[Qemu-devel] [PULL 00/24] target-arm queue

[Peter Maydell]

More arm patches (mostly the SDHCI ones from Philippe)

thanks
-- PMM

The following changes since commit f5213bd060b460c99e605472b7e03967db43:

  Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20180115' 
into staging (2018-01-15 13:17:47 +)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git 
tags/pull-target-arm-20180116

for you to fetch changes up to 60765b6ceeb4998a0d4220b3a53f1f185061da77:

  sdhci: add a 'dma' property to the sysbus devices (2018-01-16 13:28:21 +)


target-arm queue:
 * SDHCI: cleanups and minor bug fixes
 * target/arm: minor refactor preparatory to fp16 support
 * omap_ssd, ssi-sd, pl181, milkymist-memcard: reset the SD
   card on controller reset (fixes migration failures)
 * target/arm: Handle page table walk load failures correctly
 * hw/arm/virt: Add virt-2.12 machine type
 * get_phys_addr_pmsav7: Support AP=0b111 for v7M
 * hw/intc/armv7m: Support byte and halfword accesses to CFSR


Andrey Smirnov (1):
  sdhci: Implement write method of ACMD12ERRSTS register

Peter Maydell (8):
  hw/intc/armv7m: Support byte and halfword accesses to CFSR
  get_phys_addr_pmsav7: Support AP=0b111 for v7M
  hw/arm/virt: Add virt-2.12 machine type
  target/arm: Handle page table walk load failures correctly
  hw/sd/pl181: Reset SD card on controller reset
  hw/sd/milkymist-memcard: Reset SD card on controller reset
  hw/sd/ssi-sd: Reset SD card on controller reset
  hw/sd/omap_mmc: Reset SD card on controller reset

Philippe Mathieu-Daudé (13):
  sdhci: clean up includes
  sdhci: remove dead code
  sdhci: use DEFINE_SDHCI_COMMON_PROPERTIES() for common sysbus/pci 
properties
  sdhci: refactor common sysbus/pci class_init() into 
sdhci_common_class_init()
  sdhci: refactor common sysbus/pci realize() into sdhci_common_realize()
  sdhci: refactor common sysbus/pci unrealize() into 
sdhci_common_unrealize()
  sdhci: use qemu_log_mask(UNIMP) instead of fprintf()
  sdhci: convert the DPRINT() calls into trace events
  sdhci: move MASK_TRNMOD with other SDHC_TRN* defines in "sd-internal.h"
  sdhci: rename the SDHC_CAPAB register
  sdhci: fix CAPAB/MAXCURR registers, both are 64bit and read-only
  sdhci: fix the PCI device, using the PCI address space for DMA
  sdhci: add a 'dma' property to the sysbus devices

Richard Henderson (2):
  target/arm: Split out vfp_expand_imm
  target/arm: Add fp16 support to vfp_expand_imm

 hw/sd/sdhci-internal.h |   7 +-
 include/hw/sd/sdhci.h  |  19 +++-
 target/arm/internals.h |  10 ++
 hw/arm/virt.c  |  19 +++-
 hw/intc/armv7m_nvic.c  |  38 ---
 hw/sd/milkymist-memcard.c  |   4 +
 hw/sd/omap_mmc.c   |  14 ++-
 hw/sd/pl181.c  |   4 +
 hw/sd/sdhci.c  | 266 +++--
 hw/sd/ssi-sd.c |  25 -
 target/arm/helper.c|  53 -
 target/arm/op_helper.c |   7 +-
 target/arm/translate-a64.c |  49 ++---
 hw/sd/trace-events |  14 +++
 14 files changed, 362 insertions(+), 167 deletions(-)

[Qemu-devel] [PULL 13/24] sdhci: use DEFINE_SDHCI_COMMON_PROPERTIES() for common sysbus/pci properties

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Add common/sysbus/pci/sdbus comments to have clearer code blocks separation.

Signed-off-by: Philippe Mathieu-Daudé 
Message-id: 20180115182436.2066-4-f4...@amsat.org
Signed-off-by: Peter Maydell 
Reviewed-by: Peter Maydell 
---
 include/hw/sd/sdhci.h |  4 +++-
 hw/sd/sdhci.c | 25 +
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
index dacd726..8041c96 100644
--- a/include/hw/sd/sdhci.h
+++ b/include/hw/sd/sdhci.h
@@ -79,13 +79,15 @@ typedef struct SDHCIState {
 uint32_t buf_maxsz;
 uint16_t data_count;   /* current element in FIFO buffer */
 uint8_t  stopped_state;/* Current SDHC state */
-bool pending_insert_quirk;/* Quirk for Raspberry Pi card insert int */
 bool pending_insert_state;
 /* Buffer Data Port Register - virtual access point to R and W buffers */
 /* Software Reset Register - always reads as 0 */
 /* Force Event Auto CMD12 Error Interrupt Reg - write only */
 /* Force Event Error Interrupt Register- write only */
 /* RO Host Controller Version Register always reads as 0x2401 */
+
+/* Configurable properties */
+bool pending_insert_quirk; /* Quirk for Raspberry Pi card insert int */
 } SDHCIState;
 
 #define TYPE_PCI_SDHCI "sdhci-pci"
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 365bc80..c0b4b84 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -23,6 +23,7 @@
  */
 
 #include "qemu/osdep.h"
+#include "qapi/error.h"
 #include "hw/hw.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
@@ -1185,6 +1186,14 @@ static inline unsigned int sdhci_get_fifolen(SDHCIState 
*s)
 }
 }
 
+/* --- qdev common --- */
+
+#define DEFINE_SDHCI_COMMON_PROPERTIES(_state) \
+/* Capabilities registers provide information on supported features
+ * of this specific host controller implementation */ \
+DEFINE_PROP_UINT32("capareg", _state, capareg, SDHC_CAPAB_REG_DEFAULT), \
+DEFINE_PROP_UINT32("maxcurr", _state, maxcurr, 0)
+
 static void sdhci_initfn(SDHCIState *s)
 {
 qbus_create_inplace(&s->sdbus, sizeof(s->sdbus),
@@ -1264,12 +1273,10 @@ const VMStateDescription sdhci_vmstate = {
 },
 };
 
-/* Capabilities registers provide information on supported features of this
- * specific host controller implementation */
+/* --- qdev PCI --- */
+
 static Property sdhci_pci_properties[] = {
-DEFINE_PROP_UINT32("capareg", SDHCIState, capareg,
-SDHC_CAPAB_REG_DEFAULT),
-DEFINE_PROP_UINT32("maxcurr", SDHCIState, maxcurr, 0),
+DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState),
 DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -1320,10 +1327,10 @@ static const TypeInfo sdhci_pci_info = {
 },
 };
 
+/* --- qdev SysBus --- */
+
 static Property sdhci_sysbus_properties[] = {
-DEFINE_PROP_UINT32("capareg", SDHCIState, capareg,
-SDHC_CAPAB_REG_DEFAULT),
-DEFINE_PROP_UINT32("maxcurr", SDHCIState, maxcurr, 0),
+DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState),
 DEFINE_PROP_BOOL("pending-insert-quirk", SDHCIState, pending_insert_quirk,
  false),
 DEFINE_PROP_END_OF_LIST(),
@@ -1374,6 +1381,8 @@ static const TypeInfo sdhci_sysbus_info = {
 .class_init = sdhci_sysbus_class_init,
 };
 
+/* --- qdev bus master --- */
+
 static void sdhci_bus_class_init(ObjectClass *klass, void *data)
 {
 SDBusClass *sbc = SD_BUS_CLASS(klass);
-- 
2.7.4

[Qemu-devel] [PULL 17/24] sdhci: use qemu_log_mask(UNIMP) instead of fprintf()

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-id: 20180115182436.2066-8-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 hw/sd/sdhci.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index bbe4570..7ffb1db 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -947,7 +947,8 @@ static uint64_t sdhci_read(void *opaque, hwaddr offset, 
unsigned size)
 ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s);
 break;
 default:
-ERRPRINT("bad %ub read: addr[0x%04x]\n", size, (int)offset);
+qemu_log_mask(LOG_UNIMP, "SDHC rd_%ub @0x%02" HWADDR_PRIx " "
+  "not implemented\n", size, offset);
 break;
 }
 
@@ -1153,8 +1154,8 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, 
unsigned size)
 sdhci_update_irq(s);
 break;
 default:
-ERRPRINT("bad %ub write offset: addr[0x%04x] <- %u(0x%x)\n",
- size, (int)offset, value >> shift, value >> shift);
+qemu_log_mask(LOG_UNIMP, "SDHC wr_%ub @0x%02" HWADDR_PRIx " <- 0x%08x "
+  "not implemented\n", size, offset, value >> shift);
 break;
 }
 DPRINT_L2("write %ub: addr[0x%04x] <- %u(0x%x)\n",
-- 
2.7.4

[Qemu-devel] [PULL 05/24] hw/sd/pl181: Reset SD card on controller reset

[Peter Maydell]

Since pl181 is still using the legacy SD card API, the SD
card created by sd_init() is not plugged into any bus. This
means that the controller has to reset it manually.

Failing to do this mostly didn't affect the guest since the
guest typically does a programmed SD card reset as part of
its SD controller driver initialization, but meant that
migration failed because it's only in sd_reset() that we
set up the wpgrps_size field.

Cc: qemu-sta...@nongnu.org
Fixes: https://bugs.launchpad.net/qemu/+bug/1739378
Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Tested-by: Philippe Mathieu-Daudé 
Message-id: 1515506513-31961-2-git-send-email-peter.mayd...@linaro.org
---
 hw/sd/pl181.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/hw/sd/pl181.c b/hw/sd/pl181.c
index 55c8098..3ba1f7d 100644
--- a/hw/sd/pl181.c
+++ b/hw/sd/pl181.c
@@ -480,6 +480,10 @@ static void pl181_reset(DeviceState *d)
 
 /* We can assume our GPIO outputs have been wired up now */
 sd_set_cb(s->card, s->cardstatus[0], s->cardstatus[1]);
+/* Since we're still using the legacy SD API the card is not plugged
+ * into any bus, and we must reset it manually.
+ */
+device_reset(DEVICE(s->card));
 }
 
 static void pl181_init(Object *obj)
-- 
2.7.4

[Qemu-devel] [PULL 18/24] sdhci: convert the DPRINT() calls into trace events

[Peter Maydell]

From: Philippe Mathieu-Daudé 

zero-initialize ADMADescr 'dscr' in sdhci_do_adma() to avoid:

  hw/sd/sdhci.c: In function ‘sdhci_do_adma’:
  hw/sd/sdhci.c:714:29: error: ‘dscr.addr’ may be used uninitialized in this 
function [-Werror=maybe-uninitialized]
 trace_sdhci_adma("link", s->admasysaddr);
 ^

Signed-off-by: Philippe Mathieu-Daudé 
Acked-by: Alistair Francis 
Message-id: 20180115182436.2066-9-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 hw/sd/sdhci.c  | 89 ++
 hw/sd/trace-events | 14 +
 2 files changed, 44 insertions(+), 59 deletions(-)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 7ffb1db..68f1aee 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -34,30 +34,7 @@
 #include "sdhci-internal.h"
 #include "qapi/error.h"
 #include "qemu/log.h"
-
-/* host controller debug messages */
-#ifndef SDHC_DEBUG
-#define SDHC_DEBUG0
-#endif
-
-#define DPRINT_L1(fmt, args...) \
-do { \
-if (SDHC_DEBUG) { \
-fprintf(stderr, "QEMU SDHC: " fmt, ## args); \
-} \
-} while (0)
-#define DPRINT_L2(fmt, args...) \
-do { \
-if (SDHC_DEBUG > 1) { \
-fprintf(stderr, "QEMU SDHC: " fmt, ## args); \
-} \
-} while (0)
-#define ERRPRINT(fmt, args...) \
-do { \
-if (SDHC_DEBUG) { \
-fprintf(stderr, "QEMU SDHC ERROR: " fmt, ## args); \
-} \
-} while (0)
+#include "trace.h"
 
 #define TYPE_SDHCI_BUS "sdhci-bus"
 #define SDHCI_BUS(obj) OBJECT_CHECK(SDBus, (obj), TYPE_SDHCI_BUS)
@@ -156,8 +133,8 @@ static void sdhci_raise_insertion_irq(void *opaque)
 static void sdhci_set_inserted(DeviceState *dev, bool level)
 {
 SDHCIState *s = (SDHCIState *)dev;
-DPRINT_L1("Card state changed: %s!\n", level ? "insert" : "eject");
 
+trace_sdhci_set_inserted(level ? "insert" : "eject");
 if ((s->norintsts & SDHC_NIS_REMOVE) && level) {
 /* Give target some time to notice card ejection */
 timer_mod(s->insert_timer,
@@ -239,7 +216,8 @@ static void sdhci_send_command(SDHCIState *s)
 s->acmd12errsts = 0;
 request.cmd = s->cmdreg >> 8;
 request.arg = s->argument;
-DPRINT_L1("sending CMD%u ARG[0x%08x]\n", request.cmd, request.arg);
+
+trace_sdhci_send_command(request.cmd, request.arg);
 rlen = sdbus_do_command(&s->sdbus, &request, response);
 
 if (s->cmdreg & SDHC_CMD_RESPONSE) {
@@ -247,7 +225,7 @@ static void sdhci_send_command(SDHCIState *s)
 s->rspreg[0] = (response[0] << 24) | (response[1] << 16) |
(response[2] << 8)  |  response[3];
 s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0;
-DPRINT_L1("Response: RSPREG[31..0]=0x%08x\n", s->rspreg[0]);
+trace_sdhci_response4(s->rspreg[0]);
 } else if (rlen == 16) {
 s->rspreg[0] = (response[11] << 24) | (response[12] << 16) |
(response[13] << 8) |  response[14];
@@ -257,11 +235,10 @@ static void sdhci_send_command(SDHCIState *s)
(response[5] << 8)  |  response[6];
 s->rspreg[3] = (response[0] << 16) | (response[1] << 8) |
 response[2];
-DPRINT_L1("Response received:\n RSPREG[127..96]=0x%08x, 
RSPREG[95.."
-  "64]=0x%08x,\n RSPREG[63..32]=0x%08x, 
RSPREG[31..0]=0x%08x\n",
-  s->rspreg[3], s->rspreg[2], s->rspreg[1], s->rspreg[0]);
+trace_sdhci_response16(s->rspreg[3], s->rspreg[2],
+   s->rspreg[1], s->rspreg[0]);
 } else {
-ERRPRINT("Timeout waiting for command response\n");
+trace_sdhci_error("timeout waiting for command response");
 if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) {
 s->errintsts |= SDHC_EIS_CMDTIMEOUT;
 s->norintsts |= SDHC_NIS_ERR;
@@ -295,7 +272,7 @@ static void sdhci_end_transfer(SDHCIState *s)
 
 request.cmd = 0x0C;
 request.arg = 0;
-DPRINT_L1("Automatically issue CMD%d %08x\n", request.cmd, 
request.arg);
+trace_sdhci_end_transfer(request.cmd, request.arg);
 sdbus_do_command(&s->sdbus, &request, response);
 /* Auto CMD12 response goes to the upper Response register */
 s->rspreg[3] = (response[0] << 24) | (response[1] << 16) |
@@ -364,7 +341,7 @@ static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned 
size)
 
 /* first check that a valid data exists in host controller input buffer */
 if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) {
-ERRPRINT("Trying to read from empty buffer\n");
+trace_sdhci_error("read from empty buffer");
 return 0;
 }
 
@@ -373,8 +350,7 @@ static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned 
size)
 s->data_count++;
 /* check if we've read all valid data (blksize bytes) from buffer */
 if ((s->

[Qemu-devel] [PULL 16/24] sdhci: refactor common sysbus/pci unrealize() into sdhci_common_unrealize()

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-id: 20180115182436.2066-7-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 hw/sd/sdhci.c | 22 ++
 1 file changed, 22 insertions(+)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index cf0c079..bbe4570 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -32,6 +32,7 @@
 #include "qemu/bitops.h"
 #include "hw/sd/sdhci.h"
 #include "sdhci-internal.h"
+#include "qapi/error.h"
 #include "qemu/log.h"
 
 /* host controller debug messages */
@@ -1223,6 +1224,17 @@ static void sdhci_common_realize(SDHCIState *s, Error 
**errp)
   SDHC_REGISTERS_MAP_SIZE);
 }
 
+static void sdhci_common_unrealize(SDHCIState *s, Error **errp)
+{
+/* This function is expected to be called only once for each class:
+ * - SysBus:via DeviceClass->unrealize(),
+ * - PCI:   via PCIDeviceClass->exit().
+ * However to avoid double-free and/or use-after-free we still nullify
+ * this variable (better safe than sorry!). */
+g_free(s->fifo_buffer);
+s->fifo_buffer = NULL;
+}
+
 static bool sdhci_pending_insert_vmstate_needed(void *opaque)
 {
 SDHCIState *s = opaque;
@@ -1317,6 +1329,8 @@ static void sdhci_pci_realize(PCIDevice *dev, Error 
**errp)
 static void sdhci_pci_exit(PCIDevice *dev)
 {
 SDHCIState *s = PCI_SDHCI(dev);
+
+sdhci_common_unrealize(s, &error_abort);
 sdhci_uninitfn(s);
 }
 
@@ -1382,12 +1396,20 @@ static void sdhci_sysbus_realize(DeviceState *dev, 
Error ** errp)
 sysbus_init_mmio(sbd, &s->iomem);
 }
 
+static void sdhci_sysbus_unrealize(DeviceState *dev, Error **errp)
+{
+SDHCIState *s = SYSBUS_SDHCI(dev);
+
+sdhci_common_unrealize(s, &error_abort);
+}
+
 static void sdhci_sysbus_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 
 dc->props = sdhci_sysbus_properties;
 dc->realize = sdhci_sysbus_realize;
+dc->unrealize = sdhci_sysbus_unrealize;
 
 sdhci_common_class_init(klass, data);
 }
-- 
2.7.4

[Qemu-devel] [PULL 01/24] hw/intc/armv7m: Support byte and halfword accesses to CFSR

[Peter Maydell]

The Configurable Fault Status Register for ARMv7M and v8M is
supposed to be byte and halfword accessible, but we were only
implementing word accesses. Add support for the other access
sizes, which are used by the Zephyr RTOS.

Signed-off-by: Peter Maydell 
Reported-by: Andy Gross 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 1512742372-31517-1-git-send-email-peter.mayd...@linaro.org
---
 hw/intc/armv7m_nvic.c | 38 ++
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index dd49b6c..8ca6cee 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -896,13 +896,6 @@ static uint32_t nvic_readl(NVICState *s, uint32_t offset, 
MemTxAttrs attrs)
 val |= (1 << 8);
 }
 return val;
-case 0xd28: /* Configurable Fault Status.  */
-/* The BFSR bits [15:8] are shared between security states
- * and we store them in the NS copy
- */
-val = cpu->env.v7m.cfsr[attrs.secure];
-val |= cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
-return val;
 case 0xd2c: /* Hard Fault Status.  */
 return cpu->env.v7m.hfsr;
 case 0xd30: /* Debug Fault Status.  */
@@ -1280,15 +1273,6 @@ static void nvic_writel(NVICState *s, uint32_t offset, 
uint32_t value,
 s->vectors[ARMV7M_EXCP_DEBUG].active = (value & (1 << 8)) != 0;
 nvic_irq_update(s);
 break;
-case 0xd28: /* Configurable Fault Status.  */
-cpu->env.v7m.cfsr[attrs.secure] &= ~value; /* W1C */
-if (attrs.secure) {
-/* The BFSR bits [15:8] are shared between security states
- * and we store them in the NS copy.
- */
-cpu->env.v7m.cfsr[M_REG_NS] &= ~(value & R_V7M_CFSR_BFSR_MASK);
-}
-break;
 case 0xd2c: /* Hard Fault Status.  */
 cpu->env.v7m.hfsr &= ~value; /* W1C */
 break;
@@ -1667,6 +1651,14 @@ static MemTxResult nvic_sysreg_read(void *opaque, hwaddr 
addr,
 val = deposit32(val, i * 8, 8, get_prio(s, hdlidx, sbank));
 }
 break;
+case 0xd28 ... 0xd2b: /* Configurable Fault Status (CFSR) */
+/* The BFSR bits [15:8] are shared between security states
+ * and we store them in the NS copy
+ */
+val = s->cpu->env.v7m.cfsr[attrs.secure];
+val |= s->cpu->env.v7m.cfsr[M_REG_NS] & R_V7M_CFSR_BFSR_MASK;
+val = extract32(val, (offset - 0xd28) * 8, size * 8);
+break;
 case 0xfe0 ... 0xfff: /* ID.  */
 if (offset & 3) {
 val = 0;
@@ -1765,6 +1757,20 @@ static MemTxResult nvic_sysreg_write(void *opaque, 
hwaddr addr,
 }
 nvic_irq_update(s);
 return MEMTX_OK;
+case 0xd28 ... 0xd2b: /* Configurable Fault Status (CFSR) */
+/* All bits are W1C, so construct 32 bit value with 0s in
+ * the parts not written by the access size
+ */
+value <<= ((offset - 0xd28) * 8);
+
+s->cpu->env.v7m.cfsr[attrs.secure] &= ~value;
+if (attrs.secure) {
+/* The BFSR bits [15:8] are shared between security states
+ * and we store them in the NS copy.
+ */
+s->cpu->env.v7m.cfsr[M_REG_NS] &= ~(value & R_V7M_CFSR_BFSR_MASK);
+}
+return MEMTX_OK;
 }
 if (size == 4) {
 nvic_writel(s, offset, value, attrs);
-- 
2.7.4

[Qemu-devel] [PULL 02/24] get_phys_addr_pmsav7: Support AP=0b111 for v7M

[Peter Maydell]

For PMSAv7, the v7A/R Arm ARM defines that setting AP to 0b111
is an UNPREDICTABLE reserved combination. However, for v7M
this value is documented as having the same behaviour as 0b110:
read-only for both privileged and unprivileged. Accept this
value on an M profile core rather than treating it as a guest
error and a no-access page.

Reported-by: Andy Gross 
Signed-off-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-id: 1512742402-31669-1-git-send-email-peter.mayd...@linaro.org
---
 target/arm/helper.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index d1395f9..eb80f79 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -9272,6 +9272,13 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, 
uint32_t address,
 case 6:
 *prot |= PAGE_READ | PAGE_EXEC;
 break;
+case 7:
+/* for v7M, same as 6; for R profile a reserved value */
+if (arm_feature(env, ARM_FEATURE_M)) {
+*prot |= PAGE_READ | PAGE_EXEC;
+break;
+}
+/* fall through */
 default:
 qemu_log_mask(LOG_GUEST_ERROR,
   "DRACR[%d]: Bad value for AP bits: 0x%"
@@ -9290,6 +9297,13 @@ static bool get_phys_addr_pmsav7(CPUARMState *env, 
uint32_t address,
 case 6:
 *prot |= PAGE_READ | PAGE_EXEC;
 break;
+case 7:
+/* for v7M, same as 6; for R profile a reserved value */
+if (arm_feature(env, ARM_FEATURE_M)) {
+*prot |= PAGE_READ | PAGE_EXEC;
+break;
+}
+/* fall through */
 default:
 qemu_log_mask(LOG_GUEST_ERROR,
   "DRACR[%d]: Bad value for AP bits: 0x%"
-- 
2.7.4

[Qemu-devel] [PULL 22/24] sdhci: Implement write method of ACMD12ERRSTS register

[Peter Maydell]

From: Andrey Smirnov 

Signed-off-by: Andrey Smirnov 
Reviewed-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-id: 20180115182436.2066-13-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 hw/sd/sdhci.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index d4fcebc..9bdbcd0 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1129,6 +1129,9 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, 
unsigned size)
 }
 sdhci_update_irq(s);
 break;
+case SDHC_ACMD12ERRSTS:
+MASKED_WRITE(s->acmd12errsts, mask, value);
+break;
 
 case SDHC_CAPAB:
 case SDHC_CAPAB + 4:
-- 
2.7.4

[Qemu-devel] [PULL 14/24] sdhci: refactor common sysbus/pci class_init() into sdhci_common_class_init()

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Now both inherited classes appear as DEVICE_CATEGORY_STORAGE.

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-id: 20180115182436.2066-5-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 hw/sd/sdhci.c | 18 +-
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index c0b4b84..15d0961 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1273,6 +1273,15 @@ const VMStateDescription sdhci_vmstate = {
 },
 };
 
+static void sdhci_common_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
+dc->vmsd = &sdhci_vmstate;
+dc->reset = sdhci_poweron_reset;
+}
+
 /* --- qdev PCI --- */
 
 static Property sdhci_pci_properties[] = {
@@ -1310,10 +1319,9 @@ static void sdhci_pci_class_init(ObjectClass *klass, 
void *data)
 k->vendor_id = PCI_VENDOR_ID_REDHAT;
 k->device_id = PCI_DEVICE_ID_REDHAT_SDHCI;
 k->class_id = PCI_CLASS_SYSTEM_SDHCI;
-set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
-dc->vmsd = &sdhci_vmstate;
 dc->props = sdhci_pci_properties;
-dc->reset = sdhci_poweron_reset;
+
+sdhci_common_class_init(klass, data);
 }
 
 static const TypeInfo sdhci_pci_info = {
@@ -1366,10 +1374,10 @@ static void sdhci_sysbus_class_init(ObjectClass *klass, 
void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 
-dc->vmsd = &sdhci_vmstate;
 dc->props = sdhci_sysbus_properties;
 dc->realize = sdhci_sysbus_realize;
-dc->reset = sdhci_poweron_reset;
+
+sdhci_common_class_init(klass, data);
 }
 
 static const TypeInfo sdhci_sysbus_info = {
-- 
2.7.4

[Qemu-devel] [PULL 15/24] sdhci: refactor common sysbus/pci realize() into sdhci_common_realize()

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-id: 20180115182436.2066-6-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 hw/sd/sdhci.c | 30 +-
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 15d0961..cf0c079 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1214,6 +1214,15 @@ static void sdhci_uninitfn(SDHCIState *s)
 s->fifo_buffer = NULL;
 }
 
+static void sdhci_common_realize(SDHCIState *s, Error **errp)
+{
+s->buf_maxsz = sdhci_get_fifolen(s);
+s->fifo_buffer = g_malloc0(s->buf_maxsz);
+
+memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci",
+  SDHC_REGISTERS_MAP_SIZE);
+}
+
 static bool sdhci_pending_insert_vmstate_needed(void *opaque)
 {
 SDHCIState *s = opaque;
@@ -1292,14 +1301,16 @@ static Property sdhci_pci_properties[] = {
 static void sdhci_pci_realize(PCIDevice *dev, Error **errp)
 {
 SDHCIState *s = PCI_SDHCI(dev);
+
+sdhci_initfn(s);
+sdhci_common_realize(s, errp);
+if (errp && *errp) {
+return;
+}
+
 dev->config[PCI_CLASS_PROG] = 0x01; /* Standard Host supported DMA */
 dev->config[PCI_INTERRUPT_PIN] = 0x01; /* interrupt pin A */
-sdhci_initfn(s);
-s->buf_maxsz = sdhci_get_fifolen(s);
-s->fifo_buffer = g_malloc0(s->buf_maxsz);
 s->irq = pci_allocate_irq(dev);
-memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci",
-SDHC_REGISTERS_MAP_SIZE);
 pci_register_bar(dev, 0, 0, &s->iomem);
 }
 
@@ -1362,11 +1373,12 @@ static void sdhci_sysbus_realize(DeviceState *dev, 
Error ** errp)
 SDHCIState *s = SYSBUS_SDHCI(dev);
 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
 
-s->buf_maxsz = sdhci_get_fifolen(s);
-s->fifo_buffer = g_malloc0(s->buf_maxsz);
+sdhci_common_realize(s, errp);
+if (errp && *errp) {
+return;
+}
+
 sysbus_init_irq(sbd, &s->irq);
-memory_region_init_io(&s->iomem, OBJECT(s), &sdhci_mmio_ops, s, "sdhci",
-SDHC_REGISTERS_MAP_SIZE);
 sysbus_init_mmio(sbd, &s->iomem);
 }
 
-- 
2.7.4

Re: [Qemu-devel] [PATCHv2 1/2] spapr: Allow some cases where we can't set VSMT mode in the kernel

[David Gibson]

On Tue, Jan 16, 2018 at 11:34:52AM +0100, Laurent Vivier wrote:
> On 16/01/2018 05:47, David Gibson wrote:
> > At present if we require a vsmt mode that's not equal to the kernel's
> > default, and the kernel doesn't let us change it (e.g. because it's an old
> > kernel without support) then we always fail.
> > 
> > But in fact we can cope with the kernel having a different vsmt as long as
> >   a) it's >= the actual number of vthreads/vcore (so that guest threads
> >  that are supposed to be on the same core act like it)
> >   b) it's a submultiple of the requested vsmt mode (so that guest threads
> >  spaced by the vsmt value will act like they're on different cores)
> > 
> > Allowing this case gives us a bit more freedom to adjust the vsmt behaviour
> > without breaking existing cases.
> > 
> > Signed-off-by: David Gibson 
> > ---
> >  hw/ppc/spapr.c | 26 +++---
> >  1 file changed, 19 insertions(+), 7 deletions(-)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index e35214bfc3..6d3613d934 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -2314,17 +2314,29 @@ static void spapr_set_vsmt_mode(sPAPRMachineState 
> > *spapr, Error **errp)
> >  if (kvm_enabled() && (spapr->vsmt != kvm_smt)) {
> >  ret = kvmppc_set_smt_threads(spapr->vsmt);
> >  if (ret) {
> > +/* Looks like KVM isn't able to change VSMT mode */
> >  error_setg(&local_err,
> > "Failed to set KVM's VSMT mode to %d (errno %d)",
> > spapr->vsmt, ret);
> > -if (!vsmt_user) {
> > -error_append_hint(&local_err, "On PPC, a VM with %d 
> > threads/"
> > - "core on a host with %d threads/core requires 
> > "
> > - " the use of VSMT mode %d.\n",
> > - smp_threads, kvm_smt, spapr->vsmt);
> > +/* We can live with that if the default one is big enough
> > + * for the number of threads, and a submultiple of the one
> > + * we want.  In this case we'll waste some vcpu ids, but
> > + * behaviour will be correct */
> > +if ((kvm_smt >= smp_threads) && (spapr->vsmt % kvm_smt) == 0) {
> 
> I agree with Greg: inconsistent use of parenthesis, should be
> 
> if (kvm_smt >= smp_threads && (spapr->vsmt % kvm_smt) == 0) {

Corrected in my tree.

> Anyway:
> 
> Reviewed-by: Laurent Vivier 
> 
> Thanks,
> Laurent
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PULL 23/24] sdhci: fix the PCI device, using the PCI address space for DMA

[Peter Maydell]

From: Philippe Mathieu-Daudé 

While SysBus devices can use the get_system_memory() address space,
PCI devices should use the bus master address space for DMA.

Suggested-by: Peter Maydell 
Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Peter Maydell 
Message-id: 20180115182436.2066-14-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 include/hw/sd/sdhci.h |  1 +
 hw/sd/sdhci.c | 29 +++--
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
index 442e30a..4a102b8 100644
--- a/include/hw/sd/sdhci.h
+++ b/include/hw/sd/sdhci.h
@@ -41,6 +41,7 @@ typedef struct SDHCIState {
 /*< public >*/
 SDBus sdbus;
 MemoryRegion iomem;
+AddressSpace *dma_as;
 
 QEMUTimer *insert_timer;   /* timer for 'changing' sd card. */
 QEMUTimer *transfer_timer;
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 9bdbcd0..dd40069 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -496,7 +496,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
 s->blkcnt--;
 }
 }
-dma_memory_write(&address_space_memory, s->sdmasysad,
+dma_memory_write(s->dma_as, s->sdmasysad,
  &s->fifo_buffer[begin], s->data_count - begin);
 s->sdmasysad += s->data_count - begin;
 if (s->data_count == block_size) {
@@ -518,7 +518,7 @@ static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
 s->data_count = block_size;
 boundary_count -= block_size - begin;
 }
-dma_memory_read(&address_space_memory, s->sdmasysad,
+dma_memory_read(s->dma_as, s->sdmasysad,
 &s->fifo_buffer[begin], s->data_count - begin);
 s->sdmasysad += s->data_count - begin;
 if (s->data_count == block_size) {
@@ -556,11 +556,9 @@ static void sdhci_sdma_transfer_single_block(SDHCIState *s)
 for (n = 0; n < datacnt; n++) {
 s->fifo_buffer[n] = sdbus_read_data(&s->sdbus);
 }
-dma_memory_write(&address_space_memory, s->sdmasysad, s->fifo_buffer,
- datacnt);
+dma_memory_write(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt);
 } else {
-dma_memory_read(&address_space_memory, s->sdmasysad, s->fifo_buffer,
-datacnt);
+dma_memory_read(s->dma_as, s->sdmasysad, s->fifo_buffer, datacnt);
 for (n = 0; n < datacnt; n++) {
 sdbus_write_data(&s->sdbus, s->fifo_buffer[n]);
 }
@@ -584,7 +582,7 @@ static void get_adma_description(SDHCIState *s, ADMADescr 
*dscr)
 hwaddr entry_addr = (hwaddr)s->admasysaddr;
 switch (SDHC_DMA_TYPE(s->hostctl)) {
 case SDHC_CTRL_ADMA2_32:
-dma_memory_read(&address_space_memory, entry_addr, (uint8_t *)&adma2,
+dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma2,
 sizeof(adma2));
 adma2 = le64_to_cpu(adma2);
 /* The spec does not specify endianness of descriptor table.
@@ -596,7 +594,7 @@ static void get_adma_description(SDHCIState *s, ADMADescr 
*dscr)
 dscr->incr = 8;
 break;
 case SDHC_CTRL_ADMA1_32:
-dma_memory_read(&address_space_memory, entry_addr, (uint8_t *)&adma1,
+dma_memory_read(s->dma_as, entry_addr, (uint8_t *)&adma1,
 sizeof(adma1));
 adma1 = le32_to_cpu(adma1);
 dscr->addr = (hwaddr)(adma1 & 0xF000);
@@ -609,12 +607,12 @@ static void get_adma_description(SDHCIState *s, ADMADescr 
*dscr)
 }
 break;
 case SDHC_CTRL_ADMA2_64:
-dma_memory_read(&address_space_memory, entry_addr,
+dma_memory_read(s->dma_as, entry_addr,
 (uint8_t *)(&dscr->attr), 1);
-dma_memory_read(&address_space_memory, entry_addr + 2,
+dma_memory_read(s->dma_as, entry_addr + 2,
 (uint8_t *)(&dscr->length), 2);
 dscr->length = le16_to_cpu(dscr->length);
-dma_memory_read(&address_space_memory, entry_addr + 4,
+dma_memory_read(s->dma_as, entry_addr + 4,
 (uint8_t *)(&dscr->addr), 8);
 dscr->attr = le64_to_cpu(dscr->attr);
 dscr->attr &= 0xfff8;
@@ -673,7 +671,7 @@ static void sdhci_do_adma(SDHCIState *s)
 s->data_count = block_size;
 length -= block_size - begin;
 }
-dma_memory_write(&address_space_memory, dscr.addr,
+dma_memory_write(s->dma_as, dscr.addr,
  &s->fifo_buffer[begin],
  s->data_count - begin);
 dscr.addr += s->data_count - begin;
@@ -697,7 +695,7 @@ static void sdhci_do_adma(SDHCIState *s)
 s->data_count = block_size;
 length -= b

[Qemu-devel] [PULL 21/24] sdhci: fix CAPAB/MAXCURR registers, both are 64bit and read-only

[Peter Maydell]

From: Philippe Mathieu-Daudé 

running qtests:

  $ make check-qtest-arm
GTESTER check-qtest-arm
  SDHC rd_4b @0x44 not implemented
  SDHC wr_4b @0x40 <- 0x89abcdef not implemented
  SDHC wr_4b @0x44 <- 0x01234567 not implemented

Signed-off-by: Philippe Mathieu-Daudé 
Reviewed-by: Alistair Francis 
Message-id: 20180115182436.2066-12-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 include/hw/sd/sdhci.h |  4 ++--
 hw/sd/sdhci.c | 23 +++
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
index 8041c96..442e30a 100644
--- a/include/hw/sd/sdhci.h
+++ b/include/hw/sd/sdhci.h
@@ -72,8 +72,8 @@ typedef struct SDHCIState {
 uint64_t admasysaddr;  /* ADMA System Address Register */
 
 /* Read-only registers */
-uint32_t capareg;  /* Capabilities Register */
-uint32_t maxcurr;  /* Maximum Current Capabilities Register */
+uint64_t capareg;  /* Capabilities Register */
+uint64_t maxcurr;  /* Maximum Current Capabilities Register */
 
 uint8_t  *fifo_buffer; /* SD host i/o FIFO buffer */
 uint32_t buf_maxsz;
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index c4e486e..d4fcebc 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -899,10 +899,16 @@ static uint64_t sdhci_read(void *opaque, hwaddr offset, 
unsigned size)
 ret = s->acmd12errsts;
 break;
 case SDHC_CAPAB:
-ret = s->capareg;
+ret = (uint32_t)s->capareg;
+break;
+case SDHC_CAPAB + 4:
+ret = (uint32_t)(s->capareg >> 32);
 break;
 case SDHC_MAXCURR:
-ret = s->maxcurr;
+ret = (uint32_t)s->maxcurr;
+break;
+case SDHC_MAXCURR + 4:
+ret = (uint32_t)(s->maxcurr >> 32);
 break;
 case SDHC_ADMAERR:
 ret =  s->admaerr;
@@ -1123,6 +1129,15 @@ sdhci_write(void *opaque, hwaddr offset, uint64_t val, 
unsigned size)
 }
 sdhci_update_irq(s);
 break;
+
+case SDHC_CAPAB:
+case SDHC_CAPAB + 4:
+case SDHC_MAXCURR:
+case SDHC_MAXCURR + 4:
+qemu_log_mask(LOG_GUEST_ERROR, "SDHC wr_%ub @0x%02" HWADDR_PRIx
+  " <- 0x%08x read-only\n", size, offset, value >> shift);
+break;
+
 default:
 qemu_log_mask(LOG_UNIMP, "SDHC wr_%ub @0x%02" HWADDR_PRIx " <- 0x%08x "
   "not implemented\n", size, offset, value >> shift);
@@ -1163,8 +1178,8 @@ static inline unsigned int sdhci_get_fifolen(SDHCIState 
*s)
 #define DEFINE_SDHCI_COMMON_PROPERTIES(_state) \
 /* Capabilities registers provide information on supported features
  * of this specific host controller implementation */ \
-DEFINE_PROP_UINT32("capareg", _state, capareg, SDHC_CAPAB_REG_DEFAULT), \
-DEFINE_PROP_UINT32("maxcurr", _state, maxcurr, 0)
+DEFINE_PROP_UINT64("capareg", _state, capareg, SDHC_CAPAB_REG_DEFAULT), \
+DEFINE_PROP_UINT64("maxcurr", _state, maxcurr, 0)
 
 static void sdhci_initfn(SDHCIState *s)
 {
-- 
2.7.4

[Qemu-devel] [PULL 24/24] sdhci: add a 'dma' property to the sysbus devices

[Peter Maydell]

From: Philippe Mathieu-Daudé 

Add a 'dma' property allowing machine creation to provide the address-space
SDHCI DMA operates on.

[based on a patch from Alistair Francis 
 from qemu/xilinx tag xilinx-v2016.1]
Signed-off-by: Philippe Mathieu-Daudé 
Message-id: 20180115182436.2066-15-f4...@amsat.org
Signed-off-by: Peter Maydell 
---
 include/hw/sd/sdhci.h |  1 +
 hw/sd/sdhci.c | 18 +-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/include/hw/sd/sdhci.h b/include/hw/sd/sdhci.h
index 4a102b8..cb37182 100644
--- a/include/hw/sd/sdhci.h
+++ b/include/hw/sd/sdhci.h
@@ -42,6 +42,7 @@ typedef struct SDHCIState {
 SDBus sdbus;
 MemoryRegion iomem;
 AddressSpace *dma_as;
+MemoryRegion *dma_mr;
 
 QEMUTimer *insert_timer;   /* timer for 'changing' sd card. */
 QEMUTimer *transfer_timer;
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index dd40069..f9264d3 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1354,6 +1354,8 @@ static Property sdhci_sysbus_properties[] = {
 DEFINE_SDHCI_COMMON_PROPERTIES(SDHCIState),
 DEFINE_PROP_BOOL("pending-insert-quirk", SDHCIState, pending_insert_quirk,
  false),
+DEFINE_PROP_LINK("dma", SDHCIState,
+ dma_mr, TYPE_MEMORY_REGION, MemoryRegion *),
 DEFINE_PROP_END_OF_LIST(),
 };
 
@@ -1367,6 +1369,11 @@ static void sdhci_sysbus_init(Object *obj)
 static void sdhci_sysbus_finalize(Object *obj)
 {
 SDHCIState *s = SYSBUS_SDHCI(obj);
+
+if (s->dma_mr) {
+object_unparent(OBJECT(s->dma_mr));
+}
+
 sdhci_uninitfn(s);
 }
 
@@ -1380,7 +1387,12 @@ static void sdhci_sysbus_realize(DeviceState *dev, Error 
** errp)
 return;
 }
 
-s->dma_as = &address_space_memory;
+if (s->dma_mr) {
+address_space_init(s->dma_as, s->dma_mr, "sdhci-dma");
+} else {
+/* use system_memory() if property "dma" not set */
+s->dma_as = &address_space_memory;
+}
 
 sysbus_init_irq(sbd, &s->irq);
 sysbus_init_mmio(sbd, &s->iomem);
@@ -1391,6 +1403,10 @@ static void sdhci_sysbus_unrealize(DeviceState *dev, 
Error **errp)
 SDHCIState *s = SYSBUS_SDHCI(dev);
 
 sdhci_common_unrealize(s, &error_abort);
+
+ if (s->dma_mr) {
+address_space_destroy(s->dma_as);
+}
 }
 
 static void sdhci_sysbus_class_init(ObjectClass *klass, void *data)
-- 
2.7.4

[Qemu-devel] [PATCH v5 05/14] qapi: Adapt to moved location of 'maketrans' function in py3

[Daniel P. Berrange]

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 scripts/qapi.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 514cca44bf..1fdd189c0d 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -1734,7 +1734,10 @@ def c_enum_const(type_name, const_name, prefix=None):
 type_name = prefix
 return camel_to_upper(type_name) + '_' + c_name(const_name, False).upper()
 
-c_name_trans = string.maketrans('.-', '__')
+if hasattr(str, 'maketrans'):
+c_name_trans = str.maketrans('.-', '__')
+else:
+c_name_trans = string.maketrans('.-', '__')
 
 
 # Map @name to a valid C identifier.
-- 
2.14.3

Re: [Qemu-devel] [PULL v3 00/53] Misc changes for 2017-01-12

[Paolo Bonzini]

On 16/01/2018 13:06, Peter Maydell wrote:
>> ASAN is enabled by default if available when --enable-debug. We could
>> add more flags if that helps.
> Configure switches should work like this:
>  * default: use feature if present, but don't complain if not present
>or not usable
>  * --enable-foo: use feature. if feature not present, complain and
>fail configure
>  * --disable-foo: don't test for or use feature
> 

However, --enable-debug has never worked like this (the "default" part)...

Paolo

[Qemu-devel] [PATCH v5 07/14] qapi: ensure stable sort ordering when checking QAPI entities

[Daniel P. Berrange]

Some early python 3.x versions will have different default
ordering when calling the 'values()' method on a dict, compared
to python 2.x and later 3.x versions. Explicitly sort the items
to get a stable ordering.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrange 
---
 scripts/qapi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 1fdd189c0d..58f995b07f 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -1678,7 +1678,7 @@ class QAPISchema(object):
 assert False
 
 def check(self):
-for ent in self._entity_dict.values():
+for (name, ent) in sorted(self._entity_dict.items()):
 ent.check(self)
 
 def visit(self, visitor):
-- 
2.14.3

[Qemu-devel] [PATCH v5 03/14] qapi: Use OrderedDict from standard library if available

[Daniel P. Berrange]

The OrderedDict class appeared in the 'collections' module
from python 2.7 onwards, so use that in preference to our
local backport if available.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrange 
---
 scripts/qapi.py | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 98d7123d27..514b7bb5a4 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -18,7 +18,10 @@ import os
 import re
 import string
 import sys
-from ordereddict import OrderedDict
+try:
+from collections import OrderedDict
+except:
+from ordereddict import OrderedDict
 
 builtin_types = {
 'null': 'QTYPE_QNULL',
-- 
2.14.3

Re: [Qemu-devel] [PATCH 05/11] virtio-ccw: convert VirtIOCCWDeviceClass::init -> realize

[Farhan Ali]

shouldn't the commit message say exit -> unrealize?


Thanks
Farhan

On 01/16/2018 08:15 AM, Philippe Mathieu-Daudé wrote:

Signed-off-by: Philippe Mathieu-Daudé 
---
  hw/s390x/virtio-ccw.h |  2 +-
  hw/s390x/virtio-ccw.c | 35 +--
  2 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h
index 3905f3a3d6..2fc513001e 100644
--- a/hw/s390x/virtio-ccw.h
+++ b/hw/s390x/virtio-ccw.h
@@ -76,7 +76,7 @@ typedef struct VirtioCcwDevice VirtioCcwDevice;
  typedef struct VirtIOCCWDeviceClass {
  CCWDeviceClass parent_class;
  void (*realize)(VirtioCcwDevice *dev, Error **errp);
-int (*exit)(VirtioCcwDevice *dev);
+void (*unrealize)(VirtioCcwDevice *dev, Error **errp);
  } VirtIOCCWDeviceClass;

  /* Performance improves when virtqueue kick processing is decoupled from the
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index 38f6a8afc9..a71c3feeb5 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -751,7 +751,7 @@ out_err:
  g_free(sch);
  }

-static int virtio_ccw_exit(VirtioCcwDevice *dev)
+static void virtio_ccw_unrealize(VirtioCcwDevice *dev, Error **errp)
  {
  CcwDevice *ccw_dev = CCW_DEVICE(dev);
  SubchDev *sch = ccw_dev->sch;
@@ -764,7 +764,6 @@ static int virtio_ccw_exit(VirtioCcwDevice *dev)
  release_indicator(&dev->routes.adapter, dev->indicators);
  dev->indicators = NULL;
  }
-return 0;
  }

  static void virtio_ccw_net_realize(VirtioCcwDevice *ccw_dev, Error **errp)
@@ -1343,7 +1342,7 @@ static void virtio_ccw_net_class_init(ObjectClass *klass, 
void *data)
  VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);

  k->realize = virtio_ccw_net_realize;
-k->exit = virtio_ccw_exit;
+k->unrealize = virtio_ccw_unrealize;
  dc->reset = virtio_ccw_reset;
  dc->props = virtio_ccw_net_properties;
  set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
@@ -1371,7 +1370,7 @@ static void virtio_ccw_blk_class_init(ObjectClass *klass, 
void *data)
  VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);

  k->realize = virtio_ccw_blk_realize;
-k->exit = virtio_ccw_exit;
+k->unrealize = virtio_ccw_unrealize;
  dc->reset = virtio_ccw_reset;
  dc->props = virtio_ccw_blk_properties;
  set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
@@ -1399,7 +1398,7 @@ static void virtio_ccw_serial_class_init(ObjectClass 
*klass, void *data)
  VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);

  k->realize = virtio_ccw_serial_realize;
-k->exit = virtio_ccw_exit;
+k->unrealize = virtio_ccw_unrealize;
  dc->reset = virtio_ccw_reset;
  dc->props = virtio_ccw_serial_properties;
  set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
@@ -1427,7 +1426,7 @@ static void virtio_ccw_balloon_class_init(ObjectClass 
*klass, void *data)
  VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);

  k->realize = virtio_ccw_balloon_realize;
-k->exit = virtio_ccw_exit;
+k->unrealize = virtio_ccw_unrealize;
  dc->reset = virtio_ccw_reset;
  dc->props = virtio_ccw_balloon_properties;
  set_bit(DEVICE_CATEGORY_MISC, dc->categories);
@@ -1455,7 +1454,7 @@ static void virtio_ccw_scsi_class_init(ObjectClass 
*klass, void *data)
  VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);

  k->realize = virtio_ccw_scsi_realize;
-k->exit = virtio_ccw_exit;
+k->unrealize = virtio_ccw_unrealize;
  dc->reset = virtio_ccw_reset;
  dc->props = virtio_ccw_scsi_properties;
  set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
@@ -1482,7 +1481,7 @@ static void vhost_ccw_scsi_class_init(ObjectClass *klass, 
void *data)
  VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);

  k->realize = vhost_ccw_scsi_realize;
-k->exit = virtio_ccw_exit;
+k->unrealize = virtio_ccw_unrealize;
  dc->reset = virtio_ccw_reset;
  dc->props = vhost_ccw_scsi_properties;
  set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
@@ -1519,7 +1518,7 @@ static void virtio_ccw_rng_class_init(ObjectClass *klass, 
void *data)
  VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);

  k->realize = virtio_ccw_rng_realize;
-k->exit = virtio_ccw_exit;
+k->unrealize = virtio_ccw_unrealize;
  dc->reset = virtio_ccw_reset;
  dc->props = virtio_ccw_rng_properties;
  set_bit(DEVICE_CATEGORY_MISC, dc->categories);
@@ -1557,7 +1556,7 @@ static void virtio_ccw_crypto_class_init(ObjectClass 
*klass, void *data)
  VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);

  k->realize = virtio_ccw_crypto_realize;
-k->exit = virtio_ccw_exit;
+k->unrealize = virtio_ccw_unrealize;
  dc->reset = virtio_ccw_reset;
  dc->props = virtio_ccw_crypto_properties;
  set_bit(DEVICE_CATEGORY_MISC, dc->categories);
@@ -1595,7 +1594,7 @@ static void virtio_ccw_gpu_class_init(ObjectClass *klass, 
void *data)
  VirtIOCCWDeviceClass *

[Qemu-devel] [PATCH v5 08/14] qapi: force a UTF-8 locale for running Python

[Daniel P. Berrange]

Python2 did not validate locale correctness when reading input data, so
would happily read UTF-8 data in non-UTF-8 locales. Python3 is strict so
if you try to read UTF-8 data in the C locale, it will raise an error
for any UTF-8 bytes that aren't representable in 7-bit ascii encoding.
e.g.

UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 54: 
ordinal not in range(128)
Traceback (most recent call last):
  File "/tmp/qemu-test/src/scripts/qapi-commands.py", line 317, in 
schema = QAPISchema(input_file)
  File "/tmp/qemu-test/src/scripts/qapi.py", line 1468, in __init__
parser = QAPISchemaParser(open(fname, 'r'))
  File "/tmp/qemu-test/src/scripts/qapi.py", line 301, in __init__
previously_included)
  File "/tmp/qemu-test/src/scripts/qapi.py", line 348, in _include
exprs_include = QAPISchemaParser(fobj, previously_included, info)
  File "/tmp/qemu-test/src/scripts/qapi.py", line 271, in __init__
self.src = fp.read()
  File "/usr/lib64/python3.5/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]

More background on this can be seen in

  https://www.python.org/dev/peps/pep-0538/

Many distros support a new C.UTF-8 locale that is like the C locale,
but with UTF-8 instead of 7-bit ASCII. That is not entirely portable
though. This patch thus sets the LANG to "C", but overrides LC_CTYPE
to be en_US.UTF-8 locale. This gets us pretty close to C.UTF-8, but
in a way that should be portable to everywhere QEMU builds.

This patch only forces UTF-8 for QAPI scripts, since that is the one
showing the immediate error under Python3 with C locale, but potentially
we ought to force this for all python scripts used in the build process.

Signed-off-by: Daniel P. Berrange 
---
 Makefile | 22 --
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
index d86ecd2dd4..63767bb11f 100644
--- a/Makefile
+++ b/Makefile
@@ -17,6 +17,8 @@ ifneq ($(wildcard config-host.mak),)
 all:
 include config-host.mak
 
+PYTHON_UTF8 = LC_ALL= LANG=C LC_CTYPE=en_US.UTF-8 $(PYTHON)
+
 git-submodule-update:
 
 .PHONY: git-submodule-update
@@ -471,17 +473,17 @@ qapi-py = $(SRC_PATH)/scripts/qapi.py 
$(SRC_PATH)/scripts/ordereddict.py
 
 qga/qapi-generated/qga-qapi-types.c qga/qapi-generated/qga-qapi-types.h :\
 $(SRC_PATH)/qga/qapi-schema.json $(SRC_PATH)/scripts/qapi-types.py $(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-types.py \
+   $(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-types.py \
$(gen-out-type) -o qga/qapi-generated -p "qga-" $<, \
"GEN","$@")
 qga/qapi-generated/qga-qapi-visit.c qga/qapi-generated/qga-qapi-visit.h :\
 $(SRC_PATH)/qga/qapi-schema.json $(SRC_PATH)/scripts/qapi-visit.py $(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-visit.py \
+   $(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-visit.py \
$(gen-out-type) -o qga/qapi-generated -p "qga-" $<, \
"GEN","$@")
 qga/qapi-generated/qga-qmp-commands.h qga/qapi-generated/qga-qmp-marshal.c :\
 $(SRC_PATH)/qga/qapi-schema.json $(SRC_PATH)/scripts/qapi-commands.py 
$(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-commands.py \
+   $(call quiet-command,$(PYTHON_UTF8) 
$(SRC_PATH)/scripts/qapi-commands.py \
$(gen-out-type) -o qga/qapi-generated -p "qga-" $<, \
"GEN","$@")
 
@@ -502,27 +504,27 @@ qapi-modules = $(SRC_PATH)/qapi-schema.json 
$(SRC_PATH)/qapi/common.json \
 
 qapi-types.c qapi-types.h :\
 $(qapi-modules) $(SRC_PATH)/scripts/qapi-types.py $(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-types.py \
+   $(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-types.py \
$(gen-out-type) -o "." -b $<, \
"GEN","$@")
 qapi-visit.c qapi-visit.h :\
 $(qapi-modules) $(SRC_PATH)/scripts/qapi-visit.py $(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-visit.py \
+   $(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-visit.py \
$(gen-out-type) -o "." -b $<, \
"GEN","$@")
 qapi-event.c qapi-event.h :\
 $(qapi-modules) $(SRC_PATH)/scripts/qapi-event.py $(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-event.py \
+   $(call quiet-command,$(PYTHON_UTF8) $(SRC_PATH)/scripts/qapi-event.py \
$(gen-out-type) -o "." $<, \
"GEN","$@")
 qmp-commands.h qmp-marshal.c :\
 $(qapi-modules) $(SRC_PATH)/scripts/qapi-commands.py $(qapi-py)
-   $(call quiet-command,$(PYTHON) $(SRC_PATH)/scripts/qapi-commands.py \
+   $(call quiet-command,$(PYTHON_UTF8) 
$(SRC_PATH)/scripts/qapi-commands.py \
$(gen-out-type) -o "." $<, \
"GEN","$@")
 qmp-introspect.h qmp-introspect.c :\
 $(qapi-modules) $(SRC_PATH)/scripts/qapi-introspect.py $(qap

[Qemu-devel] [PATCH v5 10/14] configure: allow use of python 3

[Daniel P. Berrange]

Signed-off-by: Daniel P. Berrange 
---
 configure | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index b272a0336b..60b99f45f6 100755
--- a/configure
+++ b/configure
@@ -1598,9 +1598,8 @@ fi
 
 # Note that if the Python conditional here evaluates True we will exit
 # with status 1 which is a shell 'false' value.
-if ! $python -c 'import sys; sys.exit(sys.version_info < (2,6) or 
sys.version_info >= (3,))'; then
-  error_exit "Cannot use '$python', Python 2.6 or later is required." \
-  "Note that Python 3 or later is not yet supported." \
+if ! $python -c 'import sys; sys.exit(sys.version_info < (2,6))'; then
+  error_exit "Cannot use '$python', Python 2 >= 2.6 or Python 3 is required." \
   "Use --python=/path/to/python to specify a supported Python."
 fi
 
-- 
2.14.3

Re: [Qemu-devel] [PATCHv2 1/2] spapr: Allow some cases where we can't set VSMT mode in the kernel

[David Gibson]

On Tue, Jan 16, 2018 at 10:20:18AM +0100, Greg Kurz wrote:
> On Tue, 16 Jan 2018 15:47:13 +1100
> David Gibson  wrote:
> 
> > At present if we require a vsmt mode that's not equal to the kernel's
> > default, and the kernel doesn't let us change it (e.g. because it's an old
> > kernel without support) then we always fail.
> > 
> > But in fact we can cope with the kernel having a different vsmt as long as
> >   a) it's >= the actual number of vthreads/vcore (so that guest threads
> >  that are supposed to be on the same core act like it)
> >   b) it's a submultiple of the requested vsmt mode (so that guest threads
> >  spaced by the vsmt value will act like they're on different cores)
> > 
> > Allowing this case gives us a bit more freedom to adjust the vsmt behaviour
> > without breaking existing cases.
> > 
> > Signed-off-by: David Gibson 
> > ---
> 
> I could check the following on a POWER9 host:
> 
> $ ./ppc64-softmmu/qemu-system-ppc64 -accel kvm -smp threads=1
> qemu-system-ppc64: warning: Failed to set KVM's VSMT mode to 8 (errno -22)
> 
> and the guest boots.
> 
> $ ./ppc64-softmmu/qemu-system-ppc64 -accel kvm -smp threads=2
> qemu-system-ppc64: Failed to set KVM's VSMT mode to 8 (errno -22)
> On PPC, a VM with 2 threads/core on a host with 1 threads/core requires the
>  use of VSMT mode 8.
> This KVM seems to be too old to support VSMT.
> 
> and QEMU exits.

I assume the above is with an old kernel that doesn't have the ability
to set the SMT cap?

> 
> Tested-by: Greg Kurz 
> 
> Just one minor remark below but anyway:
> 
> Reviewed-by: Greg Kurz 
> 
> >  hw/ppc/spapr.c | 26 +++---
> >  1 file changed, 19 insertions(+), 7 deletions(-)
> > 
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index e35214bfc3..6d3613d934 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -2314,17 +2314,29 @@ static void spapr_set_vsmt_mode(sPAPRMachineState 
> > *spapr, Error **errp)
> >  if (kvm_enabled() && (spapr->vsmt != kvm_smt)) {
> >  ret = kvmppc_set_smt_threads(spapr->vsmt);
> >  if (ret) {
> > +/* Looks like KVM isn't able to change VSMT mode */
> >  error_setg(&local_err,
> > "Failed to set KVM's VSMT mode to %d (errno %d)",
> > spapr->vsmt, ret);
> > -if (!vsmt_user) {
> > -error_append_hint(&local_err, "On PPC, a VM with %d 
> > threads/"
> > - "core on a host with %d threads/core requires 
> > "
> > - " the use of VSMT mode %d.\n",
> > - smp_threads, kvm_smt, spapr->vsmt);
> > +/* We can live with that if the default one is big enough
> > + * for the number of threads, and a submultiple of the one
> > + * we want.  In this case we'll waste some vcpu ids, but
> > + * behaviour will be correct */
> > +if ((kvm_smt >= smp_threads) && (spapr->vsmt % kvm_smt) == 0) {
> 
> Inconsistent use of parens in the left and right operands of &&
> 
> > +warn_report_err(local_err);
> > +local_err = NULL;
> > +goto out;
> > +} else {
> > +if (!vsmt_user) {
> > +error_append_hint(&local_err,
> > +  "On PPC, a VM with %d threads/core"
> > +  " on a host with %d threads/core"
> > +  " requires the use of VSMT mode 
> > %d.\n",
> > +  smp_threads, kvm_smt, spapr->vsmt);
> > +}
> > +kvmppc_hint_smt_possible(&local_err);
> > +goto out;
> >  }
> > -kvmppc_hint_smt_possible(&local_err);
> > -goto out;
> >  }
> >  }
> >  /* else TCG: nothing to do currently */
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH v5 13/14] travis: improve python version test coverage

[Daniel P. Berrange]

Currently travis declares ancient python 2.4 is desired. Update that to
2.6 which is the oldest version any targetted distros still needs. If we
just list a python 3 version at the top level this will double the
number of travis jobs we run which is unreasonable.

So arbitrarily pick the clang test matrix entries to build with python
3.0 and 3.6, to extend coverage of python versions, without increasing
job count or build time.

Signed-off-by: Daniel P. Berrange 
---
 .travis.yml | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index f583839755..708c886017 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,7 @@
 sudo: false
 language: c
 python:
-  - "2.4"
+  - "2.6"
 compiler:
   - gcc
 cache: ccache
@@ -115,15 +115,17 @@ matrix:
 - sudo apt-get build-dep -qq qemu
 - wget -O - 
http://people.linaro.org/~alex.bennee/qemu-submodule-git-seed.tar.xz | tar -xvJ
 - git submodule update --init --recursive
-# Trusty System build with latest stable clang
+# Trusty System build with latest stable clang & python 3.0
 - sudo: required
   addons:
   dist: trusty
   language: generic
   compiler: none
+  python:
+- "3.0"
   env:
 - COMPILER_NAME=clang CXX=clang++-3.9 CC=clang-3.9
-- CONFIG="--disable-linux-user --cc=clang-3.9 --cxx=clang++-3.9"
+- CONFIG="--disable-linux-user --cc=clang-3.9 --cxx=clang++-3.9 
--python=/usr/bin/python3"
   before_install:
 - wget -nv -O - http://llvm.org/apt/llvm-snapshot.gpg.key | sudo 
apt-key add -
 - sudo apt-add-repository -y 'deb http://llvm.org/apt/trusty 
llvm-toolchain-trusty-3.9 main'
@@ -134,15 +136,17 @@ matrix:
 - git submodule update --init --recursive
   before_script:
 - ./configure ${CONFIG} || cat config.log
-# Trusty Linux User build with latest stable clang
+# Trusty Linux User build with latest stable clang & python 3.6
 - sudo: required
   addons:
   dist: trusty
   language: generic
   compiler: none
+  python:
+- "3.6"
   env:
 - COMPILER_NAME=clang CXX=clang++-3.9 CC=clang-3.9
-- CONFIG="--disable-system --cc=clang-3.9 --cxx=clang++-3.9"
+- CONFIG="--disable-system --cc=clang-3.9 --cxx=clang++-3.9 
--python=/usr/bin/python3"
   before_install:
 - wget -nv -O - http://llvm.org/apt/llvm-snapshot.gpg.key | sudo 
apt-key add -
 - sudo apt-add-repository -y 'deb http://llvm.org/apt/trusty 
llvm-toolchain-trusty-3.9 main'
-- 
2.14.3

[Qemu-devel] [PATCH v5 00/14] Support building with py2 or py3

[Daniel P. Berrange]

This is an update for my previously posted series:

 v2: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg06528.html
 v3: https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02978.html
 v4: https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg03150.html

This series enables some level of CI testing for py3 so that our CI jobs will
get coverage of both py2 and py3 builds to avoid bitrot.

I did a test travis build with py 3.0 and py 3.6 and got success:

  https://travis-ci.org/berrange/qemu/builds/328223261

The goal was to achieve the following

  ./configure --python=/usr/bin/python3
  make
  make check

This still requires passing python path to configure explicitly. A
further improvement would be for configure to automatically detect
a pythjon 3 binary and use it preferentially to python 2.

I have not attempted to fix/validate the block I/O tests. I would expect
them to be broken, but easily fixable with the similar kind of scope
changes as seen here. I felt it better to tackle that separately to
avoid this initial series getting too large.

Although the Python 2 EOL date is 2020, we already have distros which
are not shipping Python 2 by default (Fedora >= 26 has dropped Py2 from
the default install). Any new releases of long life and/or enterprise
distros may well not ship Python 2 given that it would go EOL long
before the EOL of the distro itself. IOW QEMU does have a fairly pressing
need to be able to support Python 3 for building.

A request for py3 is tracked here:

   https://bugs.launchpad.net/qemu/+bug/1708462

If, rather than supporting py2+py3 in parallel, we wish to entirely drop
py2 support, this series would not change significantly

 - The "from __future__ import print_function" line can be removed
   from patch 1.
 - The code in patches 2, 3, 4 to deal with changed module names
   for a few functions can be simpified to only try the py3 location
 - The travis + docker jobs would be fully updated to install py3,
   or delete jobs which can't support py3

Given how little code is removed should we drop py2 support, I don't
believe it is in our immediate interests to do this. It would create
extra pain for consumers of QEMU, with little benefit to QEMU code
maintainance. The key thing is ensuring our travis+docker jobs provide
satisfactory automated test coverage for the variety of python versions
in the distros we care about targetting.

NB, Patch 11 here is not related to python 3 work - it was just a
temporary pre-requisite of pulling in the keycodemapdb update.

Changes since v4:

 - Fix broken rebase which accidentally squashed first two
   patches together
 - Unset LC_ALL, and set LANG + LC_CTYPE, instead of only LANG (Eric)

Changes since v3:

 - Remove space before '(' in print() function calls (Phillippe)
 - Force use of en_US.UTF-8 for QAPI code generation (Patchew)

Changes since v2:

 - Pull in fix for keycodemapdb
 - Enable testing with Travis
 - Enable testing with Fedora Docker images
 - Fix for sort ordering to fix 'make check-qapi-schema'
 - Fix for signrom data

Daniel P. Berrange (13):
  qapi: convert to use python print function instead of statement
  qapi: use items()/values() intead of iteritems()/itervalues()
  qapi: Use OrderedDict from standard library if available
  qapi: adapt to moved location of StringIO module in py3
  qapi: Adapt to moved location of 'maketrans' function in py3
  qapi: remove '-q' arg to diff when comparing QAPI output
  qapi: ensure stable sort ordering when checking QAPI entities
  qapi: force a UTF-8 locale for running Python
  scripts: ensure signrom treats data as bytes
  configure: allow use of python 3
  ui: update keycodemapdb to get py3 fixes
  travis: improve python version test coverage
  docker: change Fedora images to run with python3

Miika S (1):
  input: add missing JIS keys to virtio input

 .travis.yml| 14 +++
 Makefile   | 22 +
 configure  |  5 ++--
 hw/input/virtio-input-hid.c|  7 ++
 qapi/ui.json   |  5 +++-
 scripts/qapi.py| 43 --
 scripts/qapi2texi.py   | 11 +
 scripts/signrom.py |  4 ++--
 tests/Makefile.include |  6 ++---
 tests/docker/dockerfiles/fedora.docker |  3 ++-
 tests/qapi-schema/test-qapi.py | 43 +-
 ui/keycodemapdb|  2 +-
 12 files changed, 96 insertions(+), 69 deletions(-)

-- 
2.14.3

[Qemu-devel] [PATCH v5 02/14] qapi: use items()/values() intead of iteritems()/itervalues()

[Daniel P. Berrange]

The iteritems()/itervalues() methods are gone in py3, but the
items()/values() methods are still around. The latter are less
efficient than the former in py2, but this has unmeasurably
small impact on QEMU build time, so taking portability over
efficiency is a net win.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrange 
---
 scripts/qapi.py| 12 ++--
 scripts/qapi2texi.py   |  2 +-
 tests/qapi-schema/test-qapi.py |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 64fde4b6c5..98d7123d27 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -245,7 +245,7 @@ class QAPIDoc(object):
"'Returns:' is only valid for commands")
 
 def check(self):
-bogus = [name for name, section in self.args.iteritems()
+bogus = [name for name, section in self.args.items()
  if not section.member]
 if bogus:
 raise QAPISemError(
@@ -300,7 +300,7 @@ class QAPISchemaParser(object):
 if not isinstance(pragma, dict):
 raise QAPISemError(
 info, "Value of 'pragma' must be a dictionary")
-for name, value in pragma.iteritems():
+for name, value in pragma.items():
 self._pragma(name, value, info)
 else:
 expr_elem = {'expr': expr,
@@ -1566,7 +1566,7 @@ class QAPISchema(object):
 
 def _make_members(self, data, info):
 return [self._make_member(key, value, info)
-for (key, value) in data.iteritems()]
+for (key, value) in data.items()]
 
 def _def_struct_type(self, expr, info, doc):
 name = expr['struct']
@@ -1598,11 +1598,11 @@ class QAPISchema(object):
 name, info, doc, 'base', self._make_members(base, info)))
 if tag_name:
 variants = [self._make_variant(key, value)
-for (key, value) in data.iteritems()]
+for (key, value) in data.items()]
 members = []
 else:
 variants = [self._make_simple_variant(key, value, info)
-for (key, value) in data.iteritems()]
+for (key, value) in data.items()]
 typ = self._make_implicit_enum_type(name, info,
 [v.name for v in variants])
 tag_member = QAPISchemaObjectTypeMember('type', typ, False)
@@ -1617,7 +1617,7 @@ class QAPISchema(object):
 name = expr['alternate']
 data = expr['data']
 variants = [self._make_variant(key, value)
-for (key, value) in data.iteritems()]
+for (key, value) in data.items()]
 tag_member = QAPISchemaObjectTypeMember('type', 'QType', False)
 self._def_entity(
 QAPISchemaAlternateType(name, info, doc,
diff --git a/scripts/qapi2texi.py b/scripts/qapi2texi.py
index 70e1fe76ef..bf1c57b2e2 100755
--- a/scripts/qapi2texi.py
+++ b/scripts/qapi2texi.py
@@ -146,7 +146,7 @@ def texi_member(member, suffix=''):
 def texi_members(doc, what, base, variants, member_func):
 """Format the table of members"""
 items = ''
-for section in doc.args.itervalues():
+for section in doc.args.values():
 # TODO Drop fallbacks when undocumented members are outlawed
 if section.text:
 desc = texi_format(section.text)
diff --git a/tests/qapi-schema/test-qapi.py b/tests/qapi-schema/test-qapi.py
index a43fa873e1..ac43d3458e 100644
--- a/tests/qapi-schema/test-qapi.py
+++ b/tests/qapi-schema/test-qapi.py
@@ -63,7 +63,7 @@ for doc in schema.docs:
 else:
 print('doc freeform')
 print('body=\n%s' % doc.body.text)
-for arg, section in doc.args.iteritems():
+for arg, section in doc.args.items():
 print('arg=%s\n%s' % (arg, section.text))
 for section in doc.sections:
 print('section=%s\n%s' % (section.name, section.text))
-- 
2.14.3

[Qemu-devel] [PATCH v5 14/14] docker: change Fedora images to run with python3

[Daniel P. Berrange]

Fedora has switched to Python 3 by default, so it makes sense to use that
for testing QEMU builds, so we get testing of Python 3 compatibility.

Signed-off-by: Daniel P. Berrange 
---
 tests/docker/dockerfiles/fedora.docker | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index 4b26c3aded..a22fe16157 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -1,6 +1,6 @@
 FROM fedora:latest
 ENV PACKAGES \
-ccache gettext git tar PyYAML sparse flex bison python2 bzip2 hostname \
+ccache gettext git tar PyYAML sparse flex bison python3 bzip2 hostname \
 glib2-devel pixman-devel zlib-devel SDL-devel libfdt-devel \
 gcc gcc-c++ clang make perl which bc findutils libaio-devel \
 nettle-devel \
@@ -12,6 +12,7 @@ ENV PACKAGES \
 mingw64-gtk2 mingw64-gtk3 mingw64-gnutls mingw64-nettle mingw64-libtasn1 \
 mingw64-libjpeg-turbo mingw64-libpng mingw64-curl mingw64-libssh2 \
 mingw64-bzip2
+ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3
 
 RUN dnf install -y $PACKAGES
 RUN rpm -q $PACKAGES | sort > /packages.txt
-- 
2.14.3

[Qemu-devel] [PATCH v5 01/14] qapi: convert to use python print function instead of statement

[Daniel P. Berrange]

Python 3 no longer supports the bare "print" statement, it must be
called as a normal function with round brackets. It is possible to
opt-in to this new syntax with Python 2.6 onwards by importing the
"print_function" from the "__future__" module, making it easy to
support Python 2 and 3 in parallel.

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrange 
---
 scripts/qapi.py| 12 ++--
 scripts/qapi2texi.py   |  9 +
 tests/qapi-schema/test-qapi.py | 41 +
 3 files changed, 32 insertions(+), 30 deletions(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 43a54bf40f..64fde4b6c5 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -11,6 +11,7 @@
 # This work is licensed under the terms of the GNU GPL, version 2.
 # See the COPYING file in the top-level directory.
 
+from __future__ import print_function
 import errno
 import getopt
 import os
@@ -1467,7 +1468,7 @@ class QAPISchema(object):
 self._def_exprs()
 self.check()
 except QAPIError as err:
-print >>sys.stderr, err
+print(err, file=sys.stderr)
 exit(1)
 
 def _def_entity(self, ent):
@@ -1931,7 +1932,7 @@ def parse_command_line(extra_options='', 
extra_long_options=[]):
['source', 'header', 'prefix=',
 'output-dir='] + extra_long_options)
 except getopt.GetoptError as err:
-print >>sys.stderr, "%s: %s" % (sys.argv[0], str(err))
+print("%s: %s" % (sys.argv[0], str(err)), file=sys.stderr)
 sys.exit(1)
 
 output_dir = ''
@@ -1945,9 +1946,8 @@ def parse_command_line(extra_options='', 
extra_long_options=[]):
 if o in ('-p', '--prefix'):
 match = re.match(r'([A-Za-z_.-][A-Za-z0-9_.-]*)?', a)
 if match.end() != len(a):
-print >>sys.stderr, \
-"%s: 'funny character '%s' in argument of --prefix" \
-% (sys.argv[0], a[match.end()])
+print("%s: 'funny character '%s' in argument of --prefix" \
+  % (sys.argv[0], a[match.end()]), file=sys.stderr)
 sys.exit(1)
 prefix = a
 elif o in ('-o', '--output-dir'):
@@ -1964,7 +1964,7 @@ def parse_command_line(extra_options='', 
extra_long_options=[]):
 do_h = True
 
 if len(args) != 1:
-print >>sys.stderr, "%s: need exactly one argument" % sys.argv[0]
+print("%s: need exactly one argument" % sys.argv[0], file=sys.stderr)
 sys.exit(1)
 fname = args[0]
 
diff --git a/scripts/qapi2texi.py b/scripts/qapi2texi.py
index 92e2af2cd6..70e1fe76ef 100755
--- a/scripts/qapi2texi.py
+++ b/scripts/qapi2texi.py
@@ -4,6 +4,7 @@
 # This work is licensed under the terms of the GNU LGPL, version 2+.
 # See the COPYING file in the top-level directory.
 """This script produces the documentation of a qapi schema in texinfo format"""
+from __future__ import print_function
 import re
 import sys
 
@@ -274,15 +275,15 @@ def texi_schema(schema):
 def main(argv):
 """Takes schema argument, prints result to stdout"""
 if len(argv) != 2:
-print >>sys.stderr, "%s: need exactly 1 argument: SCHEMA" % argv[0]
+print("%s: need exactly 1 argument: SCHEMA" % argv[0], file=sys.stderr)
 sys.exit(1)
 
 schema = qapi.QAPISchema(argv[1])
 if not qapi.doc_required:
-print >>sys.stderr, ("%s: need pragma 'doc-required' "
- "to generate documentation" % argv[0])
+print("%s: need pragma 'doc-required' "
+   "to generate documentation" % argv[0], file=sys.stderr)
 sys.exit(1)
-print texi_schema(schema)
+print(texi_schema(schema))
 
 
 if __name__ == '__main__':
diff --git a/tests/qapi-schema/test-qapi.py b/tests/qapi-schema/test-qapi.py
index fe0ca08d78..a43fa873e1 100644
--- a/tests/qapi-schema/test-qapi.py
+++ b/tests/qapi-schema/test-qapi.py
@@ -10,6 +10,7 @@
 # See the COPYING file in the top-level directory.
 #
 
+from __future__ import print_function
 from qapi import *
 from pprint import pprint
 import os
@@ -18,51 +19,51 @@ import sys
 
 class QAPISchemaTestVisitor(QAPISchemaVisitor):
 def visit_enum_type(self, name, info, values, prefix):
-print 'enum %s %s' % (name, values)
+print('enum %s %s' % (name, values))
 if prefix:
-print 'prefix %s' % prefix
+print('prefix %s' % prefix)
 
 def visit_object_type(self, name, info, base, members, variants):
-print 'object %s' % name
+print('object %s' % name)
 if base:
-print 'base %s' % base.name
+print('base %s' % base.name)
 for m in members:
-print 'member %s: %s optional=%s' % \
-(m.name, m.type.name, m.optional)
+print('member %s: %s optional=%s' % \
+

[Qemu-devel] [PATCH v5 06/14] qapi: remove '-q' arg to diff when comparing QAPI output

[Daniel P. Berrange]

When the qapi schema tests fail they merely print that the expected
output didn't match the actual output. This is largely useless when
trying diagnose what went wrong. Removing the '-q' arg to diff
means that it is still silent on successful tests, but when it
fails we'll see details of the incorrect output.

Reviewed-by: Eric Blake 
Signed-off-by: Daniel P. Berrange 
---
 tests/Makefile.include | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 39a4b5359d..d65fb4e1b3 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -908,10 +908,10 @@ $(patsubst %, check-%, $(check-qapi-schema-y)): 
check-%.json: $(SRC_PATH)/%.json
$^ >$*.test.out 2>$*.test.err; \
echo $$? >$*.test.exit, \
"TEST","$*.out")
-   @diff -q $(SRC_PATH)/$*.out $*.test.out
+   @diff $(SRC_PATH)/$*.out $*.test.out
@# Sanitize error messages (make them independent of build directory)
-   @perl -p -e 's|\Q$(SRC_PATH)\E/||g' $*.test.err | diff -q 
$(SRC_PATH)/$*.err -
-   @diff -q $(SRC_PATH)/$*.exit $*.test.exit
+   @perl -p -e 's|\Q$(SRC_PATH)\E/||g' $*.test.err | diff 
$(SRC_PATH)/$*.err -
+   @diff $(SRC_PATH)/$*.exit $*.test.exit
 
 .PHONY: check-tests/qapi-schema/doc-good.texi
 check-tests/qapi-schema/doc-good.texi: tests/qapi-schema/doc-good.test.texi
-- 
2.14.3

Re: [Qemu-devel] [Qemu-ppc] [QEMU-PPC] [PATCH V3 0/6] target/ppc: Rework spapr_caps

[Andrea Bolognani]

On Mon, 2018-01-15 at 17:32 +1100, Suraj Jitindar Singh wrote:
> The following patch series adds 3 new tristate capabilities and their
> associated handling.
> 
> A new H-Call is implemented which a guest will use to query the
> requirement for and availability of workarounds for certain cpu
> behaviours.
> 
> Applies on top of David's tree: ppc-for-2.12
> 
> The first patch from the previous revision has already been merged:
> hw/ppc/spapr_caps: Rework spapr_caps to use uint8 internal representation
> 
> The main changes to V3 are:
> - Split up the addition of the tristate caps into 5 patches
>   - 1/6 query the caps from the hypervisor and parse the new return format
>   - 2/6 add support for the new caps
>   - 3-5/6 add each of the three new caps
> - Patch 6/6 Unchanged

Correct me if I'm wrong, but it seems to me like there's no way
to figure out through QMP whether these new machine options can be
used for a given QEMU binary.

If so, that's very unfortunate because it means that libvirt has
only two options: 1) just use them if the user requests the
corresponding feature, which will lead to older QEMU binaries
simply refusing to start; or 2) perform a version number check,
which will not be accurate if downstream backports are involved.

Would this information be added to the MachineInfo struct, so that
query-machines reports it? Or would a new QMP command be more
appropriate for the task?

Alternatively, if there's any witness we can use instead of an
explicit capability, let me know. But I still think we should
think about a better long-term solution, especially because this
seems to be happening quite frequently lately: see the hpt-resizing
and max-cpu-compat machine properties, which are just as opaque
from an introspection point of view.

Sorry for not bringing this up earlier.

-- 
Andrea Bolognani / Red Hat / Virtualization

Re: [Qemu-devel] [PULL v3 00/53] Misc changes for 2017-01-12

[Marc-André Lureau]

Hi

On Tue, Jan 16, 2018 at 1:06 PM, Peter Maydell  wrote:
> On 16 January 2018 at 11:58, Marc-André Lureau
>  wrote:
>> Hi
>>
>> On Tue, Jan 16, 2018 at 12:25 PM, Peter Maydell
>>  wrote:
>>> On 15 January 2018 at 23:35, Paolo Bonzini  wrote:
 The following changes since commit 
 997eba28a3ed5400a80f754bf3a1c8044b75b9ff:

   Merge remote-tracking branch 
 'remotes/pmaydell/tags/pull-target-arm-20180111' into staging (2018-01-11 
 14:34:41 +)

 are available in the git repository at:


   git://github.com/bonzini/qemu.git tags/for-upstream

 for you to fetch changes up to ff9adba50bf8a4c080b8aee9be2314ef179a7b5f:

   ucontext: annotate coroutine stack for ASAN (2018-01-12 15:21:14 +0100)

 
 * QemuMutex tracing improvements (Alex)
 * ram_addr_t optimization (David)
 * SCSI fixes (Fam, Stefan, me)
 * do {} while (0) fixes (Eric)
 * KVM fix for PMU (Jan)
 * memory leak fixes from ASAN (Marc-André)
 * migration fix for HPET, icount, loadvm (Maria, Pavel)
 * hflags fixes (me, Tao)
 * block/iscsi uninitialized variable (Peter L.)
 * full support for GMainContexts in character devices (Peter Xu)
 * more boot-serial-test (Thomas)
 * Memory leak fix (Zhecheng)
>>>
>>> Various build failures, I'm afraid:
>>>
>>
>> damn, sorry..
>>
>>> x86-64/Linux/gcc:
>>>
>>> configure produces an error message:
>>>
>>> ERROR: ASAN build enabled, but ASAN header is too old.
>>>Without code annotation, the report may be inferior.
>>>
>>> even though this configure did not explicitly request ASAN.
>>> Then configure seems to exit successfully anyway, since the
>>> build proceeds.
>>
>> ASAN is enabled by default if available when --enable-debug. We could
>> add more flags if that helps.
>
> Configure switches should work like this:
>  * default: use feature if present, but don't complain if not present
>or not usable
>  * --enable-foo: use feature. if feature not present, complain and
>fail configure
>  * --disable-foo: don't test for or use feature

Would that be enough to drop the "ERROR:" prefix ?

>>> For some reason the build creates config-target.h a lot:
>
>> One per target no? (the build should be more silent than before)
>
> Oh, I guess that makes sense. It's a bit odd that the message neither
> gives the target part of the filename nor has those entering/leaving
> directory messages...
>
>>>
>>> Then it runs configure again, this time without the ERROR message,
>>> and eventually fails with:
>>>
>>>   CC  hw/display/exynos4210_fimd.o
>>> /home/petmay01/linaro/qemu-for-merges/hw/display/exynos4210_fimd.c: In
>>> function ‘fimd_get_buffer_id’:
>>> /home/petmay01/linaro/qemu-for-merges/hw/display/exynos4210_fimd.c:1105:5:
>>> error: case label does not reduce to an integer constant
>>>  case FIMD_WINCON_BUF2_STAT:
>>
>> never saw that error, hmm interesting. This is related to
>> -fsanitize=address ? Is this on Debian stable?

Interesting, looks like a bug in gcc ubsan that doesn't happen with
recent versions (related to
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80550 but probably a
different bug). Adding a cast is enough:

-#define FIMD_WINCON_BUF2_STAT   ((0 << 21) | (1 << 31))
+#define FIMD_WINCON_BUF2_STAT   (uint32_t)((0 << 21) | (1 << 31))

It looks like there are no other cases like this



>
> Ubuntu xenial (16.04.3 LTS). No idea if it's related to the
> sanitizer or not.
>
>>
>>>  ^
>>>
>>> On sparc64 host configure fails:
>
>> Hmm, I guess the check -fsanitize=address doesn't return an error
>> unless -Werror is given. Perhaps it needs:
>>
>> diff --git a/configure b/configure
>> index f5550f3289..ba68c550c9 100755
>> --- a/configure
>> +++ b/configure
>> @@ -5190,7 +5190,7 @@ fi
>>
>>  have_asan=no
>>  write_c_skeleton
>> -if compile_prog "-fsanitize=address" ""; then
>> +if compile_prog "-Werror -fsanitize=address" ""; then
>>  have_asan=yes
>>  fi
>>
>> @@ -5207,7 +5207,7 @@ int main(void) {
>>return 0;
>>  }
>>  EOF
>> -if compile_prog "-fsanitize=address" "" ; then
>> +if compile_prog "-Werror -fsanitize=address" "" ; then
>>  have_asan_iface_fiber=yes
>>  fi
>>
>
> Looks plausible.

Actually, it probably needs also $CPU_CFLAGS

Paolo, would you drop "build-sys: add some sanitizers when
--enable-debug if possible" & "ucontext: annotate coroutine stack for
ASAN" from the series? I'll send a new version for those 2.

Thanks


-- 
Marc-André Lureau

[Qemu-devel] [PATCH v5 04/14] qapi: adapt to moved location of StringIO module in py3

[Daniel P. Berrange]

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrange 
---
 scripts/qapi.py | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/scripts/qapi.py b/scripts/qapi.py
index 514b7bb5a4..514cca44bf 100644
--- a/scripts/qapi.py
+++ b/scripts/qapi.py
@@ -22,6 +22,10 @@ try:
 from collections import OrderedDict
 except:
 from ordereddict import OrderedDict
+try:
+from StringIO import StringIO
+except ImportError:
+from io import StringIO
 
 builtin_types = {
 'null': 'QTYPE_QNULL',
@@ -1995,8 +1999,7 @@ def open_output(output_dir, do_c, do_h, prefix, c_file, 
h_file,
 if really:
 return open(name, opt)
 else:
-import StringIO
-return StringIO.StringIO()
+return StringIO()
 
 fdef = maybe_open(do_c, c_file, 'w')
 fdecl = maybe_open(do_h, h_file, 'w')
-- 
2.14.3

Re: [Qemu-devel] [PULL v3 00/53] Misc changes for 2017-01-12

[Paolo Bonzini]

On 16/01/2018 14:47, Peter Maydell wrote:
> On 16 January 2018 at 13:41, Paolo Bonzini  wrote:
>> On 16/01/2018 13:06, Peter Maydell wrote:
 ASAN is enabled by default if available when --enable-debug. We could
 add more flags if that helps.
>>> Configure switches should work like this:
>>>  * default: use feature if present, but don't complain if not present
>>>or not usable
>>>  * --enable-foo: use feature. if feature not present, complain and
>>>fail configure
>>>  * --disable-foo: don't test for or use feature
>>>
>>
>> However, --enable-debug has never worked like this (the "default" part)...
> 
> True, but -g, no optimization isn't really something we want to
> default to :-)

Same for ASAN. :-)

> I think the general principle that unless the user
> specifically said they cared about the address sanitizer we shouldn't
> complain if it happens not to work on this host is still a good one.

Yes, I agree.

So we need two options:

* --enable-asan defaults to not used, but also fails configure if ASAN
is not available/usable.

* if we want to have --enable-debug enable ASAN, it should however _not_
fail configure if ASAN is not available/usable.  (I am not sure anymore
it's a good idea).

The questions are:

* should fiber support be required for --enable-asan?  What is the
difference in the quality of the reports?

* if not, and assuming --enable-debug tries to enable ASAN, should
--enable-debug complain if fiber support is not required?  Should
--enable-debug enable ASAN if fiber support is not available?

* if --enable-debug does *not* try to enable ASAN, should test-debug add
--enable-asn?  (I think so).

Paolo

[Qemu-devel] [PATCH v3 3/4] cryptodev-vhost-user: add crypto session handler

[Jay Zhou]

From: Gonglei 

Introduce two vhost-user meassges: VHOST_USER_CREATE_CRYPTO_SESSION
and VHOST_USER_CLOSE_CRYPTO_SESSION. At this point, the QEMU side
support crypto operation in cryptodev host-user backend.

Signed-off-by: Gonglei 
Signed-off-by: Longpeng(Mike) 
Signed-off-by: Jay Zhou 
---
 backends/cryptodev-vhost-user.c   |  50 ++
 docs/interop/vhost-user.txt   |  26 ++
 hw/virtio/vhost-user.c| 104 ++
 include/hw/virtio/vhost-backend.h |   8 +++
 4 files changed, 177 insertions(+), 11 deletions(-)

diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 0b1f049..061c0e5 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -233,7 +233,26 @@ static int64_t cryptodev_vhost_user_sym_create_session(
CryptoDevBackendSymSessionInfo *sess_info,
uint32_t queue_index, Error **errp)
 {
-return 0;
+CryptoDevBackendClient *cc =
+   backend->conf.peers.ccs[queue_index];
+CryptoDevBackendVhost *vhost_crypto;
+uint64_t session_id = 0;
+int ret;
+
+vhost_crypto = cryptodev_vhost_user_get_vhost(cc,
+   backend, queue_index);
+if (vhost_crypto) {
+struct vhost_dev *dev = &(vhost_crypto->dev);
+ret = dev->vhost_ops->vhost_crypto_create_session(dev,
+   sess_info,
+&session_id);
+if (ret < 0) {
+return -1;
+} else {
+return session_id;
+}
+}
+return -1;
 }
 
 static int cryptodev_vhost_user_sym_close_session(
@@ -241,15 +260,24 @@ static int cryptodev_vhost_user_sym_close_session(
uint64_t session_id,
uint32_t queue_index, Error **errp)
 {
-return 0;
-}
-
-static int cryptodev_vhost_user_sym_operation(
- CryptoDevBackend *backend,
- CryptoDevBackendSymOpInfo *op_info,
- uint32_t queue_index, Error **errp)
-{
-return VIRTIO_CRYPTO_OK;
+CryptoDevBackendClient *cc =
+  backend->conf.peers.ccs[queue_index];
+CryptoDevBackendVhost *vhost_crypto;
+int ret;
+
+vhost_crypto = cryptodev_vhost_user_get_vhost(cc,
+  backend, queue_index);
+if (vhost_crypto) {
+struct vhost_dev *dev = &(vhost_crypto->dev);
+ret = dev->vhost_ops->vhost_crypto_close_session(dev,
+   session_id);
+if (ret < 0) {
+return -1;
+} else {
+return 0;
+}
+}
+return -1;
 }
 
 static void cryptodev_vhost_user_cleanup(
@@ -328,7 +356,7 @@ cryptodev_vhost_user_class_init(ObjectClass *oc, void *data)
 bc->cleanup = cryptodev_vhost_user_cleanup;
 bc->create_session = cryptodev_vhost_user_sym_create_session;
 bc->close_session = cryptodev_vhost_user_sym_close_session;
-bc->do_sym_op = cryptodev_vhost_user_sym_operation;
+bc->do_sym_op = NULL;
 }
 
 static const TypeInfo cryptodev_vhost_user_info = {
diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
index d49444e..a5a6f89 100644
--- a/docs/interop/vhost-user.txt
+++ b/docs/interop/vhost-user.txt
@@ -354,6 +354,7 @@ Protocol features
 #define VHOST_USER_PROTOCOL_F_MTU4
 #define VHOST_USER_PROTOCOL_F_SLAVE_REQ  5
 #define VHOST_USER_PROTOCOL_F_CROSS_ENDIAN   6
+#define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7
 
 Master message types
 
@@ -623,6 +624,31 @@ Master message types
   and expect this message once (per VQ) during device configuration
   (ie. before the master starts the VQ).
 
+ * VHOST_USER_CREATE_CRYPTO_SESSION
+
+  Id: 23
+  Equivalent ioctl: N/A
+  Master payload: crypto session description
+  Slave payload: crypto session description
+
+  Create a session for crypto operation. The server side must return the
+  session id, 0 or positive for success, negative for failure.
+  This request should be sent only when 
VHOST_USER_PROTOCOL_F_CRYPTO_SESSION
+  feature has been successfully negotiated.
+  It's a required feature for crypto devices.
+
+ * VHOST_USER_CLOSE_CRYPTO_SESSION
+
+  Id: 24
+  Equivalent ioctl: N/A
+  Master payload: u64
+
+  Close a session for crypto operation which was previously
+  created by VHOST_USER_CREATE_CRYPTO_SESSION.
+  This request should be sent only when 
VHOST_USER_PROTOCOL_F_CRYPTO_SESSION
+  feature has been successfully negotiated.
+  It's a required feature for crypto devices.
+
 Slave message types
 ---
 
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 093675e..f779512 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -17,6 +17,7 @@
 #include "sysemu/kvm.h"
 #include "qemu/er

[Qemu-devel] [PATCH v5 09/14] scripts: ensure signrom treats data as bytes

[Daniel P. Berrange]

Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Daniel P. Berrange 
---
 scripts/signrom.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/signrom.py b/scripts/signrom.py
index d1dabe0240..0497a1c32e 100644
--- a/scripts/signrom.py
+++ b/scripts/signrom.py
@@ -18,7 +18,7 @@ fin = open(sys.argv[1], 'rb')
 fout = open(sys.argv[2], 'wb')
 
 magic = fin.read(2)
-if magic != '\x55\xaa':
+if magic != b'\x55\xaa':
 sys.exit("%s: option ROM does not begin with magic 55 aa" % sys.argv[1])
 
 size_byte = ord(fin.read(1))
@@ -33,7 +33,7 @@ elif len(data) < size:
 # Add padding if necessary, rounding the whole input to a multiple of
 # 512 bytes according to the third byte of the input.
 # size-1 because a final byte is added below to store the checksum.
-data = data.ljust(size-1, '\0')
+data = data.ljust(size-1, b'\0')
 else:
 if ord(data[-1:]) != 0:
 sys.stderr.write('WARNING: ROM includes nonzero checksum\n')
-- 
2.14.3

Re: [Qemu-devel] [PULL v3 00/53] Misc changes for 2017-01-12

[Peter Maydell]

On 16 January 2018 at 13:41, Paolo Bonzini  wrote:
> On 16/01/2018 13:06, Peter Maydell wrote:
>>> ASAN is enabled by default if available when --enable-debug. We could
>>> add more flags if that helps.
>> Configure switches should work like this:
>>  * default: use feature if present, but don't complain if not present
>>or not usable
>>  * --enable-foo: use feature. if feature not present, complain and
>>fail configure
>>  * --disable-foo: don't test for or use feature
>>
>
> However, --enable-debug has never worked like this (the "default" part)...

True, but -g, no optimization isn't really something we want to
default to :-) I think the general principle that unless the user
specifically said they cared about the address sanitizer we shouldn't
complain if it happens not to work on this host is still a good one.

thanks
-- PMM

Re: [Qemu-devel] [PULL v3 00/53] Misc changes for 2017-01-12

[Peter Maydell]

On 16 January 2018 at 13:50, Marc-André Lureau
 wrote:
> Interesting, looks like a bug in gcc ubsan that doesn't happen with
> recent versions (related to
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80550 but probably a
> different bug). Adding a cast is enough:
>
> -#define FIMD_WINCON_BUF2_STAT   ((0 << 21) | (1 << 31))
> +#define FIMD_WINCON_BUF2_STAT   (uint32_t)((0 << 21) | (1 << 31))
>
> It looks like there are no other cases like this

Rather than casting it's probably simpler to use "1U" to get that shift
to be the right type.

thanks
-- PMM

[Qemu-devel] [PATCH v3 0/4] cryptodev: add vhost support

[Jay Zhou]

From: Gonglei 

I posted the RFC verion a few months ago for DPDK
vhost-crypto implmention, and now it's time to send
the formal version. Because we need an user space scheme
for better performance.

The vhost user crypto server side patches had been
sent to DPDK community, pls see

[RFC PATCH 0/6] lib/librte_vhost: introduce new vhost_user crypto backend
support
http://dpdk.org/ml/archives/dev/2017-November/081048.html

You also can get virtio-crypto polling mode driver from:

[PATCH] virtio: add new driver for crypto devices
http://dpdk.org/ml/archives/dev/2017-November/081985.html

Gonglei (4):
  cryptodev: add vhost-user as a new cryptodev backend
  cryptodev: add vhost support
  cryptodev-vhost-user: add crypto session handler
  cryptodev-vhost-user: set the key length

 backends/Makefile.objs|   4 +
 backends/cryptodev-builtin.c  |   1 +
 backends/cryptodev-vhost-user.c   | 381 ++
 backends/cryptodev-vhost.c| 297 ++
 docs/interop/vhost-user.txt   |  26 +++
 hw/virtio/Makefile.objs   |   2 +-
 hw/virtio/vhost-user.c| 104 ++
 hw/virtio/virtio-crypto.c |  70 +++
 include/hw/virtio/vhost-backend.h |   8 +
 include/hw/virtio/virtio-crypto.h |   1 +
 include/sysemu/cryptodev-vhost-user.h |  47 +
 include/sysemu/cryptodev-vhost.h  | 154 ++
 include/sysemu/cryptodev.h|   8 +
 qemu-options.hx   |  21 ++
 vl.c  |   4 +
 15 files changed, 1127 insertions(+), 1 deletion(-)
 create mode 100644 backends/cryptodev-vhost-user.c
 create mode 100644 backends/cryptodev-vhost.c
 create mode 100644 include/sysemu/cryptodev-vhost-user.h
 create mode 100644 include/sysemu/cryptodev-vhost.h

--
1.8.3.1

[Qemu-devel] [PATCH v5 11/14] input: add missing JIS keys to virtio input

[Daniel P. Berrange]

From: Miika S 

keycodemapdb updated to add the QKeyCodes muhenkan and katakanahiragana

Signed-off-by: Miika S 
---
 hw/input/virtio-input-hid.c | 7 +++
 qapi/ui.json| 5 -
 ui/keycodemapdb | 2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/hw/input/virtio-input-hid.c b/hw/input/virtio-input-hid.c
index e78faec0b1..9628d289f9 100644
--- a/hw/input/virtio-input-hid.c
+++ b/hw/input/virtio-input-hid.c
@@ -139,6 +139,13 @@ static const unsigned int keymap_qcode[Q_KEY_CODE__MAX] = {
 [Q_KEY_CODE_META_L]  = KEY_LEFTMETA,
 [Q_KEY_CODE_META_R]  = KEY_RIGHTMETA,
 [Q_KEY_CODE_MENU]= KEY_MENU,
+
+[Q_KEY_CODE_MUHENKAN]= KEY_MUHENKAN,
+[Q_KEY_CODE_HENKAN]  = KEY_HENKAN,
+[Q_KEY_CODE_KATAKANAHIRAGANA]= KEY_KATAKANAHIRAGANA,
+[Q_KEY_CODE_COMPOSE] = KEY_COMPOSE,
+[Q_KEY_CODE_RO]  = KEY_RO,
+[Q_KEY_CODE_YEN] = KEY_YEN,
 };
 
 static const unsigned int keymap_button[INPUT_BUTTON__MAX] = {
diff --git a/qapi/ui.json b/qapi/ui.json
index 07b468f625..d6679aa8f5 100644
--- a/qapi/ui.json
+++ b/qapi/ui.json
@@ -748,6 +748,9 @@
 # @ac_bookmarks: since 2.10
 # altgr, altgr_r: dropped in 2.10
 #
+# @muhenkan: since 2.12
+# @katakanahiragana: since 2.12
+#
 # 'sysrq' was mistakenly added to hack around the fact that
 # the ps2 driver was not generating correct scancodes sequences
 # when 'alt+print' was pressed. This flaw is now fixed and the
@@ -775,7 +778,7 @@
 'left', 'up', 'down', 'right', 'insert', 'delete', 'stop', 'again',
 'props', 'undo', 'front', 'copy', 'open', 'paste', 'find', 'cut',
 'lf', 'help', 'meta_l', 'meta_r', 'compose', 'pause',
-'ro', 'hiragana', 'henkan', 'yen',
+'ro', 'hiragana', 'henkan', 'yen', 'muhenkan', 'katakanahiragana',
 'kp_comma', 'kp_equals', 'power', 'sleep', 'wake',
 'audionext', 'audioprev', 'audiostop', 'audioplay', 'audiomute',
 'volumeup', 'volumedown', 'mediaselect',
diff --git a/ui/keycodemapdb b/ui/keycodemapdb
index 10739aa260..05dad417e9 16
--- a/ui/keycodemapdb
+++ b/ui/keycodemapdb
@@ -1 +1 @@
-Subproject commit 10739aa26051a5d49d88132604539d3ed085e72e
+Subproject commit 05dad417e9d0b37ee1fba33056d91a6b734b3357
-- 
2.14.3

Re: [Qemu-devel] [Qemu-ppc] [QEMU-PPC] [PATCH V3 0/6] target/ppc: Rework spapr_caps

[David Gibson]

On Tue, Jan 16, 2018 at 02:47:13PM +0100, Andrea Bolognani wrote:
> On Mon, 2018-01-15 at 17:32 +1100, Suraj Jitindar Singh wrote:
> > The following patch series adds 3 new tristate capabilities and their
> > associated handling.
> > 
> > A new H-Call is implemented which a guest will use to query the
> > requirement for and availability of workarounds for certain cpu
> > behaviours.
> > 
> > Applies on top of David's tree: ppc-for-2.12
> > 
> > The first patch from the previous revision has already been merged:
> > hw/ppc/spapr_caps: Rework spapr_caps to use uint8 internal representation
> > 
> > The main changes to V3 are:
> > - Split up the addition of the tristate caps into 5 patches
> >   - 1/6 query the caps from the hypervisor and parse the new return format
> >   - 2/6 add support for the new caps
> >   - 3-5/6 add each of the three new caps
> > - Patch 6/6 Unchanged
> 
> Correct me if I'm wrong, but it seems to me like there's no way
> to figure out through QMP whether these new machine options can be
> used for a given QEMU binary.

Uh, I don't think so.  These are machine options like any other (just
constructed a bit differently).  So they'll appear in qemu -machine
pseries,? and I believe that info can also be retrieved with QMP.

> If so, that's very unfortunate because it means that libvirt has
> only two options: 1) just use them if the user requests the
> corresponding feature, which will lead to older QEMU binaries
> simply refusing to start; or 2) perform a version number check,
> which will not be accurate if downstream backports are involved.
> 
> Would this information be added to the MachineInfo struct, so that
> query-machines reports it? Or would a new QMP command be more
> appropriate for the task?
> 
> Alternatively, if there's any witness we can use instead of an
> explicit capability, let me know. But I still think we should
> think about a better long-term solution, especially because this
> seems to be happening quite frequently lately: see the hpt-resizing
> and max-cpu-compat machine properties, which are just as opaque
> from an introspection point of view.
> 
> Sorry for not bringing this up earlier.
> 

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 05/11] virtio-ccw: convert VirtIOCCWDeviceClass::init -> realize

[Philippe Mathieu-Daudé]

On 01/16/2018 10:41 AM, Farhan Ali wrote:
> shouldn't the commit message say exit -> unrealize?

Oops, indeed :|

Thanks :)

Phil.

> 
> 
> Thanks
> Farhan
> 
> On 01/16/2018 08:15 AM, Philippe Mathieu-Daudé wrote:
>> Signed-off-by: Philippe Mathieu-Daudé 
>> ---
>>   hw/s390x/virtio-ccw.h |  2 +-
>>   hw/s390x/virtio-ccw.c | 35 +--
>>   2 files changed, 18 insertions(+), 19 deletions(-)
>>
>> diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h
>> index 3905f3a3d6..2fc513001e 100644
>> --- a/hw/s390x/virtio-ccw.h
>> +++ b/hw/s390x/virtio-ccw.h
>> @@ -76,7 +76,7 @@ typedef struct VirtioCcwDevice VirtioCcwDevice;
>>   typedef struct VirtIOCCWDeviceClass {
>>   CCWDeviceClass parent_class;
>>   void (*realize)(VirtioCcwDevice *dev, Error **errp);
>> -    int (*exit)(VirtioCcwDevice *dev);
>> +    void (*unrealize)(VirtioCcwDevice *dev, Error **errp);
>>   } VirtIOCCWDeviceClass;
>>
>>   /* Performance improves when virtqueue kick processing is decoupled
>> from the
>> diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
>> index 38f6a8afc9..a71c3feeb5 100644
>> --- a/hw/s390x/virtio-ccw.c
>> +++ b/hw/s390x/virtio-ccw.c
>> @@ -751,7 +751,7 @@ out_err:
>>   g_free(sch);
>>   }
>>
>> -static int virtio_ccw_exit(VirtioCcwDevice *dev)
>> +static void virtio_ccw_unrealize(VirtioCcwDevice *dev, Error **errp)
>>   {
>>   CcwDevice *ccw_dev = CCW_DEVICE(dev);
>>   SubchDev *sch = ccw_dev->sch;
>> @@ -764,7 +764,6 @@ static int virtio_ccw_exit(VirtioCcwDevice *dev)
>>   release_indicator(&dev->routes.adapter, dev->indicators);
>>   dev->indicators = NULL;
>>   }
>> -    return 0;
>>   }
>>
>>   static void virtio_ccw_net_realize(VirtioCcwDevice *ccw_dev, Error
>> **errp)
>> @@ -1343,7 +1342,7 @@ static void
>> virtio_ccw_net_class_init(ObjectClass *klass, void *data)
>>   VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
>>
>>   k->realize = virtio_ccw_net_realize;
>> -    k->exit = virtio_ccw_exit;
>> +    k->unrealize = virtio_ccw_unrealize;
>>   dc->reset = virtio_ccw_reset;
>>   dc->props = virtio_ccw_net_properties;
>>   set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
>> @@ -1371,7 +1370,7 @@ static void
>> virtio_ccw_blk_class_init(ObjectClass *klass, void *data)
>>   VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
>>
>>   k->realize = virtio_ccw_blk_realize;
>> -    k->exit = virtio_ccw_exit;
>> +    k->unrealize = virtio_ccw_unrealize;
>>   dc->reset = virtio_ccw_reset;
>>   dc->props = virtio_ccw_blk_properties;
>>   set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
>> @@ -1399,7 +1398,7 @@ static void
>> virtio_ccw_serial_class_init(ObjectClass *klass, void *data)
>>   VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
>>
>>   k->realize = virtio_ccw_serial_realize;
>> -    k->exit = virtio_ccw_exit;
>> +    k->unrealize = virtio_ccw_unrealize;
>>   dc->reset = virtio_ccw_reset;
>>   dc->props = virtio_ccw_serial_properties;
>>   set_bit(DEVICE_CATEGORY_INPUT, dc->categories);
>> @@ -1427,7 +1426,7 @@ static void
>> virtio_ccw_balloon_class_init(ObjectClass *klass, void *data)
>>   VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
>>
>>   k->realize = virtio_ccw_balloon_realize;
>> -    k->exit = virtio_ccw_exit;
>> +    k->unrealize = virtio_ccw_unrealize;
>>   dc->reset = virtio_ccw_reset;
>>   dc->props = virtio_ccw_balloon_properties;
>>   set_bit(DEVICE_CATEGORY_MISC, dc->categories);
>> @@ -1455,7 +1454,7 @@ static void
>> virtio_ccw_scsi_class_init(ObjectClass *klass, void *data)
>>   VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
>>
>>   k->realize = virtio_ccw_scsi_realize;
>> -    k->exit = virtio_ccw_exit;
>> +    k->unrealize = virtio_ccw_unrealize;
>>   dc->reset = virtio_ccw_reset;
>>   dc->props = virtio_ccw_scsi_properties;
>>   set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
>> @@ -1482,7 +1481,7 @@ static void
>> vhost_ccw_scsi_class_init(ObjectClass *klass, void *data)
>>   VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
>>
>>   k->realize = vhost_ccw_scsi_realize;
>> -    k->exit = virtio_ccw_exit;
>> +    k->unrealize = virtio_ccw_unrealize;
>>   dc->reset = virtio_ccw_reset;
>>   dc->props = vhost_ccw_scsi_properties;
>>   set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
>> @@ -1519,7 +1518,7 @@ static void
>> virtio_ccw_rng_class_init(ObjectClass *klass, void *data)
>>   VirtIOCCWDeviceClass *k = VIRTIO_CCW_DEVICE_CLASS(klass);
>>
>>   k->realize = virtio_ccw_rng_realize;
>> -    k->exit = virtio_ccw_exit;
>> +    k->unrealize = virtio_ccw_unrealize;
>>   dc->reset = virtio_ccw_reset;
>>   dc->props = virtio_ccw_rng_properties;
>>   set_bit(DEVICE_CATEGORY_MISC, dc->categories);
>> @@ -1557,7 +1556,7 @@ static void
>> virtio_ccw_crypto_class_init(ObjectClass *klass, void *data)
>>   VirtIOCCWDeviceClass 

[Qemu-devel] [PATCH v5 12/14] ui: update keycodemapdb to get py3 fixes

[Daniel P. Berrange]

Signed-off-by: Daniel P. Berrange 
---
 ui/keycodemapdb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/keycodemapdb b/ui/keycodemapdb
index 05dad417e9..6b3d716e2b 16
--- a/ui/keycodemapdb
+++ b/ui/keycodemapdb
@@ -1 +1 @@
-Subproject commit 05dad417e9d0b37ee1fba33056d91a6b734b3357
+Subproject commit 6b3d716e2b6472eb7189d3220552280ef3d832ce
-- 
2.14.3

Re: [Qemu-devel] [PULL v1 0/8] Xilinx queue

[Peter Maydell]

On 16 January 2018 at 11:50, Edgar E. Iglesias  wrote:
> From: "Edgar E. Iglesias" 
>
> The following changes since commit f5213bd060b460c99e605472b7e03967db43:
>
>   Merge remote-tracking branch 'remotes/juanquintela/tags/migration/20180115' 
> into staging (2018-01-15 13:17:47 +)
>
> are available in the git repository at:
>
>   g...@github.com:edgarigl/qemu.git 
> tags/edgar/xilinx-next-2018-01.for-upstream
>
> for you to fetch changes up to e451272ac191cd3ac408bc89ea63a401e84d4224:
>
>   xlnx-zynqmp: Connect the IPI device to the ZynqMP SoC (2018-01-16 11:44:49 
> +0100)
>
> 
> Xilinx queue
>
> 
> Alistair Francis (8):
>   xlnx-zynqmp-pmu: Initial commit of the ZynqMP PMU
>   xlnx-zynqmp-pmu: Add the CPU and memory
>   aarch64-softmmu.mak: Use an ARM specific config
>   xlnx-pmu-iomod-intc: Add the PMU Interrupt controller
>   xlnx-zynqmp-pmu: Connect the PMU interrupt controller
>   xlnx-zynqmp-ipi: Initial version of the Xilinx IPI device
>   xlnx-zynqmp-pmu: Connect the IPI device to the PMU
>   xlnx-zynqmp: Connect the IPI device to the ZynqMP SoC
>

Hi -- this trips some new runtime sanitizer warnings:

  GTESTER check-qtest-microblaze
/home/petmay01/linaro/qemu-for-merges/vl.c:2279:16: runtime error:
null pointer passed as argument 1, which is declared to never be null
/usr/include/unistd.h:290:60: note: nonnull attribute specified here
/home/petmay01/linaro/qemu-for-merges/vl.c:2279:16: runtime error:
null pointer passed as argument 1, which is declared to never be null
/usr/include/unistd.h:290:60: note: nonnull attribute specified here
make: Leaving directory '/home/petmay01/linaro/qemu-for-merges/build/clang'
make: Entering directory '/home/petmay01/linaro/qemu-for-merges/build/clang'
  GTESTER check-qtest-microblazeel
/home/petmay01/linaro/qemu-for-merges/vl.c:2279:16: runtime error:
null pointer passed as argument 1, which is declared to never be null
/usr/include/unistd.h:290:60: note: nonnull attribute specified here
/home/petmay01/linaro/qemu-for-merges/vl.c:2279:16: runtime error:
null pointer passed as argument 1, which is declared to never be null
/usr/include/unistd.h:290:60: note: nonnull attribute specified here

This is because you've called qemu_find_file() with a NULL pointer
(which it then passes to access(), which it isn't valid to call with
a NULL pathname argument). Backtrace:

#0  0x55e446c1 in qemu_find_file (type=0, name=0x0)
at /home/petmay01/linaro/qemu-for-merges/vl.c:2279
#1  0x55dfd693 in microblaze_load_kernel (cpu=0x5824da28,
ddr_base=, ramsize=0, initrd_filename=,
dtb_filename=0x0, machine_cpu_reset=0x0)
at /home/petmay01/linaro/qemu-for-merges/hw/microblaze/boot.c:128
#2  0x55dfd519 in xlnx_zynqmp_pmu_init (machine=)
at /home/petmay01/linaro/qemu-for-merges/hw/microblaze/xlnx-zynqmp-pmu.c:190
#3  0x55f2fd5d in machine_run_board_init (machine=)
at /home/petmay01/linaro/qemu-for-merges/hw/core/machine.c:792
#4  0x55e4a357 in main (argc=, argv=, envp=)
at /home/petmay01/linaro/qemu-for-merges/vl.c:4622

thanks
-- PMM

[Qemu-devel] [PATCH v3 1/4] cryptodev: add vhost-user as a new cryptodev backend

[Jay Zhou]

From: Gonglei 

Usage:
 -chardev socket,id=charcrypto0,path=/path/to/your/socket
 -object cryptodev-vhost-user,id=cryptodev0,chardev=charcrypto0
 -device virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0

Signed-off-by: Gonglei 
Signed-off-by: Longpeng(Mike) 
Signed-off-by: Jay Zhou 
---
 backends/Makefile.objs   |   4 +
 backends/cryptodev-vhost-user.c  | 333 +++
 backends/cryptodev-vhost.c   |  73 +
 include/sysemu/cryptodev-vhost.h | 154 ++
 qemu-options.hx  |  21 +++
 vl.c |   4 +
 6 files changed, 589 insertions(+)
 create mode 100644 backends/cryptodev-vhost-user.c
 create mode 100644 backends/cryptodev-vhost.c
 create mode 100644 include/sysemu/cryptodev-vhost.h

diff --git a/backends/Makefile.objs b/backends/Makefile.objs
index 0400799..9e1fb76 100644
--- a/backends/Makefile.objs
+++ b/backends/Makefile.objs
@@ -8,3 +8,7 @@ common-obj-$(CONFIG_LINUX) += hostmem-file.o
 
 common-obj-y += cryptodev.o
 common-obj-y += cryptodev-builtin.o
+
+ifeq ($(CONFIG_VIRTIO),y)
+common-obj-$(CONFIG_LINUX) += cryptodev-vhost.o cryptodev-vhost-user.o
+endif
diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
new file mode 100644
index 000..4e63ece
--- /dev/null
+++ b/backends/cryptodev-vhost-user.c
@@ -0,0 +1,333 @@
+/*
+ * QEMU Cryptodev backend for QEMU cipher APIs
+ *
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ *
+ * Authors:
+ *Gonglei 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/boards.h"
+#include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
+#include "qemu/error-report.h"
+#include "standard-headers/linux/virtio_crypto.h"
+#include "sysemu/cryptodev-vhost.h"
+#include "chardev/char-fe.h"
+
+
+/**
+ * @TYPE_CRYPTODEV_BACKEND_VHOST_USER:
+ * name of backend that uses vhost user server
+ */
+#define TYPE_CRYPTODEV_BACKEND_VHOST_USER "cryptodev-vhost-user"
+
+#define CRYPTODEV_BACKEND_VHOST_USER(obj) \
+OBJECT_CHECK(CryptoDevBackendVhostUser, \
+ (obj), TYPE_CRYPTODEV_BACKEND_VHOST_USER)
+
+
+typedef struct CryptoDevBackendVhostUser {
+CryptoDevBackend parent_obj;
+
+CharBackend chr;
+char *chr_name;
+bool opened;
+CryptoDevBackendVhost *vhost_crypto[MAX_CRYPTO_QUEUE_NUM];
+} CryptoDevBackendVhostUser;
+
+static int
+cryptodev_vhost_user_running(
+ CryptoDevBackendVhost *crypto)
+{
+return crypto ? 1 : 0;
+}
+
+static void cryptodev_vhost_user_stop(int queues,
+  CryptoDevBackendVhostUser *s)
+{
+size_t i;
+
+for (i = 0; i < queues; i++) {
+if (!cryptodev_vhost_user_running(s->vhost_crypto[i])) {
+continue;
+}
+
+if (s->vhost_crypto) {
+cryptodev_vhost_cleanup(s->vhost_crypto[i]);
+s->vhost_crypto[i] = NULL;
+}
+}
+}
+
+static int
+cryptodev_vhost_user_start(int queues,
+ CryptoDevBackendVhostUser *s)
+{
+CryptoDevBackendVhostOptions options;
+CryptoDevBackend *b = CRYPTODEV_BACKEND(s);
+int max_queues;
+size_t i;
+
+for (i = 0; i < queues; i++) {
+if (cryptodev_vhost_user_running(s->vhost_crypto[i])) {
+continue;
+}
+
+options.opaque = &s->chr;
+options.backend_type = VHOST_BACKEND_TYPE_USER;
+options.cc = b->conf.peers.ccs[i];
+s->vhost_crypto[i] = cryptodev_vhost_init(&options);
+if (!s->vhost_crypto[i]) {
+error_report("failed to init vhost_crypto for queue %lu", i);
+goto err;
+}
+
+if (i == 0) {
+max_queues =
+  cryptodev_vhost_get_max_queues(s->vhost_crypto[i]);
+if (queues > max_queues) {
+error_report("you are asking more queues than supported: %d",
+ max_queues);
+goto err;
+}
+}
+}
+
+return 0;
+
+err:
+cryptodev_vhost_user_stop(i + 1, s);
+return -1;
+}
+
+static Chardev *
+cryptodev_vhost_claim_chardev(CryptoDevBackendVhostUser *s,
+Error **errp)
+{
+Chardev *chr;
+
+if (s->chr_name == NULL) {
+error_setg(errp, QERR_INVALID_PARAMETER_VALUE,
+   "chardev", "a valid

[Qemu-devel] [PATCH v3 2/4] cryptodev: add vhost support

[Jay Zhou]

From: Gonglei 

Impliment the vhost-crypto's funtions, such as startup,
stop and notification etc. Introduce an enum
QCryptoCryptoDevBackendOptionsType in order to
identify the cryptodev vhost backend is vhost-user
or vhost-kernel-module (If exist).

At this point, the cryptdoev-vhost-user works.

Signed-off-by: Gonglei 
Signed-off-by: Longpeng(Mike) 
Signed-off-by: Jay Zhou 
---
 backends/cryptodev-builtin.c  |   1 +
 backends/cryptodev-vhost-user.c   |  16 +++
 backends/cryptodev-vhost.c| 224 ++
 hw/virtio/Makefile.objs   |   2 +-
 hw/virtio/virtio-crypto.c |  70 +++
 include/hw/virtio/virtio-crypto.h |   1 +
 include/sysemu/cryptodev-vhost-user.h |  44 +++
 include/sysemu/cryptodev.h|   8 ++
 8 files changed, 365 insertions(+), 1 deletion(-)
 create mode 100644 include/sysemu/cryptodev-vhost-user.h

diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c
index 657c0ba..9fb0bd5 100644
--- a/backends/cryptodev-builtin.c
+++ b/backends/cryptodev-builtin.c
@@ -78,6 +78,7 @@ static void cryptodev_builtin_init(
   "cryptodev-builtin", NULL);
 cc->info_str = g_strdup_printf("cryptodev-builtin0");
 cc->queue_index = 0;
+cc->type = CRYPTODEV_BACKEND_TYPE_BUILTIN;
 backend->conf.peers.ccs[0] = cc;
 
 backend->conf.crypto_services =
diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 4e63ece..0b1f049 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -29,6 +29,7 @@
 #include "standard-headers/linux/virtio_crypto.h"
 #include "sysemu/cryptodev-vhost.h"
 #include "chardev/char-fe.h"
+#include "sysemu/cryptodev-vhost-user.h"
 
 
 /**
@@ -58,6 +59,20 @@ cryptodev_vhost_user_running(
 return crypto ? 1 : 0;
 }
 
+CryptoDevBackendVhost *
+cryptodev_vhost_user_get_vhost(
+ CryptoDevBackendClient *cc,
+ CryptoDevBackend *b,
+ uint16_t queue)
+{
+CryptoDevBackendVhostUser *s =
+  CRYPTODEV_BACKEND_VHOST_USER(b);
+assert(cc->type == CRYPTODEV_BACKEND_TYPE_VHOST_USER);
+assert(queue < MAX_CRYPTO_QUEUE_NUM);
+
+return s->vhost_crypto[queue];
+}
+
 static void cryptodev_vhost_user_stop(int queues,
   CryptoDevBackendVhostUser *s)
 {
@@ -190,6 +205,7 @@ static void cryptodev_vhost_user_init(
 cc->info_str = g_strdup_printf("cryptodev-vhost-user%lu to %s ",
i, chr->label);
 cc->queue_index = i;
+cc->type = CRYPTODEV_BACKEND_TYPE_VHOST_USER;
 
 backend->conf.peers.ccs[i] = cc;
 
diff --git a/backends/cryptodev-vhost.c b/backends/cryptodev-vhost.c
index 2c7df3f..830fb53 100644
--- a/backends/cryptodev-vhost.c
+++ b/backends/cryptodev-vhost.c
@@ -25,7 +25,11 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
+#include "qemu/error-report.h"
 #include "sysemu/cryptodev-vhost.h"
+#include "hw/virtio/virtio-crypto.h"
+#include "hw/virtio/virtio-bus.h"
+#include "sysemu/cryptodev-vhost-user.h"
 
 
 uint64_t
@@ -71,3 +75,223 @@ fail:
 g_free(crypto);
 return NULL;
 }
+
+static int
+cryptodev_vhost_start_one(CryptoDevBackendVhost *crypto,
+  VirtIODevice *dev)
+{
+int r;
+
+crypto->dev.nvqs = 1;
+crypto->dev.vqs = crypto->vqs;
+
+r = vhost_dev_enable_notifiers(&crypto->dev, dev);
+if (r < 0) {
+goto fail_notifiers;
+}
+
+r = vhost_dev_start(&crypto->dev, dev);
+if (r < 0) {
+goto fail_start;
+}
+
+return 0;
+
+fail_start:
+vhost_dev_disable_notifiers(&crypto->dev, dev);
+fail_notifiers:
+return r;
+}
+
+static void
+cryptodev_vhost_stop_one(CryptoDevBackendVhost *crypto,
+ VirtIODevice *dev)
+{
+vhost_dev_stop(&crypto->dev, dev);
+vhost_dev_disable_notifiers(&crypto->dev, dev);
+}
+
+CryptoDevBackendVhost *
+cryptodev_get_vhost(CryptoDevBackendClient *cc,
+CryptoDevBackend *b,
+uint16_t queue)
+{
+CryptoDevBackendVhost *vhost_crypto = NULL;
+
+if (!cc) {
+return NULL;
+}
+
+switch (cc->type) {
+case CRYPTODEV_BACKEND_TYPE_VHOST_USER:
+vhost_crypto = cryptodev_vhost_user_get_vhost(cc, b, queue);
+break;
+default:
+break;
+}
+
+return vhost_crypto;
+}
+
+static void
+cryptodev_vhost_set_vq_index(CryptoDevBackendVhost *crypto,
+ int vq_index)
+{
+crypto->dev.vq_index = vq_index;
+}
+
+static int
+vhost_set_vring_enable(CryptoDevBackendClient *cc,
+CryptoDevBackend *b,
+uint16_t queue, int enable)
+{
+CryptoDevBackendVhost *crypto =
+   cryptodev_get_vhost(cc, b, queue);
+const VhostOps *vhost_ops;
+
+

[Qemu-devel] [PULL v4 00/51] Misc patches for 2018-01-12

[Paolo Bonzini]

The following changes since commit 997eba28a3ed5400a80f754bf3a1c8044b75b9ff:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20180111' 
into staging (2018-01-11 14:34:41 +)

are available in the git repository at:


  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to b5976c2e46e86b36b01d8ac380a182e22209a7cd:

  scripts/analyse-locks-simpletrace.py: script to analyse lock times 
(2018-01-16 14:54:52 +0100)


* QemuMutex tracing improvements (Alex)
* ram_addr_t optimization (David)
* SCSI fixes (Fam, Stefan, me)
* do {} while (0) fixes (Eric)
* KVM fix for PMU (Jan)
* memory leak fixes from ASAN (Marc-André)
* migration fix for HPET, icount, loadvm (Maria, Pavel)
* hflags fixes (me, Tao)
* block/iscsi uninitialized variable (Peter L.)
* full support for GMainContexts in character devices (Peter Xu)
* more boot-serial-test (Thomas)
* Memory leak fix (Zhecheng)


Alex Bennée (4):
  scripts/qemu-gdb: add simple tcg lock status helper
  scripts/qemu-gdb/timers.py: new helper to dump timer state
  util/qemu-thread-*: add qemu_lock, locked and unlock trace events
  scripts/analyse-locks-simpletrace.py: script to analyse lock times

Dr. David Alan Gilbert (3):
  cpu_physical_memory_sync_dirty_bitmap: Another alignment fix
  find_ram_offset: Add comments and tracing
  find_ram_offset: Align ram_addr_t allocation on long boundaries

Eric Blake (7):
  net: Drop unusual use of do { } while (0);
  mips: Tweak location of ';' in macros
  chardev: Use goto/label instead of do/break/while(0)
  chardev: Clean up previous patch indentation
  tests: Avoid 'do/while(false); ' in vhost-user-bridge
  maint: Fix macros with broken 'do/while(0); ' usage
  checkpatch: Enforce proper do/while (0) style

Fam Zheng (1):
  scsi-generic: Add share-rw option

Haozhong Zhang (1):
  pc: fail memory hot-plug/unplug with -no-acpi and Q35 machine type

Jan Dakinevich (1):
  i386/cpu/kvm: look at PMU's CPUID before setting MSRs

Marc-André Lureau (16):
  build-sys: fix qemu-ga -pthread linking
  build-sys: silence make by default or V=0
  build-sys: add a rule to print a variable
  build-sys: compile with -Og or -O1 when --enable-debug
  tests/docker: add some sanitizers to fedora dockerfile
  tests/docker: add test-debug
  tests: fix check-qobject leak
  vl: fix direct firmware directories leak
  readline: add a free function
  tests: fix migration-test leak
  crypto: fix stack-buffer-overflow error
  qemu-config: fix leak in query-command-line-options
  tests: fix qmp-test leak
  tests: fix coroutine leak in /basic/entered
  mips: fix potential fopen(NULL,...)
  disas/s390: fix global-buffer-overflow

Paolo Bonzini (3):
  scsi: fix scsi_convert_sense crash when in_buf == NULL && in_len == 0
  target-i386: update hflags on Hypervisor.framework
  cpus: unify qemu_*_wait_io_event

Pavel Dovgalyuk (3):
  hpet: recover timer offset correctly
  icount: fixed saving/restoring of icount warp timers
  cpu: flush TB cache when loading VMState

Peter Lieven (1):
  block/iscsi: fix initialization of iTask in iscsi_co_get_block_status

Peter Xu (3):
  chardev: use backend chr context when watch for fe
  chardev: let g_idle_add() be with chardev gcontext
  chardev: introduce qemu_chr_timeout_add_ms()

Stefan Hajnoczi (1):
  scsi-disk: release AioContext in unaligned WRITE SAME case

Tao Wu (3):
  target/i386: move hflags update code to a function
  target/i386: hax: change to use x86_update_hflags
  target/i386: hax: Move x86_update_hflags.

Thomas Huth (3):
  tests/boot-serial-test: Add tests for microblaze boards
  tests/boot-serial-test: Add a test for the moxiesim machine
  tests/boot-serial-test: Add support for the raspi2 machine

linzhecheng (1):
  irq: fix memory leak

 Makefile   |   7 +-
 audio/paaudio.c|   4 +-
 block/iscsi.c  |   3 +-
 chardev/char-fe.c  |   2 +-
 chardev/char-pty.c |  64 
 chardev/char-serial.c  |  75 +-
 chardev/char-socket.c  |  28 ---
 chardev/char.c |  18 +
 configure  |  16 +++-
 cpus.c | 134 -
 crypto/ivgen-essiv.c   |   2 +-
 disas/s390.c   |  16 ++--
 docs/devel/build-system.txt|  13 
 exec.c |  40 --
 hw/adc/stm32f2xx_adc.c |   2 +-
 hw/block/m25p80.c  |   2 +-
 hw/char/cadence_uart.c |  

[Qemu-devel] [PATCH v3 4/4] cryptodev-vhost-user: set the key length

[Jay Zhou]

From: Gonglei 

Signed-off-by: Gonglei 
---
 backends/cryptodev-vhost-user.c   | 4 
 include/sysemu/cryptodev-vhost-user.h | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 061c0e5..c7a9848 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -226,6 +226,10 @@ static void cryptodev_vhost_user_init(
  1u << VIRTIO_CRYPTO_SERVICE_MAC;
 backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC;
 backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1;
+
+backend->conf.max_size = UINT64_MAX;
+backend->conf.max_cipher_key_len = VHOST_USER_MAX_AUTH_KEY_LEN;
+backend->conf.max_auth_key_len = VHOST_USER_MAX_AUTH_KEY_LEN;
 }
 
 static int64_t cryptodev_vhost_user_sym_create_session(
diff --git a/include/sysemu/cryptodev-vhost-user.h 
b/include/sysemu/cryptodev-vhost-user.h
index 937217b..6debf53 100644
--- a/include/sysemu/cryptodev-vhost-user.h
+++ b/include/sysemu/cryptodev-vhost-user.h
@@ -23,6 +23,9 @@
 #ifndef CRYPTODEV_VHOST_USER_H
 #define CRYPTODEV_VHOST_USER_H
 
+#define VHOST_USER_MAX_AUTH_KEY_LEN512
+#define VHOST_USER_MAX_CIPHER_KEY_LEN  64
+
 
 /**
  * cryptodev_vhost_user_get_vhost:
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH 1/3] linux-user: introduce functions to detect CPU type

[Laurent Vivier]

Le 15/01/2018 à 23:04, Richard Henderson a écrit :
> On 01/13/2018 06:48 AM, Laurent Vivier wrote:
>> From: YunQiang Su 
>>
>> Move CPU type name selection to a function,
>> and add a function to return ELF e_flags.
>>
>> [lv: splitted the patch and some cleanup in get_elf_eflags()]
>> Signed-off-by: Laurent Vivier 
>> ---
> 
> This needs to be split.
> 
>> +int get_elf_eflags(int fd, uint32_t *eflags)
>> +{
>> +struct elfhdr ehdr;
>> +off_t offset;
>> +int ret;
>> +
>> +/* Read ELF header */
>> +offset = lseek(fd, 0, SEEK_SET);
>> +if (offset == (off_t) -1) {
>> +return -1;
>> +}
>> +ret = read(fd, &ehdr, sizeof(ehdr));
>> +if (ret < sizeof(ehdr)) {
>> +return -1;
>> +}
> 
> There is no reason to read the elf header twice -- e_flags has already been
> stored in the struct image_info.

When we set cpu_model, image_info is not initialized.

Do you propose to move cpu_init() after loader_exec()?

>> +static const char *get_cpu_model(int fd)
>> +{
>> +#if defined(TARGET_I386)
>> +#ifdef TARGET_X86_64
>> +return "qemu64";
>> +#else
>> +return "qemu32";
>> +#endif
> 
> This should be our opportunity to split this ifdef chain into small inline
> functions within linux-user/*/target_cpu.h.  Pass the e_flags value directly
> instead of a file descriptor.
> 

Good idea.

Thanks,
Laurent

[Qemu-devel] [PULL 03/51] pc: fail memory hot-plug/unplug with -no-acpi and Q35 machine type

[Paolo Bonzini]

From: Haozhong Zhang 

When -no-acpi option is used with Q35 machine type, no guest ACPI is
built, but the ACPI device is still created, so only checking the
presence of ACPI device before memory plug/unplug is not enough in
such cases. Check whether ACPI is disabled globally in addition and
fail memory plug/unplug if it's disabled.

Signed-off-by: Haozhong Zhang 
Message-Id: <20171222015120.31730-1-haozhong.zh...@intel.com>
Reviewed-by: Igor Mammedov 
Signed-off-by: Paolo Bonzini 
---
 hw/i386/pc.c | 18 ++
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 3fcf318..55686bf 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1695,9 +1695,14 @@ static void pc_dimm_plug(HotplugHandler *hotplug_dev,
 align = memory_region_get_alignment(mr);
 }
 
-if (!pcms->acpi_dev) {
+/*
+ * When -no-acpi is used with Q35 machine type, no ACPI is built,
+ * but pcms->acpi_dev is still created. Check !acpi_enabled in
+ * addition to cover this case.
+ */
+if (!pcms->acpi_dev || !acpi_enabled) {
 error_setg(&local_err,
-   "memory hotplug is not enabled: missing acpi device");
+   "memory hotplug is not enabled: missing acpi device or acpi 
disabled");
 goto out;
 }
 
@@ -1729,9 +1734,14 @@ static void pc_dimm_unplug_request(HotplugHandler 
*hotplug_dev,
 Error *local_err = NULL;
 PCMachineState *pcms = PC_MACHINE(hotplug_dev);
 
-if (!pcms->acpi_dev) {
+/*
+ * When -no-acpi is used with Q35 machine type, no ACPI is built,
+ * but pcms->acpi_dev is still created. Check !acpi_enabled in
+ * addition to cover this case.
+ */
+if (!pcms->acpi_dev || !acpi_enabled) {
 error_setg(&local_err,
-   "memory hotplug is not enabled: missing acpi device");
+   "memory hotplug is not enabled: missing acpi device or acpi 
disabled");
 goto out;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 02/51] scsi: fix scsi_convert_sense crash when in_buf == NULL && in_len == 0

[Paolo Bonzini]

scsi_disk_emulate_command passes in_buf == NULL when sent a REQUEST
SENSE command.  Check for in_len == 0 before dereferencing in_buf.

Fixes: f68d98b21fa74155dc7c1fd212474379ac3c7531
Reported-by: Roman Kagan 
Tested-by: Roman Kagan 
Signed-off-by: Paolo Bonzini 
---
 scsi/utils.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/scsi/utils.c b/scsi/utils.c
index ddae650..8738522 100644
--- a/scsi/utils.c
+++ b/scsi/utils.c
@@ -322,18 +322,18 @@ int scsi_convert_sense(uint8_t *in_buf, int in_len,
 SCSISense sense;
 bool fixed_in;
 
+if (in_len == 0) {
+return scsi_build_sense_buf(buf, len, SENSE_CODE(NO_SENSE), fixed);
+}
+
 fixed_in = (in_buf[0] & 2) == 0;
-if (in_len && fixed == fixed_in) {
+if (fixed == fixed_in) {
 memcpy(buf, in_buf, MIN(len, in_len));
 return MIN(len, in_len);
-}
-
-if (in_len == 0) {
-sense = SENSE_CODE(NO_SENSE);
 } else {
 sense = scsi_parse_sense_buf(in_buf, in_len);
+return scsi_build_sense_buf(buf, len, sense, fixed);
 }
-return scsi_build_sense_buf(buf, len, sense, fixed);
 }
 
 int scsi_sense_to_errno(int key, int asc, int ascq)
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH 03/11] hw/i2c: convert I2CSlaveClass::init -> realize

[Philippe Mathieu-Daudé]

On 01/16/2018 10:15 AM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé 
> ---
>  include/hw/i2c/i2c.h|  2 +-
>  include/hw/i2c/smbus.h  |  2 +-
>  hw/audio/wm8750.c   |  8 +++-
>  hw/display/ssd0303.c|  5 ++---
>  hw/gpio/max7310.c   |  6 ++
>  hw/i2c/core.c   | 10 --
>  hw/i2c/smbus.c  | 10 --
>  hw/input/lm832x.c   |  5 ++---
>  hw/misc/tmp105.c|  6 ++
>  hw/misc/tmp421.c|  6 ++
>  hw/nvram/eeprom_at24c.c | 24 +++-
>  hw/timer/twl92230.c | 12 +---
>  12 files changed, 39 insertions(+), 57 deletions(-)
> 
> diff --git a/include/hw/i2c/i2c.h b/include/hw/i2c/i2c.h
> index 2ce611d4c8..4a9344b75c 100644
> --- a/include/hw/i2c/i2c.h
> +++ b/include/hw/i2c/i2c.h
> @@ -30,7 +30,7 @@ typedef struct I2CSlaveClass
>  DeviceClass parent_class;
>  
>  /* Callbacks provided by the device.  */
> -int (*init)(I2CSlave *dev);
> +void (*realize)(I2CSlave *slave, Error **errp);
>  
>  /* Master to slave. Returns non-zero for a NAK, 0 for success. */
>  int (*send)(I2CSlave *s, uint8_t data);
> diff --git a/include/hw/i2c/smbus.h b/include/hw/i2c/smbus.h
> index 544bbc1957..da31894383 100644
> --- a/include/hw/i2c/smbus.h
> +++ b/include/hw/i2c/smbus.h
> @@ -38,7 +38,7 @@
>  typedef struct SMBusDeviceClass
>  {
>  I2CSlaveClass parent_class;
> -int (*init)(SMBusDevice *dev);
> +void (*realize)(SMBusDevice *dev, Error **errp);
>  void (*quick_cmd)(SMBusDevice *dev, uint8_t read);
>  void (*send_byte)(SMBusDevice *dev, uint8_t val);
>  uint8_t (*receive_byte)(SMBusDevice *dev);
> diff --git a/hw/audio/wm8750.c b/hw/audio/wm8750.c
> index 8bb44a7cc1..c209334f4e 100644
> --- a/hw/audio/wm8750.c
> +++ b/hw/audio/wm8750.c
> @@ -618,14 +618,12 @@ static const VMStateDescription vmstate_wm8750 = {
>  }
>  };
>  
> -static int wm8750_init(I2CSlave *i2c)
> +static void wm8750_realize(I2CSlave *slave, Error **errp)
>  {
> -WM8750State *s = WM8750(i2c);
> +WM8750State *s = WM8750(slave);
>  
>  AUD_register_card(CODEC, &s->card);
>  wm8750_reset(I2C_SLAVE(s));
> -
> -return 0;
>  }
>  
>  #if 0
> @@ -709,7 +707,7 @@ static void wm8750_class_init(ObjectClass *klass, void 
> *data)
>  DeviceClass *dc = DEVICE_CLASS(klass);
>  I2CSlaveClass *sc = I2C_SLAVE_CLASS(klass);
>  
> -sc->init = wm8750_init;
> +sc->realize = wm8750_realize;
>  sc->event = wm8750_event;
>  sc->recv = wm8750_rx;
>  sc->send = wm8750_tx;
> diff --git a/hw/display/ssd0303.c b/hw/display/ssd0303.c
> index 68a80b9d64..c4cd059a52 100644
> --- a/hw/display/ssd0303.c
> +++ b/hw/display/ssd0303.c
> @@ -297,13 +297,12 @@ static const GraphicHwOps ssd0303_ops = {
>  .gfx_update  = ssd0303_update_display,
>  };
>  
> -static int ssd0303_init(I2CSlave *i2c)
> +static void ssd0303_realize(I2CSlave *i2c, Error **errp)
>  {
>  ssd0303_state *s = SSD0303(i2c);
>  
>  s->con = graphic_console_init(DEVICE(i2c), 0, &ssd0303_ops, s);
>  qemu_console_resize(s->con, 96 * MAGNIFY, 16 * MAGNIFY);
> -return 0;
>  }
>  
>  static void ssd0303_class_init(ObjectClass *klass, void *data)
> @@ -311,7 +310,7 @@ static void ssd0303_class_init(ObjectClass *klass, void 
> *data)
>  DeviceClass *dc = DEVICE_CLASS(klass);
>  I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
>  
> -k->init = ssd0303_init;
> +k->realize = ssd0303_realize;
>  k->event = ssd0303_event;
>  k->recv = ssd0303_recv;
>  k->send = ssd0303_send;
> diff --git a/hw/gpio/max7310.c b/hw/gpio/max7310.c
> index f82e3e6555..070da0e4dc 100644
> --- a/hw/gpio/max7310.c
> +++ b/hw/gpio/max7310.c
> @@ -182,14 +182,12 @@ static void max7310_gpio_set(void *opaque, int line, 
> int level)
>  
>  /* MAX7310 is SMBus-compatible (can be used with only SMBus protocols),
>   * but also accepts sequences that are not SMBus so return an I2C device.  */
> -static int max7310_init(I2CSlave *i2c)
> +static void max7310_realize(I2CSlave *i2c, Error **errp)
>  {
>  MAX7310State *s = MAX7310(i2c);
>  
>  qdev_init_gpio_in(&i2c->qdev, max7310_gpio_set, 8);
>  qdev_init_gpio_out(&i2c->qdev, s->handler, 8);
> -
> -return 0;
>  }
>  
>  static void max7310_class_init(ObjectClass *klass, void *data)
> @@ -197,7 +195,7 @@ static void max7310_class_init(ObjectClass *klass, void 
> *data)
>  DeviceClass *dc = DEVICE_CLASS(klass);
>  I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
>  
> -k->init = max7310_init;
> +k->realize = max7310_realize;
>  k->event = max7310_event;
>  k->recv = max7310_rx;
>  k->send = max7310_tx;
> diff --git a/hw/i2c/core.c b/hw/i2c/core.c
> index 59068f157e..f9f48a1666 100644
> --- a/hw/i2c/core.c
> +++ b/hw/i2c/core.c
> @@ -276,16 +276,14 @@ const VMStateDescription vmstate_i2c_slave = {
>  }
>  };
>  
> -static int i2c_slave_qdev_init(DeviceState *dev)
> +static void i2c_slave_realize(DeviceState *dev, Error **errp)

Re: [Qemu-devel] [PATCH 4/4] virtio-net: notify backend with number of queue pairs setup

[Maxime Coquelin]

On 01/16/2018 04:07 AM, Michael S. Tsirkin wrote:

On Fri, Jan 12, 2018 at 03:56:58PM +0100, Maxime Coquelin wrote:

Signed-off-by: Maxime Coquelin 
---
  hw/net/virtio-net.c | 5 +
  1 file changed, 5 insertions(+)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 38674b08aa..b8908c98ed 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -561,6 +561,7 @@ static int peer_detach(VirtIONet *n, int index)
  
  static void virtio_net_set_queues(VirtIONet *n)

  {
+NetClientState *nc = qemu_get_queue(n->nic);
  int i;
  int r;
  
@@ -568,6 +569,10 @@ static void virtio_net_set_queues(VirtIONet *n)

  return;
  }
  
+if (get_vhost_net(nc->peer)) {

+vhost_net_set_queue_num(nc->peer, n->curr_queues);
+}
+
  for (i = 0; i < n->max_queues; i++) {
  if (i < n->curr_queues) {
  r = peer_attach(n, i);


Seems wrong to me.
curr_queues isn't the max # of queues configured as the documentation says.
It's the number of queues currently in use by driver.


Ok. What about detecting the number of queues configured, by checking
for example that decs_phys, avail_phys and used_phys are different?

Thanks,
Maxime



--
2.14.3

[Qemu-devel] [PULL 04/51] hpet: recover timer offset correctly

[Paolo Bonzini]

From: Pavel Dovgalyuk 

HPET saves its state by calculating the current time and recovers timer
offset using this calculated value. But these calculations include
divisions and multiplications. Therefore the timer state cannot be recovered
precise enough.
This patch introduces saving of the original value of the offset to
preserve the determinism of the timer.

Signed-off-by: Pavel Dovgalyuk 
Signed-off-by: Maria Klimushenkova 
Reviewed-by: Juan Quintela 

--
v3: Added compat property for correct migration.
Signed-off-by: Paolo Bonzini 
---
 hw/timer/hpet.c | 30 --
 include/hw/compat.h |  6 +-
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
index 577371b..d97436b 100644
--- a/hw/timer/hpet.c
+++ b/hw/timer/hpet.c
@@ -70,6 +70,7 @@ typedef struct HPETState {
 
 MemoryRegion iomem;
 uint64_t hpet_offset;
+bool hpet_offset_saved;
 qemu_irq irqs[HPET_NUM_IRQ_ROUTES];
 uint32_t flags;
 uint8_t rtc_irq_level;
@@ -221,7 +222,9 @@ static int hpet_pre_save(void *opaque)
 HPETState *s = opaque;
 
 /* save current counter value */
-s->hpet_counter = hpet_get_ticks(s);
+if (hpet_enabled(s)) {
+s->hpet_counter = hpet_get_ticks(s);
+}
 
 return 0;
 }
@@ -252,7 +255,10 @@ static int hpet_post_load(void *opaque, int version_id)
 HPETState *s = opaque;
 
 /* Recalculate the offset between the main counter and guest time */
-s->hpet_offset = ticks_to_ns(s->hpet_counter) - 
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+if (!s->hpet_offset_saved) {
+s->hpet_offset = ticks_to_ns(s->hpet_counter)
+- qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
+}
 
 /* Push number of timers into capability returned via HPET_ID */
 s->capability &= ~HPET_ID_NUM_TIM_MASK;
@@ -267,6 +273,13 @@ static int hpet_post_load(void *opaque, int version_id)
 return 0;
 }
 
+static bool hpet_offset_needed(void *opaque)
+{
+HPETState *s = opaque;
+
+return hpet_enabled(s) && s->hpet_offset_saved;
+}
+
 static bool hpet_rtc_irq_level_needed(void *opaque)
 {
 HPETState *s = opaque;
@@ -285,6 +298,17 @@ static const VMStateDescription vmstate_hpet_rtc_irq_level 
= {
 }
 };
 
+static const VMStateDescription vmstate_hpet_offset = {
+.name = "hpet/offset",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = hpet_offset_needed,
+.fields = (VMStateField[]) {
+VMSTATE_UINT64(hpet_offset, HPETState),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_hpet_timer = {
 .name = "hpet_timer",
 .version_id = 1,
@@ -320,6 +344,7 @@ static const VMStateDescription vmstate_hpet = {
 },
 .subsections = (const VMStateDescription*[]) {
 &vmstate_hpet_rtc_irq_level,
+&vmstate_hpet_offset,
 NULL
 }
 };
@@ -762,6 +787,7 @@ static Property hpet_device_properties[] = {
 DEFINE_PROP_UINT8("timers", HPETState, num_timers, HPET_MIN_TIMERS),
 DEFINE_PROP_BIT("msi", HPETState, flags, HPET_MSI_SUPPORT, false),
 DEFINE_PROP_UINT32(HPET_INTCAP, HPETState, intcap, 0),
+DEFINE_PROP_BOOL("hpet-offset-saved", HPETState, hpet_offset_saved, true),
 DEFINE_PROP_END_OF_LIST(),
 };
 
diff --git a/include/hw/compat.h b/include/hw/compat.h
index 263de97..7f31850 100644
--- a/include/hw/compat.h
+++ b/include/hw/compat.h
@@ -2,7 +2,11 @@
 #define HW_COMPAT_H
 
 #define HW_COMPAT_2_11 \
-/* empty */
+{\
+.driver   = "hpet",\
+.property = "hpet-offset-saved",\
+.value= "false",\
+},
 
 #define HW_COMPAT_2_10 \
 {\
-- 
1.8.3.1

[Qemu-devel] [PULL 01/51] scsi-generic: Add share-rw option

[Paolo Bonzini]

From: Fam Zheng 

Add the property to the device model, then parse it by calling
blkconf_apply_backend_options().

In addition to blk_set_perm(), the called function also handles error
options and wce. For error options we've already checked that the
default values are used, for wce we don't have the option either so it
is always the default (true). In other words there is no change of
behavior in these regards.

Signed-off-by: Fam Zheng 
Message-Id: <20171205151553.7834-1-f...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/scsi/scsi-generic.c | 9 +
 1 file changed, 9 insertions(+)

diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c
index bd0d9ff..ba70c0d 100644
--- a/hw/scsi/scsi-generic.c
+++ b/hw/scsi/scsi-generic.c
@@ -482,6 +482,7 @@ static void scsi_generic_realize(SCSIDevice *s, Error 
**errp)
 int rc;
 int sg_version;
 struct sg_scsi_id scsiid;
+Error *local_err = NULL;
 
 if (!s->conf.blk) {
 error_setg(errp, "drive property not set");
@@ -515,6 +516,13 @@ static void scsi_generic_realize(SCSIDevice *s, Error 
**errp)
 error_setg(errp, "SG_GET_SCSI_ID ioctl failed");
 return;
 }
+blkconf_apply_backend_options(&s->conf,
+  blk_is_read_only(s->conf.blk),
+  true, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
 
 /* define device state */
 s->type = scsiid.scsi_type;
@@ -565,6 +573,7 @@ static SCSIRequest *scsi_new_request(SCSIDevice *d, 
uint32_t tag, uint32_t lun,
 
 static Property scsi_generic_properties[] = {
 DEFINE_PROP_DRIVE("drive", SCSIDevice, conf.blk),
+DEFINE_PROP_BOOL("share-rw", SCSIDevice, conf.share_rw, false),
 DEFINE_PROP_END_OF_LIST(),
 };
 
-- 
1.8.3.1

[Qemu-devel] [PULL 10/51] build-sys: silence make by default or V=0

[Paolo Bonzini]

From: Marc-André Lureau 

Move generic make flags in MAKEFLAGS (SUBDIR_MAKEFLAGS is more qemu specific).

Use --quiet to silence make 'is up to date' message.

Signed-off-by: Marc-André Lureau 
Tested-by: Eric Blake 
Reviewed-by: Paolo Bonzini 
Message-Id: <20180104160523.22995-3-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 Makefile  | 2 +-
 rules.mak | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index d86ecd2..1671db3 100644
--- a/Makefile
+++ b/Makefile
@@ -277,7 +277,7 @@ else
 DOCS=
 endif
 
-SUBDIR_MAKEFLAGS=$(if $(V),,--no-print-directory) BUILD_DIR=$(BUILD_DIR)
+SUBDIR_MAKEFLAGS=BUILD_DIR=$(BUILD_DIR)
 SUBDIR_DEVICES_MAK=$(patsubst %, %/config-devices.mak, $(TARGET_DIRS))
 SUBDIR_DEVICES_MAK_DEP=$(patsubst %, %-config-devices.mak.d, $(TARGET_DIRS))
 
diff --git a/rules.mak b/rules.mak
index 6e94333..5fb4951 100644
--- a/rules.mak
+++ b/rules.mak
@@ -131,6 +131,8 @@ modules:
 # If called with only a single argument, will print nothing in quiet mode.
 quiet-command = $(if $(V),$1,$(if $(2),@printf "  %-7s %s\n" $2 $3 && $1, @$1))
 
+MAKEFLAGS += $(if $(V),,--no-print-directory --quiet)
+
 # cc-option
 # Usage: CFLAGS+=$(call cc-option, -falign-functions=0, -malign-functions=0)
 
-- 
1.8.3.1

[Qemu-devel] [PULL 06/51] chardev: use backend chr context when watch for fe

[Paolo Bonzini]

From: Peter Xu 

In commit 6bbb6c0644 ("chardev: use per-dev context for
io_add_watch_poll", 2017-09-22) all the chardev watches are converted to
use per-chardev gcontext to support chardev to be run outside default
main thread.  However that's still missing one call from the frontend
code.  Touch that up.

Reviewed-by: Stefan Hajnoczi 
Reviewed-by: Marc-André Lureau 
Signed-off-by: Peter Xu 
Message-Id: <20180104141835.17987-2-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 chardev/char-fe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chardev/char-fe.c b/chardev/char-fe.c
index ee6d596..c611b3f 100644
--- a/chardev/char-fe.c
+++ b/chardev/char-fe.c
@@ -356,7 +356,7 @@ guint qemu_chr_fe_add_watch(CharBackend *be, GIOCondition 
cond,
 }
 
 g_source_set_callback(src, (GSourceFunc)func, user_data, NULL);
-tag = g_source_attach(src, NULL);
+tag = g_source_attach(src, s->gcontext);
 g_source_unref(src);
 
 return tag;
-- 
1.8.3.1

[Qemu-devel] [PULL 08/51] chardev: introduce qemu_chr_timeout_add_ms()

[Paolo Bonzini]

From: Peter Xu 

It's a replacement of g_timeout_add[_seconds]() for chardevs.  Chardevs
now can have dedicated gcontext, we should always bind chardev tasks
onto those gcontext rather than the default main context.  Since there
are quite a few of g_timeout_add[_seconds]() callers, a new function
qemu_chr_timeout_add_ms() is introduced.

One thing to mention is that, terminal3270 is still always running on
main gcontext.  However let's convert that as well since it's still part
of chardev codes and in case one day we'll miss that when we move it out
of main gcontext too.

Also, convert all the timers from GSource tags into GSource pointers.
Gsource tag IDs and g_source_remove()s can only work with default
gcontext, while now these GSources can logically be attached to other
contexts.  So let's use explicit g_source_destroy() plus another
g_source_unref() to remove a timer.

Note: when in the timer handler, we don't need the g_source_destroy()
any more since that'll be done automatically if the timer handler
returns false (and that's what all the current handlers do).

Yet another note: in pty_chr_rearm_timer() we take special care for
ms=1000.  This patch merged the two cases into one.

Signed-off-by: Peter Xu 
Message-Id: <20180104141835.17987-4-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 chardev/char-pty.c | 43 +++
 chardev/char-socket.c  | 28 ++--
 chardev/char.c | 18 ++
 hw/char/terminal3270.c | 28 
 include/chardev/char.h |  3 +++
 5 files changed, 74 insertions(+), 46 deletions(-)

diff --git a/chardev/char-pty.c b/chardev/char-pty.c
index 8248e36..89315e6 100644
--- a/chardev/char-pty.c
+++ b/chardev/char-pty.c
@@ -42,7 +42,7 @@ typedef struct {
 
 /* Protected by the Chardev chr_write_lock.  */
 int connected;
-guint timer_tag;
+GSource *timer_src;
 GSource *open_source;
 } PtyChardev;
 
@@ -57,7 +57,8 @@ static gboolean pty_chr_timer(gpointer opaque)
 PtyChardev *s = PTY_CHARDEV(opaque);
 
 qemu_mutex_lock(&chr->chr_write_lock);
-s->timer_tag = 0;
+s->timer_src = NULL;
+g_source_unref(s->open_source);
 s->open_source = NULL;
 if (!s->connected) {
 /* Next poll ... */
@@ -67,25 +68,25 @@ static gboolean pty_chr_timer(gpointer opaque)
 return FALSE;
 }
 
+static void pty_chr_timer_cancel(PtyChardev *s)
+{
+if (s->timer_src) {
+g_source_destroy(s->timer_src);
+g_source_unref(s->timer_src);
+s->timer_src = NULL;
+}
+}
+
 /* Called with chr_write_lock held.  */
 static void pty_chr_rearm_timer(Chardev *chr, int ms)
 {
 PtyChardev *s = PTY_CHARDEV(chr);
 char *name;
 
-if (s->timer_tag) {
-g_source_remove(s->timer_tag);
-s->timer_tag = 0;
-}
-
-if (ms == 1000) {
-name = g_strdup_printf("pty-timer-secs-%s", chr->label);
-s->timer_tag = g_timeout_add_seconds(1, pty_chr_timer, chr);
-} else {
-name = g_strdup_printf("pty-timer-ms-%s", chr->label);
-s->timer_tag = g_timeout_add(ms, pty_chr_timer, chr);
-}
-g_source_set_name_by_id(s->timer_tag, name);
+pty_chr_timer_cancel(s);
+name = g_strdup_printf("pty-timer-%s", chr->label);
+s->timer_src = qemu_chr_timeout_add_ms(chr, ms, pty_chr_timer, chr);
+g_source_set_name(s->timer_src, name);
 g_free(name);
 }
 
@@ -206,10 +207,7 @@ static void pty_chr_state(Chardev *chr, int connected)
  * the virtual device linked to our pty. */
 pty_chr_rearm_timer(chr, 1000);
 } else {
-if (s->timer_tag) {
-g_source_remove(s->timer_tag);
-s->timer_tag = 0;
-}
+pty_chr_timer_cancel(s);
 if (!s->connected) {
 g_assert(s->open_source == NULL);
 s->open_source = g_idle_source_new();
@@ -236,10 +234,7 @@ static void char_pty_finalize(Object *obj)
 qemu_mutex_lock(&chr->chr_write_lock);
 pty_chr_state(chr, 0);
 object_unref(OBJECT(s->ioc));
-if (s->timer_tag) {
-g_source_remove(s->timer_tag);
-s->timer_tag = 0;
-}
+pty_chr_timer_cancel(s);
 qemu_mutex_unlock(&chr->chr_write_lock);
 qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
 }
@@ -272,7 +267,7 @@ static void char_pty_open(Chardev *chr,
 name = g_strdup_printf("chardev-pty-%s", chr->label);
 qio_channel_set_name(QIO_CHANNEL(s->ioc), name);
 g_free(name);
-s->timer_tag = 0;
+s->timer_src = NULL;
 *be_opened = false;
 }
 
diff --git a/chardev/char-socket.c b/chardev/char-socket.c
index 630a7f2..77cdf48 100644
--- a/chardev/char-socket.c
+++ b/chardev/char-socket.c
@@ -57,7 +57,7 @@ typedef struct {
 bool is_telnet;
 bool is_tn3270;
 
-guint reconnect_timer;
+GSource *reconnect_timer;
 int64_t reconnect_time;
 bool connect_err_reported;
 } SocketChardev;
@@ -67,16 +67,27 @@ typedef struct {
 
 static gboolean socket_reconnect_tim

[Qemu-devel] [PULL 07/51] chardev: let g_idle_add() be with chardev gcontext

[Paolo Bonzini]

From: Peter Xu 

The idle task will be attached to main gcontext even if the chardev
backend is running in another gcontext.  Fix the only caller by
extending the g_idle_add() logic into the more powerful
g_source_attach().  It's basically g_idle_add_full() implementation, but
with the chardev's gcontext passed in.

Signed-off-by: Peter Xu 
Message-Id: <20180104141835.17987-3-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 chardev/char-pty.c | 21 +
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/chardev/char-pty.c b/chardev/char-pty.c
index 761ae6d..8248e36 100644
--- a/chardev/char-pty.c
+++ b/chardev/char-pty.c
@@ -43,7 +43,7 @@ typedef struct {
 /* Protected by the Chardev chr_write_lock.  */
 int connected;
 guint timer_tag;
-guint open_tag;
+GSource *open_source;
 } PtyChardev;
 
 #define PTY_CHARDEV(obj) OBJECT_CHECK(PtyChardev, (obj), TYPE_CHARDEV_PTY)
@@ -58,7 +58,7 @@ static gboolean pty_chr_timer(gpointer opaque)
 
 qemu_mutex_lock(&chr->chr_write_lock);
 s->timer_tag = 0;
-s->open_tag = 0;
+s->open_source = NULL;
 if (!s->connected) {
 /* Next poll ... */
 pty_chr_update_read_handler_locked(chr);
@@ -183,7 +183,7 @@ static gboolean qemu_chr_be_generic_open_func(gpointer 
opaque)
 Chardev *chr = CHARDEV(opaque);
 PtyChardev *s = PTY_CHARDEV(opaque);
 
-s->open_tag = 0;
+s->open_source = NULL;
 qemu_chr_be_event(chr, CHR_EVENT_OPENED);
 return FALSE;
 }
@@ -194,9 +194,10 @@ static void pty_chr_state(Chardev *chr, int connected)
 PtyChardev *s = PTY_CHARDEV(chr);
 
 if (!connected) {
-if (s->open_tag) {
-g_source_remove(s->open_tag);
-s->open_tag = 0;
+if (s->open_source) {
+g_source_destroy(s->open_source);
+g_source_unref(s->open_source);
+s->open_source = NULL;
 }
 remove_fd_in_watch(chr);
 s->connected = 0;
@@ -210,9 +211,13 @@ static void pty_chr_state(Chardev *chr, int connected)
 s->timer_tag = 0;
 }
 if (!s->connected) {
-g_assert(s->open_tag == 0);
+g_assert(s->open_source == NULL);
+s->open_source = g_idle_source_new();
 s->connected = 1;
-s->open_tag = g_idle_add(qemu_chr_be_generic_open_func, chr);
+g_source_set_callback(s->open_source,
+  qemu_chr_be_generic_open_func,
+  chr, NULL);
+g_source_attach(s->open_source, chr->gcontext);
 }
 if (!chr->gsource) {
 chr->gsource = io_add_watch_poll(chr, s->ioc,
-- 
1.8.3.1

[Qemu-devel] [PULL 05/51] i386/cpu/kvm: look at PMU's CPUID before setting MSRs

[Paolo Bonzini]

From: Jan Dakinevich 

Certain PMU-related MSRs are not supported for CPUs with PMU
architecture below version 2. KVM rejects any access to them (see
intel_is_valid_msr_idx routine in KVM), and QEMU fails on the following
assertion:

  kvm_put_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.

QEMU also could fail if KVM exposes less fixed counters then 3. It could
happen if host system run inside another hypervisor, which is tweaking
PMU-related CPUID. To prevent possible fail, number of fixed counters now is
obtained in the same way as number of GP counters.

Reviewed-by: Roman Kagan 
Signed-off-by: Jan Dakinevich 
Message-Id: <1514383466-7257-1-git-send-email-jan.dakinev...@virtuozzo.com>
Signed-off-by: Paolo Bonzini 
---
 target/i386/kvm.c | 80 +--
 1 file changed, 48 insertions(+), 32 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 6f69e2f..d23127c 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -92,8 +92,9 @@ static bool has_msr_hv_stimer;
 static bool has_msr_hv_frequencies;
 static bool has_msr_xss;
 
-static bool has_msr_architectural_pmu;
-static uint32_t num_architectural_pmu_counters;
+static uint32_t has_architectural_pmu_version;
+static uint32_t num_architectural_pmu_gp_counters;
+static uint32_t num_architectural_pmu_fixed_counters;
 
 static int has_xsave;
 static int has_xcrs;
@@ -872,19 +873,28 @@ int kvm_arch_init_vcpu(CPUState *cs)
 }
 
 if (limit >= 0x0a) {
-uint32_t ver;
+uint32_t eax, edx;
 
-cpu_x86_cpuid(env, 0x0a, 0, &ver, &unused, &unused, &unused);
-if ((ver & 0xff) > 0) {
-has_msr_architectural_pmu = true;
-num_architectural_pmu_counters = (ver & 0xff00) >> 8;
+cpu_x86_cpuid(env, 0x0a, 0, &eax, &unused, &unused, &edx);
+
+has_architectural_pmu_version = eax & 0xff;
+if (has_architectural_pmu_version > 0) {
+num_architectural_pmu_gp_counters = (eax & 0xff00) >> 8;
 
 /* Shouldn't be more than 32, since that's the number of bits
  * available in EBX to tell us _which_ counters are available.
  * Play it safe.
  */
-if (num_architectural_pmu_counters > MAX_GP_COUNTERS) {
-num_architectural_pmu_counters = MAX_GP_COUNTERS;
+if (num_architectural_pmu_gp_counters > MAX_GP_COUNTERS) {
+num_architectural_pmu_gp_counters = MAX_GP_COUNTERS;
+}
+
+if (has_architectural_pmu_version > 1) {
+num_architectural_pmu_fixed_counters = edx & 0x1f;
+
+if (num_architectural_pmu_fixed_counters > MAX_FIXED_COUNTERS) 
{
+num_architectural_pmu_fixed_counters = MAX_FIXED_COUNTERS;
+}
 }
 }
 }
@@ -1650,32 +1660,36 @@ static int kvm_put_msrs(X86CPU *cpu, int level)
 if (env->features[FEAT_KVM] & (1 << KVM_FEATURE_STEAL_TIME)) {
 kvm_msr_entry_add(cpu, MSR_KVM_STEAL_TIME, env->steal_time_msr);
 }
-if (has_msr_architectural_pmu) {
-/* Stop the counter.  */
-kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
-kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL, 0);
+if (has_architectural_pmu_version > 0) {
+if (has_architectural_pmu_version > 1) {
+/* Stop the counter.  */
+kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL, 0);
+kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL, 0);
+}
 
 /* Set the counter values.  */
-for (i = 0; i < MAX_FIXED_COUNTERS; i++) {
+for (i = 0; i < num_architectural_pmu_fixed_counters; i++) {
 kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR0 + i,
   env->msr_fixed_counters[i]);
 }
-for (i = 0; i < num_architectural_pmu_counters; i++) {
+for (i = 0; i < num_architectural_pmu_gp_counters; i++) {
 kvm_msr_entry_add(cpu, MSR_P6_PERFCTR0 + i,
   env->msr_gp_counters[i]);
 kvm_msr_entry_add(cpu, MSR_P6_EVNTSEL0 + i,
   env->msr_gp_evtsel[i]);
 }
-kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_STATUS,
-  env->msr_global_status);
-kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_OVF_CTRL,
-  env->msr_global_ovf_ctrl);
-
-/* Now start the PMU.  */
-kvm_msr_entry_add(cpu, MSR_CORE_PERF_FIXED_CTR_CTRL,
-  env->msr_fixed_ctr_ctrl);
-kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_CTRL,
-  env->msr_global_ctrl);
+if (has_architectural_pmu_version > 1) {
+kvm_msr_entry_add(cpu, MSR_CORE_PERF_GLOBAL_STATUS,
+ 

[Qemu-devel] [PULL 12/51] build-sys: compile with -Og or -O1 when --enable-debug

[Paolo Bonzini]

From: Marc-André Lureau 

When --enable-debug is turned on, configure doesn't set -O level, and
uses default compiler -O0 level, which is slow.

Instead, use -Og if supported by the compiler (optimize debugging
experience), or -O1 (keeps code somewhat debuggable and works around
compiler bugs).

Unfortunately, gcc has many false-positive maybe-uninitialized
errors with Og and O1 (f27 gcc 7.2.1 20170915):

/home/elmarco/src/qemu/hw/ipmi/isa_ipmi_kcs.c: In function 
‘ipmi_kcs_ioport_read’:
/home/elmarco/src/qemu/hw/ipmi/isa_ipmi_kcs.c:279:12: error: ‘ret’ may be used 
uninitialized in this function [-Werror=maybe-uninitialized]
 return ret;
^~~
cc1: all warnings being treated as errors
make: *** [/home/elmarco/src/qemu/rules.mak:66: hw/ipmi/isa_ipmi_kcs.o] Error 1
make: *** Waiting for unfinished jobs
/home/elmarco/src/qemu/hw/ide/ahci.c: In function ‘ahci_populate_sglist’:
/home/elmarco/src/qemu/hw/ide/ahci.c:903:58: error: ‘tbl_entry_size’ may be 
used uninitialized in this function [-Werror=maybe-uninitialized]
 if ((off_idx == -1) || (off_pos < 0) || (off_pos > tbl_entry_size)) {
 ~^
cc1: all warnings being treated as errors
make: *** [/home/elmarco/src/qemu/rules.mak:66: hw/ide/ahci.o] Error 1
/home/elmarco/src/qemu/hw/display/qxl.c: In function ‘qxl_add_memslot’:
/home/elmarco/src/qemu/hw/display/qxl.c:1397:52: error: ‘pci_start’ may be used 
uninitialized in this function [-Werror=maybe-uninitialized]
 memslot.virt_end   = virt_start + (guest_end   - pci_start);
   ~^~~~
/home/elmarco/src/qemu/hw/display/qxl.c:1389:9: error: ‘pci_region’ may be used 
uninitialized in this function [-Werror=maybe-uninitialized]
 qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region);
 ^
cc1: all warnings being treated as errors

There seems to be a long list of related bugs in upstream GCC, some of
them are being fixed very recently:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24639

For now, let's workaround it by using Wno-maybe-uninitialized (gcc-only).

Suggested-by: Paolo Bonzini 
Signed-off-by: Marc-André Lureau 
Message-Id: <20180104160523.22995-5-marcandre.lur...@redhat.com>
Tested-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
---
 configure | 15 +--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index ac392d2..6f1b7cd 100755
--- a/configure
+++ b/configure
@@ -5194,8 +5194,19 @@ if test "$gcov" = "yes" ; then
   LDFLAGS="-fprofile-arcs -ftest-coverage $LDFLAGS"
 elif test "$fortify_source" = "yes" ; then
   CFLAGS="-O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS"
-elif test "$debug" = "no"; then
-  CFLAGS="-O2 $CFLAGS"
+elif test "$debug" = "yes"; then
+  if compile_prog "-Og" ""; then
+  CFLAGS="-Og $CFLAGS"
+  elif compile_prog "-O1" ""; then
+  CFLAGS="-O1 $CFLAGS"
+  fi
+  # Workaround GCC false-positive Wuninitialized bugs with Og or O1:
+  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=24639
+  if cc_has_warning_flag "-Wno-maybe-uninitialized"; then
+  CFLAGS="-Wno-maybe-uninitialized $CFLAGS"
+  fi
+else
+CFLAGS="-O2 $CFLAGS"
 fi
 
 ##
-- 
1.8.3.1

[Qemu-devel] [PULL 11/51] build-sys: add a rule to print a variable

[Paolo Bonzini]

From: Marc-André Lureau 

$ make print-CFLAGS
CFLAGS=-fsanitize=address -Og -g

Trick from various sources:
https://stackoverflow.com/questions/16467718/how-to-print-out-a-variable-in-makefile
https://www.cmcrossroads.com/article/printing-value-makefile-variable

Signed-off-by: Marc-André Lureau 
Reviewed-by: Eric Blake 
Message-Id: <20180104160523.22995-4-marcandre.lur...@redhat.com>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
---
 Makefile|  5 -
 docs/devel/build-system.txt | 13 +
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 1671db3..f26ef1b 100644
--- a/Makefile
+++ b/Makefile
@@ -8,9 +8,12 @@ SRC_PATH=.
 
 UNCHECKED_GOALS := %clean TAGS cscope ctags dist \
 html info pdf txt \
-help check-help \
+help check-help print-% \
 docker docker-% vm-test vm-build-%
 
+print-%:
+   @echo '$*=$($*)'
+
 # All following code might depend on configuration variables
 ifneq ($(wildcard config-host.mak),)
 # Put the all: rule here so that config-host.mak can contain dependencies.
diff --git a/docs/devel/build-system.txt b/docs/devel/build-system.txt
index 386ef36..52501f2 100644
--- a/docs/devel/build-system.txt
+++ b/docs/devel/build-system.txt
@@ -510,3 +510,16 @@ default-configs/$TARGET-NAME file as input.
 This is the entrypoint used when make recurses to build a single system
 or userspace emulator target. It is merely a symlink back to the
 Makefile.target in the top level.
+
+
+Useful make targets
+===
+
+- help
+
+  Print a help message for the most common build targets.
+
+- print-VAR
+
+  Print the value of the variable VAR. Useful for debugging the build
+  system.
-- 
1.8.3.1

[Qemu-devel] [PULL 14/51] tests/docker: add test-debug

[Paolo Bonzini]

From: Marc-André Lureau 

Add a new test with --enable-debug using clang/asan/ubsan, remove
--enable-debug from test-clang & test-mingw.

Signed-off-by: Marc-André Lureau 
Message-Id: <20180104160523.22995-7-marcandre.lur...@redhat.com>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
---
 tests/docker/test-clang |  2 +-
 tests/docker/test-debug | 26 ++
 tests/docker/test-mingw |  2 --
 3 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100755 tests/docker/test-debug

diff --git a/tests/docker/test-clang b/tests/docker/test-clang
index 1eb61a3..e90a793 100755
--- a/tests/docker/test-clang
+++ b/tests/docker/test-clang
@@ -17,7 +17,7 @@ requires clang
 
 cd "$BUILD_DIR"
 
-OPTS="--enable-debug --cxx=clang++ --cc=clang --host-cc=clang"
+OPTS="--cxx=clang++ --cc=clang --host-cc=clang"
 # -fsanitize=undefined is broken on Fedora 23, skip it for now
 # See also: https://bugzilla.redhat.com/show_bug.cgi?id=1263834
 #OPTS="$OPTS --extra-cflags=-fsanitize=undefined \
diff --git a/tests/docker/test-debug b/tests/docker/test-debug
new file mode 100755
index 000..d020b06
--- /dev/null
+++ b/tests/docker/test-debug
@@ -0,0 +1,26 @@
+#!/bin/bash -e
+#
+# Compile and check with clang & --enable-debug.
+#
+# Copyright (c) 2016-2018 Red Hat Inc.
+#
+# Authors:
+#  Fam Zheng 
+#  Marc-André Lureau 
+#
+# This work is licensed under the terms of the GNU GPL, version 2
+# or (at your option) any later version. See the COPYING file in
+# the top-level directory.
+
+. common.rc
+
+requires clang asan
+
+cd "$BUILD_DIR"
+
+OPTS="--cxx=clang++ --cc=clang --host-cc=clang"
+OPTS="--enable-debug $OPTS"
+
+build_qemu $OPTS
+make $MAKEFLAGS check
+install_qemu
diff --git a/tests/docker/test-mingw b/tests/docker/test-mingw
index 39a1da4..503a6bc 100755
--- a/tests/docker/test-mingw
+++ b/tests/docker/test-mingw
@@ -22,7 +22,6 @@ for prefix in x86_64-w64-mingw32- i686-w64-mingw32-; do
 TARGET_LIST=${TARGET_LIST:-$DEF_TARGET_LIST} \
 build_qemu --cross-prefix=$prefix \
 --enable-trace-backends=simple \
---enable-debug \
 --enable-gnutls \
 --enable-nettle \
 --enable-curl \
@@ -35,4 +34,3 @@ for prefix in x86_64-w64-mingw32- i686-w64-mingw32-; do
 make clean
 
 done
-
-- 
1.8.3.1

[Qemu-devel] [PULL 15/51] tests: fix check-qobject leak

[Paolo Bonzini]

From: Marc-André Lureau 

/public/qobject_is_equal_conversion: OK

=
==14396==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7f07682c5850 in malloc (/lib64/libasan.so.4+0xde850)
#1 0x7f0767d12f0c in g_malloc ../glib/gmem.c:94
#2 0x7f0767d131cf in g_malloc_n ../glib/gmem.c:331
#3 0x562bd767371f in do_test_equality 
/home/elmarco/src/qq/tests/check-qobject.c:49
#4 0x562bd7674a35 in qobject_is_equal_dict_test 
/home/elmarco/src/qq/tests/check-qobject.c:267
#5 0x7f0767d37b04 in test_case_run ../glib/gtestutils.c:2237
#6 0x7f0767d37ec4 in g_test_run_suite_internal ../glib/gtestutils.c:2321
#7 0x7f0767d37f6d in g_test_run_suite_internal ../glib/gtestutils.c:2333
#8 0x7f0767d38184 in g_test_run_suite ../glib/gtestutils.c:2408
#9 0x7f0767d36e0d in g_test_run ../glib/gtestutils.c:1674
#10 0x562bd7674e75 in main /home/elmarco/src/qq/tests/check-qobject.c:327
#11 0x7f0766009039 in __libc_start_main (/lib64/libc.so.6+0x21039)

Signed-off-by: Marc-André Lureau 
Reviewed-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20180104160523.22995-9-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 tests/check-qobject.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/check-qobject.c b/tests/check-qobject.c
index 03e9175..710f9e6 100644
--- a/tests/check-qobject.c
+++ b/tests/check-qobject.c
@@ -59,6 +59,8 @@ static void do_test_equality(bool expected, int _, ...)
 g_assert(qobject_is_equal(args[i], args[j]) == expected);
 }
 }
+
+g_free(args);
 }
 
 #define check_equal(...) \
-- 
1.8.3.1

[Qemu-devel] [PULL 09/51] build-sys: fix qemu-ga -pthread linking

[Paolo Bonzini]

From: Marc-André Lureau 

When linking qemu-ga under some configuration (when gthread-2.0.pc
doesn't have -pthread, as happening atm with meson build), you may
have this linking issue:

/usr/bin/ld: libqemuutil.a(qemu-thread-posix.o): undefined reference to symbol 
'pthread_setname_np@@GLIBC_2.12'
/usr/lib64/libpthread.so.0: error adding symbols: DSO missing from command line

Make sure qemu-ga links with the pthread library, by adding correct
flags to libs_qga.

This is really a QEMU bug, because it's QEMU code that's using pthread
functions, and so we must explicitly link against pthreads. The bug
was just masked by the fact that often some pkg-config or another for
one of our dependencies will add -pthread to the link line anyway.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Peter Maydell 
Message-Id: <20180104160523.22995-2-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 configure | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure b/configure
index 89bd662..ac392d2 100755
--- a/configure
+++ b/configure
@@ -3464,6 +3464,7 @@ else
   done
   if test "$found" = "no"; then
 LIBS="$pthread_lib $LIBS"
+libs_qga="$pthread_lib $libs_qga"
   fi
   PTHREAD_LIB="$pthread_lib"
   break
-- 
1.8.3.1

[Qemu-devel] [PULL 17/51] readline: add a free function

[Paolo Bonzini]

From: Marc-André Lureau 

Fixes leaks such as:

Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x7eff58beb850 in malloc (/lib64/libasan.so.4+0xde850)
#1 0x7eff57942f0c in g_malloc ../glib/gmem.c:94
#2 0x7eff579431cf in g_malloc_n ../glib/gmem.c:331
#3 0x7eff5795f6eb in g_strdup ../glib/gstrfuncs.c:363
#4 0x55db720f1d46 in readline_hist_add 
/home/elmarco/src/qq/util/readline.c:258
#5 0x55db720f2d34 in readline_handle_byte 
/home/elmarco/src/qq/util/readline.c:387
#6 0x55db71539d00 in monitor_read /home/elmarco/src/qq/monitor.c:3896
#7 0x55db71f9be35 in qemu_chr_be_write_impl 
/home/elmarco/src/qq/chardev/char.c:167
#8 0x55db71f9bed3 in qemu_chr_be_write 
/home/elmarco/src/qq/chardev/char.c:179
#9 0x55db71fa013c in fd_chr_read /home/elmarco/src/qq/chardev/char-fd.c:66
#10 0x55db71fe18a8 in qio_channel_fd_source_dispatch 
/home/elmarco/src/qq/io/channel-watch.c:84
#11 0x7eff5793a90b in g_main_dispatch ../glib/gmain.c:3182
#12 0x7eff5793b7ac in g_main_context_dispatch ../glib/gmain.c:3847
#13 0x55db720af3bd in glib_pollfds_poll 
/home/elmarco/src/qq/util/main-loop.c:214
#14 0x55db720af505 in os_host_main_loop_wait 
/home/elmarco/src/qq/util/main-loop.c:261
#15 0x55db720af6d6 in main_loop_wait 
/home/elmarco/src/qq/util/main-loop.c:515
#16 0x55db7184e0de in main_loop /home/elmarco/src/qq/vl.c:1995
#17 0x55db7185e956 in main /home/elmarco/src/qq/vl.c:4914
#18 0x7eff4ea17039 in __libc_start_main (/lib64/libc.so.6+0x21039)

(while at it, use g_new0(ReadLineState), it's a bit easier to read)

Signed-off-by: Marc-André Lureau 
Reviewed-by: Dr. David Alan Gilbert 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20180104160523.22995-11-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 include/qemu/readline.h |  1 +
 monitor.c   |  2 +-
 util/readline.c | 18 +-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/include/qemu/readline.h b/include/qemu/readline.h
index c08cf74..e812583 100644
--- a/include/qemu/readline.h
+++ b/include/qemu/readline.h
@@ -59,5 +59,6 @@ ReadLineState *readline_init(ReadLinePrintfFunc *printf_func,
  ReadLineFlushFunc *flush_func,
  void *opaque,
  ReadLineCompletionFunc *completion_finder);
+void readline_free(ReadLineState *rs);
 
 #endif /* READLINE_H */
diff --git a/monitor.c b/monitor.c
index d682eee..b9da5e2 100644
--- a/monitor.c
+++ b/monitor.c
@@ -583,7 +583,7 @@ static void monitor_data_destroy(Monitor *mon)
 if (monitor_is_qmp(mon)) {
 json_message_parser_destroy(&mon->qmp.parser);
 }
-g_free(mon->rs);
+readline_free(mon->rs);
 QDECREF(mon->outbuf);
 qemu_mutex_destroy(&mon->out_lock);
 }
diff --git a/util/readline.c b/util/readline.c
index bbdee79..24ec839 100644
--- a/util/readline.c
+++ b/util/readline.c
@@ -500,12 +500,28 @@ const char *readline_get_history(ReadLineState *rs, 
unsigned int index)
 return rs->history[index];
 }
 
+void readline_free(ReadLineState *rs)
+{
+int i;
+
+if (!rs) {
+return;
+}
+for (i = 0; i < READLINE_MAX_CMDS; i++) {
+g_free(rs->history[i]);
+}
+for (i = 0; i < READLINE_MAX_COMPLETIONS; i++) {
+g_free(rs->completions[i]);
+}
+g_free(rs);
+}
+
 ReadLineState *readline_init(ReadLinePrintfFunc *printf_func,
  ReadLineFlushFunc *flush_func,
  void *opaque,
  ReadLineCompletionFunc *completion_finder)
 {
-ReadLineState *rs = g_malloc0(sizeof(*rs));
+ReadLineState *rs = g_new0(ReadLineState, 1);
 
 rs->hist_entry = -1;
 rs->opaque = opaque;
-- 
1.8.3.1

[Qemu-devel] [PULL 20/51] qemu-config: fix leak in query-command-line-options

[Paolo Bonzini]

From: Marc-André Lureau 

Direct leak of 160 byte(s) in 4 object(s) allocated from:
#0 0x55ed7678cda8 in calloc 
(/home/elmarco/src/qq/build/x86_64-softmmu/qemu-system-x86_64+0x797da8)
#1 0x7f3f5e725f75 in g_malloc0 
/home/elmarco/src/gnome/glib/builddir/../glib/gmem.c:124
#2 0x55ed778aa3a7 in query_option_descs 
/home/elmarco/src/qq/util/qemu-config.c:60:16
#3 0x55ed778aa307 in get_drive_infolist 
/home/elmarco/src/qq/util/qemu-config.c:140:19
#4 0x55ed778a9f40 in qmp_query_command_line_options 
/home/elmarco/src/qq/util/qemu-config.c:254:36
#5 0x55ed76d4868c in qmp_marshal_query_command_line_options 
/home/elmarco/src/qq/build/qmp-marshal.c:3078:14
#6 0x55ed77855dd5 in do_qmp_dispatch 
/home/elmarco/src/qq/qapi/qmp-dispatch.c:104:5
#7 0x55ed778558cc in qmp_dispatch 
/home/elmarco/src/qq/qapi/qmp-dispatch.c:131:11
#8 0x55ed768b592f in handle_qmp_command 
/home/elmarco/src/qq/monitor.c:3840:11
#9 0x55ed7786ccfe in json_message_process_token 
/home/elmarco/src/qq/qobject/json-streamer.c:105:5
#10 0x55ed778fe37c in json_lexer_feed_char 
/home/elmarco/src/qq/qobject/json-lexer.c:323:13
#11 0x55ed778fdde6 in json_lexer_feed 
/home/elmarco/src/qq/qobject/json-lexer.c:373:15
#12 0x55ed7786cd83 in json_message_parser_feed 
/home/elmarco/src/qq/qobject/json-streamer.c:124:12
#13 0x55ed768b559e in monitor_qmp_read /home/elmarco/src/qq/monitor.c:3882:5
#14 0x55ed77714f29 in qemu_chr_be_write_impl 
/home/elmarco/src/qq/chardev/char.c:167:9
#15 0x55ed77714fde in qemu_chr_be_write 
/home/elmarco/src/qq/chardev/char.c:179:9
#16 0x55ed7772ffad in tcp_chr_read 
/home/elmarco/src/qq/chardev/char-socket.c:440:13
#17 0x55ed113b in qio_channel_fd_source_dispatch 
/home/elmarco/src/qq/io/channel-watch.c:84:12
#18 0x7f3f5e71d90b in g_main_dispatch 
/home/elmarco/src/gnome/glib/builddir/../glib/gmain.c:3182
#19 0x7f3f5e71e7ac in g_main_context_dispatch 
/home/elmarco/src/gnome/glib/builddir/../glib/gmain.c:3847
#20 0x55ed77886ffc in glib_pollfds_poll 
/home/elmarco/src/qq/util/main-loop.c:214:9
#21 0x55ed778865fd in os_host_main_loop_wait 
/home/elmarco/src/qq/util/main-loop.c:261:5
#22 0x55ed77886222 in main_loop_wait 
/home/elmarco/src/qq/util/main-loop.c:515:11
#23 0x55ed76d2a4df in main_loop /home/elmarco/src/qq/vl.c:1995:9
#24 0x55ed76d1cb4a in main /home/elmarco/src/qq/vl.c:4914:5
#25 0x7f3f555f6039 in __libc_start_main (/lib64/libc.so.6+0x21039)

Signed-off-by: Marc-André Lureau 
Reviewed-by: Eric Blake 
Message-Id: <20180104160523.22995-14-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 util/qemu-config.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/util/qemu-config.c b/util/qemu-config.c
index 99b0e46..029fec5 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -105,7 +105,8 @@ static void cleanup_infolist(CommandLineParameterInfoList 
*head)
 if (!strcmp(pre_entry->value->name, cur->next->value->name)) {
 del_entry = cur->next;
 cur->next = cur->next->next;
-g_free(del_entry);
+del_entry->next = NULL;
+qapi_free_CommandLineParameterInfoList(del_entry);
 break;
 }
 pre_entry = pre_entry->next;
-- 
1.8.3.1

[Qemu-devel] [PULL 25/51] scsi-disk: release AioContext in unaligned WRITE SAME case

[Paolo Bonzini]

From: Stefan Hajnoczi 

scsi_write_same_complete() can retry the write if the request was
unaligned.  Make sure to release the AioContext when that code path is
taken!

This patch fixes a hang when QEMU terminates after an unaligned WRITE
SAME request has been processed with dataplane.  The hang occurs because
iothread_stop_all() cannot acquire the AioContext lock that was leaked
by the IOThread in scsi_write_same_complete().

Fixes: b9e413dd37 ("block: explicitly acquire aiocontext in aio callbacks that 
need it").
Cc: Paolo Bonzini 
Cc: qemu-sta...@nongnu.org
Reported-by: Cong Li 
Signed-off-by: Stefan Hajnoczi 
Message-Id: <20180104142502.15175-1-stefa...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/scsi/scsi-disk.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index e58833a..49d2559 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -1755,6 +1755,7 @@ static void scsi_write_same_complete(void *opaque, int 
ret)
data->sector << BDRV_SECTOR_BITS,
&data->qiov, 0,
scsi_write_same_complete, data);
+aio_context_release(blk_get_aio_context(s->qdev.conf.blk));
 return;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 13/51] tests/docker: add some sanitizers to fedora dockerfile

[Paolo Bonzini]

From: Marc-André Lureau 

Build fedora image with ASAN/UBSan support.

Signed-off-by: Marc-André Lureau 
Message-Id: <20180104160523.22995-6-marcandre.lur...@redhat.com>
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
---
 tests/docker/dockerfiles/fedora.docker | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/docker/dockerfiles/fedora.docker 
b/tests/docker/dockerfiles/fedora.docker
index 4b26c3a..32de731 100644
--- a/tests/docker/dockerfiles/fedora.docker
+++ b/tests/docker/dockerfiles/fedora.docker
@@ -3,7 +3,7 @@ ENV PACKAGES \
 ccache gettext git tar PyYAML sparse flex bison python2 bzip2 hostname \
 glib2-devel pixman-devel zlib-devel SDL-devel libfdt-devel \
 gcc gcc-c++ clang make perl which bc findutils libaio-devel \
-nettle-devel \
+nettle-devel libasan libubsan \
 mingw32-pixman mingw32-glib2 mingw32-gmp mingw32-SDL mingw32-pkg-config \
 mingw32-gtk2 mingw32-gtk3 mingw32-gnutls mingw32-nettle mingw32-libtasn1 \
 mingw32-libjpeg-turbo mingw32-libpng mingw32-curl mingw32-libssh2 \
@@ -15,4 +15,4 @@ ENV PACKAGES \
 
 RUN dnf install -y $PACKAGES
 RUN rpm -q $PACKAGES | sort > /packages.txt
-ENV FEATURES mingw clang pyyaml
+ENV FEATURES mingw clang pyyaml asan
-- 
1.8.3.1

[Qemu-devel] [PULL 16/51] vl: fix direct firmware directories leak

[Paolo Bonzini]

From: Marc-André Lureau 

Note that data_dir[] will now point to allocated strings.

Fixes:
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7f1448181850 in malloc (/lib64/libasan.so.4+0xde850)
#1 0x7f1446ed8f0c in g_malloc ../glib/gmem.c:94
#2 0x7f1446ed91cf in g_malloc_n ../glib/gmem.c:331
#3 0x7f1446ef739a in g_strsplit ../glib/gstrfuncs.c:2364
#4 0x55cf276439d7 in main /home/elmarco/src/qq/vl.c:4311
#5 0x7f143dfad039 in __libc_start_main (/lib64/libc.so.6+0x21039)

Signed-off-by: Marc-André Lureau 
Reviewed-by: Eric Blake 
Message-Id: <20180104160523.22995-10-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 vl.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/vl.c b/vl.c
index 444b750..3599485 100644
--- a/vl.c
+++ b/vl.c
@@ -2318,7 +2318,7 @@ static void qemu_add_data_dir(const char *path)
 return; /* duplicate */
 }
 }
-data_dir[data_dir_idx++] = path;
+data_dir[data_dir_idx++] = g_strdup(path);
 }
 
 static inline bool nonempty_str(const char *str)
@@ -3078,7 +3078,7 @@ int main(int argc, char **argv, char **envp)
 Error *main_loop_err = NULL;
 Error *err = NULL;
 bool list_data_dirs = false;
-char **dirs;
+char *dir, **dirs;
 typedef struct BlockdevOptions_queue {
 BlockdevOptions *bdo;
 Location loc;
@@ -4181,9 +4181,12 @@ int main(int argc, char **argv, char **envp)
 for (i = 0; dirs[i] != NULL; i++) {
 qemu_add_data_dir(dirs[i]);
 }
+g_strfreev(dirs);
 
 /* try to find datadir relative to the executable path */
-qemu_add_data_dir(os_find_datadir());
+dir = os_find_datadir();
+qemu_add_data_dir(dir);
+g_free(dir);
 
 /* add the datadir specified when building */
 qemu_add_data_dir(CONFIG_QEMU_DATADIR);
-- 
1.8.3.1

[Qemu-devel] [PULL 27/51] tests/boot-serial-test: Add a test for the moxiesim machine

[Paolo Bonzini]

From: Thomas Huth 

Now that moxiesim supports the -bios parameter, we can check this machine
in the boot-serial tester, too, by supplying a mini bios that only writes
'T' characters to the UART.

Signed-off-by: Thomas Huth 
Message-Id: <1512031988-32490-7-git-send-email-th...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 tests/Makefile.include   | 2 ++
 tests/boot-serial-test.c | 8 
 2 files changed, 10 insertions(+)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 561e14b..13d6684 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -308,6 +308,8 @@ check-qtest-mips64-y = tests/endianness-test$(EXESUF)
 
 check-qtest-mips64el-y = tests/endianness-test$(EXESUF)
 
+check-qtest-moxie-y = tests/boot-serial-test$(EXESUF)
+
 check-qtest-ppc-y = tests/endianness-test$(EXESUF)
 check-qtest-ppc-y += tests/boot-order-test$(EXESUF)
 check-qtest-ppc-y += tests/prom-env-test$(EXESUF)
diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index a39273a..1deddb8 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -40,6 +40,13 @@ static const uint8_t kernel_plml605[] = {
 0xfc, 0xff, 0x00, 0xb8  /* bri   -4  loop */
 };
 
+static const uint8_t bios_moxiesim[] = {
+0x20, 0x10, 0x00, 0x00, 0x03, 0xf8, /* ldi.s r1,0x3f8 */
+0x1b, 0x20, 0x00, 0x00, 0x00, 0x54, /* ldi.b r2,'T' */
+0x1e, 0x12, /* st.b  r1,r2 */
+0x1a, 0x00, 0x00, 0x00, 0x10, 0x00  /* jmpa  0x1000 */
+};
+
 typedef struct testdef {
 const char *arch;   /* Target architecture */
 const char *machine;/* Name of the machine */
@@ -70,6 +77,7 @@ static testdef_t tests[] = {
   sizeof(kernel_pls3adsp1800), kernel_pls3adsp1800 },
 { "microblazeel", "petalogix-ml605", "", "TT",
   sizeof(kernel_plml605), kernel_plml605 },
+{ "moxie", "moxiesim", "", "TT", sizeof(bios_moxiesim), 0, bios_moxiesim },
 
 { NULL }
 };
-- 
1.8.3.1

[Qemu-devel] [PULL 22/51] tests: fix coroutine leak in /basic/entered

[Paolo Bonzini]

From: Marc-André Lureau 

The coroutine is not finished by the time the test ends, resulting in
ASAN warning:

==7005==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 312 byte(s) in 1 object(s) allocated from:
#0 0x7fd35290fa38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38)
#1 0x7fd3506c5f75 in g_malloc0 ../glib/gmem.c:124
#2 0x55994af03e47 in qemu_coroutine_new 
/home/elmarco/src/qemu/util/coroutine-ucontext.c:144
#3 0x55994aefed99 in qemu_coroutine_create 
/home/elmarco/src/qemu/util/qemu-coroutine.c:76
#4 0x55994ac1eb50 in verify_entered_step_1 
/home/elmarco/src/qemu/tests/test-coroutine.c:80
#5 0x55994af03c75 in coroutine_trampoline 
/home/elmarco/src/qemu/util/coroutine-ucontext.c:119
#6 0x7fd34ec02bef  (/lib64/libc.so.6+0x50bef)

Do not yield() to let the coroutine terminate.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Stefan Hajnoczi 
Message-Id: <20180104160523.22995-17-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 tests/test-coroutine.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/test-coroutine.c b/tests/test-coroutine.c
index abd97c2..76c6461 100644
--- a/tests/test-coroutine.c
+++ b/tests/test-coroutine.c
@@ -67,7 +67,6 @@ static void coroutine_fn verify_entered_step_2(void *opaque)
 /* Once more to check it still works after yielding */
 g_assert(qemu_coroutine_entered(caller));
 g_assert(qemu_coroutine_entered(qemu_coroutine_self()));
-qemu_coroutine_yield();
 }
 
 static void coroutine_fn verify_entered_step_1(void *opaque)
-- 
1.8.3.1

[Qemu-devel] [PULL 23/51] mips: fix potential fopen(NULL,...)

[Paolo Bonzini]

From: Marc-André Lureau 

Spotted thanks to ASAN.

Signed-off-by: Marc-André Lureau 
Message-Id: <20180104160523.22995-18-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/nvram/ds1225y.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/nvram/ds1225y.c b/hw/nvram/ds1225y.c
index 57d5ab2..ad7345f 100644
--- a/hw/nvram/ds1225y.c
+++ b/hw/nvram/ds1225y.c
@@ -80,7 +80,7 @@ static int nvram_post_load(void *opaque, int version_id)
 }
 
 /* Write back nvram contents */
-s->file = fopen(s->filename, "wb");
+s->file = s->filename ? fopen(s->filename, "wb") : NULL;
 if (s->file) {
 /* Write back contents, as 'wb' mode cleaned the file */
 if (fwrite(s->contents, s->chip_size, 1, s->file) != 1) {
@@ -126,7 +126,7 @@ static int nvram_sysbus_initfn(SysBusDevice *dev)
 sysbus_init_mmio(dev, &s->iomem);
 
 /* Read current file */
-file = fopen(s->filename, "rb");
+file = s->filename ? fopen(s->filename, "rb") : NULL;
 if (file) {
 /* Read nvram contents */
 if (fread(s->contents, s->chip_size, 1, file) != 1) {
-- 
1.8.3.1

[Qemu-devel] [PULL 18/51] tests: fix migration-test leak

[Paolo Bonzini]

From: Marc-André Lureau 

Direct leak of 12 byte(s) in 2 object(s) allocated from:
#0 0x7f50d403c850 in malloc (/lib64/libasan.so.4+0xde850)
#1 0x7f50d1ddf98f in vasprintf (/lib64/libc.so.6+0x8098f)

Signed-off-by: Marc-André Lureau 
Reviewed-by: Dr. David Alan Gilbert 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20180104160523.22995-12-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 tests/migration-test.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/migration-test.c b/tests/migration-test.c
index be598d3..799e24e 100644
--- a/tests/migration-test.c
+++ b/tests/migration-test.c
@@ -358,13 +358,14 @@ static void migrate_check_parameter(QTestState *who, 
const char *parameter,
 const char *value)
 {
 QDict *rsp, *rsp_return;
-const char *result;
+char *result;
 
 rsp = wait_command(who, "{ 'execute': 'query-migrate-parameters' }");
 rsp_return = qdict_get_qdict(rsp, "return");
 result = g_strdup_printf("%" PRId64,
  qdict_get_try_int(rsp_return,  parameter, -1));
 g_assert_cmpstr(result, ==, value);
+g_free(result);
 QDECREF(rsp);
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 21/51] tests: fix qmp-test leak

[Paolo Bonzini]

From: Marc-André Lureau 

Direct leak of 913 byte(s) in 43 object(s) allocated from:
#0 0x55880a15df60 in __interceptor_malloc 
(/home/elmarco/src/qq/build/tests/qmp-test+0x110f60)
#1 0x7f3f20fd098f in _IO_vasprintf (/lib64/libc.so.6+0x8098f)

Signed-off-by: Marc-André Lureau 
Reviewed-by: Markus Armbruster 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20180104160523.22995-15-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 tests/qmp-test.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/qmp-test.c b/tests/qmp-test.c
index c5a5c10..36feb22 100644
--- a/tests/qmp-test.c
+++ b/tests/qmp-test.c
@@ -271,7 +271,7 @@ static void add_query_tests(QmpSchema *schema)
 {
 SchemaInfoList *tail;
 SchemaInfo *si, *arg_type, *ret_type;
-const char *test_name;
+char *test_name;
 
 /* Test the query-like commands */
 for (tail = schema->list; tail; tail = tail->next) {
@@ -297,6 +297,7 @@ static void add_query_tests(QmpSchema *schema)
 
 test_name = g_strdup_printf("qmp/%s", si->name);
 qtest_add_data_func(test_name, si->name, test_query);
+g_free(test_name);
 }
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 24/51] disas/s390: fix global-buffer-overflow

[Paolo Bonzini]

From: Marc-André Lureau 

Spotted thanks to ASAN:

==25226==ERROR: AddressSanitizer: global-buffer-overflow on address 
0x556715a1f120 at pc 0x556714b6f6b1 bp 0x7ffcdfac1360 sp 0x7ffcdfac1350
READ of size 1 at 0x556715a1f120 thread T0
#0 0x556714b6f6b0 in init_disasm /home/elmarco/src/qemu/disas/s390.c:219
#1 0x556714b6fa6a in print_insn_s390 /home/elmarco/src/qemu/disas/s390.c:294
#2 0x55671484d031 in monitor_disas /home/elmarco/src/qemu/disas.c:635
#3 0x556714862ec0 in memory_dump /home/elmarco/src/qemu/monitor.c:1324
#4 0x55671486342a in hmp_memory_dump /home/elmarco/src/qemu/monitor.c:1418
#5 0x5567148670be in handle_hmp_command 
/home/elmarco/src/qemu/monitor.c:3109
#6 0x5567148674ed in qmp_human_monitor_command 
/home/elmarco/src/qemu/monitor.c:613
#7 0x556714b00918 in qmp_marshal_human_monitor_command 
/home/elmarco/src/qemu/build/qmp-marshal.c:1704
#8 0x556715138a3e in do_qmp_dispatch 
/home/elmarco/src/qemu/qapi/qmp-dispatch.c:104
#9 0x556715138f83 in qmp_dispatch 
/home/elmarco/src/qemu/qapi/qmp-dispatch.c:131
#10 0x55671485cf88 in handle_qmp_command 
/home/elmarco/src/qemu/monitor.c:3839
#11 0x55671514e80b in json_message_process_token 
/home/elmarco/src/qemu/qobject/json-streamer.c:105
#12 0x5567151bf2dc in json_lexer_feed_char 
/home/elmarco/src/qemu/qobject/json-lexer.c:323
#13 0x5567151bf827 in json_lexer_feed 
/home/elmarco/src/qemu/qobject/json-lexer.c:373
#14 0x55671514ee62 in json_message_parser_feed 
/home/elmarco/src/qemu/qobject/json-streamer.c:124
#15 0x556714854b1f in monitor_qmp_read /home/elmarco/src/qemu/monitor.c:3881
#16 0x556715045440 in qemu_chr_be_write_impl 
/home/elmarco/src/qemu/chardev/char.c:172
#17 0x556715047184 in qemu_chr_be_write 
/home/elmarco/src/qemu/chardev/char.c:184
#18 0x55671505a8e6 in tcp_chr_read 
/home/elmarco/src/qemu/chardev/char-socket.c:440
#19 0x5567150943c3 in qio_channel_fd_source_dispatch 
/home/elmarco/src/qemu/io/channel-watch.c:84
#20 0x7fb90292b90b in g_main_dispatch ../glib/gmain.c:3182
#21 0x7fb90292c7ac in g_main_context_dispatch ../glib/gmain.c:3847
#22 0x556715162eca in glib_pollfds_poll 
/home/elmarco/src/qemu/util/main-loop.c:214
#23 0x556715163001 in os_host_main_loop_wait 
/home/elmarco/src/qemu/util/main-loop.c:261
#24 0x5567151631fa in main_loop_wait 
/home/elmarco/src/qemu/util/main-loop.c:515
#25 0x556714ad6d3b in main_loop /home/elmarco/src/qemu/vl.c:1950
#26 0x556714ade329 in main /home/elmarco/src/qemu/vl.c:4865
#27 0x7fb8fe5c9009 in __libc_start_main (/lib64/libc.so.6+0x21009)
#28 0x5567147af4d9 in _start 
(/home/elmarco/src/qemu/build/s390x-softmmu/qemu-system-s390x+0xf674d9)

0x556715a1f120 is located 32 bytes to the left of global variable 
'char_hci_type_info' defined in '/home/elmarco/src/qemu/hw/bt/hci-csr.c:493:23' 
(0x556715a1f140) of size 104
0x556715a1f120 is located 8 bytes to the right of global variable 
's390_opcodes' defined in '/home/elmarco/src/qemu/disas/s390.c:860:33' 
(0x556715a15280) of size 40600

This fix is based on Andreas Arnez  upstream
commit:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=9ace48f3d7d80ce09c5df60cccb433470410b11b

2014-08-19  Andreas Arnez  

   * s390-dis.c (init_disasm): Simplify initialization of
   opc_index[].  This also fixes an access after the last element
   of s390_opcodes[].

Signed-off-by: Marc-André Lureau 
Message-Id: <20180104160523.22995-19-marcandre.lur...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 disas/s390.c | 16 ++--
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/disas/s390.c b/disas/s390.c
index 1f167d2..6393860 100644
--- a/disas/s390.c
+++ b/disas/s390.c
@@ -207,18 +207,14 @@ static int opc_index[256];
 static void
 init_disasm (struct disassemble_info *info)
 {
-  const struct s390_opcode *opcode;
-  const struct s390_opcode *opcode_end;
+  int i;
 
   memset (opc_index, 0, sizeof (opc_index));
-  opcode_end = s390_opcodes + s390_num_opcodes;
-  for (opcode = s390_opcodes; opcode < opcode_end; opcode++)
-{
-  opc_index[(int) opcode->opcode[0]] = opcode - s390_opcodes;
-  while ((opcode < opcode_end) &&
-(opcode[1].opcode[0] == opcode->opcode[0]))
-   opcode++;
-}
+
+  /* Reverse order, such that each opc_index ends up pointing to the
+ first matching entry instead of the last.  */
+  for (i = s390_num_opcodes; i--; )
+opc_index[s390_opcodes[i].opcode[0]] = i;
 
 #ifdef QEMU_DISABLE
   switch (info->mach)
-- 
1.8.3.1

[Qemu-devel] [PULL 29/51] target/i386: move hflags update code to a function

[Paolo Bonzini]

From: Tao Wu 

We will share the same code for hax/kvm.

Signed-off-by: Tao Wu 
Message-Id: <20180110195056.85403-1-lep...@google.com>
Signed-off-by: Paolo Bonzini 
---
 target/i386/cpu.c | 42 ++
 target/i386/cpu.h |  2 ++
 target/i386/kvm.c | 40 +---
 3 files changed, 45 insertions(+), 39 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 3818d72..ad8196b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4147,6 +4147,48 @@ static void x86_disas_set_info(CPUState *cs, 
disassemble_info *info)
 info->cap_insn_split = 8;
 }
 
+void x86_update_hflags(CPUX86State *env)
+{
+   uint32_t hflags;
+#define HFLAG_COPY_MASK \
+~( HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \
+   HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \
+   HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \
+   HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK)
+
+hflags = env->hflags & HFLAG_COPY_MASK;
+hflags |= (env->segs[R_SS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK;
+hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT);
+hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) &
+(HF_MP_MASK | HF_EM_MASK | HF_TS_MASK);
+hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK));
+
+if (env->cr[4] & CR4_OSFXSR_MASK) {
+hflags |= HF_OSFXSR_MASK;
+}
+
+if (env->efer & MSR_EFER_LMA) {
+hflags |= HF_LMA_MASK;
+}
+
+if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) {
+hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK;
+} else {
+hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >>
+(DESC_B_SHIFT - HF_CS32_SHIFT);
+hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >>
+(DESC_B_SHIFT - HF_SS32_SHIFT);
+if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK) ||
+!(hflags & HF_CS32_MASK)) {
+hflags |= HF_ADDSEG_MASK;
+} else {
+hflags |= ((env->segs[R_DS].base | env->segs[R_ES].base |
+env->segs[R_SS].base) != 0) << HF_ADDSEG_SHIFT;
+}
+}
+env->hflags = hflags;
+}
+
 static Property x86_cpu_properties[] = {
 #ifdef CONFIG_USER_ONLY
 /* apic_id = 0 by default for *-user, see commit 9886e834 */
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 62c4742..f64e5ed 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1778,4 +1778,6 @@ bool cpu_is_bsp(X86CPU *cpu);
 
 void x86_cpu_xrstor_all_areas(X86CPU *cpu, const X86XSaveArea *buf);
 void x86_cpu_xsave_all_areas(X86CPU *cpu, X86XSaveArea *buf);
+void x86_update_hflags(CPUX86State* env);
+
 #endif /* I386_CPU_H */
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index d23127c..825aea5 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1891,7 +1891,6 @@ static int kvm_get_sregs(X86CPU *cpu)
 {
 CPUX86State *env = &cpu->env;
 struct kvm_sregs sregs;
-uint32_t hflags;
 int bit, i, ret;
 
 ret = kvm_vcpu_ioctl(CPU(cpu), KVM_GET_SREGS, &sregs);
@@ -1933,44 +1932,7 @@ static int kvm_get_sregs(X86CPU *cpu)
 env->efer = sregs.efer;
 
 /* changes to apic base and cr8/tpr are read back via kvm_arch_post_run */
-
-#define HFLAG_COPY_MASK \
-~( HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \
-   HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \
-   HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \
-   HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK)
-
-hflags = env->hflags & HFLAG_COPY_MASK;
-hflags |= (env->segs[R_SS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK;
-hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT);
-hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) &
-(HF_MP_MASK | HF_EM_MASK | HF_TS_MASK);
-hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK));
-
-if (env->cr[4] & CR4_OSFXSR_MASK) {
-hflags |= HF_OSFXSR_MASK;
-}
-
-if (env->efer & MSR_EFER_LMA) {
-hflags |= HF_LMA_MASK;
-}
-
-if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) {
-hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK;
-} else {
-hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >>
-(DESC_B_SHIFT - HF_CS32_SHIFT);
-hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >>
-(DESC_B_SHIFT - HF_SS32_SHIFT);
-if (!(env->cr[0] & CR0_PE_MASK) || (env->eflags & VM_MASK) ||
-!(hflags & HF_CS32_MASK)) {
-hflags |= HF_ADDSEG_MASK;
-} else {
-hflags |= ((env->segs[R_DS].base | env->segs[R_ES].base |
-env->segs[R_SS].base) != 0) << HF_ADDSEG_SHIFT;
-}
-}
-env->hflags = hflags;
+x86_update_hflags(env);
 
 return 0;
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 19/51] crypto: fix stack-buffer-overflow error

[Paolo Bonzini]

From: Marc-André Lureau 

ASAN complains about:

==8856==ERROR: AddressSanitizer: stack-buffer-overflow on address 
0x7ffd8a1fe168 at pc 0x561136cb4451 bp 0x7ffd8a1fe130 sp 0x7ffd8a1fd8e0
READ of size 16 at 0x7ffd8a1fe168 thread T0
#0 0x561136cb4450 in __asan_memcpy 
(/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x110450)
#1 0x561136d2a6a7 in qcrypto_ivgen_essiv_calculate 
/home/elmarco/src/qq/crypto/ivgen-essiv.c:83:5
#2 0x561136d29af8 in qcrypto_ivgen_calculate 
/home/elmarco/src/qq/crypto/ivgen.c:72:12
#3 0x561136d07c8e in test_ivgen 
/home/elmarco/src/qq/tests/test-crypto-ivgen.c:148:5
#4 0x7f2c3b04 in test_case_run 
/home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2237
#5 0x7f2c3ec4 in g_test_run_suite_internal 
/home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2321
#6 0x7f2c3f6d in g_test_run_suite_internal 
/home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333
#7 0x7f2c3f6d in g_test_run_suite_internal 
/home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333
#8 0x7f2c3f6d in g_test_run_suite_internal 
/home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2333
#9 0x7f2c4184 in g_test_run_suite 
/home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:2408
#10 0x7f2c2e0d in g_test_run 
/home/elmarco/src/gnome/glib/builddir/../glib/gtestutils.c:1674
#11 0x561136d0799b in main 
/home/elmarco/src/qq/tests/test-crypto-ivgen.c:173:12
#12 0x7f77756e6039 in __libc_start_main (/lib64/libc.so.6+0x21039)
#13 0x561136c13d89 in _start 
(/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x6fd89)

Address 0x7ffd8a1fe168 is located in stack of thread T0 at offset 40 in frame
#0 0x561136d2a40f in qcrypto_ivgen_essiv_calculate 
/home/elmarco/src/qq/crypto/ivgen-essiv.c:76

  This frame has 1 object(s):
[32, 40) 'sector.addr' <== Memory access at offset 40 overflows this 
variable
HINT: this may be a false positive if your program uses some custom stack 
unwind mechanism or swapcontext
  (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow 
(/home/elmarco/src/qq/build/tests/test-crypto-ivgen+0x110450) in __asan_memcpy
Shadow bytes around the buggy address:
  0x100031437bd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031437be0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031437bf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031437c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031437c10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100031437c20: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00[f3]f3 f3
  0x100031437c30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031437c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031437c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031437c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100031437c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:   fa
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb

It looks like the rest of the code copes with ndata being larger than
sizeof(sector), so limit the memcpy() range.

Signed-off-by: Marc-André Lureau 
Reviewed-by: Daniel P. Berrange 
Message-Id: <20180104160523.22995-13-marcandre.lur...@redhat.com>
Tested-by: Thomas Huth 
Reviewed-by: Thomas Huth 
Signed-off-by: Paolo Bonzini 
---
 crypto/ivgen-essiv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/ivgen-essiv.c b/crypto/ivgen-essiv.c
index cba20bd..ad4d926 100644
--- a/crypto/ivgen-essiv.c
+++ b/crypto/ivgen-essiv.c
@@ -79,7 +79,7 @@ static int qcrypto_ivgen_essiv_calculate(QCryptoIVGen *ivgen,
 uint8_t *data = g_new(uint8_t, ndata);
 
 sector = cpu_to_le64(sector);
-memcpy(data, (uint8_t *)§or, ndata);
+memcpy(data, (uint8_t *)§or, MIN(sizeof(sector), ndata));
 if (sizeof(sector) < ndata) {
 memset(data + sizeof(sector), 0, ndata - sizeof(sector));
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 31/51] target/i386: hax: Move x86_update_hflags.

[Paolo Bonzini]

From: Tao Wu 

x86_update_hflags reference env->efer which is updated in hax_get_msrs,
so it has to be called after hax_get_msrs. This fix the bug that sometimes
dump_state show 32 bits regs even in 64 bits mode.

Signed-off-by: Tao Wu 
Message-Id: <20180110195056.85403-3-lep...@google.com>
Signed-off-by: Paolo Bonzini 
---
 target/i386/hax-all.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
index 07df73e..934ec4a 100644
--- a/target/i386/hax-all.c
+++ b/target/i386/hax-all.c
@@ -837,9 +837,6 @@ static int hax_sync_vcpu_register(CPUArchState *env, int 
set)
 return -1;
 }
 }
-if (!set) {
-x86_update_hflags(env);
-}
 return 0;
 }
 
@@ -1020,6 +1017,7 @@ static int hax_arch_get_registers(CPUArchState *env)
 return ret;
 }
 
+x86_update_hflags(env);
 return 0;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 39/51] mips: Tweak location of ';' in macros

[Paolo Bonzini]

From: Eric Blake 

It is more typical to provide the ';' by the caller of a macro
than to embed it in the macro itself; this is because syntax
highlight engines can get confused if a macro is called without
a semicolon before the closing '}'.

Signed-off-by: Eric Blake 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20171201232433.25193-3-ebl...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 target/mips/msa_helper.c | 34 ++
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/target/mips/msa_helper.c b/target/mips/msa_helper.c
index f167a42..8fb7a36 100644
--- a/target/mips/msa_helper.c
+++ b/target/mips/msa_helper.c
@@ -682,13 +682,13 @@ static inline int64_t msa_mod_u_df(uint32_t df, int64_t 
arg1, int64_t arg2)
 do {\
 e = SIGNED_EVEN(a, df); \
 o = SIGNED_ODD(a, df);  \
-} while (0);
+} while (0)
 
 #define UNSIGNED_EXTRACT(e, o, a, df)   \
 do {\
 e = UNSIGNED_EVEN(a, df);   \
 o = UNSIGNED_ODD(a, df);\
-} while (0);
+} while (0)
 
 static inline int64_t msa_dotp_s_df(uint32_t df, int64_t arg1, int64_t arg2)
 {
@@ -1120,9 +1120,11 @@ void helper_msa_splat_df(CPUMIPSState *env, uint32_t df, 
uint32_t wd,
 #define MSA_LOOP_COND_D MSA_LOOP_COND(DF_DOUBLE)
 
 #define MSA_LOOP(DF) \
+do { \
 for (i = 0; i < (MSA_LOOP_COND_ ## DF) ; i++) { \
-MSA_DO_ ## DF \
-}
+MSA_DO_ ## DF; \
+} \
+} while (0)
 
 #define MSA_FN_DF(FUNC) \
 void helper_msa_##FUNC(CPUMIPSState *env, uint32_t df, uint32_t wd, \
@@ -1135,17 +1137,17 @@ void helper_msa_##FUNC(CPUMIPSState *env, uint32_t df, 
uint32_t wd, \
 uint32_t i; \
 switch (df) {   \
 case DF_BYTE:   \
-MSA_LOOP_B  \
+MSA_LOOP_B; \
 break;  \
 case DF_HALF:   \
-MSA_LOOP_H  \
+MSA_LOOP_H; \
 break;  \
 case DF_WORD:   \
-MSA_LOOP_W  \
+MSA_LOOP_W; \
 break;  \
 case DF_DOUBLE: \
-MSA_LOOP_D  \
-   break;   \
+MSA_LOOP_D; \
+break;  \
 default:\
 assert(0);  \
 }   \
@@ -1168,7 +1170,7 @@ void helper_msa_##FUNC(CPUMIPSState *env, uint32_t df, 
uint32_t wd, \
 do {\
 R##DF(pwx, i) = pwt->DF[2*i];   \
 L##DF(pwx, i) = pws->DF[2*i];   \
-} while (0);
+} while (0)
 MSA_FN_DF(pckev_df)
 #undef MSA_DO
 
@@ -1176,7 +1178,7 @@ MSA_FN_DF(pckev_df)
 do {\
 R##DF(pwx, i) = pwt->DF[2*i+1]; \
 L##DF(pwx, i) = pws->DF[2*i+1]; \
-} while (0);
+} while (0)
 MSA_FN_DF(pckod_df)
 #undef MSA_DO
 
@@ -1184,7 +1186,7 @@ MSA_FN_DF(pckod_df)
 do {\
 pwx->DF[2*i]   = L##DF(pwt, i); \
 pwx->DF[2*i+1] = L##DF(pws, i); \
-} while (0);
+} while (0)
 MSA_FN_DF(ilvl_df)
 #undef MSA_DO
 
@@ -1192,7 +1194,7 @@ MSA_FN_DF(ilvl_df)
 do {\
 pwx->DF[2*i]   = R##DF(pwt, i); \
 pwx->DF[2*i+1] = R##DF(pws, i); \
-} while (0);
+} while (0)
 MSA_FN_DF(ilvr_df)
 #undef MSA_DO
 
@@ -1200,7 +1202,7 @@ MSA_FN_DF(ilvr_df)
 do {\
 pwx->DF[2*i]   = pwt->DF[2*i];  \
 pwx->DF[2*i+1] = pws->DF[2*i];  \
-} while (0);
+} while (0)
 MSA_FN_DF(ilvev_df)
 #undef MSA_DO
 
@@ -1208,7 +1210,7 @@ MSA_FN_DF(ilvev_df)
 do {\
 pwx->DF[2*i]   = pwt->DF[2*i+1];\
 pwx->DF[2*i+1] = pws->DF[2*i+1];\
-} while (0);
+} while (0)
 MSA_FN_DF(ilvod_df)
 #undef MSA_DO
 #undef MSA_LOOP_COND
@@ -1222,7 +1224,7 @@ MSA_FN_DF(ilvod_df)
 uint32_t k = (pwd->DF[i] & 0x3f) % (

[Qemu-devel] [PULL 26/51] tests/boot-serial-test: Add tests for microblaze boards

[Paolo Bonzini]

From: Thomas Huth 

This adds two simple TCG + UART tests for the microblaze boards,
one in big endian mode, and one in little endian mode.

Signed-off-by: Thomas Huth 
Message-Id: <1512031988-32490-5-git-send-email-th...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 tests/Makefile.include   |  2 ++
 tests/boot-serial-test.c | 20 
 2 files changed, 22 insertions(+)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 39a4b53..561e14b 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -300,6 +300,8 @@ check-qtest-alpha-y = tests/boot-serial-test$(EXESUF)
 
 check-qtest-m68k-y = tests/boot-serial-test$(EXESUF)
 
+check-qtest-microblaze-y = tests/boot-serial-test$(EXESUF)
+
 check-qtest-mips-y = tests/endianness-test$(EXESUF)
 
 check-qtest-mips64-y = tests/endianness-test$(EXESUF)
diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index dd3828c..a39273a 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -24,6 +24,22 @@ static const uint8_t kernel_mcf5208[] = {
 0x60, 0xfa  /* bra.s  loop */
 };
 
+static const uint8_t kernel_pls3adsp1800[] = {
+0xb0, 0x00, 0x84, 0x00, /* imm   0x8400 */
+0x30, 0x60, 0x00, 0x04, /* addik r3,r0,4 */
+0x30, 0x80, 0x00, 0x54, /* addik r4,r0,'T' */
+0xf0, 0x83, 0x00, 0x00, /* sbi   r4,r3,0 */
+0xb8, 0x00, 0xff, 0xfc  /* bri   -4  loop */
+};
+
+static const uint8_t kernel_plml605[] = {
+0xe0, 0x83, 0x00, 0xb0, /* imm   0x83e0 */
+0x00, 0x10, 0x60, 0x30, /* addik r3,r0,0x1000 */
+0x54, 0x00, 0x80, 0x30, /* addik r4,r0,'T' */
+0x00, 0x00, 0x83, 0xf0, /* sbi   r4,r3,0 */
+0xfc, 0xff, 0x00, 0xb8  /* bri   -4  loop */
+};
+
 typedef struct testdef {
 const char *arch;   /* Target architecture */
 const char *machine;/* Name of the machine */
@@ -50,6 +66,10 @@ static testdef_t tests[] = {
 { "s390x", "s390-ccw-virtio",
   "-nodefaults -device sclpconsole,chardev=serial0", "virtio device" },
 { "m68k", "mcf5208evb", "", "TT", sizeof(kernel_mcf5208), kernel_mcf5208 },
+{ "microblaze", "petalogix-s3adsp1800", "", "TT",
+  sizeof(kernel_pls3adsp1800), kernel_pls3adsp1800 },
+{ "microblazeel", "petalogix-ml605", "", "TT",
+  sizeof(kernel_plml605), kernel_plml605 },
 
 { NULL }
 };
-- 
1.8.3.1

[Qemu-devel] [PULL 28/51] tests/boot-serial-test: Add support for the raspi2 machine

[Paolo Bonzini]

From: Thomas Huth 

The raspi2 machine supports loading firmware images, so we can easily
load a small test sequence as raw binary blob here to test the UART.

Signed-off-by: Thomas Huth 
Message-Id: <1512031988-32490-8-git-send-email-th...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 tests/Makefile.include   | 1 +
 tests/boot-serial-test.c | 9 +
 2 files changed, 10 insertions(+)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 13d6684..8883274 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -362,6 +362,7 @@ check-qtest-arm-y += tests/virtio-blk-test$(EXESUF)
 gcov-files-arm-y += arm-softmmu/hw/block/virtio-blk.c
 check-qtest-arm-y += tests/test-arm-mptimer$(EXESUF)
 gcov-files-arm-y += hw/timer/arm_mptimer.c
+check-qtest-arm-y += tests/boot-serial-test$(EXESUF)
 
 check-qtest-aarch64-y = tests/numa-test$(EXESUF)
 
diff --git a/tests/boot-serial-test.c b/tests/boot-serial-test.c
index 1deddb8..663b78b 100644
--- a/tests/boot-serial-test.c
+++ b/tests/boot-serial-test.c
@@ -47,6 +47,14 @@ static const uint8_t bios_moxiesim[] = {
 0x1a, 0x00, 0x00, 0x00, 0x10, 0x00  /* jmpa  0x1000 */
 };
 
+static const uint8_t bios_raspi2[] = {
+0x08, 0x30, 0x9f, 0xe5, /* ldr   r3,[pc,#8]Get base */
+0x54, 0x20, 0xa0, 0xe3, /* mov r2,#'T' */
+0x00, 0x20, 0xc3, 0xe5, /* strbr2,[r3] */
+0xfb, 0xff, 0xff, 0xea, /* b   loop */
+0x00, 0x10, 0x20, 0x3f, /* 0x3f201000 = UART0 base addr */
+};
+
 typedef struct testdef {
 const char *arch;   /* Target architecture */
 const char *machine;/* Name of the machine */
@@ -78,6 +86,7 @@ static testdef_t tests[] = {
 { "microblazeel", "petalogix-ml605", "", "TT",
   sizeof(kernel_plml605), kernel_plml605 },
 { "moxie", "moxiesim", "", "TT", sizeof(bios_moxiesim), 0, bios_moxiesim },
+{ "arm", "raspi2", "", "TT", sizeof(bios_raspi2), 0, bios_raspi2 },
 
 { NULL }
 };
-- 
1.8.3.1

[Qemu-devel] [PULL 35/51] icount: fixed saving/restoring of icount warp timers

[Paolo Bonzini]

From: Pavel Dovgalyuk 

This patch adds saving and restoring of the icount warp
timers in the vmstate.
It is needed because there timers affect the virtual clock value.
Therefore determinism of the execution in icount record/replay mode
depends on determinism of the timers.

Signed-off-by: Pavel Dovgalyuk 
Acked-by: Paolo Bonzini 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Pavel Dovgalyuk 
---
 cpus.c | 85 +++---
 1 file changed, 66 insertions(+), 19 deletions(-)

diff --git a/cpus.c b/cpus.c
index e8139de..f992537 100644
--- a/cpus.c
+++ b/cpus.c
@@ -120,16 +120,11 @@ static bool all_cpu_threads_idle(void)
 /* Protected by TimersState seqlock */
 
 static bool icount_sleep = true;
-static int64_t vm_clock_warp_start = -1;
 /* Conversion factor from emulated instructions to virtual clock ticks.  */
 static int icount_time_shift;
 /* Arbitrarily pick 1MIPS as the minimum allowable speed.  */
 #define MAX_ICOUNT_SHIFT 10
 
-static QEMUTimer *icount_rt_timer;
-static QEMUTimer *icount_vm_timer;
-static QEMUTimer *icount_warp_timer;
-
 typedef struct TimersState {
 /* Protected by BQL.  */
 int64_t cpu_ticks_prev;
@@ -147,6 +142,11 @@ typedef struct TimersState {
 int64_t qemu_icount_bias;
 /* Only written by TCG thread */
 int64_t qemu_icount;
+/* for adjusting icount */
+int64_t vm_clock_warp_start;
+QEMUTimer *icount_rt_timer;
+QEMUTimer *icount_vm_timer;
+QEMUTimer *icount_warp_timer;
 } TimersState;
 
 static TimersState timers_state;
@@ -432,14 +432,14 @@ static void icount_adjust(void)
 
 static void icount_adjust_rt(void *opaque)
 {
-timer_mod(icount_rt_timer,
+timer_mod(timers_state.icount_rt_timer,
   qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL_RT) + 1000);
 icount_adjust();
 }
 
 static void icount_adjust_vm(void *opaque)
 {
-timer_mod(icount_vm_timer,
+timer_mod(timers_state.icount_vm_timer,
qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
NANOSECONDS_PER_SECOND / 10);
 icount_adjust();
@@ -460,7 +460,7 @@ static void icount_warp_rt(void)
  */
 do {
 seq = seqlock_read_begin(&timers_state.vm_clock_seqlock);
-warp_start = vm_clock_warp_start;
+warp_start = timers_state.vm_clock_warp_start;
 } while (seqlock_read_retry(&timers_state.vm_clock_seqlock, seq));
 
 if (warp_start == -1) {
@@ -473,7 +473,7 @@ static void icount_warp_rt(void)
  cpu_get_clock_locked());
 int64_t warp_delta;
 
-warp_delta = clock - vm_clock_warp_start;
+warp_delta = clock - timers_state.vm_clock_warp_start;
 if (use_icount == 2) {
 /*
  * In adaptive mode, do not let QEMU_CLOCK_VIRTUAL run too
@@ -485,7 +485,7 @@ static void icount_warp_rt(void)
 }
 timers_state.qemu_icount_bias += warp_delta;
 }
-vm_clock_warp_start = -1;
+timers_state.vm_clock_warp_start = -1;
 seqlock_write_end(&timers_state.vm_clock_seqlock);
 
 if (qemu_clock_expired(QEMU_CLOCK_VIRTUAL)) {
@@ -594,11 +594,13 @@ void qemu_start_warp_timer(void)
  * every 100ms.
  */
 seqlock_write_begin(&timers_state.vm_clock_seqlock);
-if (vm_clock_warp_start == -1 || vm_clock_warp_start > clock) {
-vm_clock_warp_start = clock;
+if (timers_state.vm_clock_warp_start == -1
+|| timers_state.vm_clock_warp_start > clock) {
+timers_state.vm_clock_warp_start = clock;
 }
 seqlock_write_end(&timers_state.vm_clock_seqlock);
-timer_mod_anticipate(icount_warp_timer, clock + deadline);
+timer_mod_anticipate(timers_state.icount_warp_timer,
+ clock + deadline);
 }
 } else if (deadline == 0) {
 qemu_clock_notify(QEMU_CLOCK_VIRTUAL);
@@ -623,7 +625,7 @@ static void qemu_account_warp_timer(void)
 return;
 }
 
-timer_del(icount_warp_timer);
+timer_del(timers_state.icount_warp_timer);
 icount_warp_rt();
 }
 
@@ -632,6 +634,45 @@ static bool icount_state_needed(void *opaque)
 return use_icount;
 }
 
+static bool warp_timer_state_needed(void *opaque)
+{
+TimersState *s = opaque;
+return s->icount_warp_timer != NULL;
+}
+
+static bool adjust_timers_state_needed(void *opaque)
+{
+TimersState *s = opaque;
+return s->icount_rt_timer != NULL;
+}
+
+/*
+ * Subsection for warp timer migration is optional, because may not be created
+ */
+static const VMStateDescription icount_vmstate_warp_timer = {
+.name = "timer/icount/warp_timer",
+.version_id = 1,
+.minimum_version_id = 1,
+.needed = warp_timer_state_needed,
+.fields = (VMStateField[]) {
+VMSTATE_INT64(vm_clock_warp_start, TimersState),
+VMSTATE_TIMER_PTR(icount_warp_timer, TimersState),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static 

[Qemu-devel] [PULL 44/51] checkpatch: Enforce proper do/while (0) style

[Paolo Bonzini]

From: Eric Blake 

Use of a loop construct for code that is not intended to repeat
does not make much idiomatic sense, except in one place: it is a
common usage in macros in order to wrap arbitrary code with
single-statement semantics.  But when used in a macro, it is more
typical for the caller to supply the trailing ';' when calling
the macro.

Although qemu coding style frowns on bare:
  if (cond)
statement1;
  else
statement2;
where extra semicolons actually cause syntax errors, we still
want our macro styles to be easily copied to other projects.
Thus, declare it an error if we encounter any form of 'while (0)'
with a semicolon in the same line.

Signed-off-by: Eric Blake 
Message-Id: <20171201232433.25193-8-ebl...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 scripts/checkpatch.pl | 5 +
 1 file changed, 5 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 3dc27d9..accba24 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -1622,6 +1622,11 @@ sub process {
}
}
 
+# 'do ... while (0/false)' only makes sense in macros, without trailing ';'
+   if ($line =~ /while\s*\((0|false)\);/) {
+   ERROR("suspicious ; after while (0)\n" . $herecurr);
+   }
+
 # Check relative indent for conditionals and blocks.
if ($line =~ /\b(?:(?:if|while|for)\s*\(|do\b)/ && $line !~ 
/^.\s*#/ && $line !~ /\}\s*while\s*/) {
my ($s, $c) = ($stat, $cond);
-- 
1.8.3.1

[Qemu-devel] [PULL 32/51] target-i386: update hflags on Hypervisor.framework

[Paolo Bonzini]

This ensures that x86_cpu_dump_state shows registers with the correct
size.

Signed-off-by: Paolo Bonzini 
---
 target/i386/hvf/x86hvf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/hvf/x86hvf.c b/target/i386/hvf/x86hvf.c
index 71c0515..7803e09 100644
--- a/target/i386/hvf/x86hvf.c
+++ b/target/i386/hvf/x86hvf.c
@@ -297,7 +297,6 @@ int hvf_get_registers(CPUState *cpu_state)
 X86CPU *x86cpu = X86_CPU(cpu_state);
 CPUX86State *env = &x86cpu->env;
 
-
 env->regs[R_EAX] = rreg(cpu_state->hvf_fd, HV_X86_RAX);
 env->regs[R_EBX] = rreg(cpu_state->hvf_fd, HV_X86_RBX);
 env->regs[R_ECX] = rreg(cpu_state->hvf_fd, HV_X86_RCX);
@@ -333,6 +332,7 @@ int hvf_get_registers(CPUState *cpu_state)
 env->dr[6] = rreg(cpu_state->hvf_fd, HV_X86_DR6);
 env->dr[7] = rreg(cpu_state->hvf_fd, HV_X86_DR7);
 
+x86_update_hflags(env);
 return 0;
 }
 
-- 
1.8.3.1

[Qemu-devel] [PULL 34/51] scripts/qemu-gdb/timers.py: new helper to dump timer state

[Paolo Bonzini]

From: Alex Bennée 

This introduces the qemu-gdb command "qemu timers" which will dump the
state of the main timers in the system.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Paolo Bonzini 
---
 scripts/qemu-gdb.py   |  3 ++-
 scripts/qemugdb/timers.py | 54 +++
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 scripts/qemugdb/timers.py

diff --git a/scripts/qemu-gdb.py b/scripts/qemu-gdb.py
index d58213e..690827e 100644
--- a/scripts/qemu-gdb.py
+++ b/scripts/qemu-gdb.py
@@ -26,7 +26,7 @@ import os, sys
 
 sys.path.append(os.path.dirname(__file__))
 
-from qemugdb import aio, mtree, coroutine, tcg
+from qemugdb import aio, mtree, coroutine, tcg, timers
 
 class QemuCommand(gdb.Command):
 '''Prefix for QEMU debug support commands'''
@@ -39,6 +39,7 @@ coroutine.CoroutineCommand()
 mtree.MtreeCommand()
 aio.HandlersCommand()
 tcg.TCGLockStatusCommand()
+timers.TimersCommand()
 
 coroutine.CoroutineSPFunction()
 coroutine.CoroutinePCFunction()
diff --git a/scripts/qemugdb/timers.py b/scripts/qemugdb/timers.py
new file mode 100644
index 000..be71a00
--- /dev/null
+++ b/scripts/qemugdb/timers.py
@@ -0,0 +1,54 @@
+#!/usr/bin/python
+# GDB debugging support
+#
+# Copyright 2017 Linaro Ltd
+#
+# Author: Alex Bennée 
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+
+# 'qemu timers' -- display the current timerlists
+
+import gdb
+
+class TimersCommand(gdb.Command):
+'''Display the current QEMU timers'''
+
+def __init__(self):
+'Register the class as a gdb command'
+gdb.Command.__init__(self, 'qemu timers', gdb.COMMAND_DATA,
+ gdb.COMPLETE_NONE)
+
+def dump_timers(self, timer):
+"Follow a timer and recursively dump each one in the list."
+# timer should be of type QemuTimer
+gdb.write("timer %s/%s (cb:%s,opq:%s)\n" % (
+timer['expire_time'],
+timer['scale'],
+timer['cb'],
+timer['opaque']))
+
+if int(timer['next']) > 0:
+self.dump_timers(timer['next'])
+
+
+def process_timerlist(self, tlist, ttype):
+gdb.write("Processing %s timers\n" % (ttype))
+gdb.write("  clock %s is enabled:%s, last:%s\n" % (
+tlist['clock']['type'],
+tlist['clock']['enabled'],
+tlist['clock']['last']))
+if int(tlist['active_timers']) > 0:
+self.dump_timers(tlist['active_timers'])
+
+
+def invoke(self, arg, from_tty):
+'Run the command'
+main_timers = gdb.parse_and_eval("main_loop_tlg")
+
+# This will break if QEMUClockType in timer.h is redfined
+self.process_timerlist(main_timers['tl'][0], "Realtime")
+self.process_timerlist(main_timers['tl'][1], "Virtual")
+self.process_timerlist(main_timers['tl'][2], "Host")
+self.process_timerlist(main_timers['tl'][3], "Virtual RT")
-- 
1.8.3.1

[Qemu-devel] [PULL 30/51] target/i386: hax: change to use x86_update_hflags

[Paolo Bonzini]

From: Tao Wu 

Change to use x86_update_hflags instead of keeping another copy
at hax side. This also fix bug like HF_CPL_MASK should be SS.DPL,
not CS.DPL.

Signed-off-by: Tao Wu 
Message-Id: <20180110195056.85403-2-lep...@google.com>
Signed-off-by: Paolo Bonzini 
---
 target/i386/hax-all.c | 52 +--
 1 file changed, 1 insertion(+), 51 deletions(-)

diff --git a/target/i386/hax-all.c b/target/i386/hax-all.c
index 3ce6950..07df73e 100644
--- a/target/i386/hax-all.c
+++ b/target/i386/hax-all.c
@@ -782,56 +782,6 @@ static int hax_set_segments(CPUArchState *env, struct 
vcpu_state_t *sregs)
 return 0;
 }
 
-/*
- * After get the state from the kernel module, some
- * qemu emulator state need be updated also
- */
-static int hax_setup_qemu_emulator(CPUArchState *env)
-{
-
-#define HFLAG_COPY_MASK (~( \
-  HF_CPL_MASK | HF_PE_MASK | HF_MP_MASK | HF_EM_MASK | \
-  HF_TS_MASK | HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK | \
-  HF_OSFXSR_MASK | HF_LMA_MASK | HF_CS32_MASK | \
-  HF_SS32_MASK | HF_CS64_MASK | HF_ADDSEG_MASK))
-
-uint32_t hflags;
-
-hflags = (env->segs[R_CS].flags >> DESC_DPL_SHIFT) & HF_CPL_MASK;
-hflags |= (env->cr[0] & CR0_PE_MASK) << (HF_PE_SHIFT - CR0_PE_SHIFT);
-hflags |= (env->cr[0] << (HF_MP_SHIFT - CR0_MP_SHIFT)) &
-(HF_MP_MASK | HF_EM_MASK | HF_TS_MASK);
-hflags |= (env->eflags & (HF_TF_MASK | HF_VM_MASK | HF_IOPL_MASK));
-hflags |= (env->cr[4] & CR4_OSFXSR_MASK) <<
-  (HF_OSFXSR_SHIFT - CR4_OSFXSR_SHIFT);
-
-if (env->efer & MSR_EFER_LMA) {
-hflags |= HF_LMA_MASK;
-}
-
-if ((hflags & HF_LMA_MASK) && (env->segs[R_CS].flags & DESC_L_MASK)) {
-hflags |= HF_CS32_MASK | HF_SS32_MASK | HF_CS64_MASK;
-} else {
-hflags |= (env->segs[R_CS].flags & DESC_B_MASK) >>
-(DESC_B_SHIFT - HF_CS32_SHIFT);
-hflags |= (env->segs[R_SS].flags & DESC_B_MASK) >>
-(DESC_B_SHIFT - HF_SS32_SHIFT);
-if (!(env->cr[0] & CR0_PE_MASK) ||
-(env->eflags & VM_MASK) || !(hflags & HF_CS32_MASK)) {
-hflags |= HF_ADDSEG_MASK;
-} else {
-hflags |= ((env->segs[R_DS].base |
-env->segs[R_ES].base |
-env->segs[R_SS].base) != 0) << HF_ADDSEG_SHIFT;
-}
-}
-
-hflags &= ~HF_SMM_MASK;
-
-env->hflags = (env->hflags & HFLAG_COPY_MASK) | hflags;
-return 0;
-}
-
 static int hax_sync_vcpu_register(CPUArchState *env, int set)
 {
 struct vcpu_state_t regs;
@@ -888,7 +838,7 @@ static int hax_sync_vcpu_register(CPUArchState *env, int 
set)
 }
 }
 if (!set) {
-hax_setup_qemu_emulator(env);
+x86_update_hflags(env);
 }
 return 0;
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 51/51] scripts/analyse-locks-simpletrace.py: script to analyse lock times

[Paolo Bonzini]

From: Alex Bennée 

This script allows analysis of mutex acquisition and hold times based
on a trace file. Given a trace control file of:

  qemu_mutex_lock
  qemu_mutex_locked
  qemu_mutex_unlock

And running with:

  $QEMU $QEMU_ARGS -trace events=./lock-trace

You can analyse the results with:

  ./scripts/analyse-locks-simpletrace.py trace-events-all ./trace-21812

Signed-off-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
---
 scripts/analyse-locks-simpletrace.py | 99 
 1 file changed, 99 insertions(+)
 create mode 100755 scripts/analyse-locks-simpletrace.py

diff --git a/scripts/analyse-locks-simpletrace.py 
b/scripts/analyse-locks-simpletrace.py
new file mode 100755
index 000..101e84d
--- /dev/null
+++ b/scripts/analyse-locks-simpletrace.py
@@ -0,0 +1,99 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# Analyse lock events and compute statistics
+#
+# Author: Alex Bennée 
+#
+
+import os
+import simpletrace
+import argparse
+import numpy as np
+
+class MutexAnalyser(simpletrace.Analyzer):
+"A simpletrace Analyser for checking locks."
+
+def __init__(self):
+self.locks = 0
+self.locked = 0
+self.unlocks = 0
+self.mutex_records = {}
+
+def _get_mutex(self, mutex):
+if not mutex in self.mutex_records:
+self.mutex_records[mutex] = {"locks": 0,
+ "lock_time": 0,
+ "acquire_times": [],
+ "locked": 0,
+ "locked_time": 0,
+ "held_times": [],
+ "unlocked": 0}
+
+return self.mutex_records[mutex]
+
+def qemu_mutex_lock(self, timestamp, mutex, filename, line):
+self.locks += 1
+rec = self._get_mutex(mutex)
+rec["locks"] += 1
+rec["lock_time"] = timestamp[0]
+rec["lock_loc"] = (filename, line)
+
+def qemu_mutex_locked(self, timestamp, mutex, filename, line):
+self.locked += 1
+rec = self._get_mutex(mutex)
+rec["locked"] += 1
+rec["locked_time"] = timestamp[0]
+acquire_time = rec["locked_time"] - rec["lock_time"]
+rec["locked_loc"] = (filename, line)
+rec["acquire_times"].append(acquire_time)
+
+def qemu_mutex_unlock(self, timestamp, mutex, filename, line):
+self.unlocks += 1
+rec = self._get_mutex(mutex)
+rec["unlocked"] += 1
+held_time = timestamp[0] - rec["locked_time"]
+rec["held_times"].append(held_time)
+rec["unlock_loc"] = (filename, line)
+
+
+def get_args():
+"Grab options"
+parser = argparse.ArgumentParser()
+parser.add_argument("--output", "-o", type=str, help="Render plot to file")
+parser.add_argument("events", type=str, help='trace file read from')
+parser.add_argument("tracefile", type=str, help='trace file read from')
+return parser.parse_args()
+
+if __name__ == '__main__':
+args = get_args()
+
+# Gather data from the trace
+analyser = MutexAnalyser()
+simpletrace.process(args.events, args.tracefile, analyser)
+
+print ("Total locks: %d, locked: %d, unlocked: %d" %
+   (analyser.locks, analyser.locked, analyser.unlocks))
+
+# Now dump the individual lock stats
+for key, val in sorted(analyser.mutex_records.iteritems(),
+   key=lambda (k,v): v["locks"]):
+print ("Lock: %#x locks: %d, locked: %d, unlocked: %d" %
+   (key, val["locks"], val["locked"], val["unlocked"]))
+
+acquire_times = np.array(val["acquire_times"])
+if len(acquire_times) > 0:
+print ("  Acquire Time: min:%d median:%d avg:%.2f max:%d" %
+   (acquire_times.min(), np.median(acquire_times),
+acquire_times.mean(), acquire_times.max()))
+
+held_times = np.array(val["held_times"])
+if len(held_times) > 0:
+print ("  Held Time: min:%d median:%d avg:%.2f max:%d" %
+   (held_times.min(), np.median(held_times),
+held_times.mean(), held_times.max()))
+
+# Check if any locks still held
+if val["locks"] > val["locked"]:
+print ("  LOCK HELD (%s:%s)" % (val["locked_loc"]))
+print ("  BLOCKED   (%s:%s)" % (val["lock_loc"]))
-- 
1.8.3.1

[Qemu-devel] [PULL 36/51] cpus: unify qemu_*_wait_io_event

[Paolo Bonzini]

Except for round-robin TCG, every other accelerator is using more or
less the same code around qemu_wait_io_event_common.  The exception
is HAX, which also has to eat the dummy APC that is queued by
qemu_cpu_kick_thread.

We can add the SleepEx call to qemu_wait_io_event under "if
(!tcg_enabled())", since that is the condition that is used in
qemu_cpu_kick_thread, and unify the function for KVM, HAX, HVF and
multi-threaded TCG.  Single-threaded TCG code can also be simplified
since it is only used in the round-robin, sleep-if-all-CPUs-idle case.

Signed-off-by: Paolo Bonzini 
---
 cpus.c | 49 +
 1 file changed, 17 insertions(+), 32 deletions(-)

diff --git a/cpus.c b/cpus.c
index f992537..2cb0af9 100644
--- a/cpus.c
+++ b/cpus.c
@@ -909,7 +909,8 @@ static void kick_tcg_thread(void *opaque)
 
 static void start_tcg_kick_timer(void)
 {
-if (!mttcg_enabled && !tcg_kick_vcpu_timer && CPU_NEXT(first_cpu)) {
+assert(!mttcg_enabled);
+if (!tcg_kick_vcpu_timer && CPU_NEXT(first_cpu)) {
 tcg_kick_vcpu_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
kick_tcg_thread, NULL);
 timer_mod(tcg_kick_vcpu_timer, qemu_tcg_next_kick());
@@ -918,6 +919,7 @@ static void start_tcg_kick_timer(void)
 
 static void stop_tcg_kick_timer(void)
 {
+assert(!mttcg_enabled);
 if (tcg_kick_vcpu_timer) {
 timer_del(tcg_kick_vcpu_timer);
 tcg_kick_vcpu_timer = NULL;
@@ -1137,18 +1139,9 @@ static void qemu_wait_io_event_common(CPUState *cpu)
 process_queued_cpu_work(cpu);
 }
 
-static bool qemu_tcg_should_sleep(CPUState *cpu)
+static void qemu_tcg_rr_wait_io_event(CPUState *cpu)
 {
-if (mttcg_enabled) {
-return cpu_thread_is_idle(cpu);
-} else {
-return all_cpu_threads_idle();
-}
-}
-
-static void qemu_tcg_wait_io_event(CPUState *cpu)
-{
-while (qemu_tcg_should_sleep(cpu)) {
+while (all_cpu_threads_idle()) {
 stop_tcg_kick_timer();
 qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
 }
@@ -1158,20 +1151,18 @@ static void qemu_tcg_wait_io_event(CPUState *cpu)
 qemu_wait_io_event_common(cpu);
 }
 
-static void qemu_kvm_wait_io_event(CPUState *cpu)
+static void qemu_wait_io_event(CPUState *cpu)
 {
 while (cpu_thread_is_idle(cpu)) {
 qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
 }
 
-qemu_wait_io_event_common(cpu);
-}
-
-static void qemu_hvf_wait_io_event(CPUState *cpu)
-{
-while (cpu_thread_is_idle(cpu)) {
-qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
+#ifdef _WIN32
+/* Eat dummy APC queued by qemu_cpu_kick_thread.  */
+if (!tcg_enabled()) {
+SleepEx(0, TRUE);
 }
+#endif
 qemu_wait_io_event_common(cpu);
 }
 
@@ -1207,7 +1198,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
 cpu_handle_guest_debug(cpu);
 }
 }
-qemu_kvm_wait_io_event(cpu);
+qemu_wait_io_event(cpu);
 } while (!cpu->unplug || cpu_can_run(cpu));
 
 qemu_kvm_destroy_vcpu(cpu);
@@ -1253,7 +1244,7 @@ static void *qemu_dummy_cpu_thread_fn(void *arg)
 exit(1);
 }
 qemu_mutex_lock_iothread();
-qemu_wait_io_event_common(cpu);
+qemu_wait_io_event(cpu);
 }
 
 return NULL;
@@ -1470,7 +1461,7 @@ static void *qemu_tcg_rr_cpu_thread_fn(void *arg)
 atomic_mb_set(&cpu->exit_request, 0);
 }
 
-qemu_tcg_wait_io_event(cpu ? cpu : QTAILQ_FIRST(&cpus));
+qemu_tcg_rr_wait_io_event(cpu ? cpu : QTAILQ_FIRST(&cpus));
 deal_with_unplugged_cpus();
 }
 
@@ -1501,13 +1492,7 @@ static void *qemu_hax_cpu_thread_fn(void *arg)
 }
 }
 
-while (cpu_thread_is_idle(cpu)) {
-qemu_cond_wait(cpu->halt_cond, &qemu_global_mutex);
-}
-#ifdef _WIN32
-SleepEx(0, TRUE);
-#endif
-qemu_wait_io_event_common(cpu);
+qemu_wait_io_event(cpu);
 }
 return NULL;
 }
@@ -1544,7 +1529,7 @@ static void *qemu_hvf_cpu_thread_fn(void *arg)
 cpu_handle_guest_debug(cpu);
 }
 }
-qemu_hvf_wait_io_event(cpu);
+qemu_wait_io_event(cpu);
 } while (!cpu->unplug || cpu_can_run(cpu));
 
 hvf_vcpu_destroy(cpu);
@@ -1623,7 +1608,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 }
 
 atomic_mb_set(&cpu->exit_request, 0);
-qemu_tcg_wait_io_event(cpu);
+qemu_wait_io_event(cpu);
 }
 
 return NULL;
-- 
1.8.3.1

[Qemu-devel] [PULL 37/51] irq: fix memory leak

[Paolo Bonzini]

From: linzhecheng 

entry is moved from list but is not freed.

Signed-off-by: linzhecheng 

Message-Id: <20171225024704.19540-1-linzhech...@huawei.com>
Signed-off-by: Paolo Bonzini 
---
 target/i386/kvm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 825aea5..4912f4d 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -3470,6 +3470,7 @@ int kvm_arch_release_virq_post(int virq)
 if (entry->virq == virq) {
 trace_kvm_x86_remove_msi_route(virq);
 QLIST_REMOVE(entry, list);
+g_free(entry);
 break;
 }
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 43/51] maint: Fix macros with broken 'do/while(0); ' usage

[Paolo Bonzini]

From: Eric Blake 

The point of writing a macro embedded in a 'do { ... } while (0)'
loop (particularly if the macro has multiple statements or would
otherwise end with an 'if' statement) is so that the macro can be
used as a drop-in statement with the caller supplying the
trailing ';'.  Although our coding style frowns on brace-less 'if':
  if (cond)
statement;
  else
something else;
that is the classic case where failure to use do/while(0) wrapping
would cause the 'else' to pair with any embedded 'if' in the macro
rather than the intended outer 'if'.  But conversely, if the macro
includes an embedded ';', then the same brace-less coding style
would now have two statements, making the 'else' a syntax error
rather than pairing with the outer 'if'.  Thus, even though our
coding style with required braces is not impacted, ending a macro
with ';' makes our code harder to port to projects that use
brace-less styles.

The change should have no semantic impact.  I was not able to
fully compile-test all of the changes (as some of them are
examples of the ugly bit-rotting debug print statements that are
completely elided by default, and I didn't want to recompile
with the necessary -D witnesses - cleaning those up is left as a
bite-sized task for another day); I did, however, audit that for
all files touched, all callers of the changed macros DID supply
a trailing ';' at the callsite, and did not appear to be used
as part of a brace-less conditional.

Found mechanically via: $ git grep -B1 'while (0);' | grep -A1 

Signed-off-by: Eric Blake 
Acked-by: Cornelia Huck 
Reviewed-by: Michael S. Tsirkin 
Acked-by: Dr. David Alan Gilbert 
Message-Id: <20171201232433.25193-7-ebl...@redhat.com>
Reviewed-by: Juan Quintela 
Signed-off-by: Paolo Bonzini 
---
 audio/paaudio.c| 4 ++--
 hw/adc/stm32f2xx_adc.c | 2 +-
 hw/block/m25p80.c  | 2 +-
 hw/char/cadence_uart.c | 2 +-
 hw/char/stm32f2xx_usart.c  | 2 +-
 hw/display/cg3.c   | 2 +-
 hw/display/dpcd.c  | 2 +-
 hw/display/xlnx_dp.c   | 2 +-
 hw/dma/pl330.c | 2 +-
 hw/dma/xlnx-zynq-devcfg.c  | 2 +-
 hw/dma/xlnx_dpdma.c| 2 +-
 hw/i2c/i2c-ddc.c   | 2 +-
 hw/misc/auxbus.c   | 2 +-
 hw/misc/macio/mac_dbdma.c  | 4 ++--
 hw/misc/mmio_interface.c   | 2 +-
 hw/misc/stm32f2xx_syscfg.c | 2 +-
 hw/misc/zynq_slcr.c| 2 +-
 hw/net/cadence_gem.c   | 2 +-
 hw/ssi/mss-spi.c   | 2 +-
 hw/ssi/stm32f2xx_spi.c | 2 +-
 hw/ssi/xilinx_spi.c| 2 +-
 hw/ssi/xilinx_spips.c  | 2 +-
 hw/timer/a9gtimer.c| 2 +-
 hw/timer/cadence_ttc.c | 2 +-
 hw/timer/mss-timer.c   | 2 +-
 hw/timer/stm32f2xx_timer.c | 2 +-
 hw/tpm/tpm_passthrough.c   | 2 +-
 hw/tpm/tpm_tis.c   | 2 +-
 migration/rdma.c   | 2 +-
 target/arm/translate-a64.c | 2 +-
 target/s390x/kvm.c | 2 +-
 tests/acpi-utils.h | 8 
 tests/tcg/test-mmap.c  | 2 +-
 ui/sdl_zoom_template.h | 8 
 34 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/audio/paaudio.c b/audio/paaudio.c
index 65beb6f..2a35e6f 100644
--- a/audio/paaudio.c
+++ b/audio/paaudio.c
@@ -89,7 +89,7 @@ static inline int PA_STREAM_IS_GOOD(pa_stream_state_t x)
 }   \
 goto label; \
 }   \
-} while (0);
+} while (0)
 
 #define CHECK_DEAD_GOTO(c, stream, rerror, label)   \
 do {\
@@ -107,7 +107,7 @@ static inline int PA_STREAM_IS_GOOD(pa_stream_state_t x)
 }   \
 goto label; \
 }   \
-} while (0);
+} while (0)
 
 static int qpa_simple_read (PAVoiceIn *p, void *data, size_t length, int 
*rerror)
 {
diff --git a/hw/adc/stm32f2xx_adc.c b/hw/adc/stm32f2xx_adc.c
index 90fe9de..13f31ad 100644
--- a/hw/adc/stm32f2xx_adc.c
+++ b/hw/adc/stm32f2xx_adc.c
@@ -37,7 +37,7 @@
 if (STM_ADC_ERR_DEBUG >= lvl) { \
 qemu_log("%s: " fmt, __func__, ## args); \
 } \
-} while (0);
+} while (0)
 
 #define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
 
diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index ea14216..b49c8e9 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -40,7 +40,7 @@
 fprintf(stderr,  ": %s: ", __func__); \
 fprintf(stderr, ## __VA_ARGS__); \
 } \
-} while (0);
+} while (0)
 
 /* Fields for FlashPartInfo->flags */
 
diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index 6143494..fbdbd46 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -33,7 +33,7 @@
 #define DB_PRINT(...) do { \
 fprintf(stderr,  ": %s: ", __func__); \
 fprintf(stderr, ## __VA_

Re: [Qemu-devel] [PULL v3 00/53] Misc changes for 2017-01-12

[Marc-André Lureau]

Hi

On Tue, Jan 16, 2018 at 2:54 PM, Paolo Bonzini  wrote:
> On 16/01/2018 14:47, Peter Maydell wrote:
>> On 16 January 2018 at 13:41, Paolo Bonzini  wrote:
>>> On 16/01/2018 13:06, Peter Maydell wrote:
> ASAN is enabled by default if available when --enable-debug. We could
> add more flags if that helps.
 Configure switches should work like this:
  * default: use feature if present, but don't complain if not present
or not usable
  * --enable-foo: use feature. if feature not present, complain and
fail configure
  * --disable-foo: don't test for or use feature

>>>
>>> However, --enable-debug has never worked like this (the "default" part)...
>>
>> True, but -g, no optimization isn't really something we want to
>> default to :-)
>
> Same for ASAN. :-)
>
>> I think the general principle that unless the user
>> specifically said they cared about the address sanitizer we shouldn't
>> complain if it happens not to work on this host is still a good one.
>
> Yes, I agree.
>
> So we need two options:
>
> * --enable-asan defaults to not used, but also fails configure if ASAN
> is not available/usable.

and --enable-ubsan etc ...

I wish we would avoid the multiplication of configure options, and use
good default values instead for --enable-debug. But if it's not
possible, let's add more options. However, it would be great if ASAN
can be enabled by default, it seems too few developers care, even
though it should be strongly recommended.

>
> * if we want to have --enable-debug enable ASAN, it should however _not_
> fail configure if ASAN is not available/usable.  (I am not sure anymore
> it's a good idea).
>
> The questions are:
>
> * should fiber support be required for --enable-asan?  What is the
> difference in the quality of the reports?

It's not required, but helps to detect more leaks. It also removes
some warnings in some cases:

Before:

elmarco@boraha:~/src/qemu/build (asan *%)$ tests/test-coroutine -p
/basic/lifecycle
/basic/lifecycle: ==20781==WARNING: ASan doesn't fully support
makecontext/swapcontext functions and may produce false positives in
some cases!
==20781==WARNING: ASan is ignoring requested __asan_handle_no_return:
stack top: 0x7ffcb184d000; bottom 0x7ff6c4cfd000; size: 0x0005ecb5
(25446121472)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
OK

After:

 tests/test-coroutine -p /basic/lifecycle
/basic/lifecycle: ==21110==WARNING: ASan doesn't fully support
makecontext/swapcontext functions and may produce false positives in
some cases!
OK


> * if not, and assuming --enable-debug tries to enable ASAN, should
> --enable-debug complain if fiber support is not required?  Should
> --enable-debug enable ASAN if fiber support is not available?

I propose to simply print a warning during configure

>
> * if --enable-debug does *not* try to enable ASAN, should test-debug add
> --enable-asn?  (I think so).

The other way around?

(tbh, I am not fond of all the configure options - if you need
fine-grained configuration, you can overwrite the various *FLAGS..)

-- 
Marc-André Lureau

[Qemu-devel] [PULL 40/51] chardev: Use goto/label instead of do/break/while(0)

[Paolo Bonzini]

From: Eric Blake 

Use of a do/while(0) control flow in order to permit an early break
is an unusual paradigm, and triggers a false positive with a planned
future syntax check against 'while (0);'.  Rewrite the code to use a
goto instead.  This patch temporarily keeps an extra level of
indentation to highlight the change; the next patch cleans it up.

Signed-off-by: Eric Blake 
Message-Id: <20171201232433.25193-4-ebl...@redhat.com>
Reviewed-by: Marc-André Lureau 
Signed-off-by: Paolo Bonzini 
---
 chardev/char-serial.c | 13 ++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/chardev/char-serial.c b/chardev/char-serial.c
index 2f8f838..10162f9 100644
--- a/chardev/char-serial.c
+++ b/chardev/char-serial.c
@@ -64,9 +64,14 @@ static void tty_serial_init(int fd, int speed,
 #endif
 tcgetattr(fd, &tty);
 
-#define check_speed(val) if (speed <= val) { spd = B##val; break; }
+#define check_speed(val) \
+if (speed <= val) {  \
+spd = B##val;\
+goto done;   \
+}
+
 speed = speed * 10 / 11;
-do {
+{
 check_speed(50);
 check_speed(75);
 check_speed(110);
@@ -125,8 +130,10 @@ static void tty_serial_init(int fd, int speed,
 check_speed(400);
 #endif
 spd = B115200;
-} while (0);
+}
 
+#undef check_speed
+ done:
 cfsetispeed(&tty, spd);
 cfsetospeed(&tty, spd);
 
-- 
1.8.3.1

[Qemu-devel] [PULL 33/51] scripts/qemu-gdb: add simple tcg lock status helper

[Paolo Bonzini]

From: Alex Bennée 

Add a simple helper to dump lock state.

Signed-off-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
---
 scripts/qemu-gdb.py|  3 ++-
 scripts/qemugdb/tcg.py | 46 ++
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 scripts/qemugdb/tcg.py

diff --git a/scripts/qemu-gdb.py b/scripts/qemu-gdb.py
index b3f8e04..d58213e 100644
--- a/scripts/qemu-gdb.py
+++ b/scripts/qemu-gdb.py
@@ -26,7 +26,7 @@ import os, sys
 
 sys.path.append(os.path.dirname(__file__))
 
-from qemugdb import aio, mtree, coroutine
+from qemugdb import aio, mtree, coroutine, tcg
 
 class QemuCommand(gdb.Command):
 '''Prefix for QEMU debug support commands'''
@@ -38,6 +38,7 @@ QemuCommand()
 coroutine.CoroutineCommand()
 mtree.MtreeCommand()
 aio.HandlersCommand()
+tcg.TCGLockStatusCommand()
 
 coroutine.CoroutineSPFunction()
 coroutine.CoroutinePCFunction()
diff --git a/scripts/qemugdb/tcg.py b/scripts/qemugdb/tcg.py
new file mode 100644
index 000..8c7f1d7
--- /dev/null
+++ b/scripts/qemugdb/tcg.py
@@ -0,0 +1,46 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# GDB debugging support, TCG status
+#
+# Copyright 2016 Linaro Ltd
+#
+# Authors:
+#  Alex Bennée 
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+#
+# Contributions after 2012-01-13 are licensed under the terms of the
+# GNU GPL, version 2 or (at your option) any later version.
+
+# 'qemu tcg-lock-status' -- display the TCG lock status across threads
+
+import gdb
+
+class TCGLockStatusCommand(gdb.Command):
+'''Display TCG Execution Status'''
+def __init__(self):
+gdb.Command.__init__(self, 'qemu tcg-lock-status', gdb.COMMAND_DATA,
+ gdb.COMPLETE_NONE)
+
+def invoke(self, arg, from_tty):
+gdb.write("Thread, BQL (iothread_mutex), Replay, Blocked?\n")
+for thread in gdb.inferiors()[0].threads():
+thread.switch()
+
+iothread = gdb.parse_and_eval("iothread_locked")
+replay = gdb.parse_and_eval("replay_locked")
+
+frame = gdb.selected_frame()
+if frame.name() == "__lll_lock_wait":
+frame.older().select()
+mutex = gdb.parse_and_eval("mutex")
+owner = gdb.parse_and_eval("mutex->__data.__owner")
+blocked = ("__lll_lock_wait waiting on %s from %d" %
+   (mutex, owner))
+else:
+blocked = "not blocked"
+
+gdb.write("%d/%d, %s, %s, %s\n" % (thread.num, thread.ptid[1],
+   iothread, replay, blocked))
-- 
1.8.3.1

[Qemu-devel] [PULL 46/51] find_ram_offset: Add comments and tracing

[Paolo Bonzini]

From: "Dr. David Alan Gilbert" 

Add some comments so I can understand the various nested loops.
Add some tracing so I can see what they're doing.

Signed-off-by: Dr. David Alan Gilbert 
Message-Id: <20180105170138.23357-2-dgilb...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 exec.c   | 29 ++---
 trace-events |  4 
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/exec.c b/exec.c
index 4722e52..5e2fb55 100644
--- a/exec.c
+++ b/exec.c
@@ -1660,7 +1660,10 @@ static void *file_ram_alloc(RAMBlock *block,
 }
 #endif
 
-/* Called with the ramlist lock held.  */
+/* Allocate space within the ram_addr_t space that governs the
+ * dirty bitmaps.
+ * Called with the ramlist lock held.
+ */
 static ram_addr_t find_ram_offset(ram_addr_t size)
 {
 RAMBlock *block, *next_block;
@@ -1673,19 +1676,29 @@ static ram_addr_t find_ram_offset(ram_addr_t size)
 }
 
 RAMBLOCK_FOREACH(block) {
-ram_addr_t end, next = RAM_ADDR_MAX;
+ram_addr_t candidate, next = RAM_ADDR_MAX;
 
-end = block->offset + block->max_length;
+candidate = block->offset + block->max_length;
 
+/* Search for the closest following block
+ * and find the gap.
+ */
 RAMBLOCK_FOREACH(next_block) {
-if (next_block->offset >= end) {
+if (next_block->offset >= candidate) {
 next = MIN(next, next_block->offset);
 }
 }
-if (next - end >= size && next - end < mingap) {
-offset = end;
-mingap = next - end;
+
+/* If it fits remember our place and remember the size
+ * of gap, but keep going so that we might find a smaller
+ * gap to fill so avoiding fragmentation.
+ */
+if (next - candidate >= size && next - candidate < mingap) {
+offset = candidate;
+mingap = next - candidate;
 }
+
+trace_find_ram_offset_loop(size, candidate, offset, next, mingap);
 }
 
 if (offset == RAM_ADDR_MAX) {
@@ -1694,6 +1707,8 @@ static ram_addr_t find_ram_offset(ram_addr_t size)
 abort();
 }
 
+trace_find_ram_offset(size, offset);
+
 return offset;
 }
 
diff --git a/trace-events b/trace-events
index 3695959..ec95e67 100644
--- a/trace-events
+++ b/trace-events
@@ -55,6 +55,10 @@ dma_complete(void *dbs, int ret, void *cb) "dbs=%p ret=%d 
cb=%p"
 dma_blk_cb(void *dbs, int ret) "dbs=%p ret=%d"
 dma_map_wait(void *dbs) "dbs=%p"
 
+#  # exec.c
+find_ram_offset(uint64_t size, uint64_t offset) "size: 0x%" PRIx64 " @ 0x%" 
PRIx64
+find_ram_offset_loop(uint64_t size, uint64_t candidate, uint64_t offset, 
uint64_t next, uint64_t mingap) "trying size: 0x%" PRIx64 " @ 0x%" PRIx64 ", 
offset: 0x%" PRIx64" next: 0x%" PRIx64 " mingap: 0x%" PRIx64
+
 # memory.c
 memory_region_ops_read(int cpu_index, void *mr, uint64_t addr, uint64_t value, 
unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u"
 memory_region_ops_write(int cpu_index, void *mr, uint64_t addr, uint64_t 
value, unsigned size) "cpu %d mr %p addr 0x%"PRIx64" value 0x%"PRIx64" size %u"
-- 
1.8.3.1

[Qemu-devel] [PATCH v2 0/4] coroutine-lock: polymorphic CoQueue

[Paolo Bonzini]

There are cases in which a queued coroutine must be restarted from
non-coroutine context (with qemu_co_enter_next).  In this cases,
qemu_co_enter_next also needs to be thread-safe, but it cannot use a
CoMutex and so cannot qemu_co_queue_wait.  This happens in curl (which
right now is rolling its own list of Coroutines) and will happen in
Fam's NVMe driver as well.

This series extracts the idea of a polymorphic lockable object
from my "scoped lock guard" proposal, and applies it to CoQueue.
The implementation of QemuLockable is similar to C11 _Generic, but
redone using the preprocessor and GCC builtins for compatibility.

In general, while a bit on the esoteric side, the functionality used
to emulate _Generic is fairly old in GCC, and the builtins are already
used by include/qemu/atomic.h; the series was tested with Fedora 27 (boot
Damn Small Linux via http) and CentOS 6 (compiled only).

Paolo

v1->v2: fix typos and copyright year

Paolo Bonzini (4):
  lockable: add QemuLockable
  coroutine-lock: convert CoQueue to use QemuLockable
  coroutine-lock: make qemu_co_enter_next thread-safe
  curl: convert to CoQueue

 block/curl.c| 20 +++-
 fsdev/qemu-fsdev-throttle.c |  4 +--
 include/qemu/compiler.h | 40 
 include/qemu/coroutine.h| 25 ++-
 include/qemu/lockable.h | 75 +
 include/qemu/thread.h   |  5 ++-
 include/qemu/typedefs.h |  4 +++
 util/qemu-coroutine-lock.c  | 22 -
 8 files changed, 159 insertions(+), 36 deletions(-)
 create mode 100644 include/qemu/lockable.h

-- 
2.14.3

[Qemu-devel] [PULL 50/51] util/qemu-thread-*: add qemu_lock, locked and unlock trace events

[Paolo Bonzini]

From: Alex Bennée 

Signed-off-by: Alex Bennée 
Signed-off-by: Paolo Bonzini 
---
 include/qemu/thread.h| 39 +++
 util/qemu-thread-posix.c | 21 -
 util/qemu-thread-win32.c | 20 +++-
 util/trace-events|  7 ---
 4 files changed, 62 insertions(+), 25 deletions(-)

diff --git a/include/qemu/thread.h b/include/qemu/thread.h
index 9910f49..9af4e94 100644
--- a/include/qemu/thread.h
+++ b/include/qemu/thread.h
@@ -22,9 +22,31 @@ typedef struct QemuThread QemuThread;
 
 void qemu_mutex_init(QemuMutex *mutex);
 void qemu_mutex_destroy(QemuMutex *mutex);
-void qemu_mutex_lock(QemuMutex *mutex);
-int qemu_mutex_trylock(QemuMutex *mutex);
-void qemu_mutex_unlock(QemuMutex *mutex);
+int qemu_mutex_trylock_impl(QemuMutex *mutex, const char *file, const int 
line);
+void qemu_mutex_lock_impl(QemuMutex *mutex, const char *file, const int line);
+void qemu_mutex_unlock_impl(QemuMutex *mutex, const char *file, const int 
line);
+
+#define qemu_mutex_lock(mutex) \
+qemu_mutex_lock_impl(mutex, __FILE__, __LINE__)
+#define qemu_mutex_trylock(mutex) \
+qemu_mutex_trylock_impl(mutex, __FILE__, __LINE__)
+#define qemu_mutex_unlock(mutex) \
+qemu_mutex_unlock_impl(mutex, __FILE__, __LINE__)
+
+static inline void (qemu_mutex_lock)(QemuMutex *mutex)
+{
+qemu_mutex_lock(mutex);
+}
+
+static inline int (qemu_mutex_trylock)(QemuMutex *mutex)
+{
+return qemu_mutex_trylock(mutex);
+}
+
+static inline void (qemu_mutex_unlock)(QemuMutex *mutex)
+{
+qemu_mutex_unlock(mutex);
+}
 
 /* Prototypes for other functions are in thread-posix.h/thread-win32.h.  */
 void qemu_rec_mutex_init(QemuRecMutex *mutex);
@@ -39,7 +61,16 @@ void qemu_cond_destroy(QemuCond *cond);
  */
 void qemu_cond_signal(QemuCond *cond);
 void qemu_cond_broadcast(QemuCond *cond);
-void qemu_cond_wait(QemuCond *cond, QemuMutex *mutex);
+void qemu_cond_wait_impl(QemuCond *cond, QemuMutex *mutex,
+ const char *file, const int line);
+
+#define qemu_cond_wait(cond, mutex) \
+qemu_cond_wait_impl(cond, mutex, __FILE__, __LINE__)
+
+static inline void (qemu_cond_wait)(QemuCond *cond, QemuMutex *mutex)
+{
+qemu_cond_wait(cond, mutex);
+}
 
 void qemu_sem_init(QemuSemaphore *sem, int init);
 void qemu_sem_post(QemuSemaphore *sem);
diff --git a/util/qemu-thread-posix.c b/util/qemu-thread-posix.c
index 959a570..b789cf3 100644
--- a/util/qemu-thread-posix.c
+++ b/util/qemu-thread-posix.c
@@ -57,26 +57,28 @@ void qemu_mutex_destroy(QemuMutex *mutex)
 error_exit(err, __func__);
 }
 
-void qemu_mutex_lock(QemuMutex *mutex)
+void qemu_mutex_lock_impl(QemuMutex *mutex, const char *file, const int line)
 {
 int err;
 
 assert(mutex->initialized);
+trace_qemu_mutex_lock(mutex, file, line);
+
 err = pthread_mutex_lock(&mutex->lock);
 if (err)
 error_exit(err, __func__);
 
-trace_qemu_mutex_locked(mutex);
+trace_qemu_mutex_locked(mutex, file, line);
 }
 
-int qemu_mutex_trylock(QemuMutex *mutex)
+int qemu_mutex_trylock_impl(QemuMutex *mutex, const char *file, const int line)
 {
 int err;
 
 assert(mutex->initialized);
 err = pthread_mutex_trylock(&mutex->lock);
 if (err == 0) {
-trace_qemu_mutex_locked(mutex);
+trace_qemu_mutex_locked(mutex, file, line);
 return 0;
 }
 if (err != EBUSY) {
@@ -85,15 +87,16 @@ int qemu_mutex_trylock(QemuMutex *mutex)
 return -EBUSY;
 }
 
-void qemu_mutex_unlock(QemuMutex *mutex)
+void qemu_mutex_unlock_impl(QemuMutex *mutex, const char *file, const int line)
 {
 int err;
 
 assert(mutex->initialized);
-trace_qemu_mutex_unlocked(mutex);
 err = pthread_mutex_unlock(&mutex->lock);
 if (err)
 error_exit(err, __func__);
+
+trace_qemu_mutex_unlock(mutex, file, line);
 }
 
 void qemu_rec_mutex_init(QemuRecMutex *mutex)
@@ -152,14 +155,14 @@ void qemu_cond_broadcast(QemuCond *cond)
 error_exit(err, __func__);
 }
 
-void qemu_cond_wait(QemuCond *cond, QemuMutex *mutex)
+void qemu_cond_wait_impl(QemuCond *cond, QemuMutex *mutex, const char *file, 
const int line)
 {
 int err;
 
 assert(cond->initialized);
-trace_qemu_mutex_unlocked(mutex);
+trace_qemu_mutex_unlock(mutex, file, line);
 err = pthread_cond_wait(&cond->cond, &mutex->lock);
-trace_qemu_mutex_locked(mutex);
+trace_qemu_mutex_locked(mutex, file, line);
 if (err)
 error_exit(err, __func__);
 }
diff --git a/util/qemu-thread-win32.c b/util/qemu-thread-win32.c
index 94f3491..ab60c0d 100644
--- a/util/qemu-thread-win32.c
+++ b/util/qemu-thread-win32.c
@@ -56,30 +56,32 @@ void qemu_mutex_destroy(QemuMutex *mutex)
 InitializeSRWLock(&mutex->lock);
 }
 
-void qemu_mutex_lock(QemuMutex *mutex)
+void qemu_mutex_lock_impl(QemuMutex *mutex, const char *file, const int line)
 {
 assert(mutex->initialized);
+trace_qemu_mutex_lock(mutex, file, line);
+
 AcquireSRWLockExclusive(&mute

[Qemu-devel] [PULL 48/51] block/iscsi: fix initialization of iTask in iscsi_co_get_block_status

[Paolo Bonzini]

From: Peter Lieven 

in case of unaligned requests or on a target that does not support
block provisioning we leave iTask uninitialized and check iTask.task
for NULL later.

Fixes: e38bc23454ef763deb4405ebdee6a1081aa00bc8
Signed-off-by: Peter Lieven 
Reviewed-by: Eric Blake 
Message-Id: <1515425247-21730-1-git-send-email...@kamp.de>
Signed-off-by: Paolo Bonzini 
---
 block/iscsi.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/block/iscsi.c b/block/iscsi.c
index 5c0a9e5..6a1c537 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -658,6 +658,8 @@ static int64_t coroutine_fn 
iscsi_co_get_block_status(BlockDriverState *bs,
 uint64_t lba;
 int64_t ret;
 
+iscsi_co_init_iscsitask(iscsilun, &iTask);
+
 if (!is_sector_request_lun_aligned(sector_num, nb_sectors, iscsilun)) {
 ret = -EINVAL;
 goto out;
@@ -675,7 +677,6 @@ static int64_t coroutine_fn 
iscsi_co_get_block_status(BlockDriverState *bs,
 
 lba = sector_qemu2lun(sector_num, iscsilun);
 
-iscsi_co_init_iscsitask(iscsilun, &iTask);
 qemu_mutex_lock(&iscsilun->mutex);
 retry:
 if (iscsi_get_lba_status_task(iscsilun->iscsi, iscsilun->lun,
-- 
1.8.3.1

[Qemu-devel] [PULL 41/51] chardev: Clean up previous patch indentation

[Paolo Bonzini]

From: Eric Blake 

The previous patch left in an extra scope layer for ease of
review; time to remove it.  No semantic change.

Signed-off-by: Eric Blake 
Message-Id: <20171201232433.25193-5-ebl...@redhat.com>
Reviewed-by: Marc-André Lureau 
Signed-off-by: Paolo Bonzini 
---
 chardev/char-serial.c | 66 +--
 1 file changed, 32 insertions(+), 34 deletions(-)

diff --git a/chardev/char-serial.c b/chardev/char-serial.c
index 10162f9..93392c5 100644
--- a/chardev/char-serial.c
+++ b/chardev/char-serial.c
@@ -71,66 +71,64 @@ static void tty_serial_init(int fd, int speed,
 }
 
 speed = speed * 10 / 11;
-{
-check_speed(50);
-check_speed(75);
-check_speed(110);
-check_speed(134);
-check_speed(150);
-check_speed(200);
-check_speed(300);
-check_speed(600);
-check_speed(1200);
-check_speed(1800);
-check_speed(2400);
-check_speed(4800);
-check_speed(9600);
-check_speed(19200);
-check_speed(38400);
-/* Non-Posix values follow. They may be unsupported on some systems. */
-check_speed(57600);
-check_speed(115200);
+check_speed(50);
+check_speed(75);
+check_speed(110);
+check_speed(134);
+check_speed(150);
+check_speed(200);
+check_speed(300);
+check_speed(600);
+check_speed(1200);
+check_speed(1800);
+check_speed(2400);
+check_speed(4800);
+check_speed(9600);
+check_speed(19200);
+check_speed(38400);
+/* Non-Posix values follow. They may be unsupported on some systems. */
+check_speed(57600);
+check_speed(115200);
 #ifdef B230400
-check_speed(230400);
+check_speed(230400);
 #endif
 #ifdef B460800
-check_speed(460800);
+check_speed(460800);
 #endif
 #ifdef B50
-check_speed(50);
+check_speed(50);
 #endif
 #ifdef B576000
-check_speed(576000);
+check_speed(576000);
 #endif
 #ifdef B921600
-check_speed(921600);
+check_speed(921600);
 #endif
 #ifdef B100
-check_speed(100);
+check_speed(100);
 #endif
 #ifdef B1152000
-check_speed(1152000);
+check_speed(1152000);
 #endif
 #ifdef B150
-check_speed(150);
+check_speed(150);
 #endif
 #ifdef B200
-check_speed(200);
+check_speed(200);
 #endif
 #ifdef B250
-check_speed(250);
+check_speed(250);
 #endif
 #ifdef B300
-check_speed(300);
+check_speed(300);
 #endif
 #ifdef B350
-check_speed(350);
+check_speed(350);
 #endif
 #ifdef B400
-check_speed(400);
+check_speed(400);
 #endif
-spd = B115200;
-}
+spd = B115200;
 
 #undef check_speed
  done:
-- 
1.8.3.1

[Qemu-devel] [PULL 38/51] net: Drop unusual use of do { } while (0);

[Paolo Bonzini]

From: Eric Blake 

For a couple of macros in pcnet.c, we have to provide a new scope
to avoid compiler warnings about declarations in the middle of a
switch statement that aren't in a sub-scope.  But use of
'do { ... } while (0);' merely to provide that new scope is arcane
overkill, compared to just using '{ ... }'.

Signed-off-by: Eric Blake 
Reviewed-by: Thomas Huth 
Message-Id: <20171201232433.25193-2-ebl...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/net/pcnet.c | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index 39d5d93..606b05c 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -456,32 +456,32 @@ static inline void pcnet_rmd_store(PCNetState *s, struct 
pcnet_RMD *rmd,
 #define CHECK_RMD(ADDR,RES) do {\
 switch (BCR_SWSTYLE(s)) {   \
 case 0x00:  \
-do {\
+{   \
 uint16_t rda[4];\
 s->phys_mem_read(s->dma_opaque, (ADDR), \
 (void *)&rda[0], sizeof(rda), 0); \
 (RES) |= (rda[2] & 0xf000)!=0xf000; \
 (RES) |= (rda[3] & 0xf000)!=0x; \
-} while (0);\
+}   \
 break;  \
 case 0x01:  \
 case 0x02:  \
-do {\
+{   \
 uint32_t rda[4];\
 s->phys_mem_read(s->dma_opaque, (ADDR), \
 (void *)&rda[0], sizeof(rda), 0); \
 (RES) |= (rda[1] & 0xf000L)!=0xf000L; \
 (RES) |= (rda[2] & 0xf000L)!=0xL; \
-} while (0);\
+}   \
 break;  \
 case 0x03:  \
-do {\
+{   \
 uint32_t rda[4];\
 s->phys_mem_read(s->dma_opaque, (ADDR), \
 (void *)&rda[0], sizeof(rda), 0); \
 (RES) |= (rda[0] & 0xf000L)!=0xL; \
 (RES) |= (rda[1] & 0xf000L)!=0xf000L; \
-} while (0);\
+}   \
 break;  \
 }   \
 } while (0)
@@ -489,22 +489,22 @@ static inline void pcnet_rmd_store(PCNetState *s, struct 
pcnet_RMD *rmd,
 #define CHECK_TMD(ADDR,RES) do {\
 switch (BCR_SWSTYLE(s)) {   \
 case 0x00:  \
-do {\
+{   \
 uint16_t xda[4];\
 s->phys_mem_read(s->dma_opaque, (ADDR), \
 (void *)&xda[0], sizeof(xda), 0); \
 (RES) |= (xda[2] & 0xf000)!=0xf000; \
-} while (0);\
+}   \
 break;  \
 case 0x01:  \
 case 0x02:  \
 case 0x03:  \
-do {\
+{   \
 uint32_t xda[4];\
 s->phys_mem_read(s->dma_opaque, (ADDR), \
 (void *)&xda[0], sizeof(xda), 0); \
 (RES) |= (xda[1] & 0xf000L)!=0xf000L; \
-} while (0);\
+}   \
 break;  \
 }   \
 } while (0)
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v3 0/4] cryptodev: add vhost support

[Zhoujian (jay)]

VHOST_USER_CREATE_CRYPTO_SESSION and VHOST_USER_CLOSE_CRYPTO_SESSION are new
added messages, they should be sent only when
VHOST_USER_PROTOCOL_F_CRYPTO_SESSION feature has been successfully negotiated.

The differs between v2 and v3 are listed below, pls review, thanks!

---
diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
index f43c63d..3aec685 100644
--- a/docs/interop/vhost-user.txt
+++ b/docs/interop/vhost-user.txt
@@ -327,6 +327,7 @@ Protocol features
 #define VHOST_USER_PROTOCOL_F_MTU4
 #define VHOST_USER_PROTOCOL_F_SLAVE_REQ  5
 #define VHOST_USER_PROTOCOL_F_CROSS_ENDIAN   6
+#define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7
 
 Master message types
 
@@ -605,6 +606,9 @@ Master message types
 
   Create a session for crypto operation. The server side must return the
   session id, 0 or positive for success, negative for failure.
+  This request should be sent only when 
VHOST_USER_PROTOCOL_F_CRYPTO_SESSION
+  feature has been successfully negotiated.
+  It's a required feature for crypto devices.
 
  * VHOST_USER_CLOSE_CRYPTO_SESSION
 
@@ -614,6 +618,9 @@ Master message types
 
   Close a session for crypto operation which was previously
   created by VHOST_USER_CREATE_CRYPTO_SESSION.
+  This request should be sent only when 
VHOST_USER_PROTOCOL_F_CRYPTO_SESSION
+  feature has been successfully negotiated.
+  It's a required feature for crypto devices.
 
 Slave message types
 ---
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 7865c6d..f779512 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -35,6 +35,7 @@ enum VhostUserProtocolFeature {
 VHOST_USER_PROTOCOL_F_NET_MTU = 4,
 VHOST_USER_PROTOCOL_F_SLAVE_REQ = 5,
 VHOST_USER_PROTOCOL_F_CROSS_ENDIAN = 6,
+VHOST_USER_PROTOCOL_F_CRYPTO_SESSION = 7,
 
 VHOST_USER_PROTOCOL_F_MAX
 };
@@ -941,6 +942,8 @@ static int vhost_user_crypto_create_session(struct 
vhost_dev *dev,
   void *session_info,
   uint64_t *session_id)
 {
+bool crypto_session = virtio_has_feature(dev->protocol_features,
+   VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
 CryptoDevBackendSymSessionInfo *sess_info = session_info;
 VhostUserMsg msg = {
 .request = VHOST_USER_CREATE_CRYPTO_SESSION,
@@ -950,6 +953,11 @@ static int vhost_user_crypto_create_session(struct 
vhost_dev *dev,
 
 assert(dev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_USER);
 
+if (!crypto_session) {
+error_report("vhost-user trying to send unhandled ioctl");
+return -1;
+}
+
 memcpy(&msg.payload.session.session_setup_data, sess_info,
   sizeof(CryptoDevBackendSymSessionInfo));
 if (sess_info->key_len) {
@@ -994,6 +1002,8 @@ static int vhost_user_crypto_create_session(struct 
vhost_dev *dev,
 static int
 vhost_user_crypto_close_session(struct vhost_dev *dev, uint64_t session_id)
 {
+bool crypto_session = virtio_has_feature(dev->protocol_features,
+   VHOST_USER_PROTOCOL_F_CRYPTO_SESSION);
 VhostUserMsg msg = {
 .request = VHOST_USER_CLOSE_CRYPTO_SESSION,
 .flags = VHOST_USER_VERSION,
@@ -1001,6 +1011,11 @@ vhost_user_crypto_close_session(struct vhost_dev *dev, 
uint64_t session_id)
 };
 msg.payload.u64 = session_id;
 
+if (!crypto_session) {
+error_report("vhost-user trying to send unhandled ioctl");
+return -1;
+}
+
 if (vhost_user_write(dev, &msg, NULL, 0) < 0) {
 error_report("vhost_user_write() return -1, close session failed");
 return -1;


> -Original Message-
> From: Zhoujian (jay)
> Sent: Tuesday, January 16, 2018 10:07 PM
> To: qemu-devel@nongnu.org
> Cc: m...@redhat.com; pbonz...@redhat.com; Huangweidong (C)
> ; stefa...@redhat.com; Zhoujian (jay)
> ; pa...@linux.vnet.ibm.com; longpeng
> ; xin.z...@intel.com; roy.fan.zh...@intel.com; Gonglei
> (Arei) 
> Subject: [PATCH v3 0/4] cryptodev: add vhost support
> 
> From: Gonglei 
> 
> I posted the RFC verion a few months ago for DPDK vhost-crypto implmention,
> and now it's time to send the formal version. Because we need an user space
> scheme for better performance.
> 
> The vhost user crypto server side patches had been sent to DPDK community,
> pls see
> 
> [RFC PATCH 0/6] lib/librte_vhost: introduce new vhost_user crypto backend
> support http://dpdk.org/ml/archives/dev/2017-November/081048.html
> 
> You also can get virtio-crypto polling mode driver from:
> 
> [PATCH] virtio: add new driver for crypto devices
> http://dpdk.org/ml/archives/dev/2017-November/081985.html
> 
> Gonglei (4):
>   cryptodev: add vhost-user as a new cryptodev backend
>   cryptodev: add vhost support
>   cryptodev-vhost-user: add crypto session handler
>   cryptodev-vhost-user: set the key length
> 
>  backends/Makefile.objs|   4 +
>  ba