[Qemu-devel] [Bug 723871] Re: qemu-kvm-0.14.0 Aborts with -vga qxl

[Paul Whittaker]

I get the same error under very similar conditions:

Host is Athlon II X3 400e (triple core), host OS is my own DIET-PC
embedded platform, 2.6.34.1 x86_64 kernel with x86_64 userspace.  Qemu-
kvm compiled myself from official qemu-kvm-0.14.0 sources Debian Lenny,
against spice / spice-protocol 0.6.4, using:

export CFLAGS='-O3 -m64'
./configure --prefix=/usr/local --enable-mixemu --disable-brlapi \
--disable-vnc-tls --enable-system --disable-linux-user \
--disable-curses --audio-drv-list="oss sdl" --enable-io-thread \
--disable-vnc-png --enable-vnc-thread --enable-spice \
--audio-card-list="ac97 es1370 sb16 cs4231a adlib gus hda" \
--target-list="i386-softmmu x86_64-softmmu arm-softmmu mips-softmmu 
mipsel-softmmu ppc-softmmu ppc64-softmmu sparc-softmmu sparc64-softmmu"

Guest is Windows XP SP3 (uniprocessor), crash with exact same error as
above occurs when attempting to install qxl 0.6.3 spice driver on the
guest.  Guest has no virtio-serial or vdagent, but has viostor and
virtio network drivers.

Started using:

qemu-system-x86_64 -M pc -m 512 -vga qxl -soundhw ac97 -localtime -rtc-
td-hack -enable-kvm -name WinXP -net
nic,model=virtio,macaddr=00:77:69:6e:78:70 -net tap,ifname=winxp -drive
file=winxppro.img,if=virtio,aio=threads,boot=on -boot c

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/723871

Title:
  qemu-kvm-0.14.0 Aborts with -vga qxl

Status in QEMU:
  New

Bug description:
  Host CPU is Core i7 Q820.  KVM is from 2.6.35-gentoo-r5 kernel (x86_64).
  Host has spice-0.7.2 and spice-protocol-0.7.0.
  Guest is Windows XP SP3 with qxl driver 0.6.1, virtio-serial 1.1.6 and 
vdagent 0.6.3.

  qemu-kvm is started like so:
  qemu-system-x86_64 -cpu host -enable-kvm -pidfile /home/rick/qemu/hds/wxp.pid 
-drive 
file=/home/rick/qemu/hds/wxp.raw,if=virtio,media=disk,aio=native,snapshot=on -m 
768 -name WinXP -net nic,model=virtio -net user -localtime -usb -vga qxl 
-device virtio-serial -chardev spicevmc,name=vdagent,id=vdagent -device 
virtserialport,chardev=vdagent,name=com.redhat.spice.0 -spice 
port=1234,disable-ticketing -monitor stdio
  and crashes with:
  qemu-system-x86_64: /home/rick/qemu/src/qemu-kvm-0.14.0/qemu-kvm.c:1724: 
kvm_mutex_unlock: Assertion `!cpu_single_env' failed.
  Aborted

  If I use -no-kvm, it works fine.  If I use -vga std, it works fine.
  -enable-kvm and -vga qxl crashes.

Re: [Qemu-devel] [PATCH 58/58] vmstate: port mac_dbdma

[Blue Swirl]

On Thu, Feb 24, 2011 at 7:57 PM, Juan Quintela  wrote:
> Signed-off-by: Juan Quintela 
> ---
>  hw/mac_dbdma.c |   46 ++
>  1 files changed, 22 insertions(+), 24 deletions(-)
>
> diff --git a/hw/mac_dbdma.c b/hw/mac_dbdma.c
> index c108aee..3522552 100644
> --- a/hw/mac_dbdma.c
> +++ b/hw/mac_dbdma.c
> @@ -810,30 +810,28 @@ static CPUReadMemoryFunc * const dbdma_read[] = {
>     dbdma_readl,
>  };
>
> -static void dbdma_save(QEMUFile *f, void *opaque)
> -{
> -    DBDMAState *s = opaque;
> -    unsigned int i, j;
> -
> -    for (i = 0; i < DBDMA_CHANNELS; i++)
> -        for (j = 0; j < DBDMA_REGS; j++)
> -            qemu_put_be32s(f, &s->channels[i].regs[j]);
> -}
> -
> -static int dbdma_load(QEMUFile *f, void *opaque, int version_id)
> -{
> -    DBDMAState *s = opaque;
> -    unsigned int i, j;
> -
> -    if (version_id != 2)
> -        return -EINVAL;

Here the version ID was expected to be 2...

> -
> -    for (i = 0; i < DBDMA_CHANNELS; i++)
> -        for (j = 0; j < DBDMA_REGS; j++)
> -            qemu_get_be32s(f, &s->channels[i].regs[j]);
> +static const VMStateDescription vmstate_dbdma_channel = {
> +    .name = "dbdma_channel",
> +    .version_id = 0,
> +    .minimum_version_id = 0,
> +    .minimum_version_id_old = 0,
> +    .fields      = (VMStateField[]) {
> +        VMSTATE_UINT32_ARRAY(regs, struct DBDMA_channel, DBDMA_REGS),
> +        VMSTATE_END_OF_LIST()
> +    }
> +};
>
> -    return 0;
> -}
> +static const VMStateDescription vmstate_dbdma = {
> +    .name = "dbdma",
> +    .version_id = 1,

... while you now have 1 ...

> +    .minimum_version_id = 1,
> +    .minimum_version_id_old = 1,
> +    .fields      = (VMStateField[]) {
> +        VMSTATE_STRUCT_ARRAY(channels, DBDMAState, DBDMA_CHANNELS, 1,
> +                             vmstate_dbdma_channel, DBDMA_channel),
> +        VMSTATE_END_OF_LIST()
> +    }
> +};
>
>  static void dbdma_reset(void *opaque)
>  {
> @@ -852,7 +850,7 @@ void* DBDMA_init (int *dbdma_mem_index)
>
>     *dbdma_mem_index = cpu_register_io_memory(dbdma_read, dbdma_write, s,
>                                               DEVICE_LITTLE_ENDIAN);
> -    register_savevm(NULL, "dbdma", -1, 1, dbdma_save, dbdma_load, s);

... and here it was 1, which probably didn't work.

I'd still use 2.

Re: [Qemu-devel] [PATCH 46/58] pxa2xx_lcd: name anonymous struct

[Blue Swirl]

On Thu, Feb 24, 2011 at 7:57 PM, Juan Quintela  wrote:
> Signed-off-by: Juan Quintela 
> ---
>  hw/pxa2xx_lcd.c |   28 +++-
>  1 files changed, 15 insertions(+), 13 deletions(-)
>
> diff --git a/hw/pxa2xx_lcd.c b/hw/pxa2xx_lcd.c
> index 5b2b07e..78e31c4 100644
> --- a/hw/pxa2xx_lcd.c
> +++ b/hw/pxa2xx_lcd.c
> @@ -15,6 +15,20 @@
>  #include "sysemu.h"
>  #include "framebuffer.h"
>
> +struct dma_channel {

DMAChannel

Re: [Qemu-devel] Missing op on SPARC

[陳韋任]

Hi, Blue

  Since my machine is UltraSparc T2, I should configure QEMU with
"--sparc_cpu=v9", right? But it gave me the error below,

ERROR: "gcc" either does not exist or does not work

  Maybe I should pass some flag to QEMU or update my gcc?

Regards,
chenwj

-- 
Wei-Ren Chen (陳韋任)
Parallel Processing Lab, Institute of Information Science,
Academia Sinica, Taiwan (R.O.C.)
Tel:886-2-2788-3799 #1667

Re: [Qemu-devel] [PATCH 50/58] vmstate: port max111x

[Blue Swirl]

On Thu, Feb 24, 2011 at 7:57 PM, Juan Quintela  wrote:
> Signed-off-by: Juan Quintela 
> ---
>  hw/max111x.c |   49 +
>  1 files changed, 17 insertions(+), 32 deletions(-)
>
> diff --git a/hw/max111x.c b/hw/max111x.c
> index 3adc3e4..eca117e 100644
> --- a/hw/max111x.c
> +++ b/hw/max111x.c
> @@ -94,36 +94,22 @@ static uint32_t max111x_transfer(SSISlave *dev, uint32_t 
> value)
>     return max111x_read(s);
>  }
>
> -static void max111x_save(QEMUFile *f, void *opaque)
> -{
> -    MAX111xState *s = (MAX111xState *) opaque;
> -    int i;
> -
> -    qemu_put_8s(f, &s->tb1);
> -    qemu_put_8s(f, &s->rb2);
> -    qemu_put_8s(f, &s->rb3);
> -    qemu_put_be32(f, s->inputs);
> -    qemu_put_be32(f, s->com);
> -    for (i = 0; i < s->inputs; i ++)
> -        qemu_put_byte(f, s->input[i]);
> -}
> -
> -static int max111x_load(QEMUFile *f, void *opaque, int version_id)
> -{
> -    MAX111xState *s = (MAX111xState *) opaque;
> -    int i;
> -
> -    qemu_get_8s(f, &s->tb1);
> -    qemu_get_8s(f, &s->rb2);
> -    qemu_get_8s(f, &s->rb3);
> -    if (s->inputs != qemu_get_be32(f))
> -        return -EINVAL;
> -    s->com = qemu_get_be32(f);
> -    for (i = 0; i < s->inputs; i ++)
> -        s->input[i] = qemu_get_byte(f);
> -
> -    return 0;
> -}
> +static const VMStateDescription vmstate_max111x = {
> +    .name = "max111x",
> +    .version_id = 0,
> +    .minimum_version_id = 0,
> +    .minimum_version_id_old = 0,
> +    .fields      = (VMStateField[]) {
> +        VMSTATE_UINT8(tb1, MAX111xState),
> +        VMSTATE_UINT8(rb2, MAX111xState),
> +        VMSTATE_UINT8(rb3, MAX111xState),
> +        VMSTATE_INT32(inputs, MAX111xState),

Shouldn't this be VMSTATE_EQUAL_INT32(inputs, MAX111xState)?

Re: [Qemu-devel] Missing op on SPARC

[Blue Swirl]

On Sat, Feb 26, 2011 at 12:07 PM, 陳韋任  wrote:
> Hi, Blue
>
>  Since my machine is UltraSparc T2, I should configure QEMU with
> "--sparc_cpu=v9", right? But it gave me the error below,
>
> ERROR: "gcc" either does not exist or does not work
>
>  Maybe I should pass some flag to QEMU or update my gcc?

The logs probably tell the reason, but in general for V9 you'd need
fully 64 bit system libraries, at least for those that QEMU needs. For
example, Debian uses 32 bit userland (V8, maybe also v8plus), but
OpenBSD is fully 64 bit on Sparc64 (gcc can't even produce 32 bit
executables).

Configuring for v8 should work, since V9 CPUs can also run V8 software.

Re: [Qemu-devel] [PATCH 42/58] vmstate: port stellaris gamepad

[Blue Swirl]

On Thu, Feb 24, 2011 at 7:57 PM, Juan Quintela  wrote:
> Signed-off-by: Juan Quintela 
> ---
>  hw/stellaris_input.c |   50 
> --
>  1 files changed, 24 insertions(+), 26 deletions(-)
>
> diff --git a/hw/stellaris_input.c b/hw/stellaris_input.c
> index 16aae96..b5b3bd7 100644
> --- a/hw/stellaris_input.c
> +++ b/hw/stellaris_input.c
> @@ -13,7 +13,7 @@
>  typedef struct {
>     qemu_irq irq;
>     int keycode;
> -    int pressed;
> +    uint8_t pressed;
>  } gamepad_button;
>
>  typedef struct {
> @@ -47,30 +47,29 @@ static void stellaris_gamepad_put_key(void * opaque, int 
> keycode)
>     s->extension = 0;
>  }
>
> -static void stellaris_gamepad_save(QEMUFile *f, void *opaque)
> -{
> -    gamepad_state *s = (gamepad_state *)opaque;
> -    int i;
> -
> -    qemu_put_be32(f, s->extension);
> -    for (i = 0; i < s->num_buttons; i++)
> -        qemu_put_byte(f, s->buttons[i].pressed);
> -}
> -
> -static int stellaris_gamepad_load(QEMUFile *f, void *opaque, int version_id)
> -{
> -    gamepad_state *s = (gamepad_state *)opaque;
> -    int i;
> -
> -    if (version_id != 1)
> -        return -EINVAL;
> -
> -    s->extension = qemu_get_be32(f);
> -    for (i = 0; i < s->num_buttons; i++)
> -        s->buttons[i].pressed = qemu_get_byte(f);
> +static const VMStateDescription vmstate_stellaris_button = {
> +    .name = "stellaris_button",
> +    .version_id = 1,
> +    .minimum_version_id = 1,
> +    .minimum_version_id_old = 1,

For consistency with other structures, these version fields should be 0.

Re: [Qemu-devel] [PATCH 00/58] VMState: Port several non-pc devices

[Blue Swirl]

On Thu, Feb 24, 2011 at 7:56 PM, Juan Quintela  wrote:
> Hi
>
> This series are split in three parts:
> - All VMState changes/fixes are together at the beggining (patches 1-9)
> - Devices whose port is trivial: (patches 10-40)
> - Devices whose port needs some change in types, or introduce a new struct
>  to include all the device state: rest of patches.
>
> There are three warnings and one error for checpatch.  The Last one is
> a bug on checpatch, as there is no need to put spaces there (and
> putting params makes the preprecessor choke).
>
> And the other three, we can use worse arguments names or having longer
> than 80 chars macro definitions.
>
> I think that all are ok.
>
> #31: FILE: hw/hw.h:442:
> +#define VMSTATE_VARRAY_UINT32(_field, _state, _field_num, _version, _info, 
> _type) {\
>
> WARNING: line over 80 characters
> #23: FILE: hw/hw.h:512:
> +#define VMSTATE_STRUCT_VARRAY_INT32(_field, _state, _field_num, _version, 
> _vmsd, _type) { \
>
> #22: FILE: hw/hw.h:522:
> +#define VMSTATE_STRUCT_VARRAY_UINT32(_field, _state, _field_num, _version, 
> _vmsd, _type) { \
>
> #41: FILE: hw/hw.h:755:
> +    VMSTATE_POINTER_TEST(_f, _s, _test, vmstate_info_timer, QEMUTimer *)
>                                                                       ^
>
>
> None of the patches should be difficult to review/accept.
>
> Please review.  Anthony, apply the VMState ones the early possible, as it
> makes easier to work on other devices.

Very nice work! I had some minor comments, but otherwise for the whole series:
Reviewed-by: Blue Swirl 

[Qemu-devel] Re: kvm crashes with spice while loading qxl

[Jan Kiszka]

On 2011-02-26 12:43, xming wrote:
> When trying to start X (and it loads qxl driver) the kvm process just crashes.
> 
> qemu-kvm 0.14
> 
> startup line
> 
> /usr/bin/kvm -name spaceball,process=spaceball -m 1024 -kernel
> /boot/bzImage-2.6.37.2-guest -append "root=/dev/vda ro" -smp 1 -netdev
> type=tap,id=spaceball0,script=kvm-ifup-brloc,vhost=on -device
> virtio-net-pci,netdev=spaceball0,mac=00:16:3e:00:08:01 -drive
> file=/dev/volume01/G-spaceball,if=virtio -vga qxl -spice
> port=5957,disable-ticketing -monitor
> telnet:192.168.0.254:10007,server,nowait,nodelay -pidfile
> /var/run/kvm/spaceball.pid
> 
> host is running vanilla 2.6.37.1 on amd64.
> 
> Here is the bt
> 
> # gdb /usr/bin/qemu-system-x86_64
> GNU gdb (Gentoo 7.2 p1) 7.2
> Copyright (C) 2010 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-pc-linux-gnu".
> For bug reporting instructions, please see:
> ...
> Reading symbols from /usr/bin/qemu-system-x86_64...done.
> (gdb) set args -name spaceball,process=spaceball -m 1024 -kernel
> /boot/bzImage-2.6.37.2-guest -append "root=/dev/vda ro" -smp 1 -netdev
> type=tap,id=spaceball0,script=kvm-ifup-brloc,vhost=on -device
> virtio-net-pci,netdev=spaceball0,mac=00:16:3e:00:08:01 -drive
> file=/dev/volume01/G-spaceball,if=virtio -vga qxl -spice
> port=5957,disable-ticketing -monitor
> telnet:192.168.0.254:10007,server,nowait,nodelay -pidfile
> /var/run/kvm/spaceball.pid
> (gdb) run
> Starting program: /usr/bin/qemu-system-x86_64 -name
> spaceball,process=spaceball -m 1024 -kernel
> /boot/bzImage-2.6.37.2-guest -append "root=/dev/vda ro" -smp 1 -netdev
> type=tap,id=spaceball0,script=kvm-ifup-brloc,vhost=on -device
> virtio-net-pci,netdev=spaceball0,mac=00:16:3e:00:08:01 -drive
> file=/dev/volume01/G-spaceball,if=virtio -vga qxl -spice
> port=5957,disable-ticketing -monitor
> telnet:192.168.0.254:10007,server,nowait,nodelay -pidfile
> /var/run/kvm/spaceball.pid
> [Thread debugging using libthread_db enabled]
> do_spice_init: starting 0.6.0
> spice_server_add_interface: SPICE_INTERFACE_KEYBOARD
> spice_server_add_interface: SPICE_INTERFACE_MOUSE
> [New Thread 0x74802710 (LWP 30294)]
> spice_server_add_interface: SPICE_INTERFACE_QXL
> [New Thread 0x7fffaacae710 (LWP 30295)]
> red_worker_main: begin
> handle_dev_destroy_surfaces:
> handle_dev_destroy_surfaces:
> handle_dev_input: start
> [New Thread 0x7fffaa4ad710 (LWP 30298)]
> [New Thread 0x7fffa9cac710 (LWP 30299)]
> [New Thread 0x7fffa94ab710 (LWP 30300)]
> [New Thread 0x7fffa8caa710 (LWP 30301)]
> [New Thread 0x7fffa3fff710 (LWP 30302)]
> [New Thread 0x7fffa37fe710 (LWP 30303)]
> [New Thread 0x7fffa2ffd710 (LWP 30304)]
> [New Thread 0x7fffa27fc710 (LWP 30305)]
> [New Thread 0x7fffa1ffb710 (LWP 30306)]
> [New Thread 0x7fffa17fa710 (LWP 30307)]
> reds_handle_main_link:
> reds_show_new_channel: channel 1:0, connected successfully, over Non Secure 
> link
> reds_main_handle_message: net test: latency 5.636000 ms, bitrate
> 11027768 bps (10.516899 Mbps)
> reds_show_new_channel: channel 2:0, connected successfully, over Non Secure 
> link
> red_dispatcher_set_peer:
> handle_dev_input: connect
> handle_new_display_channel: jpeg disabled
> handle_new_display_channel: zlib-over-glz disabled
> reds_show_new_channel: channel 4:0, connected successfully, over Non Secure 
> link
> red_dispatcher_set_cursor_peer:
> handle_dev_input: cursor connect
> reds_show_new_channel: channel 3:0, connected successfully, over Non Secure 
> link
> inputs_link:
> [New Thread 0x7fffa07f8710 (LWP 30312)]
> [New Thread 0x7fff9fff7710 (LWP 30313)]
> [New Thread 0x7fff9f7f6710 (LWP 30314)]
> [New Thread 0x7fff9eff5710 (LWP 30315)]
> [New Thread 0x7fff9e7f4710 (LWP 30316)]
> [New Thread 0x7fff9dff3710 (LWP 30317)]
> [New Thread 0x7fff9d7f2710 (LWP 30318)]
> qemu-system-x86_64:
> /var/tmp/portage/app-emulation/qemu-kvm-0.14.0/work/qemu-kvm-0.14.0/qemu-kvm.c:1724:
> kvm_mutex_unlock: Assertion `!cpu_single_env' failed.
> 
> Program received signal SIGABRT, Aborted.
> [Switching to Thread 0x74802710 (LWP 30294)]
> 0x75daa165 in raise () from /lib/libc.so.6
> (gdb)
> (gdb)
> (gdb)
> (gdb)
> (gdb) bt
> #0  0x75daa165 in raise () from /lib/libc.so.6
> #1  0x75dab580 in abort () from /lib/libc.so.6
> #2  0x75da3201 in __assert_fail () from /lib/libc.so.6
> #3  0x00436f7e in kvm_mutex_unlock ()
> at 
> /var/tmp/portage/app-emulation/qemu-kvm-0.14.0/work/qemu-kvm-0.14.0/qemu-kvm.c:1724
> #4  qemu_mutex_unlock_iothread ()
> at 
> /var/tmp/portage/app-emulation/qemu-kvm-0.14.0/work/qemu-kvm-0.14.0/qemu-kvm.c:1737
> #5  0x005e84ee in qxl_hard_reset (d=0x15d3080, loadvm=0)
> at 
> /var/tmp/portage/app-emulation/qemu-kvm-0.14.0/work/q

Re: [Qemu-devel] [patch 2/3] Add support for live block copy

[Anthony Liguori]

On 02/25/2011 06:02 PM, Marcelo Tosatti wrote:

On Wed, Feb 23, 2011 at 01:06:46PM -0600, Anthony Liguori wrote:
   

On 02/22/2011 11:00 AM, Marcelo Tosatti wrote:
 

Index: qemu/qerror.h
===
--- qemu.orig/qerror.h
+++ qemu/qerror.h
@@ -171,4 +171,13 @@ QError *qobject_to_qerror(const QObject
  #define QERR_VNC_SERVER_FAILED \
  "{ 'class': 'VNCServerFailed', 'data': { 'target': %s } }"

+#define QERR_BLOCKCOPY_IN_PROGRESS \
+"{ 'class': 'BlockCopyInProgress', 'data': { 'device': %s } }"
   

The caller already knows the device name by virtue of issuing the
command so this is redundant.

I think a better approach would be a QERR_IN_PROGRESS 'data': {
'operation': %s }

For block copy, we'd say QERR_IN_PROGRESS("block copy").

 

+
+#define QERR_BLOCKCOPY_IMAGE_SIZE_DIFFERS \
+"{ 'class': 'BlockCopyImageSizeDiffers', 'data': {} }"
+
+#define QERR_MIGRATION_IN_PROGRESS \
+"{ 'class': 'MigrationInProgress', 'data': {} }"
   

Then QERR_IN_PROGRESS("live migration")
 

Can the error format change like that? What about applications that make
use of it? If it can change, sure. (libvirt.git does not seem to be
aware of MigrationInProgress).
   


You're adding MigrationInProgress in this patch so I don't see what 
could be using it.


   

  #endif /* QERROR_H */
Index: qemu/qmp-commands.hx
===
--- qemu.orig/qmp-commands.hx
+++ qemu/qmp-commands.hx
@@ -581,6 +581,75 @@ Example:
  EQMP

  {
+.name   = "block_copy",
+.args_type  = "device:s,filename:s,commit_filename:s?,inc:-i",
+.params = "device filename [commit_filename] [-i]",
+.help   = "live block copy device to image"
+  "\n\t\t\t optional commit filename "
+  "\n\t\t\t -i for incremental copy "
+  "(base image shared between src and destination)",
+.user_print = monitor_user_noop,
+.mhandler.cmd_new = do_bdrv_copy,
+},
+
+SQMP
+block-copy
+---
+
+Live block copy.
   

I'm not sure copy really describes what we're doing here.  Maybe
migrate-block?
 

Problem its easy to confuse "migrate-block" with "block migration". I
could not come up with a better, non-confusing name than "live block
copy".
   


Yeah, I don't think I like my suggested names any better to be honest.


+Arguments:
+
+- "device": device name (json-string)
+- "filename": target image filename (json-string)
   

Is this a created image?  Is this an image to create?
 

A previously created image.

   

To future proof for blockdev, we should make this argument optional
and if it's not specified throw an error about missing argument.
This let's us introduce an optional blockdev argument such that we
can use a blockdev name.
 

What you mean "blockdev"?
   


-drive file=image.qcow2,if=none,id=foo

'foo' is a named blockdev.  We don't have a way to add these through the 
monitor (yet) but we will for 0.15.



+- "commit_filename": target commit filename (json-string, optional)
   

I think we should drop this.
 

Why? Sorry but this can't wait for non-config persistent storage. This
mistake was made in the past with irqchip for example, lets not repeat
it.

Its OK to deprecate "commit_filename" in favour of its location in
non-config persistent storage.

Its not the end of the world for a mgmt app to handle change (not saying
its not a good principle) such as this.
   


Even as a one off, it's not a very good solution to the problem.  We'd 
be way better of just having nothing here than using the commit file.  
What are the semantics of a half written file?  How does a management 
tool detect a half written file?



What happens if:
  - No block copy is active anymore (it's completed)
 

cancel succeeds.
   


I think it would be better to fail.


  - device refers to a device with no media present
 

Right, this should be dealt with.

   

If this command succeeds, what the state of target?
 

It will be used as the image backing the guest block device. But
probably i don't understand your question.
   


If I execute block-copy, then I do block-copy-cancel, if it succeeds, am 
I guaranteed that we're still using the old block device?  (The answer 
is no because we don't error out if the migration has completed already).



If I resume the
operation with the incremental flag set, will it Just Work?
 

As in:

- block_copy ide0-hd1 /mnt/aa.img
- block_copy ide0-hd1 /mnt/aa.img -i

?

The second command will fail with QERR_BLOCKCOPY_IN_PROGRESS.
   


No, as in:

block_copy ide0-hd1 /mnt/aa.img
block_copy_cancel ide0-h1
block_copy ide0-h1 /mnt/aa.img -i

Does it pick up where it left off or does it start all over again?

Regards,

Anthony Liguori

Re: [Qemu-devel] Re: KVM call agenda for Jan 25

[Stefan Hajnoczi]

On Fri, Feb 25, 2011 at 5:42 PM, Dushyant Bansal
 wrote:
> On Saturday 29 January 2011 04:20 PM, Dushyant Bansal wrote:
>>
>> Or this: which is faster, qemu-img convert -f  -O
>>     or cp  ?  What about for
>> raw images, shouldn't that be the same speed as cp(1)?  Poke around
>> the source code, profile it, understand what it's doing, think about
>> ways to improve it.  No need to do everything, just doing part of this
>> will give you background on QEMU's block layer.
>>
>> Contributing patches is a good way get up to speed and show your
>> skills.  If time doesn't permit that, just think about the problem and
>> how you intend to solve it, and feel free to bounce ideas off me.
>>
>
> I explored 'qemu-img create and convert' and got a basic understanding of
> how they work.

Great, it's good to hear from you.

> cp faster than qemu-img convert

Yes, I've experienced that too.

> For raw->raw
> In cp, it just copies all the disk blocks actually occupied by the file.
> And, with qemu-img convert, it checks all the sectors and copy those, which
> contains atleast one non-NUL byte.
> The better performance of cp over qemu-img convert is the result of overhead
> of this checking.

How did you find out what cp(1) and qemu-img do?

How does cp(1) know which disk blocks are actually occupied?

> I tried a few variations:
> 1. just copy all the sectors without checking
> So, actual size becomes equal to virtual size.

Did that make qemu-img faster for the image file you tested?

> 2. In is_allocated_sectors,out of n sectors, if any sector has a non-NUL
> byte then break and copy all n sectors.
> As expected, resultant raw image was quite large in size.

This is kind of like what cp(1) does, except it limits n to 32 KB
maximum at a time.  Maybe if you add this tweak they will show similar
performance.  The drawback is that the output image is larger than
with the current approach.

Stefan

[Qemu-devel] Re: [PATCH 42/58] vmstate: port stellaris gamepad

[Juan Quintela]

Blue Swirl  wrote:
> On Thu, Feb 24, 2011 at 7:57 PM, Juan Quintela  wrote:
>> +static const VMStateDescription vmstate_stellaris_button = {
>> +    .name = "stellaris_button",
>> +    .version_id = 1,
>> +    .minimum_version_id = 1,
>> +    .minimum_version_id_old = 1,
>
> For consistency with other structures, these version fields should be 0.

>From the part that you didn't posted.

@@ -86,6 +85,5 @@ void stellaris_gamepad_init(int n, qemu_irq *irq, const int 
*keycode)
 }
 s->num_buttons = n;
 qemu_add_kbd_event_handler(stellaris_gamepad_put_key, s);
-register_savevm(NULL, "stellaris_gamepad", -1, 1,
-stellaris_gamepad_save, stellaris_gamepad_load, s);
+vmstate_register(NULL, -1, &vmstate_stellaris_gamepad, s);
 }
-- 
1.7.4


Version is already at ' (4th argument of register_savevm).  I just used
the version that was there.  I agree that some devices had started at
version 0 and others at version 1, but that is independent of this series.

Later, Juan.

[Qemu-devel] Re: x86_64 debugging while in 32-bit mode

[vagran]

Hi,
I have a problem with debugging 64-bit emulation using Qemu GDB stub. The
problem is that Qemu always sends x86_64 registers set disregarding 
current
actual mode of an emulated CPU. It results in error message in GDB - 
"Remote 'g'
packet reply is too long: ...". Yes, I understand that in case I will 
execute
"set architecture i386:x86-64:intel" command it will show me correct 
registers

content. But the problem is that in such case it will incorrectly try to
disassemble the code and unwind the stack - it will interpret it as 
64-bit while
it is actually 32-bit. In my understanding Qemu should dynamically 
change the
format of "g" and "G" packets depending on current CPU mode. On the 
other end,

user could change manually GDB current architecture by corresponding "set
architecture" command.
Please correct me, if I am not right. May be there is some existing 
methodology
of debugging Qemu emulated x86_64 architecture in different CPU modes. 
For now,
I have strong intention to make a patch for Qemu GDB stub, at least 
for me. But

I have impression that this should be corrected in official release too.

Hi,
Seems the problem is not present on the latest version of the Qemu. I 
had several

installed and occasionally launched old one. Sorry for inconvenience.

Best regards,
Artyom.

[Qemu-devel] Re: kvm crashes with spice while loading qxl

[xming]

Oops forgot to send this to the list too, here we go

> That's a spice bug. In fact, there are a lot of
> qemu_mutex_lock/unlock_iothread in that subsystem. I bet at least a few
> of them can cause even more subtle problems.

Just tried spice 0.7.3 (was using 0.6.x) and still the same, should I
file a bug against spice?

> Two general issues with dropping the global mutex like this:
>  - The caller of mutex_unlock is responsible for maintaining
>   cpu_single_env across the unlocked phase (that's related to the
>   abort above).
>  - Dropping the lock in the middle of a callback is risky. That may
>   enable re-entrances of code sections that weren't designed for this
>   (I'm skeptic about the side effects of
>   qemu_spice_vm_change_state_handler - why dropping the lock here?).
>
> Spice requires a careful review regarding such issues. Or it should
> pioneer with introducing its own lock so that we can handle at least
> related I/O activities over the VCPUs without holding the global mutex
> (but I bet it's not the simplest candidate for such a new scheme).
>
> Jan

Re: [Qemu-devel] [patch 2/3] Add support for live block copy

[Anthony Liguori]

On 02/25/2011 06:02 PM, Marcelo Tosatti wrote:

+- "commit_filename": target commit filename (json-string, optional)
   

I think we should drop this.
 

Why? Sorry but this can't wait for non-config persistent storage. This
mistake was made in the past with irqchip for example, lets not repeat
it.

Its OK to deprecate "commit_filename" in favour of its location in
non-config persistent storage.

Its not the end of the world for a mgmt app to handle change (not saying
its not a good principle) such as this


If you're looking for a stop-gap, I'd suggest adding an optional 
"action" parameter.  This parameter would take a string with valid 
values of "stop", "none".


If action=stop, then when block copy finishes, the guest will be stopped 
and an event will be sent.  This lets a management tool get notified, 
update it's config, and then continue the guest.  If the management tool 
crashes, it can do a query-block-copy to see that the copy finished 
along with a query-status to fix the guest.


This is more in line with how our other commands work.

Regards,

Anthony Liguori

[Qemu-devel] [PATCH v2 upstream 02/22] implement win32 dynticks timer

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 qemu-timer.c |7 ++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/qemu-timer.c b/qemu-timer.c
index 88c7b28..122e7ed 100644
--- a/qemu-timer.c
+++ b/qemu-timer.c
@@ -1004,6 +1004,7 @@ static void win32_stop_timer(struct qemu_alarm_timer *t)
 static void win32_rearm_timer(struct qemu_alarm_timer *t)
 {
 struct qemu_alarm_win32 *data = t->priv;
+int nearest_delta_ms;
 
 assert(alarm_has_dynticks(t));
 if (!active_timers[QEMU_CLOCK_REALTIME] &&
@@ -1013,7 +1014,11 @@ static void win32_rearm_timer(struct qemu_alarm_timer *t)
 
 timeKillEvent(data->timerId);
 
-data->timerId = timeSetEvent(1,
+nearest_delta_ms = (qemu_next_alarm_deadline() + 99) / 100;
+if (nearest_delta_ms < 1) {
+nearest_delta_ms = 1;
+}
+data->timerId = timeSetEvent(nearest_delta_ms,
 data->period,
 host_alarm_handler,
 (DWORD)t,
-- 
1.7.4

[Qemu-devel] [PATCH v2 uq/master 00/22] Win32 iothread support

[Paolo Bonzini]

After gathering the comments about the two series I sent separately,
here is the full series for Win32 iothread support, ready to be
applied to uq/master.

Patches 1 to 5 are generic Win32 improvements, including the qemu-thread
implementation.  Because of complex dependencies, I think it's better
if this part is also routed through uq/master.

Patches 6 to 8 are generic threading improvements, including using
PTHREAD_MUTEX_ERRORCHECK as suggested by Jan.

Patches 9 to 17 eliminate polling, replacing condition variable
timedwait with wait.

Patch 18 removes a redundant condition from the TCG cpu_exec_all
function.

Patches 19 to 21 add all necessary stubs to make iothread compile
with Win32, except the IPI calls.  These are provided by patch 22.

Tested on Wine and Linux, not on "real" Windows.  The series introduces
a dependency on Windows 2K or newer.  I don't think either 95/98/ME
or Windows NT 3.x are reasonable host systems for QEMU, anyway.

I incorporated all suggestions from Jan, including his renaming patch
for qemu_*_is_self, and included Aurelien's sh4 tweak to cpu_halted.

Aurelien Jarno (1):
  target-sh4: move intr_at_halt out of cpu_halted()

Jan Kiszka (1):
  Refactor thread retrieval and check

Paolo Bonzini (20):
  unlock iothread during WaitForMultipleObjects
  implement win32 dynticks timer
  use win32 timer queues
  add win32 qemu-thread implementation
  include qemu-thread.h early
  add assertions on the owner of a QemuMutex
  remove CONFIG_THREAD
  inline cpu_halted into sole caller
  always qemu_cpu_kick after unhalting a cpu
  exit round-robin vcpu loop if cpu->stopped is true
  always signal pause_cond after stopping a VCPU
  do not use timedwait on qemu_halt_cond
  do not use timedwait on qemu_system_cond
  do not use timedwait on qemu_pause_cond
  do not use timedwait on qemu_cpu_cond
  iothread stops the vcpu thread via IPI
  move blocking of signals to qemu_signalfd_init
  provide dummy signal init functions for win32
  protect qemu_cpu_kick_self for Win32
  add Win32 IPI service

 Makefile.objs|4 +-
 configure|2 -
 cpu-exec.c   |9 +-
 cpus.c   |  298 +-
 exec.c   |2 +-
 hw/ppc.c |2 +
 hw/sun4m.c   |   10 +-
 hw/sun4u.c   |4 +-
 os-win32.c   |2 +
 qemu-common.h|2 +-
 qemu-thread.c => qemu-thread-posix.c |   38 +++--
 qemu-thread-posix.h  |   18 ++
 qemu-thread-win32.c  |  260 +
 qemu-thread-win32.h  |   21 +++
 qemu-thread.h|   31 ++--
 qemu-timer.c |   89 +--
 target-alpha/exec.h  |   11 --
 target-arm/exec.h|   13 --
 target-cris/exec.h   |   11 --
 target-i386/exec.h   |   12 --
 target-i386/kvm.c|4 +-
 target-m68k/exec.h   |   10 --
 target-microblaze/exec.h |   11 --
 target-mips/exec.h   |   11 --
 target-ppc/exec.h|   11 --
 target-s390x/exec.h  |   12 --
 target-s390x/kvm.c   |1 +
 target-sh4/cpu.h |2 +-
 target-sh4/exec.h|   11 --
 target-sh4/helper.c  |4 +-
 target-sh4/op_helper.c   |1 +
 target-sparc/exec.h  |   10 --
 ui/vnc-jobs-async.c  |2 +-
 33 files changed, 562 insertions(+), 367 deletions(-)
 rename qemu-thread.c => qemu-thread-posix.c (81%)
 create mode 100644 qemu-thread-posix.h
 create mode 100644 qemu-thread-win32.c
 create mode 100644 qemu-thread-win32.h

-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 01/22] unlock iothread during WaitForMultipleObjects

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 os-win32.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/os-win32.c b/os-win32.c
index b214e6a..c971d92 100644
--- a/os-win32.c
+++ b/os-win32.c
@@ -140,7 +140,9 @@ void os_host_main_loop_wait(int *timeout)
 int err;
 WaitObjects *w = &wait_objects;
 
+qemu_mutex_unlock_iothread();
 ret = WaitForMultipleObjects(w->num, w->events, FALSE, *timeout);
+qemu_mutex_lock_iothread();
 if (WAIT_OBJECT_0 + 0 <= ret && ret <= WAIT_OBJECT_0 + w->num - 1) {
 if (w->func[ret - WAIT_OBJECT_0])
 w->func[ret - WAIT_OBJECT_0](w->opaque[ret - WAIT_OBJECT_0]);
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 03/22] use win32 timer queues

[Paolo Bonzini]

Multimedia timers are only useful for compatibility with Windows NT 4.0
and earlier.  Plus, the implementation in Wine is extremely heavyweight.

Signed-off-by: Paolo Bonzini 
---
 qemu-timer.c |   86 +++--
 1 files changed, 35 insertions(+), 51 deletions(-)

diff --git a/qemu-timer.c b/qemu-timer.c
index 122e7ed..1939d6b 100644
--- a/qemu-timer.c
+++ b/qemu-timer.c
@@ -200,11 +200,6 @@ static void qemu_rearm_alarm_timer(struct qemu_alarm_timer 
*t)
 
 #ifdef _WIN32
 
-struct qemu_alarm_win32 {
-MMRESULT timerId;
-unsigned int period;
-} alarm_win32_data = {0, 0};
-
 static int win32_start_timer(struct qemu_alarm_timer *t);
 static void win32_stop_timer(struct qemu_alarm_timer *t);
 static void win32_rearm_timer(struct qemu_alarm_timer *t);
@@ -298,9 +293,9 @@ static struct qemu_alarm_timer alarm_timers[] = {
 {"unix", unix_start_timer, unix_stop_timer, NULL, NULL},
 #else
 {"dynticks", win32_start_timer,
- win32_stop_timer, win32_rearm_timer, &alarm_win32_data},
+ win32_stop_timer, win32_rearm_timer, NULL},
 {"win32", win32_start_timer,
- win32_stop_timer, NULL, &alarm_win32_data},
+ win32_stop_timer, NULL, NULL},
 #endif
 {NULL, }
 };
@@ -636,9 +631,7 @@ void qemu_run_all_timers(void)
 static int64_t qemu_next_alarm_deadline(void);
 
 #ifdef _WIN32
-static void CALLBACK host_alarm_handler(UINT uTimerID, UINT uMsg,
-DWORD_PTR dwUser, DWORD_PTR dw1,
-DWORD_PTR dw2)
+static void CALLBACK host_alarm_handler(PVOID lpParam, BOOLEAN unused)
 #else
 static void host_alarm_handler(int host_signum)
 #endif
@@ -961,50 +954,45 @@ static void unix_stop_timer(struct qemu_alarm_timer *t)
 
 static int win32_start_timer(struct qemu_alarm_timer *t)
 {
-TIMECAPS tc;
-struct qemu_alarm_win32 *data = t->priv;
-UINT flags;
-
-memset(&tc, 0, sizeof(tc));
-timeGetDevCaps(&tc, sizeof(tc));
-
-data->period = tc.wPeriodMin;
-timeBeginPeriod(data->period);
-
-flags = TIME_CALLBACK_FUNCTION;
-if (alarm_has_dynticks(t))
-flags |= TIME_ONESHOT;
-else
-flags |= TIME_PERIODIC;
-
-data->timerId = timeSetEvent(1, // interval (ms)
-data->period,   // resolution
-host_alarm_handler, // function
-(DWORD)t,   // parameter
-flags);
-
-if (!data->timerId) {
+HANDLE hTimer;
+BOOLEAN success;
+
+/* If you call ChangeTimerQueueTimer on a one-shot timer (its period
+   is zero) that has already expired, the timer is not updated.  Since
+   creating a new timer is relatively expensive, set a bogus one-hour
+   interval in the dynticks case.  */
+success = CreateTimerQueueTimer(&hTimer,
+  NULL,
+  host_alarm_handler,
+  t,
+  1,
+  alarm_has_dynticks(t) ? 360 : 1,
+  WT_EXECUTEINTIMERTHREAD);
+
+if (!success) {
 fprintf(stderr, "Failed to initialize win32 alarm timer: %ld\n",
 GetLastError());
-timeEndPeriod(data->period);
 return -1;
 }
 
+t->priv = (PVOID) hTimer;
 return 0;
 }
 
 static void win32_stop_timer(struct qemu_alarm_timer *t)
 {
-struct qemu_alarm_win32 *data = t->priv;
+HANDLE hTimer = t->priv;
 
-timeKillEvent(data->timerId);
-timeEndPeriod(data->period);
+if (hTimer) {
+DeleteTimerQueueTimer(NULL, hTimer, NULL);
+}
 }
 
 static void win32_rearm_timer(struct qemu_alarm_timer *t)
 {
-struct qemu_alarm_win32 *data = t->priv;
+HANDLE hTimer = t->priv;
 int nearest_delta_ms;
+BOOLEAN success;
 
 assert(alarm_has_dynticks(t));
 if (!active_timers[QEMU_CLOCK_REALTIME] &&
@@ -1012,25 +1000,21 @@ static void win32_rearm_timer(struct qemu_alarm_timer 
*t)
 !active_timers[QEMU_CLOCK_HOST])
 return;
 
-timeKillEvent(data->timerId);
-
 nearest_delta_ms = (qemu_next_alarm_deadline() + 99) / 100;
 if (nearest_delta_ms < 1) {
 nearest_delta_ms = 1;
 }
-data->timerId = timeSetEvent(nearest_delta_ms,
-data->period,
-host_alarm_handler,
-(DWORD)t,
-TIME_ONESHOT | TIME_CALLBACK_FUNCTION);
-
-if (!data->timerId) {
-fprintf(stderr, "Failed to re-arm win32 alarm timer %ld\n",
-GetLastError());
+success = ChangeTimerQueueTimer(NULL,
+hTimer,
+nearest_delta_ms,
+360);
 
-timeEndPeriod(data->period);
-exit(1);
+if (!success) {
+fprintf(stderr, "Failed to rearm win32 alarm timer: %ld\n",
+GetLastError(

[Qemu-devel] [PATCH v2 upstream 08/22] remove CONFIG_THREAD

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 configure |2 --
 1 files changed, 0 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 3036faf..4de26d2 100755
--- a/configure
+++ b/configure
@@ -2662,7 +2662,6 @@ if test "$vnc_png" != "no" ; then
 fi
 if test "$vnc_thread" != "no" ; then
   echo "CONFIG_VNC_THREAD=y" >> $config_host_mak
-  echo "CONFIG_THREAD=y" >> $config_host_mak
 fi
 if test "$fnmatch" = "yes" ; then
   echo "CONFIG_FNMATCH=y" >> $config_host_mak
@@ -2758,7 +2757,6 @@ if test "$xen" = "yes" ; then
 fi
 if test "$io_thread" = "yes" ; then
   echo "CONFIG_IOTHREAD=y" >> $config_host_mak
-  echo "CONFIG_THREAD=y" >> $config_host_mak
 fi
 if test "$linux_aio" = "yes" ; then
   echo "CONFIG_LINUX_AIO=y" >> $config_host_mak
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 11/22] always qemu_cpu_kick after unhalting a cpu

[Paolo Bonzini]

This ensures env->halt_cond is broadcast, and the loop in
qemu_tcg_wait_io_event and qemu_kvm_wait_io_event is exited
naturally rather than through a timeout.

Signed-off-by: Paolo Bonzini 
---
 hw/ppc.c   |2 ++
 hw/sun4m.c |   10 --
 hw/sun4u.c |4 ++--
 target-s390x/kvm.c |1 +
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/hw/ppc.c b/hw/ppc.c
index 968aec1..de02d33 100644
--- a/hw/ppc.c
+++ b/hw/ppc.c
@@ -208,6 +208,7 @@ static void ppc970_set_irq (void *opaque, int pin, int 
level)
 } else {
 LOG_IRQ("%s: restart the CPU\n", __func__);
 env->halted = 0;
+qemu_cpu_kick(env);
 }
 break;
 case PPC970_INPUT_HRESET:
@@ -300,6 +301,7 @@ static void ppc40x_set_irq (void *opaque, int pin, int 
level)
 } else {
 LOG_IRQ("%s: restart the CPU\n", __func__);
 env->halted = 0;
+qemu_cpu_kick(env);
 }
 break;
 case PPC40x_INPUT_DEBUG:
diff --git a/hw/sun4m.c b/hw/sun4m.c
index 30e8a21..df3aa32 100644
--- a/hw/sun4m.c
+++ b/hw/sun4m.c
@@ -253,15 +253,21 @@ void cpu_check_irqs(CPUState *env)
 }
 }
 
+static void cpu_kick_irq(CPUState *env)
+{
+env->halted = 0;
+cpu_check_irqs(env);
+qemu_cpu_kick(env);
+}
+
 static void cpu_set_irq(void *opaque, int irq, int level)
 {
 CPUState *env = opaque;
 
 if (level) {
 trace_sun4m_cpu_set_irq_raise(irq);
-env->halted = 0;
 env->pil_in |= 1 << irq;
-cpu_check_irqs(env);
+cpu_kick_irq(env);
 } else {
 trace_sun4m_cpu_set_irq_lower(irq);
 env->pil_in &= ~(1 << irq);
diff --git a/hw/sun4u.c b/hw/sun4u.c
index 90b1ce2..d282324 100644
--- a/hw/sun4u.c
+++ b/hw/sun4u.c
@@ -298,6 +298,7 @@ static void cpu_kick_irq(CPUState *env)
 {
 env->halted = 0;
 cpu_check_irqs(env);
+qemu_cpu_kick(env);
 }
 
 static void cpu_set_irq(void *opaque, int irq, int level)
@@ -306,9 +307,8 @@ static void cpu_set_irq(void *opaque, int irq, int level)
 
 if (level) {
 CPUIRQ_DPRINTF("Raise CPU IRQ %d\n", irq);
-env->halted = 0;
 env->pil_in |= 1 << irq;
-cpu_check_irqs(env);
+cpu_kick_irq(env);
 } else {
 CPUIRQ_DPRINTF("Lower CPU IRQ %d\n", irq);
 env->pil_in &= ~(1 << irq);
diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index b349812..6e94274 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -194,6 +194,7 @@ static void kvm_s390_interrupt_internal(CPUState *env, int 
type, uint32_t parm,
 
 env->halted = 0;
 env->exception_index = -1;
+qemu_cpu_kick(env);
 
 kvmint.type = type;
 kvmint.parm = parm;
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 04/22] Refactor thread retrieval and check

[Paolo Bonzini]

From: Jan Kiszka 

We have qemu_cpu_self and qemu_thread_self. The latter is retrieving the
current thread, the former is checking for equality (using CPUState). We
also have qemu_thread_equal which is only used like qemu_cpu_self.

This refactors the interfaces, creating qemu_cpu_is_self and
qemu_thread_is_self as well ass qemu_thread_get_self.

Signed-off-by: Jan Kiszka 
Signed-off-by: Paolo Bonzini 
---
 cpus.c  |   22 --
 exec.c  |2 +-
 qemu-common.h   |2 +-
 qemu-thread.c   |6 +++---
 qemu-thread.h   |4 ++--
 target-i386/kvm.c   |4 ++--
 ui/vnc-jobs-async.c |2 +-
 7 files changed, 18 insertions(+), 24 deletions(-)

diff --git a/cpus.c b/cpus.c
index 0f33945..09ce6fe 100644
--- a/cpus.c
+++ b/cpus.c
@@ -531,7 +531,7 @@ void qemu_init_vcpu(void *_env)
 }
 }
 
-int qemu_cpu_self(void *env)
+int qemu_cpu_is_self(void *env)
 {
 return 1;
 }
@@ -699,7 +699,7 @@ int qemu_init_main_loop(void)
 qemu_mutex_init(&qemu_global_mutex);
 qemu_mutex_lock(&qemu_global_mutex);
 
-qemu_thread_self(&io_thread);
+qemu_thread_get_self(&io_thread);
 
 return 0;
 }
@@ -714,7 +714,7 @@ void run_on_cpu(CPUState *env, void (*func)(void *data), 
void *data)
 {
 struct qemu_work_item wi;
 
-if (qemu_cpu_self(env)) {
+if (qemu_cpu_is_self(env)) {
 func(data);
 return;
 }
@@ -808,7 +808,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
 int r;
 
 qemu_mutex_lock(&qemu_global_mutex);
-qemu_thread_self(env->thread);
+qemu_thread_get_self(env->thread);
 
 r = kvm_init_vcpu(env);
 if (r < 0) {
@@ -845,7 +845,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 CPUState *env = arg;
 
 qemu_tcg_init_cpu_signals();
-qemu_thread_self(env->thread);
+qemu_thread_get_self(env->thread);
 
 /* signal CPU creation */
 qemu_mutex_lock(&qemu_global_mutex);
@@ -888,14 +888,11 @@ void qemu_cpu_kick_self(void)
 }
 }
 
-int qemu_cpu_self(void *_env)
+int qemu_cpu_is_self(void *_env)
 {
 CPUState *env = _env;
-QemuThread this;
 
-qemu_thread_self(&this);
-
-return qemu_thread_equal(&this, env->thread);
+return qemu_thread_is_self(env->thread);
 }
 
 void qemu_mutex_lock_iothread(void)
@@ -1023,10 +1020,7 @@ void cpu_stop_current(void)
 
 void vm_stop(int reason)
 {
-QemuThread me;
-qemu_thread_self(&me);
-
-if (!qemu_thread_equal(&me, &io_thread)) {
+if (!qemu_thread_is_self(&io_thread)) {
 qemu_system_vmstop_request(reason);
 /*
  * FIXME: should not return to device code in case
diff --git a/exec.c b/exec.c
index d611100..439a6f6 100644
--- a/exec.c
+++ b/exec.c
@@ -1640,7 +1640,7 @@ void cpu_interrupt(CPUState *env, int mask)
  * If called from iothread context, wake the target cpu in
  * case its halted.
  */
-if (!qemu_cpu_self(env)) {
+if (!qemu_cpu_is_self(env)) {
 qemu_cpu_kick(env);
 return;
 }
diff --git a/qemu-common.h b/qemu-common.h
index 40dad52..958a002 100644
--- a/qemu-common.h
+++ b/qemu-common.h
@@ -289,7 +289,7 @@ void qemu_notify_event(void);
 /* Unblock cpu */
 void qemu_cpu_kick(void *env);
 void qemu_cpu_kick_self(void);
-int qemu_cpu_self(void *env);
+int qemu_cpu_is_self(void *env);
 
 /* work queue */
 struct qemu_work_item {
diff --git a/qemu-thread.c b/qemu-thread.c
index fbc78fe..e307773 100644
--- a/qemu-thread.c
+++ b/qemu-thread.c
@@ -176,14 +176,14 @@ void qemu_thread_signal(QemuThread *thread, int sig)
 error_exit(err, __func__);
 }
 
-void qemu_thread_self(QemuThread *thread)
+void qemu_thread_get_self(QemuThread *thread)
 {
 thread->thread = pthread_self();
 }
 
-int qemu_thread_equal(QemuThread *thread1, QemuThread *thread2)
+int qemu_thread_is_self(QemuThread *thread)
 {
-   return pthread_equal(thread1->thread, thread2->thread);
+   return pthread_equal(pthread_self(), thread->thread);
 }
 
 void qemu_thread_exit(void *retval)
diff --git a/qemu-thread.h b/qemu-thread.h
index 19bb30c..add97bf 100644
--- a/qemu-thread.h
+++ b/qemu-thread.h
@@ -37,8 +37,8 @@ void qemu_thread_create(QemuThread *thread,
void *(*start_routine)(void*),
void *arg);
 void qemu_thread_signal(QemuThread *thread, int sig);
-void qemu_thread_self(QemuThread *thread);
-int qemu_thread_equal(QemuThread *thread1, QemuThread *thread2);
+void qemu_thread_get_self(QemuThread *thread);
+int qemu_thread_is_self(QemuThread *thread);
 void qemu_thread_exit(void *retval);
 
 #endif
diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 0aa0a41..1f12cbf 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -1355,7 +1355,7 @@ int kvm_arch_put_registers(CPUState *env, int level)
 {
 int ret;
 
-assert(cpu_is_stopped(env) || qemu_cpu_self(env));
+assert(cpu_is_stopped(env) || qemu_cpu_is_self(env));
 
 ret = kvm_getput_regs(env, 1);
 if (ret < 0) {
@@ -1403,7 +1403,7 @@ int kvm_arch_g

[Qemu-devel] [PATCH v2 upstream 05/22] add win32 qemu-thread implementation

[Paolo Bonzini]

For now, qemu_cond_timedwait and qemu_mutex_timedlock are left as
POSIX-only functions.  They can be removed later, once the patches
that remove their uses are in.

Signed-off-by: Paolo Bonzini 
---
 Makefile.objs|4 +-
 qemu-thread.c => qemu-thread-posix.c |0
 qemu-thread-posix.h  |   18 +++
 qemu-thread-win32.c  |  260 ++
 qemu-thread-win32.h  |   21 +++
 qemu-thread.h|   27 ++--
 6 files changed, 313 insertions(+), 17 deletions(-)
 rename qemu-thread.c => qemu-thread-posix.c (100%)
 create mode 100644 qemu-thread-posix.h
 create mode 100644 qemu-thread-win32.c
 create mode 100644 qemu-thread-win32.h

diff --git a/Makefile.objs b/Makefile.objs
index 9e98a66..a52f42f 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -142,8 +142,8 @@ endif
 common-obj-y += $(addprefix ui/, $(ui-obj-y))
 
 common-obj-y += iov.o acl.o
-common-obj-$(CONFIG_THREAD) += qemu-thread.o
-common-obj-$(CONFIG_POSIX) += compatfd.o
+common-obj-$(CONFIG_POSIX) += qemu-thread-posix.o compatfd.o
+common-obj-$(CONFIG_WIN32) += qemu-thread-win32.o
 common-obj-y += notify.o event_notifier.o
 common-obj-y += qemu-timer.o qemu-timer-common.o
 
diff --git a/qemu-thread.c b/qemu-thread-posix.c
similarity index 100%
rename from qemu-thread.c
rename to qemu-thread-posix.c
diff --git a/qemu-thread-posix.h b/qemu-thread-posix.h
new file mode 100644
index 000..7af371c
--- /dev/null
+++ b/qemu-thread-posix.h
@@ -0,0 +1,18 @@
+#ifndef __QEMU_THREAD_POSIX_H
+#define __QEMU_THREAD_POSIX_H 1
+#include "pthread.h"
+
+struct QemuMutex {
+pthread_mutex_t lock;
+};
+
+struct QemuCond {
+pthread_cond_t cond;
+};
+
+struct QemuThread {
+pthread_t thread;
+};
+
+void qemu_thread_signal(QemuThread *thread, int sig);
+#endif
diff --git a/qemu-thread-win32.c b/qemu-thread-win32.c
new file mode 100644
index 000..89422ce
--- /dev/null
+++ b/qemu-thread-win32.c
@@ -0,0 +1,260 @@
+/*
+ * Win32 implementation for mutex/cond/thread functions
+ *
+ * Copyright Red Hat, Inc. 2010
+ *
+ * Author:
+ *  Paolo Bonzini 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+#include "qemu-common.h"
+#include "qemu-thread.h"
+#include 
+#include 
+#include 
+
+static void error_exit(int err, const char *msg)
+{
+char *pstr;
+
+FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+  NULL, err, 0, (LPTSTR)&pstr, 2, NULL);
+fprintf(stderr, "qemu: %s: %s\n", msg, pstr);
+LocalFree(pstr);
+exit(1);
+}
+
+void qemu_mutex_init(QemuMutex *mutex)
+{
+mutex->owner = 0;
+InitializeCriticalSection(&mutex->lock);
+}
+
+void qemu_mutex_lock(QemuMutex *mutex)
+{
+EnterCriticalSection(&mutex->lock);
+
+/* Win32 CRITICAL_SECTIONs are recursive.  Assert that we're not
+ * using them as such.
+ */
+assert(mutex->owner == 0);
+mutex->owner = GetCurrentThreadId();
+}
+
+int qemu_mutex_trylock(QemuMutex *mutex)
+{
+int owned;
+
+owned = TryEnterCriticalSection(&mutex->lock);
+if (owned) {
+assert(mutex->owner == 0);
+mutex->owner = GetCurrentThreadId();
+}
+return !owned;
+}
+
+void qemu_mutex_unlock(QemuMutex *mutex)
+{
+assert(mutex->owner == GetCurrentThreadId());
+mutex->owner = 0;
+LeaveCriticalSection(&mutex->lock);
+}
+
+void qemu_cond_init(QemuCond *cond)
+{
+memset(cond, 0, sizeof(*cond));
+
+cond->sema = CreateSemaphore(NULL, 0, LONG_MAX, NULL);
+if (!cond->sema) {
+error_exit(GetLastError(), __func__);
+}
+cond->continue_event = CreateEvent(NULL,/* security */
+   FALSE,   /* auto-reset */
+   FALSE,   /* not signaled */
+   NULL);   /* name */
+if (!cond->continue_event) {
+error_exit(GetLastError(), __func__);
+}
+}
+
+void qemu_cond_signal(QemuCond *cond)
+{
+DWORD result;
+
+/*
+ * Signal only when there are waiters.  cond->waiters is
+ * incremented by pthread_cond_wait under the external lock,
+ * so we are safe about that.
+ */
+if (cond->waiters == 0) {
+return;
+}
+
+/*
+ * Waiting threads decrement it outside the external lock, but
+ * only if another thread is executing pthread_cond_broadcast and
+ * has the mutex.  So, it also cannot be decremented concurrently
+ * with this particular access.
+ */
+cond->target = cond->waiters - 1;
+result = SignalObjectAndWait(cond->sema, cond->continue_event,
+ INFINITE, FALSE);
+if (result == WAIT_ABANDONED || result == WAIT_FAILED) {
+error_exit(GetLastError(), __func__);
+}
+}
+
+void qemu_cond_broadcast(QemuCond *cond)
+{
+BOOLEAN result;
+/*
+ * As in pthread_cond_signal, access

[Qemu-devel] [PATCH v2 upstream 19/22] move blocking of signals to qemu_signalfd_init

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 cpus.c |   87 ++-
 1 files changed, 36 insertions(+), 51 deletions(-)

diff --git a/cpus.c b/cpus.c
index 32e9352..8c440f1 100644
--- a/cpus.c
+++ b/cpus.c
@@ -346,11 +346,37 @@ static void sigfd_handler(void *opaque)
 }
 }
 
-static int qemu_signalfd_init(sigset_t mask)
+static int qemu_signalfd_init(void)
 {
 int sigfd;
+sigset_t set;
 
-sigfd = qemu_signalfd(&mask);
+#ifdef CONFIG_IOTHREAD
+/* SIGUSR2 used by posix-aio-compat.c */
+sigemptyset(&set);
+sigaddset(&set, SIGUSR2);
+pthread_sigmask(SIG_UNBLOCK, &set, NULL);
+
+sigemptyset(&set);
+sigaddset(&set, SIGIO);
+sigaddset(&set, SIGALRM);
+sigaddset(&set, SIG_IPI);
+sigaddset(&set, SIGBUS);
+pthread_sigmask(SIG_BLOCK, &set, NULL);
+#else
+sigemptyset(&set);
+sigaddset(&set, SIGBUS);
+if (kvm_enabled()) {
+/*
+ * We need to process timer signals synchronously to avoid a race
+ * between exit_request check and KVM vcpu entry.
+ */
+sigaddset(&set, SIGIO);
+sigaddset(&set, SIGALRM);
+}
+#endif
+
+sigfd = qemu_signalfd(&set);
 if (sigfd == -1) {
 fprintf(stderr, "failed to create signalfd\n");
 return -errno;
@@ -438,6 +464,12 @@ static void qemu_event_increment(void)
 static void qemu_kvm_eat_signals(CPUState *env)
 {
 }
+
+static int qemu_signalfd_init(void)
+{
+return 0;
+}
+
 #endif /* _WIN32 */
 
 #ifndef CONFIG_IOTHREAD
@@ -471,39 +503,14 @@ static void qemu_kvm_init_cpu_signals(CPUState *env)
 #endif
 }
 
-#ifndef _WIN32
-static sigset_t block_synchronous_signals(void)
-{
-sigset_t set;
-
-sigemptyset(&set);
-sigaddset(&set, SIGBUS);
-if (kvm_enabled()) {
-/*
- * We need to process timer signals synchronously to avoid a race
- * between exit_request check and KVM vcpu entry.
- */
-sigaddset(&set, SIGIO);
-sigaddset(&set, SIGALRM);
-}
-
-return set;
-}
-#endif
-
 int qemu_init_main_loop(void)
 {
-#ifndef _WIN32
-sigset_t blocked_signals;
 int ret;
 
-blocked_signals = block_synchronous_signals();
-
-ret = qemu_signalfd_init(blocked_signals);
+ret = qemu_signalfd_init();
 if (ret) {
 return ret;
 }
-#endif
 
 qemu_init_sigbus();
 
@@ -651,35 +658,13 @@ static void qemu_tcg_init_cpu_signals(void)
 pthread_sigmask(SIG_UNBLOCK, &set, NULL);
 }
 
-static sigset_t block_io_signals(void)
-{
-sigset_t set;
-
-/* SIGUSR2 used by posix-aio-compat.c */
-sigemptyset(&set);
-sigaddset(&set, SIGUSR2);
-pthread_sigmask(SIG_UNBLOCK, &set, NULL);
-
-sigemptyset(&set);
-sigaddset(&set, SIGIO);
-sigaddset(&set, SIGALRM);
-sigaddset(&set, SIG_IPI);
-sigaddset(&set, SIGBUS);
-pthread_sigmask(SIG_BLOCK, &set, NULL);
-
-return set;
-}
-
 int qemu_init_main_loop(void)
 {
 int ret;
-sigset_t blocked_signals;
 
 qemu_init_sigbus();
 
-blocked_signals = block_io_signals();
-
-ret = qemu_signalfd_init(blocked_signals);
+ret = qemu_signalfd_init();
 if (ret) {
 return ret;
 }
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 12/22] exit round-robin vcpu loop if cpu->stopped is true

[Paolo Bonzini]

Sometimes vcpus are stopped directly without going through ->stop = 1.
Exit the VCPU execution loop in this case as well.

Signed-off-by: Paolo Bonzini 
---
 cpus.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/cpus.c b/cpus.c
index c5743c4..785a104 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1098,7 +1098,7 @@ bool cpu_exec_all(void)
 cpu_handle_debug_exception(env);
 break;
 }
-} else if (env->stop) {
+} else if (env->stop || env->stopped) {
 break;
 }
 }
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 17/22] do not use timedwait on qemu_cpu_cond

[Paolo Bonzini]

Whenever env->created becomes true, qemu_cpu_cond is signaled by
{kvm,tcg}_cpu_thread_fn.

Signed-off-by: Paolo Bonzini 
---
 cpus.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpus.c b/cpus.c
index 8f169ad..4305184 100644
--- a/cpus.c
+++ b/cpus.c
@@ -970,7 +970,7 @@ static void qemu_tcg_init_vcpu(void *_env)
 qemu_cond_init(env->halt_cond);
 qemu_thread_create(env->thread, qemu_tcg_cpu_thread_fn, env);
 while (env->created == 0) {
-qemu_cond_timedwait(&qemu_cpu_cond, &qemu_global_mutex, 100);
+qemu_cond_wait(&qemu_cpu_cond, &qemu_global_mutex);
 }
 tcg_cpu_thread = env->thread;
 tcg_halt_cond = env->halt_cond;
@@ -987,7 +987,7 @@ static void qemu_kvm_start_vcpu(CPUState *env)
 qemu_cond_init(env->halt_cond);
 qemu_thread_create(env->thread, qemu_kvm_cpu_thread_fn, env);
 while (env->created == 0) {
-qemu_cond_timedwait(&qemu_cpu_cond, &qemu_global_mutex, 100);
+qemu_cond_wait(&qemu_cpu_cond, &qemu_global_mutex);
 }
 }
 
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 06/22] include qemu-thread.h early

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 cpus.c |3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)

diff --git a/cpus.c b/cpus.c
index 09ce6fe..c5743c4 100644
--- a/cpus.c
+++ b/cpus.c
@@ -32,6 +32,7 @@
 #include "kvm.h"
 #include "exec-all.h"
 
+#include "qemu-thread.h"
 #include "cpus.h"
 #include "compatfd.h"
 
@@ -592,8 +593,6 @@ void vm_stop(int reason)
 
 #else /* CONFIG_IOTHREAD */
 
-#include "qemu-thread.h"
-
 QemuMutex qemu_global_mutex;
 static QemuMutex qemu_fair_mutex;
 
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 15/22] do not use timedwait on qemu_system_cond

[Paolo Bonzini]

qemu_main_loop_start is the only place where qemu_system_ready is set
to 1.

Signed-off-by: Paolo Bonzini 
---
 cpus.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpus.c b/cpus.c
index 4c3837f..e367b3b 100644
--- a/cpus.c
+++ b/cpus.c
@@ -823,7 +823,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
 
 /* and wait for machine initialization */
 while (!qemu_system_ready) {
-qemu_cond_timedwait(&qemu_system_cond, &qemu_global_mutex, 100);
+qemu_cond_wait(&qemu_system_cond, &qemu_global_mutex);
 }
 
 while (1) {
@@ -855,7 +855,7 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 
 /* and wait for machine initialization */
 while (!qemu_system_ready) {
-qemu_cond_timedwait(&qemu_system_cond, &qemu_global_mutex, 100);
+qemu_cond_wait(&qemu_system_cond, &qemu_global_mutex);
 }
 
 while (1) {
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 21/22] protect qemu_cpu_kick_self for Win32

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 cpus.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/cpus.c b/cpus.c
index 395..34ef862 100644
--- a/cpus.c
+++ b/cpus.c
@@ -867,12 +867,16 @@ void qemu_cpu_kick(void *_env)
 
 void qemu_cpu_kick_self(void)
 {
+#ifndef _WIN32
 assert(cpu_single_env);
 
 if (!cpu_single_env->thread_kicked) {
 qemu_thread_signal(cpu_single_env->thread, SIG_IPI);
 cpu_single_env->thread_kicked = true;
 }
+#else
+abort();
+#endif
 }
 
 int qemu_cpu_is_self(void *_env)
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 20/22] provide dummy signal init functions for win32

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 cpus.c |  143 ---
 1 files changed, 73 insertions(+), 70 deletions(-)

diff --git a/cpus.c b/cpus.c
index 8c440f1..395 100644
--- a/cpus.c
+++ b/cpus.c
@@ -196,6 +196,16 @@ static void cpu_handle_debug_exception(CPUState *env)
 #endif
 }
 
+#ifdef CONFIG_IOTHREAD
+static void cpu_signal(int sig)
+{
+if (cpu_single_env) {
+cpu_exit(cpu_single_env);
+}
+exit_request = 1;
+}
+#endif
+
 #ifdef CONFIG_LINUX
 static void sigbus_reraise(void)
 {
@@ -390,6 +400,61 @@ static int qemu_signalfd_init(void)
 return 0;
 }
 
+static void qemu_kvm_init_cpu_signals(CPUState *env)
+{
+int r;
+sigset_t set;
+struct sigaction sigact;
+
+memset(&sigact, 0, sizeof(sigact));
+sigact.sa_handler = dummy_signal;
+sigaction(SIG_IPI, &sigact, NULL);
+
+#ifdef CONFIG_IOTHREAD
+pthread_sigmask(SIG_BLOCK, NULL, &set);
+sigdelset(&set, SIG_IPI);
+sigdelset(&set, SIGBUS);
+r = kvm_set_signal_mask(env, &set);
+if (r) {
+fprintf(stderr, "kvm_set_signal_mask: %s\n", strerror(-r));
+exit(1);
+}
+#else
+sigemptyset(&set);
+sigaddset(&set, SIG_IPI);
+sigaddset(&set, SIGIO);
+sigaddset(&set, SIGALRM);
+pthread_sigmask(SIG_BLOCK, &set, NULL);
+
+pthread_sigmask(SIG_BLOCK, NULL, &set);
+sigdelset(&set, SIGIO);
+sigdelset(&set, SIGALRM);
+#endif
+sigdelset(&set, SIG_IPI);
+sigdelset(&set, SIGBUS);
+r = kvm_set_signal_mask(env, &set);
+if (r) {
+fprintf(stderr, "kvm_set_signal_mask: %s\n", strerror(-r));
+exit(1);
+}
+}
+
+static void qemu_tcg_init_cpu_signals(void)
+{
+#ifdef CONFIG_IOTHREAD
+sigset_t set;
+struct sigaction sigact;
+
+memset(&sigact, 0, sizeof(sigact));
+sigact.sa_handler = cpu_signal;
+sigaction(SIG_IPI, &sigact, NULL);
+
+sigemptyset(&set);
+sigaddset(&set, SIG_IPI);
+pthread_sigmask(SIG_UNBLOCK, &set, NULL);
+#endif
+}
+
 static void qemu_kvm_eat_signals(CPUState *env)
 {
 struct timespec ts = { 0, 0 };
@@ -470,39 +535,17 @@ static int qemu_signalfd_init(void)
 return 0;
 }
 
-#endif /* _WIN32 */
-
-#ifndef CONFIG_IOTHREAD
 static void qemu_kvm_init_cpu_signals(CPUState *env)
 {
-#ifndef _WIN32
-int r;
-sigset_t set;
-struct sigaction sigact;
-
-memset(&sigact, 0, sizeof(sigact));
-sigact.sa_handler = dummy_signal;
-sigaction(SIG_IPI, &sigact, NULL);
-
-sigemptyset(&set);
-sigaddset(&set, SIG_IPI);
-sigaddset(&set, SIGIO);
-sigaddset(&set, SIGALRM);
-pthread_sigmask(SIG_BLOCK, &set, NULL);
+abort();
+}
 
-pthread_sigmask(SIG_BLOCK, NULL, &set);
-sigdelset(&set, SIG_IPI);
-sigdelset(&set, SIGBUS);
-sigdelset(&set, SIGIO);
-sigdelset(&set, SIGALRM);
-r = kvm_set_signal_mask(env, &set);
-if (r) {
-fprintf(stderr, "kvm_set_signal_mask: %s\n", strerror(-r));
-exit(1);
-}
-#endif
+static void qemu_tcg_init_cpu_signals(void)
+{
 }
+#endif /* _WIN32 */
 
+#ifndef CONFIG_IOTHREAD
 int qemu_init_main_loop(void)
 {
 int ret;
@@ -536,6 +579,8 @@ void qemu_init_vcpu(void *_env)
 exit(1);
 }
 qemu_kvm_init_cpu_signals(env);
+} else {
+qemu_tcg_init_cpu_signals();
 }
 }
 
@@ -616,48 +661,6 @@ static QemuCond qemu_system_cond;
 static QemuCond qemu_pause_cond;
 static QemuCond qemu_work_cond;
 
-static void cpu_signal(int sig)
-{
-if (cpu_single_env) {
-cpu_exit(cpu_single_env);
-}
-exit_request = 1;
-}
-
-static void qemu_kvm_init_cpu_signals(CPUState *env)
-{
-int r;
-sigset_t set;
-struct sigaction sigact;
-
-memset(&sigact, 0, sizeof(sigact));
-sigact.sa_handler = dummy_signal;
-sigaction(SIG_IPI, &sigact, NULL);
-
-pthread_sigmask(SIG_BLOCK, NULL, &set);
-sigdelset(&set, SIG_IPI);
-sigdelset(&set, SIGBUS);
-r = kvm_set_signal_mask(env, &set);
-if (r) {
-fprintf(stderr, "kvm_set_signal_mask: %s\n", strerror(-r));
-exit(1);
-}
-}
-
-static void qemu_tcg_init_cpu_signals(void)
-{
-sigset_t set;
-struct sigaction sigact;
-
-memset(&sigact, 0, sizeof(sigact));
-sigact.sa_handler = cpu_signal;
-sigaction(SIG_IPI, &sigact, NULL);
-
-sigemptyset(&set);
-sigaddset(&set, SIG_IPI);
-pthread_sigmask(SIG_UNBLOCK, &set, NULL);
-}
-
 int qemu_init_main_loop(void)
 {
 int ret;
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 07/22] add assertions on the owner of a QemuMutex

[Paolo Bonzini]

These are already present in the Win32 implementation, add them to
the pthread wrappers as well.  Use PTHREAD_MUTEX_ERRORCHECK for mutex
operations, and track the owner separately for cond_signal/broadcast.

Signed-off-by: Paolo Bonzini 
---
 qemu-thread-posix.c |   23 +--
 qemu-thread-posix.h |1 +
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/qemu-thread-posix.c b/qemu-thread-posix.c
index e307773..a4c6e25 100644
--- a/qemu-thread-posix.c
+++ b/qemu-thread-posix.c
@@ -16,9 +16,12 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include "qemu-thread.h"
 
+static pthread_t pthread_null;
+
 static void error_exit(int err, const char *msg)
 {
 fprintf(stderr, "qemu: %s: %s\n", msg, strerror(err));
@@ -28,8 +31,13 @@ static void error_exit(int err, const char *msg)
 void qemu_mutex_init(QemuMutex *mutex)
 {
 int err;
+pthread_mutexattr_t mutexattr;
 
-err = pthread_mutex_init(&mutex->lock, NULL);
+mutex->owner = pthread_null;
+pthread_mutexattr_init(&mutexattr);
+pthread_mutexattr_settype(&mutexattr, PTHREAD_MUTEX_ERRORCHECK);
+err = pthread_mutex_init(&mutex->lock, &mutexattr);
+pthread_mutexattr_destroy(&mutexattr);
 if (err)
 error_exit(err, __func__);
 }
@@ -48,13 +56,20 @@ void qemu_mutex_lock(QemuMutex *mutex)
 int err;
 
 err = pthread_mutex_lock(&mutex->lock);
+mutex->owner = pthread_self();
 if (err)
 error_exit(err, __func__);
 }
 
 int qemu_mutex_trylock(QemuMutex *mutex)
 {
-return pthread_mutex_trylock(&mutex->lock);
+int err;
+err = pthread_mutex_trylock(&mutex->lock);
+if (err == 0) {
+mutex->owner = pthread_self();
+}
+
+return !!err;
 }
 
 static void timespec_add_ms(struct timespec *ts, uint64_t msecs)
@@ -85,6 +100,7 @@ void qemu_mutex_unlock(QemuMutex *mutex)
 {
 int err;
 
+mutex->owner = pthread_null;
 err = pthread_mutex_unlock(&mutex->lock);
 if (err)
 error_exit(err, __func__);
@@ -130,7 +146,10 @@ void qemu_cond_wait(QemuCond *cond, QemuMutex *mutex)
 {
 int err;
 
+assert(pthread_equal(mutex->owner, pthread_self()));
+mutex->owner = pthread_null;
 err = pthread_cond_wait(&cond->cond, &mutex->lock);
+mutex->owner = pthread_self();
 if (err)
 error_exit(err, __func__);
 }
diff --git a/qemu-thread-posix.h b/qemu-thread-posix.h
index 7af371c..11978db 100644
--- a/qemu-thread-posix.h
+++ b/qemu-thread-posix.h
@@ -4,6 +4,7 @@
 
 struct QemuMutex {
 pthread_mutex_t lock;
+pthread_t owner;
 };
 
 struct QemuCond {
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 22/22] add Win32 IPI service

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 cpus.c  |   25 ++---
 qemu-thread-posix.c |9 -
 qemu-thread-posix.h |1 -
 3 files changed, 22 insertions(+), 13 deletions(-)

diff --git a/cpus.c b/cpus.c
index 34ef862..a2de3c2 100644
--- a/cpus.c
+++ b/cpus.c
@@ -854,13 +854,32 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 return NULL;
 }
 
+static void qemu_cpu_kick_thread(CPUState *env)
+{
+#ifndef _WIN32
+int err;
+
+err = pthread_kill(env->thread->thread, SIG_IPI);
+if (err) {
+fprintf(stderr, "qemu:%s: %s", __func__, strerror(err));
+exit(1);
+}
+#else /* _WIN32 */
+if (!qemu_cpu_is_self(env)) {
+SuspendThread(env->thread->thread);
+cpu_signal(0);
+ResumeThread(env->thread->thread);
+}
+#endif
+}
+
 void qemu_cpu_kick(void *_env)
 {
 CPUState *env = _env;
 
 qemu_cond_broadcast(env->halt_cond);
 if (!env->thread_kicked) {
-qemu_thread_signal(env->thread, SIG_IPI);
+qemu_cpu_kick_thread(env);
 env->thread_kicked = true;
 }
 }
@@ -871,7 +890,7 @@ void qemu_cpu_kick_self(void)
 assert(cpu_single_env);
 
 if (!cpu_single_env->thread_kicked) {
-qemu_thread_signal(cpu_single_env->thread, SIG_IPI);
+qemu_cpu_kick_thread(cpu_single_env);
 cpu_single_env->thread_kicked = true;
 }
 #else
@@ -893,7 +912,7 @@ void qemu_mutex_lock_iothread(void)
 } else {
 qemu_mutex_lock(&qemu_fair_mutex);
 if (qemu_mutex_trylock(&qemu_global_mutex)) {
-qemu_thread_signal(tcg_cpu_thread, SIG_IPI);
+qemu_cpu_kick_thread(first_cpu);
 qemu_mutex_lock(&qemu_global_mutex);
 }
 qemu_mutex_unlock(&qemu_fair_mutex);
diff --git a/qemu-thread-posix.c b/qemu-thread-posix.c
index a4c6e25..9cceda7 100644
--- a/qemu-thread-posix.c
+++ b/qemu-thread-posix.c
@@ -186,15 +186,6 @@ void qemu_thread_create(QemuThread *thread,
 pthread_sigmask(SIG_SETMASK, &oldset, NULL);
 }
 
-void qemu_thread_signal(QemuThread *thread, int sig)
-{
-int err;
-
-err = pthread_kill(thread->thread, sig);
-if (err)
-error_exit(err, __func__);
-}
-
 void qemu_thread_get_self(QemuThread *thread)
 {
 thread->thread = pthread_self();
diff --git a/qemu-thread-posix.h b/qemu-thread-posix.h
index 11978db..35e0a8b 100644
--- a/qemu-thread-posix.h
+++ b/qemu-thread-posix.h
@@ -15,5 +15,4 @@ struct QemuThread {
 pthread_t thread;
 };
 
-void qemu_thread_signal(QemuThread *thread, int sig);
 #endif
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 09/22] target-sh4: move intr_at_halt out of cpu_halted()

[Paolo Bonzini]

From: Aurelien Jarno 

All targets except SH4 have the same cpu_halted() routine, and it has
only one caller. It is therefore a good candidate for inlining.

The difference is the handling of the intr_at_halt, which is necessary
to ignore SR.BL when sleeping. Move intr_at_halt handling out of it, by
setting this variable while executing the sleep instruction, and
clearing it when the CPU has been woken-up by an interrupt, whatever the
state of SR.BL. Also rename this variable in_sleep.

Cc: Paolo Bonzini 
Signed-off-by: Aurelien Jarno 
---
 target-sh4/cpu.h   |2 +-
 target-sh4/exec.h  |1 -
 target-sh4/helper.c|4 ++--
 target-sh4/op_helper.c |1 +
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/target-sh4/cpu.h b/target-sh4/cpu.h
index 789d188..74ff97a 100644
--- a/target-sh4/cpu.h
+++ b/target-sh4/cpu.h
@@ -184,7 +184,7 @@ typedef struct CPUSH4State {
 uint32_t cvr;  /* Cache Version Register */
 
 void *intc_handle;
-int intr_at_halt;  /* SR_BL ignored during sleep */
+int in_sleep;  /* SR_BL ignored during sleep */
 memory_content *movcal_backup;
 memory_content **movcal_backup_tail;
 } CPUSH4State;
diff --git a/target-sh4/exec.h b/target-sh4/exec.h
index 2999c02..61bc121 100644
--- a/target-sh4/exec.h
+++ b/target-sh4/exec.h
@@ -37,7 +37,6 @@ static inline int cpu_halted(CPUState *env) {
 return 0;
 if (cpu_has_work(env)) {
 env->halted = 0;
-env->intr_at_halt = 1;
 return 0;
 }
 return EXCP_HALTED;
diff --git a/target-sh4/helper.c b/target-sh4/helper.c
index d2038bd..8f36d31 100644
--- a/target-sh4/helper.c
+++ b/target-sh4/helper.c
@@ -90,11 +90,11 @@ void do_interrupt(CPUState * env)
 if (do_exp && env->exception_index != 0x1e0) {
 env->exception_index = 0x000; /* masked exception -> reset */
 }
-if (do_irq && !env->intr_at_halt) {
+if (do_irq && !env->in_sleep) {
 return; /* masked */
 }
-env->intr_at_halt = 0;
 }
+env->in_sleep = 0;
 
 if (do_irq) {
 irq_vector = sh_intc_get_pending_vector(env->intc_handle,
diff --git a/target-sh4/op_helper.c b/target-sh4/op_helper.c
index 30f9842..b8f4ca2 100644
--- a/target-sh4/op_helper.c
+++ b/target-sh4/op_helper.c
@@ -119,6 +119,7 @@ void helper_debug(void)
 void helper_sleep(uint32_t next_pc)
 {
 env->halted = 1;
+env->in_sleep = 1;
 env->exception_index = EXCP_HLT;
 env->pc = next_pc;
 cpu_loop_exit();
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 10/22] inline cpu_halted into sole caller

[Paolo Bonzini]

All implementations are now the same, and there is only one caller,
so inline the function there.

Signed-off-by: Paolo Bonzini 
---
 cpu-exec.c   |9 +++--
 target-alpha/exec.h  |   11 ---
 target-arm/exec.h|   13 -
 target-cris/exec.h   |   11 ---
 target-i386/exec.h   |   12 
 target-m68k/exec.h   |   10 --
 target-microblaze/exec.h |   11 ---
 target-mips/exec.h   |   11 ---
 target-ppc/exec.h|   11 ---
 target-s390x/exec.h  |   12 
 target-sh4/exec.h|   10 --
 target-sparc/exec.h  |   10 --
 12 files changed, 7 insertions(+), 124 deletions(-)

diff --git a/cpu-exec.c b/cpu-exec.c
index b03b3a7..eed9282 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -208,8 +208,13 @@ int cpu_exec(CPUState *env1)
 uint8_t *tc_ptr;
 unsigned long next_tb;
 
-if (cpu_halted(env1) == EXCP_HALTED)
-return EXCP_HALTED;
+if (env1->halted) {
+if (!cpu_has_work(env1)) {
+return EXCP_HALTED;
+}
+
+env1->halted = 0;
+}
 
 cpu_single_env = env1;
 
diff --git a/target-alpha/exec.h b/target-alpha/exec.h
index a8a38d2..6ae96d1 100644
--- a/target-alpha/exec.h
+++ b/target-alpha/exec.h
@@ -42,17 +42,6 @@ static inline int cpu_has_work(CPUState *env)
 return (env->interrupt_request & CPU_INTERRUPT_HARD);
 }
 
-static inline int cpu_halted(CPUState *env)
-{
-if (!env->halted)
-return 0;
-if (cpu_has_work(env)) {
-env->halted = 0;
-return 0;
-}
-return EXCP_HALTED;
-}
-
 static inline void cpu_pc_from_tb(CPUState *env, TranslationBlock *tb)
 {
 env->pc = tb->pc;
diff --git a/target-arm/exec.h b/target-arm/exec.h
index e4c35a3..44e1b55 100644
--- a/target-arm/exec.h
+++ b/target-arm/exec.h
@@ -32,19 +32,6 @@ static inline int cpu_has_work(CPUState *env)
 (CPU_INTERRUPT_FIQ | CPU_INTERRUPT_HARD | CPU_INTERRUPT_EXITTB));
 }
 
-static inline int cpu_halted(CPUState *env) {
-if (!env->halted)
-return 0;
-/* An interrupt wakes the CPU even if the I and F CPSR bits are
-   set.  We use EXITTB to silently wake CPU without causing an
-   actual interrupt.  */
-if (cpu_has_work(env)) {
-env->halted = 0;
-return 0;
-}
-return EXCP_HALTED;
-}
-
 #if !defined(CONFIG_USER_ONLY)
 #include "softmmu_exec.h"
 #endif
diff --git a/target-cris/exec.h b/target-cris/exec.h
index 34c0132..2d5d297 100644
--- a/target-cris/exec.h
+++ b/target-cris/exec.h
@@ -33,17 +33,6 @@ static inline int cpu_has_work(CPUState *env)
 return (env->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_NMI));
 }
 
-static inline int cpu_halted(CPUState *env) {
-   if (!env->halted)
-   return 0;
-
-   if (cpu_has_work(env)) {
-   env->halted = 0;
-   return 0;
-   }
-   return EXCP_HALTED;
-}
-
 static inline void cpu_pc_from_tb(CPUState *env, TranslationBlock *tb)
 {
 env->pc = tb->pc;
diff --git a/target-i386/exec.h b/target-i386/exec.h
index fc8945b..3e7386e 100644
--- a/target-i386/exec.h
+++ b/target-i386/exec.h
@@ -304,18 +304,6 @@ static inline int cpu_has_work(CPUState *env)
 return work;
 }
 
-static inline int cpu_halted(CPUState *env) {
-/* handle exit of HALTED state */
-if (!env->halted)
-return 0;
-/* disable halt condition */
-if (cpu_has_work(env)) {
-env->halted = 0;
-return 0;
-}
-return EXCP_HALTED;
-}
-
 /* load efer and update the corresponding hflags. XXX: do consistency
checks with cpuid bits ? */
 static inline void cpu_load_efer(CPUState *env, uint64_t val)
diff --git a/target-m68k/exec.h b/target-m68k/exec.h
index f31e06e..91daa6b 100644
--- a/target-m68k/exec.h
+++ b/target-m68k/exec.h
@@ -33,16 +33,6 @@ static inline int cpu_has_work(CPUState *env)
 return (env->interrupt_request & (CPU_INTERRUPT_HARD));
 }
 
-static inline int cpu_halted(CPUState *env) {
-if (!env->halted)
-return 0;
-if (cpu_has_work(env)) {
-env->halted = 0;
-return 0;
-}
-return EXCP_HALTED;
-}
-
 static inline void cpu_pc_from_tb(CPUState *env, TranslationBlock *tb)
 {
 env->pc = tb->pc;
diff --git a/target-microblaze/exec.h b/target-microblaze/exec.h
index ab19828..1efff30 100644
--- a/target-microblaze/exec.h
+++ b/target-microblaze/exec.h
@@ -32,17 +32,6 @@ static inline int cpu_has_work(CPUState *env)
 return (env->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_NMI));
 }
 
-static inline int cpu_halted(CPUState *env) {
-   if (!env->halted)
-   return 0;
-
-   if (cpu_has_work(env)) {
-   env->halted = 0;
-   return 0;
-   }
-   return EXCP_HALTED;
-}
-
 static inline void cpu_pc_from_tb(CPUState *env, TranslationBlock *tb)
 {
 env->sregs[SR_PC] = tb->pc;
diff --git a/target-mips/exec.h b/target-mips/exec.

[Qemu-devel] [PATCH v2 upstream 13/22] always signal pause_cond after stopping a VCPU

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 cpus.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/cpus.c b/cpus.c
index 785a104..6cfb45b 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1012,8 +1012,10 @@ void qemu_notify_event(void)
 void cpu_stop_current(void)
 {
 if (cpu_single_env) {
+cpu_single_env->stop = 0;
 cpu_single_env->stopped = 1;
 cpu_exit(cpu_single_env);
+qemu_cond_signal(&qemu_pause_cond);
 }
 }
 
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 14/22] do not use timedwait on qemu_halt_cond

[Paolo Bonzini]

The following conditions can cause cpu_has_work(env) to become true:

- env->queued_work_first: run_on_cpu is already kicking the VCPU

- env->stop = 1: pause_all_vcpus is already kicking the VCPU

- env->stopped = 0: resume_all_vcpus is already kicking the VCPU

- vm_running = 1: vm_start is calling resume_all_vcpus

- env->halted = 0: see previous patch

- qemu_cpu_has_work(env): when it becomes true, board code should set
  env->halted = 0 too.

Signed-off-by: Paolo Bonzini 
---
 cpus.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpus.c b/cpus.c
index 6cfb45b..4c3837f 100644
--- a/cpus.c
+++ b/cpus.c
@@ -771,7 +771,7 @@ static void qemu_tcg_wait_io_event(void)
 CPUState *env;
 
 while (all_cpu_threads_idle()) {
-qemu_cond_timedwait(tcg_halt_cond, &qemu_global_mutex, 1000);
+qemu_cond_wait(tcg_halt_cond, &qemu_global_mutex);
 }
 
 qemu_mutex_unlock(&qemu_global_mutex);
@@ -794,7 +794,7 @@ static void qemu_tcg_wait_io_event(void)
 static void qemu_kvm_wait_io_event(CPUState *env)
 {
 while (cpu_thread_is_idle(env)) {
-qemu_cond_timedwait(env->halt_cond, &qemu_global_mutex, 1000);
+qemu_cond_wait(env->halt_cond, &qemu_global_mutex);
 }
 
 qemu_kvm_eat_signals(env);
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 16/22] do not use timedwait on qemu_pause_cond

[Paolo Bonzini]

all_vcpus_paused can start returning true after penv->stopped changes
from 0 to 1.  When this is done, qemu_pause_cond is always signaled.

Signed-off-by: Paolo Bonzini 
---
 cpus.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/cpus.c b/cpus.c
index e367b3b..8f169ad 100644
--- a/cpus.c
+++ b/cpus.c
@@ -938,7 +938,7 @@ void pause_all_vcpus(void)
 }
 
 while (!all_vcpus_paused()) {
-qemu_cond_timedwait(&qemu_pause_cond, &qemu_global_mutex, 100);
+qemu_cond_wait(&qemu_pause_cond, &qemu_global_mutex);
 penv = first_cpu;
 while (penv) {
 qemu_cpu_kick(penv);
-- 
1.7.4

[Qemu-devel] [PATCH v2 upstream 18/22] iothread stops the vcpu thread via IPI

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 cpus.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/cpus.c b/cpus.c
index 4305184..32e9352 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1086,9 +1086,11 @@ bool cpu_exec_all(void)
 qemu_clock_enable(vm_clock,
   (env->singlestep_enabled & SSTEP_NOTIMER) == 0);
 
+#ifndef CONFIG_IOTHREAD
 if (qemu_alarm_pending()) {
 break;
 }
+#endif
 if (cpu_can_run(env)) {
 if (kvm_enabled()) {
 r = kvm_cpu_exec(env);
-- 
1.7.4

[Qemu-devel] Hooking memory access in TCG

[felix.matenaar@rwth-aachen]

Hi *,

i am currently trying to trace guest memory access (i386-softmmu). tcg
README says tcg_gen_(st|ld)X_Y functions are responsible for memory
access. Now I've got the following code snippets in tcg-op.h:

/* representing all tcg_gen_st and tcg_gen_ld functions in README*/
static inline void tcg_gen_ld8s_i32(TCGv_i32 ret, TCGv_ptr arg2,
tcg_target_long offset)
{
tcg_gen_ldst_op_i32(INDEX_op_ld8s_i32, ret, arg2, offset);
int sizemask = 0;
sizemask |= tcg_gen_sizemask(0, 0, 0);
sizemask |= tcg_gen_sizemask(1, 0, 0);
sizemask |= tcg_gen_sizemask(2, 0, 0);
tcg_gen_helper3(tcg_flx_debug, sizemask, ret, ret, arg2,
tcg_const_i32(offset));
}

static inline void tcg_gen_helper3(void *func, int sizemask, TCGv_i32 ret,
TCGv_i32 a, TCGv_i32 b, TCGv_i32 c)
{
TCGv_ptr fn;
TCGArg args[3];
fn = tcg_const_ptr((tcg_target_long)func);
args[0] = GET_TCGV_I32(a);
args[1] = GET_TCGV_I32(b);
args[2] = GET_TCGV_I32(c);
tcg_gen_callN(&tcg_ctx, fn, TCG_CALL_CONST | TCG_CALL_PURE, sizemask,
  GET_TCGV_I32(ret), 3, args);
tcg_temp_free_ptr(fn);
}

static inline int32_t tcg_flx_debug(int32_t arg1, int32_t arg2, int32_t
arg3){
printf("reading 0x%x from 0x%x\n",arg1,arg2+arg3);
return arg1;
}


tcg_flx_debug produces output which does not seem to look like what I
want. What confuses me is that e.g.
tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,ldt.selector))
in translate.c ends up in one of the functions I am trying to hook but
the second and the third argument obviously are not directly valid
base+offset addresses in the guest memory.

So how is this part working? What I would like to build is that on each
read/write to guest memory, an analysis function is triggered with
address and value.

Regards,
Felix Matenaar

[Qemu-devel] Re: [PATCH 42/58] vmstate: port stellaris gamepad

[Blue Swirl]

On Sat, Feb 26, 2011 at 4:12 PM, Juan Quintela  wrote:
> Blue Swirl  wrote:
>> On Thu, Feb 24, 2011 at 7:57 PM, Juan Quintela  wrote:
>>> +static const VMStateDescription vmstate_stellaris_button = {
>>> +    .name = "stellaris_button",
>>> +    .version_id = 1,
>>> +    .minimum_version_id = 1,
>>> +    .minimum_version_id_old = 1,
>>
>> For consistency with other structures, these version fields should be 0.
>
> From the part that you didn't posted.
>
> @@ -86,6 +85,5 @@ void stellaris_gamepad_init(int n, qemu_irq *irq, const int 
> *keycode)
>     }
>     s->num_buttons = n;
>     qemu_add_kbd_event_handler(stellaris_gamepad_put_key, s);
> -    register_savevm(NULL, "stellaris_gamepad", -1, 1,
> -                    stellaris_gamepad_save, stellaris_gamepad_load, s);
> +    vmstate_register(NULL, -1, &vmstate_stellaris_gamepad, s);
>  }
> --
> 1.7.4
>
>
> Version is already at ' (4th argument of register_savevm).  I just used
> the version that was there.  I agree that some devices had started at
> version 0 and others at version 1, but that is independent of this series.

The patch introduces two VMState structures, main VMState for the
whole gamepad and a secondary VMState for button structures. The
version for main VMState is OK at 1, but I was talking about the
button substructure VMState version, which is 0 in other patches.

Re: [Qemu-devel] [PATCH v2 upstream 05/22] add win32 qemu-thread implementation

[Blue Swirl]

On Sat, Feb 26, 2011 at 5:40 PM, Paolo Bonzini  wrote:
> For now, qemu_cond_timedwait and qemu_mutex_timedlock are left as
> POSIX-only functions.  They can be removed later, once the patches
> that remove their uses are in.
>
> Signed-off-by: Paolo Bonzini 
> ---
>  Makefile.objs                        |    4 +-
>  qemu-thread.c => qemu-thread-posix.c |    0
>  qemu-thread-posix.h                  |   18 +++
>  qemu-thread-win32.c                  |  260 
> ++
>  qemu-thread-win32.h                  |   21 +++
>  qemu-thread.h                        |   27 ++--
>  6 files changed, 313 insertions(+), 17 deletions(-)
>  rename qemu-thread.c => qemu-thread-posix.c (100%)
>  create mode 100644 qemu-thread-posix.h
>  create mode 100644 qemu-thread-win32.c
>  create mode 100644 qemu-thread-win32.h
>
> diff --git a/Makefile.objs b/Makefile.objs
> index 9e98a66..a52f42f 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -142,8 +142,8 @@ endif
>  common-obj-y += $(addprefix ui/, $(ui-obj-y))
>
>  common-obj-y += iov.o acl.o
> -common-obj-$(CONFIG_THREAD) += qemu-thread.o
> -common-obj-$(CONFIG_POSIX) += compatfd.o
> +common-obj-$(CONFIG_POSIX) += qemu-thread-posix.o compatfd.o
> +common-obj-$(CONFIG_WIN32) += qemu-thread-win32.o
>  common-obj-y += notify.o event_notifier.o
>  common-obj-y += qemu-timer.o qemu-timer-common.o
>
> diff --git a/qemu-thread.c b/qemu-thread-posix.c
> similarity index 100%
> rename from qemu-thread.c
> rename to qemu-thread-posix.c
> diff --git a/qemu-thread-posix.h b/qemu-thread-posix.h
> new file mode 100644
> index 000..7af371c
> --- /dev/null
> +++ b/qemu-thread-posix.h
> @@ -0,0 +1,18 @@
> +#ifndef __QEMU_THREAD_POSIX_H
> +#define __QEMU_THREAD_POSIX_H 1
> +#include "pthread.h"
> +
> +struct QemuMutex {
> +    pthread_mutex_t lock;
> +};
> +
> +struct QemuCond {
> +    pthread_cond_t cond;
> +};
> +
> +struct QemuThread {
> +    pthread_t thread;
> +};
> +
> +void qemu_thread_signal(QemuThread *thread, int sig);
> +#endif
> diff --git a/qemu-thread-win32.c b/qemu-thread-win32.c
> new file mode 100644
> index 000..89422ce
> --- /dev/null
> +++ b/qemu-thread-win32.c
> @@ -0,0 +1,260 @@
> +/*
> + * Win32 implementation for mutex/cond/thread functions
> + *
> + * Copyright Red Hat, Inc. 2010
> + *
> + * Author:
> + *  Paolo Bonzini 
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + *
> + */
> +#include "qemu-common.h"
> +#include "qemu-thread.h"
> +#include 
> +#include 
> +#include 
> +
> +static void error_exit(int err, const char *msg)
> +{
> +    char *pstr;
> +
> +    FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | 
> FORMAT_MESSAGE_ALLOCATE_BUFFER,
> +                  NULL, err, 0, (LPTSTR)&pstr, 2, NULL);
> +    fprintf(stderr, "qemu: %s: %s\n", msg, pstr);
> +    LocalFree(pstr);
> +    exit(1);
> +}
> +
> +void qemu_mutex_init(QemuMutex *mutex)
> +{
> +    mutex->owner = 0;
> +    InitializeCriticalSection(&mutex->lock);
> +}
> +
> +void qemu_mutex_lock(QemuMutex *mutex)
> +{
> +    EnterCriticalSection(&mutex->lock);
> +
> +    /* Win32 CRITICAL_SECTIONs are recursive.  Assert that we're not
> +     * using them as such.
> +     */
> +    assert(mutex->owner == 0);
> +    mutex->owner = GetCurrentThreadId();
> +}
> +
> +int qemu_mutex_trylock(QemuMutex *mutex)
> +{
> +    int owned;
> +
> +    owned = TryEnterCriticalSection(&mutex->lock);
> +    if (owned) {
> +        assert(mutex->owner == 0);
> +        mutex->owner = GetCurrentThreadId();
> +    }
> +    return !owned;
> +}
> +
> +void qemu_mutex_unlock(QemuMutex *mutex)
> +{
> +    assert(mutex->owner == GetCurrentThreadId());
> +    mutex->owner = 0;
> +    LeaveCriticalSection(&mutex->lock);
> +}
> +
> +void qemu_cond_init(QemuCond *cond)
> +{
> +    memset(cond, 0, sizeof(*cond));
> +
> +    cond->sema = CreateSemaphore(NULL, 0, LONG_MAX, NULL);
> +    if (!cond->sema) {
> +        error_exit(GetLastError(), __func__);
> +    }
> +    cond->continue_event = CreateEvent(NULL,    /* security */
> +                                       FALSE,   /* auto-reset */
> +                                       FALSE,   /* not signaled */
> +                                       NULL);   /* name */
> +    if (!cond->continue_event) {
> +        error_exit(GetLastError(), __func__);
> +    }
> +}
> +
> +void qemu_cond_signal(QemuCond *cond)
> +{
> +    DWORD result;
> +
> +    /*
> +     * Signal only when there are waiters.  cond->waiters is
> +     * incremented by pthread_cond_wait under the external lock,
> +     * so we are safe about that.
> +     */
> +    if (cond->waiters == 0) {
> +        return;
> +    }
> +
> +    /*
> +     * Waiting threads decrement it outside the external lock, but
> +     * only if another thread is executing pthread_cond_broadcast and
> +     * has the mutex.  So, it also cannot be decremented concurrently
> +     * with this particular access.
> +     */
> + 

Re: [Qemu-devel] [PATCH v2 uq/master 00/22] Win32 iothread support

[Blue Swirl]

On Sat, Feb 26, 2011 at 5:39 PM, Paolo Bonzini  wrote:
> After gathering the comments about the two series I sent separately,
> here is the full series for Win32 iothread support, ready to be
> applied to uq/master.
>
> Patches 1 to 5 are generic Win32 improvements, including the qemu-thread
> implementation.  Because of complex dependencies, I think it's better
> if this part is also routed through uq/master.
>
> Patches 6 to 8 are generic threading improvements, including using
> PTHREAD_MUTEX_ERRORCHECK as suggested by Jan.
>
> Patches 9 to 17 eliminate polling, replacing condition variable
> timedwait with wait.
>
> Patch 18 removes a redundant condition from the TCG cpu_exec_all
> function.
>
> Patches 19 to 21 add all necessary stubs to make iothread compile
> with Win32, except the IPI calls.  These are provided by patch 22.
>
> Tested on Wine and Linux, not on "real" Windows.  The series introduces
> a dependency on Windows 2K or newer.  I don't think either 95/98/ME
> or Windows NT 3.x are reasonable host systems for QEMU, anyway.
>
> I incorporated all suggestions from Jan, including his renaming patch
> for qemu_*_is_self, and included Aurelien's sh4 tweak to cpu_halted.

All look OK except for a minor structure naming nitpick.

Re: [Qemu-devel] [PATCH v3 1/2] rtl8139: add vlan tag insertion

[Blue Swirl]

On Sat, Feb 26, 2011 at 2:39 AM, Benjamin Poirier
 wrote:
> Add support to the emulated hardware to insert vlan tags in packets
> going from the guest to the network.
>
> Signed-off-by: Benjamin Poirier 
> Cc: Igor V. Kovalenko 
> Cc: Jason Wang 
> Cc: Michael S. Tsirkin 
> ---
>  hw/rtl8139.c |  123 
> +-
>  1 files changed, 96 insertions(+), 27 deletions(-)
>
> diff --git a/hw/rtl8139.c b/hw/rtl8139.c
> index a22530c..35ccd3d 100644
> --- a/hw/rtl8139.c
> +++ b/hw/rtl8139.c
> @@ -47,6 +47,8 @@
>  *                                  Darwin)
>  */
>
> +#include 

This header is only available on Linux. Please remove.

Re: [Qemu-devel] [PATCH v3 2/2] rtl8139: add vlan tag extraction

[Blue Swirl]

On Sat, Feb 26, 2011 at 2:40 AM, Benjamin Poirier
 wrote:
> Add support to the emulated hardware to extract vlan tags in packets
> going from the network to the guest.
>
> Signed-off-by: Benjamin Poirier 
> Cc: Igor V. Kovalenko 
> Cc: Jason Wang 
> Cc: Michael S. Tsirkin 
>
> --
>
> AFAIK, extraction is optional to get vlans working. The driver
> requests rx detagging but should not assume that it was done. Under
> Linux, the mac layer will catch the vlan ethertype. I only added this
> part for completeness (to emulate the hardware more truthfully.)
> ---
>  hw/rtl8139.c |   89 
> +-
>  1 files changed, 63 insertions(+), 26 deletions(-)
>
> diff --git a/hw/rtl8139.c b/hw/rtl8139.c
> index 35ccd3d..f3aaebc 100644
> --- a/hw/rtl8139.c
> +++ b/hw/rtl8139.c
> @@ -835,10 +835,11 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, 
> const uint8_t *buf,
>     RTL8139State *s = DO_UPCAST(NICState, nc, nc)->opaque;
>     int size_ = buf_size + (dot1q_buf ? VLAN_HDR_LEN : 0);
>     int size = size_;
> +    const uint8_t *next_part;
> +    size_t next_part_size;
>
>     uint32_t packet_header = 0;
>
> -    uint8_t buf1[60];
>     static const uint8_t broadcast_macaddr[6] =
>         { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
>
> @@ -950,21 +951,6 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, 
> const uint8_t *buf,
>         }
>     }
>
> -    /* if too small buffer, then expand it */
> -    if (size < MIN_BUF_SIZE) {
> -        if (unlikely(dot1q_buf)) {
> -            memcpy(buf1, buf, 2 * ETHER_ADDR_LEN);
> -            memcpy(buf1 + 2 * ETHER_ADDR_LEN, dot1q_buf, VLAN_HDR_LEN);
> -            memcpy(buf1 + 2 * ETHER_ADDR_LEN + VLAN_HDR_LEN, buf + 2 *
> -                ETHER_ADDR_LEN, buf_size - 2 * ETHER_ADDR_LEN);
> -        } else {
> -            memcpy(buf1, buf, size);
> -        }
> -        memset(buf1 + size, 0, MIN_BUF_SIZE - size);
> -        buf = buf1;
> -        size = MIN_BUF_SIZE;
> -    }
> -
>     if (rtl8139_cp_receiver_enabled(s))
>     {
>         DEBUG_PRINT(("RTL8139: in C+ Rx mode \n"));
> @@ -1025,6 +1011,44 @@ static ssize_t rtl8139_do_receive(VLANClientState *nc, 
> const uint8_t *buf,
>
>         uint32_t rx_space = rxdw0 & CP_RX_BUFFER_SIZE_MASK;
>
> +        /* write VLAN info to descriptor variables */
> +        /* next_part starts right after the vlan header (if any), at the
> +         * ethertype for the payload */
> +        next_part = &buf[ETHER_ADDR_LEN * 2];
> +        if (s->CpCmd & CPlusRxVLAN && (dot1q_buf || be16_to_cpup((uint16_t *)
> +                    &buf[ETHER_ADDR_LEN * 2]) == ETHERTYPE_VLAN)) {
> +            if (!dot1q_buf) {
> +                /* the tag is in the buffer */
> +                dot1q_buf = &buf[ETHER_ADDR_LEN * 2];
> +                next_part += VLAN_HDR_LEN;
> +            }
> +            size -= VLAN_HDR_LEN;
> +
> +            rxdw1 &= ~CP_RX_VLAN_TAG_MASK;
> +            /* BE + ~le_to_cpu()~ + cpu_to_le() = BE */
> +            rxdw1 |= CP_RX_TAVA | le16_to_cpup((uint16_t *)
> +                &buf[ETHER_HDR_LEN]);
> +
> +            DEBUG_PRINT(("RTL8139: C+ Rx mode : extracted vlan tag with tci: 
> "
> +                    "%u\n", be16_to_cpup((uint16_t *) &buf[ETHER_HDR_LEN])));
> +        } else {
> +            /* reset VLAN tag flag */
> +            rxdw1 &= ~CP_RX_TAVA;
> +        }
> +        next_part_size = buf + buf_size - next_part;
> +
> +        /* if too small buffer, then expand it */
> +        if (size < MIN_BUF_SIZE) {
> +            size_t tmp_size = MIN_BUF_SIZE - ETHER_ADDR_LEN * 2;
> +            uint8_t *tmp = alloca(tmp_size);

Don't use alloca() but qemu_malloc() or a static buffer.

> +
> +            memcpy(tmp, next_part, next_part_size);
> +            memset(tmp + next_part_size, 0, tmp_size - next_part_size);
> +            next_part = tmp;
> +            next_part_size = tmp_size;
> +            size = MIN_BUF_SIZE;
> +        }
> +
>         /* TODO: scatter the packet over available receive ring descriptors 
> space */
>
>         if (size+4 > rx_space)
> @@ -1049,14 +1073,11 @@ static ssize_t rtl8139_do_receive(VLANClientState 
> *nc, const uint8_t *buf,
>         if (unlikely(dot1q_buf)) {
>             cpu_physical_memory_write(rx_addr, buf, 2 * ETHER_ADDR_LEN);
>             val = rtl8139_crc32(0, buf, 2 * ETHER_ADDR_LEN);
> -            cpu_physical_memory_write(rx_addr + 2 * ETHER_ADDR_LEN, 
> dot1q_buf,
> -                VLAN_HDR_LEN);
>             val = rtl8139_crc32(val, dot1q_buf, VLAN_HDR_LEN);
> -            cpu_physical_memory_write(rx_addr + 2 * ETHER_ADDR_LEN +
> -                VLAN_HDR_LEN, buf + 2 * ETHER_ADDR_LEN, buf_size - 2 *
> -                ETHER_ADDR_LEN);
> -            val = rtl8139_crc32(val, buf + 2 * ETHER_ADDR_LEN, buf_size - 2 *
> -                ETHER_ADDR_LEN);
> +            cpu_physical_memory_write(rx_addr + 2 * ETHER_ADDR_LEN, 
> next_part,
> +                next_part_siz

[Qemu-devel] Re: [PATCH v2 upstream 05/22] add win32 qemu-thread implementation

[Paolo Bonzini]

On 02/26/2011 05:47 PM, Blue Swirl wrote:

On Sat, Feb 26, 2011 at 5:40 PM, Paolo Bonzini  wrote:

For now, qemu_cond_timedwait and qemu_mutex_timedlock are left as
POSIX-only functions.  They can be removed later, once the patches
that remove their uses are in.

Signed-off-by: Paolo Bonzini
---
  Makefile.objs|4 +-
  qemu-thread.c =>  qemu-thread-posix.c |0
  qemu-thread-posix.h  |   18 +++
  qemu-thread-win32.c  |  260 ++
  qemu-thread-win32.h  |   21 +++
  qemu-thread.h|   27 ++--
  6 files changed, 313 insertions(+), 17 deletions(-)
  rename qemu-thread.c =>  qemu-thread-posix.c (100%)
  create mode 100644 qemu-thread-posix.h
  create mode 100644 qemu-thread-win32.c
  create mode 100644 qemu-thread-win32.h

diff --git a/Makefile.objs b/Makefile.objs
index 9e98a66..a52f42f 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -142,8 +142,8 @@ endif
  common-obj-y += $(addprefix ui/, $(ui-obj-y))

  common-obj-y += iov.o acl.o
-common-obj-$(CONFIG_THREAD) += qemu-thread.o
-common-obj-$(CONFIG_POSIX) += compatfd.o
+common-obj-$(CONFIG_POSIX) += qemu-thread-posix.o compatfd.o
+common-obj-$(CONFIG_WIN32) += qemu-thread-win32.o
  common-obj-y += notify.o event_notifier.o
  common-obj-y += qemu-timer.o qemu-timer-common.o

diff --git a/qemu-thread.c b/qemu-thread-posix.c
similarity index 100%
rename from qemu-thread.c
rename to qemu-thread-posix.c
diff --git a/qemu-thread-posix.h b/qemu-thread-posix.h
new file mode 100644
index 000..7af371c
--- /dev/null
+++ b/qemu-thread-posix.h
@@ -0,0 +1,18 @@
+#ifndef __QEMU_THREAD_POSIX_H
+#define __QEMU_THREAD_POSIX_H 1
+#include "pthread.h"
+
+struct QemuMutex {
+pthread_mutex_t lock;
+};
+
+struct QemuCond {
+pthread_cond_t cond;
+};
+
+struct QemuThread {
+pthread_t thread;
+};
+
+void qemu_thread_signal(QemuThread *thread, int sig);
+#endif
diff --git a/qemu-thread-win32.c b/qemu-thread-win32.c
new file mode 100644
index 000..89422ce
--- /dev/null
+++ b/qemu-thread-win32.c
@@ -0,0 +1,260 @@
+/*
+ * Win32 implementation for mutex/cond/thread functions
+ *
+ * Copyright Red Hat, Inc. 2010
+ *
+ * Author:
+ *  Paolo Bonzini
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+#include "qemu-common.h"
+#include "qemu-thread.h"
+#include
+#include
+#include
+
+static void error_exit(int err, const char *msg)
+{
+char *pstr;
+
+FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+  NULL, err, 0, (LPTSTR)&pstr, 2, NULL);
+fprintf(stderr, "qemu: %s: %s\n", msg, pstr);
+LocalFree(pstr);
+exit(1);
+}
+
+void qemu_mutex_init(QemuMutex *mutex)
+{
+mutex->owner = 0;
+InitializeCriticalSection(&mutex->lock);
+}
+
+void qemu_mutex_lock(QemuMutex *mutex)
+{
+EnterCriticalSection(&mutex->lock);
+
+/* Win32 CRITICAL_SECTIONs are recursive.  Assert that we're not
+ * using them as such.
+ */
+assert(mutex->owner == 0);
+mutex->owner = GetCurrentThreadId();
+}
+
+int qemu_mutex_trylock(QemuMutex *mutex)
+{
+int owned;
+
+owned = TryEnterCriticalSection(&mutex->lock);
+if (owned) {
+assert(mutex->owner == 0);
+mutex->owner = GetCurrentThreadId();
+}
+return !owned;
+}
+
+void qemu_mutex_unlock(QemuMutex *mutex)
+{
+assert(mutex->owner == GetCurrentThreadId());
+mutex->owner = 0;
+LeaveCriticalSection(&mutex->lock);
+}
+
+void qemu_cond_init(QemuCond *cond)
+{
+memset(cond, 0, sizeof(*cond));
+
+cond->sema = CreateSemaphore(NULL, 0, LONG_MAX, NULL);
+if (!cond->sema) {
+error_exit(GetLastError(), __func__);
+}
+cond->continue_event = CreateEvent(NULL,/* security */
+   FALSE,   /* auto-reset */
+   FALSE,   /* not signaled */
+   NULL);   /* name */
+if (!cond->continue_event) {
+error_exit(GetLastError(), __func__);
+}
+}
+
+void qemu_cond_signal(QemuCond *cond)
+{
+DWORD result;
+
+/*
+ * Signal only when there are waiters.  cond->waiters is
+ * incremented by pthread_cond_wait under the external lock,
+ * so we are safe about that.
+ */
+if (cond->waiters == 0) {
+return;
+}
+
+/*
+ * Waiting threads decrement it outside the external lock, but
+ * only if another thread is executing pthread_cond_broadcast and
+ * has the mutex.  So, it also cannot be decremented concurrently
+ * with this particular access.
+ */
+cond->target = cond->waiters - 1;
+result = SignalObjectAndWait(cond->sema, cond->continue_event,
+ INFINITE, FALSE);
+if (result == WAIT_ABANDONED || result == WAIT_FAILED) {
+error_exit(GetLastError(), __func__);
+}
+}
+
+void

Re: [Qemu-devel] VNC broken in cf76a1ce8b7cf4b92429d67d3f4626a92b2d8a37

[Gerhard Wiesinger]

On Fri, 25 Feb 2011, Wen Congyang wrote:


At 02/25/2011 03:07 PM, Corentin Chary Write:

On Fri, Feb 25, 2011 at 7:48 AM, Gerhard Wiesinger  wrote:

Hello,

VNC updates don't work correctly in git version
cf76a1ce8b7cf4b92429d67d3f4626a92b2d8a37 (was ok around 1-2 weeks ago). I
guess was due to latest optimizations.

E.g. booting DOS 6.22, entering some letter => not seen. When you press
enter => OK.


Did you try http://patchwork.ozlabs.org/patch/84517/ ?
What vnc settings are you using ? What VNC encoding did you client choose ?


I think my patch can fix this problem, because I got the same problem and
sent this patch.


Yes, your patch fixes this issue. Thnx.

Ciao,
Gerhard

--
http://www.wiesinger.com/

Re: [Qemu-devel] VNC broken in cf76a1ce8b7cf4b92429d67d3f4626a92b2d8a37

[Gerhard Wiesinger]

On Fri, 25 Feb 2011, Corentin Chary wrote:


On Fri, Feb 25, 2011 at 7:48 AM, Gerhard Wiesinger  wrote:

Hello,

VNC updates don't work correctly in git version
cf76a1ce8b7cf4b92429d67d3f4626a92b2d8a37 (was ok around 1-2 weeks ago). I
guess was due to latest optimizations.

E.g. booting DOS 6.22, entering some letter => not seen. When you press
enter => OK.


Did you try http://patchwork.ozlabs.org/patch/84517/ ?
What vnc settings are you using ? What VNC encoding did you client choose ?


Yes, patch fixes this issue. Can you commit it?
I'm only getting protocol version 3.8 in UltraVNC connection info, no 
more details. Any ideas how to get more detailed information?


Anway it is fixed ...

Ciao,
Gerhard

--
http://www.wiesinger.com/

Re: [Qemu-devel] Re: KVM call agenda for Jan 25

[Dushyant Bansal]

In cp, it just copies all the disk blocks actually occupied by the file.
And, with qemu-img convert, it checks all the sectors and copy those, which
contains atleast one non-NUL byte.
The better performance of cp over qemu-img convert is the result of overhead
of this checking.
 

How did you find out what cp(1) and qemu-img do?
How does cp(1) know which disk blocks are actually occupied?
   

I have looked into their source code.
 Yes, that was not correct. cp also checks each block and copy those 
which contains non-null byte.

qemu-img does the same thing with sectors.

I tried a few variations:
1. just copy all the sectors without checking
So, actual size becomes equal to virtual size.
 

Did that make qemu-img faster for the image file you tested?
   
No, in fact it becomes slower. I guess it is due to the increase in disk 
write.

2. In is_allocated_sectors,out of n sectors, if any sector has a non-NUL
byte then break and copy all n sectors.
As expected, resultant raw image was quite large in size.
 

This is kind of like what cp(1) does, except it limits n to 32 KB
maximum at a time.  Maybe if you add this tweak they will show similar
performance.  The drawback is that the output image is larger than
with the current approach.

Stefan

   
Disk block size is usually 512 bytes and in qemu-img, sector size is 
also 512B. And, this change would  copy n sectors even if only one of 
them actually contains data (while cp checks and copies one 
block(=sector) at a time). Therefore, it will end up writing more data 
than cp.


virtual size: 10G (10737418240 bytes)
disk size: 569M

convert-> original
time0m52.522s

convert-> modified (resultant disk size: 5.3G)
time2m12.744s

cp
time0m51.724s (same disk size)
---
virtual size: 10G (10737418240 bytes)
disk size: 3.6G

convert-> original
time1m52.249s

convert-> modified (resultant disk size: 7.1G)
time3m2.891s

cp
time1m55.320s (same disk size)
---
In these results, we can see that resultant disk size has increased.

Thanks,
Dushyant

[Qemu-devel] Stupid question?

[Frans de Boer]

Hi all,

This is the only QEMU list, so I put my question her.
How can I copy the contents of a "*.raw" image to a real HD partition or 
vice versa.
I often use a virtual image using qemu/kvm to test some OS's and want to 
migrate them to a HD partition if the time is right. Also, I like to 
preserve old partitions for future use/reference.


Any suggestions?

Regards, Frans.

Re: [Qemu-devel] Stupid question?

[Dushyant Bansal]

On Sunday 27 February 2011 03:45 AM, Frans de Boer wrote:

Hi all,

This is the only QEMU list, so I put my question her.
How can I copy the contents of a "*.raw" image to a real HD partition 
or vice versa.
I often use a virtual image using qemu/kvm to test some OS's and want 
to migrate them to a HD partition if the time is right. Also, I like 
to preserve old partitions for future use/reference.


Any suggestions?

Regards, Frans.


You can mount it using losetup.
http://blog.piotrj.org/2009/03/mounting-raw-kvmqemu-image.html

Thanks,
Dushyant

Re: [Qemu-devel] Hooking memory access in TCG

[James Greensky]

You want to hook the tcg_gen_qemu_ functions such as tcg_gen_qemu_ld8s in
tcg-op.h

Jim

On Sat, Feb 26, 2011 at 8:25 AM, felix.matenaar@rwth-aachen <
felix.maten...@rwth-aachen.de> wrote:

> Hi *,
>
> i am currently trying to trace guest memory access (i386-softmmu). tcg
> README says tcg_gen_(st|ld)X_Y functions are responsible for memory
> access. Now I've got the following code snippets in tcg-op.h:
>
> /* representing all tcg_gen_st and tcg_gen_ld functions in README*/
> static inline void tcg_gen_ld8s_i32(TCGv_i32 ret, TCGv_ptr arg2,
> tcg_target_long offset)
> {
>tcg_gen_ldst_op_i32(INDEX_op_ld8s_i32, ret, arg2, offset);
>int sizemask = 0;
>sizemask |= tcg_gen_sizemask(0, 0, 0);
>sizemask |= tcg_gen_sizemask(1, 0, 0);
>sizemask |= tcg_gen_sizemask(2, 0, 0);
>tcg_gen_helper3(tcg_flx_debug, sizemask, ret, ret, arg2,
> tcg_const_i32(offset));
> }
>
> static inline void tcg_gen_helper3(void *func, int sizemask, TCGv_i32 ret,
>TCGv_i32 a, TCGv_i32 b, TCGv_i32 c)
> {
>TCGv_ptr fn;
>TCGArg args[3];
>fn = tcg_const_ptr((tcg_target_long)func);
>args[0] = GET_TCGV_I32(a);
>args[1] = GET_TCGV_I32(b);
>args[2] = GET_TCGV_I32(c);
>tcg_gen_callN(&tcg_ctx, fn, TCG_CALL_CONST | TCG_CALL_PURE, sizemask,
>  GET_TCGV_I32(ret), 3, args);
>tcg_temp_free_ptr(fn);
> }
>
> static inline int32_t tcg_flx_debug(int32_t arg1, int32_t arg2, int32_t
> arg3){
>printf("reading 0x%x from 0x%x\n",arg1,arg2+arg3);
>return arg1;
> }
>
>
> tcg_flx_debug produces output which does not seem to look like what I
> want. What confuses me is that e.g.
> tcg_gen_ld32u_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,ldt.selector))
> in translate.c ends up in one of the functions I am trying to hook but
> the second and the third argument obviously are not directly valid
> base+offset addresses in the guest memory.
>
> So how is this part working? What I would like to build is that on each
> read/write to guest memory, an analysis function is triggered with
> address and value.
>
> Regards,
> Felix Matenaar
>
>

Re: [Qemu-devel] Stupid question?

[Frans de Boer]

On 02/26/2011 11:22 PM, Dushyant Bansal wrote:

On Sunday 27 February 2011 03:45 AM, Frans de Boer wrote:

Hi all,

This is the only QEMU list, so I put my question her.
How can I copy the contents of a "*.raw" image to a real HD partition 
or vice versa.
I often use a virtual image using qemu/kvm to test some OS's and want 
to migrate them to a HD partition if the time is right. Also, I like 
to preserve old partitions for future use/reference.


Any suggestions?

Regards, Frans.


You can mount it using losetup.
http://blog.piotrj.org/2009/03/mounting-raw-kvmqemu-image.html

Thanks,
Dushyant

Thanks, that seems a good way to start. Sorry for the obvious, but Linux 
has so many options/features, I sometimes use the lazy way to get answers.


Regards, Frans.

Re: [Qemu-devel] [PATCH] iSCSI support

[ronnie sahlberg]

Hi Stefan

Thanks for reviewing the patch. I have addressed all your items, some
with comments below, and will resubmit the patch shortly.
Comments below.


regards
ronnie sahlberg


On Sun, Feb 20, 2011 at 2:34 AM, Stefan Hajnoczi  wrote:
> On Fri, Feb 4, 2011 at 4:37 AM,   wrote:
>> From: Ronnie Sahlberg 
>>
>> This patch adds a new block driver : block.iscsi.c
>> This driver interfaces with the multiplatform posix library
>> for iscsi initiator/client access to iscsi devices hosted at
>> git://github.com/sahlberg/libiscsi.git
>>
>> The patch adds the driver to interface with the iscsi library.
>> It also updated the configure script to
>> * by default, probe is libiscsi is available and if so, build
>>  qemu against libiscsi.
>> * --enable-libiscsi
>>  Force a build against libiscsi. If libiscsi is not available
>>  the build will fail.
>> * --disable-libiscsi
>>  Do not link against libiscsi, even if it is available.
>>
>> When linked with libiscsi, qemu gains support to access iscsi resources
>> such as disks and cdrom directly, without having to make the devices visible
>> to the host.
>>
>> You can specify devices using a iscsi url of the form :
>> iscsi://[%@][:/
>
> From what I can tell there is no standard iSCSI URI scheme but it's
> worth checking before we invent our own.
>
> I thought that '%' is an escape character in URIs.  Are you sure it's
> valid to use it as a delimeter between the username and password?

I used a '%' since that is how passwords are specified in samba/smb.
I have added to libiscsi the option to use ':' to separate username
and password too.


>
> There is a security risk in passing the password on the QEMU
> command-line since other users will be able to see it in ps(1) output.
>  Encrypted image files (e.g. qcow2) require keys and this is closest
> to a mechanism for securely providing the password either via QMP or
> interactively.  That would be worth looking into.

CHAP passwords can also be specified via environment variables :

LIBISCSI_CHAP_PASSWORD="password"  
iscsi://ronnie@127.0.0.1/iqn.ronnie.test/2  ...

To avoid the password form showing up in the process list.


>
>>
>> Example:
>> -drive file=iscsi://10.1.1.1:3260/iqn.ronnie.test/1
>>
>> -cdrom iscsi://10.1.1.1:3260/iqn.ronnie.test/2
>>
>> Signed-off-by: Ronnie Sahlberg 
>> ---
>>  Makefile.objs |    1 +
>>  block/iscsi.c |  542 
>> +
>>  configure     |   31 
>>  trace-events  |    7 +
>>  4 files changed, 581 insertions(+), 0 deletions(-)
>>  create mode 100644 block/iscsi.c
>>
>> diff --git a/Makefile.objs b/Makefile.objs
>> index f1c7bfe..a62fcdd 100644
>> --- a/Makefile.objs
>> +++ b/Makefile.objs
>> @@ -25,6 +25,7 @@ block-nested-y += qed-check.o
>>  block-nested-y += parallels.o nbd.o blkdebug.o sheepdog.o blkverify.o
>>  block-nested-$(CONFIG_WIN32) += raw-win32.o
>>  block-nested-$(CONFIG_POSIX) += raw-posix.o
>> +block-nested-$(CONFIG_LIBISCSI) += iscsi.o
>>  block-nested-$(CONFIG_CURL) += curl.o
>>  block-nested-$(CONFIG_RBD) += rbd.o
>>
>> diff --git a/block/iscsi.c b/block/iscsi.c
>> new file mode 100644
>> index 000..8cb1c6f
>> --- /dev/null
>> +++ b/block/iscsi.c
>> @@ -0,0 +1,542 @@
>> +/*
>> + * QEMU Block driver for iSCSI images
>> + *
>> + * Copyright (c) 2010 Ronnie Sahlberg 
>> + *
>> + * Permission is hereby granted, free of charge, to any person obtaining a 
>> copy
>> + * of this software and associated documentation files (the "Software"), to 
>> deal
>> + * in the Software without restriction, including without limitation the 
>> rights
>> + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
>> + * copies of the Software, and to permit persons to whom the Software is
>> + * furnished to do so, subject to the following conditions:
>> + *
>> + * The above copyright notice and this permission notice shall be included 
>> in
>> + * all copies or substantial portions of the Software.
>> + *
>> + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 
>> OR
>> + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
>> + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
>> + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR 
>> OTHER
>> + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
>> FROM,
>> + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>> + * THE SOFTWARE.
>> + */
>> +
>> +#include "config-host.h"
>> +
>> +#include 
>> +#include "sysemu.h"
>> +#include "qemu-common.h"
>> +#include "qemu-error.h"
>> +#include "block_int.h"
>> +#include "trace.h"
>> +
>> +#include 
>> +#include 
>> +
>> +
>> +typedef struct IscsiLun {
>> +    struct iscsi_context *iscsi;
>> +    int lun;
>> +    int block_size;
>> +    unsigned long num_blocks;
>> +} IscsiLun;
>> +
>> +typedef struct IscsiAIOCB {
>> +    BlockDriverAIOCB common;
>> +    QEMUIOVector *qiov;
>> +    Q

[Qemu-devel] iSCSI block driver support

[Ronnie Sahlberg]

The following patch adds a new block driver to QEMU/KVM for iSCSI.
This utilizes the userspace client library for iscsi at 
https://github.com/sahlberg/libiscsi and will link with this library if 
available.

This allows using iSCSI resources with QEMU/KVM without making them visible to 
the underlying host. Which is very useful when having very large number of 
iscsi devices, or when you for other reasons do not want to expose these 
devicdes to others.


I have used this patch and installed a RHEL6 system from an iscsi dvd onto a 
iscsi disk. I have done extensive testing.
Both normally and also running under valgrind (which is very slow)

./x86_64-softmmu/qemu-system-x86_64 -m 1024 --enable-kvm -cdrom 
iscsi://127.0.0.1:3262/iqn.ronnie.test/2 -drive 
if=virtio,file=iscsi://127.0.0.1:3262/iqn.ronnie.test/1 -boot c

Please review and/or apply.



This is version 4 of the patch :
Version 4 adds :

 - Remove iscsi_is_inserted() since we dont need that function.
 - Change status to -ECANCELED instead of -EIO when aios are cancelled
 - Check that the i/o is not cancelled before calling the callback function.
 - Replace the flush fuinction with an async version.
 - Verify that qemu block size is at least 512 bytes
 - Handle the case where qemu blocksize is smaller than lun blocksize and
   qemu issues an unaligned read.


-

Version 3 :
 - Fix a bug when writing freed data to the disk
 - Convert TAB to spaces
 - Add tracing functions (From Stefan Hajnoczi)
 - Add a io_flush() handler

-

   Version 2:
   Changes from Blue Swirl's suggestions
   - Change naming of structures and typedefs to match coding style
   - Use CONFIG_ISCSI in the makefile to conditionally compile iscsi.c
   - Missing spaces added around operators
   - Use uint8_t instead of unsigned char for buffer pointer
   - Use a temporary variable for the result of long functions, to move them
 out from the if(...) expressions. Making the code easier to read.
   - Create a function sector_qemu2lun() and use it instead of performing
 the same conversion explicitely at several palces in the code.
   - Use the name opaque instead of private_data
   - Use memset() instead of bzero()
   - Use the common library function to parse the iSCSI URL
   - Add support for CHAP authentication

[Qemu-devel] [PATCH] iSCSI block driver support

[Ronnie Sahlberg]

This patch adds a new block driver : block.iscsi.c
This driver interfaces with the multiplatform posix library
for iscsi initiator/client access to iscsi devices hosted at
git://github.com/sahlberg/libiscsi.git

The patch adds the driver to interface with the iscsi library.
It also updated the configure script to
* by default, probe is libiscsi is available and if so, build
  qemu against libiscsi.
* --enable-libiscsi
  Force a build against libiscsi. If libiscsi is not available
  the build will fail.
* --disable-libiscsi
  Do not link against libiscsi, even if it is available.

When linked with libiscsi, qemu gains support to access iscsi resources
such as disks and cdrom directly, without having to make the devices visible
to the host.

You can specify devices using a iscsi url of the form :
iscsi://[[:@]][:/
When using authentication, the password can optionally be set with
LIBISCSI_CHAP_PASSWORD="password" to avoid it showing up in the process list

Example:
-drive file=iscsi://10.1.1.1:3260/iqn.ronnie.test/1

-cdrom iscsi://10.1.1.1:3260/iqn.ronnie.test/2

Signed-off-by: Ronnie Sahlberg 
---
 Makefile.objs |1 +
 block/iscsi.c |  564 +
 configure |   31 +++
 trace-events  |7 +
 4 files changed, 603 insertions(+), 0 deletions(-)
 create mode 100644 block/iscsi.c

diff --git a/Makefile.objs b/Makefile.objs
index 9e98a66..b1f2d28 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -25,6 +25,7 @@ block-nested-y += qed-check.o
 block-nested-y += parallels.o nbd.o blkdebug.o sheepdog.o blkverify.o
 block-nested-$(CONFIG_WIN32) += raw-win32.o
 block-nested-$(CONFIG_POSIX) += raw-posix.o
+block-nested-$(CONFIG_LIBISCSI) += iscsi.o
 block-nested-$(CONFIG_CURL) += curl.o
 block-nested-$(CONFIG_RBD) += rbd.o
 
diff --git a/block/iscsi.c b/block/iscsi.c
new file mode 100644
index 000..a87650c
--- /dev/null
+++ b/block/iscsi.c
@@ -0,0 +1,564 @@
+/*
+ * QEMU Block driver for iSCSI images
+ *
+ * Copyright (c) 2010 Ronnie Sahlberg 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "config-host.h"
+
+#include 
+#include "sysemu.h"
+#include "qemu-common.h"
+#include "qemu-error.h"
+#include "block_int.h"
+#include "trace.h"
+
+#include 
+#include 
+
+
+typedef struct IscsiLun {
+struct iscsi_context *iscsi;
+int lun;
+int block_size;
+unsigned long num_blocks;
+} IscsiLun;
+
+typedef struct IscsiAIOCB {
+BlockDriverAIOCB common;
+QEMUIOVector *qiov;
+QEMUBH *bh;
+IscsiLun *iscsilun;
+uint8_t *buf;
+int canceled;
+int status;
+size_t read_size;
+size_t read_offset;
+} IscsiAIOCB;
+
+struct IscsiTask {
+IscsiLun *iscsilun;
+int status;
+int complete;
+};
+
+static void
+iscsi_aio_cancel(BlockDriverAIOCB *blockacb)
+{
+IscsiAIOCB *acb = (IscsiAIOCB *)blockacb;
+
+acb->status = -ECANCELED;
+acb->common.cb(acb->common.opaque, acb->status);
+acb->canceled = 1;
+}
+
+static AIOPool iscsi_aio_pool = {
+.aiocb_size = sizeof(IscsiAIOCB),
+.cancel = iscsi_aio_cancel,
+};
+
+
+static void iscsi_process_read(void *arg);
+static void iscsi_process_write(void *arg);
+
+static int iscsi_process_flush(void *arg)
+{
+IscsiLun *iscsilun = arg;
+
+return iscsi_queue_length(iscsilun->iscsi) > 0;
+}
+
+static void
+iscsi_set_events(IscsiLun *iscsilun)
+{
+struct iscsi_context *iscsi = iscsilun->iscsi;
+
+qemu_aio_set_fd_handler(iscsi_get_fd(iscsi), iscsi_process_read,
+   (iscsi_which_events(iscsi) & POLLOUT)
+   ? iscsi_process_write : NULL,
+   iscsi_process_flush, NULL, iscsilun);
+}
+
+static void
+iscsi_process_read(void *arg)
+{
+IscsiLun *iscsilun = arg;
+struct iscsi_context *iscsi = iscsilun->iscsi;
+
+iscsi_service(iscsi, POLLIN);
+iscsi_set_events(iscsilun);
+}
+
+static void
+iscsi_process_write(void *arg)
+{

Re: [Qemu-devel] Stupid question?

[Amos Kong]

On Sun, Feb 27, 2011 at 6:22 AM, Dushyant Bansal
 wrote:
> On Sunday 27 February 2011 03:45 AM, Frans de Boer wrote:
>>
>> Hi all,
>>
>> This is the only QEMU list, so I put my question her.
>> How can I copy the contents of a "*.raw" image to a real HD partition or
>> vice versa.
>> I often use a virtual image using qemu/kvm to test some OS's and want to
>> migrate them to a HD partition if the time is right. Also, I like to
>> preserve old partitions for future use/reference.
>>
>> Any suggestions?
>>
>> Regards, Frans.
>>
> You can mount it using losetup.
> http://blog.piotrj.org/2009/03/mounting-raw-kvmqemu-image.html

losetup is fine, can we directly use dd ?