Re: [Qemu-devel] [PATCH RFC 2/4] check if we have space left for hotplugged memory

[Michael S. Tsirkin]

On Sat, Jun 14, 2014 at 12:48:57PM +0800, Hu Tao wrote:
> If pc-dimm is specified on qemu command line, but only with
> -m size (aka not -m size,maxmem,slots) then qemu will core dump.
> 
> This patch fixes the problem.
> 
> Signed-off-by: Hu Tao 
> ---
>  hw/mem/pc-dimm.c | 7 ++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/mem/pc-dimm.c b/hw/mem/pc-dimm.c
> index 8c26568..6e8bf43 100644
> --- a/hw/mem/pc-dimm.c
> +++ b/hw/mem/pc-dimm.c
> @@ -107,7 +107,12 @@ uint64_t pc_dimm_get_free_addr(uint64_t 
> address_space_start,
>  uint64_t new_addr, ret = 0;
>  uint64_t address_space_end = address_space_start + address_space_size;
>  
> -assert(address_space_end > address_space_size);
> +if (address_space_size == 0) {
> +error_setg(errp, "can't add memory beyond 0x%" PRIx64,
> +   address_space_end);

That's quite an unfriendly error message, isn't it?
Why not explain what the problem is to the user?

> +goto out;
> +}
> +

I would move the assert to this point. It protects against
integer overflow.

>  object_child_foreach(qdev_get_machine(), pc_dimm_built_list, &list);
>  
>  if (hint) {


> -- 
> 1.9.3

Re: [Qemu-devel] [PATCH RFC 1/4] get rid of signed range

[Michael S. Tsirkin]

On Sat, Jun 14, 2014 at 12:48:56PM +0800, Hu Tao wrote:
> Signed-off-by: Hu Tao 

This also fixed make check failures that I was seeing on 32 bit systems.
Applied, but I split this patch up and applied as fixup
to the original.
In the future you can request such fixes by making
subject be "fixup! "
This is possible as long as tree is not merged.

> ---
>  include/qemu/range.h   | 144 
> -
>  qapi/string-input-visitor.c| 116 +-
>  qapi/string-output-visitor.c   |  97 +
>  tests/test-string-input-visitor.c  |   4 +-
>  tests/test-string-output-visitor.c |   8 +--
>  5 files changed, 165 insertions(+), 204 deletions(-)
> 
> diff --git a/include/qemu/range.h b/include/qemu/range.h
> index 8879f8a..cfa021f 100644
> --- a/include/qemu/range.h
> +++ b/include/qemu/range.h
> @@ -61,127 +61,75 @@ static inline int ranges_overlap(uint64_t first1, 
> uint64_t len1,
>  return !(last2 < first1 || last1 < first2);
>  }
>  
> -typedef struct SignedRangeList SignedRangeList;
> -
> -typedef struct SignedRange {
> -int64_t start;
> -int64_t length;
> -
> -QTAILQ_ENTRY(SignedRange) entry;
> -} SignedRange;
> -
> -QTAILQ_HEAD(SignedRangeList, SignedRange);
> -
> -static inline int64_t s_range_end(int64_t start, int64_t length)
> -{
> -return start + length - 1;
> -}
> -
> -/* negative length or overflow */
> -static inline bool s_range_overflow(int64_t start, int64_t length)
> +/* 0,1 can merge with 1,2 but don't overlap */
> +static inline bool ranges_can_merge(Range *range1, Range *range2)
>  {
> -return s_range_end(start, length) < start;
> +return !(range1->end < range2->begin || range2->end < range1->begin);
>  }
>  
> -static inline SignedRange *s_range_new(int64_t start, int64_t length)
> +static inline int range_merge(Range *range1, Range *range2)
>  {
> -SignedRange *range = NULL;
> -
> -if (s_range_overflow(start, length)) {
> -return NULL;
> +if (ranges_can_merge(range1, range2)) {
> +if (range1->end < range2->end) {
> +range1->end = range2->end;
> +}
> +if (range1->begin > range2->begin) {
> +range1->begin = range2->begin;
> +}
> +return 0;
>  }
>  
> -range = g_malloc0(sizeof(*range));
> -range->start = start;
> -range->length = length;
> -
> -return range;
> -}
> -
> -static inline void s_range_free(SignedRange *range)
> -{
> -g_free(range);
> +return -1;
>  }
>  
> -static inline bool s_range_overlap(int64_t start1, int64_t length1,
> -   int64_t start2, int64_t length2)
> +static inline GList *g_list_insert_sorted_merged(GList *list,
> + gpointer data,
> + GCompareFunc func)
>  {
> -return !((start1 + length1) < start2 || (start2 + length2) < start1);
> -}
> +GList *l, *next = NULL;
> +Range *r, *nextr;
>  
> -static inline int s_range_join(SignedRange *range,
> -   int64_t start, int64_t length)
> -{
> -if (s_range_overflow(start, length)) {
> -return -1;
> +if (!list) {
> +list = g_list_insert_sorted(list, data, func);
> +return list;
>  }
>  
> -if (s_range_overlap(range->start, range->length, start, length)) {
> -int64_t end = s_range_end(range->start, range->length);
> -if (end < s_range_end(start, length)) {
> -end = s_range_end(start, length);
> +nextr = data;
> +l = list;
> +while (l && l != next && nextr) {
> +r = l->data;
> +if (ranges_can_merge(r, nextr)) {
> +range_merge(r, nextr);
> +l = g_list_remove_link(l, next);
> +next = g_list_next(l);
> +if (next) {
> +nextr = next->data;
> +} else {
> +nextr = NULL;
> +}
> +} else {
> +l = g_list_next(l);
>  }
> -if (range->start > start) {
> -range->start = start;
> -}
> -range->length = end - range->start + 1;
> -return 0;
>  }
>  
> -return -1;
> +if (!l) {
> +list = g_list_insert_sorted(list, data, func);
> +}
> +
> +return list;
>  }
>  
> -static inline int s_range_compare(int64_t start1, int64_t length1,
> -  int64_t start2, int64_t length2)
> +static inline gint range_compare(gconstpointer a, gconstpointer b)
>  {
> -if (start1 == start2 && length1 == length2) {
> +Range *ra = (Range *)a, *rb = (Range *)b;
> +if (ra->begin == rb->begin && ra->end == rb->end) {
>  return 0;
> -} else if (s_range_end(start1, length1) <
> -   s_range_end(start2, length2)) {
> +} else if (range_get_last(ra->begin, ra->end) <
> +   range_get_last(rb->begin, rb->end)) {
>  r

Re: [Qemu-devel] Why does qemu not support qemu-system-armeb?

[Peter Maydell]

On 14 June 2014 14:49, Ljun <1275151...@qq.com> wrote:
> Hello everyone,I am working on big endian for arm.I change the qemu
> configure and create a qemu-system-armeb,but I want to know qemu whether
> support armeb-softmmu.

The answer to "why is there no qemu-system-armeb" is in two parts:

(1) We don't support big-endian system emulation. There would need
to be work done to implement this beyond just enabling an extra
configuration.

(2) If we did support big-endian system emulation, the right way
to implement this would be to keep it in qemu-system-arm, and
just have the CPU support the various control bits (SCTLR.B,
SCTLR.EE, CPSR.E, etc).

(3) We would need a model of some actual board which used
a CPU in big-endian mode. (These days if it's purely for a
virtual machine you could use the "virt" board, though.)

Are you interested in big-endian emulation:
 * in 64-bit (AArch64/ARM64) ?
 * in 32-bit v7 (what the ARM ARM calls "BE8") ?
 * old-fashioned ARMv5 style ("BE32") ?

thanks
-- PMM

Re: [Qemu-devel] [PATCH RFC 3/4] exec: don't exit unconditionally if failed to allocate memory

[Michael S. Tsirkin]

On Sat, Jun 14, 2014 at 07:07:39PM +0200, Paolo Bonzini wrote:
> Il 14/06/2014 06:48, Hu Tao ha scritto:
> >return -1 instead.
> >
> >Now user can add objects memory-backend-ram on-the-fly, fail it if
> >cannot allocate memory rather than quit qemu.
> >
> >Signed-off-by: Hu Tao 
> 
> This needs an audit of all callers or, alternatively, we need to add
> memory_region_init_ram_nofail.  Better leave it for after the merge.
> 
> Paolo

Specifically memory_region_init_ram_from_file does not seem to
handle failures.

qemu_ram_free chunk also looks weird. Can we not avoid calling
free on invalid addresses?

> >---
> > backends/hostmem-ram.c | 3 +++
> > exec.c | 6 +-
> > 2 files changed, 8 insertions(+), 1 deletion(-)
> >
> >diff --git a/backends/hostmem-ram.c b/backends/hostmem-ram.c
> >index d9a8290..afb305d 100644
> >--- a/backends/hostmem-ram.c
> >+++ b/backends/hostmem-ram.c
> >@@ -28,6 +28,9 @@ ram_backend_memory_alloc(HostMemoryBackend *backend, Error 
> >**errp)
> > path = object_get_canonical_path_component(OBJECT(backend));
> > memory_region_init_ram(&backend->mr, OBJECT(backend), path,
> >backend->size);
> >+if (backend->mr.ram_addr == -1) {
> >+error_setg(errp, "can't allocate memory");
> >+}
> > g_free(path);
> > }
> >
> >diff --git a/exec.c b/exec.c
> >index 8705cc5..74560e5 100644
> >--- a/exec.c
> >+++ b/exec.c
> >@@ -1228,7 +1228,7 @@ static ram_addr_t ram_block_add(RAMBlock *new_block)
> > if (!new_block->host) {
> > fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
> > new_block->mr->name, strerror(errno));
> >-exit(1);
> >+return -1;
> > }
> > memory_try_enable_merging(new_block->host, new_block->length);
> > }
> >@@ -1356,6 +1356,10 @@ void qemu_ram_free(ram_addr_t addr)
> > {
> > RAMBlock *block;
> >
> >+if (addr == -1) {
> >+return;
> >+}
> >+
> > /* This assumes the iothread lock is taken here too.  */
> > qemu_mutex_lock_ramlist();
> > QTAILQ_FOREACH(block, &ram_list.blocks, next) {
> >

Re: [Qemu-devel] [PATCH RFC 0/4] fixes for pci tree

[Michael S. Tsirkin]

On Sat, Jun 14, 2014 at 12:48:55PM +0800, Hu Tao wrote:
> Michael,
> 
> This is fixes for your pci tree.
> 
> patch 1 remove signed range as requested.

This also fixes make check failures so I applied this.

Others don't look like regressions to me -
this is error handling in new functionality, correct?
Thus I'll wait for comments on these to be resolved,
and hopefully for some acks.

> There are 3 problems in current pci tree, as follows:
> 
> 1. pc-dimm specified on command line but only -m size (aka not -m 
> size,maxmem,slots)
> 
> ./x86_64-softmmu/qemu-system-x86_64 -hda
> /home/data/libvirt-images/f18.img -smp 2 -object
> memory-backend-ram,size=512M,id=ram-node0,prealloc=y,policy=bind,host-nodes=0
> -device pc-dimm,id=d0,memdev=ram-node0  -m 640M  -qmp
> unix:/tmp/m,server,nowait -monitor stdio -enable-kvm
> 
> result:
> 
> qemu/hw/mem/pc-dimm.c:110: pc_dimm_get_free_addr: Assertion
> `address_space_end > address_space_size' failed.
> Aborted (core dumped)
> 
> patch 2 fixes this.
> 
> 2. using qemu monitor command object-add to add a memory-backend-ram
>object whose's size is too big
> 
> ./x86_64-softmmu/qemu-system-x86_64 -hda
> /home/data/libvirt-images/f18.img -smp 2 -m 512M  -qmp
> unix:/tmp/m,server,nowait -monitor stdio -enable-kvm
> 
> in monitor:
> (qemu)object_add memory-backend-ram,size=40960G,id=mem0
> 
> result:
> 
> qemu just exits with message: Cannot set up guest memory 'mem0': Cannot 
> allocate memory
> 
> patch 3 fixes this.
> 
> 3. specifying a non-existing directory for memory-backend-file
> 
> ./x86_64-softmmu/qemu-system-x86_64 -hda
> /home/data/libvirt-images/f18.img -smp 2 -m 512M,maxmem=1000G,slots=100
> -qmp unix:/tmp/m,server,nowait -monitor stdio -enable-kvm -object
> memory-backend-file,size=512M,id=mem0,mem-path=/nonexistingdir -device
> pc-dimm,id=d0,memdev=mem0
> 
> result:
> 
> /nonexistingdir: No such file or directory
> Bad ram offset f000
> Aborted (core dumped)
>  
> patch 4 fixes this.
> 
> 
> please review. Thanks!
> 
> 
> Hu Tao (4):
>   get rid of signed range
>   check if we have space left for hotplugged memory
>   exec: don't exit unconditionally if failed to allocate memory
>   memory-backend-file: error out if failed to allocate memory
> 
>  backends/hostmem-file.c|   3 +
>  backends/hostmem-ram.c |   3 +
>  exec.c |   6 +-
>  hw/mem/pc-dimm.c   |   7 +-
>  include/qemu/range.h   | 144 
> -
>  qapi/string-input-visitor.c| 116 +-
>  qapi/string-output-visitor.c   |  97 +
>  tests/test-string-input-visitor.c  |   4 +-
>  tests/test-string-output-visitor.c |   8 +--
>  9 files changed, 182 insertions(+), 206 deletions(-)
> 
> -- 
> 1.9.3

Re: [Qemu-devel] [PATCH 0/2] qdev: fix pci use-after-free

[Michael S. Tsirkin]

On Wed, Jun 11, 2014 at 02:52:07PM +0200, Paolo Bonzini wrote:
> See "Use-after-free during unrealize in system_reset" thread
> and individual patches.
> 
> Paolo

As this is blocking testing of hotplug, I applied this
on the pci tree.

Thanks!

> Paolo Bonzini (2):
>   qdev: reorganize error reporting in bus_set_realized
>   qdev: recursively unrealize devices when unrealizing bus
> 
>  hw/core/qdev.c | 27 +++
>  1 file changed, 15 insertions(+), 12 deletions(-)
> 
> -- 
> 1.8.3.1

[Qemu-devel] [PATCH] watchdog: Export watchdog actions list.

[Hani Benhabiles]

Also, use it instead of using hard-coded values.

Signed-off-by: Hani Benhabiles 
---
Should have been part of the last monitor completion series, but better late
then never. :)

 hw/watchdog/watchdog.c| 35 +++
 include/sysemu/watchdog.h |  6 ++
 monitor.c | 19 ---
 3 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/hw/watchdog/watchdog.c b/hw/watchdog/watchdog.c
index f28161b..3bea6fe 100644
--- a/hw/watchdog/watchdog.c
+++ b/hw/watchdog/watchdog.c
@@ -39,6 +39,16 @@
 static int watchdog_action = WDT_RESET;
 static QLIST_HEAD(watchdog_list, WatchdogTimerModel) watchdog_list;
 
+struct watchdog_action watchdog_actions[] = {
+{ "reset",  WDT_RESET },
+{ "shutdown", WDT_SHUTDOWN },
+{ "poweroff", WDT_POWEROFF },
+{ "pause", WDT_PAUSE },
+{ "debug", WDT_DEBUG },
+{ "none", WDT_NONE },
+{ NULL, 0 },
+};
+
 void watchdog_add_model(WatchdogTimerModel *model)
 {
 QLIST_INSERT_HEAD(&watchdog_list, model, entry);
@@ -83,22 +93,15 @@ int select_watchdog(const char *p)
 
 int select_watchdog_action(const char *p)
 {
-if (strcasecmp(p, "reset") == 0)
-watchdog_action = WDT_RESET;
-else if (strcasecmp(p, "shutdown") == 0)
-watchdog_action = WDT_SHUTDOWN;
-else if (strcasecmp(p, "poweroff") == 0)
-watchdog_action = WDT_POWEROFF;
-else if (strcasecmp(p, "pause") == 0)
-watchdog_action = WDT_PAUSE;
-else if (strcasecmp(p, "debug") == 0)
-watchdog_action = WDT_DEBUG;
-else if (strcasecmp(p, "none") == 0)
-watchdog_action = WDT_NONE;
-else
-return -1;
-
-return 0;
+int i;
+
+for (i = 0; watchdog_actions[i].name; i++) {
+if (!strcasecmp(p, watchdog_actions[i].name)) {
+watchdog_action = watchdog_actions[i].action;
+return 0;
+}
+}
+return -1;
 }
 
 static void watchdog_mon_event(const char *action)
diff --git a/include/sysemu/watchdog.h b/include/sysemu/watchdog.h
index 3e9a970..2bfe2fc 100644
--- a/include/sysemu/watchdog.h
+++ b/include/sysemu/watchdog.h
@@ -34,6 +34,12 @@ struct WatchdogTimerModel {
 };
 typedef struct WatchdogTimerModel WatchdogTimerModel;
 
+struct watchdog_action {
+const char *name;
+int action;
+};
+extern struct watchdog_action watchdog_actions[];
+
 /* in hw/watchdog.c */
 int select_watchdog(const char *p);
 int select_watchdog_action(const char *action);
diff --git a/monitor.c b/monitor.c
index ee9390f..57d23c6 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4562,16 +4562,21 @@ void netdev_del_completion(ReadLineState *rs, int 
nb_args, const char *str)
 
 void watchdog_action_completion(ReadLineState *rs, int nb_args, const char 
*str)
 {
+int i;
+size_t len;
+
 if (nb_args != 2) {
 return;
 }
-readline_set_completion_index(rs, strlen(str));
-add_completion_option(rs, str, "reset");
-add_completion_option(rs, str, "shutdown");
-add_completion_option(rs, str, "poweroff");
-add_completion_option(rs, str, "pause");
-add_completion_option(rs, str, "debug");
-add_completion_option(rs, str, "none");
+len = strlen(str);
+readline_set_completion_index(rs, len);
+for (i = 0; watchdog_actions[i].name; i++) {
+const char *name = watchdog_actions[i].name;
+
+if (!strncmp(str, name, len)) {
+readline_add_completion(rs, name);
+}
+}
 }
 
 void migrate_set_capability_completion(ReadLineState *rs, int nb_args,
-- 
1.8.3.2

Re: [Qemu-devel] [PATCH 0/2] qdev: fix pci use-after-free

[Andreas Färber]

Am 15.06.2014 12:02, schrieb Michael S. Tsirkin:
> On Wed, Jun 11, 2014 at 02:52:07PM +0200, Paolo Bonzini wrote:
>> See "Use-after-free during unrealize in system_reset" thread
>> and individual patches.
>>
>> Paolo
> 
> As this is blocking testing of hotplug, I applied this
> on the pci tree.

Reviewed-by: Andreas Färber 

Only slowly catching up with my mail, please go ahead.

Andreas

> 
> Thanks!
> 
>> Paolo Bonzini (2):
>>   qdev: reorganize error reporting in bus_set_realized
>>   qdev: recursively unrealize devices when unrealizing bus
>>
>>  hw/core/qdev.c | 27 +++
>>  1 file changed, 15 insertions(+), 12 deletions(-)
>>
>> -- 
>> 1.8.3.1

-- 
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg

Re: [Qemu-devel] [PATCH] watchdog: Export watchdog actions list.

[Paolo Bonzini]

Il 15/06/2014 12:03, Hani Benhabiles ha scritto:

Also, use it instead of using hard-coded values.

Signed-off-by: Hani Benhabiles 
---
Should have been part of the last monitor completion series, but better late
then never. :)

 hw/watchdog/watchdog.c| 35 +++
 include/sysemu/watchdog.h |  6 ++
 monitor.c | 19 ---
 3 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/hw/watchdog/watchdog.c b/hw/watchdog/watchdog.c
index f28161b..3bea6fe 100644
--- a/hw/watchdog/watchdog.c
+++ b/hw/watchdog/watchdog.c
@@ -39,6 +39,16 @@
 static int watchdog_action = WDT_RESET;
 static QLIST_HEAD(watchdog_list, WatchdogTimerModel) watchdog_list;

+struct watchdog_action watchdog_actions[] = {
+{ "reset",  WDT_RESET },
+{ "shutdown", WDT_SHUTDOWN },
+{ "poweroff", WDT_POWEROFF },
+{ "pause", WDT_PAUSE },
+{ "debug", WDT_DEBUG },
+{ "none", WDT_NONE },
+{ NULL, 0 },
+};


The QAPI event series instead used a QAPI enum and renamed this to 
something like WATCHDOG_ACTION_{RESET,SHUTDOWN,...} at the same time.


I guess we can wait for those patches to go in.

Paolo


 void watchdog_add_model(WatchdogTimerModel *model)
 {
 QLIST_INSERT_HEAD(&watchdog_list, model, entry);
@@ -83,22 +93,15 @@ int select_watchdog(const char *p)

 int select_watchdog_action(const char *p)
 {
-if (strcasecmp(p, "reset") == 0)
-watchdog_action = WDT_RESET;
-else if (strcasecmp(p, "shutdown") == 0)
-watchdog_action = WDT_SHUTDOWN;
-else if (strcasecmp(p, "poweroff") == 0)
-watchdog_action = WDT_POWEROFF;
-else if (strcasecmp(p, "pause") == 0)
-watchdog_action = WDT_PAUSE;
-else if (strcasecmp(p, "debug") == 0)
-watchdog_action = WDT_DEBUG;
-else if (strcasecmp(p, "none") == 0)
-watchdog_action = WDT_NONE;
-else
-return -1;
-
-return 0;
+int i;
+
+for (i = 0; watchdog_actions[i].name; i++) {
+if (!strcasecmp(p, watchdog_actions[i].name)) {
+watchdog_action = watchdog_actions[i].action;
+return 0;
+}
+}
+return -1;
 }

 static void watchdog_mon_event(const char *action)
diff --git a/include/sysemu/watchdog.h b/include/sysemu/watchdog.h
index 3e9a970..2bfe2fc 100644
--- a/include/sysemu/watchdog.h
+++ b/include/sysemu/watchdog.h
@@ -34,6 +34,12 @@ struct WatchdogTimerModel {
 };
 typedef struct WatchdogTimerModel WatchdogTimerModel;

+struct watchdog_action {
+const char *name;
+int action;
+};
+extern struct watchdog_action watchdog_actions[];
+
 /* in hw/watchdog.c */
 int select_watchdog(const char *p);
 int select_watchdog_action(const char *action);
diff --git a/monitor.c b/monitor.c
index ee9390f..57d23c6 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4562,16 +4562,21 @@ void netdev_del_completion(ReadLineState *rs, int 
nb_args, const char *str)

 void watchdog_action_completion(ReadLineState *rs, int nb_args, const char 
*str)
 {
+int i;
+size_t len;
+
 if (nb_args != 2) {
 return;
 }
-readline_set_completion_index(rs, strlen(str));
-add_completion_option(rs, str, "reset");
-add_completion_option(rs, str, "shutdown");
-add_completion_option(rs, str, "poweroff");
-add_completion_option(rs, str, "pause");
-add_completion_option(rs, str, "debug");
-add_completion_option(rs, str, "none");
+len = strlen(str);
+readline_set_completion_index(rs, len);
+for (i = 0; watchdog_actions[i].name; i++) {
+const char *name = watchdog_actions[i].name;
+
+if (!strncmp(str, name, len)) {
+readline_add_completion(rs, name);
+}
+}
 }

 void migrate_set_capability_completion(ReadLineState *rs, int nb_args,

Re: [Qemu-devel] Why does qemu not support qemu-system-armeb?

[Paolo Bonzini]

Il 15/06/2014 11:08, Peter Maydell ha scritto:

On 14 June 2014 14:49, Ljun <1275151...@qq.com> wrote:

Hello everyone,I am working on big endian for arm.I change the qemu
configure and create a qemu-system-armeb,but I want to know qemu whether
support armeb-softmmu.


The answer to "why is there no qemu-system-armeb" is in two parts:

(1) We don't support big-endian system emulation. There would need
to be work done to implement this beyond just enabling an extra
configuration.

(2) If we did support big-endian system emulation, the right way
to implement this would be to keep it in qemu-system-arm, and
just have the CPU support the various control bits (SCTLR.B,
SCTLR.EE, CPSR.E, etc).


Also, I have redone my setend patches to support SCTLR.B too, but I have 
yet to submit them.  I have no idea how to test them. :)


Paolo

Re: [Qemu-devel] [PATCH V6 16/29] qapi event: convert RTC_CHANGE

[Paolo Bonzini]

Il 13/06/2014 23:27, Eric Blake ha scritto:

>> visit_start_struct(v, NULL, "", "RTC_CHANGE", 0, &local_err);
>> if (local_err) {
>> goto clean;
>> }

Hmm, qmp_output_start_struct() never sets errp.


>>
>> visit_type_int(v, &offset, "offset", &local_err);
>> if (local_err) {
>> goto clean;
>> }

Likewise, qmp_output_type_int never sets errp.



I think it is better to produce correct error propagation even if it is 
unused.  We could add range-checking of enums, for example.


I guess all the NULLs for errp could become &error_abort, but it can be 
done after the merge.


Paolo

Re: [Qemu-devel] [PATCH V6 16/29] qapi event: convert RTC_CHANGE

[Paolo Bonzini]

Il 15/06/2014 02:38, Wenchao Xia ha scritto:


Once again, all callers of qapi_event_send_rtc_change() are passing a
NULL errp to silently ignore errors; and I just audited that no errors
happen anyways.



  Fixing it.


No, please don't.  I prefer the way you did it in v6.

Paolo

Re: [Qemu-devel] [PATCH] watchdog: Export watchdog actions list.

[Hani Benhabiles]

On Sun, Jun 15, 2014 at 03:57:46PM +0200, Paolo Bonzini wrote:
> Il 15/06/2014 12:03, Hani Benhabiles ha scritto:
> >Also, use it instead of using hard-coded values.
> >
> >Signed-off-by: Hani Benhabiles 
> >---
> >Should have been part of the last monitor completion series, but better late
> >then never. :)
> >
> > hw/watchdog/watchdog.c| 35 +++
> > include/sysemu/watchdog.h |  6 ++
> > monitor.c | 19 ---
> > 3 files changed, 37 insertions(+), 23 deletions(-)
> >
> >diff --git a/hw/watchdog/watchdog.c b/hw/watchdog/watchdog.c
> >index f28161b..3bea6fe 100644
> >--- a/hw/watchdog/watchdog.c
> >+++ b/hw/watchdog/watchdog.c
> >@@ -39,6 +39,16 @@
> > static int watchdog_action = WDT_RESET;
> > static QLIST_HEAD(watchdog_list, WatchdogTimerModel) watchdog_list;
> >
> >+struct watchdog_action watchdog_actions[] = {
> >+{ "reset",  WDT_RESET },
> >+{ "shutdown", WDT_SHUTDOWN },
> >+{ "poweroff", WDT_POWEROFF },
> >+{ "pause", WDT_PAUSE },
> >+{ "debug", WDT_DEBUG },
> >+{ "none", WDT_NONE },
> >+{ NULL, 0 },
> >+};
> 
> The QAPI event series instead used a QAPI enum and renamed this to something
> like WATCHDOG_ACTION_{RESET,SHUTDOWN,...} at the same time.
> 
> I guess we can wait for those patches to go in.

Sounds alright to me. Will wait for them.

> 
> Paolo
> 
> > void watchdog_add_model(WatchdogTimerModel *model)
> > {
> > QLIST_INSERT_HEAD(&watchdog_list, model, entry);
> >@@ -83,22 +93,15 @@ int select_watchdog(const char *p)
> >
> > int select_watchdog_action(const char *p)
> > {
> >-if (strcasecmp(p, "reset") == 0)
> >-watchdog_action = WDT_RESET;
> >-else if (strcasecmp(p, "shutdown") == 0)
> >-watchdog_action = WDT_SHUTDOWN;
> >-else if (strcasecmp(p, "poweroff") == 0)
> >-watchdog_action = WDT_POWEROFF;
> >-else if (strcasecmp(p, "pause") == 0)
> >-watchdog_action = WDT_PAUSE;
> >-else if (strcasecmp(p, "debug") == 0)
> >-watchdog_action = WDT_DEBUG;
> >-else if (strcasecmp(p, "none") == 0)
> >-watchdog_action = WDT_NONE;
> >-else
> >-return -1;
> >-
> >-return 0;
> >+int i;
> >+
> >+for (i = 0; watchdog_actions[i].name; i++) {
> >+if (!strcasecmp(p, watchdog_actions[i].name)) {
> >+watchdog_action = watchdog_actions[i].action;
> >+return 0;
> >+}
> >+}
> >+return -1;
> > }
> >
> > static void watchdog_mon_event(const char *action)
> >diff --git a/include/sysemu/watchdog.h b/include/sysemu/watchdog.h
> >index 3e9a970..2bfe2fc 100644
> >--- a/include/sysemu/watchdog.h
> >+++ b/include/sysemu/watchdog.h
> >@@ -34,6 +34,12 @@ struct WatchdogTimerModel {
> > };
> > typedef struct WatchdogTimerModel WatchdogTimerModel;
> >
> >+struct watchdog_action {
> >+const char *name;
> >+int action;
> >+};
> >+extern struct watchdog_action watchdog_actions[];
> >+
> > /* in hw/watchdog.c */
> > int select_watchdog(const char *p);
> > int select_watchdog_action(const char *action);
> >diff --git a/monitor.c b/monitor.c
> >index ee9390f..57d23c6 100644
> >--- a/monitor.c
> >+++ b/monitor.c
> >@@ -4562,16 +4562,21 @@ void netdev_del_completion(ReadLineState *rs, int 
> >nb_args, const char *str)
> >
> > void watchdog_action_completion(ReadLineState *rs, int nb_args, const char 
> > *str)
> > {
> >+int i;
> >+size_t len;
> >+
> > if (nb_args != 2) {
> > return;
> > }
> >-readline_set_completion_index(rs, strlen(str));
> >-add_completion_option(rs, str, "reset");
> >-add_completion_option(rs, str, "shutdown");
> >-add_completion_option(rs, str, "poweroff");
> >-add_completion_option(rs, str, "pause");
> >-add_completion_option(rs, str, "debug");
> >-add_completion_option(rs, str, "none");
> >+len = strlen(str);
> >+readline_set_completion_index(rs, len);
> >+for (i = 0; watchdog_actions[i].name; i++) {
> >+const char *name = watchdog_actions[i].name;
> >+
> >+if (!strncmp(str, name, len)) {
> >+readline_add_completion(rs, name);
> >+}
> >+}
> > }
> >
> > void migrate_set_capability_completion(ReadLineState *rs, int nb_args,
> >
> 

Re: [Qemu-devel] [Qemu-ppc] [PATCH v2 0/2] prep: Remove some clearly wrong assumptions

[Hervé Poussineau]

Ping.

Le 28/05/2014 01:23, Alexander Graf a écrit :


On 28.05.14 01:21, Alexander Graf wrote:


On 27.05.14 20:57, Hervé Poussineau wrote:

Ping.

Le 20/05/2014 07:34, Hervé Poussineau a écrit :

Ping.

Le 23/04/2014 23:19, Hervé Poussineau a écrit :

Hi,

These two patches remove some bugs for a PReP firmware. Note that first patch 
is very
PReP-oriented, and breaks OHW compatibility with other QEMU emulations 
(oldworld and
newworld machines).
Patches to remove corresponding hacks on QEMU side have already been sent:
http://lists.gnu.org/archive/html/qemu-devel/2014-04/msg00240.html


Sorry, I assumed Andreas would take this because it's a PReP patch. Andreas, do 
you want me to apply it instead?


Scratch that - I can't apply it :). Andreas?


Andreas, can you apply those patches, as Alex can't do it ?

Hervé

Re: [Qemu-devel] [PATCH 05/10 v4] bsd-user: Implement new syscall print_sysarch and add strace support

[Sean Bruno]

On Tue, 2014-06-10 at 23:53 +0100, Peter Maydell wrote:
> On 8 June 2014 17:57, Sean Bruno  wrote:
> > Signed-off-by: Sean Bruno 
> > ---
> >  bsd-user/freebsd/os-strace.h   | 29 +
> >  bsd-user/freebsd/strace.list   |  2 +-
> >  bsd-user/i386/syscall.h| 21 +
> >  bsd-user/i386/target_arch_sysarch.h| 78 
> > ++
> >  bsd-user/netbsd/os-strace.h|  1 +
> >  bsd-user/openbsd/os-strace.h   |  1 +
> >  bsd-user/sparc/syscall.h   | 27 +++-
> >  bsd-user/sparc/target_arch_sysarch.h   | 52 +++
> >  bsd-user/sparc64/syscall.h | 26 +++-
> >  bsd-user/sparc64/target_arch_sysarch.h | 52 +++
> >  bsd-user/strace.c  | 10 +
> >  bsd-user/x86_64/syscall.h  | 24 ++-
> >  bsd-user/x86_64/target_arch_sysarch.h  | 76 
> > +
> >  13 files changed, 395 insertions(+), 4 deletions(-)
> >  create mode 100644 bsd-user/freebsd/os-strace.h
> >  create mode 100644 bsd-user/i386/target_arch_sysarch.h
> >  create mode 100644 bsd-user/netbsd/os-strace.h
> >  create mode 100644 bsd-user/openbsd/os-strace.h
> >  create mode 100644 bsd-user/sparc/target_arch_sysarch.h
> >  create mode 100644 bsd-user/sparc64/target_arch_sysarch.h
> >  create mode 100644 bsd-user/x86_64/target_arch_sysarch.h
> 
> Unfortunately this breaks build of bsd-user on OpenBSD
> and NetBSD, because they don't provide a do_os_print_sysarch().
> 

Right, I've stubbed out a no-op function and tested on open/netbsd.
I'll send an update today.



> > --- /dev/null
> > +++ b/bsd-user/i386/target_arch_sysarch.h
> > @@ -0,0 +1,78 @@
> > +/*
> > + *  i386 sysarch system call emulation
> > + *
> > + *  Copyright (c) 2013 Stacey D. Son
> > + *
> > + *  This program is free software; you can redistribute it and/or modify
> > + *  it under the terms of the GNU General Public License as published by
> > + *  the Free Software Foundation; either version 2 of the License, or
> > + *  (at your option) any later version.
> > + *
> > + *  This program is distributed in the hope that it will be useful,
> > + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> > + *  GNU General Public License for more details.
> > + *
> > + *  You should have received a copy of the GNU General Public License
> > + *  along with this program; if not, see .
> > + */
> > +
> > +#ifndef __ARCH_SYSARCH_H_
> > +#define __ARCH_SYSARCH_H_
> > +
> > +#include "syscall.h"
> > +
> > +static inline abi_long do_freebsd_arch_sysarch(CPUX86State *env, int op,
> > +abi_ulong parms)
> > +{
> > +abi_long ret = 0;
> > +abi_ulong val;
> > +int idx;
> > +
> > +switch (op) {
> > +case TARGET_FREEBSD_I386_SET_GSBASE:
> > +case TARGET_FREEBSD_I386_SET_FSBASE:
> 
> Something's wrong here too -- this patch adds these functions
> for each architecture, but it doesn't add the code that calls them,
> and it doesn't delete the copies of this code from syscall.c.
> 
> thanks
> -- PMM
> 


Digging through this for the last couple of days.  Sorry for the slow
response, lots of code flow to follow here.

I think there's some confusion between the strace support for the new
print_sysarch() and the existing syscall do_freebsd_sysarch().  

If I follow the code, the existing do_freebsd_sysarch() syscall is a
programtical way of figuring out what arch is running.  Whereas
print_sysarch() spams the arch into your strace output.

Bearing that in mind, I think that the changes here are indeed correct
for this patchset.

[Qemu-devel] [PATCH] tcg/optimize: Don't special case TCG_OPF_CALL_CLOBBER

[Richard Henderson]

With the "old" ldst ops we didn't know the real width of the
result of the load, but with the "new" ldst ops we do.

Signed-off-by: Richard Henderson 
---
 tcg/optimize.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/tcg/optimize.c b/tcg/optimize.c
index 16cebbe..34ae3c2 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -911,12 +911,11 @@ static TCGArg *tcg_constant_folding(TCGContext *s, 
uint16_t *tcg_opc_ptr,
 break;
 }
 
-/* 32-bit ops (non 64-bit ops and non load/store ops) generate
-   32-bit results.  For the result is zero test below, we can
-   ignore high bits, but for further optimizations we need to
-   record that the high bits contain garbage.  */
+/* 32-bit ops generate 32-bit results.  For the result is zero test
+   below, we can ignore high bits, but for further optimizations we
+   need to record that the high bits contain garbage.  */
 partmask = mask;
-if (!(def->flags & (TCG_OPF_CALL_CLOBBER | TCG_OPF_64BIT))) {
+if (!(def->flags & TCG_OPF_64BIT)) {
 mask |= ~(tcg_target_ulong)0xu;
 partmask &= 0xu;
 affected &= 0xu;
-- 
1.9.3

[Qemu-devel] [PATCH 02/16] linux-user: support SO_ACCEPTCONN getsockopt option

[Paul Burton]

Translate the SO_ACCEPTCONN option to the host value & execute the
syscall as expected.

Signed-off-by: Paul Burton 
---
 linux-user/syscall.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 3921cff..e6afd30 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1652,6 +1652,9 @@ static abi_long do_getsockopt(int sockfd, int level, int 
optname,
 case TARGET_SO_RCVLOWAT:
 optname = SO_RCVLOWAT;
 goto int_case;
+case TARGET_SO_ACCEPTCONN:
+optname = SO_ACCEPTCONN;
+goto int_case;
 default:
 goto int_case;
 }
-- 
2.0.0

[Qemu-devel] [PATCH 01/16] linux-user: translate the result of getsockopt SO_TYPE

[Paul Burton]

QEMU previously passed the result of the host syscall directly to the
target program. This is a problem if the host & target have different
representations of socket types, as is the case when running a MIPS
target program on an x86 host. Introduce a host_to_target_sock_type
helper function mirroring the existing target_to_host_sock_type, and
call it to translate the value provided by getsockopt when called for
the SO_TYPE option.

Signed-off-by: Paul Burton 
---
 linux-user/syscall.c | 33 +
 1 file changed, 33 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 6efeeff..3921cff 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -592,6 +592,35 @@ char *target_strerror(int err)
 return strerror(target_to_host_errno(err));
 }
 
+static inline int host_to_target_sock_type(int host_type)
+{
+int target_type;
+
+switch (host_type & 0xf /* SOCK_TYPE_MASK */) {
+case SOCK_DGRAM:
+target_type = TARGET_SOCK_DGRAM;
+break;
+case SOCK_STREAM:
+target_type = TARGET_SOCK_STREAM;
+break;
+default:
+target_type = host_type & 0xf /* SOCK_TYPE_MASK */;
+break;
+}
+
+#if defined(SOCK_CLOEXEC)
+if (host_type & SOCK_CLOEXEC)
+target_type |= TARGET_SOCK_CLOEXEC;
+#endif
+
+#if defined(SOCK_NONBLOCK)
+if (host_type & SOCK_NONBLOCK)
+target_type |= TARGET_SOCK_NONBLOCK;
+#endif
+
+return target_type;
+}
+
 static abi_ulong target_brk;
 static abi_ulong target_original_brk;
 static abi_ulong brk_page;
@@ -1526,6 +1555,7 @@ static abi_long do_getsockopt(int sockfd, int level, int 
optname,
 abi_long ret;
 int len, val;
 socklen_t lv;
+int (*translate_result)(int val) = NULL;
 
 switch(level) {
 case TARGET_SOL_SOCKET:
@@ -1578,6 +1608,7 @@ static abi_long do_getsockopt(int sockfd, int level, int 
optname,
 optname = SO_REUSEADDR;
 goto int_case;
 case TARGET_SO_TYPE:
+translate_result = host_to_target_sock_type;
 optname = SO_TYPE;
 goto int_case;
 case TARGET_SO_ERROR:
@@ -1636,6 +1667,8 @@ static abi_long do_getsockopt(int sockfd, int level, int 
optname,
 ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
 if (ret < 0)
 return ret;
+if (translate_result)
+val = translate_result(val);
 if (len > lv)
 len = lv;
 if (len == 4) {
-- 
2.0.0

[Qemu-devel] [PATCH 00/16] linux-user fixes & improvements

[Paul Burton]

This series fixes a number of bugs in QEMUs linux-user support, some
specific to targetting the MIPS architecture but mostly generic. It also
adds support for some previously unsupported syscalls & {g,s}etsockopt
options.

Paul Burton (16):
  linux-user: translate the result of getsockopt SO_TYPE
  linux-user: support SO_ACCEPTCONN getsockopt option
  linux-user: support SO_{SND,RCV}BUFFORCE setsockopt options
  linux-user: support SO_PASSSEC setsockopt option
  linux-user: allow NULL arguments to mount
  linux-user: support strace of epoll_create1
  linux-user: fix struct target_epoll_event layout for MIPS
  linux-user: respect timezone for settimeofday
  linux-user: allow NULL tv argument for settimeofday
  linux-user: support timerfd_{create,gettime,settime} syscalls
  linux-user: support ioprio_{get,set} syscalls
  linux-user: support {name_to,open_by}_handle_at syscalls
  linux-user: support the setns syscall
  linux-user: support the unshare syscall
  linux-user: support the KDSIGACCEPT ioctl
  linux-user: support the SIOCGIFINDEX ioctl

 linux-user/ioctls.h   |   2 +
 linux-user/socket.h   |   2 +
 linux-user/strace.c   |  30 +
 linux-user/strace.list|  21 
 linux-user/syscall.c  | 273 +-
 linux-user/syscall_defs.h |   9 +-
 6 files changed, 310 insertions(+), 27 deletions(-)

-- 
2.0.0

[Qemu-devel] [PATCH 05/16] linux-user: allow NULL arguments to mount

[Paul Burton]

Calls to the mount syscall can legitimately provide NULL as the value
for the source of filesystemtype arguments, which QEMU would previously
reject & return -EFAULT to the target program. An example of this is
remounting an already mounted filesystem with different properties.

Instead of rejecting such syscalls with -EFAULT, pass NULL along to the
kernel as the target program expects.

Additionally this patch fixes a potential memory leak when DEBUG_REMAP
is enabled and lock_user_string fails on the target or filesystemtype
arguments but a prior argument was non-NULL and already locked.

Since the patch already touched most lines of the TARGET_NR_mount case,
it fixes the indentation for good measure.

Signed-off-by: Paul Burton 
---
 linux-user/syscall.c | 68 +++-
 1 file changed, 46 insertions(+), 22 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b507f81..2dc7ca3 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5565,29 +5565,53 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 break;
 #endif
 case TARGET_NR_mount:
-   {
-   /* need to look at the data field */
-   void *p2, *p3;
-   p = lock_user_string(arg1);
-   p2 = lock_user_string(arg2);
-   p3 = lock_user_string(arg3);
-if (!p || !p2 || !p3)
-ret = -TARGET_EFAULT;
-else {
-/* FIXME - arg5 should be locked, but it isn't 
clear how to
- * do that since it's not guaranteed to be a 
NULL-terminated
- * string.
- */
-if ( ! arg5 )
-ret = get_errno(mount(p, p2, p3, (unsigned 
long)arg4, NULL));
-else
-ret = get_errno(mount(p, p2, p3, (unsigned 
long)arg4, g2h(arg5)));
-}
+{
+/* need to look at the data field */
+void *p2, *p3;
+
+if (arg1) {
+p = lock_user_string(arg1);
+if (!p)
+goto efault;
+} else {
+p = NULL;
+}
+
+p2 = lock_user_string(arg2);
+if (!p2) {
+if (arg1)
+unlock_user(p, arg1, 0);
+goto efault;
+}
+
+if (arg3) {
+p3 = lock_user_string(arg3);
+if (!p3) {
+if (arg1)
 unlock_user(p, arg1, 0);
-unlock_user(p2, arg2, 0);
-unlock_user(p3, arg3, 0);
-   break;
-   }
+unlock_user(p2, arg2, 0);
+goto efault;
+}
+} else {
+p3 = NULL;
+}
+
+/* FIXME - arg5 should be locked, but it isn't clear how to
+ * do that since it's not guaranteed to be a NULL-terminated
+ * string.
+ */
+ if (!arg5)
+ ret = get_errno(mount(p, p2, p3, (unsigned long)arg4, NULL));
+ else
+ ret = get_errno(mount(p, p2, p3, (unsigned long)arg4, 
g2h(arg5)));
+
+ if (arg1)
+ unlock_user(p, arg1, 0);
+ unlock_user(p2, arg2, 0);
+ if (arg3)
+ unlock_user(p3, arg3, 0);
+}
+break;
 #ifdef TARGET_NR_umount
 case TARGET_NR_umount:
 if (!(p = lock_user_string(arg1)))
-- 
2.0.0

[Qemu-devel] [PATCH 08/16] linux-user: respect timezone for settimeofday

[Paul Burton]

The settimeofday syscall accepts a tz argument indicating the desired
timezone to the kernel. QEMU previously ignored any argument provided
by the target program & always passed NULL to the kernel. Instead,
translate the argument & pass along the data userland provided.

Although this argument is described by the settimeofday man page as
obsolete, it is used by systemd as of version 213.

Signed-off-by: Paul Burton 
---
 linux-user/syscall.c  | 27 ++-
 linux-user/syscall_defs.h |  5 +
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 2dc7ca3..d30dff8 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -933,6 +933,22 @@ static inline abi_long copy_to_user_timeval(abi_ulong 
target_tv_addr,
 return 0;
 }
 
+static inline abi_long copy_from_user_timezone(struct timezone *tz,
+   abi_ulong target_tz_addr)
+{
+struct target_timezone *target_tz;
+
+if (!lock_user_struct(VERIFY_READ, target_tz, target_tz_addr, 1))
+return -TARGET_EFAULT;
+
+__get_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
+__get_user(tz->tz_dsttime, &target_tz->tz_dsttime);
+
+unlock_user_struct(target_tz, target_tz_addr, 0);
+
+return 0;
+}
+
 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
 #include 
 
@@ -6329,9 +6345,18 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 case TARGET_NR_settimeofday:
 {
 struct timeval tv;
+struct timezone tz, *ptz = NULL;
+
 if (copy_from_user_timeval(&tv, arg1))
 goto efault;
-ret = get_errno(settimeofday(&tv, NULL));
+
+if (arg2) {
+if (copy_from_user_timezone(&tz, arg2))
+goto efault;
+ptz = &tz;
+}
+
+ret = get_errno(settimeofday(&tv, ptz));
 }
 break;
 #if defined(TARGET_NR_select)
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 9fcb723..380e865 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -165,6 +165,11 @@ struct target_timespec {
 abi_long tv_nsec;
 };
 
+struct target_timezone {
+abi_int tz_minuteswest;
+abi_int tz_dsttime;
+};
+
 struct target_itimerval {
 struct target_timeval it_interval;
 struct target_timeval it_value;
-- 
2.0.0

[Qemu-devel] [PATCH 07/16] linux-user: fix struct target_epoll_event layout for MIPS

[Paul Burton]

MIPS requires the pad field to 64b-align the data field just as ARM
does.

Signed-off-by: Paul Burton 
---
 linux-user/syscall_defs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 69c3982..9fcb723 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -2528,7 +2528,7 @@ typedef union target_epoll_data {
 
 struct target_epoll_event {
 uint32_t events;
-#ifdef TARGET_ARM
+#if defined(TARGET_ARM) || defined(TARGET_MIPS)
 uint32_t __pad;
 #endif
 target_epoll_data_t data;
-- 
2.0.0

[Qemu-devel] [PATCH 12/16] linux-user: support {name_to, open_by}_handle_at syscalls

[Paul Burton]

Implement support for the name_to_handle_at and open_by_handle_at
syscalls, allowing their use by the target program.

Signed-off-by: Paul Burton 
---
 linux-user/strace.c| 30 ++
 linux-user/strace.list |  6 ++
 linux-user/syscall.c   | 50 ++
 3 files changed, 86 insertions(+)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index ea6c1d2..c20ddf1 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -1552,6 +1552,36 @@ print_kill(const struct syscallname *name,
 }
 #endif
 
+#ifdef TARGET_NR_name_to_handle_at
+static void
+print_name_to_handle_at(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_at_dirfd(arg0, 0);
+print_string(arg1, 0);
+print_pointer(arg2, 0);
+print_pointer(arg3, 0);
+print_raw_param("0x%x", arg4, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
+#ifdef TARGET_NR_open_by_handle_at
+static void
+print_open_by_handle_at(const struct syscallname *name,
+abi_long arg0, abi_long arg1, abi_long arg2,
+abi_long arg3, abi_long arg4, abi_long arg5)
+{
+print_syscall_prologue(name);
+print_raw_param("%d", arg0, 0);
+print_pointer(arg2, 0);
+print_open_flags(arg3, 1);
+print_syscall_epilogue(name);
+}
+#endif
+
 /*
  * An array of all of the syscalls we know about
  */
diff --git a/linux-user/strace.list b/linux-user/strace.list
index 8de972a..147f579 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -582,6 +582,9 @@
 #ifdef TARGET_NR_munmap
 { TARGET_NR_munmap, "munmap" , NULL, print_munmap, NULL },
 #endif
+#ifdef TARGET_NR_name_to_handle_at
+{ TARGET_NR_name_to_handle_at, "name_to_handle_at" , NULL, 
print_name_to_handle_at, NULL },
+#endif
 #ifdef TARGET_NR_nanosleep
 { TARGET_NR_nanosleep, "nanosleep" , NULL, NULL, NULL },
 #endif
@@ -624,6 +627,9 @@
 #ifdef TARGET_NR_openat
 { TARGET_NR_openat, "openat" , NULL, print_openat, NULL },
 #endif
+#ifdef TARGET_NR_open_by_handle_at
+{ TARGET_NR_open_by_handle_at, "open_by_handle_at" , NULL, 
print_open_by_handle_at, NULL },
+#endif
 #ifdef TARGET_NR_osf_adjtime
 { TARGET_NR_osf_adjtime, "osf_adjtime" , NULL, NULL, NULL },
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index c7f176a..192ad3a 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5349,6 +5349,56 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 unlock_user(p, arg2, 0);
 break;
 #endif
+#ifdef TARGET_NR_name_to_handle_at
+case TARGET_NR_name_to_handle_at:
+{
+struct file_handle *fh;
+uint32_t sz;
+int mount_id;
+
+if (!(p = lock_user_string(arg2)))
+goto efault;
+
+if (get_user_u32(sz, arg3)) {
+unlock_user(p, arg2, 0);
+goto efault;
+}
+
+if (!(fh = lock_user(VERIFY_WRITE, arg3, sizeof(*fh) + sz, 1))) {
+unlock_user(p, arg2, 0);
+goto efault;
+}
+
+ret = get_errno(name_to_handle_at(arg1, path(p), fh,
+  &mount_id, arg5));
+
+unlock_user(p, arg2, 0);
+unlock_user(p, arg3, sizeof(*fh) + sz);
+
+if (put_user_s32(mount_id, arg4))
+goto efault;
+}
+break;
+#endif
+#ifdef TARGET_NR_open_by_handle_at
+case TARGET_NR_open_by_handle_at:
+{
+struct file_handle *fh;
+uint32_t sz;
+
+if (get_user_u32(sz, arg2))
+goto efault;
+
+if (!(fh = lock_user(VERIFY_WRITE, arg2, sizeof(*fh) + sz, 1)))
+goto efault;
+
+ret = get_errno(open_by_handle_at(arg1, fh,
+target_to_host_bitmask(arg3, fcntl_flags_tbl)));
+
+unlock_user(p, arg2, sizeof(*fh) + sz);
+}
+break;
+#endif
 case TARGET_NR_close:
 ret = get_errno(close(arg1));
 break;
-- 
2.0.0

[Qemu-devel] [PATCH 13/16] linux-user: support the setns syscall

[Paul Burton]

Add support for the setns syscall, trivially passed through to the host.

Signed-off-by: Paul Burton 
---
 linux-user/strace.list | 3 +++
 linux-user/syscall.c   | 6 ++
 2 files changed, 9 insertions(+)

diff --git a/linux-user/strace.list b/linux-user/strace.list
index 147f579..d5b8033 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1191,6 +1191,9 @@
 #ifdef TARGET_NR_set_mempolicy
 { TARGET_NR_set_mempolicy, "set_mempolicy" , NULL, NULL, NULL },
 #endif
+#ifdef TARGET_NR_setns
+{ TARGET_NR_setns, "setns" , NULL, NULL, NULL },
+#endif
 #ifdef TARGET_NR_setpgid
 { TARGET_NR_setpgid, "setpgid" , NULL, NULL, NULL },
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 192ad3a..208c6c4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9528,6 +9528,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 break;
 #endif
 
+#ifdef TARGET_NR_setns
+case TARGET_NR_setns:
+ret = get_errno(setns(arg1, arg2));
+break;
+#endif
+
 default:
 unimplemented:
 gemu_log("qemu: Unsupported syscall: %d\n", num);
-- 
2.0.0

[Qemu-devel] [PATCH 11/16] linux-user: support ioprio_{get, set} syscalls

[Paul Burton]

Add support for the ioprio_get & ioprio_set syscalls, allowing their
use by target programs.

Signed-off-by: Paul Burton 
---
 linux-user/syscall.c | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 0830205..c7f176a 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -252,6 +252,12 @@ _syscall2(int, capget, struct __user_cap_header_struct *, 
header,
   struct __user_cap_data_struct *, data);
 _syscall2(int, capset, struct __user_cap_header_struct *, header,
   struct __user_cap_data_struct *, data);
+#ifdef __NR_ioprio_get
+_syscall2(int, ioprio_get, int, which, int, who)
+#endif
+#ifdef __NR_ioprio_set
+_syscall3(int, ioprio_set, int, which, int, who, int, ioprio)
+#endif
 
 static bitmask_transtbl fcntl_flags_tbl[] = {
   { TARGET_O_ACCMODE,   TARGET_O_WRONLY,O_ACCMODE,   O_WRONLY,},
@@ -9460,6 +9466,18 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 break;
 #endif
 
+#if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
+case TARGET_NR_ioprio_get:
+ret = get_errno(ioprio_get(arg1, arg2));
+break;
+#endif
+
+#if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
+case TARGET_NR_ioprio_set:
+ret = get_errno(ioprio_set(arg1, arg2, arg3));
+break;
+#endif
+
 default:
 unimplemented:
 gemu_log("qemu: Unsupported syscall: %d\n", num);
-- 
2.0.0

[Qemu-devel] [PATCH 15/16] linux-user: support the KDSIGACCEPT ioctl

[Paul Burton]

Add a definition of the KDSIGACCEPT ioctl & allow its use by target
programs.

Signed-off-by: Paul Burton 
---
 linux-user/ioctls.h   | 1 +
 linux-user/syscall_defs.h | 1 +
 2 files changed, 2 insertions(+)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index 309fb21..cd21e64 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -64,6 +64,7 @@
  IOCTL(KDSKBLED, 0, TYPE_INT)
  IOCTL(KDGETLED, 0, TYPE_INT)
  IOCTL(KDSETLED, 0, TYPE_INT)
+ IOCTL(KDSIGACCEPT, 0, TYPE_INT)
 
  IOCTL(BLKROSET, IOC_W, MK_PTR(TYPE_INT))
  IOCTL(BLKROGET, IOC_R, MK_PTR(TYPE_INT))
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 380e865..4d35d54 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -831,6 +831,7 @@ struct target_pollfd {
 #define TARGET_KDSKBLED0x4B65  /* set led flags (not lights) */
 #define TARGET_KDGETLED0x4B31  /* return current led state */
 #define TARGET_KDSETLED0x4B32  /* set led state [lights, not flags] */
+#define TARGET_KDSIGACCEPT 0x4B4E
 
 #define TARGET_SIOCATMARK  0x8905
 
-- 
2.0.0

[Qemu-devel] [PATCH 14/16] linux-user: support the unshare syscall

[Paul Burton]

Add support for the unshare syscall, trivially passed through to the
host.

Signed-off-by: Paul Burton 
---
 linux-user/syscall.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 208c6c4..5412b1e 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9534,6 +9534,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 break;
 #endif
 
+#ifdef TARGET_NR_unshare
+case TARGET_NR_unshare:
+ret = get_errno(unshare(arg1));
+break;
+#endif
+
 default:
 unimplemented:
 gemu_log("qemu: Unsupported syscall: %d\n", num);
-- 
2.0.0

[Qemu-devel] [PATCH 16/16] linux-user: support the SIOCGIFINDEX ioctl

[Paul Burton]

Add a definition of the SIOCGIFINDEX ioctl, allowing its use by target
programs.

Signed-off-by: Paul Burton 
---
 linux-user/ioctls.h   | 1 +
 linux-user/syscall_defs.h | 1 +
 2 files changed, 2 insertions(+)

diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
index cd21e64..20551a8 100644
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -118,6 +118,7 @@
   IOCTL(SIOCSIFMEM, IOC_W, MK_PTR(MK_STRUCT(STRUCT_ptr_ifreq)))
   IOCTL(SIOCADDMULTI, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sockaddr_ifreq)))
   IOCTL(SIOCDELMULTI, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sockaddr_ifreq)))
+  IOCTL(SIOCGIFINDEX, IOC_W | IOC_R, MK_PTR(MK_STRUCT(STRUCT_sockaddr_ifreq)))
   IOCTL(SIOCSIFLINK, 0, TYPE_NULL)
   IOCTL_SPECIAL(SIOCGIFCONF, IOC_W | IOC_R, do_ioctl_ifconf,
 MK_PTR(MK_STRUCT(STRUCT_ifconf)))
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 4d35d54..9c7499c 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -865,6 +865,7 @@ struct target_pollfd {
 #define TARGET_SIOCSIFSLAVE0x8930
 #define TARGET_SIOCADDMULTI0x8931  /* Multicast address lists  
*/
 #define TARGET_SIOCDELMULTI0x8932
+#define TARGET_SIOCGIFINDEX0x8933
 
 /* Bridging control calls */
 #define TARGET_SIOCGIFBR   0x8940  /* Bridging support 
*/
-- 
2.0.0

[Qemu-devel] [PATCH 03/16] linux-user: support SO_{SND, RCV}BUFFORCE setsockopt options

[Paul Burton]

Translate the SO_SNDBUFFORCE & SO_RCVBUFFORCE options to setsockopt to
the host values & perform the syscall as expected, allowing use of those
options by target programs.

Signed-off-by: Paul Burton 
---
 linux-user/syscall.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index e6afd30..679d165 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1500,9 +1500,15 @@ set_timeout:
 case TARGET_SO_SNDBUF:
optname = SO_SNDBUF;
break;
+case TARGET_SO_SNDBUFFORCE:
+   optname = SO_SNDBUFFORCE;
+   break;
 case TARGET_SO_RCVBUF:
optname = SO_RCVBUF;
break;
+case TARGET_SO_RCVBUFFORCE:
+   optname = SO_RCVBUFFORCE;
+   break;
 case TARGET_SO_KEEPALIVE:
optname = SO_KEEPALIVE;
break;
-- 
2.0.0

[Qemu-devel] [PATCH 04/16] linux-user: support SO_PASSSEC setsockopt option

[Paul Burton]

Translate the SO_PASSSEC option to setsockopt to the host value &
perform the syscall as expected, allowing use of the option by target
programs.

Signed-off-by: Paul Burton 
---
 linux-user/socket.h  | 2 ++
 linux-user/syscall.c | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/linux-user/socket.h b/linux-user/socket.h
index ae17959..289c6ac 100644
--- a/linux-user/socket.h
+++ b/linux-user/socket.h
@@ -63,6 +63,7 @@
 #define TARGET_SO_PEERSEC  30
 #define TARGET_SO_SNDBUFFORCE  31
 #define TARGET_SO_RCVBUFFORCE  33
+#define TARGET_SO_PASSSEC  34
 
 /** sock_type - Socket types
  *
@@ -298,6 +299,7 @@
 #define TARGET_SO_ACCEPTCONN   30
 
 #define TARGET_SO_PEERSEC  31
+#define TARGET_SO_PASSSEC  34
 
 #endif
 
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 679d165..b507f81 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1529,6 +1529,9 @@ set_timeout:
 case TARGET_SO_PASSCRED:
optname = SO_PASSCRED;
break;
+case TARGET_SO_PASSSEC:
+   optname = SO_PASSSEC;
+   break;
 case TARGET_SO_TIMESTAMP:
optname = SO_TIMESTAMP;
break;
-- 
2.0.0

[Qemu-devel] [PATCH 10/16] linux-user: support timerfd_{create, gettime, settime} syscalls

[Paul Burton]

Adds support for the timerfd_create, timerfd_gettime & timerfd_settime
syscalls, allowing use of timerfds by target programs.

Signed-off-by: Paul Burton 
---
 linux-user/strace.list |  9 +
 linux-user/syscall.c   | 44 
 2 files changed, 53 insertions(+)

diff --git a/linux-user/strace.list b/linux-user/strace.list
index fcb258d..8de972a 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -1404,6 +1404,15 @@
 #ifdef TARGET_NR_timer_settime
 { TARGET_NR_timer_settime, "timer_settime" , NULL, NULL, NULL },
 #endif
+#ifdef TARGET_NR_timerfd_create
+{ TARGET_NR_timerfd_create, "timerfd_create" , NULL, NULL, NULL },
+#endif
+#ifdef TARGET_NR_timerfd_gettime
+{ TARGET_NR_timerfd_gettime, "timerfd_gettime" , NULL, NULL, NULL },
+#endif
+#ifdef TARGET_NR_timerfd_settime
+{ TARGET_NR_timerfd_settime, "timerfd_settime" , NULL, NULL, NULL },
+#endif
 #ifdef TARGET_NR_times
 { TARGET_NR_times, "times" , NULL, NULL, NULL },
 #endif
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8ebb9e7..0830205 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -58,6 +58,7 @@ int __clone2(int (*fn)(void *), void *child_stack_base,
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 //#include 
@@ -9416,6 +9417,49 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 }
 #endif
 
+#ifdef TARGET_NR_timerfd_create
+case TARGET_NR_timerfd_create:
+ret = get_errno(timerfd_create(arg1,
+target_to_host_bitmask(arg2, fcntl_flags_tbl)));
+break;
+#endif
+
+#ifdef TARGET_NR_timerfd_gettime
+case TARGET_NR_timerfd_gettime:
+{
+struct itimerspec its_curr;
+
+ret = get_errno(timerfd_gettime(arg1, &its_curr));
+
+if (arg2 && host_to_target_itimerspec(arg2, &its_curr)) {
+goto efault;
+}
+}
+break;
+#endif
+
+#ifdef TARGET_NR_timerfd_settime
+case TARGET_NR_timerfd_settime:
+{
+struct itimerspec its_new, its_old, *p_new;
+
+if (arg3) {
+if (target_to_host_itimerspec(&its_new, arg3))
+goto efault;
+p_new = &its_new;
+} else {
+p_new = NULL;
+}
+
+ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
+
+if (arg4 && host_to_target_itimerspec(arg4, &its_old)) {
+goto efault;
+}
+}
+break;
+#endif
+
 default:
 unimplemented:
 gemu_log("qemu: Unsupported syscall: %d\n", num);
-- 
2.0.0

[Qemu-devel] [PATCH 09/16] linux-user: allow NULL tv argument for settimeofday

[Paul Burton]

The tv argument to the settimeofday syscall is allowed to be NULL, if
the program only wishes to provide the timezone. QEMU previously
returned -EFAULT when tv was NULL. Instead, execute the syscall &
provide NULL to the kernel as the target program expected.

Signed-off-by: Paul Burton 
---
 linux-user/syscall.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index d30dff8..8ebb9e7 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6344,11 +6344,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
 break;
 case TARGET_NR_settimeofday:
 {
-struct timeval tv;
+struct timeval tv, *ptv = NULL;
 struct timezone tz, *ptz = NULL;
 
-if (copy_from_user_timeval(&tv, arg1))
-goto efault;
+if (arg1) {
+if (copy_from_user_timeval(&tv, arg1))
+goto efault;
+ptv = &tv;
+}
 
 if (arg2) {
 if (copy_from_user_timezone(&tz, arg2))
@@ -6356,7 +6359,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 ptz = &tz;
 }
 
-ret = get_errno(settimeofday(&tv, ptz));
+ret = get_errno(settimeofday(ptv, ptz));
 }
 break;
 #if defined(TARGET_NR_select)
-- 
2.0.0

[Qemu-devel] [PATCH 06/16] linux-user: support strace of epoll_create1

[Paul Burton]

Add the epoll_create1 syscall to strace.list in order to display that
syscall when it occurs, rather than a message about the syscall being
unknown despite QEMU already implementing support for it.

Signed-off-by: Paul Burton 
---
 linux-user/strace.list | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/linux-user/strace.list b/linux-user/strace.list
index cf5841a..fcb258d 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -114,6 +114,9 @@
 #ifdef TARGET_NR_epoll_create
 { TARGET_NR_epoll_create, "epoll_create" , NULL, NULL, NULL },
 #endif
+#ifdef TARGET_NR_epoll_create1
+{ TARGET_NR_epoll_create1, "epoll_create1" , NULL, NULL, NULL },
+#endif
 #ifdef TARGET_NR_epoll_ctl
 { TARGET_NR_epoll_ctl, "epoll_ctl" , NULL, NULL, NULL },
 #endif
-- 
2.0.0

[Qemu-devel] bsd-user: master is broken

[Sean Bruno]

Trying to bisect a compile failure on master before I do anything else
today.  I'm getting a slew of linking failures right now due to
unresolved symbols that appear to be needed by block/curl code.

http://people.freebsd.org/~sbruno/ssl_fail_qemu.txt

Lots of Curl_* functions and lots of SSL/Crypt functions here.

Disabling curl support allows me to continue. (--disable-curl)

This has happened in the last few days on master.

sean

Re: [Qemu-devel] [PATCH 05/10 v4] bsd-user: Implement new syscall print_sysarch and add strace support

[Peter Maydell]

On 15 June 2014 16:33, Sean Bruno  wrote:
> I think there's some confusion between the strace support for the new
> print_sysarch() and the existing syscall do_freebsd_sysarch().

Only because you've put parts of both in the same patch :-)

> If I follow the code, the existing do_freebsd_sysarch() syscall is a
> programtical way of figuring out what arch is running.  Whereas
> print_sysarch() spams the arch into your strace output.

The existing do_freebsd_sysarch() is a bunch of functions in
syscall.c, with TARGET_* ifdefs selecting which one you get.
This patch seems to be attempting to change that to having
the per-arch implementations in the per-arch files. That's a
good idea, but this patch is only doing half of the job -- you
need to remove the old implementations and wire up the new.
Really the changes to the implementation and to the strace
support should go in separate patches.

> Bearing that in mind, I think that the changes here are indeed correct
> for this patchset.

I still disagree here. Look at the TARGET_I386 implementation
of do_freebsd_sysarch() in the existing syscall.c, and at the
new function do_freebsd_arch_sysarch() you've added in this patch in
bsd-user/x86_64/target_arch_sysarch.h. They're basically
identical -- this should be a code-move change, but you've
only got the 'add new version', not the 'and remove the old'.

I think if you remove all the do_freebsd_arch_sysarch()
functions from this patch you're left with just the strace
support (the strace related functions all have 'print' in
their names).

thanks
-- PMM

Re: [Qemu-devel] [PATCH 05/10 v4] bsd-user: Implement new syscall print_sysarch and add strace support

[Sean Bruno]

On Sun, 2014-06-15 at 20:20 +0100, Peter Maydell wrote:
> On 15 June 2014 16:33, Sean Bruno  wrote:
> > I think there's some confusion between the strace support for the new
> > print_sysarch() and the existing syscall do_freebsd_sysarch().
> 
> Only because you've put parts of both in the same patch :-)
> 

Oh, I didn't say *where* the confusion was.  It is most definitely on my
side.  :-)

> > If I follow the code, the existing do_freebsd_sysarch() syscall is a
> > programtical way of figuring out what arch is running.  Whereas
> > print_sysarch() spams the arch into your strace output.
> 
> The existing do_freebsd_sysarch() is a bunch of functions in
> syscall.c, with TARGET_* ifdefs selecting which one you get.
> This patch seems to be attempting to change that to having
> the per-arch implementations in the per-arch files. That's a
> good idea, but this patch is only doing half of the job -- you
> need to remove the old implementations and wire up the new.
> Really the changes to the implementation and to the strace
> support should go in separate patches.
> 
> > Bearing that in mind, I think that the changes here are indeed correct
> > for this patchset.
> 
> I still disagree here. Look at the TARGET_I386 implementation
> of do_freebsd_sysarch() in the existing syscall.c, and at the
> new function do_freebsd_arch_sysarch() you've added in this patch in
> bsd-user/x86_64/target_arch_sysarch.h. They're basically
> identical -- this should be a code-move change, but you've
> only got the 'add new version', not the 'and remove the old'.
> 
> I think if you remove all the do_freebsd_arch_sysarch()
> functions from this patch you're left with just the strace
> support (the strace related functions all have 'print' in
> their names).
> 
> thanks
> -- PMM


Ok, more staring required.

sean

Re: [Qemu-devel] bsd-user: master is broken

[Sean Bruno]

On Sun, 2014-06-15 at 12:10 -0700, Sean Bruno wrote:
> Trying to bisect a compile failure on master before I do anything else
> today.  I'm getting a slew of linking failures right now due to
> unresolved symbols that appear to be needed by block/curl code.
> 
> http://people.freebsd.org/~sbruno/ssl_fail_qemu.txt
> 
> Lots of Curl_* functions and lots of SSL/Crypt functions here.
> 
> Disabling curl support allows me to continue. (--disable-curl)
> 
> This has happened in the last few days on master.
> 
> sean
> 
> 

Looks like this is the culprit for me:

commit c5cb1afc4675bf5ff66e7a149d2a8cffba2eaa9e
Merge: b780bf8 1c33ac5
Author: Peter Maydell 
Date:   Wed Jun 11 15:36:48 2014 +0100

Merge remote-tracking branch 'remotes/bonzini/configure' into
staging

* remotes/bonzini/configure:
  rules.mak: Rewrite unnest-vars
  configure: unset interfering variables
  configure: duplicate/incorrect order of -lrt
  libcacard: improve documentation
  libcacard: actually use symbols file
  libcacard: replace qemu thread primitives with glib ones
  vscclient: use glib thread primitives not qemu
  glib-compat.h: add new thread API emulation on top of pre-2.31 API

Signed-off-by: Peter Maydell 

Re: [Qemu-devel] bsd-user: master is broken

[Sean Bruno]

On Sun, 2014-06-15 at 13:06 -0700, Sean Bruno wrote:
>   rules.mak: Rewrite unnest-vars

Reverting this resolves the primary failure.  The logic here is off
somehow.

sean

[Qemu-devel] [PATCH 2/3] bsd-user: Add patches to fix AES_* link errors

[Sean Bruno]

Redefine functions as QEMU_AES_* to avoid conflicts with AES_* in
-lcrypto needed (at least) by -lcurl.

Take from emulators/qemu-devel/files/patch-include-qemu-aes.h

Signed-off-by: Sean Bruno 
Signed-off-by: Ed Maste 
---
 include/qemu/aes.h | 9 +
 1 file changed, 9 insertions(+)

diff --git a/include/qemu/aes.h b/include/qemu/aes.h
index e79c707..d310411 100644
--- a/include/qemu/aes.h
+++ b/include/qemu/aes.h
@@ -10,6 +10,15 @@ struct aes_key_st {
 };
 typedef struct aes_key_st AES_KEY;
 
+/* FreeBSD has it's own AES_set_decrypt_key in -lcrypto, avoid conflicts */
+#ifdef __FreeBSD__
+#define AES_set_encrypt_key QEMU_AES_set_encrypt_key
+#define AES_set_decrypt_key QEMU_AES_set_decrypt_key
+#define AES_encrypt QEMU_AES_encrypt
+#define AES_decrypt QEMU_AES_decrypt
+#define AES_cbc_encrypt QEMU_AES_cbc_encrypt
+#endif
+
 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-- 
1.9.3

[Qemu-devel] [PATCH 1/3] bsd-user: Revert part of update to rules.mk

[Sean Bruno]

In c5cb1afc4675bf5ff66e7a149d2a8cffba2eaa9e rules.mk change was causing
complete failure on bsd-user when not using --disable-curl

Signed-off-by: Sean Bruno 
---
 rules.mak | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules.mak b/rules.mak
index dde8e00..4a33c27 100644
--- a/rules.mak
+++ b/rules.mak
@@ -22,7 +22,8 @@ QEMU_DGFLAGS += -MMD -MP -MT $@ -MF $(*D)/$(*F).d
 # Same as -I$(SRC_PATH) -I., but for the nested source/object directories
 QEMU_INCLUDES += -I$(

[Qemu-devel] [PATCH 0/3] bsd-user: Fix linking/dependency issues

[Sean Bruno]

Recent changes to master caused complete failures to build bsd-user.

Sean Bruno (3):
  bsd-user: Revert part of c5cb1afc4675bf5ff66e7a149d2a8cffba2eaa9e
  bsd-user: Add patches to fix AES_* link errors
  bsd-user: Implement strace support for getcwd syscall

 bsd-user/freebsd/strace.list | 1 +
 include/qemu/aes.h   | 9 +
 rules.mak| 3 ++-
 3 files changed, 12 insertions(+), 1 deletion(-)

-- 
1.9.3

[Qemu-devel] [PATCH 3/3] bsd-user: Implement strace support for getcwd syscall

[Sean Bruno]

Signed-off-by: Sean Bruno 
---
 bsd-user/freebsd/strace.list | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bsd-user/freebsd/strace.list b/bsd-user/freebsd/strace.list
index 2800a2d..f10caaa 100644
--- a/bsd-user/freebsd/strace.list
+++ b/bsd-user/freebsd/strace.list
@@ -28,6 +28,7 @@
 { TARGET_FREEBSD_NR___acl_set_fd, "__acl_set_fd", "%s(%d, %d, %#x)", NULL, 
NULL },
 { TARGET_FREEBSD_NR___acl_set_file, "__acl_set_file", "%s(\"%s\", %d, %#x)", 
NULL, NULL },
 { TARGET_FREEBSD_NR___acl_set_link, "__acl_set_link", "%s(\"%s\", %d, %#x)", 
NULL, NULL },
+{ TARGET_FREEBSD_NR___getcwd, "__getcwd", NULL, NULL, NULL },
 { TARGET_FREEBSD_NR___semctl, "__semctl", NULL, NULL, NULL },
 { TARGET_FREEBSD_NR___syscall, "__syscall", NULL, NULL, NULL },
 { TARGET_FREEBSD_NR___sysctl, "__sysctl", NULL, print_sysctl, NULL },
-- 
1.9.3

[Qemu-devel] [PATCH 3/3 v2] bsd-user: Implement strace support for getcwd syscall

[Sean Bruno]

Signed-off-by: Sean Bruno 
---
 bsd-user/freebsd/strace.list | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bsd-user/freebsd/strace.list b/bsd-user/freebsd/strace.list
index 2800a2d..f10caaa 100644
--- a/bsd-user/freebsd/strace.list
+++ b/bsd-user/freebsd/strace.list
@@ -28,6 +28,7 @@
 { TARGET_FREEBSD_NR___acl_set_fd, "__acl_set_fd", "%s(%d, %d, %#x)", NULL, 
NULL },
 { TARGET_FREEBSD_NR___acl_set_file, "__acl_set_file", "%s(\"%s\", %d, %#x)", 
NULL, NULL },
 { TARGET_FREEBSD_NR___acl_set_link, "__acl_set_link", "%s(\"%s\", %d, %#x)", 
NULL, NULL },
+{ TARGET_FREEBSD_NR___getcwd, "__getcwd", NULL, NULL, NULL },
 { TARGET_FREEBSD_NR___semctl, "__semctl", NULL, NULL, NULL },
 { TARGET_FREEBSD_NR___syscall, "__syscall", NULL, NULL, NULL },
 { TARGET_FREEBSD_NR___sysctl, "__sysctl", NULL, print_sysctl, NULL },
-- 
1.9.3

[Qemu-devel] [PATCH 1/3 v2] bsd-user: Revert part of update to rules.mk

[Sean Bruno]

In c5cb1afc4675bf5ff66e7a149d2a8cffba2eaa9e rules.mk change was causing
complete failure on bsd-user when not using --disable-curl

Signed-off-by: Sean Bruno 
---
 rules.mak | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/rules.mak b/rules.mak
index dde8e00..4a33c27 100644
--- a/rules.mak
+++ b/rules.mak
@@ -22,7 +22,8 @@ QEMU_DGFLAGS += -MMD -MP -MT $@ -MF $(*D)/$(*F).d
 # Same as -I$(SRC_PATH) -I., but for the nested source/object directories
 QEMU_INCLUDES += -I$(

Re: [Qemu-devel] bsd-user: master is broken

[Sean Bruno]

On Sun, 2014-06-15 at 13:12 -0700, Sean Bruno wrote:
> On Sun, 2014-06-15 at 13:06 -0700, Sean Bruno wrote:
> >   rules.mak: Rewrite unnest-vars
> 
> Reverting this resolves the primary failure.  The logic here is off
> somehow.
> 
> sean
> 
> 

Ok, sent patchset in (v2 as, apparently, I cannot type an email address
correctly).

sean

[Qemu-devel] [PATCH 2/3 v2] bsd-user: Add patches to fix AES_* link errors

[Sean Bruno]

Redefine functions as QEMU_AES_* to avoid conflicts with AES_* in
-lcrypto needed (at least) by -lcurl.

Take from emulators/qemu-devel/files/patch-include-qemu-aes.h

Signed-off-by: Sean Bruno 
Signed-off-by: Ed Maste 
---
 include/qemu/aes.h | 9 +
 1 file changed, 9 insertions(+)

diff --git a/include/qemu/aes.h b/include/qemu/aes.h
index e79c707..d310411 100644
--- a/include/qemu/aes.h
+++ b/include/qemu/aes.h
@@ -10,6 +10,15 @@ struct aes_key_st {
 };
 typedef struct aes_key_st AES_KEY;
 
+/* FreeBSD has it's own AES_set_decrypt_key in -lcrypto, avoid conflicts */
+#ifdef __FreeBSD__
+#define AES_set_encrypt_key QEMU_AES_set_encrypt_key
+#define AES_set_decrypt_key QEMU_AES_set_decrypt_key
+#define AES_encrypt QEMU_AES_encrypt
+#define AES_decrypt QEMU_AES_decrypt
+#define AES_cbc_encrypt QEMU_AES_cbc_encrypt
+#endif
+
 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
AES_KEY *key);
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-- 
1.9.3

[Qemu-devel] [PATCH 0/3 v2] bsd-user: Fix linking/dependency issues

[Sean Bruno]

v2
 Correct email address for Ed Maste

Recent changes to master caused complete failures to build bsd-user.

Sean Bruno (3):
  bsd-user: Revert part of c5cb1afc4675bf5ff66e7a149d2a8cffba2eaa9e
  bsd-user: Add patches to fix AES_* link errors
  bsd-user: Implement strace support for getcwd syscall

 bsd-user/freebsd/strace.list | 1 +
 include/qemu/aes.h   | 9 +
 rules.mak| 3 ++-
 3 files changed, 12 insertions(+), 1 deletion(-)

-- 
1.9.3

Re: [Qemu-devel] [PATCH] usb: Fix usb-bt-dongle segfault.

[Hani Benhabiles]

On Wed, Jun 11, 2014 at 08:58:08PM +0200, Paolo Bonzini wrote:
> Il 11/06/2014 19:25, Hani Benhabiles ha scritto:
> >Due to an incomplete initialization, adding a usb-bt-dongle device through 
> >HMP
> >or QMP will cause a segmentation fault.
> >
> >Signed-off-by: Hani Benhabiles 
> >---
> >
> >Not sure about the exact policy of qemu-stable. CC'ing it as this bug 
> >results in
> >a segfault.
> >
> > hw/usb/dev-bluetooth.c | 6 ++
> > 1 file changed, 6 insertions(+)
> >
> >diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c
> >index a9661d2..6d02343 100644
> >--- a/hw/usb/dev-bluetooth.c
> >+++ b/hw/usb/dev-bluetooth.c
> >@@ -506,6 +506,12 @@ static int usb_bt_initfn(USBDevice *dev)
> >
> > usb_desc_create_serial(dev);
> > usb_desc_init(dev);
> >+s->dev.opaque = s;
> >+s->hci = bt_new_hci(qemu_find_bt_vlan(0));
> >+s->hci->opaque = s;
> >+s->hci->evt_recv = usb_bt_out_hci_packet_event;
> >+s->hci->acl_recv = usb_bt_out_hci_packet_acl;
> >+usb_bt_handle_reset(&s->dev);
> 
> 
> All lines but the s->hci assignment should be removed from usb_bt_init too.
> 
> As to s->hci, I suggest inlining usb_create_simple into usb_bt_init, and
> initializing s->hci there before doing the qdev_init() call.
> 
> Then here you can wrap the assignment under "if (!s->hci)".

I am afraid I don't quite understand what you want to achieve with this and why.

Could you please explain how is usb_bt_init() relevant to this case ?

Thanks

> 
> Thanks for TLC of this little-used piece of code.
> 
> Paolo
> 
> > s->intr = usb_ep_get(dev, USB_TOKEN_IN, USB_EVT_EP);
> >
> > return 0;
> >
> 

Re: [Qemu-devel] [RFC v1 1/2] arm: Add the cortex-a9 CPU to the a9mpcore device

[Alistair Francis]

Ping

On Tue, Jun 10, 2014 at 11:32 AM, Alistair Francis
 wrote:
> This patch adds the Cortex-A9 ARM CPU to the A9MPCore. It
> first does a check to make sure no other CPUs exist and if
> they do the Cortex-A9 won't be added. This is implemented to
> maintain compatibility and can be removed once all machines
> have been updated
>
> This patch also allows the midr and reset-property to be set
>
> Signed-off-by: Alistair Francis 
> ---
> There comments in the code explaining the reason that the CPU
> is initiated in the realize function. This is because it relies
> on the num_cpu property, which isn't yet set in the initfn
> Is this an acceptable compromise?
>
>  hw/cpu/a9mpcore.c |   43 +++
>  include/hw/cpu/a9mpcore.h |4 
>  2 files changed, 47 insertions(+), 0 deletions(-)
>
> diff --git a/hw/cpu/a9mpcore.c b/hw/cpu/a9mpcore.c
> index c09358c..1159044 100644
> --- a/hw/cpu/a9mpcore.c
> +++ b/hw/cpu/a9mpcore.c
> @@ -21,6 +21,12 @@ static void a9mp_priv_initfn(Object *obj)
>  {
>  A9MPPrivState *s = A9MPCORE_PRIV(obj);
>
> +/* Ideally would init the CPUs here, but the num_cpu property has not 
> been
> + * set yet. So that only works if assuming a single CPU
> + * object_initialize(&s->cpu, sizeof(s->cpu), "cortex-a9-" TYPE_ARM_CPU);
> + * object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
> + */
> +
>  memory_region_init(&s->container, obj, "a9mp-priv-container", 0x2000);
>  sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->container);
>
> @@ -50,6 +56,40 @@ static void a9mp_priv_realize(DeviceState *dev, Error 
> **errp)
>  Error *err = NULL;
>  int i;
>
> +/* Just a temporary measure to not break machines that init the CPU
> + * seperatly */
> +if (!first_cpu) {
> +s->cpu = g_malloc(sizeof(ARMCPU) * s->num_cpu);
> +for (i = 0; i < s->num_cpu; i++) {
> +object_initialize((s->cpu + i), sizeof(*(s->cpu + i)),
> +  "cortex-a9-" TYPE_ARM_CPU);
> +
> +if (s->midr) {
> +object_property_set_int(OBJECT((s->cpu + i)), s->midr,
> +"midr", &err);
> +if (err) {
> +error_propagate(errp, err);
> +exit(1);
> +}
> +}
> +if (s->reset_cbar) {
> +object_property_set_int(OBJECT((s->cpu + i)), s->reset_cbar,
> +"reset-cbar", &err);
> +if (err) {
> +error_propagate(errp, err);
> +exit(1);
> +}
> +}
> +object_property_set_bool(OBJECT((s->cpu + i)), true,
> + "realized", &err);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
> +}
> +g_free(s->cpu);
> +}
> +
>  scudev = DEVICE(&s->scu);
>  qdev_prop_set_uint32(scudev, "num-cpu", s->num_cpu);
>  object_property_set_bool(OBJECT(&s->scu), true, "realized", &err);
> @@ -152,6 +192,9 @@ static Property a9mp_priv_properties[] = {
>   * Other boards may differ and should set this property appropriately.
>   */
>  DEFINE_PROP_UINT32("num-irq", A9MPPrivState, num_irq, 96),
> +/* Properties for the A9 CPU */
> +DEFINE_PROP_UINT32("midr", A9MPPrivState, midr, 0),
> +DEFINE_PROP_UINT64("reset-cbar", A9MPPrivState, reset_cbar, 0),
>  DEFINE_PROP_END_OF_LIST(),
>  };
>
> diff --git a/include/hw/cpu/a9mpcore.h b/include/hw/cpu/a9mpcore.h
> index 5d67ca2..8e395a4 100644
> --- a/include/hw/cpu/a9mpcore.h
> +++ b/include/hw/cpu/a9mpcore.h
> @@ -29,6 +29,10 @@ typedef struct A9MPPrivState {
>  MemoryRegion container;
>  uint32_t num_irq;
>
> +ARMCPU *cpu;
> +uint32_t midr;
> +uint64_t reset_cbar;
> +
>  A9SCUState scu;
>  GICState gic;
>  A9GTimerState gtimer;
> --
> 1.7.1
>

[Qemu-devel] [Bug 599958] Re: Timedrift problems with Win7: hpet missing time drift fixups

[AndCycle]

I google about an old link talk about this issue can be fixed by not
using virtio

http://forum.proxmox.com/archive/index.php/t-5783.html

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/599958

Title:
  Timedrift problems with Win7: hpet missing time drift fixups

Status in QEMU:
  Confirmed

Bug description:
  We've been finding timedrift issues witth Win7 under qemu-kvm on our
  daily testing

  kvm.qemu-kvm-git.smp2.Win7.64.timedrift.with_load FAIL1   Time 
drift too large after rest period: 38.63%
  kvm.qemu-kvm-git.smp2.Win7.64.timedrift.with_reboot   FAIL1   Time 
drift too large at iteration 1: 17.77 seconds
  kvm.qemu-kvm-git.smp2.Win7.64.timedrift.with_migrationFAIL1   
Time drift too large at iteration 2: 3.08 seconds

  Steps to reproduce:

  timedrift.with_load

  1) Log into a guest.
  2) Take a time reading from the guest and host.
  3) Run load on the guest and host.
  4) Take a second time reading.
  5) Stop the load and rest for a while.
  6) Take a third time reading.
  7) If the drift immediately after load is higher than a user-
  specified value (in %), fail.
  If the drift after the rest period is higher than a user-specified value,
  fail.

  timedrift.with_migration

  1) Log into a guest.
  2) Take a time reading from the guest and host.
  3) Migrate the guest.
  4) Take a second time reading.
  5) If the drift (in seconds) is higher than a user specified value, fail.

  timedrift.with_reboot

  1) Log into a guest.
  2) Take a time reading from the guest and host.
  3) Reboot the guest.
  4) Take a second time reading.
  5) If the drift (in seconds) is higher than a user specified value, fail.

  This bug is to register those issues and keep an eye on them.

  Attached, some logs from the autotest tests executed on the guest

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/599958/+subscriptions

Re: [Qemu-devel] [PATCH v10 3/3] sPAPR: Implement sPAPRPHBClass::eeh_handler

[Gavin Shan]

On Wed, Jun 11, 2014 at 07:37:48PM -0600, Alex Williamson wrote:
>On Thu, 2014-06-12 at 10:02 +1000, Gavin Shan wrote:
>> On Wed, Jun 11, 2014 at 02:26:51PM -0600, Alex Williamson wrote:
>> >On Tue, 2014-06-10 at 12:03 +1000, Gavin Shan wrote:
>> >> The patch implements sPAPRPHBClass::eeh_handler so that the
>> >> EEH RTAS requests can be routed to VFIO for further handling.
>> >> 
>> >> Signed-off-by: Gavin Shan 
>> >> ---
>> >>  hw/ppc/spapr_pci_vfio.c | 56 
>> >> +
>> >>  1 file changed, 56 insertions(+)
>> >> 
>> >> diff --git a/hw/ppc/spapr_pci_vfio.c b/hw/ppc/spapr_pci_vfio.c
>> >> index 592d6a4..9750cf0 100644
>> >> --- a/hw/ppc/spapr_pci_vfio.c
>> >> +++ b/hw/ppc/spapr_pci_vfio.c
>> >> @@ -85,6 +85,61 @@ static void 
>> >> spapr_phb_vfio_finish_realize(sPAPRPHBState *sphb, Error **errp)
>> >>spapr_tce_get_iommu(tcet));
>> >>  }
>> >>  
>> >> +static int spapr_phb_vfio_eeh_handler(sPAPRPHBState *sphb, int req, int 
>> >> opt)
>> >> +{
>> >> +sPAPRPHBVFIOState *svphb = SPAPR_PCI_VFIO_HOST_BRIDGE(sphb);
>> >> +struct vfio_eeh_pe_op op = { .argsz = sizeof(op), .flags = 0 };
>> >
>> >FWIW, flags = 0 isn't actually necessary.  I'm sure someone here can
>> >quote the C spec, but it's my understanding that if any field of a
>> >structure is initialized, the remaining fields are zero initialized.
>> >vfio.c has a mix of initializations depending on whether using an
>> >explicit value for flags adds to the code clarity.
>> >
>> 
>> Yes, but it's not harmful. Please let me know if you want me to remove
>> it :-)
>
>It's ok, explicit initialization doesn't hurt anything here.  The series
>looks ok to me, but it depends on the header update, so it needs to wait
>for that to happen in the kernel.  I provided my ack for the other
>series, but let me know if I need to push the vfio changes through my
>tree.  Thanks,
>

Thanks, Alex. The kernel part should be merged firstly. All the stuff
(kernel & QEMU part) depends on Alexey's VFIO stuff. So lets wait until
Alexey's VFIO stuff gets merged. That time, I guess I probably have to
rebase and send out a new revision (with your ack of course).

Thanks,
Gavin

>> I had a very quick experiment on x86
>> and Power Linux with following tiny program and the result is just
>> what you think: 
>> 
>> With "struct test foo" in func2():
>>  func2: foo.a=0x, foo.b=0x
>> with "static struct test foo" in func2(). Here's the explaining about
>> this: section 2.4.2.3 of 
>> http://www.gnu.org/software/gnu-c-manual/gnu-c-manual.html#Initializing-Structure-Members
>>  func2: foo.a=0x, foo.b=0x
>> with "struct test foo = { .a = 0 }" in func2().
>>  func2: foo.a=0x, foo.b=0x
>> With "struct test foo = { 0 }" in func2():
>>  func2: foo.a=0x, foo.b=0x
>> 
>> ---
>> 
>> #include 
>> 
>> struct test {
>> int a;
>> int b;
>> };
>> 
>> static func1(void)
>> {
>> int var[1000];
>> int i;
>> 
>> for (i = 0; i < 1000; i++)
>> var[i] = 0x;
>> }
>> 
>> static func2(void)
>> {
>> struct test foo; 
>> 
>> printf("%s: foo.a=0x%08x, foo.b=0x%08x\n",
>> __func__, foo.a, foo.b);
>> }
>> 
>> int main(int argc, char **argv)
>> {
>> func1();
>> func2();
>> 
>> return 0;
>> }
>> 
>> Thanks,
>> Gavin
>> 
>> >> +int cmd;
>> >> +
>> >> +switch (req) {
>> >> +case RTAS_EEH_REQ_SET_OPTION:
>> >> +switch (opt) {
>> >> +case RTAS_EEH_DISABLE:
>> >> +cmd = VFIO_EEH_PE_DISABLE;
>> >> +break;
>> >> +case RTAS_EEH_ENABLE:
>> >> +cmd = VFIO_EEH_PE_ENABLE;
>> >> +break;
>> >> +case RTAS_EEH_THAW_IO:
>> >> +cmd = VFIO_EEH_PE_UNFREEZE_IO;
>> >> +break;
>> >> +case RTAS_EEH_THAW_DMA:
>> >> +cmd = VFIO_EEH_PE_UNFREEZE_DMA;
>> >> +break;
>> >> +default:
>> >> +return -EINVAL;
>> >> +}
>> >> +break;
>> >> +case RTAS_EEH_REQ_GET_STATE:
>> >> +cmd = VFIO_EEH_PE_GET_STATE;
>> >> +break;
>> >> +case RTAS_EEH_REQ_RESET:
>> >> +switch (opt) {
>> >> +case RTAS_SLOT_RESET_DEACTIVATE:
>> >> +cmd = VFIO_EEH_PE_RESET_DEACTIVATE;
>> >> +break;
>> >> +case RTAS_SLOT_RESET_HOT:
>> >> +cmd = VFIO_EEH_PE_RESET_HOT;
>> >> +break;
>> >> +case RTAS_SLOT_RESET_FUNDAMENTAL:
>> >> +cmd = VFIO_EEH_PE_RESET_FUNDAMENTAL;
>> >> +break;
>> >> +default:
>> >> +return -EINVAL;
>> >> +}
>> >> +break;
>> >> +case RTAS_EEH_REQ_CONFIGURE:
>> >> +cmd = VFIO_EEH_PE_CONFIGURE;
>> >> +break;
>> >> +default:
>> >> + return -EINVAL;
>> >> +}
>> >> +
>> >> +op.op = cmd;
>> >> +retur

[Qemu-devel] [PULL 0/6] migration queue

[Juan Quintela]

Hi Peter

This is the previous pull request with:

- Added fix for RDMA
- Change default downtime
- fix the compilation error on 32bits, basically use RAM_ADDR_FMT for the format
  checked that it compiles

Please, apply, Juan.


The following changes since commit 06a59afac4505f5ed942db4200e5ca16fcbba74d:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-usb-20140613-1' into 
staging (2014-06-13 18:18:55 +0100)

are available in the git repository at:


  git://github.com/juanquintela/qemu.git tags/migration/20140616

for you to fetch changes up to db80facefa62dff42bb50c73b0f03eda5f732b49:

  migration: catch unknown flags in ram_load (2014-06-16 04:55:27 +0200)


migration/next for 20140616


Alexey Kardashevskiy (1):
  migration: Increase default max_downtime from 30ms to 300ms

Gonglei (1):
  rdma: Fix block during rdma migration

Juan Quintela (3):
  savevm: Remove all the unneeded version_minimum_id_old (ppc)
  savevm: Remove all the unneeded version_minimum_id_old (x86)
  vmstate: Refactor opening of files

Peter Lieven (1):
  migration: catch unknown flags in ram_load

 arch_init.c| 42 +++-
 hw/acpi/ich9.c |  1 -
 hw/acpi/pcihp.c|  3 +-
 hw/acpi/piix4.c|  8 ++
 hw/audio/ac97.c|  6 ++--
 hw/audio/cs4231.c  |  3 +-
 hw/audio/cs4231a.c |  3 +-
 hw/audio/es1370.c  |  6 ++--
 hw/audio/gus.c |  3 +-
 hw/audio/hda-codec.c   |  4 +--
 hw/audio/intel-hda.c   |  4 +--
 hw/audio/sb16.c|  3 +-
 hw/block/fdc.c | 16 ---
 hw/char/escc.c |  6 ++--
 hw/char/serial-pci.c   |  4 +--
 hw/char/serial.c   |  2 +-
 hw/char/spapr_vty.c|  3 +-
 hw/display/cirrus_vga.c|  6 ++--
 hw/display/vga-pci.c   |  3 +-
 hw/display/vga.c   |  3 +-
 hw/display/vmware_vga.c|  6 ++--
 hw/dma/i8257.c |  6 ++--
 hw/i386/acpi-build.c   |  3 +-
 hw/i386/kvm/clock.c|  1 -
 hw/i386/kvmvapic.c |  3 --
 hw/i386/pc.c   |  3 +-
 hw/i386/xen/xen_platform.c |  3 +-
 hw/ide/ahci.c  |  6 ++--
 hw/ide/ich.c   |  2 +-
 hw/ide/isa.c   |  3 +-
 hw/ide/pci.c   | 12 +++-
 hw/input/pckbd.c   |  6 ++--
 hw/input/ps2.c | 12 +++-
 hw/input/vmmouse.c |  3 +-
 hw/intc/heathrow_pic.c |  6 ++--
 hw/intc/i8259_common.c |  1 -
 hw/intc/ioapic_common.c|  1 -
 hw/intc/xics.c |  9 ++
 hw/isa/apm.c   |  1 -
 hw/isa/lpc_ich9.c  |  1 -
 hw/isa/piix4.c |  3 +-
 hw/isa/vt82c686.c  |  6 ++--
 hw/net/e1000.c |  6 ++--
 hw/net/eepro100.c  |  3 +-
 hw/net/ne2000-isa.c|  3 +-
 hw/net/ne2000.c|  6 ++--
 hw/net/pcnet-pci.c |  3 +-
 hw/net/pcnet.c |  3 +-
 hw/net/rtl8139.c   |  9 ++
 hw/net/spapr_llan.c|  3 +-
 hw/net/vmxnet3.c   |  4 +--
 hw/nvram/eeprom93xx.c  |  3 +-
 hw/nvram/fw_cfg.c  |  3 +-
 hw/pci-bridge/ioh3420.c|  1 -
 hw/pci-bridge/xio3130_downstream.c |  1 -
 hw/pci-bridge/xio3130_upstream.c   |  1 -
 hw/pci-host/piix.c |  7 ++---
 hw/pci-host/ppce500.c  |  9 ++
 hw/pci-host/q35.c  |  3 +-
 hw/pci/pci.c   |  9 ++
 hw/pci/pcie_aer.c  |  6 ++--
 hw/ppc/ppc4xx_pci.c|  9 ++
 hw/ppc/spapr.c |  3 +-
 hw/ppc/spapr_iommu.c   |  3 +-
 hw/ppc/spapr_pci.c |  9 ++
 hw/ppc/spapr_vio.c |  3 +-
 hw/scsi/lsi53c895a.c   |  3 +-
 hw/scsi/megasas.c  |  3 +-
 hw/scsi/scsi-bus.c |  4 +--
 hw/scsi/scsi-disk.c|  1 -
 hw/scsi/spapr_vscsi.c  |  6 ++--
 hw/scsi/vmw_pvscsi.c   |  3 +-
 hw/timer/hpet.c|  9 ++
 hw/timer/i8254_common.c|  1 -
 hw/timer/m48t59.c  |  3 +-
 hw/timer/mc146818rtc.c |  3 +-
 hw/watchdog/wdt_i6300esb.c | 14 +-
 hw/watchdog/wdt_ib700.c|  3 +-
 migration-rdma.c   |  1 +
 migration.c|  4 +--
 target-i386/machine.c  | 57 +-
 target-ppc/machine.c 

[Qemu-devel] [PATCH 1/6] savevm: Remove all the unneeded version_minimum_id_old (ppc)

[Juan Quintela]

After previous Peter patch, they are redundant.  This way we don't
assign them except when needed.  Once there, there were lots of case
where the ".fields" indentation was wrong:

 .fields = (VMStateField []) {
and
 .fields =  (VMStateField []) {

Change all the combinations to:

 .fields = (VMStateField[]){

The biggest problem (appart from aesthetics) was that checkpatch complained
when we copy&pasted the code from one place to another.

Signed-off-by: Juan Quintela 
Acked-by: Alexey Kardashevskiy 
---
 hw/char/escc.c |  6 ++
 hw/char/spapr_vty.c|  3 +--
 hw/intc/heathrow_pic.c |  6 ++
 hw/intc/xics.c |  9 +++--
 hw/net/spapr_llan.c|  3 +--
 hw/pci-host/ppce500.c  |  9 +++--
 hw/ppc/ppc4xx_pci.c|  9 +++--
 hw/ppc/spapr.c |  3 +--
 hw/ppc/spapr_iommu.c   |  3 +--
 hw/ppc/spapr_pci.c |  9 +++--
 hw/ppc/spapr_vio.c |  3 +--
 hw/scsi/spapr_vscsi.c  |  6 ++
 hw/timer/m48t59.c  |  3 +--
 target-ppc/machine.c   | 38 +-
 14 files changed, 37 insertions(+), 73 deletions(-)

diff --git a/hw/char/escc.c b/hw/char/escc.c
index d9a20aa..ba653ef 100644
--- a/hw/char/escc.c
+++ b/hw/char/escc.c
@@ -660,8 +660,7 @@ static const VMStateDescription vmstate_escc_chn = {
 .name ="escc_chn",
 .version_id = 2,
 .minimum_version_id = 1,
-.minimum_version_id_old = 1,
-.fields  = (VMStateField []) {
+.fields = (VMStateField[]) {
 VMSTATE_UINT32(vmstate_dummy, ChannelState),
 VMSTATE_UINT32(reg, ChannelState),
 VMSTATE_UINT32(rxint, ChannelState),
@@ -680,8 +679,7 @@ static const VMStateDescription vmstate_escc = {
 .name ="escc",
 .version_id = 2,
 .minimum_version_id = 1,
-.minimum_version_id_old = 1,
-.fields  = (VMStateField []) {
+.fields = (VMStateField[]) {
 VMSTATE_STRUCT_ARRAY(chn, ESCCState, 2, 2, vmstate_escc_chn,
  ChannelState),
 VMSTATE_END_OF_LIST()
diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
index f8a4981..0adf096 100644
--- a/hw/char/spapr_vty.c
+++ b/hw/char/spapr_vty.c
@@ -148,8 +148,7 @@ static const VMStateDescription vmstate_spapr_vty = {
 .name = "spapr_vty",
 .version_id = 1,
 .minimum_version_id = 1,
-.minimum_version_id_old = 1,
-.fields  = (VMStateField []) {
+.fields = (VMStateField[]) {
 VMSTATE_SPAPR_VIO(sdev, VIOsPAPRVTYDevice),

 VMSTATE_UINT32(in, VIOsPAPRVTYDevice),
diff --git a/hw/intc/heathrow_pic.c b/hw/intc/heathrow_pic.c
index 9818f24..9ff3119 100644
--- a/hw/intc/heathrow_pic.c
+++ b/hw/intc/heathrow_pic.c
@@ -159,8 +159,7 @@ static const VMStateDescription vmstate_heathrow_pic_one = {
 .name = "heathrow_pic_one",
 .version_id = 0,
 .minimum_version_id = 0,
-.minimum_version_id_old = 0,
-.fields  = (VMStateField[]) {
+.fields = (VMStateField[]) {
 VMSTATE_UINT32(events, HeathrowPIC),
 VMSTATE_UINT32(mask, HeathrowPIC),
 VMSTATE_UINT32(levels, HeathrowPIC),
@@ -173,8 +172,7 @@ static const VMStateDescription vmstate_heathrow_pic = {
 .name = "heathrow_pic",
 .version_id = 1,
 .minimum_version_id = 1,
-.minimum_version_id_old = 1,
-.fields  = (VMStateField[]) {
+.fields = (VMStateField[]) {
 VMSTATE_STRUCT_ARRAY(pics, HeathrowPICS, 2, 1,
  vmstate_heathrow_pic_one, HeathrowPIC),
 VMSTATE_END_OF_LIST()
diff --git a/hw/intc/xics.c b/hw/intc/xics.c
index 64aabe7..76dd6f5 100644
--- a/hw/intc/xics.c
+++ b/hw/intc/xics.c
@@ -330,10 +330,9 @@ static const VMStateDescription vmstate_icp_server = {
 .name = "icp/server",
 .version_id = 1,
 .minimum_version_id = 1,
-.minimum_version_id_old = 1,
 .pre_save = icp_dispatch_pre_save,
 .post_load = icp_dispatch_post_load,
-.fields  = (VMStateField []) {
+.fields = (VMStateField[]) {
 /* Sanity check */
 VMSTATE_UINT32(xirr, ICPState),
 VMSTATE_UINT8(pending_priority, ICPState),
@@ -566,8 +565,7 @@ static const VMStateDescription vmstate_ics_irq = {
 .name = "ics/irq",
 .version_id = 1,
 .minimum_version_id = 1,
-.minimum_version_id_old = 1,
-.fields  = (VMStateField []) {
+.fields = (VMStateField[]) {
 VMSTATE_UINT32(server, ICSIRQState),
 VMSTATE_UINT8(priority, ICSIRQState),
 VMSTATE_UINT8(saved_priority, ICSIRQState),
@@ -580,10 +578,9 @@ static const VMStateDescription vmstate_ics = {
 .name = "ics",
 .version_id = 1,
 .minimum_version_id = 1,
-.minimum_version_id_old = 1,
 .pre_save = ics_dispatch_pre_save,
 .post_load = ics_dispatch_post_load,
-.fields  = (VMStateField []) {
+.fields = (VMStateField[]) {
 /* Sanity check */
 VMSTATE_UINT32_EQUAL(nr_irqs, ICSState),

diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index c47..2d47df6 100644
--- a/hw/net/spap

[Qemu-devel] [PATCH 4/6] migration: Increase default max_downtime from 30ms to 300ms

[Juan Quintela]

From: Alexey Kardashevskiy 

The existing timeout is 30ms which on 100MB/s (1Gbit) gives us
3MB/s rate maximum. If we put some load on the guest, it is easy to
get page dirtying rate too big so live migration will never complete.
In the case of libvirt that means that the guest will be stopped
anyway after a timeout specified in the "virsh migrate" command and
this normally generates even bigger delay.

This changes max_downtime to 300ms which seems to be more
reasonable value.

Signed-off-by: Alexey Kardashevskiy 
Signed-off-by: Juan Quintela 
---
 migration.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migration.c b/migration.c
index 3fc03d6..873fa96 100644
--- a/migration.c
+++ b/migration.c
@@ -133,7 +133,7 @@ void process_incoming_migration(QEMUFile *f)
  * the choice of nanoseconds is because it is the maximum resolution that
  * get_clock() can achieve. It is an internal measure. All user-visible
  * units must be in seconds */
-static uint64_t max_downtime = 3000;
+static uint64_t max_downtime = 3;

 uint64_t migrate_max_downtime(void)
 {
-- 
1.9.3

[Qemu-devel] [PATCH 5/6] rdma: Fix block during rdma migration

[Juan Quintela]

From: Gonglei 

If the networking break or there's something wrong with rdma
device(ib0 with no IP) during rdma migration, the main_loop of
qemu will be blocked in rdma_destroy_id. I add rdma_ack_cm_event
to fix this bug.

Signed-off-by: Mo Yuxiang 
Signed-off-by: Gonglei 
Reviewed-by: Michael R. Hines 
Signed-off-by: Juan Quintela 
---
 migration-rdma.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/migration-rdma.c b/migration-rdma.c
index eeb4302..f60749b 100644
--- a/migration-rdma.c
+++ b/migration-rdma.c
@@ -949,6 +949,7 @@ route:
 ERROR(errp, "result not equal to event_addr_resolved %s",
 rdma_event_str(cm_event->event));
 perror("rdma_resolve_addr");
+rdma_ack_cm_event(cm_event);
 ret = -EINVAL;
 goto err_resolve_get_addr;
 }
-- 
1.9.3

[Qemu-devel] [PATCH 3/6] vmstate: Refactor opening of files

[Juan Quintela]

Signed-off-by: Juan Quintela 
Reviewed-by: Dr. David Alan Gilbert 
Reviewed-by: Amit Shah 
---
 tests/test-vmstate.c | 38 +++---
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/tests/test-vmstate.c b/tests/test-vmstate.c
index 30cc721..8b242c4 100644
--- a/tests/test-vmstate.c
+++ b/tests/test-vmstate.c
@@ -44,14 +44,14 @@ void yield_until_fd_readable(int fd)
 }

 /* Duplicate temp_fd and seek to the beginning of the file */
-static int dup_temp_fd(bool truncate)
+static QEMUFile *open_test_file(bool write)
 {
 int fd = dup(temp_fd);
 lseek(fd, 0, SEEK_SET);
-if (truncate) {
+if (write) {
 g_assert_cmpint(ftruncate(fd, 0), ==, 0);
 }
-return fd;
+return qemu_fdopen(fd, write ? "wb" : "rb");
 }

 typedef struct TestSruct {
@@ -76,13 +76,13 @@ static const VMStateDescription vmstate_simple = {

 static void test_simple_save(void)
 {
-QEMUFile *fsave = qemu_fdopen(dup_temp_fd(true), "wb");
+QEMUFile *fsave = open_test_file(true);
 TestStruct obj = { .a = 1, .b = 2, .c = 3, .d = 4 };
 vmstate_save_state(fsave, &vmstate_simple, &obj);
 g_assert(!qemu_file_get_error(fsave));
 qemu_fclose(fsave);

-QEMUFile *loading = qemu_fdopen(dup_temp_fd(false), "rb");
+QEMUFile *loading = open_test_file(false);
 uint8_t expected[] = {
 0, 0, 0, 1, /* a */
 0, 0, 0, 2, /* b */
@@ -104,7 +104,7 @@ static void test_simple_save(void)

 static void test_simple_load(void)
 {
-QEMUFile *fsave = qemu_fdopen(dup_temp_fd(true), "wb");
+QEMUFile *fsave = open_test_file(true);
 uint8_t buf[] = {
 0, 0, 0, 10, /* a */
 0, 0, 0, 20, /* b */
@@ -115,7 +115,7 @@ static void test_simple_load(void)
 qemu_put_buffer(fsave, buf, sizeof(buf));
 qemu_fclose(fsave);

-QEMUFile *loading = qemu_fdopen(dup_temp_fd(false), "rb");
+QEMUFile *loading = open_test_file(false);
 TestStruct obj;
 vmstate_load_state(loading, &vmstate_simple, &obj, 1);
 g_assert(!qemu_file_get_error(loading));
@@ -145,7 +145,7 @@ static const VMStateDescription vmstate_versioned = {

 static void test_load_v1(void)
 {
-QEMUFile *fsave = qemu_fdopen(dup_temp_fd(true), "wb");
+QEMUFile *fsave = open_test_file(true);
 uint8_t buf[] = {
 0, 0, 0, 10, /* a */
 0, 0, 0, 30, /* c */
@@ -155,7 +155,7 @@ static void test_load_v1(void)
 qemu_put_buffer(fsave, buf, sizeof(buf));
 qemu_fclose(fsave);

-QEMUFile *loading = qemu_fdopen(dup_temp_fd(false), "rb");
+QEMUFile *loading = open_test_file(false);
 TestStruct obj = { .b = 200, .e = 500, .f = 600 };
 vmstate_load_state(loading, &vmstate_versioned, &obj, 1);
 g_assert(!qemu_file_get_error(loading));
@@ -170,7 +170,7 @@ static void test_load_v1(void)

 static void test_load_v2(void)
 {
-QEMUFile *fsave = qemu_fdopen(dup_temp_fd(true), "wb");
+QEMUFile *fsave = open_test_file(true);
 uint8_t buf[] = {
 0, 0, 0, 10, /* a */
 0, 0, 0, 20, /* b */
@@ -183,7 +183,7 @@ static void test_load_v2(void)
 qemu_put_buffer(fsave, buf, sizeof(buf));
 qemu_fclose(fsave);

-QEMUFile *loading = qemu_fdopen(dup_temp_fd(false), "rb");
+QEMUFile *loading = open_test_file(false);
 TestStruct obj;
 vmstate_load_state(loading, &vmstate_versioned, &obj, 2);
 g_assert_cmpint(obj.a, ==, 10);
@@ -219,14 +219,14 @@ static const VMStateDescription vmstate_skipping = {

 static void test_save_noskip(void)
 {
-QEMUFile *fsave = qemu_fdopen(dup_temp_fd(true), "wb");
+QEMUFile *fsave = open_test_file(true);
 TestStruct obj = { .a = 1, .b = 2, .c = 3, .d = 4, .e = 5, .f = 6,
.skip_c_e = false };
 vmstate_save_state(fsave, &vmstate_skipping, &obj);
 g_assert(!qemu_file_get_error(fsave));
 qemu_fclose(fsave);

-QEMUFile *loading = qemu_fdopen(dup_temp_fd(false), "rb");
+QEMUFile *loading = open_test_file(false);
 uint8_t expected[] = {
 0, 0, 0, 1, /* a */
 0, 0, 0, 2, /* b */
@@ -250,14 +250,14 @@ static void test_save_noskip(void)

 static void test_save_skip(void)
 {
-QEMUFile *fsave = qemu_fdopen(dup_temp_fd(true), "wb");
+QEMUFile *fsave = open_test_file(true);
 TestStruct obj = { .a = 1, .b = 2, .c = 3, .d = 4, .e = 5, .f = 6,
.skip_c_e = true };
 vmstate_save_state(fsave, &vmstate_skipping, &obj);
 g_assert(!qemu_file_get_error(fsave));
 qemu_fclose(fsave);

-QEMUFile *loading = qemu_fdopen(dup_temp_fd(false), "rb");
+QEMUFile *loading = open_test_file(false);
 uint8_t expected[] = {
 0, 0, 0, 1, /* a */
 0, 0, 0, 2, /* b */
@@ -280,7 +280,7 @@ static void test_save_skip(void)

 static void test_load_noskip(void)
 {
-QEMUFile *fsave = qemu_fdopen(dup_temp_fd(true), "wb");
+QEMUFile *fsave 

[Qemu-devel] [PATCH 6/6] migration: catch unknown flags in ram_load

[Juan Quintela]

From: Peter Lieven 

if a saved vm has unknown flags in the memory data qemu
currently simply ignores this flag and continues which
yields in an unpredictable result.

This patch catches all unknown flags and aborts the
loading of the vm. Additionally error reports are thrown
if the migration aborts abnormally.

Signed-off-by: Peter Lieven 
Signed-off-by: Juan Quintela 
---
 arch_init.c | 42 +++---
 migration.c |  2 +-
 2 files changed, 24 insertions(+), 20 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 23044c1..8ddaf35 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -1040,17 +1040,15 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 {
 ram_addr_t addr;
 int flags, ret = 0;
-int error;
 static uint64_t seq_iter;

 seq_iter++;

 if (version_id != 4) {
 ret = -EINVAL;
-goto done;
 }

-do {
+while (!ret) {
 addr = qemu_get_be64(f);

 flags = addr & ~TARGET_PAGE_MASK;
@@ -1078,7 +1076,6 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
  " in != " RAM_ADDR_FMT, id, length,
  block->length);
 ret =  -EINVAL;
-goto done;
 }
 break;
 }
@@ -1088,21 +1085,22 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 error_report("Unknown ramblock \"%s\", cannot "
  "accept migration", id);
 ret = -EINVAL;
-goto done;
+}
+if (ret) {
+break;
 }

 total_ram_bytes -= length;
 }
-}
-
-if (flags & RAM_SAVE_FLAG_COMPRESS) {
+} else if (flags & RAM_SAVE_FLAG_COMPRESS) {
 void *host;
 uint8_t ch;

 host = host_from_stream_offset(f, addr, flags);
 if (!host) {
+error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
 ret = -EINVAL;
-goto done;
+break;
 }

 ch = qemu_get_byte(f);
@@ -1112,33 +1110,39 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)

 host = host_from_stream_offset(f, addr, flags);
 if (!host) {
+error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
 ret = -EINVAL;
-goto done;
+break;
 }

 qemu_get_buffer(f, host, TARGET_PAGE_SIZE);
 } else if (flags & RAM_SAVE_FLAG_XBZRLE) {
 void *host = host_from_stream_offset(f, addr, flags);
 if (!host) {
+error_report("Illegal RAM offset " RAM_ADDR_FMT, addr);
 ret = -EINVAL;
-goto done;
+break;
 }

 if (load_xbzrle(f, addr, host) < 0) {
+error_report("Failed to decompress XBZRLE page at "
+ RAM_ADDR_FMT, addr);
 ret = -EINVAL;
-goto done;
+break;
 }
 } else if (flags & RAM_SAVE_FLAG_HOOK) {
 ram_control_load_hook(f, flags);
+} else if (flags & RAM_SAVE_FLAG_EOS) {
+/* normal exit */
+break;
+} else {
+error_report("Unknown migration flags: %#x", flags);
+ret = -EINVAL;
+break;
 }
-error = qemu_file_get_error(f);
-if (error) {
-ret = error;
-goto done;
-}
-} while (!(flags & RAM_SAVE_FLAG_EOS));
+ret = qemu_file_get_error(f);
+}

-done:
 DPRINTF("Completed load of VM with exit code %d seq iteration "
 "%" PRIu64 "\n", ret, seq_iter);
 return ret;
diff --git a/migration.c b/migration.c
index 873fa96..8d675b3 100644
--- a/migration.c
+++ b/migration.c
@@ -98,7 +98,7 @@ static void process_incoming_migration_co(void *opaque)
 qemu_fclose(f);
 free_xbzrle_decoded_buf();
 if (ret < 0) {
-fprintf(stderr, "load of migration failed\n");
+error_report("load of migration failed: %s", strerror(-ret));
 exit(EXIT_FAILURE);
 }
 qemu_announce_self();
-- 
1.9.3

Re: [Qemu-devel] [PATCH 3/3] ppc debug: Add debug stub support

[bharat.bhus...@freescale.com]

> -Original Message-
> From: Alexander Graf [mailto:ag...@suse.de]
> Sent: Friday, June 13, 2014 4:55 PM
> To: Bhushan Bharat-R65777
> Cc: qemu-...@nongnu.org; qemu-devel@nongnu.org
> Subject: Re: [PATCH 3/3] ppc debug: Add debug stub support
> 
> 
> On 12.06.14 09:05, bharat.bhus...@freescale.com wrote:
> >
> >> -Original Message-
> >> From: Alexander Graf [mailto:ag...@suse.de]
> >> Sent: Wednesday, June 11, 2014 6:35 PM
> >> To: Bhushan Bharat-R65777
> >> Cc: qemu-...@nongnu.org; qemu-devel@nongnu.org
> >> Subject: Re: [PATCH 3/3] ppc debug: Add debug stub support
> >>
> >> On 06/10/2014 05:06 PM, Bharat Bhushan wrote:
> >>> This patch adds software breakpoint, hardware breakpoint and
> >>> hardware watchpoint support for ppc. If the debug interrupt is not
> >>> handled then this is injected to guest.
> >>>
> >>> Signed-off-by: Bharat Bhushan 
> >>> ---
> >>>hw/ppc/e500.c|   1 +
> >>>target-ppc/kvm.c | 304
> ++---
> >> --
> >>>target-ppc/kvm_ppc.h |   1 +
> >>>3 files changed, 278 insertions(+), 28 deletions(-)
> >>>
> >>> diff --git a/hw/ppc/e500.c b/hw/ppc/e500.c index a973c18..514c595
> >>> 100644
> >>> --- a/hw/ppc/e500.c
> >>> +++ b/hw/ppc/e500.c
> >>> @@ -853,6 +853,7 @@ void ppce500_init(MachineState *machine,
> >>> PPCE500Params
> >> *params)
> >>>if (kvm_enabled()) {
> >>>kvmppc_init();
> >>>}
> >>> +kvmppc_e500_hw_breakpoint_init();
> >>>}
> >>>
> >>>static int e500_ccsr_initfn(SysBusDevice *dev) diff --git
> >>> a/target-ppc/kvm.c b/target-ppc/kvm.c index 1d2384d..f5fbec6 100644
> >>> --- a/target-ppc/kvm.c
> >>> +++ b/target-ppc/kvm.c
> >>> @@ -38,6 +38,7 @@
> >>>#include "hw/ppc/ppc.h"
> >>>#include "sysemu/watchdog.h"
> >>>#include "trace.h"
> >>> +#include "exec/gdbstub.h"
> >>>
> >>>//#define DEBUG_KVM
> >>>
> >>> @@ -768,6 +769,38 @@ static int kvm_put_vpa(CPUState *cs)
> >>>
> >>>static int kvmppc_inject_debug_exception(CPUState *cs)
> >>>{
> >>> +PowerPCCPU *cpu = POWERPC_CPU(cs);
> >>> +CPUPPCState *env = &cpu->env;
> >>> +struct kvm_sregs sregs;
> >>> +int ret;
> >>> +
> >>> +if (!cap_booke_sregs) {
> >>> +return -1;
> >>> +}
> >>> +
> >>> +ret = kvm_vcpu_ioctl(cs, KVM_GET_SREGS, &sregs);
> >>> +if (ret < 0) {
> >>> +return -1;
> >>> +}
> >>> +
> >> I don't think any of this code should ever run for non-e500, no?
> > You mean the code below in this function?
> 
> Yeah :).

Why you think accessing sregs (cssr0/1, dsrr0/1 and ioctl) is e500 specific. 
Are not these valid for 4xx as well?

> 
> >
> >>> +if (sregs.u.e.features & KVM_SREGS_E_ED) {
> >> Hrm - we never seem to set E_ED in kvm?
> > Uhh, you are right. Going through the whole discussion about interrupt
> injection to guest I found that one patch missed for upstream.
> > Will send that patch
> >
> >>> +sregs.u.e.dsrr0 = env->nip;
> >>> +sregs.u.e.dsrr1 = env->msr;
> >>> +} else {
> >>> +sregs.u.e.csrr0 = env->nip;
> >>> +sregs.u.e.csrr1 = env->msr;
> >>> +}
> >>> +
> >>> +sregs.u.e.update_special = KVM_SREGS_E_UPDATE_DBSR;
> >>> +sregs.u.e.dbsr = env->spr[SPR_BOOKE_DBSR];
> >>> +
> >>> +ret = kvm_vcpu_ioctl(cs, KVM_SET_SREGS, &sregs);
> >>> +if (ret < 0) {
> >>> +return -1;
> >>> +}
> >>> +
> >>> +env->pending_interrupts &= ~(1 << PPC_INTERRUPT_DEBUG);
> >>> +
> >>>return 0;
> >>>}
> >>>
> >>> @@ -1275,6 +1308,239 @@ static int
> >>> kvmppc_handle_dcr_write(CPUPPCState *env,
> >> uint32_t dcrn, uint32_t dat
> >>>return 0;
> >>>}
> >>>
> >>> +int kvm_arch_insert_sw_breakpoint(CPUState *cs, struct
> >>> +kvm_sw_breakpoint *bp) {
> >>> +uint32_t sc = tswap32(debug_inst_opcode);
> >> Heh - this will become a lot of fun for real LE host as well as guest
> systems.
> > I am trying to understand the problem here, We want to byteswap opcode only 
> > if
> it is mixed endian (host and guest are of different endianess) case?
> 
> Yes :).
> 
> >
> >> For now just remove the tswap and add a comment that this needs fixing for
> LE.
> >>
> >>> +
> >>> +if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&bp->saved_insn, 4, 0)
> ||
> >>> +cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&sc, 4, 1)) {
> >>> +return -EINVAL;
> >>> +}
> >>> +
> >>> +return 0;
> >>> +}
> >>> +
> >>> +int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct
> >>> +kvm_sw_breakpoint *bp) {
> >>> +uint32_t sc;
> >>> +
> >>> +if (cpu_memory_rw_debug(cs, bp->pc, (uint8_t *)&sc, 4, 0) ||
> >>> +sc != tswap32(debug_inst_opcode) ||
> >> Same here.
> >>
> >> In fact, neither of the 2 operations are in a fast path. Can't we
> >> just fetch the debug inst opcode on demand in a function here?
> > Ok will do that.
> >
> >> That will allow for easier byte
> >> swapping depending on the guest's MSR.LE setting later as well.
> >>
> >>> + 

Re: [Qemu-devel] [RFC v1 2/2] zynq: Update Zynq to init the CPU in the a9mpcore device

[Peter Crosthwaite]

On Tue, Jun 10, 2014 at 11:33 AM, Alistair Francis
 wrote:
> This patch removes the initialisation of the ARM Cortex-A9
> in Zynq and instead allows the a9mpcore device to init the
> CPU. This also updates components that rely on the CPU
> and GIC, as they are now initialised in a slightly different
> way
>
> Signed-off-by: Alistair Francis 
> ---
> All other Cortex-A9 machines can be updated a similar way
>
> This patch breaks the AArch64 make check tests. I get a:
> 'Warning: "-global dynamic-prop-type-bad.prop3=103" not used'
> followed by a broken pipe and failure.
> Any hints on what would be causing this?
>
>  hw/arm/xilinx_zynq.c |   63 +++--
>  1 files changed, 30 insertions(+), 33 deletions(-)
>
> diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
> index ba5aa82..5a4ce5c 100644
> --- a/hw/arm/xilinx_zynq.c
> +++ b/hw/arm/xilinx_zynq.c
> @@ -26,6 +26,7 @@
>  #include "hw/loader.h"
>  #include "hw/ssi.h"
>  #include "qemu/error-report.h"
> +#include "hw/cpu/a9mpcore.h"
>
>  #define NUM_SPI_FLASHES 4
>  #define NUM_QSPI_FLASHES 2
> @@ -104,12 +105,10 @@ static inline void zynq_init_spi_flashes(uint32_t 
> base_addr, qemu_irq irq,
>  static void zynq_init(MachineState *machine)
>  {
>  ram_addr_t ram_size = machine->ram_size;
> -const char *cpu_model = machine->cpu_model;
>  const char *kernel_filename = machine->kernel_filename;
>  const char *kernel_cmdline = machine->kernel_cmdline;
>  const char *initrd_filename = machine->initrd_filename;
> -ObjectClass *cpu_oc;
> -ARMCPU *cpu;
> +A9MPPrivState *mpcore;
>  MemoryRegion *address_space_mem = get_system_memory();
>  MemoryRegion *ext_ram = g_new(MemoryRegion, 1);
>  MemoryRegion *ocm_ram = g_new(MemoryRegion, 1);
> @@ -119,30 +118,6 @@ static void zynq_init(MachineState *machine)
>  Error *err = NULL;
>  int n;
>
> -if (!cpu_model) {
> -cpu_model = "cortex-a9";
> -}

So this defeatures the cpu_model override. That's a good thing, but
it's worthwhile to leave a check behind explaining to the user that
the feature no longer exists:

if (machine->cpu_model) {
error_report("Zynq does not support CPU model override!\n";
exit(1);
}

> -cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
> -
> -cpu = ARM_CPU(object_new(object_class_get_name(cpu_oc)));
> -
> -object_property_set_int(OBJECT(cpu), ZYNQ_BOARD_MIDR, "midr", &err);
> -if (err) {
> -error_report("%s", error_get_pretty(err));
> -exit(1);
> -}
> -
> -object_property_set_int(OBJECT(cpu), MPCORE_PERIPHBASE, "reset-cbar", 
> &err);
> -if (err) {
> -error_report("%s", error_get_pretty(err));
> -exit(1);
> -}
> -object_property_set_bool(OBJECT(cpu), true, "realized", &err);
> -if (err) {
> -error_report("%s", error_get_pretty(err));
> -exit(1);
> -}
> -
>  /* max 2GB ram */
>  if (ram_size > 0x8000) {
>  ram_size = 0x8000;
> @@ -171,16 +146,38 @@ static void zynq_init(MachineState *machine)
>  qdev_init_nofail(dev);
>  sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xF800);
>
> -dev = qdev_create(NULL, "a9mpcore_priv");
> -qdev_prop_set_uint32(dev, "num-cpu", 1);
> -qdev_init_nofail(dev);
> -busdev = SYS_BUS_DEVICE(dev);
> +mpcore = A9MPCORE_PRIV(object_new("a9mpcore_priv"));
> +object_property_set_int(OBJECT(mpcore), 1, "num-cpu",
> +&err);
> +if (err) {
> +error_report("%s", error_get_pretty(err));
> +exit(1);
> +}
> +object_property_set_int(OBJECT(mpcore), ZYNQ_BOARD_MIDR, "midr",
> +&err);
> +if (err) {
> +error_report("%s", error_get_pretty(err));
> +exit(1);
> +}
> +object_property_set_int(OBJECT(mpcore), MPCORE_PERIPHBASE,
> +"reset-cbar", &err);
> +if (err) {
> +error_report("%s", error_get_pretty(err));
> +exit(1);
> +}
> +object_property_set_bool(OBJECT(mpcore), true, "realized", &err);
> +if (err != NULL) {
> +error_report("Couldn't realize the Zynq A9MPCore: %s",
> + error_get_pretty(err));
> +exit(1);
> +}

Can we just use the qdev_prop setters to cut down on the error boilerplate?

> +busdev = SYS_BUS_DEVICE(DEVICE(mpcore));
>  sysbus_mmio_map(busdev, 0, MPCORE_PERIPHBASE);
>  sysbus_connect_irq(busdev, 0,
> -   qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
> +   qdev_get_gpio_in(DEVICE(mpcore->cpu), ARM_CPU_IRQ));
>

Mpcore should now be responsible for connecting GIC to CPU. This
should go away for board that use MPCore driven CPU instantiation.

Regards,
Peter

>  for (n = 0; n < 64; n++) {
> -pic[n] = qdev_get_gpio_in(dev, n);
> +pic[n] = qdev_get_gpio_in(DEVICE(mpcore), n);
>  }
>
>  zynq_init_spi_flashes(0xE0006000, pic[58-IRQ_OFF

Re: [Qemu-devel] [RFC v1 1/2] arm: Add the cortex-a9 CPU to the a9mpcore device

[Peter Crosthwaite]

On Tue, Jun 10, 2014 at 11:32 AM, Alistair Francis
 wrote:
> This patch adds the Cortex-A9 ARM CPU to the A9MPCore. It
> first does a check to make sure no other CPUs exist and if
> they do the Cortex-A9 won't be added. This is implemented to
> maintain compatibility and can be removed once all machines
> have been updated
>
> This patch also allows the midr and reset-property to be set
>
> Signed-off-by: Alistair Francis 
> ---
> There comments in the code explaining the reason that the CPU
> is initiated in the realize function. This is because it relies
> on the num_cpu property, which isn't yet set in the initfn
> Is this an acceptable compromise?
>
>  hw/cpu/a9mpcore.c |   43 +++
>  include/hw/cpu/a9mpcore.h |4 
>  2 files changed, 47 insertions(+), 0 deletions(-)
>
> diff --git a/hw/cpu/a9mpcore.c b/hw/cpu/a9mpcore.c
> index c09358c..1159044 100644
> --- a/hw/cpu/a9mpcore.c
> +++ b/hw/cpu/a9mpcore.c
> @@ -21,6 +21,12 @@ static void a9mp_priv_initfn(Object *obj)
>  {
>  A9MPPrivState *s = A9MPCORE_PRIV(obj);
>
> +/* Ideally would init the CPUs here, but the num_cpu property has not 
> been
> + * set yet. So that only works if assuming a single CPU
> + * object_initialize(&s->cpu, sizeof(s->cpu), "cortex-a9-" TYPE_ARM_CPU);
> + * object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
> + */
> +

So you could add an integer property listener to init them earlier (or
even do dynamic extending/freeing or the allocated CPUs). I'm not sure
exactly what we are really supposed to do though, when the number of
child object depends on a prop like this? Andreas?

>  memory_region_init(&s->container, obj, "a9mp-priv-container", 0x2000);
>  sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->container);
>
> @@ -50,6 +56,40 @@ static void a9mp_priv_realize(DeviceState *dev, Error 
> **errp)
>  Error *err = NULL;
>  int i;
>
> +/* Just a temporary measure to not break machines that init the CPU
> + * seperatly */

"separately"

> +if (!first_cpu) {
> +s->cpu = g_malloc(sizeof(ARMCPU) * s->num_cpu);

g_new should be use to allocate arrays.

> +for (i = 0; i < s->num_cpu; i++) {
> +object_initialize((s->cpu + i), sizeof(*(s->cpu + i)),

&s->cpu[i] is more common and easier to read.

sizeof(*s->cpu) is fine.

> +  "cortex-a9-" TYPE_ARM_CPU);

Use cpu_class_by_name logic like in some of the boards, rather than
the string concatenation. The specifics of the concatenation system is
(supposed to be) private to target-arm code.

> +
> +if (s->midr) {
> +object_property_set_int(OBJECT((s->cpu + i)), s->midr,
> +"midr", &err);
> +if (err) {
> +error_propagate(errp, err);
> +exit(1);
> +}
> +}
> +if (s->reset_cbar) {
> +object_property_set_int(OBJECT((s->cpu + i)), s->reset_cbar,
> +"reset-cbar", &err);
> +if (err) {
> +error_propagate(errp, err);
> +exit(1);
> +}
> +}
> +object_property_set_bool(OBJECT((s->cpu + i)), true,
> + "realized", &err);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
> +}
> +g_free(s->cpu);

Why free the just-initialized CPUs?

> +}
> +
>  scudev = DEVICE(&s->scu);
>  qdev_prop_set_uint32(scudev, "num-cpu", s->num_cpu);
>  object_property_set_bool(OBJECT(&s->scu), true, "realized", &err);
> @@ -152,6 +192,9 @@ static Property a9mp_priv_properties[] = {
>   * Other boards may differ and should set this property appropriately.
>   */
>  DEFINE_PROP_UINT32("num-irq", A9MPPrivState, num_irq, 96),
> +/* Properties for the A9 CPU */
> +DEFINE_PROP_UINT32("midr", A9MPPrivState, midr, 0),
> +DEFINE_PROP_UINT64("reset-cbar", A9MPPrivState, reset_cbar, 0),
>  DEFINE_PROP_END_OF_LIST(),
>  };
>
> diff --git a/include/hw/cpu/a9mpcore.h b/include/hw/cpu/a9mpcore.h
> index 5d67ca2..8e395a4 100644
> --- a/include/hw/cpu/a9mpcore.h
> +++ b/include/hw/cpu/a9mpcore.h
> @@ -29,6 +29,10 @@ typedef struct A9MPPrivState {
>  MemoryRegion container;
>  uint32_t num_irq;
>
> +ARMCPU *cpu;
> +uint32_t midr;

I'd preface this as "cpu_midr".

> +uint64_t reset_cbar;

MPCores refer to this as PERIPHBASE in their documentation.

Regards,
Peter

> +
>  A9SCUState scu;
>  GICState gic;
>  A9GTimerState gtimer;
> --
> 1.7.1
>
>

Re: [Qemu-devel] [RFC v1 1/2] arm: Add the cortex-a9 CPU to the a9mpcore device

[Alistair Francis]

On Mon, Jun 16, 2014 at 2:43 PM, Peter Crosthwaite
 wrote:
> On Tue, Jun 10, 2014 at 11:32 AM, Alistair Francis
>  wrote:
>> This patch adds the Cortex-A9 ARM CPU to the A9MPCore. It
>> first does a check to make sure no other CPUs exist and if
>> they do the Cortex-A9 won't be added. This is implemented to
>> maintain compatibility and can be removed once all machines
>> have been updated
>>
>> This patch also allows the midr and reset-property to be set
>>
>> Signed-off-by: Alistair Francis 
>> ---
>> There comments in the code explaining the reason that the CPU
>> is initiated in the realize function. This is because it relies
>> on the num_cpu property, which isn't yet set in the initfn
>> Is this an acceptable compromise?
>>
>>  hw/cpu/a9mpcore.c |   43 +++
>>  include/hw/cpu/a9mpcore.h |4 
>>  2 files changed, 47 insertions(+), 0 deletions(-)
>>
>> diff --git a/hw/cpu/a9mpcore.c b/hw/cpu/a9mpcore.c
>> index c09358c..1159044 100644
>> --- a/hw/cpu/a9mpcore.c
>> +++ b/hw/cpu/a9mpcore.c
>> @@ -21,6 +21,12 @@ static void a9mp_priv_initfn(Object *obj)
>>  {
>>  A9MPPrivState *s = A9MPCORE_PRIV(obj);
>>
>> +/* Ideally would init the CPUs here, but the num_cpu property has not 
>> been
>> + * set yet. So that only works if assuming a single CPU
>> + * object_initialize(&s->cpu, sizeof(s->cpu), "cortex-a9-" 
>> TYPE_ARM_CPU);
>> + * object_property_add_child(obj, "cpu", OBJECT(&s->cpu), NULL);
>> + */
>> +
>
> So you could add an integer property listener to init them earlier (or
> even do dynamic extending/freeing or the allocated CPUs). I'm not sure
> exactly what we are really supposed to do though, when the number of
> child object depends on a prop like this? Andreas?

I'm open for ideas/opinions. The method used here seemed to be the easiest
to implement (and actually the only reliable method that I could think of).

>
>>  memory_region_init(&s->container, obj, "a9mp-priv-container", 0x2000);
>>  sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->container);
>>
>> @@ -50,6 +56,40 @@ static void a9mp_priv_realize(DeviceState *dev, Error 
>> **errp)
>>  Error *err = NULL;
>>  int i;
>>
>> +/* Just a temporary measure to not break machines that init the CPU
>> + * seperatly */
>
> "separately"
>
>> +if (!first_cpu) {
>> +s->cpu = g_malloc(sizeof(ARMCPU) * s->num_cpu);
>
> g_new should be use to allocate arrays.
>
>> +for (i = 0; i < s->num_cpu; i++) {
>> +object_initialize((s->cpu + i), sizeof(*(s->cpu + i)),
>
> &s->cpu[i] is more common and easier to read.
>
> sizeof(*s->cpu) is fine.
>
>> +  "cortex-a9-" TYPE_ARM_CPU);
>
> Use cpu_class_by_name logic like in some of the boards, rather than
> the string concatenation. The specifics of the concatenation system is
> (supposed to be) private to target-arm code.
>
>> +
>> +if (s->midr) {
>> +object_property_set_int(OBJECT((s->cpu + i)), s->midr,
>> +"midr", &err);
>> +if (err) {
>> +error_propagate(errp, err);
>> +exit(1);
>> +}
>> +}
>> +if (s->reset_cbar) {
>> +object_property_set_int(OBJECT((s->cpu + i)), s->reset_cbar,
>> +"reset-cbar", &err);
>> +if (err) {
>> +error_propagate(errp, err);
>> +exit(1);
>> +}
>> +}
>> +object_property_set_bool(OBJECT((s->cpu + i)), true,
>> + "realized", &err);
>> +if (err) {
>> +error_propagate(errp, err);
>> +return;
>> +}
>> +}
>> +g_free(s->cpu);
>
> Why free the just-initialized CPUs?

I shouldn't have done that, I don't know how that slipped through

>
>> +}
>> +
>>  scudev = DEVICE(&s->scu);
>>  qdev_prop_set_uint32(scudev, "num-cpu", s->num_cpu);
>>  object_property_set_bool(OBJECT(&s->scu), true, "realized", &err);
>> @@ -152,6 +192,9 @@ static Property a9mp_priv_properties[] = {
>>   * Other boards may differ and should set this property appropriately.
>>   */
>>  DEFINE_PROP_UINT32("num-irq", A9MPPrivState, num_irq, 96),
>> +/* Properties for the A9 CPU */
>> +DEFINE_PROP_UINT32("midr", A9MPPrivState, midr, 0),
>> +DEFINE_PROP_UINT64("reset-cbar", A9MPPrivState, reset_cbar, 0),
>>  DEFINE_PROP_END_OF_LIST(),
>>  };
>>
>> diff --git a/include/hw/cpu/a9mpcore.h b/include/hw/cpu/a9mpcore.h
>> index 5d67ca2..8e395a4 100644
>> --- a/include/hw/cpu/a9mpcore.h
>> +++ b/include/hw/cpu/a9mpcore.h
>> @@ -29,6 +29,10 @@ typedef struct A9MPPrivState {
>>  MemoryRegion container;
>>  uint32_t num_irq;
>>
>> +ARMCPU *cpu;
>> +uint32_t midr;
>
> I'd preface this as "cpu_midr".
>
>> +uint64_t re

Re: [Qemu-devel] [PATCH v2 15/17] target-arm: A64: Emulate the SMC insn

[Edgar E. Iglesias]

On Wed, Jun 11, 2014 at 04:14:06PM -0500, Greg Bellows wrote:
> On 9 June 2014 10:04, Edgar E. Iglesias  wrote:
> 
> > From: "Edgar E. Iglesias" 
> >
> > Signed-off-by: Edgar E. Iglesias 
> > ---
> >  target-arm/cpu.h   |  1 +
> >  target-arm/helper-a64.c|  1 +
> >  target-arm/helper.c|  6 ++
> >  target-arm/helper.h|  1 +
> >  target-arm/internals.h |  6 ++
> >  target-arm/op_helper.c | 27 +++
> >  target-arm/translate-a64.c | 10 ++
> >  7 files changed, 52 insertions(+)
> >
> > diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> > index 679f85f..371f6d2 100644
> > --- a/target-arm/cpu.h
> > +++ b/target-arm/cpu.h
> > @@ -52,6 +52,7 @@
> >  #define EXCP_KERNEL_TRAP 9   /* Jumped to kernel code page.  */
> >  #define EXCP_STREX  10
> >  #define EXCP_HVC11   /* HyperVisor Call */
> > +#define EXCP_SMC12   /* Secure Monitor Call */
> >
> >  #define ARMV7M_EXCP_RESET   1
> >  #define ARMV7M_EXCP_NMI 2
> > diff --git a/target-arm/helper-a64.c b/target-arm/helper-a64.c
> > index 974fa66..3894a6f 100644
> > --- a/target-arm/helper-a64.c
> > +++ b/target-arm/helper-a64.c
> > @@ -476,6 +476,7 @@ void aarch64_cpu_do_interrupt(CPUState *cs)
> >  case EXCP_UDEF:
> >  case EXCP_SWI:
> >  case EXCP_HVC:
> > +case EXCP_SMC:
> >  env->cp15.esr_el[new_el] = env->exception.syndrome;
> >  break;
> >  case EXCP_IRQ:
> > diff --git a/target-arm/helper.c b/target-arm/helper.c
> > index 89ccfa8..026c802 100644
> > --- a/target-arm/helper.c
> > +++ b/target-arm/helper.c
> > @@ -3307,6 +3307,12 @@ unsigned int arm_excp_target_el(CPUState *cs,
> > unsigned int excp_idx)
> >  case EXCP_HVC:
> >  target_el = MAX(target_el, 2);
> >  break;
> > +case EXCP_SMC:
> > +target_el = 3;
> > +if (!secure && cur_el == 1 && (env->cp15.hcr_el2 & HCR_TSC)) {
> >
> 
> Should we check if EL2 is enabled in this case as it would not make sense
> to target it if it is not.

Hi,

We force hcr_el2 to remain zero when EL2 is unavailable. When EL2
disabled, TSC will never be set.

Cheers,
Edgar


> 
> 
> > +target_el = 2;
> > +}
> > +break;
> >  }
> >  return target_el;
> >  }
> > diff --git a/target-arm/helper.h b/target-arm/helper.h
> > index fb711be..6c3d84d 100644
> > --- a/target-arm/helper.h
> > +++ b/target-arm/helper.h
> > @@ -51,6 +51,7 @@ DEF_HELPER_3(exception_with_syndrome, void, env, i32,
> > i32)
> >  DEF_HELPER_1(wfi, void, env)
> >  DEF_HELPER_1(wfe, void, env)
> >  DEF_HELPER_2(hvc, void, env, i32)
> > +DEF_HELPER_2(smc, void, env, i32)
> >
> >  DEF_HELPER_3(cpsr_write, void, env, i32, i32)
> >  DEF_HELPER_1(cpsr_read, i32, env)
> > diff --git a/target-arm/internals.h b/target-arm/internals.h
> > index 2da7a1b..ba269b0 100644
> > --- a/target-arm/internals.h
> > +++ b/target-arm/internals.h
> > @@ -54,6 +54,7 @@ static const char * const excnames[] = {
> >  [EXCP_KERNEL_TRAP] = "QEMU intercept of kernel commpage",
> >  [EXCP_STREX] = "QEMU intercept of STREX",
> >  [EXCP_HVC] = "Hypervisor Call",
> > +[EXCP_SMC] = "Secure Monitor Call",
> >  };
> >
> >  static inline void arm_log_exception(int idx)
> > @@ -210,6 +211,11 @@ static inline uint32_t syn_aa64_hvc(uint16_t imm16)
> >  return (EC_AA64_HVC << ARM_EL_EC_SHIFT) | ARM_EL_IL | imm16;
> >  }
> >
> > +static inline uint32_t syn_aa64_smc(uint16_t imm16)
> > +{
> > +return (EC_AA64_SMC << ARM_EL_EC_SHIFT) | ARM_EL_IL | imm16;
> > +}
> > +
> >  static inline uint32_t syn_aa32_svc(uint16_t imm16, bool is_thumb)
> >  {
> >  return (EC_AA32_SVC << ARM_EL_EC_SHIFT) | imm16
> > diff --git a/target-arm/op_helper.c b/target-arm/op_helper.c
> > index e51cbd6..524dee9 100644
> > --- a/target-arm/op_helper.c
> > +++ b/target-arm/op_helper.c
> > @@ -390,6 +390,33 @@ void HELPER(hvc)(CPUARMState *env, uint32_t syndrome)
> >  raise_exception(env, EXCP_HVC);
> >  }
> >
> > +void HELPER(smc)(CPUARMState *env, uint32_t syndrome)
> > +{
> > +int cur_el = arm_current_pl(env);
> > +/* FIXME: Use real secure state.  */
> > +bool secure = false;
> > +bool smd = env->cp15.scr_el3 & SCR_SMD;
> > +/* On ARMv8 AArch32, SMD only applies to NS mode.
> > + * On ARMv7 SMD only applies to NS mode and only if EL2 is available.
> > + * For ARMv7 non EL2, we force SMD to zero so we don't need to
> > re-check
> > + * the EL2 condition here.
> > + */
> > +bool udef = is_a64(env) ? smd : !secure && smd;
> > +
> > +/* In NS EL1, HCR controlled routing to EL2 has priority over SMD.  */
> > +if (!secure && cur_el == 1 && (env->cp15.hcr_el2 & HCR_TSC)) {
> > +udef = false;
> > +}
> > +
> > +/* We've already checked that EL3 exists at translation time.  */
> > +if (udef) {
> > +env->exception.syndrome = syn_uncategorized();
> > +raise_exception(env, EXCP_UDEF);
> > +}
> > +env->except

Re: [Qemu-devel] [PATCH RFC 0/4] fixes for pci tree

[Hu Tao]

On Sun, Jun 15, 2014 at 01:00:56PM +0300, Michael S. Tsirkin wrote:
> On Sat, Jun 14, 2014 at 12:48:55PM +0800, Hu Tao wrote:
> > Michael,
> > 
> > This is fixes for your pci tree.
> > 
> > patch 1 remove signed range as requested.
> 
> This also fixes make check failures so I applied this.
> 
> Others don't look like regressions to me -
> this is error handling in new functionality, correct?

Yes.


BTW, thre are two more problems:

1. if numa node number doesn't start from 0 then qemu will core dump.

cmd line:

./x86_64-softmmu/qemu-system-x86_64 -hda
/home/data/libvirt-images/f18.img  -m 128M,maxmem=2G,slots=3 -qmp
unix:/tmp/m,server,nowait -monitor stdio -enable-kvm -object
memory-backend-ram,id=m1,size=128M -numa node,nodeid=1,cpus=1,memdev=m1

This problem can be fixed by:

diff --git a/numa.c b/numa.c
index ce9382d..b00c5cf 100644
--- a/numa.c
+++ b/numa.c
@@ -270,10 +270,13 @@ void memory_region_allocate_system_memory(MemoryRegion 
*mr, Obj
 }
 
 memory_region_init(mr, owner, name, ram_size);
-for (i = 0; i < nb_numa_nodes; i++) {
+for (i = 0; i < MAX_NODES; i++) {
 Error *local_err = NULL;
 uint64_t size = numa_info[i].node_mem;
 HostMemoryBackend *backend = numa_info[i].node_memdev;
+if (!backend) {
+continue;
+}
 MemoryRegion *seg = host_memory_backend_get_memory(backend, 
&local_err);
 if (local_err) {
 qerror_report_err(local_err);

2. your current pci tree doesn't compile because patch 'qmp: add query-memdev' 
is dropped
while commit 5b517e74ed7825(hmp: add info memdev) depends on it. 

but patch 'qmp: add query-memdev' itself has a problem: if memory-backend-ram 
is on the command
line but no numa, info memdev returns nothing:

./x86_64-softmmu/qemu-system-x86_64 -hda /home/data/libvirt-images/f18.img  -m 
128M,maxmem=2G,slots=3 -qmp unix:/tmp/m,server,nowait -monitor stdio 
-enable-kvm -object memory-backend-ram,id=m1,size=128M 
QEMU 2.0.50 monitor - type 'help' for more information
(qemu) info memdev
(nothing returned)

even worse, if with -numa mem=size then qemu will core dump:

./x86_64-softmmu/qemu-system-x86_64 -hda /home/data/libvirt-images/f18.img  -m 
128M,maxmem=2G,slots=3 -qmp unix:/tmp/m,server,nowait -monitor stdio 
-enable-kvm -object memory-backend-ram,id=m1,size=128M -numa 
node,nodeid=0,cpus=0,mem=128M
(qemu) info memdev
Segmentation fault (core dumped)

this is because query_memdev searchs for memdev information in 
numa_info[].node_memdev,
which don't have value if there is no numa or numa isn't used with 
memory-backend-ram.

the solution can be gather memdevs in a list. Or query at /objects?

> Thus I'll wait for comments on these to be resolved,
> and hopefully for some acks.
> 
> > There are 3 problems in current pci tree, as follows:
> > 
> > 1. pc-dimm specified on command line but only -m size (aka not -m 
> > size,maxmem,slots)
> > 
> > ./x86_64-softmmu/qemu-system-x86_64 -hda
> > /home/data/libvirt-images/f18.img -smp 2 -object
> > memory-backend-ram,size=512M,id=ram-node0,prealloc=y,policy=bind,host-nodes=0
> > -device pc-dimm,id=d0,memdev=ram-node0  -m 640M  -qmp
> > unix:/tmp/m,server,nowait -monitor stdio -enable-kvm
> > 
> > result:
> > 
> > qemu/hw/mem/pc-dimm.c:110: pc_dimm_get_free_addr: Assertion
> > `address_space_end > address_space_size' failed.
> > Aborted (core dumped)
> > 
> > patch 2 fixes this.
> > 
> > 2. using qemu monitor command object-add to add a memory-backend-ram
> >object whose's size is too big
> > 
> > ./x86_64-softmmu/qemu-system-x86_64 -hda
> > /home/data/libvirt-images/f18.img -smp 2 -m 512M  -qmp
> > unix:/tmp/m,server,nowait -monitor stdio -enable-kvm
> > 
> > in monitor:
> > (qemu)object_add memory-backend-ram,size=40960G,id=mem0
> > 
> > result:
> > 
> > qemu just exits with message: Cannot set up guest memory 'mem0': Cannot 
> > allocate memory
> > 
> > patch 3 fixes this.
> > 
> > 3. specifying a non-existing directory for memory-backend-file
> > 
> > ./x86_64-softmmu/qemu-system-x86_64 -hda
> > /home/data/libvirt-images/f18.img -smp 2 -m 512M,maxmem=1000G,slots=100
> > -qmp unix:/tmp/m,server,nowait -monitor stdio -enable-kvm -object
> > memory-backend-file,size=512M,id=mem0,mem-path=/nonexistingdir -device
> > pc-dimm,id=d0,memdev=mem0
> > 
> > result:
> > 
> > /nonexistingdir: No such file or directory
> > Bad ram offset f000
> > Aborted (core dumped)
> >  
> > patch 4 fixes this.
> > 
> > 
> > please review. Thanks!
> > 
> > 
> > Hu Tao (4):
> >   get rid of signed range
> >   check if we have space left for hotplugged memory
> >   exec: don't exit unconditionally if failed to allocate memory
> >   memory-backend-file: error out if failed to allocate memory
> > 
> >  backends/hostmem-file.c|   3 +
> >  backends/hostmem-ram.c |   3 +
> >  exec.c |   6 +-
> >  hw/mem/pc-dimm.c   |   7 +-
> >  include/qemu/range.h   | 144 
> > +

Re: [Qemu-devel] [PATCH RFC 4/4] memory-backend-file: error out if failed to allocate memory

[Hu Tao]

On Sat, Jun 14, 2014 at 07:09:37PM +0200, Paolo Bonzini wrote:
> Il 14/06/2014 06:48, Hu Tao ha scritto:
> >If user adds a memory-backend-file object using object_add command,
> >specifying a non-existing directory for property mem-path, qemu
> >will core dump with message:
> >
> >  /nonexistingdir: No such file or directory
> >  Bad ram offset f000
> >  Aborted (core dumped)
> >
> >This patch fixes this problem.
> >
> >Signed-off-by: Hu Tao 
> >---
> > backends/hostmem-file.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> >diff --git a/backends/hostmem-file.c b/backends/hostmem-file.c
> >index 5179994..70172d1 100644
> >--- a/backends/hostmem-file.c
> >+++ b/backends/hostmem-file.c
> >@@ -55,6 +55,9 @@ file_backend_memory_alloc(HostMemoryBackend *backend, 
> >Error **errp)
> >  object_get_canonical_path(OBJECT(backend)),
> >  backend->size, fb->share,
> >  fb->mem_path, errp);
> >+if (backend->mr.ram_addr == -1) {
> >+error_setg(errp, "failed to allocate memory");
> >+}
> 
> qemu_ram_alloc_from_file is where this error_setg should be added instead.

Thanks, patch updated.

> 
> Paolo
> 
> > }
> > #endif
> > }
> >

Re: [Qemu-devel] qemu-img convert from raw to vmdk does not work in vmware esxi

[Fam Zheng]

On Fri, 06/13 15:00, Milos Vyletel wrote:
> Hi,
> 
> I've tried to convert my VM image from raw format to vmdk to create
> OVF/OVA archive so that we can deploy our OS on other hypervisors. the
> problem was that no matter how I've converted to vmdk vmware ESXi
> (tried 4.1 and 5.5) complained that it was: "Not a supported disk
> format (sparse VMDK too old)".
> 
> I've found similar report on this list from 2011 but it was never solved.
> http://lists.gnu.org/archive/html/qemu-devel/2011-10/msg02463.html
> 
> Anyway, I've managed to find the problem. Even though vmdk specs
> (latest I've found were at
> https://www.vmware.com/support/developer/vddk/vmdk_50_technote.pdf?src=vmdk)
> say that version of the vmdk is either 1 or 2 vmware actually uses
> version 3 for streamOptimized vmdk format. When I've patched qemu-img
> to set version to 3 for streamOptimzed (or more specifically
> compressed) vmdk format import worked just fine.
> 
> These are the options I've use to convert
> qemu-img version 2.0.50, Copyright (c) 2004-2008 Fabrice Bellard
> qemu-img convert -p -f raw /storage/gs.img -O vmdk -o
> adapter_type=lsilogic,subformat=streamOptimized,compat6
> /storage/exp/gs/gs.vmdk
> 
> Below is quick and dirty patch I've come up with that does the trick.
> I did not spend too much time looking into code to be 100% sure it's
> correct so any comments are welcome.
> 
> Milos
> 
> ---
> diff --git a/block/vmdk.c b/block/vmdk.c
> index b8a4762..71d53b8 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -645,7 +645,9 @@ static int vmdk_open_vmdk4(BlockDriverState *bs,
>  error_set(errp, QERR_UNKNOWN_BLOCK_FORMAT_FEATURE,
>bs->device_name, "vmdk", buf);
>  return -ENOTSUP;
> -} else if (le32_to_cpu(header.version) == 3 && (flags & BDRV_O_RDWR)) {
> +} else if (le32_to_cpu(header.version) == 3 &&
> +   (flags & BDRV_O_RDWR) &&
> +   (flags & VMDK4_FLAG_COMPRESS)) {

I think this should be:

} else if (le32_to_cpu(header.version) == 3
   && (flags & bdrv_o_rdwr)
   && !(le64_to_cpu(header.flags) & vmdk4_flag_compress)) {

We should look in header, because flags is not containing the bit we want.

Fam

>  /* VMware KB 2064959 explains that version 3 added support for
>   * persistent changed block tracking (CBT), and backup software can
>   * read it as version=1 if it doesn't care about the changed area
> @@ -1562,7 +1564,7 @@ static int vmdk_create_extent(const char
> *filename, int64_t filesize,
>  }
>  magic = cpu_to_be32(VMDK4_MAGIC);
>  memset(&header, 0, sizeof(header));
> -header.version = zeroed_grain ? 2 : 1;
> +header.version = zeroed_grain ? 2 : (compress ? 3 : 1);
>  header.flags = VMDK4_FLAG_RGD | VMDK4_FLAG_NL_DETECT
> | (compress ? VMDK4_FLAG_COMPRESS | VMDK4_FLAG_MARKER : 0)
> | (zeroed_grain ? VMDK4_FLAG_ZERO_GRAIN : 0);
> 

Re: [Qemu-devel] [PATCH v2 07/17] target-arm: Add HCR_EL2

[Edgar E. Iglesias]

On Wed, Jun 11, 2014 at 10:48:25AM -0500, Greg Bellows wrote:
> On 9 June 2014 10:04, Edgar E. Iglesias  wrote:
> 
> > From: "Edgar E. Iglesias" 
> >
> > Signed-off-by: Edgar E. Iglesias 
> > ---
> >  target-arm/cpu.h| 35 +++
> >  target-arm/helper.c | 27 +++
> >  2 files changed, 62 insertions(+)
> >
> > diff --git a/target-arm/cpu.h b/target-arm/cpu.h
> > index 5114d26..cd8c9a7 100644
> > --- a/target-arm/cpu.h
> > +++ b/target-arm/cpu.h
> > @@ -184,6 +184,7 @@ typedef struct CPUARMState {
> >  MPU write buffer control.  */
> >  uint32_t pmsav5_data_ap; /* PMSAv5 MPU data access permissions */
> >  uint32_t pmsav5_insn_ap; /* PMSAv5 MPU insn access permissions */
> > +uint64_t hcr_el2; /* Hypervisor configuration register */
> >  uint32_t ifsr_el2; /* Fault status registers.  */
> >  uint64_t esr_el[4];
> >  uint32_t c6_region[8]; /* MPU base/size registers.  */
> > @@ -526,6 +527,40 @@ static inline void xpsr_write(CPUARMState *env,
> > uint32_t val, uint32_t mask)
> >  }
> >  }
> >
> > +#define HCR_VM(1ULL << 0)
> > +#define HCR_SWIO  (1ULL << 1)
> > +#define HCR_PTW   (1ULL << 2)
> > +#define HCR_FMO   (1ULL << 3)
> > +#define HCR_IMO   (1ULL << 4)
> > +#define HCR_AMO   (1ULL << 5)
> > +#define HCR_VF(1ULL << 6)
> > +#define HCR_VI(1ULL << 7)
> > +#define HCR_VSE   (1ULL << 8)
> > +#define HCR_FB(1ULL << 9)
> >
> 
> You went to the trouble to enumerate all the bits but skipped BSU.  For
> consistency should we just add it and the mask?


Will add it in v3.

> 
> 
> > +#define HCR_DC(1ULL << 12)
> > +#define HCR_TWI   (1ULL << 13)
> > +#define HCR_TWE   (1ULL << 14)
> > +#define HCR_TID0  (1ULL << 15)
> > +#define HCR_TID1  (1ULL << 16)
> > +#define HCR_TID2  (1ULL << 17)
> > +#define HCR_TID3  (1ULL << 18)
> > +#define HCR_TSC   (1ULL << 19)
> > +#define HCR_TIDCP (1ULL << 20)
> > +#define HCR_TACR  (1ULL << 21)
> > +#define HCR_TSW   (1ULL << 22)
> > +#define HCR_TPC   (1ULL << 23)
> > +#define HCR_TPU   (1ULL << 24)
> > +#define HCR_TTLB  (1ULL << 25)
> > +#define HCR_TVM   (1ULL << 26)
> > +#define HCR_TGE   (1ULL << 27)
> > +#define HCR_TDZ   (1ULL << 28)
> > +#define HCR_HCD   (1ULL << 29)
> > +#define HCR_TRVM  (1ULL << 30)
> > +#define HCR_RW(1ULL << 31)
> > +#define HCR_CD(1ULL << 32)
> > +#define HCR_ID(1ULL << 33)
> > +#define HCR_MASK  ((1ULL << 34) - 1)
> > +
> >  /* Return the current FPSCR value.  */
> >  uint32_t vfp_get_fpscr(CPUARMState *env);
> >  void vfp_set_fpscr(CPUARMState *env, uint32_t val);
> > diff --git a/target-arm/helper.c b/target-arm/helper.c
> > index 90874c4..d28951a 100644
> > --- a/target-arm/helper.c
> > +++ b/target-arm/helper.c
> > @@ -2107,10 +2107,37 @@ static const ARMCPRegInfo
> > v8_el3_no_el2_cp_reginfo[] = {
> >.opc0 = 3, .opc1 = 4, .crn = 12, .crm = 0, .opc2 = 0,
> >.access = PL2_RW,
> >.readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore },
> > +{ .name = "HCR_EL2", .state = ARM_CP_STATE_AA64,
> > +  .type = ARM_CP_NO_MIGRATE,
> > +  .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
> > +  .readfn = arm_cp_read_zero, .writefn = arm_cp_write_ignore },
> >  REGINFO_SENTINEL
> >  };
> >
> > +static void hcr_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t
> > value)
> > +{
> > +ARMCPU *cpu = arm_env_get_cpu(env);
> > +uint64_t valid_mask = HCR_MASK;
> > +
> > +if (!arm_feature(env, ARM_FEATURE_EL3)) {
> > +valid_mask &= ~HCR_HCD;
> > +}
> > +
> > +/* Clear RES0 bits.  */
> > +value &= valid_mask;
> > +
> > +if ((raw_read(env, ri) ^ value) & HCR_VM) {
> > +/* Flush the TLB when turning VM on/off.  */
> > +tlb_flush(CPU(cpu), 1);
> >
> 
> There are a few other bits that can be cached in the TLB (RW, DC), perhaps
> we should check and flush for change to them as well.

Will do in v3

Thanks,
Edgar

> 
> 
> > +}
> > +raw_write(env, ri, value);
> > +}
> > +
> >  static const ARMCPRegInfo v8_el2_cp_reginfo[] = {
> > +{ .name = "HCR_EL2", .state = ARM_CP_STATE_AA64,
> > +  .opc0 = 3, .opc1 = 4, .crn = 1, .crm = 1, .opc2 = 0,
> > +  .access = PL2_RW, .fieldoffset = offsetof(CPUARMState,
> > cp15.hcr_el2),
> > +  .writefn = hcr_write },
> >  { .name = "ELR_EL2", .state = ARM_CP_STATE_AA64,
> >.type = ARM_CP_NO_MIGRATE,
> >.opc0 = 3, .opc1 = 4, .crn = 4, .crm = 0, .opc2 = 1,
> > --
> > 1.8.3.2
> >
> >

Re: [Qemu-devel] [RFC v1 2/2] zynq: Update Zynq to init the CPU in the a9mpcore device

[Alistair Francis]

On Mon, Jun 16, 2014 at 2:42 PM, Peter Crosthwaite
 wrote:
> On Tue, Jun 10, 2014 at 11:33 AM, Alistair Francis
>  wrote:
>> This patch removes the initialisation of the ARM Cortex-A9
>> in Zynq and instead allows the a9mpcore device to init the
>> CPU. This also updates components that rely on the CPU
>> and GIC, as they are now initialised in a slightly different
>> way
>>
>> Signed-off-by: Alistair Francis 
>> ---
>> All other Cortex-A9 machines can be updated a similar way
>>
>> This patch breaks the AArch64 make check tests. I get a:
>> 'Warning: "-global dynamic-prop-type-bad.prop3=103" not used'
>> followed by a broken pipe and failure.
>> Any hints on what would be causing this?
>>
>>  hw/arm/xilinx_zynq.c |   63 
>> +++--
>>  1 files changed, 30 insertions(+), 33 deletions(-)
>>
>> diff --git a/hw/arm/xilinx_zynq.c b/hw/arm/xilinx_zynq.c
>> index ba5aa82..5a4ce5c 100644
>> --- a/hw/arm/xilinx_zynq.c
>> +++ b/hw/arm/xilinx_zynq.c
>> @@ -26,6 +26,7 @@
>>  #include "hw/loader.h"
>>  #include "hw/ssi.h"
>>  #include "qemu/error-report.h"
>> +#include "hw/cpu/a9mpcore.h"
>>
>>  #define NUM_SPI_FLASHES 4
>>  #define NUM_QSPI_FLASHES 2
>> @@ -104,12 +105,10 @@ static inline void zynq_init_spi_flashes(uint32_t 
>> base_addr, qemu_irq irq,
>>  static void zynq_init(MachineState *machine)
>>  {
>>  ram_addr_t ram_size = machine->ram_size;
>> -const char *cpu_model = machine->cpu_model;
>>  const char *kernel_filename = machine->kernel_filename;
>>  const char *kernel_cmdline = machine->kernel_cmdline;
>>  const char *initrd_filename = machine->initrd_filename;
>> -ObjectClass *cpu_oc;
>> -ARMCPU *cpu;
>> +A9MPPrivState *mpcore;
>>  MemoryRegion *address_space_mem = get_system_memory();
>>  MemoryRegion *ext_ram = g_new(MemoryRegion, 1);
>>  MemoryRegion *ocm_ram = g_new(MemoryRegion, 1);
>> @@ -119,30 +118,6 @@ static void zynq_init(MachineState *machine)
>>  Error *err = NULL;
>>  int n;
>>
>> -if (!cpu_model) {
>> -cpu_model = "cortex-a9";
>> -}
>
> So this defeatures the cpu_model override. That's a good thing, but
> it's worthwhile to leave a check behind explaining to the user that
> the feature no longer exists:
>
> if (machine->cpu_model) {
> error_report("Zynq does not support CPU model override!\n";
> exit(1);
> }
>

Good idea, added!

>> -cpu_oc = cpu_class_by_name(TYPE_ARM_CPU, cpu_model);
>> -
>> -cpu = ARM_CPU(object_new(object_class_get_name(cpu_oc)));
>> -
>> -object_property_set_int(OBJECT(cpu), ZYNQ_BOARD_MIDR, "midr", &err);
>> -if (err) {
>> -error_report("%s", error_get_pretty(err));
>> -exit(1);
>> -}
>> -
>> -object_property_set_int(OBJECT(cpu), MPCORE_PERIPHBASE, "reset-cbar", 
>> &err);
>> -if (err) {
>> -error_report("%s", error_get_pretty(err));
>> -exit(1);
>> -}
>> -object_property_set_bool(OBJECT(cpu), true, "realized", &err);
>> -if (err) {
>> -error_report("%s", error_get_pretty(err));
>> -exit(1);
>> -}
>> -
>>  /* max 2GB ram */
>>  if (ram_size > 0x8000) {
>>  ram_size = 0x8000;
>> @@ -171,16 +146,38 @@ static void zynq_init(MachineState *machine)
>>  qdev_init_nofail(dev);
>>  sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xF800);
>>
>> -dev = qdev_create(NULL, "a9mpcore_priv");
>> -qdev_prop_set_uint32(dev, "num-cpu", 1);
>> -qdev_init_nofail(dev);
>> -busdev = SYS_BUS_DEVICE(dev);
>> +mpcore = A9MPCORE_PRIV(object_new("a9mpcore_priv"));
>> +object_property_set_int(OBJECT(mpcore), 1, "num-cpu",
>> +&err);
>> +if (err) {
>> +error_report("%s", error_get_pretty(err));
>> +exit(1);
>> +}
>> +object_property_set_int(OBJECT(mpcore), ZYNQ_BOARD_MIDR, "midr",
>> +&err);
>> +if (err) {
>> +error_report("%s", error_get_pretty(err));
>> +exit(1);
>> +}
>> +object_property_set_int(OBJECT(mpcore), MPCORE_PERIPHBASE,
>> +"reset-cbar", &err);
>> +if (err) {
>> +error_report("%s", error_get_pretty(err));
>> +exit(1);
>> +}
>> +object_property_set_bool(OBJECT(mpcore), true, "realized", &err);
>> +if (err != NULL) {
>> +error_report("Couldn't realize the Zynq A9MPCore: %s",
>> + error_get_pretty(err));
>> +exit(1);
>> +}
>
> Can we just use the qdev_prop setters to cut down on the error boilerplate?
>

Yep, fixed

>> +busdev = SYS_BUS_DEVICE(DEVICE(mpcore));
>>  sysbus_mmio_map(busdev, 0, MPCORE_PERIPHBASE);
>>  sysbus_connect_irq(busdev, 0,
>> -   qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
>> +   qdev_get_gpio_in(DEVICE(mpcore->cpu), ARM_CPU_IRQ));
>>
>
> Mpcore should now be responsible for connecting GIC to CPU. This
> should go away for board that use MPCore driv

[Qemu-devel] [PATCH V7 0/8] PSCI v0.2 support for KVM ARM/ARM64

[Pranavkumar Sawargaonkar]

This patchset adds the QEMU side changes for providing PSCI v0.2 to VM.

ChangeLog:

V7:
- Sync linux headers against kvm tree and "next" branch

V6:
- Add psci_version field in ARMCPU struct.
- Misc cleanups suggested on RFC V5 of this patch.
 ( http://www.spinics.net/lists/kvm-arm/msg09400.html)
- Dropping RFC prefix from patch.

V5:
- Updated "scripts/update-linux-headers.sh" to include linux/psci.h
- Synced linux headers using update-linux-headers.sh with linux-next tree
- Added per cpu field for kvm init features.
- Set psci-0.2 compatible string in generated dtb sucn that it works for 
  guest kernel not having psci 0.2 support.
- Added QEMU_KVM_CAP_ARM_PSCI_0_2 define in target-arm/kvm-consts.h

V4:
- Rebase this patch against v11 patchset for in-kernel PSCI v0.2 emulation
 (http://www.spinics.net/lists/kvm-arm/msg09182.html)
- Used PSCI 0.2 DT bindings for linux kernel.
  (http://www.spinics.net/lists/arm-kernel/msg326044.html).

V3:
 - Rebase this patchset against v8 patchset for in-kernel PSCI v0.2 emulation
   (http://www.spinics.net/lists/kvm-arm/msg08780.html)
 - Added common kvm_arm_vcpu_init() function for kvm arm and kvm arm64

V2:
 - Rebase this patchset against v6 patchset for in-kernel PSCI v0.2 emulation
   (http://www.spinics.net/lists/arm-kernel/msg319037.html)
 - Handle KVM_EXIT_SYSTEM_EVENT in kvm-all.c:kvm_cpu_exec()
 - Drop change in kvm_arm_get_host_cpu_features()
 - Improve comments and description of kvm_arch_reset_vcpu() implementation

V1:
 - Initial RFC patchset

Pranavkumar Sawargaonkar (8):
  update-linux-headers.sh: Add psci.h to linux header sync-up script
  linux-headers: Update KVM headers with kvm tree's next branch.
  kvm: Handle exit reason KVM_EXIT_SYSTEM_EVENT
  target-arm: Common kvm_arm_vcpu_init() for KVM ARM and KVM ARM64
  target-arm: Enable KVM_ARM_VCPU_PSCI_0_2 feature when possible
  target-arm: Implement kvm_arch_reset_vcpu() for KVM ARM64
  target-arm: Introduce per-CPU field for PSCI version
  Use PSCI v0.2 compatible string when KVM or TCG provides it

 hw/arm/virt.c| 16 ++-
 kvm-all.c| 16 +++
 linux-headers/asm-arm/kvm.h  | 10 ++--
 linux-headers/asm-arm64/kvm.h| 13 --
 linux-headers/asm-mips/kvm.h | 35 ++
 linux-headers/asm-powerpc/kvm.h  |  2 +-
 linux-headers/asm-powerpc/kvm_para.h |  6 +++
 linux-headers/linux/kvm.h| 10 
 linux-headers/linux/psci.h   | 90 
 scripts/update-linux-headers.sh  |  3 +-
 target-arm/cpu-qom.h |  9 
 target-arm/cpu.c |  1 +
 target-arm/kvm.c | 11 +
 target-arm/kvm32.c   | 16 +--
 target-arm/kvm64.c   | 26 ---
 target-arm/kvm_arm.h | 12 +
 16 files changed, 252 insertions(+), 24 deletions(-)
 create mode 100644 linux-headers/linux/psci.h

-- 
1.9.1

[Qemu-devel] [PATCH V7 3/8] kvm: Handle exit reason KVM_EXIT_SYSTEM_EVENT

[Pranavkumar Sawargaonkar]

In-kernel PSCI v0.2 emulation of KVM ARM/ARM64 forwards SYSTEM_OFF
and SYSTEM_RESET function calls to QEMU using KVM_EXIT_SYSTEM_EVENT
exit reason.

This patch updates kvm_cpu_exec() to handle KVM_SYSTEM_EVENT_SHUTDOWN
and KVM_SYSTEM_EVENT_RESET system-level events from QEMU-side.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Anup Patel 
Reviewed-by: Peter Maydell 
---
 kvm-all.c | 16 
 1 file changed, 16 insertions(+)

diff --git a/kvm-all.c b/kvm-all.c
index 4e19eff..ef9f0f2 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1751,6 +1751,22 @@ int kvm_cpu_exec(CPUState *cpu)
 case KVM_EXIT_INTERNAL_ERROR:
 ret = kvm_handle_internal_error(cpu, run);
 break;
+case KVM_EXIT_SYSTEM_EVENT:
+switch (run->system_event.type) {
+case KVM_SYSTEM_EVENT_SHUTDOWN:
+qemu_system_shutdown_request();
+ret = EXCP_INTERRUPT;
+break;
+case KVM_SYSTEM_EVENT_RESET:
+qemu_system_reset_request();
+ret = EXCP_INTERRUPT;
+break;
+default:
+DPRINTF("kvm_arch_handle_exit\n");
+ret = kvm_arch_handle_exit(cpu, run);
+break;
+}
+break;
 default:
 DPRINTF("kvm_arch_handle_exit\n");
 ret = kvm_arch_handle_exit(cpu, run);
-- 
1.9.1

[Qemu-devel] [PATCH V7 1/8] update-linux-headers.sh: Add psci.h to linux header sync-up script

[Pranavkumar Sawargaonkar]

We will be using linux/psci.h for KVM ARM/ARM64 hence add it to
linux header sync-up script.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Anup Patel 
Reviewed-by: Peter Maydell 
---
 scripts/update-linux-headers.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 120a694..10d7559 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update-linux-headers.sh
@@ -61,7 +61,8 @@ done
 
 rm -rf "$output/linux-headers/linux"
 mkdir -p "$output/linux-headers/linux"
-for header in kvm.h kvm_para.h vfio.h vhost.h virtio_config.h virtio_ring.h; do
+for header in kvm.h kvm_para.h psci.h vfio.h vhost.h virtio_config.h \
+virtio_ring.h; do
 cp "$tmpdir/include/linux/$header" "$output/linux-headers/linux"
 done
 rm -rf "$output/linux-headers/asm-generic"
-- 
1.9.1

[Qemu-devel] [PATCH V7 2/8] linux-headers: Update KVM headers with kvm tree's next branch.

[Pranavkumar Sawargaonkar]

Syncup KVM related linux headers from kvm tree and next branch
using scripts/update-linux-headers.sh.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Anup Patel 
---
 linux-headers/asm-arm/kvm.h  | 10 ++--
 linux-headers/asm-arm64/kvm.h| 13 --
 linux-headers/asm-mips/kvm.h | 35 ++
 linux-headers/asm-powerpc/kvm.h  |  2 +-
 linux-headers/asm-powerpc/kvm_para.h |  6 +++
 linux-headers/linux/kvm.h| 10 
 linux-headers/linux/psci.h   | 90 
 7 files changed, 156 insertions(+), 10 deletions(-)
 create mode 100644 linux-headers/linux/psci.h

diff --git a/linux-headers/asm-arm/kvm.h b/linux-headers/asm-arm/kvm.h
index ef0c878..e6ebdd3 100644
--- a/linux-headers/asm-arm/kvm.h
+++ b/linux-headers/asm-arm/kvm.h
@@ -20,6 +20,7 @@
 #define __ARM_KVM_H__
 
 #include 
+#include 
 #include 
 
 #define __KVM_HAVE_GUEST_DEBUG
@@ -83,6 +84,7 @@ struct kvm_regs {
 #define KVM_VGIC_V2_CPU_SIZE   0x2000
 
 #define KVM_ARM_VCPU_POWER_OFF 0 /* CPU is started in OFF state */
+#define KVM_ARM_VCPU_PSCI_0_2  1 /* CPU uses PSCI v0.2 */
 
 struct kvm_vcpu_init {
__u32 target;
@@ -201,9 +203,9 @@ struct kvm_arch_memory_slot {
 #define KVM_PSCI_FN_CPU_ON KVM_PSCI_FN(2)
 #define KVM_PSCI_FN_MIGRATEKVM_PSCI_FN(3)
 
-#define KVM_PSCI_RET_SUCCESS   0
-#define KVM_PSCI_RET_NI((unsigned long)-1)
-#define KVM_PSCI_RET_INVAL ((unsigned long)-2)
-#define KVM_PSCI_RET_DENIED((unsigned long)-3)
+#define KVM_PSCI_RET_SUCCESS   PSCI_RET_SUCCESS
+#define KVM_PSCI_RET_NIPSCI_RET_NOT_SUPPORTED
+#define KVM_PSCI_RET_INVAL PSCI_RET_INVALID_PARAMS
+#define KVM_PSCI_RET_DENIEDPSCI_RET_DENIED
 
 #endif /* __ARM_KVM_H__ */
diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h
index eaf54a3..e633ff8 100644
--- a/linux-headers/asm-arm64/kvm.h
+++ b/linux-headers/asm-arm64/kvm.h
@@ -31,6 +31,7 @@
 #define KVM_NR_SPSR5
 
 #ifndef __ASSEMBLY__
+#include 
 #include 
 #include 
 
@@ -56,8 +57,9 @@ struct kvm_regs {
 #define KVM_ARM_TARGET_FOUNDATION_V8   1
 #define KVM_ARM_TARGET_CORTEX_A57  2
 #define KVM_ARM_TARGET_XGENE_POTENZA   3
+#define KVM_ARM_TARGET_CORTEX_A53  4
 
-#define KVM_ARM_NUM_TARGETS4
+#define KVM_ARM_NUM_TARGETS5
 
 /* KVM_ARM_SET_DEVICE_ADDR ioctl id encoding */
 #define KVM_ARM_DEVICE_TYPE_SHIFT  0
@@ -77,6 +79,7 @@ struct kvm_regs {
 
 #define KVM_ARM_VCPU_POWER_OFF 0 /* CPU is started in OFF state */
 #define KVM_ARM_VCPU_EL1_32BIT 1 /* CPU running a 32bit VM */
+#define KVM_ARM_VCPU_PSCI_0_2  2 /* CPU uses PSCI v0.2 */
 
 struct kvm_vcpu_init {
__u32 target;
@@ -186,10 +189,10 @@ struct kvm_arch_memory_slot {
 #define KVM_PSCI_FN_CPU_ON KVM_PSCI_FN(2)
 #define KVM_PSCI_FN_MIGRATEKVM_PSCI_FN(3)
 
-#define KVM_PSCI_RET_SUCCESS   0
-#define KVM_PSCI_RET_NI((unsigned long)-1)
-#define KVM_PSCI_RET_INVAL ((unsigned long)-2)
-#define KVM_PSCI_RET_DENIED((unsigned long)-3)
+#define KVM_PSCI_RET_SUCCESS   PSCI_RET_SUCCESS
+#define KVM_PSCI_RET_NIPSCI_RET_NOT_SUPPORTED
+#define KVM_PSCI_RET_INVAL PSCI_RET_INVALID_PARAMS
+#define KVM_PSCI_RET_DENIEDPSCI_RET_DENIED
 
 #endif
 
diff --git a/linux-headers/asm-mips/kvm.h b/linux-headers/asm-mips/kvm.h
index f09ff5a..2c04b6d 100644
--- a/linux-headers/asm-mips/kvm.h
+++ b/linux-headers/asm-mips/kvm.h
@@ -106,6 +106,41 @@ struct kvm_fpu {
 #define KVM_REG_MIPS_LO (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 33)
 #define KVM_REG_MIPS_PC (KVM_REG_MIPS | KVM_REG_SIZE_U64 | 34)
 
+/* KVM specific control registers */
+
+/*
+ * CP0_Count control
+ * DC:Set 0: Master disable CP0_Count and set COUNT_RESUME to now
+ *Set 1: Master re-enable CP0_Count with unchanged bias, handling timer
+ *   interrupts since COUNT_RESUME
+ *This can be used to freeze the timer to get a consistent snapshot of
+ *the CP0_Count and timer interrupt pending state, while also resuming
+ *safely without losing time or guest timer interrupts.
+ * Other: Reserved, do not change.
+ */
+#define KVM_REG_MIPS_COUNT_CTL (KVM_REG_MIPS | KVM_REG_SIZE_U64 | \
+0x2 | 0)
+#define KVM_REG_MIPS_COUNT_CTL_DC  0x0001
+
+/*
+ * CP0_Count resume monotonic nanoseconds
+ * The monotonic nanosecond time of the last set of COUNT_CTL.DC (master
+ * disable). Any reads and writes of Count related registers while
+ * COUNT_CTL.DC=1 will appear to occur at this time. When COUNT_CTL.DC is
+ * cleared again (master enable) any timer interrupts since this time will be
+ * emulated.
+ * Modifications to times in the future are rejected.
+ */
+#define KVM_REG_MIPS_COUNT_RE

[Qemu-devel] [PATCH V7 7/8] target-arm: Introduce per-CPU field for PSCI version

[Pranavkumar Sawargaonkar]

We require to know the PSCI version available to given CPU at
potentially many places. Currently, we need to know PSCI version
when generating DTB for virt machine.

This patch introduce per-CPU 32bit field representing the PSCI
version available to the CPU. The encoding of this 32bit field
is same as described in PSCI v0.2 spec.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Anup Patel 
Reviewed-by: Peter Maydell 
---
 target-arm/cpu-qom.h | 6 ++
 target-arm/cpu.c | 1 +
 target-arm/kvm32.c   | 1 +
 target-arm/kvm64.c   | 1 +
 4 files changed, 9 insertions(+)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index 2bd7df8..eaee944 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -94,6 +94,12 @@ typedef struct ARMCPU {
 /* 'compatible' string for this CPU for Linux device trees */
 const char *dtb_compatible;
 
+/* PSCI version for this CPU
+ * Bits[31:16] = Major Version
+ * Bits[15:0] = Minor Version
+ */
+uint32_t psci_version;
+
 /* Should CPU start in PSCI powered-off state? */
 bool start_powered_off;
 
diff --git a/target-arm/cpu.c b/target-arm/cpu.c
index b877835..05e52e0 100644
--- a/target-arm/cpu.c
+++ b/target-arm/cpu.c
@@ -260,6 +260,7 @@ static void arm_cpu_initfn(Object *obj)
  * picky DTB consumer will also provide a helpful error message.
  */
 cpu->dtb_compatible = "qemu,unknown";
+cpu->psci_version = 1; /* By default assume PSCI v0.1 */
 cpu->kvm_target = QEMU_KVM_ARM_TARGET_NONE;
 
 if (tcg_enabled() && !inited) {
diff --git a/target-arm/kvm32.c b/target-arm/kvm32.c
index 52d626c..068af7d 100644
--- a/target-arm/kvm32.c
+++ b/target-arm/kvm32.c
@@ -184,6 +184,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
 }
 if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
+cpu->psci_version = 2;
 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_PSCI_0_2;
 }
 
diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c
index fca5f58..5d217ca 100644
--- a/target-arm/kvm64.c
+++ b/target-arm/kvm64.c
@@ -92,6 +92,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
 }
 if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
+cpu->psci_version = 2;
 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_PSCI_0_2;
 }
 
-- 
1.9.1

[Qemu-devel] [PATCH V7 4/8] target-arm: Common kvm_arm_vcpu_init() for KVM ARM and KVM ARM64

[Pranavkumar Sawargaonkar]

Introduce a common kvm_arm_vcpu_init() for doing KVM_ARM_VCPU_INIT
ioctl in KVM ARM and KVM ARM64. This also helps us factor-out few
common code lines from kvm_arch_init_vcpu() for KVM ARM/ARM64.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Anup Patel 
Reviewed-by: Peter Maydell 
---
 target-arm/cpu-qom.h |  3 +++
 target-arm/kvm.c | 11 +++
 target-arm/kvm32.c   | 12 +++-
 target-arm/kvm64.c   | 18 +++---
 target-arm/kvm_arm.h | 12 
 5 files changed, 44 insertions(+), 12 deletions(-)

diff --git a/target-arm/cpu-qom.h b/target-arm/cpu-qom.h
index edc7f26..2bd7df8 100644
--- a/target-arm/cpu-qom.h
+++ b/target-arm/cpu-qom.h
@@ -102,6 +102,9 @@ typedef struct ARMCPU {
  */
 uint32_t kvm_target;
 
+/* KVM init features for this CPU */
+uint32_t kvm_init_features[7];
+
 /* The instance init functions for implementation-specific subclasses
  * set these fields to specify the implementation-dependent values of
  * various constant registers and reset values of non-constant
diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index 39202d7..319784d 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -27,6 +27,17 @@ const KVMCapabilityInfo kvm_arch_required_capabilities[] = {
 KVM_CAP_LAST_INFO
 };
 
+int kvm_arm_vcpu_init(CPUState *cs)
+{
+ARMCPU *cpu = ARM_CPU(cs);
+struct kvm_vcpu_init init;
+
+init.target = cpu->kvm_target;
+memcpy(init.features, cpu->kvm_init_features, sizeof(init.features));
+
+return kvm_vcpu_ioctl(cs, KVM_ARM_VCPU_INIT, &init);
+}
+
 bool kvm_arm_create_scratch_host_vcpu(const uint32_t *cpus_to_try,
   int *fdarray,
   struct kvm_vcpu_init *init)
diff --git a/target-arm/kvm32.c b/target-arm/kvm32.c
index b79750c..b142e90 100644
--- a/target-arm/kvm32.c
+++ b/target-arm/kvm32.c
@@ -166,7 +166,6 @@ static int compare_u64(const void *a, const void *b)
 
 int kvm_arch_init_vcpu(CPUState *cs)
 {
-struct kvm_vcpu_init init;
 int i, ret, arraylen;
 uint64_t v;
 struct kvm_one_reg r;
@@ -179,15 +178,18 @@ int kvm_arch_init_vcpu(CPUState *cs)
 return -EINVAL;
 }
 
-init.target = cpu->kvm_target;
-memset(init.features, 0, sizeof(init.features));
+/* Determine init features for this CPU */
+memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features));
 if (cpu->start_powered_off) {
-init.features[0] = 1 << KVM_ARM_VCPU_POWER_OFF;
+cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
 }
-ret = kvm_vcpu_ioctl(cs, KVM_ARM_VCPU_INIT, &init);
+
+/* Do KVM_ARM_VCPU_INIT ioctl */
+ret = kvm_arm_vcpu_init(cs);
 if (ret) {
 return ret;
 }
+
 /* Query the kernel to make sure it supports 32 VFP
  * registers: QEMU's "cortex-a15" CPU is always a
  * VFP-D32 core. The simplest way to do this is just
diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c
index 70f311b..9936aa8 100644
--- a/target-arm/kvm64.c
+++ b/target-arm/kvm64.c
@@ -77,9 +77,8 @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUClass *ahcc)
 
 int kvm_arch_init_vcpu(CPUState *cs)
 {
-ARMCPU *cpu = ARM_CPU(cs);
-struct kvm_vcpu_init init;
 int ret;
+ARMCPU *cpu = ARM_CPU(cs);
 
 if (cpu->kvm_target == QEMU_KVM_ARM_TARGET_NONE ||
 !arm_feature(&cpu->env, ARM_FEATURE_AARCH64)) {
@@ -87,16 +86,21 @@ int kvm_arch_init_vcpu(CPUState *cs)
 return -EINVAL;
 }
 
-init.target = cpu->kvm_target;
-memset(init.features, 0, sizeof(init.features));
+/* Determine init features for this CPU */
+memset(cpu->kvm_init_features, 0, sizeof(cpu->kvm_init_features));
 if (cpu->start_powered_off) {
-init.features[0] = 1 << KVM_ARM_VCPU_POWER_OFF;
+cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
+}
+
+/* Do KVM_ARM_VCPU_INIT ioctl */
+ret = kvm_arm_vcpu_init(cs);
+if (ret) {
+return ret;
 }
-ret = kvm_vcpu_ioctl(cs, KVM_ARM_VCPU_INIT, &init);
 
 /* TODO : support for save/restore/reset of system regs via tuple list */
 
-return ret;
+return 0;
 }
 
 #define AARCH64_CORE_REG(x)   (KVM_REG_ARM64 | KVM_REG_SIZE_U64 | \
diff --git a/target-arm/kvm_arm.h b/target-arm/kvm_arm.h
index dc4e233..af93105 100644
--- a/target-arm/kvm_arm.h
+++ b/target-arm/kvm_arm.h
@@ -15,6 +15,18 @@
 #include "exec/memory.h"
 
 /**
+ * kvm_arm_vcpu_init:
+ * @cs: CPUState
+ *
+ * Initialize (or reinitialize) the VCPU by invoking the
+ * KVM_ARM_VCPU_INIT ioctl with the CPU type and feature
+ * bitmask specified in the CPUState.
+ *
+ * Returns: 0 if success else < 0 error code
+ */
+int kvm_arm_vcpu_init(CPUState *cs);
+
+/**
  * kvm_arm_register_device:
  * @mr: memory region for this device
  * @devid: the KVM device ID
-- 
1.9.1

[Qemu-devel] [PATCH V7 8/8] Use PSCI v0.2 compatible string when KVM or TCG provides it

[Pranavkumar Sawargaonkar]

If we have PSCI v0.2 emulation available for KVM ARM/ARM64 or TCG then
we need to provide PSCI v0.2 compatible string via generated DTB.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Anup Patel 
Reviewed-by: Rob Herring 
---
 hw/arm/virt.c | 16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 3b55a4b..72fe030 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -180,10 +180,23 @@ static void create_fdt(VirtBoardInfo *vbi)
 "clk24mhz");
 qemu_fdt_setprop_cell(fdt, "/apb-pclk", "phandle", vbi->clock_phandle);
 
+}
+
+static void fdt_add_psci_node(const VirtBoardInfo *vbi)
+{
+void *fdt = vbi->fdt;
+ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(0));
+
 /* No PSCI for TCG yet */
 if (kvm_enabled()) {
 qemu_fdt_add_subnode(fdt, "/psci");
-qemu_fdt_setprop_string(fdt, "/psci", "compatible", "arm,psci");
+if (armcpu->psci_version == 2) {
+const char comp[] = "arm,psci-0.2\0arm,psci";
+qemu_fdt_setprop(fdt, "/psci", "compatible", comp, sizeof(comp));
+} else {
+qemu_fdt_setprop_string(fdt, "/psci", "compatible", "arm,psci");
+}
+
 qemu_fdt_setprop_string(fdt, "/psci", "method", "hvc");
 qemu_fdt_setprop_cell(fdt, "/psci", "cpu_suspend",
   PSCI_FN_CPU_SUSPEND);
@@ -446,6 +459,7 @@ static void machvirt_init(MachineState *machine)
 object_property_set_bool(cpuobj, true, "realized", NULL);
 }
 fdt_add_cpu_nodes(vbi);
+fdt_add_psci_node(vbi);
 
 memory_region_init_ram(ram, NULL, "mach-virt.ram", machine->ram_size);
 vmstate_register_ram_global(ram);
-- 
1.9.1

[Qemu-devel] [PATCH V7 5/8] target-arm: Enable KVM_ARM_VCPU_PSCI_0_2 feature when possible

[Pranavkumar Sawargaonkar]

Latest linux kernel supports in-kernel emulation of PSCI v0.2 but
to enable it we need to select KVM_ARM_VCPU_PSCI_0_2 feature using
KVM_ARM_VCPU_INIT ioctl.

Also, we can use KVM_ARM_VCPU_PSCI_0_2 feature for VCPU only when
linux kernel has KVM_CAP_ARM_PSCI_0_2 capability.

This patch updates kvm_arch_init_vcpu() to enable KVM_ARM_VCPU_PSCI_0_2
feature for VCPU when KVM ARM/ARM64 has KVM_CAP_ARM_PSCI_0_2 capability.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Anup Patel 
Reviewed-by: Peter Maydell 
---
 target-arm/kvm32.c | 3 +++
 target-arm/kvm64.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/target-arm/kvm32.c b/target-arm/kvm32.c
index b142e90..52d626c 100644
--- a/target-arm/kvm32.c
+++ b/target-arm/kvm32.c
@@ -183,6 +183,9 @@ int kvm_arch_init_vcpu(CPUState *cs)
 if (cpu->start_powered_off) {
 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
 }
+if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
+cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_PSCI_0_2;
+}
 
 /* Do KVM_ARM_VCPU_INIT ioctl */
 ret = kvm_arm_vcpu_init(cs);
diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c
index 9936aa8..828ffb6 100644
--- a/target-arm/kvm64.c
+++ b/target-arm/kvm64.c
@@ -91,6 +91,9 @@ int kvm_arch_init_vcpu(CPUState *cs)
 if (cpu->start_powered_off) {
 cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_POWER_OFF;
 }
+if (kvm_check_extension(cs->kvm_state, KVM_CAP_ARM_PSCI_0_2)) {
+cpu->kvm_init_features[0] |= 1 << KVM_ARM_VCPU_PSCI_0_2;
+}
 
 /* Do KVM_ARM_VCPU_INIT ioctl */
 ret = kvm_arm_vcpu_init(cs);
-- 
1.9.1

[Qemu-devel] [PATCH V7 6/8] target-arm: Implement kvm_arch_reset_vcpu() for KVM ARM64

[Pranavkumar Sawargaonkar]

To implement kvm_arch_reset_vcpu(), we simply re-init the VCPU
using kvm_arm_vcpu_init() so that all registers of VCPU are set
to their reset values by in-kernel KVM code.

Signed-off-by: Pranavkumar Sawargaonkar 
Signed-off-by: Anup Patel 
Reviewed-by: Peter Maydell 
---
 target-arm/kvm64.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/target-arm/kvm64.c b/target-arm/kvm64.c
index 828ffb6..fca5f58 100644
--- a/target-arm/kvm64.c
+++ b/target-arm/kvm64.c
@@ -269,4 +269,8 @@ int kvm_arch_get_registers(CPUState *cs)
 
 void kvm_arm_reset_vcpu(ARMCPU *cpu)
 {
+/* Re-init VCPU so that all registers are set to
+ * their respective reset values.
+ */
+kvm_arm_vcpu_init(CPU(cpu));
 }
-- 
1.9.1