Re: [Qemu-devel] [Bug 1262081] qemu-system-sparc in qemu 1.7.0 fails to boot with Sun ROM

[Mark Cave-Ayland]

On 23/12/13 03:02, Peter Bartoli wrote:

Hi Peter,


Very welcome!  Thanks for the awesome software.  It's allowed me to put my 
SparcServer 5 out to pasture as a demonstration machine.  Really, really hoping 
that it supports the tcx with OBP at some point soon ... that'd be very cool.

I filed a separate bug report on that before realizing that it didn't
work quite by design/limitation; please pardon my ignorance.


Thanks for the feedback. Actually it does boot in TCX mode with the 
FCode ROM attached to this bug report - well at least you can boot into 
OBP. If you're running Solaris, then the problem is that their version 
of X doesn't have a TCX driver and so boot hangs after "Starting 
OpenWindows". Other OS such as Linux do have a TCX driver and so work fine.


I currently have patches for a CG3 framebuffer pending that will enable 
you to boot Solaris into graphics mode, which I hope will be applied soon.


Also Artyom's blog is quite out of date with respect to OpenBIOS - 
OpenBIOS has been able to boot my test Solaris 8 image for over 2 years 
now so you may find that you can get by without the proprietary Sun ROM 
(and avoid having to manually type a boot command into OBP every time 
you restart). Unfortunately the OpenBIOS binaries for 1.7 also have a 
bug that breaks booting from hard disks (CDROMs are fine), but the 
updated binaries should be merged into git in time for the next 1.7.x 
release.



HTH,

Mark.

[Qemu-devel] target-arm: aarch64: ask for suggestion, a few insn implementations for review.

[Dennis Lan (dlan)]

Hi Folks:
   I'm writing this letter mainly for help and suggestion.
   I'm using qemu-aarch64[1] from matz's repository, which actually is
not official.
with matz's repo, and trying to build a small gentoo rootfs, I
encountered a problem with gcc-4.9.0 and if only commit[2] is
included, I have reported to gcc upstream, for more information can be
found here[3]

   The problem is that there are still a few insn implementations
missing in matz's repo,
so I try to implement them myself[4]. I'm not familiar with qemu tcg,
so those patches probably more than a hack, it would be great if
anyone can help to review, whether I'm doing this correct or not (I'm
not seeking for upstreaming those patches).
   yes, I've seen aarch64's work is heading for upstream, and I jumped
a little ahead..
so, let me know what the best i can do.

Lan

[1] git://github.com/susematz/qemu.git , branch: aarch64-1.6

[2] commit from gcc-4.9.0
commit 07ca5686e64d32f7df4ccf4205d0b914f120da5e
Author: yroux 
Date:   Thu Sep 26 09:09:30 2013 +

2013-09-26  Yvan Roux  

* config/aarch64/aarch64.opt (mlra): New option.
* config/aarch64/aarch64.c (aarch64_lra_p): New function.
(TARGET_LRA_P): Define.

git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@202940
138bc75d-0d04-0410-961f-82ee72b054a4

[3] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59573

[4] aarch64 patches
 git://github.com/dlanx/qemu.git , branch: aarch64-1.6

  aarch64: Implement simd SHL immediate support
  aarch64: Enable NEG insn support which is already implemented
  aarch64: Enable USHL insn support which is already implemented
  aarch64: Implement CMEQ(zero) scalar insn

Re: [Qemu-devel] [PATCH v2 2/2] full introspection support for QMP

[Amos Kong]

On Fri, Dec 20, 2013 at 07:03:57PM +0100, Paolo Bonzini wrote:
> Il 20/12/2013 12:57, Amos Kong ha scritto:
> > { 'type': 'DataObjectBase',
> >   'data': { '*name': 'str', 'type': 'str' } }
> > { 'union': 'DataObjectMemberType',
> >   'discriminator': {},
> >   'data': { 'reference': 'str',
> > 'undefined': 'DataObject',
> > 'extend': 'DataObject' } }
> 
> What is the purpose of "undefined"?  I don't see any occurrence of any
> of "undefined" or "extend" in the sample.


| { 'type': 'VersionInfo',
|   'data': {'qemu': {'major': 'int', 'minor': 'int', 'micro': 'int'},
|   ^

| {
|   "name": "VersionInfo", 
|   "type": "type", 
|   "data": [
|~  {
|~  "name": "qemu", 
|~  "optional": false, 
|~  "type": {
|~  "type": "undefined-struct", 
|~  "data": [
|~  {
|~  "name": "micro", 
|~  "optional": false, 
|~  "recursive": false, 
|~  "type": "int"
|~  }, 
|~  {
|~  "name": "minor", 
|~  "optional": false, 
|~  "recursive": false, 
|~  "type": "int"
|~  }, 
|~  {
|~  "name": "major", 
|~  "optional": false, 
|~  "recursive": false, 
|~  "type": "int"
|~  }
|~  ]
|~  }
|~  }, 

> > { 'type': 'DataObjectMember',
> >   'data': { 'type': 'DataObjectMemberType', '*name': 'str',
> > '*optional': 'bool', '*recursive': 'bool' } }
> > { 'type': 'DataObjectCommand',
> >   'data': { '*data': [ 'DataObjectMember' ],
> > '*returns': 'DataObject',
> > '*gen': 'bool' } }
> > { 'type': 'DataObjectEnumeration',
> >   'data': { 'data': [ 'str' ] } }
> > { 'type': 'DataObjectType',
> >   'data': { 'data': [ 'DataObjectMember' ] } }
> > { 'type': 'DataObjectUndefinedStruct',
> 
> Perhaps Unnamed or Anonymous?
 
Anonymous is good.

> >   'data': { 'data': [ 'DataObjectMember' ] } }
> > { 'type': 'DataObjectUnion',
> >   'data': { 'data': [ 'DataObjectMember' ], '*base': 'str',
> > '*discriminator': 'str' } }
> > { 'union': 'DataObject',
> >   'base': 'DataObjectBase',
> >   'discriminator': 'type',
> >   'data': {
> > 'command': 'DataObjectCommand',
> > 'enumeration': 'DataObjectEnumeration',
> > 'type': 'DataObjectType',
> > 'undefined-struct': 'DataObjectUndefinedStruct',
> > 'reference-type': 'String',
> > 'unionobj': 'DataObjectUnion' } }
> > { 'command': 'query-qmp-schema', 'returns': ['DataObject'] }
> 
> I think forcing expansion of everything that isn't unnamed/anonymous
> makes the schema much larger and unwieldy.  Otherwise looks great!

We want to provide more useful metadata, and used some enum/unions to
indicate the dynamic type.

In the output, some simple data is processed too unwieldy. In another
side, some complex data is described clearly. It's also caused by some
limitation of QAPI infrastructure.
 
> Paolo

-- 
Amos.

Re: [Qemu-devel] target-arm: aarch64: ask for suggestion, a few insn implementations for review.

[Dennis Lan (dlan)]

On Mon, Dec 23, 2013 at 4:09 PM, Dennis Lan (dlan)
 wrote:
> Hi Folks:
>I'm writing this letter mainly for help and suggestion.
>I'm using qemu-aarch64[1] from matz's repository, which actually is
> not official.
> with matz's repo, and trying to build a small gentoo rootfs, I
> encountered a problem with gcc-4.9.0 and if only commit[2] is
> included, I have reported to gcc upstream, for more information can be
> found here[3]
>
>The problem is that there are still a few insn implementations
> missing in matz's repo,
> so I try to implement them myself[4]. I'm not familiar with qemu tcg,
> so those patches probably more than a hack, it would be great if
> anyone can help to review, whether I'm doing this correct or not (I'm
> not seeking for upstreaming those patches).
>yes, I've seen aarch64's work is heading for upstream, and I jumped
> a little ahead..
> so, let me know what the best i can do.
>
> Lan
>
> [1] git://github.com/susematz/qemu.git , branch: aarch64-1.6
>
> [2] commit from gcc-4.9.0
> commit 07ca5686e64d32f7df4ccf4205d0b914f120da5e
> Author: yroux 
> Date:   Thu Sep 26 09:09:30 2013 +
>
> 2013-09-26  Yvan Roux  
>
> * config/aarch64/aarch64.opt (mlra): New option.
> * config/aarch64/aarch64.c (aarch64_lra_p): New function.
> (TARGET_LRA_P): Define.
>
> git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@202940
> 138bc75d-0d04-0410-961f-82ee72b054a4
>
> [3] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59573
>
> [4] aarch64 patches
>  git://github.com/dlanx/qemu.git , branch: aarch64-1.6
>
>   aarch64: Implement simd SHL immediate support
>   aarch64: Enable NEG insn support which is already implemented
>   aarch64: Enable USHL insn support which is already implemented
>   aarch64: Implement CMEQ(zero) scalar insn

Intead of use "git send-email", I just paste patches here
let me know if I did this wrong.


>From b0703396ac634e9f28ae3bec63f123e95136257d Mon Sep 17 00:00:00 2001
From: "Lan Yixun (dlan)" 
Date: Tue, 10 Dec 2013 19:08:52 +0800
Subject: [PATCH 1/4] aarch64: Implement simd SHL immediate support

C6.3.222 SHL scalar variant instruction

Signed-off-by: Lan Yixun (dlan) 
---
 target-arm/translate-a64.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 36ebb0f..88cc2dc 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -3617,6 +3617,7 @@ static void handle_simd_shifti(DisasContext *s,
uint32_t insn)
 int opcode = get_bits(insn, 11, 5);
 int immb = get_bits(insn, 16, 3);
 int immh = get_bits(insn, 19, 4);
+bool is_scalar = get_bits(insn, 28, 1);
 bool is_u = get_bits(insn, 29, 1);
 bool is_q = get_bits(insn, 30, 1);
 bool accumulate = get_bits(insn, 12, 1);
@@ -3658,6 +3659,7 @@ static void handle_simd_shifti(DisasContext *s,
uint32_t insn)
 unallocated_encoding(s);
 return;
 }
+if (is_scalar) is_q = false;
 accumulate = round = false;
 shift = shift - (8 << size);
 break;
@@ -4474,6 +4476,9 @@ void disas_a64_insn(CPUARMState *env, DisasContext *s)
 handle_fpdp3s32(s, insn);
 } else if (!get_bits(insn, 29, 3) && (get_bits(insn, 22, 2) == 0x1)) {
 handle_fpdp3s64(s, insn);
+} else if (!get_bits(insn, 31, 1) && !get_bits(insn, 23, 1) &&
+get_bits(insn, 10, 1) && (get_bits(insn, 11, 5) == 0xA)) {
+handle_simd_shifti(s, insn);
 } else {
 goto unknown_insn;
 }
-- 
1.8.5.2

>From 240b63309c0f8f8f91282bfd461c6cb786c4b0c2 Mon Sep 17 00:00:00 2001
From: "Lan Yixun (dlan)" 
Date: Fri, 13 Dec 2013 21:39:59 +0800
Subject: [PATCH 2/4] aarch64: Enable NEG insn support which is already
 implemented

C6.3.184 NEG scalar variant instruction

Signed-off-by: Lan Yixun (dlan) 
---
 target-arm/translate-a64.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 88cc2dc..1a816ae 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/translate-a64.c
@@ -4467,6 +4467,9 @@ void disas_a64_insn(CPUARMState *env, DisasContext *s)
 } else {
 handle_scpsp (s, insn);
 }
+} else if (get_bits(insn, 17, 5) == 0x10 &&
+   get_bits(insn, 11, 1) && !get_bits(insn, 10, 1)) {
+handle_simd_misc(s, insn);
 } else {
 goto unknown_insn;
 }
-- 
1.8.5.2

>From e1afeb63120acec26f95e5b229c2340c0cba794a Mon Sep 17 00:00:00 2001
From: "Lan Yixun (dlan)" 
Date: Fri, 13 Dec 2013 22:35:40 +0800
Subject: [PATCH 3/4] aarch64: Enable USHL insn support which is already
 implemented

C6.3.338 USHL scalar variant instruction

Signed-off-by: Lan Yixun (dlan) 
---
 target-arm/translate-a64.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/target-arm/translate-a64.c b/target-arm/translate-a64.c
index 1a816ae..8b2570a 100644
--- a/target-arm/translate-a64.c
+++ b/target-arm/transla

Re: [Qemu-devel] Guest Code Instruction Trace

[Peter Maydell]

On 23 December 2013 03:45, Lauren E Guckert  wrote:
> IN TRANSLATE.C:
> DISAS_INSN FUNCTION:
>
> ++TCGv t0 = tcg_temp_new();
> ++TCGv t1 = tcg_temp_new();
> ++t0= pc_start; t1 = b;
> ++tcg_gen_helper_fast_trace(t0,t1);

The TCGv type represents a TCG value. You have to
use the TCG functions to manipulate them. If you just
assign a random value like 'b' to them then things are
obviously going to go wrong. Look at other code which
passes constant values to helper functions (hint, it
will use tcg_const_i32() or tcg_const_i64() to create
the TCGv.)

> IN TCG/TCG-OP.H ADDED (here if I pass 0 args, it executes fine and prints
> dummy message correct number of times):
> static inline void tcg_gen_helper_fast_trace(target_ulong pc,int op)
> {
> int sizemask = 0;
> TCGArg args[2];
> #ifdef TARGET_X86_64
>  sizemask |= tcg_gen_sizemask(0,0,0);
>  sizemask |= tcg_gen_sizemask(1,1,0);
>  sizemask |= tcg_gen_sizemask(2,1,0);
> args[0] = GET_TCGV_I64(pc);
> args[1] = GET_TCGV_I64(op);
> tcg_gen_helperN(tcg_helper_fast_trace64, 0, sizemask, ((TCGArg)(-1)),2 ,
> args);

Why are you doing this rather than just using a simple helper
declared in helper.h like everything else? Why is yours special?

thanks
-- PMM

Re: [Qemu-devel] [RFC PATCH 18/21] target-arm: switch banked CP registers

[Peter Maydell]

On 23 December 2013 07:43, Fedorov Sergey  wrote:
>
> On 12/20/2013 06:33 PM, Peter Maydell wrote:
>> This sounds like it could work, though there are some wrinkles for
>> registers with readfns/writefns -- do we have extra s vs ns read/write
>> functions, or just one set of functions which has to look in env->ns to
>> figure out whether to use the S or NS version?
>
> What about defining a separate ARMCPRegInfo for each banked AArch32
> system register? I think it would be close to AArch64 concept. It would
> allow to use separate read/write handlers if necessary or reuse the same
> handlers otherwise. When the handlers is not used, the translation code
> would simply lookup the ARMCPRegInfo for corresponding secure state and
> use the field offset.

Yes, I was thinking about that the other day -- add the S/NS to the
set of things in the hash table key, and have the 32 bit MCR/MRC
code pass in the right value to get the correct banked register out.
(We'd have to make all the non-banked registers go into the
hashtable twice, though, but that's not a big deal I think.)

thanks
-- PMM

[Qemu-devel] [RFC qom-next v5 2/8] x86: add x86_cpu_unrealizefn() for cpu apic remove

[Chen Fan]

Implement x86_cpu_unrealizefn() for corresponding x86_cpu_realizefn(),
which is mostly used to clean the apic related allocation and vmstates
at here.

Signed-off-by: Chen Fan 
---
 hw/i386/kvm/apic.c  |  8 
 hw/intc/apic.c  | 10 ++
 hw/intc/apic_common.c   | 23 -
 hw/xen/xen_apic.c   |  8 
 include/hw/cpu/icc_bus.h|  1 +
 include/hw/i386/apic_internal.h |  1 +
 target-i386/cpu-qom.h   |  1 +
 target-i386/cpu.c   | 44 +
 8 files changed, 95 insertions(+), 1 deletion(-)

diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index e873b50..593ca19 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -183,11 +183,19 @@ static void kvm_apic_realize(DeviceState *dev, Error 
**errp)
 }
 }
 
+static void kvm_apic_unrealize(DeviceState *dev, Error **errp)
+{
+APICCommonState *s = APIC_COMMON(dev);
+
+memory_region_destroy(&s->io_memory);
+}
+
 static void kvm_apic_class_init(ObjectClass *klass, void *data)
 {
 APICCommonClass *k = APIC_COMMON_CLASS(klass);
 
 k->realize = kvm_apic_realize;
+k->unrealize = kvm_apic_unrealize;
 k->set_base = kvm_apic_set_base;
 k->set_tpr = kvm_apic_set_tpr;
 k->get_tpr = kvm_apic_get_tpr;
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
index 3d3deb6..d852624 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
@@ -884,11 +884,21 @@ static void apic_realize(DeviceState *dev, Error **errp)
 msi_supported = true;
 }
 
+static void apic_unrealize(DeviceState *dev, Error **errp)
+{
+APICCommonState *s = APIC_COMMON(dev);
+
+memory_region_destroy(&s->io_memory);
+timer_free(s->timer);
+local_apics[s->idx] = NULL;
+}
+
 static void apic_class_init(ObjectClass *klass, void *data)
 {
 APICCommonClass *k = APIC_COMMON_CLASS(klass);
 
 k->realize = apic_realize;
+k->unrealize = apic_unrealize;
 k->set_base = apic_set_base;
 k->set_tpr = apic_set_tpr;
 k->get_tpr = apic_get_tpr;
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
index c623fcc..88d596d 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -284,12 +284,13 @@ static int apic_load_old(QEMUFile *f, void *opaque, int 
version_id)
 return 0;
 }
 
+static int apic_no;
+
 static void apic_common_realize(DeviceState *dev, Error **errp)
 {
 APICCommonState *s = APIC_COMMON(dev);
 APICCommonClass *info;
 static DeviceState *vapic;
-static int apic_no;
 static bool mmio_registered;
 
 if (apic_no >= MAX_APICS) {
@@ -319,6 +320,25 @@ static void apic_common_realize(DeviceState *dev, Error 
**errp)
 
 }
 
+static void apic_common_unrealize(DeviceState *dev, Error **errp)
+{
+APICCommonState *s = APIC_COMMON(dev);
+APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+
+if (apic_no <= 0) {
+error_setg(errp, "%s exit failed.",
+   object_get_typename(OBJECT(dev)));
+return;
+}
+apic_no--;
+
+info->unrealize(dev, errp);
+
+if (apic_report_tpr_access && info->enable_tpr_reporting) {
+info->enable_tpr_reporting(s, false);
+}
+}
+
 static void apic_dispatch_pre_save(void *opaque)
 {
 APICCommonState *s = APIC_COMMON(opaque);
@@ -389,6 +409,7 @@ static void apic_common_class_init(ObjectClass *klass, void 
*data)
 dc->reset = apic_reset_common;
 dc->props = apic_properties_common;
 idc->realize = apic_common_realize;
+idc->unrealize = apic_common_unrealize;
 /*
  * Reason: APIC and CPU need to be wired up by
  * x86_cpu_apic_create()
diff --git a/hw/xen/xen_apic.c b/hw/xen/xen_apic.c
index 63bb7f7..4008e07 100644
--- a/hw/xen/xen_apic.c
+++ b/hw/xen/xen_apic.c
@@ -49,6 +49,13 @@ static void xen_apic_realize(DeviceState *dev, Error **errp)
 #endif
 }
 
+static void xen_apic_unrealize(DeviceState *dev, Error **errp)
+{
+APICCommonState *s = APIC_COMMON(dev);
+
+memory_region_destroy(&s->io_memory);
+}
+
 static void xen_apic_set_base(APICCommonState *s, uint64_t val)
 {
 }
@@ -75,6 +82,7 @@ static void xen_apic_class_init(ObjectClass *klass, void 
*data)
 APICCommonClass *k = APIC_COMMON_CLASS(klass);
 
 k->realize = xen_apic_realize;
+k->unrealize = xen_apic_unrealize;
 k->set_base = xen_apic_set_base;
 k->set_tpr = xen_apic_set_tpr;
 k->get_tpr = xen_apic_get_tpr;
diff --git a/include/hw/cpu/icc_bus.h b/include/hw/cpu/icc_bus.h
index 98a979f..75ed309 100644
--- a/include/hw/cpu/icc_bus.h
+++ b/include/hw/cpu/icc_bus.h
@@ -67,6 +67,7 @@ typedef struct ICCDeviceClass {
 /*< public >*/
 
 DeviceRealize realize;
+DeviceUnrealize unrealize;
 } ICCDeviceClass;
 
 #define TYPE_ICC_DEVICE "icc-device"
diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h
index 70542a6..a0a44c6 100644
--- a/include/hw/i386/apic_internal.h
+++ b/include/hw/i386/apic_internal.h
@@ -81,6 +81,7 @@ typedef struct APICCommonClass
  

[Qemu-devel] [RFC qom-next v5 1/8] x86: move apic_state field from CPUX86State to X86CPU

[Chen Fan]

This motion is preparing for refactoring vCPU apic subsequently.

Signed-off-by: Chen Fan 
---
 cpu-exec.c|  2 +-
 cpus.c|  5 ++---
 hw/i386/kvmvapic.c|  8 +++-
 hw/i386/pc.c  | 17 -
 target-i386/cpu-qom.h |  4 
 target-i386/cpu.c | 22 ++
 target-i386/cpu.h |  4 
 target-i386/helper.c  |  9 -
 target-i386/kvm.c | 23 ++-
 target-i386/misc_helper.c |  8 
 10 files changed, 46 insertions(+), 56 deletions(-)

diff --git a/cpu-exec.c b/cpu-exec.c
index 30cfa2a..2711c58 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -320,7 +320,7 @@ int cpu_exec(CPUArchState *env)
 #if !defined(CONFIG_USER_ONLY)
 if (interrupt_request & CPU_INTERRUPT_POLL) {
 cpu->interrupt_request &= ~CPU_INTERRUPT_POLL;
-apic_poll_irq(env->apic_state);
+apic_poll_irq(x86_env_get_cpu(env)->apic_state);
 }
 #endif
 if (interrupt_request & CPU_INTERRUPT_INIT) {
diff --git a/cpus.c b/cpus.c
index 01d128d..ca4c59f 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1458,12 +1458,11 @@ void qmp_inject_nmi(Error **errp)
 
 CPU_FOREACH(cs) {
 X86CPU *cpu = X86_CPU(cs);
-CPUX86State *env = &cpu->env;
 
-if (!env->apic_state) {
+if (!cpu->apic_state) {
 cpu_interrupt(cs, CPU_INTERRUPT_NMI);
 } else {
-apic_deliver_nmi(env->apic_state);
+apic_deliver_nmi(cpu->apic_state);
 }
 }
 #elif defined(TARGET_S390X)
diff --git a/hw/i386/kvmvapic.c b/hw/i386/kvmvapic.c
index 44ee62a..72025d0 100644
--- a/hw/i386/kvmvapic.c
+++ b/hw/i386/kvmvapic.c
@@ -366,7 +366,7 @@ static int vapic_enable(VAPICROMState *s, X86CPU *cpu)
 (((hwaddr)cpu_number) << VAPIC_CPU_SHIFT);
 cpu_physical_memory_rw(vapic_paddr + offsetof(VAPICState, enabled),
(void *)&enabled, sizeof(enabled), 1);
-apic_enable_vapic(cpu->env.apic_state, vapic_paddr);
+apic_enable_vapic(cpu->apic_state, vapic_paddr);
 
 s->state = VAPIC_ACTIVE;
 
@@ -496,12 +496,10 @@ static void vapic_enable_tpr_reporting(bool enable)
 };
 CPUState *cs;
 X86CPU *cpu;
-CPUX86State *env;
 
 CPU_FOREACH(cs) {
 cpu = X86_CPU(cs);
-env = &cpu->env;
-info.apic = env->apic_state;
+info.apic = cpu->apic_state;
 run_on_cpu(cs, vapic_do_enable_tpr_reporting, &info);
 }
 }
@@ -700,7 +698,7 @@ static void vapic_write(void *opaque, hwaddr addr, uint64_t 
data,
 default:
 case 4:
 if (!kvm_irqchip_in_kernel()) {
-apic_poll_irq(env->apic_state);
+apic_poll_irq(cpu->apic_state);
 }
 break;
 }
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index e9831ca..d000995 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -172,13 +172,14 @@ void cpu_smm_update(CPUX86State *env)
 int cpu_get_pic_interrupt(CPUX86State *env)
 {
 int intno;
+X86CPU *cpu = x86_env_get_cpu(env);
 
-intno = apic_get_interrupt(env->apic_state);
+intno = apic_get_interrupt(cpu->apic_state);
 if (intno >= 0) {
 return intno;
 }
 /* read the irq from the PIC */
-if (!apic_accept_pic_intr(env->apic_state)) {
+if (!apic_accept_pic_intr(cpu->apic_state)) {
 return -1;
 }
 
@@ -190,15 +191,13 @@ static void pic_irq_request(void *opaque, int irq, int 
level)
 {
 CPUState *cs = first_cpu;
 X86CPU *cpu = X86_CPU(cs);
-CPUX86State *env = &cpu->env;
 
 DPRINTF("pic_irqs: %s irq %d\n", level? "raise" : "lower", irq);
-if (env->apic_state) {
+if (cpu->apic_state) {
 CPU_FOREACH(cs) {
 cpu = X86_CPU(cs);
-env = &cpu->env;
-if (apic_accept_pic_intr(env->apic_state)) {
-apic_deliver_pic_intr(env->apic_state, level);
+if (apic_accept_pic_intr(cpu->apic_state)) {
+apic_deliver_pic_intr(cpu->apic_state, level);
 }
 }
 } else {
@@ -913,7 +912,7 @@ DeviceState *cpu_get_current_apic(void)
 {
 if (current_cpu) {
 X86CPU *cpu = X86_CPU(current_cpu);
-return cpu->env.apic_state;
+return cpu->apic_state;
 } else {
 return NULL;
 }
@@ -1007,7 +1006,7 @@ void pc_cpus_init(const char *cpu_model, DeviceState 
*icc_bridge)
 }
 
 /* map APIC MMIO area if CPU has APIC */
-if (cpu && cpu->env.apic_state) {
+if (cpu && cpu->apic_state) {
 /* XXX: what if the base changes? */
 sysbus_mmio_map_overlap(SYS_BUS_DEVICE(icc_bridge), 0,
 APIC_DEFAULT_ADDRESS, 0x1000);
diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
index f4fab15..775c82d 100644
--- a/target-i386/cpu-qom.h
+++ b/target-i386/cpu-qom.h
@@ -66,6 +66,10 @@ typedef struct X86CPU {
 
 CPUX86State env;
 
+/* in o

[Qemu-devel] [RFC qom-next v5 4/8] qom cpu: rename variable 'cpu_added_notifier' to 'cpu_hotplug_notifier'

[Chen Fan]

Rename variable 'cpu_added_notifier' to 'cpu_hotplug_notifier' for
adding remove vcpu notifier support.

Signed-off-by: Chen Fan 
---
 hw/acpi/piix4.c | 10 +-
 hw/i386/pc.c|  2 +-
 include/sysemu/sysemu.h |  2 +-
 qom/cpu.c   | 10 +-
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 9e8a89c..ecb6104 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -98,7 +98,7 @@ typedef struct PIIX4PMState {
 uint8_t s4_val;
 
 CPUStatus gpe_cpu;
-Notifier cpu_added_notifier;
+Notifier cpu_hotplug_notifier;
 } PIIX4PMState;
 
 #define TYPE_PIIX4_PM "PIIX4_PM"
@@ -701,9 +701,9 @@ static void piix4_cpu_hotplug_req(PIIX4PMState *s, CPUState 
*cpu,
 pm_update_sci(s);
 }
 
-static void piix4_cpu_added_req(Notifier *n, void *opaque)
+static void piix4_cpu_hotplug(Notifier *n, void *opaque)
 {
-PIIX4PMState *s = container_of(n, PIIX4PMState, cpu_added_notifier);
+PIIX4PMState *s = container_of(n, PIIX4PMState, cpu_hotplug_notifier);
 
 piix4_cpu_hotplug_req(s, CPU(opaque), PLUG);
 }
@@ -736,8 +736,8 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion 
*parent,
 memory_region_init_io(&s->io_cpu, OBJECT(s), &cpu_hotplug_ops, s,
   "acpi-cpu-hotplug", PIIX4_PROC_LEN);
 memory_region_add_subregion(parent, PIIX4_PROC_BASE, &s->io_cpu);
-s->cpu_added_notifier.notify = piix4_cpu_added_req;
-qemu_register_cpu_added_notifier(&s->cpu_added_notifier);
+s->cpu_hotplug_notifier.notify = piix4_cpu_hotplug;
+qemu_register_cpu_hotplug_notifier(&s->cpu_hotplug_notifier);
 }
 
 static void enable_device(PIIX4PMState *s, int slot)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 485e2ce..3330f55 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -409,7 +409,7 @@ void pc_cmos_init(ram_addr_t ram_size, ram_addr_t 
above_4g_mem_size,
 /* init CPU hotplug notifier */
 cpu_hotplug_cb.rtc_state = s;
 cpu_hotplug_cb.cpu_added_notifier.notify = rtc_notify_cpu_added;
-qemu_register_cpu_added_notifier(&cpu_hotplug_cb.cpu_added_notifier);
+qemu_register_cpu_hotplug_notifier(&cpu_hotplug_cb.cpu_added_notifier);
 
 if (set_boot_dev(s, boot_device)) {
 exit(1);
diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 495dae8..779b782 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -158,7 +158,7 @@ void do_pci_device_hot_remove(Monitor *mon, const QDict 
*qdict);
 void drive_hot_add(Monitor *mon, const QDict *qdict);
 
 /* CPU hotplug */
-void qemu_register_cpu_added_notifier(Notifier *notifier);
+void qemu_register_cpu_hotplug_notifier(Notifier *notifier);
 
 /* pcie aer error injection */
 void pcie_aer_inject_error_print(Monitor *mon, const QObject *data);
diff --git a/qom/cpu.c b/qom/cpu.c
index 9d62479..83006e2 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -67,12 +67,12 @@ static void cpu_common_get_memory_mapping(CPUState *cpu,
 }
 
 /* CPU hot-plug notifiers */
-static NotifierList cpu_added_notifiers =
-NOTIFIER_LIST_INITIALIZER(cpu_add_notifiers);
+static NotifierList cpu_hotplug_notifiers =
+NOTIFIER_LIST_INITIALIZER(cpu_hotplug_notifiers);
 
-void qemu_register_cpu_added_notifier(Notifier *notifier)
+void qemu_register_cpu_hotplug_notifier(Notifier *notifier)
 {
-notifier_list_add(&cpu_added_notifiers, notifier);
+notifier_list_add(&cpu_hotplug_notifiers, notifier);
 }
 
 void cpu_reset_interrupt(CPUState *cpu, int mask)
@@ -219,7 +219,7 @@ static void cpu_common_realizefn(DeviceState *dev, Error 
**errp)
 
 if (dev->hotplugged) {
 cpu_synchronize_post_init(cpu);
-notifier_list_notify(&cpu_added_notifiers, dev);
+notifier_list_notify(&cpu_hotplug_notifiers, dev);
 cpu_resume(cpu);
 }
 }
-- 
1.8.1.4

[Qemu-devel] [RFC qom-next v5 0/8] i386: add cpu hot remove support

[Chen Fan]

Via implementing ACPI standard methods _EJ0 in ACPI table, after Guest OS remove
one vCPU online, the fireware will store removed bitmap to QEMU, then QEMU could
know to notify the assigned vCPU of exiting. meanwhile, intruduce the QOM 
command
'cpu-del' to remove vCPU from QEMU itself. currently, this patches only support
the cpu deleted sequentially from the last one, and command 'cpu-del' would 
always
delete the last cpu every time. in libvirt, command 'virsh set-vcpus' always 
add/delete
vcpu sequentially, so I think this patches will be OK.

this work is based on Andreas Färber's qom-next branch tree.
git://github.com/afaerber/qemu-next.git

this series patches must be used with KVM patch together.

for KVM patches:
http://comments.gmane.org/gmane.comp.emulators.kvm.devel/114347


v4-v5: delete command 'cpu-del' argument to remove cpu from the last one
rather than specify vcpuid and fix migration bug.

Chen Fan (8):
  x86: move apic_state field from CPUX86State to X86CPU
  x86: add x86_cpu_unrealizefn() for cpu apic remove
  qmp: add 'cpu-del' command support
  qom cpu: rename variable 'cpu_added_notifier' to
'cpu_hotplug_notifier'
  qom cpu: add UNPLUG cpu notifier support
  i386: implement pc interface cpu_common_unrealizefn() in qom/cpu.c
  piix4: implement function cpu_status_write() for vcpu ejection
  cpus: reclaim allocated vCPU objects

 cpu-exec.c|  2 +-
 cpus.c| 51 --
 hw/acpi/piix4.c   | 66 ---
 hw/i386/acpi-dsdt-cpu-hotplug.dsl |  6 +++-
 hw/i386/kvm/apic.c|  8 +
 hw/i386/kvmvapic.c|  8 ++---
 hw/i386/pc.c  | 38 --
 hw/i386/pc_piix.c |  3 +-
 hw/intc/apic.c| 10 ++
 hw/intc/apic_common.c | 23 +-
 hw/xen/xen_apic.c |  8 +
 include/hw/boards.h   |  2 ++
 include/hw/cpu/icc_bus.h  |  1 +
 include/hw/i386/apic_internal.h   |  1 +
 include/hw/i386/pc.h  |  1 +
 include/qom/cpu.h | 21 +
 include/sysemu/kvm.h  |  1 +
 include/sysemu/sysemu.h   |  2 +-
 kvm-all.c | 25 +++
 qapi-schema.json  | 10 ++
 qmp-commands.hx   | 21 +
 qmp.c |  9 ++
 qom/cpu.c | 26 ---
 target-i386/cpu-qom.h |  5 +++
 target-i386/cpu.c | 66 ---
 target-i386/cpu.h |  4 ---
 target-i386/helper.c  |  9 +++---
 target-i386/kvm.c | 23 ++
 target-i386/misc_helper.c |  8 ++---
 29 files changed, 380 insertions(+), 78 deletions(-)

-- 
1.8.1.4

[Qemu-devel] [RFC qom-next v5 3/8] qmp: add 'cpu-del' command support

[Chen Fan]

add cpu hot-remove interface pc_hot_del_cpu() for unrealizing vcpu device.
when using 'cpu-del' command, not need to specify vcpuid, the last one cpu
will be removed.

Signed-off-by: Chen Fan 
---
 hw/i386/pc.c | 19 +++
 hw/i386/pc_piix.c|  3 ++-
 include/hw/boards.h  |  2 ++
 include/hw/i386/pc.h |  1 +
 qapi-schema.json | 10 ++
 qmp-commands.hx  | 21 +
 qmp.c|  9 +
 7 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index d000995..485e2ce 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -979,6 +979,25 @@ void pc_hot_add_cpu(const int64_t id, Error **errp)
 pc_new_cpu(current_cpu_model, apic_id, icc_bridge, errp);
 }
 
+void pc_hot_del_cpu(Error **errp)
+{
+CPUState *cpu = first_cpu;
+X86CPUClass *xcc;
+
+while (CPU_NEXT(cpu)) {
+cpu = CPU_NEXT(cpu);
+}
+
+if (cpu == first_cpu) {
+error_setg(errp, "Unable to delete the last "
+   "one cpu.");
+return;
+}
+
+xcc = X86_CPU_GET_CLASS(DEVICE(cpu));
+xcc->parent_unrealize(DEVICE(cpu), errp);
+}
+
 void pc_cpus_init(const char *cpu_model, DeviceState *icc_bridge)
 {
 int i;
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 4e0dae7..50c860b 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -362,7 +362,8 @@ static void pc_xen_hvm_init(QEMUMachineInitArgs *args)
 
 #define PC_I440FX_2_0_MACHINE_OPTIONS   \
 PC_I440FX_MACHINE_OPTIONS,  \
-.default_machine_opts = "firmware=bios-256k.bin"
+.default_machine_opts = "firmware=bios-256k.bin",   \
+.hot_del_cpu = pc_hot_del_cpu
 
 static QEMUMachine pc_i440fx_machine_v2_0 = {
 PC_I440FX_2_0_MACHINE_OPTIONS,
diff --git a/include/hw/boards.h b/include/hw/boards.h
index 2151460..74334cb 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -23,6 +23,7 @@ typedef void QEMUMachineInitFunc(QEMUMachineInitArgs *args);
 typedef void QEMUMachineResetFunc(void);
 
 typedef void QEMUMachineHotAddCPUFunc(const int64_t id, Error **errp);
+typedef void QEMUMachineHotDelCPUFunc(Error **errp);
 
 struct QEMUMachine {
 const char *name;
@@ -31,6 +32,7 @@ struct QEMUMachine {
 QEMUMachineInitFunc *init;
 QEMUMachineResetFunc *reset;
 QEMUMachineHotAddCPUFunc *hot_add_cpu;
+QEMUMachineHotDelCPUFunc *hot_del_cpu;
 BlockInterfaceType block_default_type;
 int max_cpus;
 unsigned int no_serial:1,
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 24eb3de..08bccfb 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -118,6 +118,7 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int 
level);
 
 void pc_cpus_init(const char *cpu_model, DeviceState *icc_bridge);
 void pc_hot_add_cpu(const int64_t id, Error **errp);
+void pc_hot_del_cpu(Error **errp);
 void pc_acpi_init(const char *default_dsdt);
 
 PcGuestInfo *pc_guest_info_init(ram_addr_t below_4g_mem_size,
diff --git a/qapi-schema.json b/qapi-schema.json
index c3c939c..42600b7 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1553,6 +1553,16 @@
 ##
 { 'command': 'cpu-add', 'data': {'id': 'int'} }
 
+# @cpu-del
+
+# Deletes CPU from the last ID
+#
+# Returns: Nothing on success
+#
+# Since 2.0
+##
+{ 'command': 'cpu-del' }
+
 ##
 # @memsave:
 #
diff --git a/qmp-commands.hx b/qmp-commands.hx
index fba15cd..865eb91 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -411,6 +411,27 @@ Example:
 EQMP
 
 {
+.name   = "cpu-del",
+.args_type  = "",
+.mhandler.cmd_new = qmp_marshal_input_cpu_del,
+},
+
+SQMP
+cpu-del
+---
+
+Deletes virtual cpu
+
+Arguments: None.
+
+Example:
+
+-> { "execute": "cpu-del" }
+<- { "return": {} }
+
+EQMP
+
+{
 .name   = "memsave",
 .args_type  = "val:l,size:i,filename:s,cpu:i?",
 .mhandler.cmd_new = qmp_marshal_input_memsave,
diff --git a/qmp.c b/qmp.c
index 1d7a04d..935310a 100644
--- a/qmp.c
+++ b/qmp.c
@@ -118,6 +118,15 @@ void qmp_cpu_add(int64_t id, Error **errp)
 }
 }
 
+void qmp_cpu_del(Error **errp)
+{
+if (current_machine->hot_del_cpu) {
+current_machine->hot_del_cpu(errp);
+} else {
+error_setg(errp, "Not supported");
+}
+}
+
 #ifndef CONFIG_VNC
 /* If VNC support is enabled, the "true" query-vnc command is
defined in the VNC subsystem */
-- 
1.8.1.4

[Qemu-devel] [RFC qom-next v5 5/8] qom cpu: add UNPLUG cpu notifier support

[Chen Fan]

Move struct HotplugEventType from file piix4.c to file qom/cpu.c,
and add struct CPUNotifier for supporting UNPLUG cpu notifier.

Signed-off-by: Chen Fan 
---
 hw/acpi/piix4.c   |  8 ++--
 include/qom/cpu.h | 10 ++
 qom/cpu.c |  6 +-
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index ecb6104..d2cd4cd 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -676,11 +676,6 @@ static const MemoryRegionOps cpu_hotplug_ops = {
 },
 };
 
-typedef enum {
-PLUG,
-UNPLUG,
-} HotplugEventType;
-
 static void piix4_cpu_hotplug_req(PIIX4PMState *s, CPUState *cpu,
   HotplugEventType action)
 {
@@ -704,8 +699,9 @@ static void piix4_cpu_hotplug_req(PIIX4PMState *s, CPUState 
*cpu,
 static void piix4_cpu_hotplug(Notifier *n, void *opaque)
 {
 PIIX4PMState *s = container_of(n, PIIX4PMState, cpu_hotplug_notifier);
+CPUNotifier *notifier = opaque;
 
-piix4_cpu_hotplug_req(s, CPU(opaque), PLUG);
+piix4_cpu_hotplug_req(s, CPU(notifier->dev), notifier->type);
 }
 
 static int piix4_device_hotplug(DeviceState *qdev, PCIDevice *dev,
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 7739e00..0238532 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -507,6 +507,16 @@ void qemu_init_vcpu(CPUState *cpu);
  */
 void cpu_single_step(CPUState *cpu, int enabled);
 
+typedef enum {
+PLUG,
+UNPLUG,
+} HotplugEventType;
+
+typedef struct CPUNotifier {
+DeviceState *dev;
+HotplugEventType type;
+} CPUNotifier;
+
 #ifdef CONFIG_SOFTMMU
 extern const struct VMStateDescription vmstate_cpu_common;
 #else
diff --git a/qom/cpu.c b/qom/cpu.c
index 83006e2..728b83b 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -216,10 +216,14 @@ static ObjectClass *cpu_common_class_by_name(const char 
*cpu_model)
 static void cpu_common_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cpu = CPU(dev);
+CPUNotifier notifier;
+
+notifier.dev = dev;
+notifier.type = PLUG;
 
 if (dev->hotplugged) {
 cpu_synchronize_post_init(cpu);
-notifier_list_notify(&cpu_hotplug_notifiers, dev);
+notifier_list_notify(&cpu_hotplug_notifiers, ¬ifier);
 cpu_resume(cpu);
 }
 }
-- 
1.8.1.4

[Qemu-devel] [RFC qom-next v5 8/8] cpus: reclaim allocated vCPU objects

[Chen Fan]

After ACPI get a signal to eject a vCPU, then it will notify
the vCPU thread to exit in KVM, and the vCPU must be removed from CPU list，
before the vCPU really removed, there will release the all related vCPU objects.

Signed-off-by: Chen Fan 
---
 cpus.c   | 39 +++
 include/qom/cpu.h|  1 +
 include/sysemu/kvm.h |  1 +
 kvm-all.c| 25 +
 4 files changed, 66 insertions(+)

diff --git a/cpus.c b/cpus.c
index 5829d24..c16476d 100644
--- a/cpus.c
+++ b/cpus.c
@@ -786,6 +786,26 @@ void async_run_on_cpu(CPUState *cpu, void (*func)(void 
*data), void *data)
 qemu_cpu_kick(cpu);
 }
 
+static void qemu_kvm_destroy_vcpu(CPUState *cpu)
+{
+CPU_REMOVE(cpu);
+
+if (kvm_destroy_vcpu(cpu) < 0) {
+fprintf(stderr, "kvm_destroy_vcpu failed.\n");
+exit(1);
+}
+
+object_property_set_bool(OBJECT(cpu), false, "realized", NULL);
+object_unparent(OBJECT(cpu));
+}
+
+static void qemu_tcg_destroy_vcpu(CPUState *cpu)
+{
+CPU_REMOVE(cpu);
+object_property_set_bool(OBJECT(cpu), false, "realized", NULL);
+object_unparent(OBJECT(cpu));
+}
+
 static void flush_queued_work(CPUState *cpu)
 {
 struct qemu_work_item *wi;
@@ -877,6 +897,11 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
 }
 }
 qemu_kvm_wait_io_event(cpu);
+if (cpu->exit && !cpu_can_run(cpu)) {
+qemu_kvm_destroy_vcpu(cpu);
+qemu_mutex_unlock(&qemu_global_mutex);
+return NULL;
+}
 }
 
 return NULL;
@@ -929,6 +954,7 @@ static void tcg_exec_all(void);
 static void *qemu_tcg_cpu_thread_fn(void *arg)
 {
 CPUState *cpu = arg;
+CPUState *remove_cpu = NULL;
 
 qemu_tcg_init_cpu_signals();
 qemu_thread_get_self(cpu->thread);
@@ -961,6 +987,16 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 }
 }
 qemu_tcg_wait_io_event();
+CPU_FOREACH(cpu) {
+if (cpu->exit && !cpu_can_run(cpu)) {
+remove_cpu = cpu;
+break;
+}
+}
+if (remove_cpu) {
+qemu_tcg_destroy_vcpu(remove_cpu);
+remove_cpu = NULL;
+}
 }
 
 return NULL;
@@ -1298,6 +1334,9 @@ static void tcg_exec_all(void)
 break;
 }
 } else if (cpu->stop || cpu->stopped) {
+if (cpu->exit) {
+next_cpu = CPU_NEXT(cpu);
+}
 break;
 }
 }
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 4412fb0..f1a440e 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -208,6 +208,7 @@ struct CPUState {
 QTAILQ_HEAD(CPUTailQ, CPUState);
 extern struct CPUTailQ cpus;
 #define CPU_NEXT(cpu) QTAILQ_NEXT(cpu, node)
+#define CPU_REMOVE(cpu) QTAILQ_REMOVE(&cpus, cpu, node)
 #define CPU_FOREACH(cpu) QTAILQ_FOREACH(cpu, &cpus, node)
 #define CPU_FOREACH_SAFE(cpu, next_cpu) \
 QTAILQ_FOREACH_SAFE(cpu, &cpus, node, next_cpu)
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 3b25f27..f3f1279 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -167,6 +167,7 @@ int kvm_has_intx_set_mask(void);
 
 int kvm_init_vcpu(CPUState *cpu);
 int kvm_cpu_exec(CPUState *cpu);
+int kvm_destroy_vcpu(CPUState *cpu);
 
 #ifdef NEED_CPU_H
 
diff --git a/kvm-all.c b/kvm-all.c
index 3937754..5a42bf1 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -227,6 +227,31 @@ static void kvm_reset_vcpu(void *opaque)
 kvm_arch_reset_vcpu(cpu);
 }
 
+int kvm_destroy_vcpu(CPUState *cpu)
+{
+KVMState *s = kvm_state;
+long mmap_size;
+int ret = 0;
+
+DPRINTF("kvm_destroy_vcpu\n");
+
+mmap_size = kvm_ioctl(s, KVM_GET_VCPU_MMAP_SIZE, 0);
+if (mmap_size < 0) {
+ret = mmap_size;
+DPRINTF("KVM_GET_VCPU_MMAP_SIZE failed\n");
+goto err;
+}
+
+ret = munmap(cpu->kvm_run, mmap_size);
+if (ret < 0) {
+goto err;
+}
+
+close(cpu->kvm_fd);
+err:
+return ret;
+}
+
 int kvm_init_vcpu(CPUState *cpu)
 {
 KVMState *s = kvm_state;
-- 
1.8.1.4

[Qemu-devel] [RFC qom-next v5 7/8] piix4: implement function cpu_status_write() for vcpu ejection

[Chen Fan]

When OS ejected a vcpu (like: echo 1 > /sys/bus/acpi/devices/LNXCPUXX/eject),
it would call acpi EJ0 method, the firmware need to write the new cpumap, QEMU
would know which vcpu need to be ejected.

TODO: for now QEMU only supported that cpu was deleted sequentially from the 
last
one in OS, in the further OS should reject vcpu arbitrarily.

Signed-off-by: Chen Fan 
---
 cpus.c|  7 ++
 hw/acpi/piix4.c   | 48 ++-
 hw/i386/acpi-dsdt-cpu-hotplug.dsl |  6 -
 include/qom/cpu.h | 10 
 4 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/cpus.c b/cpus.c
index ca4c59f..5829d24 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1117,6 +1117,13 @@ void resume_all_vcpus(void)
 }
 }
 
+void cpu_remove(CPUState *cpu)
+{
+cpu->stop = true;
+cpu->exit = true;
+qemu_cpu_kick(cpu);
+}
+
 static void qemu_tcg_init_vcpu(CPUState *cpu)
 {
 /* share a single thread for all cpus with TCG */
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index d2cd4cd..6407f8d 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -62,6 +62,7 @@ struct pci_status {
 
 typedef struct CPUStatus {
 uint8_t sts[PIIX4_PROC_LEN];
+uint8_t old_sts[PIIX4_PROC_LEN];
 } CPUStatus;
 
 typedef struct PIIX4PMState {
@@ -651,6 +652,23 @@ static const MemoryRegionOps piix4_pci_ops = {
 },
 };
 
+static void acpi_piix_eject_vcpu(PIIX4PMState *s, int64_t cpuid)
+{
+CPUStatus *g = &s->gpe_cpu;
+CPUState *cpu;
+
+CPU_FOREACH(cpu) {
+CPUClass *cc = CPU_GET_CLASS(cpu);
+int64_t id = cc->get_arch_id(cpu);
+
+if (cpuid == id) {
+g->old_sts[cpuid / 8] &= ~(1 << (cpuid % 8));
+cpu_remove(cpu);
+break;
+}
+}
+}
+
 static uint64_t cpu_status_read(void *opaque, hwaddr addr, unsigned int size)
 {
 PIIX4PMState *s = opaque;
@@ -663,7 +681,27 @@ static uint64_t cpu_status_read(void *opaque, hwaddr addr, 
unsigned int size)
 static void cpu_status_write(void *opaque, hwaddr addr, uint64_t data,
  unsigned int size)
 {
-/* TODO: implement VCPU removal on guest signal that CPU can be removed */
+PIIX4PMState *s = opaque;
+CPUStatus *cpus = &s->gpe_cpu;
+uint8_t val;
+int i;
+int64_t cpuid = -1;
+
+val = cpus->old_sts[addr] ^ data;
+
+if (val == 0) {
+return;
+}
+
+for (i = 0; i < 8; i++) {
+if (val & 1 << i) {
+cpuid = 8 * addr + i;
+}
+}
+
+if (cpuid != -1) {
+acpi_piix_eject_vcpu(s, cpuid);
+}
 }
 
 static const MemoryRegionOps cpu_hotplug_ops = {
@@ -683,13 +721,20 @@ static void piix4_cpu_hotplug_req(PIIX4PMState *s, 
CPUState *cpu,
 ACPIGPE *gpe = &s->ar.gpe;
 CPUClass *k = CPU_GET_CLASS(cpu);
 int64_t cpu_id;
+int i;
 
 assert(s != NULL);
 
 *gpe->sts = *gpe->sts | PIIX4_CPU_HOTPLUG_STATUS;
 cpu_id = k->get_arch_id(CPU(cpu));
+
+for (i = 0; i < PIIX4_PROC_LEN; i++) {
+g->old_sts[i] = g->sts[i];
+}
+
 if (action == PLUG) {
 g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
+g->old_sts[cpu_id / 8] |= (1 << (cpu_id % 8));
 } else {
 g->sts[cpu_id / 8] &= ~(1 << (cpu_id % 8));
 }
@@ -728,6 +773,7 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion 
*parent,
 
 g_assert((id / 8) < PIIX4_PROC_LEN);
 s->gpe_cpu.sts[id / 8] |= (1 << (id % 8));
+s->gpe_cpu.old_sts[id / 8] |= (1 << (id % 8));
 }
 memory_region_init_io(&s->io_cpu, OBJECT(s), &cpu_hotplug_ops, s,
   "acpi-cpu-hotplug", PIIX4_PROC_LEN);
diff --git a/hw/i386/acpi-dsdt-cpu-hotplug.dsl 
b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
index c96ac42..8327b0d 100644
--- a/hw/i386/acpi-dsdt-cpu-hotplug.dsl
+++ b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
@@ -49,7 +49,11 @@ Scope(\_SB) {
 }
 Method(CPEJ, 2, NotSerialized) {
 // _EJ0 method - eject callback
-Sleep(200)
+Store(Zero, Index(CPON, ToInteger(Arg0)))
+Store(One, Local0)
+ShiftLeft(Local0, Arg0, Local0)
+Not(Local0, Local0)
+And(PRS, Local0, PRS)
 }
 
 /* CPU hotplug notify method */
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 0238532..4412fb0 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -146,6 +146,7 @@ struct kvm_run;
  * @halted: Nonzero if the CPU is in suspended state.
  * @stop: Indicates a pending stop request.
  * @stopped: Indicates the CPU has been artificially stopped.
+ * @exit: Indicates the CPU is in impending exit state.
  * @tcg_exit_req: Set to force TCG to stop executing linked TBs for this
  *   CPU and return to its top level loop.
  * @singlestep_enabled: Flags for single-stepping.
@@ -181,6 +182,7 @@ struct CPUState {
 bool created;
 bool stop;
 bool stopped;
+bool exit;
 volatile sig_atomic_t exit_request;
 volatile sig_atomic_t tcg_exit_req;
 uint32_t in

[Qemu-devel] [RFC qom-next v5 6/8] i386: implement pc interface cpu_common_unrealizefn() in qom/cpu.c

[Chen Fan]

add interface cpu_common_unrealizefn() for emiting vcpu unplug
notifier to ACPI, then ACPI could send sci interrupt
to OS for hot-remove vcpu.

Signed-off-by: Chen Fan 
---
 qom/cpu.c | 12 
 1 file changed, 12 insertions(+)

diff --git a/qom/cpu.c b/qom/cpu.c
index 728b83b..78038ab 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -228,6 +228,17 @@ static void cpu_common_realizefn(DeviceState *dev, Error 
**errp)
 }
 }
 
+static void cpu_common_unrealizefn(DeviceState *dev, Error **errp)
+{
+CPUNotifier notifier;
+
+notifier.dev = dev;
+notifier.type = UNPLUG;
+
+notifier_list_notify(&cpu_hotplug_notifiers, ¬ifier);
+}
+
+
 static void cpu_common_initfn(Object *obj)
 {
 CPUState *cpu = CPU(obj);
@@ -258,6 +269,7 @@ static void cpu_class_init(ObjectClass *klass, void *data)
 k->gdb_read_register = cpu_common_gdb_read_register;
 k->gdb_write_register = cpu_common_gdb_write_register;
 dc->realize = cpu_common_realizefn;
+dc->unrealize = cpu_common_unrealizefn;
 /*
  * Reason: CPUs still need special care by board code: wiring up
  * IRQs, adding reset handlers, halting non-first CPUs, ...
-- 
1.8.1.4

[Qemu-devel] examples or tutorial/docs for writing block drivers for qemu

[Vasiliy Tolstov]

Hi all. I need to write some qemu block driver (like sheepdog or ceph).
Where i can find some docs/tips/tutorials what functions i need to implement?
Thank you.

-- 
Vasiliy Tolstov,
e-mail: v.tols...@selfip.ru
jabber: v...@selfip.ru

[Qemu-devel] [PATCH v2 3/3] acpi unit-test: compare DSDT and SSDT tables against expected values

[Marcel Apfelbaum]

This test will run only if iasl is installed on the host machine.
The test plan:
 1. Dumps the ACPI tables as AML on the disk.
 2. Runs iasl to disassembly the tables into ASL files.
 3. Runs iasl to disassembly the offline AML files into ASL files.
 4. Compares the ASL files.

The test runs for both default machine and q35.
In case the test fails, it can be easily tweaked to
show the differences between the ASL files and
understand the issue.

Signed-off-by: Marcel Apfelbaum 
---
 tests/acpi-test.c | 257 +-
 1 file changed, 236 insertions(+), 21 deletions(-)

diff --git a/tests/acpi-test.c b/tests/acpi-test.c
index ca83b1d..4f0cca6 100644
--- a/tests/acpi-test.c
+++ b/tests/acpi-test.c
@@ -18,14 +18,22 @@
 #include "qemu/compiler.h"
 #include "hw/i386/acpi-defs.h"
 
+#define MACHINE_PC "pc"
+#define MACHINE_Q35 "q35"
+
 /* DSDT and SSDTs format */
 typedef struct {
 AcpiTableHeader header;
-uint8_t *aml;
-int aml_len;
-} AcpiSdtTable;
+gchar *aml;/* aml bytecode from guest */
+gsize aml_len;
+gchar *aml_file;
+gchar *asl;/* asl code generated from aml */
+gsize asl_len;
+gchar *asl_file;
+} QEMU_PACKED AcpiSdtTable;
 
 typedef struct {
+const char *machine;
 uint32_t rsdp_addr;
 AcpiRsdpDescriptor rsdp_table;
 AcpiRsdtDescriptorRev1 rsdt_table;
@@ -33,8 +41,7 @@ typedef struct {
 AcpiFacsDescriptorRev1 facs_table;
 uint32_t *rsdt_tables_addr;
 int rsdt_tables_nr;
-AcpiSdtTable dsdt_table;
-GArray *ssdt_tables;
+GArray *ssdt_tables; /* first is DSDT */
 } test_data;
 
 #define LOW(x) ((x) & 0xff)
@@ -91,8 +98,10 @@ typedef struct {
 
 /* Boot sector code: write SIGNATURE into memory,
  * then halt.
+ * Q35 machine requires a minimum 0x7e000 bytes disk.
+ * (bug or feature?)
  */
-static uint8_t boot_sector[0x200] = {
+static uint8_t boot_sector[0x7e000] = {
 /* 7c00: mov $0xdead,%ax */
 [0x00] = 0xb8,
 [0x01] = LOW(SIGNATURE),
@@ -117,17 +126,40 @@ static uint8_t boot_sector[0x200] = {
 };
 
 static const char *disk = "tests/acpi-test-disk.raw";
+static const char *data_dir = "tests/acpi-test-data";
 
 static void free_test_data(test_data *data)
 {
+AcpiSdtTable *temp;
 int i;
 
-g_free(data->rsdt_tables_addr);
+if (data->rsdt_tables_addr) {
+g_free(data->rsdt_tables_addr);
+}
+
 for (i = 0; i < data->ssdt_tables->len; ++i) {
-g_free(g_array_index(data->ssdt_tables, AcpiSdtTable, i).aml);
+temp = &g_array_index(data->ssdt_tables, AcpiSdtTable, i);
+if (temp->aml) {
+g_free(temp->aml);
+}
+if (temp->aml_file) {
+if (g_strstr_len(temp->aml_file, -1, "aml-")) {
+unlink(temp->aml_file);
+}
+g_free(temp->aml_file);
+}
+if (temp->asl) {
+g_free(temp->asl);
+}
+if (temp->asl_file) {
+if (g_strstr_len(temp->asl_file, -1, "asl-")) {
+unlink(temp->asl_file);
+}
+g_free(temp->asl_file);
+}
 }
+
 g_array_free(data->ssdt_tables, false);
-g_free(data->dsdt_table.aml);
 }
 
 static uint8_t acpi_checksum(const uint8_t *data, int len)
@@ -292,34 +324,203 @@ static void test_dst_table(AcpiSdtTable *sdt_table, 
uint32_t addr)
 ACPI_READ_ARRAY_PTR(sdt_table->aml, sdt_table->aml_len, addr);
 
 checksum = acpi_checksum((uint8_t *)sdt_table, sizeof(AcpiTableHeader)) +
-   acpi_checksum(sdt_table->aml, sdt_table->aml_len);
+   acpi_checksum((uint8_t *)sdt_table->aml, sdt_table->aml_len);
 g_assert(!checksum);
 }
 
 static void test_acpi_dsdt_table(test_data *data)
 {
-AcpiSdtTable *dsdt_table = &data->dsdt_table;
+AcpiSdtTable dsdt_table;
 uint32_t addr = data->fadt_table.dsdt;
 
-test_dst_table(dsdt_table, addr);
-g_assert_cmphex(dsdt_table->header.signature, ==, ACPI_DSDT_SIGNATURE);
+memset(&dsdt_table, 0, sizeof(dsdt_table));
+data->ssdt_tables = g_array_new(false, true, sizeof(AcpiSdtTable));
+
+test_dst_table(&dsdt_table, addr);
+g_assert_cmphex(dsdt_table.header.signature, ==, ACPI_DSDT_SIGNATURE);
+
+/* Place DSDT first */
+g_array_append_val(data->ssdt_tables, dsdt_table);
 }
 
 static void test_acpi_ssdt_tables(test_data *data)
 {
-GArray *ssdt_tables;
 int ssdt_tables_nr = data->rsdt_tables_nr - 1; /* fadt is first */
 int i;
 
-ssdt_tables = g_array_sized_new(false, true, sizeof(AcpiSdtTable),
-ssdt_tables_nr);
 for (i = 0; i < ssdt_tables_nr; i++) {
 AcpiSdtTable ssdt_table;
+
+memset(&ssdt_table, 0 , sizeof(ssdt_table));
 uint32_t addr = data->rsdt_tables_addr[i + 1]; /* fadt is first */
 test_dst_table(&ssdt_table, addr);
-g_array_append_val(ssdt_tables, ssdt_table);
+g_array_append_val(data->ssdt_tables, ssdt_table);
+}
+

[Qemu-devel] [PATCH v2 1/3] acpi unit-test: add test files

[Marcel Apfelbaum]

Added unit-test's expected aml files to be compared
with the actual ACPI tables.

Signed-off-by: Marcel Apfelbaum 
---
 tests/acpi-test-data/pc/APIC  | Bin 0 -> 120 bytes
 tests/acpi-test-data/pc/DSDT  | Bin 0 -> 4407 bytes
 tests/acpi-test-data/pc/FACP  | Bin 0 -> 116 bytes
 tests/acpi-test-data/pc/FACS  | Bin 0 -> 64 bytes
 tests/acpi-test-data/pc/HPET  | Bin 0 -> 56 bytes
 tests/acpi-test-data/pc/SSDT  | Bin 0 -> 2104 bytes
 tests/acpi-test-data/q35/APIC | Bin 0 -> 120 bytes
 tests/acpi-test-data/q35/DSDT | Bin 0 -> 7344 bytes
 tests/acpi-test-data/q35/FACP | Bin 0 -> 116 bytes
 tests/acpi-test-data/q35/FACS | Bin 0 -> 64 bytes
 tests/acpi-test-data/q35/HPET | Bin 0 -> 56 bytes
 tests/acpi-test-data/q35/MCFG | Bin 0 -> 60 bytes
 tests/acpi-test-data/q35/SSDT | Bin 0 -> 2104 bytes
 13 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 tests/acpi-test-data/pc/APIC
 create mode 100644 tests/acpi-test-data/pc/DSDT
 create mode 100644 tests/acpi-test-data/pc/FACP
 create mode 100644 tests/acpi-test-data/pc/FACS
 create mode 100644 tests/acpi-test-data/pc/HPET
 create mode 100644 tests/acpi-test-data/pc/SSDT
 create mode 100644 tests/acpi-test-data/q35/APIC
 create mode 100644 tests/acpi-test-data/q35/DSDT
 create mode 100644 tests/acpi-test-data/q35/FACP
 create mode 100644 tests/acpi-test-data/q35/FACS
 create mode 100644 tests/acpi-test-data/q35/HPET
 create mode 100644 tests/acpi-test-data/q35/MCFG
 create mode 100644 tests/acpi-test-data/q35/SSDT

diff --git a/tests/acpi-test-data/pc/APIC b/tests/acpi-test-data/pc/APIC
new file mode 100644
index 
..84509e0ae4cabeb5ead3e42a4edfa50abddbc17d
GIT binary patch
literal 120
zcmZ<^@N}+VU|?W;>*Vk35v<@85#a0y6k`O6f!H9Lf#JbFFwFr}2jnsGfW!{`1CdNz
hKn!AlSgfo-nis_4Y~=8ONXHE~({^qL$K1mMp&rM3Mq+8uLYw(@SA;m!c?B(wa*fDQI+;asud7
z5UveGF$&0PQ9HgAsp_IfI^a3|2+grae}wicq$sSD+2@(jQu7EgknUk;{;f(8pn^G#l~O=``@I#pM$*FTHp60LM*QaaETr<-6@UrdjFxelKg}C9wi|hqn%>~!)BIG=
zPRQ^-&n^L|=KumGlN_1il>+&M=;->_Wb%)#(J?P$}fI)?yepmVKJdg
z$?2Wi55cXA$m@pif;ukl2Vt$Ms&UXvss}-*RviZAFrvp;X-4#L`0$aeVmlZ>HlzGW
zP`MYun1cO@x+DrgxUsIPOF=WKeh_pv)`vlbBFYLyl$B0IkN!Xb$Uh#(&W^37plNRf
z&0aDG2F?MFKF;!1(AxnV%hzvnVD+Cmq!;crcm1`X>ql$uMilnyFr=1vNKJz;W8uW3
z{MRQjoW!}wWDKLi*Czw`%ODT`{%?8=V=-sbuoR1;@W(6-+3UAp(RewxGSkWKAA9M0
zt$HLE19l*Voxw%mr9fama#S^CKU^fJ_%H^lRApr)3Tr;5Jt2eq#wr+NVZJiQ;JmNJ
zUkN^~)KqvA#~8y`Y7~CrY^F7{w$%>LyCLn?%U(*v)Q=B-{SieWPk^l(Fw+T|y9Rs$
zrdOwm={2yhH+{T2oz)v=vX&`k|M=(Ko`-~L;pcG4)37Xy#g;LIAvmcLE$xT!5K@^#
z=pWy_-SDU8rs-zo;7`X>I>r!#fnJ}%XIPd}IIR8SpX}`2ojT4fTy(TWx&#gxZd;qa
zH+>anz+G1JO91gGgL68DSJpJ+s#tCr-<#i?V6}`l<{KQx(k=L@C6oTL6ZED@t!XG4
zp&tn4h}o9$h53bP+odDv-?Y5Fok}t~X+wPwk{;3czAMbBd1``Pa%7lI3RArhMx>^3
zaDv_$Cv}>_I5x&{ZrkT;0vBS~Gji~)u`TZHLs
zk7yY=tw;C-CoAao=5PP@Xg+7*>js_O+dinef%Q7f=c!$!P&5)@qVQmT*2+&N_|-!d
zP8E5fVL?5UerTFV^2GSkGbKII_DqpyVu~*kWkgfyiIP0AH_{fr(aQErk!NCRDo-?(
zo+!yP$$}pWWh*@`IAfHimhwzGk5cDMOV6YSY3Z4mrj=*Xd6YV5hH+-3XJVS+oG5k9
z8OAvyJrm9u&WTdzv>B((IBm{}Qs=}^DvnUXnPr?=&WTdz6pT|aPQf`*>YVr^#hf@M
za#nJTGsihm>YVs#*XA?NIP;tnrOr9aIPuSqagzC*<(w#W&I02sFwO$!M5%MmG0r*0
zImbCs>YNVabQq_@IZ^7IxE<5xv&cA$oD-$aInOxf8RtCbM5%KwFwOYOg)
zbQ!11IZ^7Ii;Q!TaV~OBlse}U<6L5#OPmv>&WZa$ZQWjCoR>H!N}Y3=aV|5?WzLCG
z=Uic&D~xl6bE4EaFEh@|jPo+*M5%MGGEUqOsdr9(HCH(&N}clx
zTa|7#+g)hi!Jqyp`$QZa;2t(R7CCpLeaGu&(V$x{7DVo=3}odQ;t*a?n@HomJ<7d2
z5J$rUs*kC;f83d&H#*sqMs6g*1Isl6U`g1YAx
zBflNO@2D=0WXqg9YmBK&QeTR~ZfLwXP`$v-dACjNXW1JUvg7vZM`y2S*()-81^Y)Q
zog{n3{o(AD{_zg6dl#~c)c=vbs->^W^wkULtM5o(JxlLjOpoWCA5CA=(${4A+J*GB
zccicNkM}I34=<*-RQhBI(V+;ZJlWpo+>D%TH>bv!x{6ISyH2Y>TS50@FW9LYc*ORC
zz1;(dhsB(*0rwDe4TcBL2O2t49I>xO%9h6+*1uvreDU-s268pV;GFYlUU5am;1*4
zt2{P;jz>h?0PYW;>>Kc4RQmJD;KA^L?0O6%aq_^}?QQ-lHeT7X6z1dD+090+pee^~
zw(bS(a=E+#I0&6`8QjIFS+2nS^V1b=t6c|Mt8ia!+p(Y0x~81gRq?SZ&LZ7Z>JwG`
TLKSsYG*scK!dFF86`Sxs!BbPgzCU|?Xp>E!S15v<@85#a0w6k`O6f!H9L;lclU2Owr-;AGeYFXsWItFBVgbdO7+6?<^nd>U{9pknv9y7K0RZCI76AYN

literal 0
HcmV?d1

diff --git a/tests/acpi-test-data/pc/FACS b/tests/acpi-test-data/pc/FACS
new file mode 100644
index 
..fc67ecc40782bd7fe8921e430d7de67f0bfaad93
GIT binary patch
literal 64
PcmZ>BbPjf4ARhn#RKNjV

literal 0
HcmV?d1

diff --git a/tests/acpi-test-data/pc/HPET b/tests/acpi-test-data/pc/HPET
new file mode 100644
index 
..df689b8f99c1c43cfd7d63bdede3bcdfd23b7de1
GIT binary patch
literal 56
xcmeYWa1F6wU|?WmcJg=j2v%^42ypfQiZKGkKx`1rxTviGNCClxe-N610RT2D3IPBB

literal 0
HcmV?d1

diff --git a/tests/acpi-test-data/pc/SSDT b/tests/acpi-test-data/pc/SSDT
new file mode 100644
index 
..5ab1b96af004737738f3386e73e4dc1d425ab77e
GIT binary patch
literal 2104
zcmZvc%TC)s6o$vSVVs*23<>wHDs@$dJG(lzDW**_#D-D@X|kyVi%M*}qf}+Xk{6&-
z-lK0;dL}vlf_AdWcV<2v|DK#onnu}yErext2jOx0s(T^Bl-4XEgl7Hic8iz7mVT-#
zRNWHAs`C8&`;RR<=gOh2PO2JZhuX|Ov=INh@bSfh`-VEIbXzq`1&f|RyrY_S!O1zf
zX|=0&bT{{1QDN{?eP5x)u(r|#8;k<9dl%*KiGv{7}O
z_xdF0n7)Yzz2xMQL9ai<0^tR9Px{HMyWW~UMsK)3zX~0H^rKr0rSI!D^omKO^wCY<
zAqZtc@31ety6O

[Qemu-devel] [PATCH v2 2/3] configure: added acpi unit-test files

[Marcel Apfelbaum]

Ensure configure will set-up links for the files
if the build is created in other directory.

Signed-off-by: Marcel Apfelbaum 
---
 configure | 4 
 1 file changed, 4 insertions(+)

diff --git a/configure b/configure
index edfea95..c30be12 100755
--- a/configure
+++ b/configure
@@ -4744,6 +4744,10 @@ for bios_file in \
 do
 FILES="$FILES pc-bios/`basename $bios_file`"
 done
+for test_file in `find $source_path/tests/acpi-test-data -type f`
+do
+FILES="$FILES tests/acpi-test-data`echo $test_file | sed -e 
's/.*acpi-test-data//'`"
+done
 mkdir -p $DIRS
 for f in $FILES ; do
 if [ -e "$source_path/$f" ] && [ "$source_path" != `pwd` ]; then
-- 
1.8.3.1

[Qemu-devel] [PATCH v2 0/3] acpi unit-test: compare resulting aml vs expected aml

[Marcel Apfelbaum]

The test:
 - runs only if iasl is installed on the host machine.
 - the test plan:
   1. Dumps the ACPI tables as AML on the disk.
   2. Runs iasl to disassembly the tables into ASL files.
   3. Runs iasl to disassembly the offline AML files.
   3. Compares them with expected offline ASL files.
 - the test runs for both default machine and q35.
 - in case the test fails, it can be easily tweaked to
   show the differences between the ASL files and
   understand the issue.

Patches:
 1/3 - expected aml files
 2/3 - creates links for the expected files
   if the build directory is not current
 3/3 - the test
Marcel Apfelbaum (3):
  acpi unit-test: add test files
  configure: added acpi unit-test files
  acpi unit-test: compare DSDT and SSDT tables against expected values

 configure |   4 +
 tests/acpi-test-data/pc/APIC  | Bin 0 -> 120 bytes
 tests/acpi-test-data/pc/DSDT  | Bin 0 -> 4407 bytes
 tests/acpi-test-data/pc/FACP  | Bin 0 -> 116 bytes
 tests/acpi-test-data/pc/FACS  | Bin 0 -> 64 bytes
 tests/acpi-test-data/pc/HPET  | Bin 0 -> 56 bytes
 tests/acpi-test-data/pc/SSDT  | Bin 0 -> 2104 bytes
 tests/acpi-test-data/q35/APIC | Bin 0 -> 120 bytes
 tests/acpi-test-data/q35/DSDT | Bin 0 -> 7344 bytes
 tests/acpi-test-data/q35/FACP | Bin 0 -> 116 bytes
 tests/acpi-test-data/q35/FACS | Bin 0 -> 64 bytes
 tests/acpi-test-data/q35/HPET | Bin 0 -> 56 bytes
 tests/acpi-test-data/q35/MCFG | Bin 0 -> 60 bytes
 tests/acpi-test-data/q35/SSDT | Bin 0 -> 2104 bytes
 tests/acpi-test.c | 257 ++
 15 files changed, 240 insertions(+), 21 deletions(-)
 create mode 100644 tests/acpi-test-data/pc/APIC
 create mode 100644 tests/acpi-test-data/pc/DSDT
 create mode 100644 tests/acpi-test-data/pc/FACP
 create mode 100644 tests/acpi-test-data/pc/FACS
 create mode 100644 tests/acpi-test-data/pc/HPET
 create mode 100644 tests/acpi-test-data/pc/SSDT
 create mode 100644 tests/acpi-test-data/q35/APIC
 create mode 100644 tests/acpi-test-data/q35/DSDT
 create mode 100644 tests/acpi-test-data/q35/FACP
 create mode 100644 tests/acpi-test-data/q35/FACS
 create mode 100644 tests/acpi-test-data/q35/HPET
 create mode 100644 tests/acpi-test-data/q35/MCFG
 create mode 100644 tests/acpi-test-data/q35/SSDT

-- 
1.8.3.1

Re: [Qemu-devel] [Qemu-ppc] [PATCH v3 03/10] raven: move BIOS loading from board code to PCI host

[Alexander Graf]

On 23.12.2013, at 07:48, Hervé Poussineau  wrote:

> Hi,
> 
> Andreas Färber a écrit :
>> Hi,
>> Am 05.11.2013 00:09, schrieb Hervé Poussineau:
>>> Raven datasheet explains where firmware lives in system memory, so do
>>> it there instead of in board code. Other boards using the same PCI
>>> host will not have to copy the firmware loading code.
>> This part we had discussed and no one objected to the approach, so OK.
>>> However, add a specific hack for Open Hack'Ware, which provides only
>>> a 512KB blob to be loaded at 0xfff0, but expects valid code at
>>> 0xfffc (specific Open Hack'Ware reset instruction pointer).
>> Was this part explained before? I don't spot the equivalent in the
>> deleted code. If this is a new workaround, I would rather like to put it
>> in a separate patch for bisecting (can offer to do that myself then).
>> What are the symptoms? I am testing all these patches with OHW.
> 
> Old code does (error checking removed):
> >> -bios_size = get_image_size(filename);
> >> -bios_addr = (uint32_t)(-bios_size);
> >> -bios_size = load_image_targphys(filename, bios_addr,
> Ie, bios_addr = -512KB (size of OHW blob) = 0xfff8
> and firmware is loaded in the range 0xfff8-0x
> OHW expects reset instruction pointer to be 0xfffc (not valid for 604, 
> but that's not the point now), which contains a valid instruction.
> Note that range 0xfff0-0xfff7 is empty.
> 
> Datasheet for raven says that firmware is at 0xfff0, so I changed code to:
> +#define BIOS_SIZE (1024 * 1024)
> +  bios_addr = (uint32_t)(-BIOS_SIZE);
> +  bios_size = load_image_targphys(filename, bios_addr,
> +  bios_size);
> Ie, bios_addr = -1MB = 0xfff0
> and firmware is loaded in the range 0xfff0-0xfff7.
> This doesn't work due to reset instruction pointer which now is pointing to 
> empty memory, and symptoms are an empty screen on OHW.
> 
> So, I'm adding this hack for OHW, to mirror the 0xfff0-0xfff7 range 
> to 0xfff8-0x.
> 
> So, this patch is a small functional change, as it adds a copy of the 
> firmware in a new range 0xfff0-0xfff7, but I think we can live with 
> it.
> 
> We'll be able to remove it once we switch to another firmware which uses the 
> right reset instruction pointer or whose size is 1MB.

Couldn't we just make the ROM fill the upper part of the 1MB region when we see 
it's smaller than 1MB? So that we pad at the bottom, not the top?

  bios_size = get_image_size(filename);
  if (bios_size < 0) {
// error handling
  }
  assert(bios_size <= (1*MB));
  bios_addr = (uint32_t)(-bios_size);


Alex

Re: [Qemu-devel] [PATCH 09/11] ACPI: move PRST OperationRegion into SSDT

[Michael S. Tsirkin]

On Sun, Dec 22, 2013 at 03:51:28PM +0100, Igor Mammedov wrote:
> On Mon, 16 Dec 2013 21:53:07 +0200
> "Michael S. Tsirkin"  wrote:
> 
> > On Fri, Dec 13, 2013 at 05:22:14PM +0100, Igor Mammedov wrote:
> > > .. and report range used by it to OSPM via _CRS.
> > > PRST is needed in SSDT since its base will depend on
> > > chipset and will be dynamically set by QEMU.
> > > Also move PRSC() method along with PRST since cross
> > > table reference to PRST doesn't work.
> > > 
> > > Signed-off-by: Igor Mammedov 
> > > ---
> > >  hw/i386/acpi-dsdt-cpu-hotplug.dsl | 39 +--
> > >  hw/i386/acpi-dsdt.dsl |  2 +-
> > >  hw/i386/q35-acpi-dsdt.dsl |  2 +-
> > >  hw/i386/ssdt-misc.dsl | 65 
> > > +++
> > >  4 files changed, 68 insertions(+), 40 deletions(-)
> > > 
> > > diff --git a/hw/i386/acpi-dsdt-cpu-hotplug.dsl 
> > > b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > index 995b415..f26f81b 100644
> > > --- a/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > +++ b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > @@ -20,6 +20,7 @@
> > >  Scope(\_SB) {
> > >  /* Objects filled in by run-time generated SSDT */
> > >  External(NTFY, MethodObj)
> > > +External(\_SB.CPHD.PRSC, MethodObj)
> > >  External(CPON, PkgObj)
> > >  
> > >  /* Methods called by run-time generated SSDT Processor objects */
> > > @@ -51,42 +52,4 @@ Scope(\_SB) {
> > >  // _EJ0 method - eject callback
> > >  Sleep(200)
> > >  }
> > > -
> > > -OperationRegion(PRST, SystemIO, 0xaf00, 32)
> > > -Field(PRST, ByteAcc, NoLock, Preserve) {
> > > -PRS, 256
> > > -}
> > > -Method(PRSC, 0) {
> > > -// Local5 = active cpu bitmap
> > > -Store(PRS, Local5)
> > > -// Local2 = last read byte from bitmap
> > > -Store(Zero, Local2)
> > > -// Local0 = Processor ID / APIC ID iterator
> > > -Store(Zero, Local0)
> > > -While (LLess(Local0, SizeOf(CPON))) {
> > > -// Local1 = CPON flag for this cpu
> > > -Store(DerefOf(Index(CPON, Local0)), Local1)
> > > -If (And(Local0, 0x07)) {
> > > -// Shift down previously read bitmap byte
> > > -ShiftRight(Local2, 1, Local2)
> > > -} Else {
> > > -// Read next byte from cpu bitmap
> > > -Store(DerefOf(Index(Local5, ShiftRight(Local0, 3))), 
> > > Local2)
> > > -}
> > > -// Local3 = active state for this cpu
> > > -Store(And(Local2, 1), Local3)
> > > -
> > > -If (LNotEqual(Local1, Local3)) {
> > > -// State change - update CPON with new state
> > > -Store(Local3, Index(CPON, Local0))
> > > -// Do CPU notify
> > > -If (LEqual(Local3, 1)) {
> > > -NTFY(Local0, 1)
> > > -} Else {
> > > -NTFY(Local0, 3)
> > > -}
> > > -}
> > > -Increment(Local0)
> > > -}
> > > -}
> > >  }
> > > diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
> > > index 90efce0..fa9f2d4 100644
> > > --- a/hw/i386/acpi-dsdt.dsl
> > > +++ b/hw/i386/acpi-dsdt.dsl
> > > @@ -311,7 +311,7 @@ DefinitionBlock (
> > >  }
> > >  Method(_E02) {
> > >  // CPU hotplug event
> > > -\_SB.PRSC()
> > > +\_SB.CPHD.PRSC()
> > >  }
> > >  Method(_L03) {
> > >  }
> > > diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
> > > index 22baa58..9ccc543 100644
> > > --- a/hw/i386/q35-acpi-dsdt.dsl
> > > +++ b/hw/i386/q35-acpi-dsdt.dsl
> > > @@ -420,7 +420,7 @@ DefinitionBlock (
> > >  }
> > >  Method(_E02) {
> > >  // CPU hotplug event
> > > -\_SB.PRSC()
> > > +\_SB.CPHD.PRSC()
> > >  }
> > >  Method(_L03) {
> > >  }
> > > diff --git a/hw/i386/ssdt-misc.dsl b/hw/i386/ssdt-misc.dsl
> > > index a4484b8..ec8893c 100644
> > > --- a/hw/i386/ssdt-misc.dsl
> > > +++ b/hw/i386/ssdt-misc.dsl
> > > @@ -116,4 +116,69 @@ DefinitionBlock ("ssdt-misc.aml", "SSDT", 0x01, 
> > > "BXPC", "BXSSDTSUSP", 0x1)
> > >  }
> > >  }
> > >  }
> > > +Scope(\_SB) {
> > > +External(NTFY, MethodObj)
> > > +External(CPON, PkgObj)
> > > +
> > > +Device(CPHD) {
> > > +Name(_HID, EISAID("PNP0C08"))
> > > +Name(CPPL, 32) // cpu-gpe length
> > > +Name(CPHP, 0xaf00)
> > > +
> > > +OperationRegion(PRST, SystemIO, CPHP, CPPL)
> > > +Field(PRST, ByteAcc, NoLock, Preserve) {
> > > +PRS, 256
> > > +}
> > > +
> > > +Method(PRSC, 0) {
> > > +// Local5 = active cpu bitmap
> > > +Store(PRS, Local5)
> > > +// Local2 = last read byte from bitmap
> > > +Stor

[Qemu-devel] [PATCH] target-arm: fix build on fedora

[Michael S. Tsirkin]

commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
"target-arm: A64: add set_pc cpu method"

introduces an array aarch64_cpus which is zero
size if this code is built without CONFIG_USER_ONLY.
In particular an attempt to iterate over this array produces a warning:

 CCaarch64-softmmu/target-arm/cpu64.o
/scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
/scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
expression < 0 is always false [-Werror=type-limits]
 for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
 ^
cc1: all warnings being treated as errors

This is the result of ARRAY_SIZE being an unsigned type,
causing i to be promoted to unsigned int as well.

As zero size arrays are a gcc extension, it seems
cleanest to add a dummy element with NULL name,
and test for it during registration.

Cc: Alexander Graf 
Cc: Peter Maydell 
Cc: Richard Henderson 
Signed-off-by: Michael S. Tsirkin 
---

I have queued this in my tree since it prevents me from
being able to build and test properly.
Pls review and ack.

 target-arm/cpu64.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
index 04ce879..2efe189 100644
--- a/target-arm/cpu64.c
+++ b/target-arm/cpu64.c
@@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
 #ifdef CONFIG_USER_ONLY
 { .name = "any", .initfn = aarch64_any_initfn },
 #endif
+{ .name = NULL }
 };
 
 static void aarch64_cpu_initfn(Object *obj)
@@ -100,6 +101,10 @@ static void aarch64_cpu_register(const ARMCPUInfo *info)
 .class_init = info->class_init,
 };
 
+if (!info->name) {
+return;
+}
+
 type_info.name = g_strdup_printf("%s-" TYPE_ARM_CPU, info->name);
 type_register(&type_info);
 g_free((void *)type_info.name);
-- 
MST

Re: [Qemu-devel] [PATCH v2 0/3] acpi unit-test: compare resulting aml vs expected aml

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 12:13:23PM +0200, Marcel Apfelbaum wrote:
> The test:
>  - runs only if iasl is installed on the host machine.
>  - the test plan:
>1. Dumps the ACPI tables as AML on the disk.
>2. Runs iasl to disassembly the tables into ASL files.
>3. Runs iasl to disassembly the offline AML files.
>3. Compares them with expected offline ASL files.
>  - the test runs for both default machine and q35.

Looks good to me overall.
One thing I'd like to ask is that you add a script to
run after ACPI tables are updated.
It could update both pre-generated hex files and the
expected files.

>  - in case the test fails, it can be easily tweaked to
>show the differences between the ASL files and
>understand the issue.

How exactly does it need to be tweaked?

> Patches:
>  1/3 - expected aml files
>  2/3 - creates links for the expected files
>if the build directory is not current
>  3/3 - the test
> Marcel Apfelbaum (3):
>   acpi unit-test: add test files
>   configure: added acpi unit-test files
>   acpi unit-test: compare DSDT and SSDT tables against expected values
> 
>  configure |   4 +
>  tests/acpi-test-data/pc/APIC  | Bin 0 -> 120 bytes
>  tests/acpi-test-data/pc/DSDT  | Bin 0 -> 4407 bytes
>  tests/acpi-test-data/pc/FACP  | Bin 0 -> 116 bytes
>  tests/acpi-test-data/pc/FACS  | Bin 0 -> 64 bytes
>  tests/acpi-test-data/pc/HPET  | Bin 0 -> 56 bytes
>  tests/acpi-test-data/pc/SSDT  | Bin 0 -> 2104 bytes
>  tests/acpi-test-data/q35/APIC | Bin 0 -> 120 bytes
>  tests/acpi-test-data/q35/DSDT | Bin 0 -> 7344 bytes
>  tests/acpi-test-data/q35/FACP | Bin 0 -> 116 bytes
>  tests/acpi-test-data/q35/FACS | Bin 0 -> 64 bytes
>  tests/acpi-test-data/q35/HPET | Bin 0 -> 56 bytes
>  tests/acpi-test-data/q35/MCFG | Bin 0 -> 60 bytes
>  tests/acpi-test-data/q35/SSDT | Bin 0 -> 2104 bytes
>  tests/acpi-test.c | 257 
> ++
>  15 files changed, 240 insertions(+), 21 deletions(-)
>  create mode 100644 tests/acpi-test-data/pc/APIC
>  create mode 100644 tests/acpi-test-data/pc/DSDT
>  create mode 100644 tests/acpi-test-data/pc/FACP
>  create mode 100644 tests/acpi-test-data/pc/FACS
>  create mode 100644 tests/acpi-test-data/pc/HPET
>  create mode 100644 tests/acpi-test-data/pc/SSDT
>  create mode 100644 tests/acpi-test-data/q35/APIC
>  create mode 100644 tests/acpi-test-data/q35/DSDT
>  create mode 100644 tests/acpi-test-data/q35/FACP
>  create mode 100644 tests/acpi-test-data/q35/FACS
>  create mode 100644 tests/acpi-test-data/q35/HPET
>  create mode 100644 tests/acpi-test-data/q35/MCFG
>  create mode 100644 tests/acpi-test-data/q35/SSDT
> 
> -- 
> 1.8.3.1

Re: [Qemu-devel] [PATCH v2 3/3] acpi unit-test: compare DSDT and SSDT tables against expected values

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 12:13:26PM +0200, Marcel Apfelbaum wrote:
> This test will run only if iasl is installed on the host machine.
> The test plan:
>  1. Dumps the ACPI tables as AML on the disk.
>  2. Runs iasl to disassembly the tables into ASL files.
>  3. Runs iasl to disassembly the offline AML files into ASL files.
>  4. Compares the ASL files.
> 
> The test runs for both default machine and q35.
> In case the test fails, it can be easily tweaked to
> show the differences between the ASL files and
> understand the issue.
> 
> Signed-off-by: Marcel Apfelbaum 
> ---
>  tests/acpi-test.c | 257 
> +-
>  1 file changed, 236 insertions(+), 21 deletions(-)
> 
> diff --git a/tests/acpi-test.c b/tests/acpi-test.c
> index ca83b1d..4f0cca6 100644
> --- a/tests/acpi-test.c
> +++ b/tests/acpi-test.c
> @@ -18,14 +18,22 @@
>  #include "qemu/compiler.h"
>  #include "hw/i386/acpi-defs.h"
>  
> +#define MACHINE_PC "pc"
> +#define MACHINE_Q35 "q35"
> +
>  /* DSDT and SSDTs format */
>  typedef struct {
>  AcpiTableHeader header;
> -uint8_t *aml;
> -int aml_len;
> -} AcpiSdtTable;
> +gchar *aml;/* aml bytecode from guest */
> +gsize aml_len;
> +gchar *aml_file;
> +gchar *asl;/* asl code generated from aml */
> +gsize asl_len;
> +gchar *asl_file;
> +} QEMU_PACKED AcpiSdtTable;
>  
>  typedef struct {
> +const char *machine;
>  uint32_t rsdp_addr;
>  AcpiRsdpDescriptor rsdp_table;
>  AcpiRsdtDescriptorRev1 rsdt_table;
> @@ -33,8 +41,7 @@ typedef struct {
>  AcpiFacsDescriptorRev1 facs_table;
>  uint32_t *rsdt_tables_addr;
>  int rsdt_tables_nr;
> -AcpiSdtTable dsdt_table;
> -GArray *ssdt_tables;
> +GArray *ssdt_tables; /* first is DSDT */
>  } test_data;
>  
>  #define LOW(x) ((x) & 0xff)
> @@ -91,8 +98,10 @@ typedef struct {
>  
>  /* Boot sector code: write SIGNATURE into memory,
>   * then halt.
> + * Q35 machine requires a minimum 0x7e000 bytes disk.
> + * (bug or feature?)
>   */
> -static uint8_t boot_sector[0x200] = {
> +static uint8_t boot_sector[0x7e000] = {
>  /* 7c00: mov $0xdead,%ax */
>  [0x00] = 0xb8,
>  [0x01] = LOW(SIGNATURE),
> @@ -117,17 +126,40 @@ static uint8_t boot_sector[0x200] = {
>  };
>  
>  static const char *disk = "tests/acpi-test-disk.raw";
> +static const char *data_dir = "tests/acpi-test-data";
>  
>  static void free_test_data(test_data *data)
>  {
> +AcpiSdtTable *temp;
>  int i;
>  
> -g_free(data->rsdt_tables_addr);
> +if (data->rsdt_tables_addr) {
> +g_free(data->rsdt_tables_addr);
> +}
> +
>  for (i = 0; i < data->ssdt_tables->len; ++i) {
> -g_free(g_array_index(data->ssdt_tables, AcpiSdtTable, i).aml);
> +temp = &g_array_index(data->ssdt_tables, AcpiSdtTable, i);
> +if (temp->aml) {
> +g_free(temp->aml);
> +}
> +if (temp->aml_file) {
> +if (g_strstr_len(temp->aml_file, -1, "aml-")) {
> +unlink(temp->aml_file);
> +}
> +g_free(temp->aml_file);
> +}
> +if (temp->asl) {
> +g_free(temp->asl);
> +}
> +if (temp->asl_file) {
> +if (g_strstr_len(temp->asl_file, -1, "asl-")) {
> +unlink(temp->asl_file);
> +}
> +g_free(temp->asl_file);
> +}
>  }
> +
>  g_array_free(data->ssdt_tables, false);
> -g_free(data->dsdt_table.aml);
>  }
>  
>  static uint8_t acpi_checksum(const uint8_t *data, int len)
> @@ -292,34 +324,203 @@ static void test_dst_table(AcpiSdtTable *sdt_table, 
> uint32_t addr)
>  ACPI_READ_ARRAY_PTR(sdt_table->aml, sdt_table->aml_len, addr);
>  
>  checksum = acpi_checksum((uint8_t *)sdt_table, sizeof(AcpiTableHeader)) +
> -   acpi_checksum(sdt_table->aml, sdt_table->aml_len);
> +   acpi_checksum((uint8_t *)sdt_table->aml, sdt_table->aml_len);
>  g_assert(!checksum);
>  }
>  
>  static void test_acpi_dsdt_table(test_data *data)
>  {
> -AcpiSdtTable *dsdt_table = &data->dsdt_table;
> +AcpiSdtTable dsdt_table;
>  uint32_t addr = data->fadt_table.dsdt;
>  
> -test_dst_table(dsdt_table, addr);
> -g_assert_cmphex(dsdt_table->header.signature, ==, ACPI_DSDT_SIGNATURE);
> +memset(&dsdt_table, 0, sizeof(dsdt_table));
> +data->ssdt_tables = g_array_new(false, true, sizeof(AcpiSdtTable));
> +
> +test_dst_table(&dsdt_table, addr);
> +g_assert_cmphex(dsdt_table.header.signature, ==, ACPI_DSDT_SIGNATURE);
> +
> +/* Place DSDT first */
> +g_array_append_val(data->ssdt_tables, dsdt_table);
>  }
>  
>  static void test_acpi_ssdt_tables(test_data *data)
>  {
> -GArray *ssdt_tables;
>  int ssdt_tables_nr = data->rsdt_tables_nr - 1; /* fadt is first */
>  int i;
>  
> -ssdt_tables = g_array_sized_new(false, true, sizeof(AcpiSdtTable),
> -ssdt_tables_nr);
>  fo

Re: [Qemu-devel] [Qemu-trivial] [PATCH] target-m68k: Replace qemu_assert by hw_error

[Michael Tokarev]

12.12.2013 01:00, Stefan Weil wrote:
> hw_error is already used for target-arm and target-s390x.
> Using it for target-m68k fixes this compiler warning with Darwin because
> hw_error is declared with QEMU_NORETURN:

Thanks, applied to the trivial-patches queue.

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH] configure: Rewrite code for help message

[Michael Tokarev]

19.12.2013 01:09, Stefan Weil wrote:
> In the new form most lines of the code now look like the final output:
> there is no leading echo command and the lines are shorter.
> 
> The resulting output is nearly identical: the only difference is a blank
> character which was deliberately removed:

> This patch might break other patches which are waiting for being pulled,
> so I don't know whether it can be applied via qemu-trivial.

It is be okay so far, as no one appears to be touching this area right now.
Hope for the best ;)

Thanks, applied to the trivial-patches queue.

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH] configure: Python tests must be done before help message

[Michael Tokarev]

19.12.2013 01:30, Stefan Weil wrote:
> The help message uses $python and displays its value, so that macro
> should be tested and set early.

Thanks, applied to the trivial-patches queue.

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH] doc: Mention chardev:id in available devices for -serial

[Michael Tokarev]

20.12.2013 17:44, Ingo van Lil wrote:
> It is possible to pre-define a character device with the -chardev option
> and reference its id as serial device. The man page does not mention this
> feature.

Thanks, applied to the trivial-patches queue.

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH] pxa27x: Reduce size of keyboard matrix mapping

[Michael Tokarev]

22.12.2013 18:32, Stefan Weil wrote:
> The row and column values use only a very limited range (-1 ... 7),
> so a byte value is sufficient.

Thanks, applied to the trivial-patches queue.

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH] pxa27x: Add 'const' attribute to keyboard maps

[Michael Tokarev]

22.12.2013 18:22, Stefan Weil wrote:
> The mapping is a hardware feature, so it is relatively constant.

Thanks, applied to the trivial-patches queue.

/mjt

Re: [Qemu-devel] [Qemu-trivial] [PATCH v3] mainstone: Fix duplicate array values for key 'space'

[Michael Tokarev]

22.12.2013 23:42, Stefan Weil wrote:
> cgcc reported a duplicate initialisation. Mainstone includes a matrix
> keyboard where two different positions map to 'space'.

Thanks, applied to the trivial-patches queue.

/mjt

Re: [Qemu-devel] [PATCH v2 0/3] acpi unit-test: compare resulting aml vs expected aml

[Marcel Apfelbaum]

On Mon, 2013-12-23 at 14:02 +0200, Michael S. Tsirkin wrote:
> On Mon, Dec 23, 2013 at 12:13:23PM +0200, Marcel Apfelbaum wrote:
> > The test:
> >  - runs only if iasl is installed on the host machine.
> >  - the test plan:
> >1. Dumps the ACPI tables as AML on the disk.
> >2. Runs iasl to disassembly the tables into ASL files.
> >3. Runs iasl to disassembly the offline AML files.
> >3. Compares them with expected offline ASL files.
> >  - the test runs for both default machine and q35.
> 
> Looks good to me overall.
> One thing I'd like to ask is that you add a script to
> run after ACPI tables are updated.
> It could update both pre-generated hex files and the
> expected files.
I don't think that I understand, what is the script's
purpose?

> 
> >  - in case the test fails, it can be easily tweaked to
> >show the differences between the ASL files and
> >understand the issue.
> 
> How exactly does it need to be tweaked?
Instead of the assert that is failing when the asl files
are not the same, one could print them to console.
Another thing that can be done is to print to
console the  dumped asl file names and manually do the diff.

Thanks,
Marcel

> 
> > Patches:
> >  1/3 - expected aml files
> >  2/3 - creates links for the expected files
> >if the build directory is not current
> >  3/3 - the test
> > Marcel Apfelbaum (3):
> >   acpi unit-test: add test files
> >   configure: added acpi unit-test files
> >   acpi unit-test: compare DSDT and SSDT tables against expected values
> > 
> >  configure |   4 +
> >  tests/acpi-test-data/pc/APIC  | Bin 0 -> 120 bytes
> >  tests/acpi-test-data/pc/DSDT  | Bin 0 -> 4407 bytes
> >  tests/acpi-test-data/pc/FACP  | Bin 0 -> 116 bytes
> >  tests/acpi-test-data/pc/FACS  | Bin 0 -> 64 bytes
> >  tests/acpi-test-data/pc/HPET  | Bin 0 -> 56 bytes
> >  tests/acpi-test-data/pc/SSDT  | Bin 0 -> 2104 bytes
> >  tests/acpi-test-data/q35/APIC | Bin 0 -> 120 bytes
> >  tests/acpi-test-data/q35/DSDT | Bin 0 -> 7344 bytes
> >  tests/acpi-test-data/q35/FACP | Bin 0 -> 116 bytes
> >  tests/acpi-test-data/q35/FACS | Bin 0 -> 64 bytes
> >  tests/acpi-test-data/q35/HPET | Bin 0 -> 56 bytes
> >  tests/acpi-test-data/q35/MCFG | Bin 0 -> 60 bytes
> >  tests/acpi-test-data/q35/SSDT | Bin 0 -> 2104 bytes
> >  tests/acpi-test.c | 257 
> > ++
> >  15 files changed, 240 insertions(+), 21 deletions(-)
> >  create mode 100644 tests/acpi-test-data/pc/APIC
> >  create mode 100644 tests/acpi-test-data/pc/DSDT
> >  create mode 100644 tests/acpi-test-data/pc/FACP
> >  create mode 100644 tests/acpi-test-data/pc/FACS
> >  create mode 100644 tests/acpi-test-data/pc/HPET
> >  create mode 100644 tests/acpi-test-data/pc/SSDT
> >  create mode 100644 tests/acpi-test-data/q35/APIC
> >  create mode 100644 tests/acpi-test-data/q35/DSDT
> >  create mode 100644 tests/acpi-test-data/q35/FACP
> >  create mode 100644 tests/acpi-test-data/q35/FACS
> >  create mode 100644 tests/acpi-test-data/q35/HPET
> >  create mode 100644 tests/acpi-test-data/q35/MCFG
> >  create mode 100644 tests/acpi-test-data/q35/SSDT
> > 
> > -- 
> > 1.8.3.1

Re: [Qemu-devel] [RESEND-try-2][PATCH] hw/9pfs: fix P9_STATS_GEN handling

[Kirill A. Shutemov]

Aneesh Kumar K.V wrote:
> "Kirill A. Shutemov"  writes:
> 
> > Kirill A. Shutemov wrote:
> >> Currently we have few issues with P9_STATS_GEN:
> >> 
> >>  - We don't try to read st_gen anything except files or directories, but
> >>still set P9_STATS_GEN bit in st_result_mask. It may mislead client:
> >>we present garbage as valid st_gen.
> >> 
> >>  - If we failed to get valid st_gen with ENOTTY, we ignore error, but
> >>still set P9_STATS_GEN bit in st_result_mask.
> >> 
> >>  - If we failed to get valid st_gen with any other errno, we fail
> >>getattr altogether. It's excessive: we block valid client use-cases,
> >>like chdir(2) to non-readable directory with execution bit set.
> >> 
> >> The patch fixes these issues and cleanup code a bit.
> >> 
> >> Signed-off-by: Kirill A. Shutemov 
> >> Reviewed-by: Daniel P. Berrange 
> >> Reviewed-by: Aneesh Kumar K.V 
> >
> > Ping?
> >
> 
> I am hoping that this will go to upstream directly without me doing a
> pull request ? Anthony, let me know if this need anything to be done
> from my side

So? Nobody cares?

-- 
 Kirill A. Shutemov

Re: [Qemu-devel] [PATCH v2 3/3] acpi unit-test: compare DSDT and SSDT tables against expected values

[Marcel Apfelbaum]

On Mon, 2013-12-23 at 14:06 +0200, Michael S. Tsirkin wrote:
> On Mon, Dec 23, 2013 at 12:13:26PM +0200, Marcel Apfelbaum wrote:
> > This test will run only if iasl is installed on the host machine.
> > The test plan:
> >  1. Dumps the ACPI tables as AML on the disk.
> >  2. Runs iasl to disassembly the tables into ASL files.
> >  3. Runs iasl to disassembly the offline AML files into ASL files.
> >  4. Compares the ASL files.
> > 
> > The test runs for both default machine and q35.
> > In case the test fails, it can be easily tweaked to
> > show the differences between the ASL files and
> > understand the issue.
> > 
> > Signed-off-by: Marcel Apfelbaum 
> > ---
> >  tests/acpi-test.c | 257 
> > +-
> >  1 file changed, 236 insertions(+), 21 deletions(-)
> > 
> > diff --git a/tests/acpi-test.c b/tests/acpi-test.c
> > index ca83b1d..4f0cca6 100644
> > --- a/tests/acpi-test.c
> > +++ b/tests/acpi-test.c
> > @@ -18,14 +18,22 @@
> >  #include "qemu/compiler.h"
> >  #include "hw/i386/acpi-defs.h"
> >  
> > +#define MACHINE_PC "pc"
> > +#define MACHINE_Q35 "q35"
> > +
> >  /* DSDT and SSDTs format */
> >  typedef struct {
> >  AcpiTableHeader header;
> > -uint8_t *aml;
> > -int aml_len;
> > -} AcpiSdtTable;
> > +gchar *aml;/* aml bytecode from guest */
> > +gsize aml_len;
> > +gchar *aml_file;
> > +gchar *asl;/* asl code generated from aml */
> > +gsize asl_len;
> > +gchar *asl_file;
> > +} QEMU_PACKED AcpiSdtTable;
> >  
> >  typedef struct {
> > +const char *machine;
> >  uint32_t rsdp_addr;
> >  AcpiRsdpDescriptor rsdp_table;
> >  AcpiRsdtDescriptorRev1 rsdt_table;
> > @@ -33,8 +41,7 @@ typedef struct {
> >  AcpiFacsDescriptorRev1 facs_table;
> >  uint32_t *rsdt_tables_addr;
> >  int rsdt_tables_nr;
> > -AcpiSdtTable dsdt_table;
> > -GArray *ssdt_tables;
> > +GArray *ssdt_tables; /* first is DSDT */
> >  } test_data;
> >  
> >  #define LOW(x) ((x) & 0xff)
> > @@ -91,8 +98,10 @@ typedef struct {
> >  
> >  /* Boot sector code: write SIGNATURE into memory,
> >   * then halt.
> > + * Q35 machine requires a minimum 0x7e000 bytes disk.
> > + * (bug or feature?)
> >   */
> > -static uint8_t boot_sector[0x200] = {
> > +static uint8_t boot_sector[0x7e000] = {
> >  /* 7c00: mov $0xdead,%ax */
> >  [0x00] = 0xb8,
> >  [0x01] = LOW(SIGNATURE),
> > @@ -117,17 +126,40 @@ static uint8_t boot_sector[0x200] = {
> >  };
> >  
> >  static const char *disk = "tests/acpi-test-disk.raw";
> > +static const char *data_dir = "tests/acpi-test-data";
> >  
> >  static void free_test_data(test_data *data)
> >  {
> > +AcpiSdtTable *temp;
> >  int i;
> >  
> > -g_free(data->rsdt_tables_addr);
> > +if (data->rsdt_tables_addr) {
> > +g_free(data->rsdt_tables_addr);
> > +}
> > +
> >  for (i = 0; i < data->ssdt_tables->len; ++i) {
> > -g_free(g_array_index(data->ssdt_tables, AcpiSdtTable, i).aml);
> > +temp = &g_array_index(data->ssdt_tables, AcpiSdtTable, i);
> > +if (temp->aml) {
> > +g_free(temp->aml);
> > +}
> > +if (temp->aml_file) {
> > +if (g_strstr_len(temp->aml_file, -1, "aml-")) {
> > +unlink(temp->aml_file);
> > +}
> > +g_free(temp->aml_file);
> > +}
> > +if (temp->asl) {
> > +g_free(temp->asl);
> > +}
> > +if (temp->asl_file) {
> > +if (g_strstr_len(temp->asl_file, -1, "asl-")) {
> > +unlink(temp->asl_file);
> > +}
> > +g_free(temp->asl_file);
> > +}
> >  }
> > +
> >  g_array_free(data->ssdt_tables, false);
> > -g_free(data->dsdt_table.aml);
> >  }
> >  
> >  static uint8_t acpi_checksum(const uint8_t *data, int len)
> > @@ -292,34 +324,203 @@ static void test_dst_table(AcpiSdtTable *sdt_table, 
> > uint32_t addr)
> >  ACPI_READ_ARRAY_PTR(sdt_table->aml, sdt_table->aml_len, addr);
> >  
> >  checksum = acpi_checksum((uint8_t *)sdt_table, 
> > sizeof(AcpiTableHeader)) +
> > -   acpi_checksum(sdt_table->aml, sdt_table->aml_len);
> > +   acpi_checksum((uint8_t *)sdt_table->aml, 
> > sdt_table->aml_len);
> >  g_assert(!checksum);
> >  }
> >  
> >  static void test_acpi_dsdt_table(test_data *data)
> >  {
> > -AcpiSdtTable *dsdt_table = &data->dsdt_table;
> > +AcpiSdtTable dsdt_table;
> >  uint32_t addr = data->fadt_table.dsdt;
> >  
> > -test_dst_table(dsdt_table, addr);
> > -g_assert_cmphex(dsdt_table->header.signature, ==, ACPI_DSDT_SIGNATURE);
> > +memset(&dsdt_table, 0, sizeof(dsdt_table));
> > +data->ssdt_tables = g_array_new(false, true, sizeof(AcpiSdtTable));
> > +
> > +test_dst_table(&dsdt_table, addr);
> > +g_assert_cmphex(dsdt_table.header.signature, ==, ACPI_DSDT_SIGNATURE);
> > +
> > +/* Place DSDT first */
> > +g_array_append_val(data->

Re: [Qemu-devel] [PATCH v2 10/10] target-mips: Enable KVM support in build system

[James Hogan]

Hi Peter,

On 21/12/13 18:59, Peter Maydell wrote:
>> @@ -4526,6 +4529,7 @@ case "$target_name" in
>>\( "$target_name" = "ppc64"  -a "$cpu" = "ppc" \) -o \
>>\( "$target_name" = "ppc"-a "$cpu" = "ppc64" \) -o \
>>\( "$target_name" = "ppcemb" -a "$cpu" = "ppc64" \) -o \
>> +  \( "$target_name" = "mipsel" -a "$cpu" = "mips" \) -o \
>>\( "$target_name" = "x86_64" -a "$cpu" = "i386"   \) -o \
>>\( "$target_name" = "i386"   -a "$cpu" = "x86_64" \) \) ; then
> 
> Really no support for mips64 or mips64el targets?

At present the MIPS Linux kernel only supports KVM T&E for MIPS32r2. I
would expect that to change eventually.

Thanks
James

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Peter Maydell]

On 23 December 2013 11:56, Michael S. Tsirkin  wrote:
> commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
> "target-arm: A64: add set_pc cpu method"
>
> introduces an array aarch64_cpus which is zero
> size if this code is built without CONFIG_USER_ONLY.
> In particular an attempt to iterate over this array produces a warning:
>
>  CCaarch64-softmmu/target-arm/cpu64.o
> /scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
> /scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
> expression < 0 is always false [-Werror=type-limits]
>  for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
>  ^
> cc1: all warnings being treated as errors
>
> This is the result of ARRAY_SIZE being an unsigned type,
> causing i to be promoted to unsigned int as well.

I guess this is a new gcc warning, since this all builds
fine for me (gcc 4.6.3).

> As zero size arrays are a gcc extension, it seems
> cleanest to add a dummy element with NULL name,
> and test for it during registration.
>
> Cc: Alexander Graf 
> Cc: Peter Maydell 
> Cc: Richard Henderson 
> Signed-off-by: Michael S. Tsirkin 
> ---
>
> I have queued this in my tree since it prevents me from
> being able to build and test properly.
> Pls review and ack.
>
>  target-arm/cpu64.c | 5 +
>  1 file changed, 5 insertions(+)
>
> diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
> index 04ce879..2efe189 100644
> --- a/target-arm/cpu64.c
> +++ b/target-arm/cpu64.c
> @@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
>  #ifdef CONFIG_USER_ONLY
>  { .name = "any", .initfn = aarch64_any_initfn },
>  #endif
> +{ .name = NULL }
>  };
>
>  static void aarch64_cpu_initfn(Object *obj)
> @@ -100,6 +101,10 @@ static void aarch64_cpu_register(const ARMCPUInfo *info)
>  .class_init = info->class_init,
>  };
>
> +if (!info->name) {
> +return;
> +}
> +
>  type_info.name = g_strdup_printf("%s-" TYPE_ARM_CPU, info->name);
>  type_register(&type_info);
>  g_free((void *)type_info.name);

At a minimum, if we take this approach we should add TODO comments
to the effect that the NULL terminator and the if() can be removed
when the first real AArch64 CPU is added.

I think I'd rather put the if (!info->name) continue into the function
which is doing the looping over the array.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Paolo Bonzini]

Il 23/12/2013 13:37, Peter Maydell ha scritto:
> At a minimum, if we take this approach we should add TODO comments
> to the effect that the NULL terminator and the if() can be removed
> when the first real AArch64 CPU is added.
> 
> I think I'd rather put the if (!info->name) continue into the function
> which is doing the looping over the array.

Or just change the termination condition from a check on the array size
to one on info->name.

Paolo

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Peter Maydell]

On 23 December 2013 12:50, Paolo Bonzini  wrote:
> Il 23/12/2013 13:37, Peter Maydell ha scritto:
>> At a minimum, if we take this approach we should add TODO comments
>> to the effect that the NULL terminator and the if() can be removed
>> when the first real AArch64 CPU is added.
>>
>> I think I'd rather put the if (!info->name) continue into the function
>> which is doing the looping over the array.
>
> Or just change the termination condition from a check on the array size
> to one on info->name.

That would take it out of line with the equivalent 32 bit ARM code
(and also moxie and openrisc for what little that's worth) and be
fractionally more tedious to revert later.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 09/11] ACPI: move PRST OperationRegion into SSDT

[Igor Mammedov]

On Mon, 23 Dec 2013 13:26:37 +0200
"Michael S. Tsirkin"  wrote:

> On Sun, Dec 22, 2013 at 03:51:28PM +0100, Igor Mammedov wrote:
> > On Mon, 16 Dec 2013 21:53:07 +0200
> > "Michael S. Tsirkin"  wrote:
> > 
> > > On Fri, Dec 13, 2013 at 05:22:14PM +0100, Igor Mammedov wrote:
> > > > .. and report range used by it to OSPM via _CRS.
> > > > PRST is needed in SSDT since its base will depend on
> > > > chipset and will be dynamically set by QEMU.
> > > > Also move PRSC() method along with PRST since cross
> > > > table reference to PRST doesn't work.
> > > > 
> > > > Signed-off-by: Igor Mammedov 
> > > > ---
> > > >  hw/i386/acpi-dsdt-cpu-hotplug.dsl | 39 +--
> > > >  hw/i386/acpi-dsdt.dsl |  2 +-
> > > >  hw/i386/q35-acpi-dsdt.dsl |  2 +-
> > > >  hw/i386/ssdt-misc.dsl | 65 
> > > > +++
> > > >  4 files changed, 68 insertions(+), 40 deletions(-)
> > > > 
> > > > diff --git a/hw/i386/acpi-dsdt-cpu-hotplug.dsl 
> > > > b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > index 995b415..f26f81b 100644
> > > > --- a/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > +++ b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > @@ -20,6 +20,7 @@
> > > >  Scope(\_SB) {
> > > >  /* Objects filled in by run-time generated SSDT */
> > > >  External(NTFY, MethodObj)
> > > > +External(\_SB.CPHD.PRSC, MethodObj)
> > > >  External(CPON, PkgObj)
> > > >  
> > > >  /* Methods called by run-time generated SSDT Processor objects */
> > > > @@ -51,42 +52,4 @@ Scope(\_SB) {
> > > >  // _EJ0 method - eject callback
> > > >  Sleep(200)
> > > >  }
> > > > -
> > > > -OperationRegion(PRST, SystemIO, 0xaf00, 32)
> > > > -Field(PRST, ByteAcc, NoLock, Preserve) {
> > > > -PRS, 256
> > > > -}
> > > > -Method(PRSC, 0) {
> > > > -// Local5 = active cpu bitmap
> > > > -Store(PRS, Local5)
> > > > -// Local2 = last read byte from bitmap
> > > > -Store(Zero, Local2)
> > > > -// Local0 = Processor ID / APIC ID iterator
> > > > -Store(Zero, Local0)
> > > > -While (LLess(Local0, SizeOf(CPON))) {
> > > > -// Local1 = CPON flag for this cpu
> > > > -Store(DerefOf(Index(CPON, Local0)), Local1)
> > > > -If (And(Local0, 0x07)) {
> > > > -// Shift down previously read bitmap byte
> > > > -ShiftRight(Local2, 1, Local2)
> > > > -} Else {
> > > > -// Read next byte from cpu bitmap
> > > > -Store(DerefOf(Index(Local5, ShiftRight(Local0, 3))), 
> > > > Local2)
> > > > -}
> > > > -// Local3 = active state for this cpu
> > > > -Store(And(Local2, 1), Local3)
> > > > -
> > > > -If (LNotEqual(Local1, Local3)) {
> > > > -// State change - update CPON with new state
> > > > -Store(Local3, Index(CPON, Local0))
> > > > -// Do CPU notify
> > > > -If (LEqual(Local3, 1)) {
> > > > -NTFY(Local0, 1)
> > > > -} Else {
> > > > -NTFY(Local0, 3)
> > > > -}
> > > > -}
> > > > -Increment(Local0)
> > > > -}
> > > > -}
> > > >  }
> > > > diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
> > > > index 90efce0..fa9f2d4 100644
> > > > --- a/hw/i386/acpi-dsdt.dsl
> > > > +++ b/hw/i386/acpi-dsdt.dsl
> > > > @@ -311,7 +311,7 @@ DefinitionBlock (
> > > >  }
> > > >  Method(_E02) {
> > > >  // CPU hotplug event
> > > > -\_SB.PRSC()
> > > > +\_SB.CPHD.PRSC()
> > > >  }
> > > >  Method(_L03) {
> > > >  }
> > > > diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
> > > > index 22baa58..9ccc543 100644
> > > > --- a/hw/i386/q35-acpi-dsdt.dsl
> > > > +++ b/hw/i386/q35-acpi-dsdt.dsl
> > > > @@ -420,7 +420,7 @@ DefinitionBlock (
> > > >  }
> > > >  Method(_E02) {
> > > >  // CPU hotplug event
> > > > -\_SB.PRSC()
> > > > +\_SB.CPHD.PRSC()
> > > >  }
> > > >  Method(_L03) {
> > > >  }
> > > > diff --git a/hw/i386/ssdt-misc.dsl b/hw/i386/ssdt-misc.dsl
> > > > index a4484b8..ec8893c 100644
> > > > --- a/hw/i386/ssdt-misc.dsl
> > > > +++ b/hw/i386/ssdt-misc.dsl
> > > > @@ -116,4 +116,69 @@ DefinitionBlock ("ssdt-misc.aml", "SSDT", 0x01, 
> > > > "BXPC", "BXSSDTSUSP", 0x1)
> > > >  }
> > > >  }
> > > >  }
> > > > +Scope(\_SB) {
> > > > +External(NTFY, MethodObj)
> > > > +External(CPON, PkgObj)
> > > > +
> > > > +Device(CPHD) {
> > > > +Name(_HID, EISAID("PNP0C08"))
> > > > +Name(CPPL, 32) // cpu-gpe length
> > > > +Name(CPHP, 0xaf00)
> > > > +
> > > > +OperationRegion(PRST, SystemIO, CPHP, CPPL)
> > > > +Field(PRST, 

[Qemu-devel] [Bug 1259499] Re: QEmu 1.7.0 cannot restore a 1.6.0 live snapshot made in qemu-system-x86_64

[Francois Gouget]

Thanks for digging into this.
I am indeed getting the same ramblock error. So it's good that there appears to 
be a fix for it.
Also if I understand it correctly this particular issue only affects the 1.6.0 
snapshots so given that most of my snapshots are still on 1.3.x a direct 
upgrade to 1.7+ will hopefully let me avoid the issue.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1259499

Title:
  QEmu 1.7.0 cannot restore a 1.6.0 live snapshot made in qemu-system-
  x86_64

Status in QEMU:
  Confirmed

Bug description:
  I have upgraded to QEmu 1.7.0 (Debian 1.7.0+dfsg-2) but now when I try
  to restore a live snapshot made in QEmu 1.6.0 (Debian 1.6.0+dfsg-1) I
  see that the VM boots from scratch instead of starting directly in the
  snapshot's running state.

  Furthermore if the VM is already running and I try to revert to the
  snapshot again I get the following message:

  $ virsh --connect qemu:///system snapshot-revert fgtbbuild wtb; echo $?
  error: operation failed: Error -22 while loading VM state
  1

  I have test VMs with live snapshots corresponding to different testing
  configurations. So I typically revert the VMs in one of the live
  snapshots and run the tests. It would be pretty annoying to have to
  recreate all these live snapshots any time I upgrade QEmu bug it looks
  like I'll have to do it again.

  This all sounds very much like bug 1123975 where QEmu 1.3 broke
  compatibility with previous versions live snapshots :-(

  Here is the command being run by libvirt:

  /usr/bin/qemu-system-x86_64 -name fgtbbuild -S -machine
  pc-1.1,accel=kvm,usb=off -m 512 -realtime mlock=off -smp
  4,sockets=4,cores=1,threads=1 -uuid f510955c-
  17de-9907-1e33-dfe1ef7a08b6 -no-user-config -nodefaults -chardev
  
socket,id=charmonitor,path=/var/lib/libvirt/qemu/fgtbbuild.monitor,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-
  shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
  file=/mnt/storage1/qemu/fgtbbuild.qcow2,if=none,id=drive-virtio-
  disk0,format=qcow2,cache=writeback -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -drive if=none,id=drive-
  ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive
  =drive-ide0-0-0,id=ide0-0-0 -netdev
  tap,fd=25,id=hostnet0,vhost=on,vhostfd=26 -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=52:54:00:0a:3c:e8,bus=pci.0,addr=0x3
  -chardev pty,id=charserial0 -device isa-
  serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0
  -vnc 127.0.0.1:0 -device qxl-
  vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2
  -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-
  duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0x6 -loadvm wtb

  ipxe-qemu 1.0.0+git-20120202.f6840ba-3
  qemu 1.7.0+dfsg-2
  qemu-keymaps 1.7.0+dfsg-2
  qemu-slof 20130430+dfsg-1
  qemu-system 1.7.0+dfsg-2
  qemu-system-arm 1.7.0+dfsg-2
  qemu-system-common 1.7.0+dfsg-2
  qemu-system-mips 1.7.0+dfsg-2
  qemu-system-misc 1.7.0+dfsg-2
  qemu-system-ppc 1.7.0+dfsg-2
  qemu-system-sparc 1.7.0+dfsg-2
  qemu-system-x86 1.7.0+dfsg-2
  qemu-user 1.7.0+dfsg-2
  qemu-utils 1.7.0+dfsg-2
  libvirt-bin 1.1.4-2
  libvirt0 1.1.4-2
  libvirtodbc0 6.1.6+dfsg-4

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1259499/+subscriptions

[Qemu-devel] [Bug 1259499] Re: QEmu 1.7.0 cannot restore a 1.6.0 live snapshot made in qemu-system-x86_64

[Dr. David Alan Gilbert]

Yes, my understanding of the bug is that 1.7+ should load your 1.3.x
images and then snapshots taken on 1.7.x should be OK into the future.

I don't think there's currently a way of fixing those 1.6.0 snapshots;
that workaround will let you load them in 1.7, but I think if you were
then to take a snapshot on 1.7 with that flag, the snapshot would have
the same problem.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1259499

Title:
  QEmu 1.7.0 cannot restore a 1.6.0 live snapshot made in qemu-system-
  x86_64

Status in QEMU:
  Confirmed

Bug description:
  I have upgraded to QEmu 1.7.0 (Debian 1.7.0+dfsg-2) but now when I try
  to restore a live snapshot made in QEmu 1.6.0 (Debian 1.6.0+dfsg-1) I
  see that the VM boots from scratch instead of starting directly in the
  snapshot's running state.

  Furthermore if the VM is already running and I try to revert to the
  snapshot again I get the following message:

  $ virsh --connect qemu:///system snapshot-revert fgtbbuild wtb; echo $?
  error: operation failed: Error -22 while loading VM state
  1

  I have test VMs with live snapshots corresponding to different testing
  configurations. So I typically revert the VMs in one of the live
  snapshots and run the tests. It would be pretty annoying to have to
  recreate all these live snapshots any time I upgrade QEmu bug it looks
  like I'll have to do it again.

  This all sounds very much like bug 1123975 where QEmu 1.3 broke
  compatibility with previous versions live snapshots :-(

  Here is the command being run by libvirt:

  /usr/bin/qemu-system-x86_64 -name fgtbbuild -S -machine
  pc-1.1,accel=kvm,usb=off -m 512 -realtime mlock=off -smp
  4,sockets=4,cores=1,threads=1 -uuid f510955c-
  17de-9907-1e33-dfe1ef7a08b6 -no-user-config -nodefaults -chardev
  
socket,id=charmonitor,path=/var/lib/libvirt/qemu/fgtbbuild.monitor,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-
  shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
  file=/mnt/storage1/qemu/fgtbbuild.qcow2,if=none,id=drive-virtio-
  disk0,format=qcow2,cache=writeback -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -drive if=none,id=drive-
  ide0-0-0,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=0,drive
  =drive-ide0-0-0,id=ide0-0-0 -netdev
  tap,fd=25,id=hostnet0,vhost=on,vhostfd=26 -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=52:54:00:0a:3c:e8,bus=pci.0,addr=0x3
  -chardev pty,id=charserial0 -device isa-
  serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0
  -vnc 127.0.0.1:0 -device qxl-
  vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2
  -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-
  duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0x6 -loadvm wtb

  ipxe-qemu 1.0.0+git-20120202.f6840ba-3
  qemu 1.7.0+dfsg-2
  qemu-keymaps 1.7.0+dfsg-2
  qemu-slof 20130430+dfsg-1
  qemu-system 1.7.0+dfsg-2
  qemu-system-arm 1.7.0+dfsg-2
  qemu-system-common 1.7.0+dfsg-2
  qemu-system-mips 1.7.0+dfsg-2
  qemu-system-misc 1.7.0+dfsg-2
  qemu-system-ppc 1.7.0+dfsg-2
  qemu-system-sparc 1.7.0+dfsg-2
  qemu-system-x86 1.7.0+dfsg-2
  qemu-user 1.7.0+dfsg-2
  qemu-utils 1.7.0+dfsg-2
  libvirt-bin 1.1.4-2
  libvirt0 1.1.4-2
  libvirtodbc0 6.1.6+dfsg-4

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1259499/+subscriptions

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Stefan Weil]

Am 23.12.2013 13:59, schrieb Peter Maydell:
> On 23 December 2013 12:50, Paolo Bonzini  wrote:
>> Il 23/12/2013 13:37, Peter Maydell ha scritto:
>>> At a minimum, if we take this approach we should add TODO comments
>>> to the effect that the NULL terminator and the if() can be removed
>>> when the first real AArch64 CPU is added.
>>>
>>> I think I'd rather put the if (!info->name) continue into the function
>>> which is doing the looping over the array.
>> Or just change the termination condition from a check on the array size
>> to one on info->name.
> That would take it out of line with the equivalent 32 bit ARM code
> (and also moxie and openrisc for what little that's worth) and be
> fractionally more tedious to revert later.
>
> thanks
> -- PMM

What about adding a dummy CPU (which can be removed later)?

I also got a warning here when I used cgcc / smatch recently, but did
not send a patch because there are too many possible fixes and none of
them seemed to be elegant :-)

Nevertheless, here is one of them:

--- a/target-arm/cpu64.c
+++ b/target-arm/cpu64.c
@@ -46,6 +46,11 @@ static void aarch64_any_initfn(Object *obj)
 set_feature(&cpu->env, ARM_FEATURE_V7MP);
 set_feature(&cpu->env, ARM_FEATURE_AARCH64);
 }
+#else
+static void aarch64_dummy_initfn(Object *obj)
+{
+hw_error("Dummy CPU not supported");
+}
 #endif
 
 typedef struct ARMCPUInfo {
@@ -57,6 +62,9 @@ typedef struct ARMCPUInfo {
 static const ARMCPUInfo aarch64_cpus[] = {
 #ifdef CONFIG_USER_ONLY
 { .name = "any", .initfn = aarch64_any_initfn },
+#else
+/* TODO: Dummy CPU to avoid empty array. Fix when a real CPU is
added. */
+{ .name = "dummy",   .initfn = aarch64_dummy_initfn },
 #endif
 };

Of course, any other fix is also okay.

Cheers and Merry Christmas

Stefan

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Peter Maydell]

On 23 December 2013 13:32, Stefan Weil  wrote:
> Am 23.12.2013 13:59, schrieb Peter Maydell:
>> On 23 December 2013 12:50, Paolo Bonzini  wrote:
>>> Il 23/12/2013 13:37, Peter Maydell ha scritto:
 At a minimum, if we take this approach we should add TODO comments
 to the effect that the NULL terminator and the if() can be removed
 when the first real AArch64 CPU is added.

 I think I'd rather put the if (!info->name) continue into the function
 which is doing the looping over the array.
>>> Or just change the termination condition from a check on the array size
>>> to one on info->name.
>> That would take it out of line with the equivalent 32 bit ARM code
>> (and also moxie and openrisc for what little that's worth) and be
>> fractionally more tedious to revert later.

> What about adding a dummy CPU (which can be removed later)?

That would be user-visible, which seems a bad thing.
I agree that there aren't any fantastic solutions here;
I think something more or less like Michael's patch with
a TODO note so it's easy for me to take it out again when
I add an actual A57 emulation in a couple of months will
do. This is just a temporary thing since at the moment we
only support -cpu any for userspace and -cpu host for KVM.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Andreas Färber]

Am 23.12.2013 13:37, schrieb Peter Maydell:
> On 23 December 2013 11:56, Michael S. Tsirkin  wrote:
>> commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
>> "target-arm: A64: add set_pc cpu method"
>>
>> introduces an array aarch64_cpus which is zero
>> size if this code is built without CONFIG_USER_ONLY.
>> In particular an attempt to iterate over this array produces a warning:
>>
>>  CCaarch64-softmmu/target-arm/cpu64.o
>> /scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
>> /scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
>> expression < 0 is always false [-Werror=type-limits]
>>  for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
>>  ^
>> cc1: all warnings being treated as errors
>>
>> This is the result of ARRAY_SIZE being an unsigned type,
>> causing i to be promoted to unsigned int as well.
> 
> I guess this is a new gcc warning, since this all builds
> fine for me (gcc 4.6.3).

No problem noticed with 4.8.1 on today's master either.

>> As zero size arrays are a gcc extension, it seems
>> cleanest to add a dummy element with NULL name,
>> and test for it during registration.
>>
>> Cc: Alexander Graf 
>> Cc: Peter Maydell 
>> Cc: Richard Henderson 
>> Signed-off-by: Michael S. Tsirkin 
>> ---
>>
>> I have queued this in my tree since it prevents me from
>> being able to build and test properly.
>> Pls review and ack.
>>
>>  target-arm/cpu64.c | 5 +
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
>> index 04ce879..2efe189 100644
>> --- a/target-arm/cpu64.c
>> +++ b/target-arm/cpu64.c
>> @@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
>>  #ifdef CONFIG_USER_ONLY
>>  { .name = "any", .initfn = aarch64_any_initfn },
>>  #endif
>> +{ .name = NULL }
>>  };
>>
>>  static void aarch64_cpu_initfn(Object *obj)
>> @@ -100,6 +101,10 @@ static void aarch64_cpu_register(const ARMCPUInfo *info)
>>  .class_init = info->class_init,
>>  };
>>
>> +if (!info->name) {
>> +return;
>> +}
>> +
>>  type_info.name = g_strdup_printf("%s-" TYPE_ARM_CPU, info->name);
>>  type_register(&type_info);
>>  g_free((void *)type_info.name);
> 
> At a minimum, if we take this approach we should add TODO comments
> to the effect that the NULL terminator and the if() can be removed
> when the first real AArch64 CPU is added.
> 
> I think I'd rather put the if (!info->name) continue into the function
> which is doing the looping over the array.

While I share your sentiment wrt this workaround, what's the status of
getting a real 64-bit CPU applied? Isn't the Cortex-A57/A53 CPU
independent of whether we have all MPCore etc. pieces in place? That
would seem the most elegant solution to me, even if not "usable" yet.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [Qemu-ppc] [PATCH V4] kvm: Add a new machine property kvm-type

[Alexander Graf]

On Dec 20, 2013, at 11:55 AM, Alexander Graf  wrote:

> 
> On 19.12.2013, at 17:04, Aneesh Kumar K.V  
> wrote:
> 
>> From: "Aneesh Kumar K.V" 
>> 
>> Targets like ppc64 support different typed of KVM, one which use
>> hypervisor mode and the other which doesn't. Add a new machine
>> property kvm-type that helps in selecting the respective ones
>> We also add a new QEMUMachine callback get_vm_type that helps
>> in mapping the string representation of kvm type specified.
>> 
>> Signed-off-by: Aneesh Kumar K.V 
> 
> Thanks, applied to ppc-next.

This breaks compilation for ppc{,64}-linux-user. Please fix that up and submit 
a v5. I've taken this patch from my tree for now :).


Alex

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Peter Maydell]

On 23 December 2013 13:45, Andreas Färber  wrote:
> While I share your sentiment wrt this workaround, what's the status of
> getting a real 64-bit CPU applied? Isn't the Cortex-A57/A53 CPU
> independent of whether we have all MPCore etc. pieces in place? That
> would seem the most elegant solution to me, even if not "usable" yet.

It's next on my todo list after we get the usermode instruction
emulation wrapped up, so should be sometime in the next
few months, as part of the system emulation work.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 01:41:50PM +, Peter Maydell wrote:
> On 23 December 2013 13:32, Stefan Weil  wrote:
> > Am 23.12.2013 13:59, schrieb Peter Maydell:
> >> On 23 December 2013 12:50, Paolo Bonzini  wrote:
> >>> Il 23/12/2013 13:37, Peter Maydell ha scritto:
>  At a minimum, if we take this approach we should add TODO comments
>  to the effect that the NULL terminator and the if() can be removed
>  when the first real AArch64 CPU is added.
> 
>  I think I'd rather put the if (!info->name) continue into the function
>  which is doing the looping over the array.
> >>> Or just change the termination condition from a check on the array size
> >>> to one on info->name.
> >> That would take it out of line with the equivalent 32 bit ARM code
> >> (and also moxie and openrisc for what little that's worth) and be
> >> fractionally more tedious to revert later.
> 
> > What about adding a dummy CPU (which can be removed later)?
> 
> That would be user-visible, which seems a bad thing.
> I agree that there aren't any fantastic solutions here;
> I think something more or less like Michael's patch with
> a TODO note so it's easy for me to take it out again when
> I add an actual A57 emulation in a couple of months will
> do. This is just a temporary thing since at the moment we
> only support -cpu any for userspace and -cpu host for KVM.
> 
> thanks
> -- PMM

OK, ack my patch then? I'll add a comment
/* TODO: remove when we support more CPUs. */

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 12:37:41PM +, Peter Maydell wrote:
> On 23 December 2013 11:56, Michael S. Tsirkin  wrote:
> > commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
> > "target-arm: A64: add set_pc cpu method"
> >
> > introduces an array aarch64_cpus which is zero
> > size if this code is built without CONFIG_USER_ONLY.
> > In particular an attempt to iterate over this array produces a warning:
> >
> >  CCaarch64-softmmu/target-arm/cpu64.o
> > /scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
> > /scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
> > expression < 0 is always false [-Werror=type-limits]
> >  for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
> >  ^
> > cc1: all warnings being treated as errors
> >
> > This is the result of ARRAY_SIZE being an unsigned type,
> > causing i to be promoted to unsigned int as well.
> 
> I guess this is a new gcc warning, since this all builds
> fine for me (gcc 4.6.3).

I see this with gcc 4.8.2 on Fedora 19.

> > As zero size arrays are a gcc extension, it seems
> > cleanest to add a dummy element with NULL name,
> > and test for it during registration.
> >
> > Cc: Alexander Graf 
> > Cc: Peter Maydell 
> > Cc: Richard Henderson 
> > Signed-off-by: Michael S. Tsirkin 
> > ---
> >
> > I have queued this in my tree since it prevents me from
> > being able to build and test properly.
> > Pls review and ack.
> >
> >  target-arm/cpu64.c | 5 +
> >  1 file changed, 5 insertions(+)
> >
> > diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
> > index 04ce879..2efe189 100644
> > --- a/target-arm/cpu64.c
> > +++ b/target-arm/cpu64.c
> > @@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
> >  #ifdef CONFIG_USER_ONLY
> >  { .name = "any", .initfn = aarch64_any_initfn },
> >  #endif
> > +{ .name = NULL }
> >  };
> >
> >  static void aarch64_cpu_initfn(Object *obj)
> > @@ -100,6 +101,10 @@ static void aarch64_cpu_register(const ARMCPUInfo 
> > *info)
> >  .class_init = info->class_init,
> >  };
> >
> > +if (!info->name) {
> > +return;
> > +}
> > +
> >  type_info.name = g_strdup_printf("%s-" TYPE_ARM_CPU, info->name);
> >  type_register(&type_info);
> >  g_free((void *)type_info.name);
> 
> At a minimum, if we take this approach we should add TODO comments
> to the effect that the NULL terminator and the if() can be removed
> when the first real AArch64 CPU is added.
> 
> I think I'd rather put the if (!info->name) continue into the function
> which is doing the looping over the array.
> 
> thanks
> -- PMM

Re: [Qemu-devel] [PATCH] target-arm: fix build on fedora

[Peter Maydell]

On 23 December 2013 14:15, Michael S. Tsirkin  wrote:
> OK, ack my patch then? I'll add a comment
> /* TODO: remove when we support more CPUs. */

Post an updated patch (with TODO comments in both
places) and I'll ack it.

thanks
-- PMM

[Qemu-devel] [PATCH v2] target-arm: fix build with gcc 4.8.2

[Michael S. Tsirkin]

commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
"target-arm: A64: add set_pc cpu method"

introduces an array aarch64_cpus which is zero
size if this code is built without CONFIG_USER_ONLY.
In particular an attempt to iterate over this array produces a warning
under gcc 4.8.2:

 CCaarch64-softmmu/target-arm/cpu64.o
/scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
/scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
expression < 0 is always false [-Werror=type-limits]
 for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
 ^
cc1: all warnings being treated as errors

This is the result of ARRAY_SIZE being an unsigned type,
causing "i" to be promoted to unsigned int as well.

As zero size arrays are a gcc extension, it seems
cleanest to add a dummy element with NULL name,
and test for it during registration.

We'll be able to drop this when we add more CPUs.

Cc: Alexander Graf 
Cc: Peter Maydell 
Cc: Richard Henderson 
Signed-off-by: Michael S. Tsirkin 
---

Changes from v1:
added a TODO so we remember why the extra line is here.

 target-arm/cpu64.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
index 04ce879..a9d6939 100644
--- a/target-arm/cpu64.c
+++ b/target-arm/cpu64.c
@@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
 #ifdef CONFIG_USER_ONLY
 { .name = "any", .initfn = aarch64_any_initfn },
 #endif
+{ .name = NULL } /* TODO: drop when we support more CPUs */
 };
 
 static void aarch64_cpu_initfn(Object *obj)
@@ -100,6 +101,10 @@ static void aarch64_cpu_register(const ARMCPUInfo *info)
 .class_init = info->class_init,
 };
 
+if (!info->name) {
+return;
+}
+
 type_info.name = g_strdup_printf("%s-" TYPE_ARM_CPU, info->name);
 type_register(&type_info);
 g_free((void *)type_info.name);
-- 
MST

Re: [Qemu-devel] [PATCH v2] target-arm: fix build with gcc 4.8.2

[Peter Maydell]

On 23 December 2013 14:24, Michael S. Tsirkin  wrote:
> Changes from v1:
> added a TODO so we remember why the extra line is here.
>
>  target-arm/cpu64.c | 5 +
>  1 file changed, 5 insertions(+)
>
> diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
> index 04ce879..a9d6939 100644
> --- a/target-arm/cpu64.c
> +++ b/target-arm/cpu64.c
> @@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
>  #ifdef CONFIG_USER_ONLY
>  { .name = "any", .initfn = aarch64_any_initfn },
>  #endif
> +{ .name = NULL } /* TODO: drop when we support more CPUs */
>  };
>
>  static void aarch64_cpu_initfn(Object *obj)
> @@ -100,6 +101,10 @@ static void aarch64_cpu_register(const ARMCPUInfo *info)
>  .class_init = info->class_init,
>  };
>
> +if (!info->name) {
> +return;
> +}

I said TODOs in both places, please, especially since this
is the one most likely to be overlooked.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 1/2] cputlb: Use memset when flushing entries

[Andreas Färber]

Am 22.12.2013 19:04, schrieb Aurelien Jarno:
> On Sat, Dec 07, 2013 at 10:44:51AM +1300, Richard Henderson wrote:
>> The size of tlb_table is 4k on a 64-bit host.  For overwriting
>> memory at this size, cacheline tricks can help.
>>
>> Signed-off-by: Richard Henderson 
>> ---
>>  cputlb.c | 19 ++-
>>  1 file changed, 2 insertions(+), 17 deletions(-)
[...]
> 
> Reviewed-by: Aurelien Jarno 

Don't spot a matching cover letter - thanks, applied both to qom-cpu:
https://github.com/afaerber/qemu-cpu/commits/qom-cpu

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH 09/11] ACPI: move PRST OperationRegion into SSDT

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 02:06:27PM +0100, Igor Mammedov wrote:
> On Mon, 23 Dec 2013 13:26:37 +0200
> "Michael S. Tsirkin"  wrote:
> 
> > On Sun, Dec 22, 2013 at 03:51:28PM +0100, Igor Mammedov wrote:
> > > On Mon, 16 Dec 2013 21:53:07 +0200
> > > "Michael S. Tsirkin"  wrote:
> > > 
> > > > On Fri, Dec 13, 2013 at 05:22:14PM +0100, Igor Mammedov wrote:
> > > > > .. and report range used by it to OSPM via _CRS.
> > > > > PRST is needed in SSDT since its base will depend on
> > > > > chipset and will be dynamically set by QEMU.
> > > > > Also move PRSC() method along with PRST since cross
> > > > > table reference to PRST doesn't work.
> > > > > 
> > > > > Signed-off-by: Igor Mammedov 
> > > > > ---
> > > > >  hw/i386/acpi-dsdt-cpu-hotplug.dsl | 39 +--
> > > > >  hw/i386/acpi-dsdt.dsl |  2 +-
> > > > >  hw/i386/q35-acpi-dsdt.dsl |  2 +-
> > > > >  hw/i386/ssdt-misc.dsl | 65 
> > > > > +++
> > > > >  4 files changed, 68 insertions(+), 40 deletions(-)
> > > > > 
> > > > > diff --git a/hw/i386/acpi-dsdt-cpu-hotplug.dsl 
> > > > > b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > index 995b415..f26f81b 100644
> > > > > --- a/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > +++ b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > @@ -20,6 +20,7 @@
> > > > >  Scope(\_SB) {
> > > > >  /* Objects filled in by run-time generated SSDT */
> > > > >  External(NTFY, MethodObj)
> > > > > +External(\_SB.CPHD.PRSC, MethodObj)
> > > > >  External(CPON, PkgObj)
> > > > >  
> > > > >  /* Methods called by run-time generated SSDT Processor objects */
> > > > > @@ -51,42 +52,4 @@ Scope(\_SB) {
> > > > >  // _EJ0 method - eject callback
> > > > >  Sleep(200)
> > > > >  }
> > > > > -
> > > > > -OperationRegion(PRST, SystemIO, 0xaf00, 32)
> > > > > -Field(PRST, ByteAcc, NoLock, Preserve) {
> > > > > -PRS, 256
> > > > > -}
> > > > > -Method(PRSC, 0) {
> > > > > -// Local5 = active cpu bitmap
> > > > > -Store(PRS, Local5)
> > > > > -// Local2 = last read byte from bitmap
> > > > > -Store(Zero, Local2)
> > > > > -// Local0 = Processor ID / APIC ID iterator
> > > > > -Store(Zero, Local0)
> > > > > -While (LLess(Local0, SizeOf(CPON))) {
> > > > > -// Local1 = CPON flag for this cpu
> > > > > -Store(DerefOf(Index(CPON, Local0)), Local1)
> > > > > -If (And(Local0, 0x07)) {
> > > > > -// Shift down previously read bitmap byte
> > > > > -ShiftRight(Local2, 1, Local2)
> > > > > -} Else {
> > > > > -// Read next byte from cpu bitmap
> > > > > -Store(DerefOf(Index(Local5, ShiftRight(Local0, 3))), 
> > > > > Local2)
> > > > > -}
> > > > > -// Local3 = active state for this cpu
> > > > > -Store(And(Local2, 1), Local3)
> > > > > -
> > > > > -If (LNotEqual(Local1, Local3)) {
> > > > > -// State change - update CPON with new state
> > > > > -Store(Local3, Index(CPON, Local0))
> > > > > -// Do CPU notify
> > > > > -If (LEqual(Local3, 1)) {
> > > > > -NTFY(Local0, 1)
> > > > > -} Else {
> > > > > -NTFY(Local0, 3)
> > > > > -}
> > > > > -}
> > > > > -Increment(Local0)
> > > > > -}
> > > > > -}
> > > > >  }
> > > > > diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
> > > > > index 90efce0..fa9f2d4 100644
> > > > > --- a/hw/i386/acpi-dsdt.dsl
> > > > > +++ b/hw/i386/acpi-dsdt.dsl
> > > > > @@ -311,7 +311,7 @@ DefinitionBlock (
> > > > >  }
> > > > >  Method(_E02) {
> > > > >  // CPU hotplug event
> > > > > -\_SB.PRSC()
> > > > > +\_SB.CPHD.PRSC()
> > > > >  }
> > > > >  Method(_L03) {
> > > > >  }
> > > > > diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
> > > > > index 22baa58..9ccc543 100644
> > > > > --- a/hw/i386/q35-acpi-dsdt.dsl
> > > > > +++ b/hw/i386/q35-acpi-dsdt.dsl
> > > > > @@ -420,7 +420,7 @@ DefinitionBlock (
> > > > >  }
> > > > >  Method(_E02) {
> > > > >  // CPU hotplug event
> > > > > -\_SB.PRSC()
> > > > > +\_SB.CPHD.PRSC()
> > > > >  }
> > > > >  Method(_L03) {
> > > > >  }
> > > > > diff --git a/hw/i386/ssdt-misc.dsl b/hw/i386/ssdt-misc.dsl
> > > > > index a4484b8..ec8893c 100644
> > > > > --- a/hw/i386/ssdt-misc.dsl
> > > > > +++ b/hw/i386/ssdt-misc.dsl
> > > > > @@ -116,4 +116,69 @@ DefinitionBlock ("ssdt-misc.aml", "SSDT", 0x01, 
> > > > > "BXPC", "BXSSDTSUSP", 0x1)
> > > > >  }
> > > > >  }
> > > > >  }
> > > > > +Scope(\_SB) {
> > > > > +External(NTFY, MethodObj)
> > > > > +External(CPON, PkgO

[Qemu-devel] [PATCH v3] target-arm: fix build with gcc 4.8.2

[Michael S. Tsirkin]

commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
"target-arm: A64: add set_pc cpu method"

introduces an array aarch64_cpus which is zero
size if this code is built without CONFIG_USER_ONLY.
In particular an attempt to iterate over this array produces a warning
under gcc 4.8.2:

 CCaarch64-softmmu/target-arm/cpu64.o
/scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
/scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
expression < 0 is always false [-Werror=type-limits]
 for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
 ^
cc1: all warnings being treated as errors

This is the result of ARRAY_SIZE being an unsigned type,
causing "i" to be promoted to unsigned int as well.

As zero size arrays are a gcc extension, it seems
cleanest to add a dummy element with NULL name,
and test for it during registration.

We'll be able to drop this when we add more CPUs.

Cc: Alexander Graf 
Cc: Peter Maydell 
Cc: Richard Henderson 
Signed-off-by: Michael S. Tsirkin 
---
changes from v2:
add more comments
changes from v1:
add a comment

 target-arm/cpu64.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
index 04ce879..60acd24 100644
--- a/target-arm/cpu64.c
+++ b/target-arm/cpu64.c
@@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
 #ifdef CONFIG_USER_ONLY
 { .name = "any", .initfn = aarch64_any_initfn },
 #endif
+{ .name = NULL } /* TODO: drop when we support more CPUs */
 };
 
 static void aarch64_cpu_initfn(Object *obj)
@@ -100,6 +101,11 @@ static void aarch64_cpu_register(const ARMCPUInfo *info)
 .class_init = info->class_init,
 };
 
+/* TODO: drop when we support more CPUs - all entries will have name set */
+if (!info->name) {
+return;
+}
+
 type_info.name = g_strdup_printf("%s-" TYPE_ARM_CPU, info->name);
 type_register(&type_info);
 g_free((void *)type_info.name);
-- 
MST

Re: [Qemu-devel] [PATCH v3] target-arm: fix build with gcc 4.8.2

[Stefan Weil]

Am 23.12.2013 15:52, schrieb Michael S. Tsirkin:
> commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
> "target-arm: A64: add set_pc cpu method"
>
> introduces an array aarch64_cpus which is zero
> size if this code is built without CONFIG_USER_ONLY.
> In particular an attempt to iterate over this array produces a warning
> under gcc 4.8.2:
>
>  CCaarch64-softmmu/target-arm/cpu64.o
> /scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
> /scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
> expression < 0 is always false [-Werror=type-limits]
>  for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
>  ^
> cc1: all warnings being treated as errors
>
> This is the result of ARRAY_SIZE being an unsigned type,
> causing "i" to be promoted to unsigned int as well.
>
> As zero size arrays are a gcc extension, it seems
> cleanest to add a dummy element with NULL name,
> and test for it during registration.
>
> We'll be able to drop this when we add more CPUs.
>
> Cc: Alexander Graf 
> Cc: Peter Maydell 
> Cc: Richard Henderson 
> Signed-off-by: Michael S. Tsirkin 
> ---
> changes from v2:
> add more comments
> changes from v1:
> add a comment
>
>  target-arm/cpu64.c | 6 ++
>  1 file changed, 6 insertions(+)
>
> diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
> index 04ce879..60acd24 100644
> --- a/target-arm/cpu64.c
> +++ b/target-arm/cpu64.c
> @@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
>  #ifdef CONFIG_USER_ONLY
>  { .name = "any", .initfn = aarch64_any_initfn },
>  #endif
> +{ .name = NULL } /* TODO: drop when we support more CPUs */
>  };
>  
>  static void aarch64_cpu_initfn(Object *obj)
> @@ -100,6 +101,11 @@ static void aarch64_cpu_register(const ARMCPUInfo *info)
>  .class_init = info->class_init,
>  };
>  
> +/* TODO: drop when we support more CPUs - all entries will have name set 
> */
> +if (!info->name) {
> +return;
> +}
> +
>  type_info.name = g_strdup_printf("%s-" TYPE_ARM_CPU, info->name);
>  type_register(&type_info);
>  g_free((void *)type_info.name);

Reviewed-by: Stefan Weil 

Re: [Qemu-devel] [PATCH v2 0/3] acpi unit-test: compare resulting aml vs expected aml

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 02:18:47PM +0200, Marcel Apfelbaum wrote:
> On Mon, 2013-12-23 at 14:02 +0200, Michael S. Tsirkin wrote:
> > On Mon, Dec 23, 2013 at 12:13:23PM +0200, Marcel Apfelbaum wrote:
> > > The test:
> > >  - runs only if iasl is installed on the host machine.
> > >  - the test plan:
> > >1. Dumps the ACPI tables as AML on the disk.
> > >2. Runs iasl to disassembly the tables into ASL files.
> > >3. Runs iasl to disassembly the offline AML files.
> > >3. Compares them with expected offline ASL files.
> > >  - the test runs for both default machine and q35.
> > 
> > Looks good to me overall.
> > One thing I'd like to ask is that you add a script to
> > run after ACPI tables are updated.
> > It could update both pre-generated hex files and the
> > expected files.
> I don't think that I understand, what is the script's
> purpose?

Update aml in git after we make source changes.

> > 
> > >  - in case the test fails, it can be easily tweaked to
> > >show the differences between the ASL files and
> > >understand the issue.
> > 
> > How exactly does it need to be tweaked?
> Instead of the assert that is failing when the asl files
> are not the same, one could print them to console.
> Another thing that can be done is to print to
> console the  dumped asl file names and manually do the diff.
> 
> Thanks,
> Marcel

Can this be done automatically e.g. before the assert?
Alternatively add a comment so people know what to do
and where.

> > 
> > > Patches:
> > >  1/3 - expected aml files
> > >  2/3 - creates links for the expected files
> > >if the build directory is not current
> > >  3/3 - the test
> > > Marcel Apfelbaum (3):
> > >   acpi unit-test: add test files
> > >   configure: added acpi unit-test files
> > >   acpi unit-test: compare DSDT and SSDT tables against expected values
> > > 
> > >  configure |   4 +
> > >  tests/acpi-test-data/pc/APIC  | Bin 0 -> 120 bytes
> > >  tests/acpi-test-data/pc/DSDT  | Bin 0 -> 4407 bytes
> > >  tests/acpi-test-data/pc/FACP  | Bin 0 -> 116 bytes
> > >  tests/acpi-test-data/pc/FACS  | Bin 0 -> 64 bytes
> > >  tests/acpi-test-data/pc/HPET  | Bin 0 -> 56 bytes
> > >  tests/acpi-test-data/pc/SSDT  | Bin 0 -> 2104 bytes
> > >  tests/acpi-test-data/q35/APIC | Bin 0 -> 120 bytes
> > >  tests/acpi-test-data/q35/DSDT | Bin 0 -> 7344 bytes
> > >  tests/acpi-test-data/q35/FACP | Bin 0 -> 116 bytes
> > >  tests/acpi-test-data/q35/FACS | Bin 0 -> 64 bytes
> > >  tests/acpi-test-data/q35/HPET | Bin 0 -> 56 bytes
> > >  tests/acpi-test-data/q35/MCFG | Bin 0 -> 60 bytes
> > >  tests/acpi-test-data/q35/SSDT | Bin 0 -> 2104 bytes
> > >  tests/acpi-test.c | 257 
> > > ++
> > >  15 files changed, 240 insertions(+), 21 deletions(-)
> > >  create mode 100644 tests/acpi-test-data/pc/APIC
> > >  create mode 100644 tests/acpi-test-data/pc/DSDT
> > >  create mode 100644 tests/acpi-test-data/pc/FACP
> > >  create mode 100644 tests/acpi-test-data/pc/FACS
> > >  create mode 100644 tests/acpi-test-data/pc/HPET
> > >  create mode 100644 tests/acpi-test-data/pc/SSDT
> > >  create mode 100644 tests/acpi-test-data/q35/APIC
> > >  create mode 100644 tests/acpi-test-data/q35/DSDT
> > >  create mode 100644 tests/acpi-test-data/q35/FACP
> > >  create mode 100644 tests/acpi-test-data/q35/FACS
> > >  create mode 100644 tests/acpi-test-data/q35/HPET
> > >  create mode 100644 tests/acpi-test-data/q35/MCFG
> > >  create mode 100644 tests/acpi-test-data/q35/SSDT
> > > 
> > > -- 
> > > 1.8.3.1
> 
> 

Re: [Qemu-devel] [PATCH v3] target-arm: fix build with gcc 4.8.2

[Peter Maydell]

On 23 December 2013 14:52, Michael S. Tsirkin  wrote:
> commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
> "target-arm: A64: add set_pc cpu method"
>
> introduces an array aarch64_cpus which is zero
> size if this code is built without CONFIG_USER_ONLY.
> In particular an attempt to iterate over this array produces a warning
> under gcc 4.8.2:
>
>  CCaarch64-softmmu/target-arm/cpu64.o
> /scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
> /scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
> expression < 0 is always false [-Werror=type-limits]
>  for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
>  ^
> cc1: all warnings being treated as errors
>
> This is the result of ARRAY_SIZE being an unsigned type,
> causing "i" to be promoted to unsigned int as well.
>
> As zero size arrays are a gcc extension, it seems
> cleanest to add a dummy element with NULL name,
> and test for it during registration.
>
> We'll be able to drop this when we add more CPUs.
>
> Cc: Alexander Graf 
> Cc: Peter Maydell 
> Cc: Richard Henderson 
> Signed-off-by: Michael S. Tsirkin 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 3/3] acpi unit-test: compare DSDT and SSDT tables against expected values

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 02:22:38PM +0200, Marcel Apfelbaum wrote:
> On Mon, 2013-12-23 at 14:06 +0200, Michael S. Tsirkin wrote:
> > On Mon, Dec 23, 2013 at 12:13:26PM +0200, Marcel Apfelbaum wrote:
> > > This test will run only if iasl is installed on the host machine.
> > > The test plan:
> > >  1. Dumps the ACPI tables as AML on the disk.
> > >  2. Runs iasl to disassembly the tables into ASL files.
> > >  3. Runs iasl to disassembly the offline AML files into ASL files.
> > >  4. Compares the ASL files.
> > > 
> > > The test runs for both default machine and q35.
> > > In case the test fails, it can be easily tweaked to
> > > show the differences between the ASL files and
> > > understand the issue.
> > > 
> > > Signed-off-by: Marcel Apfelbaum 
> > > ---
> > >  tests/acpi-test.c | 257 
> > > +-
> > >  1 file changed, 236 insertions(+), 21 deletions(-)
> > > 
> > > diff --git a/tests/acpi-test.c b/tests/acpi-test.c
> > > index ca83b1d..4f0cca6 100644
> > > --- a/tests/acpi-test.c
> > > +++ b/tests/acpi-test.c
> > > @@ -18,14 +18,22 @@
> > >  #include "qemu/compiler.h"
> > >  #include "hw/i386/acpi-defs.h"
> > >  
> > > +#define MACHINE_PC "pc"
> > > +#define MACHINE_Q35 "q35"
> > > +
> > >  /* DSDT and SSDTs format */
> > >  typedef struct {
> > >  AcpiTableHeader header;
> > > -uint8_t *aml;
> > > -int aml_len;
> > > -} AcpiSdtTable;
> > > +gchar *aml;/* aml bytecode from guest */
> > > +gsize aml_len;
> > > +gchar *aml_file;
> > > +gchar *asl;/* asl code generated from aml */
> > > +gsize asl_len;
> > > +gchar *asl_file;
> > > +} QEMU_PACKED AcpiSdtTable;
> > >  
> > >  typedef struct {
> > > +const char *machine;
> > >  uint32_t rsdp_addr;
> > >  AcpiRsdpDescriptor rsdp_table;
> > >  AcpiRsdtDescriptorRev1 rsdt_table;
> > > @@ -33,8 +41,7 @@ typedef struct {
> > >  AcpiFacsDescriptorRev1 facs_table;
> > >  uint32_t *rsdt_tables_addr;
> > >  int rsdt_tables_nr;
> > > -AcpiSdtTable dsdt_table;
> > > -GArray *ssdt_tables;
> > > +GArray *ssdt_tables; /* first is DSDT */
> > >  } test_data;
> > >  
> > >  #define LOW(x) ((x) & 0xff)
> > > @@ -91,8 +98,10 @@ typedef struct {
> > >  
> > >  /* Boot sector code: write SIGNATURE into memory,
> > >   * then halt.
> > > + * Q35 machine requires a minimum 0x7e000 bytes disk.
> > > + * (bug or feature?)
> > >   */
> > > -static uint8_t boot_sector[0x200] = {
> > > +static uint8_t boot_sector[0x7e000] = {
> > >  /* 7c00: mov $0xdead,%ax */
> > >  [0x00] = 0xb8,
> > >  [0x01] = LOW(SIGNATURE),
> > > @@ -117,17 +126,40 @@ static uint8_t boot_sector[0x200] = {
> > >  };
> > >  
> > >  static const char *disk = "tests/acpi-test-disk.raw";
> > > +static const char *data_dir = "tests/acpi-test-data";
> > >  
> > >  static void free_test_data(test_data *data)
> > >  {
> > > +AcpiSdtTable *temp;
> > >  int i;
> > >  
> > > -g_free(data->rsdt_tables_addr);
> > > +if (data->rsdt_tables_addr) {
> > > +g_free(data->rsdt_tables_addr);
> > > +}
> > > +
> > >  for (i = 0; i < data->ssdt_tables->len; ++i) {
> > > -g_free(g_array_index(data->ssdt_tables, AcpiSdtTable, i).aml);
> > > +temp = &g_array_index(data->ssdt_tables, AcpiSdtTable, i);
> > > +if (temp->aml) {
> > > +g_free(temp->aml);
> > > +}
> > > +if (temp->aml_file) {
> > > +if (g_strstr_len(temp->aml_file, -1, "aml-")) {
> > > +unlink(temp->aml_file);
> > > +}
> > > +g_free(temp->aml_file);
> > > +}
> > > +if (temp->asl) {
> > > +g_free(temp->asl);
> > > +}
> > > +if (temp->asl_file) {
> > > +if (g_strstr_len(temp->asl_file, -1, "asl-")) {
> > > +unlink(temp->asl_file);
> > > +}
> > > +g_free(temp->asl_file);
> > > +}
> > >  }
> > > +
> > >  g_array_free(data->ssdt_tables, false);
> > > -g_free(data->dsdt_table.aml);
> > >  }
> > >  
> > >  static uint8_t acpi_checksum(const uint8_t *data, int len)
> > > @@ -292,34 +324,203 @@ static void test_dst_table(AcpiSdtTable 
> > > *sdt_table, uint32_t addr)
> > >  ACPI_READ_ARRAY_PTR(sdt_table->aml, sdt_table->aml_len, addr);
> > >  
> > >  checksum = acpi_checksum((uint8_t *)sdt_table, 
> > > sizeof(AcpiTableHeader)) +
> > > -   acpi_checksum(sdt_table->aml, sdt_table->aml_len);
> > > +   acpi_checksum((uint8_t *)sdt_table->aml, 
> > > sdt_table->aml_len);
> > >  g_assert(!checksum);
> > >  }
> > >  
> > >  static void test_acpi_dsdt_table(test_data *data)
> > >  {
> > > -AcpiSdtTable *dsdt_table = &data->dsdt_table;
> > > +AcpiSdtTable dsdt_table;
> > >  uint32_t addr = data->fadt_table.dsdt;
> > >  
> > > -test_dst_table(dsdt_table, addr);
> > > -g_assert_cmphex(dsdt_table->header.signature, ==, 
> > > ACPI_DSDT

Re: [Qemu-devel] [RFC qom-next v5 1/8] x86: move apic_state field from CPUX86State to X86CPU

[Andreas Färber]

Am 23.12.2013 10:04, schrieb Chen Fan:
> This motion is preparing for refactoring vCPU apic subsequently.
> 
> Signed-off-by: Chen Fan 
> ---
>  cpu-exec.c|  2 +-
>  cpus.c|  5 ++---
>  hw/i386/kvmvapic.c|  8 +++-
>  hw/i386/pc.c  | 17 -
>  target-i386/cpu-qom.h |  4 
>  target-i386/cpu.c | 22 ++
>  target-i386/cpu.h |  4 
>  target-i386/helper.c  |  9 -
>  target-i386/kvm.c | 23 ++-
>  target-i386/misc_helper.c |  8 
>  10 files changed, 46 insertions(+), 56 deletions(-)
> 
> diff --git a/cpu-exec.c b/cpu-exec.c
> index 30cfa2a..2711c58 100644
> --- a/cpu-exec.c
> +++ b/cpu-exec.c
> @@ -320,7 +320,7 @@ int cpu_exec(CPUArchState *env)
>  #if !defined(CONFIG_USER_ONLY)
>  if (interrupt_request & CPU_INTERRUPT_POLL) {
>  cpu->interrupt_request &= ~CPU_INTERRUPT_POLL;
> -apic_poll_irq(env->apic_state);
> +apic_poll_irq(x86_env_get_cpu(env)->apic_state);

These are starting to become too many inline usages inside that double
loop, I'll look into providing a follow-up patch to clean this up.

>  }
>  #endif
>  if (interrupt_request & CPU_INTERRUPT_INIT) {
[...]
> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
> index e9831ca..d000995 100644
> --- a/hw/i386/pc.c
> +++ b/hw/i386/pc.c
> @@ -172,13 +172,14 @@ void cpu_smm_update(CPUX86State *env)
>  int cpu_get_pic_interrupt(CPUX86State *env)
>  {
>  int intno;
> +X86CPU *cpu = x86_env_get_cpu(env);

I've swapped these two lines to keep cpu and env close together, with a
view to a function argument type change.

>  
> -intno = apic_get_interrupt(env->apic_state);
> +intno = apic_get_interrupt(cpu->apic_state);
>  if (intno >= 0) {
>  return intno;
>  }
>  /* read the irq from the PIC */
> -if (!apic_accept_pic_intr(env->apic_state)) {
> +if (!apic_accept_pic_intr(cpu->apic_state)) {
>  return -1;
>  }
>  
[...]
> diff --git a/target-i386/cpu-qom.h b/target-i386/cpu-qom.h
> index f4fab15..775c82d 100644
> --- a/target-i386/cpu-qom.h
> +++ b/target-i386/cpu-qom.h
> @@ -66,6 +66,10 @@ typedef struct X86CPU {
>  
>  CPUX86State env;
>  
> +/* in order to simplify APIC support, we leave this pointer to the
> +   user */
> +struct DeviceState *apic_state;

Moving this further down since used as a child<> property, with a view
to refactoring this further into a non-pointer field.

> +
>  bool hyperv_vapic;
>  bool hyperv_relaxed_timing;
>  int hyperv_spinlock_attempts;
[...]
> diff --git a/target-i386/helper.c b/target-i386/helper.c
> index 7c196ff..f2e76ad 100644
> --- a/target-i386/helper.c
> +++ b/target-i386/helper.c
> @@ -1248,7 +1248,8 @@ void cpu_report_tpr_access(CPUX86State *env, TPRAccess 
> access)
>  } else {
>  cpu_restore_state(env, env->mem_io_pc);
>  
> -apic_handle_tpr_access_report(env->apic_state, env->eip, access);
> +apic_handle_tpr_access_report(x86_env_get_cpu(env)->apic_state,
> +  env->eip, access);
>  }
>  }
>  #endif /* !CONFIG_USER_ONLY */
[snip]

Since we would now be using x86_env_get_cpu() in both arms of 'if' (and
tpr_access_type being another candidate for a field movement), I'm
changing this as follows:

diff --git a/target-i386/helper.c b/target-i386/helper.c
index f2e76ad..8132ca8 100644
--- a/target-i386/helper.c
+++ b/target-i386/helper.c
@@ -1241,15 +1241,16 @@ void cpu_x86_inject_mce(Monitor *mon, X86CPU
*cpu, int bank,

 void cpu_report_tpr_access(CPUX86State *env, TPRAccess access)
 {
+X86CPU *cpu = x86_env_get_cpu(env);
+
 if (kvm_enabled()) {
 env->tpr_access_type = access;

-cpu_interrupt(CPU(x86_env_get_cpu(env)), CPU_INTERRUPT_TPR);
+cpu_interrupt(CPU(cpu), CPU_INTERRUPT_TPR);
 } else {
 cpu_restore_state(env, env->mem_io_pc);

-apic_handle_tpr_access_report(x86_env_get_cpu(env)->apic_state,
-  env->eip, access);
+apic_handle_tpr_access_report(cpu->apic_state, env->eip, access);
 }
 }
 #endif /* !CONFIG_USER_ONLY */


Despite this still being an RFC, this patch is a really nice cleanup
contribution, so I'm applying this to qom-cpu already with the
above-mentioned modifications:
https://github.com/afaerber/qemu-cpu/commits/qom-cpu

Thanks,
Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

[Qemu-devel] [PATCH -V5] kvm: Add a new machine property kvm-type

[Aneesh Kumar K.V]

From: "Aneesh Kumar K.V" 

Targets like ppc64 support different typed of KVM, one which use
hypervisor mode and the other which doesn't. Add a new machine
property kvm-type that helps in selecting the respective ones
We also add a new QEMUMachine callback get_vm_type that helps
in mapping the string representation of kvm type specified.

Signed-off-by: Aneesh Kumar K.V 
---
Changes from V4:
* Fix build failure for ppc{,64}-linux-user

 hw/ppc/spapr.c | 19 +++
 include/hw/boards.h|  3 +++
 include/hw/xen/xen.h   |  3 ++-
 include/sysemu/kvm.h   |  4 ++--
 include/sysemu/qtest.h |  3 ++-
 kvm-all.c  | 16 +---
 kvm-stub.c |  3 ++-
 qtest.c|  2 +-
 vl.c   | 14 +-
 xen-all.c  |  2 +-
 xen-stub.c |  2 +-
 11 files changed, 55 insertions(+), 16 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 7e53a5f97781..267a47d6cc4d 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1357,6 +1357,24 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
 assert(spapr->fdt_skel != NULL);
 }
 
+static int spapr_kvm_type(const char *vm_type)
+{
+if (!vm_type) {
+return 0;
+}
+
+if (!strcmp(vm_type, "HV")) {
+return 1;
+}
+
+if (!strcmp(vm_type, "PR")) {
+return 2;
+}
+
+hw_error("Unknown kvm-type specified '%s'", vm_type);
+exit(1);
+}
+
 static QEMUMachine spapr_machine = {
 .name = "pseries",
 .desc = "pSeries Logical Partition (PAPR compliant)",
@@ -1367,6 +1385,7 @@ static QEMUMachine spapr_machine = {
 .max_cpus = MAX_CPUS,
 .no_parallel = 1,
 .default_boot_order = NULL,
+.kvm_type = spapr_kvm_type,
 };
 
 static void spapr_machine_init(void)
diff --git a/include/hw/boards.h b/include/hw/boards.h
index 2151460f9ec4..89eb6651e2c7 100644
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -24,6 +24,8 @@ typedef void QEMUMachineResetFunc(void);
 
 typedef void QEMUMachineHotAddCPUFunc(const int64_t id, Error **errp);
 
+typedef int QEMUMachineGetKvmtypeFunc(const char *arg);
+
 struct QEMUMachine {
 const char *name;
 const char *alias;
@@ -31,6 +33,7 @@ struct QEMUMachine {
 QEMUMachineInitFunc *init;
 QEMUMachineResetFunc *reset;
 QEMUMachineHotAddCPUFunc *hot_add_cpu;
+QEMUMachineGetKvmtypeFunc *kvm_type;
 BlockInterfaceType block_default_type;
 int max_cpus;
 unsigned int no_serial:1,
diff --git a/include/hw/xen/xen.h b/include/hw/xen/xen.h
index e1f88bf9cf8f..acc3d74c0911 100644
--- a/include/hw/xen/xen.h
+++ b/include/hw/xen/xen.h
@@ -36,7 +36,8 @@ void xen_cmos_set_s3_resume(void *opaque, int irq, int level);
 
 qemu_irq *xen_interrupt_controller_init(void);
 
-int xen_init(void);
+typedef struct QEMUMachine QEMUMachine;
+int xen_init(QEMUMachine *machine);
 int xen_hvm_init(MemoryRegion **ram_memory);
 void xenstore_store_pv_console_info(int i, struct CharDriverState *chr);
 
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 3b25f27a7cc5..400a2682923e 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -151,8 +151,8 @@ typedef struct KVMState KVMState;
 extern KVMState *kvm_state;
 
 /* external API */
-
-int kvm_init(void);
+typedef struct QEMUMachine QEMUMachine;
+int kvm_init(QEMUMachine *machine);
 
 int kvm_has_sync_mmu(void);
 int kvm_has_vcpu_events(void);
diff --git a/include/sysemu/qtest.h b/include/sysemu/qtest.h
index 112a661ac4b0..7185174a39b2 100644
--- a/include/sysemu/qtest.h
+++ b/include/sysemu/qtest.h
@@ -23,7 +23,8 @@ static inline bool qtest_enabled(void)
 return qtest_allowed;
 }
 
-int qtest_init_accel(void);
+typedef struct QEMUMachine QEMUMachine;
+int qtest_init_accel(QEMUMachine *machine);
 void qtest_init(const char *qtest_chrdev, const char *qtest_log);
 
 static inline int qtest_available(void)
diff --git a/kvm-all.c b/kvm-all.c
index 393775459d9f..57472804fe44 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -35,6 +35,8 @@
 #include "qemu/event_notifier.h"
 #include "trace.h"
 
+#include "hw/boards.h"
+
 /* This check must be after config-host.h is included */
 #ifdef CONFIG_EVENTFD
 #include 
@@ -1352,7 +1354,7 @@ static int kvm_max_vcpus(KVMState *s)
 return (ret) ? ret : kvm_recommended_vcpus(s);
 }
 
-int kvm_init(void)
+int kvm_init(QEMUMachine *machine)
 {
 static const char upgrade_note[] =
 "Please upgrade to at least kernel 2.6.29 or recent kvm-kmod\n"
@@ -1369,7 +1371,8 @@ int kvm_init(void)
 KVMState *s;
 const KVMCapabilityInfo *missing_cap;
 int ret;
-int i;
+int i, type = 0;
+const char *kvm_type;
 
 s = g_malloc0(sizeof(KVMState));
 
@@ -1442,7 +1445,14 @@ int kvm_init(void)
 nc++;
 }
 
-s->vmfd = kvm_ioctl(s, KVM_CREATE_VM, 0);
+kvm_type = qemu_opt_get(qemu_get_machine_opts(), "kvm-type");
+if (machine->kvm_type) {
+type = machine->kvm_type(kvm_type);
+} else if (kvm_type) {
+fprintf(stderr, "Inval

Re: [Qemu-devel] [Qemu-ppc] [PATCH V4] kvm: Add a new machine property kvm-type

[Aneesh Kumar K.V]

Alexander Graf  writes:

> On Dec 20, 2013, at 11:55 AM, Alexander Graf  wrote:
>
>> 
>> On 19.12.2013, at 17:04, Aneesh Kumar K.V  
>> wrote:
>> 
>>> From: "Aneesh Kumar K.V" 
>>> 
>>> Targets like ppc64 support different typed of KVM, one which use
>>> hypervisor mode and the other which doesn't. Add a new machine
>>> property kvm-type that helps in selecting the respective ones
>>> We also add a new QEMUMachine callback get_vm_type that helps
>>> in mapping the string representation of kvm type specified.
>>> 
>>> Signed-off-by: Aneesh Kumar K.V 
>> 
>> Thanks, applied to ppc-next.
>
> This breaks compilation for ppc{,64}-linux-user. Please fix that up
> and submit a v5. I've taken this patch from my tree for now :).

Sent v5 with the below fix folded

diff --git a/kvm-stub.c b/kvm-stub.c
index c27b69076572..6dd4454a640c 100644
--- a/kvm-stub.c
+++ b/kvm-stub.c
@@ -19,8 +19,6 @@
 #include "hw/pci/msi.h"
 #endif
 
-#include "hw/boards.h"
-
 KVMState *kvm_state;
 bool kvm_kernel_irqchip;
 bool kvm_async_interrupts_allowed;
@@ -30,6 +28,7 @@ bool kvm_gsi_routing_allowed;
 bool kvm_gsi_direct_mapping;
 bool kvm_allowed;
 bool kvm_readonly_mem_allowed;
+typedef struct QEMUMachine QEMUMachine;
 
 int kvm_init_vcpu(CPUState *cpu)
 {

[Qemu-devel] [PULL 00/19] acpi, pci, pc, fedora, virtio fixes and enhancements

[Michael S. Tsirkin]

The following changes since commit f976b09ea2493fd41c98aaf6512908db0bae:

  PPC: Fix compilation with TCG debug (2013-12-22 19:15:55 +0100)

are available in the git repository at:

  git://git.kernel.org/pub/scm/virt/kvm/mst/qemu.git tags/for_anthony

for you to fetch changes up to 5bf58abf1cb7220d9f7d8e18f113a353cd6f260d:

  target-arm: fix build with gcc 4.8.2 (2013-12-23 18:02:23 +0200)


acpi,pci,pc,fedora,virtio fixes and enhancements

This includes some Preparatory patches for cpu hotplug for q25 and memory
hotplug by Igor, tests and memory mapping change
by Laszlo and pci reset cleanup by Paolo.
There are also some fixes for fedora and virtio:
included here since they are test blockers for me.

Signed-off-by: Michael S. Tsirkin 


Gerd Hoffmann (2):
  piix: gigabyte alignment for ram
  piix: fix 32bit pci hole

Igor Mammedov (5):
  acpi: piix4: remove not needed GPE0 mask
  acpi: factor out common pm_update_sci() into acpi core
  acpi: ich9: allow guest to clear SCI rised by GPE
  ACPI: Q35 DSDT: fix CPU hotplug GPE0.2 handler
  ACPI/DSDT-CPU: cleanup bogus comment

Laszlo Ersek (5):
  hw/i386/pc_sysfw: support two flash drives
  i440fx-test: qtest_start() should be paired with qtest_end()
  i440fx-test: give each GTest case its own qtest
  i440fx-test: generate temporary firmware blob
  i440fx-test: verify firmware under 4G and 1M, both -bios and -pflash

Michael S. Tsirkin (2):
  pc_piix: document gigabyte_align
  target-arm: fix build with gcc 4.8.2

Paolo Bonzini (5):
  pci: do not export pci_bus_reset
  pci: clean up resetting of IRQs
  qdev: allow both pre- and post-order vists in qdev walking functions
  qdev: switch reset to post-order
  virtio: add back call to virtio_bus_device_unplugged

 include/hw/acpi/acpi.h|   8 ++
 include/hw/i386/pc.h  |   1 +
 include/hw/pci/pci.h  |   1 -
 include/hw/qdev-core.h|  15 ++--
 hw/acpi/core.c|  18 
 hw/acpi/ich9.c|  24 +-
 hw/acpi/piix4.c   |  27 +-
 hw/core/qdev.c|  47 ---
 hw/i386/pc_piix.c |  19 -
 hw/i386/pc_sysfw.c| 105 +++-
 hw/pci-host/piix.c|  11 +--
 hw/pci/pci.c  |  42 +-
 hw/pci/pci_bridge.c   |   2 +-
 hw/s390x/virtio-ccw.c |   5 +-
 hw/virtio/virtio.c|   2 +
 target-arm/cpu64.c|   6 ++
 tests/i440fx-test.c   | 167 ++
 hw/i386/acpi-dsdt-cpu-hotplug.dsl |   1 -
 hw/i386/q35-acpi-dsdt.dsl |   4 +-
 19 files changed, 365 insertions(+), 140 deletions(-)
-- 
MST

[Qemu-devel] [PULL 07/19] i440fx-test: verify firmware under 4G and 1M, both -bios and -pflash

[Michael S. Tsirkin]

From: Laszlo Ersek 

Check whether the firmware is not hidden by other memory regions.

Qemu is started in paused mode: it shouldn't try to interpret generated
garbage.

Signed-off-by: Laszlo Ersek 
Signed-off-by: Michael S. Tsirkin 
---
 tests/i440fx-test.c | 81 +
 1 file changed, 75 insertions(+), 6 deletions(-)

diff --git a/tests/i440fx-test.c b/tests/i440fx-test.c
index b6e0cd3..fa3e3d6 100644
--- a/tests/i440fx-test.c
+++ b/tests/i440fx-test.c
@@ -35,6 +35,11 @@ typedef struct TestData
 int num_cpus;
 } TestData;
 
+typedef struct FirmwareTestFixture {
+/* decides whether we're testing -bios or -pflash */
+bool is_bios;
+} FirmwareTestFixture;
+
 static QPCIBus *test_start_get_bus(const TestData *s)
 {
 char *cmdline;
@@ -278,6 +283,7 @@ static void test_i440fx_pam(gconstpointer opaque)
 }
 
 #define BLOB_SIZE ((size_t)65536)
+#define ISA_BIOS_MAXSZ ((size_t)(128 * 1024))
 
 /* Create a blob file, and return its absolute pathname as a dynamically
  * allocated string.
@@ -326,23 +332,86 @@ static char *create_blob_file(void)
 return ret == -1 ? NULL : pathname;
 }
 
-int main(int argc, char **argv)
+static void test_i440fx_firmware(FirmwareTestFixture *fixture,
+ gconstpointer user_data)
 {
-char *fw_pathname;
-TestData data;
-int ret;
-
-g_test_init(&argc, &argv, NULL);
+char *fw_pathname, *cmdline;
+uint8_t *buf;
+size_t i, isa_bios_size;
 
 fw_pathname = create_blob_file();
 g_assert(fw_pathname != NULL);
+
+/* Better hope the user didn't put metacharacters in TMPDIR and co. */
+cmdline = g_strdup_printf("-S %s %s",
+  fixture->is_bios ? "-bios" : "-pflash",
+  fw_pathname);
+g_test_message("qemu cmdline: %s", cmdline);
+qtest_start(cmdline);
+g_free(cmdline);
+
+/* Qemu has loaded the firmware (because qtest_start() only returns after
+ * the QMP handshake completes). We must unlink the firmware blob right
+ * here, because any assertion firing below would leak it in the
+ * filesystem. This is also the reason why we recreate the blob every time
+ * this function is invoked.
+ */
 unlink(fw_pathname);
 g_free(fw_pathname);
 
+/* check below 4G */
+buf = g_malloc0(BLOB_SIZE);
+memread(0x1ULL - BLOB_SIZE, buf, BLOB_SIZE);
+for (i = 0; i < BLOB_SIZE; ++i) {
+g_assert_cmphex(buf[i], ==, (uint8_t)i);
+}
+
+/* check in ISA space too */
+memset(buf, 0, BLOB_SIZE);
+isa_bios_size = ISA_BIOS_MAXSZ < BLOB_SIZE ? ISA_BIOS_MAXSZ : BLOB_SIZE;
+memread(0x10 - isa_bios_size, buf, isa_bios_size);
+for (i = 0; i < isa_bios_size; ++i) {
+g_assert_cmphex(buf[i], ==,
+(uint8_t)((BLOB_SIZE - isa_bios_size) + i));
+}
+
+g_free(buf);
+qtest_end();
+}
+
+static void add_firmware_test(const char *testpath,
+  void (*setup_fixture)(FirmwareTestFixture *f,
+gconstpointer test_data))
+{
+g_test_add(testpath, FirmwareTestFixture, NULL, setup_fixture,
+   test_i440fx_firmware, NULL);
+}
+
+static void request_bios(FirmwareTestFixture *fixture,
+ gconstpointer user_data)
+{
+fixture->is_bios = true;
+}
+
+static void request_pflash(FirmwareTestFixture *fixture,
+   gconstpointer user_data)
+{
+fixture->is_bios = false;
+}
+
+int main(int argc, char **argv)
+{
+TestData data;
+int ret;
+
+g_test_init(&argc, &argv, NULL);
+
 data.num_cpus = 1;
 
 g_test_add_data_func("/i440fx/defaults", &data, test_i440fx_defaults);
 g_test_add_data_func("/i440fx/pam", &data, test_i440fx_pam);
+add_firmware_test("/i440fx/firmware/bios", request_bios);
+add_firmware_test("/i440fx/firmware/pflash", request_pflash);
 
 ret = g_test_run();
 return ret;
-- 
MST

[Qemu-devel] [PULL 02/19] pc_piix: document gigabyte_align

[Michael S. Tsirkin]

Document the logic behind the below/above 4G split.

Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/pc_piix.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index acb9445..832e20c 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -61,6 +61,10 @@ static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
 static bool has_pci_info;
 static bool has_acpi_build = true;
 static bool smbios_type1_defaults = true;
+/* Make sure that guest addresses aligned at 1Gbyte boundaries get mapped to
+ * host addresses aligned at 1Gbyte boundaries.  This way we can use 1GByte
+ * pages in the host.
+ */
 static bool gigabyte_align = true;
 
 /* PC hardware initialisation */
@@ -107,6 +111,13 @@ static void pc_init1(QEMUMachineInitArgs *args,
 kvmclock_create();
 }
 
+/* Check whether RAM fits below 4G (leaving 1/2 GByte for IO memory).
+ * If it doesn't, we need to split it in chunks below and above 4G.
+ * In any case, try to make sure that guest addresses aligned at
+ * 1G boundaries get mapped to host addresses aligned at 1G boundaries.
+ * For old machine types, use whatever split we used historically to avoid
+ * breaking migration.
+ */
 if (args->ram_size >= 0xe000) {
 ram_addr_t lowmem = gigabyte_align ? 0xc000 : 0xe000;
 above_4g_mem_size = args->ram_size - lowmem;
-- 
MST

[Qemu-devel] [PULL 09/19] acpi: factor out common pm_update_sci() into acpi core

[Michael S. Tsirkin]

From: Igor Mammedov 

... and rename it into acpi_update_sci() since it changes
SCI on only on PM registers status.

Signed-off-by: Igor Mammedov 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/acpi/acpi.h |  8 
 hw/acpi/core.c | 18 ++
 hw/acpi/ich9.c | 23 ++-
 hw/acpi/piix4.c| 26 --
 4 files changed, 32 insertions(+), 43 deletions(-)

diff --git a/include/hw/acpi/acpi.h b/include/hw/acpi/acpi.h
index 6bbcb17..3e53297 100644
--- a/include/hw/acpi/acpi.h
+++ b/include/hw/acpi/acpi.h
@@ -69,6 +69,12 @@
 #define ACPI_BITMASK_RT_CLOCK_ENABLE0x0400
 #define ACPI_BITMASK_PCIEXP_WAKE_DISABLE0x4000 /* ACPI 3.0 */
 
+#define ACPI_BITMASK_PM1_COMMON_ENABLED ( \
+ACPI_BITMASK_RT_CLOCK_ENABLE| \
+ACPI_BITMASK_POWER_BUTTON_ENABLE| \
+ACPI_BITMASK_GLOBAL_LOCK_ENABLE | \
+ACPI_BITMASK_TIMER_ENABLE)
+
 /* PM1x_CNT */
 #define ACPI_BITMASK_SCI_ENABLE 0x0001
 #define ACPI_BITMASK_BUS_MASTER_RLD 0x0002
@@ -160,6 +166,8 @@ void acpi_gpe_reset(ACPIREGS *ar);
 void acpi_gpe_ioport_writeb(ACPIREGS *ar, uint32_t addr, uint32_t val);
 uint32_t acpi_gpe_ioport_readb(ACPIREGS *ar, uint32_t addr);
 
+void acpi_update_sci(ACPIREGS *acpi_regs, qemu_irq irq);
+
 /* acpi.c */
 extern int acpi_enabled;
 extern char unsigned *acpi_tables;
diff --git a/hw/acpi/core.c b/hw/acpi/core.c
index 58308a3..79414b4 100644
--- a/hw/acpi/core.c
+++ b/hw/acpi/core.c
@@ -662,3 +662,21 @@ uint32_t acpi_gpe_ioport_readb(ACPIREGS *ar, uint32_t addr)
 
 return val;
 }
+
+void acpi_update_sci(ACPIREGS *regs, qemu_irq irq)
+{
+int sci_level, pm1a_sts;
+
+pm1a_sts = acpi_pm1_evt_get_sts(regs);
+
+sci_level = ((pm1a_sts &
+  regs->pm1.evt.en & ACPI_BITMASK_PM1_COMMON_ENABLED) != 0) ||
+((regs->gpe.sts[0] & regs->gpe.en[0]) != 0);
+
+qemu_set_irq(irq, sci_level);
+
+/* schedule a timer interruption if needed */
+acpi_pm_tmr_update(regs,
+   (regs->pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) &&
+   !(pm1a_sts & ACPI_BITMASK_TIMER_STATUS));
+}
diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 7e0429e..dcdef7c 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -44,29 +44,10 @@ do { printf("%s "fmt, __func__, ## __VA_ARGS__); } while (0)
 #define ICH9_DEBUG(fmt, ...)do { } while (0)
 #endif
 
-static void pm_update_sci(ICH9LPCPMRegs *pm)
-{
-int sci_level, pm1a_sts;
-
-pm1a_sts = acpi_pm1_evt_get_sts(&pm->acpi_regs);
-
-sci_level = (((pm1a_sts & pm->acpi_regs.pm1.evt.en) &
-  (ACPI_BITMASK_RT_CLOCK_ENABLE |
-   ACPI_BITMASK_POWER_BUTTON_ENABLE |
-   ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
-   ACPI_BITMASK_TIMER_ENABLE)) != 0);
-qemu_set_irq(pm->irq, sci_level);
-
-/* schedule a timer interruption if needed */
-acpi_pm_tmr_update(&pm->acpi_regs,
-   (pm->acpi_regs.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) 
&&
-   !(pm1a_sts & ACPI_BITMASK_TIMER_STATUS));
-}
-
 static void ich9_pm_update_sci_fn(ACPIREGS *regs)
 {
 ICH9LPCPMRegs *pm = container_of(regs, ICH9LPCPMRegs, acpi_regs);
-pm_update_sci(pm);
+acpi_update_sci(&pm->acpi_regs, pm->irq);
 }
 
 static uint64_t ich9_gpe_readb(void *opaque, hwaddr addr, unsigned width)
@@ -193,7 +174,7 @@ static void pm_reset(void *opaque)
 pm->smi_en |= ICH9_PMIO_SMI_EN_APMC_EN;
 }
 
-pm_update_sci(pm);
+acpi_update_sci(&pm->acpi_regs, pm->irq);
 }
 
 static void pm_powerdown_req(Notifier *n, void *opaque)
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index b4caeab..b6b97ce 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -112,28 +112,10 @@ static void piix4_acpi_system_hot_add_init(MemoryRegion 
*parent,
 #define ACPI_ENABLE 0xf1
 #define ACPI_DISABLE 0xf0
 
-static void pm_update_sci(PIIX4PMState *s)
-{
-int sci_level, pmsts;
-
-pmsts = acpi_pm1_evt_get_sts(&s->ar);
-sci_level = (((pmsts & s->ar.pm1.evt.en) &
-  (ACPI_BITMASK_RT_CLOCK_ENABLE |
-   ACPI_BITMASK_POWER_BUTTON_ENABLE |
-   ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
-   ACPI_BITMASK_TIMER_ENABLE)) != 0) ||
-((s->ar.gpe.sts[0] & s->ar.gpe.en[0]) != 0);
-
-qemu_set_irq(s->irq, sci_level);
-/* schedule a timer interruption if needed */
-acpi_pm_tmr_update(&s->ar, (s->ar.pm1.evt.en & ACPI_BITMASK_TIMER_ENABLE) 
&&
-   !(pmsts & ACPI_BITMASK_TIMER_STATUS));
-}
-
 static void pm_tmr_timer(ACPIREGS *ar)
 {
 PIIX4PMState *s = container_of(ar, PIIX4PMState, ar);
-pm_update_sci(s);
+acpi_update_sci(&s->ar, s->irq);
 }
 
 static void apm_ctrl_changed(uint32_t val, void *arg)
@@ -577,7 +559,7 @@ static void gpe_writeb(void *opaque, hwaddr addr, uint64_t 
val,
 PIIX4PMState *s = opaque;
 
 acpi_gpe_ioport_w

[Qemu-devel] [PULL 16/19] qdev: switch reset to post-order

[Michael S. Tsirkin]

From: Paolo Bonzini 

Post-order is the only sensible direction for the reset signals.
For example, suppose pre-order is used and the parent has some data
structures that cache children state (for example a list of active
requests).  When the reset method is invoked on the parent, these caches
could be in any state.

If post-order is used, on the other hand, these will be in a known state
when the reset method is invoked on the parent.

This change means that it is no longer possible to block the visit of
the devices, so the callback is changed to return void.  This is not
a problem, because PCI was returning 1 exactly in order to achieve the
same ordering that this patch implements.

PCI can then rely on the qdev core having sent a "reset signal" (whatever
that means) to the device, and only do the PCI-specific initialization
with pci_do_device_reset.

MST: fixed up virtio-ccw

Signed-off-by: Paolo Bonzini 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/qdev-core.h |  2 +-
 hw/core/qdev.c |  6 +++---
 hw/pci/pci.c   | 31 ---
 hw/s390x/virtio-ccw.c  |  5 +
 4 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index ecf5cb3..a9ce4a3 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -158,7 +158,7 @@ struct BusClass {
  * bindings can be found at http://playground.sun.com/1275/bindings/.
  */
 char *(*get_fw_dev_path)(DeviceState *dev);
-int (*reset)(BusState *bus);
+void (*reset)(BusState *bus);
 /* maximum devices allowed on the bus, 0: no limit. */
 int max_dev;
 };
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 5ddf1aa..d2ffe35 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -233,19 +233,19 @@ static int qbus_reset_one(BusState *bus, void *opaque)
 {
 BusClass *bc = BUS_GET_CLASS(bus);
 if (bc->reset) {
-return bc->reset(bus);
+bc->reset(bus);
 }
 return 0;
 }
 
 void qdev_reset_all(DeviceState *dev)
 {
-qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
+qdev_walk_children(dev, NULL, NULL, qdev_reset_one, qbus_reset_one, NULL);
 }
 
 void qbus_reset_all(BusState *bus)
 {
-qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
+qbus_walk_children(bus, NULL, NULL, qdev_reset_one, qbus_reset_one, NULL);
 }
 
 void qbus_reset_all_fn(void *opaque)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 131e599..aa2a395 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -46,7 +46,7 @@
 static void pcibus_dev_print(Monitor *mon, DeviceState *dev, int indent);
 static char *pcibus_get_dev_path(DeviceState *dev);
 static char *pcibus_get_fw_dev_path(DeviceState *dev);
-static int pcibus_reset(BusState *qbus);
+static void pcibus_reset(BusState *qbus);
 static void pci_bus_finalize(Object *obj);
 
 static Property pci_props[] = {
@@ -167,16 +167,10 @@ void pci_device_deassert_intx(PCIDevice *dev)
 }
 }
 
-/*
- * This function is called on #RST and FLR.
- * FLR if PCI_EXP_DEVCTL_BCR_FLR is set
- */
-void pci_device_reset(PCIDevice *dev)
+static void pci_do_device_reset(PCIDevice *dev)
 {
 int r;
 
-qdev_reset_all(&dev->qdev);
-
 dev->irq_state = 0;
 pci_update_irq_status(dev);
 pci_device_deassert_intx(dev);
@@ -209,27 +203,34 @@ void pci_device_reset(PCIDevice *dev)
 }
 
 /*
+ * This function is called on #RST and FLR.
+ * FLR if PCI_EXP_DEVCTL_BCR_FLR is set
+ */
+void pci_device_reset(PCIDevice *dev)
+{
+qdev_reset_all(&dev->qdev);
+pci_do_device_reset(dev);
+}
+
+/*
  * Trigger pci bus reset under a given bus.
- * To be called on RST# assert.
+ * Called via qbus_reset_all on RST# assert, after the devices
+ * have been reset qdev_reset_all-ed already.
  */
-static int pcibus_reset(BusState *qbus)
+static void pcibus_reset(BusState *qbus)
 {
 PCIBus *bus = DO_UPCAST(PCIBus, qbus, qbus);
 int i;
 
 for (i = 0; i < ARRAY_SIZE(bus->devices); ++i) {
 if (bus->devices[i]) {
-pci_device_reset(bus->devices[i]);
+pci_do_device_reset(bus->devices[i]);
 }
 }
 
 for (i = 0; i < bus->nirq; i++) {
 assert(bus->irq_count[i] == 0);
 }
-
-/* topology traverse is done by pci_bus_reset().
-   Tell qbus/qdev walker not to traverse the tree */
-return 1;
 }
 
 static void pci_host_bus_register(PCIBus *bus, DeviceState *parent)
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index ecc80ec..b79f04e 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -30,13 +30,10 @@
 static void virtio_ccw_bus_new(VirtioBusState *bus, size_t bus_size,
VirtioCcwDevice *dev);
 
-static int virtual_css_bus_reset(BusState *qbus)
+static void virtual_css_bus_reset(BusState *qbus)
 {
 /* This should actually be modelled via the generic css */
 css_reset();
-
-/* we dont traverse ourself, return 0 */
-return 0;
 }
 
 
-- 
MST

[Qemu-devel] [PULL 01/19] piix: gigabyte alignment for ram

[Michael S. Tsirkin]

From: Gerd Hoffmann 

Map 3G (i440fx) of memory below 4G, so the RAM pieces
are nicely aligned to gigabyte borders.

Keep old memory layout for (a) old machine types and (b) in case all
memory fits below 4G and thus we don't have to split RAM into pieces
in the first place.  The later makes sure this change doesn't take
away memory from 32bit guests.

So, with i440fx and up to 3.5 GB of memory, all of it will be mapped
below 4G.  With more than 3.5 GB of memory 3 GB will be mapped below
4G and the remaining amount will be mapped above 4G.

Signed-off-by: Gerd Hoffmann 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/pc_piix.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 4e0dae7..acb9445 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -61,6 +61,7 @@ static const int ide_irq[MAX_IDE_BUS] = { 14, 15 };
 static bool has_pci_info;
 static bool has_acpi_build = true;
 static bool smbios_type1_defaults = true;
+static bool gigabyte_align = true;
 
 /* PC hardware initialisation */
 static void pc_init1(QEMUMachineInitArgs *args,
@@ -107,8 +108,9 @@ static void pc_init1(QEMUMachineInitArgs *args,
 }
 
 if (args->ram_size >= 0xe000) {
-above_4g_mem_size = args->ram_size - 0xe000;
-below_4g_mem_size = 0xe000;
+ram_addr_t lowmem = gigabyte_align ? 0xc000 : 0xe000;
+above_4g_mem_size = args->ram_size - lowmem;
+below_4g_mem_size = lowmem;
 } else {
 above_4g_mem_size = 0;
 below_4g_mem_size = args->ram_size;
@@ -245,6 +247,7 @@ static void pc_init_pci(QEMUMachineInitArgs *args)
 static void pc_compat_1_7(QEMUMachineInitArgs *args)
 {
 smbios_type1_defaults = false;
+gigabyte_align = false;
 }
 
 static void pc_compat_1_6(QEMUMachineInitArgs *args)
-- 
MST

[Qemu-devel] [PULL 03/19] hw/i386/pc_sysfw: support two flash drives

[Michael S. Tsirkin]

From: Laszlo Ersek 

This patch allows the user to usefully specify

  -drive file=img_1,if=pflash,format=raw,readonly \
  -drive file=img_2,if=pflash,format=raw

on the command line. The flash images will be mapped under 4G in their
reverse unit order -- that is, with their base addresses progressing
downwards, in increasing unit order.

(The unit number increases with command line order if not explicitly
specified.)

This accommodates the following use case: suppose that OVMF is split in
two parts, a writeable host file for non-volatile variable storage, and a
read-only part for bootstrap and decompressible executable code.

The binary code part would be read-only, centrally managed on the host
system, and passed in as unit 0. The variable store would be writeable,
VM-specific, and passed in as unit 1.

  ffe0-ffe1 (prio 0, R-): system.flash1
  ffe2- (prio 0, R-): system.flash0

(If the guest tries to write to the flash range that is backed by the
read-only drive, pflash_update() is never called; various flash
programming/erase errors are returned to the guest instead. See the
callers of pflash_update(), and the initialization of "pfl->ro", in
"hw/block/pflash_cfi01.c".)

Signed-off-by: Laszlo Ersek 
Reviewed-by: Markus Armbruster 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/pc_sysfw.c | 105 +++--
 1 file changed, 86 insertions(+), 19 deletions(-)

diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
index e917c83..75a7ebb 100644
--- a/hw/i386/pc_sysfw.c
+++ b/hw/i386/pc_sysfw.c
@@ -72,35 +72,102 @@ static void pc_isa_bios_init(MemoryRegion *rom_memory,
 memory_region_set_readonly(isa_bios, true);
 }
 
-static void pc_system_flash_init(MemoryRegion *rom_memory,
- DriveInfo *pflash_drv)
+#define FLASH_MAP_UNIT_MAX 2
+
+/* We don't have a theoretically justifiable exact lower bound on the base
+ * address of any flash mapping. In practice, the IO-APIC MMIO range is
+ * [0xFEE0..0xFEE01000[ -- see IO_APIC_DEFAULT_ADDRESS --, leaving free
+ * only 18MB-4KB below 4G. For now, restrict the cumulative mapping to 8MB in
+ * size.
+ */
+#define FLASH_MAP_BASE_MIN ((hwaddr)(0x1ULL - 8*1024*1024))
+
+/* This function maps flash drives from 4G downward, in order of their unit
+ * numbers. The mapping starts at unit#0, with unit number increments of 1, and
+ * stops before the first missing flash drive, or before
+ * unit#FLASH_MAP_UNIT_MAX, whichever is reached first.
+ *
+ * Addressing within one flash drive is of course not reversed.
+ *
+ * An error message is printed and the process exits if:
+ * - the size of the backing file for a flash drive is non-positive, or not a
+ *   multiple of the required sector size, or
+ * - the current mapping's base address would fall below FLASH_MAP_BASE_MIN.
+ *
+ * The drive with unit#0 (if available) is mapped at the highest address, and
+ * it is passed to pc_isa_bios_init(). Merging several drives for isa-bios is
+ * not supported.
+ */
+static void pc_system_flash_init(MemoryRegion *rom_memory)
 {
+int unit;
+DriveInfo *pflash_drv;
 BlockDriverState *bdrv;
 int64_t size;
-hwaddr phys_addr;
+char *fatal_errmsg = NULL;
+hwaddr phys_addr = 0x1ULL;
 int sector_bits, sector_size;
 pflash_t *system_flash;
 MemoryRegion *flash_mem;
+char name[64];
 
-bdrv = pflash_drv->bdrv;
-size = bdrv_getlength(pflash_drv->bdrv);
 sector_bits = 12;
 sector_size = 1 << sector_bits;
 
-if ((size % sector_size) != 0) {
-fprintf(stderr,
-"qemu: PC system firmware (pflash) must be a multiple of 
0x%x\n",
-sector_size);
-exit(1);
+for (unit = 0;
+ (unit < FLASH_MAP_UNIT_MAX &&
+  (pflash_drv = drive_get(IF_PFLASH, 0, unit)) != NULL);
+ ++unit) {
+bdrv = pflash_drv->bdrv;
+size = bdrv_getlength(bdrv);
+if (size < 0) {
+fatal_errmsg = g_strdup_printf("failed to get backing file size");
+} else if (size == 0) {
+fatal_errmsg = g_strdup_printf("PC system firmware (pflash) "
+   "cannot have zero size");
+} else if ((size % sector_size) != 0) {
+fatal_errmsg = g_strdup_printf("PC system firmware (pflash) "
+   "must be a multiple of 0x%x", sector_size);
+} else if (phys_addr < size || phys_addr - size < FLASH_MAP_BASE_MIN) {
+fatal_errmsg = g_strdup_printf("oversized backing file, pflash "
+   "segments cannot be mapped under "
+   TARGET_FMT_plx, FLASH_MAP_BASE_MIN);
+}
+if (fatal_errmsg != NULL) {
+Location loc;
+
+/* push a new, "none" location on the location stack; overwrite its
+ * contents with the location saved in

[Qemu-devel] [PULL 13/19] pci: do not export pci_bus_reset

[Michael S. Tsirkin]

From: Paolo Bonzini 

qbus_reset_all can be used instead.  There is no semantic change
because pcibus_reset returns 1 and takes care of the device
tree traversal.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/pci/pci.h | 1 -
 hw/pci/pci.c | 8 ++--
 hw/pci/pci_bridge.c  | 2 +-
 3 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h
index b783e68..754b82d 100644
--- a/include/hw/pci/pci.h
+++ b/include/hw/pci/pci.h
@@ -373,7 +373,6 @@ void pci_bus_fire_intx_routing_notifier(PCIBus *bus);
 void pci_device_set_intx_routing_notifier(PCIDevice *dev,
   PCIINTxRoutingNotifier notifier);
 void pci_device_reset(PCIDevice *dev);
-void pci_bus_reset(PCIBus *bus);
 
 PCIDevice *pci_nic_init(NICInfo *nd, PCIBus *rootbus,
 const char *default_model,
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 82c11ec..83ea0a0 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -212,8 +212,9 @@ void pci_device_reset(PCIDevice *dev)
  * Trigger pci bus reset under a given bus.
  * To be called on RST# assert.
  */
-void pci_bus_reset(PCIBus *bus)
+static int pcibus_reset(BusState *qbus)
 {
+PCIBus *bus = DO_UPCAST(PCIBus, qbus, qbus);
 int i;
 
 for (i = 0; i < bus->nirq; i++) {
@@ -224,11 +225,6 @@ void pci_bus_reset(PCIBus *bus)
 pci_device_reset(bus->devices[i]);
 }
 }
-}
-
-static int pcibus_reset(BusState *qbus)
-{
-pci_bus_reset(DO_UPCAST(PCIBus, qbus, qbus));
 
 /* topology traverse is done by pci_bus_reset().
Tell qbus/qdev walker not to traverse the tree */
diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c
index f72872e..098c50a 100644
--- a/hw/pci/pci_bridge.c
+++ b/hw/pci/pci_bridge.c
@@ -268,7 +268,7 @@ void pci_bridge_write_config(PCIDevice *d,
 newctl = pci_get_word(d->config + PCI_BRIDGE_CONTROL);
 if (~oldctl & newctl & PCI_BRIDGE_CTL_BUS_RESET) {
 /* Trigger hot reset on 0->1 transition. */
-pci_bus_reset(&s->sec_bus);
+qbus_reset_all(&s->sec_bus.qbus);
 }
 }
 
-- 
MST

[Qemu-devel] [PULL 17/19] piix: fix 32bit pci hole

[Michael S. Tsirkin]

From: Gerd Hoffmann 

Make the 32bit pci hole start at end of ram, so all possible address
space is covered.

We used to try and make addresses aligned so they are easier to cover
with MTRRs, but since they are cosmetic on KVM, this is probably not
worth worrying about.
Of course the firmware can use less than that.  Leaving space unused is
no problem, mapping pci bars outside the hole causes problems though.

Signed-off-by: Gerd Hoffmann 
Signed-off-by: Laszlo Ersek 
Reviewed-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/i386/pc.h |  1 +
 hw/i386/pc_piix.c|  1 +
 hw/pci-host/piix.c   | 11 ++-
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 24eb3de..eb3da96 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -182,6 +182,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int 
*piix_devfn,
 MemoryRegion *address_space_mem,
 MemoryRegion *address_space_io,
 ram_addr_t ram_size,
+ram_addr_t below_4g_mem_size,
 ram_addr_t above_4g_mem_size,
 MemoryRegion *pci_memory,
 MemoryRegion *ram_memory);
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 832e20c..2766414 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -170,6 +170,7 @@ static void pc_init1(QEMUMachineInitArgs *args,
 if (pci_enabled) {
 pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, &isa_bus, gsi,
   system_memory, system_io, args->ram_size,
+  below_4g_mem_size,
   above_4g_mem_size,
   pci_memory, ram_memory);
 } else {
diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c
index 63be7f6..4229d09 100644
--- a/hw/pci-host/piix.c
+++ b/hw/pci-host/piix.c
@@ -311,6 +311,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
 MemoryRegion *address_space_mem,
 MemoryRegion *address_space_io,
 ram_addr_t ram_size,
+ram_addr_t below_4g_mem_size,
 ram_addr_t above_4g_mem_size,
 MemoryRegion *pci_address_space,
 MemoryRegion *ram_memory)
@@ -340,15 +341,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state,
 f->ram_memory = ram_memory;
 
 i440fx = I440FX_PCI_HOST_BRIDGE(dev);
-/* Set PCI window size the way seabios has always done it. */
-/* Power of 2 so bios can cover it with a single MTRR */
-if (ram_size <= 0x8000) {
-i440fx->pci_info.w32.begin = 0x8000;
-} else if (ram_size <= 0xc000) {
-i440fx->pci_info.w32.begin = 0xc000;
-} else {
-i440fx->pci_info.w32.begin = 0xe000;
-}
+i440fx->pci_info.w32.begin = below_4g_mem_size;
 
 /* setup pci memory mapping */
 pc_pci_as_mapping_init(OBJECT(f), f->system_memory,
-- 
MST

[Qemu-devel] [PULL 04/19] i440fx-test: qtest_start() should be paired with qtest_end()

[Michael S. Tsirkin]

From: Laszlo Ersek 

Similarly to commit 1d9358e6
("libqtest: New qtest_end() to go with qtest_start()").

Signed-off-by: Laszlo Ersek 
Signed-off-by: Michael S. Tsirkin 
---
 tests/i440fx-test.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/tests/i440fx-test.c b/tests/i440fx-test.c
index 65c786c..6ac46bf 100644
--- a/tests/i440fx-test.c
+++ b/tests/i440fx-test.c
@@ -2,9 +2,11 @@
  * qtest I440FX test case
  *
  * Copyright IBM, Corp. 2012-2013
+ * Copyright Red Hat, Inc. 2013
  *
  * Authors:
  *  Anthony Liguori   
+ *  Laszlo Ersek  
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
@@ -256,7 +258,6 @@ static void test_i440fx_pam(gconstpointer opaque)
 
 int main(int argc, char **argv)
 {
-QTestState *s;
 TestData data;
 char *cmdline;
 int ret;
@@ -266,20 +267,17 @@ int main(int argc, char **argv)
 data.num_cpus = 1;
 
 cmdline = g_strdup_printf("-smp %d", data.num_cpus);
-s = qtest_start(cmdline);
+qtest_start(cmdline);
 g_free(cmdline);
 
 data.bus = qpci_init_pc();
 
 g_test_add_data_func("/i440fx/defaults", &data, test_i440fx_defaults);
 g_test_add_data_func("/i440fx/pam", &data, test_i440fx_pam);
-
 
 ret = g_test_run();
 
-if (s) {
-qtest_quit(s);
-}
+qtest_end();
 
 return ret;
 }
-- 
MST

[Qemu-devel] [PULL 05/19] i440fx-test: give each GTest case its own qtest

[Michael S. Tsirkin]

From: Laszlo Ersek 

The current two GTest cases, /i440fx/defaults and /i440fx/pam can share a
qemu process, but the next two cases will need dedicated instances. It is
messy (and order-dependent) to dynamically configure GTest cases one by
one to start, stop, or keep the current qtest (*); let's just have each
GTest work with its own qtest. The performance difference should be
negligible.

(*) As g_test_run() can be invoked at most once per process startup, and
it runs GTest cases in sequence, we'd need clumsy data structures to
control each GTest case to start/stop/keep the qemu instance. Or, we'd
have to code the same information into the test methods themselves, which
would make them even more order-dependent.

Signed-off-by: Laszlo Ersek 
Signed-off-by: Michael S. Tsirkin 
---
 tests/i440fx-test.c | 32 +++-
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/tests/i440fx-test.c b/tests/i440fx-test.c
index 6ac46bf..3962bca 100644
--- a/tests/i440fx-test.c
+++ b/tests/i440fx-test.c
@@ -28,16 +28,27 @@
 typedef struct TestData
 {
 int num_cpus;
-QPCIBus *bus;
 } TestData;
 
+static QPCIBus *test_start_get_bus(const TestData *s)
+{
+char *cmdline;
+
+cmdline = g_strdup_printf("-smp %d", s->num_cpus);
+qtest_start(cmdline);
+g_free(cmdline);
+return qpci_init_pc();
+}
+
 static void test_i440fx_defaults(gconstpointer opaque)
 {
 const TestData *s = opaque;
+QPCIBus *bus;
 QPCIDevice *dev;
 uint32_t value;
 
-dev = qpci_device_find(s->bus, QPCI_DEVFN(0, 0));
+bus = test_start_get_bus(s);
+dev = qpci_device_find(bus, QPCI_DEVFN(0, 0));
 g_assert(dev != NULL);
 
 /* 3.2.2 */
@@ -121,6 +132,8 @@ static void test_i440fx_defaults(gconstpointer opaque)
 g_assert_cmpint(qpci_config_readb(dev, 0x91), ==, 0x00); /* ERRSTS */
 /* 3.2.26 */
 g_assert_cmpint(qpci_config_readb(dev, 0x93), ==, 0x00); /* TRC */
+
+qtest_end();
 }
 
 #define PAM_RE 1
@@ -179,6 +192,7 @@ static void write_area(uint32_t start, uint32_t end, 
uint8_t value)
 static void test_i440fx_pam(gconstpointer opaque)
 {
 const TestData *s = opaque;
+QPCIBus *bus;
 QPCIDevice *dev;
 int i;
 static struct {
@@ -201,7 +215,8 @@ static void test_i440fx_pam(gconstpointer opaque)
 { 0xEC000, 0xE }, /* BIOS Extension */
 };
 
-dev = qpci_device_find(s->bus, QPCI_DEVFN(0, 0));
+bus = test_start_get_bus(s);
+dev = qpci_device_find(bus, QPCI_DEVFN(0, 0));
 g_assert(dev != NULL);
 
 for (i = 0; i < ARRAY_SIZE(pam_area); i++) {
@@ -254,30 +269,21 @@ static void test_i440fx_pam(gconstpointer opaque)
 /* Verify the area is not our new mask */
 g_assert(!verify_area(pam_area[i].start, pam_area[i].end, 0x82));
 }
+qtest_end();
 }
 
 int main(int argc, char **argv)
 {
 TestData data;
-char *cmdline;
 int ret;
 
 g_test_init(&argc, &argv, NULL);
 
 data.num_cpus = 1;
 
-cmdline = g_strdup_printf("-smp %d", data.num_cpus);
-qtest_start(cmdline);
-g_free(cmdline);
-
-data.bus = qpci_init_pc();
-
 g_test_add_data_func("/i440fx/defaults", &data, test_i440fx_defaults);
 g_test_add_data_func("/i440fx/pam", &data, test_i440fx_pam);
 
 ret = g_test_run();
-
-qtest_end();
-
 return ret;
 }
-- 
MST

[Qemu-devel] [PULL 14/19] pci: clean up resetting of IRQs

[Michael S. Tsirkin]

From: Paolo Bonzini 

pci_device_reset will deassert the INTX pins, and this will make the
irq_count array all-zeroes.  Check that this is the case, and remove
the existing loop which might even unsync irq_count and irq_state.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Michael S. Tsirkin 
---
 hw/pci/pci.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 83ea0a0..131e599 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -217,15 +217,16 @@ static int pcibus_reset(BusState *qbus)
 PCIBus *bus = DO_UPCAST(PCIBus, qbus, qbus);
 int i;
 
-for (i = 0; i < bus->nirq; i++) {
-bus->irq_count[i] = 0;
-}
 for (i = 0; i < ARRAY_SIZE(bus->devices); ++i) {
 if (bus->devices[i]) {
 pci_device_reset(bus->devices[i]);
 }
 }
 
+for (i = 0; i < bus->nirq; i++) {
+assert(bus->irq_count[i] == 0);
+}
+
 /* topology traverse is done by pci_bus_reset().
Tell qbus/qdev walker not to traverse the tree */
 return 1;
-- 
MST

[Qemu-devel] [PULL 08/19] acpi: piix4: remove not needed GPE0 mask

[Michael S. Tsirkin]

From: Igor Mammedov 

Hardcoded GPE0 mask isn't really needed. Since GPE0_STS initialized
with all bits cleared and only QEMU itself can set bits there (i.e.
guest can only clear bits in it). So guest can't triger SCI
by setting _STS & _EN bits and there is not reason to mask out not
supported _STS bits since they shouldn't be set by QEMU in the first
place.

Signed-off-by: Igor Mammedov 
Signed-off-by: Michael S. Tsirkin 
---
 hw/acpi/piix4.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 93849c8..b4caeab 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -122,8 +122,7 @@ static void pm_update_sci(PIIX4PMState *s)
ACPI_BITMASK_POWER_BUTTON_ENABLE |
ACPI_BITMASK_GLOBAL_LOCK_ENABLE |
ACPI_BITMASK_TIMER_ENABLE)) != 0) ||
-(((s->ar.gpe.sts[0] & s->ar.gpe.en[0]) &
-  (PIIX4_PCI_HOTPLUG_STATUS | PIIX4_CPU_HOTPLUG_STATUS)) != 0);
+((s->ar.gpe.sts[0] & s->ar.gpe.en[0]) != 0);
 
 qemu_set_irq(s->irq, sci_level);
 /* schedule a timer interruption if needed */
-- 
MST

[Qemu-devel] [PULL 19/19] target-arm: fix build with gcc 4.8.2

[Michael S. Tsirkin]

commit 5ce4f35781028ce1aee3341e6002f925fdc7aaf3
"target-arm: A64: add set_pc cpu method"

introduces an array aarch64_cpus which is zero
size if this code is built without CONFIG_USER_ONLY.
In particular an attempt to iterate over this array produces a warning
under gcc 4.8.2:

 CCaarch64-softmmu/target-arm/cpu64.o
/scm/qemu/target-arm/cpu64.c: In function ‘aarch64_cpu_register_types’:
/scm/qemu/target-arm/cpu64.c:124:5: error: comparison of unsigned
expression < 0 is always false [-Werror=type-limits]
 for (i = 0; i < ARRAY_SIZE(aarch64_cpus); i++) {
 ^
cc1: all warnings being treated as errors

This is the result of ARRAY_SIZE being an unsigned type,
causing "i" to be promoted to unsigned int as well.

As zero size arrays are a gcc extension, it seems
cleanest to add a dummy element with NULL name,
and test for it during registration.

We'll be able to drop this when we add more CPUs.

Cc: Alexander Graf 
Cc: Peter Maydell 
Cc: Richard Henderson 
Signed-off-by: Michael S. Tsirkin 
Reviewed-by: Peter Maydell 
Reviewed-by: Stefan Weil 
---
 target-arm/cpu64.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target-arm/cpu64.c b/target-arm/cpu64.c
index 04ce879..60acd24 100644
--- a/target-arm/cpu64.c
+++ b/target-arm/cpu64.c
@@ -58,6 +58,7 @@ static const ARMCPUInfo aarch64_cpus[] = {
 #ifdef CONFIG_USER_ONLY
 { .name = "any", .initfn = aarch64_any_initfn },
 #endif
+{ .name = NULL } /* TODO: drop when we support more CPUs */
 };
 
 static void aarch64_cpu_initfn(Object *obj)
@@ -100,6 +101,11 @@ static void aarch64_cpu_register(const ARMCPUInfo *info)
 .class_init = info->class_init,
 };
 
+/* TODO: drop when we support more CPUs - all entries will have name set */
+if (!info->name) {
+return;
+}
+
 type_info.name = g_strdup_printf("%s-" TYPE_ARM_CPU, info->name);
 type_register(&type_info);
 g_free((void *)type_info.name);
-- 
MST

[Qemu-devel] [PULL 15/19] qdev: allow both pre- and post-order vists in qdev walking functions

[Michael S. Tsirkin]

From: Paolo Bonzini 

Resetting should be done in post-order, not pre-order.  However,
qdev_walk_children and qbus_walk_children do not allow this.  Fix
it by adding two extra arguments to the functions.

Signed-off-by: Paolo Bonzini 
Signed-off-by: Michael S. Tsirkin 
---
 include/hw/qdev-core.h | 13 +
 hw/core/qdev.c | 45 +
 2 files changed, 42 insertions(+), 16 deletions(-)

diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index f2043a6..ecf5cb3 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -253,10 +253,15 @@ BusState *qbus_create(const char *typename, DeviceState 
*parent, const char *nam
 /* Returns > 0 if either devfn or busfn skip walk somewhere in cursion,
  * < 0 if either devfn or busfn terminate walk somewhere in cursion,
  *   0 otherwise. */
-int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
-   qbus_walkerfn *busfn, void *opaque);
-int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
-   qbus_walkerfn *busfn, void *opaque);
+int qbus_walk_children(BusState *bus,
+   qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
+   qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
+   void *opaque);
+int qdev_walk_children(DeviceState *dev,
+   qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
+   qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
+   void *opaque);
+
 void qdev_reset_all(DeviceState *dev);
 
 /**
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index e374a93..5ddf1aa 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -240,12 +240,12 @@ static int qbus_reset_one(BusState *bus, void *opaque)
 
 void qdev_reset_all(DeviceState *dev)
 {
-qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL);
+qdev_walk_children(dev, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
 }
 
 void qbus_reset_all(BusState *bus)
 {
-qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL);
+qbus_walk_children(bus, qdev_reset_one, qbus_reset_one, NULL, NULL, NULL);
 }
 
 void qbus_reset_all_fn(void *opaque)
@@ -337,49 +337,70 @@ BusState *qdev_get_child_bus(DeviceState *dev, const char 
*name)
 return NULL;
 }
 
-int qbus_walk_children(BusState *bus, qdev_walkerfn *devfn,
-   qbus_walkerfn *busfn, void *opaque)
+int qbus_walk_children(BusState *bus,
+   qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
+   qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
+   void *opaque)
 {
 BusChild *kid;
 int err;
 
-if (busfn) {
-err = busfn(bus, opaque);
+if (pre_busfn) {
+err = pre_busfn(bus, opaque);
 if (err) {
 return err;
 }
 }
 
 QTAILQ_FOREACH(kid, &bus->children, sibling) {
-err = qdev_walk_children(kid->child, devfn, busfn, opaque);
+err = qdev_walk_children(kid->child,
+ pre_devfn, pre_busfn,
+ post_devfn, post_busfn, opaque);
 if (err < 0) {
 return err;
 }
 }
 
+if (post_busfn) {
+err = post_busfn(bus, opaque);
+if (err) {
+return err;
+}
+}
+
 return 0;
 }
 
-int qdev_walk_children(DeviceState *dev, qdev_walkerfn *devfn,
-   qbus_walkerfn *busfn, void *opaque)
+int qdev_walk_children(DeviceState *dev,
+   qdev_walkerfn *pre_devfn, qbus_walkerfn *pre_busfn,
+   qdev_walkerfn *post_devfn, qbus_walkerfn *post_busfn,
+   void *opaque)
 {
 BusState *bus;
 int err;
 
-if (devfn) {
-err = devfn(dev, opaque);
+if (pre_devfn) {
+err = pre_devfn(dev, opaque);
 if (err) {
 return err;
 }
 }
 
 QLIST_FOREACH(bus, &dev->child_bus, sibling) {
-err = qbus_walk_children(bus, devfn, busfn, opaque);
+err = qbus_walk_children(bus, pre_devfn, pre_busfn,
+ post_devfn, post_busfn, opaque);
 if (err < 0) {
 return err;
 }
 }
 
+if (post_devfn) {
+err = post_devfn(dev, opaque);
+if (err) {
+return err;
+}
+}
+
 return 0;
 }
 
-- 
MST

[Qemu-devel] [PULL 11/19] ACPI: Q35 DSDT: fix CPU hotplug GPE0.2 handler

[Michael S. Tsirkin]

From: Igor Mammedov 

Fix bogus CPU hotplug GPE handler.
Make Q35 CPU hotplug GPE handler match PIIX4 one, since
CPU hotplug event is triggered by GPE0.2 register.

Signed-off-by: Igor Mammedov 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/q35-acpi-dsdt.dsl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
index 575c5d7..7934a9d 100644
--- a/hw/i386/q35-acpi-dsdt.dsl
+++ b/hw/i386/q35-acpi-dsdt.dsl
@@ -417,11 +417,11 @@ DefinitionBlock (
 Method(_L00) {
 }
 Method(_L01) {
+}
+Method(_E02) {
 // CPU hotplug event
 \_SB.PRSC()
 }
-Method(_L02) {
-}
 Method(_L03) {
 }
 Method(_L04) {
-- 
MST

[Qemu-devel] [PULL 18/19] virtio: add back call to virtio_bus_device_unplugged

[Michael S. Tsirkin]

From: Paolo Bonzini 

This got lost in a rebase.

Reported-by: Stefan Hajnoczi 
Signed-off-by: Paolo Bonzini 
Signed-off-by: Michael S. Tsirkin 
---
 hw/virtio/virtio.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 144b9ca..a001e66 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -1172,6 +1172,8 @@ static void virtio_device_unrealize(DeviceState *dev, 
Error **errp)
 VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(dev);
 Error *err = NULL;
 
+virtio_bus_device_unplugged(vdev);
+
 if (vdc->unrealize != NULL) {
 vdc->unrealize(dev, &err);
 if (err != NULL) {
-- 
MST

[Qemu-devel] [PULL 06/19] i440fx-test: generate temporary firmware blob

[Michael S. Tsirkin]

From: Laszlo Ersek 

The blob is 64K in size and contains 0x00..0xFF repeatedly.

The client code added to main() wouldn't make much sense in the long term.
It helps with debugging and it silences gcc about create_blob_file() being
unused, and we'll replace it in the next patch anyway.

Signed-off-by: Laszlo Ersek 
Signed-off-by: Michael S. Tsirkin 
---
 tests/i440fx-test.c | 60 +
 1 file changed, 60 insertions(+)

diff --git a/tests/i440fx-test.c b/tests/i440fx-test.c
index 3962bca..b6e0cd3 100644
--- a/tests/i440fx-test.c
+++ b/tests/i440fx-test.c
@@ -20,6 +20,11 @@
 
 #include 
 #include 
+#include 
+#include 
+#include 
+#include 
+#include 
 
 #define BROKEN 1
 
@@ -272,13 +277,68 @@ static void test_i440fx_pam(gconstpointer opaque)
 qtest_end();
 }
 
+#define BLOB_SIZE ((size_t)65536)
+
+/* Create a blob file, and return its absolute pathname as a dynamically
+ * allocated string.
+ * The file is closed before the function returns.
+ * In case of error, NULL is returned. The function prints the error message.
+ */
+static char *create_blob_file(void)
+{
+int ret, fd;
+char *pathname;
+GError *error = NULL;
+
+ret = -1;
+fd = g_file_open_tmp("blob_XX", &pathname, &error);
+if (fd == -1) {
+fprintf(stderr, "unable to create blob file: %s\n", error->message);
+g_error_free(error);
+} else {
+if (ftruncate(fd, BLOB_SIZE) == -1) {
+fprintf(stderr, "ftruncate(\"%s\", %zu): %s\n", pathname,
+BLOB_SIZE, strerror(errno));
+} else {
+void *buf;
+
+buf = mmap(NULL, BLOB_SIZE, PROT_WRITE, MAP_SHARED, fd, 0);
+if (buf == MAP_FAILED) {
+fprintf(stderr, "mmap(\"%s\", %zu): %s\n", pathname, BLOB_SIZE,
+strerror(errno));
+} else {
+size_t i;
+
+for (i = 0; i < BLOB_SIZE; ++i) {
+((uint8_t *)buf)[i] = i;
+}
+munmap(buf, BLOB_SIZE);
+ret = 0;
+}
+}
+close(fd);
+if (ret == -1) {
+unlink(pathname);
+g_free(pathname);
+}
+}
+
+return ret == -1 ? NULL : pathname;
+}
+
 int main(int argc, char **argv)
 {
+char *fw_pathname;
 TestData data;
 int ret;
 
 g_test_init(&argc, &argv, NULL);
 
+fw_pathname = create_blob_file();
+g_assert(fw_pathname != NULL);
+unlink(fw_pathname);
+g_free(fw_pathname);
+
 data.num_cpus = 1;
 
 g_test_add_data_func("/i440fx/defaults", &data, test_i440fx_defaults);
-- 
MST

[Qemu-devel] [PULL 10/19] acpi: ich9: allow guest to clear SCI rised by GPE

[Michael S. Tsirkin]

From: Igor Mammedov 

it fixes IRQ storm since guest isn't able to lower SCI IRQ
after it has been handled when it clears GPE event.

Signed-off-by: Igor Mammedov 
Signed-off-by: Michael S. Tsirkin 
---
 hw/acpi/ich9.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index dcdef7c..30f0df8 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -61,6 +61,7 @@ static void ich9_gpe_writeb(void *opaque, hwaddr addr, 
uint64_t val,
 {
 ICH9LPCPMRegs *pm = opaque;
 acpi_gpe_ioport_writeb(&pm->acpi_regs, addr, val);
+acpi_update_sci(&pm->acpi_regs, pm->irq);
 }
 
 static const MemoryRegionOps ich9_gpe_ops = {
-- 
MST

Re: [Qemu-devel] vhost-net issue: does not survive reboot on ppc64

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 02:01:13AM +1100, Alexey Kardashevskiy wrote:
> On 12/23/2013 01:46 AM, Alexey Kardashevskiy wrote:
> > On 12/22/2013 09:56 PM, Michael S. Tsirkin wrote:
> >> On Sun, Dec 22, 2013 at 02:01:23AM +1100, Alexey Kardashevskiy wrote:
> >>> Hi!
> >>>
> >>> I am having a problem with virtio-net + vhost on POWER7 machine - it does
> >>> not survive reboot of the guest.
> >>>
> >>> Steps to reproduce:
> >>> 1. boot the guest
> >>> 2. configure eth0 and do ping - everything works
> >>> 3. reboot the guest (i.e. type "reboot")
> >>> 4. when it is booted, eth0 can be configured but will not work at all.
> >>>
> >>> The test is:
> >>> ifconfig eth0 172.20.1.2 up
> >>> ping 172.20.1.23
> >>>
> >>> If to run tcpdump on the host's "tap-id3" interface, it shows no trafic
> >>> coming from the guest. If to compare how it works before and after reboot,
> >>> I can see the guest doing an ARP request for 172.20.1.23 and receives the
> >>> response and it does the same after reboot but the answer does not come.
> >>
> >> So you see the arp packet in guest but not in host?
> > 
> > Yes.
> > 
> > 
> >> One thing to try is to boot debug kernel - where pr_debug is
> >> enabled - then you might see some errors in the kernel log.
> > 
> > Tried and added lot more debug printk myself, not clear at all what is
> > happening there.
> > 
> > One more hint - if I boot the guest and the guest does not bring eth0 up
> > AND wait more than 200 seconds (and less than 210 seconds), then eth0 will
> > not work at all. I.e. this script produces not-working-eth0:
> > 
> > 
> > ifconfig eth0 172.20.1.2 down
> > sleep 210
> > ifconfig eth0 172.20.1.2 up
> > ping 172.20.1.23
> > 
> > s/210/200/ - and it starts working. No reboot is required to reproduce.
> > 
> > No "vhost" == always works. The only difference I can see here is vhost's
> > thread which may get suspended if not used for a while after the start and
> > does not wake up but this is almost a blind guess.
> 
> 
> Yet another clue - this host kernel patch seems to help with the guest
> reboot but does not help with the initial 210 seconds delay:
> 
> diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
> index 69068e0..5e67650 100644
> --- a/drivers/vhost/vhost.c
> +++ b/drivers/vhost/vhost.c
> @@ -162,10 +162,10 @@ void vhost_work_queue(struct vhost_dev *dev, struct
> vhost_work *work)
> list_add_tail(&work->node, &dev->work_list);
> work->queue_seq++;
> spin_unlock_irqrestore(&dev->work_lock, flags);
> -   wake_up_process(dev->worker);
> } else {
> spin_unlock_irqrestore(&dev->work_lock, flags);
> }
> +   wake_up_process(dev->worker);
>  }
>  EXPORT_SYMBOL_GPL(vhost_work_queue);
> 
> 

Interesting. Some kind of race? A missing memory barrier somewhere?

Since it's all around startup,
you can try kicking the host eventfd in
vhost_net_start.

> 
> 
> >>> If to remove vhost=on, it is all good. If to try Fedora19
> >>> (v3.10-something), it all good again - works before and after reboot.
> >>>
> >>>
> >>> And there 2 questions:
> >>>
> >>> 1. does anybody have any clue what might go wrong after reboot?
> >>>
> >>> 2. Is there any good material to read about what exactly and how vhost
> >>> accelerates?
> >>>
> >>> My understanding is that packets from the guest to the real network are
> >>> going as:
> >>> 1. guest's virtio-pci-net does ioport(VIRTIO_PCI_QUEUE_NOTIFY)
> >>> 2. QEMU's net/virtio-net.c calls qemu_net_queue_deliver()
> >>> 3. QEMU's net/tap.c calls tap_write_packet() and this is how the host 
> >>> knows
> >>> that there is a new packet.
> > 
> > 
> > What about the documentation? :) or the idea?
> > 
> > 
> >>>
> >>>
> >>> Thanks!
> >>>
> >>>
> >>> This how I run QEMU:
> >>> ./qemu-system-ppc64 \
> >>> -enable-kvm \
> >>> -m 2048 \
> >>> -machine pseries \
> >>> -initrd 1.cpio \
> >>> -kernel vml312_virtio_net_dbg \
> >>> -nographic \
> >>> -vga none \
> >>> -netdev
> >>> tap,id=id3,ifname=tap-id3,script=ifup.sh,downscript=ifdown.sh,vhost=on \
> >>> -device virtio-net-pci,id=id4,netdev=id3,mac=C0:41:49:4b:00:00
> >>>
> >>>
> >>> That is bridge config:
> >>> [aik@dyn232 ~]$ brctl show
> >>> bridge name   bridge id   STP enabled interfaces
> >>> brtest8000.00145e992e88   no  pin eth4
> >>>
> >>>
> >>> The ifup.sh script:
> >>> ifconfig $1 hw ether ee:01:02:03:04:05
> >>> /sbin/ifconfig $1 up
> >>> /usr/sbin/brctl addif brtest $1
> > 
> > 
> 
> 
> -- 
> Alexey

Re: [Qemu-devel] [PATCH 09/11] ACPI: move PRST OperationRegion into SSDT

[Igor Mammedov]

On Mon, 23 Dec 2013 16:48:49 +0200
"Michael S. Tsirkin"  wrote:

> On Mon, Dec 23, 2013 at 02:06:27PM +0100, Igor Mammedov wrote:
> > On Mon, 23 Dec 2013 13:26:37 +0200
> > "Michael S. Tsirkin"  wrote:
> > 
> > > On Sun, Dec 22, 2013 at 03:51:28PM +0100, Igor Mammedov wrote:
> > > > On Mon, 16 Dec 2013 21:53:07 +0200
> > > > "Michael S. Tsirkin"  wrote:
> > > > 
> > > > > On Fri, Dec 13, 2013 at 05:22:14PM +0100, Igor Mammedov wrote:
> > > > > > .. and report range used by it to OSPM via _CRS.
> > > > > > PRST is needed in SSDT since its base will depend on
> > > > > > chipset and will be dynamically set by QEMU.
> > > > > > Also move PRSC() method along with PRST since cross
> > > > > > table reference to PRST doesn't work.
> > > > > > 
> > > > > > Signed-off-by: Igor Mammedov 
> > > > > > ---
> > > > > >  hw/i386/acpi-dsdt-cpu-hotplug.dsl | 39 +--
> > > > > >  hw/i386/acpi-dsdt.dsl |  2 +-
> > > > > >  hw/i386/q35-acpi-dsdt.dsl |  2 +-
> > > > > >  hw/i386/ssdt-misc.dsl | 65 
> > > > > > +++
> > > > > >  4 files changed, 68 insertions(+), 40 deletions(-)
> > > > > > 
> > > > > > diff --git a/hw/i386/acpi-dsdt-cpu-hotplug.dsl 
> > > > > > b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > > index 995b415..f26f81b 100644
> > > > > > --- a/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > > +++ b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > > @@ -20,6 +20,7 @@
> > > > > >  Scope(\_SB) {
> > > > > >  /* Objects filled in by run-time generated SSDT */
> > > > > >  External(NTFY, MethodObj)
> > > > > > +External(\_SB.CPHD.PRSC, MethodObj)
> > > > > >  External(CPON, PkgObj)
> > > > > >  
> > > > > >  /* Methods called by run-time generated SSDT Processor objects 
> > > > > > */
> > > > > > @@ -51,42 +52,4 @@ Scope(\_SB) {
> > > > > >  // _EJ0 method - eject callback
> > > > > >  Sleep(200)
> > > > > >  }
> > > > > > -
> > > > > > -OperationRegion(PRST, SystemIO, 0xaf00, 32)
> > > > > > -Field(PRST, ByteAcc, NoLock, Preserve) {
> > > > > > -PRS, 256
> > > > > > -}
> > > > > > -Method(PRSC, 0) {
> > > > > > -// Local5 = active cpu bitmap
> > > > > > -Store(PRS, Local5)
> > > > > > -// Local2 = last read byte from bitmap
> > > > > > -Store(Zero, Local2)
> > > > > > -// Local0 = Processor ID / APIC ID iterator
> > > > > > -Store(Zero, Local0)
> > > > > > -While (LLess(Local0, SizeOf(CPON))) {
> > > > > > -// Local1 = CPON flag for this cpu
> > > > > > -Store(DerefOf(Index(CPON, Local0)), Local1)
> > > > > > -If (And(Local0, 0x07)) {
> > > > > > -// Shift down previously read bitmap byte
> > > > > > -ShiftRight(Local2, 1, Local2)
> > > > > > -} Else {
> > > > > > -// Read next byte from cpu bitmap
> > > > > > -Store(DerefOf(Index(Local5, ShiftRight(Local0, 
> > > > > > 3))), Local2)
> > > > > > -}
> > > > > > -// Local3 = active state for this cpu
> > > > > > -Store(And(Local2, 1), Local3)
> > > > > > -
> > > > > > -If (LNotEqual(Local1, Local3)) {
> > > > > > -// State change - update CPON with new state
> > > > > > -Store(Local3, Index(CPON, Local0))
> > > > > > -// Do CPU notify
> > > > > > -If (LEqual(Local3, 1)) {
> > > > > > -NTFY(Local0, 1)
> > > > > > -} Else {
> > > > > > -NTFY(Local0, 3)
> > > > > > -}
> > > > > > -}
> > > > > > -Increment(Local0)
> > > > > > -}
> > > > > > -}
> > > > > >  }
> > > > > > diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
> > > > > > index 90efce0..fa9f2d4 100644
> > > > > > --- a/hw/i386/acpi-dsdt.dsl
> > > > > > +++ b/hw/i386/acpi-dsdt.dsl
> > > > > > @@ -311,7 +311,7 @@ DefinitionBlock (
> > > > > >  }
> > > > > >  Method(_E02) {
> > > > > >  // CPU hotplug event
> > > > > > -\_SB.PRSC()
> > > > > > +\_SB.CPHD.PRSC()
> > > > > >  }
> > > > > >  Method(_L03) {
> > > > > >  }
> > > > > > diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
> > > > > > index 22baa58..9ccc543 100644
> > > > > > --- a/hw/i386/q35-acpi-dsdt.dsl
> > > > > > +++ b/hw/i386/q35-acpi-dsdt.dsl
> > > > > > @@ -420,7 +420,7 @@ DefinitionBlock (
> > > > > >  }
> > > > > >  Method(_E02) {
> > > > > >  // CPU hotplug event
> > > > > > -\_SB.PRSC()
> > > > > > +\_SB.CPHD.PRSC()
> > > > > >  }
> > > > > >  Method(_L03) {
> > > > > >  }
> > > > > > diff --git a/hw/i386/ssdt-misc.dsl b/hw/i386/ssdt-misc.dsl
> > > > > > index a4484b8..ec8893c 100644
> > > > > > --- a/hw/i386/ssdt-misc.dsl
> > > > > > +++ b/hw/i386/ssdt-m

Re: [Qemu-devel] [PATCH v4 4/7] Add domain socket communication for vhost-user backend

[Michael S. Tsirkin]

On Fri, Dec 20, 2013 at 03:10:37PM +0100, Mian M. Hamayun wrote:
> From: Antonios Motakis 
> 
> Add structures for passing vhost-user messages over a unix domain socket.
> This is the equivalent to the existing vhost-kernel ioctls.
> 
> Connect to the named unix domain socket. The system call sendmsg
> is used for communication. To be able to pass file descriptors
> between processes - we use SCM_RIGHTS type in the message control header.
> 
> Signed-off-by: Antonios Motakis 
> Signed-off-by: Nikolay Nikolaev 
> ---
>  hw/virtio/vhost-backend.c | 167 
> --
>  1 file changed, 161 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/virtio/vhost-backend.c b/hw/virtio/vhost-backend.c
> index 847809f..96d3bf0 100644
> --- a/hw/virtio/vhost-backend.c
> +++ b/hw/virtio/vhost-backend.c
> @@ -14,30 +14,185 @@
>  #include 
>  #include 
>  #include 
> +#include 
> +#include 
> +#include 
> +
> +#define VHOST_MEMORY_MAX_NREGIONS8
> +
> +typedef enum VhostUserRequest {
> +VHOST_USER_NONE = 0,
> +VHOST_USER_GET_FEATURES = 1,
> +VHOST_USER_SET_FEATURES = 2,
> +VHOST_USER_SET_OWNER = 3,
> +VHOST_USER_RESET_OWNER = 4,
> +VHOST_USER_SET_MEM_TABLE = 5,
> +VHOST_USER_SET_LOG_BASE = 6,
> +VHOST_USER_SET_LOG_FD = 7,
> +VHOST_USER_SET_VRING_NUM = 8,
> +VHOST_USER_SET_VRING_ADDR = 9,
> +VHOST_USER_SET_VRING_BASE = 10,
> +VHOST_USER_GET_VRING_BASE = 11,
> +VHOST_USER_SET_VRING_KICK = 12,
> +VHOST_USER_SET_VRING_CALL = 13,
> +VHOST_USER_SET_VRING_ERR = 14,
> +VHOST_USER_NET_SET_BACKEND = 15,
> +VHOST_USER_MAX
> +} VhostUserRequest;
> +
> +typedef struct VhostUserMemoryRegion {
> +__u64 guest_phys_addr;
> +__u64 memory_size;
> +__u64 userspace_addr;
> +} VhostUserMemoryRegion;
> +
> +typedef struct VhostUserMemory {
> +__u32 nregions;

There will be padding here: not a good idea as it will
be different depending on the compiler.
Better add an explicit dummy 32 field here.

> +VhostUserMemoryRegion regions[VHOST_MEMORY_MAX_NREGIONS];
> +} VhostUserMemory;
> +
> +typedef struct VhostUserMsg {
> +VhostUserRequest request;
> +
> +int flags;

Same thing here.

> +union {
> +uint64_tu64;
> +int fd;
> +struct vhost_vring_state state;
> +struct vhost_vring_addr addr;
> +struct vhost_vring_file file;
> +
> +VhostUserMemory memory;

A union of fields of different sizes, this
is likely to leak data from stack.

> +};
> +} VhostUserMsg;
> +
> +static int vhost_user_recv(int fd, VhostUserMsg *msg)
> +{
> +ssize_t r = read(fd, msg, sizeof(VhostUserMsg));

Can't this return EINTR?

> +
> +return (r == sizeof(VhostUserMsg)) ? 0 : -1;

() not needed around == here.

> +}
> +
> +static int vhost_user_send_fds(int fd, const VhostUserMsg *msg, int *fds,
> +size_t fd_num)
> +{
> +int r;
> +
> +struct msghdr msgh;
> +struct iovec iov[1];
> +
> +size_t fd_size = fd_num * sizeof(int);
> +char control[CMSG_SPACE(fd_size)];
> +struct cmsghdr *cmsg;
> +
> +memset(&msgh, 0, sizeof(msgh));
> +memset(control, 0, sizeof(control));
> +
> +/* set the payload */
> +iov[0].iov_base = (void *) msg;

Don't put space after ).


> +iov[0].iov_len = sizeof(VhostUserMsg);
> +
> +msgh.msg_iov = iov;
> +msgh.msg_iovlen = 1;
> +
> +if (fd_num) {
> +msgh.msg_control = control;
> +msgh.msg_controllen = sizeof(control);
> +
> +cmsg = CMSG_FIRSTHDR(&msgh);
> +
> +cmsg->cmsg_len = CMSG_LEN(fd_size);
> +cmsg->cmsg_level = SOL_SOCKET;
> +cmsg->cmsg_type = SCM_RIGHTS;
> +memcpy(CMSG_DATA(cmsg), fds, fd_size);
> +} else {
> +msgh.msg_control = 0;
> +msgh.msg_controllen = 0;
> +}
> +
> +do {
> +r = sendmsg(fd, &msgh, 0);
> +} while (r < 0 && errno == EINTR);

Won't this block, making guest unavailable,
if server is slow in consuming our messages?


> +
> +if (r < 0) {
> +fprintf(stderr, "Failed to send msg(%d), reason: %s\n",
> +msg->request, strerror(errno));

Don't use fprintf for error messages, they might not
be seen by management.

> +} else {
> +r = 0;
> +}
> +
> +return r;
> +}
>  
>  static int vhost_user_call(struct vhost_dev *dev, unsigned long int request,
>  void *arg)
>  {
> +int fd = dev->control;
> +VhostUserMsg msg;
> +int result = 0, need_reply = 0;
> +int fds[VHOST_MEMORY_MAX_NREGIONS];
> +size_t fd_num = 0;
> +
>  assert(dev->vhost_ops->backend_type == VHOST_BACKEND_TYPE_USER);
> -fprintf(stderr, "vhost_user_call not implemented\n");
>  
> -return -1;
> +switch (request) {
> +default:
> +fprintf(stderr, "vhost-user trying to send unhandled ioctl\n");
> +return -1;
> +break;
> +}
> +
> +result = vhost_user_send_fds(fd, &msg, fds, fd_num);

I don't get it.
So msg is sent 

Re: [Qemu-devel] [PATCH 09/11] ACPI: move PRST OperationRegion into SSDT

[Michael S. Tsirkin]

On Mon, Dec 23, 2013 at 05:24:30PM +0100, Igor Mammedov wrote:
> On Mon, 23 Dec 2013 16:48:49 +0200
> "Michael S. Tsirkin"  wrote:
> 
> > On Mon, Dec 23, 2013 at 02:06:27PM +0100, Igor Mammedov wrote:
> > > On Mon, 23 Dec 2013 13:26:37 +0200
> > > "Michael S. Tsirkin"  wrote:
> > > 
> > > > On Sun, Dec 22, 2013 at 03:51:28PM +0100, Igor Mammedov wrote:
> > > > > On Mon, 16 Dec 2013 21:53:07 +0200
> > > > > "Michael S. Tsirkin"  wrote:
> > > > > 
> > > > > > On Fri, Dec 13, 2013 at 05:22:14PM +0100, Igor Mammedov wrote:
> > > > > > > .. and report range used by it to OSPM via _CRS.
> > > > > > > PRST is needed in SSDT since its base will depend on
> > > > > > > chipset and will be dynamically set by QEMU.
> > > > > > > Also move PRSC() method along with PRST since cross
> > > > > > > table reference to PRST doesn't work.
> > > > > > > 
> > > > > > > Signed-off-by: Igor Mammedov 
> > > > > > > ---
> > > > > > >  hw/i386/acpi-dsdt-cpu-hotplug.dsl | 39 +--
> > > > > > >  hw/i386/acpi-dsdt.dsl |  2 +-
> > > > > > >  hw/i386/q35-acpi-dsdt.dsl |  2 +-
> > > > > > >  hw/i386/ssdt-misc.dsl | 65 
> > > > > > > +++
> > > > > > >  4 files changed, 68 insertions(+), 40 deletions(-)
> > > > > > > 
> > > > > > > diff --git a/hw/i386/acpi-dsdt-cpu-hotplug.dsl 
> > > > > > > b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > > > index 995b415..f26f81b 100644
> > > > > > > --- a/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > > > +++ b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
> > > > > > > @@ -20,6 +20,7 @@
> > > > > > >  Scope(\_SB) {
> > > > > > >  /* Objects filled in by run-time generated SSDT */
> > > > > > >  External(NTFY, MethodObj)
> > > > > > > +External(\_SB.CPHD.PRSC, MethodObj)
> > > > > > >  External(CPON, PkgObj)
> > > > > > >  
> > > > > > >  /* Methods called by run-time generated SSDT Processor 
> > > > > > > objects */
> > > > > > > @@ -51,42 +52,4 @@ Scope(\_SB) {
> > > > > > >  // _EJ0 method - eject callback
> > > > > > >  Sleep(200)
> > > > > > >  }
> > > > > > > -
> > > > > > > -OperationRegion(PRST, SystemIO, 0xaf00, 32)
> > > > > > > -Field(PRST, ByteAcc, NoLock, Preserve) {
> > > > > > > -PRS, 256
> > > > > > > -}
> > > > > > > -Method(PRSC, 0) {
> > > > > > > -// Local5 = active cpu bitmap
> > > > > > > -Store(PRS, Local5)
> > > > > > > -// Local2 = last read byte from bitmap
> > > > > > > -Store(Zero, Local2)
> > > > > > > -// Local0 = Processor ID / APIC ID iterator
> > > > > > > -Store(Zero, Local0)
> > > > > > > -While (LLess(Local0, SizeOf(CPON))) {
> > > > > > > -// Local1 = CPON flag for this cpu
> > > > > > > -Store(DerefOf(Index(CPON, Local0)), Local1)
> > > > > > > -If (And(Local0, 0x07)) {
> > > > > > > -// Shift down previously read bitmap byte
> > > > > > > -ShiftRight(Local2, 1, Local2)
> > > > > > > -} Else {
> > > > > > > -// Read next byte from cpu bitmap
> > > > > > > -Store(DerefOf(Index(Local5, ShiftRight(Local0, 
> > > > > > > 3))), Local2)
> > > > > > > -}
> > > > > > > -// Local3 = active state for this cpu
> > > > > > > -Store(And(Local2, 1), Local3)
> > > > > > > -
> > > > > > > -If (LNotEqual(Local1, Local3)) {
> > > > > > > -// State change - update CPON with new state
> > > > > > > -Store(Local3, Index(CPON, Local0))
> > > > > > > -// Do CPU notify
> > > > > > > -If (LEqual(Local3, 1)) {
> > > > > > > -NTFY(Local0, 1)
> > > > > > > -} Else {
> > > > > > > -NTFY(Local0, 3)
> > > > > > > -}
> > > > > > > -}
> > > > > > > -Increment(Local0)
> > > > > > > -}
> > > > > > > -}
> > > > > > >  }
> > > > > > > diff --git a/hw/i386/acpi-dsdt.dsl b/hw/i386/acpi-dsdt.dsl
> > > > > > > index 90efce0..fa9f2d4 100644
> > > > > > > --- a/hw/i386/acpi-dsdt.dsl
> > > > > > > +++ b/hw/i386/acpi-dsdt.dsl
> > > > > > > @@ -311,7 +311,7 @@ DefinitionBlock (
> > > > > > >  }
> > > > > > >  Method(_E02) {
> > > > > > >  // CPU hotplug event
> > > > > > > -\_SB.PRSC()
> > > > > > > +\_SB.CPHD.PRSC()
> > > > > > >  }
> > > > > > >  Method(_L03) {
> > > > > > >  }
> > > > > > > diff --git a/hw/i386/q35-acpi-dsdt.dsl b/hw/i386/q35-acpi-dsdt.dsl
> > > > > > > index 22baa58..9ccc543 100644
> > > > > > > --- a/hw/i386/q35-acpi-dsdt.dsl
> > > > > > > +++ b/hw/i386/q35-acpi-dsdt.dsl
> > > > > > > @@ -420,7 +420,7 @@ DefinitionBlock (
> > > > > > >  }
> > > > > > >  Method(_E02) {
> > > > > > >  // CPU hotplug event
> > > > > > > -\_SB.PRSC()
> > > > > > > +\_SB.

Re: [Qemu-devel] [PATCH 09/11] ACPI: move PRST OperationRegion into SSDT

[Laszlo Ersek]

On 12/23/13 17:24, Igor Mammedov wrote:
> On Mon, 23 Dec 2013 16:48:49 +0200
> "Michael S. Tsirkin"  wrote:
> 
>> On Mon, Dec 23, 2013 at 02:06:27PM +0100, Igor Mammedov wrote:
>>> On Mon, 23 Dec 2013 13:26:37 +0200
>>> "Michael S. Tsirkin"  wrote:

 Interesting. This seems to imply that it can't access
 IO port for the disk. Which boot disk type are you using?
 Is the _CRS resource overlapping any other resource
 by any chance?
>>> Yes, I've dug in the issue more and it is indeed _CRS overlapping with PCI 
>>> bus.
>>> PCI bus's IO ports are statically defined in acpi-dsdt-pci-crs.dsl and
>>> basically take all io ports except of 0xcf8-0xcff hole.
>>> Since PIIX4_PM and ICH9 LPC are PCI devices, it appears that PRST already
>>> covered by bus CRS, the same applies to PCI hotplug as well.
>>> So I was doing it wrong trying advertise bus resources out of bus scope.
>>
>> Yes, that's explicitly prohibited by the firmware specification.
>>
>>> What we need is to add PIIX4_PM/ICH9 LPC device definition with consumed IO
>>> ports CRS to PCI bus. Question is what PNP IDs they should use?
>>>
>>> It looks pretty much out of scope of cpu_hotplug and should be done for
>>> pci hotplug as well. So I'm ditching ACPI device and CRS parts from this
>>> series as not directly related.
>>> Adding PIIX4_PM/ICH9 LPC ACPI device could be done later and preferably
>>> for all resources consumed by it to make it right.
>>
>> Could be ok but are we using any new ports?
> yes, for q35. series adds 0xa18-0xa37 IO ports, it was requested by Gerd not
> to use 0xaf00-0xaf1f.
> 
>> If yes then I think before doing that we should make sure _CRS for
>> the host bridge does not include them, or consume them
> I'm fine with making holes in PCI bus CRES template, I can do it for
> pci-hotplug as well while at it.

Can you guys please summarize the problem? (Just so I can understand.)

\_SB.PCI0 consumes 0x0CF8..0x0CFF, and is a resource producer for all
other IO ports (ie. it passes them on to child devices). Did we try to
consume such a passed-on port in a device that is *not* a child of
\_SB.PCI0?

And if so, what's the suggested solution? Make the new consumer a child
of \_SB.PCI0, or punch out the new (non-child) consumer's port range
from \_SB.PCI0's forwarding?

>> in some child device.
> that would be cleanest, but is there any suggestion what device(s) it would be
> for piix and ich9-lpc, i.e. which PNP IDs should we use?

You could browse
.

One suggestion could be:

PNP0C02 -- General ID for reserving resources required by PnP
motherboard registers. (Not device specific.)

(AFAICS this PNP ID has been mentioned earlier in the thread.)

PNP0C08 -- ACPI system board hardware

(Also used already, apparently.)

Laszlo

Re: [Qemu-devel] [PATCH 0/5] miscellaneous minor cocoa UI patches

[Peter Maydell]

On 8 December 2013 22:59, Peter Maydell  wrote:
> This patchset is a collection of minor Cocoa UI patches:
>  * the 'pass command key through when mousegrabbed' patch I sent
>earlier (included here for convenience since the others in
>the series would otherwise trivially conflict)
>  * typo fixes
>  * support for loading *.qcow2 via the "pick a disk image" dialog
>  * fix for a bug that meant using the 'pick an image' dialog
>might cause us to fail to find BIOS image files later
>
> Peter Maydell (5):
>   ui/cocoa: Pass command key through to guest when VM has mousegrab
>   ui/cocoa: Correct typos in comments and variable names
>   ui/cocoa: Send warning message to stderr, not stdout
>   ui/cocoa: Add ".qcow2" to extension list for image load dialog
>   ui/cocoa: Fix code for starting QEMU via image file load dialog

Ping! Last call for review/testing; otherwise I'll put these into a pullreq
with the MAINTAINERS file update and send it out in a week or so.

thanks
-- PMM

Re: [Qemu-devel] [PATCH -V5] kvm: Add a new machine property kvm-type

[Alexander Graf]

On 23.12.2013, at 16:40, Aneesh Kumar K.V  
wrote:

> From: "Aneesh Kumar K.V" 
> 
> Targets like ppc64 support different typed of KVM, one which use
> hypervisor mode and the other which doesn't. Add a new machine
> property kvm-type that helps in selecting the respective ones
> We also add a new QEMUMachine callback get_vm_type that helps
> in mapping the string representation of kvm type specified.
> 
> Signed-off-by: Aneesh Kumar K.V 

Thanks, applied to ppc-next.


Alex

[Qemu-devel] [PULL 12/19] ACPI/DSDT-CPU: cleanup bogus comment

[Michael S. Tsirkin]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Signed-off-by: Michael S. Tsirkin 
---
 hw/i386/acpi-dsdt-cpu-hotplug.dsl | 1 -
 1 file changed, 1 deletion(-)

diff --git a/hw/i386/acpi-dsdt-cpu-hotplug.dsl 
b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
index c96ac42..995b415 100644
--- a/hw/i386/acpi-dsdt-cpu-hotplug.dsl
+++ b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
@@ -52,7 +52,6 @@ Scope(\_SB) {
 Sleep(200)
 }
 
-/* CPU hotplug notify method */
 OperationRegion(PRST, SystemIO, 0xaf00, 32)
 Field(PRST, ByteAcc, NoLock, Preserve) {
 PRS, 256
-- 
MST

[Qemu-devel] [PATCH -V8 1/3] target-ppc: Fix htab_mask calculation

[Aneesh Kumar K.V]

From: "Aneesh Kumar K.V" 

Correctly update the htab_mask using the return value of
KVM_PPC_ALLOCATE_HTAB ioctl. Also we don't update sdr1
on GET_SREGS for HV. So don't update htab_mask if sdr1
is found to be zero. Fix the pte index calculation to be
same as that found in the kernel

Signed-off-by: Aneesh Kumar K.V 
---
 hw/ppc/spapr.c  | 8 +++-
 target-ppc/cpu.h| 1 +
 target-ppc/mmu_helper.c | 4 +++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 267a47d6cc4d..e99a66170661 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -731,7 +731,13 @@ static void spapr_cpu_reset(void *opaque)
 
 env->external_htab = (uint8_t *)spapr->htab;
 env->htab_base = -1;
-env->htab_mask = HTAB_SIZE(spapr) - 1;
+/*
+ * htab_mask is the mask used to normalize hash value to PTEG index.
+ * htab_shift is log2 of hash table size.
+ * We have 8 hpte per group, and each hpte is 16 bytes.
+ * ie have 128 bytes per hpte entry.
+ */
+env->htab_mask = (1ULL << ((spapr)->htab_shift - 7)) - 1;
 env->spr[SPR_SDR1] = (target_ulong)(uintptr_t)spapr->htab |
 (spapr->htab_shift - 18);
 }
diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index 26acdba847fa..82db9a442be5 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -955,6 +955,7 @@ struct CPUPPCState {
 #endif
 /* segment registers */
 hwaddr htab_base;
+/* mask used to normalize hash value to PTEG index */
 hwaddr htab_mask;
 target_ulong sr[32];
 /* externally stored hash table */
diff --git a/target-ppc/mmu_helper.c b/target-ppc/mmu_helper.c
index 04a840b01697..c39cb7b89ee0 100644
--- a/target-ppc/mmu_helper.c
+++ b/target-ppc/mmu_helper.c
@@ -2025,7 +2025,9 @@ void ppc_store_sdr1(CPUPPCState *env, target_ulong value)
 " stored in SDR1\n", htabsize);
 htabsize = 28;
 }
-env->htab_mask = (1ULL << (htabsize + 18)) - 1;
+if (htabsize) {
+env->htab_mask = (1ULL << (htabsize + 18 - 7)) - 1;
+}
 env->htab_base = value & SDR_64_HTABORG;
 } else
 #endif /* defined(TARGET_PPC64) */
-- 
1.8.3.2

[Qemu-devel] [PATCH -V8 2/3] target-ppc: Update external_htab even when HTAB is managed by kernel

[Aneesh Kumar K.V]

From: "Aneesh Kumar K.V" 

We will use this in later patches to make sure we use the right load
functions when copying hpte entries.

Signed-off-by: Aneesh Kumar K.V 
---
 hw/ppc/spapr.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index e99a66170661..3c0f29c99820 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -730,6 +730,13 @@ static void spapr_cpu_reset(void *opaque)
 env->spr[SPR_HIOR] = 0;
 
 env->external_htab = (uint8_t *)spapr->htab;
+if (kvm_enabled() && !env->external_htab) {
+/*
+ * HV KVM, set external_htab to 1 so our ppc_hash64_load_hpte*
+ * functions do the right thing.
+ */
+env->external_htab = (void *)1;
+}
 env->htab_base = -1;
 /*
  * htab_mask is the mask used to normalize hash value to PTEG index.
-- 
1.8.3.2

[Qemu-devel] [PATCH -V8 3/3] target-ppc: Fix page table lookup with kvm enabled

[Aneesh Kumar K.V]

From: "Aneesh Kumar K.V" 

With kvm enabled, we store the hash page table information in the hypervisor.
Use ioctl to read the htab contents. Without this we get the below error when
trying to read the guest address

 (gdb) x/10 do_fork
 0xc0098660 :   Cannot access memory at address 
0xc0098660
 (gdb)

Signed-off-by: Aneesh Kumar K.V 
---
Changes from V7:
* used uint64_t token

 hw/ppc/spapr.c  |  1 +
 hw/ppc/spapr_hcall.c| 50 +++
 target-ppc/kvm.c| 53 +
 target-ppc/kvm_ppc.h| 19 
 target-ppc/mmu-hash64.c | 78 -
 target-ppc/mmu-hash64.h | 19 
 6 files changed, 181 insertions(+), 39 deletions(-)

diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 3c0f29c99820..05244244301a 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -676,6 +676,7 @@ static void spapr_reset_htab(sPAPREnvironment *spapr)
 if (shift > 0) {
 /* Kernel handles htab, we don't need to allocate one */
 spapr->htab_shift = shift;
+kvmppc_kern_htab = true;
 } else {
 if (!spapr->htab) {
 /* Allocate an htab if we don't yet have one */
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index f755a5392317..01cf6b05fee7 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -50,8 +50,9 @@ static target_ulong h_enter(PowerPCCPU *cpu, sPAPREnvironment 
*spapr,
 target_ulong ptel = args[3];
 target_ulong page_shift = 12;
 target_ulong raddr;
-target_ulong i;
+target_ulong index;
 hwaddr hpte;
+uint64_t token;
 
 /* only handle 4k and 16M pages for now */
 if (pteh & HPTE64_V_LARGE) {
@@ -94,30 +95,37 @@ static target_ulong h_enter(PowerPCCPU *cpu, 
sPAPREnvironment *spapr,
 if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
 return H_PARAMETER;
 }
+
+index = 0;
+hpte = pte_index * HASH_PTE_SIZE_64;
 if (likely((flags & H_EXACT) == 0)) {
 pte_index &= ~7ULL;
-hpte = pte_index * HASH_PTE_SIZE_64;
-for (i = 0; ; ++i) {
-if (i == 8) {
+token = ppc_hash64_start_access(cpu, pte_index);
+do {
+if (index == 8) {
+ppc_hash64_stop_access(token);
 return H_PTEG_FULL;
 }
-if ((ppc_hash64_load_hpte0(env, hpte) & HPTE64_V_VALID) == 0) {
+if ((ppc_hash64_load_hpte0(env, token, index) & HPTE64_V_VALID) == 
0) {
 break;
 }
-hpte += HASH_PTE_SIZE_64;
-}
+} while (index++);
+ppc_hash64_stop_access(token);
 } else {
-i = 0;
-hpte = pte_index * HASH_PTE_SIZE_64;
-if (ppc_hash64_load_hpte0(env, hpte) & HPTE64_V_VALID) {
+token = ppc_hash64_start_access(cpu, pte_index);
+if (ppc_hash64_load_hpte0(env, token, 0) & HPTE64_V_VALID) {
+ppc_hash64_stop_access(token);
 return H_PTEG_FULL;
 }
+ppc_hash64_stop_access(token);
 }
+hpte += index * HASH_PTE_SIZE_64;
+
 ppc_hash64_store_hpte1(env, hpte, ptel);
 /* eieio();  FIXME: need some sort of barrier for smp? */
 ppc_hash64_store_hpte0(env, hpte, pteh | HPTE64_V_HPTE_DIRTY);
 
-args[0] = pte_index + i;
+args[0] = pte_index + index;
 return H_SUCCESS;
 }
 
@@ -134,16 +142,17 @@ static RemoveResult remove_hpte(CPUPPCState *env, 
target_ulong ptex,
 target_ulong *vp, target_ulong *rp)
 {
 hwaddr hpte;
+uint64_t token;
 target_ulong v, r, rb;
 
 if ((ptex * HASH_PTE_SIZE_64) & ~env->htab_mask) {
 return REMOVE_PARM;
 }
 
-hpte = ptex * HASH_PTE_SIZE_64;
-
-v = ppc_hash64_load_hpte0(env, hpte);
-r = ppc_hash64_load_hpte1(env, hpte);
+token = ppc_hash64_start_access(ppc_env_get_cpu(env), ptex);
+v = ppc_hash64_load_hpte0(env, token, 0);
+r = ppc_hash64_load_hpte1(env, token, 0);
+ppc_hash64_stop_access(token);
 
 if ((v & HPTE64_V_VALID) == 0 ||
 ((flags & H_AVPN) && (v & ~0x7fULL) != avpn) ||
@@ -152,6 +161,7 @@ static RemoveResult remove_hpte(CPUPPCState *env, 
target_ulong ptex,
 }
 *vp = v;
 *rp = r;
+hpte = ptex * HASH_PTE_SIZE_64;
 ppc_hash64_store_hpte0(env, hpte, HPTE64_V_HPTE_DIRTY);
 rb = compute_tlbie_rb(v, r, ptex);
 ppc_tlb_invalidate_one(env, rb);
@@ -260,16 +270,17 @@ static target_ulong h_protect(PowerPCCPU *cpu, 
sPAPREnvironment *spapr,
 target_ulong pte_index = args[1];
 target_ulong avpn = args[2];
 hwaddr hpte;
+uint64_t token;
 target_ulong v, r, rb;
 
 if ((pte_index * HASH_PTE_SIZE_64) & ~env->htab_mask) {
 return H_PARAMETER;
 }
 
-hpte = pte_index * HASH_PTE_SIZE_64;
-
-v = ppc_hash64_load_hpte0(env, hpte);
-r = ppc_hash64_load_hpte1(env, hpte);
+token = ppc_hash64_start_access(cpu, pte_index);
+v = ppc_hash64_load_hpt

[Qemu-devel] [ANNOUNCE] SeaBIOS 1.7.4

[Kevin O'Connor]

The 1.7.4 version of SeaBIOS has now been released.  For more
information on the release, please see:

http://seabios.org/Releases


New in this release:

* Support for obtaining ACPI tables directly from QEMU.
* Initial support for XHCI USB controllers (initially for QEMU only).
* Support for booting from "pvscsi" devices on QEMU.
* Enhanced floppy driver - improved support for real hardware.
* coreboot cbmem console support.
* Optional support for using the 9-segment instead of the e-segment
  for local variables.
* Improved internal timer code and accuracy.
* SeaVGABIOS improvements
  * Better support for legacy X.org releases with incomplete x86emu
emulation.
  * Support for using an internal stack to reduce caller's stack
usage.
  * Back port of new "bochs dispi" interface video modes.
* Several bug fixes and code cleanups
  * Source code separated out into additional hardware and firmware
directories.
  * Update to latest version of Kconfig


For information on obtaining SeaBIOS, please see:

http://seabios.org/Download

Re: [Qemu-devel] [PATCH -V5] kvm: Add a new machine property kvm-type

[Andreas Färber]

Am 23.12.2013 16:40, schrieb Aneesh Kumar K.V:
> From: "Aneesh Kumar K.V" 
> 
> Targets like ppc64 support different typed of KVM, one which use

"types" - Alex, please fix. :)

> hypervisor mode and the other which doesn't. Add a new machine
> property kvm-type that helps in selecting the respective ones

There is no property being added in this patch, it's an "option". Please
edit, also in subject.

> We also add a new QEMUMachine callback get_vm_type that helps
> in mapping the string representation of kvm type specified.
> 
> Signed-off-by: Aneesh Kumar K.V 
> ---
> Changes from V4:
> * Fix build failure for ppc{,64}-linux-user
> 
>  hw/ppc/spapr.c | 19 +++
>  include/hw/boards.h|  3 +++
>  include/hw/xen/xen.h   |  3 ++-
>  include/sysemu/kvm.h   |  4 ++--
>  include/sysemu/qtest.h |  3 ++-
>  kvm-all.c  | 16 +---
>  kvm-stub.c |  3 ++-
>  qtest.c|  2 +-
>  vl.c   | 14 +-
>  xen-all.c  |  2 +-
>  xen-stub.c |  2 +-
>  11 files changed, 55 insertions(+), 16 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 7e53a5f97781..267a47d6cc4d 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1357,6 +1357,24 @@ static void ppc_spapr_init(QEMUMachineInitArgs *args)
>  assert(spapr->fdt_skel != NULL);
>  }
>  
> +static int spapr_kvm_type(const char *vm_type)
> +{
> +if (!vm_type) {
> +return 0;
> +}
> +
> +if (!strcmp(vm_type, "HV")) {
> +return 1;
> +}
> +
> +if (!strcmp(vm_type, "PR")) {
> +return 2;
> +}
> +
> +hw_error("Unknown kvm-type specified '%s'", vm_type);

error_report() - hw_error() would need \n IIRC and dumps CPU state,
which seems useless at that point.

> +exit(1);
> +}
> +
>  static QEMUMachine spapr_machine = {
>  .name = "pseries",
>  .desc = "pSeries Logical Partition (PAPR compliant)",
> @@ -1367,6 +1385,7 @@ static QEMUMachine spapr_machine = {
>  .max_cpus = MAX_CPUS,
>  .no_parallel = 1,
>  .default_boot_order = NULL,
> +.kvm_type = spapr_kvm_type,
>  };
>  
>  static void spapr_machine_init(void)
[...]
> diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
> index 3b25f27a7cc5..400a2682923e 100644
> --- a/include/sysemu/kvm.h
> +++ b/include/sysemu/kvm.h
> @@ -151,8 +151,8 @@ typedef struct KVMState KVMState;
>  extern KVMState *kvm_state;
>  
>  /* external API */
> -

Line dropped accidentally? I guess external API doesn't just apply to
the two lines added...

> -int kvm_init(void);
> +typedef struct QEMUMachine QEMUMachine;
> +int kvm_init(QEMUMachine *machine);
>  
>  int kvm_has_sync_mmu(void);
>  int kvm_has_vcpu_events(void);
> diff --git a/include/sysemu/qtest.h b/include/sysemu/qtest.h
> index 112a661ac4b0..7185174a39b2 100644
> --- a/include/sysemu/qtest.h
> +++ b/include/sysemu/qtest.h
> @@ -23,7 +23,8 @@ static inline bool qtest_enabled(void)
>  return qtest_allowed;
>  }
>  
> -int qtest_init_accel(void);
> +typedef struct QEMUMachine QEMUMachine;
> +int qtest_init_accel(QEMUMachine *machine);
>  void qtest_init(const char *qtest_chrdev, const char *qtest_log);
>  
>  static inline int qtest_available(void)
> diff --git a/kvm-all.c b/kvm-all.c
> index 393775459d9f..57472804fe44 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -35,6 +35,8 @@
>  #include "qemu/event_notifier.h"
>  #include "trace.h"
>  
> +#include "hw/boards.h"
> +
>  /* This check must be after config-host.h is included */
>  #ifdef CONFIG_EVENTFD
>  #include 
> @@ -1352,7 +1354,7 @@ static int kvm_max_vcpus(KVMState *s)
>  return (ret) ? ret : kvm_recommended_vcpus(s);
>  }
>  
> -int kvm_init(void)
> +int kvm_init(QEMUMachine *machine)
>  {
>  static const char upgrade_note[] =
>  "Please upgrade to at least kernel 2.6.29 or recent kvm-kmod\n"
> @@ -1369,7 +1371,8 @@ int kvm_init(void)
>  KVMState *s;
>  const KVMCapabilityInfo *missing_cap;
>  int ret;
> -int i;
> +int i, type = 0;
> +const char *kvm_type;
>  
>  s = g_malloc0(sizeof(KVMState));
>  
> @@ -1442,7 +1445,14 @@ int kvm_init(void)
>  nc++;
>  }
>  
> -s->vmfd = kvm_ioctl(s, KVM_CREATE_VM, 0);
> +kvm_type = qemu_opt_get(qemu_get_machine_opts(), "kvm-type");
> +if (machine->kvm_type) {
> +type = machine->kvm_type(kvm_type);
> +} else if (kvm_type) {
> +fprintf(stderr, "Invalid argument kvm-type=%s\n", kvm_type);

error_report()? (without \n then)

> +goto err;
> +}
> +s->vmfd = kvm_ioctl(s, KVM_CREATE_VM, type);
>  if (s->vmfd < 0) {
>  #ifdef TARGET_S390X
>  fprintf(stderr, "Please add the 'switch_amode' kernel parameter to "
[snip]

Almost all remarks could be edited into the patch file on the same line
to avoid yet another respin.

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PULL 00/32] ppc patch queue 2013-12-20

[Andreas Färber]

Am 20.12.2013 02:00, schrieb Alexander Graf:
> Tom Musta (19):
>   Declare and Enable VSX
>   Add MSR VSX and Associated Exception
>   Add VSX Instruction Decoders
>   Add VSR to Global Registers
>   Add lxvd2x
>   Add stxvd2x
>   Add xxpermdi
>   Add lxsdx
>   Add lxvdsx
>   Add lxvw4x
>   Add stxsdx
>   Add stxvw4x
>   Add VSX Scalar Move Instructions
>   Add VSX Vector Move Instructions
>   Add Power7 VSX Logical Instructions
>   Add xxmrgh/xxmrgl
>   Add xxsel
>   Add xxspltw
>   Add xxsldwi

Alex, we now have those meaningless-without-context commit messages in
qemu.git history. I'm pretty sure I asked the contributor nicely to add
a meaningful PPC'ish prefix, and lacking to do so you could've easily
edited these yourself before sending them out to the world! :(

Andreas

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PULL 00/32] ppc patch queue 2013-12-20

[Alexander Graf]

On 23.12.2013, at 19:08, Andreas Färber  wrote:

> Am 20.12.2013 02:00, schrieb Alexander Graf:
>> Tom Musta (19):
>>  Declare and Enable VSX
>>  Add MSR VSX and Associated Exception
>>  Add VSX Instruction Decoders
>>  Add VSR to Global Registers
>>  Add lxvd2x
>>  Add stxvd2x
>>  Add xxpermdi
>>  Add lxsdx
>>  Add lxvdsx
>>  Add lxvw4x
>>  Add stxsdx
>>  Add stxvw4x
>>  Add VSX Scalar Move Instructions
>>  Add VSX Vector Move Instructions
>>  Add Power7 VSX Logical Instructions
>>  Add xxmrgh/xxmrgl
>>  Add xxsel
>>  Add xxspltw
>>  Add xxsldwi
> 
> Alex, we now have those meaningless-without-context commit messages in
> qemu.git history. I'm pretty sure I asked the contributor nicely to add
> a meaningful PPC'ish prefix, and lacking to do so you could've easily
> edited these yourself before sending them out to the world! :(

Ok, Tom, please prefix the next ones with "PPC:" :).


Alex

Re: [Qemu-devel] [Qemu-ppc] [PATCH v3 03/10] raven: move BIOS loading from board code to PCI host

[Hervé Poussineau]

Alexander Graf a écrit :

On 23.12.2013, at 07:48, Hervé Poussineau  wrote:


Hi,

Andreas Färber a écrit :

Hi,
Am 05.11.2013 00:09, schrieb Hervé Poussineau:

Raven datasheet explains where firmware lives in system memory, so do
it there instead of in board code. Other boards using the same PCI
host will not have to copy the firmware loading code.

This part we had discussed and no one objected to the approach, so OK.

However, add a specific hack for Open Hack'Ware, which provides only
a 512KB blob to be loaded at 0xfff0, but expects valid code at
0xfffc (specific Open Hack'Ware reset instruction pointer).

Was this part explained before? I don't spot the equivalent in the
deleted code. If this is a new workaround, I would rather like to put it
in a separate patch for bisecting (can offer to do that myself then).
What are the symptoms? I am testing all these patches with OHW.

Old code does (error checking removed):

-bios_size = get_image_size(filename);
-bios_addr = (uint32_t)(-bios_size);
-bios_size = load_image_targphys(filename, bios_addr,

Ie, bios_addr = -512KB (size of OHW blob) = 0xfff8
and firmware is loaded in the range 0xfff8-0x
OHW expects reset instruction pointer to be 0xfffc (not valid for 604, but 
that's not the point now), which contains a valid instruction.
Note that range 0xfff0-0xfff7 is empty.

Datasheet for raven says that firmware is at 0xfff0, so I changed code to:
+#define BIOS_SIZE (1024 * 1024)
+  bios_addr = (uint32_t)(-BIOS_SIZE);
+  bios_size = load_image_targphys(filename, bios_addr,
+  bios_size);
Ie, bios_addr = -1MB = 0xfff0
and firmware is loaded in the range 0xfff0-0xfff7.
This doesn't work due to reset instruction pointer which now is pointing to 
empty memory, and symptoms are an empty screen on OHW.

So, I'm adding this hack for OHW, to mirror the 0xfff0-0xfff7 range to 
0xfff8-0x.

So, this patch is a small functional change, as it adds a copy of the firmware 
in a new range 0xfff0-0xfff7, but I think we can live with it.

We'll be able to remove it once we switch to another firmware which uses the 
right reset instruction pointer or whose size is 1MB.


Couldn't we just make the ROM fill the upper part of the 1MB region when we see 
it's smaller than 1MB? So that we pad at the bottom, not the top?

  bios_size = get_image_size(filename);
  if (bios_size < 0) {
// error handling
  }
  assert(bios_size <= (1*MB));
  bios_addr = (uint32_t)(-bios_size);



I don't think that's a good idea, because the PReP cpus (601/604) have a 
reset vector at 0xfff00100. So you have to put some firmware at this 
address, even if firmware is smaller than 1MB.


OHW is the problem here, because it is less than 1MB and expects a reset 
vector at 0xfffc. That's why I want to put the hack outside raven 
chipset, in prep machine code.


Regards,

Hervé

Re: [Qemu-devel] [PATCH v3 03/10] raven: move BIOS loading from board code to PCI host

[Peter Maydell]

On 23 December 2013 06:48, Hervé Poussineau  wrote:
> So, this patch is a small functional change, as it adds a copy of the
> firmware in a new range 0xfff0-0xfff7, but I think we can live with
> it.
>
> We'll be able to remove it once we switch to another firmware which uses the
> right reset instruction pointer or whose size is 1MB.
>
>>> +/* Open Hack'Ware hack: bios size is 512K and is loaded at
>>> 0xfff0.
>>> + * However, reset address is 0xfffc. Mirror the bios from
>>> + * 0xfff0 to 0xfff8.
>>> + */
>>> +memory_region_init_alias(bios, NULL, "bios-alias", sysmem,
>>> 0xfff0,
>>> + 0x0008);
>>> +memory_region_add_subregion_overlap(sysmem, 0xfff8, bios, 1);

This code creates the mirrored region regardless of the size of the
firmware blob, right? I think that means that if we do supply a
1MB blob it'll do the wrong thing. You probably want to have some
"mirror this object as many times as necessary to fill the space"
logic.

We could probably do with having a generic MemoryRegion
API for that, actually -- it's not uncommon behaviour for devices
to be accessible every N bytes because they simply don't
decode the full set of address lines.

memory_region_add_subregion_tiled(MemoryRegion *mr,
 hwaddr offset, hwaddr tilelen,
 MemoryRegion *subregion)

to add copies of subregion to container mr starting at offset
for tilelen bytes, maybe? (we assume subregion to be created
at the length that each 'tile' should be, so don't need to pass
that too).

thanks
-- PMM

[Qemu-devel] [Bug 1263747] [NEW] Arm64 fails to run a binary which runs OK on real hardware

[Richard Jones]

Public bug reported:

Note this is using the not-yet-upstream aarch64 patches from:

https://github.com/susematz/qemu/tree/aarch64-1.6

 

This binary:

http://oirase.annexia.org/tmp/test.gz

runs OK on real aarch64 hardware.  It is a statically linked Linux
binary which (if successful) will print "hello, world" and exit cleanly.

On qemu-arm64 userspace emulator it doesn't print anything and loops
forever using 100% CPU.

 

The following section is only if you wish to compile this binary from
source, otherwise you can ignore it.

First compile OCaml from:

https://github.com/ocaml/ocaml

(note you have to compile it on aarch64 or in qemu, it's not possible to
cross-compile).  You will have to apply the one-line patch from:

https://sympa.inria.fr/sympa/arc/caml-list/2013-12/msg00179.html

./configure
make -j1 world.opt

Then do:

echo 'print_endline "hello, world"' > test.ml
./boot/ocamlrun ./ocamlopt -I stdlib stdlib.cmxa test.ml -o test
./test

** Affects: qemu
 Importance: Undecided
 Status: New

** Description changed:

+ Note this is using the not-yet-upstream aarch64 patches from:
+ 
+ https://github.com/susematz/qemu/tree/aarch64-1.6
+ 
+  
+ 
  This binary:
  
  http://oirase.annexia.org/tmp/test.gz
  
  runs OK on real aarch64 hardware.  It is a statically linked Linux
  binary which (if successful) will print "hello, world" and exit cleanly.
  
  On qemu-arm64 userspace emulator it doesn't print anything and loops
  forever using 100% CPU.
  
- 
- The following section is only if you wish to compile this binary from source, 
otherwise you can ignore it.
+  
+ 
+ The following section is only if you wish to compile this binary from
+ source, otherwise you can ignore it.
  
  First compile OCaml from:
  
  https://github.com/ocaml/ocaml
  
  (note you have to compile it on aarch64 or in qemu, it's not possible to
  cross-compile).  You will have to apply the one-line patch from:
  
  https://sympa.inria.fr/sympa/arc/caml-list/2013-12/msg00179.html
  
- ./configure
- make -j1 world.opt
+ ./configure
+ make -j1 world.opt
  
  Then do:
  
- echo 'print_endline "hello, world"' > test.ml
- ./boot/ocamlrun ./ocamlopt -I stdlib stdlib.cmxa test.ml -o test
- ./test
+ echo 'print_endline "hello, world"' > test.ml
+ ./boot/ocamlrun ./ocamlopt -I stdlib stdlib.cmxa test.ml -o test
+ ./test

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1263747

Title:
  Arm64 fails to run a binary which runs OK on real hardware

Status in QEMU:
  New

Bug description:
  Note this is using the not-yet-upstream aarch64 patches from:

  https://github.com/susematz/qemu/tree/aarch64-1.6

   

  This binary:

  http://oirase.annexia.org/tmp/test.gz

  runs OK on real aarch64 hardware.  It is a statically linked Linux
  binary which (if successful) will print "hello, world" and exit
  cleanly.

  On qemu-arm64 userspace emulator it doesn't print anything and loops
  forever using 100% CPU.

   

  The following section is only if you wish to compile this binary from
  source, otherwise you can ignore it.

  First compile OCaml from:

  https://github.com/ocaml/ocaml

  (note you have to compile it on aarch64 or in qemu, it's not possible
  to cross-compile).  You will have to apply the one-line patch from:

  https://sympa.inria.fr/sympa/arc/caml-list/2013-12/msg00179.html

  ./configure
  make -j1 world.opt

  Then do:

  echo 'print_endline "hello, world"' > test.ml
  ./boot/ocamlrun ./ocamlopt -I stdlib stdlib.cmxa test.ml -o test
  ./test

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1263747/+subscriptions

Re: [Qemu-devel] [PATCH v3 03/10] raven: move BIOS loading from board code to PCI host

[Hervé Poussineau]

Peter Maydell a écrit :

On 23 December 2013 06:48, Hervé Poussineau  wrote:

So, this patch is a small functional change, as it adds a copy of the
firmware in a new range 0xfff0-0xfff7, but I think we can live with
it.

We'll be able to remove it once we switch to another firmware which uses the
right reset instruction pointer or whose size is 1MB.


+/* Open Hack'Ware hack: bios size is 512K and is loaded at
0xfff0.
+ * However, reset address is 0xfffc. Mirror the bios from
+ * 0xfff0 to 0xfff8.
+ */
+memory_region_init_alias(bios, NULL, "bios-alias", sysmem,
0xfff0,
+ 0x0008);
+memory_region_add_subregion_overlap(sysmem, 0xfff8, bios, 1);


This code creates the mirrored region regardless of the size of the
firmware blob, right? I think that means that if we do supply a
1MB blob it'll do the wrong thing. You probably want to have some
"mirror this object as many times as necessary to fill the space"
logic.

We could probably do with having a generic MemoryRegion
API for that, actually -- it's not uncommon behaviour for devices
to be accessible every N bytes because they simply don't
decode the full set of address lines.

memory_region_add_subregion_tiled(MemoryRegion *mr,
 hwaddr offset, hwaddr tilelen,
 MemoryRegion *subregion)

to add copies of subregion to container mr starting at offset
for tilelen bytes, maybe? (we assume subregion to be created
at the length that each 'tile' should be, so don't need to pass
that too).


This hack is meant to exist only as long as OHW has not been replaced by 
something else. That's a hack which has to be used only for *current OHW 
firmware* (ie 512KB) and only for *a short time*. I've already patches 
to replace OHW by OpenBIOS, but some details need some more polish.


So, I don't want to invest too much time to polish this hack. Choose 
whatever you want, but I don't want to take more time to push this patchset.


If you really don't like it, I can provide a OHW image which is 1MB, so 
this hack becomes moot. It will be created by concatenating 2 512KB OHW 
images in a 1MB image.


Regards,

Hervé