[Qemu-devel] Re: [PATCH] qemu-kvm: introduce cpu_start/cpu_stop commands

[Gleb Natapov]

On Mon, Nov 22, 2010 at 05:00:18PM -0600, Anthony Liguori wrote:
> qemu-kvm vcpu threads don't response to SIGSTOP/SIGCONT.  Instead of teaching
> them to respond to these signals, introduce monitor commands that stop and 
> start
> individual vcpus.
> 
> The purpose of these commands are to implement CPU hard limits using an 
> external
> tool that watches the CPU consumption and stops the CPU as appropriate.
> 
> The monitor commands provide a more elegant solution that signals because it
> ensures that a stopped vcpu isn't holding the qemu_mutex.
> 
Do you really want to stop vcpu while it holds guest lock? Does external tool
have enough info to make smart decision about how to limit vcpu runtime.

> I'll reply to this note with an example tool.
> 
> Signed-off-by: Anthony Liguori 
> 
> diff --git a/hmp-commands.hx b/hmp-commands.hx
> index ba6de28..827bd67 100644
> --- a/hmp-commands.hx
> +++ b/hmp-commands.hx
> @@ -279,6 +279,24 @@ Resume emulation.
>  ETEXI
>  
>  {
> +.name   = "cpu_start",
> +.args_type  = "cpu:i",
> +.params = "[cpu]",
> +.help   = "start cpu emulation",
> +.user_print = monitor_user_noop,
> +.mhandler.cmd_new = do_vcpu_start,
> +},
> +
> +{
> +.name   = "cpu_stop",
> +.args_type  = "cpu:i",
> +.params = "[cpu]",
> +.help   = "stop cpu emulation",
> +.user_print = monitor_user_noop,
> +.mhandler.cmd_new = do_vcpu_stop,
> +},
> +
> +{
>  .name   = "gdbserver",
>  .args_type  = "device:s?",
>  .params = "[device]",
> diff --git a/qemu-kvm.c b/qemu-kvm.c
> index 471306b..35121ed 100644
> --- a/qemu-kvm.c
> +++ b/qemu-kvm.c
> @@ -1351,6 +1351,65 @@ static void pause_all_threads(void)
>  }
>  }
>  
> +static void vcpu_stop(int cpu)
> +{
> +CPUState *env = first_cpu;
> +
> +for (env = first_cpu; env; env = env->next_cpu) {
> +if (env->cpu_index == cpu) {
> +break;
> +}
> +}
> +
> +if (env) {
> +if (env != cpu_single_env) {
> +env->stop = 1;
> +pthread_kill(env->kvm_cpu_state.thread, SIG_IPI);
> +} else {
> +env->stop = 0;
> +env->stopped = 1;
> +cpu_exit(env);
> +}
> +
> +while (!env->stopped) {
> +qemu_cond_wait(&qemu_pause_cond);
> +}
> +}
> +}
> +
> +static void vcpu_start(int cpu)
> +{
> +CPUState *env = first_cpu;
> +
> +assert(!cpu_single_env);
> +
> +for (env = first_cpu; env; env = env->next_cpu) {
> +if (env->cpu_index == cpu) {
> +break;
> +}
> +}
> +
> +if (env) {
> +env->stop = 0;
> +env->stopped = 0;
> +pthread_kill(env->kvm_cpu_state.thread, SIG_IPI);
> +}
> +}
> +
> +int do_vcpu_stop(Monitor *mon, const QDict *qdict, QObject **ret_data)
> +{
> +int vcpu = qdict_get_int(qdict, "cpu");
> +vcpu_stop(vcpu);
> +return 0;
> +}
> +
> +int do_vcpu_start(Monitor *mon, const QDict *qdict, QObject **ret_data)
> +{
> +int vcpu = qdict_get_int(qdict, "cpu");
> +vcpu_start(vcpu);
> +return 0;
> +}
> +
>  static void resume_all_threads(void)
>  {
>  CPUState *penv = first_cpu;
> diff --git a/sysemu.h b/sysemu.h
> index 849dc8c..3ef68dd 100644
> --- a/sysemu.h
> +++ b/sysemu.h
> @@ -61,6 +61,9 @@ void qemu_system_reset(void);
>  void qemu_add_exit_notifier(Notifier *notify);
>  void qemu_remove_exit_notifier(Notifier *notify);
>  
> +int do_vcpu_stop(Monitor *mon, const QDict *qdict, QObject **ret_data);
> +int do_vcpu_start(Monitor *mon, const QDict *qdict, QObject **ret_data);
> +
>  void do_savevm(Monitor *mon, const QDict *qdict);
>  int load_vmstate(const char *name);
>  void do_delvm(Monitor *mon, const QDict *qdict);
> -- 
> 1.7.0.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
Gleb.

Re: [Qemu-devel] Re: [PATCH] scsi: Implement alloc_req_iov callback

[Hannes Reinecke]

On 11/22/2010 10:48 PM, Stefan Hajnoczi wrote:
> On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke  wrote:
> Looks good.  If you send out another version of the patchset you might
> like to fix this nitpick:
> 
>> +if (!r->io_header.iovec_count) {
>> +if (r->buflen != r->req.cmd.xfer) {
>> +if (r->buf != NULL)
>> +qemu_free(r->buf);
> 
> qemu_free(NULL) is a nop so it's safe to drop the if (r->buf != NULL)
> check and just use qemu_free(r->buf) unconditionally.  That's nice
> since it also fixes the if statement without curly braces.
> 
Really?

qemu-malloc.c has:

void qemu_free(void *ptr)
{
trace_qemu_free(ptr);
free(ptr);
}


and 'free' doesn't normally do an error checking on the argument.
Am I missing something?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke   zSeries & Storage
h...@suse.de  +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Markus Rex, HRB 16746 (AG Nürnberg)

Re: [Qemu-devel] [PATCH] qemu-kvm: introduce cpu_start/cpu_stop commands

[Dor Laor]

On 11/23/2010 08:41 AM, Avi Kivity wrote:

On 11/23/2010 01:00 AM, Anthony Liguori wrote:

qemu-kvm vcpu threads don't response to SIGSTOP/SIGCONT. Instead of
teaching
them to respond to these signals, introduce monitor commands that stop
and start
individual vcpus.

The purpose of these commands are to implement CPU hard limits using
an external
tool that watches the CPU consumption and stops the CPU as appropriate.


Why not use cgroup for that?



The monitor commands provide a more elegant solution that signals
because it
ensures that a stopped vcpu isn't holding the qemu_mutex.



 From signal(7):

The signals SIGKILL and SIGSTOP cannot be caught, blocked, or ignored.

Perhaps this is a bug in kvm?

If we could catch SIGSTOP, then it would be easy to unblock it only
while running in guest context. It would then stop on exit to userspace.

Using monitor commands is fairly heavyweight for something as high
frequency as this. What control period do you see people using? Maybe we
should define USR1 for vcpu start/stop.

What happens if one vcpu is stopped while another is running? Spin
loops, synchronous IPIs will take forever. Maybe we need to stop the
entire process.

[Qemu-devel] Re: [PATCH] scsi: Implement alloc_req_iov callback

[Paolo Bonzini]

On 11/23/2010 09:12 AM, Hannes Reinecke wrote:

qemu-malloc.c has:

void qemu_free(void *ptr)
{
 trace_qemu_free(ptr);
 free(ptr);
}


and 'free' doesn't normally do an error checking on the argument.
Am I missing something?


It's not error checking: from free(3),

free() frees the memory space pointed to by ptr, which must have been 
returned by a previous call to malloc(), calloc() or realloc(). 
Otherwise, or if free(ptr) has already been called before, undefined 
behavior occurs. If ptr is NULL, no operation is performed.


Which means, that unless ptr is so often NULL that there is a measurable 
overhead from the call (unlikely in any case, not just this one) the 
"if" is actually going to be done by "free", and thus causing actually 
worse performance.


Not that man pages are always right, but in this case they agree with 
POSIX. :)


Paolo

Re: [Qemu-devel] [PATCH 7/7] tcg-ia64: Fix warning in qemu_ld.

[malc]

On Mon, 22 Nov 2010, Richard Henderson wrote:

> The usermode version of qemu_ld doesn't used mem_index,

"doesn't used"? Doesn't use perhaps?

> leading to set-but-not-used warnings.
> 
> Signed-off-by: Richard Henderson 
> ---
>  tcg/ia64/tcg-target.c |3 +--
>  1 files changed, 1 insertions(+), 2 deletions(-)
> 
> diff --git a/tcg/ia64/tcg-target.c b/tcg/ia64/tcg-target.c
> index 57d0bcc..3ddf434 100644
> --- a/tcg/ia64/tcg-target.c
> +++ b/tcg/ia64/tcg-target.c
> @@ -1658,11 +1658,10 @@ static inline void tcg_out_qemu_ld(TCGContext *s, 
> const TCGArg *args, int opc)
>  static uint64_t const opc_sxt_i29[4] = {
>  OPC_SXT1_I29, OPC_SXT2_I29, OPC_SXT4_I29, 0
>  };
> -int addr_reg, data_reg, mem_index, s_bits, bswap;
> +int addr_reg, data_reg, s_bits, bswap;
>  
>  data_reg = *args++;
>  addr_reg = *args++;
> -mem_index = *args;
>  s_bits = opc & 3;
>  
>  #ifdef TARGET_WORDS_BIGENDIAN
> 

-- 
mailto:av1...@comtv.ru

Re: [Qemu-devel] [PATCH 1/7] microblaze: target-ify target_ucontext

[Edgar E. Iglesias]

On Mon, Nov 22, 2010 at 02:57:52PM -0800, Richard Henderson wrote:
> From: Richard Henderson 
> 
> Rename the members of target_ucontext so that they don't conflict
> with possible host macros for ucontext members.  This has already
> been done for the other targets.

Thanks, I applied this one.

Cheers


> 
> Signed-off-by: Richard Henderson 
> ---
>  linux-user/signal.c |   18 +-
>  1 files changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/linux-user/signal.c b/linux-user/signal.c
> index 77683f7..7c62fac 100644
> --- a/linux-user/signal.c
> +++ b/linux-user/signal.c
> @@ -3071,11 +3071,11 @@ struct target_stack_t {
>  };
>  
>  struct target_ucontext {
> -abi_ulong uc_flags;
> -abi_ulong uc_link;
> -struct target_stack_t uc_stack;
> -struct target_sigcontext sc;
> -uint32_t extramask[TARGET_NSIG_WORDS - 1];
> +abi_ulong tuc_flags;
> +abi_ulong tuc_link;
> +struct target_stack_t tuc_stack;
> +struct target_sigcontext tuc_mcontext;
> +uint32_t tuc_extramask[TARGET_NSIG_WORDS - 1];
>  };
>  
>  /* Signal frames. */
> @@ -3189,7 +3189,7 @@ static void setup_frame(int sig, struct 
> target_sigaction *ka,
>  goto badframe;
>  
>  /* Save the mask.  */
> -err |= __put_user(set->sig[0], &frame->uc.sc.oldmask);
> +err |= __put_user(set->sig[0], &frame->uc.tuc_mcontext.oldmask);
>  if (err)
>  goto badframe;
>  
> @@ -3198,7 +3198,7 @@ static void setup_frame(int sig, struct 
> target_sigaction *ka,
>  goto badframe;
>  }
>  
> -setup_sigcontext(&frame->uc.sc, env);
> +setup_sigcontext(&frame->uc.tuc_mcontext, env);
>  
>  /* Set up to return from userspace. If provided, use a stub
> already in userspace. */
> @@ -3261,7 +3261,7 @@ long do_sigreturn(CPUState *env)
>  goto badframe;
>  
>  /* Restore blocked signals */
> -if (__get_user(target_set.sig[0], &frame->uc.sc.oldmask))
> +if (__get_user(target_set.sig[0], &frame->uc.tuc_mcontext.oldmask))
>  goto badframe;
>  for(i = 1; i < TARGET_NSIG_WORDS; i++) {
>  if (__get_user(target_set.sig[i], &frame->extramask[i - 1]))
> @@ -3270,7 +3270,7 @@ long do_sigreturn(CPUState *env)
>  target_to_host_sigset_internal(&set, &target_set);
>  sigprocmask(SIG_SETMASK, &set, NULL);
>  
> -restore_sigcontext(&frame->uc.sc, env);
> +restore_sigcontext(&frame->uc.tuc_mcontext, env);
>  /* We got here through a sigreturn syscall, our path back is via an
> rtb insn so setup r14 for that.  */
>  env->regs[14] = env->sregs[SR_PC];
> -- 
> 1.7.2.3
> 
> 

[Qemu-devel] Re: [PATCH] scsi-disk: Allocate iovec dynamically

[Stefan Hajnoczi]

On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke  wrote:
> @@ -86,13 +90,19 @@ static SCSIDiskReq *scsi_new_request(SCSIDiskState *s, 
> uint32_t tag,
>
>     req = scsi_req_alloc(sizeof(SCSIDiskReq), &s->qdev, tag, lun);
>     r = DO_UPCAST(SCSIDiskReq, req, req);
> -    r->iov.iov_base = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
> +    r->iov_buf = qemu_blockalign(s->bs, SCSI_DMA_BUF_SIZE);
> +    r->iov = qemu_mallocz(sizeof(struct iovec));
> +    r->iov[0].iov_base = r->iov_buf;
> +    r->iov_num = 1;
>     return r;
>  }
>
>  static void scsi_remove_request(SCSIDiskReq *r)
>  {
> -    qemu_vfree(r->iov.iov_base);
> +    qemu_vfree(r->iov);

r->iov was allocated with qemu_mallocz().  It should be freed with qemu_free().

Stefan

[Qemu-devel] Re: [PATCH] scsi-disk: add data direction checking

[Stefan Hajnoczi]

On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke  wrote:
> @@ -172,6 +170,9 @@ static void scsi_read_data(SCSIRequest *req)
>     /* No data transfer may already be in progress */
>     assert(r->req.aiocb == NULL);
>
> +    if (r->req.cmd.mode == SCSI_XFER_TO_DEV)
> +        BADF("Data transfer direction invalid\n");
> +
>     if (r->sector_count == (uint32_t)-1) {
>         DPRINTF("Read buf_len=%zd\n", r->iov[0].iov_len);
>         r->sector_count = 0;
> @@ -284,6 +285,9 @@ static int scsi_write_data(SCSIRequest *req)
>     /* No data transfer may already be in progress */
>     assert(r->req.aiocb == NULL);
>
> +    if (r->req.cmd.mode != SCSI_XFER_TO_DEV)
> +        BADF("Data transfer direction invalid\n");
> +
>     n = iov_size(r->iov, r->iov_num) / 512;
>     if (n) {
>         qemu_iovec_init_external(&r->qiov, r->iov, r->iov_num);

If the guest can trigger this then there must be a SCSI response (an
error?).  Right now BADF() will do fprintf(stderr) and then continue
executing.

Can we abort the operation?

Stefan

[Qemu-devel] Re: [PATCH] scsi-disk: add data direction checking

[Hannes Reinecke]

On 11/23/2010 11:03 AM, Stefan Hajnoczi wrote:
> On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke  wrote:
>> @@ -172,6 +170,9 @@ static void scsi_read_data(SCSIRequest *req)
>> /* No data transfer may already be in progress */
>> assert(r->req.aiocb == NULL);
>>
>> +if (r->req.cmd.mode == SCSI_XFER_TO_DEV)
>> +BADF("Data transfer direction invalid\n");
>> +
>> if (r->sector_count == (uint32_t)-1) {
>> DPRINTF("Read buf_len=%zd\n", r->iov[0].iov_len);
>> r->sector_count = 0;
>> @@ -284,6 +285,9 @@ static int scsi_write_data(SCSIRequest *req)
>> /* No data transfer may already be in progress */
>> assert(r->req.aiocb == NULL);
>>
>> +if (r->req.cmd.mode != SCSI_XFER_TO_DEV)
>> +BADF("Data transfer direction invalid\n");
>> +
>> n = iov_size(r->iov, r->iov_num) / 512;
>> if (n) {
>> qemu_iovec_init_external(&r->qiov, r->iov, r->iov_num);
> 
> If the guest can trigger this then there must be a SCSI response (an
> error?).  Right now BADF() will do fprintf(stderr) and then continue
> executing.
> 
> Can we abort the operation?
> 
I've done a patch for it as per suggestion by hch.
Right now we have

if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
DPRINTF("Data transfer direction invalid\n");
scsi_read_complete(r, -EINVAL);
return;
}

and -EINVAL will return the sense code 'INVALID FIELD IN CDB'.
Will be in the next patchset.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke   zSeries & Storage
h...@suse.de  +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Markus Rex, HRB 16746 (AG Nürnberg)

[Qemu-devel] Re: [PATCH] lsi53c895a: Rename 'sense' to 'status'

[Stefan Hajnoczi]

On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke  wrote:
>
> The 'sense' field in the HBA status structure is misnamed, as it
> actually carries the SCSI status. Rename it.
>
> Signed-off-by: Hannes Reinecke 
> ---
>  hw/lsi53c895a.c |   18 +-
>  1 files changed, 9 insertions(+), 9 deletions(-)

Reviewed-by: Stefan Hajnoczi 

[Qemu-devel] Re: [PATCH] scsi-disk: add data direction checking

[Stefan Hajnoczi]

On Tue, Nov 23, 2010 at 10:12 AM, Hannes Reinecke  wrote:
> On 11/23/2010 11:03 AM, Stefan Hajnoczi wrote:
>> On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke  wrote:
>>> @@ -172,6 +170,9 @@ static void scsi_read_data(SCSIRequest *req)
>>>     /* No data transfer may already be in progress */
>>>     assert(r->req.aiocb == NULL);
>>>
>>> +    if (r->req.cmd.mode == SCSI_XFER_TO_DEV)
>>> +        BADF("Data transfer direction invalid\n");
>>> +
>>>     if (r->sector_count == (uint32_t)-1) {
>>>         DPRINTF("Read buf_len=%zd\n", r->iov[0].iov_len);
>>>         r->sector_count = 0;
>>> @@ -284,6 +285,9 @@ static int scsi_write_data(SCSIRequest *req)
>>>     /* No data transfer may already be in progress */
>>>     assert(r->req.aiocb == NULL);
>>>
>>> +    if (r->req.cmd.mode != SCSI_XFER_TO_DEV)
>>> +        BADF("Data transfer direction invalid\n");
>>> +
>>>     n = iov_size(r->iov, r->iov_num) / 512;
>>>     if (n) {
>>>         qemu_iovec_init_external(&r->qiov, r->iov, r->iov_num);
>>
>> If the guest can trigger this then there must be a SCSI response (an
>> error?).  Right now BADF() will do fprintf(stderr) and then continue
>> executing.
>>
>> Can we abort the operation?
>>
> I've done a patch for it as per suggestion by hch.
> Right now we have
>
>    if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
>        DPRINTF("Data transfer direction invalid\n");
>        scsi_read_complete(r, -EINVAL);
>        return;
>    }
>
> and -EINVAL will return the sense code 'INVALID FIELD IN CDB'.
> Will be in the next patchset.

Sounds good.

Stefan

Re: [Qemu-devel] CFP: 1st International QEMU Users Forum

[Alexander Graf]

On 19.10.2010, at 15:42, Wolfgang Mueller wrote:

> *
>Call for Presentations
>   1st International QEMU Users Forum
> 
>   March 18th, 2011, Grenoble, France
> *
> 
> Deadlines:
> Extended abstract Nov 28th, 2010
> Notification of acceptanceNov 30th, 2010

While I appreciate your efforts to organize this event, I would have preferred 
to see some coordination with the Qemu community before simply announcing an 
"official" Qemu event.

From what I gathered on your preliminary schedule 
(http://www.date-conference.com/date11-workshop-W8), the main focus of this 
event is SystemC integration. I'm not sure this is what I would call a "Users 
Forum". It sounds more like a want-to-be developer meeting to discuss 
integration aspects of other projects with Qemu.

This too is a noble goal, but from the announcement you might end up getting 
real end-users come to this event and be very disappointed, because they would 
like to hear about command line switches to virtualize on x86 hardware.

So in general, I would really like to see you coordinate better with qemu-devel 
before announcing something that could potentially work out bad for Qemu's 
reputation, even if it's meant with good intentions.


Thank You,

Alex

[Qemu-devel] [PATCH] virtio-serial-bus: Bump up control vq buffers to 32

[Amit Shah]

The current default of 16 buffers for the control vq is too small.  We
can get more entries in there, example when asking the guest to add
max. allowed ports.

Signed-off-by: Amit Shah 
---
 hw/virtio-serial-bus.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/virtio-serial-bus.c b/hw/virtio-serial-bus.c
index 74ba5ec..c46d4a5 100644
--- a/hw/virtio-serial-bus.c
+++ b/hw/virtio-serial-bus.c
@@ -770,9 +770,9 @@ VirtIODevice *virtio_serial_init(DeviceState *dev, uint32_t 
max_nr_ports)
 vser->ovqs[0] = virtio_add_queue(vdev, 128, handle_output);
 
 /* control queue: host to guest */
-vser->c_ivq = virtio_add_queue(vdev, 16, control_in);
+vser->c_ivq = virtio_add_queue(vdev, 32, control_in);
 /* control queue: guest to host */
-vser->c_ovq = virtio_add_queue(vdev, 16, control_out);
+vser->c_ovq = virtio_add_queue(vdev, 32, control_out);
 
 for (i = 1; i < vser->bus->max_nr_ports; i++) {
 /* Add a per-port queue for host to guest transfers */
-- 
1.7.3.2

Re: [Qemu-devel] KVM call agenda for Nov 23

[Luiz Capitulino]

On Mon, 22 Nov 2010 17:00:41 -0600
Anthony Liguori  wrote:

> On 11/22/2010 03:45 PM, Chris Wright wrote:
> > * Juan Quintela (quint...@redhat.com) wrote:
> >
> >> Please send in any agenda items you are interested in covering.
> >>  
> > usb-ccid
> >
> 
> - vcpu hard limits

- 0.14 (release date, bug day, -rc planning, etc)

[Qemu-devel] Re: [PATCH] correct migrate_set_speed's args_type

[Luiz Capitulino]

On Tue, 23 Nov 2010 13:41:26 +0800
Wen Congyang  wrote:

> The args_type of migrate_set_speed in qmp-commands.hx is wrong.
> When we set migrate speed by json, qemu will be core dumped.
> 
> Signed-off-by: Wen Congyang

Nice catch.

Was caused by 07de3e60b05 and hence affects master only. Could you please
mention that in the commit log? Also, your email address is missing
in the signed-off-by line.

> 
> ---
>  qmp-commands.hx |2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/qmp-commands.hx b/qmp-commands.hx
> index 793cf1c..16bdb08 100644
> --- a/qmp-commands.hx
> +++ b/qmp-commands.hx
> @@ -495,7 +495,7 @@ EQMP
>  
>  {
>  .name   = "migrate_set_speed",
> -.args_type  = "value:f",
> +.args_type  = "value:o",
>  .params = "value",
>  .help   = "set maximum speed (in bytes) for migrations",
>  .user_print = monitor_user_noop,

Re: [Qemu-devel] [PATCH, RFT] Speedup 'tb_find_slow' by using the same heuristic as during memory page lookup

[Riku Voipio]

Hi,

tested and improves indeed startup speed.

On Mon, Nov 22, 2010 at 10:42:10PM +0300, Kirill Batuzov wrote:
> Move the last found TB to the head of the list so it will be found more  
> quickly next time it will be looked for.
>
> Signed-off-by: Kirill Batuzov 
> Signed-off-by: Pavel Yushchenko 
> ---
> Hello.  This patch gives significant boost to a used by us rather rich  
> (for embedded one - featuring X-server, many daemons and applications)  
> ARM-based system literally decreasing its boot to desktop time by TWO  
> times!  (Average number of traversed 'tb_phys_hash' entries in the main  
> loop of the 'tb_find_slow' function reduced from 20 to 1.5.)  We were  
> able to shorten boot to login time by about 25% as well using Debian on  
> versatilepb (no X-server, only basic system). Seems like kernel booting  
> time is not affected.  No problems were encountered during our 
> experiments.
>
> We are looking forward for comments about this change and help with  
> testing. Thanks in advance!
>
>  cpu-exec.c |5 +
>  1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/cpu-exec.c b/cpu-exec.c
> index 5d6dd51..55c4526 100644
> --- a/cpu-exec.c
> +++ b/cpu-exec.c
> @@ -161,6 +161,11 @@ static TranslationBlock *tb_find_slow(target_ulong pc,
>  tb = tb_gen_code(env, pc, cs_base, flags, 0);
>
>   found:
> +if (*ptb1) {
> +*ptb1 = tb->phys_hash_next;
> +tb->phys_hash_next = tb_phys_hash[h];
> +tb_phys_hash[h] = tb;
> +}
>  /* we add the TB in the virtual pc hash table */
>  env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
>  return tb;

Re: [Qemu-devel] KVM call agenda for Nov 23

[Michael Tokarev]

23.11.2010 15:08, Luiz Capitulino wrote:
[]
> - 0.14 (release date, bug day, -rc planning, etc)

Um, can we have some 0.13.x before, please?.. :)

/mjt

Re: [Qemu-devel] [PATCH] add a command line option to specify the IP address to send multicast packets from

[Michael S. Tsirkin]

On Mon, Nov 22, 2010 at 10:48:45AM -0800, Mike Ryan wrote:
> Michael, this patch implements the feature with a bind address instead
> of a bind interface. It should address the cross-platform issues that
> were raised.
> 
> Others: any comments?

Looks ok. This does not handle IPv6 but the rest of the code doesn't,
either.

> On Wed, Nov 17, 2010 at 05:16:26PM -0800, Mike Ryan wrote:
> > Add an option to specify the host IP to send multicast packets from when
> > using a multicast socket for networking. The option takes an IP address
> > and sets the IP_MULTICAST_IF socket option, which causes the packets to
> > use that IP's interface as an egress.
> > 
> > This is useful if the host machine has several interfaces with several
> > virtual networks across disparate interfaces.
> > ---
> >  net.c   |4 
> >  net/socket.c|   46 ++
> >  qemu-options.hx |   11 +--
> >  3 files changed, 47 insertions(+), 14 deletions(-)
> > 
> > diff --git a/net.c b/net.c
> > index c5e6063..9ba5be2 100644
> > --- a/net.c
> > +++ b/net.c
> > @@ -1050,6 +1050,10 @@ static const struct {
> >  .name = "mcast",
> >  .type = QEMU_OPT_STRING,
> >  .help = "UDP multicast address and port number",
> > +}, {
> > +.name = "localaddr",
> > +.type = QEMU_OPT_STRING,
> > +.help = "source address for multicast packets",
> >  },
> >  { /* end of list */ }
> >  },
> > diff --git a/net/socket.c b/net/socket.c
> > index 1c4e153..d443f4c 100644
> > --- a/net/socket.c
> > +++ b/net/socket.c
> > @@ -149,7 +149,7 @@ static void net_socket_send_dgram(void *opaque)
> >  qemu_send_packet(&s->nc, s->buf, size);
> >  }
> >  
> > -static int net_socket_mcast_create(struct sockaddr_in *mcastaddr)
> > +static int net_socket_mcast_create(struct sockaddr_in *mcastaddr, struct 
> > in_addr *localaddr)
> >  {
> >  struct ip_mreq imr;
> >  int fd;
> > @@ -201,6 +201,15 @@ static int net_socket_mcast_create(struct sockaddr_in 
> > *mcastaddr)
> > goto fail;
> >  }
> >  
> > +/* If a bind address is given, only send packets from that address */
> > +if (localaddr != NULL) {
> > +ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_IF, localaddr, 
> > sizeof(*localaddr));
> > +if (ret < 0) {
> > +perror("setsockopt(IP_MULTICAST_IF)");
> > +goto fail;
> > +}
> > +}
> > +
> >  socket_set_nonblock(fd);
> >  return fd;
> >  fail:
> > @@ -248,7 +257,7 @@ static NetSocketState 
> > *net_socket_fd_init_dgram(VLANState *vlan,
> > return NULL;
> > }
> > /* clone dgram socket */
> > -   newfd = net_socket_mcast_create(&saddr);
> > +   newfd = net_socket_mcast_create(&saddr, NULL);
> > if (newfd < 0) {
> > /* error already reported by net_socket_mcast_create() */
> > close(fd);
> > @@ -468,17 +477,26 @@ static int net_socket_connect_init(VLANState *vlan,
> >  static int net_socket_mcast_init(VLANState *vlan,
> >   const char *model,
> >   const char *name,
> > - const char *host_str)
> > + const char *host_str,
> > + const char *localaddr_str)
> >  {
> >  NetSocketState *s;
> >  int fd;
> >  struct sockaddr_in saddr;
> > +struct in_addr localaddr, *param_localaddr;
> >  
> >  if (parse_host_port(&saddr, host_str) < 0)
> >  return -1;
> >  
> > +if (localaddr_str != NULL) {
> > +if (inet_aton(localaddr_str, &localaddr) == 0)
> > +return -1;
> > +param_localaddr = &localaddr;
> > +} else {
> > +param_localaddr = NULL;
> > +}
> >  
> > -fd = net_socket_mcast_create(&saddr);
> > +fd = net_socket_mcast_create(&saddr, param_localaddr);
> >  if (fd < 0)
> > return -1;
> >  
> > @@ -505,8 +523,9 @@ int net_init_socket(QemuOpts *opts,
> >  
> >  if (qemu_opt_get(opts, "listen") ||
> >  qemu_opt_get(opts, "connect") ||
> > -qemu_opt_get(opts, "mcast")) {
> > -error_report("listen=, connect= and mcast= is invalid with 
> > fd=");
> > +qemu_opt_get(opts, "mcast") ||
> > +qemu_opt_get(opts, "localaddr")) {
> > +error_report("listen=, connect=, mcast= and localaddr= is 
> > invalid with fd=\n");
> >  return -1;
> >  }
> >  
> > @@ -524,8 +543,9 @@ int net_init_socket(QemuOpts *opts,
> >  
> >  if (qemu_opt_get(opts, "fd") ||
> >  qemu_opt_get(opts, "connect") ||
> > -qemu_opt_get(opts, "mcast")) {
> > -error_report("fd=, connect= and mcast= is invalid with 
> > listen=");
> > +qemu_opt_get(opts, "mcast") ||
> > +qemu_opt_get(

[Qemu-devel] Re: [PATCH] correct migrate_set_speed's args_type

[Luiz Capitulino]

On Tue, 23 Nov 2010 10:43:48 -0200
Luiz Capitulino  wrote:

> On Tue, 23 Nov 2010 13:41:26 +0800
> Wen Congyang  wrote:
> 
> > The args_type of migrate_set_speed in qmp-commands.hx is wrong.
> > When we set migrate speed by json, qemu will be core dumped.
> > 
> > Signed-off-by: Wen Congyang
> 
> Nice catch.
> 
> Was caused by 07de3e60b05 and hence affects master only. Could you please
> mention that in the commit log? Also, your email address is missing
> in the signed-off-by line.

There's another problem there: we used to accept a json number but now we
accept only a json integer.

Markus, are you aware of this change?

> 
> > 
> > ---
> >  qmp-commands.hx |2 +-
> >  1 files changed, 1 insertions(+), 1 deletions(-)
> > 
> > diff --git a/qmp-commands.hx b/qmp-commands.hx
> > index 793cf1c..16bdb08 100644
> > --- a/qmp-commands.hx
> > +++ b/qmp-commands.hx
> > @@ -495,7 +495,7 @@ EQMP
> >  
> >  {
> >  .name   = "migrate_set_speed",
> > -.args_type  = "value:f",
> > +.args_type  = "value:o",
> >  .params = "value",
> >  .help   = "set maximum speed (in bytes) for migrations",
> >  .user_print = monitor_user_noop,
> 

[Qemu-devel] [PATCH V2 0/2] Introduce "machine" QemuOpts

[anthony . perard]

From: Anthony PERARD 

The first patch adds "-machine accel=accels" to Qemu options. And the second
one adds a new field in QEMUMachine to be able to specify a set of machine
options.

The difference with the V1:
  - use of QemuOpts.
  - replace -accel command line options by -machine.
  - now, when specifying -enable-kvm or -machine, all other -machine options 
are override.
  - the new patch that adds default_machine_opts to QEMUMachine.

With the new patch, we will be able to run a Xen specific machine without
saying to use Xen as an "accelerator".

Anthony PERARD (2):
  Introduce -machine command option.
  machine, Add default_machine_opts to QEMUMachine.

 arch_init.c |5 ++
 arch_init.h |1 +
 hw/boards.h |1 +
 qemu-config.c   |   14 ++
 qemu-options.hx |   10 
 vl.c|  124 +-
 6 files changed, 143 insertions(+), 12 deletions(-)

[Qemu-devel] [PATCH V2 2/2] machine, Add default_machine_opts to QEMUMachine.

[anthony . perard]

From: Anthony PERARD 

With this new field, we can specified which accelerator use to run the
machine, if the accelerator is not already specified by either a
configuration file or the command line options.

Currently, the only use will be made in the xenfv machine.

Signed-off-by: Anthony PERARD 
---
 hw/boards.h |1 +
 vl.c|   22 ++
 2 files changed, 23 insertions(+), 0 deletions(-)

diff --git a/hw/boards.h b/hw/boards.h
index 6f0f0d7..716fd7b 100644
--- a/hw/boards.h
+++ b/hw/boards.h
@@ -27,6 +27,7 @@ typedef struct QEMUMachine {
 no_cdrom:1,
 no_sdcard:1;
 int is_default;
+const char *default_machine_opts;
 GlobalProperty *compat_props;
 struct QEMUMachine *next;
 } QEMUMachine;
diff --git a/vl.c b/vl.c
index d14e52a..04e480c 100644
--- a/vl.c
+++ b/vl.c
@@ -2741,6 +2741,28 @@ int main(int argc, char **argv, char **envp)
 exit(1);
 }
 
+/*
+ * Get the default machine options from the machine if it is not already
+ * specified either by the configuration file or by the command line.
+ */
+if (machine->default_machine_opts) {
+QemuOptsList *list = qemu_find_opts("machine");
+const char *p = NULL;
+
+if (!QTAILQ_EMPTY(&list->head)) {
+p = qemu_opt_get(QTAILQ_FIRST(&list->head), "accel");
+}
+if (p == NULL) {
+opts = qemu_opts_parse(qemu_find_opts("machine"),
+   machine->default_machine_opts, 0);
+if (!opts) {
+fprintf(stderr, "parse error for machine %s: %s\n",
+machine->name, machine->default_machine_opts);
+exit(1);
+}
+}
+}
+
 qemu_opts_foreach(qemu_find_opts("device"), default_driver_check, NULL, 0);
 qemu_opts_foreach(qemu_find_opts("global"), default_driver_check, NULL, 0);
 
-- 
1.7.1

[Qemu-devel] [PATCH V2 1/2] Introduce -machine command option.

[anthony . perard]

From: Anthony PERARD 

This option gives the ability to switch one "accelerator" like kvm, xen
or the default one tcg. We can specify more than one accelerator by
separate them by a colon. QEMU will try each one and use the first whose
works.

So,
./qemu -machine accel=xen:kvm:tcg

which would try Xen support first, then KVM and finally TCG if none of
the other works.

By default, QEMU will use TCG. But we can specify another default in the
global configuration file.

Signed-off-by: Anthony PERARD 
---
 arch_init.c |5 +++
 arch_init.h |1 +
 qemu-config.c   |   14 +++
 qemu-options.hx |   10 +
 vl.c|  102 --
 5 files changed, 120 insertions(+), 12 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 4486925..e0d7a4c 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -639,6 +639,11 @@ int audio_available(void)
 #endif
 }
 
+int tcg_available(void)
+{
+return 1;
+}
+
 int kvm_available(void)
 {
 #ifdef CONFIG_KVM
diff --git a/arch_init.h b/arch_init.h
index 682890c..f0fb6a0 100644
--- a/arch_init.h
+++ b/arch_init.h
@@ -27,6 +27,7 @@ void do_acpitable_option(const char *optarg);
 void do_smbios_option(const char *optarg);
 void cpudef_init(void);
 int audio_available(void);
+int tcg_available(void);
 int kvm_available(void);
 int xen_available(void);
 
diff --git a/qemu-config.c b/qemu-config.c
index 52f18be..a4ae7b5 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -429,6 +429,19 @@ QemuOptsList qemu_spice_opts = {
 },
 };
 
+static QemuOptsList qemu_machine_opts = {
+.name = "machine",
+.head = QTAILQ_HEAD_INITIALIZER(qemu_machine_opts.head),
+.desc = {
+{
+.name = "accel",
+.type = QEMU_OPT_STRING,
+.help = "accelerator list",
+},
+{ /* End of list */ }
+},
+};
+
 static QemuOptsList *vm_config_groups[32] = {
 &qemu_drive_opts,
 &qemu_chardev_opts,
@@ -442,6 +455,7 @@ static QemuOptsList *vm_config_groups[32] = {
 #ifdef CONFIG_SIMPLE_TRACE
 &qemu_trace_opts,
 #endif
+&qemu_machine_opts,
 NULL,
 };
 
diff --git a/qemu-options.hx b/qemu-options.hx
index 4d99a58..624f1a7 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1975,6 +1975,16 @@ Enable KVM full virtualization support. This option is 
only available
 if KVM support is enabled when compiling.
 ETEXI
 
+DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
+"-machine accel=accel1[:accel2]use an accelerator (kvm,xen,tcg), 
default is tcg\n", QEMU_ARCH_ALL)
+STEXI
+...@item -machine acc...@var{accels}
+...@findex -machine
+This is use to enable an accelerator, in kvm,xen,tcg.
+By default, it use only tcg. If there a more than one accelerator
+specified, the next one is used if the first don't work.
+ETEXI
+
 DEF("xen-domid", HAS_ARG, QEMU_OPTION_xen_domid,
 "-xen-domid id   specify xen guest domain id\n", QEMU_ARCH_ALL)
 DEF("xen-create", 0, QEMU_OPTION_xen_create,
diff --git a/vl.c b/vl.c
index 805e11f..d14e52a 100644
--- a/vl.c
+++ b/vl.c
@@ -243,6 +243,7 @@ static void *boot_set_opaque;
 static NotifierList exit_notifiers =
 NOTIFIER_LIST_INITIALIZER(exit_notifiers);
 
+static int tcg_allowed = 1;
 int kvm_allowed = 0;
 uint32_t xen_domid;
 enum xen_mode xen_mode = XEN_EMULATE;
@@ -1727,6 +1728,82 @@ static int debugcon_parse(const char *devname)
 return 0;
 }
 
+static int tcg_init(int smp_cpus)
+{
+return 0;
+}
+
+static struct {
+const char *opt_name;
+const char *name;
+int (*available)(void);
+int (*init)(int smp_cpus);
+int *allowed;
+} accel_list[] = {
+{ "tcg", "tcg", tcg_available, tcg_init, &tcg_allowed },
+{ "kvm", "KVM", kvm_available, kvm_init, &kvm_allowed },
+};
+
+static int configure_accelerator(void)
+{
+const char *p;
+char buf[10];
+int i, ret;
+bool accel_initalised = 0;
+bool init_failed = 0;
+
+QemuOptsList *list = qemu_find_opts("machine");
+if (!QTAILQ_EMPTY(&list->head)) {
+p = qemu_opt_get(QTAILQ_FIRST(&list->head), "accel");
+}
+
+if (p == NULL) {
+/* Use the default "accelerator", tcg */
+p = "tcg";
+}
+
+while (!accel_initalised && *p != '\0') {
+if (*p == ':') {
+p++;
+}
+p = get_opt_name(buf, sizeof (buf), p, ':');
+for (i = 0; i < ARRAY_SIZE(accel_list); i++) {
+if (strcmp(accel_list[i].opt_name, buf) == 0) {
+ret = accel_list[i].init(smp_cpus);
+if (ret < 0) {
+init_failed = 1;
+if (!accel_list[i].available()) {
+printf("%s not supported for this target\n",
+   accel_list[i].name);
+} else {
+fprintf(stderr, "failed to initialize %s: %s\n",
+accel_list[i].name,
+strerror(-ret));
+}
+} else {
+ 

Re: [Qemu-devel] [PATCH 08/11] ahci: add ahci emulation

[Alexander Graf]

On 21.11.2010, at 13:54, Blue Swirl wrote:

> On Fri, Nov 19, 2010 at 2:56 AM, Alexander Graf  wrote:
>> 
>> +typedef struct AHCIControlRegs {
>> +uint32_tcap;
>> +uint32_tghc;
>> +uint32_tirqstatus;
>> +uint32_timpl;
>> +uint32_tversion;
>> +} __attribute__ ((packed)) AHCIControlRegs;
> 
> Why packed? These are used in native endian, so I'd let the compiler
> pick the best layout. Also in other structs.

Packed doesn't have too much to do with endianness, but gaps in the struct. The 
reason I made these packed is that I casted the struct to an uint32_t array and 
didn't want to have gaps there later on.

I changed that for the next version though to have explicit setters for each 
field, so we don't need it here anymore.

> 
>> +
>> +typedef struct AHCIPortRegs {
>> +uint32_tlst_addr;
>> +uint32_tlst_addr_hi;
>> +uint32_tfis_addr;
>> +uint32_tfis_addr_hi;
>> +uint32_tirq_stat;
>> +uint32_tirq_mask;
>> +uint32_tcmd;
>> +uint32_tunused0;
>> +uint32_ttfdata;
>> +uint32_tsig;
>> +uint32_tscr_stat;
>> +uint32_tscr_ctl;
>> +uint32_tscr_err;
>> +uint32_tscr_act;
>> +uint32_tcmd_issue;
>> +uint32_treserved;
>> +} __attribute__ ((packed)) AHCIPortRegs;

Same as above for this one. I also changed it.

>> +
>> +typedef struct AHCICmdHdr {
>> +uint32_topts;
>> +uint32_tstatus;
>> +uint64_ttbl_addr;
>> +uint32_treserved[4];
>> +} __attribute__ ((packed)) AHCICmdHdr;

These have to be packed. We cast guest ram regions to this struct and then do 
leXX_to_cpu() on that variable to make sure we take host endianness into 
account. That's faster than going through the mapping logic for every single 
word. And yes, they're always LE in ram :).

>> +
>> +typedef struct AHCI_SG {
>> +uint32_taddr;
>> +uint32_taddr_hi;
>> +uint32_treserved;
>> +uint32_tflags_size;
>> +} __attribute__ ((packed)) AHCI_SG;
>> +
>> +typedef struct AHCIDevice AHCIDevice;
>> +
>> +typedef struct NCQTransferState {
>> +AHCIDevice *drive;
>> +QEMUSGList sglist;
>> +int is_read;
>> +uint16_t sector_count;
>> +uint64_t lba;
>> +uint8_t tag;
>> +int slot;
>> +int used;
>> +} NCQTransferState;
>> +
>> +struct AHCIDevice {
>> +IDEBus port;
>> +BMDMAState bmdma;
>> +int port_no;
>> +uint32_t port_state;
>> +uint32_t finished;
>> +AHCIPortRegs port_regs;
>> +struct AHCIState *hba;
>> +uint8_t *lst;
>> +uint8_t *res_fis;
>> +uint8_t *cmd_fis;
>> +int cmd_fis_len;
>> +AHCICmdHdr *cur_cmd;
>> +NCQTransferState ncq_tfs[AHCI_MAX_CMDS];
>> +};
>> +
>> +typedef struct AHCIState {
>> +AHCIDevice dev[SATA_PORTS];
>> +AHCIControlRegs control_regs;
>> +int mem;
>> +qemu_irq irq;
>> +} AHCIState;
>> +
>> +typedef struct AHCIPciState {
> 
> AHCIPCIState.
> 
>> +PCIDevice card;
>> +AHCIState ahci;
>> +} AHCIPciState;
>> +
>> +typedef struct H2D_NCQ_FIS {
> 
> This is not named according to CODING_STYLE. How about a more
> descriptive name which is not full of acronyms?

I'm open for suggestions. It's the "Host to Device Native Command Queue Frame 
Information Structure". I changed it to H2dNcqFis for now.


Alex

Re: [Qemu-devel] [PATCH] qemu-kvm: introduce cpu_start/cpu_stop commands

[Anthony Liguori]

On 11/23/2010 12:41 AM, Avi Kivity wrote:

On 11/23/2010 01:00 AM, Anthony Liguori wrote:
qemu-kvm vcpu threads don't response to SIGSTOP/SIGCONT.  Instead of 
teaching
them to respond to these signals, introduce monitor commands that 
stop and start

individual vcpus.

The purpose of these commands are to implement CPU hard limits using 
an external

tool that watches the CPU consumption and stops the CPU as appropriate.

The monitor commands provide a more elegant solution that signals 
because it

ensures that a stopped vcpu isn't holding the qemu_mutex.



From signal(7):

  The signals SIGKILL and SIGSTOP cannot be caught, blocked, or ignored.

Perhaps this is a bug in kvm?


I need to dig deeper than.

Maybe its something about sending SIGSTOP to a process?



If we could catch SIGSTOP, then it would be easy to unblock it only 
while running in guest context. It would then stop on exit to userspace.


Yeah, that's not a bad idea.

Using monitor commands is fairly heavyweight for something as high 
frequency as this.  What control period do you see people using?  
Maybe we should define USR1 for vcpu start/stop.


What happens if one vcpu is stopped while another is running?  Spin 
loops, synchronous IPIs will take forever.  Maybe we need to stop the 
entire process.


It's the same problem if a VCPU is descheduled while another is 
running.  The problem with stopping the entire process is that a big 
motivation for this is to ensure that benchmarks have consistent results 
regardless of CPU capacity.  If you just monitor the full process, then 
one VCPU may dominate the entitlement resulting in very erratic 
benchmarking.


Regards,

Anthony Liguori

Re: [Qemu-devel] [PATCH] qemu-kvm: introduce cpu_start/cpu_stop commands

[Anthony Liguori]

On 11/23/2010 02:16 AM, Dor Laor wrote:

On 11/23/2010 08:41 AM, Avi Kivity wrote:

On 11/23/2010 01:00 AM, Anthony Liguori wrote:

qemu-kvm vcpu threads don't response to SIGSTOP/SIGCONT. Instead of
teaching
them to respond to these signals, introduce monitor commands that stop
and start
individual vcpus.

The purpose of these commands are to implement CPU hard limits using
an external
tool that watches the CPU consumption and stops the CPU as appropriate.


Why not use cgroup for that?


This is a stop-gap.

The cgroup solution isn't perfect.  It doesn't know anything about guest 
time verses hypervisor time so it can't account just the guest time like 
we do with this implementation.  Also, since it may deschedule the vcpu 
thread while it's holding the qemu_mutex, it may unfairly tax other vcpu 
threads by creating additional lock contention.


This is all solvable but if there's an alternative that just requires a 
small change to qemu, it's worth doing in the short term.


Regards,

Anthony Liguori

Re: [Qemu-devel] [PATCH] qemu-kvm: introduce cpu_start/cpu_stop commands

[Avi Kivity]

On 11/23/2010 03:51 PM, Anthony Liguori wrote:

On 11/23/2010 12:41 AM, Avi Kivity wrote:

On 11/23/2010 01:00 AM, Anthony Liguori wrote:
qemu-kvm vcpu threads don't response to SIGSTOP/SIGCONT.  Instead of 
teaching
them to respond to these signals, introduce monitor commands that 
stop and start

individual vcpus.

The purpose of these commands are to implement CPU hard limits using 
an external

tool that watches the CPU consumption and stops the CPU as appropriate.

The monitor commands provide a more elegant solution that signals 
because it

ensures that a stopped vcpu isn't holding the qemu_mutex.



From signal(7):

  The signals SIGKILL and SIGSTOP cannot be caught, blocked, or ignored.

Perhaps this is a bug in kvm?


I need to dig deeper than.


Signals are a bottomless pit.


Maybe its something about sending SIGSTOP to a process?


AFAIK sending SIGSTOP to a process should stop all of its threads?  
SIGSTOPping a thread should also work.




If we could catch SIGSTOP, then it would be easy to unblock it only 
while running in guest context. It would then stop on exit to userspace.


Yeah, that's not a bad idea.


Except we can't.



Using monitor commands is fairly heavyweight for something as high 
frequency as this.  What control period do you see people using?  
Maybe we should define USR1 for vcpu start/stop.


What happens if one vcpu is stopped while another is running?  Spin 
loops, synchronous IPIs will take forever.  Maybe we need to stop the 
entire process.


It's the same problem if a VCPU is descheduled while another is running. 


We can fix that with directed yield or lock holder preemption 
prevention.  But if a vcpu is stopped by qemu, we suddenly can't.


The problem with stopping the entire process is that a big motivation 
for this is to ensure that benchmarks have consistent results 
regardless of CPU capacity.  If you just monitor the full process, 
then one VCPU may dominate the entitlement resulting in very erratic 
benchmarking.


What's the desired behaviour?  Give each vcpu 300M cycles per second, or 
give a 2vcpu guest 600M cycles per second?


You could monitor threads separately but stop the entire process.  
Stopping individual threads will break apart as soon as they start 
taking locks.


--
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH] qemu-kvm: introduce cpu_start/cpu_stop commands

[Anthony Liguori]

On 11/23/2010 08:00 AM, Avi Kivity wrote:


If we could catch SIGSTOP, then it would be easy to unblock it only 
while running in guest context. It would then stop on exit to 
userspace.


Yeah, that's not a bad idea.


Except we can't.


Yeah, I s:SIGSTOP:SIGUSR1:g.



Using monitor commands is fairly heavyweight for something as high 
frequency as this.  What control period do you see people using?  
Maybe we should define USR1 for vcpu start/stop.


What happens if one vcpu is stopped while another is running?  Spin 
loops, synchronous IPIs will take forever.  Maybe we need to stop 
the entire process.


It's the same problem if a VCPU is descheduled while another is running. 


We can fix that with directed yield or lock holder preemption 
prevention.  But if a vcpu is stopped by qemu, we suddenly can't.


That only works for spin locks.

Here's the scenario:

1) VCPU 0 drops to userspace and acquires qemu_mutex
2) VCPU 0 gets descheduled
3) VCPU 1 needs to drop to userspace and acquire qemu_mutex, gets 
blocked and yields
4) If we're lucky, VCPU 0 gets scheduled but it depends on how busy the 
system is


With CFS hard limits, once (2) happens, we're boned for (3) because (4) 
cannot happen.  By having QEMU know about (2), it can choose to run just 
a little bit longer in order to drop qemu_mutex such that (3) never happens.




The problem with stopping the entire process is that a big motivation 
for this is to ensure that benchmarks have consistent results 
regardless of CPU capacity.  If you just monitor the full process, 
then one VCPU may dominate the entitlement resulting in very erratic 
benchmarking.


What's the desired behaviour?  Give each vcpu 300M cycles per second, 
or give a 2vcpu guest 600M cycles per second?


Each vcpu gets 300M cycles per second.

You could monitor threads separately but stop the entire process.  
Stopping individual threads will break apart as soon as they start 
taking locks.


I don't think so..  PLE should work as expected.  It's no different than 
a normally contended system.


Regards,

Anthony Liguori

[Qemu-devel] [PATCH 05/12] ide: add ncq identify data for ahci sata drives

[Alexander Graf]

From: Roland Elek 

I modified ide_identify() to include the zero-based queue length
value in word 75, and set bit 8 in word 76 to signal NCQ support
in the identify data for AHCI SATA drives.

Signed-off-by: Roland Elek 
---
 hw/ide/core.c |7 +++
 hw/ide/internal.h |2 ++
 2 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 04190d2..073c038 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -147,6 +147,13 @@ static void ide_identify(IDEState *s)
 put_le16(p + 66, 120);
 put_le16(p + 67, 120);
 put_le16(p + 68, 120);
+
+if (s->ncq_queues) {
+put_le16(p + 75, s->ncq_queues - 1);
+/* NCQ supported */
+put_le16(p + 76, (1 << 8));
+}
+
 put_le16(p + 80, 0xf0); /* ata3 -> ata6 supported */
 put_le16(p + 81, 0x16); /* conforms to ata5 */
 /* 14=NOP supported, 5=WCACHE supported, 0=SMART supported */
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index 4bee636..1261eea 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -451,6 +451,8 @@ struct IDEState {
 int smart_errors;
 uint8_t smart_selftest_count;
 uint8_t *smart_selftest_data;
+/* AHCI */
+int ncq_queues;
 };
 
 /* This struct represents a device that uses an IDE bus, but requires
-- 
1.6.0.2

[Qemu-devel] [PATCH 06/12] pci: add storage class for sata

[Alexander Graf]

This patch adds the storage sata class id.

Signed-off-by: Alexander Graf 
---
 hw/pci_ids.h |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/hw/pci_ids.h b/hw/pci_ids.h
index 82cba7e..ea3418c 100644
--- a/hw/pci_ids.h
+++ b/hw/pci_ids.h
@@ -15,6 +15,7 @@
 
 #define PCI_CLASS_STORAGE_SCSI   0x0100
 #define PCI_CLASS_STORAGE_IDE0x0101
+#define PCI_CLASS_STORAGE_SATA   0x0106
 #define PCI_CLASS_STORAGE_OTHER  0x0180
 
 #define PCI_CLASS_NETWORK_ETHERNET   0x0200
-- 
1.6.0.2

[Qemu-devel] [PATCH 07/12] pci: add ich7 pci id

[Alexander Graf]

We need a PCI ID for our new AHCI adapter. I just picked an ICH-7M
because that's the one built into the first Macbooks.

This patch adds a PCI ID define for an ICH-7M AHCI adapter.

Signed-off-by: Alexander Graf 

---

v3 -> v4:

  - add ICH7 instead of ICH7M (herbszt)
---
 hw/pci.h |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/hw/pci.h b/hw/pci.h
index 7100804..5f49091 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -62,6 +62,7 @@
 /* Intel (0x8086) */
 #define PCI_DEVICE_ID_INTEL_82551IT  0x1209
 #define PCI_DEVICE_ID_INTEL_825570x1229
+#define PCI_DEVICE_ID_INTEL_ICH7_AHCI0x27c3
 
 /* Red Hat / Qumranet (for QEMU) -- see pci-ids.txt */
 #define PCI_VENDOR_ID_REDHAT_QUMRANET0x1af4
-- 
1.6.0.2

[Qemu-devel] [PATCH 04/12] ide: add DMA hooks to bus ops

[Alexander Graf]

For DMA operations, we need to hook into even more IDE functionality.

This patch adds the respective hooking points, allowing us to handle
SG lists ourselves in the AHCI code.

Signed-off-by: Roland Elek 
Signed-off-by: Alexander Graf 

---

v1 -> v2:

  - make dma hooks explicit by putting them into ops struct (stefanha)
---
 hw/ide/core.c |9 ++---
 hw/ide/internal.h |4 
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index c8d7810..04190d2 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -607,7 +607,7 @@ static void ide_read_dma_cb(void *opaque, int ret)
 n = s->nsector;
 s->io_buffer_index = 0;
 s->io_buffer_size = n * 512;
-if (dma_buf_prepare(bm, 1) == 0)
+if (s->bus->ops->dma_prepare_fn(bm, 1) == 0)
 goto eot;
 #ifdef DEBUG_AIO
 printf("aio_read: sector_num=%" PRId64 " n=%d\n", sector_num, n);
@@ -752,7 +752,7 @@ static void ide_write_dma_cb(void *opaque, int ret)
 n = s->nsector;
 s->io_buffer_size = n * 512;
 /* launch next transfer */
-if (dma_buf_prepare(bm, 0) == 0)
+if (s->bus->ops->dma_prepare_fn(bm, 0) == 0)
 goto eot;
 #ifdef DEBUG_AIO
 printf("aio_write: sector_num=%" PRId64 " n=%d\n", sector_num, n);
@@ -1060,7 +1060,7 @@ static void ide_atapi_cmd_read_dma_cb(void *opaque, int 
ret)
s->lba += n;
}
 s->packet_transfer_size -= s->io_buffer_size;
-if (dma_buf_rw(bm, 1) == 0)
+if (s->bus->ops->dma_rw_fn(bm, 1) == 0)
 goto eot;
 }
 
@@ -2715,6 +2715,7 @@ int ide_init_drive(IDEState *s, BlockDriverState *bs,
 } else {
 pstrcpy(s->version, sizeof(s->version), QEMU_VERSION);
 }
+
 ide_reset(s);
 bdrv_set_removable(bs, s->drive_kind == IDE_CD);
 return 0;
@@ -2740,6 +2741,8 @@ static IDEBusOps ide_bus_ops = {
 .transfer_start_fn = pata_transfer_start,
 .irq_set_fn = pata_set_irq,
 .dma_start_fn = pata_dma_start,
+.dma_prepare_fn = dma_buf_prepare,
+.dma_rw_fn = dma_buf_rw,
 };
 
 void ide_init2(IDEBus *bus, qemu_irq irq)
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index ee7e13e..4bee636 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -374,6 +374,8 @@ typedef void TransferStartFunc(IDEState *,
  EndTransferFunc *);
 typedef void IRQSetFunc(IDEBus *);
 typedef void DMAStartFunc(IDEState *, BlockDriverCompletionFunc *);
+typedef int DMAPrepareFunc(BMDMAState *, int);
+typedef int DMARWFunc(BMDMAState *, int);
 
 /* NOTE: IDEState represents in fact one drive */
 struct IDEState {
@@ -457,6 +459,8 @@ struct IDEBusOps {
 TransferStartFunc *transfer_start_fn;
 IRQSetFunc *irq_set_fn;
 DMAStartFunc *dma_start_fn;
+DMAPrepareFunc *dma_prepare_fn;
+DMARWFunc *dma_rw_fn;
 };
 
 struct IDEBus {
-- 
1.6.0.2

[Qemu-devel] [PATCH 10/12] config: Add header file for device config options

[Alexander Graf]

So far we have C preprocessor defines for target and host config
options, but we're lacking any information on which devices are
available.

We do need that information at times though, for example in the
ahci patch where we need to call a legacy init function depending
on whether we have support compiled in or not.

So this patch makes all config-devices options available as header
file. Please only include it in machine description code!

Signed-off-by: Alexander Graf 

---

v3 -> v4:

  - config: only include config-devices.h in machine description (blue swirl)
---
 Makefile.target |5 -
 hw/pc_piix.c|1 +
 2 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index 91e6e74..35862fd 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -1,6 +1,6 @@
 # -*- Mode: makefile -*-
 
-GENERATED_HEADERS = config-target.h
+GENERATED_HEADERS = config-target.h config-devices.h
 CONFIG_NO_KVM = $(if $(subst n,,$(CONFIG_KVM)),n,y)
 
 include ../config-host.mak
@@ -40,6 +40,9 @@ kvm.o kvm-all.o vhost.o vhost_net.o: 
QEMU_CFLAGS+=$(KVM_CFLAGS)
 config-target.h: config-target.h-timestamp
 config-target.h-timestamp: config-target.mak
 
+config-devices.h: config-target.h-timestamp
+config-devices.h-timestamp: config-target.mak
+
 all: $(PROGS)
 
 # Dummy command so that make thinks it has done something
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index 12359a7..2be25a6 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -35,6 +35,7 @@
 #include "sysemu.h"
 #include "sysbus.h"
 #include "blockdev.h"
+#include "config-devices.h"
 
 #define MAX_IDE_BUS 2
 
-- 
1.6.0.2

Re: [Qemu-devel] [PATCH] qemu-kvm: introduce cpu_start/cpu_stop commands

[Avi Kivity]

On 11/23/2010 04:24 PM, Anthony Liguori wrote:




Using monitor commands is fairly heavyweight for something as high 
frequency as this.  What control period do you see people using?  
Maybe we should define USR1 for vcpu start/stop.


What happens if one vcpu is stopped while another is running?  Spin 
loops, synchronous IPIs will take forever.  Maybe we need to stop 
the entire process.


It's the same problem if a VCPU is descheduled while another is 
running. 


We can fix that with directed yield or lock holder preemption 
prevention.  But if a vcpu is stopped by qemu, we suddenly can't.


That only works for spin locks.

Here's the scenario:

1) VCPU 0 drops to userspace and acquires qemu_mutex
2) VCPU 0 gets descheduled
3) VCPU 1 needs to drop to userspace and acquire qemu_mutex, gets 
blocked and yields
4) If we're lucky, VCPU 0 gets scheduled but it depends on how busy 
the system is


With CFS hard limits, once (2) happens, we're boned for (3) because 
(4) cannot happen.  By having QEMU know about (2), it can choose to 
run just a little bit longer in order to drop qemu_mutex such that (3) 
never happens.


There's some support for futex priority inheritance, perhaps we can 
leverage that.  It's supposed to be for realtime threads, but perhaps we 
can hook the priority booster to directed yield.


It's really the same problem -- preempted lock holder -- only in 
userspace.  We should be able to use the same solution.






The problem with stopping the entire process is that a big 
motivation for this is to ensure that benchmarks have consistent 
results regardless of CPU capacity.  If you just monitor the full 
process, then one VCPU may dominate the entitlement resulting in 
very erratic benchmarking.


What's the desired behaviour?  Give each vcpu 300M cycles per second, 
or give a 2vcpu guest 600M cycles per second?


Each vcpu gets 300M cycles per second.

You could monitor threads separately but stop the entire process.  
Stopping individual threads will break apart as soon as they start 
taking locks.


I don't think so..  PLE should work as expected.  It's no different 
than a normally contended system.




PLE without directed yield is useless.  With directed yield, it may 
work, but if the vcpu is stopped, it becomes ineffective.


Directed yield allows the scheduler to follow a bouncing lock around by 
increasing the priority (or decreasing vruntime) of the immediate lock 
holder at the expense of waiters.  SIGSTOP may drop the priority of the 
lock holder to zero without giving PLE a way to adjust.


--
error compiling committee.c: too many arguments to function

[Qemu-devel] [PATCH 02/12] ide: fix whitespace gap in ide_exec_cmd

[Alexander Graf]

Now that we have the function split out, we have to reindent it.
In order to increase the readability of the actual functional change,
this is split out.

Signed-off-by: Alexander Graf 
---
 hw/ide/core.c |  734 
 1 files changed, 367 insertions(+), 367 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index ee551ac..1849069 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1863,423 +1863,423 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val)
 int lba48 = 0;
 
 #if defined(DEBUG_IDE)
-printf("ide: CMD=%02x\n", val);
+printf("ide: CMD=%02x\n", val);
 #endif
-s = idebus_active_if(bus);
-/* ignore commands to non existant slave */
-if (s != bus->ifs && !s->bs)
-return;
+s = idebus_active_if(bus);
+/* ignore commands to non existant slave */
+if (s != bus->ifs && !s->bs)
+return;
 
-/* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
-if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
-return;
+/* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
+if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
+return;
 
-switch(val) {
-case WIN_IDENTIFY:
-if (s->bs && s->drive_kind != IDE_CD) {
-if (s->drive_kind != IDE_CFATA)
-ide_identify(s);
-else
-ide_cfata_identify(s);
-s->status = READY_STAT | SEEK_STAT;
-ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
-} else {
-if (s->drive_kind == IDE_CD) {
-ide_set_signature(s);
-}
-ide_abort_command(s);
-}
-ide_set_irq(s->bus);
-break;
-case WIN_SPECIFY:
-case WIN_RECAL:
-s->error = 0;
+switch(val) {
+case WIN_IDENTIFY:
+if (s->bs && s->drive_kind != IDE_CD) {
+if (s->drive_kind != IDE_CFATA)
+ide_identify(s);
+else
+ide_cfata_identify(s);
 s->status = READY_STAT | SEEK_STAT;
-ide_set_irq(s->bus);
-break;
-case WIN_SETMULT:
-if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
-/* Disable Read and Write Multiple */
-s->mult_sectors = 0;
-s->status = READY_STAT | SEEK_STAT;
-} else if ((s->nsector & 0xff) != 0 &&
-((s->nsector & 0xff) > MAX_MULT_SECTORS ||
- (s->nsector & (s->nsector - 1)) != 0)) {
-ide_abort_command(s);
-} else {
-s->mult_sectors = s->nsector & 0xff;
-s->status = READY_STAT | SEEK_STAT;
+ide_transfer_start(s, s->io_buffer, 512, ide_transfer_stop);
+} else {
+if (s->drive_kind == IDE_CD) {
+ide_set_signature(s);
 }
-ide_set_irq(s->bus);
-break;
-case WIN_VERIFY_EXT:
-   lba48 = 1;
-case WIN_VERIFY:
-case WIN_VERIFY_ONCE:
-/* do sector number check ? */
-   ide_cmd_lba48_transform(s, lba48);
+ide_abort_command(s);
+}
+ide_set_irq(s->bus);
+break;
+case WIN_SPECIFY:
+case WIN_RECAL:
+s->error = 0;
+s->status = READY_STAT | SEEK_STAT;
+ide_set_irq(s->bus);
+break;
+case WIN_SETMULT:
+if (s->drive_kind == IDE_CFATA && s->nsector == 0) {
+/* Disable Read and Write Multiple */
+s->mult_sectors = 0;
 s->status = READY_STAT | SEEK_STAT;
-ide_set_irq(s->bus);
-break;
+} else if ((s->nsector & 0xff) != 0 &&
+((s->nsector & 0xff) > MAX_MULT_SECTORS ||
+ (s->nsector & (s->nsector - 1)) != 0)) {
+ide_abort_command(s);
+} else {
+s->mult_sectors = s->nsector & 0xff;
+s->status = READY_STAT | SEEK_STAT;
+}
+ide_set_irq(s->bus);
+break;
+case WIN_VERIFY_EXT:
+   lba48 = 1;
+case WIN_VERIFY:
+case WIN_VERIFY_ONCE:
+/* do sector number check ? */
+   ide_cmd_lba48_transform(s, lba48);
+s->status = READY_STAT | SEEK_STAT;
+ide_set_irq(s->bus);
+break;
case WIN_READ_EXT:
-   lba48 = 1;
-case WIN_READ:
-case WIN_READ_ONCE:
-if (!s->bs)
-goto abort_cmd;
-   ide_cmd_lba48_transform(s, lba48);
-s->req_nb_sectors = 1;
-ide_sector_read(s);
-break;
+   lba48 = 1;
+case WIN_READ:
+case WIN_READ_ONCE:
+if (!s->bs)
+goto abort_cmd;
+   ide_cmd_lba48_transform(s, lba48);
+s->req_nb_sectors = 1;
+ide_sector_read(s);
+br

[Qemu-devel] Re: KVM call agenda for Nov 23

[Kevin Wolf]

Am 22.11.2010 14:55, schrieb Stefan Hajnoczi:
> On Mon, Nov 22, 2010 at 1:38 PM, Juan Quintela  wrote:
>>
>> Please send in any agenda items you are interested in covering.
> 
> QCOW2 performance roadmap:
> * What can be done to achieve near-raw image format performance?
> * Benchmark results from an ideal QCOW2 model.

Some thoughts on qcow2 performance:

== Fully allocated image ==
Should be able to perform similar to raw because there is very little
handling of metadata. Additional I/O only if an L2 table must be read
from the disk.

* Should we increase the L2 table cache size to make it happen less
often? (Currently 16 * 512 MB, QED uses more)

Known problems:
* Synchronous read of L2 tables; should be made async
** General thought on making things async: Coroutines? What happened to
that proposal?
* We may want to have online defragmentation eventually

== Growing stand-alone image ==
Stand-alone images (i.e. images without a backing file) aren't that
interesting because you would use raw for them anyway if you needed
optimal performance. We need to be "good enough" here.

However, all of the problems that arise from dealing with metadata apply
for the really interesting third case, so optimizing them is an
important step on the way.

Known problems:
* Needs a bdrv_flush between refcount table and L2 table write
* Synchronous metadata updates
* Both to be solved by block-queue
** Batches writes and makes the async, can greatly reduce number of
bdrv_flush calls
** Except for cache=writethrough, but this is secondary
** Should we make cache=off the default caching mode in qemu?
writethrough seems to be a bit too much anyway irrespective of the image
format.
* Synchronous refcount table reads
** How frequent are cache misses?
** Making this one async is much harder than L2 table reads. We can make
it a goal for mid-term, but short term we should make it hurt less if
it's a problem in practice.
*** It's probably not, because (without internal snapshots or
compression) we never free clusters, so we fill it sequentially and only
load a new one when the old one is full - and that one we don't even
read, but write, so block-queue will help
* Things like refcount table growth are completely synchronous.
** Not a real problem, because it happens approximately never.

== Growing image with backing file ==
This is the really interesting scenario where you need an image format
that provides some features. For qcow2, it's mostly the same as above.

See stand-alone, plus:
* Needs an bdrv_flush between COW and writing to the L2 table
** qcow2 has already one after refcount table write, so no additional
overhead
* Synchronous COW
** Should be fairly easy to make async

[Qemu-devel] [PATCH 09/12] ahci: add -drive support

[Alexander Graf]

We need to be able to spawn new AHCI drives, so let's add AHCI support
to the -drive option.

Signed-off-by: Alexander Graf 
---
 blockdev.c|6 +-
 blockdev.h|1 +
 qemu-common.h |2 +-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/blockdev.c b/blockdev.c
index 6cb179a..5ce90cc 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -209,6 +209,9 @@ DriveInfo *drive_init(QemuOpts *opts, int default_to_scsi, 
int *fatal_error)
} else if (!strcmp(buf, "xen")) {
type = IF_XEN;
 max_devs = 0;
+} else if (!strcmp(buf, "sata")) {
+type = IF_SATA;
+max_devs = MAX_SATA_DEVS;
} else if (!strcmp(buf, "none")) {
type = IF_NONE;
 max_devs = 0;
@@ -402,7 +405,7 @@ DriveInfo *drive_init(QemuOpts *opts, int default_to_scsi, 
int *fatal_error)
 } else {
 /* no id supplied -> create one */
 dinfo->id = qemu_mallocz(32);
-if (type == IF_IDE || type == IF_SCSI)
+if (type == IF_IDE || type == IF_SCSI || type == IF_SATA)
 mediastr = (media == MEDIA_CDROM) ? "-cd" : "-hd";
 if (max_devs)
 snprintf(dinfo->id, 32, "%s%i%s%i",
@@ -427,6 +430,7 @@ DriveInfo *drive_init(QemuOpts *opts, int default_to_scsi, 
int *fatal_error)
 case IF_IDE:
 case IF_SCSI:
 case IF_XEN:
+case IF_SATA:
 case IF_NONE:
 switch(media) {
case MEDIA_DISK:
diff --git a/blockdev.h b/blockdev.h
index 653affc..f50a15e 100644
--- a/blockdev.h
+++ b/blockdev.h
@@ -33,6 +33,7 @@ struct DriveInfo {
 
 #define MAX_IDE_DEVS   2
 #define MAX_SCSI_DEVS  7
+#define MAX_SATA_DEVS   4
 
 DriveInfo *drive_get(BlockInterfaceType type, int bus, int unit);
 int drive_get_max_bus(BlockInterfaceType type);
diff --git a/qemu-common.h b/qemu-common.h
index b3957f1..ae1cfca 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -257,7 +257,7 @@ typedef uint64_t pcibus_t;
 typedef enum {
 IF_NONE,
 IF_IDE, IF_SCSI, IF_FLOPPY, IF_PFLASH, IF_MTD, IF_SD, IF_VIRTIO, IF_XEN,
-IF_COUNT
+IF_SATA, IF_COUNT
 } BlockInterfaceType;
 
 void cpu_exec_init_all(unsigned long tb_size);
-- 
1.6.0.2

[Qemu-devel] Re: [Bug 427612] Re: kvm sends caps lock key up event twice

[Serge Hallyn]

Quoting Benjamin Drung (benjamin.dr...@gmail.com):
> Attached the patch for qemu-kvm 0.13. This patch is tested on natty with
> qemu-kvm 0.13.0+noroms-0ubuntu7 and the German and NEO2 keyboard layout.

Thanks, Benjamin.  I will propose this patch for merge as soon as some
technical difficulties with the natty/qemu-kvm tree are straightened
out.  Hopefully tomorrow.

-- 
kvm sends caps lock key up event twice
https://bugs.launchpad.net/bugs/427612
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: New
Status in “libsdl1.2” package in Ubuntu: Invalid
Status in “qemu-kvm” package in Ubuntu: New
Status in “libsdl1.2” package in Debian: Fix Released

Bug description:
Binary package hint: qemu-kvm

I have set the keyboard layout to German NEO 2 [1] in the host and the client 
(both current karmic). The caps lock is used as modifier (similar to shift) in 
NEO. When I press "caps lock" + "t", then the client prints a "t" instead of a 
"-". A caps lock key up event is sent to the client before I release the caps 
lock key.

[1] http://www.neo-layout.org/

ProblemType: Bug
Architecture: amd64
Date: Fri Sep 11 01:38:58 2009
DistroRelease: Ubuntu 9.10
KvmCmdLine: Error: command ['ps', '-C', 'kvm', '-F'] failed with exit code 1: 
UIDPID  PPID  CSZ   RSS PSR STIME TTY  TIME CMD
Package: qemu-kvm 0.11.0~rc2-0ubuntu2
PccardctlIdent:

PccardctlStatus:

ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.31-10-generic 
root=UUID=37b01f5a-a578-49d6-a812-f166b103e68a ro quiet splash
ProcEnviron:
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-10.31-generic
SourcePackage: qemu-kvm
Uname: Linux 2.6.31-10-generic x86_64
dmi.bios.date: 07/15/2009
dmi.bios.vendor: Intel Corp.
dmi.bios.version: DPP3510J.86A.0572.2009.0715.2346
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: DG33TL
dmi.board.vendor: Intel Corporation
dmi.board.version: AAD89517-802
dmi.chassis.type: 3
dmi.modalias: 
dmi:bvnIntelCorp.:bvrDPP3510J.86A.0572.2009.0715.2346:bd07/15/2009:svn:pn:pvr:rvnIntelCorporation:rnDG33TL:rvrAAD89517-802:cvn:ct3:cvr:

[Qemu-devel] Re: KVM call agenda for Nov 23

[Stefan Hajnoczi]

On Tue, Nov 23, 2010 at 2:37 PM, Kevin Wolf  wrote:
> Am 22.11.2010 14:55, schrieb Stefan Hajnoczi:
>> On Mon, Nov 22, 2010 at 1:38 PM, Juan Quintela  wrote:
>>>
>>> Please send in any agenda items you are interested in covering.
>>
>> QCOW2 performance roadmap:
>> * What can be done to achieve near-raw image format performance?
>> * Benchmark results from an ideal QCOW2 model.

Performance figures from a series of I/O scenarios:
http://wiki.qemu.org/Qcow2/PerformanceRoadmap

Stefan

[Qemu-devel] [PATCH 00/12] AHCI emulation support v4

[Alexander Graf]

This patch adds support for AHCI emulation. I have tested and verified it works
in Linux, OpenBSD, Windows Vista and Windows 7. This AHCI emulation supports
NCQ, so multiple read or write requests can be outstanding at the same time.

The code is however not fully optimized yet. I'm fairly sure that there are
low hanging performance fruits to be found still :). In my simple benchmarks
I achieved about 2/3rd of virtio performance.

Also, this AHCI emulation layer does not support legacy mode. So if you're
using a disk with this emulation, you do not get it exposed using the legacy
IDE interfaces.

Another nitpick is CD-ROM support in Windows. Somehow it doesn't detect a
CD-ROM drive attached to AHCI. At least it doesn't list it.

To attach an AHCI disk to your VM, please use

  -drive file=...,if=sata

This should do the trick for x86. On other platforms, you need to add the
ahci host controller using -device and add CONFIG_AHCI to its default config.
Big endian hosts are still broken due to qemu shortcomings in mmio handing.
Expect patches to follow.


This patch set is based on work done during the Google Summer of Code. I was
mentoring a student, Roland Elek, who wrote most of the AHCI emulation code
based on a patch from Chong Qiao. A bunch of other people were also involved,
so everybody who I didn't mention - thanks a lot!

  git://repo.or.cz/qemu/ahci.git ahci

v1 -> v2:

  - rename IDEExtender to IDEBusOps and make a pointer (kraxel)
  - make dma hooks explicit by putting them into ops struct (stefanha)
  - use qdev buses (kraxel)
  - minor cleanups
  - dprintf overhaul
  - add reset function

v2 -> v3:

  - add msi support (kraxel)
  - use MIN macro (kraxel)
  - add msi support (kraxel)
  - fix ncq with multiple ports
  - zap qdev properties (kraxel)
  - redesign legacy IF_SATA hooks (kraxel)
  - don't build ahci as part of target
  - move to ide/ (kwolf)

v3 -> v4:

  - prepare for endianness safety
  - add lspci dump (herbszt)
  - use ich7 instead of ich7m (herbszt)
  - fix lst+fis mapping (kraxel)
  - coding style (blue swirl)
  - explicit mmio setters/getters (blue swirl)
  - split pata code out to pata.c (kwolf)
  - only include config-devices.h in machine description (blue swirl)


Alex

Alexander Graf (10):
  ide: split ide command interpretation off
  ide: fix whitespace gap in ide_exec_cmd
  ide: add DMA hooks to bus ops
  pci: add storage class for sata
  pci: add ich7 pci id
  ahci: add ahci emulation
  ahci: add -drive support
  config: Add header file for device config options
  ahci: spawn controller on demand
  ide: move pata specific parts to pata.c

Roland Elek (2):
  ide: add support for ide bus ops
  ide: add ncq identify data for ahci sata drives

 Makefile.objs  |3 +-
 Makefile.target|5 +-
 blockdev.c |6 +-
 blockdev.h |1 +
 default-configs/i386-softmmu.mak   |1 +
 default-configs/x86_64-softmmu.mak |1 +
 hw/ide/ahci.c  | 1397 
 hw/ide/core.c  |  874 ++-
 hw/ide/internal.h  |   37 +-
 hw/ide/pata.c  |  178 +
 hw/pc.h|1 +
 hw/pc_piix.c   |4 +
 hw/pci.h   |1 +
 hw/pci_ids.h   |1 +
 qemu-common.h  |2 +-
 15 files changed, 2020 insertions(+), 492 deletions(-)
 create mode 100644 hw/ide/ahci.c
 create mode 100644 hw/ide/pata.c

[Qemu-devel] [PATCH 01/12] ide: split ide command interpretation off

[Alexander Graf]

The ATA command interpretation code can be used for PATA and SATA
interfaces alike. So let's split it out into a separate function.

Signed-off-by: Alexander Graf 
---
 hw/ide/core.c |   20 ++--
 hw/ide/internal.h |2 ++
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 484e0ca..ee551ac 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -1790,9 +1790,6 @@ static void ide_clear_hob(IDEBus *bus)
 void ide_ioport_write(void *opaque, uint32_t addr, uint32_t val)
 {
 IDEBus *bus = opaque;
-IDEState *s;
-int n;
-int lba48 = 0;
 
 #ifdef DEBUG_IDE
 printf("IDE: write addr=0x%x val=0x%02x\n", addr, val);
@@ -1853,17 +1850,29 @@ void ide_ioport_write(void *opaque, uint32_t addr, 
uint32_t val)
 default:
 case 7:
 /* command */
+ide_exec_cmd(opaque, val);
+break;
+}
+}
+
+
+void ide_exec_cmd(IDEBus *bus, uint32_t val)
+{
+IDEState *s;
+int n;
+int lba48 = 0;
+
 #if defined(DEBUG_IDE)
 printf("ide: CMD=%02x\n", val);
 #endif
 s = idebus_active_if(bus);
 /* ignore commands to non existant slave */
 if (s != bus->ifs && !s->bs)
-break;
+return;
 
 /* Only DEVICE RESET is allowed while BSY or/and DRQ are set */
 if ((s->status & (BUSY_STAT|DRQ_STAT)) && val != WIN_DEVICE_RESET)
-break;
+return;
 
 switch(val) {
 case WIN_IDENTIFY:
@@ -2354,7 +2363,6 @@ void ide_ioport_write(void *opaque, uint32_t addr, 
uint32_t val)
 ide_set_irq(s->bus);
 break;
 }
-}
 }
 
 uint32_t ide_ioport_read(void *opaque, uint32_t addr1)
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index d652e06..e7e1f80 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -564,6 +564,8 @@ void ide_init2_with_non_qdev_drives(IDEBus *bus, DriveInfo 
*hd0,
 DriveInfo *hd1, qemu_irq irq);
 void ide_init_ioport(IDEBus *bus, int iobase, int iobase2);
 
+void ide_exec_cmd(IDEBus *bus, uint32_t val);
+
 /* hw/ide/qdev.c */
 void ide_bus_new(IDEBus *idebus, DeviceState *dev);
 IDEDevice *ide_create_drive(IDEBus *bus, int unit, DriveInfo *drive);
-- 
1.6.0.2

[Qemu-devel] [PATCH 08/12] ahci: add ahci emulation

[Alexander Graf]

This patch adds an emulation layer for an ICH-7M AHCI controller. For now
this controller does not do IDE legacy emulation. It is a pure AHCI controller.

Signed-off-by: Alexander Graf 

---

v1 -> v2:

  - rename IDEExtender to IDEBusOps and make a pointer (kraxel)
  - make dma hooks explicit by putting them into ops struct (stefanha)
  - use qdev buses (kraxel)
  - minor cleanups
  - dprintf overhaul
  - add reset function

v2 -> v3:

  - add msi support (kraxel)
  - use MIN macro (kraxel)
  - add msi support (kraxel)
  - fix ncq with multiple ports
  - zap qdev properties (kraxel)
  - redesign legacy IF_SATA hooks (kraxel)
  - don't build ahci as part of target
  - move to ide/ (kwolf)

v3 -> v4:

  - prepare for endianness safety
  - add lspci dump (herbszt)
  - use ich7 instead of ich7m (herbszt)
  - fix lst+fis mapping (kraxel)
  - coding style (blue swirl)
  - explicit mmio setters/getters (blue swirl)
---
 Makefile.objs  |1 +
 default-configs/i386-softmmu.mak   |1 +
 default-configs/x86_64-softmmu.mak |1 +
 hw/ide/ahci.c  | 1397 
 4 files changed, 1400 insertions(+), 0 deletions(-)
 create mode 100644 hw/ide/ahci.c

diff --git a/Makefile.objs b/Makefile.objs
index 15569af..5241262 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -229,6 +229,7 @@ hw-obj-$(CONFIG_IDE_PIIX) += ide/piix.o
 hw-obj-$(CONFIG_IDE_CMD646) += ide/cmd646.o
 hw-obj-$(CONFIG_IDE_MACIO) += ide/macio.o
 hw-obj-$(CONFIG_IDE_VIA) += ide/via.o
+hw-obj-$(CONFIG_AHCI) += ide/ahci.o
 
 # SCSI layer
 hw-obj-y += lsi53c895a.o
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index ed00471..66b92af 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -19,6 +19,7 @@ CONFIG_IDE_QDEV=y
 CONFIG_IDE_PCI=y
 CONFIG_IDE_ISA=y
 CONFIG_IDE_PIIX=y
+CONFIG_AHCI=y
 CONFIG_NE2000_ISA=y
 CONFIG_PIIX_PCI=y
 CONFIG_SOUND=y
diff --git a/default-configs/x86_64-softmmu.mak 
b/default-configs/x86_64-softmmu.mak
index 5183203..508e843 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -19,6 +19,7 @@ CONFIG_IDE_QDEV=y
 CONFIG_IDE_PCI=y
 CONFIG_IDE_ISA=y
 CONFIG_IDE_PIIX=y
+CONFIG_AHCI=y
 CONFIG_NE2000_ISA=y
 CONFIG_PIIX_PCI=y
 CONFIG_SOUND=y
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
new file mode 100644
index 000..925372e
--- /dev/null
+++ b/hw/ide/ahci.c
@@ -0,0 +1,1397 @@
+/*
+ * QEMU AHCI Emulation
+ *
+ * Copyright (c) 2010 qiaoch...@loongson.cn
+ * Copyright (c) 2010 Roland Elek 
+ * Copyright (c) 2010 Sebastian Herbszt 
+ * Copyright (c) 2010 Alexander Graf 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ *
+ *
+ * lspci dump of a real device:
+ *
+ * 00:1f.2 Class 0104: 8086:27c3 (rev 01)
+ * Subsystem: 1734:1085
+ * Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr+ 
Stepping- SERR- FastB2B-
+ * Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR- 
+#include 
+#include 
+#include 
+
+#include "monitor.h"
+#include "dma.h"
+#include "cpu-common.h"
+#include "blockdev.h"
+#include "internal.h"
+#include 
+
+/* #define DEBUG_AHCI */
+
+#ifdef DEBUG_AHCI
+#define DPRINTF(port, fmt, ...) \
+do { fprintf(stderr, "ahci: %s: [%d] ", __FUNCTION__, port); \
+ fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(port, fmt, ...) do {} while(0)
+#endif
+
+#define AHCI_PCI_BAR  5
+#define AHCI_MAX_PORTS32
+#define AHCI_MAX_SG   168 /* hardware max is 64K */
+#define AHCI_DMA_BOUNDARY 0x
+#define AHCI_USE_CLUSTERING   0
+#define AHCI_MAX_CMDS 32
+#define AHCI_CMD_SZ   32
+#define AHCI_CMD_SLOT_SZ  (AHCI_MAX_CMDS * AHCI_CMD_SZ)
+#define AHCI_RX_FIS_SZ256
+#define AHCI_CMD_TBL_CDB  0x40
+#define AHCI_CMD_TBL_HDR_SZ   0x80
+#define AHCI_CMD_TBL_SZ   (AHCI_CMD_TBL_HDR_SZ + (AHCI_MAX_SG * 16))
+#define AHCI_CMD_TBL_AR_SZ(AHCI_CMD_TBL_SZ * AHCI_MAX_CMDS)
+#define AHCI_PORT_PRIV_DMA_SZ (AHCI_CMD_SLOT_SZ + AHCI_CMD_TBL_AR_SZ + \
+   AHCI_RX_FIS_SZ)
+
+#define AHCI_IRQ_ON_SG(1 << 31)
+#define AHCI_CMD_ATAPI(1 << 5)
+#define AHCI_CMD_WRITE(1 << 6)
+#define AHCI_CMD_PREFETCH (1 << 7)
+#define AH

Re: [Qemu-devel] [PATCH 7/7] tcg-ia64: Fix warning in qemu_ld.

[Richard Henderson]

On 11/23/2010 01:09 AM, malc wrote:
> On Mon, 22 Nov 2010, Richard Henderson wrote:
> 
>> The usermode version of qemu_ld doesn't used mem_index,
> 
> "doesn't used"? Doesn't use perhaps?

Err, yes, of course.


r~

[Qemu-devel] [PATCH 11/12] ahci: spawn controller on demand

[Alexander Graf]

When we add a device using -drive to the guest, we also need to create a
new SATA bus to handle the device. This patch adds a function call that
every machine that likes to have IF_SATA support can call to get full
device creation by keeping the actual qdev code clean.

Signed-off-by: Alexander Graf 

---

v2 -> v3:

  - redesign
---
 hw/pc.h  |1 +
 hw/pc_piix.c |3 +++
 2 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/hw/pc.h b/hw/pc.h
index 63b0249..02f452e 100644
--- a/hw/pc.h
+++ b/hw/pc.h
@@ -108,6 +108,7 @@ void pc_cmos_init(ram_addr_t ram_size, ram_addr_t 
above_4g_mem_size,
   BusState *ide0, BusState *ide1,
   FDCtrl *floppy_controller, ISADevice *s);
 void pc_pci_device_init(PCIBus *pci_bus);
+void ahci_create_default_devs(void *pci_bus);
 
 typedef void (*cpu_set_smm_t)(int smm, void *arg);
 void cpu_smm_register(cpu_set_smm_t callback, void *arg);
diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index 2be25a6..32edf20 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -183,6 +183,9 @@ static void pc_init1(ram_addr_t ram_size,
 
 if (pci_enabled) {
 pc_pci_device_init(pci_bus);
+#ifdef CONFIG_AHCI
+ahci_create_default_devs(pci_bus);
+#endif
 }
 }
 
-- 
1.6.0.2

[Qemu-devel] [PATCH 12/12] ide: move pata specific parts to pata.c

[Alexander Graf]

Due to popular request, this patch moves pieces that are successfully identified
as PATA only to a new file called pata.c.

Signed-off-by: Alexander Graf 
---
 Makefile.objs |2 +-
 hw/ide/core.c |  144 +--
 hw/ide/internal.h |3 +
 hw/ide/pata.c |  178 +
 4 files changed, 184 insertions(+), 143 deletions(-)
 create mode 100644 hw/ide/pata.c

diff --git a/Makefile.objs b/Makefile.objs
index 5241262..3fddb8e 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -221,7 +221,7 @@ hw-obj-$(CONFIG_LAN9118) += lan9118.o
 hw-obj-$(CONFIG_NE2000_ISA) += ne2000-isa.o
 
 # IDE
-hw-obj-$(CONFIG_IDE_CORE) += ide/core.o
+hw-obj-$(CONFIG_IDE_CORE) += ide/core.o ide/pata.o
 hw-obj-$(CONFIG_IDE_QDEV) += ide/qdev.o
 hw-obj-$(CONFIG_IDE_PCI) += ide/pci.o
 hw-obj-$(CONFIG_IDE_ISA) += ide/isa.o
diff --git a/hw/ide/core.c b/hw/ide/core.c
index 073c038..e6ee31d 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -34,8 +34,6 @@
 
 #include 
 
-#define IDE_PAGE_SIZE 4096
-
 static const int smart_attributes[][5] = {
 /* id,  flags, val, wrst, thrsh */
 { 0x01, 0x03, 0x64, 0x64, 0x06}, /* raw read */
@@ -67,8 +65,6 @@ static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
 static int ide_handle_rw_error(IDEState *s, int error, int op);
 static void ide_flush_cache(IDEState *s);
 
-static void pata_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
-
 static void padstr(char *str, const char *src, int len)
 {
 int i, v;
@@ -337,16 +333,6 @@ static void ide_transfer_start(IDEState *s, uint8_t *buf, 
int size,
 s->bus->ops->transfer_start_fn(s,buf,size,end_transfer_func);
 }
 
-static void pata_transfer_start(IDEState *s, uint8_t *buf, int size,
-   EndTransferFunc *end_transfer_func)
-{
-s->end_transfer_func = end_transfer_func;
-s->data_ptr = buf;
-s->data_end = buf + size;
-if (!(s->status & ERR_STAT))
-s->status |= DRQ_STAT;
-}
-
 static void ide_transfer_stop(IDEState *s)
 {
 s->end_transfer_func = ide_transfer_stop;
@@ -443,46 +429,6 @@ static void ide_sector_read(IDEState *s)
 }
 
 
-/* return 0 if buffer completed */
-static int dma_buf_prepare(BMDMAState *bm, int is_write)
-{
-IDEState *s = bmdma_active_if(bm);
-struct {
-uint32_t addr;
-uint32_t size;
-} prd;
-int l, len;
-
-qemu_sglist_init(&s->sg, s->nsector / (IDE_PAGE_SIZE / 512) + 1);
-s->io_buffer_size = 0;
-for(;;) {
-if (bm->cur_prd_len == 0) {
-/* end of table (with a fail safe of one page) */
-if (bm->cur_prd_last ||
-(bm->cur_addr - bm->addr) >= IDE_PAGE_SIZE)
-return s->io_buffer_size != 0;
-cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
-bm->cur_addr += 8;
-prd.addr = le32_to_cpu(prd.addr);
-prd.size = le32_to_cpu(prd.size);
-len = prd.size & 0xfffe;
-if (len == 0)
-len = 0x1;
-bm->cur_prd_len = len;
-bm->cur_prd_addr = prd.addr;
-bm->cur_prd_last = (prd.size & 0x8000);
-}
-l = bm->cur_prd_len;
-if (l > 0) {
-qemu_sglist_add(&s->sg, bm->cur_prd_addr, l);
-bm->cur_prd_addr += l;
-bm->cur_prd_len -= l;
-s->io_buffer_size += l;
-}
-}
-return 1;
-}
-
 static void dma_buf_commit(IDEState *s, int is_write)
 {
 qemu_sglist_destroy(&s->sg);
@@ -525,54 +471,6 @@ static int ide_handle_rw_error(IDEState *s, int error, int 
op)
 return 1;
 }
 
-/* return 0 if buffer completed */
-static int dma_buf_rw(BMDMAState *bm, int is_write)
-{
-IDEState *s = bmdma_active_if(bm);
-struct {
-uint32_t addr;
-uint32_t size;
-} prd;
-int l, len;
-
-for(;;) {
-l = s->io_buffer_size - s->io_buffer_index;
-if (l <= 0)
-break;
-if (bm->cur_prd_len == 0) {
-/* end of table (with a fail safe of one page) */
-if (bm->cur_prd_last ||
-(bm->cur_addr - bm->addr) >= IDE_PAGE_SIZE)
-return 0;
-cpu_physical_memory_read(bm->cur_addr, (uint8_t *)&prd, 8);
-bm->cur_addr += 8;
-prd.addr = le32_to_cpu(prd.addr);
-prd.size = le32_to_cpu(prd.size);
-len = prd.size & 0xfffe;
-if (len == 0)
-len = 0x1;
-bm->cur_prd_len = len;
-bm->cur_prd_addr = prd.addr;
-bm->cur_prd_last = (prd.size & 0x8000);
-}
-if (l > bm->cur_prd_len)
-l = bm->cur_prd_len;
-if (l > 0) {
-if (is_write) {
-cpu_physical_memory_write(bm->cur_prd_addr,
-  s->io_buffer + s->io_buffer_index, 
l);
-} else {
-cpu_physical_memory_re

[Qemu-devel] [PATCH 03/12] ide: add support for ide bus ops

[Alexander Graf]

From: Roland Elek 

We need to hook into some of the core IDE functionality for AHCI. To
do that, the easiest way is to make explicit functions calls be implicit
through a function call struct.

Signed-off-by: Roland Elek 
Signed-off-by: Alexander Graf 

---

v1 -> v2:

  - rename IDEExtender to IDEBusOps and make a pointer (kraxel)
---
 hw/ide/core.c |   36 +++-
 hw/ide/internal.h |   26 +++---
 2 files changed, 54 insertions(+), 8 deletions(-)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index 1849069..c8d7810 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -67,6 +67,8 @@ static void ide_atapi_cmd_read_dma_cb(void *opaque, int ret);
 static int ide_handle_rw_error(IDEState *s, int error, int op);
 static void ide_flush_cache(IDEState *s);
 
+static void pata_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb);
+
 static void padstr(char *str, const char *src, int len)
 {
 int i, v;
@@ -325,6 +327,12 @@ static inline void ide_dma_submit_check(IDEState *s,
 static void ide_transfer_start(IDEState *s, uint8_t *buf, int size,
EndTransferFunc *end_transfer_func)
 {
+s->bus->ops->transfer_start_fn(s,buf,size,end_transfer_func);
+}
+
+static void pata_transfer_start(IDEState *s, uint8_t *buf, int size,
+   EndTransferFunc *end_transfer_func)
+{
 s->end_transfer_func = end_transfer_func;
 s->data_ptr = buf;
 s->data_end = buf + size;
@@ -2580,6 +2588,18 @@ static void ide_dummy_transfer_stop(IDEState *s)
 s->io_buffer[3] = 0xff;
 }
 
+static void pata_set_irq(IDEBus *bus)
+{
+BMDMAState *bm = bus->bmdma;
+
+if (!(bus->cmd & IDE_CMD_DISABLE_IRQ)) {
+if (bm) {
+bm->status |= BM_STATUS_INT;
+}
+qemu_irq_raise(bus->irq);
+}
+}
+
 static void ide_reset(IDEState *s)
 {
 #ifdef DEBUG_IDE
@@ -2716,6 +2736,12 @@ static void ide_init1(IDEBus *bus, int unit)
ide_sector_write_timer_cb, s);
 }
 
+static IDEBusOps ide_bus_ops = {
+.transfer_start_fn = pata_transfer_start,
+.irq_set_fn = pata_set_irq,
+.dma_start_fn = pata_dma_start,
+};
+
 void ide_init2(IDEBus *bus, qemu_irq irq)
 {
 int i;
@@ -2725,6 +2751,7 @@ void ide_init2(IDEBus *bus, qemu_irq irq)
 ide_reset(&bus->ifs[i]);
 }
 bus->irq = irq;
+bus->ops = &ide_bus_ops;
 }
 
 /* TODO convert users to qdev and remove */
@@ -2748,6 +2775,7 @@ void ide_init2_with_non_qdev_drives(IDEBus *bus, 
DriveInfo *hd0,
 }
 }
 bus->irq = irq;
+bus->ops = &ide_bus_ops;
 }
 
 void ide_init_ioport(IDEBus *bus, int iobase, int iobase2)
@@ -2919,9 +2947,10 @@ const VMStateDescription vmstate_ide_bus = {
 /***/
 /* PCI IDE definitions */
 
-static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
+static void pata_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
 {
 BMDMAState *bm = s->bus->bmdma;
+
 if(!bm)
 return;
 bm->unit = s->unit;
@@ -2936,6 +2965,11 @@ static void ide_dma_start(IDEState *s, 
BlockDriverCompletionFunc *dma_cb)
 }
 }
 
+static void ide_dma_start(IDEState *s, BlockDriverCompletionFunc *dma_cb)
+{
+s->bus->ops->dma_start_fn(s,dma_cb);
+}
+
 static void ide_dma_restart(IDEState *s, int is_read)
 {
 BMDMAState *bm = s->bus->bmdma;
diff --git a/hw/ide/internal.h b/hw/ide/internal.h
index e7e1f80..ee7e13e 100644
--- a/hw/ide/internal.h
+++ b/hw/ide/internal.h
@@ -20,6 +20,7 @@ typedef struct IDEDevice IDEDevice;
 typedef struct IDEDeviceInfo IDEDeviceInfo;
 typedef struct IDEState IDEState;
 typedef struct BMDMAState BMDMAState;
+typedef struct IDEBusOps IDEBusOps;
 
 /* Bits of HD_STATUS */
 #define ERR_STAT   0x01
@@ -366,6 +367,14 @@ typedef enum { IDE_HD, IDE_CD, IDE_CFATA } IDEDriveKind;
 
 typedef void EndTransferFunc(IDEState *);
 
+
+typedef void TransferStartFunc(IDEState *,
+ uint8_t *,
+ int,
+ EndTransferFunc *);
+typedef void IRQSetFunc(IDEBus *);
+typedef void DMAStartFunc(IDEState *, BlockDriverCompletionFunc *);
+
 /* NOTE: IDEState represents in fact one drive */
 struct IDEState {
 IDEBus *bus;
@@ -442,12 +451,21 @@ struct IDEState {
 uint8_t *smart_selftest_data;
 };
 
+/* This struct represents a device that uses an IDE bus, but requires
+ * modifications to how it works. An example is AHCI. */
+struct IDEBusOps {
+TransferStartFunc *transfer_start_fn;
+IRQSetFunc *irq_set_fn;
+DMAStartFunc *dma_start_fn;
+};
+
 struct IDEBus {
 BusState qbus;
 IDEDevice *master;
 IDEDevice *slave;
 BMDMAState *bmdma;
 IDEState ifs[2];
+IDEBusOps *ops;
 uint8_t unit;
 uint8_t cmd;
 qemu_irq irq;
@@ -512,13 +530,7 @@ static inline IDEState *bmdma_active_if(BMDMAState *bmdma)
 
 static inline void ide_set_irq(IDEBus *bus)
 

[Qemu-devel] usb-ccid notes for today's meeting

[Alon Levy]

Hi,

 I've compiled the list of objections from the previous round of talks between 
Anthony and {Robert and I}, with our answers, for reference in todays talk 
(sorry about late send).

Notes for KVM meeting.

Points raised by anthony:
 1. How does the smart card state get migrated?
 2. How do you benefit from tracing and debugging qemu infrastructure?
 3. Device creation is difficult, you need to launch and configure the external 
daemon.
 4. Why not: use in qemu emulated card, and develop a protocol for connecting 
to the remote card.
 5. I think a remote passthrough protocol who's sole purpose is to allow
 external device emulation is a bad idea for QEMU.
 6. Security concert: possible guest breaking into spice client.

Answers:
 1. in emulated: isn't, there will be a different card on the new host anyway.
in passthru: no need, only usb-ccid state needs migration (and that is 
trivial). the rest has never moved, since it is in the client.
Other important notes on migration:
 1. This is just like passthrough, only with the remote side staying put 
during migration (as noted by anthony himself).
 2. We do emulate on the client side, but that is not required to 
participate in qemu features, it is not expected to migrate for instance, and 
is there to provide the locking (to allow multiple card users, qemu being one 
of them).

 2. we don't for the passthru, we do for the usb-ccid and emulated cards. We 
can test usb-ccid using the emulated card. So far the only problems that were 
not elementary to fix were with usb layer.

 3. for passthrough we already have a daemon, called spicec, which we will 
reuse. For emulated card this is not a problem.

 4. Two protocols seems overkill, although it is doable. A second protocol not 
based on smart card spec may impede our future flexibility wrt new smart cards.

 5. The passthrough usage for spice is to allow locking, and that requires a 
remote emulator. But it can be used by itself with vscclient in passthrough 
mode (vscclient is part of cac_card repository) and then there is no external 
emulation.

 6. We already have an existing daemon, which needs to live with these security 
concerns. 


Alon

[Qemu-devel] [Bug 427612] Re: kvm sends caps lock key up event twice

[Serge Hallyn]

Thanks, Benjamin.  I've pushed your fix to a ppa in
https://launchpad.net/~serge-hallyn/+archive/qemu-capslock
for testing.  I'd like someone with a standard keyboard with
capslock not remapped to give this a spin, then I'll propose the
fix for merge into the natty tree (after which it can be SRU'd into
maverick).

If noone gets to it before then, I can test it next week.  This week,
unfortunately, I can't do it myself.

** Changed in: qemu-kvm (Ubuntu)
   Status: New => In Progress

** Changed in: qemu-kvm (Ubuntu)
 Assignee: (unassigned) => Serge Hallyn (serge-hallyn)

-- 
kvm sends caps lock key up event twice
https://bugs.launchpad.net/bugs/427612
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

Status in QEMU: New
Status in “libsdl1.2” package in Ubuntu: Invalid
Status in “qemu-kvm” package in Ubuntu: In Progress
Status in “libsdl1.2” package in Debian: Fix Released

Bug description:
Binary package hint: qemu-kvm

I have set the keyboard layout to German NEO 2 [1] in the host and the client 
(both current karmic). The caps lock is used as modifier (similar to shift) in 
NEO. When I press "caps lock" + "t", then the client prints a "t" instead of a 
"-". A caps lock key up event is sent to the client before I release the caps 
lock key.

[1] http://www.neo-layout.org/

ProblemType: Bug
Architecture: amd64
Date: Fri Sep 11 01:38:58 2009
DistroRelease: Ubuntu 9.10
KvmCmdLine: Error: command ['ps', '-C', 'kvm', '-F'] failed with exit code 1: 
UIDPID  PPID  CSZ   RSS PSR STIME TTY  TIME CMD
Package: qemu-kvm 0.11.0~rc2-0ubuntu2
PccardctlIdent:

PccardctlStatus:

ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.31-10-generic 
root=UUID=37b01f5a-a578-49d6-a812-f166b103e68a ro quiet splash
ProcEnviron:
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-10.31-generic
SourcePackage: qemu-kvm
Uname: Linux 2.6.31-10-generic x86_64
dmi.bios.date: 07/15/2009
dmi.bios.vendor: Intel Corp.
dmi.bios.version: DPP3510J.86A.0572.2009.0715.2346
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: DG33TL
dmi.board.vendor: Intel Corporation
dmi.board.version: AAD89517-802
dmi.chassis.type: 3
dmi.modalias: 
dmi:bvnIntelCorp.:bvrDPP3510J.86A.0572.2009.0715.2346:bd07/15/2009:svn:pn:pvr:rvnIntelCorporation:rnDG33TL:rvrAAD89517-802:cvn:ct3:cvr:

[Qemu-devel] Re: [PATCHv6 00/16] boot order specification

[Gleb Natapov]

Anthony, Blue

No comments on this patch series for almost a week. Can it be applied?

On Wed, Nov 17, 2010 at 06:43:47PM +0200, Gleb Natapov wrote:
> I am using open firmware naming scheme to specify device path names.
> In this version: added SCSI bus support. Pass boot order list as file
> to firmware.
> 
> Names look like this on pci machine:
> /p...@i0cf8/i...@1,1/dr...@1/d...@0
> /p...@i0cf8/i...@1/f...@03f1/flo...@1
> /p...@i0cf8/i...@1/f...@03f1/flo...@0
> /p...@i0cf8/i...@1,1/dr...@1/d...@1
> /p...@i0cf8/i...@1,1/dr...@0/d...@0
> /p...@i0cf8/s...@3/d...@0,0
> /p...@i0cf8/ether...@4/ethernet-...@0
> /p...@i0cf8/ether...@5/ethernet-...@0
> /p...@i0cf8/i...@1,1/dr...@0/d...@1
> /p...@i0cf8/i...@1/i...@01e8/dr...@0/d...@0
> /p...@i0cf8/u...@1,2/netw...@0/ether...@0
> /p...@i0cf8/u...@1,2/h...@1/netw...@0/ether...@0
> /r...@genroms/linuxboot.bin
> 
> and on isa machine:
> /isa/i...@0170/dr...@0/d...@0
> /isa/f...@03f1/flo...@1
> /isa/f...@03f1/flo...@0
> /isa/i...@0170/dr...@0/d...@1
> 
> Instead of using get_dev_path() callback I introduces another one
> get_fw_dev_path. Unfortunately the way get_dev_path() callback is used
> in migration code makes it hard to reuse it for other purposes. First
> of all it is not called recursively so caller expects it to provide
> unique name by itself. Device path though is inherently recursive. Each
> individual element may not be unique, but the whole path will be. On
> the other hand to call get_dev_path() recursively in migration code we
> should implement it for all possible buses first. Other problem is
> compatibility. If we change get_dev_path() output format now we will not
> be able to migrate from old qemu to new one without some additional
> compatibility layer.
> 
> Gleb Natapov (16):
>   Introduce fw_name field to DeviceInfo structure.
>   Introduce new BusInfo callback get_fw_dev_path.
>   Keep track of ISA ports ISA device is using in qdev.
>   Add get_fw_dev_path callback to ISA bus in qdev.
>   Store IDE bus id in IDEBus structure for easy access.
>   Add get_fw_dev_path callback to IDE bus.
>   Add get_dev_path callback for system bus.
>   Add get_fw_dev_path callback for pci bus.
>   Record which USBDevice USBPort belongs too.
>   Add get_dev_path callback for usb bus.
>   Add get_dev_path callback to scsi bus.
>   Add bootindex parameter to net/block/fd device
>   Change fw_cfg_add_file() to get full file path as a parameter.
>   Add bootindex for option roms.
>   Add notifier that will be called when machine is fully created.
>   Pass boot device list to firmware.
> 
>  block_int.h   |4 +-
>  hw/cs4231a.c  |1 +
>  hw/e1000.c|4 ++
>  hw/eepro100.c |3 +
>  hw/fdc.c  |   12 ++
>  hw/fw_cfg.c   |   30 --
>  hw/fw_cfg.h   |4 +-
>  hw/gus.c  |4 ++
>  hw/ide/cmd646.c   |4 +-
>  hw/ide/internal.h |3 +-
>  hw/ide/isa.c  |5 ++-
>  hw/ide/piix.c |4 +-
>  hw/ide/qdev.c |   22 ++-
>  hw/ide/via.c  |4 +-
>  hw/isa-bus.c  |   42 +++
>  hw/isa.h  |4 ++
>  hw/lance.c|1 +
>  hw/loader.c   |   32 ---
>  hw/loader.h   |8 ++--
>  hw/m48t59.c   |1 +
>  hw/mc146818rtc.c  |1 +
>  hw/multiboot.c|3 +-
>  hw/ne2000-isa.c   |3 +
>  hw/ne2000.c   |5 ++-
>  hw/nseries.c  |4 +-
>  hw/palm.c |6 +-
>  hw/parallel.c |5 ++
>  hw/pc.c   |7 ++-
>  hw/pci.c  |  110 ---
>  hw/pci_host.c |2 +
>  hw/pckbd.c|3 +
>  hw/pcnet.c|6 ++-
>  hw/piix_pci.c |1 +
>  hw/qdev.c |   32 +++
>  hw/qdev.h |9 
>  hw/rtl8139.c  |4 ++
>  hw/sb16.c |4 ++
>  hw/scsi-bus.c |   23 +++
>  hw/scsi-disk.c|2 +
>  hw/serial.c   |1 +
>  hw/sysbus.c   |   30 ++
>  hw/sysbus.h   |4 ++
>  hw/usb-bus.c  |   45 -
>  hw/usb-hub.c  |3 +-
>  hw/usb-musb.c |2 +-
>  hw/usb-net.c  |3 +
>  hw/usb-ohci.c |2 +-
>  hw/usb-uhci.c |2 +-
>  hw/usb.h  |3 +-
>  hw/virtio-blk.c   |2 +
>  hw/virtio-net.c   |2 +
>  hw/virtio-pci.c   |1 +
>  net.h |4 +-
>  qemu-config.c |   17 
>  sysemu.h  |   11 +-
>  vl.c  |  114 
> -
>  56 files changed, 588 insertions(+), 80 deletions(-)
> 
> -- 
> 1.7.2.3
> 
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
Gleb.

[Qemu-devel] [PATCH] Fix commandline handling for ARM semihosted executables, on Linux and BSD hosts

[Schildbach, Wolfgang]

When running an ARM semihosted executable on a linux machine, the
command line is not delivered to the guest (see
https://bugs.launchpad.net/qemu/+bug/673613).

This patch fixes this, for Linux and BSD hosts. Thanks to Peter Maydell
for suggesting this patch, and to Nathan Froyd for helping me with the
list netiquette!

- Wolfgang Schildbach

Signed-off-by: Wolfgang Schildbach 
---
 arm-semi.c |   73
---
 bsd-user/bsdload.c |2 -
 bsd-user/qemu.h|1 -
 linux-user/linuxload.c |2 -
 linux-user/qemu.h  |1 -
 5 files changed, 43 insertions(+), 36 deletions(-)
 
diff --git a/arm-semi.c b/arm-semi.c
index 0687b03..65dc398 100644
--- a/arm-semi.c
+++ b/arm-semi.c
@@ -373,45 +373,58 @@ uint32_t do_arm_semihosting(CPUState *env)
 #ifdef CONFIG_USER_ONLY
 /* Build a commandline from the original argv.  */
 {
-char **arg = ts->info->host_argv;
-int len = ARG(1);
-/* lock the buffer on the ARM side */
-char *cmdline_buffer = (char*)lock_user(VERIFY_WRITE,
ARG(0), len, 0);
+char *arm_cmdline_buffer;
+const char *host_cmdline_buffer;
 
-if (!cmdline_buffer)
-/* FIXME - should this error code be -TARGET_EFAULT ?
*/
-return (uint32_t)-1;
+unsigned int i;
+unsigned int arm_cmdline_len = ARG(1);
+unsigned int host_cmdline_len =
+ts->info->arg_end-ts->info->arg_start;
+
+if (host_cmdline_len > arm_cmdline_len) {
+return -1; /* command line too long */
+}
+
+/* lock the buffers on the ARM side */
+arm_cmdline_buffer =
+lock_user(VERIFY_WRITE, ARG(0), host_cmdline_len, 0);
+host_cmdline_buffer =
+lock_user(VERIFY_READ, ts->info->arg_start,
+   host_cmdline_len, 1);
 
-s = cmdline_buffer;
-while (*arg && len > 2) {
-int n = strlen(*arg);
+if (arm_cmdline_buffer && host_cmdline_buffer)
+{
+/* the last argument is zero-terminated;
+   no need for additional termination */
+memcpy(arm_cmdline_buffer, host_cmdline_buffer,
+   host_cmdline_len);
 
-if (s != cmdline_buffer) {
-*(s++) = ' ';
-len--;
+/* separate arguments by white spaces */
+for (i = 0; i < host_cmdline_len-1; i++) {
+if (arm_cmdline_buffer[i] == 0) {
+arm_cmdline_buffer[i] = ' ';
+}
 }
-if (n >= len)
-n = len - 1;
-memcpy(s, *arg, n);
-s += n;
-len -= n;
-arg++;
-}
-/* Null terminate the string.  */
-*s = 0;
-len = s - cmdline_buffer;
 
-/* Unlock the buffer on the ARM side.  */
-unlock_user(cmdline_buffer, ARG(0), len);
+if (!host_cmdline_len) {
+/* is arcg==0 even a possibility? */
+arm_cmdline_buffer[0] = 0;
+host_cmdline_len=1;
+}
 
-/* Adjust the commandline length argument.  */
-SET_ARG(1, len);
+/* Adjust the commandline length argument. */
+SET_ARG(1, host_cmdline_len-1);
+}
 
-/* Return success if commandline fit into buffer.  */
-return *arg ? -1 : 0;
+/* Unlock the buffers on the ARM side.  */
+unlock_user(arm_cmdline_buffer, ARG(0), host_cmdline_len);
+unlock_user((void*)host_cmdline_buffer,
ts->info->arg_start, 0);
+
+/* Return success if we could return a commandline.  */
+return (arm_cmdline_buffer && host_cmdline_buffer) ? 0 :
-1;
 }
 #else
-  return -1;
+return -1;
 #endif
 case SYS_HEAPINFO:
 {
diff --git a/bsd-user/bsdload.c b/bsd-user/bsdload.c
index 14a93bf..6d9bb6f 100644
--- a/bsd-user/bsdload.c
+++ b/bsd-user/bsdload.c
@@ -176,8 +176,6 @@ int loader_exec(const char * filename, char ** argv,
char ** envp,
 
 retval = prepare_binprm(&bprm);
 
-infop->host_argv = argv;
-
 if(retval>=0) {
 if (bprm.buf[0] == 0x7f
 && bprm.buf[1] == 'E'
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 9763616..e343894 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -50,7 +50,6 @@ struct image_info {
 abi_ulong entry;
 abi_ulong code_offset;
 abi_ulong data_offset;
-char  **host_argv;
 int   personality;
 };
 
diff --git a/linux-user/linuxload.c b/linux-user/linuxload.c
index 9ee27c3..ac8c486 100644
--- a/linux-user/linuxload.c
+++ b/linux-user/linuxload

[Qemu-devel] KVM call minutes for Nov 23

[Chris Wright]

qcow2 performance roadmap
- What can be done to achieve near-raw image format performance?
  - some discussion points from Kevin on list
http://lists.nongnu.org/archive/html/qemu-devel/2010-11/msg02126.html
  - please follow up on the list
- some perf numbers (latest upstream qcow2 compared with qed)
  - qed is fully async, added unconditional flush to model qcow2
  - http://wiki.qemu.org/Qcow2/PerformanceRoadmap 
  - qcow2 not scaling as well
- metadata handling still quite sync
- sequential reads not scaling at all (a
- only serialization point is two accesses to same block and need to
  allocate
- template based backing file is common (esp. in cloud)
- perf data suggests that data/table format dictates performance ceiling
  - barriers off on underlying fs, cache=writethrough
  - raw backing file (sparse) grows with basic tools like cp
  - suggestion: qed == qcow2 v3
- wouldn't support encryption and compression (Kevin won't do this)

usb-ccid
- concern about external library implementation
  - hard to add device features, enhancements, live migration protocol changes
- external library
- will resend patch to 

vcpu hard limits
- will continue discussion on list

0.14 (release date, bug day, -rc planning, etc)
- aiming for dec 15th
- will send note out after call with release schedule

0.13.x
- will connect with jforbes regarding -stable maintainance

gPXE vs. iPXE
- ipxe is new fork
- ipxe looking more active (including original gpxe developers)
- which is a better choice?
  - iPXE more active, gPXE stalled
  - some concern about where the community sits (gPXE has irc, bug
reports, etc)
  - some concern about boot delay with iPXE
- qemu not updating roms that frequently, next time we need to update,
  can evaluate
- syslinux still using gPXE

[Qemu-devel] Re: [PATCH] scsi: Implement 'get_sense' callback

[Hannes Reinecke]

On 11/22/2010 10:56 PM, Stefan Hajnoczi wrote:
> On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke  wrote:
>> +static int scsi_get_sense(SCSIRequest *req, uint8_t *outbuf, int len)
>> +{
>> +SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, req->dev);
>> +int size = SCSI_SENSE_BUF_SIZE;
> 
> If there is no error we return SCSI_SENSE_BUF_SIZE without touching
> outbuf?  I was expecting a memset(outbuf, 0, ...) or something that
> initializes outbuf.
> 
If there is no error SG_ERR_DRIVER_SENSE is not set, hence there is
no sense data to fill out.
But yes, you are correct; we should be doing something sensible here.
I'll be setting it to 'NO SENSE' for initialisation.

>> +
>> +if (s->driver_status & SG_ERR_DRIVER_SENSE) {
>> +if (len < SCSI_SENSE_BUF_SIZE)
> 
> {}
> 
>> +size = len;
>> +else
> 
> {}
> 
OK, will be fixing it with the next patchset.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke   zSeries & Storage
h...@suse.de  +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Markus Rex, HRB 16746 (AG Nürnberg)

[Qemu-devel] Re: [PATCHv6 00/16] boot order specification

[Anthony Liguori]

On 11/23/2010 09:31 AM, Gleb Natapov wrote:

Anthony, Blue

No comments on this patch series for almost a week. Can it be applied?
   


Does that mean everyone's happy or have folks not gotten around to 
review it?


IOW, last call if you have objections :-)

Regards,

Anthony Liguori


On Wed, Nov 17, 2010 at 06:43:47PM +0200, Gleb Natapov wrote:
   

I am using open firmware naming scheme to specify device path names.
In this version: added SCSI bus support. Pass boot order list as file
to firmware.

Names look like this on pci machine:
/p...@i0cf8/i...@1,1/dr...@1/d...@0
/p...@i0cf8/i...@1/f...@03f1/flo...@1
/p...@i0cf8/i...@1/f...@03f1/flo...@0
/p...@i0cf8/i...@1,1/dr...@1/d...@1
/p...@i0cf8/i...@1,1/dr...@0/d...@0
/p...@i0cf8/s...@3/d...@0,0
/p...@i0cf8/ether...@4/ethernet-...@0
/p...@i0cf8/ether...@5/ethernet-...@0
/p...@i0cf8/i...@1,1/dr...@0/d...@1
/p...@i0cf8/i...@1/i...@01e8/dr...@0/d...@0
/p...@i0cf8/u...@1,2/netw...@0/ether...@0
/p...@i0cf8/u...@1,2/h...@1/netw...@0/ether...@0
/r...@genroms/linuxboot.bin

and on isa machine:
/isa/i...@0170/dr...@0/d...@0
/isa/f...@03f1/flo...@1
/isa/f...@03f1/flo...@0
/isa/i...@0170/dr...@0/d...@1

Instead of using get_dev_path() callback I introduces another one
get_fw_dev_path. Unfortunately the way get_dev_path() callback is used
in migration code makes it hard to reuse it for other purposes. First
of all it is not called recursively so caller expects it to provide
unique name by itself. Device path though is inherently recursive. Each
individual element may not be unique, but the whole path will be. On
the other hand to call get_dev_path() recursively in migration code we
should implement it for all possible buses first. Other problem is
compatibility. If we change get_dev_path() output format now we will not
be able to migrate from old qemu to new one without some additional
compatibility layer.

Gleb Natapov (16):
   Introduce fw_name field to DeviceInfo structure.
   Introduce new BusInfo callback get_fw_dev_path.
   Keep track of ISA ports ISA device is using in qdev.
   Add get_fw_dev_path callback to ISA bus in qdev.
   Store IDE bus id in IDEBus structure for easy access.
   Add get_fw_dev_path callback to IDE bus.
   Add get_dev_path callback for system bus.
   Add get_fw_dev_path callback for pci bus.
   Record which USBDevice USBPort belongs too.
   Add get_dev_path callback for usb bus.
   Add get_dev_path callback to scsi bus.
   Add bootindex parameter to net/block/fd device
   Change fw_cfg_add_file() to get full file path as a parameter.
   Add bootindex for option roms.
   Add notifier that will be called when machine is fully created.
   Pass boot device list to firmware.

  block_int.h   |4 +-
  hw/cs4231a.c  |1 +
  hw/e1000.c|4 ++
  hw/eepro100.c |3 +
  hw/fdc.c  |   12 ++
  hw/fw_cfg.c   |   30 --
  hw/fw_cfg.h   |4 +-
  hw/gus.c  |4 ++
  hw/ide/cmd646.c   |4 +-
  hw/ide/internal.h |3 +-
  hw/ide/isa.c  |5 ++-
  hw/ide/piix.c |4 +-
  hw/ide/qdev.c |   22 ++-
  hw/ide/via.c  |4 +-
  hw/isa-bus.c  |   42 +++
  hw/isa.h  |4 ++
  hw/lance.c|1 +
  hw/loader.c   |   32 ---
  hw/loader.h   |8 ++--
  hw/m48t59.c   |1 +
  hw/mc146818rtc.c  |1 +
  hw/multiboot.c|3 +-
  hw/ne2000-isa.c   |3 +
  hw/ne2000.c   |5 ++-
  hw/nseries.c  |4 +-
  hw/palm.c |6 +-
  hw/parallel.c |5 ++
  hw/pc.c   |7 ++-
  hw/pci.c  |  110 ---
  hw/pci_host.c |2 +
  hw/pckbd.c|3 +
  hw/pcnet.c|6 ++-
  hw/piix_pci.c |1 +
  hw/qdev.c |   32 +++
  hw/qdev.h |9 
  hw/rtl8139.c  |4 ++
  hw/sb16.c |4 ++
  hw/scsi-bus.c |   23 +++
  hw/scsi-disk.c|2 +
  hw/serial.c   |1 +
  hw/sysbus.c   |   30 ++
  hw/sysbus.h   |4 ++
  hw/usb-bus.c  |   45 -
  hw/usb-hub.c  |3 +-
  hw/usb-musb.c |2 +-
  hw/usb-net.c  |3 +
  hw/usb-ohci.c |2 +-
  hw/usb-uhci.c |2 +-
  hw/usb.h  |3 +-
  hw/virtio-blk.c   |2 +
  hw/virtio-net.c   |2 +
  hw/virtio-pci.c   |1 +
  net.h |4 +-
  qemu-config.c |   17 
  sysemu.h  |   11 +-
  vl.c  |  114 -
  56 files changed, 588 insertions(+), 80 deletions(-)

--
1.7.2.3

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 

--
Gleb.
   

Re: [Qemu-devel] [PATCH, RFT] Speedup 'tb_find_slow' by using the same heuristic as during memory page lookup

[Mulyadi Santosa]

Dear Kirill

On Tue, Nov 23, 2010 at 02:42, Kirill Batuzov  wrote:
> Move the last found TB to the head of the list so it will be found more
> quickly next time it will be looked for.
...
>  found:
> +    if (*ptb1) {
> +        *ptb1 = tb->phys_hash_next;
> +        tb->phys_hash_next = tb_phys_hash[h];
> +        tb_phys_hash[h] = tb;
> +    }
>     /* we add the TB in the virtual pc hash table */
>     env->tb_jmp_cache[tb_jmp_cache_hash_func(pc)] = tb;
>     return tb;
>

I thank you, because you indirectly teach me how to do it. Since a
long time ago, I'd like to do the same thing but I never understand
the way TB managed thoroughly.

May I suggest something?
a. the "if (*ptb)" could be improved by likely() or unlikely() macros
(I forgot the real gcc macro's name, I just write down the way Linux
kernel name it).

I guess, statistically the hit rate of last executed TB could be
somewhere above 50% (using locality principle, which is IIRC, saying
that roughly 10% of code are actually ran and they took 90% of overall
total code run time. CMIIW). So, likely() will improve the code
ordering.

b. Or better, we need somekind of LRU list ordering of TB. On each TB
hit, "hit count" of that TB is incremented. On every certain time
interval, the entire list is scanned and it is reordered with the most
frequently called TB is in the head.

All in all, I think it is due to simple TB "clean up" mechanism so
far, that is whenever it is full, they are simply dumped out. While I
agree it's the simplest, I remember Julian Seward's test that showed
runtime acceleration when TB size is increased up to certain size.
This, to me, in some degree demonstrate that more efficient management
of TB cache is needed.

Just my 2 cents idea...and so far this is all I can suggest to help
Qemu development.


-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

[Qemu-devel] [PATCH] qemu-kvm: response to SIGUSR1 to start/stop a VCPU (v2)

[Anthony Liguori]

qemu-kvm vcpu threads don't response to SIGSTOP/SIGCONT.  Instead of teaching
them to respond to these signals (which cannot be trapped), use SIGUSR1 to
approximate the behavior of SIGSTOP/SIGCONT.

The purpose of this is to implement CPU hard limits using an external tool that
watches the CPU consumption and stops the VCPU as appropriate.

This provides a more elegant solution in that it allows the VCPU thread to
release qemu_mutex before going to sleep.

This current implementation uses a single signal.  I think this is too racey
in the long term so I think we should introduce a second signal.  If two signals
get coalesced into one, it could confuse the monitoring tool into giving the
VCPU the inverse of it's entitlement.

It might be better to simply move this logic entirely into QEMU to make this
more robust--the question is whether we think this is a good long term feature
to carry in QEMU?

Signed-off-by: Anthony Liguori 

diff --git a/cpu-defs.h b/cpu-defs.h
index 51533c6..6434dca 100644
--- a/cpu-defs.h
+++ b/cpu-defs.h
@@ -220,6 +220,7 @@ struct KVMCPUState {
 const char *cpu_model_str;  \
 struct KVMState *kvm_state; \
 struct kvm_run *kvm_run;\
+int sigusr1_fd; \
 int kvm_fd; \
 int kvm_vcpu_dirty; \
 struct KVMCPUState kvm_cpu_state;
diff --git a/qemu-kvm.c b/qemu-kvm.c
index 471306b..354109f 100644
--- a/qemu-kvm.c
+++ b/qemu-kvm.c
@@ -1351,6 +1351,29 @@ static void pause_all_threads(void)
 }
 }
 
+static void vcpu_stop(CPUState *env)
+{
+if (env != cpu_single_env) {
+env->stop = 1;
+pthread_kill(env->kvm_cpu_state.thread, SIG_IPI);
+} else {
+env->stop = 0;
+env->stopped = 1;
+cpu_exit(env);
+}
+
+while (!env->stopped) {
+qemu_cond_wait(&qemu_pause_cond);
+}
+}
+
+static void vcpu_start(CPUState *env)
+{
+env->stop = 0;
+env->stopped = 0;
+pthread_kill(env->kvm_cpu_state.thread, SIG_IPI);
+}
+
 static void resume_all_threads(void)
 {
 CPUState *penv = first_cpu;
@@ -1426,6 +1449,37 @@ static int kvm_main_loop_cpu(CPUState *env)
 return 0;
 }
 
+static __thread int sigusr1_wfd;
+
+static void on_sigusr1(int signo)
+{
+char ch = 0;
+if (write(sigusr1_wfd, &ch, 1) < 0) {
+/* who cares */
+}
+}
+
+static void sigusr1_read(void *opaque)
+{
+CPUState *env = opaque;
+ssize_t len;
+int caught_signal = 0;
+
+do {
+char buffer[256];
+len = read(env->sigusr1_fd, buffer, sizeof(buffer));
+caught_signal = 1;
+} while (len > 0);
+
+if (caught_signal) {
+if (env->stopped) {
+vcpu_start(env);
+} else {
+vcpu_stop(env);
+}
+}
+}
+
 static void *ap_main_loop(void *_env)
 {
 CPUState *env = _env;
@@ -1433,10 +1487,12 @@ static void *ap_main_loop(void *_env)
 #ifdef CONFIG_KVM_DEVICE_ASSIGNMENT
 struct ioperm_data *data = NULL;
 #endif
+int fds[2];
 
 current_env = env;
 env->thread_id = kvm_get_thread_id();
 sigfillset(&signals);
+sigdelset(&signals, SIGUSR1);
 sigprocmask(SIG_BLOCK, &signals, NULL);
 
 #ifdef CONFIG_KVM_DEVICE_ASSIGNMENT
@@ -1451,6 +1507,18 @@ static void *ap_main_loop(void *_env)
 kvm_create_vcpu(env, env->cpu_index);
 setup_kernel_sigmask(env);
 
+if (pipe(fds) == -1) {
+/* do nothing */
+}
+
+fcntl(fds[0], F_SETFL, O_NONBLOCK);
+fcntl(fds[1], F_SETFL, O_NONBLOCK);
+
+env->sigusr1_fd = fds[0];
+sigusr1_wfd = fds[1];
+
+qemu_set_fd_handler2(fds[0], NULL, sigusr1_read, NULL, env);
+
 /* signal VCPU creation */
 current_env->created = 1;
 pthread_cond_signal(&qemu_vcpu_cond);
@@ -1463,6 +1531,8 @@ static void *ap_main_loop(void *_env)
 /* re-initialize cpu_single_env after re-acquiring qemu_mutex */
 cpu_single_env = env;
 
+signal(SIGUSR1, on_sigusr1);
+
 kvm_main_loop_cpu(env);
 return NULL;
 }
diff --git a/qemu-kvm.h b/qemu-kvm.h
index 0f3fb50..3addc77 100644
--- a/qemu-kvm.h
+++ b/qemu-kvm.h
@@ -783,6 +783,7 @@ struct KVMState {
 int irqchip_in_kernel;
 int pit_in_kernel;
 int xsave, xcrs;
+int sigusr2_fd;
 
 struct kvm_context kvm_context;
 };
-- 
1.7.0.4

[Qemu-devel] Re: [PATCH v2 0/6] qdev reset refactoring and pci bus reset

[Michael S. Tsirkin]

On Tue, Nov 23, 2010 at 12:53:12AM +0200, Michael S. Tsirkin wrote:
> On Mon, Nov 22, 2010 at 07:43:37PM +0900, Isaku Yamahata wrote:
> > On Mon, Nov 22, 2010 at 09:54:02AM +0200, Michael S. Tsirkin wrote:
> > > On Fri, Nov 19, 2010 at 06:55:57PM +0900, Isaku Yamahata wrote:
> > > > Here is v2. I updated the comments, and dropped the pci qdev reset 
> > > > patch.
> > > > 
> > > > Patch description:
> > > > The goal of this patch series is to implement secondary bus reset
> > > > emulation in pci-to-pci bridge.
> > > > At first, this patch series refactors qdev reset,
> > > > and then cleans up pci bus reset. Lastly implements pci bridge control
> > > > secondary bus reset bit.
> > > > 
> > > > This patch series is for pci bus reset, which is ported
> > > > from the following repo.
> > > > git://repo.or.cz/qemu/aliguori.git qdev-refactor
> > > 
> > > I've put the series on my pci branch, tweaking patches 5 and 6 in the
> > > process.  Out of time to compile-tested only for now.
> > 
> > Thank you. The tweaking looks good.
> > Do you still want me to send another patch to add a comment on RST#?
> 
> OK, I got response, and yes, we need to fix code to avoid claiming
> transactions by devices on the secondary bus while secondary bus is in
> RST# for both pci and express.

I guess the following fixes it?

--->

pci: don't access bus while it's reset

Devices on a bus should not respond while RST#
is asserted, which is controlled by PCI_BRIDGE_CTL_BUS_RESET.
Simply skip such a bus when propagating the configuration cycle.

Signed-off-by: Michael S. Tsirkin 

---

diff --git a/hw/pci.c b/hw/pci.c
index d02f980..60bdded 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -1554,7 +1554,9 @@ PCIBus *pci_find_bus(PCIBus *bus, int bus_num)
 
 /* try child bus */
 if (!bus->parent_dev /* host pci bridge */ ||
-(bus->parent_dev->config[PCI_SECONDARY_BUS] < bus_num &&
+(!(pci_get_word(bus->parent_dev->config + PCI_BRIDGE_CONTROL) &
+   PCI_BRIDGE_CTL_BUS_RESET) /* Don't walk the bus if it's reset. */ &&
+ bus->parent_dev->config[PCI_SECONDARY_BUS] < bus_num &&
  bus_num <= bus->parent_dev->config[PCI_SUBORDINATE_BUS])) {
 for (; bus; bus = sec) {
 QLIST_FOREACH(sec, &bus->child, sibling) {

[Qemu-devel] [PATCH 0/3] QMP: small fixes

[Luiz Capitulino]

Please, check individual patches for details.

[Qemu-devel] [PATCH 1/3] QMP: Fix default response regression

[Luiz Capitulino]

Commit 030db6e89d dropped do_info() usage from QMP and introduced
qmp_call_query_cmd(). However, the new function doesn't emit QMP's
default OK response when the handler doesn't return data.

Fix that by also calling monitor_protocol_emitter() when
ret_data == NULL, so that the default response is emitted.

Signed-off-by: Luiz Capitulino 
---
 monitor.c |6 ++
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/monitor.c b/monitor.c
index 8cee35d..c4efe58 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4426,10 +4426,8 @@ static void qmp_call_query_cmd(Monitor *mon, const 
mon_cmd_t *cmd)
 }
 } else {
 cmd->mhandler.info_new(mon, &ret_data);
-if (ret_data) {
-monitor_protocol_emitter(mon, ret_data);
-qobject_decref(ret_data);
-}
+monitor_protocol_emitter(mon, ret_data);
+qobject_decref(ret_data);
 }
 }
 
-- 
1.7.3.2.245.g03276

[Qemu-devel] [PATCH 2/3] QMP: Drop dead code

[Luiz Capitulino]

The first if/else clause in handler_audit() makes no sense for two
reasons:

  1. this function is now called only by QMP code, so testing if
 it's a QMP call makes no sense anymore

  2. the else clause first asserts that there's no error in the
 monitor object, then it tries to free it!

Just drop it.

Signed-off-by: Luiz Capitulino 
---
 monitor.c |   74 -
 1 files changed, 34 insertions(+), 40 deletions(-)

diff --git a/monitor.c b/monitor.c
index c4efe58..30be273 100644
--- a/monitor.c
+++ b/monitor.c
@@ -3853,49 +3853,43 @@ void monitor_set_error(Monitor *mon, QError *qerror)
 
 static void handler_audit(Monitor *mon, const mon_cmd_t *cmd, int ret)
 {
-if (monitor_ctrl_mode(mon)) {
-if (ret && !monitor_has_error(mon)) {
-/*
- * If it returns failure, it must have passed on error.
- *
- * Action: Report an internal error to the client if in QMP.
- */
-qerror_report(QERR_UNDEFINED_ERROR);
-MON_DEBUG("command '%s' returned failure but did not pass an 
error\n",
-  cmd->name);
-}
+if (ret && !monitor_has_error(mon)) {
+/*
+ * If it returns failure, it must have passed on error.
+ *
+ * Action: Report an internal error to the client if in QMP.
+ */
+qerror_report(QERR_UNDEFINED_ERROR);
+MON_DEBUG("command '%s' returned failure but did not pass an error\n",
+  cmd->name);
+}
 
 #ifdef CONFIG_DEBUG_MONITOR
-if (!ret && monitor_has_error(mon)) {
-/*
- * If it returns success, it must not have passed an error.
- *
- * Action: Report the passed error to the client.
- */
-MON_DEBUG("command '%s' returned success but passed an error\n",
-  cmd->name);
-}
-
-if (mon_print_count_get(mon) > 0 && strcmp(cmd->name, "info") != 0) {
-/*
- * Handlers should not call Monitor print functions.
- *
- * Action: Ignore them in QMP.
- *
- * (XXX: we don't check any 'info' or 'query' command here
- * because the user print function _is_ called by do_info(), hence
- * we will trigger this check. This problem will go away when we
- * make 'query' commands real and kill do_info())
- */
-MON_DEBUG("command '%s' called print functions %d time(s)\n",
-  cmd->name, mon_print_count_get(mon));
-}
-#endif
-} else {
-assert(!monitor_has_error(mon));
-QDECREF(mon->error);
-mon->error = NULL;
+if (!ret && monitor_has_error(mon)) {
+/*
+ * If it returns success, it must not have passed an error.
+ *
+ * Action: Report the passed error to the client.
+ */
+MON_DEBUG("command '%s' returned success but passed an error\n",
+  cmd->name);
+}
+
+if (mon_print_count_get(mon) > 0 && strcmp(cmd->name, "info") != 0) {
+/*
+ * Handlers should not call Monitor print functions.
+ *
+ * Action: Ignore them in QMP.
+ *
+ * (XXX: we don't check any 'info' or 'query' command here
+ * because the user print function _is_ called by do_info(), hence
+ * we will trigger this check. This problem will go away when we
+ * make 'query' commands real and kill do_info())
+ */
+MON_DEBUG("command '%s' called print functions %d time(s)\n",
+  cmd->name, mon_print_count_get(mon));
 }
+#endif
 }
 
 static void handle_user_command(Monitor *mon, const char *cmdline)
-- 
1.7.3.2.245.g03276

[Qemu-devel] [PATCH 3/3] QMP: Simplify monitor_json_emitter()

[Luiz Capitulino]

Use the ternary operator instead of an if (also fixes bad indentation).

Signed-off-by: Luiz Capitulino 
---
 monitor.c |6 ++
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/monitor.c b/monitor.c
index 30be273..f6f2264 100644
--- a/monitor.c
+++ b/monitor.c
@@ -351,10 +351,8 @@ static void monitor_json_emitter(Monitor *mon, const 
QObject *data)
 {
 QString *json;
 
-if (mon->flags & MONITOR_USE_PRETTY)
-   json = qobject_to_json_pretty(data);
-else
-   json = qobject_to_json(data);
+json = mon->flags & MONITOR_USE_PRETTY ? qobject_to_json_pretty(data) :
+ qobject_to_json(data);
 assert(json != NULL);
 
 qstring_append_chr(json, '\n');
-- 
1.7.3.2.245.g03276

[Qemu-devel] [PATCH 04/12] ARM: Fix decoding of VFP forms of VCVT between float and int/fixed

[Peter Maydell]

Correct the decoding of source and destination registers
for the VFP forms of the VCVT instructions which convert
between floating point and integer or fixed-point.

Signed-off-by: Peter Maydell 
---
 target-arm/translate.c |   19 ---
 1 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index bf1e643..07a51ab 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -2870,16 +2870,18 @@ static int disas_vfp_insn(CPUState * env, DisasContext 
*s, uint32_t insn)
 VFP_DREG_N(rn, insn);
 }
 
-if (op == 15 && (rn == 15 || rn > 17)) {
+if (op == 15 && (rn == 15 || ((rn & 0x1c) == 0x18))) {
 /* Integer or single precision destination.  */
 rd = VFP_SREG_D(insn);
 } else {
 VFP_DREG_D(rd, insn);
 }
-
-if (op == 15 && (rn == 16 || rn == 17)) {
-/* Integer source.  */
-rm = ((insn << 1) & 0x1e) | ((insn >> 5) & 1);
+if (op == 15 &&
+(((rn & 0x1c) == 0x10) || ((rn & 0x14) == 0x14))) {
+/* VCVT from int is always from S reg regardless of dp bit.
+ * VCVT with immediate frac_bits has same format as SREG_M
+ */
+rm = VFP_SREG_M(insn);
 } else {
 VFP_DREG_M(rm, insn);
 }
@@ -2891,6 +2893,9 @@ static int disas_vfp_insn(CPUState * env, DisasContext 
*s, uint32_t insn)
 } else {
 rd = VFP_SREG_D(insn);
 }
+/* NB that we implicitly rely on the encoding for the frac_bits
+ * in VCVT of fixed to float being the same as that of SREG_M.
+ */
 rm = VFP_SREG_M(insn);
 }
 
@@ -3179,8 +3184,8 @@ static int disas_vfp_insn(CPUState * env, DisasContext 
*s, uint32_t insn)
 /* Write back the result.  */
 if (op == 15 && (rn >= 8 && rn <= 11))
 ; /* Comparison, do nothing.  */
-else if (op == 15 && rn > 17)
-/* Integer result.  */
+else if (op == 15 && dp && ((rn & 0x1c) == 0x18))
+/* VCVT double to int: always integer result. */
 gen_mov_vreg_F0(0, rd);
 else if (op == 15 && rn == 15)
 /* conversion */
-- 
1.6.3.3

[Qemu-devel] [PATCH 00/12] [PULL] ARM fixes

[Peter Maydell]

Anthony,

This is a pull request for patches which fix problems with the
generated code for ARM targets. They've been sent to the list
previously, and I've reviewed and tested them. Could they
be merged, please?


The following changes since commit 4e02d460dd4b60847a1e8b689cb676e3e1f3de95:
  Stefan Hajnoczi (1):
virtio-pci: Convert fprintf() to error_report()

are available in the git repository at:

  git://git.linaro.org/qemu/qemu-arm.git for-anthony

Adam Lackorzynski (1):
  target-arm: Handle 'smc' as an undefined instruction

Johan Bengtsson (2):
  target-arm: Add support for PKHxx in thumb2
  target-arm: Fix mixup in decoding of saturating add and sub

Peter Maydell (9):
  ARM: Fix decoding of VFP forms of VCVT between float and int/fixed
  ARM: Fix decoding of Neon forms of VCVT between float and fixed point
  ARM: Fix sense of to_integer bit in Neon VCVT float/int conversion
  ARM: Return correct result for float-to-integer conversion of NaN
  ARM: Return correct result for single<->double conversion of NaN
  ARM: Ignore top 16 bits when doing VCVT from 16 bit fixed point
  softfloat: Add float/double to 16 bit integer conversion functions
  ARM: Implement VCVT to 16 bit integer using new softfloat routines
  ARM: fix ldrexd/strexd

 fpu/softfloat.c|  136 
 fpu/softfloat.h|4 ++
 linux-user/main.c  |2 +-
 target-arm/helper.c|   66 ++--
 target-arm/translate.c |  119 +-
 5 files changed, 285 insertions(+), 42 deletions(-)

[Qemu-devel] [PATCH 12/12] ARM: fix ldrexd/strexd

[Peter Maydell]

Correct ldrexd and strexd code to always read and write the
high word of the 64-bit value from addr+4.
Also make ldrexd and strexd agree that for a 64 bit value the
address in env->exclusive_addr is that of the low word.

This fixes the issues reported in
https://bugs.launchpad.net/qemu/+bug/670883

Signed-off-by: Peter Maydell 
---
 linux-user/main.c  |2 +-
 target-arm/translate.c |8 +---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/linux-user/main.c b/linux-user/main.c
index dbba8be..274019f 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -589,7 +589,7 @@ static int do_strex(CPUARMState *env)
 }
 if (size == 3) {
 val = env->regs[(env->exclusive_info >> 12) & 0xf];
-segv = put_user_u32(val, addr);
+segv = put_user_u32(val, addr + 4);
 if (segv) {
 env->cp15.c6_data = addr + 4;
 goto done;
diff --git a/target-arm/translate.c b/target-arm/translate.c
index f018653..fc1d399 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -5935,8 +5935,10 @@ static void gen_load_exclusive(DisasContext *s, int rt, 
int rt2,
 tcg_gen_mov_i32(cpu_exclusive_val, tmp);
 store_reg(s, rt, tmp);
 if (size == 3) {
-tcg_gen_addi_i32(addr, addr, 4);
-tmp = gen_ld32(addr, IS_USER(s));
+TCGv tmp2 = new_tmp();
+tcg_gen_addi_i32(tmp2, addr, 4);
+tmp = gen_ld32(tmp2, IS_USER(s));
+dead_tmp(tmp2);
 tcg_gen_mov_i32(cpu_exclusive_high, tmp);
 store_reg(s, rt2, tmp);
 }
@@ -5996,7 +5998,7 @@ static void gen_store_exclusive(DisasContext *s, int rd, 
int rt, int rt2,
 if (size == 3) {
 TCGv tmp2 = new_tmp();
 tcg_gen_addi_i32(tmp2, addr, 4);
-tmp = gen_ld32(addr, IS_USER(s));
+tmp = gen_ld32(tmp2, IS_USER(s));
 dead_tmp(tmp2);
 tcg_gen_brcond_i32(TCG_COND_NE, tmp, cpu_exclusive_high, fail_label);
 dead_tmp(tmp);
-- 
1.6.3.3

[Qemu-devel] [PATCH 05/12] ARM: Fix decoding of Neon forms of VCVT between float and fixed point

[Peter Maydell]

Fix errors in the decoding of the Neon forms of fixed-point VCVT:
 * fixed-point VCVT is op 14 and 15, not 15 and 16
 * the fbits immediate field was being misinterpreted
 * the sense of the to_fixed bit was inverted

Signed-off-by: Peter Maydell 
---
 target-arm/translate.c |8 ++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 07a51ab..6c19f97 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -4850,11 +4850,15 @@ static int disas_neon_data_insn(CPUState * env, 
DisasContext *s, uint32_t insn)
 }
 neon_store_reg64(cpu_V0, rd + pass);
 }
-} else if (op == 15 || op == 16) {
+} else if (op >= 14) {
 /* VCVT fixed-point.  */
+/* We have already masked out the must-be-1 top bit of imm6,
+ * hence this 32-shift where the ARM ARM has 64-imm6.
+ */
+shift = 32 - shift;
 for (pass = 0; pass < (q ? 4 : 2); pass++) {
 tcg_gen_ld_f32(cpu_F0s, cpu_env, neon_reg_offset(rm, 
pass));
-if (op & 1) {
+if (!(op & 1)) {
 if (u)
 gen_vfp_ulto(0, shift);
 else
-- 
1.6.3.3

[Qemu-devel] [PATCH 11/12] ARM: Implement VCVT to 16 bit integer using new softfloat routines

[Peter Maydell]

Use the softfloat conversion routines for conversion to 16 bit
integers, because just casting to a 16 bit type truncates the
value rather than saturating it at 16-bit MAXINT/MININT.

Signed-off-by: Peter Maydell 
---
 target-arm/helper.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 6a891da..96d6fb4 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2567,7 +2567,7 @@ ftype VFP_HELPER(to##name, p)(ftype x, uint32_t shift, 
CPUState *env) \
 return ftype##_zero; \
 } \
 tmp = ftype##_scalbn(x, shift, &env->vfp.fp_status); \
-return vfp_ito##p((itype)ftype##_to_##sign##int32_round_to_zero(tmp, \
+return vfp_ito##p(ftype##_to_##itype##_round_to_zero(tmp, \
 &env->vfp.fp_status)); \
 }
 
-- 
1.6.3.3

[Qemu-devel] [PATCH 10/12] softfloat: Add float/double to 16 bit integer conversion functions

[Peter Maydell]

The ARM architecture needs float/double to 16 bit integer conversions.
(The 32 bit versions aren't sufficient because of the requirement
to saturate at 16 bit MAXINT/MININT and to get the exception bits right.)

Signed-off-by: Peter Maydell 
---
 fpu/softfloat.c |  136 +++
 fpu/softfloat.h |4 ++
 2 files changed, 140 insertions(+), 0 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index 0b82797..6f5b05d 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -1355,6 +1355,55 @@ int32 float32_to_int32_round_to_zero( float32 a 
STATUS_PARAM )
 
 /*
 | Returns the result of converting the single-precision floating-point value
+| `a' to the 16-bit two's complement integer format.  The conversion is
+| performed according to the IEC/IEEE Standard for Binary Floating-Point
+| Arithmetic, except that the conversion is always rounded toward zero.
+| If `a' is a NaN, the largest positive integer is returned.  Otherwise, if
+| the conversion overflows, the largest integer with the same sign as `a' is
+| returned.
+**/
+
+int16 float32_to_int16_round_to_zero( float32 a STATUS_PARAM )
+{
+flag aSign;
+int16 aExp, shiftCount;
+bits32 aSig;
+int32 z;
+
+aSig = extractFloat32Frac( a );
+aExp = extractFloat32Exp( a );
+aSign = extractFloat32Sign( a );
+shiftCount = aExp - 0x8E;
+if ( 0 <= shiftCount ) {
+if ( float32_val(a) != 0xC700 ) {
+float_raise( float_flag_invalid STATUS_VAR);
+if ( ! aSign || ( ( aExp == 0xFF ) && aSig ) ) {
+return 0x7FFF;
+}
+}
+return (sbits32) 0x8000;
+}
+else if ( aExp <= 0x7E ) {
+if ( aExp | aSig ) {
+STATUS(float_exception_flags) |= float_flag_inexact;
+}
+return 0;
+}
+shiftCount -= 0x10;
+aSig = ( aSig | 0x0080 )<<8;
+z = aSig>>( - shiftCount );
+if ( (bits32) ( aSig<<( shiftCount & 31 ) ) ) {
+STATUS(float_exception_flags) |= float_flag_inexact;
+}
+if ( aSign ) {
+z = - z;
+}
+return z;
+
+}
+
+/*
+| Returns the result of converting the single-precision floating-point value
 | `a' to the 64-bit two's complement integer format.  The conversion is
 | performed according to the IEC/IEEE Standard for Binary Floating-Point
 | Arithmetic---which means in particular that the conversion is rounded
@@ -2412,6 +2461,57 @@ int32 float64_to_int32_round_to_zero( float64 a 
STATUS_PARAM )
 
 /*
 | Returns the result of converting the double-precision floating-point value
+| `a' to the 16-bit two's complement integer format.  The conversion is
+| performed according to the IEC/IEEE Standard for Binary Floating-Point
+| Arithmetic, except that the conversion is always rounded toward zero.
+| If `a' is a NaN, the largest positive integer is returned.  Otherwise, if
+| the conversion overflows, the largest integer with the same sign as `a' is
+| returned.
+**/
+
+int16 float64_to_int16_round_to_zero( float64 a STATUS_PARAM )
+{
+flag aSign;
+int16 aExp, shiftCount;
+bits64 aSig, savedASig;
+int32 z;
+
+aSig = extractFloat64Frac( a );
+aExp = extractFloat64Exp( a );
+aSign = extractFloat64Sign( a );
+if ( 0x40E < aExp ) {
+if ( ( aExp == 0x7FF ) && aSig ) {
+aSign = 0;
+}
+goto invalid;
+}
+else if ( aExp < 0x3FF ) {
+if ( aExp || aSig ) {
+STATUS(float_exception_flags) |= float_flag_inexact;
+}
+return 0;
+}
+aSig |= LIT64( 0x0010 );
+shiftCount = 0x433 - aExp;
+savedASig = aSig;
+aSig >>= shiftCount;
+z = aSig;
+if ( aSign ) {
+z = - z;
+}
+if ( ( (int16_t)z < 0 ) ^ aSign ) {
+ invalid:
+float_raise( float_flag_invalid STATUS_VAR);
+return aSign ? (sbits32) 0x8000 : 0x7FFF;
+}
+if ( ( aSig< 0x) {
+res = 0x;
+float_raise( float_flag_invalid STATUS_VAR);
+} else {
+res = v;
+}
+return res;
+}
+
 unsigned int float64_to_uint32( float64 a STATUS_PARAM )
 {
 int64_t v;
@@ -5668,6 +5786,24 @@ unsigned int float64_to_uint32_round_to_zero( float64 a 
STATUS_PARAM )
 return res;
 }
 
+unsigned int float64_to_uint16_round_to_zero( float64 a STATUS_PARAM )
+{
+int64_t v;
+unsigned int res;
+
+v = float64_to_int64_round_to_zero(a STATUS_VAR);
+if (v < 0) {
+res = 0;
+float_raise( float_flag_invalid STATUS_VAR);
+} else if (v > 0x) {
+res = 0x;
+float_raise( f

[Qemu-devel] [PATCH 09/12] ARM: Ignore top 16 bits when doing VCVT from 16 bit fixed point

[Peter Maydell]

VCVT of 16 bit fixed point to float should ignore the top 16 bits
of the source register. Cast to int16_t and friends rather than
int16 -- the former is guaranteed exactly 16 bits wide where the
latter is merely at least 16 bits wide (and so is usually 32 bits).

Signed-off-by: Peter Maydell 
---
 target-arm/helper.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 356715c..6a891da 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2556,7 +2556,7 @@ float32 VFP_HELPER(fcvts, d)(float64 x, CPUState *env)
 ftype VFP_HELPER(name##to, p)(ftype x, uint32_t shift, CPUState *env) \
 { \
 ftype tmp; \
-tmp = sign##int32_to_##ftype ((itype)vfp_##p##toi(x), \
+tmp = sign##int32_to_##ftype ((itype##_t)vfp_##p##toi(x), \
   &env->vfp.fp_status); \
 return ftype##_scalbn(tmp, -(int)shift, &env->vfp.fp_status); \
 } \
-- 
1.6.3.3

[Qemu-devel] [PATCH 03/12] target-arm: Handle 'smc' as an undefined instruction

[Peter Maydell]

From: Adam Lackorzynski 

Refine check on bkpt so that smc and undefined instruction encodings are
handled as an undefined instruction and trap.

Signed-off-by: Adam Lackorzynski 
Signed-off-by: Peter Maydell 
---
 target-arm/translate.c |9 -
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 947de6d..bf1e643 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -6346,7 +6346,14 @@ static void disas_arm_insn(CPUState * env, DisasContext 
*s)
 dead_tmp(tmp2);
 store_reg(s, rd, tmp);
 break;
-case 7: /* bkpt */
+case 7:
+/* SMC instruction (op1 == 3)
+   and undefined instructions (op1 == 0 || op1 == 2)
+   will trap */
+if (op1 != 1) {
+goto illegal_op;
+}
+/* bkpt */
 gen_set_condexec(s);
 gen_set_pc_im(s->pc - 4);
 gen_exception(EXCP_BKPT);
-- 
1.6.3.3

[Qemu-devel] [PATCH 02/12] target-arm: Fix mixup in decoding of saturating add and sub

[Peter Maydell]

From: Johan Bengtsson 

The thumb2 decoder contained a mixup between the bit controlling
doubling and the bit controlling if the operation was an add or a sub.

Signed-off-by: Johan Bengtsson 
Signed-off-by: Peter Maydell 
---
 target-arm/translate.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 183928b..947de6d 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7713,9 +7713,9 @@ static int disas_thumb2_insn(CPUState *env, DisasContext 
*s, uint16_t insn_hw1)
 /* Saturating add/subtract.  */
 tmp = load_reg(s, rn);
 tmp2 = load_reg(s, rm);
-if (op & 2)
-gen_helper_double_saturate(tmp, tmp);
 if (op & 1)
+gen_helper_double_saturate(tmp, tmp);
+if (op & 2)
 gen_helper_sub_saturate(tmp, tmp2, tmp);
 else
 gen_helper_add_saturate(tmp, tmp, tmp2);
-- 
1.6.3.3

[Qemu-devel] [PATCH 08/12] ARM: Return correct result for single<->double conversion of NaN

[Peter Maydell]

The ARM ARM defines that if the input to a single<->double conversion
is a NaN then the output is always forced to be a quiet NaN by setting
the most significant bit of the fraction part.

Signed-off-by: Peter Maydell 
---
 target-arm/helper.c |   18 --
 1 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 72ba314..356715c 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2529,12 +2529,26 @@ float32 VFP_HELPER(tosiz, d)(float64 x, CPUState *env)
 /* floating point conversion */
 float64 VFP_HELPER(fcvtd, s)(float32 x, CPUState *env)
 {
-return float32_to_float64(x, &env->vfp.fp_status);
+float64 r = float32_to_float64(x, &env->vfp.fp_status);
+/* ARM requires that S<->D conversion of any kind of NaN generates
+ * a quiet NaN by forcing the most significant frac bit to 1.
+ */
+if (float64_is_signaling_nan(r)) {
+return make_float64(float64_val(r) | (1LL << 51));
+}
+return r;
 }
 
 float32 VFP_HELPER(fcvts, d)(float64 x, CPUState *env)
 {
-return float64_to_float32(x, &env->vfp.fp_status);
+float32 r =  float64_to_float32(x, &env->vfp.fp_status);
+/* ARM requires that S<->D conversion of any kind of NaN generates
+ * a quiet NaN by forcing the most significant frac bit to 1.
+ */
+if (float32_is_signaling_nan(r)) {
+return make_float32(float32_val(r) | (1 << 22));
+}
+return r;
 }
 
 /* VFP3 fixed point conversion.  */
-- 
1.6.3.3

[Qemu-devel] [PATCH 01/12] target-arm: Add support for PKHxx in thumb2

[Peter Maydell]

From: Johan Bengtsson 

The PKHxx instructions were not recognized by the thumb2 decoder. The
solution provided in this changeset is identical to the arm-mode
implementation.

Signed-off-by: Johan Bengtsson 
Signed-off-by: Peter Maydell 
---
 target-arm/translate.c |   63 ++-
 1 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 99464ab..183928b 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -7601,27 +7601,54 @@ static int disas_thumb2_insn(CPUState *env, 
DisasContext *s, uint16_t insn_hw1)
 }
 }
 break;
-case 5: /* Data processing register constant shift.  */
-if (rn == 15) {
-tmp = new_tmp();
-tcg_gen_movi_i32(tmp, 0);
-} else {
-tmp = load_reg(s, rn);
-}
-tmp2 = load_reg(s, rm);
+case 5:
+
 op = (insn >> 21) & 0xf;
-shiftop = (insn >> 4) & 3;
-shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
-conds = (insn & (1 << 20)) != 0;
-logic_cc = (conds && thumb2_logic_op(op));
-gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
-if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2))
-goto illegal_op;
-dead_tmp(tmp2);
-if (rd != 15) {
+if (op == 6) {
+/* Halfword pack.  */
+tmp = load_reg(s, rn);
+tmp2 = load_reg(s, rm);
+shift = ((insn >> 10) & 0x1c) | ((insn >> 6) & 0x3);
+if (insn & (1 << 5)) {
+/* pkhtb */
+if (shift == 0)
+shift = 31;
+tcg_gen_sari_i32(tmp2, tmp2, shift);
+tcg_gen_andi_i32(tmp, tmp, 0x);
+tcg_gen_ext16u_i32(tmp2, tmp2);
+} else {
+/* pkhbt */
+if (shift)
+tcg_gen_shli_i32(tmp2, tmp2, shift);
+tcg_gen_ext16u_i32(tmp, tmp);
+tcg_gen_andi_i32(tmp2, tmp2, 0x);
+}
+tcg_gen_or_i32(tmp, tmp, tmp2);
+dead_tmp(tmp2);
 store_reg(s, rd, tmp);
 } else {
-dead_tmp(tmp);
+/* Data processing register constant shift.  */
+if (rn == 15) {
+tmp = new_tmp();
+tcg_gen_movi_i32(tmp, 0);
+} else {
+tmp = load_reg(s, rn);
+}
+tmp2 = load_reg(s, rm);
+
+shiftop = (insn >> 4) & 3;
+shift = ((insn >> 6) & 3) | ((insn >> 10) & 0x1c);
+conds = (insn & (1 << 20)) != 0;
+logic_cc = (conds && thumb2_logic_op(op));
+gen_arm_shift_im(tmp2, shiftop, shift, logic_cc);
+if (gen_thumb2_data_op(s, op, conds, 0, tmp, tmp2))
+goto illegal_op;
+dead_tmp(tmp2);
+if (rd != 15) {
+store_reg(s, rd, tmp);
+} else {
+dead_tmp(tmp);
+}
 }
 break;
 case 13: /* Misc data processing.  */
-- 
1.6.3.3

[Qemu-devel] [PATCH 06/12] ARM: Fix sense of to_integer bit in Neon VCVT float/int conversion

[Peter Maydell]

Signed-off-by: Peter Maydell 
---
 target-arm/translate.c |8 
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 6c19f97..f018653 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -5664,16 +5664,16 @@ static int disas_neon_data_insn(CPUState * env, 
DisasContext *s, uint32_t insn)
 gen_helper_rsqrte_f32(cpu_F0s, cpu_F0s, cpu_env);
 break;
 case 60: /* VCVT.F32.S32 */
-gen_vfp_tosiz(0);
+gen_vfp_sito(0);
 break;
 case 61: /* VCVT.F32.U32 */
-gen_vfp_touiz(0);
+gen_vfp_uito(0);
 break;
 case 62: /* VCVT.S32.F32 */
-gen_vfp_sito(0);
+gen_vfp_tosiz(0);
 break;
 case 63: /* VCVT.U32.F32 */
-gen_vfp_uito(0);
+gen_vfp_touiz(0);
 break;
 default:
 /* Reserved: 21, 29, 39-56 */
-- 
1.6.3.3

[Qemu-devel] [PATCH 07/12] ARM: Return correct result for float-to-integer conversion of NaN

[Peter Maydell]

The ARM architecture mandates that converting a NaN value to
integer gives zero (if Invalid Operation FP exceptions are
not being trapped). This isn't the behaviour of the SoftFloat
library, so NaNs must be special-cased.

Signed-off-by: Peter Maydell 
---
 target-arm/helper.c |   44 
 1 files changed, 44 insertions(+), 0 deletions(-)

diff --git a/target-arm/helper.c b/target-arm/helper.c
index 996d40d..72ba314 100644
--- a/target-arm/helper.c
+++ b/target-arm/helper.c
@@ -2445,43 +2445,84 @@ float64 VFP_HELPER(sito, d)(float32 x, CPUState *env)
 }
 
 /* Float to integer conversion.  */
+
+/* Helper routines to identify NaNs. Note that softfloat's
+ * floatxx_is_nan() actually only returns true for quiet NaNs.
+ * A NaN has an exponent field all 1s and a fraction field
+ * anything except all zeros. Conveniently we can detect this
+ * by masking out the sign bit and doing an unsigned comparison.
+ */
+static int float32_is_any_nan(float32 x)
+{
+return ((float32_val(x) & ~(1 << 31)) > 0x7f80UL);
+}
+
+static int float64_is_any_nan(float64 x)
+{
+return ((float64_val(x) & ~(1ULL << 63)) > 0x7ff0ULL);
+}
+
 float32 VFP_HELPER(toui, s)(float32 x, CPUState *env)
 {
+if (float32_is_any_nan(x)) {
+return float32_zero;
+}
 return vfp_itos(float32_to_uint32(x, &env->vfp.fp_status));
 }
 
 float32 VFP_HELPER(toui, d)(float64 x, CPUState *env)
 {
+if (float64_is_any_nan(x)) {
+return float32_zero;
+}
 return vfp_itos(float64_to_uint32(x, &env->vfp.fp_status));
 }
 
 float32 VFP_HELPER(tosi, s)(float32 x, CPUState *env)
 {
+if (float32_is_any_nan(x)) {
+return float32_zero;
+}
 return vfp_itos(float32_to_int32(x, &env->vfp.fp_status));
 }
 
 float32 VFP_HELPER(tosi, d)(float64 x, CPUState *env)
 {
+if (float64_is_any_nan(x)) {
+return float32_zero;
+}
 return vfp_itos(float64_to_int32(x, &env->vfp.fp_status));
 }
 
 float32 VFP_HELPER(touiz, s)(float32 x, CPUState *env)
 {
+if (float32_is_any_nan(x)) {
+return float32_zero;
+}
 return vfp_itos(float32_to_uint32_round_to_zero(x, &env->vfp.fp_status));
 }
 
 float32 VFP_HELPER(touiz, d)(float64 x, CPUState *env)
 {
+if (float64_is_any_nan(x)) {
+return float32_zero;
+}
 return vfp_itos(float64_to_uint32_round_to_zero(x, &env->vfp.fp_status));
 }
 
 float32 VFP_HELPER(tosiz, s)(float32 x, CPUState *env)
 {
+if (float32_is_any_nan(x)) {
+return float32_zero;
+}
 return vfp_itos(float32_to_int32_round_to_zero(x, &env->vfp.fp_status));
 }
 
 float32 VFP_HELPER(tosiz, d)(float64 x, CPUState *env)
 {
+if (float64_is_any_nan(x)) {
+return float32_zero;
+}
 return vfp_itos(float64_to_int32_round_to_zero(x, &env->vfp.fp_status));
 }
 
@@ -2508,6 +2549,9 @@ ftype VFP_HELPER(name##to, p)(ftype x, uint32_t shift, 
CPUState *env) \
 ftype VFP_HELPER(to##name, p)(ftype x, uint32_t shift, CPUState *env) \
 { \
 ftype tmp; \
+if (ftype##_is_any_nan(x)) { \
+return ftype##_zero; \
+} \
 tmp = ftype##_scalbn(x, shift, &env->vfp.fp_status); \
 return vfp_ito##p((itype)ftype##_to_##sign##int32_round_to_zero(tmp, \
 &env->vfp.fp_status)); \
-- 
1.6.3.3

Re: [Qemu-devel] [Bug 427612] Re: kvm sends caps lock key up event twice

[Stefan Weil]

Am 23.11.2010 01:42, schrieb Benjamin Drung:

Attached the patch for qemu-kvm 0.13. This patch is tested on natty with
qemu-kvm 0.13.0+noroms-0ubuntu7 and the German and NEO2 keyboard layout.

** Patch added: "caps-lock-key-up-event.patch"
https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/427612/+attachment/1742131/+files/caps-lock-key-up-event.patch

** Changed in: qemu
Status: Invalid => New



The patch might fix part of the problem, but there remain more issues:

* SDL also sends an SDL_KEYUP event for caps lock when the
  environment variable SDL_DISABLE_LOCK_KEYS is set.
  This mode is very useful but currently unsupported by qemu/kvm.

* Num lock and caps lock are handled in a similar way by SDL.
  The patch only handles caps lock. Maybe this is less important
  because keyboard layouts which remap num lock are rare
  (I don't know any).

* The keyboard status LEDs and the qemu client's keyboard status
  can become unsynchronized if the input focus changes from qemu
  to other applications.

Regards,

Stefan Weil

Re: [Qemu-devel] [PATCH 08/11] ahci: add ahci emulation

[Blue Swirl]

On Tue, Nov 23, 2010 at 1:48 PM, Alexander Graf  wrote:
>
> On 21.11.2010, at 13:54, Blue Swirl wrote:
>
>> On Fri, Nov 19, 2010 at 2:56 AM, Alexander Graf  wrote:
>>>
>>> +typedef struct AHCIControlRegs {
>>> +    uint32_t    cap;
>>> +    uint32_t    ghc;
>>> +    uint32_t    irqstatus;
>>> +    uint32_t    impl;
>>> +    uint32_t    version;
>>> +} __attribute__ ((packed)) AHCIControlRegs;
>>
>> Why packed? These are used in native endian, so I'd let the compiler
>> pick the best layout. Also in other structs.
>
> Packed doesn't have too much to do with endianness, but gaps in the struct. 
> The reason I made these packed is that I casted the struct to an uint32_t 
> array and didn't want to have gaps there later on.
>
> I changed that for the next version though to have explicit setters for each 
> field, so we don't need it here anymore.
>
>>
>>> +
>>> +typedef struct AHCIPortRegs {
>>> +    uint32_t    lst_addr;
>>> +    uint32_t    lst_addr_hi;
>>> +    uint32_t    fis_addr;
>>> +    uint32_t    fis_addr_hi;
>>> +    uint32_t    irq_stat;
>>> +    uint32_t    irq_mask;
>>> +    uint32_t    cmd;
>>> +    uint32_t    unused0;
>>> +    uint32_t    tfdata;
>>> +    uint32_t    sig;
>>> +    uint32_t    scr_stat;
>>> +    uint32_t    scr_ctl;
>>> +    uint32_t    scr_err;
>>> +    uint32_t    scr_act;
>>> +    uint32_t    cmd_issue;
>>> +    uint32_t    reserved;
>>> +} __attribute__ ((packed)) AHCIPortRegs;
>
> Same as above for this one. I also changed it.
>
>>> +
>>> +typedef struct AHCICmdHdr {
>>> +    uint32_t    opts;
>>> +    uint32_t    status;
>>> +    uint64_t    tbl_addr;
>>> +    uint32_t    reserved[4];
>>> +} __attribute__ ((packed)) AHCICmdHdr;
>
> These have to be packed. We cast guest ram regions to this struct and then do 
> leXX_to_cpu() on that variable to make sure we take host endianness into 
> account. That's faster than going through the mapping logic for every single 
> word. And yes, they're always LE in ram :).

That's OK.

>>> +
>>> +typedef struct AHCI_SG {
>>> +    uint32_t    addr;
>>> +    uint32_t    addr_hi;
>>> +    uint32_t    reserved;
>>> +    uint32_t    flags_size;
>>> +} __attribute__ ((packed)) AHCI_SG;
>>> +
>>> +typedef struct AHCIDevice AHCIDevice;
>>> +
>>> +typedef struct NCQTransferState {
>>> +    AHCIDevice *drive;
>>> +    QEMUSGList sglist;
>>> +    int is_read;
>>> +    uint16_t sector_count;
>>> +    uint64_t lba;
>>> +    uint8_t tag;
>>> +    int slot;
>>> +    int used;
>>> +} NCQTransferState;
>>> +
>>> +struct AHCIDevice {
>>> +    IDEBus port;
>>> +    BMDMAState bmdma;
>>> +    int port_no;
>>> +    uint32_t port_state;
>>> +    uint32_t finished;
>>> +    AHCIPortRegs port_regs;
>>> +    struct AHCIState *hba;
>>> +    uint8_t *lst;
>>> +    uint8_t *res_fis;
>>> +    uint8_t *cmd_fis;
>>> +    int cmd_fis_len;
>>> +    AHCICmdHdr *cur_cmd;
>>> +    NCQTransferState ncq_tfs[AHCI_MAX_CMDS];
>>> +};
>>> +
>>> +typedef struct AHCIState {
>>> +    AHCIDevice dev[SATA_PORTS];
>>> +    AHCIControlRegs control_regs;
>>> +    int mem;
>>> +    qemu_irq irq;
>>> +} AHCIState;
>>> +
>>> +typedef struct AHCIPciState {
>>
>> AHCIPCIState.
>>
>>> +    PCIDevice card;
>>> +    AHCIState ahci;
>>> +} AHCIPciState;
>>> +
>>> +typedef struct H2D_NCQ_FIS {
>>
>> This is not named according to CODING_STYLE. How about a more
>> descriptive name which is not full of acronyms?
>
> I'm open for suggestions. It's the "Host to Device Native Command Queue Frame 
> Information Structure". I changed it to H2dNcqFis for now.

NCQFrame? Most of the words do not seem very interesting.

Re: [Qemu-devel] [PATCH 10/12] config: Add header file for device config options

[Alexander Graf]

On 23.11.2010, at 20:21, Blue Swirl wrote:

> On Tue, Nov 23, 2010 at 2:34 PM, Alexander Graf  wrote:
>> So far we have C preprocessor defines for target and host config
>> options, but we're lacking any information on which devices are
>> available.
>> 
>> We do need that information at times though, for example in the
>> ahci patch where we need to call a legacy init function depending
>> on whether we have support compiled in or not.
>> 
>> So this patch makes all config-devices options available as header
>> file. Please only include it in machine description code!
> 
> How about including config-devices.h from hw/boards.h instead? On the
> downside, all targets will be recompiled when config-devices.h change,
> even if they don't have any device dependencies.

Not sure it makes sense to do this change this time around. If we can avoid 
dependency on device configuration, we should. So if we can limit the scope 
this is included in, it's good IMHO.

In fact, maybe the correct solution to the issue would be to move the legacy 
-drive instantiation to the -drive code, as it is already with virtio-blk. If 
used with -device and -drive ...,if=none the whole magic isn't necessary 
anyways.


Alex

Re: [Qemu-devel] [PATCH] qemu-kvm: response to SIGUSR1 to start/stop a VCPU (v2)

[Blue Swirl]

On Tue, Nov 23, 2010 at 4:49 PM, Anthony Liguori  wrote:
> qemu-kvm vcpu threads don't response to SIGSTOP/SIGCONT.  Instead of teaching
> them to respond to these signals (which cannot be trapped), use SIGUSR1 to
> approximate the behavior of SIGSTOP/SIGCONT.
>
> The purpose of this is to implement CPU hard limits using an external tool 
> that
> watches the CPU consumption and stops the VCPU as appropriate.
>
> This provides a more elegant solution in that it allows the VCPU thread to
> release qemu_mutex before going to sleep.
>
> This current implementation uses a single signal.  I think this is too racey
> in the long term so I think we should introduce a second signal.  If two 
> signals
> get coalesced into one, it could confuse the monitoring tool into giving the
> VCPU the inverse of it's entitlement.
>
> It might be better to simply move this logic entirely into QEMU to make this
> more robust--the question is whether we think this is a good long term feature
> to carry in QEMU?

> +static __thread int sigusr1_wfd;

While OpenBSD finally updated the default compiler to 4.2.1 from 3.x
series, thread local storage is still not supported:

$ cat thread.c
static __thread int sigusr1_wfd;
$ gcc thread.c -c
thread.c:1: error: thread-local storage not supported for this target
$ gcc -v
Reading specs from /usr/lib/gcc-lib/sparc64-unknown-openbsd4.8/4.2.1/specs
Target: sparc64-unknown-openbsd4.8
Configured with: OpenBSD/sparc64 system compiler
Thread model: posix
gcc version 4.2.1 20070719

[Qemu-devel] [PATCH V7 00/15] Xen device model support

[anthony . perard]

From: Anthony PERARD 

Hi all,

Here is the V7 of the patch series that adds Xen device model support in QEMU.

The change made on it since the v6:
  - I introduce a patch from Alexander Graf to add a generic layer for the Xen 
calls.
  - So compatibility support have been transformed from macros to function.
  - Now, xenfv machine uses a new field default_machine_opts to specify that 
Xen will be use.
  - in xen_init, xen_mode is override to XEN_ATTACH if it was XEN_EMULATE.


You can find a git tree here:

git://xenbits.xen.org/people/aperard/qemu-dm.git qemu-dm-v7

Alexander Graf (1):
  xen: Add a generic layer for xc calls

Anthony PERARD (11):
  xen: Replace some tab-indents with spaces (clean-up).
  xen: Support new libxc calls from xen unstable.
  xen: Add xen_machine_fv
  xen: Add initialisation of Xen
  piix_pci: Introduces Xen specific call for irq.
  xen: add a 8259 Interrupt Controller
  configure: Always use 64bits target physical addresses with xen
enabled.
  Introduce qemu_ram_ptr_unlock.
  vl.c: Introduce getter for shutdown_requested and reset_requested.
  xen: Set running state in xenstore.
  acpi-piix4: Add Xen hypercall for sleep state.

Arun Sharma (1):
  xen: Initialize event channels and io rings

Jun Nakajima (1):
  xen: Introduce the Xen mapcache

Steven Smith (1):
  xen: Add the Xen platform pci device

 Makefile.target  |   13 ++
 configure|   73 ++-
 cpu-common.h |1 +
 exec.c   |   50 -
 hw/acpi_piix4.c  |4 +
 hw/hw.h  |3 +
 hw/pci_ids.h |2 +
 hw/piix_pci.c|   28 +++-
 hw/xen.h |   34 +++
 hw/xen_backend.c |  314 ++--
 hw/xen_backend.h |3 +-
 hw/xen_common.h  |   44 +++--
 hw/xen_disk.c|  414 ++--
 hw/xen_domainbuild.c |2 +-
 hw/xen_interfaces.c  |  188 
 hw/xen_interfaces.h  |  116 ++
 hw/xen_machine_fv.c  |  160 ++
 hw/xen_nic.c |  230 ++--
 hw/xen_platform.c|  426 +
 hw/xen_platform.h|8 +
 hw/xen_redirect.h|   58 +
 sysemu.h |2 +
 vl.c |   12 +
 xen-all.c|  577 ++
 xen-mapcache-stub.c  |   33 +++
 xen-mapcache.c   |  335 +
 xen-mapcache.h   |   14 ++
 xen-stub.c   |   38 
 28 files changed, 2679 insertions(+), 503 deletions(-)
 create mode 100644 hw/xen_interfaces.c
 create mode 100644 hw/xen_interfaces.h
 create mode 100644 hw/xen_machine_fv.c
 create mode 100644 hw/xen_platform.c
 create mode 100644 hw/xen_platform.h
 create mode 100644 hw/xen_redirect.h
 create mode 100644 xen-all.c
 create mode 100644 xen-mapcache-stub.c
 create mode 100644 xen-mapcache.c
 create mode 100644 xen-mapcache.h
 create mode 100644 xen-stub.c

-- 
Anthony PERARD

[Qemu-devel] [PATCH V7 06/15] xen: Add the Xen platform pci device

[anthony . perard]

From: Steven Smith 

Introduce a new emulated PCI device, specific to fully virtualized Xen
guests.  The device is necessary for PV on HVM drivers to work.

Signed-off-by: Steven Smith 
Signed-off-by: Anthony PERARD 
Signed-off-by: Stefano Stabellini 
---
 Makefile.target |1 +
 hw/hw.h |3 +
 hw/pci_ids.h|2 +
 hw/xen_machine_fv.c |3 +
 hw/xen_platform.c   |  426 +++
 hw/xen_platform.h   |8 +
 6 files changed, 443 insertions(+), 0 deletions(-)
 create mode 100644 hw/xen_platform.c
 create mode 100644 hw/xen_platform.h

diff --git a/Makefile.target b/Makefile.target
index 526a225..a988822 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -214,6 +214,7 @@ obj-$(CONFIG_NO_XEN) += xen-stub.o
 
 # xen full virtualized machine
 obj-i386-$(CONFIG_XEN) += xen_machine_fv.o
+obj-i386-$(CONFIG_XEN) += xen_platform.o
 
 # USB layer
 obj-$(CONFIG_USB_OHCI) += usb-ohci.o
diff --git a/hw/hw.h b/hw/hw.h
index 9d2cfc2..d632a7f 100644
--- a/hw/hw.h
+++ b/hw/hw.h
@@ -661,6 +661,9 @@ extern const VMStateDescription vmstate_i2c_slave;
 #define VMSTATE_INT32_LE(_f, _s)   \
 VMSTATE_SINGLE(_f, _s, 0, vmstate_info_int32_le, int32_t)
 
+#define VMSTATE_UINT8_TEST(_f, _s, _t)   \
+VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_info_uint8, uint8_t)
+
 #define VMSTATE_UINT16_TEST(_f, _s, _t)   \
 VMSTATE_SINGLE_TEST(_f, _s, _t, 0, vmstate_info_uint16, uint16_t)
 
diff --git a/hw/pci_ids.h b/hw/pci_ids.h
index 82cba7e..2a0f8c0 100644
--- a/hw/pci_ids.h
+++ b/hw/pci_ids.h
@@ -107,3 +107,5 @@
 #define PCI_DEVICE_ID_INTEL_82371AB  0x7111
 #define PCI_DEVICE_ID_INTEL_82371AB_20x7112
 #define PCI_DEVICE_ID_INTEL_82371AB_30x7113
+
+#define PCI_VENDOR_ID_XENSOURCE  0x5853
diff --git a/hw/xen_machine_fv.c b/hw/xen_machine_fv.c
index 7cbbe83..054c02f 100644
--- a/hw/xen_machine_fv.c
+++ b/hw/xen_machine_fv.c
@@ -35,6 +35,7 @@
 
 #include "xen_common.h"
 #include "xen/hvm/hvm_info_table.h"
+#include "xen_platform.h"
 
 #define MAX_IDE_BUS 2
 
@@ -88,6 +89,8 @@ static void xen_init_fv(ram_addr_t ram_size,
 
 pc_vga_init(pci_bus);
 
+pci_xen_platform_init(pci_bus);
+
 /* init basic PC hardware */
 pc_basic_device_init(isa_irq, &floppy_controller, &rtc_state);
 
diff --git a/hw/xen_platform.c b/hw/xen_platform.c
new file mode 100644
index 000..cfd1e0d
--- /dev/null
+++ b/hw/xen_platform.c
@@ -0,0 +1,426 @@
+/*
+ * XEN platform pci device, formerly known as the event channel device
+ *
+ * Copyright (c) 2003-2004 Intel Corp.
+ * Copyright (c) 2006 XenSource
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw.h"
+#include "pc.h"
+#include "pci.h"
+#include "irq.h"
+#include "xen_common.h"
+#include "net.h"
+#include "xen_platform.h"
+#include "xen_backend.h"
+#include "qemu-log.h"
+#include "rwhandler.h"
+
+#include 
+#include 
+
+//#define DEBUG_PLATFORM
+
+#ifdef DEBUG_PLATFORM
+#define DPRINTF(fmt, ...) do { \
+fprintf(stderr, "xen_platform: " fmt, ## __VA_ARGS__); \
+} while (0)
+#else
+#define DPRINTF(fmt, ...) do { } while (0)
+#endif
+
+#define PFFLAG_ROM_LOCK 1 /* Sets whether ROM memory area is RW or RO */
+
+typedef struct PCIXenPlatformState {
+PCIDevice  pci_dev;
+uint8_t flags; /* used only for version_id == 2 */
+int drivers_blacklisted;
+uint16_t driver_product_version;
+
+/* Log from guest drivers */
+int throttling_disabled;
+char log_buffer[4096];
+int log_buffer_off;
+} PCIXenPlatformState;
+
+#define XEN_PLATFORM_IOPORT 0x10
+
+/* We throttle access to dom0 syslog, to avoid DOS attacks.  This is
+   modelled as a token bucket, with one token for every byte of log.
+   The bucket size is 128KB (->1024 lines of 128 bytes each) and
+   refills at 256B/s.  It starts full.  The guest is blocked if no
+   tokens are available when 

[Qemu-devel] [PATCH V7 01/15] xen: Replace some tab-indents with spaces (clean-up).

[anthony . perard]

From: Anthony PERARD 

Signed-off-by: Anthony PERARD 
---
 hw/xen_backend.c |  308 
 hw/xen_disk.c|  412 +++---
 hw/xen_nic.c |  222 +++---
 3 files changed, 471 insertions(+), 471 deletions(-)

diff --git a/hw/xen_backend.c b/hw/xen_backend.c
index a2e408f..860b038 100644
--- a/hw/xen_backend.c
+++ b/hw/xen_backend.c
@@ -59,7 +59,7 @@ int xenstore_write_str(const char *base, const char *node, 
const char *val)
 
 snprintf(abspath, sizeof(abspath), "%s/%s", base, node);
 if (!xs_write(xenstore, 0, abspath, val, strlen(val)))
-   return -1;
+return -1;
 return 0;
 }
 
@@ -95,7 +95,7 @@ int xenstore_read_int(const char *base, const char *node, int 
*ival)
 
 val = xenstore_read_str(base, node);
 if (val && 1 == sscanf(val, "%d", ival))
-   rc = 0;
+rc = 0;
 qemu_free(val);
 return rc;
 }
@@ -134,16 +134,16 @@ int xenstore_read_fe_int(struct XenDevice *xendev, const 
char *node, int *ival)
 
 const char *xenbus_strstate(enum xenbus_state state)
 {
-   static const char *const name[] = {
-   [ XenbusStateUnknown  ] = "Unknown",
-   [ XenbusStateInitialising ] = "Initialising",
-   [ XenbusStateInitWait ] = "InitWait",
-   [ XenbusStateInitialised  ] = "Initialised",
-   [ XenbusStateConnected] = "Connected",
-   [ XenbusStateClosing  ] = "Closing",
-   [ XenbusStateClosed   ] = "Closed",
-   };
-   return (state < ARRAY_SIZE(name)) ? name[state] : "INVALID";
+static const char *const name[] = {
+[ XenbusStateUnknown  ] = "Unknown",
+[ XenbusStateInitialising ] = "Initialising",
+[ XenbusStateInitWait ] = "InitWait",
+[ XenbusStateInitialised  ] = "Initialised",
+[ XenbusStateConnected] = "Connected",
+[ XenbusStateClosing  ] = "Closing",
+[ XenbusStateClosed   ] = "Closed",
+};
+return (state < ARRAY_SIZE(name)) ? name[state] : "INVALID";
 }
 
 int xen_be_set_state(struct XenDevice *xendev, enum xenbus_state state)
@@ -152,9 +152,9 @@ int xen_be_set_state(struct XenDevice *xendev, enum 
xenbus_state state)
 
 rc = xenstore_write_be_int(xendev, "state", state);
 if (rc < 0)
-   return rc;
+return rc;
 xen_be_printf(xendev, 1, "backend state: %s -> %s\n",
- xenbus_strstate(xendev->be_state), xenbus_strstate(state));
+  xenbus_strstate(xendev->be_state), xenbus_strstate(state));
 xendev->be_state = state;
 return 0;
 }
@@ -166,13 +166,13 @@ struct XenDevice *xen_be_find_xendev(const char *type, 
int dom, int dev)
 struct XenDevice *xendev;
 
 QTAILQ_FOREACH(xendev, &xendevs, next) {
-   if (xendev->dom != dom)
-   continue;
-   if (xendev->dev != dev)
-   continue;
-   if (strcmp(xendev->type, type) != 0)
-   continue;
-   return xendev;
+if (xendev->dom != dom)
+continue;
+if (xendev->dev != dev)
+continue;
+if (strcmp(xendev->type, type) != 0)
+continue;
+return xendev;
 }
 return NULL;
 }
@@ -188,7 +188,7 @@ static struct XenDevice *xen_be_get_xendev(const char 
*type, int dom, int dev,
 
 xendev = xen_be_find_xendev(type, dom, dev);
 if (xendev)
-   return xendev;
+return xendev;
 
 /* init new xendev */
 xendev = qemu_mallocz(ops->size);
@@ -199,9 +199,9 @@ static struct XenDevice *xen_be_get_xendev(const char 
*type, int dom, int dev,
 
 dom0 = xs_get_domain_path(xenstore, 0);
 snprintf(xendev->be, sizeof(xendev->be), "%s/backend/%s/%d/%d",
-dom0, xendev->type, xendev->dom, xendev->dev);
+ dom0, xendev->type, xendev->dom, xendev->dev);
 snprintf(xendev->name, sizeof(xendev->name), "%s-%d",
-xendev->type, xendev->dev);
+ xendev->type, xendev->dev);
 free(dom0);
 
 xendev->debug  = debug;
@@ -209,28 +209,28 @@ static struct XenDevice *xen_be_get_xendev(const char 
*type, int dom, int dev,
 
 xendev->evtchndev = xc_evtchn_open();
 if (xendev->evtchndev < 0) {
-   xen_be_printf(NULL, 0, "can't open evtchn device\n");
-   qemu_free(xendev);
-   return NULL;
+xen_be_printf(NULL, 0, "can't open evtchn device\n");
+qemu_free(xendev);
+return NULL;
 }
 fcntl(xc_evtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
 
 if (ops->flags & DEVOPS_FLAG_NEED_GNTDEV) {
-   xendev->gnttabdev = xc_gnttab_open();
-   if (xendev->gnttabdev < 0) {
-   xen_be_printf(NULL, 0, "can't open gnttab device\n");
-   xc_evtchn_close(xendev->evtchndev);
-   qemu_free(xendev);
-   return NULL;
-   }
+xendev->gnttabdev = xc_gnttab_open();
+if (xendev->gnttabdev < 0) {
+ 

[Qemu-devel] [PATCH V7 02/15] xen: Add a generic layer for xc calls

[anthony . perard]

From: Alexander Graf 

This patch adds a generic layer for xc calls, allowing us to choose between the
xenner and xen implementations at runtime.

Signed-off-by: Alexander Graf 
Signed-off-by: Anthony PERARD 
---
 hw/xen_interfaces.c |  100 +
 hw/xen_interfaces.h |  104 +++
 hw/xen_redirect.h   |   56 +++
 3 files changed, 260 insertions(+), 0 deletions(-)
 create mode 100644 hw/xen_interfaces.c
 create mode 100644 hw/xen_interfaces.h
 create mode 100644 hw/xen_redirect.h

diff --git a/hw/xen_interfaces.c b/hw/xen_interfaces.c
new file mode 100644
index 000..09f40e0
--- /dev/null
+++ b/hw/xen_interfaces.c
@@ -0,0 +1,100 @@
+#include 
+#include 
+
+#include "hw.h"
+#include "xen.h"
+#include "xen_interfaces.h"
+
+#ifdef CONFIG_XEN
+
+static int xc_evtchn_domid(int handle, int domid)
+{
+return -1;
+}
+
+static struct XenEvtOps xc_evtchn_xen = {
+.open   = xc_evtchn_open,
+.domid  = xc_evtchn_domid,
+.close  = xc_evtchn_close,
+.fd = xc_evtchn_fd,
+.notify = xc_evtchn_notify,
+.bind_unbound_port  = xc_evtchn_bind_unbound_port,
+.bind_interdomain   = xc_evtchn_bind_interdomain,
+.bind_virq  = xc_evtchn_bind_virq,
+.unbind = xc_evtchn_unbind,
+.pending= xc_evtchn_pending,
+.unmask = xc_evtchn_unmask,
+};
+
+static int xs_domid(struct xs_handle *h, int domid)
+{
+return -1;
+}
+
+static struct XenStoreOps xs_xen = {
+.daemon_open   = xs_daemon_open,
+.domain_open   = xs_domain_open,
+.daemon_open_readonly  = xs_daemon_open_readonly,
+.domid = xs_domid,
+.daemon_close  = xs_daemon_close,
+.directory = xs_directory,
+.read  = xs_read,
+.write = xs_write,
+.mkdir = xs_mkdir,
+.rm= xs_rm,
+.get_permissions   = xs_get_permissions,
+.set_permissions   = xs_set_permissions,
+.watch = xs_watch,
+.fileno= xs_fileno,
+.read_watch= xs_read_watch,
+.unwatch   = xs_unwatch,
+.transaction_start = xs_transaction_start,
+.transaction_end   = xs_transaction_end,
+.introduce_domain  = xs_introduce_domain,
+.resume_domain = xs_resume_domain,
+.release_domain= xs_release_domain,
+.get_domain_path   = xs_get_domain_path,
+.is_domain_introduced  = xs_is_domain_introduced,
+};
+
+static struct XenGnttabOps xc_gnttab_xen = {
+.open= xc_gnttab_open,
+.close   = xc_gnttab_close,
+.map_grant_ref   = xc_gnttab_map_grant_ref,
+.map_grant_refs  = xc_gnttab_map_grant_refs,
+.munmap  = xc_gnttab_munmap,
+};
+
+struct XenIfOps xc_xen = {
+.interface_open = xc_interface_open,
+.interface_close= xc_interface_close,
+.map_foreign_range  = xc_map_foreign_range,
+.map_foreign_pages  = xc_map_foreign_pages,
+.map_foreign_bulk   = xc_map_foreign_bulk,
+};
+
+#endif
+
+struct XenEvtOps xc_evtchn;
+struct XenGnttabOps xc_gnttab;
+struct XenIfOps xc;
+struct XenStoreOps xs;
+
+void xen_interfaces_init(void)
+{
+switch (xen_mode) {
+#ifdef CONFIG_XEN
+case XEN_ATTACH:
+case XEN_CREATE:
+xc_evtchn = xc_evtchn_xen;
+xc_gnttab = xc_gnttab_xen;
+xc= xc_xen;
+xs= xs_xen;
+break;
+#endif
+default:
+fprintf(stderr, "ERROR: Compiled without %s support, sorry.\n",
+xen_mode == XEN_EMULATE ? "xenner" : "Xen");
+exit(1);
+}
+}
diff --git a/hw/xen_interfaces.h b/hw/xen_interfaces.h
new file mode 100644
index 000..1086850
--- /dev/null
+++ b/hw/xen_interfaces.h
@@ -0,0 +1,104 @@
+#ifndef QEMU_HW_XEN_INTERFACES_H
+#define QEMU_HW_XEN_INTERFACES_H 1
+
+#include 
+#include 
+
+/* - */
+/* xen event channel interface   */
+
+struct XenEvtOps {
+int (*open)(void);
+int (*domid)(int xce_handle, int domid);
+int (*close)(int xce_handle);
+int (*fd)(int xce_handle);
+int (*notify)(int xce_handle, evtchn_port_t port);
+evtchn_port_or_error_t (*bind_unbound_port)(int xce_handle, int domid);
+evtchn_port_or_error_t (*bind_interdomain)(int xce_handle, int domid,
+   evtchn_port_t remote_port);
+evtchn_port_or_error_t (*bind_virq)(int xce_handle, unsigned int virq);
+int (*unbind)(int xce_handle, evtchn_port_t port);
+evtchn_port_or_error_t (*pending)(int xce_handle);
+int (*unmask)(int xce_handle, evtchn_port_t port);
+};
+extern struct XenEvtOps xc_evtchn;
+
+/* ---

Re: [Qemu-devel] [PATCH 10/12] config: Add header file for device config options

[Blue Swirl]

On Tue, Nov 23, 2010 at 2:34 PM, Alexander Graf  wrote:
> So far we have C preprocessor defines for target and host config
> options, but we're lacking any information on which devices are
> available.
>
> We do need that information at times though, for example in the
> ahci patch where we need to call a legacy init function depending
> on whether we have support compiled in or not.
>
> So this patch makes all config-devices options available as header
> file. Please only include it in machine description code!

How about including config-devices.h from hw/boards.h instead? On the
downside, all targets will be recompiled when config-devices.h change,
even if they don't have any device dependencies.

[Qemu-devel] [PATCH V7 10/15] configure: Always use 64bits target physical addresses with xen enabled.

[anthony . perard]

From: Anthony PERARD 

With MapCache, we can handle a 64b target, even with a 32b host/qemu.
So, we need to have target_phys_addr_t to 64bits.

Signed-off-by: Anthony PERARD 
---
 configure |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/configure b/configure
index 7625054..7688b20 100755
--- a/configure
+++ b/configure
@@ -2950,6 +2950,9 @@ case "$target_arch2" in
 exit 1
   ;;
 esac
+if test "$xen" = yes; then
+  target_phys_bits=64
+fi
 echo "TARGET_ARCH=$TARGET_ARCH" >> $config_target_mak
 target_arch_name="`echo $TARGET_ARCH | tr '[:lower:]' '[:upper:]'`"
 echo "TARGET_$target_arch_name=y" >> $config_target_mak
-- 
1.7.1

[Qemu-devel] [PATCH V7 05/15] xen: Add initialisation of Xen

[anthony . perard]

From: Anthony PERARD 

Signed-off-by: Anthony PERARD 
---
 Makefile.target |5 +
 hw/xen.h|   13 +
 vl.c|2 ++
 xen-all.c   |   29 +
 xen-stub.c  |   17 +
 5 files changed, 66 insertions(+), 0 deletions(-)
 create mode 100644 xen-all.c
 create mode 100644 xen-stub.c

diff --git a/Makefile.target b/Makefile.target
index ce8aa76..526a225 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -2,6 +2,7 @@
 
 GENERATED_HEADERS = config-target.h
 CONFIG_NO_KVM = $(if $(subst n,,$(CONFIG_KVM)),n,y)
+CONFIG_NO_XEN = $(if $(subst n,,$(CONFIG_XEN)),n,y)
 
 include ../config-host.mak
 include config-devices.mak
@@ -207,6 +208,10 @@ QEMU_CFLAGS += $(VNC_PNG_CFLAGS)
 obj-$(CONFIG_XEN) += xen_machine_pv.o xen_domainbuild.o
 obj-$(CONFIG_XEN) += xen_interfaces.o
 
+# xen support
+obj-$(CONFIG_XEN) += xen-all.o
+obj-$(CONFIG_NO_XEN) += xen-stub.o
+
 # xen full virtualized machine
 obj-i386-$(CONFIG_XEN) += xen_machine_fv.o
 
diff --git a/hw/xen.h b/hw/xen.h
index 780dcf7..183cbb5 100644
--- a/hw/xen.h
+++ b/hw/xen.h
@@ -18,4 +18,17 @@ enum xen_mode {
 extern uint32_t xen_domid;
 extern enum xen_mode xen_mode;
 
+extern int xen_allowed;
+
+static inline int xen_enabled(void)
+{
+#ifdef CONFIG_XEN
+return xen_allowed;
+#else
+return 0;
+#endif
+}
+
+int xen_init(int smp_cpus);
+
 #endif /* QEMU_HW_XEN_H */
diff --git a/vl.c b/vl.c
index 04e480c..955e579 100644
--- a/vl.c
+++ b/vl.c
@@ -245,6 +245,7 @@ static NotifierList exit_notifiers =
 
 static int tcg_allowed = 1;
 int kvm_allowed = 0;
+int xen_allowed = 0;
 uint32_t xen_domid;
 enum xen_mode xen_mode = XEN_EMULATE;
 
@@ -1741,6 +1742,7 @@ static struct {
 int *allowed;
 } accel_list[] = {
 { "tcg", "tcg", tcg_available, tcg_init, &tcg_allowed },
+{ "xen", "Xen", xen_available, xen_init, &xen_allowed },
 { "kvm", "KVM", kvm_available, kvm_init, &kvm_allowed },
 };
 
diff --git a/xen-all.c b/xen-all.c
new file mode 100644
index 000..29c8002
--- /dev/null
+++ b/xen-all.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2010   Citrix Ltd.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "config.h"
+
+#include "hw/xen_common.h"
+#include "hw/xen_backend.h"
+#include "hw/xen_redirect.h"
+
+/* Initialise Xen */
+
+int xen_init(int smp_cpus)
+{
+if (xen_mode == XEN_EMULATE)
+xen_mode = XEN_ATTACH;
+xen_interfaces_init();
+xen_xc = xc_interface_open(0, 0, 0);
+if (xen_xc == XC_HANDLER_INITIAL_VALUE) {
+xen_be_printf(NULL, 0, "can't open xen interface\n");
+return -1;
+}
+
+return 0;
+}
diff --git a/xen-stub.c b/xen-stub.c
new file mode 100644
index 000..0fa9c51
--- /dev/null
+++ b/xen-stub.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright (C) 2010   Citrix Ltd.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "config.h"
+
+#include "qemu-common.h"
+#include "hw/xen.h"
+
+int xen_init(int smp_cpus)
+{
+return -ENOSYS;
+}
-- 
1.7.1

[Qemu-devel] [PATCH V7 08/15] xen: add a 8259 Interrupt Controller

[anthony . perard]

From: Anthony PERARD 

Introduce a 8259 Interrupt Controller for target-xen; every set_irq
call makes a Xen hypercall.

Signed-off-by: Anthony PERARD 
Signed-off-by: Stefano Stabellini 
---
 hw/xen_common.h |2 ++
 hw/xen_machine_fv.c |5 ++---
 xen-all.c   |   12 
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/hw/xen_common.h b/hw/xen_common.h
index de524b8..e7f0c34 100644
--- a/hw/xen_common.h
+++ b/hw/xen_common.h
@@ -42,4 +42,6 @@ static inline int xc_fd(xc_interface *xen_xc)
 }
 #endif
 
+qemu_irq *i8259_xen_init(void);
+
 #endif /* QEMU_HW_XEN_COMMON_H */
diff --git a/hw/xen_machine_fv.c b/hw/xen_machine_fv.c
index 054c02f..511fbb0 100644
--- a/hw/xen_machine_fv.c
+++ b/hw/xen_machine_fv.c
@@ -36,6 +36,7 @@
 #include "xen_common.h"
 #include "xen/hvm/hvm_info_table.h"
 #include "xen_platform.h"
+#include "xen_common.h"
 
 #define MAX_IDE_BUS 2
 
@@ -51,7 +52,6 @@ static void xen_init_fv(ram_addr_t ram_size,
 PCIBus *pci_bus;
 PCII440FXState *i440fx_state;
 int piix3_devfn = -1;
-qemu_irq *cpu_irq;
 qemu_irq *isa_irq;
 qemu_irq *i8259;
 qemu_irq *cmos_s3;
@@ -75,8 +75,7 @@ static void xen_init_fv(ram_addr_t ram_size,
 env = cpu_init(cpu_model);
 env->halted = 1;
 
-cpu_irq = pc_allocate_cpu_irq();
-i8259 = i8259_init(cpu_irq[0]);
+i8259 = i8259_xen_init();
 isa_irq_state = qemu_mallocz(sizeof (*isa_irq_state));
 isa_irq_state->i8259 = i8259;
 
diff --git a/xen-all.c b/xen-all.c
index 8a51873..205cbc4 100644
--- a/xen-all.c
+++ b/xen-all.c
@@ -43,6 +43,18 @@ void xen_piix_pci_write_config_client(uint32_t address, 
uint32_t val, int len)
 }
 }
 
+/* i8259 */
+
+static void i8259_set_irq(void *opaque, int irq, int level)
+{
+xc_hvm_set_isa_irq_level(xen_xc, xen_domid, irq, level);
+}
+
+qemu_irq *i8259_xen_init(void)
+{
+return qemu_allocate_irqs(i8259_set_irq, NULL, 16);
+}
+
 /* Initialise Xen */
 
 int xen_init(int smp_cpus)
-- 
1.7.1

[Qemu-devel] Re: [PATCHv6 00/16] boot order specification

[Blue Swirl]

On Tue, Nov 23, 2010 at 4:12 PM, Anthony Liguori
 wrote:
> On 11/23/2010 09:31 AM, Gleb Natapov wrote:
>>
>> Anthony, Blue
>>
>> No comments on this patch series for almost a week. Can it be applied?
>>
>
> Does that mean everyone's happy or have folks not gotten around to review
> it?
>
> IOW, last call if you have objections :-)

I'm happy with the patch set in general, I've just been very busy IRL.
More experiments with Sparc32 device paths would not hurt, but bugs
(if any) can be fixed later.

[Qemu-devel] [PATCH V7 11/15] Introduce qemu_ram_ptr_unlock.

[anthony . perard]

From: Anthony PERARD 

This function allows to unlock a ram_ptr give by qemu_get_ram_ptr. After
a call to qemu_ram_ptr_unlock, the pointer may be unmap from QEMU when
used with Xen.

Signed-off-by: Anthony PERARD 
---
 cpu-common.h   |1 +
 exec.c |   10 ++
 xen-mapcache.c |   34 ++
 3 files changed, 45 insertions(+), 0 deletions(-)

diff --git a/cpu-common.h b/cpu-common.h
index a543b5d..8ec01f4 100644
--- a/cpu-common.h
+++ b/cpu-common.h
@@ -46,6 +46,7 @@ ram_addr_t qemu_ram_alloc(DeviceState *dev, const char *name, 
ram_addr_t size);
 void qemu_ram_free(ram_addr_t addr);
 /* This should only be used for ram local to a device.  */
 void *qemu_get_ram_ptr(ram_addr_t addr);
+void qemu_ram_ptr_unlock(void *addr);
 /* This should not be used by devices.  */
 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr);
 ram_addr_t qemu_ram_addr_from_host_nofail(void *ptr);
diff --git a/exec.c b/exec.c
index 3eb4d04..c6ed96d 100644
--- a/exec.c
+++ b/exec.c
@@ -2950,6 +2950,13 @@ void *qemu_get_ram_ptr(ram_addr_t addr)
 return NULL;
 }
 
+void qemu_ram_ptr_unlock(void *addr)
+{
+if (xen_mapcache_enabled()) {
+qemu_map_cache_unlock(addr);
+}
+}
+
 int qemu_ram_addr_from_host(void *ptr, ram_addr_t *ram_addr)
 {
 RAMBlock *block;
@@ -3539,6 +3546,7 @@ void cpu_physical_memory_rw(target_phys_addr_t addr, 
uint8_t *buf,
 cpu_physical_memory_set_dirty_flags(
 addr1, (0xff & ~CODE_DIRTY_FLAG));
 }
+qemu_ram_ptr_unlock(ptr);
 }
 } else {
 if ((pd & ~TARGET_PAGE_MASK) > IO_MEM_ROM &&
@@ -3569,6 +3577,7 @@ void cpu_physical_memory_rw(target_phys_addr_t addr, 
uint8_t *buf,
 ptr = qemu_get_ram_ptr(pd & TARGET_PAGE_MASK) +
 (addr & ~TARGET_PAGE_MASK);
 memcpy(buf, ptr, l);
+qemu_ram_ptr_unlock(ptr);
 }
 }
 len -= l;
@@ -3609,6 +3618,7 @@ void cpu_physical_memory_write_rom(target_phys_addr_t 
addr,
 /* ROM/RAM case */
 ptr = qemu_get_ram_ptr(addr1);
 memcpy(ptr, buf, l);
+qemu_ram_ptr_unlock(ptr);
 }
 len -= l;
 buf += l;
diff --git a/xen-mapcache.c b/xen-mapcache.c
index 3e1cca9..23a23f9 100644
--- a/xen-mapcache.c
+++ b/xen-mapcache.c
@@ -187,6 +187,40 @@ uint8_t *qemu_map_cache(target_phys_addr_t phys_addr, 
target_phys_addr_t size, u
 return mapcache->last_address_vaddr + address_offset;
 }
 
+void qemu_map_cache_unlock(void *buffer)
+{
+MapCacheEntry *entry = NULL, *pentry = NULL;
+MapCacheRev *reventry;
+target_phys_addr_t paddr_index;
+int found = 0;
+
+QTAILQ_FOREACH(reventry, &mapcache->locked_entries, next) {
+if (reventry->vaddr_req == buffer) {
+paddr_index = reventry->paddr_index;
+found = 1;
+break;
+}
+}
+if (!found) {
+return;
+}
+QTAILQ_REMOVE(&mapcache->locked_entries, reventry, next);
+qemu_free(reventry);
+
+entry = &mapcache->entry[paddr_index % mapcache->nr_buckets];
+while (entry && entry->paddr_index != paddr_index) {
+pentry = entry;
+entry = entry->next;
+}
+if (!entry) {
+return;
+}
+entry->lock--;
+if (entry->lock > 0) {
+entry->lock--;
+}
+}
+
 ram_addr_t qemu_ram_addr_from_mapcache(void *ptr)
 {
 MapCacheRev *reventry;
-- 
1.7.1

[Qemu-devel] [PATCH V7 12/15] vl.c: Introduce getter for shutdown_requested and reset_requested.

[anthony . perard]

From: Anthony PERARD 

Introduce two functions qemu_shutdown_requested_get and
qemu_reset_requested_get to get the value of shutdown/reset_requested
without reset it.

Signed-off-by: Anthony PERARD 
Signed-off-by: Stefano Stabellini 
---
 sysemu.h |2 ++
 vl.c |   10 ++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/sysemu.h b/sysemu.h
index b81a70e..fd3adba 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -51,6 +51,8 @@ void cpu_disable_ticks(void);
 void qemu_system_reset_request(void);
 void qemu_system_shutdown_request(void);
 void qemu_system_powerdown_request(void);
+int qemu_shutdown_requested_get(void);
+int qemu_reset_requested_get(void);
 int qemu_shutdown_requested(void);
 int qemu_reset_requested(void);
 int qemu_powerdown_requested(void);
diff --git a/vl.c b/vl.c
index 955e579..29f7801 100644
--- a/vl.c
+++ b/vl.c
@@ -,6 +,16 @@ static int powerdown_requested;
 int debug_requested;
 int vmstop_requested;
 
+int qemu_shutdown_requested_get(void)
+{
+return shutdown_requested;
+}
+
+int qemu_reset_requested_get(void)
+{
+return reset_requested;
+}
+
 int qemu_shutdown_requested(void)
 {
 int r = shutdown_requested;
-- 
1.7.1

[Qemu-devel] [PATCH V7 13/15] xen: Initialize event channels and io rings

[anthony . perard]

From: Arun Sharma 

Open and bind event channels; map ioreq and buffered ioreq rings.

Signed-off-by: Arun Sharma 
Signed-off-by: Anthony PERARD 
Signed-off-by: Stefano Stabellini 
---
 hw/xen_common.h |3 +
 xen-all.c   |  407 +++
 2 files changed, 410 insertions(+), 0 deletions(-)

diff --git a/hw/xen_common.h b/hw/xen_common.h
index e7f0c34..1512c4d 100644
--- a/hw/xen_common.h
+++ b/hw/xen_common.h
@@ -26,6 +26,7 @@
 /* Xen unstable */
 #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 410
 typedef int qemu_xc_interface;
+#  define XC_INTERFACE_FMT "%i"
 #  define XC_HANDLER_INITIAL_VALUE-1
 static inline int xc_fd(int xen_xc)
 {
@@ -33,6 +34,7 @@ static inline int xc_fd(int xen_xc)
 }
 #else
 typedef xc_interface *qemu_xc_interface;
+#  define XC_INTERFACE_FMT "%p"
 #  define XC_HANDLER_INITIAL_VALUENULL
 /* FIXME The fd of xen_xc is now xen_xc->fd */
 /* fd is the first field, so this works */
@@ -43,5 +45,6 @@ static inline int xc_fd(xc_interface *xen_xc)
 #endif
 
 qemu_irq *i8259_xen_init(void);
+void destroy_hvm_domain(void);
 
 #endif /* QEMU_HW_XEN_COMMON_H */
diff --git a/xen-all.c b/xen-all.c
index 2b9e71c..36bdf30 100644
--- a/xen-all.c
+++ b/xen-all.c
@@ -8,6 +8,8 @@
 
 #include "config.h"
 
+#include 
+
 #include "hw/pci.h"
 #include "hw/xen_common.h"
 #include "hw/xen_backend.h"
@@ -15,6 +17,50 @@
 
 #include "xen-mapcache.h"
 
+#include 
+#include 
+
+//#define DEBUG_XEN
+
+#ifdef DEBUG_XEN
+#define DPRINTF(fmt, ...) \
+do { fprintf(stderr, "xen: " fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+do { } while (0)
+#endif
+
+/* Compatibility with older version */
+#if __XEN_LATEST_INTERFACE_VERSION__ < 0x0003020a
+#  define xen_vcpu_eport(shared_page, i) \
+(shared_page->vcpu_iodata[i].vp_eport)
+#  define xen_vcpu_ioreq(shared_page, vcpu) \
+(shared_page->vcpu_iodata[vcpu].vp_ioreq)
+#  define FMT_ioreq_size PRIx64
+#else
+#  define xen_vcpu_eport(shared_page, i) \
+(shared_page->vcpu_ioreq[i].vp_eport)
+#  define xen_vcpu_ioreq(shared_page, vcpu) \
+(shared_page->vcpu_ioreq[vcpu])
+#  define FMT_ioreq_size "u"
+#endif
+
+#define BUFFER_IO_MAX_DELAY  100
+
+typedef struct XenIOState {
+shared_iopage_t *shared_page;
+buffered_iopage_t *buffered_io_page;
+QEMUTimer *buffered_io_timer;
+/* the evtchn port for polling the notification, */
+evtchn_port_t *ioreq_local_port;
+/* the evtchn fd for polling */
+int xce_handle;
+/* which vcpu we are serving */
+int send_vcpu;
+
+Notifier exit;
+} XenIOState;
+
 /* Xen specific function for piix pci */
 
 int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num)
@@ -115,10 +161,308 @@ void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size)
 }
 
 
+/* VCPU Operations, MMIO, IO ring ... */
+
+/* get the ioreq packets from share mem */
+static ioreq_t *cpu_get_ioreq_from_shared_memory(XenIOState *state, int vcpu)
+{
+ioreq_t *req = xen_vcpu_ioreq(&state->shared_page, vcpu);
+
+if (req->state != STATE_IOREQ_READY) {
+DPRINTF("I/O request not ready: "
+"%x, ptr: %x, port: %"PRIx64", "
+"data: %"PRIx64", count: %" FMT_ioreq_size ", size: %" 
FMT_ioreq_size "\n",
+req->state, req->data_is_ptr, req->addr,
+req->data, req->count, req->size);
+return NULL;
+}
+
+xen_rmb(); /* see IOREQ_READY /then/ read contents of ioreq */
+
+req->state = STATE_IOREQ_INPROCESS;
+return req;
+}
+
+/* use poll to get the port notification */
+/* ioreq_vec--out,the */
+/* retval--the number of ioreq packet */
+static ioreq_t *cpu_get_ioreq(XenIOState *state)
+{
+int i;
+evtchn_port_t port;
+
+port = xc_evtchn_pending(state->xce_handle);
+if (port != -1) {
+for (i = 0; i < smp_cpus; i++) {
+if (state->ioreq_local_port[i] == port) {
+break;
+}
+}
+
+if (i == smp_cpus) {
+hw_error("Fatal error while trying to get io event!\n");
+}
+
+/* unmask the wanted port again */
+xc_evtchn_unmask(state->xce_handle, port);
+
+/* get the io packet from shared memory */
+state->send_vcpu = i;
+return cpu_get_ioreq_from_shared_memory(state, i);
+}
+
+/* read error or read nothing */
+return NULL;
+}
+
+static uint32_t do_inp(pio_addr_t addr, unsigned long size)
+{
+switch (size) {
+case 1:
+return cpu_inb(addr);
+case 2:
+return cpu_inw(addr);
+case 4:
+return cpu_inl(addr);
+default:
+hw_error("inp: bad size: %04"FMT_pioaddr" %lx", addr, size);
+}
+}
+
+static void do_outp(pio_addr_t addr,
+unsigned long size, uint32_t val)
+{
+switch (size) {
+case 1:
+return cpu_outb(addr, val);
+case 2:
+return cpu_outw(addr, val);
+case 4:
+return cpu_outl(

[Qemu-devel] [PATCH] virtio: fix up VQ checks

[Michael S. Tsirkin]

When migration triggers before a VQ is initialized,
base pa is 0 and last_used_index must be 0 too:
we don't have a ring to compare to.

This fixes a bug introduced in
258dc7c96bb4b7ca71d5bee811e73933310e168c.

Reporrted-by: Juan Quintela 
Signed-off-by: Michael S. Tsirkin 
---

Compile-tested only.
Juan, could you tell me whether this fixes the bug
you see please?

 hw/virtio.c |   23 ++-
 1 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/hw/virtio.c b/hw/virtio.c
index a2a657e..1df3578 100644
--- a/hw/virtio.c
+++ b/hw/virtio.c
@@ -681,7 +681,6 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f)
 uint32_t features;
 uint32_t supported_features =
 vdev->binding->get_features(vdev->binding_opaque);
-uint16_t num_heads;
 
 if (vdev->binding->load_config) {
 ret = vdev->binding->load_config(vdev->binding_opaque, f);
@@ -712,17 +711,23 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f)
 qemu_get_be16s(f, &vdev->vq[i].last_avail_idx);
 
 if (vdev->vq[i].pa) {
+uint16_t nheads;
 virtqueue_init(&vdev->vq[i]);
-}
-   num_heads = vring_avail_idx(&vdev->vq[i]) - vdev->vq[i].last_avail_idx;
-   /* Check it isn't doing very strange things with descriptor numbers. */
-   if (num_heads > vdev->vq[i].vring.num) {
-   fprintf(stderr, "VQ %d size 0x%x Guest index 0x%x "
+nheads = vring_avail_idx(&vdev->vq[i]) - 
vdev->vq[i].last_avail_idx;
+/* Check it isn't doing very strange things with descriptor 
numbers. */
+if (nheads > vdev->vq[i].vring.num) {
+fprintf(stderr, "VQ %d size 0x%x Guest index 0x%x "
 "inconsistent with Host index 0x%x: delta 0x%x\n",
-   i, vdev->vq[i].vring.num,
+i, vdev->vq[i].vring.num,
 vring_avail_idx(&vdev->vq[i]),
-vdev->vq[i].last_avail_idx, num_heads);
-   return -1;
+vdev->vq[i].last_avail_idx, nheads);
+return -1;
+}
+} else if (vdev->vq[i].last_avail_idx) {
+fprintf(stderr, "VQ %d address 0x0 "
+"inconsistent with Host index 0x%x\n",
+i, vdev->vq[i].last_avail_idx);
+return -1;
}
 if (vdev->binding->load_queue) {
 ret = vdev->binding->load_queue(vdev->binding_opaque, i, f);
-- 
1.7.3.2.91.g446ac

[Qemu-devel] [PATCH V7 04/15] xen: Add xen_machine_fv

[anthony . perard]

From: Anthony PERARD 

Add the Xen FV (Fully Virtualized) machine to Qemu;
this is groundwork to add Xen device model support in Qemu.

Signed-off-by: Anthony PERARD 
Signed-off-by: Stefano Stabellini 
---
 Makefile.target |3 +
 hw/xen_common.h |5 ++
 hw/xen_machine_fv.c |  158 +++
 3 files changed, 166 insertions(+), 0 deletions(-)
 create mode 100644 hw/xen_machine_fv.c

diff --git a/Makefile.target b/Makefile.target
index 30863e0..ce8aa76 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -207,6 +207,9 @@ QEMU_CFLAGS += $(VNC_PNG_CFLAGS)
 obj-$(CONFIG_XEN) += xen_machine_pv.o xen_domainbuild.o
 obj-$(CONFIG_XEN) += xen_interfaces.o
 
+# xen full virtualized machine
+obj-i386-$(CONFIG_XEN) += xen_machine_fv.o
+
 # USB layer
 obj-$(CONFIG_USB_OHCI) += usb-ohci.o
 
diff --git a/hw/xen_common.h b/hw/xen_common.h
index 79d8d4d..de524b8 100644
--- a/hw/xen_common.h
+++ b/hw/xen_common.h
@@ -18,6 +18,11 @@
  * We don't support Xen prior to 3.3.0.
  */
 
+/* Before Xen 4.0.0 */
+#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 400
+#  define HVM_MAX_VCPUS 32
+#endif
+
 /* Xen unstable */
 #if CONFIG_XEN_CTRL_INTERFACE_VERSION < 410
 typedef int qemu_xc_interface;
diff --git a/hw/xen_machine_fv.c b/hw/xen_machine_fv.c
new file mode 100644
index 000..7cbbe83
--- /dev/null
+++ b/hw/xen_machine_fv.c
@@ -0,0 +1,158 @@
+/*
+ * QEMU Xen FV Machine
+ *
+ * Copyright (c) 2003-2007 Fabrice Bellard
+ * Copyright (c) 2007 Red Hat
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw.h"
+#include "pc.h"
+#include "pci.h"
+#include "usb-uhci.h"
+#include "net.h"
+#include "boards.h"
+#include "ide.h"
+#include "sysemu.h"
+#include "blockdev.h"
+
+#include "xen_common.h"
+#include "xen/hvm/hvm_info_table.h"
+
+#define MAX_IDE_BUS 2
+
+static void xen_init_fv(ram_addr_t ram_size,
+const char *boot_device,
+const char *kernel_filename,
+const char *kernel_cmdline,
+const char *initrd_filename,
+const char *cpu_model)
+{
+int i;
+ram_addr_t below_4g_mem_size, above_4g_mem_size = 0;
+PCIBus *pci_bus;
+PCII440FXState *i440fx_state;
+int piix3_devfn = -1;
+qemu_irq *cpu_irq;
+qemu_irq *isa_irq;
+qemu_irq *i8259;
+qemu_irq *cmos_s3;
+qemu_irq *smi_irq;
+IsaIrqState *isa_irq_state;
+DriveInfo *hd[MAX_IDE_BUS * MAX_IDE_DEVS];
+FDCtrl *floppy_controller;
+BusState *idebus[MAX_IDE_BUS];
+ISADevice *rtc_state;
+
+CPUState *env;
+
+/* Initialize a dummy CPU */
+if (cpu_model == NULL) {
+#ifdef TARGET_X86_64
+cpu_model = "qemu64";
+#else
+cpu_model = "qemu32";
+#endif
+}
+env = cpu_init(cpu_model);
+env->halted = 1;
+
+cpu_irq = pc_allocate_cpu_irq();
+i8259 = i8259_init(cpu_irq[0]);
+isa_irq_state = qemu_mallocz(sizeof (*isa_irq_state));
+isa_irq_state->i8259 = i8259;
+
+isa_irq = qemu_allocate_irqs(isa_irq_handler, isa_irq_state, 24);
+
+pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, isa_irq, ram_size);
+isa_bus_irqs(isa_irq);
+
+pc_register_ferr_irq(isa_reserve_irq(13));
+
+pc_vga_init(pci_bus);
+
+/* init basic PC hardware */
+pc_basic_device_init(isa_irq, &floppy_controller, &rtc_state);
+
+for (i = 0; i < nb_nics; i++) {
+NICInfo *nd = &nd_table[i];
+
+if (nd->model && strcmp(nd->model, "ne2k_isa") == 0)
+pc_init_ne2k_isa(nd);
+else
+pci_nic_init_nofail(nd, "e1000", NULL);
+}
+
+if (drive_get_max_bus(IF_IDE) >= MAX_IDE_BUS) {
+fprintf(stderr, "qemu: too many IDE bus\n");
+exit(1);
+}
+
+for (i = 0; i < MAX_IDE_BUS * MAX_IDE_DEVS; i++) {
+hd[i] = drive_get(IF_IDE, i / MAX_IDE_DEVS, i % MAX_IDE_DEVS);
+}
+
+PCIDevice *dev = pci_piix3_ide_init(pci_bus, hd, piix3_devfn + 1);

[Qemu-devel] [PATCH V7 03/15] xen: Support new libxc calls from xen unstable.

[anthony . perard]

From: Anthony PERARD 

Update the libxenctrl calls in Qemu to use the new interface, otherwise
Qemu wouldn't be able to build against new versions of the library.

We also check libxenctrl version in configure, from Xen 3.3.0 to Xen
unstable.

Signed-off-by: Anthony PERARD 
Signed-off-by: Stefano Stabellini 
---
 Makefile.target  |1 +
 configure|   67 -
 hw/xen_backend.c |   10 +++---
 hw/xen_backend.h |3 +-
 hw/xen_common.h  |   36 
 hw/xen_disk.c|   12 +++---
 hw/xen_domainbuild.c |2 +-
 hw/xen_interfaces.c  |   90 +-
 hw/xen_interfaces.h  |   36 +---
 hw/xen_nic.c |   16 
 hw/xen_redirect.h|2 +
 11 files changed, 224 insertions(+), 51 deletions(-)

diff --git a/Makefile.target b/Makefile.target
index 2800f47..30863e0 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -205,6 +205,7 @@ QEMU_CFLAGS += $(VNC_PNG_CFLAGS)
 
 # xen backend driver support
 obj-$(CONFIG_XEN) += xen_machine_pv.o xen_domainbuild.o
+obj-$(CONFIG_XEN) += xen_interfaces.o
 
 # USB layer
 obj-$(CONFIG_USB_OHCI) += usb-ohci.o
diff --git a/configure b/configure
index 2917874..28375b1 100755
--- a/configure
+++ b/configure
@@ -285,6 +285,7 @@ vnc_jpeg=""
 vnc_png=""
 vnc_thread="no"
 xen=""
+xen_ctrl_version=""
 linux_aio=""
 attr=""
 vhost_net=""
@@ -1138,20 +1139,81 @@ fi
 
 if test "$xen" != "no" ; then
   xen_libs="-lxenstore -lxenctrl -lxenguest"
+
+  # Xen unstable
   cat > $TMPC <
 #include 
-int main(void) { xs_daemon_open(); xc_interface_open(); return 0; }
+#include 
+#include 
+#if !defined(HVM_MAX_VCPUS)
+# error HVM_MAX_VCPUS not defined
+#endif
+int main(void) {
+  xc_interface *xc;
+  xs_daemon_open();
+  xc_interface_open(0, 0, 0);
+  xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
+  xc_gnttab_open(xc);
+  return 0;
+}
 EOF
   if compile_prog "" "$xen_libs" ; then
+xen_ctrl_version=410
 xen=yes
-libs_softmmu="$xen_libs $libs_softmmu"
+
+  # Xen 4.0.0
+  elif (
+  cat > $TMPC <
+#include 
+#include 
+#include 
+#if !defined(HVM_MAX_VCPUS)
+# error HVM_MAX_VCPUS not defined
+#endif
+int main(void) {
+  xs_daemon_open();
+  xc_interface_open();
+  xc_gnttab_open();
+  xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
+  return 0;
+}
+EOF
+  compile_prog "" "$xen_libs"
+) ; then
+xen_ctrl_version=400
+xen=yes
+
+  # Xen 3.3.0, 3.4.0
+  elif (
+  cat > $TMPC <
+#include 
+int main(void) {
+  xs_daemon_open();
+  xc_interface_open();
+  xc_gnttab_open();
+  xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
+  return 0;
+}
+EOF
+  compile_prog "" "$xen_libs"
+) ; then
+xen_ctrl_version=330
+xen=yes
+
+  # Xen not found or unsupported
   else
 if test "$xen" = "yes" ; then
   feature_not_found "xen"
 fi
 xen=no
   fi
+
+  if test "$xen" = "yes"; then
+libs_softmmu="$xen_libs $libs_softmmu"
+  fi
 fi
 
 ##
@@ -2566,6 +2628,7 @@ if test "$bluez" = "yes" ; then
 fi
 if test "$xen" = "yes" ; then
   echo "CONFIG_XEN=y" >> $config_host_mak
+  echo "CONFIG_XEN_CTRL_INTERFACE_VERSION=$xen_ctrl_version" >> 
$config_host_mak
 fi
 if test "$io_thread" = "yes" ; then
   echo "CONFIG_IOTHREAD=y" >> $config_host_mak
diff --git a/hw/xen_backend.c b/hw/xen_backend.c
index 860b038..2298671 100644
--- a/hw/xen_backend.c
+++ b/hw/xen_backend.c
@@ -43,7 +43,7 @@
 /* - */
 
 /* public */
-int xen_xc;
+qemu_xc_interface xen_xc = XC_HANDLER_INITIAL_VALUE;
 struct xs_handle *xenstore = NULL;
 const char *xen_protocol;
 
@@ -216,7 +216,7 @@ static struct XenDevice *xen_be_get_xendev(const char 
*type, int dom, int dev,
 fcntl(xc_evtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
 
 if (ops->flags & DEVOPS_FLAG_NEED_GNTDEV) {
-xendev->gnttabdev = xc_gnttab_open();
+xendev->gnttabdev = xc_gnttab_open(xen_xc);
 if (xendev->gnttabdev < 0) {
 xen_be_printf(NULL, 0, "can't open gnttab device\n");
 xc_evtchn_close(xendev->evtchndev);
@@ -269,7 +269,7 @@ static struct XenDevice *xen_be_del_xendev(int dom, int dev)
 if (xendev->evtchndev >= 0)
 xc_evtchn_close(xendev->evtchndev);
 if (xendev->gnttabdev >= 0)
-xc_gnttab_close(xendev->gnttabdev);
+xc_gnttab_close(xen_xc, xendev->gnttabdev);
 
 QTAILQ_REMOVE(&xendevs, xendev, next);
 qemu_free(xendev);
@@ -627,8 +627,8 @@ int xen_be_init(void)
 if (qemu_set_fd_handler(xs_fileno(xenstore), xenstore_update, NULL, NULL) 
< 0)
 goto err;
 
-xen_xc = xc_interface_open();
-if (xen_xc == -1) {
+xen_xc = xc_interface_open(0, 0, 0);
+if (xen_xc == XC_HANDLER_INITIAL_VALUE) {
 xen_be_printf(NULL, 0, "can't open xen interface\n");
 goto err;
 }
diff --git a/hw/xen_backend.h b/hw/xen_backend.h
index 

[Qemu-devel] Re: [PATCH] virtio: fix up VQ checks

[Juan Quintela]

"Michael S. Tsirkin"  wrote:
> When migration triggers before a VQ is initialized,
> base pa is 0 and last_used_index must be 0 too:
> we don't have a ring to compare to.
>
> This fixes a bug introduced in
> 258dc7c96bb4b7ca71d5bee811e73933310e168c.
>
> Reporrted-by: Juan Quintela 

extra 'r'

> Signed-off-by: Michael S. Tsirkin 
> ---
>
> Compile-tested only.
> Juan, could you tell me whether this fixes the bug
> you see please?

Fixes it.

[Qemu-devel] [PATCH V7 07/15] piix_pci: Introduces Xen specific call for irq.

[anthony . perard]

From: Anthony PERARD 

This patch introduces Xen specific call in piix_pci.

The specific part for Xen is in write_config, set_irq and get_pirq.

Signed-off-by: Anthony PERARD 
Signed-off-by: Stefano Stabellini 
---
 hw/piix_pci.c |   28 ++--
 hw/xen.h  |6 ++
 xen-all.c |   31 +++
 xen-stub.c|   13 +
 4 files changed, 76 insertions(+), 2 deletions(-)

diff --git a/hw/piix_pci.c b/hw/piix_pci.c
index b5589b9..593d2b6 100644
--- a/hw/piix_pci.c
+++ b/hw/piix_pci.c
@@ -29,6 +29,7 @@
 #include "isa.h"
 #include "sysbus.h"
 #include "range.h"
+#include "xen.h"
 
 /*
  * I440FX chipset data sheet.
@@ -151,6 +152,13 @@ static void i440fx_write_config(PCIDevice *dev,
 }
 }
 
+static void i440fx_write_config_xen(PCIDevice *dev,
+uint32_t address, uint32_t val, int len)
+{
+xen_piix_pci_write_config_client(address, val, len);
+i440fx_write_config(dev, address, val, len);
+}
+
 static int i440fx_load_old(QEMUFile* f, void *opaque, int version_id)
 {
 PCII440FXState *d = opaque;
@@ -230,13 +238,21 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int 
*piix3_devfn, qemu_irq *
 s->bus = b;
 qdev_init_nofail(dev);
 
-d = pci_create_simple(b, 0, "i440FX");
+if (xen_enabled()) {
+d = pci_create_simple(b, 0, "i440FX-xen");
+} else {
+d = pci_create_simple(b, 0, "i440FX");
+}
 *pi440fx_state = DO_UPCAST(PCII440FXState, dev, d);
 
 piix3 = DO_UPCAST(PIIX3State, dev,
   pci_create_simple_multifunction(b, -1, true, "PIIX3"));
 piix3->pic = pic;
-pci_bus_irqs(b, piix3_set_irq, pci_slot_get_pirq, piix3, 4);
+if (xen_enabled()) {
+pci_bus_irqs(b, xen_piix3_set_irq, xen_pci_slot_get_pirq, piix3, 4);
+} else {
+pci_bus_irqs(b, piix3_set_irq, pci_slot_get_pirq, piix3, 4);
+}
 (*pi440fx_state)->piix3 = piix3;
 
 *piix3_devfn = piix3->dev.devfn;
@@ -351,6 +367,14 @@ static PCIDeviceInfo i440fx_info[] = {
 .init = i440fx_initfn,
 .config_write = i440fx_write_config,
 },{
+.qdev.name= "i440FX-xen",
+.qdev.desc= "Host bridge",
+.qdev.size= sizeof(PCII440FXState),
+.qdev.vmsd= &vmstate_i440fx,
+.qdev.no_user = 1,
+.init = i440fx_initfn,
+.config_write = i440fx_write_config_xen,
+},{
 .qdev.name= "PIIX3",
 .qdev.desc= "ISA bridge",
 .qdev.size= sizeof(PIIX3State),
diff --git a/hw/xen.h b/hw/xen.h
index 183cbb5..338cf76 100644
--- a/hw/xen.h
+++ b/hw/xen.h
@@ -8,6 +8,8 @@
  */
 #include 
 
+#include "qemu-common.h"
+
 /* xen-machine.c */
 enum xen_mode {
 XEN_EMULATE = 0,  // xen emulation, using xenner (default)
@@ -29,6 +31,10 @@ static inline int xen_enabled(void)
 #endif
 }
 
+int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num);
+void xen_piix3_set_irq(void *opaque, int irq_num, int level);
+void xen_piix_pci_write_config_client(uint32_t address, uint32_t val, int len);
+
 int xen_init(int smp_cpus);
 
 #endif /* QEMU_HW_XEN_H */
diff --git a/xen-all.c b/xen-all.c
index 29c8002..8a51873 100644
--- a/xen-all.c
+++ b/xen-all.c
@@ -8,10 +8,41 @@
 
 #include "config.h"
 
+#include "hw/pci.h"
 #include "hw/xen_common.h"
 #include "hw/xen_backend.h"
 #include "hw/xen_redirect.h"
 
+/* Xen specific function for piix pci */
+
+int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num)
+{
+return irq_num + ((pci_dev->devfn >> 3) << 2);
+}
+
+void xen_piix3_set_irq(void *opaque, int irq_num, int level)
+{
+xc_hvm_set_pci_intx_level(xen_xc, xen_domid, 0, 0, irq_num >> 2,
+  irq_num & 3, level);
+}
+
+void xen_piix_pci_write_config_client(uint32_t address, uint32_t val, int len)
+{
+int i;
+
+/* Scan for updates to PCI link routes (0x60-0x63). */
+for (i = 0; i < len; i++) {
+uint8_t v = (val >> (8 * i)) & 0xff;
+if (v & 0x80) {
+v = 0;
+}
+v &= 0xf;
+if (((address + i) >= 0x60) && ((address + i) <= 0x63)) {
+xc_hvm_set_pci_link_route(xen_xc, xen_domid, address + i - 0x60, 
v);
+}
+}
+}
+
 /* Initialise Xen */
 
 int xen_init(int smp_cpus)
diff --git a/xen-stub.c b/xen-stub.c
index 0fa9c51..07e64bc 100644
--- a/xen-stub.c
+++ b/xen-stub.c
@@ -11,6 +11,19 @@
 #include "qemu-common.h"
 #include "hw/xen.h"
 
+int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num)
+{
+return -1;
+}
+
+void xen_piix3_set_irq(void *opaque, int irq_num, int level)
+{
+}
+
+void xen_piix_pci_write_config_client(uint32_t address, uint32_t val, int len)
+{
+}
+
 int xen_init(int smp_cpus)
 {
 return -ENOSYS;
-- 
1.7.1

[Qemu-devel] Re: [PATCH] megasas: LSI Megaraid SAS emulation

[Stefan Hajnoczi]

On Mon, Nov 22, 2010 at 10:15 AM, Hannes Reinecke  wrote:
Not a full review but two small things I noticed:

> +#define megasas_frame_set_cmd_status(f,v)              \
> +    stb_phys((f) + offsetof(struct mfi_frame_header, cmd_status), v);
> +
> +#define megasas_frame_set_scsi_status(f,v)             \
> +    stb_phys((f) + offsetof(struct mfi_frame_header, scsi_status), v);
> +
> +#define megasas_frame_get_cmd(f)                       \
> +    ldub_phys((f) + offsetof(struct mfi_frame_header, frame_cmd))
> +
> +#define megasas_frame_get_context(f)                   \
> +    ldl_phys(frame_addr + offsetof(struct mfi_frame_header, context));

These macros include a semicolon.  They should be wrapped in:
do { ... } while (0)

> +static int megasas_scsi_uninit(PCIDevice *d)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev, d);
> +
> +    cpu_unregister_io_memory(s->mmio_io_addr);

Missing cpu_unregister_io_memory(s->io_addr) and
cpu_unregister_io_memory(s->queue_addr)?

Stefan

[Qemu-devel] [PATCH V7 09/15] xen: Introduce the Xen mapcache

[anthony . perard]

From: Jun Nakajima 

On IA32 host or IA32 PAE host, at present, generally, we can't create
an HVM guest with more than 2G memory, because generally it's almost
impossible for Qemu to find a large enough and consecutive virtual
address space to map an HVM guest's whole physical address space.
The attached patch fixes this issue using dynamic mapping based on
little blocks of memory.

Each call to qemu_get_ram_ptr makes a call to qemu_map_cache with the
lock option, so mapcache will not unmap these ram_ptr.

Signed-off-by: Jun Nakajima 
Signed-off-by: Anthony PERARD 
Signed-off-by: Stefano Stabellini 
---
 Makefile.target |3 +
 configure   |3 +
 exec.c  |   40 ++-
 hw/xen.h|   13 +++
 xen-all.c   |   64 +++
 xen-mapcache-stub.c |   33 ++
 xen-mapcache.c  |  301 +++
 xen-mapcache.h  |   14 +++
 xen-stub.c  |4 +
 9 files changed, 471 insertions(+), 4 deletions(-)
 create mode 100644 xen-mapcache-stub.c
 create mode 100644 xen-mapcache.c
 create mode 100644 xen-mapcache.h

diff --git a/Makefile.target b/Makefile.target
index a988822..765c3bc 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -209,8 +209,11 @@ obj-$(CONFIG_XEN) += xen_machine_pv.o xen_domainbuild.o
 obj-$(CONFIG_XEN) += xen_interfaces.o
 
 # xen support
+CONFIG_NO_XEN_MAPCACHE = $(if $(subst n,,$(CONFIG_XEN_MAPCACHE)),n,y)
 obj-$(CONFIG_XEN) += xen-all.o
 obj-$(CONFIG_NO_XEN) += xen-stub.o
+obj-$(CONFIG_XEN_MAPCACHE) += xen-mapcache.o
+obj-$(CONFIG_NO_XEN_MAPCACHE) += xen-mapcache-stub.o
 
 # xen full virtualized machine
 obj-i386-$(CONFIG_XEN) += xen_machine_fv.o
diff --git a/configure b/configure
index 28375b1..7625054 100755
--- a/configure
+++ b/configure
@@ -2967,6 +2967,9 @@ case "$target_arch2" in
   i386|x86_64)
 if test "$xen" = "yes" -a "$target_softmmu" = "yes" ; then
   echo "CONFIG_XEN=y" >> $config_target_mak
+  if test "$cpu" = "i386" -o "$cpu" = "x86_64"; then
+  echo "CONFIG_XEN_MAPCACHE=y" >> $config_target_mak
+  fi
 fi
 esac
 case "$target_arch2" in
diff --git a/exec.c b/exec.c
index db9ff55..3eb4d04 100644
--- a/exec.c
+++ b/exec.c
@@ -32,6 +32,7 @@
 #include "hw/qdev.h"
 #include "osdep.h"
 #include "kvm.h"
+#include "hw/xen.h"
 #include "qemu-timer.h"
 #if defined(CONFIG_USER_ONLY)
 #include 
@@ -51,6 +52,8 @@
 #include 
 #endif
 #endif
+#else /* !CONFIG_USER_ONLY */
+#include "xen-mapcache.h"
 #endif
 
 //#define DEBUG_TB_INVALIDATE
@@ -2827,6 +2830,7 @@ ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, 
const char *name,
 }
 }
 
+new_block->offset = find_ram_offset(size);
 if (host) {
 new_block->host = host;
 } else {
@@ -2848,13 +2852,15 @@ ram_addr_t qemu_ram_alloc_from_ptr(DeviceState *dev, 
const char *name,
PROT_EXEC|PROT_READ|PROT_WRITE,
MAP_SHARED | MAP_ANONYMOUS, -1, 0);
 #else
-new_block->host = qemu_vmalloc(size);
+if (xen_mapcache_enabled()) {
+xen_ram_alloc(new_block->offset, size);
+} else {
+new_block->host = qemu_vmalloc(size);
+}
 #endif
 qemu_madvise(new_block->host, size, QEMU_MADV_MERGEABLE);
 }
 }
-
-new_block->offset = find_ram_offset(size);
 new_block->length = size;
 
 QLIST_INSERT_HEAD(&ram_list.blocks, new_block, next);
@@ -2895,7 +2901,11 @@ void qemu_ram_free(ram_addr_t addr)
 #if defined(TARGET_S390X) && defined(CONFIG_KVM)
 munmap(block->host, block->length);
 #else
-qemu_vfree(block->host);
+if (xen_mapcache_enabled()) {
+qemu_invalidate_entry(block->host);
+} else {
+qemu_vfree(block->host);
+}
 #endif
 }
 qemu_free(block);
@@ -2921,6 +2931,15 @@ void *qemu_get_ram_ptr(ram_addr_t addr)
 if (addr - block->offset < block->length) {
 QLIST_REMOVE(block, next);
 QLIST_INSERT_HEAD(&ram_list.blocks, block, next);
+if (xen_mapcache_enabled()) {
+/* We need to check if the requested address is in the RAM
+ * because we don't want to map the entire memory in QEMU.
+ */
+if (block->offset == 0) {
+return qemu_map_cache(addr, 0, 1);
+}
+block->host = qemu_map_cache(block->offset, block->length, 1);
+}
 return block->host + (addr - block->offset);
 }
 }
@@ -2937,11 +2956,21 @@ int qemu_ram_addr_from_host(void *ptr, ram_addr_t 
*ram_addr)
 uint8_t *host = ptr;
 
 QLIST_FOREACH(block, &ram_list.blocks, next) {
+/* This case append when the block is not mapped. */
+if (block->host == NULL) {
+continue;
+}
 if (host - block->host < block-

[Qemu-devel] isp1760 (nxp usb controller) support in QEMU for linux arm realview boards?

[t g]

I see in the 2.6.33.7 linux kernel that the realview-pbx board configuration 
has 
support for the NXP isp1760 usb controller.

I'm trying to find out if QEMU has support for this type of controller.  I'd 
appreciate any pointers in the right direction.  I haven't found anything so 
far 
so I thought I would email the experts. : )

Thanks in advance,
Tim



  

[Qemu-devel] [PATCH V7 14/15] xen: Set running state in xenstore.

[anthony . perard]

From: Anthony PERARD 

This tells to the xen management tool that the machine can begin run.

Signed-off-by: Anthony PERARD 
---
 xen-all.c |   27 +++
 1 files changed, 27 insertions(+), 0 deletions(-)

diff --git a/xen-all.c b/xen-all.c
index 36bdf30..b94d56e 100644
--- a/xen-all.c
+++ b/xen-all.c
@@ -58,6 +58,8 @@ typedef struct XenIOState {
 /* which vcpu we are serving */
 int send_vcpu;
 
+struct xs_handle *xenstore;
+
 Notifier exit;
 } XenIOState;
 
@@ -426,6 +428,21 @@ static void cpu_handle_ioreq(void *opaque)
 }
 }
 
+static void xenstore_record_dm_state(XenIOState *s, const char *state)
+{
+char *path = NULL;
+
+if (asprintf(&path, "/local/domain/0/device-model/%u/state", xen_domid) == 
-1) {
+fprintf(stderr, "out of memory recording dm state\n");
+exit(1);
+}
+if (!xs_write(s->xenstore, XBT_NULL, path, state, strlen(state))) {
+fprintf(stderr, "error recording dm state\n");
+exit(1);
+}
+free(path);
+}
+
 static void xen_main_loop_prepare(XenIOState *state)
 {
 int evtchn_fd = state->xce_handle == -1 ? -1 : 
xc_evtchn_fd(state->xce_handle);
@@ -437,6 +454,9 @@ static void xen_main_loop_prepare(XenIOState *state)
 if (evtchn_fd != -1) {
 qemu_set_fd_handler(evtchn_fd, cpu_handle_ioreq, NULL, state);
 }
+
+/* record state running */
+xenstore_record_dm_state(state, "running");
 }
 
 
@@ -455,6 +475,7 @@ static void xen_exit_notifier(Notifier *n)
 XenIOState *state = container_of(n, XenIOState, exit);
 
 xc_evtchn_close(state->xce_handle);
+xs_daemon_close(state->xenstore);
 }
 
 int xen_init(int smp_cpus)
@@ -480,6 +501,12 @@ int xen_init(int smp_cpus)
 return -errno;
 }
 
+state->xenstore = xs_daemon_open();
+if (state->xenstore == NULL) {
+perror("xen: xenstore open");
+return -errno;
+}
+
 state->exit.notify = xen_exit_notifier;
 qemu_add_exit_notifier(&state->exit);
 
-- 
1.7.1

[Qemu-devel] [PATCH V7 15/15] acpi-piix4: Add Xen hypercall for sleep state.

[anthony . perard]

From: Anthony PERARD 

Signed-off-by: Anthony PERARD 
---
 hw/acpi_piix4.c |4 
 hw/xen.h|2 ++
 xen-all.c   |7 +++
 xen-stub.c  |4 
 4 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 173d781..1bcd40e 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -23,6 +23,7 @@
 #include "acpi.h"
 #include "sysemu.h"
 #include "range.h"
+#include "xen.h"
 
 //#define DEBUG
 
@@ -179,6 +180,9 @@ static void pm_ioport_write(IORange *ioport, uint64_t addr, 
unsigned width,
 if (s->cmos_s3) {
 qemu_irq_raise(s->cmos_s3);
 }
+if (xen_enabled()) {
+xen_set_hvm_sleep_state();
+}
 default:
 break;
 }
diff --git a/hw/xen.h b/hw/xen.h
index dd3fb68..8920550 100644
--- a/hw/xen.h
+++ b/hw/xen.h
@@ -44,6 +44,8 @@ int xen_pci_slot_get_pirq(PCIDevice *pci_dev, int irq_num);
 void xen_piix3_set_irq(void *opaque, int irq_num, int level);
 void xen_piix_pci_write_config_client(uint32_t address, uint32_t val, int len);
 
+void xen_set_hvm_sleep_state(void);
+
 int xen_init(int smp_cpus);
 
 #if defined(NEED_CPU_H) && !defined(CONFIG_USER_ONLY)
diff --git a/xen-all.c b/xen-all.c
index b94d56e..939d9b7 100644
--- a/xen-all.c
+++ b/xen-all.c
@@ -460,6 +460,13 @@ static void xen_main_loop_prepare(XenIOState *state)
 }
 
 
+/* ACPI */
+
+void xen_set_hvm_sleep_state(void)
+{
+xc_set_hvm_param(xen_xc, xen_domid, HVM_PARAM_ACPI_S_STATE, 3);
+}
+
 /* Initialise Xen */
 
 static void xen_vm_change_state_handler(void *opaque, int running, int reason)
diff --git a/xen-stub.c b/xen-stub.c
index c9f477d..d22f475 100644
--- a/xen-stub.c
+++ b/xen-stub.c
@@ -28,6 +28,10 @@ void xen_ram_alloc(ram_addr_t ram_addr, ram_addr_t size)
 {
 }
 
+void xen_set_hvm_sleep_state(void)
+{
+}
+
 int xen_init(int smp_cpus)
 {
 return -ENOSYS;
-- 
1.7.1

[Qemu-devel] [Patch] Small fix for qemu APIC for Mac OS X support

[adq]

This patch ups the APIC version from 0x11 to 0x14. After that Mac OS X
loads successfully (with appropriate kexts, applesmc ain't hooked up
properly yet I see unfortunately).

According to to the Intel IA-32 Software Developers Manual Vol 3 page
290, the version should be 0x14 Pentium 4/Xeon CPUs anyway.

Signed-off-by: Andrew de Quincey 

diff --git a/hw/apic.c b/hw/apic.c
index 5f4a87c..20304e0 100644
--- a/hw/apic.c
+++ b/hw/apic.c
@@ -704,7 +704,7 @@ static uint32_t apic_mem_readl(void *opaque,
target_phys_addr_t addr)
 val = s->id << 24;
 break;
 case 0x03: /* version */
-val = 0x11 | ((APIC_LVT_NB - 1) << 16); /* version 0x11 */
+val = 0x14 | ((APIC_LVT_NB - 1) << 16); /* version 0x14 */
 break;
 case 0x08:
 val = s->tpr;

Re: [Qemu-devel] [PATCH] qemu-kvm: response to SIGUSR1 to start/stop a VCPU (v2)

[Anthony Liguori]

On 11/23/2010 01:35 PM, Blue Swirl wrote:

On Tue, Nov 23, 2010 at 4:49 PM, Anthony Liguori  wrote:
   

qemu-kvm vcpu threads don't response to SIGSTOP/SIGCONT.  Instead of teaching
them to respond to these signals (which cannot be trapped), use SIGUSR1 to
approximate the behavior of SIGSTOP/SIGCONT.

The purpose of this is to implement CPU hard limits using an external tool that
watches the CPU consumption and stops the VCPU as appropriate.

This provides a more elegant solution in that it allows the VCPU thread to
release qemu_mutex before going to sleep.

This current implementation uses a single signal.  I think this is too racey
in the long term so I think we should introduce a second signal.  If two signals
get coalesced into one, it could confuse the monitoring tool into giving the
VCPU the inverse of it's entitlement.

It might be better to simply move this logic entirely into QEMU to make this
more robust--the question is whether we think this is a good long term feature
to carry in QEMU?
 
   

+static __thread int sigusr1_wfd;
 

While OpenBSD finally updated the default compiler to 4.2.1 from 3.x
series, thread local storage is still not supported:
   


Hrm, is there a portable way to do this (distinguish a signal on a 
particular thread)?


Regards,

Anthony Liguori


$ cat thread.c
static __thread int sigusr1_wfd;
$ gcc thread.c -c
thread.c:1: error: thread-local storage not supported for this target
$ gcc -v
Reading specs from /usr/lib/gcc-lib/sparc64-unknown-openbsd4.8/4.2.1/specs
Target: sparc64-unknown-openbsd4.8
Configured with: OpenBSD/sparc64 system compiler
Thread model: posix
gcc version 4.2.1 20070719