Re: [Qemu-devel] RFH: boot from virtio cdrom?

[Laszlo Ersek]

On 06/07/13 08:12, Gerd Hoffmann wrote:
> On 06/06/13 17:10, Philipp Hahn wrote:
>> Hello,
>>
>> I'm using libvirt to manage my VMs and configured one VM to boot from
>> a CDROM connected via virtio. This does neither work with QEMU-1.1.2
>> nor with QEMU-1.5; neither with SeaBIOS is 1.7.0 nor 1.7.2.
> 
> Doesn't work with virtio-blk, virtio-scsi can handle that just fine though.

... just make sure your installer media has immediate support for
virtio-scsi (or, in case of Windows, at least access to a driver disk,
but "virtio-win-0.1-30.iso" in your command line implied that). Example:
.

Laszlo

Re: [Qemu-devel] [PATCH v5 03/11] block: add basic backup support to block driver

[Stefan Hajnoczi]

On Thu, Jun 06, 2013 at 04:56:49PM +0800, Fam Zheng wrote:
> On Thu, 06/06 10:05, Stefan Hajnoczi wrote:
> > On Thu, Jun 06, 2013 at 11:56:18AM +0800, Fam Zheng wrote:
> > > On Thu, 05/30 14:34, Stefan Hajnoczi wrote:
> > > > +
> > > > +static int coroutine_fn backup_before_write_notify(
> > > > +NotifierWithReturn *notifier,
> > > > +void *opaque)
> > > > +{
> > > > +BdrvTrackedRequest *req = opaque;
> > > > +
> > > > +return backup_do_cow(req->bs, req->sector_num, req->nb_sectors, 
> > > > NULL);
> > > > +}
> > > 
> > > I'm wondering if we can see the logic here with a backing hd
> > > relationship?  req->bs is a backing file of job->target, but guest is
> > > going to write to it, so we need to COW down the data to job->target
> > > before overwritting (i.e.  cluster is not allocated in child).
> > >
> > > I think if we do this in block layer, there's not much necessity for a
> > > before-write notifier here (although it may be useful for other cases):
> > > 
> > > in bdrv_write:
> > > for child in req->bs->open_children
> > > if not child->is_allocated(req->sectors)
> > > do COW to child
> > > 
> > > The advantage of this is that we won't need to start block-backup job in
> > > sync mode "none" to do point-in-time snapshot (image fleecing), and we
> > > get writable snapshot (possibility to open backing file writable and
> > > write to it safely) as a by-product.
> > > 
> > > But we will need to keep track of parent<->child of block states, and we
> > > still need to take care of overlapping writing between block job and
> > > guest request.
> > 
> > There's one catch here: bs->target may not support backing files, it can
> > be a raw file, for example.  We'll only use backing files for
> > point-in-time snapshots but other use cases might not.  raw doesn't
> > really implement is_allocated(), so the whole concept would have to
> > change a little:
> 
> Another use case may be parent modification. Suppose we have
> 
> ,--- child1.qcow2
> parent.qcow2  <
> `--- child2.qcow2
> 
> We can use parent.qcow2 as block device in QEMU without breaking
> child1.qcow2 or child2.qcow2 by telling QEMU who its children are:
> 
>   $QEMU -drive file=parent.qcow2,children=child1.qcow2:child2.qcow2
> 
> Then we open the three images and setup parent_bs->open_children, the
> children are protected from being corrupted.
> 
> > 
> > bs->open_children becomes independent of backing files - any
> > BlockDriverState can be added to this list.  ->is_allocated() basically
> > becomes the bitmap that we keep in the block job.
> 
> Yes. But it is possible to keep a bitmap for raw (and those don't
> implement is_allocated()) in block layer too, or in overlay: could
> add-cow by Dongxu Wang help here?

Yes absolutely.

Stefan

Re: [Qemu-devel] [PATCH v7 00/13] curl: fix curl read

[Richard W.M. Jones]

On Fri, Jun 07, 2013 at 09:54:42AM +0800, Fam Zheng wrote:
> The weird thing is it doesn't work for me, I'm sure something is wrong
> with current upstream, although not totally broken.
> 
>   $./qemu-io http://localhost/vm/arch.raw -c 'read -v 0 512'
>   (stuck here forever, no output)

This doesn't work for me either.

*However* it only doesn't work if I use the Fedora version of curl,
which I'm convinced is broken.

That's why I'm doing all my testing with upstream curl from git,
including all the qemu tests I did.  The above command works fine with
curl from git:

$ LD_LIBRARY_PATH=~/d/curl/lib/.libs ./qemu-io 
http://192.168.0.249/scratch/winxp.img -c 'read -v 0 512'
:  33 c0 8e d0 bc 00 7c fb 50 07 50 1f fc be 1b 7c  3...P.P.
0010:  bf 1b 06 50 57 b9 e5 01 f3 a4 cb bd be 07 b1 04  ...PW...
0020:  38 6e 00 7c 09 75 13 83 c5 10 e2 f4 cd 18 8b f5  8n...u..
0030:  83 c6 10 49 74 19 38 2c 74 f6 a0 b5 07 b4 07 8b  ...It.8.t...
0040:  f0 ac 3c 00 74 fc bb 07 00 b4 0e cd 10 eb f2 88  t...
0050:  4e 10 e8 46 00 73 2a fe 46 10 80 7e 04 0b 74 0b  N..F.s..F.t.
0060:  80 7e 04 0c 74 05 a0 b6 07 75 d2 80 46 02 06 83  tu..F...
0070:  46 08 06 83 56 0a 00 e8 21 00 73 05 a0 b6 07 eb  F...V.s.
0080:  bc 81 3e fe 7d 55 aa 74 0b 80 7e 10 00 74 c8 a0  .U.t.t..
0090:  b7 07 eb a9 8b fc 1e 57 8b f5 cb bf 05 00 8a 56  ...W...V
00a0:  00 b4 08 cd 13 72 23 8a c1 24 3f 98 8a de 8a fc  .r..
00b0:  43 f7 e3 8b d1 86 d6 b1 06 d2 ee 42 f7 e2 39 56  C..B..9V
00c0:  0a 77 23 72 05 39 46 08 73 1c b8 01 02 bb 00 7c  .w.r.9F.s...
00d0:  8b 4e 02 8b 56 00 cd 13 73 51 4f 74 4e 32 e4 8a  .N..V...sQOtN2..
00e0:  56 00 cd 13 eb e4 8a 56 00 60 bb aa 55 b4 41 cd  V..VU.A.
00f0:  13 72 36 81 fb 55 aa 75 30 f6 c1 01 74 2b 61 60  .r6..U.u0...t.a.
0100:  6a 00 6a 00 ff 76 0a ff 76 08 6a 00 68 00 7c 6a  j.j..v..v.j.h..j
0110:  01 6a 10 b4 42 8b f4 cd 13 61 61 73 0e 4f 74 0b  .j..Baas.Ot.
0120:  32 e4 8a 56 00 cd 13 eb d6 61 f9 c3 49 6e 76 61  2..V.a..Inva
0130:  6c 69 64 20 70 61 72 74 69 74 69 6f 6e 20 74 61  lid.partition.ta
0140:  62 6c 65 00 45 72 72 6f 72 20 6c 6f 61 64 69 6e  ble.Error.loadin
0150:  67 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74  g.operating.syst
0160:  65 6d 00 4d 69 73 73 69 6e 67 20 6f 70 65 72 61  em.Missing.opera
0170:  74 69 6e 67 20 73 79 73 74 65 6d 00 00 00 00 00  ting.system.
0180:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
0190:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
01a0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
01b0:  00 00 00 00 00 2c 44 63 1a dd 1a dd 00 00 80 01  ..Dc
01c0:  01 00 07 fe ff 0d 3f 00 00 00 4f b1 bf 00 00 00  ..O.
01d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
01e0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
01f0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa  ..U.
read 512/512 bytes at offset 0
512 bytes, 1 ops; 0. sec (32.552 MiB/sec and 6.6667 ops/sec)

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW

Re: [Qemu-devel] [PATCH 2/2] sheepdog: support 'qemu-img snapshot -a'

[Kevin Wolf]

Am 06.06.2013 um 15:09 hat Liu Yuan geschrieben:
> On 06/06/2013 08:46 PM, Kevin Wolf wrote:
> > Am 06.06.2013 um 13:57 hat Liu Yuan geschrieben:
> >> Just call sd_create_branch() to rollback the image is good enough
> >>
> >> Cc: qemu-devel@nongnu.org
> >> Cc: MORITA Kazutaka 
> >> Cc: Kevin Wolf 
> >> Cc: Stefan Hajnoczi 
> >> Signed-off-by: Liu Yuan 
> >> ---
> >>  block/sheepdog.c |8 +---
> >>  1 file changed, 5 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/block/sheepdog.c b/block/sheepdog.c
> >> index 94218ac..cb5ca4a 100644
> >> --- a/block/sheepdog.c
> >> +++ b/block/sheepdog.c
> >> @@ -2072,9 +2072,11 @@ static int sd_snapshot_goto(BlockDriverState *bs, 
> >> const char *snapshot_id)
> >>  }
> >>  
> >>  if (!s->inode.vm_state_size) {
> >> -error_report("Invalid snapshot");
> >> -ret = -ENOENT;
> >> -goto out;
> >> +/* qemu-img asks us to rollback, we need to do it right now */
> >> +ret = sd_create_branch(s);
> >> +if (ret) {
> >> +goto out;
> >> +}
> >>  }
> > 
> > I'm not sure how snapshots work internally for Sheepdog, but it seems
> > odd to me that you need to do this only for disk-only snapshots, but not
> > when the snapshot has VM state. (Also, note that 'qemu-img snapshot -a'
> > works on images with a VM state, so the comment doesn't seem to be
> > completely accurate)
> > 
> > Would you mind explaining to me how this works in detail?
> > 
> 
> Hmm, the original code isn't written by me and this snapshot mechanism
> exists since day 0. I just hacks it to work now. So I'll try to explain
> on my understanding.
> 
> When we do a snapshot such as 'savedvm' or 'qemu-img snapshot', the
> active vdi is snapshotted and marked as snapshot and a new vdi is
> created as copy-on-write on the previous active vdi, then this new vdi
> becomes active vdi. For e.g,
> 
> As1 --> As2 --> A
> 
> We take snapshot of vdi A twice, tagged s1 and s2 respectively. I guess
> this is quit similar to qcow2 snapshots, only inode object with a bitmap
> is created.
> 
> So when we 'loadvm' or 'qemu-img snapshot -a' to A, current logic just
> handle 'loadvm', that .bdrv_snapshot_goto only reloads inode object,
> that is, for e.g, we 'savevm s1', and mark it as snapshot, the chain
> would like
> 
> As1 --> As2 --> A
>  |
>  v
>  just reload As1's inode object
> 
> Only when the write comes from VM, we do the following stuff
>  - delete active vdi A
>  - created a new inode based on the previously reloaded As1's inode

Thanks, this is the part that I missed.

I'm not sure however why the actual switch is delayed until the first
write. This seems inconsistent with qcow2 snapshots.

Do you know if there is a reason why we can't always do this already
during bdrv_snapshot_goto()?

> The chain will look like:
> 
> As1 --> As2
>  |
>  V
>  A
> 
> This is how sheepdog handles savevm/loadvm.
> 
> So for 'qemu-img snapshot -a', we should create the branch in the
> .bdrv_snapshot_goto.
> 
> As you pointed out, we need to consider vm state even for 'snapshot -a',
> so I need to rework the patch 2/2.

Yes, the presence of VM state is independent from whether you're using
qemu-img or loadvm. And it actually goes both ways: qemu-img can revert
to snapshots that have a VM state, and loadvm can be used with images
that don't have a VM state (if you have multiple images, only one of
them has the VM state).

Kevin

Re: [Qemu-devel] [PATCH v3 0/3] TPM NVRAM persistent storage

[Stefan Hajnoczi]

On Thu, Jun 06, 2013 at 09:32:42AM -0400, Corey Bryant wrote:
> This patch series provides persistent storage support that a TPM
> can use to store NVRAM data.  It uses QEMU's block driver to store
> data on a drive image.  The libtpms TPM 1.2 backend will be the
> initial user of this functionality to store data that must persist
> through a reboot or migration.  A sample command line may look like
> this:
> 
> qemu-system-x86_64 ...
> -drive file=/path/to/nvram.qcow2,id=drive-nvram0-0-0
> -tpmdev libtpms,id=tpm-tpm0
> -device tpm-tis,tpmdev=tpm-tpm0,id=tpm0,drive=drive-nvram0-0-0
> 
> Thanks,
> Corey
> 
> Corey Bryant (3):
>   nvram: Add TPM NVRAM implementation
>   nvram: Add tpm-tis drive support
>   TPM NVRAM test
> 
>  hw/tpm/Makefile.objs |1 +
>  hw/tpm/tpm_int.h |2 +
>  hw/tpm/tpm_nvram.c   |  324 
> ++
>  hw/tpm/tpm_nvram.h   |   25 
>  hw/tpm/tpm_passthrough.c |   85 
>  hw/tpm/tpm_tis.c |8 +
>  6 files changed, 445 insertions(+), 0 deletions(-)
>  create mode 100644 hw/tpm/tpm_nvram.c
>  create mode 100644 hw/tpm/tpm_nvram.h
> 

Reviewed-by: Stefan Hajnoczi 

Re: [Qemu-devel] [PATCH 00/39] Delay destruction of memory regions to instance_finalize

[Andreas Färber]

Am 07.06.2013 03:03, schrieb Paolo Bonzini:
> Il 05/06/2013 05:50, Andreas Färber ha scritto:
>> Also I notice some patches are accessing parent fields directly - please
>> use BUS(), PCI_DEVICE() etc. to hide this.
> 
> I'm always using them.  For example:
> 
> +static void intel_hda_instance_finalize(Object *obj)
> +{
> +PCIDevice *pci = PCI_DEVICE(obj);
> +IntelHDAState *d = DO_UPCAST(IntelHDAState, pci, pci);

I'll comment inline then. :)

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v7 00/13] curl: fix curl read

[Stefan Hajnoczi]

On Thu, Jun 06, 2013 at 12:01:57PM +0100, Richard W.M. Jones wrote:
> On Thu, Jun 06, 2013 at 02:25:46PM +0800, Fam Zheng wrote:
> > v7:
> >   13: Added:
> >   curl: change timeout to 30 seconds
> 
> I tested this against:
> 
> (1) HTTP to Apache server over slow but local wifi.
> 
> (2) HTTP to a remote ISO (on another continent).
> 
> Test (1) is fine.
> 
> Test (2) gives plenty of I/O errors.  I guess that 30 seconds isn't
> sufficient here.
> 
> I should note that current upstream qemu *works* in both cases.
> Although the timeout in current qemu is much shorter (5 seconds), for
> some reason this does not affect the test.
> 
> I'm also confused about what problem this patch series is trying to
> fix, since upstream qemu works fine for me with the latest curl.

One problem I've had with the upstream code is that HTTP servers which
do not support Range: headers fail in a weird way (I don't remember
exactly what happens).  This series does improve this by explicitly
checking for Range: header support.

But there is a lot of other refactoring going on which is reasonable
only if it works as well or better than the upstream code.

Stefan

Re: [Qemu-devel] [PATCH v7 00/13] curl: fix curl read

[Fam Zheng]

On Fri, 06/07 08:27, Richard W.M. Jones wrote:
> On Fri, Jun 07, 2013 at 09:54:42AM +0800, Fam Zheng wrote:
> > The weird thing is it doesn't work for me, I'm sure something is wrong
> > with current upstream, although not totally broken.
> > 
> >   $./qemu-io http://localhost/vm/arch.raw -c 'read -v 0 512'
> >   (stuck here forever, no output)
> 
> This doesn't work for me either.
> 
> *However* it only doesn't work if I use the Fedora version of curl,
> which I'm convinced is broken.

I see, it turns out upstream curl works in my case too, thanks.

So it's more of curl broken rather than qemu driver. For the timeout
issue introduced here, I think it's the effect of implementing timer in
the driver, I can't think of a good way to workaround. However the
master code not using timer at all is an undocumented usage of libcurl.

-- 
Fam

Re: [Qemu-devel] [PATCH 01/39] scsi: keep device alive while it has requests

[Andreas Färber]

Am 04.06.2013 20:51, schrieb Paolo Bonzini:
> Signed-off-by: Paolo Bonzini 
> ---
>  hw/scsi/scsi-bus.c | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c
> index 53ea906..e443193 100644
> --- a/hw/scsi/scsi-bus.c
> +++ b/hw/scsi/scsi-bus.c
> @@ -516,6 +516,8 @@ SCSIRequest *scsi_req_alloc(const SCSIReqOps *reqops, 
> SCSIDevice *d,
>  req->status = -1;
>  req->sense_len = 0;
>  req->ops = reqops;
> +object_ref(OBJECT(d));
> +object_ref(OBJECT(req->bus->qbus.parent));

BusState *bus = BUS(req->bus);
...
object_ref(OBJECT(bus->parent));

Same below.

Andreas

>  trace_scsi_req_alloc(req->dev->id, req->lun, req->tag);
>  return req;
>  }
> @@ -1505,6 +1507,8 @@ void scsi_req_unref(SCSIRequest *req)
>  if (req->ops->free_req) {
>  req->ops->free_req(req);
>  }
> +object_unref(OBJECT(req->dev));
> +object_unref(OBJECT(bus->qbus.parent));
>  g_free(req);
>  }
>  }
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 02/39] dma: keep a device alive while it has SGLists

[Andreas Färber]

Am 04.06.2013 20:51, schrieb Paolo Bonzini:
> A QEMUSGList has a reference to a device's address space.  Keep
> the device alive while the QEMUSGList exists.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  dma-helpers.c |  6 +-
>  hw/ide/ahci.c |  3 ++-
>  hw/ide/macio.c|  4 ++--
>  hw/scsi/megasas.c |  4 ++--
>  hw/scsi/virtio-scsi.c | 10 ++
>  hw/usb/hcd-ehci.c |  4 ++--
>  include/hw/pci/pci.h  |  2 +-
>  include/sysemu/dma.h  |  4 +++-
>  8 files changed, 23 insertions(+), 14 deletions(-)
[...]
> diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
> index 7ee7d97..65ccb09 100644
> --- a/hw/scsi/megasas.c
> +++ b/hw/scsi/megasas.c
> @@ -232,7 +232,7 @@ static int megasas_map_sgl(MegasasState *s, MegasasCmd 
> *cmd, union mfi_sgl *sgl)
>   MEGASAS_MAX_SGE);
>  return iov_count;
>  }
> -qemu_sglist_init(&cmd->qsg, iov_count, pci_get_address_space(&s->dev));
> +pci_dma_sglist_init(&cmd->qsg, &s->dev, iov_count);

PCI_DEVICE(s)?

>  for (i = 0; i < iov_count; i++) {
>  dma_addr_t iov_pa, iov_size_p;
>  
> @@ -628,7 +628,7 @@ static int megasas_map_dcmd(MegasasState *s, MegasasCmd 
> *cmd)
>  }
>  iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
>  iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
> -qemu_sglist_init(&cmd->qsg, 1, pci_get_address_space(&s->dev));
> +pci_dma_sglist_init(&cmd->qsg, &s->dev, 1);

Ditto?

>  qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
>  cmd->iov_size = iov_size;
>  return cmd->iov_size;
[snip]

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v7 00/13] curl: fix curl read

[Fam Zheng]

On Fri, 06/07 09:46, Stefan Hajnoczi wrote:
> On Thu, Jun 06, 2013 at 12:01:57PM +0100, Richard W.M. Jones wrote:
> > On Thu, Jun 06, 2013 at 02:25:46PM +0800, Fam Zheng wrote:
> > > v7:
> > >   13: Added:
> > >   curl: change timeout to 30 seconds
> > 
> > I tested this against:
> > 
> > (1) HTTP to Apache server over slow but local wifi.
> > 
> > (2) HTTP to a remote ISO (on another continent).
> > 
> > Test (1) is fine.
> > 
> > Test (2) gives plenty of I/O errors.  I guess that 30 seconds isn't
> > sufficient here.
> > 
> > I should note that current upstream qemu *works* in both cases.
> > Although the timeout in current qemu is much shorter (5 seconds), for
> > some reason this does not affect the test.
> > 
> > I'm also confused about what problem this patch series is trying to
> > fix, since upstream qemu works fine for me with the latest curl.
> 
> One problem I've had with the upstream code is that HTTP servers which
> do not support Range: headers fail in a weird way (I don't remember
> exactly what happens).  This series does improve this by explicitly
> checking for Range: header support.
> 
What I see is it always returns the first sectors to guest.

> But there is a lot of other refactoring going on which is reasonable
> only if it works as well or better than the upstream code.
> 
In this case it doesn't :(
I can probably send a fix for range and drop the refactoring for now.

-- 
Fam

Re: [Qemu-devel] [PATCH 39/39] tpm: move add/del_subregion to realize/unrealize

[Andreas Färber]

Am 04.06.2013 20:52, schrieb Paolo Bonzini:
> Only do init/destroy in instance_init/finalize.
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  hw/tpm/tpm_tis.c | 14 ++
>  1 file changed, 10 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/tpm/tpm_tis.c b/hw/tpm/tpm_tis.c
> index d4d8152..303d778 100644
> --- a/hw/tpm/tpm_tis.c
> +++ b/hw/tpm/tpm_tis.c
> @@ -881,24 +881,29 @@ static void tpm_tis_realizefn(DeviceState *dev, Error 
> **errp)

ISADevice *d = ISA_DEVICE(dev);

>  tis->bh = qemu_bh_new(tpm_tis_receive_bh, s);
>  
>  isa_init_irq(&s->busdev, &tis->irq, tis->irq_num);

isa_init_irq(d, ...

> +memory_region_add_subregion(isa_address_space(&s->busdev), 
> TPM_TIS_ADDR_BASE,
> +&s->mmio);

isa_address_space(d)

> +}
> +
> +static void tpm_tis_unrealizefn(DeviceState *dev, Error **errp)
> +{
> +TPMState *s = TPM(dev);
> +
> +memory_region_del_subregion(get_system_memory(), &s->mmio);
>  }
>  
>  static void tpm_tis_initfn(Object *obj)
>  {
> -ISADevice *dev = ISA_DEVICE(obj);
>  TPMState *s = TPM(obj);
>  
>  memory_region_init_io(&s->mmio, &tpm_tis_memory_ops, s, "tpm-tis-mmio",
>TPM_TIS_NUM_LOCALITIES << TPM_TIS_LOCALITY_SHIFT);
> -memory_region_add_subregion(isa_address_space(dev), TPM_TIS_ADDR_BASE,
> -&s->mmio);

Regression from here.

Andreas

>  }
>  
>  static void tpm_tis_uninitfn(Object *obj)
>  {
>  TPMState *s = TPM(obj);
>  
> -memory_region_del_subregion(get_system_memory(), &s->mmio);
>  memory_region_destroy(&s->mmio);
>  }
>  
> @@ -907,6 +912,7 @@ static void tpm_tis_class_init(ObjectClass *klass, void 
> *data)
>  DeviceClass *dc = DEVICE_CLASS(klass);
>  
>  dc->realize = tpm_tis_realizefn;
> +dc->unrealize = tpm_tis_unrealizefn;
>  dc->props = tpm_tis_properties;
>  dc->reset = tpm_tis_reset;
>  dc->vmsd  = &vmstate_tpm_tis;
> 


-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PULL 0/2] virtio-ccw/css: bugfixes

[Cornelia Huck]

Please pull to get these two bugfixes:

The following changes since commit 8819c10b5d55d537d59a0ffd5d623f348fc36c47:

  Merge remote-tracking branch 'sstabellini/xen_fixes_20130603' into staging 
(2013-06-04 14:58:58 -0500)

are available in the git repository at:


  git://github.com/cohuck/qemu virtio-ccw-upstr

for you to fetch changes up to d1db1fa8dfcea9c62643f624f2a07d2fd375ce45:

  virtio-ccw: Fix unsetting of indicators. (2013-06-06 10:25:59 +0200)


Cornelia Huck (2):
  s390x/css: Fix concurrent sense.
  virtio-ccw: Fix unsetting of indicators.

 hw/s390x/css.c|2 +-
 hw/s390x/virtio-ccw.c |8 
 2 files changed, 5 insertions(+), 5 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [PULL 2/2] virtio-ccw: Fix unsetting of indicators.

[Cornelia Huck]

Interpretation of the ccws to register (configuration) indicators contained
a thinko: We want to disallow reading from 0, but setting the indicator
pointer to 0 is fine.

Let's fix the handling for CCW_CMD_SET{,_CONF}_IND.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Cornelia Huck 
---
 hw/s390x/virtio-ccw.c |8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index 5f5e267..44f5772 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -328,10 +328,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
 ret = -EINVAL;
 break;
 }
-indicators = ldq_phys(ccw.cda);
-if (!indicators) {
+if (!ccw.cda) {
 ret = -EFAULT;
 } else {
+indicators = ldq_phys(ccw.cda);
 dev->indicators = indicators;
 sch->curr_status.scsw.count = ccw.count - sizeof(indicators);
 ret = 0;
@@ -348,10 +348,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
 ret = -EINVAL;
 break;
 }
-indicators = ldq_phys(ccw.cda);
-if (!indicators) {
+if (!ccw.cda) {
 ret = -EFAULT;
 } else {
+indicators = ldq_phys(ccw.cda);
 dev->indicators2 = indicators;
 sch->curr_status.scsw.count = ccw.count - sizeof(indicators);
 ret = 0;
-- 
1.7.9.5

[Qemu-devel] [PULL 1/2] s390x/css: Fix concurrent sense.

[Cornelia Huck]

Fix an off-by-one error when indicating availablity of concurrent
sense data.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Cornelia Huck 
---
 hw/s390x/css.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index e526a1c..f82abfe 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -777,7 +777,7 @@ int css_do_tsch(SubchDev *sch, IRB *target_irb)
 (p->chars & PMCW_CHARS_MASK_CSENSE)) {
 irb.scsw.flags |= SCSW_FLAGS_MASK_ESWF | SCSW_FLAGS_MASK_ECTL;
 memcpy(irb.ecw, sch->sense_data, sizeof(sch->sense_data));
-irb.esw[1] = 0x0200 | (sizeof(sch->sense_data) << 8);
+irb.esw[1] = 0x0100 | (sizeof(sch->sense_data) << 8);
 }
 }
 /* Store the irb to the guest. */
-- 
1.7.9.5

Re: [Qemu-devel] [PATCH] arm/zynq: Add software reset

[Sebastian Huber]

On 06/07/2013 06:19 AM, Peter Crosthwaite wrote:

Hi Sebastian,

I'd like to get this merged with the fix I suggested. Are you able to
remake or ok if I ammend and resend your patch?


I am fine with your change.  My version is to restrictive.

--
Sebastian Huber, embedded brains GmbH

Address : Dornierstr. 4, D-82178 Puchheim, Germany
Phone   : +49 89 189 47 41-16
Fax : +49 89 189 47 41-09
E-Mail  : sebastian.hu...@embedded-brains.de
PGP : Public key available on request.

Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.

Re: [Qemu-devel] SEV and WFE instructions on ARM

[Sebastian Huber]

Hello Peter,

thanks for your suggestions.  I will look at the WFI support and may send a 
patch for the SEV/WFE, but this will take some weeks.


--
Sebastian Huber, embedded brains GmbH

Address : Dornierstr. 4, D-82178 Puchheim, Germany
Phone   : +49 89 189 47 41-16
Fax : +49 89 189 47 41-09
E-Mail  : sebastian.hu...@embedded-brains.de
PGP : Public key available on request.

Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.

Re: [Qemu-devel] [PATCH v2 1/1] configure: dtc: Probe for libfdt_env.h

[Peter Maydell]

On 7 June 2013 03:54, Peter Crosthwaite  wrote:
> Ping!
>
> We are stuck in limbo here and I would like to get either V1 or V2
> (this patch) of this through.
>
> Paolo,
>
> If you are not happy with this patch, does V1 address your concerns
> (which was its original intention).

Given what David has said I think this v2 is correct and
v1 is wrong. If a distro-supplied libfdt has to provide
a libfdt_env.h then we are correct to check for it before
use (with fallback to the submodule). If Fedora has a
requirement to use its packaged libfdt then they can
achieve that by fixing their libfdt package.

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 00/39] Delay destruction of memory regions to instance_finalize

[Peter Crosthwaite]

Hi,

On Jun 7, 2013 11:04 AM, "Paolo Bonzini"  wrote:
>
> Il 05/06/2013 05:50, Andreas Färber ha scritto:
> > Am 04.06.2013 20:51, schrieb Paolo Bonzini:
> >> This series changes all PCI devices (the sole to support hotplug
> >> _and_ use MemoryRegions) to do memory_region_del_subregion at
> >> unrealize time, and memory_region_destroy at instance_finalize
> >> time.
> >
> > The general idea looks good.
> >
> > Could you please follow-up with a patch that switches from exit to
> > unrealize?
>
> I can add it to the queue, but I have at least 4 pending series.
>
> > Also I notice some patches are accessing parent fields directly - please
> > use BUS(), PCI_DEVICE() etc. to hide this.
>
> I'm always using them.  For example:
>
> +static void intel_hda_instance_finalize(Object *obj)
> +{
> +PCIDevice *pci = PCI_DEVICE(obj);
> +IntelHDAState *d = DO_UPCAST(IntelHDAState, pci, pci);
>
> What I'm not doing, is adding new cast macros---one thing at a time.
>

I have a series that fixes all qom cast macros for all PCI devices tree
wide. Can post. Qom cast macros added as needed.

How are you regression testing this series? If you have a pc/PCI regression
suite I could use it for my series.

Regards
Peter

> Paolo
>
On Jun 7, 2013 11:04 AM, "Paolo Bonzini"  wrote:

> Il 05/06/2013 05:50, Andreas Färber ha scritto:
> > Am 04.06.2013 20:51, schrieb Paolo Bonzini:
> >> This series changes all PCI devices (the sole to support hotplug
> >> _and_ use MemoryRegions) to do memory_region_del_subregion at
> >> unrealize time, and memory_region_destroy at instance_finalize
> >> time.
> >
> > The general idea looks good.
> >
> > Could you please follow-up with a patch that switches from exit to
> > unrealize?
>
> I can add it to the queue, but I have at least 4 pending series.
>
> > Also I notice some patches are accessing parent fields directly - please
> > use BUS(), PCI_DEVICE() etc. to hide this.
>
> I'm always using them.  For example:
>
> +static void intel_hda_instance_finalize(Object *obj)
> +{
> +PCIDevice *pci = PCI_DEVICE(obj);
> +IntelHDAState *d = DO_UPCAST(IntelHDAState, pci, pci);
>
> What I'm not doing, is adding new cast macros---one thing at a time.
>
> Paolo
>
>

Re: [Qemu-devel] [PATCH v7 00/13] curl: fix curl read

[Richard W.M. Jones]

On Fri, Jun 07, 2013 at 03:47:23PM +0800, Fam Zheng wrote:
> On Fri, 06/07 08:27, Richard W.M. Jones wrote:
> > On Fri, Jun 07, 2013 at 09:54:42AM +0800, Fam Zheng wrote:
> > > The weird thing is it doesn't work for me, I'm sure something is wrong
> > > with current upstream, although not totally broken.
> > > 
> > >   $./qemu-io http://localhost/vm/arch.raw -c 'read -v 0 512'
> > >   (stuck here forever, no output)
> > 
> > This doesn't work for me either.
> > 
> > *However* it only doesn't work if I use the Fedora version of curl,
> > which I'm convinced is broken.
> 
> I see, it turns out upstream curl works in my case too, thanks.

FYI this is still broken in the very latest curl in Fedora 20.  I
finally got around to filing a bug about it:

https://bugzilla.redhat.com/show_bug.cgi?id=971790

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW

[Qemu-devel] [PATCH V2] build: remove compile warning

[Wenchao Xia]

This patch simply remove "variable may be used uninitialized" warning.

Signed-off-by: Wenchao Xia 
---
V2: Address Stefan and Peter's comments, use 0 in send_msg() instead of
initialize mhHeader.

 libcacard/vscclient.c |3 +--
 util/iov.c|2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/libcacard/vscclient.c b/libcacard/vscclient.c
index ac23647..7fbf1da 100644
--- a/libcacard/vscclient.c
+++ b/libcacard/vscclient.c
@@ -641,7 +641,6 @@ main(
 GIOChannel *channel_stdin;
 char *qemu_host;
 char *qemu_port;
-VSCMsgHeader mhHeader;
 
 VCardEmulOptions *command_line_options = NULL;
 
@@ -750,7 +749,7 @@ main(
 .magic = VSCARD_MAGIC,
 .capabilities = {0}
 };
-send_msg(VSC_Init, mhHeader.reader_id, &init, sizeof(init));
+send_msg(VSC_Init, 0, &init, sizeof(init));
 
 g_main_loop_run(loop);
 g_main_loop_unref(loop);
diff --git a/util/iov.c b/util/iov.c
index cc6e837..b91cfb9 100644
--- a/util/iov.c
+++ b/util/iov.c
@@ -146,7 +146,7 @@ ssize_t iov_send_recv(int sockfd, struct iovec *iov, 
unsigned iov_cnt,
 {
 ssize_t total = 0;
 ssize_t ret;
-size_t orig_len, tail;
+size_t orig_len = 0, tail;
 unsigned niov;
 
 while (bytes > 0) {
-- 
1.7.1

Re: [Qemu-devel] RFC: Full introspection support for QMP (with draft patch)

[Amos Kong]

Sent out a draft patch in the end of this week. It doesn't support:
* output all stuffs in one shot.
* introspect event
* provide metadata date

How can we define a dynamic dict in qmp-schema.json ?

Currently I just output the raw json dict by a string, Libvirt needs
parse two times, convert the string to json format.

qmp-schema.h: auto generated head file by qapi script

Attached some examples.
* query-qmp-schema-no-param.txt
* query-qmp-schema-filter-by-name.txt
* query-qmp-schema-filter-all-command.txt
* query-qmp-schema-filter-all-type.txt
* query-qmp-schema-filter-all-enum.txt

-

>From 00fe59bde40a8beadf16196db9ed1bac5d862db0 Mon Sep 17 00:00:00 2001
From: Amos Kong 
Date: Fri, 7 Jun 2013 18:02:21 +0800
Subject: [PATCH] full introspection support for QMP

Signed-off-by: Amos Kong 
---
 qapi-schema.json |  3 +++
 qmp-commands.hx  | 23 +++
 qmp.c| 36 
 scripts/qapi-commands.py |  2 +-
 scripts/qapi-types.py| 27 ++-
 scripts/qapi-visit.py|  2 +-
 scripts/qapi.py  | 13 -
 7 files changed, 102 insertions(+), 4 deletions(-)

diff --git a/qapi-schema.json b/qapi-schema.json
index ef1f657..2234e6a 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -3618,3 +3618,6 @@
 '*cpuid-input-ecx': 'int',
 'cpuid-register': 'X86CPURegister32',
 'features': 'int' } }
+
+{ 'command': 'query-qmp-schema', 'data': { '*type': 'str', '*name': 'str' },
+  'returns': ['str'] }
diff --git a/qmp-commands.hx b/qmp-commands.hx
index ffd130e..fc56fba 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -2932,3 +2932,26 @@ Example:
 <- { "return": {} }
 
 EQMP
+
+{
+.name   = "query-qmp-schema",
+.args_type  = "type:s?,name:s?",
+.mhandler.cmd_new = qmp_marshal_input_query_qmp_schema,
+},
+
+
+SQMP
+query-qmp-schema
+
+
+query qmp schema information
+
+Example:
+
+-> { "execute": "query-qmp-schema", "arguments": { "name" : "query-name" }}
+<- { "return": [
+"{ 'command': 'query-name', 'returns': 'NameInfo' }"
+  ]
+   }
+
+EQMP
\ No newline at end of file
diff --git a/qmp.c b/qmp.c
index 4c149b3..11ce275 100644
--- a/qmp.c
+++ b/qmp.c
@@ -25,6 +25,7 @@
 #include "sysemu/blockdev.h"
 #include "qom/qom-qobject.h"
 #include "hw/boards.h"
+#include "qmp-schema.h"
 
 NameInfo *qmp_query_name(Error **errp)
 {
@@ -486,6 +487,41 @@ CpuDefinitionInfoList *qmp_query_cpu_definitions(Error 
**errp)
 return arch_query_cpu_definitions(errp);
 }
 
+strList *qmp_query_qmp_schema(bool has_type, const char *type, bool
+  has_name, const char * name, Error **errp)
+
+{
+strList *list = NULL, *last_entry, *entry;
+int i = 0;
+
+while (qmp_schema_table[i].json_string) {
+if (has_type && strcmp(type, qmp_schema_table[i].type)) {
+i++;
+continue;
+}
+if (has_name && strcmp(name, qmp_schema_table[i].name)) {
+i++;
+continue;
+}
+
+entry = malloc(sizeof(strList *));
+entry->value = g_strdup(qmp_schema_table[i].json_string);
+entry->next = NULL;
+
+if (!list) {
+list = entry;
+} else {
+last_entry->next = entry;
+}
+last_entry = entry;
+
+printf("%d\n", i);
+i++;
+}
+
+return list;
+}
+
 void qmp_add_client(const char *protocol, const char *fdname,
 bool has_skipauth, bool skipauth, bool has_tls, bool tls,
 Error **errp)
diff --git a/scripts/qapi-commands.py b/scripts/qapi-commands.py
index e06332b..d15d04f 100644
--- a/scripts/qapi-commands.py
+++ b/scripts/qapi-commands.py
@@ -437,7 +437,7 @@ except os.error, e:
 if e.errno != errno.EEXIST:
 raise
 
-exprs = parse_schema(sys.stdin)
+exprs = parse_schema(sys.stdin)[0]
 commands = filter(lambda expr: expr.has_key('command'), exprs)
 commands = filter(lambda expr: not expr.has_key('gen'), commands)
 
diff --git a/scripts/qapi-types.py b/scripts/qapi-types.py
index ddcfed9..ce448d8 100644
--- a/scripts/qapi-types.py
+++ b/scripts/qapi-types.py
@@ -15,6 +15,7 @@ import sys
 import os
 import getopt
 import errno
+import re
 
 def generate_fwd_struct(name, members, builtin_type=False):
 if builtin_type:
@@ -303,7 +304,31 @@ fdecl.write(mcgen('''
 ''',
   guard=guardname(h_file)))
 
-exprs = parse_schema(sys.stdin)
+exprs_all = parse_schema(sys.stdin)
+
+schema_table = """
+/* convert qapi-schema.json to a string table */
+
+struct qmp_schem {
+const char *json_string;
+const char *type;
+const char *name;
+} qmp_schema_table[] = {
+"""
+
+for i in exprs_all[1]:
+print i
+str = re.sub(r'\n', ' \\\n', i[0].strip())
+str = re.sub(r' +', ' ', str)
+schema_table += '{"%s", "%s", "%s"},\n' % (str, i[1], i[2])
+
+schema_table += '{NULL, NULL, NULL } };\n'
+
+f

Re: [Qemu-devel] RFC: Full introspection support for QMP (with draft patch)

[Amos Kong]

On Fri, Jun 07, 2013 at 06:12:30PM +0800, Amos Kong wrote:
> Sent out a draft patch in the end of this week. It doesn't support:
> * output all stuffs in one shot.
> * introspect event
> * provide metadata date
> 
> How can we define a dynamic dict in qmp-schema.json ?
> 
> Currently I just output the raw json dict by a string, Libvirt needs
> parse two times, convert the string to json format.
> 
> qmp-schema.h: auto generated head file by qapi script
> 
> Attached some examples.
> * query-qmp-schema-no-param.txt
{'execute': 'query-qmp-schema'}

> * query-qmp-schema-filter-by-name.txt
{"execute": "query-qmp-schema", "arguments": { "name" : "query-name"}}

> * query-qmp-schema-filter-all-command.txt
{'execute': 'query-qmp-schema', 'arguments': {'type': 'command'}}

> * query-qmp-schema-filter-all-type.txt
{'execute': 'query-qmp-schema', 'arguments': {'type': 'type'}}

> * query-qmp-schema-filter-all-enum.txt
{'execute': 'query-qmp-schema', 'arguments': { 'type': 'enum'}}

{'execute': 'query-qmp-schema'}
{
"return": [
"{ 'enum': 'ErrorClass',  'data': [ 'GenericError', 'CommandNotFound', 
'DeviceEncrypted',  'DeviceNotActive', 'DeviceNotFound', 'KVMMissingCap' ] }", 
"{ 'command': 'add_client',  'data': { 'protocol': 'str', 'fdname': 
'str', '*skipauth': 'bool',  '*tls': 'bool' } }", 
"{ 'type': 'NameInfo', 'data': {'*name': 'str'} }", 
"{ 'command': 'query-name', 'returns': 'NameInfo' }", 
"{ 'type': 'VersionInfo',  'data': {'qemu': {'major': 'int', 'minor': 
'int', 'micro': 'int'},  'package': 'str'} }", 
"{ 'command': 'query-version', 'returns': 'VersionInfo' }", 
"{ 'type': 'KvmInfo', 'data': {'enabled': 'bool', 'present': 'bool'} 
}", 
"{ 'command': 'query-kvm', 'returns': 'KvmInfo' }", 
"{ 'enum': 'RunState',  'data': [ 'debug', 'inmigrate', 
'internal-error', 'io-error', 'paused',  'postmigrate', 'prelaunch', 
'finish-migrate', 'restore-vm',  'running', 'save-vm', 'shutdown', 'suspended', 
'watchdog',  'guest-panicked' ] }", 
"{ 'type': 'SnapshotInfo',  'data': { 'id': 'str', 'name': 'str', 
'vm-state-size': 'int',  'date-sec': 'int', 'date-nsec': 'int',  
'vm-clock-sec': 'int', 'vm-clock-nsec': 'int' } }", 
"{ 'type': 'ImageInfo',  'data': {'filename': 'str', 'format': 'str', 
'*dirty-flag': 'bool',  '*actual-size': 'int', 'virtual-size': 'int',  
'*cluster-size': 'int', '*encrypted': 'bool',  '*backing-filename': 'str', 
'*full-backing-filename': 'str',  '*backing-filename-format': 'str', 
'*snapshots': ['SnapshotInfo'] } }", 
"{ 'type': 'ImageCheck',  'data': {'filename': 'str', 'format': 'str', 
'check-errors': 'int',  '*image-end-offset': 'int', '*corruptions': 'int', 
'*leaks': 'int',  '*corruptions-fixed': 'int', '*leaks-fixed': 'int',  
'*total-clusters': 'int', '*allocated-clusters': 'int',  
'*fragmented-clusters': 'int', '*compressed-clusters': 'int' } }", 
"{ 'type': 'StatusInfo',  'data': {'running': 'bool', 'singlestep': 
'bool', 'status': 'RunState'} }", 
"{ 'command': 'query-status', 'returns': 'StatusInfo' }", 
"{ 'type': 'UuidInfo', 'data': {'UUID': 'str'} }", 
"{ 'command': 'query-uuid', 'returns': 'UuidInfo' }", 
"{ 'type': 'ChardevInfo', 'data': {'label': 'str', 'filename': 'str'} 
}", 
"{ 'command': 'query-chardev', 'returns': ['ChardevInfo'] }", 
"{ 'enum': 'DataFormat'  'data': [ 'utf8', 'base64' ] }", 
"{ 'command': 'ringbuf-write',  'data': {'device': 'str', 'data': 
'str',  '*format': 'DataFormat'} }", 
"{ 'command': 'ringbuf-read',  'data': {'device': 'str', 'size': 'int', 
'*format': 'DataFormat'},  'returns': 'str' }", 
"{ 'type': 'CommandInfo', 'data': {'name': 'str'} }", 
"{ 'command': 'query-commands', 'returns': ['CommandInfo'] }", 
"{ 'type': 'EventInfo', 'data': {'name': 'str'} }", 
"{ 'command': 'query-events', 'returns': ['EventInfo'] }", 
"{ 'type': 'MigrationStats',  'data': {'transferred': 'int', 
'remaining': 'int', 'total': 'int' ,  'duplicate': 'int', 'skipped': 'int', 
'normal': 'int',  'normal-bytes': 'int', 'dirty-pages-rate' : 'int' } }", 
"{ 'type': 'XBZRLECacheStats',  'data': {'cache-size': 'int', 'bytes': 
'int', 'pages': 'int',  'cache-miss': 'int', 'overflow': 'int' } }", 
"{ 'type': 'MigrationInfo',  'data': {'*status': 'str', '*ram': 
'MigrationStats',  '*disk': 'MigrationStats',  '*xbzrle-cache': 
'XBZRLECacheStats',  '*total-time': 'int',  '*expected-downtime': 'int',  
'*downtime': 'int'} }", 
"{ 'command': 'query-migrate', 'returns': 'MigrationInfo' }", 
"{ 'enum': 'MigrationCapability',  'data': ['xbzrle'] }", 
"{ 'type': 'MigrationCapabilityStatus',  'data': { 'capability' : 
'MigrationCapability', 'state' : 'bool' } }", 
"{ 'command': 'migrate-set-capabilities',  'data': { 'capabilities': 
['MigrationCapabilityStatus'] } }", 
"{ 'command': 'query-migrate-capabilities', 'retur

[Qemu-devel] [PATCH RFC] virtio-ccw: Document adapter interrupts.

[Cornelia Huck]

Signed-off-by: Cornelia Huck 
---
 virtio-spec.lyx |  147 +--
 1 file changed, 144 insertions(+), 3 deletions(-)

diff --git a/virtio-spec.lyx b/virtio-spec.lyx
index 6e188d0..697351e 100644
--- a/virtio-spec.lyx
+++ b/virtio-spec.lyx
@@ -10701,11 +10701,18 @@ status open
 
 \begin_layout LyX-Code
 
-\change_inserted -385801441 1343732726
+\change_inserted -385801441 1369814105
 
 #define CCW_CMD_READ_VQ_CONF 0x32
 \end_layout
 
+\begin_layout LyX-Code
+
+\change_inserted -385801441 1369814140
+
+#define CCW_CMD_SET_IND_ADAPTER 0x63
+\end_layout
+
 \end_inset
 
 
@@ -11045,11 +11052,136 @@ To communicate the location of the indicator bits 
for host->guest notification,
 
 \begin_layout Standard
 
-\change_inserted -385801441 1347015749
+\change_inserted -385801441 1369814376
 For the indicator bits used in the configuration change host->guest 
notification
 , the CCW_CMD_SET_CONF_IND command is used analogously.
 \end_layout
 
+\begin_layout Subsubsection*
+
+\change_inserted -385801441 1369814399
+Setting Up Indicators For Adapter Interrupts
+\end_layout
+
+\begin_layout Standard
+
+\change_inserted -385801441 1369815013
+If the guest wishes to use adapter interrupts for host->guest notification,
+ it may use the CCW_CMD_SET_IND_ADAPTER command instead of CCW_CMD_SET_IND.
+ Note that usage of those two mechanisms is mutually exclusive.
+\end_layout
+
+\begin_layout Standard
+
+\change_inserted -385801441 1369815065
+CCW_CMD_SET_IND_ADAPTER uses the following communication block:
+\end_layout
+
+\begin_layout LyX-Code
+
+\change_inserted -385801441 1369815367
+\begin_inset listings
+inline false
+status open
+
+\begin_layout LyX-Code
+
+\change_inserted -385801441 1369815367
+
+struct thinint_area {
+\end_layout
+
+\begin_layout LyX-Code
+
+\change_inserted -385801441 1369815367
+
+unsigned long summary_indicator;
+\end_layout
+
+\begin_layout LyX-Code
+
+\change_inserted -385801441 1369815367
+
+unsigned long indicator;
+\end_layout
+
+\begin_layout LyX-Code
+
+\change_inserted -385801441 1369815367
+
+u16 shift;
+\end_layout
+
+\begin_layout LyX-Code
+
+\change_inserted -385801441 1369815367
+
+u8 isc;
+\end_layout
+
+\begin_layout LyX-Code
+
+\change_inserted -385801441 1369815367
+
+} __packed;
+\change_unchanged
+
+\end_layout
+
+\end_inset
+
+
+\end_layout
+
+\begin_layout Standard
+
+\change_inserted -385801441 1370345028
+
+\family typewriter
+summary_indicator
+\family default
+ contains the guest address of a byte value to be used as a summary indicator
+ which is set to != 0 every time the host wants to signal the guest for
+ any of the indictors and unset by the guest to signify that it received
+ the notification.
+ 
+\family typewriter
+isc
+\family default
+ is the interruption subclass to be used for the adapter interrupt.
+ Note that an isc/summary indicator pair must match for any subsequent requests
+ to set up adapter interrupts .
+\end_layout
+
+\begin_layout Standard
+
+\change_inserted -385801441 1369816401
+
+\family typewriter
+indicator
+\family default
+ contains the guest address of the 64 bit indicators to be used; 
+\family typewriter
+shift
+\family default
+ contains the offset of the queue indicators for the device in this value.
+ All queue indicators for a device must fit into the same 64 bit value.
+\end_layout
+
+\begin_layout Standard
+
+\change_inserted -385801441 1369814707
+Hosts not supporting adapter interrupts for virtio-ccw may fail this command
+ with a command reject.
+\end_layout
+
+\begin_layout Standard
+
+\change_inserted -385801441 1369814766
+Configuration change host->guest notification is always setup using 
CCW_CMD_SET_
+CONF_IND.
+\end_layout
+
 \begin_layout Subsection*
 
 \change_inserted -385801441 1343732726
@@ -11064,7 +11196,7 @@ Host->Guest Notification
 
 \begin_layout Standard
 
-\change_inserted -385801441 1347015762
+\change_inserted -385801441 1369814838
 For notifying the guest of virtqueue buffers, the host sets the corresponding
  bit in the guest-provided indicators.
  If an interrupt is not already pending for the subchannel, the host generates
@@ -11073,6 +11205,15 @@ For notifying the guest of virtqueue buffers, the host 
sets the corresponding
 
 \begin_layout Standard
 
+\change_inserted -385801441 1369815397
+Alternatively, if the guest enabled adapter interrupts for a device, 
notificatio
+n happens via setting the bit in the guest-provided indicators, setting
+ the summary indicator and generating an adapter interrupt for the registered
+ interruption subclass.
+\end_layout
+
+\begin_layout Standard
+
 \change_inserted -385801441 1347015847
 If the host wants to notify the guest about configuration changes, it sets
  bit 0 in the configuration indicators and generates an unsolicited I/O
-- 
1.7.9.5

[Qemu-devel] [PATCH RFC 2/2] KVM: s390: virtio-ccw adapter interrupt support.

[Cornelia Huck]

Implement the new CCW_CMD_SET_IND_ADAPTER command and try to enable
adapter interrupts for every device on the first startup. If the host
does not support adapter interrupts, fall back to normal I/O interrupts.

virtio-ccw adapter interrupts use the same isc as normal I/O subchannels
and share a summary indicator for all devices sharing the same indicator
area.

Indicator bits for the individual virtqueues may be contained in the same
indicator area for different devices.

Signed-off-by: Cornelia Huck 
---
 arch/s390/include/asm/irq.h   |   1 +
 arch/s390/kernel/irq.c|   1 +
 drivers/s390/kvm/virtio_ccw.c | 296 --
 3 files changed, 289 insertions(+), 9 deletions(-)

diff --git a/arch/s390/include/asm/irq.h b/arch/s390/include/asm/irq.h
index 87c17bf..ba75d32 100644
--- a/arch/s390/include/asm/irq.h
+++ b/arch/s390/include/asm/irq.h
@@ -42,6 +42,7 @@ enum interruption_class {
IRQIO_PCI,
IRQIO_MSI,
IRQIO_VIR,
+   IRQIO_VAI,
NMI_NMI,
CPU_RST,
NR_ARCH_IRQS
diff --git a/arch/s390/kernel/irq.c b/arch/s390/kernel/irq.c
index f7fb589..39237cc 100644
--- a/arch/s390/kernel/irq.c
+++ b/arch/s390/kernel/irq.c
@@ -82,6 +82,7 @@ static const struct irq_class irqclass_sub_desc[NR_ARCH_IRQS] 
= {
[IRQIO_PCI]  = {.name = "PCI", .desc = "[I/O] PCI Interrupt" },
[IRQIO_MSI]  = {.name = "MSI", .desc = "[I/O] MSI Interrupt" },
[IRQIO_VIR]  = {.name = "VIR", .desc = "[I/O] Virtual I/O Devices"},
+   [IRQIO_VAI]  = {.name = "VAI", .desc = "[I/O] Virtual I/O Devices AI"},
[NMI_NMI]= {.name = "NMI", .desc = "[NMI] Machine Check"},
[CPU_RST]= {.name = "RST", .desc = "[CPU] CPU Restart"},
 };
diff --git a/drivers/s390/kvm/virtio_ccw.c b/drivers/s390/kvm/virtio_ccw.c
index d6c7aba..be15b6b 100644
--- a/drivers/s390/kvm/virtio_ccw.c
+++ b/drivers/s390/kvm/virtio_ccw.c
@@ -32,6 +32,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 /*
  * virtio related functions
@@ -58,6 +60,8 @@ struct virtio_ccw_device {
unsigned long indicators;
unsigned long indicators2;
struct vq_config_block *config_block;
+   bool is_thinint;
+   void *airq_info;
 };
 
 struct vq_info_block {
@@ -72,15 +76,42 @@ struct virtio_feature_desc {
__u8 index;
 } __packed;
 
+struct virtio_thinint_area {
+   unsigned long summary_indicator;
+   unsigned long indicator;
+   u16 shift;
+   u8 isc;
+} __packed;
+
 struct virtio_ccw_vq_info {
struct virtqueue *vq;
int num;
void *queue;
struct vq_info_block *info_block;
+   int bit_nr;
struct list_head node;
long cookie;
 };
 
+#define VIRTIO_AIRQ_ISC IO_SCH_ISC /* inherit from subchannel */
+
+#define VIRTIO_DEV_CHUNK (PAGE_SIZE/sizeof(unsigned long))
+#define MAX_AIRQ_AREAS 8
+
+static int virtio_ccw_use_airq = 1;
+
+struct airq_vq {
+   unsigned long used;
+   void *map[BITS_PER_LONG];
+};
+struct airq_info {
+   rwlock_t lock;
+   u8 *summary_indicator;
+   unsigned long indicators[VIRTIO_DEV_CHUNK];
+   struct airq_vq airq_vqs[VIRTIO_DEV_CHUNK];
+};
+static struct airq_info *airq_areas[MAX_AIRQ_AREAS];
+
 #define CCW_CMD_SET_VQ 0x13
 #define CCW_CMD_VDEV_RESET 0x33
 #define CCW_CMD_SET_IND 0x43
@@ -91,6 +122,7 @@ struct virtio_ccw_vq_info {
 #define CCW_CMD_WRITE_CONF 0x21
 #define CCW_CMD_WRITE_STATUS 0x31
 #define CCW_CMD_READ_VQ_CONF 0x32
+#define CCW_CMD_SET_IND_ADAPTER 0x63
 
 #define VIRTIO_CCW_DOING_SET_VQ 0x0001
 #define VIRTIO_CCW_DOING_RESET 0x0004
@@ -102,6 +134,7 @@ struct virtio_ccw_vq_info {
 #define VIRTIO_CCW_DOING_SET_IND 0x0100
 #define VIRTIO_CCW_DOING_READ_VQ_CONF 0x0200
 #define VIRTIO_CCW_DOING_SET_CONF_IND 0x0400
+#define VIRTIO_CCW_DOING_SET_IND_ADAPTER 0x0800
 #define VIRTIO_CCW_INTPARM_MASK 0x
 
 static struct virtio_ccw_device *to_vc_device(struct virtio_device *vdev)
@@ -109,6 +142,141 @@ static struct virtio_ccw_device *to_vc_device(struct 
virtio_device *vdev)
return container_of(vdev, struct virtio_ccw_device, vdev);
 }
 
+static void drop_airq_indicator(struct virtqueue *vq, struct airq_info *info)
+{
+   int i, j;
+   struct airq_vq *p;
+   unsigned long flags;
+
+   write_lock_irqsave(&info->lock, flags);
+   for (i = 0; i < VIRTIO_DEV_CHUNK; i++) {
+   p = &info->airq_vqs[i];
+   for_each_set_bit(j, &p->used,
+sizeof(p->used) * BITS_PER_BYTE)
+   if (p->map[j] == vq) {
+   p->map[j] = NULL;
+   clear_bit(j, &p->used);
+   break;
+   }
+   }
+   write_unlock_irqrestore(&info->lock, flags);
+}
+
+static void virtio_airq_handler(void *indicator, void *data)
+{
+   int i, bit;
+   unsigned long *indicators;
+   u8 *summary_ind = indicator;
+ 

[Qemu-devel] [PATCH RFC] s390/virtio-ccw: Adapter interrupt support.

[Cornelia Huck]

Handle the new CCW_CMD_SET_IND_ADAPTER command enabling adapter interrupts
on guest request. When active, host->guest notifications will be handled
via global_indicator -> queue indicators instead of queue indicators +
subchannel I/O interrupt. Indicators for virtqueues may be present at an
offset.

Signed-off-by: Cornelia Huck 
---
 hw/s390x/css.c|   10 
 hw/s390x/css.h|2 ++
 hw/s390x/virtio-ccw.c |   66 -
 hw/s390x/virtio-ccw.h |4 +++
 target-s390x/ioinst.h |2 ++
 target-s390x/kvm.c|8 --
 trace-events  |1 +
 7 files changed, 90 insertions(+), 3 deletions(-)

diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index f82abfe..323c232 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -115,6 +115,15 @@ void css_conditional_io_interrupt(SubchDev *sch)
 }
 }
 
+void css_adapter_interrupt(uint8_t isc)
+{
+S390CPU *cpu = s390_cpu_addr2state(0);
+uint32_t io_int_word = (isc << 27) | IO_INT_WORD_AI;
+
+trace_css_adapter_interrupt(isc);
+s390_io_interrupt(cpu, 0, 0, 0, io_int_word);
+}
+
 static void sch_handle_clear_func(SubchDev *sch)
 {
 PMCW *p = &sch->curr_status.pmcw;
@@ -1256,6 +1265,7 @@ void css_reset_sch(SubchDev *sch)
 sch->channel_prog = 0x0;
 sch->last_cmd_valid = false;
 sch->orb = NULL;
+sch->thinint_active = false;
 }
 
 void css_reset(void)
diff --git a/hw/s390x/css.h b/hw/s390x/css.h
index 85ed05d..ab5d4c4 100644
--- a/hw/s390x/css.h
+++ b/hw/s390x/css.h
@@ -77,6 +77,7 @@ struct SubchDev {
 CCW1 last_cmd;
 bool last_cmd_valid;
 ORB *orb;
+bool thinint_active;
 /* transport-provided data: */
 int (*ccw_cb) (SubchDev *, CCW1);
 SenseId id;
@@ -96,4 +97,5 @@ void css_queue_crw(uint8_t rsc, uint8_t erc, int chain, 
uint16_t rsid);
 void css_generate_sch_crws(uint8_t cssid, uint8_t ssid, uint16_t schid,
int hotplugged, int add);
 void css_generate_chp_crws(uint8_t cssid, uint8_t chpid);
+void css_adapter_interrupt(uint8_t isc);
 #endif
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index 44f5772..ccebd11 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -101,6 +101,13 @@ typedef struct VirtioFeatDesc {
 uint8_t index;
 } QEMU_PACKED VirtioFeatDesc;
 
+typedef struct VirtioThinintInfo {
+hwaddr summary_indicator;
+hwaddr device_indicator;
+uint16_t ind_shift;
+uint8_t isc;
+} QEMU_PACKED VirtioThinintInfo;
+
 /* Specify where the virtqueues for the subchannel are in guest memory. */
 static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align,
   uint16_t index, uint16_t num)
@@ -149,6 +156,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
 bool check_len;
 int len;
 hwaddr hw_len;
+VirtioThinintInfo *thinint;
 
 if (!dev) {
 return -EINVAL;
@@ -328,6 +336,11 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
 ret = -EINVAL;
 break;
 }
+if (sch->thinint_active) {
+/* Trigger a command reject. */
+ret = -ENOSYS;
+break;
+}
 if (!ccw.cda) {
 ret = -EFAULT;
 } else {
@@ -379,6 +392,42 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
 ret = 0;
 }
 break;
+case CCW_CMD_SET_IND_ADAPTER:
+if (check_len) {
+if (ccw.count != sizeof(*thinint)) {
+ret = -EINVAL;
+break;
+}
+} else if (ccw.count < sizeof(*thinint)) {
+/* Can't execute command. */
+ret = -EINVAL;
+break;
+}
+len = sizeof(*thinint);
+hw_len = len;
+if (!ccw.cda) {
+ret = -EFAULT;
+} else if (dev->indicators && !sch->thinint_active) {
+/* Trigger a command reject. */
+ret = -ENOSYS;
+} else {
+thinint = cpu_physical_memory_map(ccw.cda, &hw_len, 0);
+if (!thinint) {
+ret = -EFAULT;
+} else {
+len = hw_len;
+dev->summary_indicator = thinint->summary_indicator;
+dev->indicators = thinint->device_indicator;
+dev->thinint_isc = thinint->isc;
+dev->ind_shift = thinint->ind_shift;
+cpu_physical_memory_unmap(thinint, hw_len, 0, hw_len);
+sch->thinint_active = ((dev->indicators != 0) &&
+   (dev->summary_indicator != 0));
+sch->curr_status.scsw.count = ccw.count - len;
+ret = 0;
+}
+}
+break;
 default:
 ret = -ENOSYS;
 break;
@@ -411,6 +460,7 @@ static int virtio_ccw_device_init(VirtioCcwDevice *dev, 
VirtIODevice *vdev)
 sch->channel_prog = 0x0;
 sch->last_cmd_valid = false;
 sch->orb = NULL;
+sch->thinint_active = f

[Qemu-devel] [PATCH RFC] Adapter interrupts for virtio-ccw.

[Cornelia Huck]

Hi,

here's a proposal to support adapter (aka thin) interrupts for virtio-ccw.

The basic idea is to make host->guest signalling on s390 more lightweight.
Normal I/O interrupts have two parts: an interrupt that is made pending on
any of the guest cpus, and status that is made pending on the subchannel.
This means that we need two exits for every interrupt.

With adapter interrupts, only the I/O interrupt remains - no status is made
pending for the subchannel. To find out which virtqueue the signal was for
we rely on indicators.

To set this up, the guest uses a new ccw (which is used instead of the
normal ccw to set up indicators). The payload contains pointers to two
indicators (first level and second level) and the offset at which the
virtqueue indicators start in the second level indicators, as well as the
interruption subclass (which will usually be the same as the isc for the
device). This is partially inspired by what qdio does today.

I have seen some nice speedup on simple dd with my current implementation.
Adapter interrupts are also a prereq for implementing irqfd on s390, since
they eliminate the need for manipulating subchannel status.

Cornelia Huck (1):
  virtio-ccw: Document adapter interrupts.

 virtio-spec.lyx |  147 +--
 1 file changed, 144 insertions(+), 3 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [PATCH RFC] qemu: Adapter interrupts for virtio-ccw.

[Cornelia Huck]

Hi,

here's the qemu patch that implements the new adapter indicators ccw
in virtio-ccw and injects adapter interrupts for the devices enabled
for it.

Cornelia Huck (1):
  s390/virtio-ccw: Adapter interrupt support.

 hw/s390x/css.c|   10 
 hw/s390x/css.h|2 ++
 hw/s390x/virtio-ccw.c |   66 -
 hw/s390x/virtio-ccw.h |4 +++
 target-s390x/ioinst.h |2 ++
 target-s390x/kvm.c|8 --
 trace-events  |1 +
 7 files changed, 90 insertions(+), 3 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [PATCH RFC 0/2] KVM: s390: virtio-ccw adapter interrupts.

[Cornelia Huck]

Hi,

here's the guest driver support for adapter interrupts in virtio-ccw.

We use one summary indicator per page of indicators. For each device,
we try to find a space in an indicator where all of its virtqueues fit.

Locking probably needs some more love, but it seems to work fine so far.

Cornelia Huck (2):
  KVM: s390: virtio-ccw: Handle command rejects.
  KVM: s390: virtio-ccw adapter interrupt support.

 arch/s390/include/asm/irq.h   |   1 +
 arch/s390/kernel/irq.c|   1 +
 drivers/s390/kvm/virtio_ccw.c | 307 --
 3 files changed, 298 insertions(+), 11 deletions(-)

-- 
1.8.1.6

[Qemu-devel] [PATCH RFC 1/2] KVM: s390: virtio-ccw: Handle command rejects.

[Cornelia Huck]

A command reject for a ccw may happen if we run on a host not supporting
a certain feature. We want to be able to handle this as special case of
command failure, so let's split this off from the generic -EIO error code.

Signed-off-by: Cornelia Huck 
---
 drivers/s390/kvm/virtio_ccw.c | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/s390/kvm/virtio_ccw.c b/drivers/s390/kvm/virtio_ccw.c
index 779dc51..d6c7aba 100644
--- a/drivers/s390/kvm/virtio_ccw.c
+++ b/drivers/s390/kvm/virtio_ccw.c
@@ -639,8 +639,15 @@ static void virtio_ccw_int_handler(struct ccw_device *cdev,
 (SCSW_STCTL_ALERT_STATUS | SCSW_STCTL_STATUS_PEND))) {
/* OK */
}
-   if (irb_is_error(irb))
-   vcdev->err = -EIO; /* XXX - use real error */
+   if (irb_is_error(irb)) {
+   /* Command reject? */
+   if ((scsw_dstat(&irb->scsw) & DEV_STAT_UNIT_CHECK) &&
+   (irb->ecw[0] & SNS0_CMD_REJECT))
+   vcdev->err = -EOPNOTSUPP;
+   else
+   /* Map everything else to -EIO. */
+   vcdev->err = -EIO;
+   }
if (vcdev->curr_io & activity) {
switch (activity) {
case VIRTIO_CCW_DOING_READ_FEAT:
-- 
1.8.1.6

[Qemu-devel] [PATCH 2/5] slavio_misc: Fix slavio_led_mem_readw/_writew tracepoints

[Markus Armbruster]

Broken since they got added in commit 97bf485.

Signed-off-by: Markus Armbruster 
---
 hw/misc/slavio_misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/misc/slavio_misc.c b/hw/misc/slavio_misc.c
index a7a9368..3571850 100644
--- a/hw/misc/slavio_misc.c
+++ b/hw/misc/slavio_misc.c
@@ -368,7 +368,7 @@ static void slavio_led_mem_writew(void *opaque, hwaddr addr,
 {
 MiscState *s = opaque;
 
-trace_slavio_led_mem_readw(val & 0x);
+trace_slavio_led_mem_writew(val & 0x);
 switch (addr) {
 case 0:
 s->leds = val;
-- 
1.7.11.7

[Qemu-devel] [PATCH 0/5] Trace fixes

[Markus Armbruster]

Markus Armbruster (5):
  cleanup-trace-events.pl: New
  slavio_misc: Fix slavio_led_mem_readw/_writew tracepoints
  milkymist-minimac2: Fix minimac2_read/_write tracepoints
  trace-events: Drop unused events
  trace-events: Fix up source file comments

 hw/misc/slavio_misc.c   |   2 +-
 hw/net/milkymist-minimac2.c |   2 +-
 scripts/cleanup-trace-events.pl |  51 
 trace-events| 176 
 4 files changed, 140 insertions(+), 91 deletions(-)
 create mode 100755 scripts/cleanup-trace-events.pl

-- 
1.7.11.7

[Qemu-devel] [PATCH 4/5] trace-events: Drop unused events

[Markus Armbruster]

Dropped event   Unused since
mirror_cow  884fea4
paio_complete   47e6b25
paio_cancel 47e6b25
usb_ehci_data   0ce668b
megasas_qf_dequeue  never used
megasas_handle_framenever used
megasas_io_continue never used
megasas_iovec_map_failednever used
megasas_dcmd_map_failed never used
milkymist_softusb_mouse_event   4c15ba9
xen_map_block   6506e4f
xen_unmap_block 6506e4f
qemu_spice_start67be672
qemu_spice_stop 67be672

Signed-off-by: Markus Armbruster 
---
 trace-events | 14 --
 1 file changed, 14 deletions(-)

diff --git a/trace-events b/trace-events
index c5f1ccb..e12d376 100644
--- a/trace-events
+++ b/trace-events
@@ -85,7 +85,6 @@ mirror_before_flush(void *s) "s %p"
 mirror_before_drain(void *s, int64_t cnt) "s %p dirty count %"PRId64
 mirror_before_sleep(void *s, int64_t cnt, int synced) "s %p dirty count 
%"PRId64" synced %d"
 mirror_one_iteration(void *s, int64_t sector_num, int nb_sectors) "s %p 
sector_num %"PRId64" nb_sectors %d"
-mirror_cow(void *s, int64_t sector_num) "s %p sector_num %"PRId64
 mirror_iteration_done(void *s, int64_t sector_num, int nb_sectors, int ret) "s 
%p sector_num %"PRId64" nb_sectors %d ret %d"
 mirror_yield(void *s, int64_t cnt, int buf_free_count, int in_flight) "s %p 
dirty count %"PRId64" free buffers %d in_flight %d"
 mirror_yield_in_flight(void *s, int64_t sector_num, int in_flight) "s %p 
sector_num %"PRId64" in_flight %d"
@@ -122,8 +121,6 @@ thread_pool_cancel(void *req, void *opaque) "req %p opaque 
%p"
 
 # posix-aio-compat.c
 paio_submit(void *acb, void *opaque, int64_t sector_num, int nb_sectors, int 
type) "acb %p opaque %p sector_num %"PRId64" nb_sectors %d type %d"
-paio_complete(void *acb, void *opaque, int ret) "acb %p opaque %p ret %d"
-paio_cancel(void *acb, void *opaque) "acb %p opaque %p"
 
 # ioport.c
 cpu_in(unsigned int addr, unsigned int val) "addr %#x value %u"
@@ -303,7 +300,6 @@ usb_ehci_sitd(uint32_t addr, uint32_t nxt, uint32_t active) 
"ITD @ %08x: next %0
 usb_ehci_port_attach(uint32_t port, const char *owner, const char *device) 
"attach port #%d, owner %s, device %s"
 usb_ehci_port_detach(uint32_t port, const char *owner) "detach port #%d, owner 
%s"
 usb_ehci_port_reset(uint32_t port, int enable) "reset port #%d - %d"
-usb_ehci_data(int rw, uint32_t cpage, uint32_t offset, uint32_t addr, uint32_t 
len, uint32_t bufpos) "write %d, cpage %d, offset 0x%03x, addr 0x%08x, len %d, 
bufpos %d"
 usb_ehci_queue_action(void *q, const char *action) "q %p: %s"
 usb_ehci_packet_action(void *q, void *p, const char *action) "q %p p %p: %s"
 usb_ehci_irq(uint32_t level, uint32_t frindex, uint32_t sts, uint32_t mask) 
"level %d, frindex 0x%04x, sts 0x%x, mask 0x%x"
@@ -609,11 +605,9 @@ megasas_qf_new(unsigned int index, void *cmd) "return new 
frame %x cmd %p"
 megasas_qf_failed(unsigned long pa) "all frames busy for frame %lx"
 megasas_qf_enqueue(unsigned int index, unsigned int count, uint64_t context, 
unsigned int tail, int busy) "enqueue frame %x count %d context %" PRIx64 " 
tail %x busy %d"
 megasas_qf_update(unsigned int head, unsigned int busy) "update reply queue 
head %x busy %d"
-megasas_qf_dequeue(unsigned int index) "dequeue frame %x"
 megasas_qf_map_failed(int cmd, unsigned long frame) "scmd %d: frame %lu"
 megasas_qf_complete_noirq(uint64_t context) "context %" PRIx64 " "
 megasas_qf_complete(uint64_t context, unsigned int tail, unsigned int offset, 
int busy, unsigned int doorbell) "context %" PRIx64 " tail %x offset %d busy %d 
doorbell %x"
-megasas_handle_frame(const char *cmd, uint64_t addr, uint64_t context, 
uint32_t count) "MFI cmd %s addr %" PRIx64 " context %" PRIx64 " count %d"
 megasas_frame_busy(uint64_t addr) "frame %" PRIx64 " busy"
 megasas_unhandled_frame_cmd(int cmd, uint8_t frame_cmd) "scmd %d: Unhandled 
MFI cmd %x"
 megasas_handle_scsi(const char *frame, int bus, int dev, int lun, void *sdev, 
unsigned long size) "%s dev %x/%x/%x sdev %p xfer %lu"
@@ -636,8 +630,6 @@ megasas_io_write_start(int cmd, unsigned long lba, unsigned 
long count, unsigned
 megasas_io_complete(int cmd, uint32_t len) "scmd %d: %d bytes completed"
 megasas_io_read(int cmd, int bytes, int len, unsigned long offset) "scmd %d: 
%d/%d bytes, iov offset %lu"
 megasas_io_write(int cmd, int bytes, int len, unsigned long offset) "scmd %d: 
%d/%d bytes, iov offset %lu"
-megasas_io_continue(int cmd, int bytes) "scmd %d: %d bytes left"
-megasas_iovec_map_failed(int cmd, int index, unsigned long iov_size) "scmd %d: 
iovec %d size %lu"
 megasas_iovec_sgl_overflow(int cmd, int index, int limit) "scmd %d: iovec 
count %d limit %d"
 megasas_iovec_sgl_underflow(int cmd, int index) "scmd %d: iovec count %d"
 megasas_iovec_sgl_invalid(int 

[Qemu-devel] [PATCH 3/5] milkymist-minimac2: Fix minimac2_read/_write tracepoints

[Markus Armbruster]

Broken in milkymist-minimac.c from the start (commit 0742454),
faithfully moved to milkymist-minimac2.c (commit 57aa265).

Signed-off-by: Markus Armbruster 
---
 hw/net/milkymist-minimac2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/milkymist-minimac2.c b/hw/net/milkymist-minimac2.c
index 4ef6318..7448777 100644
--- a/hw/net/milkymist-minimac2.c
+++ b/hw/net/milkymist-minimac2.c
@@ -355,7 +355,7 @@ minimac2_write(void *opaque, hwaddr addr, uint64_t value,
 {
 MilkymistMinimac2State *s = opaque;
 
-trace_milkymist_minimac2_memory_read(addr, value);
+trace_milkymist_minimac2_memory_write(addr, value);
 
 addr >>= 2;
 switch (addr) {
-- 
1.7.11.7

[Qemu-devel] [PATCH 5/5] trace-events: Fix up source file comments

[Markus Armbruster]

They're all wrong since (at least) Paolo's big source tree
reorganization.  Need to shuffle some event declarations around to
keep them under the correct source file comment.

Signed-off-by: Markus Armbruster 
---
 trace-events | 162 ---
 1 file changed, 87 insertions(+), 75 deletions(-)

diff --git a/trace-events b/trace-events
index e12d376..d95e903 100644
--- a/trace-events
+++ b/trace-events
@@ -25,18 +25,14 @@
 #
 # The  should be a sprintf()-compatible format string.
 
-# qemu-malloc.c
-g_malloc(size_t size, void *ptr) "size %zu ptr %p"
-g_realloc(void *ptr, size_t size, void *newptr) "ptr %p size %zu newptr %p"
-g_free(void *ptr) "ptr %p"
-
-# osdep.c
+# util/oslib-win32.c
+# util/oslib-posix.c
 qemu_memalign(size_t alignment, size_t size, void *ptr) "alignment %zu size 
%zu ptr %p"
 qemu_anon_ram_alloc(size_t size, void *ptr) "size %zu ptr %p"
 qemu_vfree(void *ptr) "ptr %p"
 qemu_anon_ram_free(void *ptr, size_t size) "ptr %p size %zu"
 
-# hw/virtio.c
+# hw/virtio/virtio.c
 virtqueue_fill(void *vq, const void *elem, unsigned int len, unsigned int idx) 
"vq %p elem %p len %u idx %u"
 virtqueue_flush(void *vq, unsigned int count) "vq %p count %u"
 virtqueue_pop(void *vq, void *elem, unsigned int in_num, unsigned int out_num) 
"vq %p elem %p in_num %u out_num %u"
@@ -45,13 +41,13 @@ virtio_irq(void *vq) "vq %p"
 virtio_notify(void *vdev, void *vq) "vdev %p vq %p"
 virtio_set_status(void *vdev, uint8_t val) "vdev %p val %u"
 
-# hw/virtio-serial-bus.c
+# hw/char/virtio-serial-bus.c
 virtio_serial_send_control_event(unsigned int port, uint16_t event, uint16_t 
value) "port %u, event %u, value %u"
 virtio_serial_throttle_port(unsigned int port, bool throttle) "port %u, 
throttle %d"
 virtio_serial_handle_control_message(uint16_t event, uint16_t value) "event 
%u, value %u"
 virtio_serial_handle_control_message_port(unsigned int port) "port %u"
 
-# hw/virtio-console.c
+# hw/char/virtio-console.c
 virtio_console_flush_buf(unsigned int port, size_t len, ssize_t ret) "port %u, 
in_len %zu, out_len %zd"
 virtio_console_chr_read(unsigned int port, int size) "port %u, size %d"
 virtio_console_chr_event(unsigned int port, int event) "port %u, event %d"
@@ -75,6 +71,8 @@ bdrv_co_do_copy_on_readv(void *bs, int64_t sector_num, int 
nb_sectors, int64_t c
 # block/stream.c
 stream_one_iteration(void *s, int64_t sector_num, int nb_sectors, int 
is_allocated) "s %p sector_num %"PRId64" nb_sectors %d is_allocated %d"
 stream_start(void *bs, void *base, void *s, void *co, void *opaque) "bs %p 
base %p s %p co %p opaque %p"
+
+# block/commit.c
 commit_one_iteration(void *s, int64_t sector_num, int nb_sectors, int 
is_allocated) "s %p sector_num %"PRId64" nb_sectors %d is_allocated %d"
 commit_start(void *bs, void *base, void *top, void *s, void *co, void *opaque) 
"bs %p base %p top %p s %p co %p opaque %p"
 
@@ -99,19 +97,19 @@ qmp_block_job_complete(void *job) "job %p"
 block_job_cb(void *bs, void *job, int ret) "bs %p job %p ret %d"
 qmp_block_stream(void *bs, void *job) "bs %p job %p"
 
-# hw/virtio-blk.c
+# hw/block/virtio-blk.c
 virtio_blk_req_complete(void *req, int status) "req %p status %d"
 virtio_blk_rw_complete(void *req, int ret) "req %p ret %d"
 virtio_blk_handle_write(void *req, uint64_t sector, size_t nsectors) "req %p 
sector %"PRIu64" nsectors %zu"
 virtio_blk_handle_read(void *req, uint64_t sector, size_t nsectors) "req %p 
sector %"PRIu64" nsectors %zu"
 
-# hw/dataplane/virtio-blk.c
+# hw/block/dataplane/virtio-blk.c
 virtio_blk_data_plane_start(void *s) "dataplane %p"
 virtio_blk_data_plane_stop(void *s) "dataplane %p"
 virtio_blk_data_plane_process_request(void *s, unsigned int out_num, unsigned 
int in_num, unsigned int head) "dataplane %p out_num %u in_num %u head %u"
 virtio_blk_data_plane_complete_request(void *s, unsigned int head, int ret) 
"dataplane %p head %u ret %d"
 
-# hw/dataplane/vring.c
+# hw/virtio/dataplane/vring.c
 vring_setup(uint64_t physical, void *desc, void *avail, void *used) "vring 
physical %#"PRIx64" desc %p avail %p used %p"
 
 # thread-pool.c
@@ -119,7 +117,8 @@ thread_pool_submit(void *pool, void *req, void *opaque) 
"pool %p req %p opaque %
 thread_pool_complete(void *pool, void *req, void *opaque, int ret) "pool %p 
req %p opaque %p ret %d"
 thread_pool_cancel(void *req, void *opaque) "req %p opaque %p"
 
-# posix-aio-compat.c
+# block/raw-win32.c
+# block/raw-posix.c
 paio_submit(void *acb, void *opaque, int64_t sector_num, int nb_sectors, int 
type) "acb %p opaque %p sector_num %"PRId64" nb_sectors %d type %d"
 
 # ioport.c
@@ -130,29 +129,31 @@ cpu_out(unsigned int addr, unsigned int val) "addr %#x 
value %u"
 # Since requests are raised via monitor, not many tracepoints are needed.
 balloon_event(void *opaque, unsigned long addr) "opaque %p addr %lu"
 
-# hw/apic.c
-apic_local_deliver(int vector, uint32_t lvt) "vector %d delivery mode %d"
-apic_deliver_irq(uint8_t dest, uint8_t dest_mode, uint8_t delivery_m

[Qemu-devel] [PATCH 1/5] cleanup-trace-events.pl: New

[Markus Armbruster]

Simple script to drop unused events and fix up source file comments.
The next few commits put it to use.

Signed-off-by: Markus Armbruster 
---
Feel free to ignore this one, rewrite it in Python, frame it to hang
in your bathroom, print it on tissue paper for that other bathroom
use, whatever you like.

 scripts/cleanup-trace-events.pl | 51 +
 1 file changed, 51 insertions(+)
 create mode 100755 scripts/cleanup-trace-events.pl

diff --git a/scripts/cleanup-trace-events.pl b/scripts/cleanup-trace-events.pl
new file mode 100755
index 000..cffbf16
--- /dev/null
+++ b/scripts/cleanup-trace-events.pl
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Authors:
+#  Markus Armbruster 
+#
+# This work is licensed under the terms of the GNU GPL, version 2 or
+# later.  See the COPYING file in the top-level directory.
+
+# Usage: cleanup-trace-events.pl trace-events
+#
+# Print cleaned up trace-events to standard output.
+
+use warnings;
+use strict;
+
+my $buf = '';
+my %seen = ();
+
+sub out {
+print $buf;
+$buf = '';
+%seen = ();
+}
+
+while (<>) {
+if (/^(disable )?([a-z_0-9]+)\(/) {
+open GREP, '-|', 'git', 'grep', '-l', "trace_$2"
+or die "run git grep: $!";
+my $fname;
+while ($fname = ) {
+chomp $fname;
+next if $seen{$fname} || $fname eq 'trace-events';
+$seen{$fname} = 1;
+$buf = "# $fname\n" . $buf;
+}
+unless (close GREP) {
+die "close git grep: $!"
+if $!;
+next;
+}
+} elsif (/^# ([^ ]*\.[ch])$/) {
+out;
+next;
+} elsif (!/^#|^$/) {
+warn "unintelligible line";
+}
+$buf .= $_;
+}
+
+out;
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH V2] build: remove compile warning

[Stefan Hajnoczi]

On Fri, Jun 07, 2013 at 06:02:09PM +0800, Wenchao Xia wrote:
> This patch simply remove "variable may be used uninitialized" warning.
> 
> Signed-off-by: Wenchao Xia 
> ---
> V2: Address Stefan and Peter's comments, use 0 in send_msg() instead of
> initialize mhHeader.
> 
>  libcacard/vscclient.c |3 +--
>  util/iov.c|2 +-
>  2 files changed, 2 insertions(+), 3 deletions(-)

Reviewed-by: Stefan Hajnoczi 

Re: [Qemu-devel] [PATCH V15 0/5] enhancement for qmp/hmp interfaces of block info

[Stefan Hajnoczi]

On Thu, Jun 06, 2013 at 12:27:56PM +0800, Wenchao Xia wrote:
>   This series lets qmp interface show delaied info, including internal 
> snapshot
> /backing chain on all block device at runtime, which helps management stack 
> and
> human user, by retrieving exactly the same info of what qemu sees.
[...]
> V15:
>   Squash "add recursive member in ImageInfo" patch into 3/6.
>   Address Stefan's comments:
>   5/5: use bool instead of int for variable "verbose".
> 
> Wenchao Xia (5):
>   1 block: add snapshot info query function bdrv_query_snapshot_info_list()
>   2 block: add image info query function bdrv_query_image_info()
>   3 qmp: add ImageInfo in BlockDeviceInfo used by query-block
>   4 hmp: show ImageInfo in 'info block'
>   5 hmp: add parameters device and -v for info block
> 
>  block/qapi.c |  148 
> ++
>  hmp.c|   21 +++
>  include/block/qapi.h |   14 +++--
>  monitor.c|7 ++-
>  qapi-schema.json |   10 +++-
>  qemu-img.c   |   10 +++-
>  qmp-commands.hx  |   69 +++-
>  7 files changed, 242 insertions(+), 37 deletions(-)
> 
> 

Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block

Stefan

[Qemu-devel] [PULL 02/26] qemu-io: Remove unused args_command

[Stefan Hajnoczi]

From: Kevin Wolf 

The original intention seems to be something with handling multiple
images at once, but this has never been implemented and the only
function ever registered is implemented to make everything behave like a
"global" command. Just do that unconditionally now.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c | 28 ++--
 cmd.h |  2 --
 qemu-io.c | 10 --
 3 files changed, 2 insertions(+), 38 deletions(-)

diff --git a/cmd.c b/cmd.c
index 10a8688..4e7579b 100644
--- a/cmd.c
+++ b/cmd.c
@@ -34,7 +34,6 @@
 cmdinfo_t  *cmdtab;
 intncmds;
 
-static argsfunc_t  args_func;
 static checkfunc_t check_func;
 static int ncmdline;
 static char**cmdline;
@@ -127,22 +126,6 @@ void add_user_command(char *optarg)
 cmdline[ncmdline-1] = optarg;
 }
 
-static int
-args_command(
-   int index)
-{
-   if (args_func)
-   return args_func(index);
-   return 0;
-}
-
-void
-add_args_command(
-   argsfunc_t  af)
-{
-   args_func = af;
-}
-
 static void prep_fetchline(void *opaque)
 {
 int *fetchable = opaque;
@@ -155,7 +138,7 @@ static char *get_prompt(void);
 
 void command_loop(void)
 {
-int c, i, j = 0, done = 0, fetchable = 0, prompted = 0;
+int c, i, done = 0, fetchable = 0, prompted = 0;
 char *input;
 char **v;
 const cmdinfo_t *ct;
@@ -171,14 +154,7 @@ void command_loop(void)
 if (c) {
 ct = find_command(v[0]);
 if (ct) {
-if (ct->flags & CMD_FLAG_GLOBAL) {
-done = command(ct, c, v);
-} else {
-j = 0;
-while (!done && (j = args_command(j))) {
-done = command(ct, c, v);
-}
-}
+done = command(ct, c, v);
 } else {
 fprintf(stderr, _("command \"%s\" not found\n"), v[0]);
 }
diff --git a/cmd.h b/cmd.h
index b763b19..8e6f753 100644
--- a/cmd.h
+++ b/cmd.h
@@ -41,12 +41,10 @@ extern int  ncmds;
 void help_init(void);
 void quit_init(void);
 
-typedef int (*argsfunc_t)(int index);
 typedef int (*checkfunc_t)(const cmdinfo_t *ci);
 
 void add_command(const cmdinfo_t *ci);
 void add_user_command(char *optarg);
-void add_args_command(argsfunc_t af);
 void add_check_command(checkfunc_t cf);
 
 const cmdinfo_t *find_command(const char *cmd);
diff --git a/qemu-io.c b/qemu-io.c
index 5e6680b..4288b8c 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -1888,15 +1888,6 @@ static int open_f(int argc, char **argv)
 return openfile(argv[optind], flags, growable);
 }
 
-static int init_args_command(int index)
-{
-/* only one device allowed so far */
-if (index >= 1) {
-return 0;
-}
-return ++index;
-}
-
 static int init_check_command(const cmdinfo_t *ct)
 {
 if (ct->flags & CMD_FLAG_GLOBAL) {
@@ -2043,7 +2034,6 @@ int main(int argc, char **argv)
 add_command(&wait_break_cmd);
 add_command(&abort_cmd);
 
-add_args_command(init_args_command);
 add_check_command(init_check_command);
 
 /* open the device */
-- 
1.8.1.4

[Qemu-devel] [PULL 01/26] blockdev: reset werror/rerror on drive_del

[Stefan Hajnoczi]

Paolo Bonzini  suggested the following test case:

1. Launch a guest and wait at the GRUB boot menu:

  qemu-system-x86_64 -enable-kvm -m 1024 \
   -drive if=none,cache=none,file=test.img,id=foo,werror=stop,rerror=stop
   -device virtio-blk-pci,drive=foo,id=virtio0,addr=4

2. Hot unplug the device:

  (qemu) drive_del foo

3. Select the first boot menu entry

Without this patch the guest pauses due to ENOMEDIUM.  The guest is
stuck in a continuous pause loop since the I/O request is retried and
fails immediately again when the guest is resumed.

With this patch the error is reported to the guest.

Note that this scenario actually happens sometimes during libvirt disk
hot unplug, where device_del is followed by drive_del.  I/O may still be
submitted to the drive after drive_del if the guest does not process the
PCI hot unplug notification.

Reported-by: Dafna Ron 
Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Kevin Wolf 
---
 blockdev.c  | 4 
 hmp-commands.hx | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/blockdev.c b/blockdev.c
index b9b2d10..9937311 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -1180,6 +1180,10 @@ int do_drive_del(Monitor *mon, const QDict *qdict, 
QObject **ret_data)
  */
 if (bdrv_get_attached_dev(bs)) {
 bdrv_make_anon(bs);
+
+/* Further I/O must not pause the guest */
+bdrv_set_on_error(bs, BLOCKDEV_ON_ERROR_REPORT,
+  BLOCKDEV_ON_ERROR_REPORT);
 } else {
 drive_uninit(drive_get_by_blockdev(bs));
 }
diff --git a/hmp-commands.hx b/hmp-commands.hx
index 9cea415..4f5a3fd 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -185,6 +185,8 @@ Remove host block device.  The result is that guest 
generated IO is no longer
 submitted against the host device underlying the disk.  Once a drive has
 been deleted, the QEMU Block layer returns -EIO which results in IO
 errors in the guest for applications that are reading/writing to the device.
+These errors are always reported to the guest, regardless of the drive's error
+actions (drive options rerror, werror).
 ETEXI
 
 {
-- 
1.8.1.4

[Qemu-devel] [PULL 00/26] Block patches

[Stefan Hajnoczi]

The following changes since commit 8819c10b5d55d537d59a0ffd5d623f348fc36c47:

  Merge remote-tracking branch 'sstabellini/xen_fixes_20130603' into staging 
(2013-06-04 14:58:58 -0500)

are available in the git repository at:


  git://github.com/stefanha/qemu.git block

for you to fetch changes up to e73fe2b46c38776288415ce7bc8ba3fcd23721c4:

  hmp: add parameters device and -v for info block (2013-06-07 13:45:01 +0200)


Andreas Färber (1):
  ide: Set BSY bit during FLUSH

Kevin Wolf (19):
  qemu-io: Remove unused args_command
  cutils: Support 'P' and 'E' suffixes in strtosz()
  qemu-io: Make cvtnum() a wrapper around strtosz_suffix()
  qemu-io: Handle cvtnum() errors in 'alloc'
  qemu-io: Don't use global bs in command implementations
  qemu-io: Split off commands to qemu-io-cmds.c
  qemu-io: Factor out qemuio_command
  qemu-io: Move 'help' function
  qemu-io: Move 'quit' function
  qemu-io: Move qemu_strsep() to cutils.c
  qemu-io: Move functions for registering and running commands
  qemu-io: Move command_loop() and friends
  qemu-io: Move remaining helpers from cmd.c
  qemu-io: Interface cleanup
  qemu-io: Use the qemu version for -V
  Make qemu-io commands available in HMP
  blkdebug: Add BLKDBG_FLUSH_TO_OS/DISK events
  ide-test: Add enum value for DEV
  ide-test: Add FLUSH CACHE test case

Stefan Hajnoczi (1):
  blockdev: reset werror/rerror on drive_del

Wenchao Xia (5):
  block: add snapshot info query function bdrv_query_snapshot_info_list()
  block: add image info query function bdrv_query_image_info()
  qmp: add ImageInfo in BlockDeviceInfo used by query-block
  hmp: show ImageInfo in 'info block'
  hmp: add parameters device and -v for info block

 Makefile   |2 +-
 Makefile.objs  |1 +
 block.c|8 +-
 block/blkdebug.c   |3 +
 block/qapi.c   |  148 +++-
 blockdev.c |4 +
 cmd.c  |  612 -
 cmd.h  |   79 --
 hmp-commands.hx|   18 +
 hmp.c  |   39 +
 hmp.h  |1 +
 hw/ide/core.c  |1 +
 include/block/block.h  |3 +
 include/block/qapi.h   |   14 +-
 include/qemu-common.h  |3 +
 include/qemu-io.h  |   46 +
 monitor.c  |   15 +-
 qapi-schema.json   |   10 +-
 qemu-img.c |   20 +-
 qemu-io-cmds.c | 2118 
 qemu-io.c  | 1990 -
 qmp-commands.hx|   69 +-
 tests/ide-test.c   |   43 +-
 tests/qemu-iotests/049.out |8 +-
 util/cutils.c  |   25 +
 25 files changed, 2717 insertions(+), 2563 deletions(-)
 delete mode 100644 cmd.c
 delete mode 100644 cmd.h
 create mode 100644 include/qemu-io.h
 create mode 100644 qemu-io-cmds.c

-- 
1.8.1.4

[Qemu-devel] [PULL 09/26] qemu-io: Move 'help' function

[Stefan Hajnoczi]

From: Kevin Wolf 

No reason to treat it different from other commands. Move it to
qemu-io-cmds.c, adapt the coding style and register it like any other
command.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c  | 79 --
 cmd.h  |  1 -
 qemu-io-cmds.c | 67 -
 3 files changed, 66 insertions(+), 81 deletions(-)

diff --git a/cmd.c b/cmd.c
index 7ae978f..2941ad3 100644
--- a/cmd.c
+++ b/cmd.c
@@ -439,82 +439,3 @@ quit_init(void)
 
add_command(&quit_cmd);
 }
-
-/* from libxcmd/help.c */
-
-static cmdinfo_t help_cmd;
-static void help_onecmd(const char *cmd, const cmdinfo_t *ct);
-static void help_oneline(const char *cmd, const cmdinfo_t *ct);
-
-static void
-help_all(void)
-{
-   const cmdinfo_t *ct;
-
-   for (ct = cmdtab; ct < &cmdtab[ncmds]; ct++)
-   help_oneline(ct->name, ct);
-   printf(_("\nUse 'help commandname' for extended help.\n"));
-}
-
-static int
-help_f(
-BlockDriverState *bs,
-   int argc,
-   char**argv)
-{
-   const cmdinfo_t *ct;
-
-   if (argc == 1) {
-   help_all();
-   return 0;
-   }
-   ct = find_command(argv[1]);
-   if (ct == NULL) {
-   printf(_("command %s not found\n"), argv[1]);
-   return 0;
-   }
-   help_onecmd(argv[1], ct);
-   return 0;
-}
-
-static void
-help_onecmd(
-   const char  *cmd,
-   const cmdinfo_t *ct)
-{
-   help_oneline(cmd, ct);
-   if (ct->help)
-   ct->help();
-}
-
-static void
-help_oneline(
-   const char  *cmd,
-   const cmdinfo_t *ct)
-{
-   if (cmd)
-   printf("%s ", cmd);
-   else {
-   printf("%s ", ct->name);
-   if (ct->altname)
-   printf("(or %s) ", ct->altname);
-   }
-   if (ct->args)
-   printf("%s ", ct->args);
-   printf("-- %s\n", ct->oneline);
-}
-
-void
-help_init(void)
-{
-   help_cmd.name = _("help");
-   help_cmd.altname = _("?");
-   help_cmd.cfunc = help_f;
-   help_cmd.argmin = 0;
-   help_cmd.argmax = 1;
-   help_cmd.flags = CMD_FLAG_GLOBAL;
-   help_cmd.args = _("[command]");
-   help_cmd.oneline = _("help for one or all commands");
-
-   add_command(&help_cmd);
-}
diff --git a/cmd.h b/cmd.h
index d676408..89e7c6e 100644
--- a/cmd.h
+++ b/cmd.h
@@ -42,7 +42,6 @@ typedef struct cmdinfo {
 extern cmdinfo_t   *cmdtab;
 extern int ncmds;
 
-void help_init(void);
 void quit_init(void);
 
 typedef int (*checkfunc_t)(BlockDriverState *bs, const cmdinfo_t *ci);
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 8b12446..fa8d9a0 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -1795,6 +1795,71 @@ static const cmdinfo_t abort_cmd = {
.oneline= "simulate a program crash using abort(3)",
 };
 
+static void help_oneline(const char *cmd, const cmdinfo_t *ct)
+{
+if (cmd) {
+printf("%s ", cmd);
+} else {
+printf("%s ", ct->name);
+if (ct->altname) {
+printf("(or %s) ", ct->altname);
+}
+}
+
+if (ct->args) {
+printf("%s ", ct->args);
+}
+printf("-- %s\n", ct->oneline);
+}
+
+static void help_onecmd(const char *cmd, const cmdinfo_t *ct)
+{
+help_oneline(cmd, ct);
+if (ct->help) {
+ct->help();
+}
+}
+
+static void help_all(void)
+{
+const cmdinfo_t *ct;
+
+for (ct = cmdtab; ct < &cmdtab[ncmds]; ct++) {
+help_oneline(ct->name, ct);
+}
+printf("\nUse 'help commandname' for extended help.\n");
+}
+
+static int help_f(BlockDriverState *bs, int argc, char **argv)
+{
+const cmdinfo_t *ct;
+
+if (argc == 1) {
+help_all();
+return 0;
+}
+
+ct = find_command(argv[1]);
+if (ct == NULL) {
+printf("command %s not found\n", argv[1]);
+return 0;
+}
+
+help_onecmd(argv[1], ct);
+return 0;
+}
+
+static const cmdinfo_t help_cmd = {
+.name   = "help",
+.altname= "?",
+.cfunc  = help_f,
+.argmin = 0,
+.argmax = 1,
+.flags  = CMD_FLAG_GLOBAL,
+.args   = "[command]",
+.oneline= "help for one or all commands",
+};
+
 static int init_check_command(BlockDriverState *bs, const cmdinfo_t *ct)
 {
 if (ct->flags & CMD_FLAG_GLOBAL) {
@@ -1834,7 +1899,7 @@ bool qemuio_command(const char *cmd)
 static void __attribute((constructor)) init_qemuio_commands(void)
 {
 /* initialize commands */
-help_init();
+add_command(&help_cmd);
 add_command(&read_cmd);
 add_command(&readv_cmd);
 add_command(&write_cmd);
-- 
1.8.1.4

[Qemu-devel] [PULL 03/26] cutils: Support 'P' and 'E' suffixes in strtosz()

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 include/qemu-common.h  |  2 ++
 monitor.c  |  8 
 qemu-img.c | 10 ++
 tests/qemu-iotests/049.out |  8 
 util/cutils.c  |  4 
 5 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/include/qemu-common.h b/include/qemu-common.h
index cb82ef3..d95ea1e 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -191,6 +191,8 @@ int parse_uint_full(const char *s, unsigned long long 
*value, int base);
  * A-Z, as strtosz() will use qemu_toupper() on the given argument
  * prior to comparison.
  */
+#define STRTOSZ_DEFSUFFIX_EB   'E'
+#define STRTOSZ_DEFSUFFIX_PB   'P'
 #define STRTOSZ_DEFSUFFIX_TB   'T'
 #define STRTOSZ_DEFSUFFIX_GB   'G'
 #define STRTOSZ_DEFSUFFIX_MB   'M'
diff --git a/monitor.c b/monitor.c
index eefc7f0..9d279b8 100644
--- a/monitor.c
+++ b/monitor.c
@@ -93,10 +93,10 @@
  * 'M'  Non-negative target long (32 or 64 bit), in user mode the
  *  value is multiplied by 2^20 (think Mebibyte)
  * 'o'  octets (aka bytes)
- *  user mode accepts an optional T, t, G, g, M, m, K, k
- *  suffix, which multiplies the value by 2^40 for
- *  suffixes T and t, 2^30 for suffixes G and g, 2^20 for
- *  M and m, 2^10 for K and k
+ *  user mode accepts an optional E, e, P, p, T, t, G, g, M, m,
+ *  K, k suffix, which multiplies the value by 2^60 for suffixes E
+ *  and e, 2^50 for suffixes P and p, 2^40 for suffixes T and t,
+ *  2^30 for suffixes G and g, 2^20 for M and m, 2^10 for K and k
  * 'T'  double
  *  user mode accepts an optional ms, us, ns suffix,
  *  which divides the value by 1e3, 1e6, 1e9, respectively
diff --git a/qemu-img.c b/qemu-img.c
index 82c7977..e089c78 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -85,8 +85,9 @@ static void help(void)
"options are: 'none', 'writeback' (default, except for 
convert), 'writethrough',\n"
"'directsync' and 'unsafe' (default for convert)\n"
"  'size' is the disk image size in bytes. Optional suffixes\n"
-   "'k' or 'K' (kilobyte, 1024), 'M' (megabyte, 1024k), 'G' 
(gigabyte, 1024M)\n"
-   "and T (terabyte, 1024G) are supported. 'b' is ignored.\n"
+   "'k' or 'K' (kilobyte, 1024), 'M' (megabyte, 1024k), 'G' 
(gigabyte, 1024M),\n"
+   "'T' (terabyte, 1024G), 'P' (petabyte, 1024T) and 'E' (exabyte, 
1024P)  are\n"
+   "supported. 'b' is ignored.\n"
"  'output_filename' is the destination disk image filename\n"
"  'output_fmt' is the destination format\n"
"  'options' is a comma separated list of format specific options 
in a\n"
@@ -387,8 +388,9 @@ static int img_create(int argc, char **argv)
 error_report("Image size must be less than 8 EiB!");
 } else {
 error_report("Invalid image size specified! You may use k, M, "
-  "G or T suffixes for ");
-error_report("kilobytes, megabytes, gigabytes and terabytes.");
+  "G, T, P or E suffixes for ");
+error_report("kilobytes, megabytes, gigabytes, terabytes, "
+ "petabytes and exabytes.");
 }
 return 1;
 }
diff --git a/tests/qemu-iotests/049.out b/tests/qemu-iotests/049.out
index 72db13f..d2f0efe 100644
--- a/tests/qemu-iotests/049.out
+++ b/tests/qemu-iotests/049.out
@@ -108,15 +108,15 @@ qemu-img: Formatting or formatting option not supported 
for file format 'qcow2'
 Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=-1024 encryption=off 
cluster_size=65536 lazy_refcounts=off 
 
 qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- 1kilobyte
-qemu-img: Invalid image size specified! You may use k, M, G or T suffixes for 
-qemu-img: kilobytes, megabytes, gigabytes and terabytes.
+qemu-img: Invalid image size specified! You may use k, M, G, T, P or E 
suffixes for 
+qemu-img: kilobytes, megabytes, gigabytes, terabytes, petabytes and exabytes.
 
 qemu-img create -f qcow2 -o size=1kilobyte TEST_DIR/t.qcow2
 Formatting 'TEST_DIR/t.qcow2', fmt=qcow2 size=1024 encryption=off 
cluster_size=65536 lazy_refcounts=off 
 
 qemu-img create -f qcow2 TEST_DIR/t.qcow2 -- foobar
-qemu-img: Invalid image size specified! You may use k, M, G or T suffixes for 
-qemu-img: kilobytes, megabytes, gigabytes and terabytes.
+qemu-img: Invalid image size specified! You may use k, M, G, T, P or E 
suffixes for 
+qemu-img: kilobytes, megabytes, gigabytes, terabytes, petabytes and exabytes.
 
 qemu-img create -f qcow2 -o size=foobar TEST_DIR/t.qcow2
 qemu-img: Parameter 'size' expects a size
diff --git a/util/cutils.c b/util/cutils.c
index a165819..8f28896 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ 

[Qemu-devel] [PULL 05/26] qemu-io: Handle cvtnum() errors in 'alloc'

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 qemu-io.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/qemu-io.c b/qemu-io.c
index 8a719a8..b4f56fc 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -1596,7 +1596,10 @@ static int alloc_f(int argc, char **argv)
 int ret;
 
 offset = cvtnum(argv[1]);
-if (offset & 0x1ff) {
+if (offset < 0) {
+printf("non-numeric offset argument -- %s\n", argv[1]);
+return 0;
+} else if (offset & 0x1ff) {
 printf("offset %" PRId64 " is not sector aligned\n",
offset);
 return 0;
@@ -1604,6 +1607,10 @@ static int alloc_f(int argc, char **argv)
 
 if (argc == 3) {
 nb_sectors = cvtnum(argv[2]);
+if (nb_sectors < 0) {
+printf("non-numeric length argument -- %s\n", argv[2]);
+return 0;
+}
 } else {
 nb_sectors = 1;
 }
-- 
1.8.1.4

[Qemu-devel] [PULL 12/26] qemu-io: Move functions for registering and running commands

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c  | 113 -
 cmd.h  |  11 +---
 qemu-io-cmds.c | 192 ++---
 qemu-io.c  |  10 +--
 4 files changed, 148 insertions(+), 178 deletions(-)

diff --git a/cmd.c b/cmd.c
index f6bf2c5..6616d61 100644
--- a/cmd.c
+++ b/cmd.c
@@ -31,94 +31,9 @@
 
 /* from libxcmd/command.c */
 
-cmdinfo_t  *cmdtab;
-intncmds;
-
-static checkfunc_t check_func;
 static int ncmdline;
 static char**cmdline;
 
-static int
-compare(const void *a, const void *b)
-{
-   return strcmp(((const cmdinfo_t *)a)->name,
- ((const cmdinfo_t *)b)->name);
-}
-
-void add_command(const cmdinfo_t *ci)
-{
-cmdtab = g_realloc((void *)cmdtab, ++ncmds * sizeof(*cmdtab));
-cmdtab[ncmds - 1] = *ci;
-qsort(cmdtab, ncmds, sizeof(*cmdtab), compare);
-}
-
-static int
-check_command(
-   const cmdinfo_t *ci)
-{
-   if (check_func)
-   return check_func(qemuio_bs, ci);
-   return 1;
-}
-
-void
-add_check_command(
-   checkfunc_t cf)
-{
-   check_func = cf;
-}
-
-int
-command_usage(
-   const cmdinfo_t *ci)
-{
-   printf("%s %s -- %s\n", ci->name, ci->args, ci->oneline);
-   return 0;
-}
-
-int
-command(
-   const cmdinfo_t *ct,
-   int argc,
-   char**argv)
-{
-   char*cmd = argv[0];
-
-   if (!check_command(ct))
-   return 0;
-
-   if (argc-1 < ct->argmin || (ct->argmax != -1 && argc-1 > ct->argmax)) {
-   if (ct->argmax == -1)
-   fprintf(stderr,
-   _("bad argument count %d to %s, expected at least %d arguments\n"),
-   argc-1, cmd, ct->argmin);
-   else if (ct->argmin == ct->argmax)
-   fprintf(stderr,
-   _("bad argument count %d to %s, expected %d arguments\n"),
-   argc-1, cmd, ct->argmin);
-   else
-   fprintf(stderr,
-   _("bad argument count %d to %s, expected between %d and %d 
arguments\n"),
-   argc-1, cmd, ct->argmin, ct->argmax);
-   return 0;
-   }
-   optind = 0;
-   return ct->cfunc(qemuio_bs, argc, argv);
-}
-
-const cmdinfo_t *
-find_command(
-   const char  *cmd)
-{
-   cmdinfo_t   *ct;
-
-   for (ct = cmdtab; ct < &cmdtab[ncmds]; ct++) {
-   if (strcmp(ct->name, cmd) == 0 ||
-   (ct->altname && strcmp(ct->altname, cmd) == 0))
-   return (const cmdinfo_t *)ct;
-   }
-   return NULL;
-}
 
 void add_user_command(char *optarg)
 {
@@ -255,34 +170,6 @@ fetchline(void)
 }
 #endif
 
-char **breakline(char *input, int *count)
-{
-int c = 0;
-char *p;
-char **rval = calloc(sizeof(char *), 1);
-char **tmp;
-
-while (rval && (p = qemu_strsep(&input, " ")) != NULL) {
-if (!*p) {
-continue;
-}
-c++;
-tmp = realloc(rval, sizeof(*rval) * (c + 1));
-if (!tmp) {
-free(rval);
-rval = NULL;
-c = 0;
-break;
-} else {
-rval = tmp;
-}
-rval[c - 1] = p;
-rval[c] = NULL;
-}
-*count = c;
-return rval;
-}
-
 #define EXABYTES(x)((long long)(x) << 60)
 #define PETABYTES(x)   ((long long)(x) << 50)
 #define TERABYTES(x)   ((long long)(x) << 40)
diff --git a/cmd.h b/cmd.h
index 5b6f61b..0d01a33 100644
--- a/cmd.h
+++ b/cmd.h
@@ -39,23 +39,16 @@ typedef struct cmdinfo {
helpfunc_t  help;
 } cmdinfo_t;
 
-extern cmdinfo_t   *cmdtab;
-extern int ncmds;
-
 typedef int (*checkfunc_t)(BlockDriverState *bs, const cmdinfo_t *ci);
 
-void add_command(const cmdinfo_t *ci);
+void qemuio_add_command(const cmdinfo_t *ci);
 void add_user_command(char *optarg);
 void add_check_command(checkfunc_t cf);
 
-const cmdinfo_t *find_command(const char *cmd);
-
 void command_loop(void);
-int command_usage(const cmdinfo_t *ci);
-int command(const cmdinfo_t *ci, int argc, char **argv);
+int qemuio_command_usage(const cmdinfo_t *ci);
 
 /* from input.h */
-char **breakline(char *input, int *count);
 char *fetchline(void);
 
 void cvtstr(double value, char *str, size_t sz);
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index fa8d9a0..8acc866 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -16,6 +16,110 @@
 
 int qemuio_misalign;
 
+static cmdinfo_t *cmdtab;
+static int ncmds;
+
+static int compare_cmdname(const void *a, const void *b)
+{
+return strcmp(((const cmdinfo_t *)a)->name,
+  ((const cmdinfo_t *)b)->name);
+}
+
+void qemuio_add_command(const cmdinfo_t *ci)
+{
+cmdtab = g_realloc(cmdtab, ++ncmds * sizeof(*cmdtab));
+cmdtab[ncmds - 1] = *ci;
+qsort(cmdtab, ncmds, sizeo

[Qemu-devel] [PULL 08/26] qemu-io: Factor out qemuio_command

[Stefan Hajnoczi]

From: Kevin Wolf 

It's duplicated code. Move it to qemu-io-cmds.c because it's not
dependent on any static data of the qemu-io tool.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c  | 43 +--
 cmd.h  |  3 ++-
 qemu-io-cmds.c | 24 
 3 files changed, 31 insertions(+), 39 deletions(-)

diff --git a/cmd.c b/cmd.c
index d501aab..7ae978f 100644
--- a/cmd.c
+++ b/cmd.c
@@ -138,28 +138,11 @@ static char *get_prompt(void);
 
 void command_loop(void)
 {
-int c, i, done = 0, fetchable = 0, prompted = 0;
+int i, done = 0, fetchable = 0, prompted = 0;
 char *input;
-char **v;
-const cmdinfo_t *ct;
 
 for (i = 0; !done && i < ncmdline; i++) {
-input = strdup(cmdline[i]);
-if (!input) {
-fprintf(stderr, _("cannot strdup command '%s': %s\n"),
-cmdline[i], strerror(errno));
-exit(1);
-}
-v = breakline(input, &c);
-if (c) {
-ct = find_command(v[0]);
-if (ct) {
-done = command(ct, c, v);
-} else {
-fprintf(stderr, _("command \"%s\" not found\n"), v[0]);
-}
-   }
-doneline(input, v);
+done = qemuio_command(cmdline[i]);
 }
 if (cmdline) {
 g_free(cmdline);
@@ -179,20 +162,13 @@ void command_loop(void)
 if (!fetchable) {
 continue;
 }
+
 input = fetchline();
 if (input == NULL) {
 break;
 }
-v = breakline(input, &c);
-if (c) {
-ct = find_command(v[0]);
-if (ct) {
-done = command(ct, c, v);
-} else {
-fprintf(stderr, _("command \"%s\" not found\n"), v[0]);
-}
-}
-doneline(input, v);
+done = qemuio_command(input);
+free(input);
 
 prompted = 0;
 fetchable = 0;
@@ -328,15 +304,6 @@ char **breakline(char *input, int *count)
 return rval;
 }
 
-void
-doneline(
-   char*input,
-   char**vec)
-{
-   free(input);
-   free(vec);
-}
-
 #define EXABYTES(x)((long long)(x) << 60)
 #define PETABYTES(x)   ((long long)(x) << 50)
 #define TERABYTES(x)   ((long long)(x) << 40)
diff --git a/cmd.h b/cmd.h
index ccf6336..d676408 100644
--- a/cmd.h
+++ b/cmd.h
@@ -59,7 +59,6 @@ int command(const cmdinfo_t *ci, int argc, char **argv);
 
 /* from input.h */
 char **breakline(char *input, int *count);
-void doneline(char *input, char **vec);
 char *fetchline(void);
 
 void cvtstr(double value, char *str, size_t sz);
@@ -77,4 +76,6 @@ void timestr(struct timeval *tv, char *str, size_t sz, int 
flags);
 
 extern char *progname;
 
+bool qemuio_command(const char *cmd);
+
 #endif /* __COMMAND_H__ */
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 0a3817a..8b12446 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -1807,6 +1807,30 @@ static int init_check_command(BlockDriverState *bs, 
const cmdinfo_t *ct)
 return 1;
 }
 
+bool qemuio_command(const char *cmd)
+{
+char *input;
+const cmdinfo_t *ct;
+char **v;
+int c;
+bool done = false;
+
+input = g_strdup(cmd);
+v = breakline(input, &c);
+if (c) {
+ct = find_command(v[0]);
+if (ct) {
+done = command(ct, c, v);
+} else {
+fprintf(stderr, "command \"%s\" not found\n", v[0]);
+}
+}
+g_free(input);
+g_free(v);
+
+return done;
+}
+
 static void __attribute((constructor)) init_qemuio_commands(void)
 {
 /* initialize commands */
-- 
1.8.1.4

[Qemu-devel] [PULL 04/26] qemu-io: Make cvtnum() a wrapper around strtosz_suffix()

[Stefan Hajnoczi]

From: Kevin Wolf 

No reason to implement the same thing multiple times. A nice side effect
is that fractional numbers like 0.5M can be used in qemu-io now.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c | 37 -
 cmd.h |  1 -
 qemu-io.c |  6 ++
 3 files changed, 6 insertions(+), 38 deletions(-)

diff --git a/cmd.c b/cmd.c
index 4e7579b..214c6f7 100644
--- a/cmd.c
+++ b/cmd.c
@@ -344,43 +344,6 @@ doneline(
 #define MEGABYTES(x)   ((long long)(x) << 20)
 #define KILOBYTES(x)   ((long long)(x) << 10)
 
-long long
-cvtnum(
-   char*s)
-{
-   long long   i;
-   char*sp;
-   int c;
-
-   i = strtoll(s, &sp, 0);
-   if (i == 0 && sp == s)
-   return -1LL;
-   if (*sp == '\0')
-   return i;
-
-   if (sp[1] != '\0')
-   return -1LL;
-
-   c = qemu_tolower(*sp);
-   switch (c) {
-   default:
-   return i;
-   case 'k':
-   return KILOBYTES(i);
-   case 'm':
-   return MEGABYTES(i);
-   case 'g':
-   return GIGABYTES(i);
-   case 't':
-   return TERABYTES(i);
-   case 'p':
-   return PETABYTES(i);
-   case 'e':
-   return  EXABYTES(i);
-   }
-   return -1LL;
-}
-
 #define TO_EXABYTES(x) ((x) / EXABYTES(1))
 #define TO_PETABYTES(x)((x) / PETABYTES(1))
 #define TO_TERABYTES(x)((x) / TERABYTES(1))
diff --git a/cmd.h b/cmd.h
index 8e6f753..4dcfe88 100644
--- a/cmd.h
+++ b/cmd.h
@@ -58,7 +58,6 @@ char **breakline(char *input, int *count);
 void doneline(char *input, char **vec);
 char *fetchline(void);
 
-long long cvtnum(char *s);
 void cvtstr(double value, char *str, size_t sz);
 
 struct timeval tsub(struct timeval t1, struct timeval t2);
diff --git a/qemu-io.c b/qemu-io.c
index 4288b8c..8a719a8 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -29,6 +29,12 @@ static BlockDriverState *bs;
 
 static int misalign;
 
+static int64_t cvtnum(const char *s)
+{
+char *end;
+return strtosz_suffix(s, &end, STRTOSZ_DEFSUFFIX_B);
+}
+
 /*
  * Parse the pattern argument to various sub-commands.
  *
-- 
1.8.1.4

[Qemu-devel] [PULL 11/26] qemu-io: Move qemu_strsep() to cutils.c

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c | 21 -
 include/qemu-common.h |  1 +
 util/cutils.c | 21 +
 3 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/cmd.c b/cmd.c
index 8496e74..f6bf2c5 100644
--- a/cmd.c
+++ b/cmd.c
@@ -255,27 +255,6 @@ fetchline(void)
 }
 #endif
 
-static char *qemu_strsep(char **input, const char *delim)
-{
-char *result = *input;
-if (result != NULL) {
-char *p;
-
-for (p = result; *p != '\0'; p++) {
-if (strchr(delim, *p)) {
-break;
-}
-}
-if (*p == '\0') {
-*input = NULL;
-} else {
-*p = '\0';
-*input = p + 1;
-}
-}
-return result;
-}
-
 char **breakline(char *input, int *count)
 {
 int c = 0;
diff --git a/include/qemu-common.h b/include/qemu-common.h
index d95ea1e..ed8b6e2 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -174,6 +174,7 @@ char *pstrcat(char *buf, int buf_size, const char *s);
 int strstart(const char *str, const char *val, const char **ptr);
 int stristart(const char *str, const char *val, const char **ptr);
 int qemu_strnlen(const char *s, int max_len);
+char *qemu_strsep(char **input, const char *delim);
 time_t mktimegm(struct tm *tm);
 int qemu_fls(int i);
 int qemu_fdatasync(int fd);
diff --git a/util/cutils.c b/util/cutils.c
index 8f28896..0116fcd 100644
--- a/util/cutils.c
+++ b/util/cutils.c
@@ -107,6 +107,27 @@ int qemu_strnlen(const char *s, int max_len)
 return i;
 }
 
+char *qemu_strsep(char **input, const char *delim)
+{
+char *result = *input;
+if (result != NULL) {
+char *p;
+
+for (p = result; *p != '\0'; p++) {
+if (strchr(delim, *p)) {
+break;
+}
+}
+if (*p == '\0') {
+*input = NULL;
+} else {
+*p = '\0';
+*input = p + 1;
+}
+}
+return result;
+}
+
 time_t mktimegm(struct tm *tm)
 {
 time_t t;
-- 
1.8.1.4

[Qemu-devel] [PULL 13/26] qemu-io: Move command_loop() and friends

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c | 139 --
 cmd.h |   9 
 qemu-io.c | 139 ++
 3 files changed, 139 insertions(+), 148 deletions(-)

diff --git a/cmd.c b/cmd.c
index 6616d61..26d38a8 100644
--- a/cmd.c
+++ b/cmd.c
@@ -31,145 +31,6 @@
 
 /* from libxcmd/command.c */
 
-static int ncmdline;
-static char**cmdline;
-
-
-void add_user_command(char *optarg)
-{
-cmdline = g_realloc(cmdline, ++ncmdline * sizeof(char *));
-cmdline[ncmdline-1] = optarg;
-}
-
-static void prep_fetchline(void *opaque)
-{
-int *fetchable = opaque;
-
-qemu_set_fd_handler(STDIN_FILENO, NULL, NULL, NULL);
-*fetchable= 1;
-}
-
-static char *get_prompt(void);
-
-void command_loop(void)
-{
-int i, done = 0, fetchable = 0, prompted = 0;
-char *input;
-
-for (i = 0; !done && i < ncmdline; i++) {
-done = qemuio_command(cmdline[i]);
-}
-if (cmdline) {
-g_free(cmdline);
-return;
-}
-
-while (!done) {
-if (!prompted) {
-printf("%s", get_prompt());
-fflush(stdout);
-qemu_set_fd_handler(STDIN_FILENO, prep_fetchline, NULL, 
&fetchable);
-prompted = 1;
-}
-
-main_loop_wait(false);
-
-if (!fetchable) {
-continue;
-}
-
-input = fetchline();
-if (input == NULL) {
-break;
-}
-done = qemuio_command(input);
-free(input);
-
-prompted = 0;
-fetchable = 0;
-}
-qemu_set_fd_handler(STDIN_FILENO, NULL, NULL, NULL);
-}
-
-/* from libxcmd/input.c */
-
-#if defined(ENABLE_READLINE)
-# include 
-# include 
-#elif defined(ENABLE_EDITLINE)
-# include 
-#endif
-
-static char *
-get_prompt(void)
-{
-   static char prompt[FILENAME_MAX + 2 /*"> "*/ + 1 /*"\0"*/ ];
-
-   if (!prompt[0])
-   snprintf(prompt, sizeof(prompt), "%s> ", progname);
-   return prompt;
-}
-
-#if defined(ENABLE_READLINE)
-char *
-fetchline(void)
-{
-   char*line;
-
-   line = readline(get_prompt());
-   if (line && *line)
-   add_history(line);
-   return line;
-}
-#elif defined(ENABLE_EDITLINE)
-static char *el_get_prompt(EditLine *e) { return get_prompt(); }
-char *
-fetchline(void)
-{
-   static EditLine *el;
-   static History  *hist;
-   HistEvent   hevent;
-   char*line;
-   int count;
-
-   if (!el) {
-   hist = history_init();
-   history(hist, &hevent, H_SETSIZE, 100);
-   el = el_init(progname, stdin, stdout, stderr);
-   el_source(el, NULL);
-   el_set(el, EL_SIGNAL, 1);
-   el_set(el, EL_PROMPT, el_get_prompt);
-   el_set(el, EL_HIST, history, (const char *)hist);
-   }
-   line = strdup(el_gets(el, &count));
-   if (line) {
-   if (count > 0)
-   line[count-1] = '\0';
-   if (*line)
-   history(hist, &hevent, H_ENTER, line);
-   }
-   return line;
-}
-#else
-# define MAXREADLINESZ 1024
-char *
-fetchline(void)
-{
-   char*p, *line = malloc(MAXREADLINESZ);
-
-   if (!line)
-   return NULL;
-   if (!fgets(line, MAXREADLINESZ, stdin)) {
-   free(line);
-   return NULL;
-   }
-   p = line + strlen(line);
-   if (p != line && p[-1] == '\n')
-   p[-1] = '\0';
-   return line;
-}
-#endif
-
 #define EXABYTES(x)((long long)(x) << 60)
 #define PETABYTES(x)   ((long long)(x) << 50)
 #define TERABYTES(x)   ((long long)(x) << 40)
diff --git a/cmd.h b/cmd.h
index 0d01a33..da0c7cf 100644
--- a/cmd.h
+++ b/cmd.h
@@ -39,18 +39,11 @@ typedef struct cmdinfo {
helpfunc_t  help;
 } cmdinfo_t;
 
-typedef int (*checkfunc_t)(BlockDriverState *bs, const cmdinfo_t *ci);
-
 void qemuio_add_command(const cmdinfo_t *ci);
-void add_user_command(char *optarg);
-void add_check_command(checkfunc_t cf);
 
-void command_loop(void);
 int qemuio_command_usage(const cmdinfo_t *ci);
 
 /* from input.h */
-char *fetchline(void);
-
 void cvtstr(double value, char *str, size_t sz);
 
 struct timeval tsub(struct timeval t1, struct timeval t2);
@@ -64,8 +57,6 @@ enum {
 
 void timestr(struct timeval *tv, char *str, size_t sz, int flags);
 
-extern char *progname;
-
 bool qemuio_command(const char *cmd);
 
 #endif /* __COMMAND_H__ */
diff --git a/qemu-io.c b/qemu-io.c
index 3bf5aec..eec8cbc 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -29,6 +29,10 @@ char *progname;
 BlockDriverState *qemuio_bs;
 extern int qemuio_misalign;
 
+/* qemu-io commands passed using -c */
+static int ncmdline;
+static char **cmdline;
+
 static int close_f(BlockDriverState *bs, int argc, char **argv)
 {
 bdrv_delete(bs);
@@ -174,6 +178,1

[Qemu-devel] [PULL 10/26] qemu-io: Move 'quit' function

[Stefan Hajnoczi]

From: Kevin Wolf 

This one only makes sense in the context of the qemu-io tool, so move it
to qemu-io.c. Adapt coding style and register it like other commands.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c | 29 -
 cmd.h |  2 --
 qemu-io.c | 17 -
 3 files changed, 16 insertions(+), 32 deletions(-)

diff --git a/cmd.c b/cmd.c
index 2941ad3..8496e74 100644
--- a/cmd.c
+++ b/cmd.c
@@ -410,32 +410,3 @@ timestr(
snprintf(ts, size, "0.%04u sec", (unsigned int) (usec * 1));
}
 }
-
-
-/* from libxcmd/quit.c */
-
-static cmdinfo_t quit_cmd;
-
-/* ARGSUSED */
-static int
-quit_f(
-BlockDriverState *bs,
-   int argc,
-   char**argv)
-{
-   return 1;
-}
-
-void
-quit_init(void)
-{
-   quit_cmd.name = _("quit");
-   quit_cmd.altname = _("q");
-   quit_cmd.cfunc = quit_f;
-   quit_cmd.argmin = -1;
-   quit_cmd.argmax = -1;
-   quit_cmd.flags = CMD_FLAG_GLOBAL;
-   quit_cmd.oneline = _("exit the program");
-
-   add_command(&quit_cmd);
-}
diff --git a/cmd.h b/cmd.h
index 89e7c6e..5b6f61b 100644
--- a/cmd.h
+++ b/cmd.h
@@ -42,8 +42,6 @@ typedef struct cmdinfo {
 extern cmdinfo_t   *cmdtab;
 extern int ncmds;
 
-void quit_init(void);
-
 typedef int (*checkfunc_t)(BlockDriverState *bs, const cmdinfo_t *ci);
 
 void add_command(const cmdinfo_t *ci);
diff --git a/qemu-io.c b/qemu-io.c
index 14eef2c..8f6c57e 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -137,6 +137,21 @@ static int open_f(BlockDriverState *bs, int argc, char 
**argv)
 return openfile(argv[optind], flags, growable);
 }
 
+static int quit_f(BlockDriverState *bs, int argc, char **argv)
+{
+return 1;
+}
+
+static const cmdinfo_t quit_cmd = {
+.name   = "quit",
+.altname= "q",
+.cfunc  = quit_f,
+.argmin = -1,
+.argmax = -1,
+.flags  = CMD_FLAG_GLOBAL,
+.oneline= "exit the program",
+};
+
 static void usage(const char *name)
 {
 printf(
@@ -247,7 +262,7 @@ int main(int argc, char **argv)
 bdrv_init();
 
 /* initialize commands */
-quit_init();
+add_command(&quit_cmd);
 add_command(&open_cmd);
 add_command(&close_cmd);
 
-- 
1.8.1.4

[Qemu-devel] [PULL 14/26] qemu-io: Move remaining helpers from cmd.c

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 Makefile   |   2 +-
 cmd.c  | 139 -
 cmd.h  |  14 --
 qemu-io-cmds.c | 104 ++
 4 files changed, 105 insertions(+), 154 deletions(-)
 delete mode 100644 cmd.c

diff --git a/Makefile b/Makefile
index cf932eb..87298e5 100644
--- a/Makefile
+++ b/Makefile
@@ -186,7 +186,7 @@ qemu-img.o: qemu-img-cmds.h
 
 qemu-img$(EXESUF): qemu-img.o $(block-obj-y) libqemuutil.a libqemustub.a
 qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) libqemuutil.a libqemustub.a
-qemu-io$(EXESUF): qemu-io.o qemu-io-cmds.o cmd.o $(block-obj-y) libqemuutil.a 
libqemustub.a
+qemu-io$(EXESUF): qemu-io.o qemu-io-cmds.o $(block-obj-y) libqemuutil.a 
libqemustub.a
 
 qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o
 
diff --git a/cmd.c b/cmd.c
deleted file mode 100644
index 26d38a8..000
--- a/cmd.c
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Copyright (c) 2003-2005 Silicon Graphics, Inc.
- * All Rights Reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it would be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-#include 
-
-#include "cmd.h"
-#include "block/aio.h"
-#include "qemu/main-loop.h"
-
-#define _(x)   x   /* not gettext support yet */
-
-/* from libxcmd/command.c */
-
-#define EXABYTES(x)((long long)(x) << 60)
-#define PETABYTES(x)   ((long long)(x) << 50)
-#define TERABYTES(x)   ((long long)(x) << 40)
-#define GIGABYTES(x)   ((long long)(x) << 30)
-#define MEGABYTES(x)   ((long long)(x) << 20)
-#define KILOBYTES(x)   ((long long)(x) << 10)
-
-#define TO_EXABYTES(x) ((x) / EXABYTES(1))
-#define TO_PETABYTES(x)((x) / PETABYTES(1))
-#define TO_TERABYTES(x)((x) / TERABYTES(1))
-#define TO_GIGABYTES(x)((x) / GIGABYTES(1))
-#define TO_MEGABYTES(x)((x) / MEGABYTES(1))
-#define TO_KILOBYTES(x)((x) / KILOBYTES(1))
-
-void
-cvtstr(
-   double  value,
-   char*str,
-   size_t  size)
-{
-   char*trim;
-   const char  *suffix;
-
-   if (value >= EXABYTES(1)) {
-   suffix = " EiB";
-   snprintf(str, size - 4, "%.3f", TO_EXABYTES(value));
-   } else if (value >= PETABYTES(1)) {
-   suffix = " PiB";
-   snprintf(str, size - 4, "%.3f", TO_PETABYTES(value));
-   } else if (value >= TERABYTES(1)) {
-   suffix = " TiB";
-   snprintf(str, size - 4, "%.3f", TO_TERABYTES(value));
-   } else if (value >= GIGABYTES(1)) {
-   suffix = " GiB";
-   snprintf(str, size - 4, "%.3f", TO_GIGABYTES(value));
-   } else if (value >= MEGABYTES(1)) {
-   suffix = " MiB";
-   snprintf(str, size - 4, "%.3f", TO_MEGABYTES(value));
-   } else if (value >= KILOBYTES(1)) {
-   suffix = " KiB";
-   snprintf(str, size - 4, "%.3f", TO_KILOBYTES(value));
-   } else {
-   suffix = " bytes";
-   snprintf(str, size - 6, "%f", value);
-   }
-
-   trim = strstr(str, ".000");
-   if (trim) {
-   strcpy(trim, suffix);
-   } else {
-   strcat(str, suffix);
-   }
-}
-
-struct timeval
-tsub(struct timeval t1, struct timeval t2)
-{
-   t1.tv_usec -= t2.tv_usec;
-   if (t1.tv_usec < 0) {
-   t1.tv_usec += 100;
-   t1.tv_sec--;
-   }
-   t1.tv_sec -= t2.tv_sec;
-   return t1;
-}
-
-double
-tdiv(double value, struct timeval tv)
-{
-   return value / ((double)tv.tv_sec + ((double)tv.tv_usec / 100.0));
-}
-
-#define HOURS(sec) ((sec) / (60 * 60))
-#define MINUTES(sec)   (((sec) % (60 * 60)) / 60)
-#define SECONDS(sec)   ((sec) % 60)
-
-void
-timestr(
-   struct timeval  *tv,
-   char*ts,
-   size_t  size,
-   int format)
-{
-   double  usec = (double)tv->tv_usec / 100.0;
-
-   if (format & TERSE_FIXED_TIME) {
-   if (!HOURS(tv->tv_sec)) {
-   snprintf(ts, size, "%u:%02u.%02u",
-   (unsigned int) MINUTES(tv->tv_sec),
-   (unsigned int) SECONDS(tv->tv_sec),
-   (unsigned int) (usec * 100));
-   return;
-   }
-   format |= VER

[Qemu-devel] [PULL 19/26] ide-test: Add enum value for DEV

[Stefan Hajnoczi]

From: Kevin Wolf 

Get rid of the magic number.

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 tests/ide-test.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/ide-test.c b/tests/ide-test.c
index 365e995..1c31a2e 100644
--- a/tests/ide-test.c
+++ b/tests/ide-test.c
@@ -64,6 +64,7 @@ enum {
 };
 
 enum {
+DEV = 0x10,
 LBA = 0x40,
 };
 
@@ -394,7 +395,7 @@ static void test_identify(void)
 
 /* Read in the IDENTIFY buffer and check registers */
 data = inb(IDE_BASE + reg_device);
-g_assert_cmpint(data & 0x10, ==, 0);
+g_assert_cmpint(data & DEV, ==, 0);
 
 for (i = 0; i < 256; i++) {
 data = inb(IDE_BASE + reg_status);
-- 
1.8.1.4

[Qemu-devel] [PULL 17/26] Make qemu-io commands available in HMP

[Stefan Hajnoczi]

From: Kevin Wolf 

It was decided to not make this command available in QMP in order to
make clear that this is not supposed to be a stable API and should be
used only for testing and debugging purposes.

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 Makefile|  2 +-
 Makefile.objs   |  1 +
 hmp-commands.hx | 16 
 hmp.c   | 18 ++
 hmp.h   |  1 +
 5 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 87298e5..9a77ae0 100644
--- a/Makefile
+++ b/Makefile
@@ -186,7 +186,7 @@ qemu-img.o: qemu-img-cmds.h
 
 qemu-img$(EXESUF): qemu-img.o $(block-obj-y) libqemuutil.a libqemustub.a
 qemu-nbd$(EXESUF): qemu-nbd.o $(block-obj-y) libqemuutil.a libqemustub.a
-qemu-io$(EXESUF): qemu-io.o qemu-io-cmds.o $(block-obj-y) libqemuutil.a 
libqemustub.a
+qemu-io$(EXESUF): qemu-io.o $(block-obj-y) libqemuutil.a libqemustub.a
 
 qemu-bridge-helper$(EXESUF): qemu-bridge-helper.o
 
diff --git a/Makefile.objs b/Makefile.objs
index 286ce06..5b288ba 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -13,6 +13,7 @@ block-obj-$(CONFIG_POSIX) += aio-posix.o
 block-obj-$(CONFIG_WIN32) += aio-win32.o
 block-obj-y += block/
 block-obj-y += qapi-types.o qapi-visit.o
+block-obj-y += qemu-io-cmds.o
 
 block-obj-y += qemu-coroutine.o qemu-coroutine-lock.o qemu-coroutine-io.o
 block-obj-y += qemu-coroutine-sleep.o
diff --git a/hmp-commands.hx b/hmp-commands.hx
index 4f5a3fd..396691a 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -1553,6 +1553,22 @@ Removes the chardev @var{id}.
 ETEXI
 
 {
+.name   = "qemu-io",
+.args_type  = "device:B,command:s",
+.params = "[device] \"[command]\"",
+.help   = "run a qemu-io command on a block device",
+.mhandler.cmd = hmp_qemu_io,
+},
+
+STEXI
+@item qemu-io @var{device} @var{command}
+@findex qemu-io
+
+Executes a qemu-io command on the given block device.
+
+ETEXI
+
+{
 .name   = "info",
 .args_type  = "item:s?",
 .params = "[subcommand]",
diff --git a/hmp.c b/hmp.c
index 4fb76ec..64e0baa 100644
--- a/hmp.c
+++ b/hmp.c
@@ -22,6 +22,7 @@
 #include "qemu/sockets.h"
 #include "monitor/monitor.h"
 #include "ui/console.h"
+#include "qemu-io.h"
 
 static void hmp_handle_error(Monitor *mon, Error **errp)
 {
@@ -1425,3 +1426,20 @@ void hmp_chardev_remove(Monitor *mon, const QDict *qdict)
 qmp_chardev_remove(qdict_get_str(qdict, "id"), &local_err);
 hmp_handle_error(mon, &local_err);
 }
+
+void hmp_qemu_io(Monitor *mon, const QDict *qdict)
+{
+BlockDriverState *bs;
+const char* device = qdict_get_str(qdict, "device");
+const char* command = qdict_get_str(qdict, "command");
+Error *err = NULL;
+
+bs = bdrv_find(device);
+if (bs) {
+qemuio_command(bs, command);
+} else {
+error_set(&err, QERR_DEVICE_NOT_FOUND, device);
+}
+
+hmp_handle_error(mon, &err);
+}
diff --git a/hmp.h b/hmp.h
index 95fe76e..56d2e92 100644
--- a/hmp.h
+++ b/hmp.h
@@ -85,5 +85,6 @@ void hmp_nbd_server_add(Monitor *mon, const QDict *qdict);
 void hmp_nbd_server_stop(Monitor *mon, const QDict *qdict);
 void hmp_chardev_add(Monitor *mon, const QDict *qdict);
 void hmp_chardev_remove(Monitor *mon, const QDict *qdict);
+void hmp_qemu_io(Monitor *mon, const QDict *qdict);
 
 #endif
-- 
1.8.1.4

[Qemu-devel] [PULL 22/26] block: add snapshot info query function bdrv_query_snapshot_info_list()

[Stefan Hajnoczi]

From: Wenchao Xia 

This patch adds function bdrv_query_snapshot_info_list(), which will
retrieve snapshot info of an image in qmp object format. The implementation
is based on the code moved from qemu-img.c with modification to fit more
for qmp based block layer API.

Signed-off-by: Wenchao Xia 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 block/qapi.c | 55 +++-
 include/block/qapi.h |  4 +++-
 qemu-img.c   |  5 -
 3 files changed, 49 insertions(+), 15 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 794dbf8..1ed56da 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -26,29 +26,56 @@
 #include "block/block_int.h"
 #include "qmp-commands.h"
 
-void bdrv_collect_snapshots(BlockDriverState *bs , ImageInfo *info)
+/*
+ * Returns 0 on success, with *p_list either set to describe snapshot
+ * information, or NULL because there are no snapshots.  Returns -errno on
+ * error, with *p_list untouched.
+ */
+int bdrv_query_snapshot_info_list(BlockDriverState *bs,
+  SnapshotInfoList **p_list,
+  Error **errp)
 {
 int i, sn_count;
 QEMUSnapshotInfo *sn_tab = NULL;
-SnapshotInfoList *info_list, *cur_item = NULL;
+SnapshotInfoList *info_list, *cur_item = NULL, *head = NULL;
+SnapshotInfo *info;
+
 sn_count = bdrv_snapshot_list(bs, &sn_tab);
+if (sn_count < 0) {
+const char *dev = bdrv_get_device_name(bs);
+switch (sn_count) {
+case -ENOMEDIUM:
+error_setg(errp, "Device '%s' is not inserted", dev);
+break;
+case -ENOTSUP:
+error_setg(errp,
+   "Device '%s' does not support internal snapshots",
+   dev);
+break;
+default:
+error_setg_errno(errp, -sn_count,
+ "Can't list snapshots of device '%s'", dev);
+break;
+}
+return sn_count;
+}
 
 for (i = 0; i < sn_count; i++) {
-info->has_snapshots = true;
-info_list = g_new0(SnapshotInfoList, 1);
+info = g_new0(SnapshotInfo, 1);
+info->id= g_strdup(sn_tab[i].id_str);
+info->name  = g_strdup(sn_tab[i].name);
+info->vm_state_size = sn_tab[i].vm_state_size;
+info->date_sec  = sn_tab[i].date_sec;
+info->date_nsec = sn_tab[i].date_nsec;
+info->vm_clock_sec  = sn_tab[i].vm_clock_nsec / 10;
+info->vm_clock_nsec = sn_tab[i].vm_clock_nsec % 10;
 
-info_list->value= g_new0(SnapshotInfo, 1);
-info_list->value->id= g_strdup(sn_tab[i].id_str);
-info_list->value->name  = g_strdup(sn_tab[i].name);
-info_list->value->vm_state_size = sn_tab[i].vm_state_size;
-info_list->value->date_sec  = sn_tab[i].date_sec;
-info_list->value->date_nsec = sn_tab[i].date_nsec;
-info_list->value->vm_clock_sec  = sn_tab[i].vm_clock_nsec / 10;
-info_list->value->vm_clock_nsec = sn_tab[i].vm_clock_nsec % 10;
+info_list = g_new0(SnapshotInfoList, 1);
+info_list->value = info;
 
 /* XXX: waiting for the qapi to support qemu-queue.h types */
 if (!cur_item) {
-info->snapshots = cur_item = info_list;
+head = cur_item = info_list;
 } else {
 cur_item->next = info_list;
 cur_item = info_list;
@@ -57,6 +84,8 @@ void bdrv_collect_snapshots(BlockDriverState *bs , ImageInfo 
*info)
 }
 
 g_free(sn_tab);
+*p_list = head;
+return 0;
 }
 
 void bdrv_collect_image_info(BlockDriverState *bs,
diff --git a/include/block/qapi.h b/include/block/qapi.h
index e6e568d..4f223d1 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -29,7 +29,9 @@
 #include "block/block.h"
 #include "block/snapshot.h"
 
-void bdrv_collect_snapshots(BlockDriverState *bs , ImageInfo *info);
+int bdrv_query_snapshot_info_list(BlockDriverState *bs,
+  SnapshotInfoList **p_list,
+  Error **errp);
 void bdrv_collect_image_info(BlockDriverState *bs,
  ImageInfo *info,
  const char *filename);
diff --git a/qemu-img.c b/qemu-img.c
index e089c78..e3d8fe3 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1667,7 +1667,10 @@ static ImageInfoList *collect_image_info_list(const char 
*filename,
 
 info = g_new0(ImageInfo, 1);
 bdrv_collect_image_info(bs, info, filename);
-bdrv_collect_snapshots(bs, info);
+bdrv_query_snapshot_info_list(bs, &info->snapshots, NULL);
+if (info->snapshots) {
+info->has_snapshots = true;
+}
 
 elem = g_new0(ImageInfoList, 1);
 elem->value = info;
-- 
1.8.1.4

[Qemu-devel] [PULL 15/26] qemu-io: Interface cleanup

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.h | 48 
 include/qemu-io.h | 46 ++
 qemu-io-cmds.c| 14 +++---
 qemu-io.c |  7 +++
 4 files changed, 56 insertions(+), 59 deletions(-)
 delete mode 100644 cmd.h
 create mode 100644 include/qemu-io.h

diff --git a/cmd.h b/cmd.h
deleted file mode 100644
index 9907795..000
--- a/cmd.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2000-2005 Silicon Graphics, Inc.
- * All Rights Reserved.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it would be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see .
- */
-#ifndef __COMMAND_H__
-#define __COMMAND_H__
-
-#include "qemu-common.h"
-
-#define CMD_FLAG_GLOBAL((int)0x8000)   /* don't iterate "args" 
*/
-
-extern BlockDriverState *qemuio_bs;
-
-typedef int (*cfunc_t)(BlockDriverState *bs, int argc, char **argv);
-typedef void (*helpfunc_t)(void);
-
-typedef struct cmdinfo {
-   const char  *name;
-   const char  *altname;
-   cfunc_t cfunc;
-   int argmin;
-   int argmax;
-   int canpush;
-   int flags;
-   const char  *args;
-   const char  *oneline;
-   helpfunc_t  help;
-} cmdinfo_t;
-
-void qemuio_add_command(const cmdinfo_t *ci);
-
-int qemuio_command_usage(const cmdinfo_t *ci);
-
-bool qemuio_command(const char *cmd);
-
-#endif /* __COMMAND_H__ */
diff --git a/include/qemu-io.h b/include/qemu-io.h
new file mode 100644
index 000..a418b46
--- /dev/null
+++ b/include/qemu-io.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2000-2005 Silicon Graphics, Inc.
+ * All Rights Reserved.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it would be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#ifndef QEMU_IO_H
+#define QEMU_IO_H
+
+#include "qemu-common.h"
+
+#define CMD_FLAG_GLOBAL ((int)0x8000) /* don't iterate "args" */
+
+typedef int (*cfunc_t)(BlockDriverState *bs, int argc, char **argv);
+typedef void (*helpfunc_t)(void);
+
+typedef struct cmdinfo {
+const char* name;
+const char* altname;
+cfunc_t cfunc;
+int argmin;
+int argmax;
+int canpush;
+int flags;
+const char  *args;
+const char  *oneline;
+helpfunc_t  help;
+} cmdinfo_t;
+
+bool qemuio_command(BlockDriverState *bs, const char *cmd);
+
+void qemuio_add_command(const cmdinfo_t *ci);
+int qemuio_command_usage(const cmdinfo_t *ci);
+
+#endif /* QEMU_IO_H */
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index 05ce342..ffbcf31 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -8,9 +8,8 @@
  * See the COPYING file in the top-level directory.
  */
 
-#include "qemu-common.h"
+#include "qemu-io.h"
 #include "block/block_int.h"
-#include "cmd.h"
 
 #define CMD_NOFILE_OK   0x01
 
@@ -50,11 +49,12 @@ static int init_check_command(BlockDriverState *bs, const 
cmdinfo_t *ct)
 return 1;
 }
 
-static int command(const cmdinfo_t *ct, int argc, char **argv)
+static int command(BlockDriverState *bs, const cmdinfo_t *ct, int argc,
+   char **argv)
 {
 char *cmd = argv[0];
 
-if (!init_check_command(qemuio_bs, ct)) {
+if (!init_check_command(bs, ct)) {
 return 0;
 }
 
@@ -75,7 +75,7 @@ static int command(const cmdinfo_t *ct, int argc, char **argv)
 return 0;
 }
 optind = 0;
-return ct->cfunc(qemuio_bs, argc, argv);
+return ct->cfunc(bs, argc, argv);
 }
 
 static const cmdinfo_t *find_command(const char *cmd)
@@ -2068,7 +2068,7 @@ static const cmdinfo_t help_cmd = {
 .oneline= "help for one or all commands",
 };
 
-bool qemuio_command(const char *cmd)
+bool qemuio_command(BlockDriverState *bs, const char *cmd)
 {
 char *input;
 const cmdinfo_t *ct;
@@ -2081,7 +2081,7 @@ bool qemuio_command(const char *cmd)
 if (c) {
 ct = find_command(v[0]);
 if (ct) {
-   

[Qemu-devel] [PULL 18/26] blkdebug: Add BLKDBG_FLUSH_TO_OS/DISK events

[Stefan Hajnoczi]

From: Kevin Wolf 

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 block.c   | 8 
 block/blkdebug.c  | 3 +++
 include/block/block.h | 3 +++
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/block.c b/block.c
index 3f616de..79ad33d 100644
--- a/block.c
+++ b/block.c
@@ -3186,13 +3186,11 @@ int bdrv_load_vmstate(BlockDriverState *bs, uint8_t 
*buf,
 
 void bdrv_debug_event(BlockDriverState *bs, BlkDebugEvent event)
 {
-BlockDriver *drv = bs->drv;
-
-if (!drv || !drv->bdrv_debug_event) {
+if (!bs || !bs->drv || !bs->drv->bdrv_debug_event) {
 return;
 }
 
-drv->bdrv_debug_event(bs, event);
+bs->drv->bdrv_debug_event(bs, event);
 }
 
 int bdrv_debug_breakpoint(BlockDriverState *bs, const char *event,
@@ -4024,6 +4022,7 @@ int coroutine_fn bdrv_co_flush(BlockDriverState *bs)
 }
 
 /* Write back cached data to the OS even with cache=unsafe */
+BLKDBG_EVENT(bs->file, BLKDBG_FLUSH_TO_OS);
 if (bs->drv->bdrv_co_flush_to_os) {
 ret = bs->drv->bdrv_co_flush_to_os(bs);
 if (ret < 0) {
@@ -4036,6 +4035,7 @@ int coroutine_fn bdrv_co_flush(BlockDriverState *bs)
 goto flush_parent;
 }
 
+BLKDBG_EVENT(bs->file, BLKDBG_FLUSH_TO_DISK);
 if (bs->drv->bdrv_co_flush_to_disk) {
 ret = bs->drv->bdrv_co_flush_to_disk(bs);
 } else if (bs->drv->bdrv_aio_flush) {
diff --git a/block/blkdebug.c b/block/blkdebug.c
index 71f99e4..ccb627a 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -182,6 +182,9 @@ static const char *event_names[BLKDBG_EVENT_MAX] = {
 [BLKDBG_CLUSTER_ALLOC]  = "cluster_alloc",
 [BLKDBG_CLUSTER_ALLOC_BYTES]= "cluster_alloc_bytes",
 [BLKDBG_CLUSTER_FREE]   = "cluster_free",
+
+[BLKDBG_FLUSH_TO_OS]= "flush_to_os",
+[BLKDBG_FLUSH_TO_DISK]  = "flush_to_disk",
 };
 
 static int get_event_by_name(const char *name, BlkDebugEvent *event)
diff --git a/include/block/block.h b/include/block/block.h
index dc5b388..2307f67 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -424,6 +424,9 @@ typedef enum {
 BLKDBG_CLUSTER_ALLOC_BYTES,
 BLKDBG_CLUSTER_FREE,
 
+BLKDBG_FLUSH_TO_OS,
+BLKDBG_FLUSH_TO_DISK,
+
 BLKDBG_EVENT_MAX,
 } BlkDebugEvent;
 
-- 
1.8.1.4

[Qemu-devel] [PULL 23/26] block: add image info query function bdrv_query_image_info()

[Stefan Hajnoczi]

From: Wenchao Xia 

This patch adds function bdrv_query_image_info(), which will
retrieve image info in qmp object format. The implementation is
based on the code moved from qemu-img.c, but uses block layer
function to get snapshot info.

Signed-off-by: Wenchao Xia 
Signed-off-by: Stefan Hajnoczi 
---
 block/qapi.c | 43 +--
 include/block/qapi.h |  6 +++---
 qemu-img.c   | 11 ++-
 3 files changed, 46 insertions(+), 14 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 1ed56da..e9d8b74 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -88,18 +88,29 @@ int bdrv_query_snapshot_info_list(BlockDriverState *bs,
 return 0;
 }
 
-void bdrv_collect_image_info(BlockDriverState *bs,
- ImageInfo *info,
- const char *filename)
+/**
+ * bdrv_query_image_info:
+ * @bs: block device to examine
+ * @p_info: location to store image information
+ * @errp: location to store error information
+ *
+ * @p_info will be set only on success. On error, store error in @errp.
+ */
+void bdrv_query_image_info(BlockDriverState *bs,
+   ImageInfo **p_info,
+   Error **errp)
 {
 uint64_t total_sectors;
-char backing_filename[1024];
+const char *backing_filename;
 char backing_filename2[1024];
 BlockDriverInfo bdi;
+int ret;
+Error *err = NULL;
+ImageInfo *info = g_new0(ImageInfo, 1);
 
 bdrv_get_geometry(bs, &total_sectors);
 
-info->filename= g_strdup(filename);
+info->filename= g_strdup(bs->filename);
 info->format  = g_strdup(bdrv_get_format_name(bs));
 info->virtual_size= total_sectors * 512;
 info->actual_size = bdrv_get_allocated_file_size(bs);
@@ -116,7 +127,7 @@ void bdrv_collect_image_info(BlockDriverState *bs,
 info->dirty_flag = bdi.is_dirty;
 info->has_dirty_flag = true;
 }
-bdrv_get_backing_filename(bs, backing_filename, sizeof(backing_filename));
+backing_filename = bs->backing_file;
 if (backing_filename[0] != '\0') {
 info->backing_filename = g_strdup(backing_filename);
 info->has_backing_filename = true;
@@ -134,6 +145,26 @@ void bdrv_collect_image_info(BlockDriverState *bs,
 info->has_backing_filename_format = true;
 }
 }
+
+ret = bdrv_query_snapshot_info_list(bs, &info->snapshots, &err);
+switch (ret) {
+case 0:
+if (info->snapshots) {
+info->has_snapshots = true;
+}
+break;
+/* recoverable error */
+case -ENOMEDIUM:
+case -ENOTSUP:
+error_free(err);
+break;
+default:
+error_propagate(errp, err);
+qapi_free_ImageInfo(info);
+return;
+}
+
+*p_info = info;
 }
 
 BlockInfo *bdrv_query_info(BlockDriverState *bs)
diff --git a/include/block/qapi.h b/include/block/qapi.h
index 4f223d1..ab1f48f 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -32,9 +32,9 @@
 int bdrv_query_snapshot_info_list(BlockDriverState *bs,
   SnapshotInfoList **p_list,
   Error **errp);
-void bdrv_collect_image_info(BlockDriverState *bs,
- ImageInfo *info,
- const char *filename);
+void bdrv_query_image_info(BlockDriverState *bs,
+   ImageInfo **p_info,
+   Error **errp);
 BlockInfo *bdrv_query_info(BlockDriverState *s);
 BlockStats *bdrv_query_stats(const BlockDriverState *bs);
 
diff --git a/qemu-img.c b/qemu-img.c
index e3d8fe3..809b4f1 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -1644,6 +1644,7 @@ static ImageInfoList *collect_image_info_list(const char 
*filename,
 ImageInfoList *head = NULL;
 ImageInfoList **last = &head;
 GHashTable *filenames;
+Error *err = NULL;
 
 filenames = g_hash_table_new_full(g_str_hash, str_equal_func, NULL, NULL);
 
@@ -1665,11 +1666,11 @@ static ImageInfoList *collect_image_info_list(const 
char *filename,
 goto err;
 }
 
-info = g_new0(ImageInfo, 1);
-bdrv_collect_image_info(bs, info, filename);
-bdrv_query_snapshot_info_list(bs, &info->snapshots, NULL);
-if (info->snapshots) {
-info->has_snapshots = true;
+bdrv_query_image_info(bs, &info, &err);
+if (error_is_set(&err)) {
+error_report("%s", error_get_pretty(err));
+error_free(err);
+goto err;
 }
 
 elem = g_new0(ImageInfoList, 1);
-- 
1.8.1.4

[Qemu-devel] [PULL 25/26] hmp: show ImageInfo in 'info block'

[Stefan Hajnoczi]

From: Wenchao Xia 

Now human monitor can show image details, include internal
snapshot and backing chain info for every block device.

Signed-off-by: Wenchao Xia 
Signed-off-by: Stefan Hajnoczi 
---
 hmp.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/hmp.c b/hmp.c
index 64e0baa..4fc3bfe 100644
--- a/hmp.c
+++ b/hmp.c
@@ -22,6 +22,7 @@
 #include "qemu/sockets.h"
 #include "monitor/monitor.h"
 #include "ui/console.h"
+#include "block/qapi.h"
 #include "qemu-io.h"
 
 static void hmp_handle_error(Monitor *mon, Error **errp)
@@ -278,6 +279,7 @@ void hmp_info_cpus(Monitor *mon, const QDict *qdict)
 void hmp_info_block(Monitor *mon, const QDict *qdict)
 {
 BlockInfoList *block_list, *info;
+ImageInfo *image_info;
 
 block_list = qmp_query_block(NULL);
 
@@ -319,6 +321,18 @@ void hmp_info_block(Monitor *mon, const QDict *qdict)
 info->value->inserted->iops,
 info->value->inserted->iops_rd,
 info->value->inserted->iops_wr);
+
+monitor_printf(mon, " images:\n");
+image_info = info->value->inserted->image;
+while (1) {
+bdrv_image_info_dump((fprintf_function)monitor_printf, mon,
+ image_info);
+if (image_info->has_backing_image) {
+image_info = image_info->backing_image;
+} else {
+break;
+}
+}
 } else {
 monitor_printf(mon, " [not inserted]");
 }
-- 
1.8.1.4

[Qemu-devel] [PULL 20/26] ide: Set BSY bit during FLUSH

[Stefan Hajnoczi]

From: Andreas Färber 

The implementation of the ATA FLUSH command invokes a flush at the block
layer, which may on raw files on POSIX entail a synchronous fdatasync().
This may in some cases take so long that the SLES 11 SP1 guest driver
reports I/O errors and filesystems get corrupted or remounted read-only.

Avoid this by setting BUSY_STAT, so that the guest is made aware we are
in the middle of an operation and no ATA commands are attempted to be
processed concurrently.

Addresses BNC#637297.

Suggested-by: Gonglei (Arei) 
Signed-off-by: Andreas Färber 
Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 hw/ide/core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/ide/core.c b/hw/ide/core.c
index c7a8041..9926d92 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -814,6 +814,7 @@ void ide_flush_cache(IDEState *s)
 return;
 }
 
+s->status |= BUSY_STAT;
 bdrv_acct_start(s->bs, &s->acct, 0, BDRV_ACCT_FLUSH);
 bdrv_aio_flush(s->bs, ide_flush_cb, s);
 }
-- 
1.8.1.4

[Qemu-devel] [PULL 24/26] qmp: add ImageInfo in BlockDeviceInfo used by query-block

[Stefan Hajnoczi]

From: Wenchao Xia 

Now image info will be retrieved as an embbed json object inside
BlockDeviceInfo, backing chain info and all related internal snapshot
info can be got in the enhanced recursive structure of ImageInfo. New
recursive member *backing-image is added to reflect the backing chain
status.

Signed-off-by: Wenchao Xia 
Signed-off-by: Stefan Hajnoczi 
---
 block/qapi.c | 50 ++---
 include/block/qapi.h |  4 ++-
 qapi-schema.json | 10 ++--
 qmp-commands.hx  | 69 ++--
 4 files changed, 125 insertions(+), 8 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index e9d8b74..a4bc411 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -94,6 +94,13 @@ int bdrv_query_snapshot_info_list(BlockDriverState *bs,
  * @p_info: location to store image information
  * @errp: location to store error information
  *
+ * Store "flat" image information in @p_info.
+ *
+ * "Flat" means it does *not* query backing image information,
+ * i.e. (*pinfo)->has_backing_image will be set to false and
+ * (*pinfo)->backing_image to NULL even when the image does in fact have
+ * a backing image.
+ *
  * @p_info will be set only on success. On error, store error in @errp.
  */
 void bdrv_query_image_info(BlockDriverState *bs,
@@ -167,9 +174,15 @@ void bdrv_query_image_info(BlockDriverState *bs,
 *p_info = info;
 }
 
-BlockInfo *bdrv_query_info(BlockDriverState *bs)
+/* @p_info will be set only on success. */
+void bdrv_query_info(BlockDriverState *bs,
+ BlockInfo **p_info,
+ Error **errp)
 {
 BlockInfo *info = g_malloc0(sizeof(*info));
+BlockDriverState *bs0;
+ImageInfo **p_image_info;
+Error *local_err = NULL;
 info->device = g_strdup(bs->device_name);
 info->type = g_strdup("unknown");
 info->locked = bdrv_dev_is_medium_locked(bs);
@@ -223,8 +236,30 @@ BlockInfo *bdrv_query_info(BlockDriverState *bs)
 info->inserted->iops_wr =
bs->io_limits.iops[BLOCK_IO_LIMIT_WRITE];
 }
+
+bs0 = bs;
+p_image_info = &info->inserted->image;
+while (1) {
+bdrv_query_image_info(bs0, p_image_info, &local_err);
+if (error_is_set(&local_err)) {
+error_propagate(errp, local_err);
+goto err;
+}
+if (bs0->drv && bs0->backing_hd) {
+bs0 = bs0->backing_hd;
+(*p_image_info)->has_backing_image = true;
+p_image_info = &((*p_image_info)->backing_image);
+} else {
+break;
+}
+}
 }
-return info;
+
+*p_info = info;
+return;
+
+ err:
+qapi_free_BlockInfo(info);
 }
 
 BlockStats *bdrv_query_stats(const BlockDriverState *bs)
@@ -261,16 +296,25 @@ BlockInfoList *qmp_query_block(Error **errp)
 {
 BlockInfoList *head = NULL, **p_next = &head;
 BlockDriverState *bs = NULL;
+Error *local_err = NULL;
 
  while ((bs = bdrv_next(bs))) {
 BlockInfoList *info = g_malloc0(sizeof(*info));
-info->value = bdrv_query_info(bs);
+bdrv_query_info(bs, &info->value, &local_err);
+if (error_is_set(&local_err)) {
+error_propagate(errp, local_err);
+goto err;
+}
 
 *p_next = info;
 p_next = &info->next;
 }
 
 return head;
+
+ err:
+qapi_free_BlockInfoList(head);
+return NULL;
 }
 
 BlockStatsList *qmp_query_blockstats(Error **errp)
diff --git a/include/block/qapi.h b/include/block/qapi.h
index ab1f48f..0496cc9 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -35,7 +35,9 @@ int bdrv_query_snapshot_info_list(BlockDriverState *bs,
 void bdrv_query_image_info(BlockDriverState *bs,
ImageInfo **p_info,
Error **errp);
-BlockInfo *bdrv_query_info(BlockDriverState *s);
+void bdrv_query_info(BlockDriverState *bs,
+ BlockInfo **p_info,
+ Error **errp);
 BlockStats *bdrv_query_stats(const BlockDriverState *bs);
 
 void bdrv_snapshot_dump(fprintf_function func_fprintf, void *f,
diff --git a/qapi-schema.json b/qapi-schema.json
index ef1f657..5ad6894 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -236,6 +236,8 @@
 #
 # @snapshots: #optional list of VM snapshots
 #
+# @backing-image: #optional info of the backing image (since 1.6)
+#
 # Since: 1.3
 #
 ##
@@ -245,7 +247,8 @@
'*actual-size': 'int', 'virtual-size': 'int',
'*cluster-size': 'int', '*encrypted': 'bool',
'*backing-filename': 'str', '*full-backing-filename': 'str',
-   '*backing-filename-format': 'str', '*snapshots': ['SnapshotInfo'] } 
}
+   '*backing-filename-format': 'str', '*snapshots': ['SnapshotInfo'],
+   '*backing-image': 'ImageInfo' } }
 
 ##
 # @ImageCheck:
@@ -756,6 +759,8 @@
 #
 # @iops_wr: write I/O operations per 

Re: [Qemu-devel] [PULL 20/26] ide: Set BSY bit during FLUSH

[Paolo Bonzini]

Il 07/06/2013 07:58, Stefan Hajnoczi ha scritto:
> From: Andreas Färber 
> 
> The implementation of the ATA FLUSH command invokes a flush at the block
> layer, which may on raw files on POSIX entail a synchronous fdatasync().
> This may in some cases take so long that the SLES 11 SP1 guest driver
> reports I/O errors and filesystems get corrupted or remounted read-only.
> 
> Avoid this by setting BUSY_STAT, so that the guest is made aware we are
> in the middle of an operation and no ATA commands are attempted to be
> processed concurrently.
> 
> Addresses BNC#637297.
> 
> Suggested-by: Gonglei (Arei) 
> Signed-off-by: Andreas Färber 
> Signed-off-by: Kevin Wolf 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  hw/ide/core.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/ide/core.c b/hw/ide/core.c
> index c7a8041..9926d92 100644
> --- a/hw/ide/core.c
> +++ b/hw/ide/core.c
> @@ -814,6 +814,7 @@ void ide_flush_cache(IDEState *s)
>  return;
>  }
>  
> +s->status |= BUSY_STAT;
>  bdrv_acct_start(s->bs, &s->acct, 0, BDRV_ACCT_FLUSH);
>  bdrv_aio_flush(s->bs, ide_flush_cb, s);
>  }
> 

Cc: qemu-sta...@nongnu.org

[Qemu-devel] [PULL 26/26] hmp: add parameters device and -v for info block

[Stefan Hajnoczi]

From: Wenchao Xia 

With these parameters, user can choose the information to be showed,
to avoid message flood in the monitor.

Signed-off-by: Wenchao Xia 
Signed-off-by: Stefan Hajnoczi 
---
 hmp.c | 25 -
 monitor.c |  7 ---
 2 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/hmp.c b/hmp.c
index 4fc3bfe..494a9aa 100644
--- a/hmp.c
+++ b/hmp.c
@@ -280,10 +280,15 @@ void hmp_info_block(Monitor *mon, const QDict *qdict)
 {
 BlockInfoList *block_list, *info;
 ImageInfo *image_info;
+const char *device = qdict_get_try_str(qdict, "device");
+bool verbose = qdict_get_try_bool(qdict, "verbose", 0);
 
 block_list = qmp_query_block(NULL);
 
 for (info = block_list; info; info = info->next) {
+if (device && strcmp(device, info->value->device)) {
+continue;
+}
 monitor_printf(mon, "%s: removable=%d",
info->value->device, info->value->removable);
 
@@ -322,15 +327,17 @@ void hmp_info_block(Monitor *mon, const QDict *qdict)
 info->value->inserted->iops_rd,
 info->value->inserted->iops_wr);
 
-monitor_printf(mon, " images:\n");
-image_info = info->value->inserted->image;
-while (1) {
-bdrv_image_info_dump((fprintf_function)monitor_printf, mon,
- image_info);
-if (image_info->has_backing_image) {
-image_info = image_info->backing_image;
-} else {
-break;
+if (verbose) {
+monitor_printf(mon, " images:\n");
+image_info = info->value->inserted->image;
+while (1) {
+bdrv_image_info_dump((fprintf_function)monitor_printf,
+ mon, image_info);
+if (image_info->has_backing_image) {
+image_info = image_info->backing_image;
+} else {
+break;
+}
 }
 }
 } else {
diff --git a/monitor.c b/monitor.c
index 9d279b8..017411f 100644
--- a/monitor.c
+++ b/monitor.c
@@ -2472,9 +2472,10 @@ static mon_cmd_t info_cmds[] = {
 },
 {
 .name   = "block",
-.args_type  = "",
-.params = "",
-.help   = "show the block devices",
+.args_type  = "verbose:-v,device:B?",
+.params = "[-v] [device]",
+.help   = "show info of one block device or all block devices "
+  "(and details of images with -v option)",
 .mhandler.cmd = hmp_info_block,
 },
 {
-- 
1.8.1.4

Re: [Qemu-devel] [Bug 1188018] [NEW] qemu monitor does not suppot rbd "savevm" command

[Stefan Hajnoczi]

On Thu, Jun 06, 2013 at 06:08:16AM -, liu.changpeng wrote:
> Public bug reported:
> 
> 1. I used ceph rbd as my block device, /usr/local/bin/qemu-system-x86_64
> -drive format=rbd,file=rbd:rbd/sles.img:rbd_cache=true,cache=writeback
> -boot c  -m 1024 -enable-kvm -vnc 0.0.0.0:0 -monitor stdio
> 
> 2. when in monitor command line "savevm", it reports "Error -95 while
> writing VM" in the monitor

CCed block/rbd.c maintainers.

Stefan

Re: [Qemu-devel] [PATCH V2] build: remove compile warning

[Markus Armbruster]

Wenchao Xia  writes:

> This patch simply remove "variable may be used uninitialized" warning.
>
> Signed-off-by: Wenchao Xia 
> ---
> V2: Address Stefan and Peter's comments, use 0 in send_msg() instead of
> initialize mhHeader.
>
>  libcacard/vscclient.c |3 +--
>  util/iov.c|2 +-
>  2 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/libcacard/vscclient.c b/libcacard/vscclient.c
> index ac23647..7fbf1da 100644
> --- a/libcacard/vscclient.c
> +++ b/libcacard/vscclient.c
> @@ -641,7 +641,6 @@ main(
>  GIOChannel *channel_stdin;
>  char *qemu_host;
>  char *qemu_port;
> -VSCMsgHeader mhHeader;
>  
>  VCardEmulOptions *command_line_options = NULL;
>  
> @@ -750,7 +749,7 @@ main(
>  .magic = VSCARD_MAGIC,
>  .capabilities = {0}
>  };
> -send_msg(VSC_Init, mhHeader.reader_id, &init, sizeof(init));
> +send_msg(VSC_Init, 0, &init, sizeof(init));
>  
>  g_main_loop_run(loop);
>  g_main_loop_unref(loop);

This one's actually a bit more than just a warning suppression.  The
uninitialized value gets passed to send_msg(), which prints it if
verbose > 10.

Makes no sense to me.  Comes from commit 2ac85b9; cc'ing its author for
advice.

> diff --git a/util/iov.c b/util/iov.c
> index cc6e837..b91cfb9 100644
> --- a/util/iov.c
> +++ b/util/iov.c
> @@ -146,7 +146,7 @@ ssize_t iov_send_recv(int sockfd, struct iovec *iov, 
> unsigned iov_cnt,
>  {
>  ssize_t total = 0;
>  ssize_t ret;
> -size_t orig_len, tail;
> +size_t orig_len = 0, tail;
>  unsigned niov;
>  
>  while (bytes > 0) {

Here are the uses of orig_len:

if (tail) {
/* second, fixup the last element, and remember the original
 * length */
assert(niov < iov_cnt);
assert(iov[niov].iov_len > tail);
orig_len = iov[niov].iov_len;
iov[niov++].iov_len = tail;
}

ret = do_send_recv(sockfd, iov, niov, do_send);

/* Undo the changes above before checking for errors */
if (tail) {
iov[niov-1].iov_len = orig_len;
}


gcc is too stupid to understand the control flow.  The initialization
shuts it up.

Personally, I dislike "shut up" initializations, because when you
mistakenly adds a new uninitialized use, you get the arbitrary "shut up"
value without warning.

Possible alternative:

if (tail) {
/* second, fixup the last element, and remember the original
 * length */
assert(niov < iov_cnt);
assert(iov[niov].iov_len > tail);
orig_len = iov[niov].iov_len;
iov[niov++].iov_len = tail;
ret = do_send_recv(sockfd, iov, niov, do_send);
/* Undo the changes above before checking for errors */
iov[niov-1].iov_len = orig_len;
} else {
ret = do_send_recv(sockfd, iov, niov, do_send);
}

Re: [Qemu-devel] [PATCH 00/39] Delay destruction of memory regions to instance_finalize

[Paolo Bonzini]

Il 07/06/2013 03:45, Andreas Färber ha scritto:
> Am 07.06.2013 03:03, schrieb Paolo Bonzini:
>> Il 05/06/2013 05:50, Andreas Färber ha scritto:
>>> Also I notice some patches are accessing parent fields directly - please
>>> use BUS(), PCI_DEVICE() etc. to hide this.
>>
>> I'm always using them.  For example:
>>
>> +static void intel_hda_instance_finalize(Object *obj)
>> +{
>> +PCIDevice *pci = PCI_DEVICE(obj);
>> +IntelHDAState *d = DO_UPCAST(IntelHDAState, pci, pci);
> 
> I'll comment inline then. :)

Ah right, in those cases I was mostly doing what the
adjacent/pre-existing code did.  But I can definitely fix them up!

Paolo

Re: [Qemu-devel] difference between receive_raw() and receive() NetClientInfo methods ?

[Stefan Hajnoczi]

On Thu, Jun 06, 2013 at 11:40:37AM +0200, Luigi Rizzo wrote:
> Can someone clarify what is the difference between the two methods
> r
> eceive_raw() and receive() in NetClientInfo ?

receive_raw() builds an empty vnet header, if necessary.  It is used to
send a gratuitous ARP reply from inside QEMU.

In the case where the NIC and its peer use vnet headers, packets
generated by QEMU internally cannot use ->receive() since they don't
know how to use the vnet header.  ->receive_raw() takes care of that.

Stefan

Re: [Qemu-devel] [PATCH v3 0/3] TPM NVRAM persistent storage

[Corey Bryant]

On 06/07/2013 03:41 AM, Stefan Hajnoczi wrote:

On Thu, Jun 06, 2013 at 09:32:42AM -0400, Corey Bryant wrote:

This patch series provides persistent storage support that a TPM
can use to store NVRAM data.  It uses QEMU's block driver to store
data on a drive image.  The libtpms TPM 1.2 backend will be the
initial user of this functionality to store data that must persist
through a reboot or migration.  A sample command line may look like
this:

qemu-system-x86_64 ...
-drive file=/path/to/nvram.qcow2,id=drive-nvram0-0-0
-tpmdev libtpms,id=tpm-tpm0
-device tpm-tis,tpmdev=tpm-tpm0,id=tpm0,drive=drive-nvram0-0-0

Thanks,
Corey

Corey Bryant (3):
   nvram: Add TPM NVRAM implementation
   nvram: Add tpm-tis drive support
   TPM NVRAM test

  hw/tpm/Makefile.objs |1 +
  hw/tpm/tpm_int.h |2 +
  hw/tpm/tpm_nvram.c   |  324 ++
  hw/tpm/tpm_nvram.h   |   25 
  hw/tpm/tpm_passthrough.c |   85 
  hw/tpm/tpm_tis.c |8 +
  6 files changed, 445 insertions(+), 0 deletions(-)
  create mode 100644 hw/tpm/tpm_nvram.c
  create mode 100644 hw/tpm/tpm_nvram.h



Reviewed-by: Stefan Hajnoczi 




Thanks again for the review!

--
Regards,
Corey Bryant

[Qemu-devel] [PATCH v2 07/12] i8259: QOM'ify some more

[Andreas Färber]

Introduce type constant.

Prepares for PIC realizefn.

Signed-off-by: Andreas Färber 
---
 hw/intc/i8259.c | 23 ++-
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/hw/intc/i8259.c b/hw/intc/i8259.c
index fef00fc..1b513ff 100644
--- a/hw/intc/i8259.c
+++ b/hw/intc/i8259.c
@@ -41,6 +41,8 @@
 //#define DEBUG_IRQ_LATENCY
 //#define DEBUG_IRQ_COUNT
 
+#define TYPE_I8259 "isa-i8259"
+
 #if defined(DEBUG_PIC) || defined(DEBUG_IRQ_COUNT)
 static int irq_level[16];
 #endif
@@ -448,25 +450,28 @@ void irq_info(Monitor *mon, const QDict *qdict)
 qemu_irq *i8259_init(ISABus *bus, qemu_irq parent_irq)
 {
 qemu_irq *irq_set;
-ISADevice *dev;
+DeviceState *dev;
+ISADevice *isadev;
 int i;
 
 irq_set = g_malloc(ISA_NUM_IRQS * sizeof(qemu_irq));
 
-dev = i8259_init_chip("isa-i8259", bus, true);
+isadev = i8259_init_chip(TYPE_I8259, bus, true);
+dev = DEVICE(isadev);
 
-qdev_connect_gpio_out(&dev->qdev, 0, parent_irq);
+qdev_connect_gpio_out(dev, 0, parent_irq);
 for (i = 0 ; i < 8; i++) {
-irq_set[i] = qdev_get_gpio_in(&dev->qdev, i);
+irq_set[i] = qdev_get_gpio_in(dev, i);
 }
 
-isa_pic = &dev->qdev;
+isa_pic = dev;
 
-dev = i8259_init_chip("isa-i8259", bus, false);
+isadev = i8259_init_chip(TYPE_I8259, bus, false);
+dev = DEVICE(isadev);
 
-qdev_connect_gpio_out(&dev->qdev, 0, irq_set[2]);
+qdev_connect_gpio_out(dev, 0, irq_set[2]);
 for (i = 0 ; i < 8; i++) {
-irq_set[i + 8] = qdev_get_gpio_in(&dev->qdev, i);
+irq_set[i + 8] = qdev_get_gpio_in(dev, i);
 }
 
 slave_pic = PIC_COMMON(dev);
@@ -484,7 +489,7 @@ static void i8259_class_init(ObjectClass *klass, void *data)
 }
 
 static const TypeInfo i8259_info = {
-.name   = "isa-i8259",
+.name   = TYPE_I8259,
 .instance_size = sizeof(PICCommonState),
 .parent = TYPE_PIC_COMMON,
 .class_init = i8259_class_init,
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 09/12] i8259: Convert PICCommonState to use QOM realizefn

[Andreas Färber]

Instead of having the parent provide PICCommonClass::init,
let the children override DeviceClass::realize themselves.
This pushes the responsibility of saving and calling the parent's
realizefn to the children.

Signed-off-by: Andreas Färber 
---
 hw/i386/kvm/i8259.c | 26 --
 hw/intc/i8259.c | 25 +
 hw/intc/i8259_common.c  |  3 ---
 include/hw/isa/i8259_internal.h |  2 +-
 4 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/hw/i386/kvm/i8259.c b/hw/i386/kvm/i8259.c
index 0bfbe34..1250224 100644
--- a/hw/i386/kvm/i8259.c
+++ b/hw/i386/kvm/i8259.c
@@ -14,6 +14,20 @@
 #include "sysemu/kvm.h"
 
 #define TYPE_KVM_I8259 "kvm-i8259"
+#define KVM_PIC_CLASS(class) \
+OBJECT_CLASS_CHECK(KVMPICClass, (class), TYPE_KVM_I8259)
+#define KVM_PIC_GET_CLASS(obj) \
+OBJECT_GET_CLASS(KVMPICClass, (obj), TYPE_KVM_I8259)
+
+/**
+ * KVMPICClass:
+ * @parent_realize: The parent's realizefn.
+ */
+typedef struct KVMPICClass {
+PICCommonClass parent_class;
+
+DeviceRealize parent_realize;
+} KVMPICClass;
 
 static void kvm_pic_get(PICCommonState *s)
 {
@@ -100,10 +114,15 @@ static void kvm_pic_set_irq(void *opaque, int irq, int 
level)
 apic_report_irq_delivered(delivered);
 }
 
-static void kvm_pic_init(PICCommonState *s)
+static void kvm_pic_realize(DeviceState *dev, Error **errp)
 {
+PICCommonState *s = PIC_COMMON(dev);
+KVMPICClass *kpc = KVM_PIC_GET_CLASS(dev);
+
 memory_region_init_reservation(&s->base_io, "kvm-pic", 2);
 memory_region_init_reservation(&s->elcr_io, "kvm-elcr", 1);
+
+kpc->parent_realize(dev, errp);
 }
 
 qemu_irq *kvm_i8259_init(ISABus *bus)
@@ -116,11 +135,13 @@ qemu_irq *kvm_i8259_init(ISABus *bus)
 
 static void kvm_i8259_class_init(ObjectClass *klass, void *data)
 {
+KVMPICClass *kpc = KVM_PIC_CLASS(klass);
 PICCommonClass *k = PIC_COMMON_CLASS(klass);
 DeviceClass *dc = DEVICE_CLASS(klass);
 
 dc->reset = kvm_pic_reset;
-k->init   = kvm_pic_init;
+kpc->parent_realize = dc->realize;
+dc->realize   = kvm_pic_realize;
 k->pre_save   = kvm_pic_get;
 k->post_load  = kvm_pic_put;
 }
@@ -130,6 +151,7 @@ static const TypeInfo kvm_i8259_info = {
 .parent = TYPE_PIC_COMMON,
 .instance_size = sizeof(PICCommonState),
 .class_init = kvm_i8259_class_init,
+.class_size = sizeof(KVMPICClass),
 };
 
 static void kvm_pic_register_types(void)
diff --git a/hw/intc/i8259.c b/hw/intc/i8259.c
index 1b513ff..192a0ba 100644
--- a/hw/intc/i8259.c
+++ b/hw/intc/i8259.c
@@ -42,6 +42,18 @@
 //#define DEBUG_IRQ_COUNT
 
 #define TYPE_I8259 "isa-i8259"
+#define PIC_CLASS(class) OBJECT_CLASS_CHECK(PICClass, (class), TYPE_I8259)
+#define PIC_GET_CLASS(obj) OBJECT_GET_CLASS(PICClass, (obj), TYPE_I8259)
+
+/**
+ * PICClass:
+ * @parent_realize: The parent's realizefn.
+ */
+typedef struct PICClass {
+PICCommonClass parent_class;
+
+DeviceRealize parent_realize;
+} PICClass;
 
 #if defined(DEBUG_PIC) || defined(DEBUG_IRQ_COUNT)
 static int irq_level[16];
@@ -400,15 +412,18 @@ static const MemoryRegionOps pic_elcr_ioport_ops = {
 },
 };
 
-static void pic_init(PICCommonState *s)
+static void pic_realize(DeviceState *dev, Error **err)
 {
-DeviceState *dev = DEVICE(s);
+PICCommonState *s = PIC_COMMON(dev);
+PICClass *pc = PIC_GET_CLASS(dev);
 
 memory_region_init_io(&s->base_io, &pic_base_ioport_ops, s, "pic", 2);
 memory_region_init_io(&s->elcr_io, &pic_elcr_ioport_ops, s, "elcr", 1);
 
 qdev_init_gpio_out(dev, s->int_out, ARRAY_SIZE(s->int_out));
 qdev_init_gpio_in(dev, pic_set_irq, 8);
+
+pc->parent_realize(dev, err);
 }
 
 void pic_info(Monitor *mon, const QDict *qdict)
@@ -481,10 +496,11 @@ qemu_irq *i8259_init(ISABus *bus, qemu_irq parent_irq)
 
 static void i8259_class_init(ObjectClass *klass, void *data)
 {
-PICCommonClass *k = PIC_COMMON_CLASS(klass);
+PICClass *k = PIC_CLASS(klass);
 DeviceClass *dc = DEVICE_CLASS(klass);
 
-k->init = pic_init;
+k->parent_realize = dc->realize;
+dc->realize = pic_realize;
 dc->reset = pic_reset;
 }
 
@@ -493,6 +509,7 @@ static const TypeInfo i8259_info = {
 .instance_size = sizeof(PICCommonState),
 .parent = TYPE_PIC_COMMON,
 .class_init = i8259_class_init,
+.class_size = sizeof(PICClass),
 };
 
 static void pic_register_types(void)
diff --git a/hw/intc/i8259_common.c b/hw/intc/i8259_common.c
index a3dee38..7613547 100644
--- a/hw/intc/i8259_common.c
+++ b/hw/intc/i8259_common.c
@@ -69,9 +69,6 @@ static int pic_dispatch_post_load(void *opaque, int 
version_id)
 static void pic_common_realize(DeviceState *dev, Error **errp)
 {
 PICCommonState *s = PIC_COMMON(dev);
-PICCommonClass *info = PIC_COMMON_GET_CLASS(s);
-
-info->init(s);
 
 isa_register_ioport(NULL, &s->base_io, s->iobase);
 if (s->elcr_addr != -1) {
diff --git a/include/hw/isa/i8259_internal.h b/include/hw/isa/i8259_internal.h
index b4e7

[Qemu-devel] [PATCH v2 04/12] i8254: QOM'ify some more

[Andreas Färber]

Introduce type constant and avoid DO_UPCAST().

Prepares for PIT realizefn.

Signed-off-by: Andreas Färber 
---
 hw/timer/i8254.c |  4 ++--
 include/hw/timer/i8254.h | 18 +++---
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/hw/timer/i8254.c b/hw/timer/i8254.c
index 20c0c36..efbca19 100644
--- a/hw/timer/i8254.c
+++ b/hw/timer/i8254.c
@@ -265,7 +265,7 @@ static void pit_irq_timer(void *opaque)
 
 static void pit_reset(DeviceState *dev)
 {
-PITCommonState *pit = DO_UPCAST(PITCommonState, dev.qdev, dev);
+PITCommonState *pit = PIT_COMMON(dev);
 PITChannelState *s;
 
 pit_reset_common(pit);
@@ -348,7 +348,7 @@ static void pit_class_initfn(ObjectClass *klass, void *data)
 }
 
 static const TypeInfo pit_info = {
-.name  = "isa-pit",
+.name  = TYPE_I8254,
 .parent= TYPE_PIT_COMMON,
 .instance_size = sizeof(PITCommonState),
 .class_init= pit_class_initfn,
diff --git a/include/hw/timer/i8254.h b/include/hw/timer/i8254.h
index 75bb530..016f990 100644
--- a/include/hw/timer/i8254.h
+++ b/include/hw/timer/i8254.h
@@ -37,18 +37,22 @@ typedef struct PITChannelInfo {
 int out;
 } PITChannelInfo;
 
+#define TYPE_I8254 "isa-pit"
+
 static inline ISADevice *pit_init(ISABus *bus, int base, int isa_irq,
   qemu_irq alt_irq)
 {
-ISADevice *dev;
+DeviceState *dev;
+ISADevice *d;
 
-dev = isa_create(bus, "isa-pit");
-qdev_prop_set_uint32(&dev->qdev, "iobase", base);
-qdev_init_nofail(&dev->qdev);
-qdev_connect_gpio_out(&dev->qdev, 0,
-  isa_irq >= 0 ? isa_get_irq(dev, isa_irq) : alt_irq);
+d = isa_create(bus, TYPE_I8254);
+dev = DEVICE(d);
+qdev_prop_set_uint32(dev, "iobase", base);
+qdev_init_nofail(dev);
+qdev_connect_gpio_out(dev, 0,
+  isa_irq >= 0 ? isa_get_irq(d, isa_irq) : alt_irq);
 
-return dev;
+return d;
 }
 
 static inline ISADevice *kvm_pit_init(ISABus *bus, int base)
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 11/12] isa: QOM'ify ISADevice

[Andreas Färber]

Rename its parent field and use DEVICE() where necessary.

Signed-off-by: Andreas Färber 
---
 hw/block/fdc.c   | 16 +---
 hw/char/serial-isa.c | 14 --
 hw/i386/pc.c |  9 +
 hw/i386/pc_piix.c|  2 +-
 hw/intc/i8259_common.c   | 22 --
 hw/isa/i82378.c  |  2 +-
 hw/isa/isa-bus.c |  4 ++--
 hw/ppc/prep.c|  5 +++--
 include/hw/audio/pcspk.h | 14 --
 include/hw/i386/pc.h | 30 +-
 include/hw/isa/isa.h |  5 -
 11 files changed, 70 insertions(+), 53 deletions(-)

diff --git a/hw/block/fdc.c b/hw/block/fdc.c
index 79ea625..930f191 100644
--- a/hw/block/fdc.c
+++ b/hw/block/fdc.c
@@ -2022,22 +2022,24 @@ static int fdctrl_connect_drives(FDCtrl *fdctrl)
 
 ISADevice *fdctrl_init_isa(ISABus *bus, DriveInfo **fds)
 {
-ISADevice *dev;
+DeviceState *dev;
+ISADevice *isadev;
 
-dev = isa_try_create(bus, TYPE_ISA_FDC);
-if (!dev) {
+isadev = isa_try_create(bus, TYPE_ISA_FDC);
+if (!isadev) {
 return NULL;
 }
+dev = DEVICE(isadev);
 
 if (fds[0]) {
-qdev_prop_set_drive_nofail(&dev->qdev, "driveA", fds[0]->bdrv);
+qdev_prop_set_drive_nofail(dev, "driveA", fds[0]->bdrv);
 }
 if (fds[1]) {
-qdev_prop_set_drive_nofail(&dev->qdev, "driveB", fds[1]->bdrv);
+qdev_prop_set_drive_nofail(dev, "driveB", fds[1]->bdrv);
 }
-qdev_init_nofail(&dev->qdev);
+qdev_init_nofail(dev);
 
-return dev;
+return isadev;
 }
 
 void fdctrl_init_sysbus(qemu_irq irq, int dma_chann,
diff --git a/hw/char/serial-isa.c b/hw/char/serial-isa.c
index 6e7e0dd..e06a802 100644
--- a/hw/char/serial-isa.c
+++ b/hw/char/serial-isa.c
@@ -120,15 +120,17 @@ type_init(serial_register_types)
 
 bool serial_isa_init(ISABus *bus, int index, CharDriverState *chr)
 {
-ISADevice *dev;
+DeviceState *dev;
+ISADevice *isadev;
 
-dev = isa_try_create(bus, TYPE_ISA_SERIAL);
-if (!dev) {
+isadev = isa_try_create(bus, TYPE_ISA_SERIAL);
+if (!isadev) {
 return false;
 }
-qdev_prop_set_uint32(&dev->qdev, "index", index);
-qdev_prop_set_chr(&dev->qdev, "chardev", chr);
-if (qdev_init(&dev->qdev) < 0) {
+dev = DEVICE(isadev);
+qdev_prop_set_uint32(dev, "index", index);
+qdev_prop_set_chr(dev, "chardev", chr);
+if (qdev_init(dev) < 0) {
 return false;
 }
 return true;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index e9c91e4..0ad062c 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1095,7 +1095,7 @@ DeviceState *pc_vga_init(ISABus *isa_bus, PCIBus *pci_bus)
 dev = pcidev ? &pcidev->qdev : NULL;
 } else if (isa_bus) {
 ISADevice *isadev = isa_vga_init(isa_bus);
-dev = isadev ? &isadev->qdev : NULL;
+dev = isadev ? DEVICE(isadev) : NULL;
 }
 return dev;
 }
@@ -1182,7 +1182,7 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
 }
 if (hpet) {
 /* connect PIT to output control line of the HPET */
-qdev_connect_gpio_out(hpet, 0, qdev_get_gpio_in(&pit->qdev, 0));
+qdev_connect_gpio_out(hpet, 0, qdev_get_gpio_in(DEVICE(pit), 0));
 }
 pcspk_init(isa_bus, pit);
 }
@@ -1210,8 +1210,9 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
 vmmouse = NULL;
 }
 if (vmmouse) {
-qdev_prop_set_ptr(&vmmouse->qdev, "ps2_mouse", i8042);
-qdev_init_nofail(&vmmouse->qdev);
+DeviceState *dev = DEVICE(vmmouse);
+qdev_prop_set_ptr(dev, "ps2_mouse", i8042);
+qdev_init_nofail(dev);
 }
 port92 = isa_create_simple(isa_bus, "port92");
 port92_init(port92, &a20_line[1]);
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index d618570..af1e9af 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -199,7 +199,7 @@ static void pc_init1(MemoryRegion *system_memory,
 dev = isa_ide_init(isa_bus, ide_iobase[i], ide_iobase2[i],
ide_irq[i],
hd[MAX_IDE_DEVS * i], hd[MAX_IDE_DEVS * i + 1]);
-idebus[i] = qdev_get_child_bus(&dev->qdev, "ide.0");
+idebus[i] = qdev_get_child_bus(DEVICE(dev), "ide.0");
 }
 }
 
diff --git a/hw/intc/i8259_common.c b/hw/intc/i8259_common.c
index 7613547..803d037 100644
--- a/hw/intc/i8259_common.c
+++ b/hw/intc/i8259_common.c
@@ -80,16 +80,18 @@ static void pic_common_realize(DeviceState *dev, Error 
**errp)
 
 ISADevice *i8259_init_chip(const char *name, ISABus *bus, bool master)
 {
-ISADevice *dev;
-
-dev = isa_create(bus, name);
-qdev_prop_set_uint32(&dev->qdev, "iobase", master ? 0x20 : 0xa0);
-qdev_prop_set_uint32(&dev->qdev, "elcr_addr", master ? 0x4d0 : 0x4d1);
-qdev_prop_set_uint8(&dev->qdev, "elcr_mask", master ? 0xf8 : 0xde);
-qdev_prop_set_bit(&dev->qdev, "master", master);
-qdev_init_nofail(&dev->qdev);
-
-  

[Qemu-devel] [PATCH v2 08/12] kvm/i8259: QOM'ify some more

[Andreas Färber]

Introduce type constant.

Prepares for PIC realizefn.

Signed-off-by: Andreas Färber 
---
 hw/i386/kvm/i8259.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/i386/kvm/i8259.c b/hw/i386/kvm/i8259.c
index d961eca..0bfbe34 100644
--- a/hw/i386/kvm/i8259.c
+++ b/hw/i386/kvm/i8259.c
@@ -13,6 +13,8 @@
 #include "hw/i386/apic_internal.h"
 #include "sysemu/kvm.h"
 
+#define TYPE_KVM_I8259 "kvm-i8259"
+
 static void kvm_pic_get(PICCommonState *s)
 {
 struct kvm_irqchip chip;
@@ -106,8 +108,8 @@ static void kvm_pic_init(PICCommonState *s)
 
 qemu_irq *kvm_i8259_init(ISABus *bus)
 {
-i8259_init_chip("kvm-i8259", bus, true);
-i8259_init_chip("kvm-i8259", bus, false);
+i8259_init_chip(TYPE_KVM_I8259, bus, true);
+i8259_init_chip(TYPE_KVM_I8259, bus, false);
 
 return qemu_allocate_irqs(kvm_pic_set_irq, NULL, ISA_NUM_IRQS);
 }
@@ -124,7 +126,7 @@ static void kvm_i8259_class_init(ObjectClass *klass, void 
*data)
 }
 
 static const TypeInfo kvm_i8259_info = {
-.name  = "kvm-i8259",
+.name = TYPE_KVM_I8259,
 .parent = TYPE_PIC_COMMON,
 .instance_size = sizeof(PICCommonState),
 .class_init = kvm_i8259_class_init,
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 01/12] gus: QOM'ify some more

[Andreas Färber]

Add type constant and cast macro.

Signed-off-by: Andreas Färber 
---
 hw/audio/gus.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/hw/audio/gus.c b/hw/audio/gus.c
index a91921c..e0aea26 100644
--- a/hw/audio/gus.c
+++ b/hw/audio/gus.c
@@ -46,6 +46,9 @@
 #define IO_WRITE_PROTO(name) \
 static void name (void *opaque, uint32_t nport, uint32_t val)
 
+#define TYPE_GUS "gus"
+#define GUS(obj) OBJECT_CHECK (GUSState, (obj), TYPE_GUS)
+
 typedef struct GUSState {
 ISADevice dev;
 GUSEmuState emu;
@@ -250,7 +253,7 @@ static const MemoryRegionPortio gus_portio_list2[] = {
 
 static int gus_initfn (ISADevice *dev)
 {
-GUSState *s = DO_UPCAST (GUSState, dev, dev);
+GUSState *s = GUS (dev);
 struct audsettings as;
 
 AUD_register_card ("gus", &s->card);
@@ -295,7 +298,7 @@ static int gus_initfn (ISADevice *dev)
 
 static int GUS_init (ISABus *bus)
 {
-isa_create_simple (bus, "gus");
+isa_create_simple (bus, TYPE_GUS);
 return 0;
 }
 
@@ -318,7 +321,7 @@ static void gus_class_initfn (ObjectClass *klass, void 
*data)
 }
 
 static const TypeInfo gus_info = {
-.name  = "gus",
+.name  = TYPE_GUS,
 .parent= TYPE_ISA_DEVICE,
 .instance_size = sizeof (GUSState),
 .class_init= gus_class_initfn,
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 12/12] qdev: Drop FROM_QBUS() macro

[Andreas Färber]

Use QOM cast macros I2C_BUS(), SSI_BUS(), PCI_BUS() instead.

Signed-off-by: Andreas Färber 
---
 hw/i2c/core.c  | 4 ++--
 hw/pci/pci.c   | 2 +-
 hw/ssi/ssi.c   | 2 +-
 include/hw/qdev-core.h | 2 --
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/hw/i2c/core.c b/hw/i2c/core.c
index 0c4fc1d..22ef3b9 100644
--- a/hw/i2c/core.c
+++ b/hw/i2c/core.c
@@ -66,7 +66,7 @@ i2c_bus *i2c_init_bus(DeviceState *parent, const char *name)
 {
 i2c_bus *bus;
 
-bus = FROM_QBUS(i2c_bus, qbus_create(TYPE_I2C_BUS, parent, name));
+bus = I2C_BUS(qbus_create(TYPE_I2C_BUS, parent, name));
 vmstate_register(NULL, -1, &vmstate_i2c_bus, bus);
 return bus;
 }
@@ -183,7 +183,7 @@ static int i2c_slave_post_load(void *opaque, int version_id)
 {
 I2CSlave *dev = opaque;
 i2c_bus *bus;
-bus = FROM_QBUS(i2c_bus, qdev_get_parent_bus(&dev->qdev));
+bus = I2C_BUS(qdev_get_parent_bus(DEVICE(dev)));
 if (bus->saved_address == dev->address) {
 bus->current_dev = dev;
 }
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index bb3879b..a3eb19e 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1700,7 +1700,7 @@ static int pci_qdev_init(DeviceState *qdev)
 pci_dev->cap_present |= QEMU_PCI_CAP_EXPRESS;
 }
 
-bus = FROM_QBUS(PCIBus, qdev_get_parent_bus(qdev));
+bus = PCI_BUS(qdev_get_parent_bus(qdev));
 pci_dev = do_pci_register_device(pci_dev, bus,
  object_get_typename(OBJECT(qdev)),
  pci_dev->devfn);
diff --git a/hw/ssi/ssi.c b/hw/ssi/ssi.c
index 1264d9d..2c25260 100644
--- a/hw/ssi/ssi.c
+++ b/hw/ssi/ssi.c
@@ -103,7 +103,7 @@ SSIBus *ssi_create_bus(DeviceState *parent, const char 
*name)
 {
 BusState *bus;
 bus = qbus_create(TYPE_SSI_BUS, parent, name);
-return FROM_QBUS(SSIBus, bus);
+return SSI_BUS(bus);
 }
 
 uint32_t ssi_transfer(SSIBus *bus, uint32_t val)
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index cf83d54..7fbffcb 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -261,8 +261,6 @@ void qbus_reset_all_fn(void *opaque);
 
 void qbus_free(BusState *bus);
 
-#define FROM_QBUS(type, dev) DO_UPCAST(type, qbus, dev)
-
 /* This should go away once we get rid of the NULL bus hack */
 BusState *sysbus_get_default(void);
 
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 02/12] cs4231a: QOM'ify some more

[Andreas Färber]

Introduce type constant and cast macro.
Replace reset hook with DeviceClass::reset callback.

Signed-off-by: Andreas Färber 
---
 hw/audio/cs4231a.c | 17 +
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c
index cc605e5..d3ce739 100644
--- a/hw/audio/cs4231a.c
+++ b/hw/audio/cs4231a.c
@@ -56,6 +56,9 @@ static struct {
 #define CS_REGS 16
 #define CS_DREGS 32
 
+#define TYPE_CS4231A "cs4231a"
+#define CS4231A(obj) OBJECT_CHECK (CSState, (obj), TYPE_CS4231A)
+
 typedef struct CSState {
 ISADevice dev;
 QEMUSoundCard card;
@@ -208,9 +211,9 @@ static int16_t ALawDecompressTable[256] =
   944,   912,  1008,   976,   816,   784,   880,   848
 };
 
-static void cs_reset (void *opaque)
+static void cs4231a_reset (DeviceState *dev)
 {
-CSState *s = opaque;
+CSState *s = CS4231A (dev);
 
 s->regs[Index_Address] = 0x40;
 s->regs[Index_Data]= 0x00;
@@ -643,7 +646,7 @@ static const MemoryRegionOps cs_ioport_ops = {
 
 static int cs4231a_initfn (ISADevice *dev)
 {
-CSState *s = DO_UPCAST (CSState, dev, dev);
+CSState *s = CS4231A (dev);
 
 isa_init_irq (dev, &s->pic, s->irq);
 
@@ -652,16 +655,13 @@ static int cs4231a_initfn (ISADevice *dev)
 
 DMA_register_channel (s->dma, cs_dma_read, s);
 
-qemu_register_reset (cs_reset, s);
-cs_reset (s);
-
 AUD_register_card ("cs4231a", &s->card);
 return 0;
 }
 
 static int cs4231a_init (ISABus *bus)
 {
-isa_create_simple (bus, "cs4231a");
+isa_create_simple (bus, TYPE_CS4231A);
 return 0;
 }
 
@@ -677,13 +677,14 @@ static void cs4231a_class_initfn (ObjectClass *klass, 
void *data)
 DeviceClass *dc = DEVICE_CLASS (klass);
 ISADeviceClass *ic = ISA_DEVICE_CLASS (klass);
 ic->init = cs4231a_initfn;
+dc->reset = cs4231a_reset;
 dc->desc = "Crystal Semiconductor CS4231A";
 dc->vmsd = &vmstate_cs4231a;
 dc->props = cs4231a_properties;
 }
 
 static const TypeInfo cs4231a_info = {
-.name  = "cs4231a",
+.name  = TYPE_CS4231A,
 .parent= TYPE_ISA_DEVICE,
 .instance_size = sizeof (CSState),
 .class_init= cs4231a_class_initfn,
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 10/12] isa: QOM'ify ISABus

[Andreas Färber]

Rename its parent field and use ISA_BUS() where necessary.

Signed-off-by: Andreas Färber 
---
 hw/isa/i82378.c  | 2 +-
 hw/isa/isa-bus.c | 8 
 hw/isa/piix4.c   | 2 +-
 hw/isa/vt82c686.c| 2 +-
 hw/ppc/prep.c| 2 +-
 hw/sparc64/sun4u.c   | 3 +--
 include/hw/isa/isa.h | 5 -
 7 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/hw/isa/i82378.c b/hw/isa/i82378.c
index cced9af..278e178 100644
--- a/hw/isa/i82378.c
+++ b/hw/isa/i82378.c
@@ -168,7 +168,7 @@ static void i82378_request_pic_irq(void *opaque, int irq, 
int level)
 
 static void i82378_init(DeviceState *dev, I82378State *s)
 {
-ISABus *isabus = DO_UPCAST(ISABus, qbus, qdev_get_child_bus(dev, "isa.0"));
+ISABus *isabus = ISA_BUS(qdev_get_child_bus(dev, "isa.0"));
 ISADevice *pit;
 ISADevice *isa;
 qemu_irq *out0_irq;
diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index f12b15d..7aa9b89 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -55,7 +55,7 @@ ISABus *isa_bus_new(DeviceState *dev, MemoryRegion 
*address_space_io)
 qdev_init_nofail(dev);
 }
 
-isabus = FROM_QBUS(ISABus, qbus_create(TYPE_ISA_BUS, dev, NULL));
+isabus = ISA_BUS(qbus_create(TYPE_ISA_BUS, dev, NULL));
 isabus->address_space_io = address_space_io;
 return isabus;
 }
@@ -76,7 +76,7 @@ void isa_bus_irqs(ISABus *bus, qemu_irq *irqs)
  */
 qemu_irq isa_get_irq(ISADevice *dev, int isairq)
 {
-assert(!dev || DO_UPCAST(ISABus, qbus, dev->qdev.parent_bus) == isabus);
+assert(!dev || ISA_BUS(qdev_get_parent_bus(DEVICE(dev))) == isabus);
 if (isairq < 0 || isairq > 15) {
 hw_error("isa irq %d invalid", isairq);
 }
@@ -135,7 +135,7 @@ ISADevice *isa_create(ISABus *bus, const char *name)
 hw_error("Tried to create isa device %s with no isa bus present.",
  name);
 }
-dev = qdev_create(&bus->qbus, name);
+dev = qdev_create(BUS(bus), name);
 return ISA_DEVICE(dev);
 }
 
@@ -147,7 +147,7 @@ ISADevice *isa_try_create(ISABus *bus, const char *name)
 hw_error("Tried to create isa device %s with no isa bus present.",
  name);
 }
-dev = qdev_try_create(&bus->qbus, name);
+dev = qdev_try_create(BUS(bus), name);
 return ISA_DEVICE(dev);
 }
 
diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index d750413..1a1d451 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -98,7 +98,7 @@ int piix4_init(PCIBus *bus, ISABus **isa_bus, int devfn)
 PCIDevice *d;
 
 d = pci_create_simple_multifunction(bus, devfn, true, "PIIX4");
-*isa_bus = DO_UPCAST(ISABus, qbus, qdev_get_child_bus(&d->qdev, "isa.0"));
+*isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(d), "isa.0"));
 return d->devfn;
 }
 
diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index 5261927..391d90d 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -450,7 +450,7 @@ ISABus *vt82c686b_init(PCIBus *bus, int devfn)
 
 d = pci_create_simple_multifunction(bus, devfn, true, "VT82C686B");
 
-return DO_UPCAST(ISABus, qbus, qdev_get_child_bus(&d->qdev, "isa.0"));
+return ISA_BUS(qdev_get_child_bus(DEVICE(d), "isa.0"));
 }
 
 static void via_class_init(ObjectClass *klass, void *data)
diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
index be8a50e..9e770ab 100644
--- a/hw/ppc/prep.c
+++ b/hw/ppc/prep.c
@@ -601,7 +601,7 @@ static void ppc_prep_init(QEMUMachineInitArgs *args)
 sysbus_connect_irq(&pcihost->busdev, 1, qdev_get_gpio_in(&pci->qdev, 11));
 sysbus_connect_irq(&pcihost->busdev, 2, qdev_get_gpio_in(&pci->qdev, 9));
 sysbus_connect_irq(&pcihost->busdev, 3, qdev_get_gpio_in(&pci->qdev, 11));
-isa_bus = DO_UPCAST(ISABus, qbus, qdev_get_child_bus(&pci->qdev, "isa.0"));
+isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci), "isa.0"));
 
 /* Super I/O (parallel + serial ports) */
 isa = isa_create(isa_bus, TYPE_PC87312);
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 2c2a111..a6a3b76 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -585,8 +585,7 @@ pci_ebus_init(PCIBus *bus, int devfn, qemu_irq *irqs)
 ISABus *isa_bus;
 
 pci_dev = pci_create_simple(bus, devfn, "ebus");
-isa_bus = DO_UPCAST(ISABus, qbus,
-qdev_get_child_bus(&pci_dev->qdev, "isa.0"));
+isa_bus = ISA_BUS(qdev_get_child_bus(DEVICE(pci_dev), "isa.0"));
 isa_irq = qemu_allocate_irqs(isa_irq_handler, irqs, 16);
 isa_bus_irqs(isa_bus, isa_irq);
 return isa_bus;
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index 1f6ff55..da731d7 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -25,7 +25,10 @@ typedef struct ISADeviceClass {
 } ISADeviceClass;
 
 struct ISABus {
-BusState qbus;
+/*< private >*/
+BusState parent_obj;
+/*< public >*/
+
 MemoryRegion *address_space_io;
 qemu_irq *irqs;
 };
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 05/12] kvm/i8254: QOM'ify some more

[Andreas Färber]

Introduce type constant and cast macro to obsolete DO_UPCAST().

Prepares for PIT realizefn.

Signed-off-by: Andreas Färber 
---
 hw/i386/kvm/i8254.c  | 19 +++
 include/hw/timer/i8254.h | 13 -
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/hw/i386/kvm/i8254.c b/hw/i386/kvm/i8254.c
index da90711..4ac5551 100644
--- a/hw/i386/kvm/i8254.c
+++ b/hw/i386/kvm/i8254.c
@@ -32,8 +32,11 @@
 
 #define CALIBRATION_ROUNDS   3
 
+#define KVM_PIT(obj) OBJECT_CHECK(KVMPITState, (obj), TYPE_KVM_I8254)
+
 typedef struct KVMPITState {
-PITCommonState pit;
+PITCommonState parent_obj;
+
 LostTickPolicy lost_tick_policy;
 bool vm_stopped;
 int64_t kernel_clock_offset;
@@ -70,7 +73,7 @@ static void kvm_pit_update_clock_offset(KVMPITState *s)
 
 static void kvm_pit_get(PITCommonState *pit)
 {
-KVMPITState *s = DO_UPCAST(KVMPITState, pit, pit);
+KVMPITState *s = KVM_PIT(pit);
 struct kvm_pit_state2 kpit;
 struct kvm_pit_channel_state *kchan;
 struct PITChannelState *sc;
@@ -124,7 +127,7 @@ static void kvm_pit_get(PITCommonState *pit)
 
 static void kvm_pit_put(PITCommonState *pit)
 {
-KVMPITState *s = DO_UPCAST(KVMPITState, pit, pit);
+KVMPITState *s = KVM_PIT(pit);
 struct kvm_pit_state2 kpit;
 struct kvm_pit_channel_state *kchan;
 struct PITChannelState *sc;
@@ -200,7 +203,7 @@ static void kvm_pit_get_channel_info(PITCommonState *s, 
PITChannelState *sc,
 
 static void kvm_pit_reset(DeviceState *dev)
 {
-PITCommonState *s = DO_UPCAST(PITCommonState, dev.qdev, dev);
+PITCommonState *s = PIT_COMMON(dev);
 
 pit_reset_common(s);
 
@@ -229,14 +232,14 @@ static void kvm_pit_vm_state_change(void *opaque, int 
running,
 s->vm_stopped = false;
 } else {
 kvm_pit_update_clock_offset(s);
-kvm_pit_get(&s->pit);
+kvm_pit_get(PIT_COMMON(s));
 s->vm_stopped = true;
 }
 }
 
 static int kvm_pit_initfn(PITCommonState *pit)
 {
-KVMPITState *s = DO_UPCAST(KVMPITState, pit, pit);
+KVMPITState *s = KVM_PIT(pit);
 struct kvm_pit_config config = {
 .flags = 0,
 };
@@ -282,7 +285,7 @@ static int kvm_pit_initfn(PITCommonState *pit)
 }
 
 static Property kvm_pit_properties[] = {
-DEFINE_PROP_HEX32("iobase", KVMPITState, pit.iobase,  -1),
+DEFINE_PROP_HEX32("iobase", PITCommonState, iobase,  -1),
 DEFINE_PROP_LOSTTICKPOLICY("lost_tick_policy", KVMPITState,
lost_tick_policy, LOST_TICK_DELAY),
 DEFINE_PROP_END_OF_LIST(),
@@ -303,7 +306,7 @@ static void kvm_pit_class_init(ObjectClass *klass, void 
*data)
 }
 
 static const TypeInfo kvm_pit_info = {
-.name  = "kvm-pit",
+.name  = TYPE_KVM_I8254,
 .parent= TYPE_PIT_COMMON,
 .instance_size = sizeof(KVMPITState),
 .class_init = kvm_pit_class_init,
diff --git a/include/hw/timer/i8254.h b/include/hw/timer/i8254.h
index 016f990..4349033 100644
--- a/include/hw/timer/i8254.h
+++ b/include/hw/timer/i8254.h
@@ -38,6 +38,7 @@ typedef struct PITChannelInfo {
 } PITChannelInfo;
 
 #define TYPE_I8254 "isa-pit"
+#define TYPE_KVM_I8254 "kvm-pit"
 
 static inline ISADevice *pit_init(ISABus *bus, int base, int isa_irq,
   qemu_irq alt_irq)
@@ -57,13 +58,15 @@ static inline ISADevice *pit_init(ISABus *bus, int base, 
int isa_irq,
 
 static inline ISADevice *kvm_pit_init(ISABus *bus, int base)
 {
-ISADevice *dev;
+DeviceState *dev;
+ISADevice *d;
 
-dev = isa_create(bus, "kvm-pit");
-qdev_prop_set_uint32(&dev->qdev, "iobase", base);
-qdev_init_nofail(&dev->qdev);
+d = isa_create(bus, TYPE_KVM_I8254);
+dev = DEVICE(d);
+qdev_prop_set_uint32(dev, "iobase", base);
+qdev_init_nofail(dev);
 
-return dev;
+return d;
 }
 
 void pit_set_gate(ISADevice *dev, int channel, int val);
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 03/12] isa: Use realizefn for ISADevice

[Andreas Färber]

Drop ISADeviceClass::init and the resulting no-op initfn and let
children implement their own realizefn. Adapt error handling.
Split off an instance_init where sensible.

Signed-off-by: Andreas Färber 
---
 hw/audio/adlib.c | 23 +++
 hw/audio/cs4231a.c   | 21 ++---
 hw/audio/gus.c   | 18 +-
 hw/audio/pcspk.c | 19 ---
 hw/audio/sb16.c  | 21 ++---
 hw/block/fdc.c   | 24 ++--
 hw/char/debugcon.c   | 23 ++-
 hw/char/parallel.c   | 29 +
 hw/char/serial-isa.c | 20 +++-
 hw/char/serial-pci.c | 17 +++--
 hw/char/serial.c | 22 +-
 hw/display/cirrus_vga.c  | 12 ++--
 hw/display/vga-isa.c | 17 -
 hw/dma/i82374.c  | 13 +
 hw/i386/pc.c | 19 +--
 hw/ide/isa.c | 16 
 hw/input/pckbd.c | 29 ++---
 hw/input/vmmouse.c   |  8 +++-
 hw/intc/i8259_common.c   |  9 +++--
 hw/isa/isa-bus.c | 13 -
 hw/isa/pc87312.c | 12 +---
 hw/misc/applesmc.c   | 10 --
 hw/misc/debugexit.c  | 10 +-
 hw/misc/pc-testdev.c | 11 +--
 hw/misc/pvpanic.c| 19 ---
 hw/misc/sga.c|  7 +++
 hw/misc/vmport.c | 10 +-
 hw/net/ne2000-isa.c  | 15 +++
 hw/timer/i8254_common.c  | 15 +++
 hw/timer/m48t59.c| 22 +-
 hw/timer/mc146818rtc.c   | 18 +-
 hw/watchdog/wdt_ib700.c  |  8 +++-
 include/hw/char/serial.h |  2 +-
 include/hw/isa/isa.h |  1 -
 34 files changed, 291 insertions(+), 242 deletions(-)

diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c
index fc20857..6a7d377 100644
--- a/hw/audio/adlib.c
+++ b/hw/audio/adlib.c
@@ -283,21 +283,21 @@ static void Adlib_fini (AdlibState *s)
 AUD_remove_card (&s->card);
 }
 
-static int Adlib_initfn (ISADevice *dev)
+static void adlib_realizefn (DeviceState *dev, Error **errp)
 {
 AdlibState *s = ADLIB(dev);
 struct audsettings as;
 
 if (glob_adlib) {
-dolog ("Cannot create more than 1 adlib device\n");
-return -1;
+error_setg (errp, "Cannot create more than 1 adlib device");
+return;
 }
 glob_adlib = s;
 
 #ifdef HAS_YMF262
 if (YMF262Init (1, 14318180, s->freq)) {
-dolog ("YMF262Init %d failed\n", s->freq);
-return -1;
+error_setg (errp, "YMF262Init %d failed", s->freq);
+return;
 }
 else {
 YMF262SetTimerHandler (0, timer_handler, 0);
@@ -306,8 +306,8 @@ static int Adlib_initfn (ISADevice *dev)
 #else
 s->opl = OPLCreate (OPL_TYPE_YM3812, 3579545, s->freq);
 if (!s->opl) {
-dolog ("OPLCreate %d failed\n", s->freq);
-return -1;
+error_setg (errp, "OPLCreate %d failed", s->freq);
+return;
 }
 else {
 OPLSetTimerHandler (s->opl, timer_handler, 0);
@@ -332,7 +332,8 @@ static int Adlib_initfn (ISADevice *dev)
 );
 if (!s->voice) {
 Adlib_fini (s);
-return -1;
+error_setg (errp, "Initializing audio voice failed");
+return;
 }
 
 s->samples = AUD_get_buffer_size_out (s->voice) >> SHIFT;
@@ -346,8 +347,6 @@ static int Adlib_initfn (ISADevice *dev)
 
 register_ioport_read (s->port + 8, 2, 1, adlib_read, s);
 register_ioport_write (s->port + 8, 2, 1, adlib_write, s);
-
-return 0;
 }
 
 static Property adlib_properties[] = {
@@ -359,8 +358,8 @@ static Property adlib_properties[] = {
 static void adlib_class_initfn (ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS (klass);
-ISADeviceClass *ic = ISA_DEVICE_CLASS (klass);
-ic->init = Adlib_initfn;
+
+dc->realize = adlib_realizefn;
 dc->desc = ADLIB_DESC;
 dc->props = adlib_properties;
 }
diff --git a/hw/audio/cs4231a.c b/hw/audio/cs4231a.c
index d3ce739..605dad4 100644
--- a/hw/audio/cs4231a.c
+++ b/hw/audio/cs4231a.c
@@ -644,19 +644,25 @@ static const MemoryRegionOps cs_ioport_ops = {
 }
 };
 
-static int cs4231a_initfn (ISADevice *dev)
+static void cs4231a_initfn (Object *obj)
 {
+CSState *s = CS4231A (obj);
+
+memory_region_init_io (&s->ioports, &cs_ioport_ops, s, "cs4231a", 4);
+}
+
+static void cs4231a_realizefn (DeviceState *dev, Error **errp)
+{
+ISADevice *d = ISA_DEVICE (dev);
 CSState *s = CS4231A (dev);
 
-isa_init_irq (dev, &s->pic, s->irq);
+isa_init_irq (d, &s->pic, s->irq);
 
-memory_region_init_io (&s->ioports, &cs_ioport_ops, s, "cs4231a", 4);
-isa_register_ioport (dev, &s->ioports, s->port);
+isa_register_ioport (d, &s->ioports, s->port);
 
 DMA_register_channel (s->dma, cs_dma_read, s);
 
 AUD_register_card ("cs4231a", &s->card);
-return 0;

[Qemu-devel] [PATCH v2 2/6] log.h: Supply missing includes

[Markus Armbruster]

 has always been missing.  Rest missed in commit eeacee4.

Signed-off-by: Markus Armbruster 
---
 include/qemu/log.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/qemu/log.h b/include/qemu/log.h
index 6b0db02..fd76f91 100644
--- a/include/qemu/log.h
+++ b/include/qemu/log.h
@@ -2,6 +2,9 @@
 #define QEMU_LOG_H
 
 #include 
+#include 
+#include 
+#include "qemu/compiler.h"
 #ifdef NEED_CPU_H
 #include "disas/disas.h"
 #endif
-- 
1.7.11.7

[Qemu-devel] [PATCH v2 6/6] smbios: Check R in -smbios type=0, release=R parses okay

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 hw/i386/smbios.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/i386/smbios.c b/hw/i386/smbios.c
index 6431dd4..e708cb8 100644
--- a/hw/i386/smbios.c
+++ b/hw/i386/smbios.c
@@ -140,7 +140,10 @@ static void smbios_build_type_0_fields(const char *t)
  bios_release_date_str),
  buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "release", t)) {
-sscanf(buf, "%hhu.%hhu", &major, &minor);
+if (sscanf(buf, "%hhu.%hhu", &major, &minor) != 2) {
+error_report("Invalid release");
+exit(1);
+}
 smbios_add_field(0, offsetof(struct smbios_type_0,
  system_bios_major_release),
  &major, 1);
-- 
1.7.11.7

[Qemu-devel] [PATCH v2 06/12] i8254: Convert PITCommonState to QOM realizefn

[Andreas Färber]

Instead of having the parent provide PITCommonClass::init,
let the children override DeviceClass::realize themselves.
This pushes the responsibility for saving and calling the parent's
realizefn to the children.

Signed-off-by: Andreas Färber 
---
 hw/i386/kvm/i8254.c   | 40 +++
 hw/timer/i8254.c  | 24 ++-
 hw/timer/i8254_common.c   |  8 
 include/hw/timer/i8254_internal.h |  1 -
 4 files changed, 47 insertions(+), 26 deletions(-)

diff --git a/hw/i386/kvm/i8254.c b/hw/i386/kvm/i8254.c
index 4ac5551..93a3669 100644
--- a/hw/i386/kvm/i8254.c
+++ b/hw/i386/kvm/i8254.c
@@ -33,6 +33,10 @@
 #define CALIBRATION_ROUNDS   3
 
 #define KVM_PIT(obj) OBJECT_CHECK(KVMPITState, (obj), TYPE_KVM_I8254)
+#define KVM_PIT_CLASS(class) \
+OBJECT_CLASS_CHECK(KVMPITClass, (class), TYPE_KVM_I8254)
+#define KVM_PIT_GET_CLASS(obj) \
+OBJECT_GET_CLASS(KVMPITClass, (obj), TYPE_KVM_I8254)
 
 typedef struct KVMPITState {
 PITCommonState parent_obj;
@@ -42,6 +46,12 @@ typedef struct KVMPITState {
 int64_t kernel_clock_offset;
 } KVMPITState;
 
+typedef struct KVMPITClass {
+PITCommonClass parent_class;
+
+DeviceRealize parent_realize;
+} KVMPITClass;
+
 static int64_t abs64(int64_t v)
 {
 return v < 0 ? -v : v;
@@ -237,8 +247,10 @@ static void kvm_pit_vm_state_change(void *opaque, int 
running,
 }
 }
 
-static int kvm_pit_initfn(PITCommonState *pit)
+static void kvm_pit_realizefn(DeviceState *dev, Error **errp)
 {
+PITCommonState *pit = PIT_COMMON(dev);
+KVMPITClass *kpc = KVM_PIT_GET_CLASS(dev);
 KVMPITState *s = KVM_PIT(pit);
 struct kvm_pit_config config = {
 .flags = 0,
@@ -251,9 +263,9 @@ static int kvm_pit_initfn(PITCommonState *pit)
 ret = kvm_vm_ioctl(kvm_state, KVM_CREATE_PIT);
 }
 if (ret < 0) {
-fprintf(stderr, "Create kernel PIC irqchip failed: %s\n",
-strerror(ret));
-return ret;
+error_setg(errp, "Create kernel PIC irqchip failed: %s",
+   strerror(ret));
+return;
 }
 switch (s->lost_tick_policy) {
 case LOST_TICK_DELAY:
@@ -264,24 +276,25 @@ static int kvm_pit_initfn(PITCommonState *pit)
 
 ret = kvm_vm_ioctl(kvm_state, KVM_REINJECT_CONTROL, &control);
 if (ret < 0) {
-fprintf(stderr,
-"Can't disable in-kernel PIT reinjection: %s\n",
-strerror(ret));
-return ret;
+error_setg(errp,
+   "Can't disable in-kernel PIT reinjection: %s",
+   strerror(ret));
+return;
 }
 }
 break;
 default:
-return -EINVAL;
+error_setg(errp, "Lost tick policy not supported.");
+return;
 }
 
 memory_region_init_reservation(&pit->ioports, "kvm-pit", 4);
 
-qdev_init_gpio_in(&pit->dev.qdev, kvm_pit_irq_control, 1);
+qdev_init_gpio_in(dev, kvm_pit_irq_control, 1);
 
 qemu_add_vm_change_state_handler(kvm_pit_vm_state_change, s);
 
-return 0;
+kpc->parent_realize(dev, errp);
 }
 
 static Property kvm_pit_properties[] = {
@@ -293,10 +306,12 @@ static Property kvm_pit_properties[] = {
 
 static void kvm_pit_class_init(ObjectClass *klass, void *data)
 {
+KVMPITClass *kpc = KVM_PIT_CLASS(klass);
 PITCommonClass *k = PIT_COMMON_CLASS(klass);
 DeviceClass *dc = DEVICE_CLASS(klass);
 
-k->init = kvm_pit_initfn;
+kpc->parent_realize = dc->realize;
+dc->realize = kvm_pit_realizefn;
 k->set_channel_gate = kvm_pit_set_gate;
 k->get_channel_info = kvm_pit_get_channel_info;
 k->pre_save = kvm_pit_get;
@@ -310,6 +325,7 @@ static const TypeInfo kvm_pit_info = {
 .parent= TYPE_PIT_COMMON,
 .instance_size = sizeof(KVMPITState),
 .class_init = kvm_pit_class_init,
+.class_size = sizeof(KVMPITClass),
 };
 
 static void kvm_pit_register(void)
diff --git a/hw/timer/i8254.c b/hw/timer/i8254.c
index efbca19..16c8dd6 100644
--- a/hw/timer/i8254.c
+++ b/hw/timer/i8254.c
@@ -35,6 +35,15 @@
 #define RW_STATE_WORD0 3
 #define RW_STATE_WORD1 4
 
+#define PIT_CLASS(class) OBJECT_CLASS_CHECK(PITClass, (class), TYPE_I8254)
+#define PIT_GET_CLASS(obj) OBJECT_GET_CLASS(PITClass, (obj), TYPE_I8254)
+
+typedef struct PITClass {
+PITCommonClass parent_class;
+
+DeviceRealize parent_realize;
+} PITClass;
+
 static void pit_irq_timer_update(PITChannelState *s, int64_t current_time);
 
 static int pit_get_count(PITChannelState *s)
@@ -313,20 +322,22 @@ static void pit_post_load(PITCommonState *s)
 }
 }
 
-static int pit_initfn(PITCommonState *pit)
+static void pit_realizefn(DeviceState *dev, Error **err)
 {
+PITCommonState *pit = PIT_COMMON(dev);
+PITClass *pc = PIT_GET_CLASS(dev);
 PITChannelState *s;
 
 s = &pit->channels[0];
 /* the timer 0 is connected to an IRQ */
 s->irq_timer = qemu_

[Qemu-devel] [PATCH v2 1/6] error-report.h: Supply missing include

[Markus Armbruster]

Missed in commit e5924d8.

Signed-off-by: Markus Armbruster 
---
 include/qemu/error-report.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/qemu/error-report.h b/include/qemu/error-report.h
index c902cc1..14c1719 100644
--- a/include/qemu/error-report.h
+++ b/include/qemu/error-report.h
@@ -14,6 +14,7 @@
 #define QEMU_ERROR_H
 
 #include 
+#include "qemu/compiler.h"
 
 typedef struct Location {
 /* all members are private to qemu-error.c */
-- 
1.7.11.7

[Qemu-devel] [PATCH v2 5/6] smbios: Fix -smbios type=0, release=... for big endian hosts

[Markus Armbruster]

Classic endianness bug due to careless dirty coding: assuming reading
a byte from an int variable gets the least significant byte.

Signed-off-by: Markus Armbruster 
---
 hw/i386/smbios.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/i386/smbios.c b/hw/i386/smbios.c
index 322f0a0..6431dd4 100644
--- a/hw/i386/smbios.c
+++ b/hw/i386/smbios.c
@@ -127,6 +127,7 @@ void smbios_add_field(int type, int offset, const void 
*data, size_t len)
 static void smbios_build_type_0_fields(const char *t)
 {
 char buf[1024];
+unsigned char major, minor;
 
 if (get_param_value(buf, sizeof(buf), "vendor", t))
 smbios_add_field(0, offsetof(struct smbios_type_0, vendor_str),
@@ -139,8 +140,7 @@ static void smbios_build_type_0_fields(const char *t)
  bios_release_date_str),
  buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "release", t)) {
-int major, minor;
-sscanf(buf, "%d.%d", &major, &minor);
+sscanf(buf, "%hhu.%hhu", &major, &minor);
 smbios_add_field(0, offsetof(struct smbios_type_0,
  system_bios_major_release),
  &major, 1);
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH v2 00/12] QOM realize for ISA, part 2

[Andreas Färber]

Am 07.06.2013 14:58, schrieb Andreas Färber:
> Cc: malc 

FWIW should be av1474, but either one bounces. ;)

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH v2 00/12] QOM realize for ISA, part 2

[Andreas Färber]

Hello,

Here is my next batch of QOM realize patches for ISA devices.

For two "new" ISA devices QOM cast macros are introduced (gus, cs4231a);
these two and the new pvpanic ISA device are now converted, too.

Series is extended to clean up all ISABus and ISADevice uses;
it then becomes easy to get rid of FROM_QBUS() as next step.

Available from:
https://github.com/afaerber/qemu-cpu/commits/realize-isa.v2
git://github.com/afaerber/qemu-cpu.git realize-isa.v2

Regards,
Andreas

v1 -> v2:
* Most QOM'ifications were already applied.
* Rebased on file movements.
* Dropped \n from error_setg().
* gus.c and cs4231a.c are now compiled in and needed to be updated.
* pvpanic device was added and needed to be converted.
* Tidied errp argument/variable naming consistently.
* debugcon: Don't double-report error.
* parallel: Dropped \n.
* serial: Replaced fprintf()+exit().
* pc port92: Split off instance_init from realizefn.
* Appended patches renaming ISABus and ISADevice parent fields.
* Appended patch dropping FROM_QBUS() macro.

Cc: Anthony Liguori 
Cc: Blue Swirl 
Cc: Aurélien Jarno 

Cc: Paolo Bonzini 
Cc: malc 
Cc: Hu Tao 
Cc: Michael S. Tsirkin 
Cc: Peter C. Crosthwaite 

Andreas Färber (12):
  gus: QOM'ify some more
  cs4231a: QOM'ify some more
  isa: Use realizefn for ISADevice
  i8254: QOM'ify some more
  kvm/i8254: QOM'ify some more
  i8254: Convert PITCommonState to QOM realizefn
  i8259: QOM'ify some more
  kvm/i8259: QOM'ify some more
  i8259: Convert PICCommonState to use QOM realizefn
  isa: QOM'ify ISABus
  isa: QOM'ify ISADevice
  qdev: Drop FROM_QBUS() macro

 hw/audio/adlib.c  | 23 ---
 hw/audio/cs4231a.c| 38 +++--
 hw/audio/gus.c| 27 ++
 hw/audio/pcspk.c  | 19 -
 hw/audio/sb16.c   | 21 +-
 hw/block/fdc.c| 40 +++---
 hw/char/debugcon.c| 23 +--
 hw/char/parallel.c| 29 +++
 hw/char/serial-isa.c  | 34 --
 hw/char/serial-pci.c  | 17 +--
 hw/char/serial.c  | 22 +++
 hw/display/cirrus_vga.c   | 12 
 hw/display/vga-isa.c  | 17 ++-
 hw/dma/i82374.c   | 13 -
 hw/i2c/core.c |  4 +--
 hw/i386/kvm/i8254.c   | 59 ++-
 hw/i386/kvm/i8259.c   | 34 ++
 hw/i386/pc.c  | 28 ---
 hw/i386/pc_piix.c |  2 +-
 hw/ide/isa.c  | 16 +--
 hw/input/pckbd.c  | 29 +++
 hw/input/vmmouse.c|  8 ++
 hw/intc/i8259.c   | 48 ++-
 hw/intc/i8259_common.c| 34 ++
 hw/isa/i82378.c   |  4 +--
 hw/isa/isa-bus.c  | 25 -
 hw/isa/pc87312.c  | 12 
 hw/isa/piix4.c|  2 +-
 hw/isa/vt82c686.c |  2 +-
 hw/misc/applesmc.c| 10 +++
 hw/misc/debugexit.c   | 10 +++
 hw/misc/pc-testdev.c  | 11 
 hw/misc/pvpanic.c | 19 -
 hw/misc/sga.c |  7 ++---
 hw/misc/vmport.c  | 10 +++
 hw/net/ne2000-isa.c   | 15 +-
 hw/pci/pci.c  |  2 +-
 hw/ppc/prep.c |  7 +++--
 hw/sparc64/sun4u.c|  3 +-
 hw/ssi/ssi.c  |  2 +-
 hw/timer/i8254.c  | 28 ++-
 hw/timer/i8254_common.c   | 19 -
 hw/timer/m48t59.c | 22 +--
 hw/timer/mc146818rtc.c| 18 ++--
 hw/watchdog/wdt_ib700.c   |  8 ++
 include/hw/audio/pcspk.h  | 14 ++
 include/hw/char/serial.h  |  2 +-
 include/hw/i386/pc.h  | 30 +++-
 include/hw/isa/i8259_internal.h   |  2 +-
 include/hw/isa/isa.h  | 11 ++--
 include/hw/qdev-core.h|  2 --
 include/hw/timer/i8254.h  | 31 
 include/hw/timer/i8254_internal.h |  1 -
 53 files changed, 535 insertions(+), 391 deletions(-)

-- 
1.8.1.4

[Qemu-devel] [PULL 06/26] qemu-io: Don't use global bs in command implementations

[Stefan Hajnoczi]

From: Kevin Wolf 

Pass in the BlockDriverState to the command handlers instead of using
the global variable. This is an important step to make the commands
usable outside of qemu-io.

Signed-off-by: Kevin Wolf 
Reviewed-by: Eric Blake 
Signed-off-by: Stefan Hajnoczi 
---
 cmd.c |   6 ++-
 cmd.h |   8 ++-
 qemu-io.c | 167 ++
 3 files changed, 101 insertions(+), 80 deletions(-)

diff --git a/cmd.c b/cmd.c
index 214c6f7..d501aab 100644
--- a/cmd.c
+++ b/cmd.c
@@ -57,7 +57,7 @@ check_command(
const cmdinfo_t *ci)
 {
if (check_func)
-   return check_func(ci);
+   return check_func(qemuio_bs, ci);
return 1;
 }
 
@@ -103,7 +103,7 @@ command(
return 0;
}
optind = 0;
-   return ct->cfunc(argc, argv);
+   return ct->cfunc(qemuio_bs, argc, argv);
 }
 
 const cmdinfo_t *
@@ -452,6 +452,7 @@ static cmdinfo_t quit_cmd;
 /* ARGSUSED */
 static int
 quit_f(
+BlockDriverState *bs,
int argc,
char**argv)
 {
@@ -490,6 +491,7 @@ help_all(void)
 
 static int
 help_f(
+BlockDriverState *bs,
int argc,
char**argv)
 {
diff --git a/cmd.h b/cmd.h
index 4dcfe88..ccf6336 100644
--- a/cmd.h
+++ b/cmd.h
@@ -17,9 +17,13 @@
 #ifndef __COMMAND_H__
 #define __COMMAND_H__
 
+#include "qemu-common.h"
+
 #define CMD_FLAG_GLOBAL((int)0x8000)   /* don't iterate "args" 
*/
 
-typedef int (*cfunc_t)(int argc, char **argv);
+extern BlockDriverState *qemuio_bs;
+
+typedef int (*cfunc_t)(BlockDriverState *bs, int argc, char **argv);
 typedef void (*helpfunc_t)(void);
 
 typedef struct cmdinfo {
@@ -41,7 +45,7 @@ extern intncmds;
 void help_init(void);
 void quit_init(void);
 
-typedef int (*checkfunc_t)(const cmdinfo_t *ci);
+typedef int (*checkfunc_t)(BlockDriverState *bs, const cmdinfo_t *ci);
 
 void add_command(const cmdinfo_t *ci);
 void add_user_command(char *optarg);
diff --git a/qemu-io.c b/qemu-io.c
index b4f56fc..39d7063 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -25,8 +25,8 @@
 #define CMD_NOFILE_OK   0x01
 
 char *progname;
-static BlockDriverState *bs;
 
+BlockDriverState *qemuio_bs;
 static int misalign;
 
 static int64_t cvtnum(const char *s)
@@ -63,7 +63,7 @@ static int parse_pattern(const char *arg)
  */
 
 #define MISALIGN_OFFSET 16
-static void *qemu_io_alloc(size_t len, int pattern)
+static void *qemu_io_alloc(BlockDriverState *bs, size_t len, int pattern)
 {
 void *buf;
 
@@ -136,7 +136,8 @@ static void print_report(const char *op, struct timeval *t, 
int64_t offset,
  * vector matching it.
  */
 static void *
-create_iovec(QEMUIOVector *qiov, char **argv, int nr_iov, int pattern)
+create_iovec(BlockDriverState *bs, QEMUIOVector *qiov, char **argv, int nr_iov,
+ int pattern)
 {
 size_t *sizes = g_new0(size_t, nr_iov);
 size_t count = 0;
@@ -172,7 +173,7 @@ create_iovec(QEMUIOVector *qiov, char **argv, int nr_iov, 
int pattern)
 
 qemu_iovec_init(qiov, nr_iov);
 
-buf = p = qemu_io_alloc(count, pattern);
+buf = p = qemu_io_alloc(bs, count, pattern);
 
 for (i = 0; i < nr_iov; i++) {
 qemu_iovec_add(qiov, p, sizes[i]);
@@ -184,7 +185,8 @@ fail:
 return buf;
 }
 
-static int do_read(char *buf, int64_t offset, int count, int *total)
+static int do_read(BlockDriverState *bs, char *buf, int64_t offset, int count,
+   int *total)
 {
 int ret;
 
@@ -196,7 +198,8 @@ static int do_read(char *buf, int64_t offset, int count, 
int *total)
 return 1;
 }
 
-static int do_write(char *buf, int64_t offset, int count, int *total)
+static int do_write(BlockDriverState *bs, char *buf, int64_t offset, int count,
+int *total)
 {
 int ret;
 
@@ -208,7 +211,8 @@ static int do_write(char *buf, int64_t offset, int count, 
int *total)
 return 1;
 }
 
-static int do_pread(char *buf, int64_t offset, int count, int *total)
+static int do_pread(BlockDriverState *bs, char *buf, int64_t offset, int count,
+int *total)
 {
 *total = bdrv_pread(bs, offset, (uint8_t *)buf, count);
 if (*total < 0) {
@@ -217,7 +221,8 @@ static int do_pread(char *buf, int64_t offset, int count, 
int *total)
 return 1;
 }
 
-static int do_pwrite(char *buf, int64_t offset, int count, int *total)
+static int do_pwrite(BlockDriverState *bs, char *buf, int64_t offset, int 
count,
+ int *total)
 {
 *total = bdrv_pwrite(bs, offset, (uint8_t *)buf, count);
 if (*total < 0) {
@@ -227,6 +232,7 @@ static int do_pwrite(char *buf, int64_t offset, int count, 
int *total)
 }
 
 typedef struct {
+BlockDriverState *bs;
 int64_t offset;
 int count;
 int *total;
@@ -238,7 +244,7 @@ static void coroutine_fn co_write_zeroes_entry(void *opaque)
 {
 CoWriteZeroes *data = opaque;
 
-data->ret = bdrv_co_write_zeroes(bs, data->offset / BDRV_SECTOR_SIZE,
+data->ret = bd

[Qemu-devel] [PULL 16/26] qemu-io: Use the qemu version for -V

[Stefan Hajnoczi]

From: Kevin Wolf 

Always printing 0.0.1 and never updating the version number wasn't very
useful. qemu-io is released with qemu, so using the same version number
makes most sense.

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 qemu-io.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/qemu-io.c b/qemu-io.c
index 514edcb..cb9def5 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -19,8 +19,6 @@
 #include "block/block_int.h"
 #include "trace/control.h"
 
-#define VERSION"0.0.1"
-
 #define CMD_NOFILE_OK   0x01
 
 char *progname;
@@ -380,7 +378,7 @@ int main(int argc, char **argv)
 }
 break;
 case 'V':
-printf("%s version %s\n", progname, VERSION);
+printf("%s version %s\n", progname, QEMU_VERSION);
 exit(0);
 case 'h':
 usage(progname);
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 0/6] Some -smbios work

[Markus Armbruster]

Better error messages, a bit of code cleanup, and a big endian fix.

Not addressed: qemu_uuid_parse() sets an SMBIOS field by side effect.
Gross!

Testing:
* Verify error messages improve for
-smbios gaga
-smbios file=gaga
-smbios type=42
-smbios type=1,uuid=gaga
-smbios type=0,release=gaga
* Verify SMBIOS table remains unchanged
-smbios type=0,vendor=me,version=42,date=today,release=1.2 -smbios 
type=1,manufacturer=me,product=crap,version=6,serial=77,uuid=988bc9dd-0986-440f-ac24-cf9626c5aa88,sku=888,family=flintstones
  by sticking
  qemu_hexdump(smbios_entries, stdout, "SMBIOS", smbios_entries_len);
  into smbios_get_table()

v2: Address "Hawkeye" Laszlo's review
* 1-3/7 unchanged
* Drop 4/7 because it's buggy, and the fixed version isn't worthwhile
* Spelling fix in commit message of 5/7
* Correct scanf format in 5-6/7

Markus Armbruster (6):
  error-report.h: Supply missing include
  log.h: Supply missing includes
  smbios: Convert to error_report()
  smbios: Clean up smbios_add_field() parameters
  smbios: Fix -smbios type=0,release=... for big endian hosts
  smbios: Check R in -smbios type=0,release=R parses okay

 arch_init.c |  3 +--
 hw/i386/smbios.c| 57 -
 include/hw/i386/smbios.h|  2 +-
 include/qemu/error-report.h |  1 +
 include/qemu/log.h  |  3 +++
 5 files changed, 37 insertions(+), 29 deletions(-)

-- 
1.7.11.7

[Qemu-devel] [PATCH v2 4/6] smbios: Clean up smbios_add_field() parameters

[Markus Armbruster]

Having size precede the associated pointer is odd.  Swap them, and fix
up the types.

Signed-off-by: Markus Armbruster 
---
 arch_init.c  |  2 +-
 hw/i386/smbios.c | 26 ++
 include/hw/i386/smbios.h |  2 +-
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 5d71870..872020e 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -1029,7 +1029,7 @@ int qemu_uuid_parse(const char *str, uint8_t *uuid)
 return -1;
 }
 #ifdef TARGET_I386
-smbios_add_field(1, offsetof(struct smbios_type_1, uuid), 16, uuid);
+smbios_add_field(1, offsetof(struct smbios_type_1, uuid), uuid, 16);
 #endif
 return 0;
 }
diff --git a/hw/i386/smbios.c b/hw/i386/smbios.c
index a67a328..322f0a0 100644
--- a/hw/i386/smbios.c
+++ b/hw/i386/smbios.c
@@ -99,7 +99,7 @@ static void smbios_check_collision(int type, int entry)
 }
 }
 
-void smbios_add_field(int type, int offset, int len, void *data)
+void smbios_add_field(int type, int offset, const void *data, size_t len)
 {
 struct smbios_field *field;
 
@@ -130,21 +130,23 @@ static void smbios_build_type_0_fields(const char *t)
 
 if (get_param_value(buf, sizeof(buf), "vendor", t))
 smbios_add_field(0, offsetof(struct smbios_type_0, vendor_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "version", t))
 smbios_add_field(0, offsetof(struct smbios_type_0, bios_version_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "date", t))
 smbios_add_field(0, offsetof(struct smbios_type_0,
  bios_release_date_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "release", t)) {
 int major, minor;
 sscanf(buf, "%d.%d", &major, &minor);
 smbios_add_field(0, offsetof(struct smbios_type_0,
- system_bios_major_release), 1, &major);
+ system_bios_major_release),
+ &major, 1);
 smbios_add_field(0, offsetof(struct smbios_type_0,
- system_bios_minor_release), 1, &minor);
+ system_bios_minor_release),
+ &minor, 1);
 }
 }
 
@@ -154,16 +156,16 @@ static void smbios_build_type_1_fields(const char *t)
 
 if (get_param_value(buf, sizeof(buf), "manufacturer", t))
 smbios_add_field(1, offsetof(struct smbios_type_1, manufacturer_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "product", t))
 smbios_add_field(1, offsetof(struct smbios_type_1, product_name_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "version", t))
 smbios_add_field(1, offsetof(struct smbios_type_1, version_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "serial", t))
 smbios_add_field(1, offsetof(struct smbios_type_1, serial_number_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "uuid", t)) {
 if (qemu_uuid_parse(buf, qemu_uuid) != 0) {
 error_report("Invalid UUID");
@@ -172,10 +174,10 @@ static void smbios_build_type_1_fields(const char *t)
 }
 if (get_param_value(buf, sizeof(buf), "sku", t))
 smbios_add_field(1, offsetof(struct smbios_type_1, sku_number_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 if (get_param_value(buf, sizeof(buf), "family", t))
 smbios_add_field(1, offsetof(struct smbios_type_1, family_str),
- strlen(buf) + 1, buf);
+ buf, strlen(buf) + 1);
 }
 
 int smbios_entry_add(const char *t)
diff --git a/include/hw/i386/smbios.h b/include/hw/i386/smbios.h
index 94e3641..9babeaf 100644
--- a/include/hw/i386/smbios.h
+++ b/include/hw/i386/smbios.h
@@ -14,7 +14,7 @@
  */
 
 int smbios_entry_add(const char *t);
-void smbios_add_field(int type, int offset, int len, void *data);
+void smbios_add_field(int type, int offset, const void *data, size_t len);
 uint8_t *smbios_get_table(size_t *length);
 
 /*
-- 
1.7.11.7

[Qemu-devel] [PULL 21/26] ide-test: Add FLUSH CACHE test case

[Stefan Hajnoczi]

From: Kevin Wolf 

This checks in particular that BSY is set while the flush request is in
flight.

Signed-off-by: Kevin Wolf 
Signed-off-by: Stefan Hajnoczi 
---
 tests/ide-test.c | 40 
 1 file changed, 40 insertions(+)

diff --git a/tests/ide-test.c b/tests/ide-test.c
index 1c31a2e..828e71a 100644
--- a/tests/ide-test.c
+++ b/tests/ide-test.c
@@ -77,6 +77,7 @@ enum {
 enum {
 CMD_READ_DMA= 0xc8,
 CMD_WRITE_DMA   = 0xca,
+CMD_FLUSH_CACHE = 0xe7,
 CMD_IDENTIFY= 0xec,
 
 CMDF_ABORT  = 0x100,
@@ -424,6 +425,43 @@ static void test_identify(void)
 ide_test_quit();
 }
 
+static void test_flush(void)
+{
+uint8_t data;
+
+ide_test_start(
+"-vnc none "
+"-drive file=blkdebug::%s,if=ide,cache=writeback",
+tmp_path);
+
+/* Delay the completion of the flush request until we explicitly do it */
+qmp("{'execute':'human-monitor-command', 'arguments': { "
+"'command-line': 'qemu-io ide0-hd0 \"break flush_to_os A\"'} }");
+
+/* FLUSH CACHE command on device 0*/
+outb(IDE_BASE + reg_device, 0);
+outb(IDE_BASE + reg_command, CMD_FLUSH_CACHE);
+
+/* Check status while request is in flight*/
+data = inb(IDE_BASE + reg_status);
+assert_bit_set(data, BSY | DRDY);
+assert_bit_clear(data, DF | ERR | DRQ);
+
+/* Complete the command */
+qmp("{'execute':'human-monitor-command', 'arguments': { "
+"'command-line': 'qemu-io ide0-hd0 \"resume A\"'} }");
+
+/* Check registers */
+data = inb(IDE_BASE + reg_device);
+g_assert_cmpint(data & DEV, ==, 0);
+
+data = inb(IDE_BASE + reg_status);
+assert_bit_set(data, DRDY);
+assert_bit_clear(data, BSY | DF | ERR | DRQ);
+
+ide_test_quit();
+}
+
 int main(int argc, char **argv)
 {
 const char *arch = qtest_get_arch();
@@ -454,6 +492,8 @@ int main(int argc, char **argv)
 qtest_add_func("/ide/bmdma/long_prdt", test_bmdma_long_prdt);
 qtest_add_func("/ide/bmdma/teardown", test_bmdma_teardown);
 
+qtest_add_func("/ide/flush", test_flush);
+
 ret = g_test_run();
 
 /* Cleanup */
-- 
1.8.1.4

[Qemu-devel] [PATCH v2 3/6] smbios: Convert to error_report()

[Markus Armbruster]

Improves diagnistics from ad hoc messages like

Invalid SMBIOS UUID string

to

qemu-system-x86_64: -smbios type=1,uuid=gaga: Invalid UUID

Signed-off-by: Markus Armbruster 
---
 arch_init.c  |  1 -
 hw/i386/smbios.c | 24 
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 5d32ecf..5d71870 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -1053,7 +1053,6 @@ void do_smbios_option(const char *optarg)
 {
 #ifdef TARGET_I386
 if (smbios_entry_add(optarg) < 0) {
-fprintf(stderr, "Wrong smbios provided\n");
 exit(1);
 }
 #endif
diff --git a/hw/i386/smbios.c b/hw/i386/smbios.c
index c00bb2f..a67a328 100644
--- a/hw/i386/smbios.c
+++ b/hw/i386/smbios.c
@@ -13,6 +13,7 @@
  * GNU GPL, version 2 or (at your option) any later version.
  */
 
+#include "qemu/error-report.h"
 #include "sysemu/sysemu.h"
 #include "hw/i386/smbios.h"
 #include "hw/loader.h"
@@ -48,8 +49,7 @@ static int smbios_type4_count = 0;
 static void smbios_validate_table(void)
 {
 if (smbios_type4_count && smbios_type4_count != smp_cpus) {
- fprintf(stderr,
- "Number of SMBIOS Type 4 tables must match cpu count.\n");
+error_report("Number of SMBIOS Type 4 tables must match cpu count");
 exit(1);
 }
 }
@@ -82,16 +82,16 @@ static void smbios_check_collision(int type, int entry)
 if (entry == SMBIOS_TABLE_ENTRY && header->type == SMBIOS_FIELD_ENTRY) 
{
 struct smbios_field *field = (void *)header;
 if (type == field->type) {
-fprintf(stderr, "SMBIOS type %d field already defined, "
-"cannot add table\n", type);
+error_report("SMBIOS type %d field already defined, "
+ "cannot add table", type);
 exit(1);
 }
 } else if (entry == SMBIOS_FIELD_ENTRY &&
header->type == SMBIOS_TABLE_ENTRY) {
 struct smbios_structure_header *table = (void *)(header + 1);
 if (type == table->type) {
-fprintf(stderr, "SMBIOS type %d table already defined, "
-"cannot add field\n", type);
+error_report("SMBIOS type %d table already defined, "
+ "cannot add field", type);
 exit(1);
 }
 }
@@ -166,7 +166,7 @@ static void smbios_build_type_1_fields(const char *t)
  strlen(buf) + 1, buf);
 if (get_param_value(buf, sizeof(buf), "uuid", t)) {
 if (qemu_uuid_parse(buf, qemu_uuid) != 0) {
-fprintf(stderr, "Invalid SMBIOS UUID string\n");
+error_report("Invalid UUID");
 exit(1);
 }
 }
@@ -188,7 +188,7 @@ int smbios_entry_add(const char *t)
 int size = get_image_size(buf);
 
 if (size == -1 || size < sizeof(struct smbios_structure_header)) {
-fprintf(stderr, "Cannot read smbios file %s\n", buf);
+error_report("Cannot read SMBIOS file %s", buf);
 exit(1);
 }
 
@@ -204,7 +204,7 @@ int smbios_entry_add(const char *t)
 table->header.length = cpu_to_le16(sizeof(*table) + size);
 
 if (load_image(buf, table->data) != size) {
-fprintf(stderr, "Failed to load smbios file %s", buf);
+error_report("Failed to load SMBIOS file %s", buf);
 exit(1);
 }
 
@@ -230,12 +230,12 @@ int smbios_entry_add(const char *t)
 smbios_build_type_1_fields(t);
 return 0;
 default:
-fprintf(stderr, "Don't know how to build fields for SMBIOS type "
-"%ld\n", type);
+error_report("Don't know how to build fields for SMBIOS type %ld",
+ type);
 exit(1);
 }
 }
 
-fprintf(stderr, "smbios: must specify type= or file=\n");
+error_report("Must specify type= or file=");
 return -1;
 }
-- 
1.7.11.7

Re: [Qemu-devel] 'qemu-nbd' explicit flush

[Mark Trumpold]

On 5/28/13 11:42 PM, "Stefan Hajnoczi"  wrote:

>On Tue, May 28, 2013 at 06:00:08PM +, Mark Trumpold wrote:
>> 
>> >-Original Message-
>> >From: Stefan Hajnoczi [mailto:stefa...@gmail.com]
>> >Sent: Monday, May 27, 2013 05:36 AM
>> >To: 'Mark Trumpold'
>> >Cc: 'Paolo Bonzini', qemu-devel@nongnu.org, ma...@tachyon.net
>> >Subject: Re: 'qemu-nbd' explicit flush
>> >
>> >On Sat, May 25, 2013 at 09:42:08AM -0800, Mark Trumpold wrote:
>> >> On 5/24/13 1:05 AM, "Stefan Hajnoczi"  wrote:
>> >> >On Thu, May 23, 2013 at 09:58:31PM +, Mark Trumpold wrote:
>> >> >One thing to be careful of is whether these operations are
>>asynchronous.
>> >> >The signal is asynchronous, you have no way of knowing when
>>qemu-nbd is
>> >> >finished flushing to the physical disk.
>> >>
>> >> Right, of course.  I missed the obvious.
>> >
>> >I missed something too.  Paolo may have already hinted at this when he
>> >posted a dd oflag=sync command-line option:
>> >
>> >blockdev --flushbufs is the wrong tool because ioctl(BLKFLSBUF) only
>> >writes out dirty pages to the block device.  It does *not* guarantee to
>> >send a flush request to the device.
>> >
>> >Therefore, the underlying image file may not be put into an up-to-date
>> >state by qemu-nbd.
>> >
>> >
>> >I suggest trying the following instead of blockdev --flushbufs:
>> >
>> >  python -c 'import os; os.fsync(open("/dev/loopX", "r+b"))'
>> >
>> >This should do the same as blockdev --flushbufs *plus* it sends and
>> >waits for the NBD FLUSH command.
>> >
>> >You may have to play with this command-line a little but the main idea
>> >is to open the block device and fsync it.
>> >
>> >Stefan
>> >
>> 
>> Hi Stefan,
>> 
>> One of my early experiments was adding a command line option to
>>'qemu-nbd' that did an open on 'device' (similar to the -c option), and
>>then calling 'fsync' on the 'device'.  By itself, I did not get a
>>complete flush to disk.  Was I missing something?
>> 
>> Empirically, the signal solution (blockdev --flushbufs plus
>>'bdrv_flush_all') was keeping my disk consistent.  My unit test
>>exercises the flush and snapshot pretty rigorously; that is, it never
>>passed before with 'qemu-nbd --cache=writeback ...'.  However, I did not
>>want to rely on 'sleep' for the race condition.
>> 
>> Is there any opportunity with the nbd client socket interface?  The
>>advantage for me there is not modifying 'qemu-nbd' source.
>
>I'm suggesting that you don't need to modify qemu-nbd.  If your host is
>running nbd.ko with flush support, then it should be enough to open the
>device and issue fsync(2).
>
>You can verify this using tcpdump(8) and checking that the NBD FLUSH
>command is really being sent by the host kernel.  If not, double check
>you're using the latest nbd.ko.
>
>Stefan


Stefan,

I tried the 'fsync' approach.  It apparently has no effect with my
3.3.1 Linux kernel and patch.  Changing kernels is not an option for me
at the moment, so I will revisit when we have an opportunity to upgrade
kernels, but for the moment I'll have to stick with 'cache=writethrough'.

Thank you again for your attention and help.

Best Regards,
Mark T.

Re: [Qemu-devel] [PATCH 00/39] Delay destruction of memory regions to instance_finalize

[Andreas Färber]

Hi Peter,

Am 07.06.2013 10:41, schrieb Peter Crosthwaite:
> I have a series that fixes all qom cast macros for all PCI devices tree
> wide. Can post. Qom cast macros added as needed.

Sounds promising! I just CC'ed you on my ISA series v2, which touches on
PCI_BUS() in the final patch, dropping FROM_QBUS().

> How are you regression testing this series? If you have a pc/PCI
> regression suite I could use it for my series.

I rely on `make check` to find the most obvious QOM errors.
libqos PCI support is still very new, so we don't have full device
coverage there yet.

Usually I run an openSUSE and/or SLES guest under KVM (pick your
favorite), which will exercise the relevant init, realize and reset code
paths at least.

And finally I re-review things in gitk before sending - not the nicest
tool but convenient for fixing up things and verifying quickly.

HTH,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v2 0/6] Some -smbios work

[Laszlo Ersek]

On 06/07/13 15:00, Markus Armbruster wrote:

> v2: Address "Hawkeye" Laszlo's review

You're too kind, but it did crack me up :)

(Next time I'll miss something I'll have to hang my head in shame all
the more!)

> * 1-3/7 unchanged
> * Drop 4/7 because it's buggy, and the fixed version isn't worthwhile
> * Spelling fix in commit message of 5/7
> * Correct scanf format in 5-6/7

series
Reviewed-by: Laszlo "ever the optimist" Ersek 

Re: [Qemu-devel] [PATCH 5/5] trace-events: Fix up source file comments

[Andreas Färber]

Am 07.06.2013 12:59, schrieb Markus Armbruster:
> They're all wrong since (at least) Paolo's big source tree
> reorganization.  Need to shuffle some event declarations around to
> keep them under the correct source file comment.
> 
> Signed-off-by: Markus Armbruster 
> ---
>  trace-events | 162 
> ---
>  1 file changed, 87 insertions(+), 75 deletions(-)
> 
> diff --git a/trace-events b/trace-events
> index e12d376..d95e903 100644
> --- a/trace-events
> +++ b/trace-events
> @@ -25,18 +25,14 @@
>  #
>  # The  should be a sprintf()-compatible format string.
>  
> -# qemu-malloc.c
> -g_malloc(size_t size, void *ptr) "size %zu ptr %p"
> -g_realloc(void *ptr, size_t size, void *newptr) "ptr %p size %zu newptr %p"
> -g_free(void *ptr) "ptr %p"
> -
> -# osdep.c
> +# util/oslib-win32.c
> +# util/oslib-posix.c
[snip]

Thanks for taking time for this cleanup! I noticed before but haven't
found the time myself so far. ;)

If someone else feels like cleaning up, there's also quite a number of
header files which annotate prototypes with now wrong source files.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH v2] e600 core for MPC86xx processors

[Julio Guerra]

>>
>> However I can't judge whether all that code is right for e600 and
>> whether you may want to share some code with e500 / e5500 in some way?
>> CC'ing some Freescale folks.
>
>
> e600 is a very different core from e500/e5500.  It is a 74xx derivative.
> The only thing I can see that could be shared with e500 is the code to
> register SPRG4-7, but that's something that's already duplicated between a
> bunch of cores.
>

Yes, and as previously said, this is almost entirely a copy/paste from
the 7440 code, plus SPRGs 4..7, the high BATs and the POWERPC_MMU_32B
setting. It can be shared in a later patch.

--
Julio Guerra

Re: [Qemu-devel] [PATCH v5] net: add support of mac-programming over macvtap in QEMU side

[Luiz Capitulino]

On Wed,  5 Jun 2013 18:42:13 +0800
Amos Kong  wrote:

> Currently macvtap based macvlan device is working in promiscuous
> mode, we want to implement mac-programming over macvtap through
> Libvirt for better performance.
> 
> Design:
> QEMU notifies Libvirt when rx-filter config is changed in guest,
> then Libvirt query the rx-filter information by a monitor command,
> and sync the change to macvtap device. Related rx-filter config
> of the nic contains main mac, rx-mode items and vlan table.
> 
> This patch adds a QMP event to notify management of rx-filter change,
> and adds a monitor command for management to query rx-filter
> information.
> 
> For reducing length of output, we just return the entries of vlan
> filter table that have active vlan.
> 
> Event_throttle API can avoid the events to flood QMP client, but it
> could cause an unexpected delay. So a flag for each nic is used to
> avoid events flooding, if management doesn't query rx-filter after
> it receives one event, new events won't be emitted to QMP monitor.
> 
> There maybe exist an uncontrollable delay if we let Libvirt do the
> real change, guests normally expect rx-filter updates immediately.
> But it's another separate issue, we can investigate it when the
> work in Libvirt side is done.

I think I completely misunderstood your testing results.

I had understood that: 1. changing the mac often & quick enough to
be a problem was a corner case and 2. you actually can overflow mngt

I hope I really got it wrong, otherwise you'll be using that
flag as a replacement for the event throttle API, which would be
a big mistake.

Can you please add your test results & analysis to this commit message?

Two small comments below.

> Signed-off-by: Amos Kong 
> ---
> v2: add argument to filter mac-table info of single nic (Stefan)
> update the document, add event notification
> v3: rename to rx-filter, add main mac, avoid events flooding (MST)
> fix error process (Stefan), fix qmp interface (Eric)
> v4: process qerror in hmp, cleanup (Luiz)
> set flag for each device, add device path in event, add
> helper for g_strdup_printf (MST)
> fix qmp document (Eric)
> v5: add path in doc, define notify flag to unsigned (Eric)
> add vlan table (Jason), drop monitor cmd
> ---
>  QMP/qmp-events.txt|  20 +
>  hw/net/virtio-net.c   | 112 
> ++
>  include/monitor/monitor.h |   1 +
>  include/net/net.h |   3 ++
>  monitor.c |   1 +
>  net/net.c |  47 +++
>  qapi-schema.json  |  89 
>  qmp-commands.hx   |  66 +++
>  8 files changed, 339 insertions(+)
> 
> diff --git a/QMP/qmp-events.txt b/QMP/qmp-events.txt
> index 92fe5fb..885230e 100644
> --- a/QMP/qmp-events.txt
> +++ b/QMP/qmp-events.txt
> @@ -172,6 +172,26 @@ Data:
>},
>"timestamp": { "seconds": 1265044230, "microseconds": 450486 } }
>  
> +NIC_RX_FILTER_CHANGED
> +-
> +
> +Emitted when rx-filter configuration of nic is changed by the guest.
> +Each nic has a flag to control event emit, the flag is set to false
> +when it emits one event of the nic, the flag is set to true when
> +management queries the rx-filter of the nic. This is used to avoid
> +events flooding.

Having this flag is an implementation detail. I think you should only
say that the event is emitted once until the query command is executed.

> +
> +Data:
> +
> +- "name": net client name (json-string)
> +- "path": device path (json-string)
> +
> +{ "event": "NIC_RX_FILTER_CHANGED",
> +  "data": { "name": "vnet0",
> +"path": "/machine/peripheral/vnet0/virtio-backend" },
> +  "timestamp": { "seconds": 1368697518, "microseconds": 326866 } }
> +}
> +
>  RESET
>  -
>  
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index 1ea9556..ae1eab6 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -21,6 +21,8 @@
>  #include "hw/virtio/virtio-net.h"
>  #include "net/vhost_net.h"
>  #include "hw/virtio/virtio-bus.h"
> +#include "qapi/qmp/qjson.h"
> +#include "monitor/monitor.h"
>  
>  #define VIRTIO_NET_VM_VERSION11
>  
> @@ -192,6 +194,104 @@ static void virtio_net_set_link_status(NetClientState 
> *nc)
>  virtio_net_set_status(vdev, vdev->status);
>  }
>  
> +static void rxfilter_notify(NetClientState *nc)
> +{
> +QObject *event_data;
> +VirtIONet *n = qemu_get_nic_opaque(nc);
> +
> +if (nc->rxfilter_notify_enabled) {
> +event_data = qobject_from_jsonf("{ 'name': %s, 'path': %s }",
> +   n->netclient_name,
> +   object_get_canonical_path(OBJECT(n->qdev)));
> +monitor_protocol_event(QEVENT_NIC_RX_FILTER_CHANGED, event_data);
> +qobject_decref(event_data);
> +/* disable event notification to avoid events flooding */
> +nc->rxfilter_notify_enabled = 0;
> +}
> +}
> +
> +st

Re: [Qemu-devel] [PATCH 2/2] sheepdog: support 'qemu-img snapshot -a'

[Liu Yuan]

On 06/07/2013 03:31 PM, Kevin Wolf wrote:
> Am 06.06.2013 um 15:09 hat Liu Yuan geschrieben:
>> On 06/06/2013 08:46 PM, Kevin Wolf wrote:
>>> Am 06.06.2013 um 13:57 hat Liu Yuan geschrieben:
 Just call sd_create_branch() to rollback the image is good enough

 Cc: qemu-devel@nongnu.org
 Cc: MORITA Kazutaka 
 Cc: Kevin Wolf 
 Cc: Stefan Hajnoczi 
 Signed-off-by: Liu Yuan 
 ---
  block/sheepdog.c |8 +---
  1 file changed, 5 insertions(+), 3 deletions(-)

 diff --git a/block/sheepdog.c b/block/sheepdog.c
 index 94218ac..cb5ca4a 100644
 --- a/block/sheepdog.c
 +++ b/block/sheepdog.c
 @@ -2072,9 +2072,11 @@ static int sd_snapshot_goto(BlockDriverState *bs, 
 const char *snapshot_id)
  }
  
  if (!s->inode.vm_state_size) {
 -error_report("Invalid snapshot");
 -ret = -ENOENT;
 -goto out;
 +/* qemu-img asks us to rollback, we need to do it right now */
 +ret = sd_create_branch(s);
 +if (ret) {
 +goto out;
 +}
  }
>>>
>>> I'm not sure how snapshots work internally for Sheepdog, but it seems
>>> odd to me that you need to do this only for disk-only snapshots, but not
>>> when the snapshot has VM state. (Also, note that 'qemu-img snapshot -a'
>>> works on images with a VM state, so the comment doesn't seem to be
>>> completely accurate)
>>>
>>> Would you mind explaining to me how this works in detail?
>>>
>>
>> Hmm, the original code isn't written by me and this snapshot mechanism
>> exists since day 0. I just hacks it to work now. So I'll try to explain
>> on my understanding.
>>
>> When we do a snapshot such as 'savedvm' or 'qemu-img snapshot', the
>> active vdi is snapshotted and marked as snapshot and a new vdi is
>> created as copy-on-write on the previous active vdi, then this new vdi
>> becomes active vdi. For e.g,
>>
>> As1 --> As2 --> A
>>
>> We take snapshot of vdi A twice, tagged s1 and s2 respectively. I guess
>> this is quit similar to qcow2 snapshots, only inode object with a bitmap
>> is created.
>>
>> So when we 'loadvm' or 'qemu-img snapshot -a' to A, current logic just
>> handle 'loadvm', that .bdrv_snapshot_goto only reloads inode object,
>> that is, for e.g, we 'savevm s1', and mark it as snapshot, the chain
>> would like
>>
>> As1 --> As2 --> A
>>  |
>>  v
>>  just reload As1's inode object
>>
>> Only when the write comes from VM, we do the following stuff
>>  - delete active vdi A
>>  - created a new inode based on the previously reloaded As1's inode
> 
> Thanks, this is the part that I missed.
> 
> I'm not sure however why the actual switch is delayed until the first
> write. This seems inconsistent with qcow2 snapshots.
> 
> Do you know if there is a reason why we can't always do this already
> during bdrv_snapshot_goto()?
> 

I think the reason is sd_load_vmstate() need to load vm state objects
with the correct inode object.

I tried to remove

  if (!s->inode.vm_state_size)

and make sd_create_branch unconditional. This means 'loadvm' command
will try to call sd_create_branch() inside sd_snapshot_goto(). But
failed with reading the wrong snapshot because the vdi's inode object is
changed by sd_create_branch().

>> The chain will look like:
>>
>> As1 --> As2
>>  |
>>  V
>>  A
>>
>> This is how sheepdog handles savevm/loadvm.
>>
>> So for 'qemu-img snapshot -a', we should create the branch in the
>> .bdrv_snapshot_goto.
>>
>> As you pointed out, we need to consider vm state even for 'snapshot -a',
>> so I need to rework the patch 2/2.
> 
> Yes, the presence of VM state is independent from whether you're using
> qemu-img or loadvm. And it actually goes both ways: qemu-img can revert
> to snapshots that have a VM state, and loadvm can be used with images
> that don't have a VM state (if you have multiple images, only one of
> them has the VM state).
> 

Seems not true of current code. If I 'loadvm' a snapshot without a
vmstate, I'll get 'qemu-system-x86_64: This is a disk-only snapshot.
Revert to it offline using qemu-img'.

But 'qemu-img snapshot -a' works as you said, it can rollback to the
snapshot regardless of vmstate.

Also this is a difference to store vmstate for sheepdog images. *Every*
snapshot image can have its own vmstate stored in sheepdog cluster. That
is, we can have multiple snapshot with its own private vmstate for sheepdog.

I think my patch did the correct thing, just rollback the disk state of
the snapshot for 'qemu-img snapshot -a'. Anyway, I found a minor issue
of 2/2 patch, so I'll resend the set.

Thanks,
Yuan

Re: [Qemu-devel] [PATCH v4] qemu-char: don't issue CHR_EVENT_OPEN in a BH

[Luiz Capitulino]

On Tue,  4 Jun 2013 16:35:09 -0500
Michael Roth  wrote:

> When CHR_EVENT_OPENED was initially added, it was CHR_EVENT_RESET,
> and it was issued as a bottom-half:
> 
> 86e94dea5b740dad65446c857f6959eae43e0ba6
> 
> Which we basically used to print out a greeting/prompt for the
> monitor.
> 
> AFAICT the only reason this was ever done in a BH was because in
> some cases we'd modify the chr_write handler for a new chardev
> backend *after* the site where we issued the reset (see:
> 86e94d:qemu_chr_open_stdio())
> 
> At some point this event was renamed to CHR_EVENT_OPENED, and we've
> maintained the use of this BH ever since.
> 
> However, due to 9f939df955a4152aad69a19a77e0898631bb2c18, we schedule
> the BH via g_idle_add(), which is causing events to sometimes be
> delivered after we've already begun processing data from backends,
> leading to:
> 
>  known bugs:
> 
>   QMP:
> session negotation resets with OPENED event, in some cases this
> is causing new sessions to get sporadically reset
> 
>  potential bugs:
> 
>   hw/usb/redirect.c:
> can_read handler checks for dev->parser != NULL, which may be
> true if CLOSED BH has not been executed yet. In the past, OPENED
> quiesced outstanding CLOSED events prior to us reading client
> data. If it's delayed, our check may allow reads to occur even
> though we haven't processed the OPENED event yet, and when we
> do finally get the OPENED event, our state may get reset.
> 
>   qtest.c:
> can begin session before OPENED event is processed, leading to
> a spurious reset of the system and irq_levels
> 
>   gdbstub.c:
> may start a gdb session prior to the machine being paused
> 
> To fix these, let's just drop the BH.
> 
> Since the initial reasoning for using it still applies to an extent,
> work around that by deferring the delivery of CHR_EVENT_OPENED until
> after the chardevs have been fully initialized, toward the end of
> qmp_chardev_add() (or some cases, qemu_chr_new_from_opts()). This
> defers delivery long enough that we can be assured a CharDriverState
> is fully initialized before CHR_EVENT_OPENED is sent.
> 
> Also, rather than requiring each chardev to do an explicit open, do it
> automatically, and allow the small few who don't desire such behavior to
> suppress the OPENED-on-init behavior by setting a 'explicit_be_open'
> flag.
> 
> We additionally add missing OPENED events for stdio backends on w32,
> which were previously not being issued, causing us to not recieve the
> banner and initial prompts for qmp/hmp.
> 
> Reported-by: Stefan Priebe 
> Cc: qemu-sta...@nongnu.org
> Signed-off-by: Michael Roth 

I don't know if the QMP queue is the ideal queue for this patch, but
I'd happily apply it if I get at least one Reviewed-by from the CC'ed
people.


> ---
> v3->v4:
>  * renamed 'suppress_be_open_on_init' to 'explicit_be_open' to match
>existing 'explicit_fe_open' flag (Hans)
>  * added missing 'explicit_be_open' flags for spice vmc/port and
>msmouse backends
> 
> v2->v3:
>  * removed artifact in from v1 in backends/baum.c, test build with
>BRLAPI=y (Anthony)
>  * rebased on latest origin/master
> 
> v1->v2:
>  * default to sending OPENED on backend init, add flag to suppress
>it (Anthony)
>  * fix missing OPENED for stdio backends on w32
>  * fix missing OPENED when qemu_chr_new_from_opts() doesn't use
>qmp_chardev_add()
>  * clean up/update commit message
> 
>  backends/baum.c   |2 --
>  backends/msmouse.c|1 +
>  include/sysemu/char.h |2 +-
>  qemu-char.c   |   38 +-
>  spice-qemu-char.c |1 +
>  ui/console.c  |1 -
>  ui/gtk.c  |1 -
>  7 files changed, 20 insertions(+), 26 deletions(-)
> 
> diff --git a/backends/baum.c b/backends/baum.c
> index 4cba79f..62aa784 100644
> --- a/backends/baum.c
> +++ b/backends/baum.c
> @@ -611,8 +611,6 @@ CharDriverState *chr_baum_init(void)
>  
>  qemu_set_fd_handler(baum->brlapi_fd, baum_chr_read, NULL, baum);
>  
> -qemu_chr_be_generic_open(chr);
> -
>  return chr;
>  
>  fail:
> diff --git a/backends/msmouse.c b/backends/msmouse.c
> index 0ac05a0..c0dbfcd 100644
> --- a/backends/msmouse.c
> +++ b/backends/msmouse.c
> @@ -70,6 +70,7 @@ CharDriverState *qemu_chr_open_msmouse(void)
>  chr = g_malloc0(sizeof(CharDriverState));
>  chr->chr_write = msmouse_chr_write;
>  chr->chr_close = msmouse_chr_close;
> +chr->explicit_be_open = true;
>  
>  qemu_add_mouse_event_handler(msmouse_event, chr, 0, "QEMU Microsoft 
> Mouse");
>  
> diff --git a/include/sysemu/char.h b/include/sysemu/char.h
> index 5e42c90..066c216 100644
> --- a/include/sysemu/char.h
> +++ b/include/sysemu/char.h
> @@ -70,12 +70,12 @@ struct CharDriverState {
>  void (*chr_set_echo)(struct CharDriverState *chr, bool echo);
>  void (*chr_set_fe_open)(struct CharDriverState *chr, int fe_open);
>  void *opaque;
> -int idle_tag;
>  char *label;
>  

[Qemu-devel] [PULL 0/2] Net patches

[Stefan Hajnoczi]

The following changes since commit 8819c10b5d55d537d59a0ffd5d623f348fc36c47:

  Merge remote-tracking branch 'sstabellini/xen_fixes_20130603' into staging 
(2013-06-04 14:58:58 -0500)

are available in the git repository at:


  git://github.com/stefanha/qemu.git net

for you to fetch changes up to c87826a878be05208c3906eb9d5e1f37cff5e98e:

  tap: fix NULL dereference when passing invalid parameters to tap (2013-06-07 
15:48:11 +0200)


Jason Wang (1):
  tap: fix NULL dereference when passing invalid parameters to tap

Stefan Hajnoczi (1):
  vmxnet3: fix NICState cleanup

 hw/net/vmxnet3.c |  2 +-
 net/tap.c| 18 --
 2 files changed, 13 insertions(+), 7 deletions(-)

-- 
1.8.1.4