu.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 576f309bbf..ec2b67d425 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1185,7 +1185,7 @@ typedef struct {
 #define CPU_NB_REGS CPU_NB_REGS32
 #endif
 
-#define MAX_FIXED_COUNTERS 3
+#define MAX_FIXED_COUNTERS 4
 #define MAX_GP_COUNTERS(MSR_IA32_PERF_STATUS - MSR_P6_EVNTSEL0)
 
 #define TARGET_INSN_START_EXTRA_WORDS 1
-- 
2.21.1

Re: [PATCH] hw/net/i82596: Correct command bitmask (CID 1419392)

[Jason Wang]

On 2020/3/13 下午7:01, Peter Maydell wrote:

On Fri, 14 Feb 2020 at 00:48, Philippe Mathieu-Daudé  wrote:

The command is 32-bit, but we are loading the 16 upper bits with
the 'get_uint16(s->scb + 2)' call.

Once shifted by 16, the command bits match the status bits:

- Command
   Bit 31 ACK-CX   Acknowledges that the CU completed an Action Command.
   Bit 30 ACK-FR   Acknowledges that the RU received a frame.
   Bit 29 ACK-CNA  Acknowledges that the Command Unit became not active.
   Bit 28 ACK-RNR  Acknowledges that the Receive Unit became not ready.

- Status
   Bit 15 CX   The CU finished executing a command with its I(interrupt) 
bit set.
   Bit 14 FR   The RU finished receiving a frame.
   Bit 13 CNA  The Command Unit left the Active state.
   Bit 12 RNR  The Receive Unit left the Ready state.

Add the SCB_COMMAND_ACK_MASK definition to simplify the code.

This fixes Coverity 1419392 (CONSTANT_EXPRESSION_RESULT):

   /hw/net/i82596.c: 352 in examine_scb()
   346 cuc = (command >> 8) & 0x7;
   347 ruc = (command >> 4) & 0x7;
   348 DBG(printf("MAIN COMMAND %04x  cuc %02x ruc %02x\n", command, 
cuc, ruc));
   349 /* and clear the scb command word */
   350 set_uint16(s->scb + 2, 0);
   351
   >>> CID 1419392:(CONSTANT_EXPRESSION_RESULT)
   >>> "command & (2147483648UL /* 1UL << 31 */)" is always 0 regardless of the 
values of its operands. This occurs as the logical operand of "if".
   352 if (command & BIT(31))  /* ACK-CX */
   353 s->scb_status &= ~SCB_STATUS_CX;
   >>> CID 1419392:(CONSTANT_EXPRESSION_RESULT)
   >>> "command & (1073741824UL /* 1UL << 30 */)" is always 0 regardless of the 
values of its operands. This occurs as the logical operand of "if".
   354 if (command & BIT(30))  /*ACK-FR */
   355 s->scb_status &= ~SCB_STATUS_FR;
   >>> CID 1419392:(CONSTANT_EXPRESSION_RESULT)
   >>> "command & (536870912UL /* 1UL << 29 */)" is always 0 regardless of the values 
of its operands. This occurs as the logical operand of "if".
   356 if (command & BIT(29))  /*ACK-CNA */
   357 s->scb_status &= ~SCB_STATUS_CNA;
   >>> CID 1419392:(CONSTANT_EXPRESSION_RESULT)
   >>> "command & (268435456UL /* 1UL << 28 */)" is always 0 regardless of the values 
of its operands. This occurs as the logical operand of "if".
   358 if (command & BIT(28))  /*ACK-RNR */
   359 s->scb_status &= ~SCB_STATUS_RNR;

Fixes: Covertiy CID 1419392 (commit 376b851909)

("Coverity")


Signed-off-by: Philippe Mathieu-Daudé 

Reviewed-by: Peter Maydell 

Jason, are you planning to pick this one up?



Yes. queued.

Thanks



thanks
-- PMM

[PATCH v3 2/2] target/ppc: Add support for scv and rfscv instructions

[Nicholas Piggin]

POWER9 adds scv and rfscv instructions and the system call vectored
interrupt. Linux does not support this instruction yet but it has
been tested with a modified kernel that runs on real hardware.

Signed-off-by: Nicholas Piggin 
---
Since v2:
- Rebased on top of FWNMI series

 linux-user/ppc/cpu_loop.c   |  1 +
 target/ppc/cpu.h|  7 ++-
 target/ppc/excp_helper.c| 98 -
 target/ppc/helper.h |  1 +
 target/ppc/translate.c  | 46 +++-
 target/ppc/translate_init.inc.c |  3 +-
 6 files changed, 126 insertions(+), 30 deletions(-)

diff --git a/linux-user/ppc/cpu_loop.c b/linux-user/ppc/cpu_loop.c
index 5b27f8603e..df71e15a25 100644
--- a/linux-user/ppc/cpu_loop.c
+++ b/linux-user/ppc/cpu_loop.c
@@ -267,6 +267,7 @@ void cpu_loop(CPUPPCState *env)
 queue_signal(env, info.si_signo, QEMU_SI_FAULT, );
 break;
 case POWERPC_EXCP_SYSCALL:  /* System call exception */
+case POWERPC_EXCP_SYSCALL_VECTORED:
 cpu_abort(cs, "Syscall exception while in user mode. "
   "Aborting\n");
 break;
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index ed8d2015bd..992f0a49e8 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -127,8 +127,9 @@ enum {
 POWERPC_EXCP_SDOOR_HV = 100,
 /* ISA 3.00 additions */
 POWERPC_EXCP_HVIRT= 101,
+POWERPC_EXCP_SYSCALL_VECTORED = 102, /* scv exception 
*/
 /* EOL   */
-POWERPC_EXCP_NB   = 102,
+POWERPC_EXCP_NB   = 103,
 /* QEMU exceptions: used internally during code translation  */
 POWERPC_EXCP_STOP = 0x200, /* stop translation   */
 POWERPC_EXCP_BRANCH   = 0x201, /* branch instruction */
@@ -475,6 +476,7 @@ typedef struct ppc_v3_pate_t {
 /* Facility Status and Control (FSCR) bits */
 #define FSCR_EBB(63 - 56) /* Event-Based Branch Facility */
 #define FSCR_TAR(63 - 55) /* Target Address Register */
+#define FSCR_SCV(63 - 51) /* System call vectored */
 /* Interrupt cause mask and position in FSCR. HFSCR has the same format */
 #define FSCR_IC_MASK(0xFFULL)
 #define FSCR_IC_POS (63 - 7)
@@ -484,6 +486,7 @@ typedef struct ppc_v3_pate_t {
 #define FSCR_IC_TM  5
 #define FSCR_IC_EBB 7
 #define FSCR_IC_TAR 8
+#define FSCR_IC_SCV12
 
 /* Exception state register bits definition  */
 #define ESR_PIL   PPC_BIT(36) /* Illegal Instruction*/
@@ -551,6 +554,8 @@ enum {
 POWERPC_FLAG_VSX  = 0x0008,
 /* Has Transaction Memory (ISA 2.07) */
 POWERPC_FLAG_TM   = 0x0010,
+/* Has SCV (ISA 3.00)*/
+POWERPC_FLAG_SCV  = 0x0020,
 };
 
 /*/
diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 81ee19ebae..73b5c28d03 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -67,6 +67,18 @@ static inline void dump_syscall(CPUPPCState *env)
   ppc_dump_gpr(env, 8), env->nip);
 }
 
+static inline void dump_syscall_vectored(CPUPPCState *env)
+{
+qemu_log_mask(CPU_LOG_INT, "syscall r0=%016" PRIx64
+  " r3=%016" PRIx64 " r4=%016" PRIx64 " r5=%016" PRIx64
+  " r6=%016" PRIx64 " r7=%016" PRIx64 " r8=%016" PRIx64
+  " nip=" TARGET_FMT_lx "\n",
+  ppc_dump_gpr(env, 0), ppc_dump_gpr(env, 3),
+  ppc_dump_gpr(env, 4), ppc_dump_gpr(env, 5),
+  ppc_dump_gpr(env, 6), ppc_dump_gpr(env, 7),
+  ppc_dump_gpr(env, 8), env->nip);
+}
+
 static inline void dump_hcall(CPUPPCState *env)
 {
 qemu_log_mask(CPU_LOG_INT, "hypercall r3=%016" PRIx64
@@ -185,7 +197,7 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 CPUState *cs = CPU(cpu);
 CPUPPCState *env = >env;
 target_ulong msr, new_msr, vector;
-int srr0, srr1, asrr0, asrr1, lev, ail;
+int srr0, srr1, asrr0, asrr1, lev = -1, ail;
 bool lpes0;
 
 qemu_log_mask(CPU_LOG_INT, "Raise exception at " TARGET_FMT_lx
@@ -421,6 +433,13 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 new_msr |= (target_ulong)MSR_HVB;
 }
 break;
+case POWERPC_EXCP_SYSCALL_VECTORED: /* scv exception */
+lev = env->error_code;
+dump_syscall_vectored(env);
+env->nip += 4;
+new_msr |= env->msr & ((target_ulong)1 << MSR_EE);
+new_msr |= env->msr & ((target_ulong)1 << MSR_RI);
+break;
 case POWERPC_EXCP_FPU:   /* Floating-point unavailable exception */
 case 

Re: [PATCH v3 2/2] net: tulip: add .can_recieve routine

[Jason Wang]

On 2020/3/17 上午2:01, P J P wrote:

   Hello Stefan, Jason,

+-- On Fri, 6 Mar 2020, Stefan Hajnoczi wrote --+
| > +static int
| > +tulip_can_receive(NetClientState *nc)
| > +{
| > +TULIPState *s = qemu_get_nic_opaque(nc);
| > +
| > +if (s->rx_frame_len || tulip_rx_stopped(s)) {
| > +return false;
| > +}
| > +
| > +return true;
| > +}
|
| Are the required qemu_flush_queued_packets() calls in place so that
| packet transfer wakes up again when .can_receive() transitions from
| false to true?

   Yes, qemu_flush_queued_packets() calls are in tulip_write(). Do we need to
call tulip_can_receive() before each call?



Probably not, just need to make sure the check in tulip_rx_stopped(s) 
matches the action that triggers qemu_flush_queued_packets() in 
tulip_write() is sufficient.


This to make sure net core can restore the receiving.

Btw, what's the point of checking rx_frame_len here?

Thanks




Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

[PATCH v3 1/2] target/ppc: Improve syscall exception logging

[Nicholas Piggin]

system calls (at least in Linux) use registers r3-r8 for inputs, so
include those registers in the dump.

This also adds a mode for PAPR hcalls, which have a different calling
convention.

Signed-off-by: Nicholas Piggin 
---
Since v2:
- Rebased on top of FWNMI series

 target/ppc/excp_helper.c | 30 ++
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index 08bc885ca6..81ee19ebae 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -57,12 +57,29 @@ static void ppc_hw_interrupt(CPUPPCState *env)
 #else /* defined(CONFIG_USER_ONLY) */
 static inline void dump_syscall(CPUPPCState *env)
 {
-qemu_log_mask(CPU_LOG_INT, "syscall r0=%016" PRIx64 " r3=%016" PRIx64
-  " r4=%016" PRIx64 " r5=%016" PRIx64 " r6=%016" PRIx64
+qemu_log_mask(CPU_LOG_INT, "syscall r0=%016" PRIx64
+  " r3=%016" PRIx64 " r4=%016" PRIx64 " r5=%016" PRIx64
+  " r6=%016" PRIx64 " r7=%016" PRIx64 " r8=%016" PRIx64
   " nip=" TARGET_FMT_lx "\n",
   ppc_dump_gpr(env, 0), ppc_dump_gpr(env, 3),
   ppc_dump_gpr(env, 4), ppc_dump_gpr(env, 5),
-  ppc_dump_gpr(env, 6), env->nip);
+  ppc_dump_gpr(env, 6), ppc_dump_gpr(env, 7),
+  ppc_dump_gpr(env, 8), env->nip);
+}
+
+static inline void dump_hcall(CPUPPCState *env)
+{
+qemu_log_mask(CPU_LOG_INT, "hypercall r3=%016" PRIx64
+ " r4=%016" PRIx64 " r5=%016" PRIx64 " r6=%016" PRIx64
+ " r7=%016" PRIx64 " r8=%016" PRIx64 " r9=%016" PRIx64
+ " r10=%016" PRIx64 " r11=%016" PRIx64 " r12=%016" PRIx64
+  " nip=" TARGET_FMT_lx "\n",
+  ppc_dump_gpr(env, 3), ppc_dump_gpr(env, 4),
+ ppc_dump_gpr(env, 5), ppc_dump_gpr(env, 6),
+ ppc_dump_gpr(env, 7), ppc_dump_gpr(env, 8),
+ ppc_dump_gpr(env, 9), ppc_dump_gpr(env, 10),
+ ppc_dump_gpr(env, 11), ppc_dump_gpr(env, 12),
+ env->nip);
 }
 
 static int powerpc_reset_wakeup(CPUState *cs, CPUPPCState *env, int excp,
@@ -379,9 +396,14 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int 
excp_model, int excp)
 }
 break;
 case POWERPC_EXCP_SYSCALL:   /* System call exception*/
-dump_syscall(env);
 lev = env->error_code;
 
+if ((lev == 1) && cpu->vhyp) {
+dump_hcall(env);
+} else {
+dump_syscall(env);
+}
+
 /*
  * We need to correct the NIP which in this case is supposed
  * to point to the next instruction
-- 
2.23.0

Re: [PATCH v4 6/6] virtio-net: add migration support for RSS and hash report

[Yuri Benditovich]

On Tue, Mar 17, 2020 at 1:05 AM Michael S. Tsirkin  wrote:

> On Mon, Mar 16, 2020 at 12:09:33PM +0200, Yuri Benditovich wrote:
> > Save and restore RSS/hash report configuration.
> >
> > Signed-off-by: Yuri Benditovich 
> > ---
> >  hw/net/virtio-net.c | 26 ++
> >  1 file changed, 26 insertions(+)
> >
> > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> > index a0614ad4e6..f343762a0f 100644
> > --- a/hw/net/virtio-net.c
> > +++ b/hw/net/virtio-net.c
> > @@ -2842,6 +2842,13 @@ static int virtio_net_post_load_device(void
> *opaque, int version_id)
> >  }
> >  }
> >
> > +if (n->rss_data.enabled) {
> > +trace_virtio_net_rss_enable(n->rss_data.hash_types,
> > +n->rss_data.indirections_len,
> > +sizeof(n->rss_data.key));
> > +} else {
> > +trace_virtio_net_rss_disable();
> > +}
> >  return 0;
> >  }
> >
> > @@ -3019,6 +3026,24 @@ static const VMStateDescription
> vmstate_virtio_net_has_vnet = {
> >  },
> >  };
> >
> > +static const VMStateDescription vmstate_rss = {
> > +.name  = "vmstate_rss",
> > +.fields = (VMStateField[]) {
> > +VMSTATE_BOOL(enabled, VirtioNetRssData),
> > +VMSTATE_BOOL(redirect, VirtioNetRssData),
> > +VMSTATE_BOOL(populate_hash, VirtioNetRssData),
> > +VMSTATE_UINT32(hash_types, VirtioNetRssData),
> > +VMSTATE_UINT32(indirections_len, VirtioNetRssData),
>
>
> Why is this UINT32? Shouldn't it be UINT16?
>

It is UINT32 in the _internal_ structure to use VMSTATE_VARRAY_UINT32_ALLOC.
Otherwise I need to invent additional macro for the same operation with
UINT16 length.


>
> > +VMSTATE_UINT16(default_queue, VirtioNetRssData),
> > +VMSTATE_UINT8_ARRAY(key, VirtioNetRssData,
> > +VIRTIO_NET_RSS_MAX_KEY_SIZE),
> > +VMSTATE_VARRAY_UINT32_ALLOC(indirections_table,
> VirtioNetRssData,
> > +indirections_len, 0,
> > +vmstate_info_uint16, uint16_t),
> > +VMSTATE_END_OF_LIST()
> > +},
> > +};
> > +
> >  static const VMStateDescription vmstate_virtio_net_device = {
> >  .name = "virtio-net-device",
> >  .version_id = VIRTIO_NET_VM_VERSION,
> > @@ -3067,6 +3092,7 @@ static const VMStateDescription
> vmstate_virtio_net_device = {
> >   vmstate_virtio_net_tx_waiting),
> >  VMSTATE_UINT64_TEST(curr_guest_offloads, VirtIONet,
> >  has_ctrl_guest_offloads),
> > +VMSTATE_STRUCT(rss_data, VirtIONet, 1, vmstate_rss,
> VirtioNetRssData),
> >  VMSTATE_END_OF_LIST()
> > },
> >  };
> > --
> > 2.17.1
>
>

Re: [PATCH v3 12/34] qapi: Add feature flags to remaining definitions

[Markus Armbruster]

Eric Blake  writes:

> On 3/15/20 9:46 AM, Markus Armbruster wrote:
>> In v4.1.0, we added feature flags just to struct types (commit
>> 6a8c0b5102^..f3ed93d545), to satisfy an immediate need (commit
>> c9d4070991 "file-posix: Add dynamic-auto-read-only QAPI feature").  In
>> v4.2.0, we added them to commands (commit 23394b4c39 "qapi: Add
>> feature flags to commands") to satisfy another immediate need (commit
>> d76744e65e "qapi: Allow introspecting fix for savevm's cooperation
>> with blockdev").
>>
>> Add them to the remaining definitions: enumeration types, union types,
>> alternate types, and events.
>>
>> Signed-off-by: Markus Armbruster 
>> ---
>
>
>> +++ b/qapi/introspect.json
>> @@ -89,12 +89,18 @@
>>   #
>>   # @meta-type: the entity's meta type, inherited from @base.
>>   #
>> +# @features: names of features associated with the entity, in no
>> +#particular order.
>> +#(since 4.1 for object types, 4.2 for commands, 5.0 for
>> +#the rest)
>
> Odd versioning hint, but accurate, and I don't see any way to improve it.
>
>> +#
>>   # Additional members depend on the value of @meta-type.
>>   #
>>   # Since: 2.5
>>   ##
>>   { 'union': 'SchemaInfo',
>> -  'base': { 'name': 'str', 'meta-type': 'SchemaMetaType' },
>> +  'base': { 'name': 'str', 'meta-type': 'SchemaMetaType',
>> +'*features': [ 'str' ] },
>> 'discriminator': 'meta-type',
>> 'data': {
>> 'builtin': 'SchemaInfoBuiltin',
>> @@ -174,9 +180,6 @@
>>   #and may even differ from the order of the values of the
>>   #enum type of the @tag.
>>   #
>> -# @features: names of features associated with the type, in no particular
>> -#order. (since: 4.1)
>> -#
>>   # Values of this type are JSON object on the wire.
>>   #
>>   # Since: 2.5
>> @@ -184,8 +187,7 @@
>>   { 'struct': 'SchemaInfoObject',
>> 'data': { 'members': [ 'SchemaInfoObjectMember' ],
>>   '*tag': 'str',
>> -'*variants': [ 'SchemaInfoObjectVariant' ],
>> -'*features': [ 'str' ] } }
>> +'*variants': [ 'SchemaInfoObjectVariant' ] } }
>
> The code motion from use in some of the union branches to now being
> present in the base class of all of the branches is
> backwards-compatible.
>
> The generator changes also look correct, and have enough testsuite
> coverage to make it easier to be confident about the patch.
>
> Reviewed-by: Eric Blake 
>
>
>> +++ b/tests/qapi-schema/doc-good.json
>> @@ -53,10 +53,14 @@
>>   # @Enum:
>>   # @one: The _one_ {and only}
>>   #
>> +# Features:
>> +# @enum-feat: Also _one_ {and only}
   +#
# @two is undocumented
##
{ 'enum': 'Enum', 'data':
  [ { 'name': 'one', 'if': 'defined(IFONE)' }, 'two' ],
   +  'features': [ 'enum-feat' ],
  'if': 'defined(IFCOND)' }

>
> All our existing public features are a single word (matching naming
> conventions elsewhere in QAPI).  Are we sure we want to allow feature
> names that include whitespace?  Of course, the fact that our testsuite
> covers it (even if we don't use it publically) means that we are sure
> that our generator can handle it, regardless of whether we decide that
> a separate patch should restrict feature names.  But I don't see it
> holding up this patch.

We definitely do not want to exempt feature names from the QAPI naming
rules.

The code enforces this.  If I change '-' to ' ' in 'features': [
'enum-feat' ], I get

doc-good.json:61: 'features' member 'enum feat' has an invalid name

Thanks!

Re: [PATCH v3 28/34] qapi: Implement deprecated-output=hide for QMP command results

[Markus Armbruster]

Marc-André Lureau  writes:

> Hi
>
> On Sun, Mar 15, 2020 at 4:11 PM Markus Armbruster  wrote:
>>
>> This policy suppresses deprecated bits in output, and thus permits
>> "testing the future".  Implement it for QMP command results.  Example:
>> when QEMU is run with -compat deprecated-output=hide, then
>>
>> {"execute": "query-cpus-fast"}
>>
>> yields
>>
>> {"return": [{"thread-id": 9805, "props": {"core-id": 0, "thread-id": 0, 
>> "socket-id": 0}, "qom-path": "/machine/unattached/device[0]", "cpu-index": 
>> 0, "target": "x86_64"}]}
>>
>> instead of
>>
>> {"return": [{"arch": "x86", "thread-id": 22436, "props": {"core-id": 0, 
>> "thread-id": 0, "socket-id": 0}, "qom-path": 
>> "/machine/unattached/device[0]", "cpu-index": 0, "target": "x86_64"}]}
>>
>> Note the suppression of deprecated member "arch".
>>
>> Signed-off-by: Markus Armbruster 
>> ---
>>  include/qapi/qobject-output-visitor.h   |  9 ++
>>  include/qapi/visitor-impl.h |  3 ++
>>  include/qapi/visitor.h  |  9 ++
>>  qapi/qapi-visit-core.c  |  9 ++
>>  qapi/qobject-output-visitor.c   | 19 +++
>>  tests/test-qmp-cmds.c   | 42 ++---
>>  qapi/trace-events   |  1 +
>>  scripts/qapi/commands.py|  2 +-
>>  scripts/qapi/visit.py   | 12 +++
>>  tests/qapi-schema/qapi-schema-test.json | 17 +-
>>  tests/qapi-schema/qapi-schema-test.out  | 18 +--
>>  11 files changed, 118 insertions(+), 23 deletions(-)
>>
>> diff --git a/include/qapi/qobject-output-visitor.h 
>> b/include/qapi/qobject-output-visitor.h
>> index 2b1726baf5..29f4ea6aad 100644
>> --- a/include/qapi/qobject-output-visitor.h
>> +++ b/include/qapi/qobject-output-visitor.h
>> @@ -53,4 +53,13 @@ typedef struct QObjectOutputVisitor QObjectOutputVisitor;
>>   */
>>  Visitor *qobject_output_visitor_new(QObject **result);
>>
>> +/*
>> + * Create a QObject output visitor for @obj for use with QMP
>> + *
>> + * This is like qobject_output_visitor_new(), except it obeys the
>> + * policy for handling deprecated management interfaces set with
>> + * -compat.
>> + */
>> +Visitor *qobject_output_visitor_new_qmp(QObject **result);
>> +
>>  #endif
>> diff --git a/include/qapi/visitor-impl.h b/include/qapi/visitor-impl.h
>> index 8ccb3b6c20..a6b26b7a5b 100644
>> --- a/include/qapi/visitor-impl.h
>> +++ b/include/qapi/visitor-impl.h
>> @@ -110,6 +110,9 @@ struct Visitor
>> The core takes care of the return type in the public interface. */
>>  void (*optional)(Visitor *v, const char *name, bool *present);
>>
>> +/* Optional */
>> +bool (*deprecated)(Visitor *v, const char *name);
>> +
>>  /* Must be set */
>>  VisitorType type;
>>
>> diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h
>> index c5b23851a1..c89d51b2a4 100644
>> --- a/include/qapi/visitor.h
>> +++ b/include/qapi/visitor.h
>> @@ -449,6 +449,15 @@ void visit_end_alternate(Visitor *v, void **obj);
>>   */
>>  bool visit_optional(Visitor *v, const char *name, bool *present);
>>
>> +/*
>> + * Should we visit deprecated member @name?
>> + *
>> + * @name must not be NULL.  This function is only useful between
>> + * visit_start_struct() and visit_end_struct(), since only objects
>> + * have deprecated members.
>> + */
>> +bool visit_deprecated(Visitor *v, const char *name);
>> +
>>  /*
>>   * Visit an enum value.
>>   *
>> diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
>> index 5365561b07..501b3ccdef 100644
>> --- a/qapi/qapi-visit-core.c
>> +++ b/qapi/qapi-visit-core.c
>> @@ -137,6 +137,15 @@ bool visit_optional(Visitor *v, const char *name, bool 
>> *present)
>>  return *present;
>>  }
>>
>> +bool visit_deprecated(Visitor *v, const char *name)
>> +{
>> +trace_visit_deprecated(v, name);
>> +if (v->deprecated) {
>> +return v->deprecated(v, name);
>> +}
>> +return true;
>> +}
>> +
>>  bool visit_is_input(Visitor *v)
>>  {
>>  return v->type == VISITOR_INPUT;
>> diff --git a/qapi/qobject-output-visitor.c b/qapi/qobject-output-visitor.c
>> index 26d7be5ec9..84cee17596 100644
>> --- a/qapi/qobject-output-visitor.c
>> +++ b/qapi/qobject-output-visitor.c
>> @@ -13,6 +13,7 @@
>>   */
>>
>>  #include "qemu/osdep.h"
>> +#include "qapi/compat-policy.h"
>>  #include "qapi/qobject-output-visitor.h"
>>  #include "qapi/visitor-impl.h"
>>  #include "qemu/queue.h"
>> @@ -31,6 +32,8 @@ typedef struct QStackEntry {
>>
>>  struct QObjectOutputVisitor {
>>  Visitor visitor;
>> +CompatPolicyOutput deprecated_policy;
>> +
>>  QSLIST_HEAD(, QStackEntry) stack; /* Stack of unfinished containers */
>>  QObject *root; /* Root of the output visit */
>>  QObject **result; /* User's storage location for result */
>> @@ -198,6 +201,13 @@ static void qobject_output_type_null(Visitor *v, const 
>> char *name,
>>  qobject_output_add(qov, name, qnull());
>>  }
>>
>> +static bool 

Re: [PATCH v3 05/34] tests/test-qmp-cmds: Factor out qmp_dispatch() test helpers

[Markus Armbruster]

Marc-André Lureau  writes:

> Hi
>
> On Sun, Mar 15, 2020 at 3:48 PM Markus Armbruster  wrote:
>>
>> Checking the value of qmp_dispatch() is repetitive.  Factor out
>> helpers do_qmp_dispatch() and do_qmp_dispatch_error().  Without this,
>> the next commit would make things even more repetitive.
>>
>> Signed-off-by: Markus Armbruster 
>> ---
>>  tests/test-qmp-cmds.c | 72 +--
>>  1 file changed, 35 insertions(+), 37 deletions(-)
>
> ASAN is unhappy:
>
> =
> ==1870336==ERROR: LeakSanitizer: detected memory leaks
>
> Indirect leak of 4120 byte(s) in 1 object(s) allocated from:
> #0 0x7fcdc9b8be56 in __interceptor_calloc (/lib64/libasan.so.5+0x10de56)
> #1 0x7fcdc998e3b0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x573b0)
> #2 0x560213f56dbb in test_dispatch_cmd_io
> /home/elmarco/src/qemu/tests/test-qmp-cmds.c:238
> #3 0x7fcdc99b0a8d  (/lib64/libglib-2.0.so.0+0x79a8d)
[...]

Thanks!

Fixup to be squashed in here, with revert to be squashed into PATCH 07:

diff --git a/tests/test-qmp-cmds.c b/tests/test-qmp-cmds.c
index fb18475c7e..b31064b064 100644
--- a/tests/test-qmp-cmds.c
+++ b/tests/test-qmp-cmds.c
@@ -279,8 +279,6 @@ static void test_dispatch_cmd_io(void)
 g_assert(qnum_get_try_int(ret3, ));
 g_assert_cmpint(val, ==, 66);
 qobject_unref(ret3);
-
-qobject_unref(req);
 }
 
 /* test generated dealloc functions for generated types */

Re: [PATCH v3 30/34] qapi: Implement deprecated-output=hide for QMP event data

[Markus Armbruster]

Markus Armbruster  writes:

> This policy suppresses deprecated bits in output, and thus permits
> "testing the future".  Implement it for QMP event data: suppress
> deprecated members.
>
> No QMP event data is deprecated right now.
>
> Signed-off-by: Markus Armbruster 

Needs a fixup:

diff --git a/tests/test-qmp-event.c b/tests/test-qmp-event.c
index be5a2433d0..8f77485454 100644
--- a/tests/test-qmp-event.c
+++ b/tests/test-qmp-event.c
@@ -167,6 +167,8 @@ static void test_event_deprecated_data(TestEventData *data, 
const void *unused)
 qapi_event_send_test_event_features0(42);
 g_assert(data->emitted);
 
+qobject_unref(data->expect);
+
 compat_policy.deprecated_output = COMPAT_POLICY_OUTPUT_HIDE;
 data->expect = qdict_from_jsonf_nofail("{ 'event': 'TEST-EVENT-FEATURES0' 
}");
 qapi_event_send_test_event_features0(42);
diff --git a/scripts/qapi/events.py b/scripts/qapi/events.py
index 78fa60aa8e..f03c825cc1 100644
--- a/scripts/qapi/events.py
+++ b/scripts/qapi/events.py
@@ -125,6 +125,8 @@ def gen_event_send(name, arg_type, features, boxed,
 visit_complete(v, );
 if (qdict_size(qobject_to(QDict, obj))) {
 qdict_put_obj(qmp, "data", obj);
+} else {
+qobject_unref(obj);
 }
 ''')
 

[PATCH 5/5] target/ppc: Implement simple monitor mce injection

[Nicholas Piggin]

This enables the mce monitor command for ppc, and adds a spapr
facility to inject machine check exception to a CPU by setting
low level registers.

  (qemu) mce 0 0x20 0x80 0xdeadbeef 1

Disabling lock debugging due to kernel taint
MCE: CPU0: machine check (Severe) Host SLB Multihit [Recovered]
MCE: CPU0: PID: 495 Comm: a NIP: [000130ee07c8]
MCE: CPU0: Initiator CPU
MCE: CPU0: Unknown

Signed-off-by: Nicholas Piggin 
---
 hmp-commands.hx| 20 +++-
 hw/ppc/spapr.c | 42 ++
 include/hw/ppc/spapr.h |  3 +++
 target/ppc/cpu.h   |  3 +++
 target/ppc/monitor.c   | 26 ++
 5 files changed, 93 insertions(+), 1 deletion(-)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index 7f0f3974ad..4a9089b431 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1581,12 +1581,30 @@ ERST
 .cmd= hmp_mce,
 },
 
-#endif
 SRST
 ``mce`` *cpu* *bank* *status* *mcgstatus* *addr* *misc*
   Inject an MCE on the given CPU (x86 only).
 ERST
 
+#endif
+
+#if defined(TARGET_PPC)
+
+{
+.name   = "mce",
+.args_type  = "cpu_index:i,srr1_mask:l,dsisr:i,dar:l,recovered:i",
+.params = "cpu srr1_mask dsisr dar recovered",
+.help   = "inject a MCE on the given CPU",
+.cmd= hmp_mce,
+},
+
+SRST
+``mce`` *cpu* *srr1_mask* *dsisr* *dar* *recovered*
+  Inject an MCE on the given CPU (PPC only).
+ERST
+
+#endif
+
 {
 .name   = "getfd",
 .args_type  = "fdname:s",
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 78e649f47d..d83245c438 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -3454,6 +3454,47 @@ static void spapr_nmi(NMIState *n, int cpu_index, Error 
**errp)
 }
 }
 
+typedef struct MCEInjectionParams {
+uint64_t srr1_mask;
+uint32_t dsisr;
+uint64_t dar;
+bool recovered;
+} MCEInjectionParams;
+
+static void spapr_do_mce_on_cpu(CPUState *cs, run_on_cpu_data data)
+{
+MCEInjectionParams *params = data.host_ptr;
+PowerPCCPU *cpu = POWERPC_CPU(cs);
+CPUPPCState *env = >env;
+uint64_t srr1_mce_bits = PPC_BITMASK(42,45) | PPC_BIT(36); /* POWER9 bits 
*/
+
+cpu_synchronize_state(cs);
+
+env->spr[SPR_SRR0] = env->nip;
+env->spr[SPR_SRR1] = (env->msr & ~srr1_mce_bits) |
+ (params->srr1_mask & srr1_mce_bits);
+if (params->dsisr) {
+env->spr[SPR_DSISR] = params->dsisr;
+env->spr[SPR_DAR] = params->dar;
+}
+
+spapr_mce_req_event(cpu, params->recovered);
+}
+
+static void spapr_cpu_mce_inject(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu,
+ uint64_t srr1_mask, uint32_t dsisr,
+ uint64_t dar, bool recovered)
+{
+CPUState *cs = CPU(cpu);
+MCEInjectionParams params = {
+.srr1_mask = srr1_mask,
+.dsisr = dsisr,
+.dar = dar,
+.recovered = recovered,
+};
+run_on_cpu(cs, spapr_do_mce_on_cpu, RUN_ON_CPU_HOST_PTR());
+}
+
 int spapr_lmb_dt_populate(SpaprDrc *drc, SpaprMachineState *spapr,
   void *fdt, int *fdt_start_offset, Error **errp)
 {
@@ -4556,6 +4597,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
void *data)
 vhc->encode_hpt_for_kvm_pr = spapr_encode_hpt_for_kvm_pr;
 vhc->cpu_exec_enter = spapr_cpu_exec_enter;
 vhc->cpu_exec_exit = spapr_cpu_exec_exit;
+vhc->cpu_mce_inject = spapr_cpu_mce_inject;
 xic->ics_get = spapr_ics_get;
 xic->ics_resend = spapr_ics_resend;
 xic->icp_get = spapr_icp_get;
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
index 42d64a0368..72f86a2ee8 100644
--- a/include/hw/ppc/spapr.h
+++ b/include/hw/ppc/spapr.h
@@ -929,4 +929,7 @@ void spapr_check_pagesize(SpaprMachineState *spapr, hwaddr 
pagesize,
 
 void spapr_set_all_lpcrs(target_ulong value, target_ulong mask);
 hwaddr spapr_get_rtas_addr(void);
+
+void spapr_mce_inject(CPUState *cs, uint64_t srr1_mask, uint32_t dsisr,
+  uint64_t dar, bool recovered);
 #endif /* HW_SPAPR_H */
diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
index f8c7d6f19c..ed8d2015bd 100644
--- a/target/ppc/cpu.h
+++ b/target/ppc/cpu.h
@@ -1189,6 +1189,9 @@ struct PPCVirtualHypervisorClass {
 #ifndef CONFIG_USER_ONLY
 void (*cpu_exec_enter)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu);
 void (*cpu_exec_exit)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu);
+void (*cpu_mce_inject)(PPCVirtualHypervisor *vhyp, PowerPCCPU *cpu,
+   uint64_t srr1_mask, uint32_t dsisr, uint64_t dar,
+   bool recovered);
 #endif
 };
 
diff --git a/target/ppc/monitor.c b/target/ppc/monitor.c
index a5a177d717..ec997ce673 100644
--- a/target/ppc/monitor.c
+++ b/target/ppc/monitor.c
@@ -28,6 +28,7 @@
 #include "qemu/ctype.h"
 #include "monitor/hmp-target.h"
 #include "monitor/hmp.h"
+#include "qapi/qmp/qdict.h"
 
 static target_long 

[PATCH 4/5] ppc/spapr: Don't kill the guest if a recovered FWNMI machine check delivery fails

[Nicholas Piggin]

Try to be tolerant of errors if the machine check had been recovered
by the host.

Signed-off-by: Nicholas Piggin 
---
 hw/ppc/spapr_events.c | 25 ++---
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index d35151eeb0..3f524cb0ca 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -807,13 +807,20 @@ static void spapr_mce_dispatch_elog(PowerPCCPU *cpu, bool 
recovered)
 /* get rtas addr from fdt */
 rtas_addr = spapr_get_rtas_addr();
 if (!rtas_addr) {
-warn_report("FWNMI: Unable to deliver machine check to guest: "
-"rtas_addr not found.");
-qemu_system_guest_panicked(NULL);
+if (!recovered) {
+warn_report("FWNMI: Unable to deliver machine check to guest: "
+"rtas_addr not found.");
+qemu_system_guest_panicked(NULL);
+} else {
+warn_report("FWNMI: Unable to deliver machine check to guest: "
+"rtas_addr not found. Machine check recovered.");
+}
 g_free(ext_elog);
 return;
 }
 
+spapr->fwnmi_machine_check_interlock = cpu->vcpu_id;
+
 stq_be_phys(_space_memory, rtas_addr + RTAS_ERROR_LOG_OFFSET,
 env->gpr[3]);
 cpu_physical_memory_write(rtas_addr + RTAS_ERROR_LOG_OFFSET +
@@ -850,9 +857,14 @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
  * that CPU called "ibm,nmi-interlock")
  */
 if (spapr->fwnmi_machine_check_interlock == cpu->vcpu_id) {
-warn_report("FWNMI: Unable to deliver machine check to guest: "
-"nested machine check.");
-qemu_system_guest_panicked(NULL);
+if (!recovered) {
+warn_report("FWNMI: Unable to deliver machine check to guest: "
+"nested machine check.");
+qemu_system_guest_panicked(NULL);
+} else {
+warn_report("FWNMI: Unable to deliver machine check to guest: "
+"nested machine check. Machine check recovered.");
+}
 return;
 }
 qemu_cond_wait_iothread(>fwnmi_machine_check_interlock_cond);
@@ -880,7 +892,6 @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
 warn_report("Received a fwnmi while migration was in progress");
 }
 
-spapr->fwnmi_machine_check_interlock = cpu->vcpu_id;
 spapr_mce_dispatch_elog(cpu, recovered);
 }
 
-- 
2.23.0

[PATCH 3/5] ppc/spapr: Add FWNMI machine check delivery warnings

[Nicholas Piggin]

Add some messages which explain problems and guest misbehaviour that
may be difficult to diagnose in rare cases of machine checks.

Signed-off-by: Nicholas Piggin 
---
 hw/ppc/spapr_events.c | 4 
 hw/ppc/spapr_rtas.c   | 4 
 2 files changed, 8 insertions(+)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 05337f0671..d35151eeb0 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -807,6 +807,8 @@ static void spapr_mce_dispatch_elog(PowerPCCPU *cpu, bool 
recovered)
 /* get rtas addr from fdt */
 rtas_addr = spapr_get_rtas_addr();
 if (!rtas_addr) {
+warn_report("FWNMI: Unable to deliver machine check to guest: "
+"rtas_addr not found.");
 qemu_system_guest_panicked(NULL);
 g_free(ext_elog);
 return;
@@ -848,6 +850,8 @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
  * that CPU called "ibm,nmi-interlock")
  */
 if (spapr->fwnmi_machine_check_interlock == cpu->vcpu_id) {
+warn_report("FWNMI: Unable to deliver machine check to guest: "
+"nested machine check.");
 qemu_system_guest_panicked(NULL);
 return;
 }
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 29abe66d01..12cd09701c 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -462,6 +462,10 @@ static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
 }
 
 if (spapr->fwnmi_machine_check_addr == -1) {
+qemu_log_mask(LOG_GUEST_ERROR,
+  "FWNMI: ibm,nmi-interlock RTAS called with FWNMI not "
+   "registered.\n");
+
 /* NMI register not called */
 rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
 return;
-- 
2.23.0

[PATCH 2/5] ppc/spapr: Improve FWNMI machine check delivery corner case comments

[Nicholas Piggin]

Some of the conditions are not as clearly documented as they could be.
Also the non-FWNMI case does not need a large comment.

Signed-off-by: Nicholas Piggin 
---
 hw/ppc/spapr_events.c | 19 +++
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
index 323fcef4aa..05337f0671 100644
--- a/hw/ppc/spapr_events.c
+++ b/hw/ppc/spapr_events.c
@@ -834,17 +834,13 @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
 Error *local_err = NULL;
 
 if (spapr->fwnmi_machine_check_addr == -1) {
-/*
- * This implies that we have hit a machine check either when the
- * guest has not registered FWNMI (i.e., "ibm,nmi-register" not
- * called) or between system reset and "ibm,nmi-register".
- * Fall back to the old machine check behavior in such cases.
- */
+/* Non-FWNMI case, deliver it like an architected CPU interrupt. */
 cs->exception_index = POWERPC_EXCP_MCHECK;
 ppc_cpu_do_interrupt(cs);
 return;
 }
 
+/* Wait for FWNMI interlock. */
 while (spapr->fwnmi_machine_check_interlock != -1) {
 /*
  * Check whether the same CPU got machine check error
@@ -856,8 +852,13 @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
 return;
 }
 qemu_cond_wait_iothread(>fwnmi_machine_check_interlock_cond);
-/* Meanwhile if the system is reset, then just return */
 if (spapr->fwnmi_machine_check_addr == -1) {
+/*
+ * If the machine was reset while waiting for the interlock,
+ * abort the delivery. The machine check applies to a context
+ * that no longer exists, so it wouldn't make sense to deliver
+ * it now.
+ */
 return;
 }
 }
@@ -868,7 +869,9 @@ void spapr_mce_req_event(PowerPCCPU *cpu, bool recovered)
  * We don't want to abort so we let the migration to continue.
  * In a rare case, the machine check handler will run on the target.
  * Though this is not preferable, it is better than aborting
- * the migration or killing the VM.
+ * the migration or killing the VM. It is okay to call
+ * migrate_del_blocker on a blocker that was not added (which the
+ * nmi-interlock handler would do when it's called after this).
  */
 warn_report("Received a fwnmi while migration was in progress");
 }
-- 
2.23.0

[PATCH 1/5] ppc/spapr: KVM FWNMI should not be enabled until guest requests it

[Nicholas Piggin]

The KVM FWNMI capability should be enabled with the "ibm,nmi-register"
rtas call. Although MCEs from KVM will be delivered as architected
interrupts to the guest before "ibm,nmi-register" is called, KVM has
different behaviour depending on whether the guest has enabled FWNMI
(it attempts to do more recovery on behalf of a non-FWNMI guest).

Signed-off-by: Nicholas Piggin 
---
 hw/ppc/spapr_caps.c  | 5 +++--
 hw/ppc/spapr_rtas.c  | 7 +++
 target/ppc/kvm.c | 7 +++
 target/ppc/kvm_ppc.h | 6 ++
 4 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
index 679ae7959f..eb5521d0c2 100644
--- a/hw/ppc/spapr_caps.c
+++ b/hw/ppc/spapr_caps.c
@@ -517,9 +517,10 @@ static void cap_fwnmi_apply(SpaprMachineState *spapr, 
uint8_t val,
 }
 
 if (kvm_enabled()) {
-if (kvmppc_set_fwnmi() < 0) {
+if (!kvmppc_get_fwnmi()) {
 error_setg(errp, "Firmware Assisted Non-Maskable Interrupts(FWNMI) 
"
- "not supported by KVM");
+ "not supported by KVM, "
+ "try appending -machine cap-fwnmi=off");
 }
 }
 }
diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
index 9fb8c8632a..29abe66d01 100644
--- a/hw/ppc/spapr_rtas.c
+++ b/hw/ppc/spapr_rtas.c
@@ -437,6 +437,13 @@ static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
 return;
 }
 
+if (kvm_enabled()) {
+if (kvmppc_set_fwnmi() < 0) {
+rtas_st(rets, 0, RTAS_OUT_NOT_SUPPORTED);
+return;
+}
+}
+
 spapr->fwnmi_system_reset_addr = sreset_addr;
 spapr->fwnmi_machine_check_addr = mce_addr;
 
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index 597f72be1b..03d0667e8f 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -88,6 +88,7 @@ static int cap_ppc_safe_indirect_branch;
 static int cap_ppc_count_cache_flush_assist;
 static int cap_ppc_nested_kvm_hv;
 static int cap_large_decr;
+static int cap_fwnmi;
 
 static uint32_t debug_inst_opcode;
 
@@ -136,6 +137,7 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 kvmppc_get_cpu_characteristics(s);
 cap_ppc_nested_kvm_hv = kvm_vm_check_extension(s, KVM_CAP_PPC_NESTED_HV);
 cap_large_decr = kvmppc_get_dec_bits();
+cap_fwnmi = kvm_vm_check_extension(s, KVM_CAP_PPC_FWNMI);
 /*
  * Note: setting it to false because there is not such capability
  * in KVM at this moment.
@@ -2064,6 +2066,11 @@ void kvmppc_set_mpic_proxy(PowerPCCPU *cpu, int 
mpic_proxy)
 }
 }
 
+bool kvmppc_get_fwnmi(void)
+{
+return cap_fwnmi;
+}
+
 int kvmppc_set_fwnmi(void)
 {
 PowerPCCPU *cpu = POWERPC_CPU(first_cpu);
diff --git a/target/ppc/kvm_ppc.h b/target/ppc/kvm_ppc.h
index 332fa0aa1c..fcaf745516 100644
--- a/target/ppc/kvm_ppc.h
+++ b/target/ppc/kvm_ppc.h
@@ -27,6 +27,7 @@ void kvmppc_enable_h_page_init(void);
 void kvmppc_set_papr(PowerPCCPU *cpu);
 int kvmppc_set_compat(PowerPCCPU *cpu, uint32_t compat_pvr);
 void kvmppc_set_mpic_proxy(PowerPCCPU *cpu, int mpic_proxy);
+bool kvmppc_get_fwnmi(void);
 int kvmppc_set_fwnmi(void);
 int kvmppc_smt_threads(void);
 void kvmppc_error_append_smt_possible_hint(Error *const *errp);
@@ -163,6 +164,11 @@ static inline void kvmppc_set_mpic_proxy(PowerPCCPU *cpu, 
int mpic_proxy)
 {
 }
 
+static inline bool kvmppc_get_fwnmi(void)
+{
+return false;
+}
+
 static inline int kvmppc_set_fwnmi(void)
 {
 return -1;
-- 
2.23.0

[PATCH 0/5] FWNMI follow up patches

[Nicholas Piggin]

Here's a bunch of other patches remaining  after the last round,
for some less critical issues. Take these before or after the 5.0
freeze as you like.

Patch 1 is the main thing I think should be considered as a fix:
without it, non-FWNMI guests under KVM see behaviour change with
the FWNMI feature. I kept it out of the "must have" round because
Linux has long been FWNMI capable (I don't know state of FreeBSD
though), and because I have not tested under KVM with hardware
MCE injection.

2-3 are hopefully quite harmless comments and messages.

Patch 4 helps the guest stay up under some QoS corner cases.
Lastly is a machine check injection monitor command which helps
test things, it may not be ready for merge but it's useful for
the series.

Patch 5 is monitor command to inject MCEs, it's a bit janky
but it works to test qemu and guests.

Nicholas Piggin (5):
  ppc/spapr: KVM FWNMI should not be enabled until guest requests it
  ppc/spapr: Improve FWNMI machine check delivery corner case comments
  ppc/spapr: Add FWNMI machine check delivery warnings
  ppc/spapr: Don't kill the guest if a recovered FWNMI machine check
delivery fails
  target/ppc: Implement simple monitor mce injection

 hmp-commands.hx| 20 +++-
 hw/ppc/spapr.c | 42 ++
 hw/ppc/spapr_caps.c|  5 +++--
 hw/ppc/spapr_events.c  | 40 +---
 hw/ppc/spapr_rtas.c| 11 +++
 include/hw/ppc/spapr.h |  3 +++
 target/ppc/cpu.h   |  3 +++
 target/ppc/kvm.c   |  7 +++
 target/ppc/kvm_ppc.h   |  6 ++
 target/ppc/monitor.c   | 26 ++
 10 files changed, 149 insertions(+), 14 deletions(-)

-- 
2.23.0

Re: [PATCH 0/5] QEMU Gating CI

[Cleber Rosa]

- Original Message -
> From: "Peter Maydell" 
> To: "Cleber Rosa" 
> Cc: "Fam Zheng" , "Thomas Huth" , "Beraldo 
> Leal" , "Erik
> Skultety" , "Alex Bennée" , 
> "Wainer Moschetta" ,
> "QEMU Developers" , "Wainer dos Santos Moschetta" 
> , "Willian Rampazzo"
> , "Philippe Mathieu-Daudé" , "Eduardo 
> Habkost" 
> Sent: Monday, March 16, 2020 10:57:30 AM
> Subject: Re: [PATCH 0/5] QEMU Gating CI
> 
> On Mon, 16 Mar 2020 at 12:26, Cleber Rosa  wrote:
> > About the runners and the fact that the job is stuck without them,
> > the message seems straightforward enough, but I can't get to the
> > project configuration to look at the registered runners with my
> > current permissions (set as "developer").
> 
> I've moved you up to 'maintainer' status, hopefully that is
> sufficient to look at the relevant config ?
> 
> thanks
> -- PMM
> 
> 

Hi Peter,

Yes, that did the trick and I can now see the configuration.  What I can
*not* see is any "Specific Runner" configured.  So maybe:

1) The documentation I included is not clear enough about the fact that
setup steps need to be done on a machine so that it becomes a "Runner"

2) The (Ansible) playbooks (especially contrib/ci/orgs/qemu/gitlab-runner.yml)
is not working as intended

3) Some expectations misalignment on machines that would be available to run
those jobs

In any case, none of those should be big problems.  Please let me know what
you did/experienced/expected up to this point, and we can continue from there.

Regards,
- Cleber.

[PULL 10/10] block/qcow2-bitmap: use bdrv_dirty_bitmap_next_dirty

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

store_bitmap_data() loop does bdrv_set_dirty_iter() on each iteration,
which means that we actually don't need iterator itself and we can use
simpler bitmap API.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Max Reitz 
Reviewed-by: John Snow 
Message-id: 20200205112041.6003-11-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 block/qcow2-bitmap.c | 15 +--
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index 82c9f3..cb06954b4a 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -1288,7 +1288,6 @@ static uint64_t *store_bitmap_data(BlockDriverState *bs,
 uint64_t bm_size = bdrv_dirty_bitmap_size(bitmap);
 const char *bm_name = bdrv_dirty_bitmap_name(bitmap);
 uint8_t *buf = NULL;
-BdrvDirtyBitmapIter *dbi;
 uint64_t *tb;
 uint64_t tb_size =
 size_to_clusters(s,
@@ -1307,12 +1306,14 @@ static uint64_t *store_bitmap_data(BlockDriverState *bs,
 return NULL;
 }
 
-dbi = bdrv_dirty_iter_new(bitmap);
 buf = g_malloc(s->cluster_size);
 limit = bytes_covered_by_bitmap_cluster(s, bitmap);
 assert(DIV_ROUND_UP(bm_size, limit) == tb_size);
 
-while ((offset = bdrv_dirty_iter_next(dbi)) >= 0) {
+offset = 0;
+while ((offset = bdrv_dirty_bitmap_next_dirty(bitmap, offset, INT64_MAX))
+   >= 0)
+{
 uint64_t cluster = offset / limit;
 uint64_t end, write_size;
 int64_t off;
@@ -1355,23 +1356,17 @@ static uint64_t *store_bitmap_data(BlockDriverState *bs,
 goto fail;
 }
 
-if (end >= bm_size) {
-break;
-}
-
-bdrv_set_dirty_iter(dbi, end);
+offset = end;
 }
 
 *bitmap_table_size = tb_size;
 g_free(buf);
-bdrv_dirty_iter_free(dbi);
 
 return tb;
 
 fail:
 clear_bitmap_table(bs, tb, tb_size);
 g_free(buf);
-bdrv_dirty_iter_free(dbi);
 g_free(tb);
 
 return NULL;
-- 
2.21.1

[PULL 06/10] block/dirty-bitmap: add _next_dirty API

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

We have bdrv_dirty_bitmap_next_zero, let's add corresponding
bdrv_dirty_bitmap_next_dirty, which is more comfortable to use than
bitmap iterators in some cases.

For test modify test_hbitmap_next_zero_check_range to check both
next_zero and next_dirty and add some new checks.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Max Reitz 
Reviewed-by: John Snow 
Message-id: 20200205112041.6003-7-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 include/block/dirty-bitmap.h |   2 +
 include/qemu/hbitmap.h   |  13 
 block/dirty-bitmap.c |   6 ++
 tests/test-hbitmap.c | 130 ---
 util/hbitmap.c   |  60 
 5 files changed, 126 insertions(+), 85 deletions(-)

diff --git a/include/block/dirty-bitmap.h b/include/block/dirty-bitmap.h
index 27c72cc56a..b1f0de12db 100644
--- a/include/block/dirty-bitmap.h
+++ b/include/block/dirty-bitmap.h
@@ -105,6 +105,8 @@ for (bitmap = bdrv_dirty_bitmap_first(bs); bitmap; \
  bitmap = bdrv_dirty_bitmap_next(bitmap))
 
 char *bdrv_dirty_bitmap_sha256(const BdrvDirtyBitmap *bitmap, Error **errp);
+int64_t bdrv_dirty_bitmap_next_dirty(BdrvDirtyBitmap *bitmap, int64_t offset,
+ int64_t bytes);
 int64_t bdrv_dirty_bitmap_next_zero(BdrvDirtyBitmap *bitmap, int64_t offset,
 int64_t bytes);
 bool bdrv_dirty_bitmap_next_dirty_area(BdrvDirtyBitmap *bitmap,
diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index b6e85f3d5d..6e9ae51ed3 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -297,6 +297,19 @@ void hbitmap_free(HBitmap *hb);
  */
 void hbitmap_iter_init(HBitmapIter *hbi, const HBitmap *hb, uint64_t first);
 
+/*
+ * hbitmap_next_dirty:
+ *
+ * Find next dirty bit within selected range. If not found, return -1.
+ *
+ * @hb: The HBitmap to operate on
+ * @start: The bit to start from.
+ * @count: Number of bits to proceed. If @start+@count > bitmap size, the whole
+ * bitmap is looked through. You can use INT64_MAX as @count to search up to
+ * the bitmap end.
+ */
+int64_t hbitmap_next_dirty(const HBitmap *hb, int64_t start, int64_t count);
+
 /* hbitmap_next_zero:
  *
  * Find next not dirty bit within selected range. If not found, return -1.
diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index af9f5411a6..1b14c8eb26 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -860,6 +860,12 @@ char *bdrv_dirty_bitmap_sha256(const BdrvDirtyBitmap 
*bitmap, Error **errp)
 return hbitmap_sha256(bitmap->bitmap, errp);
 }
 
+int64_t bdrv_dirty_bitmap_next_dirty(BdrvDirtyBitmap *bitmap, int64_t offset,
+ int64_t bytes)
+{
+return hbitmap_next_dirty(bitmap->bitmap, offset, bytes);
+}
+
 int64_t bdrv_dirty_bitmap_next_zero(BdrvDirtyBitmap *bitmap, int64_t offset,
 int64_t bytes)
 {
diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index 9d210dc18c..8905b8a351 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -816,92 +816,108 @@ static void test_hbitmap_iter_and_reset(TestHBitmapData 
*data,
 hbitmap_iter_next();
 }
 
-static void test_hbitmap_next_zero_check_range(TestHBitmapData *data,
-   int64_t start,
-   int64_t count)
+static void test_hbitmap_next_x_check_range(TestHBitmapData *data,
+int64_t start,
+int64_t count)
 {
-int64_t ret1 = hbitmap_next_zero(data->hb, start, count);
-int64_t ret2 = start;
+int64_t next_zero = hbitmap_next_zero(data->hb, start, count);
+int64_t next_dirty = hbitmap_next_dirty(data->hb, start, count);
+int64_t next;
 int64_t end = start >= data->size || data->size - start < count ?
 data->size : start + count;
+bool first_bit = hbitmap_get(data->hb, start);
 
-for ( ; ret2 < end && hbitmap_get(data->hb, ret2); ret2++) {
+for (next = start;
+ next < end && hbitmap_get(data->hb, next) == first_bit;
+ next++)
+{
 ;
 }
-if (ret2 == end) {
-ret2 = -1;
+
+if (next == end) {
+next = -1;
 }
 
-g_assert_cmpint(ret1, ==, ret2);
+g_assert_cmpint(next_dirty, ==, first_bit ? start : next);
+g_assert_cmpint(next_zero, ==, first_bit ? next : start);
 }
 
-static void test_hbitmap_next_zero_check(TestHBitmapData *data, int64_t start)
+static void test_hbitmap_next_x_check(TestHBitmapData *data, int64_t start)
 {
-test_hbitmap_next_zero_check_range(data, start, INT64_MAX);
+test_hbitmap_next_x_check_range(data, start, INT64_MAX);
 }
 
-static void test_hbitmap_next_zero_do(TestHBitmapData *data, int granularity)
+static void test_hbitmap_next_x_do(TestHBitmapData *data, int granularity)
 {
 hbitmap_test_init(data, L3, 

[PULL 04/10] hbitmap: drop meta bitmaps as they are unused

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Max Reitz 
Reviewed-by: John Snow 
Message-id: 20200205112041.6003-5-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 include/qemu/hbitmap.h |  21 
 tests/test-hbitmap.c   | 115 -
 util/hbitmap.c |  16 --
 3 files changed, 152 deletions(-)

diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index 15837a0e2d..df922d8517 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -325,27 +325,6 @@ int64_t hbitmap_next_zero(const HBitmap *hb, uint64_t 
start, uint64_t count);
 bool hbitmap_next_dirty_area(const HBitmap *hb, uint64_t *start,
  uint64_t *count);
 
-/* hbitmap_create_meta:
- * Create a "meta" hbitmap to track dirtiness of the bits in this HBitmap.
- * The caller owns the created bitmap and must call hbitmap_free_meta(hb) to
- * free it.
- *
- * Currently, we only guarantee that if a bit in the hbitmap is changed it
- * will be reflected in the meta bitmap, but we do not yet guarantee the
- * opposite.
- *
- * @hb: The HBitmap to operate on.
- * @chunk_size: How many bits in @hb does one bit in the meta track.
- */
-HBitmap *hbitmap_create_meta(HBitmap *hb, int chunk_size);
-
-/* hbitmap_free_meta:
- * Free the meta bitmap of @hb.
- *
- * @hb: The HBitmap whose meta bitmap should be freed.
- */
-void hbitmap_free_meta(HBitmap *hb);
-
 /**
  * hbitmap_iter_next:
  * @hbi: HBitmapIter to operate on.
diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index e1f867085f..aeaa0b3f22 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -22,7 +22,6 @@
 
 typedef struct TestHBitmapData {
 HBitmap   *hb;
-HBitmap   *meta;
 unsigned long *bits;
 size_t size;
 size_t old_size;
@@ -94,14 +93,6 @@ static void hbitmap_test_init(TestHBitmapData *data,
 }
 }
 
-static void hbitmap_test_init_meta(TestHBitmapData *data,
-   uint64_t size, int granularity,
-   int meta_chunk)
-{
-hbitmap_test_init(data, size, granularity);
-data->meta = hbitmap_create_meta(data->hb, meta_chunk);
-}
-
 static inline size_t hbitmap_test_array_size(size_t bits)
 {
 size_t n = DIV_ROUND_UP(bits, BITS_PER_LONG);
@@ -144,9 +135,6 @@ static void hbitmap_test_teardown(TestHBitmapData *data,
   const void *unused)
 {
 if (data->hb) {
-if (data->meta) {
-hbitmap_free_meta(data->hb);
-}
 hbitmap_free(data->hb);
 data->hb = NULL;
 }
@@ -648,96 +636,6 @@ static void 
test_hbitmap_truncate_shrink_large(TestHBitmapData *data,
 hbitmap_test_truncate(data, size, -diff, 0);
 }
 
-static void hbitmap_check_meta(TestHBitmapData *data,
-   int64_t start, int count)
-{
-int64_t i;
-
-for (i = 0; i < data->size; i++) {
-if (i >= start && i < start + count) {
-g_assert(hbitmap_get(data->meta, i));
-} else {
-g_assert(!hbitmap_get(data->meta, i));
-}
-}
-}
-
-static void hbitmap_test_meta(TestHBitmapData *data,
-  int64_t start, int count,
-  int64_t check_start, int check_count)
-{
-hbitmap_reset_all(data->hb);
-hbitmap_reset_all(data->meta);
-
-/* Test "unset" -> "unset" will not update meta. */
-hbitmap_reset(data->hb, start, count);
-hbitmap_check_meta(data, 0, 0);
-
-/* Test "unset" -> "set" will update meta */
-hbitmap_set(data->hb, start, count);
-hbitmap_check_meta(data, check_start, check_count);
-
-/* Test "set" -> "set" will not update meta */
-hbitmap_reset_all(data->meta);
-hbitmap_set(data->hb, start, count);
-hbitmap_check_meta(data, 0, 0);
-
-/* Test "set" -> "unset" will update meta */
-hbitmap_reset_all(data->meta);
-hbitmap_reset(data->hb, start, count);
-hbitmap_check_meta(data, check_start, check_count);
-}
-
-static void hbitmap_test_meta_do(TestHBitmapData *data, int chunk_size)
-{
-uint64_t size = chunk_size * 100;
-hbitmap_test_init_meta(data, size, 0, chunk_size);
-
-hbitmap_test_meta(data, 0, 1, 0, chunk_size);
-hbitmap_test_meta(data, 0, chunk_size, 0, chunk_size);
-hbitmap_test_meta(data, chunk_size - 1, 1, 0, chunk_size);
-hbitmap_test_meta(data, chunk_size - 1, 2, 0, chunk_size * 2);
-hbitmap_test_meta(data, chunk_size - 1, chunk_size + 1, 0, chunk_size * 2);
-hbitmap_test_meta(data, chunk_size - 1, chunk_size + 2, 0, chunk_size * 3);
-hbitmap_test_meta(data, 7 * chunk_size - 1, chunk_size + 2,
-  6 * chunk_size, chunk_size * 3);
-hbitmap_test_meta(data, size - 1, 1, size - chunk_size, chunk_size);
-hbitmap_test_meta(data, 0, size, 0, size);
-}
-
-static void test_hbitmap_meta_byte(TestHBitmapData *data, const void *unused)
-{
-

[PULL 09/10] nbd/server: use bdrv_dirty_bitmap_next_dirty_area

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

Use bdrv_dirty_bitmap_next_dirty_area for bitmap_to_extents. Since
bdrv_dirty_bitmap_next_dirty_area is very accurate in its interface,
we'll never exceed requested region with last chunk. So, we don't need
dont_fragment, and bitmap_to_extents() interface becomes clean enough
to not require any comment.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Eric Blake 
Message-id: 20200205112041.6003-10-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 nbd/server.c | 59 +---
 1 file changed, 19 insertions(+), 40 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index f90bb33a75..02b1ed0801 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -2068,57 +2068,36 @@ static int nbd_co_send_block_status(NBDClient *client, 
uint64_t handle,
 return nbd_co_send_extents(client, handle, ea, last, context_id, errp);
 }
 
-/*
- * Populate @ea from a dirty bitmap. Unless @dont_fragment, the
- * final extent may exceed the original @length.
- */
+/* Populate @ea from a dirty bitmap. */
 static void bitmap_to_extents(BdrvDirtyBitmap *bitmap,
   uint64_t offset, uint64_t length,
-  NBDExtentArray *ea, bool dont_fragment)
+  NBDExtentArray *es)
 {
-uint64_t begin = offset, end = offset;
-uint64_t overall_end = offset + length;
-BdrvDirtyBitmapIter *it;
-bool dirty;
+int64_t start, dirty_start, dirty_count;
+int64_t end = offset + length;
+bool full = false;
 
 bdrv_dirty_bitmap_lock(bitmap);
 
-it = bdrv_dirty_iter_new(bitmap);
-dirty = bdrv_dirty_bitmap_get_locked(bitmap, offset);
-
-while (begin < overall_end) {
-bool next_dirty = !dirty;
-
-if (dirty) {
-end = bdrv_dirty_bitmap_next_zero(bitmap, begin, INT64_MAX);
-} else {
-bdrv_set_dirty_iter(it, begin);
-end = bdrv_dirty_iter_next(it);
-}
-if (end == -1 || end - begin > UINT32_MAX) {
-/* Cap to an aligned value < 4G beyond begin. */
-end = MIN(bdrv_dirty_bitmap_size(bitmap),
-  begin + UINT32_MAX + 1 -
-  bdrv_dirty_bitmap_granularity(bitmap));
-next_dirty = dirty;
-}
-if (dont_fragment && end > overall_end) {
-end = overall_end;
-}
-
-if (nbd_extent_array_add(ea, end - begin,
- dirty ? NBD_STATE_DIRTY : 0) < 0) {
+for (start = offset;
+ bdrv_dirty_bitmap_next_dirty_area(bitmap, start, end, INT32_MAX,
+   _start, _count);
+ start = dirty_start + dirty_count)
+{
+if ((nbd_extent_array_add(es, dirty_start - start, 0) < 0) ||
+(nbd_extent_array_add(es, dirty_count, NBD_STATE_DIRTY) < 0))
+{
+full = true;
 break;
 }
-begin = end;
-dirty = next_dirty;
 }
 
-bdrv_dirty_iter_free(it);
+if (!full) {
+/* last non dirty extent */
+nbd_extent_array_add(es, end - start, 0);
+}
 
 bdrv_dirty_bitmap_unlock(bitmap);
-
-assert(offset < end);
 }
 
 static int nbd_co_send_bitmap(NBDClient *client, uint64_t handle,
@@ -2129,7 +2108,7 @@ static int nbd_co_send_bitmap(NBDClient *client, uint64_t 
handle,
 unsigned int nb_extents = dont_fragment ? 1 : NBD_MAX_BLOCK_STATUS_EXTENTS;
 g_autoptr(NBDExtentArray) ea = nbd_extent_array_new(nb_extents);
 
-bitmap_to_extents(bitmap, offset, length, ea, dont_fragment);
+bitmap_to_extents(bitmap, offset, length, ea);
 
 return nbd_co_send_extents(client, handle, ea, last, context_id, errp);
 }
-- 
2.21.1

[PULL 07/10] block/dirty-bitmap: improve _next_dirty_area API

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

Firstly, _next_dirty_area is for scenarios when we may contiguously
search for next dirty area inside some limited region, so it is more
comfortable to specify "end" which should not be recalculated on each
iteration.

Secondly, let's add a possibility to limit resulting area size, not
limiting searching area. This will be used in NBD code in further
commit. (Note that now bdrv_dirty_bitmap_next_dirty_area is unused)

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Max Reitz 
Reviewed-by: John Snow 
Message-id: 20200205112041.6003-8-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 include/block/dirty-bitmap.h |  3 ++-
 include/qemu/hbitmap.h   | 23 ++
 block/dirty-bitmap.c |  6 +++--
 tests/test-hbitmap.c | 45 +++-
 util/hbitmap.c   | 44 +--
 5 files changed, 75 insertions(+), 46 deletions(-)

diff --git a/include/block/dirty-bitmap.h b/include/block/dirty-bitmap.h
index b1f0de12db..8a10029418 100644
--- a/include/block/dirty-bitmap.h
+++ b/include/block/dirty-bitmap.h
@@ -110,7 +110,8 @@ int64_t bdrv_dirty_bitmap_next_dirty(BdrvDirtyBitmap 
*bitmap, int64_t offset,
 int64_t bdrv_dirty_bitmap_next_zero(BdrvDirtyBitmap *bitmap, int64_t offset,
 int64_t bytes);
 bool bdrv_dirty_bitmap_next_dirty_area(BdrvDirtyBitmap *bitmap,
-   int64_t *offset, int64_t *bytes);
+int64_t start, int64_t end, int64_t max_dirty_count,
+int64_t *dirty_start, int64_t *dirty_count);
 BdrvDirtyBitmap *bdrv_reclaim_dirty_bitmap_locked(BdrvDirtyBitmap *bitmap,
   Error **errp);
 
diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index 6e9ae51ed3..5e71b6d6f7 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -324,18 +324,21 @@ int64_t hbitmap_next_zero(const HBitmap *hb, int64_t 
start, int64_t count);
 
 /* hbitmap_next_dirty_area:
  * @hb: The HBitmap to operate on
- * @start: in-out parameter.
- * in: the offset to start from
- * out: (if area found) start of found area
- * @count: in-out parameter.
- * in: length of requested region
- * out: length of found area
+ * @start: the offset to start from
+ * @end: end of requested area
+ * @max_dirty_count: limit for out parameter dirty_count
+ * @dirty_start: on success: start of found area
+ * @dirty_count: on success: length of found area
  *
- * If dirty area found within [@start, @start + @count), returns true and sets
- * @offset and @bytes appropriately. Otherwise returns false and leaves @offset
- * and @bytes unchanged.
+ * If dirty area found within [@start, @end), returns true and sets
+ * @dirty_start and @dirty_count appropriately. @dirty_count will not exceed
+ * @max_dirty_count.
+ * If dirty area was not found, returns false and leaves @dirty_start and
+ * @dirty_count unchanged.
  */
-bool hbitmap_next_dirty_area(const HBitmap *hb, int64_t *start, int64_t 
*count);
+bool hbitmap_next_dirty_area(const HBitmap *hb, int64_t start, int64_t end,
+ int64_t max_dirty_count,
+ int64_t *dirty_start, int64_t *dirty_count);
 
 /**
  * hbitmap_iter_next:
diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index 1b14c8eb26..063793e316 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -873,9 +873,11 @@ int64_t bdrv_dirty_bitmap_next_zero(BdrvDirtyBitmap 
*bitmap, int64_t offset,
 }
 
 bool bdrv_dirty_bitmap_next_dirty_area(BdrvDirtyBitmap *bitmap,
-   int64_t *offset, int64_t *bytes)
+int64_t start, int64_t end, int64_t max_dirty_count,
+int64_t *dirty_start, int64_t *dirty_count)
 {
-return hbitmap_next_dirty_area(bitmap->bitmap, offset, bytes);
+return hbitmap_next_dirty_area(bitmap->bitmap, start, end, max_dirty_count,
+   dirty_start, dirty_count);
 }
 
 /**
diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index 8905b8a351..b6726cf76b 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -920,18 +920,19 @@ static void 
test_hbitmap_next_x_after_truncate(TestHBitmapData *data,
 test_hbitmap_next_x_check(data, 0);
 }
 
-static void test_hbitmap_next_dirty_area_check(TestHBitmapData *data,
-   int64_t offset,
-   int64_t count)
+static void test_hbitmap_next_dirty_area_check_limited(TestHBitmapData *data,
+   int64_t offset,
+   int64_t count,
+   int64_t max_dirty)
 {
 int64_t off1, off2;
 int64_t len1 = 0, len2;
 bool ret1, ret2;
 int64_t end;
 
-off1 = offset;
-len1 = count;

[PULL 03/10] hbitmap: unpublish hbitmap_iter_skip_words

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

Function is internal and even commented as internal. Drop its
definition from .h file.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Max Reitz 
Reviewed-by: John Snow 
Message-id: 20200205112041.6003-4-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 include/qemu/hbitmap.h | 7 ---
 util/hbitmap.c | 2 +-
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index ab227b117f..15837a0e2d 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -297,13 +297,6 @@ void hbitmap_free(HBitmap *hb);
  */
 void hbitmap_iter_init(HBitmapIter *hbi, const HBitmap *hb, uint64_t first);
 
-/* hbitmap_iter_skip_words:
- * @hbi: HBitmapIter to operate on.
- *
- * Internal function used by hbitmap_iter_next and hbitmap_iter_next_word.
- */
-unsigned long hbitmap_iter_skip_words(HBitmapIter *hbi);
-
 /* hbitmap_next_zero:
  *
  * Find next not dirty bit within selected range. If not found, return -1.
diff --git a/util/hbitmap.c b/util/hbitmap.c
index a368dc5ef7..26145d4b9e 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -104,7 +104,7 @@ struct HBitmap {
 /* Advance hbi to the next nonzero word and return it.  hbi->pos
  * is updated.  Returns zero if we reach the end of the bitmap.
  */
-unsigned long hbitmap_iter_skip_words(HBitmapIter *hbi)
+static unsigned long hbitmap_iter_skip_words(HBitmapIter *hbi)
 {
 size_t pos = hbi->pos;
 const HBitmap *hb = hbi->hb;
-- 
2.21.1

[PULL 01/10] hbitmap: assert that we don't create bitmap larger than INT64_MAX

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

We have APIs which returns signed int64_t, to be able to return error.
Therefore we can't handle bitmaps with absolute size larger than
(INT64_MAX+1). Still, keep maximum to be INT64_MAX which is a bit
safer.

Note, that bitmaps are used to represent disk images, which can't
exceed INT64_MAX anyway.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Max Reitz 
Reviewed-by: Eric Blake 
Reviewed-by: John Snow 
Message-id: 20200205112041.6003-2-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 util/hbitmap.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/hbitmap.c b/util/hbitmap.c
index 242c6e519c..7f9b3e0cd7 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -716,6 +716,7 @@ HBitmap *hbitmap_alloc(uint64_t size, int granularity)
 HBitmap *hb = g_new0(struct HBitmap, 1);
 unsigned i;
 
+assert(size <= INT64_MAX);
 hb->orig_size = size;
 
 assert(granularity >= 0 && granularity < 64);
@@ -746,6 +747,7 @@ void hbitmap_truncate(HBitmap *hb, uint64_t size)
 uint64_t num_elements = size;
 uint64_t old;
 
+assert(size <= INT64_MAX);
 hb->orig_size = size;
 
 /* Size comes in as logical elements, adjust for granularity. */
-- 
2.21.1

[PULL 05/10] block/dirty-bitmap: switch _next_dirty_area and _next_zero to int64_t

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

We are going to introduce bdrv_dirty_bitmap_next_dirty so that same
variable may be used to store its return value and to be its parameter,
so it would int64_t.

Similarly, we are going to refactor hbitmap_next_dirty_area to use
hbitmap_next_dirty together with hbitmap_next_zero, therefore we want
hbitmap_next_zero parameter type to be int64_t too.

So, for convenience update all parameters of *_next_zero and
*_next_dirty_area to be int64_t.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Max Reitz 
Reviewed-by: John Snow 
Message-id: 20200205112041.6003-6-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 include/block/dirty-bitmap.h |  6 +++---
 include/qemu/hbitmap.h   |  7 +++
 block/dirty-bitmap.c |  6 +++---
 nbd/server.c |  2 +-
 tests/test-hbitmap.c | 36 ++--
 util/hbitmap.c   | 13 -
 6 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/include/block/dirty-bitmap.h b/include/block/dirty-bitmap.h
index e2b20ecab9..27c72cc56a 100644
--- a/include/block/dirty-bitmap.h
+++ b/include/block/dirty-bitmap.h
@@ -105,10 +105,10 @@ for (bitmap = bdrv_dirty_bitmap_first(bs); bitmap; \
  bitmap = bdrv_dirty_bitmap_next(bitmap))
 
 char *bdrv_dirty_bitmap_sha256(const BdrvDirtyBitmap *bitmap, Error **errp);
-int64_t bdrv_dirty_bitmap_next_zero(BdrvDirtyBitmap *bitmap, uint64_t offset,
-uint64_t bytes);
+int64_t bdrv_dirty_bitmap_next_zero(BdrvDirtyBitmap *bitmap, int64_t offset,
+int64_t bytes);
 bool bdrv_dirty_bitmap_next_dirty_area(BdrvDirtyBitmap *bitmap,
-   uint64_t *offset, uint64_t *bytes);
+   int64_t *offset, int64_t *bytes);
 BdrvDirtyBitmap *bdrv_reclaim_dirty_bitmap_locked(BdrvDirtyBitmap *bitmap,
   Error **errp);
 
diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index df922d8517..b6e85f3d5d 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -304,10 +304,10 @@ void hbitmap_iter_init(HBitmapIter *hbi, const HBitmap 
*hb, uint64_t first);
  * @hb: The HBitmap to operate on
  * @start: The bit to start from.
  * @count: Number of bits to proceed. If @start+@count > bitmap size, the whole
- * bitmap is looked through. You can use UINT64_MAX as @count to search up to
+ * bitmap is looked through. You can use INT64_MAX as @count to search up to
  * the bitmap end.
  */
-int64_t hbitmap_next_zero(const HBitmap *hb, uint64_t start, uint64_t count);
+int64_t hbitmap_next_zero(const HBitmap *hb, int64_t start, int64_t count);
 
 /* hbitmap_next_dirty_area:
  * @hb: The HBitmap to operate on
@@ -322,8 +322,7 @@ int64_t hbitmap_next_zero(const HBitmap *hb, uint64_t 
start, uint64_t count);
  * @offset and @bytes appropriately. Otherwise returns false and leaves @offset
  * and @bytes unchanged.
  */
-bool hbitmap_next_dirty_area(const HBitmap *hb, uint64_t *start,
- uint64_t *count);
+bool hbitmap_next_dirty_area(const HBitmap *hb, int64_t *start, int64_t 
*count);
 
 /**
  * hbitmap_iter_next:
diff --git a/block/dirty-bitmap.c b/block/dirty-bitmap.c
index 7039e82520..af9f5411a6 100644
--- a/block/dirty-bitmap.c
+++ b/block/dirty-bitmap.c
@@ -860,14 +860,14 @@ char *bdrv_dirty_bitmap_sha256(const BdrvDirtyBitmap 
*bitmap, Error **errp)
 return hbitmap_sha256(bitmap->bitmap, errp);
 }
 
-int64_t bdrv_dirty_bitmap_next_zero(BdrvDirtyBitmap *bitmap, uint64_t offset,
-uint64_t bytes)
+int64_t bdrv_dirty_bitmap_next_zero(BdrvDirtyBitmap *bitmap, int64_t offset,
+int64_t bytes)
 {
 return hbitmap_next_zero(bitmap->bitmap, offset, bytes);
 }
 
 bool bdrv_dirty_bitmap_next_dirty_area(BdrvDirtyBitmap *bitmap,
-   uint64_t *offset, uint64_t *bytes)
+   int64_t *offset, int64_t *bytes)
 {
 return hbitmap_next_dirty_area(bitmap->bitmap, offset, bytes);
 }
diff --git a/nbd/server.c b/nbd/server.c
index 11a31094ff..3106aaf3b4 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -2055,7 +2055,7 @@ static unsigned int bitmap_to_extents(BdrvDirtyBitmap 
*bitmap, uint64_t offset,
 bool next_dirty = !dirty;
 
 if (dirty) {
-end = bdrv_dirty_bitmap_next_zero(bitmap, begin, UINT64_MAX);
+end = bdrv_dirty_bitmap_next_zero(bitmap, begin, INT64_MAX);
 } else {
 bdrv_set_dirty_iter(it, begin);
 end = bdrv_dirty_iter_next(it);
diff --git a/tests/test-hbitmap.c b/tests/test-hbitmap.c
index aeaa0b3f22..9d210dc18c 100644
--- a/tests/test-hbitmap.c
+++ b/tests/test-hbitmap.c
@@ -817,8 +817,8 @@ static void test_hbitmap_iter_and_reset(TestHBitmapData 
*data,
 }
 
 static void 

[PULL 08/10] nbd/server: introduce NBDExtentArray

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

Introduce NBDExtentArray class, to handle extents list creation in more
controlled way and with fewer OUT parameters in functions.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Eric Blake 
Message-id: 20200205112041.6003-9-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 nbd/server.c | 210 +--
 1 file changed, 118 insertions(+), 92 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index 3106aaf3b4..f90bb33a75 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1909,27 +1909,98 @@ static int coroutine_fn 
nbd_co_send_sparse_read(NBDClient *client,
 return ret;
 }
 
+typedef struct NBDExtentArray {
+NBDExtent *extents;
+unsigned int nb_alloc;
+unsigned int count;
+uint64_t total_length;
+bool can_add;
+bool converted_to_be;
+} NBDExtentArray;
+
+static NBDExtentArray *nbd_extent_array_new(unsigned int nb_alloc)
+{
+NBDExtentArray *ea = g_new0(NBDExtentArray, 1);
+
+ea->nb_alloc = nb_alloc;
+ea->extents = g_new(NBDExtent, nb_alloc);
+ea->can_add = true;
+
+return ea;
+}
+
+static void nbd_extent_array_free(NBDExtentArray *ea)
+{
+g_free(ea->extents);
+g_free(ea);
+}
+G_DEFINE_AUTOPTR_CLEANUP_FUNC(NBDExtentArray, nbd_extent_array_free);
+
+/* Further modifications of the array after conversion are abandoned */
+static void nbd_extent_array_convert_to_be(NBDExtentArray *ea)
+{
+int i;
+
+assert(!ea->converted_to_be);
+ea->can_add = false;
+ea->converted_to_be = true;
+
+for (i = 0; i < ea->count; i++) {
+ea->extents[i].flags = cpu_to_be32(ea->extents[i].flags);
+ea->extents[i].length = cpu_to_be32(ea->extents[i].length);
+}
+}
+
 /*
- * Populate @extents from block status. Update @bytes to be the actual
- * length encoded (which may be smaller than the original), and update
- * @nb_extents to the number of extents used.
- *
- * Returns zero on success and -errno on bdrv_block_status_above failure.
+ * Add extent to NBDExtentArray. If extent can't be added (no available space),
+ * return -1.
+ * For safety, when returning -1 for the first time, .can_add is set to false,
+ * further call to nbd_extent_array_add() will crash.
+ * (to avoid the situation, when after failing to add an extent (returned -1),
+ * user miss this failure and add another extent, which is successfully added
+ * (array is full, but new extent may be squashed into the last one), then we
+ * have invalid array with skipped extent)
  */
+static int nbd_extent_array_add(NBDExtentArray *ea,
+uint32_t length, uint32_t flags)
+{
+assert(ea->can_add);
+
+if (!length) {
+return 0;
+}
+
+/* Extend previous extent if flags are the same */
+if (ea->count > 0 && flags == ea->extents[ea->count - 1].flags) {
+uint64_t sum = (uint64_t)length + ea->extents[ea->count - 1].length;
+
+if (sum <= UINT32_MAX) {
+ea->extents[ea->count - 1].length = sum;
+ea->total_length += length;
+return 0;
+}
+}
+
+if (ea->count >= ea->nb_alloc) {
+ea->can_add = false;
+return -1;
+}
+
+ea->total_length += length;
+ea->extents[ea->count] = (NBDExtent) {.length = length, .flags = flags};
+ea->count++;
+
+return 0;
+}
+
 static int blockstatus_to_extents(BlockDriverState *bs, uint64_t offset,
-  uint64_t *bytes, NBDExtent *extents,
-  unsigned int *nb_extents)
+  uint64_t bytes, NBDExtentArray *ea)
 {
-uint64_t remaining_bytes = *bytes;
-NBDExtent *extent = extents, *extents_end = extents + *nb_extents;
-bool first_extent = true;
-
-assert(*nb_extents);
-while (remaining_bytes) {
+while (bytes) {
 uint32_t flags;
 int64_t num;
-int ret = bdrv_block_status_above(bs, NULL, offset, remaining_bytes,
-  , NULL, NULL);
+int ret = bdrv_block_status_above(bs, NULL, offset, bytes, ,
+  NULL, NULL);
 
 if (ret < 0) {
 return ret;
@@ -1938,60 +2009,37 @@ static int blockstatus_to_extents(BlockDriverState *bs, 
uint64_t offset,
 flags = (ret & BDRV_BLOCK_ALLOCATED ? 0 : NBD_STATE_HOLE) |
 (ret & BDRV_BLOCK_ZERO  ? NBD_STATE_ZERO : 0);
 
-if (first_extent) {
-extent->flags = flags;
-extent->length = num;
-first_extent = false;
-} else if (flags == extent->flags) {
-/* extend current extent */
-extent->length += num;
-} else {
-if (extent + 1 == extents_end) {
-break;
-}
-
-/* start new extent */
-extent++;
-extent->flags = flags;
-extent->length = num;
+if 

[PULL 02/10] hbitmap: move hbitmap_iter_next_word to hbitmap.c

[John Snow]

From: Vladimir Sementsov-Ogievskiy 

The function is definitely internal (it's not used by third party and
it has complicated interface). Move it to .c file.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Reviewed-by: Max Reitz 
Reviewed-by: John Snow 
Message-id: 20200205112041.6003-3-vsement...@virtuozzo.com
Signed-off-by: John Snow 
---
 include/qemu/hbitmap.h | 30 --
 util/hbitmap.c | 29 +
 2 files changed, 29 insertions(+), 30 deletions(-)

diff --git a/include/qemu/hbitmap.h b/include/qemu/hbitmap.h
index 1bf944ca3d..ab227b117f 100644
--- a/include/qemu/hbitmap.h
+++ b/include/qemu/hbitmap.h
@@ -362,34 +362,4 @@ void hbitmap_free_meta(HBitmap *hb);
  */
 int64_t hbitmap_iter_next(HBitmapIter *hbi);
 
-/**
- * hbitmap_iter_next_word:
- * @hbi: HBitmapIter to operate on.
- * @p_cur: Location where to store the next non-zero word.
- *
- * Return the index of the next nonzero word that is set in @hbi's
- * associated HBitmap, and set *p_cur to the content of that word
- * (bits before the index that was passed to hbitmap_iter_init are
- * trimmed on the first call).  Return -1, and set *p_cur to zero,
- * if all remaining words are zero.
- */
-static inline size_t hbitmap_iter_next_word(HBitmapIter *hbi, unsigned long 
*p_cur)
-{
-unsigned long cur = hbi->cur[HBITMAP_LEVELS - 1];
-
-if (cur == 0) {
-cur = hbitmap_iter_skip_words(hbi);
-if (cur == 0) {
-*p_cur = 0;
-return -1;
-}
-}
-
-/* The next call will resume work from the next word.  */
-hbi->cur[HBITMAP_LEVELS - 1] = 0;
-*p_cur = cur;
-return hbi->pos;
-}
-
-
 #endif
diff --git a/util/hbitmap.c b/util/hbitmap.c
index 7f9b3e0cd7..a368dc5ef7 100644
--- a/util/hbitmap.c
+++ b/util/hbitmap.c
@@ -298,6 +298,35 @@ uint64_t hbitmap_count(const HBitmap *hb)
 return hb->count << hb->granularity;
 }
 
+/**
+ * hbitmap_iter_next_word:
+ * @hbi: HBitmapIter to operate on.
+ * @p_cur: Location where to store the next non-zero word.
+ *
+ * Return the index of the next nonzero word that is set in @hbi's
+ * associated HBitmap, and set *p_cur to the content of that word
+ * (bits before the index that was passed to hbitmap_iter_init are
+ * trimmed on the first call).  Return -1, and set *p_cur to zero,
+ * if all remaining words are zero.
+ */
+static size_t hbitmap_iter_next_word(HBitmapIter *hbi, unsigned long *p_cur)
+{
+unsigned long cur = hbi->cur[HBITMAP_LEVELS - 1];
+
+if (cur == 0) {
+cur = hbitmap_iter_skip_words(hbi);
+if (cur == 0) {
+*p_cur = 0;
+return -1;
+}
+}
+
+/* The next call will resume work from the next word.  */
+hbi->cur[HBITMAP_LEVELS - 1] = 0;
+*p_cur = cur;
+return hbi->pos;
+}
+
 /* Count the number of set bits between start and end, not accounting for
  * the granularity.  Also an example of how to use hbitmap_iter_next_word.
  */
-- 
2.21.1

[PULL 00/10] Bitmaps patches

[John Snow]

The following changes since commit 6e8a73e911f066527e775e04b98f31ebd19db600:

  Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into 
staging (2020-03-11 14:41:27 +)

are available in the Git repository at:

  https://github.com/jnsnow/qemu.git tags/bitmaps-pull-request

for you to fetch changes up to 34b456d485a4df3a88116fb5ef0c418f2f12990d:

  block/qcow2-bitmap: use bdrv_dirty_bitmap_next_dirty (2020-03-12 16:36:46 
-0400)


Pull request



Vladimir Sementsov-Ogievskiy (10):
  hbitmap: assert that we don't create bitmap larger than INT64_MAX
  hbitmap: move hbitmap_iter_next_word to hbitmap.c
  hbitmap: unpublish hbitmap_iter_skip_words
  hbitmap: drop meta bitmaps as they are unused
  block/dirty-bitmap: switch _next_dirty_area and _next_zero to int64_t
  block/dirty-bitmap: add _next_dirty API
  block/dirty-bitmap: improve _next_dirty_area API
  nbd/server: introduce NBDExtentArray
  nbd/server: use bdrv_dirty_bitmap_next_dirty_area
  block/qcow2-bitmap: use bdrv_dirty_bitmap_next_dirty

 include/block/dirty-bitmap.h |   9 +-
 include/qemu/hbitmap.h   |  95 +++
 block/dirty-bitmap.c |  16 +-
 block/qcow2-bitmap.c |  15 +-
 nbd/server.c | 251 ++--
 tests/test-hbitmap.c | 316 +--
 util/hbitmap.c   | 134 +--
 7 files changed, 375 insertions(+), 461 deletions(-)

-- 
2.21.1

[PATCH v3 2/3] iotests: add JobRunner class

[John Snow]

The idea is that instead of increasing the arguments to job_run all the
time, create a more general-purpose job runner that can be subclassed to
do interesting things with.

pylint note: the 'callbacks' option guards against unused warning
arguments in functions designated as callbacks. It does not currently
guard against "no-self-use" though; hence a once-off ignore.

mypy note: QapiEvent is only a weak alias; it's fully interchangable
with the type it's declared as. In the future, we may wish to tighten
these types. For now, this communicates the rough shape of the type and
(more importantly) the intent.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/155|  15 ++-
 tests/qemu-iotests/255|   9 +-
 tests/qemu-iotests/257|  54 +
 tests/qemu-iotests/iotests.py | 201 +-
 tests/qemu-iotests/pylintrc   |  11 ++
 5 files changed, 213 insertions(+), 77 deletions(-)

diff --git a/tests/qemu-iotests/155 b/tests/qemu-iotests/155
index cb371d4649..e2a013e774 100755
--- a/tests/qemu-iotests/155
+++ b/tests/qemu-iotests/155
@@ -163,6 +163,16 @@ class BaseClass(iotests.QMPTestCase):
 self.assert_qmp_absent(node, 'image/backing-image')
 
 
+class MirrorJob(iotests.JobRunner):
+def __init__(self, *args, test, **kwargs):
+super().__init__(*args, **kwargs)
+self.test = test
+
+def on_pending(self, event):
+self.test.openBacking()
+super().on_pending(event)
+
+
 # Class variables for controlling its behavior:
 #
 # cmd: Mirroring command to execute, either drive-mirror or blockdev-mirror
@@ -188,8 +198,9 @@ class MirrorBaseClass(BaseClass):
 
 self.assert_qmp(result, 'return', {})
 
-self.vm.run_job('mirror-job', auto_finalize=False,
-pre_finalize=self.openBacking, auto_dismiss=True)
+job = MirrorJob(self.vm, 'mirror-job', test=self,
+auto_finalize=False, auto_dismiss=True)
+job.run()
 
 def testFull(self):
 self.runMirror('full')
diff --git a/tests/qemu-iotests/255 b/tests/qemu-iotests/255
index 8f08f741da..e66cdfd672 100755
--- a/tests/qemu-iotests/255
+++ b/tests/qemu-iotests/255
@@ -71,8 +71,13 @@ with iotests.FilePath('t.qcow2') as disk_path, \
 result = vm.qmp_log('block-commit', job_id='job0', auto_finalize=False,
 device='overlay', top_node='mid')
 
-vm.run_job('job0', auto_finalize=False, pre_finalize=start_requests,
-auto_dismiss=True)
+class TestJobRunner(iotests.JobRunner):
+def on_pending(self, event):
+start_requests()
+super().on_pending(event)
+
+runner = TestJobRunner(vm, 'job0', auto_finalize=False, auto_dismiss=True)
+runner.run()
 
 vm.shutdown()
 
diff --git a/tests/qemu-iotests/257 b/tests/qemu-iotests/257
index 004a433b8b..95341c330f 100755
--- a/tests/qemu-iotests/257
+++ b/tests/qemu-iotests/257
@@ -352,30 +352,40 @@ def test_bitmap_sync(bsync_mode, msync_mode='bitmap', 
failure=None):
 job = backup(drive0, 1, bsync1, msync_mode,
  bitmap="bitmap0", bitmap_mode=bsync_mode)
 
-def _callback():
-"""Issue writes while the job is open to test bitmap divergence."""
-# Note: when `failure` is 'intermediate', this isn't called.
-log('')
-bitmaps = perform_writes(drive0, 2, filter_node_name='backup-top')
-# Named bitmap (static, should be unchanged)
-ebitmap.compare(vm.get_bitmap(drive0.node, 'bitmap0',
-  bitmaps=bitmaps))
-# Anonymous bitmap (dynamic, shows new writes)
-anonymous = EmulatedBitmap()
-anonymous.dirty_group(2)
-anonymous.compare(vm.get_bitmap(drive0.node, '', recording=True,
-bitmaps=bitmaps))
 
-# Simulate the order in which this will happen:
-# group 1 gets cleared first, then group two gets written.
-if ((bsync_mode == 'on-success' and not failure) or
-(bsync_mode == 'always')):
-ebitmap.clear()
-ebitmap.dirty_group(2)
+class TestJobRunner(iotests.JobRunner):
+def on_pending(self, event):
+"""
+Issue writes while the job is open to test bitmap divergence.
+"""
+
+# Note: when `failure` is 'intermediate', this isn't called.
+log('')
+bitmaps = perform_writes(drive0, 2,
+ filter_node_name='backup-top')
+# Named bitmap (static, should be unchanged)
+ebitmap.compare(vm.get_bitmap(drive0.node, 'bitmap0',
+  bitmaps=bitmaps))
+# Anonymous bitmap (dynamic, shows new writes)
+anonymous = EmulatedBitmap()
+

[PATCH v3 3/3] iotests: modify test 040 to use JobRunner

[John Snow]

Instead of having somewhat reproduced it for itself.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/040 | 51 +-
 1 file changed, 25 insertions(+), 26 deletions(-)

diff --git a/tests/qemu-iotests/040 b/tests/qemu-iotests/040
index 90b59081ff..e2ef3bb812 100755
--- a/tests/qemu-iotests/040
+++ b/tests/qemu-iotests/040
@@ -483,34 +483,33 @@ class TestErrorHandling(iotests.QMPTestCase):
   file=('top-dbg' if top_debug else 'top-file'),
   backing='mid-fmt')
 
+
+class TestJobRunner(iotests.JobRunner):
+expected_events = ('BLOCK_JOB_COMPLETED',
+   'BLOCK_JOB_ERROR',
+   'BLOCK_JOB_READY')
+
+def __init__(self, *args, test, **kwargs):
+super().__init__(*args, **kwargs)
+self.log = []
+self.test = test
+
+def on_pause(self, event):
+super().on_pause(event)
+result = self._vm.qmp('block-job-resume', device=self._id)
+self.test.assert_qmp(result, 'return', {})
+
+def on_block_job_event(self, event):
+if event['event'] not in self.expected_events:
+self.test.fail("Unexpected event: %s" % event)
+super().on_block_job_event(event)
+self.log.append(event)
+
 def run_job(self, expected_events, error_pauses_job=False):
-match_device = {'data': {'device': 'job0'}}
-events = {
-'BLOCK_JOB_COMPLETED': match_device,
-'BLOCK_JOB_CANCELLED': match_device,
-'BLOCK_JOB_ERROR': match_device,
-'BLOCK_JOB_READY': match_device,
-}
-
-completed = False
-log = []
-while not completed:
-ev = self.vm.events_wait(events, timeout=5.0)
-if ev['event'] == 'BLOCK_JOB_COMPLETED':
-completed = True
-elif ev['event'] == 'BLOCK_JOB_ERROR':
-if error_pauses_job:
-result = self.vm.qmp('block-job-resume', device='job0')
-self.assert_qmp(result, 'return', {})
-elif ev['event'] == 'BLOCK_JOB_READY':
-result = self.vm.qmp('block-job-complete', device='job0')
-self.assert_qmp(result, 'return', {})
-else:
-self.fail("Unexpected event: %s" % ev)
-log.append(iotests.filter_qmp_event(ev))
-
+job = self.TestJobRunner(self.vm, 'job0', test=self)
+job.run()
 self.maxDiff = None
-self.assertEqual(expected_events, log)
+self.assertEqual(expected_events, job.log)
 
 def event_error(self, op, action):
 return {
-- 
2.21.1

[PATCH v3 1/3] qmp.py: change event_wait to use a dict

[John Snow]

It's easier to work with than a list of tuples, because we can check the
keys for membership.

Signed-off-by: John Snow 
---
 python/qemu/machine.py| 10 +-
 tests/qemu-iotests/040| 12 ++--
 tests/qemu-iotests/260|  5 +++--
 tests/qemu-iotests/iotests.py | 16 
 4 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/python/qemu/machine.py b/python/qemu/machine.py
index 183d8f3d38..748de5f322 100644
--- a/python/qemu/machine.py
+++ b/python/qemu/machine.py
@@ -476,21 +476,21 @@ def event_wait(self, name, timeout=60.0, match=None):
 timeout: QEMUMonitorProtocol.pull_event timeout parameter.
 match: Optional match criteria. See event_match for details.
 """
-return self.events_wait([(name, match)], timeout)
+return self.events_wait({name: match}, timeout)
 
 def events_wait(self, events, timeout=60.0):
 """
 events_wait waits for and returns a named event from QMP with a 
timeout.
 
-events: a sequence of (name, match_criteria) tuples.
+events: a mapping containing {name: match_criteria}.
 The match criteria are optional and may be None.
 See event_match for details.
 timeout: QEMUMonitorProtocol.pull_event timeout parameter.
 """
 def _match(event):
-for name, match in events:
-if event['event'] == name and self.event_match(event, match):
-return True
+name = event['event']
+if name in events:
+return self.event_match(event, events[name])
 return False
 
 # Search cached events
diff --git a/tests/qemu-iotests/040 b/tests/qemu-iotests/040
index 32c82b4ec6..90b59081ff 100755
--- a/tests/qemu-iotests/040
+++ b/tests/qemu-iotests/040
@@ -485,12 +485,12 @@ class TestErrorHandling(iotests.QMPTestCase):
 
 def run_job(self, expected_events, error_pauses_job=False):
 match_device = {'data': {'device': 'job0'}}
-events = [
-('BLOCK_JOB_COMPLETED', match_device),
-('BLOCK_JOB_CANCELLED', match_device),
-('BLOCK_JOB_ERROR', match_device),
-('BLOCK_JOB_READY', match_device),
-]
+events = {
+'BLOCK_JOB_COMPLETED': match_device,
+'BLOCK_JOB_CANCELLED': match_device,
+'BLOCK_JOB_ERROR': match_device,
+'BLOCK_JOB_READY': match_device,
+}
 
 completed = False
 log = []
diff --git a/tests/qemu-iotests/260 b/tests/qemu-iotests/260
index 804a7addb9..729f031122 100755
--- a/tests/qemu-iotests/260
+++ b/tests/qemu-iotests/260
@@ -67,8 +67,9 @@ def test(persistent, restart):
 
 vm.qmp_log('block-commit', device='drive0', top=top,
filters=[iotests.filter_qmp_testfiles])
-ev = vm.events_wait((('BLOCK_JOB_READY', None),
- ('BLOCK_JOB_COMPLETED', None)))
+ev = vm.events_wait({
+'BLOCK_JOB_READY': None,
+'BLOCK_JOB_COMPLETED': None })
 log(filter_qmp_event(ev))
 if (ev['event'] == 'BLOCK_JOB_COMPLETED'):
 vm.shutdown()
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 9304066471..bc96f1ce27 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -617,14 +617,14 @@ def run_job(self, job, auto_finalize=True, 
auto_dismiss=False,
 """
 match_device = {'data': {'device': job}}
 match_id = {'data': {'id': job}}
-events = [
-('BLOCK_JOB_COMPLETED', match_device),
-('BLOCK_JOB_CANCELLED', match_device),
-('BLOCK_JOB_ERROR', match_device),
-('BLOCK_JOB_READY', match_device),
-('BLOCK_JOB_PENDING', match_id),
-('JOB_STATUS_CHANGE', match_id)
-]
+events = {
+'BLOCK_JOB_COMPLETED': match_device,
+'BLOCK_JOB_CANCELLED': match_device,
+'BLOCK_JOB_ERROR': match_device,
+'BLOCK_JOB_READY': match_device,
+'BLOCK_JOB_PENDING': match_id,
+'JOB_STATUS_CHANGE': match_id,
+}
 error = None
 while True:
 ev = filter_qmp_event(self.events_wait(events, timeout=wait))
-- 
2.21.1

[PATCH v3 0/3] iotests: add JobRunner framework

[John Snow]

Requires: 20200317004105.27059-1-js...@redhat.com

(This requires the iotests pylint & logging series.)

The basic idea is to make a generic job runtime manager and allow
callers to subclass the manager. Then, instead of adding callback
arguments to the function all the time, we have à la carte customization
of the loop.

To showcase this a little bit, I removed the pre_finalization argument
and made existing callers use a custom JobRunner; and then converted
test 040 to use this style of job runner.

Is it a simplification? No. Is it cool? Maybe. Did it remove the
duplicated job-running code in 040? yes.

V3:
 - Rebased on logging series v8
 - Converted 155's new usage of job_run

V2:
 - Rebased on logging series; logging conditionals are pretty now.
 - Inlined callback login in 257
 - No longer based on bitmap-populate job (no test 287)
 - Moved super() call to the beginning of test 040's callback
 - Added docstrings and type annotations

John Snow (3):
  qmp.py: change event_wait to use a dict
  iotests: add JobRunner class
  iotests: modify test 040 to use JobRunner

 python/qemu/machine.py|  10 +-
 tests/qemu-iotests/040|  51 +
 tests/qemu-iotests/155|  15 ++-
 tests/qemu-iotests/255|   9 +-
 tests/qemu-iotests/257|  54 +
 tests/qemu-iotests/260|   5 +-
 tests/qemu-iotests/iotests.py | 201 +-
 tests/qemu-iotests/pylintrc   |  11 ++
 8 files changed, 246 insertions(+), 110 deletions(-)

-- 
2.21.1

Re: [PATCH 0/8] Misc hw/ide legacy clean up

[John Snow]

On 3/16/20 9:41 AM, BALATON Zoltan wrote:
> On Mon, 16 Mar 2020, BALATON Zoltan wrote:
>> On Mon, 16 Mar 2020, Markus Armbruster wrote:
>>> BALATON Zoltan  writes:
 These are some clean ups to remove more legacy init functions and
 lessen dependence on include/hw/ide.h with some simplifications in
 board code. There should be no functional change.
>>>
>>> PATCH 1 could quote precedence more clearly in the commit message, but
>>> that's detail.
>>>
>>> I don't like PATCH 4.
>>
>> Sent alternative v2 version of patch 7 so you can drop patch 4 if you
>> like,
> 
> and patch 6 v2 also sent that is affected as well if you drop patch 4.
> 
>> the rest of the series should apply unchanged. Note that there might
>> be some places where MAX_IDE_BUS is defined but not used and current
>> code probably has assumption about this being 2 elsewhere and would
>> break with any other value so other than philosophical there should be
>> no reason to keep this defined everywhere.
>>
>>> PATCH 1-3,5-8:
>>> Reviewed-by: Markus Armbruster 
>>
>> Thanks.
>>
>> Regards,
>> BALATON Zoltan
>>
> 

Can you do me a favor and send a proper v2 of the whole series, with
review tags applied?

--js

Re: [PATCH 0/7] via-ide: fixes and improvements

[John Snow]

On 3/14/20 5:15 AM, Mark Cave-Ayland wrote:
> On 13/03/2020 17:57, John Snow wrote:
> 
>> On 3/13/20 4:24 AM, Mark Cave-Ayland wrote:
>>> Following on from the earlier thread "Implement "non 100% native mode"
>>> in via-ide", here is an updated patchset based upon the test cases
>>> sent to me off-list.
>>>
>>> The VIA IDE controller is similar to early versions of the PIIX
>>> controller in that the primary and secondary IDE channels are hardwired
>>> to IRQs 14 and 15 respectively. Guest OSs typically handle this by
>>> either switching the controller to legacy mode, or using native mode and
>>> using a combination of PCI device/vendor ID and/or checking various
>>> registers in PCI configuration space to detect this condition and apply
>>> a special fixed IRQ 14/15 routing.
>>>
>>> This patchset effectively updates the VIA IDE PCI device to follow the
>>> behaviour in the datasheet in two ways: fixing some PCI configuration
>>> space register defaults and behaviours, and always using legacy IRQ 14/15
>>> routing, and once applied allows all our known test images to boot
>>> correctly.
>>>
>>> Signed-off-by: Mark Cave-Ayland 
>>>
>>>
>>> BALATON Zoltan (2):
>>>   ide/via: Get rid of via_ide_init()
>>>   pci: Honour wmask when resetting PCI_INTERRUPT_LINE
>>>
>>> Mark Cave-Ayland (5):
>>>   via-ide: move registration of VMStateDescription to DeviceClass
>>>   via-ide: ensure that PCI_INTERRUPT_LINE is hard-wired to its default
>>> value
>>>   via-ide: initialise IDE controller in legacy mode
>>>   via-ide: allow guests to write to PCI_CLASS_PROG
>>>   via-ide: always use legacy IRQ 14/15 routing
>>>
>>>  hw/ide/via.c| 21 +
>>>  hw/mips/mips_fulong2e.c |  5 -
>>>  hw/pci/pci.c|  5 -
>>>  include/hw/ide.h|  1 -
>>>  4 files changed, 13 insertions(+), 19 deletions(-)
>>>
>>
>> Does this supersede everything else so far? (Except the two cmd646
>> related series, four patches total, which are already staged)
> 
> Yes, that's correct. It passes all our tests, and even better allows the 
> fulong2e CD
> image at the link Zoltan posted to boot.
> 
> So I believe it's good unless Alexander has any objections?
> 
> 
> ATB,
> 
> Mark.
> 

Tentatively staged! Please let me know during the RC testing phase if
you discover problems.

Thanks, applied to my IDE tree:

https://github.com/jnsnow/qemu/commits/ide
https://github.com/jnsnow/qemu.git

--js

[PULL 5/6] gitlab-ci.yml: Add jobs to build OpenSBI firmware binaries

[Palmer Dabbelt]

From: Bin Meng 

Add two GitLab jobs to build the OpenSBI firmware binaries.

The first job builds a Docker image with the packages requisite
to build OpenSBI, and stores this image in the GitLab registry.
The second job pulls the image from the registry and builds the
OpenSBI firmware binaries.

The docker image is only rebuilt if the GitLab YAML or the
Dockerfile is updated. The second job is only built when the
roms/opensbi/ submodule is updated, when a git-ref starts with
'opensbi' or when the last commit contains 'OpenSBI'. The files
generated are archived in the artifacts.zip file.

With OpenSBI v0.6, it took 2 minutes 56 seconds to build
the docker image, and 1 minute 24 seconds to generate the
artifacts.zip with the firmware binaries (filesize: 111KiB).

See: https://gitlab.com/lbmeng/qemu/pipelines/120520138

Suggested-by: Philippe Mathieu-Daudé 
Signed-off-by: Bin Meng 
Signed-off-by: Palmer Dabbelt 
---
 .gitlab-ci-opensbi.yml  | 63 +
 .gitlab-ci.d/opensbi/Dockerfile | 33 +
 .gitlab-ci.yml  |  1 +
 3 files changed, 97 insertions(+)
 create mode 100644 .gitlab-ci-opensbi.yml
 create mode 100644 .gitlab-ci.d/opensbi/Dockerfile

diff --git a/.gitlab-ci-opensbi.yml b/.gitlab-ci-opensbi.yml
new file mode 100644
index 00..dd051c0124
--- /dev/null
+++ b/.gitlab-ci-opensbi.yml
@@ -0,0 +1,63 @@
+docker-opensbi:
+ stage: build
+ rules: # Only run this job when the Dockerfile is modified
+ - changes:
+   - .gitlab-ci-opensbi.yml
+   - .gitlab-ci.d/opensbi/Dockerfile
+   when: always
+ image: docker:19.03.1
+ services:
+ - docker:19.03.1-dind
+ variables:
+  GIT_DEPTH: 3
+  IMAGE_TAG: $CI_REGISTRY_IMAGE:opensbi-cross-build
+  # We don't use TLS
+  DOCKER_HOST: tcp://docker:2375
+  DOCKER_TLS_CERTDIR: ""
+ before_script:
+ - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+ script:
+ - docker pull $IMAGE_TAG || true
+ - docker build --cache-from $IMAGE_TAG --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+--tag $IMAGE_TAG .gitlab-ci.d/opensbi
+ - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+ - docker push $IMAGE_TAG
+
+build-opensbi:
+ rules: # Only run this job when ...
+ - changes: # ... roms/opensbi/ is modified (submodule updated)
+   - roms/opensbi/*
+   when: always
+ - if: '$CI_COMMIT_REF_NAME =~ /^opensbi/' # or the branch/tag starts with 
'opensbi'
+   when: always
+ - if: '$CI_COMMIT_MESSAGE =~ /opensbi/i' # or last commit description 
contains 'OpenSBI'
+   when: always
+ artifacts:
+   paths: # 'artifacts.zip' will contains the following files:
+   - pc-bios/opensbi-riscv32-sifive_u-fw_jump.bin
+   - pc-bios/opensbi-riscv32-virt-fw_jump.bin
+   - pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin
+   - pc-bios/opensbi-riscv64-virt-fw_jump.bin
+   - opensbi32-virt-stdout.log
+   - opensbi32-virt-stderr.log
+   - opensbi64-virt-stdout.log
+   - opensbi64-virt-stderr.log
+   - opensbi32-sifive_u-stdout.log
+   - opensbi32-sifive_u-stderr.log
+   - opensbi64-sifive_u-stdout.log
+   - opensbi64-sifive_u-stderr.log
+ image: $CI_REGISTRY_IMAGE:opensbi-cross-build
+ variables:
+   GIT_DEPTH: 3
+ script: # Clone the required submodules and build OpenSBI
+ - git submodule update --init roms/opensbi
+ - export JOBS=$(($(getconf _NPROCESSORS_ONLN) + 1))
+ - echo "=== Using ${JOBS} simultaneous jobs ==="
+ - make -j${JOBS} -C roms/opensbi clean
+ - make -j${JOBS} -C roms opensbi32-virt 2>&1 1>opensbi32-virt-stdout.log | 
tee -a opensbi32-virt-stderr.log >&2
+ - make -j${JOBS} -C roms/opensbi clean
+ - make -j${JOBS} -C roms opensbi64-virt 2>&1 1>opensbi64-virt-stdout.log | 
tee -a opensbi64-virt-stderr.log >&2
+ - make -j${JOBS} -C roms/opensbi clean
+ - make -j${JOBS} -C roms opensbi32-sifive_u 2>&1 
1>opensbi32-sifive_u-stdout.log | tee -a opensbi32-sifive_u-stderr.log >&2
+ - make -j${JOBS} -C roms/opensbi clean
+ - make -j${JOBS} -C roms opensbi64-sifive_u 2>&1 
1>opensbi64-sifive_u-stdout.log | tee -a opensbi64-sifive_u-stderr.log >&2
diff --git a/.gitlab-ci.d/opensbi/Dockerfile b/.gitlab-ci.d/opensbi/Dockerfile
new file mode 100644
index 00..4ba8a4de86
--- /dev/null
+++ b/.gitlab-ci.d/opensbi/Dockerfile
@@ -0,0 +1,33 @@
+#
+# Docker image to cross-compile OpenSBI firmware binaries
+#
+FROM ubuntu:18.04
+
+MAINTAINER Bin Meng 
+
+# Install packages required to build OpenSBI
+RUN apt update \
+&& \
+\
+DEBIAN_FRONTEND=noninteractive \
+apt install --assume-yes --no-install-recommends \
+build-essential \
+ca-certificates \
+git \
+make \
+wget \
+&& \
+\
+rm -rf /var/lib/apt/lists/*
+
+# Manually install the kernel.org "Crosstool" based toolchains for gcc-8.3
+RUN wget -O - \
+
https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/x86_64/8.3.0/x86_64-gcc-8.3.0-nolibc-riscv32-linux.tar.xz
 \
+| tar -C /opt -xJ
+RUN wget -O - \
+

[PULL 3/6] roms: opensbi: Add 32-bit firmware image for sifive_u machine

[Palmer Dabbelt]

From: Bin Meng 

Although the real world SiFive HiFive Unleashed board is a 64-bit
hardware configuration, with QEMU it is possible to test 32-bit
configuration with the same hardware features.

This updates the roms Makefile to add the build rules for creating
the 32-bit OpenSBI firmware image for sifive_u machine. A pre-built
OpenSBI v0.6 image has been added as the default bios for 32-bit
sifive_u machine.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
Signed-off-by: Palmer Dabbelt 
---
 Makefile |   2 +-
 pc-bios/opensbi-riscv32-sifive_u-fw_jump.bin | Bin 0 -> 49472 bytes
 roms/Makefile|   7 +++
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 pc-bios/opensbi-riscv32-sifive_u-fw_jump.bin

diff --git a/Makefile b/Makefile
index 7df22fcc5d..ea0e08fc57 100644
--- a/Makefile
+++ b/Makefile
@@ -848,7 +848,7 @@ u-boot.e500 u-boot-sam460-20100605.bin \
 qemu_vga.ndrv \
 edk2-licenses.txt \
 hppa-firmware.img \
-opensbi-riscv32-virt-fw_jump.bin \
+opensbi-riscv32-sifive_u-fw_jump.bin opensbi-riscv32-virt-fw_jump.bin \
 opensbi-riscv64-sifive_u-fw_jump.bin opensbi-riscv64-virt-fw_jump.bin
 
 
diff --git a/pc-bios/opensbi-riscv32-sifive_u-fw_jump.bin 
b/pc-bios/opensbi-riscv32-sifive_u-fw_jump.bin
new file mode 100644
index 
..bab13f597ac9da31518f0a2bb22c2a1dbd56380d
GIT binary patch
literal 49472
zcmcG%3tUrIwm-g4PEJmO55TC=j<%Et2yHDIA6FeMuMojU)e#+R?X;YtV`utssN=Q0
zPQm0P21L||DXq>>AE3+NkYIv|(99f+Nu*{2Pr#qgYA{!I}{%wJSXC>uaR0?=x`^{8gO6zQ+>A``?}V
zWtVJ?RR8>=zWR@L)6)G2rKMwKM%-W5bBUDp!6cT=iF^2AUBHMstO}wF;>lytfurg$
ztB8=~M?Upg##?Bw;jzA_>vGKo4_U*h2ZDAUQV#@Toh
zLa!R0)-3(P-i#5nM1A2{na6Il7Zqs3%6;RT79pTcmc_mL6Oc_%w5bHuC46z8I+;
z-t(yh+0|bgbKZ~tBicvt-HVasSK1N4AWS9;grUQ;?U5-3+VJzTKsr2Vb0=h7)10Jz
zX+CPl)n-|ARvX5XP~JVgwKK2{CQ`@toEw51^ygS|%6Vn3n!g+zSo+eVcPXt9WDbQc
z>obfR=G@ie#JDwq=+>}A{Y+m*_m>|?cwYy8+0L#Zj?N!QbzfZpX3HBMk`ZkC%*Z
zxrxJlka4&_!^h3MWfSIS5q6gh{XGcY4rSe`S)JAdiC4C|+#T@ln;+FZH98
zSt0XcuSLy_bwAkJnH51stA>fi3{jIF|FZEbo17!r^!}{S@XE;Q)Edo)7zLFom>rhF
zvC%3{r?SfI7ce5Gq6S_S?ShsDd1)+dFhjAT}3XOWp9EfoyO>L(km
z4Vx{y7EWSq$M+E1)ltM#f1C!7iT`YZzZyi`;4426U*3(+o!b3(6tfKV>
z9+Wxp3-$km`u?$_Va{9O#r)DysX|_B-^zCl4M8KNfjB=ER7`QJ;@JJ>iSVXR9k~
ztLtly)E+<7SbzGHvq#P!yLkMY6F)Rw{rtx1_Affm>Ntj611?TJrF$Vj}J
zD4Vl>PI%g$w1m0G=Vr{iI!`fW+dcSjyi2#?PqVX+dugF^^m;#E>F(;8p%1O#eW(+w7
zW=hT!CM73@NzF-Rrshm#rsYgyrsqs`FZp3HeNYbF`JGJ8eZO7Hlr%$C~IafHzC
z<2bU4UN!iw<~W%$UMk1wrK`UjA#rq^N&1p4CrXajA2T-|Idc3HQ0UOv+U!APCQsbC
zKN@Q{Fl?=fVO`r8qw51^i{jHY34B_?dHz$P>>)eHI!|)!K?`SemU6~JE{?5j
z=2%xbXRK}I!a18}6>&5#BGsHOa{!Z|;HKyX4QI~er>wDQER5Q2W)2t3DzMG{G2YS2
zGfN9j6};ap>NO1%cjsD9SjcZg1M8Bo5Q19z87U^UA28wktb%G_Q7_UqB1OmIR-!qL
zT0v#`p17IQj8Q?P$nA*>c|1oSDSF7v2}|3UP0a!MdUq
zM%Q>nVDF5zCuMA{OUAmIWky%4Ebv*;!Iky}SEP0?2hHm6ehUdpPid3x#l8{W;`=sX
zQb#Hv)zWDKdIsMv7OcRDajM7vwfU6deI{@Fd0yWssEaxTfO@qH)9UT}wU7d)}M
zWAXgFR5msO&(9lONis2S-BD>YXU0)0quIdZ=+zHcn8C>!P(sb=|Db!Jop@r;&6j?QfAGYH&?nKb48XoZ|jfQyp*r
zo!C?%a$AtRP2FoZH$(J{X)6o>8xuG$|a%P^CV*B#;{GAc?^Jki
z(8?jX0Y=F@!jKnpW{4XYo>8mA~llgF~*Ub$S&)#Ya>
zrmqRDmu>X6fR_BNY{9JInQFxuuf%RBfMf(dF5uG)d|H2kk0-8j9%Srdiq|XSQ^m}O
zJIX6eaVE6ugDznK5|GmRN179M}$SXurE
z>mKXATpB5dQA+EF=qf%w=)%*`HiDLFjyQp%%CI5lZ?~98}+L)wBxtg9a|M>ib
zr}jJ*{`C5%WecuOf9^TVWXlS}I|r7gU8-OX4@q11v7d9k($RTMd1)#1Ac?;^48k|1
zB#4v7pjkb+P#eaPo*ZY#jtYB-UUVg{yWNIVKkJn{`BN%wP}0(~Ci)>Vq2Zs*s8t+^
ztWP~eLRdo~c6KLEgdkO4U!U9FOawj8HTU)H
zJANFLC|qjp9a*FeQ(;Zn@Uwd1PAb14&3MS5C`hw$cSy67=${MyYexTCd-N~IMY)7&
z%6c{_meF_P9-d0EmsT5n|4{vvFp9Ibtn`N%Yjl-nKh^qjJ;tb9nRs-zxMHk3k-G(6
z<0$6Zh|=%!4{G+(wVu12GTE)?+G!89rKR5ts7Om#xy<%xvN(Fepx2lwxvR+Aw
zjh=L`UT!{m?_O%;pnx0{kb?s9z_~!jMp~;V_tG(uIB7=h?3%gNBqY;mTQ-K2nQ~mV
zSDjt!Zid(lhQ$2VX>lKeQ^nJs#2e1Wvth(t~rWt0T?e!9whn
ze)aP;#Gq3J?yuW#JzVSw3meU((6LMvB~A=aUGE)FCgpqIx**L^V{#$ZUlHps=8<7<
zkG;nGAK!=CSdnPO#eZoP9q2?DJP`%G6ew8PdOd|Grc6=Mwj^z!59?}kt18(w^bJMm$D
z{lCHI=cQc$KBpjGpz$5mI?AD&+t(MOF^FHgc$ho}nAK!1h?2tGXNSsng
zobsL$=Pu*L=ySmTcVgq$%p$9yTYL9YmLgMP*#>c3nPpYn=RRH9F|Gyr*!rZ83Vpg9
z`X!Yv-MA?cT3X?>cxC*Z)EN}OESyGk1#uqNNG$=m4DY0#Julx*36uqniweeX
zdGPKK6s$9Fg{ix}e}H}}XPqukq8XHE1tq$li7qPTspdIC+yhR5wN#e1+b|keWmd5v
z)-N6IyzkdAyybQqV!h9c4FTFLEM(rj#0adZpME7#!zHdtOm{{WQj5+I+Hc6=pIzF!2sUv?M1msS;73Z(%xMGS)sM
zai4vq#Td;IHd+tsR5T-)_$vN#YAa9~I76ipXrSaRYX-6Wren>l$24
zZFYfriL{dSkN<7FqxmAaaneJ$s*>*5A
zIOSIa*4Ta!81!wE=Ol42xO=Ov>(GPa6#vKF-wx|4>d|^W#kNy#0^c!3b>%}7s{+=8D{edj9yI;eB+0-T!-LjWnvm+b!Qhg?}er`3@
zF{wr~zY=<;sVsMdm_Noe<-88XOYuSdu#i`=XCv03zhu5CfkA7RxuxDmC?7gyd{ax!er_j2zWZ4Etwew}|coURkO#hz9%H;O@LX{9aHr
z$^4M7revfZPfeJ*XX<2;_G!NO*tp~78RoOz9o@4dOGH|K?Q8BNt~1AQsXS7w8`&|h
zj%s8zRFZjD0BNr@p_^`J#z?l#SJ)r{GN>oc465enXvdIc{63xR7Ss`;LW|yYm{Lh@FQq#=*NCx}4T+v}4|VxvxWtKm
zKAc-kIkC)i;46uq{9~IEg;o4O4f=?)rAL>k-!xng=J3b|Z=4O&+7QPKSqR~Urn
zPxdddYm0gEY4XF#C54fNp#IdKYPJ@CVge=u%RgO#2{(c-|F9g1#_@oW{d{|
zwGq$dqZJe@?YpJn(%g7NyQEGk$IXb>EcG|$4U!g(1Q!AB)eOt)^qvg)iG8fiBnKoX^TsT2&?aBznuqd!hkh&5!TRUJ+uif
zlgf85wD(E}8l!pWRvwu){v<*8kQ;pSAcho>eeX2

[PULL 2/6] roms: opensbi: Upgrade from v0.5 to v0.6

[Palmer Dabbelt]

From: Bin Meng 

Upgrade OpenSBI from v0.5 to v0.6 and the pre-built bios images.

The v0.6 release includes the following commits:

dd8ef28 firmware: Fix compile error for FW_PAYLOAD with latest GCC binutils
98f4a20 firmware: Introduce relocation lottery
f728a0b include: Sync-up encoding with priv v1.12-draft and hypervisor 
v0.5-draft
18897aa include: Use _UL() and _ULL() for defines in riscv_encoding.h
7a13beb firmware: Add preferred boot HART field in struct fw_dynamic_info
215421c lib: Remove date and time from init message
838657c include: Remove ilen member of struct unpriv_trap
b1d8c98 lib: No need to set VSSTATUS.MXR bit in get_insn()
0e1322b lib: Better naming of unpriv APIs for wider use
75f903d lib: Simplify trap parameters in sbi_ecall functions
c96cc03 lib: Fix CPU capabilities detection function
ab14f94 lib: Fix probe extension
813f7f4 lib: Add error detection for misa_extension
dc40042 include: sbi_platform: fix compilation for GCC-9
bd732ae include: Add guest external interrupt related defines
6590a7d lib: Delegate guest page faults to HS-mode
4370f18 include: Extend struct sbi_trap_info for mtval2 and mtinst
086dbdf lib: Fix sbi_get_insn() for load guest page fault
2be424b lib: Extend trap redirection for hypervisor v0.5 spec
7219477 lib: Use MTINST CSR in misaligned load/store emulation
b8732fe lib: Add replacement extension and function ids
aa0ed1d lib: Remove redundant IPI types
1092663 lib: Add TIME extension in SBI
9777aee lib: Add IPI extension in SBI
9407202 lib: Add hfence instruction encoding
331ff6a lib: Support stage1 and stage2 tlb flushing
86a31f5 lib: Implement RFENCE extension
c7d1b12 firmware: Return real DTB address when FW_xyz_FDT_ADDR is not defined
9beb573 firmware: Improve comments for fw_prev_arg1() and fw_next_arg1()
fc6bd90 docs: Improve docs for FDT address passing
46a90d9 lib: utils: Support CLINT with 32bit MMIO access on RV64 system
c0849cd platform: Add T-head C910 initial support
e746673 lib: Remove unnecessary checks from init_coldboot() and init_warmboot()
c3e406f lib: Add initial sbi_exit() API
55e191e lib: Add system early_exit and final_exit APIs
6469ed1 lib: Add timer exit API
b325f6b lib: Add ipi exit API
1993182 lib: Add irqchip exit API
2aa43a1 lib: save/restore MIE CSR in sbi_hart_wait_for_coldboot()
b0c9787 lib: do sbi_exit() upon halt IPI
15ed1e7 lib: improve system reboot and shutdown implementation
73c19e6 lib: zero-out memory allocated using sbi_scratch_alloc_offset()
a67fd68 lib: Add sbi_init_count() API
049ad0b build: Use -ffreestanding
e340bbf include: Add OPENSBI_EXTERNAL_SBI_TYPES in sbi_types.h
b28b8ac docs: Add description of using OPENSBI_EXTERNAL_SBI_TYPES
adf8b73 platform: thead/c910: Remove SBI_PLATFORM_HAS_PMP
f95dd39 docs: platform: Update SiFive FU540 doc as-per U-Boot v2020.01
6ffe1be firmware: Fix placement of .align directives
7daccae platform: thead/c910: Don't enable L2 cache in warm boot
a73d45c platform: thead/c910: Don't set plic/clint address in warm boot
30cdf00 scripts: Add C910 to platform list in the binary archive script
0492c5d include: Typo fix in comment for SBI_SCRATCH_SIZE define
046cc16 lib: Move struct sbi_ipi_data definition to sbi_ipi.c
3d2aaac lib: Introduce sbi_ipi_send_smode() API
da9b76b lib: Introduce sbi_ipi_send_halt() API
a8b4b83 lib: Introduce sbi_tlb_fifo_request() API
5f762d1 lib: Introduce sbi_ipi_event_create/destroy() APIs
817d50d lib: Drop _fifo from the name of various sbi_tlb_fifo_xyz() functions
84cd4fc lib: Initialize TLB management directly from coldboot/warmboot path
0a411bf include: Add generic and simple list handling APIs
37923c4 lib: Add dynamic registration of SBI extensions
7668502 lib: Factor-out SBI legacy extension
161b348 lib: Factor-out SBI replacement extensions
43ac621 lib: Factor-out SBI vendor extension
021b9e7 lib: Factor-out SBI base extension
85647a1 platform: template: typo fix in system reboot/shutdown names
ac1c229 platform: Update UART base addresses for qemu/sifve_u
d79173b platform: Add an platform ops to return platform specific tlb flush 
limit
2c2bbe7 platform: sifive/fu540: Set tlb range flush limit to zero
5ff1ab0 makefile: add support for building on macOS
6d0b4c5 platform: Drop qemu/sifive_u support
9a717ec platform: sifive: fu540: Add platform specific 'make run' cmd
d6fa7f9 doc: sifive: fu540: Update QEMU instruction when using U-Boot as the 
payload
179edde lib: sbi_scratch: use bitwise ops in sbi_scratch_alloc_offset()
897b8fb lib: Use __builtin_ctzl() in pmp_get()
1a8ca08 lib: Initialize out value in SBI calls
c2bfa2b lib: irqchip/plic: Disable all contexts and IRQs
c2f23cc platform: Add Spike initial support
a062200 platform: Remove stale options from config.mk files
c03c8a1 scripts: Add Spike to platform list of binary archive script
29bb2a6 docs: platform: Add documentation for Spike platform
48b06ad ThirdPartyNotices: Fix doc styles
892e879 doc: coreboot: Fix doc styles
fdfb533 doc: payload_linux: Fix doc styles
44d1296 doc: andes-ae350: Fix doc 

[PULL 4/6] riscv: sifive_u: Update BIOS_FILENAME for 32-bit

[Palmer Dabbelt]

From: Bin Meng 

Update BIOS_FILENAME to consider 32-bit bios image file name.

Tested booting Linux v5.5 32-bit image (built from rv32_defconfig
plus CONFIG_SOC_SIFIVE) with the default 32-bit bios image.

Signed-off-by: Bin Meng 
Reviewed-by: Alistair Francis 
Signed-off-by: Palmer Dabbelt 
---
 hw/riscv/sifive_u.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c
index 156a003642..4409ea1ccc 100644
--- a/hw/riscv/sifive_u.c
+++ b/hw/riscv/sifive_u.c
@@ -56,7 +56,11 @@
 
 #include 
 
-#define BIOS_FILENAME "opensbi-riscv64-sifive_u-fw_jump.bin"
+#if defined(TARGET_RISCV32)
+# define BIOS_FILENAME "opensbi-riscv32-sifive_u-fw_jump.bin"
+#else
+# define BIOS_FILENAME "opensbi-riscv64-sifive_u-fw_jump.bin"
+#endif
 
 static const struct MemmapEntry {
 hwaddr base;
-- 
2.25.1.481.gfbce0eb801-goog

[PULL 6/6] target/riscv: Fix VS mode interrupts forwarding.

[Palmer Dabbelt]

From: Rajnesh Kanwal 

Currently riscv_cpu_local_irq_pending is used to find out pending
interrupt and VS mode interrupts are being shifted to represent
S mode interrupts in this function. So when the cause returned by
this function is passed to riscv_cpu_do_interrupt to actually
forward the interrupt, the VS mode forwarding check does not work
as intended and interrupt is actually forwarded to hypervisor. This
patch fixes this issue.

Signed-off-by: Rajnesh Kanwal 
Reviewed-by: Palmer Dabbelt 
Signed-off-by: Palmer Dabbelt 
---
 target/riscv/cpu_helper.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 5ea5d133aa..d3ba9efb02 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -46,7 +46,7 @@ static int riscv_cpu_local_irq_pending(CPURISCVState *env)
 target_ulong pending = env->mip & env->mie &
~(MIP_VSSIP | MIP_VSTIP | MIP_VSEIP);
 target_ulong vspending = (env->mip & env->mie &
-  (MIP_VSSIP | MIP_VSTIP | MIP_VSEIP)) >> 1;
+  (MIP_VSSIP | MIP_VSTIP | MIP_VSEIP));
 
 target_ulong mie= env->priv < PRV_M ||
   (env->priv == PRV_M && mstatus_mie);
@@ -907,6 +907,13 @@ void riscv_cpu_do_interrupt(CPUState *cs)
 
 if (riscv_cpu_virt_enabled(env) && ((hdeleg >> cause) & 1) &&
 !force_hs_execp) {
+/*
+ * See if we need to adjust cause. Yes if its VS mode interrupt
+ * no if hypervisor has delegated one of hs mode's interrupt
+ */
+if (cause == IRQ_VS_TIMER || cause == IRQ_VS_SOFT ||
+cause == IRQ_VS_EXT)
+cause = cause - 1;
 /* Trap to VS mode */
 } else if (riscv_cpu_virt_enabled(env)) {
 /* Trap into HS mode, from virt */
-- 
2.25.1.481.gfbce0eb801-goog

[PULL 1/6] target/riscv: Correctly implement TSR trap

[Palmer Dabbelt]

From: Alistair Francis 

As reported in: https://bugs.launchpad.net/qemu/+bug/1851939 we weren't
correctly handling illegal instructions based on the value of MSTATUS_TSR
and the current privledge level.

This patch fixes the issue raised in the bug by raising an illegal
instruction if TSR is set and we are in S-Mode.

Signed-off-by: Alistair Francis 
Reviewed-by: Jonathan Behrens 
---
 target/riscv/op_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c
index 8736f689c2..c6412f680c 100644
--- a/target/riscv/op_helper.c
+++ b/target/riscv/op_helper.c
@@ -85,7 +85,7 @@ target_ulong helper_sret(CPURISCVState *env, target_ulong 
cpu_pc_deb)
 }
 
 if (env->priv_ver >= PRIV_VERSION_1_10_0 &&
-get_field(env->mstatus, MSTATUS_TSR)) {
+get_field(env->mstatus, MSTATUS_TSR) && !(env->priv >= PRV_M)) {
 riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC());
 }
 
-- 
2.25.1.481.gfbce0eb801-goog

[PULL] RISC-V Patches for the 5.0 Soft Freeze, Part 5

[Palmer Dabbelt]

The following changes since commit a98135f727595382e200d04c2996e868b7925a01:

  Merge remote-tracking branch 'remotes/kraxel/tags/vga-20200316-pull-request' 
into staging (2020-03-16 14:55:59 +)

are available in the Git repository at:

  g...@github.com:palmer-dabbelt/qemu.git tags/riscv-for-master-5.0-sf5

for you to fetch changes up to c5969a3a3c2cb9ea02ffb7e86acb059d3cf8c264:

  target/riscv: Fix VS mode interrupts forwarding. (2020-03-16 17:03:51 -0700)


RISC-V Patches for the 5.0 Soft Freeze, Part 5

This tag contains the last of the patches I'd like to target for the 5.0 soft
freeze.  At this point we're mostly collecting fixes, but there are a few new
features.  The changes include:

* An OpenSBI update, including the various bits necessary to put CI together
  and an image for the 32-bit sifive_u board.
* A fix that disallows TSR when outside of machine mode.
* A fix for VS-mode interrupt forwarding.


Alistair Francis (1):
  target/riscv: Correctly implement TSR trap

Bin Meng (4):
  roms: opensbi: Upgrade from v0.5 to v0.6
  roms: opensbi: Add 32-bit firmware image for sifive_u machine
  riscv: sifive_u: Update BIOS_FILENAME for 32-bit
  gitlab-ci.yml: Add jobs to build OpenSBI firmware binaries

Rajnesh Kanwal (1):
  target/riscv: Fix VS mode interrupts forwarding.

 .gitlab-ci-opensbi.yml   |  63 +++
 .gitlab-ci.d/opensbi/Dockerfile  |  33 ++
 .gitlab-ci.yml   |   1 +
 Makefile |   2 +-
 hw/riscv/sifive_u.c  |   6 ++-
 pc-bios/opensbi-riscv32-sifive_u-fw_jump.bin | Bin 0 -> 49472 bytes
 pc-bios/opensbi-riscv32-virt-fw_jump.bin | Bin 40984 -> 41280 bytes
 pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin | Bin 49160 -> 53760 bytes
 pc-bios/opensbi-riscv64-virt-fw_jump.bin | Bin 45064 -> 49664 bytes
 roms/Makefile|   7 +++
 roms/opensbi |   2 +-
 target/riscv/cpu_helper.c|   9 +++-
 target/riscv/op_helper.c |   2 +-
 13 files changed, 120 insertions(+), 5 deletions(-)
 create mode 100644 .gitlab-ci-opensbi.yml
 create mode 100644 .gitlab-ci.d/opensbi/Dockerfile
 create mode 100644 pc-bios/opensbi-riscv32-sifive_u-fw_jump.bin

Re: [PATCH v2 5/8] ppc/spapr: Allow FWNMI on TCG

[David? Gibson]

On Tue, Mar 17, 2020 at 09:26:15AM +1000, Nicholas Piggin wrote:
> Greg Kurz's on March 17, 2020 4:01 am:
> > On Tue, 17 Mar 2020 00:26:10 +1000
> > Nicholas Piggin  wrote:
> > 
> >> There should no longer be a reason to prevent TCG providing FWNMI.
> >> System Reset interrupts are generated to the guest with nmi monitor
> >> command and H_SIGNAL_SYS_RESET. Machine Checks can not be injected
> >> currently, but this could be implemented with the mce monitor cmd
> >> similarly to i386.
> >> 
> >> Signed-off-by: Nicholas Piggin 
> >> ---
> >>  hw/ppc/spapr_caps.c | 5 +
> >>  1 file changed, 1 insertion(+), 4 deletions(-)
> >> 
> >> diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
> >> index f626d769a0..679ae7959f 100644
> >> --- a/hw/ppc/spapr_caps.c
> >> +++ b/hw/ppc/spapr_caps.c
> >> @@ -516,10 +516,7 @@ static void cap_fwnmi_apply(SpaprMachineState *spapr, 
> >> uint8_t val,
> >>  return; /* Disabled by default */
> >>  }
> >>  
> >> -if (tcg_enabled()) {
> >> -warn_report("Firmware Assisted Non-Maskable Interrupts(FWNMI) not 
> >> "
> >> -"supported in TCG");
> > 
> > With this warning removed, we can now drop the "cap-fwnmi=off" setting
> > in qtest, but this can be done as a followup.
> 
> Ah right, thanks. Would you send the patch later or should I?

No need, I already folded the change into your patch.

> 
> Thanks,
> Nick
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Bug 1824344] Re: x86: retf or iret pagefault sets wrong error code

[Robert Henry]

This appears to be similar to
https://bugs.launchpad.net/qemu/+bug/1866892 (and much simpler)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1824344

Title:
  x86: retf or iret pagefault sets wrong error code

Status in QEMU:
  New

Bug description:
  With a x86_64 or i386 guest, non-KVM, when trying to execute a
  "iret/iretq/retf" instruction in userspace with invalid stack pointer
  (under a protected mode OS, like Linux), wrong bits are set in the
  pushed error code; bit 2 is not set, indicating the error comes from
  kernel space.

  If the guest OS is using this flag to decide whether this was a kernel
  or user page fault, it will mistakenly decide a kernel has irrecoverably
  faulted, possibly causing guest OS panic.

  
  How to reproduce the problem a guest (non-KVM) Linux:
  Note, on recent Linux kernel version, this needs a CPU with SMAP support
  (eg. -cpu max)

  $ cat tst.c
  int main()
  {
  __asm__ volatile (
  "mov $0,%esp\n"
  "retf"
  );
  return 0;
  }

  $ gcc tst.c
  $ ./a.out
  Killed

  
  "dmesg" shows the kernel has in fact triggered a "BUG: unable to handle
  kernel NULL pointer dereference...", but it has "recovered" by killing
  the faulting process (see attached screenshot).

  
  Using self-compiled qemu from git:
  commit 532cc6da74ec25b5ba6893b5757c977d54582949 (HEAD -> master, tag: 
v4.0.0-rc3, origin/master, origin/HEAD)
  Author: Peter Maydell 
  Date:   Wed Apr 10 15:38:59 2019 +0100

  Update version for v4.0.0-rc3 release
  
  Signed-off-by: Peter Maydell 

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1824344/+subscriptions

[Bug 1866892] Re: guest OS catches a page fault bug when running dotnet

[Robert Henry]

A simpler case seems to produce the same error.  See
https://bugs.launchpad.net/qemu/+bug/1824344

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1866892

Title:
  guest OS catches a page  fault bug when running dotnet

Status in QEMU:
  New

Bug description:
  The linux guest OS catches a page fault bug when running the dotnet
  application.

  host = metal = x86_64
  host OS = ubuntu 19.10
  qemu emulation, without KVM, with "tiny code generator" tcg; no plugins; 
built from head/master
  guest emulation = x86_64
  guest OS = ubuntu 19.10
  guest app = dotnet, running any program

  qemu sha=7bc4d1980f95387c4cc921d7a066217ff4e42b70 (head/master Mar 10,
  2020)

  qemu invocation is:

  qemu/build/x86_64-softmmu/qemu-system-x86_64 \
-m size=4096 \
-smp cpus=1 \
-machine type=pc-i440fx-5.0,accel=tcg \
-cpu Skylake-Server-v1 \
-nographic \
-bios OVMF-pure-efi.fd \
-drive if=none,id=hd0,file=ubuntu-19.10-server-cloudimg-amd64.img \
-device virtio-blk,drive=hd0 \
-drive if=none,id=cloud,file=linux_cloud_config.img \
-device virtio-blk,drive=cloud \
-netdev user,id=user0,hostfwd=tcp::2223-:22 \
-device virtio-net,netdev=user0

  
  Here's the guest kernel console output:

  
  [ 2834.005449] BUG: unable to handle page fault for address: 7fffc2c0
  [ 2834.009895] #PF: supervisor read access in user mode
  [ 2834.013872] #PF: error_code(0x0001) - permissions violation
  [ 2834.018025] IDT: 0xfe00 (limit=0xfff) GDT: 0xfe001000 
(limit=0x7f)
  [ 2834.022242] LDTR: NULL
  [ 2834.026306] TR: 0x40 -- base=0xfe003000 limit=0x206f
  [ 2834.030395] PGD 8000360d0067 P4D 8000360d0067 PUD 36105067 PMD 
36193067 PTE 800076d8e867
  [ 2834.038672] Oops: 0001 [#4] SMP PTI
  [ 2834.042707] CPU: 0 PID: 13537 Comm: dotnet Tainted: G  D   
5.3.0-29-generic #31-Ubuntu
  [ 2834.050591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
0.0.0 02/06/2015
  [ 2834.054785] RIP: 0033:0x147eaeda
  [ 2834.059017] Code: d0 00 00 00 4c 8b a7 d8 00 00 00 4c 8b af e0 00 00 00 4c 
8b b7 e8 00 00 00 4c 8b bf f0 00 00 00 48 8b bf b0 00 00 00 9d 74 02 <48> cf 48 
8d 64 24 30 5d c3 90 cc c3 66 90 55 4c 8b a7 d8 00 00 00
  [ 2834.072103] RSP: 002b:7fffc2c0 EFLAGS: 0202
  [ 2834.076507] RAX:  RBX: 1554b401af38 RCX: 
0001
  [ 2834.080832] RDX:  RSI:  RDI: 
7fffcfb0
  [ 2834.085010] RBP: 7fffd730 R08:  R09: 
7fffd1b0
  [ 2834.089184] R10: 15331dd5 R11: 153ad8d0 R12: 
0002
  [ 2834.093350] R13: 0001 R14: 0001 R15: 
1554b401d388
  [ 2834.097309] FS:  14fa5740 GS:  
  [ 2834.101131] Modules linked in: isofs nls_iso8859_1 dm_multipath 
scsi_dh_rdac scsi_dh_emc scsi_dh_alua ppdev input_leds serio_raw parport_pc 
parport sch_fq_codel ip_tables x_tables autofs4 btrfs zstd_compress raid10 
raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq 
libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul 
ghash_clmulni_intel aesni_intel aes_x86_64 crypto_simd cryptd glue_helper 
virtio_net psmouse net_failover failover virtio_blk floppy
  [ 2834.122539] CR2: 7fffc2c0
  [ 2834.126867] ---[ end trace dfae51f1d9432708 ]---
  [ 2834.131239] RIP: 0033:0x14d793262eda
  [ 2834.135715] Code: Bad RIP value.
  [ 2834.140243] RSP: 002b:7ffddb4e2980 EFLAGS: 0202
  [ 2834.144615] RAX:  RBX: 14d6f402acb8 RCX: 
0002
  [ 2834.148943] RDX: 01cd6950 RSI:  RDI: 
7ffddb4e3670
  [ 2834.153335] RBP: 7ffddb4e3df0 R08: 0001 R09: 
7ffddb4e3870
  [ 2834.157774] R10: 14d793da9dd5 R11: 14d793e258d0 R12: 
0002
  [ 2834.162132] R13: 0001 R14: 0001 R15: 
14d6f402d040
  [ 2834.166239] FS:  14fa5740() GS:97213ba0() 
knlGS:
  [ 2834.170529] CS:  0033 DS:  ES:  CR0: 80050033
  [ 2834.174751] CR2: 14d793262eb0 CR3: 3613 CR4: 
007406f0
  [ 2834.178892] PKRU: 5554

  I run the application from a shell with `ulimit -s unlimited`
  (unlimited stack to size).

  The application creates a number of threads, and those threads make a
  lot of calls to sigaltstack() and mprotect(); see the relevant source
  for dotnet here
  
https://github.com/dotnet/runtime/blob/15ec69e47b4dc56098e6058a11ccb6ae4d5d4fa1/src/coreclr/src/pal/src/thread/thread.cpp#L2467

  using strace -f on the app shows that no alt stacks come anywhere near
  the failing address; all alt stacks are in the heap, as expected.
  None of the mmap/mprotect/munmap syscalls were given arguments in the
  high memory 0x7fff and up.

  gdb (with default signal stop/print/pass 

Re: [PATCH V2] vhost: correctly turn on VIRTIO_F_IOMMU_PLATFORM

[Jason Wang]

On 2020/3/17 上午2:14, Peter Xu wrote:

On Mon, Mar 16, 2020 at 01:19:54PM -0400, Michael S. Tsirkin wrote:

On Fri, Mar 13, 2020 at 12:31:22PM -0400, Peter Xu wrote:

On Fri, Mar 13, 2020 at 11:29:59AM -0400, Michael S. Tsirkin wrote:

On Fri, Mar 13, 2020 at 01:44:46PM +0100, Halil Pasic wrote:

[..]

CCing Tom. @Tom does vhost-vsock work for you with SEV and current qemu?

Also, one can specify iommu_platform=on on a device that ain't a part of
a secure-capable VM, just for the fun of it. And that breaks
vhost-vsock. Or is setting iommu_platform=on only valid if
qemu-system-s390x is protected virtualization capable?

BTW, I don't have a strong opinion on the fixes tag. We currently do not
recommend setting iommu_platform, and thus I don't think we care too
much about past qemus having problems with it.

Regards,
Halil

Let's just say if we do have a Fixes: tag we want to set it correctly to
the commit that needs this fix.


I finally did some digging regarding the performance degradation. For
s390x the performance degradation on vhost-net was introduced by commit
076a93d797 ("exec: simplify address_space_get_iotlb_entry"). Before
IOMMUTLBEntry.addr_mask used to be based on plen, which in turn was
calculated as the rest of the memory regions size (from address), and
covered most of the guest address space. That is we didn't have a whole
lot of IOTLB API overhead.

With commit 076a93d797 I see IOMMUTLBEntry.addr_mask == 0xfff which comes
as ~TARGET_PAGE_MASK from flatview_do_translate(). To have things working
properly I applied 75e5b70e6, b021d1c044, and d542800d1e on the level of
076a93d797 and 076a93d797~1.

Peter, what's your take on this one?

Commit 076a93d797 was one of the patchset where we want to provide
sensible IOTLB entries and also that should start to work with huge
pages.

So the issue bundamentally is that it
never produces entries larger than page size.

Wasteful even just with huge pages, all the more
so which passthrough which could have giga-byte
entries.

Want to try fixing that?

Yes we can fix that, but I'm still not sure whether changing the
interface of address_space_get_iotlb_entry() to cover adhoc regions is
a good idea, because I think it's still a memory core API and imho it
would still be good to have IOTLBs returned to be what the hardware
will be using (always page aligned IOTLBs).  Also it would still be
not ideal because vhost backend will still need to send the MISSING
messages and block for each of the continuous guest memory ranges
registered, so there will still be misterious delay.  Not to say
logically all the caches can be invalidated too so in that sense I
think it's as hacky as the vhost speedup patch mentioned below..

Ideally I think vhost should be able to know when PT is enabled or
disabled for the device, so the vhost backend (kernel or userspace)
should be able to directly use GPA for DMA.  That might need some new
vhost interface.



Yes but I think we don't need another API since we can send GPA->HVA 
mapping via device IOTLB API when we find there's no DMA translation at 
all (either PT or no vIOMMU).


Vhost doesn't need to know whether an address is an IOVA (vIOMMU) , GPA 
(no vIOMMU), or even HVA (dpdk virtio-user).


Thanks




For the s390's specific issue, I would think Jason's patch an simple
and ideal solution already.

Thanks,

Re: [PULL 00/38] Linux user for 5.0 patches

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200316161550.336150-1-laur...@vivier.eu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PULL 00/38] Linux user for 5.0 patches
Message-id: 20200316161550.336150-1-laur...@vivier.eu
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 - [tag update]  patchew/20200316161550.336150-1-laur...@vivier.eu -> 
patchew/20200316161550.336150-1-laur...@vivier.eu
Switched to a new branch 'test'
1bc4578 linux-user, openrisc: sync syscall numbers with kernel v5.5
275bdae linux-user, nios2: sync syscall numbers with kernel v5.5
d7f7755 linux-user, aarch64: sync syscall numbers with kernel v5.5
d274711 scripts: add a script to generate syscall_nr.h
b3e9680 linux-user,mips: update syscall-args-o32.c.inc
e26a1be linux-user,mips: move content of mips_syscall_args
e1cac57 linux-user: update syscall.tbl from linux 0bf999f9c5e7
3a51017 linux-user, scripts: add a script to update syscall.tbl
2c2876d linux-user, mips64: add syscall table generation support
20353f9 linux-user, mips: add syscall table generation support
2760210 linux-user, x86_64: add syscall table generation support
c280817 linux-user, i386: add syscall table generation support
1458029 linux-user, x86_64, i386: cleanup TARGET_NR_arch_prctl
9478b8e linux-user, sparc, sparc64: add syscall table generation support
1553992 linux-user, s390x: add syscall table generation support
fbd36b7 linux-user, s390x: remove syscall definitions for !TARGET_S390X
3c686ee linux-user, ppc: add syscall table generation support
76525c6 linux-user, arm: add syscall table generation support
9402b9f linux-user, microblaze: add syscall table generation support
97fee9a linux-user, sh4: add syscall table generation support
ef7c323 linux-user, xtensa: add syscall table generation support
a1150d5 linux-user, m68k: add syscall table generation support
ceb7559 linux-user, hppa: add syscall table generation support
b7160c7 linux-user, alpha: add syscall table generation support
7900d95 linux-user: introduce parameters to generate syscall_nr.h
02ba121 linux-user/riscv: Update the syscall_nr's to the 5.5 kernel
19eb9e3 linux-user: Support futex_time64
b9b6629 linux-user/syscall: Add support for clock_gettime64/clock_settime64
4ebab6c linux-user: Protect more syscalls
baa0e71 linux-user: Update TASK_UNMAPPED_BASE for aarch64
4fcfda0 linux-user: fix socket() strace
13110bd linux-user: do prlimit selectively
a99c994 linux-user: Add AT_EXECFN auxval
b006c5c linux-user: Flush out implementation of gettimeofday
6bdd12d linux-user: Add x86_64 vsyscall page to /proc/self/maps
e65d100 linux-user/i386: Emulate x86_64 vsyscalls
e90a705 linux-user/i386: Split out gen_signal
8703c17 target/i386: Renumber EXCP_SYSCALL

=== OUTPUT BEGIN ===
1/38 Checking commit 8703c1770f3e (target/i386: Renumber EXCP_SYSCALL)
2/38 Checking commit e90a7057d9fa (linux-user/i386: Split out gen_signal)
3/38 Checking commit e65d100c17e5 (linux-user/i386: Emulate x86_64 vsyscalls)
4/38 Checking commit 6bdd12d66dcb (linux-user: Add x86_64 vsyscall page to 
/proc/self/maps)
5/38 Checking commit b006c5c97f9e (linux-user: Flush out implementation of 
gettimeofday)
6/38 Checking commit a99c994a9a7a (linux-user: Add AT_EXECFN auxval)
7/38 Checking commit 13110bd183ea (linux-user: do prlimit selectively)
8/38 Checking commit 4fcfda0cbd8a (linux-user: fix socket() strace)
9/38 Checking commit baa0e71093cc (linux-user: Update TASK_UNMAPPED_BASE for 
aarch64)
10/38 Checking commit 4ebab6c489e6 (linux-user: Protect more syscalls)
11/38 Checking commit b9b6629bd329 (linux-user/syscall: Add support for 
clock_gettime64/clock_settime64)
12/38 Checking commit 19eb9e3d100b (linux-user: Support futex_time64)
WARNING: architecture specific defines should be avoided
#26: FILE: linux-user/syscall.c:248:
+#if defined(__NR_futex)

WARNING: architecture specific defines should be avoided
#29: FILE: linux-user/syscall.c:251:
+#if defined(__NR_futex_time64)

WARNING: architecture specific defines should be avoided
#40: FILE: linux-user/syscall.c:303:
+#if (defined(TARGET_NR_futex) && defined(__NR_futex)) || \

WARNING: architecture specific defines should be avoided
#46: FILE: linux-user/syscall.c:309:
+#if (defined(TARGET_NR_futex_time64) && defined(__NR_futex_teim64))

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
  ^

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
   ^

ERROR: space required after that 

Re: [PULL 00/38] Linux user for 5.0 patches

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200316161550.336150-1-laur...@vivier.eu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PULL 00/38] Linux user for 5.0 patches
Message-id: 20200316161550.336150-1-laur...@vivier.eu
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
e0e5c4d41 linux-user, openrisc: sync syscall numbers with kernel v5.5
2910e84 linux-user, nios2: sync syscall numbers with kernel v5.5
8c86b7e linux-user, aarch64: sync syscall numbers with kernel v5.5
6e455d8 scripts: add a script to generate syscall_nr.h
0e2de33 linux-user,mips: update syscall-args-o32.c.inc
d4f3bcb linux-user,mips: move content of mips_syscall_args
480aff5 linux-user: update syscall.tbl from linux 0bf999f9c5e7
3fc8443 linux-user, scripts: add a script to update syscall.tbl
0948216 linux-user, mips64: add syscall table generation support
b9ae2f7 linux-user, mips: add syscall table generation support
a047c7e linux-user, x86_64: add syscall table generation support
9585b9f linux-user, i386: add syscall table generation support
95211fc linux-user, x86_64, i386: cleanup TARGET_NR_arch_prctl
f1b32e0 linux-user, sparc, sparc64: add syscall table generation support
54f036b linux-user, s390x: add syscall table generation support
6a847de linux-user, s390x: remove syscall definitions for !TARGET_S390X
9e0df32 linux-user, ppc: add syscall table generation support
ed29cb5 linux-user, arm: add syscall table generation support
50fd494 linux-user, microblaze: add syscall table generation support
bfe6334 linux-user, sh4: add syscall table generation support
976cf65 linux-user, xtensa: add syscall table generation support
e541b96 linux-user, m68k: add syscall table generation support
192f551 linux-user, hppa: add syscall table generation support
feeb587 linux-user, alpha: add syscall table generation support
9eab8db0 linux-user: introduce parameters to generate syscall_nr.h
c360ebe linux-user/riscv: Update the syscall_nr's to the 5.5 kernel
dd8dcb9 linux-user: Support futex_time64
b3a71ee linux-user/syscall: Add support for clock_gettime64/clock_settime64
e16637d linux-user: Protect more syscalls
8c0e24b linux-user: Update TASK_UNMAPPED_BASE for aarch64
8076da7 linux-user: fix socket() strace
a8ead8b linux-user: do prlimit selectively
53c5852 linux-user: Add AT_EXECFN auxval
8071d57 linux-user: Flush out implementation of gettimeofday
79ab97a linux-user: Add x86_64 vsyscall page to /proc/self/maps
1623ac6 linux-user/i386: Emulate x86_64 vsyscalls
0c9b392 linux-user/i386: Split out gen_signal
6b005bd target/i386: Renumber EXCP_SYSCALL

=== OUTPUT BEGIN ===
1/38 Checking commit 6b005bde41b2 (target/i386: Renumber EXCP_SYSCALL)
2/38 Checking commit 0c9b3925c43e (linux-user/i386: Split out gen_signal)
3/38 Checking commit 1623ac6f2365 (linux-user/i386: Emulate x86_64 vsyscalls)
4/38 Checking commit 79ab97a59627 (linux-user: Add x86_64 vsyscall page to 
/proc/self/maps)
5/38 Checking commit 8071d573d622 (linux-user: Flush out implementation of 
gettimeofday)
6/38 Checking commit 53c58520ac4a (linux-user: Add AT_EXECFN auxval)
7/38 Checking commit a8ead8b1c548 (linux-user: do prlimit selectively)
8/38 Checking commit 8076da785c55 (linux-user: fix socket() strace)
9/38 Checking commit 8c0e24b13310 (linux-user: Update TASK_UNMAPPED_BASE for 
aarch64)
10/38 Checking commit e16637d2e34d (linux-user: Protect more syscalls)
11/38 Checking commit b3a71ee542ba (linux-user/syscall: Add support for 
clock_gettime64/clock_settime64)
12/38 Checking commit dd8dcb9f6218 (linux-user: Support futex_time64)
WARNING: architecture specific defines should be avoided
#26: FILE: linux-user/syscall.c:248:
+#if defined(__NR_futex)

WARNING: architecture specific defines should be avoided
#29: FILE: linux-user/syscall.c:251:
+#if defined(__NR_futex_time64)

WARNING: architecture specific defines should be avoided
#40: FILE: linux-user/syscall.c:303:
+#if (defined(TARGET_NR_futex) && defined(__NR_futex)) || \

WARNING: architecture specific defines should be avoided
#46: FILE: linux-user/syscall.c:309:
+#if (defined(TARGET_NR_futex_time64) && defined(__NR_futex_teim64))

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
  ^

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
   ^

ERROR: space required after that ',' (ctx:OxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
 ^

ERROR: space 

Re: [PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

[David Gibson]

On Tue, Mar 17, 2020 at 10:33:06AM +1100, Alexey Kardashevskiy wrote:
> The following changes since commit 33dead675695e596b7f32c72e6f6a20390e86d8a:
> 
>   pseries: Update SLOF firmware image (2020-03-13 17:50:44 +1100)
> 
> are available in the Git repository at:
> 
>   g...@github.com:aik/qemu.git tags/qemu-slof-20200317
> 
> for you to fetch changes up to b7cf539920376542f03df8337602c3b8974bd1a1:
> 
>   pseries: Update SLOF firmware image (2020-03-17 10:27:34 +1100)
> 
> 
> Alexey Kardashevskiy (1):
>   pseries: Update SLOF firmware image
> 
>  pc-bios/README   |   2 +-
>  pc-bios/slof.bin | Bin 968848 -> 965008 bytes
>  roms/SLOF|   2 +-
>  3 files changed, 2 insertions(+), 2 deletions(-)
> 
> 
> *** Note: this is not for master, this is for pseries
> 
> The only change here is moving the decision about rtas-size
> to QEMU.

Merged to ppc-for-5.0, thanks.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PULL 00/38] Linux user for 5.0 patches

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200316161550.336150-1-laur...@vivier.eu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PULL 00/38] Linux user for 5.0 patches
Message-id: 20200316161550.336150-1-laur...@vivier.eu
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
10fafb1 linux-user, openrisc: sync syscall numbers with kernel v5.5
6782f6a linux-user, nios2: sync syscall numbers with kernel v5.5
9f6200d linux-user, aarch64: sync syscall numbers with kernel v5.5
45ee667 scripts: add a script to generate syscall_nr.h
1f2ea4d linux-user,mips: update syscall-args-o32.c.inc
d23d2a1 linux-user,mips: move content of mips_syscall_args
f41ff3c linux-user: update syscall.tbl from linux 0bf999f9c5e7
19a0e30 linux-user, scripts: add a script to update syscall.tbl
4eec500 linux-user, mips64: add syscall table generation support
aeec810 linux-user, mips: add syscall table generation support
9815b8d linux-user, x86_64: add syscall table generation support
2695951 linux-user, i386: add syscall table generation support
1459c30 linux-user, x86_64, i386: cleanup TARGET_NR_arch_prctl
4158bb5 linux-user, sparc, sparc64: add syscall table generation support
91ebd50 linux-user, s390x: add syscall table generation support
b456bac linux-user, s390x: remove syscall definitions for !TARGET_S390X
9a58453 linux-user, ppc: add syscall table generation support
01a0d3e linux-user, arm: add syscall table generation support
5c48386 linux-user, microblaze: add syscall table generation support
c908a6a linux-user, sh4: add syscall table generation support
4a37ce6 linux-user, xtensa: add syscall table generation support
e6f088c linux-user, m68k: add syscall table generation support
b3099a5 linux-user, hppa: add syscall table generation support
550b771 linux-user, alpha: add syscall table generation support
af30485 linux-user: introduce parameters to generate syscall_nr.h
136c2bf linux-user/riscv: Update the syscall_nr's to the 5.5 kernel
b2dec49 linux-user: Support futex_time64
44d988e linux-user/syscall: Add support for clock_gettime64/clock_settime64
96402ae linux-user: Protect more syscalls
8b3e85d linux-user: Update TASK_UNMAPPED_BASE for aarch64
0cbf17e linux-user: fix socket() strace
91bd410 linux-user: do prlimit selectively
403d5bc linux-user: Add AT_EXECFN auxval
06b7595 linux-user: Flush out implementation of gettimeofday
4050585 linux-user: Add x86_64 vsyscall page to /proc/self/maps
1db8bf7 linux-user/i386: Emulate x86_64 vsyscalls
f47d45b linux-user/i386: Split out gen_signal
34bb353 target/i386: Renumber EXCP_SYSCALL

=== OUTPUT BEGIN ===
1/38 Checking commit 34bb353a89ec (target/i386: Renumber EXCP_SYSCALL)
2/38 Checking commit f47d45b3bace (linux-user/i386: Split out gen_signal)
3/38 Checking commit 1db8bf765b39 (linux-user/i386: Emulate x86_64 vsyscalls)
4/38 Checking commit 405058564933 (linux-user: Add x86_64 vsyscall page to 
/proc/self/maps)
5/38 Checking commit 06b75956b14e (linux-user: Flush out implementation of 
gettimeofday)
6/38 Checking commit 403d5bca8b6d (linux-user: Add AT_EXECFN auxval)
7/38 Checking commit 91bd41044ad3 (linux-user: do prlimit selectively)
8/38 Checking commit 0cbf17e17283 (linux-user: fix socket() strace)
9/38 Checking commit 8b3e85d562b1 (linux-user: Update TASK_UNMAPPED_BASE for 
aarch64)
10/38 Checking commit 96402ae791e6 (linux-user: Protect more syscalls)
11/38 Checking commit 44d988e75f99 (linux-user/syscall: Add support for 
clock_gettime64/clock_settime64)
12/38 Checking commit b2dec497276d (linux-user: Support futex_time64)
WARNING: architecture specific defines should be avoided
#26: FILE: linux-user/syscall.c:248:
+#if defined(__NR_futex)

WARNING: architecture specific defines should be avoided
#29: FILE: linux-user/syscall.c:251:
+#if defined(__NR_futex_time64)

WARNING: architecture specific defines should be avoided
#40: FILE: linux-user/syscall.c:303:
+#if (defined(TARGET_NR_futex) && defined(__NR_futex)) || \

WARNING: architecture specific defines should be avoided
#46: FILE: linux-user/syscall.c:309:
+#if (defined(TARGET_NR_futex_time64) && defined(__NR_futex_teim64))

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
  ^

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
   ^

ERROR: space required after that ',' (ctx:OxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
 ^

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: 

Re: [PATCH v2 6/8] target/ppc: allow ppc_cpu_do_system_reset to take an alternate vector

[David Gibson]

On Tue, Mar 17, 2020 at 09:28:24AM +1000, Nicholas Piggin wrote:
> Cédric Le Goater's on March 17, 2020 4:15 am:
> > On 3/16/20 3:26 PM, Nicholas Piggin wrote:
> >> Provide for an alternate delivery location, -1 defaults to the
> >> architected address.
> > 
> > I don't know what is the best approach, to override the vector addr
> > computed by powerpc_excp() or use a machine class handler with 
> > cpu->vhyp.
> 
> Yeah it's getting a bit ad hoc and inconsistent with machine check
> etc, I just figured get something minimal in there now. The whole
> exception delivery needs a spring clean though.

Yeah, there's a huge amount of cruft in nearly all the softmmu code.
It's such a big task that I don't really have any plans to tackle it
specifically.  Instead I've been cleaning up little pieces as they
impinge on things I actually care about.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PATCH v8 07/11] iotests: limit line length to 79 chars

[John Snow]

79 is the PEP8 recommendation. This recommendation works well for
reading patch diffs in TUI email clients.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/iotests.py | 64 +++
 tests/qemu-iotests/pylintrc   |  6 +++-
 2 files changed, 47 insertions(+), 23 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 3d90fb157d..75fd697d77 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -77,9 +77,11 @@
 def qemu_img(*args):
 '''Run qemu-img and return the exit code'''
 devnull = open('/dev/null', 'r+')
-exitcode = subprocess.call(qemu_img_args + list(args), stdin=devnull, 
stdout=devnull)
+exitcode = subprocess.call(qemu_img_args + list(args),
+   stdin=devnull, stdout=devnull)
 if exitcode < 0:
-sys.stderr.write('qemu-img received signal %i: %s\n' % (-exitcode, ' 
'.join(qemu_img_args + list(args
+sys.stderr.write('qemu-img received signal %i: %s\n'
+ % (-exitcode, ' '.join(qemu_img_args + list(args
 return exitcode
 
 def ordered_qmp(qmsg, conv_keys=True):
@@ -118,7 +120,8 @@ def qemu_img_verbose(*args):
 '''Run qemu-img without suppressing its output and return the exit code'''
 exitcode = subprocess.call(qemu_img_args + list(args))
 if exitcode < 0:
-sys.stderr.write('qemu-img received signal %i: %s\n' % (-exitcode, ' 
'.join(qemu_img_args + list(args
+sys.stderr.write('qemu-img received signal %i: %s\n'
+ % (-exitcode, ' '.join(qemu_img_args + list(args
 return exitcode
 
 def qemu_img_pipe(*args):
@@ -129,7 +132,8 @@ def qemu_img_pipe(*args):
 universal_newlines=True)
 exitcode = subp.wait()
 if exitcode < 0:
-sys.stderr.write('qemu-img received signal %i: %s\n' % (-exitcode, ' 
'.join(qemu_img_args + list(args
+sys.stderr.write('qemu-img received signal %i: %s\n'
+ % (-exitcode, ' '.join(qemu_img_args + list(args
 return subp.communicate()[0]
 
 def qemu_img_log(*args):
@@ -159,7 +163,8 @@ def qemu_io(*args):
 universal_newlines=True)
 exitcode = subp.wait()
 if exitcode < 0:
-sys.stderr.write('qemu-io received signal %i: %s\n' % (-exitcode, ' 
'.join(args)))
+sys.stderr.write('qemu-io received signal %i: %s\n'
+ % (-exitcode, ' '.join(args)))
 return subp.communicate()[0]
 
 def qemu_io_log(*args):
@@ -281,10 +286,13 @@ def filter_test_dir(msg):
 def filter_win32(msg):
 return win32_re.sub("", msg)
 
-qemu_io_re = re.compile(r"[0-9]* ops; [0-9\/:. sec]* \([0-9\/.inf]* 
[EPTGMKiBbytes]*\/sec and [0-9\/.inf]* ops\/sec\)")
+qemu_io_re = re.compile(r"[0-9]* ops; [0-9\/:. sec]* "
+r"\([0-9\/.inf]* [EPTGMKiBbytes]*\/sec "
+r"and [0-9\/.inf]* ops\/sec\)")
 def filter_qemu_io(msg):
 msg = filter_win32(msg)
-return qemu_io_re.sub("X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)", 
msg)
+return qemu_io_re.sub("X ops; XX:XX:XX.X "
+  "(XXX YYY/sec and XXX ops/sec)", msg)
 
 chown_re = re.compile(r"chown [0-9]+:[0-9]+")
 def filter_chown(msg):
@@ -336,7 +344,9 @@ def filter_img_info(output, filename):
 line = line.replace(filename, 'TEST_IMG') \
.replace(imgfmt, 'IMGFMT')
 line = re.sub('iters: [0-9]+', 'iters: XXX', line)
-line = re.sub('uuid: [-a-f0-9]+', 'uuid: 
----', line)
+line = re.sub('uuid: [-a-f0-9]+',
+  'uuid: ----',
+  line)
 line = re.sub('cid: [0-9]+', 'cid: XX', line)
 lines.append(line)
 return '\n'.join(lines)
@@ -529,11 +539,13 @@ def pause_drive(self, drive, event=None):
 self.pause_drive(drive, "write_aio")
 return
 self.qmp('human-monitor-command',
- command_line='qemu-io %s "break %s bp_%s"' % (drive, event, 
drive))
+ command_line='qemu-io %s "break %s bp_%s"'
+ % (drive, event, drive))
 
 def resume_drive(self, drive):
 self.qmp('human-monitor-command',
- command_line='qemu-io %s "remove_break bp_%s"' % (drive, 
drive))
+ command_line='qemu-io %s "remove_break bp_%s"'
+ % (drive, drive))
 
 def hmp_qemu_io(self, drive, cmd):
 '''Write to a given drive using an HMP command'''
@@ -793,16 +805,18 @@ def dictpath(self, d, path):
 idx = int(idx)
 
 if not isinstance(d, dict) or component not in d:
-self.fail('failed path traversal for "%s" in "%s"' % (path, 
str(d)))
+self.fail(f'failed path traversal for "{path}" in "{d}"')
 d = d[component]
 
 if m:

[PATCH v8 06/11] iotests: drop Python 3.4 compatibility code

[John Snow]

We no longer need to accommodate 3.4, drop this code.
(Also, the line is over 79 characters, so drop it.)

Touch up the docstring a little bit while we're here.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/iotests.py | 14 +++---
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 7cd74e7cb1..3d90fb157d 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -22,6 +22,7 @@
 import unittest
 import sys
 import struct
+from typing import Optional
 import json
 import signal
 import logging
@@ -350,18 +351,17 @@ def _filter(_key, value):
 return value
 return filter_qmp(qmsg, _filter)
 
-def log(msg, filters=(), indent=None):
-'''Logs either a string message or a JSON serializable message (like QMP).
-If indent is provided, JSON serializable messages are pretty-printed.'''
+def log(msg, filters=(), indent: Optional[int] = None) -> None:
+"""
+Logs either a string message or a JSON serializable message (like QMP).
+If indent is provided, JSON serializable messages are pretty-printed.
+"""
 for flt in filters:
 msg = flt(msg)
 if isinstance(msg, (dict, list)):
-# Python < 3.4 needs to know not to add whitespace when 
pretty-printing:
-separators = (', ', ': ') if indent is None else (',', ': ')
 # Don't sort if it's already sorted
 do_sort = not isinstance(msg, OrderedDict)
-print(json.dumps(msg, sort_keys=do_sort,
- indent=indent, separators=separators))
+print(json.dumps(msg, sort_keys=do_sort, indent=indent))
 else:
 print(msg)
 
-- 
2.21.1

[PATCH v8 08/11] iotests: add script_initialize

[John Snow]

Like script_main, but doesn't require a single point of entry.
Replace all existing initialization sections with this drop-in replacement.

This brings debug support to all existing script-style iotests.

Signed-off-by: John Snow 
Reviewed-by: Max Reitz 
---
 tests/qemu-iotests/149|  3 +-
 tests/qemu-iotests/194|  4 +-
 tests/qemu-iotests/202|  4 +-
 tests/qemu-iotests/203|  4 +-
 tests/qemu-iotests/206|  2 +-
 tests/qemu-iotests/207|  6 ++-
 tests/qemu-iotests/208|  2 +-
 tests/qemu-iotests/209|  2 +-
 tests/qemu-iotests/210|  6 ++-
 tests/qemu-iotests/211|  6 ++-
 tests/qemu-iotests/212|  6 ++-
 tests/qemu-iotests/213|  6 ++-
 tests/qemu-iotests/216|  4 +-
 tests/qemu-iotests/218|  2 +-
 tests/qemu-iotests/219|  2 +-
 tests/qemu-iotests/222|  7 ++--
 tests/qemu-iotests/224|  4 +-
 tests/qemu-iotests/228|  6 ++-
 tests/qemu-iotests/234|  4 +-
 tests/qemu-iotests/235|  4 +-
 tests/qemu-iotests/236|  2 +-
 tests/qemu-iotests/237|  2 +-
 tests/qemu-iotests/238|  2 +
 tests/qemu-iotests/242|  2 +-
 tests/qemu-iotests/246|  2 +-
 tests/qemu-iotests/248|  2 +-
 tests/qemu-iotests/254|  2 +-
 tests/qemu-iotests/255|  2 +-
 tests/qemu-iotests/256|  2 +-
 tests/qemu-iotests/258|  7 ++--
 tests/qemu-iotests/260|  4 +-
 tests/qemu-iotests/262|  4 +-
 tests/qemu-iotests/264|  4 +-
 tests/qemu-iotests/277|  2 +
 tests/qemu-iotests/280|  8 ++--
 tests/qemu-iotests/283|  4 +-
 tests/qemu-iotests/iotests.py | 73 +++
 37 files changed, 128 insertions(+), 80 deletions(-)

diff --git a/tests/qemu-iotests/149 b/tests/qemu-iotests/149
index b4a21bf7b7..852768f80a 100755
--- a/tests/qemu-iotests/149
+++ b/tests/qemu-iotests/149
@@ -382,8 +382,7 @@ def test_once(config, qemu_img=False):
 
 
 # Obviously we only work with the luks image format
-iotests.verify_image_format(supported_fmts=['luks'])
-iotests.verify_platform()
+iotests.script_initialize(supported_fmts=['luks'])
 
 # We need sudo in order to run cryptsetup to create
 # dm-crypt devices. This is safe to use on any
diff --git a/tests/qemu-iotests/194 b/tests/qemu-iotests/194
index 9dc1bd3510..8b1f720af4 100755
--- a/tests/qemu-iotests/194
+++ b/tests/qemu-iotests/194
@@ -21,8 +21,8 @@
 
 import iotests
 
-iotests.verify_image_format(supported_fmts=['qcow2', 'qed', 'raw'])
-iotests.verify_platform(['linux'])
+iotests.script_initialize(supported_fmts=['qcow2', 'qed', 'raw'],
+  supported_platforms=['linux'])
 
 with iotests.FilePath('source.img') as source_img_path, \
  iotests.FilePath('dest.img') as dest_img_path, \
diff --git a/tests/qemu-iotests/202 b/tests/qemu-iotests/202
index 920a8683ef..e3900a44d1 100755
--- a/tests/qemu-iotests/202
+++ b/tests/qemu-iotests/202
@@ -24,8 +24,8 @@
 
 import iotests
 
-iotests.verify_image_format(supported_fmts=['qcow2'])
-iotests.verify_platform(['linux'])
+iotests.script_initialize(supported_fmts=['qcow2'],
+  supported_platforms=['linux'])
 
 with iotests.FilePath('disk0.img') as disk0_img_path, \
  iotests.FilePath('disk1.img') as disk1_img_path, \
diff --git a/tests/qemu-iotests/203 b/tests/qemu-iotests/203
index 49eff5d405..4b4bd3307d 100755
--- a/tests/qemu-iotests/203
+++ b/tests/qemu-iotests/203
@@ -24,8 +24,8 @@
 
 import iotests
 
-iotests.verify_image_format(supported_fmts=['qcow2'])
-iotests.verify_platform(['linux'])
+iotests.script_initialize(supported_fmts=['qcow2'],
+  supported_platforms=['linux'])
 
 with iotests.FilePath('disk0.img') as disk0_img_path, \
  iotests.FilePath('disk1.img') as disk1_img_path, \
diff --git a/tests/qemu-iotests/206 b/tests/qemu-iotests/206
index e2b50ae24d..f42432a838 100755
--- a/tests/qemu-iotests/206
+++ b/tests/qemu-iotests/206
@@ -23,7 +23,7 @@
 import iotests
 from iotests import imgfmt
 
-iotests.verify_image_format(supported_fmts=['qcow2'])
+iotests.script_initialize(supported_fmts=['qcow2'])
 
 with iotests.FilePath('t.qcow2') as disk_path, \
  iotests.FilePath('t.qcow2.base') as backing_path, \
diff --git a/tests/qemu-iotests/207 b/tests/qemu-iotests/207
index 3d9c1208ca..a6621410da 100755
--- a/tests/qemu-iotests/207
+++ b/tests/qemu-iotests/207
@@ -24,8 +24,10 @@ import iotests
 import subprocess
 import re
 
-iotests.verify_image_format(supported_fmts=['raw'])
-iotests.verify_protocol(supported=['ssh'])
+iotests.script_initialize(
+supported_fmts=['raw'],
+supported_protocols=['ssh'],
+)
 
 def filter_hash(qmsg):
 def _filter(key, value):
diff --git a/tests/qemu-iotests/208 b/tests/qemu-iotests/208
index 1c3fc8c7fd..6cb642f821 100755
--- a/tests/qemu-iotests/208
+++ b/tests/qemu-iotests/208
@@ -22,7 +22,7 @@
 
 import iotests
 

[PATCH v8 10/11] iotests: Mark verify functions as private

[John Snow]

Mark the verify functions as "private" with a leading underscore, to
discourage their use.

(Also, make pending patches not yet using the new entry points fail in a
very obvious way.)

Signed-off-by: John Snow 
Reviewed-by: Max Reitz 
---
 tests/qemu-iotests/iotests.py | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index ec7aa42a70..7d6cc430a4 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -988,7 +988,7 @@ def case_notrun(reason):
 open('%s/%s.casenotrun' % (output_dir, seq), 'a').write(
 '[case not run] ' + reason + '\n')
 
-def verify_image_format(supported_fmts=(), unsupported_fmts=()):
+def _verify_image_format(supported_fmts=(), unsupported_fmts=()):
 assert not (supported_fmts and unsupported_fmts)
 
 if 'generic' in supported_fmts and \
@@ -1002,7 +1002,7 @@ def verify_image_format(supported_fmts=(), 
unsupported_fmts=()):
 if not_sup or (imgfmt in unsupported_fmts):
 notrun('not suitable for this image format: %s' % imgfmt)
 
-def verify_protocol(supported=(), unsupported=()):
+def _verify_protocol(supported=(), unsupported=()):
 assert not (supported and unsupported)
 
 if 'generic' in supported:
@@ -1012,7 +1012,7 @@ def verify_protocol(supported=(), unsupported=()):
 if not_sup or (imgproto in unsupported):
 notrun('not suitable for this protocol: %s' % imgproto)
 
-def verify_platform(supported=(), unsupported=()):
+def _verify_platform(supported=(), unsupported=()):
 if any((sys.platform.startswith(x) for x in unsupported)):
 notrun('not suitable for this OS: %s' % sys.platform)
 
@@ -1020,11 +1020,11 @@ def verify_platform(supported=(), unsupported=()):
 if not any((sys.platform.startswith(x) for x in supported)):
 notrun('not suitable for this OS: %s' % sys.platform)
 
-def verify_cache_mode(supported_cache_modes=()):
+def _verify_cache_mode(supported_cache_modes=()):
 if supported_cache_modes and (cachemode not in supported_cache_modes):
 notrun('not suitable for this cache mode: %s' % cachemode)
 
-def verify_aio_mode(supported_aio_modes=()):
+def _verify_aio_mode(supported_aio_modes=()):
 if supported_aio_modes and (aiomode not in supported_aio_modes):
 notrun('not suitable for this aio mode: %s' % aiomode)
 
@@ -1151,11 +1151,11 @@ def execute_setup_common(supported_fmts: 
Collection[str] = (),
 sys.stderr.write('Please run this test via the "check" script\n')
 sys.exit(os.EX_USAGE)
 
-verify_image_format(supported_fmts, unsupported_fmts)
-verify_protocol(supported_protocols, unsupported_protocols)
-verify_platform(supported=supported_platforms)
-verify_cache_mode(supported_cache_modes)
-verify_aio_mode(supported_aio_modes)
+_verify_image_format(supported_fmts, unsupported_fmts)
+_verify_protocol(supported_protocols, unsupported_protocols)
+_verify_platform(supported=supported_platforms)
+_verify_cache_mode(supported_cache_modes)
+_verify_aio_mode(supported_aio_modes)
 
 debug = '-d' in sys.argv
 if debug:
-- 
2.21.1

[PATCH v8 05/11] iotests: add pylintrc file

[John Snow]

This allows others to get repeatable results with pylint. If you run
`pylint iotests.py`, you should see a 100% pass.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/pylintrc | 22 ++
 1 file changed, 22 insertions(+)
 create mode 100644 tests/qemu-iotests/pylintrc

diff --git a/tests/qemu-iotests/pylintrc b/tests/qemu-iotests/pylintrc
new file mode 100644
index 00..8720b6a0de
--- /dev/null
+++ b/tests/qemu-iotests/pylintrc
@@ -0,0 +1,22 @@
+[MESSAGES CONTROL]
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once). You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use "--disable=all --enable=classes
+# --disable=W".
+disable=invalid-name,
+no-else-return,
+too-many-lines,
+too-few-public-methods,
+too-many-arguments,
+too-many-locals,
+too-many-branches,
+too-many-public-methods,
+# These are temporary, and should be removed:
+missing-docstring,
+line-too-long,
-- 
2.21.1

[PATCH v8 11/11] iotests: use python logging for iotests.log()

[John Snow]

We can turn logging on/off globally instead of per-function.

Remove use_log from run_job, and use python logging to turn on
diffable output when we run through a script entry point.

iotest 245 changes output order due to buffering reasons.


An extended note on python logging:

A NullHandler is added to `qemu.iotests` to stop output from being
generated if this code is used as a library without configuring logging.
A NullHandler is only needed at the root, so a duplicate handler is not
needed for `qemu.iotests.diff_io`.

When logging is not configured, messages at the 'WARNING' levels or
above are printed with default settings. The NullHandler stops this from
occurring, which is considered good hygiene for code used as a library.

See https://docs.python.org/3/howto/logging.html#library-config

When logging is actually enabled (always at the behest of an explicit
call by a client script), a root logger is implicitly created at the
root, which allows messages to propagate upwards and be handled/emitted
from the root logger with default settings.

When we want iotest logging, we attach a handler to the
qemu.iotests.diff_io logger and disable propagation to avoid possible
double-printing.

For more information on python logging infrastructure, I highly
recommend downloading the pip package `logging_tree`, which provides
convenient visualizations of the hierarchical logging configuration
under different circumstances.

See https://pypi.org/project/logging_tree/ for more information.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/030|  4 +--
 tests/qemu-iotests/155|  2 +-
 tests/qemu-iotests/245|  1 +
 tests/qemu-iotests/245.out| 24 
 tests/qemu-iotests/iotests.py | 53 ---
 5 files changed, 46 insertions(+), 38 deletions(-)

diff --git a/tests/qemu-iotests/030 b/tests/qemu-iotests/030
index aa911d266a..104e3cee1b 100755
--- a/tests/qemu-iotests/030
+++ b/tests/qemu-iotests/030
@@ -411,8 +411,8 @@ class TestParallelOps(iotests.QMPTestCase):
 result = self.vm.qmp('block-job-set-speed', device='drive0', speed=0)
 self.assert_qmp(result, 'return', {})
 
-self.vm.run_job(job='drive0', auto_dismiss=True, use_log=False)
-self.vm.run_job(job='node4', auto_dismiss=True, use_log=False)
+self.vm.run_job(job='drive0', auto_dismiss=True)
+self.vm.run_job(job='node4', auto_dismiss=True)
 self.assert_no_active_block_jobs()
 
 # Test a block-stream and a block-commit job in parallel
diff --git a/tests/qemu-iotests/155 b/tests/qemu-iotests/155
index 571bce9de4..cb371d4649 100755
--- a/tests/qemu-iotests/155
+++ b/tests/qemu-iotests/155
@@ -188,7 +188,7 @@ class MirrorBaseClass(BaseClass):
 
 self.assert_qmp(result, 'return', {})
 
-self.vm.run_job('mirror-job', use_log=False, auto_finalize=False,
+self.vm.run_job('mirror-job', auto_finalize=False,
 pre_finalize=self.openBacking, auto_dismiss=True)
 
 def testFull(self):
diff --git a/tests/qemu-iotests/245 b/tests/qemu-iotests/245
index 1001275a44..4f5f0bb901 100755
--- a/tests/qemu-iotests/245
+++ b/tests/qemu-iotests/245
@@ -1027,5 +1027,6 @@ class TestBlockdevReopen(iotests.QMPTestCase):
 self.run_test_iothreads(None, 'iothread0')
 
 if __name__ == '__main__':
+iotests.activate_logging()
 iotests.main(supported_fmts=["qcow2"],
  supported_protocols=["file"])
diff --git a/tests/qemu-iotests/245.out b/tests/qemu-iotests/245.out
index 682b93394d..4b33dcaf5c 100644
--- a/tests/qemu-iotests/245.out
+++ b/tests/qemu-iotests/245.out
@@ -1,17 +1,17 @@
+{"execute": "job-finalize", "arguments": {"id": "commit0"}}
+{"return": {}}
+{"data": {"id": "commit0", "type": "commit"}, "event": "BLOCK_JOB_PENDING", 
"timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
+{"data": {"device": "commit0", "len": 3145728, "offset": 3145728, "speed": 0, 
"type": "commit"}, "event": "BLOCK_JOB_COMPLETED", "timestamp": 
{"microseconds": "USECS", "seconds": "SECS"}}
+{"execute": "job-finalize", "arguments": {"id": "stream0"}}
+{"return": {}}
+{"data": {"id": "stream0", "type": "stream"}, "event": "BLOCK_JOB_PENDING", 
"timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
+{"data": {"device": "stream0", "len": 3145728, "offset": 3145728, "speed": 0, 
"type": "stream"}, "event": "BLOCK_JOB_COMPLETED", "timestamp": 
{"microseconds": "USECS", "seconds": "SECS"}}
+{"execute": "job-finalize", "arguments": {"id": "stream0"}}
+{"return": {}}
+{"data": {"id": "stream0", "type": "stream"}, "event": "BLOCK_JOB_PENDING", 
"timestamp": {"microseconds": "USECS", "seconds": "SECS"}}
+{"data": {"device": "stream0", "len": 3145728, "offset": 3145728, "speed": 0, 
"type": "stream"}, "event": "BLOCK_JOB_COMPLETED", "timestamp": 
{"microseconds": "USECS", "seconds": "SECS"}}
 .
 --
 Ran 21 tests
 
 OK

[PATCH v8 04/11] iotests: replace mutable list default args

[John Snow]

It's bad hygiene: if we modify this list, it will be modified across all
invocations.

(Remaining bad usages are fixed in a subsequent patch which changes the
function signature anyway.)

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tests/qemu-iotests/iotests.py | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index cb9c2cd05d..7cd74e7cb1 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -136,7 +136,7 @@ def qemu_img_log(*args):
 log(result, filters=[filter_testfiles])
 return result
 
-def img_info_log(filename, filter_path=None, imgopts=False, extra_args=[]):
+def img_info_log(filename, filter_path=None, imgopts=False, extra_args=()):
 args = ['info']
 if imgopts:
 args.append('--image-opts')
@@ -350,7 +350,7 @@ def _filter(_key, value):
 return value
 return filter_qmp(qmsg, _filter)
 
-def log(msg, filters=[], indent=None):
+def log(msg, filters=(), indent=None):
 '''Logs either a string message or a JSON serializable message (like QMP).
 If indent is provided, JSON serializable messages are pretty-printed.'''
 for flt in filters:
@@ -566,7 +566,7 @@ def get_qmp_events_filtered(self, wait=60.0):
 result.append(filter_qmp_event(ev))
 return result
 
-def qmp_log(self, cmd, filters=[], indent=None, **kwargs):
+def qmp_log(self, cmd, filters=(), indent=None, **kwargs):
 full_cmd = OrderedDict((
 ("execute", cmd),
 ("arguments", ordered_qmp(kwargs))
@@ -970,7 +970,7 @@ def case_notrun(reason):
 open('%s/%s.casenotrun' % (output_dir, seq), 'a').write(
 '[case not run] ' + reason + '\n')
 
-def verify_image_format(supported_fmts=[], unsupported_fmts=[]):
+def verify_image_format(supported_fmts=(), unsupported_fmts=()):
 assert not (supported_fmts and unsupported_fmts)
 
 if 'generic' in supported_fmts and \
@@ -984,7 +984,7 @@ def verify_image_format(supported_fmts=[], 
unsupported_fmts=[]):
 if not_sup or (imgfmt in unsupported_fmts):
 notrun('not suitable for this image format: %s' % imgfmt)
 
-def verify_protocol(supported=[], unsupported=[]):
+def verify_protocol(supported=(), unsupported=()):
 assert not (supported and unsupported)
 
 if 'generic' in supported:
@@ -1003,11 +1003,11 @@ def verify_platform(supported=None, unsupported=None):
 if not any((sys.platform.startswith(x) for x in supported)):
 notrun('not suitable for this OS: %s' % sys.platform)
 
-def verify_cache_mode(supported_cache_modes=[]):
+def verify_cache_mode(supported_cache_modes=()):
 if supported_cache_modes and (cachemode not in supported_cache_modes):
 notrun('not suitable for this cache mode: %s' % cachemode)
 
-def verify_aio_mode(supported_aio_modes=[]):
+def verify_aio_mode(supported_aio_modes=()):
 if supported_aio_modes and (aiomode not in supported_aio_modes):
 notrun('not suitable for this aio mode: %s' % aiomode)
 
@@ -1047,7 +1047,7 @@ def supported_formats(read_only=False):
 
 return supported_formats.formats[read_only]
 
-def skip_if_unsupported(required_formats=[], read_only=False):
+def skip_if_unsupported(required_formats=(), read_only=False):
 '''Skip Test Decorator
Runs the test if all the required formats are whitelisted'''
 def skip_test_decorator(func):
@@ -1098,11 +1098,11 @@ def execute_unittest(output, verbosity, debug):
 sys.stderr.write(out)
 
 def execute_test(test_function=None,
- supported_fmts=[],
+ supported_fmts=(),
  supported_platforms=None,
- supported_cache_modes=[], supported_aio_modes={},
- unsupported_fmts=[], supported_protocols=[],
- unsupported_protocols=[]):
+ supported_cache_modes=(), supported_aio_modes=(),
+ unsupported_fmts=(), supported_protocols=(),
+ unsupported_protocols=()):
 """Run either unittest or script-style tests."""
 
 # We are using TEST_DIR and QEMU_DEFAULT_MACHINE as proxies to
-- 
2.21.1

[PATCH v8 03/11] iotests: ignore import warnings from pylint

[John Snow]

The right way to solve this is to come up with a virtual environment
infrastructure that sets all the paths correctly, and/or to create
installable python modules that can be imported normally.

That's hard, so just silence this error for now.

Signed-off-by: John Snow 
---
 tests/qemu-iotests/iotests.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index a6b2889932..cb9c2cd05d 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -29,6 +29,7 @@
 import io
 from collections import OrderedDict
 
+# pylint: disable=import-error, wrong-import-position
 sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'python'))
 from qemu import qtest
 
-- 
2.21.1

[PATCH v8 00/11] iotests: use python logging

[John Snow]

This series uses python logging to enable output conditionally on
iotests.log(). We unify an initialization call (which also enables
debugging output for those tests with -d) and then make the switch
inside of iotests.

It will help alleviate the need to create logged/unlogged versions
of all the various helpers we have made.

Also, I got lost and accidentally delinted iotests while I was here.
Sorry about that.

V8:

Key:
[] : patches are identical
[] : number of functional differences between upstream/downstream patch
[down] : patch is downstream-only
The flags [FC] indicate (F)unctional and (C)ontextual differences, respectively

001/11:[] [--] 'iotests: do a light delinting'
002/11:[] [--] 'iotests: don't use 'format' for drive_add'
003/11:[] [--] 'iotests: ignore import warnings from pylint'
004/11:[] [--] 'iotests: replace mutable list default args'
005/11:[] [--] 'iotests: add pylintrc file'
006/11:[down] 'iotests: drop Python 3.4 compatibility code'
007/11:[0033] [FC] 'iotests: limit line length to 79 chars'
008/11:[] [--] 'iotests: add script_initialize'
009/11:[] [--] 'iotest 258: use script_main'
010/11:[] [--] 'iotests: Mark verify functions as private'
011/11:[0007] [FC] 'iotests: use python logging for iotests.log()'

6: Split out the little drop of Python 3.4 code. (Phil)
7: Change line continuation styles (QEMU Memorial Choir)
11: Rebase changes; remove use_log from more places, adjust test output.

V7:

- All delinting patches are now entirely front-loaded.
- Redid delinting to avoid "correcting" no-else-return statements.
- Moved more mutable list corrections into patch 4, to make it standalone.
- Moved pylintrc up to patch 5. Disabled no-else-return.
- Added patch 6 to require line length checks.
  (Some python 3.4 compatibility code is removed as a consequence.)
- Patch 7 changes slightly as a result of patch 4 changes.
- Added some logging explainer into patch 10.
  (Patch changes slightly because of patch 6.)

V6:
 - It's been so long since V5, let's just look at it anew.
 - Dropped patch 1, rebased, added more delinting.
 - I'm not touching the supported_platforms thing.
   Not interested in rehashing that debate.

V5:
 - Rebased again
 - Allow Python tests to run on any platform

V4:
 - Rebased on top of kwolf/block at the behest of mreitz

V3:
 - Rebased for 4.1+; now based on main branch.

V2:
 - Added all of the other python tests I missed to use script_initialize
 - Refactored the common setup as per Ehabkost's suggestion
 - Added protocol arguments to common initialization,
   but this isn't strictly required.

John Snow (11):
  iotests: do a light delinting
  iotests: don't use 'format' for drive_add
  iotests: ignore import warnings from pylint
  iotests: replace mutable list default args
  iotests: add pylintrc file
  iotests: drop Python 3.4 compatibility code
  iotests: limit line length to 79 chars
  iotests: add script_initialize
  iotest 258: use script_main
  iotests: Mark verify functions as private
  iotests: use python logging for iotests.log()

 tests/qemu-iotests/030|   4 +-
 tests/qemu-iotests/055|   3 +-
 tests/qemu-iotests/149|   3 +-
 tests/qemu-iotests/155|   2 +-
 tests/qemu-iotests/194|   4 +-
 tests/qemu-iotests/202|   4 +-
 tests/qemu-iotests/203|   4 +-
 tests/qemu-iotests/206|   2 +-
 tests/qemu-iotests/207|   6 +-
 tests/qemu-iotests/208|   2 +-
 tests/qemu-iotests/209|   2 +-
 tests/qemu-iotests/210|   6 +-
 tests/qemu-iotests/211|   6 +-
 tests/qemu-iotests/212|   6 +-
 tests/qemu-iotests/213|   6 +-
 tests/qemu-iotests/216|   4 +-
 tests/qemu-iotests/218|   2 +-
 tests/qemu-iotests/219|   2 +-
 tests/qemu-iotests/222|   7 +-
 tests/qemu-iotests/224|   4 +-
 tests/qemu-iotests/228|   6 +-
 tests/qemu-iotests/234|   4 +-
 tests/qemu-iotests/235|   4 +-
 tests/qemu-iotests/236|   2 +-
 tests/qemu-iotests/237|   2 +-
 tests/qemu-iotests/238|   2 +
 tests/qemu-iotests/242|   2 +-
 tests/qemu-iotests/245|   1 +
 tests/qemu-iotests/245.out|  24 +--
 tests/qemu-iotests/246|   2 +-
 tests/qemu-iotests/248|   2 +-
 tests/qemu-iotests/254|   2 +-
 tests/qemu-iotests/255|   2 +-
 tests/qemu-iotests/256|   2 +-
 tests/qemu-iotests/258|  10 +-
 tests/qemu-iotests/260|   4 +-
 tests/qemu-iotests/262|   4 +-
 tests/qemu-iotests/264|   4 +-
 tests/qemu-iotests/277|   2 +
 tests/qemu-iotests/280|   8 +-
 tests/qemu-iotests/283|   4 +-
 tests/qemu-iotests/iotests.py | 312 --
 tests/qemu-iotests/pylintrc   |  26 +++
 43 files changed, 307 insertions(+), 203 deletions(-)
 create mode 100644 tests/qemu-iotests/pylintrc

-- 
2.21.1

[PATCH v8 02/11] iotests: don't use 'format' for drive_add

[John Snow]

It shadows (with a different type) the built-in format.
Use something else.

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Max Reitz 
---
 tests/qemu-iotests/055| 3 ++-
 tests/qemu-iotests/iotests.py | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/tests/qemu-iotests/055 b/tests/qemu-iotests/055
index 82b9f5f47d..4175fff5e4 100755
--- a/tests/qemu-iotests/055
+++ b/tests/qemu-iotests/055
@@ -469,7 +469,8 @@ class TestDriveCompression(iotests.QMPTestCase):
 qemu_img('create', '-f', fmt, blockdev_target_img,
  str(TestDriveCompression.image_len), *args)
 if attach_target:
-self.vm.add_drive(blockdev_target_img, format=fmt, 
interface="none")
+self.vm.add_drive(blockdev_target_img,
+  img_format=fmt, interface="none")
 
 self.vm.launch()
 
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index c6d9ae130d..a6b2889932 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -482,21 +482,21 @@ def add_drive_raw(self, opts):
 self._args.append(opts)
 return self
 
-def add_drive(self, path, opts='', interface='virtio', format=imgfmt):
+def add_drive(self, path, opts='', interface='virtio', img_format=imgfmt):
 '''Add a virtio-blk drive to the VM'''
 options = ['if=%s' % interface,
'id=drive%d' % self._num_drives]
 
 if path is not None:
 options.append('file=%s' % path)
-options.append('format=%s' % format)
+options.append('format=%s' % img_format)
 options.append('cache=%s' % cachemode)
 options.append('aio=%s' % aiomode)
 
 if opts:
 options.append(opts)
 
-if format == 'luks' and 'key-secret' not in opts:
+if img_format == 'luks' and 'key-secret' not in opts:
 # default luks support
 if luks_default_secret_object not in self._args:
 self.add_object(luks_default_secret_object)
-- 
2.21.1

[PATCH v8 09/11] iotest 258: use script_main

[John Snow]

Since this one is nicely factored to use a single entry point,
use script_main to run the tests.

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Max Reitz 
---
 tests/qemu-iotests/258 | 11 ---
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/tests/qemu-iotests/258 b/tests/qemu-iotests/258
index a65151dda6..e305a1502f 100755
--- a/tests/qemu-iotests/258
+++ b/tests/qemu-iotests/258
@@ -23,12 +23,6 @@ import iotests
 from iotests import log, qemu_img, qemu_io_silent, \
 filter_qmp_testfiles, filter_qmp_imgfmt
 
-# Need backing file and change-backing-file support
-iotests.script_initialize(
-supported_fmts=['qcow2', 'qed'],
-supported_platforms=['linux'],
-)
-
 # Returns a node for blockdev-add
 def node(node_name, path, backing=None, fmt=None, throttle=None):
 if fmt is None:
@@ -161,4 +155,7 @@ def main():
 test_concurrent_finish(False)
 
 if __name__ == '__main__':
-main()
+# Need backing file and change-backing-file support
+iotests.script_main(main,
+supported_fmts=['qcow2', 'qed'],
+supported_platforms=['linux'])
-- 
2.21.1

[PATCH v8 01/11] iotests: do a light delinting

[John Snow]

This doesn't fix everything in here, but it does help clean up the
pylint report considerably.

This should be 100% style changes only; the intent is to make pylint
more useful by working on establishing a baseline for iotests that we
can gate against in the future.

Signed-off-by: John Snow 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tests/qemu-iotests/iotests.py | 83 ++-
 1 file changed, 43 insertions(+), 40 deletions(-)

diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 23043baa26..c6d9ae130d 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -16,11 +16,9 @@
 # along with this program.  If not, see .
 #
 
-import errno
 import os
 import re
 import subprocess
-import string
 import unittest
 import sys
 import struct
@@ -34,7 +32,7 @@
 sys.path.append(os.path.join(os.path.dirname(__file__), '..', '..', 'python'))
 from qemu import qtest
 
-assert sys.version_info >= (3,6)
+assert sys.version_info >= (3, 6)
 
 # This will not work if arguments contain spaces but is necessary if we
 # want to support the override options that ./check supports.
@@ -138,11 +136,11 @@ def qemu_img_log(*args):
 return result
 
 def img_info_log(filename, filter_path=None, imgopts=False, extra_args=[]):
-args = [ 'info' ]
+args = ['info']
 if imgopts:
 args.append('--image-opts')
 else:
-args += [ '-f', imgfmt ]
+args += ['-f', imgfmt]
 args += extra_args
 args.append(filename)
 
@@ -221,7 +219,7 @@ def cmd(self, cmd):
 # quit command is in close(), '\n' is added automatically
 assert '\n' not in cmd
 cmd = cmd.strip()
-assert cmd != 'q' and cmd != 'quit'
+assert cmd not in ('q', 'quit')
 self._p.stdin.write(cmd + '\n')
 self._p.stdin.flush()
 return self._read_output()
@@ -243,10 +241,8 @@ def qemu_nbd_early_pipe(*args):
 sys.stderr.write('qemu-nbd received signal %i: %s\n' %
  (-exitcode,
   ' '.join(qemu_nbd_args + ['--fork'] + list(args
-if exitcode == 0:
-return exitcode, ''
-else:
-return exitcode, subp.communicate()[0]
+
+return exitcode, subp.communicate()[0] if exitcode else ''
 
 def qemu_nbd_popen(*args):
 '''Run qemu-nbd in daemon mode and return the parent's exit code'''
@@ -310,7 +306,7 @@ def filter_qmp(qmsg, filter_fn):
 items = qmsg.items()
 
 for k, v in items:
-if isinstance(v, list) or isinstance(v, dict):
+if isinstance(v, (dict, list)):
 qmsg[k] = filter_qmp(v, filter_fn)
 else:
 qmsg[k] = filter_fn(k, v)
@@ -321,7 +317,7 @@ def filter_testfiles(msg):
 return msg.replace(prefix, 'TEST_DIR/PID-')
 
 def filter_qmp_testfiles(qmsg):
-def _filter(key, value):
+def _filter(_key, value):
 if is_str(value):
 return filter_testfiles(value)
 return value
@@ -347,7 +343,7 @@ def filter_imgfmt(msg):
 return msg.replace(imgfmt, 'IMGFMT')
 
 def filter_qmp_imgfmt(qmsg):
-def _filter(key, value):
+def _filter(_key, value):
 if is_str(value):
 return filter_imgfmt(value)
 return value
@@ -358,7 +354,7 @@ def log(msg, filters=[], indent=None):
 If indent is provided, JSON serializable messages are pretty-printed.'''
 for flt in filters:
 msg = flt(msg)
-if isinstance(msg, dict) or isinstance(msg, list):
+if isinstance(msg, (dict, list)):
 # Python < 3.4 needs to know not to add whitespace when 
pretty-printing:
 separators = (', ', ': ') if indent is None else (',', ': ')
 # Don't sort if it's already sorted
@@ -369,14 +365,14 @@ def log(msg, filters=[], indent=None):
 print(msg)
 
 class Timeout:
-def __init__(self, seconds, errmsg = "Timeout"):
+def __init__(self, seconds, errmsg="Timeout"):
 self.seconds = seconds
 self.errmsg = errmsg
 def __enter__(self):
 signal.signal(signal.SIGALRM, self.timeout)
 signal.setitimer(signal.ITIMER_REAL, self.seconds)
 return self
-def __exit__(self, type, value, traceback):
+def __exit__(self, exc_type, value, traceback):
 signal.setitimer(signal.ITIMER_REAL, 0)
 return False
 def timeout(self, signum, frame):
@@ -385,7 +381,7 @@ def timeout(self, signum, frame):
 def file_pattern(name):
 return "{0}-{1}".format(os.getpid(), name)
 
-class FilePaths(object):
+class FilePaths:
 """
 FilePaths is an auto-generated filename that cleans itself up.
 
@@ -532,11 +528,11 @@ def pause_drive(self, drive, event=None):
 self.pause_drive(drive, "write_aio")
 return
 self.qmp('human-monitor-command',
-command_line='qemu-io %s "break %s bp_%s"' % (drive, 
event, drive))
+ command_line='qemu-io %s "break %s bp_%s"' % 

Re: [PULL 00/61] Misc patches for soft freeze

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/1584394048-44994-1-git-send-email-pbonz...@redhat.com/



Hi,

This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===

PASS 1 fdc-test /x86_64/fdc/cmos
PASS 2 fdc-test /x86_64/fdc/no_media_on_start
PASS 3 fdc-test /x86_64/fdc/read_without_media
==11429==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 fdc-test /x86_64/fdc/media_change
PASS 5 fdc-test /x86_64/fdc/sense_interrupt
PASS 6 fdc-test /x86_64/fdc/relative_seek
---
PASS 32 test-opts-visitor /visitor/opts/range/beyond
PASS 33 test-opts-visitor /visitor/opts/dict/unvisited
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-coroutine" 
==11484==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
==11484==WARNING: ASan is ignoring requested __asan_handle_no_return: stack 
top: 0x7ffda0e6; bottom 0x7fa1c9d2; size: 0x005bd714 (394450436096)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 1 test-coroutine /basic/no-dangling-access
---
PASS 12 fdc-test /x86_64/fdc/read_no_dma_19
PASS 13 fdc-test /x86_64/fdc/fuzz-registers
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img 
tests/qtest/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="ide-test" 
==11499==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 14 test-aio /aio/timer/schedule
PASS 15 test-aio /aio/coroutine/queue-chaining
PASS 16 test-aio /aio-gsource/flush
---
PASS 25 test-aio /aio-gsource/event/wait
PASS 26 test-aio /aio-gsource/event/flush
PASS 27 test-aio /aio-gsource/event/wait/no-flush-cb
==11507==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 ide-test /x86_64/ide/identify
==11513==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 28 test-aio /aio-gsource/timer/schedule
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-aio-multithread -m=quick -k --tap < /dev/null | 
./scripts/tap-driver.pl --test-name="test-aio-multithread" 
==11520==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-aio-multithread /aio/multi/lifecycle
PASS 2 ide-test /x86_64/ide/flush
==11533==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 2 test-aio-multithread /aio/multi/schedule
PASS 3 ide-test /x86_64/ide/bmdma/simple_rw
==11544==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 ide-test /x86_64/ide/bmdma/trim
PASS 3 test-aio-multithread /aio/multi/mutex/contended
==11550==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 4 test-aio-multithread /aio/multi/mutex/handoff
PASS 5 test-aio-multithread /aio/multi/mutex/mcs
PASS 6 test-aio-multithread /aio/multi/mutex/pthread
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-throttle" 
==11572==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-throttle /throttle/leak_bucket
PASS 2 test-throttle /throttle/compute_wait
PASS 3 test-throttle /throttle/init
---
PASS 14 test-throttle /throttle/config/max
PASS 15 test-throttle /throttle/config/iops_size
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}  
tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl 
--test-name="test-thread-pool" 
==11576==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 1 test-thread-pool /thread-pool/submit
PASS 2 test-thread-pool /thread-pool/submit-aio
PASS 3 test-thread-pool /thread-pool/submit-co
PASS 4 test-thread-pool /thread-pool/submit-many
==11643==WARNING: ASan doesn't fully support makecontext/swapcontext functions 
and may produce false positives in some cases!
PASS 5 test-thread-pool /thread-pool/cancel
PASS 6 test-thread-pool /thread-pool/cancel-async

Re: [PULL 00/61] Misc patches for soft freeze

[no-reply]

Patchew URL: 
https://patchew.org/QEMU/1584394048-44994-1-git-send-email-pbonz...@redhat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PULL 00/61] Misc patches for soft freeze
Message-id: 1584394048-44994-1-git-send-email-pbonz...@redhat.com
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
cd46cc2 hw/arm: Let devices own the MemoryRegion they create
acefd47 hw/arm: Remove unnecessary memory_region_set_readonly() on ROM alias
f26c6ec hw/ppc/ppc405: Use memory_region_init_rom() with read-only regions
014a7f6 hw/arm/stm32: Use memory_region_init_rom() with read-only regions
37b937c hw/char: Let devices own the MemoryRegion they create
5faaec9 hw/riscv: Let devices own the MemoryRegion they create
32e8210 hw/dma: Let devices own the MemoryRegion they create
41b0949 hw/display: Let devices own the MemoryRegion they create
2440d3d hw/core: Let devices own the MemoryRegion they create
cbb4826 scripts/cocci: Patch to let devices own their MemoryRegions
78397a0 scripts/cocci: Patch to remove unnecessary memory_region_set_readonly()
7105f13 scripts/cocci: Patch to detect potential use of memory_region_init_rom
5e29657 hw/sparc: Use memory_region_init_rom() with read-only regions
3eb227a hw/sh4: Use memory_region_init_rom() with read-only regions
eb09349 hw/riscv: Use memory_region_init_rom() with read-only regions
ed4826e hw/ppc: Use memory_region_init_rom() with read-only regions
b105369 hw/pci-host: Use memory_region_init_rom() with read-only regions
a68500f hw/net: Use memory_region_init_rom() with read-only regions
ed9cd1f hw/m68k: Use memory_region_init_rom() with read-only regions
399ba06 hw/display: Use memory_region_init_rom() with read-only regions
51d745b hw/arm: Use memory_region_init_rom() with read-only regions
933a6c5 scripts/cocci: Patch to replace memory_region_init_{ram, readonly -> 
rom}
4fed855 scripts/cocci: Rename memory-region-{init-ram -> housekeeping}
af2a719 memory: Simplify memory_region_init_rom_nomigrate() to ease review
af1e8ca memory: Correctly return alias region type
420272a lockable: add QemuRecMutex support
7145da7 lockable: add lock guards
773b436 cpus: avoid pause_all_vcpus getting stuck due to race
3c6d277 exec/rom_reset: Free rom data during inmigrate skip
46cca43 Use -isystem for linux-headers dir
5e28455 softmmu/vl.c: Handle '-cpu help' and '-device help' before 'no default 
machine'
cbe6b04 qemu-cpu-models.rst: Document -noTSX, mds-no, taa-no, and tsx-ctrl
fda402f ui/curses: Move arrays to .heap to save 74KiB of .bss
d5573ac ui/curses: Make control_characters[] array const
7c3e49f hw/usb/quirks: Use smaller types to reduce .rodata by 10KiB
c87784b hw/audio/intel-hda: Use memory region alias to reduce .rodata by 4.34MB
cc21b87 hw/audio/fmopl: Move ENV_CURVE to .heap to save 32KiB of .bss
a1ea1d5 Makefile: Let the 'help' target list the tools targets
9ac297a Makefile: Align 'help' target output
b3219e5 WHPX: Use proper synchronization primitives while processing
7feeb33 i386: Fix GCC warning with snprintf when HAX is enabled
1ea8875 qom/object: Use common get/set uint helpers
7e7ce48 ich9: Simplify ich9_lpc_initfn
a5caa86 ich9: fix getter type for sci_int property
65692c6 qom/object: enable setter for uint types
f78a8b0 memory: Fix start offset for bitmap log_clear hook
bbb0d03 tests/docker: Install SASL library to extend code coverage on amd64
0b44062 configure: Fix building with SASL on Windows
59337c0 modules: load modules from versioned /var/run dir
3108fd7 build-sys: do not make qemu-ga link with pixman
4668b2a oslib-posix: initialize mutex and condition variable
374e906 hw/i386/intel_iommu: Fix out-of-bounds access on guest IRT
91ae0b7 MAINTAINERS: Add entry for Guest X86 HAXM CPUs
b75790f WHPX: Use QEMU values for trapped CPUID
6b4d015 WHPX: TSC get and set should be dependent on VM state
31dab17 util: add util function buffer_zero_avx512()
1af2201 configure: add configure option avx512f_opt
c80c8bc misc: Replace zero-length arrays with flexible array member (manual)
cda1965 misc: Replace zero-length arrays with flexible array member (automatic)
c231a41 optionrom/pvh: scan entire RSDP Area
ac0f826 scsi/qemu-pr-helper: Fix out-of-bounds access to trnptid_list[]

=== OUTPUT BEGIN ===
1/61 Checking commit ac0f8263e015 (scsi/qemu-pr-helper: Fix out-of-bounds 
access to trnptid_list[])
2/61 Checking commit c231a414ecc4 (optionrom/pvh: scan entire RSDP Area)
3/61 Checking commit cda196559230 (misc: Replace zero-length arrays with 
flexible array member (automatic))
4/61 Checking commit c80c8bc2cfc5 (misc: Replace zero-length arrays with 
flexible array member (manual))
5/61 Checking commit 1af220199ceb (configure: add configure option avx512f_opt)

Re: [PATCH v2] MAINTAINERS: Mark the LatticeMico32 target as orphan

[Richard Henderson]

On 3/16/20 7:28 AM, Philippe Mathieu-Daudé wrote:
> Michael Walle expressed his desire to orphan the lm32 target [*]:
> 
>   I guess it is time to pull the plug. Mainly, because I have
>   no time for this anymore. I've always worked on this on my
>   spare time and life changed. And secondly, I guess RISC-V is
>   taking over ;) It has a far better ecosystem. Also, to my
>   knowledge the only (public) user of LM32 is milkymist and this
>   project is dead for years now..
> 
>   So time to say goodbye. It was fun and I've learned a lot -
>   technically and also how a huge open source project works.
>   Thank you everyone for that :)
> 
>   Basically everything still works and there are even TCG test
>   cases which covers all instructions the processor has.
> 
> Many thanks to Michael for his substantial contributions to QEMU,
> and for maintaining the LM32 target for various years!
> 
> [*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg605024.html
> 
> Acked-by: Michael Walle 
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
> v2: Also orphan machines, added Michael A-b tag
> ---
>  MAINTAINERS | 12 ++--
>  1 file changed, 6 insertions(+), 6 deletions(-)

Reviewed-by: Richard Henderson 

r~

Re: [PULL 00/38] Linux user for 5.0 patches

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200316161550.336150-1-laur...@vivier.eu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PULL 00/38] Linux user for 5.0 patches
Message-id: 20200316161550.336150-1-laur...@vivier.eu
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Switched to a new branch 'test'
fee33bd linux-user, openrisc: sync syscall numbers with kernel v5.5
fd2f311 linux-user, nios2: sync syscall numbers with kernel v5.5
6a5d29c linux-user, aarch64: sync syscall numbers with kernel v5.5
0f61c49 scripts: add a script to generate syscall_nr.h
ba74d13 linux-user,mips: update syscall-args-o32.c.inc
6093ee8 linux-user,mips: move content of mips_syscall_args
329d3cf linux-user: update syscall.tbl from linux 0bf999f9c5e7
fdd68d1 linux-user, scripts: add a script to update syscall.tbl
39929e8 linux-user, mips64: add syscall table generation support
cd6dd35 linux-user, mips: add syscall table generation support
890ff9d linux-user, x86_64: add syscall table generation support
353fb76 linux-user, i386: add syscall table generation support
9db49be linux-user, x86_64, i386: cleanup TARGET_NR_arch_prctl
9da00a8 linux-user, sparc, sparc64: add syscall table generation support
e7dfa49 linux-user, s390x: add syscall table generation support
07108d6 linux-user, s390x: remove syscall definitions for !TARGET_S390X
0a1acf7 linux-user, ppc: add syscall table generation support
48126a9 linux-user, arm: add syscall table generation support
13a5cdd linux-user, microblaze: add syscall table generation support
ea958ad linux-user, sh4: add syscall table generation support
2599c73 linux-user, xtensa: add syscall table generation support
9764b87 linux-user, m68k: add syscall table generation support
52d7b45 linux-user, hppa: add syscall table generation support
baeb698 linux-user, alpha: add syscall table generation support
b3d6a3d linux-user: introduce parameters to generate syscall_nr.h
c4be834 linux-user/riscv: Update the syscall_nr's to the 5.5 kernel
e9992a7 linux-user: Support futex_time64
022b88e linux-user/syscall: Add support for clock_gettime64/clock_settime64
0bf2c2d linux-user: Protect more syscalls
fc4fcbe linux-user: Update TASK_UNMAPPED_BASE for aarch64
0e97ba7 linux-user: fix socket() strace
99fda14 linux-user: do prlimit selectively
8eb735a linux-user: Add AT_EXECFN auxval
571a225 linux-user: Flush out implementation of gettimeofday
092c4cc linux-user: Add x86_64 vsyscall page to /proc/self/maps
d1a6687 linux-user/i386: Emulate x86_64 vsyscalls
169e4fb linux-user/i386: Split out gen_signal
dfc6a82 target/i386: Renumber EXCP_SYSCALL

=== OUTPUT BEGIN ===
1/38 Checking commit dfc6a82f8f0a (target/i386: Renumber EXCP_SYSCALL)
2/38 Checking commit 169e4fb16716 (linux-user/i386: Split out gen_signal)
3/38 Checking commit d1a668759f5b (linux-user/i386: Emulate x86_64 vsyscalls)
4/38 Checking commit 092c4ccea82d (linux-user: Add x86_64 vsyscall page to 
/proc/self/maps)
5/38 Checking commit 571a225e5502 (linux-user: Flush out implementation of 
gettimeofday)
6/38 Checking commit 8eb735a75f6a (linux-user: Add AT_EXECFN auxval)
7/38 Checking commit 99fda143c672 (linux-user: do prlimit selectively)
8/38 Checking commit 0e97ba7c8e8e (linux-user: fix socket() strace)
9/38 Checking commit fc4fcbe8aae4 (linux-user: Update TASK_UNMAPPED_BASE for 
aarch64)
10/38 Checking commit 0bf2c2d4158a (linux-user: Protect more syscalls)
11/38 Checking commit 022b88e1c6bd (linux-user/syscall: Add support for 
clock_gettime64/clock_settime64)
12/38 Checking commit e9992a7e4a00 (linux-user: Support futex_time64)
WARNING: architecture specific defines should be avoided
#26: FILE: linux-user/syscall.c:248:
+#if defined(__NR_futex)

WARNING: architecture specific defines should be avoided
#29: FILE: linux-user/syscall.c:251:
+#if defined(__NR_futex_time64)

WARNING: architecture specific defines should be avoided
#40: FILE: linux-user/syscall.c:303:
+#if (defined(TARGET_NR_futex) && defined(__NR_futex)) || \

WARNING: architecture specific defines should be avoided
#46: FILE: linux-user/syscall.c:309:
+#if (defined(TARGET_NR_futex_time64) && defined(__NR_futex_teim64))

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
  ^

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
   ^

ERROR: space required after that ',' (ctx:OxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
 ^

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: 

Re: [PATCH v2 8/8] ppc/spapr: Ignore common "ibm,nmi-interlock" Linux bug

[David Gibson]

On Tue, Mar 17, 2020 at 12:26:13AM +1000, Nicholas Piggin wrote:
> Linux kernels call "ibm,nmi-interlock" in their system reset handlers
> contrary to PAPR. Returning an error because the CPU does not hold the
> interlock here causes Linux to print warning messages. PowerVM returns
> success in this case, so do the same for now.
> 
> Signed-off-by: Nicholas Piggin 

Applied, thanks.

> ---
>  hw/ppc/spapr_rtas.c | 14 --
>  1 file changed, 12 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 521e6b0b72..9fb8c8632a 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -461,8 +461,18 @@ static void rtas_ibm_nmi_interlock(PowerPCCPU *cpu,
>  }
>  
>  if (spapr->fwnmi_machine_check_interlock != cpu->vcpu_id) {
> -/* The vCPU that hit the NMI should invoke "ibm,nmi-interlock" */
> -rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
> +/*
> +  * The vCPU that hit the NMI should invoke "ibm,nmi-interlock"
> + * This should be PARAM_ERROR, but Linux calls "ibm,nmi-interlock"
> +  * for system reset interrupts, despite them not being interlocked.
> +  * PowerVM silently ignores this and returns success here. Returning
> +  * failure causes Linux to print the error "FWNMI: nmi-interlock
> +  * failed: -3", although no other apparent ill effects, this is a
> +  * regression for the user when enabling FWNMI. So for now, match
> +  * PowerVM. When most Linux clients are fixed, this could be
> +  * changed.
> +  */
> +rtas_st(rets, 0, RTAS_OUT_SUCCESS);
>  return;
>  }
>  

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v2 6/8] target/ppc: allow ppc_cpu_do_system_reset to take an alternate vector

[David Gibson]

On Mon, Mar 16, 2020 at 07:15:14PM +0100, Cédric Le Goater wrote:
> On 3/16/20 3:26 PM, Nicholas Piggin wrote:
> > Provide for an alternate delivery location, -1 defaults to the
> > architected address.
> 
> I don't know what is the best approach, to override the vector addr
> computed by powerpc_excp() or use a machine class handler with 
> cpu->vhyp.

Again, in the interests of getting this in for the soft freeze, I've
applied this now.  We can clean it up later.

> 
> > Signed-off-by: Nicholas Piggin 
> > ---
> >  hw/ppc/spapr.c   | 2 +-
> >  target/ppc/cpu.h | 2 +-
> >  target/ppc/excp_helper.c | 5 -
> >  3 files changed, 6 insertions(+), 3 deletions(-)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 5f93c49706..25221d843c 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -3400,7 +3400,7 @@ static void spapr_machine_finalizefn(Object *obj)
> >  void spapr_do_system_reset_on_cpu(CPUState *cs, run_on_cpu_data arg)
> >  {
> >  cpu_synchronize_state(cs);
> > -ppc_cpu_do_system_reset(cs);
> > +ppc_cpu_do_system_reset(cs, -1);
> >  }
> >  
> >  static void spapr_nmi(NMIState *n, int cpu_index, Error **errp)
> > diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h
> > index 3953680534..f8c7d6f19c 100644
> > --- a/target/ppc/cpu.h
> > +++ b/target/ppc/cpu.h
> > @@ -1220,7 +1220,7 @@ int ppc64_cpu_write_elf64_note(WriteCoreDumpFunction 
> > f, CPUState *cs,
> >  int ppc32_cpu_write_elf32_note(WriteCoreDumpFunction f, CPUState *cs,
> > int cpuid, void *opaque);
> >  #ifndef CONFIG_USER_ONLY
> > -void ppc_cpu_do_system_reset(CPUState *cs);
> > +void ppc_cpu_do_system_reset(CPUState *cs, target_ulong vector);
> >  void ppc_cpu_do_fwnmi_machine_check(CPUState *cs, target_ulong vector);
> >  extern const VMStateDescription vmstate_ppc_cpu;
> >  #endif
> > diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
> > index 7f2b5899d3..08bc885ca6 100644
> > --- a/target/ppc/excp_helper.c
> > +++ b/target/ppc/excp_helper.c
> > @@ -961,12 +961,15 @@ static void ppc_hw_interrupt(CPUPPCState *env)
> >  }
> >  }
> >  
> > -void ppc_cpu_do_system_reset(CPUState *cs)
> > +void ppc_cpu_do_system_reset(CPUState *cs, target_ulong vector)
> >  {
> >  PowerPCCPU *cpu = POWERPC_CPU(cs);
> >  CPUPPCState *env = >env;
> >  
> >  powerpc_excp(cpu, env->excp_model, POWERPC_EXCP_RESET);
> > +if (vector != -1) {
> > +env->nip = vector;
> > +}
> >  }
> >  
> >  void ppc_cpu_do_fwnmi_machine_check(CPUState *cs, target_ulong vector)
> > 
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[PULL SUBSYSTEM qemu-pseries] pseries: Update SLOF firmware image

[Alexey Kardashevskiy]

The following changes since commit 33dead675695e596b7f32c72e6f6a20390e86d8a:

  pseries: Update SLOF firmware image (2020-03-13 17:50:44 +1100)

are available in the Git repository at:

  g...@github.com:aik/qemu.git tags/qemu-slof-20200317

for you to fetch changes up to b7cf539920376542f03df8337602c3b8974bd1a1:

  pseries: Update SLOF firmware image (2020-03-17 10:27:34 +1100)


Alexey Kardashevskiy (1):
  pseries: Update SLOF firmware image

 pc-bios/README   |   2 +-
 pc-bios/slof.bin | Bin 968848 -> 965008 bytes
 roms/SLOF|   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)


*** Note: this is not for master, this is for pseries

The only change here is moving the decision about rtas-size
to QEMU.

Re: [PATCH v2 4/8] ppc/spapr: Fix FWNMI machine check interrupt delivery

[David Gibson]

On Tue, Mar 17, 2020 at 09:19:57AM +1000, Nicholas Piggin wrote:
> Cédric Le Goater's on March 17, 2020 3:59 am:
> > On 3/16/20 3:26 PM, Nicholas Piggin wrote:
> >> FWNMI machine check delivery misses a few things that will make it fail
> >> with TCG at least (which we would like to allow in future to improve
> >> testing).
> > 
> > I don't understand which issues are addressed in the patch.
> 
> The existing code does not compute hflags, at least.
> 
> There's a few possible other things, I didn't dig into qemu enough
> to know if they might be a problem (e.g., reservation and TLB). I
> figure it's better to keep these consistent.
> 
> Keep in mind this is a bit academic right now, because we can't
> (AFAIKS) inject an MCE from TCG. It would be good to wire that up,
> but I didn't get to it.
> 
> >> It's not nice to scatter interrupt delivery logic around the tree, so
> >> move it to excp_helper.c and share code where possible.
> > 
> > It looks correct but this is touching the ugliest routine in the QEMU 
> > PPC universe. I would split the patch in two to introduce the helper
> > powerpc_set_excp_state().
> > 
> > It does not seem to need to be an inline also.
> 
> Yeah it's all pretty ugly. I didn't yet find a nice way to do
> split things up that did not require a lot of code churn, but that
> can come later.
> 
> Inline was just because powerpc_excp is inline, I didn't want to
> change behaviour too much there (it obviously wants to do a lot of
> constant propagation but maybe only on the case statement). Anyway
> I just wanted to be minimal for now, it could be changed.

Yeah, I definitely want to get this in, so despite imperfections that
could probably be polished with time, I've applied to ppc-for-5.0.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v2 7/8] ppc/spapr: Implement FWNMI System Reset delivery

[David Gibson]

On Tue, Mar 17, 2020 at 12:26:12AM +1000, Nicholas Piggin wrote:
> PAPR requires that if "ibm,nmi-register" succeeds, then the hypervisor
> delivers all system reset and machine check exceptions to the registered
> addresses.
> 
> System Resets are delivered with registers set to the architected state,
> and with no interlock.
> 
> Signed-off-by: Nicholas Piggin 

Applied to ppc-for-5.0.

> ---
>  hw/ppc/spapr.c | 46 --
>  1 file changed, 44 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 25221d843c..78e649f47d 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -967,7 +967,29 @@ static void spapr_dt_rtas(SpaprMachineState *spapr, void 
> *fdt)
>  _FDT(fdt_setprop(fdt, rtas, "ibm,max-associativity-domains",
>   maxdomains, sizeof(maxdomains)));
>  
> -_FDT(fdt_setprop_cell(fdt, rtas, "rtas-size", RTAS_SIZE));
> +/*
> + * FWNMI reserves RTAS_ERROR_LOG_MAX for the machine check error log,
> + * and 16 bytes per CPU for system reset error log plus an extra 8 bytes.
> + *
> + * The system reset requirements are driven by existing Linux and PowerVM
> + * implementation which (contrary to PAPR) saves r3 in the error log
> + * structure like machine check, so Linux expects to find the saved r3
> + * value at the address in r3 upon FWNMI-enabled sreset interrupt (and
> + * does not look at the error value).
> + *
> + * System reset interrupts are not subject to interlock like machine
> + * check, so this memory area could be corrupted if the sreset is
> + * interrupted by a machine check (or vice versa) if it was shared. To
> + * prevent this, system reset uses per-CPU areas for the sreset save
> + * area. A system reset that interrupts a system reset handler could
> + * still overwrite this area, but Linux doesn't try to recover in that
> + * case anyway.
> + *
> + * The extra 8 bytes is required because Linux's FWNMI error log check
> + * is off-by-one.
> + */
> +_FDT(fdt_setprop_cell(fdt, rtas, "rtas-size", RTAS_ERROR_LOG_MAX +
> +   ms->smp.max_cpus * sizeof(uint64_t)*2 + 
> sizeof(uint64_t)));
>  _FDT(fdt_setprop_cell(fdt, rtas, "rtas-error-log-max",
>RTAS_ERROR_LOG_MAX));
>  _FDT(fdt_setprop_cell(fdt, rtas, "rtas-event-scan-rate",
> @@ -3399,8 +3421,28 @@ static void spapr_machine_finalizefn(Object *obj)
>  
>  void spapr_do_system_reset_on_cpu(CPUState *cs, run_on_cpu_data arg)
>  {
> +SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> +
>  cpu_synchronize_state(cs);
> -ppc_cpu_do_system_reset(cs, -1);
> +/* If FWNMI is inactive, addr will be -1, which will deliver to 0x100 */
> +if (spapr->fwnmi_system_reset_addr != -1) {
> +uint64_t rtas_addr, addr;
> +PowerPCCPU *cpu = POWERPC_CPU(cs);
> +CPUPPCState *env = >env;
> +
> +/* get rtas addr from fdt */
> +rtas_addr = spapr_get_rtas_addr();
> +if (!rtas_addr) {
> +qemu_system_guest_panicked(NULL);
> +return;
> +}
> +
> +addr = rtas_addr + RTAS_ERROR_LOG_MAX + cs->cpu_index * 
> sizeof(uint64_t)*2;
> +stq_be_phys(_space_memory, addr, env->gpr[3]);
> +stq_be_phys(_space_memory, addr + sizeof(uint64_t), 0);
> +env->gpr[3] = addr;
> +}
> +ppc_cpu_do_system_reset(cs, spapr->fwnmi_system_reset_addr);
>  }
>  
>  static void spapr_nmi(NMIState *n, int cpu_index, Error **errp)

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v2 7/8] ppc/spapr: Implement FWNMI System Reset delivery

[David Gibson]

On Mon, Mar 16, 2020 at 06:52:54PM +0100, Greg Kurz wrote:
> On Mon, 16 Mar 2020 23:05:00 +0530
> Mahesh J Salgaonkar  wrote:
> 
> > On 2020-03-17 00:26:12 Tue, Nicholas Piggin wrote:
> > > PAPR requires that if "ibm,nmi-register" succeeds, then the hypervisor
> > > delivers all system reset and machine check exceptions to the registered
> > > addresses.
> > > 
> > > System Resets are delivered with registers set to the architected state,
> > > and with no interlock.
> > > 
> > > Signed-off-by: Nicholas Piggin 
> > > ---
> > >  hw/ppc/spapr.c | 46 --
> > >  1 file changed, 44 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > > index 25221d843c..78e649f47d 100644
> > > --- a/hw/ppc/spapr.c
> > > +++ b/hw/ppc/spapr.c
> > > @@ -967,7 +967,29 @@ static void spapr_dt_rtas(SpaprMachineState *spapr, 
> > > void *fdt)
> > >  _FDT(fdt_setprop(fdt, rtas, "ibm,max-associativity-domains",
> > >   maxdomains, sizeof(maxdomains)));
> > > 
> > > -_FDT(fdt_setprop_cell(fdt, rtas, "rtas-size", RTAS_SIZE));
> > > +/*
> > > + * FWNMI reserves RTAS_ERROR_LOG_MAX for the machine check error log,
> > > + * and 16 bytes per CPU for system reset error log plus an extra 8 
> > > bytes.
> > > + *
> > > + * The system reset requirements are driven by existing Linux and 
> > > PowerVM
> > > + * implementation which (contrary to PAPR) saves r3 in the error log
> > > + * structure like machine check, so Linux expects to find the saved 
> > > r3
> > > + * value at the address in r3 upon FWNMI-enabled sreset interrupt 
> > > (and
> > > + * does not look at the error value).
> > > + *
> > > + * System reset interrupts are not subject to interlock like machine
> > > + * check, so this memory area could be corrupted if the sreset is
> > > + * interrupted by a machine check (or vice versa) if it was shared. 
> > > To
> > > + * prevent this, system reset uses per-CPU areas for the sreset save
> > > + * area. A system reset that interrupts a system reset handler could
> > > + * still overwrite this area, but Linux doesn't try to recover in 
> > > that
> > > + * case anyway.
> > > + *
> > > + * The extra 8 bytes is required because Linux's FWNMI error log 
> > > check
> > > + * is off-by-one.
> > > + */
> > > +_FDT(fdt_setprop_cell(fdt, rtas, "rtas-size", RTAS_ERROR_LOG_MAX +
> > > +   ms->smp.max_cpus * sizeof(uint64_t)*2 + 
> > > sizeof(uint64_t)));
> > 
> > Currently the rtas region is only of size 2048 (i.e RTAS_ERROR_LOG_MAX).
> > Do we need SLOF change to increase rtas area as well ? Otherwise QEMU
> > may corrupt guest memory area OR Am I wrong ?
> > 
> 
> A change is pending for SLOF to use the "rtas-size" property
> provided by QEMU:
> 
> https://patchwork.ozlabs.org/patch/1255264/

In the meantime, this is still correct.  Because we rebuild the device
tree at CAS time, the qemu supplied value will be the one the guest
sees in the end.  We obviously want that qemu update to avoid
confusion, but we don't need it for things to work.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v2 6/8] target/ppc: allow ppc_cpu_do_system_reset to take an alternate vector

[Nicholas Piggin]

Cédric Le Goater's on March 17, 2020 4:15 am:
> On 3/16/20 3:26 PM, Nicholas Piggin wrote:
>> Provide for an alternate delivery location, -1 defaults to the
>> architected address.
> 
> I don't know what is the best approach, to override the vector addr
> computed by powerpc_excp() or use a machine class handler with 
> cpu->vhyp.

Yeah it's getting a bit ad hoc and inconsistent with machine check
etc, I just figured get something minimal in there now. The whole
exception delivery needs a spring clean though.

Thanks,
Nick

Re: [PATCH v2 5/8] ppc/spapr: Allow FWNMI on TCG

[Nicholas Piggin]

Greg Kurz's on March 17, 2020 4:01 am:
> On Tue, 17 Mar 2020 00:26:10 +1000
> Nicholas Piggin  wrote:
> 
>> There should no longer be a reason to prevent TCG providing FWNMI.
>> System Reset interrupts are generated to the guest with nmi monitor
>> command and H_SIGNAL_SYS_RESET. Machine Checks can not be injected
>> currently, but this could be implemented with the mce monitor cmd
>> similarly to i386.
>> 
>> Signed-off-by: Nicholas Piggin 
>> ---
>>  hw/ppc/spapr_caps.c | 5 +
>>  1 file changed, 1 insertion(+), 4 deletions(-)
>> 
>> diff --git a/hw/ppc/spapr_caps.c b/hw/ppc/spapr_caps.c
>> index f626d769a0..679ae7959f 100644
>> --- a/hw/ppc/spapr_caps.c
>> +++ b/hw/ppc/spapr_caps.c
>> @@ -516,10 +516,7 @@ static void cap_fwnmi_apply(SpaprMachineState *spapr, 
>> uint8_t val,
>>  return; /* Disabled by default */
>>  }
>>  
>> -if (tcg_enabled()) {
>> -warn_report("Firmware Assisted Non-Maskable Interrupts(FWNMI) not "
>> -"supported in TCG");
> 
> With this warning removed, we can now drop the "cap-fwnmi=off" setting
> in qtest, but this can be done as a followup.

Ah right, thanks. Would you send the patch later or should I?

Thanks,
Nick

Re: [PATCH v2 4/8] ppc/spapr: Fix FWNMI machine check interrupt delivery

[Nicholas Piggin]

Cédric Le Goater's on March 17, 2020 3:59 am:
> On 3/16/20 3:26 PM, Nicholas Piggin wrote:
>> FWNMI machine check delivery misses a few things that will make it fail
>> with TCG at least (which we would like to allow in future to improve
>> testing).
> 
> I don't understand which issues are addressed in the patch.

The existing code does not compute hflags, at least.

There's a few possible other things, I didn't dig into qemu enough
to know if they might be a problem (e.g., reservation and TLB). I
figure it's better to keep these consistent.

Keep in mind this is a bit academic right now, because we can't
(AFAIKS) inject an MCE from TCG. It would be good to wire that up,
but I didn't get to it.

>> It's not nice to scatter interrupt delivery logic around the tree, so
>> move it to excp_helper.c and share code where possible.
> 
> It looks correct but this is touching the ugliest routine in the QEMU 
> PPC universe. I would split the patch in two to introduce the helper
> powerpc_set_excp_state().
> 
> It does not seem to need to be an inline also.

Yeah it's all pretty ugly. I didn't yet find a nice way to do
split things up that did not require a lot of code churn, but that
can come later.

Inline was just because powerpc_excp is inline, I didn't want to
change behaviour too much there (it obviously wants to do a lot of
constant propagation but maybe only on the case statement). Anyway
I just wanted to be minimal for now, it could be changed.

Thanks,
Nick

Re: [PATCH v3 00/19] Support disabling TCG on ARM (part 2)

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200316160634.3386-1-phi...@redhat.com/



Hi,

This series failed the docker-quick@centos7 build test. Please find the testing 
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-centos7 V=1 NETWORK=1
time make docker-test-quick@centos7 SHOW_ENV=1 J=14 NETWORK=1
=== TEST SCRIPT END ===

missing object type 'or-irq'
Broken pipe
/tmp/qemu-test/src/tests/qtest/libqtest.c:175: kill_qemu() detected QEMU death 
from signal 6 (Aborted) (core dumped)
ERROR - too few tests run (expected 6, got 5)
make: *** [check-qtest-aarch64] Error 1
make: *** Waiting for unfinished jobs
Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: -accel kvm: failed to initialize kvm: No such file or 
directory
---
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', 
'--label', 'com.qemu.instance.uuid=d51fe73160644e0ba6a0f3cf1c1d6208', '-u', 
'1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', 
'-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 
'SHOW_ENV=1', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', 
'/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', 
'/var/tmp/patchew-tester-tmp-u8ju4ssp/src/docker-src.2020-03-16-18.57.13.21007:/var/tmp/qemu:z,ro',
 'qemu:centos7', '/var/tmp/qemu/run', 'test-quick']' returned non-zero exit 
status 2.
filter=--filter=label=com.qemu.instance.uuid=d51fe73160644e0ba6a0f3cf1c1d6208
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-u8ju4ssp/src'
make: *** [docker-run-test-quick@centos7] Error 2

real13m16.228s
user0m8.763s


The full log is available at
http://patchew.org/logs/20200316160634.3386-1-phi...@redhat.com/testing.docker-quick@centos7/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [PATCH v2 3/8] ppc/spapr: Add FWNMI System Reset state

[David Gibson]

On Tue, Mar 17, 2020 at 12:26:08AM +1000, Nicholas Piggin wrote:
> The FWNMI option must deliver system reset interrupts to their
> registered address, and there are a few constraints on the handler
> addresses specified in PAPR. Add the system reset address state and
> checks.
> 
> Signed-off-by: Nicholas Piggin 

Applied to ppc-for-5.0, thanks.

> ---
>  hw/ppc/spapr.c |  2 ++
>  hw/ppc/spapr_rtas.c| 14 +-
>  include/hw/ppc/spapr.h |  3 ++-
>  3 files changed, 17 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index b03b26370d..5f93c49706 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1704,6 +1704,7 @@ static void spapr_machine_reset(MachineState *machine)
>  
>  spapr->cas_reboot = false;
>  
> +spapr->fwnmi_system_reset_addr = -1;
>  spapr->fwnmi_machine_check_addr = -1;
>  spapr->fwnmi_machine_check_interlock = -1;
>  
> @@ -2023,6 +2024,7 @@ static const VMStateDescription vmstate_spapr_fwnmi = {
>  .needed = spapr_fwnmi_needed,
>  .pre_save = spapr_fwnmi_pre_save,
>  .fields = (VMStateField[]) {
> +VMSTATE_UINT64(fwnmi_system_reset_addr, SpaprMachineState),
>  VMSTATE_UINT64(fwnmi_machine_check_addr, SpaprMachineState),
>  VMSTATE_INT32(fwnmi_machine_check_interlock, SpaprMachineState),
>  VMSTATE_END_OF_LIST()
> diff --git a/hw/ppc/spapr_rtas.c b/hw/ppc/spapr_rtas.c
> index 0b8c481593..521e6b0b72 100644
> --- a/hw/ppc/spapr_rtas.c
> +++ b/hw/ppc/spapr_rtas.c
> @@ -414,6 +414,7 @@ static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
>uint32_t nret, target_ulong rets)
>  {
>  hwaddr rtas_addr;
> +target_ulong sreset_addr, mce_addr;
>  
>  if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI) == SPAPR_CAP_OFF) {
>  rtas_st(rets, 0, RTAS_OUT_NOT_SUPPORTED);
> @@ -426,7 +427,18 @@ static void rtas_ibm_nmi_register(PowerPCCPU *cpu,
>  return;
>  }
>  
> -spapr->fwnmi_machine_check_addr = rtas_ld(args, 1);
> +sreset_addr = rtas_ld(args, 0);
> +mce_addr = rtas_ld(args, 1);
> +
> +/* PAPR requires these are in the first 32M of memory and within RMA */
> +if (sreset_addr >= 32 * MiB || sreset_addr >= spapr->rma_size ||
> +   mce_addr >= 32 * MiB ||mce_addr >= spapr->rma_size) {
> +rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
> +return;
> +}
> +
> +spapr->fwnmi_system_reset_addr = sreset_addr;
> +spapr->fwnmi_machine_check_addr = mce_addr;
>  
>  rtas_st(rets, 0, RTAS_OUT_SUCCESS);
>  }
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index 64b83402cb..42d64a0368 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -194,9 +194,10 @@ struct SpaprMachineState {
>  
>  /* State related to FWNMI option */
>  
> -/* Machine Check Notification Routine address
> +/* System Reset and Machine Check Notification Routine addresses
>   * registered by "ibm,nmi-register" RTAS call.
>   */
> +target_ulong fwnmi_system_reset_addr;
>  target_ulong fwnmi_machine_check_addr;
>  
>  /* Machine Check FWNMI synchronization, fwnmi_machine_check_interlock is

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v2 2/8] ppc/spapr: Change FWNMI names

[David Gibson]

On Tue, Mar 17, 2020 at 12:26:07AM +1000, Nicholas Piggin wrote:
> The option is called "FWNMI", and it involves more than just machine
> checks, also machine checks can be delivered without the FWNMI option,
> so re-name various things to reflect that.
> 
> Signed-off-by: Nicholas Piggin 

Applied to ppc-for-5.0, thanks.

> ---
>  hw/ppc/spapr.c| 28 ++--
>  hw/ppc/spapr_caps.c   | 14 +++---
>  hw/ppc/spapr_events.c | 14 +++---
>  hw/ppc/spapr_rtas.c   | 17 +
>  include/hw/ppc/spapr.h| 27 +--
>  tests/qtest/libqos/libqos-spapr.h |  2 +-
>  6 files changed, 55 insertions(+), 47 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index d3db3ec56e..b03b26370d 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1704,11 +1704,11 @@ static void spapr_machine_reset(MachineState *machine)
>  
>  spapr->cas_reboot = false;
>  
> -spapr->mc_status = -1;
> -spapr->guest_machine_check_addr = -1;
> +spapr->fwnmi_machine_check_addr = -1;
> +spapr->fwnmi_machine_check_interlock = -1;
>  
>  /* Signal all vCPUs waiting on this condition */
> -qemu_cond_broadcast(>mc_delivery_cond);
> +qemu_cond_broadcast(>fwnmi_machine_check_interlock_cond);
>  
>  migrate_del_blocker(spapr->fwnmi_migration_blocker);
>  }
> @@ -1997,7 +1997,7 @@ static bool spapr_fwnmi_needed(void *opaque)
>  {
>  SpaprMachineState *spapr = (SpaprMachineState *)opaque;
>  
> -return spapr->guest_machine_check_addr != -1;
> +return spapr->fwnmi_machine_check_addr != -1;
>  }
>  
>  static int spapr_fwnmi_pre_save(void *opaque)
> @@ -2008,7 +2008,7 @@ static int spapr_fwnmi_pre_save(void *opaque)
>   * Check if machine check handling is in progress and print a
>   * warning message.
>   */
> -if (spapr->mc_status != -1) {
> +if (spapr->fwnmi_machine_check_interlock != -1) {
>  warn_report("A machine check is being handled during migration. The"
>  "handler may run and log hardware error on the destination");
>  }
> @@ -2016,15 +2016,15 @@ static int spapr_fwnmi_pre_save(void *opaque)
>  return 0;
>  }
>  
> -static const VMStateDescription vmstate_spapr_machine_check = {
> -.name = "spapr_machine_check",
> +static const VMStateDescription vmstate_spapr_fwnmi = {
> +.name = "spapr_fwnmi",
>  .version_id = 1,
>  .minimum_version_id = 1,
>  .needed = spapr_fwnmi_needed,
>  .pre_save = spapr_fwnmi_pre_save,
>  .fields = (VMStateField[]) {
> -VMSTATE_UINT64(guest_machine_check_addr, SpaprMachineState),
> -VMSTATE_INT32(mc_status, SpaprMachineState),
> +VMSTATE_UINT64(fwnmi_machine_check_addr, SpaprMachineState),
> +VMSTATE_INT32(fwnmi_machine_check_interlock, SpaprMachineState),
>  VMSTATE_END_OF_LIST()
>  },
>  };
> @@ -2063,7 +2063,7 @@ static const VMStateDescription vmstate_spapr = {
>  _spapr_cap_large_decr,
>  _spapr_cap_ccf_assist,
>  _spapr_cap_fwnmi,
> -_spapr_machine_check,
> +_spapr_fwnmi,
>  NULL
>  }
>  };
> @@ -2884,7 +2884,7 @@ static void spapr_machine_init(MachineState *machine)
>  spapr_create_lmb_dr_connectors(spapr);
>  }
>  
> -if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI_MCE) == SPAPR_CAP_ON) {
> +if (spapr_get_cap(spapr, SPAPR_CAP_FWNMI) == SPAPR_CAP_ON) {
>  /* Create the error string for live migration blocker */
>  error_setg(>fwnmi_migration_blocker,
>  "A machine check is being handled during migration. The handler"
> @@ -3053,7 +3053,7 @@ static void spapr_machine_init(MachineState *machine)
>  kvmppc_spapr_enable_inkernel_multitce();
>  }
>  
> -qemu_cond_init(>mc_delivery_cond);
> +qemu_cond_init(>fwnmi_machine_check_interlock_cond);
>  }
>  
>  static int spapr_kvm_type(MachineState *machine, const char *vm_type)
> @@ -4534,7 +4534,7 @@ static void spapr_machine_class_init(ObjectClass *oc, 
> void *data)
>  smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
>  smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
>  smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_ON;
> -smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_ON;
> +smc->default_caps.caps[SPAPR_CAP_FWNMI] = SPAPR_CAP_ON;
>  spapr_caps_add_properties(smc, _abort);
>  smc->irq = _irq_dual;
>  smc->dr_phb_enabled = true;
> @@ -4612,7 +4612,7 @@ static void 
> spapr_machine_4_2_class_options(MachineClass *mc)
>  spapr_machine_5_0_class_options(mc);
>  compat_props_add(mc->compat_props, hw_compat_4_2, hw_compat_4_2_len);
>  smc->default_caps.caps[SPAPR_CAP_CCF_ASSIST] = SPAPR_CAP_OFF;
> -smc->default_caps.caps[SPAPR_CAP_FWNMI_MCE] = SPAPR_CAP_OFF;
> +smc->default_caps.caps[SPAPR_CAP_FWNMI] = SPAPR_CAP_OFF;
>  smc->rma_limit = 16 * 

Re: [PATCH qemu] spapr/rtas: Reserve space for RTAS blob and log

[David Gibson]

On Mon, Mar 16, 2020 at 05:10:56PM +0100, Greg Kurz wrote:
> On Mon, 16 Mar 2020 12:18:41 +1100
> Alexey Kardashevskiy  wrote:
> 
> > At the moment SLOF reserves space for RTAS and instantiates the RTAS blob
> > which is 20 bytes binary blob calling an hypercall. The rest of the RTAS
> > area is a log which SLOF has no idea about but QEMU does.
> > 
> > This moves RTAS sizing to QEMU and this overrides the size from SLOF.
> > The only remaining problem is that SLOF copies the number of bytes it
> > reserved (2KB for now) so QEMU needs to reserve at least this much;
> > SLOF will be fixed separately to check that rtas-size from QEMU is
> > enough for those 20 bytes the H_RTAS hcall.
> 
> 20 bytes >for< the H_RTAS hcall ?

Adjusted in my tree, thanks.

> 
> Reviewed-by: Greg Kurz 
> 
> > 
> > Signed-off-by: Alexey Kardashevskiy 
> > ---
> >  include/hw/ppc/spapr.h | 1 +
> >  hw/ppc/spapr.c | 1 +
> >  2 files changed, 2 insertions(+)
> > 
> > diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> > index 2015e37ac5c8..35b489a54929 100644
> > --- a/include/hw/ppc/spapr.h
> > +++ b/include/hw/ppc/spapr.h
> > @@ -736,6 +736,7 @@ void spapr_load_rtas(SpaprMachineState *spapr, void 
> > *fdt, hwaddr addr);
> >  #define SPAPR_IS_PCI_LIOBN(liobn)   (!!((liobn) & 0x8000))
> >  #define SPAPR_PCI_DMA_WINDOW_NUM(liobn) ((liobn) & 0xff)
> >  
> > +#define RTAS_SIZE   2048
> >  #define RTAS_ERROR_LOG_MAX  2048
> >  
> >  /* Offset from rtas-base where error log is placed */
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 64bc8b83e91e..d3db3ec56e9c 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -967,6 +967,7 @@ static void spapr_dt_rtas(SpaprMachineState *spapr, 
> > void *fdt)
> >  _FDT(fdt_setprop(fdt, rtas, "ibm,max-associativity-domains",
> >   maxdomains, sizeof(maxdomains)));
> >  
> > +_FDT(fdt_setprop_cell(fdt, rtas, "rtas-size", RTAS_SIZE));
> >  _FDT(fdt_setprop_cell(fdt, rtas, "rtas-error-log-max",
> >RTAS_ERROR_LOG_MAX));
> >  _FDT(fdt_setprop_cell(fdt, rtas, "rtas-event-scan-rate",
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v2 1/8] ppc/spapr: Fix FWNMI machine check failure handling

[David Gibson]

On Tue, Mar 17, 2020 at 12:26:06AM +1000, Nicholas Piggin wrote:
> ppc_cpu_do_system_reset delivers a system rreset interrupt to the guest,
> which is certainly not what is intended here. Panic the guest like other
> failure cases here do.
> 
> Signed-off-by: Nicholas Piggin 

Applied to ppc-for-5.0, thanks.

> ---
>  hw/ppc/spapr_events.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/hw/ppc/spapr_events.c b/hw/ppc/spapr_events.c
> index 2afd1844e4..11303258d4 100644
> --- a/hw/ppc/spapr_events.c
> +++ b/hw/ppc/spapr_events.c
> @@ -785,7 +785,6 @@ static uint32_t spapr_mce_get_elog_type(PowerPCCPU *cpu, 
> bool recovered,
>  static void spapr_mce_dispatch_elog(PowerPCCPU *cpu, bool recovered)
>  {
>  SpaprMachineState *spapr = SPAPR_MACHINE(qdev_get_machine());
> -CPUState *cs = CPU(cpu);
>  uint64_t rtas_addr;
>  CPUPPCState *env = >env;
>  PowerPCCPUClass *pcc = POWERPC_CPU_GET_CLASS(cpu);
> @@ -823,8 +822,7 @@ static void spapr_mce_dispatch_elog(PowerPCCPU *cpu, bool 
> recovered)
>  /* get rtas addr from fdt */
>  rtas_addr = spapr_get_rtas_addr();
>  if (!rtas_addr) {
> -/* Unable to fetch rtas_addr. Hence reset the guest */
> -ppc_cpu_do_system_reset(cs);
> +qemu_system_guest_panicked(NULL);
>  g_free(ext_elog);
>  return;
>  }

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [PATCH v4 6/6] virtio-net: add migration support for RSS and hash report

[Michael S. Tsirkin]

On Mon, Mar 16, 2020 at 12:09:33PM +0200, Yuri Benditovich wrote:
> Save and restore RSS/hash report configuration.
> 
> Signed-off-by: Yuri Benditovich 
> ---
>  hw/net/virtio-net.c | 26 ++
>  1 file changed, 26 insertions(+)
> 
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index a0614ad4e6..f343762a0f 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -2842,6 +2842,13 @@ static int virtio_net_post_load_device(void *opaque, 
> int version_id)
>  }
>  }
>  
> +if (n->rss_data.enabled) {
> +trace_virtio_net_rss_enable(n->rss_data.hash_types,
> +n->rss_data.indirections_len,
> +sizeof(n->rss_data.key));
> +} else {
> +trace_virtio_net_rss_disable();
> +}
>  return 0;
>  }
>  
> @@ -3019,6 +3026,24 @@ static const VMStateDescription 
> vmstate_virtio_net_has_vnet = {
>  },
>  };
>  
> +static const VMStateDescription vmstate_rss = {
> +.name  = "vmstate_rss",
> +.fields = (VMStateField[]) {
> +VMSTATE_BOOL(enabled, VirtioNetRssData),
> +VMSTATE_BOOL(redirect, VirtioNetRssData),
> +VMSTATE_BOOL(populate_hash, VirtioNetRssData),
> +VMSTATE_UINT32(hash_types, VirtioNetRssData),
> +VMSTATE_UINT32(indirections_len, VirtioNetRssData),


Why is this UINT32? Shouldn't it be UINT16?

> +VMSTATE_UINT16(default_queue, VirtioNetRssData),
> +VMSTATE_UINT8_ARRAY(key, VirtioNetRssData,
> +VIRTIO_NET_RSS_MAX_KEY_SIZE),
> +VMSTATE_VARRAY_UINT32_ALLOC(indirections_table, VirtioNetRssData,
> +indirections_len, 0,
> +vmstate_info_uint16, uint16_t),
> +VMSTATE_END_OF_LIST()
> +},
> +};
> +
>  static const VMStateDescription vmstate_virtio_net_device = {
>  .name = "virtio-net-device",
>  .version_id = VIRTIO_NET_VM_VERSION,
> @@ -3067,6 +3092,7 @@ static const VMStateDescription 
> vmstate_virtio_net_device = {
>   vmstate_virtio_net_tx_waiting),
>  VMSTATE_UINT64_TEST(curr_guest_offloads, VirtIONet,
>  has_ctrl_guest_offloads),
> +VMSTATE_STRUCT(rss_data, VirtIONet, 1, vmstate_rss, 
> VirtioNetRssData),
>  VMSTATE_END_OF_LIST()
> },
>  };
> -- 
> 2.17.1

[PULL 06/61] util: add util function buffer_zero_avx512()

[Paolo Bonzini]

From: Robert Hoo 

And intialize buffer_is_zero() with it, when Intel AVX512F is
available on host.

This function utilizes Intel AVX512 fundamental instructions which
is faster than its implementation with AVX2 (in my unit test, with
4K buffer, on CascadeLake SP, ~36% faster, buffer_zero_avx512() V.S.
buffer_zero_avx2()).

Signed-off-by: Robert Hoo 
Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 
---
 include/qemu/cpuid.h |  3 +++
 util/bufferiszero.c  | 71 
 2 files changed, 64 insertions(+), 10 deletions(-)

diff --git a/include/qemu/cpuid.h b/include/qemu/cpuid.h
index 6930170..09fc245 100644
--- a/include/qemu/cpuid.h
+++ b/include/qemu/cpuid.h
@@ -45,6 +45,9 @@
 #ifndef bit_AVX2
 #define bit_AVX2(1 << 5)
 #endif
+#ifndef bit_AVX512F
+#define bit_AVX512F(1 << 16)
+#endif
 #ifndef bit_BMI2
 #define bit_BMI2(1 << 8)
 #endif
diff --git a/util/bufferiszero.c b/util/bufferiszero.c
index bfb2605..6639035 100644
--- a/util/bufferiszero.c
+++ b/util/bufferiszero.c
@@ -63,11 +63,11 @@ buffer_zero_int(const void *buf, size_t len)
 }
 }
 
-#if defined(CONFIG_AVX2_OPT) || defined(__SSE2__)
+#if defined(CONFIG_AVX512F_OPT) || defined(CONFIG_AVX2_OPT) || 
defined(__SSE2__)
 /* Do not use push_options pragmas unnecessarily, because clang
  * does not support them.
  */
-#ifdef CONFIG_AVX2_OPT
+#if defined(CONFIG_AVX512F_OPT) || defined(CONFIG_AVX2_OPT)
 #pragma GCC push_options
 #pragma GCC target("sse2")
 #endif
@@ -104,7 +104,7 @@ buffer_zero_sse2(const void *buf, size_t len)
 
 return _mm_movemask_epi8(_mm_cmpeq_epi8(t, zero)) == 0x;
 }
-#ifdef CONFIG_AVX2_OPT
+#if defined(CONFIG_AVX512F_OPT) || defined(CONFIG_AVX2_OPT)
 #pragma GCC pop_options
 #endif
 
@@ -187,18 +187,54 @@ buffer_zero_avx2(const void *buf, size_t len)
 #pragma GCC pop_options
 #endif /* CONFIG_AVX2_OPT */
 
+#ifdef CONFIG_AVX512F_OPT
+#pragma GCC push_options
+#pragma GCC target("avx512f")
+#include 
+
+static bool
+buffer_zero_avx512(const void *buf, size_t len)
+{
+/* Begin with an unaligned head of 64 bytes.  */
+__m512i t = _mm512_loadu_si512(buf);
+__m512i *p = (__m512i *)(((uintptr_t)buf + 5 * 64) & -64);
+__m512i *e = (__m512i *)(((uintptr_t)buf + len) & -64);
+
+/* Loop over 64-byte aligned blocks of 256.  */
+while (p <= e) {
+__builtin_prefetch(p);
+if (unlikely(_mm512_test_epi64_mask(t, t))) {
+return false;
+}
+t = p[-4] | p[-3] | p[-2] | p[-1];
+p += 4;
+}
+
+t |= _mm512_loadu_si512(buf + len - 4 * 64);
+t |= _mm512_loadu_si512(buf + len - 3 * 64);
+t |= _mm512_loadu_si512(buf + len - 2 * 64);
+t |= _mm512_loadu_si512(buf + len - 1 * 64);
+
+return !_mm512_test_epi64_mask(t, t);
+
+}
+#pragma GCC pop_options
+#endif
+
+
 /* Note that for test_buffer_is_zero_next_accel, the most preferred
  * ISA must have the least significant bit.
  */
-#define CACHE_AVX21
-#define CACHE_SSE42
-#define CACHE_SSE24
+#define CACHE_AVX512F 1
+#define CACHE_AVX22
+#define CACHE_SSE44
+#define CACHE_SSE28
 
 /* Make sure that these variables are appropriately initialized when
  * SSE2 is enabled on the compiler command-line, but the compiler is
  * too old to support CONFIG_AVX2_OPT.
  */
-#ifdef CONFIG_AVX2_OPT
+#if defined(CONFIG_AVX512F_OPT) || defined(CONFIG_AVX2_OPT)
 # define INIT_CACHE 0
 # define INIT_ACCEL buffer_zero_int
 #else
@@ -211,6 +247,7 @@ buffer_zero_avx2(const void *buf, size_t len)
 
 static unsigned cpuid_cache = INIT_CACHE;
 static bool (*buffer_accel)(const void *, size_t) = INIT_ACCEL;
+static int length_to_accel = 64;
 
 static void init_accel(unsigned cache)
 {
@@ -226,10 +263,16 @@ static void init_accel(unsigned cache)
 fn = buffer_zero_avx2;
 }
 #endif
+#ifdef CONFIG_AVX512F_OPT
+if (cache & CACHE_AVX512F) {
+fn = buffer_zero_avx512;
+length_to_accel = 256;
+}
+#endif
 buffer_accel = fn;
 }
 
-#ifdef CONFIG_AVX2_OPT
+#if defined(CONFIG_AVX512F_OPT) || defined(CONFIG_AVX2_OPT)
 #include "qemu/cpuid.h"
 
 static void __attribute__((constructor)) init_cpuid_cache(void)
@@ -252,9 +295,17 @@ static void __attribute__((constructor)) 
init_cpuid_cache(void)
 int bv;
 __asm("xgetbv" : "=a"(bv), "=d"(d) : "c"(0));
 __cpuid_count(7, 0, a, b, c, d);
-if ((bv & 6) == 6 && (b & bit_AVX2)) {
+if ((bv & 0x6) == 0x6 && (b & bit_AVX2)) {
 cache |= CACHE_AVX2;
 }
+/* 0xe6:
+*  XCR0[7:5] = 111b (OPMASK state, upper 256-bit of ZMM0-ZMM15
+*and ZMM16-ZMM31 state are enabled by OS)
+*  XCR0[2:1] = 11b (XMM state and YMM state are enabled by OS)
+*/
+if ((bv & 0xe6) == 0xe6 && (b & bit_AVX512F)) {
+cache |= CACHE_AVX512F;
+}
 }
 }
 cpuid_cache = cache;
@@ -277,7 

Re: [PULL 06/61] util: add util function buffer_zero_avx512()

[Paolo Bonzini]

This breaks if AVX2 and AVX512 are both disabled but SSE2 isn't, because
it calls buffer_is_zero_sse2 even with length < 64.  Fix:

diff --git a/util/bufferiszero.c b/util/bufferiszero.c
index b6eab0c..6639035 100644
--- a/util/bufferiszero.c
+++ b/util/bufferiszero.c
@@ -247,23 +247,20 @@ buffer_zero_avx512(const void *buf, size_t len)

 static unsigned cpuid_cache = INIT_CACHE;
 static bool (*buffer_accel)(const void *, size_t) = INIT_ACCEL;
-static int length_to_accel;
+static int length_to_accel = 64;

 static void init_accel(unsigned cache)
 {
 bool (*fn)(const void *, size_t) = buffer_zero_int;
 if (cache & CACHE_SSE2) {
 fn = buffer_zero_sse2;
-length_to_accel = 64;
 }
 #ifdef CONFIG_AVX2_OPT
 if (cache & CACHE_SSE4) {
 fn = buffer_zero_sse4;
-length_to_accel = 64;
 }
 if (cache & CACHE_AVX2) {
 fn = buffer_zero_avx2;
-length_to_accel = 64;
 }
 #endif
 #ifdef CONFIG_AVX512F_OPT

Paolo

Re: [PATCH v2 2/2] mmap-alloc: Include osdep.h before checking CONFIG_LINUX

[Michael S. Tsirkin]

On Mon, Mar 16, 2020 at 07:20:02PM +, Peter Maydell wrote:
> On Mon, 16 Mar 2020 at 18:40, Eduardo Habkost  wrote:
> >
> > On Mon, Mar 16, 2020 at 06:08:54PM +, Peter Maydell wrote:
> > > The usual approach is that if you don't have the Linux-specific
> > > feature available you quietly fall back to whatever the sensible
> > > behaviour is for when the feature isn't present. We definitely
> > > don't want to be printing warnings on non-Linux systems that
> > > are effectively just saying "you're not running Linux". Same goes
> > > for "host happens not to be running a bleeding-edge Linux kernel
> > > and this feature isn't available yet".
> >
> > I don't think using pmem=on without MAP_SYNC is expected to be a
> > supported use case, is it?  If a use case is not supported, the
> > sensible behavior is to tell the user it is not supported.
> 
> Yeah, that's fair. But the code at the moment does a fallback
> to "proceed without SHARED_VALIDATE | SYNC", so I assumed it
> was supposed to work.
> 
> thanks
> -- PMM

Oh I remember now. pmem=on was introduced without MAP_SYNC first.
So yes, it's ok to set it to 0 for mips.

-- 
MST

[PATCH v2] checkpatch: enforce process for expected files

[Michael S. Tsirkin]

If the process documented in tests/qtest/bios-tables-test.c
is followed, then same patch never touches both expected
files and code. Teach checkpatch to enforce this rule.

Tested-by: Igor Mammedov 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Michael S. Tsirkin 
---
 scripts/checkpatch.pl | 25 +
 1 file changed, 25 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index b27e4ff5e9..e658e6546f 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -35,6 +35,8 @@ my $summary_file = 0;
 my $root;
 my %debug;
 my $help = 0;
+my $acpi_testexpected;
+my $acpi_nontestexpected;
 
 sub help {
my ($exitcode) = @_;
@@ -1256,6 +1258,27 @@ sub WARN {
}
 }
 
+# According to tests/qtest/bios-tables-test.c: do not
+# change expected file in the same commit with adding test
+sub checkfilename {
+   my ($name) = @_;
+   if ($name =~ m#^tests/data/acpi/# and
+   # make exception for a shell script that rebuilds the files
+   not $name =~ m#^\.sh$# or
+   $name =~ m#^tests/qtest/bios-tables-test-allowed-diff.h$#) {
+   $acpi_testexpected = $name;
+   } else {
+   $acpi_nontestexpected = $name;
+   }
+   if (defined $acpi_testexpected and defined $acpi_nontestexpected) {
+   ERROR("Do not add expected files together with tests, " .
+ "follow instructions in " .
+ "tests/qtest/bios-tables-test.c: both " .
+ $acpi_testexpected . " and " .
+ $acpi_nontestexpected . " found\n");
+   }
+}
+
 sub process {
my $filename = shift;
 
@@ -1431,9 +1454,11 @@ sub process {
if ($line =~ /^diff --git.*?(\S+)$/) {
$realfile = $1;
$realfile =~ s@^([^/]*)/@@ if (!$file);
+   checkfilename($realfile);
} elsif ($line =~ /^\+\+\+\s+(\S+)/) {
$realfile = $1;
$realfile =~ s@^([^/]*)/@@ if (!$file);
+   checkfilename($realfile);
 
$p1_prefix = $1;
if (!$file && $tree && $p1_prefix ne '' &&
-- 
MST

[PULL 55/61] hw/dma: Let devices own the MemoryRegion they create

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Avoid orphan memory regions being added in the /unattached QOM
container.

This commit was produced with the Coccinelle script
scripts/coccinelle/memory-region-housekeeping.cocci.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/dma/i8257.c  | 2 +-
 hw/dma/rc4030.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/hw/dma/i8257.c b/hw/dma/i8257.c
index bad8deb..ef15c06 100644
--- a/hw/dma/i8257.c
+++ b/hw/dma/i8257.c
@@ -553,7 +553,7 @@ static void i8257_realize(DeviceState *dev, Error **errp)
 I8257State *d = I8257(dev);
 int i;
 
-memory_region_init_io(>channel_io, NULL, _io_ops, d,
+memory_region_init_io(>channel_io, OBJECT(dev), _io_ops, d,
   "dma-chan", 8 << d->dshift);
 memory_region_add_subregion(isa_address_space_io(isa),
 d->base, >channel_io);
diff --git a/hw/dma/rc4030.c b/hw/dma/rc4030.c
index 21e2c36..7434d27 100644
--- a/hw/dma/rc4030.c
+++ b/hw/dma/rc4030.c
@@ -679,9 +679,9 @@ static void rc4030_realize(DeviceState *dev, Error **errp)
 s->periodic_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
  rc4030_periodic_timer, s);
 
-memory_region_init_io(>iomem_chipset, NULL, _ops, s,
+memory_region_init_io(>iomem_chipset, o, _ops, s,
   "rc4030.chipset", 0x300);
-memory_region_init_io(>iomem_jazzio, NULL, _ops, s,
+memory_region_init_io(>iomem_jazzio, o, _ops, s,
   "rc4030.jazzio", 0x1000);
 
 memory_region_init_iommu(>dma_mr, sizeof(s->dma_mr),
-- 
1.8.3.1

[PULL v2 00/61] Misc patches for soft freeze

[Paolo Bonzini]

The following changes since commit a98135f727595382e200d04c2996e868b7925a01:

  Merge remote-tracking branch 'remotes/kraxel/tags/vga-20200316-pull-request' 
into staging (2020-03-16 14:55:59 +)

are available in the git repository at:


  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to 9d04fea181318684a899fadd99cef7e04097456b:

  hw/arm: Let devices own the MemoryRegion they create (2020-03-16 23:02:30 
+0100)


* Bugfixes all over the place
* get/set_uint cleanups (Felipe)
* Lock guard support (Stefan)
* MemoryRegion ownership cleanup (Philippe)
* AVX512 optimization for buffer_is_zero (Robert)


v1->v2: fix for clang build

Christian Ehrhardt (1):
  modules: load modules from versioned /var/run dir

Christophe de Dinechin (1):
  scsi/qemu-pr-helper: Fix out-of-bounds access to trnptid_list[]

Colin Xu (1):
  MAINTAINERS: Add entry for Guest X86 HAXM CPUs

Dr. David Alan Gilbert (1):
  exec/rom_reset: Free rom data during inmigrate skip

Eduardo Habkost (1):
  Use -isystem for linux-headers dir

Felipe Franciosi (4):
  qom/object: enable setter for uint types
  ich9: fix getter type for sci_int property
  ich9: Simplify ich9_lpc_initfn
  qom/object: Use common get/set uint helpers

Jan Kiszka (1):
  hw/i386/intel_iommu: Fix out-of-bounds access on guest IRT

Joe Richey (1):
  optionrom/pvh: scan entire RSDP Area

Julio Faracco (1):
  i386: Fix GCC warning with snprintf when HAX is enabled

Kashyap Chamarthy (1):
  qemu-cpu-models.rst: Document -noTSX, mds-no, taa-no, and tsx-ctrl

Longpeng (Mike) (1):
  cpus: avoid pause_all_vcpus getting stuck due to race

Marc-André Lureau (1):
  build-sys: do not make qemu-ga link with pixman

Matt Borgerson (1):
  memory: Fix start offset for bitmap log_clear hook

Paolo Bonzini (1):
  oslib-posix: initialize mutex and condition variable

Peter Maydell (1):
  softmmu/vl.c: Handle '-cpu help' and '-device help' before 'no default 
machine'

Philippe Mathieu-Daudé (36):
  misc: Replace zero-length arrays with flexible array member (automatic)
  misc: Replace zero-length arrays with flexible array member (manual)
  configure: Fix building with SASL on Windows
  tests/docker: Install SASL library to extend code coverage on amd64
  Makefile: Align 'help' target output
  Makefile: Let the 'help' target list the tools targets
  hw/audio/fmopl: Move ENV_CURVE to .heap to save 32KiB of .bss
  hw/audio/intel-hda: Use memory region alias to reduce .rodata by 4.34MB
  hw/usb/quirks: Use smaller types to reduce .rodata by 10KiB
  ui/curses: Make control_characters[] array const
  ui/curses: Move arrays to .heap to save 74KiB of .bss
  memory: Correctly return alias region type
  memory: Simplify memory_region_init_rom_nomigrate() to ease review
  scripts/cocci: Rename memory-region-{init-ram -> housekeeping}
  scripts/cocci: Patch to replace memory_region_init_{ram,readonly -> rom}
  hw/arm: Use memory_region_init_rom() with read-only regions
  hw/display: Use memory_region_init_rom() with read-only regions
  hw/m68k: Use memory_region_init_rom() with read-only regions
  hw/net: Use memory_region_init_rom() with read-only regions
  hw/pci-host: Use memory_region_init_rom() with read-only regions
  hw/ppc: Use memory_region_init_rom() with read-only regions
  hw/riscv: Use memory_region_init_rom() with read-only regions
  hw/sh4: Use memory_region_init_rom() with read-only regions
  hw/sparc: Use memory_region_init_rom() with read-only regions
  scripts/cocci: Patch to detect potential use of memory_region_init_rom
  scripts/cocci: Patch to remove unnecessary memory_region_set_readonly()
  scripts/cocci: Patch to let devices own their MemoryRegions
  hw/core: Let devices own the MemoryRegion they create
  hw/display: Let devices own the MemoryRegion they create
  hw/dma: Let devices own the MemoryRegion they create
  hw/riscv: Let devices own the MemoryRegion they create
  hw/char: Let devices own the MemoryRegion they create
  hw/arm/stm32: Use memory_region_init_rom() with read-only regions
  hw/ppc/ppc405: Use memory_region_init_rom() with read-only regions
  hw/arm: Remove unnecessary memory_region_set_readonly() on ROM alias
  hw/arm: Let devices own the MemoryRegion they create

Robert Hoo (2):
  configure: add configure option avx512f_opt
  util: add util function buffer_zero_avx512()

Stefan Hajnoczi (2):
  lockable: add lock guards
  lockable: add QemuRecMutex support

Sunil Muthuswamy (3):
  WHPX: TSC get and set should be dependent on VM state
  WHPX: Use QEMU values for trapped CPUID
  WHPX: Use proper synchronization primitives while processing

 MA

[PULL 54/61] hw/display: Let devices own the MemoryRegion they create

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Avoid orphan memory regions being added in the /unattached QOM
container.

This commit was produced with the Coccinelle script
scripts/coccinelle/memory-region-housekeeping.cocci.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/display/g364fb.c | 3 ++-
 hw/display/macfb.c  | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/display/g364fb.c b/hw/display/g364fb.c
index 55185c9..adcba96 100644
--- a/hw/display/g364fb.c
+++ b/hw/display/g364fb.c
@@ -477,7 +477,8 @@ static void g364fb_init(DeviceState *dev, G364State *s)
 
 s->con = graphic_console_init(dev, 0, _ops, s);
 
-memory_region_init_io(>mem_ctrl, NULL, _ctrl_ops, s, "ctrl", 
0x18);
+memory_region_init_io(>mem_ctrl, OBJECT(dev), _ctrl_ops, s,
+  "ctrl", 0x18);
 memory_region_init_ram_ptr(>mem_vram, NULL, "vram",
s->vram_size, s->vram);
 vmstate_register_ram(>mem_vram, dev);
diff --git a/hw/display/macfb.c b/hw/display/macfb.c
index 8bff16d..b68faff 100644
--- a/hw/display/macfb.c
+++ b/hw/display/macfb.c
@@ -362,8 +362,8 @@ static void macfb_common_realize(DeviceState *dev, 
MacfbState *s, Error **errp)
 return;
 }
 
-memory_region_init_io(>mem_ctrl, NULL, _ctrl_ops, s, "macfb-ctrl",
-  0x1000);
+memory_region_init_io(>mem_ctrl, OBJECT(dev), _ctrl_ops, s,
+  "macfb-ctrl", 0x1000);
 
 memory_region_init_ram_nomigrate(>mem_vram, OBJECT(s), "macfb-vram",
  MACFB_VRAM_SIZE, errp);
-- 
1.8.3.1

[PULL 61/61] hw/arm: Let devices own the MemoryRegion they create

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Avoid orphan memory regions being added in the /unattached QOM
container.

This commit was produced with the Coccinelle script
scripts/coccinelle/memory-region-housekeeping.cocci.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/exynos4210.c| 12 ++--
 hw/arm/fsl-imx25.c | 10 +-
 hw/arm/fsl-imx31.c |  6 +++---
 hw/arm/fsl-imx6.c  |  6 +++---
 hw/arm/fsl-imx6ul.c|  9 +
 hw/arm/msf2-soc.c  |  6 +++---
 hw/arm/nrf51_soc.c |  2 +-
 hw/arm/stm32f205_soc.c |  8 
 hw/arm/stm32f405_soc.c |  9 +
 hw/arm/xlnx-zynqmp.c   | 11 +--
 10 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index 4e1fd7e..1f7253e 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -305,20 +305,20 @@ static void exynos4210_realize(DeviceState *socdev, Error 
**errp)
 /*** Memory ***/
 
 /* Chip-ID and OMR */
-memory_region_init_io(>chipid_mem, NULL, _chipid_and_omr_ops,
-NULL, "exynos4210.chipid", sizeof(chipid_and_omr));
+memory_region_init_io(>chipid_mem, OBJECT(socdev),
+  _chipid_and_omr_ops, NULL,
+  "exynos4210.chipid", sizeof(chipid_and_omr));
 memory_region_add_subregion(system_mem, EXYNOS4210_CHIPID_ADDR,
 >chipid_mem);
 
 /* Internal ROM */
-memory_region_init_rom(>irom_mem, NULL, "exynos4210.irom",
+memory_region_init_rom(>irom_mem, OBJECT(socdev), "exynos4210.irom",
EXYNOS4210_IROM_SIZE, _fatal);
 memory_region_add_subregion(system_mem, EXYNOS4210_IROM_BASE_ADDR,
 >irom_mem);
 /* mirror of iROM */
-memory_region_init_alias(>irom_alias_mem, NULL, "exynos4210.irom_alias",
- >irom_mem,
- 0,
+memory_region_init_alias(>irom_alias_mem, OBJECT(socdev),
+ "exynos4210.irom_alias", >irom_mem, 0,
  EXYNOS4210_IROM_SIZE);
 memory_region_add_subregion(system_mem, EXYNOS4210_IROM_MIRROR_BASE_ADDR,
 >irom_alias_mem);
diff --git a/hw/arm/fsl-imx25.c b/hw/arm/fsl-imx25.c
index a3f829f..6f1a82c 100644
--- a/hw/arm/fsl-imx25.c
+++ b/hw/arm/fsl-imx25.c
@@ -303,16 +303,16 @@ static void fsl_imx25_realize(DeviceState *dev, Error 
**errp)
 }
 
 /* initialize 2 x 16 KB ROM */
-memory_region_init_rom(>rom[0], NULL,
-   "imx25.rom0", FSL_IMX25_ROM0_SIZE, );
+memory_region_init_rom(>rom[0], OBJECT(dev), "imx25.rom0",
+   FSL_IMX25_ROM0_SIZE, );
 if (err) {
 error_propagate(errp, err);
 return;
 }
 memory_region_add_subregion(get_system_memory(), FSL_IMX25_ROM0_ADDR,
 >rom[0]);
-memory_region_init_rom(>rom[1], NULL,
-   "imx25.rom1", FSL_IMX25_ROM1_SIZE, );
+memory_region_init_rom(>rom[1], OBJECT(dev), "imx25.rom1",
+   FSL_IMX25_ROM1_SIZE, );
 if (err) {
 error_propagate(errp, err);
 return;
@@ -331,7 +331,7 @@ static void fsl_imx25_realize(DeviceState *dev, Error 
**errp)
 >iram);
 
 /* internal RAM (128 KB) is aliased over 128 MB - 128 KB */
-memory_region_init_alias(>iram_alias, NULL, "imx25.iram_alias",
+memory_region_init_alias(>iram_alias, OBJECT(dev), "imx25.iram_alias",
  >iram, 0, FSL_IMX25_IRAM_ALIAS_SIZE);
 memory_region_add_subregion(get_system_memory(), FSL_IMX25_IRAM_ALIAS_ADDR,
 >iram_alias);
diff --git a/hw/arm/fsl-imx31.c b/hw/arm/fsl-imx31.c
index 55e90d1..8472d2e 100644
--- a/hw/arm/fsl-imx31.c
+++ b/hw/arm/fsl-imx31.c
@@ -206,7 +206,7 @@ static void fsl_imx31_realize(DeviceState *dev, Error 
**errp)
 }
 
 /* On a real system, the first 16k is a `secure boot rom' */
-memory_region_init_rom(>secure_rom, NULL, "imx31.secure_rom",
+memory_region_init_rom(>secure_rom, OBJECT(dev), "imx31.secure_rom",
FSL_IMX31_SECURE_ROM_SIZE, );
 if (err) {
 error_propagate(errp, err);
@@ -216,7 +216,7 @@ static void fsl_imx31_realize(DeviceState *dev, Error 
**errp)
 >secure_rom);
 
 /* There is also a 16k ROM */
-memory_region_init_rom(>rom, NULL, "imx31.rom",
+memory_region_init_rom(>rom, OBJECT(dev), "imx31.rom",
FSL_IMX31_ROM_SIZE, );
 if (err) {
 error_propagate(errp, err);
@@ -236,7 +236,7 @@ static void fsl_imx31_realize(DeviceState *dev, Error 
**errp)
 >iram);
 
 /* internal RAM (16 KB) is aliased over 256 MB - 16 KB */
-memory_region_init_alias(>iram_alias, NULL, "imx31.iram_alias",
+memory_region_init_alias(>iram_alias, OBJECT(dev), "imx31.iram_alias",
   

[PULL 57/61] hw/char: Let devices own the MemoryRegion they create

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Avoid orphan memory regions being added in the /unattached QOM
container.

This commit was produced with the Coccinelle script
scripts/coccinelle/memory-region-housekeeping.cocci.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/char/serial.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index 9298881..2ab8b69 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -997,7 +997,7 @@ static void serial_io_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-memory_region_init_io(>io, NULL, _io_ops, s, "serial", 8);
+memory_region_init_io(>io, OBJECT(dev), _io_ops, s, "serial", 8);
 sysbus_init_mmio(SYS_BUS_DEVICE(sio), >io);
 sysbus_init_irq(SYS_BUS_DEVICE(sio), >irq);
 }
@@ -1106,8 +1106,9 @@ static void serial_mm_realize(DeviceState *dev, Error 
**errp)
 return;
 }
 
-memory_region_init_io(>io, NULL, _mm_ops[smm->endianness], smm,
-  "serial", 8 << smm->regshift);
+memory_region_init_io(>io, OBJECT(dev),
+  _mm_ops[smm->endianness], smm, "serial",
+  8 << smm->regshift);
 sysbus_init_mmio(SYS_BUS_DEVICE(smm), >io);
 sysbus_init_irq(SYS_BUS_DEVICE(smm), >serial.irq);
 }
-- 
1.8.3.1

[PULL 47/61] hw/riscv: Use memory_region_init_rom() with read-only regions

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

This commit was produced with the Coccinelle script
scripts/coccinelle/memory-region-housekeeping.cocci.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/riscv/sifive_e.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index a254cad..a1974ef 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -208,9 +208,8 @@ static void riscv_sifive_e_soc_realize(DeviceState *dev, 
Error **errp)
 memmap[SIFIVE_E_PWM2].base, memmap[SIFIVE_E_PWM2].size);
 
 /* Flash memory */
-memory_region_init_ram(>xip_mem, NULL, "riscv.sifive.e.xip",
-memmap[SIFIVE_E_XIP].size, _fatal);
-memory_region_set_readonly(>xip_mem, true);
+memory_region_init_rom(>xip_mem, NULL, "riscv.sifive.e.xip",
+   memmap[SIFIVE_E_XIP].size, _fatal);
 memory_region_add_subregion(sys_mem, memmap[SIFIVE_E_XIP].base,
 >xip_mem);
 }
-- 
1.8.3.1

[PULL 58/61] hw/arm/stm32: Use memory_region_init_rom() with read-only regions

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

The scripts/coccinelle/memory-region-housekeeping.cocci reported:
* TODO 
[[view:./hw/arm/stm32f205_soc.c::face=ovl-face1::linb=96::colb=4::cole=26][potential
 use of memory_region_init_rom*() in  ./hw/arm/stm32f205_soc.c::96]]
* TODO 
[[view:./hw/arm/stm32f405_soc.c::face=ovl-face1::linb=98::colb=4::cole=26][potential
 use of memory_region_init_rom*() in  ./hw/arm/stm32f405_soc.c::98]]

We can indeed replace the memory_region_init_ram() and
memory_region_set_readonly() calls by memory_region_init_rom().

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/stm32f205_soc.c | 4 +---
 hw/arm/stm32f405_soc.c | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
index 627fd44..2de5627 100644
--- a/hw/arm/stm32f205_soc.c
+++ b/hw/arm/stm32f205_soc.c
@@ -93,12 +93,10 @@ static void stm32f205_soc_realize(DeviceState *dev_soc, 
Error **errp)
 MemoryRegion *flash = g_new(MemoryRegion, 1);
 MemoryRegion *flash_alias = g_new(MemoryRegion, 1);
 
-memory_region_init_ram(flash, NULL, "STM32F205.flash", FLASH_SIZE,
+memory_region_init_rom(flash, NULL, "STM32F205.flash", FLASH_SIZE,
_fatal);
 memory_region_init_alias(flash_alias, NULL, "STM32F205.flash.alias",
  flash, 0, FLASH_SIZE);
-
-memory_region_set_readonly(flash, true);
 memory_region_set_readonly(flash_alias, true);
 
 memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, flash);
diff --git a/hw/arm/stm32f405_soc.c b/hw/arm/stm32f405_soc.c
index 9bcad97..b8fca13 100644
--- a/hw/arm/stm32f405_soc.c
+++ b/hw/arm/stm32f405_soc.c
@@ -95,7 +95,7 @@ static void stm32f405_soc_realize(DeviceState *dev_soc, Error 
**errp)
 Error *err = NULL;
 int i;
 
-memory_region_init_ram(>flash, NULL, "STM32F405.flash", FLASH_SIZE,
+memory_region_init_rom(>flash, NULL, "STM32F405.flash", FLASH_SIZE,
);
 if (err != NULL) {
 error_propagate(errp, err);
@@ -103,8 +103,6 @@ static void stm32f405_soc_realize(DeviceState *dev_soc, 
Error **errp)
 }
 memory_region_init_alias(>flash_alias, NULL, "STM32F405.flash.alias",
  >flash, 0, FLASH_SIZE);
-
-memory_region_set_readonly(>flash, true);
 memory_region_set_readonly(>flash_alias, true);
 
 memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, >flash);
-- 
1.8.3.1

[PULL 46/61] hw/ppc: Use memory_region_init_rom() with read-only regions

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

This commit was produced with the Coccinelle script
scripts/coccinelle/memory-region-housekeeping.cocci.

Acked-by: David Gibson 
Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/ppc/mac_newworld.c | 3 +--
 hw/ppc/mac_oldworld.c | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index b8189bf..b2ec372 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -155,13 +155,12 @@ static void ppc_core99_init(MachineState *machine)
 memory_region_add_subregion(get_system_memory(), 0, machine->ram);
 
 /* allocate and load BIOS */
-memory_region_init_ram(bios, NULL, "ppc_core99.bios", BIOS_SIZE,
+memory_region_init_rom(bios, NULL, "ppc_core99.bios", BIOS_SIZE,
_fatal);
 
 if (bios_name == NULL)
 bios_name = PROM_FILENAME;
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-memory_region_set_readonly(bios, true);
 memory_region_add_subregion(get_system_memory(), PROM_ADDR, bios);
 
 /* Load OpenBIOS (ELF) */
diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
index 440c406..faaa165 100644
--- a/hw/ppc/mac_oldworld.c
+++ b/hw/ppc/mac_oldworld.c
@@ -129,13 +129,12 @@ static void ppc_heathrow_init(MachineState *machine)
 memory_region_add_subregion(sysmem, 0, machine->ram);
 
 /* allocate and load BIOS */
-memory_region_init_ram(bios, NULL, "ppc_heathrow.bios", BIOS_SIZE,
+memory_region_init_rom(bios, NULL, "ppc_heathrow.bios", BIOS_SIZE,
_fatal);
 
 if (bios_name == NULL)
 bios_name = PROM_FILENAME;
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, bios_name);
-memory_region_set_readonly(bios, true);
 memory_region_add_subregion(sysmem, PROM_ADDR, bios);
 
 /* Load OpenBIOS (ELF) */
-- 
1.8.3.1

Re: [PULL 00/38] Linux user for 5.0 patches

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200316161550.336150-1-laur...@vivier.eu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [PULL 00/38] Linux user for 5.0 patches
Message-id: 20200316161550.336150-1-laur...@vivier.eu
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
a5c430a linux-user, openrisc: sync syscall numbers with kernel v5.5
eb272b1 linux-user, nios2: sync syscall numbers with kernel v5.5
22c8c60 linux-user, aarch64: sync syscall numbers with kernel v5.5
ff2d7fb scripts: add a script to generate syscall_nr.h
e61c688 linux-user,mips: update syscall-args-o32.c.inc
2d3af3b linux-user,mips: move content of mips_syscall_args
b059ae6 linux-user: update syscall.tbl from linux 0bf999f9c5e7
e1673a3 linux-user, scripts: add a script to update syscall.tbl
66cb246 linux-user, mips64: add syscall table generation support
1a19648 linux-user, mips: add syscall table generation support
0735d9e linux-user, x86_64: add syscall table generation support
082a58f linux-user, i386: add syscall table generation support
3725dc8 linux-user, x86_64, i386: cleanup TARGET_NR_arch_prctl
c4e0a3a linux-user, sparc, sparc64: add syscall table generation support
b587fb3 linux-user, s390x: add syscall table generation support
b5216b5 linux-user, s390x: remove syscall definitions for !TARGET_S390X
8386d4c linux-user, ppc: add syscall table generation support
787b89e linux-user, arm: add syscall table generation support
f623fac linux-user, microblaze: add syscall table generation support
0257a88 linux-user, sh4: add syscall table generation support
172cbeb linux-user, xtensa: add syscall table generation support
5ec8555 linux-user, m68k: add syscall table generation support
0519335 linux-user, hppa: add syscall table generation support
586725d linux-user, alpha: add syscall table generation support
a3ebf49 linux-user: introduce parameters to generate syscall_nr.h
a129601 linux-user/riscv: Update the syscall_nr's to the 5.5 kernel
29571d4 linux-user: Support futex_time64
78be30d linux-user/syscall: Add support for clock_gettime64/clock_settime64
3781280 linux-user: Protect more syscalls
1e4fd4c linux-user: Update TASK_UNMAPPED_BASE for aarch64
ffe5816 linux-user: fix socket() strace
af7e366 linux-user: do prlimit selectively
de1e86d linux-user: Add AT_EXECFN auxval
0045e32 linux-user: Flush out implementation of gettimeofday
dcc5ae2 linux-user: Add x86_64 vsyscall page to /proc/self/maps
aca467b linux-user/i386: Emulate x86_64 vsyscalls
6828cf1 linux-user/i386: Split out gen_signal
e14979b target/i386: Renumber EXCP_SYSCALL

=== OUTPUT BEGIN ===
1/38 Checking commit e14979b2eea7 (target/i386: Renumber EXCP_SYSCALL)
2/38 Checking commit 6828cf104a6a (linux-user/i386: Split out gen_signal)
3/38 Checking commit aca467bf22c7 (linux-user/i386: Emulate x86_64 vsyscalls)
4/38 Checking commit dcc5ae296a75 (linux-user: Add x86_64 vsyscall page to 
/proc/self/maps)
5/38 Checking commit 0045e32d7be7 (linux-user: Flush out implementation of 
gettimeofday)
6/38 Checking commit de1e86dceed4 (linux-user: Add AT_EXECFN auxval)
7/38 Checking commit af7e3667c6cf (linux-user: do prlimit selectively)
8/38 Checking commit ffe5816ec43b (linux-user: fix socket() strace)
9/38 Checking commit 1e4fd4cc3de4 (linux-user: Update TASK_UNMAPPED_BASE for 
aarch64)
10/38 Checking commit 37812805e354 (linux-user: Protect more syscalls)
11/38 Checking commit 78be30d9711a (linux-user/syscall: Add support for 
clock_gettime64/clock_settime64)
12/38 Checking commit 29571d4f51fe (linux-user: Support futex_time64)
WARNING: architecture specific defines should be avoided
#26: FILE: linux-user/syscall.c:248:
+#if defined(__NR_futex)

WARNING: architecture specific defines should be avoided
#29: FILE: linux-user/syscall.c:251:
+#if defined(__NR_futex_time64)

WARNING: architecture specific defines should be avoided
#40: FILE: linux-user/syscall.c:303:
+#if (defined(TARGET_NR_futex) && defined(__NR_futex)) || \

WARNING: architecture specific defines should be avoided
#46: FILE: linux-user/syscall.c:309:
+#if (defined(TARGET_NR_futex_time64) && defined(__NR_futex_teim64))

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
  ^

ERROR: space required after that ',' (ctx:VxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
   ^

ERROR: space required after that ',' (ctx:OxV)
#47: FILE: linux-user/syscall.c:310:
+_syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
 ^

ERROR: space 

[PULL 41/61] hw/arm: Use memory_region_init_rom() with read-only regions

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

This commit was produced with the Coccinelle script
scripts/coccinelle/memory-region-housekeeping.cocci.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/exynos4210.c | 3 +--
 hw/arm/mainstone.c  | 3 +--
 hw/arm/omap_sx1.c   | 6 ++
 hw/arm/palm.c   | 3 +--
 hw/arm/spitz.c  | 3 +--
 hw/arm/stellaris.c  | 3 +--
 hw/arm/tosa.c   | 3 +--
 7 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index 59a27bd..3af6502 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -311,9 +311,8 @@ static void exynos4210_realize(DeviceState *socdev, Error 
**errp)
 >chipid_mem);
 
 /* Internal ROM */
-memory_region_init_ram(>irom_mem, NULL, "exynos4210.irom",
+memory_region_init_rom(>irom_mem, NULL, "exynos4210.irom",
EXYNOS4210_IROM_SIZE, _fatal);
-memory_region_set_readonly(>irom_mem, true);
 memory_region_add_subregion(system_mem, EXYNOS4210_IROM_BASE_ADDR,
 >irom_mem);
 /* mirror of iROM */
diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c
index 1042017..6bc6436 100644
--- a/hw/arm/mainstone.c
+++ b/hw/arm/mainstone.c
@@ -124,9 +124,8 @@ static void mainstone_common_init(MemoryRegion 
*address_space_mem,
 /* Setup CPU & memory */
 mpu = pxa270_init(address_space_mem, mainstone_binfo.ram_size,
   machine->cpu_type);
-memory_region_init_ram(rom, NULL, "mainstone.rom", MAINSTONE_ROM,
+memory_region_init_rom(rom, NULL, "mainstone.rom", MAINSTONE_ROM,
_fatal);
-memory_region_set_readonly(rom, true);
 memory_region_add_subregion(address_space_mem, 0, rom);
 
 /* There are two 32MiB flash devices on the board */
diff --git a/hw/arm/omap_sx1.c b/hw/arm/omap_sx1.c
index de5ff44..57829b3 100644
--- a/hw/arm/omap_sx1.c
+++ b/hw/arm/omap_sx1.c
@@ -131,9 +131,8 @@ static void sx1_init(MachineState *machine, const int 
version)
 mpu = omap310_mpu_init(machine->ram, machine->cpu_type);
 
 /* External Flash (EMIFS) */
-memory_region_init_ram(flash, NULL, "omap_sx1.flash0-0", flash_size,
+memory_region_init_rom(flash, NULL, "omap_sx1.flash0-0", flash_size,
_fatal);
-memory_region_set_readonly(flash, true);
 memory_region_add_subregion(address_space, OMAP_CS0_BASE, flash);
 
 memory_region_init_io([0], NULL, _ops, ,
@@ -167,9 +166,8 @@ static void sx1_init(MachineState *machine, const int 
version)
 if ((version == 1) &&
 (dinfo = drive_get(IF_PFLASH, 0, fl_idx)) != NULL) {
 MemoryRegion *flash_1 = g_new(MemoryRegion, 1);
-memory_region_init_ram(flash_1, NULL, "omap_sx1.flash1-0",
+memory_region_init_rom(flash_1, NULL, "omap_sx1.flash1-0",
flash1_size, _fatal);
-memory_region_set_readonly(flash_1, true);
 memory_region_add_subregion(address_space, OMAP_CS1_BASE, flash_1);
 
 memory_region_init_io([1], NULL, _ops, ,
diff --git a/hw/arm/palm.c b/hw/arm/palm.c
index 99554bd..97ca105 100644
--- a/hw/arm/palm.c
+++ b/hw/arm/palm.c
@@ -213,9 +213,8 @@ static void palmte_init(MachineState *machine)
 mpu = omap310_mpu_init(machine->ram, machine->cpu_type);
 
 /* External Flash (EMIFS) */
-memory_region_init_ram(flash, NULL, "palmte.flash", flash_size,
+memory_region_init_rom(flash, NULL, "palmte.flash", flash_size,
_fatal);
-memory_region_set_readonly(flash, true);
 memory_region_add_subregion(address_space_mem, OMAP_CS0_BASE, flash);
 
 memory_region_init_io([0], NULL, _ops, , "palmte-cs0",
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
index cbfa693..c28d9b5 100644
--- a/hw/arm/spitz.c
+++ b/hw/arm/spitz.c
@@ -929,8 +929,7 @@ static void spitz_common_init(MachineState *machine,
 
 sl_flash_register(mpu, (model == spitz) ? FLASH_128M : FLASH_1024M);
 
-memory_region_init_ram(rom, NULL, "spitz.rom", SPITZ_ROM, _fatal);
-memory_region_set_readonly(rom, true);
+memory_region_init_rom(rom, NULL, "spitz.rom", SPITZ_ROM, _fatal);
 memory_region_add_subregion(address_space_mem, 0, rom);
 
 /* Setup peripherals */
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index 221a786..d136ba1 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -1300,9 +1300,8 @@ static void stellaris_init(MachineState *ms, 
stellaris_board_info *board)
 sram_size = ((board->dc0 >> 18) + 1) * 1024;
 
 /* Flash programming is done via the SCU, so pretend it is ROM.  */
-memory_region_init_ram(flash, NULL, "stellaris.flash", flash_size,
+memory_region_init_rom(flash, NULL, "stellaris.flash", flash_size,
_fatal);
-memory_region_set_readonly(flash, true);
 memory_region_add_subregion(system_memory, 0, flash);
 
 memory_region_init_ram(sram, NULL, "stellaris.sram", sram_size,
diff --git 

[PULL 51/61] scripts/cocci: Patch to remove unnecessary memory_region_set_readonly()

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Add a semantic patch to remove memory_region_set_readonly() calls
on ROM memory regions.

Signed-off-by: Philippe Mathieu-Daudé 
---
 scripts/coccinelle/memory-region-housekeeping.cocci | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/scripts/coccinelle/memory-region-housekeeping.cocci 
b/scripts/coccinelle/memory-region-housekeeping.cocci
index 9cdde71..5e6b31d 100644
--- a/scripts/coccinelle/memory-region-housekeeping.cocci
+++ b/scripts/coccinelle/memory-region-housekeeping.cocci
@@ -48,6 +48,21 @@ p << possible_memory_region_init_rom.p;
 cocci.print_main("potential use of memory_region_init_rom*() in ", p)
 
 
+// Do not call memory_region_set_readonly() on ROM alias
+@@
+expression ROM, E1, E2, E3, E4;
+expression ALIAS, E5, E6, E7, E8;
+@@
+(
+  memory_region_init_rom(ROM, E1, E2, E3, E4);
+|
+  memory_region_init_rom_nomigrate(ROM, E1, E2, E3, E4);
+)
+  ...
+   memory_region_init_alias(ALIAS, E5, E6, ROM, E7, E8);
+-  memory_region_set_readonly(ALIAS, true);
+
+
 // Replace by-hand memory_region_init_ram_nomigrate/vmstate_register_ram
 // code sequences with use of the new memory_region_init_ram function.
 // Similarly for the _rom and _rom_device functions.
-- 
1.8.3.1

[PULL 60/61] hw/arm: Remove unnecessary memory_region_set_readonly() on ROM alias

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

This commit was produced with the Coccinelle script
scripts/coccinelle/memory-region-housekeeping.cocci.

Signed-off-by: Philippe Mathieu-Daudé 
---
 hw/arm/exynos4210.c| 1 -
 hw/arm/stm32f205_soc.c | 1 -
 hw/arm/stm32f405_soc.c | 1 -
 3 files changed, 3 deletions(-)

diff --git a/hw/arm/exynos4210.c b/hw/arm/exynos4210.c
index 3af6502..4e1fd7e 100644
--- a/hw/arm/exynos4210.c
+++ b/hw/arm/exynos4210.c
@@ -320,7 +320,6 @@ static void exynos4210_realize(DeviceState *socdev, Error 
**errp)
  >irom_mem,
  0,
  EXYNOS4210_IROM_SIZE);
-memory_region_set_readonly(>irom_alias_mem, true);
 memory_region_add_subregion(system_mem, EXYNOS4210_IROM_MIRROR_BASE_ADDR,
 >irom_alias_mem);
 
diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
index 2de5627..6e93726 100644
--- a/hw/arm/stm32f205_soc.c
+++ b/hw/arm/stm32f205_soc.c
@@ -97,7 +97,6 @@ static void stm32f205_soc_realize(DeviceState *dev_soc, Error 
**errp)
_fatal);
 memory_region_init_alias(flash_alias, NULL, "STM32F205.flash.alias",
  flash, 0, FLASH_SIZE);
-memory_region_set_readonly(flash_alias, true);
 
 memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, flash);
 memory_region_add_subregion(system_memory, 0, flash_alias);
diff --git a/hw/arm/stm32f405_soc.c b/hw/arm/stm32f405_soc.c
index b8fca13..d590cd0 100644
--- a/hw/arm/stm32f405_soc.c
+++ b/hw/arm/stm32f405_soc.c
@@ -103,7 +103,6 @@ static void stm32f405_soc_realize(DeviceState *dev_soc, 
Error **errp)
 }
 memory_region_init_alias(>flash_alias, NULL, "STM32F405.flash.alias",
  >flash, 0, FLASH_SIZE);
-memory_region_set_readonly(>flash_alias, true);
 
 memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, >flash);
 memory_region_add_subregion(system_memory, 0, >flash_alias);
-- 
1.8.3.1

Re: [PATCH] linux-user: Update TASK_UNMAPPED_BASE for aarch64

[Lirong Yuan]

Thanks Laurent for the prompt responses! Yes that is exactly where the
value is taken from.

For anyone interested in detailed information of the change, here is the
previous discussion thread:
http://patchwork.ozlabs.org/patch/1242370/

Regards,
Lirong


On Sat, Mar 14, 2020 at 10:34 AM Laurent Vivier  wrote:

> Le 14/03/2020 à 18:01, Aleksandar Markovic a écrit :
> > On Sat, Mar 14, 2020 at 11:45 AM Laurent Vivier 
> wrote:
> >>
> >> Le 14/03/2020 à 04:06, Aleksandar Markovic a écrit :
> >>> On Fri, Mar 13, 2020 at 1:28 AM Lirong Yuan  wrote:
> 
>  This change updates TASK_UNMAPPED_BASE (the base address for guest
> programs) for aarch64. It is needed to allow qemu to work with Thread
> Sanitizer (TSan), which has specific boundary definitions for memory
> mappings on different platforms:
> 
> https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/tsan/rtl/tsan_platform.h
> 
>  Signed-off-by: Lirong Yuan 
>  ---
>   linux-user/mmap.c | 4 
>   1 file changed, 4 insertions(+)
> 
>  diff --git a/linux-user/mmap.c b/linux-user/mmap.c
>  index 8685f02e7e..e378033797 100644
>  --- a/linux-user/mmap.c
>  +++ b/linux-user/mmap.c
>  @@ -184,7 +184,11 @@ static int mmap_frag(abi_ulong real_start,
>   }
> 
>   #if HOST_LONG_BITS == 64 && TARGET_ABI_BITS == 64
>  +#ifdef TARGET_AARCH64
>  +# define TASK_UNMAPPED_BASE  0x55
> >>>
> >>> Hi, Lirong,
> >>>
> >>> Can you point from which line of the file you linked to did you
> >>> arrive to the value 0x55?
> >>>
> >>> Second question: What about other targets?
> >>
> >> Personally, I prefer to not change the value for other targets if it is
> >> not required by someone that had some problems with the current value.
> >>
> >> It needs to be changed carefully and to be well tested after change.
> >>
> >
> > Sure, but again, from where " 0x55" comes from?
>
> The URL is in the comment, but more precisely I guess:
>
>
> https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/tsan/rtl/tsan_platform.h#L164
>
> Thanks,
> Laurent
>
>

[PULL 40/61] scripts/cocci: Patch to replace memory_region_init_{ram, readonly -> rom}

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Add a semantic patch to replace memory_region_init_ram(readonly)
by memory_region_init_rom().

Signed-off-by: Philippe Mathieu-Daudé 
---
 scripts/coccinelle/memory-region-housekeeping.cocci | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/scripts/coccinelle/memory-region-housekeeping.cocci 
b/scripts/coccinelle/memory-region-housekeeping.cocci
index 3699c10..ee3923d 100644
--- a/scripts/coccinelle/memory-region-housekeeping.cocci
+++ b/scripts/coccinelle/memory-region-housekeeping.cocci
@@ -11,6 +11,24 @@
 */
 
 
+// Replace memory_region_init_ram(readonly) by memory_region_init_rom()
+@@
+expression E1, E2, E3, E4, E5;
+symbol true;
+@@
+(
+- memory_region_init_ram(E1, E2, E3, E4, E5);
++ memory_region_init_rom(E1, E2, E3, E4, E5);
+  ... WHEN != E1
+- memory_region_set_readonly(E1, true);
+|
+- memory_region_init_ram_nomigrate(E1, E2, E3, E4, E5);
++ memory_region_init_rom_nomigrate(E1, E2, E3, E4, E5);
+  ... WHEN != E1
+- memory_region_set_readonly(E1, true);
+)
+
+
 // Replace by-hand memory_region_init_ram_nomigrate/vmstate_register_ram
 // code sequences with use of the new memory_region_init_ram function.
 // Similarly for the _rom and _rom_device functions.
-- 
1.8.3.1

[PULL 50/61] scripts/cocci: Patch to detect potential use of memory_region_init_rom

[Paolo Bonzini]

From: Philippe Mathieu-Daudé 

Add a semantic patch to detect potential replacement of
memory_region_init_ram(readonly) by memory_region_init_rom().

Signed-off-by: Philippe Mathieu-Daudé 
---
 scripts/coccinelle/memory-region-housekeeping.cocci | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/scripts/coccinelle/memory-region-housekeeping.cocci 
b/scripts/coccinelle/memory-region-housekeeping.cocci
index ee3923d..9cdde71 100644
--- a/scripts/coccinelle/memory-region-housekeeping.cocci
+++ b/scripts/coccinelle/memory-region-housekeeping.cocci
@@ -29,6 +29,25 @@ symbol true;
 )
 
 
+@possible_memory_region_init_rom@
+expression E1, E2, E3, E4, E5;
+position p;
+@@
+(
+  memory_region_init_ram@p(E1, E2, E3, E4, E5);
+  ...
+  memory_region_set_readonly(E1, true);
+|
+  memory_region_init_ram_nomigrate@p(E1, E2, E3, E4, E5);
+  ...
+  memory_region_set_readonly(E1, true);
+)
+@script:python@
+p << possible_memory_region_init_rom.p;
+@@
+cocci.print_main("potential use of memory_region_init_rom*() in ", p)
+
+
 // Replace by-hand memory_region_init_ram_nomigrate/vmstate_register_ram
 // code sequences with use of the new memory_region_init_ram function.
 // Similarly for the _rom and _rom_device functions.
-- 
1.8.3.1