[Qemu-devel] Wince 6.5 Support on qemu-system-arm

[wasim nm]

Hi,
  I would like to know if wince 6.5 is supported on qemu-arm? for any
of the omap3machine.
  If NO->  what effort would it take to boot wince 6.5 on qemu-omap3
using beagle board as
   reference ,I hope i am clear ...

Thanks
wnm

[Qemu-devel] [PATCH 2/2] sheepdog: improve error handling for a case of failed lock

[Hitoshi Mitake]

Recently, sheepdog revived its VDI locking functionality. This patch
updates sheepdog driver of QEMU for this feature:

1. Improve error message when QEMU fails to acquire lock of
VDI. Current sheepdog driver prints an error message "VDI isn't
locked" when it fails to acquire lock. It is a little bit confusing
because the mesage says VDI isn't locked but it is actually locked by
other VM. This patch modifies this confusing message.

2. Change error code for a case of failed locking. -EBUSY is a
suitable one.

Reported-by: Valerio Pachera 
Cc: Kevin Wolf 
Cc: Stefan Hajnoczi 
Cc: Liu Yuan 
Cc: MORITA Kazutaka 
Signed-off-by: Hitoshi Mitake 
---
 block/sheepdog.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/block/sheepdog.c b/block/sheepdog.c
index 36f76f0..0b3f86d 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -1112,9 +1112,13 @@ static int find_vdi_name(BDRVSheepdogState *s, const 
char *filename,
 
 if (rsp->result != SD_RES_SUCCESS) {
 error_setg(errp, "cannot get vdi info, %s, %s %" PRIu32 " %s",
+   rsp->result == SD_RES_VDI_NOT_LOCKED ?
+   "VDI is already locked by other VM" :
sd_strerror(rsp->result), filename, snapid, tag);
 if (rsp->result == SD_RES_NO_VDI) {
 ret = -ENOENT;
+} else if (rsp->result == SD_RES_VDI_NOT_LOCKED) {
+ret = -EBUSY;
 } else {
 ret = -EIO;
 }
-- 
1.8.3.2

[Qemu-devel] [PATCH 0/2] sheepdog driver update related to VDI locking feature

[Hitoshi Mitake]

Recently, sheepdog revived VDI locking functionality. This patch
updates sheepdog driver of QEMU for this feature.

Hitoshi Mitake (2):
  sheepdog: adopting protocol update for VDI locking
  sheepdog: improve error handling for a case of failed lock

 block/sheepdog.c | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

-- 
1.8.3.2

[Qemu-devel] [PATCH 1/2] sheepdog: adopting protocol update for VDI locking

[Hitoshi Mitake]

The update is required for supporting iSCSI multipath. It doesn't
affect behavior of QEMU driver but adding a new field to vdi request
struct is required.

Cc: Kevin Wolf 
Cc: Stefan Hajnoczi 
Cc: Liu Yuan 
Cc: MORITA Kazutaka 
Signed-off-by: Hitoshi Mitake 
---
 block/sheepdog.c | 8 +++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/block/sheepdog.c b/block/sheepdog.c
index 8d9350c..36f76f0 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -103,6 +103,9 @@
 #define SD_INODE_SIZE (sizeof(SheepdogInode))
 #define CURRENT_VDI_ID 0
 
+#define LOCK_TYPE_NORMAL 1
+#define LOCK_TYPE_SHARED 2  /* for iSCSI multipath */
+
 typedef struct SheepdogReq {
 uint8_t proto_ver;
 uint8_t opcode;
@@ -166,7 +169,8 @@ typedef struct SheepdogVdiReq {
 uint8_t copy_policy;
 uint8_t reserved[2];
 uint32_t snapid;
-uint32_t pad[3];
+uint32_t type;
+uint32_t pad[2];
 } SheepdogVdiReq;
 
 typedef struct SheepdogVdiRsp {
@@ -1090,6 +1094,7 @@ static int find_vdi_name(BDRVSheepdogState *s, const char 
*filename,
 memset(&hdr, 0, sizeof(hdr));
 if (lock) {
 hdr.opcode = SD_OP_LOCK_VDI;
+hdr.type = LOCK_TYPE_NORMAL;
 } else {
 hdr.opcode = SD_OP_GET_VDI_INFO;
 }
@@ -1793,6 +1798,7 @@ static void sd_close(BlockDriverState *bs)
 memset(&hdr, 0, sizeof(hdr));
 
 hdr.opcode = SD_OP_RELEASE_VDI;
+hdr.type = LOCK_TYPE_NORMAL;
 hdr.base_vdi_id = s->inode.vdi_id;
 wlen = strlen(s->name) + 1;
 hdr.data_length = wlen;
-- 
1.8.3.2

Re: [Qemu-devel] [PATCH v5 1/6] exec: add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr

[Hu Tao]

On Wed, Aug 06, 2014 at 10:15:17PM +1000, Peter Crosthwaite wrote:
> On Wed, Aug 6, 2014 at 3:36 PM, Hu Tao  wrote:
> > Add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr so that
> > we can handler errors.
> 
> "handle"
> 
> >
> > Signed-off-by: Hu Tao 
> > ---
> >  exec.c  | 32 +++-
> >  include/exec/ram_addr.h |  4 ++--
> >  memory.c|  6 +++---
> >  3 files changed, 28 insertions(+), 14 deletions(-)
> >
> > diff --git a/exec.c b/exec.c
> > index 765bd94..7e60a44 100644
> > --- a/exec.c
> > +++ b/exec.c
> > @@ -1224,7 +1224,7 @@ static int memory_try_enable_merging(void *addr, 
> > size_t len)
> >  return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
> >  }
> >
> > -static ram_addr_t ram_block_add(RAMBlock *new_block)
> > +static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
> >  {
> >  RAMBlock *block;
> >  ram_addr_t old_ram_size, new_ram_size;
> > @@ -1241,9 +1241,11 @@ static ram_addr_t ram_block_add(RAMBlock *new_block)
> >  } else {
> >  new_block->host = phys_mem_alloc(new_block->length);
> >  if (!new_block->host) {
> > -fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
> > -new_block->mr->name, strerror(errno));
> > -exit(1);
> > +error_setg_errno(errp, errno,
> > + "cannot set up guest memory '%s'",
> > + new_block->mr->name);
> > +qemu_mutex_unlock_ramlist();
> > +return -1;
> >  }
> >  memory_try_enable_merging(new_block->host, new_block->length);
> >  }
> > @@ -1294,6 +1296,7 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, 
> > MemoryRegion *mr,
> >  Error **errp)
> >  {
> >  RAMBlock *new_block;
> > +ram_addr_t addr;
> >
> >  if (xen_enabled()) {
> >  error_setg(errp, "-mem-path not supported with Xen");
> > @@ -1323,14 +1326,20 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t 
> > size, MemoryRegion *mr,
> >  return -1;
> >  }
> >
> > -return ram_block_add(new_block);
> > +addr = ram_block_add(new_block, errp);
> > +if (errp && *errp) {
> > +g_free(new_block);
> 
> The free being conditional on errp will cause a leak if clients
> (validly) pass a NULL errp in. This free needs to be unconditional.
> The way to achieve that is the local_err error_propagate pattern.

Yes.

Regards,
Hu

[Qemu-devel] [PATCH v3 03/10] virtio-blk: fix reference a pointer which might be freed

[zhanghailiang]

In function virtio_blk_handle_request, it may freed memory pointed by req,
So do not access member of req after calling this function.

Reviewed-by: Stefan Hajnoczi 
Signed-off-by: zhanghailiang 
---
 hw/block/virtio-blk.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index c241c50..54a853a 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -458,7 +458,7 @@ static void virtio_blk_handle_output(VirtIODevice *vdev, 
VirtQueue *vq)
 static void virtio_blk_dma_restart_bh(void *opaque)
 {
 VirtIOBlock *s = opaque;
-VirtIOBlockReq *req = s->rq;
+VirtIOBlockReq *req = s->rq, *next = NULL;
 MultiReqBuffer mrb = {
 .num_writes = 0,
 };
@@ -469,8 +469,9 @@ static void virtio_blk_dma_restart_bh(void *opaque)
 s->rq = NULL;
 
 while (req) {
+next = req->next;
 virtio_blk_handle_request(req, &mrb);
-req = req->next;
+req = next;
 }
 
 virtio_submit_multiwrite(s->bs, &mrb);
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 10/10] block/vvfat: fix setbuf stream parameter may be NULL

[zhanghailiang]

From: Li Liu 

fopen() may return NULL which will cause setbuf() segmentfault

Signed-off-by: zhanghailiang 
Signed-off-by: Li Liu 
---
 block/vvfat.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/block/vvfat.c b/block/vvfat.c
index 70176b1..6889ea9 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -1084,7 +1084,10 @@ static int vvfat_open(BlockDriverState *bs, QDict 
*options, int flags,
 
 DLOG(if (stderr == NULL) {
 stderr = fopen("vvfat.log", "a");
-setbuf(stderr, NULL);
+
+if (stderr) {
+setbuf(stderr, NULL);
+}
 })
 
 opts = qemu_opts_create(&runtime_opts, NULL, 0, &error_abort);
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 02/10] monitor: fix access freed memory

[zhanghailiang]

The function monitor_fdset_dup_fd_find_remove() references member of 'mon_fdset'
which may be freed in function monitor_fdset_cleanup()

Signed-off-by: zhanghailiang 
---
 monitor.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/monitor.c b/monitor.c
index 5bc70a6..41e46a6 100644
--- a/monitor.c
+++ b/monitor.c
@@ -2532,8 +2532,10 @@ static int monitor_fdset_dup_fd_find_remove(int dup_fd, 
bool remove)
 {
 MonFdset *mon_fdset;
 MonFdsetFd *mon_fdset_fd_dup;
+int64_t id = -1;
 
 QLIST_FOREACH(mon_fdset, &mon_fdsets, next) {
+id = mon_fdset->id;
 QLIST_FOREACH(mon_fdset_fd_dup, &mon_fdset->dup_fds, next) {
 if (mon_fdset_fd_dup->fd == dup_fd) {
 if (remove) {
@@ -2542,7 +2544,7 @@ static int monitor_fdset_dup_fd_find_remove(int dup_fd, 
bool remove)
 monitor_fdset_cleanup(mon_fdset);
 }
 }
-return mon_fdset->id;
+return id;
 }
 }
 }
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 06/10] slirp: check return value of malloc()

[zhanghailiang]

Signed-off-by: zhanghailiang 
---
 slirp/misc.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/slirp/misc.c b/slirp/misc.c
index b8eb74c..0109c9f 100644
--- a/slirp/misc.c
+++ b/slirp/misc.c
@@ -55,6 +55,9 @@ int add_exec(struct ex_list **ex_ptr, int do_pty, char *exec,
 
tmp_ptr = *ex_ptr;
*ex_ptr = (struct ex_list *)malloc(sizeof(struct ex_list));
+if (!ex_ptr) {
+return -1;
+}
(*ex_ptr)->ex_fport = port;
(*ex_ptr)->ex_addr = addr;
(*ex_ptr)->ex_pty = do_pty;
@@ -236,8 +239,9 @@ strdup(str)
char *bptr;
 
bptr = (char *)malloc(strlen(str)+1);
-   strcpy(bptr, str);
-
+if (bptr) {
+strcpy(bptr, str);
+}
return bptr;
 }
 #endif
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 07/10] linux-user: check return value of malloc()

[zhanghailiang]

Signed-off-by: zhanghailiang 
---
 linux-user/syscall.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index a50229d..93d9076 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2870,6 +2870,9 @@ static inline abi_long do_msgsnd(int msqid, abi_long msgp,
 if (!lock_user_struct(VERIFY_READ, target_mb, msgp, 0))
 return -TARGET_EFAULT;
 host_mb = malloc(msgsz+sizeof(long));
+if (!host_mb) {
+return -TARGET_ENOMEM;
+}
 host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
 memcpy(host_mb->mtext, target_mb->mtext, msgsz);
 ret = get_errno(msgsnd(msqid, host_mb, msgsz, msgflg));
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 01/10] l2cap: fix access freed memory

[zhanghailiang]

Pointer 'ch' will be used in function 'l2cap_channel_open_req_msg' after
it was previously freed in 'l2cap_channel_open'.
Assigned it to NULL after it is freed.

Reviewed-by: Alex Bennée 
Signed-off-by: zhanghailiang 
---
 hw/bt/l2cap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/bt/l2cap.c b/hw/bt/l2cap.c
index 2301d6f..591e047 100644
--- a/hw/bt/l2cap.c
+++ b/hw/bt/l2cap.c
@@ -429,7 +429,7 @@ static struct l2cap_chan_s *l2cap_channel_open(struct 
l2cap_instance_s *l2cap,
 status = L2CAP_CS_NO_INFO;
 } else {
 g_free(ch);
-
+ch = NULL;
 result = L2CAP_CR_NO_MEM;
 status = L2CAP_CS_NO_INFO;
 }
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 05/10] util/path: check return value of malloc()

[zhanghailiang]

Signed-off-by: zhanghailiang 
---
 util/path.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/util/path.c b/util/path.c
index 5c59d9f..df1653f 100644
--- a/util/path.c
+++ b/util/path.c
@@ -46,9 +46,12 @@ static struct pathelem *new_entry(const char *root,
   const char *name)
 {
 struct pathelem *new = malloc(sizeof(*new));
-new->name = strdup(name);
-new->pathname = g_strdup_printf("%s/%s", root, name);
-new->num_entries = 0;
+
+if (new) {
+new->name = strdup(name);
+new->pathname = g_strdup_printf("%s/%s", root, name);
+new->num_entries = 0;
+}
 return new;
 }
 
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 09/10] tcg: check return value of fopen()

[zhanghailiang]

From: Li Liu 

Give a warning message if fopen() failed to open the log file.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Liu 
---
 tcg/tcg.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/tcg/tcg.c b/tcg/tcg.c
index c068990..8f50d2a 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -2406,6 +2406,10 @@ static void dump_op_count(void)
 int i;
 FILE *f;
 f = fopen("/tmp/op.log", "w");
+if (f == NULL) {
+fprintf(stderr, "Failed to open /tmp/op.log\n");
+return;
+}
 for(i = INDEX_op_end; i < NB_OPS; i++) {
 fprintf(f, "%s %" PRId64 "\n", tcg_op_defs[i].name, 
tcg_table_op_count[i]);
 }
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 08/10] qtest: check the value returned by fopen()

[zhanghailiang]

The function fopen() may fail, so check its return value.

Signed-off-by: zhanghailiang 
Signed-off-by: Li Liu 
---
 qtest.c  | 5 +
 tests/bios-tables-test.c | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/qtest.c b/qtest.c
index 04a6dc1..ae9b636 100644
--- a/qtest.c
+++ b/qtest.c
@@ -536,6 +536,11 @@ void qtest_init(const char *qtest_chrdev, const char 
*qtest_log, Error **errp)
 if (qtest_log) {
 if (strcmp(qtest_log, "none") != 0) {
 qtest_log_fp = fopen(qtest_log, "w+");
+if (qtest_log_fp == NULL) {
+error_setg(errp, "Failed to open log file for qtest: \"%s\"",
+   qtest_log);
+return;
+}
 }
 } else {
 qtest_log_fp = stderr;
diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 045eb27..6a357c0 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -790,6 +790,8 @@ int main(int argc, char *argv[])
 const char *arch = qtest_get_arch();
 FILE *f = fopen(disk, "w");
 int ret;
+
+g_assert(f != NULL);
 fwrite(boot_sector, 1, sizeof boot_sector, f);
 fclose(f);
 
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 04/10] ivshmem: check the value returned by fstat()

[zhanghailiang]

The function fstat() may fail, so check its return value.

Signed-off-by: zhanghailiang 
---
 hw/misc/ivshmem.c | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 768e528..2be4b86 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -324,7 +324,11 @@ static int check_shm_size(IVShmemState *s, int fd) {
 
 struct stat buf;
 
-fstat(fd, &buf);
+if (fstat(fd, &buf) < 0) {
+fprintf(stderr, "ivshmem: exiting: fstat on fd %d failed: %s\n",
+fd, strerror(errno));
+return -1;
+}
 
 if (s->ivshmem_size > buf.st_size) {
 fprintf(stderr,
-- 
1.7.12.4

[Qemu-devel] [PATCH v3 00/10] fix three bugs about use-after-free and several api abuse

[zhanghailiang]

Hi,

Besides fstat(), I have also found when call malloc() and fopen(),
there are serveral places that do not check their return value.

Though it is a small probability for the two functions to fail,
but it is better to fix them.

So i added these patches to this patch-set

v2 -> v3:
-ivshmem: change the error message which advised by Levente Kurusa 
-others: add six new patches which check the return value of malloc() and 
fopen(),
- which may be failed.

v1 -> v2:
-ivshmem: modified the log message according to reviewing suggestion of Michael

Li Liu (3):
  tcg: check return value of fopen()
  block/vvfat: fix setbuf stream parameter may be NULL
  qtest: check the value returned by fopen()

zhanghailiang (7):
  l2cap: fix access freed memory
  monitor: fix access freed memory
  virtio-blk: fix reference a pointer which might be freed
  ivshmem: check the value returned by fstat()
  util/path: check return value of malloc()
  slirp: check return value of malloc()
  linux-user: check return value of malloc()

 block/vvfat.c| 5 -
 hw/block/virtio-blk.c| 5 +++--
 hw/bt/l2cap.c| 2 +-
 hw/misc/ivshmem.c| 6 +-
 linux-user/syscall.c | 3 +++
 monitor.c| 4 +++-
 qtest.c  | 5 +
 slirp/misc.c | 8 ++--
 tcg/tcg.c| 4 
 tests/bios-tables-test.c | 2 ++
 util/path.c  | 9 ++---
 11 files changed, 42 insertions(+), 11 deletions(-)

-- 
1.7.12.4

[Qemu-devel] [Bug 1318830] Re: High CPU usage on windows virtual machine

[Boyan Stoyanovich]

I have this problem also using Debian Wheezy with backported qemu-
kvm-2.0.0, CPU usage for idle Windows machine ,using top to measure ,is
constantly >30% (while in Windows Task Manager >5%), while Linux VM
beside is working fine (CPU >5%) when idle...

Here are the details about packages used and qemu-kvm process:

root@bojan:~# uname -a
Linux bojan 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u1 x86_64 GNU/Linux
root@bojan:~# dpkg -l | egrep '(qemu|kvm|spice)'
ii  ipxe-qemu 1.0.0+git-20120202.f6840ba-3   
all  PXE boot firmware - ROM images for qemu
ii  libspice-client-glib-2.0-1:amd64  0.12-5 
amd64GObject for communicating with Spice servers (runtime library)
ii  libspice-client-gtk-2.0-1:amd64   0.12-5 
amd64GTK2 widget for SPICE clients (runtime library)
ii  libspice-server1:amd640.12.4-0nocelt2~bpo70+1
amd64Implements the server side of the SPICE protocol
ii  python-spice-client-gtk   0.12-5 
amd64GTK2 widget for SPICE clients (Python binding)
ii  qemu-keymaps  1.1.2+dfsg-6a+deb7u3   
all  QEMU keyboard maps
ii  qemu-kvm  2.0.0+dfsg-4~bpo70+1   
amd64QEMU Full virtualization on x86 hardware (transitional package)
rc  qemu-system   2.0.0+dfsg-4~bpo70+1   
amd64QEMU full system emulation binaries
ii  qemu-system-common2.0.0+dfsg-4~bpo70+1   
amd64QEMU full system emulation binaries (common files)
ii  qemu-system-x86   2.0.0+dfsg-4~bpo70+1   
amd64QEMU full system emulation binaries (x86)
ii  qemu-utils2.0.0+dfsg-4~bpo70+1   
amd64QEMU utilities

115  18212 36.1 35.4 2727568 2154604 ? Sl   10:07   4:08 qemu-
system-x86_64 -enable-kvm -name Win7ENTx64 -S -machine pc-
i440fx-2.0,accel=kvm,usb=off -cpu
SandyBridge,+erms,+smep,+fsgsbase,+rdrand,+f16c,+osxsave,+pcid,+pdcm,+xtpr,+tm2,+est,+vmx,+ds_cpl,+monitor,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme
-m 2048 -realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -uuid
c1be1529-83e4-82f1-5277-d82cb0e853b4 -no-user-config -nodefaults
-chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/Win7ENTx64.monitor,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime
-no-shutdown -boot strict=on -device piix3-usb-
uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-serial-pci,id=virtio-
serial0,bus=pci.0,addr=0x7 -drive
file=/var/lib/libvirt/images/Win7ENTx64.qcow2,if=none,id=drive-virtio-
disk0,format=qcow2 -device virtio-blk-
pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-
disk0,bootindex=1 -drive
file=/var/lib/libvirt/images/Microsoft_Windows_7_Enterprise_x64_SP1.ISO,if=none,id
=drive-ide0-1-0,readonly=on,format=raw -device ide-
cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev
tap,fd=25,id=hostnet0,vhost=on,vhostfd=26 -device virtio-net-
pci,netdev=hostnet0,id=net0,mac=52:54:00:ac:2b:78,bus=pci.0,addr=0x3
-chardev pty,id=charserial0 -device isa-
serial,chardev=charserial0,id=serial0 -chardev
spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-
serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
-device usb-tablet,id=input0 -spice port=5901,addr=127.0.0.1,disable-
ticketing,seamless-migration=on -device VGA,id=video0,bus=pci.0,addr=0x2
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-
duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-
pci,id=balloon0,bus=pci.0,addr=0x6

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1318830

Title:
  High CPU usage on windows virtual machine

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Incomplete

Bug description:
  I got Ubuntu 14.04, with Qemu 2.0 and moved my windows VM to this new box, 
and made sure that what this article indicates was achieved
  https://www.kraxel.org/blog/2014/03/qemu-and-usb-tablet-cpu-consumtion/
  I can attest that it works following the instructions, erasing the registry, 
etc.
  Unfortunately, with 4 cpus as below, I still see 60% CPU outside as shown by 
"Top" versus 0% CPU inside. My Kernel is 3.15.0-031500rc4-generic
  If some developer wants to log in and take a look, I am happy to help. The 
box is not in production and I take full responsibility. Until this is solved, 
KVM is not going to compete with Hyper-V or Vmware.  Basically KVM is not 
suitable for the Enterprise as of yet.

  qemu-system-x86_64 -enable-kvm -name Production -S -machine pc-
  i440fx-2.0,accel=kvm,usb=off -cpu
  
kvm64,+rdtscp,+pdpe1gb,+x2apic,+dca,+pcid,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+monitor,+dtes64,+pclmuldq,+pbe,+tm

[Qemu-devel] [Bug 1318830] Re: High CPU usage on windows virtual machine

[Boyan Stoyanovich]

P.S. I have tried above suggested (adding hyperv to the vm options...)
soultion, but it doesn't help.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1318830

Title:
  High CPU usage on windows virtual machine

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Incomplete

Bug description:
  I got Ubuntu 14.04, with Qemu 2.0 and moved my windows VM to this new box, 
and made sure that what this article indicates was achieved
  https://www.kraxel.org/blog/2014/03/qemu-and-usb-tablet-cpu-consumtion/
  I can attest that it works following the instructions, erasing the registry, 
etc.
  Unfortunately, with 4 cpus as below, I still see 60% CPU outside as shown by 
"Top" versus 0% CPU inside. My Kernel is 3.15.0-031500rc4-generic
  If some developer wants to log in and take a look, I am happy to help. The 
box is not in production and I take full responsibility. Until this is solved, 
KVM is not going to compete with Hyper-V or Vmware.  Basically KVM is not 
suitable for the Enterprise as of yet.

  qemu-system-x86_64 -enable-kvm -name Production -S -machine pc-
  i440fx-2.0,accel=kvm,usb=off -cpu
  
kvm64,+rdtscp,+pdpe1gb,+x2apic,+dca,+pcid,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+monitor,+dtes64,+pclmuldq,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme,hv_relaxed,hv_vapic,hv_spinlocks=0xfff
  -m 4024 -realtime mlock=off -smp 4,sockets=1,cores=4,threads=1 -uuid
  e8701c5c-b542-0199-fd2a-1047df24770e -no-user-config -nodefaults
  -chardev
  
socket,id=charmonitor,path=/var/lib/libvirt/qemu/Production.monitor,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime
  -no-shutdown -boot strict=on -device piix3-usb-
  uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
  file=/var/lib/libvirt/images/Production.img,if=none,id=drive-virtio-
  disk0,format=raw -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -netdev tap,fd=30,id=hostnet0,vhost=on,vhostfd=31
  -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=00:16:3a:d2:cd:ea,bus=pci.0,addr=0x3
  -netdev tap,fd=35,id=hostnet1,vhost=on,vhostfd=36 -device virtio-net-
  pci,netdev=hostnet1,id=net1,mac=52:54:00:70:fe:54,bus=pci.0,addr=0x4
  -chardev pty,id=charserial0 -device isa-
  serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0
  -vnc 127.0.0.1:0 -device VGA,id=video0,bus=pci.0,addr=0x2 -device
  intel-hda,id=sound0,bus=pci.0,addr=0x5 -device hda-
  duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0x7

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1318830/+subscriptions

Re: [Qemu-devel] [PATCH v5 6/6] exec: improve error handling and reporting in file_ram_alloc() and gethugepagesize()

[Hu Tao]

On Wed, Aug 06, 2014 at 10:49:23PM +1000, Peter Crosthwaite wrote:
> You subject line is excessively long. How about just "improve RAM file
> error handling" and elaborate in a commit msg para?

After splitting both patches are improving of RAM file error handling.
I'll reword the subjects and drop this one.

> 
> On Wed, Aug 6, 2014 at 3:36 PM, Hu Tao  wrote:
> > This patch fixes two problems of memory-backend-file:
> >
> 
> It looks like two self contained changes. Any reason to not split?
> 
> > 1. If user adds a memory-backend-file object using object_add command,
> >specifying a non-existing directory for property mem-path, qemu
> >will core dump with message:
> >
> >  /nonexistingdir: No such file or directory
> >  Bad ram offset f000
> >  Aborted (core dumped)
> >
> >with this patch, qemu reports error message like:
> >
> >  qemu-system-x86_64: -object 
> > memory-backend-file,mem-path=/nonexistingdir,id=mem-file0,size=128M:
> >  failed to stat file /nonexistingdir: No such file or directory
> >
> > 2. If user adds a memory-backend-file object using object_add command,
> >specifying a size that is less than huge page size, qemu
> >will core dump with message:
> >
> >  Bad ram offset f000
> >  Aborted (core dumped)
> >
> >with this patch, qemu reports error message like:
> >
> >  qemu-system-x86_64: -object 
> > memory-backend-file,mem-path=/hugepages,id=mem-file0,size=1M: memory
> >  size 0x10 should be euqal or larger than huge page size 0x20
> 
> "equal".
> 
> >
> > Signed-off-by: Hu Tao 
> > ---
> >  exec.c | 21 -
> >  1 file changed, 12 insertions(+), 9 deletions(-)
> >
> > diff --git a/exec.c b/exec.c
> > index 7e60a44..6512820 100644
> > --- a/exec.c
> > +++ b/exec.c
> > @@ -996,7 +996,7 @@ void qemu_mutex_unlock_ramlist(void)
> >
> 
> >  #define HUGETLBFS_MAGIC   0x958458f6
> >
> > -static long gethugepagesize(const char *path)
> > +static long gethugepagesize(const char *path, Error **errp)
> >  {
> >  struct statfs fs;
> >  int ret;
> > @@ -1006,7 +1006,7 @@ static long gethugepagesize(const char *path)
> >  } while (ret != 0 && errno == EINTR);
> >
> >  if (ret != 0) {
> > -perror(path);
> > +error_setg_errno(errp, errno, "failed to get size of file %s", 
> > path);
> 
> I think your error message is imprecise. It's not the file size you
> are trying to get its the page size for that file (or its underlying
> file system I think).

changed to: failed to get page size of file

> 
> >  return 0;
> >  }
> >
> > @@ -1024,17 +1024,20 @@ static void *file_ram_alloc(RAMBlock *block,
> >  char *filename;
> >  char *sanitized_name;
> >  char *c;
> > -void *area;
> > +void *area = NULL;
> >  int fd;
> > -unsigned long hpagesize;
> > +uint64_t hpagesize;
> >
> > -hpagesize = gethugepagesize(path);
> > -if (!hpagesize) {
> > +hpagesize = gethugepagesize(path, errp);
> > +if (errp && *errp) {
> 
> More flow control dependent on non NULL errp. I think you want a
> local_err for safety here.

Okay.

> 
> >  goto error;
> >  }
> >
> >  if (memory < hpagesize) {
> > -return NULL;
> > +error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be euqal to "
> 
> "equal"

thanks!

> 
> Regards,
> Peter
> 
> > +   "or larger than huge page size 0x%" PRIx64,
> > +   memory, hpagesize);
> > +goto error;
> >  }
> >
> >  if (kvm_enabled() && !kvm_has_sync_mmu()) {
> > @@ -1094,8 +1097,8 @@ static void *file_ram_alloc(RAMBlock *block,
> >  return area;
> >
> >  error:
> > -if (mem_prealloc) {
> > -exit(1);
> > +if (area && area != MAP_FAILED) {
> > +munmap(area, memory);
> >  }
> >  return NULL;
> >  }
> > --
> > 1.9.3
> >
> >

[Qemu-devel] [Bug 1318830] Re: High CPU usage on windows virtual machine

[Boyan Stoyanovich]

Typo correction:

CPU usage for idle Windows machine, using top to measure, is constantly
>30% (while in Windows Task Manager <5%), while Linux VM beside is
working fine (CPU <5%) when idle...

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1318830

Title:
  High CPU usage on windows virtual machine

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  Incomplete

Bug description:
  I got Ubuntu 14.04, with Qemu 2.0 and moved my windows VM to this new box, 
and made sure that what this article indicates was achieved
  https://www.kraxel.org/blog/2014/03/qemu-and-usb-tablet-cpu-consumtion/
  I can attest that it works following the instructions, erasing the registry, 
etc.
  Unfortunately, with 4 cpus as below, I still see 60% CPU outside as shown by 
"Top" versus 0% CPU inside. My Kernel is 3.15.0-031500rc4-generic
  If some developer wants to log in and take a look, I am happy to help. The 
box is not in production and I take full responsibility. Until this is solved, 
KVM is not going to compete with Hyper-V or Vmware.  Basically KVM is not 
suitable for the Enterprise as of yet.

  qemu-system-x86_64 -enable-kvm -name Production -S -machine pc-
  i440fx-2.0,accel=kvm,usb=off -cpu
  
kvm64,+rdtscp,+pdpe1gb,+x2apic,+dca,+pcid,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+monitor,+dtes64,+pclmuldq,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme,hv_relaxed,hv_vapic,hv_spinlocks=0xfff
  -m 4024 -realtime mlock=off -smp 4,sockets=1,cores=4,threads=1 -uuid
  e8701c5c-b542-0199-fd2a-1047df24770e -no-user-config -nodefaults
  -chardev
  
socket,id=charmonitor,path=/var/lib/libvirt/qemu/Production.monitor,server,nowait
  -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime
  -no-shutdown -boot strict=on -device piix3-usb-
  uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
  file=/var/lib/libvirt/images/Production.img,if=none,id=drive-virtio-
  disk0,format=raw -device virtio-blk-
  pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-
  disk0,bootindex=1 -netdev tap,fd=30,id=hostnet0,vhost=on,vhostfd=31
  -device virtio-net-
  pci,netdev=hostnet0,id=net0,mac=00:16:3a:d2:cd:ea,bus=pci.0,addr=0x3
  -netdev tap,fd=35,id=hostnet1,vhost=on,vhostfd=36 -device virtio-net-
  pci,netdev=hostnet1,id=net1,mac=52:54:00:70:fe:54,bus=pci.0,addr=0x4
  -chardev pty,id=charserial0 -device isa-
  serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0
  -vnc 127.0.0.1:0 -device VGA,id=video0,bus=pci.0,addr=0x2 -device
  intel-hda,id=sound0,bus=pci.0,addr=0x5 -device hda-
  duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-
  pci,id=balloon0,bus=pci.0,addr=0x7

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1318830/+subscriptions

Re: [Qemu-devel] [PATCH v3 04/10] ivshmem: check the value returned by fstat()

[Levente Kurusa]

> The function fstat() may fail, so check its return value.
> 
> Signed-off-by: zhanghailiang 

Acked-by: Levente Kurusa 

Thanks!
Levente Kurusa

Re: [Qemu-devel] [PATCH v5 4/6] memory: add parameter errp to memory_region_init_rom_device

[Hu Tao]

On Wed, Aug 06, 2014 at 10:32:53PM +1000, Peter Crosthwaite wrote:
> On Wed, Aug 6, 2014 at 3:36 PM, Hu Tao  wrote:
> > Add parameter errp to memory_region_init_rom_device and update all call
> > sites to pass in &error_abort.
> >
> > Signed-off-by: Hu Tao 
> 
> Reviewed-by: Peter Crosthwaite 
> 
> > ---
> >  hw/block/pflash_cfi01.c | 2 +-
> >  hw/block/pflash_cfi02.c | 2 +-
> >  include/exec/memory.h   | 4 +++-
> >  memory.c| 5 +++--
> >  4 files changed, 8 insertions(+), 5 deletions(-)
> >
> > diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
> > index f9507b4..649565d 100644
> > --- a/hw/block/pflash_cfi01.c
> > +++ b/hw/block/pflash_cfi01.c
> > @@ -770,7 +770,7 @@ static void pflash_cfi01_realize(DeviceState *dev, 
> > Error **errp)
> >  memory_region_init_rom_device(
> >  &pfl->mem, OBJECT(dev),
> >  pfl->be ? &pflash_cfi01_ops_be : &pflash_cfi01_ops_le, pfl,
> > -pfl->name, total_len);
> > +pfl->name, total_len, &error_abort);
> >  vmstate_register_ram(&pfl->mem, DEVICE(pfl));
> >  pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
> >  sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
> > diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
> > index 8d4b828..49db02d 100644
> > --- a/hw/block/pflash_cfi02.c
> > +++ b/hw/block/pflash_cfi02.c
> > @@ -608,7 +608,7 @@ static void pflash_cfi02_realize(DeviceState *dev, 
> > Error **errp)
> >
> >  memory_region_init_rom_device(&pfl->orig_mem, OBJECT(pfl), pfl->be ?
> >&pflash_cfi02_ops_be : 
> > &pflash_cfi02_ops_le,
> > -  pfl, pfl->name, chip_len);
> > +  pfl, pfl->name, chip_len, &error_abort);
> 
> We probably should take the opportunity to error_propagate in these
> cases, to prepare support for hotplug of devs like this. But I think
> your blind conversions are a good first step as they will preserve
> existing behaviour. So lets call that follow up.

The same pattern is done in patch 2 and patch 5 :)

> 
> Regards,
> Peter
> 
> >  vmstate_register_ram(&pfl->orig_mem, DEVICE(pfl));
> >  pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem);
> >  pfl->chip_len = chip_len;
> > diff --git a/include/exec/memory.h b/include/exec/memory.h
> > index caa988d..71bed47 100644
> > --- a/include/exec/memory.h
> > +++ b/include/exec/memory.h
> > @@ -388,13 +388,15 @@ void memory_region_init_alias(MemoryRegion *mr,
> >   * @ops: callbacks for write access handling.
> >   * @name: the name of the region.
> >   * @size: size of the region.
> > + * @errp: pointer to Error*, to store an error if it happens.
> >   */
> >  void memory_region_init_rom_device(MemoryRegion *mr,
> > struct Object *owner,
> > const MemoryRegionOps *ops,
> > void *opaque,
> > const char *name,
> > -   uint64_t size);
> > +   uint64_t size,
> > +   Error **errp);
> >
> >  /**
> >   * memory_region_init_reservation: Initialize a memory region that reserves
> > diff --git a/memory.c b/memory.c
> > index bcebfd8..06a7e1b 100644
> > --- a/memory.c
> > +++ b/memory.c
> > @@ -1223,7 +1223,8 @@ void memory_region_init_rom_device(MemoryRegion *mr,
> > const MemoryRegionOps *ops,
> > void *opaque,
> > const char *name,
> > -   uint64_t size)
> > +   uint64_t size,
> > +   Error **errp)
> >  {
> >  memory_region_init(mr, owner, name, size);
> >  mr->ops = ops;
> > @@ -1231,7 +1232,7 @@ void memory_region_init_rom_device(MemoryRegion *mr,
> >  mr->terminates = true;
> >  mr->rom_device = true;
> >  mr->destructor = memory_region_destructor_rom_device;
> > -mr->ram_addr = qemu_ram_alloc(size, mr, &error_abort);
> > +mr->ram_addr = qemu_ram_alloc(size, mr, errp);
> >  }
> >
> >  void memory_region_init_iommu(MemoryRegion *mr,
> > --
> > 1.9.3
> >
> >

[Qemu-devel] [PATCH v6 1/7] exec: add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr

[Hu Tao]

Add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr so that
we can handle errors.

Signed-off-by: Hu Tao 
---
 exec.c  | 36 +++-
 include/exec/ram_addr.h |  4 ++--
 memory.c|  6 +++---
 3 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/exec.c b/exec.c
index 765bd94..accba00 100644
--- a/exec.c
+++ b/exec.c
@@ -1224,7 +1224,7 @@ static int memory_try_enable_merging(void *addr, size_t 
len)
 return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
 }
 
-static ram_addr_t ram_block_add(RAMBlock *new_block)
+static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
 {
 RAMBlock *block;
 ram_addr_t old_ram_size, new_ram_size;
@@ -1241,9 +1241,11 @@ static ram_addr_t ram_block_add(RAMBlock *new_block)
 } else {
 new_block->host = phys_mem_alloc(new_block->length);
 if (!new_block->host) {
-fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
-new_block->mr->name, strerror(errno));
-exit(1);
+error_setg_errno(errp, errno,
+ "cannot set up guest memory '%s'",
+ new_block->mr->name);
+qemu_mutex_unlock_ramlist();
+return -1;
 }
 memory_try_enable_merging(new_block->host, new_block->length);
 }
@@ -1294,6 +1296,8 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, 
MemoryRegion *mr,
 Error **errp)
 {
 RAMBlock *new_block;
+ram_addr_t addr;
+Error *local_err = NULL;
 
 if (xen_enabled()) {
 error_setg(errp, "-mem-path not supported with Xen");
@@ -1323,14 +1327,22 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, 
MemoryRegion *mr,
 return -1;
 }
 
-return ram_block_add(new_block);
+addr = ram_block_add(new_block, &local_err);
+if (local_err) {
+g_free(new_block);
+error_propagate(errp, local_err);
+return -1;
+}
+return addr;
 }
 #endif
 
 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
-   MemoryRegion *mr)
+   MemoryRegion *mr, Error **errp)
 {
 RAMBlock *new_block;
+ram_addr_t addr;
+Error *local_err = NULL;
 
 size = TARGET_PAGE_ALIGN(size);
 new_block = g_malloc0(sizeof(*new_block));
@@ -1341,12 +1353,18 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, 
void *host,
 if (host) {
 new_block->flags |= RAM_PREALLOC;
 }
-return ram_block_add(new_block);
+addr = ram_block_add(new_block, &local_err);
+if (local_err) {
+g_free(new_block);
+error_propagate(errp, local_err);
+return -1;
+}
+return addr;
 }
 
-ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
+ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
 {
-return qemu_ram_alloc_from_ptr(size, NULL, mr);
+return qemu_ram_alloc_from_ptr(size, NULL, mr, errp);
 }
 
 void qemu_ram_free_from_ptr(ram_addr_t addr)
diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
index 6593be1..cf1d4c7 100644
--- a/include/exec/ram_addr.h
+++ b/include/exec/ram_addr.h
@@ -26,8 +26,8 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, 
MemoryRegion *mr,
 bool share, const char *mem_path,
 Error **errp);
 ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
-   MemoryRegion *mr);
-ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr);
+   MemoryRegion *mr, Error **errp);
+ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp);
 int qemu_get_ram_fd(ram_addr_t addr);
 void *qemu_get_ram_block_host_ptr(ram_addr_t addr);
 void *qemu_get_ram_ptr(ram_addr_t addr);
diff --git a/memory.c b/memory.c
index 64d7176..59d9935 100644
--- a/memory.c
+++ b/memory.c
@@ -1169,7 +1169,7 @@ void memory_region_init_ram(MemoryRegion *mr,
 mr->ram = true;
 mr->terminates = true;
 mr->destructor = memory_region_destructor_ram;
-mr->ram_addr = qemu_ram_alloc(size, mr);
+mr->ram_addr = qemu_ram_alloc(size, mr, &error_abort);
 }
 
 #ifdef __linux__
@@ -1199,7 +1199,7 @@ void memory_region_init_ram_ptr(MemoryRegion *mr,
 mr->ram = true;
 mr->terminates = true;
 mr->destructor = memory_region_destructor_ram_from_ptr;
-mr->ram_addr = qemu_ram_alloc_from_ptr(size, ptr, mr);
+mr->ram_addr = qemu_ram_alloc_from_ptr(size, ptr, mr, &error_abort);
 }
 
 void memory_region_init_alias(MemoryRegion *mr,
@@ -1229,7 +1229,7 @@ void memory_region_init_rom_device(MemoryRegion *mr,
 mr->terminates = true;
 mr->rom_device = true;
 mr->destructor = memory_region_destructor_rom_device;
-mr->ram_addr = qemu_ram_alloc(size, mr);

[Qemu-devel] [PATCH v6 0/7] memory API improvements and bug fixes for memory backends

[Hu Tao]

This series includes two parts:
 
  1. part 1 includes patches 1-4, which improves error handling of
 memory_region_init_ram, memory_region_init_ram_ptr and
 memory_region_init_rom_device
 
  2. part 2 includes patches 5-7, each fixes a bug of memory backend.
 
changes to v5:

  - split patch 6 in v5 into 2
  - use local_err instead of errp
  - typo fixes

Hu Tao (7):
  exec: add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr
  memory: add parameter errp to memory_region_init_ram
  memory: add parameter errp to memory_region_init_ram_ptr
  memory: add parameter errp to memory_region_init_rom_device
  hostmem-ram: don't exit qemu if size of memory-backend-ram is way too
big
  exec: report error when memory < hpagesize
  exec: add parameter errp to gethugepagesize

 backends/hostmem-ram.c   |  2 +-
 exec.c   | 60 ++--
 hw/alpha/typhoon.c   |  3 +-
 hw/arm/armv7m.c  |  7 ++--
 hw/arm/cubieboard.c  |  2 +-
 hw/arm/digic_boards.c|  2 +-
 hw/arm/exynos4210.c  |  9 ++---
 hw/arm/highbank.c|  5 +--
 hw/arm/integratorcp.c|  5 +--
 hw/arm/kzm.c |  4 +--
 hw/arm/mainstone.c   |  3 +-
 hw/arm/musicpal.c|  6 ++--
 hw/arm/omap1.c   |  6 ++--
 hw/arm/omap2.c   |  6 ++--
 hw/arm/omap_sx1.c|  6 ++--
 hw/arm/palm.c|  3 +-
 hw/arm/pxa2xx.c  | 11 +++---
 hw/arm/realview.c|  9 +++--
 hw/arm/spitz.c   |  2 +-
 hw/arm/strongarm.c   |  3 +-
 hw/arm/tosa.c|  2 +-
 hw/arm/versatilepb.c |  3 +-
 hw/arm/vexpress.c| 15 +---
 hw/arm/virt.c|  3 +-
 hw/arm/xilinx_zynq.c |  6 ++--
 hw/block/onenand.c   |  2 +-
 hw/block/pflash_cfi01.c  |  2 +-
 hw/block/pflash_cfi02.c  |  2 +-
 hw/core/loader.c |  2 +-
 hw/cris/axis_dev88.c |  6 ++--
 hw/display/cg3.c |  6 ++--
 hw/display/g364fb.c  |  2 +-
 hw/display/qxl.c |  6 ++--
 hw/display/sm501.c   |  2 +-
 hw/display/tc6393xb.c|  3 +-
 hw/display/tcx.c |  5 +--
 hw/display/vga.c |  3 +-
 hw/display/vmware_vga.c  |  3 +-
 hw/i386/kvm/pci-assign.c |  6 ++--
 hw/i386/pc.c |  3 +-
 hw/i386/pc_sysfw.c   |  5 +--
 hw/input/milkymist-softusb.c |  4 +--
 hw/lm32/lm32_boards.c|  6 ++--
 hw/lm32/milkymist.c  |  3 +-
 hw/m68k/an5206.c |  4 +--
 hw/m68k/dummy_m68k.c |  2 +-
 hw/m68k/mcf5208.c|  4 +--
 hw/microblaze/petalogix_ml605_mmu.c  |  5 +--
 hw/microblaze/petalogix_s3adsp1800_mmu.c |  6 ++--
 hw/mips/mips_fulong2e.c  |  5 +--
 hw/mips/mips_jazz.c  |  8 +++--
 hw/mips/mips_malta.c |  6 ++--
 hw/mips/mips_mipssim.c   |  6 ++--
 hw/mips/mips_r4k.c   |  5 +--
 hw/misc/ivshmem.c|  5 +--
 hw/misc/vfio.c   |  3 +-
 hw/moxie/moxiesim.c  |  4 +--
 hw/net/milkymist-minimac2.c  |  2 +-
 hw/openrisc/openrisc_sim.c   |  2 +-
 hw/pci-host/prep.c   |  3 +-
 hw/pci/pci.c |  2 +-
 hw/ppc/mac_newworld.c|  3 +-
 hw/ppc/mac_oldworld.c|  3 +-
 hw/ppc/ppc405_boards.c   |  8 +++--
 hw/ppc/ppc405_uc.c   |  3 +-
 hw/ppc/spapr.c   |  2 +-
 hw/s390x/s390-virtio-ccw.c   |  2 +-
 hw/s390x/s390-virtio.c   |  2 +-
 hw/sh4/r2d.c |  2 +-
 hw/sh4/shix.c|  8 +++--
 hw/sparc/leon3.c |  4 +--
 hw/sparc/sun4m.c | 10 +++---
 hw/sparc64/sun4u.c   |  6 ++--
 hw/unicore32/puv3.c  |  3 +-
 hw/xtensa/sim.c  |  4 +--
 hw/xtensa/xtfpga.c   |  8 +++--
 include/exec/memory.h| 12 +--
 include/exec/ram_addr.h  |  4 +--
 memory.c | 15 
 numa.c   |  4 +--
 xen-hvm.c|  3 +-
 81 files changed, 270 insert

[Qemu-devel] [PATCH v6 3/7] memory: add parameter errp to memory_region_init_ram_ptr

[Hu Tao]

Add parameter errp to memory_region_init_ram_ptr and update all call
sites to pass in &error_abort.

Reviewed-by: Peter Crosthwaite 
Signed-off-by: Hu Tao 
---
 hw/display/g364fb.c  | 2 +-
 hw/i386/kvm/pci-assign.c | 3 ++-
 hw/misc/ivshmem.c| 5 +++--
 hw/misc/vfio.c   | 3 ++-
 hw/ppc/spapr.c   | 2 +-
 include/exec/memory.h| 4 +++-
 memory.c | 5 +++--
 7 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/hw/display/g364fb.c b/hw/display/g364fb.c
index 46f7b41..cce33ae 100644
--- a/hw/display/g364fb.c
+++ b/hw/display/g364fb.c
@@ -487,7 +487,7 @@ static void g364fb_init(DeviceState *dev, G364State *s)
 
 memory_region_init_io(&s->mem_ctrl, NULL, &g364fb_ctrl_ops, s, "ctrl", 
0x18);
 memory_region_init_ram_ptr(&s->mem_vram, NULL, "vram",
-   s->vram_size, s->vram);
+   s->vram_size, s->vram, &error_abort);
 vmstate_register_ram(&s->mem_vram, dev);
 memory_region_set_coalescing(&s->mem_vram);
 }
diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c
index 5dcd2d5..d2013af 100644
--- a/hw/i386/kvm/pci-assign.c
+++ b/hw/i386/kvm/pci-assign.c
@@ -456,7 +456,8 @@ static void assigned_dev_register_regions(PCIRegion 
*io_regions,
  object_get_typename(OBJECT(pci_dev)), i);
 memory_region_init_ram_ptr(&pci_dev->v_addrs[i].real_iomem,
OBJECT(pci_dev), name,
-   cur_region->size, virtbase);
+   cur_region->size, virtbase,
+   &error_abort);
 vmstate_register_ram(&pci_dev->v_addrs[i].real_iomem,
  &pci_dev->dev.qdev);
 }
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 768e528..0949c15 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -348,7 +348,7 @@ static void create_shared_memory_BAR(IVShmemState *s, int 
fd) {
 ptr = mmap(0, s->ivshmem_size, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
 
 memory_region_init_ram_ptr(&s->ivshmem, OBJECT(s), "ivshmem.bar2",
-   s->ivshmem_size, ptr);
+   s->ivshmem_size, ptr, &error_abort);
 vmstate_register_ram(&s->ivshmem, DEVICE(s));
 memory_region_add_subregion(&s->bar, 0, &s->ivshmem);
 
@@ -476,7 +476,8 @@ static void ivshmem_read(void *opaque, const uint8_t * buf, 
int flags)
 map_ptr = mmap(0, s->ivshmem_size, PROT_READ|PROT_WRITE, MAP_SHARED,
 incoming_fd, 0);
 memory_region_init_ram_ptr(&s->ivshmem, OBJECT(s),
-   "ivshmem.bar2", s->ivshmem_size, map_ptr);
+   "ivshmem.bar2", s->ivshmem_size, map_ptr,
+   &error_abort);
 vmstate_register_ram(&s->ivshmem, DEVICE(s));
 
 IVSHMEM_DPRINTF("guest h/w addr = %" PRIu64 ", size = %" PRIu64 "\n",
diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c
index 0b9eba0..91d2c95 100644
--- a/hw/misc/vfio.c
+++ b/hw/misc/vfio.c
@@ -2894,7 +2894,8 @@ static int vfio_mmap_bar(VFIODevice *vdev, VFIOBAR *bar,
 goto empty_region;
 }
 
-memory_region_init_ram_ptr(submem, OBJECT(vdev), name, size, *map);
+memory_region_init_ram_ptr(submem, OBJECT(vdev), name, size, *map,
+   &error_abort);
 } else {
 empty_region:
 /* Create a zero sized sub-region to make cleanup easy. */
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index d01978f..4dfe40a 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -1342,7 +1342,7 @@ static void ppc_spapr_init(MachineState *machine)
 if (rma_alloc_size && rma) {
 rma_region = g_new(MemoryRegion, 1);
 memory_region_init_ram_ptr(rma_region, NULL, "ppc_spapr.rma",
-   rma_alloc_size, rma);
+   rma_alloc_size, rma, &error_abort);
 vmstate_register_ram_global(rma_region);
 memory_region_add_subregion(sysmem, 0, rma_region);
 }
diff --git a/include/exec/memory.h b/include/exec/memory.h
index ec6299b..caa988d 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -351,12 +351,14 @@ void memory_region_init_ram_from_file(MemoryRegion *mr,
  * @name: the name of the region.
  * @size: size of the region.
  * @ptr: memory to be mapped; must contain at least @size bytes.
+ * @errp: pointer to Error*, to store an error if it happens.
  */
 void memory_region_init_ram_ptr(MemoryRegion *mr,
 struct Object *owner,
 const char *name,
 uint64_t size,
-void *ptr);
+void *ptr,
+Error **errp);
 
 /**

[Qemu-devel] [PATCH v6 6/7] exec: report error when memory < hpagesize

[Hu Tao]

Report error when memory < hpagesize in file_ram_alloc() so callers can
handle the error.

This patch fix a problem that if user adds a memory-backend-file object
using object_add command, specifying a size that is less than huge page
size, qemu will core dump with message:

  Bad ram offset f000
  Aborted (core dumped)

with this patch, qemu reports error message like:

  qemu-system-x86_64: -object 
memory-backend-file,mem-path=/hugepages,id=mem-file0,size=1M: memory
  size 0x10 must be equal to or larger than huge page size 0x20

Signed-off-by: Hu Tao 
---
 exec.c | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/exec.c b/exec.c
index accba00..50cd510 100644
--- a/exec.c
+++ b/exec.c
@@ -1024,9 +1024,9 @@ static void *file_ram_alloc(RAMBlock *block,
 char *filename;
 char *sanitized_name;
 char *c;
-void *area;
+void *area = NULL;
 int fd;
-unsigned long hpagesize;
+uint64_t hpagesize;
 
 hpagesize = gethugepagesize(path);
 if (!hpagesize) {
@@ -1034,7 +1034,10 @@ static void *file_ram_alloc(RAMBlock *block,
 }
 
 if (memory < hpagesize) {
-return NULL;
+error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
+   "or larger than huge page size 0x%" PRIx64,
+   memory, hpagesize);
+goto error;
 }
 
 if (kvm_enabled() && !kvm_has_sync_mmu()) {
@@ -1094,8 +1097,8 @@ static void *file_ram_alloc(RAMBlock *block,
 return area;
 
 error:
-if (mem_prealloc) {
-exit(1);
+if (area && area != MAP_FAILED) {
+munmap(area, memory);
 }
 return NULL;
 }
-- 
1.9.3

[Qemu-devel] [PATCH v6 2/7] memory: add parameter errp to memory_region_init_ram

[Hu Tao]

Add parameter errp to memory_region_init_ram and update all call sites
to pass in &error_abort.

Signed-off-by: Hu Tao 
Reviewed-by: Peter Crosthwaite 
---
 backends/hostmem-ram.c   |  2 +-
 hw/alpha/typhoon.c   |  3 ++-
 hw/arm/armv7m.c  |  7 ---
 hw/arm/cubieboard.c  |  2 +-
 hw/arm/digic_boards.c|  2 +-
 hw/arm/exynos4210.c  |  9 +
 hw/arm/highbank.c|  5 +++--
 hw/arm/integratorcp.c|  5 +++--
 hw/arm/kzm.c |  4 ++--
 hw/arm/mainstone.c   |  3 ++-
 hw/arm/musicpal.c|  6 --
 hw/arm/omap1.c   |  6 --
 hw/arm/omap2.c   |  6 --
 hw/arm/omap_sx1.c|  6 --
 hw/arm/palm.c|  3 ++-
 hw/arm/pxa2xx.c  | 11 +++
 hw/arm/realview.c|  9 ++---
 hw/arm/spitz.c   |  2 +-
 hw/arm/strongarm.c   |  3 ++-
 hw/arm/tosa.c|  2 +-
 hw/arm/versatilepb.c |  3 ++-
 hw/arm/vexpress.c| 15 ++-
 hw/arm/virt.c|  3 ++-
 hw/arm/xilinx_zynq.c |  6 --
 hw/block/onenand.c   |  2 +-
 hw/core/loader.c |  2 +-
 hw/cris/axis_dev88.c |  6 --
 hw/display/cg3.c |  6 --
 hw/display/qxl.c |  6 +++---
 hw/display/sm501.c   |  2 +-
 hw/display/tc6393xb.c|  3 ++-
 hw/display/tcx.c |  5 +++--
 hw/display/vga.c |  3 ++-
 hw/display/vmware_vga.c  |  3 ++-
 hw/i386/kvm/pci-assign.c |  3 ++-
 hw/i386/pc.c |  3 ++-
 hw/i386/pc_sysfw.c   |  5 +++--
 hw/input/milkymist-softusb.c |  4 ++--
 hw/lm32/lm32_boards.c|  6 --
 hw/lm32/milkymist.c  |  3 ++-
 hw/m68k/an5206.c |  4 ++--
 hw/m68k/dummy_m68k.c |  2 +-
 hw/m68k/mcf5208.c|  4 ++--
 hw/microblaze/petalogix_ml605_mmu.c  |  5 +++--
 hw/microblaze/petalogix_s3adsp1800_mmu.c |  6 --
 hw/mips/mips_fulong2e.c  |  5 +++--
 hw/mips/mips_jazz.c  |  8 +---
 hw/mips/mips_malta.c |  6 --
 hw/mips/mips_mipssim.c   |  6 --
 hw/mips/mips_r4k.c   |  5 +++--
 hw/moxie/moxiesim.c  |  4 ++--
 hw/net/milkymist-minimac2.c  |  2 +-
 hw/openrisc/openrisc_sim.c   |  2 +-
 hw/pci-host/prep.c   |  3 ++-
 hw/pci/pci.c |  2 +-
 hw/ppc/mac_newworld.c|  3 ++-
 hw/ppc/mac_oldworld.c|  3 ++-
 hw/ppc/ppc405_boards.c   |  8 +---
 hw/ppc/ppc405_uc.c   |  3 ++-
 hw/s390x/s390-virtio-ccw.c   |  2 +-
 hw/s390x/s390-virtio.c   |  2 +-
 hw/sh4/r2d.c |  2 +-
 hw/sh4/shix.c|  8 +---
 hw/sparc/leon3.c |  4 ++--
 hw/sparc/sun4m.c | 10 ++
 hw/sparc64/sun4u.c   |  6 --
 hw/unicore32/puv3.c  |  3 ++-
 hw/xtensa/sim.c  |  4 ++--
 hw/xtensa/xtfpga.c   |  8 +---
 include/exec/memory.h|  4 +++-
 memory.c |  5 +++--
 numa.c   |  4 ++--
 xen-hvm.c|  3 ++-
 73 files changed, 203 insertions(+), 128 deletions(-)

diff --git a/backends/hostmem-ram.c b/backends/hostmem-ram.c
index d9a8290..e55d066 100644
--- a/backends/hostmem-ram.c
+++ b/backends/hostmem-ram.c
@@ -27,7 +27,7 @@ ram_backend_memory_alloc(HostMemoryBackend *backend, Error 
**errp)
 
 path = object_get_canonical_path_component(OBJECT(backend));
 memory_region_init_ram(&backend->mr, OBJECT(backend), path,
-   backend->size);
+   backend->size, &error_abort);
 g_free(path);
 }
 
diff --git a/hw/alpha/typhoon.c b/hw/alpha/typhoon.c
index 67a1070..058b723 100644
--- a/hw/alpha/typhoon.c
+++ b/hw/alpha/typhoon.c
@@ -843,7 +843,8 @@ PCIBus *typhoon_init(ram_addr_t ram_size, ISABus **isa_bus,
 
 /* Main memory region, 0x00...  Real hardware supports 32GB,
but the address space hole reserved at this point is 8TB.  */
-memory_region_init_ram(&s->ram_region, OBJECT(s), "ram", ram_size);
+memory_region_init_ra

[Qemu-devel] [PATCH v6 4/7] memory: add parameter errp to memory_region_init_rom_device

[Hu Tao]

Add parameter errp to memory_region_init_rom_device and update all call
sites to pass in &error_abort.

Reviewed-by: Peter Crosthwaite 
Signed-off-by: Hu Tao 
---
 hw/block/pflash_cfi01.c | 2 +-
 hw/block/pflash_cfi02.c | 2 +-
 include/exec/memory.h   | 4 +++-
 memory.c| 5 +++--
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/hw/block/pflash_cfi01.c b/hw/block/pflash_cfi01.c
index f9507b4..649565d 100644
--- a/hw/block/pflash_cfi01.c
+++ b/hw/block/pflash_cfi01.c
@@ -770,7 +770,7 @@ static void pflash_cfi01_realize(DeviceState *dev, Error 
**errp)
 memory_region_init_rom_device(
 &pfl->mem, OBJECT(dev),
 pfl->be ? &pflash_cfi01_ops_be : &pflash_cfi01_ops_le, pfl,
-pfl->name, total_len);
+pfl->name, total_len, &error_abort);
 vmstate_register_ram(&pfl->mem, DEVICE(pfl));
 pfl->storage = memory_region_get_ram_ptr(&pfl->mem);
 sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index 8d4b828..49db02d 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -608,7 +608,7 @@ static void pflash_cfi02_realize(DeviceState *dev, Error 
**errp)
 
 memory_region_init_rom_device(&pfl->orig_mem, OBJECT(pfl), pfl->be ?
   &pflash_cfi02_ops_be : &pflash_cfi02_ops_le,
-  pfl, pfl->name, chip_len);
+  pfl, pfl->name, chip_len, &error_abort);
 vmstate_register_ram(&pfl->orig_mem, DEVICE(pfl));
 pfl->storage = memory_region_get_ram_ptr(&pfl->orig_mem);
 pfl->chip_len = chip_len;
diff --git a/include/exec/memory.h b/include/exec/memory.h
index caa988d..71bed47 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -388,13 +388,15 @@ void memory_region_init_alias(MemoryRegion *mr,
  * @ops: callbacks for write access handling.
  * @name: the name of the region.
  * @size: size of the region.
+ * @errp: pointer to Error*, to store an error if it happens.
  */
 void memory_region_init_rom_device(MemoryRegion *mr,
struct Object *owner,
const MemoryRegionOps *ops,
void *opaque,
const char *name,
-   uint64_t size);
+   uint64_t size,
+   Error **errp);
 
 /**
  * memory_region_init_reservation: Initialize a memory region that reserves
diff --git a/memory.c b/memory.c
index bcebfd8..06a7e1b 100644
--- a/memory.c
+++ b/memory.c
@@ -1223,7 +1223,8 @@ void memory_region_init_rom_device(MemoryRegion *mr,
const MemoryRegionOps *ops,
void *opaque,
const char *name,
-   uint64_t size)
+   uint64_t size,
+   Error **errp)
 {
 memory_region_init(mr, owner, name, size);
 mr->ops = ops;
@@ -1231,7 +1232,7 @@ void memory_region_init_rom_device(MemoryRegion *mr,
 mr->terminates = true;
 mr->rom_device = true;
 mr->destructor = memory_region_destructor_rom_device;
-mr->ram_addr = qemu_ram_alloc(size, mr, &error_abort);
+mr->ram_addr = qemu_ram_alloc(size, mr, errp);
 }
 
 void memory_region_init_iommu(MemoryRegion *mr,
-- 
1.9.3

[Qemu-devel] [PATCH v6 5/7] hostmem-ram: don't exit qemu if size of memory-backend-ram is way too big

[Hu Tao]

When using monitor command object_add to add a memory backend whose
size is way too big to allocate memory for it, qemu just exits. In
the case we'd better give an error message and keep guest running.

The problem can be reproduced as follows:

1. run qemu
2. (monitor)object_add memory-backend-ram,size=10G,id=ram0

Reviewed-by: Peter Crosthwaite 
Signed-off-by: Hu Tao 
---
 backends/hostmem-ram.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backends/hostmem-ram.c b/backends/hostmem-ram.c
index e55d066..a67a134 100644
--- a/backends/hostmem-ram.c
+++ b/backends/hostmem-ram.c
@@ -27,7 +27,7 @@ ram_backend_memory_alloc(HostMemoryBackend *backend, Error 
**errp)
 
 path = object_get_canonical_path_component(OBJECT(backend));
 memory_region_init_ram(&backend->mr, OBJECT(backend), path,
-   backend->size, &error_abort);
+   backend->size, errp);
 g_free(path);
 }
 
-- 
1.9.3

[Qemu-devel] [PATCH v6 7/7] exec: add parameter errp to gethugepagesize

[Hu Tao]

Add parameter errp to gethugepagesize thus callers can handle errors.

This patch fixes a problem that if user adds a memory-backend-file
object using object_add command, specifying a non-existing directory
for property mem-path, qemu will core dump with message:

  /nonexistingdir: No such file or directory
  Bad ram offset f000
  Aborted (core dumped)

with this patch, qemu reports error message like:

  qemu-system-x86_64: -object 
memory-backend-file,mem-path=/nonexistingdir,id=mem-file0,size=128M:
  failed to stat file /nonexistingdir: No such file or directory

Signed-off-by: Hu Tao 
---
 exec.c | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/exec.c b/exec.c
index 50cd510..fdef0f7 100644
--- a/exec.c
+++ b/exec.c
@@ -996,7 +996,7 @@ void qemu_mutex_unlock_ramlist(void)
 
 #define HUGETLBFS_MAGIC   0x958458f6
 
-static long gethugepagesize(const char *path)
+static long gethugepagesize(const char *path, Error **errp)
 {
 struct statfs fs;
 int ret;
@@ -1006,7 +1006,8 @@ static long gethugepagesize(const char *path)
 } while (ret != 0 && errno == EINTR);
 
 if (ret != 0) {
-perror(path);
+error_setg_errno(errp, errno, "failed to get page size of file %s",
+ path);
 return 0;
 }
 
@@ -1027,9 +1028,11 @@ static void *file_ram_alloc(RAMBlock *block,
 void *area = NULL;
 int fd;
 uint64_t hpagesize;
+Error *local_err = NULL;
 
-hpagesize = gethugepagesize(path);
-if (!hpagesize) {
+hpagesize = gethugepagesize(path, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
 goto error;
 }
 
-- 
1.9.3

Re: [Qemu-devel] [000/108] Patch Round-up for stable 2.0.1, freeze on 2014-08-12

[Michael Roth]

Quoting Eric Blake (2014-08-06 16:49:50)
> On 08/06/2014 02:38 PM, Michael Roth wrote:
> > Hi everyone,
> > 
> > The following new patches are queued for QEMU stable v2.0.1:
> > 
> >   https://github.com/mdroth/qemu/commits/stable-2.0-staging
> > 
> > The release is planned for 2014-08-15:
> > 
> >   http://wiki.qemu.org/Planning/2.0
> > 
> > Please respond here or CC qemu-sta...@nongnu.org on any patches you
> > think should be included in the release.
> > 
> 
> Libvirt could support active commit against qemu 2.0.1 if you backport
> these patches:
> 
> Jeff Cody
>   7676e2c597 block: make 'top' argument to block-commit optional
> 
> Fam Zheng
>   9e48b02540 mirror: Go through ready -> complete process for 0 len image

Actually ended up needing the following with a few fix-ups:

7676e2c->98103fa block: make 'top' argument to block-commit optional
8b9a30c->e5f0eb0 qemu-iotests: Test BLOCK_JOB_READY event for 0Kb image active 
commit
9e48b02->43ac708 mirror: Go through ready -> complete process for 0 len image
dc71ce4->8e09e20 blockjob: Add block_job_yield()
373df5b->520b341 mirror: Fix resource leak when bdrv_getlength fails

I've gone ahead and pushed them, but please test as we generally don't
do features (even backward-compatible ones) for stable, and this wasn't
as trivial as I was hoping.

> 
> -- 
> Eric Blake   eblake redhat com+1-919-301-3266
> Libvirt virtualization library http://libvirt.org

Re: [Qemu-devel] [PATCH v2 00/30] AHCI test suite framework

[Stefan Hajnoczi]

On Wed, Aug 06, 2014 at 12:50:23PM -0400, John Snow wrote:
> 
> 
> On 08/06/2014 07:30 AM, Markus Armbruster wrote:
> >Stefan Hajnoczi  writes:
> >
> >>On Mon, Aug 04, 2014 at 05:11:01PM -0400, John Snow wrote:
> >>>This patch series introduces a number of small fixes and tweaks to
> >>>help support an AHCI test suite that in the future I hope to expand
> >>>to a fuller regression suite to help guide the development of the
> >>>AHCI device support under, in particular, the Q35 machine type in QEMU.
> >>>
> >>>Paolo Bonzini has contributed a number of cleanup and refactoring patches
> >>>that support changes to the PIO setup FIS packet construction code, which
> >>>is necessary for testing ths specification adherence of the IDENTIFY 
> >>>command,
> >>>which issues its data exclusively via PIO mechanisms.
> >>>
> >>>The ahci-test code being checked in represents a minimum of functionality
> >>>needed in order to issue and receive commands from the AHCI HBA under the
> >>>libqos / qtest environment.
> >>>
> >>>In V2, as detailed below, these tests are not currently expected to pass.
> >>>I will post a complementary patch outside of this set that highlights
> >>>the exact set of tests that will not pass, which can help verify at least
> >>>the portions of these tests that do work correctly.
> >>>
> >>>Assertions that currently fail:
> >>> - Ordering of PCI capabilities as defined by either AHCI or Intel ICH9
> >>> - Boot-time values of the PxTFD register, which should not have valid
> >>>   data until after a D2H FIS is received, but does in Qemu 2.1
> >>> - Boot-time values of the PxSIG register, which should have a specific
> >>>   placeholder signature until the first D2H FIS is received, but is
> >>>   currently blank.
> >>> - The "Descriptor Processed" interrupt is expected after the IDENTIFY
> >>>   command exhausts the given PRDT, but is not seen.
> >>
> >>I guess these are the assertion failures:
> >>ERROR:tests/ahci-test.c:777:ahci_test_pci_spec: assertion failed
> >>((data & 0xFF) == PCI_CAP_ID_MSI): (0x0012 == 0x0005)
> >>GTester: last random seed: R02Sd92815a5d013e8433808b903b2b13fb0
> >>**
> >>ERROR:tests/ahci-test.c:1165:ahci_test_port_spec: assertion failed
> >>((reg) & ((0x01)) == ((0x01))): (0x == 0x0001)
> >>GTester: last random seed: R02S4d6c05e864dc777e64141cdc6d2a18cf
> >>**
> >>ERROR:tests/ahci-test.c:1360:ahci_test_identify: assertion failed
> >>((reg) & ((0x20)) == ((0x20))): (0x == 0x0020)
> >>GTester: last random seed: R02S2b3b330b83a66badb24da80b48120b1d
> >>
> >>Why publish this patch series if the test fails?  We can't merge failing
> >>tests.
> >
> >Correct.
> >
> >What I do when I want to start some bug fixing work with tests is to
> >write the tests to expect the actual, incorrect behavior, with a
> >greppable comment documenting the correct behavior.  Then clean that up
> >as the bugs get fixed.
> >
> 
> I thought it was valid to submit a failing test if... well, the behavior was
> wrong. Stefan said no warnings, so I took that to mean "This should fail." I
> didn't think it was too strange to have a failing test for something that
> was not feature complete.
> 
> So, if it's not appropriate to have a failing test at any stage (Regressions
> only?) now's a good time to let me know how you would like me to accomplish
> no warnings but have the tests pass. In my V1 I did just print a "WARN"
> string which was reasonable greppable to find the failure cases.
> 
> My next guess at something workable would be to stick the assertions behind
> a bool that could be toggled on/off via a flag that could be toggled with
> --all or similar to hit the expected failure cases. No warnings inside of
> the test harness, no failures, and cases could be found by grepping the name
> of the boolean and/or some accompanying comment.

Note for the mailing list: John and I had an IRC chat where I mentioned
that the git history must always be bisectable, which is the fundamental
reason why failing tests cannot be merged.  My suggestion is to
post-pone tests that are not fixed by this patch series, and I like
Markus idea to assert the incorrect behavior (with a comment) in the
meantime, too.

Stefan


pgp1YxfsH2tWi.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH] test-coroutine: add baseline test that times the cost of function calls

[Stefan Hajnoczi]

On Wed, Aug 06, 2014 at 11:33:41AM +0200, Paolo Bonzini wrote:
> This can be used to compute the cost of coroutine operations.  In the
> end the cost of the function call is a few clock cycles, so it's pretty
> cheap for now, but it may become more relevant as the coroutine code
> is optimized.
> 
> For example, here are the results on my machine:
> 
>Function call 1 iterations: 0.173884 s
>Yield 1 iterations: 8.445064 s
>Lifecycle 100 iterations: 0.098445 s
>Nesting 1 iterations of 1000 depth each: 7.406431 s
> 
> One yield takes 83 nanoseconds, one enter takes 97 nanoseconds,
> one coroutine allocation takes (roughly, since some of the allocations
> in the nesting test do hit the pool) 739 nanoseconds:
> 
>(8.445064 - 0.173884) * 10^9 / 1 = 82.7
>(0.098445 * 100 - 0.173884) * 10^9 / 1 = 96.7
>(7.406431 * 10 - 0.173884) * 10^9 / 1 = 738.9
> 
> Signed-off-by: Paolo Bonzini 
> ---
>  tests/test-coroutine.c | 24 
>  1 files changed, 24 insertions(+)

Can't hurt to have this as a comparison.

Reviewed-by: Stefan Hajnoczi 


pgpIQSHib2psZ.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH 0/2] VHDX endian fixes, error reporting

[Stefan Hajnoczi]

On Wed, Aug 06, 2014 at 03:54:56PM -0400, Jeff Cody wrote:
> This series is mainly for some bug fixes related to VHDX endianness, stemming
> from code reviews done by Markus Armbruster and Paolo Bonzini.  Once I did 
> some
> testing on a big-endian machine, several more endian related errors were
> discovered, as well.  All endian related fixes are in patch 2.
> 
> Jeff Cody (2):
>   block: vhdx - add error check
>   block: VHDX endian fixes
> 
>  block/vhdx-endian.c | 11 +--
>  block/vhdx-log.c| 48 ++---
>  block/vhdx.c| 89 
> +++--
>  block/vhdx.h|  1 +
>  4 files changed, 93 insertions(+), 56 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpAnKaCH7U9Y.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH RESEND 1/2] rng-egd: Free old chr_name value before setting new one

[Paolo Bonzini]

Il 07/08/2014 04:24, Amos Kong ha scritto:
> Eduardo, a similar patch had been applied.
> 
> commit 5e490b6a504912225dff0e520e1c6af68295d238
> Author: Amos Kong 
> Date:   Thu Nov 21 16:42:50 2013 +0800
> 
> rng-egd: remove redundant free
> 
> We didn't set default chr_name, the free is redundant.
> 
> Signed-off-by: Amos Kong 
> Message-id: 1385023371-8198-2-git-send-email-ak...@redhat.com
> Signed-off-by: Anthony Liguori 
> 

What if you set chr_name twice?

Paolo

[Qemu-devel] [PATCH v2 1/2] QEMUSizedBuffer based QEMUFile

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

This is based on Stefan and Joel's patch that creates a QEMUFile that goes
to a memory buffer; from:

http://lists.gnu.org/archive/html/qemu-devel/2013-03/msg05036.html

Using the QEMUFile interface, this patch adds support functions for
operating on in-memory sized buffers that can be written to or read from.

Signed-off-by: Stefan Berger 
Signed-off-by: Joel Schopp 

For minor tweeks/rebase I've done to it:
Signed-off-by: Dr. David Alan Gilbert 
---
 include/migration/qemu-file.h |  28 +++
 include/qemu/typedefs.h   |   1 +
 qemu-file.c   | 410 ++
 3 files changed, 439 insertions(+)

diff --git a/include/migration/qemu-file.h b/include/migration/qemu-file.h
index c90f529..80af3ff 100644
--- a/include/migration/qemu-file.h
+++ b/include/migration/qemu-file.h
@@ -25,6 +25,8 @@
 #define QEMU_FILE_H 1
 #include "exec/cpu-common.h"
 
+#include 
+
 /* This function writes a chunk of data to a file at the given position.
  * The pos argument can be ignored if the file is only being used for
  * streaming.  The handler should try to write all of the data it can.
@@ -94,11 +96,21 @@ typedef struct QEMUFileOps {
 QEMURamSaveFunc *save_page;
 } QEMUFileOps;
 
+struct QEMUSizedBuffer {
+struct iovec *iov;
+size_t n_iov;
+size_t size; /* total allocated size in all iov's */
+size_t used; /* number of used bytes */
+};
+
+typedef struct QEMUSizedBuffer QEMUSizedBuffer;
+
 QEMUFile *qemu_fopen_ops(void *opaque, const QEMUFileOps *ops);
 QEMUFile *qemu_fopen(const char *filename, const char *mode);
 QEMUFile *qemu_fdopen(int fd, const char *mode);
 QEMUFile *qemu_fopen_socket(int fd, const char *mode);
 QEMUFile *qemu_popen_cmd(const char *command, const char *mode);
+QEMUFile *qemu_bufopen(const char *mode, QEMUSizedBuffer *input);
 int qemu_get_fd(QEMUFile *f);
 int qemu_fclose(QEMUFile *f);
 int64_t qemu_ftell(QEMUFile *f);
@@ -111,6 +123,22 @@ void qemu_put_byte(QEMUFile *f, int v);
 void qemu_put_buffer_async(QEMUFile *f, const uint8_t *buf, int size);
 bool qemu_file_mode_is_not_valid(const char *mode);
 
+QEMUSizedBuffer *qsb_create(const uint8_t *buffer, size_t len);
+QEMUSizedBuffer *qsb_clone(const QEMUSizedBuffer *);
+void qsb_free(QEMUSizedBuffer *);
+size_t qsb_set_length(QEMUSizedBuffer *qsb, size_t length);
+size_t qsb_get_length(const QEMUSizedBuffer *qsb);
+ssize_t qsb_get_buffer(const QEMUSizedBuffer *, off_t start, size_t count,
+   uint8_t **buf);
+ssize_t qsb_write_at(QEMUSizedBuffer *qsb, const uint8_t *buf,
+ off_t pos, size_t count);
+
+
+/*
+ * For use on files opened with qemu_bufopen
+ */
+const QEMUSizedBuffer *qemu_buf_get(QEMUFile *f);
+
 static inline void qemu_put_ubyte(QEMUFile *f, unsigned int v)
 {
 qemu_put_byte(f, (int)v);
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 5f20b0e..db1153a 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -60,6 +60,7 @@ typedef struct PCIEAERLog PCIEAERLog;
 typedef struct PCIEAERErr PCIEAERErr;
 typedef struct PCIEPort PCIEPort;
 typedef struct PCIESlot PCIESlot;
+typedef struct QEMUSizedBuffer QEMUSizedBuffer;
 typedef struct MSIMessage MSIMessage;
 typedef struct SerialState SerialState;
 typedef struct PCMCIACardState PCMCIACardState;
diff --git a/qemu-file.c b/qemu-file.c
index a8e3912..50845c9 100644
--- a/qemu-file.c
+++ b/qemu-file.c
@@ -878,3 +878,413 @@ uint64_t qemu_get_be64(QEMUFile *f)
 v |= qemu_get_be32(f);
 return v;
 }
+
+#define QSB_CHUNK_SIZE  (1 << 10)
+#define QSB_MAX_CHUNK_SIZE  (10 * QSB_CHUNK_SIZE)
+
+/**
+ * Create a QEMUSizedBuffer
+ * This type of buffer uses scatter-gather lists internally and
+ * can grow to any size. Any data array in the scatter-gather list
+ * can hold different amount of bytes.
+ *
+ * @buffer: Optional buffer to copy into the QSB
+ * @len: size of initial buffer; if @buffer is given, buffer must
+ *   hold at least len bytes
+ *
+ * Returns a pointer to a QEMUSizedBuffer
+ */
+QEMUSizedBuffer *qsb_create(const uint8_t *buffer, size_t len)
+{
+QEMUSizedBuffer *qsb;
+size_t alloc_len, num_chunks, i, to_copy;
+size_t chunk_size = (len > QSB_MAX_CHUNK_SIZE)
+? QSB_MAX_CHUNK_SIZE
+: QSB_CHUNK_SIZE;
+
+if (len == 0) {
+/* we want to allocate at least one chunk */
+len = QSB_CHUNK_SIZE;
+}
+
+num_chunks = DIV_ROUND_UP(len, chunk_size);
+alloc_len = num_chunks * chunk_size;
+
+qsb = g_new0(QEMUSizedBuffer, 1);
+qsb->iov = g_new0(struct iovec, num_chunks);
+qsb->n_iov = num_chunks;
+
+for (i = 0; i < num_chunks; i++) {
+qsb->iov[i].iov_base = g_malloc0(chunk_size);
+qsb->iov[i].iov_len = chunk_size;
+if (buffer) {
+to_copy = (len - qsb->used) > chunk_size
+  ? chunk_size : (len - qsb->used);
+memcpy(qsb->iov[i].iov_base, &buffer[

[Qemu-devel] [PATCH v2 0/2] In memory QEMUFile

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Hi,
  This patch-pair adds the QEMUSizedBuffer based in-memory QEMUFile
written by Stefan Berger and Joel Schopp.  I've made some minor
fixes (and typo cleanups) and modified the existing test-vmstate
to use it for some test cases.

  While there's nothing other than test cases using it yet, I think
it's worth going in by itself, since I'm using it in two separate
patchsets (postcopy and visitor/BER) and Sanidhya uses it in
the periodic vmstate test world.  In addition both microcheckpointing and
COLO have similar but independent implementations (although they both
have some extra-gotcha's so it might not be possible to reuse it), and
there was another implementation of the same thing in the Yabusame Postcopy
world.  Thus it seems best to put in, if only to stop people writing yet
another implementation.


Dr. David Alan Gilbert (2):
  QEMUSizedBuffer based QEMUFile
  Tests: QEMUSizedBuffer/QEMUBuffer

 include/migration/qemu-file.h |  28 +++
 include/qemu/typedefs.h   |   1 +
 qemu-file.c   | 410 ++
 tests/Makefile|   2 +-
 tests/test-vmstate.c  |  73 
 5 files changed, 477 insertions(+), 37 deletions(-)

-- 
v2 Comment space fixes
1.9.3

[Qemu-devel] [PATCH v2 2/2] Tests: QEMUSizedBuffer/QEMUBuffer

[Dr. David Alan Gilbert (git)]

From: "Dr. David Alan Gilbert" 

Modify some of tests/test-vmstate.c to use the in memory file based
on QEMUSizedBuffer to provide basic testing of QEMUSizedBuffer and
the associated memory backed QEMUFile type.

Only some of the tests are changed so that the fd backed QEMUFile is
still tested.

Signed-off-by: Dr. David Alan Gilbert 
---
 tests/Makefile   |  2 +-
 tests/test-vmstate.c | 73 ++--
 2 files changed, 38 insertions(+), 37 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index 4b2e1bb..f3d32ba 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -253,7 +253,7 @@ tests/test-qdev-global-props$(EXESUF): 
tests/test-qdev-global-props.o \
libqemuutil.a libqemustub.a
 tests/test-vmstate$(EXESUF): tests/test-vmstate.o \
vmstate.o qemu-file.o \
-   libqemuutil.a
+   libqemuutil.a libqemustub.a
 
 tests/test-qapi-types.c tests/test-qapi-types.h :\
 $(SRC_PATH)/tests/qapi-schema/qapi-schema-test.json 
$(SRC_PATH)/scripts/qapi-types.py
diff --git a/tests/test-vmstate.c b/tests/test-vmstate.c
index d72c64c..716d034 100644
--- a/tests/test-vmstate.c
+++ b/tests/test-vmstate.c
@@ -43,6 +43,12 @@ void yield_until_fd_readable(int fd)
 select(fd + 1, &fds, NULL, NULL, NULL);
 }
 
+/*
+ * Some tests use 'open_test_file' to work on a real fd, some use
+ * an in memory file (QEMUSizedBuffer+qemu_bufopen); we could pick one
+ * but this way we test both.
+ */
+
 /* Duplicate temp_fd and seek to the beginning of the file */
 static QEMUFile *open_test_file(bool write)
 {
@@ -54,6 +60,29 @@ static QEMUFile *open_test_file(bool write)
 return qemu_fdopen(fd, write ? "wb" : "rb");
 }
 
+/* Open a read-only qemu-file from an existing memory block */
+static QEMUFile *open_mem_file_read(const void *data, size_t len)
+{
+/* The qsb gets freed by qemu_fclose */
+QEMUSizedBuffer *qsb = qsb_create(data, len);
+
+return qemu_bufopen("r", qsb);
+}
+
+/*
+ * Check that the contents of the memory-buffered file f match
+ * the given size/data.
+ */
+static void check_mem_file(QEMUFile *f, void *data, size_t size)
+{
+uint8_t *result = NULL; /* qsb_get_buffer allocs a buffer */
+const QEMUSizedBuffer *qsb = qemu_buf_get(f);
+g_assert_cmpint(qsb_get_length(qsb), ==, size);
+g_assert_cmpint(qsb_get_buffer(qsb, 0, size, &result), ==, size);
+g_assert_cmpint(memcmp(result, data, size), ==, 0);
+g_free(result);
+}
+
 #define SUCCESS(val) \
 g_assert_cmpint((val), ==, 0)
 
@@ -371,14 +400,12 @@ static const VMStateDescription vmstate_skipping = {
 
 static void test_save_noskip(void)
 {
-QEMUFile *fsave = open_test_file(true);
+QEMUFile *fsave = qemu_bufopen("w", NULL);
 TestStruct obj = { .a = 1, .b = 2, .c = 3, .d = 4, .e = 5, .f = 6,
.skip_c_e = false };
 vmstate_save_state(fsave, &vmstate_skipping, &obj);
 g_assert(!qemu_file_get_error(fsave));
-qemu_fclose(fsave);
 
-QEMUFile *loading = open_test_file(false);
 uint8_t expected[] = {
 0, 0, 0, 1, /* a */
 0, 0, 0, 2, /* b */
@@ -387,52 +414,31 @@ static void test_save_noskip(void)
 0, 0, 0, 5, /* e */
 0, 0, 0, 0, 0, 0, 0, 6, /* f */
 };
-uint8_t result[sizeof(expected)];
-g_assert_cmpint(qemu_get_buffer(loading, result, sizeof(result)), ==,
-sizeof(result));
-g_assert(!qemu_file_get_error(loading));
-g_assert_cmpint(memcmp(result, expected, sizeof(result)), ==, 0);
-
-/* Must reach EOF */
-qemu_get_byte(loading);
-g_assert_cmpint(qemu_file_get_error(loading), ==, -EIO);
-
-qemu_fclose(loading);
+check_mem_file(fsave, expected, sizeof(expected));
+qemu_fclose(fsave);
 }
 
 static void test_save_skip(void)
 {
-QEMUFile *fsave = open_test_file(true);
+QEMUFile *fsave = qemu_bufopen("w", NULL);
 TestStruct obj = { .a = 1, .b = 2, .c = 3, .d = 4, .e = 5, .f = 6,
.skip_c_e = true };
 vmstate_save_state(fsave, &vmstate_skipping, &obj);
 g_assert(!qemu_file_get_error(fsave));
-qemu_fclose(fsave);
 
-QEMUFile *loading = open_test_file(false);
 uint8_t expected[] = {
 0, 0, 0, 1, /* a */
 0, 0, 0, 2, /* b */
 0, 0, 0, 0, 0, 0, 0, 4, /* d */
 0, 0, 0, 0, 0, 0, 0, 6, /* f */
 };
-uint8_t result[sizeof(expected)];
-g_assert_cmpint(qemu_get_buffer(loading, result, sizeof(result)), ==,
-sizeof(result));
-g_assert(!qemu_file_get_error(loading));
-g_assert_cmpint(memcmp(result, expected, sizeof(result)), ==, 0);
-
-
-/* Must reach EOF */
-qemu_get_byte(loading);
-g_assert_cmpint(qemu_file_get_error(loading), ==, -EIO);
+check_mem_file(fsave, expected, sizeof(expected));
 
-qemu_fclose(loading);
+qemu_fclose(fsave);
 }
 
 static void test_load_noskip(void)
 {
-QEMUFile *fsave = open_test_file(true);
 uint8

Re: [Qemu-devel] [PATCH 1/2] QEMUSizedBuffer based QEMUFile

[Dr. David Alan Gilbert]

* Eric Blake (ebl...@redhat.com) wrote:
> On 08/06/2014 11:30 AM, Dr. David Alan Gilbert (git) wrote:
> > From: "Dr. David Alan Gilbert" 
> > 
> > This is based on Stefan and Joel's patch that creates a QEMUFile that goes
> > to a memory buffer; from:
> > 
> > http://lists.gnu.org/archive/html/qemu-devel/2013-03/msg05036.html
> > 
> > Using the QEMUFile interface, this patch adds support functions for
> > operating on in-memory sized buffers that can be written to or read from.
> > 
> > Signed-off-by: Stefan Berger 
> > Signed-off-by: Joel Schopp 
> > 
> > For minor tweeks/rebase I've done to it:
> > Signed-off-by: Dr. David Alan Gilbert 
> > ---
> >  include/migration/qemu-file.h |  28 +++
> >  include/qemu/typedefs.h   |   1 +
> >  qemu-file.c   | 410 
> > ++
> >  3 files changed, 439 insertions(+)

Spaces fixed in v2.

Dave

> 
> > +/**
> > + * Set the length of the buffer; the primary usage of this
> > + * function is to truncate the number of used bytes in the buffer.
> > + * The size will not be extended beyond the current number of
> > + * allocated bytes in the QEMUSizedBuffer.
> > + *
> > + * @qsb: A QEMUSizedBuffer
> > + * @new_len : The new length of bytes in the buffer
> 
> No space before :
> 
> 
> > +/*
> > + * Convert the QEMUSizedBuffer into a flat buffer.
> > + *
> > + * Note: If at all possible, try to avoid this function since it
> > + *   may unnecessarily copy memory around.
> > + *
> > + * @qsb: pointer to QEMUSizedBuffer
> > + * @start : offset to start at
> 
> and again
> 
> > + * @count: number of bytes to copy
> > + * @buf: a pointer to an optional buffer to write into; the pointer may
> > + *   point to NULL in which case the buffer will be allocated;
> > + *   if buffer is provided, it must be large enough to hold @count 
> > bytes
> > + *
> > + * Returns the number of bytes  copied into the output buffer
> 
> spurious double space
> 
> 
> -- 
> Eric Blake   eblake redhat com+1-919-301-3266
> Libvirt virtualization library http://libvirt.org
> 


--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v1 00/17] dataplane: optimization and multi virtqueue support

[Ming Lei]

On Wed, Aug 6, 2014 at 11:40 PM, Kevin Wolf  wrote:
> Am 06.08.2014 um 13:28 hat Ming Lei geschrieben:
>> On Wed, Aug 6, 2014 at 6:09 PM, Kevin Wolf  wrote:
>> > Am 06.08.2014 um 11:37 hat Ming Lei geschrieben:
>> >> On Wed, Aug 6, 2014 at 4:48 PM, Kevin Wolf  wrote:
>> >> > Am 06.08.2014 um 07:33 hat Ming Lei geschrieben:
>> >> >> Hi Kevin,
>> >> >>
>> >> >> On Tue, Aug 5, 2014 at 10:47 PM, Kevin Wolf  wrote:
>> >> >> > Am 05.08.2014 um 15:48 hat Stefan Hajnoczi geschrieben:
>> >> >> >> I have been wondering how to prove that the root cause is the 
>> >> >> >> ucontext
>> >> >> >> coroutine mechanism (stack switching).  Here is an idea:
>> >> >> >>
>> >> >> >> Hack your "bypass" code path to run the request inside a coroutine.
>> >> >> >> That way you can compare "bypass without coroutine" against "bypass 
>> >> >> >> with
>> >> >> >> coroutine".
>> >> >> >>
>> >> >> >> Right now I think there are doubts because the bypass code path is
>> >> >> >> indeed a different (and not 100% correct) code path.  So this 
>> >> >> >> approach
>> >> >> >> might prove that the coroutines are adding the overhead and not
>> >> >> >> something that you bypassed.
>> >> >> >
>> >> >> > My doubts aren't only that the overhead might not come from the
>> >> >> > coroutines, but also whether any coroutine-related overhead is really
>> >> >> > unavoidable. If we can optimise coroutines, I'd strongly prefer to do
>> >> >> > just that instead of introducing additional code paths.
>> >> >>
>> >> >> OK, thank you for taking look at the problem, and hope we can
>> >> >> figure out the root cause, :-)
>> >> >>
>> >> >> >
>> >> >> > Another thought I had was this: If the performance difference is 
>> >> >> > indeed
>> >> >> > only coroutines, then that is completely inside the block layer and 
>> >> >> > we
>> >> >> > don't actually need a VM to test it. We could instead have something
>> >> >> > like a simple qemu-img based benchmark and should be observing the 
>> >> >> > same.
>> >> >>
>> >> >> Even it is simpler to run a coroutine-only benchmark, and I just
>> >> >> wrote a raw one, and looks coroutine does decrease performance
>> >> >> a lot, please see the attachment patch, and thanks for your template
>> >> >> to help me add the 'co_bench' command in qemu-img.
>> >> >
>> >> > Yes, we can look at coroutines microbenchmarks in isolation. I actually
>> >> > did do that yesterday with the yield test from tests/test-coroutine.c.
>> >> > And in fact profiling immediately showed something to optimise:
>> >> > pthread_getspecific() was quite high, replacing it by __thread on
>> >> > systems where it works is more efficient and helped the numbers a bit.
>> >> > Also, a lot of time seems to be spent in pthread_mutex_lock/unlock (even
>> >> > in qemu-img bench), maybe there's even something that can be done here.
>> >>
>> >> The lock/unlock in dataplane is often from memory_region_find(), and Paolo
>> >> should have done lots of work on that.
>
> qemu-img bench doesn't run that code. We have a few more locks that are
> taken, and one of them (the coroutine pool lock) is avoided by your
> bypass patches.
>
>> >> >
>> >> > However, I just wasn't sure whether a change on this level would be
>> >> > relevant in a realistic environment. This is the reason why I wanted to
>> >> > get a benchmark involving the block layer and some I/O.
>> >> >
>> >> >> From the profiling data in below link:
>> >> >>
>> >> >> http://pastebin.com/YwH2uwbq
>> >> >>
>> >> >> With coroutine, the running time for same loading is increased
>> >> >> ~50%(1.325s vs. 0.903s), and dcache load events is increased
>> >> >> ~35%(693M vs. 512M), insns per cycle is decreased by ~50%(
>> >> >> 1.35 vs. 1.63), compared with bypassing coroutine(-b parameter).
>> >> >>
>> >> >> The bypass code in the benchmark is very similar with the approach
>> >> >> used in the bypass patch, since linux-aio with O_DIRECT seldom
>> >> >> blocks in the the kernel I/O path.
>> >> >>
>> >> >> Maybe the benchmark is a bit extremely, but given modern storage
>> >> >> device may reach millions of IOPS, and it is very easy to slow down
>> >> >> the I/O by coroutine.
>> >> >
>> >> > I think in order to optimise coroutines, such benchmarks are fair game.
>> >> > It's just not guaranteed that the effects are exactly the same on real
>> >> > workloads, so we should take the results with a grain of salt.
>> >> >
>> >> > Anyhow, the coroutine version of your benchmark is buggy, it leaks all
>> >> > coroutines instead of exiting them, so it can't make any use of the
>> >> > coroutine pool. On my laptop, I get this (where fixed coroutine is a
>> >> > version that simply removes the yield at the end):
>> >> >
>> >> > | bypass| fixed coro| buggy coro
>> >> > +---+---+--
>> >> > time| 1.09s | 1.10s | 1.62s
>> >> > L1-dcache-loads | 921,836,360   | 932,781,747   | 1,298,067,438
>> >> > insns per cycle | 2.3

[Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Richard W.M. Jones]

(gdb) set architecture aarch64
The target architecture is assumed to be aarch64
(gdb) target remote tcp::1234
Remote debugging using tcp::1234
warning: while parsing target description (at line 1): Could not load XML 
document "arm-core.xml"
warning: Could not load XML target description; ignoring

Note that I've set the architecture to `aarch64', so it looks as if
gdb is requesting and/or qemu is sending the wrong name of the XML
file.

Also `info registers' is broken, but that's probably just a
consequence of the warnings.

(gdb) info registers 
x0 0x0   0
x1 0x0   0
x2 0x0   0
x3 0x0   0
x4 0x0   0
x5 0x0   0
x6 0x0   0
x7 0x4000   4611686018427387904
x8 0x7f41d3 54653453
x9 0x0  0
x100x0  0
x110x0  0
x120x0  0
x130x0  0
x140x0  0
x150x4000   1073741824
Could not fetch register "x16"; remote failure reply 'E14'

Versions:

qemu from git today
GNU gdb (GDB) Fedora 7.8-15.fc22
kernel 3.16.0

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top

Re: [Qemu-devel] [PATCH v1 00/17] dataplane: optimization and multi virtqueue support

[Ming Lei]

On Thu, Aug 7, 2014 at 6:27 PM, Ming Lei  wrote:
> On Wed, Aug 6, 2014 at 11:40 PM, Kevin Wolf  wrote:

> Also there are some problems with your patches which can't boot a
> VM in my environment:
>
> - __thread patch: looks there is no '__thread' used, and the patch
> basically makes bypass not workable.
>
> - bdrv_co_writev callback isn't set for raw-posix, looks my rootfs need to
> write during booting
>
> - another problem, I am investigating: laio isn't accessable
> in qemu_laio_process_completion() sometimes

This one should be caused by accessing 'laiocb' after cb().

Thanks,

[Qemu-devel] Printf message in QEMU source code

[Amit Tomer]

I wanted to provide some printf statement in QEMU source code in order to
debug some issue but not sure where do I see these printf statements?

I have looked into following post but it is without any answers

Debugging Qemu Source Code and not Kernel Source Code


I am launching QEMU in terminal where I have it's output, not OSs.
How Do I see printf logs while launching QEMU in headless environment?

Thanks,
Amit

[Qemu-devel] Printf message in QEMU source code

[Amit Tomer]

I wanted to provide some printf statement in QEMU source code in order to
debug some issue but not sure where do I see these printf statements?

I have looked into following post but it is without any answers

Debugging Qemu Source Code and not Kernel Source Code


I am launching QEMU in terminal where I have it's output, not OSs.
How Do I see printf logs while launching QEMU in headless environment?

Thanks,
Amit

Re: [Qemu-devel] [PATCH v3 02/10] monitor: fix access freed memory

[Gonglei (Arei)]

> Subject: [Qemu-devel] [PATCH v3 02/10] monitor: fix access freed memory
> 
> The function monitor_fdset_dup_fd_find_remove() references member of
> 'mon_fdset'
> which may be freed in function monitor_fdset_cleanup()
> 
> Signed-off-by: zhanghailiang 
> ---

Reviewed-by: Gonglei 

Best regards,
-Gonglei

Re: [Qemu-devel] [PATCH v3 05/10] util/path: check return value of malloc()

[Gonglei (Arei)]

> Subject: [Qemu-devel] [PATCH v3 05/10] util/path: check return value of 
> malloc()
> 
> Signed-off-by: zhanghailiang 
> ---

Reviewed-by: Gonglei 

Best regards,
-Gonglei

>  util/path.c | 9 ++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/util/path.c b/util/path.c
> index 5c59d9f..df1653f 100644
> --- a/util/path.c
> +++ b/util/path.c
> @@ -46,9 +46,12 @@ static struct pathelem *new_entry(const char *root,
>const char *name)
>  {
>  struct pathelem *new = malloc(sizeof(*new));
> -new->name = strdup(name);
> -new->pathname = g_strdup_printf("%s/%s", root, name);
> -new->num_entries = 0;
> +
> +if (new) {
> +new->name = strdup(name);
> +new->pathname = g_strdup_printf("%s/%s", root, name);
> +new->num_entries = 0;
> +}
>  return new;
>  }
> 
> --
> 1.7.12.4
> 
> 

Re: [Qemu-devel] [PATCH v1 00/17] dataplane: optimization and multi virtqueue support

[Kevin Wolf]

Am 07.08.2014 um 12:52 hat Ming Lei geschrieben:
> On Thu, Aug 7, 2014 at 6:27 PM, Ming Lei  wrote:
> > On Wed, Aug 6, 2014 at 11:40 PM, Kevin Wolf  wrote:
> 
> > Also there are some problems with your patches which can't boot a
> > VM in my environment:
> >
> > - __thread patch: looks there is no '__thread' used, and the patch
> > basically makes bypass not workable.
> >
> > - bdrv_co_writev callback isn't set for raw-posix, looks my rootfs need to
> > write during booting
> >
> > - another problem, I am investigating: laio isn't accessable
> > in qemu_laio_process_completion() sometimes
> 
> This one should be caused by accessing 'laiocb' after cb().

I stumbled across the same problems this morning when I tried to
actually run VMs with it instead of just qemu-img bench. They should all
be fixed in my git repo now. (Haven't figured out yet why __thread
doesn't work, so I have reverted that part, probably at the cost of some
performance.)

Kevin

Re: [Qemu-devel] [PATCH v3 06/10] slirp: check return value of malloc()

[Gonglei (Arei)]

> Subject: [Qemu-devel] [PATCH v3 06/10] slirp: check return value of malloc()
> 
> Signed-off-by: zhanghailiang 
> ---
>  slirp/misc.c | 8 ++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/slirp/misc.c b/slirp/misc.c
> index b8eb74c..0109c9f 100644
> --- a/slirp/misc.c
> +++ b/slirp/misc.c
> @@ -55,6 +55,9 @@ int add_exec(struct ex_list **ex_ptr, int do_pty, char
> *exec,
> 
>   tmp_ptr = *ex_ptr;
>   *ex_ptr = (struct ex_list *)malloc(sizeof(struct ex_list));
> +if (!ex_ptr) {
> +return -1;
> +}

Not (!ex_ptr) but (*ex_ptr == NULL). 

BTW, you'd better add more information when malloc memory filed.

Best regards,
-Gonglei

>   (*ex_ptr)->ex_fport = port;
>   (*ex_ptr)->ex_addr = addr;
>   (*ex_ptr)->ex_pty = do_pty;
> @@ -236,8 +239,9 @@ strdup(str)
>   char *bptr;
> 
>   bptr = (char *)malloc(strlen(str)+1);
> - strcpy(bptr, str);
> -
> +if (bptr) {
> +strcpy(bptr, str);
> +}
>   return bptr;
>  }
>  #endif
> --
> 1.7.12.4
> 
> 

Re: [Qemu-devel] [PATCH v6 0/7] memory API improvements and bug fixes for memory backends

[Peter Crosthwaite]

On Thu, Aug 7, 2014 at 7:10 PM, Hu Tao  wrote:
> This series includes two parts:
>
>   1. part 1 includes patches 1-4, which improves error handling of
>  memory_region_init_ram, memory_region_init_ram_ptr and
>  memory_region_init_rom_device
>
>   2. part 2 includes patches 5-7, each fixes a bug of memory backend.
>
> changes to v5:
>
>   - split patch 6 in v5 into 2
>   - use local_err instead of errp
>   - typo fixes
>

A bit of a nit, but when respinning, please keep the changelogs from
previous spins. E.g. you should keep the "changes to v4" as you
documented in the last cover.

Aids reviewing when reviewers come to a series late or when a reviewer
skips a spin etc,

It's not an inhibiting issue on this spin, just for future reference.

Regards,
Peter

> Hu Tao (7):
>   exec: add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr
>   memory: add parameter errp to memory_region_init_ram
>   memory: add parameter errp to memory_region_init_ram_ptr
>   memory: add parameter errp to memory_region_init_rom_device
>   hostmem-ram: don't exit qemu if size of memory-backend-ram is way too
> big
>   exec: report error when memory < hpagesize
>   exec: add parameter errp to gethugepagesize
>
>  backends/hostmem-ram.c   |  2 +-
>  exec.c   | 60 
> ++--
>  hw/alpha/typhoon.c   |  3 +-
>  hw/arm/armv7m.c  |  7 ++--
>  hw/arm/cubieboard.c  |  2 +-
>  hw/arm/digic_boards.c|  2 +-
>  hw/arm/exynos4210.c  |  9 ++---
>  hw/arm/highbank.c|  5 +--
>  hw/arm/integratorcp.c|  5 +--
>  hw/arm/kzm.c |  4 +--
>  hw/arm/mainstone.c   |  3 +-
>  hw/arm/musicpal.c|  6 ++--
>  hw/arm/omap1.c   |  6 ++--
>  hw/arm/omap2.c   |  6 ++--
>  hw/arm/omap_sx1.c|  6 ++--
>  hw/arm/palm.c|  3 +-
>  hw/arm/pxa2xx.c  | 11 +++---
>  hw/arm/realview.c|  9 +++--
>  hw/arm/spitz.c   |  2 +-
>  hw/arm/strongarm.c   |  3 +-
>  hw/arm/tosa.c|  2 +-
>  hw/arm/versatilepb.c |  3 +-
>  hw/arm/vexpress.c| 15 +---
>  hw/arm/virt.c|  3 +-
>  hw/arm/xilinx_zynq.c |  6 ++--
>  hw/block/onenand.c   |  2 +-
>  hw/block/pflash_cfi01.c  |  2 +-
>  hw/block/pflash_cfi02.c  |  2 +-
>  hw/core/loader.c |  2 +-
>  hw/cris/axis_dev88.c |  6 ++--
>  hw/display/cg3.c |  6 ++--
>  hw/display/g364fb.c  |  2 +-
>  hw/display/qxl.c |  6 ++--
>  hw/display/sm501.c   |  2 +-
>  hw/display/tc6393xb.c|  3 +-
>  hw/display/tcx.c |  5 +--
>  hw/display/vga.c |  3 +-
>  hw/display/vmware_vga.c  |  3 +-
>  hw/i386/kvm/pci-assign.c |  6 ++--
>  hw/i386/pc.c |  3 +-
>  hw/i386/pc_sysfw.c   |  5 +--
>  hw/input/milkymist-softusb.c |  4 +--
>  hw/lm32/lm32_boards.c|  6 ++--
>  hw/lm32/milkymist.c  |  3 +-
>  hw/m68k/an5206.c |  4 +--
>  hw/m68k/dummy_m68k.c |  2 +-
>  hw/m68k/mcf5208.c|  4 +--
>  hw/microblaze/petalogix_ml605_mmu.c  |  5 +--
>  hw/microblaze/petalogix_s3adsp1800_mmu.c |  6 ++--
>  hw/mips/mips_fulong2e.c  |  5 +--
>  hw/mips/mips_jazz.c  |  8 +++--
>  hw/mips/mips_malta.c |  6 ++--
>  hw/mips/mips_mipssim.c   |  6 ++--
>  hw/mips/mips_r4k.c   |  5 +--
>  hw/misc/ivshmem.c|  5 +--
>  hw/misc/vfio.c   |  3 +-
>  hw/moxie/moxiesim.c  |  4 +--
>  hw/net/milkymist-minimac2.c  |  2 +-
>  hw/openrisc/openrisc_sim.c   |  2 +-
>  hw/pci-host/prep.c   |  3 +-
>  hw/pci/pci.c |  2 +-
>  hw/ppc/mac_newworld.c|  3 +-
>  hw/ppc/mac_oldworld.c|  3 +-
>  hw/ppc/ppc405_boards.c   |  8 +++--
>  hw/ppc/ppc405_uc.c   |  3 +-
>  hw/ppc/spapr.c   |  2 +-
>  hw/s390x/s390-virtio-ccw.c   |  2 +-
>  hw/s390x/s390-virtio.c   |  2 +-
>  hw/sh4/r2d.c |  2 +-
>  hw/sh4/shix.c|  8 +++--
>  hw/sparc/leon3.c 

Re: [Qemu-devel] [PATCH v3 08/10] qtest: check the value returned by fopen()

[Gonglei (Arei)]

> Subject: [Qemu-devel] [PATCH v3 08/10] qtest: check the value returned by
> fopen()
> 
> The function fopen() may fail, so check its return value.
> 
> Signed-off-by: zhanghailiang 
> Signed-off-by: Li Liu 
> ---
>  qtest.c  | 5 +
>  tests/bios-tables-test.c | 2 ++
>  2 files changed, 7 insertions(+)
> 
> diff --git a/qtest.c b/qtest.c
> index 04a6dc1..ae9b636 100644
> --- a/qtest.c
> +++ b/qtest.c
> @@ -536,6 +536,11 @@ void qtest_init(const char *qtest_chrdev, const char
> *qtest_log, Error **errp)
>  if (qtest_log) {
>  if (strcmp(qtest_log, "none") != 0) {
>  qtest_log_fp = fopen(qtest_log, "w+");
> +if (qtest_log_fp == NULL) {
> +error_setg(errp, "Failed to open log file for qtest: \"%s\"",
> +   qtest_log);
> +return;
> +}

Actually I don't think this check is necessary, because the qtest_log_fp will 
be checked
where it is used.

Best regards,
-Gonglei

>  }
>  } else {
>  qtest_log_fp = stderr;
> diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
> index 045eb27..6a357c0 100644
> --- a/tests/bios-tables-test.c
> +++ b/tests/bios-tables-test.c
> @@ -790,6 +790,8 @@ int main(int argc, char *argv[])
>  const char *arch = qtest_get_arch();
>  FILE *f = fopen(disk, "w");
>  int ret;
> +
> +g_assert(f != NULL);
>  fwrite(boot_sector, 1, sizeof boot_sector, f);
>  fclose(f);
> 
> --
> 1.7.12.4
> 
> 

Re: [Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Peter Maydell]

On 7 August 2014 11:42, Richard W.M. Jones  wrote:
> (gdb) set architecture aarch64
> The target architecture is assumed to be aarch64
> (gdb) target remote tcp::1234
> Remote debugging using tcp::1234
> warning: while parsing target description (at line 1): Could not load XML 
> document "arm-core.xml"
> warning: Could not load XML target description; ignoring
>
> Note that I've set the architecture to `aarch64', so it looks as if
> gdb is requesting and/or qemu is sending the wrong name of the XML
> file.

Works for me:

e104462:trusty:linux-clean$ gdb-multiarch
GNU gdb (Ubuntu 7.7-0ubuntu3.1) 7.7
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word".
(gdb) set arch aarch64
The target architecture is assumed to be aarch64
(gdb) target remote :1234
Remote debugging using :1234
0x4000 in ?? ()
(gdb)

We only send arm-core.xml for 32 bit CPUs: are you sure
you didn't select a 32 bit CPU either explicitly or by default
on the QEMU command line? Note that '-machine type=virt'
defaults to a Cortex-A15 even in qemu-softmmu-aarch64
(this is unfortunate but fallout from the fact that we started
the virt model with the A15. Maybe we should make it not
have a default and require a CPU specification...)

thanks
-- PMM

Re: [Qemu-devel] [PULL 0/2] vfio updates

[Peter Maydell]

On 5 August 2014 20:44, Alex Williamson  wrote:
> The following changes since commit 69f87f713069f1f70f86cb65883f7d43e3aa21de:
>
>   Merge remote-tracking branch 
> 'remotes/pmaydell/tags/pull-target-arm-20140804' into staging (2014-08-04 
> 15:01:38 +0100)
>
> are available in the git repository at:
>
>
>   git://github.com/awilliam/qemu-vfio.git tags/vfio-pci-for-qemu-20140805.0
>
> for you to fetch changes up to 9b3af4c0e40f14b5173ad6e2d9fcc376207ec1dd:
>
>   vfio: Don't cache MSIMessage (2014-08-05 13:05:57 -0600)
>
> 
> VFIO patches: Fix MSI-X vector expansion, remove MSI/X message caching

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH v6 1/7] exec: add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr

[Peter Crosthwaite]

On Thu, Aug 7, 2014 at 7:10 PM, Hu Tao  wrote:
> Add parameter errp to qemu_ram_alloc and qemu_ram_alloc_from_ptr so that
> we can handle errors.
>
> Signed-off-by: Hu Tao 

Reviewed-by: Peter Crosthwaite 

Optional nit-picky suggestions below.

> ---
>  exec.c  | 36 +++-
>  include/exec/ram_addr.h |  4 ++--
>  memory.c|  6 +++---
>  3 files changed, 32 insertions(+), 14 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index 765bd94..accba00 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1224,7 +1224,7 @@ static int memory_try_enable_merging(void *addr, size_t 
> len)
>  return qemu_madvise(addr, len, QEMU_MADV_MERGEABLE);
>  }
>
> -static ram_addr_t ram_block_add(RAMBlock *new_block)
> +static ram_addr_t ram_block_add(RAMBlock *new_block, Error **errp)
>  {
>  RAMBlock *block;
>  ram_addr_t old_ram_size, new_ram_size;
> @@ -1241,9 +1241,11 @@ static ram_addr_t ram_block_add(RAMBlock *new_block)
>  } else {
>  new_block->host = phys_mem_alloc(new_block->length);
>  if (!new_block->host) {
> -fprintf(stderr, "Cannot set up guest memory '%s': %s\n",
> -new_block->mr->name, strerror(errno));
> -exit(1);
> +error_setg_errno(errp, errno,
> + "cannot set up guest memory '%s'",
> + new_block->mr->name);

Out of scope, but if you do need to respin you could change to
memory_region_name to avoid the direct struct access of private mr
fields.

> +qemu_mutex_unlock_ramlist();
> +return -1;
>  }
>  memory_try_enable_merging(new_block->host, new_block->length);
>  }
> @@ -1294,6 +1296,8 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, 
> MemoryRegion *mr,
>  Error **errp)
>  {
>  RAMBlock *new_block;
> +ram_addr_t addr;
> +Error *local_err = NULL;
>
>  if (xen_enabled()) {
>  error_setg(errp, "-mem-path not supported with Xen");
> @@ -1323,14 +1327,22 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, 
> MemoryRegion *mr,
>  return -1;
>  }
>
> -return ram_block_add(new_block);
> +addr = ram_block_add(new_block, &local_err);
> +if (local_err) {
> +g_free(new_block);
> +error_propagate(errp, local_err);

> +return -1;

This should be redundant I think. You are unnecessarily defining the
error return code in two places when you can just propagate the return
code from the botched ram_block_add().

> +}
> +return addr;
>  }
>  #endif
>
>  ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
> -   MemoryRegion *mr)
> +   MemoryRegion *mr, Error **errp)
>  {
>  RAMBlock *new_block;
> +ram_addr_t addr;
> +Error *local_err = NULL;
>
>  size = TARGET_PAGE_ALIGN(size);
>  new_block = g_malloc0(sizeof(*new_block));
> @@ -1341,12 +1353,18 @@ ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, 
> void *host,
>  if (host) {
>  new_block->flags |= RAM_PREALLOC;
>  }
> -return ram_block_add(new_block);
> +addr = ram_block_add(new_block, &local_err);
> +if (local_err) {
> +g_free(new_block);
> +error_propagate(errp, local_err);
> +return -1;

Ditto.

Regards,
Peter

> +}
> +return addr;
>  }
>
> -ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr)
> +ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp)
>  {
> -return qemu_ram_alloc_from_ptr(size, NULL, mr);
> +return qemu_ram_alloc_from_ptr(size, NULL, mr, errp);
>  }
>
>  void qemu_ram_free_from_ptr(ram_addr_t addr)
> diff --git a/include/exec/ram_addr.h b/include/exec/ram_addr.h
> index 6593be1..cf1d4c7 100644
> --- a/include/exec/ram_addr.h
> +++ b/include/exec/ram_addr.h
> @@ -26,8 +26,8 @@ ram_addr_t qemu_ram_alloc_from_file(ram_addr_t size, 
> MemoryRegion *mr,
>  bool share, const char *mem_path,
>  Error **errp);
>  ram_addr_t qemu_ram_alloc_from_ptr(ram_addr_t size, void *host,
> -   MemoryRegion *mr);
> -ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr);
> +   MemoryRegion *mr, Error **errp);
> +ram_addr_t qemu_ram_alloc(ram_addr_t size, MemoryRegion *mr, Error **errp);
>  int qemu_get_ram_fd(ram_addr_t addr);
>  void *qemu_get_ram_block_host_ptr(ram_addr_t addr);
>  void *qemu_get_ram_ptr(ram_addr_t addr);
> diff --git a/memory.c b/memory.c
> index 64d7176..59d9935 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -1169,7 +1169,7 @@ void memory_region_init_ram(MemoryRegion *mr,
>  mr->ram = true;
>  mr->terminates = true;
>  mr->destructor = memory_region_destructor_ram;
> -mr->ram_addr = qemu_ram_alloc(si

Re: [Qemu-devel] [PATCH v3 06/10] slirp: check return value of malloc()

[zhanghailiang]

On 2014/8/7 19:08, Gonglei (Arei) wrote:

Subject: [Qemu-devel] [PATCH v3 06/10] slirp: check return value of malloc()

Signed-off-by: zhanghailiang
---
  slirp/misc.c | 8 ++--
  1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/slirp/misc.c b/slirp/misc.c
index b8eb74c..0109c9f 100644
--- a/slirp/misc.c
+++ b/slirp/misc.c
@@ -55,6 +55,9 @@ int add_exec(struct ex_list **ex_ptr, int do_pty, char
*exec,

tmp_ptr = *ex_ptr;
*ex_ptr = (struct ex_list *)malloc(sizeof(struct ex_list));
+if (!ex_ptr) {
+return -1;
+}


Not (!ex_ptr) but (*ex_ptr == NULL).


Sorry, this is my mistake!


BTW, you'd better add more information when malloc memory filed.



Good idea, i will add it. Thanks!




(*ex_ptr)->ex_fport = port;
(*ex_ptr)->ex_addr = addr;
(*ex_ptr)->ex_pty = do_pty;
@@ -236,8 +239,9 @@ strdup(str)
char *bptr;

bptr = (char *)malloc(strlen(str)+1);
-   strcpy(bptr, str);
-
+if (bptr) {
+strcpy(bptr, str);
+}
return bptr;
  }
  #endif

Re: [Qemu-devel] [PULL 00/11] KVM, icount changes for 2014-08-06

[Peter Maydell]

On 6 August 2014 17:12, Paolo Bonzini  wrote:
> The following changes since commit 41a1a9c42c4e0fb5f1b94aa8b72e42f66ebde3d9:
>
>   po: Update German translation (2014-07-28 23:37:17 +0200)
>
> are available in the git repository at:
>
>   git://github.com/bonzini/qemu.git tags/for-upstream
>
> for you to fetch changes up to 92627748f7f7355bb2ea676a45791bd66b84aee0:
>
>   target-mips: Ignore unassigned accesses with KVM (2014-08-06 17:53:07 +0200)
>
> 
> KVM changes include a MIPS patch and the testdev backend used by the
> ARM kvm-unit-tests.  icount include the first part of reverse execution
> and Sebastian Tanase's patches to slow down -icount execution to the
> desired speed of the target.

Hi. I'm afraid this doesn't build on 32 bit:

/root/qemu/cpus.c: In function ‘dump_drift_info’:
/root/qemu/cpus.c:1561:17: error: format ‘%ld’ expects argument of
type ‘long int’, but argument 3 has type ‘int64_t’ [-Werror=format]
/root/qemu/cpus.c:1563:9: error: format ‘%ld’ expects argument of type
‘long int’, but argument 3 has type ‘int64_t’ [-Werror=format]
/root/qemu/cpus.c:1564:9: error: format ‘%ld’ expects argument of type
‘long int’, but argument 3 has type ‘int64_t’ [-Werror=format]
cc1: all warnings being treated as errors
make[1]: *** [cpus.o] Error 1

thanks
-- PMM

Re: [Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Richard W.M. Jones]

On Thu, Aug 07, 2014 at 12:18:49PM +0100, Peter Maydell wrote:
> you didn't select a 32 bit CPU either explicitly or by default
> on the QEMU command line? Note that '-machine type=virt'
> defaults to a Cortex-A15 even in qemu-softmmu-aarch64
> (this is unfortunate but fallout from the fact that we started
> the virt model with the A15. Maybe we should make it not
> have a default and require a CPU specification...)

Yes, this is indeed the case.  It also explains why I could get TCG
working at all until I added -cpu cortex-a57.  Now it is working.

I really think this choice of cpu_model = "cortex-a15" for -M virt is
a poor one.  It should always default to something working.

Currently libguestfs has to pass -cpu host when KVM is detected, and
-cpu cortex-a57 otherwise.  However we cannot be sure that KVM is 100%
working and that we won't fall back to TCG, which means the -cpu
parameter could be wrong and we would fail to launch the appliance.
Having the correct defaults would prevent this unnecessary failure.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

Re: [Qemu-devel] [PATCH v3 08/10] qtest: check the value returned by fopen()

[zhanghailiang]

On 2014/8/7 19:14, Gonglei (Arei) wrote:

Subject: [Qemu-devel] [PATCH v3 08/10] qtest: check the value returned by
fopen()

The function fopen() may fail, so check its return value.

Signed-off-by: zhanghailiang
Signed-off-by: Li Liu
---
  qtest.c  | 5 +
  tests/bios-tables-test.c | 2 ++
  2 files changed, 7 insertions(+)

diff --git a/qtest.c b/qtest.c
index 04a6dc1..ae9b636 100644
--- a/qtest.c
+++ b/qtest.c
@@ -536,6 +536,11 @@ void qtest_init(const char *qtest_chrdev, const char
*qtest_log, Error **errp)
  if (qtest_log) {
  if (strcmp(qtest_log, "none") != 0) {
  qtest_log_fp = fopen(qtest_log, "w+");
+if (qtest_log_fp == NULL) {
+error_setg(errp, "Failed to open log file for qtest: \"%s\"",
+   qtest_log);
+return;
+}


Actually I don't think this check is necessary, because the qtest_log_fp will 
be checked
where it is used.



Hmm, you are right! I will remove the changes!

Thanks,
zhanghailiang


  }
  } else {
  qtest_log_fp = stderr;
diff --git a/tests/bios-tables-test.c b/tests/bios-tables-test.c
index 045eb27..6a357c0 100644
--- a/tests/bios-tables-test.c
+++ b/tests/bios-tables-test.c
@@ -790,6 +790,8 @@ int main(int argc, char *argv[])
  const char *arch = qtest_get_arch();
  FILE *f = fopen(disk, "w");
  int ret;
+
+g_assert(f != NULL);
  fwrite(boot_sector, 1, sizeof boot_sector, f);
  fclose(f);

--
1.7.12.4

Re: [Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Peter Maydell]

On 7 August 2014 12:29, Richard W.M. Jones  wrote:
> On Thu, Aug 07, 2014 at 12:18:49PM +0100, Peter Maydell wrote:
>> you didn't select a 32 bit CPU either explicitly or by default
>> on the QEMU command line? Note that '-machine type=virt'
>> defaults to a Cortex-A15 even in qemu-softmmu-aarch64
>> (this is unfortunate but fallout from the fact that we started
>> the virt model with the A15. Maybe we should make it not
>> have a default and require a CPU specification...)
>
> Yes, this is indeed the case.  It also explains why I could get TCG
> working at all until I added -cpu cortex-a57.  Now it is working.
>
> I really think this choice of cpu_model = "cortex-a15" for -M virt is
> a poor one.  It should always default to something working.

cortex-a15 *does* work, it's just a 32 bit CPU. It will function
exactly the same as if you asked for an A15 in qemu-system-arm.
Obviously if you try to feed it an AArch64 kernel it will behave
the same way as if you'd tried to boot an AArch64 kernel on
A15 hardware, so don't do that.

> Currently libguestfs has to pass -cpu host when KVM is detected, and
> -cpu cortex-a57 otherwise.  However we cannot be sure that KVM is 100%
> working and that we won't fall back to TCG, which means the -cpu
> parameter could be wrong and we would fail to launch the appliance.
> Having the correct defaults would prevent this unnecessary failure.

This isn't possible, I'm afraid. TCG will never support "-cpu host",
and whether any particular specific CPU type is supported by
the kernel for KVM depends on the host hardware. (We don't
want to default to "-cpu host if KVM" because it means defaulting
to "migration won't work".)

thanks
-- PMM

Re: [Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Richard W.M. Jones]

On Thu, Aug 07, 2014 at 12:35:27PM +0100, Peter Maydell wrote:
> On 7 August 2014 12:29, Richard W.M. Jones  wrote:
> > On Thu, Aug 07, 2014 at 12:18:49PM +0100, Peter Maydell wrote:
> >> you didn't select a 32 bit CPU either explicitly or by default
> >> on the QEMU command line? Note that '-machine type=virt'
> >> defaults to a Cortex-A15 even in qemu-softmmu-aarch64
> >> (this is unfortunate but fallout from the fact that we started
> >> the virt model with the A15. Maybe we should make it not
> >> have a default and require a CPU specification...)
> >
> > Yes, this is indeed the case.  It also explains why I could get TCG
> > working at all until I added -cpu cortex-a57.  Now it is working.
> >
> > I really think this choice of cpu_model = "cortex-a15" for -M virt is
> > a poor one.  It should always default to something working.
> 
> cortex-a15 *does* work, it's just a 32 bit CPU. It will function
> exactly the same as if you asked for an A15 in qemu-system-arm.
> Obviously if you try to feed it an AArch64 kernel it will behave
> the same way as if you'd tried to boot an AArch64 kernel on
> A15 hardware, so don't do that.

Can't a 32 bit kernel run on -cpu cortex-a5x?  (I've not tried.)

> > Currently libguestfs has to pass -cpu host when KVM is detected, and
> > -cpu cortex-a57 otherwise.  However we cannot be sure that KVM is 100%
> > working and that we won't fall back to TCG, which means the -cpu
> > parameter could be wrong and we would fail to launch the appliance.
> > Having the correct defaults would prevent this unnecessary failure.
> 
> This isn't possible, I'm afraid. TCG will never support "-cpu host",
> and whether any particular specific CPU type is supported by
> the kernel for KVM depends on the host hardware. (We don't
> want to default to "-cpu host if KVM" because it means defaulting
> to "migration won't work".)

We use -cpu host on KVM in order to avoid parsing /proc/cpuinfo to
find the right CPU model and flags.  Parsing /proc/cpuinfo is a
minefield because it differs on every architecture, and even within
architectures.

Note libguestfs doesn't care about migration at all.  We do care that
we can reliably run our appliance.

What we really want is -cpu best-possible-and-don't-fail.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org

Re: [Qemu-devel] [PATCH v6 6/7] exec: report error when memory < hpagesize

[Peter Crosthwaite]

On Thu, Aug 7, 2014 at 7:10 PM, Hu Tao  wrote:
> Report error when memory < hpagesize in file_ram_alloc() so callers can

"an error"

> handle the error.
>
> This patch fix a problem that if user adds a memory-backend-file object

Long sentence. I would drop the "This patch fixes a problem that"

> using object_add command, specifying a size that is less than huge page
> size, qemu will core dump with message:
>
>   Bad ram offset f000
>   Aborted (core dumped)
>

Then say here "This patch fixes the problem."

> with this patch, qemu reports error message like:
>
>   qemu-system-x86_64: -object 
> memory-backend-file,mem-path=/hugepages,id=mem-file0,size=1M: memory
>   size 0x10 must be equal to or larger than huge page size 0x20
>
> Signed-off-by: Hu Tao 
> ---
>  exec.c | 13 -
>  1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index accba00..50cd510 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -1024,9 +1024,9 @@ static void *file_ram_alloc(RAMBlock *block,
>  char *filename;
>  char *sanitized_name;
>  char *c;
> -void *area;
> +void *area = NULL;
>  int fd;
> -unsigned long hpagesize;
> +uint64_t hpagesize;
>
>  hpagesize = gethugepagesize(path);
>  if (!hpagesize) {
> @@ -1034,7 +1034,10 @@ static void *file_ram_alloc(RAMBlock *block,
>  }
>
>  if (memory < hpagesize) {
> -return NULL;
> +error_setg(errp, "memory size 0x" RAM_ADDR_FMT " must be equal to "
> +   "or larger than huge page size 0x%" PRIx64,
> +   memory, hpagesize);
> +goto error;
>  }
>
>  if (kvm_enabled() && !kvm_has_sync_mmu()) {
> @@ -1094,8 +1097,8 @@ static void *file_ram_alloc(RAMBlock *block,
>  return area;
>
>  error:
> -if (mem_prealloc) {
> -exit(1);

So I get the movitation behind getting rid of the core dump and
abort(). But this seems like a different change. You are demoting an
explicit fatal error (which looks to me to be unhelpfully silent) to a
propagating error. What's the reasoning? Is there any awareness of the
must-exit on the mem_prealloc failure case in the higher levels?

Regards,
Peter

> +if (area && area != MAP_FAILED) {
> +munmap(area, memory);
>  }
>  return NULL;
>  }
> --
> 1.9.3
>
>

Re: [Qemu-devel] [PATCH v6 7/7] exec: add parameter errp to gethugepagesize

[Peter Crosthwaite]

On Thu, Aug 7, 2014 at 7:10 PM, Hu Tao  wrote:
> Add parameter errp to gethugepagesize thus callers can handle errors.
>
> This patch fixes a problem that if user adds a memory-backend-file
> object using object_add command, specifying a non-existing directory
> for property mem-path, qemu will core dump with message:

Same long sentence issue here,

>
>   /nonexistingdir: No such file or directory
>   Bad ram offset f000
>   Aborted (core dumped)
>
> with this patch, qemu reports error message like:
>
>   qemu-system-x86_64: -object 
> memory-backend-file,mem-path=/nonexistingdir,id=mem-file0,size=128M:
>   failed to stat file /nonexistingdir: No such file or directory
>
> Signed-off-by: Hu Tao 

Otherwise:

Reviewed-by: Peter Crosthwaite 

> ---
>  exec.c | 11 +++
>  1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index 50cd510..fdef0f7 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -996,7 +996,7 @@ void qemu_mutex_unlock_ramlist(void)
>
>  #define HUGETLBFS_MAGIC   0x958458f6
>
> -static long gethugepagesize(const char *path)
> +static long gethugepagesize(const char *path, Error **errp)
>  {
>  struct statfs fs;
>  int ret;
> @@ -1006,7 +1006,8 @@ static long gethugepagesize(const char *path)
>  } while (ret != 0 && errno == EINTR);
>
>  if (ret != 0) {
> -perror(path);
> +error_setg_errno(errp, errno, "failed to get page size of file %s",
> + path);
>  return 0;
>  }
>
> @@ -1027,9 +1028,11 @@ static void *file_ram_alloc(RAMBlock *block,
>  void *area = NULL;
>  int fd;
>  uint64_t hpagesize;
> +Error *local_err = NULL;
>
> -hpagesize = gethugepagesize(path);
> -if (!hpagesize) {
> +hpagesize = gethugepagesize(path, &local_err);
> +if (local_err) {
> +error_propagate(errp, local_err);
>  goto error;
>  }
>
> --
> 1.9.3
>
>

Re: [Qemu-devel] [PATCH v5 0/8] modify boot order of guest, and take effect after rebooting

[Gonglei (Arei)]

Hi,

Ping... please. 

TBH, I am confused which maintainer can maintain the patch serials about 
bootindex.

Gerd is seemingly not in maillist later two weeks.

Markus? Paolo? MST? PMM? Eduardo? Thanks for any help.

Best regards,
-Gonglei


> -Original Message-
> From: Gonglei (Arei)
> Sent: Monday, August 04, 2014 8:46 PM
> To: qemu-devel@nongnu.org
> Cc: aligu...@amazon.com; m...@redhat.com; pbonz...@redhat.com;
> ak...@redhat.com; hu...@cn.fujitsu.com; ehabk...@redhat.com;
> gaowanl...@cn.fujitsu.com; ebl...@redhat.com; afaer...@suse.de;
> arm...@redhat.com; imamm...@redhat.com; a...@ozlabs.ru;
> kra...@redhat.com; peter.crosthwa...@xilinx.com; lcapitul...@redhat.com;
> h...@linux.com; stefa...@redhat.com; ag...@suse.de; chenliang (T);
> Huangweidong (C); Luonengjun; Huangpeng (Peter); kw...@redhat.com;
> Gonglei (Arei)
> Subject: [PATCH v5 0/8] modify boot order of guest, and take effect after
> rebooting
> 
> From: Gonglei 
> 
> Sometimes, we want to modify boot order of a guest, but no need to
> shutdown it. We can call dynamic changing bootindex of a guest, which
> can be assured taking effect just after the guest rebooting.
> 
> For example, in P2V scene, we boot a guest and then attach a
> new system disk, for copying some thing. We want to assign the
> new disk as the booting disk, which means its bootindex=1.
> 
> Different nics can be assigen different bootindex dynamically
> also make sense.
> 
> The patchsets add one qmp interface, and add an fw_cfg_machine_reset()
> to achieve it.
> 
> Steps of testing:
> 
> ./qemu-system-x86_64 -enable-kvm -m 4096 -smp 4 -name redhat6.2 -drive \
> file=/home/redhat6.2.img,if=none,id=drive-ide0-0-0 \
> -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \
> -drive file=/home/RH-DVD1.iso,if=none,id=drive-ide0-0-1 \
> -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=4 \
> -vnc 0.0.0.0:10 -netdev type=user,id=net0 \
> -device virtio-net-pci,netdev=net0,bootindex=3,id=nic1 \
> -netdev type=user,id=net1 -device e1000,netdev=net1,bootindex=2,id=nic2 \
> -drive file=/home/virtio-disk.vfd,if=none,id=drive-fdc0-0-0,format=raw \
> -device isa-fdc,driveA=drive-fdc0-0-0,id=floppy1,bootindexA=5 -monitor stdio
> QEMU 2.0.93 monitor - type 'help' for more information
> (qemu) info bootindex
> id   bootindex   suffix
> "floppy1"5  "/floppy@0"
> "ide0-0-1"   4  "/disk@1"
> "nic1"   3  "/ethernet-phy@0"
> "nic2"   2  "/ethernet-phy@0"
> "ide0-0-0"   1  "/disk@0"
> (qemu) set-bootindex ide0-0-1 1
> The bootindex 1 has already been used
> (qemu) set-bootindex ide0-0-1 6 "/disk@1"
> (qemu) set-bootindex ide0-0-1 0
> (qemu) system_reset
> (qemu) set-bootindex ide0-0-1 1
> The bootindex 1 has already been used
> (qemu) set-bootindex nic1 0
> The bootindex 0 has already been used
> (qemu) set-bootindex ide0-0-1 -1
> (qemu) set-bootindex nic1 0
> (qemu) info bootindex
> id   bootindex   suffix
> "floppy1"5  "/floppy@0"
> "nic2"   2  "/ethernet-phy@0"
> "ide0-0-0"   1  "/disk@0"
> "nic1"   0  "/ethernet-phy@0"
> (qemu) system_reset
> (qemu)
> 
> 
> Changes since v4:
>  - using error_setg() instead of qerror_report() in patch 1/8.
>  - call del_boot_device_path() from device_finalize() instead
>   of placing it into each individual device in patch 4/8.
> 
> Changes since v3:
>  - rework del_* and modify_* function, because of virtio devices' 
> specialation.
>For example, virtio-net's id is NULL, and its parent virtio-net-pci's id 
> was
> assigned.
>Though the global fw_boot_order stored the virtio-net device.
>  - call dell_boot_device_path in each individual device avoiding waste 
> resouce.
>  - introduce qmp "query-bootindex" command
>  - introcude hmp "info bootindex" command
>  - Fixes by Eric's reviewing comments, thanks.
> 
> Changes since v2:
>  *address Gerd's reviewing suggestion:
>  - use the old entry's suffix, if the caller do not pass it in.
>  - call del_boot_device_path() from device_finalize() instead
>of placing it into each individual device.
> 
>   Thanks Gerd.
> 
> Changes since v1:
>  *rework by Gerd's suggestion:
>  - split modify and del fw_boot_order for single function.
>  - change modify bootindex's realization which simply lookup
>the device and modify the bootindex. if the new bootindex
>has already used by another device just throw an error.
>  - change to del_boot_device_path(DeviceState *dev) and simply delete all
>entries belonging to the device.
> 
> Gonglei (8):
>   bootindex: add modify_boot_device_path function
>   bootindex: add del_boot_device_path function
>   fw_cfg: add fw_cfg_machine_reset function
>   bootindex: delete bootindex when device is removed
>   qmp: add set-bootindex command
>   qemu-monitor: HMP set-bootindex wrapper
>   qmp: add query-bootindex command
>   qemu-monitor: add HMP "info-bootindex" command
> 
>  hmp-commands.hx   |  17 +++
>  hmp.c  

Re: [Qemu-devel] [PATCH v6 7/7] exec: add parameter errp to gethugepagesize

[Gonglei (Arei)]

> -Original Message-
> From: qemu-devel-bounces+arei.gonglei=huawei@nongnu.org
> [mailto:qemu-devel-bounces+arei.gonglei=huawei@nongnu.org] On
> Behalf Of Peter Crosthwaite
> Sent: Thursday, August 07, 2014 7:47 PM
> To: Hu Tao
> Cc: Yasunori Goto; Paolo Bonzini; Yasuaki Isimatu; qemu-devel@nongnu.org
> Developers; Michael S. Tsirkin
> Subject: Re: [Qemu-devel] [PATCH v6 7/7] exec: add parameter errp to
> gethugepagesize
> 
> On Thu, Aug 7, 2014 at 7:10 PM, Hu Tao  wrote:
> > Add parameter errp to gethugepagesize thus callers can handle errors.
> >
> > This patch fixes a problem that if user adds a memory-backend-file
> > object using object_add command, specifying a non-existing directory
> > for property mem-path, qemu will core dump with message:
> 
> Same long sentence issue here,
> 
> >
> >   /nonexistingdir: No such file or directory
> >   Bad ram offset f000
> >   Aborted (core dumped)
> >
> > with this patch, qemu reports error message like:
> >
> >   qemu-system-x86_64: -object
> memory-backend-file,mem-path=/nonexistingdir,id=mem-file0,size=128M:
> >   failed to stat file /nonexistingdir: No such file or directory
> >
> > Signed-off-by: Hu Tao 
> 
> Otherwise:
> 
> Reviewed-by: Peter Crosthwaite 
> 
> > ---
> >  exec.c | 11 +++
> >  1 file changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/exec.c b/exec.c
> > index 50cd510..fdef0f7 100644
> > --- a/exec.c
> > +++ b/exec.c
> > @@ -996,7 +996,7 @@ void qemu_mutex_unlock_ramlist(void)
> >
> >  #define HUGETLBFS_MAGIC   0x958458f6
> >
> > -static long gethugepagesize(const char *path)
> > +static long gethugepagesize(const char *path, Error **errp)

I'm not following this series, but the function name is not idiomatic QEMU 
coding style IMHO.

Best regards,
-Gonglei

Re: [Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Peter Maydell]

On 7 August 2014 12:43, Richard W.M. Jones  wrote:
> On Thu, Aug 07, 2014 at 12:35:27PM +0100, Peter Maydell wrote:
>> On 7 August 2014 12:29, Richard W.M. Jones  wrote:
>> > On Thu, Aug 07, 2014 at 12:18:49PM +0100, Peter Maydell wrote:
>> >> you didn't select a 32 bit CPU either explicitly or by default
>> >> on the QEMU command line? Note that '-machine type=virt'
>> >> defaults to a Cortex-A15 even in qemu-softmmu-aarch64
>> >> (this is unfortunate but fallout from the fact that we started
>> >> the virt model with the A15. Maybe we should make it not
>> >> have a default and require a CPU specification...)
>> >
>> > Yes, this is indeed the case.  It also explains why I could get TCG
>> > working at all until I added -cpu cortex-a57.  Now it is working.
>> >
>> > I really think this choice of cpu_model = "cortex-a15" for -M virt is
>> > a poor one.  It should always default to something working.
>>
>> cortex-a15 *does* work, it's just a 32 bit CPU. It will function
>> exactly the same as if you asked for an A15 in qemu-system-arm.
>> Obviously if you try to feed it an AArch64 kernel it will behave
>> the same way as if you'd tried to boot an AArch64 kernel on
>> A15 hardware, so don't do that.
>
> Can't a 32 bit kernel run on -cpu cortex-a5x?  (I've not tried.)

No, because at the moment our AArch64 TCG implementation
(and the way we configure KVM) assumes that the highest
exception level is running AArch64. We might fix this eventually,
though.

>> > Currently libguestfs has to pass -cpu host when KVM is detected, and
>> > -cpu cortex-a57 otherwise.  However we cannot be sure that KVM is 100%
>> > working and that we won't fall back to TCG, which means the -cpu
>> > parameter could be wrong and we would fail to launch the appliance.
>> > Having the correct defaults would prevent this unnecessary failure.
>>
>> This isn't possible, I'm afraid. TCG will never support "-cpu host",
>> and whether any particular specific CPU type is supported by
>> the kernel for KVM depends on the host hardware. (We don't
>> want to default to "-cpu host if KVM" because it means defaulting
>> to "migration won't work".)
>
> We use -cpu host on KVM in order to avoid parsing /proc/cpuinfo to
> find the right CPU model and flags.  Parsing /proc/cpuinfo is a
> minefield because it differs on every architecture, and even within
> architectures.
>
> Note libguestfs doesn't care about migration at all.  We do care that
> we can reliably run our appliance.

Yes, so -cpu host is a good choice for you. It's just not something
I want to make the default in QEMU itself, where we have more
than just the libguestfs use case to consider.

> What we really want is -cpu best-possible-and-don't-fail.

The difficulty here is that there is no good definition of
"best" because ARM CPUs come from a variety of different
manufacturers and with various different possible configurations.
Also, even if we could define a "best" CPU, it's quite possible
that your guest kernel wouldn't run on it (either now or in the
future when new CPUs get added).

thanks
-- PMM

Re: [Qemu-devel] Printf message in QEMU source code

[Peter Crosthwaite]

On Thu, Aug 7, 2014 at 8:55 PM, Amit Tomer  wrote:
> I wanted to provide some printf statement in QEMU source code in order to
> debug some issue but not sure where do I see these printf statements?
>

Don't use printf for debugging instrumentation. When doing quick
hacking, can use fprintf(stderr, and take your prints from stderr. If
you are looking for something more correct then you should consider
using qemu_log_mask with one of the log options. Then you can access
your prints either from stderr or log them to file with -D option.

Regards,
Peter

> I have looked into following post but it is without any answers
>
> Debugging Qemu Source Code and not Kernel Source Code
>
> I am launching QEMU in terminal where I have it's output, not OSs.
>
> How Do I see printf logs while launching QEMU in headless environment?
>
> Thanks,
> Amit

Re: [Qemu-devel] [PATCH target-arm] arm: armv7m: Respect elf entry point

[Peter Crosthwaite]

On Mon, Aug 4, 2014 at 5:54 PM, Alistair Francis  wrote:
> On Sat, Aug 2, 2014 at 9:41 AM, Peter Crosthwaite
>  wrote:
>> ARMv7M has it's own bootloader (separate from the regular ARM
>> bootloader) that is elf aware. It is able to load elfs but it does
>> not set the program counter to the elf entry point. Make it more
>> consistent with the regular ARM bootloader by setting the program
>> counter to the given elf entry point.
>>
>> Signed-off-by: Peter Crosthwaite 
>> ---
>>  hw/arm/armv7m.c | 19 ---
>>  1 file changed, 16 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
>> index 397e8df..d1b983f 100644
>> --- a/hw/arm/armv7m.c
>> +++ b/hw/arm/armv7m.c
>> @@ -155,11 +155,18 @@ static void armv7m_bitband_init(void)
>>
>>  /* Board init.  */
>>
>> +typedef struct ARMV7MResetArgs {
>> +ARMCPU *cpu;
>> +uint32_t reset_pc;
>> +} ARMV7MResetArgs;
>> +
>>  static void armv7m_reset(void *opaque)
>>  {
>> -ARMCPU *cpu = opaque;
>> +ARMV7MResetArgs *args = opaque;
>>
>> -cpu_reset(CPU(cpu));
>> +cpu_reset(CPU(args->cpu));
>> +args->cpu->env.regs[15] = args->reset_pc;
>> +args->cpu->env.thumb = args->reset_pc & 1;
>>  }
>
> This breaks a simple test case that I have.

Can you send me a replicator? I'll give it a go.

> It now starts at a an
> address one one bit larger but causes the program to hang.
> If the 'cpu_reset(CPU(args->cpu))' is moved to the end of the function
> the test boots (the same as it did before).
>

Hmm but I think that loses you the elf entry point again.

Regards,
Peter

>>
>>  /* Init CPU and memory for a v7-M based board.
>> @@ -183,6 +190,7 @@ qemu_irq *armv7m_init(MemoryRegion *address_space_mem,
>>  MemoryRegion *sram = g_new(MemoryRegion, 1);
>>  MemoryRegion *flash = g_new(MemoryRegion, 1);
>>  MemoryRegion *hack = g_new(MemoryRegion, 1);
>> +ARMV7MResetArgs reset_args;
>>
>>  flash_size *= 1024;
>>  sram_size *= 1024;
>> @@ -259,7 +267,12 @@ qemu_irq *armv7m_init(MemoryRegion *address_space_mem,
>>  vmstate_register_ram_global(hack);
>>  memory_region_add_subregion(address_space_mem, 0xf000, hack);
>>
>> -qemu_register_reset(armv7m_reset, cpu);
>> +reset_args = (ARMV7MResetArgs) {
>> +.cpu = cpu,
>> +.reset_pc = entry,
>> +};
>> +qemu_register_reset(armv7m_reset,
>> +g_memdup(&reset_args, sizeof(reset_args)));
>>  return pic;
>>  }
>>
>> --
>> 1.9.1
>>
>

Re: [Qemu-devel] [PATCH v2 0/4] block/parallels: 2TB+ parallels images support

[Denis V. Lunev]

On 28/07/14 20:23, Denis V. Lunev wrote:

Parallels has released in the recent updates of Parallels Server 5/6
new addition to his image format. Images with signature WithouFreSpacExt
have offsets in the catalog coded not as offsets in sectors (multiple
of 512 bytes) but offsets coded in blocks (i.e. header->tracks * 512)

In this case to code the virtual disk size for such images nb_sectors
field is extended to 64 bits. The reader of older images with signature
WithoutFreeSpace must manually zero most valuable bits of nb_sectors
on open.

Changes from v1:
- fixed message in patch 1
- added braces to conform qemu coding style in patches 3 & 4
- added check for ph.tracks in patch 4 to avoid offset overflow as suggested
   by Jeff

Signed-off-by: Denis V. Lunev 
CC: Kevin Wolf 
CC: Stefan Hajnoczi 
CC: Jeff Cody 

can you pls look/commit. I have some other changes on top of this

Re: [Qemu-devel] Wince 6.5 Support on qemu-system-arm

[wasim nm]

Hi All,
1> I would like to know if wince 6.5  or higher is supported on
qemu-arm? for any of the omap3 machine

2> If NO->  what effort would it take to boot wince 6.5 on qemu-omap3
using beagle board as
   reference.

Please reply

Thanks much
Wnm


On 8/7/14, wasim nm  wrote:
> Hi,
>   I would like to know if wince 6.5 is supported on qemu-arm? for any
> of the omap3machine.
>   If NO->  what effort would it take to boot wince 6.5 on qemu-omap3
> using beagle board as
>reference ,I hope i am clear ...
>
> Thanks
> wnm
>

Re: [Qemu-devel] [edk2] license for binary drivers

[Paolo Bonzini]

Il 06/08/2014 23:51, Andrew Fish ha scritto:
> On Aug 6, 2014, at 6:44 AM, Paolo Bonzini  wrote:
>> However, the non-free nature of the OVMF binaries mean that QEMU
>> will never ever ship OVMF binaries until the license is fixed for
>> the offending FAT driver.  Not only because we don't want to get
>> into legal minefields, but also because QEMU is free software and
>> wants to keep its distributed releases entirely free.
> 
> IANAL, but this stuff seems kind of free

There is only one definition of free software, which is what Laszlo
cited, and the Tiano Core FAT driver does not satisfy it.

And in practice that definition is practically the same as the open
source definition, which the Tiano Core FAT driver does not satisfy
either (see the paragraph "License must be technology-neutral").

So the driver is neither free software, nor open source software.

> Reverse engineering
> something does not make it free. Copying other peoples work and
> changing the license does not make it free. Nothing that the edk2 or
> QEMU developers do changes the Intellectual Property rights that are
> associated with the FAT file system.

Catch-all words that lump together copyright and patents, such as
"Intellectual Property", can help spreading FUD about free software, but
they cannot _forbid_ distribution or use of the software.  Which are
done at your own risk anyway, since almost all software licenses come
with a warranty disclaimer.

On the other hand, the Tiano Core FAT driver license is just about
copyright, and the driver simply _cannot_ be distributed or used except
"as necessary to emulate an implementation of the UEFI Specifications;
and to create firmware, applications, utilities and/or drivers".  Doing
so directly violates the license, without much room for discussion.

> The IP for FAT was contributed to UEFI, and the specification that
> includes the license in question was created. The edk2 FAT driver was
> coded to this specification and thus has this license.  Which means
> you can use FAT for UEFI firmware without paying a licensing fee.
> So from a commercial point of view the edk2 FAT driver is “free”.
> How you write a GPL licensed FAT driver seems like a legal quagmire.

I have three problems with this paragraph:

1) The FAT specification license is not the FatPkg license, and the FAT
specification licensor is not the FatPkg licensor.  Have you consulted
Apple's lawyers before claiming that what applies to the FAT
specification (and is written in the FAT speciification license) is also
valid for the FatPkg driver, as you are doing?  I would do it before
making such a sweeping claim.

2) The word free was obviously never used with the meaning of "gratis".

3) No one has mentioned the GNU GPL, and in any case, calling anything
"easy" or "hard" from a legal point of view is better left to real
lawyers, isn't it?  They have figured it out for Linux in the past.

Paolo

Re: [Qemu-devel] [PATCH v2 0/2] Add machine type pc-1.0-qemu-kvm for live migrate compatibility with qemu-kvm

[Serge E. Hallyn]

Quoting Alex Bligh (a...@alex.org.uk):
> Serge,
> 
> On 7 Aug 2014, at 03:50, Serge Hallyn  wrote:
> 
> > This worked for me when migrating by hand.  I'm trying to make it work
> > through libvirt, using the following patch.  (So whether to have
> > pc-1.0 be treated as qemu's or qemu-kvm's pc-1.0 is specifed using a
> > boolean in /etc/libvirt/qemu.conf)  Qemu starts with decent
> > looking args, but for some reason the the migration is failing -
> > still looking through the logfile to figure out why.
> 
> Are you using exactly the same arguments by hand and with libvirt?
> 
> Also, on reflection, given one of the changes between 1.0 and 2.0
> is ACPI, I should probably have done some testing with an ACPI
> enabled image, rather than just cirros (which not ACPI enabled);
> any chance this is ACPI related?

Turning off acpi (well, commenting it out in the xml, which I'm assuming
dtrt) doesn't help:

===
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin 
QEMU_AUDIO_DRV=none /usr/bin/kvm -name cirros -S -global 
virtio-net-pci.romfile=pxe-virtio.rom.12.04 -machine 
pc-1.0-qemu-kvm,accel=kvm,usb=off -m 512 -realtime mlock=off -smp 
1,sockets=1,cores=1,threads=1 -uuid 2542c328-6842-33ef-d30e-866c3f3189a8 
-no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/cirros.monitor,server,nowait 
-mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown 
-no-acpi -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 
-drive 
file=/var/lib/libvirt/images/cirros.img,if=none,id=drive-ide0-0-0,format=raw 
-device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 
-netdev tap,fd=26,id=hostnet0 -device 
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:be:d8:99,bus=pci.0,addr=0x3 
-chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 
-vnc 127.0.0.1:0 -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device 
AC97,id=sound0,bus=pci.0,addr=0x4 -incoming fd:23 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg timestamp=on
2014-08-07 12:51:02.400+: 1539: debug : virFileClose:99 : Closed fd 25
2014-08-07 12:51:02.401+: 1539: debug : virFileClose:99 : Closed fd 31
2014-08-07 12:51:02.401+: 1539: debug : virFileClose:99 : Closed fd 3
2014-08-07 12:51:02.401+: 1540: debug : virExec:616 : Run hook 
0x7f25cb17bca0 0x7f25d3aedf20
2014-08-07 12:51:02.401+: 1540: debug : qemuProcessHook:2719 : Obtaining 
domain lock
2014-08-07 12:51:02.401+: 1540: debug : virDomainLockProcessStart:175 : 
plugin=0x7f25c4170290 dom=0x7f25c4186510 paused=1 fd=0x7f25d3aedb44
2014-08-07 12:51:02.401+: 1540: debug : virDomainLockManagerNew:133 : 
plugin=0x7f25c4170290 dom=0x7f25c4186510 withResources=1
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerPluginGetDriver:281 : 
plugin=0x7f25c4170290
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerNew:305 : 
driver=0x7f25da723580 type=0 nparams=5 params=0x7f25d3aeda30 flags=0
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerLogParams:98 :   
key=uuid type=uuid value=2542c328-6842-33ef-d30e-866c3f3189a8
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerLogParams:91 :   
key=name type=string value=cirros
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerLogParams:79 :   
key=id type=uint value=2
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerLogParams:79 :   
key=pid type=uint value=1540
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerLogParams:94 :   
key=uri type=cstring value=qemu:///system
2014-08-07 12:51:02.401+: 1540: debug : virDomainLockManagerNew:145 : 
Adding leases
2014-08-07 12:51:02.401+: 1540: debug : virDomainLockManagerNew:150 : 
Adding disks
2014-08-07 12:51:02.401+: 1540: debug : virDomainLockManagerAddDisk:91 : 
Add disk /var/lib/libvirt/images/cirros.img
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerAddResource:332 : 
lock=0x7f25c417b080 type=0 name=/var/lib/libvirt/images/cirros.img nparams=0 
params=(nil) flags=0
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerAcquire:350 : 
lock=0x7f25c417b080 state='' flags=3 action=0 fd=0x7f25d3aedb44
2014-08-07 12:51:02.401+: 1540: debug : virLockManagerFree:387 : 
lock=0x7f25c417b080
2014-08-07 12:51:02.401+: 1540: debug : virObjectUnref:259 : OBJECT_UNREF: 
obj=0x7f25c415e620
2014-08-07 12:51:02.401+: 1540: debug : qemuProcessHook:2746 : Hook 
complete ret=0
2014-08-07 12:51:02.401+: 1540: debug : virExec:618 : Done hook 0
2014-08-07 12:51:02.401+: 1540: debug : virExec:638 : Setting child 
AppArmor profile to libvirt-2542c328-6842-33ef-d30e-866c3f3189a8
2014-08-07 12:51:02.402+: 1540: debug : virExec:655 : Setting child uid:gid 
to 107:113 with caps 0
2014-08-07 12:51:02.402+: 1540: debug : virCommandHandshakeChild:358 : 
Notifying parent for handshake start on 28
2014-08-07 12:51:02.402+: 1540: debug : virCo

Re: [Qemu-devel] [PATCH v5 0/8] modify boot order of guest, and take effect after rebooting

[Paolo Bonzini]

Il 07/08/2014 13:50, Gonglei (Arei) ha scritto:
> Hi,
> 
> Ping... please. 
> 
> TBH, I am confused which maintainer can maintain the patch serials about 
> bootindex.
> 
> Gerd is seemingly not in maillist later two weeks.
> 
> Markus? Paolo? MST? PMM? Eduardo? Thanks for any help.

Gerd is on holiday, sorry.  I've left the patch review to him so far, so
I'd rather wait for him to come back.

Paolo

Re: [Qemu-devel] [PATCH v5 0/8] modify boot order of guest, and take effect after rebooting

[Gonglei (Arei)]

> Subject: Re: [PATCH v5 0/8] modify boot order of guest, and take effect after
> rebooting
> 
> Il 07/08/2014 13:50, Gonglei (Arei) ha scritto:
> > Hi,
> >
> > Ping... please.
> >
> > TBH, I am confused which maintainer can maintain the patch serials about
> bootindex.
> >
> > Gerd is seemingly not in maillist later two weeks.
> >
> > Markus? Paolo? MST? PMM? Eduardo? Thanks for any help.
> 
> Gerd is on holiday, sorry.  I've left the patch review to him so far, so
> I'd rather wait for him to come back.
> 
> Paolo

OK, Thanks! Paolo.

Best regards,
-Gonglei

Re: [Qemu-devel] [PATCH v1 00/17] dataplane: optimization and multi virtqueue support

[Ming Lei]

On Thu, Aug 7, 2014 at 7:06 PM, Kevin Wolf  wrote:
> Am 07.08.2014 um 12:52 hat Ming Lei geschrieben:
>> On Thu, Aug 7, 2014 at 6:27 PM, Ming Lei  wrote:
>> > On Wed, Aug 6, 2014 at 11:40 PM, Kevin Wolf  wrote:
>>
>> > Also there are some problems with your patches which can't boot a
>> > VM in my environment:
>> >
>> > - __thread patch: looks there is no '__thread' used, and the patch
>> > basically makes bypass not workable.
>> >
>> > - bdrv_co_writev callback isn't set for raw-posix, looks my rootfs need to
>> > write during booting
>> >
>> > - another problem, I am investigating: laio isn't accessable
>> > in qemu_laio_process_completion() sometimes
>>
>> This one should be caused by accessing 'laiocb' after cb().
>
> I stumbled across the same problems this morning when I tried to
> actually run VMs with it instead of just qemu-img bench. They should all
> be fixed in my git repo now. (Haven't figured out yet why __thread
> doesn't work, so I have reverted that part, probably at the cost of some
> performance.)

In my test, looks no obvious performance effect by the commit, or by
pthread_getspecific() which should be fine for fast path. I also simply
revert it since __thread can't be added. Interesting, my other local change
is basically same with your change, :-)

Finally I implemented bypassing coroutine on your linux-aio coro patches,
for comparing bypass effect easily, now both are run in basically same
path except for coroutine APIs:

   git://kernel.ubuntu.com/ming/qemu.git  v2.1.0-mq.1-kevin-perf

The above branch only holds three patches which are against the
latest 'perf-bypass' branch of your tree.

Then I run it in VM on my server and still use the same fio(linux aio,
direct, 4k bs, 120sec) to test virtio-blk dataplane performance, and the
virtio-blk is backed by the /dev/nullb0 block device too.

+
-
without bypass(linux-aio coro)  |  with bypass linux-aio corou
 
---+--
1 vq, 2 jobs |101K iops  | 116K iops

4 vq, 4 jobs |121K iops  | 142K iops


Looks there is still some difference even applying linux-aio coroutine patches.

Now I am a bit more confident that coroutine is the cause of
performance difference...

Thanks,

[Qemu-devel] [PATCH v4 07/15] target-tricore: Add instructions of SRR opcode format

[Bastian Koppelmann]

Add instructions of SRR opcode format.
Add helper for add/sub_ssov.

Signed-off-by: Bastian Koppelmann 
---
v3 -> v4:
- Replace gen_calc_psw_sv, gen_calc_psw_sav, gen_calc_psw_av calls.
- Rename gen_sub_i32 to gen_sub_d.
- Fix V bit calculation in gen_sub_d and gen_mul_i32s.
- helper_add/sub_ssov now uses sign extended arguments.
- Remove unnecessary temp register in gen_adds/_subs.

 target-tricore/helper.h|   4 ++
 target-tricore/op_helper.c |  43 
 target-tricore/translate.c | 159 +
 3 files changed, 206 insertions(+)

diff --git a/target-tricore/helper.h b/target-tricore/helper.h
index 5884240..299bd77 100644
--- a/target-tricore/helper.h
+++ b/target-tricore/helper.h
@@ -14,3 +14,7 @@
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, see .
  */
+
+/* Arithmetic */
+DEF_HELPER_3(add_ssov, i32, env, i32, i32)
+DEF_HELPER_3(sub_ssov, i32, env, i32, i32)
diff --git a/target-tricore/op_helper.c b/target-tricore/op_helper.c
index 2e5981f..6d94f0b 100644
--- a/target-tricore/op_helper.c
+++ b/target-tricore/op_helper.c
@@ -20,6 +20,49 @@
 #include "exec/helper-proto.h"
 #include "exec/cpu_ldst.h"

+#define SSOV(env, ret, arg, len) do {   \
+int64_t max_pos = INT##len ##_MAX;  \
+int64_t max_neg = INT##len ##_MIN;  \
+if (arg > max_pos) {\
+env->PSW_USB_V = 1; \
+env->PSW_USB_SV = 1;\
+ret = (target_ulong)max_pos;\
+} else {\
+if (arg < max_neg) {\
+env->PSW_USB_V = 1; \
+env->PSW_USB_SV = 1;\
+ret = (target_ulong)max_neg;\
+} else {\
+env->PSW_USB_V = 0; \
+ret = (target_ulong)arg;\
+}   \
+}   \
+env->PSW_USB_AV = arg ^ arg * 2u;   \
+env->PSW_USB_SAV |= env->PSW_USB_AV;\
+} while (0)
+
+target_ulong helper_add_ssov(CPUTRICOREState *env, target_ulong r1,
+ target_ulong r2)
+{
+target_ulong ret;
+int64_t t1 = sextract64(r1, 0, 32);
+int64_t t2 = sextract64(r2, 0, 32);
+int64_t result = t1 + t2;
+SSOV(env, ret, result, 32);
+return ret;
+}
+
+target_ulong helper_sub_ssov(CPUTRICOREState *env, target_ulong r1,
+ target_ulong r2)
+{
+target_ulong ret;
+int64_t t1 = sextract64(r1, 0, 32);
+int64_t t2 = sextract64(r2, 0, 32);
+int64_t result = t1 - t2;
+SSOV(env, ret, result, 32);
+return ret;
+}
+
 static inline void QEMU_NORETURN do_raise_exception_err(CPUTRICOREState *env,
 uint32_t exception,
 int error_code,
diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index ed2bf9b..8778f3b 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -171,6 +171,48 @@ static inline void gen_condi_add(int cond, TCGv r1, 
int32_t r2,
 tcg_temp_free(temp);
 }

+static inline void gen_sub_d(TCGv ret, TCGv r1, TCGv r2)
+{
+TCGv temp = tcg_temp_new_i32();
+
+tcg_gen_sub_tl(ret, r1, r2);
+/* calc V bit */
+tcg_gen_xor_tl(cpu_PSW_V, ret, r1);
+tcg_gen_xor_tl(temp, r1, r2);
+tcg_gen_and_tl(cpu_PSW_V, cpu_PSW_V, temp);
+/* calc SV bit */
+tcg_gen_or_tl(cpu_PSW_SV, cpu_PSW_SV, cpu_PSW_V);
+/* Calc AV bit */
+tcg_gen_add_tl(cpu_PSW_AV, ret, ret);
+tcg_gen_xor_tl(cpu_PSW_AV, ret, cpu_PSW_AV);
+/* calc SAV bit */
+tcg_gen_or_tl(cpu_PSW_SAV, cpu_PSW_SAV, cpu_PSW_AV);
+
+tcg_temp_free(temp);
+}
+
+static inline void gen_mul_i32s(TCGv ret, TCGv r1, TCGv r2)
+{
+TCGv high = tcg_temp_new();
+TCGv low = tcg_temp_new();
+
+tcg_gen_muls2_tl(low, high, r1, r2);
+tcg_gen_mov_tl(ret, low);
+/* calc V bit */
+tcg_gen_sari_tl(low, low, 31);
+tcg_gen_setcond_tl(TCG_COND_NE, cpu_PSW_V, high, low);
+/* calc SV bit */
+tcg_gen_or_tl(cpu_PSW_SV, cpu_PSW_SV, cpu_PSW_V);
+/* Calc AV bit */
+tcg_gen_add_tl(cpu_PSW_AV, ret, ret);
+tcg_gen_xor_tl(cpu_PSW_AV, ret, cpu_PSW_AV);
+/* calc SAV bit */
+tcg_gen_or_tl(cpu_PSW_SAV, cpu_PSW_SAV, cpu_PSW_AV);
+
+tcg_temp_free(high);
+tcg_temp_free(low);
+}
+
 static void gen_shi(TCGv ret, TCGv r1, int32_t shift_count)
 {
 if (shift_count == -32) {
@@ -229,6 +271,16 @@ static void gen_shaci(TCGv ret, TCGv r1, int32_t 
shift_count)
 tcg_temp_free(t_min);
 }

+static inline void gen_adds(TCGv ret, TCGv r1, TCGv r2)
+{
+g

[Qemu-devel] [PATCH v4 12/15] target-tricore: Add instructions of SBR opcode format

[Bastian Koppelmann]

Add instructions of SBR opcode format.
Add gen_loop micro-op generator function.

Signed-off-by: Bastian Koppelmann 

Reviewed-by: Richard Henderson 
---
 target-tricore/translate.c | 66 +-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index 9a03544..eb7be30 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -355,6 +355,18 @@ static inline void gen_branch_condi(DisasContext *ctx, int 
cond, TCGv r1,
 tcg_temp_free(temp);
 }

+static void gen_loop(DisasContext *ctx, int r1, int32_t offset)
+{
+int l1;
+l1 = gen_new_label();
+
+tcg_gen_subi_tl(cpu_gpr_a[r1], cpu_gpr_a[r1], 1);
+tcg_gen_brcondi_tl(TCG_COND_EQ, cpu_gpr_a[r1], -1, l1);
+gen_goto_tb(ctx, 1, ctx->pc + offset);
+gen_set_label(l1);
+gen_goto_tb(ctx, 0, ctx->next_pc);
+}
+
 static void gen_compute_branch(DisasContext *ctx, uint32_t opc, int r1,
int r2 , int32_t constant , int32_t offset)
 {
@@ -396,8 +408,44 @@ static void gen_compute_branch(DisasContext *ctx, uint32_t 
opc, int r1,
 gen_branch_condi(ctx, TCG_COND_NE, temp, 0, offset);
 tcg_temp_free(temp);
 break;
+/* SBR-format jumps */
+case OPC1_16_SBR_JEQ:
+gen_branch_cond(ctx, TCG_COND_NE, cpu_gpr_d[r1], cpu_gpr_d[15],
+offset);
+break;
+case OPC1_16_SBR_JNE:
+gen_branch_cond(ctx, TCG_COND_NE, cpu_gpr_d[r1], cpu_gpr_d[15],
+offset);
+break;
+case OPC1_16_SBR_JNZ:
+gen_branch_condi(ctx, TCG_COND_NE, cpu_gpr_d[r1], 0, offset);
+break;
+case OPC1_16_SBR_JNZ_A:
+gen_branch_condi(ctx, TCG_COND_NE, cpu_gpr_a[r1], 0, offset);
+break;
+case OPC1_16_SBR_JGEZ:
+gen_branch_condi(ctx, TCG_COND_GE, cpu_gpr_d[r1], 0, offset);
+break;
+case OPC1_16_SBR_JGTZ:
+gen_branch_condi(ctx, TCG_COND_GT, cpu_gpr_d[r1], 0, offset);
+break;
+case OPC1_16_SBR_JLEZ:
+gen_branch_condi(ctx, TCG_COND_LE, cpu_gpr_d[r1], 0, offset);
+break;
+case OPC1_16_SBR_JLTZ:
+gen_branch_condi(ctx, TCG_COND_LT, cpu_gpr_d[r1], 0, offset);
+break;
+case OPC1_16_SBR_JZ:
+gen_branch_condi(ctx, TCG_COND_EQ, cpu_gpr_d[r1], 0, offset);
+break;
+case OPC1_16_SBR_JZ_A:
+gen_branch_condi(ctx, TCG_COND_EQ, cpu_gpr_a[r1], 0, offset);
+break;
+case OPC1_16_SBR_LOOP:
+gen_loop(ctx, r1, offset * 2 - 32);
+break;
 default:
-printf("Branch Error at %x\n", ctx->pc);
+printf("Branch Error at %x\n", ctx->pc);
 }
 ctx->bstate = BS_BRANCH;
 }
@@ -713,6 +761,22 @@ static void decode_16Bit_opc(CPUTRICOREState *env, 
DisasContext *ctx)
 const16 = MASK_OP_SBRN_N(ctx->opcode);
 gen_compute_branch(ctx, op1, 0, 0, const16, address);
 break;
+/* SBR-format */
+case OPC1_16_SBR_JEQ:
+case OPC1_16_SBR_JGEZ:
+case OPC1_16_SBR_JGTZ:
+case OPC1_16_SBR_JLEZ:
+case OPC1_16_SBR_JLTZ:
+case OPC1_16_SBR_JNE:
+case OPC1_16_SBR_JNZ:
+case OPC1_16_SBR_JNZ_A:
+case OPC1_16_SBR_JZ:
+case OPC1_16_SBR_JZ_A:
+case OPC1_16_SBR_LOOP:
+r1 = MASK_OP_SBR_S2(ctx->opcode);
+address = MASK_OP_SBR_DISP4(ctx->opcode);
+gen_compute_branch(ctx, op1, r1, 0, 0, address);
+break;
 }
 }

--
2.0.4

[Qemu-devel] [PATCH v4 01/15] target-tricore: Add target stubs and qom-cpu

[Bastian Koppelmann]

Add TriCore target stubs, and QOM cpu.

Signed-off-by: Bastian Koppelmann 
---
v3 -> v4:
- tricore_cpu_type_info changed to abstract.
- Change documentation of PSW_USB_AV and PSW_USB_SAV bit to only use bit 31.
- Change psw_read/_write to only use bit 31 for PSW_USB_AV and PSW_USB_SAV.

 arch_init.c   |   2 +
 cpu-exec.c|  11 +-
 cpus.c|   6 +
 include/elf.h |   2 +
 include/sysemu/arch_init.h|   1 +
 target-tricore/Makefile.objs  |   1 +
 target-tricore/cpu-qom.h  |  71 
 target-tricore/cpu.c  | 191 
 target-tricore/cpu.h  | 401 ++
 target-tricore/helper.c   |  92 ++
 target-tricore/helper.h   |   0
 target-tricore/op_helper.c|  27 +++
 target-tricore/translate.c| 100 +++
 target-tricore/tricore-defs.h |  28 +++
 14 files changed, 932 insertions(+), 1 deletion(-)
 create mode 100644 target-tricore/Makefile.objs
 create mode 100644 target-tricore/cpu-qom.h
 create mode 100644 target-tricore/cpu.c
 create mode 100644 target-tricore/cpu.h
 create mode 100644 target-tricore/helper.c
 create mode 100644 target-tricore/helper.h
 create mode 100644 target-tricore/op_helper.c
 create mode 100644 target-tricore/translate.c
 create mode 100644 target-tricore/tricore-defs.h

diff --git a/arch_init.c b/arch_init.c
index 8ddaf35..29a5821 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -104,6 +104,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_XTENSA
 #elif defined(TARGET_UNICORE32)
 #define QEMU_ARCH QEMU_ARCH_UNICORE32
+#elif defined(TARGET_TRICORE)
+#define QEMU_ARCH QEMU_ARCH_TRICORE
 #endif

 const uint32_t arch_type = QEMU_ARCH;
diff --git a/cpu-exec.c b/cpu-exec.c
index 38e5f02..bcfa943 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -277,6 +277,7 @@ int cpu_exec(CPUArchState *env)
 #elif defined(TARGET_CRIS)
 #elif defined(TARGET_S390X)
 #elif defined(TARGET_XTENSA)
+#elif defined(TARGET_TRICORE)
 /* X */
 #else
 #error unsupported target CPU
@@ -327,7 +328,8 @@ int cpu_exec(CPUArchState *env)
 }
 #if defined(TARGET_ARM) || defined(TARGET_SPARC) || defined(TARGET_MIPS) || \
 defined(TARGET_PPC) || defined(TARGET_ALPHA) || defined(TARGET_CRIS) || \
-defined(TARGET_MICROBLAZE) || defined(TARGET_LM32) || 
defined(TARGET_UNICORE32)
+defined(TARGET_MICROBLAZE) || defined(TARGET_LM32) ||   \
+defined(TARGET_UNICORE32) || defined(TARGET_TRICORE)
 if (interrupt_request & CPU_INTERRUPT_HALT) {
 cpu->interrupt_request &= ~CPU_INTERRUPT_HALT;
 cpu->halted = 1;
@@ -443,6 +445,12 @@ int cpu_exec(CPUArchState *env)
 cc->do_interrupt(cpu);
 next_tb = 0;
 }
+#elif defined(TARGET_TRICORE)
+if ((interrupt_request & CPU_INTERRUPT_HARD)) {
+cc->do_interrupt(cpu);
+next_tb = 0;
+}
+
 #elif defined(TARGET_OPENRISC)
 {
 int idx = -1;
@@ -724,6 +732,7 @@ int cpu_exec(CPUArchState *env)
   | env->cc_dest | (env->cc_x << 4);
 #elif defined(TARGET_MICROBLAZE)
 #elif defined(TARGET_MIPS)
+#elif defined(TARGET_TRICORE)
 #elif defined(TARGET_MOXIE)
 #elif defined(TARGET_OPENRISC)
 #elif defined(TARGET_SH4)
diff --git a/cpus.c b/cpus.c
index 5e7f2cf..3262c6b 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1342,6 +1342,9 @@ CpuInfoList *qmp_query_cpus(Error **errp)
 #elif defined(TARGET_MIPS)
 MIPSCPU *mips_cpu = MIPS_CPU(cpu);
 CPUMIPSState *env = &mips_cpu->env;
+#elif defined(TARGET_TRICORE)
+TRICORECPU *tricore_cpu = TRICORE_CPU(cpu);
+CPUTRICOREState *env = &tricore_cpu->env;
 #endif

 cpu_synchronize_state(cpu);
@@ -1366,6 +1369,9 @@ CpuInfoList *qmp_query_cpus(Error **errp)
 #elif defined(TARGET_MIPS)
 info->value->has_PC = true;
 info->value->PC = env->active_tc.PC;
+#elif defined(TARGET_TRICORE)
+info->value->has_PC = true;
+info->value->PC = env->PC;
 #endif

 /* XXX: waiting for the qapi to support GSList */
diff --git a/include/elf.h b/include/elf.h
index e88d52f..70107f0 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -92,6 +92,8 @@ typedef int64_t  Elf64_Sxword;

 #define EM_SPARCV9 43  /* SPARC v9 64-bit */

+#define EM_TRICORE  44  /* Infineon TriCore */
+
 #define EM_IA_64   50  /* HP/Intel IA-64 */

 #define EM_X86_64  62  /* AMD x86-64 */
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 182d48d..8939233 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -22,6 +22,7 @@ enum {
 QEMU_ARCH_OPENRISC = 8192,
 QEMU_ARCH_UNICORE32 = 0x4000,
 QEMU_ARCH_MOXIE = 0x8000,
+QEMU_ARCH_TRICORE = 0x1,
 };

 extern const uin

[Qemu-devel] [PATCH v4 08/15] target-tricore: Add instructions of SSR opcode format

[Bastian Koppelmann]

Add instructions of SSR opcode format.

Signed-off-by: Bastian Koppelmann 

Reviewed-by: Richard Henderson 
---
 target-tricore/translate.c | 50 ++
 1 file changed, 50 insertions(+)

diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index 8778f3b..6f696fb 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -437,6 +437,45 @@ static void decode_srr_opc(DisasContext *ctx, int op1)
 }
 }

+static void decode_ssr_opc(DisasContext *ctx, int op1)
+{
+int r1, r2;
+
+r1 = MASK_OP_SSR_S1(ctx->opcode);
+r2 = MASK_OP_SSR_S2(ctx->opcode);
+
+switch (op1) {
+case OPC1_16_SSR_ST_A:
+tcg_gen_qemu_st_tl(cpu_gpr_a[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LEUL);
+break;
+case OPC1_16_SSR_ST_A_POSTINC:
+tcg_gen_qemu_st_tl(cpu_gpr_a[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LEUL);
+tcg_gen_addi_tl(cpu_gpr_a[r2], cpu_gpr_a[r2], 4);
+break;
+case OPC1_16_SSR_ST_B:
+tcg_gen_qemu_st_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, MO_UB);
+break;
+case OPC1_16_SSR_ST_B_POSTINC:
+tcg_gen_qemu_st_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, MO_UB);
+tcg_gen_addi_tl(cpu_gpr_a[r2], cpu_gpr_a[r2], 1);
+break;
+case OPC1_16_SSR_ST_H:
+tcg_gen_qemu_st_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LEUW);
+break;
+case OPC1_16_SSR_ST_H_POSTINC:
+tcg_gen_qemu_st_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LEUW);
+tcg_gen_addi_tl(cpu_gpr_a[r2], cpu_gpr_a[r2], 2);
+break;
+case OPC1_16_SSR_ST_W:
+tcg_gen_qemu_st_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LEUL);
+break;
+case OPC1_16_SSR_ST_W_POSTINC:
+tcg_gen_qemu_st_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LEUL);
+tcg_gen_addi_tl(cpu_gpr_a[r2], cpu_gpr_a[r2], 4);
+break;
+}
+}
+
 static void decode_16Bit_opc(CPUTRICOREState *env, DisasContext *ctx)
 {
 int op1;
@@ -484,6 +523,17 @@ static void decode_16Bit_opc(CPUTRICOREState *env, 
DisasContext *ctx)
 case OPC1_16_SRR_XOR:
 decode_srr_opc(ctx, op1);
 break;
+/* SSR-format */
+case OPC1_16_SSR_ST_A:
+case OPC1_16_SSR_ST_A_POSTINC:
+case OPC1_16_SSR_ST_B:
+case OPC1_16_SSR_ST_B_POSTINC:
+case OPC1_16_SSR_ST_H:
+case OPC1_16_SSR_ST_H_POSTINC:
+case OPC1_16_SSR_ST_W:
+case OPC1_16_SSR_ST_W_POSTINC:
+decode_ssr_opc(ctx, op1);
+break;
 }
 }

--
2.0.4

[Qemu-devel] [PATCH v4 09/15] target-tricore: Add instructions of SRRS and SLRO opcode format

[Bastian Koppelmann]

Add instructions of SSRS and SLRO opcode format.
Add micro-op generator functions for offset loads.

Signed-off-by: Bastian Koppelmann 

Reviewed-by: Richard Henderson 
---
 target-tricore/translate.c | 54 ++
 1 file changed, 54 insertions(+)

diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index 6f696fb..5ddbc84 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -107,6 +107,26 @@ void tricore_cpu_dump_state(CPUState *cs, FILE *f,
  * Functions to generate micro-ops
  */

+/* Functions for load/save to/from memory */
+
+static inline void gen_offset_ld(DisasContext *ctx, TCGv r1, TCGv r2,
+ int16_t con, TCGMemOp mop)
+{
+TCGv temp = tcg_temp_new();
+tcg_gen_addi_tl(temp, r2, con);
+tcg_gen_qemu_ld_tl(r1, temp, ctx->mem_idx, mop);
+tcg_temp_free(temp);
+}
+
+static inline void gen_offset_st(DisasContext *ctx, TCGv r1, TCGv r2,
+ int16_t con, TCGMemOp mop)
+{
+TCGv temp = tcg_temp_new();
+tcg_gen_addi_tl(temp, r2, con);
+tcg_gen_qemu_st_tl(r1, temp, ctx->mem_idx, mop);
+tcg_temp_free(temp);
+}
+
 /* Functions for arithmetic instructions  */

 static inline void gen_add_d(TCGv ret, TCGv r1, TCGv r2)
@@ -479,6 +499,9 @@ static void decode_ssr_opc(DisasContext *ctx, int op1)
 static void decode_16Bit_opc(CPUTRICOREState *env, DisasContext *ctx)
 {
 int op1;
+int r1, r2;
+int32_t const16;
+TCGv temp;

 op1 = MASK_OP_MAJOR(ctx->opcode);

@@ -534,6 +557,37 @@ static void decode_16Bit_opc(CPUTRICOREState *env, 
DisasContext *ctx)
 case OPC1_16_SSR_ST_W_POSTINC:
 decode_ssr_opc(ctx, op1);
 break;
+/* SRRS-format */
+case OPC1_16_SRRS_ADDSC_A:
+r2 = MASK_OP_SRRS_S2(ctx->opcode);
+r1 = MASK_OP_SRRS_S1D(ctx->opcode);
+const16 = MASK_OP_SRRS_N(ctx->opcode);
+temp = tcg_temp_new();
+tcg_gen_shli_tl(temp, cpu_gpr_d[15], const16);
+tcg_gen_add_tl(cpu_gpr_a[r1], cpu_gpr_a[r2], temp);
+tcg_temp_free(temp);
+break;
+/* SLRO-format */
+case OPC1_16_SLRO_LD_A:
+r1 = MASK_OP_SLRO_D(ctx->opcode);
+const16 = MASK_OP_SLRO_OFF4(ctx->opcode);
+gen_offset_ld(ctx, cpu_gpr_a[r1], cpu_gpr_a[15], const16 * 4, MO_LESL);
+break;
+case OPC1_16_SLRO_LD_BU:
+r1 = MASK_OP_SLRO_D(ctx->opcode);
+const16 = MASK_OP_SLRO_OFF4(ctx->opcode);
+gen_offset_ld(ctx, cpu_gpr_d[r1], cpu_gpr_a[15], const16, MO_UB);
+break;
+case OPC1_16_SLRO_LD_H:
+r1 = MASK_OP_SLRO_D(ctx->opcode);
+const16 = MASK_OP_SLRO_OFF4(ctx->opcode);
+gen_offset_ld(ctx, cpu_gpr_d[r1], cpu_gpr_a[15], const16 * 2, MO_LESW);
+break;
+case OPC1_16_SLRO_LD_W:
+r1 = MASK_OP_SLRO_D(ctx->opcode);
+const16 = MASK_OP_SLRO_OFF4(ctx->opcode);
+gen_offset_ld(ctx, cpu_gpr_d[r1], cpu_gpr_a[15], const16 * 4, MO_LESL);
+break;
 }
 }

--
2.0.4

[Qemu-devel] [PATCH v4 05/15] target-tricore: Add masks and opcodes for decoding

[Bastian Koppelmann]

Add masks and opcodes for decoding TriCore instructions.

Signed-off-by: Bastian Koppelmann 
---
 target-tricore/translate.c   |1 +
 target-tricore/tricore-opcodes.h | 1406 ++
 2 files changed, 1407 insertions(+)
 create mode 100644 target-tricore/tricore-opcodes.h

diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index 7275c49..0d30c51 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -26,6 +26,7 @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
+#include "tricore-opcodes.h"
 /*
  * TCG registers
  */
diff --git a/target-tricore/tricore-opcodes.h b/target-tricore/tricore-opcodes.h
new file mode 100644
index 000..9c6ec01
--- /dev/null
+++ b/target-tricore/tricore-opcodes.h
@@ -0,0 +1,1406 @@
+/*
+ *  Copyright (c) 2012-2014 Bastian Koppelmann C-Lab/University Paderborn
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+/*
+ * Opcode Masks for Tricore
+ * Format MASK_OP_InstrFormatName_Field
+ */
+
+/* This creates a mask with bits start .. end set to 1 and applies it to op */
+#define MASK_BITS_SHIFT(op, start, end) (extract32(op, (start), \
+(end) - (start) + 1))
+#define MASK_BITS_SHIFT_SEXT(op, start, end) (sextract32(op, (start),\
+ (end) - (start) + 1))
+
+/* new opcode masks */
+
+#define MASK_OP_MAJOR(op)  MASK_BITS_SHIFT(op, 0, 7)
+
+/* 16-Bit Formats */
+#define MASK_OP_SB_DISP8(op)   MASK_BITS_SHIFT(op, 8, 15)
+#define MASK_OP_SB_DISP8_SEXT(op) MASK_BITS_SHIFT_SEXT(op, 8, 15)
+
+#define MASK_OP_SBC_CONST4(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SBC_CONST4_SEXT(op) MASK_BITS_SHIFT_SEXT(op, 12, 15)
+#define MASK_OP_SBC_DISP4(op)  MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SBR_S2(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SBR_DISP4(op)  MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SBRN_N(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SBRN_DISP4(op) MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SC_CONST8(op)  MASK_BITS_SHIFT(op, 8, 15)
+
+#define MASK_OP_SLR_S2(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SLR_D(op)  MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SLRO_OFF4(op)  MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SLRO_D(op) MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SR_OP2(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SR_S1D(op) MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SRC_CONST4(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SRC_CONST4_SEXT(op) MASK_BITS_SHIFT_SEXT(op, 12, 15)
+#define MASK_OP_SRC_S1D(op)MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SRO_S2(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SRO_OFF4(op)   MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SRR_S2(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SRR_S1D(op)MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SRRS_S2(op)MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SRRS_S1D(op)   MASK_BITS_SHIFT(op, 8, 11)
+#define MASK_OP_SRRS_N(op) MASK_BITS_SHIFT(op, 6, 7)
+
+#define MASK_OP_SSR_S2(op) MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SSR_S1(op) MASK_BITS_SHIFT(op, 8, 11)
+
+#define MASK_OP_SSRO_OFF4(op)  MASK_BITS_SHIFT(op, 12, 15)
+#define MASK_OP_SSRO_S1(op)MASK_BITS_SHIFT(op, 8, 11)
+
+/* 32-Bit Formats */
+
+/* ABS Format */
+#define MASK_OP_ABS_OFF18(op)  (MASK_BITS_SHIFT(op, 16, 21) +   \
+   (MASK_BITS_SHIFT(op, 28, 31) << 6) + \
+   (MASK_BITS_SHIFT(op, 22, 25) << 10) +\
+   (MASK_BITS_SHIFT(op, 12, 15) << 14))
+#define MASK_OP_ABS_OP2(op)MASK_BITS_SHIFT(op, 26, 27)
+#define MASK_OP_ABS_S1D(op)MASK_BITS_SHIFT(op, 8, 11)
+
+/* ABSB Format */
+#define MASK_OP_ABSB_OFF18(op) MASK_OP_ABS_OFF18(op)
+#define MASK_OP_ABSB_OP2(op)   MASK_BITS_SHIFT(op, 26, 27)
+#define MASK_OP_ABSB_B(op) MASK_BITS_SHIFT(op, 11, 11)
+#define MASK_OP_ABSB_BPOS(op)  MASK_BITS_SHIFT(op, 7, 10)
+
+/* B Format   */
+#define MASK_OP_B_DISP24(op)   (MASK_BITS_SHIFT(op, 16, 31) + \
+   (MASK_BITS_SHIFT(op, 8, 15) << 16))
+/* BIT Format */
+#define MASK_OP_BIT_D(op)  MASK_BITS_SHIFT(op, 28, 31)
+#define MASK_OP_BIT_POS2(op)   MASK_BITS_SHIFT(op, 23, 27)
+#define MASK_OP_BIT_OP2(op)MASK_BITS_SHIFT(op,

[Qemu-devel] [PATCH v4 00/15] TriCore architecture guest implementation

[Bastian Koppelmann]

Hi,

my aim is to add Infineon's TriCore architecture to QEMU. This series of 
patches adds the target stubs, a basic testboard and a softmmu for system mode 
emulation. Furthermore it adds all the 16 bit long instructions of the 
architecture grouped by opcode format.

After this series of patches. Another one will follow, which adds a lot of the 
32 bit long instructions.

All the best

Bastian

v3 -> v4:
- tricore_cpu_type_info changed to abstract.
- Change documentation of PSW_USB_AV and PSW_USB_SAV bit to only use bit 31.
- Change psw_read/_write to only use bit 31 for PSW_USB_AV and PSW_USB_SAV.
- Remove gen_calc_psw_sv, gen_calc_psw_av, gen_calc_psw_sav functions.
- Rename gen_add_i32 to gen_add_d.
- Remove psw calculation from ADD_A.
- Replace makro OP_COND with function gen_cond_add, gen_cond_addi.
- gen_shaci now uses only 32 bit tcg shifts and implments special case of 
exactly 32 bit long shift.
- gen_cond_add now sets V and AV bits conditionaly through temp registers.
- Rename gen_sub_i32 to gen_sub_d.
- Fix V bit calculation in gen_sub_d and gen_mul_i32s.
- helper_add/sub_ssov now uses sign extended arguments.
- Remove unnecessary temp register in gen_adds/_subs.
- Add missing break in gen_compute_branch at CALL insn.
- Replace movcond with setcond at RSUB insn.
- Add AV, SAV calculation to RSUB insn.

Bastian Koppelmann (15):
  target-tricore: Add target stubs and qom-cpu
  target-tricore: Add board for systemmode
  target-tricore: Add softmmu support
  target-tricore: Add initialization for translation and activate target
  target-tricore: Add masks and opcodes for decoding
  target-tricore: Add instructions of SRC opcode format
  target-tricore: Add instructions of SRR opcode format
  target-tricore: Add instructions of SSR opcode format
  target-tricore: Add instructions of SRRS and SLRO opcode format
  target-tricore: Add instructions of SB opcode format
  target-tricore: Add instructions of SBC and SBRN opcode format
  target-tricore: Add instructions of SBR opcode format
  target-tricore: Add instructions of SC opcode format
  target-tricore: Add instructions of SLR, SSRO and SRO opcode format
  target-tricore: Add instructions of SR opcode format

 arch_init.c |2 +
 configure   |5 +
 cpu-exec.c  |   11 +-
 cpus.c  |6 +
 default-configs/tricore-softmmu.mak |3 +
 hw/tricore/Makefile.objs|1 +
 hw/tricore/tricore_testboard.c  |  129 
 include/elf.h   |2 +
 include/hw/tricore/tricore.h|   54 ++
 include/sysemu/arch_init.h  |1 +
 target-tricore/Makefile.objs|1 +
 target-tricore/cpu-qom.h|   71 ++
 target-tricore/cpu.c|  191 +
 target-tricore/cpu.h|  401 ++
 target-tricore/helper.c |  144 
 target-tricore/helper.h |   25 +
 target-tricore/op_helper.c  |  392 ++
 target-tricore/translate.c  | 1222 ++
 target-tricore/tricore-defs.h   |   28 +
 target-tricore/tricore-opcodes.h| 1406 +++
 20 files changed, 4094 insertions(+), 1 deletion(-)
 create mode 100644 default-configs/tricore-softmmu.mak
 create mode 100644 hw/tricore/Makefile.objs
 create mode 100644 hw/tricore/tricore_testboard.c
 create mode 100644 include/hw/tricore/tricore.h
 create mode 100644 target-tricore/Makefile.objs
 create mode 100644 target-tricore/cpu-qom.h
 create mode 100644 target-tricore/cpu.c
 create mode 100644 target-tricore/cpu.h
 create mode 100644 target-tricore/helper.c
 create mode 100644 target-tricore/helper.h
 create mode 100644 target-tricore/op_helper.c
 create mode 100644 target-tricore/translate.c
 create mode 100644 target-tricore/tricore-defs.h
 create mode 100644 target-tricore/tricore-opcodes.h

--
2.0.4

[Qemu-devel] [PATCH v4 11/15] target-tricore: Add instructions of SBC and SBRN opcode format

[Bastian Koppelmann]

Add instructions of SBC and SBRN opcode format.

Signed-off-by: Bastian Koppelmann 

Reviewed-by: Richard Henderson 
---
 target-tricore/translate.c | 36 
 1 file changed, 36 insertions(+)

diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index 18bfffb..9a03544 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -358,6 +358,8 @@ static inline void gen_branch_condi(DisasContext *ctx, int 
cond, TCGv r1,
 static void gen_compute_branch(DisasContext *ctx, uint32_t opc, int r1,
int r2 , int32_t constant , int32_t offset)
 {
+TCGv temp;
+
 switch (opc) {
 /* SB-format jumps */
 case OPC1_16_SB_J:
@@ -374,6 +376,26 @@ static void gen_compute_branch(DisasContext *ctx, uint32_t 
opc, int r1,
 case OPC1_16_SB_JNZ:
 gen_branch_condi(ctx, TCG_COND_NE, cpu_gpr_d[15], 0, offset);
 break;
+/* SBC-format jumps */
+case OPC1_16_SBC_JEQ:
+gen_branch_condi(ctx, TCG_COND_NE, cpu_gpr_d[15], constant, offset);
+break;
+case OPC1_16_SBC_JNE:
+gen_branch_condi(ctx, TCG_COND_NE, cpu_gpr_d[15], constant, offset);
+break;
+/* SBRN-format jumps */
+case OPC1_16_SBRN_JZ_T:
+temp = tcg_temp_new();
+tcg_gen_andi_tl(temp, cpu_gpr_d[15], 0x1u << constant);
+gen_branch_condi(ctx, TCG_COND_EQ, temp, 0, offset);
+tcg_temp_free(temp);
+break;
+case OPC1_16_SBRN_JNZ_T:
+temp = tcg_temp_new();
+tcg_gen_andi_tl(temp, cpu_gpr_d[15], 0x1u << constant);
+gen_branch_condi(ctx, TCG_COND_NE, temp, 0, offset);
+tcg_temp_free(temp);
+break;
 default:
 printf("Branch Error at %x\n", ctx->pc);
 }
@@ -677,6 +699,20 @@ static void decode_16Bit_opc(CPUTRICOREState *env, 
DisasContext *ctx)
 address = MASK_OP_SB_DISP8_SEXT(ctx->opcode);
 gen_compute_branch(ctx, op1, 0, 0, 0, address);
 break;
+/* SBC-format */
+case OPC1_16_SBC_JEQ:
+case OPC1_16_SBC_JNE:
+address = MASK_OP_SBC_DISP4(ctx->opcode);
+const16 = MASK_OP_SBC_CONST4_SEXT(ctx->opcode);
+gen_compute_branch(ctx, op1, 0, 0, const16, address);
+break;
+/* SBRN-format */
+case OPC1_16_SBRN_JNZ_T:
+case OPC1_16_SBRN_JZ_T:
+address = MASK_OP_SBRN_DISP4(ctx->opcode);
+const16 = MASK_OP_SBRN_N(ctx->opcode);
+gen_compute_branch(ctx, op1, 0, 0, const16, address);
+break;
 }
 }

--
2.0.4

[Qemu-devel] [PATCH v4 02/15] target-tricore: Add board for systemmode

[Bastian Koppelmann]

Add basic board to allow systemmode emulation

Signed-off-by: Bastian Koppelmann 
---
 hw/tricore/Makefile.objs   |   1 +
 hw/tricore/tricore_testboard.c | 129 +
 include/hw/tricore/tricore.h   |  54 +
 3 files changed, 184 insertions(+)
 create mode 100644 hw/tricore/Makefile.objs
 create mode 100644 hw/tricore/tricore_testboard.c
 create mode 100644 include/hw/tricore/tricore.h

diff --git a/hw/tricore/Makefile.objs b/hw/tricore/Makefile.objs
new file mode 100644
index 000..435e095
--- /dev/null
+++ b/hw/tricore/Makefile.objs
@@ -0,0 +1 @@
+obj-y += tricore_testboard.o
diff --git a/hw/tricore/tricore_testboard.c b/hw/tricore/tricore_testboard.c
new file mode 100644
index 000..fee67b1
--- /dev/null
+++ b/hw/tricore/tricore_testboard.c
@@ -0,0 +1,129 @@
+/*
+ * TriCore Baseboard System emulation.
+ *
+ * Copyright (c) 2014 Bastian Koppelmann
+ *
+ * This code is licensed under the GPL.
+ */
+
+#include "hw/hw.h"
+#include "hw/devices.h"
+#include "net/net.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "hw/loader.h"
+#include "sysemu/blockdev.h"
+#include "exec/address-spaces.h"
+#include "hw/block/flash.h"
+#include "elf.h"
+#include "hw/tricore/tricore.h"
+
+#define TRICORE_FLASH_ADDR 0xa000
+#define TRICORE_FLASH_SIZE (2 * 1024 * 1024)
+#define TRICORE_FLASH_SECT_SIZE (256 * 1024)
+
+
+/* Board init.  */
+
+static struct tricore_boot_info tricoretb_binfo;
+
+static void tricore_load_kernel(CPUTRICOREState *env)
+{
+int64_t entry;
+long kernel_size;
+
+kernel_size = load_elf(tricoretb_binfo.kernel_filename, NULL,
+   NULL, (uint64_t *)&entry, NULL,
+   NULL, 0,
+   ELF_MACHINE, 1);
+if (kernel_size <= 0) {
+fprintf(stderr, "qemu: no kernel file '%s'\n",
+tricoretb_binfo.kernel_filename);
+exit(1);
+}
+env->PC = entry;
+
+}
+
+static void tricore_testboard_init(MachineState *machine, int board_id)
+{
+TRICORECPU *cpu;
+CPUTRICOREState *env;
+
+MemoryRegion *sysmem = get_system_memory();
+MemoryRegion *ext_cram = g_new(MemoryRegion, 1);
+MemoryRegion *ext_dram = g_new(MemoryRegion, 1);
+MemoryRegion *int_cram = g_new(MemoryRegion, 1);
+MemoryRegion *int_dram = g_new(MemoryRegion, 1);
+MemoryRegion *pcp_data = g_new(MemoryRegion, 1);
+MemoryRegion *pcp_text = g_new(MemoryRegion, 1);
+DriveInfo *dinfo;
+
+if (!machine->cpu_model) {
+machine->cpu_model = "tc1796";
+}
+cpu = cpu_tricore_init(machine->cpu_model);
+env = &cpu->env;
+if (!cpu) {
+fprintf(stderr, "Unable to find CPU definition\n");
+exit(1);
+}
+memory_region_init_ram(ext_cram, NULL, "powerlink_ext_c.ram", 2*1024*1024);
+vmstate_register_ram_global(ext_cram);
+memory_region_init_ram(ext_dram, NULL, "powerlink_ext_d.ram", 4*1024*1024);
+vmstate_register_ram_global(ext_dram);
+memory_region_init_ram(int_cram, NULL, "powerlink_int_c.ram", 48*1024);
+vmstate_register_ram_global(int_cram);
+memory_region_init_ram(int_dram, NULL, "powerlink_int_d.ram", 48*1024);
+vmstate_register_ram_global(int_dram);
+memory_region_init_ram(pcp_data, NULL, "powerlink_pcp_data.ram", 16*1024);
+vmstate_register_ram_global(pcp_data);
+memory_region_init_ram(pcp_text, NULL, "powerlink_pcp_text.ram", 32*1024);
+vmstate_register_ram_global(pcp_text);
+
+memory_region_add_subregion(sysmem, 0x8000, ext_cram);
+memory_region_add_subregion(sysmem, 0xa100, ext_dram);
+memory_region_add_subregion(sysmem, 0xd400, int_cram);
+memory_region_add_subregion(sysmem, 0xd000, int_dram);
+memory_region_add_subregion(sysmem, 0xf005, pcp_data);
+memory_region_add_subregion(sysmem, 0xf006, pcp_text);
+
+dinfo = drive_get(IF_PFLASH, 0, 0);
+if (!pflash_cfi01_register(TRICORE_FLASH_ADDR, NULL,
+  "tricore_testboard.flash",
+  TRICORE_FLASH_SIZE, dinfo ? dinfo->bdrv : NULL,
+  TRICORE_FLASH_SECT_SIZE,
+  TRICORE_FLASH_SIZE / TRICORE_FLASH_SECT_SIZE,
+  2, 0x00, 0x00, 0x, 0x0, 0)) {
+
+fprintf(stderr, "qemu: Error registering flash memory.\n");
+} else {
+env->PC = TRICORE_FLASH_ADDR;
+}
+
+tricoretb_binfo.ram_size = machine->ram_size;
+tricoretb_binfo.kernel_filename = machine->kernel_filename;
+
+if (machine->kernel_filename) {
+tricore_load_kernel(env);
+}
+}
+
+static void tricoreboard_init(MachineState *machine)
+{
+tricore_testboard_init(machine, 0x183);
+}
+
+static QEMUMachine ttb_machine = {
+.name = "TriCore testboard",
+.desc = "Just for testing",
+.init = tricoreboard_init,
+.is_default = 1,
+};
+
+static void tricore_testboard_machine_init(void)
+{
+qemu_register_machine(&ttb_machine);
+}
+

[Qemu-devel] [PATCH v4 06/15] target-tricore: Add instructions of SRC opcode format

[Bastian Koppelmann]

Add instructions of SRC opcode format.
Add micro-op generator functions for add, conditional add/sub and shi/shai.

Signed-off-by: Bastian Koppelmann 
---
v3 -> v4:
- Remove gen_calc_psw_sv, gen_calc_psw_av, gen_calc_psw_sav functions.
- Replace gen_calc_psw_sv, gen_calc_psw_sav, gen_calc_psw_av calls.
- Rename gen_add_i32 to gen_add_d.
- Remove psw calculation from ADD_A.
- Replace makro OP_COND with function gen_cond_add, gen_cond_addi.
- gen_shaci now uses only 32 bit tcg shifts and implments special case of 
exactly 32 bit long shift.
- gen_cond_add now sets V and AV bits conditionaly through temp registers.

 target-tricore/helper.h|  16 
 target-tricore/translate.c | 222 +
 2 files changed, 238 insertions(+)

diff --git a/target-tricore/helper.h b/target-tricore/helper.h
index e69de29..5884240 100644
--- a/target-tricore/helper.h
+++ b/target-tricore/helper.h
@@ -0,0 +1,16 @@
+/*
+ *  Copyright (c) 2012-2014 Bastian Koppelmann C-Lab/University Paderborn
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index 0d30c51..ed2bf9b 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -27,6 +27,7 @@
 #include "exec/helper-gen.h"

 #include "tricore-opcodes.h"
+
 /*
  * TCG registers
  */
@@ -102,8 +103,229 @@ void tricore_cpu_dump_state(CPUState *cs, FILE *f,

 }

+/*
+ * Functions to generate micro-ops
+ */
+
+/* Functions for arithmetic instructions  */
+
+static inline void gen_add_d(TCGv ret, TCGv r1, TCGv r2)
+{
+TCGv t0 = tcg_temp_new_i32();
+/* Addition and set V/SV bits */
+tcg_gen_add_tl(ret, r1, r2);
+/* calc V bit */
+tcg_gen_xor_tl(cpu_PSW_V, ret, r1);
+tcg_gen_xor_tl(t0, r1, r2);
+tcg_gen_andc_tl(cpu_PSW_V, cpu_PSW_V, t0);
+/* Calc SV bit */
+tcg_gen_or_tl(cpu_PSW_SV, cpu_PSW_SV, cpu_PSW_V);
+/* Calc AV/SAV bits */
+tcg_gen_add_tl(cpu_PSW_AV, ret, ret);
+tcg_gen_xor_tl(cpu_PSW_AV, ret, cpu_PSW_AV);
+/* calc SAV */
+tcg_gen_or_tl(cpu_PSW_SAV, cpu_PSW_SAV, cpu_PSW_AV);
+tcg_temp_free(t0);
+}
+
+static inline void gen_addi_d(TCGv ret, TCGv r1, target_ulong r2)
+{
+TCGv temp = tcg_const_i32(r2);
+gen_add_d(ret, r1, temp);
+tcg_temp_free(temp);
+}
+
+static inline void gen_cond_add(int cond, TCGv r1, TCGv r2, TCGv r3,
+TCGv r4)
+{
+TCGv temp = tcg_temp_new();
+TCGv temp2 = tcg_temp_new();
+TCGv t0 = tcg_const_i32(0);
+
+tcg_gen_add_tl(temp, r1, r2);
+tcg_gen_movcond_tl(cond, r3, r4, t0, temp, r3);
+/* Calc PSW_V */
+tcg_gen_xor_tl(temp, temp, r1);
+tcg_gen_xor_tl(temp, r1, r2);
+tcg_gen_andc_tl(temp2, temp, t0);
+tcg_gen_movcond_tl(cond, cpu_PSW_V, r4, t0, temp2, cpu_PSW_V);
+/* Set PSW_SV */
+tcg_gen_or_tl(cpu_PSW_SV, temp2, cpu_PSW_SV);
+/* calc AV bit */
+tcg_gen_add_tl(temp2, temp2, temp);
+tcg_gen_xor_tl(temp2, temp2, temp);
+tcg_gen_movcond_tl(cond, cpu_PSW_AV, r4, t0, temp2, cpu_PSW_AV);
+/* calc SAV bit */
+tcg_gen_or_tl(cpu_PSW_SAV, temp2, cpu_PSW_SAV);
+
+tcg_temp_free(t0);
+tcg_temp_free(temp);
+tcg_temp_free(temp2);
+}
+
+static inline void gen_condi_add(int cond, TCGv r1, int32_t r2,
+ TCGv r3, TCGv r4)
+{
+TCGv temp = tcg_const_i32(r2);
+gen_cond_add(cond, r1, temp, r3, r4);
+tcg_temp_free(temp);
+}
+
+static void gen_shi(TCGv ret, TCGv r1, int32_t shift_count)
+{
+if (shift_count == -32) {
+tcg_gen_movi_tl(ret, 0);
+} else if (shift_count >= 0) {
+tcg_gen_shli_tl(ret, r1, shift_count);
+} else {
+tcg_gen_shri_tl(ret, r1, (-shift_count));
+}
+}
+
+static void gen_shaci(TCGv ret, TCGv r1, int32_t shift_count)
+{
+uint32_t msk, msk_start;
+TCGv temp = tcg_temp_new();
+TCGv temp2 = tcg_temp_new();
+TCGv t_max = tcg_const_i32(0x7FFF >> shift_count);
+TCGv t_min = tcg_const_i32(-(0x8000L) >> shift_count);
+TCGv t_0 = tcg_const_i32(0);
+
+if (shift_count == 0) {
+/* Clear PSW.C */
+tcg_gen_movi_tl(cpu_PSW_C, 0);
+tcg_gen_mov_tl(ret, r1);
+} else if (shift_count == 32) {
+/* fill ret completly with sign bit */
+tcg_gen_sari_tl(ret, r1, 31);
+} else if

[Qemu-devel] [PATCH v4 13/15] target-tricore: Add instructions of SC opcode format

[Bastian Koppelmann]

Add instructions of SC opcode format.
Add helper for begin interrupt service routine.

Signed-off-by: Bastian Koppelmann 

Reviewed-by: Richard Henderson 
---
 target-tricore/helper.h|  1 +
 target-tricore/op_helper.c | 59 ++
 target-tricore/translate.c | 48 +
 3 files changed, 108 insertions(+)

diff --git a/target-tricore/helper.h b/target-tricore/helper.h
index adf5b26..3c73234 100644
--- a/target-tricore/helper.h
+++ b/target-tricore/helper.h
@@ -21,3 +21,4 @@ DEF_HELPER_3(sub_ssov, i32, env, i32, i32)
 /* CSA */
 DEF_HELPER_2(call, void, env, i32)
 DEF_HELPER_1(ret, void, env)
+DEF_HELPER_2(bisr, void, env, i32)
diff --git a/target-tricore/op_helper.c b/target-tricore/op_helper.c
index 0006d44..c9cf0de 100644
--- a/target-tricore/op_helper.c
+++ b/target-tricore/op_helper.c
@@ -122,6 +122,28 @@ static void save_context_upper(CPUTRICOREState *env, int 
ea,

 }

+static void save_context_lower(CPUTRICOREState *env, int ea,
+   target_ulong *new_FCX)
+{
+*new_FCX = cpu_ldl_data(env, ea);
+cpu_stl_data(env, ea, env->PCXI);
+cpu_stl_data(env, ea+4, env->PSW);
+cpu_stl_data(env, ea+8, env->gpr_a[2]);
+cpu_stl_data(env, ea+12, env->gpr_a[3]);
+cpu_stl_data(env, ea+16, env->gpr_d[0]);
+cpu_stl_data(env, ea+20, env->gpr_d[1]);
+cpu_stl_data(env, ea+24, env->gpr_d[2]);
+cpu_stl_data(env, ea+28, env->gpr_d[3]);
+cpu_stl_data(env, ea+32, env->gpr_a[4]);
+cpu_stl_data(env, ea+36, env->gpr_a[5]);
+cpu_stl_data(env, ea+40, env->gpr_a[6]);
+cpu_stl_data(env, ea+44, env->gpr_a[7]);
+cpu_stl_data(env, ea+48, env->gpr_d[4]);
+cpu_stl_data(env, ea+52, env->gpr_d[5]);
+cpu_stl_data(env, ea+56, env->gpr_d[6]);
+cpu_stl_data(env, ea+60, env->gpr_d[7]);
+}
+
 static void restore_context_upper(CPUTRICOREState *env, int ea,
   target_ulong *new_PCXI, target_ulong 
*new_PSW)
 {
@@ -243,6 +265,43 @@ void helper_ret(CPUTRICOREState *env)
 }
 }

+void helper_bisr(CPUTRICOREState *env, uint32_t const9)
+{
+target_ulong tmp_FCX;
+target_ulong ea;
+target_ulong new_FCX;
+
+if (env->FCX == 0) {
+/* FCU trap */
+}
+
+tmp_FCX = env->FCX;
+ea = ((env->FCX & 0xf) << 12) + ((env->FCX & 0x) << 6);
+
+save_context_lower(env, ea, &new_FCX);
+
+/* PCXI.PCPN = ICR.CCPN */
+env->PCXI = (env->PCXI & 0xff) +
+ ((env->ICR & MASK_ICR_CCPN) << 24);
+/* PCXI.PIE  = ICR.IE */
+env->PCXI = ((env->PCXI & ~MASK_PCXI_PIE) +
+ ((env->ICR & MASK_ICR_IE) << 15));
+/* PCXI.UL = 0 */
+env->PCXI &= ~(MASK_PCXI_UL);
+/* PCXI[19: 0] = FCX[19: 0] */
+env->PCXI = (env->PCXI & 0xfff0) + (env->FCX & 0xf);
+/* FXC[19: 0] = new_FCX[19: 0] */
+env->FCX = (env->FCX & 0xfff0) + (new_FCX & 0xf);
+/* ICR.IE = 1 */
+env->ICR |= MASK_ICR_IE;
+
+env->ICR |= const9; /* ICR.CCPN = const9[7: 0];*/
+
+if (tmp_FCX == env->LCX) {
+/* FCD trap */
+}
+}
+
 static inline void QEMU_NORETURN do_raise_exception_err(CPUTRICOREState *env,
 uint32_t exception,
 int error_code,
diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index eb7be30..ce90a60 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -646,6 +646,42 @@ static void decode_ssr_opc(DisasContext *ctx, int op1)
 }
 }

+static void decode_sc_opc(DisasContext *ctx, int op1)
+{
+int32_t const16;
+
+const16 = MASK_OP_SC_CONST8(ctx->opcode);
+
+switch (op1) {
+case OPC1_16_SC_AND:
+tcg_gen_andi_tl(cpu_gpr_d[15], cpu_gpr_d[15], const16);
+break;
+case OPC1_16_SC_BISR:
+gen_helper_1arg(bisr, const16 & 0xff);
+break;
+case OPC1_16_SC_LD_A:
+gen_offset_ld(ctx, cpu_gpr_a[15], cpu_gpr_a[10], const16 * 4, MO_LESL);
+break;
+case OPC1_16_SC_LD_W:
+gen_offset_ld(ctx, cpu_gpr_d[15], cpu_gpr_a[10], const16 * 4, MO_LESL);
+break;
+case OPC1_16_SC_MOV:
+tcg_gen_movi_tl(cpu_gpr_d[15], const16);
+break;
+case OPC1_16_SC_OR:
+tcg_gen_ori_tl(cpu_gpr_d[15], cpu_gpr_d[15], const16);
+break;
+case OPC1_16_SC_ST_A:
+gen_offset_st(ctx, cpu_gpr_a[15], cpu_gpr_a[10], const16 * 4, MO_LESL);
+break;
+case OPC1_16_SC_ST_W:
+gen_offset_st(ctx, cpu_gpr_d[15], cpu_gpr_a[10], const16 * 4, MO_LESL);
+break;
+case OPC1_16_SC_SUB_A:
+tcg_gen_subi_tl(cpu_gpr_a[10], cpu_gpr_a[10], const16);
+break;
+}
+}
 static void decode_16Bit_opc(CPUTRICOREState *env, DisasContext *ctx)
 {
 int op1;
@@ -777,6 +813,18 @@ static void decode_16Bit_opc(CPUTRICOREState *env, 
DisasContext *ctx)
 address = MASK_OP_SBR_DISP4(ctx->opcode);
 gen_comp

[Qemu-devel] [PATCH v4 04/15] target-tricore: Add initialization for translation and activate target

[Bastian Koppelmann]

Add tcg and cpu model initialization.
Add gen_intermediate_code function.
Activate target in configure and add softmmu config.

Signed-off-by: Bastian Koppelmann 
---
 configure   |   5 ++
 default-configs/tricore-softmmu.mak |   3 +
 target-tricore/translate.c  | 165 
 3 files changed, 173 insertions(+)
 create mode 100644 default-configs/tricore-softmmu.mak

diff --git a/configure b/configure
index f7685b5..5003e28 100755
--- a/configure
+++ b/configure
@@ -4965,6 +4965,9 @@ case "$target_name" in
 TARGET_BASE_ARCH=mips
 echo "TARGET_ABI_MIPSN64=y" >> $config_target_mak
   ;;
+  tricore)
+target_phys_bits=32
+  ;;
   moxie)
   ;;
   or32)
@@ -5162,6 +5165,8 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
 echo "CONFIG_MIPS_DIS=y"  >> $config_target_mak
 echo "CONFIG_MIPS_DIS=y"  >> config-all-disas.mak
   ;;
+  tricore*)
+  ;;
   moxie*)
 echo "CONFIG_MOXIE_DIS=y"  >> $config_target_mak
 echo "CONFIG_MOXIE_DIS=y"  >> config-all-disas.mak
diff --git a/default-configs/tricore-softmmu.mak 
b/default-configs/tricore-softmmu.mak
new file mode 100644
index 000..48ccd12
--- /dev/null
+++ b/default-configs/tricore-softmmu.mak
@@ -0,0 +1,3 @@
+include pci.mak
+CONFIG_PFLASH_CFI01=y
+CONFIG_SMC91C111=y
diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index 5bb212d..7275c49 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -26,6 +26,26 @@
 #include "exec/helper-proto.h"
 #include "exec/helper-gen.h"
 
+/*
+ * TCG registers
+ */
+static TCGv cpu_PC;
+static TCGv cpu_PCXI;
+static TCGv cpu_PSW;
+static TCGv cpu_ICR;
+/* GPR registers */
+static TCGv cpu_gpr_a[16];
+static TCGv cpu_gpr_d[16];
+/* PSW Flag cache */
+static TCGv cpu_PSW_C;
+static TCGv cpu_PSW_V;
+static TCGv cpu_PSW_SV;
+static TCGv cpu_PSW_AV;
+static TCGv cpu_PSW_SAV;
+/* CPU env */
+static TCGv_ptr cpu_env;
+
+#include "exec/gen-icount.h"
 
 static const char *regnames_a[] = {
   "a0"  , "a1"  , "a2"  , "a3" , "a4"  , "a5" ,
@@ -39,6 +59,25 @@ static const char *regnames_d[] = {
   "d12" , "d13" , "d14" , "d15",
 };
 
+typedef struct DisasContext {
+struct TranslationBlock *tb;
+target_ulong pc, saved_pc, next_pc;
+uint32_t opcode;
+int singlestep_enabled;
+/* Routine used to access memory */
+int mem_idx;
+uint32_t hflags, saved_hflags;
+int bstate;
+} DisasContext;
+
+enum {
+
+BS_NONE   = 0,
+BS_STOP   = 1,
+BS_BRANCH = 2,
+BS_EXCP   = 3,
+};
+
 void tricore_cpu_dump_state(CPUState *cs, FILE *f,
 fprintf_function cpu_fprintf, int flags)
 {
@@ -62,10 +101,88 @@ void tricore_cpu_dump_state(CPUState *cs, FILE *f,
 
 }
 
+static void decode_16Bit_opc(CPUTRICOREState *env, DisasContext *ctx)
+{
+}
+
+static void decode_32Bit_opc(CPUTRICOREState *env, DisasContext *ctx)
+{
+}
+
+static void decode_opc(CPUTRICOREState *env, DisasContext *ctx, int *is_branch)
+{
+/* 16-Bit Instruction */
+if ((ctx->opcode & 0x1) == 0) {
+ctx->next_pc = ctx->pc + 2;
+decode_16Bit_opc(env, ctx);
+/* 32-Bit Instruction */
+} else {
+ctx->next_pc = ctx->pc + 4;
+decode_32Bit_opc(env, ctx);
+}
+}
+
 static inline void
 gen_intermediate_code_internal(TRICORECPU *cpu, struct TranslationBlock *tb,
   int search_pc)
 {
+CPUState *cs = CPU(cpu);
+CPUTRICOREState *env = &cpu->env;
+DisasContext ctx;
+target_ulong pc_start;
+int num_insns;
+uint16_t *gen_opc_end;
+
+if (search_pc) {
+qemu_log("search pc %d\n", search_pc);
+}
+
+num_insns = 0;
+pc_start = tb->pc;
+gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
+ctx.pc = pc_start;
+ctx.saved_pc = -1;
+ctx.tb = tb;
+ctx.singlestep_enabled = cs->singlestep_enabled;
+ctx.bstate = BS_NONE;
+ctx.mem_idx = cpu_mmu_index(env);
+
+tcg_clear_temp_count();
+gen_tb_start();
+while (ctx.bstate == BS_NONE) {
+ctx.opcode = cpu_ldl_code(env, ctx.pc);
+decode_opc(env, &ctx, 0);
+
+num_insns++;
+
+ctx.pc = ctx.next_pc;
+if (tcg_ctx.gen_opc_ptr >= gen_opc_end) {
+break;
+}
+if (singlestep) {
+break;
+}
+}
+
+gen_tb_end(tb, num_insns);
+*tcg_ctx.gen_opc_ptr = INDEX_op_end;
+if (search_pc) {
+printf("done_generating search pc\n");
+} else {
+tb->size = ctx.pc - pc_start;
+tb->icount = num_insns;
+}
+if (tcg_check_temp_count()) {
+printf("LEAK at %08x\n", env->PC);
+}
+
+#ifdef DEBUG_DISAS
+if (qemu_loglevel_mask(CPU_LOG_TB_IN_ASM)) {
+qemu_log("IN: %s\n", lookup_symbol(pc_start));
+log_target_disas(env, pc_start, ctx.pc - pc_start, 0);
+qemu_log("\n");
+}
+#endif
 }
 
 void
@@ -93,8 +210,56 @@ restore_state_to_opc(CPUTRICOREState *env, TranslationBlock 
*tb, int pc_pos)
 
 void cpu_s

[Qemu-devel] [PATCH v4 03/15] target-tricore: Add softmmu support

[Bastian Koppelmann]

Add basic softmmu support for TriCore

Signed-off-by: Bastian Koppelmann 
---
 target-tricore/helper.c| 54 +-
 target-tricore/op_helper.c | 33 +++-
 2 files changed, 85 insertions(+), 2 deletions(-)

diff --git a/target-tricore/helper.c b/target-tricore/helper.c
index 0794672..22acb83 100644
--- a/target-tricore/helper.c
+++ b/target-tricore/helper.c
@@ -24,10 +24,62 @@
 
 #include "cpu.h"
 
+enum {
+TLBRET_DIRTY = -4,
+TLBRET_INVALID = -3,
+TLBRET_NOMATCH = -2,
+TLBRET_BADADDR = -1,
+TLBRET_MATCH = 0
+};
+
+#if defined(CONFIG_SOFTMMU)
+static int get_physical_address(CPUTRICOREState *env, hwaddr *physical,
+int *prot, target_ulong address,
+int rw, int access_type)
+{
+int ret = TLBRET_MATCH;
+
+*physical = address & 0x;
+*prot = PAGE_READ | PAGE_WRITE;
+
+return ret;
+}
+#endif
+
+/* TODO: Add exeption support*/
+static void raise_mmu_exception(CPUTRICOREState *env, target_ulong address,
+int rw, int tlb_error)
+{
+}
+
 int cpu_tricore_handle_mmu_fault(CPUState *cs, target_ulong address,
  int rw, int mmu_idx)
 {
-return 0;
+TRICORECPU *cpu = TRICORE_CPU(cs);
+CPUTRICOREState *env = &cpu->env;
+hwaddr physical;
+int prot;
+int access_type;
+int ret = 0;
+
+rw &= 1;
+access_type = ACCESS_INT;
+ret = get_physical_address(env, &physical, &prot,
+   address, rw, access_type);
+qemu_log("%s address=" TARGET_FMT_lx " ret %d physical " TARGET_FMT_plx
+ " prot %d\n", __func__, address, ret, physical, prot);
+
+if (ret == TLBRET_MATCH) {
+tlb_set_page(cs, address & TARGET_PAGE_MASK,
+ physical & TARGET_PAGE_MASK, prot | PAGE_EXEC,
+ mmu_idx, TARGET_PAGE_SIZE);
+ret = 0;
+} else if (ret < 0) {
+raise_mmu_exception(env, address, rw, ret);
+ret = 1;
+}
+
+return ret;
 }
 
 void tricore_cpu_do_interrupt(CPUState *cs)
diff --git a/target-tricore/op_helper.c b/target-tricore/op_helper.c
index 275790b..2e5981f 100644
--- a/target-tricore/op_helper.c
+++ b/target-tricore/op_helper.c
@@ -20,8 +20,39 @@
 #include "exec/helper-proto.h"
 #include "exec/cpu_ldst.h"
 
+static inline void QEMU_NORETURN do_raise_exception_err(CPUTRICOREState *env,
+uint32_t exception,
+int error_code,
+uintptr_t pc)
+{
+CPUState *cs = CPU(tricore_env_get_cpu(env));
+cs->exception_index = exception;
+env->error_code = error_code;
+
+if (pc) {
+/* now we have a real cpu fault */
+cpu_restore_state(cs, pc);
+}
+
+cpu_loop_exit(cs);
+}
+
+static inline void QEMU_NORETURN do_raise_exception(CPUTRICOREState *env,
+uint32_t exception,
+uintptr_t pc)
+{
+do_raise_exception_err(env, exception, 0, pc);
+}
+
 void tlb_fill(CPUState *cs, target_ulong addr, int is_write, int mmu_idx,
   uintptr_t retaddr)
 {
+int ret;
+ret = cpu_tricore_handle_mmu_fault(cs, addr, is_write, mmu_idx);
+if (ret) {
+TRICORECPU *cpu = TRICORE_CPU(cs);
+CPUTRICOREState *env = &cpu->env;
+do_raise_exception_err(env, cs->exception_index,
+   env->error_code, retaddr);
+}
 }
-
-- 
2.0.4

[Qemu-devel] [PATCH v4 10/15] target-tricore: Add instructions of SB opcode format

[Bastian Koppelmann]

Add instructions of SB opcode format.
Add helper call/ret.
Add micro-op generator functions for branches.
Add makro to generate helper functions.

Signed-off-by: Bastian Koppelmann 
---
v3 -> v4:
- Add missing break in gen_compute_branch at CALL insn.

 target-tricore/helper.h|   3 +
 target-tricore/op_helper.c | 180 +
 target-tricore/translate.c |  89 ++
 3 files changed, 272 insertions(+)

diff --git a/target-tricore/helper.h b/target-tricore/helper.h
index 299bd77..adf5b26 100644
--- a/target-tricore/helper.h
+++ b/target-tricore/helper.h
@@ -18,3 +18,6 @@
 /* Arithmetic */
 DEF_HELPER_3(add_ssov, i32, env, i32, i32)
 DEF_HELPER_3(sub_ssov, i32, env, i32, i32)
+/* CSA */
+DEF_HELPER_2(call, void, env, i32)
+DEF_HELPER_1(ret, void, env)
diff --git a/target-tricore/op_helper.c b/target-tricore/op_helper.c
index 6d94f0b..0006d44 100644
--- a/target-tricore/op_helper.c
+++ b/target-tricore/op_helper.c
@@ -63,6 +63,186 @@ target_ulong helper_sub_ssov(CPUTRICOREState *env, 
target_ulong r1,
 return ret;
 }

+/* context save area (CSA) related helpers */
+
+static int cdc_increment(target_ulong *psw)
+{
+if ((*psw & MASK_PSW_CDC) == 0x7f) {
+return 0;
+}
+
+(*psw)++;
+/* check for overflow */
+int lo = clo32((*psw & MASK_PSW_CDC) << (32 - 7));
+int mask = (1u << (7 - lo)) - 1;
+int count = *psw & mask;
+if (count == 0) {
+(*psw)--;
+return 1;
+}
+return 0;
+}
+
+static int cdc_decrement(target_ulong *psw)
+{
+if ((*psw & MASK_PSW_CDC) == 0x7f) {
+return 0;
+}
+/* check for underflow */
+int lo = clo32((*psw & MASK_PSW_CDC) << (32 - 7));
+int mask = (1u << (7 - lo)) - 1;
+int count = *psw & mask;
+if (count == 0) {
+return 1;
+}
+(*psw)--;
+return 0;
+}
+
+static void save_context_upper(CPUTRICOREState *env, int ea,
+   target_ulong *new_FCX)
+{
+*new_FCX = cpu_ldl_data(env, ea);
+cpu_stl_data(env, ea, env->PCXI);
+cpu_stl_data(env, ea+4, env->PSW);
+cpu_stl_data(env, ea+8, env->gpr_a[10]);
+cpu_stl_data(env, ea+12, env->gpr_a[11]);
+cpu_stl_data(env, ea+16, env->gpr_d[8]);
+cpu_stl_data(env, ea+20, env->gpr_d[9]);
+cpu_stl_data(env, ea+24, env->gpr_d[10]);
+cpu_stl_data(env, ea+28, env->gpr_d[11]);
+cpu_stl_data(env, ea+32, env->gpr_a[12]);
+cpu_stl_data(env, ea+36, env->gpr_a[13]);
+cpu_stl_data(env, ea+40, env->gpr_a[14]);
+cpu_stl_data(env, ea+44, env->gpr_a[15]);
+cpu_stl_data(env, ea+48, env->gpr_d[12]);
+cpu_stl_data(env, ea+52, env->gpr_d[13]);
+cpu_stl_data(env, ea+56, env->gpr_d[14]);
+cpu_stl_data(env, ea+60, env->gpr_d[15]);
+
+}
+
+static void restore_context_upper(CPUTRICOREState *env, int ea,
+  target_ulong *new_PCXI, target_ulong 
*new_PSW)
+{
+*new_PCXI = cpu_ldl_data(env, ea);
+*new_PSW = cpu_ldl_data(env, ea+4);
+env->gpr_a[10] = cpu_ldl_data(env, ea+8);
+env->gpr_a[11] = cpu_ldl_data(env, ea+12);
+env->gpr_d[8]  = cpu_ldl_data(env, ea+16);
+env->gpr_d[9]  = cpu_ldl_data(env, ea+20);
+env->gpr_d[10] = cpu_ldl_data(env, ea+24);
+env->gpr_d[11] = cpu_ldl_data(env, ea+28);
+env->gpr_a[12] = cpu_ldl_data(env, ea+32);
+env->gpr_a[13] = cpu_ldl_data(env, ea+36);
+env->gpr_a[14] = cpu_ldl_data(env, ea+40);
+env->gpr_a[15] = cpu_ldl_data(env, ea+44);
+env->gpr_d[12] = cpu_ldl_data(env, ea+48);
+env->gpr_d[13] = cpu_ldl_data(env, ea+52);
+env->gpr_d[14] = cpu_ldl_data(env, ea+56);
+env->gpr_d[15] = cpu_ldl_data(env, ea+60);
+cpu_stl_data(env, ea, env->FCX);
+}
+
+void helper_call(CPUTRICOREState *env, uint32_t next_pc)
+{
+target_ulong tmp_FCX;
+target_ulong ea;
+target_ulong new_FCX;
+target_ulong psw;
+
+psw = psw_read(env);
+/* if (FCX == 0) trap(FCU); */
+if (env->FCX == 0) {
+/* FCU trap */
+}
+/* if (PSW.CDE) then if (cdc_increment()) then trap(CDO); */
+if (psw & MASK_PSW_CDE) {
+if (cdc_increment(&psw)) {
+/* CDO trap */
+}
+}
+/* PSW.CDE = 1;*/
+psw |= MASK_PSW_CDE;
+/* tmp_FCX = FCX; */
+tmp_FCX = env->FCX;
+/* EA = {FCX.FCXS, 6'b0, FCX.FCXO, 6'b0}; */
+ea = ((env->FCX & MASK_FCX_FCXS) << 12) +
+ ((env->FCX & MASK_FCX_FCXO) << 6);
+/* new_FCX = M(EA, word);
+   M(EA, 16 * word) = {PCXI, PSW, A[10], A[11], D[8], D[9], D[10], D[11],
+  A[12], A[13], A[14], A[15], D[12], D[13], D[14],
+  D[15]}; */
+save_context_upper(env, ea, &new_FCX);
+
+/* PCXI.PCPN = ICR.CCPN; */
+env->PCXI = (env->PCXI & 0xff) +
+((env->ICR & MASK_ICR_CCPN) << 24);
+/* PCXI.PIE = ICR.IE; */
+env->PCXI = ((env->PCXI & ~MASK_PCXI_PIE) +
+((env->ICR & MASK_ICR_IE) << 15));
+/* PCXI.UL = 1; */
+env->PCXI |= MASK_

Re: [Qemu-devel] [RFC PATCH 10/10] cpus: reclaim allocated vCPU objects

[Anshul Makkar]

Thanks Gu.. cpu-hotunplug is working fine in my  tests.

For cpu-hotplug, I get inconsistent result if I delete arbitrary cpu
and not just the last one.

for eg
list of cpus: 1, 2 ,3
device_add cpu 4
device_add cpu 5
device_add cpu 6

device_del cpu 4
device_del cpu 6

now if I do device_add cpu6, then cpu 4 gets added and now if I try to
do add cpu 4 or 6, it says cpu already exist.. Its a kind of vague
behaviour.. Do, we follow any protocol here while adding and deleting
cpus.

Thanks
Anshul Makkar
www.justkernel.com

On Thu, Aug 7, 2014 at 6:54 AM, Gu Zheng  wrote:
> After ACPI get a signal to eject a vCPU, the vCPU must be
> removed from CPU list，before the vCPU really removed,  then
> release the all related vCPU objects.
> But we do not close KVM vcpu fd, just record it into a list, in
> order to reuse it.
>
> Signed-off-by: Chen Fan 
> Signed-off-by: Gu Zheng 
> ---
>  cpus.c   |   37 
>  include/sysemu/kvm.h |1 +
>  kvm-all.c|   57 
> +-
>  3 files changed, 94 insertions(+), 1 deletions(-)
>
> diff --git a/cpus.c b/cpus.c
> index 4dfb889..9a73407 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -786,6 +786,24 @@ void async_run_on_cpu(CPUState *cpu, void (*func)(void 
> *data), void *data)
>  qemu_cpu_kick(cpu);
>  }
>
> +static void qemu_kvm_destroy_vcpu(CPUState *cpu)
> +{
> +CPU_REMOVE(cpu);
> +
> +if (kvm_destroy_vcpu(cpu) < 0) {
> +fprintf(stderr, "kvm_destroy_vcpu failed.\n");
> +exit(1);
> +}
> +
> +object_unparent(OBJECT(cpu));
> +}
> +
> +static void qemu_tcg_destroy_vcpu(CPUState *cpu)
> +{
> +CPU_REMOVE(cpu);
> +object_unparent(OBJECT(cpu));
> +}
> +
>  static void flush_queued_work(CPUState *cpu)
>  {
>  struct qemu_work_item *wi;
> @@ -877,6 +895,11 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
>  }
>  }
>  qemu_kvm_wait_io_event(cpu);
> +if (cpu->exit && !cpu_can_run(cpu)) {
> +qemu_kvm_destroy_vcpu(cpu);
> +qemu_mutex_unlock(&qemu_global_mutex);
> +return NULL;
> +}
>  }
>
>  return NULL;
> @@ -929,6 +952,7 @@ static void tcg_exec_all(void);
>  static void *qemu_tcg_cpu_thread_fn(void *arg)
>  {
>  CPUState *cpu = arg;
> +CPUState *remove_cpu = NULL;
>
>  qemu_tcg_init_cpu_signals();
>  qemu_thread_get_self(cpu->thread);
> @@ -961,6 +985,16 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
>  }
>  }
>  qemu_tcg_wait_io_event();
> +CPU_FOREACH(cpu) {
> +if (cpu->exit && !cpu_can_run(cpu)) {
> +remove_cpu = cpu;
> +break;
> +}
> +}
> +if (remove_cpu) {
> +qemu_tcg_destroy_vcpu(remove_cpu);
> +remove_cpu = NULL;
> +}
>  }
>
>  return NULL;
> @@ -1316,6 +1350,9 @@ static void tcg_exec_all(void)
>  break;
>  }
>  } else if (cpu->stop || cpu->stopped) {
> +if (cpu->exit) {
> +next_cpu = CPU_NEXT(cpu);
> +}
>  break;
>  }
>  }
> diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
> index 174ea36..88e2403 100644
> --- a/include/sysemu/kvm.h
> +++ b/include/sysemu/kvm.h
> @@ -178,6 +178,7 @@ int kvm_has_intx_set_mask(void);
>
>  int kvm_init_vcpu(CPUState *cpu);
>  int kvm_cpu_exec(CPUState *cpu);
> +int kvm_destroy_vcpu(CPUState *cpu);
>
>  #ifdef NEED_CPU_H
>
> diff --git a/kvm-all.c b/kvm-all.c
> index 1402f4f..d0caeff 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -74,6 +74,12 @@ typedef struct KVMSlot
>
>  typedef struct kvm_dirty_log KVMDirtyLog;
>
> +struct KVMParkedVcpu {
> +unsigned long vcpu_id;
> +int kvm_fd;
> +QLIST_ENTRY(KVMParkedVcpu) node;
> +};
> +
>  struct KVMState
>  {
>  KVMSlot *slots;
> @@ -108,6 +114,7 @@ struct KVMState
>  QTAILQ_HEAD(msi_hashtab, KVMMSIRoute) msi_hashtab[KVM_MSI_HASHTAB_SIZE];
>  bool direct_msi;
>  #endif
> +QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus;
>  };
>
>  KVMState *kvm_state;
> @@ -226,6 +233,53 @@ static int kvm_set_user_memory_region(KVMState *s, 
> KVMSlot *slot)
>  return kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, &mem);
>  }
>
> +int kvm_destroy_vcpu(CPUState *cpu)
> +{
> +KVMState *s = kvm_state;
> +long mmap_size;
> +struct KVMParkedVcpu *vcpu = NULL;
> +int ret = 0;
> +
> +DPRINTF("kvm_destroy_vcpu\n");
> +
> +mmap_size = kvm_ioctl(s, KVM_GET_VCPU_MMAP_SIZE, 0);
> +if (mmap_size < 0) {
> +ret = mmap_size;
> +DPRINTF("KVM_GET_VCPU_MMAP_SIZE failed\n");
> +goto err;
> +}
> +
> +ret = munmap(cpu->kvm_run, mmap_size);
> +if (ret < 0) {
> +goto err;
> +}
> +
> +vcpu = g_malloc0(sizeof(*vcpu));
> +vcpu->vcpu_id = kvm_arch_vcpu_id(cpu);
> +vcpu->kvm_fd = cpu->kvm_fd;
> +QLIST_INSERT_HEAD(&kvm_state->kvm_parked_vcpus,

[Qemu-devel] [Bug 1353947] [NEW] Hypervisor with QEMU-2.0/libvirtd 1.2.2 stack when launching VM with CirrOS or Ubuntu 12.04

[Eyal Perry]

Public bug reported:

The issue observed when running an hypervisor with QEMU 2.0/libvirtd 1.2.2
The VM network interface is attached to a PCI virtual function (SR-IOV).

When we ran VM with guest OS CirrOS or Ubuntu 12.04 we observed an hipervisor 
hang shortly after the VM is loaded
We observed the same issue with Mellanox NIC and with Intel NIC

We’ve tried few combinations of {GuestOS}X{Hypervisor} and we got the following 
findings:
When a hypervisor is running QEMU 1.5/libvirtd 1.1.1 - no issue observed
When a hypervisor is running QEMU 2.0/libvirtd 1.2.2 - CirrOS and Ubuntu 12.04 
guest OSes caused hypervisor hang
When a hypervisor is running QEMU 2.0/libvirtd 1.2.2 - CentOS 6.4 and Ubuntu 
13.10 - no issue observed

The problematic guest OSes are with kernel versions ~3.2.y

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "screen shot of hypervisor hang"
   
https://bugs.launchpad.net/bugs/1353947/+attachment/4171909/+files/qemu-issue%5B1%5D.png

** Information type changed from Private Security to Public

** Summary changed:

- Hypervisor with QEMU-2.0 stack when launching VM with CirrOS or Ubuntu 12.04
+ Hypervisor with QEMU-2.0/libvirtd 1.2.2 stack when launching VM with CirrOS 
or Ubuntu 12.04

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1353947

Title:
  Hypervisor with QEMU-2.0/libvirtd 1.2.2 stack when launching VM with
  CirrOS or Ubuntu 12.04

Status in QEMU:
  New

Bug description:
  The issue observed when running an hypervisor with QEMU 2.0/libvirtd 1.2.2
  The VM network interface is attached to a PCI virtual function (SR-IOV).

  When we ran VM with guest OS CirrOS or Ubuntu 12.04 we observed an hipervisor 
hang shortly after the VM is loaded
  We observed the same issue with Mellanox NIC and with Intel NIC

  We’ve tried few combinations of {GuestOS}X{Hypervisor} and we got the 
following findings:
  When a hypervisor is running QEMU 1.5/libvirtd 1.1.1 - no issue observed
  When a hypervisor is running QEMU 2.0/libvirtd 1.2.2 - CirrOS and Ubuntu 
12.04 guest OSes caused hypervisor hang
  When a hypervisor is running QEMU 2.0/libvirtd 1.2.2 - CentOS 6.4 and Ubuntu 
13.10 - no issue observed

  The problematic guest OSes are with kernel versions ~3.2.y

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1353947/+subscriptions

[Qemu-devel] [PULL v2 00/11] KVM, icount changes for 2014-08-06

[Paolo Bonzini]

The following changes since commit 41a1a9c42c4e0fb5f1b94aa8b72e42f66ebde3d9:

  po: Update German translation (2014-07-28 23:37:17 +0200)

are available in the git repository at:

  git://github.com/bonzini/qemu.git tags/for-upstream

for you to fetch changes up to eddedd546a68f6ac864b71d50dd8d39b939b724b:

  target-mips: Ignore unassigned accesses with KVM (2014-08-07 15:09:48 +0200)


KVM changes include a MIPS patch and the testdev backend used by the
ARM kvm-unit-tests.  icount include the first part of reverse execution
and Sebastian Tanase's patches to slow down -icount execution to the
desired speed of the target.

v1->v2: fix dump_drift_info to print nothing outside icount mode,
and to compile on 32-bit architectures


James Hogan (1):
  target-mips: Ignore unassigned accesses with KVM

KONRAD Frederic (3):
  icount: put icount variables into TimerState.
  migration: migrate icount fields.
  timer: add cpu_icount_to_ns function.

Paolo Bonzini (1):
  backends: Introduce chr-testdev

Sebastian Tanase (6):
  icount: Fix virtual clock start value on ARM
  icount: Add QemuOpts for icount
  icount: Add align option to icount
  cpu-exec: Add sleeping algorithm
  cpu-exec: Print to console if the guest is late
  monitor: Add drift info to 'info jit'

 backends/Makefile.objs  |   2 +-
 backends/testdev.c  | 131 
 cpu-exec.c  | 116 ++
 cpus.c  | 118 ---
 include/qemu-common.h   |   8 ++-
 include/qemu/timer.h|   2 +
 include/sysemu/char.h   |   3 ++
 monitor.c   |   1 +
 qapi-schema.json|   3 +-
 qemu-char.c |   4 ++
 qemu-options.hx |  17 +--
 qtest.c |  13 -
 stubs/Makefile.objs |   1 +
 stubs/chr-testdev.c |   7 +++
 target-mips/op_helper.c |  11 
 vl.c|  39 +++---
 16 files changed, 444 insertions(+), 32 deletions(-)
 create mode 100644 backends/testdev.c
 create mode 100644 stubs/chr-testdev.c
-- 
1.8.3.1

[Qemu-devel] [PATCH v4 14/15] target-tricore: Add instructions of SLR, SSRO and SRO opcode format

[Bastian Koppelmann]

Add instructions of SLR, SSRO and SRO opcode format.

Signed-off-by: Bastian Koppelmann 

Reviewed-by: Richard Henderson 
---
 target-tricore/translate.c | 121 +
 1 file changed, 121 insertions(+)

diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index ce90a60..0bb6ea1 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -682,6 +682,84 @@ static void decode_sc_opc(DisasContext *ctx, int op1)
 break;
 }
 }
+
+static void decode_slr_opc(DisasContext *ctx, int op1)
+{
+int r1, r2;
+
+r1 = MASK_OP_SLR_D(ctx->opcode);
+r2 = MASK_OP_SLR_S2(ctx->opcode);
+
+switch (op1) {
+/* SLR-format */
+case OPC1_16_SLR_LD_A:
+tcg_gen_qemu_ld_tl(cpu_gpr_a[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LESL);
+break;
+case OPC1_16_SLR_LD_A_POSTINC:
+tcg_gen_qemu_ld_tl(cpu_gpr_a[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LESL);
+tcg_gen_addi_tl(cpu_gpr_a[r2], cpu_gpr_a[r2], 4);
+break;
+case OPC1_16_SLR_LD_BU:
+tcg_gen_qemu_ld_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, MO_UB);
+break;
+case OPC1_16_SLR_LD_BU_POSTINC:
+tcg_gen_qemu_ld_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, MO_UB);
+tcg_gen_addi_tl(cpu_gpr_a[r2], cpu_gpr_a[r2], 1);
+break;
+case OPC1_16_SLR_LD_H:
+tcg_gen_qemu_ld_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LESW);
+break;
+case OPC1_16_SLR_LD_H_POSTINC:
+tcg_gen_qemu_ld_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LESW);
+tcg_gen_addi_tl(cpu_gpr_a[r2], cpu_gpr_a[r2], 2);
+break;
+case OPC1_16_SLR_LD_W:
+tcg_gen_qemu_ld_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LESW);
+break;
+case OPC1_16_SLR_LD_W_POSTINC:
+tcg_gen_qemu_ld_tl(cpu_gpr_d[r1], cpu_gpr_a[r2], ctx->mem_idx, 
MO_LESW);
+tcg_gen_addi_tl(cpu_gpr_a[r2], cpu_gpr_a[r2], 4);
+break;
+}
+}
+
+static void decode_sro_opc(DisasContext *ctx, int op1)
+{
+int r2;
+int32_t address;
+
+r2 = MASK_OP_SRO_S2(ctx->opcode);
+address = MASK_OP_SRO_OFF4(ctx->opcode);
+
+/* SRO-format */
+switch (op1) {
+case OPC1_16_SRO_LD_A:
+gen_offset_ld(ctx, cpu_gpr_a[15], cpu_gpr_a[r2], address * 4, MO_LESL);
+break;
+case OPC1_16_SRO_LD_BU:
+gen_offset_ld(ctx, cpu_gpr_d[15], cpu_gpr_a[r2], address, MO_UB);
+break;
+case OPC1_16_SRO_LD_H:
+gen_offset_ld(ctx, cpu_gpr_d[15], cpu_gpr_a[r2], address, MO_LESW);
+break;
+case OPC1_16_SRO_LD_W:
+gen_offset_ld(ctx, cpu_gpr_d[15], cpu_gpr_a[r2], address * 4, MO_LESL);
+break;
+case OPC1_16_SRO_ST_A:
+gen_offset_st(ctx, cpu_gpr_a[15], cpu_gpr_a[r2], address * 4, MO_LESL);
+break;
+case OPC1_16_SRO_ST_B:
+gen_offset_st(ctx, cpu_gpr_d[15], cpu_gpr_a[r2], address, MO_UB);
+break;
+case OPC1_16_SRO_ST_H:
+gen_offset_st(ctx, cpu_gpr_d[15], cpu_gpr_a[r2], address * 2, MO_LESW);
+break;
+case OPC1_16_SRO_ST_W:
+gen_offset_st(ctx, cpu_gpr_d[15], cpu_gpr_a[r2], address * 4, MO_LESL);
+break;
+}
+}
+
 static void decode_16Bit_opc(CPUTRICOREState *env, DisasContext *ctx)
 {
 int op1;
@@ -825,6 +903,49 @@ static void decode_16Bit_opc(CPUTRICOREState *env, 
DisasContext *ctx)
 case OPC1_16_SC_SUB_A:
 decode_sc_opc(ctx, op1);
 break;
+/* SLR-format */
+case OPC1_16_SLR_LD_A:
+case OPC1_16_SLR_LD_A_POSTINC:
+case OPC1_16_SLR_LD_BU:
+case OPC1_16_SLR_LD_BU_POSTINC:
+case OPC1_16_SLR_LD_H:
+case OPC1_16_SLR_LD_H_POSTINC:
+case OPC1_16_SLR_LD_W:
+case OPC1_16_SLR_LD_W_POSTINC:
+decode_slr_opc(ctx, op1);
+break;
+/* SRO-format */
+case OPC1_16_SRO_LD_A:
+case OPC1_16_SRO_LD_BU:
+case OPC1_16_SRO_LD_H:
+case OPC1_16_SRO_LD_W:
+case OPC1_16_SRO_ST_A:
+case OPC1_16_SRO_ST_B:
+case OPC1_16_SRO_ST_H:
+case OPC1_16_SRO_ST_W:
+decode_sro_opc(ctx, op1);
+break;
+/* SSRO-format */
+case OPC1_16_SSRO_ST_A:
+r1 = MASK_OP_SSRO_S1(ctx->opcode);
+const16 = MASK_OP_SSRO_OFF4(ctx->opcode);
+gen_offset_st(ctx, cpu_gpr_a[r1], cpu_gpr_a[15], const16 * 4, MO_LESL);
+break;
+case OPC1_16_SSRO_ST_B:
+r1 = MASK_OP_SSRO_S1(ctx->opcode);
+const16 = MASK_OP_SSRO_OFF4(ctx->opcode);
+gen_offset_st(ctx, cpu_gpr_d[r1], cpu_gpr_a[15], const16, MO_UB);
+break;
+case OPC1_16_SSRO_ST_H:
+r1 = MASK_OP_SSRO_S1(ctx->opcode);
+const16 = MASK_OP_SSRO_OFF4(ctx->opcode);
+gen_offset_st(ctx, cpu_gpr_d[r1], cpu_gpr_a[15], const16 * 2, MO_LESW);
+break;
+case OPC1_16_SSRO_ST_W:
+r1 = MASK_OP_SSRO_S1(ctx->opcode);
+const16 = MASK_OP_SSRO_OFF4(ctx->opcode);
+gen_offset_st(ctx, cpu_gpr_d[r1], cpu_gpr_a[15], const16 * 4, MO_LESL);
+break;
 }
 

[Qemu-devel] [PULL v2 10/11] monitor: Add drift info to 'info jit'

[Paolo Bonzini]

From: Sebastian Tanase 

Show in 'info jit' the current delay between the host clock
and the guest clock. In addition, print the maximum advance
and delay of the guest compared to the host.

Signed-off-by: Sebastian Tanase 
Tested-by: Camille Bégué 
Signed-off-by: Paolo Bonzini 
---
 cpu-exec.c|  6 ++
 cpus.c| 19 +++
 include/qemu-common.h |  4 
 monitor.c |  1 +
 4 files changed, 30 insertions(+)

diff --git a/cpu-exec.c b/cpu-exec.c
index 3c14502..cbc8067 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -105,6 +105,12 @@ static void init_delay_params(SyncClocks *sc,
sc->realtime_clock +
cpu_get_clock_offset();
 sc->last_cpu_icount = cpu->icount_extra + cpu->icount_decr.u16.low;
+if (sc->diff_clk < max_delay) {
+max_delay = sc->diff_clk;
+}
+if (sc->diff_clk > max_advance) {
+max_advance = sc->diff_clk;
+}
 
 /* Print every 2s max if the guest is late. We limit the number
of printed messages to NB_PRINT_MAX(currently 100) */
diff --git a/cpus.c b/cpus.c
index 19245e9..2b5c0bd 100644
--- a/cpus.c
+++ b/cpus.c
@@ -64,6 +64,8 @@
 #endif /* CONFIG_LINUX */
 
 static CPUState *next_cpu;
+int64_t max_delay;
+int64_t max_advance;
 
 bool cpu_is_stopped(CPUState *cpu)
 {
@@ -1552,3 +1554,20 @@ void qmp_inject_nmi(Error **errp)
 error_set(errp, QERR_UNSUPPORTED);
 #endif
 }
+
+void dump_drift_info(FILE *f, fprintf_function cpu_fprintf)
+{
+if (!use_icount) {
+return;
+}
+
+cpu_fprintf(f, "Host - Guest clock  %"PRIi64" ms\n",
+(cpu_get_clock() - cpu_get_icount())/SCALE_MS);
+if (icount_align_option) {
+cpu_fprintf(f, "Max guest delay %"PRIi64" ms\n", 
-max_delay/SCALE_MS);
+cpu_fprintf(f, "Max guest advance   %"PRIi64" ms\n", 
max_advance/SCALE_MS);
+} else {
+cpu_fprintf(f, "Max guest delay NA\n");
+cpu_fprintf(f, "Max guest advance   NA\n");
+}
+}
diff --git a/include/qemu-common.h b/include/qemu-common.h
index 5d10ac2..bcf7a6a 100644
--- a/include/qemu-common.h
+++ b/include/qemu-common.h
@@ -109,6 +109,10 @@ static inline char *realpath(const char *path, char 
*resolved_path)
 void configure_icount(QemuOpts *opts, Error **errp);
 extern int use_icount;
 extern int icount_align_option;
+/* drift information for info jit command */
+extern int64_t max_delay;
+extern int64_t max_advance;
+void dump_drift_info(FILE *f, fprintf_function cpu_fprintf);
 
 #include "qemu/osdep.h"
 #include "qemu/bswap.h"
diff --git a/monitor.c b/monitor.c
index 5bc70a6..cdbaa60 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1047,6 +1047,7 @@ static void do_info_registers(Monitor *mon, const QDict 
*qdict)
 static void do_info_jit(Monitor *mon, const QDict *qdict)
 {
 dump_exec_info((FILE *)mon, monitor_fprintf);
+dump_drift_info((FILE *)mon, monitor_fprintf);
 }
 
 static void do_info_history(Monitor *mon, const QDict *qdict)
-- 
1.8.3.1

[Qemu-devel] [PATCH v4 15/15] target-tricore: Add instructions of SR opcode format

[Bastian Koppelmann]

Add instructions of SR opcode format.
Add micro-op generator functions for saturate.
Add helper return from exception (rfe).

Signed-off-by: Bastian Koppelmann 
---
v3 -> v4:
- Replace first movcond with tcg_gen_setcond and second with tcg_gen_or at 
RSUB insn.
- Add AV, SAV calculation to RSUB insn.

 target-tricore/helper.h|   1 +
 target-tricore/op_helper.c |  52 +
 target-tricore/translate.c | 113 +
 3 files changed, 166 insertions(+)

diff --git a/target-tricore/helper.h b/target-tricore/helper.h
index 3c73234..7b7d74b 100644
--- a/target-tricore/helper.h
+++ b/target-tricore/helper.h
@@ -22,3 +22,4 @@ DEF_HELPER_3(sub_ssov, i32, env, i32, i32)
 DEF_HELPER_2(call, void, env, i32)
 DEF_HELPER_1(ret, void, env)
 DEF_HELPER_2(bisr, void, env, i32)
+DEF_HELPER_1(rfe, void, env)
diff --git a/target-tricore/op_helper.c b/target-tricore/op_helper.c
index c9cf0de..44bdb27 100644
--- a/target-tricore/op_helper.c
+++ b/target-tricore/op_helper.c
@@ -99,6 +99,21 @@ static int cdc_decrement(target_ulong *psw)
 return 0;
 }

+static bool cdc_zero(target_ulong *psw)
+{
+int cdc = *psw & MASK_PSW_CDC;
+/* Returns TRUE if PSW.CDC.COUNT == 0 or if PSW.CDC ==
+   7'b111, otherwise returns FALSE. */
+if (cdc == 0x7f) {
+return true;
+}
+/* find CDC.COUNT */
+int lo = clo32((*psw & MASK_PSW_CDC) << (32 - 7));
+int mask = (1u << (7 - lo)) - 1;
+int count = *psw & mask;
+return count == 0;
+}
+
 static void save_context_upper(CPUTRICOREState *env, int ea,
target_ulong *new_FCX)
 {
@@ -302,6 +317,43 @@ void helper_bisr(CPUTRICOREState *env, uint32_t const9)
 }
 }

+void helper_rfe(CPUTRICOREState *env)
+{
+target_ulong ea;
+target_ulong new_PCXI;
+target_ulong new_PSW;
+/* if (PCXI[19: 0] == 0) then trap(CSU); */
+if ((env->PCXI & 0xf) == 0) {
+/* raise csu trap */
+}
+/* if (PCXI.UL == 0) then trap(CTYP); */
+if ((env->PCXI & MASK_PCXI_UL) == 0) {
+/* raise CTYP trap */
+}
+/* if (!cdc_zero() AND PSW.CDE) then trap(NEST); */
+if (!cdc_zero(&(env->PSW)) && (env->PSW & MASK_PSW_CDE)) {
+/* raise MNG trap */
+}
+/* ICR.IE = PCXI.PIE; */
+env->ICR = (env->ICR & ~MASK_ICR_IE) + ((env->PCXI & MASK_PCXI_PIE) >> 15);
+/* ICR.CCPN = PCXI.PCPN; */
+env->ICR = (env->ICR & ~MASK_ICR_CCPN) +
+   ((env->PCXI & MASK_PCXI_PCPN) >> 24);
+/*EA = {PCXI.PCXS, 6'b0, PCXI.PCXO, 6'b0};*/
+ea = ((env->PCXI & MASK_PCXI_PCXS) << 12) +
+ ((env->PCXI & MASK_PCXI_PCXO) << 6);
+/*{new_PCXI, PSW, A[10], A[11], D[8], D[9], D[10], D[11], A[12],
+  A[13], A[14], A[15], D[12], D[13], D[14], D[15]} = M(EA, 16 * word);
+  M(EA, word) = FCX;*/
+restore_context_upper(env, ea, &new_PCXI, &new_PSW);
+/* FCX[19: 0] = PCXI[19: 0]; */
+env->FCX = (env->FCX & 0xfff0) + (env->PCXI & 0x000f);
+/* PCXI = new_PCXI; */
+env->PCXI = new_PCXI;
+/* write psw */
+psw_write(env, new_PSW);
+}
+
 static inline void QEMU_NORETURN do_raise_exception_err(CPUTRICOREState *env,
 uint32_t exception,
 int error_code,
diff --git a/target-tricore/translate.c b/target-tricore/translate.c
index 0bb6ea1..2b95cd9 100644
--- a/target-tricore/translate.c
+++ b/target-tricore/translate.c
@@ -241,6 +241,29 @@ static inline void gen_mul_i32s(TCGv ret, TCGv r1, TCGv r2)
 tcg_temp_free(low);
 }

+static void gen_saturate(TCGv ret, TCGv arg, int32_t up, int32_t low)
+{
+TCGv sat_neg = tcg_const_i32(low);
+TCGv temp = tcg_const_i32(up);
+
+/* sat_neg = (arg < low ) ? low : arg; */
+tcg_gen_movcond_tl(TCG_COND_LT, sat_neg, arg, sat_neg, arg, sat_neg);
+
+/* ret = (sat_neg > up ) ? up  : sat_neg; */
+tcg_gen_movcond_tl(TCG_COND_GT, ret, sat_neg, temp, temp, sat_neg);
+
+tcg_temp_free(sat_neg);
+tcg_temp_free(temp);
+}
+
+static void gen_saturate_u(TCGv ret, TCGv arg, int32_t up)
+{
+TCGv temp = tcg_const_i32(up);
+/* sat_neg = (arg > up ) ? up : arg; */
+tcg_gen_movcond_tl(TCG_COND_GTU, ret, arg, temp, temp, arg);
+tcg_temp_free(temp);
+}
+
 static void gen_shi(TCGv ret, TCGv r1, int32_t shift_count)
 {
 if (shift_count == -32) {
@@ -444,6 +467,15 @@ static void gen_compute_branch(DisasContext *ctx, uint32_t 
opc, int r1,
 case OPC1_16_SBR_LOOP:
 gen_loop(ctx, r1, offset * 2 - 32);
 break;
+/* SR-format jumps */
+case OPC1_16_SR_JI:
+tcg_gen_andi_tl(cpu_PC, cpu_gpr_a[r1], 0xfffe);
+tcg_gen_exit_tb(0);
+break;
+case OPC2_16_SR_RET:
+gen_helper_ret(cpu_env);
+tcg_gen_exit_tb(0);
+break;
 default:
 printf("Branch Error at %x\n", ctx->pc);
 }
@@ -760,6 +792,69 @@ static void decode_sro_opc(DisasContext *ctx, int op1)

Re: [Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Christopher Covington]

On 08/07/2014 08:03 AM, Peter Maydell wrote:
> On 7 August 2014 12:43, Richard W.M. Jones  wrote:
>> On Thu, Aug 07, 2014 at 12:35:27PM +0100, Peter Maydell wrote:
>>> On 7 August 2014 12:29, Richard W.M. Jones  wrote:
 On Thu, Aug 07, 2014 at 12:18:49PM +0100, Peter Maydell wrote:
> you didn't select a 32 bit CPU either explicitly or by default
> on the QEMU command line? Note that '-machine type=virt'
> defaults to a Cortex-A15 even in qemu-softmmu-aarch64
> (this is unfortunate but fallout from the fact that we started
> the virt model with the A15. Maybe we should make it not
> have a default and require a CPU specification...)

 Yes, this is indeed the case.  It also explains why I could get TCG
 working at all until I added -cpu cortex-a57.  Now it is working.

 I really think this choice of cpu_model = "cortex-a15" for -M virt is
 a poor one.  It should always default to something working.
>>>
>>> cortex-a15 *does* work, it's just a 32 bit CPU. It will function
>>> exactly the same as if you asked for an A15 in qemu-system-arm.
>>> Obviously if you try to feed it an AArch64 kernel it will behave
>>> the same way as if you'd tried to boot an AArch64 kernel on
>>> A15 hardware, so don't do that.
>>
>> Can't a 32 bit kernel run on -cpu cortex-a5x?  (I've not tried.)
> 
> No, because at the moment our AArch64 TCG implementation
> (and the way we configure KVM) assumes that the highest
> exception level is running AArch64. We might fix this eventually,
> though.

When EL3 and EL2 support is added, the bootloader will presumably have to be
modified to make the switch from EL3 into EL2. In my experience switching into
AArch32 EL2 instead of AArch64 EL2 is an easy option to add.

Christopher

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.

Re: [Qemu-devel] [PATCH v1 00/17] dataplane: optimization and multi virtqueue support

[Kevin Wolf]

Am 07.08.2014 um 12:27 hat Ming Lei geschrieben:
> On Wed, Aug 6, 2014 at 11:40 PM, Kevin Wolf  wrote:
> > Am 06.08.2014 um 13:28 hat Ming Lei geschrieben:
> >> On Wed, Aug 6, 2014 at 6:09 PM, Kevin Wolf  wrote:
> >> > Am 06.08.2014 um 11:37 hat Ming Lei geschrieben:
> >> >> On Wed, Aug 6, 2014 at 4:48 PM, Kevin Wolf  wrote:
> >> >> > However, I just wasn't sure whether a change on this level would be
> >> >> > relevant in a realistic environment. This is the reason why I wanted 
> >> >> > to
> >> >> > get a benchmark involving the block layer and some I/O.
> >> >> >
> >> >> >> From the profiling data in below link:
> >> >> >>
> >> >> >> http://pastebin.com/YwH2uwbq
> >> >> >>
> >> >> >> With coroutine, the running time for same loading is increased
> >> >> >> ~50%(1.325s vs. 0.903s), and dcache load events is increased
> >> >> >> ~35%(693M vs. 512M), insns per cycle is decreased by ~50%(
> >> >> >> 1.35 vs. 1.63), compared with bypassing coroutine(-b parameter).
> >> >> >>
> >> >> >> The bypass code in the benchmark is very similar with the approach
> >> >> >> used in the bypass patch, since linux-aio with O_DIRECT seldom
> >> >> >> blocks in the the kernel I/O path.
> >> >> >>
> >> >> >> Maybe the benchmark is a bit extremely, but given modern storage
> >> >> >> device may reach millions of IOPS, and it is very easy to slow down
> >> >> >> the I/O by coroutine.
> >> >> >
> >> >> > I think in order to optimise coroutines, such benchmarks are fair 
> >> >> > game.
> >> >> > It's just not guaranteed that the effects are exactly the same on real
> >> >> > workloads, so we should take the results with a grain of salt.
> >> >> >
> >> >> > Anyhow, the coroutine version of your benchmark is buggy, it leaks all
> >> >> > coroutines instead of exiting them, so it can't make any use of the
> >> >> > coroutine pool. On my laptop, I get this (where fixed coroutine is a
> >> >> > version that simply removes the yield at the end):
> >> >> >
> >> >> > | bypass| fixed coro| buggy coro
> >> >> > +---+---+--
> >> >> > time| 1.09s | 1.10s | 1.62s
> >> >> > L1-dcache-loads | 921,836,360   | 932,781,747   | 1,298,067,438
> >> >> > insns per cycle | 2.39  | 2.39  | 1.90
> >> >> >
> >> >> > Begs the question whether you see a similar effect on a real qemu and
> >> >> > the coroutine pool is still not big enough? With correct use of
> >> >> > coroutines, the difference seems to be barely measurable even without
> >> >> > any I/O involved.
> >> >>
> >> >> When I comment qemu_coroutine_yield(), looks result of
> >> >> bypass and fixed coro is very similar as your test, and I am just
> >> >> wondering if stack is always switched in qemu_coroutine_enter()
> >> >> without calling qemu_coroutine_yield().
> >> >
> >> > Yes, definitely. qemu_coroutine_enter() always involves calling
> >> > qemu_coroutine_switch(), which is the stack switch.
> >> >
> >> >> Without the yield, the benchmark can't emulate coroutine usage in
> >> >> bdrv_aio_readv/writev() path any more, and bypass in the patchset
> >> >> skips two qemu_coroutine_enter() and one qemu_coroutine_yield()
> >> >> for each bdrv_aio_readv/writev().
> >> >
> >> > It's not completely comparable anyway because you're not going through a
> >> > main loop and callbacks from there for your benchmark.
> >> >
> >> > But fair enough: Keep the yield, but enter the coroutine twice then. You
> >> > get slightly worse results then, but that's more like doubling the very
> >> > small difference between "bypass" and "fixed coro" (1.11s / 946,434,327
> >> > / 2.37), not like the horrible performance of the buggy version.
> >>
> >> Yes, I compared that too, looks no big difference.
> >>
> >> >
> >> > Actually, that's within the error of measurement for time and
> >> > insns/cycle, so running it for a bit longer:
> >> >
> >> > | bypass| coro  | + yield   | buggy coro
> >> > +---+---+---+--
> >> > time| 21.45s| 21.68s| 21.83s| 97.05s
> >> > L1-dcache-loads | 18,049 M  | 18,387 M  | 18,618 M  | 26,062 M
> >> > insns per cycle | 2.42  | 2.40  | 2.41  | 1.75
> >> >
> >> >> >> > I played a bit with the following, I hope it's not too naive. I 
> >> >> >> > couldn't
> >> >> >> > see a difference with your patches, but at least one reason for 
> >> >> >> > this is
> >> >> >> > probably that my laptop SSD isn't fast enough to make the CPU the
> >> >> >> > bottleneck. Haven't tried ramdisk yet, that would probably be the 
> >> >> >> > next
> >> >> >> > thing. (I actually wrote the patch up just for some profiling on 
> >> >> >> > my own,
> >> >> >> > not for comparing throughput, but it should be usable for that as 
> >> >> >> > well.)
> >> >> >>
> >> >> >> This might not be good for the test since it is basically a 
> >> >> >> sequential
> >> >> >> read test, which can be

Re: [Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Peter Maydell]

On 7 August 2014 14:43, Christopher Covington  wrote:
> On 08/07/2014 08:03 AM, Peter Maydell wrote:
>> No, because at the moment our AArch64 TCG implementation
>> (and the way we configure KVM) assumes that the highest
>> exception level is running AArch64. We might fix this eventually,
>> though.
>
> When EL3 and EL2 support is added, the bootloader will
> presumably have to be modified to make the switch from
> EL3 into EL2. In my experience switching into AArch32
> EL2 instead of AArch64 EL2 is an easy option to add.

I think the biggest difficulty is not the code to actually
do the switch but figuring out what the command line
UI to request "start in AArch32" ought to be and how that
then gets plumbed into the code to do the actual work.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 0/2] VHDX endian fixes, error reporting

[Kevin Wolf]

Am 07.08.2014 um 12:05 hat Stefan Hajnoczi geschrieben:
> On Wed, Aug 06, 2014 at 03:54:56PM -0400, Jeff Cody wrote:
> > This series is mainly for some bug fixes related to VHDX endianness, 
> > stemming
> > from code reviews done by Markus Armbruster and Paolo Bonzini.  Once I did 
> > some
> > testing on a big-endian machine, several more endian related errors were
> > discovered, as well.  All endian related fixes are in patch 2.
> > 
> > Jeff Cody (2):
> >   block: vhdx - add error check
> >   block: VHDX endian fixes
> > 
> >  block/vhdx-endian.c | 11 +--
> >  block/vhdx-log.c| 48 ++---
> >  block/vhdx.c| 89 
> > +++--
> >  block/vhdx.h|  1 +
> >  4 files changed, 93 insertions(+), 56 deletions(-)
> 
> Reviewed-by: Stefan Hajnoczi 

Thanks, applied to the block branch.

Kevin


pgpt1mndJaZaP.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH] test-coroutine: add baseline test that times the cost of function calls

[Kevin Wolf]

Am 07.08.2014 um 11:33 hat Stefan Hajnoczi geschrieben:
> On Wed, Aug 06, 2014 at 11:33:41AM +0200, Paolo Bonzini wrote:
> > This can be used to compute the cost of coroutine operations.  In the
> > end the cost of the function call is a few clock cycles, so it's pretty
> > cheap for now, but it may become more relevant as the coroutine code
> > is optimized.
> > 
> > For example, here are the results on my machine:
> > 
> >Function call 1 iterations: 0.173884 s
> >Yield 1 iterations: 8.445064 s
> >Lifecycle 100 iterations: 0.098445 s
> >Nesting 1 iterations of 1000 depth each: 7.406431 s
> > 
> > One yield takes 83 nanoseconds, one enter takes 97 nanoseconds,
> > one coroutine allocation takes (roughly, since some of the allocations
> > in the nesting test do hit the pool) 739 nanoseconds:
> > 
> >(8.445064 - 0.173884) * 10^9 / 1 = 82.7
> >(0.098445 * 100 - 0.173884) * 10^9 / 1 = 96.7
> >(7.406431 * 10 - 0.173884) * 10^9 / 1 = 738.9
> > 
> > Signed-off-by: Paolo Bonzini 
> > ---
> >  tests/test-coroutine.c | 24 
> >  1 files changed, 24 insertions(+)
> 
> Can't hurt to have this as a comparison.
> 
> Reviewed-by: Stefan Hajnoczi 

Thanks, applied to the block branch.

Kevin


pgpfObFISDGgp.pgp
Description: PGP signature

Re: [Qemu-devel] aarch64 & gdb: warning: while parsing target description (at line 1): Could not load XML document "arm-core.xml"

[Christopher Covington]

On 08/07/2014 09:53 AM, Peter Maydell wrote:
> On 7 August 2014 14:43, Christopher Covington  wrote:
>> On 08/07/2014 08:03 AM, Peter Maydell wrote:
>>> No, because at the moment our AArch64 TCG implementation
>>> (and the way we configure KVM) assumes that the highest
>>> exception level is running AArch64. We might fix this eventually,
>>> though.
>>
>> When EL3 and EL2 support is added, the bootloader will
>> presumably have to be modified to make the switch from
>> EL3 into EL2. In my experience switching into AArch32
>> EL2 instead of AArch64 EL2 is an easy option to add.
> 
> I think the biggest difficulty is not the code to actually
> do the switch but figuring out what the command line
> UI to request "start in AArch32" ought to be and how that
> then gets plumbed into the code to do the actual work.

ELF-32 file passed to -kernel seems to me like a reasonable place to start.

Christopher

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.

Re: [Qemu-devel] [PATCH 2/2] scsi-bus: Convert DeviceClass init to realize

[Kevin Wolf]

Am 05.08.2014 um 11:11 hat Fam Zheng geschrieben:
> Replace "init/destroy" with "realize/unrealize" in SCSIDeviceClass,
> which has errp as a parameter. So all the implementations now uses
> error_setg instead of error_report for reporting error.
> 
> Also in lsi53c895a, report the error when initializing the if=scsi
> devices, before dropping it, because the callee's error_report is
> changed to error_segs.
> 
> Signed-off-by: Fam Zheng 
> ---
>  hw/scsi/lsi53c895a.c   |  2 ++
>  hw/scsi/scsi-bus.c | 64 ++---
>  hw/scsi/scsi-disk.c| 78 
> --
>  hw/scsi/scsi-generic.c | 37 +++---
>  include/hw/scsi/scsi.h |  7 +++--
>  tests/qemu-iotests/051.out |  4 +--
>  6 files changed, 96 insertions(+), 96 deletions(-)
> 
> diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c
> index 786d848..dbc98a0 100644
> --- a/hw/scsi/lsi53c895a.c
> +++ b/hw/scsi/lsi53c895a.c
> @@ -19,6 +19,7 @@
>  #include "hw/pci/pci.h"
>  #include "hw/scsi/scsi.h"
>  #include "sysemu/dma.h"
> +#include "qemu/error-report.h"
>  
>  //#define DEBUG_LSI
>  //#define DEBUG_LSI_REG
> @@ -2121,6 +2122,7 @@ static int lsi_scsi_init(PCIDevice *dev)
>  if (!d->hotplugged) {
>  scsi_bus_legacy_handle_cmdline(&s->bus, &err);
>  if (err != NULL) {
> +error_report("%s", error_get_pretty(err));
>  error_free(err);
>  return -1;
>  }

Wouldn't qerror_report_err() be more useful? Or is already a QMP error
emitted in a different place in the callchain?

The same question is true for the added error_report() calls in patch 1.

> @@ -169,43 +168,40 @@ static int scsi_qdev_init(DeviceState *qdev)
>  d = scsi_device_find(bus, dev->channel, dev->id, ++lun);
>  } while (d && d->lun == lun && lun < bus->info->max_lun);
>  if (d && d->lun == lun) {
> -error_report("no free lun");
> -goto err;
> +error_setg(errp, "no free lun");
> +return;
>  }
>  dev->lun = lun;
>  } else {
>  d = scsi_device_find(bus, dev->channel, dev->id, dev->lun);
>  assert(d);
>  if (d->lun == dev->lun && dev != d) {
> -error_report("lun already used by '%s'", d->qdev.id);
> -goto err;
> +error_setg(errp, "lun already used by '%s'", d->qdev.id);
> +return;
>  }
>  }
>  
>  QTAILQ_INIT(&dev->requests);
> -rc = scsi_device_init(dev);
> -if (rc == 0) {
> +scsi_device_realize(dev, &local_err);
> +if (local_err) {
>  dev->vmsentry = qemu_add_vm_change_state_handler(scsi_dma_restart_cb,
>   dev);
> +error_propagate(errp, local_err);
>  }

Maybe I'm misunderstanding something, but it looks to me as if the
handler was previously installed in case of success, and now it's only
installed on failure?

>  
>  if (bus->info->hotplug) {
>  bus->info->hotplug(bus, dev);
>  }
> -
> -err:
> -return rc;
>  }

> diff --git a/tests/qemu-iotests/051.out b/tests/qemu-iotests/051.out
> index d7b0f50..f6d9dc1 100644
> --- a/tests/qemu-iotests/051.out
> +++ b/tests/qemu-iotests/051.out
> @@ -122,7 +122,7 @@ QEMU_PROG: -drive if=virtio: Device 'virtio-blk-pci' 
> could not be initialized
>  
>  Testing: -drive if=scsi
>  QEMU X.Y.Z monitor - type 'help' for more information
> -(qemu) QEMU_PROG: -drive if=scsi: Device needs media, but drive is empty
> +(qemu) QEMU_PROG: Device needs media, but drive is empty
>  QEMU_PROG: Device initialization failed.
>  QEMU_PROG: Initialization of device lsi53c895a failed

The old error message was certainly more useful. Not sure if there's a
good way to retain it, though.

Kevin