Re: [Qemu-devel] [PATCH] remove call to type_initialize in object_new_with_type

[Hu Tao]

On Thu, Jun 13, 2013 at 06:51:49PM +0800, Hu Tao wrote:
> Since it's called in object_initialize_with_type later.
> 
> Signed-off-by: Hu Tao 
> ---
>  qom/object.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/qom/object.c b/qom/object.c
> index 803b94b..38dc45e 100644
> --- a/qom/object.c
> +++ b/qom/object.c
> @@ -406,9 +406,6 @@ Object *object_new_with_type(Type type)
>  {
>  Object *obj;
>  
> -g_assert(type != NULL);
> -type_initialize(type);
> -
>  obj = g_malloc(type->instance_size);

Well, type->instance_size has to be initialized before this.

>  object_initialize_with_type(obj, type);
>  obj->free = g_free;
> -- 
> 1.8.2.3
> 

[Qemu-devel] hw/ssi/xilinx_spips.c:52:1: warning: "CS" redefined

[Michael Tokarev]

This warning is produced when compiling qemu on solaris
(openindiana).

 /usr/include/sys/regset.h:98:1: warning: this is the location
of the previous definition

 (I don't know how regset.h is included)

The code reads:

...
#define MANUAL_CS   (1 << 14)
#define CS  (0xF << 10)
#define CS_SHIFT(10)
...


And other than the #define, this constant is never used.
There are a few usages of CS_SHIFT (shouldn't it be used
when defining CS too?) and MANUAL_CS.  A few other
constants defined in there, like, for example, IFMODE,
are not used too.

Can we get rid of this so-likely-to-clash-with-something
definition?

Thanks,

/mjt

[Qemu-devel] [PATCH v2] piix: fix some printf errors when debug is enabled

[Hu Tao]

And use PRIxxx macros if possible.

Signed-off-by: Hu Tao 
---
 cputlb.c|  4 ++--
 hw/acpi/piix4.c | 12 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index 8c8..1230e9e 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -262,8 +262,8 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
 
 #if defined(DEBUG_TLB)
 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
-   " prot=%x idx=%d pd=0x%08lx\n",
-   vaddr, paddr, prot, mmu_idx, pd);
+   " prot=%x idx=%d\n",
+   vaddr, paddr, prot, mmu_idx);
 #endif
 
 address = vaddr;
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index e6525ac..756df3b 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -518,7 +518,7 @@ static uint64_t gpe_readb(void *opaque, hwaddr addr, 
unsigned width)
 PIIX4PMState *s = opaque;
 uint32_t val = acpi_gpe_ioport_readb(&s->ar, addr);
 
-PIIX4_DPRINTF("gpe read %x == %x\n", addr, val);
+PIIX4_DPRINTF("gpe read %" HWADDR_PRIx " == %" PRIu32 "\n", addr, val);
 return val;
 }
 
@@ -530,7 +530,7 @@ static void gpe_writeb(void *opaque, hwaddr addr, uint64_t 
val,
 acpi_gpe_ioport_writeb(&s->ar, addr, val);
 pm_update_sci(s);
 
-PIIX4_DPRINTF("gpe write %x <== %d\n", addr, val);
+PIIX4_DPRINTF("gpe write %" HWADDR_PRIx " <== %" PRIu64 "\n", addr, val);
 }
 
 static const MemoryRegionOps piix4_gpe_ops = {
@@ -553,15 +553,15 @@ static uint64_t pci_read(void *opaque, hwaddr addr, 
unsigned int size)
 /* Manufacture an "up" value to cause a device check on any hotplug
  * slot with a device.  Extra device checks are harmless. */
 val = s->pci0_slot_device_present & s->pci0_hotplug_enable;
-PIIX4_DPRINTF("pci_up_read %x\n", val);
+PIIX4_DPRINTF("pci_up_read %" PRIu32 "\n", val);
 break;
 case PCI_DOWN_BASE - PCI_HOTPLUG_ADDR:
 val = s->pci0_status.down;
-PIIX4_DPRINTF("pci_down_read %x\n", val);
+PIIX4_DPRINTF("pci_down_read %" PRIu32 "\n", val);
 break;
 case PCI_EJ_BASE - PCI_HOTPLUG_ADDR:
 /* No feature defined yet */
-PIIX4_DPRINTF("pci_features_read %x\n", val);
+PIIX4_DPRINTF("pci_features_read %" PRIu32 "\n", val);
 break;
 case PCI_RMV_BASE - PCI_HOTPLUG_ADDR:
 val = s->pci0_hotplug_enable;
@@ -579,7 +579,7 @@ static void pci_write(void *opaque, hwaddr addr, uint64_t 
data,
 switch (addr) {
 case PCI_EJ_BASE - PCI_HOTPLUG_ADDR:
 acpi_piix_eject_slot(opaque, (uint32_t)data);
-PIIX4_DPRINTF("pciej write %" HWADDR_PRIx " <== % " PRIu64 "\n",
+PIIX4_DPRINTF("pciej write %" HWADDR_PRIx " <== %" PRIu64 "\n",
   addr, data);
 break;
 default:
-- 
1.8.2.3

Re: [Qemu-devel] [Qemu-trivial] [PATCH v2] piix: fix some printf errors when debug is enabled

[Michael Tokarev]

14.06.2013 11:11, Hu Tao wrote:
> And use PRIxxx macros if possible.
> 
> Signed-off-by: Hu Tao 
> ---
>  cputlb.c|  4 ++--
>  hw/acpi/piix4.c | 12 ++--
>  2 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/cputlb.c b/cputlb.c
> index 8c8..1230e9e 100644
> --- a/cputlb.c
> +++ b/cputlb.c
> @@ -262,8 +262,8 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
>  
>  #if defined(DEBUG_TLB)
>  printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
> -   " prot=%x idx=%d pd=0x%08lx\n",
> -   vaddr, paddr, prot, mmu_idx, pd);
> +   " prot=%x idx=%d\n",
> +   vaddr, paddr, prot, mmu_idx);
>  #endif

This one hunk has already been posted by Hervé Poussineau in this message:

From: Hervé Poussineau 
Date: Wed,  5 Jun 2013 20:16:42 +0800
Message-Id: <1370434603-5394-1-git-send-email-hpous...@reactos.org>
Subject: [Qemu-trivial] [PATCH] cputlb: fix debug logs

I questioned it because the `pd' thing hasn't been really removed
but moved into a different structure instead, and we should either
ask subsystem maintainers to fix it or remove the whole thing.
This is debugging stuff, which is needed by someone who actually
understands the subsystem and understands the debugging output
too.  If the debugging isn't needed (and since it does not compile
for quite some time, it obviously isn't used), let's get rid of
whole thing instead.

Unfortunately no one replied to that my email so far.  Adding Cc
BlueSwirl again, in a hope...

Thanks,

/mjt

[Qemu-devel] [PATCH 1/6] mips_malta: fix BIOS endianness swapping

[Leon Alrae]

From: Paul Burton 

If the target is little endian (mipsel) then the BIOS image endianness
is swapped so that the big endian BIOS binaries commonly produced can be
loaded correctly.

When using the -bios argument the BIOS is loaded using
load_image_targphys, however this doesn't perform the load to target
memory immediately. Instead it loads the BIOS file into a struct Rom
which will later be written to target memory upon reset. However the
endianness conversion was being performed before this, on init, and
operating on the target memory which at this point is blank & will later
be overwritten by the (big endian) BIOS image. Correct this by operating
on the data referenced by struct Rom rather than the target memory when
the -bios argument is used.

Signed-off-by: Paul Burton 
Signed-off-by: Leon Alrae 
---
 hw/mips/mips_malta.c |7 +--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 5033d51..4def898 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -916,8 +916,11 @@ void mips_malta_init(QEMUMachineInitArgs *args)
a neat trick which allows bi-endian firmware. */
 #ifndef TARGET_WORDS_BIGENDIAN
 {
-uint32_t *addr = memory_region_get_ram_ptr(bios);
-uint32_t *end = addr + bios_size;
+uint32_t *end, *addr = rom_ptr(FLASH_ADDRESS);
+if (!addr) {
+addr = memory_region_get_ram_ptr(bios);
+}
+end = (void *)addr + bios_size;
 while (addr < end) {
 bswap32s(addr);
 addr++;
-- 
1.7.5.4

[Qemu-devel] [PATCH 0/6] mips_malta: fixes to support YAMON firmware

[Leon Alrae]

From: Paul Burton 

This patchset fixes some bugs with MIPS malta emulation allowing the YAMON
firmware to run.

YAMON can be found at http://www.mips.com/products/system-software/yamon/

You can then boot to a YAMON prompt by passing the path to yamon-XX.bin to
the -bios argument or by writing yamon-XX.bin to the start of a flash image
passed to the -pflash argument. The YAMON 2.21 release & newer have been tested
to work.

There is still a bug preventing YAMON from initialising the ethernet controller
so an application or kernel cannot be loaded via TFTP. However the serial
console functions and can examine or modify memory, modify the flash and
environment variables, access disks etc.

As of YAMON 2.22 a YAMON bug prevents the environment from being initialized
correctly by an "erase -e" command if you begin with a zeroed flash image. As
a workaround you can fill empty areas of your flash image with 1s be generating
your flash image like so:

  dd if=/dev/zero bs=1M count=4 | tr '\0' '\377' >flash.bin
  dd if=yamon-02.22.bin of=flash.bin conv=notrunc

Paul Burton (6):
  mips_malta: fix BIOS endianness swapping
  mips_malta: correct reading MIPS revision at 0x1fc00010
  mips_malta: generate SPD EEPROM data at runtime
  mips_malta: cap BIOS endian swap length at 0x3e bytes
  mips_malta: generate SMBUS EEPROM data
  pflash_cfi01: duplicate status byte from bits 23:16 for 32bit reads

 hw/block/pflash_cfi01.c |3 +
 hw/mips/mips_malta.c|  219 +++
 2 files changed, 166 insertions(+), 56 deletions(-)

-- 
1.7.5.4

[Qemu-devel] [PATCH 6/6] pflash_cfi01: duplicate status byte from bits 23:16 for 32bit reads

[Leon Alrae]

From: Paul Burton 

The firmware commonly used with MIPS Malta boards (YAMON) reads the
status of the pflash with a 32bit memory access. On real hardware
this results in the status byte being mirrored in the upper 16 bits
of the read value. For example if the status byte is represented by
SS then the hardware reads 0x00SS00SS. The YAMON firmware compares the
status against 32bit values expecting the mirrored value and fails
without it.

Signed-off-by: Paul Burton 
Signed-off-by: Leon Alrae 
---
 hw/block/pflash_cfi01.c |3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index 63d7c99..047ee65 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -186,6 +186,9 @@ static uint32_t pflash_read (pflash_t *pfl, hwaddr offset,
 case 0xe8: /* Write block */
 /* Status register read */
 ret = pfl->status;
+if (width > 2) {
+ret |= pfl->status << 16;
+}
 DPRINTF("%s: status %x\n", __func__, ret);
 break;
 case 0x90:
-- 
1.7.5.4

[Qemu-devel] [PATCH 3/6] mips_malta: generate SPD EEPROM data at runtime

[Leon Alrae]

From: Paul Burton 

The SPD EEPROM specifies the amount of memory present in the system and
thus its correct contents can only be known at runtime. Calculating
parts of the data on init allows the data to accurately reflect the
amount of target memory present and allow YAMON to boot with an
arbitrary amount of SDRAM.

Where possible the SPD data will favor indicating 2 banks of SDRAM
rather than 1. For example the default 128MB of target memory will be
represented as 2x64MB banks rather than 1x128MB bank. This allows
versions of MIPS BIOS code (such as YAMON 2.22 and older) to boot
despite a bug preventing them from handling a single bank of SDRAM with
the Galileo GT64120 system controller emulated by QEMU.

Signed-off-by: Paul Burton 
Signed-off-by: Leon Alrae 
---
 hw/mips/mips_malta.c |   60 +++--
 1 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 9117ae4..116a2f8 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -47,6 +47,7 @@
 #include "sysemu/blockdev.h"
 #include "exec/address-spaces.h"
 #include "hw/sysbus.h" /* SysBusDevice */
+#include "qemu/host-utils.h"
 
 //#define DEBUG_BOARD_INIT
 
@@ -146,10 +147,10 @@ typedef struct _eeprom24c0x_t eeprom24c0x_t;
 
 static eeprom24c0x_t eeprom = {
 .contents = {
-/* : */ 0x80,0x08,0x04,0x0D,0x0A,0x01,0x40,0x00,
+/* : */ 0x80,0x08,0xff,0x0D,0x0A,0xff,0x40,0x00,
 /* 0008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
-/* 0010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x0E,0x00,
-/* 0018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0x40,
+/* 0010: */ 0x8F,0x04,0x02,0x01,0x01,0x00,0x00,0x00,
+/* 0018: */ 0x00,0x00,0x00,0x14,0x0F,0x14,0x2D,0xff,
 /* 0020: */ 0x15,0x08,0x15,0x08,0x00,0x00,0x00,0x00,
 /* 0028: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
 /* 0030: */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
@@ -165,6 +166,56 @@ static eeprom24c0x_t eeprom = {
 },
 };
 
+static void eeprom_generate(eeprom24c0x_t *eeprom, ram_addr_t ram_size)
+{
+enum { SDR = 0x4, DDR2 = 0x8 } type;
+uint8_t *spd = eeprom->contents;
+uint8_t nbanks = 0;
+uint16_t density = 0;
+int i;
+
+/* work in terms of MB */
+ram_size >>= 20;
+
+while ((ram_size >= 4) && (nbanks <= 2)) {
+int sz_log2 = MIN(31 - clz32(ram_size), 14);
+nbanks++;
+density |= 1 << (sz_log2 - 2);
+ram_size -= 1 << sz_log2;
+}
+
+/* split to 2 banks if possible */
+if ((nbanks == 1) && (density > 1)) {
+nbanks++;
+density >>= 1;
+}
+
+if (density & 0xff00) {
+density = (density & 0xe0) | ((density >> 8) & 0x1f);
+type = DDR2;
+} else if (!(density & 0x1f)) {
+type = DDR2;
+} else {
+type = SDR;
+}
+
+if (ram_size) {
+fprintf(stderr, "Warning: SPD cannot represent final %dMB"
+" of SDRAM\n", (int)ram_size);
+}
+
+/* fill in SPD memory information */
+spd[2] = type;
+spd[5] = nbanks;
+spd[31] = density;
+
+/* checksum */
+spd[63] = 0;
+for (i = 0; i < 63; i++) {
+spd[63] += spd[i];
+}
+}
+
 static uint8_t eeprom24c0x_read(void)
 {
 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
@@ -857,6 +908,9 @@ void mips_malta_init(QEMUMachineInitArgs *args)
 vmstate_register_ram_global(ram);
 memory_region_add_subregion(system_memory, 0, ram);
 
+/* generate SPD EEPROM data */
+eeprom_generate(&eeprom, ram_size);
+
 #ifdef TARGET_WORDS_BIGENDIAN
 be = 1;
 #else
-- 
1.7.5.4

[Qemu-devel] [PATCH 2/6] mips_malta: correct reading MIPS revision at 0x1fc00010

[Leon Alrae]

From: Paul Burton 

Rather than modifying the BIOS code at its original location, copy it
for the 0x1fc0 region & modify the copy. This means the original
ROM code is correctly readable at 0x1e10 whilst the MIPS revision
is readable at 0x1fc00010.

Additionally the code previously operated on target memory which would
later be overwritten by the BIOS image upon CPU reset if the -bios
argument was used to specify the BIOS image. This led to the written
MIPS revision being lost. Copying using rom_copy when -bios is used
fixes this issue.

Signed-off-by: Paul Burton 
Signed-off-by: Leon Alrae 
---
 hw/mips/mips_malta.c |   25 +
 1 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 4def898..9117ae4 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -789,7 +789,7 @@ void mips_malta_init(QEMUMachineInitArgs *args)
 pflash_t *fl;
 MemoryRegion *system_memory = get_system_memory();
 MemoryRegion *ram = g_new(MemoryRegion, 1);
-MemoryRegion *bios, *bios_alias = g_new(MemoryRegion, 1);
+MemoryRegion *bios, *bios_copy = g_new(MemoryRegion, 1);
 target_long bios_size = FLASH_SIZE;
 int64_t kernel_entry;
 PCIBus *pci_bus;
@@ -929,14 +929,23 @@ void mips_malta_init(QEMUMachineInitArgs *args)
 #endif
 }
 
-/* Map the BIOS at a 2nd physical location, as on the real board. */
-memory_region_init_alias(bios_alias, "bios.1fc", bios, 0, BIOS_SIZE);
-memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_alias);
+/*
+ * Map the BIOS at a 2nd physical location, as on the real board.
+ * Copy it so that we can patch in the MIPS revision, which cannot be
+ * handled by an overlapping region as the resulting ROM code subpage
+ * regions are not executable.
+ */
+memory_region_init_ram(bios_copy, "bios.1fc", BIOS_SIZE);
+if (!rom_copy(memory_region_get_ram_ptr(bios_copy),
+  FLASH_ADDRESS, bios_size)) {
+memcpy(memory_region_get_ram_ptr(bios_copy),
+   memory_region_get_ram_ptr(bios), bios_size);
+}
+memory_region_set_readonly(bios_copy, true);
+memory_region_add_subregion(system_memory, RESET_ADDRESS, bios_copy);
 
-/* Board ID = 0x420 (Malta Board with CoreLV)
-   XXX: theoretically 0x1e10 should map to flash and 0x1fc00010 should
-   map to the board ID. */
-stl_p(memory_region_get_ram_ptr(bios) + 0x10, 0x0420);
+/* Board ID = 0x420 (Malta Board with CoreLV) */
+stl_p(memory_region_get_ram_ptr(bios_copy) + 0x10, 0x0420);
 
 /* Init internal devices */
 cpu_mips_irq_init_cpu(env);
-- 
1.7.5.4

[Qemu-devel] [PATCH 4/6] mips_malta: cap BIOS endian swap length at 0x3e0000 bytes

[Leon Alrae]

From: Paul Burton 

This preserves the final sector of the pflash which is used by YAMON to
hold environment variables. If the endianness of the environment data
is swapped then YAMON will fail to load environment variables from
pflash.

Signed-off-by: Paul Burton 
Signed-off-by: Leon Alrae 
---
 hw/mips/mips_malta.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 116a2f8..6d43e86 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -974,7 +974,7 @@ void mips_malta_init(QEMUMachineInitArgs *args)
 if (!addr) {
 addr = memory_region_get_ram_ptr(bios);
 }
-end = (void *)addr + bios_size;
+end = (void *)addr + MIN(bios_size, 0x3e);
 while (addr < end) {
 bswap32s(addr);
 addr++;
-- 
1.7.5.4

[Qemu-devel] [PATCH 5/6] mips_malta: generate SMBUS EEPROM data

[Leon Alrae]

From: Paul Burton 

The malta contains 2 EEPROMs, one containing SPD data for the SDRAM and
another containing board information such as serial number and MAC
address. These are both exposed via the PIIX4 SMBUS. Generating this
data and providing it to smbus_eeprom_init will allow YAMON to read a
serial number for the board and prevent it from warning that the EEPROM
data is invalid.

We already have the contents of the SPD EEPROM which are exposed via
FPGA I2C accesses, this is provided as part of the SMBUS EEPROM data
too for consistency.

Signed-off-by: Paul Burton 
Signed-off-by: Leon Alrae 
---
 hw/mips/mips_malta.c |  133 -
 1 files changed, 87 insertions(+), 46 deletions(-)

diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 6d43e86..467c38e 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -145,7 +145,7 @@ struct _eeprom24c0x_t {
 
 typedef struct _eeprom24c0x_t eeprom24c0x_t;
 
-static eeprom24c0x_t eeprom = {
+static eeprom24c0x_t spd_eeprom = {
 .contents = {
 /* : */ 0x80,0x08,0xff,0x0D,0x0A,0xff,0x40,0x00,
 /* 0008: */ 0x01,0x75,0x54,0x00,0x82,0x08,0x00,0x01,
@@ -166,10 +166,10 @@ static eeprom24c0x_t eeprom = {
 },
 };
 
-static void eeprom_generate(eeprom24c0x_t *eeprom, ram_addr_t ram_size)
+static void generate_eeprom_spd(uint8_t *eeprom, ram_addr_t ram_size)
 {
 enum { SDR = 0x4, DDR2 = 0x8 } type;
-uint8_t *spd = eeprom->contents;
+uint8_t *spd = spd_eeprom.contents;
 uint8_t nbanks = 0;
 uint16_t density = 0;
 int i;
@@ -214,71 +214,109 @@ static void eeprom_generate(eeprom24c0x_t *eeprom, 
ram_addr_t ram_size)
 for (i = 0; i < 63; i++) {
 spd[63] += spd[i];
 }
+
+/* copy for SMBUS */
+memcpy(eeprom, spd, sizeof(spd_eeprom.contents));
+}
+
+static void generate_eeprom_serial(uint8_t *eeprom)
+{
+int i, pos = 0;
+uint8_t mac[6] = { 0x00 };
+uint8_t sn[5] = { 0x01, 0x23, 0x45, 0x67, 0x89 };
+
+/* version */
+eeprom[pos++] = 0x01;
+
+/* count */
+eeprom[pos++] = 0x02;
+
+/* MAC address */
+eeprom[pos++] = 0x01; /* MAC */
+eeprom[pos++] = 0x06; /* length */
+memcpy(&eeprom[pos], mac, sizeof(mac));
+pos += sizeof(mac);
+
+/* serial number */
+eeprom[pos++] = 0x02; /* serial */
+eeprom[pos++] = 0x05; /* length */
+memcpy(&eeprom[pos], sn, sizeof(sn));
+pos += sizeof(sn);
+
+/* checksum */
+eeprom[pos] = 0;
+for (i = 0; i < pos; i++) {
+eeprom[pos] += eeprom[i];
+}
 }
 
-static uint8_t eeprom24c0x_read(void)
+static uint8_t eeprom24c0x_read(eeprom24c0x_t *eeprom)
 {
 logout("%u: scl = %u, sda = %u, data = 0x%02x\n",
-eeprom.tick, eeprom.scl, eeprom.sda, eeprom.data);
-return eeprom.sda;
+eeprom->tick, eeprom->scl, eeprom->sda, eeprom->data);
+return eeprom->sda;
 }
 
-static void eeprom24c0x_write(int scl, int sda)
+static void eeprom24c0x_write(eeprom24c0x_t *eeprom, int scl, int sda)
 {
-if (eeprom.scl && scl && (eeprom.sda != sda)) {
+if (eeprom->scl && scl && (eeprom->sda != sda)) {
 logout("%u: scl = %u->%u, sda = %u->%u i2c %s\n",
-eeprom.tick, eeprom.scl, scl, eeprom.sda, sda, sda ? "stop" : 
"start");
+eeprom->tick, eeprom->scl, scl, eeprom->sda, sda,
+sda ? "stop" : "start");
 if (!sda) {
-eeprom.tick = 1;
-eeprom.command = 0;
+eeprom->tick = 1;
+eeprom->command = 0;
 }
-} else if (eeprom.tick == 0 && !eeprom.ack) {
+} else if (eeprom->tick == 0 && !eeprom->ack) {
 /* Waiting for start. */
 logout("%u: scl = %u->%u, sda = %u->%u wait for i2c start\n",
-eeprom.tick, eeprom.scl, scl, eeprom.sda, sda);
-} else if (!eeprom.scl && scl) {
+eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
+} else if (!eeprom->scl && scl) {
 logout("%u: scl = %u->%u, sda = %u->%u trigger bit\n",
-eeprom.tick, eeprom.scl, scl, eeprom.sda, sda);
-if (eeprom.ack) {
+eeprom->tick, eeprom->scl, scl, eeprom->sda, sda);
+if (eeprom->ack) {
 logout("\ti2c ack bit = 0\n");
 sda = 0;
-eeprom.ack = 0;
-} else if (eeprom.sda == sda) {
+eeprom->ack = 0;
+} else if (eeprom->sda == sda) {
 uint8_t bit = (sda != 0);
 logout("\ti2c bit = %d\n", bit);
-if (eeprom.tick < 9) {
-eeprom.command <<= 1;
-eeprom.command += bit;
-eeprom.tick++;
-if (eeprom.tick == 9) {
-logout("\tcommand 0x%04x, %s\n", eeprom.command, bit ? 
"read" : "write");
-eeprom.ack = 1;
+if (eeprom->tick < 9) {
+eeprom->command <<= 1;
+eeprom->command += bit;
+eeprom->tick++;
+   

[Qemu-devel] [PATCH v6] net: add support of mac-programming over macvtap in QEMU side

[Amos Kong]

Currently macvtap based macvlan device is working in promiscuous
mode, we want to implement mac-programming over macvtap through
Libvirt for better performance.

Design:
 QEMU notifies Libvirt when rx-filter config is changed in guest,
 then Libvirt query the rx-filter information by a monitor command,
 and sync the change to macvtap device. Related rx-filter config
 of the nic contains main mac, rx-mode items and vlan table.

This patch adds a QMP event to notify management of rx-filter change,
and adds a monitor command for management to query rx-filter
information.

Test:
 If we repeatedly add/remove vlan, and change macaddr of vlan
 interfaces in guest by a loop script.

Result:
 The events will flood the QMP client(management), management takes
 too much resource to process the events.

 Event_throttle API (set rate to 1 ms) can avoid the events to flood
 QMP client, but it could cause an unexpected delay (~1ms), guests
 guests normally expect rx-filter updates immediately.

 So we use a flag for each nic to avoid events flooding, the event
 is emitted once until the query command is executed. The flag
 implementation could not introduce unexpected delay.

There maybe exist an uncontrollable delay if we let Libvirt do the
real change, guests normally expect rx-filter updates immediately.
But it's another separate issue, we can investigate it when the
work in Libvirt side is done.

Signed-off-by: Amos Kong 
---
v2: add argument to filter mac-table info of single nic (Stefan)
update the document, add event notification
v3: rename to rx-filter, add main mac, avoid events flooding (MST)
fix error process (Stefan), fix qmp interface (Eric)
v4: process qerror in hmp, cleanup (Luiz)
set flag for each device, add device path in event, add
helper for g_strdup_printf (MST)
fix qmp document (Eric)
v5: add path in doc, define notify flag to unsigned (Eric)
add vlan table (Jason), drop monitor cmd
v6: return vids list, add test results/analysis to commitlog
---
 QMP/qmp-events.txt|  17 
 hw/net/virtio-net.c   | 108 ++
 include/monitor/monitor.h |   1 +
 include/net/net.h |   3 ++
 monitor.c |   1 +
 net/net.c |  47 
 qapi-schema.json  |  75 
 qmp-commands.hx   |  63 +++
 8 files changed, 315 insertions(+)

diff --git a/QMP/qmp-events.txt b/QMP/qmp-events.txt
index 24e804e9..39b6016 100644
--- a/QMP/qmp-events.txt
+++ b/QMP/qmp-events.txt
@@ -172,6 +172,23 @@ Data:
   },
   "timestamp": { "seconds": 1265044230, "microseconds": 450486 } }
 
+NIC_RX_FILTER_CHANGED
+-
+
+The event is emitted once until the query command is executed,
+the first event will always be emitted.
+
+Data:
+
+- "name": net client name (json-string)
+- "path": device path (json-string)
+
+{ "event": "NIC_RX_FILTER_CHANGED",
+  "data": { "name": "vnet0",
+"path": "/machine/peripheral/vnet0/virtio-backend" },
+  "timestamp": { "seconds": 1368697518, "microseconds": 326866 } }
+}
+
 RESET
 -
 
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 1ea9556..4137959 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -21,6 +21,8 @@
 #include "hw/virtio/virtio-net.h"
 #include "net/vhost_net.h"
 #include "hw/virtio/virtio-bus.h"
+#include "qapi/qmp/qjson.h"
+#include "monitor/monitor.h"
 
 #define VIRTIO_NET_VM_VERSION11
 
@@ -192,6 +194,100 @@ static void virtio_net_set_link_status(NetClientState *nc)
 virtio_net_set_status(vdev, vdev->status);
 }
 
+static void rxfilter_notify(NetClientState *nc)
+{
+QObject *event_data;
+VirtIONet *n = qemu_get_nic_opaque(nc);
+
+if (nc->rxfilter_notify_enabled) {
+event_data = qobject_from_jsonf("{ 'name': %s, 'path': %s }",
+   n->netclient_name,
+   object_get_canonical_path(OBJECT(n->qdev)));
+monitor_protocol_event(QEVENT_NIC_RX_FILTER_CHANGED, event_data);
+qobject_decref(event_data);
+
+/* disable event notification to avoid events flooding */
+nc->rxfilter_notify_enabled = 0;
+}
+}
+
+static char *mac_strdup_printf(const uint8_t *mac)
+{
+return g_strdup_printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", mac[0],
+mac[1], mac[2], mac[3], mac[4], mac[5]);
+}
+
+static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
+{
+VirtIONet *n = qemu_get_nic_opaque(nc);
+RxFilterInfo *info;
+strList *str_list = NULL;
+strList *entry;
+intList *int_list = NULL;
+intList *int_entry;
+int i, j;
+
+info = g_malloc0(sizeof(*info));
+info->name = g_strdup(nc->name);
+info->promiscuous = n->promisc;
+
+if (n->nouni) {
+info->unicast = RX_STATE_NONE;
+} else if (n->alluni) {
+info->unicast = RX_STATE_ALL;
+} else {
+info->unicast = RX_STATE_NORMAL

Re: [Qemu-devel] [PATCH RFC 6/8] exec: Clean up unnecessary S390 ifdeffery

[Markus Armbruster]

Paolo Bonzini  writes:

> Il 13/06/2013 03:02, Markus Armbruster ha scritto:
>> +} else if (kvm_enabled() && kvm_arch_ram_alloc) {
>> +/* some s390/kvm configurations have special constraints */
>> +if (mem_path) {
>> +fprintf(stderr,
>> +"-mem-path not supported with this version of KVM\n");
>> +exit(1);
>> +}
>> +new_block->host = kvm_arch_ram_alloc(size);
>> +memory_try_enable_merging(new_block->host, size);
>
> Uh oh, now I see why you wanted the hook as a function pointer.  Can you
> instead pass the file descriptor to kvm_ram_alloc?

I'm not sure I understand what you're suggesting.  Here's my best guess.

I made kvm_arch_ram_alloc() an *optional* hook, implemented as function
pointer that may be null.  It's actually non-null only with old S390
KVM.

Non-null value also suppresses -mem-path.  Admittedly not the cleanest
possible solution, but (1) it's better than what we have now, and (2)
the whole thing should go away forever once we stop supporting old S390
kernels.

You seem to suggest to factor the actual allocation of guest memory out
of this part of qemu_ram_alloc_from_ptr():

if (host) {
new_block->host = host;
new_block->flags |= RAM_PREALLOC_MASK;
} else if (xen_enabled()) {
if (mem_path) {
fprintf(stderr, "-mem-path not supported with Xen\n");
exit(1);
}
xen_ram_alloc(new_block->offset, size, mr);
} else if (kvm_enabled() && kvm_arch_ram_alloc) {
/* some s390/kvm configurations have special constraints */
if (mem_path) {
fprintf(stderr,
"-mem-path not supported with this version of KVM\n");
exit(1);
}
new_block->host = kvm_arch_ram_alloc(size);
if (!new_block->host) {
no_guest_mem(new_block);
}
memory_try_enable_merging(new_block->host, size);
} else {
if (mem_path) {
new_block->host = file_ram_alloc(new_block, size, mem_path);
}
if (!new_block->host) {
new_block->host = qemu_anon_ram_alloc(size);
if (!new_block->host) {
no_guest_mem(new_block);
}
memory_try_enable_merging(new_block->host, size);
}
}

Three functions, one each for Xen, S390 KVM, and generic.  Except the
one for Xen has only one caller, so we better leave that one alone.

Put a trivial wrapper around generic into each target-*/kvm.c other than
s390: arm, i386, ppc.

qemu_ram_alloc_from_ptr() then looks roughly like this:

if (host) {
new_block->host = host;
new_block->flags |= RAM_PREALLOC_MASK;
} else if (xen_enabled()) {
if (mem_path) {
fprintf(stderr, "-mem-path not supported with Xen\n");
exit(1);
}
xen_ram_alloc(new_block->offset, size, mr);
} else if (kvm_enabled()) {
new->block->host = kvm_arch_ram_alloc(size, new_block->fd);
if (!new_block->host) {
no_guest_mem(new_block);
}
} else {
new_block->host = qemu_guest_mem_alloc(size, new_block->fd);
if (!new_block->host) {
no_guest_mem(new_block);
}
}

Except new_block->fd still needs to be set.  Need to split
file_ram_alloc() into two: first part yields the file descriptor, to be
called by qemu_ram_alloc_from_ptr(), second part does the actual
allocation, to be called by the allocation functions.  The code in
qemu_ram_alloc_from_ptr() becomes:

if (host) {
new_block->host = host;
new_block->flags |= RAM_PREALLOC_MASK;
} else if (xen_enabled()) {
if (mem_path) {
fprintf(stderr, "-mem-path not supported with Xen\n");
exit(1);
}
xen_ram_alloc(new_block->offset, size, mr);
} else {
new->block->fd = file_ram_fd(mem_path);
new->block->host = kvm_enabled()
? kvm_arch_ram_alloc(size, new_block->fd);
: qemu_guest_mem_alloc(size, new_block->fd);
if (!new_block->host) {
no_guest_mem(new_block);
}
}

Is that what you have in mind?

It's a lot of restructuring and notational overhead just for this stupid
hack to support old S390 kernels.

Here's another way to keep the KVM hooks regular: make my function
pointers exec.c hooks instead of KVM hooks ;-P

Re: [Qemu-devel] [PATCH 5/5] block: Always enable discard on the protocol level

[Kevin Wolf]

Am 14.06.2013 um 00:06 hat Paolo Bonzini geschrieben:
> Il 13/06/2013 07:47, Kevin Wolf ha scritto:
> > Turning on discard options in qcow2 doesn't help a lot when the discard
> > requests that it issues are thrown away by the raw-posix layer. This
> > patch always enables discard functionality on the protocol level so that
> > it's the image format's responsibility to send (or not) discard
> > requests. Requests sent by the guest will be allowed or ignored by the
> > top level BlockDriverState, which depends on the discard=... option like
> > before.
> > 
> > In particular, this means that even without specifying options, the
> > qcow2 default of discarding deleted snapshots actually takes effect now,
> > both for qemu and qemu-img.
> > 
> > Signed-off-by: Kevin Wolf 
> > ---
> >  block.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/block.c b/block.c
> > index 79ad33d..0a7cf2f 100644
> > --- a/block.c
> > +++ b/block.c
> > @@ -1045,7 +1045,7 @@ int bdrv_open(BlockDriverState *bs, const char 
> > *filename, QDict *options,
> >  extract_subqdict(options, &file_options, "file.");
> >  
> >  ret = bdrv_file_open(&file, filename, file_options,
> > - bdrv_open_flags(bs, flags));
> > + bdrv_open_flags(bs, flags | BDRV_O_UNMAP));
> >  if (ret < 0) {
> >  goto fail;
> >  }
> > 
> 
> Can you still disable it with -drive file.discard=ignore?

This requires a few more changes (basically moving BDRV_O_UNMAP from
flags into a boolean in the QDict), but I think eventually we'll want to
allow this.

Kevin

Re: [Qemu-devel] [PATCH 3/5] qcow2: Options to enable discard for freed clusters

[Kevin Wolf]

Am 14.06.2013 um 00:10 hat Paolo Bonzini geschrieben:
> Il 13/06/2013 07:47, Kevin Wolf ha scritto:
> > +s->discard_passthrough[QCOW2_DISCARD_NEVER] = false,
> > +s->discard_passthrough[QCOW2_DISCARD_ALWAYS] = true,
> > +s->discard_passthrough[QCOW2_DISCARD_REQUEST] =
> > +qemu_opt_get_bool(opts, QCOW2_OPT_DISCARD_REQUEST,
> > +  flags & BDRV_O_UNMAP),
> 
> I think there should not be two ways to enable it, it is confusing.

Hm, yes... But it's also confusing to have qcow2 provide an incomplete
set of categories. Maybe we shouldn't have introduced -drive discard=...
as a global option to begin with.

> > +s->discard_passthrough[QCOW2_DISCARD_SNAPSHOT] =
> > +qemu_opt_get_bool(opts, QCOW2_OPT_DISCARD_SNAPSHOT, true),
> > +s->discard_passthrough[QCOW2_DISCARD_OTHER] =
> > +qemu_opt_get_bool(opts, QCOW2_OPT_DISCARD_OTHER, false),
> 
> Please document the defaults in qcow2_runtime_opts.  (BTW, what is the
> rationale?)

The idea was that discard is slow and therefore disabled by default,
except when you're doing an expensive snapshot operation that can
potentially free a lot of space at once with not too many requests, so
there it's enabled. And if you said -drive discard=on, you obviously
want guest requests to take effect.

We could let QCOW2_OPT_DISCARD_OTHER default to BDRV_O_UNMAP as well if
you prefer.

Kevin

Re: [Qemu-devel] [PATCH] Remove hardcoded xen-platform device initialization

[Paul Durrant]

> -Original Message-
> From: Stefano Stabellini [mailto:stefano.stabell...@eu.citrix.com]
> Sent: 13 June 2013 18:33
> To: Paul Durrant
> Cc: qemu-devel@nongnu.org; xen-de...@lists.xen.org
> Subject: Re: [Qemu-devel] [PATCH] Remove hardcoded xen-platform device
> initialization
> 
> On Thu, 13 Jun 2013, Paul Durrant wrote:
> > The xen-platform device should be initialized by the Xen toolstack by
> > passing the appropriate -device argument on the command line.
> >
> > Signed-off-by: Paul Durrant 
> 
> This patch is problematic because we can't know for sure the version of
> upstream QEMU that is going to be used with Xen.
> If we apply this patch and QEMU 1.5 is going to be used with Xen 4.2,
> guests won't be able to use PV drivers.
> 

Is there not a compatibility matrix? The hardcoded init. is just blatantly the 
wrong thing to be doing and it needs to go.

Could my accompanying toolstack patch not be backported to the next 4.2 release 
as mitigation?

  Paul

Re: [Qemu-devel] [Xen-devel] [PATCH] Remove hardcoded xen-platform device initialization

[Paul Durrant]

> -Original Message-
> From: Ian Campbell
> Sent: 13 June 2013 18:44
> To: Stefano Stabellini
> Cc: Paul Durrant; qemu-devel@nongnu.org; xen-de...@lists.xen.org
> Subject: Re: [Xen-devel] [Qemu-devel] [PATCH] Remove hardcoded xen-
> platform device initialization
> 
> On Thu, 2013-06-13 at 18:33 +0100, Stefano Stabellini wrote:
> > On Thu, 13 Jun 2013, Paul Durrant wrote:
> > > The xen-platform device should be initialized by the Xen toolstack by
> > > passing the appropriate -device argument on the command line.
> > >
> > > Signed-off-by: Paul Durrant 
> >
> > This patch is problematic because we can't know for sure the version of
> > upstream QEMU that is going to be used with Xen.
> > If we apply this patch and QEMU 1.5 is going to be used with Xen 4.2,
> > guests won't be able to use PV drivers.
> 
> Is the right answer a lever to disable, rather than enable, it?
> 

I didn't want to add yes another xen specific command line argument to QEMU; it 
feels wrong when there's already a perfectly good way of specifying an 
arbitrary device on the command line, but I suppose I could add a xl version 
argument or somesuch and gate the device creation on xl version >= 4.3.0? 
Calling out the compatibility of different versions of xl with different 
versions of QEMU in some document seems like a better way to go though 
otherwise this sort of issue is probably going to come up again in future.

  Paul

> A workaround for the situation you envisage is to use the
> device_model_args config option, not ideal though.
> 
> >
> >
> >
> > >  hw/i386/pc_piix.c |3 ---
> > >  1 file changed, 3 deletions(-)
> > >
> > > diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
> > > index d618570..e25012d 100644
> > > --- a/hw/i386/pc_piix.c
> > > +++ b/hw/i386/pc_piix.c
> > > @@ -174,9 +174,6 @@ static void pc_init1(MemoryRegion
> *system_memory,
> > >  pc_register_ferr_irq(gsi[13]);
> > >
> > >  pc_vga_init(isa_bus, pci_enabled ? pci_bus : NULL);
> > > -if (xen_enabled()) {
> > > -pci_create_simple(pci_bus, -1, "xen-platform");
> > > -}
> > >
> > >  /* init basic PC hardware */
> > >  pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy,
> xen_enabled());
> >
> >
> > ___
> > Xen-devel mailing list
> > xen-de...@lists.xen.org
> > http://lists.xen.org/xen-devel
> 

Re: [Qemu-devel] [Xen-devel] [PATCH] Remove hardcoded xen-platform device initialization

[Paul Durrant]

> -Original Message-
> From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo
> Bonzini
> Sent: 13 June 2013 19:03
> To: Ian Campbell
> Cc: Stefano Stabellini; Paul Durrant; qemu-devel@nongnu.org; xen-
> de...@lists.xen.org
> Subject: Re: [Xen-devel] [PATCH] Remove hardcoded xen-platform device
> initialization
> 
> Il 13/06/2013 13:44, Ian Campbell ha scritto:
> > On Thu, 2013-06-13 at 18:33 +0100, Stefano Stabellini wrote:
> >> On Thu, 13 Jun 2013, Paul Durrant wrote:
> >>> The xen-platform device should be initialized by the Xen toolstack by
> >>> passing the appropriate -device argument on the command line.
> >>>
> >>> Signed-off-by: Paul Durrant 
> >>
> >> This patch is problematic because we can't know for sure the version of
> >> upstream QEMU that is going to be used with Xen.
> >> If we apply this patch and QEMU 1.5 is going to be used with Xen 4.2,
> >> guests won't be able to use PV drivers.
> >
> > Is the right answer a lever to disable, rather than enable, it?
> >
> > A workaround for the situation you envisage is to use the
> > device_model_args config option, not ideal though.
> 
> I think the right solution for this is to move towards using the normal
> "-M pc" machine.  libxl can simply use "-M pc -machine accel=xen -device
> xen-platform-pv"; older versions that use the xenfv machine will still work.
> 
> And if you do this, you will also get the benefit of versioned machine
> types.
> 

Thanks. I'll have a look at that.

  Paul

Re: [Qemu-devel] [PATCH 1/2] piix: use type-safe cast instead of directly access of parent dev

[Andreas Färber]

Hi,

Am 14.06.2013 08:49, schrieb Hu Tao:
> Signed-off-by: Hu Tao 
> ---
>  hw/pci-host/piix.c | 11 +++
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
> index f9e68c3..ba9a8f0 100644
> --- a/hw/pci-host/piix.c
> +++ b/hw/pci-host/piix.c
> @@ -121,22 +121,24 @@ static int pci_slot_get_pirq(PCIDevice *pci_dev, int 
> pci_intx)
>  static void i440fx_update_memory_mappings(PCII440FXState *d)
>  {
>  int i;
> +PCIDevice *pd = PCI_DEVICE(d);
>  
>  memory_region_transaction_begin();
>  for (i = 0; i < 13; i++) {
>  pam_update(&d->pam_regions[i], i,
> -   d->dev.config[I440FX_PAM + ((i + 1) / 2)]);
> +   pd->config[I440FX_PAM + ((i + 1) / 2)]);
[snip]

These two patches will likely conflict with Peter C.'s recent PCI
patchset doing the same thing.

They look okay, although in one case changing to "dev" variable will
force yet another change when later switching to QOM realize with
DeviceState *dev.

Regards,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [Bug 1182716] Re: guest cannot boot up when Intel 82572 NIC assigned

[Yongjie Ren]

Re-tested this bug with:
kvm.git(next tree):e47a5f5fb715b90b40747e9e235de557c6abd56c
qemu-kvm.git(uq/master tree): 199472259a41677417fb7de168bd8c589383c6de
This bug has been fixed. 

** Changed in: qemu
   Status: New => Fix Committed

** Changed in: qemu
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1182716

Title:
  guest cannot boot up when Intel 82572 NIC assigned

Status in QEMU:
  Fix Released

Bug description:
  Environment:
  
  Host OS (ia32/ia32e/IA64):ia32e
  Guest OS (ia32/ia32e/IA64):ia32e
  Guest OS Type (Linux/Windows):linux
  kvm.git next branch Commit:660696d1d16a71e15549ce1bf74953be1592bcd3
  qemu-kvm.git uq/master branch Commit:9953f8822cc316eec9962f0a2858c3439a80adec
  Host Kernel Version:3.9.0-rc3
  Hardware: IvyBridge-EP

  
  Bug detailed description:
  --
  When creating a guest with Intel 82572 NIC (e1000e driver) assigned, I will 
get "Invalid ROM contents" error  and the guest cannot boot up.
  This should be a qemu-kvm bug.
  kvm  + qemu-kvm   =  result
  660696d1 + 9953f882   =  bad
  660696d1 + 5098699a   =  good

  note: 
  1. when creating guest with assign a PF of Intel 72576 or Intel I350 (igb 
driver), the PF works fine in guest.
  2. when creating guest with assign a VF of Intel 72576 or Intel I350 or Intel 
82599, the VF works fine in guest.


  Reproduce steps:
  
  1. start up a host with kvm (commit: 660696d1)
  2. ./pcistub.sh -h 07:00.0   ( to hide a device)
  3. qemu-system-x86_64 -enable-kvm -m 1024 -smp 2 -device 
pci-assign,host=07:00.0 -net none rhel6u4.img

  Current result:
  
  the guest cannot boot up.
  [root@vt-ivt2 ~]# qemu-system-x86_64 -enable-kvm -m 1024 -smp 2 -device 
pci-assign,host=07:00.0 -net none /root/rhel6u4.img
  qemu-system-x86_64: -device pci-assign,host=07:00.0: pci-assign: Cannot read 
from host /sys/bus/pci/devices/:07:00.0/rom
  Device option ROM contents are probably invalid (check dmesg).
  Skip option ROM probe with rombar=0, or load from file with romfile=
  Segmentation fault (core dumped)

  
  Expected result:
  
  the guest can boot up, and the device works fine in guest.

  Basic root-causing log:  (some log in 'dmesg')
  --
  assign device 0:7:0.0
  pci-stub :07:00.0: Invalid ROM contents
  qemu-system-x86[6977]: segfault at 7f59afb8 ip 7f59fe9f46ec sp
  7fff85f17aa8 error 4 in libc-2.12.so[7f59fe979000+18a000]

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1182716/+subscriptions

Re: [Qemu-devel] [RFC] sanitize memory on system reset

[Alexander Graf]

Am 14.06.2013 um 08:56 schrieb Christian Borntraeger :

> On 13/06/13 13:56, Anthony Liguori wrote:
>> Markus Armbruster  writes:
>> 
>>> Peter Lieven  writes:
>>> 
 On 13.06.2013 10:40, Stefan Hajnoczi wrote:
> On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:
>> I was thinking if it would be a good idea to zeroize all memory
>> resources on system reset and
>> madvise dontneed them afterwards. This would avoid system reset
>> attacks in case the attacker
>> has only access to the console of a vServer but not on the physical
>> host and it would shrink
>> RSS size of the vServer siginificantly.
> I wonder if you'll hit weird OS installers or PXE clients that rely on
> stashing stuff in memory across reset.
 One point:
 Wouldn't a memory test which some systems do at startup break these as 
 well?
>>> 
>>> Systems that distinguish between warm and cold boot (such as PCs)
>>> generally run POST only on cold boot.
>>> 
>>> I'm not saying triggering warm reboot and expecting memory contents to
>>> survive is a good idea, but it has been done.
>> 
>> Doesn't kexec do a warm reboot stashing the new kernel somewhere in
>> memory?
> 
> It does something like that on s390.
> There is a diagnose instruction to the machine, that resets all
> subsystems and cpus in a defined state, but lets the memory untouched.
> So we want to be able to define the components of the system which we are 
> going to reset and have two cases:
> 1. reset everything and clear the memory
> 2. just reset the cpus and devices, but leave the memory untouched
> 
> For case 2 we basically want to avoid memory clearing AND bios reloading

Legacy 286 protected mode to real mode switching also happens through the CPU 
reset PIN, so there certainly is a need to distinguish.

Alex

> 
> 
> 

[Qemu-devel] [RFC 03/13] block: add BlockDevOps->drain_threads_cb()

[Stefan Hajnoczi]

There are times when the QEMU main loop wishes to drain I/O requests.
Up until now bdrv_drain_all() meant that no new guest I/O will be
processed until the next event loop iteration.

This is no longer true with dataplane since it runs outside the QEMU
global mutex.  The BlockDevOps->drain_threads_cb() interface allows the
device model to drain and stop threads.  Once draining completes, the
QEMU main loop can be sure that no further I/O will take place until
next main loop iteration.

Signed-off-by: Stefan Hajnoczi 
---
 block.c   | 6 ++
 include/block/block.h | 9 +
 2 files changed, 15 insertions(+)

diff --git a/block.c b/block.c
index 1c9df27..a3323b2 100644
--- a/block.c
+++ b/block.c
@@ -1430,6 +1430,12 @@ void bdrv_drain_all(void)
 BlockDriverState *bs;
 bool busy;
 
+QTAILQ_FOREACH(bs, &bdrv_states, list) {
+if (bs->dev_ops && bs->dev_ops->drain_threads_cb) {
+bs->dev_ops->drain_threads_cb(bs->dev_opaque);
+}
+}
+
 do {
 busy = qemu_aio_wait();
 
diff --git a/include/block/block.h b/include/block/block.h
index 2307f67..85147bb 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -60,6 +60,15 @@ typedef struct BlockDevOps {
  * Runs when the size changed (e.g. monitor command block_resize)
  */
 void (*resize_cb)(void *opaque);
+/*
+ * Notifies the device model to drain any emulation threads
+ *
+ * Upon return, there must be no new or pending requests outside the QEMU
+ * main loop.  The device model may restart emulation threads after this
+ * main loop iteration, for example in a hardware register handler
+ * function.
+ */
+void (*drain_threads_cb)(void *opaque);
 } BlockDevOps;
 
 #define BDRV_O_RDWR0x0002
-- 
1.8.1.4

[Qemu-devel] [RFC 00/13] dataplane: use block layer

[Stefan Hajnoczi]

This series adds image format, QMP 'transation', and QMP 'block_resize' support
to dataplane.  This is done by replacing custom Linux AIO code with QEMU block
layer APIs.

In order for block layer APIs to be safe, bdrv_drain_all() is modified to be
aware of device emulation threads (like dataplane).
BlockDevOps->drain_threads_cb() is introduced as a way to stop device emulation
threads temporarily.  Device emulation threads may resume after this main loop
iteration completes, which is enough to allow code running under the QEMU
global mutex a chance to use the block device temporarily.

bdrv_get_aio_context() is dropped in favor of a thread-local AioContext
pointer.  This allows qemu_bh_new(), qemu_aio_wait(), and friends to
automatically use the right AioContext.  When we introduce a BlockDriverState
lock in the future, it will be possible to use block devices from multiple
threads arbitrarily (right now we only allow it if bdrv_drain_all() is used).

Three open issues:

 * Timers only work in the main loop, so I/O throttling is ignored and QED is
   unsafe with x-data-plane=on.

 * Need to test with NBD, Gluster, and other non-file protocols.

 * Need to compare performance against custom Linux AIO code.

Paolo Bonzini (2):
  exec: do not use qemu/tls.h
  qemu-thread: add TLS wrappers

Stefan Hajnoczi (11):
  block: fix bdrv_flush() ordering in bdrv_close()
  dataplane: sync virtio.c and vring.c virtqueue state
  block: add BlockDevOps->drain_threads_cb()
  virtio-blk: implement BlockDevOps->drain_threads_cb()
  block: add thread_aio_context TLS variable
  block: drop bdrv_get_aio_context()
  main-loop: use thread-local AioContext
  block: disable I/O throttling outside main loop
  dataplane: use block layer for I/O
  dataplane: drop ioq Linux AIO request queue
  block: drop raw_get_aio_fd()

 async.c |   2 +
 block.c |  22 ++-
 block/raw-posix.c   |  38 +
 block/raw-win32.c   |   2 +-
 configure   |  21 +++
 cpus.c  |   2 +
 exec.c  |  10 +-
 hw/block/dataplane/Makefile.objs|   2 +-
 hw/block/dataplane/ioq.c| 117 ---
 hw/block/dataplane/ioq.h|  57 ---
 hw/block/dataplane/virtio-blk.c | 290 
 hw/block/virtio-blk.c   |  12 ++
 hw/virtio/dataplane/vring.c |   8 +-
 include/block/aio.h |   4 +
 include/block/block.h   |  17 ++-
 include/block/block_int.h   |   7 -
 include/exec/cpu-all.h  |  14 +-
 include/hw/virtio/dataplane/vring.h |   2 +-
 include/qemu/tls.h  | 125 +---
 main-loop.c |  15 +-
 tests/Makefile  |   3 +
 tests/test-tls.c|  87 +++
 util/qemu-thread-win32.c|  17 +++
 23 files changed, 408 insertions(+), 466 deletions(-)
 delete mode 100644 hw/block/dataplane/ioq.c
 delete mode 100644 hw/block/dataplane/ioq.h
 create mode 100644 tests/test-tls.c

-- 
1.8.1.4

[Qemu-devel] [RFC 01/13] block: fix bdrv_flush() ordering in bdrv_close()

[Stefan Hajnoczi]

Since 80ccf93b we flush the block device during close.  The
bdrv_drain_all() call should come before bdrv_flush() to ensure guest
write requests have completed.  Otherwise we may miss pending writes
when flushing.

However, there is still a slight change that cancelling a blockjob or
doing bdrv_flush() might leave an I/O request running, so call
bdrv_drain_all() again for safety as the final step.

Signed-off-by: Stefan Hajnoczi 
---
 block.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/block.c b/block.c
index 79ad33d..1c9df27 100644
--- a/block.c
+++ b/block.c
@@ -1357,11 +1357,12 @@ void bdrv_reopen_abort(BDRVReopenState *reopen_state)
 
 void bdrv_close(BlockDriverState *bs)
 {
-bdrv_flush(bs);
+bdrv_drain_all(); /* complete guest I/O */
 if (bs->job) {
 block_job_cancel_sync(bs->job);
 }
-bdrv_drain_all();
+bdrv_flush(bs);
+bdrv_drain_all(); /* in case blockjob or flush started I/O */
 notifier_list_notify(&bs->close_notifiers, bs);
 
 if (bs->drv) {
-- 
1.8.1.4

[Qemu-devel] [RFC 07/13] block: add thread_aio_context TLS variable

[Stefan Hajnoczi]

BH and fd handler APIs need to know which AioContext (event loop) to run
inside.  Passing it around everywhere is not feasible since it would
require adding arguments to any call-chain that invokes BH and fd
handler APIs (hint: there are many and they change).

Instead make the AioContext pointer thread-local.  This way, any
function that needs to use an AioContext can find it.  In particular:
the iothread and vcpu threads share the main AioContext since they hold
the global mutex while running.  Dataplane threads will use their own
AioContexts.

Signed-off-by: Stefan Hajnoczi 
---
 async.c | 2 ++
 cpus.c  | 2 ++
 include/block/aio.h | 4 
 main-loop.c | 1 +
 4 files changed, 9 insertions(+)

diff --git a/async.c b/async.c
index 90fe906..765cbc0 100644
--- a/async.c
+++ b/async.c
@@ -27,6 +27,8 @@
 #include "block/thread-pool.h"
 #include "qemu/main-loop.h"
 
+DEFINE_TLS(AioContext*, thread_aio_context);
+
 /***/
 /* bottom halves (can be seen as timers which expire ASAP) */
 
diff --git a/cpus.c b/cpus.c
index c232265..529d612 100644
--- a/cpus.c
+++ b/cpus.c
@@ -741,6 +741,7 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
 qemu_thread_get_self(cpu->thread);
 cpu->thread_id = qemu_get_thread_id();
 cpu_single_env = env;
+*alloc_thread_aio_context() = qemu_get_aio_context();
 
 r = kvm_init_vcpu(cpu);
 if (r < 0) {
@@ -815,6 +816,7 @@ static void tcg_exec_all(void);
 static void tcg_signal_cpu_creation(CPUState *cpu, void *data)
 {
 cpu->thread_id = qemu_get_thread_id();
+*alloc_thread_aio_context() = qemu_get_aio_context();
 cpu->created = true;
 }
 
diff --git a/include/block/aio.h b/include/block/aio.h
index 1836793..6ee9369 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -17,6 +17,7 @@
 #include "qemu-common.h"
 #include "qemu/queue.h"
 #include "qemu/event_notifier.h"
+#include "qemu/tls.h"
 
 typedef struct BlockDriverAIOCB BlockDriverAIOCB;
 typedef void BlockDriverCompletionFunc(void *opaque, int ret);
@@ -74,6 +75,9 @@ typedef struct AioContext {
 /* Returns 1 if there are still outstanding AIO requests; 0 otherwise */
 typedef int (AioFlushEventNotifierHandler)(EventNotifier *e);
 
+/* Each thread can have a default AioContext */
+DECLARE_TLS(AioContext*, thread_aio_context);
+
 /**
  * aio_context_new: Allocate a new AioContext.
  *
diff --git a/main-loop.c b/main-loop.c
index cf36645..51eeb0f 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -142,6 +142,7 @@ int qemu_init_main_loop(void)
 
 gpollfds = g_array_new(FALSE, FALSE, sizeof(GPollFD));
 qemu_aio_context = aio_context_new();
+*get_thread_aio_context() = qemu_aio_context;
 src = aio_get_g_source(qemu_aio_context);
 g_source_attach(src, NULL);
 g_source_unref(src);
-- 
1.8.1.4

[Qemu-devel] [RFC 02/13] dataplane: sync virtio.c and vring.c virtqueue state

[Stefan Hajnoczi]

Load the virtio.c state into vring.c when we start dataplane mode and
vice versa when stopping dataplane mode.  This patch makes it possible
to start and stop dataplane any time while the guest is running.

This is very useful since it will allow us to go back to QEMU main loop
for bdrv_drain_all() and live migration.

Signed-off-by: Stefan Hajnoczi 
---
 hw/block/dataplane/virtio-blk.c | 2 +-
 hw/virtio/dataplane/vring.c | 8 +---
 include/hw/virtio/dataplane/vring.h | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index 0356665..2faed43 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -537,7 +537,7 @@ void virtio_blk_data_plane_stop(VirtIOBlockDataPlane *s)
 /* Clean up guest notifier (irq) */
 k->set_guest_notifiers(qbus->parent, 1, false);
 
-vring_teardown(&s->vring);
+vring_teardown(&s->vring, s->vdev, 0);
 s->started = false;
 s->stopping = false;
 }
diff --git a/hw/virtio/dataplane/vring.c b/hw/virtio/dataplane/vring.c
index e0d6e83..82cc151 100644
--- a/hw/virtio/dataplane/vring.c
+++ b/hw/virtio/dataplane/vring.c
@@ -39,8 +39,8 @@ bool vring_setup(Vring *vring, VirtIODevice *vdev, int n)
 
 vring_init(&vring->vr, virtio_queue_get_num(vdev, n), vring_ptr, 4096);
 
-vring->last_avail_idx = 0;
-vring->last_used_idx = 0;
+vring->last_avail_idx = virtio_queue_get_last_avail_idx(vdev, n);
+vring->last_used_idx = vring->vr.used->idx;
 vring->signalled_used = 0;
 vring->signalled_used_valid = false;
 
@@ -49,8 +49,10 @@ bool vring_setup(Vring *vring, VirtIODevice *vdev, int n)
 return true;
 }
 
-void vring_teardown(Vring *vring)
+void vring_teardown(Vring *vring, VirtIODevice *vdev, int n)
 {
+virtio_queue_set_last_avail_idx(vdev, n, vring->last_avail_idx);
+
 hostmem_finalize(&vring->hostmem);
 }
 
diff --git a/include/hw/virtio/dataplane/vring.h 
b/include/hw/virtio/dataplane/vring.h
index 9380cb5..c0b69ff 100644
--- a/include/hw/virtio/dataplane/vring.h
+++ b/include/hw/virtio/dataplane/vring.h
@@ -50,7 +50,7 @@ static inline void vring_set_broken(Vring *vring)
 }
 
 bool vring_setup(Vring *vring, VirtIODevice *vdev, int n);
-void vring_teardown(Vring *vring);
+void vring_teardown(Vring *vring, VirtIODevice *vdev, int n);
 void vring_disable_notification(VirtIODevice *vdev, Vring *vring);
 bool vring_enable_notification(VirtIODevice *vdev, Vring *vring);
 bool vring_should_notify(VirtIODevice *vdev, Vring *vring);
-- 
1.8.1.4

[Qemu-devel] [RFC 11/13] dataplane: use block layer for I/O

[Stefan Hajnoczi]

Use the QEMU block layer instead of custom Linux AIO code.  A couple of
changes are necessary to make request processing work in this new
environment:

1. Replace ioq_*() calls with bdrv_aio_*().  We finally support
   asynchronous flush since we get it for free from the QEMU block
   layer!

2. Add a data buffer QEMUIOVector field to struct VirtIOBlockRequest.
   We previously relied on io_submit(2) semantics where the kernel
   copied in iovecs, and we therefore didn't keep them around.  The QEMU
   block layer *does* require that the iovecs are alive across the
   duration of the request.

Note that we still prevent block jobs, hot unplug, and live migration
since there is no synchronization with the main thread.  The next patch
series will introduce a mechanism to arbitrate block layer calls between
threads.

Signed-off-by: Stefan Hajnoczi 
---
 hw/block/dataplane/virtio-blk.c | 288 +---
 1 file changed, 92 insertions(+), 196 deletions(-)

diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c
index 2faed43..aeb3668 100644
--- a/hw/block/dataplane/virtio-blk.c
+++ b/hw/block/dataplane/virtio-blk.c
@@ -17,7 +17,6 @@
 #include "qemu/thread.h"
 #include "qemu/error-report.h"
 #include "hw/virtio/dataplane/vring.h"
-#include "ioq.h"
 #include "migration/migration.h"
 #include "block/block.h"
 #include "hw/virtio/virtio-blk.h"
@@ -34,11 +33,10 @@ enum {
 };
 
 typedef struct {
-struct iocb iocb;   /* Linux AIO control block */
-QEMUIOVector *inhdr;/* iovecs for virtio_blk_inhdr */
+VirtIOBlockDataPlane *dataplane;
+QEMUIOVector data;  /* data buffer */
+QEMUIOVector inhdr; /* iovecs for virtio_blk_inhdr */
 unsigned int head;  /* vring descriptor index */
-struct iovec *bounce_iov;   /* used if guest buffers are unaligned */
-QEMUIOVector *read_qiov;/* for read completion /w bounce buffer */
 } VirtIOBlockRequest;
 
 struct VirtIOBlockDataPlane {
@@ -48,7 +46,7 @@ struct VirtIOBlockDataPlane {
 QemuThread thread;
 
 VirtIOBlkConf *blk;
-int fd; /* image file descriptor */
+BlockDriverState *bs;   /* block device */
 
 VirtIODevice *vdev;
 Vring vring;/* virtqueue vring */
@@ -60,14 +58,8 @@ struct VirtIOBlockDataPlane {
  * use it).
  */
 AioContext *ctx;
-EventNotifier io_notifier;  /* Linux AIO completion */
 EventNotifier host_notifier;/* doorbell */
 
-IOQueue ioqueue;/* Linux AIO queue (should really be per
-   dataplane thread) */
-VirtIOBlockRequest requests[REQ_MAX]; /* pool of requests, managed by the
- queue */
-
 unsigned int num_reqs;
 
 Error *migration_blocker;
@@ -83,133 +75,113 @@ static void notify_guest(VirtIOBlockDataPlane *s)
 event_notifier_set(s->guest_notifier);
 }
 
-static void complete_request(struct iocb *iocb, ssize_t ret, void *opaque)
+static void complete_request(VirtIOBlockRequest *req,
+ unsigned char status,
+ int len)
 {
-VirtIOBlockDataPlane *s = opaque;
-VirtIOBlockRequest *req = container_of(iocb, VirtIOBlockRequest, iocb);
-struct virtio_blk_inhdr hdr;
-int len;
-
-if (likely(ret >= 0)) {
-hdr.status = VIRTIO_BLK_S_OK;
-len = ret;
-} else {
-hdr.status = VIRTIO_BLK_S_IOERR;
-len = 0;
-}
-
-trace_virtio_blk_data_plane_complete_request(s, req->head, ret);
-
-if (req->read_qiov) {
-assert(req->bounce_iov);
-qemu_iovec_from_buf(req->read_qiov, 0, req->bounce_iov->iov_base, len);
-qemu_iovec_destroy(req->read_qiov);
-g_slice_free(QEMUIOVector, req->read_qiov);
-}
-
-if (req->bounce_iov) {
-qemu_vfree(req->bounce_iov->iov_base);
-g_slice_free(struct iovec, req->bounce_iov);
-}
+VirtIOBlockDataPlane *s = req->dataplane;
+unsigned int head = req->head;
+struct virtio_blk_inhdr hdr = {
+.status = status,
+};
 
-qemu_iovec_from_buf(req->inhdr, 0, &hdr, sizeof(hdr));
-qemu_iovec_destroy(req->inhdr);
-g_slice_free(QEMUIOVector, req->inhdr);
+qemu_iovec_from_buf(&req->inhdr, 0, &hdr, sizeof(hdr));
+qemu_iovec_destroy(&req->inhdr);
+qemu_iovec_destroy(&req->data);
+g_slice_free(VirtIOBlockRequest, req);
 
 /* According to the virtio specification len should be the number of bytes
  * written to, but for virtio-blk it seems to be the number of bytes
  * transferred plus the status bytes.
  */
-vring_push(&s->vring, req->head, len + sizeof(hdr));
+vring_push(&s->vring, head, len + sizeof(hdr));
+notify_guest(s);
 
 s->num_reqs--;
 }
 
-static void complete_request_early(VirtIOBlockDataPlane *s, unsigned int head,
-   

[Qemu-devel] [RFC 08/13] block: drop bdrv_get_aio_context()

[Stefan Hajnoczi]

Associating a BlockDriverState with a single AioContext is not flexible
enough.  Once we make BlockDriverState thread-safe, it will be possible
to call bdrv_*() functions from multiple event loops.

Use the thread-local AioContext pointer instead of
bdrv_get_aio_context().

Signed-off-by: Stefan Hajnoczi 
---
 block.c   | 6 --
 block/raw-posix.c | 4 ++--
 block/raw-win32.c | 2 +-
 include/block/block_int.h | 7 ---
 4 files changed, 3 insertions(+), 16 deletions(-)

diff --git a/block.c b/block.c
index a3323b2..d986fc8 100644
--- a/block.c
+++ b/block.c
@@ -4582,9 +4582,3 @@ out:
 bdrv_delete(bs);
 }
 }
-
-AioContext *bdrv_get_aio_context(BlockDriverState *bs)
-{
-/* Currently BlockDriverState always uses the main loop AioContext */
-return qemu_get_aio_context();
-}
diff --git a/block/raw-posix.c b/block/raw-posix.c
index c0ccf27..821c19f 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -796,7 +796,7 @@ static BlockDriverAIOCB *paio_submit(BlockDriverState *bs, 
int fd,
 acb->aio_offset = sector_num * 512;
 
 trace_paio_submit(acb, opaque, sector_num, nb_sectors, type);
-pool = aio_get_thread_pool(bdrv_get_aio_context(bs));
+pool = aio_get_thread_pool(*get_thread_aio_context());
 return thread_pool_submit_aio(pool, aio_worker, acb, cb, opaque);
 }
 
@@ -1460,7 +1460,7 @@ static BlockDriverAIOCB *hdev_aio_ioctl(BlockDriverState 
*bs,
 acb->aio_offset = 0;
 acb->aio_ioctl_buf = buf;
 acb->aio_ioctl_cmd = req;
-pool = aio_get_thread_pool(bdrv_get_aio_context(bs));
+pool = aio_get_thread_pool(*get_thread_aio_context());
 return thread_pool_submit_aio(pool, aio_worker, acb, cb, opaque);
 }
 
diff --git a/block/raw-win32.c b/block/raw-win32.c
index 7c03b6d..b5e59a8 100644
--- a/block/raw-win32.c
+++ b/block/raw-win32.c
@@ -158,7 +158,7 @@ static BlockDriverAIOCB *paio_submit(BlockDriverState *bs, 
HANDLE hfile,
 acb->aio_offset = sector_num * 512;
 
 trace_paio_submit(acb, opaque, sector_num, nb_sectors, type);
-pool = aio_get_thread_pool(bdrv_get_aio_context(bs));
+pool = aio_get_thread_pool(*get_thread_aio_context());
 return thread_pool_submit_aio(pool, aio_worker, acb, cb, opaque);
 }
 
diff --git a/include/block/block_int.h b/include/block/block_int.h
index ba52247..88c8b52 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -298,13 +298,6 @@ int get_tmp_filename(char *filename, int size);
 void bdrv_set_io_limits(BlockDriverState *bs,
 BlockIOLimit *io_limits);
 
-/**
- * bdrv_get_aio_context:
- *
- * Returns: the currently bound #AioContext
- */
-AioContext *bdrv_get_aio_context(BlockDriverState *bs);
-
 #ifdef _WIN32
 int is_windows_drive(const char *filename);
 #endif
-- 
1.8.1.4

[Qemu-devel] [RFC 04/13] virtio-blk: implement BlockDevOps->drain_threads_cb()

[Stefan Hajnoczi]

Drain and stop the dataplane thread when bdrv_drain_all() is called.
Note that the thread will be restarted in virtio_blk_handle_output() the
next time the guest kicks the virtqueue.

Signed-off-by: Stefan Hajnoczi 
---
 hw/block/virtio-blk.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index cf12469..f9c2b79 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -618,8 +618,20 @@ static void virtio_blk_resize(void *opaque)
 virtio_notify_config(vdev);
 }
 
+static void virtio_blk_drain_threads(void *opaque)
+{
+#ifdef CONFIG_VIRTIO_BLK_DATA_PLANE
+VirtIOBlock *s = VIRTIO_BLK(opaque);
+
+if (s->dataplane) {
+virtio_blk_data_plane_stop(s->dataplane);
+}
+#endif
+}
+
 static const BlockDevOps virtio_block_ops = {
 .resize_cb = virtio_blk_resize,
+.drain_threads_cb = virtio_blk_drain_threads,
 };
 
 void virtio_blk_set_conf(DeviceState *dev, VirtIOBlkConf *blk)
-- 
1.8.1.4

[Qemu-devel] [RFC 10/13] block: disable I/O throttling outside main loop

[Stefan Hajnoczi]

Timers only work in the main loop.  This means threads running their own
AioContext cannot use I/O throttling for now.

Signed-off-by: Stefan Hajnoczi 
---
 block.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/block.c b/block.c
index d986fc8..2d7a0f8 100644
--- a/block.c
+++ b/block.c
@@ -169,6 +169,11 @@ static void bdrv_io_limits_intercept(BlockDriverState *bs,
 {
 int64_t wait_time = -1;
 
+/* Timers currently only work in the main loop */
+if (*get_thread_aio_context() != qemu_get_aio_context()) {
+return;
+}
+
 if (!qemu_co_queue_empty(&bs->throttled_reqs)) {
 qemu_co_queue_wait(&bs->throttled_reqs);
 }
-- 
1.8.1.4

[Qemu-devel] [RFC 09/13] main-loop: use thread-local AioContext

[Stefan Hajnoczi]

qemu_bh_new() and several other functions use qemu_aio_context, the
global QEMU main loop AioContext.  Now that we have introduced threads
with their own AioContext and a thread-local AioContext pointer, convert
qemu_bh_new() and friends to use the thread-local AioContext pointer.

qemu_bh_new() now creates a QEMUBH for the current thread's AioContext.
This is the right thing to do - it allows existing code to work outside
the main loop thread.

One exception: qemu_notify_event() still uses the global
qemu_aio_context because all callers expect to kick the main loop, not
some other event loop.

Signed-off-by: Stefan Hajnoczi 
---
 main-loop.c | 14 --
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/main-loop.c b/main-loop.c
index 51eeb0f..2317c54 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -319,7 +319,8 @@ void qemu_del_wait_object(HANDLE handle, WaitObjectFunc 
*func, void *opaque)
 
 void qemu_fd_register(int fd)
 {
-WSAEventSelect(fd, event_notifier_get_handle(&qemu_aio_context->notifier),
+HANDLE h = event_notifier_get_handle(&*get_thread_aio_context()->notifier);
+WSAEventSelect(fd, h,
FD_READ | FD_ACCEPT | FD_CLOSE |
FD_CONNECT | FD_WRITE | FD_OOB);
 }
@@ -477,12 +478,12 @@ int main_loop_wait(int nonblocking)
 
 QEMUBH *qemu_bh_new(QEMUBHFunc *cb, void *opaque)
 {
-return aio_bh_new(qemu_aio_context, cb, opaque);
+return aio_bh_new(*get_thread_aio_context(), cb, opaque);
 }
 
 bool qemu_aio_wait(void)
 {
-return aio_poll(qemu_aio_context, true);
+return aio_poll(*get_thread_aio_context(), true);
 }
 
 #ifdef CONFIG_POSIX
@@ -492,8 +493,8 @@ void qemu_aio_set_fd_handler(int fd,
  AioFlushHandler *io_flush,
  void *opaque)
 {
-aio_set_fd_handler(qemu_aio_context, fd, io_read, io_write, io_flush,
-   opaque);
+aio_set_fd_handler(*get_thread_aio_context(), fd,
+   io_read, io_write, io_flush, opaque);
 }
 #endif
 
@@ -501,5 +502,6 @@ void qemu_aio_set_event_notifier(EventNotifier *notifier,
  EventNotifierHandler *io_read,
  AioFlushEventNotifierHandler *io_flush)
 {
-aio_set_event_notifier(qemu_aio_context, notifier, io_read, io_flush);
+aio_set_event_notifier(*get_thread_aio_context(), notifier,
+   io_read, io_flush);
 }
-- 
1.8.1.4

[Qemu-devel] [RFC 12/13] dataplane: drop ioq Linux AIO request queue

[Stefan Hajnoczi]

virtio-blk data plane used a custom Linux AIO request queue called
"ioq".  Now that virtio-blk data plane uses the QEMU block layer we can
drop ioq.

Signed-off-by: Stefan Hajnoczi 
---
 hw/block/dataplane/Makefile.objs |   2 +-
 hw/block/dataplane/ioq.c | 117 ---
 hw/block/dataplane/ioq.h |  57 ---
 3 files changed, 1 insertion(+), 175 deletions(-)
 delete mode 100644 hw/block/dataplane/ioq.c
 delete mode 100644 hw/block/dataplane/ioq.h

diff --git a/hw/block/dataplane/Makefile.objs b/hw/block/dataplane/Makefile.objs
index 9da2eb8..e786f66 100644
--- a/hw/block/dataplane/Makefile.objs
+++ b/hw/block/dataplane/Makefile.objs
@@ -1 +1 @@
-obj-y += ioq.o virtio-blk.o
+obj-y += virtio-blk.o
diff --git a/hw/block/dataplane/ioq.c b/hw/block/dataplane/ioq.c
deleted file mode 100644
index f709f87..000
--- a/hw/block/dataplane/ioq.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Linux AIO request queue
- *
- * Copyright 2012 IBM, Corp.
- * Copyright 2012 Red Hat, Inc. and/or its affiliates
- *
- * Authors:
- *   Stefan Hajnoczi 
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- */
-
-#include "ioq.h"
-
-void ioq_init(IOQueue *ioq, int fd, unsigned int max_reqs)
-{
-int rc;
-
-ioq->fd = fd;
-ioq->max_reqs = max_reqs;
-
-memset(&ioq->io_ctx, 0, sizeof ioq->io_ctx);
-rc = io_setup(max_reqs, &ioq->io_ctx);
-if (rc != 0) {
-fprintf(stderr, "ioq io_setup failed %d\n", rc);
-exit(1);
-}
-
-rc = event_notifier_init(&ioq->io_notifier, 0);
-if (rc != 0) {
-fprintf(stderr, "ioq io event notifier creation failed %d\n", rc);
-exit(1);
-}
-
-ioq->freelist = g_malloc0(sizeof ioq->freelist[0] * max_reqs);
-ioq->freelist_idx = 0;
-
-ioq->queue = g_malloc0(sizeof ioq->queue[0] * max_reqs);
-ioq->queue_idx = 0;
-}
-
-void ioq_cleanup(IOQueue *ioq)
-{
-g_free(ioq->freelist);
-g_free(ioq->queue);
-
-event_notifier_cleanup(&ioq->io_notifier);
-io_destroy(ioq->io_ctx);
-}
-
-EventNotifier *ioq_get_notifier(IOQueue *ioq)
-{
-return &ioq->io_notifier;
-}
-
-struct iocb *ioq_get_iocb(IOQueue *ioq)
-{
-/* Underflow cannot happen since ioq is sized for max_reqs */
-assert(ioq->freelist_idx != 0);
-
-struct iocb *iocb = ioq->freelist[--ioq->freelist_idx];
-ioq->queue[ioq->queue_idx++] = iocb;
-return iocb;
-}
-
-void ioq_put_iocb(IOQueue *ioq, struct iocb *iocb)
-{
-/* Overflow cannot happen since ioq is sized for max_reqs */
-assert(ioq->freelist_idx != ioq->max_reqs);
-
-ioq->freelist[ioq->freelist_idx++] = iocb;
-}
-
-struct iocb *ioq_rdwr(IOQueue *ioq, bool read, struct iovec *iov,
-  unsigned int count, long long offset)
-{
-struct iocb *iocb = ioq_get_iocb(ioq);
-
-if (read) {
-io_prep_preadv(iocb, ioq->fd, iov, count, offset);
-} else {
-io_prep_pwritev(iocb, ioq->fd, iov, count, offset);
-}
-io_set_eventfd(iocb, event_notifier_get_fd(&ioq->io_notifier));
-return iocb;
-}
-
-int ioq_submit(IOQueue *ioq)
-{
-int rc = io_submit(ioq->io_ctx, ioq->queue_idx, ioq->queue);
-ioq->queue_idx = 0; /* reset */
-return rc;
-}
-
-int ioq_run_completion(IOQueue *ioq, IOQueueCompletion *completion,
-   void *opaque)
-{
-struct io_event events[ioq->max_reqs];
-int nevents, i;
-
-do {
-nevents = io_getevents(ioq->io_ctx, 0, ioq->max_reqs, events, NULL);
-} while (nevents < 0 && errno == EINTR);
-if (nevents < 0) {
-return nevents;
-}
-
-for (i = 0; i < nevents; i++) {
-ssize_t ret = ((uint64_t)events[i].res2 << 32) | events[i].res;
-
-completion(events[i].obj, ret, opaque);
-ioq_put_iocb(ioq, events[i].obj);
-}
-return nevents;
-}
diff --git a/hw/block/dataplane/ioq.h b/hw/block/dataplane/ioq.h
deleted file mode 100644
index b49b5de..000
--- a/hw/block/dataplane/ioq.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Linux AIO request queue
- *
- * Copyright 2012 IBM, Corp.
- * Copyright 2012 Red Hat, Inc. and/or its affiliates
- *
- * Authors:
- *   Stefan Hajnoczi 
- *
- * This work is licensed under the terms of the GNU GPL, version 2 or later.
- * See the COPYING file in the top-level directory.
- *
- */
-
-#ifndef IOQ_H
-#define IOQ_H
-
-#include 
-#include "qemu/event_notifier.h"
-
-typedef struct {
-int fd; /* file descriptor */
-unsigned int max_reqs;  /* max length of freelist and queue */
-
-io_context_t io_ctx;/* Linux AIO context */
-EventNotifier io_notifier;  /* Linux AIO eventfd */
-
-/* Requests can complete in any order so a free list is necessary to manage
- * available iocbs.
- */
-struct iocb **freelist; /* free iocbs */
-unsigned int freelist_idx;
-
-/* Multiple requests are queued up befor

[Qemu-devel] [RFC 13/13] block: drop raw_get_aio_fd()

[Stefan Hajnoczi]

virtio-blk data plane only worked with -drive format=raw,aio=native.  It
used raw_get_aio_fd() to fetch the file descriptor from raw-posix.  This
was a layering violation and is no longer necessary now that virtio-blk
data plane uses the QEMU block layer.

Signed-off-by: Stefan Hajnoczi 
---
 block/raw-posix.c | 34 --
 include/block/block.h |  8 
 2 files changed, 42 deletions(-)

diff --git a/block/raw-posix.c b/block/raw-posix.c
index 821c19f..c4d 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -1910,40 +1910,6 @@ static BlockDriver bdrv_host_cdrom = {
 };
 #endif /* __FreeBSD__ */
 
-#ifdef CONFIG_LINUX_AIO
-/**
- * Return the file descriptor for Linux AIO
- *
- * This function is a layering violation and should be removed when it becomes
- * possible to call the block layer outside the global mutex.  It allows the
- * caller to hijack the file descriptor so I/O can be performed outside the
- * block layer.
- */
-int raw_get_aio_fd(BlockDriverState *bs)
-{
-BDRVRawState *s;
-
-if (!bs->drv) {
-return -ENOMEDIUM;
-}
-
-if (bs->drv == bdrv_find_format("raw")) {
-bs = bs->file;
-}
-
-/* raw-posix has several protocols so just check for raw_aio_readv */
-if (bs->drv->bdrv_aio_readv != raw_aio_readv) {
-return -ENOTSUP;
-}
-
-s = bs->opaque;
-if (!s->use_aio) {
-return -ENOTSUP;
-}
-return s->fd;
-}
-#endif /* CONFIG_LINUX_AIO */
-
 static void bdrv_file_init(void)
 {
 /*
diff --git a/include/block/block.h b/include/block/block.h
index 85147bb..4273458 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -364,14 +364,6 @@ void bdrv_disable_copy_on_read(BlockDriverState *bs);
 void bdrv_set_in_use(BlockDriverState *bs, int in_use);
 int bdrv_in_use(BlockDriverState *bs);
 
-#ifdef CONFIG_LINUX_AIO
-int raw_get_aio_fd(BlockDriverState *bs);
-#else
-static inline int raw_get_aio_fd(BlockDriverState *bs)
-{
-return -ENOTSUP;
-}
-#endif
 
 enum BlockAcctType {
 BDRV_ACCT_READ,
-- 
1.8.1.4

[Qemu-devel] [RFC 05/13] exec: do not use qemu/tls.h

[Stefan Hajnoczi]

From: Paolo Bonzini 

The next patch will change qemu/tls.h to support more platforms, but at
some performance cost.  Declare cpu_single_env directly instead of using
the tls.h abstractions.

Signed-off-by: Paolo Bonzini 
---
 exec.c | 10 --
 include/exec/cpu-all.h | 14 +++---
 include/qemu/tls.h | 52 --
 3 files changed, 19 insertions(+), 57 deletions(-)
 delete mode 100644 include/qemu/tls.h

diff --git a/exec.c b/exec.c
index 5b8b40d..10d97e0 100644
--- a/exec.c
+++ b/exec.c
@@ -71,9 +71,15 @@ static MemoryRegion io_mem_unassigned, io_mem_subpage_ram;
 #endif
 
 CPUArchState *first_cpu;
+
 /* current CPU in the current thread. It is only valid inside
-   cpu_exec() */
-DEFINE_TLS(CPUArchState *,cpu_single_env);
+ * cpu_exec().  See comment in include/exec/cpu-all.h.  */
+#if defined CONFIG_KVM || (defined CONFIG_USER_ONLY && defined CONFIG_USE_NPTL)
+__thread CPUArchState *cpu_single_env;
+#else
+CPUArchState *cpu_single_env;
+#endif
+
 /* 0 = Do not count executed instructions.
1 = Precise instruction counting.
2 = Adaptive rate instruction counting.  */
diff --git a/include/exec/cpu-all.h b/include/exec/cpu-all.h
index e9c3717..2202ba3 100644
--- a/include/exec/cpu-all.h
+++ b/include/exec/cpu-all.h
@@ -20,7 +20,6 @@
 #define CPU_ALL_H
 
 #include "qemu-common.h"
-#include "qemu/tls.h"
 #include "exec/cpu-common.h"
 #include "qemu/thread.h"
 
@@ -368,8 +367,17 @@ void cpu_dump_statistics(CPUArchState *env, FILE *f, 
fprintf_function cpu_fprint
 void QEMU_NORETURN cpu_abort(CPUArchState *env, const char *fmt, ...)
 GCC_FMT_ATTR(2, 3);
 extern CPUArchState *first_cpu;
-DECLARE_TLS(CPUArchState *,cpu_single_env);
-#define cpu_single_env tls_var(cpu_single_env)
+
+/* This is thread-local depending on __linux__ because:
+ *  - the only -user mode supporting multiple VCPU threads is linux-user
+ *  - TCG system mode is single-threaded regarding VCPUs
+ *  - KVM system mode is multi-threaded but limited to Linux
+ */
+#if defined CONFIG_KVM || (defined CONFIG_USER_ONLY && defined CONFIG_USE_NPTL)
+extern __thread CPUArchState *cpu_single_env;
+#else
+extern CPUArchState *cpu_single_env;
+#endif
 
 /* Flags for use in ENV->INTERRUPT_PENDING.
 
diff --git a/include/qemu/tls.h b/include/qemu/tls.h
deleted file mode 100644
index b92ea9d..000
--- a/include/qemu/tls.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Abstraction layer for defining and using TLS variables
- *
- * Copyright (c) 2011 Red Hat, Inc
- * Copyright (c) 2011 Linaro Limited
- *
- * Authors:
- *  Paolo Bonzini 
- *  Peter Maydell 
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see .
- */
-
-#ifndef QEMU_TLS_H
-#define QEMU_TLS_H
-
-/* Per-thread variables. Note that we only have implementations
- * which are really thread-local on Linux; the dummy implementations
- * define plain global variables.
- *
- * This means that for the moment use should be restricted to
- * per-VCPU variables, which are OK because:
- *  - the only -user mode supporting multiple VCPU threads is linux-user
- *  - TCG system mode is single-threaded regarding VCPUs
- *  - KVM system mode is multi-threaded but limited to Linux
- *
- * TODO: proper implementations via Win32 .tls sections and
- * POSIX pthread_getspecific.
- */
-#ifdef __linux__
-#define DECLARE_TLS(type, x) extern DEFINE_TLS(type, x)
-#define DEFINE_TLS(type, x)  __thread __typeof__(type) tls__##x
-#define tls_var(x)   tls__##x
-#else
-/* Dummy implementations which define plain global variables */
-#define DECLARE_TLS(type, x) extern DEFINE_TLS(type, x)
-#define DEFINE_TLS(type, x)  __typeof__(type) tls__##x
-#define tls_var(x)   tls__##x
-#endif
-
-#endif
-- 
1.8.1.4

[Qemu-devel] [RFC 06/13] qemu-thread: add TLS wrappers

[Stefan Hajnoczi]

From: Paolo Bonzini 

Fast TLS is not available on some platforms, but it is always nice to
use it.  This wrapper implementation falls back to pthread_get/setspecific
on POSIX systems that lack __thread, but uses the dynamic linker's TLS
support on Linux and Windows.

The user shall call alloc_foo() in every thread that needs to access the
variable---exactly once and before any access.  foo is the name of the
variable as passed to DECLARE_TLS and DEFINE_TLS.  Then, get_foo() will
return the address of the variable.  It is guaranteed to remain the same
across the lifetime of a thread, so you can cache it.

Signed-off-by: Paolo Bonzini 
---
 configure|  21 +++
 include/qemu/tls.h   | 139 +++
 tests/Makefile   |   3 +
 tests/test-tls.c |  87 +
 util/qemu-thread-win32.c |  17 ++
 5 files changed, 267 insertions(+)
 create mode 100644 include/qemu/tls.h
 create mode 100644 tests/test-tls.c

diff --git a/configure b/configure
index 1654413..c679386 100755
--- a/configure
+++ b/configure
@@ -284,6 +284,7 @@ fi
 ar="${AR-${cross_prefix}ar}"
 as="${AS-${cross_prefix}as}"
 cpp="${CPP-$cc -E}"
+nm="${NM-${cross_prefix}nm}"
 objcopy="${OBJCOPY-${cross_prefix}objcopy}"
 ld="${LD-${cross_prefix}ld}"
 libtool="${LIBTOOL-${cross_prefix}libtool}"
@@ -3157,6 +3158,22 @@ if test "$trace_backend" = "dtrace"; then
 fi
 
 ##
+# check for TLS runtime
+
+# Some versions of mingw include the "magic" definitions that make
+# TLS work, some don't.  Check for it.
+
+if test "$mingw32" = yes; then
+  cat > $TMPC << EOF
+int main(void) {}
+EOF
+  compile_prog "" ""
+  if $nm $TMPE | grep _tls_used > /dev/null 2>&1; then
+mingw32_tls_runtime=yes
+  fi
+fi
+
+##
 # check and set a backend for coroutine
 
 # We prefer ucontext, but it's not always possible. The fallback
@@ -3615,6 +3632,9 @@ if test "$mingw32" = "yes" ; then
   version_micro=0
   echo 
"CONFIG_FILEVERSION=$version_major,$version_minor,$version_subminor,$version_micro"
 >> $config_host_mak
   echo 
"CONFIG_PRODUCTVERSION=$version_major,$version_minor,$version_subminor,$version_micro"
 >> $config_host_mak
+  if test "$mingw32_tls_runtime" = yes; then
+echo "CONFIG_MINGW32_TLS_RUNTIME=y" >> $config_host_mak
+  fi
 else
   echo "CONFIG_POSIX=y" >> $config_host_mak
 fi
@@ -4040,6 +4060,7 @@ echo "OBJCC=$objcc" >> $config_host_mak
 echo "AR=$ar" >> $config_host_mak
 echo "AS=$as" >> $config_host_mak
 echo "CPP=$cpp" >> $config_host_mak
+echo "NM=$nm" >> $config_host_mak
 echo "OBJCOPY=$objcopy" >> $config_host_mak
 echo "LD=$ld" >> $config_host_mak
 echo "WINDRES=$windres" >> $config_host_mak
diff --git a/include/qemu/tls.h b/include/qemu/tls.h
new file mode 100644
index 000..7fd0632
--- /dev/null
+++ b/include/qemu/tls.h
@@ -0,0 +1,139 @@
+/*
+ * Abstraction layer for defining and using TLS variables
+ *
+ * Copyright (c) 2011, 2013 Red Hat, Inc
+ * Copyright (c) 2011 Linaro Limited
+ *
+ * Authors:
+ *  Paolo Bonzini 
+ *  Peter Maydell 
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#ifndef QEMU_TLS_H
+#define QEMU_TLS_H
+
+#if defined __linux__
+#define DECLARE_TLS(type, x) \
+extern __thread typeof(type) x;  \
+ \
+static inline typeof(type) *get_##x(void)\
+{\
+return &x;   \
+}\
+ \
+static inline typeof(type) *alloc_##x(void)  \
+{\
+return &x;   \
+}\
+ \
+extern int dummy_##__LINE__
+
+#define DEFINE_TLS(type, x)  \
+__thread typeof(type) x
+
+#elif defined CONFIG_POSIX
+typedef struct QEMUTLSValue {
+pthread_key_t k;
+pthread_once_t o;
+} QEMUTLSValue;
+
+#define DECLARE_TLS(type, x) \
+extern QEMUTLSValue x;   \
+extern void init_##x(void);  \
+ \
+static inline typeof(type) *get_##x(void)\
+{  

Re: [Qemu-devel] [PATCH v2 03/17] memory: add ref/unref calls

[Alexey Kardashevskiy]

Hi.

Ok. Back to the bug with this patch. The initial problem with this patch is
that "make check" fails.

Please help with subpages.

It turned out that tests use MALLOC_PERTURB_ which is normally off. Who
does not know - this is a way to tell glibc to fill released memory with
some value and then debug accesses to released memory. Some bright mind
made it random what confuses a lot (and btw valgrind found nothing :-/ ).
So I spend some time before figured out how to reproduce it outside of the
qtest thingy.

The tree is qemu.org/master "bd5c51e Michael Roth qemu-char: don't issue
CHR_EVENT_OPEN in a BH" + replayed patches till the one from $subj on top
of it. QEMU is configured as "configure --target-list=x86_64-softmmu".

The magic is:

export MALLOC_PERTURB_=123
nc -l -U ~/qtest-16318.sock &
nc -l -U ~/qtest-16318.qmp &
x86_64-softmmu/qemu-system-x86_64  \
-qtest unix:/home/alexey/qtest-16318.sock,nowait \
-qtest-log /dev/null \
-qmp unix:/home/alexey/qtest-16318.qmp,nowait \
-pidfile ~/qtest-16318.pid -machine accel=qtest -vnc none

Immediate crash at (the very last backtrace in this mail is that crash).

x86_cpu_apic_realize() creates a subpage for IO:


#0  aik_dbg_start (f=f@entry=0x558c4b41 "subpage_init",
l=l@entry=0x6a0, mr=mr@entry=0x56556d30)
at /home/alexey/pcipassthru/qemu-impreza/hw/i386/pc.c:1297
#1  0x55774299 in subpage_init (base=0x0, as=0x564a9260) at
/home/alexey/pcipassthru/qemu-impreza/exec.c:1696
#2  register_subpage (d=d@entry=0x56523d00,
section=section@entry=0x7fffd620)
at /home/alexey/pcipassthru/qemu-impreza/exec.c:845
#3  0x5577447d in mem_add (listener=0x56523d08,
section=)
at /home/alexey/pcipassthru/qemu-impreza/exec.c:881
#4  0x557c2d69 in address_space_update_topology_pass
(as=as@entry=0x564a9260, adding=adding@entry=0x1, old_view=...,
new_view=...) at /home/alexey/pcipassthru/qemu-impreza/memory.c:751
#5  0x557c64b8 in address_space_update_topology (as=0x564a9260)
at /home/alexey/pcipassthru/qemu-impreza/memory.c:766
#6  memory_region_transaction_commit () at
/home/alexey/pcipassthru/qemu-impreza/memory.c:790
#7  0x557c79cd in memory_region_add_subregion_common
(mr=0x56523c30, offset=offset@entry=0x7e,
subregion=subregion@entry=0x56550a28) at
/home/alexey/pcipassthru/qemu-impreza/memory.c:1518
#8  0x557c7ae8 in memory_region_add_subregion (mr=,
offset=offset@entry=0x7e,
subregion=subregion@entry=0x56550a28) at
/home/alexey/pcipassthru/qemu-impreza/memory.c:1527
#9  0x55663995 in sysbus_add_io (dev=dev@entry=0x5654e700,
addr=addr@entry=0x7e, mem=mem@entry=0x56550a28)
at /home/alexey/pcipassthru/qemu-impreza/hw/core/sysbus.c:242
#10 0x5579cfce in vapic_init (dev=0x5654e700) at
/home/alexey/pcipassthru/qemu-impreza/hw/i386/kvmvapic.c:707
#11 0x55661651 in device_realize (dev=0x5654e700,
err=0x7fffda40)
at /home/alexey/pcipassthru/qemu-impreza/hw/core/qdev.c:178
#12 0x55662cf3 in device_set_realized (obj=0x5654e700,
value=0x1, err=0x7fffdb50)
at /home/alexey/pcipassthru/qemu-impreza/hw/core/qdev.c:699
#13 0x5573358e in property_set_bool (obj=0x5654e700,
v=, opaque=0x5653c1f0, name=,
errp=0x7fffdb50) at
/home/alexey/pcipassthru/qemu-impreza/qom/object.c:1301
#14 0x55736445 in object_property_set_qobject (obj=0x5654e700,
value=, name=0x55896553 "realized",
errp=0x7fffdb50) at
/home/alexey/pcipassthru/qemu-impreza/qom/qom-qobject.c:24
#15 0x5573525e in object_property_set_bool
(obj=obj@entry=0x5654e700, value=value@entry=0x1,
name=name@entry=0x55896553 "realized", errp=errp@entry=0x7fffdb50)
at /home/alexey/pcipassthru/qemu-impreza/qom/object.c:852
#16 0x55661c3a in qdev_init (dev=dev@entry=0x5654e700) at
/home/alexey/pcipassthru/qemu-impreza/hw/core/qdev.c:163
#17 0x55661e91 in qdev_init_nofail (dev=dev@entry=0x5654e700)
at /home/alexey/pcipassthru/qemu-impreza/hw/core/qdev.c:277
#18 0x55663789 in sysbus_create_varargs
(name=name@entry=0x558c73a1 "kvmvapic", addr=addr@entry=0x)
at /home/alexey/pcipassthru/qemu-impreza/hw/core/sysbus.c:157
#19 0x557a4ead in sysbus_create_simple (irq=0x0,
addr=0x, name=0x558c73a1 "kvmvapic")
at /home/alexey/pcipassthru/qemu-impreza/include/hw/sysbus.h:75
#20 apic_init_common (dev=0x56535350) at
/home/alexey/pcipassthru/qemu-impreza/hw/intc/apic_common.c:311
#21 0x55790fb6 in icc_device_realize (dev=0x56535350,
errp=0x7fffdc80)
at /home/alexey/pcipassthru/qemu-impreza/hw/cpu/icc_bus.c:50
#22 0x55662cf3 in device_set_realized (obj=0x56535350,
value=0x1, err=0x7fffdd90)
at /home/alexey/pcipassthru/qemu-impreza/hw/core/qdev.c:699
#23 0x5573358e in property_set_bool (obj=0x56535350,
v=, opaque=0x56535610, name

Re: [Qemu-devel] [Qemu-trivial] [PATCH] cputlb: fix debug logs

[Michael Tokarev]

05.06.2013 16:16, Hervé Poussineau wrote:
> 'pd' variable has been removed in 06ef3525e1f271b6a842781a05eace5cf63b95c2.

Thanks, applied to the trivial patches queue.

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH] spapr: add yet another maintainer

[Michael Tokarev]

12.06.2013 18:27, Alexey Kardashevskiy wrote:
> Signed-off-by: Alexey Kardashevskiy 
> ---
>  MAINTAINERS |1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 13c0cc5..1e00bb1 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -430,6 +430,7 @@ F: hw/isa/pc87312.[hc]
>  sPAPR
>  M: David Gibson 
>  M: Alexander Graf 
> +M: Alexey Kardashevskiy 

Since apparently there was no objections, I'm applying this to -trivial.
However, such things, even if trivial, are better be handled via the
corresponding arch tree (in this case the ppc tree).

Thanks,

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH v2] piix: fix some printf errors when debug is enabled

[Michael Tokarev]

14.06.2013 11:11, Hu Tao wrote:
> And use PRIxxx macros if possible.

Thanks, applied to the trivial patches queue, on top of the patch
by Hervé Poussineau which I mentioned before.

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH] spapr: add yet another maintainer

[Alexander Graf]

Am 14.06.2013 um 12:20 schrieb Michael Tokarev :

> 12.06.2013 18:27, Alexey Kardashevskiy wrote:
>> Signed-off-by: Alexey Kardashevskiy 
>> ---
>> MAINTAINERS |1 +
>> 1 file changed, 1 insertion(+)
>> 
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index 13c0cc5..1e00bb1 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -430,6 +430,7 @@ F: hw/isa/pc87312.[hc]
>> sPAPR
>> M: David Gibson 
>> M: Alexander Graf 
>> +M: Alexey Kardashevskiy 
> 
> Since apparently there was no objections, I'm applying this to -trivial.
> However, such things, even if trivial, are better be handled via the
> corresponding arch tree (in this case the ppc tree).

There were objections and this has to go via the ppc tree.

Alex

> 
> Thanks,
> 
> /mjt

[Qemu-devel] commit 08521e2 breaks SLOF usb boot

[Nikunj A Dadhania]

Hi,

I have a working usb echi storage support for SLOF. I found that with
latest qemu HEAD, USB EHCI registers(HCSPARAMS) started appearing funnily
- in place of being LE it appeared BE. Bisecting it down I could get to
this zero to the following commit:


commit 08521e28c7e6e8cc1f53424a0f845f58d2ed9546
Author: Paolo Bonzini 
Date:   Fri May 24 12:54:01 2013 +0200

memory: add big endian support to access_with_adjusted_size

This will be used to split 8-byte access down to two four-byte accesses.

Reviewed-by: Richard Henderson 
Signed-off-by: Paolo Bonzini 


If I hack the above funniness in my USB EHCI driver, somewhere down the
qemu crashes at code introduced by this patch:

Program received signal SIGSEGV, Segmentation fault.
0x in ?? ()
(gdb) bt
#0 0x in ?? ()
#1 0x557a0ea4 in access_with_adjusted_size (addr=addr@entry=12, 
value=value@entry=0x7fffd5a86680, size=size@entry=1, access_size_min=, access_size_max=,
access=0x557a1f80 , 
opaque=0x567f8ab8) at /home/nikunj/work/power/code/qemu/memory.c:396
#2 0x557a5ebb in memory_region_dispatch_write (size=1, data=0, addr=12, 
mr=0x567f8ab8) at /home/nikunj/work/power/code/qemu/memory.c:998

Reverting this, I can safely boot using a usb-storage device put on ehci 
controller.

Regards
Nikunj

Re: [Qemu-devel] [Xen-devel] [PATCH] Remove hardcoded xen-platform device initialization

[Paul Durrant]

> -Original Message-
> From: qemu-devel-bounces+paul.durrant=citrix@nongnu.org
> [mailto:qemu-devel-bounces+paul.durrant=citrix@nongnu.org] On
> Behalf Of Paul Durrant
> Sent: 14 June 2013 10:01
> To: Paolo Bonzini; Ian Campbell
> Cc: xen-de...@lists.xen.org; qemu-devel@nongnu.org; Stefano Stabellini
> Subject: Re: [Qemu-devel] [Xen-devel] [PATCH] Remove hardcoded xen-
> platform device initialization
> 
> > -Original Message-
> > From: Paolo Bonzini [mailto:paolo.bonz...@gmail.com] On Behalf Of Paolo
> > Bonzini
> > Sent: 13 June 2013 19:03
> > To: Ian Campbell
> > Cc: Stefano Stabellini; Paul Durrant; qemu-devel@nongnu.org; xen-
> > de...@lists.xen.org
> > Subject: Re: [Xen-devel] [PATCH] Remove hardcoded xen-platform device
> > initialization
> >
> > Il 13/06/2013 13:44, Ian Campbell ha scritto:
> > > On Thu, 2013-06-13 at 18:33 +0100, Stefano Stabellini wrote:
> > >> On Thu, 13 Jun 2013, Paul Durrant wrote:
> > >>> The xen-platform device should be initialized by the Xen toolstack by
> > >>> passing the appropriate -device argument on the command line.
> > >>>
> > >>> Signed-off-by: Paul Durrant 
> > >>
> > >> This patch is problematic because we can't know for sure the version of
> > >> upstream QEMU that is going to be used with Xen.
> > >> If we apply this patch and QEMU 1.5 is going to be used with Xen 4.2,
> > >> guests won't be able to use PV drivers.
> > >
> > > Is the right answer a lever to disable, rather than enable, it?
> > >
> > > A workaround for the situation you envisage is to use the
> > > device_model_args config option, not ideal though.
> >
> > I think the right solution for this is to move towards using the normal
> > "-M pc" machine.  libxl can simply use "-M pc -machine accel=xen -device
> > xen-platform-pv"; older versions that use the xenfv machine will still work.
> >
> > And if you do this, you will also get the benefit of versioned machine
> > types.
> >
> 
> Thanks. I'll have a look at that.
> 

It's a little more complicated than I thought. There are two machine types, 
xenpv and xenfv (i.e. HVM), and they share the accel=xen option. Thus QEMU 
attaches to the VM in the machine code rather than the accelerator init code. 
Using -M pc is therefore not an option, unless we perhaps have separate accel 
options. Either way this doesn't address the backwards compatibility issue. I 
think QEMU is going to need to know which version of the Xen toolstack invoked 
it unless we specify a compatibility matrix.

  Paul

Re: [Qemu-devel] commit 08521e2 breaks SLOF usb boot

[Nikunj A Dadhania]

Nikunj A Dadhania  writes:
> commit 08521e28c7e6e8cc1f53424a0f845f58d2ed9546
> Author: Paolo Bonzini 
> Date:   Fri May 24 12:54:01 2013 +0200
>
> memory: add big endian support to access_with_adjusted_size
> 
> This will be used to split 8-byte access down to two four-byte accesses.
> 
> Reviewed-by: Richard Henderson 
> Signed-off-by: Paolo Bonzini 
>
>
> If I hack the above funniness in my USB EHCI driver, somewhere down the
> qemu crashes at code introduced by this patch:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x in ?? ()
> (gdb) bt
> #0 0x in ?? ()
> #1 0x557a0ea4 in access_with_adjusted_size (addr=addr@entry=12, 
> value=value@entry=0x7fffd5a86680, size=size@entry=1, 
> access_size_min=, access_size_max=,
> access=0x557a1f80 , 
> opaque=0x567f8ab8) at /home/nikunj/work/power/code/qemu/memory.c:396
> #2 0x557a5ebb in memory_region_dispatch_write (size=1, data=0, 
> addr=12, mr=0x567f8ab8) at /home/nikunj/work/power/code/qemu/memory.c:998
>
> Reverting this, I can safely boot using a usb-storage device put on ehci 
> controller.

Just reverting this patch does not help though, i will need to figure
which all commits are bad.

Regards
Nikunj

[Qemu-devel] [PULL 03/26] configure: remove ${config_host_ld} variable

[Michael Tokarev]

From: Ed Maste 

It was only used in one place (and already expanded in one other).

Signed-off-by: Ed Maste 
Signed-off-by: Michael Tokarev 
---
 configure |3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/configure b/configure
index 1654413..e197b91 100755
--- a/configure
+++ b/configure
@@ -3556,7 +3556,6 @@ echo "-> Your SDL version is too old - please upgrade to 
have SDL support"
 fi
 
 config_host_mak="config-host.mak"
-config_host_ld="config-host.ld"
 
 echo "# Automatically generated by configure - do not modify" 
>config-all-disas.mak
 
@@ -4071,7 +4070,7 @@ if test "$gcov" = "yes" ; then
 fi
 
 # generate list of library paths for linker script
-$ld --verbose -v 2> /dev/null | grep SEARCH_DIR > ${config_host_ld}
+$ld --verbose -v 2> /dev/null | grep SEARCH_DIR > config-host.ld
 
 # use included Linux headers
 if test "$linux" = "yes" ; then
-- 
1.7.10.4

[Qemu-devel] [PULL 05/26] intc/xilinx_intc: Use qemu_set_irq

[Michael Tokarev]

From: Peter Crosthwaite 

Use qemu_set_irq rather than if-elsing qemu_irq_(lower|raise). No
functional change, just reduces verbosity.

Cc: qemu-triv...@nongnu.org

Signed-off-by: Peter Crosthwaite 
Signed-off-by: Michael Tokarev 
---
 hw/intc/xilinx_intc.c |6 +-
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/hw/intc/xilinx_intc.c b/hw/intc/xilinx_intc.c
index b106e72..5df7008 100644
--- a/hw/intc/xilinx_intc.c
+++ b/hw/intc/xilinx_intc.c
@@ -66,11 +66,7 @@ static void update_irq(struct xlx_pic *p)
 i = ~0;
 
 p->regs[R_IVR] = i;
-if ((p->regs[R_MER] & 1) && p->regs[R_IPR]) {
-qemu_irq_raise(p->parent_irq);
-} else {
-qemu_irq_lower(p->parent_irq);
-}
+qemu_set_irq(p->parent_irq, (p->regs[R_MER] & 1) && p->regs[R_IPR]);
 }
 
 static uint64_t
-- 
1.7.10.4

Re: [Qemu-devel] [PULL 00/26] Trivial-patches pull request for 2013-06-14

[Michael Tokarev]

14.06.2013 14:50, Michael Tokarev wrote:
> are available in the git repository at:
> 
>   git://git.corpit.ru/qemu.git trivial-patches-next

And this is the same as

git://git.corpit.ru/qemu.git trivial-patches

 *Sigh*.

/mjt

[Qemu-devel] [PULL 19/26] KVM: S390: Add dummy kvm_arch_init_irq_routing()

[Michael Tokarev]

From: Alexey Kardashevskiy 

The common KVM code insists on calling kvm_arch_init_irq_routing()
as soon as it sees kernel header support for it (regardless of whether
QEMU supports it).  Provide a dummy function to satisfy this.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Michael Tokarev 
---
 target-s390x/kvm.c |4 
 1 file changed, 4 insertions(+)

diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c
index 862fb12..4d9ac4a 100644
--- a/target-s390x/kvm.c
+++ b/target-s390x/kvm.c
@@ -928,3 +928,7 @@ void kvm_s390_enable_css_support(S390CPU *cpu)
 r = kvm_vcpu_ioctl(CPU(cpu), KVM_ENABLE_CAP, &cap);
 assert(r == 0);
 }
+
+void kvm_arch_init_irq_routing(KVMState *s)
+{
+}
-- 
1.7.10.4

[Qemu-devel] [PULL 11/26] Unbreak -no-quit for GTK, validate SDL options

[Michael Tokarev]

From: Peter Wu 

Certain options (-no-frame, -alt-grab, -ctrl-grab) only make sense with SDL.
When compiling without SDL, these options (and -no-quit) print an error message
and exit qemu.

In case QEMU is compiled with SDL support, the three aforementioned options
still do not make sense with other display types. This patch addresses that
issue by printing a warning. I have chosen not to exit QEMU afterwards because
having the option is not harmful and before this patch it would be ignored
anyway.

By delaying the sanity check from compile-time with some ifdefs to run-time,
-no-quit is now also properly supported when compiling without SDL.

Signed-off-by: Peter Wu 
Signed-off-by: Michael Tokarev 
---
 vl.c |   15 ++-
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/vl.c b/vl.c
index 169c807..9f8fd6e 100644
--- a/vl.c
+++ b/vl.c
@@ -3524,7 +3524,6 @@ int main(int argc, char **argv, char **envp)
 case QEMU_OPTION_full_screen:
 full_screen = 1;
 break;
-#ifdef CONFIG_SDL
 case QEMU_OPTION_no_frame:
 no_frame = 1;
 break;
@@ -3537,14 +3536,11 @@ int main(int argc, char **argv, char **envp)
 case QEMU_OPTION_no_quit:
 no_quit = 1;
 break;
+#ifdef CONFIG_SDL
 case QEMU_OPTION_sdl:
 display_type = DT_SDL;
 break;
 #else
-case QEMU_OPTION_no_frame:
-case QEMU_OPTION_alt_grab:
-case QEMU_OPTION_ctrl_grab:
-case QEMU_OPTION_no_quit:
 case QEMU_OPTION_sdl:
 fprintf(stderr, "SDL support is disabled\n");
 exit(1);
@@ -4085,6 +4081,15 @@ int main(int argc, char **argv, char **envp)
 #endif
 }
 
+if ((no_frame || alt_grab || ctrl_grab) && display_type != DT_SDL) {
+fprintf(stderr, "-no-frame, -alt-grab and -ctrl-grab are only valid "
+"for SDL, ignoring option\n");
+}
+if (no_quit && (display_type != DT_GTK && display_type != DT_SDL)) {
+fprintf(stderr, "-no-quit is only valid for GTK and SDL, "
+"ignoring option\n");
+}
+
 #if defined(CONFIG_GTK)
 if (display_type == DT_GTK) {
 early_gtk_display_init();
-- 
1.7.10.4

[Qemu-devel] [PULL 12/26] Makefile: Install qemu-img and qemu-nbd man pages only if built

[Michael Tokarev]

From: Andreas Färber 

When splitting openSUSE's qemu and qemu-linux-user packages we noticed
that for linux-user-only builds unrelated man pages got installed.
It's surely possible to delete them before packaging, but not installing
them in the first place seems more logical.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Andreas Färber 
Signed-off-by: Michael Tokarev 
---
 Makefile |5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 306e7bd..3cfa7d0 100644
--- a/Makefile
+++ b/Makefile
@@ -306,10 +306,13 @@ install-doc: $(DOCS)
$(INSTALL_DATA) QMP/qmp-commands.txt "$(DESTDIR)$(qemu_docdir)"
 ifdef CONFIG_POSIX
$(INSTALL_DIR) "$(DESTDIR)$(mandir)/man1"
-   $(INSTALL_DATA) qemu.1 qemu-img.1 "$(DESTDIR)$(mandir)/man1"
+   $(INSTALL_DATA) qemu.1 "$(DESTDIR)$(mandir)/man1"
+ifneq ($(TOOLS),)
+   $(INSTALL_DATA) qemu-img.1 "$(DESTDIR)$(mandir)/man1"
$(INSTALL_DIR) "$(DESTDIR)$(mandir)/man8"
$(INSTALL_DATA) qemu-nbd.8 "$(DESTDIR)$(mandir)/man8"
 endif
+endif
 ifdef CONFIG_VIRTFS
$(INSTALL_DIR) "$(DESTDIR)$(mandir)/man1"
$(INSTALL_DATA) fsdev/virtfs-proxy-helper.1 "$(DESTDIR)$(mandir)/man1"
-- 
1.7.10.4

[Qemu-devel] [PULL 06/26] curl: Whitespace only changes.

[Michael Tokarev]

From: "Richard W.M. Jones" 

Trivial patch to remove odd whitespace.

Signed-off-by: Richard W.M. Jones 
Signed-off-by: Michael Tokarev 
---
 block/curl.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/curl.c b/block/curl.c
index b8935fd..4dc3b4b 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -462,8 +462,8 @@ static int curl_open(BlockDriverState *bs, QDict *options, 
int flags)
 // initialize the multi interface!
 
 s->multi = curl_multi_init();
-curl_multi_setopt( s->multi, CURLMOPT_SOCKETDATA, s); 
-curl_multi_setopt( s->multi, CURLMOPT_SOCKETFUNCTION, curl_sock_cb ); 
+curl_multi_setopt(s->multi, CURLMOPT_SOCKETDATA, s);
+curl_multi_setopt(s->multi, CURLMOPT_SOCKETFUNCTION, curl_sock_cb);
 curl_multi_do(s);
 
 qemu_opts_del(opts);
-- 
1.7.10.4

[Qemu-devel] [PULL 10/26] gtk: implement -full-screen

[Michael Tokarev]

From: Peter Wu 

Aiming for GTK as replacement for SDL, a feature like -full-screen should also
be implemented.

Bringing the window into full-screen mode is done by activating the "Fullscreen"
menu item. This is done after showing the windows to make the cursor and menu
hidden.

v2: drop -no-frame implementation, use booleans instead of ints and ensure
consistency between ui state and menu.

Signed-off-by: Peter Wu 
Reviewed-by: Anthony Liguori 
Signed-off-by: Michael Tokarev 
---
 include/ui/console.h |2 +-
 ui/gtk.c |6 +-
 vl.c |2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/include/ui/console.h b/include/ui/console.h
index 4307b5f..f1d79f9 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -339,6 +339,6 @@ int index_from_keycode(int code);
 
 /* gtk.c */
 void early_gtk_display_init(void);
-void gtk_display_init(DisplayState *ds);
+void gtk_display_init(DisplayState *ds, bool full_screen);
 
 #endif
diff --git a/ui/gtk.c b/ui/gtk.c
index 63f6081..e314dba 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1435,7 +1435,7 @@ static const DisplayChangeListenerOps dcl_ops = {
 .dpy_cursor_define = gd_cursor_define,
 };
 
-void gtk_display_init(DisplayState *ds)
+void gtk_display_init(DisplayState *ds, bool full_screen)
 {
 GtkDisplayState *s = g_malloc0(sizeof(*s));
 char *filename;
@@ -1511,6 +1511,10 @@ void gtk_display_init(DisplayState *ds)
 
 gtk_widget_show_all(s->window);
 
+if (full_screen) {
+gtk_menu_item_activate(GTK_MENU_ITEM(s->full_screen_item));
+}
+
 register_displaychangelistener(&s->dcl);
 
 global_state = s;
diff --git a/vl.c b/vl.c
index 180fdde..169c807 100644
--- a/vl.c
+++ b/vl.c
@@ -4348,7 +4348,7 @@ int main(int argc, char **argv, char **envp)
 #endif
 #if defined(CONFIG_GTK)
 case DT_GTK:
-gtk_display_init(ds);
+gtk_display_init(ds, full_screen);
 break;
 #endif
 default:
-- 
1.7.10.4

[Qemu-devel] [PULL 25/26] cputlb: fix debug logs

[Michael Tokarev]

From: Hervé Poussineau 

'pd' variable has been removed in 06ef3525e1f271b6a842781a05eace5cf63b95c2.

Signed-off-by: Hervé Poussineau 
Signed-off-by: Michael Tokarev 
---
 cputlb.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cputlb.c b/cputlb.c
index 8c8..1230e9e 100644
--- a/cputlb.c
+++ b/cputlb.c
@@ -262,8 +262,8 @@ void tlb_set_page(CPUArchState *env, target_ulong vaddr,
 
 #if defined(DEBUG_TLB)
 printf("tlb_set_page: vaddr=" TARGET_FMT_lx " paddr=0x" TARGET_FMT_plx
-   " prot=%x idx=%d pd=0x%08lx\n",
-   vaddr, paddr, prot, mmu_idx, pd);
+   " prot=%x idx=%d\n",
+   vaddr, paddr, prot, mmu_idx);
 #endif
 
 address = vaddr;
-- 
1.7.10.4

[Qemu-devel] [PULL 14/26] hw/scsi: Don't increment a boolean value

[Michael Tokarev]

From: Stefan Weil 

This fixes a warning from cppcheck.

Signed-off-by: Stefan Weil 
Signed-off-by: Michael Tokarev 
---
 hw/scsi/vmw_pvscsi.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 48d12f4..446f723 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -389,7 +389,7 @@ pvscsi_process_completion_queue(void *opaque)
 QTAILQ_REMOVE(&s->completion_queue, pvscsi_req, next);
 pvscsi_cmp_ring_put(s, &pvscsi_req->cmp);
 g_free(pvscsi_req);
-has_completed++;
+has_completed = true;
 }
 
 if (has_completed) {
-- 
1.7.10.4

[Qemu-devel] [PULL 23/26] main-loop: do not include slirp/slirp.h, use libslirp.h instead

[Michael Tokarev]

The header slirp/slirp.h is an internal header for slirp, and
main-loop.c does not use internals from there.  Instead, it uses
public functions (slirp_update_timeout(), slirp_pollfds_fill()
etc) which are declared in slirp/libslirp.h.

Including slirp/slirp.h is somewhat dangerous since it redefines
errno on WIN32, so any file including it may misbehave wrt errno.

Unfortunately libslirp isn't self-contained, it needs declaration
of struct in_addr, which is provided by qemu/sockets.h.  Maybe
instead of #including qemu/sockets.h before libslirp.h, it is
better to make the latter self-contained.

Signed-off-by: Michael Tokarev 
Reviewed-by: Paolo Bonzini 
---
 main-loop.c |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/main-loop.c b/main-loop.c
index cf36645..a44fff6 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -24,7 +24,8 @@
 
 #include "qemu-common.h"
 #include "qemu/timer.h"
-#include "slirp/slirp.h"
+#include "qemu/sockets.h"  // struct in_addr needed for libslirp.h
+#include "slirp/libslirp.h"
 #include "qemu/main-loop.h"
 #include "block/aio.h"
 
-- 
1.7.10.4

[Qemu-devel] [PULL 17/26] ivshmem: add missing error exit(2)

[Michael Tokarev]

From: Stefan Hajnoczi 

If the user fails to specify 'chardev' or 'shm' then we cannot continue.
Exit right away so that we don't invoke shm_open(3) with a NULL pointer.

It would be nice to replace exit(1) with error returns in the PCI device
.init() function, but leave that for another patch since exit(1) is
currently used elsewhere.

Spotted by Coverity.

Cc: Cam Macdonell 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Stefan Hajnoczi 
Reviewed-by: Eric Blake 
Signed-off-by: Michael Tokarev 
---
 hw/misc/ivshmem.c |1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index a19a6d6..5658f73 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -735,6 +735,7 @@ static int pci_ivshmem_init(PCIDevice *dev)
 
 if (s->shmobj == NULL) {
 fprintf(stderr, "Must specify 'chardev' or 'shm' to ivshmem\n");
+exit(1);
 }
 
 IVSHMEM_DPRINTF("using shm_open (shm object = %s)\n", s->shmobj);
-- 
1.7.10.4

[Qemu-devel] [PULL 07/26] char/serial: cosmetic fixes.

[Michael Tokarev]

From: Peter Crosthwaite 

Some cosmetic fixes to char/serial fixing some checkpatch errors.

Cc: qemu-triv...@nongnu.org

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Andreas Färber 
Signed-off-by: Michael Tokarev 
---
 hw/char/serial.c |   30 +++---
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index 66b6348..bd6813e 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -263,8 +263,9 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition 
cond, void *opaque)
 if (s->tsr_retry <= 0) {
 if (s->fcr & UART_FCR_FE) {
 s->tsr = fifo_get(s,XMIT_FIFO);
-if (!s->xmit_fifo.count)
+if (!s->xmit_fifo.count) {
 s->lsr |= UART_LSR_THRE;
+}
 } else if ((s->lsr & UART_LSR_THRE)) {
 return FALSE;
 } else {
@@ -461,10 +462,11 @@ static uint64_t serial_ioport_read(void *opaque, hwaddr 
addr, unsigned size)
 } else {
 if(s->fcr & UART_FCR_FE) {
 ret = fifo_get(s,RECV_FIFO);
-if (s->recv_fifo.count == 0)
+if (s->recv_fifo.count == 0) {
 s->lsr &= ~(UART_LSR_DR | UART_LSR_BI);
-else
+} else {
 qemu_mod_timer(s->fifo_timeout_timer, qemu_get_clock_ns 
(vm_clock) + s->char_transmit_time * 4);
+}
 s->timeout_ipending = 0;
 } else {
 ret = s->rbr;
@@ -534,15 +536,21 @@ static uint64_t serial_ioport_read(void *opaque, hwaddr 
addr, unsigned size)
 static int serial_can_receive(SerialState *s)
 {
 if(s->fcr & UART_FCR_FE) {
-if(s->recv_fifo.count < UART_FIFO_LENGTH)
-/* Advertise (fifo.itl - fifo.count) bytes when count < ITL, and 1 if 
above. If UART_FIFO_LENGTH - fifo.count is
-advertised the effect will be to almost always fill the fifo 
completely before the guest has a chance to respond,
-effectively overriding the ITL that the guest has set. */
- return (s->recv_fifo.count <= s->recv_fifo.itl) ? 
s->recv_fifo.itl - s->recv_fifo.count : 1;
-else
- return 0;
+if (s->recv_fifo.count < UART_FIFO_LENGTH) {
+/*
+ * Advertise (fifo.itl - fifo.count) bytes when count < ITL, and 1
+ * if above. If UART_FIFO_LENGTH - fifo.count is advertised the
+ * effect will be to almost always fill the fifo completely before
+ * the guest has a chance to respond, effectively overriding the 
ITL
+ * that the guest has set.
+ */
+return (s->recv_fifo.count <= s->recv_fifo.itl) ?
+s->recv_fifo.itl - s->recv_fifo.count : 1;
+} else {
+return 0;
+}
 } else {
-return !(s->lsr & UART_LSR_DR);
+return !(s->lsr & UART_LSR_DR);
 }
 }
 
-- 
1.7.10.4

[Qemu-devel] [PULL 15/26] target-sparc: Replace free by g_free

[Michael Tokarev]

From: Stefan Weil 

The wrong function was reported by cppcheck.

Signed-off-by: Stefan Weil 
Reviewed-by: Andreas Färber 
Signed-off-by: Michael Tokarev 
---
 target-sparc/cpu.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-sparc/cpu.c b/target-sparc/cpu.c
index 290b580..13bb7bb 100644
--- a/target-sparc/cpu.c
+++ b/target-sparc/cpu.c
@@ -614,7 +614,7 @@ static int cpu_sparc_find_by_name(sparc_def_t *cpu_def, 
const char *cpu_model)
 return 0;
 
  error:
-free(s);
+g_free(s);
 return -1;
 }
 
-- 
1.7.10.4

[Qemu-devel] [PULL 09/26] char/serial: serial_ioport_write: Factor out common code

[Michael Tokarev]

From: Peter Crosthwaite 

These three lines are common to both FIFO and regular mode. Just factor
them out to outside the if rather than replicate the same lines inside
both if and else.

Cc: qemu-triv...@nongnu.org

Signed-off-by: Peter Crosthwaite 
Reviewed-by: Andreas Färber 
Signed-off-by: Michael Tokarev 
---
 hw/char/serial.c |   10 +++---
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index 0a2b6c9..017610e 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -285,15 +285,11 @@ static void serial_ioport_write(void *opaque, hwaddr 
addr, uint64_t val,
 fifo8_pop(&s->xmit_fifo);
 }
 fifo8_push(&s->xmit_fifo, s->thr);
-s->thr_ipending = 0;
 s->lsr &= ~UART_LSR_TEMT;
-s->lsr &= ~UART_LSR_THRE;
-serial_update_irq(s);
-} else {
-s->thr_ipending = 0;
-s->lsr &= ~UART_LSR_THRE;
-serial_update_irq(s);
 }
+s->thr_ipending = 0;
+s->lsr &= ~UART_LSR_THRE;
+serial_update_irq(s);
 serial_xmit(NULL, G_IO_OUT, s);
 }
 break;
-- 
1.7.10.4

[Qemu-devel] [PULL 26/26] piix: fix some printf errors when debug is enabled

[Michael Tokarev]

From: Hu Tao 

And use PRIxxx macros if possible.

Signed-off-by: Hu Tao 
Signed-off-by: Michael Tokarev 
---
 hw/acpi/piix4.c |   12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index e6525ac..756df3b 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -518,7 +518,7 @@ static uint64_t gpe_readb(void *opaque, hwaddr addr, 
unsigned width)
 PIIX4PMState *s = opaque;
 uint32_t val = acpi_gpe_ioport_readb(&s->ar, addr);
 
-PIIX4_DPRINTF("gpe read %x == %x\n", addr, val);
+PIIX4_DPRINTF("gpe read %" HWADDR_PRIx " == %" PRIu32 "\n", addr, val);
 return val;
 }
 
@@ -530,7 +530,7 @@ static void gpe_writeb(void *opaque, hwaddr addr, uint64_t 
val,
 acpi_gpe_ioport_writeb(&s->ar, addr, val);
 pm_update_sci(s);
 
-PIIX4_DPRINTF("gpe write %x <== %d\n", addr, val);
+PIIX4_DPRINTF("gpe write %" HWADDR_PRIx " <== %" PRIu64 "\n", addr, val);
 }
 
 static const MemoryRegionOps piix4_gpe_ops = {
@@ -553,15 +553,15 @@ static uint64_t pci_read(void *opaque, hwaddr addr, 
unsigned int size)
 /* Manufacture an "up" value to cause a device check on any hotplug
  * slot with a device.  Extra device checks are harmless. */
 val = s->pci0_slot_device_present & s->pci0_hotplug_enable;
-PIIX4_DPRINTF("pci_up_read %x\n", val);
+PIIX4_DPRINTF("pci_up_read %" PRIu32 "\n", val);
 break;
 case PCI_DOWN_BASE - PCI_HOTPLUG_ADDR:
 val = s->pci0_status.down;
-PIIX4_DPRINTF("pci_down_read %x\n", val);
+PIIX4_DPRINTF("pci_down_read %" PRIu32 "\n", val);
 break;
 case PCI_EJ_BASE - PCI_HOTPLUG_ADDR:
 /* No feature defined yet */
-PIIX4_DPRINTF("pci_features_read %x\n", val);
+PIIX4_DPRINTF("pci_features_read %" PRIu32 "\n", val);
 break;
 case PCI_RMV_BASE - PCI_HOTPLUG_ADDR:
 val = s->pci0_hotplug_enable;
@@ -579,7 +579,7 @@ static void pci_write(void *opaque, hwaddr addr, uint64_t 
data,
 switch (addr) {
 case PCI_EJ_BASE - PCI_HOTPLUG_ADDR:
 acpi_piix_eject_slot(opaque, (uint32_t)data);
-PIIX4_DPRINTF("pciej write %" HWADDR_PRIx " <== % " PRIu64 "\n",
+PIIX4_DPRINTF("pciej write %" HWADDR_PRIx " <== %" PRIu64 "\n",
   addr, data);
 break;
 default:
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH v3 01/17] block: stop relying on io_flush() in bdrv_drain_all()

[Stefan Hajnoczi]

On Thu, Jun 13, 2013 at 10:33:58AM -0400, Paolo Bonzini wrote:
> Il 10/06/2013 10:38, Stefan Hajnoczi ha scritto:
> > On Mon, Jun 10, 2013 at 02:25:57PM +0200, Stefan Hajnoczi wrote:
> >> @@ -1427,26 +1456,18 @@ void bdrv_close_all(void)
> >>  void bdrv_drain_all(void)
> >>  {
> >>  BlockDriverState *bs;
> >> -bool busy;
> >> -
> >> -do {
> >> -busy = qemu_aio_wait();
> >>  
> >> +while (bdrv_requests_pending_all()) {
> >>  /* FIXME: We do not have timer support here, so this is 
> >> effectively
> >>   * a busy wait.
> >>   */
> >>  QTAILQ_FOREACH(bs, &bdrv_states, list) {
> >>  if (!qemu_co_queue_empty(&bs->throttled_reqs)) {
> >>  qemu_co_queue_restart_all(&bs->throttled_reqs);
> >> -busy = true;
> >>  }
> >>  }
> >> -} while (busy);
> >>  
> >> -/* If requests are still pending there is a bug somewhere */
> >> -QTAILQ_FOREACH(bs, &bdrv_states, list) {
> >> -assert(QLIST_EMPTY(&bs->tracked_requests));
> >> -assert(qemu_co_queue_empty(&bs->throttled_reqs));
> >> +qemu_aio_wait();
> >>  }
> >>  }
> > 
> > tests/ide-test found an issue here: block.c invokes callbacks from a BH
> > so we may not yet have completed the request when this loop terminates.
> > 
> > Kevin: can you fold in this patch?
> > 
> > diff --git a/block.c b/block.c
> > index 31f7231..e176215 100644
> > --- a/block.c
> > +++ b/block.c
> > @@ -1469,6 +1469,9 @@ void bdrv_drain_all(void)
> >  
> >  qemu_aio_wait();
> >  }
> > +
> > +/* Process pending completion BHs */
> > +aio_poll(qemu_get_aio_context(), false);
> >  }
> 
> aio_poll could require multiple iterations, this is why the old code was
> starting with "busy = qemu_aio_wait()".  You can add a while loop around
> the new call, or do something more similar to the old code, along the
> lines of "do { QTAILQ_FOREACH(...) ...; busy =
> bdrv_request_pending_all(); busy |= aio_poll(qemu_get_aio_context(),
> busy); } while(busy);".

Good idea, the trick is to use busy as the blocking flag.

I will resend with the fix to avoid making this email thread too messy.

Stefan

[Qemu-devel] [PULL 22/26] libcacard/vscclient: fix leakage of socket on error paths

[Michael Tokarev]

From: Alon Levy 

Spotted by Coverity.

Signed-off-by: Alon Levy 
Reviewed-by: Peter Maydell 
Signed-off-by: Michael Tokarev 
---
 libcacard/vscclient.c |9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libcacard/vscclient.c b/libcacard/vscclient.c
index ac23647..5180d29 100644
--- a/libcacard/vscclient.c
+++ b/libcacard/vscclient.c
@@ -618,18 +618,22 @@ connect_to_qemu(
 if (ret != 0) {
 /* Error */
 fprintf(stderr, "getaddrinfo failed\n");
-return -1;
+goto cleanup_socket;
 }
 
 if (connect(sock, server->ai_addr, server->ai_addrlen) < 0) {
 /* Error */
 fprintf(stderr, "Could not connect\n");
-return -1;
+goto cleanup_socket;
 }
 if (verbose) {
 printf("Connected (sizeof Header=%zd)!\n", sizeof(VSCMsgHeader));
 }
 return sock;
+
+cleanup_socket:
+closesocket(sock);
+return -1;
 }
 
 int
@@ -759,5 +763,6 @@ main(
 g_io_channel_unref(channel_socket);
 g_byte_array_unref(socket_to_send);
 
+closesocket(sock);
 return 0;
 }
-- 
1.7.10.4

[Qemu-devel] [PULL 20/26] KVM: PPC: Add dummy kvm_arch_init_irq_routing()

[Michael Tokarev]

From: Scott Wood 

The common KVM code insists on calling kvm_arch_init_irq_routing()
as soon as it sees kernel header support for it (regardless of whether
QEMU supports it).  Provide a dummy function to satisfy this.

Unlike x86, PPC does not have one default irqchip, so there's no common
code that we'd stick here.  Even if you ignore the routes themselves,
which even on x86 are not set up in this function, the initial XICS
kernel implementation will not support IRQ routing, so it's best to
leave even the general feature flags up to the specific irqchip code.

Signed-off-by: Scott Wood 
Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Michael Tokarev 
---
 target-ppc/kvm.c |4 
 1 file changed, 4 insertions(+)

diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 3ab2946..2bbc3b8 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -1797,3 +1797,7 @@ int kvm_arch_on_sigbus(int code, void *addr)
 {
 return 1;
 }
+
+void kvm_arch_init_irq_routing(KVMState *s)
+{
+}
-- 
1.7.10.4

[Qemu-devel] [PULL 08/26] char/serial: Use generic Fifo8

[Michael Tokarev]

From: Peter Crosthwaite 

Use the generic Fifo8 helper provided by QEMU, rather than re-implement
privately.

Signed-off-by: Peter Crosthwaite 
Signed-off-by: Michael Tokarev 
---
 hw/char/serial.c |   98 --
 include/hw/char/serial.h |   15 +++
 2 files changed, 39 insertions(+), 74 deletions(-)

diff --git a/hw/char/serial.c b/hw/char/serial.c
index bd6813e..0a2b6c9 100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -92,8 +92,6 @@
 #define UART_FCR_RFR0x02/* RCVR Fifo Reset */
 #define UART_FCR_FE 0x01/* FIFO Enable */
 
-#define XMIT_FIFO   0
-#define RECV_FIFO   1
 #define MAX_XMIT_RETRY  4
 
 #ifdef DEBUG_SERIAL
@@ -106,50 +104,14 @@ do {} while (0)
 
 static void serial_receive1(void *opaque, const uint8_t *buf, int size);
 
-static void fifo_clear(SerialState *s, int fifo)
+static inline void recv_fifo_put(SerialState *s, uint8_t chr)
 {
-SerialFIFO *f = (fifo) ? &s->recv_fifo : &s->xmit_fifo;
-memset(f->data, 0, UART_FIFO_LENGTH);
-f->count = 0;
-f->head = 0;
-f->tail = 0;
-}
-
-static int fifo_put(SerialState *s, int fifo, uint8_t chr)
-{
-SerialFIFO *f = (fifo) ? &s->recv_fifo : &s->xmit_fifo;
-
 /* Receive overruns do not overwrite FIFO contents. */
-if (fifo == XMIT_FIFO || f->count < UART_FIFO_LENGTH) {
-
-f->data[f->head++] = chr;
-
-if (f->head == UART_FIFO_LENGTH)
-f->head = 0;
-}
-
-if (f->count < UART_FIFO_LENGTH)
-f->count++;
-else if (fifo == RECV_FIFO)
+if (!fifo8_is_full(&s->recv_fifo)) {
+fifo8_push(&s->recv_fifo, chr);
+} else {
 s->lsr |= UART_LSR_OE;
-
-return 1;
-}
-
-static uint8_t fifo_get(SerialState *s, int fifo)
-{
-SerialFIFO *f = (fifo) ? &s->recv_fifo : &s->xmit_fifo;
-uint8_t c;
-
-if(f->count == 0)
-return 0;
-
-c = f->data[f->tail++];
-if (f->tail == UART_FIFO_LENGTH)
-f->tail = 0;
-f->count--;
-
-return c;
+}
 }
 
 static void serial_update_irq(SerialState *s)
@@ -165,7 +127,7 @@ static void serial_update_irq(SerialState *s)
 tmp_iir = UART_IIR_CTI;
 } else if ((s->ier & UART_IER_RDI) && (s->lsr & UART_LSR_DR) &&
(!(s->fcr & UART_FCR_FE) ||
-s->recv_fifo.count >= s->recv_fifo.itl)) {
+s->recv_fifo.num >= s->recv_fifo_itl)) {
 tmp_iir = UART_IIR_RDI;
 } else if ((s->ier & UART_IER_THRI) && s->thr_ipending) {
 tmp_iir = UART_IIR_THRI;
@@ -262,8 +224,9 @@ static gboolean serial_xmit(GIOChannel *chan, GIOCondition 
cond, void *opaque)
 
 if (s->tsr_retry <= 0) {
 if (s->fcr & UART_FCR_FE) {
-s->tsr = fifo_get(s,XMIT_FIFO);
-if (!s->xmit_fifo.count) {
+s->tsr = fifo8_is_full(&s->xmit_fifo) ?
+0 : fifo8_pop(&s->xmit_fifo);
+if (!s->xmit_fifo.num) {
 s->lsr |= UART_LSR_THRE;
 }
 } else if ((s->lsr & UART_LSR_THRE)) {
@@ -317,7 +280,11 @@ static void serial_ioport_write(void *opaque, hwaddr addr, 
uint64_t val,
 } else {
 s->thr = (uint8_t) val;
 if(s->fcr & UART_FCR_FE) {
-fifo_put(s, XMIT_FIFO, s->thr);
+/* xmit overruns overwrite data, so make space if needed */
+if (fifo8_is_full(&s->xmit_fifo)) {
+fifo8_pop(&s->xmit_fifo);
+}
+fifo8_push(&s->xmit_fifo, s->thr);
 s->thr_ipending = 0;
 s->lsr &= ~UART_LSR_TEMT;
 s->lsr &= ~UART_LSR_THRE;
@@ -368,28 +335,28 @@ static void serial_ioport_write(void *opaque, hwaddr 
addr, uint64_t val,
 if (val & UART_FCR_RFR) {
 qemu_del_timer(s->fifo_timeout_timer);
 s->timeout_ipending=0;
-fifo_clear(s,RECV_FIFO);
+fifo8_reset(&s->recv_fifo);
 }
 
 if (val & UART_FCR_XFR) {
-fifo_clear(s,XMIT_FIFO);
+fifo8_reset(&s->xmit_fifo);
 }
 
 if (val & UART_FCR_FE) {
 s->iir |= UART_IIR_FE;
-/* Set RECV_FIFO trigger Level */
+/* Set recv_fifo trigger Level */
 switch (val & 0xC0) {
 case UART_FCR_ITL_1:
-s->recv_fifo.itl = 1;
+s->recv_fifo_itl = 1;
 break;
 case UART_FCR_ITL_2:
-s->recv_fifo.itl = 4;
+s->recv_fifo_itl = 4;
 break;
 case UART_FCR_ITL_3:
-s->recv_fifo.itl = 8;
+s->recv_fifo_itl = 8;
 break;
 case UART_FCR_ITL_4:
-s->recv_fifo.itl = 14;
+s->recv_fifo_itl = 14;
 break;
 }
 } else
@@ -461,8 +428,9 @@ static uint64_t serial_ioport_read(void *opaque, hwaddr 
addr, unsigned size)
 ret = s-

[Qemu-devel] [PULL 18/26] KVM: ARM: Add dummy kvm_arch_init_irq_routing()

[Michael Tokarev]

From: Alexey Kardashevskiy 

The common KVM code insists on calling kvm_arch_init_irq_routing()
as soon as it sees kernel header support for it (regardless of whether
QEMU supports it).  Provide a dummy function to satisfy this.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Michael Tokarev 
---
 target-arm/kvm.c |4 
 1 file changed, 4 insertions(+)

diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index b7bdc03..27dcab9 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -491,3 +491,7 @@ void kvm_arch_remove_all_hw_breakpoints(void)
 {
 qemu_log_mask(LOG_UNIMP, "%s: not implemented\n", __func__);
 }
+
+void kvm_arch_init_irq_routing(KVMState *s)
+{
+}
-- 
1.7.10.4

Re: [Qemu-devel] RFC: Full introspection support for QMP (with draft patch)

[Eric Blake]

On 06/14/2013 10:52 AM, Amos Kong wrote:
> On Fri, Jun 07, 2013 at 06:17:26PM +0800, Amos Kong wrote:
>> On Fri, Jun 07, 2013 at 06:12:30PM +0800, Amos Kong wrote:
>>> Sent out a draft patch in the end of this week. It doesn't support:
>>> * output all stuffs in one shot.
>>> * introspect event
>>> * provide metadata date
>>>
>>> How can we define a dynamic dict in qmp-schema.json ?
>>>
>>> Currently I just output the raw json dict by a string, Libvirt needs
>>> parse two times, convert the string to json format.
>>>
>>> qmp-schema.h: auto generated head file by qapi script
>>>
>>> Attached some examples.
> 
> 
> Hello all,
> 
> I defined a new type 'SchemaData', it contains 4 keys (type, name, data, 
> returns)
> 
> | { 'type': 'SchemaData',
> |   'data': { 'type': 'str', 'name': 'str', '*data': 'str', '*returns': 'str' 
> } }

It seems like 'type' should be an enum rather than an open-coded 'str'.

Returning 'data' and 'returns' as an open-coded 'str' is not nice - it
requires the client to do further parsing.  I was serious when I
suggested adding additional layers of formalized structure to the
result.  My suggestion was something like:

{ 'type': 'SchemaDataMember', 'data': {
'option': 'str', 'type': 'str', '*optional': 'bool' } }
{ 'enum': 'SchemaMetatype', 'data': [ 'command', 'type', 'event' ] }
{ 'type': 'SchemaData', 'data': {
'name': 'str',
'metatype': 'SchemaMetatype',
'*returns': 'str',
'*data': [ 'SchemaDataMember' ] } }

> | 
> | { 'command': 'query-qmp-schema', 'data': { '*type': 'str', '*name': 'str' },
> |   'returns': ['SchemaData'] }


I'm still not sure whether optional filtering will be used by libvirt,
or if it adds any complexity on your end (I'm not opposed to it, but I
know that there hasn't been universal agreement on filtering queries yet).

Again, it seems like 'type' should be an enum.  Something like:

{ 'command': 'query-qmp-schema',
  'data': { '*type': 'SchemaMetatype', '*name': 'str' },
  'returns': ['SchemaData'] }

> 
> Then we can provice meaningful result to Libvirt. Currently I set a string
> for SchemaData['data'].
> 
> 
> I tried to define a dynamical dict for 'data', but it's failed. 
> 
> | { 'type': 'SchemaData',
> |   'data': { 'type': 'str', 'name': 'str', '*data': '**', '*returns': 'str' 
> } }  (Failed!!)
> 
> 
> Does qapi support to define a dynamical dict, then I can convert dict string
> and set to SchemaData['data'] ?

Rather, you want to take an arbitrary dict, and turn it into an array
describing each key of the dict.  That is, given the .json file containing:

{ 'command': 'add_client',
  'data': { 'protocol': 'str', 'fdname': 'str', '*skipauth': 'bool',
'*tls': 'bool' } }

you would create an array of four members, describing each of the four
dict members, resulting in this exchange:

=> { "execute": "query-qmp-schema",
 "arguments": { "name": "add_client" } }
<= { "return": [
 { "name": "add_client",
   "type": "command",
   "data": [
 { "name": "protocol",
   "type": "str" },
 { "name": "fdname",
   "type": "str" },
 { "name": "skipauth",
   "type": "bool",
   "optional": true },
 { "name": "tls",
   "type": "bool",
   "optional": true }
   ] } ] }

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 21/26] linux-headers: Update to v3.10-rc5

[Michael Tokarev]

From: Alexey Kardashevskiy 

This adds symbols required for PPC64 pseries platform features:
1. sPAPR live migration;
2. in-kernel XICS interrupt controller.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Michael Tokarev 
---
 linux-headers/asm-arm/kvm.h   |   12 ++--
 linux-headers/asm-mips/kvm.h  |  138 +
 linux-headers/asm-mips/kvm_para.h |1 +
 linux-headers/asm-powerpc/kvm.h   |   89 
 linux-headers/asm-x86/kvm.h   |1 -
 linux-headers/linux/kvm.h |   42 +--
 linux-headers/linux/vfio.h|1 +
 linux-headers/linux/vhost.h   |   28 
 8 files changed, 299 insertions(+), 13 deletions(-)
 create mode 100644 linux-headers/asm-mips/kvm.h
 create mode 100644 linux-headers/asm-mips/kvm_para.h

diff --git a/linux-headers/asm-arm/kvm.h b/linux-headers/asm-arm/kvm.h
index 023bfeb..c1ee007 100644
--- a/linux-headers/asm-arm/kvm.h
+++ b/linux-headers/asm-arm/kvm.h
@@ -53,12 +53,12 @@
 #define KVM_ARM_FIQ_spsr   fiq_regs[7]
 
 struct kvm_regs {
-   struct pt_regs usr_regs;/* R0_usr - R14_usr, PC, CPSR */
-   __u32 svc_regs[3];  /* SP_svc, LR_svc, SPSR_svc */
-   __u32 abt_regs[3];  /* SP_abt, LR_abt, SPSR_abt */
-   __u32 und_regs[3];  /* SP_und, LR_und, SPSR_und */
-   __u32 irq_regs[3];  /* SP_irq, LR_irq, SPSR_irq */
-   __u32 fiq_regs[8];  /* R8_fiq - R14_fiq, SPSR_fiq */
+   struct pt_regs usr_regs;/* R0_usr - R14_usr, PC, CPSR */
+   unsigned long svc_regs[3];  /* SP_svc, LR_svc, SPSR_svc */
+   unsigned long abt_regs[3];  /* SP_abt, LR_abt, SPSR_abt */
+   unsigned long und_regs[3];  /* SP_und, LR_und, SPSR_und */
+   unsigned long irq_regs[3];  /* SP_irq, LR_irq, SPSR_irq */
+   unsigned long fiq_regs[8];  /* R8_fiq - R14_fiq, SPSR_fiq */
 };
 
 /* Supported Processor Types */
diff --git a/linux-headers/asm-mips/kvm.h b/linux-headers/asm-mips/kvm.h
new file mode 100644
index 000..3f424f5
--- /dev/null
+++ b/linux-headers/asm-mips/kvm.h
@@ -0,0 +1,138 @@
+/*
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License.  See the file "COPYING" in the main directory of this archive
+ * for more details.
+ *
+ * Copyright (C) 2012  MIPS Technologies, Inc.  All rights reserved.
+ * Copyright (C) 2013 Cavium, Inc.
+ * Authors: Sanjay Lal 
+ */
+
+#ifndef __LINUX_KVM_MIPS_H
+#define __LINUX_KVM_MIPS_H
+
+#include 
+
+/*
+ * KVM MIPS specific structures and definitions.
+ *
+ * Some parts derived from the x86 version of this file.
+ */
+
+/*
+ * for KVM_GET_REGS and KVM_SET_REGS
+ *
+ * If Config[AT] is zero (32-bit CPU), the register contents are
+ * stored in the lower 32-bits of the struct kvm_regs fields and sign
+ * extended to 64-bits.
+ */
+struct kvm_regs {
+   /* out (KVM_GET_REGS) / in (KVM_SET_REGS) */
+   __u64 gpr[32];
+   __u64 hi;
+   __u64 lo;
+   __u64 pc;
+};
+
+/*
+ * for KVM_GET_FPU and KVM_SET_FPU
+ *
+ * If Status[FR] is zero (32-bit FPU), the upper 32-bits of the FPRs
+ * are zero filled.
+ */
+struct kvm_fpu {
+   __u64 fpr[32];
+   __u32 fir;
+   __u32 fccr;
+   __u32 fexr;
+   __u32 fenr;
+   __u32 fcsr;
+   __u32 pad;
+};
+
+
+/*
+ * For MIPS, we use KVM_SET_ONE_REG and KVM_GET_ONE_REG to access CP0
+ * registers.  The id field is broken down as follows:
+ *
+ *  bits[2..0]   - Register 'sel' index.
+ *  bits[7..3]   - Register 'rd'  index.
+ *  bits[15..8]  - Must be zero.
+ *  bits[63..16] - 1 -> CP0 registers.
+ *
+ * Other sets registers may be added in the future.  Each set would
+ * have its own identifier in bits[63..16].
+ *
+ * The addr field of struct kvm_one_reg must point to an aligned
+ * 64-bit wide location.  For registers that are narrower than
+ * 64-bits, the value is stored in the low order bits of the location,
+ * and sign extended to 64-bits.
+ *
+ * The registers defined in struct kvm_regs are also accessible, the
+ * id values for these are below.
+ */
+
+#define KVM_REG_MIPS_R0 0
+#define KVM_REG_MIPS_R1 1
+#define KVM_REG_MIPS_R2 2
+#define KVM_REG_MIPS_R3 3
+#define KVM_REG_MIPS_R4 4
+#define KVM_REG_MIPS_R5 5
+#define KVM_REG_MIPS_R6 6
+#define KVM_REG_MIPS_R7 7
+#define KVM_REG_MIPS_R8 8
+#define KVM_REG_MIPS_R9 9
+#define KVM_REG_MIPS_R10 10
+#define KVM_REG_MIPS_R11 11
+#define KVM_REG_MIPS_R12 12
+#define KVM_REG_MIPS_R13 13
+#define KVM_REG_MIPS_R14 14
+#define KVM_REG_MIPS_R15 15
+#define KVM_REG_MIPS_R16 16
+#define KVM_REG_MIPS_R17 17
+#define KVM_REG_MIPS_R18 18
+#define KVM_REG_MIPS_R19 19
+#define KVM_REG_MIPS_R20 20
+#define KVM_REG_MIPS_R21 21
+#define KVM_REG_MIPS_R22 22
+#define KVM_REG_MIPS_R23 23
+#define KVM_REG_MIPS_R24 24
+#define KVM_REG_MIPS_R25 25
+#define KVM_REG_MIPS_R26 26
+#define KVM_REG_MIPS_R27 27
+#define KVM_REG_MIPS_R28 28
+#define KVM_REG_MIPS_R29 29
+#define KVM_REG_MIPS_R30 30
+#define KVM_REG_MIPS_R31 31
+
+#define KVM_REG_MIPS_

[Qemu-devel] [PULL 01/26] qemu-char: remove a few needless #includes

[Michael Tokarev]

This removes  since we don't use
syslogging, and removes second, solaris-specific,
include of  (which is included in
a common part of the file)

Signed-off-by: Michael Tokarev 
---
 qemu-char.c |2 --
 1 file changed, 2 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index 0b6ae95..596bf9e 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -76,8 +76,6 @@
 #include  // must come after ip.h
 #include 
 #include 
-#include 
-#include 
 #endif
 #endif
 #endif
-- 
1.7.10.4

Re: [Qemu-devel] [Xen-devel] [BUG 1747]Guest could't find bootable device with memory more than 3600M

[George Dunlap]

On Thu, Jun 13, 2013 at 6:22 PM, Ian Campbell  wrote:
> On Thu, 2013-06-13 at 17:55 +0100, Stefano Stabellini wrote:
>
>> > > We could have a xenstore flag somewhere that enables the old behaviour
>> > > so that people can revert back to qemu-xen-traditional and make the pci
>> > > hole below 4G even bigger than 448MB, but I think that keeping the old
>> > > behaviour around is going to make the code more difficult to maintain.
>> >
>> > The downside of that is that things which worked with the old scheme may
>> > not work with the new one though. Early in a release cycle when we have
>> > time to discover what has broken then that might be OK, but is post rc4
>> > really the time to be risking it?
>>
>> Yes, you are right: there are some scenarios that would have worked
>> before that wouldn't work anymore with the new scheme.
>> Are they important enough to have a workaround, pretty difficult to
>> identify for a user?
>
> That question would be reasonable early in the development cycle. At rc4
> the question should be: do we think this problem is so critical that we
> want to risk breaking something else which currently works for people.
>
> Remember that we are invalidating whatever passthrough testing people
> have already done up to this point of the release.
>
> It is also worth noting that the things which this change ends up
> breaking may for all we know be equally difficult for a user to identify
> (they are after all approximately the same class of issue).
>
> The problem here is that the risk is difficult to evaluate, we just
> don't know what will break with this change, and we don't know therefore
> if the cure is worse than the disease. The conservative approach at this
> point in the release would be to not change anything, or to change the
> minimal possible number of things (which would preclude changes which
> impact qemu-trad IMHO).
>


> WRT pretty difficult to identify -- the root of this thread suggests the
> guest entered a reboot loop with "No bootable device", that sounds
> eminently release notable to me. I also not that it was changing the
> size of the PCI hole which caused the issue -- which does somewhat
> underscore the risks involved in this sort of change.

But that bug was a bug in the first attempt to fix the root problem.
The root problem shows up as qemu crashing at some point because it
tried to access invalid guest gpfn space; see
http://lists.xen.org/archives/html/xen-devel/2013-03/msg00559.html.

Stefano tried to fix it with the above patch, just changing the hole
to start at 0xe; but that was incomplete, as it didn't match with
hvmloader and seabios's view of the world.  That's what this bug
report is about.  This thread is an attempt to find a better fix.

So the root problem is that if we revert this patch, and someone
passes through a pci device using qemu-xen (the default) and the MMIO
hole is resized, at some point in the future qemu will randomly die.

If it's a choice between users experiencing, "My VM randomly crashes"
and experiencing, "I tried to pass through this device but the guest
OS doesn't see it", I'd rather choose the latter.

 -George

Re: [Qemu-devel] [RFC] sanitize memory on system reset

[Stefan Hajnoczi]

On Thu, Jun 13, 2013 at 10:46:39AM +0200, Peter Lieven wrote:
> On 13.06.2013 10:40, Stefan Hajnoczi wrote:
> >On Thu, Jun 13, 2013 at 08:09:09AM +0200, Peter Lieven wrote:
> >>I was thinking if it would be a good idea to zeroize all memory resources 
> >>on system reset and
> >>madvise dontneed them afterwards. This would avoid system reset attacks in 
> >>case the attacker
> >>has only access to the console of a vServer but not on the physical host 
> >>and it would shrink
> >>RSS size of the vServer siginificantly.
> >I wonder if you'll hit weird OS installers or PXE clients that rely on
> >stashing stuff in memory across reset.
> Mhh, that indeed would be weird.
> 
> What do you think of the idea in general? You concerns could be addresses by 
> adding
> a switch for this which defaults to off.

Any time we deviate from how real hardware behaves we end up in trouble
later on.  Something will depend on this behavior.

It is nice to reduce the RSS footprint on reboot in some cases, your
idea makes sense.  I think it should be disabled by default for
compatibility.

Stefan

[Qemu-devel] [PULL 16/26] hw/xen: Use g_free instead of free and fix potential memory leaks

[Michael Tokarev]

From: Stefan Weil 

The wrong functions and the missing calls of g_free were reported
by cppcheck.

Signed-off-by: Stefan Weil 
Acked-by: Stefano Stabellini 
Signed-off-by: Michael Tokarev 
---
 hw/xen/xen_pt_config_init.c |4 ++--
 xen-all.c   |8 +---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index 01872db..8ccc2e4 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -1777,12 +1777,12 @@ static int 
xen_pt_config_reg_init(XenPCIPassthroughState *s,
 rc = reg->init(s, reg_entry->reg,
reg_grp->base_offset + reg->offset, &data);
 if (rc < 0) {
-free(reg_entry);
+g_free(reg_entry);
 return rc;
 }
 if (data == XEN_PT_INVALID_REG) {
 /* free unused BAR register entry */
-free(reg_entry);
+g_free(reg_entry);
 return 0;
 }
 /* set register value */
diff --git a/xen-all.c b/xen-all.c
index bc105f1..1a1d7bb 100644
--- a/xen-all.c
+++ b/xen-all.c
@@ -389,7 +389,7 @@ static int xen_remove_from_physmap(XenIOState *state,
 if (state->log_for_dirtybit == physmap) {
 state->log_for_dirtybit = NULL;
 }
-free(physmap);
+g_free(physmap);
 
 return 0;
 }
@@ -1030,7 +1030,7 @@ static void xen_read_physmap(XenIOState *state)
 xen_domid, entries[i]);
 value = xs_read(state->xenstore, 0, path, &len);
 if (value == NULL) {
-free(physmap);
+g_free(physmap);
 continue;
 }
 physmap->start_addr = strtoull(value, NULL, 16);
@@ -1041,7 +1041,7 @@ static void xen_read_physmap(XenIOState *state)
 xen_domid, entries[i]);
 value = xs_read(state->xenstore, 0, path, &len);
 if (value == NULL) {
-free(physmap);
+g_free(physmap);
 continue;
 }
 physmap->size = strtoull(value, NULL, 16);
@@ -1069,12 +1069,14 @@ int xen_hvm_init(void)
 state->xce_handle = xen_xc_evtchn_open(NULL, 0);
 if (state->xce_handle == XC_HANDLER_INITIAL_VALUE) {
 perror("xen: event channel open");
+g_free(state);
 return -errno;
 }
 
 state->xenstore = xs_daemon_open();
 if (state->xenstore == NULL) {
 perror("xen: xenstore open");
+g_free(state);
 return -errno;
 }
 
-- 
1.7.10.4

[Qemu-devel] [PULL 24/26] create qemu_openpty_raw() helper function and move it to a separate file

[Michael Tokarev]

In two places qemu uses openpty() which is very system-dependent,
and in both places the pty is switched to raw mode as well.
Make a wrapper function which does both steps, and move all the
system-dependent complexity into a separate file, together
with static/local implementations of openpty() and cfmakeraw()
from qemu-char.c.

It is in a separate file, not part of oslib-posix.c, because
openpty() often resides in -lutil which is not linked to
every program qemu builds.

This change removes #including of , 
and other rather specific system headers out of qemu-common.h,
which isn't a place for such specific headers really.

This version has been verified to build correctly on Linux,
OpenBSD, FreeBSD and OpenIndiana.  On the latter it lets qemu
to be built with gtk gui which were not possible there due to
missing openpty() and cfmakeraw().

Signed-off-by: Michael Tokarev 
Tested-by: Andreas Färber 
---
 include/qemu-common.h |   15 +-
 qemu-char.c   |   77 ++--
 ui/gtk.c  |   12 ++---
 util/Makefile.objs|2 +-
 util/qemu-openpty.c   |  135 +
 5 files changed, 146 insertions(+), 95 deletions(-)
 create mode 100644 util/qemu-openpty.c

diff --git a/include/qemu-common.h b/include/qemu-common.h
index ed8b6e2..3c91375 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -42,19 +42,6 @@
 #include 
 #include "glib-compat.h"
 
-#if defined(__GLIBC__)
-# include 
-#elif defined CONFIG_BSD
-# include 
-# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || 
defined(__DragonFly__)
-#  include 
-# else
-#  include 
-# endif
-#elif defined CONFIG_SOLARIS
-# include 
-#endif
-
 #ifdef _WIN32
 #include "sysemu/os-win32.h"
 #endif
@@ -235,6 +222,8 @@ ssize_t qemu_recv_full(int fd, void *buf, size_t count, int 
flags)
 
 #ifndef _WIN32
 int qemu_pipe(int pipefd[2]);
+/* like openpty() but also makes it raw; return master fd */
+int qemu_openpty_raw(int *aslave, char *pty_name);
 #endif
 
 #ifdef _WIN32
diff --git a/qemu-char.c b/qemu-char.c
index 596bf9e..2c3cfe6 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -964,63 +964,6 @@ static CharDriverState *qemu_chr_open_stdio(ChardevStdio 
*opts)
 return chr;
 }
 
-#ifdef __sun__
-/* Once Solaris has openpty(), this is going to be removed. */
-static int openpty(int *amaster, int *aslave, char *name,
-   struct termios *termp, struct winsize *winp)
-{
-const char *slave;
-int mfd = -1, sfd = -1;
-
-*amaster = *aslave = -1;
-
-mfd = open("/dev/ptmx", O_RDWR | O_NOCTTY);
-if (mfd < 0)
-goto err;
-
-if (grantpt(mfd) == -1 || unlockpt(mfd) == -1)
-goto err;
-
-if ((slave = ptsname(mfd)) == NULL)
-goto err;
-
-if ((sfd = open(slave, O_RDONLY | O_NOCTTY)) == -1)
-goto err;
-
-if (ioctl(sfd, I_PUSH, "ptem") == -1 ||
-(termp != NULL && tcgetattr(sfd, termp) < 0))
-goto err;
-
-if (amaster)
-*amaster = mfd;
-if (aslave)
-*aslave = sfd;
-if (winp)
-ioctl(sfd, TIOCSWINSZ, winp);
-
-return 0;
-
-err:
-if (sfd != -1)
-close(sfd);
-close(mfd);
-return -1;
-}
-
-static void cfmakeraw (struct termios *termios_p)
-{
-termios_p->c_iflag &=
-~(IGNBRK|BRKINT|PARMRK|ISTRIP|INLCR|IGNCR|ICRNL|IXON);
-termios_p->c_oflag &= ~OPOST;
-termios_p->c_lflag &= ~(ECHO|ECHONL|ICANON|ISIG|IEXTEN);
-termios_p->c_cflag &= ~(CSIZE|PARENB);
-termios_p->c_cflag |= CS8;
-
-termios_p->c_cc[VMIN] = 0;
-termios_p->c_cc[VTIME] = 0;
-}
-#endif
-
 #if defined(__linux__) || defined(__sun__) || defined(__FreeBSD__) \
 || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) \
 || defined(__GLIBC__)
@@ -1192,34 +1135,24 @@ static CharDriverState *qemu_chr_open_pty(const char 
*id,
 {
 CharDriverState *chr;
 PtyCharDriver *s;
-struct termios tty;
 int master_fd, slave_fd;
-#if defined(__OpenBSD__) || defined(__DragonFly__)
 char pty_name[PATH_MAX];
-#define q_ptsname(x) pty_name
-#else
-char *pty_name = NULL;
-#define q_ptsname(x) ptsname(x)
-#endif
 
-if (openpty(&master_fd, &slave_fd, pty_name, NULL, NULL) < 0) {
+master_fd = qemu_openpty_raw(&slave_fd, pty_name);
+if (master_fd < 0) {
 return NULL;
 }
 
-/* Set raw attributes on the pty. */
-tcgetattr(slave_fd, &tty);
-cfmakeraw(&tty);
-tcsetattr(slave_fd, TCSAFLUSH, &tty);
 close(slave_fd);
 
 chr = g_malloc0(sizeof(CharDriverState));
 
-chr->filename = g_strdup_printf("pty:%s", q_ptsname(master_fd));
-ret->pty = g_strdup(q_ptsname(master_fd));
+chr->filename = g_strdup_printf("pty:%s", pty_name);
+ret->pty = g_strdup(pty_name);
 ret->has_pty = true;
 
 fprintf(stderr, 

Re: [Qemu-devel] [Bug 1190525] [NEW] fdisk still shows the "/dev/sdb" partitions even after the removal of scsi disk

[Stefan Hajnoczi]

On Thu, Jun 13, 2013 at 09:33:37AM -, chandrashekar shastri wrote:
> Steps to reproduce the issue:
> 
> I. Add the SCSI disk through the virt-manager.
> 2. Create the partition using fdisk  (eg: /dev/sbb) 
> 3. Create a filesystem and format using mkfs.ext3 or mkfs.ext4 
> 4. Remove the scsi disk  through the virt-manager. 
> 5. Again run the fdisk /dev/sdb, the guests still shows the partition even 
> after the removal of the disk.

Which emulated SCSI controller are you using?  Recent virtio-scsi gets
notified when LUNs are removed but you may have old guest drivers.

If you want to report this as a QEMU bug, please give QEMU commands, not
virt-manager commands.  If you cannot use QEMU directly, please work
with the virt-manager or libvirt community before filing a QEMU bug so
the necessary QEMU-level details can be provided by them.

Stefan

Re: [Qemu-devel] RFC: Full introspection support for QMP (with draft patch)

[Eric Blake]

On 06/14/2013 10:52 AM, Amos Kong wrote:

>>From 2b39fe0f380eea6a96de3589b3d148673d28c1ff Mon Sep 17 00:00:00 2001
> From: Amos Kong 
> Date: Fri, 7 Jun 2013 18:02:21 +0800
> Subject: [PATCH] full introspection support for QMP
> 
> Signed-off-by: Amos Kong 
> ---
>  qapi-schema.json |  6 ++
>  qmp-commands.hx  | 23 +++
>  qmp.c| 46 ++
>  scripts/qapi-commands.py |  2 +-
>  scripts/qapi-types.py| 42 +-
>  scripts/qapi-visit.py|  2 +-
>  scripts/qapi.py  | 13 -
>  7 files changed, 130 insertions(+), 4 deletions(-)
> 
> diff --git a/qapi-schema.json b/qapi-schema.json
> index ef1f657..128cc58 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -3618,3 +3618,9 @@
>  '*cpuid-input-ecx': 'int',
>  'cpuid-register': 'X86CPURegister32',
>  'features': 'int' } }
> +
> +{ 'type': 'SchemaData',
> +  'data': { 'type': 'str', 'name': 'str', '*data': 'str', '*returns': 'str' 
> } }
> +
> +{ 'command': 'query-qmp-schema', 'data': { '*type': 'str', '*name': 'str' },
> +  'returns': ['SchemaData'] }

Needs documentation, and a since 1.6 notation in the docs (assuming that
we still make it in time for 1.6).  Also, see my other mail complaining
that this is not structured enough, yet.

> diff --git a/qmp-commands.hx b/qmp-commands.hx
> index ffd130e..fc56fba 100644
> --- a/qmp-commands.hx
> +++ b/qmp-commands.hx
> @@ -2932,3 +2932,26 @@ Example:

> +
> +EQMP
> \ No newline at end of file

Fix that.


>  }
>  
> +SchemaDataList * qmp_query_qmp_schema(bool has_type, const char * type,

No space after '*' when declaring a pointer return or pointer argument.
 Should be:

SchemaDataList *qmp_query_qmp_schema(bool has_type, const char *type,

> +++ b/scripts/qapi-types.py

> +
> +struct qmp_schem {

Aren't structs supposed to be named in CamelCase?

> +const char *type;
> +const char *name;
> +const char *data;
> +const char *returns;
> +} qmp_schema_table[] = {
> +"""
> +
> +for i in exprs_all[1]:
> +print i
> +
> +data = returns = ""
> +type = i.keys()[0]
> +name = i[type]
> +for k in i.keys():
> +if isinstance(i[k], OrderedDict):
> +ret = {}
> +for key in i[k]:
> +ret[key] = i[k][key]
> +i[k] = ret
> +
> +if i.has_key('data'):
> +data = i['data']

I think this is where you'd need to do more processing of data to spit
it out in a more structured format, but my python is too weak to
actually write that conversion.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [PULL 04/26] configure: Disable host-bsd USB on FreeBSD

[Michael Tokarev]

From: Ed Maste 

It hasn't built since FreeBSD 8.x, and is disabled by a patch in the
FreeBSD ports tree.  FreeBSD is migrating to QEMU's libusb support.

Signed-off-by: Ed Maste 
Signed-off-by: Michael Tokarev 
---
 configure |4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index e197b91..a3f0b7a 100755
--- a/configure
+++ b/configure
@@ -553,7 +553,9 @@ esac
 
 if [ "$bsd" = "yes" ] ; then
   if [ "$darwin" != "yes" ] ; then
-usb="bsd"
+if [ "$targetos" != "FreeBSD" ]; then
+  usb="bsd"
+fi
 bsd_user="yes"
   fi
 fi
-- 
1.7.10.4

[Qemu-devel] [PULL 02/26] gitignore: unignore *.patch

[Michael Tokarev]

This partially reverts:

 commit 082369e62c5bbaba89f173c2b803bc24115bb111
 Author: liguang 
 Date:   Fri Mar 22 16:44:13 2013 +0800

gitignore: ignore more files

I'm not sure how this went in.  The thing is that
ignoring *.patch, in my opinion, is just wrong.
Especially for downstreams who apply patches for
real.

Signed-off-by: Michael Tokarev 
---
 .gitignore |1 -
 1 file changed, 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 64e9466..0fe114d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -82,7 +82,6 @@ fsdev/virtfs-proxy-helper.pod
 *.swp
 *.orig
 .pc
-*.patch
 *.gcda
 *.gcno
 patches
-- 
1.7.10.4

[Qemu-devel] [PATCH v3 00/16] -boot and -no-fd-bootchk fixes

[Markus Armbruster]

This has been rotting in my tree since February.  Sorry about that.

I'm afraid -boot regressed in 1.4, specifically commit e4ada29e.  This
series fixes it, along with related bugs, and tops off with tests.

PATCH 01-03 fix the regression, PATCH 04 cleans up afterwards.  I'm
refraining from nominating them for stable, because we regressed quite
some time ago, and the fix isn't exactly minimal.

PATCH 05 makes -no-fd-bootchk behave more sanely, and PATCH 06 fixes
up docs.  The case for stable is even weaker here: the old behavior
hasn't changed in quite a few releases, and nobody complained.

PATCH 07 tweaks qtest to make testing -boot once possible.  The
remaining patches add tests.

v3:
* Rebased, with only trivial conflicts
* PATCH 08 cosmetic improvements
* More test cases: new PATCH 09-16
v2:
* New PATCH 7 to make testing -boot once possible
* Old PATCH 5 reworked and extended became PATCH 8
* Writing more tests uncovered -no-fd-bootchk weirdness, cleaned up in
  new PATCH 5+6

Andreas Färber (1):
  boot-order-test: Add tests for PowerMacs

Markus Armbruster (15):
  vl: Clean up parsing of -boot option argument
  qemu-option: check_params() is now unused, drop it
  vl: Fix -boot order and once regressions, and related bugs
  vl: Rename *boot_devices to *boot_order, for consistency
  pc: Make -no-fd-bootchk stick across boot order changes
  doc: Drop ref to Bochs from -no-fd-bootchk documentation
  qtest: Don't reset on qtest chardev connect
  boot-order-test: New; covering just PC for now
  boot-order-test: Cover -boot once in ppc tests
  boot-order-test: Better separate target-specific and generic parts
  boot-order-test: Code motion for better readability
  boot-order-test: Add tests for PowerPC PREP
  boot-order-test: Add tests for Sun4m
  boot-order-test: Support fw_cfg in I/O space
  boot-order-test: Add tests for Sun4u

 hw/i386/pc.c|   7 +-
 include/hw/hw.h |   4 +-
 include/qemu/option.h   |   2 -
 qemu-options.hx |   3 +-
 qtest.c |   7 +-
 tests/Makefile  |   4 +
 tests/boot-order-test.c | 234 
 util/qemu-option.c  |  30 ---
 vl.c| 121 +
 9 files changed, 291 insertions(+), 121 deletions(-)
 create mode 100644 tests/boot-order-test.c

-- 
1.7.11.7

[Qemu-devel] [PATCH v3 02/16] qemu-option: check_params() is now unused, drop it

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 include/qemu/option.h |  2 --
 util/qemu-option.c| 30 --
 2 files changed, 32 deletions(-)

diff --git a/include/qemu/option.h b/include/qemu/option.h
index bdb6d21..a83c700 100644
--- a/include/qemu/option.h
+++ b/include/qemu/option.h
@@ -55,8 +55,6 @@ int get_next_param_value(char *buf, int buf_size,
  const char *tag, const char **pstr);
 int get_param_value(char *buf, int buf_size,
 const char *tag, const char *str);
-int check_params(char *buf, int buf_size,
- const char * const *params, const char *str);
 
 
 /*
diff --git a/util/qemu-option.c b/util/qemu-option.c
index 8b74bf1..412c425 100644
--- a/util/qemu-option.c
+++ b/util/qemu-option.c
@@ -123,36 +123,6 @@ int get_param_value(char *buf, int buf_size,
 return get_next_param_value(buf, buf_size, tag, &str);
 }
 
-int check_params(char *buf, int buf_size,
- const char * const *params, const char *str)
-{
-const char *p;
-int i;
-
-p = str;
-while (*p != '\0') {
-p = get_opt_name(buf, buf_size, p, '=');
-if (*p != '=') {
-return -1;
-}
-p++;
-for (i = 0; params[i] != NULL; i++) {
-if (!strcmp(params[i], buf)) {
-break;
-}
-}
-if (params[i] == NULL) {
-return -1;
-}
-p = get_opt_value(NULL, 0, p);
-if (*p != ',') {
-break;
-}
-p++;
-}
-return 0;
-}
-
 /*
  * Searches an option list for an option with the given name
  */
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 04/16] vl: Rename *boot_devices to *boot_order, for consistency

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 include/hw/hw.h |  4 ++--
 vl.c| 16 
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/include/hw/hw.h b/include/hw/hw.h
index 1fb9afa..cc9f847 100644
--- a/include/hw/hw.h
+++ b/include/hw/hw.h
@@ -44,9 +44,9 @@ void qemu_unregister_reset(QEMUResetHandler *func, void 
*opaque);
 
 /* handler to set the boot_device order for a specific type of QEMUMachine */
 /* return 0 if success */
-typedef int QEMUBootSetHandler(void *opaque, const char *boot_devices);
+typedef int QEMUBootSetHandler(void *opaque, const char *boot_order);
 void qemu_register_boot_set(QEMUBootSetHandler *func, void *opaque);
-int qemu_boot_set(const char *boot_devices);
+int qemu_boot_set(const char *boot_order);
 
 #ifdef NEED_CPU_H
 #if TARGET_LONG_BITS == 64
diff --git a/vl.c b/vl.c
index f51d8e8..17daedd 100644
--- a/vl.c
+++ b/vl.c
@@ -1151,12 +1151,12 @@ void qemu_register_boot_set(QEMUBootSetHandler *func, 
void *opaque)
 boot_set_opaque = opaque;
 }
 
-int qemu_boot_set(const char *boot_devices)
+int qemu_boot_set(const char *boot_order)
 {
 if (!boot_set_handler) {
 return -EINVAL;
 }
-return boot_set_handler(boot_set_opaque, boot_devices);
+return boot_set_handler(boot_set_opaque, boot_order);
 }
 
 static void validate_bootdevices(const char *devices)
@@ -1187,9 +1187,9 @@ static void validate_bootdevices(const char *devices)
 }
 }
 
-static void restore_boot_devices(void *opaque)
+static void restore_boot_order(void *opaque)
 {
-char *standard_boot_devices = opaque;
+char *normal_boot_order = opaque;
 static int first = 1;
 
 /* Restore boot order and remove ourselves after the first boot */
@@ -1198,10 +1198,10 @@ static void restore_boot_devices(void *opaque)
 return;
 }
 
-qemu_boot_set(standard_boot_devices);
+qemu_boot_set(normal_boot_order);
 
-qemu_unregister_reset(restore_boot_devices, standard_boot_devices);
-g_free(standard_boot_devices);
+qemu_unregister_reset(restore_boot_order, normal_boot_order);
+g_free(normal_boot_order);
 }
 
 void add_boot_device_path(int32_t bootindex, DeviceState *dev,
@@ -4090,7 +4090,7 @@ int main(int argc, char **argv, char **envp)
 validate_bootdevices(once);
 normal_boot_order = g_strdup(boot_order);
 boot_order = once;
-qemu_register_reset(restore_boot_devices, normal_boot_order);
+qemu_register_reset(restore_boot_order, normal_boot_order);
 }
 
 boot_menu = qemu_opt_get_bool(opts, "menu", boot_menu);
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 07/16] qtest: Don't reset on qtest chardev connect

[Markus Armbruster]

libqtest's qtest_init() connecting to the qtest socket triggers reset.
This was coded in the hope we could use the same QEMU process for
multiple tests that way.  Never used.  Injects an extra reset even
when it's not used, and that can mess up tests such as the one of
-boot once I'm about to add.  Drop it.

Signed-off-by: Markus Armbruster 
---
 qtest.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/qtest.c b/qtest.c
index 07a9612..74f1842 100644
--- a/qtest.c
+++ b/qtest.c
@@ -472,7 +472,12 @@ static void qtest_event(void *opaque, int event)
 
 switch (event) {
 case CHR_EVENT_OPENED:
-qemu_system_reset(false);
+/*
+ * We used to call qemu_system_reset() here, hoping we could
+ * use the same process for multiple tests that way.  Never
+ * used.  Injects an extra reset even when it's not used, and
+ * that can mess up tests, e.g. -boot once.
+ */
 for (i = 0; i < ARRAY_SIZE(irq_levels); i++) {
 irq_levels[i] = 0;
 }
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 03/16] vl: Fix -boot order and once regressions, and related bugs

[Markus Armbruster]

Option "once" sets up a different boot order just for the initial
boot.  Boot order reverts back to normal on reset.  Option "order"
changes the normal boot order.

The reversal is implemented by reset handler restore_boot_devices(),
which takes the boot order to revert to as argument.
restore_boot_devices() does nothing on its first call, because that
must be the initial machine reset.  On its second call, it changes the
boot order back, and unregisters itself.

Because we register the handler right when -boot gets parsed, we can
revert to an incorrect normal boot order, and multiple -boot can
interact in funny ways.

Here's how things work without -boot once or order:

* boot_devices is "".

* main() passes machine->boot_order to to machine->init(), because
  boot_devices is "".  machine->init() configures firmware
  accordingly.  For PC machines, machine->boot_order is "cad", and
  pc_cmos_init() writes it to RTC CMOS, where SeaBIOS picks it up.

Now consider -boot order=:

* boot_devices is "".

* -boot order= sets boot_devices to "" (no change).

* main() passes machine->boot_order to to machine->init(), because
  boot_devices is "", as above.

  Bug: -boot order= has no effect.  Broken in commit e4ada29e.

Next, consider -boot once=a:

* boot_devices is "".

* -boot once=a registers restore_boot_devices() with argument "", and
  sets boot_devices to "a".

* main() passes boot_devices "a" to machine->init(), which configures
  firmware accordingly.  For PC machines, pc_cmos_init() writes the
  boot order to RTC CMOS.

* main() calls qemu_system_reset().  This runs reset handlers.

  - restore_boot_devices() gets called with argument "".  Does
nothing, because it's the first call.

* Machine boots, boot order is "a".

* Machine resets (e.g. monitor command).  Reset handlers run.

  - restore_boot_devices() gets called with argument "".  Calls
qemu_boot_set("") to reconfigure firmware.  For PC machines,
pc_boot_set() writes it into RTC CMOS.  Reset handler
unregistered.

Bug: boot order reverts to "" instead of machine->boot_order.  The
actual boot order depends on how firmware interprets "".  Broken
in commit e4ada29e.

Next, consider -boot once=a -boot order=c:

* boot_devices is "".

* -boot once=a registers restore_boot_devices() with argument "", and
  sets boot_devices to "a".

* -boot order=c sets boot_devices to "c".

* main() passes boot_devices "c" to machine->init(), which configures
  firmware accordingly.  For PC machines, pc_cmos_init() writes the
  boot order to RTC CMOS.

* main() calls qemu_system_reset().  This runs reset handlers.

  - restore_boot_devices() gets called with argument "".  Does
nothing, because it's the first call.

* Machine boots, boot order is "c".

  Bug: it should be "a".  I figure this has always been broken.

* Machine resets (e.g. monitor command).  Reset handlers run.

  - restore_boot_devices() gets called with argument "".  Calls
qemu_boot_set("") to reconfigure firmware.  For PC machines,
pc_boot_set() writes it into RTC CMOS.  Reset handler
unregistered.

Bug: boot order reverts to "" instead of "c".  I figure this has
always been broken, just differently broken before commit
e4ada29e.

Next, consider -boot once=a -boot once=b -boot once=c:

* boot_devices is "".

* -boot once=a registers restore_boot_devices() with argument "", and
  sets boot_devices to "a".

* -boot once=b registers restore_boot_devices() with argument "a", and
  sets boot_devices to "b".

* -boot once=c registers restore_boot_devices() with argument "b", and
  sets boot_devices to "c".

* main() passes boot_devices "c" to machine->init(), which configures
  firmware accordingly.  For PC machines, pc_cmos_init() writes the
  boot order to RTC CMOS.

* main() calls qemu_system_reset().  This runs reset handlers.

  - restore_boot_devices() gets called with argument "".  Does
nothing, because it's the first call.

  - restore_boot_devices() gets called with argument "a".  Calls
qemu_boot_set("a") to reconfigure firmware.  For PC machines,
pc_boot_set() writes it into RTC CMOS.  Reset handler
unregistered.

  - restore_boot_devices() gets called with argument "b".  Calls
qemu_boot_set("b") to reconfigure firmware.  For PC machines,
pc_boot_set() writes it into RTC CMOS.  Reset handler
unregistered.

* Machine boots, boot order is "b".

  Bug: should really be "c", because that came last, and for all other
  -boot options, the last one wins.  I figure this was broken some
  time before commit 37905d6a, and fixed there only for a single
  occurence of "once".

* Machine resets (e.g. monitor command).  Reset handlers run.

  - restore_boot_devices() gets called with argument "".  Calls
qemu_boot_set("") to reconfigure firmware.  For PC machines,
pc_boot_set() writes it into RTC CMOS.  Reset handler
unregistered.

Same bug as above: boot order reverts to "" instead of
machine->boot_order.

F

[Qemu-devel] [PATCH v3 10/16] boot-order-test: Cover -boot once in ppc tests

[Markus Armbruster]

Cc: Andreas Färber 
Cc: Alexander Graf 
Cc: qemu-...@nongnu.org
Signed-off-by: Markus Armbruster 
---
 tests/boot-order-test.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
index c1cc2a6..f6dece6 100644
--- a/tests/boot-order-test.c
+++ b/tests/boot-order-test.c
@@ -113,6 +113,7 @@ static void test_powermac_boot_order(void)
 test_powermac_with_args(newworld, "", 'c', 'c');
 test_powermac_with_args(newworld, "-boot c", 'c', 'c');
 test_powermac_with_args(newworld, "-boot d", 'd', 'd');
+test_powermac_with_args(newworld, "-boot once=d,order=c", 'd', 'c');
 }
 }
 
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 12/16] boot-order-test: Code motion for better readability

[Markus Armbruster]

Cc: Andreas Färber 
Cc: Alexander Graf 
Cc: qemu-...@nongnu.org
Signed-off-by: Markus Armbruster 
---
 tests/boot-order-test.c | 48 
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
index 23edacf..003140f 100644
--- a/tests/boot-order-test.c
+++ b/tests/boot-order-test.c
@@ -15,19 +15,15 @@
 #include "libqtest.h"
 #include "qemu/bswap.h"
 
-static uint8_t read_mc146818(uint16_t port, uint8_t reg)
-{
-outb(port, reg);
-return inb(port + 1);
-}
-
-static uint64_t read_boot_order_pc(void)
-{
-uint8_t b1 = read_mc146818(0x70, 0x38);
-uint8_t b2 = read_mc146818(0x70, 0x3d);
+#define NO_QEMU_PROTOS
+#include "hw/nvram/fw_cfg.h"
+#undef NO_QEMU_PROTOS
 
-return b1 | (b2 << 8);
-}
+typedef struct {
+const char *args;
+uint64_t expected_boot;
+uint64_t expected_reboot;
+} boot_order_test;
 
 static void test_a_boot_order(const char *machine,
   const char *test_args,
@@ -52,12 +48,6 @@ static void test_a_boot_order(const char *machine,
 g_free(args);
 }
 
-typedef struct {
-const char *args;
-uint64_t expected_boot;
-uint64_t expected_reboot;
-} boot_order_test;
-
 static void test_boot_orders(const char *machine,
  uint64_t (*read_boot_order)(void),
  const boot_order_test *tests)
@@ -72,6 +62,20 @@ static void test_boot_orders(const char *machine,
 }
 }
 
+static uint8_t read_mc146818(uint16_t port, uint8_t reg)
+{
+outb(port, reg);
+return inb(port + 1);
+}
+
+static uint64_t read_boot_order_pc(void)
+{
+uint8_t b1 = read_mc146818(0x70, 0x38);
+uint8_t b2 = read_mc146818(0x70, 0x3d);
+
+return b1 | (b2 << 8);
+}
+
 static const boot_order_test test_cases_pc[] = {
 { "",
   0x1230, 0x1230 },
@@ -103,12 +107,6 @@ static void test_pc_boot_order(void)
 test_boot_orders(NULL, read_boot_order_pc, test_cases_pc);
 }
 
-#define PMAC_CFG_ADDR 0xf510
-
-#define NO_QEMU_PROTOS
-#include "hw/nvram/fw_cfg.h"
-#undef NO_QEMU_PROTOS
-
 static void read_fw_cfg(uint64_t cfg_addr, uint16_t cmd,
 void *buf, size_t len)
 {
@@ -129,6 +127,8 @@ static uint16_t read_fw_cfg_i16(uint64_t cfg_addr, uint16_t 
cmd)
 return le16_to_cpu(value);
 }
 
+#define PMAC_CFG_ADDR 0xf510
+
 static uint64_t read_boot_order_pmac(void)
 {
 return read_fw_cfg_i16(PMAC_CFG_ADDR, FW_CFG_BOOT_DEVICE);
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 01/16] vl: Clean up parsing of -boot option argument

[Markus Armbruster]

Commit 3d3b8303 threw in some QemuOpts parsing without replacing the
existing ad hoc parser, resulting in a confusing mess.  Clean it up.

Two user-visible changes:

1. Invalid options are reported more nicely.  Before:

qemu: unknown boot parameter 'x' in 'x=y'

   After:

qemu-system-x86_64: -boot x=y: Invalid parameter 'x'

2. If -boot is given multiple times, options accumulate, just like for
   -machine.  Before, only options order, once and menu accumulated.
   For the other ones, all but the first -boot in non-legacy syntax
   got simply ignored.

Signed-off-by: Markus Armbruster 
---
 vl.c | 84 ++--
 1 file changed, 22 insertions(+), 62 deletions(-)

diff --git a/vl.c b/vl.c
index 180fdde..a0ac6e9 100644
--- a/vl.c
+++ b/vl.c
@@ -436,9 +436,10 @@ static QemuOptsList qemu_machine_opts = {
 
 static QemuOptsList qemu_boot_opts = {
 .name = "boot-opts",
+.implied_opt_name = "order",
+.merge_lists = true,
 .head = QTAILQ_HEAD_INITIALIZER(qemu_boot_opts.head),
 .desc = {
-/* the three names below are not used now */
 {
 .name = "order",
 .type = QEMU_OPT_STRING,
@@ -447,8 +448,7 @@ static QemuOptsList qemu_boot_opts = {
 .type = QEMU_OPT_STRING,
 }, {
 .name = "menu",
-.type = QEMU_OPT_STRING,
-/* following are really used */
+.type = QEMU_OPT_BOOL,
 }, {
 .name = "splash",
 .type = QEMU_OPT_STRING,
@@ -1159,7 +1159,7 @@ int qemu_boot_set(const char *boot_devices)
 return boot_set_handler(boot_set_opaque, boot_devices);
 }
 
-static void validate_bootdevices(char *devices)
+static void validate_bootdevices(const char *devices)
 {
 /* We just do some generic consistency checks */
 const char *p;
@@ -3134,70 +3134,30 @@ int main(int argc, char **argv, char **envp)
 break;
 case QEMU_OPTION_boot:
 {
-static const char * const params[] = {
-"order", "once", "menu",
-"splash", "splash-time",
-"reboot-timeout", "strict", NULL
-};
-char buf[sizeof(boot_devices)];
 char *standard_boot_devices;
-int legacy = 0;
-
-if (!strchr(optarg, '=')) {
-legacy = 1;
-pstrcpy(buf, sizeof(buf), optarg);
-} else if (check_params(buf, sizeof(buf), params, optarg) 
< 0) {
-fprintf(stderr,
-"qemu: unknown boot parameter '%s' in '%s'\n",
-buf, optarg);
+const char *order, *once;
+
+opts = qemu_opts_parse(qemu_find_opts("boot-opts"),
+   optarg, 1);
+if (!opts) {
 exit(1);
 }
 
-if (legacy ||
-get_param_value(buf, sizeof(buf), "order", optarg)) {
-validate_bootdevices(buf);
-pstrcpy(boot_devices, sizeof(boot_devices), buf);
+order = qemu_opt_get(opts, "order");
+if (order) {
+validate_bootdevices(order);
+pstrcpy(boot_devices, sizeof(boot_devices), order);
 }
-if (!legacy) {
-if (get_param_value(buf, sizeof(buf),
-"once", optarg)) {
-validate_bootdevices(buf);
-standard_boot_devices = g_strdup(boot_devices);
-pstrcpy(boot_devices, sizeof(boot_devices), buf);
-qemu_register_reset(restore_boot_devices,
-standard_boot_devices);
-}
-if (get_param_value(buf, sizeof(buf),
-"menu", optarg)) {
-if (!strcmp(buf, "on")) {
-boot_menu = 1;
-} else if (!strcmp(buf, "off")) {
-boot_menu = 0;
-} else {
-fprintf(stderr,
-"qemu: invalid option value '%s'\n",
-buf);
-exit(1);
-}
-}
-if (get_param_value(buf, sizeof(buf),
-"strict", optarg)) {
-if (!strcmp(buf, "on")) {
-boot_strict = true;

[Qemu-devel] [PATCH v3 09/16] boot-order-test: Add tests for PowerMacs

[Markus Armbruster]

From: Andreas Färber 

They set the boot device via fw_cfg, which is then translated to a boot
path of "hd" or "cd" in OpenBIOS.

Signed-off-by: Andreas Färber 
Cc: Alexander Graf 
Cc: qemu-...@nongnu.org
Signed-off-by: Markus Armbruster 
---
 tests/Makefile  |  2 ++
 tests/boot-order-test.c | 66 -
 2 files changed, 67 insertions(+), 1 deletion(-)

diff --git a/tests/Makefile b/tests/Makefile
index 394e029..9653fce 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -67,6 +67,8 @@ gcov-files-sparc-y += hw/m48t59.c
 gcov-files-sparc64-y += hw/m48t59.c
 check-qtest-arm-y = tests/tmp105-test$(EXESUF)
 gcov-files-arm-y += hw/tmp105.c
+check-qtest-ppc-y += tests/boot-order-test$(EXESUF)
+check-qtest-ppc64-y += tests/boot-order-test$(EXESUF)
 
 GENERATED_HEADERS += tests/test-qapi-types.h tests/test-qapi-visit.h 
tests/test-qmp-commands.h
 
diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
index 2215710..c1cc2a6 100644
--- a/tests/boot-order-test.c
+++ b/tests/boot-order-test.c
@@ -10,8 +10,10 @@
  * See the COPYING file in the top-level directory.
  */
 
+#include 
 #include 
 #include "libqtest.h"
+#include "qemu/bswap.h"
 
 static void test_pc_cmos_byte(int reg, int expected)
 {
@@ -58,11 +60,73 @@ static void test_pc_boot_order(void)
   0, 0x02, 0x30, 0x12);
 }
 
+#define G3BEIGE_CFG_ADDR 0xf510
+#define MAC99_CFG_ADDR   0xf510
+
+#define NO_QEMU_PROTOS
+#include "hw/nvram/fw_cfg.h"
+#undef NO_QEMU_PROTOS
+
+static void powermac_fw_cfg_read(bool newworld, uint16_t cmd,
+ uint8_t *buf, unsigned int len)
+{
+unsigned int i;
+
+writew(newworld ? MAC99_CFG_ADDR : G3BEIGE_CFG_ADDR, cmd);
+for (i = 0; i < len; i++) {
+buf[i] = readb((newworld ? MAC99_CFG_ADDR : G3BEIGE_CFG_ADDR) + 2);
+}
+}
+
+static uint16_t powermac_fw_cfg_read16(bool newworld, uint16_t cmd)
+{
+uint16_t value;
+
+powermac_fw_cfg_read(newworld, cmd, (uint8_t *)&value, sizeof(value));
+return le16_to_cpu(value);
+}
+
+static void test_powermac_with_args(bool newworld, const char *extra_args,
+uint16_t expected_boot,
+uint16_t expected_reboot)
+{
+char *args = g_strdup_printf("-nodefaults -display none -machine %s %s",
+ newworld ? "mac99" : "g3beige", extra_args);
+uint16_t actual;
+qtest_start(args);
+actual = powermac_fw_cfg_read16(newworld, FW_CFG_BOOT_DEVICE);
+g_assert_cmphex(actual, ==, expected_boot);
+qmp("{ 'execute': 'system_reset' }");
+actual = powermac_fw_cfg_read16(newworld, FW_CFG_BOOT_DEVICE);
+g_assert_cmphex(actual, ==, expected_reboot);
+qtest_quit(global_qtest);
+g_free(args);
+}
+
+static void test_powermac_boot_order(void)
+{
+int i;
+
+for (i = 0; i < 2; i++) {
+bool newworld = (i == 1);
+
+test_powermac_with_args(newworld, "", 'c', 'c');
+test_powermac_with_args(newworld, "-boot c", 'c', 'c');
+test_powermac_with_args(newworld, "-boot d", 'd', 'd');
+}
+}
+
 int main(int argc, char *argv[])
 {
+const char *arch = qtest_get_arch();
+
 g_test_init(&argc, &argv, NULL);
 
-qtest_add_func("boot-order/pc", test_pc_boot_order);
+if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
+qtest_add_func("boot-order/pc", test_pc_boot_order);
+} else if (strcmp(arch, "ppc") == 0 || strcmp(arch, "ppc64") == 0) {
+qtest_add_func("boot-order/powermac", test_powermac_boot_order);
+}
 
 return g_test_run();
 }
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 13/16] boot-order-test: Add tests for PowerPC PREP

[Markus Armbruster]

Cc: Andreas Färber 
Cc: Alexander Graf 
Cc: qemu-...@nongnu.org
Signed-off-by: Markus Armbruster 
---
 tests/boot-order-test.c | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
index 003140f..0060905 100644
--- a/tests/boot-order-test.c
+++ b/tests/boot-order-test.c
@@ -107,6 +107,32 @@ static void test_pc_boot_order(void)
 test_boot_orders(NULL, read_boot_order_pc, test_cases_pc);
 }
 
+static uint8_t read_m48t59(uint64_t addr, uint16_t reg)
+{
+writeb(addr, reg & 0xff);
+writeb(addr + 1, reg >> 8);
+return readb(addr + 3);
+}
+
+#define PREP_ISA_IO_BASE 0x8000
+
+static uint64_t read_boot_order_prep(void)
+{
+return read_m48t59(PREP_ISA_IO_BASE + 0x74, 0x34);
+}
+
+static const boot_order_test test_cases_prep[] = {
+{ "", 'c', 'c' },
+{ "-boot c", 'c', 'c' },
+{ "-boot d", 'd', 'd' },
+{}
+};
+
+static void test_prep_boot_order(void)
+{
+test_boot_orders("prep", read_boot_order_prep, test_cases_prep);
+}
+
 static void read_fw_cfg(uint64_t cfg_addr, uint16_t cmd,
 void *buf, size_t len)
 {
@@ -161,6 +187,7 @@ int main(int argc, char *argv[])
 if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) {
 qtest_add_func("boot-order/pc", test_pc_boot_order);
 } else if (strcmp(arch, "ppc") == 0 || strcmp(arch, "ppc64") == 0) {
+qtest_add_func("boot-order/prep", test_prep_boot_order);
 qtest_add_func("boot-order/pmac_oldworld",
test_pmac_oldworld_boot_order);
 qtest_add_func("boot-order/pmac_newworld",
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 05/16] pc: Make -no-fd-bootchk stick across boot order changes

[Markus Armbruster]

Option -no-fd-bootchk asks the BIOS to attempt booting from a floppy
even when the boot sector signature isn't there, by setting a bit in
RTC CMOS.  It was added back in 2006 (commit 52ca8d6a).

Two years later, commit 0ecdffbb added monitor command boot_set.
Implemented by new function pc_boot_set().  It unconditionally clears
the floppy signature bit in CMOS.

Commit e0f084bf added -boot option once to automatically change the
boot order on first reset.  Reuses pc_boot_set(), thus also clears the
floppy signature bit.  Commit d9346e81 took care to preserve this
behavior.

Thus, -no-fd-bootchk applies to any number of boots.  Except it
applies just to the first boot with -boot once, and never after
boot_set.  Weird.  Make it stick instead: set the bit according to
-no-fd-bootchk in pc_boot_set().

Signed-off-by: Markus Armbruster 
---
 hw/i386/pc.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 4844a6b..7e524fc 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -266,7 +266,7 @@ static int boot_device2nibble(char boot_device)
 return 0;
 }
 
-static int set_boot_dev(ISADevice *s, const char *boot_device, int fd_bootchk)
+static int set_boot_dev(ISADevice *s, const char *boot_device)
 {
 #define PC_MAX_BOOT_DEVICES 3
 int nbds, bds[3] = { 0, };
@@ -292,7 +292,7 @@ static int set_boot_dev(ISADevice *s, const char 
*boot_device, int fd_bootchk)
 
 static int pc_boot_set(void *opaque, const char *boot_device)
 {
-return set_boot_dev(opaque, boot_device, 0);
+return set_boot_dev(opaque, boot_device);
 }
 
 typedef struct pc_cmos_init_late_arg {
@@ -407,8 +407,7 @@ void pc_cmos_init(ram_addr_t ram_size, ram_addr_t 
above_4g_mem_size,
 cpu_hotplug_cb.cpu_added_notifier.notify = rtc_notify_cpu_added;
 qemu_register_cpu_added_notifier(&cpu_hotplug_cb.cpu_added_notifier);
 
-/* set boot devices, and disable floppy signature check if requested */
-if (set_boot_dev(s, boot_device, fd_bootchk)) {
+if (set_boot_dev(s, boot_device)) {
 exit(1);
 }
 
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 06/16] doc: Drop ref to Bochs from -no-fd-bootchk documentation

[Markus Armbruster]

Manual page and qemu-doc on talk about "Bochs BIOS".  We use SeaBIOS,
and it implements the feature.  Replace by just "BIOS", and drop the
TODO line wondering about the Bochs reference.

Signed-off-by: Markus Armbruster 
---
 qemu-options.hx | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index bf94862..8355f9b 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1268,9 +1268,8 @@ DEF("no-fd-bootchk", 0, QEMU_OPTION_no_fd_bootchk,
 STEXI
 @item -no-fd-bootchk
 @findex -no-fd-bootchk
-Disable boot signature checking for floppy disks in Bochs BIOS. It may
+Disable boot signature checking for floppy disks in BIOS. May
 be needed to boot from old floppy disks.
-TODO: check reference to Bochs BIOS.
 ETEXI
 
 DEF("no-acpi", 0, QEMU_OPTION_no_acpi,
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 08/16] boot-order-test: New; covering just PC for now

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 tests/Makefile  |  2 ++
 tests/boot-order-test.c | 68 +
 2 files changed, 70 insertions(+)
 create mode 100644 tests/boot-order-test.c

diff --git a/tests/Makefile b/tests/Makefile
index c107489..394e029 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -54,6 +54,7 @@ gcov-files-i386-y = hw/fdc.c
 check-qtest-i386-y += tests/ide-test$(EXESUF)
 check-qtest-i386-y += tests/hd-geo-test$(EXESUF)
 gcov-files-i386-y += hw/hd-geometry.c
+check-qtest-i386-y += tests/boot-order-test$(EXESUF)
 check-qtest-i386-y += tests/rtc-test$(EXESUF)
 check-qtest-i386-y += tests/i440fx-test$(EXESUF)
 check-qtest-i386-y += tests/fw_cfg-test$(EXESUF)
@@ -130,6 +131,7 @@ tests/m48t59-test$(EXESUF): tests/m48t59-test.o
 tests/fdc-test$(EXESUF): tests/fdc-test.o
 tests/ide-test$(EXESUF): tests/ide-test.o $(libqos-pc-obj-y)
 tests/hd-geo-test$(EXESUF): tests/hd-geo-test.o
+tests/boot-order-test$(EXESUF): tests/boot-order-test.o
 tests/tmp105-test$(EXESUF): tests/tmp105-test.o $(libqos-omap-obj-y)
 tests/i440fx-test$(EXESUF): tests/i440fx-test.o $(libqos-pc-obj-y)
 tests/fw_cfg-test$(EXESUF): tests/fw_cfg-test.o $(libqos-pc-obj-y)
diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
new file mode 100644
index 000..2215710
--- /dev/null
+++ b/tests/boot-order-test.c
@@ -0,0 +1,68 @@
+/*
+ * Boot order test cases.
+ *
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Authors:
+ *  Markus Armbruster ,
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include 
+#include "libqtest.h"
+
+static void test_pc_cmos_byte(int reg, int expected)
+{
+int actual;
+
+outb(0x70, reg);
+actual = inb(0x71);
+g_assert_cmphex(actual, ==, expected);
+}
+
+static void test_pc_cmos(uint8_t boot1, uint8_t boot2)
+{
+test_pc_cmos_byte(0x38, boot1);
+test_pc_cmos_byte(0x3d, boot2);
+}
+
+static void test_pc_with_args(const char *test_args,
+  uint8_t boot1, uint8_t boot2,
+  uint8_t reboot1, uint8_t reboot2)
+{
+char *args = g_strdup_printf("-nodefaults -display none %s", test_args);
+
+qtest_start(args);
+test_pc_cmos(boot1, boot2);
+qmp("{ 'execute': 'system_reset' }");
+test_pc_cmos(reboot1, reboot2);
+qtest_quit(global_qtest);
+g_free(args);
+}
+
+static void test_pc_boot_order(void)
+{
+test_pc_with_args("", 0x30, 0x12, 0x30, 0x12);
+test_pc_with_args("-no-fd-bootchk", 0x31, 0x12, 0x31, 0x12);
+test_pc_with_args("-boot c", 0, 0x02, 0, 0x02);
+test_pc_with_args("-boot nda", 0x10, 0x34, 0x10, 0x34);
+test_pc_with_args("-boot order=", 0, 0, 0, 0);
+test_pc_with_args("-boot order= -boot order=c", 0, 0x02, 0, 0x02);
+test_pc_with_args("-boot once=a", 0, 0x01, 0x30, 0x12);
+test_pc_with_args("-boot once=a -no-fd-bootchk", 0x01, 0x01, 0x31, 0x12);
+test_pc_with_args("-boot once=a,order=c", 0, 0x01, 0, 0x02);
+test_pc_with_args("-boot once=d -boot order=nda", 0, 0x03, 0x10, 0x34);
+test_pc_with_args("-boot once=a -boot once=b -boot once=c",
+  0, 0x02, 0x30, 0x12);
+}
+
+int main(int argc, char *argv[])
+{
+g_test_init(&argc, &argv, NULL);
+
+qtest_add_func("boot-order/pc", test_pc_boot_order);
+
+return g_test_run();
+}
-- 
1.7.11.7

Re: [Qemu-devel] [PATCH] make screendump an async command

[Gerd Hoffmann]

  Hi,

> Note: due to QAPI not generating async commands yet I had to remove the
> schema screendump definition.

Hmm, that will break libvirt I suspect.  Guess this one has to wait
until QAPI gained proper async command support.

cheers,
  Gerd

[Qemu-devel] [PATCH v3 14/16] boot-order-test: Add tests for Sun4m

[Markus Armbruster]

Cc: Blue Swirl 
Signed-off-by: Markus Armbruster 
---
 tests/boot-order-test.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
index 0060905..7b1edc1 100644
--- a/tests/boot-order-test.c
+++ b/tests/boot-order-test.c
@@ -178,6 +178,18 @@ static void test_pmac_newworld_boot_order(void)
 test_boot_orders("mac99", read_boot_order_pmac, test_cases_fw_cfg);
 }
 
+#define SUN4M_CFG_ADDR 0xd0510ULL
+
+static uint64_t read_boot_order_sun4m(void)
+{
+return read_fw_cfg_i16(SUN4M_CFG_ADDR, FW_CFG_BOOT_DEVICE);
+}
+
+static void test_sun4m_boot_order(void)
+{
+test_boot_orders("SS-5", read_boot_order_sun4m, test_cases_fw_cfg);
+}
+
 int main(int argc, char *argv[])
 {
 const char *arch = qtest_get_arch();
@@ -192,6 +204,8 @@ int main(int argc, char *argv[])
test_pmac_oldworld_boot_order);
 qtest_add_func("boot-order/pmac_newworld",
test_pmac_newworld_boot_order);
+} else if (strcmp(arch, "sparc") == 0) {
+qtest_add_func("boot-order/sun4m", test_sun4m_boot_order);
 }
 
 return g_test_run();
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 16/16] boot-order-test: Add tests for Sun4u

[Markus Armbruster]

Cc: Blue Swirl 
Signed-off-by: Markus Armbruster 
---
 tests/boot-order-test.c | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
index d1d99f8..37c7227 100644
--- a/tests/boot-order-test.c
+++ b/tests/boot-order-test.c
@@ -198,6 +198,18 @@ static void test_sun4m_boot_order(void)
 test_boot_orders("SS-5", read_boot_order_sun4m, test_cases_fw_cfg);
 }
 
+#define SUN4U_CFG_IOPORT 0x510
+
+static uint64_t read_boot_order_sun4u(void)
+{
+return read_fw_cfg_i16(SUN4U_CFG_IOPORT, true, FW_CFG_BOOT_DEVICE);
+}
+
+static void test_sun4u_boot_order(void)
+{
+test_boot_orders("sun4u", read_boot_order_sun4u, test_cases_fw_cfg);
+}
+
 int main(int argc, char *argv[])
 {
 const char *arch = qtest_get_arch();
@@ -214,6 +226,8 @@ int main(int argc, char *argv[])
test_pmac_newworld_boot_order);
 } else if (strcmp(arch, "sparc") == 0) {
 qtest_add_func("boot-order/sun4m", test_sun4m_boot_order);
+} else if (strcmp(arch, "sparc64") == 0) {
+qtest_add_func("boot-order/sun4u", test_sun4u_boot_order);
 }
 
 return g_test_run();
-- 
1.7.11.7

[Qemu-devel] [PATCH v3 11/16] boot-order-test: Better separate target-specific and generic parts

[Markus Armbruster]

The initial version did just PC.  I didn't bother to separate out
generic parts, because I don't like to abstract from a single case.

Now we have two cases, PC and PowerMac, and I'm about to add two more.
Time to do it right.

To ease review, this commit changes the code without in-place, and
only the next commit reorders it for better readability.

Cc: Andreas Färber 
Cc: Alexander Graf 
Cc: qemu-...@nongnu.org
Signed-off-by: Markus Armbruster 
---
 tests/boot-order-test.c | 160 ++--
 1 file changed, 99 insertions(+), 61 deletions(-)

diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
index f6dece6..23edacf 100644
--- a/tests/boot-order-test.c
+++ b/tests/boot-order-test.c
@@ -15,106 +15,141 @@
 #include "libqtest.h"
 #include "qemu/bswap.h"
 
-static void test_pc_cmos_byte(int reg, int expected)
+static uint8_t read_mc146818(uint16_t port, uint8_t reg)
 {
-int actual;
-
-outb(0x70, reg);
-actual = inb(0x71);
-g_assert_cmphex(actual, ==, expected);
+outb(port, reg);
+return inb(port + 1);
 }
 
-static void test_pc_cmos(uint8_t boot1, uint8_t boot2)
+static uint64_t read_boot_order_pc(void)
 {
-test_pc_cmos_byte(0x38, boot1);
-test_pc_cmos_byte(0x3d, boot2);
+uint8_t b1 = read_mc146818(0x70, 0x38);
+uint8_t b2 = read_mc146818(0x70, 0x3d);
+
+return b1 | (b2 << 8);
 }
 
-static void test_pc_with_args(const char *test_args,
-  uint8_t boot1, uint8_t boot2,
-  uint8_t reboot1, uint8_t reboot2)
+static void test_a_boot_order(const char *machine,
+  const char *test_args,
+  uint64_t (*read_boot_order)(void),
+  uint64_t expected_boot,
+  uint64_t expected_reboot)
 {
-char *args = g_strdup_printf("-nodefaults -display none %s", test_args);
+char *args;
+uint64_t actual;
 
+args = g_strdup_printf("-nodefaults -display none%s%s %s",
+   machine ? " -M " : "",
+   machine ?: "",
+   test_args);
 qtest_start(args);
-test_pc_cmos(boot1, boot2);
+actual = read_boot_order();
+g_assert_cmphex(actual, ==, expected_boot);
 qmp("{ 'execute': 'system_reset' }");
-test_pc_cmos(reboot1, reboot2);
+actual = read_boot_order();
+g_assert_cmphex(actual, ==, expected_reboot);
 qtest_quit(global_qtest);
 g_free(args);
 }
 
+typedef struct {
+const char *args;
+uint64_t expected_boot;
+uint64_t expected_reboot;
+} boot_order_test;
+
+static void test_boot_orders(const char *machine,
+ uint64_t (*read_boot_order)(void),
+ const boot_order_test *tests)
+{
+int i;
+
+for (i = 0; tests[i].args; i++) {
+test_a_boot_order(machine, tests[i].args,
+  read_boot_order,
+  tests[i].expected_boot,
+  tests[i].expected_reboot);
+}
+}
+
+static const boot_order_test test_cases_pc[] = {
+{ "",
+  0x1230, 0x1230 },
+{ "-no-fd-bootchk",
+  0x1231, 0x1231 },
+{ "-boot c",
+  0x0200, 0x0200 },
+{ "-boot nda",
+  0x3410, 0x3410 },
+{ "-boot order=",
+  0, 0 },
+{ "-boot order= -boot order=c",
+  0x0200, 0x0200 },
+{ "-boot once=a",
+  0x0100, 0x1230 },
+{ "-boot once=a -no-fd-bootchk",
+  0x0101, 0x1231 },
+{ "-boot once=a,order=c",
+  0x0100, 0x0200 },
+{ "-boot once=d -boot order=nda",
+  0x0300, 0x3410 },
+{ "-boot once=a -boot once=b -boot once=c",
+  0x0200, 0x1230 },
+{}
+};
+
 static void test_pc_boot_order(void)
 {
-test_pc_with_args("", 0x30, 0x12, 0x30, 0x12);
-test_pc_with_args("-no-fd-bootchk", 0x31, 0x12, 0x31, 0x12);
-test_pc_with_args("-boot c", 0, 0x02, 0, 0x02);
-test_pc_with_args("-boot nda", 0x10, 0x34, 0x10, 0x34);
-test_pc_with_args("-boot order=", 0, 0, 0, 0);
-test_pc_with_args("-boot order= -boot order=c", 0, 0x02, 0, 0x02);
-test_pc_with_args("-boot once=a", 0, 0x01, 0x30, 0x12);
-test_pc_with_args("-boot once=a -no-fd-bootchk", 0x01, 0x01, 0x31, 0x12);
-test_pc_with_args("-boot once=a,order=c", 0, 0x01, 0, 0x02);
-test_pc_with_args("-boot once=d -boot order=nda", 0, 0x03, 0x10, 0x34);
-test_pc_with_args("-boot once=a -boot once=b -boot once=c",
-  0, 0x02, 0x30, 0x12);
+test_boot_orders(NULL, read_boot_order_pc, test_cases_pc);
 }
 
-#define G3BEIGE_CFG_ADDR 0xf510
-#define MAC99_CFG_ADDR   0xf510
+#define PMAC_CFG_ADDR 0xf510
 
 #define NO_QEMU_PROTOS
 #include "hw/nvram/fw_cfg.h"
 #undef NO_QEMU_PROTOS
 
-static void powermac_fw_cfg_read(bool newworld, uint16_t cmd,
- uint8_t *buf, unsigned int len)
+static void read_fw_cfg(uint64_t cfg_addr, uint16_t cmd,
+

[Qemu-devel] [PULL 13/26] device tree: Fix cppcheck warning

[Michael Tokarev]

From: Stefan Weil 

Fix this cppcheck warning:

Checking device_tree.c...
device_tree.c:216: style:
 Checking if unsigned variable 'r' is less than zero.

Signed-off-by: Stefan Weil 
Signed-off-by: Michael Tokarev 
---
 device_tree.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/device_tree.c b/device_tree.c
index 56af24b..69be9da 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -213,7 +213,7 @@ uint32_t qemu_devtree_get_phandle(void *fdt, const char 
*path)
 uint32_t r;
 
 r = fdt_get_phandle(fdt, findnode_nofail(fdt, path));
-if (r <= 0) {
+if (r == 0) {
 fprintf(stderr, "%s: Couldn't get phandle for %s: %s\n", __func__,
 path, fdt_strerror(r));
 exit(1);
-- 
1.7.10.4

[Qemu-devel] [PATCH v3 15/16] boot-order-test: Support fw_cfg in I/O space

[Markus Armbruster]

Next commit needs it.

Cc: Blue Swirl 
Signed-off-by: Markus Armbruster 
---
 tests/boot-order-test.c | 24 
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/tests/boot-order-test.c b/tests/boot-order-test.c
index 7b1edc1..d1d99f8 100644
--- a/tests/boot-order-test.c
+++ b/tests/boot-order-test.c
@@ -133,23 +133,31 @@ static void test_prep_boot_order(void)
 test_boot_orders("prep", read_boot_order_prep, test_cases_prep);
 }
 
-static void read_fw_cfg(uint64_t cfg_addr, uint16_t cmd,
+static void read_fw_cfg(uint64_t cfg_addr, bool addr_is_io, uint16_t cmd,
 void *buf, size_t len)
 {
 uint8_t *p = buf;
 size_t i;
 
-writew(cfg_addr, cmd);
-for (i = 0; i < len; i++) {
-p[i] = readb(cfg_addr + 2);
+if (addr_is_io) {
+outw(cfg_addr, cmd);
+for (i = 0; i < len; i++) {
+p[i] = inb(cfg_addr + 1);
+}
+} else {
+writew(cfg_addr, cmd);
+for (i = 0; i < len; i++) {
+p[i] = readb(cfg_addr + 2);
+}
 }
 }
 
-static uint16_t read_fw_cfg_i16(uint64_t cfg_addr, uint16_t cmd)
+static uint16_t read_fw_cfg_i16(uint64_t cfg_addr, bool addr_is_io,
+uint16_t cmd)
 {
 uint16_t value;
 
-read_fw_cfg(cfg_addr, cmd, &value, sizeof(value));
+read_fw_cfg(cfg_addr, addr_is_io, cmd, &value, sizeof(value));
 return le16_to_cpu(value);
 }
 
@@ -157,7 +165,7 @@ static uint16_t read_fw_cfg_i16(uint64_t cfg_addr, uint16_t 
cmd)
 
 static uint64_t read_boot_order_pmac(void)
 {
-return read_fw_cfg_i16(PMAC_CFG_ADDR, FW_CFG_BOOT_DEVICE);
+return read_fw_cfg_i16(PMAC_CFG_ADDR, false, FW_CFG_BOOT_DEVICE);
 }
 
 static const boot_order_test test_cases_fw_cfg[] = {
@@ -182,7 +190,7 @@ static void test_pmac_newworld_boot_order(void)
 
 static uint64_t read_boot_order_sun4m(void)
 {
-return read_fw_cfg_i16(SUN4M_CFG_ADDR, FW_CFG_BOOT_DEVICE);
+return read_fw_cfg_i16(SUN4M_CFG_ADDR, false, FW_CFG_BOOT_DEVICE);
 }
 
 static void test_sun4m_boot_order(void)
-- 
1.7.11.7

[Qemu-devel] [PULL 00/26] Trivial-patches pull request for 2013-06-14

[Michael Tokarev]

This is yet another pull request from the trivial-patches queue.
There are many changes this time, most are really trivial, but
some, while also of trivial nature, are large(ish). These include:

 - linux headers update request, which syncs copy of linux headers
   with 3.10-rc5, together with 3 preparational changes

 - "char/serial: serial_ioport_write: Factor out common code" by
   Peter Crosthwaite, which is large but it removes ad-hoc implementation
   and uses generic bits instead

 - "create qemu_openpty_raw() helper function and move it to a separate file"
   by Michael Tokarev, which is also a bit large but it just moves common code
   into a separate file.

It all appears to build (on OpenBSD, FreeBSD, OpenIndiana and Linux) and
work, as far as I can tell.

Please pull.

Thanks,

/mjt

The following changes since commit bd5c51ee6c4f1c79cae5ad2516d711a27b4ea8ec:

  qemu-char: don't issue CHR_EVENT_OPEN in a BH (2013-06-10 11:38:37 -0500)

are available in the git repository at:

  git://git.corpit.ru/qemu.git trivial-patches-next

for you to fetch changes up to ba275adba09adfc0f7ec533f1fddba678d9ba826:

  piix: fix some printf errors when debug is enabled (2013-06-14 14:38:45 +0400)


Alexey Kardashevskiy (3):
  KVM: ARM: Add dummy kvm_arch_init_irq_routing()
  KVM: S390: Add dummy kvm_arch_init_irq_routing()
  linux-headers: Update to v3.10-rc5

Alon Levy (1):
  libcacard/vscclient: fix leakage of socket on error paths

Andreas Färber (1):
  Makefile: Install qemu-img and qemu-nbd man pages only if built

Ed Maste (2):
  configure: remove ${config_host_ld} variable
  configure: Disable host-bsd USB on FreeBSD

Hervé Poussineau (1):
  cputlb: fix debug logs

Hu Tao (1):
  piix: fix some printf errors when debug is enabled

Michael Tokarev (4):
  qemu-char: remove a few needless #includes
  gitignore: unignore *.patch
  main-loop: do not include slirp/slirp.h, use libslirp.h instead
  create qemu_openpty_raw() helper function and move it to a separate file

Peter Crosthwaite (4):
  intc/xilinx_intc: Use qemu_set_irq
  char/serial: cosmetic fixes.
  char/serial: Use generic Fifo8
  char/serial: serial_ioport_write: Factor out common code

Peter Wu (2):
  gtk: implement -full-screen
  Unbreak -no-quit for GTK, validate SDL options

Richard W.M. Jones (1):
  curl: Whitespace only changes.

Scott Wood (1):
  KVM: PPC: Add dummy kvm_arch_init_irq_routing()

Stefan Hajnoczi (1):
  ivshmem: add missing error exit(2)

Stefan Weil (4):
  device tree: Fix cppcheck warning
  hw/scsi: Don't increment a boolean value
  target-sparc: Replace free by g_free
  hw/xen: Use g_free instead of free and fix potential memory leaks

 .gitignore|1 -
 Makefile  |5 +-
 block/curl.c  |4 +-
 configure |7 +--
 cputlb.c  |4 +-
 device_tree.c |2 +-
 hw/acpi/piix4.c   |   12 ++---
 hw/char/serial.c  |  128 
+++-
 hw/intc/xilinx_intc.c |6 +--
 hw/misc/ivshmem.c |1 +
 hw/scsi/vmw_pvscsi.c  |2 +-
 hw/xen/xen_pt_config_init.c   |4 +-
 include/hw/char/serial.h  |   15 ++
 include/qemu-common.h |   15 +-
 include/ui/console.h  |2 +-
 libcacard/vscclient.c |9 +++-
 linux-headers/asm-arm/kvm.h   |   12 ++---
 linux-headers/asm-mips/kvm.h  |  138 

 linux-headers/asm-mips/kvm_para.h |1 +
 linux-headers/asm-powerpc/kvm.h   |   89 +
 linux-headers/asm-x86/kvm.h   |1 -
 linux-headers/linux/kvm.h |   42 +---
 linux-headers/linux/vfio.h|1 +
 linux-headers/linux/vhost.h   |   28 +++
 main-loop.c   |3 +-
 qemu-char.c   |   79 ++
 target-arm/kvm.c  |4 ++
 target-ppc/kvm.c  |4 ++
 target-s390x/kvm.c|4 ++
 target-sparc/cpu.c|2 +-
 ui/gtk.c  |   18 +++
 util/Makefile.objs|2 +-
 util/qemu-openpty.c   |  135 
++
 vl.c  |   17 ---
 xen-all.c |8 +--
 35 files changed, 569 insertions(+), 236 deletions(-)
 create mode 100644 linux-headers/asm-mips/kvm.h
 create mode 100644 linux-headers/asm-mips/kvm_para.h
 create mode 100644 util/qemu-openpty.c

[Qemu-devel] [PATCH] arm/boot: Free dtb blob memory after use

[Peter Maydell]

The dtb blob returned by load_device_tree() is in memory allocated
with g_malloc(). Free it accordingly once we have copied its
contents into the guest memory. To make this easy, we need also to
clean up the error handling in load_dtb() so that we consistently
handle errors in the same way (by printing a message and then
returning -1, rather than either plowing on or exiting immediately).

Signed-off-by: Peter Maydell 
---
 hw/arm/boot.c |   20 +++-
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/hw/arm/boot.c b/hw/arm/boot.c
index f8c2031..f5870f6 100644
--- a/hw/arm/boot.c
+++ b/hw/arm/boot.c
@@ -238,14 +238,14 @@ static int load_dtb(hwaddr addr, const struct 
arm_boot_info *binfo)
 filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, binfo->dtb_filename);
 if (!filename) {
 fprintf(stderr, "Couldn't open dtb file %s\n", binfo->dtb_filename);
-return -1;
+goto fail;
 }
 
 fdt = load_device_tree(filename, &size);
 if (!fdt) {
 fprintf(stderr, "Couldn't open dtb file %s\n", filename);
 g_free(filename);
-return -1;
+goto fail;
 }
 g_free(filename);
 
@@ -253,7 +253,7 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info 
*binfo)
 scells = qemu_devtree_getprop_cell(fdt, "/", "#size-cells");
 if (acells == 0 || scells == 0) {
 fprintf(stderr, "dtb file invalid (#address-cells or #size-cells 
0)\n");
-return -1;
+goto fail;
 }
 
 mem_reg_propsize = acells + scells;
@@ -265,7 +265,7 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info 
*binfo)
 } else if (hival != 0) {
 fprintf(stderr, "qemu: dtb file not compatible with "
 "RAM start address > 4GB\n");
-exit(1);
+goto fail;
 }
 mem_reg_property[acells + scells - 1] = cpu_to_be32(binfo->ram_size);
 hival = cpu_to_be32(binfo->ram_size >> 32);
@@ -274,13 +274,14 @@ static int load_dtb(hwaddr addr, const struct 
arm_boot_info *binfo)
 } else if (hival != 0) {
 fprintf(stderr, "qemu: dtb file not compatible with "
 "RAM size > 4GB\n");
-exit(1);
+goto fail;
 }
 
 rc = qemu_devtree_setprop(fdt, "/memory", "reg", mem_reg_property,
   mem_reg_propsize * sizeof(uint32_t));
 if (rc < 0) {
 fprintf(stderr, "couldn't set /memory/reg\n");
+goto fail;
 }
 
 if (binfo->kernel_cmdline && *binfo->kernel_cmdline) {
@@ -288,6 +289,7 @@ static int load_dtb(hwaddr addr, const struct arm_boot_info 
*binfo)
   binfo->kernel_cmdline);
 if (rc < 0) {
 fprintf(stderr, "couldn't set /chosen/bootargs\n");
+goto fail;
 }
 }
 
@@ -296,20 +298,28 @@ static int load_dtb(hwaddr addr, const struct 
arm_boot_info *binfo)
 binfo->initrd_start);
 if (rc < 0) {
 fprintf(stderr, "couldn't set /chosen/linux,initrd-start\n");
+goto fail;
 }
 
 rc = qemu_devtree_setprop_cell(fdt, "/chosen", "linux,initrd-end",
 binfo->initrd_start + binfo->initrd_size);
 if (rc < 0) {
 fprintf(stderr, "couldn't set /chosen/linux,initrd-end\n");
+goto fail;
 }
 }
 qemu_devtree_dumpdtb(fdt, size);
 
 cpu_physical_memory_write(addr, fdt, size);
 
+g_free(fdt);
+
 return 0;
 
+fail:
+g_free(fdt);
+return -1;
+
 #else
 fprintf(stderr, "Device tree requested, "
 "but qemu was compiled without fdt support\n");
-- 
1.7.9.5

Re: [Qemu-devel] [Xen-devel] [BUG 1747]Guest could't find bootable device with memory more than 3600M

[Ian Campbell]

On Fri, 2013-06-14 at 11:53 +0100, George Dunlap wrote:
> On Thu, Jun 13, 2013 at 6:22 PM, Ian Campbell  wrote:
> > On Thu, 2013-06-13 at 17:55 +0100, Stefano Stabellini wrote:
> >
> >> > > We could have a xenstore flag somewhere that enables the old behaviour
> >> > > so that people can revert back to qemu-xen-traditional and make the pci
> >> > > hole below 4G even bigger than 448MB, but I think that keeping the old
> >> > > behaviour around is going to make the code more difficult to maintain.
> >> >
> >> > The downside of that is that things which worked with the old scheme may
> >> > not work with the new one though. Early in a release cycle when we have
> >> > time to discover what has broken then that might be OK, but is post rc4
> >> > really the time to be risking it?
> >>
> >> Yes, you are right: there are some scenarios that would have worked
> >> before that wouldn't work anymore with the new scheme.
> >> Are they important enough to have a workaround, pretty difficult to
> >> identify for a user?
> >
> > That question would be reasonable early in the development cycle. At rc4
> > the question should be: do we think this problem is so critical that we
> > want to risk breaking something else which currently works for people.
> >
> > Remember that we are invalidating whatever passthrough testing people
> > have already done up to this point of the release.
> >
> > It is also worth noting that the things which this change ends up
> > breaking may for all we know be equally difficult for a user to identify
> > (they are after all approximately the same class of issue).
> >
> > The problem here is that the risk is difficult to evaluate, we just
> > don't know what will break with this change, and we don't know therefore
> > if the cure is worse than the disease. The conservative approach at this
> > point in the release would be to not change anything, or to change the
> > minimal possible number of things (which would preclude changes which
> > impact qemu-trad IMHO).
> >
> 
> 
> > WRT pretty difficult to identify -- the root of this thread suggests the
> > guest entered a reboot loop with "No bootable device", that sounds
> > eminently release notable to me. I also not that it was changing the
> > size of the PCI hole which caused the issue -- which does somewhat
> > underscore the risks involved in this sort of change.
> 
> But that bug was a bug in the first attempt to fix the root problem.
> The root problem shows up as qemu crashing at some point because it
> tried to access invalid guest gpfn space; see
> http://lists.xen.org/archives/html/xen-devel/2013-03/msg00559.html.
> 
> Stefano tried to fix it with the above patch, just changing the hole
> to start at 0xe; but that was incomplete, as it didn't match with
> hvmloader and seabios's view of the world.  That's what this bug
> report is about.  This thread is an attempt to find a better fix.
> 
> So the root problem is that if we revert this patch, and someone
> passes through a pci device using qemu-xen (the default) and the MMIO
> hole is resized, at some point in the future qemu will randomly die.

Right, I see, thanks for explaining.

> If it's a choice between users experiencing, "My VM randomly crashes"
> and experiencing, "I tried to pass through this device but the guest
> OS doesn't see it", I'd rather choose the latter.

All other things being equal, obviously we all would. But the point I've
been trying to make is that we don't know the other consequences of
making that fix -- e.g. on existing working configurations. So the
choice is "some VMs randomly crash, but other stuff works fine and we
have had a reasonable amount of user testing" and "those particular VMs
don't crash any more, but we don't know what other stuff no longer works
and the existing test base has been at least partially invalidated".

I think that at post rc4 in a release we ought to be being pretty
conservative about the risks of this sort of change, especially wrt
invalidating testing and the unknowns involved.

Aren't the configurations which might trip over this issue are going to
be in the minority compared to those which we risk breaking?

Ian.

[Qemu-devel] [PATCH 3/6] sun4: Don't prematurely explode QEMUMachineInitArgs

[Markus Armbruster]

Don't explode QEMUMachineInitArgs before passing it to
sun4m_hw_init(), sun4uv_init().

Signed-off-by: Markus Armbruster 
---
 hw/sparc/sun4m.c   | 113 -
 hw/sparc64/sun4u.c |  52 +++-
 2 files changed, 40 insertions(+), 125 deletions(-)

diff --git a/hw/sparc/sun4m.c b/hw/sparc/sun4m.c
index 0e86ca7..79d17c8 100644
--- a/hw/sparc/sun4m.c
+++ b/hw/sparc/sun4m.c
@@ -816,12 +816,10 @@ static void dummy_fdc_tc(void *opaque, int irq, int level)
 {
 }
 
-static void sun4m_hw_init(const struct sun4m_hwdef *hwdef, ram_addr_t RAM_size,
-  const char *boot_device,
-  const char *kernel_filename,
-  const char *kernel_cmdline,
-  const char *initrd_filename, const char *cpu_model)
+static void sun4m_hw_init(const struct sun4m_hwdef *hwdef,
+  QEMUMachineInitArgs *args)
 {
+const char *cpu_model = args->cpu_model;
 unsigned int i;
 void *iommu, *espdma, *ledma, *nvram;
 qemu_irq *cpu_irqs[MAX_CPUS], slavio_irq[32], slavio_cpu_irq[MAX_CPUS],
@@ -847,10 +845,10 @@ static void sun4m_hw_init(const struct sun4m_hwdef 
*hwdef, ram_addr_t RAM_size,
 
 
 /* set up devices */
-ram_init(0, RAM_size, hwdef->max_mem);
+ram_init(0, args->ram_size, hwdef->max_mem);
 /* models without ECC don't trap when missing ram is accessed */
 if (!hwdef->ecc_base) {
-empty_slot_init(RAM_size, hwdef->max_mem - RAM_size);
+empty_slot_init(args->ram_size, hwdef->max_mem - args->ram_size);
 }
 
 prom_init(hwdef->slavio_base, bios_name);
@@ -973,11 +971,12 @@ static void sun4m_hw_init(const struct sun4m_hwdef 
*hwdef, ram_addr_t RAM_size,
 empty_slot_init(hwdef->bpp_base, 0x20);
 }
 
-kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename,
-RAM_size);
+kernel_size = sun4m_load_kernel(args->kernel_filename,
+args->initrd_filename,
+args->ram_size);
 
-nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
-   boot_device, RAM_size, kernel_size, graphic_width,
+nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, args->kernel_cmdline,
+   args->boot_device, args->ram_size, kernel_size, graphic_width,
graphic_height, graphic_depth, hwdef->nvram_machine_id,
"Sun4m");
 
@@ -993,19 +992,20 @@ static void sun4m_hw_init(const struct sun4m_hwdef 
*hwdef, ram_addr_t RAM_size,
 fw_cfg_add_i16(fw_cfg, FW_CFG_SUN4M_DEPTH, graphic_depth);
 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_ADDR, KERNEL_LOAD_ADDR);
 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_SIZE, kernel_size);
-if (kernel_cmdline) {
+if (args->kernel_cmdline) {
 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, CMDLINE_ADDR);
-pstrcpy_targphys("cmdline", CMDLINE_ADDR, TARGET_PAGE_SIZE, 
kernel_cmdline);
-fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, kernel_cmdline);
+pstrcpy_targphys("cmdline", CMDLINE_ADDR, TARGET_PAGE_SIZE,
+ args->kernel_cmdline);
+fw_cfg_add_string(fw_cfg, FW_CFG_CMDLINE_DATA, args->kernel_cmdline);
 fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE,
-   strlen(kernel_cmdline) + 1);
+   strlen(args->kernel_cmdline) + 1);
 } else {
 fw_cfg_add_i32(fw_cfg, FW_CFG_KERNEL_CMDLINE, 0);
 fw_cfg_add_i32(fw_cfg, FW_CFG_CMDLINE_SIZE, 0);
 }
 fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_ADDR, INITRD_LOAD_ADDR);
 fw_cfg_add_i32(fw_cfg, FW_CFG_INITRD_SIZE, 0); // not used
-fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, boot_device[0]);
+fw_cfg_add_i16(fw_cfg, FW_CFG_BOOT_DEVICE, args->boot_device[0]);
 qemu_register_boot_set(fw_cfg_boot_set, fw_cfg);
 }
 
@@ -1269,118 +1269,55 @@ static const struct sun4m_hwdef sun4m_hwdefs[] = {
 /* SPARCstation 5 hardware initialisation */
 static void ss5_init(QEMUMachineInitArgs *args)
 {
-ram_addr_t RAM_size = args->ram_size;
-const char *cpu_model = args->cpu_model;
-const char *kernel_filename = args->kernel_filename;
-const char *kernel_cmdline = args->kernel_cmdline;
-const char *initrd_filename = args->initrd_filename;
-const char *boot_device = args->boot_device;
-sun4m_hw_init(&sun4m_hwdefs[0], RAM_size, boot_device, kernel_filename,
-  kernel_cmdline, initrd_filename, cpu_model);
+sun4m_hw_init(&sun4m_hwdefs[0], args);
 }
 
 /* SPARCstation 10 hardware initialisation */
 static void ss10_init(QEMUMachineInitArgs *args)
 {
-ram_addr_t RAM_size = args->ram_size;
-const char *cpu_model = args->cpu_model;
-const char *kernel_filename = args->kernel_filename;
-const char *kernel_cmdline = args->kernel_cmdline;
-const char *initrd_filename = args->initrd_filename;
-const char *boot_device

[Qemu-devel] [PATCH 0/6] Clean up bogus default boot order

[Markus Armbruster]

This is on top of "[PATCH v3 00/16] -boot and -no-fd-bootchk fixes",
so it's protected by the tests there.

The first five patches are admittedly related to the stated purpose of
this series pretty much only by "I can't stand perpetuating this
stupid crap".  Max Filippov and Peter Maydell already cleaned up
Xtensa and ARM the same way.

Markus Armbruster (6):
  pc: Don't prematurely explode QEMUMachineInitArgs
  pc: Don't explode QEMUMachineInitArgs into local variables needlessly
  sun4: Don't prematurely explode QEMUMachineInitArgs
  ppc: Don't explode QEMUMachineInitArgs into local variables
needlessly
  ppc: Don't duplicate QEMUMachineInitArgs in PPCE500Params
  hw: Clean up bogus default boot order

 hw/alpha/dp264.c |   1 -
 hw/arm/collie.c  |   1 -
 hw/arm/exynos4_boards.c  |   2 -
 hw/arm/gumstix.c |   2 -
 hw/arm/highbank.c|   1 -
 hw/arm/integratorcp.c|   1 -
 hw/arm/kzm.c |   1 -
 hw/arm/mainstone.c   |   1 -
 hw/arm/musicpal.c|   1 -
 hw/arm/nseries.c |   6 +-
 hw/arm/omap_sx1.c|   2 -
 hw/arm/palm.c|   1 -
 hw/arm/realview.c|   4 -
 hw/arm/spitz.c   |   4 -
 hw/arm/stellaris.c   |   2 -
 hw/arm/tosa.c|   1 -
 hw/arm/versatilepb.c |   2 -
 hw/arm/vexpress.c|   2 -
 hw/arm/xilinx_zynq.c |   1 -
 hw/arm/z2.c  |   1 -
 hw/core/null-machine.c   |   1 -
 hw/cris/axis_dev88.c |   1 -
 hw/i386/pc_piix.c|  87 +++-
 hw/i386/pc_q35.c |  26 +++---
 hw/i386/xen_machine_pv.c |   1 -
 hw/lm32/lm32_boards.c|   2 -
 hw/lm32/milkymist.c  |   1 -
 hw/m68k/an5206.c |   1 -
 hw/m68k/dummy_m68k.c |   1 -
 hw/m68k/mcf5208.c|   1 -
 hw/microblaze/petalogix_ml605_mmu.c  |   1 -
 hw/microblaze/petalogix_s3adsp1800_mmu.c |   1 -
 hw/mips/mips_fulong2e.c  |   1 -
 hw/mips/mips_jazz.c  |   2 -
 hw/mips/mips_malta.c |   1 -
 hw/mips/mips_mipssim.c   |   1 -
 hw/mips/mips_r4k.c   |   1 -
 hw/openrisc/openrisc_sim.c   |   1 -
 hw/ppc/e500.c|  35 +
 hw/ppc/e500.h|  13 +--
 hw/ppc/e500plat.c|  15 +---
 hw/ppc/mac_newworld.c|   4 +-
 hw/ppc/mac_oldworld.c|   4 +-
 hw/ppc/mpc8544ds.c   |  15 +---
 hw/ppc/ppc405_boards.c   |   2 -
 hw/ppc/ppc440_bamboo.c   |   1 -
 hw/ppc/prep.c|   4 +-
 hw/ppc/spapr.c   |   4 +-
 hw/ppc/virtex_ml507.c|   1 -
 hw/s390x/s390-virtio-ccw.c   |   1 -
 hw/s390x/s390-virtio.c   |   1 -
 hw/sh4/r2d.c |   1 -
 hw/sh4/shix.c|   1 -
 hw/sparc/leon3.c |   1 -
 hw/sparc/sun4m.c | 131 ---
 hw/sparc64/sun4u.c   |  58 +-
 hw/unicore32/puv3.c  |   1 -
 hw/xtensa/xtensa_lx60.c  |   2 -
 hw/xtensa/xtensa_sim.c   |   1 -
 include/hw/boards.h  |   7 +-
 vl.c |   4 +-
 61 files changed, 128 insertions(+), 347 deletions(-)

-- 
1.7.11.7

[Qemu-devel] [PATCH 4/6] ppc: Don't explode QEMUMachineInitArgs into local variables needlessly

[Markus Armbruster]

Don't explode when the variable is used just once, and never changed.

Signed-off-by: Markus Armbruster 
---
 hw/ppc/e500plat.c  | 18 ++
 hw/ppc/mpc8544ds.c | 18 ++
 2 files changed, 12 insertions(+), 24 deletions(-)

diff --git a/hw/ppc/e500plat.c b/hw/ppc/e500plat.c
index c852995..a78de07 100644
--- a/hw/ppc/e500plat.c
+++ b/hw/ppc/e500plat.c
@@ -30,19 +30,13 @@ static void e500plat_fixup_devtree(PPCE500Params *params, 
void *fdt)
 
 static void e500plat_init(QEMUMachineInitArgs *args)
 {
-ram_addr_t ram_size = args->ram_size;
-const char *boot_device = args->boot_device;
-const char *cpu_model = args->cpu_model;
-const char *kernel_filename = args->kernel_filename;
-const char *kernel_cmdline = args->kernel_cmdline;
-const char *initrd_filename = args->initrd_filename;
 PPCE500Params params = {
-.ram_size = ram_size,
-.boot_device = boot_device,
-.kernel_filename = kernel_filename,
-.kernel_cmdline = kernel_cmdline,
-.initrd_filename = initrd_filename,
-.cpu_model = cpu_model,
+.ram_size = args->ram_size,
+.boot_device = args->boot_device,
+.kernel_filename = args->kernel_filename,
+.kernel_cmdline = args->kernel_cmdline,
+.initrd_filename = args->initrd_filename,
+.cpu_model = args->cpu_model,
 .pci_first_slot = 0x1,
 .pci_nr_slots = PCI_SLOT_MAX - 1,
 .fixup_devtree = e500plat_fixup_devtree,
diff --git a/hw/ppc/mpc8544ds.c b/hw/ppc/mpc8544ds.c
index 444da02..4e551af 100644
--- a/hw/ppc/mpc8544ds.c
+++ b/hw/ppc/mpc8544ds.c
@@ -28,19 +28,13 @@ static void mpc8544ds_fixup_devtree(PPCE500Params *params, 
void *fdt)
 
 static void mpc8544ds_init(QEMUMachineInitArgs *args)
 {
-ram_addr_t ram_size = args->ram_size;
-const char *boot_device = args->boot_device;
-const char *cpu_model = args->cpu_model;
-const char *kernel_filename = args->kernel_filename;
-const char *kernel_cmdline = args->kernel_cmdline;
-const char *initrd_filename = args->initrd_filename;
 PPCE500Params params = {
-.ram_size = ram_size,
-.boot_device = boot_device,
-.kernel_filename = kernel_filename,
-.kernel_cmdline = kernel_cmdline,
-.initrd_filename = initrd_filename,
-.cpu_model = cpu_model,
+.ram_size = args->ram_size,
+.boot_device = args->boot_device,
+.kernel_filename = args->kernel_filename,
+.kernel_cmdline = args->kernel_cmdline,
+.initrd_filename = args->initrd_filename,
+.cpu_model = args->cpu_model,
 .pci_first_slot = 0x11,
 .pci_nr_slots = 2,
 .fixup_devtree = mpc8544ds_fixup_devtree,
-- 
1.7.11.7