[Qemu-devel] [PATCH v2 02/10] fdc: set busy bit when starting a command

[Hervé Poussineau]

This bit must be active while a command is currently executed.

Signed-off-by: Hervé Poussineau 
---
 hw/fdc.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index c1898a6..1b9f303 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -1446,7 +1446,6 @@ static void fdctrl_handle_readid(FDCtrl *fdctrl, int 
direction)
 {
 FDrive *cur_drv = get_cur_drv(fdctrl);
 
-/* XXX: should set main status register to busy */
 cur_drv->head = (fdctrl->fifo[1] >> 2) & 1;
 qemu_mod_timer(fdctrl->result_timer,
qemu_get_clock_ns(vm_clock) + (get_ticks_per_sec() / 50));
@@ -1734,6 +1733,7 @@ static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t 
value)
 pos = command_to_handler[value & 0xff];
 FLOPPY_DPRINTF("%s command\n", handlers[pos].name);
 fdctrl->data_len = handlers[pos].parameters + 1;
+fdctrl->msr |= FD_MSR_CMDBUSY;
 }
 
 FLOPPY_DPRINTF("%s: %02x\n", __func__, value);
-- 
1.7.7.3

[Qemu-devel] [PATCH v2 10/10] fdc: DIR (Digital Input Register) should return status of current drive...

[Hervé Poussineau]

Signed-off-by: Hervé Poussineau 
---
 hw/fdc.c |   10 +++---
 1 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index 61d70eb..e68a1cb 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -215,6 +215,7 @@ static void fdctrl_reset_fifo(FDCtrl *fdctrl);
 static int fdctrl_transfer_handler (void *opaque, int nchan,
 int dma_pos, int dma_len);
 static void fdctrl_raise_irq(FDCtrl *fdctrl, uint8_t status0);
+static FDrive *get_cur_drv(FDCtrl *fdctrl);
 
 static uint32_t fdctrl_read_statusA(FDCtrl *fdctrl);
 static uint32_t fdctrl_read_statusB(FDCtrl *fdctrl);
@@ -934,14 +935,9 @@ static uint32_t fdctrl_read_dir(FDCtrl *fdctrl)
 {
 uint32_t retval = 0;
 
-if (fdctrl_media_changed(drv0(fdctrl))
- || fdctrl_media_changed(drv1(fdctrl))
-#if MAX_FD == 4
- || fdctrl_media_changed(drv2(fdctrl))
- || fdctrl_media_changed(drv3(fdctrl))
-#endif
-)
+if (fdctrl_media_changed(get_cur_drv(fdctrl))) {
 retval |= FD_DIR_DSKCHG;
+}
 if (retval != 0) {
 FLOPPY_DPRINTF("Floppy digital input register: 0x%02x\n", retval);
 }
-- 
1.7.7.3

[Qemu-devel] [PATCH v2 08/10] fdc: check if media rate is correct before doing any transfer

[Hervé Poussineau]

The programmed rate has to be the same as the required rate for the
floppy format ; if that's not the case, the transfer should abort.

Revalidate floppy after migration, so media_rate field doesn't have
to be saved/restored.

Signed-off-by: Hervé Poussineau 
---
 hw/fdc.c |   25 -
 1 files changed, 24 insertions(+), 1 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index 629408f..685ea88 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -83,6 +83,7 @@ typedef struct FDrive {
 uint16_t bps; /* Bytes per sector   */
 uint8_t ro;   /* Is read-only   */
 uint8_t media_changed;/* Is media changed   */
+uint8_t media_rate;   /* Data rate of medium*/
 } FDrive;
 
 static void fd_init(FDrive *drv)
@@ -195,6 +196,7 @@ static void fd_revalidate(FDrive *drv)
 drv->last_sect = last_sect;
 drv->ro = ro;
 drv->drive = drive;
+drv->media_rate = rate;
 } else {
 FLOPPY_DPRINTF("No disk in drive\n");
 drv->last_sect = 0;
@@ -303,6 +305,7 @@ enum {
 };
 
 enum {
+FD_SR1_MA   = 0x01, /* Missing address mark */
 FD_SR1_NW   = 0x02, /* Not writable */
 FD_SR1_EC   = 0x80, /* End of cylinder */
 };
@@ -582,6 +585,7 @@ static int fdc_post_load(void *opaque, int version_id)
 
 SET_CUR_DRV(s, s->dor_vmstate & FD_DOR_SELMASK);
 s->dor = s->dor_vmstate & ~FD_DOR_SELMASK;
+fd_revalidate(get_cur_drv(s));
 return 0;
 }
 
@@ -1077,6 +1081,18 @@ static void fdctrl_start_transfer(FDCtrl *fdctrl, int 
direction)
 break;
 }
 
+/* Check the data rate. If the programmed data rate does not match
+ * the currently inserted medium, the operation has to fail. */
+if ((fdctrl->dsr & FD_DSR_DRATEMASK) != cur_drv->media_rate) {
+FLOPPY_DPRINTF("data rate mismatch (fdc=%d, media=%d)\n",
+   fdctrl->dsr & FD_DSR_DRATEMASK, cur_drv->media_rate);
+fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00);
+fdctrl->fifo[3] = kt;
+fdctrl->fifo[4] = kh;
+fdctrl->fifo[5] = ks;
+return;
+}
+
 /* Set the FIFO state */
 fdctrl->data_dir = direction;
 fdctrl->data_pos = 0;
@@ -1799,7 +1815,14 @@ static void fdctrl_result_timer(void *opaque)
 if (cur_drv->last_sect != 0) {
 cur_drv->sect = (cur_drv->sect % cur_drv->last_sect) + 1;
 }
-fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
+/* READ_ID can't automatically succeed! */
+if ((fdctrl->dsr & FD_DSR_DRATEMASK) != cur_drv->media_rate) {
+FLOPPY_DPRINTF("read id rate mismatch (fdc=%d, media=%d)\n",
+   fdctrl->dsr & FD_DSR_DRATEMASK, cur_drv->media_rate);
+fdctrl_stop_transfer(fdctrl, FD_SR0_ABNTERM, FD_SR1_MA, 0x00);
+} else {
+fdctrl_stop_transfer(fdctrl, 0x00, 0x00, 0x00);
+}
 }
 
 static void fdctrl_change_cb(void *opaque, bool load)
-- 
1.7.7.3

[Qemu-devel] [PATCH v2 04/10] fdc: emulate stepping 0

[Hervé Poussineau]

Stepping 1 (S82078B) is not fully i82078 compatible, so better stick to initial 
revision

Signed-off-by: Hervé Poussineau 
---
 hw/fdc.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index bedaeca..0e167f8 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -1385,7 +1385,7 @@ static void fdctrl_handle_version(FDCtrl *fdctrl, int 
direction)
 
 static void fdctrl_handle_partid(FDCtrl *fdctrl, int direction)
 {
-fdctrl->fifo[0] = 0x41; /* Stepping 1 */
+fdctrl->fifo[0] = 0x01; /* Stepping 0 */
 fdctrl_set_fifo(fdctrl, 1, 0);
 }
 
-- 
1.7.7.3

[Qemu-devel] [PATCH v2 05/10] fdc: handle read-only floppies (abort early on write commands)

[Hervé Poussineau]

A real floppy doesn't attempt to write to read-only media either.

Signed-off-by: Hervé Poussineau 
---
 hw/fdc.c |   11 +++
 1 files changed, 11 insertions(+), 0 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index 0e167f8..078ff0c 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -300,6 +300,7 @@ enum {
 };
 
 enum {
+FD_SR1_NW   = 0x02, /* Not writable */
 FD_SR1_EC   = 0x80, /* End of cylinder */
 };
 
@@ -1179,6 +1180,16 @@ static int fdctrl_transfer_handler (void *opaque, int 
nchan,
 break;
 case FD_DIR_WRITE:
 /* WRITE commands */
+if (cur_drv->ro) {
+/* Handle readonly medium early, no need to do DMA, touch the
+ * LED or attempt any writes. A real floppy doesn't attempt
+ * to write to readonly media either. */
+fdctrl_stop_transfer(fdctrl,
+ FD_SR0_ABNTERM | FD_SR0_SEEK, FD_SR1_NW,
+ 0x00);
+goto transfer_error;
+}
+
 DMA_read_memory (nchan, fdctrl->fifo + rel_pos,
  fdctrl->data_pos, len);
 if (bdrv_write(cur_drv->bs, fd_sector(cur_drv),
-- 
1.7.7.3

[Qemu-devel] [PATCH v2 03/10] fdc: most control commands do not generate interrupts

[Hervé Poussineau]

In fact, only three control commands generate an interrupt:
read_id, recalibrate and seek

Signed-off-by: Hervé Poussineau 
---
 hw/fdc.c |   12 ++--
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index 1b9f303..bedaeca 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -1348,7 +1348,7 @@ static void fdctrl_handle_lock(FDCtrl *fdctrl, int 
direction)
 {
 fdctrl->lock = (fdctrl->fifo[0] & 0x80) ? 1 : 0;
 fdctrl->fifo[0] = fdctrl->lock << 4;
-fdctrl_set_fifo(fdctrl, 1, fdctrl->lock);
+fdctrl_set_fifo(fdctrl, 1, 0);
 }
 
 static void fdctrl_handle_dumpreg(FDCtrl *fdctrl, int direction)
@@ -1380,7 +1380,7 @@ static void fdctrl_handle_version(FDCtrl *fdctrl, int 
direction)
 {
 /* Controller's version */
 fdctrl->fifo[0] = fdctrl->version;
-fdctrl_set_fifo(fdctrl, 1, 1);
+fdctrl_set_fifo(fdctrl, 1, 0);
 }
 
 static void fdctrl_handle_partid(FDCtrl *fdctrl, int direction)
@@ -1439,7 +1439,7 @@ static void fdctrl_handle_save(FDCtrl *fdctrl, int 
direction)
 fdctrl->fifo[12] = fdctrl->pwrd;
 fdctrl->fifo[13] = 0;
 fdctrl->fifo[14] = 0;
-fdctrl_set_fifo(fdctrl, 15, 1);
+fdctrl_set_fifo(fdctrl, 15, 0);
 }
 
 static void fdctrl_handle_readid(FDCtrl *fdctrl, int direction)
@@ -1580,7 +1580,7 @@ static void fdctrl_handle_powerdown_mode(FDCtrl *fdctrl, 
int direction)
 {
 fdctrl->pwrd = fdctrl->fifo[1];
 fdctrl->fifo[0] = fdctrl->fifo[1];
-fdctrl_set_fifo(fdctrl, 1, 1);
+fdctrl_set_fifo(fdctrl, 1, 0);
 }
 
 static void fdctrl_handle_option(FDCtrl *fdctrl, int direction)
@@ -1599,7 +1599,7 @@ static void 
fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direct
 fdctrl->fifo[0] = fdctrl->fifo[1];
 fdctrl->fifo[2] = 0;
 fdctrl->fifo[3] = 0;
-fdctrl_set_fifo(fdctrl, 4, 1);
+fdctrl_set_fifo(fdctrl, 4, 0);
 } else {
 fdctrl_reset_fifo(fdctrl);
 }
@@ -1607,7 +1607,7 @@ static void 
fdctrl_handle_drive_specification_command(FDCtrl *fdctrl, int direct
 /* ERROR */
 fdctrl->fifo[0] = 0x80 |
 (cur_drv->head << 2) | GET_CUR_DRV(fdctrl);
-fdctrl_set_fifo(fdctrl, 1, 1);
+fdctrl_set_fifo(fdctrl, 1, 0);
 }
 }
 
-- 
1.7.7.3

[Qemu-devel] [PATCH v2 00/10] Misc fixes for floppy emulation

[Hervé Poussineau]

Here are misc fixes done by VirtualBox team.
With these patches, floppy emulation is now good enough to run Xenix.

Changes v1->v2:
- updated commit messages
- added missing 'break' and braces
- moved patch 8 before patch 6

Hervé Poussineau (10):
  fdc: take side count into account
  fdc: set busy bit when starting a command
  fdc: most control commands do not generate interrupts
  fdc: emulate stepping 0
  fdc: handle read-only floppies (abort early on write commands)
  fdc: add CCR (Configuration Control Register) write register
  block: add a transfer rate for floppy types
  fdc: check if media rate is correct before doing any transfer
  fdc: fix seek command, which shouldn't check tracks
  fdc: DIR (Digital Input Register) should return status of current
drive...

 block.c  |   74 --
 block.h  |   10 +-
 hw/fdc.c |  117 ++
 hw/pc.c  |3 +-
 4 files changed, 137 insertions(+), 67 deletions(-)

-- 
1.7.7.3

[Qemu-devel] [PATCH v2 06/10] fdc: add CCR (Configuration Control Register) write register

[Hervé Poussineau]

DIR and CCR registers share the same address ; DIR is read-only
while CCR is write-only

Signed-off-by: Hervé Poussineau 
---
 hw/fdc.c |   22 ++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index 078ff0c..6726450 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -224,6 +224,7 @@ static void fdctrl_write_rate(FDCtrl *fdctrl, uint32_t 
value);
 static uint32_t fdctrl_read_data(FDCtrl *fdctrl);
 static void fdctrl_write_data(FDCtrl *fdctrl, uint32_t value);
 static uint32_t fdctrl_read_dir(FDCtrl *fdctrl);
+static void fdctrl_write_ccr(FDCtrl *fdctrl, uint32_t value);
 
 enum {
 FD_DIR_WRITE   = 0,
@@ -248,6 +249,7 @@ enum {
 FD_REG_DSR = 0x04,
 FD_REG_FIFO = 0x05,
 FD_REG_DIR = 0x07,
+FD_REG_CCR = 0x07,
 };
 
 enum {
@@ -491,6 +493,9 @@ static void fdctrl_write (void *opaque, uint32_t reg, 
uint32_t value)
 case FD_REG_FIFO:
 fdctrl_write_data(fdctrl, value);
 break;
+case FD_REG_CCR:
+fdctrl_write_ccr(fdctrl, value);
+break;
 default:
 break;
 }
@@ -881,6 +886,23 @@ static void fdctrl_write_rate(FDCtrl *fdctrl, uint32_t 
value)
 fdctrl->dsr = value;
 }
 
+/* Configuration control register: 0x07 (write) */
+static void fdctrl_write_ccr(FDCtrl *fdctrl, uint32_t value)
+{
+/* Reset mode */
+if (!(fdctrl->dor & FD_DOR_nRESET)) {
+FLOPPY_DPRINTF("Floppy controller in RESET state !\n");
+return;
+}
+FLOPPY_DPRINTF("configuration control register set to 0x%02x\n", value);
+
+/* Only the rate selection bits used in AT mode, and we
+ * store those in the DSR.
+ */
+fdctrl->dsr = (fdctrl->dsr & ~FD_DSR_DRATEMASK) |
+  (value & FD_DSR_DRATEMASK);
+}
+
 static int fdctrl_media_changed(FDrive *drv)
 {
 int ret;
-- 
1.7.7.3

[Qemu-devel] [PATCH v2 09/10] fdc: fix seek command, which shouldn't check tracks

[Hervé Poussineau]

The seek command just sends step pulses to the drive and doesn't care if
there is a medium inserted of if it is banging the head against the drive.

Signed-off-by: Hervé Poussineau 
---
 hw/fdc.c |   13 ++---
 1 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/hw/fdc.c b/hw/fdc.c
index 685ea88..61d70eb 100644
--- a/hw/fdc.c
+++ b/hw/fdc.c
@@ -1599,13 +1599,12 @@ static void fdctrl_handle_seek(FDCtrl *fdctrl, int 
direction)
 SET_CUR_DRV(fdctrl, fdctrl->fifo[1] & FD_DOR_SELMASK);
 cur_drv = get_cur_drv(fdctrl);
 fdctrl_reset_fifo(fdctrl);
-if (fdctrl->fifo[2] > cur_drv->max_track) {
-fdctrl_raise_irq(fdctrl, FD_SR0_ABNTERM | FD_SR0_SEEK);
-} else {
-cur_drv->track = fdctrl->fifo[2];
-/* Raise Interrupt */
-fdctrl_raise_irq(fdctrl, FD_SR0_SEEK);
-}
+/* The seek command just sends step pulses to the drive and doesn't care if
+ * there is a medium inserted of if it's banging the head against the 
drive.
+ */
+cur_drv->track = fdctrl->fifo[2];
+/* Raise Interrupt */
+fdctrl_raise_irq(fdctrl, FD_SR0_SEEK);
 }
 
 static void fdctrl_handle_perpendicular_mode(FDCtrl *fdctrl, int direction)
-- 
1.7.7.3

Re: [Qemu-devel] [PATCH v3 3/8] prep_pci: Update I/O to MemoryRegion ops

[Avi Kivity]

On 01/13/2012 05:09 AM, Andreas Färber wrote:
> Convert to new-style read/write callbacks.
>
>  
> -static uint32_t PPC_PCIIO_readl (void *opaque, target_phys_addr_t addr)
> +static uint64_t ppc_pci_io_read(void *opaque, target_phys_addr_t addr,
> +unsigned int size)
>  {
>  PREPPCIState *s = opaque;
> -uint32_t val;
> -val = pci_data_read(s->bus, PPC_PCIIO_config(addr), 4);
> -return val;
> +switch (size) {
> +case 1:
> +case 2:
> +case 4:
> +return pci_data_read(s->bus, PPC_PCIIO_config(addr), size);
> +default:
> +abort();
> +}
>  }

Huh? just call pci_data_read() unconditionally.

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH][v9] megasas: LSI Megaraid SAS HBA emulation

[Avi Kivity]

On 01/13/2012 06:54 PM, Andreas Färber wrote:
> > +static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
> > +{
> > +int i, is_write = megasas_frame_is_write(cmd);
> > +
> > +for (i = 0; i < cmd->iov_cnt; i++) {
> > +cpu_physical_memory_unmap(cmd->iov[i].iov_base, 
> > cmd->iov[i].iov_len,
> > +  is_write, cmd->iov[i].iov_len);
>
> Not sure, but cpu_physical_memory_* sounds old-fashioned. Might need an
> update to MemoryRegion?

These APIs have not been updated (yet?).

-- 
error compiling committee.c: too many arguments to function

[Qemu-devel] [Bug 916720] [NEW] select fails on windows because a non-socket fd is in the rfds set

[Arie]

Public bug reported:

The select call in file main_loop.c at line 460 fails on windows because
a non-socket fd is in the rfds set. As a result, gdb remote connections
will never be accepted by qemu. The select function returns with -1.
WSAGetLastError returns code 10038 (WSAENOTSOCK).

I start qemu as follows:
qemu-system-arm -cpu cortex-m3 -M lm3s6965evb -nographic -monitor null -serial 
null -semihosting -kernel test1.elf -S -gdb tcp:127.0.0.1:2200

qemu is configure with:
CFLAGS="-O4 -march=i686"
configure --target-list="i386-softmmu arm-softmmu sparc-softmmu ppc-softmmu" 
--prefix=/home/qemu/install --cc=mingw32-gcc --host-cc=mingw32-gcc 
--audio-drv-list="dsound sdl" --audio-card-list="ac97 es1370 sb16 cs4231a adlib 
gus"

** Affects: qemu
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/916720

Title:
  select fails on windows because a non-socket fd is in the rfds set

Status in QEMU:
  New

Bug description:
  The select call in file main_loop.c at line 460 fails on windows
  because a non-socket fd is in the rfds set. As a result, gdb remote
  connections will never be accepted by qemu. The select function
  returns with -1. WSAGetLastError returns code 10038 (WSAENOTSOCK).

  I start qemu as follows:
  qemu-system-arm -cpu cortex-m3 -M lm3s6965evb -nographic -monitor null 
-serial null -semihosting -kernel test1.elf -S -gdb tcp:127.0.0.1:2200

  qemu is configure with:
  CFLAGS="-O4 -march=i686"
  configure --target-list="i386-softmmu arm-softmmu sparc-softmmu ppc-softmmu" 
--prefix=/home/qemu/install --cc=mingw32-gcc --host-cc=mingw32-gcc 
--audio-drv-list="dsound sdl" --audio-card-list="ac97 es1370 sb16 cs4231a adlib 
gus"

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/916720/+subscriptions

Re: [Qemu-devel] [PATCH] rework daemonizing logic in qemu-nbd

[Paolo Bonzini]

On 01/14/2012 01:39 PM, Michael Tokarev wrote:

  if (pid == 0) {
-close(stderr_fd[0]);
-ret = qemu_daemon(0, 0);
-
-/* Temporarily redirect stderr to the parent's pipe...  */
-dup2(stderr_fd[1], STDERR_FILENO);
-if (ret == -1) {
+int nullfd = open("/dev/null", O_RDWR);
+if (nullfd<  0 || setsid()<  0) {
  err(EXIT_FAILURE, "Failed to daemonize");
  }


This is forking only once.


-
-/* ... close the descriptor we inherited and go on.  */
-close(stderr_fd[1]);
-} else {
-bool errors = false;
-char *buf;
-
-/* In the parent.  Print error messages from the child until
- * it closes the pipe.
+/* redirect stdin from /dev/null,
+ * stdout (temporarily) to the pipe to parent,


This is a bit of a hack.


+/* now complete the daemonizing procedure.
+ */
+if (device && !verbose) {
+if (chdir("/") < 0) {
+err(EXIT_FAILURE, "unable to chdir to /");
+}
+/* this redirects stderr to /dev/null */
+dup2(STDIN_FILENO, STDERR_FILENO);
+/* this redirects stdout to /dev/null too, and closes parent pipe */
+dup2(STDIN_FILENO, STDOUT_FILENO);
+}
+


Half of this is already done in client_thread, and that would be the 
place where you should add dup2(0, 1).  Also, the chdir can be moved 
earlier, after bdrv_open.


Paolo

Re: [Qemu-devel] [PATCH 13/23] kvm: convert to MemoryListener API

[Jan Kiszka]

On 2011-12-19 15:13, Avi Kivity wrote:
> Drop the use of cpu_register_phys_memory_client() in favour of the new
> MemoryListener API.  The new API simplifies the caller, since there is no
> need to deal with splitting and merging slots; however this is not exploited
> in this patch.

This breaks graphical grub1 with cirrus-vga in KVM mode. Dunno why yet.

Jan

> 
> Signed-off-by: Avi Kivity 
> ---
>  kvm-all.c |  107 
> -
>  1 files changed, 70 insertions(+), 37 deletions(-)
> 
> diff --git a/kvm-all.c b/kvm-all.c
> index 4f58ae8..138e0a2 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -27,6 +27,7 @@
>  #include "gdbstub.h"
>  #include "kvm.h"
>  #include "bswap.h"
> +#include "memory.h"
>  
>  /* This check must be after config-host.h is included */
>  #ifdef CONFIG_EVENTFD
> @@ -289,16 +290,28 @@ static int 
> kvm_dirty_pages_log_change(target_phys_addr_t phys_addr,
>  return kvm_slot_dirty_pages_log_change(mem, log_dirty);
>  }
>  
> -static int kvm_log_start(CPUPhysMemoryClient *client,
> - target_phys_addr_t phys_addr, ram_addr_t size)
> +static void kvm_log_start(MemoryListener *listener,
> +  MemoryRegionSection *section)
>  {
> -return kvm_dirty_pages_log_change(phys_addr, size, true);
> +int r;
> +
> +r = kvm_dirty_pages_log_change(section->offset_within_address_space,
> +   section->size, true);
> +if (r < 0) {
> +abort();
> +}
>  }
>  
> -static int kvm_log_stop(CPUPhysMemoryClient *client,
> -target_phys_addr_t phys_addr, ram_addr_t size)
> +static void kvm_log_stop(MemoryListener *listener,
> +  MemoryRegionSection *section)
>  {
> -return kvm_dirty_pages_log_change(phys_addr, size, false);
> +int r;
> +
> +r = kvm_dirty_pages_log_change(section->offset_within_address_space,
> +   section->size, false);
> +if (r < 0) {
> +abort();
> +}
>  }
>  
>  static int kvm_set_migration_log(int enable)
> @@ -519,13 +532,15 @@ static int kvm_check_many_ioeventfds(void)
>  return NULL;
>  }
>  
> -static void kvm_set_phys_mem(target_phys_addr_t start_addr, ram_addr_t size,
> - ram_addr_t phys_offset, bool log_dirty)
> +static void kvm_set_phys_mem(MemoryRegionSection *section, bool add)
>  {
>  KVMState *s = kvm_state;
> -ram_addr_t flags = phys_offset & ~TARGET_PAGE_MASK;
>  KVMSlot *mem, old;
>  int err;
> +MemoryRegion *mr = section->mr;
> +bool log_dirty = memory_region_is_logging(mr);
> +target_phys_addr_t start_addr = section->offset_within_address_space;
> +ram_addr_t size = section->size;
>  void *ram = NULL;
>  
>  /* kvm works in page size chunks, but the function may be called
> @@ -533,20 +548,19 @@ static void kvm_set_phys_mem(target_phys_addr_t 
> start_addr, ram_addr_t size,
>  size = TARGET_PAGE_ALIGN(size);
>  start_addr = TARGET_PAGE_ALIGN(start_addr);
>  
> -/* KVM does not support read-only slots */
> -phys_offset &= ~IO_MEM_ROM;
> -
> -if ((phys_offset & ~TARGET_PAGE_MASK) == IO_MEM_RAM) {
> -ram = qemu_safe_ram_ptr(phys_offset);
> +if (!memory_region_is_ram(mr)) {
> +return;
>  }
>  
> +ram = memory_region_get_ram_ptr(mr) + section->offset_within_region;
> +
>  while (1) {
>  mem = kvm_lookup_overlapping_slot(s, start_addr, start_addr + size);
>  if (!mem) {
>  break;
>  }
>  
> -if (flags < IO_MEM_UNASSIGNED && start_addr >= mem->start_addr &&
> +if (add && start_addr >= mem->start_addr &&
>  (start_addr + size <= mem->start_addr + mem->memory_size) &&
>  (ram - start_addr == mem->ram - mem->start_addr)) {
>  /* The new slot fits into the existing one and comes with
> @@ -575,8 +589,7 @@ static void kvm_set_phys_mem(target_phys_addr_t 
> start_addr, ram_addr_t size,
>   * slot comes around later, we will fail (not seen in practice so 
> far)
>   * - and actually require a recent KVM version. */
>  if (s->broken_set_mem_region &&
> -old.start_addr == start_addr && old.memory_size < size &&
> -flags < IO_MEM_UNASSIGNED) {
> +old.start_addr == start_addr && old.memory_size < size && add) {
>  mem = kvm_alloc_slot(s);
>  mem->memory_size = old.memory_size;
>  mem->start_addr = old.start_addr;
> @@ -591,7 +604,6 @@ static void kvm_set_phys_mem(target_phys_addr_t 
> start_addr, ram_addr_t size,
>  }
>  
>  start_addr += old.memory_size;
> -phys_offset += old.memory_size;
>  ram += old.memory_size;
>  size -= old.memory_size;
>  continue;
> @@ -642,8 +654,7 @@ static void kvm_set_phys_mem(target_phys_addr_t 
> start_addr, ram_addr_t size,
>   

Re: [Qemu-devel] [PATCH] use different fd variables for device and socket, unbreak qemu-nbd -c

[Paolo Bonzini]

On 01/14/2012 12:41 PM, Michael Tokarev wrote:

commit a61c67828dea7c64edaf226cadb45b4ffcc1d411
Author: Paolo Bonzini
Date:   Mon Sep 12 17:28:11 2011 +0200

 qemu-nbd: use common main loop

 Using a single main loop for sockets will help yielding from the socket
 coroutine back to the main loop, and later reentering it.

changed code to use local variable "fd" in qemu-nbd.c:main()
in two places: for /dev/nbd device and for control socket.
The result is that qemu-nbd -c $device does not work anymore.

Use two variables - devfs and sockfd - for the two purposes,
instead of one fd.

Signed-Off-By: Michael Tokarev
---
  qemu-nbd.c |   26 +-
  1 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/qemu-nbd.c b/qemu-nbd.c
index eb61c33..e76c782 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -301,7 +301,7 @@ int main(int argc, char **argv)
  int flags = BDRV_O_RDWR;
  int partition = -1;
  int ret;
-int fd;
+int sockfd, devfd;
  int persistent = 0;
  pthread_t client_thread;

@@ -401,13 +401,13 @@ int main(int argc, char **argv)
  }

  if (disconnect) {
-fd = open(argv[optind], O_RDWR);
-if (fd == -1)
+sockfd = open(argv[optind], O_RDWR);
+if (sockfd == -1)
  err(EXIT_FAILURE, "Cannot open %s", argv[optind]);

-nbd_disconnect(fd);
+nbd_disconnect(sockfd);

-close(fd);
+close(sockfd);

  printf("%s disconnected\n", argv[optind]);



This should be devfd.


@@ -470,8 +470,8 @@ int main(int argc, char **argv)
  /* Open before spawning new threads.  In the future, we may
   * drop privileges after opening.
   */
-fd = open(device, O_RDWR);
-if (fd == -1) {
+devfd = open(device, O_RDWR);
+if (devfd == -1) {
  err(EXIT_FAILURE, "Failed to open %s", device);
  }

@@ -501,19 +501,19 @@ int main(int argc, char **argv)
  exp = nbd_export_new(bs, dev_offset, fd_size, nbdflags);

  if (sockpath) {
-fd = unix_socket_incoming(sockpath);
+sockfd = unix_socket_incoming(sockpath);
  } else {
-fd = tcp_socket_incoming(bindto, port);
+sockfd = tcp_socket_incoming(bindto, port);
  }

-if (fd == -1) {
+if (sockfd == -1) {
  return 1;
  }

  if (device) {
  int ret;

-ret = pthread_create(&client_thread, NULL, nbd_client_thread,&fd);
+ret = pthread_create(&client_thread, NULL, nbd_client_thread,&devfd);
  if (ret != 0) {
  errx(EXIT_FAILURE, "Failed to create client thread: %s",
   strerror(ret));
@@ -524,8 +524,8 @@ int main(int argc, char **argv)
  }

  qemu_init_main_loop();
-qemu_set_fd_handler2(fd, nbd_can_accept, nbd_accept, NULL,
- (void *)(uintptr_t)fd);
+qemu_set_fd_handler2(sockfd, nbd_can_accept, nbd_accept, NULL,
+ (void *)(uintptr_t)sockfd);

  do {
  main_loop_wait(false);


Otherwise looks good, I'll fix up and send for inclusion.

Paolo

Re: [Qemu-devel] [PATCH 13/23] kvm: convert to MemoryListener API

[Jan Kiszka]

On 2012-01-15 11:49, Jan Kiszka wrote:
> On 2011-12-19 15:13, Avi Kivity wrote:
>> Drop the use of cpu_register_phys_memory_client() in favour of the new
>> MemoryListener API.  The new API simplifies the caller, since there is no
>> need to deal with splitting and merging slots; however this is not exploited
>> in this patch.
> 
> This breaks graphical grub1 with cirrus-vga in KVM mode. Dunno why yet.

In fact, it breaks all vga types in that scenario.

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] qemu-nbd daemonizing?

[Paolo Bonzini]

On 01/14/2012 10:26 AM, Michael Tokarev wrote:

After looking at the yesterdays issue with non-absolute
paths for qemu-nbd arguments and daemon(3), I've a
question.

Why qemu-nbd daemonizes, and does that only when device
argument is given (dropping -v/verbose case for now)?

This raises two questions:

  - shouldn't it do the same daemonizing in case of usual
tcp export?


Perhaps yes, but in that case you cannot use "qemu-nbd -d" to kill the 
daemonized process.  Also, one of the best things of systemd is that it 
handles daemonization on its own, so nowadays it is better not to have 
process send themselves into background by default.



  - shouldn't the daemonizing itself be controlled by an
option (like -d), and why we can't just send it to
background using "&" shell constuct?


Daemonization does more than "&" (the double fork+setsid process).


And while at it, I wonder why it is really unix-only?
There's nothing unix-specific in there exept two things:
it is the device handling (/dev/nbdX) and all the hacks
around this (including this daemonizing).  The rest should
work on win32 just fine.


I think it's just historical.

Paolo

[Qemu-devel] [Bug 916720] Re: select fails on windows because a non-socket fd is in the rfds set

[Paolo Bonzini]

Do you know where the non-socket fd comes from?  I have some patches to
improve the situation on Win32 for the main loop, I'll send them next
week to the mailing list.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/916720

Title:
  select fails on windows because a non-socket fd is in the rfds set

Status in QEMU:
  New

Bug description:
  The select call in file main_loop.c at line 460 fails on windows
  because a non-socket fd is in the rfds set. As a result, gdb remote
  connections will never be accepted by qemu. The select function
  returns with -1. WSAGetLastError returns code 10038 (WSAENOTSOCK).

  I start qemu as follows:
  qemu-system-arm -cpu cortex-m3 -M lm3s6965evb -nographic -monitor null 
-serial null -semihosting -kernel test1.elf -S -gdb tcp:127.0.0.1:2200

  qemu is configure with:
  CFLAGS="-O4 -march=i686"
  configure --target-list="i386-softmmu arm-softmmu sparc-softmmu ppc-softmmu" 
--prefix=/home/qemu/install --cc=mingw32-gcc --host-cc=mingw32-gcc 
--audio-drv-list="dsound sdl" --audio-card-list="ac97 es1370 sb16 cs4231a adlib 
gus"

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/916720/+subscriptions

Re: [Qemu-devel] [Bug 902148] Re: qemu-img V1.0 hangs on creating Image (0.15.1 runs)

[Stefan Hajnoczi]

On Sat, Jan 14, 2012 at 3:40 PM, Zhi Yong Wu  wrote:
> On Mon, Jan 9, 2012 at 9:00 PM, Stefan Hajnoczi  wrote:
>> On Mon, Jan 9, 2012 at 11:25 AM, Kevin Wolf  wrote:
>>> Am 20.12.2011 17:49, schrieb Stefan Hajnoczi:
 On Tue, Dec 20, 2011 at 3:25 PM, Michael Niehren
 <902...@bugs.launchpad.net> wrote:
> here we are. Attached the tgz. I am using no spezial distribution, it's a 
> self compiled LFS with
> gcc V4.5.1
>
> Is there a different compiler-call if i use --enable-debug, which then
> works ?

 Richard Sandiford looked at your gcc -fdump-tree-all-details output
 and suggests that this bug has been fixed in gcc 4.5.3:

 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45967

 Using the most recent gcc should fix the issue you are seeing.
>>>
>>> Can we add some workaround? Not sure what will work, maybe a simple
>>> compiler barrier?
>>
>> Sure though it seems like a very rare case - OP was running Linux From
>> Scratch and hence got the broken gcc.  But if someone does a small
>> workaround and tests it then that would be nice.
> How to do this workaround in qemu since it is one gcc bug?

The problem is that that compiler keeps values in registers across a
point where C semantics require that they be reloaded.

There are several ways to force a compiler to reload values including
a barrier (which Kevin suggested) or the volatile keyword.  One of
these techniques can probably be used as a workaround, but it would be
necessary to check gcc 4.5.1 output to make sure it's effective.

I think it's not worth doing unless we think more users will be
affected.  Unless a distro ships the broken compiler version or it's
the latest gcc release that people would build from source, I bet the
number of users is very small.

Stefan

Re: [Qemu-devel] [PATCH] slirp: Remove unused variable and unused code

[Jan Kiszka]

On 2012-01-13 22:16, Stefan Weil wrote:
> Am 05.01.2012 14:18, schrieb Stefan Weil:
>> 9634d9031c140b24c7ca0d8872632207f6ce7275 disabled unused code.
>> This patch removes what was left.
>>
>> If do_pty is 2, the function returns immediately, so any later checks
>> for do_pty == 2 will always fail and can be removed together with
>> the code which is never executed. Then variable master is unused and
>> can be removed, too.
>>
>> This issue was detected by coverity.
>>
>> Cc: Blue Swirl
>> Signed-off-by: Stefan Weil
>> ---
>>   slirp/misc.c |   67
>> ++---
>>   1 files changed, 26 insertions(+), 41 deletions(-)
>>
>> diff --git a/slirp/misc.c b/slirp/misc.c
>> index 6c80e69..3432fbf 100644
>> --- a/slirp/misc.c
>> +++ b/slirp/misc.c
>> @@ -113,7 +113,6 @@ fork_exec(struct socket *so, const char *ex, int
>> do_pty)
>>   struct sockaddr_in addr;
>>   socklen_t addrlen = sizeof(addr);
>>   int opt;
>> -int master = -1;
>>   const char *argv[256];
>>   /* don't want to clobber the original */
>>   char *bptr;
>> @@ -148,32 +147,23 @@ fork_exec(struct socket *so, const char *ex, int
>> do_pty)
>>case -1:
>>   lprint("Error: fork failed: %s\n", strerror(errno));
>>   close(s);
>> -if (do_pty == 2)
>> -   close(master);
>>   return 0;
>>
>>case 0:
>>   setsid();
>>
>>   /* Set the DISPLAY */
>> -if (do_pty == 2) {
>> -(void) close(master);
>> -#ifdef TIOCSCTTY /* X */
>> -ioctl(s, TIOCSCTTY, (char *)NULL);
>> -#endif
>> -} else {
>> -getsockname(s, (struct sockaddr *)&addr,&addrlen);
>> -close(s);
>> -/*
>> - * Connect to the socket
>> - * XXX If any of these fail, we're in trouble!
>> -  */
>> -s = qemu_socket(AF_INET, SOCK_STREAM, 0);
>> -addr.sin_addr = loopback_addr;
>> -do {
>> -ret = connect(s, (struct sockaddr
>> *)&addr, addrlen);
>> -} while (ret<  0&&  errno == EINTR);
>> -}
>> +getsockname(s, (struct sockaddr *)&addr,&addrlen);
>> +close(s);
>> +/*
>> + * Connect to the socket
>> + * XXX If any of these fail, we're in trouble!
>> + */
>> +s = qemu_socket(AF_INET, SOCK_STREAM, 0);
>> +addr.sin_addr = loopback_addr;
>> +do {
>> +ret = connect(s, (struct sockaddr *)&addr, addrlen);
>> +} while (ret<  0&&  errno == EINTR);
>>
>>   dup2(s, 0);
>>   dup2(s, 1);
>> @@ -210,26 +200,21 @@ fork_exec(struct socket *so, const char *ex, int
>> do_pty)
>>
>>default:
>>   qemu_add_child_watch(pid);
>> -if (do_pty == 2) {
>> -close(s);
>> -so->s = master;
>> -} else {
>> -/*
>> - * XXX this could block us...
>> - * XXX Should set a timer here, and if accept() doesn't
>> -  * return after X seconds, declare it a failure
>> -  * The only reason this will block forever is if socket()
>> -  * of connect() fail in the child process
>> -  */
>> -do {
>> -so->s = accept(s, (struct sockaddr
>> *)&addr,&addrlen);
>> -} while (so->s<  0&&  errno == EINTR);
>> -closesocket(s);
>> -opt = 1;
>> -setsockopt(so->s,SOL_SOCKET,SO_REUSEADDR,(char
>> *)&opt,sizeof(int));
>> -opt = 1;
>> -setsockopt(so->s,SOL_SOCKET,SO_OOBINLINE,(char
>> *)&opt,sizeof(int));
>> -}
>> +/*
>> + * XXX this could block us...
>> + * XXX Should set a timer here, and if accept() doesn't
>> + * return after X seconds, declare it a failure
>> + * The only reason this will block forever is if
>> socket()
>> + * of connect() fail in the child process
>> + */
>> +do {
>> +so->s = accept(s, (struct sockaddr
>> *)&addr,&addrlen);
>> +} while (so->s<  0&&  errno == EINTR);
>> +closesocket(s);
>> +opt = 1;
>> +setsockopt(so->s, SOL_SOCKET, SO_REUSEADDR, (char
>> *)&opt, sizeof(int));
>> +opt = 1;
>> +setsockopt(so->s, SOL_SOCKET, SO_OOBINLINE, (char
>> *)&opt, sizeof(int));
>>   fd_nonblock(so->s);
>>
>>   /* Append the telnet options now */
>>
> 
> 
> Ping. Please commit this patch.

Thanks, picked up for my slirp queue.

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [Spice-devel] Vioserial of Windows guest OS on Qemu 0.15

[Stefan Hajnoczi]

2012/1/14 Charles.Tsai-蔡清海-研究發展部 :
>I tested Qemu 0.15 for Windows XP guest OS. But I found that the 
> Virtual Serial I/O driver failed in driver initialization.
>The root cause of this problem is because the hardware resources(I/O 
> in this device) is not allocated to the virtual serial I/O.
>When I debugged on the vioserial driver, no hardware resource actually 
> is allocated to this device.
>This bug seems to be in the area of Qemu. Do you know whom I can 
> consult to fix this problem? Please let me know if you know the group or the 
> person.

I have CCed Vadim (virtio Windows driver) and the QEMU mailing list.

Please post your QEMU command-line so we can see how the guest is configured.

You mentioned that you debugged the driver and hardware resources
weren't allocated.  Do you have a virtio PCI device inside the guest
for this virtio-serial device?  Were you able to tell which part of
driver initialization failed (finding the PCI device, mapping its
resources (BARs), etc)?

Stefan

Re: [Qemu-devel] [PATCH 13/23] kvm: convert to MemoryListener API

[Avi Kivity]

On 01/15/2012 12:52 PM, Jan Kiszka wrote:
> On 2012-01-15 11:49, Jan Kiszka wrote:
> > On 2011-12-19 15:13, Avi Kivity wrote:
> >> Drop the use of cpu_register_phys_memory_client() in favour of the new
> >> MemoryListener API.  The new API simplifies the caller, since there is no
> >> need to deal with splitting and merging slots; however this is not 
> >> exploited
> >> in this patch.
> > 
> > This breaks graphical grub1 with cirrus-vga in KVM mode. Dunno why yet.
>
> In fact, it breaks all vga types in that scenario.
>

An F14 guest works here.  More info, please.

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 2/3] acpi_piix4: Add stub functions for CPU eject callback

[Avi Kivity]

On 01/13/2012 01:11 PM, Vasilis Liaskovitis wrote:
> Signed-off-by: Vasilis Liaskovitis 
> ---
>  hw/acpi_piix4.c |   15 +++
>  1 files changed, 15 insertions(+), 0 deletions(-)
>
> diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
> index d5743b6..8bf30dd 100644
> --- a/hw/acpi_piix4.c
> +++ b/hw/acpi_piix4.c
> @@ -37,6 +37,7 @@
>  
>  #define GPE_BASE 0xafe0
>  #define PROC_BASE 0xaf00
> +#define PROC_EJ_BASE 0xaf20
>

We're adding stuff to piix4 which was never there.  At a minimum this
needs to be documented.  Also needs to be -M pc-1.1 and later only.

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 13/23] kvm: convert to MemoryListener API

[Jan Kiszka]

On 2012-01-15 13:35, Avi Kivity wrote:
> On 01/15/2012 12:52 PM, Jan Kiszka wrote:
>> On 2012-01-15 11:49, Jan Kiszka wrote:
>>> On 2011-12-19 15:13, Avi Kivity wrote:
 Drop the use of cpu_register_phys_memory_client() in favour of the new
 MemoryListener API.  The new API simplifies the caller, since there is no
 need to deal with splitting and merging slots; however this is not 
 exploited
 in this patch.
>>>
>>> This breaks graphical grub1 with cirrus-vga in KVM mode. Dunno why yet.
>>
>> In fact, it breaks all vga types in that scenario.
>>
> 
> An F14 guest works here.  More info, please.

Just try to boot an openSUSE live image (or installation). Grub output
is corrupted, obviously dirty logging is not properly set up in that
graphic mode.

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 13/23] kvm: convert to MemoryListener API

[Avi Kivity]

On 01/15/2012 02:40 PM, Jan Kiszka wrote:
> On 2012-01-15 13:35, Avi Kivity wrote:
> > On 01/15/2012 12:52 PM, Jan Kiszka wrote:
> >> On 2012-01-15 11:49, Jan Kiszka wrote:
> >>> On 2011-12-19 15:13, Avi Kivity wrote:
>  Drop the use of cpu_register_phys_memory_client() in favour of the new
>  MemoryListener API.  The new API simplifies the caller, since there is no
>  need to deal with splitting and merging slots; however this is not 
>  exploited
>  in this patch.
> >>>
> >>> This breaks graphical grub1 with cirrus-vga in KVM mode. Dunno why yet.
> >>
> >> In fact, it breaks all vga types in that scenario.
> >>
> > 
> > An F14 guest works here.  More info, please.
>
> Just try to boot an openSUSE live image (or installation). Grub output
> is corrupted, obviously dirty logging is not properly set up in that
> graphic mode.
>

Downloading now.

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH 13/23] kvm: convert to MemoryListener API

[Avi Kivity]

On 01/15/2012 02:49 PM, Avi Kivity wrote:
> On 01/15/2012 02:40 PM, Jan Kiszka wrote:
> > On 2012-01-15 13:35, Avi Kivity wrote:
> > > On 01/15/2012 12:52 PM, Jan Kiszka wrote:
> > >> On 2012-01-15 11:49, Jan Kiszka wrote:
> > >>> On 2011-12-19 15:13, Avi Kivity wrote:
> >  Drop the use of cpu_register_phys_memory_client() in favour of the new
> >  MemoryListener API.  The new API simplifies the caller, since there is 
> >  no
> >  need to deal with splitting and merging slots; however this is not 
> >  exploited
> >  in this patch.
> > >>>
> > >>> This breaks graphical grub1 with cirrus-vga in KVM mode. Dunno why yet.
> > >>
> > >> In fact, it breaks all vga types in that scenario.
> > >>
> > > 
> > > An F14 guest works here.  More info, please.
> >
> > Just try to boot an openSUSE live image (or installation). Grub output
> > is corrupted, obviously dirty logging is not properly set up in that
> > graphic mode.
> >
>
> Downloading now.
>

Wait, isn't opensuse grub2 based?  Which version should I test?

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH] rework daemonizing logic in qemu-nbd

[Michael Tokarev]

On 15.01.2012 14:42, Paolo Bonzini wrote:
> On 01/14/2012 01:39 PM, Michael Tokarev wrote:
>>   if (pid == 0) {
>> -close(stderr_fd[0]);
>> -ret = qemu_daemon(0, 0);
>> -
>> -/* Temporarily redirect stderr to the parent's pipe...  */
>> -dup2(stderr_fd[1], STDERR_FILENO);
>> -if (ret == -1) {
>> +int nullfd = open("/dev/null", O_RDWR);
>> +if (nullfd<  0 || setsid()<  0) {
>>   err(EXIT_FAILURE, "Failed to daemonize");
>>   }
> 
> This is forking only once.

Is it good or bad?  There's no need to fork twice.  Second
fork (to the one which is already done in daemon(3)) has
been done to work around lack of proper communication between
parent and child in case of using plain daemon(3).  I.e., due
to daemon(3) interface being unflexible/unsuitable for the
current use case.

>> -
>> -/* ... close the descriptor we inherited and go on.  */
>> -close(stderr_fd[1]);
>> -} else {
>> -bool errors = false;
>> -char *buf;
>> -
>> -/* In the parent.  Print error messages from the child until
>> - * it closes the pipe.
>> +/* redirect stdin from /dev/null,
>> + * stdout (temporarily) to the pipe to parent,
> 
> This is a bit of a hack.

There's another way -- to keep the writing pipe end in some
local variable and use that one instead of STDOUT_FILENO.
I can do it that way for sure, just thought it's already
using too much local variables.

>> +/* now complete the daemonizing procedure.
>> + */
>> +if (device && !verbose) {
>> +if (chdir("/") < 0) {
>> +err(EXIT_FAILURE, "unable to chdir to /");
>> +}
>> +/* this redirects stderr to /dev/null */
>> +dup2(STDIN_FILENO, STDERR_FILENO);
>> +/* this redirects stdout to /dev/null too, and closes parent pipe */
>> +dup2(STDIN_FILENO, STDOUT_FILENO);
>> +}
>> +
> 
> Half of this is already done in client_thread, and that would be the place 
> where you should add dup2(0, 1).

I partly disagree.

I wanted to de-couple -c (device) case with daemonizing.
client_thread only works in -c case, but daemonizing in
that case is wrong as I already pointed out in another
email - we should either stop daemonizing here at all
or have a separate option for it.

>  Also, the chdir can be moved earlier, after bdrv_open.

There's no need to, afiacs.  We complete init process and
enter main loop.  Chdir should be done befor entering main
loop, the rest makes no difference (as long as the files
we open will be accessible from cwd).

Thanks,

/mjt

Re: [Qemu-devel] [PATCH 13/23] kvm: convert to MemoryListener API

[Jan Kiszka]

On 2012-01-15 13:50, Avi Kivity wrote:
> On 01/15/2012 02:49 PM, Avi Kivity wrote:
>> On 01/15/2012 02:40 PM, Jan Kiszka wrote:
>>> On 2012-01-15 13:35, Avi Kivity wrote:
 On 01/15/2012 12:52 PM, Jan Kiszka wrote:
> On 2012-01-15 11:49, Jan Kiszka wrote:
>> On 2011-12-19 15:13, Avi Kivity wrote:
>>> Drop the use of cpu_register_phys_memory_client() in favour of the new
>>> MemoryListener API.  The new API simplifies the caller, since there is 
>>> no
>>> need to deal with splitting and merging slots; however this is not 
>>> exploited
>>> in this patch.
>>
>> This breaks graphical grub1 with cirrus-vga in KVM mode. Dunno why yet.
>
> In fact, it breaks all vga types in that scenario.
>

 An F14 guest works here.  More info, please.
>>>
>>> Just try to boot an openSUSE live image (or installation). Grub output
>>> is corrupted, obviously dirty logging is not properly set up in that
>>> graphic mode.
>>>
>>
>> Downloading now.
>>
> 
> Wait, isn't opensuse grub2 based?  Which version should I test?
> 

My test case is 11.4-based, but I think to remember 12.1 is also still
grub1 (luckily...).

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] qemu-nbd daemonizing?

[Michael Tokarev]

On 15.01.2012 14:51, Paolo Bonzini wrote:
> On 01/14/2012 10:26 AM, Michael Tokarev wrote:
>> After looking at the yesterdays issue with non-absolute
>> paths for qemu-nbd arguments and daemon(3), I've a
>> question.
>>
>> Why qemu-nbd daemonizes, and does that only when device
>> argument is given (dropping -v/verbose case for now)?
>>
>> This raises two questions:
>>
>>   - shouldn't it do the same daemonizing in case of usual
>> tcp export?
> 
> Perhaps yes, but in that case you cannot use "qemu-nbd -d" to
> kill the daemonized process.

Sorry?  qemu-nbd -d will connect to the socket the daemonized
daemon is listening on, the same way as it is done now --
nothing really changes there.

> Also, one of the best things of systemd is that it handles
> daemonization on its own, so nowadays it is better not to
> have process send themselves into background by default.

First, not all the world is systemd.  Second, my question was
merely about consistency -- -c does daemonizing currently and
there's no way to stop it from doing so, regular tcp case does
not do any daemonizing.

>>   - shouldn't the daemonizing itself be controlled by an
>> option (like -d), and why we can't just send it to
>> background using "&" shell constuct?
> 
> Daemonization does more than "&" (the double fork+setsid process).

Sure.  We've setsid and shell redirection for that if you wish.

The primary question was why -c daemonizes unconditionally.

>> And while at it, I wonder why it is really unix-only?
>> There's nothing unix-specific in there exept two things:
>> it is the device handling (/dev/nbdX) and all the hacks
>> around this (including this daemonizing).  The rest should
>> work on win32 just fine.
> 
> I think it's just historical.

qemu-nbd was runnable on win32 before, so historically it
was exactly the opposite.  I asked you because you mentioned
it is linux-only for the first time, but indeed, at that
time it wasn't compilable on win32 already.

Thanks,

/mjt

Re: [Qemu-devel] [PATCH] use different fd variables for device and socket, unbreak qemu-nbd -c

[Michael Tokarev]

On 15.01.2012 14:45, Paolo Bonzini wrote:
> On 01/14/2012 12:41 PM, Michael Tokarev wrote:
>> commit a61c67828dea7c64edaf226cadb45b4ffcc1d411
>> Author: Paolo Bonzini
>> Date:   Mon Sep 12 17:28:11 2011 +0200
>>
>>  qemu-nbd: use common main loop
>>
>>  Using a single main loop for sockets will help yielding from the socket
>>  coroutine back to the main loop, and later reentering it.
>>
>> changed code to use local variable "fd" in qemu-nbd.c:main()
>> in two places: for /dev/nbd device and for control socket.
>> The result is that qemu-nbd -c $device does not work anymore.
>>
>> Use two variables - devfs and sockfd - for the two purposes,
>> instead of one fd.
>>
>> Signed-Off-By: Michael Tokarev
>> ---
>>   qemu-nbd.c |   26 +-
>>   1 files changed, 13 insertions(+), 13 deletions(-)
>>
>> diff --git a/qemu-nbd.c b/qemu-nbd.c
>> index eb61c33..e76c782 100644
>> --- a/qemu-nbd.c
>> +++ b/qemu-nbd.c
>> @@ -301,7 +301,7 @@ int main(int argc, char **argv)
>>   int flags = BDRV_O_RDWR;
>>   int partition = -1;
>>   int ret;
>> -int fd;
>> +int sockfd, devfd;
>>   int persistent = 0;
>>   pthread_t client_thread;
>>
>> @@ -401,13 +401,13 @@ int main(int argc, char **argv)
>>   }
>>
>>   if (disconnect) {
>> -fd = open(argv[optind], O_RDWR);
>> -if (fd == -1)
>> +sockfd = open(argv[optind], O_RDWR);
>> +if (sockfd == -1)
>>   err(EXIT_FAILURE, "Cannot open %s", argv[optind]);
>>
>> -nbd_disconnect(fd);
>> +nbd_disconnect(sockfd);
>>
>> -close(fd);
>> +close(sockfd);
>>
>>   printf("%s disconnected\n", argv[optind]);
> 
> This should be devfd.

Yes indeed.  In that case make it nbdfd not devfd - there are other
variables prefixed "nbd" already.

[]
> Otherwise looks good, I'll fix up and send for inclusion.

Thanks!

FWIW, it is not -stable material, since 1.0 isn't broken yet ;)

/mjt

Re: [Qemu-devel] The reversion of hot adding a storage disk to Linux guest.

[Shu Ming]

No other comments? Anyway,  I think we need a way to hot unplug a 
storage disk from the guest totally exactly liking to remove a disk 
physically.  After that unplugging, linux guest can not  bring back the 
disk by any command.

On 2012-1-12 16:57, Shu Ming wrote:

Hi,
  I am testing the hot plug of scsi disk to the KVM Linux guest with 
the following command.


  [root@kvm-rhel-01 bin]# ./virsh qemu-monitor-command RHEL6.1-C 
"pci_add auto storage file=/nfs/images/storage1-qcow2.img,if=scsi"

OK domian 0, bus 0, slot 7, function 0
  [root@kvm-rhel-01 bin]# lspci
...
00:05.0 SCSI storage controller: Red Hat, Inc Virtio block device
00:06.0 RAM memory: Red Hat, Inc Virtio memory balloon
00:07.0 SCSI storage controller: LSI Logic / Symbios Logic 53c895a 
<---new deviced added


 in the KVM guest:
  [root@RHEL6 ~]#cat /proc/scsi/scsi
Attached devices:
Host: scsi1 Channel: 00 Id:  00 Lun: 00
  Vendor:  QEMUModel: QEMU DVD-ROMRev:  1.0.
   Type:CD-ROM
Host: scsi2  Channel: 00  Id:  00 Lun: 00
   Vendor:  QEMUModel: QEMU HARDDISKRev:  1.0.
Type:  Direct-AccessANSISCSI revision:  05 
<--new scsi disk attached


  The command successfully created a HBA device in the guest and also 
a scsi disk was enumerated under the HBA device.  My next request is 
to hot detach the scsi disk from the HBA device, not necessarily 
detach the HBA device.  That is to emulate the swapping  out of the 
scsi disk from a physical machine and to release the image file in the 
backend.  Because the scsi disk is not PCI device,  "pci_del" command 
can not be used in this case.  Can we have a way to send some commands 
to notice the HBA device to offline the scsi disk?  By that way, HBA 
device can do some cleanup in their driver to fully offline the scsi 
disk.


BTW: In the linux guest, we can do "echo "scsi remove-single-device 2 
0 0 0" > /proc/scsi/scsi" to disable the disk.  But I don't think it 
is fully removed, because you can bring it back again by "echo "scsi 
add-single-device 2 0 0 0" > /proc/scsi/scsi"





--
Shu Ming
IBM China Systems and Technology Laboratory

[Qemu-devel] [PATCH] kvm: flush the dirty log when unregistering a slot

[Avi Kivity]

Otherwise, the dirty log information is lost in the kernel forever.

Fixes opensuse-12.1 boot screen, which changes the vga windows rapidly.

Signed-off-by: Avi Kivity 
---

This patch gives me a deja vu - I'm sure I've fixed exactly the same issue
before.

Please test.

 kvm-all.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/kvm-all.c b/kvm-all.c
index 3174f42..2cc4562 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -566,6 +566,10 @@ static void kvm_set_phys_mem(MemoryRegionSection *section, 
bool add)
 
 old = *mem;
 
+if (mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
+kvm_physical_sync_dirty_bitmap(section);
+}
+
 /* unregister the overlapping slot */
 mem->memory_size = 0;
 err = kvm_set_user_memory_region(s, mem);
-- 
1.7.7.1

Re: [Qemu-devel] [PATCH] kvm: flush the dirty log when unregistering a slot

[Jan Kiszka]

On 2012-01-15 15:17, Avi Kivity wrote:
> Otherwise, the dirty log information is lost in the kernel forever.
> 
> Fixes opensuse-12.1 boot screen, which changes the vga windows rapidly.

Confirmed, problems solved here.

Thanks,
Jan

> 
> Signed-off-by: Avi Kivity 
> ---
> 
> This patch gives me a deja vu - I'm sure I've fixed exactly the same issue
> before.
> 
> Please test.
> 
>  kvm-all.c |4 
>  1 files changed, 4 insertions(+), 0 deletions(-)
> 
> diff --git a/kvm-all.c b/kvm-all.c
> index 3174f42..2cc4562 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -566,6 +566,10 @@ static void kvm_set_phys_mem(MemoryRegionSection 
> *section, bool add)
>  
>  old = *mem;
>  
> +if (mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
> +kvm_physical_sync_dirty_bitmap(section);
> +}
> +
>  /* unregister the overlapping slot */
>  mem->memory_size = 0;
>  err = kvm_set_user_memory_region(s, mem);
> -- 1.7.7.1
> 




signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] Add virtio-blk-drive-serial test

[Anthony Liguori]

On 01/13/2012 03:49 PM, Ryan Harper wrote:

We can test out the virtio-blk drive serial number by generating and then
reading it back via the file in sysfs.

Signed-off-by: Ryan Harper


Applied.  Thanks.

Regards,

Anthony Liguori


---
  tests/virtio-blk-drive-serial.sh |   40 ++
  1 files changed, 40 insertions(+), 0 deletions(-)
  create mode 100755 tests/virtio-blk-drive-serial.sh

diff --git a/tests/virtio-blk-drive-serial.sh b/tests/virtio-blk-drive-serial.sh
new file mode 100755
index 000..0586f97
--- /dev/null
+++ b/tests/virtio-blk-drive-serial.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+serial="0123456789abcdefghi"
+
+in_host() {
+tmpdisk=$tmpdir/disk.img
+qemu-img create -f qcow2 $tmpdisk 10G
+
+qemu -nographic -enable-kvm \
+-drive 
file=$tmpdisk,if=none,id=drive-virtio-disk0,format=raw,cache=none,serial=$serial
 \
+-device 
virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0
+rc=$?
+
+rm $tmpdisk
+return $rc
+}
+
+in_guest() {
+sysfspath=/sys/block/vda
+if ! test -e $sysfspath; then
+echo "Device not visible!"
+return 1
+fi
+
+guest_serial=`cat $sysfspath/serial`
+
+if test "$guest_serial" != "$serial"; then
+echo "drive has wrong serial!"
+echo "Expected '$serial', got '$guest_serial'"
+return 2
+fi
+
+return 0
+}
+
+if test $QEMU_TEST; then
+in_host
+else
+in_guest
+fi

[Qemu-devel] [PULL] Fix for kvm dirty logging

[Avi Kivity]

kvm dirty logging is broken in the presence of memory slots being
removed; this breaks opensuse's boot screen.  Following patch fixes:

  git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git memory/urgent


Avi Kivity (1):
  kvm: flush the dirty log when unregistering a slot

 kvm-all.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/kvm-all.c b/kvm-all.c
index 3174f42..2cc4562 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -566,6 +566,10 @@ static void kvm_set_phys_mem(MemoryRegionSection
*section, bool add)
 
 old = *mem;
 
+if (mem->flags & KVM_MEM_LOG_DIRTY_PAGES) {
+kvm_physical_sync_dirty_bitmap(section);
+}
+
 /* unregister the overlapping slot */
 mem->memory_size = 0;
 err = kvm_set_user_memory_region(s, mem);

-- 
error compiling committee.c: too many arguments to function

Re: [Qemu-devel] [PATCH] isapc: Fix segfault during initialization

[Anthony Liguori]

On 01/14/2012 07:12 AM, Jan Kiszka wrote:

From: Jan Kiszka

Linking the RTC device state to the PIIX does not belong into the
common path that is shared with the isapc. QEMU crashes otherwise.

Signed-off-by: Jan Kiszka


Does isapc actually work for you?  I tried to write a qemu-test test case 
(attached below) to help prevent future regressions.  I can reproduce your SEGV 
but with your patch applied, I get no output (not even the BIOS runs).


Here's the command line.  Even a simple 'qemu-system-x86_64 -M isapc' 
reproduces it:

/home/anthony/build/qemu/x86_64-softmmu/qemu-system-x86_64 -kernel 
bin/vmlinuz-3.0 -initrd .tmp-3510/initramfs-3510.img.gz -append console=ttyS0 
seed=24689 -M isapc -pidfile .tmp-3510/pidfile-3510.pid -qmp 
unix:.tmp-3510/qmpsock-3510.sock,server,nowait


Regards,

Anthony Liguori



---
  hw/pc_piix.c |   22 +++---
  1 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/hw/pc_piix.c b/hw/pc_piix.c
index b70431f..3aea3cc 100644
--- a/hw/pc_piix.c
+++ b/hw/pc_piix.c
@@ -201,6 +201,17 @@ static void pc_init1(MemoryRegion *system_memory,
  }
  idebus[0] = qdev_get_child_bus(&dev->qdev, "ide.0");
  idebus[1] = qdev_get_child_bus(&dev->qdev, "ide.1");
+
+/* FIXME there's some major spaghetti here.  Somehow we create the
+ * devices on the PIIX before we actually create it.  We create the
+ * PIIX3 deep in the recess of the i440fx creation too and then lose
+ * the DeviceState.
+ *
+ * For now, let's "fix" this by making judicious use of paths.  This
+ * is not generally the right way to do this.
+ */
+qdev_property_add_child(qdev_resolve_path("/i440fx/piix3", NULL),
+"rtc", (DeviceState *)rtc_state, NULL);
  } else {
  for(i = 0; i<  MAX_IDE_BUS; i++) {
  ISADevice *dev;
@@ -211,17 +222,6 @@ static void pc_init1(MemoryRegion *system_memory,
  }
  }

-/* FIXME there's some major spaghetti here.  Somehow we create the devices
- * on the PIIX before we actually create it.  We create the PIIX3 deep in
- * the recess of the i440fx creation too and then lose the DeviceState.
- *
- * For now, let's "fix" this by making judicious use of paths.  This is not
- * generally the right way to do this.
- */
-
-qdev_property_add_child(qdev_resolve_path("/i440fx/piix3", NULL),
-"rtc", (DeviceState *)rtc_state, NULL);
-
  audio_init(isa_bus, pci_enabled ? pci_bus : NULL);

  pc_cmos_init(below_4g_mem_size, above_4g_mem_size, boot_device,




isapc.sh
Description: application/shellscript

Re: [Qemu-devel] [PATCH] Add virtio-blk-drive-serial test

[Anthony Liguori]

On 01/13/2012 07:25 PM, Zhi Yong Wu wrote:

On Sat, Jan 14, 2012 at 9:03 AM, Zhi Yong Wu  wrote:

On Sat, Jan 14, 2012 at 5:49 AM, Ryan Harper  wrote:

We can test out the virtio-blk drive serial number by generating and then
reading it back via the file in sysfs.

Signed-off-by: Ryan Harper
---
  tests/virtio-blk-drive-serial.sh |   40 ++
  1 files changed, 40 insertions(+), 0 deletions(-)
  create mode 100755 tests/virtio-blk-drive-serial.sh

diff --git a/tests/virtio-blk-drive-serial.sh b/tests/virtio-blk-drive-serial.sh
new file mode 100755
index 000..0586f97
--- /dev/null
+++ b/tests/virtio-blk-drive-serial.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+serial="0123456789abcdefghi"
+
+in_host() {
+tmpdisk=$tmpdir/disk.img
+qemu-img create -f qcow2 $tmpdisk 10G
+
+qemu -nographic -enable-kvm \
+-drive 
file=$tmpdisk,if=none,id=drive-virtio-disk0,format=raw,cache=none,serial=$serial
 \
+-device 
virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0
+rc=$?
+
+rm $tmpdisk
+return $rc
+}
+
+in_guest() {
+sysfspath=/sys/block/vda
+if ! test -e $sysfspath; then
+echo "Device not visible!"
+return 1
+fi
+
+guest_serial=`cat $sysfspath/serial`
+
+if test "$guest_serial" != "$serial"; then
+echo "drive has wrong serial!"
+echo "Expected '$serial', got '$guest_serial'"
+return 2
+fi
+
+return 0
+}

How will you make in_guest() run in that guest system?
From the code below, i guess that qtest framework make sure it.


qemu-test.  qtest is something different.

The script is copied into the initramfs used to run the guest.  QEMU_TEST=1 only 
in the host so the code below invokes in_guest only in the guest.


Regards,

Anthony Liguori


+
+if test $QEMU_TEST; then
+in_host
+else
+in_guest
+fi
--
1.7.6






--
Regards,

Zhi Yong Wu

Re: [Qemu-devel] [PATCH] isapc: Fix segfault during initialization

[Jan Kiszka]

On 2012-01-15 15:38, Anthony Liguori wrote:
> On 01/14/2012 07:12 AM, Jan Kiszka wrote:
>> From: Jan Kiszka
>>
>> Linking the RTC device state to the PIIX does not belong into the
>> common path that is shared with the isapc. QEMU crashes otherwise.
>>
>> Signed-off-by: Jan Kiszka
> 
> Does isapc actually work for you?  I tried to write a qemu-test test
> case (attached below) to help prevent future regressions.  I can
> reproduce your SEGV but with your patch applied, I get no output (not
> even the BIOS runs).
> 
> Here's the command line.  Even a simple 'qemu-system-x86_64 -M isapc'
> reproduces it:
> 
> /home/anthony/build/qemu/x86_64-softmmu/qemu-system-x86_64 -kernel
> bin/vmlinuz-3.0 -initrd .tmp-3510/initramfs-3510.img.gz -append
> console=ttyS0 seed=24689 -M isapc -pidfile .tmp-3510/pidfile-3510.pid
> -qmp unix:.tmp-3510/qmpsock-3510.sock,server,nowait

You need to update seabios to the last release at least (should have
been done much earlier), and it only works for KVM (as that mode ignores
some ROM write protections where seabios obviously has some troubles with).

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] kvm: flush the dirty log when unregistering a slot

[Gerhard Wiesinger]

On Sun, 15 Jan 2012, Jan Kiszka wrote:


On 2012-01-15 15:17, Avi Kivity wrote:

Otherwise, the dirty log information is lost in the kernel forever.

Fixes opensuse-12.1 boot screen, which changes the vga windows rapidly.


Confirmed, problems solved here.


Problem from: http://permalink.gmane.org/gmane.comp.emulators.qemu/131853

Confirmed to be fixed, too. Long awaited patch :-)

BTW: There is also a major difference in video performance:
1.) With Patch: 1400MB/s (MByte/s)
2.) Without Patch: 6MB/s

Any reason for that?

Ciao,
Gerhard

--
http://www.wiesinger.com/

[Qemu-devel] [PATCH v2] rework daemonizing logic in qemu-nbd

[Michael Tokarev]

qemu-nbd uses daemon(3) routine to daemonize, and while
at it, it uses several hacks to make daemon(3) to work
as intended.  Instead of all these hacks, implement
daemon(3) functionality (which is a very simple function)
directly but in a way which is much more suitable for the
use case. It lets us to remove several hacks completely,
and stop using daemon() which is marked as deprecated
on e.g. MacOS.  Some more hacks around daemon(3) will
be removed in subsequent series.

This patch, while decoupling daemon(3), also moves chdir(/)
to the place before main loop, which fixes a problem with
relative pathnames.

Signed-Off-By: Michael Tokarev 
---
 qemu-nbd.c |   81 ++-
 1 files changed, 47 insertions(+), 34 deletions(-)

diff --git a/qemu-nbd.c b/qemu-nbd.c
index e76c782..1dfef16 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -32,6 +32,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #define SOCKET_PATH"/var/lock/qemu-nbd-%s"
 
@@ -304,6 +305,7 @@ int main(int argc, char **argv)
 int sockfd, devfd;
 int persistent = 0;
 pthread_t client_thread;
+int cpipefd = -1;
 
 /* The client thread uses SIGTERM to interrupt the server.  A signal
  * handler ensures that "qemu-nbd -v -c" exits with a nice status code.
@@ -415,54 +417,53 @@ int main(int argc, char **argv)
 }
 
 if (device && !verbose) {
-int stderr_fd[2];
+int cpipe[2];
 pid_t pid;
-int ret;
 
-if (qemu_pipe(stderr_fd) == -1) {
+if (qemu_pipe(cpipe) == -1) {
 err(EXIT_FAILURE, "Error setting up communication pipe");
 }
 
-/* Now daemonize, but keep a communication channel open to
- * print errors and exit with the proper status code.
+/* Now daemonize, but keep a communication channel open.
  */
 pid = fork();
 if (pid == 0) {
-close(stderr_fd[0]);
-ret = qemu_daemon(0, 0);
-
-/* Temporarily redirect stderr to the parent's pipe...  */
-dup2(stderr_fd[1], STDERR_FILENO);
-if (ret == -1) {
+int nullfd = open("/dev/null", O_RDWR);
+if (nullfd < 0 || setsid() < 0) {
 err(EXIT_FAILURE, "Failed to daemonize");
 }
-
-/* ... close the descriptor we inherited and go on.  */
-close(stderr_fd[1]);
-} else {
-bool errors = false;
-char *buf;
-
-/* In the parent.  Print error messages from the child until
- * it closes the pipe.
+/* redirect stdin and stdout to/from /dev/null,
+ * and keep stderr for error report.
+ * When initializing is done, redirect stderr
+ * to /dev/null (stdin) and close the pipe.
  */
-close(stderr_fd[1]);
-buf = g_malloc(1024);
-while ((ret = read(stderr_fd[0], buf, 1024)) > 0) {
-errors = true;
-ret = qemu_write_full(STDERR_FILENO, buf, ret);
-if (ret == -1) {
-exit(EXIT_FAILURE);
-}
+if (nullfd != STDIN_FILENO) {
+dup2(nullfd, STDIN_FILENO);
+close(nullfd);
 }
-if (ret == -1) {
+close(cpipe[0]);
+cpipefd = cpipe[1];
+} else if (pid < 0) {
+err(EXIT_FAILURE, "Failed to daemonize");
+} else {
+close(cpipe[1]);
+/* In parent, just a dummy read till the pipe gets closed.
+ * When it does, check process exit status using waitpid().
+ */
+ret = read(cpipe[0], &ret, sizeof(ret));
+pid = waitpid(pid, &ret, WNOHANG);
+if (pid < 0) {
 err(EXIT_FAILURE, "Cannot read from daemon");
 }
-
-/* Usually the daemon should not print any message.
- * Exit with zero status in that case.
- */
-exit(errors);
+return
+  /* waitpid(pid, WNOHANG) returns 0 if the process
+   * in question did not change state. In this case
+   * we assume our child successfully initialized and
+   * is now running, so exit succcessfully here.
+   */
+  pid == 0 ? 0 :
+  /* else our child exited, so return its exit status */
+  WIFEXITED(ret) ? WEXITSTATUS(ret) : 1;
 }
 }
 
@@ -527,6 +528,18 @@ int main(int argc, char **argv)
 qemu_set_fd_handler2(sockfd, nbd_can_accept, nbd_accept, NULL,
  (void *)(uintptr_t)sockfd);
 
+/* now complete the daemonizing procedure.
+ */
+if (device && !verbose) {
+if (chdir("/") < 0) {
+err(EXIT_FAILURE, "unable to chdir to /");
+}
+/* this redirects stderr to /dev/null */
+dup2(STDIN_FILENO, STDERR_FILENO);

[Qemu-devel] [PATCH 0/3] Support configurable CPU Model-Specific Registers (MSRs) in cpudefs

[Josh Triplett]

This patch series adds configuration options allowing CPU definitions to
support rdmsr on arbitrary MSRs with corresponding values, and to GPF on
unknown MSRs.  This allows better emulation of CPU-specific behavior.  I plan
to use this to allow testing many of the CPU-specific tests in BITS
(http://biosbits.org/) via qemu/kvm rather than always via real systems with
the CPUs in question.

I've attached a sample configuration file for these new options, created
by copying the "Nehalem" CPU definition from the standard configuration
file and adding "NehalemGPF" and "NehalemMSR" definitions which take
advantage of the first and the first two patches, respectively.  This
sample configuration makes it easy to validate the behavior added by the
first two patches.

I used a QDict to store the map from MSR numbers to values.  Unfortunately,
QDict only supports strings as keys, so I had to format the MSR as a hex string
before looking it up.

The third patch in the series provides a bugfix for CPU definition parsing,
which will otherwise add a partial CPU definition (up to the parse failure) to
the list of CPU definitions.

Written on the plane to linux.conf.au.

Josh Triplett (3):
  Add cpudef option to GPF on unknown MSRs
  Support arbitrary additional MSRs in cpu definitions
  Handle parse failures in CPU definitions, and avoid adding a partial
cpudef

 qemu-config.c   |6 
 target-i386/cpu.h   |6 
 target-i386/cpuid.c |   59 ++-
 target-i386/op_helper.c |   36 +---
 4 files changed, 102 insertions(+), 5 deletions(-)

-- 
1.7.8.3

[Qemu-devel] [PATCH 1/3] Add cpudef option to GPF on unknown MSRs

[Josh Triplett]

qemu normally returns 0 for rdmsr of an unknown MSR, and silently
ignores wrmsr of an unknown MSR.  Add a new msr_gpf option to cpudef,
which when enabled causes qemu to generate a GPF on any access to an
unknown MSR.

This option allows qemu to better support software which detects the
availability of MSRs and their associated features by handling GPFs.

Signed-off-by: Josh Triplet 
---
 qemu-config.c   |3 +++
 target-i386/cpu.h   |1 +
 target-i386/cpuid.c |9 +
 target-i386/op_helper.c |   16 
 4 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/qemu-config.c b/qemu-config.c
index ecc88e8..8f9f16e 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -416,6 +416,9 @@ static QemuOptsList qemu_cpudef_opts = {
 },{
 .name = "vendor_override",
 .type = QEMU_OPT_NUMBER,
+},{
+.name = "msr_gpf",
+.type = QEMU_OPT_BOOL,
 },
 { /* end of list */ }
 },
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index 37dde79..c37cb30 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -734,6 +734,7 @@ typedef struct CPUX86State {
 /* Store the results of Centaur's CPUID instructions */
 uint32_t cpuid_xlevel2;
 uint32_t cpuid_ext4_features;
+bool msr_gpf;
 
 /* MTRRs */
 uint64_t mtrr_fixed[11];
diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 91a104b..8cbbe9b 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -234,6 +234,7 @@ typedef struct x86_def_t {
 /* Store the results of Centaur's CPUID instructions */
 uint32_t ext4_features;
 uint32_t xlevel2;
+bool msr_gpf;
 } x86_def_t;
 
 #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
@@ -547,6 +548,8 @@ static int cpu_x86_fill_host(x86_def_t *x86_cpu_def)
  */
 x86_cpu_def->svm_features = -1;
 
+x86_cpu_def->msr_gpf = false;
+
 return 0;
 }
 
@@ -842,6 +845,8 @@ void x86_cpu_list(FILE *f, fprintf_function cpu_fprintf, 
const char *optarg)
 0);
 (*cpu_fprintf)(f, "  extfeature_ecx %08x (%s)\n",
 def->ext3_features, buf);
+if (def->msr_gpf)
+(*cpu_fprintf)(f, "  GPF on unknown MSRs\n");
 (*cpu_fprintf)(f, "\n");
 }
 }
@@ -884,6 +889,7 @@ int cpu_x86_register (CPUX86State *env, const char 
*cpu_model)
 env->cpuid_svm_features = def->svm_features;
 env->cpuid_ext4_features = def->ext4_features;
 env->cpuid_xlevel2 = def->xlevel2;
+env->msr_gpf = def->msr_gpf;
 env->tsc_khz = def->tsc_khz;
 if (!kvm_enabled()) {
 env->cpuid_features &= TCG_FEATURES;
@@ -995,6 +1001,8 @@ static int cpudef_setfield(const char *name, const char 
*str, void *opaque)
 setfeatures(&def->ext3_features, str, ext3_feature_name, &err);
 } else if (!strcmp(name, "xlevel")) {
 setscalar(&def->xlevel, str, &err)
+} else if (!strcmp(name, "msr_gpf")) {
+/* Handled in cpudef_register */
 } else {
 fprintf(stderr, "error: unknown option [%s = %s]\n", name, str);
 return (1);
@@ -1013,6 +1021,7 @@ static int cpudef_register(QemuOpts *opts, void *opaque)
 x86_def_t *def = g_malloc0(sizeof (x86_def_t));
 
 qemu_opt_foreach(opts, cpudef_setfield, def, 1);
+def->msr_gpf = qemu_opt_get_bool(opts, "msr_gpf", false);
 def->next = x86_defs;
 x86_defs = def;
 return (0);
diff --git a/target-i386/op_helper.c b/target-i386/op_helper.c
index 2aea71b..f782f03 100644
--- a/target-i386/op_helper.c
+++ b/target-i386/op_helper.c
@@ -3292,7 +3292,10 @@ void helper_wrmsr(void)
 env->mce_banks[offset] = val;
 break;
 }
-/* XXX: exception ? */
+if (env->msr_gpf) {
+raise_exception(EXCP0D_GPF);
+return;
+}
 break;
 }
 }
@@ -3400,8 +3403,10 @@ void helper_rdmsr(void)
 case MSR_MTRRcap:
 if (env->cpuid_features & CPUID_MTRR)
 val = MSR_MTRRcap_VCNT | MSR_MTRRcap_FIXRANGE_SUPPORT | 
MSR_MTRRcap_WC_SUPPORTED;
-else
-/* XXX: exception ? */
+else if (env->msr_gpf) {
+raise_exception(EXCP0D_GPF);
+return;
+} else
 val = 0;
 break;
 case MSR_MCG_CAP:
@@ -3426,7 +3431,10 @@ void helper_rdmsr(void)
 val = env->mce_banks[offset];
 break;
 }
-/* XXX: exception ? */
+if (env->msr_gpf) {
+raise_exception(EXCP0D_GPF);
+return;
+}
 val = 0;
 break;
 }
-- 
1.7.8.3

[Qemu-devel] [PATCH 2/3] Support arbitrary additional MSRs in cpu definitions

[Josh Triplett]

CPU definitions can now define arbitrary additional MSRs, and rdmsr will
support those MSRs and return the corresponding values.

Signed-off-by: Josh Triplett 
---
 qemu-config.c   |3 +++
 target-i386/cpu.h   |5 +
 target-i386/cpuid.c |   45 +
 target-i386/op_helper.c |   20 
 4 files changed, 73 insertions(+), 0 deletions(-)

diff --git a/qemu-config.c b/qemu-config.c
index 8f9f16e..a675ba7 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -419,6 +419,9 @@ static QemuOptsList qemu_cpudef_opts = {
 },{
 .name = "msr_gpf",
 .type = QEMU_OPT_BOOL,
+},{
+.name = "msr",
+.type = QEMU_OPT_STRING,
 },
 { /* end of list */ }
 },
diff --git a/target-i386/cpu.h b/target-i386/cpu.h
index c37cb30..3c0f8f1 100644
--- a/target-i386/cpu.h
+++ b/target-i386/cpu.h
@@ -613,6 +613,8 @@ typedef struct {
 
 #define NB_MMU_MODES 2
 
+struct QDict;
+
 typedef struct CPUX86State {
 /* standard registers */
 target_ulong regs[CPU_NB_REGS];
@@ -735,6 +737,9 @@ typedef struct CPUX86State {
 uint32_t cpuid_xlevel2;
 uint32_t cpuid_ext4_features;
 bool msr_gpf;
+#ifdef CONFIG_SOFTMMU
+struct QDict *msr_dict;
+#endif
 
 /* MTRRs */
 uint64_t mtrr_fixed[11];
diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index 8cbbe9b..ea55f69 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -26,6 +26,10 @@
 
 #include "qemu-option.h"
 #include "qemu-config.h"
+#ifdef CONFIG_SOFTMMU
+#include "qdict.h"
+#include "qint.h"
+#endif
 
 /* feature flags taken from "Intel Processor Identification and the CPUID
  * Instruction" and AMD's "CPUID Specification".  In cases of disagreement
@@ -235,6 +239,9 @@ typedef struct x86_def_t {
 uint32_t ext4_features;
 uint32_t xlevel2;
 bool msr_gpf;
+#ifdef CONFIG_SOFTMMU
+QDict *msr_dict;
+#endif
 } x86_def_t;
 
 #define I486_FEATURES (CPUID_FP87 | CPUID_VME | CPUID_PSE)
@@ -624,6 +631,9 @@ static int cpu_x86_find_by_name(x86_def_t *x86_cpu_def, 
const char *cpu_model)
 goto error;
 } else {
 memcpy(x86_cpu_def, def, sizeof(*def));
+#ifdef CONFIG_SOFTMMU
+QINCREF(def->msr_dict);
+#endif
 }
 
 plus_kvm_features = ~0; /* not supported bits will be filtered out later */
@@ -847,6 +857,17 @@ void x86_cpu_list(FILE *f, fprintf_function cpu_fprintf, 
const char *optarg)
 def->ext3_features, buf);
 if (def->msr_gpf)
 (*cpu_fprintf)(f, "  GPF on unknown MSRs\n");
+#ifdef CONFIG_SOFTMMU
+if (def->msr_dict) {
+const QDictEntry *entry;
+(*cpu_fprintf)(f, "  Additional MSRs:\n");
+for (entry = qdict_first(def->msr_dict); entry;
+ entry = qdict_next(def->msr_dict, entry))
+(*cpu_fprintf)(f, "MSR 0x%s = 0x%" PRIx64 "\n",
+qdict_entry_key(entry),
+
(uint64_t)qint_get_int(qobject_to_qint(qdict_entry_value(entry;
+}
+#endif
 (*cpu_fprintf)(f, "\n");
 }
 }
@@ -890,6 +911,10 @@ int cpu_x86_register (CPUX86State *env, const char 
*cpu_model)
 env->cpuid_ext4_features = def->ext4_features;
 env->cpuid_xlevel2 = def->xlevel2;
 env->msr_gpf = def->msr_gpf;
+#ifdef CONFIG_SOFTMMU
+env->msr_dict = def->msr_dict;
+QINCREF(def->msr_dict);
+#endif
 env->tsc_khz = def->tsc_khz;
 if (!kvm_enabled()) {
 env->cpuid_features &= TCG_FEATURES;
@@ -1003,6 +1028,26 @@ static int cpudef_setfield(const char *name, const char 
*str, void *opaque)
 setscalar(&def->xlevel, str, &err)
 } else if (!strcmp(name, "msr_gpf")) {
 /* Handled in cpudef_register */
+} else if (!strcmp(name, "msr")) {
+#ifdef CONFIG_SOFTMMU
+int chars;
+def->msr_dict = qdict_new();
+/* Skip initial whitespace */
+sscanf(str, " %n", &chars);
+str += chars;
+while (*str) {
+int32_t num;
+int64_t value;
+char key[9];
+if (sscanf(str, " %" SCNi32 " = %" SCNi64 " %n", &num, &value, 
&chars) < 2) {
+fprintf(stderr, "error: bad value for msr option; failed to 
parse \"%s\"\n", str);
+return 1;
+}
+str += chars;
+snprintf(key, sizeof(key), "%x", (uint32_t)num);
+qdict_put(def->msr_dict, key, qint_from_int(value));
+}
+#endif
 } else {
 fprintf(stderr, "error: unknown option [%s = %s]\n", name, str);
 return (1);
diff --git a/target-i386/op_helper.c b/target-i386/op_helper.c
index f782f03..c7d5dab 100644
--- a/target-i386/op_helper.c
+++ b/target-i386/op_helper.c
@@ -27,6 +27,11 @@
 #include "cpu-defs.h"
 #include "helper.h"
 
+#ifdef CONFIG_SOFTMMU
+#include "qdict.h"
+#include "qint.h"
+#endif
+
 #if !defined(CONFIG_USER_ONLY)

[Qemu-devel] [PATCH 3/3] Handle parse failures in CPU definitions, and avoid adding a partial cpudef

[Josh Triplett]

Without this change, a parse failure would stop the processing of the
cpudef entry, but the partially-parsed CPU definition would still get
added to the list of CPUs.

Signed-off-by: Josh Triplett 
---
 target-i386/cpuid.c |5 -
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/target-i386/cpuid.c b/target-i386/cpuid.c
index ea55f69..c2a95c4 100644
--- a/target-i386/cpuid.c
+++ b/target-i386/cpuid.c
@@ -1065,7 +1065,10 @@ static int cpudef_register(QemuOpts *opts, void *opaque)
 {
 x86_def_t *def = g_malloc0(sizeof (x86_def_t));
 
-qemu_opt_foreach(opts, cpudef_setfield, def, 1);
+if (qemu_opt_foreach(opts, cpudef_setfield, def, 1) != 0) {
+g_free(def);
+return 1;
+}
 def->msr_gpf = qemu_opt_get_bool(opts, "msr_gpf", false);
 def->next = x86_defs;
 x86_defs = def;
-- 
1.7.8.3

Re: [Qemu-devel] [PATCH] rework daemonizing logic in qemu-nbd

[Paolo Bonzini]

On 01/15/2012 01:50 PM, Michael Tokarev wrote:

On 15.01.2012 14:42, Paolo Bonzini wrote:

On 01/14/2012 01:39 PM, Michael Tokarev wrote:

   if (pid == 0) {
-close(stderr_fd[0]);
-ret = qemu_daemon(0, 0);
-
-/* Temporarily redirect stderr to the parent's pipe...  */
-dup2(stderr_fd[1], STDERR_FILENO);
-if (ret == -1) {
+int nullfd = open("/dev/null", O_RDWR);
+if (nullfd<   0 || setsid()<   0) {
   err(EXIT_FAILURE, "Failed to daemonize");
   }


This is forking only once.


Is it good or bad?  There's no need to fork twice.  Second
fork (to the one which is already done in daemon(3)) has
been done to work around lack of proper communication between
parent and child in case of using plain daemon(3).  I.e., due
to daemon(3) interface being unflexible/unsuitable for the
current use case.


daemon(3) forks twice (so qemu-nbd is effectively forking three times, 
one of which is unnecessary).


See 
http://stackoverflow.com/questions/881388/what-is-the-reason-for-performing-a-double-fork-when-creating-a-daemon 
for why there is a fork before setsid and one after.



-
-/* ... close the descriptor we inherited and go on.  */
-close(stderr_fd[1]);
-} else {
-bool errors = false;
-char *buf;
-
-/* In the parent.  Print error messages from the child until
- * it closes the pipe.
+/* redirect stdin from /dev/null,
+ * stdout (temporarily) to the pipe to parent,


This is a bit of a hack.


There's another way -- to keep the writing pipe end in some
local variable and use that one instead of STDOUT_FILENO.
I can do it that way for sure, just thought it's already
using too much local variables.


Yes, that would be better.


+/* now complete the daemonizing procedure.
+ */
+if (device&&  !verbose) {
+if (chdir("/")<  0) {
+err(EXIT_FAILURE, "unable to chdir to /");
+}
+/* this redirects stderr to /dev/null */
+dup2(STDIN_FILENO, STDERR_FILENO);
+/* this redirects stdout to /dev/null too, and closes parent pipe */
+dup2(STDIN_FILENO, STDOUT_FILENO);
+}
+


Half of this is already done in client_thread, and that would be
theplace where you should add dup2(0, 1).


I partly disagree.

I wanted to de-couple -c (device) case with daemonizing.
client_thread only works in -c case, but daemonizing in
that case is wrong as I already pointed out in another
email - we should either stop daemonizing here at all
or have a separate option for it.


We can only clean up standard file descriptors after all initialization 
tasks have been done.  nbd_client_thread could still write error 
messages.  Your patch introduces a race.



  Also, the chdir can be moved earlier, after bdrv_open.


There's no need to, afiacs.  We complete init process and
enter main loop.  Chdir should be done befor entering main
loop, the rest makes no difference (as long as the files
we open will be accessible from cwd).


Yes, but I prefer to have the chdir done unconditionally as soon as 
possible.


Paolo

Re: [Qemu-devel] [PATCH] isapc: Fix segfault during initialization

[Anthony Liguori]

On 01/15/2012 08:40 AM, Jan Kiszka wrote:

On 2012-01-15 15:38, Anthony Liguori wrote:

On 01/14/2012 07:12 AM, Jan Kiszka wrote:

From: Jan Kiszka

Linking the RTC device state to the PIIX does not belong into the
common path that is shared with the isapc. QEMU crashes otherwise.

Signed-off-by: Jan Kiszka


Does isapc actually work for you?  I tried to write a qemu-test test
case (attached below) to help prevent future regressions.  I can
reproduce your SEGV but with your patch applied, I get no output (not
even the BIOS runs).

Here's the command line.  Even a simple 'qemu-system-x86_64 -M isapc'
reproduces it:

/home/anthony/build/qemu/x86_64-softmmu/qemu-system-x86_64 -kernel
bin/vmlinuz-3.0 -initrd .tmp-3510/initramfs-3510.img.gz -append
console=ttyS0 seed=24689 -M isapc -pidfile .tmp-3510/pidfile-3510.pid
-qmp unix:.tmp-3510/qmpsock-3510.sock,server,nowait


You need to update seabios to the last release at least (should have
been done much earlier), and it only works for KVM (as that mode ignores
some ROM write protections where seabios obviously has some troubles with).


Can you send a pull request?  SeaBIOS no longer builds on my laptop...

Regards,

Anthony Liguori



Jan

Re: [Qemu-devel] [PATCH] isapc: Fix segfault during initialization

[Jan Kiszka]

On 2012-01-15 17:12, Anthony Liguori wrote:
> On 01/15/2012 08:40 AM, Jan Kiszka wrote:
>> On 2012-01-15 15:38, Anthony Liguori wrote:
>>> On 01/14/2012 07:12 AM, Jan Kiszka wrote:
 From: Jan Kiszka

 Linking the RTC device state to the PIIX does not belong into the
 common path that is shared with the isapc. QEMU crashes otherwise.

 Signed-off-by: Jan Kiszka
>>>
>>> Does isapc actually work for you?  I tried to write a qemu-test test
>>> case (attached below) to help prevent future regressions.  I can
>>> reproduce your SEGV but with your patch applied, I get no output (not
>>> even the BIOS runs).
>>>
>>> Here's the command line.  Even a simple 'qemu-system-x86_64 -M isapc'
>>> reproduces it:
>>>
>>> /home/anthony/build/qemu/x86_64-softmmu/qemu-system-x86_64 -kernel
>>> bin/vmlinuz-3.0 -initrd .tmp-3510/initramfs-3510.img.gz -append
>>> console=ttyS0 seed=24689 -M isapc -pidfile .tmp-3510/pidfile-3510.pid
>>> -qmp unix:.tmp-3510/qmpsock-3510.sock,server,nowait
>>
>> You need to update seabios to the last release at least (should have
>> been done much earlier), and it only works for KVM (as that mode ignores
>> some ROM write protections where seabios obviously has some troubles
>> with).
> 
> Can you send a pull request?  SeaBIOS no longer builds on my laptop...

Will do. Last release of current master preferred?

Jan



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] qemu-nbd daemonizing?

[Paolo Bonzini]

On 01/15/2012 01:59 PM, Michael Tokarev wrote:

On 15.01.2012 14:51, Paolo Bonzini wrote:

On 01/14/2012 10:26 AM, Michael Tokarev wrote:

After looking at the yesterdays issue with non-absolute
paths for qemu-nbd arguments and daemon(3), I've a
question.

Why qemu-nbd daemonizes, and does that only when device
argument is given (dropping -v/verbose case for now)?

This raises two questions:

   - shouldn't it do the same daemonizing in case of usual
 tcp export?


Perhaps yes, but in that case you cannot use "qemu-nbd -d" to
kill the daemonized process.


Sorry?  qemu-nbd -d will connect to the socket the daemonized
daemon is listening on, the same way as it is done now --
nothing really changes there.


No, "qemu-nbd -d" will connect to the /dev/nbdX device and tell the 
kernel to disconnect.  This will terminate the daemon (as long as you 
didn't use --persistent, at least).



Also, one of the best things of systemd is that it handles
daemonization on its own, so nowadays it is better not to
have process send themselves into background by default.


First, not all the world is systemd.  Second, my question was
merely about consistency -- -c does daemonizing currently and
there's no way to stop it from doing so


--verbose is a counterintuitive way not to daemonize, but it works.


The primary question was why -c daemonizes unconditionally.


I don't know.  But I don't think daemonizing is really a feature, just 
something historical that we have to deal with.



qemu-nbd was runnable on win32 before, so historically it
was exactly the opposite.   I asked you because you mentioned
it is linux-only for the first time, but indeed, at that
time it wasn't compilable on win32 already.


Fixing it would be good indeed.  We can use qemu-thread for that for 
example.  But it looks like the third commit ever to qemu-nbd.c already 
made it non-Linux-only.  I don't think there ever was a release that 
supported qemu-nbd on Win32, right?


Paolo

Re: [Qemu-devel] [PATCH] isapc: Fix segfault during initialization

[Anthony Liguori]

On 01/15/2012 10:16 AM, Jan Kiszka wrote:

On 2012-01-15 17:12, Anthony Liguori wrote:

On 01/15/2012 08:40 AM, Jan Kiszka wrote:

On 2012-01-15 15:38, Anthony Liguori wrote:

On 01/14/2012 07:12 AM, Jan Kiszka wrote:

From: Jan Kiszka

Linking the RTC device state to the PIIX does not belong into the
common path that is shared with the isapc. QEMU crashes otherwise.

Signed-off-by: Jan Kiszka


Does isapc actually work for you?  I tried to write a qemu-test test
case (attached below) to help prevent future regressions.  I can
reproduce your SEGV but with your patch applied, I get no output (not
even the BIOS runs).

Here's the command line.  Even a simple 'qemu-system-x86_64 -M isapc'
reproduces it:

/home/anthony/build/qemu/x86_64-softmmu/qemu-system-x86_64 -kernel
bin/vmlinuz-3.0 -initrd .tmp-3510/initramfs-3510.img.gz -append
console=ttyS0 seed=24689 -M isapc -pidfile .tmp-3510/pidfile-3510.pid
-qmp unix:.tmp-3510/qmpsock-3510.sock,server,nowait


You need to update seabios to the last release at least (should have
been done much earlier), and it only works for KVM (as that mode ignores
some ROM write protections where seabios obviously has some troubles
with).


Can you send a pull request?  SeaBIOS no longer builds on my laptop...


Will do. Last release of current master preferred?


Yes.

Regards,

Anthony Liguori



Jan

Re: [Qemu-devel] [PULL] Fix for kvm dirty logging

[Anthony Liguori]

On 01/15/2012 08:36 AM, Avi Kivity wrote:

kvm dirty logging is broken in the presence of memory slots being
removed; this breaks opensuse's boot screen.  Following patch fixes:

   git://git.kernel.org/pub/scm/virt/kvm/qemu-kvm.git memory/urgent


Pulled.  Thanks.

Regards,

Anthony Liguori



Avi Kivity (1):
   kvm: flush the dirty log when unregistering a slot

  kvm-all.c |4 
  1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/kvm-all.c b/kvm-all.c
index 3174f42..2cc4562 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -566,6 +566,10 @@ static void kvm_set_phys_mem(MemoryRegionSection
*section, bool add)

  old = *mem;

+if (mem->flags&  KVM_MEM_LOG_DIRTY_PAGES) {
+kvm_physical_sync_dirty_bitmap(section);
+}
+
  /* unregister the overlapping slot */
  mem->memory_size = 0;
  err = kvm_set_user_memory_region(s, mem);

Re: [Qemu-devel] throwing away translated code on CPU reset

[Peter Maydell]

On 14 January 2012 14:48, Aurelien Jarno  wrote:
> On Thu, Jan 12, 2012 at 02:00:38PM +, Peter Maydell wrote:
>> When doing TCG code translation, the target-foo translate.c
>> code is allowed to bake assumptions into the generated code from
>> the current values of various fields in the CPUState. This then
>> imposes the requirement that if the field is changed then tb_flush
>> must be called to throw away the now-incorrect generated code.
>>
>> However, cpu_reset() changes (unsurprisingly) lots of fields in
>> the CPUState, but it doesn't call tb_flush()...
>>
>> So should cpu_reset() implementations be changed to call tb_flush()
>> as well as tlb_flush(), or is this supposed to work in some other
>> way?
>
> We use the hflags to determine in which conditions the cached code has
> been generated, so that we only used the cache code if the CPU is in the
> same mode. I therefore don't think there is a real need to flush the
> cached code.

This only applies for things which are encoded in tb->flags.
Look at handling of eg env->cp15.c1_coproc or env->teecr for
env changes that do need a flush.

Perhaps this just indicates that CPUs using this approach for
some env fields should be calling tb_flush() but not those
that do not. It looks as if that's just ARM at the moment. Hmm.

-- PMM

Re: [Qemu-devel] [PATCH] rework daemonizing logic in qemu-nbd

[Michael Tokarev]

On 15.01.2012 20:11, Paolo Bonzini wrote:
> On 01/15/2012 01:50 PM, Michael Tokarev wrote:
>> On 15.01.2012 14:42, Paolo Bonzini wrote:
>>> On 01/14/2012 01:39 PM, Michael Tokarev wrote:
if (pid == 0) {
 -close(stderr_fd[0]);
 -ret = qemu_daemon(0, 0);
 -
 -/* Temporarily redirect stderr to the parent's pipe...  */
 -dup2(stderr_fd[1], STDERR_FILENO);
 -if (ret == -1) {
 +int nullfd = open("/dev/null", O_RDWR);
 +if (nullfd<   0 || setsid()<   0) {
err(EXIT_FAILURE, "Failed to daemonize");
}
>>>
>>> This is forking only once.
>>
>> Is it good or bad?  There's no need to fork twice.  Second
>> fork (to the one which is already done in daemon(3)) has
>> been done to work around lack of proper communication between
>> parent and child in case of using plain daemon(3).  I.e., due
>> to daemon(3) interface being unflexible/unsuitable for the
>> current use case.
> 
> daemon(3) forks twice (so qemu-nbd is effectively forking three times, one of 
> which is unnecessary).
> 
> See 
> http://stackoverflow.com/questions/881388/what-is-the-reason-for-performing-a-double-fork-when-creating-a-daemon
>  for why there is a fork before setsid and one after.

Daemon(3) on linux (glibc) does not try to fork twice, just
one time is sufficient.  Yes in old times there was some
portability issues on some unixes with controling terminal
and what not.  That thread summaries it up almost nicely at
the end: "So I suppose it all just boils down to tradition
in the end - a single fork is sufficient as long as the
parent dies in short order anyway," and "...think of the
setsid( ) call as the "new" way to do thing (disassociate
from the terminal) and the [second] fork( ) call after it
as redundancy to deal with the SVr4..."

[]
 + * stdout (temporarily) to the pipe to parent,
>>>
>>> This is a bit of a hack.
>>
>> There's another way -- to keep the writing pipe end in some
>> local variable and use that one instead of STDOUT_FILENO.
>> I can do it that way for sure, just thought it's already
>> using too much local variables.
> 
> Yes, that would be better.

Done in a v2 version I sent you.

 +/* now complete the daemonizing procedure.
 + */
 +if (device&&  !verbose) {
 +if (chdir("/")<  0) {
 +err(EXIT_FAILURE, "unable to chdir to /");
 +}
 +/* this redirects stderr to /dev/null */
 +dup2(STDIN_FILENO, STDERR_FILENO);
 +/* this redirects stdout to /dev/null too, and closes parent pipe 
 */
 +dup2(STDIN_FILENO, STDOUT_FILENO);
 +}
 +
>>>
>>> Half of this is already done in client_thread, and that would be
>>> theplace where you should add dup2(0, 1).

Um, I missed that "half of this" part.  Indeed, nbd_client_thread()
does dup2(STDOUT_FILENO, STDERR_FILENO) which should go away, but
it is harmless for now, and can be addressed in a separate patch.

>> I partly disagree.
>>
>> I wanted to de-couple -c (device) case with daemonizing.
>> client_thread only works in -c case, but daemonizing in
>> that case is wrong as I already pointed out in another
>> email - we should either stop daemonizing here at all
>> or have a separate option for it.
> 
> We can only clean up standard file descriptors after all initialization tasks 
> have been done.  nbd_client_thread could still write error messages.  Your 
> patch introduces a race.

Please elaborate where the race is.  Do you mean one
thread can write error message while another at the
same time is closing the filedescriptor in question, --
that race?  We're doomed anyway, and it is even good
we've a small remote chance for our error message to
be seen.  Currently it just goes to /dev/null.

>>>   Also, the chdir can be moved earlier, after bdrv_open.
>>
>> There's no need to, afiacs.  We complete init process and
>> enter main loop.  Chdir should be done befor entering main
>> loop, the rest makes no difference (as long as the files
>> we open will be accessible from cwd).
> 
> Yes, but I prefer to have the chdir done unconditionally as soon as possible.

That's not a bad intention.  I'm fixing existing logic without
introducing new logical changes.  If you want to fix other
stuff, it is better be done in a separate commit/change.

Thanks,

/mjt

Re: [Qemu-devel] qemu-nbd daemonizing?

[Michael Tokarev]

On 15.01.2012 20:17, Paolo Bonzini wrote:
> On 01/15/2012 01:59 PM, Michael Tokarev wrote:
>> On 15.01.2012 14:51, Paolo Bonzini wrote:
>>> On 01/14/2012 10:26 AM, Michael Tokarev wrote:
 After looking at the yesterdays issue with non-absolute
 paths for qemu-nbd arguments and daemon(3), I've a
 question.

 Why qemu-nbd daemonizes, and does that only when device
 argument is given (dropping -v/verbose case for now)?

 This raises two questions:

- shouldn't it do the same daemonizing in case of usual
  tcp export?
>>>
>>> Perhaps yes, but in that case you cannot use "qemu-nbd -d" to
>>> kill the daemonized process.
>>
>> Sorry?  qemu-nbd -d will connect to the socket the daemonized
>> daemon is listening on, the same way as it is done now --
>> nothing really changes there.
> 
> No, "qemu-nbd -d" will connect to the /dev/nbdX device and tell the kernel to 
> disconnect.  This will terminate the daemon (as long as you didn't use 
> --persistent, at least).

Whatever.  In any case qemu-nbd is able to terminate currently
running daemon, nothing changes with addition daemonizing here
or without - that was my point.

>>> Also, one of the best things of systemd is that it handles
>>> daemonization on its own, so nowadays it is better not to
>>> have process send themselves into background by default.
>>
>> First, not all the world is systemd.  Second, my question was
>> merely about consistency -- -c does daemonizing currently and
>> there's no way to stop it from doing so
> 
> --verbose is a counterintuitive way not to daemonize, but it works.

I know it works (with additional bonus - it shows extra messages).
It wasn't my question.

>> The primary question was why -c daemonizes unconditionally.
> 
> I don't know.  But I don't think daemonizing is really a feature, just 
> something historical that we have to deal with.

Aha.  So can't it just go away, or be controlled by another
option, not related to -c ?  I think it should be good.

>> qemu-nbd was runnable on win32 before, so historically it
>> was exactly the opposite.   I asked you because you mentioned
>> it is linux-only for the first time, but indeed, at that
>> time it wasn't compilable on win32 already.
> 
> Fixing it would be good indeed.  We can use qemu-thread for that for example. 
>  But it looks like the third commit ever to qemu-nbd.c already made it 
> non-Linux-only.  I don't think there ever was a release that supported 
> qemu-nbd on Win32, right?

It is kinda trivial to fix this.  But this task becomes
completely unrealistic if that will involve another
discussion like we currently have.

Thanks,

/mjt

[Qemu-devel] [Bug 916720] Re: select fails on windows because a non-socket fd is in the rfds set

[Arie]

It is added to the list by glib_select_fill. Other than that I couldn't
find out what the fd is for.

I forgot to add the symptoms of the problem, so i'll add them now so people can 
google them.
target remote tcp:127.0.0.1:2200
Ignoring packet error, continuing...
warning: unrecognized item "timeout" in "qSupported" response
Ignoring packet error, continuing...
Ignoring packet error, continuing...
Ignoring packet error, continuing...
Ignoring packet error, continuing...
Ignoring packet error, continuing...
Ignoring packet error, continuing...
Malformed response to offset query, timeout

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/916720

Title:
  select fails on windows because a non-socket fd is in the rfds set

Status in QEMU:
  New

Bug description:
  The select call in file main_loop.c at line 460 fails on windows
  because a non-socket fd is in the rfds set. As a result, gdb remote
  connections will never be accepted by qemu. The select function
  returns with -1. WSAGetLastError returns code 10038 (WSAENOTSOCK).

  I start qemu as follows:
  qemu-system-arm -cpu cortex-m3 -M lm3s6965evb -nographic -monitor null 
-serial null -semihosting -kernel test1.elf -S -gdb tcp:127.0.0.1:2200

  qemu is configure with:
  CFLAGS="-O4 -march=i686"
  configure --target-list="i386-softmmu arm-softmmu sparc-softmmu ppc-softmmu" 
--prefix=/home/qemu/install --cc=mingw32-gcc --host-cc=mingw32-gcc 
--audio-drv-list="dsound sdl" --audio-card-list="ac97 es1370 sb16 cs4231a adlib 
gus"

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/916720/+subscriptions

Re: [Qemu-devel] [PATCH] kvm: flush the dirty log when unregistering a slot

[Avi Kivity]

On 01/15/2012 04:40 PM, Gerhard Wiesinger wrote:
> On Sun, 15 Jan 2012, Jan Kiszka wrote:
>
>> On 2012-01-15 15:17, Avi Kivity wrote:
>>> Otherwise, the dirty log information is lost in the kernel forever.
>>>
>>> Fixes opensuse-12.1 boot screen, which changes the vga windows rapidly.
>>
>> Confirmed, problems solved here.
>
> Problem from: http://permalink.gmane.org/gmane.comp.emulators.qemu/131853
>
> Confirmed to be fixed, too. Long awaited patch :-)

Sorry, I forgot about that.  Please ping me if I do that.

>
> BTW: There is also a major difference in video performance:
> 1.) With Patch: 1400MB/s (MByte/s)
> 2.) Without Patch: 6MB/s
>
> Any reason for that?

What are you measuring exactly?

-- 
error compiling committee.c: too many arguments to function

[Qemu-devel] [PULL] (not only) isapc related updates

[Jan Kiszka]

The following changes since commit 3fbffb628c001bd540dc9c1805bdf7aa8591da4d:

  kvm: flush the dirty log when unregistering a slot (2012-01-15 16:13:59 +0200)

are available in the git repository at:
  git://git.kiszka.org/qemu.git queues/isapc

This contains the already posted segfault fix and the requested seabios
update.

Jan Kiszka (2):
  isapc: Fix segfault during initialization
  seabios: Update to release 1.6.3.1

 hw/pc_piix.c |   22 +++---
 pc-bios/bios.bin |  Bin 131072 -> 131072 bytes
 roms/seabios |2 +-
 3 files changed, 12 insertions(+), 12 deletions(-)

---

[PATCH 2/2] seabios: Update to release 1.6.3.1

User visible changes in seabios:
 - Probe HPET existence (fix for -no-hpet)
 - Probe PCI existence (fix for -machine isapc)
 - usb: fix boot paths

Signed-off-by: Jan Kiszka 
---
 pc-bios/bios.bin |  Bin 131072 -> 131072 bytes
 roms/seabios |2 +-
 2 files changed, 1 insertions(+), 1 deletions(-)

[ body left out ]



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] rework daemonizing logic in qemu-nbd

[Paolo Bonzini]

On 01/15/2012 05:44 PM, Michael Tokarev wrote:

+ * stdout (temporarily) to the pipe to parent,


This is a bit of a hack.


There's another way -- to keep the writing pipe end in some
local variable and use that one instead of STDOUT_FILENO.
I can do it that way for sure, just thought it's already
using too much local variables.


Yes, that would be better.


Done in a v2 version I sent you.


Please stay on the list.


+/* now complete the daemonizing procedure.
+ */
+if (device&&   !verbose) {
+if (chdir("/")<   0) {
+err(EXIT_FAILURE, "unable to chdir to /");
+}
+/* this redirects stderr to /dev/null */
+dup2(STDIN_FILENO, STDERR_FILENO);
+/* this redirects stdout to /dev/null too, and closes parent pipe */
+dup2(STDIN_FILENO, STDOUT_FILENO);
+}
+


Half of this is already done in client_thread, and that would be
theplace where you should add dup2(0, 1).


Um, I missed that "half of this" part.  Indeed, nbd_client_thread()
does dup2(STDOUT_FILENO, STDERR_FILENO) which should go away, but
it is harmless for now, and can be addressed in a separate patch.


Again, _the client thread_ is the right place to do this!  See below.


I partly disagree.

I wanted to de-couple -c (device) case with daemonizing.
client_thread only works in -c case, but daemonizing in
that case is wrong as I already pointed out in another
email - we should either stop daemonizing here at all
or have a separate option for it.


We can only clean up standard file descriptors after all
initialization tasks have been done. nbd_client_thread could still write
error messages. Your patch introduces a race.


Please elaborate where the race is.  Do you mean one
thread can write error message while another at the
same time is closing the filedescriptor in question, --
that race?


Yes.


We're doomed anyway, and it is even good
we've a small remote chance for our error message to
be seen.  Currently it just goes to /dev/null.


No, currently it is sent from the daemon to the parent through the pipe, 
the parent prints it and exits with status code 1.  With your patch, if 
the dup2 wins the race you exit with status code 0; if the client thread 
wins the race it is the same as master.



That's not a bad intention.  I'm fixing existing logic without
introducing new logical changes.  If you want to fix other
stuff, it is better be done in a separate commit/change.


AFAIK the only known bug (besides the devfd/sockfd mixup) is the missing 
chdir, and that should be fixed first.


Paolo

Re: [Qemu-devel] qemu-nbd daemonizing?

[Paolo Bonzini]

On 01/15/2012 05:54 PM, Michael Tokarev wrote:

On 15.01.2012 20:17, Paolo Bonzini wrote:

On 01/15/2012 01:59 PM, Michael Tokarev wrote:

On 15.01.2012 14:51, Paolo Bonzini wrote:

On 01/14/2012 10:26 AM, Michael Tokarev wrote:

After looking at the yesterdays issue with non-absolute
paths for qemu-nbd arguments and daemon(3), I've a
question.

Why qemu-nbd daemonizes, and does that only when device
argument is given (dropping -v/verbose case for now)?

This raises two questions:

- shouldn't it do the same daemonizing in case of usual
  tcp export?


Perhaps yes, but in that case you cannot use "qemu-nbd -d" to
kill the daemonized process.


Sorry?  qemu-nbd -d will connect to the socket the daemonized
daemon is listening on, the same way as it is done now --
nothing really changes there.


No, "qemu-nbd -d" will connect to the /dev/nbdX device and tell
thekernel to disconnect. This will terminate the daemon (as long as you
didn't use --persistent, at least).


Whatever.  In any case qemu-nbd is able to terminate currently
running daemon, nothing changes with addition daemonizing here
or without - that was my point.


Not "whatever", and not "in any case".  qemu-nbd is able to terminate a 
currently running daemon indirectly, by detaching /dev/nbd.  The same 
cannot be done in the TCP export case (where --persistent is used more 
often than not).  The point is that qemu-nbd only daemonizes when there 
is a simple way to terminate it externally.


Could it have been done better?  Yes.  Do we have to deal with it?  Yes.


The primary question was why -c daemonizes unconditionally.


I don't know. But I don't think daemonizing is really a feature,
just something historical that we have to deal with.


Aha.  So can't it just go away, or be controlled by another
option, not related to -c ?  I think it should be good.


I think it could go away, but I'm quite torn.  It does make sense.

Leaving the current historical default "as is", but also allowing 
daemonization in the TCP case makes sense too.  However, you need to 
preserve the way exit statuses are sent for initialization problems, 
even where daemonizing.


To fix this you would have to add three options: --pidfile (to terminate 
a currently running daemon), --daemonize, --no-daemonize.  Honestly, I 
don't think it's worth it, but I wouldn't refuse patches and, of course, 
improving the documentation would also be a very good idea.



qemu-nbd was runnable on win32 before, so historically it
was exactly the opposite.   I asked you because you mentioned
it is linux-only for the first time, but indeed, at that
time it wasn't compilable on win32 already.


Fixing it would be good indeed. We can use qemu-thread for that
forexample. But it looks like the third commit ever to qemu-nbd.c already
made it non-Linux-only. I don't think there ever was a release that
supported qemu-nbd on Win32, right?


It is kinda trivial to fix this.  But this task becomes
completely unrealistic if that will involve another
discussion like we currently have.


I'm pretty sure it shouldn't.  This discussion is happening because you 
haven't completely read the code, which has more nuances than you think. 
 Threads, daemonization, error messages, exit statuses, all this 
together makes it quite complex.


Paolo

Re: [Qemu-devel] [PATCH] rework daemonizing logic in qemu-nbd

[Paolo Bonzini]

On 01/15/2012 06:31 PM, Paolo Bonzini wrote:




We're doomed anyway, and it is even good
we've a small remote chance for our error message to
be seen.  Currently it just goes to /dev/null.


No, currently it is sent from the daemon to the parent through the pipe,
the parent prints it and exits with status code 1.  With your patch, if
the dup2 wins the race you exit with status code 0; if the client thread
wins the race it is the same as master.


Actually, the dup2 will always win the race.  Until the main loop starts 
and accepts the connection from the client thread, the client thread 
will be stuck connect()ing to the server socket.  So, the client thread 
will never be able to report problems connecting /dev/nbd (for example 
you won't get an error if you chose a device that is already busy).  So 
it looks like there is no race, but there is a bug. :)


Please disprove me if I'm wrong, of course.

Paolo

Re: [Qemu-devel] [PATCH 0/3] Support configurable CPU Model-Specific Registers (MSRs) in cpudefs

[Andreas Färber]

Am 15.01.2012 16:39, schrieb Josh Triplett:
> Josh Triplett (3):
>   Add cpudef option to GPF on unknown MSRs
>   Support arbitrary additional MSRs in cpu definitions
>   Handle parse failures in CPU definitions, and avoid adding a partial
> cpudef

Please prefix the subjects with "target-i386: ". PowerPC has MSRs, too.

Thanks,
Andreas

>  qemu-config.c   |6 
>  target-i386/cpu.h   |6 
>  target-i386/cpuid.c |   59 
> ++-
>  target-i386/op_helper.c |   36 +---
>  4 files changed, 102 insertions(+), 5 deletions(-)

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] linux-user: fix segfault deadlock

[Fabio Erculiani]

I confirm the patch fixes the deadlock I was seeing here.

-- 
Fabio Erculiani

Re: [Qemu-devel] [PATCH master/v1.0.x] ivshmem: add missing msix calls

[Andreas Färber]

Am 13.01.2012 23:43, schrieb Cam Macdonell:
> Can this patch be merged, please?

You need to cc qemu-stable if you want it backported to v1.0.x once applied.

Andreas

> On Mon, Dec 5, 2011 at 12:48 PM, Michael S. Tsirkin  wrote:
>> ivshmem used msix but didn't call it on either reset or
>> config write paths. This used to partically work since
>> guests don't use all of msi-x configuration fields,
>> and reset is rarely used, but the patch 'msix: track function masked
>> in pci device state' broke that. Fix by adding appropriate calls.
>>
>> Signed-off-by: Michael S. Tsirkin 
>> Reported-by: Cam Macdonell 
>> Tested-by: Cam Macdonell 
>>
>> ---
>>
>> Please apply the following to both master
>> and 1.0 stable branch. Thanks!
>>
>> diff --git a/hw/ivshmem.c b/hw/ivshmem.c
>> index 242fbea..c58f4d3 100644
>> --- a/hw/ivshmem.c
>> +++ b/hw/ivshmem.c
>> @@ -500,11 +500,29 @@ static void ivshmem_read(void *opaque, const uint8_t * 
>> buf, int flags)
>> return;
>>  }
>>
>> +/* Select the MSI-X vectors used by device.
>> + * ivshmem maps events to vectors statically, so
>> + * we just enable all vectors on init and after reset. */
>> +static void ivshmem_use_msix(IVShmemState * s)
>> +{
>> +int i;
>> +
>> +if (!msix_present(&s->dev)) {
>> +return;
>> +}
>> +
>> +for (i = 0; i < s->vectors; i++) {
>> +msix_vector_use(&s->dev, i);
>> +}
>> +}
>> +
>>  static void ivshmem_reset(DeviceState *d)
>>  {
>> IVShmemState *s = DO_UPCAST(IVShmemState, dev.qdev, d);
>>
>> s->intrstatus = 0;
>> +msix_reset(&s->dev);
>> +ivshmem_use_msix(s);
>> return;
>>  }
>>
>> @@ -535,12 +553,8 @@ static uint64_t ivshmem_get_size(IVShmemState * s) {
>> return value;
>>  }
>>
>> -static void ivshmem_setup_msi(IVShmemState * s) {
>> -
>> -int i;
>> -
>> -/* allocate the MSI-X vectors */
>> -
>> +static void ivshmem_setup_msi(IVShmemState * s)
>> +{
>> memory_region_init(&s->msix_bar, "ivshmem-msix", 4096);
>> if (!msix_init(&s->dev, s->vectors, &s->msix_bar, 1, 0)) {
>> pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY,
>> @@ -551,13 +565,10 @@ static void ivshmem_setup_msi(IVShmemState * s) {
>> exit(1);
>> }
>>
>> -/* 'activate' the vectors */
>> -for (i = 0; i < s->vectors; i++) {
>> -msix_vector_use(&s->dev, i);
>> -}
>> -
>> /* allocate Qemu char devices for receiving interrupts */
>> s->eventfd_table = g_malloc0(s->vectors * sizeof(EventfdEntry));
>> +
>> +ivshmem_use_msix(s);
>>  }
>>
>>  static void ivshmem_save(QEMUFile* f, void *opaque)
>> @@ -610,6 +621,13 @@ static int ivshmem_load(QEMUFile* f, void *opaque, int 
>> version_id)
>> return 0;
>>  }
>>
>> +static void ivshmem_write_config(PCIDevice *pci_dev, uint32_t address,
>> +uint32_t val, int len)
>> +{
>> +pci_default_write_config(pci_dev, address, val, len);
>> +msix_write_config(pci_dev, address, val, len);
>> +}
>> +
>>  static int pci_ivshmem_init(PCIDevice *dev)
>>  {
>> IVShmemState *s = DO_UPCAST(IVShmemState, dev, dev);
>> @@ -734,6 +752,8 @@ static int pci_ivshmem_init(PCIDevice *dev)
>>
>> }
>>
>> +s->dev.config_write = ivshmem_write_config;
>> +
>> return 0;
>>  }
>>

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH V2 1/1] QEMU kvm/i386 : Adding PVLOCK_KICK capability support in i386 target.

[Raghavendra K T]

From: Raghavendra K T 

The patch, extends KVM-hypervisor and Linux guest running on
KVM-hypervisor to support pv-ticket spinlocks.

PV ticket spinlock helps to solve Lock Holder Preemption problem discussed in
http://www.amd64.org/fileadmin/user_upload/pub/LHP-commented_slides.pdf.

When spinlock is contended,a guest vcpu relinqueshes cpu by halt().
Correspondingly, One hypercall is introduced in KVM hypervisor,that allows
a vcpu to kick the halted vcpu to continue with execution.

Note:
Below patch should be applied only after corresponding
linux-header changes taken into qemu via scripts/update-linux-headers.sh script.

TODO: There was a discussion on changing cpuid stuff, paravirt and non-paravirt
stuff to address backward compatibility/feature support with Avi and Jan.
But it is not addressed yet.

Changes in V2:
 Drop the syncing kernel header changes. (Alex) 
 rename KICK_VCPU --> PVLOCK_KICK.

Change log:
 Extend the KVM Hypervisor to enable PVLOCK_KICK feature that allows
a vcpu to kick the halted vcpu to continue with execution in PV ticket
spinlock.

Signed-off-by: Srivatsa Vaddagiri 
Signed-off-by: Raghavendra K T 
---
The corresponding kernel patch is available in the thread
 https://lkml.org/lkml/2012/1/14/66

older kernel patch:
 https://lkml.org/lkml/2011/11/30/62
older qemu-patch:
 http://lists.gnu.org/archive/html/qemu-devel/2011-12/msg00397.html

diff --git a/target-i386/kvm.c b/target-i386/kvm.c
index 04e65c5..14de1c0 100644
--- a/target-i386/kvm.c
+++ b/target-i386/kvm.c
@@ -97,6 +97,7 @@ struct kvm_para_features {
 { KVM_CAP_NOP_IO_DELAY, KVM_FEATURE_NOP_IO_DELAY },
 { KVM_CAP_PV_MMU, KVM_FEATURE_MMU_OP },
 { KVM_CAP_ASYNC_PF, KVM_FEATURE_ASYNC_PF },
+{ KVM_CAP_PVLOCK_KICK, KVM_FEATURE_PVLOCK_KICK },
 { -1, -1 }
 };
 

Re: [Qemu-devel] [Spice-devel] Vioserial of Windows guest OS on Qemu 0.15

[Vadim Rozenfeld]

On Sun, 2012-01-15 at 11:27 +, Stefan Hajnoczi wrote:
> 2012/1/14 Charles.Tsai-蔡清海-研究發展部 :
> >I tested Qemu 0.15 for Windows XP guest OS. But I found that the 
> > Virtual Serial I/O driver failed in driver initialization.
> >The root cause of this problem is because the hardware resources(I/O 
> > in this device) is not allocated to the virtual serial I/O.
> >When I debugged on the vioserial driver, no hardware resource 
> > actually is allocated to this device.
> >This bug seems to be in the area of Qemu. Do you know whom I can 
> > consult to fix this problem? Please let me know if you know the group or 
> > the person.
> 
> I have CCed Vadim (virtio Windows driver) and the QEMU mailing list.
> 
> Please post your QEMU command-line so we can see how the guest is configured.
> 
> You mentioned that you debugged the driver and hardware resources
> weren't allocated.  Do you have a virtio PCI device inside the guest
> for this virtio-serial device?  Were you able to tell which part of
> driver initialization failed (finding the PCI device, mapping its
> resources (BARs), etc)?
> 
> Stefan

Could you post "pci info" output?

thanks,
Vadim.

Re: [Qemu-devel] [Android-virt] [PATCH 00/12] Add support for Cortex-A15 and vexpress-a15

[Christoffer Dall]

On Fri, Jan 13, 2012 at 3:57 PM, Peter Maydell  wrote:
> On 13 January 2012 20:52, Peter Maydell  wrote:
>> This patchset adds support for (a rather limited version of) the
>> Cortex-A15 CPU and the Versatile Express A15 daughterboard.
>> The resulting model is capable of booting a Linux kernel which has
>> been configured for Cortex-A15 with the Versatile Express "extended
>> memory map" and without support for LPAE.
>
>> PS for the folk on android-virt: I haven't yet tested these patches
>> with KVM, only with TCG, but there is no inherent reason for them
>> not to work...
>
> PPS: these patches are against qemu-master so for kvm you'd need
> to (a) rebase them on qemu-linaro (b) put the kvm patches on top
> of these (c) wait for me to do a. for you ;-)
>

ok, I'll test this with the most recent KVM changes soon and also look
forward for your merge... :)

[Qemu-devel] Get only TCG code without execution

[Rajat Goyal]

I am doing a project to build a daemonic ARM emulator using QEMU. One of
the requirements is to get the complete TCG code for any multi-threaded ARM
program that I run on QEMU. I do not need QEMU to execute the program and
show me the output. Just the entire TCG code. The latest version of
qemu-arm seems to break while running pthread parallel ARM binaries, ie,
qemu-arm terminates without completing execution and hence, the entire TCG
code cannot be captured in the log. Is there a way by which I can get the
complete TCG code for pthread parallel binaries in exchange for not making
QEMU execute the binary?

Any help would be appreciated.

-- 
Rajat Goyal
5th year undergraduate student
Integrated Master of Technology
Mathematics and Computing
Department of Mathematics
IIT Delhi

[Qemu-devel] [PATCH 01/14] lm32: Fix mixup of uint32 and uint32_t

[Andreas Färber]

Commit d23948b15a9920fb7f6374b55a6db1ecff81f3ee (lm32: add Milkymist
VGAFB support) introduced a stray usage of the softfloat uint32 type.

Use uint32_t instead.

Signed-off-by: Andreas Färber 
Cc: Michael Walle 
---
 hw/milkymist-vgafb_template.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/milkymist-vgafb_template.h b/hw/milkymist-vgafb_template.h
index 69af9ef..544b55e 100644
--- a/hw/milkymist-vgafb_template.h
+++ b/hw/milkymist-vgafb_template.h
@@ -39,7 +39,7 @@
 #elif BITS == 24
 #define COPY_PIXEL(to, r, g, b)\
 do {   \
-uint32 tmp = rgb_to_pixel24(r, g, b);  \
+uint32_t tmp = rgb_to_pixel24(r, g, b);  \
 *(to++) = tmp & 0xff;  \
 *(to++) =  (tmp >> 8) & 0xff;  \
 *(to++) = (tmp >> 16) & 0xff;  \
-- 
1.7.7

[Qemu-devel] [PATCH 00/14] softfloat: Use POSIX integer types - benchmarked

[Andreas Färber]

Hello,

Based on a suggestion from Alex earlier this week, I managed to run a
simple benchmark of softfloat performance with qemu-arm, as requested by
Peter.

I went for the Whetstone floating point benchmark:
http://en.wikipedia.org/wiki/Whetstone_%28benchmark%29

For a loop count of 100,000 and 5 runs I got the following results:

  current:138.9-204.1 Whetstone-MIPS
  [u]int*_t:  185.2-188.7 Whetstone-MIPS
  [u]int_fast*_t: 285.7-294.1 Whetstone-MIPS

  Toshiba AC100:  833.3-909.1 Whetstone-MIPS

These results seem to indicate that the "fast" POSIX types are indeed
somewhat faster, both compared to exact-size POSIX types and to the
current state.

As a short summary of previous discussions, softfloat had these typedefs:
  [s]bits{8,16,32,64} - exact-size semantics, => [u]int{8,16,32,64}_t
  [u]int{8,16,32,64}  - minimum-width semantics, host-independent
AIX, Mac OS X and BeOS/Haiku have some or all of the latter already,
leading to type conflicts.
I had originally suggested the POSIX [u]int_least*_t types but we
rather preferred [u]int_fast*_t, worried about performance, to get the
fastest least-width types. For either of these the actual width depends
on system headers. On the other hand it would be futile to try to
performance-optimize integer types for every possible host inside QEMU.
If we don't mind performance or dislike host-dependencies, we could just
use [u]int*_t, but then with everything [u]int*_t we can't easily change
this in case it bites us in the future.

Personally I prefer those 'fast' types, because that way we get to
keep the distinction between what was formerly [s]bits* and [u]int* types.
The clear name distinction would even allow to do conversions by regex.

However, I noticed that target-mips/cpu.h had typedefs for
uint_fast{8,16}_t for Solaris <= 9. So I moved these to osdep.h and
added typedefs for the newly needed types.

Coccinelle needed some tweaking for the macros and only did the uint16
conversion fully. For the others I was too impatient, so I hand-converted
the remaining occurrences that Coccinelle did not catch.

Since Coccinelle stripped leading whitespace before types replaced anyway,
I hand-edited (and git-am'ed) the patches to make lines touched adhere to
Coding Style.

Patches 1-3 fix misuses of softfloat types that were introduced since the
last series of fixes. These could be cherry-picked.

Patch 4 fixes a misuse of int inside softfloat. This could be cherry-picked.

Patch 5 moves the Solaris typedefs to a central header, resolving an XXX
present since their introduction in r1979.

Patches 6-13 convert the softfloat integer types.

Patch 14 converts the 'flag' type to bool, removing the last softfloat type.

Please test that this doesn't break / unbreaks Your Favorite Host:
http://repo.or.cz/w/qemu/afaerber.git/shortlog/refs/heads/softfloat

Regards,
Andreas

Cc: Alexander Graf 
Cc: Peter Maydell 
Cc: Aurélien Jarno 
Cc: malc 
Cc: Ben Taylor 

Cc: Rui Carmo 
Cc: Eric Sunshine 
Cc: Pavel Borzenkov 
Cc: Juan Pineda 

Host: HP Envy w/ Intel Core i7-2630QM 2.0 GHz (openSUSE 12.1)
QEMU: 2be276242135eac6e86be2a8259545e620c94107 plus + 2 patches
Configuration: --prefix=/usr/local
Command: arm-linux-user/qemu-arm path/to/whetstone -c 10

Source: http://www.netlib.org/benchmark/whetstone.c
Compiler: gcc (Ubuntu/Linaro 4.4.4-14ubuntu5) 4.4.5
Compilation: gcc -O -s whetstone.c -o whetstone -lm -static

[u]int*_t:
---
diff --git a/fpu/softfloat.h b/fpu/softfloat.h
index 07c2929..6fe19d7 100644
--- a/fpu/softfloat.h
+++ b/fpu/softfloat.h
@@ -57,11 +57,11 @@ typedef uint8_t flag;
 typedef uint8_t uint8;
 typedef int8_t int8;
 #ifndef _AIX
-typedef int uint16;
-typedef int int16;
+typedef uint16_t uint16;
+typedef int16_t int16;
 #endif
-typedef unsigned int uint32;
-typedef signed int int32;
+typedef uint32_t uint32;
+typedef int32_t int32;
 typedef uint64_t uint64;
 typedef int64_t int64;

---

[u]int_fast*_t:
---
diff --git a/fpu/softfloat.h b/fpu/softfloat.h
index 07c2929..43486aa 100644
--- a/fpu/softfloat.h
+++ b/fpu/softfloat.h
@@ -54,16 +54,16 @@ these four paragraphs for those parts of this code
that are retained.
 | to the same as `int'.
 **/
 typedef uint8_t flag;
-typedef uint8_t uint8;
-typedef int8_t int8;
+typedef uint_fast8_t uint8;
+typedef int_fast8_t int8;
 #ifndef _AIX
-typedef int uint16;
-typedef int int16;
+typedef uint_fast16_t uint16;
+typedef int_fast16_t int16;
 #endif
-typedef unsigned int uint32;
-typedef signed int int32;
-typedef uint64_t uint64;
-typedef int64_t int64;
+typedef uint_fast32_t uint32;
+typedef int_fast32_t int32;
+typedef uint_fast64_t uint64;
+typedef int_fast64_t int64;

 #define LIT64( a ) a##LL
 #define INLINE static inline
---

spatch(1) -macro_file_builtins:
---
#define STATUS_PARAM
#define STATUS_VAR

#define INLINE static inline

#define MINMAX
---

Andreas Färber (13):
  lm32: Fix mixup of uint32 and uint32_t
  target-sparc: Fix 

[Qemu-devel] [PATCH 02/14] target-sparc: Fix mixup of uint64 and uint64_t

[Andreas Färber]

Commit 793a137a41ad4125011c7022cf16a1baa40a5ab6 (target-sparc:
Implement BMASK/BSHUFFLE.) introduced a stray usage of softfloat uint64
type.

Use uint64_t instead.

Signed-off-by: Andreas Färber 
Cc: Richard Henderson 
Cc: Blue Swirl 
---
 target-sparc/vis_helper.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-sparc/vis_helper.c b/target-sparc/vis_helper.c
index a992c29..9d2edb0 100644
--- a/target-sparc/vis_helper.c
+++ b/target-sparc/vis_helper.c
@@ -459,7 +459,7 @@ uint32_t helper_fpackfix(uint64_t gsr, uint64_t rs2)
 return ret;
 }
 
-uint64 helper_bshuffle(uint64_t gsr, uint64_t src1, uint64_t src2)
+uint64_t helper_bshuffle(uint64_t gsr, uint64_t src1, uint64_t src2)
 {
 union {
 uint64_t ll[2];
-- 
1.7.7

[Qemu-devel] [PATCH 06/14] softfloat: Replace uint16 type with uint_fast16_t

[Andreas Färber]

Based on the following Coccinelle patch:

@@
typedef uint16, uint_fast16_t;
@@
-uint16
+uint_fast16_t

Fixes the build of the Cocoa frontend on Mac OS X and avoids a
workaround for AIX.

For pre-10 Solaris include osdep.h.

Reported-by: Pavel Borzenkov 
Reported-by: Rui Carmo 
Signed-off-by: Andreas Färber 
Cc: Juan Pineda 
Cc: malc 
Cc: Ben Taylor 
---
 fpu/softfloat.c |8 
 fpu/softfloat.h |6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index 6dbcb1b..18b184b 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -6443,10 +6443,10 @@ uint32 float32_to_uint32_round_to_zero( float32 a 
STATUS_PARAM )
 return res;
 }
 
-uint16 float32_to_uint16_round_to_zero( float32 a STATUS_PARAM )
+uint_fast16_t float32_to_uint16_round_to_zero(float32 a STATUS_PARAM)
 {
 int64_t v;
-uint16 res;
+uint_fast16_t res;
 
 v = float32_to_int64_round_to_zero(a STATUS_VAR);
 if (v < 0) {
@@ -6497,10 +6497,10 @@ uint32 float64_to_uint32_round_to_zero( float64 a 
STATUS_PARAM )
 return res;
 }
 
-uint16 float64_to_uint16_round_to_zero( float64 a STATUS_PARAM )
+uint_fast16_t float64_to_uint16_round_to_zero(float64 a STATUS_PARAM)
 {
 int64_t v;
-uint16 res;
+uint_fast16_t res;
 
 v = float64_to_int64_round_to_zero(a STATUS_VAR);
 if (v < 0) {
diff --git a/fpu/softfloat.h b/fpu/softfloat.h
index 07c2929..4eab04c 100644
--- a/fpu/softfloat.h
+++ b/fpu/softfloat.h
@@ -44,6 +44,7 @@ these four paragraphs for those parts of this code that are 
retained.
 
 #include 
 #include "config-host.h"
+#include "osdep.h"
 
 /*
 | Each of the following `typedef's defines the most convenient type that holds
@@ -57,7 +58,6 @@ typedef uint8_t flag;
 typedef uint8_t uint8;
 typedef int8_t int8;
 #ifndef _AIX
-typedef int uint16;
 typedef int int16;
 #endif
 typedef unsigned int uint32;
@@ -261,7 +261,7 @@ extern const float16 float16_default_nan;
 | Software IEC/IEEE single-precision conversion routines.
 **/
 int16 float32_to_int16_round_to_zero( float32 STATUS_PARAM );
-uint16 float32_to_uint16_round_to_zero( float32 STATUS_PARAM );
+uint_fast16_t float32_to_uint16_round_to_zero(float32 STATUS_PARAM);
 int32 float32_to_int32( float32 STATUS_PARAM );
 int32 float32_to_int32_round_to_zero( float32 STATUS_PARAM );
 uint32 float32_to_uint32( float32 STATUS_PARAM );
@@ -365,7 +365,7 @@ extern const float32 float32_default_nan;
 | Software IEC/IEEE double-precision conversion routines.
 **/
 int16 float64_to_int16_round_to_zero( float64 STATUS_PARAM );
-uint16 float64_to_uint16_round_to_zero( float64 STATUS_PARAM );
+uint_fast16_t float64_to_uint16_round_to_zero(float64 STATUS_PARAM);
 int32 float64_to_int32( float64 STATUS_PARAM );
 int32 float64_to_int32_round_to_zero( float64 STATUS_PARAM );
 uint32 float64_to_uint32( float64 STATUS_PARAM );
-- 
1.7.7

[Qemu-devel] [PATCH 09/14] softfloat: Replace int8 type with int_fast8_t

[Andreas Färber]

Based on the following Coccinelle patch:

@@
typedef int8, int_fast8_t;
@@
-int8
+int_fast8_t

Add typedef for pre-10 Solaris.

Signed-off-by: Andreas Färber 
Cc: Ben Taylor 
---
 fpu/softfloat-macros.h |   26 +-
 fpu/softfloat-specialize.h |2 +-
 fpu/softfloat.c|   62 ++--
 fpu/softfloat.h|3 +-
 osdep.h|1 +
 5 files changed, 47 insertions(+), 47 deletions(-)

diff --git a/fpu/softfloat-macros.h b/fpu/softfloat-macros.h
index b5164af..b82871a 100644
--- a/fpu/softfloat-macros.h
+++ b/fpu/softfloat-macros.h
@@ -120,7 +120,7 @@ INLINE void
  uint64_t a0, uint64_t a1, int_fast16_t count, uint64_t *z0Ptr, uint64_t 
*z1Ptr)
 {
 uint64_t z0, z1;
-int8 negCount = ( - count ) & 63;
+int_fast8_t negCount = (-count) & 63;
 
 if ( count == 0 ) {
 z1 = a1;
@@ -157,7 +157,7 @@ INLINE void
  uint64_t a0, uint64_t a1, int_fast16_t count, uint64_t *z0Ptr, uint64_t 
*z1Ptr)
 {
 uint64_t z0, z1;
-int8 negCount = ( - count ) & 63;
+int_fast8_t negCount = (-count) & 63;
 
 if ( count == 0 ) {
 z1 = a1;
@@ -192,7 +192,7 @@ INLINE void
  uint64_t a0, uint64_t a1, int_fast16_t count, uint64_t *z0Ptr, uint64_t 
*z1Ptr)
 {
 uint64_t z0, z1;
-int8 negCount = ( - count ) & 63;
+int_fast8_t negCount = (-count) & 63;
 
 if ( count == 0 ) {
 z1 = a1;
@@ -250,7 +250,7 @@ INLINE void
  )
 {
 uint64_t z0, z1, z2;
-int8 negCount = ( - count ) & 63;
+int_fast8_t negCount = (-count) & 63;
 
 if ( count == 0 ) {
 z2 = a2;
@@ -327,7 +327,7 @@ INLINE void
  )
 {
 uint64_t z0, z1, z2;
-int8 negCount;
+int_fast8_t negCount;
 
 z2 = a2<>27 ) & 15;
@@ -625,7 +625,7 @@ static uint32_t estimateSqrt32(int_fast16_t aExp, uint32_t 
a)
 | `a'.  If `a' is zero, 32 is returned.
 **/
 
-static int8 countLeadingZeros32( uint32_t a )
+static int_fast8_t countLeadingZeros32(uint32_t a)
 {
 #if SOFTFLOAT_GNUC_PREREQ(3, 4)
 if (a) {
@@ -634,7 +634,7 @@ static int8 countLeadingZeros32( uint32_t a )
 return 32;
 }
 #else
-static const int8 countLeadingZerosHigh[] = {
+static const int_fast8_t countLeadingZerosHigh[] = {
 8, 7, 6, 6, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4, 4, 4,
 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
@@ -652,7 +652,7 @@ static int8 countLeadingZeros32( uint32_t a )
 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
 };
-int8 shiftCount;
+int_fast8_t shiftCount;
 
 shiftCount = 0;
 if ( a < 0x1 ) {
@@ -673,7 +673,7 @@ static int8 countLeadingZeros32( uint32_t a )
 | `a'.  If `a' is zero, 64 is returned.
 **/
 
-static int8 countLeadingZeros64( uint64_t a )
+static int_fast8_t countLeadingZeros64(uint64_t a)
 {
 #if SOFTFLOAT_GNUC_PREREQ(3, 4)
 if (a) {
@@ -682,7 +682,7 @@ static int8 countLeadingZeros64( uint64_t a )
 return 64;
 }
 #else
-int8 shiftCount;
+int_fast8_t shiftCount;
 
 shiftCount = 0;
 if ( a < ( (uint64_t) 1 )<<32 ) {
diff --git a/fpu/softfloat-specialize.h b/fpu/softfloat-specialize.h
index c5e2dab..d57af1a 100644
--- a/fpu/softfloat-specialize.h
+++ b/fpu/softfloat-specialize.h
@@ -114,7 +114,7 @@ const float128 float128_default_nan = 
make_float128(float128_default_nan_high,
 | should be simply `float_exception_flags |= flags;'.
 **/
 
-void float_raise( int8 flags STATUS_PARAM )
+void float_raise(int_fast8_t flags STATUS_PARAM)
 {
 STATUS(float_exception_flags) |= flags;
 }
diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index a406a35..b5fa3ef 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -114,9 +114,9 @@ INLINE flag extractFloat16Sign(float16 a)
 
 static int32 roundAndPackInt32( flag zSign, uint64_t absZ STATUS_PARAM)
 {
-int8 roundingMode;
+int_fast8_t roundingMode;
 flag roundNearestEven;
-int8 roundIncrement, roundBits;
+int_fast8_t roundIncrement, roundBits;
 int32 z;
 
 roundingMode = STATUS(float_rounding_mode);
@@ -164,7 +164,7 @@ static int32 roundAndPackInt32( flag zSign, uint64_t absZ 
STATUS_PARAM)
 
 static int64 roundAndPackInt64( flag zSign, uint64_t absZ0, uint64_t absZ1 
STATUS_PARAM)
 {
-int8 roundingMode;
+int_fast8_t roundingMode;
 flag roundNearestEven, increment;
 int64 z;
 
@@ -261,7 +261,7 @@ static float32 float32_squash_input_denormal(float32 a 
STATUS_PARAM)
 static void
  normalizeFloat32Subnormal(uint32_t aSig, int_fast16_t *zExpPtr, uint32_t 
*zSigPtr)
 {
-int8 shiftCount;
+int_fast8_t shiftCount;
 
 shiftCount = countLeadingZeros32( aSig ) - 8;
 *zSigPtr = aS

[Qemu-devel] [PATCH 12/14] softfloat: Replace uint64 type with uint_fast64_t

[Andreas Färber]

Based on the following Coccinelle patch:

@@
typedef uint64, uint_fast64_t;
@@
-uint64
+uint_fast_64_t

Add a typedef for pre-10 Solaris.

Signed-off-by: Andreas Färber 
Cc: Ben Taylor 
---
 fpu/softfloat.c |   10 +-
 fpu/softfloat.h |9 -
 osdep.h |1 +
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index b7cd589..ace2ca2 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -1208,7 +1208,7 @@ float128 int32_to_float128(int_fast32_t a STATUS_PARAM)
 float32 int64_to_float32( int64 a STATUS_PARAM )
 {
 flag zSign;
-uint64 absA;
+uint_fast64_t absA;
 int_fast8_t shiftCount;
 
 if ( a == 0 ) return float32_zero;
@@ -1231,7 +1231,7 @@ float32 int64_to_float32( int64 a STATUS_PARAM )
 
 }
 
-float32 uint64_to_float32( uint64 a STATUS_PARAM )
+float32 uint64_to_float32(uint_fast64_t a STATUS_PARAM)
 {
 int_fast8_t shiftCount;
 
@@ -1271,7 +1271,7 @@ float64 int64_to_float64( int64 a STATUS_PARAM )
 
 }
 
-float64 uint64_to_float64( uint64 a STATUS_PARAM )
+float64 uint64_to_float64(uint_fast64_t a STATUS_PARAM)
 {
 if ( a == 0 ) return float64_zero;
 return normalizeRoundAndPackFloat64( 0, 0x43C, a STATUS_VAR );
@@ -1288,7 +1288,7 @@ float64 uint64_to_float64( uint64 a STATUS_PARAM )
 floatx80 int64_to_floatx80( int64 a STATUS_PARAM )
 {
 flag zSign;
-uint64 absA;
+uint_fast64_t absA;
 int_fast8_t shiftCount;
 
 if ( a == 0 ) return packFloatx80( 0, 0, 0 );
@@ -1308,7 +1308,7 @@ floatx80 int64_to_floatx80( int64 a STATUS_PARAM )
 float128 int64_to_float128( int64 a STATUS_PARAM )
 {
 flag zSign;
-uint64 absA;
+uint_fast64_t absA;
 int_fast8_t shiftCount;
 int_fast32_t zExp;
 uint64_t zSig0, zSig1;
diff --git a/fpu/softfloat.h b/fpu/softfloat.h
index 9987443..ce28906 100644
--- a/fpu/softfloat.h
+++ b/fpu/softfloat.h
@@ -55,7 +55,6 @@ these four paragraphs for those parts of this code that are 
retained.
 | to the same as `int'.
 **/
 typedef uint8_t flag;
-typedef uint64_t uint64;
 typedef int64_t int64;
 
 #define LIT64( a ) a##LL
@@ -226,9 +225,9 @@ float64 uint32_to_float64(uint_fast32_t STATUS_PARAM);
 floatx80 int32_to_floatx80(int_fast32_t STATUS_PARAM);
 float128 int32_to_float128(int_fast32_t STATUS_PARAM);
 float32 int64_to_float32( int64 STATUS_PARAM );
-float32 uint64_to_float32( uint64 STATUS_PARAM );
+float32 uint64_to_float32(uint_fast64_t STATUS_PARAM);
 float64 int64_to_float64( int64 STATUS_PARAM );
-float64 uint64_to_float64( uint64 STATUS_PARAM );
+float64 uint64_to_float64(uint_fast64_t STATUS_PARAM);
 floatx80 int64_to_floatx80( int64 STATUS_PARAM );
 float128 int64_to_float128( int64 STATUS_PARAM );
 
@@ -365,8 +364,8 @@ uint_fast32_t float64_to_uint32(float64 STATUS_PARAM);
 uint_fast32_t float64_to_uint32_round_to_zero(float64 STATUS_PARAM);
 int64 float64_to_int64( float64 STATUS_PARAM );
 int64 float64_to_int64_round_to_zero( float64 STATUS_PARAM );
-uint64 float64_to_uint64 (float64 a STATUS_PARAM);
-uint64 float64_to_uint64_round_to_zero (float64 a STATUS_PARAM);
+uint_fast64_t float64_to_uint64(float64 a STATUS_PARAM);
+uint_fast64_t float64_to_uint64_round_to_zero(float64 a STATUS_PARAM);
 float32 float64_to_float32( float64 STATUS_PARAM );
 floatx80 float64_to_floatx80( float64 STATUS_PARAM );
 float128 float64_to_float128( float64 STATUS_PARAM );
diff --git a/osdep.h b/osdep.h
index 935810f..a30bd6a 100644
--- a/osdep.h
+++ b/osdep.h
@@ -15,6 +15,7 @@
 typedef unsigned char   uint_fast8_t;
 typedef unsigned intuint_fast16_t;
 typedef unsigned intuint_fast32_t;
+typedef uint64_tuint_fast64_t;
 typedef signed char int_fast8_t;
 typedef signed int  int_fast16_t;
 typedef signed int  int_fast32_t;
-- 
1.7.7

[Qemu-devel] [PATCH 14/14] softfloat: Replace flag type with bool

[Andreas Färber]

Based on the following Coccinelle patch:

@@
typedef flag, bool;
@@
-flag
+bool

Also drop the comment block now that the last typedef is removed.

Signed-off-by: Andreas Färber 
---
 fpu/softfloat-macros.h |8 +-
 fpu/softfloat-specialize.h |   54 +-
 fpu/softfloat.c|  278 ++--
 fpu/softfloat.h|   27 ++---
 4 files changed, 179 insertions(+), 188 deletions(-)

diff --git a/fpu/softfloat-macros.h b/fpu/softfloat-macros.h
index b82871a..fe68176 100644
--- a/fpu/softfloat-macros.h
+++ b/fpu/softfloat-macros.h
@@ -702,7 +702,7 @@ static int_fast8_t countLeadingZeros64(uint64_t a)
 | Otherwise, returns 0.
 **/
 
-INLINE flag eq128( uint64_t a0, uint64_t a1, uint64_t b0, uint64_t b1 )
+INLINE bool eq128( uint64_t a0, uint64_t a1, uint64_t b0, uint64_t b1 )
 {
 
 return ( a0 == b0 ) && ( a1 == b1 );
@@ -715,7 +715,7 @@ INLINE flag eq128( uint64_t a0, uint64_t a1, uint64_t b0, 
uint64_t b1 )
 | Otherwise, returns 0.
 **/
 
-INLINE flag le128( uint64_t a0, uint64_t a1, uint64_t b0, uint64_t b1 )
+INLINE bool le128( uint64_t a0, uint64_t a1, uint64_t b0, uint64_t b1 )
 {
 
 return ( a0 < b0 ) || ( ( a0 == b0 ) && ( a1 <= b1 ) );
@@ -728,7 +728,7 @@ INLINE flag le128( uint64_t a0, uint64_t a1, uint64_t b0, 
uint64_t b1 )
 | returns 0.
 **/
 
-INLINE flag lt128( uint64_t a0, uint64_t a1, uint64_t b0, uint64_t b1 )
+INLINE bool lt128( uint64_t a0, uint64_t a1, uint64_t b0, uint64_t b1 )
 {
 
 return ( a0 < b0 ) || ( ( a0 == b0 ) && ( a1 < b1 ) );
@@ -741,7 +741,7 @@ INLINE flag lt128( uint64_t a0, uint64_t a1, uint64_t b0, 
uint64_t b1 )
 | Otherwise, returns 0.
 **/
 
-INLINE flag ne128( uint64_t a0, uint64_t a1, uint64_t b0, uint64_t b1 )
+INLINE bool ne128( uint64_t a0, uint64_t a1, uint64_t b0, uint64_t b1 )
 {
 
 return ( a0 != b0 ) || ( a1 != b1 );
diff --git a/fpu/softfloat-specialize.h b/fpu/softfloat-specialize.h
index d57af1a..6fc24cf 100644
--- a/fpu/softfloat-specialize.h
+++ b/fpu/softfloat-specialize.h
@@ -123,7 +123,7 @@ void float_raise(int_fast8_t flags STATUS_PARAM)
 | Internal canonical NaN format.
 **/
 typedef struct {
-flag sign;
+bool sign;
 uint64_t high, low;
 } commonNaNT;
 
@@ -325,8 +325,8 @@ static float32 commonNaNToFloat32( commonNaNT a 
STATUS_PARAM)
 **/
 
 #if defined(TARGET_ARM)
-static int pickNaN(flag aIsQNaN, flag aIsSNaN, flag bIsQNaN, flag bIsSNaN,
-flag aIsLargerSignificand)
+static int pickNaN(bool aIsQNaN, bool aIsSNaN, bool bIsQNaN, bool bIsSNaN,
+bool aIsLargerSignificand)
 {
 /* ARM mandated NaN propagation rules: take the first of:
  *  1. A if it is signaling
@@ -346,8 +346,8 @@ static int pickNaN(flag aIsQNaN, flag aIsSNaN, flag 
bIsQNaN, flag bIsSNaN,
 }
 }
 #elif defined(TARGET_MIPS)
-static int pickNaN(flag aIsQNaN, flag aIsSNaN, flag bIsQNaN, flag bIsSNaN,
-flag aIsLargerSignificand)
+static int pickNaN(bool aIsQNaN, bool aIsSNaN, bool bIsQNaN, bool bIsSNaN,
+bool aIsLargerSignificand)
 {
 /* According to MIPS specifications, if one of the two operands is
  * a sNaN, a new qNaN has to be generated. This is done in
@@ -373,8 +373,8 @@ static int pickNaN(flag aIsQNaN, flag aIsSNaN, flag 
bIsQNaN, flag bIsSNaN,
 }
 }
 #elif defined(TARGET_PPC)
-static int pickNaN(flag aIsQNaN, flag aIsSNaN, flag bIsQNaN, flag bIsSNaN,
-   flag aIsLargerSignificand)
+static int pickNaN(bool aIsQNaN, bool aIsSNaN, bool bIsQNaN, bool bIsSNaN,
+   bool aIsLargerSignificand)
 {
 /* PowerPC propagation rules:
  *  1. A if it sNaN or qNaN
@@ -388,8 +388,8 @@ static int pickNaN(flag aIsQNaN, flag aIsSNaN, flag 
bIsQNaN, flag bIsSNaN,
 }
 }
 #else
-static int pickNaN(flag aIsQNaN, flag aIsSNaN, flag bIsQNaN, flag bIsSNaN,
-flag aIsLargerSignificand)
+static int pickNaN(bool aIsQNaN, bool aIsSNaN, bool bIsQNaN, bool bIsSNaN,
+bool aIsLargerSignificand)
 {
 /* This implements x87 NaN propagation rules:
  * SNaN + QNaN => return the QNaN
@@ -426,8 +426,8 @@ static int pickNaN(flag aIsQNaN, flag aIsSNaN, flag 
bIsQNaN, flag bIsSNaN,
 | Return values : 0 : a; 1 : b; 2 : c; 3 : default-NaN
 **/
 #if defined(TARGET_ARM)
-static int pickNaNMulAdd(flag aIsQNaN, flag aIsSNaN, flag bIsQNaN, flag 
bIsSNaN,
- flag cIsQNaN, flag cIsSNaN, flag infzero STATUS_PARAM)
+

[Qemu-devel] [PATCH 13/14] softfloat: Replace int64 type with int_fast64_t

[Andreas Färber]

Based on the following Coccinelle patch:

@@
typedef int64, int_fast64_t;
@@
-int64
+int_fast64_t

Add a typedef for pre-10 Solaris.

Signed-off-by: Andreas Färber 
Cc: Ben Taylor 
---
 fpu/softfloat.c |   38 +++---
 fpu/softfloat.h |   25 -
 osdep.h |1 +
 3 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index ace2ca2..e71a3c2 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -162,11 +162,11 @@ static int_fast32_t roundAndPackInt32(flag zSign, 
uint64_t absZ STATUS_PARAM)
 | returned.
 **/
 
-static int64 roundAndPackInt64( flag zSign, uint64_t absZ0, uint64_t absZ1 
STATUS_PARAM)
+static int_fast64_t roundAndPackInt64(flag zSign, uint64_t absZ0, uint64_t 
absZ1 STATUS_PARAM)
 {
 int_fast8_t roundingMode;
 flag roundNearestEven, increment;
-int64 z;
+int_fast64_t z;
 
 roundingMode = STATUS(float_rounding_mode);
 roundNearestEven = ( roundingMode == float_round_nearest_even );
@@ -667,7 +667,7 @@ static floatx80
 {
 int_fast8_t roundingMode;
 flag roundNearestEven, increment, isTiny;
-int64 roundIncrement, roundMask, roundBits;
+int_fast64_t roundIncrement, roundMask, roundBits;
 
 roundingMode = STATUS(float_rounding_mode);
 roundNearestEven = ( roundingMode == float_round_nearest_even );
@@ -1205,7 +1205,7 @@ float128 int32_to_float128(int_fast32_t a STATUS_PARAM)
 | according to the IEC/IEEE Standard for Binary Floating-Point Arithmetic.
 **/
 
-float32 int64_to_float32( int64 a STATUS_PARAM )
+float32 int64_to_float32(int_fast64_t a STATUS_PARAM)
 {
 flag zSign;
 uint_fast64_t absA;
@@ -1258,7 +1258,7 @@ float32 uint64_to_float32(uint_fast64_t a STATUS_PARAM)
 | according to the IEC/IEEE Standard for Binary Floating-Point Arithmetic.
 **/
 
-float64 int64_to_float64( int64 a STATUS_PARAM )
+float64 int64_to_float64(int_fast64_t a STATUS_PARAM)
 {
 flag zSign;
 
@@ -1285,7 +1285,7 @@ float64 uint64_to_float64(uint_fast64_t a STATUS_PARAM)
 | Arithmetic.
 **/
 
-floatx80 int64_to_floatx80( int64 a STATUS_PARAM )
+floatx80 int64_to_floatx80(int_fast64_t a STATUS_PARAM)
 {
 flag zSign;
 uint_fast64_t absA;
@@ -1305,7 +1305,7 @@ floatx80 int64_to_floatx80( int64 a STATUS_PARAM )
 | according to the IEC/IEEE Standard for Binary Floating-Point Arithmetic.
 **/
 
-float128 int64_to_float128( int64 a STATUS_PARAM )
+float128 int64_to_float128(int_fast64_t a STATUS_PARAM)
 {
 flag zSign;
 uint_fast64_t absA;
@@ -1465,7 +1465,7 @@ int_fast16_t float32_to_int16_round_to_zero(float32 a 
STATUS_PARAM)
 | largest integer with the same sign as `a' is returned.
 **/
 
-int64 float32_to_int64( float32 a STATUS_PARAM )
+int_fast64_t float32_to_int64(float32 a STATUS_PARAM)
 {
 flag aSign;
 int_fast16_t aExp, shiftCount;
@@ -1502,13 +1502,13 @@ int64 float32_to_int64( float32 a STATUS_PARAM )
 | returned.
 **/
 
-int64 float32_to_int64_round_to_zero( float32 a STATUS_PARAM )
+int_fast64_t float32_to_int64_round_to_zero(float32 a STATUS_PARAM)
 {
 flag aSign;
 int_fast16_t aExp, shiftCount;
 uint32_t aSig;
 uint64_t aSig64;
-int64 z;
+int_fast64_t z;
 a = float32_squash_input_denormal(a STATUS_VAR);
 
 aSig = extractFloat32Frac( a );
@@ -2855,7 +2855,7 @@ int_fast16_t float64_to_int16_round_to_zero(float64 a 
STATUS_PARAM)
 | largest integer with the same sign as `a' is returned.
 **/
 
-int64 float64_to_int64( float64 a STATUS_PARAM )
+int_fast64_t float64_to_int64(float64 a STATUS_PARAM)
 {
 flag aSign;
 int_fast16_t aExp, shiftCount;
@@ -2898,12 +2898,12 @@ int64 float64_to_int64( float64 a STATUS_PARAM )
 | returned.
 **/
 
-int64 float64_to_int64_round_to_zero( float64 a STATUS_PARAM )
+int_fast64_t float64_to_int64_round_to_zero(float64 a STATUS_PARAM)
 {
 flag aSign;
 int_fast16_t aExp, shiftCount;
 uint64_t aSig;
-int64 z;
+int_fast64_t z;
 a = float64_squash_input_denormal(a STATUS_VAR);
 
 aSig = extractFloat64Frac( a );
@@ -4288,7 +4288,7 @@ int_fast32_t floatx80_to_int32_round_to_zero(floatx80 a 
STATUS_PARAM)
 | overflows, the largest integer with the same sign as `a' is returned.
 **/
 
-int64 f

[Qemu-devel] [PATCH 03/14] qemu-tool: Fix mixup of int64 and int64_t

[Andreas Färber]

Commit cbcfa0418f0c196afa765f5c9837b9344d1adcf3 (link the main loop and
its dependencies into the tools) introduced stray usages of int64.

Use int64_t instead.

Signed-off-by: Andreas Färber 
Cc: Paolo Bonzini 
---
 qemu-tool.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/qemu-tool.c b/qemu-tool.c
index c73bf71..6b69668 100644
--- a/qemu-tool.c
+++ b/qemu-tool.c
@@ -59,12 +59,12 @@ void monitor_protocol_event(MonitorEvent event, QObject 
*data)
 {
 }
 
-int64 cpu_get_clock(void)
+int64_t cpu_get_clock(void)
 {
 abort();
 }
 
-int64 cpu_get_icount(void)
+int64_t cpu_get_icount(void)
 {
 abort();
 }
-- 
1.7.7

[Qemu-devel] [PATCH 11/14] softfloat: Replace int32 type with int_fast32_t

[Andreas Färber]

Based on the following Coccinelle patch:

@@
typedef int32, int_fast32_t;
@@
-int32
+int_fast32_t

Add typedef for pre-10 Solaris.

Signed-off-by: Andreas Färber 
Cc: Ben Taylor 
---
 fpu/softfloat.c |  124 +++---
 fpu/softfloat.h |   25 +--
 osdep.h |1 +
 3 files changed, 75 insertions(+), 75 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index b71e47a..b7cd589 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -112,12 +112,12 @@ INLINE flag extractFloat16Sign(float16 a)
 | positive or negative integer is returned.
 **/
 
-static int32 roundAndPackInt32( flag zSign, uint64_t absZ STATUS_PARAM)
+static int_fast32_t roundAndPackInt32(flag zSign, uint64_t absZ STATUS_PARAM)
 {
 int_fast8_t roundingMode;
 flag roundNearestEven;
 int_fast8_t roundIncrement, roundBits;
-int32 z;
+int_fast32_t z;
 
 roundingMode = STATUS(float_rounding_mode);
 roundNearestEven = ( roundingMode == float_round_nearest_even );
@@ -584,7 +584,7 @@ INLINE uint64_t extractFloatx80Frac( floatx80 a )
 | value `a'.
 **/
 
-INLINE int32 extractFloatx80Exp( floatx80 a )
+INLINE int_fast32_t extractFloatx80Exp(floatx80 a)
 {
 
 return a.high & 0x7FFF;
@@ -611,7 +611,7 @@ INLINE flag extractFloatx80Sign( floatx80 a )
 **/
 
 static void
- normalizeFloatx80Subnormal( uint64_t aSig, int32 *zExpPtr, uint64_t *zSigPtr )
+ normalizeFloatx80Subnormal(uint64_t aSig, int_fast32_t *zExpPtr, uint64_t 
*zSigPtr)
 {
 int_fast8_t shiftCount;
 
@@ -626,7 +626,7 @@ static void
 | extended double-precision floating-point value, returning the result.
 **/
 
-INLINE floatx80 packFloatx80( flag zSign, int32 zExp, uint64_t zSig )
+INLINE floatx80 packFloatx80(flag zSign, int_fast32_t zExp, uint64_t zSig)
 {
 floatx80 z;
 
@@ -662,7 +662,7 @@ INLINE floatx80 packFloatx80( flag zSign, int32 zExp, 
uint64_t zSig )
 
 static floatx80
  roundAndPackFloatx80(
- int_fast8_t roundingPrecision, flag zSign, int32 zExp, uint64_t zSig0, 
uint64_t zSig1
+ int_fast8_t roundingPrecision, flag zSign, int_fast32_t zExp, uint64_t 
zSig0, uint64_t zSig1
  STATUS_PARAM)
 {
 int_fast8_t roundingMode;
@@ -834,7 +834,7 @@ static floatx80
 
 static floatx80
  normalizeRoundAndPackFloatx80(
- int_fast8_t roundingPrecision, flag zSign, int32 zExp, uint64_t zSig0, 
uint64_t zSig1
+ int_fast8_t roundingPrecision, flag zSign, int_fast32_t zExp, uint64_t 
zSig0, uint64_t zSig1
  STATUS_PARAM)
 {
 int_fast8_t shiftCount;
@@ -881,7 +881,7 @@ INLINE uint64_t extractFloat128Frac0( float128 a )
 | `a'.
 **/
 
-INLINE int32 extractFloat128Exp( float128 a )
+INLINE int_fast32_t extractFloat128Exp(float128 a)
 {
 
 return ( a.high>>48 ) & 0x7FFF;
@@ -913,7 +913,7 @@ static void
  normalizeFloat128Subnormal(
  uint64_t aSig0,
  uint64_t aSig1,
- int32 *zExpPtr,
+ int_fast32_t *zExpPtr,
  uint64_t *zSig0Ptr,
  uint64_t *zSig1Ptr
  )
@@ -954,7 +954,7 @@ static void
 **/
 
 INLINE float128
- packFloat128( flag zSign, int32 zExp, uint64_t zSig0, uint64_t zSig1 )
+ packFloat128(flag zSign, int_fast32_t zExp, uint64_t zSig0, uint64_t zSig1)
 {
 float128 z;
 
@@ -987,7 +987,7 @@ INLINE float128
 
 static float128
  roundAndPackFloat128(
- flag zSign, int32 zExp, uint64_t zSig0, uint64_t zSig1, uint64_t zSig2 
STATUS_PARAM)
+ flag zSign, int_fast32_t zExp, uint64_t zSig0, uint64_t zSig1, uint64_t 
zSig2 STATUS_PARAM)
 {
 int_fast8_t roundingMode;
 flag roundNearestEven, increment, isTiny;
@@ -1091,7 +1091,7 @@ static float128
 
 static float128
  normalizeRoundAndPackFloat128(
- flag zSign, int32 zExp, uint64_t zSig0, uint64_t zSig1 STATUS_PARAM)
+ flag zSign, int_fast32_t zExp, uint64_t zSig0, uint64_t zSig1 
STATUS_PARAM)
 {
 int_fast8_t shiftCount;
 uint64_t zSig2;
@@ -1121,7 +1121,7 @@ static float128
 | according to the IEC/IEEE Standard for Binary Floating-Point Arithmetic.
 **/
 
-float32 int32_to_float32( int32 a STATUS_PARAM )
+float32 int32_to_float32(int_fast32_t a STATUS_PARAM)
 {
 flag zSign;
 
@@ -1138,7 +1138,7 @@ float32 int32_to_float32( int32 a STATUS_PARAM )
 | according to the IEC/IEEE Standard for Binary Floating-Point Arithmetic.
 **/
 
-float64 int32_to_float64( int32 a STATUS_PARAM )
+float64 int32_to_float64(int_fast32_t a STATUS_PARAM)
 {
 flag zSign;
 uint_fast32_

[Qemu-devel] [PATCH 05/14] target-mips: Move definition of uint_fast{8, 16}_t to osdep.h

[Andreas Färber]

osdep.h is included via qemu-common.h.

Prepares for use of [u]int_fast*_t types in softfloat code.

Signed-off-by: Andreas Färber 
Cc: Ben Taylor 
Cc: Aurélien Jarno 
---
 osdep.h   |6 ++
 target-mips/cpu.h |7 ---
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/osdep.h b/osdep.h
index 432b91e..8f45a96 100644
--- a/osdep.h
+++ b/osdep.h
@@ -10,6 +10,12 @@
 
 #include 
 
+#if defined(CONFIG_SOLARIS) && CONFIG_SOLARIS_VERSION < 10
+/* uint_fast8_t and uint_fast16_t not in  */
+typedef unsigned char   uint_fast8_t;
+typedef unsigned intuint_fast16_t;
+#endif
+
 #ifndef glue
 #define xglue(x, y) x ## y
 #define glue(x, y) xglue(x, y)
diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index 71cb4e8..23564a7 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -15,13 +15,6 @@
 #include "cpu-defs.h"
 #include "softfloat.h"
 
-// uint_fast8_t and uint_fast16_t not in 
-// XXX: move that elsewhere
-#if defined(CONFIG_SOLARIS) && CONFIG_SOLARIS_VERSION < 10
-typedef unsigned char   uint_fast8_t;
-typedef unsigned intuint_fast16_t;
-#endif
-
 struct CPUMIPSState;
 
 typedef struct r4k_tlb_t r4k_tlb_t;
-- 
1.7.7

[Qemu-devel] [PATCH 10/14] softfloat: Replace uint32 type with uint_fast32_t

[Andreas Färber]

Based on the following Coccinelle patch:

@@
typedef uint32, uint_fast32_t;
@@
-uint32
+uint_fast32_t

Add typedef for pre-10 Solaris.

Signed-off-by: Andreas Färber 
Cc: Ben Taylor 
---
 fpu/softfloat.c |   26 +-
 fpu/softfloat.h |   13 ++---
 osdep.h |1 +
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index b5fa3ef..b71e47a 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -1141,7 +1141,7 @@ float32 int32_to_float32( int32 a STATUS_PARAM )
 float64 int32_to_float64( int32 a STATUS_PARAM )
 {
 flag zSign;
-uint32 absA;
+uint_fast32_t absA;
 int_fast8_t shiftCount;
 uint64_t zSig;
 
@@ -1164,7 +1164,7 @@ float64 int32_to_float64( int32 a STATUS_PARAM )
 floatx80 int32_to_floatx80( int32 a STATUS_PARAM )
 {
 flag zSign;
-uint32 absA;
+uint_fast32_t absA;
 int_fast8_t shiftCount;
 uint64_t zSig;
 
@@ -1186,7 +1186,7 @@ floatx80 int32_to_floatx80( int32 a STATUS_PARAM )
 float128 int32_to_float128( int32 a STATUS_PARAM )
 {
 flag zSign;
-uint32 absA;
+uint_fast32_t absA;
 int_fast8_t shiftCount;
 uint64_t zSig0;
 
@@ -6397,20 +6397,20 @@ int float128_unordered_quiet( float128 a, float128 b 
STATUS_PARAM )
 }
 
 /* misc functions */
-float32 uint32_to_float32( uint32 a STATUS_PARAM )
+float32 uint32_to_float32(uint_fast32_t a STATUS_PARAM)
 {
 return int64_to_float32(a STATUS_VAR);
 }
 
-float64 uint32_to_float64( uint32 a STATUS_PARAM )
+float64 uint32_to_float64(uint_fast32_t a STATUS_PARAM)
 {
 return int64_to_float64(a STATUS_VAR);
 }
 
-uint32 float32_to_uint32( float32 a STATUS_PARAM )
+uint_fast32_t float32_to_uint32(float32 a STATUS_PARAM)
 {
 int64_t v;
-uint32 res;
+uint_fast32_t res;
 
 v = float32_to_int64(a STATUS_VAR);
 if (v < 0) {
@@ -6425,10 +6425,10 @@ uint32 float32_to_uint32( float32 a STATUS_PARAM )
 return res;
 }
 
-uint32 float32_to_uint32_round_to_zero( float32 a STATUS_PARAM )
+uint_fast32_t float32_to_uint32_round_to_zero(float32 a STATUS_PARAM)
 {
 int64_t v;
-uint32 res;
+uint_fast32_t res;
 
 v = float32_to_int64_round_to_zero(a STATUS_VAR);
 if (v < 0) {
@@ -6461,10 +6461,10 @@ uint_fast16_t float32_to_uint16_round_to_zero(float32 a 
STATUS_PARAM)
 return res;
 }
 
-uint32 float64_to_uint32( float64 a STATUS_PARAM )
+uint_fast32_t float64_to_uint32(float64 a STATUS_PARAM)
 {
 int64_t v;
-uint32 res;
+uint_fast32_t res;
 
 v = float64_to_int64(a STATUS_VAR);
 if (v < 0) {
@@ -6479,10 +6479,10 @@ uint32 float64_to_uint32( float64 a STATUS_PARAM )
 return res;
 }
 
-uint32 float64_to_uint32_round_to_zero( float64 a STATUS_PARAM )
+uint_fast32_t float64_to_uint32_round_to_zero(float64 a STATUS_PARAM)
 {
 int64_t v;
-uint32 res;
+uint_fast32_t res;
 
 v = float64_to_int64_round_to_zero(a STATUS_VAR);
 if (v < 0) {
diff --git a/fpu/softfloat.h b/fpu/softfloat.h
index ea18a66..b29fd24 100644
--- a/fpu/softfloat.h
+++ b/fpu/softfloat.h
@@ -55,7 +55,6 @@ these four paragraphs for those parts of this code that are 
retained.
 | to the same as `int'.
 **/
 typedef uint8_t flag;
-typedef unsigned int uint32;
 typedef signed int int32;
 typedef uint64_t uint64;
 typedef int64_t int64;
@@ -223,8 +222,8 @@ enum {
 **/
 float32 int32_to_float32( int32 STATUS_PARAM );
 float64 int32_to_float64( int32 STATUS_PARAM );
-float32 uint32_to_float32( uint32 STATUS_PARAM );
-float64 uint32_to_float64( uint32 STATUS_PARAM );
+float32 uint32_to_float32(uint_fast32_t STATUS_PARAM);
+float64 uint32_to_float64(uint_fast32_t STATUS_PARAM);
 floatx80 int32_to_floatx80( int32 STATUS_PARAM );
 float128 int32_to_float128( int32 STATUS_PARAM );
 float32 int64_to_float32( int64 STATUS_PARAM );
@@ -259,8 +258,8 @@ int_fast16_t float32_to_int16_round_to_zero(float32 
STATUS_PARAM);
 uint_fast16_t float32_to_uint16_round_to_zero(float32 STATUS_PARAM);
 int32 float32_to_int32( float32 STATUS_PARAM );
 int32 float32_to_int32_round_to_zero( float32 STATUS_PARAM );
-uint32 float32_to_uint32( float32 STATUS_PARAM );
-uint32 float32_to_uint32_round_to_zero( float32 STATUS_PARAM );
+uint_fast32_t float32_to_uint32(float32 STATUS_PARAM);
+uint_fast32_t float32_to_uint32_round_to_zero(float32 STATUS_PARAM);
 int64 float32_to_int64( float32 STATUS_PARAM );
 int64 float32_to_int64_round_to_zero( float32 STATUS_PARAM );
 float64 float32_to_float64( float32 STATUS_PARAM );
@@ -363,8 +362,8 @@ int_fast16_t float64_to_int16_round_to_zero(float64 
STATUS_PARAM);
 uint_fast16_t float64_to_uint16_round_to_zero(float64 STATUS_PARAM);
 int32 float64_to_int32( float64 STATUS_PARAM );
 int32 float64_to_int32_round_to_zero( float64 STATUS_PARAM );
-uint32 float64_to_uint32( float64 STATUS_PARAM );
-uint32 float64_to_uint32_round_to_zero

[Qemu-devel] [PATCH 08/14] softfloat: Remove unused uint8 type

[Andreas Färber]

Signed-off-by: Andreas Färber 
---
 fpu/softfloat.h |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/fpu/softfloat.h b/fpu/softfloat.h
index dbdd390..99ff44e 100644
--- a/fpu/softfloat.h
+++ b/fpu/softfloat.h
@@ -55,7 +55,6 @@ these four paragraphs for those parts of this code that are 
retained.
 | to the same as `int'.
 **/
 typedef uint8_t flag;
-typedef uint8_t uint8;
 typedef int8_t int8;
 typedef unsigned int uint32;
 typedef signed int int32;
-- 
1.7.7

[Qemu-devel] [PATCH 07/14] softfloat: Replace int16 type with int_fast16_t

[Andreas Färber]

Based on the following Coccinelle patch:

@@
typedef int16, int_fast16_t;
@@
-int16
+int_fast16_t

Avoids a workaround for AIX.

Add typedef for pre-10 Solaris.

Signed-off-by: Andreas Färber 
Cc: malc 
Cc: Ben Taylor 
---
 fpu/softfloat-macros.h |   18 
 fpu/softfloat.c|  114 
 fpu/softfloat.h|7 +--
 osdep.h|1 +
 4 files changed, 69 insertions(+), 71 deletions(-)

diff --git a/fpu/softfloat-macros.h b/fpu/softfloat-macros.h
index e82ce23..b5164af 100644
--- a/fpu/softfloat-macros.h
+++ b/fpu/softfloat-macros.h
@@ -55,7 +55,7 @@ these four paragraphs for those parts of this code that are 
retained.
 | The result is stored in the location pointed to by `zPtr'.
 **/
 
-INLINE void shift32RightJamming( uint32_t a, int16 count, uint32_t *zPtr )
+INLINE void shift32RightJamming(uint32_t a, int_fast16_t count, uint32_t *zPtr)
 {
 uint32_t z;
 
@@ -81,7 +81,7 @@ INLINE void shift32RightJamming( uint32_t a, int16 count, 
uint32_t *zPtr )
 | The result is stored in the location pointed to by `zPtr'.
 **/
 
-INLINE void shift64RightJamming( uint64_t a, int16 count, uint64_t *zPtr )
+INLINE void shift64RightJamming(uint64_t a, int_fast16_t count, uint64_t *zPtr)
 {
 uint64_t z;
 
@@ -117,7 +117,7 @@ INLINE void shift64RightJamming( uint64_t a, int16 count, 
uint64_t *zPtr )
 
 INLINE void
  shift64ExtraRightJamming(
- uint64_t a0, uint64_t a1, int16 count, uint64_t *z0Ptr, uint64_t *z1Ptr )
+ uint64_t a0, uint64_t a1, int_fast16_t count, uint64_t *z0Ptr, uint64_t 
*z1Ptr)
 {
 uint64_t z0, z1;
 int8 negCount = ( - count ) & 63;
@@ -154,7 +154,7 @@ INLINE void
 
 INLINE void
  shift128Right(
- uint64_t a0, uint64_t a1, int16 count, uint64_t *z0Ptr, uint64_t *z1Ptr )
+ uint64_t a0, uint64_t a1, int_fast16_t count, uint64_t *z0Ptr, uint64_t 
*z1Ptr)
 {
 uint64_t z0, z1;
 int8 negCount = ( - count ) & 63;
@@ -189,7 +189,7 @@ INLINE void
 
 INLINE void
  shift128RightJamming(
- uint64_t a0, uint64_t a1, int16 count, uint64_t *z0Ptr, uint64_t *z1Ptr )
+ uint64_t a0, uint64_t a1, int_fast16_t count, uint64_t *z0Ptr, uint64_t 
*z1Ptr)
 {
 uint64_t z0, z1;
 int8 negCount = ( - count ) & 63;
@@ -243,7 +243,7 @@ INLINE void
  uint64_t a0,
  uint64_t a1,
  uint64_t a2,
- int16 count,
+ int_fast16_t count,
  uint64_t *z0Ptr,
  uint64_t *z1Ptr,
  uint64_t *z2Ptr
@@ -298,7 +298,7 @@ INLINE void
 
 INLINE void
  shortShift128Left(
- uint64_t a0, uint64_t a1, int16 count, uint64_t *z0Ptr, uint64_t *z1Ptr )
+ uint64_t a0, uint64_t a1, int_fast16_t count, uint64_t *z0Ptr, uint64_t 
*z1Ptr)
 {
 
 *z1Ptr = a1<> 10) & 0x1f;
 }
@@ -218,7 +218,7 @@ INLINE uint32_t extractFloat32Frac( float32 a )
 | Returns the exponent bits of the single-precision floating-point value `a'.
 **/
 
-INLINE int16 extractFloat32Exp( float32 a )
+INLINE int_fast16_t extractFloat32Exp(float32 a)
 {
 
 return ( float32_val(a)>>23 ) & 0xFF;
@@ -259,7 +259,7 @@ static float32 float32_squash_input_denormal(float32 a 
STATUS_PARAM)
 **/
 
 static void
- normalizeFloat32Subnormal( uint32_t aSig, int16 *zExpPtr, uint32_t *zSigPtr )
+ normalizeFloat32Subnormal(uint32_t aSig, int_fast16_t *zExpPtr, uint32_t 
*zSigPtr)
 {
 int8 shiftCount;
 
@@ -280,7 +280,7 @@ static void
 | significand.
 **/
 
-INLINE float32 packFloat32( flag zSign, int16 zExp, uint32_t zSig )
+INLINE float32 packFloat32(flag zSign, int_fast16_t zExp, uint32_t zSig)
 {
 
 return make_float32(
@@ -310,7 +310,7 @@ INLINE float32 packFloat32( flag zSign, int16 zExp, 
uint32_t zSig )
 | Binary Floating-Point Arithmetic.
 **/
 
-static float32 roundAndPackFloat32( flag zSign, int16 zExp, uint32_t zSig 
STATUS_PARAM)
+static float32 roundAndPackFloat32(flag zSign, int_fast16_t zExp, uint32_t 
zSig STATUS_PARAM)
 {
 int8 roundingMode;
 flag roundNearestEven;
@@ -376,7 +376,7 @@ static float32 roundAndPackFloat32( flag zSign, int16 zExp, 
uint32_t zSig STATUS
 **/
 
 static float32
- normalizeRoundAndPackFloat32( flag zSign, int16 zExp, uint32_t zSig 
STATUS_PARAM)
+ normalizeRoundAndPackFloat32(flag zSign, int_fast16_t zExp, uint32_t zSig 
STATUS_PARAM)
 {
 int8 shiftCount;
 
@@ -400,7 +400,7 @@ INLINE uint64_t extractFloat64Frac( float64 a )
 | Returns the exponent bits of the double-precision floating-point value `a'.
 *

[Qemu-devel] [PATCH 04/14] softfloat: Fix mixups of int and int16

[Andreas Färber]

normalizeFloat{32,64}Subnormal() expect the exponent as int16, not int.
This went unnoticed since int16 and uint16 were both typedef'ed to int.

Signed-off-by: Andreas Färber 
---
 fpu/softfloat.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fpu/softfloat.c b/fpu/softfloat.c
index 81a7d1a..6dbcb1b 100644
--- a/fpu/softfloat.c
+++ b/fpu/softfloat.c
@@ -2131,7 +2131,7 @@ float32 float32_rem( float32 a, float32 b STATUS_PARAM )
 float32 float32_muladd(float32 a, float32 b, float32 c, int flags STATUS_PARAM)
 {
 flag aSign, bSign, cSign, zSign;
-int aExp, bExp, cExp, pExp, zExp, expDiff;
+int16 aExp, bExp, cExp, pExp, zExp, expDiff;
 uint32_t aSig, bSig, cSig;
 flag pInf, pZero, pSign;
 uint64_t pSig64, cSig64, zSig64;
@@ -3685,7 +3685,7 @@ float64 float64_rem( float64 a, float64 b STATUS_PARAM )
 float64 float64_muladd(float64 a, float64 b, float64 c, int flags STATUS_PARAM)
 {
 flag aSign, bSign, cSign, zSign;
-int aExp, bExp, cExp, pExp, zExp, expDiff;
+int16 aExp, bExp, cExp, pExp, zExp, expDiff;
 uint64_t aSig, bSig, cSig;
 flag pInf, pZero, pSign;
 uint64_t pSig0, pSig1, cSig0, cSig1, zSig0, zSig1;
-- 
1.7.7

Re: [Qemu-devel] [Android-virt] [PATCH 03/12] hw/arm_boot.c: Make SMP boards specify address to poll in bootup loop

[Alexander Graf]

On 13.01.2012, at 21:52, Peter Maydell wrote:

> From: Evgeny Voevodin 
> 
> The secondary CPU bootloader in arm_boot.c holds secondary CPUs in a
> pen until the primary CPU releases them. Make boards specify the
> address to be polled to determine whether to leave the pen (it was
> previously hardcoded to 0x1030, which is a Versatile Express/
> Realview specific system register address).

Is smp_boot implementing the same logic as hw/ppce500_spin.c? It looks like the 
normal u-boot way of waiting for a magic address to be written with boot info. 
What I don't understand is the WFI. How can you wait for an interrupt if the 
trigger is a memory write? Or are you actually getting IPIs?


Alex

Re: [Qemu-devel] [PATCH] Add virtio-blk-drive-serial test

[Zhi Yong Wu]

On Sun, Jan 15, 2012 at 10:39 PM, Anthony Liguori  wrote:
> On 01/13/2012 07:25 PM, Zhi Yong Wu wrote:
>>
>> On Sat, Jan 14, 2012 at 9:03 AM, Zhi Yong Wu  wrote:
>>>
>>> On Sat, Jan 14, 2012 at 5:49 AM, Ryan Harper  wrote:

 We can test out the virtio-blk drive serial number by generating and
 then
 reading it back via the file in sysfs.

 Signed-off-by: Ryan Harper
 ---
  tests/virtio-blk-drive-serial.sh |   40
 ++
  1 files changed, 40 insertions(+), 0 deletions(-)
  create mode 100755 tests/virtio-blk-drive-serial.sh

 diff --git a/tests/virtio-blk-drive-serial.sh
 b/tests/virtio-blk-drive-serial.sh
 new file mode 100755
 index 000..0586f97
 --- /dev/null
 +++ b/tests/virtio-blk-drive-serial.sh
 @@ -0,0 +1,40 @@
 +#!/bin/sh
 +
 +serial="0123456789abcdefghi"
 +
 +in_host() {
 +    tmpdisk=$tmpdir/disk.img
 +    qemu-img create -f qcow2 $tmpdisk 10G
 +
 +    qemu -nographic -enable-kvm \
 +    -drive
 file=$tmpdisk,if=none,id=drive-virtio-disk0,format=raw,cache=none,serial=$serial
 \
 +    -device
 virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0
 +    rc=$?
 +
 +    rm $tmpdisk
 +    return $rc
 +}
 +
 +in_guest() {
 +    sysfspath=/sys/block/vda
 +    if ! test -e $sysfspath; then
 +    echo "Device not visible!"
 +    return 1
 +    fi
 +
 +    guest_serial=`cat $sysfspath/serial`
 +
 +    if test "$guest_serial" != "$serial"; then
 +    echo "drive has wrong serial!"
 +    echo "Expected '$serial', got '$guest_serial'"
 +    return 2
 +    fi
 +
 +    return 0
 +}
>>>
>>> How will you make in_guest() run in that guest system?
>>> From the code below, i guess that qtest framework make sure it.
>
>
> qemu-test.  qtest is something different.
>
> The script is copied into the initramfs used to run the guest.  QEMU_TEST=1
> only in the host so the code below invokes in_guest only in the guest.
thanks.
>
> Regards,
>
> Anthony Liguori
>
>
 +
 +if test $QEMU_TEST; then
 +    in_host
 +else
 +    in_guest
 +fi
 --
 1.7.6


>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Zhi Yong Wu
>>
>>
>>
>>
>



-- 
Regards,

Zhi Yong Wu

Re: [Qemu-devel] [Spice-devel] Vioserial of Windows guest OS on Qemu 0.15

[Charles . Tsai-蔡清海-研究發展部]

Vadim,

Thank you for your prompt reply. Here are the information for our test case.


1) we use the following command line to launch the guest OS


/usr/bin/kvm -S -M pc-0.14 -enable-kvm -m 1024 -smp 
1,sockets=1,cores=1,threads=1 -name win_xp -uuid 
d9388815-ddd3-c38e-33c2-a9d5fcc7a775 -nodefconfig -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/win_xp.monitor,server,nowait
-mon chardev=charmonitor,id=monitor,mode=readline
-rtc base=localtime
-device 
virtio-serial-pci,id=virtio-serial0,bus=pci.0,multifunction=on,addr=0x5.0x0
-drive file=/media/Images/Windows-XP.img,if=none,id=drive-ide0-0-0,format=raw
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1
-netdev tap,fd=17,id=hostnet0
-device 
rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:e8:dc:b1,bus=pci.0,multifunction=on,addr=0x3.0x0
-chardev pty,id=charserial0
-device isa-serial,chardev=charserial0,id=serial0
-chardev spicevmc,id=charchannel0,name=vdagent
-device 
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
-usb -device usb-tablet,id=input0
-spice port=5900,addr=0.0.0.0,disable-ticketing
-vga qxl -global qxl-vga.vram_size=67108864 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,multifunction=on,addr=0x4.0x0



2). In Guest Windows XP OS


When the following callback function of the vioserial device  is called in 
guest OS. The allocated resources is empty.


VIOSerialEvtDevicePrepareHardware() ---This function is to get the I/O address 
of the vioserial device and map the physical address to the logical address 
space.

I added the following trace and the value of nListSize is ZERO.
TraceEvents(TRACE_LEVEL_INFORMATION, DBG_PNP, "%s (nListSize=%d)\n", 
__FUNCTION__,nListSize); 


So far, we have tested Qemu 0.14 without any problem but Qemu 0.15 seemed to be 
broken in vioserial device.
Let me know if you need further information. Thanks.




-Original Message-
From: Vadim Rozenfeld [mailto:vroze...@redhat.com] 
Sent: Sunday, January 15, 2012 7:42 PM
To: Stefan Hajnoczi
Cc: Charles.Tsai-蔡清海-研究發展部; Alon Levy; spice-de...@lists.freedesktop.org; Alex 
Huang-黃必賢-研究發展部; qemu-devel
Subject: Re: [Spice-devel] Vioserial of Windows guest OS on Qemu 0.15

On Sun, 2012-01-15 at 11:27 +, Stefan Hajnoczi wrote:
> 2012/1/14 Charles.Tsai-蔡清海-研究發展部 :
> >I tested Qemu 0.15 for Windows XP guest OS. But I found that the 
> > Virtual Serial I/O driver failed in driver initialization.
> >The root cause of this problem is because the hardware resources(I/O 
> > in this device) is not allocated to the virtual serial I/O.
> >When I debugged on the vioserial driver, no hardware resource 
> > actually is allocated to this device.
> >This bug seems to be in the area of Qemu. Do you know whom I can 
> > consult to fix this problem? Please let me know if you know the group or 
> > the person.
> 
> I have CCed Vadim (virtio Windows driver) and the QEMU mailing list.
> 
> Please post your QEMU command-line so we can see how the guest is configured.
> 
> You mentioned that you debugged the driver and hardware resources 
> weren't allocated.  Do you have a virtio PCI device inside the guest 
> for this virtio-serial device?  Were you able to tell which part of 
> driver initialization failed (finding the PCI device, mapping its 
> resources (BARs), etc)?
> 
> Stefan

Could you post "pci info" output?

thanks,
Vadim.

Re: [Qemu-devel] [Bug 902148] Re: qemu-img V1.0 hangs on creating Image (0.15.1 runs)

[Zhi Yong Wu]

On Sun, Jan 15, 2012 at 7:14 PM, Stefan Hajnoczi  wrote:
> On Sat, Jan 14, 2012 at 3:40 PM, Zhi Yong Wu  wrote:
>> On Mon, Jan 9, 2012 at 9:00 PM, Stefan Hajnoczi  wrote:
>>> On Mon, Jan 9, 2012 at 11:25 AM, Kevin Wolf  wrote:
 Am 20.12.2011 17:49, schrieb Stefan Hajnoczi:
> On Tue, Dec 20, 2011 at 3:25 PM, Michael Niehren
> <902...@bugs.launchpad.net> wrote:
>> here we are. Attached the tgz. I am using no spezial distribution, it's 
>> a self compiled LFS with
>> gcc V4.5.1
>>
>> Is there a different compiler-call if i use --enable-debug, which then
>> works ?
>
> Richard Sandiford looked at your gcc -fdump-tree-all-details output
> and suggests that this bug has been fixed in gcc 4.5.3:
>
> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=45967
>
> Using the most recent gcc should fix the issue you are seeing.

 Can we add some workaround? Not sure what will work, maybe a simple
 compiler barrier?
>>>
>>> Sure though it seems like a very rare case - OP was running Linux From
>>> Scratch and hence got the broken gcc.  But if someone does a small
>>> workaround and tests it then that would be nice.
>> How to do this workaround in qemu since it is one gcc bug?
>
> The problem is that that compiler keeps values in registers across a
> point where C semantics require that they be reloaded.
>
> There are several ways to force a compiler to reload values including
> a barrier (which Kevin suggested) or the volatile keyword.  One of
> these techniques can probably be used as a workaround, but it would be
> necessary to check gcc 4.5.1 output to make sure it's effective.
thanks
>
> I think it's not worth doing unless we think more users will be
> affected.  Unless a distro ships the broken compiler version or it's
> the latest gcc release that people would build from source, I bet the
> number of users is very small.
>
> Stefan



-- 
Regards,

Zhi Yong Wu

[Qemu-devel] Where is load_elf32()?

[Li Guohua]

Hi,

In qemu-1.0:hw/loader.c, load_elf() calls load_elf64() or load_elf32().
But where is the function definition/body of load_elf32()?

And:

$ find /usr/include -name '*' | xargs grep load_elf32
[no result]


Thanks & Regards,
Gary

Re: [Qemu-devel] Where is load_elf32()?

[Max Filippov]

> In qemu-1.0:hw/loader.c, load_elf() calls load_elf64() or load_elf32().
> But where is the function definition/body of load_elf32()?

It is in hw/elf_ops.h:190

static int glue(load_elf, SZ)(const char *name, int fd,
                             uint64_t (*translate_fn)(void *, uint64_t),
                             void *translate_opaque,
                             int must_swab, uint64_t *pentry,
                             uint64_t *lowaddr, uint64_t *highaddr,
                             int elf_machine, int clear_lsb)

--
Thanks.
-- Max

[Qemu-devel] [PATCH] tests: Silence gtester in Makefile

[Stefan Weil]

This prettifies make output a little by avoiding a very long line.
As gtester prints the checks when they are run, no information is lost.

Signed-off-by: Stefan Weil 
---
 tests/Makefile |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index efde63a..55e8eb0 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -36,4 +36,4 @@ test-qmp-commands: test-qmp-commands.o $(qobject-obj-y) 
$(qapi-obj-y) $(tools-ob
 
 .PHONY: check
 check: $(CHECKS)
-   gtester $(CHECKS)
+   $(call quiet-command, gtester $(CHECKS), "  CHECK")
-- 
1.7.2.5

[Qemu-devel] [PATCH v7 01/10] hw/sysbus.h: Increase maximum number of device IRQs.

[Evgeny Voevodin]

Samsung exynos4210 Interrupt Combiner needs 512 IRQ sources.

Signed-off-by: Evgeny Voevodin 
Reviewed-by: Peter Maydell 
---
 hw/sysbus.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/sysbus.h b/hw/sysbus.h
index 899756b..7b8ca23 100644
--- a/hw/sysbus.h
+++ b/hw/sysbus.h
@@ -8,7 +8,7 @@
 
 #define QDEV_MAX_MMIO 32
 #define QDEV_MAX_PIO 32
-#define QDEV_MAX_IRQ 256
+#define QDEV_MAX_IRQ 512
 
 typedef struct SysBusDevice SysBusDevice;
 
-- 
1.7.4.1

[Qemu-devel] [PATCH v7 08/10] hw/lan9118: Add basic 16-bit mode support.

[Evgeny Voevodin]

Signed-off-by: Evgeny Voevodin 
Reviewed-by: Peter Maydell 
---
 hw/lan9118.c |  115 +++---
 1 files changed, 110 insertions(+), 5 deletions(-)

diff --git a/hw/lan9118.c b/hw/lan9118.c
index 8b83fe2..5e5e644 100644
--- a/hw/lan9118.c
+++ b/hw/lan9118.c
@@ -216,6 +216,17 @@ typedef struct {
 int rxp_offset;
 int rxp_size;
 int rxp_pad;
+
+uint32_t write_word_prev_offset;
+uint32_t write_word_n;
+uint16_t write_word_l;
+uint16_t write_word_h;
+uint32_t read_word_prev_offset;
+uint32_t read_word_n;
+uint32_t read_long;
+
+uint32_t mode_16bit;
+
 } lan9118_state;
 
 static void lan9118_update(lan9118_state *s)
@@ -310,7 +321,7 @@ static void lan9118_reset(DeviceState *d)
 s->fifo_int = 0x4800;
 s->rx_cfg = 0;
 s->tx_cfg = 0;
-s->hw_cfg = 0x0005;
+s->hw_cfg = s->mode_16bit ? 0x0005 : 0x00050004;
 s->pmt_ctrl &= 0x45;
 s->gpio_cfg = 0;
 s->txp->fifo_used = 0;
@@ -349,6 +360,9 @@ static void lan9118_reset(DeviceState *d)
 s->mac_mii_data = 0;
 s->mac_flow = 0;
 
+s->read_word_n = 0;
+s->write_word_n = 0;
+
 phy_reset(s);
 
 s->eeprom_writable = 0;
@@ -904,7 +918,7 @@ static void lan9118_writel(void *opaque, target_phys_addr_t 
offset,
 {
 lan9118_state *s = (lan9118_state *)opaque;
 offset &= 0xff;
-
+
 //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
 if (offset >= 0x20 && offset < 0x40) {
 /* TX FIFO */
@@ -954,7 +968,7 @@ static void lan9118_writel(void *opaque, target_phys_addr_t 
offset,
 /* SRST */
 lan9118_reset(&s->busdev.qdev);
 } else {
-s->hw_cfg = val & 0x003f300;
+s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4);
 }
 break;
 case CSR_RX_DP_CTRL:
@@ -1033,6 +1047,46 @@ static void lan9118_writel(void *opaque, 
target_phys_addr_t offset,
 lan9118_update(s);
 }
 
+static void lan9118_writew(void *opaque, target_phys_addr_t offset,
+   uint32_t val)
+{
+lan9118_state *s = (lan9118_state *)opaque;
+offset &= 0xff;
+
+if (s->write_word_prev_offset != (offset & ~0x3)) {
+/* New offset, reset word counter */
+s->write_word_n = 0;
+s->write_word_prev_offset = offset & ~0x3;
+}
+
+if (offset & 0x2) {
+s->write_word_h = val;
+} else {
+s->write_word_l = val;
+}
+
+//DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val);
+s->write_word_n++;
+if (s->write_word_n == 2) {
+s->write_word_n = 0;
+lan9118_writel(s, offset & ~3, s->write_word_l +
+(s->write_word_h << 16), 4);
+}
+}
+
+static void lan9118_16bit_mode_write(void *opaque, target_phys_addr_t offset,
+ uint64_t val, unsigned size)
+{
+switch (size) {
+case 2:
+return lan9118_writew(opaque, offset, (uint32_t)val);
+case 4:
+return lan9118_writel(opaque, offset, val, size);
+}
+
+hw_error("lan9118_write: Bad size 0x%x\n", size);
+}
+
 static uint64_t lan9118_readl(void *opaque, target_phys_addr_t offset,
   unsigned size)
 {
@@ -1069,7 +1123,7 @@ static uint64_t lan9118_readl(void *opaque, 
target_phys_addr_t offset,
 case CSR_TX_CFG:
 return s->tx_cfg;
 case CSR_HW_CFG:
-return s->hw_cfg | 0x4;
+return s->hw_cfg;
 case CSR_RX_DP_CTRL:
 return 0;
 case CSR_RX_FIFO_INF:
@@ -1107,12 +1161,60 @@ static uint64_t lan9118_readl(void *opaque, 
target_phys_addr_t offset,
 return 0;
 }
 
+static uint32_t lan9118_readw(void *opaque, target_phys_addr_t offset)
+{
+lan9118_state *s = (lan9118_state *)opaque;
+uint32_t val;
+
+if (s->read_word_prev_offset != (offset & ~0x3)) {
+/* New offset, reset word counter */
+s->read_word_n = 0;
+s->read_word_prev_offset = offset & ~0x3;
+}
+
+s->read_word_n++;
+if (s->read_word_n == 1) {
+s->read_long = lan9118_readl(s, offset & ~3, 4);
+} else {
+s->read_word_n = 0;
+}
+
+if (offset & 2) {
+val = s->read_long >> 16;
+} else {
+val = s->read_long & 0x;
+}
+
+//DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val);
+return val;
+}
+
+static uint64_t lan9118_16bit_mode_read(void *opaque, target_phys_addr_t 
offset,
+unsigned size)
+{
+switch (size) {
+case 2:
+return lan9118_readw(opaque, offset);
+case 4:
+return lan9118_readl(opaque, offset, size);
+}
+
+hw_error("lan9118_read: Bad size 0x%x\n", size);
+return 0;
+}
+
 static const MemoryRegionOps lan9118_mem_ops = {
 .read = lan9118_readl,
 .write = lan9118_writel,
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
+static const MemoryRegionOps lan9118_16bit_mem_ops = {
+.read = lan9118_16bit_mode_read,
+.w

Re: [Qemu-devel] 回??: [PATCH 00/21][RFC] postcopy live?migration

[Isaku Yamahata]

Thank you for your info.
I suppose I found the cause, MSR_KVM_WALL_CLOCK and MSR_KVM_SYSTEM_TIME.
Your kernel enables KVM paravirt_ops, right?

Although I'm preparing the next path series including the fixes,
you can also try postcopy by disabling paravirt_ops or disabling kvm
(use tcg i.e. -machine accel:tcg).

thanks,


On Thu, Jan 12, 2012 at 09:26:03PM +0800, thfbjyddx wrote:
>  
> Do you know what wchan the process was blocked at?
> kvm_vcpu_ioctl(env, KVM_SET_MSRS, &msr_data) doesn't seem to block.
>  
> It's
> WCHAN  COMMAND
> umem_fault--qemu-system-x86
>  
>  
> ━━━
> Tommy
>  
> From: Isaku Yamahata
> Date: 2012-01-12 16:54
> To: thfbjyddx
> CC: t.hirofuchi; qemu-devel; kvm; satoshi.itoh
> Subject: Re: [Qemu-devel]回??: [PATCH 00/21][RFC] postcopy live?migration
> On Thu, Jan 12, 2012 at 04:29:44PM +0800, thfbjyddx wrote:
> > Hi , I've dug more thess days
> >  
> > > (qemu) migration-tcp: Attempting to start an incoming migration
> > > migration-tcp: accepted migration
> > > 4872:4872 postcopy_incoming_ram_load:1018: incoming ram load
> > > 4872:4872 postcopy_incoming_ram_load:1031: addr 0x1087 flags 0x4
> > > 4872:4872 postcopy_incoming_ram_load:1057: done
> > > 4872:4872 postcopy_incoming_ram_load:1018: incoming ram load
> > > 4872:4872 postcopy_incoming_ram_load:1031: addr 0x0 flags 0x10
> > > 4872:4872 postcopy_incoming_ram_load:1037: EOS
> > > 4872:4872 postcopy_incoming_ram_load:1018: incoming ram load
> > > 4872:4872 postcopy_incoming_ram_load:1031: addr 0x0 flags 0x10
> > > 4872:4872 postcopy_incoming_ram_load:1037: EOS
> >  
> > There should be only single EOS line. Just copy & past miss?
> >  
> > There must be two EOS for one is coming from postcopy_outgoing_ram_save_live
> > (...stage == QEMU_SAVE_LIVE_STAGE_PART) and the other is
> > postcopy_outgoing_ram_save_live(...stage == QEMU_SAVE_LIVE_STAGE_END)
> > I think in postcopy the ram_save_live in the iterate part can be ignore
> > so why there still have the qemu_put_byte(f, QEMU_VM_SECTON_PART) and
> > qemu_put_byte(f, QEMU_VM_SECTON_END) in the procedure? Is it essential?
>  
> Not so essential.
>  
> > Can you please track it down one more step?
> > Which line did it stuck in kvm_put_msrs()? kvm_put_msrs() doesn't seem to
> > block.(backtrace by the debugger would be best.)
> >
> > it gets to the kvm_vcpu_ioctl(env, KVM_SET_MSRS, &msr_data) and never return
> > so it gets stuck
>  
> Do you know what wchan the process was blocked at?
> kvm_vcpu_ioctl(env, KVM_SET_MSRS, &msr_data) doesn't seem to block.
>  
>  
> > when I check the EOS problem
> > I just annotated the qemu_put_byte(f, QEMU_VM_SECTION_PART);
>  and qemu_put_be32
> > (f, se->section_id)
> >  (I think this is a wrong way to fix it and I don't know how it get through)
> > and leave just the se->save_live_state in the qemu_savevm_state_iterate
> > it didn't get stuck at kvm_put_msrs()
> > but it has some other error
> > (qemu) migration-tcp: Attempting to start an incoming migration
> > migration-tcp: accepted migration
> > 2126:2126 postcopy_incoming_ram_load:1018: incoming ram load
> > 2126:2126 postcopy_incoming_ram_load:1031: addr 0x1087 flags 0x4
> > 2126:2126 postcopy_incoming_ram_load:1057: done
> > migration: successfully loaded vm state
> > 2126:2126 postcopy_incoming_fork_umemd:1069: fork
> > 2126:2126 postcopy_incoming_fork_umemd:1127: qemu pid: 2126 daemon pid: 2129
> > 2130:2130 postcopy_incoming_umemd:1840: daemon pid: 2130
> > 2130:2130 postcopy_incoming_umemd:1875: entering umemd main loop
> > Can't find block !
> > 2130:2130 postcopy_incoming_umem_ram_load:1526: shmem == NULL
> > 2130:2130 postcopy_incoming_umemd:1882: exiting umemd main loop
> > and at the same time , the destination node didn't show the EOS
> >  
> > so I still can't solve the stuck problem
> > Thanks for your help~!
> > ━━
> ━
> > Tommy
> >  
> > From: Isaku Yamahata
> > Date: 2012-01-11 10:45
> > To: thfbjyddx
> > CC: t.hirofuchi; qemu-devel; kvm; satoshi.itoh
> > Subject: Re: [Qemu-devel]回??: [PATCH 00/21][RFC] postcopy live migration
> > On Sat, Jan 07, 2012 at 06:29:14PM +0800, thfbjyddx wrote:
> > > Hello all!
> >  
> > Hi, thank you for detailed report. The procedure you've tried looks
> > good basically. Some comments below.
> >  
> > > I got the qemu basic version(03ecd2c80a64d030a22fe67cc7a60f24e17ff211) and
> > > patched it correctly
> > > but it still didn't make sense and I got the same scenario as before
> > > outgoing node intel x86_64; incoming node amd x86_64. guest image is on 
> > > nfs
> > >  
> > >
>  I think I should show what I do more clearly and hope somebody can figure out
> > > the problem
> > > 
> > >  ・ 1, both in/out node patch the qemu and start on 3.1.7 kernel with umem
> > > 
> > >./configure --target-list=
> > x86_64-softmmu --enable-kvm --enable-postcopy
> > > --enable-debug
> > >make
> > >make install
> > > 
> > >  ・ 2, outgoing qem

[Qemu-devel] [PATCH v7 09/10] hw/exynos4210.c: Add LAN support for SMDKC210.

[Evgeny Voevodin]

SMDKC210 uses lan9215 chip, but lan9118 in 16-bit mode seems to
be enough.

Signed-off-by: Evgeny Voevodin 
---
 hw/exynos4_boards.c |   27 +--
 1 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/hw/exynos4_boards.c b/hw/exynos4_boards.c
index b8fc5b6..56fd9a3 100644
--- a/hw/exynos4_boards.c
+++ b/hw/exynos4_boards.c
@@ -23,6 +23,7 @@
 
 #include "sysemu.h"
 #include "sysbus.h"
+#include "net.h"
 #include "arm-misc.h"
 #include "exec-memory.h"
 #include "exynos4210.h"
@@ -42,6 +43,8 @@
 #define  PRINT_DEBUG(fmt, args...)  do {} while (0)
 #endif
 
+#define SMDK_LAN9118_BASE_ADDR  0x0500
+
 typedef enum exynos4_board_type {
 EXYNOS4_BOARD_NURI,
 EXYNOS4_BOARD_SMDKC210,
@@ -68,6 +71,24 @@ static struct arm_boot_info exynos4_board_binfo = {
 .smp_loader_start = EXYNOS4210_SMP_BOOT_ADDR,
 };
 
+static void lan9215_init(uint32_t base, qemu_irq irq)
+{
+DeviceState *dev;
+SysBusDevice *s;
+
+/* This should be a 9215 but the 9118 is close enough */
+if (nd_table[0].vlan) {
+qemu_check_nic_model(&nd_table[0], "lan9118");
+dev = qdev_create(NULL, "lan9118");
+qdev_set_nic_properties(dev, &nd_table[0]);
+qdev_prop_set_uint32(dev, "mode_16bit", 1);
+qdev_init_nofail(dev);
+s = sysbus_from_qdev(dev);
+sysbus_mmio_map(s, 0, base);
+sysbus_connect_irq(s, 0, irq);
+}
+}
+
 static Exynos4210State *exynos4_boards_init_common(
 const char *kernel_filename,
 const char *kernel_cmdline,
@@ -114,9 +135,11 @@ static void smdkc210_init(ram_addr_t ram_size,
 const char *kernel_filename, const char *kernel_cmdline,
 const char *initrd_filename, const char *cpu_model)
 {
-exynos4_boards_init_common(kernel_filename, kernel_cmdline,
-initrd_filename, EXYNOS4_BOARD_SMDKC210);
+Exynos4210State *s = exynos4_boards_init_common(kernel_filename,
+kernel_cmdline, initrd_filename, EXYNOS4_BOARD_SMDKC210);
 
+lan9215_init(SMDK_LAN9118_BASE_ADDR,
+qemu_irq_invert(s->irq_table[exynos4210_get_irq(37, 1)]));
 arm_load_kernel(first_cpu, &exynos4_board_binfo);
 }
 
-- 
1.7.4.1

Re: [Qemu-devel] [Spice-devel] Vioserial of Windows guest OS on Qemu 0.15

[Vadim Rozenfeld]

On Mon, 2012-01-16 at 10:02 +0800, Charles.Tsai-蔡清海-研究發展部 wrote:
> Vadim,
> 
> Thank you for your prompt reply. Here are the information for our test case.
> 
> 
> 1) we use the following command line to launch the guest OS
> 
> 
> /usr/bin/kvm -S -M pc-0.14 -enable-kvm -m 1024 -smp 
> 1,sockets=1,cores=1,threads=1 -name win_xp -uuid 
> d9388815-ddd3-c38e-33c2-a9d5fcc7a775 -nodefconfig -nodefaults -chardev 
> socket,id=charmonitor,path=/var/lib/libvirt/qemu/win_xp.monitor,server,nowait
> -mon chardev=charmonitor,id=monitor,mode=readline
> -rtc base=localtime
> -device 
> virtio-serial-pci,id=virtio-serial0,bus=pci.0,multifunction=on,addr=0x5.0x0
> -drive file=/media/Images/Windows-XP.img,if=none,id=drive-ide0-0-0,format=raw
> -device 
> ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1
> -netdev tap,fd=17,id=hostnet0
> -device 
> rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:e8:dc:b1,bus=pci.0,multifunction=on,addr=0x3.0x0
> -chardev pty,id=charserial0
> -device isa-serial,chardev=charserial0,id=serial0
> -chardev spicevmc,id=charchannel0,name=vdagent
> -device 
> virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
> -usb -device usb-tablet,id=input0
> -spice port=5900,addr=0.0.0.0,disable-ticketing
> -vga qxl -global qxl-vga.vram_size=67108864 -device 
> virtio-balloon-pci,id=balloon0,bus=pci.0,multifunction=on,addr=0x4.0x0
> 
> 
> 
> 2). In Guest Windows XP OS
> 
> 
> When the following callback function of the vioserial device  is called in 
> guest OS. The allocated resources is empty.
> 
> 
> VIOSerialEvtDevicePrepareHardware() ---This function is to get the I/O 
> address of the vioserial device and map the physical address to the logical 
> address space.
> 
> I added the following trace and the value of nListSize is ZERO.
> TraceEvents(TRACE_LEVEL_INFORMATION, DBG_PNP, "%s (nListSize=%d)\n", 
> __FUNCTION__,nListSize); 
> 
> 
> So far, we have tested Qemu 0.14 without any problem but Qemu 0.15 seemed to 
> be broken in vioserial device.
> Let me know if you need further information. Thanks.
> 
Hi Charles,
You're right. 
If WdfCmResourceListGetCount returns zero, 
it must be a problem with resources list.
Output of "info pci" and "info qtree" commands
could be helpful in analyzing this problem.

Best regards,
Vadim.
> 
> 
> 
> -Original Message-
> From: Vadim Rozenfeld [mailto:vroze...@redhat.com] 
> Sent: Sunday, January 15, 2012 7:42 PM
> To: Stefan Hajnoczi
> Cc: Charles.Tsai-蔡清海-研究發展部; Alon Levy; spice-de...@lists.freedesktop.org; 
> Alex Huang-黃必賢-研究發展部; qemu-devel
> Subject: Re: [Spice-devel] Vioserial of Windows guest OS on Qemu 0.15
> 
> On Sun, 2012-01-15 at 11:27 +, Stefan Hajnoczi wrote:
> > 2012/1/14 Charles.Tsai-蔡清海-研究發展部 :
> > >I tested Qemu 0.15 for Windows XP guest OS. But I found that the 
> > > Virtual Serial I/O driver failed in driver initialization.
> > >The root cause of this problem is because the hardware 
> > > resources(I/O in this device) is not allocated to the virtual serial I/O.
> > >When I debugged on the vioserial driver, no hardware resource 
> > > actually is allocated to this device.
> > >This bug seems to be in the area of Qemu. Do you know whom I can 
> > > consult to fix this problem? Please let me know if you know the group or 
> > > the person.
> > 
> > I have CCed Vadim (virtio Windows driver) and the QEMU mailing list.
> > 
> > Please post your QEMU command-line so we can see how the guest is 
> > configured.
> > 
> > You mentioned that you debugged the driver and hardware resources 
> > weren't allocated.  Do you have a virtio PCI device inside the guest 
> > for this virtio-serial device?  Were you able to tell which part of 
> > driver initialization failed (finding the PCI device, mapping its 
> > resources (BARs), etc)?
> > 
> > Stefan
> 
> Could you post "pci info" output?
> 
> thanks,
> Vadim.
> 

Re: [Qemu-devel] [PATCH][v9] megasas: LSI Megaraid SAS HBA emulation

[Hannes Reinecke]

On 01/15/2012 10:21 AM, Avi Kivity wrote:
> On 01/13/2012 06:54 PM, Andreas Färber wrote:
>>> +static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
>>> +{
>>> +int i, is_write = megasas_frame_is_write(cmd);
>>> +
>>> +for (i = 0; i < cmd->iov_cnt; i++) {
>>> +cpu_physical_memory_unmap(cmd->iov[i].iov_base, 
>>> cmd->iov[i].iov_len,
>>> +  is_write, cmd->iov[i].iov_len);
>>
>> Not sure, but cpu_physical_memory_* sounds old-fashioned. Might need an
>> update to MemoryRegion?
> 
> These APIs have not been updated (yet?).
> 
That's what I thought.

Plus even virtio is using it, so I'd be very much interested in the
argument why megasas can't use it ...

Cheers,

Hannes
-- 
Dr. Hannes Reinecke   zSeries & Storage
h...@suse.de  +49 911 74053 688
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: J. Hawn, J. Guild, F. Imendörffer, HRB 16746 (AG Nürnberg)

[Qemu-devel] [PATCH v7 04/10] ARM: Samsung exynos4210-based boards emulation

[Evgeny Voevodin]

Add initial support of NURI and SMDKC210 boards

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target |3 +-
 hw/exynos4210.c |  202 +++
 hw/exynos4210.h |   37 +
 hw/exynos4_boards.c |  143 
 4 files changed, 384 insertions(+), 1 deletions(-)
 create mode 100644 hw/exynos4210.c
 create mode 100644 hw/exynos4_boards.c

diff --git a/Makefile.target b/Makefile.target
index 4ac257e..6199d44 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -339,7 +339,8 @@ obj-arm-y = integratorcp.o versatilepb.o arm_pic.o 
arm_timer.o
 obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
-obj-arm-y += exynos4210_gic.o exynos4210_combiner.o
+obj-arm-y += exynos4210_gic.o exynos4210_combiner.o exynos4210.o
+obj-arm-y += exynos4_boards.o
 obj-arm-y += arm_l2x0.o
 obj-arm-y += arm_mptimer.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
new file mode 100644
index 000..82755db
--- /dev/null
+++ b/hw/exynos4210.c
@@ -0,0 +1,202 @@
+/*
+ *  Samsung exynos4210 SoC emulation
+ *
+ *  Copyright (c) 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *Maksim Kozlov 
+ *Evgeny Voevodin 
+ *Igor Mitsyanko  
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ *
+ */
+
+#include "boards.h"
+#include "sysemu.h"
+#include "sysbus.h"
+#include "arm-misc.h"
+#include "exynos4210.h"
+
+#define EXYNOS4210_CHIPID_ADDR 0x1000
+
+/* External GIC */
+#define EXYNOS4210_EXT_GIC_CPU_BASE_ADDR0x1048
+#define EXYNOS4210_EXT_GIC_DIST_BASE_ADDR   0x1049
+
+/* Combiner */
+#define EXYNOS4210_EXT_COMBINER_BASE_ADDR   0x1044
+#define EXYNOS4210_INT_COMBINER_BASE_ADDR   0x10448000
+
+static uint8_t chipid_and_omr[] = { 0x11, 0x02, 0x21, 0x43,
+0x09, 0x00, 0x00, 0x00 };
+
+Exynos4210State *exynos4210_init(MemoryRegion *system_mem,
+unsigned long ram_size)
+{
+qemu_irq cpu_irq[4];
+int n;
+Exynos4210State *s = g_new(Exynos4210State, 1);
+qemu_irq *irq_table;
+qemu_irq *irqp;
+qemu_irq gate_irq[EXYNOS4210_IRQ_GATE_NINPUTS];
+unsigned long mem_size;
+DeviceState *dev;
+SysBusDevice *busdev;
+
+for (n = 0; n < smp_cpus; n++) {
+s->env[n] = cpu_init("cortex-a9");
+if (!s->env[n]) {
+fprintf(stderr, "Unable to find CPU %d definition\n", n);
+exit(1);
+}
+/* Create PIC controller for each processor instance */
+irqp = arm_pic_init_cpu(s->env[n]);
+
+/*
+ * Get GICs gpio_in cpu_irq to connect a combiner to them later.
+ * Use only IRQ for a while.
+ */
+cpu_irq[n] = irqp[ARM_PIC_CPU_IRQ];
+}
+
+/*** IRQs ***/
+
+s->irq_table = exynos4210_init_irq(&s->irqs);
+irq_table = s->irq_table;
+
+/* IRQ Gate */
+dev = qdev_create(NULL, "exynos4210.irq_gate");
+qdev_init_nofail(dev);
+/* Get IRQ Gate input in gate_irq */
+for (n = 0; n < EXYNOS4210_IRQ_GATE_NINPUTS; n++) {
+gate_irq[n] = qdev_get_gpio_in(dev, n);
+}
+busdev = sysbus_from_qdev(dev);
+/* Connect IRQ Gate output to cpu_irq */
+for (n = 0; n < smp_cpus; n++) {
+sysbus_connect_irq(busdev, n, cpu_irq[n]);
+}
+
+/* Private memory region and Internal GIC */
+dev = qdev_create(NULL, "a9mpcore_priv");
+qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
+qdev_init_nofail(dev);
+busdev = sysbus_from_qdev(dev);
+sysbus_mmio_map(busdev, 0, EXYNOS4210_SMP_PRIVATE_BASE_ADDR);
+for (n = 0; n < smp_cpus; n++) {
+sysbus_connect_irq(busdev, n, gate_irq[n * 2]);
+}
+for (n = 0; n < EXYNOS4210_INT_GIC_NIRQ; n++) {
+s->irqs.int_gic_irq[n] = qdev_get_gpio_in(dev, n);
+}
+
+/* External GIC */
+dev = qdev_create(NULL, "exynos4210.gic");
+qdev_prop_set_uint32(dev, "num-cpu", smp_cpus);
+qdev_init_nofail(dev);
+busdev = sysbus_from_qdev(dev);
+/* Map CPU interface */
+sysbus_mmio_map(busdev, 0, EXYNOS4210_EXT_GIC_CPU_BASE_ADDR);
+/* Map Distributer interface */
+sysbus_mmio_map(busdev, 1, EXYNOS4210_EXT_GIC_DIST_BASE_ADDR);
+ 

Re: [Qemu-devel] [PATCH] rework daemonizing logic in qemu-nbd

[Michael Tokarev]

On 15.01.2012 21:31, Paolo Bonzini wrote:
> On 01/15/2012 05:44 PM, Michael Tokarev wrote:
>> + * stdout (temporarily) to the pipe to parent,
>
> This is a bit of a hack.

 There's another way -- to keep the writing pipe end in some
 local variable and use that one instead of STDOUT_FILENO.
 I can do it that way for sure, just thought it's already
 using too much local variables.
>>>
>>> Yes, that would be better.
>>
>> Done in a v2 version I sent you.
> 
> Please stay on the list.

Sorry?  I sent it to you and to the list, here's the command
line from my .bash_history:

 git format-patch --subject-prefix="PATCH v2" --stdout --to 
'qemu-devel@nongnu.org' --cc "Paolo Bonzini " --cc 
m...@tls.msk.ru HEAD^ | /usr/sbin/sendmail -t -i

On which list I shoult stay?

[]
>> Um, I missed that "half of this" part.  Indeed, nbd_client_thread()
>> does dup2(STDOUT_FILENO, STDERR_FILENO) which should go away, but
>> it is harmless for now, and can be addressed in a separate patch.
> 
> Again, _the client thread_ is the right place to do this!  See below.

[]
>> We're doomed anyway, and it is even good
>> we've a small remote chance for our error message to
>> be seen.  Currently it just goes to /dev/null.
> 
> No, currently it is sent from the daemon to the parent through the pipe, the 
> parent prints it and exits with status code 1.  With your patch, if the dup2 
> wins the race you exit with status code 0; if the client thread wins the race 
> it is the same as master.

Aha. I finally see what you mean.

I still disagree, -- all the operations done in the client
thread can be done before forking a new thread, syncronously,
and _that_ will be the easiest and cleanest solution here.

>> That's not a bad intention.  I'm fixing existing logic without
>> introducing new logical changes.  If you want to fix other
>> stuff, it is better be done in a separate commit/change.
> 
> AFAIK the only known bug (besides the devfd/sockfd mixup) is the missing 
> chdir, and that should be fixed first.

It all looked so ugly to me that I didn't even want to think
about just adding a chdir() instead of getting rid of daemon().
But ok, I can go that ugly route too.

Thanks,

/mjt

[Qemu-devel] [PATCH v7 00/10] ARM: Samsung Exynos4210-based boards support.

[Evgeny Voevodin]

This set of patches adds support for Samsung S5PC210-based boards NURI and 
SMDKC210.
Tested on Linux kernel v3.x series. Usage of "-smp 2" option is required for 
now.

Changelog:
 v6->v7
 - exynos4210_pwm.c: added usage of "ptimer.h"
 - exynos4210_mct.c: added usage of "ptimer.h"
 v5->v6
 - arm_boot.c, vexpress.c, realview.c: board should specify smp_bootreg_addr if 
its ncpu > 1
 - patch order changed, "boot secondary CPU" is included in "exynos boards" 
patch.
 - exynos4210_mct.c: usage of UINTX_MAX, removed excessive property list, fixed 
indentation,
 fixed comments
 - exynos4210_pwm.c: spaces and brakcets in macros, removed excessive property 
list,
 fixed indentation,
 - exynos4210_combiner.c: removed excessive reset, fixed indentation, fixed 
comments
 - exynos4210_gic.c: fixed indentation, fixed syntax
 - exynos4210_uart.c: fixed indentation, fixed syntax
 - exynos4210.c: fixed comments
 - Makefile.target: removed "\"
 - hw/exynos4210_fimd.c: rebased against current master: all manipulation with 
physical pages are dropped and
 replaced with new memory API functions;

 added three new members to winow's state: 
MemoryRegionSection to describe section
 of system RAM containing current framebuffer, host 
pointer to framebuffer data and
 framebuffer length;

 mapping of framebuffer now performed only on 
framebuffer settings change
 instead on every display update;

 bytes swap in uint64 variable now performed with 
standard QEMU bswap64 function;

 blencon register type changed to uint32_t;

 fixed incorrect spelling of "palette" word;

 if ... else statements in exynos4210_fimd_read() and 
exynos4210_fimd_write() are
 replaced with switch() {} statement.
 


 v4->v5
 - hw/exynos4210_gic.c: Use memory aliases for CPU interface and Distributer.
   Excessive RW functions are removed.
 - hw/exynos4210_pwm.c and hw/exynos4210_mct.c: Saving of timers added.
 - hw/exynos4210_uart.c: VMSTATE version_id fixed.
 v3->v4
 - Split Exynos SOC and boards.
 - Temporary removed SD and CMU support to post later.
 - Lan9118 remarks took into account.
 - Secondary CPU bootloader remarks took into account.
 - PWM remarks took into account.
 - UART remarks took into account.
 v2->v3
 - Reverted hw/arm_gic.c modification
 - Added IRQ Gate to Exynos4210 board.

Evgeny Voevodin (8):
  hw/sysbus.h: Increase maximum number of device IRQs.
  hw/arm_boot.c: Make SMP boards specify address to poll in bootup loop
  ARM: exynos4210: IRQ subsystem support.
  ARM: Samsung exynos4210-based boards emulation
  ARM: exynos4210: PWM support.
  ARM: exynos4210: MCT support.
  hw/lan9118: Add basic 16-bit mode support.
  hw/exynos4210.c: Add LAN support for SMDKC210.

Maksim Kozlov (1):
  ARM: exynos4210: UART support

Mitsyanko Igor (1):
  Exynos4210: added display controller implementation

 Makefile.target  |3 +
 hw/arm-misc.h|1 +
 hw/arm_boot.c|   18 +-
 hw/exynos4210.c  |  272 +++
 hw/exynos4210.h  |  128 +++
 hw/exynos4210_combiner.c |  464 +++
 hw/exynos4210_fimd.c | 1924 ++
 hw/exynos4210_gic.c  |  437 +++
 hw/exynos4210_mct.c  | 1479 +++
 hw/exynos4210_pwm.c  |  413 ++
 hw/exynos4210_uart.c |  668 
 hw/exynos4_boards.c  |  166 
 hw/lan9118.c |  115 +++-
 hw/realview.c|2 +
 hw/sysbus.h  |2 +-
 hw/vexpress.c|2 +
 16 files changed, 6080 insertions(+), 14 deletions(-)
 create mode 100644 hw/exynos4210.c
 create mode 100644 hw/exynos4210.h
 create mode 100644 hw/exynos4210_combiner.c
 create mode 100644 hw/exynos4210_fimd.c
 create mode 100644 hw/exynos4210_gic.c
 create mode 100644 hw/exynos4210_mct.c
 create mode 100644 hw/exynos4210_pwm.c
 create mode 100644 hw/exynos4210_uart.c
 create mode 100644 hw/exynos4_boards.c

-- 
1.7.4.1

[Qemu-devel] [PATCH v7 02/10] hw/arm_boot.c: Make SMP boards specify address to poll in bootup loop

[Evgeny Voevodin]

The secondary CPU bootloader in arm_boot.c holds secondary CPUs in a
pen until the primary CPU releases them. Make boards specify the
address to be polled to determine whether to leave the pen (it was
previously hardcoded to 0x1030, which is a Versatile Express/
Realview specific system register address).

Signed-off-by: Evgeny Voevodin 
---
 hw/arm-misc.h |1 +
 hw/arm_boot.c |   18 ++
 hw/realview.c |2 ++
 hw/vexpress.c |2 ++
 4 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/hw/arm-misc.h b/hw/arm-misc.h
index af403a1..6e8ae6b 100644
--- a/hw/arm-misc.h
+++ b/hw/arm-misc.h
@@ -31,6 +31,7 @@ struct arm_boot_info {
 const char *initrd_filename;
 target_phys_addr_t loader_start;
 target_phys_addr_t smp_loader_start;
+target_phys_addr_t smp_bootreg_addr;
 target_phys_addr_t smp_priv_base;
 int nb_cpus;
 int board_id;
diff --git a/hw/arm_boot.c b/hw/arm_boot.c
index 215d5de..bf509a8 100644
--- a/hw/arm_boot.c
+++ b/hw/arm_boot.c
@@ -31,17 +31,17 @@ static uint32_t bootloader[] = {
 /* Entry point for secondary CPUs.  Enable interrupt controller and
Issue WFI until start address is written to system controller.  */
 static uint32_t smpboot[] = {
-  0xe59f0020, /* ldr r0, privbase */
-  0xe3a01001, /* mov r1, #1 */
-  0xe5801100, /* str r1, [r0, #0x100] */
-  0xe3a00201, /* mov r0, #0x1000 */
-  0xe3800030, /* orr r0, #0x30 */
+  0xe59f201c, /* ldr r2, privbase */
+  0xe59f001c, /* ldr r0, startaddr */
+  0xe3a01001, /* mov r1, #1 */
+  0xe5821100, /* str r1, [r2, #256] */
   0xe320f003, /* wfi */
   0xe5901000, /* ldr r1, [r0] */
   0xe1110001, /* tst r1, r1 */
   0x0afb, /* beq  */
   0xe12fff11, /* bx  r1 */
-  0 /* privbase: Private memory region base address.  */
+  0,  /* privbase: Private memory region base address.  */
+  0   /* bootreg: Boot register address is held here */
 };
 
 #define WRITE_WORD(p, value) do { \
@@ -197,6 +197,7 @@ static void do_cpu_reset(void *opaque)
 info->loader_start);
 }
 } else {
+stl_phys_notdirty(info->smp_bootreg_addr, 0);
 env->regs[15] = info->smp_loader_start;
 }
 }
@@ -272,8 +273,9 @@ void arm_load_kernel(CPUState *env, struct arm_boot_info 
*info)
 rom_add_blob_fixed("bootloader", bootloader, sizeof(bootloader),
info->loader_start);
 if (info->nb_cpus > 1) {
-smpboot[10] = info->smp_priv_base;
-for (n = 0; n < sizeof(smpboot) / 4; n++) {
+smpboot[ARRAY_SIZE(smpboot) - 1] = info->smp_bootreg_addr;
+smpboot[ARRAY_SIZE(smpboot) - 2] = info->smp_priv_base;
+for (n = 0; n < ARRAY_SIZE(smpboot); n++) {
 smpboot[n] = tswap32(smpboot[n]);
 }
 rom_add_blob_fixed("smpboot", smpboot, sizeof(smpboot),
diff --git a/hw/realview.c b/hw/realview.c
index d4191e9..3f35118 100644
--- a/hw/realview.c
+++ b/hw/realview.c
@@ -21,6 +21,7 @@
 #include "exec-memory.h"
 
 #define SMP_BOOT_ADDR 0xe000
+#define SMP_BOOTREG_ADDR 0x1030
 
 typedef struct {
 SysBusDevice busdev;
@@ -96,6 +97,7 @@ static void realview_register_devices(void)
 
 static struct arm_boot_info realview_binfo = {
 .smp_loader_start = SMP_BOOT_ADDR,
+.smp_bootreg_addr = SMP_BOOTREG_ADDR,
 };
 
 /* The following two lists must be consistent.  */
diff --git a/hw/vexpress.c b/hw/vexpress.c
index 0f39d8d..7111556 100644
--- a/hw/vexpress.c
+++ b/hw/vexpress.c
@@ -31,11 +31,13 @@
 #include "exec-memory.h"
 
 #define SMP_BOOT_ADDR 0xe000
+#define SMP_BOOTREG_ADDR 0x1030
 
 #define VEXPRESS_BOARD_ID 0x8e0
 
 static struct arm_boot_info vexpress_binfo = {
 .smp_loader_start = SMP_BOOT_ADDR,
+.smp_bootreg_addr = SMP_BOOTREG_ADDR,
 };
 
 static void vexpress_a9_init(ram_addr_t ram_size,
-- 
1.7.4.1

[Qemu-devel] [PATCH v7 03/10] ARM: exynos4210: IRQ subsystem support.

[Evgeny Voevodin]

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target  |1 +
 hw/exynos4210.h  |   82 
 hw/exynos4210_combiner.c |  464 ++
 hw/exynos4210_gic.c  |  437 +++
 4 files changed, 984 insertions(+), 0 deletions(-)
 create mode 100644 hw/exynos4210.h
 create mode 100644 hw/exynos4210_combiner.c
 create mode 100644 hw/exynos4210_gic.c

diff --git a/Makefile.target b/Makefile.target
index 06d79b8..4ac257e 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -339,6 +339,7 @@ obj-arm-y = integratorcp.o versatilepb.o arm_pic.o 
arm_timer.o
 obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
+obj-arm-y += exynos4210_gic.o exynos4210_combiner.o
 obj-arm-y += arm_l2x0.o
 obj-arm-y += arm_mptimer.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
diff --git a/hw/exynos4210.h b/hw/exynos4210.h
new file mode 100644
index 000..cef264b
--- /dev/null
+++ b/hw/exynos4210.h
@@ -0,0 +1,82 @@
+/*
+ *  Samsung exynos4210 SoC emulation
+ *
+ *  Copyright (c) 2011 Samsung Electronics Co., Ltd. All rights reserved.
+ *Maksim Kozlov 
+ *Evgeny Voevodin 
+ *Igor Mitsyanko 
+ *
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ *
+ */
+
+
+#ifndef EXYNOS4210_H_
+#define EXYNOS4210_H_
+
+#include "qemu-common.h"
+#include "memory.h"
+
+#define EXYNOS4210_MAX_CPUS 2
+
+/*
+ * exynos4210 IRQ subsystem stub definitions.
+ */
+#define EXYNOS4210_IRQ_GATE_NINPUTS 8
+
+#define EXYNOS4210_MAX_INT_COMBINER_OUT_IRQ  64
+#define EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ  16
+#define EXYNOS4210_MAX_INT_COMBINER_IN_IRQ   \
+(EXYNOS4210_MAX_INT_COMBINER_OUT_IRQ * 8)
+#define EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ   \
+(EXYNOS4210_MAX_EXT_COMBINER_OUT_IRQ * 8)
+
+#define EXYNOS4210_COMBINER_GET_IRQ_NUM(grp, bit)  ((grp)*8 + (bit))
+#define EXYNOS4210_COMBINER_GET_GRP_NUM(irq)   ((irq) / 8)
+#define EXYNOS4210_COMBINER_GET_BIT_NUM(irq) \
+((irq) - 8 * EXYNOS4210_COMBINER_GET_GRP_NUM(irq))
+
+/* IRQs number for external and internal GIC */
+#define EXYNOS4210_EXT_GIC_NIRQ (160-32)
+#define EXYNOS4210_INT_GIC_NIRQ 64
+
+typedef struct Exynos4210Irq {
+qemu_irq int_combiner_irq[EXYNOS4210_MAX_INT_COMBINER_IN_IRQ];
+qemu_irq ext_combiner_irq[EXYNOS4210_MAX_EXT_COMBINER_IN_IRQ];
+qemu_irq int_gic_irq[EXYNOS4210_INT_GIC_NIRQ];
+qemu_irq ext_gic_irq[EXYNOS4210_EXT_GIC_NIRQ];
+qemu_irq board_irqs[EXYNOS4210_MAX_INT_COMBINER_IN_IRQ];
+} Exynos4210Irq;
+
+/* Initialize exynos4210 IRQ subsystem stub */
+qemu_irq *exynos4210_init_irq(Exynos4210Irq *env);
+
+/* Initialize board IRQs.
+ * These IRQs contain splitted Int/External Combiner and External Gic IRQs */
+void exynos4210_init_board_irqs(Exynos4210Irq *s);
+
+/* Get IRQ number from exynos4210 IRQ subsystem stub.
+ * To identify IRQ source use internal combiner group and bit number
+ *  grp - group number
+ *  bit - bit number inside group */
+uint32_t exynos4210_get_irq(uint32_t grp, uint32_t bit);
+
+/*
+ * Get Combiner input GPIO into irqs structure
+ */
+void exynos4210_combiner_get_gpioin(Exynos4210Irq *irqs, DeviceState *dev,
+int ext);
+
+#endif /* EXYNOS4210_H_ */
diff --git a/hw/exynos4210_combiner.c b/hw/exynos4210_combiner.c
new file mode 100644
index 000..f675581
--- /dev/null
+++ b/hw/exynos4210_combiner.c
@@ -0,0 +1,464 @@
+/*
+ * Samsung exynos4210 Interrupt Combiner
+ *
+ * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd.
+ * All rights reserved.
+ *
+ * Evgeny Voevodin 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+/*
+

[Qemu-devel] [PATCH v7 05/10] ARM: exynos4210: UART support

[Evgeny Voevodin]

From: Maksim Kozlov 

Add basic support of exynos4210 UART

Signed-off-by: Evgeny Voevodin 
---
 Makefile.target  |2 +-
 hw/exynos4210.c  |   29 +++
 hw/exynos4210.h  |9 +
 hw/exynos4210_uart.c |  668 ++
 4 files changed, 707 insertions(+), 1 deletions(-)
 create mode 100644 hw/exynos4210_uart.c

diff --git a/Makefile.target b/Makefile.target
index 6199d44..c856de3 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -340,7 +340,7 @@ obj-arm-y += arm_boot.o pl011.o pl031.o pl050.o pl080.o 
pl110.o pl181.o pl190.o
 obj-arm-y += versatile_pci.o
 obj-arm-y += realview_gic.o realview.o arm_sysctl.o arm11mpcore.o a9mpcore.o
 obj-arm-y += exynos4210_gic.o exynos4210_combiner.o exynos4210.o
-obj-arm-y += exynos4_boards.o
+obj-arm-y += exynos4_boards.o exynos4210_uart.o
 obj-arm-y += arm_l2x0.o
 obj-arm-y += arm_mptimer.o
 obj-arm-y += armv7m.o armv7m_nvic.o stellaris.o pl022.o stellaris_enet.o
diff --git a/hw/exynos4210.c b/hw/exynos4210.c
index 82755db..f23a136 100644
--- a/hw/exynos4210.c
+++ b/hw/exynos4210.c
@@ -29,6 +29,18 @@
 
 #define EXYNOS4210_CHIPID_ADDR 0x1000
 
+/* UART's definitions */
+#define EXYNOS4210_UART0_BASE_ADDR 0x1380
+#define EXYNOS4210_UART1_BASE_ADDR 0x1381
+#define EXYNOS4210_UART2_BASE_ADDR 0x1382
+#define EXYNOS4210_UART3_BASE_ADDR 0x1383
+#define EXYNOS4210_UART0_FIFO_SIZE 256
+#define EXYNOS4210_UART1_FIFO_SIZE 64
+#define EXYNOS4210_UART2_FIFO_SIZE 16
+#define EXYNOS4210_UART3_FIFO_SIZE 16
+/* Interrupt Group of External Interrupt Combiner for UART */
+#define EXYNOS4210_UART_INT_GRP26
+
 /* External GIC */
 #define EXYNOS4210_EXT_GIC_CPU_BASE_ADDR0x1048
 #define EXYNOS4210_EXT_GIC_DIST_BASE_ADDR   0x1049
@@ -198,5 +210,22 @@ Exynos4210State *exynos4210_init(MemoryRegion *system_mem,
 memory_region_add_subregion(system_mem, EXYNOS4210_SECOND_CPU_BOOTREG,
 &s->bootreg_mem);
 
+/*** UARTs ***/
+exynos4210_uart_create(EXYNOS4210_UART0_BASE_ADDR,
+   EXYNOS4210_UART0_FIFO_SIZE, 0, NULL,
+irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 0)]);
+
+exynos4210_uart_create(EXYNOS4210_UART1_BASE_ADDR,
+   EXYNOS4210_UART1_FIFO_SIZE, 1, NULL,
+irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 1)]);
+
+exynos4210_uart_create(EXYNOS4210_UART2_BASE_ADDR,
+   EXYNOS4210_UART2_FIFO_SIZE, 2, NULL,
+irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 2)]);
+
+exynos4210_uart_create(EXYNOS4210_UART3_BASE_ADDR,
+   EXYNOS4210_UART3_FIFO_SIZE, 3, NULL,
+irq_table[exynos4210_get_irq(EXYNOS4210_UART_INT_GRP, 3)]);
+
 return s;
 }
diff --git a/hw/exynos4210.h b/hw/exynos4210.h
index a68900d..008b94f 100644
--- a/hw/exynos4210.h
+++ b/hw/exynos4210.h
@@ -116,4 +116,13 @@ uint32_t exynos4210_get_irq(uint32_t grp, uint32_t bit);
 void exynos4210_combiner_get_gpioin(Exynos4210Irq *irqs, DeviceState *dev,
 int ext);
 
+/*
+ * exynos4210 UART
+ */
+DeviceState *exynos4210_uart_create(target_phys_addr_t addr,
+int fifo_size,
+int channel,
+CharDriverState *chr,
+qemu_irq irq);
+
 #endif /* EXYNOS4210_H_ */
diff --git a/hw/exynos4210_uart.c b/hw/exynos4210_uart.c
new file mode 100644
index 000..0b500d1
--- /dev/null
+++ b/hw/exynos4210_uart.c
@@ -0,0 +1,668 @@
+/*
+ *  exynos4210 UART Emulation
+ *
+ *  Copyright (C) 2011 Samsung Electronics Co Ltd.
+ *Maksim Kozlov, 
+ *
+ *  Created on: 07.2011
+ *
+ *
+ *  This program is free software; you can redistribute it and/or modify it
+ *  under the terms of the GNU General Public License as published by the
+ *  Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful, but WITHOUT
+ *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ *  FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ *  for more details.
+ *
+ *  You should have received a copy of the GNU General Public License along
+ *  with this program; if not, see .
+ *
+ */
+
+#include "sysbus.h"
+#include "sysemu.h"
+#include "qemu-char.h"
+
+#include "exynos4210.h"
+
+#undef DEBUG_UART
+#undef DEBUG_UART_EXTEND
+#undef DEBUG_IRQ
+#undef DEBUG_Rx_DATA
+#undef DEBUG_Tx_DATA
+
+
+//#define DEBUG_UART
+//#define DEBUG_UART_EXTEND
+//#define DEBUG_IRQ
+//#define DEBUG_Rx_DATA
+//#define DEBUG_Tx_DATA
+
+
+#define  PRINT_DEBUG(fmt, args...)  \
+do {} while (0)
+#define  PRINT_DEBUG_EXTEND(fmt, args...) \
+do {} while (0)
+#define  PRINT_ERROR(fmt, args...) \
+do { \
+