Re: [Qemu-devel] [PATCH v4 07/11] trace: [tracetool] Rewrite event argument parsing

[Harsh Bora]

On 02/10/2012 05:25 PM, Lluís Vilanova wrote:

Signed-off-by: Lluís Vilanova
---
  scripts/tracetool.py |  190 --
  1 files changed, 91 insertions(+), 99 deletions(-)

diff --git a/scripts/tracetool.py b/scripts/tracetool.py
index f2bcb65..cd1c29d 100755
--- a/scripts/tracetool.py
+++ b/scripts/tracetool.py
@@ -38,49 +38,6 @@ Options:
  '''
  sys.exit(1)

-def get_argnames(args):
-nfields = 0
-str = []
-for field in args.split():
-  nfields = nfields + 1
-  # Drop pointer star
-  type, ptr, tail = field.partition('*')
-  if type != field:
-field = tail
-
-  name, sep, tail = field.partition(',')
-
-  if name == field:
-continue
-  str.append(name)
-  str.append(", ")
-
-if nfields>  1:
-  str.append(name)
-  return ''.join(str)
-else:
-  return ''
-
-def calc_sizeofargs(args, argc):
-strtype = ('const char*', 'char*', 'const char *', 'char *')
-str = []
-newstr = ""
-if argc>  0:
-  str = args.split(',')
-  for elem in str:
-if elem.lstrip().startswith(strtype): #strings
-  type, sep, var = elem.rpartition('*')
-  newstr = newstr+"4 + strlen("+var.lstrip()+") + "
-#elif '*' in elem:
-#  newstr = newstr + "4 + " # pointer vars
-else:
-  #type, sep, var = elem.rpartition(' ')
-  #newstr = newstr+"sizeof("+type.lstrip()+") + "
-  newstr = newstr + '8 + '
-newstr = newstr + '0' # for last +
-return newstr
-
-
  def trace_h_begin():
  print '''#ifndef TRACE_H
  #define TRACE_H
@@ -133,13 +90,6 @@ def simple_h(events):

  return

-def is_string(arg):
-strtype = ('const char*', 'char*', 'const char *', 'char *')
-if arg.lstrip().startswith(strtype):
-return True
-else:
-return False
-
  def simple_c(events):
  rec_off = 0
  print '#include "trace.h"'
@@ -154,8 +104,16 @@ def simple_c(events):
  print
  print '};'
  print
+
  for num, event in enumerate(events):
-argc = event.argc
+sizes = []
+for type_, name in event.args:
+if type_is_string(type_):
+sizes.append("4 + strlen(%s)" % name)





+else:
+sizes.append("8 + sizeof(%s)" % type_)
+sizestr = " + ".join(sizes)
+


Applied with a small change as reqd:

+else:
+sizes.append("8")
+sizestr = " + ".join(sizes)
+if len(event.args) == 0:
+sizestr = '0'
+

BTW, I am manually applying your changes on top of my patches as there 
were significant changes in my patches also. I will include your patches 
in my next series.


- Harsh



  print '''void trace_%(name)s(%(args)s)
  {
  unsigned int tbuf_idx, rec_off __attribute__((unused));
@@ -166,52 +124,52 @@ def simple_c(events):
  if (!trace_list[%(event_id)s].state) {
  return;
  }
+
+tbuf_idx = trace_alloc_record(%(event_id)s, %(sizestr)s);
+rec_off = (tbuf_idx + ST_V2_REC_HDR_LEN) %% TRACE_BUF_LEN; /* seek record 
header */
  ''' % {
  'name': event.name,
  'args': event.args,
  'event_id': num,
+'sizestr' : sizestr,
  }
-print '''
-tbuf_idx = trace_alloc_record(%(event_id)s, %(sizestr)s);
-rec_off = (tbuf_idx + ST_V2_REC_HDR_LEN) %% TRACE_BUF_LEN; /* seek record 
header */
-''' % {'event_id': num, 'sizestr': event.sizestr,}

-if argc>  0:
-str = event.arglist
-for elem in str:
-if is_string(elem): # if string
-type, sep, var = elem.rpartition('*')
+if len(event.args)>  0:
+for type_, name in event.args:
+# string
+if type_is_string(type_):
  print '''
-slen = strlen(%(var)s);
+slen = strlen(%(name)s);
  write_to_buffer(rec_off, (uint8_t*)&slen, sizeof(slen));
  rec_off += sizeof(slen);''' % {
-'var': var.lstrip()
+'name': name
  }
  print '''
-write_to_buffer(rec_off, (uint8_t*)%(var)s, slen);
+write_to_buffer(rec_off, (uint8_t*)%(name)s, slen);
  rec_off += slen;''' % {
-'var': var.lstrip()
+'name': name
  }
-elif '*' in elem: # pointer var (not string)
-type, sep, var = elem.rpartition('*')
+# pointer var (not string)
+elif type_.endswith('*'):
  print '''
-pvar64 = (uint64_t)(uint64_t*)%(var)s;
+pvar64 = (uint64_t)(uint64_t*)%(name)s;
  write_to_buffer(rec_off, (uint8_t*)&pvar64, sizeof(uint64_t));
  rec_off += sizeof(uint64_t);''' % {
-'var': var.lstrip()
+'name': name
  }
-else: # primitive data type
-type, sep, var = elem.rpartition(' ')
+# primitive data type
+else:
  print '''
-var64 = (uint64_t)%(var)s

Re: [Qemu-devel] [PATCH v2 1/8] kvm: Set cpu_single_env only once

[Paolo Bonzini]

On 02/11/2012 03:12 PM, Andreas Färber wrote:

Yes and no. They can have any target-specific pointer they want, just
as before. But no global first_cpu / cpu_single_env pointer - that's
replaced by CPU pointers, through which members of derived classes can
be accessed (which did not work for CPUState due to CPU_COMMON members
being at target-specific offset in the middle).


Hmm, now I'm not even sure what I want that Andreas referred to. :)

I definitely would like CPUState pointers to be changed into link 
properties, but that's not related to what Jan is doing here with 
cpu_single_env.  Each LAPIC refers to a CPU, and that would become a 
link property indeed.  But here we're using cpu_single_env to find out 
which LAPIC is being read.  It's the other direction.


Relying on thread-local cpu_single_env means that you restrict LAPIC 
memory reads to run in VCPU thread context, and this makes sense anyway. 
 The only case of MMIO running in iothread context is Xen, but Xen 
always keeps the LAPIC in the hypervisor.


Also, I think that having a view of CPUs in QOM is laudable, but I don't 
understand why that means you need to remove first_cpu / cpu_single_env.


Finally, CPU_COMMON members may be referenced from TCG-generated code, 
how do you plan to move them and still keep the TLBs at small offsets 
within CPUState?  Perhaps we need a drawing of the situation before and 
after the QOMization of CPUs.


Paolo

[Qemu-devel] [PATCHv2-RFC 0/2] RFC: standard pci bridge device

[Michael S. Tsirkin]

Here's a new version of the patch. It works for me.
Deep nesting of bridges is supported.
You need a small BIOS patch to support the OSHP method
if you want hotplug to work. I will post this separately.
We'd need a full ACPI driver to make hotplug work for guests
without an SHPC driver (e.g. windows XP).
Management support will also be needed.

One small wrinkle is that the pci_addr property
wants data in a format bus:device.function which is
broken as guests can change bus numbers.
For testing I used the 'addr' property which
encodes slot*8+function#. We probably want to
extend pci_addr in some way (e.g. :device.function ?
Thoughts?).

The SHPC controller supports up to 31 devices
(out of 32 slots) so slot 0 doesn't support hotplug.
Non hot-pluggable devices behind the bridge
don't work currectly (we'll try to unplug them)
so don't do this.
For now I just blocked adding devices in slot 0,
in the future it might be possible to add
a non-hotpluggable device there.

Example:

qemu-system-x86_64  -enable-kvm -m 1G
 -drive file=/home/mst/rhel6.qcow2
-netdev
tap,id=foo,ifname=msttap0,script=/home/mst/ifup,downscript=no,vhost=on
-device pci-bridge,id=bog
-device virtio-net-pci,netdev=foo,bus=bog,addr=8


Hot-unplug currently causes qemu to crash, this
happens without this patch too, so I'm not worried :)

New since v1:
hotplug support

-- 
MST


Michael S. Tsirkin (2):
  shpc: standard hot plug controller
  pci: add standard bridge device

 Makefile.objs   |3 +-
 hw/pci.h|6 +
 hw/pci_bridge_dev.c |  136 +++
 hw/shpc.c   |  646 +++
 hw/shpc.h   |   40 
 qemu-common.h   |1 +
 6 files changed, 831 insertions(+), 1 deletions(-)
 create mode 100644 hw/pci_bridge_dev.c
 create mode 100644 hw/shpc.c
 create mode 100644 hw/shpc.h

-- 
1.7.9.111.gf3fb0

[Qemu-devel] [PATCHv2-RFC 2/2] pci: add standard bridge device

[Michael S. Tsirkin]

This adds support for a standard pci to pci bridge,
enabling support for more than 32 PCI devices in the system.
Device hotplug is supported by means of SHPC controller.
For guests with an SHPC driver, this allows robust hotplug
and even hotplug of nested bridges, up to 31 devices
per bridge.

TODO:
- chassis capability support
- migration support
- remove dependency on pci_internals.h

Signed-off-by: Michael S. Tsirkin 
---
 Makefile.objs   |2 +-
 hw/pci_bridge_dev.c |  136 +++
 2 files changed, 137 insertions(+), 1 deletions(-)
 create mode 100644 hw/pci_bridge_dev.c

diff --git a/Makefile.objs b/Makefile.objs
index 4546477..e89112c 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -193,7 +193,7 @@ hw-obj-$(CONFIG_VIRTIO) += virtio-console.o
 hw-obj-y += usb-libhw.o
 hw-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
 hw-obj-y += fw_cfg.o
-hw-obj-$(CONFIG_PCI) += pci.o pci_bridge.o
+hw-obj-$(CONFIG_PCI) += pci.o pci_bridge.o pci_bridge_dev.o
 hw-obj-$(CONFIG_PCI) += msix.o msi.o
 hw-obj-$(CONFIG_PCI) += shpc.o
 hw-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
diff --git a/hw/pci_bridge_dev.c b/hw/pci_bridge_dev.c
new file mode 100644
index 000..f48cd2d
--- /dev/null
+++ b/hw/pci_bridge_dev.c
@@ -0,0 +1,136 @@
+/*
+ * Standard PCI Bridge Device
+ *
+ * Copyright (c) 2011 Red Hat Inc. Author: Michael S. Tsirkin 
+ *
+ * 
http://www.pcisig.com/specifications/conventional/pci_to_pci_bridge_architecture/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "pci_bridge.h"
+#include "pci_ids.h"
+#include "shpc.h"
+#include "memory.h"
+#include "pci_internals.h"
+
+#define REDHAT_PCI_VENDOR_ID 0x1b36
+#define PCI_BRIDGE_DEV_VENDOR_ID REDHAT_PCI_VENDOR_ID
+#define PCI_BRIDGE_DEV_DEVICE_ID 0x1
+
+struct PCIBridgeDev {
+PCIBridge bridge;
+MemoryRegion bar;
+};
+typedef struct PCIBridgeDev PCIBridgeDev;
+
+/* Mapping mandated by PCI-to-PCI Bridge architecture specification,
+ * revision 1.2 */
+/* Table 9-1: Interrupt Binding for Devices Behind a Bridge */
+static int pci_bridge_dev_map_irq_fn(PCIDevice *dev, int irq_num)
+{
+return (irq_num + PCI_SLOT(dev->devfn)) % PCI_NUM_PINS;
+}
+
+static int pci_bridge_dev_initfn(PCIDevice *dev)
+{
+PCIBridge *br = DO_UPCAST(PCIBridge, dev, dev);
+PCIBridgeDev *bridge_dev = DO_UPCAST(PCIBridgeDev, bridge, br);
+int err;
+br->map_irq = pci_bridge_dev_map_irq_fn;
+/* If we don't specify the name, the bus will be addressed as .0, where
+ * id is the parent id.  But it seems more natural to address the bus using
+ * the parent device name. */
+if (dev->qdev.id && *dev->qdev.id) {
+br->bus_name = dev->qdev.id;
+}
+err = pci_bridge_initfn(dev);
+if (err) {
+goto bridge_error;
+}
+memory_region_init(&bridge_dev->bar, "shpc-bar", shpc_bar_size(dev));
+err = shpc_init(dev, &br->sec_bus, &bridge_dev->bar, 0);
+if (err) {
+goto error;
+}
+/* TODO: spec recommends using 64 bit prefetcheable BAR.
+ * Check whether that works well. */
+pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &bridge_dev->bar);
+dev->config[PCI_INTERRUPT_PIN] = 0x1;
+return 0;
+error:
+memory_region_destroy(&bridge_dev->bar);
+bridge_error:
+return err;
+}
+
+static int pci_bridge_dev_exitfn(PCIDevice *dev)
+{
+PCIBridge *br = DO_UPCAST(PCIBridge, dev, dev);
+PCIBridgeDev *bridge_dev = DO_UPCAST(PCIBridgeDev, bridge, br);
+int ret;
+shpc_cleanup(dev);
+memory_region_destroy(&bridge_dev->bar);
+ret = pci_bridge_exitfn(dev);
+assert(!ret);
+return 0;
+}
+
+static void pci_bridge_dev_write_config(PCIDevice *d,
+uint32_t address, uint32_t val, int 
len)
+{
+pci_bridge_write_config(d, address, val, len);
+shpc_cap_write_config(d, address, val, len);
+}
+
+static void qdev_pci_bridge_dev_reset(DeviceState *qdev)
+{
+PCIDevice *dev = DO_UPCAST(PCIDevice, qdev, qdev);
+pci_bridge_reset(qdev);
+shpc_reset(dev);
+}
+
+static void pci_bridge_dev_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
+k->init = pci_bridge_dev_initfn;
+k->exit = pci_bridge_dev_exitfn;
+k->config_write = pci_bridge_dev_write_config;
+k->vendor_id = PCI_BRIDGE_DE

[Qemu-devel] [PATCHv2-RFC 1/2] shpc: standard hot plug controller

[Michael S. Tsirkin]

This adds support for SHPC interface, as defined by PCI Standard
Hot-Plug Controller and Subsystem Specification, Rev 1.0
http://www.pcisig.com/specifications/conventional/pci_hot_plug/SHPC_10

Only SHPC intergrated with a PCI-to-PCI bridge is supported,
SHPC integrated with a host bridge would need more work.

All main SHPC features are supported:
- MRL sensor
- Attention button
- Attention indicator
- Power indicator

Wake on hotplug and serr generation are stubbed out but unused
as we don't have interfaces to generate these events ATM.

One issue that isn't completely resolved is that qemu currently
expects an "eject" interface, which SHPC does not provide: it merely
removes the power to device and it's up to the user to remove the device
from slot. This patch works around that by ejecting the device
when power is removed and power LED goes off.

TODO:
- migration support
- fix dependency on pci_internals.h

Signed-off-by: Michael S. Tsirkin 
---
 Makefile.objs |1 +
 hw/pci.h  |6 +
 hw/shpc.c |  646 +
 hw/shpc.h |   40 
 qemu-common.h |1 +
 5 files changed, 694 insertions(+), 0 deletions(-)
 create mode 100644 hw/shpc.c
 create mode 100644 hw/shpc.h

diff --git a/Makefile.objs b/Makefile.objs
index 391e524..4546477 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -195,6 +195,7 @@ hw-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
 hw-obj-y += fw_cfg.o
 hw-obj-$(CONFIG_PCI) += pci.o pci_bridge.o
 hw-obj-$(CONFIG_PCI) += msix.o msi.o
+hw-obj-$(CONFIG_PCI) += shpc.o
 hw-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
 hw-obj-$(CONFIG_PCI) += ioh3420.o xio3130_upstream.o xio3130_downstream.o
 hw-obj-y += watchdog.o
diff --git a/hw/pci.h b/hw/pci.h
index 33b0b18..756577e 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -125,6 +125,9 @@ enum {
 /* command register SERR bit enabled */
 #define QEMU_PCI_CAP_SERR_BITNR 4
 QEMU_PCI_CAP_SERR = (1 << QEMU_PCI_CAP_SERR_BITNR),
+/* Standard hot plug controller. */
+#define QEMU_PCI_SHPC_BITNR 5
+QEMU_PCI_CAP_SHPC = (1 << QEMU_PCI_SHPC_BITNR),
 };
 
 #define TYPE_PCI_DEVICE "pci-device"
@@ -229,6 +232,9 @@ struct PCIDevice {
 /* PCI Express */
 PCIExpressDevice exp;
 
+/* SHPC */
+SHPCDevice *shpc;
+
 /* Location of option rom */
 char *romfile;
 bool has_rom;
diff --git a/hw/shpc.c b/hw/shpc.c
new file mode 100644
index 000..4baec29
--- /dev/null
+++ b/hw/shpc.c
@@ -0,0 +1,646 @@
+#include 
+#include 
+#include "range.h"
+#include "shpc.h"
+#include "pci.h"
+#include "pci_internals.h"
+
+/* TODO: model power only and disabled slot states. */
+/* TODO: handle SERR and wakeups */
+/* TODO: consider enabling 66MHz support */
+
+/* TODO: remove fully only on state DISABLED and LED off.
+ * track state to properly record this. */
+
+/* SHPC Working Register Set */
+#define SHPC_BASE_OFFSET  0x00 /* 4 bytes */
+#define SHPC_SLOTS_33 0x04 /* 4 bytes. Also encodes PCI-X slots. */
+#define SHPC_SLOTS_66 0x08 /* 4 bytes. */
+#define SHPC_NSLOTS   0x0C /* 1 byte */
+#define SHPC_FIRST_DEV0x0D /* 1 byte */
+#define SHPC_PHYS_SLOT0x0E /* 2 byte */
+#define SHPC_PHYS_NUM_MAX 0x7ff
+#define SHPC_PHYS_NUM_UP  0x1000
+#define SHPC_PHYS_MRL 0x4000
+#define SHPC_PHYS_BUTTON  0x8000
+#define SHPC_SEC_BUS  0x10 /* 2 bytes */
+#define SHPC_SEC_BUS_33   0x0
+#define SHPC_SEC_BUS_66   0x1 /* Unused */
+#define SHPC_SEC_BUS_MASK 0x7
+#define SHPC_MSI_CTL  0x12 /* 1 byte */
+#define SHPC_PROG_IFC 0x13 /* 1 byte */
+#define SHPC_PROG_IFC_1_0 0x1
+#define SHPC_CMD_CODE 0x14 /* 1 byte */
+#define SHPC_CMD_TRGT 0x15 /* 1 byte */
+#define SHPC_CMD_TRGT_MIN 0x1
+#define SHPC_CMD_TRGT_MAX 0x1f
+#define SHPC_CMD_STATUS   0x16 /* 2 bytes */
+#define SHPC_CMD_STATUS_BUSY  0x1
+#define SHPC_CMD_STATUS_MRL_OPEN  0x2
+#define SHPC_CMD_STATUS_INVALID_CMD   0x4
+#define SHPC_CMD_STATUS_INVALID_MODE  0x8
+#define SHPC_INT_LOCATOR  0x18 /* 4 bytes */
+#define SHPC_INT_COMMAND  0x1
+#define SHPC_SERR_LOCATOR 0x1C /* 4 bytes */
+#define SHPC_SERR_INT 0x20 /* 4 bytes */
+#define SHPC_INT_DIS  0x1
+#define SHPC_SERR_DIS 0x2
+#define SHPC_CMD_INT_DIS  0x4
+#define SHPC_ARB_SERR_DIS 0x8
+#define SHPC_CMD_DETECTED 0x1
+#define SHPC_ARB_DETECTED 0x2
+ /* 4 bytes * slot # (start from 0) */
+#define SHPC_SLOT_REG(s) (0x24 + (s) * 4)
+ /* 2 bytes */
+#define SHPC_SLOT_STATUS(s)   (0x0 + SHPC_SLOT_REG(s))
+
+/* Same slot state masks are used for command and status registers */
+#define SHPC_SLOT_STATE_MASK 0x03
+#define SHPC_SLOT_STATE_SHIFT \
+(ffs(SHPC_SLOT_STATE_MASK) - 1)
+
+#define SHPC_STATE_NO   0x0
+#define SHPC_STATE_PWRONLY  0x1
+#define SHPC_STATE_ENABLED  0x2
+#define SHPC_STATE_DISABLED 0x3
+
+#define SHPC_SLOT_PWR_LED_MASK   0xC
+#define SHPC_SLOT_PWR_LED_SHIFT \
+(ffs(SHPC_SLOT_PWR_LED_MASK) - 1)
+#define SHPC_SLOT_ATTN_LED_MASK  0x30
+#define SHPC_SLOT_ATTN_LED_SHIFT \
+(ffs(SHPC_SLOT_ATT

Re: [Qemu-devel] [PATCH] oslib: make error handling more reasonable

[Daniel P. Berrange]

On Fri, Feb 10, 2012 at 11:35:11AM -0700, Eric Blake wrote:
> On 02/10/2012 07:41 AM, Daniel P. Berrange wrote:
> 
> >> @@ -80,7 +80,7 @@ void *qemu_oom_check(void *ptr)
> >>  {
> >>  if (ptr == NULL) {
> >>  fprintf(stderr, "Failed to allocate memory: %s\n", 
> >> strerror(errno));
> >> -abort();
> >> +exit(EXIT_FAILURE);
> > 
> > exit() will call any atexit()/on_exit() handlers, as well as trying
> > to flush I/O streams. Any of these actions may require further
> > memory allocations, which will likely fail, or worse cause this
> > code to re-enter itself if an atexit() handler calls qemu_malloc
> > 
> > The only option other than abort(), is to use  _Exit() which
> > doesn't try to run cleanup handlers.
> 
> Correct, but in that case, then you need to fflush(stderr) prior to
> _Exit(), or else use write() rather than fprintf(), since otherwise your
> attempt at a nice oom error message is lost.

IIRC, stderr is not buffered, so should not need to be flushed.

Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH v4 05/11] suspend: add infrastructure

[Gleb Natapov]

On Thu, Feb 09, 2012 at 06:05:37PM +0100, Gerd Hoffmann wrote:
> This patch adds some infrastructure to handle suspend and resume to
> qemu.  First there are two functions to switch state and second there
> is a suspend notifier:
> 
>  * qemu_system_suspend_request is supposed to be called when the
>guest asks for being be suspended, for example via ACPI.
> 
>  * qemu_system_wakeup_request is supposed to be called on events
>which should wake up the guest.
> 
>  * qemu_register_suspend_notifier can be used to register a notifier
>which will be called when the guest is suspended.  Machine types
>and device models can hook in there to modify state if needed.
> 
>  * qemu_register_wakeup_notifier can be used to register a notifier
>which will be called when the guest is woken up.  Machine types
>and device models can hook in there to modify state if needed.
> 
>  * qemu_system_wakeup_enable can be used to enable/disable wakeup
>events.
> 
> Signed-off-by: Gerd Hoffmann 
> ---
>  sysemu.h |9 +
>  vl.c |   49 +
>  2 files changed, 58 insertions(+), 0 deletions(-)
> 
> diff --git a/sysemu.h b/sysemu.h
> index 9d5ce33..af73813 100644
> --- a/sysemu.h
> +++ b/sysemu.h
> @@ -38,7 +38,16 @@ void vm_start(void);
>  void vm_stop(RunState state);
>  void vm_stop_force_state(RunState state);
>  
> +typedef enum WakeupReason {
> +QEMU_WAKEUP_REASON_OTHER = 0,
> +} WakeupReason;
> +
>  void qemu_system_reset_request(void);
> +void qemu_system_suspend_request(void);
> +void qemu_register_suspend_notifier(Notifier *notifier);
> +void qemu_system_wakeup_request(WakeupReason reason);
> +void qemu_system_wakeup_enable(WakeupReason reason, bool enabled);
> +void qemu_register_wakeup_notifier(Notifier *notifier);
>  void qemu_system_shutdown_request(void);
>  void qemu_system_powerdown_request(void);
>  void qemu_system_debug_request(void);
> diff --git a/vl.c b/vl.c
> index 63dd725..5095e06 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -1283,6 +1283,12 @@ static int shutdown_requested, shutdown_signal = -1;
>  static pid_t shutdown_pid;
>  static int powerdown_requested;
>  static int debug_requested;
> +static bool is_suspended;
> +static NotifierList suspend_notifiers =
> +NOTIFIER_LIST_INITIALIZER(suspend_notifiers);
> +static NotifierList wakeup_notifiers =
> +NOTIFIER_LIST_INITIALIZER(wakeup_notifiers);
> +static uint32_t wakeup_reason_mask = ~0;
>  static RunState vmstop_requested = RUN_STATE_MAX;
>  
>  int qemu_shutdown_requested_get(void)
> @@ -1398,6 +1404,49 @@ void qemu_system_reset_request(void)
>  qemu_notify_event();
>  }
>  
> +void qemu_system_suspend_request(void)
> +{
> +if (is_suspended) {
> +return;
> +}
> +cpu_stop_current();
> +notifier_list_notify(&suspend_notifiers, NULL);
> +is_suspended = true;
> +}
> +
Shouldn't we stop the whole VM at some point, not only vcpu that
does ACPI IO? May be I missed where it is done in the patch series.

> +void qemu_register_suspend_notifier(Notifier *notifier)
> +{
> +notifier_list_add(&suspend_notifiers, notifier);
> +}
> +
> +void qemu_system_wakeup_request(WakeupReason reason)
> +{
> +if (!is_suspended) {
> +return;
> +}
> +if (!(wakeup_reason_mask & (1 << reason))) {
> +return;
> +}
> +notifier_list_notify(&wakeup_notifiers, &reason);
> +reset_requested = 1;
> +qemu_notify_event();
> +is_suspended = false;
> +}
> +
> +void qemu_system_wakeup_enable(WakeupReason reason, bool enabled)
> +{
> +if (enabled) {
> +wakeup_reason_mask |= (1 << reason);
> +} else {
> +wakeup_reason_mask &= ~(1 << reason);
> +}
> +}
> +
> +void qemu_register_wakeup_notifier(Notifier *notifier)
> +{
> +notifier_list_add(&wakeup_notifiers, notifier);
> +}
> +
>  void qemu_system_killed(int signal, pid_t pid)
>  {
>  shutdown_signal = signal;
> -- 
> 1.7.1

--
Gleb.

Re: [Qemu-devel] qemu-kvm-1.0 crashes with threaded vnc server?

[Peter Lieven]

Am 11.02.2012 um 09:55 schrieb Corentin Chary:

> On Thu, Feb 9, 2012 at 7:08 PM, Peter Lieven  wrote:
>> Hi,
>> 
>> is anyone aware if there are still problems when enabling the threaded vnc
>> server?
>> I saw some VMs crashing when using a qemu-kvm build with
>> --enable-vnc-thread.
>> 
>> qemu-kvm-1.0[22646]: segfault at 0 ip 7fec1ca7ea0b sp 7fec19d056d0
>> error 6 in libz.so.1.2.3.3[7fec1ca75000+16000]
>> qemu-kvm-1.0[26056]: segfault at 7f06d8d6e010 ip 7f06e0a30d71 sp
>> 7f06df035748 error 6 in libc-2.11.1.so[7f06e09aa000+17a000]
>> 
>> I had no time to debug further. It seems to happen shortly after migrating,
>> but thats uncertain. At least the segfault in libz seems to
>> give a hint to VNC since I cannot image of any other part of qemu-kvm using
>> libz except for VNC server.
>> 
>> Thanks,
>> Peter
>> 
>> 
> 
> Hi Peter,
> I found two patches on my git tree that I sent long ago but somehow
> get lost on the mailing list. I rebased the tree but did not have the
> time (yet) to test them.
> http://git.iksaif.net/?p=qemu.git;a=shortlog;h=refs/heads/wip
> Feel free to try them. If QEMU segfault again, please send a full gdb
> backtrace / valgrind trace / way to reproduce :).
> Thanks,

Hi Corentin,

thanks for rebasing those patches. I remember that I have seen them the
last time I noticed (about 1 year ago) that the threaded VNC is crashing.
I'm on vacation this week, but I will test them next week 
and let you know if I can force a crash with them applied. If not we should
consider to include them asap.

Peter


> 
> 
> -- 
> Corentin Chary
> http://xf.iksaif.net

[Qemu-devel] [PATCH RFC] seabios: add OSHP method stub

[Michael S. Tsirkin]

To allow guests to load the native SHPC driver
for a bridge, we must declare an OSHP method
for the appropriate device which lets the OS
take control of the SHPC.
As we don't access SHPC at the moment, we
don't need to do anything - just report success.

Signed-off-by: Michael S. Tsirkin 

---

diff --git a/src/ssdt-pcihp.dsl b/src/ssdt-pcihp.dsl
index 442e7a8..3f50169 100644
--- a/src/ssdt-pcihp.dsl
+++ b/src/ssdt-pcihp.dsl
@@ -24,6 +24,7 @@ DefinitionBlock ("ssdt-pcihp.aml", "SSDT", 0x01, "BXPC", 
"BXSSDTPCIHP", 0x1)
ACPI_EXTRACT_METHOD_STRING aml_ej0_name  \
Method (_EJ0, 1) { Return(PCEJ(0x##slot)) }  \
Name (_SUN, 0x##slot)\
+   Method (OSHP, 1) { Return(0x0) }  \
 }
 
 hotplug_slot(03)

Re: [Qemu-devel] [PATCHv2-RFC 0/2] RFC: standard pci bridge device

[Wen Congyang]

At 02/13/2012 05:15 PM, Michael S. Tsirkin Wrote:
> Here's a new version of the patch. It works for me.
> Deep nesting of bridges is supported.
> You need a small BIOS patch to support the OSHP method
> if you want hotplug to work. I will post this separately.
> We'd need a full ACPI driver to make hotplug work for guests
> without an SHPC driver (e.g. windows XP).
> Management support will also be needed.
> 
> One small wrinkle is that the pci_addr property
> wants data in a format bus:device.function which is
> broken as guests can change bus numbers.
> For testing I used the 'addr' property which
> encodes slot*8+function#. We probably want to
> extend pci_addr in some way (e.g. :device.function ?
> Thoughts?).

What about using id+device(slot)+function to set the address?

> 
> The SHPC controller supports up to 31 devices
> (out of 32 slots) so slot 0 doesn't support hotplug.
> Non hot-pluggable devices behind the bridge
> don't work currectly (we'll try to unplug them)
> so don't do this.
> For now I just blocked adding devices in slot 0,
> in the future it might be possible to add
> a non-hotpluggable device there.
> 
> Example:
> 
> qemu-system-x86_64  -enable-kvm -m 1G
>  -drive file=/home/mst/rhel6.qcow2
> -netdev
> tap,id=foo,ifname=msttap0,script=/home/mst/ifup,downscript=no,vhost=on
> -device pci-bridge,id=bog
> -device virtio-net-pci,netdev=foo,bus=bog,addr=8
> 
> 
> Hot-unplug currently causes qemu to crash, this
> happens without this patch too, so I'm not worried :)

How to trigger this bug without this patch?

Thanks
Wen Congyang

> 
> New since v1:
>   hotplug support
> 

Re: [Qemu-devel] [PATCHv2-RFC 0/2] RFC: standard pci bridge device

[Michael S. Tsirkin]

On Mon, Feb 13, 2012 at 05:38:26PM +0800, Wen Congyang wrote:
> At 02/13/2012 05:15 PM, Michael S. Tsirkin Wrote:
> > Here's a new version of the patch. It works for me.
> > Deep nesting of bridges is supported.
> > You need a small BIOS patch to support the OSHP method
> > if you want hotplug to work. I will post this separately.
> > We'd need a full ACPI driver to make hotplug work for guests
> > without an SHPC driver (e.g. windows XP).
> > Management support will also be needed.
> > 
> > One small wrinkle is that the pci_addr property
> > wants data in a format bus:device.function which is
> > broken as guests can change bus numbers.
> > For testing I used the 'addr' property which
> > encodes slot*8+function#. We probably want to
> > extend pci_addr in some way (e.g. :device.function ?
> > Thoughts?).
> 
> What about using id+device(slot)+function to set the address?

That's exactly what this patch does: addr encodes
slot+function.
I was asking about a friendlier format for this.

> > 
> > The SHPC controller supports up to 31 devices
> > (out of 32 slots) so slot 0 doesn't support hotplug.
> > Non hot-pluggable devices behind the bridge
> > don't work currectly (we'll try to unplug them)
> > so don't do this.
> > For now I just blocked adding devices in slot 0,
> > in the future it might be possible to add
> > a non-hotpluggable device there.
> > 
> > Example:
> > 
> > qemu-system-x86_64  -enable-kvm -m 1G
> >  -drive file=/home/mst/rhel6.qcow2
> > -netdev
> > tap,id=foo,ifname=msttap0,script=/home/mst/ifup,downscript=no,vhost=on
> > -device pci-bridge,id=bog
> > -device virtio-net-pci,netdev=foo,bus=bog,addr=8
> > 
> > 
> > Hot-unplug currently causes qemu to crash, this
> > happens without this patch too, so I'm not worried :)
> 
> How to trigger this bug without this patch?
> 
> Thanks
> Wen Congyang

start with 
 qemu-system-x86_64  -enable-kvm -m 1G
  -drive file=/home/mst/rhel6.qcow2
 -netdev
 tap,id=foo,ifname=msttap0,script=/home/mst/ifup,downscript=no,vhost=on

next do:
device_add virtio-net-pci,netdev=foo,id=bla

device_del bla

and it will crash on next malloc, to trigger
malloc give another command, e.g.
info pci

> > 
> > New since v1:
> > hotplug support
> > 

Re: [Qemu-devel] [PATCHv2-RFC 1/2] shpc: standard hot plug controller

[Isaku Yamahata]

Oh nice work.

On Mon, Feb 13, 2012 at 11:15:55AM +0200, Michael S. Tsirkin wrote:
> This adds support for SHPC interface, as defined by PCI Standard
> Hot-Plug Controller and Subsystem Specification, Rev 1.0
> http://www.pcisig.com/specifications/conventional/pci_hot_plug/SHPC_10
> 
> Only SHPC intergrated with a PCI-to-PCI bridge is supported,
> SHPC integrated with a host bridge would need more work.
> 
> All main SHPC features are supported:
> - MRL sensor

Does this just report latch status? (It seems so.)
Do you plan to provide interfaces to manipulate the latch?


> - Attention button
> - Attention indicator
> - Power indicator
>
> Wake on hotplug and serr generation are stubbed out but unused
> as we don't have interfaces to generate these events ATM.
> 
> One issue that isn't completely resolved is that qemu currently
> expects an "eject" interface, which SHPC does not provide: it merely
> removes the power to device and it's up to the user to remove the device
> from slot. This patch works around that by ejecting the device
> when power is removed and power LED goes off.
> 
> TODO:
> - migration support
> - fix dependency on pci_internals.h

If I didn't miss the code,
- QMP command for pushing attention button.
- QMP command to get LED status
- QMP events for LED on/off

thanks,

> Signed-off-by: Michael S. Tsirkin 
> ---
>  Makefile.objs |1 +
>  hw/pci.h  |6 +
>  hw/shpc.c |  646 
> +
>  hw/shpc.h |   40 
>  qemu-common.h |1 +
>  5 files changed, 694 insertions(+), 0 deletions(-)
>  create mode 100644 hw/shpc.c
>  create mode 100644 hw/shpc.h
> 
> diff --git a/Makefile.objs b/Makefile.objs
> index 391e524..4546477 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -195,6 +195,7 @@ hw-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
>  hw-obj-y += fw_cfg.o
>  hw-obj-$(CONFIG_PCI) += pci.o pci_bridge.o
>  hw-obj-$(CONFIG_PCI) += msix.o msi.o
> +hw-obj-$(CONFIG_PCI) += shpc.o
>  hw-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
>  hw-obj-$(CONFIG_PCI) += ioh3420.o xio3130_upstream.o xio3130_downstream.o
>  hw-obj-y += watchdog.o
> diff --git a/hw/pci.h b/hw/pci.h
> index 33b0b18..756577e 100644
> --- a/hw/pci.h
> +++ b/hw/pci.h
> @@ -125,6 +125,9 @@ enum {
>  /* command register SERR bit enabled */
>  #define QEMU_PCI_CAP_SERR_BITNR 4
>  QEMU_PCI_CAP_SERR = (1 << QEMU_PCI_CAP_SERR_BITNR),
> +/* Standard hot plug controller. */
> +#define QEMU_PCI_SHPC_BITNR 5
> +QEMU_PCI_CAP_SHPC = (1 << QEMU_PCI_SHPC_BITNR),
>  };
>  
>  #define TYPE_PCI_DEVICE "pci-device"
> @@ -229,6 +232,9 @@ struct PCIDevice {
>  /* PCI Express */
>  PCIExpressDevice exp;
>  
> +/* SHPC */
> +SHPCDevice *shpc;
> +
>  /* Location of option rom */
>  char *romfile;
>  bool has_rom;
> diff --git a/hw/shpc.c b/hw/shpc.c
> new file mode 100644
> index 000..4baec29
> --- /dev/null
> +++ b/hw/shpc.c
> @@ -0,0 +1,646 @@
> +#include 
> +#include 
> +#include "range.h"
> +#include "shpc.h"
> +#include "pci.h"
> +#include "pci_internals.h"
> +
> +/* TODO: model power only and disabled slot states. */
> +/* TODO: handle SERR and wakeups */
> +/* TODO: consider enabling 66MHz support */
> +
> +/* TODO: remove fully only on state DISABLED and LED off.
> + * track state to properly record this. */
> +
> +/* SHPC Working Register Set */
> +#define SHPC_BASE_OFFSET  0x00 /* 4 bytes */
> +#define SHPC_SLOTS_33 0x04 /* 4 bytes. Also encodes PCI-X slots. */
> +#define SHPC_SLOTS_66 0x08 /* 4 bytes. */
> +#define SHPC_NSLOTS   0x0C /* 1 byte */
> +#define SHPC_FIRST_DEV0x0D /* 1 byte */
> +#define SHPC_PHYS_SLOT0x0E /* 2 byte */
> +#define SHPC_PHYS_NUM_MAX 0x7ff
> +#define SHPC_PHYS_NUM_UP  0x1000
> +#define SHPC_PHYS_MRL 0x4000
> +#define SHPC_PHYS_BUTTON  0x8000
> +#define SHPC_SEC_BUS  0x10 /* 2 bytes */
> +#define SHPC_SEC_BUS_33   0x0
> +#define SHPC_SEC_BUS_66   0x1 /* Unused */
> +#define SHPC_SEC_BUS_MASK 0x7
> +#define SHPC_MSI_CTL  0x12 /* 1 byte */
> +#define SHPC_PROG_IFC 0x13 /* 1 byte */
> +#define SHPC_PROG_IFC_1_0 0x1
> +#define SHPC_CMD_CODE 0x14 /* 1 byte */
> +#define SHPC_CMD_TRGT 0x15 /* 1 byte */
> +#define SHPC_CMD_TRGT_MIN 0x1
> +#define SHPC_CMD_TRGT_MAX 0x1f
> +#define SHPC_CMD_STATUS   0x16 /* 2 bytes */
> +#define SHPC_CMD_STATUS_BUSY  0x1
> +#define SHPC_CMD_STATUS_MRL_OPEN  0x2
> +#define SHPC_CMD_STATUS_INVALID_CMD   0x4
> +#define SHPC_CMD_STATUS_INVALID_MODE  0x8
> +#define SHPC_INT_LOCATOR  0x18 /* 4 bytes */
> +#define SHPC_INT_COMMAND  0x1
> +#define SHPC_SERR_LOCATOR 0x1C /* 4 bytes */
> +#define SHPC_SERR_INT 0x20 /* 4 bytes */
> +#define SHPC_INT_DIS  0x1
> +#define SHPC_SERR_DIS 0x2
> +#define SHPC_CMD_INT_DIS  0x4
> +#define SHPC_ARB_SERR_DIS 0x8
> +#define SHPC_CMD_DETECTED 0x1
> +#define SHPC_ARB_DETECTED 0x2
> + /* 4 bytes * slot # (start from 0) */
> +#define SHPC_SLOT_REG(s) (0x24 + (s) * 4)
> +

Re: [Qemu-devel] [PATCH v2 5/8] kvmvapic: Introduce TPR access optimization for Windows guests

[Jan Kiszka]

On 2012-02-11 16:25, Blue Swirl wrote:
> On Fri, Feb 10, 2012 at 18:31, Jan Kiszka  wrote:
>> This enables acceleration for MMIO-based TPR registers accesses of
>> 32-bit Windows guest systems. It is mostly useful with KVM enabled,
>> either on older Intel CPUs (without flexpriority feature, can also be
>> manually disabled for testing) or any current AMD processor.
>>
>> The approach introduced here is derived from the original version of
>> qemu-kvm. It was refactored, documented, and extended by support for
>> user space APIC emulation, both with and without KVM acceleration. The
>> VMState format was kept compatible, so was the ABI to the option ROM
>> that implements the guest-side para-virtualized driver service. This
>> enables seamless migration from qemu-kvm to upstream or, one day,
>> between KVM and TCG mode.
>>
>> The basic concept goes like this:
>>  - VAPIC PV interface consisting of I/O port 0x7e and (for KVM in-kernel
>>   irqchip) a vmcall hypercall is registered
>>  - VAPIC option ROM is loaded into guest
>>  - option ROM activates TPR MMIO access reporting via port 0x7e
>>  - TPR accesses are trapped and patched in the guest to call into option
>>   ROM instead, VAPIC support is enabled
>>  - option ROM TPR helpers track state in memory and invoke hypercall to
>>   poll for pending IRQs if required
>>
>> Signed-off-by: Jan Kiszka 
> 
> I must say that I find the approach horrible, patching guests and ROMs
> and looking up Windows internals. Taking the same approach to extreme,
> we could for example patch Xen guest to become a KVM guest. Not that I
> object merging.

Yes, this is horrible. But there is no real better way in the absence of
hardware assisted virtualization of the TPR. I think MS is recommending
this patching approach as well.

>> diff --git a/hw/apic.c b/hw/apic.c
>> index 086c544..2ebf3ca 100644
>> --- a/hw/apic.c
>> +++ b/hw/apic.c
>> @@ -35,6 +35,10 @@
>>  #define MSI_ADDR_DEST_ID_SHIFT 12
>>  #defineMSI_ADDR_DEST_ID_MASK   0x000
>>
>> +#define SYNC_FROM_VAPIC 0x1
>> +#define SYNC_TO_VAPIC   0x2
>> +#define SYNC_ISR_IRR_TO_VAPIC   0x4
> 
> Enum, please.

OK.

> 
>> +
>>  static APICCommonState *local_apics[MAX_APICS + 1];
>>
>>  static void apic_set_irq(APICCommonState *s, int vector_num, int 
>> trigger_mode);
>> @@ -78,6 +82,70 @@ static inline int get_bit(uint32_t *tab, int index)
>> return !!(tab[i] & mask);
>>  }
>>
>> +/* return -1 if no bit is set */
>> +static int get_highest_priority_int(uint32_t *tab)
>> +{
>> +int i;
>> +for (i = 7; i >= 0; i--) {
>> +if (tab[i] != 0) {
>> +return i * 32 + fls_bit(tab[i]);
>> +}
>> +}
>> +return -1;
>> +}
>> +
>> +static void apic_sync_vapic(APICCommonState *s, int sync_type)
>> +{
>> +VAPICState vapic_state;
>> +size_t length;
>> +off_t start;
>> +int vector;
>> +
>> +if (!s->vapic_paddr) {
>> +return;
>> +}
>> +if (sync_type & SYNC_FROM_VAPIC) {
>> +cpu_physical_memory_rw(s->vapic_paddr, (void *)&vapic_state,
>> +   sizeof(vapic_state), 0);
>> +s->tpr = vapic_state.tpr;
>> +}
>> +if (sync_type & (SYNC_TO_VAPIC | SYNC_ISR_IRR_TO_VAPIC)) {
>> +start = offsetof(VAPICState, isr);
>> +length = offsetof(VAPICState, enabled) - offsetof(VAPICState, isr);
>> +
>> +if (sync_type & SYNC_TO_VAPIC) {
>> +assert(qemu_cpu_is_self(s->cpu_env));
>> +
>> +vapic_state.tpr = s->tpr;
>> +vapic_state.enabled = 1;
>> +start = 0;
>> +length = sizeof(VAPICState);
>> +}
>> +
>> +vector = get_highest_priority_int(s->isr);
>> +if (vector < 0) {
>> +vector = 0;
>> +}
>> +vapic_state.isr = vector & 0xf0;
>> +
>> +vapic_state.zero = 0;
>> +
>> +vector = get_highest_priority_int(s->irr);
>> +if (vector < 0) {
>> +vector = 0;
>> +}
>> +vapic_state.irr = vector & 0xff;
>> +
>> +cpu_physical_memory_write_rom(s->vapic_paddr + start,
>> +  ((void *)&vapic_state) + start, 
>> length);
> 
> This assumes that the vapic_state structure matches guest what guest
> expect without conversion. Is this true for i386 on x86_64? I didn't
> check the structure in question.

Yes, the structure in question is a packed one, stable on both guest and
host side (the guest side is 32-bit only anyway).

>> diff --git a/hw/apic_common.c b/hw/apic_common.c
>> index 588531b..1977da7 100644
>> --- a/hw/apic_common.c
>> +++ b/hw/apic_common.c
>> @@ -20,8 +20,10 @@
>>  #include "apic.h"
>>  #include "apic_internal.h"
>>  #include "trace.h"
>> +#include "kvm.h"
>>
>>  static int apic_irq_delivered;
>> +bool apic_report_tpr_access;
> 
> This should go to APICCommonState.

Nope, it is a global state, also checked in a place where the APIC is
set up, thus have no

Re: [Qemu-devel] weird qdev error

[Paolo Bonzini]

On 02/13/2012 05:58 AM, Michael S. Tsirkin wrote:

Doesn't solve this issue, but shouldn't we use _SAFE
in object_property_del_child? Like this:

--->
qemu: use safe list macro

As we might remove an element from list, use the safe macro
to walk it.

Signed-off-by: Michael S. Tsirkin 

---

diff --git a/qom/object.c b/qom/object.c
index 5e5b261..8b64fb6 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -299,9 +299,9 @@ static void object_property_del_all(Object *obj)

 static void object_property_del_child(Object *obj, Object *child, Error **errp)
 {
-ObjectProperty *prop;
+ObjectProperty *prop, *next;

-QTAILQ_FOREACH(prop, &obj->properties, node) {
+QTAILQ_FOREACH_SAFE(prop, &obj->properties, node, next) {
 if (!strstart(prop->type, "child<", NULL)) {
 continue;
 }


Yup, I thought I had pointed this out in a review of Anthony's QOM series...

Reviewed-by: Paolo Bonzini 

Paolo

Re: [Qemu-devel] How to follow a child process created in the guest OS?

[Stefan Hajnoczi]

On Sun, Feb 12, 2012 at 3:00 AM, Wei Yang  wrote:
> 2012/2/11 malc :
>> On Sat, 11 Feb 2012, Andreas F?rber wrote:
>>
>>> Am 10.02.2012 11:26, schrieb ???:
>>> > On Fri, Feb 10, 2012 at 08:14:41AM +, Stefan Hajnoczi wrote:
>>> >> On Thu, Feb 09, 2012 at 06:33:16PM +0800, ??? wrote:
>>> >>> I am running a tiny OS on QEMU and debugging it with gdbstub. The tiny 
>>> >>> OS will
>>> >>> fork process 1, 2, ... and so on. I want to follow the child process, 
>>> >>> [...]
>>> >>>
>>> >>>   Is there a way to do what I'm trying to do? Thanks!
>>>
>>> > - Tiny OS code -
>>> > void main(void)   /* This really IS void, no error here. */
>>> > {
>>> >   /* initialize enviroment */
>>> >
>>> >   sti();
>>> >   move_to_user_mode();
>>> >   if (!fork()) {    /* we count on this going ok */
>>> >     init();         // task 1
>>> >   }
>>> >
>>> >   for(;;) pause();  // task 0
>>> > }
>>> > 
>>> >
>>> >   I am running this tiny OS on QEMU then using GDB to connect it.
>>> > I want to follow task 1 after the forking, [...]
>>>
>
> Could the Qemu gdbstub debug a user space process?

What people have been trying to explain is that, yes, gdbstub can
debug user space processes but not in an easy way.  It's like using a
bicycle to travel from Paris to Beijing - it takes a lot of time and
effort, you may want to catch a plane instead.

The QEMU gdbstub is a hardware-level debugger.  It shows you what the
CPU is doing.  It does not know about processes.  Of course, if *you*
understand how processes are implemented in this operating systems,
*you* could do all the process-level debugging yourself without the
help of the debugger.

Stefan

[Qemu-devel] [PATCH] Running vgabios during resume from S3 on QEMU by default

[Gleb Natapov]

Run vgabios during resume from S3 by default on QEMU. QEMU
still able to modify SeaBIOS behavior if it wishes so by providing
etc/s3-resume-vga-init file. With QEMU emulated vga cards this behaviour
is desirable otherwise console becomes unusable with Linux guests after
resume. Since we control vgabios source we can be sure that running it
on resume from S3 is safe.

Signed-off-by: Gleb Natapov 
---

Older versions of SeaBIOS had a runtime configure option (disabled by
default) to enable this behaviour and RHEL always enabled it, so this
code path is well tested.  But QEMU upstream always compiled SeaBIOS
with default options and hence this patch will modify upstream
behaviour. Are there any objections to this change from QEMU side?

diff --git a/src/optionroms.c b/src/optionroms.c
index 27cfffd..06db1c1 100644
--- a/src/optionroms.c
+++ b/src/optionroms.c
@@ -423,7 +423,7 @@ vga_setup(void)
 
 // Load some config settings that impact VGA.
 EnforceChecksum = romfile_loadint("etc/optionroms-checksum", 1);
-S3ResumeVgaInit = romfile_loadint("etc/s3-resume-vga-init", 0);
+S3ResumeVgaInit = romfile_loadint("etc/s3-resume-vga-init", 
!CONFIG_COREBOOT);
 ScreenAndDebug = romfile_loadint("etc/screen-and-debug", 1);
 
 if (CONFIG_OPTIONROMS_DEPLOYED) {
--
Gleb.

Re: [Qemu-devel] [PATCH] oslib: make error handling more reasonable

[Stefan Hajnoczi]

On Mon, Feb 13, 2012 at 6:29 AM, Stefan Weil  wrote:
> Am 13.02.2012 03:37, schrieb Zhi Yong Wu:
>
>> On Fri, Feb 10, 2012 at 11:53 PM, Stefan Weil  wrote:
>>>
>>> Am 10.02.2012 16:13, schrieb Zhi Yong Wu:
>>>
 On Fri, Feb 10, 2012 at 10:41 PM, Daniel P. Berrange
  wrote:
>
>
> On Fri, Feb 10, 2012 at 10:34:13PM +0800, Zhi Yong Wu wrote:
>>
>>
>> From: Zhi Yong Wu 
>>
>> Signed-off-by: Zhi Yong Wu 
>> ---
>>  oslib-posix.c |    4 ++--
>>  oslib-win32.c |    4 ++--
>>  2 files changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/oslib-posix.c b/oslib-posix.c
>> index b6a3c7f..f978d56 100644
>> --- a/oslib-posix.c
>> +++ b/oslib-posix.c
>> @@ -80,7 +80,7 @@ void *qemu_oom_check(void *ptr)
>>  {
>>    if (ptr == NULL) {
>>        fprintf(stderr, "Failed to allocate memory: %s\n",
>> strerror(errno));
>> -        abort();
>> +        exit(EXIT_FAILURE);
>
>
>
> exit() will call any atexit()/on_exit() handlers, as well as trying
> to flush I/O streams. Any of these actions may require further
> memory allocations, which will likely fail, or worse cause this
> code to re-enter itself if an atexit() handler calls qemu_malloc


 Nice, very reasonable.
>
>
>
> The only option other than abort(), is to use  _Exit() which
> doesn't try to run cleanup handlers.


 I will try to send out v2
>>>
>>>
>>>
>>> Could you please explain why calling exit, _Exit or _exit is more
>>> reasonable than calling abort?
>>>
>>> abort can create core dumps or start a debugger which is
>>> useful for me and maybe other developers, too.
>>
>> pls refer to
>> http://lists.gnu.org/archive/html/qemu-devel/2012-02/msg01270.html.
>> In the scenario, the user should not see core dump, and he perhaps
>> think that one bug exists in qemu code.
>> So we hope to use _Exit() instead of abort() here.
>
>
> So you say that you don't want a core dump just because the
> user called QEMU with -m 4000 or some other large value.
>
> Allocating RAM for the emulated machine is perhaps the only
> scenario where a core dump is indeed not reasonable. In most
> other cases, out-of-memory is an indication of a QEMU internal
> problem, so a core dump should be written.

Allocating guest memory could fail and we should give a reasonable
error and exit with a failure.  I think this might be the one case
where we *do* want to handle memory allocation NULL return.  In other
words, perhaps we should call memory allocating functions directly
here instead of using the typical QEMU abort-on-failure wrappers.

Stefan

Re: [Qemu-devel] how could I analysis the trace log?

[Stefan Hajnoczi]

On Sun, Feb 12, 2012 at 4:32 AM, Wei Yang  wrote:
> After some run time, I run the script like:
> ./scripts/simpletrace.py qemu_trace_events_parse qemu_trace.log
>
> The qemu_trace_events_parse is :
> g_realloc(addr)
> g_malloc(addr)
>
> The output looks like:
> g_malloc 1.831 addr=0xb945d1f0
> g_malloc 2.498 addr=0xb945d1f0
> g_realloc 4.715 addr=0x10
> g_realloc 1.520 addr=0xc
> g_realloc 1.505 addr=0xc
>
> The steps I used is correct?

Yes, that's fine.  The output fields are trace event name, delta time
since last event (in microseconds), and arguments printed as hex
numbers.

> I just guess the format of input events file of the simpletrace.py.
> For so many available events, how could I specify the format of all
> those events?

simpletrace.py does not format events in a special way.  It simply
prints them all out as hex numbers.

If you want special formatting you should write a custom trace
analysis script.  It's pretty easy to do and you can find an example
here:

http://blog.vmsplice.net/2011/03/how-to-write-trace-analysis-scripts-for.html

If you looked at the simpletrace.py source code you may have noticed
that it is actually a Python module.  It provides an API so you can
process the trace events that you are interested in.

Stefan

Re: [Qemu-devel] virtio-blk throughput

[Stefan Hajnoczi]

On Sat, Feb 11, 2012 at 9:57 AM, Prateek Sharma  wrote:
> $QEMU  -cpu core2duo,+vmx  -drive file=$VM_PATH,if=virtio,aio=native
> -drive file=viotest.img,if=virtio,index=2

-drive cache=none is typically used for good performance when the
image is on a local disk.  Try that and I think you'll see an
improvement.

Stefan

Re: [Qemu-devel] Missing patch in QEMU which is in QEMU-KVM

[Jan Kiszka]

On 2012-02-13 07:21, Gerhard Wiesinger wrote:
> Hello,
> 
> I miss the following patch in QEMU which is in QEMU-KVM:
> http://article.gmane.org/gmane.comp.emulators.kvm.devel/13557
> 
> commit a7fe0297840908a4fd65a1cf742481ccd45960eb
> Author: Andreas Winkelbauer 
> Date:   Sun Feb 24 10:33:27 2008 +0200
> 
> Extend vram size to 16MB
> 
> this is useful for high resolutions.
> 
> Signed-off-by: Avi Kivity 

This patch no longer applies, the delta became much smaller:

diff --git a/hw/vga_int.h b/hw/vga_int.h
index c1e700f..21047a5 100644
--- a/hw/vga_int.h
+++ b/hw/vga_int.h
@@ -34,8 +34,8 @@
 /* bochs VBE support */
 #define CONFIG_BOCHS_VBE

-#define VBE_DISPI_MAX_XRES  1600
-#define VBE_DISPI_MAX_YRES  1200
+#define VBE_DISPI_MAX_XRES  2560
+#define VBE_DISPI_MAX_YRES  1600
 #define VBE_DISPI_MAX_BPP   32

 #define VBE_DISPI_INDEX_ID  0x0
@@ -224,7 +224,7 @@ void vga_init_vbe(VGACommonState *s, MemoryRegion
*address_space);
 extern const uint8_t sr_mask[8];
 extern const uint8_t gr_mask[16];

-#define VGA_RAM_SIZE (8192 * 1024)
+#define VGA_RAM_SIZE (16 * 1024 * 1024)
 #define VGABIOS_FILENAME "vgabios.bin"
 #define VGABIOS_CIRRUS_FILENAME "vgabios-cirrus.bin"

Someone needs to bake a proper patch out of this and post it. There must
be also some VGA BIOS differences, but I haven't looked at the details.
That should be resolved at this chance as well.

> 
> In general: Which patches are missing in QEMU which are in QEMU-KVM and
> vice versa?

Basically no more patches, only features that partially require some
refactoring work:

 - KVM in-kernel PIC (patches + dependencies pending)
 - TPR acceleration for Windows (series under review, needs some minor
   further work)
 - MSI rework and support for KVM in-kernel irqchip support
 - PCI device assignment (old-style and/or VFIO)

Then we are done and qemu-kvm can be closed. But I would not expect this
before 1.2, maybe even 1.3. However, once only PCI assignment is
pending, the vast majority of users can switch.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

Re: [Qemu-devel] [PATCH] i8259: Do not clear level-triggered lines in IRR on init

[Jan Kiszka]

On 2012-01-24 16:29, Jan Kiszka wrote:
> When an input line is handled as level-triggered, it will immediately
> raise an IRQ on the output of a PIC again that goes through an init
> reset. So only clear the edge-triggered inputs from IRR in that
> scenario.
> 
> Signed-off-by: Jan Kiszka 
> ---
>  hw/i8259.c|2 +-
>  hw/i8259_common.c |2 +-
>  hw/kvm/i8259.c|2 +-
>  3 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/i8259.c b/hw/i8259.c
> index 3005ce2..264bfc6 100644
> --- a/hw/i8259.c
> +++ b/hw/i8259.c
> @@ -231,8 +231,8 @@ static void pic_reset(DeviceState *dev)
>  {
>  PICCommonState *s = DO_UPCAST(PICCommonState, dev.qdev, dev);
>  
> -pic_init_reset(s);
>  s->elcr = 0;
> +pic_init_reset(s);
>  }
>  
>  static void pic_ioport_write(void *opaque, target_phys_addr_t addr64,
> diff --git a/hw/i8259_common.c b/hw/i8259_common.c
> index e515876..37aeee2 100644
> --- a/hw/i8259_common.c
> +++ b/hw/i8259_common.c
> @@ -28,7 +28,7 @@
>  void pic_reset_common(PICCommonState *s)
>  {
>  s->last_irr = 0;
> -s->irr = 0;
> +s->irr &= s->elcr;
>  s->imr = 0;
>  s->isr = 0;
>  s->priority_add = 0;
> diff --git a/hw/kvm/i8259.c b/hw/kvm/i8259.c
> index 64bb5c2..298d9ca 100644
> --- a/hw/kvm/i8259.c
> +++ b/hw/kvm/i8259.c
> @@ -84,8 +84,8 @@ static void kvm_pic_reset(DeviceState *dev)
>  {
>  PICCommonState *s = DO_UPCAST(PICCommonState, dev.qdev, dev);
>  
> -pic_reset_common(s);
>  s->elcr = 0;
> +pic_reset_common(s);
>  
>  kvm_pic_put(s);
>  }

Ping.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux

Re: [Qemu-devel] virtio-blk throughput

[Prateek Sharma]

On Mon, Feb 13, 2012 at 4:53 PM, Stefan Hajnoczi  wrote:
> On Sat, Feb 11, 2012 at 9:57 AM, Prateek Sharma  wrote:
>> $QEMU  -cpu core2duo,+vmx  -drive file=$VM_PATH,if=virtio,aio=native
>> -drive file=viotest.img,if=virtio,index=2
>
> -drive cache=none is typically used for good performance when the
> image is on a local disk.  Try that and I think you'll see an
> improvement.
>
> Stefan

Hi Stefan,
I did try setting cache=none in one of the runs, and saw a small
performance *drop* for sequential reads. Could it be because of the
host page-cache read-ahead and other factors?
In any case, i just wanted to know what the current qemu
virtio-blk numbers are, and whether i have misconfigured things badly.
What is the "fastest" way to do IO in qemu? virtio-blk, vhost-blk,
virtio-dataplane, something else?
Thanks!

Re: [Qemu-devel] [PATCH v3 6/6] qemu_calculate_timeout: increase minimum timeout to 1h

[Stefano Stabellini]

On Fri, 10 Feb 2012, Paul Brook wrote:
> > +#ifdef CONFIG_SLIRP
> > +static inline void slirp_update_timeout(uint32_t *timeout)
> > +{
> > +*timeout = MIN(1000, *timeout);
> > +}
> > +#else
> > +static inline void slirp_update_timeout(uint32_t *timeout) { }
> > +#endif
> 
> Shouldn't we be testing whether slirp is actually in use? I doubt many people 
> go to the effort of rebuilding without SLIRP support.
 
Yes, you are right. Also considering that we are only calling
slirp_update_timeout if CONFIG_SLIRP is defined, there is no need for
the !CONFIG_SLIRP dummy version of the function.

---

commit 3a89477edc7e551c93b016940d2fdad9ebc22a84
Author: Stefano Stabellini 
Date:   Mon Feb 13 11:25:03 2012 +

main_loop_wait: block indefinitely

- remove qemu_calculate_timeout;

- explicitly size timeout to uint32_t;

- introduce slirp_update_timeout;

- pass NULL as timeout argument to select in case timeout is the maximum
value;

Signed-off-by: Stefano Stabellini 

diff --git a/async.c b/async.c
index 332d511..ecdaf15 100644
--- a/async.c
+++ b/async.c
@@ -120,7 +120,7 @@ void qemu_bh_delete(QEMUBH *bh)
 bh->deleted = 1;
 }
 
-void qemu_bh_update_timeout(int *timeout)
+void qemu_bh_update_timeout(uint32_t *timeout)
 {
 QEMUBH *bh;
 
diff --git a/main-loop.c b/main-loop.c
index 692381c..4a105e9 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -366,7 +366,7 @@ void qemu_del_wait_object(HANDLE handle, WaitObjectFunc 
*func, void *opaque)
 }
 }
 
-static void os_host_main_loop_wait(int *timeout)
+static void os_host_main_loop_wait(uint32_t *timeout)
 {
 int ret, ret2, i;
 PollingEntry *pe;
@@ -410,7 +410,7 @@ static void os_host_main_loop_wait(int *timeout)
 *timeout = 0;
 }
 #else
-static inline void os_host_main_loop_wait(int *timeout)
+static inline void os_host_main_loop_wait(uint32_t *timeout)
 {
 }
 #endif
@@ -419,21 +419,17 @@ int main_loop_wait(int nonblocking)
 {
 fd_set rfds, wfds, xfds;
 int ret, nfds;
-struct timeval tv;
-int timeout;
+struct timeval tv, *tvarg = NULL;
+uint32_t timeout = UINT32_MAX;
 
 if (nonblocking) {
 timeout = 0;
 } else {
-timeout = qemu_calculate_timeout();
 qemu_bh_update_timeout(&timeout);
 }
 
 os_host_main_loop_wait(&timeout);
 
-tv.tv_sec = timeout / 1000;
-tv.tv_usec = (timeout % 1000) * 1000;
-
 /* poll any events */
 /* XXX: separate device handlers from system ones */
 nfds = -1;
@@ -442,16 +438,23 @@ int main_loop_wait(int nonblocking)
 FD_ZERO(&xfds);
 
 #ifdef CONFIG_SLIRP
+slirp_update_timeout(&timeout);
 slirp_select_fill(&nfds, &rfds, &wfds, &xfds);
 #endif
 qemu_iohandler_fill(&nfds, &rfds, &wfds, &xfds);
 glib_select_fill(&nfds, &rfds, &wfds, &xfds, &tv);
 
+if (timeout < UINT32_MAX) {
+tvarg = &tv;
+tv.tv_sec = timeout / 1000;
+tv.tv_usec = (timeout % 1000) * 1000;
+}
+
 if (timeout > 0) {
 qemu_mutex_unlock_iothread();
 }
 
-ret = select(nfds + 1, &rfds, &wfds, &xfds, &tv);
+ret = select(nfds + 1, &rfds, &wfds, &xfds, tvarg);
 
 if (timeout > 0) {
 qemu_mutex_lock_iothread();
diff --git a/main-loop.h b/main-loop.h
index f971013..22c0dc9 100644
--- a/main-loop.h
+++ b/main-loop.h
@@ -352,6 +352,6 @@ void qemu_iohandler_poll(fd_set *readfds, fd_set *writefds, 
fd_set *xfds, int rc
 
 void qemu_bh_schedule_idle(QEMUBH *bh);
 int qemu_bh_poll(void);
-void qemu_bh_update_timeout(int *timeout);
+void qemu_bh_update_timeout(uint32_t *timeout);
 
 #endif
diff --git a/qemu-timer.c b/qemu-timer.c
index de20852..3e1ce08 100644
--- a/qemu-timer.c
+++ b/qemu-timer.c
@@ -821,8 +821,3 @@ fail:
 return err;
 }
 
-int qemu_calculate_timeout(void)
-{
-return 1000;
-}
-
diff --git a/qemu-timer.h b/qemu-timer.h
index de17f3b..f1386d5 100644
--- a/qemu-timer.h
+++ b/qemu-timer.h
@@ -62,7 +62,6 @@ uint64_t qemu_timer_expire_time_ns(QEMUTimer *ts);
 void qemu_run_all_timers(void);
 int qemu_alarm_pending(void);
 void configure_alarms(char const *opt);
-int qemu_calculate_timeout(void);
 void init_clocks(void);
 int init_timer_alarm(void);
 
diff --git a/qemu-tool.c b/qemu-tool.c
index 6b69668..76830b7 100644
--- a/qemu-tool.c
+++ b/qemu-tool.c
@@ -90,6 +90,10 @@ static void __attribute__((constructor)) init_main_loop(void)
 qemu_clock_enable(vm_clock, false);
 }
 
+void slirp_update_timeout(uint32_t *timeout)
+{
+}
+
 void slirp_select_fill(int *pnfds, fd_set *readfds,
fd_set *writefds, fd_set *xfds)
 {
diff --git a/slirp/libslirp.h b/slirp/libslirp.h
index 890fd86..77527ad 100644
--- a/slirp/libslirp.h
+++ b/slirp/libslirp.h
@@ -15,6 +15,7 @@ Slirp *slirp_init(int restricted, struct in_addr vnetwork,
   struct in_addr vnameserver, void *opaque);
 void slirp_cleanup(Slirp *slirp);
 
+void slirp_update_timeout(uint32_t *timeout);
 void slirp_select_fill(int *pnfds,
f

Re: [Qemu-devel] [PATCHv2-RFC 1/2] shpc: standard hot plug controller

[Michael S. Tsirkin]

On Mon, Feb 13, 2012 at 07:03:52PM +0900, Isaku Yamahata wrote:
> Oh nice work.
> 
> On Mon, Feb 13, 2012 at 11:15:55AM +0200, Michael S. Tsirkin wrote:
> > This adds support for SHPC interface, as defined by PCI Standard
> > Hot-Plug Controller and Subsystem Specification, Rev 1.0
> > http://www.pcisig.com/specifications/conventional/pci_hot_plug/SHPC_10
> > 
> > Only SHPC intergrated with a PCI-to-PCI bridge is supported,
> > SHPC integrated with a host bridge would need more work.
> > 
> > All main SHPC features are supported:
> > - MRL sensor
> 
> Does this just report latch status? (It seems so.)

What happens is that adding a device closes the latch, removing a device
opens the latch.  This simplifies the number of supported configurations
significantly.


> Do you plan to provide interfaces to manipulate the latch?

I didn't plan to do this, and this is non-trivial.
Do you just want this for empty slots?  And why?

> 
> > - Attention button
> > - Attention indicator
> > - Power indicator
> >
> > Wake on hotplug and serr generation are stubbed out but unused
> > as we don't have interfaces to generate these events ATM.
> > 
> > One issue that isn't completely resolved is that qemu currently
> > expects an "eject" interface, which SHPC does not provide: it merely
> > removes the power to device and it's up to the user to remove the device
> > from slot. This patch works around that by ejecting the device
> > when power is removed and power LED goes off.
> > 
> > TODO:
> > - migration support
> > - fix dependency on pci_internals.h
> 
> If I didn't miss the code,
> - QMP command for pushing attention button.
> - QMP command to get LED status

It's easy to add these, so I'd accept such a patch,
but I wonder why.

> - QMP events for LED on/off

There's also blink :)

> 
> thanks,

I'm concerned that a guest can flood the management with such events.
It's better to send a single "LED change" event, then we
can suppress further events until next "get LED status" command.

> > Signed-off-by: Michael S. Tsirkin 
> > ---
> >  Makefile.objs |1 +
> >  hw/pci.h  |6 +
> >  hw/shpc.c |  646 
> > +
> >  hw/shpc.h |   40 
> >  qemu-common.h |1 +
> >  5 files changed, 694 insertions(+), 0 deletions(-)
> >  create mode 100644 hw/shpc.c
> >  create mode 100644 hw/shpc.h
> > 
> > diff --git a/Makefile.objs b/Makefile.objs
> > index 391e524..4546477 100644
> > --- a/Makefile.objs
> > +++ b/Makefile.objs
> > @@ -195,6 +195,7 @@ hw-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
> >  hw-obj-y += fw_cfg.o
> >  hw-obj-$(CONFIG_PCI) += pci.o pci_bridge.o
> >  hw-obj-$(CONFIG_PCI) += msix.o msi.o
> > +hw-obj-$(CONFIG_PCI) += shpc.o
> >  hw-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
> >  hw-obj-$(CONFIG_PCI) += ioh3420.o xio3130_upstream.o xio3130_downstream.o
> >  hw-obj-y += watchdog.o
> > diff --git a/hw/pci.h b/hw/pci.h
> > index 33b0b18..756577e 100644
> > --- a/hw/pci.h
> > +++ b/hw/pci.h
> > @@ -125,6 +125,9 @@ enum {
> >  /* command register SERR bit enabled */
> >  #define QEMU_PCI_CAP_SERR_BITNR 4
> >  QEMU_PCI_CAP_SERR = (1 << QEMU_PCI_CAP_SERR_BITNR),
> > +/* Standard hot plug controller. */
> > +#define QEMU_PCI_SHPC_BITNR 5
> > +QEMU_PCI_CAP_SHPC = (1 << QEMU_PCI_SHPC_BITNR),
> >  };
> >  
> >  #define TYPE_PCI_DEVICE "pci-device"
> > @@ -229,6 +232,9 @@ struct PCIDevice {
> >  /* PCI Express */
> >  PCIExpressDevice exp;
> >  
> > +/* SHPC */
> > +SHPCDevice *shpc;
> > +
> >  /* Location of option rom */
> >  char *romfile;
> >  bool has_rom;
> > diff --git a/hw/shpc.c b/hw/shpc.c
> > new file mode 100644
> > index 000..4baec29
> > --- /dev/null
> > +++ b/hw/shpc.c
> > @@ -0,0 +1,646 @@
> > +#include 
> > +#include 
> > +#include "range.h"
> > +#include "shpc.h"
> > +#include "pci.h"
> > +#include "pci_internals.h"
> > +
> > +/* TODO: model power only and disabled slot states. */
> > +/* TODO: handle SERR and wakeups */
> > +/* TODO: consider enabling 66MHz support */
> > +
> > +/* TODO: remove fully only on state DISABLED and LED off.
> > + * track state to properly record this. */
> > +
> > +/* SHPC Working Register Set */
> > +#define SHPC_BASE_OFFSET  0x00 /* 4 bytes */
> > +#define SHPC_SLOTS_33 0x04 /* 4 bytes. Also encodes PCI-X slots. */
> > +#define SHPC_SLOTS_66 0x08 /* 4 bytes. */
> > +#define SHPC_NSLOTS   0x0C /* 1 byte */
> > +#define SHPC_FIRST_DEV0x0D /* 1 byte */
> > +#define SHPC_PHYS_SLOT0x0E /* 2 byte */
> > +#define SHPC_PHYS_NUM_MAX 0x7ff
> > +#define SHPC_PHYS_NUM_UP  0x1000
> > +#define SHPC_PHYS_MRL 0x4000
> > +#define SHPC_PHYS_BUTTON  0x8000
> > +#define SHPC_SEC_BUS  0x10 /* 2 bytes */
> > +#define SHPC_SEC_BUS_33   0x0
> > +#define SHPC_SEC_BUS_66   0x1 /* Unused */
> > +#define SHPC_SEC_BUS_MASK 0x7
> > +#define SHPC_MSI_CTL  0x12 /* 1 byte */
> > +#define SHPC_PROG_IFC 0x13 /* 1 byte */
> > +#define SHPC_PROG_IFC_1_0 0x1
> 

Re: [Qemu-devel] virtio-blk performance regression and qemu-kvm

[Stefan Hajnoczi]

On Fri, Feb 10, 2012 at 2:36 PM, Dongsu Park
 wrote:
>  Now I'm running benchmarks with both qemu-kvm 0.14.1 and 1.0.
>
>  - Sequential read (Running inside guest)
>   # fio -name iops -rw=read -size=1G -iodepth 1 \
>    -filename /dev/vdb -ioengine libaio -direct=1 -bs=4096
>
>  - Sequential write (Running inside guest)
>   # fio -name iops -rw=write -size=1G -iodepth 1 \
>    -filename /dev/vdb -ioengine libaio -direct=1 -bs=4096
>
>  For each one, I tested 3 times to get the average.
>
>  Result:
>
>  seqread with qemu-kvm 0.14.1   67,0 MByte/s
>  seqread with qemu-kvm 1.0      30,9 MByte/s
>
>  seqwrite with qemu-kvm 0.14.1  65,8 MByte/s
>  seqwrite with qemu-kvm 1.0     30,5 MByte/s

Please retry with the following commit or simply qemu-kvm.git/master.
Avi discovered a performance regression which was introduced when the
block layer was converted to use coroutines:

$ git describe 39a7a362e16bb27e98738d63f24d1ab5811e26a8
v1.0-327-g39a7a36

(This commit is not in 1.0!)

Please post your qemu-kvm command-line.

67 MB/s sequential 4 KB read means 67 * 1024 / 4 = 17152 requests per
second, so 58 microseconds per request.

Please post the fio output so we can double-check what is reported.

Stefan

Re: [Qemu-devel] [PATCH v4 0/6] save/restore on Xen

[Stefano Stabellini]

On Tue, 31 Jan 2012, Stefano Stabellini wrote:
> On Wed, 25 Jan 2012, Stefano Stabellini wrote:
> > Hi all,
> > this is the fourth version of the Xen save/restore patch series.
> > We have been discussing this issue for quite a while on #qemu and
> > qemu-devel:
> > 
> > 
> > http://marc.info/?l=qemu-devel&m=132346828427314&w=2
> > http://marc.info/?l=qemu-devel&m=132377734605464&w=2
> > 
> > 
> > The principal changes in the this version are:
> > 
> > - Following Anthony's suggestion I have introduced a new monitor command
> > to save the non-ram device state to file.
> > 
> > - I have also removed the hack not to reset the cirrus videoram on
> > restore, because it turns out that the videoram doesn't need to be
> > reset in the reset handler at all (tested on Win2K, where the problem
> > was found in the first place).
> > 
> 
> Is everybody happy enough with this series?
> Do you have any additional comments?
> 

ping

Re: [Qemu-devel] [PATCH V6 11/11] pci: Do not check if a bus exist in pci_parse_devaddr.

[Michael S. Tsirkin]

On Mon, Feb 13, 2012 at 12:20:13PM +, Anthony PERARD wrote:
> Actually, pci_parse_devaddr checks if the dom/bus of the PCI address exist. 
> But
> this should be the jobs of a caller. In fact, the two callers of this function
> will try to retrieve the PCIBus related to the devaddr and return an error if
> they cannot.
> 
> Signed-off-by: Anthony PERARD 

I agree. It's a good patch. And this will help address the bridges.
Want me to queue this?

> ---
>  hw/pci.c |4 
>  1 files changed, 0 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/pci.c b/hw/pci.c
> index ebb5de9..da7cf79 100644
> --- a/hw/pci.c
> +++ b/hw/pci.c
> @@ -529,10 +529,6 @@ int pci_parse_devaddr(const char *addr, int *domp, int 
> *busp,
>  if (*e)
>   return -1;
>  
> -/* Note: QEMU doesn't implement domains other than 0 */
> -if (!pci_find_bus(pci_find_root_bus(dom), bus))
> - return -1;
> -
>  *domp = dom;
>  *busp = bus;
>  *slotp = slot;
> -- 
> Anthony PERARD

Re: [Qemu-devel] [RFC Patch 5/7]Qemu: raw-posix image file reopen

[Supriya Kannery]

On 02/02/2012 05:45 AM, Michael Roth wrote:

On 01/31/2012 09:07 PM, Supriya Kannery wrote:

raw-posix driver changes for bdrv_reopen_xx functions to
safely reopen image files. Reopening of image files while
changing hostcache dynamically is handled here.




+
+ /* Flags that can be set using fcntl */
+ int fcntl_flags = BDRV_O_NOCACHE;
+
+ if ((bs->open_flags& ~fcntl_flags) == (flags& ~fcntl_flags)) {
+ if ((flags& BDRV_O_NOCACHE)) {
+ s->open_flags |= O_DIRECT;
+ } else {
+ s->open_flags&= ~O_DIRECT;
+ }
+ printf("O_DIRECT flag\n");
+ ret = fcntl_setfl(s->fd, s->open_flags);


raw-posix.c:raw_aio_submit() does some extra alignment work if
s->aligned_buf was set due to the image being opened O_DIRECT initially,
not sure what the impact is but probably want to clean that up here.



ok, will check on this

thanks! for reviewing
Supriya

Re: [Qemu-devel] [RFC Patch 2/7]Qemu: Error classes for file reopen and data sync failure

[Supriya Kannery]

On 02/07/2012 01:26 PM, Stefan Hajnoczi wrote:

On Wed, Feb 01, 2012 at 08:36:28AM +0530, Supriya Kannery wrote:

Index: qemu/qerror.c
===
--- qemu.orig/qerror.c
+++ qemu/qerror.c
@@ -108,6 +108,14 @@ static const QErrorStringTable qerror_ta
  .desc  = "Device '%(device)' has multiple child busses",
  },
  {
+.error_fmt = QERR_DATA_SYNC_FAILED,
+.desc  = "Syncing of data failed for device '%(device)'",
+},
+{
+.error_fmt = QERR_REOPEN_FILE_FAILED,
+.desc  = "Could not reopen '%(filename)'",
+},


The comment in qerror.c says:

"Please keep the entries in alphabetical order.
Use scripts/check-qerror.sh to check."



ok


+{
  .error_fmt = QERR_DEVICE_NO_BUS,
  .desc  = "Device '%(device)' has no child bus",
  },
Index: qemu/qerror.h
===
--- qemu.orig/qerror.h
+++ qemu/qerror.h
@@ -117,6 +117,9 @@ QError *qobject_to_qerror(const QObject
  #define QERR_DEVICE_NOT_FOUND \
  "{ 'class': 'DeviceNotFound', 'data': { 'device': %s } }"

+#define QERR_DATA_SYNC_FAILED \
+"{ 'class': 'DataSyncFailed', 'data': { 'device': %s } }"
+


Same here:

/*
  * QError class list
  * Please keep the definitions in alphabetical order.
  * Use scripts/check-qerror.sh to check.
  */



ok

Re: [Qemu-devel] [RFC Patch 1/7]Qemu: Enhance "info block" to display host cache setting

[Supriya Kannery]

On 02/08/2012 05:30 PM, Luiz Capitulino wrote:

On Wed, 01 Feb 2012 08:36:14 +0530
Supriya Kannery  wrote:


Enhance "info block" to display hostcache setting for each
block device.

Example:
(qemu) info block
ide0-hd0: removable=0 file=../rhel6-32.raw ro=0 drv=raw encrypted=0

Enhanced to display "hostcache" setting:
(qemu) info block
ide0-hd0: removable=0 hostcache=1 file=../rhel6-32.raw ro=0 drv=raw encrypted=0


The day we'll want to refactor 'info block' output is coming...



ok :-)

Re: [Qemu-devel] [RFC Patch 3/7]Qemu: Cmd "block_set_hostcache" for dynamic cache change

[Supriya Kannery]

On 02/08/2012 05:37 PM, Luiz Capitulino wrote:

On Wed, 01 Feb 2012 08:36:41 +0530
Supriya Kannery  wrote:




+ret = bdrv_open(bs, bs->filename, bdrv_flags, drv);
+if (ret<  0) {
+/* Reopen failed. Try to open with original flags */
+qerror_report(QERR_REOPEN_FILE_FAILED, bs->filename);


OPEN_FILE_FAILED is fine.



ok


+/*
+ * Change host page cache setting while guest is running.
+*/
+int do_block_set_hostcache(Monitor *mon, const QDict *qdict,
+   QObject **ret_data)


This is not a QAPI command, please read docs/writing-qmp-commands.txt to know
how to write QMP commands using the QAPI.



fine, will check the doc

-thanks, Supriya

[Qemu-devel] QEMU desired libiscsi.so clashes with libiscsi.so from iscsi-initiator-utils

[Daniel P. Berrange]

I was investigating how to build latest QEMU with the iSCSI block driver
enabled. I saw that configure wanted a libiscsi.so, so I installed that
library from Fedora RPMs via the iscsi-initiator-utils package, but it
still wouldn't build.

After further investigation, I find that QEMU in fact wants a completely
different, unlreated libiscsi.so library:

  https://github.com/sahlberg/libiscsi

Obviously we have a problem here because we can't have two different
libraries called libiscsi.so installed at the same time.

Since iscsi-initiator-utils is a standard Linux distro package whose usage
of libiscsi.so predates this github project, it seems that to resolve this
it will be neccessary to rename the latter. eg perhaps libiscsi-client.so ?

The followup question is where to find actual libiscsi releases to package
up for OS distros ? It is not very desirable to just package GIT snapshots.

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [RFC Patch 5/7]Qemu: raw-posix image file reopen

[Supriya Kannery]

On 02/08/2012 08:24 PM, Kevin Wolf wrote:

Am 01.02.2012 04:07, schrieb Supriya Kannery:

raw-posix driver changes for bdrv_reopen_xx functions to
safely reopen image files. Reopening of image files while
changing hostcache dynamically is handled here.





+typedef struct BDRVRawReopenState {
+BDRVReopenState reopen_state;
+BDRVRawState *stash_s;
+} BDRVRawReopenState;


See Stefan's comment. If it's possible to save only the fd and maybe one
or two other fields, then we should do that.



Yes, for V1 of this patchset, will look for stashing only those relevant
fields of a driver state wherever possible


+
+if ((bs->open_flags&  ~fcntl_flags) == (flags&  ~fcntl_flags)) {
+if ((flags&  BDRV_O_NOCACHE)) {
+s->open_flags |= O_DIRECT;
+} else {
+s->open_flags&= ~O_DIRECT;
+}
+printf("O_DIRECT flag\n");


Debugging leftover?



yes :-), didn't do a proper cleanup as this is RFC
for the stashing approach.


+ret = fcntl_setfl(s->fd, s->open_flags);
+} else {
+
+printf("close and open with new flags\n");


Same here.



V1 will be a clean one !


Kevin

Re: [Qemu-devel] [RFC Patch 6/7]Qemu: raw-win32 image file reopen

[Supriya Kannery]

On 02/08/2012 08:32 PM, Kevin Wolf wrote:

Am 01.02.2012 04:07, schrieb Supriya Kannery:

win32  driver changes for bdrv_reopen_xx functions to
safely reopen image files. Reopening of image files while
changing hostcache dynamically is handled here.

+
+if (osvi.dwMajorVersion>= WINDOWS_VISTA) {
+s->hfile = ReOpenFile(raw_rs->stash_hfile, 0, FILE_SHARE_READ,
+  overlapped);
+if (s->hfile == INVALID_HANDLE_VALUE) {
+int err = GetLastError();
+if (err == ERROR_ACCESS_DENIED) {
+ret = -EACCES;
+} else {
+ret = -1;


Returning -1 where -errno is expected is bad (turns out as -EPERM on
Linux, which is misleading). Maybe -EIO here.


ok

-thanks, Supriya

[Qemu-devel] [PATCH v3] Add SPICE support to add_client monitor command

[Daniel P. Berrange]

From: "Daniel P. Berrange" 

With the acceptance of some new APIs to libspice-server.so it
is possible to add support for SPICE to the 'add_client'
monitor command, bringing parity with VNC. Since SPICE can
use TLS or plain connections, the command also gains a new
'tls' parameter to specify whether TLS should be attempted
on the injected client sockets.

This new feature is only enabled if building against a
libspice-server >= 0.10.1

* qmp-commands.hx: Add 'tls' parameter & missing doc for
  'skipauth' parameter
* monitor.c: Wire up SPICE for 'add_client' command
* ui/qemu-spice.h, ui/spice-core.c: Add qemu_spice_display_add_client
  API to wire up from monitor

[1] 
http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=d55b68b6b44f2499278fa860fb47ff22f5011faa

http://cgit.freedesktop.org/spice/spice/commit/server/spice.h?id=bd07dde530d9504e1cfe7ed5837fc00c26f36716

Changes in v3:
 - Added 'optional' flag to new parameters documented
 - Added no-op impl of qemu_spice_display_add_client when
   SPICE is disabled during build

Signed-off-by: Daniel P. Berrange 
---
 monitor.c   |9 +++--
 qmp-commands.hx |6 --
 ui/qemu-spice.h |6 ++
 ui/spice-core.c |   13 +
 4 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/monitor.c b/monitor.c
index aadbdcb..0d4daad 100644
--- a/monitor.c
+++ b/monitor.c
@@ -823,13 +823,18 @@ static int add_graphics_client(Monitor *mon, const QDict 
*qdict, QObject **ret_d
 CharDriverState *s;
 
 if (strcmp(protocol, "spice") == 0) {
+int fd = monitor_get_fd(mon, fdname);
+int skipauth = qdict_get_try_bool(qdict, "skipauth", 0);
+int tls = qdict_get_try_bool(qdict, "tls", 0);
 if (!using_spice) {
 /* correct one? spice isn't a device ,,, */
 qerror_report(QERR_DEVICE_NOT_ACTIVE, "spice");
 return -1;
 }
-   qerror_report(QERR_ADD_CLIENT_FAILED);
-   return -1;
+if (qemu_spice_display_add_client(fd, skipauth, tls) < 0) {
+close(fd);
+}
+return 0;
 #ifdef CONFIG_VNC
 } else if (strcmp(protocol, "vnc") == 0) {
int fd = monitor_get_fd(mon, fdname);
diff --git a/qmp-commands.hx b/qmp-commands.hx
index b5e2ab8..dee95f1 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -910,8 +910,8 @@ EQMP
 
 {
 .name   = "add_client",
-.args_type  = "protocol:s,fdname:s,skipauth:b?",
-.params = "protocol fdname skipauth",
+.args_type  = "protocol:s,fdname:s,skipauth:b?,tls:b?",
+.params = "protocol fdname skipauth tls",
 .help   = "add a graphics client",
 .user_print = monitor_user_noop,
 .mhandler.cmd_new = add_graphics_client,
@@ -927,6 +927,8 @@ Arguments:
 
 - "protocol": protocol name (json-string)
 - "fdname": file descriptor name (json-string)
+- "skipauth": whether to skip authentication (json-bool, optional)
+- "tls": whether to perform TLS (json-bool, optional)
 
 Example:
 
diff --git a/ui/qemu-spice.h b/ui/qemu-spice.h
index c35b29c..3ce57b2 100644
--- a/ui/qemu-spice.h
+++ b/ui/qemu-spice.h
@@ -33,6 +33,7 @@ void qemu_spice_init(void);
 void qemu_spice_input_init(void);
 void qemu_spice_audio_init(void);
 void qemu_spice_display_init(DisplayState *ds);
+int qemu_spice_display_add_client(int csock, int skipauth, int tls);
 int qemu_spice_add_interface(SpiceBaseInstance *sin);
 int qemu_spice_set_passwd(const char *passwd,
   bool fail_if_connected, bool 
disconnect_if_connected);
@@ -68,6 +69,11 @@ static inline int qemu_spice_migrate_info(const char *h, int 
p, int t,
 return -1;
 }
 
+static inline int qemu_spice_display_add_client(int csock, int skipauth, int 
tls)
+{
+return -1;
+}
+
 #endif /* CONFIG_SPICE */
 
 #endif /* QEMU_SPICE_H */
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 5639c6f..d98863e 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -747,6 +747,19 @@ int qemu_spice_set_pw_expire(time_t expires)
 return qemu_spice_set_ticket(false, false);
 }
 
+int qemu_spice_display_add_client(int csock, int skipauth, int tls)
+{
+#if SPICE_SERVER_VERSION >= 0x000a01
+if (tls) {
+return spice_server_add_ssl_client(spice_server, csock, skipauth);
+} else {
+return spice_server_add_client(spice_server, csock, skipauth);
+}
+#else
+return -1;
+#endif
+}
+
 static void spice_register_config(void)
 {
 qemu_add_opts(&qemu_spice_opts);
-- 
1.7.7.6

Re: [Qemu-devel] virtio-blk throughput

[Anthony Liguori]

On 02/13/2012 05:23 AM, Stefan Hajnoczi wrote:

On Sat, Feb 11, 2012 at 9:57 AM, Prateek Sharma  wrote:

$QEMU  -cpu core2duo,+vmx  -drive file=$VM_PATH,if=virtio,aio=native
-drive file=viotest.img,if=virtio,index=2


-drive cache=none is typically used for good performance when the
image is on a local disk.  Try that and I think you'll see an
improvement.


We should throw a bug on aio=native, cache != none.

linux-aio blocks on io_submit if the caching mode isn't O_DIRECT and that will 
kill performance.


Regards,

Anthony Liguori



Stefan

Re: [Qemu-devel] [RFC Patch 4/7]Qemu: Framework for reopening image files safely

[Supriya Kannery]

On 02/08/2012 08:37 PM, Kevin Wolf wrote:

Am 01.02.2012 04:06, schrieb Supriya Kannery:

Struct BDRVReopenState along with three reopen related functions
introduced for handling reopening of images safely. This can be
extended by each of the block drivers to reopen respective
image files.



+} else {
+   open_flags = bs->open_flags;
+   bdrv_close(bs);
+
+   ret = bdrv_open(bs, bs->filename, bdrv_flags, drv);
  if (ret<  0) {
-/* Reopen failed with orig and modified flags */
-abort();
+/* Reopen failed. Try to open with original flags */
+qerror_report(QERR_REOPEN_FILE_FAILED, bs->filename);
+ret = bdrv_open(bs, bs->filename, open_flags, drv);
+if (ret<  0) {
+/* Reopen failed with orig and modified flags */
+bs->drv = NULL;
+}
  }


Most image formats don't have a bdrv_reopen_* implementation after this
series, so usually you'll have something like qcow2 on top of file. This
code uses bdrv_close/open for the whole stack, even though the file
layer could actually make use of a bdrv_reopen_* implementation and the
qcow2 open isn't likely to fail if the image file could be opened.

I think we can use drv->bdrv_close/open to reopen only one layer and try
using bdrv_reopen_* for the lower layer again.

This is an improvement that can be done in a separate patch, though.


What I understood is, in the enhancement patch, we will have something 
like (taking qcow2 as an example)


Implement bdrv_reopen_qcow2(image file) which reopens only the qcow2
image file

Then,  drv->bdrv_open(qcow2 driver) will reopen qcow2 driver
   => calls bdrv_reopen_qcow2(qcow2 image file) if image file has
  to be reopen

Can you please explain a bit more, it this is not what you meant.

-thanks, Supriya

Re: [Qemu-devel] [PATCH] oslib: make error handling more reasonable

[Markus Armbruster]

Stefan Weil  writes:

> Am 10.02.2012 16:13, schrieb Zhi Yong Wu:
>> On Fri, Feb 10, 2012 at 10:41 PM, Daniel P. Berrange
>>  wrote:
>>> On Fri, Feb 10, 2012 at 10:34:13PM +0800, Zhi Yong Wu wrote:
 From: Zhi Yong Wu 

 Signed-off-by: Zhi Yong Wu 
 ---
  oslib-posix.c |4 ++--
  oslib-win32.c |4 ++--
  2 files changed, 4 insertions(+), 4 deletions(-)

 diff --git a/oslib-posix.c b/oslib-posix.c
 index b6a3c7f..f978d56 100644
 --- a/oslib-posix.c
 +++ b/oslib-posix.c
 @@ -80,7 +80,7 @@ void *qemu_oom_check(void *ptr)
  {
  if (ptr == NULL) {
  fprintf(stderr, "Failed to allocate memory: %s\n",
 strerror(errno));
 -abort();
 +exit(EXIT_FAILURE);
>>>
>>> exit() will call any atexit()/on_exit() handlers, as well as trying
>>> to flush I/O streams. Any of these actions may require further
>>> memory allocations, which will likely fail, or worse cause this
>>> code to re-enter itself if an atexit() handler calls qemu_malloc
>> Nice, very reasonable.
>>>
>>> The only option other than abort(), is to use  _Exit() which
>>> doesn't try to run cleanup handlers.
>> I will try to send out v2
>
> Could you please explain why calling exit, _Exit or _exit is more
> reasonable than calling abort?
>
> abort can create core dumps or start a debugger which is
> useful for me and maybe other developers, too.

I consider abort() on OOM somewhat eccentric.  abort() is for
programming errors.  Resource shortage is an environmental error that is
sometimes (but not always) caused by a programming error.

I'd rather inconvenience programmers (by making it a little bit harder
to debug programming errors that cause OOM) than confuse users with
inappropriate scary "crashes".

Re: [Qemu-devel] virtio-blk throughput

[Stefan Hajnoczi]

On Mon, Feb 13, 2012 at 11:39 AM, Prateek Sharma  wrote:
> On Mon, Feb 13, 2012 at 4:53 PM, Stefan Hajnoczi  wrote:
>> On Sat, Feb 11, 2012 at 9:57 AM, Prateek Sharma  
>> wrote:
>>> $QEMU  -cpu core2duo,+vmx  -drive file=$VM_PATH,if=virtio,aio=native
>>> -drive file=viotest.img,if=virtio,index=2
>>
>> -drive cache=none is typically used for good performance when the
>> image is on a local disk.  Try that and I think you'll see an
>> improvement.
>>
>> Stefan
>
> Hi Stefan,
>    I did try setting cache=none in one of the runs, and saw a small
> performance *drop* for sequential reads. Could it be because of the
> host page-cache read-ahead and other factors?
>    In any case, i just wanted to know what the current qemu
> virtio-blk numbers are, and whether i have misconfigured things badly.
>    What is the "fastest" way to do IO in qemu? virtio-blk, vhost-blk,
> virtio-dataplane, something else?

The fastest support way on local disks tends to be
if=virtio,cache=none,aio=native.

You are right that a pure read benchmark will "benefit" from
read-ahead.  cache=none helps for writes (compared to the default
cache=writethrough) and has less complicated performance behavior when
there is a lot of I/O going on (because it bypasses the page cache).

It would be interesting to compare the block I/O requests during a
bare metal run with your guest run.  Normally they should be identical
for the benchmark to be fair.  I'm not sure whether the I/O request
pattern is identical in your case (I haven't looked what hdparm -tT
does exactly).

Stefan

Re: [Qemu-devel] [PATCH] oslib: make error handling more reasonable

[Peter Maydell]

On 13 February 2012 14:04, Markus Armbruster  wrote:
> I consider abort() on OOM somewhat eccentric.  abort() is for
> programming errors.  Resource shortage is an environmental error that is
> sometimes (but not always) caused by a programming error.
>
> I'd rather inconvenience programmers (by making it a little bit harder
> to debug programming errors that cause OOM) than confuse users with
> inappropriate scary "crashes".

I think the rationale for aborting here is that you're already
accepting "program just dies" behaviour for out-of-memory errors
via the kernel's OOM-killer...

-- PMM

Re: [Qemu-devel] [PATCHv2-RFC 1/2] shpc: standard hot plug controller

[Isaku Yamahata]

On Mon, Feb 13, 2012 at 01:49:32PM +0200, Michael S. Tsirkin wrote:
> On Mon, Feb 13, 2012 at 07:03:52PM +0900, Isaku Yamahata wrote:
> > Oh nice work.
> > 
> > On Mon, Feb 13, 2012 at 11:15:55AM +0200, Michael S. Tsirkin wrote:
> > > This adds support for SHPC interface, as defined by PCI Standard
> > > Hot-Plug Controller and Subsystem Specification, Rev 1.0
> > > http://www.pcisig.com/specifications/conventional/pci_hot_plug/SHPC_10
> > > 
> > > Only SHPC intergrated with a PCI-to-PCI bridge is supported,
> > > SHPC integrated with a host bridge would need more work.
> > > 
> > > All main SHPC features are supported:
> > > - MRL sensor
> > 
> > Does this just report latch status? (It seems so.)
> 
> What happens is that adding a device closes the latch, removing a device
> opens the latch.  This simplifies the number of supported configurations
> significantly.
> 
> 
> > Do you plan to provide interfaces to manipulate the latch?
> 
> I didn't plan to do this, and this is non-trivial.
> Do you just want this for empty slots?  And why?

No, I just wondered your plan.


> > > - Attention button
> > > - Attention indicator
> > > - Power indicator
> > >
> > > Wake on hotplug and serr generation are stubbed out but unused
> > > as we don't have interfaces to generate these events ATM.
> > > 
> > > One issue that isn't completely resolved is that qemu currently
> > > expects an "eject" interface, which SHPC does not provide: it merely
> > > removes the power to device and it's up to the user to remove the device
> > > from slot. This patch works around that by ejecting the device
> > > when power is removed and power LED goes off.
> > > 
> > > TODO:
> > > - migration support
> > > - fix dependency on pci_internals.h
> > 
> > If I didn't miss the code,
> > - QMP command for pushing attention button.
> > - QMP command to get LED status
> 
> It's easy to add these, so I'd accept such a patch,
> but I wonder why.

My concern is how libvirt/virt-manger (or other UI) presents
slot status to operators/users.


> > - QMP events for LED on/off
> 
> There's also blink :)
> 
> > 
> > thanks,
> 
> I'm concerned that a guest can flood the management with such events.
> It's better to send a single "LED change" event, then we
> can suppress further events until next "get LED status" command.

Makes sense.

> 
> > > Signed-off-by: Michael S. Tsirkin 
> > > ---
> > >  Makefile.objs |1 +
> > >  hw/pci.h  |6 +
> > >  hw/shpc.c |  646 
> > > +
> > >  hw/shpc.h |   40 
> > >  qemu-common.h |1 +
> > >  5 files changed, 694 insertions(+), 0 deletions(-)
> > >  create mode 100644 hw/shpc.c
> > >  create mode 100644 hw/shpc.h
> > > 
> > > diff --git a/Makefile.objs b/Makefile.objs
> > > index 391e524..4546477 100644
> > > --- a/Makefile.objs
> > > +++ b/Makefile.objs
> > > @@ -195,6 +195,7 @@ hw-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
> > >  hw-obj-y += fw_cfg.o
> > >  hw-obj-$(CONFIG_PCI) += pci.o pci_bridge.o
> > >  hw-obj-$(CONFIG_PCI) += msix.o msi.o
> > > +hw-obj-$(CONFIG_PCI) += shpc.o
> > >  hw-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
> > >  hw-obj-$(CONFIG_PCI) += ioh3420.o xio3130_upstream.o xio3130_downstream.o
> > >  hw-obj-y += watchdog.o
> > > diff --git a/hw/pci.h b/hw/pci.h
> > > index 33b0b18..756577e 100644
> > > --- a/hw/pci.h
> > > +++ b/hw/pci.h
> > > @@ -125,6 +125,9 @@ enum {
> > >  /* command register SERR bit enabled */
> > >  #define QEMU_PCI_CAP_SERR_BITNR 4
> > >  QEMU_PCI_CAP_SERR = (1 << QEMU_PCI_CAP_SERR_BITNR),
> > > +/* Standard hot plug controller. */
> > > +#define QEMU_PCI_SHPC_BITNR 5
> > > +QEMU_PCI_CAP_SHPC = (1 << QEMU_PCI_SHPC_BITNR),
> > >  };
> > >  
> > >  #define TYPE_PCI_DEVICE "pci-device"
> > > @@ -229,6 +232,9 @@ struct PCIDevice {
> > >  /* PCI Express */
> > >  PCIExpressDevice exp;
> > >  
> > > +/* SHPC */
> > > +SHPCDevice *shpc;
> > > +
> > >  /* Location of option rom */
> > >  char *romfile;
> > >  bool has_rom;
> > > diff --git a/hw/shpc.c b/hw/shpc.c
> > > new file mode 100644
> > > index 000..4baec29
> > > --- /dev/null
> > > +++ b/hw/shpc.c
> > > @@ -0,0 +1,646 @@
> > > +#include 
> > > +#include 
> > > +#include "range.h"
> > > +#include "shpc.h"
> > > +#include "pci.h"
> > > +#include "pci_internals.h"
> > > +
> > > +/* TODO: model power only and disabled slot states. */
> > > +/* TODO: handle SERR and wakeups */
> > > +/* TODO: consider enabling 66MHz support */
> > > +
> > > +/* TODO: remove fully only on state DISABLED and LED off.
> > > + * track state to properly record this. */
> > > +
> > > +/* SHPC Working Register Set */
> > > +#define SHPC_BASE_OFFSET  0x00 /* 4 bytes */
> > > +#define SHPC_SLOTS_33 0x04 /* 4 bytes. Also encodes PCI-X slots. */
> > > +#define SHPC_SLOTS_66 0x08 /* 4 bytes. */
> > > +#define SHPC_NSLOTS   0x0C /* 1 byte */
> > > +#define SHPC_FIRST_DEV0x0D /* 1 byte */
> > > +#define SHPC_PHYS_SLOT

[Qemu-devel] [PATCH 0/3] New sigaltstack method for coroutine

[Alex Barcelo]

This series of patches implements coroutines method with
sigaltstack.

The flow of creation and management of the coroutines is
quite similar to the coroutine-ucontext.c. The way to use
sigaltstack to achieve the needed stack manipulation is
done in a way quite similar to the GNU Portable Threads
(file pth_mctx.c, variant 2).

It's my first patch, I'm sure that there are things that I
have done wrong. Please, be kind :)

Thanks for your time

Alex Barcelo (3):
  coroutine: adding sigaltstack method (.c source)
  coroutine: adding control flags (enable/disable) for ucontext
compilation
  coroutine: adding enable/disable options for sigaltstack method

 Makefile.objs   |4 +
 configure   |   63 +-
 coroutine-sigaltstack.c |  337 +++
 3 files changed, 401 insertions(+), 3 deletions(-)
 create mode 100644 coroutine-sigaltstack.c

-- 
1.7.5.4

[Qemu-devel] [PATCH 1/3] coroutine: adding sigaltstack method (.c source)

[Alex Barcelo]

This file is based in both coroutine-ucontext.c and
pth_mctx.c (from the GNU Portable Threads library).

The mechanism used to change stacks is the sigaltstack
function (variant 2 of the pth library).

Signed-off-by: Alex Barcelo 
---
 coroutine-sigaltstack.c |  337 +++
 1 files changed, 337 insertions(+), 0 deletions(-)
 create mode 100644 coroutine-sigaltstack.c

diff --git a/coroutine-sigaltstack.c b/coroutine-sigaltstack.c
new file mode 100644
index 000..1d4f26d
--- /dev/null
+++ b/coroutine-sigaltstack.c
@@ -0,0 +1,337 @@
+/*
+ * sigaltstack coroutine initialization code
+ *
+ * Copyright (C) 2006  Anthony Liguori 
+ * Copyright (C) 2011  Kevin Wolf 
+ * Copyright (C) 2012  Alex Barcelo 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.0 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+/*
+** This file is partly based on pth_mctx.c, from the GNU Portable Threads
+**  Copyright (c) 1999-2006 Ralf S. Engelschall 
+**  Same license (version 2.1 or later)
+*/
+
+/* XXX Is there a nicer way to disable glibc's stack check for longjmp? */
+#ifdef _FORTIFY_SOURCE
+#undef _FORTIFY_SOURCE
+#endif
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "qemu-common.h"
+#include "qemu-coroutine-int.h"
+
+enum {
+/* Maximum free pool size prevents holding too many freed coroutines */
+POOL_MAX_SIZE = 64,
+};
+
+/** Free list to speed up creation */
+static QLIST_HEAD(, Coroutine) pool = QLIST_HEAD_INITIALIZER(pool);
+static unsigned int pool_size;
+
+typedef struct {
+Coroutine base;
+void *stack;
+jmp_buf env;
+} CoroutineUContext;
+
+/**
+ * Per-thread coroutine bookkeeping
+ */
+typedef struct {
+/** Currently executing coroutine */
+Coroutine *current;
+
+/** The default coroutine */
+CoroutineUContext leader;
+} CoroutineThreadState;
+
+static pthread_key_t thread_state_key;
+
+/*
+ * the way to pass information to the signal handler (trampoline)
+ * It's not thread-safe, as can be seen, but there is no other simple way.
+ */
+static volatile jmp_buf  tr_reenter;
+static volatile sig_atomic_t tr_called;
+static void *ptr_for_handler;
+
+static CoroutineThreadState *coroutine_get_thread_state(void)
+{
+CoroutineThreadState *s = pthread_getspecific(thread_state_key);
+
+if (!s) {
+s = g_malloc0(sizeof(*s));
+s->current = &s->leader.base;
+pthread_setspecific(thread_state_key, s);
+}
+return s;
+}
+
+static void qemu_coroutine_thread_cleanup(void *opaque)
+{
+CoroutineThreadState *s = opaque;
+
+g_free(s);
+}
+
+static void __attribute__((destructor)) coroutine_cleanup(void)
+{
+Coroutine *co;
+Coroutine *tmp;
+
+QLIST_FOREACH_SAFE(co, &pool, pool_next, tmp) {
+g_free(DO_UPCAST(CoroutineUContext, base, co)->stack);
+g_free(co);
+}
+}
+
+static void __attribute__((constructor)) coroutine_init(void)
+{
+int ret;
+
+ret = pthread_key_create(&thread_state_key, qemu_coroutine_thread_cleanup);
+if (ret != 0) {
+fprintf(stderr, "unable to create leader key: %s\n", strerror(errno));
+abort();
+}
+}
+
+/* "boot" function
+ * This is what starts the coroutine, is called from the trampoline
+ * (from the signal handler when it is not signal handling, read ahead
+ * for more information).
+ */
+static void coroutine_bootstrap(CoroutineUContext *self, Coroutine *co)
+{
+/* Initialize longjmp environment and switch back the caller */
+if (!setjmp(self->env)) {
+longjmp(*(jmp_buf *)co->entry_arg, 1);
+}
+
+while (true) {
+co->entry(co->entry_arg);
+qemu_coroutine_switch(co, co->caller, COROUTINE_TERMINATE);
+}
+}
+
+/*
+ * This is used as the signal handler. This is called with the brand new stack
+ * (thanks to sigaltstack). We have to return, given that this is a signal
+ * handler and the sigmask and some other things are changed.
+ */
+static void coroutine_trampoline(int signal)
+{
+CoroutineUContext *self;
+Coroutine *co;
+
+/* This will break on multithread or in any race condition */
+self = ptr_for_handler;
+tr_called = 1;
+co = &self->base;
+
+/*
+ * Here we have to do a bit of a ping pong between the caller, given that
+ * this is a signal handler and we have to do a return "soon". Then the
+ * caller can reestablish everything and do a longjmp her

[Qemu-devel] [PATCH 2/3] coroutine: adding control flags (enable/disable) for ucontext compilation

[Alex Barcelo]

Configure tries, as a default, ucontext functions for the
coroutines. But now the user can force its use or disable
it at all (enable and disable flags)

Signed-off-by: Alex Barcelo 
---
 configure |   26 ++
 1 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/configure b/configure
index 763db24..ed40da8 100755
--- a/configure
+++ b/configure
@@ -190,6 +190,7 @@ opengl=""
 zlib="yes"
 guest_agent="yes"
 libiscsi=""
+ucontext=""
 
 # parse CC options first
 for opt do
@@ -798,6 +799,10 @@ for opt do
   ;;
   --disable-guest-agent) guest_agent="no"
   ;;
+  --enable-ucontext) ucontext="yes"
+  ;;
+  --disable-ucontext) ucontext="no"
+  ;;
   *) echo "ERROR: unknown option $opt"; show_help="yes"
   ;;
   esac
@@ -1084,6 +1089,8 @@ echo "  --disable-usb-redir  disable usb network 
redirection support"
 echo "  --enable-usb-redir   enable usb network redirection support"
 echo "  --disable-guest-agentdisable building of the QEMU Guest Agent"
 echo "  --enable-guest-agent enable building of the QEMU Guest Agent"
+echo "  --disable-ucontext   disable ucontext functions for coroutines"
+echo "  --enable-ucontextenable ucontext functions for coroutines"
 echo ""
 echo "NOTE: The object files are built at the place where configure is 
launched"
 exit 1
@@ -2717,13 +2724,23 @@ fi
 # check if we have makecontext
 
 ucontext_coroutine=no
-if test "$darwin" != "yes"; then
-  cat > $TMPC << EOF
+if test "$ucontext" != "no"; then
+  if test "$darwin" != "yes"; then
+cat > $TMPC << EOF
 #include 
 int main(void) { makecontext(0, 0, 0); return 0; }
 EOF
-  if compile_prog "" "" ; then
-  ucontext_coroutine=yes
+if compile_prog "" "" ; then
+ucontext_coroutine=yes
+elif test "$ucontext" = "yes" ; then
+echo
+echo "Error: ucontext check failed"
+echo "Make sure that ucontext.h and its funcionts are supported"
+echo
+exit 1
+fi
+  else
+echo "Silently ignoring ucontext coroutine method under darwin"
   fi
 fi
 
@@ -2918,6 +2935,7 @@ echo "usb net redir $usb_redir"
 echo "OpenGL support$opengl"
 echo "libiscsi support  $libiscsi"
 echo "build guest agent $guest_agent"
+echo "ucontext coroutine support$ucontext_coroutine"
 
 if test "$sdl_too_old" = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
-- 
1.7.5.4

[Qemu-devel] [PATCH 3/3] coroutine: adding enable/disable options for sigaltstack method

[Alex Barcelo]

It's possible to enable/disable sigaltstack, but it always has
less priority than ucontext method (to force sigaltstack,
ucontext has to be disabled).

Signed-off-by: Alex Barcelo 
---
 Makefile.objs |4 
 configure |   39 +++
 2 files changed, 43 insertions(+), 0 deletions(-)

diff --git a/Makefile.objs b/Makefile.objs
index 391e524..8874825 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -17,8 +17,12 @@ coroutine-obj-y += qemu-coroutine-sleep.o
 ifeq ($(CONFIG_UCONTEXT_COROUTINE),y)
 coroutine-obj-$(CONFIG_POSIX) += coroutine-ucontext.o
 else
+ifeq ($(CONFIG_SIGALTSTACK_COROUTINE),y)
+coroutine-obj-$(CONFIG_POSIX) += coroutine-sigaltstack.o
+else
 coroutine-obj-$(CONFIG_POSIX) += coroutine-gthread.o
 endif
+endif
 coroutine-obj-$(CONFIG_WIN32) += coroutine-win32.o
 
 ###
diff --git a/configure b/configure
index ed40da8..e9c27f3 100755
--- a/configure
+++ b/configure
@@ -191,6 +191,7 @@ zlib="yes"
 guest_agent="yes"
 libiscsi=""
 ucontext=""
+sigaltstack=""
 
 # parse CC options first
 for opt do
@@ -803,6 +804,10 @@ for opt do
   ;;
   --disable-ucontext) ucontext="no"
   ;;
+  --enable-sigaltstack) sigaltstack="yes"
+  ;;
+  --disable-sigaltstack) sigaltstack="no"
+  ;;
   *) echo "ERROR: unknown option $opt"; show_help="yes"
   ;;
   esac
@@ -1091,6 +1096,8 @@ echo "  --disable-guest-agentdisable building of the 
QEMU Guest Agent"
 echo "  --enable-guest-agent enable building of the QEMU Guest Agent"
 echo "  --disable-ucontext   disable ucontext functions for coroutines"
 echo "  --enable-ucontextenable ucontext functions for coroutines"
+echo "  --disable-sigaltstackdisable sigaltstack functions for coroutines"
+echo "  --enable-sigaltstackenable sigaltstack functions for coroutines"
 echo ""
 echo "NOTE: The object files are built at the place where configure is 
launched"
 exit 1
@@ -2745,6 +2752,33 @@ EOF
 fi
 
 ##
+# check, if there is no ucontext, for
+# sigaltstack
+
+sigaltstack_coroutine=no
+if test "$ucontext_coroutine" = "no" -a "$sigaltstack" != "no" ; then
+  cat > $TMPC << EOF
+#include 
+int main(void) {
+  stack_t ss;
+  ss.ss_size = SIGSTKSZ;
+  ss.ss_flags = 0;
+  sigaltstack(&ss, 0);
+}
+EOF
+  if compile_prog "" "" ; then
+sigaltstack_coroutine=yes
+  elif test "$sigaltstack" = "yes"; then
+echo
+echo "Error: sigaltstack check failed"
+echo "Make sure that sigaltstack is supported"
+echo
+exit 1
+  fi
+fi
+
+
+##
 # check if we have open_by_handle_at
 
 open_by_hande_at=no
@@ -2936,6 +2970,7 @@ echo "OpenGL support$opengl"
 echo "libiscsi support  $libiscsi"
 echo "build guest agent $guest_agent"
 echo "ucontext coroutine support$ucontext_coroutine"
+echo "sigaltstack coroutine support $sigaltstack_coroutine"
 
 if test "$sdl_too_old" = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -3259,6 +3294,10 @@ if test "$ucontext_coroutine" = "yes" ; then
   echo "CONFIG_UCONTEXT_COROUTINE=y" >> $config_host_mak
 fi
 
+if test "$sigaltstack_coroutine" = "yes" ; then
+  echo "CONFIG_SIGALTSTACK_COROUTINE=y" >> $config_host_mak
+fi
+
 if test "$open_by_handle_at" = "yes" ; then
   echo "CONFIG_OPEN_BY_HANDLE=y" >> $config_host_mak
 fi
-- 
1.7.5.4

Re: [Qemu-devel] [PATCHv2-RFC 1/2] shpc: standard hot plug controller

[Michael S. Tsirkin]

On Mon, Feb 13, 2012 at 11:30:23PM +0900, Isaku Yamahata wrote:
> On Mon, Feb 13, 2012 at 01:49:32PM +0200, Michael S. Tsirkin wrote:
> > On Mon, Feb 13, 2012 at 07:03:52PM +0900, Isaku Yamahata wrote:
> > > Oh nice work.
> > > 
> > > On Mon, Feb 13, 2012 at 11:15:55AM +0200, Michael S. Tsirkin wrote:
> > > > This adds support for SHPC interface, as defined by PCI Standard
> > > > Hot-Plug Controller and Subsystem Specification, Rev 1.0
> > > > http://www.pcisig.com/specifications/conventional/pci_hot_plug/SHPC_10
> > > > 
> > > > Only SHPC intergrated with a PCI-to-PCI bridge is supported,
> > > > SHPC integrated with a host bridge would need more work.
> > > > 
> > > > All main SHPC features are supported:
> > > > - MRL sensor
> > > 
> > > Does this just report latch status? (It seems so.)
> > 
> > What happens is that adding a device closes the latch, removing a device
> > opens the latch.  This simplifies the number of supported configurations
> > significantly.
> > 
> > 
> > > Do you plan to provide interfaces to manipulate the latch?
> > 
> > I didn't plan to do this, and this is non-trivial.
> > Do you just want this for empty slots?  And why?
> 
> No, I just wondered your plan.
> 
> 
> > > > - Attention button
> > > > - Attention indicator
> > > > - Power indicator
> > > >
> > > > Wake on hotplug and serr generation are stubbed out but unused
> > > > as we don't have interfaces to generate these events ATM.
> > > > 
> > > > One issue that isn't completely resolved is that qemu currently
> > > > expects an "eject" interface, which SHPC does not provide: it merely
> > > > removes the power to device and it's up to the user to remove the device
> > > > from slot. This patch works around that by ejecting the device
> > > > when power is removed and power LED goes off.
> > > > 
> > > > TODO:
> > > > - migration support
> > > > - fix dependency on pci_internals.h
> > > 
> > > If I didn't miss the code,
> > > - QMP command for pushing attention button.
> > > - QMP command to get LED status
> > 
> > It's easy to add these, so I'd accept such a patch,
> > but I wonder why.
> 
> My concern is how libvirt/virt-manger (or other UI) presents
> slot status to operators/users.

They currently present free/busy status just by looking at info pci.
Maybe that is enough.

My concern is rather with the eject hack above: the add/delete
API maps reasonably to _EJ0 interface, but isn't generic enough
for SHPC. We'll need a better API for that.

> > > - QMP events for LED on/off
> > 
> > There's also blink :)
> > 
> > > 
> > > thanks,
> > 
> > I'm concerned that a guest can flood the management with such events.
> > It's better to send a single "LED change" event, then we
> > can suppress further events until next "get LED status" command.
> 
> Makes sense.
> 
> > 
> > > > Signed-off-by: Michael S. Tsirkin 
> > > > ---
> > > >  Makefile.objs |1 +
> > > >  hw/pci.h  |6 +
> > > >  hw/shpc.c |  646 
> > > > +
> > > >  hw/shpc.h |   40 
> > > >  qemu-common.h |1 +
> > > >  5 files changed, 694 insertions(+), 0 deletions(-)
> > > >  create mode 100644 hw/shpc.c
> > > >  create mode 100644 hw/shpc.h
> > > > 
> > > > diff --git a/Makefile.objs b/Makefile.objs
> > > > index 391e524..4546477 100644
> > > > --- a/Makefile.objs
> > > > +++ b/Makefile.objs
> > > > @@ -195,6 +195,7 @@ hw-obj-$(CONFIG_VIRTIO_PCI) += virtio-pci.o
> > > >  hw-obj-y += fw_cfg.o
> > > >  hw-obj-$(CONFIG_PCI) += pci.o pci_bridge.o
> > > >  hw-obj-$(CONFIG_PCI) += msix.o msi.o
> > > > +hw-obj-$(CONFIG_PCI) += shpc.o
> > > >  hw-obj-$(CONFIG_PCI) += pci_host.o pcie_host.o
> > > >  hw-obj-$(CONFIG_PCI) += ioh3420.o xio3130_upstream.o 
> > > > xio3130_downstream.o
> > > >  hw-obj-y += watchdog.o
> > > > diff --git a/hw/pci.h b/hw/pci.h
> > > > index 33b0b18..756577e 100644
> > > > --- a/hw/pci.h
> > > > +++ b/hw/pci.h
> > > > @@ -125,6 +125,9 @@ enum {
> > > >  /* command register SERR bit enabled */
> > > >  #define QEMU_PCI_CAP_SERR_BITNR 4
> > > >  QEMU_PCI_CAP_SERR = (1 << QEMU_PCI_CAP_SERR_BITNR),
> > > > +/* Standard hot plug controller. */
> > > > +#define QEMU_PCI_SHPC_BITNR 5
> > > > +QEMU_PCI_CAP_SHPC = (1 << QEMU_PCI_SHPC_BITNR),
> > > >  };
> > > >  
> > > >  #define TYPE_PCI_DEVICE "pci-device"
> > > > @@ -229,6 +232,9 @@ struct PCIDevice {
> > > >  /* PCI Express */
> > > >  PCIExpressDevice exp;
> > > >  
> > > > +/* SHPC */
> > > > +SHPCDevice *shpc;
> > > > +
> > > >  /* Location of option rom */
> > > >  char *romfile;
> > > >  bool has_rom;
> > > > diff --git a/hw/shpc.c b/hw/shpc.c
> > > > new file mode 100644
> > > > index 000..4baec29
> > > > --- /dev/null
> > > > +++ b/hw/shpc.c
> > > > @@ -0,0 +1,646 @@
> > > > +#include 
> > > > +#include 
> > > > +#include "range.h"
> > > > +#include "shpc.h"
> > > > +#include "pci.h"
> > > > +#include "pci_internals.h"
> > > > +
> > > > +/* TODO: model power only and disa

Re: [Qemu-devel] [PATCH 3/3] coroutine: adding enable/disable options for sigaltstack method

[Daniel P. Berrange]

On Mon, Feb 13, 2012 at 03:42:30PM +0100, Alex Barcelo wrote:
> It's possible to enable/disable sigaltstack, but it always has
> less priority than ucontext method (to force sigaltstack,
> ucontext has to be disabled).
> 
> Signed-off-by: Alex Barcelo 
> ---
>  Makefile.objs |4 
>  configure |   39 +++
>  2 files changed, 43 insertions(+), 0 deletions(-)
> 
> diff --git a/Makefile.objs b/Makefile.objs
> index 391e524..8874825 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -17,8 +17,12 @@ coroutine-obj-y += qemu-coroutine-sleep.o
>  ifeq ($(CONFIG_UCONTEXT_COROUTINE),y)
>  coroutine-obj-$(CONFIG_POSIX) += coroutine-ucontext.o
>  else
> +ifeq ($(CONFIG_SIGALTSTACK_COROUTINE),y)
> +coroutine-obj-$(CONFIG_POSIX) += coroutine-sigaltstack.o
> +else
>  coroutine-obj-$(CONFIG_POSIX) += coroutine-gthread.o
>  endif
> +endif
>  coroutine-obj-$(CONFIG_WIN32) += coroutine-win32.o
>  
>  ###
> diff --git a/configure b/configure
> index ed40da8..e9c27f3 100755
> --- a/configure
> +++ b/configure
> @@ -191,6 +191,7 @@ zlib="yes"
>  guest_agent="yes"
>  libiscsi=""
>  ucontext=""
> +sigaltstack=""
>  
>  # parse CC options first
>  for opt do
> @@ -803,6 +804,10 @@ for opt do
>;;
>--disable-ucontext) ucontext="no"
>;;
> +  --enable-sigaltstack) sigaltstack="yes"
> +  ;;
> +  --disable-sigaltstack) sigaltstack="no"
> +  ;;
>*) echo "ERROR: unknown option $opt"; show_help="yes"
>;;
>esac
> @@ -1091,6 +1096,8 @@ echo "  --disable-guest-agentdisable building of 
> the QEMU Guest Agent"
>  echo "  --enable-guest-agent enable building of the QEMU Guest Agent"
>  echo "  --disable-ucontext   disable ucontext functions for coroutines"
>  echo "  --enable-ucontextenable ucontext functions for coroutines"
> +echo "  --disable-sigaltstackdisable sigaltstack functions for 
> coroutines"
> +echo "  --enable-sigaltstackenable sigaltstack functions for coroutines"

Since the 3 different coroutine impls are mutually exclusive
choices, perhaps it'd be preferable to just have a single
configure argument like

   --with-couroutines=[ucontext|sigaltstack|gthread]

Thus avoiding the non-sensical scenario of the user specifying

   --enable-ucontext --enable-sigaltstack

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH 0/3] New sigaltstack method for coroutine

[Peter Maydell]

On 13 February 2012 14:42, Alex Barcelo  wrote:
> This series of patches implements coroutines method with
> sigaltstack.
>
> The flow of creation and management of the coroutines is
> quite similar to the coroutine-ucontext.c. The way to use
> sigaltstack to achieve the needed stack manipulation is
> done in a way quite similar to the GNU Portable Threads
> (file pth_mctx.c, variant 2).

So the obvious question here is why this should be a new
coroutine method rather than just replacing the ucontext one.
Having a tricky bit of code like the coroutine implementation
have multiple implementations is asking for the less-used
ones to bitrot, have undetected race conditions, etc. I would
much prefer it if we could have one standard implementation
that was used on all (unixy) platforms.

The ucontext implementation is problematic because makecontext
&co aren't implemented on all platforms (ARM Linux, and I think
at least one of the BSDs?). Is this sigaltstack approach
workable on a strict superset of the platforms that would
be able to use ucontext? Does it have any disadvantages that
would mean you wouldn't want to use it as a first choice
if you had ucontext?

-- PMM

Re: [Qemu-devel] [PATCH 1/3] coroutine: adding sigaltstack method (.c source)

[Paolo Bonzini]

On 02/13/2012 03:42 PM, Alex Barcelo wrote:

This file is based in both coroutine-ucontext.c and
pth_mctx.c (from the GNU Portable Threads library).

The mechanism used to change stacks is the sigaltstack
function (variant 2 of the pth library).

Signed-off-by: Alex Barcelo 
---
 coroutine-sigaltstack.c |  337 +++
 1 files changed, 337 insertions(+), 0 deletions(-)
 create mode 100644 coroutine-sigaltstack.c

diff --git a/coroutine-sigaltstack.c b/coroutine-sigaltstack.c
new file mode 100644
index 000..1d4f26d
--- /dev/null
+++ b/coroutine-sigaltstack.c
@@ -0,0 +1,337 @@
+/*
+ * sigaltstack coroutine initialization code
+ *
+ * Copyright (C) 2006  Anthony Liguori 
+ * Copyright (C) 2011  Kevin Wolf 
+ * Copyright (C) 2012  Alex Barcelo 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.0 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+/*
+** This file is partly based on pth_mctx.c, from the GNU Portable Threads
+**  Copyright (c) 1999-2006 Ralf S. Engelschall 
+**  Same license (version 2.1 or later)
+*/
+
+/* XXX Is there a nicer way to disable glibc's stack check for longjmp? */
+#ifdef _FORTIFY_SOURCE
+#undef _FORTIFY_SOURCE
+#endif
+#include 
+#include 
+#include 
+#include 
+#include 
+#include "qemu-common.h"
+#include "qemu-coroutine-int.h"
+
+enum {
+/* Maximum free pool size prevents holding too many freed coroutines */
+POOL_MAX_SIZE = 64,
+};
+
+/** Free list to speed up creation */
+static QLIST_HEAD(, Coroutine) pool = QLIST_HEAD_INITIALIZER(pool);
+static unsigned int pool_size;
+
+typedef struct {
+Coroutine base;
+void *stack;
+jmp_buf env;
+} CoroutineUContext;
+
+/**
+ * Per-thread coroutine bookkeeping
+ */
+typedef struct {
+/** Currently executing coroutine */
+Coroutine *current;
+
+/** The default coroutine */
+CoroutineUContext leader;
+} CoroutineThreadState;
+
+static pthread_key_t thread_state_key;
+
+/*
+ * the way to pass information to the signal handler (trampoline)
+ * It's not thread-safe, as can be seen, but there is no other simple way.
+ */
+static volatile jmp_buf  tr_reenter;
+static volatile sig_atomic_t tr_called;


Unlike pth, we can assume thread-local storage:   these should be placed 
in CoroutineThreadState and coroutine_get_thread_state() used to access 
them.



+/*
+ * Preserve the SIGUSR1 signal state, block SIGUSR1,
+ * and establish our signal handler. The signal will
+ * later transfer control onto the signal stack.
+ */


We're already using SIGUSR1.  Can you switch to SIGUSR2?


+sigemptyset(&sigs);
+sigaddset(&sigs, SIGUSR1);
+sigprocmask(SIG_BLOCK, &sigs, &osigs);


This should be pthread_sigmask.


+/*
+ * Restore the old SIGUSR1 signal handler and mask
+ */
+sigaction(SIGUSR1, &osa, NULL);
+sigprocmask(SIG_SETMASK, &osigs, NULL);
+
+/*
+ * Now enter the trampoline again, but this time not as a signal
+ * handler. Instead we jump into it directly. The functionally
+ * redundant ping-pong pointer arithmentic is neccessary to avoid
+ * type-conversion warnings related to the `volatile' qualifier and
+ * the fact that `jmp_buf' usually is an array type.
+ */
+if (!setjmp(old_env)) {
+longjmp(*((jmp_buf *)&tr_reenter), 1);
+}


Use thread-local storage and you'll be able to remove this ugliness,
too.

Overall it looks good, however I think if it is good it should replace 
coroutine-ucontext.c altogether.  Other thoughts?


Paolo

Re: [Qemu-devel] [PATCH 0/3] New sigaltstack method for coroutine

[Alex Barcelo]

On Mon, Feb 13, 2012 at 15:51, Peter Maydell  wrote:
> On 13 February 2012 14:42, Alex Barcelo  wrote:
>> This series of patches implements coroutines method with
>> sigaltstack.
>>
>> The flow of creation and management of the coroutines is
>> quite similar to the coroutine-ucontext.c. The way to use
>> sigaltstack to achieve the needed stack manipulation is
>> done in a way quite similar to the GNU Portable Threads
>> (file pth_mctx.c, variant 2).
>
> So the obvious question here is why this should be a new
> coroutine method rather than just replacing the ucontext one.

Well, you are right. I did this because I needed something for an
environment which doesn't have ucontext support[1] (and the fallback
was awful).

> Having a tricky bit of code like the coroutine implementation
> have multiple implementations is asking for the less-used
> ones to bitrot, have undetected race conditions, etc. I would
> much prefer it if we could have one standard implementation
> that was used on all (unixy) platforms.

ucontext seems the "modern good way" (as far as I have read)... but
it's not standard enough. And not very multiplatform, as I have seen.

> The ucontext implementation is problematic because makecontext
> &co aren't implemented on all platforms (ARM Linux, and I think
> at least one of the BSDs?). Is this sigaltstack approach
> workable on a strict superset of the platforms that would
> be able to use ucontext? Does it have any disadvantages that
> would mean you wouldn't want to use it as a first choice
> if you had ucontext?

This new implementation... well, it seems to work (I have done an
ubuntu installation with a cdrom and a qcow drive, which seems to use
quite a lot of coroutines). Of course I have done the coroutine-test
and it was OK. But... I wasn't confident enough to propose it as a
"mature alternative". And I don't have any performance benchmark,
which would be interesting. So, I thought that the better option would
be to send this patch to the developers as an alternative to ucontext.

The Portable Threads library use ucontext as the first variant, and
then sigaltstack as a fallback. Their comment (not sure if it's
useful)
/*
 * VARIANT 1: THE STANDARDIZED SVR4/SUSv2 APPROACH
 *
 * This is the preferred variant, because it uses the standardized
 * SVR4/SUSv2 makecontext(2) and friends which is a facility intended
 * for user-space context switching. The thread creation therefore is
 * straight-foreward.
 */

/*
 * VARIANT 2: THE SIGNAL STACK TRICK
 *
 * ...
 * The ingenious fact is that this variant runs really on _all_ POSIX
 * compliant systems without special platform kludges.  But be _VERY_
 * carefully when you change something in the following code. The slightest
 * change or reordering can lead to horribly broken code.  Really every
 * function call in the following case is intended to be how it is, doubt
 * me...
 *
 * For more details we strongly recommend you to read the companion
 * paper ``Portable Multithreading -- The Signal Stack Trick for
 * User-Space Thread Creation'' from Ralf S. Engelschall. A copy of the
 * draft of this paper you can find in the file rse-pmt.ps inside the
 * GNU Pth distribution.
 */

The Pth is capable to use sigstack if no sigaltstack is found in the
host. I have not implemented it, but should be reasonably
straightforward.

[1] In fact, I was trying to run a powerpc-crosscompiled i386-softmmu
inside a qemu-ppc linux-user (on a i386 box). And ppc linux-user
doesn't support the needed syscall for ucontext functions. So it was a
first step.

Re: [Qemu-devel] how could I analysis the trace log?

[Andreas Färber]

Hi,

Am 12.02.2012 05:32, schrieb Wei Yang:
> I enable the trace function with --enable-trace-backend=simple and I
> create the event file like this
> g_realloc
> g_malloc
> 
> Then I start the qemu with following command.
> ./i386-softmmu/qemu-system-i386 -enable-kvm -drive
> file=../../kvm/ubuntu.img -boot dc -m 512 -usb
>  -monitor stdio -trace events=qemu_trace_events,file=qemu_trace.log
> 
> After some run time, I run the script like:
> ./scripts/simpletrace.py qemu_trace_events_parse qemu_trace.log
> 
> The qemu_trace_events_parse is :
> g_realloc(addr)
> g_malloc(addr)
> 
> The output looks like:
> g_malloc 1.831 addr=0xb945d1f0
> g_malloc 2.498 addr=0xb945d1f0
> g_realloc 4.715 addr=0x10
> g_realloc 1.520 addr=0xc
> g_realloc 1.505 addr=0xc
> 
> The steps I used is correct?

Not quite. IIRC you need to pass in path/to/qemu/trace-events with the
full list of events you were using at the time of tracing (trace file
uses index of event). That file also contains a format string from which
you can infer what the arguments mean.

> I just guess the format of input events file of the simpletrace.py.

> For so many available events, how could I specify the format of all
> those events?

Not knowing Python too well myself, I just wrote a small analysis script
from scratch for my specific task, based on the simpletrace source code.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 3/3] coroutine: adding enable/disable options for sigaltstack method

[Alex Barcelo]

On Mon, Feb 13, 2012 at 15:49, Daniel P. Berrange  wrote:
> Since the 3 different coroutine impls are mutually exclusive
> choices, perhaps it'd be preferable to just have a single
> configure argument like
>
>   --with-couroutines=[ucontext|sigaltstack|gthread]
>
> Thus avoiding the non-sensical scenario of the user specifying
>
>   --enable-ucontext --enable-sigaltstack

Yes. Now that you mention it... it's the natural way. The v2 will be this way :)

Re: [Qemu-devel] [PATCH v4 07/11] trace: [tracetool] Rewrite event argument parsing

[Lluís Vilanova]

Harsh Bora writes:

> BTW, I am manually applying your changes on top of my patches as there were
> significant changes in my patches also. I will include your patches in my next
> series.

Excellent.


Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth

Re: [Qemu-devel] slirp-related crash

[Zhi Yong Wu]

On Mon, Feb 13, 2012 at 4:24 AM, Jan Kiszka  wrote:
> On 2012-02-12 19:34, Michael S. Tsirkin wrote:
>> It seems somewhat easy to crash qemu with slirp if we queue multiple packets.
>> I didn't investigate further yet so I don't know if this
>> is a regression. Anyone knowledgeable about slirp wants to take a look?
>>
>> /home/mst/qemu-test/bin/qemu-system-x86_64  -enable-kvm -m 1G -drive
>> file=/home/mst/rhel6.qcow2 -netdev user,id=bar -net
>> nic,netdev=bar,model=e1000,macaddr=52:54:00:12:34:57  -redir
>> tcp:8022::22  -vnc :1 -monitor stdio
>>
>> While guest is booting, quickly do this
>>
>> ssh localhost -p 8022
>> CTRL-C
>> ssh localhost -p 8022
>> CTRL-C
>> ssh localhost -p 8022
>> CTRL-C
>> ssh localhost -p 8022
>> CTRL-C
>
> Confirmed. A single canceled connection prior the interface setup is
> enough. Possibly something is not properly removed / cleaned up here.
> Will see if I find some time to debug, can't promise.
Interesting thing, pls give me some time, and i am trying to debug this issue.

>
> Jan
>
>>
>> When guest triest to bring up link,
>> qemu crashes:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x77e4f8a7 in slirp_insque (a=0x0, b=0x791681f0) at
>> slirp/misc.c:27
>> 27              element->qh_link = head->qh_link;
>> (gdb) where
>> #0  0x77e4f8a7 in slirp_insque (a=0x0, b=0x791681f0) at
>> slirp/misc.c:27
>> #1  0x77e4ddd8 in if_start (slirp=0x78b0e4f0) at
>> slirp/if.c:194
>> #2  0x77e51290 in slirp_select_poll (readfds=0x7fffdfe0,
>> writefds=
>>     0x7fffdf60, xfds=0x7fffdee0, select_error=0) at
>> slirp/slirp.c:588
>> #3  0x77e114c3 in main_loop_wait (nonblocking=> out>)
>>     at main-loop.c:466
>> #4  0x77e09ed4 in main_loop (argc=,
>>     argv=, envp=)
>>     at /home/mst/scm/qemu/vl.c:1482
>> #5  main (argc=, argv=,
>>     envp=) at /home/mst/scm/qemu/vl.c:3525
>> (gdb) p element
>> $1 = (struct quehead *) 0x0
>>
>>
>
>



-- 
Regards,

Zhi Yong Wu

Re: [Qemu-devel] [PATCH 2/3] coroutine: adding control flags (enable/disable) for ucontext compilation

[Kevin Wolf]

Am 13.02.2012 15:42, schrieb Alex Barcelo:
> Configure tries, as a default, ucontext functions for the
> coroutines. But now the user can force its use or disable
> it at all (enable and disable flags)
> 
> Signed-off-by: Alex Barcelo 

I think a better approach would be to have a
--coroutines=[ucontext|sigaltstack|gthread|windows] option, with the
appropriate default whereever it's possible to detect.

This would allow to build with gthread based coroutines even when
another option is available.

Kevin

[Qemu-devel] [PATCH] [m68k] Move helpers.h to helper.h

[Lluís Vilanova]

Provides a file naming scheme consistent with other targets.

Signed-off-by: Lluís Vilanova 
---
 target-m68k/helper.c|2 +-
 target-m68k/helper.h|   54 +++
 target-m68k/helpers.h   |   54 ---
 target-m68k/op_helper.c |2 +-
 target-m68k/translate.c |6 +++--
 5 files changed, 59 insertions(+), 59 deletions(-)
 create mode 100644 target-m68k/helper.h
 delete mode 100644 target-m68k/helpers.h

diff --git a/target-m68k/helper.c b/target-m68k/helper.c
index 674c8e6..123e1d9 100644
--- a/target-m68k/helper.c
+++ b/target-m68k/helper.c
@@ -26,7 +26,7 @@
 #include "qemu-common.h"
 #include "gdbstub.h"
 
-#include "helpers.h"
+#include "helper.h"
 
 #define SIGNBIT (1u << 31)
 
diff --git a/target-m68k/helper.h b/target-m68k/helper.h
new file mode 100644
index 000..cb8a0c7
--- /dev/null
+++ b/target-m68k/helper.h
@@ -0,0 +1,54 @@
+#include "def-helper.h"
+
+DEF_HELPER_1(bitrev, i32, i32)
+DEF_HELPER_1(ff1, i32, i32)
+DEF_HELPER_2(sats, i32, i32, i32)
+DEF_HELPER_2(divu, void, env, i32)
+DEF_HELPER_2(divs, void, env, i32)
+DEF_HELPER_3(addx_cc, i32, env, i32, i32)
+DEF_HELPER_3(subx_cc, i32, env, i32, i32)
+DEF_HELPER_3(shl_cc, i32, env, i32, i32)
+DEF_HELPER_3(shr_cc, i32, env, i32, i32)
+DEF_HELPER_3(sar_cc, i32, env, i32, i32)
+DEF_HELPER_2(xflag_lt, i32, i32, i32)
+DEF_HELPER_2(set_sr, void, env, i32)
+DEF_HELPER_3(movec, void, env, i32, i32)
+
+DEF_HELPER_2(f64_to_i32, f32, env, f64)
+DEF_HELPER_2(f64_to_f32, f32, env, f64)
+DEF_HELPER_2(i32_to_f64, f64, env, i32)
+DEF_HELPER_2(f32_to_f64, f64, env, f32)
+DEF_HELPER_2(iround_f64, f64, env, f64)
+DEF_HELPER_2(itrunc_f64, f64, env, f64)
+DEF_HELPER_2(sqrt_f64, f64, env, f64)
+DEF_HELPER_1(abs_f64, f64, f64)
+DEF_HELPER_1(chs_f64, f64, f64)
+DEF_HELPER_3(add_f64, f64, env, f64, f64)
+DEF_HELPER_3(sub_f64, f64, env, f64, f64)
+DEF_HELPER_3(mul_f64, f64, env, f64, f64)
+DEF_HELPER_3(div_f64, f64, env, f64, f64)
+DEF_HELPER_3(sub_cmp_f64, f64, env, f64, f64)
+DEF_HELPER_2(compare_f64, i32, env, f64)
+
+DEF_HELPER_3(mac_move, void, env, i32, i32)
+DEF_HELPER_3(macmulf, i64, env, i32, i32)
+DEF_HELPER_3(macmuls, i64, env, i32, i32)
+DEF_HELPER_3(macmulu, i64, env, i32, i32)
+DEF_HELPER_2(macsats, void, env, i32)
+DEF_HELPER_2(macsatu, void, env, i32)
+DEF_HELPER_2(macsatf, void, env, i32)
+DEF_HELPER_2(mac_set_flags, void, env, i32)
+DEF_HELPER_2(set_macsr, void, env, i32)
+DEF_HELPER_2(get_macf, i32, env, i64)
+DEF_HELPER_1(get_macs, i32, i64)
+DEF_HELPER_1(get_macu, i32, i64)
+DEF_HELPER_2(get_mac_extf, i32, env, i32)
+DEF_HELPER_2(get_mac_exti, i32, env, i32)
+DEF_HELPER_3(set_mac_extf, void, env, i32, i32)
+DEF_HELPER_3(set_mac_exts, void, env, i32, i32)
+DEF_HELPER_3(set_mac_extu, void, env, i32, i32)
+
+DEF_HELPER_2(flush_flags, void, env, i32)
+DEF_HELPER_1(raise_exception, void, i32)
+
+#include "def-helper.h"
diff --git a/target-m68k/helpers.h b/target-m68k/helpers.h
deleted file mode 100644
index cb8a0c7..000
--- a/target-m68k/helpers.h
+++ /dev/null
@@ -1,54 +0,0 @@
-#include "def-helper.h"
-
-DEF_HELPER_1(bitrev, i32, i32)
-DEF_HELPER_1(ff1, i32, i32)
-DEF_HELPER_2(sats, i32, i32, i32)
-DEF_HELPER_2(divu, void, env, i32)
-DEF_HELPER_2(divs, void, env, i32)
-DEF_HELPER_3(addx_cc, i32, env, i32, i32)
-DEF_HELPER_3(subx_cc, i32, env, i32, i32)
-DEF_HELPER_3(shl_cc, i32, env, i32, i32)
-DEF_HELPER_3(shr_cc, i32, env, i32, i32)
-DEF_HELPER_3(sar_cc, i32, env, i32, i32)
-DEF_HELPER_2(xflag_lt, i32, i32, i32)
-DEF_HELPER_2(set_sr, void, env, i32)
-DEF_HELPER_3(movec, void, env, i32, i32)
-
-DEF_HELPER_2(f64_to_i32, f32, env, f64)
-DEF_HELPER_2(f64_to_f32, f32, env, f64)
-DEF_HELPER_2(i32_to_f64, f64, env, i32)
-DEF_HELPER_2(f32_to_f64, f64, env, f32)
-DEF_HELPER_2(iround_f64, f64, env, f64)
-DEF_HELPER_2(itrunc_f64, f64, env, f64)
-DEF_HELPER_2(sqrt_f64, f64, env, f64)
-DEF_HELPER_1(abs_f64, f64, f64)
-DEF_HELPER_1(chs_f64, f64, f64)
-DEF_HELPER_3(add_f64, f64, env, f64, f64)
-DEF_HELPER_3(sub_f64, f64, env, f64, f64)
-DEF_HELPER_3(mul_f64, f64, env, f64, f64)
-DEF_HELPER_3(div_f64, f64, env, f64, f64)
-DEF_HELPER_3(sub_cmp_f64, f64, env, f64, f64)
-DEF_HELPER_2(compare_f64, i32, env, f64)
-
-DEF_HELPER_3(mac_move, void, env, i32, i32)
-DEF_HELPER_3(macmulf, i64, env, i32, i32)
-DEF_HELPER_3(macmuls, i64, env, i32, i32)
-DEF_HELPER_3(macmulu, i64, env, i32, i32)
-DEF_HELPER_2(macsats, void, env, i32)
-DEF_HELPER_2(macsatu, void, env, i32)
-DEF_HELPER_2(macsatf, void, env, i32)
-DEF_HELPER_2(mac_set_flags, void, env, i32)
-DEF_HELPER_2(set_macsr, void, env, i32)
-DEF_HELPER_2(get_macf, i32, env, i64)
-DEF_HELPER_1(get_macs, i32, i64)
-DEF_HELPER_1(get_macu, i32, i64)
-DEF_HELPER_2(get_mac_extf, i32, env, i32)
-DEF_HELPER_2(get_mac_exti, i32, env, i32)
-DEF_HELPER_3(set_mac_extf, void, env, i32, i32)
-DEF_HELPER_3(set_mac_exts, void, env, i32, i32)
-DEF_HELPER_3(set_mac_extu, void, env, i32, i32)
-
-DEF_HELPER_2(flush_flags, void, env, i32)
-DEF_HELPER_

[Qemu-devel] [PATCH] [s390] Move helpers.h to helper.h

[Lluís Vilanova]

Provides a file naming scheme consistent with other targets.

Signed-off-by: Lluís Vilanova 
---
 target-s390x/helper.h|  152 ++
 target-s390x/helpers.h   |  152 --
 target-s390x/op_helper.c |2 -
 target-s390x/translate.c |4 +
 4 files changed, 155 insertions(+), 155 deletions(-)
 create mode 100644 target-s390x/helper.h
 delete mode 100644 target-s390x/helpers.h

diff --git a/target-s390x/helper.h b/target-s390x/helper.h
new file mode 100644
index 000..01c8d0e
--- /dev/null
+++ b/target-s390x/helper.h
@@ -0,0 +1,152 @@
+#include "def-helper.h"
+
+DEF_HELPER_1(exception, void, i32)
+DEF_HELPER_3(nc, i32, i32, i64, i64)
+DEF_HELPER_3(oc, i32, i32, i64, i64)
+DEF_HELPER_3(xc, i32, i32, i64, i64)
+DEF_HELPER_3(mvc, void, i32, i64, i64)
+DEF_HELPER_3(clc, i32, i32, i64, i64)
+DEF_HELPER_2(mvcl, i32, i32, i32)
+DEF_HELPER_FLAGS_1(set_cc_comp_s32, TCG_CALL_PURE|TCG_CALL_CONST, i32, s32)
+DEF_HELPER_FLAGS_1(set_cc_comp_s64, TCG_CALL_PURE|TCG_CALL_CONST, i32, s64)
+DEF_HELPER_FLAGS_2(set_cc_icm, TCG_CALL_PURE|TCG_CALL_CONST, i32, i32, i32)
+DEF_HELPER_3(clm, i32, i32, i32, i64)
+DEF_HELPER_3(stcm, void, i32, i32, i64)
+DEF_HELPER_2(mlg, void, i32, i64)
+DEF_HELPER_2(dlg, void, i32, i64)
+DEF_HELPER_FLAGS_3(set_cc_add64, TCG_CALL_PURE|TCG_CALL_CONST, i32, s64, s64, 
s64)
+DEF_HELPER_FLAGS_3(set_cc_addu64, TCG_CALL_PURE|TCG_CALL_CONST, i32, i64, i64, 
i64)
+DEF_HELPER_FLAGS_3(set_cc_add32, TCG_CALL_PURE|TCG_CALL_CONST, i32, s32, s32, 
s32)
+DEF_HELPER_FLAGS_3(set_cc_addu32, TCG_CALL_PURE|TCG_CALL_CONST, i32, i32, i32, 
i32)
+DEF_HELPER_FLAGS_3(set_cc_sub64, TCG_CALL_PURE|TCG_CALL_CONST, i32, s64, s64, 
s64)
+DEF_HELPER_FLAGS_3(set_cc_subu64, TCG_CALL_PURE|TCG_CALL_CONST, i32, i64, i64, 
i64)
+DEF_HELPER_FLAGS_3(set_cc_sub32, TCG_CALL_PURE|TCG_CALL_CONST, i32, s32, s32, 
s32)
+DEF_HELPER_FLAGS_3(set_cc_subu32, TCG_CALL_PURE|TCG_CALL_CONST, i32, i32, i32, 
i32)
+DEF_HELPER_3(srst, i32, i32, i32, i32)
+DEF_HELPER_3(clst, i32, i32, i32, i32)
+DEF_HELPER_3(mvpg, void, i64, i64, i64)
+DEF_HELPER_3(mvst, void, i32, i32, i32)
+DEF_HELPER_3(csg, i32, i32, i64, i32)
+DEF_HELPER_3(cdsg, i32, i32, i64, i32)
+DEF_HELPER_3(cs, i32, i32, i64, i32)
+DEF_HELPER_4(ex, i32, i32, i64, i64, i64)
+DEF_HELPER_FLAGS_1(abs_i32, TCG_CALL_PURE|TCG_CALL_CONST, i32, s32)
+DEF_HELPER_FLAGS_1(nabs_i32, TCG_CALL_PURE|TCG_CALL_CONST, s32, s32)
+DEF_HELPER_FLAGS_1(abs_i64, TCG_CALL_PURE|TCG_CALL_CONST, i64, s64)
+DEF_HELPER_FLAGS_1(nabs_i64, TCG_CALL_PURE|TCG_CALL_CONST, s64, s64)
+DEF_HELPER_3(stcmh, void, i32, i64, i32)
+DEF_HELPER_3(icmh, i32, i32, i64, i32)
+DEF_HELPER_2(ipm, void, i32, i32)
+DEF_HELPER_FLAGS_3(addc_u32, TCG_CALL_PURE|TCG_CALL_CONST, i32, i32, i32, i32)
+DEF_HELPER_FLAGS_3(set_cc_addc_u64, TCG_CALL_PURE|TCG_CALL_CONST, i32, i64, 
i64, i64)
+DEF_HELPER_3(stam, void, i32, i64, i32)
+DEF_HELPER_3(lam, void, i32, i64, i32)
+DEF_HELPER_3(mvcle, i32, i32, i64, i32)
+DEF_HELPER_3(clcle, i32, i32, i64, i32)
+DEF_HELPER_3(slb, i32, i32, i32, i32)
+DEF_HELPER_4(slbg, i32, i32, i32, i64, i64)
+DEF_HELPER_2(cefbr, void, i32, s32)
+DEF_HELPER_2(cdfbr, void, i32, s32)
+DEF_HELPER_2(cxfbr, void, i32, s32)
+DEF_HELPER_2(cegbr, void, i32, s64)
+DEF_HELPER_2(cdgbr, void, i32, s64)
+DEF_HELPER_2(cxgbr, void, i32, s64)
+DEF_HELPER_2(adbr, i32, i32, i32)
+DEF_HELPER_2(aebr, i32, i32, i32)
+DEF_HELPER_2(sebr, i32, i32, i32)
+DEF_HELPER_2(sdbr, i32, i32, i32)
+DEF_HELPER_2(debr, void, i32, i32)
+DEF_HELPER_2(dxbr, void, i32, i32)
+DEF_HELPER_2(mdbr, void, i32, i32)
+DEF_HELPER_2(mxbr, void, i32, i32)
+DEF_HELPER_2(ldebr, void, i32, i32)
+DEF_HELPER_2(ldxbr, void, i32, i32)
+DEF_HELPER_2(lxdbr, void, i32, i32)
+DEF_HELPER_2(ledbr, void, i32, i32)
+DEF_HELPER_2(lexbr, void, i32, i32)
+DEF_HELPER_2(lpebr, i32, i32, i32)
+DEF_HELPER_2(lpdbr, i32, i32, i32)
+DEF_HELPER_2(lpxbr, i32, i32, i32)
+DEF_HELPER_2(ltebr, i32, i32, i32)
+DEF_HELPER_2(ltdbr, i32, i32, i32)
+DEF_HELPER_2(ltxbr, i32, i32, i32)
+DEF_HELPER_2(lcebr, i32, i32, i32)
+DEF_HELPER_2(lcdbr, i32, i32, i32)
+DEF_HELPER_2(lcxbr, i32, i32, i32)
+DEF_HELPER_2(aeb, void, i32, i32)
+DEF_HELPER_2(deb, void, i32, i32)
+DEF_HELPER_2(meeb, void, i32, i32)
+DEF_HELPER_2(cdb, i32, i32, i64)
+DEF_HELPER_2(adb, i32, i32, i64)
+DEF_HELPER_2(seb, void, i32, i32)
+DEF_HELPER_2(sdb, i32, i32, i64)
+DEF_HELPER_2(mdb, void, i32, i64)
+DEF_HELPER_2(ddb, void, i32, i64)
+DEF_HELPER_FLAGS_2(cebr, TCG_CALL_PURE, i32, i32, i32)
+DEF_HELPER_FLAGS_2(cdbr, TCG_CALL_PURE, i32, i32, i32)
+DEF_HELPER_FLAGS_2(cxbr, TCG_CALL_PURE, i32, i32, i32)
+DEF_HELPER_3(cgebr, i32, i32, i32, i32)
+DEF_HELPER_3(cgdbr, i32, i32, i32, i32)
+DEF_HELPER_3(cgxbr, i32, i32, i32, i32)
+DEF_HELPER_1(lzer, void, i32)
+DEF_HELPER_1(lzdr, void, i32)
+DEF_HELPER_1(lzxr, void, i32)
+DEF_HELPER_3(cfebr, i32, i32, i32, i32)
+DEF_HELPER_3(cfdbr, i32, i32, i32, i32)
+DEF_HELPER_3(cfxbr, i32, i32, i32, i32)
+DEF_HELPER_2(axbr, i32, i32, i32)
+DEF_HELPER

[Qemu-devel] [PATCH] [xtensa] Move helpers.h to helper.h

[Lluís Vilanova]

Provides a file naming scheme consistent with other targets.

Signed-off-by: Lluís Vilanova 
---
 target-xtensa/helper.h|   32 
 target-xtensa/helpers.h   |   32 
 target-xtensa/op_helper.c |2 +-
 target-xtensa/translate.c |6 +++---
 xtensa-semi.c |2 +-
 5 files changed, 37 insertions(+), 37 deletions(-)
 create mode 100644 target-xtensa/helper.h
 delete mode 100644 target-xtensa/helpers.h

diff --git a/target-xtensa/helper.h b/target-xtensa/helper.h
new file mode 100644
index 000..09ab332
--- /dev/null
+++ b/target-xtensa/helper.h
@@ -0,0 +1,32 @@
+#include "def-helper.h"
+
+DEF_HELPER_1(exception, void, i32)
+DEF_HELPER_2(exception_cause, void, i32, i32)
+DEF_HELPER_3(exception_cause_vaddr, void, i32, i32, i32)
+DEF_HELPER_1(nsa, i32, i32)
+DEF_HELPER_1(nsau, i32, i32)
+DEF_HELPER_1(wsr_windowbase, void, i32)
+DEF_HELPER_3(entry, void, i32, i32, i32)
+DEF_HELPER_1(retw, i32, i32)
+DEF_HELPER_1(rotw, void, i32)
+DEF_HELPER_2(window_check, void, i32, i32)
+DEF_HELPER_0(restore_owb, void)
+DEF_HELPER_1(movsp, void, i32)
+DEF_HELPER_1(wsr_lbeg, void, i32)
+DEF_HELPER_1(wsr_lend, void, i32)
+DEF_HELPER_1(simcall, void, env)
+DEF_HELPER_0(dump_state, void)
+
+DEF_HELPER_2(waiti, void, i32, i32)
+DEF_HELPER_2(timer_irq, void, i32, i32)
+DEF_HELPER_1(advance_ccount, void, i32)
+DEF_HELPER_1(check_interrupts, void, env)
+
+DEF_HELPER_1(wsr_rasid, void, i32)
+DEF_HELPER_2(rtlb0, i32, i32, i32)
+DEF_HELPER_2(rtlb1, i32, i32, i32)
+DEF_HELPER_2(itlb, void, i32, i32)
+DEF_HELPER_2(ptlb, i32, i32, i32)
+DEF_HELPER_3(wtlb, void, i32, i32, i32)
+
+#include "def-helper.h"
diff --git a/target-xtensa/helpers.h b/target-xtensa/helpers.h
deleted file mode 100644
index 09ab332..000
--- a/target-xtensa/helpers.h
+++ /dev/null
@@ -1,32 +0,0 @@
-#include "def-helper.h"
-
-DEF_HELPER_1(exception, void, i32)
-DEF_HELPER_2(exception_cause, void, i32, i32)
-DEF_HELPER_3(exception_cause_vaddr, void, i32, i32, i32)
-DEF_HELPER_1(nsa, i32, i32)
-DEF_HELPER_1(nsau, i32, i32)
-DEF_HELPER_1(wsr_windowbase, void, i32)
-DEF_HELPER_3(entry, void, i32, i32, i32)
-DEF_HELPER_1(retw, i32, i32)
-DEF_HELPER_1(rotw, void, i32)
-DEF_HELPER_2(window_check, void, i32, i32)
-DEF_HELPER_0(restore_owb, void)
-DEF_HELPER_1(movsp, void, i32)
-DEF_HELPER_1(wsr_lbeg, void, i32)
-DEF_HELPER_1(wsr_lend, void, i32)
-DEF_HELPER_1(simcall, void, env)
-DEF_HELPER_0(dump_state, void)
-
-DEF_HELPER_2(waiti, void, i32, i32)
-DEF_HELPER_2(timer_irq, void, i32, i32)
-DEF_HELPER_1(advance_ccount, void, i32)
-DEF_HELPER_1(check_interrupts, void, env)
-
-DEF_HELPER_1(wsr_rasid, void, i32)
-DEF_HELPER_2(rtlb0, i32, i32, i32)
-DEF_HELPER_2(rtlb1, i32, i32, i32)
-DEF_HELPER_2(itlb, void, i32, i32)
-DEF_HELPER_2(ptlb, i32, i32, i32)
-DEF_HELPER_3(wtlb, void, i32, i32, i32)
-
-#include "def-helper.h"
diff --git a/target-xtensa/op_helper.c b/target-xtensa/op_helper.c
index 0605611..2c3dc2e 100644
--- a/target-xtensa/op_helper.c
+++ b/target-xtensa/op_helper.c
@@ -27,7 +27,7 @@
 
 #include "cpu.h"
 #include "dyngen-exec.h"
-#include "helpers.h"
+#include "helper.h"
 #include "host-utils.h"
 
 static void do_unaligned_access(target_ulong addr, int is_write, int is_user,
diff --git a/target-xtensa/translate.c b/target-xtensa/translate.c
index c81450d..8b9d9ed 100644
--- a/target-xtensa/translate.c
+++ b/target-xtensa/translate.c
@@ -37,9 +37,9 @@
 #include "qemu-log.h"
 #include "sysemu.h"
 
-#include "helpers.h"
+#include "helper.h"
 #define GEN_HELPER 1
-#include "helpers.h"
+#include "helper.h"
 
 typedef struct DisasContext {
 const XtensaConfig *config;
@@ -169,7 +169,7 @@ void xtensa_translate_init(void)
 }
 }
 #define GEN_HELPER 2
-#include "helpers.h"
+#include "helper.h"
 }
 
 static inline bool option_bits_enabled(DisasContext *dc, uint64_t opt)
diff --git a/xtensa-semi.c b/xtensa-semi.c
index ba0e828..21d1912 100644
--- a/xtensa-semi.c
+++ b/xtensa-semi.c
@@ -31,7 +31,7 @@
 #include 
 #include "cpu.h"
 #include "dyngen-exec.h"
-#include "helpers.h"
+#include "helper.h"
 #include "qemu-log.h"
 
 enum {

Re: [Qemu-devel] [PATCH 1/3] coroutine: adding sigaltstack method (.c source)

[Andreas Färber]

Am 13.02.2012 15:42, schrieb Alex Barcelo:
> This file is based in both coroutine-ucontext.c and
> pth_mctx.c (from the GNU Portable Threads library).
> 
> The mechanism used to change stacks is the sigaltstack
> function (variant 2 of the pth library).
> 
> Signed-off-by: Alex Barcelo 
> ---
>  coroutine-sigaltstack.c |  337 
> +++
>  1 files changed, 337 insertions(+), 0 deletions(-)
>  create mode 100644 coroutine-sigaltstack.c
> 
> diff --git a/coroutine-sigaltstack.c b/coroutine-sigaltstack.c
> new file mode 100644
> index 000..1d4f26d
> --- /dev/null
> +++ b/coroutine-sigaltstack.c
> @@ -0,0 +1,337 @@
> +/*
> + * sigaltstack coroutine initialization code
> + *
> + * Copyright (C) 2006  Anthony Liguori 
> + * Copyright (C) 2011  Kevin Wolf 
> + * Copyright (C) 2012  Alex Barcelo 
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2.0 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see 
> .
> + */
> +
> +/*
> +** This file is partly based on pth_mctx.c, from the GNU Portable Threads
> +**  Copyright (c) 1999-2006 Ralf S. Engelschall 
> +**  Same license (version 2.1 or later)
> +*/

You should (need to?) use version 2.1 or later above then, too. You can
then simply move this snippet up and drop the "Same license ..." line.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 1/3] coroutine: adding sigaltstack method (.c source)

[Alex Barcelo]

On Mon, Feb 13, 2012 at 16:57, Andreas Färber  wrote:
> You should (need to?) use version 2.1 or later above then, too. You can
> then simply move this snippet up and drop the "Same license ..." line.

I wanted to ask this, but it slipped my mind. So it's ok to change the
header to a newer GNU version. I will update it in the PATCH v2.

[Qemu-devel] [PATCH V6 00/11] Xen PCI Passthrough

[Anthony PERARD]

Hi all,

This patch series introduces the PCI passthrough for Xen.

First, we have HostPCIDevice that help to access one PCI device of the host.

Then, there is an additions in the QEMU code, pci_check_bar_overlap.

There are also several change in pci_ids and pci_regs.

Last part, but not least, the PCI passthrough device himself. Cut in 3 parts
(or file), there is one to take care of the initialisation of a passthrough
device. The second one handle everything about the config address space, there
are specifics functions for every config register. The third one is to handle
MSI.

There is a patch series on xen-devel (applied to xen-unstable) that add the
support of setting a PCI passthrough device through QMP from libxl (xen tool
stack). It is just a call to device_add, with the driver parametter
hostaddr=":07:00.1".


Change since last time:
  - msitraslate code have been removed.
  - code for the power management capability is removed, but will be re-added
for the next version of the patch series as a separate patch.

  - new patch to remove a check in pci_parse_devaddr.
  - use pci_default_config_write, so no more hack to handle the BAR mapping in
QEMU.
  - improve the code in general (a bit more comprehensible).
  - update to QOM.


Change v4-v5:
  - return -errno if there is an error in host_pci_get_*
  - rename internal function get_value to get_hex_value (and return the same
error value has get_resource)

Change v3-v4:
  - host_pci_get_* can now return an error, and take an extra parameter, a
pointer to store the wanted value.
  - The memory_region for the PCI BAR are handled "manualy" because calling
pci_default_write_config was not possible, because the XenPT handle the
PCIIORegion it self. This make possible to do a device_remove.
  - Introduction of PT_ERR and PT_WARN macro to print debug and error messages.
Also, these macro as well as PT_LOG will always print the short BDF of the
device in the guest point of view.
  - PT_ERR is print by default (for all error messages).
  - Some debug/error message have been improve and should be a bit more useful.
  - hw_error have been removed from the code, and have been replaced by either
a call to qemu_system_shudown_request() (that lead to a domain destroy) or
a failed in the initialisation of the device.
  - Now, every patchs should compile with no error.

Change v2-v3;
  - in host-pci-device.c:
- Return more usefull error code in get_ressource().
- Use macro in host_pci_find_ext_cap_offset instead of raw number. But I
  still not sure if PCI_MAX_EXT_CAP is right, it's result is 480 like it
  was before, so it's maybe ok.
  - All use of MSI stuff in two first pci passthrough patch have been removed
and move to the last patch.

Change v1-v2:
  - fix style issue (checkpatch.pl)
  - set the original authors, add some missing copyright headers
  - HostPCIDevice:
- introduce HostPCIIORegions (with base_addr, size, flags)
- save all flags from ./resource and store it in a separate field.
- fix endianess on write
- new host_pci_dev_put function
- use pci.c like interface host_pci_get/set_byte/word/long (instead of
  host_pci_read/write_)
  - compile HostPCIDevice only on linux (as well as xen_pci_passthrough)
  - introduce apic-msidef.h file.
  - no more run_one_timer, if a pci device is in the middle of a power
transition, just "return an error" in config read/write
  - use a global var mapped_machine_irq (local to xen_pci_passthrough.c)
  - add msitranslate and power-mgmt ad qdev property




Allen Kay (2):
  Introduce Xen PCI Passthrough, qdevice (1/3)
  Introduce Xen PCI Passthrough, PCI config space helpers (2/3)

Anthony PERARD (7):
  pci_ids: Add INTEL_82599_VF id.
  pci_regs: Fix value of PCI_EXP_TYPE_RC_EC.
  pci_regs: Add PCI_EXP_TYPE_PCIE_BRIDGE
  configure: Introduce --enable-xen-pci-passthrough.
  Introduce HostPCIDevice to access a pci device on the host.
  Introduce apic-msidef.h
  pci: Do not check if a bus exist in pci_parse_devaddr.

Jiang Yunhong (1):
  Introduce Xen PCI Passthrough, MSI (3/3)

Yuji Shimada (1):
  pci.c: Add pci_check_bar_overlap

 Makefile.target  |6 +
 configure|   25 +
 hw/apic-msidef.h |   30 +
 hw/apic.c|   11 +-
 hw/host-pci-device.c |  278 +
 hw/host-pci-device.h |   75 ++
 hw/pci.c |   51 +-
 hw/pci.h |3 +
 hw/pci_ids.h |1 +
 hw/pci_regs.h|3 +-
 hw/xen_common.h  |3 +
 hw/xen_pci_passthrough.c |  856 +++
 hw/xen_pci_passthrough.h |  313 ++
 hw/xen_pci_passthrough_config_init.c | 1972 ++
 hw/xen_pci_passthrough_msi.c |  667 
 xen-all.c|   

[Qemu-devel] [PATCH V6 04/11] configure: Introduce --enable-xen-pci-passthrough.

[Anthony PERARD]

Signed-off-by: Anthony PERARD 
---
 configure |   25 +
 1 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/configure b/configure
index 763db24..0787992 100755
--- a/configure
+++ b/configure
@@ -132,6 +132,7 @@ vnc_png=""
 vnc_thread="no"
 xen=""
 xen_ctrl_version=""
+xen_pci_passthrough=""
 linux_aio=""
 cap_ng=""
 attr=""
@@ -657,6 +658,10 @@ for opt do
   ;;
   --enable-xen) xen="yes"
   ;;
+  --disable-xen-pci-passthrough) xen_pci_passthrough="no"
+  ;;
+  --enable-xen-pci-passthrough) xen_pci_passthrough="yes"
+  ;;
   --disable-brlapi) brlapi="no"
   ;;
   --enable-brlapi) brlapi="yes"
@@ -1005,6 +1010,8 @@ echo "   (affects only QEMU, not 
qemu-img)"
 echo "  --enable-mixemu  enable mixer emulation"
 echo "  --disable-xendisable xen backend driver support"
 echo "  --enable-xen enable xen backend driver support"
+echo "  --disable-xen-pci-passthrough"
+echo "  --enable-xen-pci-passthrough"
 echo "  --disable-brlapi disable BrlAPI"
 echo "  --enable-brlapi  enable BrlAPI"
 echo "  --disable-vnc-tlsdisable TLS encryption for VNC server"
@@ -1458,6 +1465,21 @@ EOF
   fi
 fi
 
+if test "$xen_pci_passthrough" != "no"; then
+  if test "$xen" = "yes" && test "$linux" = "yes"; then
+xen_pci_passthrough=yes
+  else
+if test "$xen_pci_passthrough" = "yes"; then
+  echo "ERROR"
+  echo "ERROR: User requested feature Xen PCI Passthrough"
+  echo "ERROR: but this feature require /sys from Linux"
+  echo "ERROR"
+  exit 1;
+fi
+xen_pci_passthrough=no
+  fi
+fi
+
 ##
 # pkg-config probe
 
@@ -3592,6 +3614,9 @@ case "$target_arch2" in
 if test "$xen" = "yes" -a "$target_softmmu" = "yes" ; then
   target_phys_bits=64
   echo "CONFIG_XEN=y" >> $config_target_mak
+  if test "$xen_pci_passthrough" = yes; then
+echo "CONFIG_XEN_PCI_PASSTHROUGH=y" >> "$config_target_mak"
+  fi
 else
   echo "CONFIG_NO_XEN=y" >> $config_target_mak
 fi
-- 
Anthony PERARD

[Qemu-devel] [PATCH V6 02/11] pci_regs: Fix value of PCI_EXP_TYPE_RC_EC.

[Anthony PERARD]

Value check in PCI Express Base Specification rev 1.1

Signed-off-by: Anthony PERARD 
---
 hw/pci_regs.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/pci_regs.h b/hw/pci_regs.h
index e8357c3..6b42515 100644
--- a/hw/pci_regs.h
+++ b/hw/pci_regs.h
@@ -393,7 +393,7 @@
 #define  PCI_EXP_TYPE_DOWNSTREAM 0x6   /* Downstream Port */
 #define  PCI_EXP_TYPE_PCI_BRIDGE 0x7   /* PCI/PCI-X Bridge */
 #define  PCI_EXP_TYPE_RC_END   0x9 /* Root Complex Integrated Endpoint */
-#define  PCI_EXP_TYPE_RC_EC0x10/* Root Complex Event Collector */
+#define  PCI_EXP_TYPE_RC_EC 0xa /* Root Complex Event Collector */
 #define PCI_EXP_FLAGS_SLOT 0x0100  /* Slot implemented */
 #define PCI_EXP_FLAGS_IRQ  0x3e00  /* Interrupt message number */
 #define PCI_EXP_DEVCAP 4   /* Device capabilities */
-- 
Anthony PERARD

[Qemu-devel] [PATCH V6 01/11] pci_ids: Add INTEL_82599_VF id.

[Anthony PERARD]

Signed-off-by: Anthony PERARD 
---
 hw/pci_ids.h |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/hw/pci_ids.h b/hw/pci_ids.h
index e8235a7..943106a 100644
--- a/hw/pci_ids.h
+++ b/hw/pci_ids.h
@@ -118,6 +118,7 @@
 #define PCI_DEVICE_ID_INTEL_82801I_UHCI6 0x2939
 #define PCI_DEVICE_ID_INTEL_82801I_EHCI1 0x293a
 #define PCI_DEVICE_ID_INTEL_82801I_EHCI2 0x293c
+#define PCI_DEVICE_ID_INTEL_82599_VF 0x10ed
 
 #define PCI_VENDOR_ID_XEN   0x5853
 #define PCI_DEVICE_ID_XEN_PLATFORM  0x0001
-- 
Anthony PERARD

[Qemu-devel] [PATCH V6 06/11] pci.c: Add pci_check_bar_overlap

[Anthony PERARD]

From: Yuji Shimada 

This function helps Xen PCI Passthrough device to check for overlap.

Signed-off-by: Yuji Shimada 
Signed-off-by: Anthony PERARD 
---
 hw/pci.c |   47 +++
 hw/pci.h |3 +++
 2 files changed, 50 insertions(+), 0 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index 5f4f80e..ebb5de9 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -1985,6 +1985,53 @@ MemoryRegion *pci_address_space_io(PCIDevice *dev)
 return dev->bus->address_space_io;
 }
 
+int pci_check_bar_overlap(PCIDevice *dev,
+  pcibus_t addr, pcibus_t size, uint8_t type)
+{
+PCIBus *bus = dev->bus;
+PCIDevice *devices = NULL;
+PCIIORegion *r;
+int i, j;
+int rc = 0;
+
+/* check Overlapped to Base Address */
+for (i = 0; i < ARRAY_SIZE(bus->devices); i++) {
+devices = bus->devices[i];
+if (!devices) {
+continue;
+}
+
+/* skip itself */
+if (devices->devfn == dev->devfn) {
+continue;
+}
+
+for (j = 0; j < PCI_NUM_REGIONS; j++) {
+r = &devices->io_regions[j];
+
+/* skip different resource type, but don't skip when
+ * prefetch and non-prefetch memory are compared.
+ */
+if (type != r->type) {
+if (type & PCI_BASE_ADDRESS_SPACE_IO ||
+r->type & PCI_BASE_ADDRESS_SPACE_IO) {
+continue;
+}
+}
+
+if ((addr < (r->addr + r->size)) && ((addr + size) > r->addr)) {
+printf("Overlapped to device[%02x:%02x.%x][Region:%d]"
+   "[Address:%"PRIx64"h][Size:%"PRIx64"h]\n",
+   pci_bus_num(bus), PCI_SLOT(devices->devfn),
+   PCI_FUNC(devices->devfn), j, r->addr, r->size);
+rc = 1;
+}
+}
+}
+
+return rc;
+}
+
 static void pci_device_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *k = DEVICE_CLASS(klass);
diff --git a/hw/pci.h b/hw/pci.h
index 33b0b18..f05fda5 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -566,4 +566,7 @@ extern const VMStateDescription vmstate_pci_device;
 .offset = vmstate_offset_pointer(_state, _field, PCIDevice), \
 }
 
+int pci_check_bar_overlap(PCIDevice *dev,
+  pcibus_t addr, pcibus_t size, uint8_t type);
+
 #endif
-- 
Anthony PERARD

[Qemu-devel] [PATCH V6 08/11] Introduce Xen PCI Passthrough, PCI config space helpers (2/3)

[Anthony PERARD]

From: Allen Kay 

A more complete history can be found here:
git://xenbits.xensource.com/qemu-xen-unstable.git

Signed-off-by: Allen Kay 
Signed-off-by: Guy Zana 
Signed-off-by: Anthony PERARD 
---
 hw/xen_pci_passthrough.c |   10 +
 hw/xen_pci_passthrough.h |2 +
 hw/xen_pci_passthrough_config_init.c | 1481 ++
 3 files changed, 1493 insertions(+), 0 deletions(-)

diff --git a/hw/xen_pci_passthrough.c b/hw/xen_pci_passthrough.c
index 4ab1218..bdc3690 100644
--- a/hw/xen_pci_passthrough.c
+++ b/hw/xen_pci_passthrough.c
@@ -676,6 +676,13 @@ static int pt_initfn(PCIDevice *d)
 /* Handle real device's MMIO/PIO BARs */
 pt_register_regions(s);
 
+/* reinitialize each config register to be emulated */
+if (pt_config_init(s)) {
+PT_ERR(d, "PCI Config space initialisation failed.\n");
+host_pci_device_put(s->real_device);
+return -1;
+}
+
 /* Bind interrupt */
 if (!s->dev.config[PCI_INTERRUPT_PIN]) {
 PT_LOG(d, "no pin interrupt\n");
@@ -773,6 +780,9 @@ static int pt_unregister_device(PCIDevice *d)
 }
 }
 
+/* delete all emulated config registers */
+pt_config_delete(s);
+
 /* unregister real device's MMIO/PIO BARs */
 pt_unregister_regions(s);
 
diff --git a/hw/xen_pci_passthrough.h b/hw/xen_pci_passthrough.h
index 7a609b5..0b9902d 100644
--- a/hw/xen_pci_passthrough.h
+++ b/hw/xen_pci_passthrough.h
@@ -70,6 +70,8 @@ typedef int (*conf_byte_restore)
 #define PT_BAR_ALLF 0x  /* BAR ALLF value */
 #define PT_PCI_BAR_UNMAPPED (-1)
 
+#define PCI_CAP_MAX 48
+
 
 typedef enum {
 GRP_TYPE_HARDWIRED = 0, /* 0 Hardwired reg group */
diff --git a/hw/xen_pci_passthrough_config_init.c 
b/hw/xen_pci_passthrough_config_init.c
index 1e9de64..2fb27ff 100644
--- a/hw/xen_pci_passthrough_config_init.c
+++ b/hw/xen_pci_passthrough_config_init.c
@@ -1,11 +1,1492 @@
+/*
+ * Copyright (c) 2007, Neocleus Corporation.
+ * Copyright (c) 2007, Intel Corporation.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Alex Novik 
+ * Allen Kay 
+ * Guy Zana 
+ *
+ * This file implements direct PCI assignment to a HVM guest
+ */
+
+#include "qemu-timer.h"
+#include "xen_backend.h"
 #include "xen_pci_passthrough.h"
 
+#define PT_MERGE_VALUE(value, data, val_mask) \
+(((value) & (val_mask)) | ((data) & ~(val_mask)))
+
+#define PT_INVALID_REG  0x  /* invalid register value */
+
+/* prototype */
+
+static int pt_ptr_reg_init(XenPCIPassthroughState *s, XenPTRegInfo *reg,
+   uint32_t real_offset, uint32_t *data);
+
+
+/* helper */
+
+/* A return value of 1 means the capability should NOT be exposed to guest. */
+static int pt_hide_dev_cap(const HostPCIDevice *d, uint8_t grp_id)
+{
+switch (grp_id) {
+case PCI_CAP_ID_EXP:
+/* The PCI Express Capability Structure of the VF of Intel 82599 10GbE
+ * Controller looks trivial, e.g., the PCI Express Capabilities
+ * Register is 0. We should not try to expose it to guest.
+ *
+ * The datasheet is available at
+ * 
http://download.intel.com/design/network/datashts/82599_datasheet.pdf
+ *
+ * See 'Table 9.7. VF PCIe Configuration Space' of the datasheet, the
+ * PCI Express Capability Structure of the VF of Intel 82599 10GbE
+ * Controller looks trivial, e.g., the PCI Express Capabilities
+ * Register is 0, so the Capability Version is 0 and
+ * pt_pcie_size_init() would fail.
+ */
+if (d->vendor_id == PCI_VENDOR_ID_INTEL &&
+d->device_id == PCI_DEVICE_ID_INTEL_82599_VF) {
+return 1;
+}
+break;
+}
+return 0;
+}
+
+/*   find emulate register group entry */
 XenPTRegGroup *pt_find_reg_grp(XenPCIPassthroughState *s, uint32_t address)
 {
+XenPTRegGroup *entry = NULL;
+
+/* find register group entry */
+QLIST_FOREACH(entry, &s->reg_grp_tbl, entries) {
+/* check address */
+if ((entry->base_offset <= address)
+&& ((entry->base_offset + entry->size) > address)) {
+return entry;
+}
+}
+
+/* group entry not found */
 return NULL;
 }
 
+/* find emulate register entry */
 XenPTReg *pt_find_reg(XenPTRegGroup *reg_grp, uint32_t address)
 {
+XenPTReg *reg_entry = NULL;
+XenPTRegInfo *reg = NULL;
+uint32_t real_offset = 0;
+
+/* find register entry */
+QLIST_FOREACH(reg_entry, ®_grp->reg_tbl_list, entries) {
+reg = reg_entry->reg;
+real_offset = reg_grp->base_offset + reg->offset;
+/* check address */
+if ((real_offset <= address)
+&& ((real_offset + reg->size) > address)) {
+return reg_entry;
+}
+}
+
 return NULL;
 }
+
+/* parse BAR */
+static PTBarFlag pt_bar_reg_parse(XenPCIPassthr

[Qemu-devel] [PATCH V6 07/11] Introduce Xen PCI Passthrough, qdevice (1/3)

[Anthony PERARD]

From: Allen Kay 

A more complete history can be found here:
git://xenbits.xensource.com/qemu-xen-unstable.git

Signed-off-by: Allen Kay 
Signed-off-by: Guy Zana 
Signed-off-by: Anthony PERARD 
---
 Makefile.target  |2 +
 hw/xen_common.h  |3 +
 hw/xen_pci_passthrough.c |  814 ++
 hw/xen_pci_passthrough.h |  263 +++
 hw/xen_pci_passthrough_config_init.c |   11 +
 xen-all.c|   12 +
 6 files changed, 1105 insertions(+), 0 deletions(-)
 create mode 100644 hw/xen_pci_passthrough.c
 create mode 100644 hw/xen_pci_passthrough.h
 create mode 100644 hw/xen_pci_passthrough_config_init.c

diff --git a/Makefile.target b/Makefile.target
index 92f375b..8fc2ca3 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -218,6 +218,8 @@ obj-i386-$(CONFIG_XEN) += xen_platform.o
 
 # Xen PCI Passthrough
 obj-i386-$(CONFIG_XEN_PCI_PASSTHROUGH) += host-pci-device.o
+obj-i386-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pci_passthrough.o
+obj-i386-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pci_passthrough_config_init.o
 
 # Inter-VM PCI shared memory
 CONFIG_IVSHMEM =
diff --git a/hw/xen_common.h b/hw/xen_common.h
index 0409ac7..48916fd 100644
--- a/hw/xen_common.h
+++ b/hw/xen_common.h
@@ -135,4 +135,7 @@ static inline int xc_fd(xc_interface *xen_xc)
 
 void destroy_hvm_domain(void);
 
+/* shutdown/destroy current domain because of an error */
+void xen_shutdown_fatal_error(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
+
 #endif /* QEMU_HW_XEN_COMMON_H */
diff --git a/hw/xen_pci_passthrough.c b/hw/xen_pci_passthrough.c
new file mode 100644
index 000..4ab1218
--- /dev/null
+++ b/hw/xen_pci_passthrough.c
@@ -0,0 +1,814 @@
+/*
+ * Copyright (c) 2007, Neocleus Corporation.
+ * Copyright (c) 2007, Intel Corporation.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ * Alex Novik 
+ * Allen Kay 
+ * Guy Zana 
+ *
+ * This file implements direct PCI assignment to a HVM guest
+ */
+
+/*
+ * Interrupt Disable policy:
+ *
+ * INTx interrupt:
+ *   Initialize(register_real_device)
+ * Map INTx(xc_physdev_map_pirq):
+ *   
+ * - Set real Interrupt Disable bit to '1'.
+ * - Set machine_irq and assigned_device->machine_irq to '0'.
+ * * Don't bind INTx.
+ *
+ * Bind INTx(xc_domain_bind_pt_pci_irq):
+ *   
+ * - Set real Interrupt Disable bit to '1'.
+ * - Unmap INTx.
+ * - Decrement mapped_machine_irq[machine_irq]
+ * - Set assigned_device->machine_irq to '0'.
+ *
+ *   Write to Interrupt Disable bit by guest software(pt_cmd_reg_write)
+ * Write '0'
+ *   - Set real bit to '0' if assigned_device->machine_irq isn't '0'.
+ *
+ * Write '1'
+ *   - Set real bit to '1'.
+ */
+
+#include 
+
+#include "pci.h"
+#include "xen.h"
+#include "xen_backend.h"
+#include "xen_pci_passthrough.h"
+
+#define PCI_BAR_ENTRIES (6)
+
+#define PT_NR_IRQS  (256)
+uint8_t mapped_machine_irq[PT_NR_IRQS] = {0};
+
+void pt_log(const PCIDevice *d, const char *f, ...)
+{
+va_list ap;
+
+va_start(ap, f);
+if (d) {
+fprintf(stderr, "[%02x:%02x.%x] ", pci_bus_num(d->bus),
+PCI_SLOT(d->devfn), PCI_FUNC(d->devfn));
+}
+vfprintf(stderr, f, ap);
+va_end(ap);
+}
+
+
+/* Config Space */
+static int pt_pci_config_access_check(PCIDevice *d, uint32_t address, int len)
+{
+/* check offset range */
+if (address >= 0xFF) {
+PT_ERR(d, "Failed to access register with offset exceeding 0xFF. "
+   "(addr: 0x%02x, len: %d)\n", address, len);
+return -1;
+}
+
+/* check read size */
+if ((len != 1) && (len != 2) && (len != 4)) {
+PT_ERR(d, "Failed to access register with invalid access length. "
+   "(addr: 0x%02x, len: %d)\n", address, len);
+return -1;
+}
+
+/* check offset alignment */
+if (address & (len - 1)) {
+PT_ERR(d, "Failed to access register with invalid access size "
+   "alignment. (addr: 0x%02x, len: %d)\n", address, len);
+return -1;
+}
+
+return 0;
+}
+
+int pt_bar_offset_to_index(uint32_t offset)
+{
+int index = 0;
+
+/* check Exp ROM BAR */
+if (offset == PCI_ROM_ADDRESS) {
+return PCI_ROM_SLOT;
+}
+
+/* calculate BAR index */
+index = (offset - PCI_BASE_ADDRESS_0) >> 2;
+if (index >= PCI_NUM_REGIONS) {
+return -1;
+}
+
+return index;
+}
+
+static uint32_t pt_pci_read_config(PCIDevice *d, uint32_t addr, int len)
+{
+XenPCIPassthroughState *s = DO_UPCAST(XenPCIPassthroughState, dev, d);
+uint32_t val = 0;
+XenPTRegGroup *reg_grp_entry = NULL;
+XenPTReg *reg_entry = NULL;
+int rc = 0;
+int emul_len = 0;
+uint32_t find_addr = addr;
+
+if (pt_pci_config_access_check(d, addr, len)) {
+goto exit;
+}
+
+/* find register 

[Qemu-devel] [PATCH V6 11/11] pci: Do not check if a bus exist in pci_parse_devaddr.

[Anthony PERARD]

Actually, pci_parse_devaddr checks if the dom/bus of the PCI address exist. But
this should be the jobs of a caller. In fact, the two callers of this function
will try to retrieve the PCIBus related to the devaddr and return an error if
they cannot.

Signed-off-by: Anthony PERARD 
---
 hw/pci.c |4 
 1 files changed, 0 insertions(+), 4 deletions(-)

diff --git a/hw/pci.c b/hw/pci.c
index ebb5de9..da7cf79 100644
--- a/hw/pci.c
+++ b/hw/pci.c
@@ -529,10 +529,6 @@ int pci_parse_devaddr(const char *addr, int *domp, int 
*busp,
 if (*e)
return -1;
 
-/* Note: QEMU doesn't implement domains other than 0 */
-if (!pci_find_bus(pci_find_root_bus(dom), bus))
-   return -1;
-
 *domp = dom;
 *busp = bus;
 *slotp = slot;
-- 
Anthony PERARD

[Qemu-devel] [PATCH V6 10/11] Introduce Xen PCI Passthrough, MSI (3/3)

[Anthony PERARD]

From: Jiang Yunhong 

A more complete history can be found here:
git://xenbits.xensource.com/qemu-xen-unstable.git

Signed-off-by: Jiang Yunhong 
Signed-off-by: Shan Haitao 
Signed-off-by: Anthony PERARD 
---
 Makefile.target  |1 +
 hw/apic-msidef.h |2 +
 hw/xen_pci_passthrough.c |   32 ++
 hw/xen_pci_passthrough.h |   48 +++
 hw/xen_pci_passthrough_config_init.c |  480 
 hw/xen_pci_passthrough_msi.c |  667 ++
 6 files changed, 1230 insertions(+), 0 deletions(-)
 create mode 100644 hw/xen_pci_passthrough_msi.c

diff --git a/Makefile.target b/Makefile.target
index 8fc2ca3..3517cab 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -220,6 +220,7 @@ obj-i386-$(CONFIG_XEN) += xen_platform.o
 obj-i386-$(CONFIG_XEN_PCI_PASSTHROUGH) += host-pci-device.o
 obj-i386-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pci_passthrough.o
 obj-i386-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pci_passthrough_config_init.o
+obj-i386-$(CONFIG_XEN_PCI_PASSTHROUGH) += xen_pci_passthrough_msi.o
 
 # Inter-VM PCI shared memory
 CONFIG_IVSHMEM =
diff --git a/hw/apic-msidef.h b/hw/apic-msidef.h
index 3182f0b..6e2eb71 100644
--- a/hw/apic-msidef.h
+++ b/hw/apic-msidef.h
@@ -22,6 +22,8 @@
 
 #define MSI_ADDR_DEST_MODE_SHIFT2
 
+#define MSI_ADDR_REDIRECTION_SHIFT  3
+
 #define MSI_ADDR_DEST_ID_SHIFT  12
 #define  MSI_ADDR_DEST_ID_MASK  0x000
 
diff --git a/hw/xen_pci_passthrough.c b/hw/xen_pci_passthrough.c
index bdc3690..1257ce2 100644
--- a/hw/xen_pci_passthrough.c
+++ b/hw/xen_pci_passthrough.c
@@ -36,6 +36,20 @@
  *
  * Write '1'
  *   - Set real bit to '1'.
+ *
+ * MSI interrupt:
+ *   Initialize MSI register(pt_msi_setup, pt_msi_update)
+ * Bind MSI(xc_domain_update_msi_irq)
+ *   
+ * - Unmap MSI.
+ * - Set dev->msi->pirq to '-1'.
+ *
+ * MSI-X interrupt:
+ *   Initialize MSI-X register(pt_msix_update_one)
+ * Bind MSI-X(xc_domain_update_msi_irq)
+ *   
+ * - Unmap MSI-X.
+ * - Set entry->pirq to '-1'.
  */
 
 #include 
@@ -362,6 +376,7 @@ static void pt_iomem_map(XenPCIPassthroughState *s, int i,
 }
 
 if (!first_map && old_ebase != PT_PCI_BAR_UNMAPPED) {
+pt_add_msix_mapping(s, i);
 /* Remove old mapping */
 rc = xc_domain_memory_mapping(xen_xc, xen_domid,
old_ebase >> XC_PAGE_SHIFT,
@@ -386,6 +401,16 @@ static void pt_iomem_map(XenPCIPassthroughState *s, int i,
 if (rc) {
 PT_ERR(&s->dev, "create new mapping failed! (rc: %i)\n", rc);
 }
+
+rc = pt_remove_msix_mapping(s, i);
+if (rc != 0) {
+PT_ERR(&s->dev, "Remove MSI-X MMIO mapping failed! (rc: %d)\n",
+   rc);
+}
+
+if (old_ebase != e_phys && old_ebase != -1) {
+pt_msix_update_remap(s, i);
+}
 }
 }
 
@@ -766,6 +791,13 @@ static int pt_unregister_device(PCIDevice *d)
 }
 }
 
+if (s->msi) {
+pt_msi_disable(s);
+}
+if (s->msix) {
+pt_msix_disable(s);
+}
+
 if (machine_irq) {
 mapped_machine_irq[machine_irq]--;
 
diff --git a/hw/xen_pci_passthrough.h b/hw/xen_pci_passthrough.h
index 0b9902d..deeba89 100644
--- a/hw/xen_pci_passthrough.h
+++ b/hw/xen_pci_passthrough.h
@@ -174,6 +174,37 @@ typedef struct XenPTRegGroup {
 
 
 #define PT_UNASSIGNED_PIRQ (-1)
+typedef struct XenPTMSI {
+uint16_t flags;
+uint32_t addr_lo;  /* guest message address */
+uint32_t addr_hi;  /* guest message upper address */
+uint16_t data; /* guest message data */
+uint32_t ctrl_offset; /* saved control offset */
+int pirq;  /* guest pirq corresponding */
+bool initialized;  /* when guest MSI is initialized */
+bool mapped;   /* when pirq is mapped */
+} XenPTMSI;
+
+typedef struct XenPTMSIXEntry {
+int pirq;
+uint64_t addr;
+uint32_t data;
+uint32_t vector_ctrl;
+bool updated; /* indicate whether MSI ADDR or DATA is updated */
+} XenPTMSIXEntry;
+typedef struct XenPTMSIX {
+uint32_t ctrl_offset;
+bool enabled;
+int total_entries;
+int bar_index;
+uint64_t table_base;
+uint32_t table_off;
+uint32_t table_offset_adjust; /* page align mmap */
+uint64_t mmio_base_addr;
+MemoryRegion mmio;
+void *phys_iomem_base;
+XenPTMSIXEntry msix_entry[0];
+} XenPTMSIX;
 
 struct XenPCIPassthroughState {
 PCIDevice dev;
@@ -186,6 +217,9 @@ struct XenPCIPassthroughState {
 
 uint32_t machine_irq;
 
+XenPTMSI *msi;
+XenPTMSIX *msix;
+
 MemoryRegion bar[PCI_NUM_REGIONS - 1];
 MemoryRegion rom;
 };
@@ -262,4 +296,18 @@ static inline uint8_t pci_intx(XenPCIPassthroughState *s)
 return r_val;
 }
 
+/* MSI/MSI-X */
+int pt_msi_set_enable(XenPCIPassthroughState *s, bool en);
+int pt_msi_setup(XenPCIPassthroughState *s);
+int pt_msi_update(XenPCIPassthroughSta

[Qemu-devel] [PATCH V6 03/11] pci_regs: Add PCI_EXP_TYPE_PCIE_BRIDGE

[Anthony PERARD]

Signed-off-by: Anthony PERARD 
---
 hw/pci_regs.h |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/hw/pci_regs.h b/hw/pci_regs.h
index 6b42515..56a404b 100644
--- a/hw/pci_regs.h
+++ b/hw/pci_regs.h
@@ -392,6 +392,7 @@
 #define  PCI_EXP_TYPE_UPSTREAM 0x5 /* Upstream Port */
 #define  PCI_EXP_TYPE_DOWNSTREAM 0x6   /* Downstream Port */
 #define  PCI_EXP_TYPE_PCI_BRIDGE 0x7   /* PCI/PCI-X Bridge */
+#define  PCI_EXP_TYPE_PCIE_BRIDGE 0x8   /* PCI/PCI-X to PCIE Bridge */
 #define  PCI_EXP_TYPE_RC_END   0x9 /* Root Complex Integrated Endpoint */
 #define  PCI_EXP_TYPE_RC_EC 0xa /* Root Complex Event Collector */
 #define PCI_EXP_FLAGS_SLOT 0x0100  /* Slot implemented */
-- 
Anthony PERARD

Re: [Qemu-devel] [PATCH 1/3] coroutine: adding sigaltstack method (.c source)

[Andreas Färber]

Am 13.02.2012 17:11, schrieb Alex Barcelo:
> On Mon, Feb 13, 2012 at 16:57, Andreas Färber  wrote:
>> You should (need to?) use version 2.1 or later above then, too. You can
>> then simply move this snippet up and drop the "Same license ..." line.
> 
> I wanted to ask this, but it slipped my mind. So it's ok to change the
> header to a newer GNU version. I will update it in the PATCH v2.

IANAL. It looked like you were adding a new file, so you can choose any
Open Source license that's compatible with the code that gets linked
together. Coroutines need to be compatible with parts of QEMU under
GPLv2, so LGPLv2.1 is the newest we can go AFAIU.

Further, there is no GNU Lesser General Public License 2.0, only 2.1:
http://www.gnu.org/licenses/lgpl-2.1.html

2.0 was the GNU Library General Public License:
http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html

So this may even just be a typo somewhere.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] how could I analysis the trace log?

[Stefan Hajnoczi]

On Mon, Feb 13, 2012 at 3:12 PM, Andreas Färber  wrote:
> Hi,
>
> Am 12.02.2012 05:32, schrieb Wei Yang:
>> I enable the trace function with --enable-trace-backend=simple and I
>> create the event file like this
>> g_realloc
>> g_malloc
>>
>> Then I start the qemu with following command.
>> ./i386-softmmu/qemu-system-i386 -enable-kvm -drive
>> file=../../kvm/ubuntu.img -boot dc -m 512 -usb
>>  -monitor stdio -trace events=qemu_trace_events,file=qemu_trace.log
>>
>> After some run time, I run the script like:
>> ./scripts/simpletrace.py qemu_trace_events_parse qemu_trace.log
>>
>> The qemu_trace_events_parse is :
>> g_realloc(addr)
>> g_malloc(addr)
>>
>> The output looks like:
>> g_malloc 1.831 addr=0xb945d1f0
>> g_malloc 2.498 addr=0xb945d1f0
>> g_realloc 4.715 addr=0x10
>> g_realloc 1.520 addr=0xc
>> g_realloc 1.505 addr=0xc
>>
>> The steps I used is correct?
>
> Not quite. IIRC you need to pass in path/to/qemu/trace-events with the
> full list of events you were using at the time of tracing (trace file
> uses index of event). That file also contains a format string from which
> you can infer what the arguments mean.

Right:

$ scripts/simpletrace.py trace-events trace-12345

[Qemu-devel] [PATCH V6 09/11] Introduce apic-msidef.h

[Anthony PERARD]

This patch move the msi definition from apic.c to apic-msidef.h. So it can be
used also by other .c files.

Signed-off-by: Anthony PERARD 
---
 hw/apic-msidef.h |   28 
 hw/apic.c|   11 +--
 2 files changed, 29 insertions(+), 10 deletions(-)
 create mode 100644 hw/apic-msidef.h

diff --git a/hw/apic-msidef.h b/hw/apic-msidef.h
new file mode 100644
index 000..3182f0b
--- /dev/null
+++ b/hw/apic-msidef.h
@@ -0,0 +1,28 @@
+#ifndef HW_APIC_MSIDEF_H
+#define HW_APIC_MSIDEF_H
+
+/*
+ * Intel APIC constants: from include/asm/msidef.h
+ */
+
+/*
+ * Shifts for MSI data
+ */
+
+#define MSI_DATA_VECTOR_SHIFT   0
+#define  MSI_DATA_VECTOR_MASK   0x00ff
+
+#define MSI_DATA_DELIVERY_MODE_SHIFT8
+#define MSI_DATA_LEVEL_SHIFT14
+#define MSI_DATA_TRIGGER_SHIFT  15
+
+/*
+ * Shift/mask fields for msi address
+ */
+
+#define MSI_ADDR_DEST_MODE_SHIFT2
+
+#define MSI_ADDR_DEST_ID_SHIFT  12
+#define  MSI_ADDR_DEST_ID_MASK  0x000
+
+#endif /* HW_APIC_MSIDEF_H */
diff --git a/hw/apic.c b/hw/apic.c
index 086c544..4429927 100644
--- a/hw/apic.c
+++ b/hw/apic.c
@@ -22,19 +22,10 @@
 #include "host-utils.h"
 #include "trace.h"
 #include "pc.h"
+#include "apic-msidef.h"
 
 #define MAX_APIC_WORDS 8
 
-/* Intel APIC constants: from include/asm/msidef.h */
-#define MSI_DATA_VECTOR_SHIFT  0
-#define MSI_DATA_VECTOR_MASK   0x00ff
-#define MSI_DATA_DELIVERY_MODE_SHIFT   8
-#define MSI_DATA_TRIGGER_SHIFT 15
-#define MSI_DATA_LEVEL_SHIFT   14
-#define MSI_ADDR_DEST_MODE_SHIFT   2
-#define MSI_ADDR_DEST_ID_SHIFT 12
-#defineMSI_ADDR_DEST_ID_MASK   0x000
-
 static APICCommonState *local_apics[MAX_APICS + 1];
 
 static void apic_set_irq(APICCommonState *s, int vector_num, int trigger_mode);
-- 
Anthony PERARD

Re: [Qemu-devel] [PATCHv3 0/3] unicore32: add unicore32-linux-user support for qemu 0.14

[Guan Xuetao]

On Sat, 2012-02-11 at 14:11 +0100, Andreas Färber wrote:
> Hello,
> 

> Last year you added a unicore32 target to QEMU. The new files you added
> in target-unicore32/ carry the following license notice:
> 
>  * This program is free software; you can redistribute it and/or modify
>  * it under the terms of the GNU General Public License version 2 as
>  * published by the Free Software Foundation.
> 
> Are you able to change this to the original GNU GPLv2 version notice
> that has "or (at your option) any later version"?
> 
>  * This program is free software; you can redistribute it and/or
>  * modify it under the terms of the GNU General Public License
>  * as published by the Free Software Foundation; either version 2
>  * of the License, or (at your option) any later version.
>  *
>  * This program is distributed in the hope that it will be useful,
>  * but WITHOUT ANY WARRANTY; without even the implied warranty of
>  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>  * GNU General Public License for more details.
>  *
>  * You should have received a copy of the GNU General Public License
>  * along with this program; if not, see
>  * 
Yes, thanks for your suggestion. Could I add a simpler copyright comment
for every file just as following:
  "This program is licensed under the terms of the GNU GPL, version 2 or
later. See the COPYING file in the top-level directory."

> 
> I would like to add QOM support to unicore32 and would very much like to
> have that under a future-proof license.
Thanks for your help. I wanted to add full simulation for unicore32 for
almost one year, but this work is still in my TODO list.

> 
> Cf. http://wiki.qemu.org/Relicensing
> 
> Thanks in advance,
> 
> Andreas
> 
Thanks & Regards,

Guan Xuetao

Re: [Qemu-devel] [PATCH] [m68k] Move helpers.h to helper.h

[Andreas Färber]

Am 13.02.2012 16:33, schrieb Lluís Vilanova:
> Provides a file naming scheme consistent with other targets.
> 
> Signed-off-by: Lluís Vilanova 
> ---
>  target-m68k/helper.c|2 +-
>  target-m68k/helper.h|   54 
> +++
>  target-m68k/helpers.h   |   54 
> ---
>  target-m68k/op_helper.c |2 +-
>  target-m68k/translate.c |6 +++--
>  5 files changed, 59 insertions(+), 59 deletions(-)
>  create mode 100644 target-m68k/helper.h
>  delete mode 100644 target-m68k/helpers.h

Please check your git options, it did not recognize that you're renaming
the file. Or did you also reformat it?

Is there any particular reason for these three patches beyond
aesthetics? Header names are purely target-specific choices here and do
not simplify, e.g., any Makefile logic.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH V6 11/11] pci: Do not check if a bus exist in pci_parse_devaddr.

[Anthony PERARD]

On Mon, 13 Feb 2012, Michael S. Tsirkin wrote:

> On Mon, Feb 13, 2012 at 12:20:13PM +, Anthony PERARD wrote:
> > Actually, pci_parse_devaddr checks if the dom/bus of the PCI address exist. 
> > But
> > this should be the jobs of a caller. In fact, the two callers of this 
> > function
> > will try to retrieve the PCIBus related to the devaddr and return an error 
> > if
> > they cannot.
> >
> > Signed-off-by: Anthony PERARD 
>
> I agree. It's a good patch. And this will help address the bridges.
> Want me to queue this?

Yes, go ahead. Thanks you.

-- 
Anthony PERARD

[Qemu-devel] [PATCH V6 05/11] Introduce HostPCIDevice to access a pci device on the host.

[Anthony PERARD]

Signed-off-by: Anthony PERARD 
---
 Makefile.target  |3 +
 hw/host-pci-device.c |  278 ++
 hw/host-pci-device.h |   75 ++
 3 files changed, 356 insertions(+), 0 deletions(-)
 create mode 100644 hw/host-pci-device.c
 create mode 100644 hw/host-pci-device.h

diff --git a/Makefile.target b/Makefile.target
index 68481a3..92f375b 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -216,6 +216,9 @@ obj-$(CONFIG_NO_XEN) += xen-stub.o
 
 obj-i386-$(CONFIG_XEN) += xen_platform.o
 
+# Xen PCI Passthrough
+obj-i386-$(CONFIG_XEN_PCI_PASSTHROUGH) += host-pci-device.o
+
 # Inter-VM PCI shared memory
 CONFIG_IVSHMEM =
 ifeq ($(CONFIG_KVM), y)
diff --git a/hw/host-pci-device.c b/hw/host-pci-device.c
new file mode 100644
index 000..3dacb30
--- /dev/null
+++ b/hw/host-pci-device.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright (C) 2011   Citrix Ltd.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  See
+ * the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu-common.h"
+#include "host-pci-device.h"
+
+#define PCI_MAX_EXT_CAP \
+((PCIE_CONFIG_SPACE_SIZE - PCI_CONFIG_SPACE_SIZE) / (PCI_CAP_SIZEOF + 4))
+
+enum error_code {
+ERROR_SYNTAX = 1,
+};
+
+static int path_to(const HostPCIDevice *d,
+   const char *name, char *buf, ssize_t size)
+{
+return snprintf(buf, size, "/sys/bus/pci/devices/%04x:%02x:%02x.%x/%s",
+d->domain, d->bus, d->dev, d->func, name);
+}
+
+static int get_resource(HostPCIDevice *d)
+{
+int i, rc = 0;
+FILE *f;
+char path[PATH_MAX];
+unsigned long long start, end, flags, size;
+
+path_to(d, "resource", path, sizeof (path));
+f = fopen(path, "r");
+if (!f) {
+fprintf(stderr, "Error: Can't open %s: %s\n", path, strerror(errno));
+return -errno;
+}
+
+for (i = 0; i < PCI_NUM_REGIONS; i++) {
+if (fscanf(f, "%llx %llx %llx", &start, &end, &flags) != 3) {
+fprintf(stderr, "Error: Syntax error in %s\n", path);
+rc = ERROR_SYNTAX;
+break;
+}
+if (start) {
+size = end - start + 1;
+} else {
+size = 0;
+}
+
+if (i < PCI_ROM_SLOT) {
+d->io_regions[i].base_addr = start;
+d->io_regions[i].size = size;
+d->io_regions[i].flags = flags;
+} else {
+d->rom.base_addr = start;
+d->rom.size = size;
+d->rom.flags = flags;
+}
+}
+
+fclose(f);
+return rc;
+}
+
+static int get_hex_value(HostPCIDevice *d, const char *name,
+ unsigned long *pvalue)
+{
+char path[PATH_MAX];
+FILE *f;
+unsigned long value;
+
+path_to(d, name, path, sizeof (path));
+f = fopen(path, "r");
+if (!f) {
+fprintf(stderr, "Error: Can't open %s: %s\n", path, strerror(errno));
+return -errno;
+}
+if (fscanf(f, "%lx\n", &value) != 1) {
+fprintf(stderr, "Error: Syntax error in %s\n", path);
+fclose(f);
+return ERROR_SYNTAX;
+}
+fclose(f);
+*pvalue = value;
+return 0;
+}
+
+static bool pci_dev_is_virtfn(HostPCIDevice *d)
+{
+char path[PATH_MAX];
+struct stat buf;
+
+path_to(d, "physfn", path, sizeof (path));
+return !stat(path, &buf);
+}
+
+static int host_pci_config_fd(HostPCIDevice *d)
+{
+char path[PATH_MAX];
+
+if (d->config_fd < 0) {
+path_to(d, "config", path, sizeof (path));
+d->config_fd = open(path, O_RDWR);
+if (d->config_fd < 0) {
+fprintf(stderr, "HostPCIDevice: Can not open '%s': %s\n",
+path, strerror(errno));
+}
+}
+return d->config_fd;
+}
+static int host_pci_config_read(HostPCIDevice *d, int pos, void *buf, int len)
+{
+int fd = host_pci_config_fd(d);
+int res = 0;
+
+again:
+res = pread(fd, buf, len, pos);
+if (res != len) {
+if (res < 0 && (errno == EINTR || errno == EAGAIN)) {
+goto again;
+}
+fprintf(stderr, "%s: read failed: %s (fd: %i)\n",
+__func__, strerror(errno), fd);
+return -errno;
+}
+return 0;
+}
+static int host_pci_config_write(HostPCIDevice *d,
+ int pos, const void *buf, int len)
+{
+int fd = host_pci_config_fd(d);
+int res = 0;
+
+again:
+res = pwrite(fd, buf, len, pos);
+if (res != len) {
+if (res < 0 && (errno == EINTR || errno == EAGAIN)) {
+goto again;
+}
+fprintf(stderr, "%s: write failed: %s\n",
+__func__, strerror(errno));
+return -errno;
+}
+return 0;
+}
+
+int host_pci_get_byte(HostPCIDevice *d, int pos, uint8_t *p)
+{
+uint8_t buf;
+int rc = host_pci_config_read(d, pos, &buf, 1);
+if (rc == 0) {
+*p = buf;
+}
+return rc;
+}
+int host_pci_get_word(HostPCIDevice *d, int pos, uint16_t *

Re: [Qemu-devel] [PATCH] [m68k] Move helpers.h to helper.h

[Lluís Vilanova]

Andreas Färber writes:

> Am 13.02.2012 16:33, schrieb Lluís Vilanova:
>> Provides a file naming scheme consistent with other targets.
>> 
>> Signed-off-by: Lluís Vilanova 
>> ---
>> target-m68k/helper.c|2 +-
>> target-m68k/helper.h|   54 
>> +++
>> target-m68k/helpers.h   |   54 
>> ---
>> target-m68k/op_helper.c |2 +-
>> target-m68k/translate.c |6 +++--
>> 5 files changed, 59 insertions(+), 59 deletions(-)
>> create mode 100644 target-m68k/helper.h
>> delete mode 100644 target-m68k/helpers.h

> Please check your git options, it did not recognize that you're renaming
> the file. Or did you also reformat it?

It's pure file renaming. Which git options are you referring to?


> Is there any particular reason for these three patches beyond
> aesthetics? Header names are purely target-specific choices here and do
> not simplify, e.g., any Makefile logic.

It's used by a tracetool-related patch in my TCG tracing queue. I just thought I
could send it separately (due to aesthetics) while other earlier patches are
waiting on enter Stefan's tracing queue.


Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth

[Qemu-devel] [PATCH v3 01/15] dma-helpers: make QEMUSGList target independent

[Paolo Bonzini]

scsi-disk will manage scatter/gather list, but it does not create
single entries so it remains target-independent.  Make QEMUSGList
available to it.

Signed-off-by: Paolo Bonzini 
---
 dma.h |   14 +++---
 1 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/dma.h b/dma.h
index a13209d..d50019b 100644
--- a/dma.h
+++ b/dma.h
@@ -17,6 +17,13 @@
 
 typedef struct ScatterGatherEntry ScatterGatherEntry;
 
+struct QEMUSGList {
+ScatterGatherEntry *sg;
+int nsg;
+int nalloc;
+size_t size;
+};
+
 #if defined(TARGET_PHYS_ADDR_BITS)
 typedef target_phys_addr_t dma_addr_t;
 
@@ -32,13 +39,6 @@ struct ScatterGatherEntry {
 dma_addr_t len;
 };
 
-struct QEMUSGList {
-ScatterGatherEntry *sg;
-int nsg;
-int nalloc;
-dma_addr_t size;
-};
-
 void qemu_sglist_init(QEMUSGList *qsg, int alloc_hint);
 void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len);
 void qemu_sglist_destroy(QEMUSGList *qsg);
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 00/15] SCSI s/g + SCSI migration + virtio-scsi

[Paolo Bonzini]

Here is v3 of the virtio-scsi driver.  Changes are:

- the virtio id is now 8, to fix a conflict in the virtio spec;

- rebased for QOM;

- changed the resid type to size_t following Stefan's advice;

- fixed sense length (patch from Christian Hoff).

The spec has been committed by Rusty (version 0.9.4), and SCSI maintainers
should be okay with including it in the 3.4 kernel.

Paolo Bonzini (13):
  dma-helpers: make QEMUSGList target independent
  dma-helpers: add dma_buf_read and dma_buf_write
  dma-helpers: add accounting wrappers
  ahci: use new DMA helpers
  scsi: pass residual amount to command_complete
  scsi: add scatter/gather functionality
  scsi-disk: enable scatter/gather functionality
  scsi: add SCSIDevice vmstate definitions
  scsi-generic: add migration support
  scsi-disk: add migration support
  virtio-scsi: add basic SCSI bus operation
  virtio-scsi: process control queue requests
  virtio-scsi: add migration support

Stefan Hajnoczi (2):
  virtio-scsi: Add virtio-scsi stub device
  virtio-scsi: Add basic request processing infrastructure

 Makefile.target   |1 +
 default-configs/pci.mak   |1 +
 default-configs/s390x-softmmu.mak |1 +
 dma-helpers.c |   36 +++
 dma.h |   20 +-
 hw/esp.c  |3 +-
 hw/ide/ahci.c |   82 +-
 hw/lsi53c895a.c   |2 +-
 hw/pci.h  |1 +
 hw/s390-virtio-bus.c  |   34 ++
 hw/s390-virtio-bus.h  |4 +-
 hw/scsi-bus.c |  142 +-
 hw/scsi-disk.c|  120 +++-
 hw/scsi-generic.c |   25 ++
 hw/scsi.h |   22 ++-
 hw/spapr_vscsi.c  |2 +-
 hw/usb-msd.c  |2 +-
 hw/virtio-pci.c   |   56 
 hw/virtio-pci.h   |2 +
 hw/virtio-scsi.c  |  607 +
 hw/virtio-scsi.h  |   36 +++
 hw/virtio.h   |3 +
 22 files changed, 1098 insertions(+), 104 deletions(-)
 create mode 100644 hw/virtio-scsi.c
 create mode 100644 hw/virtio-scsi.h

-- 
1.7.7.6

[Qemu-devel] [PATCH v3 05/15] scsi: pass residual amount to command_complete

[Paolo Bonzini]

With the upcoming sglist support, HBAs will not see any transfer_data
call and will not have a way to detect short transfers.  So pass the
residual amount of data upon command completion.

Signed-off-by: Paolo Bonzini 
---
v2->v3: fixed resid type (Stefan)

 hw/esp.c |3 ++-
 hw/lsi53c895a.c  |2 +-
 hw/scsi-bus.c|   12 
 hw/scsi.h|3 ++-
 hw/spapr_vscsi.c |2 +-
 hw/usb-msd.c |2 +-
 6 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/hw/esp.c b/hw/esp.c
index 2f44386..991e091 100644
--- a/hw/esp.c
+++ b/hw/esp.c
@@ -390,7 +390,8 @@ static void esp_do_dma(ESPState *s)
 esp_dma_done(s);
 }
 
-static void esp_command_complete(SCSIRequest *req, uint32_t status)
+static void esp_command_complete(SCSIRequest *req, uint32_t status,
+ size_t resid)
 {
 ESPState *s = DO_UPCAST(ESPState, busdev.qdev, req->bus->qbus.parent);
 
diff --git a/hw/lsi53c895a.c b/hw/lsi53c895a.c
index 9a7ffe3..e36fe35 100644
--- a/hw/lsi53c895a.c
+++ b/hw/lsi53c895a.c
@@ -699,7 +699,7 @@ static int lsi_queue_req(LSIState *s, SCSIRequest *req, 
uint32_t len)
 }
 
  /* Callback to indicate that the SCSI layer has completed a command.  */
-static void lsi_command_complete(SCSIRequest *req, uint32_t status)
+static void lsi_command_complete(SCSIRequest *req, uint32_t status, size_t 
resid)
 {
 LSIState *s = DO_UPCAST(LSIState, dev.qdev, req->bus->qbus.parent);
 int out;
diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 0ee50a8..6a069f4 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -533,6 +533,8 @@ SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, 
uint32_t lun,
 }
 
 req->cmd = cmd;
+req->resid = req->cmd.xfer;
+
 switch (buf[0]) {
 case INQUIRY:
 trace_scsi_inquiry(d->id, lun, tag, cmd.buf[1], cmd.buf[2]);
@@ -1275,10 +1277,12 @@ void scsi_req_data(SCSIRequest *req, int len)
 {
 if (req->io_canceled) {
 trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len);
-} else {
-trace_scsi_req_data(req->dev->id, req->lun, req->tag, len);
-req->bus->info->transfer_data(req, len);
+return;
 }
+trace_scsi_req_data(req->dev->id, req->lun, req->tag, len);
+assert(req->cmd.mode != SCSI_XFER_NONE);
+req->resid -= len;
+req->bus->info->transfer_data(req, len);
 }
 
 void scsi_req_print(SCSIRequest *req)
@@ -1337,7 +1341,7 @@ void scsi_req_complete(SCSIRequest *req, int status)
 
 scsi_req_ref(req);
 scsi_req_dequeue(req);
-req->bus->info->complete(req, req->status);
+req->bus->info->complete(req, req->status, req->resid);
 scsi_req_unref(req);
 }
 
diff --git a/hw/scsi.h b/hw/scsi.h
index dc72b6f..e1c52d2 100644
--- a/hw/scsi.h
+++ b/hw/scsi.h
@@ -46,6 +46,7 @@ struct SCSIRequest {
 uint32_t  tag;
 uint32_t  lun;
 uint32_t  status;
+size_tresid;
 SCSICommand   cmd;
 BlockDriverAIOCB  *aiocb;
 uint8_t sense[SCSI_SENSE_BUF_SIZE];
@@ -112,7 +113,7 @@ struct SCSIBusInfo {
 int tcq;
 int max_channel, max_target, max_lun;
 void (*transfer_data)(SCSIRequest *req, uint32_t arg);
-void (*complete)(SCSIRequest *req, uint32_t arg);
+void (*complete)(SCSIRequest *req, uint32_t arg, size_t resid);
 void (*cancel)(SCSIRequest *req);
 };
 
diff --git a/hw/spapr_vscsi.c b/hw/spapr_vscsi.c
index 9cfce19..d7123df 100644
--- a/hw/spapr_vscsi.c
+++ b/hw/spapr_vscsi.c
@@ -494,7 +494,7 @@ static void vscsi_transfer_data(SCSIRequest *sreq, uint32_t 
len)
 }
 
 /* Callback to indicate that the SCSI layer has completed a transfer.  */
-static void vscsi_command_complete(SCSIRequest *sreq, uint32_t status)
+static void vscsi_command_complete(SCSIRequest *sreq, uint32_t status, size_t 
resid)
 {
 VSCSIState *s = DO_UPCAST(VSCSIState, vdev.qdev, sreq->bus->qbus.parent);
 vscsi_req *req = sreq->hba_private;
diff --git a/hw/usb-msd.c b/hw/usb-msd.c
index 6153376..47b8b8e 100644
--- a/hw/usb-msd.c
+++ b/hw/usb-msd.c
@@ -223,7 +223,7 @@ static void usb_msd_transfer_data(SCSIRequest *req, 
uint32_t len)
 }
 }
 
-static void usb_msd_command_complete(SCSIRequest *req, uint32_t status)
+static void usb_msd_command_complete(SCSIRequest *req, uint32_t status, size_t 
resid)
 {
 MSDState *s = DO_UPCAST(MSDState, dev.qdev, req->bus->qbus.parent);
 USBPacket *p = s->packet;
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 10/15] scsi-disk: add migration support

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/scsi-disk.c |   59 ---
 1 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index 0e4d6ad..4d7b4eb 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -111,12 +111,12 @@ static void scsi_cancel_io(SCSIRequest *req)
 r->req.aiocb = NULL;
 }
 
-static uint32_t scsi_init_iovec(SCSIDiskReq *r)
+static uint32_t scsi_init_iovec(SCSIDiskReq *r, size_t size)
 {
 SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
 
 if (!r->iov.iov_base) {
-r->buflen = SCSI_DMA_BUF_SIZE;
+r->buflen = size;
 r->iov.iov_base = qemu_blockalign(s->qdev.conf.bs, r->buflen);
 }
 r->iov.iov_len = MIN(r->sector_count * 512, r->buflen);
@@ -124,6 +124,35 @@ static uint32_t scsi_init_iovec(SCSIDiskReq *r)
 return r->qiov.size / 512;
 }
 
+static void scsi_disk_save_request(QEMUFile *f, SCSIRequest *req)
+{
+SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+
+qemu_put_be64s(f, &r->sector);
+qemu_put_be32s(f, &r->sector_count);
+qemu_put_be32s(f, &r->buflen);
+if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+qemu_put_buffer(f, r->iov.iov_base, r->iov.iov_len);
+}
+}
+
+static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
+{
+SCSIDiskReq *r = DO_UPCAST(SCSIDiskReq, req, req);
+
+qemu_get_be64s(f, &r->sector);
+qemu_get_be32s(f, &r->sector_count);
+qemu_get_be32s(f, &r->buflen);
+if (r->buflen) {
+scsi_init_iovec(r, r->buflen);
+if (r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+qemu_get_buffer(f, r->iov.iov_base, r->iov.iov_len);
+}
+}
+
+qemu_iovec_init_external(&r->qiov, &r->iov, 1);
+}
+
 static void scsi_dma_complete(void *opaque, int ret)
 {
 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
@@ -241,7 +270,7 @@ static void scsi_read_data(SCSIRequest *req)
 r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
  scsi_dma_complete, r);
 } else {
-n = scsi_init_iovec(r);
+n = scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, 
BDRV_ACCT_READ);
 r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
   scsi_read_complete, r);
@@ -316,7 +345,7 @@ static void scsi_write_complete(void * opaque, int ret)
 if (r->sector_count == 0) {
 scsi_req_complete(&r->req, GOOD);
 } else {
-scsi_init_iovec(r);
+scsi_init_iovec(r, SCSI_DMA_BUF_SIZE);
 DPRINTF("Write complete tag=0x%x more=%d\n", r->req.tag, r->qiov.size);
 scsi_req_data(&r->req, r->qiov.size);
 }
@@ -1621,6 +1650,8 @@ static const SCSIReqOps scsi_disk_reqops = {
 .write_data   = scsi_write_data,
 .cancel_io= scsi_cancel_io,
 .get_buf  = scsi_get_buf,
+.load_request = scsi_disk_load_request,
+.save_request = scsi_disk_save_request,
 };
 
 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
@@ -1755,6 +1786,22 @@ static Property scsi_hd_properties[] = {
 DEFINE_PROP_END_OF_LIST(),
 };
 
+static const VMStateDescription vmstate_scsi_disk_state = {
+.name = "scsi-disk",
+.version_id = 1,
+.minimum_version_id = 1,
+.minimum_version_id_old = 1,
+.fields = (VMStateField[]) {
+VMSTATE_SCSI_DEVICE(qdev, SCSIDiskState),
+VMSTATE_BOOL(media_changed, SCSIDiskState),
+VMSTATE_BOOL(media_event, SCSIDiskState),
+VMSTATE_BOOL(eject_request, SCSIDiskState),
+VMSTATE_BOOL(tray_open, SCSIDiskState),
+VMSTATE_BOOL(tray_locked, SCSIDiskState),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static void scsi_hd_class_initfn(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -1768,6 +1815,7 @@ static void scsi_hd_class_initfn(ObjectClass *klass, void 
*data)
 dc->desc = "virtual SCSI disk";
 dc->reset = scsi_disk_reset;
 dc->props = scsi_hd_properties;
+dc->vmsd  = &vmstate_scsi_disk_state;
 }
 
 static TypeInfo scsi_hd_info = {
@@ -1795,6 +1843,7 @@ static void scsi_cd_class_initfn(ObjectClass *klass, void 
*data)
 dc->desc = "virtual SCSI CD-ROM";
 dc->reset = scsi_disk_reset;
 dc->props = scsi_cd_properties;
+dc->vmsd  = &vmstate_scsi_disk_state;
 }
 
 static TypeInfo scsi_cd_info = {
@@ -1822,6 +1871,7 @@ static void scsi_block_class_initfn(ObjectClass *klass, 
void *data)
 dc->desc = "SCSI block device passthrough";
 dc->reset = scsi_disk_reset;
 dc->props = scsi_block_properties;
+dc->vmsd  = &vmstate_scsi_disk_state;
 }
 
 static TypeInfo scsi_block_info = {
@@ -1851,6 +1901,7 @@ static void scsi_disk_class_initfn(ObjectClass *klass, 
void *data)
 dc->desc = "virtual SCSI disk or CD-ROM (legacy)";
 dc->reset = scsi_disk_reset;
 dc->props = scsi_disk_propert

[Qemu-devel] [PATCH v3 13/15] virtio-scsi: add basic SCSI bus operation

[Paolo Bonzini]

Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Paolo Bonzini 
---
v2->v3: fixed sense length (Christian Hoff)

 hw/virtio-scsi.c |  110 +++--
 1 files changed, 97 insertions(+), 13 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index b34c14f..21264a1 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -128,6 +128,7 @@ typedef struct {
 DeviceState *qdev;
 VirtIOSCSIConf *conf;
 
+SCSIBus bus;
 VirtQueue *ctrl_vq;
 VirtQueue *event_vq;
 VirtQueue *cmd_vq;
@@ -156,6 +157,22 @@ typedef struct VirtIOSCSIReq {
 } resp;
 } VirtIOSCSIReq;
 
+static inline int virtio_scsi_get_lun(uint8_t *lun)
+{
+return ((lun[2] << 8) | lun[3]) & 0x3FFF;
+}
+
+static inline SCSIDevice *virtio_scsi_device_find(VirtIOSCSI *s, uint8_t *lun)
+{
+if (lun[0] != 1) {
+return NULL;
+}
+if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) {
+return NULL;
+}
+return scsi_device_find(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun));
+}
+
 static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
 {
 VirtIOSCSI *s = req->dev;
@@ -240,7 +257,42 @@ static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, 
VirtQueue *vq)
 }
 }
 
-static void virtio_scsi_fail_cmd_req(VirtIOSCSI *s, VirtIOSCSIReq *req)
+static void virtio_scsi_command_complete(SCSIRequest *r, uint32_t status,
+ size_t resid)
+{
+VirtIOSCSIReq *req = r->hba_private;
+
+req->resp.cmd->response = VIRTIO_SCSI_S_OK;
+req->resp.cmd->status = status;
+if (req->resp.cmd->status == GOOD) {
+req->resp.cmd->resid = resid;
+} else {
+req->resp.cmd->resid = 0;
+req->resp.cmd->sense_len =
+scsi_req_get_sense(r, req->resp.cmd->sense, 
VIRTIO_SCSI_SENSE_SIZE);
+}
+virtio_scsi_complete_req(req);
+}
+
+static QEMUSGList *virtio_scsi_get_sg_list(SCSIRequest *r)
+{
+VirtIOSCSIReq *req = r->hba_private;
+
+return &req->qsgl;
+}
+
+static void virtio_scsi_request_cancelled(SCSIRequest *r)
+{
+VirtIOSCSIReq *req = r->hba_private;
+
+if (!req) {
+return;
+}
+req->resp.cmd->response = VIRTIO_SCSI_S_ABORTED;
+virtio_scsi_complete_req(req);
+}
+
+static void virtio_scsi_fail_cmd_req(VirtIOSCSIReq *req)
 {
 req->resp.cmd->response = VIRTIO_SCSI_S_FAILURE;
 virtio_scsi_complete_req(req);
@@ -250,8 +301,10 @@ static void virtio_scsi_handle_cmd(VirtIODevice *vdev, 
VirtQueue *vq)
 {
 VirtIOSCSI *s = (VirtIOSCSI *)vdev;
 VirtIOSCSIReq *req;
+int n;
 
 while ((req = virtio_scsi_pop_req(s, vq))) {
+SCSIDevice *d;
 int out_size, in_size;
 if (req->elem.out_num < 1 || req->elem.in_num < 1) {
 virtio_scsi_bad_req();
@@ -265,21 +318,36 @@ static void virtio_scsi_handle_cmd(VirtIODevice *vdev, 
VirtQueue *vq)
 }
 
 if (req->elem.out_num > 1 && req->elem.in_num > 1) {
-virtio_scsi_fail_cmd_req(s, req);
+virtio_scsi_fail_cmd_req(req);
 continue;
 }
 
-req->resp.cmd->resid = 0;
-req->resp.cmd->status_qualifier = 0;
-req->resp.cmd->status = CHECK_CONDITION;
-req->resp.cmd->sense_len = 4;
-req->resp.cmd->sense[0] = 0xf0; /* Fixed format current sense */
-req->resp.cmd->sense[1] = ILLEGAL_REQUEST;
-req->resp.cmd->sense[2] = 0x20;
-req->resp.cmd->sense[3] = 0x00;
-req->resp.cmd->response = VIRTIO_SCSI_S_OK;
-
-virtio_scsi_complete_req(req);
+d = virtio_scsi_device_find(s, req->req.cmd->lun);
+if (!d) {
+req->resp.cmd->response = VIRTIO_SCSI_S_BAD_TARGET;
+virtio_scsi_complete_req(req);
+continue;
+}
+req->sreq = scsi_req_new(d, req->req.cmd->tag,
+ virtio_scsi_get_lun(req->req.cmd->lun),
+ req->req.cmd->cdb, req);
+
+if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
+int req_mode =
+(req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV);
+
+if (req->sreq->cmd.mode != req_mode ||
+req->sreq->cmd.xfer > req->qsgl.size) {
+req->resp.cmd->response = VIRTIO_SCSI_S_OVERRUN;
+virtio_scsi_complete_req(req);
+continue;
+}
+}
+
+n = scsi_req_enqueue(req->sreq);
+if (n) {
+scsi_req_continue(req->sreq);
+}
 }
 }
 
@@ -331,6 +399,17 @@ static void virtio_scsi_reset(VirtIODevice *vdev)
 s->cdb_size = VIRTIO_SCSI_CDB_SIZE;
 }
 
+static struct SCSIBusInfo virtio_scsi_scsi_info = {
+.tcq = true,
+.max_channel = VIRTIO_SCSI_MAX_CHANNEL,
+.max_target = VIRTIO_SCSI_MAX_TARGET,
+.max_lun = VIRTIO_SCSI_MAX_LUN,
+
+.complete = virtio_scsi_command_complete,
+.cancel = virtio_scsi_request_cancelled,
+.get_sg_list = virtio_scsi_get_sg_list,

[Qemu-devel] [PATCH v3 04/15] ahci: use new DMA helpers

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/ide/ahci.c |   82 +
 1 files changed, 13 insertions(+), 69 deletions(-)

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index c87a6ca..25ed844 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -426,55 +426,6 @@ static void ahci_reg_init(AHCIState *s)
 }
 }
 
-static uint32_t read_from_sglist(uint8_t *buffer, uint32_t len,
- QEMUSGList *sglist)
-{
-uint32_t i = 0;
-uint32_t total = 0, once;
-ScatterGatherEntry *cur_prd;
-uint32_t sgcount;
-
-cur_prd = sglist->sg;
-sgcount = sglist->nsg;
-for (i = 0; len && sgcount; i++) {
-once = MIN(cur_prd->len, len);
-cpu_physical_memory_read(cur_prd->base, buffer, once);
-cur_prd++;
-sgcount--;
-len -= once;
-buffer += once;
-total += once;
-}
-
-return total;
-}
-
-static uint32_t write_to_sglist(uint8_t *buffer, uint32_t len,
-QEMUSGList *sglist)
-{
-uint32_t i = 0;
-uint32_t total = 0, once;
-ScatterGatherEntry *cur_prd;
-uint32_t sgcount;
-
-DPRINTF(-1, "total: 0x%x bytes\n", len);
-
-cur_prd = sglist->sg;
-sgcount = sglist->nsg;
-for (i = 0; len && sgcount; i++) {
-once = MIN(cur_prd->len, len);
-DPRINTF(-1, "write 0x%x bytes to 0x%lx\n", once, (long)cur_prd->base);
-cpu_physical_memory_write(cur_prd->base, buffer, once);
-cur_prd++;
-sgcount--;
-len -= once;
-buffer += once;
-total += once;
-}
-
-return total;
-}
-
 static void check_cmd(AHCIState *s, int port)
 {
 AHCIPortRegs *pr = &s->dev[port].port_regs;
@@ -795,9 +746,8 @@ static void process_ncq_command(AHCIState *s, int port, 
uint8_t *cmd_fis,
 DPRINTF(port, "tag %d aio read %"PRId64"\n",
 ncq_tfs->tag, ncq_tfs->lba);
 
-bdrv_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct,
-(ncq_tfs->sector_count-1) * BDRV_SECTOR_SIZE,
-BDRV_ACCT_READ);
+dma_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct,
+   &ncq_tfs->sglist, BDRV_ACCT_READ);
 ncq_tfs->aiocb = dma_bdrv_read(ncq_tfs->drive->port.ifs[0].bs,
&ncq_tfs->sglist, ncq_tfs->lba,
ncq_cb, ncq_tfs);
@@ -809,9 +759,8 @@ static void process_ncq_command(AHCIState *s, int port, 
uint8_t *cmd_fis,
 DPRINTF(port, "tag %d aio write %"PRId64"\n",
 ncq_tfs->tag, ncq_tfs->lba);
 
-bdrv_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct,
-(ncq_tfs->sector_count-1) * BDRV_SECTOR_SIZE,
-BDRV_ACCT_WRITE);
+dma_acct_start(ncq_tfs->drive->port.ifs[0].bs, &ncq_tfs->acct,
+   &ncq_tfs->sglist, BDRV_ACCT_WRITE);
 ncq_tfs->aiocb = dma_bdrv_write(ncq_tfs->drive->port.ifs[0].bs,
 &ncq_tfs->sglist, ncq_tfs->lba,
 ncq_cb, ncq_tfs);
@@ -1016,12 +965,12 @@ static int ahci_start_transfer(IDEDMA *dma)
 is_write ? "writ" : "read", size, is_atapi ? "atapi" : "ata",
 has_sglist ? "" : "o");
 
-if (is_write && has_sglist && (s->data_ptr < s->data_end)) {
-read_from_sglist(s->data_ptr, size, &s->sg);
-}
-
-if (!is_write && has_sglist && (s->data_ptr < s->data_end)) {
-write_to_sglist(s->data_ptr, size, &s->sg);
+if (has_sglist && size) {
+if (is_write) {
+dma_buf_write(s->data_ptr, size, &s->sg);
+} else {
+dma_buf_read(s->data_ptr, size, &s->sg);
+}
 }
 
 /* update number of transferred bytes */
@@ -1060,14 +1009,9 @@ static int ahci_dma_prepare_buf(IDEDMA *dma, int 
is_write)
 {
 AHCIDevice *ad = DO_UPCAST(AHCIDevice, dma, dma);
 IDEState *s = &ad->port.ifs[0];
-int i;
 
 ahci_populate_sglist(ad, &s->sg);
-
-s->io_buffer_size = 0;
-for (i = 0; i < s->sg.nsg; i++) {
-s->io_buffer_size += s->sg.sg[i].len;
-}
+s->io_buffer_size = s->sg.size;
 
 DPRINTF(ad->port_no, "len=%#x\n", s->io_buffer_size);
 return s->io_buffer_size != 0;
@@ -1085,9 +1029,9 @@ static int ahci_dma_rw_buf(IDEDMA *dma, int is_write)
 }
 
 if (is_write) {
-write_to_sglist(p, l, &s->sg);
+dma_buf_read(p, l, &s->sg);
 } else {
-read_from_sglist(p, l, &s->sg);
+dma_buf_write(p, l, &s->sg);
 }
 
 /* update number of transferred bytes */
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 12/15] virtio-scsi: Add basic request processing infrastructure

[Paolo Bonzini]

From: Stefan Hajnoczi 

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Paolo Bonzini 
---
 hw/virtio-scsi.c |  142 +-
 1 files changed, 140 insertions(+), 2 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index 7ebfba7..b34c14f 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -135,14 +135,152 @@ typedef struct {
 uint32_t cdb_size;
 } VirtIOSCSI;
 
+typedef struct VirtIOSCSIReq {
+VirtIOSCSI *dev;
+VirtQueue *vq;
+VirtQueueElement elem;
+QEMUSGList qsgl;
+SCSIRequest *sreq;
+union {
+char  *buf;
+VirtIOSCSICmdReq  *cmd;
+VirtIOSCSICtrlTMFReq  *tmf;
+VirtIOSCSICtrlANReq   *an;
+} req;
+union {
+char  *buf;
+VirtIOSCSICmdResp *cmd;
+VirtIOSCSICtrlTMFResp *tmf;
+VirtIOSCSICtrlANResp  *an;
+VirtIOSCSIEvent   *event;
+} resp;
+} VirtIOSCSIReq;
+
+static void virtio_scsi_complete_req(VirtIOSCSIReq *req)
+{
+VirtIOSCSI *s = req->dev;
+VirtQueue *vq = req->vq;
+virtqueue_push(vq, &req->elem, req->qsgl.size + 
req->elem.in_sg[0].iov_len);
+qemu_sglist_destroy(&req->qsgl);
+if (req->sreq) {
+req->sreq->hba_private = NULL;
+scsi_req_unref(req->sreq);
+}
+g_free(req);
+virtio_notify(&s->vdev, vq);
+}
+
+static void virtio_scsi_bad_req(void)
+{
+error_report("wrong size for virtio-scsi headers");
+exit(1);
+}
+
+static void qemu_sgl_init_external(QEMUSGList *qsgl, struct iovec *sg,
+   target_phys_addr_t *addr, int num)
+{
+memset(qsgl, 0, sizeof(*qsgl));
+while (num--) {
+qemu_sglist_add(qsgl, *(addr++), (sg++)->iov_len);
+}
+}
+
+static void virtio_scsi_parse_req(VirtIOSCSI *s, VirtQueue *vq,
+  VirtIOSCSIReq *req)
+{
+assert(req->elem.out_num && req->elem.in_num);
+req->vq = vq;
+req->dev = s;
+req->sreq = NULL;
+req->req.buf = req->elem.out_sg[0].iov_base;
+req->resp.buf = req->elem.in_sg[0].iov_base;
+
+if (req->elem.out_num > 1) {
+qemu_sgl_init_external(&req->qsgl, &req->elem.out_sg[1],
+   &req->elem.out_addr[1],
+   req->elem.out_num - 1);
+} else {
+qemu_sgl_init_external(&req->qsgl, &req->elem.in_sg[1],
+   &req->elem.in_addr[1],
+   req->elem.in_num - 1);
+}
+}
+
+static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, VirtQueue *vq)
+{
+VirtIOSCSIReq *req;
+req = g_malloc(sizeof(*req));
+if (!virtqueue_pop(vq, &req->elem)) {
+g_free(req);
+return NULL;
+}
+
+virtio_scsi_parse_req(s, vq, req);
+return req;
+}
+
+static void virtio_scsi_fail_ctrl_req(VirtIOSCSIReq *req)
+{
+if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
+req->resp.tmf->response = VIRTIO_SCSI_S_FAILURE;
+} else {
+req->resp.an->response = VIRTIO_SCSI_S_FAILURE;
+}
+
+virtio_scsi_complete_req(req);
+}
+
 static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
 {
-/* TODO */
+VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+VirtIOSCSIReq *req;
+
+while ((req = virtio_scsi_pop_req(s, vq))) {
+virtio_scsi_fail_ctrl_req(req);
+}
+}
+
+static void virtio_scsi_fail_cmd_req(VirtIOSCSI *s, VirtIOSCSIReq *req)
+{
+req->resp.cmd->response = VIRTIO_SCSI_S_FAILURE;
+virtio_scsi_complete_req(req);
 }
 
 static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq)
 {
-/* TODO */
+VirtIOSCSI *s = (VirtIOSCSI *)vdev;
+VirtIOSCSIReq *req;
+
+while ((req = virtio_scsi_pop_req(s, vq))) {
+int out_size, in_size;
+if (req->elem.out_num < 1 || req->elem.in_num < 1) {
+virtio_scsi_bad_req();
+}
+
+out_size = req->elem.out_sg[0].iov_len;
+in_size = req->elem.in_sg[0].iov_len;
+if (out_size < sizeof(VirtIOSCSICmdReq) + s->cdb_size ||
+in_size < sizeof(VirtIOSCSICmdResp) + s->sense_size) {
+virtio_scsi_bad_req();
+}
+
+if (req->elem.out_num > 1 && req->elem.in_num > 1) {
+virtio_scsi_fail_cmd_req(s, req);
+continue;
+}
+
+req->resp.cmd->resid = 0;
+req->resp.cmd->status_qualifier = 0;
+req->resp.cmd->status = CHECK_CONDITION;
+req->resp.cmd->sense_len = 4;
+req->resp.cmd->sense[0] = 0xf0; /* Fixed format current sense */
+req->resp.cmd->sense[1] = ILLEGAL_REQUEST;
+req->resp.cmd->sense[2] = 0x20;
+req->resp.cmd->sense[3] = 0x00;
+req->resp.cmd->response = VIRTIO_SCSI_S_OK;
+
+virtio_scsi_complete_req(req);
+}
 }
 
 static void virtio_scsi_get_config(VirtIODevice *vdev,
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 14/15] virtio-scsi: process control queue requests

[Paolo Bonzini]

Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Paolo Bonzini 
---
 hw/virtio-scsi.c |  125 ++---
 1 files changed, 117 insertions(+), 8 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index 21264a1..7ad60ec 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -134,6 +134,7 @@ typedef struct {
 VirtQueue *cmd_vq;
 uint32_t sense_size;
 uint32_t cdb_size;
+bool resetting;
 } VirtIOSCSI;
 
 typedef struct VirtIOSCSIReq {
@@ -236,15 +237,95 @@ static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, 
VirtQueue *vq)
 return req;
 }
 
-static void virtio_scsi_fail_ctrl_req(VirtIOSCSIReq *req)
+static void virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req)
 {
-if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
-req->resp.tmf->response = VIRTIO_SCSI_S_FAILURE;
-} else {
-req->resp.an->response = VIRTIO_SCSI_S_FAILURE;
+SCSIDevice *d = virtio_scsi_device_find(s, req->req.cmd->lun);
+SCSIRequest *r, *next;
+DeviceState *qdev;
+int target;
+
+switch (req->req.tmf->subtype) {
+case VIRTIO_SCSI_T_TMF_ABORT_TASK:
+case VIRTIO_SCSI_T_TMF_QUERY_TASK:
+d = virtio_scsi_device_find(s, req->req.cmd->lun);
+if (!d) {
+goto fail;
+}
+if (d->lun != virtio_scsi_get_lun(req->req.cmd->lun)) {
+req->resp.tmf->response = VIRTIO_SCSI_S_INCORRECT_LUN;
+break;
+}
+QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) {
+if (r->tag == req->req.cmd->tag) {
+break;
+}
+}
+if (r && r->hba_private) {
+if (req->req.tmf->subtype == VIRTIO_SCSI_T_TMF_ABORT_TASK) {
+scsi_req_cancel(r);
+}
+req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED;
+} else {
+req->resp.tmf->response = VIRTIO_SCSI_S_OK;
+}
+break;
+
+case VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET:
+d = virtio_scsi_device_find(s, req->req.cmd->lun);
+if (!d) {
+goto fail;
+}
+if (d->lun == virtio_scsi_get_lun(req->req.cmd->lun)) {
+s->resetting++;
+qdev_reset_all(&d->qdev);
+s->resetting--;
+}
+break;
+
+case VIRTIO_SCSI_T_TMF_ABORT_TASK_SET:
+case VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET:
+case VIRTIO_SCSI_T_TMF_QUERY_TASK_SET:
+d = virtio_scsi_device_find(s, req->req.cmd->lun);
+if (!d) {
+goto fail;
+}
+if (d->lun != virtio_scsi_get_lun(req->req.cmd->lun)) {
+req->resp.tmf->response = VIRTIO_SCSI_S_INCORRECT_LUN;
+break;
+}
+req->resp.tmf->response = VIRTIO_SCSI_S_OK;
+QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) {
+if (r->hba_private) {
+if (req->req.tmf->subtype != VIRTIO_SCSI_T_TMF_QUERY_TASK) {
+scsi_req_cancel(r);
+}
+req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED;
+}
+}
+break;
+
+case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET:
+target = req->req.cmd->lun[1];
+s->resetting++;
+QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
+ d = DO_UPCAST(SCSIDevice, qdev, qdev);
+ if (d->channel == 0 && d->id == target) {
+qdev_reset_all(&d->qdev);
+ }
+}
+s->resetting--;
+break;
+
+case VIRTIO_SCSI_T_TMF_CLEAR_ACA:
+default:
+req->resp.tmf->response = VIRTIO_SCSI_S_FUNCTION_REJECTED;
+break;
 }
 
-virtio_scsi_complete_req(req);
+return;
+
+fail:
+req->resp.tmf->response = VIRTIO_SCSI_S_BAD_TARGET;
 }
 
 static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq)
@@ -253,7 +334,31 @@ static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, 
VirtQueue *vq)
 VirtIOSCSIReq *req;
 
 while ((req = virtio_scsi_pop_req(s, vq))) {
-virtio_scsi_fail_ctrl_req(req);
+int out_size, in_size;
+if (req->elem.out_num < 1 || req->elem.in_num < 1) {
+virtio_scsi_bad_req();
+continue;
+}
+
+out_size = req->elem.out_sg[0].iov_len;
+in_size = req->elem.in_sg[0].iov_len;
+if (req->req.tmf->type == VIRTIO_SCSI_T_TMF) {
+if (out_size < sizeof(VirtIOSCSICtrlTMFReq) ||
+in_size < sizeof(VirtIOSCSICtrlTMFResp)) {
+virtio_scsi_bad_req();
+}
+virtio_scsi_do_tmf(s, req);
+
+} else if (req->req.tmf->type == VIRTIO_SCSI_T_AN_QUERY ||
+   req->req.tmf->type == VIRTIO_SCSI_T_AN_SUBSCRIBE) {
+if (out_size < sizeof(VirtIOSCSICtrlANReq) ||
+in_size < sizeof(VirtIOSCSICtrlANResp)) {
+virtio_scsi_bad_req();
+}
+req->resp.an->event_actual = 0;
+req->resp.an->re

Re: [Qemu-devel] [PATCH] [m68k] Move helpers.h to helper.h

[Andreas Färber]

Am 13.02.2012 18:01, schrieb Lluís Vilanova:
> Andreas Färber writes:
> 
>> Am 13.02.2012 16:33, schrieb Lluís Vilanova:
>>> Provides a file naming scheme consistent with other targets.
>>>
>>> Signed-off-by: Lluís Vilanova 
>>> ---
>>> target-m68k/helper.c|2 +-
>>> target-m68k/helper.h|   54 
>>> +++
>>> target-m68k/helpers.h   |   54 
>>> ---
>>> target-m68k/op_helper.c |2 +-
>>> target-m68k/translate.c |6 +++--
>>> 5 files changed, 59 insertions(+), 59 deletions(-)
>>> create mode 100644 target-m68k/helper.h
>>> delete mode 100644 target-m68k/helpers.h
> 
>> Please check your git options, it did not recognize that you're renaming
>> the file. Or did you also reformat it?
> 
> It's pure file renaming. Which git options are you referring to?

Command lines options:
--no-renames
--find-renames=n / -Mn

Or config file options:
[diff]
renames = true
;or renames = "copies"

The default settings (i.e., none of the above set) usually detect it.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH v3 03/15] dma-helpers: add accounting wrappers

[Paolo Bonzini]

The length of the transfer is already in the sglist, the wrapper simply
fetches it.

Signed-off-by: Paolo Bonzini 
---
 dma-helpers.c |6 ++
 dma.h |3 +++
 2 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/dma-helpers.c b/dma-helpers.c
index f53a51f..a773489 100644
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -234,3 +234,9 @@ uint64_t dma_buf_write(uint8_t *ptr, int32_t len, 
QEMUSGList *sg)
 {
 return dma_buf_rw(ptr, len, sg, 1);
 }
+
+void dma_acct_start(BlockDriverState *bs, BlockAcctCookie *cookie,
+QEMUSGList *sg, enum BlockAcctType type)
+{
+bdrv_acct_start(bs, cookie, sg->size, type);
+}
diff --git a/dma.h b/dma.h
index 346ac4f..20e86d2 100644
--- a/dma.h
+++ b/dma.h
@@ -61,4 +61,7 @@ BlockDriverAIOCB *dma_bdrv_write(BlockDriverState *bs,
 uint64_t dma_buf_read(uint8_t *ptr, int32_t len, QEMUSGList *sg);
 uint64_t dma_buf_write(uint8_t *ptr, int32_t len, QEMUSGList *sg);
 
+void dma_acct_start(BlockDriverState *bs, BlockAcctCookie *cookie,
+QEMUSGList *sg, enum BlockAcctType type);
+
 #endif
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 02/15] dma-helpers: add dma_buf_read and dma_buf_write

[Paolo Bonzini]

These helpers do a full transfer from an in-memory buffer to target
memory, with support for scatter/gather lists.  It will be used to
store the reply of an emulated command into a QEMUSGList provided by
the adapter.

Signed-off-by: Paolo Bonzini 
---
 dma-helpers.c |   30 ++
 dma.h |3 +++
 2 files changed, 33 insertions(+), 0 deletions(-)

diff --git a/dma-helpers.c b/dma-helpers.c
index f08cdb5..f53a51f 100644
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -204,3 +204,33 @@ BlockDriverAIOCB *dma_bdrv_write(BlockDriverState *bs,
 {
 return dma_bdrv_io(bs, sg, sector, bdrv_aio_writev, cb, opaque, true);
 }
+
+
+static uint64_t dma_buf_rw(uint8_t *ptr, int32_t len, QEMUSGList *sg, bool 
to_dev)
+{
+uint64_t resid;
+int sg_cur_index;
+
+resid = sg->size;
+sg_cur_index = 0;
+len = MIN(len, resid);
+while (len > 0) {
+ScatterGatherEntry entry = sg->sg[sg_cur_index++];
+cpu_physical_memory_rw(entry.base, ptr, MIN(len, entry.len), !to_dev);
+ptr += entry.len;
+len -= entry.len;
+resid -= entry.len;
+}
+
+return resid;
+}
+
+uint64_t dma_buf_read(uint8_t *ptr, int32_t len, QEMUSGList *sg)
+{
+return dma_buf_rw(ptr, len, sg, 0);
+}
+
+uint64_t dma_buf_write(uint8_t *ptr, int32_t len, QEMUSGList *sg)
+{
+return dma_buf_rw(ptr, len, sg, 1);
+}
diff --git a/dma.h b/dma.h
index d50019b..346ac4f 100644
--- a/dma.h
+++ b/dma.h
@@ -58,4 +58,7 @@ BlockDriverAIOCB *dma_bdrv_read(BlockDriverState *bs,
 BlockDriverAIOCB *dma_bdrv_write(BlockDriverState *bs,
  QEMUSGList *sg, uint64_t sector,
  BlockDriverCompletionFunc *cb, void *opaque);
+uint64_t dma_buf_read(uint8_t *ptr, int32_t len, QEMUSGList *sg);
+uint64_t dma_buf_write(uint8_t *ptr, int32_t len, QEMUSGList *sg);
+
 #endif
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 08/15] scsi: add SCSIDevice vmstate definitions

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/scsi-bus.c |  107 +++--
 hw/scsi.h |   16 
 2 files changed, 120 insertions(+), 3 deletions(-)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 817aa49..15841d0 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -647,10 +647,8 @@ void scsi_req_build_sense(SCSIRequest *req, SCSISense 
sense)
 req->sense_len = 18;
 }
 
-int32_t scsi_req_enqueue(SCSIRequest *req)
+static void scsi_req_enqueue_internal(SCSIRequest *req)
 {
-int32_t rc;
-
 assert(!req->enqueued);
 scsi_req_ref(req);
 if (req->bus->info->get_sg_list) {
@@ -660,7 +658,14 @@ int32_t scsi_req_enqueue(SCSIRequest *req)
 }
 req->enqueued = true;
 QTAILQ_INSERT_TAIL(&req->dev->requests, req, next);
+}
 
+int32_t scsi_req_enqueue(SCSIRequest *req)
+{
+int32_t rc;
+
+assert(!req->retry);
+scsi_req_enqueue_internal(req);
 scsi_req_ref(req);
 rc = req->ops->send_command(req, req->cmd.buf);
 scsi_req_unref(req);
@@ -1442,6 +1447,102 @@ SCSIDevice *scsi_device_find(SCSIBus *bus, int channel, 
int id, int lun)
 return target_dev;
 }
 
+/* SCSI request list.  For simplicity, pv points to the whole device */
+
+static void put_scsi_requests(QEMUFile *f, void *pv, size_t size)
+{
+SCSIDevice *s = pv;
+SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
+SCSIRequest *req;
+
+QTAILQ_FOREACH(req, &s->requests, next) {
+assert(!req->io_canceled);
+assert(req->status == -1);
+assert(req->retry);
+assert(req->enqueued);
+
+qemu_put_sbyte(f, 1);
+qemu_put_buffer(f, req->cmd.buf, sizeof(req->cmd.buf));
+qemu_put_be32s(f, &req->tag);
+qemu_put_be32s(f, &req->lun);
+if (bus->info->save_request) {
+bus->info->save_request(f, req);
+}
+if (req->ops->save_request) {
+req->ops->save_request(f, req);
+}
+}
+qemu_put_sbyte(f, 0);
+}
+
+static int get_scsi_requests(QEMUFile *f, void *pv, size_t size)
+{
+SCSIDevice *s = pv;
+SCSIBus *bus = DO_UPCAST(SCSIBus, qbus, s->qdev.parent_bus);
+
+while (qemu_get_sbyte(f)) {
+uint8_t buf[SCSI_CMD_BUF_SIZE];
+uint32_t tag;
+uint32_t lun;
+SCSIRequest *req;
+
+qemu_get_buffer(f, buf, sizeof(buf));
+qemu_get_be32s(f, &tag);
+qemu_get_be32s(f, &lun);
+req = scsi_req_new(s, tag, lun, buf, NULL);
+if (bus->info->load_request) {
+req->hba_private = bus->info->load_request(f, req);
+}
+if (req->ops->load_request) {
+req->ops->load_request(f, req);
+}
+
+/* Just restart it later.  */
+req->retry = true;
+scsi_req_enqueue_internal(req);
+
+/* At this point, the request will be kept alive by the reference
+ * added by scsi_req_enqueue_internal, so we can release our reference.
+ * The HBA of course will add its own reference in the load_request
+ * callback if it needs to hold on the SCSIRequest.
+ */
+scsi_req_unref(req);
+}
+
+return 0;
+}
+
+const VMStateInfo vmstate_info_scsi_requests = {
+.name = "scsi-requests",
+.get  = get_scsi_requests,
+.put  = put_scsi_requests,
+};
+
+const VMStateDescription vmstate_scsi_device = {
+.name = "SCSIDevice",
+.version_id = 1,
+.minimum_version_id = 1,
+.minimum_version_id_old = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(unit_attention.key, SCSIDevice),
+VMSTATE_UINT8(unit_attention.asc, SCSIDevice),
+VMSTATE_UINT8(unit_attention.ascq, SCSIDevice),
+VMSTATE_BOOL(sense_is_ua, SCSIDevice),
+VMSTATE_UINT8_ARRAY(sense, SCSIDevice, SCSI_SENSE_BUF_SIZE),
+VMSTATE_UINT32(sense_len, SCSIDevice),
+{
+.name = "requests",
+.version_id   = 0,
+.field_exists = NULL,
+.size = 0,   /* ouch */
+.info = &vmstate_info_scsi_requests,
+.flags= VMS_SINGLE,
+.offset   = 0,
+},
+VMSTATE_END_OF_LIST()
+}
+};
+
 static void scsi_device_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *k = DEVICE_CLASS(klass);
diff --git a/hw/scsi.h b/hw/scsi.h
index 811f61c..c6624ca 100644
--- a/hw/scsi.h
+++ b/hw/scsi.h
@@ -96,6 +96,16 @@ struct SCSIDevice
 uint64_t max_lba;
 };
 
+extern const VMStateDescription vmstate_scsi_device;
+
+#define VMSTATE_SCSI_DEVICE(_field, _state) {\
+.name   = (stringify(_field)),   \
+.size   = sizeof(SCSIDevice),\
+.vmsd   = &vmstate_scsi_device,  \
+.flags  = VMS_STRUCT,\
+.offset = vmstate_offset_value(_state, _field, SCSIDevice),  \
+}
+
 /* cdrom.c */
 int 

[Qemu-devel] [PATCH v3 06/15] scsi: add scatter/gather functionality

[Paolo Bonzini]

Scatter/gather functionality uses the newly added DMA helpers.  The
device can choose between doing DMA itself, or calling scsi_req_data
as usual, which will use the newly added DMA helpers to copy piecewise
to/from the destination area(s).

Signed-off-by: Paolo Bonzini 
---
 hw/scsi-bus.c |   28 ++--
 hw/scsi.h |3 +++
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 6a069f4..69cb3fc 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -5,6 +5,7 @@
 #include "qdev.h"
 #include "blockdev.h"
 #include "trace.h"
+#include "dma.h"
 
 static char *scsibus_get_fw_dev_path(DeviceState *dev);
 static int scsi_req_parse(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf);
@@ -651,6 +652,11 @@ int32_t scsi_req_enqueue(SCSIRequest *req)
 
 assert(!req->enqueued);
 scsi_req_ref(req);
+if (req->bus->info->get_sg_list) {
+req->sg = req->bus->info->get_sg_list(req);
+} else {
+req->sg = NULL;
+}
 req->enqueued = true;
 QTAILQ_INSERT_TAIL(&req->dev->requests, req, next);
 
@@ -1275,14 +1281,32 @@ void scsi_req_continue(SCSIRequest *req)
Once it completes, calling scsi_req_continue will restart I/O.  */
 void scsi_req_data(SCSIRequest *req, int len)
 {
+uint8_t *buf;
 if (req->io_canceled) {
 trace_scsi_req_data_canceled(req->dev->id, req->lun, req->tag, len);
 return;
 }
 trace_scsi_req_data(req->dev->id, req->lun, req->tag, len);
 assert(req->cmd.mode != SCSI_XFER_NONE);
-req->resid -= len;
-req->bus->info->transfer_data(req, len);
+if (!req->sg) {
+req->resid -= len;
+req->bus->info->transfer_data(req, len);
+return;
+}
+
+/* If the device calls scsi_req_data and the HBA specified a
+ * scatter/gather list, the transfer has to happen in a single
+ * step.  */
+assert(!req->dma_started);
+req->dma_started = true;
+
+buf = scsi_req_get_buf(req);
+if (req->cmd.mode == SCSI_XFER_FROM_DEV) {
+req->resid = dma_buf_read(buf, len, req->sg);
+} else {
+req->resid = dma_buf_write(buf, len, req->sg);
+}
+scsi_req_continue(req);
 }
 
 void scsi_req_print(SCSIRequest *req)
diff --git a/hw/scsi.h b/hw/scsi.h
index e1c52d2..811f61c 100644
--- a/hw/scsi.h
+++ b/hw/scsi.h
@@ -49,6 +49,8 @@ struct SCSIRequest {
 size_tresid;
 SCSICommand   cmd;
 BlockDriverAIOCB  *aiocb;
+QEMUSGList*sg;
+bool  dma_started;
 uint8_t sense[SCSI_SENSE_BUF_SIZE];
 uint32_t sense_len;
 bool enqueued;
@@ -115,6 +117,7 @@ struct SCSIBusInfo {
 void (*transfer_data)(SCSIRequest *req, uint32_t arg);
 void (*complete)(SCSIRequest *req, uint32_t arg, size_t resid);
 void (*cancel)(SCSIRequest *req);
+QEMUSGList *(*get_sg_list)(SCSIRequest *req);
 };
 
 struct SCSIBus {
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 07/15] scsi-disk: enable scatter/gather functionality

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/scsi-bus.c  |1 +
 hw/scsi-disk.c |   63 ---
 2 files changed, 51 insertions(+), 13 deletions(-)

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index 69cb3fc..817aa49 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -87,6 +87,7 @@ static void scsi_dma_restart_bh(void *opaque)
 scsi_req_continue(req);
 break;
 case SCSI_XFER_NONE:
+assert(!req->sg);
 scsi_req_dequeue(req);
 scsi_req_enqueue(req);
 break;
diff --git a/hw/scsi-disk.c b/hw/scsi-disk.c
index 399e51e..0e4d6ad 100644
--- a/hw/scsi-disk.c
+++ b/hw/scsi-disk.c
@@ -38,6 +38,7 @@ do { fprintf(stderr, "scsi-disk: " fmt , ## __VA_ARGS__); } 
while (0)
 #include "sysemu.h"
 #include "blockdev.h"
 #include "block_int.h"
+#include "dma.h"
 
 #ifdef __linux
 #include 
@@ -123,6 +124,27 @@ static uint32_t scsi_init_iovec(SCSIDiskReq *r)
 return r->qiov.size / 512;
 }
 
+static void scsi_dma_complete(void *opaque, int ret)
+{
+SCSIDiskReq *r = (SCSIDiskReq *)opaque;
+SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
+
+bdrv_acct_done(s->qdev.conf.bs, &r->acct);
+
+if (ret) {
+if (scsi_handle_rw_error(r, -ret)) {
+goto done;
+}
+}
+
+r->sector += r->sector_count;
+r->sector_count = 0;
+scsi_req_complete(&r->req, GOOD);
+
+done:
+scsi_req_unref(&r->req);
+}
+
 static void scsi_read_complete(void * opaque, int ret)
 {
 SCSIDiskReq *r = (SCSIDiskReq *)opaque;
@@ -213,10 +235,17 @@ static void scsi_read_data(SCSIRequest *req)
 return;
 }
 
-n = scsi_init_iovec(r);
-bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, 
BDRV_ACCT_READ);
-r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
-  scsi_read_complete, r);
+if (r->req.sg) {
+dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_READ);
+r->req.resid -= r->req.sg->size;
+r->req.aiocb = dma_bdrv_read(s->qdev.conf.bs, r->req.sg, r->sector,
+ scsi_dma_complete, r);
+} else {
+n = scsi_init_iovec(r);
+bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, 
BDRV_ACCT_READ);
+r->req.aiocb = bdrv_aio_readv(s->qdev.conf.bs, r->sector, &r->qiov, n,
+  scsi_read_complete, r);
+}
 }
 
 /*
@@ -315,18 +344,26 @@ static void scsi_write_data(SCSIRequest *req)
 return;
 }
 
-n = r->qiov.size / 512;
-if (n) {
-if (s->tray_open) {
-scsi_write_complete(r, -ENOMEDIUM);
-return;
-}
+if (!r->req.sg && !r->qiov.size) {
+/* Called for the first time.  Ask the driver to send us more data.  */
+scsi_write_complete(r, 0);
+return;
+}
+if (s->tray_open) {
+scsi_write_complete(r, -ENOMEDIUM);
+return;
+}
+
+if (r->req.sg) {
+dma_acct_start(s->qdev.conf.bs, &r->acct, r->req.sg, BDRV_ACCT_WRITE);
+r->req.resid -= r->req.sg->size;
+r->req.aiocb = dma_bdrv_write(s->qdev.conf.bs, r->req.sg, r->sector,
+  scsi_dma_complete, r);
+} else {
+n = r->qiov.size / 512;
 bdrv_acct_start(s->qdev.conf.bs, &r->acct, n * BDRV_SECTOR_SIZE, 
BDRV_ACCT_WRITE);
 r->req.aiocb = bdrv_aio_writev(s->qdev.conf.bs, r->sector, &r->qiov, n,
scsi_write_complete, r);
-} else {
-/* Called for the first time.  Ask the driver to send us more data.  */
-scsi_write_complete(r, 0);
 }
 }
 
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 09/15] scsi-generic: add migration support

[Paolo Bonzini]

Signed-off-by: Paolo Bonzini 
---
 hw/scsi-generic.c |   25 +
 1 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/hw/scsi-generic.c b/hw/scsi-generic.c
index 4859212..cd62922 100644
--- a/hw/scsi-generic.c
+++ b/hw/scsi-generic.c
@@ -59,6 +59,28 @@ typedef struct SCSIGenericReq {
 sg_io_hdr_t io_header;
 } SCSIGenericReq;
 
+static void scsi_generic_save_request(QEMUFile *f, SCSIRequest *req)
+{
+SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+
+qemu_put_sbe32s(f, &r->buflen);
+if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+assert(!r->req.sg);
+qemu_put_buffer(f, r->buf, r->req.cmd.xfer);
+}
+}
+
+static void scsi_generic_load_request(QEMUFile *f, SCSIRequest *req)
+{
+SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
+
+qemu_get_sbe32s(f, &r->buflen);
+if (r->buflen && r->req.cmd.mode == SCSI_XFER_TO_DEV) {
+assert(!r->req.sg);
+qemu_get_buffer(f, r->buf, r->req.cmd.xfer);
+}
+}
+
 static void scsi_free_request(SCSIRequest *req)
 {
 SCSIGenericReq *r = DO_UPCAST(SCSIGenericReq, req, req);
@@ -446,6 +468,8 @@ const SCSIReqOps scsi_generic_req_ops = {
 .write_data   = scsi_write_data,
 .cancel_io= scsi_cancel_io,
 .get_buf  = scsi_get_buf,
+.load_request = scsi_generic_load_request,
+.save_request = scsi_generic_save_request,
 };
 
 static SCSIRequest *scsi_new_request(SCSIDevice *d, uint32_t tag, uint32_t lun,
@@ -474,6 +498,7 @@ static void scsi_generic_class_initfn(ObjectClass *klass, 
void *data)
 dc->desc = "pass through generic scsi device (/dev/sg*)";
 dc->reset = scsi_generic_reset;
 dc->props = scsi_generic_properties;
+dc->vmsd  = &vmstate_scsi_device;
 }
 
 static TypeInfo scsi_generic_info = {
-- 
1.7.7.6

[Qemu-devel] [PATCH v3 11/15] virtio-scsi: Add virtio-scsi stub device

[Paolo Bonzini]

From: Stefan Hajnoczi 

Add a useless virtio SCSI HBA device:

  qemu -device virtio-scsi-pci

Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Paolo Bonzini 
---
v2->v3: changed virtio id

 Makefile.target   |1 +
 default-configs/pci.mak   |1 +
 default-configs/s390x-softmmu.mak |1 +
 hw/pci.h  |1 +
 hw/s390-virtio-bus.c  |   34 ++
 hw/s390-virtio-bus.h  |4 +-
 hw/virtio-pci.c   |   56 +
 hw/virtio-pci.h   |2 +
 hw/virtio-scsi.c  |  228 +
 hw/virtio-scsi.h  |   36 ++
 hw/virtio.h   |3 +
 11 files changed, 366 insertions(+), 1 deletions(-)
 create mode 100644 hw/virtio-scsi.c
 create mode 100644 hw/virtio-scsi.h

diff --git a/Makefile.target b/Makefile.target
index 29fde6e..c8f61d6 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -200,6 +200,7 @@ obj-y = arch_init.o cpus.o monitor.o machine.o gdbstub.o 
balloon.o ioport.o
 # need to fix this properly
 obj-$(CONFIG_NO_PCI) += pci-stub.o
 obj-$(CONFIG_VIRTIO) += virtio.o virtio-blk.o virtio-balloon.o virtio-net.o 
virtio-serial-bus.o
+obj-$(CONFIG_VIRTIO_SCSI) += virtio-scsi.o
 obj-y += vhost_net.o
 obj-$(CONFIG_VHOST_NET) += vhost.o
 obj-$(CONFIG_REALLY_VIRTFS) += 9pfs/virtio-9p-device.o
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 9d3e1db..21e4ccf 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -1,5 +1,6 @@
 CONFIG_PCI=y
 CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_SCSI=y
 CONFIG_VIRTIO=y
 CONFIG_USB_UHCI=y
 CONFIG_USB_OHCI=y
diff --git a/default-configs/s390x-softmmu.mak 
b/default-configs/s390x-softmmu.mak
index 3005729..e588803 100644
--- a/default-configs/s390x-softmmu.mak
+++ b/default-configs/s390x-softmmu.mak
@@ -1 +1,2 @@
 CONFIG_VIRTIO=y
+CONFIG_VIRTIO_SCSI=y
diff --git a/hw/pci.h b/hw/pci.h
index 33b0b18..ff4c12d 100644
--- a/hw/pci.h
+++ b/hw/pci.h
@@ -75,6 +75,7 @@
 #define PCI_DEVICE_ID_VIRTIO_BLOCK   0x1001
 #define PCI_DEVICE_ID_VIRTIO_BALLOON 0x1002
 #define PCI_DEVICE_ID_VIRTIO_CONSOLE 0x1003
+#define PCI_DEVICE_ID_VIRTIO_SCSI0x1004
 
 #define FMT_PCIBUS  PRIx64
 
diff --git a/hw/s390-virtio-bus.c b/hw/s390-virtio-bus.c
index 49140f8..3515abc 100644
--- a/hw/s390-virtio-bus.c
+++ b/hw/s390-virtio-bus.c
@@ -169,6 +169,39 @@ static int s390_virtio_serial_init(VirtIOS390Device *dev)
 return r;
 }
 
+static int s390_virtio_scsi_init(VirtIOS390Device *dev)
+{
+VirtIODevice *vdev;
+
+vdev = virtio_scsi_init((DeviceState *)dev, &dev->scsi);
+if (!vdev) {
+return -1;
+}
+
+return s390_virtio_device_init(dev, vdev);
+}
+
+static Property virtio_scsi_properties[] = {
+DEFINE_VIRTIO_SCSI_PROPERTIES(VirtIOPCIProxy, host_features, scsi),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void s390_virtio_scsi_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+VirtIOS390DeviceClass *k = VIRTIO_S390_DEVICE_CLASS(klass);
+
+k->init = s390_virtio_scsi_init;
+dc->props = s390_virtio_scsi_properties;
+}
+
+static DeviceInfo virtio_scsi_info = {
+.name  = "virtio-scsi-s390",
+.parent= TYPE_VIRTIO_S390_DEVICE,
+.instance_size = sizeof(VirtIOS390Device),
+.class_init= s390_virtio_scsi_class_init,
+};
+
 static uint64_t s390_virtio_device_vq_token(VirtIOS390Device *dev, int vq)
 {
 ram_addr_t token_off;
@@ -439,6 +472,7 @@ static void s390_virtio_register(void)
 type_register_static(&s390_virtio_serial);
 type_register_static(&s390_virtio_blk);
 type_register_static(&s390_virtio_net);
+type_register_static(&s390_virtio_scsi);
 }
 device_init(s390_virtio_register);
 
diff --git a/hw/s390-virtio-bus.h b/hw/s390-virtio-bus.h
index b5e59b7..ef534b6 100644
--- a/hw/s390-virtio-bus.h
+++ b/hw/s390-virtio-bus.h
@@ -19,6 +19,7 @@
 
 #include "virtio-net.h"
 #include "virtio-serial.h"
+#include "virtio-scsi.h"
 
 #define VIRTIO_DEV_OFFS_TYPE   0   /* 8 bits */
 #define VIRTIO_DEV_OFFS_NUM_VQ 1   /* 8 bits */
@@ -67,7 +68,8 @@ struct VirtIOS390Device {
 uint32_t host_features;
 virtio_serial_conf serial;
 virtio_net_conf net;
-};
+VirtIOSCSIConf scsi;
+} VirtIOS390Device;
 
 typedef struct VirtIOS390Bus {
 BusState bus;
diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index 93fff54..08e63a6 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -21,6 +21,7 @@
 #include "virtio-blk.h"
 #include "virtio-net.h"
 #include "virtio-serial.h"
+#include "virtio-scsi.h"
 #include "pci.h"
 #include "qemu-error.h"
 #include "msix.h"
@@ -930,12 +931,67 @@ static TypeInfo virtio_balloon_info = {
 .class_init= virtio_balloon_class_init,
 };
 
+static int virtio_scsi_init_pci(PCIDevice *pci_dev)
+{
+VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pc

[Qemu-devel] [PATCH v3 15/15] virtio-scsi: add migration support

[Paolo Bonzini]

Reviewed-by: Stefan Hajnoczi 
Signed-off-by: Paolo Bonzini 
---
 hw/virtio-scsi.c |   50 +-
 1 files changed, 49 insertions(+), 1 deletions(-)

diff --git a/hw/virtio-scsi.c b/hw/virtio-scsi.c
index 7ad60ec..f5cecfc 100644
--- a/hw/virtio-scsi.c
+++ b/hw/virtio-scsi.c
@@ -237,6 +237,34 @@ static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, 
VirtQueue *vq)
 return req;
 }
 
+static void virtio_scsi_save_request(QEMUFile *f, SCSIRequest *sreq)
+{
+VirtIOSCSIReq *req = sreq->hba_private;
+
+qemu_put_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
+}
+
+static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq)
+{
+SCSIBus *bus = sreq->bus;
+VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus);
+VirtIOSCSIReq *req;
+
+req = g_malloc(sizeof(*req));
+qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem));
+virtio_scsi_parse_req(s, s->cmd_vq, req);
+
+scsi_req_ref(sreq);
+req->sreq = sreq;
+if (req->sreq->cmd.mode != SCSI_XFER_NONE) {
+int req_mode =
+(req->elem.in_num > 1 ? SCSI_XFER_FROM_DEV : SCSI_XFER_TO_DEV);
+
+assert(req->sreq->cmd.mode == req_mode);
+}
+return req;
+}
+
 static void virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req)
 {
 SCSIDevice *d = virtio_scsi_device_find(s, req->req.cmd->lun);
@@ -508,6 +536,22 @@ static void virtio_scsi_reset(VirtIODevice *vdev)
 s->cdb_size = VIRTIO_SCSI_CDB_SIZE;
 }
 
+/* The device does not have anything to save beyond the virtio data.
+ * Request data is saved with callbacks from SCSI devices.
+ */
+static void virtio_scsi_save(QEMUFile *f, void *opaque)
+{
+VirtIOSCSI *s = opaque;
+virtio_save(&s->vdev, f);
+}
+
+static int virtio_scsi_load(QEMUFile *f, void *opaque, int version_id)
+{
+VirtIOSCSI *s = opaque;
+virtio_load(&s->vdev, f);
+return 0;
+}
+
 static struct SCSIBusInfo virtio_scsi_scsi_info = {
 .tcq = true,
 .max_channel = VIRTIO_SCSI_MAX_CHANNEL,
@@ -517,11 +561,14 @@ static struct SCSIBusInfo virtio_scsi_scsi_info = {
 .complete = virtio_scsi_command_complete,
 .cancel = virtio_scsi_request_cancelled,
 .get_sg_list = virtio_scsi_get_sg_list,
+.save_request = virtio_scsi_save_request,
+.load_request = virtio_scsi_load_request,
 };
 
 VirtIODevice *virtio_scsi_init(DeviceState *dev, VirtIOSCSIConf *proxyconf)
 {
 VirtIOSCSI *s;
+static int virtio_scsi_id;
 
 s = (VirtIOSCSI *)virtio_common_init("virtio-scsi", VIRTIO_ID_SCSI,
  sizeof(VirtIOSCSIConfig),
@@ -548,7 +595,8 @@ VirtIODevice *virtio_scsi_init(DeviceState *dev, 
VirtIOSCSIConf *proxyconf)
 scsi_bus_legacy_handle_cmdline(&s->bus);
 }
 
-/* TODO savevm */
+register_savevm(dev, "virtio-scsi", virtio_scsi_id++, 1,
+virtio_scsi_save, virtio_scsi_load, s);
 
 return &s->vdev;
 }
-- 
1.7.7.6

Re: [Qemu-devel] [PATCH v2 5/8] kvmvapic: Introduce TPR access optimization for Windows guests

[Blue Swirl]

On Mon, Feb 13, 2012 at 10:16, Jan Kiszka  wrote:
> On 2012-02-11 16:25, Blue Swirl wrote:
>> On Fri, Feb 10, 2012 at 18:31, Jan Kiszka  wrote:
>>> This enables acceleration for MMIO-based TPR registers accesses of
>>> 32-bit Windows guest systems. It is mostly useful with KVM enabled,
>>> either on older Intel CPUs (without flexpriority feature, can also be
>>> manually disabled for testing) or any current AMD processor.
>>>
>>> The approach introduced here is derived from the original version of
>>> qemu-kvm. It was refactored, documented, and extended by support for
>>> user space APIC emulation, both with and without KVM acceleration. The
>>> VMState format was kept compatible, so was the ABI to the option ROM
>>> that implements the guest-side para-virtualized driver service. This
>>> enables seamless migration from qemu-kvm to upstream or, one day,
>>> between KVM and TCG mode.
>>>
>>> The basic concept goes like this:
>>>  - VAPIC PV interface consisting of I/O port 0x7e and (for KVM in-kernel
>>>   irqchip) a vmcall hypercall is registered
>>>  - VAPIC option ROM is loaded into guest
>>>  - option ROM activates TPR MMIO access reporting via port 0x7e
>>>  - TPR accesses are trapped and patched in the guest to call into option
>>>   ROM instead, VAPIC support is enabled
>>>  - option ROM TPR helpers track state in memory and invoke hypercall to
>>>   poll for pending IRQs if required
>>>
>>> Signed-off-by: Jan Kiszka 
>>
>> I must say that I find the approach horrible, patching guests and ROMs
>> and looking up Windows internals. Taking the same approach to extreme,
>> we could for example patch Xen guest to become a KVM guest. Not that I
>> object merging.
>
> Yes, this is horrible. But there is no real better way in the absence of
> hardware assisted virtualization of the TPR. I think MS is recommending
> this patching approach as well.

Maybe instead of routing via ROM and the hypercall, the TPR accesses
could be handled directly with guest invisible breakpoints (like GDB
breakpoints, but for QEMU internal use), much like other
instrumentation could be handled.

>>> diff --git a/hw/apic.c b/hw/apic.c
>>> index 086c544..2ebf3ca 100644
>>> --- a/hw/apic.c
>>> +++ b/hw/apic.c
>>> @@ -35,6 +35,10 @@
>>>  #define MSI_ADDR_DEST_ID_SHIFT         12
>>>  #define        MSI_ADDR_DEST_ID_MASK           0x000
>>>
>>> +#define SYNC_FROM_VAPIC                 0x1
>>> +#define SYNC_TO_VAPIC                   0x2
>>> +#define SYNC_ISR_IRR_TO_VAPIC           0x4
>>
>> Enum, please.
>
> OK.
>
>>
>>> +
>>>  static APICCommonState *local_apics[MAX_APICS + 1];
>>>
>>>  static void apic_set_irq(APICCommonState *s, int vector_num, int 
>>> trigger_mode);
>>> @@ -78,6 +82,70 @@ static inline int get_bit(uint32_t *tab, int index)
>>>     return !!(tab[i] & mask);
>>>  }
>>>
>>> +/* return -1 if no bit is set */
>>> +static int get_highest_priority_int(uint32_t *tab)
>>> +{
>>> +    int i;
>>> +    for (i = 7; i >= 0; i--) {
>>> +        if (tab[i] != 0) {
>>> +            return i * 32 + fls_bit(tab[i]);
>>> +        }
>>> +    }
>>> +    return -1;
>>> +}
>>> +
>>> +static void apic_sync_vapic(APICCommonState *s, int sync_type)
>>> +{
>>> +    VAPICState vapic_state;
>>> +    size_t length;
>>> +    off_t start;
>>> +    int vector;
>>> +
>>> +    if (!s->vapic_paddr) {
>>> +        return;
>>> +    }
>>> +    if (sync_type & SYNC_FROM_VAPIC) {
>>> +        cpu_physical_memory_rw(s->vapic_paddr, (void *)&vapic_state,
>>> +                               sizeof(vapic_state), 0);
>>> +        s->tpr = vapic_state.tpr;
>>> +    }
>>> +    if (sync_type & (SYNC_TO_VAPIC | SYNC_ISR_IRR_TO_VAPIC)) {
>>> +        start = offsetof(VAPICState, isr);
>>> +        length = offsetof(VAPICState, enabled) - offsetof(VAPICState, isr);
>>> +
>>> +        if (sync_type & SYNC_TO_VAPIC) {
>>> +            assert(qemu_cpu_is_self(s->cpu_env));
>>> +
>>> +            vapic_state.tpr = s->tpr;
>>> +            vapic_state.enabled = 1;
>>> +            start = 0;
>>> +            length = sizeof(VAPICState);
>>> +        }
>>> +
>>> +        vector = get_highest_priority_int(s->isr);
>>> +        if (vector < 0) {
>>> +            vector = 0;
>>> +        }
>>> +        vapic_state.isr = vector & 0xf0;
>>> +
>>> +        vapic_state.zero = 0;
>>> +
>>> +        vector = get_highest_priority_int(s->irr);
>>> +        if (vector < 0) {
>>> +            vector = 0;
>>> +        }
>>> +        vapic_state.irr = vector & 0xff;
>>> +
>>> +        cpu_physical_memory_write_rom(s->vapic_paddr + start,
>>> +                                      ((void *)&vapic_state) + start, 
>>> length);
>>
>> This assumes that the vapic_state structure matches guest what guest
>> expect without conversion. Is this true for i386 on x86_64? I didn't
>> check the structure in question.
>
> Yes, the structure in question is a packed one, stable on both guest and
> host side (the guest side is 32-bit only anyway).
>
>>> diff --git a/hw/apic_common.c b/hw/apic_commo

Re: [Qemu-devel] [PATCH v2 5/8] kvmvapic: Introduce TPR access optimization for Windows guests

[Gleb Natapov]

On Mon, Feb 13, 2012 at 06:50:08PM +, Blue Swirl wrote:
> On Mon, Feb 13, 2012 at 10:16, Jan Kiszka  wrote:
> > On 2012-02-11 16:25, Blue Swirl wrote:
> >> On Fri, Feb 10, 2012 at 18:31, Jan Kiszka  wrote:
> >>> This enables acceleration for MMIO-based TPR registers accesses of
> >>> 32-bit Windows guest systems. It is mostly useful with KVM enabled,
> >>> either on older Intel CPUs (without flexpriority feature, can also be
> >>> manually disabled for testing) or any current AMD processor.
> >>>
> >>> The approach introduced here is derived from the original version of
> >>> qemu-kvm. It was refactored, documented, and extended by support for
> >>> user space APIC emulation, both with and without KVM acceleration. The
> >>> VMState format was kept compatible, so was the ABI to the option ROM
> >>> that implements the guest-side para-virtualized driver service. This
> >>> enables seamless migration from qemu-kvm to upstream or, one day,
> >>> between KVM and TCG mode.
> >>>
> >>> The basic concept goes like this:
> >>>  - VAPIC PV interface consisting of I/O port 0x7e and (for KVM in-kernel
> >>>   irqchip) a vmcall hypercall is registered
> >>>  - VAPIC option ROM is loaded into guest
> >>>  - option ROM activates TPR MMIO access reporting via port 0x7e
> >>>  - TPR accesses are trapped and patched in the guest to call into option
> >>>   ROM instead, VAPIC support is enabled
> >>>  - option ROM TPR helpers track state in memory and invoke hypercall to
> >>>   poll for pending IRQs if required
> >>>
> >>> Signed-off-by: Jan Kiszka 
> >>
> >> I must say that I find the approach horrible, patching guests and ROMs
> >> and looking up Windows internals. Taking the same approach to extreme,
> >> we could for example patch Xen guest to become a KVM guest. Not that I
> >> object merging.
> >
> > Yes, this is horrible. But there is no real better way in the absence of
> > hardware assisted virtualization of the TPR. I think MS is recommending
> > this patching approach as well.
> 
> Maybe instead of routing via ROM and the hypercall, the TPR accesses
> could be handled directly with guest invisible breakpoints (like GDB
> breakpoints, but for QEMU internal use), much like other
> instrumentation could be handled.
> 
Hypercall is rarely called. The idea behind patching is to not
have exit on each TPR update. Breakpoint will cause exit making the
whole exercise pointless.

--
Gleb.

Re: [Qemu-devel] [PATCH v2 5/8] kvmvapic: Introduce TPR access optimization for Windows guests

[Jan Kiszka]

On 2012-02-13 19:50, Blue Swirl wrote:
> On Mon, Feb 13, 2012 at 10:16, Jan Kiszka  wrote:
>> On 2012-02-11 16:25, Blue Swirl wrote:
>>> On Fri, Feb 10, 2012 at 18:31, Jan Kiszka  wrote:
 This enables acceleration for MMIO-based TPR registers accesses of
 32-bit Windows guest systems. It is mostly useful with KVM enabled,
 either on older Intel CPUs (without flexpriority feature, can also be
 manually disabled for testing) or any current AMD processor.

 The approach introduced here is derived from the original version of
 qemu-kvm. It was refactored, documented, and extended by support for
 user space APIC emulation, both with and without KVM acceleration. The
 VMState format was kept compatible, so was the ABI to the option ROM
 that implements the guest-side para-virtualized driver service. This
 enables seamless migration from qemu-kvm to upstream or, one day,
 between KVM and TCG mode.

 The basic concept goes like this:
  - VAPIC PV interface consisting of I/O port 0x7e and (for KVM in-kernel
   irqchip) a vmcall hypercall is registered
  - VAPIC option ROM is loaded into guest
  - option ROM activates TPR MMIO access reporting via port 0x7e
  - TPR accesses are trapped and patched in the guest to call into option
   ROM instead, VAPIC support is enabled
  - option ROM TPR helpers track state in memory and invoke hypercall to
   poll for pending IRQs if required

 Signed-off-by: Jan Kiszka 
>>>
>>> I must say that I find the approach horrible, patching guests and ROMs
>>> and looking up Windows internals. Taking the same approach to extreme,
>>> we could for example patch Xen guest to become a KVM guest. Not that I
>>> object merging.
>>
>> Yes, this is horrible. But there is no real better way in the absence of
>> hardware assisted virtualization of the TPR. I think MS is recommending
>> this patching approach as well.
> 
> Maybe instead of routing via ROM and the hypercall, the TPR accesses
> could be handled directly with guest invisible breakpoints (like GDB
> breakpoints, but for QEMU internal use), much like other
> instrumentation could be handled.

Gleb answered it already.

 @@ -238,6 +275,7 @@ static int apic_init_common(SysBusDevice *dev)
  {
 APICCommonState *s = APIC_COMMON(dev);
 APICCommonClass *info;
 +static DeviceState *vapic;
 static int apic_no;

 if (apic_no >= MAX_APICS) {
 @@ -248,10 +286,29 @@ static int apic_init_common(SysBusDevice *dev)
 info = APIC_COMMON_GET_CLASS(s);
 info->init(s);

 -sysbus_init_mmio(&s->busdev, &s->io_memory);
 +sysbus_init_mmio(dev, &s->io_memory);
 +
 +if (!vapic && s->vapic_control & VAPIC_ENABLE_MASK) {
 +vapic = sysbus_create_simple("kvmvapic", -1, NULL);
 +}
 +s->vapic = vapic;
 +if (apic_report_tpr_access && info->enable_tpr_reporting) {
>>>
>>> I think you should not rely on apic_report_tpr_access being in sane
>>> condition during class init.
>>
>> It is mandatory, e.g. for CPU hotplug, as reporting needs to be
>> consistent accross all VCPUs. Therefore it is a static global, set to
>> false initially. However, you are right, we lack proper clearing of  the
>> access report feature on reset, not only in this variable.
> 
> I'd also set it to false initially.

It's a global variable, thus initialized to false by definition.

 +
 +#define VAPIC_CPU_SHIFT 7
 +
 +#define ROM_BLOCK_SIZE  512
 +#define ROM_BLOCK_MASK  (~(ROM_BLOCK_SIZE - 1))
 +
 +typedef struct VAPICHandlers {
 +uint32_t set_tpr;
 +uint32_t set_tpr_eax;
 +uint32_t get_tpr[8];
 +uint32_t get_tpr_stack;
 +} QEMU_PACKED VAPICHandlers;
 +
 +typedef struct GuestROMState {
 +char signature[8];
 +uint32_t vaddr;
>>>
>>> This does not look 64 bit clean.
>>
>> It's packed.
> 
> I meant "virtual address could be 64 bits on a 64 bit host", not
> structure packing.

This is for 32-bit guests only. 64-bit Windows doesn't access the TPR
via MMIO, thus is not activating the VAPIC.

 +uint32_t state;
 +uint32_t rom_state_paddr;
 +uint32_t rom_state_vaddr;
 +uint32_t vapic_paddr;
 +uint32_t real_tpr_addr;
 +GuestROMState rom_state;
 +size_t rom_size;
 +} VAPICROMState;
 +
 +#define TPR_INSTR_IS_WRITE  0x1
 +#define TPR_INSTR_ABS_MODRM 0x2
 +#define TPR_INSTR_MATCH_MODRM_REG   0x4
 +
 +typedef struct TPRInstruction {
 +uint8_t opcode;
 +uint8_t modrm_reg;
 +unsigned int flags;
 +size_t length;
 +off_t addr_offset;
 +} TPRInstruction;
>>>
>>> Also here the order is pessimized.
>>
>> Don't see the gain here, though.
> 
> There are two bytes' hole between modrm_reg and flags, maybe also 4
> bytes between len

[Qemu-devel] [PATCH] trace: fix documentation ./configure line

[Stefan Hajnoczi]

The quickstart documentation still shows the old ./configure
--trace-backend= syntax.  This was changed in commit
74242e0f7f4bf3d85fe28b939a3d66827fe653e5 to be more like autoconf using
--enable-trace-backend=.

Signed-off-by: Stefan Hajnoczi 
---
 docs/tracing.txt |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/docs/tracing.txt b/docs/tracing.txt
index ea29f2c..7b11d15 100644
--- a/docs/tracing.txt
+++ b/docs/tracing.txt
@@ -9,7 +9,7 @@ for debugging, profiling, and observing execution.
 
 1. Build with the 'simple' trace backend:
 
-./configure --trace-backend=simple
+./configure --enable-trace-backend=simple
 make
 
 2. Create a file with the events you want to trace:
-- 
1.7.9

Re: [Qemu-devel] slirp-related crash

[Jan Kiszka]

On 2012-02-13 16:27, Zhi Yong Wu wrote:
> On Mon, Feb 13, 2012 at 4:24 AM, Jan Kiszka  wrote:
>> On 2012-02-12 19:34, Michael S. Tsirkin wrote:
>>> It seems somewhat easy to crash qemu with slirp if we queue multiple 
>>> packets.
>>> I didn't investigate further yet so I don't know if this
>>> is a regression. Anyone knowledgeable about slirp wants to take a look?
>>>
>>> /home/mst/qemu-test/bin/qemu-system-x86_64  -enable-kvm -m 1G -drive
>>> file=/home/mst/rhel6.qcow2 -netdev user,id=bar -net
>>> nic,netdev=bar,model=e1000,macaddr=52:54:00:12:34:57  -redir
>>> tcp:8022::22  -vnc :1 -monitor stdio
>>>
>>> While guest is booting, quickly do this
>>>
>>> ssh localhost -p 8022
>>> CTRL-C
>>> ssh localhost -p 8022
>>> CTRL-C
>>> ssh localhost -p 8022
>>> CTRL-C
>>> ssh localhost -p 8022
>>> CTRL-C
>>
>> Confirmed. A single canceled connection prior the interface setup is
>> enough. Possibly something is not properly removed / cleaned up here.
>> Will see if I find some time to debug, can't promise.
> Interesting thing, pls give me some time, and i am trying to debug this issue.

I had a look today, but haven't found a fix yet. The problem is related
to our requeuing of packets if the target MAC is not yet known.
Something goes terribly wrong once it gets resolved (mbuf use after
release?). Maybe it was always wrong and the requeuing just surfaced the
bug, dunno.

After starring at the code for a while, I got the bad feeling of
"unfixable with reasonable effort". The queuing code is horrible (well,
like most of slirp), and the requeuing just made it worse. But maybe I'm
just missing some trick now - yet another one that would make the code
even more unreadable...

I'm inclined to suggest a slirp rewrite (base support, not all features
at once) as a GSOC project. QEMU really deserves something better.

Jan

-- 
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux