Re: [Qemu-devel] [PATCH] Add nvram to default boot device list

[Avik Sil]

On 10/12/2012 04:29 AM, David Gibson wrote:
> On Thu, Oct 11, 2012 at 07:34:42AM +0530, Avik Sil wrote:
>> This patch adds nvram specified boot device into qemu default
>> boot_devices list. This helps firmware to boot from nvram specified
>> boot device if no -boot option is specified.
> 
> I really don't think this is a good idea, it extends an already
> deprecated mechanism in a fuzzy way and requires careful checking to
> see if it could break anything.  On all platforms the boot sequence
> should be:
>   if bootindex is specified:
>   boot according to bootindex
>   else if -boot is specified:
>   boot according to -boot sequence
>   else:
>   use platform firmware default sequence
> 
> The last will of course vary by platform, and could depend on platform
> details like the contents of NVRAM.  Your original idea of making it
> clear to the guest when -boot has been specified (as opposed to when
> it contains its default value) was the right one, and this "x" in
> -boot is going the wrong direction.
> 
I'm fine with the original approach. The patch is there in qemu-ppc m-l [1].

Regards,
Avik

[1] http://lists.nongnu.org/archive/html/qemu-ppc/2012-10/msg00081.html

Re: [Qemu-devel] slower live-migration with XBZRLE

[Alexandre DERUMIER]

Hi, I have observed same behaviour with vm with lot of memory transfert, or 
playing video in the guest.
https://lists.gnu.org/archive/html/qemu-devel/2012-09/msg00138.html


You can try to tunned to xbzrle cache size, maybe it'll improve speed.


- Mail original -

De: "Vasilis Liaskovitis" 
À: qemu-devel@nongnu.org
Cc: owasser...@redhat.com
Envoyé: Jeudi 11 Octobre 2012 18:26:41
Objet: [Qemu-devel] slower live-migration with XBZRLE

Hi,

I am testing XBZRLE compression with qemu-1.2 for live migration of large VM
and/or memory-intensive workloads. I have a 4GB guest that runs the memory r/w
load generator from the original patchset, see docs/xbzrle.txt or
http://lists.gnu.org/archive/html/qemu-devel/2012-07/msg01207.html

I have set xbzrle to "on" in both source/target, and default cache size in 
source
(I also tried using 1g cache size, during the test or with a new migration). The
migration starts but the ram transfer rate is very slow and migration total time
is very large. Cache misses and overflows seem small as far as I can tell. 

Here's example output from the source "info migrate" with xbzrle=on when it's 
done:

(qemu) info migrate
capabilities: xbzrle: on
Migration status: completed
total time: 6530177 milliseconds
transferred ram: 4887726 kbytes
remaining ram: 0 kbytes
total ram: 4211008 kbytes
duplicate: 3126234 pages
normal: 43587 pages
normal bytes: 174348 kbytes
cache size: 268435456 bytes
xbzrle transferred: 4710325 kbytes
xbzrle pages: 266649315 pages
xbzrle cache miss: 43440
xbzrle overflow : 147

The same guest+workload migrates much faster with xbzrle=off. I would have
expected the opposite behaviour i.e with xbzrle=off, this guest+workload 
combination would migrate very slowly or never end.

Here's example output from the source "info migrate" with xbzrle=off when it's
done

(qemu) info migrate
capabilities: xbzrle: off
Migration status: completed
total time: 10791 milliseconds
transferred ram: 220735 kbytes
remaining ram: 0 kbytes
total ram: 4211008 kbytes
duplicate: 1007476 pages
normal: 54938 pages
normal bytes: 219752 kbytes

Have I missed setting some other migration parameter? I tried using
migrate_set_speed to change the bandwidth limit to 10 bytes/sec but it
didn't make any difference.

Are there any default parameters that would make xbzrle inefficient for this 
type
of workload? Has any one measured a point of diminishing returns where e.g.
encoding/decoding cpu-overhead makes the feature ineffective?

this was a live-migration performed on same host, but I have seen same behaviour
between 2 hosts. The test host was idle apart from the VMs.

sample command line:
-enable-kvm -M pc -smp 2,maxcpus=64 -cpu host -m 4096 -drive
file=/home/debian.img,if=none,id=drive-virtio-disk0,format=raw
-device 
virtio-blk-pci,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
-vga std -netdev type=tap,id=guest0,vhost=on -device 
virtio-net-pci,netdev=guest0

thanks,

- Vasilis

[Qemu-devel] Build the qemu with spice support return error

[Bing Bu Cao]

Hi,

I want to build qemu(not qemu-kvm) with spice support enabled.

1.build spice

cd $SRC_ROOT/spice
./autogen.sh
make install

2.build qemu
cd $SRC_ROOT/qemu
./configure --target-list=x86_64-softmmu --enable-spice
make

return error:
/qemu/hw/i386/../qxl.c: In function ‘interface_set_client_capabilities’:
.../qemu/hw/i386/../qxl.c:965:20: error: ‘QXLRom’ has no member named 
‘client_present’
.../qemu/hw/i386/../qxl.c:966:27: error: ‘QXLRom’ has no member named 
‘client_capabilities’
.../qemu/hw/i386/../qxl.c:967:13: error: ‘QXLRom’ has no member named 
‘client_present’
.../qemu/hw/i386/../qxl.c:968:20: error: ‘QXLRom’ has no member named 
‘client_capabilities’
.../qemu/hw/i386/../qxl.c:971:26: error: ‘QXL_INTERRUPT_CLIENT’ 
undeclared (first use in this function)
.../qemu/hw/i386/../qxl.c:971:26: note: each undeclared identifier is 
reported only once for each function it appears in

make[1]: *** [hw/i386/../qxl.o] Error 1

I have pull the latest source code and it still can not work,so I think
the qxl.h need updated in the master ref? right?


--
Best Regards,
Bing Bu Cao

Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-helper

[Mike Lovell]

On 10/12/2012 12:49 AM, Mike Lovell wrote:

This makes a few changes to allow ifname to be specified when using
qemu-bridge-helper with both the bridge and tap network interfaces. It adds
the --ifname option to qemu-bridge-helper, removes the restriction that ifname
cannot be specified with helper for the tap interface, and adds logic to
specify the --ifname option when exec'ing the helper.

Signed-off-by: Mike Lovell 
---

This feature was originally requested by Mario De Chenno on the qemu-devel
mailing list. Seems pretty simple and figured it was something I could throw
together pretty quickly. I have tested the following combinations of invoking
qemu (where qbr is qemu-bridge-helper)

qemu-system-x86_64 -net nic -net tap,helper="qbr --br=test1"
qemu-system-x86_64 -net nic -net tap,helper="qbr --br=test1",ifname=vm1
qemu-system-x86_64 -net nic -net tap,helper=qbr
qemu-system-x86_64 -net nic -net tap,helper=qbr,ifname=vm1
qemu-system-x86_64 -net nic -net bridge,helper=qbr
qemu-system-x86_64 -net nic -net bridge,helper=qbr,ifname=vm1
qemu-system-x86_64 -net nic -net bridge,helper=qbr,ifname=vm1,br=test1
qemu-system-x86_64 -net nic -net bridge,helper=qbr,br=test1


I realized there were a couple more cases to check. I also tested the 
following.


qemu-system-x86_64 -net nic -net tap,helper="qbr --ifname=vm1"
qemu-system-x86_64 -net nic -net tap,helper="qbr --br=test1 --ifname=vm1"
qemu-system-x86_64 -net nic -net tap,helper="qbr --ifname=vm1",ifname=foo
qemu-system-x86_64 -net nic -net tap,helper="qbr --br=test1 
--ifname=vm1",ifname=foo


In the last two cases, the --ifname specified in the helper option (in 
this case, vm1) is used over the tap ifname option (in this case, foo).


mike

Re: [Qemu-devel] [PATCH v2 21/21] q35: add acpi-based pci hotplug.

[Gerd Hoffmann]

  Hi,

>> Yes. Reason I ask is because q35 is adding bridges by default now.
>> Would it be possible to only add them if requested on command line by user
>> instead? I realize some guests expect devices at specific slots
>> but this does not apply to bridges I think?
> 
> I just tried out getting rid of the bridges by default.

That clearly raises the question which devices should be created
automatically by -M q35.  I think the devices which are part of the ich9
chipset should be there by default.  /me looks at my laptop which
happens to have a ich9 chipset.

> So 'lspci' goes from:
> 
> 00:00.0 Host bridge: Intel Corporation 82G33/G31/P35/P31 Express DRAM 
> Controller

Keep.

> 00:01.0 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)

That looks bogous.  Drop.

> 00:02.0 VGA compatible controller: Cirrus Logic GD 5446

Our default vga.

> 00:03.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet 
> Controller (rev 03)

Real ich9 has the e1000 @ 00:19.0, so it would make sense to place one
there.  Adding a default nic will probably create some headache though,
so maybe better don't.

> 00:17.0 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)
> 00:18.0 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)

Looks bogous too, drop.

> 00:1c.0 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)
> 00:1c.1 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)
> 00:1c.2 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)
> 00:1c.3 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)

Real ich9 has these, keep.

> 00:1c.4 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)
> 00:1c.5 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> Root Port 0 (rev 02)

Dunno.  Not present in my laptop, other chipset variants might have more
pcie ports though ...

> 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 92)

Present on real hardware, keep.

> 00:1f.0 ISA bridge: Intel Corporation 82801IB (ICH9) LPC Interface Controller 
> (rev 02)
> 00:1f.2 SATA controller: Intel Corporation 82801IR/IO/IH (ICH9R/DO/DH) 6 port 
> SATA AHCI Controller (rev 02)
> 00:1f.3 SMBus: Intel Corporation 82801I (ICH9 Family) SMBus Controller (rev 
> 02)

Keep.

> 03:00.0 PCI bridge: Texas Instruments XIO3130 PCI Express Switch (Upstream) 
> (rev 02)
> 04:00.0 PCI bridge: Texas Instruments XIO3130 PCI Express Switch (Downstream) 
> (rev 01)
> 0c:1c.0 PCI bridge: Digital Equipment Corporation DECchip 21154 (rev 05)
> 0c:1d.0 PCI bridge: Digital Equipment Corporation DECchip 21154 (rev 05)
> 0c:1e.0 PCI bridge: Digital Equipment Corporation DECchip 21154 (rev 05)
> 0c:1f.0 PCI bridge: Digital Equipment Corporation DECchip 21154 (rev 05)

Drop them.  I guess those are just there to simplify bridge device testing.

Real hardware also has:

00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio
Controller (rev 03)

Emulated by intel-hda.

00:1d.0 USB controller: Intel Corporation 82801I (ICH9 Family) USB UHCI
Controller #1 (rev 03)
00:1d.1 USB controller: Intel Corporation 82801I (ICH9 Family) USB UHCI
Controller #2 (rev 03)
00:1d.2 USB controller: Intel Corporation 82801I (ICH9 Family) USB UHCI
Controller #3 (rev 03)
00:1d.7 USB controller: Intel Corporation 82801I (ICH9 Family) USB2 EHCI
Controller #1 (rev 03)

We can emulate those too (see docs/docs/ich9-ehci-uhci.cfg).

I think we should add audio+usb to q35.

cheers,
  Gerd

[Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-helper

[Mike Lovell]

This makes a few changes to allow ifname to be specified when using
qemu-bridge-helper with both the bridge and tap network interfaces. It adds
the --ifname option to qemu-bridge-helper, removes the restriction that ifname
cannot be specified with helper for the tap interface, and adds logic to
specify the --ifname option when exec'ing the helper.

Signed-off-by: Mike Lovell 
---

This feature was originally requested by Mario De Chenno on the qemu-devel
mailing list. Seems pretty simple and figured it was something I could throw
together pretty quickly. I have tested the following combinations of invoking
qemu (where qbr is qemu-bridge-helper)

qemu-system-x86_64 -net nic -net tap,helper="qbr --br=test1"
qemu-system-x86_64 -net nic -net tap,helper="qbr --br=test1",ifname=vm1
qemu-system-x86_64 -net nic -net tap,helper=qbr
qemu-system-x86_64 -net nic -net tap,helper=qbr,ifname=vm1
qemu-system-x86_64 -net nic -net bridge,helper=qbr 
qemu-system-x86_64 -net nic -net bridge,helper=qbr,ifname=vm1
qemu-system-x86_64 -net nic -net bridge,helper=qbr,ifname=vm1,br=test1
qemu-system-x86_64 -net nic -net bridge,helper=qbr,br=test1

 net/tap.c|   39 ---
 qapi-schema.json |3 ++-
 qemu-bridge-helper.c |   10 +++---
 3 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/net/tap.c b/net/tap.c
index a88ae8f..cfb5bff 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -417,11 +417,13 @@ static int recv_fd(int c)
 return len;
 }
 
-static int net_bridge_run_helper(const char *helper, const char *bridge)
+static int net_bridge_run_helper(const char *helper,
+ const char *bridge,
+ const char *ifname)
 {
 sigset_t oldmask, mask;
 int pid, status;
-char *args[5];
+char *args[6];
 char **parg;
 int sv[2];
 
@@ -439,7 +441,9 @@ static int net_bridge_run_helper(const char *helper, const 
char *bridge)
 int open_max = sysconf(_SC_OPEN_MAX), i;
 char fd_buf[6+10];
 char br_buf[6+IFNAMSIZ] = {0};
-char helper_cmd[PATH_MAX + sizeof(fd_buf) + sizeof(br_buf) + 15];
+char ifname_buf[10+IFNAMSIZ] = {0};
+char helper_cmd[PATH_MAX + sizeof(fd_buf) + sizeof(br_buf) +
+sizeof(ifname_buf) + 15];
 
 for (i = 0; i < open_max; i++) {
 if (i != STDIN_FILENO &&
@@ -459,8 +463,13 @@ static int net_bridge_run_helper(const char *helper, const 
char *bridge)
 snprintf(br_buf, sizeof(br_buf), "%s%s", "--br=", bridge);
 }
 
-snprintf(helper_cmd, sizeof(helper_cmd), "%s %s %s %s",
- helper, "--use-vnet", fd_buf, br_buf);
+if ((strstr(helper, "--ifname=") == NULL) && (ifname != NULL)) {
+snprintf(ifname_buf, sizeof(ifname_buf), "%s%s" ,
+ "--ifname=", ifname);
+}
+
+snprintf(helper_cmd, sizeof(helper_cmd), "%s %s %s %s %s",
+ helper, "--use-vnet", fd_buf, br_buf, ifname_buf);
 
 parg = args;
 *parg++ = (char *)"sh";
@@ -473,12 +482,17 @@ static int net_bridge_run_helper(const char *helper, 
const char *bridge)
 /* assume helper is just the executable path name */
 
 snprintf(br_buf, sizeof(br_buf), "%s%s", "--br=", bridge);
+if (ifname != NULL) {
+snprintf(ifname_buf, sizeof(ifname_buf), "%s%s" ,
+ "--ifname=", ifname);
+}
 
 parg = args;
 *parg++ = (char *)helper;
 *parg++ = (char *)"--use-vnet";
 *parg++ = fd_buf;
 *parg++ = br_buf;
+*parg++ = ifname_buf;
 *parg++ = NULL;
 
 execv(helper, args);
@@ -517,7 +531,7 @@ int net_init_bridge(const NetClientOptions *opts, const 
char *name,
 NetClientState *peer)
 {
 const NetdevBridgeOptions *bridge;
-const char *helper, *br;
+const char *helper, *br, *ifname;
 
 TAPState *s;
 int fd, vnet_hdr;
@@ -527,8 +541,9 @@ int net_init_bridge(const NetClientOptions *opts, const 
char *name,
 
 helper = bridge->has_helper ? bridge->helper : DEFAULT_BRIDGE_HELPER;
 br = bridge->has_br ? bridge->br : DEFAULT_BRIDGE_INTERFACE;
+ifname = bridge->has_ifname ? bridge->ifname : NULL;
 
-fd = net_bridge_run_helper(helper, br);
+fd = net_bridge_run_helper(helper, br, ifname);
 if (fd == -1) {
 return -1;
 }
@@ -622,14 +637,16 @@ int net_init_tap(const NetClientOptions *opts, const char 
*name,
 model = "tap";
 
 } else if (tap->has_helper) {
-if (tap->has_ifname || tap->has_script || tap->has_downscript ||
-tap->has_vnet_hdr) {
-error_report("ifname=, script=, downscript=, and vnet_hdr= "
+if (tap->has_script || tap->has_downscript || tap->has_vnet_hdr) {
+error_report("script=, dow

Re: [Qemu-devel] Build the qemu with spice support return error

[Gerd Hoffmann]

  Hi,

> I have pull the latest source code and it still can not work,so I think
> the qxl.h need updated in the master ref? right?

spice-protocol is too old and needs to be updated.  Pending spice pull
has patches to make sure spice-protocol and spice-server are recent enougth.

cheers,
  Gerd

[Qemu-devel] [PATCH v2] chardev: Use timer instead of bottom-half to postpone open event

[Jan Kiszka]

As the block layer may decide to flush bottom-halfs while the machine is
still initializing (e.g. to read geometry data from the disk), our
postponed open event may be processed before the last frontend
registered with a muxed chardev.

Until the semantics of BHs have been clarified, use an expired timer to
achieve the same effect (suggested by Paolo Bonzini). This requires to
perform the alarm timer initialization earlier as otherwise timer
subsystem can be used before being ready.

Signed-off-by: Jan Kiszka 
---

Changes in v2:
 - Move init_alarm_timer call to fix e.g. -monitor stdio

 qemu-char.c |   13 +++--
 qemu-char.h |2 +-
 vl.c|   10 +-
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index b082bae..d8eed21 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -123,19 +123,20 @@ void qemu_chr_be_event(CharDriverState *s, int event)
 s->chr_event(s->handler_opaque, event);
 }
 
-static void qemu_chr_generic_open_bh(void *opaque)
+static void qemu_chr_fire_open_event(void *opaque)
 {
 CharDriverState *s = opaque;
 qemu_chr_be_event(s, CHR_EVENT_OPENED);
-qemu_bh_delete(s->bh);
-s->bh = NULL;
+qemu_free_timer(s->open_timer);
+s->open_timer = NULL;
 }
 
 void qemu_chr_generic_open(CharDriverState *s)
 {
-if (s->bh == NULL) {
-   s->bh = qemu_bh_new(qemu_chr_generic_open_bh, s);
-   qemu_bh_schedule(s->bh);
+if (s->open_timer == NULL) {
+s->open_timer = qemu_new_timer_ms(vm_clock,
+  qemu_chr_fire_open_event, s);
+qemu_mod_timer(s->open_timer, qemu_get_clock_ms(vm_clock) - 1);
 }
 }
 
diff --git a/qemu-char.h b/qemu-char.h
index 486644b..297dd98 100644
--- a/qemu-char.h
+++ b/qemu-char.h
@@ -69,7 +69,7 @@ struct CharDriverState {
 void (*chr_guest_open)(struct CharDriverState *chr);
 void (*chr_guest_close)(struct CharDriverState *chr);
 void *opaque;
-QEMUBH *bh;
+QEMUTimer *open_timer;
 char *label;
 char *filename;
 int opened;
diff --git a/vl.c b/vl.c
index 5b357a3..586773c 100644
--- a/vl.c
+++ b/vl.c
@@ -3439,6 +3439,11 @@ int main(int argc, char **argv, char **envp)
 add_device_config(DEV_VIRTCON, "vc:80Cx24C");
 }
 
+if (init_timer_alarm() < 0) {
+fprintf(stderr, "could not initialize alarm timer\n");
+exit(1);
+}
+
 socket_init();
 
 if (qemu_opts_foreach(qemu_find_opts("chardev"), chardev_init_func, NULL, 
1) != 0)
@@ -3506,11 +3511,6 @@ int main(int argc, char **argv, char **envp)
 
 os_set_line_buffering();
 
-if (init_timer_alarm() < 0) {
-fprintf(stderr, "could not initialize alarm timer\n");
-exit(1);
-}
-
 #ifdef CONFIG_SPICE
 /* spice needs the timers to be initialized by this point */
 qemu_spice_init();
-- 
1.7.3.4

Re: [Qemu-devel] Silent filesystem/qcow2 corruptions with qemu-kvm-1.0 and 1.1.1

[Stefan Hajnoczi]

On Thu, Oct 11, 2012 at 03:33:23PM +0200, Tiziano Müller wrote:
> One test case was:
> * xfs_repair /dev/vda2 -> corruptions found and fixed
> * xfs_repair /dev/vda2 -> no corruptions found

>From here...

> * mount /dev/vda2 /mnt/something
> * find /mnt/something > /dev/null
> * umount /mnt/something

...to here is mostly read-only.

> * xfs_repair /dev/vda2 -> corruptions found again

And yet corruptions are reported inside the guest!

Can you retry with "mount -o ro" just for sanity?  If you still see
corruptions when the device was mounted read-only, then perhaps the
mount/find/umount sequence itself is innocent.

Have you tried raw image files?  In other words, do you know that the
corruption only happens with qcow2?

Stefan

Re: [Qemu-devel] [RFC 3/7] block: bdrv_img_create(): move param printing to qemu-img

[Paolo Bonzini]

Il 11/10/2012 23:27, Luiz Capitulino ha scritto:
> bdrv_img_create() is being used by the transaction QMP command and
> therefore shouldn't print directly to the user.
> 
> Move the param printing to qemu-img instead. Has the side effect of
> only printing it when the bdrv_img_create() call succeeds, otherwise
> we can print errors before the action being taken, eg:
> 
>~/work/virt/ ./qemu-img create -f qcow2 /foo/foo 10G
>qemu-img: /foo/foo: error while creating qcow2: No such file or directory
>Formatting '/foo/foo', fmt=qcow2 size=10737418240 encryption=off 
> cluster_size=65536 lazy_refcounts=off

It is a small regression with -monitor stdio (and also with QMP it
doesn't appear anymore in the logs).  Do we care?  What alternatives
exist besides writing a QAPI key-value store and converting the output
QEMUOptionParameters to it (which I'm not suggesting to do)?

Paolo

> Signed-off-by: Luiz Capitulino 
> ---
>  block.c|  4 
>  qemu-img.c | 10 +-
>  2 files changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/block.c b/block.c
> index 13cf04d..235423e 100644
> --- a/block.c
> +++ b/block.c
> @@ -4411,10 +4411,6 @@ int bdrv_img_create(const char *filename, const char 
> *fmt,
>  }
>  }
>  
> -printf("Formatting '%s', fmt=%s ", filename, fmt);
> -print_option_parameters(param);
> -puts("");
> -
>  ret = bdrv_create(drv, filename, param);
>  
>  if (ret < 0) {
> diff --git a/qemu-img.c b/qemu-img.c
> index b841012..ac66459 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -301,6 +301,7 @@ static int img_create(int argc, char **argv)
>  const char *filename;
>  const char *base_filename = NULL;
>  char *options = NULL;
> +QEMUOptionParameter *params = NULL;
>  
>  for(;;) {
>  c = getopt(argc, argv, "F:b:f:he6o:");
> @@ -362,7 +363,14 @@ static int img_create(int argc, char **argv)
>  }
>  
>  ret = bdrv_img_create(filename, fmt, base_filename, base_fmt,
> -  options, img_size, BDRV_O_FLAGS, NULL);
> +  options, img_size, BDRV_O_FLAGS, ¶ms);
> +if (ret == 0 && params) {
> +printf("Formatting '%s', fmt=%s ", filename, fmt);
> +print_option_parameters(params);
> +free_option_parameters(params);
> +puts("");
> +}
> +
>  out:
>  if (ret) {
>  return 1;
> 

Re: [Qemu-devel] [PATCH v2 2/3] monitor: Enable adding an inherited fd to an fd set

[Kevin Wolf]

Am 11.10.2012 17:04, schrieb Corey Bryant:
> 
> 
> On 10/11/2012 07:25 AM, Kevin Wolf wrote:
>> Am 10.10.2012 16:20, schrieb Corey Bryant:
>>> qmp_add_fd() gets an fd that was received over a socket with
>>> SCM_RIGHTS and adds it to an fd set.  This patch adds support
>>> that will enable adding an fd that was inherited on the
>>> command line to an fd set.
>>>
>>> This patch also prevents removal of an fd from an fd set during
>>> initialization.  This allows the fd to remain in the fd set after
>>> probing of the image file.
>>
>> "This patch also..." usually means that it should be split in two
>> patches. Though in this case I'd vote for immediately dropping the
>> second patch again: This makes the probing work with file descriptors
>> using a hack for a certain situation (namely qemu startup) and leaves
>> other cases (like hotplug) broken.
> 
> I don't think hotplug is broken.  In that case the fd will only be 
> removed from the fd set if the following is true:
> 
> (mon_fdset_fd->removed || (QLIST_EMPTY(&mon_fdset->dup_fds) && 
> mon_refcount == 0))
> 
> We can ignore the removed part for now.  What's important here is that 
> if there are no dup_fd references and there is at least one monitor 
> connected, an fd will *not* be removed.

Ah yes, that's the part I missed.

Then your approach of special-casing the command line is probably okay,
though I'd still want to change the probing mechanism to avoid the
reopen. Seems I need to find a better excuse to make someone do it. Meh. ;-)

Kevin

Re: [Qemu-devel] [PATCH 1/2] hw/armv7m_nvic: Implement byte read/write for NVIC SCB_SHPRx registers

[Peter Maydell]

On 12 October 2012 06:43, Andre Beckus  wrote:
> Yes, I was being lazy.  Now that I think about it, we could handle all
> sizes with one block of code directly in the nvic_sysreg_read and
> nvic_sysreg_write functions - the write would look like this:
>
> for(i = 0; i < size; i++) {
> s->gic.priority1[(offset - 0xd14) + i][0] =
> (value >> (i * 8)) & 0xff;
> }
>
> Then the writeb and readb functions would not be necessary and the SHPR
> code could be removed from the writel and readl functions.  What do you
> think?  Or is the goal to keep each access size isolated to its own
> function?

That sounds like a good idea; we already handle the ID registers in
these functions because they're multi-width accessible.

-- PMM

Re: [Qemu-devel] [RFC 0/7] block: bdrv_img_create(): propagate errors

[Paolo Bonzini]

Il 11/10/2012 23:26, Luiz Capitulino ha scritto:
> I'm calling this an RFC because I did it on hurry and it's almost untested,
> but I wanted to drop it for early review while I'm out for a public holiday :)
> 
> This should improve qmp_transaction() error messages on bdrv_img_create()
> failure quite a bit. Also, the "formatting" message is not printed to stdout
> anymore when in QMP.
> 
> Luiz Capitulino (6):
>   block: bdrv_img_create(): add param_ret argument
>   block: bdrv_img_create(): move param printing to qemu-img
>   block: bdrv_img_create(): add Error ** argument
>   qemu-img: img_create(): use Error object
>   qmp: qmp_transaction(): pass Error object to bdrv_img_create()
>   block: bdrv_img_create(): drop unused code
> 
> Paolo Bonzini (1):
>   error: add error_set_errno and error_setg_errno
> 
>  block.c| 69 
> +++---
>  block.h|  7 ---
>  blockdev.c | 13 ++--
>  error.c| 28 +
>  error.h|  9 
>  qemu-img.c | 18 +---
>  6 files changed, 93 insertions(+), 51 deletions(-)
> 

Looks good.  We could debate endlessly how to order the patches, but the
idea is fine.

Paolo

Re: [Qemu-devel] [PATCH] net: Allow specifying ifname for qemu-bridge-helper

[Michael Tokarev]

On 12.10.2012 10:49, Mike Lovell wrote:
>  /* request a tap device, disable PI, and add vnet header support if
> - * requested and it's available. */
> -prep_ifreq(&ifr, "tap%d");
> + * requested and it's available. use ifname if provided for tap name. */
> +prep_ifreq(&ifr, ifname != NULL ? ifname : "tap%d");

Should we check for special symbols here? prep_ifreq() does this:

snprintf(ifr->ifr_name, IFNAMSIZ, "%s", ifname);

so at least it ensures we have length constraint.

Actually I'm not so sure anymore this is a good idea.
For example, system may have firewall (iptables) rules
in place for, say, future ppp interfaces for ppp clients,
and this way we may request the interface to be named
pppX and be allowed to send packets where we don't usually
have access to.

Maybe - at least - require some common prefix for the
interfaces created this way, so we'll live in our own,
easily distinguishable namespace -- like, qvif* (from
Qemu Virtual InterFace)?

This is not a simple question really.  And the whole
bridge helper is quite questionable too.

Thanks,

/mjt

Re: [Qemu-devel] Silent filesystem/qcow2 corruptions with qemu-kvm-1.0 and 1.1.1

[Stefan Hajnoczi]

On Thu, Oct 11, 2012 at 03:33:23PM +0200, Tiziano Müller wrote:
> Checking the image using `qemu-img check` then gives something like
> this:
> 
> ERROR OFLAG_COPIED: offset=3bc3 refcount=1
> ERROR offset=c7e331: Cluster is not properly aligned; L2 entry
> corrupted.

Is any other program accessing the qcow2 image on the host while the VM
is running?

For example, are you running qemu-img on the image while the VM is
running?

Stefan

Re: [Qemu-devel] [PATCH 2/2] hw/armv7m_nvic: Add global variable for SysTick external reference clock

[Peter Maydell]

On 12 October 2012 07:53, Andre Beckus  wrote:
> As a case study, the STM32 does have a reference clock.  It is simply
> the system clock divided by 8 (maybe not ARM's intention for it to be
> tied so closely to the system clock).  The documentation says the TENMS
> field is hardwired to 9000, which corresponds to a 1 ms period when the
> external reference clock is selected and the system clock is running at
> 72 Mhz.  So, the TENMS field will not be accurate if the system clock is
> running at a different frequency (the SKEW bit is hardwired to 1).

OK, so the board needs to be able to separately set all of:
 * TENMS calibration field
 * system clock
 * reference clock

> Looking at the big picture, it seems that QEMU could benefit from a new
> "clock line" type for handling clock signals.  They could be exposed by
> devices in a similar manner to GPIO lines (there would be both input and
> output clock lines).  I could see them being useful (at least in the
> microcontroller world) for passing clock signals back and forth between
> peripherals, interfacing timer peripherals to machines, setting
> oscillator frequencies, and serving as the plumbing for clock trees.  I
> know I had to do a lot of hacking with the STM32 implementation to
> propagate the clock controller's signals to the other peripherals.
>
> When I searched on the topic, I saw that you discussed/requested a
> common clock framework back in July (in regards to the an exynos4210
> patch).  Do you know if any progress was made?

I haven't seen anything since then... I agree that a 'clock line'
connection might be useful.

-- PMM

Re: [Qemu-devel] Silent filesystem/qcow2 corruptions with qemu-kvm-1.0 and 1.1.1

[Tiziano Müller]

Am Freitag, den 12.10.2012, 10:33 +0200 schrieb Stefan Hajnoczi:
> On Thu, Oct 11, 2012 at 03:33:23PM +0200, Tiziano Müller wrote:
> > Checking the image using `qemu-img check` then gives something like
> > this:
> > 
> > ERROR OFLAG_COPIED: offset=3bc3 refcount=1
> > ERROR offset=c7e331: Cluster is not properly aligned; L2 entry
> > corrupted.
> 
> Is any other program accessing the qcow2 image on the host while the VM
> is running?

> For example, are you running qemu-img on the image while the VM is
> running?

On some VMs we tried to extract filesystem snapshots at runtime:

  qemu-img convert -s snapshot-id original.qcow2 snapshot.qcow2

(yes, that's not consistent, we're switching to external snapshots).
But that should open the image read-only, right?

Other operations where the qemu-monitor-commands "savevm" and "delvm". 

Although: we created a new qcow2 and even in that the filesystem got
corrupted without any of the above actions. So we're pretty confident
that those operations are not the sole cause.


-- 
stepping stone GmbH
Neufeldstrasse 9
CH-3012 Bern
Telefon: +41 31 332 53 63
www.stepping-stone.ch
tiziano.muel...@stepping-stone.ch

Re: [Qemu-devel] Silent filesystem/qcow2 corruptions with qemu-kvm-1.0 and 1.1.1

[Tiziano Müller]

Am Freitag, den 12.10.2012, 10:28 +0200 schrieb Stefan Hajnoczi:
> On Thu, Oct 11, 2012 at 03:33:23PM +0200, Tiziano Müller wrote:
> > One test case was:
> > * xfs_repair /dev/vda2 -> corruptions found and fixed
> > * xfs_repair /dev/vda2 -> no corruptions found
> 
> From here...
> 
> > * mount /dev/vda2 /mnt/something
> > * find /mnt/something > /dev/null
> > * umount /mnt/something
> 
> ...to here is mostly read-only.
> 
> > * xfs_repair /dev/vda2 -> corruptions found again
> 
> And yet corruptions are reported inside the guest!
> 
> Can you retry with "mount -o ro" just for sanity?  If you still see
> corruptions when the device was mounted read-only, then perhaps the
> mount/find/umount sequence itself is innocent.

Will try as soon as possible. The problem is that we had that case twice
so far and no way to trigger it.

> 
> Have you tried raw image files?  In other words, do you know that the
> corruption only happens with qcow2?

Will do right now.

thanks a lot!

-- 
stepping stone GmbH
Neufeldstrasse 9
CH-3012 Bern
Telefon: +41 31 332 53 63
www.stepping-stone.ch
tiziano.muel...@stepping-stone.ch

Re: [Qemu-devel] [Qemu-trivial] [PATCH] vnc: fix "info vnc" with "-vnc ..., reverse=on"

[Stefan Hajnoczi]

On Wed, Oct 10, 2012 at 02:30:58PM +0200, Paolo Bonzini wrote:
> When reverse connection is in use, there is no active VNC server
> socket.  Because of this, getsockopt(-1, ...) is attempted and
> the following error is emitted:
> 
> $ socat TCP-LISTEN:5900,reuseaddr TCP-LISTEN:5901,reuseaddr &
> $ x86_64-softmmu/qemu-system-x86_64 -vnc localhost:5900,reverse -monitor 
> stdio
> QEMU 1.2.50 monitor - type 'help' for more information
> (qemu) info vnc
> An undefined error has occurred
> 
> Because however the host, family, service and auth fields are
> optional, we can just exit if there is no active server socket.
> 
> $ x86_64-softmmu/qemu-system-x86_64 -vnc localhost:5900,reverse -monitor 
> stdio
> QEMU 1.2.50 monitor - type 'help' for more information
> (qemu) info vnc
> Server:
> Client:
>  address: 127.0.0.1:5900
>   x509_dname: none
> username: none
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  ui/vnc.c | 4 
>  1 file modificato, 4 inserzioni(+)

Thanks, applied to the trivial patches tree:
https://github.com/stefanha/qemu/commits/trivial-patches

Stefan

[Qemu-devel] [PULL 0/3] Trivial patches for 6 to 12 October 2012

[Stefan Hajnoczi]

The following changes since commit b4ae3cfa57b8c1bdbbd7b7d420971e9171203ade:

  ssi: Add slave autoconnect helper (2012-10-10 11:13:32 +1000)

are available in the git repository at:

  git://github.com/stefanha/qemu.git trivial-patches

for you to fetch changes up to 417b0b88904fe1dd8c41bff8092dfbab0134d9cb:

  vnc: fix "info vnc" with "-vnc ..., reverse=on" (2012-10-12 10:55:37 +0200)


MORITA Kazutaka (1):
  sheepdog: use bool for boolean variables

Paolo Bonzini (1):
  vnc: fix "info vnc" with "-vnc ..., reverse=on"

Peter Maydell (1):
  configure: Tidy up remnants of non-64-bit physaddrs

 block/sheepdog.c | 70 
 configure|  2 --
 ui/vnc.c |  4 
 3 files changed, 39 insertions(+), 37 deletions(-)

-- 
1.7.11.4

[Qemu-devel] [PATCH 1/3] configure: Tidy up remnants of non-64-bit physaddrs

[Stefan Hajnoczi]

From: Peter Maydell 

Tidy up some remnants of code to support non-64-bit physaddrs
which were accidentally omitted from commit 4be403c8.

Signed-off-by: Peter Maydell 
Signed-off-by: Stefan Hajnoczi 
---
 configure | 2 --
 1 file changed, 2 deletions(-)

diff --git a/configure b/configure
index c4a7837..f1c56eb 100755
--- a/configure
+++ b/configure
@@ -3733,7 +3733,6 @@ case "$target_arch2" in
   ;;
   x86_64)
 TARGET_BASE_ARCH=i386
-target_phys_bits=64
 target_long_alignment=8
   ;;
   alpha)
@@ -3836,7 +3835,6 @@ case "$target_arch2" in
 target_long_alignment=8
   ;;
   unicore32)
-target_phys_bits=32
   ;;
   xtensa|xtensaeb)
 TARGET_ARCH=xtensa
-- 
1.7.11.4

[Qemu-devel] [PATCH 3/3] vnc: fix "info vnc" with "-vnc ..., reverse=on"

[Stefan Hajnoczi]

From: Paolo Bonzini 

When reverse connection is in use, there is no active VNC server
socket.  Because of this, getsockopt(-1, ...) is attempted and
the following error is emitted:

$ socat TCP-LISTEN:5900,reuseaddr TCP-LISTEN:5901,reuseaddr &
$ x86_64-softmmu/qemu-system-x86_64 -vnc localhost:5900,reverse -monitor 
stdio
QEMU 1.2.50 monitor - type 'help' for more information
(qemu) info vnc
An undefined error has occurred

Because however the host, family, service and auth fields are
optional, we can just exit if there is no active server socket.

$ x86_64-softmmu/qemu-system-x86_64 -vnc localhost:5900,reverse -monitor 
stdio
QEMU 1.2.50 monitor - type 'help' for more information
(qemu) info vnc
Server:
Client:
 address: 127.0.0.1:5900
  x509_dname: none
username: none

Signed-off-by: Paolo Bonzini 
Signed-off-by: Stefan Hajnoczi 
---
 ui/vnc.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/ui/vnc.c b/ui/vnc.c
index 01b2daf..33e6386 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -372,6 +372,10 @@ VncInfo *qmp_query_vnc(Error **errp)
 }
 }
 
+if (vnc_display->lsock == -1) {
+return info;
+}
+
 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
 &salen) == -1) {
 error_set(errp, QERR_UNDEFINED_ERROR);
-- 
1.7.11.4

[Qemu-devel] [PATCH 2/3] sheepdog: use bool for boolean variables

[Stefan Hajnoczi]

From: MORITA Kazutaka 

This improves readability.

Signed-off-by: MORITA Kazutaka 
Signed-off-by: Stefan Hajnoczi 
---
 block/sheepdog.c | 70 
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/block/sheepdog.c b/block/sheepdog.c
index f35ff5b..9306174 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -201,12 +201,12 @@ static inline uint64_t fnv_64a_buf(void *buf, size_t len, 
uint64_t hval)
 return hval;
 }
 
-static inline int is_data_obj_writable(SheepdogInode *inode, unsigned int idx)
+static inline bool is_data_obj_writable(SheepdogInode *inode, unsigned int idx)
 {
 return inode->vdi_id == inode->data_vdi_id[idx];
 }
 
-static inline int is_data_obj(uint64_t oid)
+static inline bool is_data_obj(uint64_t oid)
 {
 return !(VDI_BIT & oid);
 }
@@ -231,7 +231,7 @@ static inline uint64_t vid_to_data_oid(uint32_t vid, 
uint32_t idx)
 return ((uint64_t)vid << VDI_SPACE_SHIFT) | idx;
 }
 
-static inline int is_snapshot(struct SheepdogInode *inode)
+static inline bool is_snapshot(struct SheepdogInode *inode)
 {
 return !!inode->snap_ctime;
 }
@@ -281,7 +281,7 @@ struct SheepdogAIOCB {
 Coroutine *coroutine;
 void (*aio_done_func)(SheepdogAIOCB *);
 
-int canceled;
+bool canceled;
 int nr_pending;
 };
 
@@ -292,8 +292,8 @@ typedef struct BDRVSheepdogState {
 uint32_t max_dirty_data_idx;
 
 char name[SD_MAX_VDI_LEN];
-int is_snapshot;
-uint8_t cache_enabled;
+bool is_snapshot;
+bool cache_enabled;
 
 char *addr;
 char *port;
@@ -417,7 +417,7 @@ static void sd_aio_cancel(BlockDriverAIOCB *blockacb)
  */
 acb->ret = -EIO;
 qemu_coroutine_enter(acb->coroutine, NULL);
-acb->canceled = 1;
+acb->canceled = true;
 }
 
 static AIOPool sd_aio_pool = {
@@ -439,7 +439,7 @@ static SheepdogAIOCB *sd_aio_setup(BlockDriverState *bs, 
QEMUIOVector *qiov,
 acb->nb_sectors = nb_sectors;
 
 acb->aio_done_func = NULL;
-acb->canceled = 0;
+acb->canceled = false;
 acb->coroutine = qemu_coroutine_self();
 acb->ret = 0;
 acb->nr_pending = 0;
@@ -613,7 +613,7 @@ static int do_req(int sockfd, SheepdogReq *hdr, void *data,
 }
 
 static int coroutine_fn add_aio_request(BDRVSheepdogState *s, AIOReq *aio_req,
-   struct iovec *iov, int niov, int create,
+   struct iovec *iov, int niov, bool create,
enum AIOCBState aiocb_type);
 
 
@@ -646,7 +646,7 @@ static void coroutine_fn send_pending_req(BDRVSheepdogState 
*s, uint64_t oid)
 QLIST_REMOVE(aio_req, aio_siblings);
 QLIST_INSERT_HEAD(&s->inflight_aio_head, aio_req, aio_siblings);
 ret = add_aio_request(s, aio_req, acb->qiov->iov,
-  acb->qiov->niov, 0, acb->aiocb_type);
+  acb->qiov->niov, false, acb->aiocb_type);
 if (ret < 0) {
 error_report("add_aio_request is failed");
 free_aio_req(s, aio_req);
@@ -943,7 +943,7 @@ out:
 }
 
 static int coroutine_fn add_aio_request(BDRVSheepdogState *s, AIOReq *aio_req,
-   struct iovec *iov, int niov, int create,
+   struct iovec *iov, int niov, bool create,
enum AIOCBState aiocb_type)
 {
 int nr_copies = s->inode.nr_copies;
@@ -1022,7 +1022,7 @@ static int coroutine_fn add_aio_request(BDRVSheepdogState 
*s, AIOReq *aio_req,
 
 static int read_write_object(int fd, char *buf, uint64_t oid, int copies,
  unsigned int datalen, uint64_t offset,
- int write, int create, uint8_t cache)
+ bool write, bool create, bool cache)
 {
 SheepdogObjReq hdr;
 SheepdogObjRsp *rsp = (SheepdogObjRsp *)&hdr;
@@ -1071,18 +1071,18 @@ static int read_write_object(int fd, char *buf, 
uint64_t oid, int copies,
 }
 
 static int read_object(int fd, char *buf, uint64_t oid, int copies,
-   unsigned int datalen, uint64_t offset, uint8_t cache)
+   unsigned int datalen, uint64_t offset, bool cache)
 {
-return read_write_object(fd, buf, oid, copies, datalen, offset, 0, 0,
- cache);
+return read_write_object(fd, buf, oid, copies, datalen, offset, false,
+ false, cache);
 }
 
 static int write_object(int fd, char *buf, uint64_t oid, int copies,
-unsigned int datalen, uint64_t offset, int create,
-uint8_t cache)
+unsigned int datalen, uint64_t offset, bool create,
+bool cache)
 {
-return read_write_object(fd, buf, oid, copies, datalen, offset, 1, create,
- cache);
+return read_write_object(fd, buf, oid, copies, datalen, offset, true,
+ create, cache);
 }
 
 static int sd_open(Block

[Qemu-devel] [PATCH 5/7] usb-serial: don't magically zap chardev on umplug

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-serial.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/usb/dev-serial.c b/hw/usb/dev-serial.c
index 69b6e48..43214cd 100644
--- a/hw/usb/dev-serial.c
+++ b/hw/usb/dev-serial.c
@@ -421,7 +421,7 @@ static void usb_serial_handle_destroy(USBDevice *dev)
 {
 USBSerialState *s = (USBSerialState *)dev;
 
-qemu_chr_delete(s->cs);
+qemu_chr_add_handlers(s->cs, NULL, NULL, NULL, NULL);
 }
 
 static int usb_serial_can_read(void *opaque)
-- 
1.7.1

[Qemu-devel] [PATCH 2/7] serial: add pci variant

[Gerd Hoffmann]

So we get a hot-pluggable 16550 uart.

Signed-off-by: Gerd Hoffmann 
---
 default-configs/pci.mak |2 +
 hw/Makefile.objs|1 +
 hw/pci_ids.h|1 +
 hw/serial-pci.c |  115 +++
 hw/serial.c |6 +++
 hw/serial.h |1 +
 6 files changed, 126 insertions(+), 0 deletions(-)
 create mode 100644 hw/serial-pci.c

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 69e18f1..ae9d1eb 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -19,3 +19,5 @@ CONFIG_IDE_PCI=y
 CONFIG_AHCI=y
 CONFIG_ESP=y
 CONFIG_ESP_PCI=y
+CONFIG_SERIAL=y
+CONFIG_SERIAL_PCI=y
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 16e7a1e..af4ab0c 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -21,6 +21,7 @@ common-obj-$(CONFIG_ESCC) += escc.o
 common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
 
 common-obj-$(CONFIG_SERIAL) += serial.o serial-isa.o
+common-obj-$(CONFIG_SERIAL_PCI) += serial-pci.o
 common-obj-$(CONFIG_PARALLEL) += parallel.o
 common-obj-$(CONFIG_I8254) += i8254_common.o i8254.o
 common-obj-$(CONFIG_PCSPK) += pcspk.o
diff --git a/hw/pci_ids.h b/hw/pci_ids.h
index 301bf1c..c017a79 100644
--- a/hw/pci_ids.h
+++ b/hw/pci_ids.h
@@ -37,6 +37,7 @@
 #define PCI_CLASS_BRIDGE_PCI 0x0604
 #define PCI_CLASS_BRIDGE_OTHER   0x0680
 
+#define PCI_CLASS_COMMUNICATION_SERIAL   0x0700
 #define PCI_CLASS_COMMUNICATION_OTHER0x0780
 
 #define PCI_CLASS_PROCESSOR_CO   0x0b40
diff --git a/hw/serial-pci.c b/hw/serial-pci.c
new file mode 100644
index 000..17247a8
--- /dev/null
+++ b/hw/serial-pci.c
@@ -0,0 +1,115 @@
+/*
+ * QEMU 16550A UART emulation
+ *
+ * Copyright (c) 2003-2004 Fabrice Bellard
+ * Copyright (c) 2008 Citrix Systems, Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/*
+ * pci-serial spec:
+ *pci region 0 is a io bar, 8 bytes long, with the 16550 uart mapped to it.
+ *interrupt is wired to pin A.
+ *
+ * [root@fedora ~]# lspci -vnse
+ * 00:0e.0 0700: 1b36:0002 (rev 01) (prog-if 00 [8250])
+ * Subsystem: 1af4:1100
+ * Physical Slot: 14
+ * Flags: fast devsel, IRQ 11
+ * I/O ports at c130 [size=8]
+ * Kernel driver in use: serial
+ */
+
+#include "serial.h"
+#include "pci.h"
+
+typedef struct PCISerialState {
+PCIDevice dev;
+SerialState state;
+} PCISerialState;
+
+static int serial_pci_init(PCIDevice *dev)
+{
+PCISerialState *pci = DO_UPCAST(PCISerialState, dev, dev);
+SerialState *s = &pci->state;
+
+s->baudbase = 115200;
+serial_init_core(s);
+
+pci->dev.config[PCI_INTERRUPT_PIN] = 0x01;
+s->irq = pci->dev.irq[0];
+
+memory_region_init_io(&s->io, &serial_io_ops, s, "serial", 8);
+pci_register_bar(&pci->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
+return 0;
+}
+
+static void serial_pci_exit(PCIDevice *dev)
+{
+PCISerialState *pci = DO_UPCAST(PCISerialState, dev, dev);
+SerialState *s = &pci->state;
+
+serial_exit_core(s);
+memory_region_destroy(&s->io);
+}
+
+static const VMStateDescription vmstate_pci_serial = {
+.name = "pci-serial",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields  = (VMStateField[]) {
+VMSTATE_PCI_DEVICE(dev, PCISerialState),
+VMSTATE_STRUCT(state, PCISerialState, 0, vmstate_serial, SerialState),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static Property serial_pci_properties[] = {
+DEFINE_PROP_CHR("chardev",  PCISerialState, state.chr),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void serial_pci_class_initfn(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+PCIDeviceClass *pc = PCI_DEVICE_CLASS(klass);
+pc->init = serial_pci_init;
+pc->exit = serial_pci_exit;
+pc->vendor_id = 0x1b36; /* Red Hat */
+pc->device_id = 0x0002;
+pc->revision = 1;
+pc->class_id = PCI_CLASS_COMMUNICATION_SER

Re: [Qemu-devel] [PATCH] isapc: Shadow ISA BIOS by default

[Jan Kiszka]

On 2012-10-08 20:52, Anthony Liguori wrote:
> Jan Kiszka  writes:
> 
>> On 2012-09-11 17:53, Jan Kiszka wrote:
>>> Our one and only BIOS depends on a writable shadowed BIOS in the ISA
>>> range. As we have no interface to control the write property, make that
>>> region writable by default.
>>>
>>> Signed-off-by: Jan Kiszka 
>>> ---
>>>
>>> This unbreaks isapc for TCG, and keep it working for KVM once it starts
>>> supporting read-only memslots.
>>>
>>>  hw/pc_sysfw.c |   13 +
>>>  1 files changed, 9 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/hw/pc_sysfw.c b/hw/pc_sysfw.c
>>> index b45f0ac..027d98a 100644
>>> --- a/hw/pc_sysfw.c
>>> +++ b/hw/pc_sysfw.c
>>> @@ -136,6 +136,7 @@ static void old_pc_system_rom_init(MemoryRegion 
>>> *rom_memory)
>>>  {
>>>  char *filename;
>>>  MemoryRegion *bios, *isa_bios;
>>> +void *isa_bios_ptr;
>>>  int bios_size, isa_bios_size;
>>>  int ret;
>>>  
>>> @@ -167,19 +168,23 @@ static void old_pc_system_rom_init(MemoryRegion 
>>> *rom_memory)
>>>  g_free(filename);
>>>  }
>>>  
>>> -/* map the last 128KB of the BIOS in ISA space */
>>> +/* Shadow the last 128KB of the BIOS in ISA space as RAM -
>>> + * Seabios depends on this */
>>>  isa_bios_size = bios_size;
>>>  if (isa_bios_size > (128 * 1024)) {
>>>  isa_bios_size = 128 * 1024;
>>>  }
>>>  isa_bios = g_malloc(sizeof(*isa_bios));
>>> -memory_region_init_alias(isa_bios, "isa-bios", bios,
>>> - bios_size - isa_bios_size, isa_bios_size);
>>> +memory_region_init_ram(isa_bios, "isa-bios", isa_bios_size);
>>> +vmstate_register_ram_global(isa_bios);
>>>  memory_region_add_subregion_overlap(rom_memory,
>>>  0x10 - isa_bios_size,
>>>  isa_bios,
>>>  1);
>>> -memory_region_set_readonly(isa_bios, true);
>>> +
>>> +/* copy ISA rom image from top of the ROM */
>>> +isa_bios_ptr = memory_region_get_ram_ptr(isa_bios);
>>> +rom_copy(isa_bios_ptr, (uint32_t)(-isa_bios_size), isa_bios_size);
>>>  
>>>  /* map all the bios at the top of memory */
>>>  memory_region_add_subregion(rom_memory,
>>>
>>
>> Ping. Or already queued?
> 
> I've got it queued now.  Thanks.

I'm withdrawing it: This breaks Windows 95 booting. For unknown reasons,
this nice OS decided to overwrite the F-segment during boot. That is
fine as long as it is properly protected. But it breaks under current
KVM and with the patch above for the isapc. So we need a firmware
interface to enable/disable write protection for this segment in isapc
mode, specifically as that machine targets these old OSes.

Jan

-- 
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux

Re: [Qemu-devel] Using PCI config space to indicate config location

[Michael S. Tsirkin]

On Fri, Oct 12, 2012 at 08:59:36AM +1030, Rusty Russell wrote:
> >> For writes, the standard seems to be a commit latch.  We could abuse the
> >> generation count for this: the driver writes to it to commit config
> >> changes.
> >
> > I think this will work. There are a couple of things that bother me:
> >
> > This assumes read accesses have no side effects, and these are sometimes 
> > handy.
> > Also the semantics for write aren't very clear to me.
> > I guess device must buffer data until generation count write?
> > This assumes the device has a buffer to store writes,
> > and it must track each byte written. I kind of dislike this
> > tracking of accessed bytes. Also, device would need to resolve conflicts
> > if any in some device specific way.
> 
> It should be trivial to implement: you keep a scratch copy of the config
> space, and copy it to the master copy when they hit the latch.
> 
> Implementation of this will show whether I've missed anything here, I
> think.

What I refer to: what happens if driver does:
- write offset 1
- write offset 3
- hit commit latch

?

-- 
MST

[Qemu-devel] [PATCH 1/7] serial: split serial.c

[Gerd Hoffmann]

Split serial.c into serial.c, serial.h and serial-isa.c.  While being at
creating a serial.h header file move the serial prototypes from pc.h to
the new serial.h.  The latter leads to s/pc.h/serial.h/ in tons of
boards which just want the serial bits from pc.h

Signed-off-by: Gerd Hoffmann 
---
 hw/Makefile.objs |2 +-
 hw/alpha_dp264.c |1 +
 hw/kzm.c |2 +-
 hw/mips_fulong2e.c   |1 +
 hw/mips_jazz.c   |1 +
 hw/mips_malta.c  |1 +
 hw/mips_mipssim.c|2 +-
 hw/mips_r4k.c|1 +
 hw/musicpal.c|2 +-
 hw/omap_uart.c   |3 +-
 hw/openrisc_sim.c|3 +-
 hw/pc.c  |1 +
 hw/pc.h  |   27 -
 hw/petalogix_ml605_mmu.c |2 +-
 hw/ppc/e500.c|2 +-
 hw/ppc405_uc.c   |2 +-
 hw/ppc440_bamboo.c   |2 +-
 hw/ppc_prep.c|1 +
 hw/pxa2xx.c  |2 +-
 hw/serial-isa.c  |  130 +
 hw/serial.c  |  143 ++
 hw/serial.h  |   73 +++
 hw/sm501.c   |2 +-
 hw/sun4u.c   |1 +
 hw/virtex_ml507.c|2 +-
 hw/xtensa_lx60.c |3 +-
 26 files changed, 232 insertions(+), 180 deletions(-)
 create mode 100644 hw/serial-isa.c
 create mode 100644 hw/serial.h

diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index 854faa9..16e7a1e 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -20,7 +20,7 @@ common-obj-$(CONFIG_M48T59) += m48t59.o
 common-obj-$(CONFIG_ESCC) += escc.o
 common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
 
-common-obj-$(CONFIG_SERIAL) += serial.o
+common-obj-$(CONFIG_SERIAL) += serial.o serial-isa.o
 common-obj-$(CONFIG_PARALLEL) += parallel.o
 common-obj-$(CONFIG_I8254) += i8254_common.o i8254.o
 common-obj-$(CONFIG_PCSPK) += pcspk.o
diff --git a/hw/alpha_dp264.c b/hw/alpha_dp264.c
index 5ea04c7..8ce04e5 100644
--- a/hw/alpha_dp264.c
+++ b/hw/alpha_dp264.c
@@ -15,6 +15,7 @@
 #include "mc146818rtc.h"
 #include "ide.h"
 #include "i8254.h"
+#include "serial.h"
 
 #define MAX_IDE_BUS 2
 
diff --git a/hw/kzm.c b/hw/kzm.c
index 68cd1b4..1f3082b 100644
--- a/hw/kzm.c
+++ b/hw/kzm.c
@@ -21,7 +21,7 @@
 #include "net.h"
 #include "sysemu.h"
 #include "boards.h"
-#include "pc.h" /* for the FPGA UART that emulates a 16550 */
+#include "serial.h"
 #include "imx.h"
 
 /* Memory map for Kzm Emulation Baseboard:
diff --git a/hw/mips_fulong2e.c b/hw/mips_fulong2e.c
index d4a8672..a3cb3ab 100644
--- a/hw/mips_fulong2e.c
+++ b/hw/mips_fulong2e.c
@@ -20,6 +20,7 @@
 
 #include "hw.h"
 #include "pc.h"
+#include "serial.h"
 #include "fdc.h"
 #include "net.h"
 #include "boards.h"
diff --git a/hw/mips_jazz.c b/hw/mips_jazz.c
index db927f1..d35cd54 100644
--- a/hw/mips_jazz.c
+++ b/hw/mips_jazz.c
@@ -26,6 +26,7 @@
 #include "mips.h"
 #include "mips_cpudevs.h"
 #include "pc.h"
+#include "serial.h"
 #include "isa.h"
 #include "fdc.h"
 #include "sysemu.h"
diff --git a/hw/mips_malta.c b/hw/mips_malta.c
index 632b466..8f73b1b 100644
--- a/hw/mips_malta.c
+++ b/hw/mips_malta.c
@@ -24,6 +24,7 @@
 
 #include "hw.h"
 #include "pc.h"
+#include "serial.h"
 #include "fdc.h"
 #include "net.h"
 #include "boards.h"
diff --git a/hw/mips_mipssim.c b/hw/mips_mipssim.c
index 830f635..0ee6756 100644
--- a/hw/mips_mipssim.c
+++ b/hw/mips_mipssim.c
@@ -27,7 +27,7 @@
 #include "hw.h"
 #include "mips.h"
 #include "mips_cpudevs.h"
-#include "pc.h"
+#include "serial.h"
 #include "isa.h"
 #include "net.h"
 #include "sysemu.h"
diff --git a/hw/mips_r4k.c b/hw/mips_r4k.c
index 967a76e..b3be80b 100644
--- a/hw/mips_r4k.c
+++ b/hw/mips_r4k.c
@@ -11,6 +11,7 @@
 #include "mips.h"
 #include "mips_cpudevs.h"
 #include "pc.h"
+#include "serial.h"
 #include "isa.h"
 #include "net.h"
 #include "sysemu.h"
diff --git a/hw/musicpal.c b/hw/musicpal.c
index f305e21..346fe41 100644
--- a/hw/musicpal.c
+++ b/hw/musicpal.c
@@ -15,7 +15,7 @@
 #include "net.h"
 #include "sysemu.h"
 #include "boards.h"
-#include "pc.h"
+#include "serial.h"
 #include "qemu-timer.h"
 #include "ptimer.h"
 #include "block.h"
diff --git a/hw/omap_uart.c b/hw/omap_uart.c
index 167d5c4..1c16a54 100644
--- a/hw/omap_uart.c
+++ b/hw/omap_uart.c
@@ -20,8 +20,7 @@
 #include "qemu-char.h"
 #include "hw.h"
 #include "omap.h"
-/* We use pc-style serial ports.  */
-#include "pc.h"
+#include "serial.h"
 #include "exec-memory.h"
 
 /* UARTs */
diff --git a/hw/openrisc_sim.c b/hw/openrisc_sim.c
index 55e97f0..e484613 100644
--- a/hw/openrisc_sim.c
+++ b/hw/openrisc_sim.c
@@ -21,7 +21,8 @@
 #include "hw.h"
 #include "boards.h"
 #include "elf.h"
-#include "pc.h"
+#include "serial.h"
+#include "net.h"
 #include "loader.h"
 #include "exec-memory.h"
 #include "sysemu.h"
diff --git a/hw/pc.c b/hw/pc.c
index 6c0722d..805e8ca 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -23,6 +23,7 @@
  */
 #include "hw.h"
 #include "pc.h"
+#inclu

Re: [Qemu-devel] [PATCH v2 21/21] q35: add acpi-based pci hotplug.

[Michael S. Tsirkin]

On Fri, Oct 12, 2012 at 09:27:02AM +0200, Gerd Hoffmann wrote:
>   Hi,
> 
> >> Yes. Reason I ask is because q35 is adding bridges by default now.
> >> Would it be possible to only add them if requested on command line by user
> >> instead? I realize some guests expect devices at specific slots
> >> but this does not apply to bridges I think?
> > 
> > I just tried out getting rid of the bridges by default.
> 
> That clearly raises the question which devices should be created
> automatically by -M q35.  I think the devices which are part of the ich9
> chipset should be there by default.  /me looks at my laptop which
> happens to have a ich9 chipset.

The reason this is a bad idea is very simple: we only have a way to add
devices not to remove them.  So if you miss a device which your guest
needs, it is easy to add, but there is no way to remove.

> > So 'lspci' goes from:
> > 
> > 00:00.0 Host bridge: Intel Corporation 82G33/G31/P35/P31 Express DRAM 
> > Controller
> 
> Keep.
> 
> > 00:01.0 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express 
> > Root Port 0 (rev 02)
> 
> That looks bogous.  Drop.
> 
> > 00:02.0 VGA compatible controller: Cirrus Logic GD 5446
> 
> Our default vga.
> 
> > 00:03.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet 
> > Controller (rev 03)
> 
> Real ich9 has the e1000 @ 00:19.0, so it would make sense to place one
> there.  Adding a default nic will probably create some headache though,
> so maybe better don't.

And that's just one example. And it's not really e1000 at all.
Fact is, we don't emulate real hardware exactly.
So let's have a minimal machine and if you want to add e1000 audio etc,
you can do this. We can even teach management to do it with friendly
UI as opposed to cryptic machine types.

-- 
MST

[Qemu-devel] [PATCH 7/7] chardev: add hotplug support.

[Gerd Hoffmann]

This patch adds chardev_add and chardev_del monitor commands.

chardev_del is pretty straight forward, it just takes an id argument and
zaps the chardev specified.

chardev_add is more tricky as there are tons of arguments for the
different backends.  The hmp version limited to the most common use
cases, especially when it comes to sockets:  You can only specify port
(tcp) or path (unix) and qemu will create a listening socket.  For
example this ...

   (qemu) chardev_add foo socket 42

... will do the same as ...

   -chardev socket,id=foo,port=42,server,nowait

on the qemu command line.

The qmp version has full support for everything the -chardev command
line switch can handle.  The implementation is pretty straight
forward: It just puts all arguments it got into a QemuOpts, then goes
call qemu_chr_new_from_opts().

Signed-off-by: Gerd Hoffmann 
---
 hmp-commands.hx  |   49 +++
 hmp.c|   39 
 hmp.h|2 +
 qapi-schema.json |   46 +
 qemu-char.c  |   74 ++
 qmp-commands.hx  |   61 
 6 files changed, 271 insertions(+), 0 deletions(-)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index e0b537d..e5590f4 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1404,6 +1404,55 @@ passed since 1970, i.e. unix epoch.
 ETEXI
 
 {
+.name   = "chardev_add",
+.args_type  = "id:s,backend:s,arg:s?",
+.params = "id backend [ name | port | path ]",
+.help   = "add chardev",
+.mhandler.cmd = hmp_chardev_add,
+},
+
+STEXI
+@item chardev_add id backend [ name | port | path ]
+@findex chardev_add
+
+Create chardev with the specified @var{id} and @var{backend}.  The hmp
+version is limited to a commonly used subset, if you need more control
+use qmp instead.
+
+If @var{backend} is 'spicevmc' @var{arg} is assumed to be the spice
+channel name.
+
+If @var{backend} is 'udp' @var{arg} is assumed to be a port number.
+
+If @var{backend} is 'socket' and @var{arg} starts with a digit the
+argument is assumed to be a port number and a tcp socket is created
+(in server mode).
+
+If @var{backend} is 'socket' and @var{arg} doesn't start with a digit
+@var{arg} is assumed to be a path and a unix socket is created (in
+server mode).
+
+In all other cases @var{arg} is assumed to be a path.
+
+ETEXI
+
+{
+.name   = "chardev_del",
+.args_type  = "id:s",
+.params = "id",
+.help   = "del chardev",
+.mhandler.cmd = hmp_chardev_del,
+},
+
+STEXI
+@item chardev_del id
+@findex chardev_del
+
+Removes the chardev @var{id}.
+
+ETEXI
+
+{
 .name   = "info",
 .args_type  = "item:s?",
 .params = "[subcommand]",
diff --git a/hmp.c b/hmp.c
index 70bdec2..e84d7f8 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1209,3 +1209,42 @@ void hmp_screen_dump(Monitor *mon, const QDict *qdict)
 qmp_screendump(filename, &err);
 hmp_handle_error(mon, &err);
 }
+
+void hmp_chardev_add(Monitor *mon, const QDict *qdict)
+{
+const char *backend = qdict_get_str(qdict, "backend");
+const char *arg = qdict_get_str(qdict, "arg");
+const char *id = qdict_get_str(qdict, "id");
+const char *path = NULL, *name = NULL, *port = NULL, *host = NULL;
+Error *err = NULL;
+
+if (arg) {
+if (strcmp(backend, "spicevmc") == 0) {
+name = arg;
+} else if (strcmp(backend, "udp") == 0) {
+port = arg;
+} else if (strcmp(backend, "socket") == 0 && isdigit(arg[0])) {
+port = arg;
+} else {
+path = arg;
+}
+}
+
+qmp_chardev_add(id, backend,
+path, name, host, port,
+true,  /* server  */
+false, /* wait*/
+false, /* ipv4 (only) */
+false, /* ipv6 (only) */
+false, /* telnet  */
+&err);
+hmp_handle_error(mon, &err);
+}
+
+void hmp_chardev_del(Monitor *mon, const QDict *qdict)
+{
+Error *err = NULL;
+qmp_chardev_del(qdict_get_str(qdict, "id"),
+&err);
+hmp_handle_error(mon, &err);
+}
diff --git a/hmp.h b/hmp.h
index 71ea384..080afaa 100644
--- a/hmp.h
+++ b/hmp.h
@@ -75,5 +75,7 @@ void hmp_getfd(Monitor *mon, const QDict *qdict);
 void hmp_closefd(Monitor *mon, const QDict *qdict);
 void hmp_send_key(Monitor *mon, const QDict *qdict);
 void hmp_screen_dump(Monitor *mon, const QDict *qdict);
+void hmp_chardev_add(Monitor *mon, const QDict *qdict);
+void hmp_chardev_del(Monitor *mon, const QDict *qdict);
 
 #endif
diff --git a/qapi-schema.json b/qapi-schema.json
index f9dbdae..98d92ad 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -2796,3 +2796,49 @@
 # Since: 0.14.0
 ##
 { 'command': 'screendump', 'data': {'filename': 'str'

Re: [Qemu-devel] [PATCH 7/7] chardev: add hotplug support.

[Paolo Bonzini]

Il 12/10/2012 11:26, Gerd Hoffmann ha scritto:
> This patch adds chardev_add and chardev_del monitor commands.
> 
> chardev_del is pretty straight forward, it just takes an id argument and
> zaps the chardev specified.
> 
> chardev_add is more tricky as there are tons of arguments for the
> different backends.  The hmp version limited to the most common use
> cases, especially when it comes to sockets:  You can only specify port
> (tcp) or path (unix) and qemu will create a listening socket.  For
> example this ...
> 
>(qemu) chardev_add foo socket 42
> 
> ... will do the same as ...
> 
>-chardev socket,id=foo,port=42,server,nowait

Why not

chardev_add socket,id=foo,port=42,server,nowait

?

> +{ 'command': 'chardev_add', 'data': {'id'  : 'str',
> + 'backend' : 'str',
> + 'path': 'str',
> + 'name': 'str',
> + 'host': 'str',
> + 'port': 'str',

You cannot pass NULLs via QMP, so these need to be optional.

I suggest that you implement the commands in a similar way as netdev_add.

Paolo

> + 'server'  : 'bool',
> + 'wait': 'bool',
> + 'ipv4': 'bool',
> + 'ipv6': 'bool',
> + 'telnet'  : 'bool' } }
> +
> +##
> +# @chardev_del:
> +#
> +# Remove a chardev
> +#
> +# @id: the chardev's ID, must exist and not be in use
> +#
> +# Returns: Nothing on success
> +#
> +# Since: 1.3.0
> +##
> +{ 'command': 'chardev_del', 'data': {'id': 'str'} }
> diff --git a/qemu-char.c b/qemu-char.c
> index b082bae..2f9d860 100644
> --- a/qemu-char.c
> +++ b/qemu-char.c
> @@ -2900,3 +2900,77 @@ CharDriverState *qemu_char_get_next_serial(void)
>  return serial_hds[next_serial++];
>  }
>  
> +void qmp_chardev_add(const char *id, const char *backend,
> + const char *path, const char *name,
> + const char *host, const char *port,
> + bool server, bool wait,
> + bool ipv4, bool ipv6,
> + bool telnet, Error **errp)
> +{
> +CharDriverState *chr;
> +QemuOpts *opts;
> +
> +chr = qemu_chr_find(id);
> +if (NULL != chr) {
> +error_setg(errp, "Chardev id '%s' exists already\n", id);
> +return;
> +}
> +
> +opts = qemu_opts_create(qemu_find_opts("chardev"), id, 1, errp);
> +if (error_is_set(errp)) {
> +return;
> +}
> +qemu_opt_set(opts, "backend", backend);
> +if (path) {
> +qemu_opt_set(opts, "path", path);
> +}
> +if (name) {
> +qemu_opt_set(opts, "name", name);
> +}
> +if (host) {
> +qemu_opt_set(opts, "host", host);
> +}
> +if (port) {
> +qemu_opt_set(opts, "port", port);
> +}
> +if (server) {
> +qemu_opt_set(opts, "server", "on");
> +}
> +if (!wait) {
> +qemu_opt_set(opts, "wait", "off");
> +}
> +if (ipv4) {
> +qemu_opt_set(opts, "ipv4", "on");
> +}
> +if (ipv6) {
> +qemu_opt_set(opts, "ipv6", "on");
> +}
> +if (telnet) {
> +qemu_opt_set(opts, "telnet", "on");
> +}
> +
> +chr = qemu_chr_new_from_opts(opts, NULL);
> +qemu_opts_del(opts);
> +
> +if (chr == NULL) {
> +error_setg(errp, "Creating chardev failed\n");
> +return;
> +}
> +}
> +
> +void qmp_chardev_del(const char *id, Error **errp)
> +{
> +CharDriverState *chr;
> +
> +chr = qemu_chr_find(id);
> +if (NULL == chr) {
> +error_setg(errp, "Chardev '%s' not found\n", id);
> +return;
> +}
> +if (chr->chr_can_read || chr->chr_read ||
> +chr->chr_event || chr->handler_opaque) {
> +error_setg(errp, "Chardev '%s' is busy\n", id);
> +return;
> +}
> +qemu_chr_delete(chr);
> +}
> diff --git a/qmp-commands.hx b/qmp-commands.hx
> index 2f8477e..b904df2 100644
> --- a/qmp-commands.hx
> +++ b/qmp-commands.hx
> @@ -2576,3 +2576,64 @@ EQMP
>  .args_type  = "",
>  .mhandler.cmd_new = qmp_marshal_input_query_target,
>  },
> +
> +{
> +.name   = "chardev_add",
> +.args_type  = "",
> +.mhandler.cmd_new = qmp_marshal_input_chardev_add,
> +},
> +
> +SQMP
> +chardev_add
> +---
> +
> +Add a chardev.
> +
> +Arguments:
> +
> +- "id": the chardev's ID, must be unique (json-string)
> +- "backend": the chardev backend: "file", "socket", ... (json-string)
> +- "path": file / device / unix socket path (json-string, optional)
> +- "name": spice channel name (json-string, optional)
> +- "host": host name (json-string, optional)
> +- "port": port number (json-string, optional)
> +- "server": create socket in server mode (json-bool, optional)
> +- "wait": wait for connect 

Re: [Qemu-devel] [PULL 0/7] serial device hotplug patch series.

[Paolo Bonzini]

Il 12/10/2012 11:25, Gerd Hoffmann ha scritto:
> Final patch adds chardev hotplug to the mix, which makes the other
> patches alot more useful.  It is the missing bit needed to really
> hotplug serial devices:
> 
>(qemu) chardev_add pciserial file /root/hotchardev.log
>(qemu) device_add pci-serial,chardev=pciserial,id=pciserial
> 
> And the reverse:
> 
>(qemu) device_del pciserial
>(qemu) chardev_del pciserial
> 
> please review & pull,

I think the last patch is not ready, please wait for Luiz's review too.

>   Gerd
> 
> The following changes since commit b4ae3cfa57b8c1bdbbd7b7d420971e9171203ade:
> 
>   ssi: Add slave autoconnect helper (2012-10-10 11:13:32 +1000)
> 
> are available in the git repository at:
>   git://git.kraxel.org/qemu serial.1
> 
> Gerd Hoffmann (7):
>   serial: split serial.c
>   serial: add pci variant
>   serial: add windows inf file for the pci card to docs
>   serial: add 2x + 4x pci variant
>   usb-serial: don't magically zap chardev on umplug
>   usb-serial: only expose device in guest when the chardev is open
>   chardev: add hotplug support.

Re: [Qemu-devel] Using PCI config space to indicate config location

[Rusty Russell]

"Michael S. Tsirkin"  writes:
> On Fri, Oct 12, 2012 at 08:59:36AM +1030, Rusty Russell wrote:
>> >> For writes, the standard seems to be a commit latch.  We could abuse the
>> >> generation count for this: the driver writes to it to commit config
>> >> changes.
>> >
>> > I think this will work. There are a couple of things that bother me:
>> >
>> > This assumes read accesses have no side effects, and these are sometimes 
>> > handy.
>> > Also the semantics for write aren't very clear to me.
>> > I guess device must buffer data until generation count write?
>> > This assumes the device has a buffer to store writes,
>> > and it must track each byte written. I kind of dislike this
>> > tracking of accessed bytes. Also, device would need to resolve conflicts
>> > if any in some device specific way.
>> 
>> It should be trivial to implement: you keep a scratch copy of the config
>> space, and copy it to the master copy when they hit the latch.
>> 
>> Implementation of this will show whether I've missed anything here, I
>> think.
>
> What I refer to: what happens if driver does:
> - write offset 1
> - write offset 3
> - hit commit latch

- nothing
- nothing
- effect of offset 1 and offset 3 writes

Now, since there's nothing published by the *driver* at the moment
which can't be trivially atomically written, this scheme is overkill
(sure, it means you could do a byte-at-a-time write to some 4-byte
field, but why?).

But perhaps it's overkill: no other bus has this feature, so we'd need a
feature bit for them anyway in future if we create a device which needs
such atomicity.

Cheers,
Rusty.

[Qemu-devel] [PULL 0/7] serial device hotplug patch series.

[Gerd Hoffmann]

  Hi,

This patch series tackles serial device hotplug.

The first four patches have been on the list before, they implement
pci-serial devices featuring a hot-pluggable 16550 uart and got some
minor tweaks only.

The next two patches update the usb-serial device.  It will only show up
in the guest when the chardev is open.  You'll see the difference with
socket chardevs:  If you open the chardev (by connecting to the socket)
the device will show up in the guest, on close (disconnect) it will
disappear.

Final patch adds chardev hotplug to the mix, which makes the other
patches alot more useful.  It is the missing bit needed to really
hotplug serial devices:

   (qemu) chardev_add pciserial file /root/hotchardev.log
   (qemu) device_add pci-serial,chardev=pciserial,id=pciserial

And the reverse:

   (qemu) device_del pciserial
   (qemu) chardev_del pciserial

please review & pull,
  Gerd

The following changes since commit b4ae3cfa57b8c1bdbbd7b7d420971e9171203ade:

  ssi: Add slave autoconnect helper (2012-10-10 11:13:32 +1000)

are available in the git repository at:
  git://git.kraxel.org/qemu serial.1

Gerd Hoffmann (7):
  serial: split serial.c
  serial: add pci variant
  serial: add windows inf file for the pci card to docs
  serial: add 2x + 4x pci variant
  usb-serial: don't magically zap chardev on umplug
  usb-serial: only expose device in guest when the chardev is open
  chardev: add hotplug support.

 default-configs/pci.mak  |2 +
 docs/qemupciserial.inf   |  109 ++
 hmp-commands.hx  |   49 
 hmp.c|   39 +++
 hmp.h|2 +
 hw/Makefile.objs |3 +-
 hw/alpha_dp264.c |1 +
 hw/kzm.c |2 +-
 hw/mips_fulong2e.c   |1 +
 hw/mips_jazz.c   |1 +
 hw/mips_malta.c  |1 +
 hw/mips_mipssim.c|2 +-
 hw/mips_r4k.c|1 +
 hw/musicpal.c|2 +-
 hw/omap_uart.c   |3 +-
 hw/openrisc_sim.c|3 +-
 hw/pc.c  |1 +
 hw/pc.h  |   27 -
 hw/pci_ids.h |1 +
 hw/petalogix_ml605_mmu.c |2 +-
 hw/ppc/e500.c|2 +-
 hw/ppc405_uc.c   |2 +-
 hw/ppc440_bamboo.c   |2 +-
 hw/ppc_prep.c|1 +
 hw/pxa2xx.c  |2 +-
 hw/serial-isa.c  |  130 ++
 hw/serial-pci.c  |  272 ++
 hw/serial.c  |  149 ++---
 hw/serial.h  |   74 +
 hw/sm501.c   |2 +-
 hw/sun4u.c   |1 +
 hw/usb/dev-serial.c  |   21 +++-
 hw/virtex_ml507.c|2 +-
 hw/xtensa_lx60.c |3 +-
 qapi-schema.json |   46 
 qemu-char.c  |   74 +
 qmp-commands.hx  |   61 ++
 37 files changed, 913 insertions(+), 183 deletions(-)
 create mode 100644 docs/qemupciserial.inf
 create mode 100644 hw/serial-isa.c
 create mode 100644 hw/serial-pci.c
 create mode 100644 hw/serial.h

[Qemu-devel] [PATCH 4/7] serial: add 2x + 4x pci variant

[Gerd Hoffmann]

Add multiport serial card implementation, with two variants,
one featuring two and one featuring four ports.

Signed-off-by: Gerd Hoffmann 
---
 docs/qemupciserial.inf |2 +
 hw/serial-pci.c|  157 
 2 files changed, 159 insertions(+), 0 deletions(-)

diff --git a/docs/qemupciserial.inf b/docs/qemupciserial.inf
index c7cea99..3474310 100644
--- a/docs/qemupciserial.inf
+++ b/docs/qemupciserial.inf
@@ -11,6 +11,8 @@
 ; (Com+Lpt)" from the list.  Click "Have a disk".  Select this file.
 ; Procedure may vary a bit depending on the windows version.
 
+; FIXME: This file covers the single port version only.
+
 [Version]
 Signature="$CHICAGO$"
 Class=Ports
diff --git a/hw/serial-pci.c b/hw/serial-pci.c
index 17247a8..c89e8b0 100644
--- a/hw/serial-pci.c
+++ b/hw/serial-pci.c
@@ -28,6 +28,14 @@
  *pci region 0 is a io bar, 8 bytes long, with the 16550 uart mapped to it.
  *interrupt is wired to pin A.
  *
+ * pci-serial-4x spec:
+ *pci region 0 is a io bar, with four 16550 uarts mapped after each other,
+ *the first at offset 0, second at 8, third at 16 and fourth at 24.
+ *interrupt is wired to pin A.
+ *
+ * pci-serial-2x spec:
+ *same as pci-serial-4x but with two uarts only.
+ *
  * [root@fedora ~]# lspci -vnse
  * 00:0e.0 0700: 1b36:0002 (rev 01) (prog-if 00 [8250])
  * Subsystem: 1af4:1100
@@ -40,11 +48,23 @@
 #include "serial.h"
 #include "pci.h"
 
+#define PCI_SERIAL_MAX_PORTS 4
+
 typedef struct PCISerialState {
 PCIDevice dev;
 SerialState state;
 } PCISerialState;
 
+typedef struct PCIMultiSerialState {
+PCIDevicedev;
+MemoryRegion iobar;
+uint32_t ports;
+char *name[PCI_SERIAL_MAX_PORTS];
+SerialState  state[PCI_SERIAL_MAX_PORTS];
+uint32_t level[PCI_SERIAL_MAX_PORTS];
+qemu_irq *irqs;
+} PCIMultiSerialState;
+
 static int serial_pci_init(PCIDevice *dev)
 {
 PCISerialState *pci = DO_UPCAST(PCISerialState, dev, dev);
@@ -61,6 +81,56 @@ static int serial_pci_init(PCIDevice *dev)
 return 0;
 }
 
+static void multi_serial_irq_mux(void *opaque, int n, int level)
+{
+PCIMultiSerialState *pci = opaque;
+int i, pending = 0;
+
+pci->level[n] = level;
+for (i = 0; i < pci->ports; i++) {
+if (pci->level[i]) {
+pending = 1;
+}
+}
+qemu_set_irq(pci->dev.irq[0], pending);
+}
+
+static int multi_serial_pci_init(PCIDevice *dev)
+{
+PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
+PCIMultiSerialState *pci = DO_UPCAST(PCIMultiSerialState, dev, dev);
+SerialState *s;
+int i;
+
+switch (pc->device_id) {
+case 0x0003:
+pci->ports = 2;
+break;
+case 0x0004:
+pci->ports = 4;
+break;
+}
+assert(pci->ports > 0);
+assert(pci->ports <= PCI_SERIAL_MAX_PORTS);
+
+pci->dev.config[PCI_INTERRUPT_PIN] = 0x01;
+memory_region_init(&pci->iobar, "multiserial", 8 * pci->ports);
+pci_register_bar(&pci->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &pci->iobar);
+pci->irqs = qemu_allocate_irqs(multi_serial_irq_mux, pci,
+   pci->ports);
+
+for (i = 0; i < pci->ports; i++) {
+s = pci->state + i;
+s->baudbase = 115200;
+serial_init_core(s);
+s->irq = pci->irqs[i];
+pci->name[i] = g_strdup_printf("uart #%d", i+1);
+memory_region_init_io(&s->io, &serial_io_ops, s, pci->name[i], 8);
+memory_region_add_subregion(&pci->iobar, 8 * i, &s->io);
+}
+return 0;
+}
+
 static void serial_pci_exit(PCIDevice *dev)
 {
 PCISerialState *pci = DO_UPCAST(PCISerialState, dev, dev);
@@ -70,6 +140,22 @@ static void serial_pci_exit(PCIDevice *dev)
 memory_region_destroy(&s->io);
 }
 
+static void multi_serial_pci_exit(PCIDevice *dev)
+{
+PCIMultiSerialState *pci = DO_UPCAST(PCIMultiSerialState, dev, dev);
+SerialState *s;
+int i;
+
+for (i = 0; i < pci->ports; i++) {
+s = pci->state + i;
+serial_exit_core(s);
+memory_region_destroy(&s->io);
+g_free(pci->name[i]);
+}
+memory_region_destroy(&pci->iobar);
+qemu_free_irqs(pci->irqs);
+}
+
 static const VMStateDescription vmstate_pci_serial = {
 .name = "pci-serial",
 .version_id = 1,
@@ -81,11 +167,38 @@ static const VMStateDescription vmstate_pci_serial = {
 }
 };
 
+static const VMStateDescription vmstate_pci_multi_serial = {
+.name = "pci-serial-multi",
+.version_id = 1,
+.minimum_version_id = 1,
+.fields  = (VMStateField[]) {
+VMSTATE_PCI_DEVICE(dev, PCIMultiSerialState),
+VMSTATE_STRUCT_ARRAY(state, PCIMultiSerialState, PCI_SERIAL_MAX_PORTS,
+ 0, vmstate_serial, SerialState),
+VMSTATE_UINT32_ARRAY(level, PCIMultiSerialState, PCI_SERIAL_MAX_PORTS),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static Property serial_pci_properties[] = {
 DEFINE_PROP_CHR("chardev",  PCISerialState, sta

[Qemu-devel] [PATCH 6/7] usb-serial: only expose device in guest when the chardev is open

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 hw/usb/dev-serial.c |   19 +--
 1 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/hw/usb/dev-serial.c b/hw/usb/dev-serial.c
index 43214cd..a466f99 100644
--- a/hw/usb/dev-serial.c
+++ b/hw/usb/dev-serial.c
@@ -427,6 +427,10 @@ static void usb_serial_handle_destroy(USBDevice *dev)
 static int usb_serial_can_read(void *opaque)
 {
 USBSerialState *s = opaque;
+
+if (!s->dev.attached) {
+return 0;
+}
 return RECV_BUF - s->recv_used;
 }
 
@@ -469,8 +473,14 @@ static void usb_serial_event(void *opaque, int event)
 case CHR_EVENT_FOCUS:
 break;
 case CHR_EVENT_OPENED:
-usb_serial_reset(s);
-/* TODO: Reset USB port */
+if (!s->dev.attached) {
+usb_device_attach(&s->dev);
+}
+break;
+case CHR_EVENT_CLOSED:
+if (s->dev.attached) {
+usb_device_detach(&s->dev);
+}
 break;
 }
 }
@@ -481,6 +491,7 @@ static int usb_serial_initfn(USBDevice *dev)
 
 usb_desc_create_serial(dev);
 usb_desc_init(dev);
+dev->auto_attach = 0;
 
 if (!s->cs) {
 error_report("Property chardev is required");
@@ -490,6 +501,10 @@ static int usb_serial_initfn(USBDevice *dev)
 qemu_chr_add_handlers(s->cs, usb_serial_can_read, usb_serial_read,
   usb_serial_event, s);
 usb_serial_handle_reset(dev);
+
+if (s->cs->opened && !dev->attached) {
+usb_device_attach(dev);
+}
 return 0;
 }
 
-- 
1.7.1

Re: [Qemu-devel] Using PCI config space to indicate config location

[Michael S. Tsirkin]

On Fri, Oct 12, 2012 at 08:21:50PM +1030, Rusty Russell wrote:
> "Michael S. Tsirkin"  writes:
> > On Fri, Oct 12, 2012 at 08:59:36AM +1030, Rusty Russell wrote:
> >> >> For writes, the standard seems to be a commit latch.  We could abuse the
> >> >> generation count for this: the driver writes to it to commit config
> >> >> changes.
> >> >
> >> > I think this will work. There are a couple of things that bother me:
> >> >
> >> > This assumes read accesses have no side effects, and these are sometimes 
> >> > handy.
> >> > Also the semantics for write aren't very clear to me.
> >> > I guess device must buffer data until generation count write?
> >> > This assumes the device has a buffer to store writes,
> >> > and it must track each byte written. I kind of dislike this
> >> > tracking of accessed bytes. Also, device would need to resolve conflicts
> >> > if any in some device specific way.
> >> 
> >> It should be trivial to implement: you keep a scratch copy of the config
> >> space, and copy it to the master copy when they hit the latch.
> >> 
> >> Implementation of this will show whether I've missed anything here, I
> >> think.
> >
> > What I refer to: what happens if driver does:
> > - write offset 1
> > - write offset 3
> > - hit commit latch
> 
> - nothing
> - nothing
> - effect of offset 1 and offset 3 writes

OK so this means that you also need to track which bytes where written
in order to know to skip byte 2.
This is what I referred to. If instead we ask driver to specify
offset/length explicitly device only needs to remember that.

Not a big deal anyway, just pointing this out.

> Now, since there's nothing published by the *driver* at the moment
> which can't be trivially atomically written, this scheme is overkill
> (sure, it means you could do a byte-at-a-time write to some 4-byte
> field, but why?).
> 
> But perhaps it's overkill: no other bus has this feature, so we'd need a
> feature bit for them anyway in future if we create a device which needs
> such atomicity.
> 
> Cheers,
> Rusty.

[Qemu-devel] [PATCH 3/7] serial: add windows inf file for the pci card to docs

[Gerd Hoffmann]

Signed-off-by: Gerd Hoffmann 
---
 docs/qemupciserial.inf |  107 
 1 files changed, 107 insertions(+), 0 deletions(-)
 create mode 100644 docs/qemupciserial.inf

diff --git a/docs/qemupciserial.inf b/docs/qemupciserial.inf
new file mode 100644
index 000..c7cea99
--- /dev/null
+++ b/docs/qemupciserial.inf
@@ -0,0 +1,107 @@
+; qemupciserial.inf for QEMU, based on MSPORTS.INF
+
+; The driver itself is shipped with Windows (serial.sys).  This is
+; just a inf file to tell windows which pci id the serial pci card
+; emulated by qemu has, and to apply a name tag to it which windows
+; will show in the device manager.
+
+; Installing the driver: Go to device manager.  You should find a "pci
+; serial card" tagged with a yellow question mark.  Open properties.
+; Pick "update driver".  Then "select driver manually".  Pick "Ports
+; (Com+Lpt)" from the list.  Click "Have a disk".  Select this file.
+; Procedure may vary a bit depending on the windows version.
+
+[Version]
+Signature="$CHICAGO$"
+Class=Ports
+ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}
+Provider=%QEMU%
+DriverVer=09/24/2012,1.3.0
+
+[SourceDisksNames]
+3426=windows cd
+
+[SourceDisksFiles]
+serial.sys = 3426
+serenum.sys= 3426
+
+[DestinationDirs]
+DefaultDestDir  = 11;LDID_SYS
+ComPort.NT.Copy = 12;DIRID_DRIVERS
+SerialEnumerator.NT.Copy=12 ;DIRID_DRIVERS
+
+; Drivers
+;--
+[Manufacturer]
+%QEMU%=QEMU,NTx86
+
+[QEMU.NTx86]
+%QEMU-PCI_SERIAL.DeviceDesc% = ComPort, "PCI\VEN_1b36&DEV_0002&CC_0700"
+
+; COM sections
+;--
+[ComPort.AddReg]
+HKR,,PortSubClass,1,01
+
+[ComPort.NT]
+AddReg=ComPort.AddReg, ComPort.NT.AddReg
+LogConfig=caa
+SyssetupPnPFlags = 1
+
+[ComPort.NT.HW]
+AddReg=ComPort.NT.HW.AddReg
+
+[ComPort.NT.AddReg]
+HKR,,EnumPropPages32,,"MsPorts.dll,SerialPortPropPageProvider"
+
+[ComPort.NT.HW.AddReg]
+HKR,,"UpperFilters",0x0001,"serenum"
+
+;-- Service installation
+; Port Driver (function driver for this device)
+[ComPort.NT.Services]
+AddService = Serial, 0x0002, Serial_Service_Inst, Serial_EventLog_Inst
+AddService = Serenum,,Serenum_Service_Inst
+
+; -- Serial Port Driver install sections
+[Serial_Service_Inst]
+DisplayName= %Serial.SVCDESC%
+ServiceType= 1   ; SERVICE_KERNEL_DRIVER
+StartType  = 1   ; SERVICE_SYSTEM_START (this driver may do 
detection)
+ErrorControl   = 0   ; SERVICE_ERROR_IGNORE
+ServiceBinary  = %12%\serial.sys
+LoadOrderGroup = Extended base
+
+; -- Serenum Driver install section
+[Serenum_Service_Inst]
+DisplayName= %Serenum.SVCDESC%
+ServiceType= 1   ; SERVICE_KERNEL_DRIVER
+StartType  = 3   ; SERVICE_DEMAND_START
+ErrorControl   = 1   ; SERVICE_ERROR_NORMAL
+ServiceBinary  = %12%\serenum.sys
+LoadOrderGroup = PNP Filter
+
+[Serial_EventLog_Inst]
+AddReg = Serial_EventLog_AddReg
+
+[Serial_EventLog_AddReg]
+HKR,,EventMessageFile,0x0002,"%%SystemRoot%%\System32\IoLogMsg.dll;%%SystemRoot%%\System32\drivers\serial.sys"
+HKR,,TypesSupported,0x00010001,7
+
+; The following sections are COM port resource configs.
+; Section name format means:
+; Char 1 = c (COM port)
+; Char 2 = I/O config: 1 (3f8), 2 (2f8), 3 (3e8), 4 (2e8), a (any)
+; Char 3 = IRQ config: #, a (any)
+
+[caa]   ; Any base, any IRQ
+ConfigPriority=HARDRECONFIG
+IOConfig=8@100-%fff8(3ff::)
+IRQConfig=S:3,4,5,7,9,10,11,12,14,15
+
+[Strings]
+QEMU="QEMU"
+QEMU-PCI_SERIAL.DeviceDesc="QEMU Serial PCI Card"
+
+Serial.SVCDESC   = "Serial port driver"
+Serenum.SVCDESC = "Serenum Filter Driver"
-- 
1.7.1

Re: [Qemu-devel] [PATCH v2 21/21] q35: add acpi-based pci hotplug.

[Gerd Hoffmann]

  Hi,

>>> I just tried out getting rid of the bridges by default.
>>
>> That clearly raises the question which devices should be created
>> automatically by -M q35.  I think the devices which are part of the ich9
>> chipset should be there by default.  /me looks at my laptop which
>> happens to have a ich9 chipset.
> 
> The reason this is a bad idea is very simple: we only have a way to add
> devices not to remove them.  So if you miss a device which your guest
> needs, it is easy to add, but there is no way to remove.

Why would you want remove devices?  They don't harm when present.  And
you can't remove them on real hardware either.  Try ordering a ich9
without sound or usb ;)

>> Real ich9 has the e1000 @ 00:19.0, so it would make sense to place one
>> there.  Adding a default nic will probably create some headache though,
>> so maybe better don't.
> 
> And that's just one example.

It is problematic because the nic needs configuration and configuring a
builtin device is tricky.  Also our e1000 model isn't the ich9 one.

Most other chipset devices are not problematic at all as they are just
controllers where you can attach stuff to (and by default there isn't
anything attached).  This includes:

  * pcie ports (waiting for pcie devices plugged in).
  * ahci controller (waiting for disks/cdroms being attached).
  * intel-hda (waiting for audio coded (hda-*) being attached).
  * ehci+uhci (waiting for usb devices being plugged in).

The stuff being attached/plugged there needs configuration, but not the
controllers themself.

> Fact is, we don't emulate real hardware exactly.

But we try to.

> So let's have a minimal machine and if you want to add e1000 audio etc,
> you can do this. We can even teach management to do it with friendly
> UI as opposed to cryptic machine types.

/me disagrees.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH 7/7] chardev: add hotplug support.

[Gerd Hoffmann]

On 10/12/12 11:40, Paolo Bonzini wrote:
> Il 12/10/2012 11:26, Gerd Hoffmann ha scritto:
>> This patch adds chardev_add and chardev_del monitor commands.
>>
>> chardev_del is pretty straight forward, it just takes an id argument and
>> zaps the chardev specified.
>>
>> chardev_add is more tricky as there are tons of arguments for the
>> different backends.  The hmp version limited to the most common use
>> cases, especially when it comes to sockets:  You can only specify port
>> (tcp) or path (unix) and qemu will create a listening socket.  For
>> example this ...
>>
>>(qemu) chardev_add foo socket 42
>>
>> ... will do the same as ...
>>
>>-chardev socket,id=foo,port=42,server,nowait
> 
> Why not
> 
> chardev_add socket,id=foo,port=42,server,nowait
> 
> ?

Yea, maybe, but see below.

>> +{ 'command': 'chardev_add', 'data': {'id'  : 'str',
>> + 'backend' : 'str',
>> + 'path': 'str',
>> + 'name': 'str',
>> + 'host': 'str',
>> + 'port': 'str',
> 
> You cannot pass NULLs via QMP, so these need to be optional.

Fixed.

> I suggest that you implement the commands in a similar way as netdev_add.

Why?  Isn't the whole point of using josn is that you'll get the stuff
from the josn parser & marshaller in a usable form instead of having it
to feed into yet another parser?  I think the only reason netdev_add
exists in the current form is that it predates qmp.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v2 21/21] q35: add acpi-based pci hotplug.

[Michael S. Tsirkin]

On Fri, Oct 12, 2012 at 12:06:44PM +0200, Gerd Hoffmann wrote:
>   Hi,
> 
> >>> I just tried out getting rid of the bridges by default.
> >>
> >> That clearly raises the question which devices should be created
> >> automatically by -M q35.  I think the devices which are part of the ich9
> >> chipset should be there by default.  /me looks at my laptop which
> >> happens to have a ich9 chipset.
> > 
> > The reason this is a bad idea is very simple: we only have a way to add
> > devices not to remove them.  So if you miss a device which your guest
> > needs, it is easy to add, but there is no way to remove.
> 
> Why would you want remove devices?  They don't harm when present.

Yes they do, they increase attack surface on hypervisor.

-- 
MST

Re: [Qemu-devel] [PATCH 7/7] chardev: add hotplug support.

[Paolo Bonzini]

Il 12/10/2012 12:23, Gerd Hoffmann ha scritto:
>> I suggest that you implement the commands in a similar way as netdev_add.
> 
> Why?  Isn't the whole point of using josn is that you'll get the stuff
> from the josn parser & marshaller in a usable form instead of having it
> to feed into yet another parser?  I think the only reason netdev_add
> exists in the current form is that it predates qmp.

In principle you're right, but I think it's ugly that adding another
chardev argument needs changes in 3 places instead of just one.  (And
I'd like to add another argument soon enough...).

Paolo

Re: [Qemu-devel] [PATCH 4/6] linux-user: Rewrite __get_user/__put_user with __builtin_choose_expr

[Riku Voipio]

Hi,

On Thu, Oct 11, 2012 at 12:52:27PM -0700, Richard Henderson wrote:
> On 10/11/2012 12:22 PM, Richard Henderson wrote:
> > The previous formuation with multiple assignments to __typeof(*hptr) falls
> > down when hptr is qualified const.  E.g. with const struct S *p, p->f is
> > also qualified const.
> > 
> > With this formulation, there's no assignment to any local variable.
> > 
> > Signed-off-by: Richard Henderson 
 
> Scratch that... I lost the unaligned access capability.
> I'll have to re-work the patch.

I've just prepared the rest of your patch for pending pull request[1].
Since changing __get_user/__put_user impacts more than just sigaction,
do you mind if we put this patch (and thus sigaction change as well)
to a later pull request?

Riku

[1] 
http://git.linaro.org/gitweb?p=people/rikuvoipio/qemu.git;a=shortlog;h=refs/heads/linux-user-for-upstream

Re: [Qemu-devel] [PATCH 7/7] chardev: add hotplug support.

[Gerd Hoffmann]

On 10/12/12 12:50, Paolo Bonzini wrote:
> Il 12/10/2012 12:23, Gerd Hoffmann ha scritto:
>>> I suggest that you implement the commands in a similar way as netdev_add.
>>
>> Why?  Isn't the whole point of using josn is that you'll get the stuff
>> from the josn parser & marshaller in a usable form instead of having it
>> to feed into yet another parser?  I think the only reason netdev_add
>> exists in the current form is that it predates qmp.
> 
> In principle you're right, but I think it's ugly that adding another
> chardev argument needs changes in 3 places instead of just one.

Hmm, I don't have to use the generated marshaller, right?  With direct
access to the QDict I could just transform it into a QemuOpts.  A new
parameter wouldn't need code changes then.  And the code would be
reusable and probably also be simpler.  The qapi schema still needs an
update though.

HMP is more tricky, but I think we should sort QMP first.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH 7/7] chardev: add hotplug support.

[Paolo Bonzini]

Il 12/10/2012 13:15, Gerd Hoffmann ha scritto:
>> > In principle you're right, but I think it's ugly that adding another
>> > chardev argument needs changes in 3 places instead of just one.
> Hmm, I don't have to use the generated marshaller, right?  With direct
> access to the QDict I could just transform it into a QemuOpts.

That's exactly what I was suggesting. :P

> A new parameter wouldn't need code changes then.  And the code would be 
> reusable and probably also be simpler.  The qapi schema still needs
> an update though.

The QAPI schema is only used by the generated marshaller.

> HMP is more tricky, but I think we should sort QMP first.

HMP can just take a string, parse it into QemuOpts, and call a small
wrapper that calls qemu_chr_new_from_opts and returns errors via Error.

Paolo

[Qemu-devel] [PULL 0/9] arm-devs queue

[Peter Maydell]

Hi; this is a pullreq for the arm-devs queue. Contains my fix for
the various DS1338 bugs plus some other minor patches from various
people; please pull.

thanks
-- PMM

The following changes since commit b4ae3cfa57b8c1bdbbd7b7d420971e9171203ade:

  ssi: Add slave autoconnect helper (2012-10-10 11:13:32 +1000)

are available in the git repository at:

  git://git.linaro.org/people/pmaydell/qemu-arm.git arm-devs.for-upstream

for you to fetch changes up to fae15286751d8a8209724b14b62d065fe621:

  arm_gic: Rename gic_state to GICState (2012-10-12 11:54:39 +0100)


Evgeny Voevodin (1):
  hw/arm_gic.c: Fix improper DPRINTF output.

Jean-Christophe PLAGNIOL-VILLARD (1):
  versatilepb: add gpio pl061 support

Peter A. G. Crosthwaite (1):
  zynq_slcr: Fixed ResetValues enum

Peter Maydell (5):
  hw/ds1338: Fix mishandling of register pointer
  hw/ds1338: Recapture current time when register pointer wraps around
  hw/ds1338: Remove 'now' field from state struct
  hw/ds1338: Implement state save/restore
  arm_gic: Rename gic_state to GICState

Soren Brinkmann (1):
  cadence_ttc: Fix 'clear on read' behavior

 hw/arm_gic.c  |   46 +-
 hw/arm_gic_common.c   |   16 +++
 hw/arm_gic_internal.h |   20 
 hw/armv7m_nvic.c  |6 +--
 hw/cadence_ttc.c  |2 +-
 hw/ds1338.c   |  123 ++---
 hw/versatilepb.c  |5 ++
 hw/zynq_slcr.c|2 +-
 8 files changed, 137 insertions(+), 83 deletions(-)

[Qemu-devel] [PATCH 7/9] versatilepb: add gpio pl061 support

[Peter Maydell]

From: Jean-Christophe PLAGNIOL-VILLARD 

Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD 
Signed-off-by: Peter Maydell 
---
 hw/versatilepb.c |5 +
 1 file changed, 5 insertions(+)

diff --git a/hw/versatilepb.c b/hw/versatilepb.c
index b3f8077..7b1b025 100644
--- a/hw/versatilepb.c
+++ b/hw/versatilepb.c
@@ -266,6 +266,11 @@ static void versatile_init(ram_addr_t ram_size,
 sysbus_create_simple("sp804", 0x101e2000, pic[4]);
 sysbus_create_simple("sp804", 0x101e3000, pic[5]);
 
+sysbus_create_simple("pl061", 0x101e4000, pic[6]);
+sysbus_create_simple("pl061", 0x101e5000, pic[7]);
+sysbus_create_simple("pl061", 0x101e6000, pic[8]);
+sysbus_create_simple("pl061", 0x101e7000, pic[9]);
+
 /* The versatile/PB actually has a modified Color LCD controller
that includes hardware cursor support from the PL111.  */
 dev = sysbus_create_simple("pl110_versatile", 0x1012, pic[16]);
-- 
1.7.9.5

[Qemu-devel] [PATCH 1/9] cadence_ttc: Fix 'clear on read' behavior

[Peter Maydell]

From: Soren Brinkmann 

A missing call to qemu_set_irq() when reading the IRQ register
required SW to write to the IRQ register to acknowledge an
interrupt. With this patch the behavior is fixed:
 - Reading the interrupt register clears it and updates the timers
   interrupt status
 - Writes to the interrupt register are ignored

Signed-off-by: Soren Brinkmann 
Signed-off-by: Peter Crosthwaite 
Signed-off-by: Peter Maydell 
---
 hw/cadence_ttc.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/cadence_ttc.c b/hw/cadence_ttc.c
index dd02f86..77b6976 100644
--- a/hw/cadence_ttc.c
+++ b/hw/cadence_ttc.c
@@ -274,6 +274,7 @@ static uint32_t cadence_ttc_read_imp(void *opaque, 
target_phys_addr_t offset)
 /* cleared after read */
 value = s->reg_intr;
 s->reg_intr = 0;
+cadence_timer_update(s);
 return value;
 
 case 0x60: /* interrupt enable */
@@ -355,7 +356,6 @@ static void cadence_ttc_write(void *opaque, 
target_phys_addr_t offset,
 case 0x54: /* interrupt register */
 case 0x58:
 case 0x5c:
-s->reg_intr &= (~value & 0xfff);
 break;
 
 case 0x60: /* interrupt enable */
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH 2/2] linux-user: register align p{read, write}64

[Peter Maydell]

On 30 September 2012 02:32, Alexander Graf  wrote:
> pread64 and pwrite64 pass 64bit parameters which for some architectures need
> to be aligned to special argument pairs, creating a gap argument.
>
> Handle this special case the same way we handle it in other places of the 
> code.
>
> Reported-by: Alex Barcelo 
> Signed-off-by: Alexander Graf 

Reviewed-by: Peter Maydell 

[Qemu-devel] [PATCH 8/9] zynq_slcr: Fixed ResetValues enum

[Peter Maydell]

From: "Peter A. G. Crosthwaite" 

There is a gap in the reset region of the address space at offset 0x208. This
throws out all these enum values by one when translating them to address 
offsets.
Fixed by putting the corresponding gap in the enum as well.

Signed-off-by: Peter A. G. Crosthwaite 
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 hw/zynq_slcr.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/zynq_slcr.c b/hw/zynq_slcr.c
index 4f97575..8acba01 100644
--- a/hw/zynq_slcr.c
+++ b/hw/zynq_slcr.c
@@ -91,7 +91,7 @@ typedef enum {
 typedef enum {
   PSS,
   DDDR,
-  DMAC,
+  DMAC = 3,
   USB,
   GEM,
   SDIO,
-- 
1.7.9.5

[Qemu-devel] [PATCH 5/9] hw/ds1338: Remove 'now' field from state struct

[Peter Maydell]

The 'struct tm now' field in the state structure is in fact only
ever used as a temporary (the actual RTC state is held in 'offset').
Remove it from the state structure in favour of using local variables
to avoid confusion about whether it needs to be saved on migration.

Signed-off-by: Peter Maydell 
---
 hw/ds1338.c |   41 +
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/hw/ds1338.c b/hw/ds1338.c
index 842d2de..16aba4b 100644
--- a/hw/ds1338.c
+++ b/hw/ds1338.c
@@ -20,7 +20,6 @@
 typedef struct {
 I2CSlave i2c;
 time_t offset;
-struct tm now;
 uint8_t nvram[NVRAM_SIZE];
 int ptr;
 int addr_byte;
@@ -31,21 +30,22 @@ static void capture_current_time(DS1338State *s)
 /* Capture the current time into the secondary registers
  * which will be actually read by the data transfer operation.
  */
-qemu_get_timedate(&s->now, s->offset);
-s->nvram[0] = to_bcd(s->now.tm_sec);
-s->nvram[1] = to_bcd(s->now.tm_min);
+struct tm now;
+qemu_get_timedate(&now, s->offset);
+s->nvram[0] = to_bcd(now.tm_sec);
+s->nvram[1] = to_bcd(now.tm_min);
 if (s->nvram[2] & 0x40) {
-s->nvram[2] = (to_bcd((s->now.tm_hour % 12)) + 1) | 0x40;
-if (s->now.tm_hour >= 12) {
+s->nvram[2] = (to_bcd((now.tm_hour % 12)) + 1) | 0x40;
+if (now.tm_hour >= 12) {
 s->nvram[2] |= 0x20;
 }
 } else {
-s->nvram[2] = to_bcd(s->now.tm_hour);
+s->nvram[2] = to_bcd(now.tm_hour);
 }
-s->nvram[3] = to_bcd(s->now.tm_wday) + 1;
-s->nvram[4] = to_bcd(s->now.tm_mday);
-s->nvram[5] = to_bcd(s->now.tm_mon) + 1;
-s->nvram[6] = to_bcd(s->now.tm_year - 100);
+s->nvram[3] = to_bcd(now.tm_wday) + 1;
+s->nvram[4] = to_bcd(now.tm_mday);
+s->nvram[5] = to_bcd(now.tm_mon) + 1;
+s->nvram[6] = to_bcd(now.tm_year - 100);
 }
 
 static void inc_regptr(DS1338State *s)
@@ -100,14 +100,15 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
 return 0;
 }
 if (s->ptr < 8) {
-qemu_get_timedate(&s->now, s->offset);
+struct tm now;
+qemu_get_timedate(&now, s->offset);
 switch(s->ptr) {
 case 0:
 /* TODO: Implement CH (stop) bit.  */
-s->now.tm_sec = from_bcd(data & 0x7f);
+now.tm_sec = from_bcd(data & 0x7f);
 break;
 case 1:
-s->now.tm_min = from_bcd(data & 0x7f);
+now.tm_min = from_bcd(data & 0x7f);
 break;
 case 2:
 if (data & 0x40) {
@@ -119,25 +120,25 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
 } else {
 data = from_bcd(data);
 }
-s->now.tm_hour = data;
+now.tm_hour = data;
 break;
 case 3:
-s->now.tm_wday = from_bcd(data & 7) - 1;
+now.tm_wday = from_bcd(data & 7) - 1;
 break;
 case 4:
-s->now.tm_mday = from_bcd(data & 0x3f);
+now.tm_mday = from_bcd(data & 0x3f);
 break;
 case 5:
-s->now.tm_mon = from_bcd(data & 0x1f) - 1;
+now.tm_mon = from_bcd(data & 0x1f) - 1;
 break;
 case 6:
-s->now.tm_year = from_bcd(data) + 100;
+now.tm_year = from_bcd(data) + 100;
 break;
 case 7:
 /* Control register. Currently ignored.  */
 break;
 }
-s->offset = qemu_timedate_diff(&s->now);
+s->offset = qemu_timedate_diff(&now);
 } else {
 s->nvram[s->ptr] = data;
 }
-- 
1.7.9.5

[Qemu-devel] [PATCH 3/9] hw/ds1338: Fix mishandling of register pointer

[Peter Maydell]

Correct several deficiencies in the handling of the register pointer:
 * it should wrap around after 0x3f, not 0xff
 * guard against the caller handing us an out of range pointer
   (on h/w this can never happen, because only a 7 bit value is
   transferred over the I2C bus)
 * there was confusion over whether nvram[] holds only the 56 bytes
   of guest-accessible NVRAM, or also the secondary registers
   which hold the value of the clock captured at the start of a
   multibyte read. Correct to consistently be the latter, by fixing
   the array size and the offset used for NVRAM writes.
 * ds1338_send was attempting to use 'data' as both the data and
   the register offset simultaneously, which meant that writes to
   any register were broken; fix to use the register pointer.

Signed-off-by: Peter Maydell 
---
 hw/ds1338.c |   20 +---
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/hw/ds1338.c b/hw/ds1338.c
index d590d9c..be68140 100644
--- a/hw/ds1338.c
+++ b/hw/ds1338.c
@@ -12,11 +12,16 @@
 
 #include "i2c.h"
 
+/* Size of NVRAM including both the user-accessible area and the
+ * secondary register area.
+ */
+#define NVRAM_SIZE 64
+
 typedef struct {
 I2CSlave i2c;
 time_t offset;
 struct tm now;
-uint8_t nvram[56];
+uint8_t nvram[NVRAM_SIZE];
 int ptr;
 int addr_byte;
 } DS1338State;
@@ -57,7 +62,7 @@ static int ds1338_recv(I2CSlave *i2c)
 uint8_t res;
 
 res  = s->nvram[s->ptr];
-s->ptr = (s->ptr + 1) & 0xff;
+s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
 return res;
 }
 
@@ -65,14 +70,13 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
 {
 DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
 if (s->addr_byte) {
-s->ptr = data;
+s->ptr = data & (NVRAM_SIZE - 1);
 s->addr_byte = 0;
 return 0;
 }
-s->nvram[s->ptr - 8] = data;
-if (data < 8) {
+if (s->ptr < 8) {
 qemu_get_timedate(&s->now, s->offset);
-switch(data) {
+switch(s->ptr) {
 case 0:
 /* TODO: Implement CH (stop) bit.  */
 s->now.tm_sec = from_bcd(data & 0x7f);
@@ -109,8 +113,10 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
 break;
 }
 s->offset = qemu_timedate_diff(&s->now);
+} else {
+s->nvram[s->ptr] = data;
 }
-s->ptr = (s->ptr + 1) & 0xff;
+s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
 return 0;
 }
 
-- 
1.7.9.5

[Qemu-devel] [PATCH 9/9] arm_gic: Rename gic_state to GICState

[Peter Maydell]

Rename the gic_state struct to match QEMU's coding style conventions
for structure names, since the impending KVM-for-ARM patches will
create another subclass of it. This patch was created using:
  sed -i 's/gic_state/GICState/g' hw/arm_gic.c hw/arm_gic_common.c \
hw/arm_gic_internal.h hw/armv7m_nvic.c

Acked-by: Andreas Färber 
Signed-off-by: Peter Maydell 
---
 hw/arm_gic.c  |   44 ++--
 hw/arm_gic_common.c   |   16 
 hw/arm_gic_internal.h |   20 ++--
 hw/armv7m_nvic.c  |6 +++---
 4 files changed, 43 insertions(+), 43 deletions(-)

diff --git a/hw/arm_gic.c b/hw/arm_gic.c
index 4024dae..56376c0 100644
--- a/hw/arm_gic.c
+++ b/hw/arm_gic.c
@@ -36,7 +36,7 @@ static const uint8_t gic_id[] = {
 
 #define NUM_CPU(s) ((s)->num_cpu)
 
-static inline int gic_get_current_cpu(gic_state *s)
+static inline int gic_get_current_cpu(GICState *s)
 {
 if (s->num_cpu > 1) {
 return cpu_single_env->cpu_index;
@@ -46,7 +46,7 @@ static inline int gic_get_current_cpu(gic_state *s)
 
 /* TODO: Many places that call this routine could be optimized.  */
 /* Update interrupt status after enabled or pending bits have been changed.  */
-void gic_update(gic_state *s)
+void gic_update(GICState *s)
 {
 int best_irq;
 int best_prio;
@@ -84,7 +84,7 @@ void gic_update(gic_state *s)
 }
 }
 
-void gic_set_pending_private(gic_state *s, int cpu, int irq)
+void gic_set_pending_private(GICState *s, int cpu, int irq)
 {
 int cm = 1 << cpu;
 
@@ -105,7 +105,7 @@ static void gic_set_irq(void *opaque, int irq, int level)
  *  [N+32..N+63] : PPI (internal interrupts for CPU 1
  *  ...
  */
-gic_state *s = (gic_state *)opaque;
+GICState *s = (GICState *)opaque;
 int cm, target;
 if (irq < (s->num_irq - GIC_INTERNAL)) {
 /* The first external input line is internal interrupt 32.  */
@@ -137,7 +137,7 @@ static void gic_set_irq(void *opaque, int irq, int level)
 gic_update(s);
 }
 
-static void gic_set_running_irq(gic_state *s, int cpu, int irq)
+static void gic_set_running_irq(GICState *s, int cpu, int irq)
 {
 s->running_irq[cpu] = irq;
 if (irq == 1023) {
@@ -148,7 +148,7 @@ static void gic_set_running_irq(gic_state *s, int cpu, int 
irq)
 gic_update(s);
 }
 
-uint32_t gic_acknowledge_irq(gic_state *s, int cpu)
+uint32_t gic_acknowledge_irq(GICState *s, int cpu)
 {
 int new_irq;
 int cm = 1 << cpu;
@@ -167,7 +167,7 @@ uint32_t gic_acknowledge_irq(gic_state *s, int cpu)
 return new_irq;
 }
 
-void gic_complete_irq(gic_state *s, int cpu, int irq)
+void gic_complete_irq(GICState *s, int cpu, int irq)
 {
 int update = 0;
 int cm = 1 << cpu;
@@ -214,7 +214,7 @@ void gic_complete_irq(gic_state *s, int cpu, int irq)
 
 static uint32_t gic_dist_readb(void *opaque, target_phys_addr_t offset)
 {
-gic_state *s = (gic_state *)opaque;
+GICState *s = (GICState *)opaque;
 uint32_t res;
 int irq;
 int i;
@@ -347,7 +347,7 @@ static uint32_t gic_dist_readl(void *opaque, 
target_phys_addr_t offset)
 static void gic_dist_writeb(void *opaque, target_phys_addr_t offset,
 uint32_t value)
 {
-gic_state *s = (gic_state *)opaque;
+GICState *s = (GICState *)opaque;
 int irq;
 int i;
 int cpu;
@@ -500,7 +500,7 @@ static void gic_dist_writew(void *opaque, 
target_phys_addr_t offset,
 static void gic_dist_writel(void *opaque, target_phys_addr_t offset,
 uint32_t value)
 {
-gic_state *s = (gic_state *)opaque;
+GICState *s = (GICState *)opaque;
 if (offset == 0xf00) {
 int cpu;
 int irq;
@@ -539,7 +539,7 @@ static const MemoryRegionOps gic_dist_ops = {
 .endianness = DEVICE_NATIVE_ENDIAN,
 };
 
-static uint32_t gic_cpu_read(gic_state *s, int cpu, int offset)
+static uint32_t gic_cpu_read(GICState *s, int cpu, int offset)
 {
 switch (offset) {
 case 0x00: /* Control */
@@ -561,7 +561,7 @@ static uint32_t gic_cpu_read(gic_state *s, int cpu, int 
offset)
 }
 }
 
-static void gic_cpu_write(gic_state *s, int cpu, int offset, uint32_t value)
+static void gic_cpu_write(GICState *s, int cpu, int offset, uint32_t value)
 {
 switch (offset) {
 case 0x00: /* Control */
@@ -587,25 +587,25 @@ static void gic_cpu_write(gic_state *s, int cpu, int 
offset, uint32_t value)
 static uint64_t gic_thiscpu_read(void *opaque, target_phys_addr_t addr,
  unsigned size)
 {
-gic_state *s = (gic_state *)opaque;
+GICState *s = (GICState *)opaque;
 return gic_cpu_read(s, gic_get_current_cpu(s), addr);
 }
 
 static void gic_thiscpu_write(void *opaque, target_phys_addr_t addr,
   uint64_t value, unsigned size)
 {
-gic_state *s = (gic_state *)opaque;
+GICState *s = (GICState *)opaque;
 gic_cpu_write(s, gic_get_current_cpu(s), addr, value);
 }
 
 /* Wrappers to read/write the GIC CPU interface for 

[Qemu-devel] [PATCH 6/9] hw/ds1338: Implement state save/restore

[Peter Maydell]

Implement state save/restore for the DS1338. This requires
the usual minor adjustment of types in the state struct to
get fixed-width ones with vmstate macros.

Signed-off-by: Peter Maydell 
---
 hw/ds1338.c |   27 ++-
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/hw/ds1338.c b/hw/ds1338.c
index 16aba4b..b576d56 100644
--- a/hw/ds1338.c
+++ b/hw/ds1338.c
@@ -19,12 +19,27 @@
 
 typedef struct {
 I2CSlave i2c;
-time_t offset;
+int64_t offset;
 uint8_t nvram[NVRAM_SIZE];
-int ptr;
-int addr_byte;
+int32_t ptr;
+bool addr_byte;
 } DS1338State;
 
+static const VMStateDescription vmstate_ds1338 = {
+.name = "ds1338",
+.version_id = 1,
+.minimum_version_id = 1,
+.minimum_version_id_old = 1,
+.fields = (VMStateField[]) {
+VMSTATE_I2C_SLAVE(i2c, DS1338State),
+VMSTATE_INT64(offset, DS1338State),
+VMSTATE_UINT8_ARRAY(nvram, DS1338State, NVRAM_SIZE),
+VMSTATE_INT32(ptr, DS1338State),
+VMSTATE_BOOL(addr_byte, DS1338State),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static void capture_current_time(DS1338State *s)
 {
 /* Capture the current time into the secondary registers
@@ -74,7 +89,7 @@ static void ds1338_event(I2CSlave *i2c, enum i2c_event event)
 capture_current_time(s);
 break;
 case I2C_START_SEND:
-s->addr_byte = 1;
+s->addr_byte = true;
 break;
 default:
 break;
@@ -96,7 +111,7 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
 DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
 if (s->addr_byte) {
 s->ptr = data & (NVRAM_SIZE - 1);
-s->addr_byte = 0;
+s->addr_byte = false;
 return 0;
 }
 if (s->ptr < 8) {
@@ -153,12 +168,14 @@ static int ds1338_init(I2CSlave *i2c)
 
 static void ds1338_class_init(ObjectClass *klass, void *data)
 {
+DeviceClass *dc = DEVICE_CLASS(klass);
 I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
 
 k->init = ds1338_init;
 k->event = ds1338_event;
 k->recv = ds1338_recv;
 k->send = ds1338_send;
+dc->vmsd = &vmstate_ds1338;
 }
 
 static TypeInfo ds1338_info = {
-- 
1.7.9.5

[Qemu-devel] [PATCH 2/9] hw/arm_gic.c: Fix improper DPRINTF output.

[Peter Maydell]

From: Evgeny Voevodin 

s->cpu_enabled is an array, so s->cpu_enabled ? "En" : "Dis" returns
"En" always. We should use s->cpu_enabled[cpu] here.

Signed-off-by: Evgeny Voevodin 
Signed-off-by: Peter Maydell 
---
 hw/arm_gic.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/arm_gic.c b/hw/arm_gic.c
index 55871fa..4024dae 100644
--- a/hw/arm_gic.c
+++ b/hw/arm_gic.c
@@ -566,7 +566,7 @@ static void gic_cpu_write(gic_state *s, int cpu, int 
offset, uint32_t value)
 switch (offset) {
 case 0x00: /* Control */
 s->cpu_enabled[cpu] = (value & 1);
-DPRINTF("CPU %d %sabled\n", cpu, s->cpu_enabled ? "En" : "Dis");
+DPRINTF("CPU %d %sabled\n", cpu, s->cpu_enabled[cpu] ? "En" : "Dis");
 break;
 case 0x04: /* Priority mask */
 s->priority_mask[cpu] = (value & 0xff);
-- 
1.7.9.5

[Qemu-devel] [PATCH 4/9] hw/ds1338: Recapture current time when register pointer wraps around

[Peter Maydell]

The DS1338 datasheet documents that the current time is captured into
the secondary registers when the register pointer wraps round to zero
as well as at a START condition. Implement this.

Signed-off-by: Peter Maydell 
---
 hw/ds1338.c |   59 ++-
 1 file changed, 42 insertions(+), 17 deletions(-)

diff --git a/hw/ds1338.c b/hw/ds1338.c
index be68140..842d2de 100644
--- a/hw/ds1338.c
+++ b/hw/ds1338.c
@@ -26,27 +26,52 @@ typedef struct {
 int addr_byte;
 } DS1338State;
 
+static void capture_current_time(DS1338State *s)
+{
+/* Capture the current time into the secondary registers
+ * which will be actually read by the data transfer operation.
+ */
+qemu_get_timedate(&s->now, s->offset);
+s->nvram[0] = to_bcd(s->now.tm_sec);
+s->nvram[1] = to_bcd(s->now.tm_min);
+if (s->nvram[2] & 0x40) {
+s->nvram[2] = (to_bcd((s->now.tm_hour % 12)) + 1) | 0x40;
+if (s->now.tm_hour >= 12) {
+s->nvram[2] |= 0x20;
+}
+} else {
+s->nvram[2] = to_bcd(s->now.tm_hour);
+}
+s->nvram[3] = to_bcd(s->now.tm_wday) + 1;
+s->nvram[4] = to_bcd(s->now.tm_mday);
+s->nvram[5] = to_bcd(s->now.tm_mon) + 1;
+s->nvram[6] = to_bcd(s->now.tm_year - 100);
+}
+
+static void inc_regptr(DS1338State *s)
+{
+/* The register pointer wraps around after 0x3F; wraparound
+ * causes the current time/date to be retransferred into
+ * the secondary registers.
+ */
+s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
+if (!s->ptr) {
+capture_current_time(s);
+}
+}
+
 static void ds1338_event(I2CSlave *i2c, enum i2c_event event)
 {
 DS1338State *s = FROM_I2C_SLAVE(DS1338State, i2c);
 
 switch (event) {
 case I2C_START_RECV:
-qemu_get_timedate(&s->now, s->offset);
-s->nvram[0] = to_bcd(s->now.tm_sec);
-s->nvram[1] = to_bcd(s->now.tm_min);
-if (s->nvram[2] & 0x40) {
-s->nvram[2] = (to_bcd((s->now.tm_hour % 12)) + 1) | 0x40;
-if (s->now.tm_hour >= 12) {
-s->nvram[2] |= 0x20;
-}
-} else {
-s->nvram[2] = to_bcd(s->now.tm_hour);
-}
-s->nvram[3] = to_bcd(s->now.tm_wday) + 1;
-s->nvram[4] = to_bcd(s->now.tm_mday);
-s->nvram[5] = to_bcd(s->now.tm_mon) + 1;
-s->nvram[6] = to_bcd(s->now.tm_year - 100);
+/* In h/w, capture happens on any START condition, not just a
+ * START_RECV, but there is no need to actually capture on
+ * START_SEND, because the guest can't get at that data
+ * without going through a START_RECV which would overwrite it.
+ */
+capture_current_time(s);
 break;
 case I2C_START_SEND:
 s->addr_byte = 1;
@@ -62,7 +87,7 @@ static int ds1338_recv(I2CSlave *i2c)
 uint8_t res;
 
 res  = s->nvram[s->ptr];
-s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
+inc_regptr(s);
 return res;
 }
 
@@ -116,7 +141,7 @@ static int ds1338_send(I2CSlave *i2c, uint8_t data)
 } else {
 s->nvram[s->ptr] = data;
 }
-s->ptr = (s->ptr + 1) & (NVRAM_SIZE - 1);
+inc_regptr(s);
 return 0;
 }
 
-- 
1.7.9.5

[Qemu-devel] [PATCH 0/2] qemu-img: Fix division by zero for zero size images

[Kevin Wolf]

Kevin Wolf (2):
  qemu-img: Fix division by zero for zero size images
  qemu-iotests: Test qemu-img operation on zero size image

 qemu-img.c |   23 
 tests/qemu-iotests/041 |   78 
 tests/qemu-iotests/041.out |   15 
 tests/qemu-iotests/group   |1 +
 4 files changed, 109 insertions(+), 8 deletions(-)
 create mode 100755 tests/qemu-iotests/041
 create mode 100644 tests/qemu-iotests/041.out

-- 
1.7.6.5

[Qemu-devel] [PATCH 1/2] qemu-img: Fix division by zero for zero size images

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
---
 qemu-img.c |   23 +++
 1 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index f17f187..849eb41 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -674,7 +674,7 @@ static int img_convert(int argc, char **argv)
 QEMUOptionParameter *out_baseimg_param;
 char *options = NULL;
 const char *snapshot_name = NULL;
-float local_progress;
+float local_progress = 0;
 int min_sparse = 8; /* Need at least 4k of zeros for sparse detection */
 
 fmt = NULL;
@@ -914,8 +914,10 @@ static int img_convert(int argc, char **argv)
 sector_num = 0;
 
 nb_sectors = total_sectors;
-local_progress = (float)100 /
-(nb_sectors / MIN(nb_sectors, cluster_sectors));
+if (nb_sectors != 0) {
+local_progress = (float)100 /
+(nb_sectors / MIN(nb_sectors, cluster_sectors));
+}
 
 for(;;) {
 int64_t bs_num;
@@ -986,8 +988,10 @@ static int img_convert(int argc, char **argv)
 
 sector_num = 0; // total number of sectors converted so far
 nb_sectors = total_sectors - sector_num;
-local_progress = (float)100 /
-(nb_sectors / MIN(nb_sectors, IO_BUF_SIZE / 512));
+if (nb_sectors != 0) {
+local_progress = (float)100 /
+(nb_sectors / MIN(nb_sectors, IO_BUF_SIZE / 512));
+}
 
 for(;;) {
 nb_sectors = total_sectors - sector_num;
@@ -1585,7 +1589,7 @@ static int img_rebase(int argc, char **argv)
 int n;
 uint8_t * buf_old;
 uint8_t * buf_new;
-float local_progress;
+float local_progress = 0;
 
 buf_old = qemu_blockalign(bs, IO_BUF_SIZE);
 buf_new = qemu_blockalign(bs, IO_BUF_SIZE);
@@ -1594,8 +1598,11 @@ static int img_rebase(int argc, char **argv)
 bdrv_get_geometry(bs_old_backing, &old_backing_num_sectors);
 bdrv_get_geometry(bs_new_backing, &new_backing_num_sectors);
 
-local_progress = (float)100 /
-(num_sectors / MIN(num_sectors, IO_BUF_SIZE / 512));
+if (num_sectors != 0) {
+local_progress = (float)100 /
+(num_sectors / MIN(num_sectors, IO_BUF_SIZE / 512));
+}
+
 for (sector = 0; sector < num_sectors; sector += n) {
 
 /* How many sectors can we handle with the next read? */
-- 
1.7.6.5

[Qemu-devel] [PATCH 2/2] qemu-iotests: Test qemu-img operation on zero size image

[Kevin Wolf]

Signed-off-by: Kevin Wolf 
---
 tests/qemu-iotests/041 |   78 
 tests/qemu-iotests/041.out |   15 
 tests/qemu-iotests/group   |1 +
 3 files changed, 94 insertions(+), 0 deletions(-)
 create mode 100755 tests/qemu-iotests/041
 create mode 100644 tests/qemu-iotests/041.out

diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
new file mode 100755
index 000..c3c3ca8
--- /dev/null
+++ b/tests/qemu-iotests/041
@@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# Test qemu-img operation on zero size images
+#
+# Copyright (C) 2012 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=kw...@redhat.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+   _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2 qcow qed vmdk
+_supported_proto file
+_supported_os Linux
+
+echo
+echo "== Creating zero size image =="
+
+_make_test_img 0
+_check_test_img
+
+mv $TEST_IMG $TEST_IMG.orig
+
+echo
+echo "== Converting the image =="
+
+$QEMU_IMG convert -O $IMGFMT $TEST_IMG.orig $TEST_IMG
+_check_test_img
+
+echo
+echo "== Converting the image, compressed =="
+
+if [ "$IMGFMT" == "qcow2" ]; then
+$QEMU_IMG convert -c -O $IMGFMT $TEST_IMG.orig $TEST_IMG
+fi
+_check_test_img
+
+echo
+echo "== Rebasing the image =="
+
+$QEMU_IMG rebase -u -b $TEST_IMG.orig $TEST_IMG
+$QEMU_IMG rebase -b $TEST_IMG.orig $TEST_IMG
+_check_test_img
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
+
diff --git a/tests/qemu-iotests/041.out b/tests/qemu-iotests/041.out
new file mode 100644
index 000..98514fa
--- /dev/null
+++ b/tests/qemu-iotests/041.out
@@ -0,0 +1,15 @@
+QA output created by 041
+
+== Creating zero size image ==
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=0 
+No errors were found on the image.
+
+== Converting the image ==
+No errors were found on the image.
+
+== Converting the image, compressed ==
+No errors were found on the image.
+
+== Rebasing the image ==
+No errors were found on the image.
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index 66d2ba9..fa4a7da 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -47,3 +47,4 @@
 038 rw auto backing
 039 rw auto
 040 rw auto
+041 rw auto quick
-- 
1.7.6.5

[Qemu-devel] [PATCH 03/11] linux-user: Perform more checks on iovec lists

[riku . voipio]

From: Richard Henderson 

Validate count between 0 and IOV_MAX.  Limit total length of
operation in the same way the kernel does.

Signed-off-by: Richard Henderson 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |  162 +++---
 1 file changed, 102 insertions(+), 60 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index cf0b385..038aefe 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1744,55 +1744,96 @@ static abi_long do_getsockopt(int sockfd, int level, 
int optname,
 return ret;
 }
 
-/* FIXME
- * lock_iovec()/unlock_iovec() have a return code of 0 for success where
- * other lock functions have a return code of 0 for failure.
- */
-static abi_long lock_iovec(int type, struct iovec *vec, abi_ulong target_addr,
-   int count, int copy)
+static struct iovec *lock_iovec(int type, abi_ulong target_addr,
+int count, int copy)
 {
 struct target_iovec *target_vec;
-abi_ulong base;
+struct iovec *vec;
+abi_ulong total_len, max_len;
 int i;
 
-target_vec = lock_user(VERIFY_READ, target_addr, count * sizeof(struct 
target_iovec), 1);
-if (!target_vec)
-return -TARGET_EFAULT;
-for(i = 0;i < count; i++) {
-base = tswapal(target_vec[i].iov_base);
-vec[i].iov_len = tswapal(target_vec[i].iov_len);
-if (vec[i].iov_len != 0) {
-vec[i].iov_base = lock_user(type, base, vec[i].iov_len, copy);
-/* Don't check lock_user return value. We must call writev even
-   if a element has invalid base address. */
+if (count == 0) {
+errno = 0;
+return NULL;
+}
+if (count > IOV_MAX) {
+errno = EINVAL;
+return NULL;
+}
+
+vec = calloc(count, sizeof(struct iovec));
+if (vec == NULL) {
+errno = ENOMEM;
+return NULL;
+}
+
+target_vec = lock_user(VERIFY_READ, target_addr,
+   count * sizeof(struct target_iovec), 1);
+if (target_vec == NULL) {
+errno = EFAULT;
+goto fail2;
+}
+
+/* ??? If host page size > target page size, this will result in a
+   value larger than what we can actually support.  */
+max_len = 0x7fff & TARGET_PAGE_MASK;
+total_len = 0;
+
+for (i = 0; i < count; i++) {
+abi_ulong base = tswapal(target_vec[i].iov_base);
+abi_long len = tswapal(target_vec[i].iov_len);
+
+if (len < 0) {
+errno = EINVAL;
+goto fail;
+} else if (len == 0) {
+/* Zero length pointer is ignored.  */
+vec[i].iov_base = 0;
 } else {
-/* zero length pointer is ignored */
-vec[i].iov_base = NULL;
+vec[i].iov_base = lock_user(type, base, len, copy);
+if (!vec[i].iov_base) {
+errno = EFAULT;
+goto fail;
+}
+if (len > max_len - total_len) {
+len = max_len - total_len;
+}
 }
+vec[i].iov_len = len;
+total_len += len;
 }
-unlock_user (target_vec, target_addr, 0);
-return 0;
+
+unlock_user(target_vec, target_addr, 0);
+return vec;
+
+ fail:
+free(vec);
+ fail2:
+unlock_user(target_vec, target_addr, 0);
+return NULL;
 }
 
-static abi_long unlock_iovec(struct iovec *vec, abi_ulong target_addr,
- int count, int copy)
+static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
+ int count, int copy)
 {
 struct target_iovec *target_vec;
-abi_ulong base;
 int i;
 
-target_vec = lock_user(VERIFY_READ, target_addr, count * sizeof(struct 
target_iovec), 1);
-if (!target_vec)
-return -TARGET_EFAULT;
-for(i = 0;i < count; i++) {
-if (target_vec[i].iov_base) {
-base = tswapal(target_vec[i].iov_base);
+target_vec = lock_user(VERIFY_READ, target_addr,
+   count * sizeof(struct target_iovec), 1);
+if (target_vec) {
+for (i = 0; i < count; i++) {
+abi_ulong base = tswapal(target_vec[i].iov_base);
+abi_long len = tswapal(target_vec[i].iov_base);
+if (len < 0) {
+break;
+}
 unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
 }
+unlock_user(target_vec, target_addr, 0);
 }
-unlock_user (target_vec, target_addr, 0);
 
-return 0;
+free(vec);
 }
 
 /* do_socket() Must return target values and target errnos. */
@@ -1888,8 +1929,7 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong 
target_msg,
 ret = target_to_host_sockaddr(msg.msg_name, tswapal(msgp->msg_name),
 msg.msg_namelen);
 if (ret) {
-unlock_user_struct(msgp, target_msg, send ? 0 : 1);
-return ret;
+goto out2;
   

[Qemu-devel] [PATCH 10/11] linux-user: ppc: mark as long long aligned

[riku . voipio]

From: Alexander Graf 

The SysV PPC32 ABI dictates that long long (64bit) parameters are pass in 
odd/even
register pairs. Because unlike ARM and MIPS we start at an odd register number,
we can reuse the same aligning code that ARM and MIPS use.

Clarified inline comment that it is SysV ABI that requires long long aligned
parameters - Riku

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 009bf8f..3da8e51 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -587,12 +587,17 @@ extern int setfsgid(int);
 extern int setgroups(int, gid_t *);
 
 /* ARM EABI and MIPS expect 64bit types aligned even on pairs or registers */
-#ifdef TARGET_ARM 
+#ifdef TARGET_ARM
 static inline int regpairs_aligned(void *cpu_env) {
 return CPUARMState *)cpu_env)->eabi) == 1) ;
 }
 #elif defined(TARGET_MIPS)
 static inline int regpairs_aligned(void *cpu_env) { return 1; }
+#elif defined(TARGET_PPC) && !defined(TARGET_PPC64)
+/* SysV AVI for PPC32 expects 64bit parameters to be passed on odd/even pairs
+ * of registers which translates to the same as ARM/MIPS, because we start with
+ * r3 as arg1 */
+static inline int regpairs_aligned(void *cpu_env) { return 1; }
 #else
 static inline int regpairs_aligned(void *cpu_env) { return 0; }
 #endif
-- 
1.7.9.5

[Qemu-devel] [PATCH 01/11] linux-user: fix statfs

[riku . voipio]

From: Alexander Graf 

The statfs syscall should always memset(0) its full struct extent before
writing to it. Newer versions of the syscall use one of the reserved fields
for flags, which would otherwise get stale values from uncleaned memory.

This fixes libarchive for me, which got confused about the return value of
pathconf("/", _PC_REC_XFER_ALIGN) otherwise, as it some times gave old pointers
as return value.

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |4 
 1 file changed, 4 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 471d060..1a38169 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6529,6 +6529,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
 __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
 __put_user(stfs.f_namelen, &target_stfs->f_namelen);
+__put_user(stfs.f_frsize, &target_stfs->f_frsize);
+memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
 unlock_user_struct(target_stfs, arg2, 1);
 }
 break;
@@ -6557,6 +6559,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
 __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
 __put_user(stfs.f_namelen, &target_stfs->f_namelen);
+__put_user(stfs.f_frsize, &target_stfs->f_frsize);
+memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
 unlock_user_struct(target_stfs, arg3, 1);
 }
 break;
-- 
1.7.9.5

[Qemu-devel] [PATCH 06/11] linux-user: Fix siginfo handling

[riku . voipio]

From: Richard Henderson 

Compare signal numbers in the proper domain.
Convert all of the fields for SIGIO and SIGCHLD.

Signed-off-by: Richard Henderson 
Signed-off-by: Riku Voipio 
---
 linux-user/qemu.h|3 +++
 linux-user/signal.c  |   59 ++
 linux-user/syscall.c |2 +-
 3 files changed, 44 insertions(+), 20 deletions(-)

diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index fc4cc00..5e53dca 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -219,6 +219,9 @@ unsigned long init_guest_space(unsigned long host_start,
 
 #include "qemu-log.h"
 
+/* syscall.c */
+int host_to_target_waitstatus(int status);
+
 /* strace.c */
 void print_syscall(int num,
abi_long arg1, abi_long arg2, abi_long arg3,
diff --git a/linux-user/signal.c b/linux-user/signal.c
index 15bc4e8..95e2ffa 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -202,46 +202,67 @@ void target_to_host_old_sigset(sigset_t *sigset,
 static inline void host_to_target_siginfo_noswap(target_siginfo_t *tinfo,
  const siginfo_t *info)
 {
-int sig;
-sig = host_to_target_signal(info->si_signo);
+int sig = host_to_target_signal(info->si_signo);
 tinfo->si_signo = sig;
 tinfo->si_errno = 0;
 tinfo->si_code = info->si_code;
-if (sig == SIGILL || sig == SIGFPE || sig == SIGSEGV ||
-sig == SIGBUS || sig == SIGTRAP) {
-/* should never come here, but who knows. The information for
-   the target is irrelevant */
+
+if (sig == TARGET_SIGILL || sig == TARGET_SIGFPE || sig == TARGET_SIGSEGV
+|| sig == TARGET_SIGBUS || sig == TARGET_SIGTRAP) {
+/* Should never come here, but who knows. The information for
+   the target is irrelevant.  */
 tinfo->_sifields._sigfault._addr = 0;
-} else if (sig == SIGIO) {
+} else if (sig == TARGET_SIGIO) {
+tinfo->_sifields._sigpoll._band = info->si_band;
tinfo->_sifields._sigpoll._fd = info->si_fd;
+} else if (sig == TARGET_SIGCHLD) {
+tinfo->_sifields._sigchld._pid = info->si_pid;
+tinfo->_sifields._sigchld._uid = info->si_uid;
+tinfo->_sifields._sigchld._status
+= host_to_target_waitstatus(info->si_status);
+tinfo->_sifields._sigchld._utime = info->si_utime;
+tinfo->_sifields._sigchld._stime = info->si_stime;
 } else if (sig >= TARGET_SIGRTMIN) {
 tinfo->_sifields._rt._pid = info->si_pid;
 tinfo->_sifields._rt._uid = info->si_uid;
 /* XXX: potential problem if 64 bit */
-tinfo->_sifields._rt._sigval.sival_ptr =
-(abi_ulong)(unsigned long)info->si_value.sival_ptr;
+tinfo->_sifields._rt._sigval.sival_ptr
+= (abi_ulong)(unsigned long)info->si_value.sival_ptr;
 }
 }
 
 static void tswap_siginfo(target_siginfo_t *tinfo,
   const target_siginfo_t *info)
 {
-int sig;
-sig = info->si_signo;
+int sig = info->si_signo;
 tinfo->si_signo = tswap32(sig);
 tinfo->si_errno = tswap32(info->si_errno);
 tinfo->si_code = tswap32(info->si_code);
-if (sig == SIGILL || sig == SIGFPE || sig == SIGSEGV ||
-sig == SIGBUS || sig == SIGTRAP) {
-tinfo->_sifields._sigfault._addr =
-tswapal(info->_sifields._sigfault._addr);
-} else if (sig == SIGIO) {
-   tinfo->_sifields._sigpoll._fd = tswap32(info->_sifields._sigpoll._fd);
+
+if (sig == TARGET_SIGILL || sig == TARGET_SIGFPE || sig == TARGET_SIGSEGV
+|| sig == TARGET_SIGBUS || sig == TARGET_SIGTRAP) {
+tinfo->_sifields._sigfault._addr
+= tswapal(info->_sifields._sigfault._addr);
+} else if (sig == TARGET_SIGIO) {
+tinfo->_sifields._sigpoll._band
+= tswap32(info->_sifields._sigpoll._band);
+tinfo->_sifields._sigpoll._fd = tswap32(info->_sifields._sigpoll._fd);
+} else if (sig == TARGET_SIGCHLD) {
+tinfo->_sifields._sigchld._pid
+= tswap32(info->_sifields._sigchld._pid);
+tinfo->_sifields._sigchld._uid
+= tswap32(info->_sifields._sigchld._uid);
+tinfo->_sifields._sigchld._status
+= tswap32(info->_sifields._sigchld._status);
+tinfo->_sifields._sigchld._utime
+= tswapal(info->_sifields._sigchld._utime);
+tinfo->_sifields._sigchld._stime
+= tswapal(info->_sifields._sigchld._stime);
 } else if (sig >= TARGET_SIGRTMIN) {
 tinfo->_sifields._rt._pid = tswap32(info->_sifields._rt._pid);
 tinfo->_sifields._rt._uid = tswap32(info->_sifields._rt._uid);
-tinfo->_sifields._rt._sigval.sival_ptr =
-tswapal(info->_sifields._rt._sigval.sival_ptr);
+tinfo->_sifields._rt._sigval.sival_ptr
+= tswapal(info->_sifields._rt._sigval.sival_ptr);
 }
 }
 
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 89c74ad..009bf8f 100644
--- a/l

[Qemu-devel] [PATCH 02/11] linux-user: fix multi-threaded /proc/self/maps

[riku . voipio]

From: Alexander Graf 

When reading our faked /proc/self/maps from a secondary thread,
we get an invalid stack entry. This is because ts->stack_base is not
initialized in non-primary threads.

However, ts->info is, and the stack layout information we're looking
for is there too. So let's use that one instead!

Signed-off-by: Alexander Graf 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 1a38169..cf0b385 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4962,8 +4962,8 @@ static int open_self_maps(void *cpu_env, int fd)
 #if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
 dprintf(fd, "%08llx-%08llx rw-p %08llx 00:00 0  [stack]\n",
 (unsigned long long)ts->info->stack_limit,
-(unsigned long long)(ts->stack_base + (TARGET_PAGE_SIZE - 1))
- & TARGET_PAGE_MASK,
+(unsigned long long)(ts->info->start_stack +
+ (TARGET_PAGE_SIZE - 1)) & 
TARGET_PAGE_MASK,
 (unsigned long long)0);
 #endif
 
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH 7/7] chardev: add hotplug support.

[Gerd Hoffmann]

On 10/12/12 13:17, Paolo Bonzini wrote:
> Il 12/10/2012 13:15, Gerd Hoffmann ha scritto:
 In principle you're right, but I think it's ugly that adding another
 chardev argument needs changes in 3 places instead of just one.
>> Hmm, I don't have to use the generated marshaller, right?  With direct
>> access to the QDict I could just transform it into a QemuOpts.
> 
> That's exactly what I was suggesting. :P

Ah, ok.  I actually looked at netdev_add but obviously not close
enougth.  On a quick glance it looked to me like @params is a single
string, not a varargs-style construct.  Guess we are on the same page then.

cheers,
  Gerd

[Qemu-devel] [PATCH v2] chardev: add hotplug support.

[Gerd Hoffmann]

This patch adds chardev_add and chardev_del monitor commands.

chardev_del is pretty straight forward, it just takes an id argument and
zaps the chardev specified.

chardev_add is more tricky as there are tons of arguments for the
different backends.  The hmp version limited to the most common use
cases, especially when it comes to sockets:  You can only specify port
(tcp) or path (unix) and qemu will create a listening socket.  For
example this ...

   (qemu) chardev_add foo socket 42

... will do the same as ...

   -chardev socket,id=foo,port=42,server,nowait

on the qemu command line.

The qmp version has full support for everything the -chardev command
line switch can handle.  The implementation is pretty straight
forward: It just puts all arguments it got into a QemuOpts, then goes
call qemu_chr_new_from_opts().

Signed-off-by: Gerd Hoffmann 
---
 hmp-commands.hx  |   32 
 hmp.c|   31 +++
 hmp.h|2 +
 qapi-schema.json |   39 ++
 qemu-char.c  |   50 +++-
 qemu-char.h  |2 +
 qmp-commands.hx  |   61 ++
 7 files changed, 216 insertions(+), 1 deletions(-)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index e0b537d..48504d1 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1404,6 +1404,38 @@ passed since 1970, i.e. unix epoch.
 ETEXI
 
 {
+.name   = "chardev_add",
+.args_type  = "args:s",
+.params = "args",
+.help   = "add chardev",
+.mhandler.cmd = hmp_chardev_add,
+},
+
+STEXI
+@item chardev_add args
+@findex chardev_add
+
+chardev_add accepts the same parameters as the -chardev command line switch.
+
+ETEXI
+
+{
+.name   = "chardev_del",
+.args_type  = "id:s",
+.params = "id",
+.help   = "del chardev",
+.mhandler.cmd = hmp_chardev_del,
+},
+
+STEXI
+@item chardev_del id
+@findex chardev_del
+
+Removes the chardev @var{id}.
+
+ETEXI
+
+{
 .name   = "info",
 .args_type  = "item:s?",
 .params = "[subcommand]",
diff --git a/hmp.c b/hmp.c
index 70bdec2..b494d05 100644
--- a/hmp.c
+++ b/hmp.c
@@ -1209,3 +1209,34 @@ void hmp_screen_dump(Monitor *mon, const QDict *qdict)
 qmp_screendump(filename, &err);
 hmp_handle_error(mon, &err);
 }
+
+void hmp_chardev_add(Monitor *mon, const QDict *qdict)
+{
+const char *args = qdict_get_str(qdict, "args");
+CharDriverState *chr;
+Error *err = NULL;
+QemuOpts *opts;
+
+opts = qemu_opts_parse(qemu_find_opts("chardev"), args, 1);
+if (opts == NULL) {
+error_setg(&err, "Parsing chardev args failed\n");
+goto out;
+}
+
+chr = qemu_chr_new_from_opts(opts, NULL);
+if (chr == NULL) {
+qemu_opts_del(opts);
+error_setg(&err, "Creating chardev failed\n");
+}
+
+out:
+hmp_handle_error(mon, &err);
+}
+
+void hmp_chardev_del(Monitor *mon, const QDict *qdict)
+{
+Error *err = NULL;
+qmp_chardev_del(qdict_get_str(qdict, "id"),
+&err);
+hmp_handle_error(mon, &err);
+}
diff --git a/hmp.h b/hmp.h
index 71ea384..080afaa 100644
--- a/hmp.h
+++ b/hmp.h
@@ -75,5 +75,7 @@ void hmp_getfd(Monitor *mon, const QDict *qdict);
 void hmp_closefd(Monitor *mon, const QDict *qdict);
 void hmp_send_key(Monitor *mon, const QDict *qdict);
 void hmp_screen_dump(Monitor *mon, const QDict *qdict);
+void hmp_chardev_add(Monitor *mon, const QDict *qdict);
+void hmp_chardev_del(Monitor *mon, const QDict *qdict);
 
 #endif
diff --git a/qapi-schema.json b/qapi-schema.json
index f9dbdae..550e4c7 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -2796,3 +2796,42 @@
 # Since: 0.14.0
 ##
 { 'command': 'screendump', 'data': {'filename': 'str'} }
+
+##
+# @chardev_add:
+#
+# Add a chardev
+#
+# @id: the chardev's ID, must be unique
+# @backend: the chardev backend: "file", "socket", ...
+# @path: file / device / unix socket path
+# @name: spice channel name
+# @host: host name
+# @port: port number
+# @server: create socket in server mode
+# @wait: wait for connect
+# @ipv4: force ipv4-only
+# @ipv6: force ipv6-only
+# @telnet: telnet negotiation
+#
+# Returns: Nothing on success
+#
+# Since: 1.3.0
+##
+{ 'command': 'chardev_add', 'data': {'id'  : 'str',
+ 'backend' : 'str',
+ '*props'  : '**' },
+  'gen': 'no' }
+
+##
+# @chardev_del:
+#
+# Remove a chardev
+#
+# @id: the chardev's ID, must exist and not be in use
+#
+# Returns: Nothing on success
+#
+# Since: 1.3.0
+##
+{ 'command': 'chardev_del', 'data': {'id': 'str'} }
diff --git a/qemu-char.c b/qemu-char.c
index b082bae..7bbc490 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -2805,6 +2805,7 @@ CharDriverState *qemu_chr_new_from_opts(QemuOpts *opts,
 chr->avail_connections = 1;
 }
 chr->la

[Qemu-devel] [PATCH 09/11] tcg: Remove TCG_TARGET_HAS_GUEST_BASE define

[riku . voipio]

From: Peter Maydell 

GUEST_BASE support is now supported by all TCG backends, and is
now mandatory. Drop the now-pointless TCG_TARGET_HAS_GUEST_BASE
define (set by every backend) and the error if it is unset.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Signed-off-by: Riku Voipio 
---
 tcg/arm/tcg-target.h   |2 --
 tcg/hppa/tcg-target.h  |2 --
 tcg/i386/tcg-target.h  |2 --
 tcg/ia64/tcg-target.h  |3 ---
 tcg/mips/tcg-target.h  |3 ---
 tcg/ppc/tcg-target.h   |2 --
 tcg/ppc64/tcg-target.h |1 -
 tcg/s390/tcg-target.h  |2 --
 tcg/sparc/tcg-target.h |2 --
 tcg/tcg.c  |4 
 tcg/tci/tcg-target.h   |3 ---
 11 files changed, 26 deletions(-)

diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index e2299ca..2bc7dff 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -75,8 +75,6 @@ typedef enum {
 #define TCG_TARGET_HAS_deposit_i32  0
 #define TCG_TARGET_HAS_movcond_i32  0
 
-#define TCG_TARGET_HAS_GUEST_BASE
-
 enum {
 TCG_AREG0 = TCG_REG_R6,
 };
diff --git a/tcg/hppa/tcg-target.h b/tcg/hppa/tcg-target.h
index 5351353..f43fb41 100644
--- a/tcg/hppa/tcg-target.h
+++ b/tcg/hppa/tcg-target.h
@@ -103,8 +103,6 @@ typedef enum {
 #define TCG_TARGET_HAS_ext8u_i320 /* and rd, rs, 0xff */
 #define TCG_TARGET_HAS_ext16u_i32   0 /* and rd, rs, 0x */
 
-#define TCG_TARGET_HAS_GUEST_BASE
-
 #define TCG_AREG0 TCG_REG_R17
 
 
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index ace63ba..dbc6756 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -125,8 +125,6 @@ typedef enum {
  ((ofs) == 0 && (len) == 16))
 #define TCG_TARGET_deposit_i64_validTCG_TARGET_deposit_i32_valid
 
-#define TCG_TARGET_HAS_GUEST_BASE
-
 #if TCG_TARGET_REG_BITS == 64
 # define TCG_AREG0 TCG_REG_R14
 #else
diff --git a/tcg/ia64/tcg-target.h b/tcg/ia64/tcg-target.h
index 368aee4..b7e01b2 100644
--- a/tcg/ia64/tcg-target.h
+++ b/tcg/ia64/tcg-target.h
@@ -144,9 +144,6 @@ typedef enum {
 
 #define TCG_AREG0 TCG_REG_R7
 
-/* Guest base is supported */
-#define TCG_TARGET_HAS_GUEST_BASE
-
 static inline void flush_icache_range(tcg_target_ulong start,
   tcg_target_ulong stop)
 {
diff --git a/tcg/mips/tcg-target.h b/tcg/mips/tcg-target.h
index 7020d65..65b5c59 100644
--- a/tcg/mips/tcg-target.h
+++ b/tcg/mips/tcg-target.h
@@ -116,9 +116,6 @@ typedef enum {
 
 #define TCG_AREG0 TCG_REG_S0
 
-/* guest base is supported */
-#define TCG_TARGET_HAS_GUEST_BASE
-
 #ifdef __OpenBSD__
 #include 
 #else
diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 3259d89..ad433ae 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -96,8 +96,6 @@ typedef enum {
 
 #define TCG_AREG0 TCG_REG_R27
 
-#define TCG_TARGET_HAS_GUEST_BASE
-
 #define tcg_qemu_tb_exec(env, tb_ptr) \
 ((long __attribute__ ((longcall)) \
   (*)(void *, void *))code_gen_prologue)(env, tb_ptr)
diff --git a/tcg/ppc64/tcg-target.h b/tcg/ppc64/tcg-target.h
index 57569e8..97fc5c9 100644
--- a/tcg/ppc64/tcg-target.h
+++ b/tcg/ppc64/tcg-target.h
@@ -108,5 +108,4 @@ typedef enum {
 
 #define TCG_AREG0 TCG_REG_R27
 
-#define TCG_TARGET_HAS_GUEST_BASE
 #define TCG_TARGET_EXTEND_ARGS 1
diff --git a/tcg/s390/tcg-target.h b/tcg/s390/tcg-target.h
index ed55c33..a0181ae 100644
--- a/tcg/s390/tcg-target.h
+++ b/tcg/s390/tcg-target.h
@@ -88,8 +88,6 @@ typedef enum TCGReg {
 #define TCG_TARGET_HAS_movcond_i64  0
 #endif
 
-#define TCG_TARGET_HAS_GUEST_BASE
-
 /* used for function call generation */
 #define TCG_REG_CALL_STACK TCG_REG_R15
 #define TCG_TARGET_STACK_ALIGN 8
diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc/tcg-target.h
index 6314ffb..4a17f1e 100644
--- a/tcg/sparc/tcg-target.h
+++ b/tcg/sparc/tcg-target.h
@@ -124,8 +124,6 @@ typedef enum {
 #define TCG_TARGET_HAS_movcond_i64  0
 #endif
 
-#define TCG_TARGET_HAS_GUEST_BASE
-
 #define TCG_AREG0 TCG_REG_I0
 
 static inline void flush_icache_range(tcg_target_ulong start,
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 32cd0c6..a171f78 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -62,10 +62,6 @@
 
 #include "elf.h"
 
-#if defined(CONFIG_USE_GUEST_BASE) && !defined(TCG_TARGET_HAS_GUEST_BASE)
-#error GUEST_BASE not supported on this host.
-#endif
-
 /* Forward declarations for functions declared in tcg-target.c and used here. 
*/
 static void tcg_target_init(TCGContext *s);
 static void tcg_target_qemu_prologue(TCGContext *s);
diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h
index 6d89495..37f28c0 100644
--- a/tcg/tci/tcg-target.h
+++ b/tcg/tci/tcg-target.h
@@ -102,9 +102,6 @@
 #define TCG_TARGET_HAS_movcond_i64  0
 #endif /* TCG_TARGET_REG_BITS == 64 */
 
-/* Offset to user memory in user mode. */
-#define TCG_TARGET_HAS_GUEST_BASE
-
 /* Number of registers available.
For 32 bit hosts, we need more than 8 registers (call arguments). */
 /* #define TCG_TARGET_NB_REGS 8 */
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH v2] chardev: add hotplug support.

[Gerd Hoffmann]

On 10/12/12 14:39, Gerd Hoffmann wrote:
> This patch adds chardev_add and chardev_del monitor commands.
> 
> chardev_del is pretty straight forward, it just takes an id argument and
> zaps the chardev specified.
> 
> chardev_add is more tricky as there are tons of arguments for the

Oops.  Ignore the commit message for now, it obviously needs to be
updated to reflect the changes, will fix for v3, awaiting code reviews
meanwhile.

cheers,
  Gerd

[Qemu-devel] [PATCH 04/11] linux-user: Implement gethostname

[riku . voipio]

From: Richard Henderson 

Reviewed-by: Peter Maydell 
Signed-off-by: Richard Henderson 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |   13 +
 1 file changed, 13 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 038aefe..89c74ad 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8868,6 +8868,19 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 break;
 }
 #endif
+#ifdef TARGET_NR_gethostname
+case TARGET_NR_gethostname:
+{
+char *name = lock_user(VERIFY_WRITE, arg1, arg2, 0);
+if (name) {
+ret = get_errno(gethostname(name, arg2));
+unlock_user(name, arg1, arg2);
+} else {
+ret = -TARGET_EFAULT;
+}
+break;
+}
+#endif
 default:
 unimplemented:
 gemu_log("qemu: Unsupported syscall: %d\n", num);
-- 
1.7.9.5

[Qemu-devel] [PATCH 11/11] linux-user: register align p{read, write}64

[riku . voipio]

From: Alexander Graf 

pread64 and pwrite64 pass 64bit parameters which for some architectures need
to be aligned to special argument pairs, creating a gap argument.

Handle this special case the same way we handle it in other places of the code.

Reported-by: Alex Barcelo 
Signed-off-by: Alexander Graf 
Tested-by: Alex Barcelo 
Reviewed-by: Peter Maydell 
Signed-off-by: Riku Voipio 
---
 linux-user/syscall.c |8 
 1 file changed, 8 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 3da8e51..14a6b32 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7467,12 +7467,20 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 #endif
 #ifdef TARGET_NR_pread64
 case TARGET_NR_pread64:
+if (regpairs_aligned(cpu_env)) {
+arg4 = arg5;
+arg5 = arg6;
+}
 if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
 goto efault;
 ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
 unlock_user(p, arg2, ret);
 break;
 case TARGET_NR_pwrite64:
+if (regpairs_aligned(cpu_env)) {
+arg4 = arg5;
+arg5 = arg6;
+}
 if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
 goto efault;
 ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
-- 
1.7.9.5

[Qemu-devel] [PATCH 05/11] alpha-linux-user: Fix sigaltstack structure definition

[riku . voipio]

From: Richard Henderson 

Signed-off-by: Richard Henderson 
Signed-off-by: Riku Voipio 
---
 linux-user/alpha/target_signal.h |7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/linux-user/alpha/target_signal.h b/linux-user/alpha/target_signal.h
index 94f15f6..d3822da 100644
--- a/linux-user/alpha/target_signal.h
+++ b/linux-user/alpha/target_signal.h
@@ -6,9 +6,10 @@
 /* this struct defines a stack used during syscall handling */
 
 typedef struct target_sigaltstack {
-   abi_ulong ss_sp;
-   abi_long ss_flags;
-   abi_ulong ss_size;
+abi_ulong ss_sp;
+int32_t ss_flags;
+int32_t dummy;
+abi_ulong ss_size;
 } target_stack_t;
 
 
-- 
1.7.9.5

[Qemu-devel] [PATCH 08/11] configure: Remove unnecessary host_guest_base code

[riku . voipio]

From: Peter Maydell 

All TCG hosts now support guest-base functionality, so we can
remove the setting of host_guest_base to 'yes' in every arm
of the case "$cpu" statement, and simply set guest_base to
default to 'yes'.

Signed-off-by: Peter Maydell 
Reviewed-by: Richard Henderson 
Signed-off-by: Riku Voipio 
---
 configure |   31 ++-
 1 file changed, 2 insertions(+), 29 deletions(-)

diff --git a/configure b/configure
index c4a7837..a6bdf9a 100755
--- a/configure
+++ b/configure
@@ -198,7 +198,7 @@ cocoa="no"
 softmmu="yes"
 linux_user="no"
 bsd_user="no"
-guest_base=""
+guest_base="yes"
 uname_release=""
 mixemu="no"
 aix="no"
@@ -867,63 +867,36 @@ for opt do
   esac
 done
 
-host_guest_base="no"
 case "$cpu" in
 sparc)
LDFLAGS="-m32 $LDFLAGS"
QEMU_CFLAGS="-m32 -mcpu=ultrasparc $QEMU_CFLAGS"
-   host_guest_base="yes"
;;
 sparc64)
LDFLAGS="-m64 $LDFLAGS"
QEMU_CFLAGS="-m64 -mcpu=ultrasparc $QEMU_CFLAGS"
-   host_guest_base="yes"
;;
 s390)
QEMU_CFLAGS="-m31 -march=z990 $QEMU_CFLAGS"
LDFLAGS="-m31 $LDFLAGS"
-   host_guest_base="yes"
;;
 s390x)
QEMU_CFLAGS="-m64 -march=z990 $QEMU_CFLAGS"
LDFLAGS="-m64 $LDFLAGS"
-   host_guest_base="yes"
;;
 i386)
QEMU_CFLAGS="-m32 $QEMU_CFLAGS"
LDFLAGS="-m32 $LDFLAGS"
cc_i386='$(CC) -m32'
-   host_guest_base="yes"
;;
 x86_64)
QEMU_CFLAGS="-m64 $QEMU_CFLAGS"
LDFLAGS="-m64 $LDFLAGS"
cc_i386='$(CC) -m32'
-   host_guest_base="yes"
-   ;;
-arm*)
-   host_guest_base="yes"
-   ;;
-ppc*)
-   host_guest_base="yes"
-   ;;
-mips*)
-   host_guest_base="yes"
-   ;;
-ia64*)
-   host_guest_base="yes"
-   ;;
-hppa*)
-   host_guest_base="yes"
-   ;;
-unicore32*)
-   host_guest_base="yes"
;;
+# No special flags required for other host CPUs
 esac
 
-[ -z "$guest_base" ] && guest_base="$host_guest_base"
-
-
 default_target_list=""
 
 # these targets are portable
-- 
1.7.9.5

[Qemu-devel] [PATCH 07/11] linux-user: If loading fails, print error as string, not number

[riku . voipio]

From: Peter Maydell 

If the attempt to load the guest executable fails, print the
error message as a string, not a number. This requires us to
fix a couple of places in loader_exec() where we were returning
-1 instead of a valid negative errno.

The change allows us to drop the "Unknown binary format" message
because the strerror-enhanced message is now a more self-explanatory
"Error while loading $guest-binary: Exec format error".

Signed-off-by: Peter Maydell 
Signed-off-by: Riku Voipio 
---
 linux-user/linuxload.c |8 
 linux-user/main.c  |2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/linux-user/linuxload.c b/linux-user/linuxload.c
index b47025f..381ab89 100644
--- a/linux-user/linuxload.c
+++ b/linux-user/linuxload.c
@@ -140,8 +140,9 @@ int loader_exec(const char * filename, char ** argv, char 
** envp,
 bprm->p = TARGET_PAGE_SIZE*MAX_ARG_PAGES-sizeof(unsigned int);
 memset(bprm->page, 0, sizeof(bprm->page));
 retval = open(filename, O_RDONLY);
-if (retval < 0)
-return retval;
+if (retval < 0) {
+return -errno;
+}
 bprm->fd = retval;
 bprm->filename = (char *)filename;
 bprm->argc = count(argv);
@@ -165,8 +166,7 @@ int loader_exec(const char * filename, char ** argv, char 
** envp,
 retval = load_flt_binary(bprm,regs,infop);
 #endif
 } else {
-fprintf(stderr, "Unknown binary format\n");
-return -1;
+return -ENOEXEC;
 }
 }
 
diff --git a/linux-user/main.c b/linux-user/main.c
index 9f3476b..bcaadb6 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -3569,7 +3569,7 @@ int main(int argc, char **argv, char **envp)
 ret = loader_exec(filename, target_argv, target_environ, regs,
 info, &bprm);
 if (ret != 0) {
-printf("Error %d while loading %s\n", ret, filename);
+printf("Error while loading %s: %s\n", filename, strerror(-ret));
 _exit(1);
 }
 
-- 
1.7.9.5

[Qemu-devel] [PATCH 00/11] Pending Linux-user patches

[riku . voipio]

From: Riku Voipio 

The following changes since commit b4ae3cfa57b8c1bdbbd7b7d420971e9171203ade:

  ssi: Add slave autoconnect helper (2012-10-10 11:13:32 +1000)

are available in the git repository at:

  git://git.linaro.org/people/rikuvoipio/qemu.git linux-user-for-upstream

for you to fetch changes up to ae017a5b95962f68ece21065376cd3266998fd02:

  linux-user: register align p{read, write}64 (2012-10-12 14:42:52 +0300)

Alexander Graf (4):
  linux-user: fix statfs
  linux-user: fix multi-threaded /proc/self/maps
  linux-user: ppc: mark as long long aligned
  linux-user: register align p{read, write}64

Peter Maydell (3):
  linux-user: If loading fails, print error as string, not number
  configure: Remove unnecessary host_guest_base code
  tcg: Remove TCG_TARGET_HAS_GUEST_BASE define

Richard Henderson (4):
  linux-user: Perform more checks on iovec lists
  linux-user: Implement gethostname
  alpha-linux-user: Fix sigaltstack structure definition
  linux-user: Fix siginfo handling

 configure|   31 +-
 linux-user/alpha/target_signal.h |7 +-
 linux-user/linuxload.c   |8 +-
 linux-user/main.c|2 +-
 linux-user/qemu.h|3 +
 linux-user/signal.c  |   59 +++
 linux-user/syscall.c |  200 ++
 tcg/arm/tcg-target.h |2 -
 tcg/hppa/tcg-target.h|2 -
 tcg/i386/tcg-target.h|2 -
 tcg/ia64/tcg-target.h|3 -
 tcg/mips/tcg-target.h|3 -
 tcg/ppc/tcg-target.h |2 -
 tcg/ppc64/tcg-target.h   |1 -
 tcg/s390/tcg-target.h|2 -
 tcg/sparc/tcg-target.h   |2 -
 tcg/tcg.c|4 -
 tcg/tci/tcg-target.h |3 -
 18 files changed, 190 insertions(+), 146 deletions(-)

-- 
1.7.9.5

Re: [Qemu-devel] [PATCH] isapc: Shadow ISA BIOS by default

[Anthony Liguori]

Jan Kiszka  writes:

> On 2012-10-08 20:52, Anthony Liguori wrote:
>> Jan Kiszka  writes:
>> 
>>> On 2012-09-11 17:53, Jan Kiszka wrote:
 Our one and only BIOS depends on a writable shadowed BIOS in the ISA
 range. As we have no interface to control the write property, make that
 region writable by default.

 Signed-off-by: Jan Kiszka 
 ---

 This unbreaks isapc for TCG, and keep it working for KVM once it starts
 supporting read-only memslots.

  hw/pc_sysfw.c |   13 +
  1 files changed, 9 insertions(+), 4 deletions(-)

 diff --git a/hw/pc_sysfw.c b/hw/pc_sysfw.c
 index b45f0ac..027d98a 100644
 --- a/hw/pc_sysfw.c
 +++ b/hw/pc_sysfw.c
 @@ -136,6 +136,7 @@ static void old_pc_system_rom_init(MemoryRegion 
 *rom_memory)
  {
  char *filename;
  MemoryRegion *bios, *isa_bios;
 +void *isa_bios_ptr;
  int bios_size, isa_bios_size;
  int ret;
  
 @@ -167,19 +168,23 @@ static void old_pc_system_rom_init(MemoryRegion 
 *rom_memory)
  g_free(filename);
  }
  
 -/* map the last 128KB of the BIOS in ISA space */
 +/* Shadow the last 128KB of the BIOS in ISA space as RAM -
 + * Seabios depends on this */
  isa_bios_size = bios_size;
  if (isa_bios_size > (128 * 1024)) {
  isa_bios_size = 128 * 1024;
  }
  isa_bios = g_malloc(sizeof(*isa_bios));
 -memory_region_init_alias(isa_bios, "isa-bios", bios,
 - bios_size - isa_bios_size, isa_bios_size);
 +memory_region_init_ram(isa_bios, "isa-bios", isa_bios_size);
 +vmstate_register_ram_global(isa_bios);
  memory_region_add_subregion_overlap(rom_memory,
  0x10 - isa_bios_size,
  isa_bios,
  1);
 -memory_region_set_readonly(isa_bios, true);
 +
 +/* copy ISA rom image from top of the ROM */
 +isa_bios_ptr = memory_region_get_ram_ptr(isa_bios);
 +rom_copy(isa_bios_ptr, (uint32_t)(-isa_bios_size), isa_bios_size);
  
  /* map all the bios at the top of memory */
  memory_region_add_subregion(rom_memory,

>>>
>>> Ping. Or already queued?
>> 
>> I've got it queued now.  Thanks.
>
> I'm withdrawing it: This breaks Windows 95 booting. For unknown reasons,
> this nice OS decided to overwrite the F-segment during boot. That is
> fine as long as it is properly protected. But it breaks under current
> KVM and with the patch above for the isapc. So we need a firmware
> interface to enable/disable write protection for this segment in isapc
> mode, specifically as that machine targets these old OSes.

Ah, if it wasn't for a build break caused by one of the pull requests, I
would have pushed last night.  Thanks for the heads up, I'll remove it
from my queue.

Is fw_cfg the right interface?  I presume this is i440fx specific?  How
does q35 handle this?  Presumably there's a second window for the BIOS
mapping.  There's got to be some way to do shadowing of it I would
think.

Regards,

Anthony Liguori

>
> Jan
>
> -- 
> Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
> Corporate Competence Center Embedded Linux

[Qemu-devel] [PATCH] linux-user: Merge pread/pwrite into pread64/pwrite64

[Peter Maydell]

The Linux syscalls underlying pread() and pwrite() take a 64 bit
offset on all architectures, even if some of them name the syscall
"pread/pwrite" rather than "pread64/pwrite64" for historical reasons.
So move the four QEMU target architectures (arm, i386, sparc,
unicore32) which were defining TARGET_NR_pread/pwrite to define
TARGET_NR_pread64/pwrite64 instead, and drop the TARGET_NR_pread/pwrite
implementation code completely.

(Based on examination of the kernel sources for the four architectures
this patch affects.)

Signed-off-by: Peter Maydell 
---
This patch applies on top of Riku's latest pull-request branch.
Tested with http://dslinux.gits.kiev.ua/trunk/uClibc/test/unistd/preadwrite.c
(though that doesn't try to test large offsets).

 linux-user/arm/syscall_nr.h   |4 ++--
 linux-user/i386/syscall_nr.h  |4 ++--
 linux-user/sparc/syscall_nr.h |4 ++--
 linux-user/strace.list|6 --
 linux-user/syscall.c  |   18 --
 linux-user/unicore32/syscall_nr.h |4 ++--
 6 files changed, 8 insertions(+), 32 deletions(-)

diff --git a/linux-user/arm/syscall_nr.h b/linux-user/arm/syscall_nr.h
index 5356395..42d6855 100644
--- a/linux-user/arm/syscall_nr.h
+++ b/linux-user/arm/syscall_nr.h
@@ -182,8 +182,8 @@
 #define TARGET_NR_rt_sigtimedwait  (177)
 #define TARGET_NR_rt_sigqueueinfo  (178)
 #define TARGET_NR_rt_sigsuspend(179)
-#define TARGET_NR_pread(180)
-#define TARGET_NR_pwrite   (181)
+#define TARGET_NR_pread64   (180)
+#define TARGET_NR_pwrite64  (181)
 #define TARGET_NR_chown(182)
 #define TARGET_NR_getcwd   (183)
 #define TARGET_NR_capget   (184)
diff --git a/linux-user/i386/syscall_nr.h b/linux-user/i386/syscall_nr.h
index 74abfca..f080305 100644
--- a/linux-user/i386/syscall_nr.h
+++ b/linux-user/i386/syscall_nr.h
@@ -182,8 +182,8 @@
 #define TARGET_NR_rt_sigtimedwait  177
 #define TARGET_NR_rt_sigqueueinfo  178
 #define TARGET_NR_rt_sigsuspend179
-#define TARGET_NR_pread180
-#define TARGET_NR_pwrite   181
+#define TARGET_NR_pread64   180
+#define TARGET_NR_pwrite64  181
 #define TARGET_NR_chown182
 #define TARGET_NR_getcwd   183
 #define TARGET_NR_capget   184
diff --git a/linux-user/sparc/syscall_nr.h b/linux-user/sparc/syscall_nr.h
index f201f9f..061711c 100644
--- a/linux-user/sparc/syscall_nr.h
+++ b/linux-user/sparc/syscall_nr.h
@@ -62,8 +62,8 @@
 #define TARGET_NR_getpagesize 64 /* Common 
 */
 #define TARGET_NR_msync   65 /* Common in newer 1.3.x revs...  
 */
 #define TARGET_NR_vfork   66 /* Common 
 */
-#define TARGET_NR_pread   67 /* Linux Specific 
 */
-#define TARGET_NR_pwrite  68 /* Linux Specific 
 */
+#define TARGET_NR_pread64 67 /* Linux Specific */
+#define TARGET_NR_pwrite6468 /* Linux Specific */
 #define TARGET_NR_geteuid32   69 /* Linux sparc32, sbrk under SunOS
 */
 #define TARGET_NR_getegid32   70 /* Linux sparc32, sstk under SunOS
 */
 #define TARGET_NR_mmap71 /* Common 
 */
diff --git a/linux-user/strace.list b/linux-user/strace.list
index af3c6a0..08f115d 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -972,9 +972,6 @@
 #ifdef TARGET_NR_prctl
 { TARGET_NR_prctl, "prctl" , NULL, NULL, NULL },
 #endif
-#ifdef TARGET_NR_pread
-{ TARGET_NR_pread, "pread" , NULL, NULL, NULL },
-#endif
 #ifdef TARGET_NR_pread64
 { TARGET_NR_pread64, "pread64" , NULL, NULL, NULL },
 #endif
@@ -993,9 +990,6 @@
 #ifdef TARGET_NR_putpmsg
 { TARGET_NR_putpmsg, "putpmsg" , NULL, NULL, NULL },
 #endif
-#ifdef TARGET_NR_pwrite
-{ TARGET_NR_pwrite, "pwrite" , NULL, NULL, NULL },
-#endif
 #ifdef TARGET_NR_pwrite64
 { TARGET_NR_pwrite64, "pwrite64" , NULL, NULL, NULL },
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 14a6b32..a02a182 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7447,24 +7447,6 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 goto unimplemented;
 #endif
 #endif
-#ifdef TARGET_NR_pread
-case TARGET_NR_pread:
-if (regpairs_aligned(cpu_env))
-arg4 = arg5;
-if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
-goto efault;
-ret = get_errno(pread(arg1, p, arg3, arg4));
-unlock_user(p, arg2, ret);
-break;
-case TARGET_NR_pwrite:
-if (regpairs_aligned(cpu_env))
-arg4 = arg5;
-if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
-goto efault;
-   

Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command

[Eric Blake]

On 10/12/2012 08:09 AM, Stefan Hajnoczi wrote:
> The qemu-img info --backing-chain option enumerates the backing file
> chain.  For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the
> output becomes:
> 
>   $ qemu-img info --backing-chain snap2.qcow2
>   image: snap2.qcow2
>   file format: qcow2
>   virtual size: 100M (104857600 bytes)
>   disk size: 196K
>   cluster_size: 65536
>   backing file: snap1.qcow2
>   backing file format: qcow2
> 
>   image: snap1.qcow2
>   file format: qcow2
>   virtual size: 100M (104857600 bytes)
>   disk size: 196K
>   cluster_size: 65536
>   backing file: base.qcow2
>   backing file format: qcow2
> 
>   image: base.qcow2
>   file format: qcow2
>   virtual size: 100M (104857600 bytes)
>   disk size: 136K
>   cluster_size: 65536
> 
> Signed-off-by: Stefan Hajnoczi 

Very useful.

Reviewed-by: Eric Blake 

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command

[Eric Blake]

On 10/12/2012 08:09 AM, Stefan Hajnoczi wrote:
> The qemu-img info --backing-chain option enumerates the backing file
> chain.  For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the
> output becomes:
> 

> +do {
> +bs = bdrv_new_open(filename, fmt, BDRV_O_FLAGS | BDRV_O_NO_BACKING,
> +   false);
> +if (!bs) {
> +goto err;
> +}

> +} while (filename);

Eww - infinite loop if presented with malicious data where someone has
used 'qemu-img rebase -u' to create a cycle.  I think you need a
followup patch that hashes which files have been opened to date, and
abort the loop once a cycle is detected.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command

[Kevin Wolf]

Am 12.10.2012 16:24, schrieb Eric Blake:
> On 10/12/2012 08:09 AM, Stefan Hajnoczi wrote:
>> The qemu-img info --backing-chain option enumerates the backing file
>> chain.  For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the
>> output becomes:
>>
> 
>> +do {
>> +bs = bdrv_new_open(filename, fmt, BDRV_O_FLAGS | BDRV_O_NO_BACKING,
>> +   false);
>> +if (!bs) {
>> +goto err;
>> +}
> 
>> +} while (filename);
> 
> Eww - infinite loop if presented with malicious data where someone has
> used 'qemu-img rebase -u' to create a cycle.  I think you need a
> followup patch that hashes which files have been opened to date, and
> abort the loop once a cycle is detected.

That would already cause problems in bdrv_open(), so I'd consider it a
separate bug. We should fail gracefully when trying to open such an
image. Once it's open, other code can trust that the chain makes sense.

Kevin

Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command

[Eric Blake]

On 10/12/2012 08:27 AM, Kevin Wolf wrote:
> Am 12.10.2012 16:24, schrieb Eric Blake:
>> On 10/12/2012 08:09 AM, Stefan Hajnoczi wrote:
>>> The qemu-img info --backing-chain option enumerates the backing file
>>> chain.  For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the
>>> output becomes:
>>>
>>
>>> +do {
>>> +bs = bdrv_new_open(filename, fmt, BDRV_O_FLAGS | BDRV_O_NO_BACKING,
>>> +   false);
>>> +if (!bs) {
>>> +goto err;
>>> +}
>>
>>> +} while (filename);
>>
>> Eww - infinite loop if presented with malicious data where someone has
>> used 'qemu-img rebase -u' to create a cycle.  I think you need a
>> followup patch that hashes which files have been opened to date, and
>> abort the loop once a cycle is detected.
> 
> That would already cause problems in bdrv_open(), so I'd consider it a
> separate bug. We should fail gracefully when trying to open such an
> image. Once it's open, other code can trust that the chain makes sense.

Hmm.  For 'qemu-img info', I can see two behaviors, both useful, when
presented with a corrupt image.  One is to error out right away (because
qemu would be unable to use the image).  But the other is for debugging
WHY the image is corrupt, at which point I want qemu-img info to display
as much information as possible, INCLUDING what backing file is recorded
in the header, so that I can follow the loop and decide where to break
the loop.  Sounds like we might need another flag to bdrv_open() on
whether to detect cycles; as well as fixing qemu-img info to check for
cycles on its own when it bypasses normal cycle-checking in bdrv_open.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command

[Kevin Wolf]

Am 12.10.2012 16:32, schrieb Eric Blake:
> On 10/12/2012 08:27 AM, Kevin Wolf wrote:
>> Am 12.10.2012 16:24, schrieb Eric Blake:
>>> On 10/12/2012 08:09 AM, Stefan Hajnoczi wrote:
 The qemu-img info --backing-chain option enumerates the backing file
 chain.  For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the
 output becomes:

>>>
 +do {
 +bs = bdrv_new_open(filename, fmt, BDRV_O_FLAGS | 
 BDRV_O_NO_BACKING,
 +   false);
 +if (!bs) {
 +goto err;
 +}
>>>
 +} while (filename);
>>>
>>> Eww - infinite loop if presented with malicious data where someone has
>>> used 'qemu-img rebase -u' to create a cycle.  I think you need a
>>> followup patch that hashes which files have been opened to date, and
>>> abort the loop once a cycle is detected.
>>
>> That would already cause problems in bdrv_open(), so I'd consider it a
>> separate bug. We should fail gracefully when trying to open such an
>> image. Once it's open, other code can trust that the chain makes sense.
> 
> Hmm.  For 'qemu-img info', I can see two behaviors, both useful, when
> presented with a corrupt image.  One is to error out right away (because
> qemu would be unable to use the image).  But the other is for debugging
> WHY the image is corrupt, at which point I want qemu-img info to display
> as much information as possible, INCLUDING what backing file is recorded
> in the header, so that I can follow the loop and decide where to break
> the loop.  Sounds like we might need another flag to bdrv_open() on
> whether to detect cycles; as well as fixing qemu-img info to check for
> cycles on its own when it bypasses normal cycle-checking in bdrv_open.

Makes sense. Though I think BDRV_O_NO_BACKING is enough to implement
this functionality in qemu-img. We'd just have to have an error code
that allows qemu-img to check if we detected a loop so that it can start
searching the broken image.

Kevin

Re: [Qemu-devel] [PATCH 4/6] linux-user: Rewrite __get_user/__put_user with __builtin_choose_expr

[Richard Henderson]

On 10/12/2012 04:10 AM, Riku Voipio wrote:
> Since changing __get_user/__put_user impacts more than just sigaction,
> do you mind if we put this patch (and thus sigaction change as well)
> to a later pull request?

Certainly.


r~

Re: [Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command

[Eric Blake]

On 10/12/2012 08:38 AM, Kevin Wolf wrote:
>> Hmm.  For 'qemu-img info', I can see two behaviors, both useful, when
>> presented with a corrupt image.  One is to error out right away (because
>> qemu would be unable to use the image).  But the other is for debugging
>> WHY the image is corrupt, at which point I want qemu-img info to display
>> as much information as possible, INCLUDING what backing file is recorded
>> in the header, so that I can follow the loop and decide where to break
>> the loop.  Sounds like we might need another flag to bdrv_open() on
>> whether to detect cycles; as well as fixing qemu-img info to check for
>> cycles on its own when it bypasses normal cycle-checking in bdrv_open.
> 
> Makes sense. Though I think BDRV_O_NO_BACKING is enough to implement
> this functionality in qemu-img. We'd just have to have an error code
> that allows qemu-img to check if we detected a loop so that it can start
> searching the broken image.

Indeed - BDRV_O_NO_BACKING seems to be the flag that prevents bdrv_open
from failing on a cycle, so the logic would be something like:

Try a normal bdrv_open()
if it succeeds
   image is fine, so recursively print it
else if error indicated a loop
   init hash table
   while (1)
   if file in hash table
   break, since we identified the loop
   bdrv_open(BDRV_O_NO_BACKING)
   print this file, then add it to the hash table
   file = backing

At any rate, adding this logic should be a separate patch, and not hold
up Stefan's current patch.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] qemu-img: Add --backing-chain option to info command

[Stefan Hajnoczi]

The qemu-img info --backing-chain option enumerates the backing file
chain.  For example, for base.qcow2 <- snap1.qcow2 <- snap2.qcow2 the
output becomes:

  $ qemu-img info --backing-chain snap2.qcow2
  image: snap2.qcow2
  file format: qcow2
  virtual size: 100M (104857600 bytes)
  disk size: 196K
  cluster_size: 65536
  backing file: snap1.qcow2
  backing file format: qcow2

  image: snap1.qcow2
  file format: qcow2
  virtual size: 100M (104857600 bytes)
  disk size: 196K
  cluster_size: 65536
  backing file: base.qcow2
  backing file format: qcow2

  image: base.qcow2
  file format: qcow2
  virtual size: 100M (104857600 bytes)
  disk size: 136K
  cluster_size: 65536

Signed-off-by: Stefan Hajnoczi 
---
 qemu-img.c | 98 --
 1 file changed, 76 insertions(+), 22 deletions(-)

diff --git a/qemu-img.c b/qemu-img.c
index f17f187..c717f3e 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1249,7 +1249,10 @@ static void dump_human_image_info(ImageInfo *info)
 }
 }
 
-enum {OPTION_OUTPUT = 256};
+enum {
+OPTION_OUTPUT = 256,
+OPTION_BACKING_CHAIN = 257,
+};
 
 typedef enum OutputFormat {
 OFORMAT_JSON,
@@ -1260,7 +1263,9 @@ static int img_info(int argc, char **argv)
 {
 int c;
 OutputFormat output_format = OFORMAT_HUMAN;
-const char *filename, *fmt, *output;
+bool chain = false;
+const char *output;
+char *filename, *fmt;
 BlockDriverState *bs;
 ImageInfo *info;
 
@@ -1272,6 +1277,7 @@ static int img_info(int argc, char **argv)
 {"help", no_argument, 0, 'h'},
 {"format", required_argument, 0, 'f'},
 {"output", required_argument, 0, OPTION_OUTPUT},
+{"backing-chain", no_argument, 0, OPTION_BACKING_CHAIN},
 {0, 0, 0, 0}
 };
 c = getopt_long(argc, argv, "f:h",
@@ -1285,17 +1291,20 @@ static int img_info(int argc, char **argv)
 help();
 break;
 case 'f':
-fmt = optarg;
+fmt = g_strdup(optarg);
 break;
 case OPTION_OUTPUT:
 output = optarg;
 break;
+case OPTION_BACKING_CHAIN:
+chain = true;
+break;
 }
 }
 if (optind >= argc) {
 help();
 }
-filename = argv[optind++];
+filename = g_strdup(argv[optind++]);
 
 if (output && !strcmp(output, "json")) {
 output_format = OFORMAT_JSON;
@@ -1303,31 +1312,76 @@ static int img_info(int argc, char **argv)
 output_format = OFORMAT_HUMAN;
 } else if (output) {
 error_report("--output must be used with human or json as argument.");
-return 1;
+goto err;
 }
 
-bs = bdrv_new_open(filename, fmt, BDRV_O_FLAGS | BDRV_O_NO_BACKING, false);
-if (!bs) {
-return 1;
+if (chain && output_format == OFORMAT_JSON) {
+printf("[\n");
 }
 
-info = g_new0(ImageInfo, 1);
-collect_image_info(bs, info, filename, fmt);
+do {
+bs = bdrv_new_open(filename, fmt, BDRV_O_FLAGS | BDRV_O_NO_BACKING,
+   false);
+if (!bs) {
+goto err;
+}
 
-switch (output_format) {
-case OFORMAT_HUMAN:
-dump_human_image_info(info);
-dump_snapshots(bs);
-break;
-case OFORMAT_JSON:
-collect_snapshots(bs, info);
-dump_json_image_info(info);
-break;
-}
+info = g_new0(ImageInfo, 1);
+collect_image_info(bs, info, filename, fmt);
 
-qapi_free_ImageInfo(info);
-bdrv_delete(bs);
+switch (output_format) {
+case OFORMAT_HUMAN:
+dump_human_image_info(info);
+dump_snapshots(bs);
+break;
+case OFORMAT_JSON:
+collect_snapshots(bs, info);
+dump_json_image_info(info);
+break;
+}
+
+g_free(filename);
+g_free(fmt);
+filename = NULL;
+fmt = NULL;
+
+if (chain) {
+if (info->has_full_backing_filename) {
+filename = g_strdup(info->full_backing_filename);
+} else if (info->has_backing_filename) {
+filename = g_strdup(info->backing_filename);
+}
+
+if (filename && info->has_backing_filename_format) {
+fmt = g_strdup(info->backing_filename_format);
+}
+
+/* Print delimiters between items */
+if (filename) {
+switch (output_format) {
+case OFORMAT_HUMAN:
+printf("\n");
+break;
+case OFORMAT_JSON:
+printf(",\n");
+break;
+}
+}
+}
+
+qapi_free_ImageInfo(info);
+bdrv_delete(bs);
+} while (filename);
+
+if (chain && output_format == OFORMAT_JSON) {
+printf("]\n");
+}
 return 0;
+
+err:
+g_free(filename);

Re: [Qemu-devel] [PATCH v2 21/21] q35: add acpi-based pci hotplug.

[Jason Baron]

On Thu, Oct 11, 2012 at 10:40:04PM +0200, Michael S. Tsirkin wrote:
> > Windows and Linux guests seem fine with either layout. Slots 1-2 are
> > specific to my setup. So this is a pretty minimal set.
> 
> I guess we can remove the PCI bridge too?
> 

maybe. Perhaps, we can have a very basic set of devices, and have easy
ways to specify various default setups, as I've suggested in a separate
mail.

> One interesting side effect here is that there are less free pci slots
> on root bus now.  I guess at minimum management needs to be taught about
> this, and I'm not sure how.
> 
> > I think that providing the minimal set of devices is good, since it
> > allows the user to configure things as much as possible. So I am in
> > favor of this more minimal set. My only hesitation is that we pull out,
> > or that I have not included some important piece h/w at a specific slot
> > that a guest might need. Thus potentially breaking existing setups.
> > Perhaps, that might mean a new machine type in the future, if we've
> > messed up?
> 
> Yes, that's one solution.
> 
> > These devices and slots are pulled from the Intel docs on ICH9 and Q35
> > specs. See:
> > 
> > http://www.intel.com/content/www/us/en/io/io-controller-hub-9-datasheet.html
> > 
> > Perhaps, Yamahata can comment further on the specific set of bridges?
> > 
> > > It would also be nice to add comments explaining why
> > > specific slots were selected e.g. /* BSD XYZ fails to boot unless ahci is 
> > > at alow 2 */
> > > etc.
> > 
> > Right, its basically just pulled from the Intel spec as mentioned above.
> > 
> > > 
> > > Also - will adding this code now mean that when adding bridges
> > > we'll need to add compatibility code in bios/qemu in the future?
> > > 
> > 
> > I don't think so, but maybe you can elaborate this concern more
> > specifically?
> > 
> > Thanks,
> > 
> > -Jason
> 
> Just this: can same bios work on this interface and the one
> you intend for hotplug behind bridge? Or will we need to version
> interface?
> 

hmm...I wasn't aware of this contraint. Since we control the version of
SeaBIOS in qemu, is this really a problem? And it was suggested that
qemu is the only consumer of the acpi tables.

The current hotplug code doesn't seem to be versioned. Has this caused
problems?

In terms of the interface itself, yes, I think ideally it would be
changed.

Thanks,

-Jason

Re: [Qemu-devel] fixing qemu-0.1X endless loop in qcow2_alloc_cluster_offset

[Andreas Färber]

Am 12.06.2012 15:44, schrieb Kevin Wolf:
> Am 12.06.2012 15:33, schrieb Andreas Färber:
>> Am 14.05.2012 14:20, schrieb Kevin Wolf:
>>> Am 13.05.2012 10:03, schrieb Zhouyi Zhou:
 hi all
   
   sometimes, qemu/kvm-0.1x will hang in endless loop in 
 qcow2_alloc_cluster_offset.
   after some investigation, I found that:
   in function posix_aio_process_queue(void *opaque)
 440 ret = qemu_paio_error(acb);
 441 if (ret == ECANCELED) {
 442 /* remove the request */
 443 *pacb = acb->next;
 444 qemu_aio_release(acb);
 445 result = 1;
 446 } else if (ret != EINPROGRESS) {
   in line 444 acb got released but acb->common.opaque does not.
 which will be released via guest OS via ide_dma_cancel which 
 will in term call qcow_aio_cancel which does not check its argument
 is in flight list or not.
   The fix is as follows: (debian 6's qemu-kvm-0.12.5)
 ###
 --- block/qcow2.h~  2010-07-27 08:43:53.0 +0800
 +++ block/qcow2.h   2012-05-13 15:51:39.0 +0800
 @@ -143,6 +143,7 @@
  QLIST_HEAD(QCowAioDependencies, QCowAIOCB) dependent_requests;
  
  QLIST_ENTRY(QCowL2Meta) next_in_flight;
 +int inflight;   
  } QCowL2Meta;
 --- block/qcow2.c~  2012-05-13 15:57:09.0 +0800
 +++ block/qcow2.c   2012-05-13 15:57:24.0 +0800
 @@ -349,6 +349,10 @@
  QCowAIOCB *acb = (QCowAIOCB *)blockacb;
  if (acb->hd_aiocb)
  bdrv_aio_cancel(acb->hd_aiocb);
 +if (acb->l2meta.inflight) {
 +QLIST_REMOVE(&acb->l2meta, next_in_flight);
 +   acb->l2meta.inflight = 0;
 +}
  qemu_aio_release(acb);
  }
  
 @@ -506,6 +510,7 @@
  acb->n = 0;
  acb->cluster_offset = 0;
  acb->l2meta.nb_clusters = 0;
 +acb->l2meta.inflight = 0;
  QLIST_INIT(&acb->l2meta.dependent_requests);
  return acb;
  }
 @@ -534,6 +539,7 @@
  /* Take the request off the list of running requests */
  if (m->nb_clusters != 0) {
  QLIST_REMOVE(m, next_in_flight);
 +   m->inflight = 0;
  }
  
  /*
 @@ -632,6 +638,7 @@
  fail:
  if (acb->l2meta.nb_clusters != 0) {
  QLIST_REMOVE(&acb->l2meta, next_in_flight);
 +   acb->l2meta.inflight  = 0;
  }
  done:
  if (acb->qiov->niov > 1)
 --- block/qcow2-cluster.c~  2010-07-27 08:43:53.0 +0800
 +++ block/qcow2-cluster.c   2012-05-13 15:53:53.0 +0800
 @@ -827,6 +827,7 @@
  m->offset = offset;
  m->n_start = n_start;
  m->nb_clusters = nb_clusters;
 +m->inflight = 1;
  
  out:
  m->nb_available = MIN(nb_clusters << (s->cluster_bits - 9), n_end);

  Thanks for investigation
 Zhouyi
>>>
>>> The patch looks reasonable to me. Note however that while it fixes the
>>> hang, it still causes cluster leaks. I'm not sure if someone is
>>> interested in picking these up for old stable releases. Andreas, I think
>>> you were going to take 0.15? The first version that doesn't have the
>>> problem is 1.0.
>>
>> Kevin, the policy as I understood it is to cherry-pick patches from
>> qemu.git into qemu-stable-x.y.git. So I don't think me applying this
>> patch to stable-0.15 would be right. I don't spot a particular qcow2 fix
>> among our 0.15 backports that I have now pushed. Do you have a pointer
>> which one(s) would fix this issue so that I can recheck?
> 
> It's "fixed" as a side effect of the block layer conversion to
> coroutines. Not exactly the kind of patches you'd want to cherry-pick
> for stable-0.15.
> 
> The better fix for 0.15 could be to backport the new behaviour of
> coroutine based requests with bdrv_aio_cancel:
> 
> static void bdrv_aio_co_cancel_em(BlockDriverAIOCB *blockacb)
> {
> qemu_aio_flush();
> }
> 
> Using that as the implementation for qcow2_aio_cancel should be safe and
> fix this problem.

Kevin, I have stable-0.15 in a state where I'm about to tag 0.15.2 now.
The original patch does not have a Signed-off-by nor your Acked-by, so I
can't apply it as-is. stable-0.15 does not have coroutines, so I don't
understand what exactly you're suggesting as alternative here: Backport
the whole coroutine feature including coroutine function above? Or just
call qemu_aio_flush() in place of what? This is old qcow2_aio_cancel():

static BlockDriverAIOCB *qcow2_aio_flush(BlockDriverState *bs,
 BlockDriverCompletionFunc *cb,
 void *opaque)
{
BDRVQcowState *s = bs->opaque;
int ret;

ret = qcow2_cache_flush(bs, s->l2_table_cache);
if (ret < 0) {
return NULL;
}

ret = qcow2_cache_flush(bs, s->re

Re: [Qemu-devel] [PATCH] isapc: Shadow ISA BIOS by default

[Jan Kiszka]

On 2012-10-12 15:41, Anthony Liguori wrote:
> Jan Kiszka  writes:
> 
>> On 2012-10-08 20:52, Anthony Liguori wrote:
>>> Jan Kiszka  writes:
>>>
 On 2012-09-11 17:53, Jan Kiszka wrote:
> Our one and only BIOS depends on a writable shadowed BIOS in the ISA
> range. As we have no interface to control the write property, make that
> region writable by default.
>
> Signed-off-by: Jan Kiszka 
> ---
>
> This unbreaks isapc for TCG, and keep it working for KVM once it starts
> supporting read-only memslots.
>
>  hw/pc_sysfw.c |   13 +
>  1 files changed, 9 insertions(+), 4 deletions(-)
>
> diff --git a/hw/pc_sysfw.c b/hw/pc_sysfw.c
> index b45f0ac..027d98a 100644
> --- a/hw/pc_sysfw.c
> +++ b/hw/pc_sysfw.c
> @@ -136,6 +136,7 @@ static void old_pc_system_rom_init(MemoryRegion 
> *rom_memory)
>  {
>  char *filename;
>  MemoryRegion *bios, *isa_bios;
> +void *isa_bios_ptr;
>  int bios_size, isa_bios_size;
>  int ret;
>  
> @@ -167,19 +168,23 @@ static void old_pc_system_rom_init(MemoryRegion 
> *rom_memory)
>  g_free(filename);
>  }
>  
> -/* map the last 128KB of the BIOS in ISA space */
> +/* Shadow the last 128KB of the BIOS in ISA space as RAM -
> + * Seabios depends on this */
>  isa_bios_size = bios_size;
>  if (isa_bios_size > (128 * 1024)) {
>  isa_bios_size = 128 * 1024;
>  }
>  isa_bios = g_malloc(sizeof(*isa_bios));
> -memory_region_init_alias(isa_bios, "isa-bios", bios,
> - bios_size - isa_bios_size, isa_bios_size);
> +memory_region_init_ram(isa_bios, "isa-bios", isa_bios_size);
> +vmstate_register_ram_global(isa_bios);
>  memory_region_add_subregion_overlap(rom_memory,
>  0x10 - isa_bios_size,
>  isa_bios,
>  1);
> -memory_region_set_readonly(isa_bios, true);
> +
> +/* copy ISA rom image from top of the ROM */
> +isa_bios_ptr = memory_region_get_ram_ptr(isa_bios);
> +rom_copy(isa_bios_ptr, (uint32_t)(-isa_bios_size), isa_bios_size);
>  
>  /* map all the bios at the top of memory */
>  memory_region_add_subregion(rom_memory,
>

 Ping. Or already queued?
>>>
>>> I've got it queued now.  Thanks.
>>
>> I'm withdrawing it: This breaks Windows 95 booting. For unknown reasons,
>> this nice OS decided to overwrite the F-segment during boot. That is
>> fine as long as it is properly protected. But it breaks under current
>> KVM and with the patch above for the isapc. So we need a firmware
>> interface to enable/disable write protection for this segment in isapc
>> mode, specifically as that machine targets these old OSes.
> 
> Ah, if it wasn't for a build break caused by one of the pull requests, I
> would have pushed last night.  Thanks for the heads up, I'll remove it
> from my queue.
> 
> Is fw_cfg the right interface?  I presume this is i440fx specific?  How
> does q35 handle this?

No, there is no i440fx or q35 in that case. There are discrete chips
and wiring on an undefined ISA motherboard. As Seabios depends on a
writable E&F-segments (maybe only on E, still need to find out) for a
certain period, we need to invent a pv channel (probably via fw_cfg) to
provide the necessary control knob.

>  Presumably there's a second window for the BIOS
> mapping.  There's got to be some way to do shadowing of it I would
> think.

Not sure what you mean here. This is only about shadowing the top 128K
of the BIOS into the E/F-segment and providing a write-enable knob for it.

Jan

-- 
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux

Re: [Qemu-devel] [PATCH v2 21/21] q35: add acpi-based pci hotplug.

[Jason Baron]

On Fri, Oct 12, 2012 at 12:06:44PM +0200, Gerd Hoffmann wrote:
>   Hi,
> 
> >>> I just tried out getting rid of the bridges by default.
> >>
> >> That clearly raises the question which devices should be created
> >> automatically by -M q35.  I think the devices which are part of the ich9
> >> chipset should be there by default.  /me looks at my laptop which
> >> happens to have a ich9 chipset.
> > 
> > The reason this is a bad idea is very simple: we only have a way to add
> > devices not to remove them.  So if you miss a device which your guest
> > needs, it is easy to add, but there is no way to remove.
> 
> Why would you want remove devices?  They don't harm when present.  And
> you can't remove them on real hardware either.  Try ordering a ich9
> without sound or usb ;)
> 
> >> Real ich9 has the e1000 @ 00:19.0, so it would make sense to place one
> >> there.  Adding a default nic will probably create some headache though,
> >> so maybe better don't.
> > 
> > And that's just one example.
> 
> It is problematic because the nic needs configuration and configuring a
> builtin device is tricky.  Also our e1000 model isn't the ich9 one.
> 
> Most other chipset devices are not problematic at all as they are just
> controllers where you can attach stuff to (and by default there isn't
> anything attached).  This includes:
> 
>   * pcie ports (waiting for pcie devices plugged in).
>   * ahci controller (waiting for disks/cdroms being attached).
>   * intel-hda (waiting for audio coded (hda-*) being attached).
>   * ehci+uhci (waiting for usb devices being plugged in).
> 
> The stuff being attached/plugged there needs configuration, but not the
> controllers themself.
> 
> > Fact is, we don't emulate real hardware exactly.
> 
> But we try to.
> 
> > So let's have a minimal machine and if you want to add e1000 audio etc,
> > you can do this. We can even teach management to do it with friendly
> > UI as opposed to cryptic machine types.
> 
> /me disagrees.
> 

What if we have a 'basic' configuration as Michael suggests, but have an
easy way to specify that we want these additional built-in
controllers/bridges at their default slot.

For example, for q35 I can currently pass '-usb' and it will create a
uhci at slot 1d func 0. (I have small patch to add ehci as well).

Not sure if we have appropriate options we can piggy-back on for default
sound and bridges, but we can add these later, if this makese sense.

Thanks,

-Jason

Re: [Qemu-devel] [PATCH] isapc: Shadow ISA BIOS by default

[Anthony Liguori]

Jan Kiszka  writes:

> On 2012-10-12 15:41, Anthony Liguori wrote:
>> Jan Kiszka  writes:
>> 
>>> On 2012-10-08 20:52, Anthony Liguori wrote:
 Jan Kiszka  writes:

> On 2012-09-11 17:53, Jan Kiszka wrote:
>> Our one and only BIOS depends on a writable shadowed BIOS in the ISA
>> range. As we have no interface to control the write property, make that
>> region writable by default.
>>
>> Signed-off-by: Jan Kiszka 
>> ---
>>
>> This unbreaks isapc for TCG, and keep it working for KVM once it starts
>> supporting read-only memslots.
>>
>>  hw/pc_sysfw.c |   13 +
>>  1 files changed, 9 insertions(+), 4 deletions(-)
>>
>> diff --git a/hw/pc_sysfw.c b/hw/pc_sysfw.c
>> index b45f0ac..027d98a 100644
>> --- a/hw/pc_sysfw.c
>> +++ b/hw/pc_sysfw.c
>> @@ -136,6 +136,7 @@ static void old_pc_system_rom_init(MemoryRegion 
>> *rom_memory)
>>  {
>>  char *filename;
>>  MemoryRegion *bios, *isa_bios;
>> +void *isa_bios_ptr;
>>  int bios_size, isa_bios_size;
>>  int ret;
>>  
>> @@ -167,19 +168,23 @@ static void old_pc_system_rom_init(MemoryRegion 
>> *rom_memory)
>>  g_free(filename);
>>  }
>>  
>> -/* map the last 128KB of the BIOS in ISA space */
>> +/* Shadow the last 128KB of the BIOS in ISA space as RAM -
>> + * Seabios depends on this */
>>  isa_bios_size = bios_size;
>>  if (isa_bios_size > (128 * 1024)) {
>>  isa_bios_size = 128 * 1024;
>>  }
>>  isa_bios = g_malloc(sizeof(*isa_bios));
>> -memory_region_init_alias(isa_bios, "isa-bios", bios,
>> - bios_size - isa_bios_size, isa_bios_size);
>> +memory_region_init_ram(isa_bios, "isa-bios", isa_bios_size);
>> +vmstate_register_ram_global(isa_bios);
>>  memory_region_add_subregion_overlap(rom_memory,
>>  0x10 - isa_bios_size,
>>  isa_bios,
>>  1);
>> -memory_region_set_readonly(isa_bios, true);
>> +
>> +/* copy ISA rom image from top of the ROM */
>> +isa_bios_ptr = memory_region_get_ram_ptr(isa_bios);
>> +rom_copy(isa_bios_ptr, (uint32_t)(-isa_bios_size), isa_bios_size);
>>  
>>  /* map all the bios at the top of memory */
>>  memory_region_add_subregion(rom_memory,
>>
>
> Ping. Or already queued?

 I've got it queued now.  Thanks.
>>>
>>> I'm withdrawing it: This breaks Windows 95 booting. For unknown reasons,
>>> this nice OS decided to overwrite the F-segment during boot. That is
>>> fine as long as it is properly protected. But it breaks under current
>>> KVM and with the patch above for the isapc. So we need a firmware
>>> interface to enable/disable write protection for this segment in isapc
>>> mode, specifically as that machine targets these old OSes.
>> 
>> Ah, if it wasn't for a build break caused by one of the pull requests, I
>> would have pushed last night.  Thanks for the heads up, I'll remove it
>> from my queue.
>> 
>> Is fw_cfg the right interface?  I presume this is i440fx specific?  How
>> does q35 handle this?
>
> No, there is no i440fx or q35 in that case. There are discrete chips
> and wiring on an undefined ISA motherboard. As Seabios depends on a
> writable E&F-segments (maybe only on E, still need to find out) for a
> certain period, we need to invent a pv channel (probably via fw_cfg) to
> provide the necessary control knob.

I see, I thought this was primarily for shadowing.  But it's a
SeaBIOS-ism.  fw_cfg is the right answer.

Regards,

Anthony Liguori

>
>>  Presumably there's a second window for the BIOS
>> mapping.  There's got to be some way to do shadowing of it I would
>> think.
>
> Not sure what you mean here. This is only about shadowing the top 128K
> of the BIOS into the E/F-segment and providing a write-enable knob for it.
>
> Jan
>
> -- 
> Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
> Corporate Competence Center Embedded Linux

Re: [Qemu-devel] [PULL 0/3] usb patch queue

[Anthony Liguori]

Gerd Hoffmann  writes:

>   Hi,
>
> Pretty small this time with just a few bugfixes.
>
> please pull,
>   Gerd
>

Pulled. Thanks.

Regards,

Anthony Liguori

> The following changes since commit b4ae3cfa57b8c1bdbbd7b7d420971e9171203ade:
>
>   ssi: Add slave autoconnect helper (2012-10-10 11:13:32 +1000)
>
> are available in the git repository at:
>   git://git.kraxel.org/qemu usb.67
>
> Hans de Goede (3):
>   usb-redir: Change usbredir_open_chardev into usbredir_create_parser
>   usb-redir: Don't make migration fail in none seamless case
>   uhci: Raise interrupt when requested even for non active tds
>
>  hw/usb/hcd-uhci.c |   10 +-
>  hw/usb/redirect.c |   24 ++--
>  2 files changed, 23 insertions(+), 11 deletions(-)

Re: [Qemu-devel] [PULL] vfio-pci tree 20121008

[Anthony Liguori]

Alex Williamson  writes:

> Anthony,
>
> The following changes since commit 4bb26682f70a5f626cad3e0ac82bf4b6252ea7a4:
>
>   Merge branch 'master' of git.qemu.org:/pub/git/qemu (2012-10-07 18:42:18 
> +)
>
> are available in the git repository at:
>
>
>   git://github.com/awilliam/qemu-vfio.git tags/vfio-pci-for-qemu-20121008.0
>
> for you to fetch changes up to 3a4f2816fac1b0f9cc197bb2208ddf03dc7bc592:
>
>   vfio-pci: Fix BAR->VFIODevice translation in (2012-10-08 08:45:31 -0600)
>

Pulled. Thanks.

Regards,

Anthony Liguori

> 
> vfio-pci fixes 20121008.0
>
>
> These patches have all been posted to the list for review.  From the
> previous 00/11 series:
>
> I've been accumulating a backlog of vfio-pci changes while we've been
> getting the first implementation accepted.  This series includes a
> new algorithm for dealing with INTx that should avoid users needing
> to know about experimental parameters, a re-try mechanism for mappings
> that avoids common errors users might see trying to use vfio-pci, a
> rework of MSIX setup and teardown that fixes a corner case for MSIX
> being enabled but not used, a more robust device reset that re-inits
> interrupts much like pci-assign, a missing INTx setup failure cleanup,
> and addresses a few comments collected during initial review.
>
> Additional Clang patch reported by Blue Swirl and posted last week, as
> well as contribution from Jan included in this pull request.  Thanks,
>
> Alex
>
> 
> Alex Williamson (12):
>   vfio-pci: Update slow path INTx algorithm
>   vfio-pci: Re-order map/unmap
>   vfio-pci: Unmap and retry DMA mapping
>   vfio-pci: Rework MSIX setup/teardown
>   vfio-pci: No spurious MSIs
>   vfio-pci: Roll the header into the .c file
>   vfio-pci: Don't peak at msi_supported
>   vfio-pci: Use uintptr_t for void* cast
>   vfio-pci: Remove setting of MSI qsize
>   vfio-pci: Extend reset
>   vfio-pci: Cleanup on INTx setup failure
>   vfio-pci: Clang cleanup
>
> Jan Kiszka (1):
>   vfio-pci: Fix BAR->VFIODevice translation in
>
>  hw/vfio_pci.c | 498 
> +-
>  hw/vfio_pci_int.h | 114 -
>  2 files changed, 305 insertions(+), 307 deletions(-)
>  delete mode 100644 hw/vfio_pci_int.h

Re: [Qemu-devel] [PULL 0/4] Net patches

[Anthony Liguori]

Stefan Hajnoczi  writes:

> The following changes since commit 4bb26682f70a5f626cad3e0ac82bf4b6252ea7a4:
>
>   Merge branch 'master' of git.qemu.org:/pub/git/qemu (2012-10-07 18:42:18 
> +)
>
> are available in the git repository at:
>
>
>   git://github.com/stefanha/qemu.git net
>
> for you to fetch changes up to a245fc18352fe286ba45ae0661a73b3841514889:
>
>   net: consolidate NetClientState header files into one (2012-10-08 13:59:40 
> +0200)
>

Pulled. Thanks.

Regards,

Anthony Liguori

> 
> Amos Kong (2):
>   e1000: update nc.link_down in e1000_post_load()
>   virtio-net: update nc.link_down in virtio_net_load()
>
> Jason Wang (1):
>   rtl8139: implement 8139cp link status
>
> Paolo Bonzini (1):
>   net: consolidate NetClientState header files into one
>
>  hw/e1000.c  | 12 
>  hw/rtl8139.c| 24 ++--
>  hw/virtio-net.c |  5 +
>  net.c   | 11 ---
>  net/{socket.h => clients.h} | 28 +---
>  net/dump.c  |  2 +-
>  net/dump.h  | 33 -
>  net/hub.c   |  1 +
>  net/hub.h   |  2 --
>  net/slirp.c |  3 ++-
>  net/slirp.h |  3 ---
>  net/socket.c|  3 +--
>  net/tap-win32.c |  2 +-
>  net/tap.c   |  3 ++-
>  net/tap.h   |  6 --
>  net/vde.c   |  3 +--
>  net/vde.h   | 37 -
>  17 files changed, 77 insertions(+), 101 deletions(-)
>  rename net/{socket.h => clients.h} (62%)
>  delete mode 100644 net/dump.h
>  delete mode 100644 net/vde.h
>
> -- 
> 1.7.11.4

Re: [Qemu-devel] [PULL 0/8] spice patch queue

[Anthony Liguori]

Gerd Hoffmann  writes:

>   Hi,
>
> Here comes the spice patch queue.  It raises the minimal required
> spice-server version to 0.12 and the qxl device revision to 4.
> It also brings a collection of bugfixes.
>
> please pull,
>   Gerd
>

Pulled. Thanks.

Regards,

Anthony Liguori

> The following changes since commit 4bb26682f70a5f626cad3e0ac82bf4b6252ea7a4:
>
>   Merge branch 'master' of git.qemu.org:/pub/git/qemu (2012-10-07 18:42:18 
> +)
>
> are available in the git repository at:
>
>   git://anongit.freedesktop.org/spice/qemu spice.v61
>
> Alon Levy (3):
>   hw/qxl: exit on failure to register qxl interface
>   hw/qxl: fix condition for exiting guest_bug
>   hw/qxl: qxl_dirty_surfaces: use uintptr_t
>
> Gerd Hoffmann (4):
>   qxl: always update displaysurface on resize
>   qxl: fix range check for rev3 io commands.
>   spice: raise requirement to 0.12
>   qxl: set default revision to 4
>
> Michael Tokarev (1):
>   qxl/update_area_io: cleanup invalid parameters handling
>
>  configure  |   18 +--
>  hw/pc_piix.c   |8 +++
>  hw/qxl-render.c|4 ---
>  hw/qxl.c   |   57 
> +++-
>  hw/qxl.h   |5 
>  ui/spice-core.c|   51 +
>  ui/spice-display.c |   38 --
>  ui/spice-display.h |5 
>  8 files changed, 24 insertions(+), 162 deletions(-)

[Qemu-devel] [PATCH] qemu-timer: Check for usable fields for SIGEV_THREAD_ID

[Richard Henderson]

Older glibc (RHEL 5.x, Debian 5.x) does not have the _sigev_un._tid
member in its structure definition, while the accompanying kernel
headers do define SIGEV_THREAD_ID.  We need configure to check for
both before using it.

Cc: Paolo Bonzini 
Cc: Anthony Liguori 
Signed-off-by: Richard Henderson 
---
 configure| 21 +
 qemu-timer.c |  4 ++--
 2 files changed, 23 insertions(+), 2 deletions(-)

FWIW, RHEL 5 is the last release for ia64.  And for whatever reason,
the ultrasparc in the gcc compile farm is still running Lenny.  I've
been hacking around this for some time, and now finally got around to
submitting a proper patch for it.


r~


diff --git a/configure b/configure
index c4a7837..78d8819 100755
--- a/configure
+++ b/configure
@@ -2841,6 +2841,23 @@ if compile_prog "" "" ; then
 fi
 
 ##
+# check if we have usable SIGEV_THREAD_ID
+
+sigev_thread_id=no
+cat > $TMPC << EOF
+#include 
+int main(void) {
+  struct sigevent ev;
+  ev.sigev_notify = SIGEV_THREAD_ID;
+  ev._sigev_un._tid = 0;
+  return 0;
+}
+EOF
+if compile_prog "" "" ; then
+sigev_thread_id=yes
+fi
+
+##
 # check if trace backend exists
 
 $python "$source_path/scripts/tracetool.py" "--backend=$trace_backend" 
--check-backend  > /dev/null 2> /dev/null
@@ -3186,6 +3203,7 @@ echo "preadv support$preadv"
 echo "fdatasync $fdatasync"
 echo "madvise   $madvise"
 echo "posix_madvise $posix_madvise"
+echo "sigev_thread_id   $sigev_thread_id"
 echo "uuid support  $uuid"
 echo "libcap-ng support $cap_ng"
 echo "vhost-net support $vhost_net"
@@ -3469,6 +3487,9 @@ fi
 if test "$posix_madvise" = "yes" ; then
   echo "CONFIG_POSIX_MADVISE=y" >> $config_host_mak
 fi
+if test "$sigev_thread_id" = "yes" ; then
+  echo "CONFIG_SIGEV_THREAD_ID=y" >> $config_host_mak
+fi
 
 if test "$spice" = "yes" ; then
   echo "CONFIG_SPICE=y" >> $config_host_mak
diff --git a/qemu-timer.c b/qemu-timer.c
index 908a103..ede84ff 100644
--- a/qemu-timer.c
+++ b/qemu-timer.c
@@ -494,12 +494,12 @@ static int dynticks_start_timer(struct qemu_alarm_timer 
*t)
 memset(&ev, 0, sizeof(ev));
 ev.sigev_value.sival_int = 0;
 ev.sigev_notify = SIGEV_SIGNAL;
-#ifdef SIGEV_THREAD_ID
+#ifdef CONFIG_SIGEV_THREAD_ID
 if (qemu_signalfd_available()) {
 ev.sigev_notify = SIGEV_THREAD_ID;
 ev._sigev_un._tid = qemu_get_thread_id();
 }
-#endif /* SIGEV_THREAD_ID */
+#endif /* CONFIG_SIGEV_THREAD_ID */
 ev.sigev_signo = SIGALRM;
 
 if (timer_create(CLOCK_REALTIME, &ev, &host_timer)) {
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH v2] chardev: add hotplug support.

[Paolo Bonzini]

Il 12/10/2012 14:39, Gerd Hoffmann ha scritto:
> +chr = qemu_chr_new_from_opts(opts, NULL);
> +if (chr == NULL) {
> +qemu_opts_del(opts);
> +error_setg(&err, "Creating chardev failed\n");
> +goto exit_err;
> +}
> +return 0;
> +

Since you have to do a v3, please make this part (which is common
between HMP and QMP) a separate function.

Paolo

Re: [Qemu-devel] [PATCH] qemu-timer: Check for usable fields for SIGEV_THREAD_ID

[Paolo Bonzini]

Il 12/10/2012 18:26, Richard Henderson ha scritto:
> Older glibc (RHEL 5.x, Debian 5.x) does not have the _sigev_un._tid
> member in its structure definition, while the accompanying kernel
> headers do define SIGEV_THREAD_ID.  We need configure to check for
> both before using it.
> 
> Cc: Paolo Bonzini 
> Cc: Anthony Liguori 
> Signed-off-by: Richard Henderson 
> ---
>  configure| 21 +
>  qemu-timer.c |  4 ++--
>  2 files changed, 23 insertions(+), 2 deletions(-)
> 
> FWIW, RHEL 5 is the last release for ia64.  And for whatever reason,
> the ultrasparc in the gcc compile farm is still running Lenny.  I've
> been hacking around this for some time, and now finally got around to
> submitting a proper patch for it.

Reviewed-by: Paolo Bonzini 

> 
> 
> r~
> 
> 
> diff --git a/configure b/configure
> index c4a7837..78d8819 100755
> --- a/configure
> +++ b/configure
> @@ -2841,6 +2841,23 @@ if compile_prog "" "" ; then
>  fi
>  
>  ##
> +# check if we have usable SIGEV_THREAD_ID
> +
> +sigev_thread_id=no
> +cat > $TMPC << EOF
> +#include 
> +int main(void) {
> +  struct sigevent ev;
> +  ev.sigev_notify = SIGEV_THREAD_ID;
> +  ev._sigev_un._tid = 0;
> +  return 0;
> +}
> +EOF
> +if compile_prog "" "" ; then
> +sigev_thread_id=yes
> +fi
> +
> +##
>  # check if trace backend exists
>  
>  $python "$source_path/scripts/tracetool.py" "--backend=$trace_backend" 
> --check-backend  > /dev/null 2> /dev/null
> @@ -3186,6 +3203,7 @@ echo "preadv support$preadv"
>  echo "fdatasync $fdatasync"
>  echo "madvise   $madvise"
>  echo "posix_madvise $posix_madvise"
> +echo "sigev_thread_id   $sigev_thread_id"
>  echo "uuid support  $uuid"
>  echo "libcap-ng support $cap_ng"
>  echo "vhost-net support $vhost_net"
> @@ -3469,6 +3487,9 @@ fi
>  if test "$posix_madvise" = "yes" ; then
>echo "CONFIG_POSIX_MADVISE=y" >> $config_host_mak
>  fi
> +if test "$sigev_thread_id" = "yes" ; then
> +  echo "CONFIG_SIGEV_THREAD_ID=y" >> $config_host_mak
> +fi
>  
>  if test "$spice" = "yes" ; then
>echo "CONFIG_SPICE=y" >> $config_host_mak
> diff --git a/qemu-timer.c b/qemu-timer.c
> index 908a103..ede84ff 100644
> --- a/qemu-timer.c
> +++ b/qemu-timer.c
> @@ -494,12 +494,12 @@ static int dynticks_start_timer(struct qemu_alarm_timer 
> *t)
>  memset(&ev, 0, sizeof(ev));
>  ev.sigev_value.sival_int = 0;
>  ev.sigev_notify = SIGEV_SIGNAL;
> -#ifdef SIGEV_THREAD_ID
> +#ifdef CONFIG_SIGEV_THREAD_ID
>  if (qemu_signalfd_available()) {
>  ev.sigev_notify = SIGEV_THREAD_ID;
>  ev._sigev_un._tid = qemu_get_thread_id();
>  }
> -#endif /* SIGEV_THREAD_ID */
> +#endif /* CONFIG_SIGEV_THREAD_ID */
>  ev.sigev_signo = SIGALRM;
>  
>  if (timer_create(CLOCK_REALTIME, &ev, &host_timer)) {
> 

Re: [Qemu-devel] [PATCH 1/2] qemu-img: Fix division by zero for zero size images

[Paolo Bonzini]

Il 12/10/2012 14:31, Kevin Wolf ha scritto:
> Signed-off-by: Kevin Wolf 
> ---
>  qemu-img.c |   23 +++
>  1 files changed, 15 insertions(+), 8 deletions(-)
> 
> diff --git a/qemu-img.c b/qemu-img.c
> index f17f187..849eb41 100644
> --- a/qemu-img.c
> +++ b/qemu-img.c
> @@ -674,7 +674,7 @@ static int img_convert(int argc, char **argv)
>  QEMUOptionParameter *out_baseimg_param;
>  char *options = NULL;
>  const char *snapshot_name = NULL;
> -float local_progress;
> +float local_progress = 0;
>  int min_sparse = 8; /* Need at least 4k of zeros for sparse detection */
>  
>  fmt = NULL;
> @@ -914,8 +914,10 @@ static int img_convert(int argc, char **argv)
>  sector_num = 0;
>  
>  nb_sectors = total_sectors;
> -local_progress = (float)100 /
> -(nb_sectors / MIN(nb_sectors, cluster_sectors));
> +if (nb_sectors != 0) {
> +local_progress = (float)100 /
> +(nb_sectors / MIN(nb_sectors, cluster_sectors));
> +}
>  
>  for(;;) {
>  int64_t bs_num;
> @@ -986,8 +988,10 @@ static int img_convert(int argc, char **argv)
>  
>  sector_num = 0; // total number of sectors converted so far
>  nb_sectors = total_sectors - sector_num;
> -local_progress = (float)100 /
> -(nb_sectors / MIN(nb_sectors, IO_BUF_SIZE / 512));
> +if (nb_sectors != 0) {
> +local_progress = (float)100 /
> +(nb_sectors / MIN(nb_sectors, IO_BUF_SIZE / 512));
> +}
>  
>  for(;;) {
>  nb_sectors = total_sectors - sector_num;
> @@ -1585,7 +1589,7 @@ static int img_rebase(int argc, char **argv)
>  int n;
>  uint8_t * buf_old;
>  uint8_t * buf_new;
> -float local_progress;
> +float local_progress = 0;
>  
>  buf_old = qemu_blockalign(bs, IO_BUF_SIZE);
>  buf_new = qemu_blockalign(bs, IO_BUF_SIZE);
> @@ -1594,8 +1598,11 @@ static int img_rebase(int argc, char **argv)
>  bdrv_get_geometry(bs_old_backing, &old_backing_num_sectors);
>  bdrv_get_geometry(bs_new_backing, &new_backing_num_sectors);
>  
> -local_progress = (float)100 /
> -(num_sectors / MIN(num_sectors, IO_BUF_SIZE / 512));
> +if (num_sectors != 0) {
> +local_progress = (float)100 /
> +(num_sectors / MIN(num_sectors, IO_BUF_SIZE / 512));
> +}
> +
>  for (sector = 0; sector < num_sectors; sector += n) {
>  
>  /* How many sectors can we handle with the next read? */
> 

Reviewed-by: Paolo Bonzini 

/me keeps this in mind for reviewing Mirek's qemu-img compare series

Re: [Qemu-devel] [PATCH 2/2] qemu-iotests: Test qemu-img operation on zero size image

[Paolo Bonzini]

Il 12/10/2012 14:31, Kevin Wolf ha scritto:
> Signed-off-by: Kevin Wolf 
> ---
>  tests/qemu-iotests/041 |   78 
> 
>  tests/qemu-iotests/041.out |   15 
>  tests/qemu-iotests/group   |1 +
>  3 files changed, 94 insertions(+), 0 deletions(-)
>  create mode 100755 tests/qemu-iotests/041
>  create mode 100644 tests/qemu-iotests/041.out
> 
> diff --git a/tests/qemu-iotests/041 b/tests/qemu-iotests/041
> new file mode 100755
> index 000..c3c3ca8
> --- /dev/null
> +++ b/tests/qemu-iotests/041
> @@ -0,0 +1,78 @@
> +#!/bin/bash
> +#
> +# Test qemu-img operation on zero size images
> +#
> +# Copyright (C) 2012 Red Hat, Inc.
> +#
> +# This program is free software; you can redistribute it and/or modify
> +# it under the terms of the GNU General Public License as published by
> +# the Free Software Foundation; either version 2 of the License, or
> +# (at your option) any later version.
> +#
> +# This program is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> +# GNU General Public License for more details.
> +#
> +# You should have received a copy of the GNU General Public License
> +# along with this program.  If not, see .
> +#
> +
> +# creator
> +owner=kw...@redhat.com
> +
> +seq=`basename $0`
> +echo "QA output created by $seq"
> +
> +here=`pwd`
> +tmp=/tmp/$$
> +status=1 # failure is the default!
> +
> +_cleanup()
> +{
> + _cleanup_test_img
> +}
> +trap "_cleanup; exit \$status" 0 1 2 3 15
> +
> +# get standard environment, filters and checks
> +. ./common.rc
> +. ./common.filter
> +
> +_supported_fmt qcow2 qcow qed vmdk
> +_supported_proto file
> +_supported_os Linux
> +
> +echo
> +echo "== Creating zero size image =="
> +
> +_make_test_img 0
> +_check_test_img
> +
> +mv $TEST_IMG $TEST_IMG.orig
> +
> +echo
> +echo "== Converting the image =="
> +
> +$QEMU_IMG convert -O $IMGFMT $TEST_IMG.orig $TEST_IMG
> +_check_test_img
> +
> +echo
> +echo "== Converting the image, compressed =="
> +
> +if [ "$IMGFMT" == "qcow2" ]; then
> +$QEMU_IMG convert -c -O $IMGFMT $TEST_IMG.orig $TEST_IMG
> +fi
> +_check_test_img
> +
> +echo
> +echo "== Rebasing the image =="
> +
> +$QEMU_IMG rebase -u -b $TEST_IMG.orig $TEST_IMG
> +$QEMU_IMG rebase -b $TEST_IMG.orig $TEST_IMG
> +_check_test_img
> +
> +# success, all done
> +echo "*** done"
> +rm -f $seq.full
> +status=0
> +
> diff --git a/tests/qemu-iotests/041.out b/tests/qemu-iotests/041.out
> new file mode 100644
> index 000..98514fa
> --- /dev/null
> +++ b/tests/qemu-iotests/041.out
> @@ -0,0 +1,15 @@
> +QA output created by 041
> +
> +== Creating zero size image ==
> +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=0 
> +No errors were found on the image.
> +
> +== Converting the image ==
> +No errors were found on the image.
> +
> +== Converting the image, compressed ==
> +No errors were found on the image.
> +
> +== Rebasing the image ==
> +No errors were found on the image.
> +*** done
> diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
> index 66d2ba9..fa4a7da 100644
> --- a/tests/qemu-iotests/group
> +++ b/tests/qemu-iotests/group
> @@ -47,3 +47,4 @@
>  038 rw auto backing
>  039 rw auto
>  040 rw auto
> +041 rw auto quick
> 

FWIW, this will require renaming the mirror test to 042 :(  Since I have
multiple patches touching the file while you have just one, any chance
you can hold up this series for a week or so?

Reviewed-by: Paolo Bonzini 

Paolo

Re: [Qemu-devel] [PATCH 0/2] tcg/arm: Implement movcond_i32

[Peter Maydell]

On 26 September 2012 19:48, Peter Maydell  wrote:
> These patches implement movcond_i32 for the ARM TCG backend; we
> emit "mov dst, v2; cmp c1, c2; movcc dst, v1". We could have
> done this with a pair of conditional movs, but (a) this is not
> actually any shorter (b) it means we don't get the common TCG
> code doing the work of avoiding "mov reg to itself" (c) conditional
> moves aren't quite as free as they used to be on the ARM7.

Ping?

-- PMM

Re: [Qemu-devel] [PATCH v2] chardev: add hotplug support.

[Paolo Bonzini]

Il 12/10/2012 18:54, Paolo Bonzini ha scritto:
> Il 12/10/2012 14:39, Gerd Hoffmann ha scritto:
>> +chr = qemu_chr_new_from_opts(opts, NULL);
>> +if (chr == NULL) {
>> +qemu_opts_del(opts);
>> +error_setg(&err, "Creating chardev failed\n");
>> +goto exit_err;
>> +}
>> +return 0;
>> +
> 
> Since you have to do a v3, please make this part (which is common
> between HMP and QMP) a separate function.

Also please make qemu_chr_new_from_opts use an Error ** at least for the
error that are reported from that function itself (no need to add
propagation to all of qemu-char.c, and it would conflict badly with the
series that does so for qemu-sockets.c).

Paolo