date:20141016

Il 15/10/2014 23:20, Slutz, Donald Christopher ha scritto:
> Do I need to repost with the 2 Reviewed-by ?

No, I'll attend to this as soon as I get back home.

Paolo

> On 10/06/14 05:26, Richard W.M. Jones wrote:
>> On Fri, Oct 03, 2014 at 05:33:37PM -0400, Don Slutz wrote:
>>> From: "Dr. David Alan Gilbert" 
>>>
>>> This is a pc & q35 only machine opt.
>>>
>>> VMWare apparently doesn't like running under QEMU due to our
>>> incomplete emulation of it's special IO Port.  This adds a
>>> pc & q35 property to allow it to be turned off.
>>>
>>> Signed-off-by: Dr. David Alan Gilbert 
>>> Signed-off-by: Don Slutz 
>>> ---
>>>   hw/i386/pc.c | 19 +++
>>>   hw/i386/pc_piix.c|  4 ++--
>>>   hw/i386/pc_q35.c |  3 ++-
>>>   include/hw/i386/pc.h |  2 ++
>>>   qemu-options.hx  |  3 +++
>>>   vl.c |  4 
>>>   6 files changed, 32 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/hw/i386/pc.c b/hw/i386/pc.c
>>> index 82a7daa..8e37a99 100644
>>> --- a/hw/i386/pc.c
>>> +++ b/hw/i386/pc.c
>>> @@ -1687,6 +1687,20 @@ static void pc_machine_set_max_ram_below_4g(Object 
>>> *obj, Visitor *v,
>>>   pcms->max_ram_below_4g = value;
>>>   }
>>>   
>>> +static bool pc_machine_get_vmport(Object *obj, Error **errp)
>>> +{
>>> +PCMachineState *pcms = PC_MACHINE(obj);
>>> +
>>> +return pcms->vmport;
>>> +}
>>> +
>>> +static void pc_machine_set_vmport(Object *obj, bool value, Error **errp)
>>> +{
>>> +PCMachineState *pcms = PC_MACHINE(obj);
>>> +
>>> +pcms->vmport = value;
>>> +}
>>> +
>>>   static void pc_machine_initfn(Object *obj)
>>>   {
>>>   PCMachineState *pcms = PC_MACHINE(obj);
>>> @@ -1699,6 +1713,11 @@ static void pc_machine_initfn(Object *obj)
>>>   pc_machine_get_max_ram_below_4g,
>>>   pc_machine_set_max_ram_below_4g,
>>>   NULL, NULL, NULL);
>>> +pcms->vmport = !xen_enabled();
>>> +object_property_add_bool(obj, PC_MACHINE_VMPORT,
>>> + pc_machine_get_vmport,
>>> + pc_machine_set_vmport,
>>> + NULL);
>>>   }
>>>   
>>>   static void pc_machine_class_init(ObjectClass *oc, void *data)
>>> diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
>>> index 103d756..03a73ce 100644
>>> --- a/hw/i386/pc_piix.c
>>> +++ b/hw/i386/pc_piix.c
>>> @@ -234,8 +234,8 @@ static void pc_init1(MachineState *machine,
>>>   pc_vga_init(isa_bus, pci_enabled ? pci_bus : NULL);
>>>   
>>>   /* init basic PC hardware */
>>> -pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy, xen_enabled(),
>>> -0x4);
>>> +pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy,
>>> + !pc_machine->vmport, 0x4);
>>>   
>>>   pc_nic_init(isa_bus, pci_bus);
>>>   
>>> diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
>>> index d4a907c..c5ba93d 100644
>>> --- a/hw/i386/pc_q35.c
>>> +++ b/hw/i386/pc_q35.c
>>> @@ -241,7 +241,8 @@ static void pc_q35_init(MachineState *machine)
>>>   pc_register_ferr_irq(gsi[13]);
>>>   
>>>   /* init basic PC hardware */
>>> -pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy, false, 
>>> 0xff0104);
>>> +pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy,
>>> + !pc_machine->vmport, 0xff0104);
>>>   
>>>   /* connect pm stuff to lpc */
>>>   ich9_lpc_pm_init(lpc);
>>> diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
>>> index 77316d5..96febb9 100644
>>> --- a/include/hw/i386/pc.h
>>> +++ b/include/hw/i386/pc.h
>>> @@ -35,11 +35,13 @@ struct PCMachineState {
>>>   HotplugHandler *acpi_dev;
>>>   
>>>   uint64_t max_ram_below_4g;
>>> +bool vmport;
>>>   };
>>>   
>>>   #define PC_MACHINE_ACPI_DEVICE_PROP "acpi-device"
>>>   #define PC_MACHINE_MEMHP_REGION_SIZE "hotplug-memory-region-size"
>>>   #define PC_MACHINE_MAX_RAM_BELOW_4G "max-ram-below-4g"
>>> +#define PC_MACHINE_VMPORT   "vmport"
>>>   
>>>   /**
>>>* PCMachineClass:
>>> diff --git a/qemu-options.hx b/qemu-options.hx
>>> index 365b56c..fe6b6e5 100644
>>> --- a/qemu-options.hx
>>> +++ b/qemu-options.hx
>>> @@ -33,6 +33,7 @@ DEF("machine", HAS_ARG, QEMU_OPTION_machine, \
>>>   "property accel=accel1[:accel2[:...]] selects 
>>> accelerator\n"
>>>   "supported accelerators are kvm, xen, tcg (default: 
>>> tcg)\n"
>>>   "kernel_irqchip=on|off controls accelerated irqchip 
>>> support\n"
>>> +"vmport=on|off controls emulation of vmport (default: 
>>> on)\n"
>>>   "kvm_shadow_mem=size of KVM shadow MMU\n"
>>>   "dump-guest-core=on|off include guest memory in a 
>>> core dump (default=on)\n"
>>>   "mem-merge=on|off controls memory merge support 
>>> (default: on)\n"
>>> @@ -51,6 +52,8 @@ than one accelerator specified, the next one is used if 
>>> the previous one fails
>>>   t

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

Il 15/10/2014 19:30, Peter Maydell ha scritto:
> On 15 October 2014 11:16, Paul Durrant  wrote:
>> The ioreq-server API added to Xen 4.5 offers better security than
>> the existing Xen/QEMU interface because the shared pages that are
>> used to pass emulation request/results back and forth are removed
>> from the guest's memory space before any requests are serviced.
>> This prevents the guest from mapping these pages (they are in a
>> well known location) and attempting to attack QEMU by synthesizing
>> its own request structures. Hence, this patch modifies configure
>> to detect whether the API is available, and adds the necessary
>> code to use the API if it is.
> 
> This commit message doesn't mention it, but presumably this is
> all x86-specific given it's in a file which is only used for
> x86 Xen?
> 
>> +static void xen_hvm_pre_save(void *opaque)
>> +{
>> +XenIOState *state = opaque;
>> +
>> +/* Stop servicing emulation requests */
>> +xen_set_ioreq_server_state(xen_xc, xen_domid, state->ioservid, 0);
>> +xen_destroy_ioreq_server(xen_xc, xen_domid, state->ioservid);
>> +}
>> +
>> +static const VMStateDescription vmstate_xen_hvm = {
>> +.name = "xen-hvm",
>> +.version_id = 4,
>> +.minimum_version_id = 4,
> 
> This is new in upstream so why's it starting at version 4?
> 
>> +.pre_save = xen_hvm_pre_save,
>> +.fields = (VMStateField[]) {
>> +VMSTATE_END_OF_LIST()
>> +},
> 
> A vmstate which doesn't actually save any state? This seems
> rather suspicious...
> 
>> @@ -1060,12 +1185,19 @@ int xen_hvm_init(ram_addr_t *below_4g_mem_size, 
>> ram_addr_t *above_4g_mem_size,
>>  xen_ram_init(below_4g_mem_size, above_4g_mem_size, ram_size, 
>> ram_memory);
>>
>>  qemu_add_vm_change_state_handler(xen_hvm_change_state_handler, state);
>> +vmstate_register(NULL, 0, &vmstate_xen_hvm, state);
> 
> Is the new use of vmstate_register() really necessary?
> Usually the state you're saving corresponds to some QOM
> device whose vmsd field you can use instead.

In this case, it seems like a job for a vmstate change handler.

Paolo

Re: [Qemu-devel] [PATCH v2] target-i386: move generic memory hotplug methods to DSDTs

Il 15/10/2014 15:19, Igor Mammedov ha scritto:
> however I'm not sure that SSDT byte-for-byte compatible will make
> things better.
> Since SSDT includes snippets of AML compiled by IASL, hex-templates
> could be different depending on IASL version.

SSDT is simple enough that there shouldn't be differences.  If this were
a problem, we could unconditionally use .hex.generated files or move the
generation entirely to C, similar to what we do for bridges and what
SeaBIOS used to do.

Paolo

> Ultimately
> that would make us to keep versioned by machine type binary templates
> so that we could guaranty byte-to-byte identity.
> 
> Perhaps we should reconsider and think one more time about
> http://lists.gnu.org/archive/html/qemu-stable/2014-07/msg00205.html
> 
> which solves migration size issue and doesn't tie us to maintanance
> nightmare with versioned tables. I'd preffer to keep tables
> un-versioned as long as possible.

[Qemu-devel] [PATCH 3/3] Split the QEMU buffered file code out

From: "Dr. David Alan Gilbert" 

The splitting of qemu-file and addition of the buffered file landed
at the same time; so now split the buffered file code out.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/Makefile.objs   |   2 +-
 migration/qemu-file-buf.c | 486 ++
 migration/qemu-file.c | 455 ---
 tests/Makefile|   3 +-
 4 files changed, 489 insertions(+), 457 deletions(-)
 create mode 100644 migration/qemu-file-buf.c

diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index 681bae9..14e130a 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -1,6 +1,6 @@
 common-obj-y += migration.o migration-tcp.o
 common-obj-y += vmstate.o
-common-obj-y += qemu-file.o qemu-file-unix.o qemu-file-stdio.o
+common-obj-y += qemu-file.o qemu-file-buf.o qemu-file-unix.o qemu-file-stdio.o
 common-obj-$(CONFIG_RDMA) += migration-rdma.o
 common-obj-y += xbzrle.o
 
diff --git a/migration/qemu-file-buf.c b/migration/qemu-file-buf.c
new file mode 100644
index 000..d33dd44
--- /dev/null
+++ b/migration/qemu-file-buf.c
@@ -0,0 +1,486 @@
+/*
+ * QEMU System Emulator
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu-common.h"
+#include "qemu/iov.h"
+#include "qemu/sockets.h"
+#include "block/coroutine.h"
+#include "migration/migration.h"
+#include "migration/qemu-file.h"
+#include "migration/qemu-file-internal.h"
+#include "trace.h"
+
+#define QSB_CHUNK_SIZE  (1 << 10)
+#define QSB_MAX_CHUNK_SIZE  (16 * QSB_CHUNK_SIZE)
+
+/**
+ * Create a QEMUSizedBuffer
+ * This type of buffer uses scatter-gather lists internally and
+ * can grow to any size. Any data array in the scatter-gather list
+ * can hold different amount of bytes.
+ *
+ * @buffer: Optional buffer to copy into the QSB
+ * @len: size of initial buffer; if @buffer is given, buffer must
+ *   hold at least len bytes
+ *
+ * Returns a pointer to a QEMUSizedBuffer or NULL on allocation failure
+ */
+QEMUSizedBuffer *qsb_create(const uint8_t *buffer, size_t len)
+{
+QEMUSizedBuffer *qsb;
+size_t alloc_len, num_chunks, i, to_copy;
+size_t chunk_size = (len > QSB_MAX_CHUNK_SIZE)
+? QSB_MAX_CHUNK_SIZE
+: QSB_CHUNK_SIZE;
+
+num_chunks = DIV_ROUND_UP(len ? len : QSB_CHUNK_SIZE, chunk_size);
+alloc_len = num_chunks * chunk_size;
+
+qsb = g_try_new0(QEMUSizedBuffer, 1);
+if (!qsb) {
+return NULL;
+}
+
+qsb->iov = g_try_new0(struct iovec, num_chunks);
+if (!qsb->iov) {
+g_free(qsb);
+return NULL;
+}
+
+qsb->n_iov = num_chunks;
+
+for (i = 0; i < num_chunks; i++) {
+qsb->iov[i].iov_base = g_try_malloc0(chunk_size);
+if (!qsb->iov[i].iov_base) {
+/* qsb_free is safe since g_free can cope with NULL */
+qsb_free(qsb);
+return NULL;
+}
+
+qsb->iov[i].iov_len = chunk_size;
+if (buffer) {
+to_copy = (len - qsb->used) > chunk_size
+  ? chunk_size : (len - qsb->used);
+memcpy(qsb->iov[i].iov_base, &buffer[qsb->used], to_copy);
+qsb->used += to_copy;
+}
+}
+
+qsb->size = alloc_len;
+
+return qsb;
+}
+
+/**
+ * Free the QEMUSizedBuffer
+ *
+ * @qsb: The QEMUSizedBuffer to free
+ */
+void qsb_free(QEMUSizedBuffer *qsb)
+{
+size_t i;
+
+if (!qsb) {
+return;
+}
+
+for (i = 0; i < qsb->n_iov; i++) {
+g_free(qsb->iov[i].iov_base);
+}
+g_free(qsb->iov);
+g_free(qsb);
+}
+
+/**
+ * Get the number of used bytes in the QEMUSizedBuffer
+ *
+ * @qsb: A QEMUSizedBuffer
+ *
+ * Returns the number of bytes currently used in this buffer
+ */
+size_t qsb_get_length(const QEMUSizedBuffer *qsb)
+{
+return qsb->used;
+}
+
+/**
+ * Set the length of the buffer;

[Qemu-devel] [PATCH 0/3] More migration file cleanup

From: "Dr. David Alan Gilbert" 


This is a small set of patches that shuffle migration code
around, but doesn't change the behaviour:

  1) Move a lot of the migration source into a separate 'migration' directory
 Note this moves a lot of files around, git format-patch -M -B spots the
 renames
  2) Split the 'struct QEMUFile' out into a private header
 Because the QEMU Buffered file code wants to access fields, and it's about
 to be in a separate file from QEMUFile.
  3) Split the QEMU buffered file code out in the same way as the stdio and
 unix/socket code has been split out.

Dave

Dr. David Alan Gilbert (3):
  Start moving migration code into a migration directory
  Split struct QEMUFile out
  Split the QEMU buffered file code out

 Makefile.objs|   9 +-
 migration/Makefile.objs  |   7 +
 migration-exec.c => migration/migration-exec.c   |   0
 migration-fd.c => migration/migration-fd.c   |   0
 migration-rdma.c => migration/migration-rdma.c   |   0
 migration-tcp.c => migration/migration-tcp.c |   0
 migration-unix.c => migration/migration-unix.c   |   0
 migration.c => migration/migration.c |   0
 qemu-file.c => migration/qemu-file-buf.c | 511 +-
 migration/qemu-file-internal.h   |  53 +++
 qemu-file-stdio.c => migration/qemu-file-stdio.c |   0
 qemu-file-unix.c => migration/qemu-file-unix.c   |   0
 migration/qemu-file.c| 519 +++
 vmstate.c => migration/vmstate.c |   0
 xbzrle.c => migration/xbzrle.c   |   0
 tests/Makefile   |   7 +-
 16 files changed, 586 insertions(+), 520 deletions(-)
 create mode 100644 migration/Makefile.objs
 rename migration-exec.c => migration/migration-exec.c (100%)
 rename migration-fd.c => migration/migration-fd.c (100%)
 rename migration-rdma.c => migration/migration-rdma.c (100%)
 rename migration-tcp.c => migration/migration-tcp.c (100%)
 rename migration-unix.c => migration/migration-unix.c (100%)
 rename migration.c => migration/migration.c (100%)
 rename qemu-file.c => migration/qemu-file-buf.c (51%)
 create mode 100644 migration/qemu-file-internal.h
 rename qemu-file-stdio.c => migration/qemu-file-stdio.c (100%)
 rename qemu-file-unix.c => migration/qemu-file-unix.c (100%)
 create mode 100644 migration/qemu-file.c
 rename vmstate.c => migration/vmstate.c (100%)
 rename xbzrle.c => migration/xbzrle.c (100%)

-- 
1.9.3

[Qemu-devel] [PATCH 1/3] Start moving migration code into a migration directory

From: "Dr. David Alan Gilbert" 

The migration code now occupies a fair chunk of the top level .c
files, it seems time to give it it's own directory.

I've not touched:
   arch_init.c - that's mostly RAM migration but has a few random other
 bits
   savevm.c- because it's built target specific
   block-migration.c - should that go in block/ or migration/ ?

This is purely a code move; no code has changed.

Signed-off-by: Dr. David Alan Gilbert 
---
 Makefile.objs| 9 ++---
 migration/Makefile.objs  | 7 +++
 migration-exec.c => migration/migration-exec.c   | 0
 migration-fd.c => migration/migration-fd.c   | 0
 migration-rdma.c => migration/migration-rdma.c   | 0
 migration-tcp.c => migration/migration-tcp.c | 0
 migration-unix.c => migration/migration-unix.c   | 0
 migration.c => migration/migration.c | 0
 qemu-file-stdio.c => migration/qemu-file-stdio.c | 0
 qemu-file-unix.c => migration/qemu-file-unix.c   | 0
 qemu-file.c => migration/qemu-file.c | 0
 vmstate.c => migration/vmstate.c | 0
 xbzrle.c => migration/xbzrle.c   | 0
 tests/Makefile   | 6 +++---
 14 files changed, 12 insertions(+), 10 deletions(-)
 create mode 100644 migration/Makefile.objs
 rename migration-exec.c => migration/migration-exec.c (100%)
 rename migration-fd.c => migration/migration-fd.c (100%)
 rename migration-rdma.c => migration/migration-rdma.c (100%)
 rename migration-tcp.c => migration/migration-tcp.c (100%)
 rename migration-unix.c => migration/migration-unix.c (100%)
 rename migration.c => migration/migration.c (100%)
 rename qemu-file-stdio.c => migration/qemu-file-stdio.c (100%)
 rename qemu-file-unix.c => migration/qemu-file-unix.c (100%)
 rename qemu-file.c => migration/qemu-file.c (100%)
 rename vmstate.c => migration/vmstate.c (100%)
 rename xbzrle.c => migration/xbzrle.c (100%)

diff --git a/Makefile.objs b/Makefile.objs
index 18fd35c..71b4b79 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -48,15 +48,10 @@ common-obj-$(CONFIG_POSIX) += os-posix.o
 
 common-obj-$(CONFIG_LINUX) += fsdev/
 
-common-obj-y += migration.o migration-tcp.o
-common-obj-y += vmstate.o
-common-obj-y += qemu-file.o qemu-file-unix.o qemu-file-stdio.o
-common-obj-$(CONFIG_RDMA) += migration-rdma.o
+common-obj-y += migration/
 common-obj-y += qemu-char.o #aio.o
 common-obj-y += block-migration.o
-common-obj-y += page_cache.o xbzrle.o
-
-common-obj-$(CONFIG_POSIX) += migration-exec.o migration-unix.o migration-fd.o
+common-obj-y += page_cache.o
 
 common-obj-$(CONFIG_SPICE) += spice-qemu-char.o
 
diff --git a/migration/Makefile.objs b/migration/Makefile.objs
new file mode 100644
index 000..681bae9
--- /dev/null
+++ b/migration/Makefile.objs
@@ -0,0 +1,7 @@
+common-obj-y += migration.o migration-tcp.o
+common-obj-y += vmstate.o
+common-obj-y += qemu-file.o qemu-file-unix.o qemu-file-stdio.o
+common-obj-$(CONFIG_RDMA) += migration-rdma.o
+common-obj-y += xbzrle.o
+
+common-obj-$(CONFIG_POSIX) += migration-exec.o migration-unix.o migration-fd.o
diff --git a/migration-exec.c b/migration/migration-exec.c
similarity index 100%
rename from migration-exec.c
rename to migration/migration-exec.c
diff --git a/migration-fd.c b/migration/migration-fd.c
similarity index 100%
rename from migration-fd.c
rename to migration/migration-fd.c
diff --git a/migration-rdma.c b/migration/migration-rdma.c
similarity index 100%
rename from migration-rdma.c
rename to migration/migration-rdma.c
diff --git a/migration-tcp.c b/migration/migration-tcp.c
similarity index 100%
rename from migration-tcp.c
rename to migration/migration-tcp.c
diff --git a/migration-unix.c b/migration/migration-unix.c
similarity index 100%
rename from migration-unix.c
rename to migration/migration-unix.c
diff --git a/migration.c b/migration/migration.c
similarity index 100%
rename from migration.c
rename to migration/migration.c
diff --git a/qemu-file-stdio.c b/migration/qemu-file-stdio.c
similarity index 100%
rename from qemu-file-stdio.c
rename to migration/qemu-file-stdio.c
diff --git a/qemu-file-unix.c b/migration/qemu-file-unix.c
similarity index 100%
rename from qemu-file-unix.c
rename to migration/qemu-file-unix.c
diff --git a/qemu-file.c b/migration/qemu-file.c
similarity index 100%
rename from qemu-file.c
rename to migration/qemu-file.c
diff --git a/vmstate.c b/migration/vmstate.c
similarity index 100%
rename from vmstate.c
rename to migration/vmstate.c
diff --git a/xbzrle.c b/migration/xbzrle.c
similarity index 100%
rename from xbzrle.c
rename to migration/xbzrle.c
diff --git a/tests/Makefile b/tests/Makefile
index 16f0e4c..3a03979 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -49,7 +49,7 @@ check-unit-y += tests/test-x86-cpuid$(EXESUF)
 # all code tested by test-x86-cpuid is inside topology.h
 gcov-files-test-x86-cpuid-y =
 check-unit-y += tests/test-xbzrle$(EXESUF)
-gcov-files-test-xbzrle-y = xbzrle.c

[Qemu-devel] [PATCH 2/3] Split struct QEMUFile out

From: "Dr. David Alan Gilbert" 

Now we've got multiple QEMUFile source files, some of them need
access to things that were defined in qemu-file.c, so create
a -internal header for them.

Signed-off-by: Dr. David Alan Gilbert 
---
 migration/qemu-file-internal.h | 53 ++
 migration/qemu-file.c  | 23 +-
 2 files changed, 54 insertions(+), 22 deletions(-)
 create mode 100644 migration/qemu-file-internal.h

diff --git a/migration/qemu-file-internal.h b/migration/qemu-file-internal.h
new file mode 100644
index 000..d95e853
--- /dev/null
+++ b/migration/qemu-file-internal.h
@@ -0,0 +1,53 @@
+/*
+ * QEMU System Emulator
+ *
+ * Copyright (c) 2003-2008 Fabrice Bellard
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef QEMU_FILE_INTERNAL_H
+#define QEMU_FILE_INTERNAL_H 1
+
+#include "qemu-common.h"
+#include "qemu/iov.h"
+
+#define IO_BUF_SIZE 32768
+#define MAX_IOV_SIZE MIN(IOV_MAX, 64)
+
+struct QEMUFile {
+const QEMUFileOps *ops;
+void *opaque;
+
+int64_t bytes_xfer;
+int64_t xfer_limit;
+
+int64_t pos; /* start of buffer when writing, end of buffer
+when reading */
+int buf_index;
+int buf_size; /* 0 when writing */
+uint8_t buf[IO_BUF_SIZE];
+
+struct iovec iov[MAX_IOV_SIZE];
+unsigned int iovcnt;
+
+int last_error;
+};
+
+#endif
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
index f938e36..671fba9 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
@@ -27,30 +27,9 @@
 #include "block/coroutine.h"
 #include "migration/migration.h"
 #include "migration/qemu-file.h"
+#include "migration/qemu-file-internal.h"
 #include "trace.h"
 
-#define IO_BUF_SIZE 32768
-#define MAX_IOV_SIZE MIN(IOV_MAX, 64)
-
-struct QEMUFile {
-const QEMUFileOps *ops;
-void *opaque;
-
-int64_t bytes_xfer;
-int64_t xfer_limit;
-
-int64_t pos; /* start of buffer when writing, end of buffer
-when reading */
-int buf_index;
-int buf_size; /* 0 when writing */
-uint8_t buf[IO_BUF_SIZE];
-
-struct iovec iov[MAX_IOV_SIZE];
-unsigned int iovcnt;
-
-int last_error;
-};
-
 bool qemu_file_mode_is_not_valid(const char *mode)
 {
 if (mode == NULL ||
-- 
1.9.3

[Qemu-devel] [PATCHv4 2/4] BlockLimits: introduce max_transfer_length

Signed-off-by: Peter Lieven 
---
 block.c   |4 
 include/block/block_int.h |3 +++
 2 files changed, 7 insertions(+)

diff --git a/block.c b/block.c
index 27533f3..0fbf916 100644
--- a/block.c
+++ b/block.c
@@ -536,6 +536,7 @@ void bdrv_refresh_limits(BlockDriverState *bs, Error **errp)
 return;
 }
 bs->bl.opt_transfer_length = bs->file->bl.opt_transfer_length;
+bs->bl.max_transfer_length = bs->file->bl.max_transfer_length;
 bs->bl.opt_mem_alignment = bs->file->bl.opt_mem_alignment;
 } else {
 bs->bl.opt_mem_alignment = 512;
@@ -550,6 +551,9 @@ void bdrv_refresh_limits(BlockDriverState *bs, Error **errp)
 bs->bl.opt_transfer_length =
 MAX(bs->bl.opt_transfer_length,
 bs->backing_hd->bl.opt_transfer_length);
+bs->bl.max_transfer_length =
+MIN_NON_ZERO(bs->bl.max_transfer_length,
+ bs->backing_hd->bl.max_transfer_length);
 bs->bl.opt_mem_alignment =
 MAX(bs->bl.opt_mem_alignment,
 bs->backing_hd->bl.opt_mem_alignment);
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 8d86a6c..b13a10a 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -289,6 +289,9 @@ typedef struct BlockLimits {
 /* optimal transfer length in sectors */
 int opt_transfer_length;
 
+/* maximal transfer length in sectors */
+int max_transfer_length;
+
 /* memory alignment so that no bounce buffer is needed */
 size_t opt_mem_alignment;
 } BlockLimits;
-- 
1.7.9.5

[Qemu-devel] [PATCHv4 3/4] block/iscsi: set max_transfer_length

the limit of 0xff for 16 byte CDBs is intentional to
avoid overflows on 32-bit architectures.

Signed-off-by: Peter Lieven 
Reviewed-by: Ronnie Sahlberg 
---
 block/iscsi.c |   12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/block/iscsi.c b/block/iscsi.c
index 3a01de0..c873d13 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -1449,10 +1449,18 @@ static void iscsi_close(BlockDriverState *bs)
 
 static void iscsi_refresh_limits(BlockDriverState *bs, Error **errp)
 {
-IscsiLun *iscsilun = bs->opaque;
-
 /* We don't actually refresh here, but just return data queried in
  * iscsi_open(): iscsi targets don't change their limits. */
+
+IscsiLun *iscsilun = bs->opaque;
+uint32_t max_xfer_len = iscsilun->use_16_for_rw ? 0xff : 0x;
+
+if (iscsilun->bl.max_xfer_len) {
+max_xfer_len = MIN(max_xfer_len, iscsilun->bl.max_xfer_len);
+}
+
+bs->bl.max_transfer_length = sector_lun2qemu(max_xfer_len, iscsilun);
+
 if (iscsilun->lbp.lbpu) {
 if (iscsilun->bl.max_unmap < 0x) {
 bs->bl.max_discard = sector_lun2qemu(iscsilun->bl.max_unmap,
-- 
1.7.9.5

[Qemu-devel] [PATCHv4 0/4] introduce max_transfer_length

This series adds the basics for introducing a maximum transfer length
to the block layer. Its main purpose is currently avoiding that
a multiwrite_merge exceeds the max_xfer_len of an attached iSCSI LUN.
This is a required bug fix.

Splitting up requests according to the max_transfer_length will follow
in a later series.

v3->v4: introduce MIN_NON_ZERO to correctly calculate minimum of 2 limits.
v2->v3: remove Patch 2 completely [Paolo]
v1->v2: do not throw errors but generate trace events in Patch 2 [Paolo]

Peter Lieven (4):
  util: introduce MIN_NON_ZERO
  BlockLimits: introduce max_transfer_length
  block/iscsi: set max_transfer_length
  block: avoid creating oversized writes in multiwrite_merge

 block.c   |9 +
 block/iscsi.c |   12 ++--
 include/block/block_int.h |3 +++
 include/qemu/osdep.h  |4 
 4 files changed, 26 insertions(+), 2 deletions(-)

-- 
1.7.9.5

[Qemu-devel] [PATCHv4 1/4] util: introduce MIN_NON_ZERO

at least in block layer we have the case of limits being defined for a
BlockDriverState. However, in this context often zero (0) has the special
meanining of undefined which means no limit. If two of those limits are
combined and the minimum is needed the minimum function should only return
zero if both parameters are zero.

Signed-off-by: Peter Lieven 
---
 include/qemu/osdep.h |4 
 1 file changed, 4 insertions(+)

diff --git a/include/qemu/osdep.h b/include/qemu/osdep.h
index 1565404..9a238df 100644
--- a/include/qemu/osdep.h
+++ b/include/qemu/osdep.h
@@ -68,6 +68,10 @@ typedef signed int  int_fast16_t;
 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
 #endif
 
+#ifndef MIN_NON_ZERO
+#define MIN_NON_ZERO(a, b) ((!!(a) && (a) < (b)) ? (a) : (b))
+#endif
+
 #ifndef ROUND_UP
 #define ROUND_UP(n,d) (((n) + (d) - 1) & -(d))
 #endif
-- 
1.7.9.5

[Qemu-devel] [PATCHv4 4/4] block: avoid creating oversized writes in multiwrite_merge

Signed-off-by: Peter Lieven 
Reviewed-by: Ronnie Sahlberg 
---
 block.c |5 +
 1 file changed, 5 insertions(+)

diff --git a/block.c b/block.c
index 0fbf916..9ad2287 100644
--- a/block.c
+++ b/block.c
@@ -4554,6 +4554,11 @@ static int multiwrite_merge(BlockDriverState *bs, 
BlockRequest *reqs,
 merge = 0;
 }
 
+if (bs->bl.max_transfer_length && reqs[outidx].nb_sectors +
+reqs[i].nb_sectors > bs->bl.max_transfer_length) {
+merge = 0;
+}
+
 if (merge) {
 size_t size;
 QEMUIOVector *qiov = g_malloc0(sizeof(*qiov));
-- 
1.7.9.5

[Qemu-devel] [Bug 1307225] Re: Running a virtual machine on a Haswell system produces machine check events

2014-10-16 Thread Ilya Almametov

Just my 2 cents. I have two Haswell boxes with Ubuntu Server 14.04 each
running bunch of VMs. The first one is Intel Core i7-4770K and it runs
only Linux VMs. There is no single MCE here for at least one year.  The
second box is Intel Core i7-4790K and it runs mix of Linux and Windows
2003 VMs. MCEs regularly appear in logs here.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1307225

Title:
  Running a virtual machine on a Haswell system produces machine check
  events

Status in QEMU:
  New

Bug description:
  I'm running a virtual Windows SBS 2003 installation on a Xeon E3
  Haswell system running Gentoo Linux. First, I used Qemu 1.5.3 (the
  latest stable version on Gentoo). I got a lot of machine check events
  ("mce: [Hardware Error]: Machine check events logged") in dmesg that
  always looked like (using mcelog):

  Hardware event. This is not a software error.
  MCE 0
  CPU 3 BANK 0
  TIME 1397455091 Mon Apr 14 07:58:11 2014
  MCG status:
  MCi status:
  Corrected error
  Error enabled
  MCA: Internal parity error
  STATUS 904f0005 MCGSTATUS 0
  MCGCAP c09 APICID 6 SOCKETID 0
  CPUID Vendor Intel Family 6 Model 60

  I found this discussion on the vmware community:
  https://communities.vmware.com/thread/452344

  It seems that this is (at least partly) caused by the Qemu machine. I
  switched to Qemu 1.7.0, the first version to use "pc-i440fx-1.7". With
  this version, the errors almost disappeared, but from time to time, I
  still get machine check events. Anyways, they so not seem to affect
  neither the vm, nor the host.

  The Haswell machine has been set up and running for several days
  without a single error message. They only appear when the VM is
  running. so I think this is actually some problem with the Haswell
  architecture (and not a real hardware error).

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1307225/+subscriptions

Re: [Qemu-devel] Counting barrier instructions in ARM

On 16 October 2014 03:45, Pranith Kumar  wrote:
> The problem I am facing is that this seems to be crashing when run with a
> multi-threaded executable.

This is nothing to do with your changes -- user-mode QEMU does not
support multi-threaded guest executables. QEMU may crash, hang,
or stop with an assertion failure, fairly randomly. Don't try
to run multithreaded guests :-)

> Also the statistics gathered are not really accurate.

This will be because you're using add rather than addi,
so you're adding effectively a random number to the count
every time (whatever TCG's "value in temporary 1" happens
to be, I expect).

thanks
-- PMM

Re: [Qemu-devel] [PATCH 1/3] Start moving migration code into a migration directory

"Dr. David Alan Gilbert (git)"  wrote:
G> From: "Dr. David Alan Gilbert" 
>
> The migration code now occupies a fair chunk of the top level .c
> files, it seems time to give it it's own directory.
>
> I've not touched:
>arch_init.c - that's mostly RAM migration but has a few random other
>  bits

Will split the memory bits, and can go to migration.

>savevm.c- because it's built target specific

Damn, would have to look at it.

>block-migration.c - should that go in block/ or migration/ ?

It is really on migration.  we have basically:

- ram-migration
- block-migration

We can call other names if people preffer.

>
> This is purely a code move; no code has changed.
>
> Signed-off-by: Dr. David Alan Gilbert 

Thanks, Juan.

Re: [Qemu-devel] [PATCH 1/3] Start moving migration code into a migration directory

"Dr. David Alan Gilbert (git)"  wrote:
> From: "Dr. David Alan Gilbert" 
>
> The migration code now occupies a fair chunk of the top level .c
> files, it seems time to give it it's own directory.
>
> I've not touched:
>arch_init.c - that's mostly RAM migration but has a few random other
>  bits
>savevm.c- because it's built target specific
>block-migration.c - should that go in block/ or migration/ ?
>
> This is purely a code move; no code has changed.
>
> Signed-off-by: Dr. David Alan Gilbert 

Reviewed-by: Juan Quintela

Re: [Qemu-devel] [PATCH 2/3] Split struct QEMUFile out

"Dr. David Alan Gilbert (git)"  wrote:
> From: "Dr. David Alan Gilbert" 
>
> Now we've got multiple QEMUFile source files, some of them need
> access to things that were defined in qemu-file.c, so create
> a -internal header for them.
>
> Signed-off-by: Dr. David Alan Gilbert 

Reviewed-by: Juan Quintela

Re: [Qemu-devel] [PATCH 3/3] Split the QEMU buffered file code out

"Dr. David Alan Gilbert (git)"  wrote:
> From: "Dr. David Alan Gilbert" 
>
> The splitting of qemu-file and addition of the buffered file landed
> at the same time; so now split the buffered file code out.
>
> Signed-off-by: Dr. David Alan Gilbert 

Reviewed-by: Juan Quintela

Re: [Qemu-devel] [PATCH 1/3] Start moving migration code into a migration directory

2014-10-16 Thread Dr. David Alan Gilbert

* Juan Quintela (quint...@redhat.com) wrote:
> "Dr. David Alan Gilbert (git)"  wrote:
> G> From: "Dr. David Alan Gilbert" 
> >
> > The migration code now occupies a fair chunk of the top level .c
> > files, it seems time to give it it's own directory.
> >
> > I've not touched:
> >arch_init.c - that's mostly RAM migration but has a few random other
> >  bits
> 
> Will split the memory bits, and can go to migration.
> 
> >savevm.c- because it's built target specific
> 
> Damn, would have to look at it.

Yes; I suspect it's the vmstate_register_ram that uses TARGET_PAGE_MASK,
one of the patches in my postcopy world adds a function in exec.c that
returns TARGET_PAGE_BITS so that stuff that needs to know target page size
can make a call to find it out; that might solve that.

Dave

> 
> >block-migration.c - should that go in block/ or migration/ ?
> 
> It is really on migration.  we have basically:
> 
> - ram-migration
> - block-migration
> 
> We can call other names if people preffer.
> 
> >
> > This is purely a code move; no code has changed.
> >
> > Signed-off-by: Dr. David Alan Gilbert 
> 
> Thanks, Juan.
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v1.5] nbd: Fix filename generation

2014-10-16 Thread Kevin Wolf

Am 08.10.2014 um 19:55 hat Max Reitz geschrieben:
> Export names may be used with nbd+unix, too, fix nbd_refresh_filename()
> accordingly. Also, for nbd+tcp, the documented path schema is
> "nbd://host[:port]/export", so use it. Furthermore, as can be seen from
> that schema, the port is optional.
> 
> That makes six single cases for how the filename can be formatted; it is
> not easy to generalize these cases without the resulting statement being
> completely unreadable, thus there is simply one snprintf() per case.
> 
> Finally, taking the options from BDRVNBDState::socket_opts is wrong,
> because those will not contain the export name. Just use
> BlockDriverState::options instead.
> 
> Reported-by: Stefan Hajnoczi 
> Signed-off-by: Max Reitz 
> Reviewed-by: Paolo Bonzini 
> ---
> This is exactly the same patch as patch 1 from my series
> "[PATCH 0/3] block: Fix filename generation for blkdebug and nbd",
> except I added Paolo's R-b. The reason I split it off from the series is
> that is an actual bug fix and therefore I want to get it merged
> regardless of when the blkdebug patches are getting reviewed.
> ---
>  block/nbd.c | 44 +---
>  1 file changed, 29 insertions(+), 15 deletions(-)
> 
> diff --git a/block/nbd.c b/block/nbd.c
> index 89775e1..04cc845 100644
> --- a/block/nbd.c
> +++ b/block/nbd.c
> @@ -342,30 +342,44 @@ static void nbd_attach_aio_context(BlockDriverState *bs,
>  
>  static void nbd_refresh_filename(BlockDriverState *bs)
>  {
> -BDRVNBDState *s = bs->opaque;
>  QDict *opts = qdict_new();
> -const char *path   = qemu_opt_get(s->socket_opts, "path");
> -const char *host   = qemu_opt_get(s->socket_opts, "host");
> -const char *port   = qemu_opt_get(s->socket_opts, "port");
> -const char *export = qemu_opt_get(s->socket_opts, "export");
> +const char *path   = qdict_get_try_str(bs->options, "path");
> +const char *host   = qdict_get_try_str(bs->options, "host");
> +const char *port   = qdict_get_try_str(bs->options, "port");
> +const char *export = qdict_get_try_str(bs->options, "export");
>  
>  qdict_put_obj(opts, "driver", QOBJECT(qstring_from_str("nbd")));
>  
> -if (path) {
> +if (path && export) {
>  snprintf(bs->exact_filename, sizeof(bs->exact_filename),
> - "nbd+unix:%s", path);
> -qdict_put_obj(opts, "path", QOBJECT(qstring_from_str(path)));
> -} else if (export) {
> + "nbd+unix:///%s?socket=%s", export, path);

We really need URL encoding for all of the strings we're putting into
the URL here and in the other cases in this function. It's a preexisting,
independent problem, though, so this patch is still a strict
improvement.

Thanks, applied to the block branch.

Kevin

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

> -Original Message-
> From: Peter Maydell [mailto:peter.mayd...@linaro.org]
> Sent: 15 October 2014 18:30
> To: Paul Durrant
> Cc: QEMU Developers; xen-de...@lists.xenproject.org; Stefano Stabellini;
> Paolo Bonzini; Michael Tokarev; Stefan Hajnoczi; Stefan Weil; Olaf Hering;
> Gerd Hoffmann; Alexey Kardashevskiy; Alexander Graf
> Subject: Re: [PATCH v3 2/2] Xen: Use the ioreq-server API when available
> 
> On 15 October 2014 11:16, Paul Durrant  wrote:
> > The ioreq-server API added to Xen 4.5 offers better security than
> > the existing Xen/QEMU interface because the shared pages that are
> > used to pass emulation request/results back and forth are removed
> > from the guest's memory space before any requests are serviced.
> > This prevents the guest from mapping these pages (they are in a
> > well known location) and attempting to attack QEMU by synthesizing
> > its own request structures. Hence, this patch modifies configure
> > to detect whether the API is available, and adds the necessary
> > code to use the API if it is.
> 
> This commit message doesn't mention it, but presumably this is
> all x86-specific given it's in a file which is only used for
> x86 Xen?
> 
> > +static void xen_hvm_pre_save(void *opaque)
> > +{
> > +XenIOState *state = opaque;
> > +
> > +/* Stop servicing emulation requests */
> > +xen_set_ioreq_server_state(xen_xc, xen_domid, state->ioservid, 0);
> > +xen_destroy_ioreq_server(xen_xc, xen_domid, state->ioservid);
> > +}
> > +
> > +static const VMStateDescription vmstate_xen_hvm = {
> > +.name = "xen-hvm",
> > +.version_id = 4,
> > +.minimum_version_id = 4,
> 
> This is new in upstream so why's it starting at version 4?
> 

Good point. I was just using the Xen major, but that doesn't make much sense.

> > +.pre_save = xen_hvm_pre_save,
> > +.fields = (VMStateField[]) {
> > +VMSTATE_END_OF_LIST()
> > +},
> 
> A vmstate which doesn't actually save any state? This seems
> rather suspicious...
> 

Not really. The state is actually in Xen and so is saved by the Xen toolstack. 
I need the pre-save hook here because the pages shared between QEMU and Xen 
need re-inserting into the guest before the Xen toolstack saves the memory 
image.

> > @@ -1060,12 +1185,19 @@ int xen_hvm_init(ram_addr_t
> *below_4g_mem_size, ram_addr_t *above_4g_mem_size,
> >  xen_ram_init(below_4g_mem_size, above_4g_mem_size, ram_size,
> ram_memory);
> >
> >
> qemu_add_vm_change_state_handler(xen_hvm_change_state_handler,
> state);
> > +vmstate_register(NULL, 0, &vmstate_xen_hvm, state);
> 
> Is the new use of vmstate_register() really necessary?
> Usually the state you're saving corresponds to some QOM
> device whose vmsd field you can use instead.
> 

I don't think so. As I said, there is no state to save but there is need for a 
callback before state is saved. Is there another way to achieve that? I could 
not find any 'clean' way to do it.

  Paul

> thanks
> -- PMM

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

> -Original Message-
> From: Paolo Bonzini [mailto:pbonz...@redhat.com]
> Sent: 16 October 2014 08:37
> To: Peter Maydell; Paul Durrant
> Cc: QEMU Developers; xen-de...@lists.xenproject.org; Stefano Stabellini;
> Michael Tokarev; Stefan Hajnoczi; Stefan Weil; Olaf Hering; Gerd Hoffmann;
> Alexey Kardashevskiy; Alexander Graf
> Subject: Re: [PATCH v3 2/2] Xen: Use the ioreq-server API when available
> 
> Il 15/10/2014 19:30, Peter Maydell ha scritto:
> > On 15 October 2014 11:16, Paul Durrant  wrote:
> >> The ioreq-server API added to Xen 4.5 offers better security than
> >> the existing Xen/QEMU interface because the shared pages that are
> >> used to pass emulation request/results back and forth are removed
> >> from the guest's memory space before any requests are serviced.
> >> This prevents the guest from mapping these pages (they are in a
> >> well known location) and attempting to attack QEMU by synthesizing
> >> its own request structures. Hence, this patch modifies configure
> >> to detect whether the API is available, and adds the necessary
> >> code to use the API if it is.
> >
> > This commit message doesn't mention it, but presumably this is
> > all x86-specific given it's in a file which is only used for
> > x86 Xen?
> >
> >> +static void xen_hvm_pre_save(void *opaque)
> >> +{
> >> +XenIOState *state = opaque;
> >> +
> >> +/* Stop servicing emulation requests */
> >> +xen_set_ioreq_server_state(xen_xc, xen_domid, state->ioservid, 0);
> >> +xen_destroy_ioreq_server(xen_xc, xen_domid, state->ioservid);
> >> +}
> >> +
> >> +static const VMStateDescription vmstate_xen_hvm = {
> >> +.name = "xen-hvm",
> >> +.version_id = 4,
> >> +.minimum_version_id = 4,
> >
> > This is new in upstream so why's it starting at version 4?
> >
> >> +.pre_save = xen_hvm_pre_save,
> >> +.fields = (VMStateField[]) {
> >> +VMSTATE_END_OF_LIST()
> >> +},
> >
> > A vmstate which doesn't actually save any state? This seems
> > rather suspicious...
> >
> >> @@ -1060,12 +1185,19 @@ int xen_hvm_init(ram_addr_t
> *below_4g_mem_size, ram_addr_t *above_4g_mem_size,
> >>  xen_ram_init(below_4g_mem_size, above_4g_mem_size, ram_size,
> ram_memory);
> >>
> >>
> qemu_add_vm_change_state_handler(xen_hvm_change_state_handler,
> state);
> >> +vmstate_register(NULL, 0, &vmstate_xen_hvm, state);
> >
> > Is the new use of vmstate_register() really necessary?
> > Usually the state you're saving corresponds to some QOM
> > device whose vmsd field you can use instead.
> 
> In this case, it seems like a job for a vmstate change handler.
> 

I looked at that but it did not seem to give me the right semantic, whereas the 
pre-save callback gave me exactly the right semantic.

  Paul

> Paolo

Re: [Qemu-devel] [PULL 00/34] allow changing bootorder via monitor

On 15 October 2014 11:05, Gerd Hoffmann  wrote:
>   Hi,
>
> It's finally sorted, here comes the pull request for the bootindex patch
> series which turns bootindex into a writable qom property and thereby
> allows changing the bootorder at runtime via monitor.
>
> please pull,
>   Gerd
>
> The following changes since commit b1d28ec6a7dbdaadda39d29322f0de694aeb0b74:
>
>   Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20141010' into 
> staging (2014-10-10 14:55:29 +0100)
>
> are available in the git repository at:
>
>
>   git://git.kraxel.org/qemu tags/pull-bootindex-20141015-1
>
> for you to fetch changes up to 54086fe5d2c562a3173126d9991bd064faf1e884:
>
>   bootindex: change fprintf to error_report (2014-10-15 10:46:01 +0200)
>
> 
> allow changing bootorder via monitor at runtime,
> by making bootindex a writable qom property.
>
> 

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH v4 16/47] Return path: Source handling of return path


On 2014/10/4 1:47, Dr. David Alan Gilbert (git) wrote:

From: "Dr. David Alan Gilbert" 

Open a return path, and handle messages that are received upon it.

Signed-off-by: Dr. David Alan Gilbert 
---
  include/migration/migration.h |  10 +++
  migration.c   | 181 +-
  2 files changed, 190 insertions(+), 1 deletion(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index 12e640d..b87c289 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -47,6 +47,14 @@ enum mig_rpcomm_cmd {
  MIG_RPCOMM_ACK,  /* data (seq: be32 ) */
  MIG_RPCOMM_AFTERLASTVALID
  };
+
+/* Source side RP state */
+struct MigrationRetPathState {
+uint32_t  latest_ack;
+QemuThreadrp_thread;
+bool  error;
+};
+
  typedef struct MigrationState MigrationState;

  /* State for the incoming migration */
@@ -69,9 +77,11 @@ struct MigrationState
  QemuThread thread;
  QEMUBH *cleanup_bh;
  QEMUFile *file;
+QEMUFile *return_path;

  int state;
  MigrationParams params;
+struct MigrationRetPathState rp_state;
  double mbps;
  int64_t total_time;
  int64_t downtime;
diff --git a/migration.c b/migration.c
index 5ba8f3e..ee6db1d 100644
--- a/migration.c
+++ b/migration.c
@@ -246,6 +246,23 @@ MigrationCapabilityStatusList 
*qmp_query_migrate_capabilities(Error **errp)
  return head;
  }

+/*
+ * Return true if we're already in the middle of a migration
+ * (i.e. any of the active or setup states)
+ */
+static bool migration_already_active(MigrationState *ms)
+{
+switch (ms->state) {
+case MIG_STATE_ACTIVE:
+case MIG_STATE_SETUP:
+return true;
+
+default:
+return false;
+
+}
+}
+
  static void get_xbzrle_cache_stats(MigrationInfo *info)
  {
  if (migrate_use_xbzrle()) {
@@ -371,6 +388,21 @@ static void migrate_set_state(MigrationState *s, int 
old_state, int new_state)
  }
  }

+static void migrate_fd_cleanup_src_rp(MigrationState *ms)
+{
+QEMUFile *rp = ms->return_path;
+
+/*
+ * When stuff goes wrong (e.g. failing destination) on the rp, it can get
+ * cleaned up from a few threads; make sure not to do it twice in parallel
+ */
+rp = atomic_cmpxchg(&ms->return_path, rp, NULL);
+if (rp) {
+DPRINTF("cleaning up return path\n");
+qemu_fclose(rp);
+}
+}
+
  static void migrate_fd_cleanup(void *opaque)
  {
  MigrationState *s = opaque;
@@ -378,6 +410,8 @@ static void migrate_fd_cleanup(void *opaque)
  qemu_bh_delete(s->cleanup_bh);
  s->cleanup_bh = NULL;

+migrate_fd_cleanup_src_rp(s);
+
  if (s->file) {
  trace_migrate_fd_cleanup();
  qemu_mutex_unlock_iothread();
@@ -414,6 +448,11 @@ static void migrate_fd_cancel(MigrationState *s)
  int old_state ;
  trace_migrate_fd_cancel();

+if (s->return_path) {
+/* shutdown the rp socket, so causing the rp thread to shutdown */
+qemu_file_shutdown(s->return_path);
+}
+
  do {
  old_state = s->state;
  if (old_state != MIG_STATE_SETUP && old_state != MIG_STATE_ACTIVE) {
@@ -655,8 +694,148 @@ int64_t migrate_xbzrle_cache_size(void)
  return s->xbzrle_cache_size;
  }

-/* migration thread support */
+/*
+ * Something bad happened to the RP stream, mark an error
+ * The caller shall print something to indicate why
+ */
+static void source_return_path_bad(MigrationState *s)
+{
+s->rp_state.error = true;
+migrate_fd_cleanup_src_rp(s);
+}

+/*
+ * Handles messages sent on the return path towards the source VM
+ *
+ */
+static void *source_return_path_thread(void *opaque)
+{
+MigrationState *ms = opaque;
+QEMUFile *rp = ms->return_path;
+uint16_t expected_len, header_len, header_com;
+const int max_len = 512;
+uint8_t buf[max_len];
+uint32_t tmp32;
+int res;
+
+DPRINTF("RP: %s entry", __func__);
+while (rp && !qemu_file_get_error(rp) &&
+migration_already_active(ms)) {
+DPRINTF("RP: %s top of loop", __func__);
+header_com = qemu_get_be16(rp);
+header_len = qemu_get_be16(rp);
+
+switch (header_com) {
+case MIG_RPCOMM_SHUT:
+case MIG_RPCOMM_ACK:
+expected_len = 4;
+break;
+
+default:
+error_report("RP: Received invalid cmd 0x%04x length 0x%04x",
+header_com, header_len);
+source_return_path_bad(ms);
+goto out;
+}
+
+if (header_len > expected_len) {
+error_report("RP: Received command 0x%04x with"
+"incorrect length %d expecting %d",
+header_com, header_len,
+expected_len);
+source_return_path_bad(ms);
+goto out;
+}
+
+/* We know we've got a valid header by this point */
+res = qemu_get_buffer(rp, buf, header_len);
+if (r

Re: [Qemu-devel] [PATCH v2 1/2] raw-posix: Fix raw_co_get_block_status() after EOF

2014-10-16 Thread Kevin Wolf

Am 22.09.2014 um 17:36 hat Max Reitz geschrieben:
> As its comment states, raw_co_get_block_status() should unconditionally
> return 0 and set *pnum to 0 for after EOF.
> 
> An assertion after lseek(..., SEEK_HOLE) tried to catch this case by
> asserting that errno != -ENXIO (which would indicate a position after
> the EOF); but it should be errno != ENXIO instead. Fix this, too.
> 
> Additionally, nb_sectors should be clamped against the image end. This
> was probably not an issue if FIEMAP or SEEK_HOLE/SEEK_DATA worked, but
> the fallback did not take this case into account.
> 
> Reported-by: Kevin Wolf 
> Signed-off-by: Max Reitz 
> ---
>  block/raw-posix.c | 12 ++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/block/raw-posix.c b/block/raw-posix.c
> index a253697..dd57992 100644
> --- a/block/raw-posix.c
> +++ b/block/raw-posix.c
> @@ -1509,9 +1509,9 @@ static int64_t try_seek_hole(BlockDriverState *bs, 
> off_t start, off_t *data,
>  
>  *hole = lseek(s->fd, start, SEEK_HOLE);
>  if (*hole == -1) {
> -/* -ENXIO indicates that sector_num was past the end of the file.
> +/* ENXIO indicates that sector_num was past the end of the file.
>   * There is a virtual hole there.  */
> -assert(errno != -ENXIO);
> +assert(errno != ENXIO);

This assertion can be triggered if another process truncates the file in
the background after it has been opened (bdrv_getlength() usually uses
the cached value, so this race condition isn't even hard to reproduce).

Kevin

>  return -errno;
>  }
> @@ -1552,6 +1552,7 @@ static int64_t coroutine_fn 
> raw_co_get_block_status(BlockDriverState *bs,
>  int nb_sectors, int 
> *pnum)
>  {
>  off_t start, data = 0, hole = 0;
> +int64_t total_size;
>  int64_t ret;
>  
>  ret = fd_open(bs);
> @@ -1560,6 +1561,13 @@ static int64_t coroutine_fn 
> raw_co_get_block_status(BlockDriverState *bs,
>  }
>  
>  start = sector_num * BDRV_SECTOR_SIZE;
> +total_size = bdrv_getlength(bs);

bdrv_getlength() can fail.

> +if (start >= total_size) {
> +*pnum = 0;
> +return 0;
> +} else if (start + nb_sectors * BDRV_SECTOR_SIZE > total_size) {
> +nb_sectors = (total_size - start) / BDRV_SECTOR_SIZE;
> +}

Kevin

Re: [Qemu-devel] [PATCH v4 16/47] Return path: Source handling of return path

2014-10-16 Thread Dr. David Alan Gilbert

* zhanghailiang (zhang.zhanghaili...@huawei.com) wrote:

> >+case MIG_RPCOMM_ACK:
> >+tmp32 = be32_to_cpup((uint32_t *)buf);
> >+DPRINTF("RP: Received ACK 0x%x", tmp32);
> >+atomic_xchg(&ms->rp_state.latest_ack, tmp32);
> 
> I didn't see *ms->rp_state.latest_ack* been used elsewhere, what's it used 
> for?;)

Nothing currently; I've used the REQ/ACK as debug at the moment;   I was 
thinking
that someone might want to wait on an ack being received before carrying on; 
but hadn't
actually needed it in postcopy.

Dave

--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH RFC 3/7] tcg: add sync_temp opcode

Currently every field of CPUArchState can be accessed from the TCG-generated 
code
as a memory location or as a global but not both. In order to be able to mix
these two approaches we need to restore consistency between value of global
(possibly kept on register) and value in corresponding memory location.

Introduce sync_temp TCGOpcode which instructs register allocator to
save value of a global into its memory location.

Signed-off-by: Kirill Batuzov 
---
 tcg/tcg-op.h  |   10 ++
 tcg/tcg-opc.h |1 +
 tcg/tcg.c |   12 
 3 files changed, 23 insertions(+)

diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 81291fd..ea2b14f 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -1808,6 +1808,16 @@ static inline void tcg_gen_discard_i64(TCGv_i64 arg)
 #endif
 }
 
+static inline void tcg_gen_discard_v128(TCGv_v128 arg)
+{
+tcg_gen_op1_v128(INDEX_op_discard, arg);
+}
+
+static inline void tcg_gen_sync_temp_v128(TCGv_v128 arg)
+{
+tcg_gen_op1_v128(INDEX_op_sync_temp, arg);
+}
+
 static inline void tcg_gen_andc_i32(TCGv_i32 ret, TCGv_i32 arg1, TCGv_i32 arg2)
 {
 if (TCG_TARGET_HAS_andc_i32) {
diff --git a/tcg/tcg-opc.h b/tcg/tcg-opc.h
index 042d442..0916d83 100644
--- a/tcg/tcg-opc.h
+++ b/tcg/tcg-opc.h
@@ -37,6 +37,7 @@ DEF(nop3, 0, 0, 3, TCG_OPF_NOT_PRESENT)
 DEF(nopn, 0, 0, 1, TCG_OPF_NOT_PRESENT)
 
 DEF(discard, 1, 0, 0, TCG_OPF_NOT_PRESENT)
+DEF(sync_temp, 0, 1, 0, TCG_OPF_NOT_PRESENT)
 DEF(set_label, 0, 0, 1, TCG_OPF_BB_END | TCG_OPF_NOT_PRESENT)
 
 /* variable number of parameters */
diff --git a/tcg/tcg.c b/tcg/tcg.c
index d01f357..ff157b7 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -1553,6 +1553,11 @@ static void tcg_liveness_analysis(TCGContext *s)
 dead_temps[args[0]] = 1;
 mem_temps[args[0]] = 0;
 break;
+case INDEX_op_sync_temp:
+args--;
+dead_temps[args[0]] = 1;
+mem_temps[args[0]] = 1;
+break;
 case INDEX_op_end:
 break;
 
@@ -2527,6 +2532,13 @@ static inline int tcg_gen_code_common(TCGContext *s,
 case INDEX_op_discard:
 temp_dead(s, args[0]);
 break;
+case INDEX_op_sync_temp:
+/* We use it only for globals currently. */
+assert(args[0] < s->nb_globals);
+if (s->temps[args[0]].val_type == TEMP_VAL_REG) {
+tcg_reg_free(s, s->temps[args[0]].reg);
+}
+break;
 case INDEX_op_set_label:
 tcg_reg_alloc_bb_end(s, s->reserved_regs);
 tcg_out_label(s, args[0], s->code_ptr);
-- 
1.7.10.4

[Qemu-devel] [PATCH RFC 5/7] target-arm: support access to 128-bit guest registers as globals

To support 128-bit guest registers as globals we need to do two things:

1) create corresponding globals,
2) add sync_temp/discard to code that access these registers as memory
   locations.

Note that the second part is not complete in this RFC yet and mixing NEON with
VFP code can result in miscompile.

Signed-off-by: Kirill Batuzov 
---
 target-arm/translate.c |   18 --
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 8a2994f..22855d8 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -64,6 +64,7 @@ TCGv_ptr cpu_env;
 /* We reuse the same 64-bit temporaries for efficiency.  */
 static TCGv_i64 cpu_V0, cpu_V1, cpu_M0;
 static TCGv_i32 cpu_R[16];
+static TCGv_v128 cpu_Q[16];
 static TCGv_i32 cpu_CF, cpu_NF, cpu_VF, cpu_ZF;
 static TCGv_i64 cpu_exclusive_addr;
 static TCGv_i64 cpu_exclusive_val;
@@ -78,10 +79,14 @@ static TCGv_i64 cpu_F0d, cpu_F1d;
 
 #include "exec/gen-icount.h"
 
-static const char *regnames[] =
+static const char *regnames_r[] =
 { "r0", "r1", "r2", "r3", "r4", "r5", "r6", "r7",
   "r8", "r9", "r10", "r11", "r12", "r13", "r14", "pc" };
 
+static const char *regnames_q[] =
+{ "q0", "q1", "q2", "q3", "q4", "q5", "q6", "q7",
+  "q8", "q9", "q10", "q11", "q12", "q13", "q14", "q15" };
+
 /* initialize TCG globals.  */
 void arm_translate_init(void)
 {
@@ -92,7 +97,12 @@ void arm_translate_init(void)
 for (i = 0; i < 16; i++) {
 cpu_R[i] = tcg_global_mem_new_i32(TCG_AREG0,
   offsetof(CPUARMState, regs[i]),
-  regnames[i]);
+  regnames_r[i]);
+}
+for (i = 0; i < 16; i++) {
+cpu_Q[i] = tcg_global_mem_new_v128(TCG_AREG0,
+   offsetof(CPUARMState, vfp.regs[2 * 
i]),
+   regnames_q[i]);
 }
 cpu_CF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, CF), 
"CF");
 cpu_NF = tcg_global_mem_new_i32(TCG_AREG0, offsetof(CPUARMState, NF), 
"NF");
@@ -1237,23 +1247,27 @@ neon_reg_offset (int reg, int n)
 static TCGv_i32 neon_load_reg(int reg, int pass)
 {
 TCGv_i32 tmp = tcg_temp_new_i32();
+tcg_gen_sync_temp_v128(cpu_Q[reg >> 1]);
 tcg_gen_ld_i32(tmp, cpu_env, neon_reg_offset(reg, pass));
 return tmp;
 }
 
 static void neon_store_reg(int reg, int pass, TCGv_i32 var)
 {
+tcg_gen_discard_v128(cpu_Q[reg >> 1]);
 tcg_gen_st_i32(var, cpu_env, neon_reg_offset(reg, pass));
 tcg_temp_free_i32(var);
 }
 
 static inline void neon_load_reg64(TCGv_i64 var, int reg)
 {
+tcg_gen_sync_temp_v128(cpu_Q[reg >> 1]);
 tcg_gen_ld_i64(var, cpu_env, vfp_reg_offset(1, reg));
 }
 
 static inline void neon_store_reg64(TCGv_i64 var, int reg)
 {
+tcg_gen_discard_v128(cpu_Q[reg >> 1]);
 tcg_gen_st_i64(var, cpu_env, vfp_reg_offset(1, reg));
 }
 
-- 
1.7.10.4

[Qemu-devel] [PATCH RFC 2/7] tcg: store ENV global in TCGContext

When a TCG backend does not support some vector operation we need to emulate
this operation. Unlike arguments of the scalar operations vector values are
hard to operate on directly or to be passed as function arguments (because
a target may lack corresponding type support). To avoid this we will use
pointers to host memory locations holding values of temporaries. This memory
locations for globals must be their canonical locations in CPUArchState
because moving them around is expensive and hard to implement.

Fortunately globals always have memory locations statically assigned to them.
They are addressed relative to AREG0. To express direct access to this memory
in TCG opcodes we need to know global variable ENV (which corresponds to this
AREG0).

Add a field to TCGContext. Frontends can save ENV there during translate_init.
It will be used in handling vector operations only so targets that do not use
vector support do not need to set it.

Signed-off-by: Kirill Batuzov 
---
 tcg/tcg.h |1 +
 1 file changed, 1 insertion(+)

diff --git a/tcg/tcg.h b/tcg/tcg.h
index 01dbede..83fb0d3 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -496,6 +496,7 @@ struct TCGContext {
 tcg_insn_unit *code_ptr;
 TCGTemp temps[TCG_MAX_TEMPS]; /* globals first, temps after */
 TCGTempSet free_temps[TCG_TYPE_COUNT * 2];
+TCGv_ptr cpu_env; /* used to access memory locations for vector globals */
 
 GHashTable *helpers;
 
-- 
1.7.10.4

[Qemu-devel] [PATCH RFC 1/7] tcg: add support for 128bit vector type

Introduce TCG_TYPE_V128 and corresponding TCGv_v128 for TCG temps. Add wrapper
functions that work with temps of this new type.

Signed-off-by: Kirill Batuzov 
---
 tcg/tcg-op.h |   23 +++
 tcg/tcg.c|   24 
 tcg/tcg.h|   28 
 3 files changed, 75 insertions(+)

diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index 019dd9b..81291fd 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -345,6 +345,29 @@ static inline void tcg_gen_op6ii_i64(TCGOpcode opc, 
TCGv_i64 arg1,
 *tcg_ctx.gen_opparam_ptr++ = arg6;
 }
 
+static inline void tcg_gen_op1_v128(TCGOpcode opc, TCGv_v128 arg1)
+{
+*tcg_ctx.gen_opc_ptr++ = opc;
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_V128(arg1);
+}
+
+static inline void tcg_gen_op2_v128(TCGOpcode opc, TCGv_v128 arg1,
+TCGv_v128 arg2)
+{
+*tcg_ctx.gen_opc_ptr++ = opc;
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_V128(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_V128(arg2);
+}
+
+static inline void tcg_gen_op3_v128(TCGOpcode opc, TCGv_v128 arg1,
+TCGv_v128 arg2, TCGv_v128 arg3)
+{
+*tcg_ctx.gen_opc_ptr++ = opc;
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_V128(arg1);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_V128(arg2);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_V128(arg3);
+}
+
 static inline void tcg_add_param_i32(TCGv_i32 val)
 {
 *tcg_ctx.gen_opparam_ptr++ = GET_TCGV_I32(val);
diff --git a/tcg/tcg.c b/tcg/tcg.c
index 7a84b87..d01f357 100644
--- a/tcg/tcg.c
+++ b/tcg/tcg.c
@@ -542,6 +542,12 @@ TCGv_i64 tcg_global_mem_new_i64(int reg, intptr_t offset, 
const char *name)
 return MAKE_TCGV_I64(idx);
 }
 
+TCGv_v128 tcg_global_mem_new_v128(int reg, intptr_t offset, const char *name)
+{
+int idx = tcg_global_mem_new_internal(TCG_TYPE_V128, reg, offset, name);
+return MAKE_TCGV_V128(idx);
+}
+
 static inline int tcg_temp_new_internal(TCGType type, int temp_local)
 {
 TCGContext *s = &tcg_ctx;
@@ -612,6 +618,14 @@ TCGv_i64 tcg_temp_new_internal_i64(int temp_local)
 return MAKE_TCGV_I64(idx);
 }
 
+TCGv_v128 tcg_temp_new_internal_v128(int temp_local)
+{
+int idx;
+
+idx = tcg_temp_new_internal(TCG_TYPE_V128, temp_local);
+return MAKE_TCGV_V128(idx);
+}
+
 static void tcg_temp_free_internal(int idx)
 {
 TCGContext *s = &tcg_ctx;
@@ -644,6 +658,11 @@ void tcg_temp_free_i64(TCGv_i64 arg)
 tcg_temp_free_internal(GET_TCGV_I64(arg));
 }
 
+void tcg_temp_free_v128(TCGv_v128 arg)
+{
+tcg_temp_free_internal(GET_TCGV_V128(arg));
+}
+
 TCGv_i32 tcg_const_i32(int32_t val)
 {
 TCGv_i32 t0;
@@ -1062,6 +1081,11 @@ char *tcg_get_arg_str_i64(TCGContext *s, char *buf, int 
buf_size, TCGv_i64 arg)
 return tcg_get_arg_str_idx(s, buf, buf_size, GET_TCGV_I64(arg));
 }
 
+char *tcg_get_arg_str_v128(TCGContext *s, char *buf, int buf_size, TCGv_v128 
arg)
+{
+return tcg_get_arg_str_idx(s, buf, buf_size, GET_TCGV_V128(arg));
+}
+
 /* Find helper name.  */
 static inline const char *tcg_find_helper(TCGContext *s, uintptr_t val)
 {
diff --git a/tcg/tcg.h b/tcg/tcg.h
index 7285f71..01dbede 100644
--- a/tcg/tcg.h
+++ b/tcg/tcg.h
@@ -194,6 +194,7 @@ typedef struct TCGPool {
 typedef enum TCGType {
 TCG_TYPE_I32,
 TCG_TYPE_I64,
+TCG_TYPE_V128,
 TCG_TYPE_COUNT, /* number of different types */
 
 /* An alias for the size of the host register.  */
@@ -286,6 +287,7 @@ typedef tcg_target_ulong TCGArg;
 typedef struct TCGv_i32_d *TCGv_i32;
 typedef struct TCGv_i64_d *TCGv_i64;
 typedef struct TCGv_ptr_d *TCGv_ptr;
+typedef struct TCGv_v128_d *TCGv_v128;
 
 static inline TCGv_i32 QEMU_ARTIFICIAL MAKE_TCGV_I32(intptr_t i)
 {
@@ -302,6 +304,11 @@ static inline TCGv_ptr QEMU_ARTIFICIAL 
MAKE_TCGV_PTR(intptr_t i)
 return (TCGv_ptr)i;
 }
 
+static inline TCGv_v128 QEMU_ARTIFICIAL MAKE_TCGV_V128(intptr_t i)
+{
+return (TCGv_v128)i;
+}
+
 static inline intptr_t QEMU_ARTIFICIAL GET_TCGV_I32(TCGv_i32 t)
 {
 return (intptr_t)t;
@@ -317,6 +324,11 @@ static inline intptr_t QEMU_ARTIFICIAL 
GET_TCGV_PTR(TCGv_ptr t)
 return (intptr_t)t;
 }
 
+static inline intptr_t QEMU_ARTIFICIAL GET_TCGV_V128(TCGv_v128 t)
+{
+return (intptr_t)t;
+}
+
 #if TCG_TARGET_REG_BITS == 32
 #define TCGV_LOW(t) MAKE_TCGV_I32(GET_TCGV_I64(t))
 #define TCGV_HIGH(t) MAKE_TCGV_I32(GET_TCGV_I64(t) + 1)
@@ -324,15 +336,18 @@ static inline intptr_t QEMU_ARTIFICIAL 
GET_TCGV_PTR(TCGv_ptr t)
 
 #define TCGV_EQUAL_I32(a, b) (GET_TCGV_I32(a) == GET_TCGV_I32(b))
 #define TCGV_EQUAL_I64(a, b) (GET_TCGV_I64(a) == GET_TCGV_I64(b))
+#define TCGV_EQUAL_V128(a, b) (GET_TCGV_V128(a) == GET_TCGV_V128(b))
 #define TCGV_EQUAL_PTR(a, b) (GET_TCGV_PTR(a) == GET_TCGV_PTR(b))
 
 /* Dummy definition to avoid compiler warnings.  */
 #define TCGV_UNUSED_I32(x) x = MAKE_TCGV_I32(-1)
 #define TCGV_UNUSED_I64(x) x = MAKE_TCGV_I64(-1)
+#define TCGV_UNUSED_V128(x) x = MAKE_TCGV_V128(-1)
 #define TCGV_UNUSED_PTR(x) x = MAKE_TCGV_PTR(-1)
 
 #define TCGV_IS_

[Qemu-devel] [PATCH RFC 6/7] target-arm: use add_i32x4 opcode to handle vadd.i32 instruction


Signed-off-by: Kirill Batuzov 
---
 target-arm/translate.c |   12 
 1 file changed, 12 insertions(+)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index 22855d8..00ea5cf 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -5239,6 +5239,18 @@ static int disas_neon_data_insn(CPUARMState * env, 
DisasContext *s, uint32_t ins
 return 1;
 }
 
+/* Use vector ops to handle what we can */
+switch (op) {
+case NEON_3R_VADD_VSUB:
+if (!u && size == 2) {
+tcg_gen_add_i32x4(cpu_Q[rd >> 1], cpu_Q[rn >> 1], cpu_Q[rm 
>> 1]);
+return 0;
+}
+break;
+default:
+break;
+}
+
 for (pass = 0; pass < (q ? 4 : 2); pass++) {
 
 if (pairwise) {
-- 
1.7.10.4

[Qemu-devel] [PATCH RFC 0/7] Translate guest vector operations to host vector operations

> (4) Consider supporting generic vector operations in the TCG?

I gave it a go and was quite happy with the result. I have implemented the 
add_i32x4
opcode which is addition of 128-bit vectors composed of four 32-bit integers
and used it to translate NEON vadd.i32 to SSE paddd instruction. I used ARM for
my guest because I'm familiar with this architecture and it is different from
my host.

I got a 3x speedup on my testcase:

mov r0, #0xb000
loop:
vadd.i32q0, q0, q1
vadd.i32q0, q0, q1
vadd.i32q0, q0, q1
vadd.i32q0, q0, q1
subsr0, r0, #1
bne loop

Evaluation results:

master: 25.398s
patched: 7.704s

Generated code:

IN: 
0x8298:  f2200842  vadd.i32 q0, q0, q1
0x829c:  f2200842  vadd.i32 q0, q0, q1
0x82a0:  f2200842  vadd.i32 q0, q0, q1
0x82a4:  f2200842  vadd.i32 q0, q0, q1
<...>

OP after optimization and liveness analysis:
 ld_i32 tmp5,env,$0xfffc
 movi_i32 tmp6,$0x0
 brcond_i32 tmp5,tmp6,ne,$0x0
  0x8298
 add_i32x4 q0,q0,q1

  0x829c
 add_i32x4 q0,q0,q1

  0x82a0
 add_i32x4 q0,q0,q1

  0x82a4
 add_i32x4 q0,q0,q1
<...>

OUT: [size=196]
0x60442450:  mov-0x4(%r14),%ebp
0x60442454:  test   %ebp,%ebp
0x60442456:  jne0x60442505
0x6044245c:  movdqu 0x658(%r14),%xmm0
0x60442465:  movdqu 0x668(%r14),%xmm1
0x6044246e:  paddd  %xmm1,%xmm0
0x60442472:  paddd  %xmm1,%xmm0
0x60442476:  paddd  %xmm1,%xmm0
0x6044247a:  paddd  %xmm1,%xmm0
0x6044247e:  movdqu %xmm0,0x658(%r14)
<...>

> But for target-alpha, there's one vector comparison operation that appears in
> every guest string operation, and is used heavily enough that it's in the top
> 10 functions in the profile: cmpbge (compare bytes greater or equal).

cmpbge can be translated as follows:

cmpge_i8x8  tmp0, arg1, arg2
select_msb_i8x8 res, tmp0

where cmpge is "compare grater or equal" with following semantic:
res[i] = <111...11> if arg1[i] >= arg2[i]
res[i] = <000...00> if arg1[i] <  arg2[i]
There is such operation in NEON. In SSE we can emulate it with PCMPEQB, PCMPGTB
and POR.

select_msb is "select most significant bit". SSE instruction PMOVMSKB.

> While making helper functions faster is good I've wondered if they is
> enough genericsm across the various SIMD/vector operations we could add
> add TCG ops to translate them? The ops could fall back to generic helper
> functions using the GCC instrinsics if we know there is no decent
> back-end support for them?

>From Valgrind experience there are enough genericism. Valgrind can translate
SSE, AltiVec and NEON instructions to vector opcodes. Most of the opcodes are
reused between instruction sets.

But keep in mind - there are a lot of vector opcodes. Much much more than
scalar ones. You can see full list in Valgrind sources (VEX/pub/libvex_ir.h).

We can reduce the amount of opcodes by converting vector element size from part
of an opcode to a constant argument. But we will lose some flexibility offered
by the TARGET_HAS_opcode macro when target has support for some sizes but not 
for
others. For example SSE has vector minimum for sizes i8x16, i16x8, i32x4 but
does not have one for size i64x2. 

Some implementation details and concerns.

The most problematic issue was the fact that with vector registers we have one
entity that can be accessed as both global variable and memory location. I
solved it by introducing the sync_temp opcode that instructs register allocator 
to
save global variable to its memory location if it is on the register. If a
variable is not on a register or memory is already coherent - no store is 
issued,
so performance penalty for it is minimal. Still this approach has a serious
drawback: we need to generate sync_temp explicitly. But I do not know any better
way to achieve consistency.

Note that as of this RFC I have not finished conversion of ARM guest so mixing
NEON with VFP code can cause a miscompile.

The second problem is that a backend may or may not support vector operations. 
We
do not want each frontend to check it on every operation. I created a wrapper 
that
generates vector opcode if it is supported or generates emulation code.

For add_i32x4 emulation code is generated inline. I tried to make it a helper
but got a very significant performance loss (5x slowdown). I'm not sure about
the cause but I suspect that memory was a bottleneck and extra stores needed
by calling conventions mattered a lot.

The existing constraints are good enough to express that vector registers and
general purpose registers are different and can not be used instead of each
other.

One unsolved problem is global aliasing. With general purpose registers we have
no aliasing between globals. The only example I know where registers can alias
is the x86 ah/ax/eax/rax case. They are handled as one global. With vector
registers we have NEON where an 128-bit Q register consists of two 64-bit
D registers each consisting of two 32-bit S regist

[Qemu-devel] [PATCH RFC 7/7] tcg/i386: add support for vector opcodes

To be able to generate vector operations in TCG backend we need to do several
things.

1. We need to tell the register allocator about the target's vector registers.
   In the case of x86 we'll use xmm0..xmm7. xmm7 is designated as a scratch
   register, others can be used by register allocator.

2. We need a new constraint to indicate where to use vector registers. In this
   commit constraint 'V' is introduced.

3. We need to be able to generate bare minimum: load, store and reg-to-reg
   move. MOVDQU is used for loads and stores. MOVDQA is used for reg-to-reg
   moves.

4. Finally we need to support any other opcodes we want. INDEX_op_add_i32x4 is
   the only one for now. PADDD instruction handles it perfectly.

Signed-off-by: Kirill Batuzov 
---
 tcg/i386/tcg-target.c |  103 ++---
 tcg/i386/tcg-target.h |   24 +++-
 2 files changed, 119 insertions(+), 8 deletions(-)

diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c
index 4133dcf..f26750d 100644
--- a/tcg/i386/tcg-target.c
+++ b/tcg/i386/tcg-target.c
@@ -32,6 +32,9 @@ static const char * const 
tcg_target_reg_names[TCG_TARGET_NB_REGS] = {
 #else
 "%eax", "%ecx", "%edx", "%ebx", "%esp", "%ebp", "%esi", "%edi",
 #endif
+#ifdef TCG_TARGET_HAS_REG128
+"%xmm0", "%xmm1", "%xmm2", "%xmm3", "%xmm4", "%xmm5", "%xmm6", "%xmm7",
+#endif
 };
 #endif
 
@@ -61,6 +64,16 @@ static const int tcg_target_reg_alloc_order[] = {
 TCG_REG_EDX,
 TCG_REG_EAX,
 #endif
+#ifdef TCG_TARGET_HAS_REG128
+TCG_REG_XMM0,
+TCG_REG_XMM1,
+TCG_REG_XMM2,
+TCG_REG_XMM3,
+TCG_REG_XMM4,
+TCG_REG_XMM5,
+TCG_REG_XMM6,
+/*  TCG_REG_XMM7, <- scratch register */
+#endif
 };
 
 static const int tcg_target_call_iarg_regs[] = {
@@ -247,6 +260,10 @@ static int target_parse_constraint(TCGArgConstraint *ct, 
const char **pct_str)
 case 'I':
 ct->ct |= TCG_CT_CONST_I32;
 break;
+case 'V':
+ct->ct |= TCG_CT_REG;
+tcg_regset_set32(ct->u.regs, 0, 0xff);
+break;
 
 default:
 return -1;
@@ -301,6 +318,9 @@ static inline int tcg_target_const_match(tcg_target_long 
val, TCGType type,
 #define P_SIMDF30x1 /* 0xf3 opcode prefix */
 #define P_SIMDF20x2 /* 0xf2 opcode prefix */
 
+#define P_SSE_660F  (P_DATA16 | P_EXT)
+#define P_SSE_F30F  (P_SIMDF3 | P_EXT)
+
 #define OPC_ARITH_EvIz (0x81)
 #define OPC_ARITH_EvIb (0x83)
 #define OPC_ARITH_GvEv (0x03)  /* ... plus (ARITH_FOO << 3) */
@@ -351,6 +371,11 @@ static inline int tcg_target_const_match(tcg_target_long 
val, TCGType type,
 #define OPC_GRP3_Ev(0xf7)
 #define OPC_GRP5   (0xff)
 
+#define OPC_MOVDQU_M2R  (0x6f | P_SSE_F30F)  /* store 128-bit value */
+#define OPC_MOVDQU_R2M  (0x7f | P_SSE_F30F)  /* load 128-bit value */
+#define OPC_MOVDQA_R2R  (0x6f | P_SSE_660F)  /* reg-to-reg 128-bit mov */
+#define OPC_PADDD   (0xfe | P_SSE_660F)
+
 /* Group 1 opcode extensions for 0x80-0x83.
These are also used as modifiers for OPC_ARITH.  */
 #define ARITH_ADD 0
@@ -428,6 +453,9 @@ static void tcg_out_opc(TCGContext *s, int opc, int r, int 
rm, int x)
 assert((opc & P_REXW) == 0);
 tcg_out8(s, 0x66);
 }
+if (opc & P_SIMDF3) {
+tcg_out8(s, 0xf3);
+}
 if (opc & P_ADDR32) {
 tcg_out8(s, 0x67);
 }
@@ -634,9 +662,22 @@ static inline void tgen_arithr(TCGContext *s, int subop, 
int dest, int src)
 static inline void tcg_out_mov(TCGContext *s, TCGType type,
TCGReg ret, TCGReg arg)
 {
+int opc;
 if (arg != ret) {
-int opc = OPC_MOVL_GvEv + (type == TCG_TYPE_I64 ? P_REXW : 0);
-tcg_out_modrm(s, opc, ret, arg);
+switch (type) {
+case TCG_TYPE_V128:
+ret -= TCG_REG_XMM0;
+arg -= TCG_REG_XMM0;
+tcg_out_modrm(s, OPC_MOVDQA_R2R, ret, arg);
+break;
+case TCG_TYPE_I32:
+case TCG_TYPE_I64:
+opc = OPC_MOVL_GvEv + (type == TCG_TYPE_I64 ? P_REXW : 0);
+tcg_out_modrm(s, opc, ret, arg);
+break;
+default:
+assert(0);
+}
 }
 }
 
@@ -699,15 +740,39 @@ static inline void tcg_out_pop(TCGContext *s, int reg)
 static inline void tcg_out_ld(TCGContext *s, TCGType type, TCGReg ret,
   TCGReg arg1, intptr_t arg2)
 {
-int opc = OPC_MOVL_GvEv + (type == TCG_TYPE_I64 ? P_REXW : 0);
-tcg_out_modrm_offset(s, opc, ret, arg1, arg2);
+int opc;
+switch (type) {
+case TCG_TYPE_V128:
+ret -= TCG_REG_XMM0;
+tcg_out_modrm_offset(s, OPC_MOVDQU_M2R, ret, arg1, arg2);
+break;
+case TCG_TYPE_I32:
+case TCG_TYPE_I64:
+opc = OPC_MOVL_GvEv + (type == TCG_TYPE_I64 ? P_REXW : 0);
+tcg_out_modrm_offset(s, opc, ret, arg1, arg2);
+break;
+default:
+assert(0);
+}
 }
 
 static inline void tcg_out_st(TCGContext *s, TCGType typ

[Qemu-devel] [PATCH RFC 4/7] tcg: add add_i32x4 opcode

Introduce INDEX_op_add_i32x4 opcode which adds two 128-bit variables as vectors
of four 32-bit integers.

Add tcg_gen_add_i32x4 wrapper function that generates this opcode. If a TCG 
target
does not support it, the wrapper falls back to emulation of vector operation as
a series of scalar ones. Wrapper arguments should be globals unless the 
frontend is
sure that the backend has at least some support for vector operations (by "some
support" I mean loads, stores and moves).

Note that emulation of vector operation with scalar ones is done inline. An
attempt to do it as a helper resulted in a serious performance degradation.

Signed-off-by: Kirill Batuzov 
---
 tcg/tcg-op.h  |  108 +
 tcg/tcg-opc.h |   12 +++
 tcg/tcg.h |5 +++
 3 files changed, 125 insertions(+)

diff --git a/tcg/tcg-op.h b/tcg/tcg-op.h
index ea2b14f..c5f777d 100644
--- a/tcg/tcg-op.h
+++ b/tcg/tcg-op.h
@@ -139,6 +139,15 @@ static inline void tcg_gen_ldst_op_i64(TCGOpcode opc, 
TCGv_i64 val,
 *tcg_ctx.gen_opparam_ptr++ = offset;
 }
 
+static inline void tcg_gen_ldst_op_v128(TCGOpcode opc, TCGv_v128 val,
+   TCGv_ptr base, TCGArg offset)
+{
+*tcg_ctx.gen_opc_ptr++ = opc;
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_V128(val);
+*tcg_ctx.gen_opparam_ptr++ = GET_TCGV_PTR(base);
+*tcg_ctx.gen_opparam_ptr++ = offset;
+}
+
 static inline void tcg_gen_op4_i32(TCGOpcode opc, TCGv_i32 arg1, TCGv_i32 arg2,
TCGv_i32 arg3, TCGv_i32 arg4)
 {
@@ -1069,6 +1078,11 @@ static inline void tcg_gen_ld_i64(TCGv_i64 ret, TCGv_ptr 
arg2, tcg_target_long o
 tcg_gen_ldst_op_i64(INDEX_op_ld_i64, ret, arg2, offset);
 }
 
+static inline void tcg_gen_ld_v128(TCGv_v128 ret, TCGv_ptr arg2, 
tcg_target_long offset)
+{
+tcg_gen_ldst_op_v128(INDEX_op_ld_v128, ret, arg2, offset);
+}
+
 static inline void tcg_gen_st8_i64(TCGv_i64 arg1, TCGv_ptr arg2,
tcg_target_long offset)
 {
@@ -1092,6 +1106,11 @@ static inline void tcg_gen_st_i64(TCGv_i64 arg1, 
TCGv_ptr arg2, tcg_target_long
 tcg_gen_ldst_op_i64(INDEX_op_st_i64, arg1, arg2, offset);
 }
 
+static inline void tcg_gen_st_v128(TCGv_v128 arg1, TCGv_ptr arg2, 
tcg_target_long offset)
+{
+tcg_gen_ldst_op_v128(INDEX_op_st_v128, arg1, arg2, offset);
+}
+
 static inline void tcg_gen_add_i64(TCGv_i64 ret, TCGv_i64 arg1, TCGv_i64 arg2)
 {
 tcg_gen_op3_i64(INDEX_op_add_i64, ret, arg1, arg2);
@@ -2780,6 +2799,8 @@ static inline void tcg_gen_qemu_st64(TCGv_i64 arg, TCGv 
addr, int mem_index)
 tcg_gen_add_i32(TCGV_PTR_TO_NAT(R), TCGV_PTR_TO_NAT(A), TCGV_PTR_TO_NAT(B))
 # define tcg_gen_addi_ptr(R, A, B) \
 tcg_gen_addi_i32(TCGV_PTR_TO_NAT(R), TCGV_PTR_TO_NAT(A), (B))
+# define tcg_gen_movi_ptr(R, B) \
+tcg_gen_movi_i32(TCGV_PTR_TO_NAT(R), (B))
 # define tcg_gen_ext_i32_ptr(R, A) \
 tcg_gen_mov_i32(TCGV_PTR_TO_NAT(R), (A))
 #else
@@ -2791,6 +2812,93 @@ static inline void tcg_gen_qemu_st64(TCGv_i64 arg, TCGv 
addr, int mem_index)
 tcg_gen_add_i64(TCGV_PTR_TO_NAT(R), TCGV_PTR_TO_NAT(A), TCGV_PTR_TO_NAT(B))
 # define tcg_gen_addi_ptr(R, A, B) \
 tcg_gen_addi_i64(TCGV_PTR_TO_NAT(R), TCGV_PTR_TO_NAT(A), (B))
+# define tcg_gen_movi_ptr(R, B) \
+tcg_gen_movi_i64(TCGV_PTR_TO_NAT(R), (B))
 # define tcg_gen_ext_i32_ptr(R, A) \
 tcg_gen_ext_i32_i64(TCGV_PTR_TO_NAT(R), (A))
 #endif /* UINTPTR_MAX == UINT32_MAX */
+
+/***/
+/* 128-bit vector arithmetic.  */
+
+static inline void *tcg_v128_swap_slot(int n)
+{
+return &tcg_ctx.v128_swap[n * 16];
+}
+
+/* Find a memory location for 128-bit TCG variable. */
+static inline void tcg_v128_to_ptr(TCGv_v128 tmp, TCGv_ptr base, int slot,
+   TCGv_ptr *real_base, intptr_t *real_offset,
+   int is_read)
+{
+int idx = GET_TCGV_V128(tmp);
+assert(idx >= 0 && idx < tcg_ctx.nb_temps);
+if (idx < tcg_ctx.nb_globals) {
+/* Globals use their locations within CPUArchState. */
+int env = GET_TCGV_PTR(tcg_ctx.cpu_env);
+TCGTemp *ts_env = &tcg_ctx.temps[env];
+TCGTemp *ts_arg = &tcg_ctx.temps[idx];
+
+/* Sanity checks: global's memory locations must be addressed
+   relative to ENV. */
+assert(ts_env->val_type == TEMP_VAL_REG &&
+   ts_env->reg == ts_arg->mem_reg &&
+   ts_arg->mem_allocated);
+
+*real_base = tcg_ctx.cpu_env;
+*real_offset = ts_arg->mem_offset;
+
+if (is_read) {
+tcg_gen_sync_temp_v128(tmp);
+} else {
+tcg_gen_discard_v128(tmp);
+}
+} else {
+/* Temporaries use swap space in TCGContext. Since we already have
+   a 128-bit temporary we'll assume that the target supports 128-bit
+   loads and stores. */
+*real_base = base;
+*real_offset = slot * 16;
+if (is_read

Re: [Qemu-devel] [PATCH v4 16/47] Return path: Source handling of return path


On 2014/10/16 16:35, Dr. David Alan Gilbert wrote:

* zhanghailiang (zhang.zhanghaili...@huawei.com) wrote:


+case MIG_RPCOMM_ACK:
+tmp32 = be32_to_cpup((uint32_t *)buf);
+DPRINTF("RP: Received ACK 0x%x", tmp32);
+atomic_xchg(&ms->rp_state.latest_ack, tmp32);


I didn't see *ms->rp_state.latest_ack* been used elsewhere, what's it used 
for?;)


Nothing currently; I've used the REQ/ACK as debug at the moment;   I was 
thinking
that someone might want to wait on an ack being received before carrying on; 
but hadn't
actually needed it in postcopy.



OK, i see, Thanks.


Dave

--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

.

Re: [Qemu-devel] [PULL 0/2] vga patch queue

On 15 October 2014 11:37, Gerd Hoffmann  wrote:
>   Hi,
>
> vga patch queue with two patches, one deleting some unused bits and one
> adding the qext region to stdvga mmio to allow switching vga framebuffer
> endianess (needed for ppc64le).
>
> please pull,
>   Gerd
>
> The following changes since commit b1d28ec6a7dbdaadda39d29322f0de694aeb0b74:
>
>   Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20141010' into 
> staging (2014-10-10 14:55:29 +0100)
>
> are available in the git repository at:
>
>
>   git://git.kraxel.org/qemu tags/pull-vga-20141015-1
>
> for you to fetch changes up to 98792325435d8b46f2035eb93fa02373c7ceda44:
>
>   hw/display/vga: Remove unused arrays dmask4 and dmask16 (2014-10-15 
> 11:10:50 +0200)
>
> 
> vga-pci: add qext region to mmio
> vga: Remove unused arrays dmask4 and dmask16
>
> 

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 0/6] AHCI Device Fixes

2014-10-16 Thread John Snow

Ping!

At KVM Forum I had a discussion with (someone, sorry!) that having some
pointers to which specifications to look at here might be helpful, since
some of the fixes were just spec-adherence fixes.

See below, in-line, for some additional notes on how to review these
patches.

On 10/02/2014 12:55 AM, John Snow wrote:

Based off of feedback from the RFC of the same name,
this series batches together a group of fixes that
improve the AHCI device to fix a number of bugs.

A number of fixes included in the RFC that provide more
radical changes are omitted for now in favor of a smaller,
more easily reviewable set for QEMU 2.2.

In summary:

Patch #1 and #6 correct the format of FIS packet responses
that are available to the guest operating system upon interrupt.

Patch #2 corrects an oversight where we do not inform the
guest how many bytes we've transferred. This is relied upon
for non-NCQ modes and in some early bootup and shutdown code.

Patch #5 corrects cases with malformed scatter-gather lists that
may cause leaks, or cause QEMU to hang in an allocation loop.

Patch #4 attempts to continue minimizing the divergence of the
multiple pathways through the AHCI device by re-using existing
callbacks.

Taken together, these patches should allow non-ncq operation
for Windows hosts, as well as enable hibernation for Windows 7.

Hibernation for Windows 8 and AHCI remains non-functional.

John Snow (6):
ahci: Correct PIO/D2H FIS responses

== 1/6 ==

The PIO and D2H FIS responses are straightforward fixes and are based
off of the SATA specification, using 3.2 as a reference. "sata 3.2" is a
good google query.

Section 10.5.11 covers the PIO FIS structure, and
Section 10.5.6 covers the Register Device to Host FIS.

This specification describes the fields of these structures and which
ATA registers should be copied into them. The primary things here are:

(1) The reserved bytes that we now respect, and
(2) That these registers are the /post/ operation values and not the
/pre/ operation values. Some commands, e.g. READ_NATIVE_MAX_ADDRESS
return their information exclusively via the D2H FIS (See ATA8-ACS
revision 6a) so it is improper to simply copy forward the user's values
into the response. They should reflect the current state of the device.

ahci: Update byte count after DMA completion

== 2/6 ==

Byte count after DMA completion is covered under AHCI 1.3, which is
freely available:
http://www.intel.com/content/dam/www/public/us/en/documents/technical-specifications/serial-ata-ahci-spec-rev1_3.pdf

The field is first mentioned in section 4.2.2 (Command List Structure)
on page 37 as field "PRDBC."

The rules on when this field is updated are described within section
5.4.1 on page 64. Notably, it is mandatory for non-NCQ commands but
optional for NCQ ones. Our current AHCI implementation does not use the
hw/ide/core callbacks for non-NCQ transfer modes: we define an ncq_cb
instead, so the changes in this patch only change non-NCQ operation.

This field *definitely* confuses windows in various ways if it is not
set, including non-ncq operation and windows 7 hibernate/S4 operation.

ide: repair PIO transfers for cases where nsector > 1

== 3/6 ==

The specification deficit here is that PIO transfers, while not actually
PIO under AHCI, must still work!

The commands are defined under ATA8-ACS revision 6a ("ata8 acs 6a" is a
good google search term ...) and the relevant details are:

Section 7.35 "READ SECTOR(S)" command 0x20 (PIO Data-In)
This is the LBA28 command used by legacy devices to obtain (usually) a
single sector at a time. Notably, it takes a count field, though, which
can be 0x01 (one sector) up to 0xFF (255 sectors) or 0x00 (256 sectors.)

"This 28-bit command is *mandatory* for all devices implementing the
General and PACKET feature sets." (i.e., hard drives and cdroms.)

Section 7.36 "READ SECTOR(S) EXT" command 0x24 (PIO Data-In)
This is the LBA48 version of the command above. It also defines a count
field that can range from 0x0001 to 0x -> 65536 sectors. This
command is mandatory for any devices that implement the LBA48 feature set.

This patch corrects our ignorance of the "count" field for PIO
transfers, before which we'd only transfer the first sector N times
instead of N sectors. I have not observed this command be used in this
way "in the wild" but it was trivial to fix and made writing a test grid
in qtests for AHCI easier.

ahci: unify sglist preparation

== 4/6 ==

This is more mechanical and less spec-based, but I am trying to reduce
the number of pathways in which we fiddle with the scatter-gather list.

ide: Correct handling of malformed/short PRDTs

== 5/6 ==

If an ATA command asks for too many bytes, it may cause problems in
QEMU. In short, the scatter-gather list length must be
equal-to-or-greater-than the byte count inferred by the sector count
sent in the ATA command header.

E.g, ATA command 0xC8 READ SEC

Re: [Qemu-devel] [Bug 1379340] [NEW] qemu-kvm guest panic for smp trusty guests

2014-10-16 Thread Serge Hallyn

affects: ubuntu/qemu
 importance: high
 affects: qemu
 importance: high


** Also affects: qemu (Ubuntu)
   Importance: High
   Status: New

** Also affects: qemu
   Importance: High
   Status: New

** No longer affects: qemu-kvm (Ubuntu)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1379340

Title:
  qemu-kvm guest panic for smp trusty guests

Status in QEMU:
  New
Status in “qemu” package in Ubuntu:
  New

Bug description:
  Just upgraded OpenStack compute hosts in our public cloud (using qemu-
  kvm via libvirt) from Precise to Trusty (14.04.1), now on kernel
  3.13.0-36-generic with qemu-kvm 2.0.0+dfsg-2ubuntu1.5.

  Following the upgrade, whenever we try to start an smp/multicore
  Trusty guest (existing or new), we run into this panic [1] inside the
  guest just towards the end of boot. This happens consistently for smp
  guests using the Trusty kernel (i.e., it also affects earlier Ubuntus
  using the HWE kernel from Trusty but not their native versions). I
  didn't have any other distro images to hand with 3.13.x kernels, but
  none of the others I tested were affected (in the 3.2 - 3.16 kernel
  range).

  There are scarce similar reports out there, but the one we did find
  pointed to a CPU feature as the trigger. We were running these hosts
  with libvirt cpu mode set to "host-passthrough" (so qemu starts with
  "-cpu host"), on AMD 6200 & 6300 Opteron hardware. Switching the guest
  domains to use cpu mode "host-model" instead works around the issue
  and is perfectly acceptable for most of our users.

  We have various other Intel compute hosts and they don't seem to be
  affected.

  (1)
  [ 11.256924] divide error:  [#1] SMP 
  [ 11.258133] Modules linked in: kvm_amd kvm crct10dif_pclmul crc32_pclmul 
ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper 
cryptd serio_raw lp parport psmouse floppy 
  [ 11.260228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.13.0-36-generic 
#63-Ubuntu 
  [ 11.260228] Hardware name: OpenStack Foundation OpenStack Nova, BIOS Bochs 
01/01/2011 
  [ 11.260228] task: 81c15480 ti: 81c0 task.ti: 
81c0 
  [ 11.260228] RIP: 0010:[] [] 
kvm_unlock_kick+0xa8/0x100 
  [ 11.260228] RSP: 0018:88023fc03c98 EFLAGS: 00010046 
  [ 11.260228] RAX: 0005 RBX:  RCX: 
0001 
  [ 11.260228] RDX: 81eaf408 RSI:  RDI: 
 
  [ 11.260228] RBP: 88023fc03cb8 R08: 81eaf400 R09: 
 
  [ 11.260228] R10: 880037612cc0 R11: ea0002eb0a00 R12: 
8800374a33c0 
  [ 11.260228] R13: 0020 R14: 0001 R15: 
0286 
  [ 11.260228] FS: 7f1e8b538740() GS:88023fc0() 
knlGS: 
  [ 11.260228] CS: 0010 DS:  ES:  CR0: 8005003b 
  [ 11.260228] CR2: 7f1e8ae09d50 CR3: 01c0e000 CR4: 
000406f0 
  [ 11.260228] Stack: 
  [ 11.260228] 0286 0001 0001 
00c3 
  [ 11.260228] 88023fc03cc8 81717ed6 88023fc03ce0 
8172641a 
  [ 11.260228] 8800374a33c0 88023fc03d18 810aaeb0 
88023295e000 
  [ 11.260228] Call Trace: 
  [ 11.260228]  
  [ 11.260228] [] __ticket_unlock_slowpath+0x24/0x34 
  [ 11.260228] [] _raw_spin_unlock_irqrestore+0x3a/0x40 
  [ 11.260228] [] __wake_up_sync_key+0x50/0x60 
  [ 11.260228] [] sock_def_readable+0x3a/0x70 
  [ 11.260228] [] packet_rcv+0x2fa/0x430 
  [ 11.260228] [] __netif_receive_skb_core+0x360/0x840 
  [ 11.260228] [] __netif_receive_skb+0x18/0x60 
  [ 11.260228] [] netif_receive_skb+0x23/0x90 
  [ 11.260228] [] virtnet_poll+0x4d4/0x850 
  [ 11.260228] [] net_rx_action+0x152/0x250 
  [ 11.260228] [] __do_softirq+0xec/0x2c0 
  [ 11.260228] [] irq_exit+0x105/0x110 
  [ 11.260228] [] do_IRQ+0x56/0xc0 
  [ 11.260228] [] common_interrupt+0x6d/0x6d 
  [ 11.260228]  
  [ 11.260228] [] ? native_safe_halt+0x6/0x10 
  [ 11.260228] [] default_idle+0x1f/0xc0 
  [ 11.260228] [] arch_cpu_idle+0x26/0x30 
  [ 11.260228] [] cpu_startup_entry+0xc5/0x290 
  [ 11.260228] [] rest_init+0x77/0x80 
  [ 11.260228] [] start_kernel+0x433/0x43e 
  [ 11.260228] [] ? repair_env_string+0x5c/0x5c 
  [ 11.260228] [] ? early_idt_handlers+0x120/0x120 
  [ 11.260228] [] x86_64_start_reservations+0x2a/0x2c 
  [ 11.260228] [] x86_64_start_kernel+0x143/0x152 
  [ 11.260228] Code: 66 44 39 e8 75 bd 0f b6 35 f6 06 e6 00 40 84 f6 75 2a 83 
05 06 07 e6 00 01 48 c7 c0 6a b0 00 00 31 db 0f b7 0c 01 b8 05 00 00 00 <0f> 01 
c1 0f 1f 44 00 00 5b 41 5c 41 5d 41 5e 5d c3 89 f0 31 c9 
  [ 11.260228] RIP [] kvm_unlock_kick+0xa8/0x100 
  [ 11.260228] RSP  
  [ 11.260228] ---[ end trace f1c26ff24745b331 ]--- 
  [ 11.260228] Kernel panic - not syncing: Fatal exception in interrupt 
  [ 11.260228] Shutting down cpus with NMI

To manage notifications about this bug go to:
https:

Re: [Qemu-devel] [PULL 00/28] target-mips queue

On 15 October 2014 11:53, Leon Alrae  wrote:
> Hi,
>
> This pull request has been assembled from pending target-mips patches which
> look good to me and received in my opinion sufficient review comments. They
> were tested mainly in context of MIPS. Please have a look and pull.

Thanks for putting this together; I'll look it over shortly.

One question for now:

> Leon Alrae (17):
>   softfloat: add functions corresponding to IEEE-2008 min/maxNumMag

Can you confirm that you're happy for your softfloat changes
to be licensed under both of the softfloat-2a and softfloat-2b
licenses, please?

(We're trying to relicense those files right now, so any new
changes need to be dual-license.)

PS: do you happen to be at KVM Forum today?

-- PMM

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

> -Original Message-
> From: Stefano Stabellini [mailto:stefano.stabell...@eu.citrix.com]
> Sent: 15 October 2014 15:38
> To: Paul Durrant
> Cc: qemu-devel@nongnu.org; xen-de...@lists.xenproject.org; Stefano
> Stabellini; Peter Maydell; Paolo Bonzini; Michael Tokarev; Stefan Hajnoczi;
> Stefan Weil; Olaf Hering; Gerd Hoffmann; Alexey Kardashevskiy; Alexander
> Graf
> Subject: Re: [PATCH v3 2/2] Xen: Use the ioreq-server API when available
> 
> On Wed, 15 Oct 2014, Paul Durrant wrote:
> > The ioreq-server API added to Xen 4.5 offers better security than
> > the existing Xen/QEMU interface because the shared pages that are
> > used to pass emulation request/results back and forth are removed
> > from the guest's memory space before any requests are serviced.
> > This prevents the guest from mapping these pages (they are in a
> > well known location) and attempting to attack QEMU by synthesizing
> > its own request structures. Hence, this patch modifies configure
> > to detect whether the API is available, and adds the necessary
> > code to use the API if it is.
> >
> > Signed-off-by: Paul Durrant 
> 
> The patch is OK, so you can add my Acked-by.
> I have a couple of minor comments below. If you need to repost it then
> would be nice if you could address them.
> 
> 
> > Cc: Stefano Stabellini 
> > Cc: Peter Maydell 
> > Cc: Paolo Bonzini 
> > Cc: Michael Tokarev 
> > Cc: Stefan Hajnoczi 
> > Cc: Stefan Weil 
> > Cc: Olaf Hering 
> > Cc: Gerd Hoffmann 
> > Cc: Alexey Kardashevskiy 
> > Cc: Alexander Graf 
> > ---
> >  configure   |   29 ++
> >  include/hw/xen/xen_common.h |  222
> +++
> >  trace-events|8 ++
> >  xen-hvm.c   |  174 +
> >  4 files changed, 412 insertions(+), 21 deletions(-)
> >
> 
> [...]
> 
> > diff --git a/xen-hvm.c b/xen-hvm.c
> > index 05e522c..0bbbf2a 100644
> > --- a/xen-hvm.c
> > +++ b/xen-hvm.c
> > @@ -62,9 +62,6 @@ static inline ioreq_t
> *xen_vcpu_ioreq(shared_iopage_t *shared_page, int vcpu)
> >  }
> >  #  define FMT_ioreq_size "u"
> >  #endif
> > -#ifndef HVM_PARAM_BUFIOREQ_EVTCHN
> > -#define HVM_PARAM_BUFIOREQ_EVTCHN 26
> > -#endif
> >
> >  #define BUFFER_IO_MAX_DELAY  100
> >
> > @@ -78,6 +75,7 @@ typedef struct XenPhysmap {
> >  } XenPhysmap;
> >
> >  typedef struct XenIOState {
> > +ioservid_t ioservid;
> >  shared_iopage_t *shared_page;
> >  buffered_iopage_t *buffered_io_page;
> >  QEMUTimer *buffered_io_timer;
> > @@ -92,6 +90,8 @@ typedef struct XenIOState {
> >
> >  struct xs_handle *xenstore;
> >  MemoryListener memory_listener;
> > +MemoryListener io_listener;
> > +DeviceListener device_listener;
> >  QLIST_HEAD(, XenPhysmap) physmap;
> >  hwaddr free_phys_offset;
> >  const XenPhysmap *log_for_dirtybit;
> > @@ -442,12 +442,23 @@ static void xen_set_memory(struct
> MemoryListener *listener,
> >  bool log_dirty = memory_region_is_logging(section->mr);
> >  hvmmem_type_t mem_type;
> >
> > +if (section->mr == &ram_memory) {
> > +return;
> > +} else {
> > +if (add) {
> > +xen_map_memory_section(xen_xc, xen_domid, state->ioservid,
> > +   section);
> > +} else {
> > +xen_unmap_memory_section(xen_xc, xen_domid, state->ioservid,
> > + section);
> > +}
> > +}
> >  if (!memory_region_is_ram(section->mr)) {
> >  return;
> >  }
> >
> > -if (!(section->mr != &ram_memory
> > -  && ( (log_dirty && add) || (!log_dirty && !add {
> > +if (!(log_dirty && add) && !(!log_dirty && !add)) {
> >  return;
> 
> if (!((log_dirty && add) || (!log_dirty && !add)))
> 

Thinking some more about what Andrew said, this is even more simply expressed as

if (add != log_dirty)

is it not?

  Paul

> 
> 
> >  }
> >
> > @@ -480,6 +491,7 @@ static void xen_region_add(MemoryListener
> *listener,
> > MemoryRegionSection *section)
> >  {
> >  memory_region_ref(section->mr);
> > +
> >  xen_set_memory(listener, section, true);
> >  }
> >
> > @@ -487,9 +499,54 @@ static void xen_region_del(MemoryListener
> *listener,
> > MemoryRegionSection *section)
> >  {
> >  xen_set_memory(listener, section, false);
> > +
> >  memory_region_unref(section->mr);
> >  }
> 
> Useless changes?

Re: [Qemu-devel] [PULL 00/28] target-mips queue

On 16/10/2014 10:49, Peter Maydell wrote:
> 
> One question for now:
> 
>> Leon Alrae (17):
>>   softfloat: add functions corresponding to IEEE-2008 min/maxNumMag
> 
> Can you confirm that you're happy for your softfloat changes
> to be licensed under both of the softfloat-2a and softfloat-2b
> licenses, please?

Yes, I'm happy with my softfloat changes to be licensed under softfloat
2a and 2b licenses.

> PS: do you happen to be at KVM Forum today?

No, I won't be there unfortunately.

Regards,
Leon

Re: [Qemu-devel] [PATCH RFC 0/7] Translate guest vector operations to host vector operations

2014-10-16 Thread Alex Bennée


Kirill Batuzov  writes:

>> (4) Consider supporting generic vector operations in the TCG?
>
> I gave it a go and was quite happy with the result. I have implemented the 
> add_i32x4
> opcode which is addition of 128-bit vectors composed of four 32-bit integers
> and used it to translate NEON vadd.i32 to SSE paddd instruction. I used ARM 
> for
> my guest because I'm familiar with this architecture and it is different from
> my host.
>
> I got a 3x speedup on my testcase:

> OUT: [size=196]
> 0x60442450:  mov-0x4(%r14),%ebp
> 0x60442454:  test   %ebp,%ebp
> 0x60442456:  jne0x60442505
> 0x6044245c:  movdqu 0x658(%r14),%xmm0
> 0x60442465:  movdqu 0x668(%r14),%xmm1
> 0x6044246e:  paddd  %xmm1,%xmm0
> 0x60442472:  paddd  %xmm1,%xmm0
> 0x60442476:  paddd  %xmm1,%xmm0
> 0x6044247a:  paddd  %xmm1,%xmm0
> 0x6044247e:  movdqu %xmm0,0x658(%r14)
> <...>

It certainly looks promising although as I suspect you know add is a
pretty easy target ;-)

>
>> But for target-alpha, there's one vector comparison operation that appears in
>> every guest string operation, and is used heavily enough that it's in the top
>> 10 functions in the profile: cmpbge (compare bytes greater or equal).
>
> cmpbge can be translated as follows:
>
> cmpge_i8x8  tmp0, arg1, arg2
> select_msb_i8x8 res, tmp0
>
> where cmpge is "compare grater or equal" with following semantic:
> res[i] = <111...11> if arg1[i] >= arg2[i]
> res[i] = <000...00> if arg1[i] <  arg2[i]
> There is such operation in NEON. In SSE we can emulate it with PCMPEQB, 
> PCMPGTB
> and POR.
>
> select_msb is "select most significant bit". SSE instruction PMOVMSKB.
>
>> While making helper functions faster is good I've wondered if they is
>> enough genericsm across the various SIMD/vector operations we could add
>> add TCG ops to translate them? The ops could fall back to generic helper
>> functions using the GCC instrinsics if we know there is no decent
>> back-end support for them?
>
> From Valgrind experience there are enough genericism. Valgrind can translate
> SSE, AltiVec and NEON instructions to vector opcodes. Most of the opcodes are
> reused between instruction sets.

Doesn't Valgrind have the advantage of same-arch->same-arch (I've not
looked at it's generated code in detail though).

> But keep in mind - there are a lot of vector opcodes. Much much more than
> scalar ones. You can see full list in Valgrind sources
> (VEX/pub/libvex_ir.h).

I think we could only approach this is in a piecemeal way guided by
performance bottlenecks when we find them.

> We can reduce the amount of opcodes by converting vector element size from 
> part
> of an opcode to a constant argument. But we will lose some flexibility offered
> by the TARGET_HAS_opcode macro when target has support for some sizes but not 
> for
> others. For example SSE has vector minimum for sizes i8x16, i16x8, i32x4 but
> does not have one for size i64x2. 
>
> Some implementation details and concerns.
>
> The most problematic issue was the fact that with vector registers we have one
> entity that can be accessed as both global variable and memory location. I
> solved it by introducing the sync_temp opcode that instructs register 
> allocator to
> save global variable to its memory location if it is on the register. If a
> variable is not on a register or memory is already coherent - no store is 
> issued,
> so performance penalty for it is minimal. Still this approach has a serious
> drawback: we need to generate sync_temp explicitly. But I do not know any 
> better
> way to achieve consistency.

I'm not sure I follow. I thought we only needed the memory access when
the backend can't support the vector width operations so shouldn't have
stuff in the vector registers?

> Note that as of this RFC I have not finished conversion of ARM guest so mixing
> NEON with VFP code can cause a miscompile.
>
> The second problem is that a backend may or may not support vector 
> operations. We
> do not want each frontend to check it on every operation. I created a wrapper 
> that
> generates vector opcode if it is supported or generates emulation code.
>
> For add_i32x4 emulation code is generated inline. I tried to make it a helper
> but got a very significant performance loss (5x slowdown). I'm not sure about
> the cause but I suspect that memory was a bottleneck and extra stores needed
> by calling conventions mattered a lot.

So the generic helper was more API heavy than the existing NEON helpers?
>
> The existing constraints are good enough to express that vector registers and
> general purpose registers are different and can not be used instead of each
> other.
>
> One unsolved problem is global aliasing. With general purpose registers we 
> have
> no aliasing between globals. The only example I know where registers can alias
> is the x86 ah/ax/eax/rax case. They are handled as one global. With vector
> registers we have NEON where an 128-bit Q register consists of two 64-bit
> D registers each consisting of two

Re: [Qemu-devel] [PULL 03/34] bootindex: add del_boot_device_path function

On 15 October 2014 11:05, Gerd Hoffmann  wrote:
> From: Gonglei 
>
> Introduce del_boot_device_path() to clean up fw_cfg content when
> hot-unplugging a device that refers to a bootindex or update a
> existent devcie's bootindex.

> +void del_boot_device_path(DeviceState *dev, const char *suffix)
> +{
> +FWBootEntry *i;
> +
> +if (dev == NULL) {
> +return;
> +}
> +
> +QTAILQ_FOREACH(i, &fw_boot_order, link) {
> +if ((!suffix || !g_strcmp0(i->suffix, suffix)) &&

I've just noticed that this won't build with our minimum
required glib version: g_strcmp0 wasn't introduced
until glib 2.16.

It should be fairly easy to provide a back-compat implementation
in our glib-compat.h header, or you could just rephrase this
to work with the usual strcmp, since you're already doing a
manual NULL check on one of the arguments.

thanks
-- PMM

Re: [Qemu-devel] [PATCH V5 0/8] cpu/acpi: convert cpu hot plug to hotplug_handler API

2014-10-16 Thread Gu Zheng

ping...

On 10/10/2014 10:15 AM, Gu Zheng wrote:

> Previously we use cpu_added_notifiers to register cpu hotplug notifier 
> callback
> which is not able to pass/handle errors, so we switch it to unified hotplug
> handler API which allows to pass errors and would allow to cancel device_add
> in case of error.
> Thanks very much for Igor's review and suggestion.
> 
> ---
> v5:
>  -rebase on the latest upstream and fix some comments.
>  Patch 4/8:
>  -split the check out of acpi_dev block.
>  Patch 5/8:
>  -move CPU hot-plug notifier cleanup hunk into Patch 6/8.
>  Patch 6/8:
>  -delete the caller of notifier_list_notify() in this patch.
>  Patch 8/8:
>  -rename acpi_set_local_sts to acpi_set_cpu_present_bit for better 
> readability.
> 
> v4:
>  -split removal of CPU hotplug notifier into separate patch (Patch 6/8).
>  Patch 1/7:
>  -convert CPUState *cpu to DeviceState *dev like it's done for other handlers
>   and do cast to CPU inside.
>  Patch 5/7:
>  -Make rtc_state as a link property in PCMachine rather than the global
>   variables.
>  -Split out the removal of unused notifier into separate patch.
>  -Check the result of plug callback before update rtc_state.
> 
> v3:
>  -deal with start-up cpus in pc_cpu_plug as Igor suggested.
> 
> v2:
>  -Add 3 new patches(5/7,6/7,7/7), delete original patch 5/5.
>   1/5-->1/7
>   2/5-->2/7
>   3/5-->3/7
>   4/5-->4/7
>  Patch 1/7:
>  -add errp argument to catch error.
>  -return error instead of aborting if cpu id is invalid.
>  -make acpi_cpu_plug_cb as a wrapper around AcpiCpuHotplug_add.
>  Patch 3/7:
>  -remove unused AcpiCpuHotplug_add directly.
>  Patch 5/7:
>  -switch the last user of cpu hotplug notifier to hotplug handler API, and
>   remove the unused cpu hotplug notify.
>  Patch 6/7:
>  -split the function rename (just cleanup) into single patch.
>  Patch 7/7:
>  -introduce help function acpi_set_local_sts to keep the bit setting in
>   one place.
> ---
> 
> Gu Zheng (8):
>   acpi/cpu: add cpu hotplug callback function to match hotplug_handler
> API
>   acpi:ich9: convert cpu hotplug to hotplug_handler API
>   acpi:piix4: convert cpu hotplug to hotplug_handler API
>   pc: add cpu hotplug handler to PC_MACHINE
>   pc: Update rtc_cmos in pc_cpu_plug
>   qom/cpu: remove the unused CPU hot-plug notifier
>   cpu-hotplug: rename function for better readability
>   acpi/cpu-hotplug: introduce help function to keep bit setting in one
> place
> 
>  hw/acpi/cpu_hotplug.c |   35 --
>  hw/acpi/ich9.c|   17 ++
>  hw/acpi/piix4.c   |   18 ++-
>  hw/i386/pc.c  |   65 
> +++--
>  hw/i386/pc_piix.c |2 +-
>  hw/i386/pc_q35.c  |2 +-
>  include/hw/acpi/cpu_hotplug.h |7 ++--
>  include/hw/acpi/ich9.h|1 -
>  include/hw/i386/pc.h  |3 +-
>  include/sysemu/sysemu.h   |3 --
>  qom/cpu.c |   10 --
>  11 files changed, 84 insertions(+), 79 deletions(-)
>

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

Il 16/10/2014 10:25, Paul Durrant ha scritto:
>>> +static void xen_hvm_pre_save(void *opaque)
>>> +{
>>> +XenIOState *state = opaque;
>>> +
>>> +/* Stop servicing emulation requests */
>>> +xen_set_ioreq_server_state(xen_xc, xen_domid, state->ioservid, 0);
>>> +xen_destroy_ioreq_server(xen_xc, xen_domid, state->ioservid);
>>> +}
>>
>> Is the new use of vmstate_register() really necessary?
>> Usually the state you're saving corresponds to some QOM
>> device whose vmsd field you can use instead.
> 
> In this case, it seems like a job for a vmstate change handler.
> 
> I looked at that but it did not seem to give me the right semantic,
> whereas the pre-save callback gave me exactly the right semantic.

What exactly is the right semantics?  Note that save _can_ fail, so you
need the ability to roll back to the source machine.  I think this is
missing from your patch, and there is no post_save hook that you can use.

Paolo

Re: [Qemu-devel] [PULL 03/34] bootindex: add del_boot_device_path function

2014-10-16 Thread Gonglei

On 2014/10/16 18:04, Peter Maydell wrote:

> On 15 October 2014 11:05, Gerd Hoffmann  wrote:
>> From: Gonglei 
>>
>> Introduce del_boot_device_path() to clean up fw_cfg content when
>> hot-unplugging a device that refers to a bootindex or update a
>> existent devcie's bootindex.
> 
>> +void del_boot_device_path(DeviceState *dev, const char *suffix)
>> +{
>> +FWBootEntry *i;
>> +
>> +if (dev == NULL) {
>> +return;
>> +}
>> +
>> +QTAILQ_FOREACH(i, &fw_boot_order, link) {
>> +if ((!suffix || !g_strcmp0(i->suffix, suffix)) &&
> 
> I've just noticed that this won't build with our minimum
> required glib version: g_strcmp0 wasn't introduced
> until glib 2.16.
> 
> It should be fairly easy to provide a back-compat implementation
> in our glib-compat.h header, or you could just rephrase this
> to work with the usual strcmp, since you're already doing a
> manual NULL check on one of the arguments.
> 

OK, thanks for your point, Peter.
I'll post a patch to fix this problem :)

Best regards,
-Gonglei

Re: [Qemu-devel] pending target-mips patches

2014-10-16 Thread Aurelien Jarno

Hi,

On Wed, Oct 01, 2014 at 04:35:46PM +0100, Leon Alrae wrote:
> Hi All,
> 
> I noticed that it's quite difficult to get target-mips changes
> reviewed/accepted. There is already a queue of relatively big features
> and bug fixes which are stuck for months. Does anyone have an idea how
> to improve this situation? Wouldn't it help to have a target-mips
> co-maintainer assisting Aurelien?

I am sorry but I don't really have time to work on QEMU now, though I
hope to be able to contribute again in the next months. Adding a
co-maintainer for target-mips indeed looks the best to do. From what
I have seen, you, Leon Alrae, seems to be the good person for that.

Please send a patch updating the MAINTAINERS file with you name, I'll
ack it. 

Cheers,
Aurelien

-- 
Aurelien Jarno  GPG: 4096R/1DDD8C9B
aurel...@aurel32.net http://www.aurel32.net

signature.asc
Description: Digital signature

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

> -Original Message-
> From: Paolo Bonzini [mailto:pbonz...@redhat.com]
> Sent: 16 October 2014 11:10
> To: Paul Durrant; Peter Maydell
> Cc: QEMU Developers; xen-de...@lists.xenproject.org; Stefano Stabellini;
> Michael Tokarev; Stefan Hajnoczi; Stefan Weil; Olaf Hering; Gerd Hoffmann;
> Alexey Kardashevskiy; Alexander Graf
> Subject: Re: [PATCH v3 2/2] Xen: Use the ioreq-server API when available
> 
> Il 16/10/2014 10:25, Paul Durrant ha scritto:
> >>> +static void xen_hvm_pre_save(void *opaque)
> >>> +{
> >>> +XenIOState *state = opaque;
> >>> +
> >>> +/* Stop servicing emulation requests */
> >>> +xen_set_ioreq_server_state(xen_xc, xen_domid, state->ioservid,
> 0);
> >>> +xen_destroy_ioreq_server(xen_xc, xen_domid, state->ioservid);
> >>> +}
> >>
> >> Is the new use of vmstate_register() really necessary?
> >> Usually the state you're saving corresponds to some QOM
> >> device whose vmsd field you can use instead.
> >
> > In this case, it seems like a job for a vmstate change handler.
> >
> > I looked at that but it did not seem to give me the right semantic,
> > whereas the pre-save callback gave me exactly the right semantic.
> 
> What exactly is the right semantics?  Note that save _can_ fail, so you
> need the ability to roll back to the source machine.  I think this is
> missing from your patch, and there is no post_save hook that you can use.
> 

I need something that will be called prior to the VM memory image being saved, 
but if save can fail I will also need something to be called if that occurs too.

  Paul

> Paolo

Re: [Qemu-devel] pending target-mips patches

On 16/10/2014 11:12, Aurelien Jarno wrote:
> Hi,
> 
> On Wed, Oct 01, 2014 at 04:35:46PM +0100, Leon Alrae wrote:
>> Hi All,
>>
>> I noticed that it's quite difficult to get target-mips changes
>> reviewed/accepted. There is already a queue of relatively big features
>> and bug fixes which are stuck for months. Does anyone have an idea how
>> to improve this situation? Wouldn't it help to have a target-mips
>> co-maintainer assisting Aurelien?
> 
> I am sorry but I don't really have time to work on QEMU now, though I
> hope to be able to contribute again in the next months. Adding a
> co-maintainer for target-mips indeed looks the best to do. From what
> I have seen, you, Leon Alrae, seems to be the good person for that.
> 
> Please send a patch updating the MAINTAINERS file with you name, I'll
> ack it. 
> 
> Cheers,
> Aurelien
> 

Thanks Aurelien. I'll send the patch shortly.

Regards,
Leon

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

Il 16/10/2014 12:16, Paul Durrant ha scritto:
>> What exactly is the right semantics?  Note that save _can_ fail,
>> so you need the ability to roll back to the source machine.  I
>> think this is missing from your patch, and there is no post_save
>> hook that you can use.
> 
> I need something that will be called prior to the VM memory image
> being saved, but if save can fail I will also need something to be
> called if that occurs too.

Can you check the runstate in the vmstate change callback?  The runstate
to use is RUN_STATE_FINISH_MIGRATE (and then you revert if you get from
there to anything but RUN_STATE_POSTMIGRATE).

...

oh wait, those are the runstate for migration, xen's save-devices-state
command uses something else.  Luckily, the command is synchronous, so
management cannot "poll" the state as is the case for regular migration.
So a patch like this could provide the right runstates:

diff --git a/savevm.c b/savevm.c
index 2d8eb96..f9a8e27 100644
--- a/savevm.c
+++ b/savevm.c
@@ -1144,7 +1144,7 @@ void qmp_xen_save_devices_state(const char *filename, 
Error **errp)
 int ret;
 
 saved_vm_running = runstate_is_running();
-vm_stop(RUN_STATE_SAVE_VM);
+vm_stop_force_state(RUN_STATE_FINISH_MIGRATE);
 
 f = qemu_fopen(filename, "wb");
 if (!f) {
@@ -1155,8 +1155,12 @@ void qmp_xen_save_devices_state(const char *filename, 
Error **errp)
 qemu_fclose(f);
 if (ret < 0) {
 error_set(errp, QERR_IO_ERROR);
+goto the_end;
 }
 
+runstate_set(RUN_STATE_POSTMIGRATE);
+return;
+
  the_end:
 if (saved_vm_running) {
 vm_start();

(feel free to include it in your patches with Signed-off-by: Paolo
Bonzini ).

Alternatively, can you stop/restart emulation always (even on stop/cont
monitor commands) rather than just on migration?  That would make things
even simpler and not need anything like the above savevm.c change.

Paolo

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

> -Original Message-
> From: Paul Durrant
> Sent: 16 October 2014 11:17
> To: 'Paolo Bonzini'; Peter Maydell
> Cc: QEMU Developers; xen-de...@lists.xenproject.org; Stefano Stabellini;
> Michael Tokarev; Stefan Hajnoczi; Stefan Weil; Olaf Hering; Gerd Hoffmann;
> Alexey Kardashevskiy; Alexander Graf
> Subject: RE: [PATCH v3 2/2] Xen: Use the ioreq-server API when available
> 
> > -Original Message-
> > From: Paolo Bonzini [mailto:pbonz...@redhat.com]
> > Sent: 16 October 2014 11:10
> > To: Paul Durrant; Peter Maydell
> > Cc: QEMU Developers; xen-de...@lists.xenproject.org; Stefano Stabellini;
> > Michael Tokarev; Stefan Hajnoczi; Stefan Weil; Olaf Hering; Gerd
> Hoffmann;
> > Alexey Kardashevskiy; Alexander Graf
> > Subject: Re: [PATCH v3 2/2] Xen: Use the ioreq-server API when available
> >
> > Il 16/10/2014 10:25, Paul Durrant ha scritto:
> > >>> +static void xen_hvm_pre_save(void *opaque)
> > >>> +{
> > >>> +XenIOState *state = opaque;
> > >>> +
> > >>> +/* Stop servicing emulation requests */
> > >>> +xen_set_ioreq_server_state(xen_xc, xen_domid, state->ioservid,
> > 0);
> > >>> +xen_destroy_ioreq_server(xen_xc, xen_domid, state->ioservid);
> > >>> +}
> > >>
> > >> Is the new use of vmstate_register() really necessary?
> > >> Usually the state you're saving corresponds to some QOM
> > >> device whose vmsd field you can use instead.
> > >
> > > In this case, it seems like a job for a vmstate change handler.
> > >
> > > I looked at that but it did not seem to give me the right semantic,
> > > whereas the pre-save callback gave me exactly the right semantic.
> >
> > What exactly is the right semantics?  Note that save _can_ fail, so you
> > need the ability to roll back to the source machine.  I think this is
> > missing from your patch, and there is no post_save hook that you can use.
> >
> 
> I need something that will be called prior to the VM memory image being
> saved, but if save can fail I will also need something to be called if that 
> occurs
> too.

Tracing this back through the many layers it looks like a state change notifier 
may work after all as qmp_xen_save_devices_state() does calls vm_stop() with 
RUN_STATE_SAVE_VM before calling qemu_save_device_state(). I'll check again.

  Paul

> 
>   Paul
> 
> > Paolo

Re: [Qemu-devel] [PATCH v4] pc-dimm/numa: Fix stat of memory size in node when hotplug memory

On Thu, 9 Oct 2014 20:21:57 +0800
zhanghailiang  wrote:

reword subj with:
numa: make 'info numa' take into account hotplugged memory

> When do memory hotplug, if there is numa node, we should add
> the memory size to the corresponding node memory size.
> 
> For now, it mainly affects the result of hmp command "info numa".
> 
> Signed-off-by: zhanghailiang 
With above and below comments fixed,
 Reviewed-by: Igor Mammedov 


> ---
>  v4:
> - s/pc_dimm_stat_node_mem/numa_stat_memory_devices/ (Igor Mammedov)
> - rewrite numa_stat_memory_devices as Igor's suggestion, and this
> will also fix compile error for targets that don't support memory
> hotplug v3:
> - cold-plugged memory should not be excluded (Igor Mammedov)
>  v2:
> - Don't modify the numa_info.node_mem directly when treating hotplug
> memory, fix the "info numa" instead (Igor Mammedov)
> 
> Thanks for review!;)
> ---
>  include/sysemu/sysemu.h |  1 +
>  monitor.c   |  6 +-
>  numa.c  | 43
> +++ 3 files changed, 49
> insertions(+), 1 deletion(-)
> 
> diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
> index d8539fd..cfc1592 100644
> --- a/include/sysemu/sysemu.h
> +++ b/include/sysemu/sysemu.h
> @@ -160,6 +160,7 @@ typedef struct node_info {
>  extern NodeInfo numa_info[MAX_NODES];
>  void set_numa_nodes(void);
>  void set_numa_modes(void);
> +int query_numa_node_mem(uint64_t *node_mem);
>  extern QemuOptsList qemu_numa_opts;
>  int numa_init_func(QemuOpts *opts, void *opaque);
>  
> diff --git a/monitor.c b/monitor.c
> index 2d14f39..d45b0a3 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -1949,7 +1949,10 @@ static void do_info_numa(Monitor *mon, const
> QDict *qdict) {
>  int i;
>  CPUState *cpu;
> +uint64_t *node_mem;
>  
> +node_mem = g_new0(uint64_t, nb_numa_nodes);
> +query_numa_node_mem(node_mem);
>  monitor_printf(mon, "%d nodes\n", nb_numa_nodes);
>  for (i = 0; i < nb_numa_nodes; i++) {
>  monitor_printf(mon, "node %d cpus:", i);
> @@ -1960,8 +1963,9 @@ static void do_info_numa(Monitor *mon, const
> QDict *qdict) }
>  monitor_printf(mon, "\n");
>  monitor_printf(mon, "node %d size: %" PRId64 " MB\n", i,
> -numa_info[i].node_mem >> 20);
> +   node_mem[i] >> 20);
>  }
> +g_free(node_mem);
>  }
>  
>  #ifdef CONFIG_PROFILER
> diff --git a/numa.c b/numa.c
> index 3b98135..f8ea327 100644
> --- a/numa.c
> +++ b/numa.c
> @@ -35,6 +35,7 @@
>  #include "hw/boards.h"
>  #include "sysemu/hostmem.h"
>  #include "qmp-commands.h"
> +#include "hw/mem/pc-dimm.h"
>  
>  QemuOptsList qemu_numa_opts = {
>  .name = "numa",
> @@ -315,6 +316,48 @@ void
> memory_region_allocate_system_memory(MemoryRegion *mr, Object
> *owner, } }
>  
> +static void numa_stat_memory_devices(uint64_t *node_mem)
> +{
> +MemoryDeviceInfoList *info_list = NULL;
> +MemoryDeviceInfoList **prev = &info_list;
> +MemoryDeviceInfoList *info;
> +
> +qmp_pc_dimm_device_list(qdev_get_machine(), &prev);
> +for (info = info_list; info; info = info->next) {
> +MemoryDeviceInfo *value = info->value;
> +
> +if (value) {
> +switch (value->kind) {
> +case MEMORY_DEVICE_INFO_KIND_DIMM:{
> +PCDIMMDeviceInfo *di = value->dimm;
> +
> +node_mem[di->node] += di->size;
> +break;
> +}
> +default:
> +break;
> +}
> +}
> +}
> +
unnecessary blank line, drop it

> +qapi_free_MemoryDeviceInfoList(info_list);
> +}
> +
> +int query_numa_node_mem(uint64_t *node_mem)
> +{
> +int i;
> +
> +if (nb_numa_nodes <= 0) {
> +return 0;
since function's return value is not used,
make function void pls

> +}
> +
> +numa_stat_memory_devices(node_mem);
> +for (i = 0; i < nb_numa_nodes; i++) {
> +node_mem[i] += numa_info[i].node_mem;
> +}
> +return 0;
> +}
> +
>  static int query_memdev(Object *obj, void *opaque)
>  {
>  MemdevList **list = opaque;

Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections

2014-10-16 Thread Gerd Hoffmann

  Hi,

> > I try to prevent that by dropping the *oldest* connection, so you have a
> > chance to connect even if a unprivileged attacker tries to use up all
> > connection slots.
> 
> Lets say the limit is 5. The bad guy has 5 open idle connections.
> The good guy opens a new one and pushes off one of the bad guy's
> connections. Fine so far. The bad guy though can simply open 5 more
> connections and he'll push the good guy's connection off again.

Correct.  It can't fully prevent the attack, but makes it harder to pull
off.  Just having $limit idle connects isn't enough any more, the bad
guy has to constantly bomb qemu with vnc connect requests, hoping this
kicks out the good guy before it managed to authenticate.  The chances
for the good guy are a bit better and it is also more likely that the
attack sets off alarms in network monitoring.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

2014-10-16 Thread Stefano Stabellini

On Thu, 16 Oct 2014, Paul Durrant wrote:
> > -Original Message-
> > From: Stefano Stabellini [mailto:stefano.stabell...@eu.citrix.com]
> > Sent: 15 October 2014 15:38
> > To: Paul Durrant
> > Cc: qemu-devel@nongnu.org; xen-de...@lists.xenproject.org; Stefano
> > Stabellini; Peter Maydell; Paolo Bonzini; Michael Tokarev; Stefan Hajnoczi;
> > Stefan Weil; Olaf Hering; Gerd Hoffmann; Alexey Kardashevskiy; Alexander
> > Graf
> > Subject: Re: [PATCH v3 2/2] Xen: Use the ioreq-server API when available
> > 
> > On Wed, 15 Oct 2014, Paul Durrant wrote:
> > > The ioreq-server API added to Xen 4.5 offers better security than
> > > the existing Xen/QEMU interface because the shared pages that are
> > > used to pass emulation request/results back and forth are removed
> > > from the guest's memory space before any requests are serviced.
> > > This prevents the guest from mapping these pages (they are in a
> > > well known location) and attempting to attack QEMU by synthesizing
> > > its own request structures. Hence, this patch modifies configure
> > > to detect whether the API is available, and adds the necessary
> > > code to use the API if it is.
> > >
> > > Signed-off-by: Paul Durrant 
> > 
> > The patch is OK, so you can add my Acked-by.
> > I have a couple of minor comments below. If you need to repost it then
> > would be nice if you could address them.
> > 
> > 
> > > Cc: Stefano Stabellini 
> > > Cc: Peter Maydell 
> > > Cc: Paolo Bonzini 
> > > Cc: Michael Tokarev 
> > > Cc: Stefan Hajnoczi 
> > > Cc: Stefan Weil 
> > > Cc: Olaf Hering 
> > > Cc: Gerd Hoffmann 
> > > Cc: Alexey Kardashevskiy 
> > > Cc: Alexander Graf 
> > > ---
> > >  configure   |   29 ++
> > >  include/hw/xen/xen_common.h |  222
> > +++
> > >  trace-events|8 ++
> > >  xen-hvm.c   |  174 +
> > >  4 files changed, 412 insertions(+), 21 deletions(-)
> > >
> > 
> > [...]
> > 
> > > diff --git a/xen-hvm.c b/xen-hvm.c
> > > index 05e522c..0bbbf2a 100644
> > > --- a/xen-hvm.c
> > > +++ b/xen-hvm.c
> > > @@ -62,9 +62,6 @@ static inline ioreq_t
> > *xen_vcpu_ioreq(shared_iopage_t *shared_page, int vcpu)
> > >  }
> > >  #  define FMT_ioreq_size "u"
> > >  #endif
> > > -#ifndef HVM_PARAM_BUFIOREQ_EVTCHN
> > > -#define HVM_PARAM_BUFIOREQ_EVTCHN 26
> > > -#endif
> > >
> > >  #define BUFFER_IO_MAX_DELAY  100
> > >
> > > @@ -78,6 +75,7 @@ typedef struct XenPhysmap {
> > >  } XenPhysmap;
> > >
> > >  typedef struct XenIOState {
> > > +ioservid_t ioservid;
> > >  shared_iopage_t *shared_page;
> > >  buffered_iopage_t *buffered_io_page;
> > >  QEMUTimer *buffered_io_timer;
> > > @@ -92,6 +90,8 @@ typedef struct XenIOState {
> > >
> > >  struct xs_handle *xenstore;
> > >  MemoryListener memory_listener;
> > > +MemoryListener io_listener;
> > > +DeviceListener device_listener;
> > >  QLIST_HEAD(, XenPhysmap) physmap;
> > >  hwaddr free_phys_offset;
> > >  const XenPhysmap *log_for_dirtybit;
> > > @@ -442,12 +442,23 @@ static void xen_set_memory(struct
> > MemoryListener *listener,
> > >  bool log_dirty = memory_region_is_logging(section->mr);
> > >  hvmmem_type_t mem_type;
> > >
> > > +if (section->mr == &ram_memory) {
> > > +return;
> > > +} else {
> > > +if (add) {
> > > +xen_map_memory_section(xen_xc, xen_domid, state->ioservid,
> > > +   section);
> > > +} else {
> > > +xen_unmap_memory_section(xen_xc, xen_domid, state->ioservid,
> > > + section);
> > > +}
> > > +}
> > >  if (!memory_region_is_ram(section->mr)) {
> > >  return;
> > >  }
> > >
> > > -if (!(section->mr != &ram_memory
> > > -  && ( (log_dirty && add) || (!log_dirty && !add {
> > > +if (!(log_dirty && add) && !(!log_dirty && !add)) {
> > >  return;
> > 
> > if (!((log_dirty && add) || (!log_dirty && !add)))
> > 
> 
> Thinking some more about what Andrew said, this is even more simply expressed 
> as
> 
> if (add != log_dirty)
> 
> is it not?

Yes, I think that should work.

Re: [Qemu-devel] [PATCH v2 7/9] target-mips: add TLBINV support

2014-10-16 Thread Yongbok Kim


Hi Leon,

As the issues below are all corrected in the PRPL already,

Reviewed-by: Yongbok Kim 

Regards,
Yongbok



On 08/07/2014 08:57, Leon Alrae wrote:

For Standard TLB configuration (Config.MT=1):

TLBINV invalidates a set of TLB entries based on ASID. The virtual address is
ignored in the entry match. TLB entries which have their G bit set to 1 are not
modified.

TLBINVF causes all entries to be invalidated.

Note that this commit introduces support for Config4.IE == 3 only (i.e. TLBINV*
instructions operate on entire MMU).

Single TLB entry can be marked as invalid on TLB entry write by having
EntryHi.EHINV set to 1.

Signed-off-by: Leon Alrae 
---
  disas/mips.c |2 +
  target-mips/cpu.h|7 
  target-mips/helper.c |2 +-
  target-mips/helper.h |2 +
  target-mips/op_helper.c  |   65 +
  target-mips/translate.c  |   22 ++
  target-mips/translate_init.c |2 +
  7 files changed, 94 insertions(+), 8 deletions(-)

diff --git a/disas/mips.c b/disas/mips.c
index e3e253f..ff2e4b3 100644
--- a/disas/mips.c
+++ b/disas/mips.c
@@ -2410,6 +2410,8 @@ const struct mips_opcode mips_builtin_opcodes[] =
  {"tlbp","", 0x4208, 0x, INSN_TLB, 0,  
I1  },
  {"tlbr","", 0x4201, 0x, INSN_TLB, 0,  
I1  },
  {"tlbwi",   "", 0x4202, 0x, INSN_TLB, 0,  
I1  },
+{"tlbinv",  "", 0x4203, 0x, INSN_TLB, 0, I32  
},
+{"tlbinvf", "", 0x4204, 0x, INSN_TLB, 0, I32  
},
  {"tlbwr",   "", 0x4206, 0x, INSN_TLB, 0,  
I1  },
  {"tlti","s,j",0x040a, 0xfc1f, RD_s|TRAP,  0,  
I2  },
  {"tlt", "s,t",0x0032, 0xfc00, RD_s|RD_t|TRAP, 0,  
I2  },
diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index 40ebca6..bc5 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -34,6 +34,7 @@ struct r4k_tlb_t {
  uint_fast16_t XI1:1;
  uint_fast16_t RI0:1;
  uint_fast16_t RI1:1;
+uint_fast16_t EHINV:1;
  target_ulong PFN[2];
  };
  
@@ -47,6 +48,8 @@ struct CPUMIPSTLBContext {

  void (*helper_tlbwr)(struct CPUMIPSState *env);
  void (*helper_tlbp)(struct CPUMIPSState *env);
  void (*helper_tlbr)(struct CPUMIPSState *env);
+void (*helper_tlbinv)(struct CPUMIPSState *env);
+void (*helper_tlbinvf)(struct CPUMIPSState *env);
  union {
  struct {
  r4k_tlb_t tlb[MIPS_TLB_MAX];
@@ -282,6 +285,7 @@ struct CPUMIPSState {
  target_ulong CP0_BadVAddr;
  int32_t CP0_Count;
  target_ulong CP0_EntryHi;
+#define CP0EnHi_EHINV 10
  int32_t CP0_Compare;
  int32_t CP0_Status;
  #define CP0St_CU3   31
@@ -393,6 +397,7 @@ struct CPUMIPSState {
  uint32_t CP0_Config4;
  uint32_t CP0_Config4_rw_bitmask;
  #define CP0C4_M31
+#define CP0C4_IE   29
  #define CP0C4_KScrExist 16
  uint32_t CP0_Config5;
  uint32_t CP0_Config5_rw_bitmask;
@@ -528,6 +533,8 @@ void r4k_helper_tlbwi(CPUMIPSState *env);
  void r4k_helper_tlbwr(CPUMIPSState *env);
  void r4k_helper_tlbp(CPUMIPSState *env);
  void r4k_helper_tlbr(CPUMIPSState *env);
+void r4k_helper_tlbinv(CPUMIPSState *env);
+void r4k_helper_tlbinvf(CPUMIPSState *env);
  
  void mips_cpu_unassigned_access(CPUState *cpu, hwaddr addr,

  bool is_write, bool is_exec, int unused,
diff --git a/target-mips/helper.c b/target-mips/helper.c
index fed28b4..5d72438 100644
--- a/target-mips/helper.c
+++ b/target-mips/helper.c
@@ -83,7 +83,7 @@ int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int 
*prot,
  #endif
  
  /* Check ASID, virtual page number & size */

-if ((tlb->G == 1 || tlb->ASID == ASID) && VPN == tag) {
+if ((tlb->G == 1 || tlb->ASID == ASID) && VPN == tag && !tlb->EHINV) {
  /* TLB match */
  int n = !!(address & mask & ~(mask >> 1));
  /* Check access rights */
diff --git a/target-mips/helper.h b/target-mips/helper.h
index e7e0c8c..aea12a9 100644
--- a/target-mips/helper.h
+++ b/target-mips/helper.h
@@ -342,6 +342,8 @@ DEF_HELPER_1(tlbwi, void, env)
  DEF_HELPER_1(tlbwr, void, env)
  DEF_HELPER_1(tlbp, void, env)
  DEF_HELPER_1(tlbr, void, env)
+DEF_HELPER_1(tlbinv, void, env)
+DEF_HELPER_1(tlbinvf, void, env)
  DEF_HELPER_1(di, tl, env)
  DEF_HELPER_1(ei, tl, env)
  DEF_HELPER_1(eret, void, env)
diff --git a/target-mips/op_helper.c b/target-mips/op_helper.c
index 3579bde..fa96bb3 100644
--- a/target-mips/op_helper.c
+++ b/target-mips/op_helper.c
@@ -1361,10 +1361,14 @@ void helper_mtc0_count(CPUMIPSState *env, target_ulong 
arg1)
  
  void helper_mtc0_entryhi(CPUMIPSState *env, target_ulong arg1)

  {
-target_ulong old, val;
+target_ulong old, val, mask;
+m

Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689

2014-10-16 Thread Gerd Hoffmann

On Mi, 2014-10-15 at 17:43 +0200, Michael Tokarev wrote:
> On 15.10.2014 12:10, Gerd Hoffmann wrote:
> >Hi,
> >
> > vmware-vga emulation lacks sanity checks in the hardware acceleration
> > (blit + fill) functions.  This patch series plugs the holes.
> >
> > v2 changes:
> >   * small whitespace fixup.
> >   * do fullscreen update on invalid update requests.
> >
> > cheers,
> >Gerd
> >
> > Gerd Hoffmann (5):
> >vmware-vga: CVE-2014-3689: turn off hw accel
> >vmware-vga: add vmsvga_verify_rect
> >vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
> >vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
> >vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
> 
> A small question.  Why do you first disable the hw accel for rect&fill
> and re-enable them in subsequent patches, as if applying the real
> fix patches takes very long time and during that time we need the
> hole to be fixed?

That was just the order the patches where created.  There isn't a real
need for patch #1, but it didn't look important enough to me to bother
fixing it up after the series was complete.

cheers,
  Gerd

[Qemu-devel] [PATCH] glib: add compatibility interface for g_strcmp0()

2014-10-16 Thread arei.gonglei

From: Gonglei 

This patch fixes compilation errors when building against glib < 2.16.0
due to the missing g_strcmp0() function.

Suggested-by: Peter Maydell 
Signed-off-by: Gonglei 
---
 Because g_strcmp0() was called in three places, I provide
 a back-compat implementation. 
---
 include/glib-compat.h | 17 +
 1 file changed, 17 insertions(+)

diff --git a/include/glib-compat.h b/include/glib-compat.h
index e29bf69..f0615c9 100644
--- a/include/glib-compat.h
+++ b/include/glib-compat.h
@@ -45,6 +45,23 @@ static inline gint64 g_get_monotonic_time(void)
 }
 #endif
 
+#if !GLIB_CHECK_VERSION(2, 16, 0)
+static inline int g_strcmp0(const char *str1, const char *str2)
+{
+int result;
+
+if (!str1) {
+result = -(str1 != str2);
+} else if (!str2) {
+result = (str1 != str2);
+} else {
+result = strcmp(str1, str2);
+}
+
+return result;
+}
+#endif
+
 #ifdef _WIN32
 /*
  * g_poll has a problem on Windows when using
-- 
1.7.12.4

Re: [Qemu-devel] [PATCH RFC 0/7] Translate guest vector operations to host vector operations

On Thu, 16 Oct 2014, Alex Bennée wrote:

> >
> > From Valgrind experience there are enough genericism. Valgrind can translate
> > SSE, AltiVec and NEON instructions to vector opcodes. Most of the opcodes 
> > are
> > reused between instruction sets.
> 
> Doesn't Valgrind have the advantage of same-arch->same-arch (I've not
> looked at it's generated code in detail though).
>

Yes, they have this advantage, but Valgrind tools look at intermediate
code in an architecture-independent way. For tools to work they need
to preserve opcode's semantics across different architectures. For
example Iop_QAdd16Sx4 (addition with saturation) must have the same
meaning on ARM (vqadd.s16 instruction) and on x86 (paddsw instruction).
So in most cases where Valgrind uses same opcode for different
instructions from different architectures QEMU can do the same.

> > But keep in mind - there are a lot of vector opcodes. Much much more than
> > scalar ones. You can see full list in Valgrind sources
> > (VEX/pub/libvex_ir.h).
> 
> I think we could only approach this is in a piecemeal way guided by
> performance bottlenecks when we find them.
> 

I'm not sure this will work. In my example larger part of speedup comes
from the fact that I could preserve value on registers and do not need
them to be saved and loaded for each vadd.i32 instruction. To be able to
do it on the real-life application we need to support as large fraction
of its vector instructions as possible. In short: the speedup does not
come from faster emulation of one instruction but from interaction
between sequential guest instructions.

> > We can reduce the amount of opcodes by converting vector element size from 
> > part
> > of an opcode to a constant argument. But we will lose some flexibility 
> > offered
> > by the TARGET_HAS_opcode macro when target has support for some sizes but 
> > not for
> > others. For example SSE has vector minimum for sizes i8x16, i16x8, i32x4 but
> > does not have one for size i64x2. 
> >
> > Some implementation details and concerns.
> >
> > The most problematic issue was the fact that with vector registers we have 
> > one
> > entity that can be accessed as both global variable and memory location. I
> > solved it by introducing the sync_temp opcode that instructs register 
> > allocator to
> > save global variable to its memory location if it is on the register. If a
> > variable is not on a register or memory is already coherent - no store is 
> > issued,
> > so performance penalty for it is minimal. Still this approach has a serious
> > drawback: we need to generate sync_temp explicitly. But I do not know any 
> > better
> > way to achieve consistency.
> 
> I'm not sure I follow. I thought we only needed the memory access when
> the backend can't support the vector width operations so shouldn't have
> stuff in the vector registers?
> 

The target support for vector operations is not binary ("support all" or
"support none"). In most cases it will support some large subset but
some guest vector operations will be emulated. In that case we'll need
to access guest vector registers as memory locations.

Scalar operations which are not supported in opcodes are very uncommon
and a helper with large performance overhead is a reasonable option. I'd
like to avoid such heavy helpers in vector operations because
unsupported opcodes will be more common.

Another cause is the transition from existing code to vector opcodes.
During transition we'll have mix of old code (access as memory) and new
one (access as globals). Doing transition in one go is unrealistic.

> > Note that as of this RFC I have not finished conversion of ARM guest so 
> > mixing
> > NEON with VFP code can cause a miscompile.
> >
> > The second problem is that a backend may or may not support vector 
> > operations. We
> > do not want each frontend to check it on every operation. I created a 
> > wrapper that
> > generates vector opcode if it is supported or generates emulation code.
> >
> > For add_i32x4 emulation code is generated inline. I tried to make it a 
> > helper
> > but got a very significant performance loss (5x slowdown). I'm not sure 
> > about
> > the cause but I suspect that memory was a bottleneck and extra stores needed
> > by calling conventions mattered a lot.
> 
> So the generic helper was more API heavy than the existing NEON helpers?

Existing NEON implementation generates emulation code inline too. That
is how I found that my helper was slow.

-- 
Kirill

Re: [Qemu-devel] [PATCH v4] pc-dimm/numa: Fix stat of memory size in node when hotplug memory


On 2014/10/16 18:36, Igor Mammedov wrote:

On Thu, 9 Oct 2014 20:21:57 +0800
zhanghailiang  wrote:

reword subj with:
numa: make 'info numa' take into account hotplugged memory


When do memory hotplug, if there is numa node, we should add
the memory size to the corresponding node memory size.

For now, it mainly affects the result of hmp command "info numa".

Signed-off-by: zhanghailiang 

With above and below comments fixed,
  Reviewed-by: Igor Mammedov 



OK, Will fix them and send V5 with your Reviewd-by, Thanks:)




---
  v4:
- s/pc_dimm_stat_node_mem/numa_stat_memory_devices/ (Igor Mammedov)
- rewrite numa_stat_memory_devices as Igor's suggestion, and this
will also fix compile error for targets that don't support memory
hotplug v3:
- cold-plugged memory should not be excluded (Igor Mammedov)
  v2:
- Don't modify the numa_info.node_mem directly when treating hotplug
memory, fix the "info numa" instead (Igor Mammedov)

Thanks for review!;)
---
  include/sysemu/sysemu.h |  1 +
  monitor.c   |  6 +-
  numa.c  | 43
+++ 3 files changed, 49
insertions(+), 1 deletion(-)

diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index d8539fd..cfc1592 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -160,6 +160,7 @@ typedef struct node_info {
  extern NodeInfo numa_info[MAX_NODES];
  void set_numa_nodes(void);
  void set_numa_modes(void);
+int query_numa_node_mem(uint64_t *node_mem);
  extern QemuOptsList qemu_numa_opts;
  int numa_init_func(QemuOpts *opts, void *opaque);

diff --git a/monitor.c b/monitor.c
index 2d14f39..d45b0a3 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1949,7 +1949,10 @@ static void do_info_numa(Monitor *mon, const
QDict *qdict) {
  int i;
  CPUState *cpu;
+uint64_t *node_mem;

+node_mem = g_new0(uint64_t, nb_numa_nodes);
+query_numa_node_mem(node_mem);
  monitor_printf(mon, "%d nodes\n", nb_numa_nodes);
  for (i = 0; i < nb_numa_nodes; i++) {
  monitor_printf(mon, "node %d cpus:", i);
@@ -1960,8 +1963,9 @@ static void do_info_numa(Monitor *mon, const
QDict *qdict) }
  monitor_printf(mon, "\n");
  monitor_printf(mon, "node %d size: %" PRId64 " MB\n", i,
-numa_info[i].node_mem >> 20);
+   node_mem[i] >> 20);
  }
+g_free(node_mem);
  }

  #ifdef CONFIG_PROFILER
diff --git a/numa.c b/numa.c
index 3b98135..f8ea327 100644
--- a/numa.c
+++ b/numa.c
@@ -35,6 +35,7 @@
  #include "hw/boards.h"
  #include "sysemu/hostmem.h"
  #include "qmp-commands.h"
+#include "hw/mem/pc-dimm.h"

  QemuOptsList qemu_numa_opts = {
  .name = "numa",
@@ -315,6 +316,48 @@ void
memory_region_allocate_system_memory(MemoryRegion *mr, Object
*owner, } }

+static void numa_stat_memory_devices(uint64_t *node_mem)
+{
+MemoryDeviceInfoList *info_list = NULL;
+MemoryDeviceInfoList **prev = &info_list;
+MemoryDeviceInfoList *info;
+
+qmp_pc_dimm_device_list(qdev_get_machine(), &prev);
+for (info = info_list; info; info = info->next) {
+MemoryDeviceInfo *value = info->value;
+
+if (value) {
+switch (value->kind) {
+case MEMORY_DEVICE_INFO_KIND_DIMM:{
+PCDIMMDeviceInfo *di = value->dimm;
+
+node_mem[di->node] += di->size;
+break;
+}
+default:
+break;
+}
+}
+}
+

unnecessary blank line, drop it


+qapi_free_MemoryDeviceInfoList(info_list);
+}
+
+int query_numa_node_mem(uint64_t *node_mem)
+{
+int i;
+
+if (nb_numa_nodes <= 0) {
+return 0;

since function's return value is not used,
make function void pls


+}
+
+numa_stat_memory_devices(node_mem);
+for (i = 0; i < nb_numa_nodes; i++) {
+node_mem[i] += numa_info[i].node_mem;
+}
+return 0;
+}
+
  static int query_memdev(Object *obj, void *opaque)
  {
  MemdevList **list = opaque;



.

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

2014-10-16 Thread Stefano Stabellini

On Wed, 15 Oct 2014, Peter Maydell wrote:
> On 15 October 2014 11:16, Paul Durrant  wrote:
> > The ioreq-server API added to Xen 4.5 offers better security than
> > the existing Xen/QEMU interface because the shared pages that are
> > used to pass emulation request/results back and forth are removed
> > from the guest's memory space before any requests are serviced.
> > This prevents the guest from mapping these pages (they are in a
> > well known location) and attempting to attack QEMU by synthesizing
> > its own request structures. Hence, this patch modifies configure
> > to detect whether the API is available, and adds the necessary
> > code to use the API if it is.
> 
> This commit message doesn't mention it, but presumably this is
> all x86-specific given it's in a file which is only used for
> x86 Xen?

Unfortunately even though it is pretty x86 specific, it is still
compiled on ARM, even though it is never actually used (it is used in
i386 emulation with Xen acceleration support, while on ARM we only use
the PV machine).

[Qemu-devel] [PATCH] MAINTAINERS: add myself as MIPS guest cores co-maintainer

Add myself to the maintainer list for MIPS guest cores and update the status
from "Odd Fixes" to "Maintained".

Signed-off-by: Leon Alrae 
---
 MAINTAINERS | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 206bf7e..e07662f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -100,7 +100,8 @@ F: hw/microblaze/
 
 MIPS
 M: Aurelien Jarno 
-S: Odd Fixes
+M: Leon Alrae 
+S: Maintained
 F: target-mips/
 F: hw/mips/
 
-- 
2.1.0

Re: [Qemu-devel] [PATCH v3 1/2] qdev: add qdev_build_hotpluggable_device_list helper

On Mon, 6 Oct 2014 19:38:43 +0800
Zhu Guihua  wrote:

> For peripheral device del completion, add a function to build a list
> for hotpluggable devices.
> 
> Signed-off-by: Zhu Guihua 
> ---
>  hw/core/qdev.c | 14 ++
>  include/hw/qdev-core.h |  2 ++
>  2 files changed, 16 insertions(+)
> 
> diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> index fcb1638..5f4b2b9 100644
> --- a/hw/core/qdev.c
> +++ b/hw/core/qdev.c
> @@ -801,6 +801,20 @@ void qdev_alias_all_properties(DeviceState
> *target, Object *source) } while (class !=
> object_class_by_name(TYPE_DEVICE)); }
>  
> +int qdev_build_hotpluggable_device_list(Object *obj, void *opaque)
> +{
> +GSList **list = opaque;
> +DeviceState *dev = DEVICE(obj);
> +DeviceClass *dc = DEVICE_GET_CLASS(dev);
> +
> +if (dev->realized && dc->hotpluggable) {
pls use object_property_get_bool() to get value of hotpluggable property
since it's might not be enough to have dc->hotpluggable set to true to
be hotpluggable.

> +*list = g_slist_append(*list, dev);
> +}
> +
> +object_child_foreach(obj, qdev_build_hotpluggable_device_list,
> opaque);
> +return 0;
> +}
> +
>  static bool device_get_realized(Object *obj, Error **errp)
>  {
>  DeviceState *dev = DEVICE(obj);
> diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
> index 178fee2..aa76fdc 100644
> --- a/include/hw/qdev-core.h
> +++ b/include/hw/qdev-core.h
> @@ -361,6 +361,8 @@ extern int qdev_hotplug;
>  
>  char *qdev_get_dev_path(DeviceState *dev);
>  
> +int qdev_build_hotpluggable_device_list(Object *obj, void *opaque);
> +
>  static inline void qbus_set_hotplug_handler(BusState *bus,
> DeviceState *handler, Error **errp)
>  {

Re: [Qemu-devel] [PATCH v3 2/2] monitor: add del completion for peripheral device

On Mon, 6 Oct 2014 19:38:44 +0800
Zhu Guihua  wrote:

> Add peripheral_device_del_completion() to let peripheral device del
> completion be possible.
> 
> Signed-off-by: Zhu Guihua 
> ---
>  monitor.c | 24 
>  1 file changed, 24 insertions(+)
> 
> diff --git a/monitor.c b/monitor.c
> index 667efb7..ffe5405 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -4351,6 +4351,29 @@ static void
> device_del_bus_completion(ReadLineState *rs,  BusState *bus, }
>  }
>  
> +static void peripheral_device_del_completion(ReadLineState *rs,
> + const char *str, size_t
> len) +{
> +Object *peripheral;
> +GSList *list = NULL, *item;
> +
> +peripheral = object_resolve_path("/machine/peripheral/", NULL);
> +
pls remove unnecessary blank line

> +if (peripheral == NULL) {
> +return;
> +}
> +
> +object_child_foreach(peripheral,
> qdev_build_hotpluggable_device_list,
> + &list);
> +
> +for (item = list; item; item = g_slist_next(item)) {
> +DeviceState *dev = item->data;
add blank line here, pls.

> +if (!strncmp(str, dev->id, len)) {
> +readline_add_completion(rs, dev->id);
> +}
> +}
> +}
> +
>  void chardev_remove_completion(ReadLineState *rs, int nb_args, const
> char *str) {
>  size_t len;
> @@ -4424,6 +4447,7 @@ void device_del_completion(ReadLineState *rs,
> int nb_args, const char *str) len = strlen(str);
>  readline_set_completion_index(rs, len);
>  device_del_bus_completion(rs, sysbus_get_default(), str, len);
All ID-ed devices that might be available for removal are returned by
following line, so do we still need above recusive bus walker that
gathers duplicate devices from buses?

> +peripheral_device_del_completion(rs, str, len);
>  }
>  
>  void object_del_completion(ReadLineState *rs, int nb_args, const
> char *str)

Re: [Qemu-devel] [PATCH v3] qemu-char: Do not disconnect when there's data for reading

2014-10-16 Thread Zifei Tong

Friendly ping.

I've saw a couple of scripts affected by this bug.

Thanks,
Zifei
On Sep 19, 2014 10:03 PM, "Kirill Batuzov"  wrote:

> On 19.09.2014 11:12, Zifei Tong wrote:
>
>> After commit 812c1057f6175ac9a9829fa2920a2b5783814193 (Handle G_IO_HUP
>> in tcp_chr_read for tcp chardev), connections are disconnected when in
>> G_IO_HUP condition.
>>
>> However, it's possible that there is still data for reading in the
>> channel.
>> In that case, the remaining data is not handled.
>>
>> I saw a related bug when running socat in write-only mode, after
>>
>>$ echo "quit" | socat -u - UNIX-CONNECT:qemu-monitor
>>
>> the monitor won't not run the 'quit' command.
>>
>> Instead of GIOCondition, this patch uses the return value of
>> tcp_chr_recv()
>> to check the state of connection as suggested by Kirill.
>>
>> Cc: Kirill Batuzov 
>> Cc: Nikolay Nikolaev 
>> Cc: Markus Armbruster 
>> Cc: Anthony Liguori 
>> Signed-off-by: Zifei Tong 
>> ---
>> Changes in v3: handle EWOULDBLOCK, remove inaccurate comment
>>
>>   qemu-char.c | 10 ++
>>   1 file changed, 2 insertions(+), 8 deletions(-)
>>
>> diff --git a/qemu-char.c b/qemu-char.c
>> index 2a3cb9f..d1893a0 100644
>> --- a/qemu-char.c
>> +++ b/qemu-char.c
>> @@ -2692,12 +2692,6 @@ static gboolean tcp_chr_read(GIOChannel *chan,
>> GIOCondition cond, void *opaque)
>>   uint8_t buf[READ_BUF_LEN];
>>   int len, size;
>>
>> -if (cond & G_IO_HUP) {
>> -/* connection closed */
>> -tcp_chr_disconnect(chr);
>> -return TRUE;
>> -}
>> -
>>   if (!s->connected || s->max_size <= 0) {
>>   return TRUE;
>>   }
>> @@ -2705,8 +2699,8 @@ static gboolean tcp_chr_read(GIOChannel *chan,
>> GIOCondition cond, void *opaque)
>>   if (len > s->max_size)
>>   len = s->max_size;
>>   size = tcp_chr_recv(chr, (void *)buf, len);
>> -if (size == 0) {
>> -/* connection closed */
>> +if (size == 0 ||
>> +(size < 0 && !(errno == EAGAIN || errno == EWOULDBLOCK || errno
>> == EINTR))) {
>>   tcp_chr_disconnect(chr);
>>   } else if (size > 0) {
>>   if (s->do_telnetopt)
>>
>>
> Looks good to me.
>
> Reviewed-by: Kirill Batuzov 
>
> --
> Kirill
>

[Qemu-devel] [PATCH v5] numa: make 'info numa' take into account hotplugged memory

When do memory hotplug, if there is numa node, we should add
the memory size to the corresponding node memory size.

For now, it mainly affects the result of hmp command "info numa".

Reviewed-by: Igor Mammedov 
Signed-off-by: zhanghailiang 
---
 v5:
- reword the subject (Igor Mammedov)
- turn query_numa_node_mem to void (Igor Mammedov)
 v4:
- s/pc_dimm_stat_node_mem/numa_stat_memory_devices/ (Igor Mammedov)
- rewrite numa_stat_memory_devices and this will also fix compile error for 
  targets that don't support memory hotplug
 v3:
- cold-plugged memory should not be excluded (Igor Mammedov)
 v2:
- Don't modify the numa_info.node_mem directly when treating hotplug memory,
  fix the "info numa" instead (Igor Mammedov)

Thanks for review!;)
---
 include/sysemu/sysemu.h |  1 +
 monitor.c   |  6 +-
 numa.c  | 41 +
 3 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
index 0037a69..ef5eaf4 100644
--- a/include/sysemu/sysemu.h
+++ b/include/sysemu/sysemu.h
@@ -161,6 +161,7 @@ typedef struct node_info {
 extern NodeInfo numa_info[MAX_NODES];
 void set_numa_nodes(void);
 void set_numa_modes(void);
+void query_numa_node_mem(uint64_t *node_mem);
 extern QemuOptsList qemu_numa_opts;
 int numa_init_func(QemuOpts *opts, void *opaque);
 
diff --git a/monitor.c b/monitor.c
index 2d14f39..d45b0a3 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1949,7 +1949,10 @@ static void do_info_numa(Monitor *mon, const QDict 
*qdict)
 {
 int i;
 CPUState *cpu;
+uint64_t *node_mem;
 
+node_mem = g_new0(uint64_t, nb_numa_nodes);
+query_numa_node_mem(node_mem);
 monitor_printf(mon, "%d nodes\n", nb_numa_nodes);
 for (i = 0; i < nb_numa_nodes; i++) {
 monitor_printf(mon, "node %d cpus:", i);
@@ -1960,8 +1963,9 @@ static void do_info_numa(Monitor *mon, const QDict *qdict)
 }
 monitor_printf(mon, "\n");
 monitor_printf(mon, "node %d size: %" PRId64 " MB\n", i,
-numa_info[i].node_mem >> 20);
+   node_mem[i] >> 20);
 }
+g_free(node_mem);
 }
 
 #ifdef CONFIG_PROFILER
diff --git a/numa.c b/numa.c
index 3b98135..5b84ffb 100644
--- a/numa.c
+++ b/numa.c
@@ -35,6 +35,7 @@
 #include "hw/boards.h"
 #include "sysemu/hostmem.h"
 #include "qmp-commands.h"
+#include "hw/mem/pc-dimm.h"
 
 QemuOptsList qemu_numa_opts = {
 .name = "numa",
@@ -315,6 +316,46 @@ void memory_region_allocate_system_memory(MemoryRegion 
*mr, Object *owner,
 }
 }
 
+static void numa_stat_memory_devices(uint64_t *node_mem)
+{
+MemoryDeviceInfoList *info_list = NULL;
+MemoryDeviceInfoList **prev = &info_list;
+MemoryDeviceInfoList *info;
+
+qmp_pc_dimm_device_list(qdev_get_machine(), &prev);
+for (info = info_list; info; info = info->next) {
+MemoryDeviceInfo *value = info->value;
+
+if (value) {
+switch (value->kind) {
+case MEMORY_DEVICE_INFO_KIND_DIMM: {
+PCDIMMDeviceInfo *di = value->dimm;
+
+node_mem[di->node] += di->size;
+break;
+}
+default:
+break;
+}
+}
+}
+qapi_free_MemoryDeviceInfoList(info_list);
+}
+
+void query_numa_node_mem(uint64_t *node_mem)
+{
+int i;
+
+if (nb_numa_nodes <= 0) {
+return;
+}
+
+numa_stat_memory_devices(node_mem);
+for (i = 0; i < nb_numa_nodes; i++) {
+node_mem[i] += numa_info[i].node_mem;
+}
+}
+
 static int query_memdev(Object *obj, void *opaque)
 {
 MemdevList **list = opaque;
-- 
1.7.12.4

[Qemu-devel] [PATCH] block: fix implicit convertion to invalid type

change type of variable to expected IoOperationType which fixes compile
warning:

block.c:3655:20: warning: implicit conversion from enumeration
 type enum IoOperationType to different enumeration type BlockErrorAction

Signed-off-by: Igor Mammedov 
---
 block.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/block.c b/block.c
index 27533f3..c15fad0 100644
--- a/block.c
+++ b/block.c
@@ -3650,10 +3650,10 @@ static void send_qmp_error_event(BlockDriverState *bs,
  BlockErrorAction action,
  bool is_read, int error)
 {
-BlockErrorAction ac;
+IoOperationType op;
 
-ac = is_read ? IO_OPERATION_TYPE_READ : IO_OPERATION_TYPE_WRITE;
-qapi_event_send_block_io_error(bdrv_get_device_name(bs), ac, action,
+op = is_read ? IO_OPERATION_TYPE_READ : IO_OPERATION_TYPE_WRITE;
+qapi_event_send_block_io_error(bdrv_get_device_name(bs), op, action,
bdrv_iostatus_is_enabled(bs),
error == ENOSPC, strerror(error),
&error_abort);
-- 
1.9.3 (Apple Git-50)

[Qemu-devel] [PATCH v4 1/2] Add device listener interface

The Xen ioreq-server API, introduced in Xen 4.5, requires that PCI device
models explicitly register with Xen for config space accesses. This patch
adds a listener interface into qdev-core which can be used by the Xen
interface code to monitor for arrival and departure of PCI devices.

Signed-off-by: Paul Durrant 
Cc: Michael S. Tsirkin 
Cc: Andreas Faerber" 
Cc: Paolo Bonzini 
Cc: Peter Crosthwaite 
Cc: Igor Mammedov 
Cc: Markus Armbruster 
Cc: Thomas Huth 
Cc: Christian Borntraeger 
---
 hw/core/qdev.c  |   54 +++
 include/hw/qdev-core.h  |   10 +
 include/qemu/typedefs.h |1 +
 3 files changed, 65 insertions(+)

diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index fcb1638..4a9c1f6 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -175,6 +175,56 @@ int qdev_init(DeviceState *dev)
 return 0;
 }
 
+static QTAILQ_HEAD(qdev_listeners, DeviceListener) qdev_listeners
+= QTAILQ_HEAD_INITIALIZER(qdev_listeners);
+
+enum ListenerDirection { Forward, Reverse };
+
+#define QDEV_LISTENER_CALL(_callback, _direction, _args...) \
+do {\
+DeviceListener *_listener;  \
+\
+switch (_direction) {   \
+case Forward:   \
+QTAILQ_FOREACH(_listener, &qdev_listeners, link) {  \
+if (_listener->_callback) { \
+_listener->_callback(_listener, ##_args);   \
+}   \
+}   \
+break;  \
+case Reverse:   \
+QTAILQ_FOREACH_REVERSE(_listener, &qdev_listeners,  \
+   qdev_listeners, link) {  \
+if (_listener->_callback) { \
+_listener->_callback(_listener, ##_args);   \
+}   \
+}   \
+break;  \
+default:\
+abort();\
+}   \
+} while (0)
+
+static int qdev_listener_add(DeviceState *dev, void *opaque)
+{
+QDEV_LISTENER_CALL(realize, Forward, dev);
+
+return 0;
+}
+
+void qdev_listener_register(DeviceListener *listener)
+{
+QTAILQ_INSERT_TAIL(&qdev_listeners, listener, link);
+
+qbus_walk_children(sysbus_get_default(), NULL, NULL, qdev_listener_add,
+   NULL, NULL);
+}
+
+void qdev_listener_unregister(DeviceListener *listener)
+{
+QTAILQ_REMOVE(&qdev_listeners, listener, link);
+}
+
 static void device_realize(DeviceState *dev, Error **errp)
 {
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
@@ -186,12 +236,16 @@ static void device_realize(DeviceState *dev, Error **errp)
 return;
 }
 }
+
+QDEV_LISTENER_CALL(realize, Forward, dev);
 }
 
 static void device_unrealize(DeviceState *dev, Error **errp)
 {
 DeviceClass *dc = DEVICE_GET_CLASS(dev);
 
+QDEV_LISTENER_CALL(unrealize, Reverse, dev);
+
 if (dc->exit) {
 int rc = dc->exit(dev);
 if (rc < 0) {
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index 178fee2..f2dc267 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -167,6 +167,12 @@ struct DeviceState {
 int alias_required_for_version;
 };
 
+struct DeviceListener {
+void (*realize)(DeviceListener *listener, DeviceState *dev);
+void (*unrealize)(DeviceListener *listener, DeviceState *dev);
+QTAILQ_ENTRY(DeviceListener) link;
+};
+
 #define TYPE_BUS "bus"
 #define BUS(obj) OBJECT_CHECK(BusState, (obj), TYPE_BUS)
 #define BUS_CLASS(klass) OBJECT_CLASS_CHECK(BusClass, (klass), TYPE_BUS)
@@ -368,4 +374,8 @@ static inline void qbus_set_hotplug_handler(BusState *bus, 
DeviceState *handler,
  QDEV_HOTPLUG_HANDLER_PROPERTY, errp);
 bus->allow_hotplug = 1;
 }
+
+void qdev_listener_register(DeviceListener *listener);
+void qdev_listener_unregister(DeviceListener *listener);
+
 #endif
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 04df51b..e32bca2 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -20,6 +20,7 @@ typedef struct Property Property;
 typedef struct PropertyInfo PropertyInfo;
 typedef struct CompatProperty CompatProperty;
 typedef struct DeviceState DeviceState;
+typedef struct DeviceListener DeviceListener;
 typedef struct BusState BusState;
 typedef struct BusClass BusClass;
 
--

[Qemu-devel] [PATCH v4 2/2] Xen: Use the ioreq-server API when available

The ioreq-server API added to Xen 4.5 offers better security than
the existing Xen/QEMU interface because the shared pages that are
used to pass emulation request/results back and forth are removed
from the guest's memory space before any requests are serviced.
This prevents the guest from mapping these pages (they are in a
well known location) and attempting to attack QEMU by synthesizing
its own request structures. Hence, this patch modifies configure
to detect whether the API is available, and adds the necessary
code to use the API if it is.

Signed-off-by: Paul Durrant 
Acked-by: Stefano Stabellini 
Cc: Peter Maydell 
Cc: Paolo Bonzini 
Cc: Michael Tokarev 
Cc: Stefan Hajnoczi 
Cc: Stefan Weil 
Cc: Olaf Hering 
Cc: Gerd Hoffmann 
Cc: Alexey Kardashevskiy 
Cc: Alexander Graf 
---
 configure   |   29 ++
 include/hw/xen/xen_common.h |  223 +++
 trace-events|9 ++
 xen-hvm.c   |  156 ++
 4 files changed, 396 insertions(+), 21 deletions(-)

diff --git a/configure b/configure
index 9ac2600..c2db574 100755
--- a/configure
+++ b/configure
@@ -1876,6 +1876,32 @@ int main(void) {
   xc_gnttab_open(NULL, 0);
   xc_domain_add_to_physmap(0, 0, XENMAPSPACE_gmfn, 0, 0);
   xc_hvm_inject_msi(xc, 0, 0xf000, 0x);
+  xc_hvm_create_ioreq_server(xc, 0, 0, NULL);
+  return 0;
+}
+EOF
+  compile_prog "" "$xen_libs"
+then
+xen_ctrl_version=450
+xen=yes
+
+  elif
+  cat > $TMPC <
+#include 
+#include 
+#include 
+#if !defined(HVM_MAX_VCPUS)
+# error HVM_MAX_VCPUS not defined
+#endif
+int main(void) {
+  xc_interface *xc;
+  xs_daemon_open();
+  xc = xc_interface_open(0, 0, 0);
+  xc_hvm_set_mem_type(0, 0, HVMMEM_ram_ro, 0, 0);
+  xc_gnttab_open(NULL, 0);
+  xc_domain_add_to_physmap(0, 0, XENMAPSPACE_gmfn, 0, 0);
+  xc_hvm_inject_msi(xc, 0, 0xf000, 0x);
   return 0;
 }
 EOF
@@ -4282,6 +4308,9 @@ if test -n "$sparc_cpu"; then
 echo "Target Sparc Arch $sparc_cpu"
 fi
 echo "xen support   $xen"
+if test "$xen" = "yes" ; then
+  echo "xen ctrl version  $xen_ctrl_version"
+fi
 echo "brlapi support$brlapi"
 echo "bluez  support$bluez"
 echo "Documentation $docs"
diff --git a/include/hw/xen/xen_common.h b/include/hw/xen/xen_common.h
index 07731b9..aec1372 100644
--- a/include/hw/xen/xen_common.h
+++ b/include/hw/xen/xen_common.h
@@ -16,7 +16,9 @@
 
 #include "hw/hw.h"
 #include "hw/xen/xen.h"
+#include "hw/pci/pci.h"
 #include "qemu/queue.h"
+#include "trace.h"
 
 /*
  * We don't support Xen prior to 3.3.0.
@@ -164,4 +166,225 @@ void destroy_hvm_domain(bool reboot);
 /* shutdown/destroy current domain because of an error */
 void xen_shutdown_fatal_error(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
 
+/* Xen before 4.5 */
+#if CONFIG_XEN_CTRL_INTERFACE_VERSION < 450
+
+#ifndef HVM_PARAM_BUFIOREQ_EVTCHN
+#define HVM_PARAM_BUFIOREQ_EVTCHN 26
+#endif
+
+#define IOREQ_TYPE_PCI_CONFIG 2
+
+typedef uint32_t ioservid_t;
+
+static inline void xen_map_memory_section(XenXC xc, domid_t dom,
+  ioservid_t ioservid,
+  MemoryRegionSection *section)
+{
+}
+
+static inline void xen_unmap_memory_section(XenXC xc, domid_t dom,
+ioservid_t ioservid,
+MemoryRegionSection *section)
+{
+}
+
+static inline void xen_map_io_section(XenXC xc, domid_t dom,
+  ioservid_t ioservid,
+  MemoryRegionSection *section)
+{
+}
+
+static inline void xen_unmap_io_section(XenXC xc, domid_t dom,
+ioservid_t ioservid,
+MemoryRegionSection *section)
+{
+}
+
+static inline void xen_map_pcidev(XenXC xc, domid_t dom,
+  ioservid_t ioservid,
+  PCIDevice *pci_dev)
+{
+}
+
+static inline void xen_unmap_pcidev(XenXC xc, domid_t dom,
+ioservid_t ioservid,
+PCIDevice *pci_dev)
+{
+}
+
+static inline int xen_create_ioreq_server(XenXC xc, domid_t dom,
+  ioservid_t *ioservid)
+{
+return 0;
+}
+
+static inline void xen_destroy_ioreq_server(XenXC xc, domid_t dom,
+ioservid_t ioservid)
+{
+}
+
+static inline int xen_get_ioreq_server_info(XenXC xc, domid_t dom,
+ioservid_t ioservid,
+xen_pfn_t *ioreq_pfn,
+xen_pfn_t *bufioreq_pfn,
+evtchn_port_t *bufioreq_evtchn)
+{
+unsigned long param;
+int rc;
+
+rc = xc_get_hvm_param(xc, dom, HVM_PARAM_IOREQ_PFN, ¶m);
+if (rc < 0) {
+fprintf

[Qemu-devel] [PATCH v4 0/2] Use ioreq-server API

This patch series is v4 of what was originally the single patch
"Xen: Use the ioreq-server API when available".

v2 of the series moved the code that added the PCI bus listener
to patch #1 and the remainder of the changes to patch #2. Patch #2
was then re-worked to constrain the #ifdefing to xen_common.h, as
requested by Stefano.

v3 of the series modifies patch #1 to add the listener interface
into the core qdev, rather than the PCI bus code. This change only
requires trivial modification to patch #2, to only act on realize/
unrealize of PCI devices. Patch #2 was also modified at Stefano's
request to remove an extra identity check of memory sections
against the ram region.

v4 of the series replaces the use of a vmstate pre_save callback
with extra code in the existing runstate change notification
callback. It also tidies up some things in xen-hvm.c pointed out
by Stefano and adds his ack to patch #2.

Re: [Qemu-devel] [PATCH 1/8] virtio-gpu/2d: add hardware spec include file

2014-10-16 Thread Gerd Hoffmann

  Hi,

> > How stable are these numbers?
> 
> In theory the mesa/gallium numbers aren't stable, though I've never
> seen them change yet,
> 
> If they diverge in the future I'll just provide a remapping table
> inside the guest driver.
> 
> So it should be fine to expose these formats for 2D use.

Good.

> >> How do you test guests with big endian? Isn't it really slow?
> >
> > emulated pseries machine with fedora ppc64.  Yes, it is slow.  Building
> > a kernel with virtio-gpu driver takes a day or so.
> 
> I spent a little while trying to get a ppc64 f20 install to complete, just
> using the F20 qemu ppc64 system package but hit a bug I
> think is related to missing SIMD instructions, so I'm not sure how best
> to move forward with getting a test platform here.

I'm using self-compiled qemu 2.1 which works fine, so it looks like this
issue has been fixed meanwhile.

If you want something newer without manually building it you can try the
virt-preview repo (see
https://fedoraproject.org/wiki/Virtualization_Preview_Repository).

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v3 2/2] Xen: Use the ioreq-server API when available

On 16 October 2014 13:29, Stefano Stabellini
 wrote:
> Unfortunately even though it is pretty x86 specific, it is still
> compiled on ARM, even though it is never actually used (it is used in
> i386 emulation with Xen acceleration support, while on ARM we only use
> the PV machine).

Really? CONFIG_XEN_I386 is only set in the i386 and x86_64 defconfigs...

-- PMM

Re: [Qemu-devel] [PATCH v3 1/2] Add device listener interface

On Wed, 15 Oct 2014 10:05:32 +
Paul Durrant  wrote:

> 
> 
> > -Original Message-
> > From: Igor Mammedov [mailto:imamm...@redhat.com]
> > Sent: 15 October 2014 10:54
> > To: Paul Durrant
> > Cc: qemu-devel@nongnu.org; xen-de...@lists.xenproject.org; Michael
> > S. Tsirkin; Andreas Faerber"; Paolo Bonzini; Peter Crosthwaite; Igor
> > Mammedov; Markus Armbruster; Thomas Huth; Christian Borntraeger
> > Subject: Re: [PATCH v3 1/2] Add device listener interface
> > 
> > On Wed, 15 Oct 2014 10:16:38 +0100
> > Paul Durrant  wrote:
> > 
> > > The Xen ioreq-server API, introduced in Xen 4.5, requires that PCI
> > > device models explicitly register with Xen for config space
> > > accesses. This patch adds a listener interface into qdev-core
> > > which can be used by the Xen interface code to monitor for
> > > arrival and departure of PCI devices.
> > 
> > If you need only one listener handler for your case, why you
> > couldn't use hotplug interface instead of listerners?
> > to me it looks like it should work for this case.
> > To make it work xen code would need to override default plug/unplug
> > handlers on PCI bus and do register/unregister from there.
> > 
> 
> That sounds a bit ugly. A pci or now qdev listener interface seems
> more elegant and generally useful.
Even if suggested listener is usefull it could be better if handlers
had error handling as well, so that errors in callback could be
reported up to the caller.

> 
> > One thing is that unplug handler is not defined for PCI bus yet,
> > to get it work one would need to refactor pcihp/bridge/pcie unplug
> > path to call unplug handler before object_unparent().
> > 
> 
> Yes - that makes it a much more intrusive modification.
It' isn't if you don't consolidate unplug handler from
pcihp/bridge/pcie. It would be ~3-4 LOC  per each.

> 
>   Paul
> 
> > 
> > >
> > > Signed-off-by: Paul Durrant 
> > > Cc: Michael S. Tsirkin 
> > > Cc: Andreas Faerber" 
> > > Cc: Paolo Bonzini 
> > > Cc: Peter Crosthwaite 
> > > Cc: Igor Mammedov 
> > > Cc: Markus Armbruster 
> > > Cc: Thomas Huth 
> > > Cc: Christian Borntraeger 
> > > ---
> > >  hw/core/qdev.c  |   54
> > > +++
> > > include/hw/qdev-core.h  |   10 + include/qemu/typedefs.h |
> > > 1 + 3 files changed, 65 insertions(+)
> > >
> > > diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> > > index fcb1638..4a9c1f6 100644
> > > --- a/hw/core/qdev.c
> > > +++ b/hw/core/qdev.c
> > > @@ -175,6 +175,56 @@ int qdev_init(DeviceState *dev)
> > >  return 0;
> > >  }
> > >
> > > +static QTAILQ_HEAD(qdev_listeners, DeviceListener) qdev_listeners
> > > += QTAILQ_HEAD_INITIALIZER(qdev_listeners);
> > > +
> > > +enum ListenerDirection { Forward, Reverse };
> > > +
> > > +#define QDEV_LISTENER_CALL(_callback, _direction, _args...) \
> > > +do {\
> > > +DeviceListener *_listener;  \
> > > +\
> > > +switch (_direction) {   \
> > > +case Forward:   \
> > > +QTAILQ_FOREACH(_listener, &qdev_listeners, link) {  \
> > > +if (_listener->_callback) { \
> > > +_listener->_callback(_listener, ##_args);   \
> > > +}   \
> > > +}   \
> > > +break;  \
> > > +case Reverse:   \
> > > +QTAILQ_FOREACH_REVERSE(_listener, &qdev_listeners,  \
> > > +   qdev_listeners, link) {  \
> > > +if (_listener->_callback) { \
> > > +_listener->_callback(_listener, ##_args);   \
> > > +}   \
> > > +}   \
> > > +break;  \
> > > +default:\
> > > +abort();\
> > > +}   \
> > > +} while (0)
> > > +
> > > +static int qdev_listener_add(DeviceState *dev, void *opaque)
> > > +{
> > > +QDEV_LISTENER_CALL(realize, Forward, dev);
> > > +
> > > +return 0;
> > > +}
> > > +
> > > +void qdev_listener_register(DeviceListener *listener)
> > > +{
> > > +QTAILQ_INSERT_TAIL(&qdev_listeners, listener, link);
> > > +
> > > +qbus_walk_children(sysbus_get_default(), NULL, NULL,
> > > qdev_listener_add,
> > > +   NULL, NULL);
> > > +}
> > > +
> > > +void qdev_listener_unregister(DeviceListener

Re: [Qemu-devel] [PATCH v5] numa: make 'info numa' take into account hotplugged memory

2014-10-16 Thread Gonglei

On 2014/10/16 20:02, zhanghailiang wrote:

> When do memory hotplug, if there is numa node, we should add
> the memory size to the corresponding node memory size.
> 
> For now, it mainly affects the result of hmp command "info numa".
> 
> Reviewed-by: Igor Mammedov 
> Signed-off-by: zhanghailiang 
> ---
>  v5:
> - reword the subject (Igor Mammedov)
> - turn query_numa_node_mem to void (Igor Mammedov)
>  v4:
> - s/pc_dimm_stat_node_mem/numa_stat_memory_devices/ (Igor Mammedov)
> - rewrite numa_stat_memory_devices and this will also fix compile error for 
>   targets that don't support memory hotplug
>  v3:
> - cold-plugged memory should not be excluded (Igor Mammedov)
>  v2:
> - Don't modify the numa_info.node_mem directly when treating hotplug memory,
>   fix the "info numa" instead (Igor Mammedov)
> 
> Thanks for review!;)
> ---
>  include/sysemu/sysemu.h |  1 +
>  monitor.c   |  6 +-
>  numa.c  | 41 +
>  3 files changed, 47 insertions(+), 1 deletion(-)
> 
> diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
> index 0037a69..ef5eaf4 100644
> --- a/include/sysemu/sysemu.h
> +++ b/include/sysemu/sysemu.h
> @@ -161,6 +161,7 @@ typedef struct node_info {
>  extern NodeInfo numa_info[MAX_NODES];
>  void set_numa_nodes(void);
>  void set_numa_modes(void);
> +void query_numa_node_mem(uint64_t *node_mem);
>  extern QemuOptsList qemu_numa_opts;
>  int numa_init_func(QemuOpts *opts, void *opaque);
>  
> diff --git a/monitor.c b/monitor.c
> index 2d14f39..d45b0a3 100644
> --- a/monitor.c
> +++ b/monitor.c
> @@ -1949,7 +1949,10 @@ static void do_info_numa(Monitor *mon, const QDict 
> *qdict)
>  {
>  int i;
>  CPUState *cpu;
> +uint64_t *node_mem;
>  
> +node_mem = g_new0(uint64_t, nb_numa_nodes);
> +query_numa_node_mem(node_mem);
>  monitor_printf(mon, "%d nodes\n", nb_numa_nodes);
>  for (i = 0; i < nb_numa_nodes; i++) {
>  monitor_printf(mon, "node %d cpus:", i);
> @@ -1960,8 +1963,9 @@ static void do_info_numa(Monitor *mon, const QDict 
> *qdict)
>  }
>  monitor_printf(mon, "\n");
>  monitor_printf(mon, "node %d size: %" PRId64 " MB\n", i,
> -numa_info[i].node_mem >> 20);
> +   node_mem[i] >> 20);
>  }
> +g_free(node_mem);
>  }
>  
>  #ifdef CONFIG_PROFILER
> diff --git a/numa.c b/numa.c
> index 3b98135..5b84ffb 100644
> --- a/numa.c
> +++ b/numa.c
> @@ -35,6 +35,7 @@
>  #include "hw/boards.h"
>  #include "sysemu/hostmem.h"
>  #include "qmp-commands.h"
> +#include "hw/mem/pc-dimm.h"
>  
>  QemuOptsList qemu_numa_opts = {
>  .name = "numa",
> @@ -315,6 +316,46 @@ void memory_region_allocate_system_memory(MemoryRegion 
> *mr, Object *owner,
>  }
>  }
>  
> +static void numa_stat_memory_devices(uint64_t *node_mem)
> +{
> +MemoryDeviceInfoList *info_list = NULL;
> +MemoryDeviceInfoList **prev = &info_list;
> +MemoryDeviceInfoList *info;
> +
> +qmp_pc_dimm_device_list(qdev_get_machine(), &prev);
> +for (info = info_list; info; info = info->next) {
> +MemoryDeviceInfo *value = info->value;
> +
> +if (value) {
> +switch (value->kind) {
> +case MEMORY_DEVICE_INFO_KIND_DIMM: {

I think this '{}' symbol is superfluous.

Best regards,
-Gonglei

[Qemu-devel] [PATCH v5 0/7] Netduino 2 Machine Model

This patch series adds the Netduino 2 Machine to QEMU

Information on the board is avalible at:
http://www.netduino.com/netduino2/specs.htm

The git tree can be found at:
https://github.com/alistair23/qemu/tree/netduino2.5

This patch series makes some changes to the armv7m_init function
that allows the code to be reused with the Netduino 2 and the
Stellaris machines.

Some example code that runs on QEMU is avaliable at:
at: https://github.com/alistair23/CSSE3010-QEMU-Examples

I have more devices in the works, I figured I would just start
with these three

V5:
 - Remove the reset changes based on the ELF entry
V4:
 - Rebase
 - Correct timer units
V3:
 - Correct the timer interrupts
 - Update debug printing
 - Remove the sram_size argument from armv7m_init
V2:
 - Fix up the Timer device
 - Fix up the USART device
 - Change the memory region names to match the Stellaris board
Changes from RFC:
 - Code cleanup thanks to Peter C's comments
 - Split the Makefile configs to device level
 - Changes to armv7m_init with interupt and memory passing
- See the individual patches for more details


Alistair Francis (7):
  stm32f205_timer: Add the stm32f205 Timer
  stm32f205_USART: Add the stm32f205 USART Controller
  stm32f205_SYSCFG: Add the stm32f205 SYSCFG
  target_arm: Remove memory region init from armv7m_init
  target_arm: Parameterise the irq lines for armv7m_init
  stm32f205: Add the stm32f205 SoC
  netduino2: Add the Netduino 2 Machine

 default-configs/arm-softmmu.mak|   4 +
 hw/arm/Makefile.objs   |   2 +
 hw/arm/armv7m.c|  38 +
 hw/arm/netduino2.c |  54 +++
 hw/arm/stellaris.c |  27 +++-
 hw/arm/stm32f205_soc.c | 157 ++
 hw/char/Makefile.objs  |   1 +
 hw/char/stm32f205_usart.c  | 218 +
 hw/misc/Makefile.objs  |   1 +
 hw/misc/stm32f205_syscfg.c | 160 +++
 hw/timer/Makefile.objs |   2 +
 hw/timer/stm32f205_timer.c | 318 +
 include/hw/arm/arm.h   |   3 +-
 include/hw/arm/stm32f205_soc.h |  69 
 include/hw/char/stm32f205_usart.h  |  69 
 include/hw/misc/stm32f205_syscfg.h |  61 +++
 include/hw/timer/stm32f205_timer.h | 101 
 17 files changed, 1247 insertions(+), 38 deletions(-)
 create mode 100644 hw/arm/netduino2.c
 create mode 100644 hw/arm/stm32f205_soc.c
 create mode 100644 hw/char/stm32f205_usart.c
 create mode 100644 hw/misc/stm32f205_syscfg.c
 create mode 100644 hw/timer/stm32f205_timer.c
 create mode 100644 include/hw/arm/stm32f205_soc.h
 create mode 100644 include/hw/char/stm32f205_usart.h
 create mode 100644 include/hw/misc/stm32f205_syscfg.h
 create mode 100644 include/hw/timer/stm32f205_timer.h

-- 
1.9.1

[Qemu-devel] [PATCH v5 1/7] stm32f205_timer: Add the stm32f205 Timer

This patch adds the stm32f205 timers: TIM2, TIM3, TIM4 and TIM5
to QEMU.

Signed-off-by: Alistair Francis 
---
V4:
 - Update timer units again
- Thanks to Peter C
V3:
 - Update debug statements
 - Correct the units for timer_mod
 - Correctly set timer_offset from resets
V2:
 - Reorder the Makefile config
 - Fix up the debug printing
 - Correct the timer event trigger
Changes from RFC:
 - Small changes to functionality and style. Thanks to Peter C
 - Rename to make the timer more generic
 - Split the config settings to device level

 default-configs/arm-softmmu.mak|   1 +
 hw/timer/Makefile.objs |   2 +
 hw/timer/stm32f205_timer.c | 318 +
 include/hw/timer/stm32f205_timer.h | 101 
 4 files changed, 422 insertions(+)
 create mode 100644 hw/timer/stm32f205_timer.c
 create mode 100644 include/hw/timer/stm32f205_timer.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index f3513fa..cf23b24 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -78,6 +78,7 @@ CONFIG_NSERIES=y
 CONFIG_REALVIEW=y
 CONFIG_ZAURUS=y
 CONFIG_ZYNQ=y
+CONFIG_STM32F205_TIMER=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 2c86c3d..4bd9617 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -31,3 +31,5 @@ obj-$(CONFIG_DIGIC) += digic-timer.o
 obj-$(CONFIG_MC146818RTC) += mc146818rtc.o
 
 obj-$(CONFIG_ALLWINNER_A10_PIT) += allwinner-a10-pit.o
+
+common-obj-$(CONFIG_STM32F205_TIMER) += stm32f205_timer.o
diff --git a/hw/timer/stm32f205_timer.c b/hw/timer/stm32f205_timer.c
new file mode 100644
index 000..aace8df
--- /dev/null
+++ b/hw/timer/stm32f205_timer.c
@@ -0,0 +1,318 @@
+/*
+ * STM32F205 Timer
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/timer/stm32f205_timer.h"
+
+#ifndef STM_TIMER_ERR_DEBUG
+#define STM_TIMER_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_TIMER_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static void stm32f205_timer_set_alarm(STM32f205TimerState *s);
+
+static void stm32f205_timer_interrupt(void *opaque)
+{
+STM32f205TimerState *s = opaque;
+
+DB_PRINT("Interrupt\n");
+
+if (s->tim_dier & TIM_DIER_UIE && s->tim_cr1 & TIM_CR1_CEN) {
+s->tim_sr |= 1;
+qemu_irq_pulse(s->irq);
+stm32f205_timer_set_alarm(s);
+}
+}
+
+static void stm32f205_timer_set_alarm(STM32f205TimerState *s)
+{
+uint32_t ticks;
+int64_t now;
+
+DB_PRINT("Alarm set at: 0x%x\n", s->tim_cr1);
+
+now = qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL);
+ticks = s->tim_arr - ((s->tick_offset + (now * (s->freq_hz / 1000))) /
+(s->tim_psc + 1));
+
+DB_PRINT("Alarm set in %d ticks\n", ticks);
+
+if (ticks == 0) {
+timer_del(s->timer);
+stm32f205_timer_interrupt(s);
+} else {
+timer_mod(s->timer, ((now * (s->freq_hz / 1000)) / (s->tim_psc + 1)) +
+ (int64_t) ticks);
+DB_PRINT("Wait Time: %" PRId64 " ticks\n",
+ ((now * (s->freq_hz / 1000)) / (s->tim_psc + 1)) +
+ (int64_t) ticks);
+}
+}
+
+static void stm32f205_timer_reset(DeviceState *dev)
+{
+STM32f205TimerState *s = STM32F205TIMER(dev);
+
+s->tim_cr1 = 0;
+s->tim_cr2 = 0;
+s->tim_smcr = 0;
+s->tim_dier = 0;
+s->tim_sr = 0;
+s->tim_egr = 0;
+s->tim_ccmr1 = 0;
+s->tim_ccmr2 = 0;
+s->tim_ccer = 0;
+s->tim_cnt = 0;
+s->tim_psc = 0;
+s->tim_arr = 0;
+s->tim_ccr1 = 0;
+s->tim_ccr2 = 0;
+s->tim_ccr3 = 0;
+s->tim_ccr4 = 0;
+s->tim_dcr = 0;
+s->tim_dmar = 0;
+s->tim_or = 0;
+
+s->tick_offset = qemu_cloc

Re: [Qemu-devel] [PATCH v3 1/2] Add device listener interface

> -Original Message-
> From: Igor Mammedov [mailto:imamm...@redhat.com]
> Sent: 16 October 2014 13:41
> To: Paul Durrant
> Cc: qemu-devel@nongnu.org; xen-de...@lists.xenproject.org; Michael S.
> Tsirkin; Andreas Faerber
> Subject: Re: [PATCH v3 1/2] Add device listener interface
> 
> On Wed, 15 Oct 2014 10:05:32 +
> Paul Durrant  wrote:
> 
> >
> >
> > > -Original Message-
> > > From: Igor Mammedov [mailto:imamm...@redhat.com]
> > > Sent: 15 October 2014 10:54
> > > To: Paul Durrant
> > > Cc: qemu-devel@nongnu.org; xen-de...@lists.xenproject.org; Michael
> > > S. Tsirkin; Andreas Faerber"; Paolo Bonzini; Peter Crosthwaite; Igor
> > > Mammedov; Markus Armbruster; Thomas Huth; Christian Borntraeger
> > > Subject: Re: [PATCH v3 1/2] Add device listener interface
> > >
> > > On Wed, 15 Oct 2014 10:16:38 +0100
> > > Paul Durrant  wrote:
> > >
> > > > The Xen ioreq-server API, introduced in Xen 4.5, requires that PCI
> > > > device models explicitly register with Xen for config space
> > > > accesses. This patch adds a listener interface into qdev-core
> > > > which can be used by the Xen interface code to monitor for
> > > > arrival and departure of PCI devices.
> > >
> > > If you need only one listener handler for your case, why you
> > > couldn't use hotplug interface instead of listerners?
> > > to me it looks like it should work for this case.
> > > To make it work xen code would need to override default plug/unplug
> > > handlers on PCI bus and do register/unregister from there.
> > >
> >
> > That sounds a bit ugly. A pci or now qdev listener interface seems
> > more elegant and generally useful.
> Even if suggested listener is usefull it could be better if handlers
> had error handling as well, so that errors in callback could be
> reported up to the caller.

That's not necessary for current use and not consistent with the memory 
listener interface. What sort of thing would you envisage the caller doing with 
such an error?

> 
> >
> > > One thing is that unplug handler is not defined for PCI bus yet,
> > > to get it work one would need to refactor pcihp/bridge/pcie unplug
> > > path to call unplug handler before object_unparent().
> > >
> >
> > Yes - that makes it a much more intrusive modification.
> It' isn't if you don't consolidate unplug handler from
> pcihp/bridge/pcie. It would be ~3-4 LOC  per each.
> 

Ok, but doing specific modifications like that still seems ugly. Also Xen needs 
to know about all PCI devices, not just hotplugged ones. I know that all PCI 
devices in QEMU are hotplugged at the moment but if that ever changed it would 
then break on Xen if I were to choose this method of callback.

  Paul

> >
> >   Paul
> >
> > >
> > > >
> > > > Signed-off-by: Paul Durrant 
> > > > Cc: Michael S. Tsirkin 
> > > > Cc: Andreas Faerber" 
> > > > Cc: Paolo Bonzini 
> > > > Cc: Peter Crosthwaite 
> > > > Cc: Igor Mammedov 
> > > > Cc: Markus Armbruster 
> > > > Cc: Thomas Huth 
> > > > Cc: Christian Borntraeger 
> > > > ---
> > > >  hw/core/qdev.c  |   54
> > > > +++
> > > > include/hw/qdev-core.h  |   10 + include/qemu/typedefs.h |
> > > > 1 + 3 files changed, 65 insertions(+)
> > > >
> > > > diff --git a/hw/core/qdev.c b/hw/core/qdev.c
> > > > index fcb1638..4a9c1f6 100644
> > > > --- a/hw/core/qdev.c
> > > > +++ b/hw/core/qdev.c
> > > > @@ -175,6 +175,56 @@ int qdev_init(DeviceState *dev)
> > > >  return 0;
> > > >  }
> > > >
> > > > +static QTAILQ_HEAD(qdev_listeners, DeviceListener) qdev_listeners
> > > > += QTAILQ_HEAD_INITIALIZER(qdev_listeners);
> > > > +
> > > > +enum ListenerDirection { Forward, Reverse };
> > > > +
> > > > +#define QDEV_LISTENER_CALL(_callback, _direction, _args...) \
> > > > +do {\
> > > > +DeviceListener *_listener;  \
> > > > +\
> > > > +switch (_direction) {   \
> > > > +case Forward:   \
> > > > +QTAILQ_FOREACH(_listener, &qdev_listeners, link) {  \
> > > > +if (_listener->_callback) { \
> > > > +_listener->_callback(_listener, ##_args);   \
> > > > +}   \
> > > > +}   \
> > > > +break;  \
> > > > +case Reverse:   \
> > > > +QTAILQ_FOREACH_REVERSE(_listener, &qdev_listeners,  \
> > > > +   qdev_listeners, link) {  \
> > > > +if (_listener->_callback) { \
> > > > +_listener->_callback(_listener, ##_args);   \
> > > > +}

[Qemu-devel] [PATCH v5 7/7] netduino2: Add the Netduino 2 Machine

This patch adds the Netduino 2 Machine.

This is a Cortex-M3 based machine. Information can be found at:
http://www.netduino.com/netduino2/specs.htm

Signed-off-by: Alistair Francis 
---
 hw/arm/Makefile.objs |  1 +
 hw/arm/netduino2.c   | 54 
 2 files changed, 55 insertions(+)
 create mode 100644 hw/arm/netduino2.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 9769317..2577f68 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -3,6 +3,7 @@ obj-$(CONFIG_DIGIC) += digic_boards.o
 obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
 obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
 obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
+obj-y += netduino2.o
 
 obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
 obj-$(CONFIG_DIGIC) += digic.o
diff --git a/hw/arm/netduino2.c b/hw/arm/netduino2.c
new file mode 100644
index 000..305983f
--- /dev/null
+++ b/hw/arm/netduino2.c
@@ -0,0 +1,54 @@
+/*
+ * Netduino 2 Machine Model
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/arm/stm32f205_soc.h"
+
+static void netduino2_init(MachineState *machine)
+{
+DeviceState *dev;
+Error *err = NULL;
+
+dev = qdev_create(NULL, TYPE_STM32F205_SOC);
+if (machine->kernel_filename) {
+qdev_prop_set_string(dev, "kernel-filename", machine->kernel_filename);
+}
+object_property_set_bool(OBJECT(dev), true, "realized", &err);
+if (err != NULL) {
+error_report("%s", error_get_pretty(err));
+exit(1);
+}
+}
+
+static QEMUMachine netduino2_machine = {
+.name = "netduino2",
+.desc = "Netduino 2 Machine",
+.init = netduino2_init,
+};
+
+static void netduino2_machine_init(void)
+{
+qemu_register_machine(&netduino2_machine);
+}
+
+machine_init(netduino2_machine_init);
-- 
1.9.1

[Qemu-devel] [PATCH v5 3/7] stm32f205_SYSCFG: Add the stm32f205 SYSCFG

This patch adds the stm32f205 System Configuration
Controller. This is used to configure what memory is mapped
at address 0 (although that is not supported) as well
as configure how the EXTI interrupts work (also not
supported at the moment).

This device is not required for basic examples, but more
complex systems will require it (as well as the EXTI device)

Signed-off-by: Alistair Francis 
---
 default-configs/arm-softmmu.mak|   1 +
 hw/misc/Makefile.objs  |   1 +
 hw/misc/stm32f205_syscfg.c | 160 +
 include/hw/misc/stm32f205_syscfg.h |  61 ++
 4 files changed, 223 insertions(+)
 create mode 100644 hw/misc/stm32f205_syscfg.c
 create mode 100644 include/hw/misc/stm32f205_syscfg.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 422dec0..a2ea8f7 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -80,6 +80,7 @@ CONFIG_ZAURUS=y
 CONFIG_ZYNQ=y
 CONFIG_STM32F205_TIMER=y
 CONFIG_STM32F205_USART=y
+CONFIG_STM32F205_SYSCFG=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 979e532..63f03bd 100644
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -39,5 +39,6 @@ obj-$(CONFIG_OMAP) += omap_sdrc.o
 obj-$(CONFIG_OMAP) += omap_tap.o
 obj-$(CONFIG_SLAVIO) += slavio_misc.o
 obj-$(CONFIG_ZYNQ) += zynq_slcr.o
+obj-$(CONFIG_STM32F205_SYSCFG) += stm32f205_syscfg.o
 
 obj-$(CONFIG_PVPANIC) += pvpanic.o
diff --git a/hw/misc/stm32f205_syscfg.c b/hw/misc/stm32f205_syscfg.c
new file mode 100644
index 000..82aa50f
--- /dev/null
+++ b/hw/misc/stm32f205_syscfg.c
@@ -0,0 +1,160 @@
+/*
+ * STM32F205 SYSCFG
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/misc/stm32f205_syscfg.h"
+
+#ifndef STM_SYSCFG_ERR_DEBUG
+#define STM_SYSCFG_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_SYSCFG_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static void stm32f205_syscfg_reset(DeviceState *dev)
+{
+STM32f205SyscfgState *s = STM32F205_SYSCFG(dev);
+
+s->syscfg_memrmp = 0x;
+s->syscfg_pmc = 0x;
+s->syscfg_exticr1 = 0x;
+s->syscfg_exticr2 = 0x;
+s->syscfg_exticr3 = 0x;
+s->syscfg_exticr4 = 0x;
+s->syscfg_cmpcr = 0x;
+}
+
+static uint64_t stm32f205_syscfg_read(void *opaque, hwaddr addr,
+ unsigned int size)
+{
+STM32f205SyscfgState *s = opaque;
+
+DB_PRINT("0x%x\n", (uint) addr);
+
+switch (addr) {
+case SYSCFG_MEMRMP:
+return s->syscfg_memrmp;
+case SYSCFG_PMC:
+return s->syscfg_pmc;
+case SYSCFG_EXTICR1:
+return s->syscfg_exticr1;
+case SYSCFG_EXTICR2:
+return s->syscfg_exticr2;
+case SYSCFG_EXTICR3:
+return s->syscfg_exticr3;
+case SYSCFG_EXTICR4:
+return s->syscfg_exticr4;
+case SYSCFG_CMPCR:
+return s->syscfg_cmpcr;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+  "STM32F205_syscfg_read: Bad offset %x\n", (int)addr);
+return 0;
+}
+
+return 0;
+}
+
+static void stm32f205_syscfg_write(void *opaque, hwaddr addr,
+   uint64_t val64, unsigned int size)
+{
+STM32f205SyscfgState *s = opaque;
+uint32_t value = val64;
+
+DB_PRINT("0x%x, 0x%x\n", value, (uint) addr);
+
+switch (addr) {
+case SYSCFG_MEMRMP:
+qemu_log_mask(LOG_UNIMP,
+  "STM32F205_syscfg_write: Changeing the memory mapping " \
+  "isn't supported in QEMU\n");
+return;
+case SYSCFG_PMC:
+qemu_log_mask(LOG_UNIMP,
+  "STM32F205_syscfg_write: Peripheral m

[Qemu-devel] [PATCH v5 2/7] stm32f205_USART: Add the stm32f205 USART Controller

This patch adds the stm32f205 USART controller
(UART also uses the same controller).

Signed-off-by: Alistair Francis 
---
 default-configs/arm-softmmu.mak   |   1 +
 hw/char/Makefile.objs |   1 +
 hw/char/stm32f205_usart.c | 218 ++
 include/hw/char/stm32f205_usart.h |  69 
 4 files changed, 289 insertions(+)
 create mode 100644 hw/char/stm32f205_usart.c
 create mode 100644 include/hw/char/stm32f205_usart.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index cf23b24..422dec0 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -79,6 +79,7 @@ CONFIG_REALVIEW=y
 CONFIG_ZAURUS=y
 CONFIG_ZYNQ=y
 CONFIG_STM32F205_TIMER=y
+CONFIG_STM32F205_USART=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs
index 317385d..c7b3ce4 100644
--- a/hw/char/Makefile.objs
+++ b/hw/char/Makefile.objs
@@ -15,6 +15,7 @@ obj-$(CONFIG_OMAP) += omap_uart.o
 obj-$(CONFIG_SH4) += sh_serial.o
 obj-$(CONFIG_PSERIES) += spapr_vty.o
 obj-$(CONFIG_DIGIC) += digic-uart.o
+obj-$(CONFIG_STM32F205_USART) += stm32f205_usart.o
 
 common-obj-$(CONFIG_ETRAXFS) += etraxfs_ser.o
 common-obj-$(CONFIG_ISA_DEBUG) += debugcon.o
diff --git a/hw/char/stm32f205_usart.c b/hw/char/stm32f205_usart.c
new file mode 100644
index 000..9d399b8
--- /dev/null
+++ b/hw/char/stm32f205_usart.c
@@ -0,0 +1,218 @@
+/*
+ * STM32F205 USART
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/char/stm32f205_usart.h"
+
+#ifndef STM_USART_ERR_DEBUG
+#define STM_USART_ERR_DEBUG 0
+#endif
+
+#define DB_PRINT_L(lvl, fmt, args...) do { \
+if (STM_USART_ERR_DEBUG >= lvl) { \
+qemu_log("%s: " fmt, __func__, ## args); \
+} \
+} while (0);
+
+#define DB_PRINT(fmt, args...) DB_PRINT_L(1, fmt, ## args)
+
+static int stm32f205_usart_can_receive(void *opaque)
+{
+STM32f205UsartState *s = opaque;
+
+if (!(s->usart_sr & USART_SR_RXNE)) {
+return 1;
+}
+
+return 0;
+}
+
+static void stm32f205_usart_receive(void *opaque, const uint8_t *buf, int size)
+{
+STM32f205UsartState *s = opaque;
+
+s->usart_dr = *buf;
+
+if (!(s->usart_cr1 & USART_CR1_UE && s->usart_cr1 & USART_CR1_RE)) {
+/* USART not enabled - drop the chars */
+DB_PRINT("Dropping the chars\n");
+return;
+}
+
+s->usart_sr |= USART_SR_RXNE;
+
+if (s->usart_cr1 & USART_CR1_RXNEIE) {
+qemu_set_irq(s->irq, 1);
+}
+
+DB_PRINT("Receiving: %c\n", s->usart_dr);
+}
+
+static void stm32f205_usart_reset(DeviceState *dev)
+{
+STM32f205UsartState *s = STM32F205_USART(dev);
+
+s->usart_sr = USART_SR_RESET;
+s->usart_dr = 0x;
+s->usart_brr = 0x;
+s->usart_cr1 = 0x;
+s->usart_cr2 = 0x;
+s->usart_cr3 = 0x;
+s->usart_gtpr = 0x;
+}
+
+static uint64_t stm32f205_usart_read(void *opaque, hwaddr addr,
+   unsigned int size)
+{
+STM32f205UsartState *s = opaque;
+uint64_t retvalue;
+
+DB_PRINT("Read 0x%"HWADDR_PRIx"\n", addr);
+
+switch (addr) {
+case USART_SR:
+retvalue = s->usart_sr;
+s->usart_sr &= ~USART_SR_TC;
+if (s->chr) {
+qemu_chr_accept_input(s->chr);
+}
+return retvalue;
+case USART_DR:
+DB_PRINT("Value: 0x%" PRIx32 ", %c\n", s->usart_dr, (char) 
s->usart_dr);
+s->usart_sr |= USART_SR_TXE;
+s->usart_sr &= ~USART_SR_RXNE;
+return s->usart_dr & 0x3FF;
+case USART_BRR:
+return s->usart_brr;
+case USART_CR1:
+return s->usart_cr1;
+case USART_CR2:
+return s->usart_cr2;
+case USART_CR3:
+return s->usart_cr3;
+case USART_GTPR:
+return s->usart_gtpr;
+default:
+qemu_log_mask(LOG_GUEST_

[Qemu-devel] [PATCH v5 5/7] target_arm: Parameterise the irq lines for armv7m_init

This patch allows the board to specifiy the number of NVIC interrupt
lines when using armv7m_init.

Signed-off-by: Alistair Francis 
---
 hw/arm/armv7m.c  | 7 ---
 hw/arm/stellaris.c   | 5 -
 include/hw/arm/arm.h | 2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index 50281f7..7169027 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -166,14 +166,14 @@ static void armv7m_reset(void *opaque)
mem_size is in bytes.
Returns the NVIC array.  */
 
-qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size,
+qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size, int num_irq,
   const char *kernel_filename, const char *cpu_model)
 {
 ARMCPU *cpu;
 CPUARMState *env;
 DeviceState *nvic;
 /* FIXME: make this local state.  */
-static qemu_irq pic[64];
+qemu_irq *pic = g_new(qemu_irq, num_irq);
 int image_size;
 uint64_t entry;
 uint64_t lowaddr;
@@ -194,11 +194,12 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory, int 
mem_size,
 armv7m_bitband_init();
 
 nvic = qdev_create(NULL, "armv7m_nvic");
+qdev_prop_set_uint32(nvic, "num-irq", num_irq);
 env->nvic = nvic;
 qdev_init_nofail(nvic);
 sysbus_connect_irq(SYS_BUS_DEVICE(nvic), 0,
qdev_get_gpio_in(DEVICE(cpu), ARM_CPU_IRQ));
-for (i = 0; i < 64; i++) {
+for (i = 0; i < num_irq; i++) {
 pic[i] = qdev_get_gpio_in(nvic, i);
 }
 
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index d0c61c5..6fad10f 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -29,6 +29,8 @@
 #define BP_OLED_SSI  0x02
 #define BP_GAMEPAD   0x04
 
+#define NUM_IRQ_LINES 64
+
 typedef const struct {
 const char *name;
 uint32_t did0;
@@ -1239,7 +1241,8 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 vmstate_register_ram_global(sram);
 memory_region_add_subregion(system_memory, 0x2000, sram);
 
-pic = armv7m_init(system_memory, flash_size, kernel_filename, cpu_model);
+pic = armv7m_init(system_memory, flash_size, NUM_IRQ_LINES,
+  kernel_filename, cpu_model);
 
 if (board->dc1 & (1 << 16)) {
 dev = sysbus_create_varargs(TYPE_STELLARIS_ADC, 0x40038000,
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index a112930..94e55a4 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -15,7 +15,7 @@
 #include "hw/irq.h"
 
 /* armv7m.c */
-qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size,
+qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size, int num_irq,
   const char *kernel_filename, const char *cpu_model);
 
 /* arm_boot.c */
-- 
1.9.1

[Qemu-devel] [PATCH v5 4/7] target_arm: Remove memory region init from armv7m_init

This patch moves the memory region init code from the
armv7m_init function to the stellaris_init function

Signed-off-by: Alistair Francis 
---
 hw/arm/armv7m.c  | 33 +++--
 hw/arm/stellaris.c   | 24 
 include/hw/arm/arm.h |  3 +--
 3 files changed, 24 insertions(+), 36 deletions(-)

diff --git a/hw/arm/armv7m.c b/hw/arm/armv7m.c
index ef24ca4..50281f7 100644
--- a/hw/arm/armv7m.c
+++ b/hw/arm/armv7m.c
@@ -163,11 +163,10 @@ static void armv7m_reset(void *opaque)
 }
 
 /* Init CPU and memory for a v7-M based board.
-   flash_size and sram_size are in kb.
+   mem_size is in bytes.
Returns the NVIC array.  */
 
-qemu_irq *armv7m_init(MemoryRegion *system_memory,
-  int flash_size, int sram_size,
+qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size,
   const char *kernel_filename, const char *cpu_model)
 {
 ARMCPU *cpu;
@@ -180,13 +179,8 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory,
 uint64_t lowaddr;
 int i;
 int big_endian;
-MemoryRegion *sram = g_new(MemoryRegion, 1);
-MemoryRegion *flash = g_new(MemoryRegion, 1);
 MemoryRegion *hack = g_new(MemoryRegion, 1);
 
-flash_size *= 1024;
-sram_size *= 1024;
-
 if (cpu_model == NULL) {
cpu_model = "cortex-m3";
 }
@@ -197,27 +191,6 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory,
 }
 env = &cpu->env;
 
-#if 0
-/* > 32Mb SRAM gets complicated because it overlaps the bitband area.
-   We don't have proper commandline options, so allocate half of memory
-   as SRAM, up to a maximum of 32Mb, and the rest as code.  */
-if (ram_size > (512 + 32) * 1024 * 1024)
-ram_size = (512 + 32) * 1024 * 1024;
-sram_size = (ram_size / 2) & TARGET_PAGE_MASK;
-if (sram_size > 32 * 1024 * 1024)
-sram_size = 32 * 1024 * 1024;
-code_size = ram_size - sram_size;
-#endif
-
-/* Flash programming is done via the SCU, so pretend it is ROM.  */
-memory_region_init_ram(flash, NULL, "armv7m.flash", flash_size,
-   &error_abort);
-vmstate_register_ram_global(flash);
-memory_region_set_readonly(flash, true);
-memory_region_add_subregion(system_memory, 0, flash);
-memory_region_init_ram(sram, NULL, "armv7m.sram", sram_size, &error_abort);
-vmstate_register_ram_global(sram);
-memory_region_add_subregion(system_memory, 0x2000, sram);
 armv7m_bitband_init();
 
 nvic = qdev_create(NULL, "armv7m_nvic");
@@ -244,7 +217,7 @@ qemu_irq *armv7m_init(MemoryRegion *system_memory,
 image_size = load_elf(kernel_filename, NULL, NULL, &entry, &lowaddr,
   NULL, big_endian, ELF_MACHINE, 1);
 if (image_size < 0) {
-image_size = load_image_targphys(kernel_filename, 0, flash_size);
+image_size = load_image_targphys(kernel_filename, 0, mem_size);
 lowaddr = 0;
 }
 if (image_size < 0) {
diff --git a/hw/arm/stellaris.c b/hw/arm/stellaris.c
index 64bd4b4..d0c61c5 100644
--- a/hw/arm/stellaris.c
+++ b/hw/arm/stellaris.c
@@ -1220,10 +1220,26 @@ static void stellaris_init(const char *kernel_filename, 
const char *cpu_model,
 int i;
 int j;
 
-flash_size = ((board->dc0 & 0x) + 1) << 1;
-sram_size = (board->dc0 >> 18) + 1;
-pic = armv7m_init(get_system_memory(),
-  flash_size, sram_size, kernel_filename, cpu_model);
+MemoryRegion *sram = g_new(MemoryRegion, 1);
+MemoryRegion *flash = g_new(MemoryRegion, 1);
+MemoryRegion *system_memory = get_system_memory();
+
+flash_size = (((board->dc0 & 0x) + 1) << 1) * 1024;
+sram_size = ((board->dc0 >> 18) + 1) * 1024;
+
+/* Flash programming is done via the SCU, so pretend it is ROM.  */
+memory_region_init_ram(flash, NULL, "stellaris.flash", flash_size,
+   &error_abort);
+vmstate_register_ram_global(flash);
+memory_region_set_readonly(flash, true);
+memory_region_add_subregion(system_memory, 0, flash);
+
+memory_region_init_ram(sram, NULL, "stellaris.sram", sram_size,
+   &error_abort);
+vmstate_register_ram_global(sram);
+memory_region_add_subregion(system_memory, 0x2000, sram);
+
+pic = armv7m_init(system_memory, flash_size, kernel_filename, cpu_model);
 
 if (board->dc1 & (1 << 16)) {
 dev = sysbus_create_varargs(TYPE_STELLARIS_ADC, 0x40038000,
diff --git a/include/hw/arm/arm.h b/include/hw/arm/arm.h
index cefc9e6..a112930 100644
--- a/include/hw/arm/arm.h
+++ b/include/hw/arm/arm.h
@@ -15,8 +15,7 @@
 #include "hw/irq.h"
 
 /* armv7m.c */
-qemu_irq *armv7m_init(MemoryRegion *system_memory,
-  int flash_size, int sram_size,
+qemu_irq *armv7m_init(MemoryRegion *system_memory, int mem_size,
   const char *kernel_filename, const char *cpu_model);
 
 /* arm_boot.c */
-- 
1.9.1

[Qemu-devel] [PATCH v5 6/7] stm32f205: Add the stm32f205 SoC

This patch adds the stm32f205 SoC. This will be used by the
Netduino 2 to create a machine.

Signed-off-by: Alistair Francis 
---
 default-configs/arm-softmmu.mak |   1 +
 hw/arm/Makefile.objs|   1 +
 hw/arm/stm32f205_soc.c  | 157 
 include/hw/arm/stm32f205_soc.h  |  69 ++
 4 files changed, 228 insertions(+)
 create mode 100644 hw/arm/stm32f205_soc.c
 create mode 100644 include/hw/arm/stm32f205_soc.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index a2ea8f7..8068100 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -81,6 +81,7 @@ CONFIG_ZYNQ=y
 CONFIG_STM32F205_TIMER=y
 CONFIG_STM32F205_USART=y
 CONFIG_STM32F205_SYSCFG=y
+CONFIG_STM32F205_SOC=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 6088e53..9769317 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -8,3 +8,4 @@ obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o 
pxa2xx_pic.o
 obj-$(CONFIG_DIGIC) += digic.o
 obj-y += omap1.o omap2.o strongarm.o
 obj-$(CONFIG_ALLWINNER_A10) += allwinner-a10.o cubieboard.o
+obj-$(CONFIG_STM32F205_SOC) += stm32f205_soc.o
diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c
new file mode 100644
index 000..bd9514e
--- /dev/null
+++ b/hw/arm/stm32f205_soc.c
@@ -0,0 +1,157 @@
+/*
+ * STM32F205 SoC
+ *
+ * Copyright (c) 2014 Alistair Francis 
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "hw/arm/stm32f205_soc.h"
+
+/* At the moment only Timer 2 to 5 are modelled */
+static const uint32_t timer_addr[] = { 0x4000, 0x4400,
+0x4800, 0x4C00 };
+static const uint32_t usart_addr[] = { 0x40011000, 0x40004400,
+0x40004800, 0x40004C00, 0x40005000, 0x40011400 };
+
+static const int timer_irq[] = {28, 29, 30, 50};
+static const int usart_irq[] = {37, 38, 39, 52, 53, 71, 82, 83};
+
+static void stm32f205_soc_initfn(Object *obj)
+{
+STM32F205State *s = STM32F205_SOC(obj);
+int i;
+
+object_initialize(&s->syscfg, sizeof(s->syscfg), TYPE_STM32F205_SYSCFG);
+qdev_set_parent_bus(DEVICE(&s->syscfg), sysbus_get_default());
+
+for (i = 0; i < 5; i++) {
+object_initialize(&s->usart[i], sizeof(s->usart[i]),
+  TYPE_STM32F205_USART);
+qdev_set_parent_bus(DEVICE(&s->usart[i]), sysbus_get_default());
+}
+
+for (i = 0; i < 4; i++) {
+object_initialize(&s->timer[i], sizeof(s->timer[i]),
+  TYPE_STM32F205_TIMER);
+qdev_set_parent_bus(DEVICE(&s->timer[i]), sysbus_get_default());
+}
+}
+
+static void stm32f205_soc_realize(DeviceState *dev_soc, Error **errp)
+{
+STM32F205State *s = STM32F205_SOC(dev_soc);
+DeviceState *syscfgdev, *usartdev, *timerdev;
+SysBusDevice *syscfgbusdev, *usartbusdev, *timerbusdev;
+qemu_irq *pic;;
+Error *err = NULL;
+int i;
+
+MemoryRegion *system_memory = get_system_memory();
+MemoryRegion *sram = g_new(MemoryRegion, 1);
+MemoryRegion *flash = g_new(MemoryRegion, 1);
+MemoryRegion *flash_alias = g_new(MemoryRegion, 1);
+
+memory_region_init_ram(flash, NULL, "netduino.flash", FLASH_SIZE,
+   &error_abort);
+memory_region_init_alias(flash_alias, NULL, "netduino.flash.alias",
+ flash, 0, FLASH_SIZE);
+
+vmstate_register_ram_global(flash);
+
+memory_region_set_readonly(flash, true);
+memory_region_set_readonly(flash_alias, true);
+
+memory_region_add_subregion(system_memory, FLASH_BASE_ADDRESS, flash);
+memory_region_add_subregion(system_memory, 0, flash_alias);
+
+memory_region_init_ram(sram, NULL, "netduino.sram", SRAM_SIZE,
+   &error_abort);
+vmstate_register_ram_global(sram);
+memory_region_add_subregion(system_memory, SRAM_BASE_ADDRESS, sram);
+
+pic

Re: [Qemu-devel] [PATCH v2 7/9] target-mips: add TLBINV support

On 16/10/2014 11:52, Yongbok Kim wrote:
>> +ctx.ie = (env->CP0_Config4 >> CP0C4_IE) & 1;
> 
> & 3
> 

Yeah, initially I tested TLBINV using mips64r6-generic cpu where
Config4.IE is set to 3, thus it worked...

Thanks,
Leon

Re: [Qemu-devel] [Bug 1381642] [NEW] ecovec.c:66: buffer too small by one.

On 15 October 2014 19:00, dcb <1381...@bugs.launchpad.net> wrote:
> Public bug reported:
>
> [qemu-2.1.2/roms/u-boot/board/renesas/ecovec/ecovec.c:66]: (error)
> Buffer is accessed out of bounds.

This is in the u-boot code which we just carry a copy of
to produce certain boot ROMs. You should report these
issues directly to u-boot upstream.

Thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 9/9] target-mips: update cpu_save/cpu_load to support new registers

2014-10-16 Thread Yongbok Kim


EHINV bit from TLB also required to be saved/ restored.

Regards,
Yongbok


On 08/07/2014 08:57, Leon Alrae wrote:

Signed-off-by: Leon Alrae 
---
  target-mips/cpu.h |2 +-
  target-mips/machine.c |   14 ++
  2 files changed, 15 insertions(+), 1 deletions(-)

diff --git a/target-mips/cpu.h b/target-mips/cpu.h
index 656f5ca..23bb22c 100644
--- a/target-mips/cpu.h
+++ b/target-mips/cpu.h
@@ -557,7 +557,7 @@ void mips_cpu_list (FILE *f, fprintf_function cpu_fprintf);
  extern void cpu_wrdsp(uint32_t rs, uint32_t mask_num, CPUMIPSState *env);
  extern uint32_t cpu_rddsp(uint32_t mask_num, CPUMIPSState *env);
  
-#define CPU_SAVE_VERSION 4

+#define CPU_SAVE_VERSION 5
  
  /* MMU modes definitions. We carefully match the indices with our

 hflags layout. */
diff --git a/target-mips/machine.c b/target-mips/machine.c
index 0496faa..576dc10 100644
--- a/target-mips/machine.c
+++ b/target-mips/machine.c
@@ -26,6 +26,8 @@ static void save_tc(QEMUFile *f, TCState *tc)
  qemu_put_betls(f, &tc->CP0_TCScheFBack);
  qemu_put_sbe32s(f, &tc->CP0_Debug_tcstatus);
  qemu_put_betls(f, &tc->CP0_UserLocal);
+qemu_put_be32s(f, &tc->CP0_BadInstr);
+qemu_put_be32s(f, &tc->CP0_BadInstrP);
  }
  
  static void save_fpu(QEMUFile *f, CPUMIPSFPUContext *fpu)

@@ -144,6 +146,9 @@ void cpu_save(QEMUFile *f, void *opaque)
  qemu_put_sbe32s(f, &env->CP0_DataHi);
  qemu_put_betls(f, &env->CP0_ErrorEPC);
  qemu_put_sbe32s(f, &env->CP0_DESAVE);
+for (i = 0; i < MIPS_KSCRATCH_NUM; i++) {
+qemu_put_betls(f, &env->CP0_KScratch[i]);
+}
  
  /* Save inactive TC state */

  for (i = 0; i < MIPS_SHADOW_SET_MAX; i++)
@@ -177,6 +182,10 @@ static void load_tc(QEMUFile *f, TCState *tc, int 
version_id)
  if (version_id >= 4) {
  qemu_get_betls(f, &tc->CP0_UserLocal);
  }
+if (version_id >= 5) {
+qemu_get_be32s(f, &tc->CP0_BadInstr);
+qemu_get_be32s(f, &tc->CP0_BadInstrP);
+}
  }
  
  static void load_fpu(QEMUFile *f, CPUMIPSFPUContext *fpu)

@@ -301,6 +310,11 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
  qemu_get_sbe32s(f, &env->CP0_DataHi);
  qemu_get_betls(f, &env->CP0_ErrorEPC);
  qemu_get_sbe32s(f, &env->CP0_DESAVE);
+if (version_id >= 5) {
+for (i = 0; i < MIPS_KSCRATCH_NUM; i++) {
+qemu_get_betls(f, &env->CP0_KScratch[i]);
+}
+}
  
  /* Load inactive TC state */

  for (i = 0; i < MIPS_SHADOW_SET_MAX; i++) {

[Qemu-devel] [PATCH] util: Improve os_mem_prealloc error message

2014-10-16 Thread Michal Privoznik

Currently, when the preallocating guest memory process fails, an not
so helpful error message is printed out:

# virsh start migt10
error: Failed to start domain migt10
error: internal error: process exited while connecting to monitor:
os_mem_prealloc: failed to preallocate pages

>From the error message it's not clear at the first glance where the
problem lies. However, changing the error message might give uses a
clue.

Signed-off-by: Michal Privoznik 
---
 util/oslib-posix.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/util/oslib-posix.c b/util/oslib-posix.c
index 016a047..8c9d80e 100644
--- a/util/oslib-posix.c
+++ b/util/oslib-posix.c
@@ -390,7 +390,8 @@ void os_mem_prealloc(int fd, char *area, size_t memory)
 pthread_sigmask(SIG_UNBLOCK, &set, &oldset);
 
 if (sigsetjmp(sigjump, 1)) {
-fprintf(stderr, "os_mem_prealloc: failed to preallocate pages\n");
+fprintf(stderr, "os_mem_prealloc: Insufficient free host memory "
+"pages available to allocate guest RAM\n");
 exit(1);
 } else {
 int i;
-- 
2.0.4

[Qemu-devel] [PATCH 2/2] iotests: Add test for qcow2 L1 table update

Updating the L1 table should not result in random data being written.
This adds a test for that.

Signed-off-by: Max Reitz 
---
 tests/qemu-iotests/107 | 61 ++
 tests/qemu-iotests/107.out | 10 
 tests/qemu-iotests/group   |  1 +
 3 files changed, 72 insertions(+)
 create mode 100755 tests/qemu-iotests/107
 create mode 100644 tests/qemu-iotests/107.out

diff --git a/tests/qemu-iotests/107 b/tests/qemu-iotests/107
new file mode 100755
index 000..cad1cf9
--- /dev/null
+++ b/tests/qemu-iotests/107
@@ -0,0 +1,61 @@
+#!/bin/bash
+#
+# Tests updates of the qcow2 L1 table
+#
+# Copyright (C) 2014 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+# creator
+owner=mre...@redhat.com
+
+seq="$(basename $0)"
+echo "QA output created by $seq"
+
+here="$PWD"
+tmp=/tmp/$$
+status=1   # failure is the default!
+
+_cleanup()
+{
+   _cleanup_test_img
+}
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_supported_fmt qcow2
+_supported_proto file
+_supported_os Linux
+
+
+IMG_SIZE=64K
+
+echo
+echo '=== Updates should not write random data ==='
+echo
+
+_make_test_img $IMG_SIZE
+$QEMU_IO -c 'write 0 64k' "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -c "open -o driver=raw $TEST_IMG" -c 'read -p -P 0 196616 65528' \
+| _filter_qemu_io
+
+# success, all done
+echo "*** done"
+rm -f $seq.full
+status=0
+
diff --git a/tests/qemu-iotests/107.out b/tests/qemu-iotests/107.out
new file mode 100644
index 000..93445b7
--- /dev/null
+++ b/tests/qemu-iotests/107.out
@@ -0,0 +1,10 @@
+QA output created by 107
+
+=== Updates should not write random data ===
+
+Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=65536 
+wrote 65536/65536 bytes at offset 0
+64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 65528/65528 bytes at offset 196616
+63.992 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+*** done
diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group
index b230996..4a10fef 100644
--- a/tests/qemu-iotests/group
+++ b/tests/qemu-iotests/group
@@ -106,3 +106,4 @@
 103 rw auto quick
 104 rw auto
 105 rw auto quick
+107 rw auto quick
-- 
2.1.2

[Qemu-devel] [PATCH 0/2] qcow2: Do not overflow when writing an L1 sector

qcow2_write_l1_entry() may read L1 entries from beyond the end of the
in-memory L1 table when updating a sector. Fix this and add a
qemu-iotest.


Max Reitz (2):
  qcow2: Do not overflow when writing an L1 sector
  iotests: Add test for qcow2 L1 table update

 block/qcow2-cluster.c  |  6 +++--
 tests/qemu-iotests/107 | 61 ++
 tests/qemu-iotests/107.out | 10 
 tests/qemu-iotests/group   |  1 +
 4 files changed, 76 insertions(+), 2 deletions(-)
 create mode 100755 tests/qemu-iotests/107
 create mode 100644 tests/qemu-iotests/107.out

-- 
2.1.2

[Qemu-devel] [PATCH 1/2] qcow2: Do not overflow when writing an L1 sector

While writing an L1 table sector, qcow2_write_l1_entry() copies the
respective range from s->l1_table to the local "buf" array. The size of
s->l1_table does not have to be a multiple of L1_ENTRIES_PER_SECTOR;
thus, limit the index which is used for copying all entries to the L1
size.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Max Reitz 
---
 block/qcow2-cluster.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index f7dd8c0..4d888c7 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -164,12 +164,14 @@ static int l2_load(BlockDriverState *bs, uint64_t 
l2_offset,
 int qcow2_write_l1_entry(BlockDriverState *bs, int l1_index)
 {
 BDRVQcowState *s = bs->opaque;
-uint64_t buf[L1_ENTRIES_PER_SECTOR];
+uint64_t buf[L1_ENTRIES_PER_SECTOR] = { 0 };
 int l1_start_index;
 int i, ret;
 
 l1_start_index = l1_index & ~(L1_ENTRIES_PER_SECTOR - 1);
-for (i = 0; i < L1_ENTRIES_PER_SECTOR; i++) {
+for (i = 0; i < L1_ENTRIES_PER_SECTOR && l1_start_index + i < s->l1_size;
+ i++)
+{
 buf[i] = cpu_to_be64(s->l1_table[l1_start_index + i]);
 }
 
-- 
2.1.2

Re: [Qemu-devel] [PATCH] block: fix implicit convertion to invalid type


Am 16.10.2014 um 14:10 schrieb Igor Mammedov:

change type of variable to expected IoOperationType which fixes compile
warning:

block.c:3655:20: warning: implicit conversion from enumeration
  type enum IoOperationType to different enumeration type BlockErrorAction

Signed-off-by: Igor Mammedov 
---
  block.c | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)


Reviewed-by: Max Reitz

Re: [Qemu-devel] [PATCH] block: fix implicit convertion to invalid type