Re: [Qemu-devel] [PATCH v6 0/5] Geometry and blocksize detection for backing devices.

[Christian Borntraeger]

Am 13.02.2015 um 08:50 schrieb Kevin Wolf:
> Am 12.02.2015 um 17:42 hat Christian Borntraeger geschrieben:
>> Am 12.02.2015 um 16:46 schrieb Stefan Hajnoczi:
>>> On Mon, Jan 19, 2015 at 03:34:56PM +0100, Ekaterina Tumanova wrote:
 Updates v5 -> v6:

 Minor Updates according the last review from Stefan Hajnoczi:
 1. Do not change the flow of code, factored out of raw_probe_alignment.
 2. added #ifdef __linux__ in 2 places of raw-posix.c, mentioned by 
 reviewer.
 3. adjusted the comment hdev_probe_geometry according suggestment.
 4. use bdrv_nb_sectors(bs) instead of bs->total_sectors.
 5. do not discard error blk_probe_blocksizes(). now has rc.
 6. put the 512-byte default blocksize value in blkconf_blocksizes.
 7. drop the default parameter from the DEFINE_PROP_BLOCKSIZE() macro.
>>>
>>> Unfortunately this series breaks "make check" so it cannot be merged:
>>>
>>> GTESTER check-qtest-x86_64
>>> qemu-system-x86_64: logical_block_size must be 512 for IDE
>>> qemu-system-x86_64: Device initialization failed.
>>> qemu-system-x86_64: Initialization of device ide-cd failed
>>> Broken pipe
>>> GTester: last random seed: R02S942fac7e56eff09e8ab7a7f7fecf847e
>>>
>>
>> This particular message came in with 
>>
>> commit d20051856cd2fa8f10fed2d2a0b2751de5f7b20d
>> Author: Kevin Wolf 
>> Date:   Wed Dec 3 13:21:32 2014 +0100
>>
>> ide: Check validity of logical block size
>>
>> so something like
>> diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c
>> index 353854c..2680275 100644
>> --- a/hw/ide/qdev.c
>> +++ b/hw/ide/qdev.c
>> @@ -163,7 +163,8 @@ static int ide_dev_initfn(IDEDevice *dev, IDEDriveKind 
>> kind)
>>  return -1;
>>  }
>>  
>> -if (dev->conf.logical_block_size != 512) {
>> +if (dev->conf.logical_block_size != 512 &&
>> +dev->conf.logical_block_size != 0) {
>>  error_report("logical_block_size must be 512 for IDE");
>>  return -1;
>>  }
>>
>>
>> will fix this.
> 
> It would probably be better to set the default first and then make sure
> that the final value, no matter whether explicitly specified or default,
> is 512.
> 
> Kevin

+1 
Yes, this should minimize the impact. 

Re: [Qemu-devel] [PATCH v2 01/10] error: New convenience function error_report_err()

[Markus Armbruster]

Eric Blake  writes:

> On 02/12/2015 06:33 AM, Markus Armbruster wrote:
>> I've typed error_report("%s", error_get_pretty(ERR)) too many times
>> already, and I've fixed too many instances of qerror_report_err(ERR)
>> to error_report("%s", error_get_pretty(ERR)) as well.  Capture the
>> pattern in a convenience function.
>> 
>> Since it's almost invariably followed by error_free(), stuff that into
>> the convenience function as well.
>> 
>> The next patch will put it to use.
>> 
>> Signed-off-by: Markus Armbruster 
>> ---
>>  include/qapi/error.h | 5 +
>>  util/error.c | 6 ++
>>  2 files changed, 11 insertions(+)
>
>> +++ b/util/error.c
>> @@ -152,6 +152,12 @@ const char *error_get_pretty(Error *err)
>>  return err->msg;
>>  }
>>  
>> +void error_report_err(Error *err)
>> +{
>> +error_report("%s", error_get_pretty(err));
>> +error_free(err);
>
> When I read v1, I wondered if it would make sense to allow:
>
> Error *local_err = NULL;
> error_report_err(local_err);
>
> as a no-op, so that calling code can unconditionally use this function
> rather than always burying it inside an 'if (problem)'.  But in
> reviewing the rest of the patches, I wasn't sure it would save very many
> lines, and it also seems like it would be a bit more confusing to see a
> call to an error report function when there is no error to report.

I like my cleanup functions to work unconditionally, like free() does.
But error_report_err() isn't just cleanup, it's called for its very
visible side effect.  Calling it unconditionally would be confusing
indeed.

> So in the opposite direction of thought, I wonder if you should add:
>
> assert(err);
>
> and enforce that this function is only ever used on real error messages,
> especially since error_get_pretty segfaults if called on no error.

I wouldn't mind, but I'm reluctant to respin just for that.

> But I can also live without the assert, so:
>
> Reviewed-by: Eric Blake 

Thanks!

Re: [Qemu-devel] [PATCH RFC v2 8/8] migration: add migration/dirty-bitmap.c

[Vladimir Sementsov-Ogievskiy]

On 11.02.2015 00:33, John Snow wrote:
Peter Maydell: What's the right way to license a file as copied from a 
previous version? See below, please;


Max, Markus: ctrl+f "bdrv_get_device_name" and let me know what you 
think, if you would.


Juan, Amit, David: Copying migration maintainers.

On 01/27/2015 05:56 AM, Vladimir Sementsov-Ogievskiy wrote:

Live migration of dirty bitmaps. Only named dirty bitmaps are migrated.
If destination qemu is already containing a dirty bitmap with the same
name as a migrated bitmap, then their granularities should be the same,
otherwise the error will be generated. If destination qemu doesn't
contain such bitmap it will be created.

format:

1 byte: flags

[ 1 byte: node name size ] \  flags & DEVICE_NAME
[ n bytes: node name ] /

[ 1 byte: bitmap name size ]   \
[ n bytes: bitmap name ]   | flags & BITMAP_NAME
[ [ be64: granularity] ]  flags & GRANULARITY

[ 1 byte: bitmap enabled bit ] flags & ENABLED

[ be64: start sector  ] \ flags & (NORMAL_CHUNK | ZERO_CHUNK)
[ be32: number of sectors ] /

[ be64: buffer size ] \ flags & NORMAL_CHUNK
[ n bytes: buffer   ] /

The last chunk should contain flags & EOS. The chunk may skip device
and/or bitmap names, assuming them to be the same with the previous
chunk. GRANULARITY is sent with the first chunk for the bitmap. ENABLED
bit is sent in the end of "complete" stage of migration. So when
destination gets ENABLED flag it should deserialize_finish the bitmap
and set its enabled bit to corresponding value.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
---
  include/migration/block.h |   1 +
  migration/Makefile.objs   |   2 +-
  migration/dirty-bitmap.c  | 606 
++

  vl.c  |   1 +
  4 files changed, 609 insertions(+), 1 deletion(-)
  create mode 100644 migration/dirty-bitmap.c

diff --git a/include/migration/block.h b/include/migration/block.h
index ffa8ac0..566bb9f 100644
--- a/include/migration/block.h
+++ b/include/migration/block.h
@@ -14,6 +14,7 @@
  #ifndef BLOCK_MIGRATION_H
  #define BLOCK_MIGRATION_H

+void dirty_bitmap_mig_init(void);
  void blk_mig_init(void);
  int blk_mig_active(void);
  uint64_t blk_mig_bytes_transferred(void);


OK.


diff --git a/migration/Makefile.objs b/migration/Makefile.objs
index d929e96..9adfda9 100644
--- a/migration/Makefile.objs
+++ b/migration/Makefile.objs
@@ -6,5 +6,5 @@ common-obj-y += xbzrle.o
  common-obj-$(CONFIG_RDMA) += rdma.o
  common-obj-$(CONFIG_POSIX) += exec.o unix.o fd.o

-common-obj-y += block.o
+common-obj-y += block.o dirty-bitmap.o



OK.


diff --git a/migration/dirty-bitmap.c b/migration/dirty-bitmap.c
new file mode 100644
index 000..8621218
--- /dev/null
+++ b/migration/dirty-bitmap.c
@@ -0,0 +1,606 @@
+/*
+ * QEMU dirty bitmap migration
+ *
+ * derived from migration/block.c
+ *
+ * Author:
+ * Sementsov-Ogievskiy Vladimir 
+ *
+ * original copyright message:
+ * 
=

+ * Copyright IBM, Corp. 2009
+ *
+ * Authors:
+ *  Liran Schour 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2.  
See

+ * the COPYING file in the top-level directory.
+ *
+ * Contributions after 2012-01-13 are licensed under the terms of the
+ * GNU GPL, version 2 or (at your option) any later version.
+ * 
=

+ */
+


Not super familiar with the right way to do licensing here; it's 
possible you may not need to copy the original here, but I'm not sure. 
You will want to make it clear what license applies to /your/ work, I 
think. Maybe Peter Maydell can clue us in.



+#include "block/block.h"
+#include "qemu/main-loop.h"
+#include "qemu/error-report.h"
+#include "migration/block.h"
+#include "migration/migration.h"
+#include "qemu/hbitmap.h"
+#include 
+
+#define CHUNK_SIZE   (1 << 20)
+
+#define DIRTY_BITMAP_MIG_FLAG_EOS   0x01
+#define DIRTY_BITMAP_MIG_FLAG_NORMAL_CHUNK  0x02
+#define DIRTY_BITMAP_MIG_FLAG_ZERO_CHUNK0x04
+#define DIRTY_BITMAP_MIG_FLAG_BITMAP_NAME   0x08
+#define DIRTY_BITMAP_MIG_FLAG_DEVICE_NAME   0x10
+#define DIRTY_BITMAP_MIG_FLAG_GRANULARITY   0x20
+#define DIRTY_BITMAP_MIG_FLAG_ENABLED   0x40
+/* flags should be <= 0xff */
+


We should give ourselves a little breathing room with the flags, since 
we've only got room for one more.

Ok. Will one more byte be enough?



+/* #define DEBUG_DIRTY_BITMAP_MIGRATION */
+
+#ifdef DEBUG_DIRTY_BITMAP_MIGRATION
+#define DPRINTF(fmt, ...) \
+do { printf("dirty_migration: " fmt, ## __VA_ARGS__); } while (0)
+#else
+#define DPRINTF(fmt, ...) \
+do { } while (0)
+#endif
+
+typedef struct DirtyBitmapMigBitmapState {
+/* Written during setup phase. */
+BlockDriverState *bs;
+BdrvDirtyBitmap *bitmap;
+HBitmap *dirty_bitmap;


For my own sanity, I'd really prefer "bitmap" and "meta_bitmap" here; 
"dirty_bitmap" is often used as a synonym 

Re: [Qemu-devel] HEAD is failing virt-test on migration tests

[Dr. David Alan Gilbert]

* Alexander Graf (ag...@suse.de) wrote:
> 
> 
> On 13.02.15 01:29, Lucas Meneghel Rodrigues wrote:
> > Copying Alex.
> > 
> > OK, after bisecting, this is what I've got:
> > 
> > 8118f0950fc77cce7873002a5021172dd6e040b5 is the first bad commit
> > commit 8118f0950fc77cce7873002a5021172dd6e040b5
> > Author: Alexander Graf mailto:ag...@suse.de>>
> > Date:   Thu Jan 22 15:01:39 2015 +0100
> > 
> > migration: Append JSON description of migration stream
> > 
> > One of the annoyances of the current migration format is the fact that
> > it's not self-describing. In fact, it's not properly describing at all.
> > Some code randomly scattered throughout QEMU elaborates roughly how to
> > read and write a stream of bytes.
> > 
> > We discussed an idea during KVM Forum 2013 to add a JSON description of
> > the migration protocol itself to the migration stream. This patch
> > adds a section after the VM_END migration end marker that contains
> > description data on what the device sections of the stream are
> > composed of.
> > 
> > This approach is backwards compatible with any QEMU version reading the
> > stream, because QEMU just stops reading after the VM_END marker and
> > ignores
> > any data following it.
> > 
> > With an additional external program this allows us to decipher the
> > contents of any migration stream and hopefully make migration bugs
> > easier
> > to track down.
> > 
> > Signed-off-by: Alexander Graf mailto:ag...@suse.de>>
> > Signed-off-by: Amit Shah  > >
> > Signed-off-by: Juan Quintela  > >
> > 
> > :04 04 e9aac242a61fbd05bbb0daa3e8877970e738
> > 61df81f831bc86b29f65883523ea95abb36f1ec5 Mhw
> > :04 04 fe0659bed17d86c43657c26622d64fd44a1af037
> > 7092a6b6515a3d0077f68ff2d80dbd74597a244f Minclude
> > :04 04 d90d6f1fe839abf21a45eaba5829d5a6a22abeb1
> > c2b1dcda197d96657458d699c185e39ae45f3c6c Mmigration
> > :100644 100644 98895fee81edfbc659fc42d467e930d06b1afa7d
> > 80407662ad3ed860d33a9d35f5c44b1d19c4612b Msavevm.c
> > :04 04 cf218bc2b841cd51ebe3972635be2cfbb1de9dfa
> > 7aaf3d10ef7f73413b228e854fe6f04317151e46 Mtests
> > 
> > So there you go. I'm going to sleep, if you need any extra help let me know.
> 
> So the major difference with this patch applied is that the sender could
> send more data than the receive wants to read. I can't see the actual
> migrate command you used down there.
> 
> I haven't seen this actually being a problem so far, as the receiver
> just close()s its file descriptor once it hits VM_EOF. This should only
> break senders if they expect they can send more. That said, I think I
> only tested offline migration (via exec:), so maybe QEMU is behaving
> badly and actually wants to send all data and just fails the migration
> without?

Hmm, for such an odd change to the migration stream it's a surprise you
didn't test it live.

The only obvious thing to me of what could go wrong would be that
if the destination closed it's migration fd when it received what it thought
was a terminator then the source could get upset at it's failure to send
the last few kB with the JSON in it.

Dave

> 
> 
> Alex
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH RFC v2 8/8] migration: add migration/dirty-bitmap.c

[Vladimir Sementsov-Ogievskiy]

+
+blk_mig_reset_dirty_cursor();
+dirty_phase(f, false);
+
+QSIMPLEQ_FOREACH(dbms, &dirty_bitmap_mig_state.dbms_list, entry) {
+uint8_t flags = DIRTY_BITMAP_MIG_FLAG_DEVICE_NAME |
+DIRTY_BITMAP_MIG_FLAG_BITMAP_NAME |
+DIRTY_BITMAP_MIG_FLAG_ENABLED;
+
+qemu_put_byte(f, flags);
+qemu_put_name(f, bdrv_get_device_name(dbms->bs));
+qemu_put_name(f, bdrv_dirty_bitmap_name(dbms->bitmap));
+qemu_put_byte(f, bdrv_dirty_bitmap_enabled(dbms->bitmap));
+}
+
+qemu_put_byte(f, DIRTY_BITMAP_MIG_FLAG_EOS);
+
+DPRINTF("Dirty bitmaps migration completed\n");
+
+dirty_bitmap_mig_cleanup();
+return 0;
+}
+


I suppose we don't need a flag that distinctly SAYS this is the end 
section, since we can tell by omission of 
DIRTY_BITMAP_MIG_FLAG_NORMAL_CHUNK or ZERO_CHUNK.
Hmm. I think it simplifies the logic (to use EOS after each section). 
And the same approach is in migration/block.c.. It's a question about 
which format is better:  "Each section for dirty_bitmap_load ends with 
EOS" or "Each section for dirty_bitmap_load ends with EOS except the 
last one. The last one may be recognized by absent NORMAL_CHUNK and 
ZERO_CHUNK"


Oh, sorry, no, it's important EOS. There are several blocks with no 
*_CHUNK! Several bitmaps. And loop in dirty_bitmap_load will read them 
iteratively, and it will finish when find EOS.



--
Best regards,
Vladimir

[Qemu-devel] [PATCH v5] sheepdog: selectable object size support

[Teruaki Ishizaki]

Previously, qemu block driver of sheepdog used hard-coded VDI object size.
This patch enables users to handle VDI object size.

When you start qemu, you don't need to specify additional command option.

But when you create the VDI which doesn't have default object size
with qemu-img command, you specify object_size option.

If you want to create a VDI of 8MB object size,
you need to specify following command option.

 # qemu-img create -o object_size=8M sheepdog:test1 100M

In addition, when you don't specify qemu-img command option,
a default value of sheepdog cluster is used for creating VDI.

 # qemu-img create sheepdog:test2 100M

Signed-off-by: Teruaki Ishizaki 
---
V5:
 - Change option from block_size_shift to object_size.
 - Change parse type to QEMU_OPT_SIZE.
 - Add operation to verify max VDI size for resizing.
 - Change to use 4MB object size with using old Sheepdog.

V4:
 - Limit a read/write buffer size for creating a preallocated VDI.
 - Replace a parse function for the block_size_shift option.
 - Fix an error message.

V3:
 - Delete the needless operation of buffer.
 - Delete the needless operations of request header.
   for SD_OP_GET_CLUSTER_DEFAULT.
 - Fix coding style problems.

V2:
 - Fix coding style problem (white space).
 - Add members, store_policy and block_size_shift to struct SheepdogVdiReq.
 - Initialize request header to use block_size_shift specified by user.
---
 block/sheepdog.c  |  155 ++---
 include/block/block_int.h |1 +
 2 files changed, 134 insertions(+), 22 deletions(-)

diff --git a/block/sheepdog.c b/block/sheepdog.c
index be3176f..f6fe97e 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -37,6 +37,7 @@
 #define SD_OP_READ_VDIS  0x15
 #define SD_OP_FLUSH_VDI  0x16
 #define SD_OP_DEL_VDI0x17
+#define SD_OP_GET_CLUSTER_DEFAULT   0x18
 
 #define SD_FLAG_CMD_WRITE0x01
 #define SD_FLAG_CMD_COW  0x02
@@ -91,6 +92,7 @@
 #define SD_NR_VDIS   (1U << 24)
 #define SD_DATA_OBJ_SIZE (UINT64_C(1) << 22)
 #define SD_MAX_VDI_SIZE (SD_DATA_OBJ_SIZE * MAX_DATA_OBJS)
+#define SD_DEFAULT_BLOCK_SIZE_SHIFT 22
 /*
  * For erasure coding, we use at most SD_EC_MAX_STRIP for data strips and
  * (SD_EC_MAX_STRIP - 1) for parity strips
@@ -167,7 +169,8 @@ typedef struct SheepdogVdiReq {
 uint32_t base_vdi_id;
 uint8_t copies;
 uint8_t copy_policy;
-uint8_t reserved[2];
+uint8_t store_policy;
+uint8_t block_size_shift;
 uint32_t snapid;
 uint32_t type;
 uint32_t pad[2];
@@ -186,6 +189,21 @@ typedef struct SheepdogVdiRsp {
 uint32_t pad[5];
 } SheepdogVdiRsp;
 
+typedef struct SheepdogClusterRsp {
+uint8_t proto_ver;
+uint8_t opcode;
+uint16_t flags;
+uint32_t epoch;
+uint32_t id;
+uint32_t data_length;
+uint32_t result;
+uint8_t nr_copies;
+uint8_t copy_policy;
+uint8_t block_size_shift;
+uint8_t __pad1;
+uint32_t __pad2[6];
+} SheepdogClusterRsp;
+
 typedef struct SheepdogInode {
 char name[SD_MAX_VDI_LEN];
 char tag[SD_MAX_VDI_TAG_LEN];
@@ -1544,6 +1562,7 @@ static int do_sd_create(BDRVSheepdogState *s, uint32_t 
*vdi_id, int snapshot,
 hdr.vdi_size = s->inode.vdi_size;
 hdr.copy_policy = s->inode.copy_policy;
 hdr.copies = s->inode.nr_copies;
+hdr.block_size_shift = s->inode.block_size_shift;
 
 ret = do_req(fd, s->aio_context, (SheepdogReq *)&hdr, buf, &wlen, &rlen);
 
@@ -1569,9 +1588,12 @@ static int do_sd_create(BDRVSheepdogState *s, uint32_t 
*vdi_id, int snapshot,
 static int sd_prealloc(const char *filename, Error **errp)
 {
 BlockDriverState *bs = NULL;
+BDRVSheepdogState *base = NULL;
+unsigned long buf_size;
 uint32_t idx, max_idx;
+uint32_t object_size;
 int64_t vdi_size;
-void *buf = g_malloc0(SD_DATA_OBJ_SIZE);
+void *buf = NULL;
 int ret;
 
 ret = bdrv_open(&bs, filename, NULL, NULL, BDRV_O_RDWR | BDRV_O_PROTOCOL,
@@ -1585,18 +1607,24 @@ static int sd_prealloc(const char *filename, Error 
**errp)
 ret = vdi_size;
 goto out;
 }
-max_idx = DIV_ROUND_UP(vdi_size, SD_DATA_OBJ_SIZE);
+
+base = bs->opaque;
+object_size = (UINT32_C(1) << base->inode.block_size_shift);
+buf_size = MIN(object_size, SD_DATA_OBJ_SIZE);
+buf = g_malloc0(buf_size);
+
+max_idx = DIV_ROUND_UP(vdi_size, buf_size);
 
 for (idx = 0; idx < max_idx; idx++) {
 /*
  * The created image can be a cloned image, so we need to read
  * a data from the source image.
  */
-ret = bdrv_pread(bs, idx * SD_DATA_OBJ_SIZE, buf, SD_DATA_OBJ_SIZE);
+ret = bdrv_pread(bs, idx * buf_size, buf, buf_size);
 if (ret < 0) {
 goto out;
 }
-ret = bdrv_pwrite(bs, idx * SD_DATA_OBJ_SIZE, buf, SD_DATA_OBJ_SIZE);
+ret = bdrv_pwrite(bs, idx * buf_size, buf, buf_size);
 if (ret < 0) {
 goto out;
 }
@@ -1669,6 +1697,27 @@ static int parse_redundancy(B

Re: [Qemu-devel] [PATCH] memory: Fix double unref of flatview

[Paolo Bonzini]

On 13/02/2015 04:29, Matthew Rosato wrote:
> FYI, then this probably also affects the places you hit in d8d9581460
> "memory: convert memory_region_destroy to object_unparent", as that's
> what I modeled this approach on -- but I haven't tested any of them.

Luckily not, because only "real" regions (not aliases and containers)
end up in a FlatView.  So you can do object_unparent on aliases and
containers.  It's ugly and should be avoided, but not buggy.

There's only three cases (VFIO, for which patches have been posted and
reviewed already, plus other two in PCI) that have to be modified.

Paolo

Re: [Qemu-devel] Help on TLB Flush

[Paolo Bonzini]

On 12/02/2015 22:57, Peter Maydell wrote:
> The only
> requirement is that if the CPU that did the TLB maintenance
> op executes a DMB (barrier) then the TLB op must finish
> before the barrier completes execution. So you could split
> the "kick off TLB invalidate" and "make sure all CPUs
> are done" phases if you wanted. [cf v8 ARM ARM rev A.e
> section D4.7.2 and in particular the subsection on
> "ordering and completion".]

You can just make DMB start a new translation block.  Then when the TLB
flush helpers call cpu_exit() or cpu_interrupt() the flush request is
serviced.

Paolo

Re: [Qemu-devel] Help on TLB Flush

[Mark Burton]

the memory barrier is on the cpu requesting the flush isn’t it (not on the CPU 
that is being flushed)?
Cheers
Mark.

> On 13 Feb 2015, at 10:34, Paolo Bonzini  wrote:
> 
> 
> 
> On 12/02/2015 22:57, Peter Maydell wrote:
>> The only
>> requirement is that if the CPU that did the TLB maintenance
>> op executes a DMB (barrier) then the TLB op must finish
>> before the barrier completes execution. So you could split
>> the "kick off TLB invalidate" and "make sure all CPUs
>> are done" phases if you wanted. [cf v8 ARM ARM rev A.e
>> section D4.7.2 and in particular the subsection on
>> "ordering and completion".]
> 
> You can just make DMB start a new translation block.  Then when the TLB
> flush helpers call cpu_exit() or cpu_interrupt() the flush request is
> serviced.
> 
> Paolo


 +44 (0)20 7100 3485 x 210
 +33 (0)5 33 52 01 77x 210

+33 (0)603762104
mark.burton

Re: [Qemu-devel] [PATCH 3/3] virtio-scsi-dataplane: Use main thread BH to set BDS' aio context

[Paolo Bonzini]

On 13/02/2015 02:21, Fam Zheng wrote:
>> Could you just do set_aio_context for all devices when starting
>> dataplane?  For example with a new scsi_device_set_aio_context function
>> (and a new method in SCSIDeviceClass).
>>
>> Maybe I'm missing the obvious. :)
> 
> Per VQ IOThread stills needs it, in the case that guest switches the VQ of a
> disk on the fly.

Per VQ iothread is far away though.  Multiqueue aims at parallelizing
accesses *to the same disk from different CPUs*, not at parallelizing
accesses to different disks.  As long as bdrv_set_aio_context does
bdrv_drain_all, something has to change for multiqueue dataplane: either
stop using bdrv_set_aio_context, or stop doing bdrv_drain_all.

In either case, the changes are large enough that we shouldn't code for
a case that doesn't exist yet.

In addition, making the code more similar for virtio-blk and virtio-scsi
dataplane is good, because the same changes can apply to both in the future.

Paolo

Re: [Qemu-devel] [PATCH v2] qtest: Fix deadloop by running main loop AIO context's timers

[Stefan Hajnoczi]

On Mon, Jan 19, 2015 at 05:51:43PM +0800, Fam Zheng wrote:
> qemu_clock_run_timers() only takes care of main_loop_tlg, we shouldn't
> forget aio timer list groups.
> 
> Currently, the qemu_clock_deadline_ns_all (a few lines above) counts all
> the timergroups of this clock type, including aio tlg, but we don't fire
> them, so they are never cleared, which makes a dead loop.
> 
> For example, this function hangs when trying to drive throttled block
> request queue with qtest clock_step.
> 
> Signed-off-by: Fam Zheng 
> 
> ---
> v2: Only run QEMU_CLOCK_VIRTUAL events. (Paolo).
> ---
>  cpus.c | 4 
>  1 file changed, 4 insertions(+)

Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block

Stefan


pgpAL3eEXqFL3.pgp
Description: PGP signature

Re: [Qemu-devel] Help on TLB Flush

[Paolo Bonzini]

On 13/02/2015 10:37, Mark Burton wrote:
> the memory barrier is on the cpu requesting the flush isn’t it (not
> on the CPU that is being flushed)?

Oops, I misread Peter's explanation.

In that case, perhaps DMB can be treated in a similar way as WFI, using
cpu->halted.  Queueing work on other CPUs can be done with
async_run_on_cpu, which exits the idle loop in qemu_tcg_wait_io_event
(this avoids the deadlocks).  Checking that other CPUs have flushed the
TLBs can be done in cpu_has_work ("always return false if cpu->halted ==
true there are outstanding TLB requests").

Paolo

Re: [Qemu-devel] [PATCH v7 0/5] block: Add a qemu-iotests case for IO throttling

[Stefan Hajnoczi]

On Fri, Jan 30, 2015 at 10:49:41AM +0800, Fam Zheng wrote:
> v7: Remove any "{iops,bps}_max" in 093 completely. (Max)
> 
> v6: Less resource demanding patch 5. (Max)
> Add rev-by of Max to other patches.
> 
> v5: Rebase and improve the test. Please review again.
> 
> Patch dependencies:
> 
> This test depends on the qtest timer fix to run correctly.
> http://lists.gnu.org/archive/html/qemu-devel/2015-01/msg01865.html
> 
> Also depends on the os check fix to run at all:
> http://lists.gnu.org/archive/html/qemu-devel/2015-01/msg01848.html
> 
> Original cover letter
> -
> 
> There is a change in qemu-io sub-commands "aio_read" and "aio_write", which
> makes the aio requests accounted and the statistics reflected in blockstats.
> 
> Note that IO throttling implementation allows overcommiting of requests, so 
> the
> actual IO happened in a time unit may be a bit larger than given limits. In 
> the
> test case, the stats numbers are compared with a 10% error tolerance, to make
> room for such flexibility in order to improve determinism.
> 
> Fam
> 
> 
> Fam Zheng (5):
>   qemu-io: Account IO by aio_read and aio_write
>   qtest: Add scripts/qtest.py
>   qemu-iotests: Add VM method qtest() to iotests.py
>   qemu-iotests: Allow caller to disable underscore convertion for qmp
>   qemu-iotests: Add 093 for IO throttling
> 
>  qemu-io-cmds.c|  11 
>  scripts/qtest.py  |  71 ++
>  tests/qemu-iotests/093| 114 
> ++
>  tests/qemu-iotests/093.out|   5 ++
>  tests/qemu-iotests/group  |   1 +
>  tests/qemu-iotests/iotests.py |  23 +++--
>  6 files changed, 221 insertions(+), 4 deletions(-)
>  create mode 100644 scripts/qtest.py
>  create mode 100755 tests/qemu-iotests/093
>  create mode 100644 tests/qemu-iotests/093.out
> 
> -- 
> 1.9.3
> 

Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block

Stefan


pgpUiseEBPh9q.pgp
Description: PGP signature

[Qemu-devel] [PULL 00/14] target-mips queue

[Leon Alrae]

Hi,

My current mips-next patch queue, mainly bug fixes and cleanups.

Thanks,
Leon

Cc: Peter Maydell 
Cc: Aurelien Jarno 

The following changes since commit 449008f86418583a1f0fb946cf91ee7b4797317d:

  Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150210.0' 
into staging (2015-02-11 05:14:41 +)

are available in the git repository at:

  git://github.com/lalrae/qemu.git tags/mips-20150213

for you to fetch changes up to a6081232704fa32d16ad1dca3f34abff4bb6435e:

  linux-user: correct stat structure in MIPS N32 (2015-02-12 16:11:16 +)


MIPS patches 2015-02-13

Changes:
* bug fixes, cleanups and minor improvements


Hervé Poussineau (7):
  isa: add memory space parameter to isa_bus_new
  jazz: do not explode QEMUMachineInitArgs structure
  jazz: remove usage of isa_mem_base
  mips: remove isa_mem_base usage
  piix4: use PCI address space instead of system memory
  gt64xxx: remove isa_mem_base usage
  isa: remove isa_mem_base variable

Leon Alrae (6):
  target-mips: fix detection of the end of the page during translation
  target-mips: ll and lld cause AdEL exception for unaligned address
  target-mips: use CP0EnLo_XI instead of magic number
  target-mips: fix broken snapshotting
  target-mips: pass 0 instead of -1 as rs in microMIPS LUI instruction
  linux-user: correct stat structure in MIPS N32

Maciej W. Rozycki (1):
  target-mips: Make CP0.Status.CU1 read-only for the 5Kc and 5KEc processors

 hw/alpha/typhoon.c   |  2 +-
 hw/display/cirrus_vga.c  |  2 +-
 hw/display/vga-isa.c |  2 +-
 hw/display/vga.c |  3 +-
 hw/i386/pc_piix.c|  2 +-
 hw/isa/i82378.c  |  3 +-
 hw/isa/isa-bus.c | 12 --
 hw/isa/lpc_ich9.c|  2 +-
 hw/isa/piix4.c   |  3 +-
 hw/isa/vt82c686.c|  3 +-
 hw/mips/gt64xxx_pci.c| 95 +++-
 hw/mips/mips_jazz.c  | 44 ++--
 hw/mips/mips_r4k.c   | 19 -
 hw/pci-host/piix.c   |  3 +-
 hw/sparc64/sun4u.c   |  3 +-
 include/hw/isa/isa.h |  6 +--
 linux-user/syscall_defs.h| 86 +--
 target-mips/machine.c|  6 ++-
 target-mips/op_helper.c  | 10 +++--
 target-mips/translate.c  | 11 +++--
 target-mips/translate_init.c |  4 +-
 21 files changed, 165 insertions(+), 156 deletions(-)

[Qemu-devel] [PULL 02/14] jazz: do not explode QEMUMachineInitArgs structure

[Leon Alrae]

From: Hervé Poussineau 

Also remove address_space and address_space_io parameters, which
where always get_system_memory() and get_system_io().

Signed-off-by: Hervé Poussineau 
Signed-off-by: Leon Alrae 
---
 hw/mips/mips_jazz.c | 21 -
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index de35299..738e9c7 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -120,12 +120,12 @@ static void mips_jazz_do_unassigned_access(CPUState *cpu, 
hwaddr addr,
 (*real_do_unassigned_access)(cpu, addr, is_write, is_exec, opaque, size);
 }
 
-static void mips_jazz_init(MemoryRegion *address_space,
-   MemoryRegion *address_space_io,
-   ram_addr_t ram_size,
-   const char *cpu_model,
+static void mips_jazz_init(MachineState *machine,
enum jazz_model_e jazz_model)
 {
+MemoryRegion *address_space = get_system_memory();
+MemoryRegion *address_space_io = get_system_io();
+const char *cpu_model = machine->cpu_model;
 char *filename;
 int bios_size, n;
 MIPSCPU *cpu;
@@ -179,7 +179,8 @@ static void mips_jazz_init(MemoryRegion *address_space,
 cc->do_unassigned_access = mips_jazz_do_unassigned_access;
 
 /* allocate RAM */
-memory_region_init_ram(ram, NULL, "mips_jazz.ram", ram_size, &error_abort);
+memory_region_init_ram(ram, NULL, "mips_jazz.ram", machine->ram_size,
+   &error_abort);
 vmstate_register_ram_global(ram);
 memory_region_add_subregion(address_space, 0, ram);
 
@@ -333,19 +334,13 @@ static void mips_jazz_init(MemoryRegion *address_space,
 static
 void mips_magnum_init(MachineState *machine)
 {
-ram_addr_t ram_size = machine->ram_size;
-const char *cpu_model = machine->cpu_model;
-mips_jazz_init(get_system_memory(), get_system_io(),
-   ram_size, cpu_model, JAZZ_MAGNUM);
+mips_jazz_init(machine, JAZZ_MAGNUM);
 }
 
 static
 void mips_pica61_init(MachineState *machine)
 {
-ram_addr_t ram_size = machine->ram_size;
-const char *cpu_model = machine->cpu_model;
-mips_jazz_init(get_system_memory(), get_system_io(),
-   ram_size, cpu_model, JAZZ_PICA61);
+mips_jazz_init(machine, JAZZ_PICA61);
 }
 
 static QEMUMachine mips_magnum_machine = {
-- 
2.1.0

[Qemu-devel] [PULL 06/14] gt64xxx: remove isa_mem_base usage

[Leon Alrae]

From: Hervé Poussineau 

Create a custom address space for PCI memory region and use it for the PCI bus.
Dynamically handle PCI0 Mem0 and PCI0 Mem1 regions, as already done for PCI0 IO.

Signed-off-by: Hervé Poussineau 
Signed-off-by: Leon Alrae 
---
 hw/mips/gt64xxx_pci.c | 95 ---
 1 file changed, 68 insertions(+), 27 deletions(-)

diff --git a/hw/mips/gt64xxx_pci.c b/hw/mips/gt64xxx_pci.c
index 1f2fe5f..10fcca3 100644
--- a/hw/mips/gt64xxx_pci.c
+++ b/hw/mips/gt64xxx_pci.c
@@ -239,7 +239,11 @@ typedef struct GT64120State {
 
 uint32_t regs[GT_REGS];
 PCI_MAPPING_ENTRY(PCI0IO);
+PCI_MAPPING_ENTRY(PCI0M0);
+PCI_MAPPING_ENTRY(PCI0M1);
 PCI_MAPPING_ENTRY(ISD);
+MemoryRegion pci0_mem;
+AddressSpace pci0_mem_as;
 } GT64120State;
 
 /* Adjust range to avoid touching space which isn't mappable via PCI */
@@ -290,25 +294,63 @@ static void gt64120_isd_mapping(GT64120State *s)
 
 static void gt64120_pci_mapping(GT64120State *s)
 {
-/* Update IO mapping */
-if ((s->regs[GT_PCI0IOLD] & 0x7f) <= s->regs[GT_PCI0IOHD])
-{
-  /* Unmap old IO address */
-  if (s->PCI0IO_length)
-  {
-  memory_region_del_subregion(get_system_memory(), &s->PCI0IO_mem);
-  object_unparent(OBJECT(&s->PCI0IO_mem));
-  }
-  /* Map new IO address */
-  s->PCI0IO_start = s->regs[GT_PCI0IOLD] << 21;
-  s->PCI0IO_length = ((s->regs[GT_PCI0IOHD] + 1) - (s->regs[GT_PCI0IOLD] & 
0x7f)) << 21;
-  isa_mem_base = s->PCI0IO_start;
-  if (s->PCI0IO_length) {
-  memory_region_init_alias(&s->PCI0IO_mem, OBJECT(s), "isa_mmio",
-   get_system_io(), 0, s->PCI0IO_length);
-  memory_region_add_subregion(get_system_memory(), s->PCI0IO_start,
-  &s->PCI0IO_mem);
-  }
+/* Update PCI0IO mapping */
+if ((s->regs[GT_PCI0IOLD] & 0x7f) <= s->regs[GT_PCI0IOHD]) {
+/* Unmap old IO address */
+if (s->PCI0IO_length) {
+memory_region_del_subregion(get_system_memory(), &s->PCI0IO_mem);
+object_unparent(OBJECT(&s->PCI0IO_mem));
+}
+/* Map new IO address */
+s->PCI0IO_start = s->regs[GT_PCI0IOLD] << 21;
+s->PCI0IO_length = ((s->regs[GT_PCI0IOHD] + 1) -
+(s->regs[GT_PCI0IOLD] & 0x7f)) << 21;
+if (s->PCI0IO_length) {
+memory_region_init_alias(&s->PCI0IO_mem, OBJECT(s), "pci0-io",
+ get_system_io(), 0, s->PCI0IO_length);
+memory_region_add_subregion(get_system_memory(), s->PCI0IO_start,
+&s->PCI0IO_mem);
+}
+}
+
+/* Update PCI0M0 mapping */
+if ((s->regs[GT_PCI0M0LD] & 0x7f) <= s->regs[GT_PCI0M0HD]) {
+/* Unmap old MEM address */
+if (s->PCI0M0_length) {
+memory_region_del_subregion(get_system_memory(), &s->PCI0M0_mem);
+object_unparent(OBJECT(&s->PCI0M0_mem));
+}
+/* Map new mem address */
+s->PCI0M0_start = s->regs[GT_PCI0M0LD] << 21;
+s->PCI0M0_length = ((s->regs[GT_PCI0M0HD] + 1) -
+(s->regs[GT_PCI0M0LD] & 0x7f)) << 21;
+if (s->PCI0M0_length) {
+memory_region_init_alias(&s->PCI0M0_mem, OBJECT(s), "pci0-mem0",
+ &s->pci0_mem, s->PCI0M0_start,
+ s->PCI0M0_length);
+memory_region_add_subregion(get_system_memory(), s->PCI0M0_start,
+&s->PCI0M0_mem);
+}
+}
+
+/* Update PCI0M1 mapping */
+if ((s->regs[GT_PCI0M1LD] & 0x7f) <= s->regs[GT_PCI0M1HD]) {
+/* Unmap old MEM address */
+if (s->PCI0M1_length) {
+memory_region_del_subregion(get_system_memory(), &s->PCI0M1_mem);
+object_unparent(OBJECT(&s->PCI0M1_mem));
+}
+/* Map new mem address */
+s->PCI0M1_start = s->regs[GT_PCI0M1LD] << 21;
+s->PCI0M1_length = ((s->regs[GT_PCI0M1HD] + 1) -
+(s->regs[GT_PCI0M1LD] & 0x7f)) << 21;
+if (s->PCI0M1_length) {
+memory_region_init_alias(&s->PCI0M1_mem, OBJECT(s), "pci0-mem1",
+ &s->pci0_mem, s->PCI0M1_start,
+ s->PCI0M1_length);
+memory_region_add_subregion(get_system_memory(), s->PCI0M1_start,
+&s->PCI0M1_mem);
+}
 }
 }
 
@@ -363,10 +405,12 @@ static void gt64120_writel (void *opaque, hwaddr addr,
 case GT_PCI0M0LD:
 s->regs[GT_PCI0M0LD]= val & 0x7fff;
 s->regs[GT_PCI0M0REMAP] = val & 0x07ff;
+gt64120_pci_mapping(s);
 break;
 case GT_PCI0M1LD:
 s->regs[GT_PCI0M1LD]= val & 0x7fff;
 s->regs[GT_PCI0M1REMAP] = val & 0x07ff;
+gt64120_pci_mapping(s);
  

[Qemu-devel] [PULL 05/14] piix4: use PCI address space instead of system memory

[Leon Alrae]

From: Hervé Poussineau 

piix4 is only used on MIPS Malta board, which gives get_system_memory()
to pci_register_bus().

Signed-off-by: Hervé Poussineau 
Signed-off-by: Leon Alrae 
---
 hw/isa/piix4.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 0cacc3b..a9916df 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -86,7 +86,7 @@ static int piix4_initfn(PCIDevice *dev)
 {
 PIIX4State *d = DO_UPCAST(PIIX4State, dev, dev);
 
-isa_bus_new(DEVICE(d), get_system_memory(),
+isa_bus_new(DEVICE(d), pci_address_space(dev),
 pci_address_space_io(dev));
 piix4_dev = &d->dev;
 qemu_register_reset(piix4_reset, d);
-- 
2.1.0

[Qemu-devel] [PULL 04/14] mips: remove isa_mem_base usage

[Leon Alrae]

From: Hervé Poussineau 

Signed-off-by: Hervé Poussineau 
Signed-off-by: Leon Alrae 
---
 hw/mips/mips_r4k.c | 19 ++-
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/hw/mips/mips_r4k.c b/hw/mips/mips_r4k.c
index 5b982f2..3e90e27 100644
--- a/hw/mips/mips_r4k.c
+++ b/hw/mips/mips_r4k.c
@@ -165,7 +165,8 @@ void mips_r4k_init(MachineState *machine)
 MemoryRegion *ram = g_new(MemoryRegion, 1);
 MemoryRegion *bios;
 MemoryRegion *iomem = g_new(MemoryRegion, 1);
-MemoryRegion *isa = g_new(MemoryRegion, 1);
+MemoryRegion *isa_io = g_new(MemoryRegion, 1);
+MemoryRegion *isa_mem = g_new(MemoryRegion, 1);
 int bios_size;
 MIPSCPU *cpu;
 CPUMIPSState *env;
@@ -267,20 +268,20 @@ void mips_r4k_init(MachineState *machine)
 cpu_mips_irq_init_cpu(env);
 cpu_mips_clock_init(env);
 
+/* ISA bus: IO space at 0x1400, mem space at 0x1000 */
+memory_region_init_alias(isa_io, NULL, "isa-io",
+ get_system_io(), 0, 0x0001);
+memory_region_init(isa_mem, NULL, "isa-mem", 0x0100);
+memory_region_add_subregion(get_system_memory(), 0x1400, isa_io);
+memory_region_add_subregion(get_system_memory(), 0x1000, isa_mem);
+isa_bus = isa_bus_new(NULL, isa_mem, get_system_io());
+
 /* The PIC is attached to the MIPS CPU INT0 pin */
-isa_bus = isa_bus_new(NULL, get_system_memory(), get_system_io());
 i8259 = i8259_init(isa_bus, env->irq[2]);
 isa_bus_irqs(isa_bus, i8259);
 
 rtc_init(isa_bus, 2000, NULL);
 
-/* Register 64 KB of ISA IO space at 0x1400 */
-memory_region_init_alias(isa, NULL, "isa_mmio",
- get_system_io(), 0, 0x0001);
-memory_region_add_subregion(get_system_memory(), 0x1400, isa);
-
-isa_mem_base = 0x1000;
-
 pit = pit_init(isa_bus, 0x40, 0, NULL);
 
 for(i = 0; i < MAX_SERIAL_PORTS; i++) {
-- 
2.1.0

[Qemu-devel] [PULL 10/14] target-mips: ll and lld cause AdEL exception for unaligned address

[Leon Alrae]

Signed-off-by: Leon Alrae 
Reviewed-by: Maciej W. Rozycki 
---
 target-mips/op_helper.c | 10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/target-mips/op_helper.c b/target-mips/op_helper.c
index ea7d95f..73a8e45 100644
--- a/target-mips/op_helper.c
+++ b/target-mips/op_helper.c
@@ -304,16 +304,20 @@ static inline hwaddr do_translate_address(CPUMIPSState 
*env,
 }
 }
 
-#define HELPER_LD_ATOMIC(name, insn)  \
+#define HELPER_LD_ATOMIC(name, insn, almask)  \
 target_ulong helper_##name(CPUMIPSState *env, target_ulong arg, int mem_idx)  \
 { \
+if (arg & almask) {   \
+env->CP0_BadVAddr = arg;  \
+helper_raise_exception(env, EXCP_AdEL);   \
+} \
 env->lladdr = do_translate_address(env, arg, 0);  \
 env->llval = do_##insn(env, arg, mem_idx);\
 return env->llval;\
 }
-HELPER_LD_ATOMIC(ll, lw)
+HELPER_LD_ATOMIC(ll, lw, 0x3)
 #ifdef TARGET_MIPS64
-HELPER_LD_ATOMIC(lld, ld)
+HELPER_LD_ATOMIC(lld, ld, 0x7)
 #endif
 #undef HELPER_LD_ATOMIC
 
-- 
2.1.0

[Qemu-devel] [PULL 12/14] target-mips: fix broken snapshotting

[Leon Alrae]

Recently added CP0.BadInstr and CP0.BadInstrP registers ended up in cpu_load()
under different offset than in cpu_save(). These and all registers between were
incorrectly restored.

Signed-off-by: Leon Alrae 
---
 target-mips/machine.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target-mips/machine.c b/target-mips/machine.c
index 0ba7d73..6c76dfb 100644
--- a/target-mips/machine.c
+++ b/target-mips/machine.c
@@ -285,6 +285,10 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
 qemu_get_sbe32s(f, &env->CP0_SRSConf4);
 qemu_get_sbe32s(f, &env->CP0_HWREna);
 qemu_get_betls(f, &env->CP0_BadVAddr);
+if (version_id >= 5) {
+qemu_get_be32s(f, &env->CP0_BadInstr);
+qemu_get_be32s(f, &env->CP0_BadInstrP);
+}
 qemu_get_sbe32s(f, &env->CP0_Count);
 qemu_get_betls(f, &env->CP0_EntryHi);
 qemu_get_sbe32s(f, &env->CP0_Compare);
@@ -319,8 +323,6 @@ int cpu_load(QEMUFile *f, void *opaque, int version_id)
 qemu_get_betls(f, &env->CP0_ErrorEPC);
 qemu_get_sbe32s(f, &env->CP0_DESAVE);
 if (version_id >= 5) {
-qemu_get_be32s(f, &env->CP0_BadInstr);
-qemu_get_be32s(f, &env->CP0_BadInstrP);
 for (i = 0; i < MIPS_KSCRATCH_NUM; i++) {
 qemu_get_betls(f, &env->CP0_KScratch[i]);
 }
-- 
2.1.0

[Qemu-devel] [PULL 13/14] target-mips: pass 0 instead of -1 as rs in microMIPS LUI instruction

[Leon Alrae]

Using rs = -1 in gen_logic_imm() for microMIPS LUI instruction is dangerous
and may bite us when implementing microMIPS R6 because in R6 AUI and LUI
are distinguished by rs value. Therefore use 0 for safety.

Reported-by: Paolo Bonzini 
Signed-off-by: Leon Alrae 
---
 target-mips/translate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-mips/translate.c b/target-mips/translate.c
index 6ab3763..35e6cfe 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -13653,7 +13653,7 @@ static void decode_micromips32_opc (CPUMIPSState *env, 
DisasContext *ctx,
target. */
 break;
 case LUI:
-gen_logic_imm(ctx, OPC_LUI, rs, -1, imm);
+gen_logic_imm(ctx, OPC_LUI, rs, 0, imm);
 break;
 case SYNCI:
 /* Break the TB to be able to sync copied instructions
-- 
2.1.0

[Qemu-devel] [PULL 03/14] jazz: remove usage of isa_mem_base

[Leon Alrae]

From: Hervé Poussineau 

Do assorted changes in memory-mapped rtc interface.

Also fix size of ISA I/O memory region, which should be 0x1 bytes.

Signed-off-by: Hervé Poussineau 
Signed-off-by: Leon Alrae 
---
 hw/mips/mips_jazz.c | 25 ++---
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 738e9c7..ef5dd7d 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips_jazz.c
@@ -60,13 +60,16 @@ static void main_cpu_reset(void *opaque)
 
 static uint64_t rtc_read(void *opaque, hwaddr addr, unsigned size)
 {
-return cpu_inw(0x71);
+uint8_t val;
+address_space_read(&address_space_memory, 0x9071, &val, 1);
+return val;
 }
 
 static void rtc_write(void *opaque, hwaddr addr,
   uint64_t val, unsigned size)
 {
-cpu_outw(0x71, val & 0xff);
+uint8_t buf = val & 0xff;
+address_space_write(&address_space_memory, 0x9071, &buf, 1);
 }
 
 static const MemoryRegionOps rtc_ops = {
@@ -124,7 +127,6 @@ static void mips_jazz_init(MachineState *machine,
enum jazz_model_e jazz_model)
 {
 MemoryRegion *address_space = get_system_memory();
-MemoryRegion *address_space_io = get_system_io();
 const char *cpu_model = machine->cpu_model;
 char *filename;
 int bios_size, n;
@@ -134,7 +136,8 @@ static void mips_jazz_init(MachineState *machine,
 qemu_irq *rc4030, *i8259;
 rc4030_dma *dmas;
 void* rc4030_opaque;
-MemoryRegion *isa = g_new(MemoryRegion, 1);
+MemoryRegion *isa_mem = g_new(MemoryRegion, 1);
+MemoryRegion *isa_io = g_new(MemoryRegion, 1);
 MemoryRegion *rtc = g_new(MemoryRegion, 1);
 MemoryRegion *i8042 = g_new(MemoryRegion, 1);
 MemoryRegion *dma_dummy = g_new(MemoryRegion, 1);
@@ -219,8 +222,14 @@ static void mips_jazz_init(MachineState *machine,
 memory_region_init_io(dma_dummy, NULL, &dma_dummy_ops, NULL, "dummy_dma", 
0x1000);
 memory_region_add_subregion(address_space, 0x8000d000, dma_dummy);
 
+/* ISA bus: IO space at 0x9000, mem space at 0x9100 */
+memory_region_init(isa_io, NULL, "isa-io", 0x0001);
+memory_region_init(isa_mem, NULL, "isa-mem", 0x0100);
+memory_region_add_subregion(address_space, 0x9000, isa_io);
+memory_region_add_subregion(address_space, 0x9100, isa_mem);
+isa_bus = isa_bus_new(NULL, isa_mem, isa_io);
+
 /* ISA devices */
-isa_bus = isa_bus_new(NULL, get_system_memory(), address_space_io);
 i8259 = i8259_init(isa_bus, env->irq[4]);
 isa_bus_irqs(isa_bus, i8259);
 cpu_exit_irq = qemu_allocate_irqs(cpu_request_exit, NULL, 1);
@@ -228,12 +237,6 @@ static void mips_jazz_init(MachineState *machine,
 pit = pit_init(isa_bus, 0x40, 0, NULL);
 pcspk_init(isa_bus, pit);
 
-/* ISA IO space at 0x9000 */
-memory_region_init_alias(isa, NULL, "isa_mmio",
- get_system_io(), 0, 0x0100);
-memory_region_add_subregion(address_space, 0x9000, isa);
-isa_mem_base = 0x1100;
-
 /* Video card */
 switch (jazz_model) {
 case JAZZ_MAGNUM:
-- 
2.1.0

[Qemu-devel] [PULL 11/14] target-mips: use CP0EnLo_XI instead of magic number

[Leon Alrae]

Signed-off-by: Leon Alrae 
Reviewed-by: Maciej W. Rozycki 
---
 target-mips/translate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-mips/translate.c b/target-mips/translate.c
index 205a433..6ab3763 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -4947,7 +4947,7 @@ static void gen_mfc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 #if defined(TARGET_MIPS64)
 if (ctx->rxi) {
 TCGv tmp = tcg_temp_new();
-tcg_gen_andi_tl(tmp, arg, (3ull << 62));
+tcg_gen_andi_tl(tmp, arg, (3ull << CP0EnLo_XI));
 tcg_gen_shri_tl(tmp, tmp, 32);
 tcg_gen_or_tl(arg, arg, tmp);
 tcg_temp_free(tmp);
@@ -5002,7 +5002,7 @@ static void gen_mfc0(DisasContext *ctx, TCGv arg, int 
reg, int sel)
 #if defined(TARGET_MIPS64)
 if (ctx->rxi) {
 TCGv tmp = tcg_temp_new();
-tcg_gen_andi_tl(tmp, arg, (3ull << 62));
+tcg_gen_andi_tl(tmp, arg, (3ull << CP0EnLo_XI));
 tcg_gen_shri_tl(tmp, tmp, 32);
 tcg_gen_or_tl(arg, arg, tmp);
 tcg_temp_free(tmp);
-- 
2.1.0

[Qemu-devel] [PULL 14/14] linux-user: correct stat structure in MIPS N32

[Leon Alrae]

Simple "hello world" MIPS N32 userland program crashes with segfault due to
incorrectly defined stat structure in QEMU.

Correct "target_stat" definition to match kernel's "stat64" as in MIPS N32
there are only plain "stat" syscalls using 64-bit structure.

Reported-by: Daniel Sanders 
Signed-off-by: Leon Alrae 
Tested-by: Daniel Sanders 
Reviewed-by: James Hogan 
---
 linux-user/syscall_defs.h | 86 +++
 1 file changed, 19 insertions(+), 67 deletions(-)

diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 9ed6de8..edd5f3c 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -1607,73 +1607,25 @@ struct target_stat {
 #elif defined(TARGET_ABI_MIPSN32)
 
 struct target_stat {
-   unsignedst_dev;
-   int st_pad1[3]; /* Reserved for network id */
-   unsigned intst_ino;
-   unsigned intst_mode;
-   unsigned intst_nlink;
-   int st_uid;
-   int st_gid;
-   unsignedst_rdev;
-   unsigned intst_pad2[2];
-   unsigned intst_size;
-   unsigned intst_pad3;
-   /*
-* Actually this should be timestruc_t st_atime, st_mtime and st_ctime
-* but we don't have it under Linux.
-*/
-   unsigned inttarget_st_atime;
-   unsigned inttarget_st_atime_nsec;
-   unsigned inttarget_st_mtime;
-   unsigned inttarget_st_mtime_nsec;
-   unsigned inttarget_st_ctime;
-   unsigned inttarget_st_ctime_nsec;
-   unsigned intst_blksize;
-   unsigned intst_blocks;
-   unsigned intst_pad4[14];
-};
-
-/*
- * This matches struct stat64 in glibc2.1, hence the absolutely insane
- * amounts of padding around dev_t's.  The memory layout is the same as of
- * struct stat of the 64-bit kernel.
- */
-
-#define TARGET_HAS_STRUCT_STAT64
-struct target_stat64 {
-   unsigned intst_dev;
-   unsigned intst_pad0[3]; /* Reserved for st_dev expansion  */
-
-   target_ulongst_ino;
-
-unsigned int   st_mode;
-unsigned int   st_nlink;
-
-   int st_uid;
-   int st_gid;
-
-   unsigned intst_rdev;
-   unsigned intst_pad1[3]; /* Reserved for st_rdev expansion  */
-
-   int st_size;
-
-   /*
-* Actually this should be timestruc_t st_atime, st_mtime and st_ctime
-* but we don't have it under Linux.
-*/
-   int target_st_atime;
-   unsigned inttarget_st_atime_nsec;   /* Reserved for st_atime 
expansion  */
-
-   int target_st_mtime;
-   unsigned inttarget_st_mtime_nsec;   /* Reserved for st_mtime 
expansion  */
-
-   int target_st_ctime;
-   unsigned inttarget_st_ctime_nsec;   /* Reserved for st_ctime 
expansion  */
-
-   unsigned intst_blksize;
-   unsigned intst_pad2;
-
-   int st_blocks;
+abi_ulongst_dev;
+abi_ulongst_pad0[3]; /* Reserved for st_dev expansion */
+uint64_t st_ino;
+unsigned int st_mode;
+unsigned int st_nlink;
+int  st_uid;
+int  st_gid;
+abi_ulongst_rdev;
+abi_ulongst_pad1[3]; /* Reserved for st_rdev expansion */
+int64_t  st_size;
+abi_long target_st_atime;
+abi_ulongtarget_st_atime_nsec; /* Reserved for st_atime expansion 
*/
+abi_long target_st_mtime;
+abi_ulongtarget_st_mtime_nsec; /* Reserved for st_mtime expansion 
*/
+abi_long target_st_ctime;
+abi_ulongtarget_st_ctime_nsec; /* Reserved for st_ctime expansion 
*/
+abi_ulongst_blksize;
+abi_ulongst_pad2;
+int64_t  st_blocks;
 };
 
 #elif defined(TARGET_ABI_MIPSO32)
-- 
2.1.0

[Qemu-devel] [PULL 09/14] target-mips: fix detection of the end of the page during translation

[Leon Alrae]

The test is supposed to terminate TB if the end of the page is reached.
However, with current implementation it may never succeed for microMIPS or
mips16.

Reported-by: Richard Henderson 
Signed-off-by: Leon Alrae 
Reviewed-by: Maciej W. Rozycki 
Reviewed-by: Richard Henderson 
---
 target-mips/translate.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/target-mips/translate.c b/target-mips/translate.c
index 1faeb5d..205a433 100644
--- a/target-mips/translate.c
+++ b/target-mips/translate.c
@@ -19095,6 +19095,7 @@ gen_intermediate_code_internal(MIPSCPU *cpu, 
TranslationBlock *tb,
 CPUMIPSState *env = &cpu->env;
 DisasContext ctx;
 target_ulong pc_start;
+target_ulong next_page_start;
 uint16_t *gen_opc_end;
 CPUBreakpoint *bp;
 int j, lj = -1;
@@ -19107,6 +19108,7 @@ gen_intermediate_code_internal(MIPSCPU *cpu, 
TranslationBlock *tb,
 qemu_log("search pc %d\n", search_pc);
 
 pc_start = tb->pc;
+next_page_start = (pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
 gen_opc_end = tcg_ctx.gen_opc_buf + OPC_MAX_SIZE;
 ctx.pc = pc_start;
 ctx.saved_pc = -1;
@@ -19206,8 +19208,9 @@ gen_intermediate_code_internal(MIPSCPU *cpu, 
TranslationBlock *tb,
 break;
 }
 
-if ((ctx.pc & (TARGET_PAGE_SIZE - 1)) == 0)
+if (ctx.pc >= next_page_start) {
 break;
+}
 
 if (tcg_ctx.gen_opc_ptr >= gen_opc_end) {
 break;
-- 
2.1.0

[Qemu-devel] [PULL 07/14] isa: remove isa_mem_base variable

[Leon Alrae]

From: Hervé Poussineau 

Now that isa_mem_base variable is always 0, we can remove its usage.

Signed-off-by: Hervé Poussineau 
Signed-off-by: Leon Alrae 
---
 hw/display/cirrus_vga.c | 2 +-
 hw/display/vga-isa.c| 2 +-
 hw/display/vga.c| 3 +--
 hw/isa/isa-bus.c| 1 -
 include/hw/isa/isa.h| 2 --
 5 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 3a53f20..ec923c8 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -2907,7 +2907,7 @@ static void cirrus_init_common(CirrusVGAState *s, Object 
*owner,
 bank, 1);
 }
 memory_region_add_subregion_overlap(system_memory,
-isa_mem_base + 0x000a,
+0x000a,
 &s->low_mem_container,
 1);
 memory_region_set_coalescing(&s->low_mem);
diff --git a/hw/display/vga-isa.c b/hw/display/vga-isa.c
index 2b480bd..7f3c989 100644
--- a/hw/display/vga-isa.c
+++ b/hw/display/vga-isa.c
@@ -64,7 +64,7 @@ static void vga_isa_realizefn(DeviceState *dev, Error **errp)
 isa_register_portio_list(isadev, 0x1ce, vbe_ports, s, "vbe");
 }
 memory_region_add_subregion_overlap(isa_address_space(isadev),
-isa_mem_base + 0x000a,
+0x000a,
 vga_io_memory, 1);
 memory_region_set_coalescing(vga_io_memory);
 s->con = graphic_console_init(DEVICE(dev), 0, s->hw_ops, s);
diff --git a/hw/display/vga.c b/hw/display/vga.c
index 9c62fbf..c8c49ab 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -177,7 +177,6 @@ static void vga_update_memory_access(VGACommonState *s)
 size = 0x8000;
 break;
 }
-base += isa_mem_base;
 memory_region_init_alias(&s->chain4_alias, 
memory_region_owner(&s->vram),
  "vga.chain4", &s->vram, offset, size);
 memory_region_add_subregion_overlap(s->legacy_address_space, base,
@@ -2218,7 +2217,7 @@ void vga_init(VGACommonState *s, Object *obj, 
MemoryRegion *address_space,
 
 vga_io_memory = vga_init_io(s, obj, &vga_ports, &vbe_ports);
 memory_region_add_subregion_overlap(address_space,
-isa_mem_base + 0x000a,
+0x000a,
 vga_io_memory,
 1);
 memory_region_set_coalescing(vga_io_memory);
diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index fd6a3a1..825aa62 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -23,7 +23,6 @@
 #include "hw/isa/isa.h"
 
 static ISABus *isabus;
-hwaddr isa_mem_base = 0;
 
 static void isabus_dev_print(Monitor *mon, DeviceState *dev, int indent);
 static char *isabus_get_fw_dev_path(DeviceState *dev);
diff --git a/include/hw/isa/isa.h b/include/hw/isa/isa.h
index c621822..cf7bd34 100644
--- a/include/hw/isa/isa.h
+++ b/include/hw/isa/isa.h
@@ -99,8 +99,6 @@ static inline ISABus *isa_bus_from_device(ISADevice *d)
 return ISA_BUS(qdev_get_parent_bus(DEVICE(d)));
 }
 
-extern hwaddr isa_mem_base;
-
 /* dma.c */
 int DMA_get_channel_mode (int nchan);
 int DMA_read_memory (int nchan, void *buf, int pos, int size);
-- 
2.1.0

[Qemu-devel] [PULL 08/14] target-mips: Make CP0.Status.CU1 read-only for the 5Kc and 5KEc processors

[Leon Alrae]

From: "Maciej W. Rozycki" 

Signed-off-by: Maciej W. Rozycki 
Signed-off-by: Leon Alrae 
---
 target-mips/translate_init.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target-mips/translate_init.c b/target-mips/translate_init.c
index 1543f6c..9e8433a 100644
--- a/target-mips/translate_init.c
+++ b/target-mips/translate_init.c
@@ -474,7 +474,7 @@ static const mips_def_t mips_defs[] =
 .CP0_LLAddr_shift = 4,
 .SYNCI_Step = 32,
 .CCRes = 2,
-.CP0_Status_rw_bitmask = 0x32F8,
+.CP0_Status_rw_bitmask = 0x12F8,
 .SEGBITS = 42,
 .PABITS = 36,
 .insn_flags = CPU_MIPS64,
@@ -575,7 +575,7 @@ static const mips_def_t mips_defs[] =
 .CP0_LLAddr_shift = 4,
 .SYNCI_Step = 32,
 .CCRes = 2,
-.CP0_Status_rw_bitmask = 0x32F8,
+.CP0_Status_rw_bitmask = 0x12F8,
 .SEGBITS = 42,
 .PABITS = 36,
 .insn_flags = CPU_MIPS64R2,
-- 
2.1.0

[Qemu-devel] [PULL 01/14] isa: add memory space parameter to isa_bus_new

[Leon Alrae]

From: Hervé Poussineau 

Currently, keep current behaviour by always using get_system_memory().

Also use QOM casts when possible.

Signed-off-by: Hervé Poussineau 
Reviewed-by: Paolo Bonzini 
Signed-off-by: Leon Alrae 
---
 hw/alpha/typhoon.c   |  2 +-
 hw/i386/pc_piix.c|  2 +-
 hw/isa/i82378.c  |  3 ++-
 hw/isa/isa-bus.c | 11 ---
 hw/isa/lpc_ich9.c|  2 +-
 hw/isa/piix4.c   |  3 ++-
 hw/isa/vt82c686.c|  3 ++-
 hw/mips/mips_jazz.c  |  2 +-
 hw/mips/mips_r4k.c   |  2 +-
 hw/pci-host/piix.c   |  3 ++-
 hw/sparc64/sun4u.c   |  3 ++-
 include/hw/isa/isa.h |  4 +++-
 12 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/hw/alpha/typhoon.c b/hw/alpha/typhoon.c
index 5310006..62af946 100644
--- a/hw/alpha/typhoon.c
+++ b/hw/alpha/typhoon.c
@@ -920,7 +920,7 @@ PCIBus *typhoon_init(ram_addr_t ram_size, ISABus **isa_bus,
 {
 qemu_irq isa_pci_irq, *isa_irqs;
 
-*isa_bus = isa_bus_new(NULL, &s->pchip.reg_io);
+*isa_bus = isa_bus_new(NULL, get_system_memory(), &s->pchip.reg_io);
 isa_pci_irq = *qemu_allocate_irqs(typhoon_set_isa_irq, s, 1);
 isa_irqs = i8259_init(*isa_bus, isa_pci_irq);
 isa_bus_irqs(*isa_bus, isa_irqs);
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 38b42b0..de75cf0 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -208,7 +208,7 @@ static void pc_init1(MachineState *machine,
 } else {
 pci_bus = NULL;
 i440fx_state = NULL;
-isa_bus = isa_bus_new(NULL, system_io);
+isa_bus = isa_bus_new(NULL, get_system_memory(), system_io);
 no_hpet = 1;
 }
 isa_bus_irqs(isa_bus, gsi);
diff --git a/hw/isa/i82378.c b/hw/isa/i82378.c
index a7d9aa6..0dc440d 100644
--- a/hw/isa/i82378.c
+++ b/hw/isa/i82378.c
@@ -75,7 +75,8 @@ static int i82378_initfn(PCIDevice *pci)
 
 pci_config_set_interrupt_pin(pci_conf, 1); /* interrupt pin 0 */
 
-isabus = isa_bus_new(dev, pci_address_space_io(pci));
+isabus = isa_bus_new(dev, get_system_memory(),
+ pci_address_space_io(pci));
 
 /* This device has:
2 82C59 (irq)
diff --git a/hw/isa/isa-bus.c b/hw/isa/isa-bus.c
index cc85e53..fd6a3a1 100644
--- a/hw/isa/isa-bus.c
+++ b/hw/isa/isa-bus.c
@@ -21,7 +21,6 @@
 #include "hw/sysbus.h"
 #include "sysemu/sysemu.h"
 #include "hw/isa/isa.h"
-#include "exec/address-spaces.h"
 
 static ISABus *isabus;
 hwaddr isa_mem_base = 0;
@@ -44,7 +43,8 @@ static const TypeInfo isa_bus_info = {
 .class_init = isa_bus_class_init,
 };
 
-ISABus *isa_bus_new(DeviceState *dev, MemoryRegion *address_space_io)
+ISABus *isa_bus_new(DeviceState *dev, MemoryRegion* address_space,
+MemoryRegion *address_space_io)
 {
 if (isabus) {
 fprintf(stderr, "Can't create a second ISA bus\n");
@@ -56,6 +56,7 @@ ISABus *isa_bus_new(DeviceState *dev, MemoryRegion 
*address_space_io)
 }
 
 isabus = ISA_BUS(qbus_create(TYPE_ISA_BUS, dev, NULL));
+isabus->address_space = address_space;
 isabus->address_space_io = address_space_io;
 return isabus;
 }
@@ -250,7 +251,11 @@ static char *isabus_get_fw_dev_path(DeviceState *dev)
 
 MemoryRegion *isa_address_space(ISADevice *dev)
 {
-return get_system_memory();
+if (dev) {
+return isa_bus_from_device(dev)->address_space;
+}
+
+return isabus->address_space;
 }
 
 MemoryRegion *isa_address_space_io(ISADevice *dev)
diff --git a/hw/isa/lpc_ich9.c b/hw/isa/lpc_ich9.c
index 530b074..231de74 100644
--- a/hw/isa/lpc_ich9.c
+++ b/hw/isa/lpc_ich9.c
@@ -575,7 +575,7 @@ static int ich9_lpc_init(PCIDevice *d)
 ICH9LPCState *lpc = ICH9_LPC_DEVICE(d);
 ISABus *isa_bus;
 
-isa_bus = isa_bus_new(&d->qdev, get_system_io());
+isa_bus = isa_bus_new(DEVICE(d), get_system_memory(), get_system_io());
 
 pci_set_long(d->wmask + ICH9_LPC_PMBASE,
  ICH9_LPC_PMBASE_BASE_ADDRESS_MASK);
diff --git a/hw/isa/piix4.c b/hw/isa/piix4.c
index 1aa17d7..0cacc3b 100644
--- a/hw/isa/piix4.c
+++ b/hw/isa/piix4.c
@@ -86,7 +86,8 @@ static int piix4_initfn(PCIDevice *dev)
 {
 PIIX4State *d = DO_UPCAST(PIIX4State, dev, dev);
 
-isa_bus_new(&d->dev.qdev, pci_address_space_io(dev));
+isa_bus_new(DEVICE(d), get_system_memory(),
+pci_address_space_io(dev));
 piix4_dev = &d->dev;
 qemu_register_reset(piix4_reset, d);
 return 0;
diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index 17510ce..b223526 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -429,7 +429,8 @@ static int vt82c686b_initfn(PCIDevice *d)
 uint8_t *wmask;
 int i;
 
-isa_bus = isa_bus_new(&d->qdev, pci_address_space_io(d));
+isa_bus = isa_bus_new(DEVICE(d), get_system_memory(),
+  pci_address_space_io(d));
 
 pci_conf = d->config;
 pci_config_set_prog_interface(pci_conf, 0x0);
diff --git a/hw/mips/mips_jazz.c b/hw/mips/mips_jazz.c
index 3f33093..de35299 100644
--- a/hw/mips/mips_jazz.c
+++ b/hw/mips/mips

[Qemu-devel] [PATCH v4 00/10] cpu: add device_add foo-x86_64-cpu support

[Zhu Guihua]

This series is based on the previous patchset from Chen Fan:
https://lists.nongnu.org/archive/html/qemu-devel/2014-05/msg02360.html

We try to make cpu hotplug with device_add, and make
"-device foo-x86_64-cpu" available, also we can set apic-id
property with command line, if without setting apic-id property,
we offer the first unoccupied apic id as the default new apic id.
When hotplug cpu with device_add, additional check of APIC ID will be
done after cpu object initialization which was different from
'cpu_add' command that check 'ids' at the beginning.

The is the first half of the previous series:
[RFC V2 00/10] cpu: add device_add foo-x86_64-cpu and i386 cpu hot remove 
support
https://lists.nongnu.org/archive/html/qemu-devel/2014-08/msg04779.html

---
Changelog since v3:
 -fix cross version migration issue
 -drop ICC bus impl
 -do a generic for apic to send gpe event
 -do not use migration code for CONFIG_USER_ONLY target

Changelog since v2:
 -rebase on latest upstream.
 -add cpu instance finalize.

Changelog since v1:
 -rebased on latest upstream.
 -introduce a help function to hide the access to icc_bus.
 -use a macro ACPI_ID_NOT_SET to replace the magic number(0x).

Changelog since RFC:
 -split out APIC vmstate/QMP-monitor changes into separate patches.
 -add the handle of the startup cpus(-device foo).
 -remove duplicated checking about env->cpuid_apic_id.
 -do actual APIC ID allocation at realize time if it is not set before.
 -remove the unneeded x86_cpu_cpudef_instance_init().
 -split off device_del support out here.
---

Chen Fan (4):
  cpu/apic: drop icc bus/bridge/
  icc_bus: remove icc related files
  cpu: introduce CpuTopoInfo structure for argument simplification
  cpu: add device_add foo-x86_64-cpu support

Gu Zheng (4):
  qom/cpu: move register_vmstate to common CPUClass.realizefn
  qom/cpu: move apic vmstate register into x86_cpu_apic_realize
  monitor: use cc->get_arch_id as the cpu index
  i386/cpu: add instance finalize callback

Zhu Guihua (2):
  cpu: introduce get_compat_arch_id() method and override it for X86CPU
  acpi: introduce acpi_send_gpe_event()

 MAINTAINERS|   6 --
 cpus.c |   4 +-
 default-configs/i386-softmmu.mak   |   1 -
 default-configs/x86_64-softmmu.mak |   1 -
 exec.c |  25 +---
 hw/acpi/core.c |   7 +++
 hw/acpi/cpu_hotplug.c  |   6 +-
 hw/cpu/Makefile.objs   |   2 -
 hw/cpu/icc_bus.c   | 118 -
 hw/i386/kvm/apic.c |  10 +++-
 hw/i386/pc.c   |  27 ++---
 hw/i386/pc_piix.c  |   9 +--
 hw/i386/pc_q35.c   |   9 +--
 hw/intc/apic.c |  16 +++--
 hw/intc/apic_common.c  |  17 +++---
 include/hw/acpi/acpi.h |   3 +
 include/hw/cpu/icc_bus.h   |  82 --
 include/hw/i386/apic_internal.h|   9 +--
 include/hw/i386/pc.h   |   3 +-
 include/qom/cpu.h  |   6 ++
 monitor.c  |   4 +-
 qom/cpu.c  |  10 
 target-i386/cpu.c  |  95 ++---
 target-i386/cpu.h  |   3 +-
 target-i386/topology.h |  66 -
 25 files changed, 223 insertions(+), 316 deletions(-)
 delete mode 100644 hw/cpu/icc_bus.c
 delete mode 100644 include/hw/cpu/icc_bus.h

-- 
1.9.3

[Qemu-devel] [PATCH v4 01/10] cpu/apic: drop icc bus/bridge/

[Zhu Guihua]

From: Chen Fan 

ICC bus was invented only to provide hotplug capability to
CPU and APIC because at the time being hotplug was available only for
BUS attached devices.

Now this patch is to drop ICC bus impl, and switch to bus-less
CPU+APIC hotplug, handling them in the same manner as pc-dimm.

Signed-off-by: Chen Fan 
Signed-off-by: Zhu Guihua 
---
 hw/i386/kvm/apic.c  | 10 --
 hw/i386/pc.c| 21 +
 hw/i386/pc_piix.c   |  9 +
 hw/i386/pc_q35.c|  9 +
 hw/intc/apic.c  | 16 +++-
 hw/intc/apic_common.c   | 14 +-
 include/hw/i386/apic_internal.h |  6 ++
 include/hw/i386/pc.h|  3 ++-
 target-i386/cpu.c   | 19 +++
 target-i386/cpu.h   |  3 +--
 10 files changed, 43 insertions(+), 67 deletions(-)

diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index 5b47056..4b7ce57 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -10,6 +10,7 @@
  * See the COPYING file in the top-level directory.
  */
 #include "hw/i386/apic_internal.h"
+#include "hw/i386/pc.h"
 #include "hw/pci/msi.h"
 #include "sysemu/kvm.h"
 
@@ -180,9 +181,14 @@ static void kvm_apic_reset(APICCommonState *s)
 static void kvm_apic_realize(DeviceState *dev, Error **errp)
 {
 APICCommonState *s = APIC_COMMON(dev);
+PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
+static bool mmio_registered;
 
-memory_region_init_io(&s->io_memory, NULL, &kvm_apic_io_ops, s, 
"kvm-apic-msi",
-  APIC_SPACE_SIZE);
+if (!mmio_registered) {
+memory_region_init_io(&pcms->apic_mmio, NULL, &kvm_apic_io_ops, s,
+  "kvm-apic-msi", APIC_SPACE_SIZE);
+mmio_registered = true;
+}
 
 if (kvm_has_gsi_routing()) {
 msi_supported = true;
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index c7af6aa..500d369 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -54,7 +54,6 @@
 #include "qemu/config-file.h"
 #include "hw/acpi/acpi.h"
 #include "hw/acpi/cpu_hotplug.h"
-#include "hw/cpu/icc_bus.h"
 #include "hw/boards.h"
 #include "hw/pci/pci_host.h"
 #include "acpi-build.h"
@@ -954,12 +953,12 @@ void pc_acpi_smi_interrupt(void *opaque, int irq, int 
level)
 }
 
 static X86CPU *pc_new_cpu(const char *cpu_model, int64_t apic_id,
-  DeviceState *icc_bridge, Error **errp)
+  Error **errp)
 {
 X86CPU *cpu;
 Error *local_err = NULL;
 
-cpu = cpu_x86_create(cpu_model, icc_bridge, &local_err);
+cpu = cpu_x86_create(cpu_model, &local_err);
 if (local_err != NULL) {
 error_propagate(errp, local_err);
 return NULL;
@@ -980,7 +979,6 @@ static const char *current_cpu_model;
 
 void pc_hot_add_cpu(const int64_t id, Error **errp)
 {
-DeviceState *icc_bridge;
 int64_t apic_id = x86_cpu_apic_id_from_index(id);
 
 if (id < 0) {
@@ -1007,12 +1005,10 @@ void pc_hot_add_cpu(const int64_t id, Error **errp)
 return;
 }
 
-icc_bridge = DEVICE(object_resolve_path_type("icc-bridge",
- TYPE_ICC_BRIDGE, NULL));
-pc_new_cpu(current_cpu_model, apic_id, icc_bridge, errp);
+pc_new_cpu(current_cpu_model, apic_id, errp);
 }
 
-void pc_cpus_init(const char *cpu_model, DeviceState *icc_bridge)
+void pc_cpus_init(const char *cpu_model)
 {
 int i;
 X86CPU *cpu = NULL;
@@ -1038,7 +1034,7 @@ void pc_cpus_init(const char *cpu_model, DeviceState 
*icc_bridge)
 
 for (i = 0; i < smp_cpus; i++) {
 cpu = pc_new_cpu(cpu_model, x86_cpu_apic_id_from_index(i),
- icc_bridge, &error);
+ &error);
 if (error) {
 error_report("%s", error_get_pretty(error));
 error_free(error);
@@ -1046,13 +1042,6 @@ void pc_cpus_init(const char *cpu_model, DeviceState 
*icc_bridge)
 }
 }
 
-/* map APIC MMIO area if CPU has APIC */
-if (cpu && cpu->apic_state) {
-/* XXX: what if the base changes? */
-sysbus_mmio_map_overlap(SYS_BUS_DEVICE(icc_bridge), 0,
-APIC_DEFAULT_ADDRESS, 0x1000);
-}
-
 /* tell smbios about cpuid version and features */
 smbios_set_cpuid(cpu->env.cpuid_version, cpu->env.features[FEAT_1_EDX]);
 }
diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c
index 38b42b0..7a581f2 100644
--- a/hw/i386/pc_piix.c
+++ b/hw/i386/pc_piix.c
@@ -39,7 +39,6 @@
 #include "hw/kvm/clock.h"
 #include "sysemu/sysemu.h"
 #include "hw/sysbus.h"
-#include "hw/cpu/icc_bus.h"
 #include "sysemu/arch_init.h"
 #include "sysemu/block-backend.h"
 #include "hw/i2c/smbus.h"
@@ -97,7 +96,6 @@ static void pc_init1(MachineState *machine,
 MemoryRegion *ram_memory;
 MemoryRegion *pci_memory;
 MemoryRegion *rom_memory;
-DeviceState *icc_bridge;
 FWCfgState *fw_cfg = NULL;
 PcGuestInfo *guest_info;
 ram_add

[Qemu-devel] [PATCH v4 06/10] qom/cpu: move apic vmstate register into x86_cpu_apic_realize

[Zhu Guihua]

From: Gu Zheng 

move apic vmstate register into x86_cpu_apic_realize, and use
cc->get_arch_id as the instance id to avoid using the auto-id which will
break the migration if we add device not in order.

Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 hw/intc/apic_common.c   |  3 +--
 include/hw/i386/apic_internal.h |  3 +++
 target-i386/cpu.c   | 10 +-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
index bfaebe2..3b420a6 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -387,7 +387,7 @@ static const VMStateDescription vmstate_apic_common_sipi = {
 }
 };
 
-static const VMStateDescription vmstate_apic_common = {
+const VMStateDescription vmstate_apic_common = {
 .name = "apic",
 .version_id = 3,
 .minimum_version_id = 3,
@@ -440,7 +440,6 @@ static void apic_common_class_init(ObjectClass *klass, void 
*data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
 
-dc->vmsd = &vmstate_apic_common;
 dc->reset = apic_reset_common;
 dc->props = apic_properties_common;
 dc->realize = apic_common_realize;
diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h
index 0421c20..578a616 100644
--- a/include/hw/i386/apic_internal.h
+++ b/include/hw/i386/apic_internal.h
@@ -22,6 +22,7 @@
 
 #include "exec/memory.h"
 #include "qemu/timer.h"
+#include "migration/vmstate.h"
 
 /* APIC Local Vector Table */
 #define APIC_LVT_TIMER  0
@@ -136,6 +137,8 @@ typedef struct VAPICState {
 
 extern bool apic_report_tpr_access;
 
+extern const VMStateDescription vmstate_apic_common;
+
 void apic_report_irq_delivered(int delivered);
 bool apic_next_timer(APICCommonState *s, int64_t current_time);
 void apic_enable_tpr_access_reporting(DeviceState *d, bool enable);
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 25f4f54..028063c 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2737,10 +2737,18 @@ static void x86_cpu_apic_create(X86CPU *cpu, Error 
**errp)
 
 static void x86_cpu_apic_realize(X86CPU *cpu, Error **errp)
 {
-if (cpu->apic_state == NULL) {
+DeviceState *apic_state = cpu->apic_state;
+CPUClass *cc = CPU_GET_CLASS(CPU(cpu));
+int cpu_index = cc->get_arch_id(CPU(cpu)) + max_cpus;
+int compat_index = cc->get_compat_arch_id(CPU(cpu));
+
+if (apic_state == NULL) {
 return;
 }
 
+vmstate_register_with_alias_id(NULL, cpu_index, &vmstate_apic_common,
+   apic_state, compat_index, 3);
+
 if (qdev_init(cpu->apic_state)) {
 error_setg(errp, "APIC device '%s' could not be initialized",
object_get_typename(OBJECT(cpu->apic_state)));
-- 
1.9.3

[Qemu-devel] [PATCH v4 05/10] qom/cpu: move register_vmstate to common CPUClass.realizefn

[Zhu Guihua]

From: Gu Zheng 

Move cpu vmstate register from cpu_exec_init into cpu_common_realizefn,
and use cc->get_arch_id as the instance id that suggested by Igor to
fix the migration issue.

Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 exec.c| 25 ++---
 include/qom/cpu.h |  2 ++
 qom/cpu.c |  4 
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/exec.c b/exec.c
index 6dff7bc..8361591 100644
--- a/exec.c
+++ b/exec.c
@@ -513,10 +513,26 @@ void tcg_cpu_address_space_init(CPUState *cpu, 
AddressSpace *as)
 }
 #endif
 
+void cpu_vmstate_register(CPUState *cpu)
+{
+CPUClass *cc = CPU_GET_CLASS(cpu);
+int cpu_index = cc->get_arch_id(cpu) + max_cpus;
+int compat_index = cc->get_compat_arch_id(cpu);
+
+if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
+vmstate_register_with_alias_id(NULL, cpu_index, &vmstate_cpu_common,
+   cpu, compat_index, 3);
+}
+
+if (cc->vmsd != NULL) {
+vmstate_register_with_alias_id(NULL, cpu_index, cc->vmsd,
+   cpu, compat_index, 3);
+}
+}
+
 void cpu_exec_init(CPUArchState *env)
 {
 CPUState *cpu = ENV_GET_CPU(env);
-CPUClass *cc = CPU_GET_CLASS(cpu);
 CPUState *some_cpu;
 int cpu_index;
 
@@ -539,18 +555,13 @@ void cpu_exec_init(CPUArchState *env)
 #if defined(CONFIG_USER_ONLY)
 cpu_list_unlock();
 #endif
-if (qdev_get_vmsd(DEVICE(cpu)) == NULL) {
-vmstate_register(NULL, cpu_index, &vmstate_cpu_common, cpu);
-}
 #if defined(CPU_SAVE_VERSION) && !defined(CONFIG_USER_ONLY)
+CPUClass *cc = CPU_GET_CLASS(cpu);
 register_savevm(NULL, "cpu", cpu_index, CPU_SAVE_VERSION,
 cpu_save, cpu_load, env);
 assert(cc->vmsd == NULL);
 assert(qdev_get_vmsd(DEVICE(cpu)) == NULL);
 #endif
-if (cc->vmsd != NULL) {
-vmstate_register(NULL, cpu_index, cc->vmsd, cpu);
-}
 }
 
 #if defined(CONFIG_USER_ONLY)
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 2e68dd2..d0a50e2 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -565,6 +565,8 @@ void cpu_interrupt(CPUState *cpu, int mask);
 
 #endif /* USER_ONLY */
 
+void cpu_vmstate_register(CPUState *cpu);
+
 #ifdef CONFIG_SOFTMMU
 static inline void cpu_unassigned_access(CPUState *cpu, hwaddr addr,
  bool is_write, bool is_exec,
diff --git a/qom/cpu.c b/qom/cpu.c
index 83d7766..8e37045 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -302,6 +302,10 @@ static void cpu_common_realizefn(DeviceState *dev, Error 
**errp)
 {
 CPUState *cpu = CPU(dev);
 
+#if !defined(CONFIG_USER_ONLY)
+cpu_vmstate_register(cpu);
+#endif
+
 if (dev->hotplugged) {
 cpu_synchronize_post_init(cpu);
 cpu_resume(cpu);
-- 
1.9.3

[Qemu-devel] [PATCH v4 02/10] icc_bus: remove icc related files

[Zhu Guihua]

From: Chen Fan 

ICC bus impl has been droped, so all icc related files are not useful
any more; delete them.

Signed-off-by: Chen Fan 
Signed-off-by: Zhu Guihua 
---
 MAINTAINERS|   6 --
 default-configs/i386-softmmu.mak   |   1 -
 default-configs/x86_64-softmmu.mak |   1 -
 hw/cpu/Makefile.objs   |   2 -
 hw/cpu/icc_bus.c   | 118 -
 include/hw/cpu/icc_bus.h   |  82 --
 6 files changed, 210 deletions(-)
 delete mode 100644 hw/cpu/icc_bus.c
 delete mode 100644 include/hw/cpu/icc_bus.h

diff --git a/MAINTAINERS b/MAINTAINERS
index 8c06739..8ad08d0 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -795,12 +795,6 @@ F: qom/cpu.c
 F: include/qom/cpu.h
 F: target-i386/cpu.c
 
-ICC Bus
-M: Igor Mammedov 
-S: Supported
-F: include/hw/cpu/icc_bus.h
-F: hw/cpu/icc_bus.c
-
 Device Tree
 M: Peter Crosthwaite 
 M: Alexander Graf 
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index 8e08841..e433da5 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -42,6 +42,5 @@ CONFIG_LPC_ICH9=y
 CONFIG_PCI_Q35=y
 CONFIG_APIC=y
 CONFIG_IOAPIC=y
-CONFIG_ICC_BUS=y
 CONFIG_PVPANIC=y
 CONFIG_MEM_HOTPLUG=y
diff --git a/default-configs/x86_64-softmmu.mak 
b/default-configs/x86_64-softmmu.mak
index 66557ac..4f76d41 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -42,6 +42,5 @@ CONFIG_LPC_ICH9=y
 CONFIG_PCI_Q35=y
 CONFIG_APIC=y
 CONFIG_IOAPIC=y
-CONFIG_ICC_BUS=y
 CONFIG_PVPANIC=y
 CONFIG_MEM_HOTPLUG=y
diff --git a/hw/cpu/Makefile.objs b/hw/cpu/Makefile.objs
index 6381238..193e489 100644
--- a/hw/cpu/Makefile.objs
+++ b/hw/cpu/Makefile.objs
@@ -2,5 +2,3 @@ obj-$(CONFIG_ARM11MPCORE) += arm11mpcore.o
 obj-$(CONFIG_REALVIEW) += realview_mpcore.o
 obj-$(CONFIG_A9MPCORE) += a9mpcore.o
 obj-$(CONFIG_A15MPCORE) += a15mpcore.o
-obj-$(CONFIG_ICC_BUS) += icc_bus.o
-
diff --git a/hw/cpu/icc_bus.c b/hw/cpu/icc_bus.c
deleted file mode 100644
index 6646ea2..000
--- a/hw/cpu/icc_bus.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* icc_bus.c
- * emulate x86 ICC (Interrupt Controller Communications) bus
- *
- * Copyright (c) 2013 Red Hat, Inc
- *
- * Authors:
- * Igor Mammedov 
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, see 
- */
-#include "hw/cpu/icc_bus.h"
-#include "hw/sysbus.h"
-
-/* icc-bridge implementation */
-
-static const TypeInfo icc_bus_info = {
-.name = TYPE_ICC_BUS,
-.parent = TYPE_BUS,
-.instance_size = sizeof(ICCBus),
-};
-
-
-/* icc-device implementation */
-
-static void icc_device_realize(DeviceState *dev, Error **errp)
-{
-ICCDeviceClass *idc = ICC_DEVICE_GET_CLASS(dev);
-
-/* convert to QOM */
-if (idc->realize) {
-idc->realize(dev, errp);
-}
-
-}
-
-static void icc_device_class_init(ObjectClass *oc, void *data)
-{
-DeviceClass *dc = DEVICE_CLASS(oc);
-
-dc->realize = icc_device_realize;
-dc->bus_type = TYPE_ICC_BUS;
-}
-
-static const TypeInfo icc_device_info = {
-.name = TYPE_ICC_DEVICE,
-.parent = TYPE_DEVICE,
-.abstract = true,
-.instance_size = sizeof(ICCDevice),
-.class_size = sizeof(ICCDeviceClass),
-.class_init = icc_device_class_init,
-};
-
-
-/*  icc-bridge implementation */
-
-typedef struct ICCBridgeState {
-/*< private >*/
-SysBusDevice parent_obj;
-/*< public >*/
-
-ICCBus icc_bus;
-MemoryRegion apic_container;
-} ICCBridgeState;
-
-#define ICC_BRIDGE(obj) OBJECT_CHECK(ICCBridgeState, (obj), TYPE_ICC_BRIDGE)
-
-static void icc_bridge_init(Object *obj)
-{
-ICCBridgeState *s = ICC_BRIDGE(obj);
-SysBusDevice *sb = SYS_BUS_DEVICE(obj);
-
-qbus_create_inplace(&s->icc_bus, sizeof(s->icc_bus), TYPE_ICC_BUS,
-DEVICE(s), "icc");
-
-/* Do not change order of registering regions,
- * APIC must be first registered region, board maps it by 0 index
- */
-memory_region_init(&s->apic_container, obj, "icc-apic-container",
-   APIC_SPACE_SIZE);
-sysbus_init_mmio(sb, &s->apic_container);
-s->icc_bus.apic_address_space = &s->apic_container;
-}
-
-static void icc_bridge_class_init(ObjectClass *oc, void *data)
-{
-DeviceClass *dc = DEVICE_CLASS(oc);
-
-set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories);
-}
-
-static const TypeI

[Qemu-devel] [PATCH v4 07/10] monitor: use cc->get_arch_id as the cpu index

[Zhu Guihua]

From: Gu Zheng 

Use cc->get_arch_id as the cpu index to avoid the cpu index duplicated
issue in the QMP/HMP command output.

Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 cpus.c| 4 +++-
 monitor.c | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/cpus.c b/cpus.c
index 0cdd1d7..67d10a7 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1403,6 +1403,7 @@ CpuInfoList *qmp_query_cpus(Error **errp)
 
 CPU_FOREACH(cpu) {
 CpuInfoList *info;
+CPUClass *cc;
 #if defined(TARGET_I386)
 X86CPU *x86_cpu = X86_CPU(cpu);
 CPUX86State *env = &x86_cpu->env;
@@ -1420,11 +1421,12 @@ CpuInfoList *qmp_query_cpus(Error **errp)
 CPUTriCoreState *env = &tricore_cpu->env;
 #endif
 
+cc = CPU_GET_CLASS(cpu);
 cpu_synchronize_state(cpu);
 
 info = g_malloc0(sizeof(*info));
 info->value = g_malloc0(sizeof(*info->value));
-info->value->CPU = cpu->cpu_index;
+info->value->CPU = cc->get_arch_id(cpu);
 info->value->current = (cpu == first_cpu);
 info->value->halted = cpu->halted;
 info->value->thread_id = cpu->thread_id;
diff --git a/monitor.c b/monitor.c
index c3cc060..e57ae27 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1024,7 +1024,9 @@ static CPUArchState *mon_get_cpu(void)
 int monitor_get_cpu_index(void)
 {
 CPUState *cpu = ENV_GET_CPU(mon_get_cpu());
-return cpu->cpu_index;
+CPUClass *cc = CPU_GET_CLASS(cpu);
+
+return cc->get_arch_id(cpu);
 }
 
 static void do_info_registers(Monitor *mon, const QDict *qdict)
-- 
1.9.3

[Qemu-devel] [PATCH v4 03/10] cpu: introduce CpuTopoInfo structure for argument simplification

[Zhu Guihua]

From: Chen Fan 

Reviewed-by: Eduardo Habkost 
Signed-off-by: Chen Fan 
Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 target-i386/topology.h | 33 +
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/target-i386/topology.h b/target-i386/topology.h
index 07a6c5f..e9ff89c 100644
--- a/target-i386/topology.h
+++ b/target-i386/topology.h
@@ -47,6 +47,12 @@
  */
 typedef uint32_t apic_id_t;
 
+typedef struct X86CPUTopoInfo {
+unsigned pkg_id;
+unsigned core_id;
+unsigned smt_id;
+} X86CPUTopoInfo;
+
 /* Return the bit width needed for 'count' IDs
  */
 static unsigned apicid_bitwidth_for_count(unsigned count)
@@ -92,13 +98,11 @@ static inline unsigned apicid_pkg_offset(unsigned nr_cores, 
unsigned nr_threads)
  */
 static inline apic_id_t apicid_from_topo_ids(unsigned nr_cores,
  unsigned nr_threads,
- unsigned pkg_id,
- unsigned core_id,
- unsigned smt_id)
+ const X86CPUTopoInfo *topo)
 {
-return (pkg_id  << apicid_pkg_offset(nr_cores, nr_threads)) |
-   (core_id << apicid_core_offset(nr_cores, nr_threads)) |
-   smt_id;
+return (topo->pkg_id  << apicid_pkg_offset(nr_cores, nr_threads)) |
+   (topo->core_id << apicid_core_offset(nr_cores, nr_threads)) |
+   topo->smt_id;
 }
 
 /* Calculate thread/core/package IDs for a specific topology,
@@ -107,14 +111,12 @@ static inline apic_id_t apicid_from_topo_ids(unsigned 
nr_cores,
 static inline void x86_topo_ids_from_idx(unsigned nr_cores,
  unsigned nr_threads,
  unsigned cpu_index,
- unsigned *pkg_id,
- unsigned *core_id,
- unsigned *smt_id)
+ X86CPUTopoInfo *topo)
 {
 unsigned core_index = cpu_index / nr_threads;
-*smt_id = cpu_index % nr_threads;
-*core_id = core_index % nr_cores;
-*pkg_id = core_index / nr_cores;
+topo->smt_id = cpu_index % nr_threads;
+topo->core_id = core_index % nr_cores;
+topo->pkg_id = core_index / nr_cores;
 }
 
 /* Make APIC ID for the CPU 'cpu_index'
@@ -125,10 +127,9 @@ static inline apic_id_t x86_apicid_from_cpu_idx(unsigned 
nr_cores,
 unsigned nr_threads,
 unsigned cpu_index)
 {
-unsigned pkg_id, core_id, smt_id;
-x86_topo_ids_from_idx(nr_cores, nr_threads, cpu_index,
-  &pkg_id, &core_id, &smt_id);
-return apicid_from_topo_ids(nr_cores, nr_threads, pkg_id, core_id, smt_id);
+X86CPUTopoInfo topo;
+x86_topo_ids_from_idx(nr_cores, nr_threads, cpu_index, &topo);
+return apicid_from_topo_ids(nr_cores, nr_threads, &topo);
 }
 
 #endif /* TARGET_I386_TOPOLOGY_H */
-- 
1.9.3

[Qemu-devel] [PATCH v4 08/10] acpi: introduce acpi_send_gpe_event()

[Zhu Guihua]

acpi_send_gpe_event() is introduced to do a generic for acpi
to send gpe event, and it can be reused by CPU and PCI hotplug.

Signed-off-by: Zhu Guihua 
---
 hw/acpi/core.c | 7 +++
 include/hw/acpi/acpi.h | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/hw/acpi/core.c b/hw/acpi/core.c
index 51913d6..98ca994 100644
--- a/hw/acpi/core.c
+++ b/hw/acpi/core.c
@@ -666,6 +666,13 @@ uint32_t acpi_gpe_ioport_readb(ACPIREGS *ar, uint32_t addr)
 return val;
 }
 
+void acpi_send_gpe_event(ACPIREGS *ar, qemu_irq irq,
+ unsigned int hotplug_status)
+{
+ar->gpe.sts[0] |= hotplug_status;
+acpi_update_sci(ar, irq);
+}
+
 void acpi_update_sci(ACPIREGS *regs, qemu_irq irq)
 {
 int sci_level, pm1a_sts;
diff --git a/include/hw/acpi/acpi.h b/include/hw/acpi/acpi.h
index 1f678b4..7a0a209 100644
--- a/include/hw/acpi/acpi.h
+++ b/include/hw/acpi/acpi.h
@@ -172,6 +172,9 @@ void acpi_gpe_reset(ACPIREGS *ar);
 void acpi_gpe_ioport_writeb(ACPIREGS *ar, uint32_t addr, uint32_t val);
 uint32_t acpi_gpe_ioport_readb(ACPIREGS *ar, uint32_t addr);
 
+void acpi_send_gpe_event(ACPIREGS *ar, qemu_irq irq,
+ unsigned int hotplug_status);
+
 void acpi_update_sci(ACPIREGS *acpi_regs, qemu_irq irq);
 
 /* acpi.c */
-- 
1.9.3

[Qemu-devel] [PATCH v4 04/10] cpu: introduce get_compat_arch_id() method and override it for X86CPU

[Zhu Guihua]

get_compat_arch_id() is introduced to handle cross version migration issue,
it is to convert new 'apic-id' to old 'cpu_index'.

Signed-off-by: Zhu Guihua 
---
 include/qom/cpu.h  |  3 +++
 qom/cpu.c  |  6 ++
 target-i386/cpu.c  | 10 ++
 target-i386/topology.h | 33 +
 4 files changed, 52 insertions(+)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 2098f1c..2e68dd2 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -86,6 +86,8 @@ struct TranslationBlock;
  * @dump_state: Callback for dumping state.
  * @dump_statistics: Callback for dumping statistics.
  * @get_arch_id: Callback for getting architecture-dependent CPU ID.
+ * @get_compat_arch_id: Callback for getting compatiable architecture-dependent
+ * CPU ID.
  * @get_paging_enabled: Callback for inquiring whether paging is enabled.
  * @get_memory_mapping: Callback for obtaining the memory mappings.
  * @set_pc: Callback for setting the Program Counter register.
@@ -130,6 +132,7 @@ typedef struct CPUClass {
 void (*dump_statistics)(CPUState *cpu, FILE *f,
 fprintf_function cpu_fprintf, int flags);
 int64_t (*get_arch_id)(CPUState *cpu);
+int64_t (*get_compat_arch_id)(CPUState *cpu);
 bool (*get_paging_enabled)(const CPUState *cpu);
 void (*get_memory_mapping)(CPUState *cpu, MemoryMappingList *list,
Error **errp);
diff --git a/qom/cpu.c b/qom/cpu.c
index 9c68fa4..83d7766 100644
--- a/qom/cpu.c
+++ b/qom/cpu.c
@@ -321,6 +321,11 @@ static int64_t cpu_common_get_arch_id(CPUState *cpu)
 return cpu->cpu_index;
 }
 
+static int64_t cpu_common_get_compat_arch_id(CPUState *cpu)
+{
+return cpu->cpu_index;
+}
+
 static void cpu_class_init(ObjectClass *klass, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(klass);
@@ -330,6 +335,7 @@ static void cpu_class_init(ObjectClass *klass, void *data)
 k->parse_features = cpu_common_parse_features;
 k->reset = cpu_common_reset;
 k->get_arch_id = cpu_common_get_arch_id;
+k->get_compat_arch_id = cpu_common_get_compat_arch_id;
 k->has_work = cpu_common_has_work;
 k->get_paging_enabled = cpu_common_get_paging_enabled;
 k->get_memory_mapping = cpu_common_get_memory_mapping;
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 9e9f830..25f4f54 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2931,6 +2931,15 @@ static int64_t x86_cpu_get_arch_id(CPUState *cs)
 return env->cpuid_apic_id;
 }
 
+static int64_t x86_cpu_get_compat_arch_id(CPUState *cs)
+{
+X86CPU *cpu = X86_CPU(cs);
+CPUX86State *env = &cpu->env;
+
+return x86_compat_index_from_apic_id(smp_cores, smp_threads,
+ env->cpuid_apic_id);
+}
+
 static bool x86_cpu_get_paging_enabled(const CPUState *cs)
 {
 X86CPU *cpu = X86_CPU(cs);
@@ -3009,6 +3018,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
void *data)
 cc->gdb_read_register = x86_cpu_gdb_read_register;
 cc->gdb_write_register = x86_cpu_gdb_write_register;
 cc->get_arch_id = x86_cpu_get_arch_id;
+cc->get_compat_arch_id = x86_cpu_get_compat_arch_id;
 cc->get_paging_enabled = x86_cpu_get_paging_enabled;
 #ifdef CONFIG_USER_ONLY
 cc->handle_mmu_fault = x86_cpu_handle_mmu_fault;
diff --git a/target-i386/topology.h b/target-i386/topology.h
index e9ff89c..6edd2c6 100644
--- a/target-i386/topology.h
+++ b/target-i386/topology.h
@@ -132,4 +132,37 @@ static inline apic_id_t x86_apicid_from_cpu_idx(unsigned 
nr_cores,
 return apicid_from_topo_ids(nr_cores, nr_threads, &topo);
 }
 
+/* Calculate CPU topology based on CPU APIC ID.
+ * + */
+static inline void x86_topo_ids_from_apic_id(unsigned nr_cores,
+ unsigned nr_threads,
+ apic_id_t apic_id,
+ X86CPUTopoInfo *topo)
+{
+unsigned offset_mask;
+topo->pkg_id = apic_id >> apicid_pkg_offset(nr_cores, nr_threads);
+
+offset_mask = (1L << apicid_pkg_offset(nr_cores, nr_threads)) - 1;
+topo->core_id = (apic_id & offset_mask)
+ >> apicid_core_offset(nr_cores, nr_threads);
+
+offset_mask = (1L << apicid_core_offset(nr_cores, nr_threads)) - 1;
+topo->smt_id = apic_id & offset_mask;
+}
+
+/* Caculate CPU compat index based on CPU APIC ID.
+ */
+static inline unsigned x86_compat_index_from_apic_id(unsigned nr_cores,
+ unsigned nr_threads,
+ apic_id_t apic_id)
+{
+X86CPUTopoInfo topo;
+
+x86_topo_ids_from_apic_id(nr_cores, nr_threads, apic_id, &topo);
+
+return topo.pkg_id * nr_cores * nr_threads +
+   topo.core_id * nr_threads +
+   topo.smt_id;
+}
+
 #endif /* TARGET_I386_TOPOLOGY_H */
-- 
1.9.3

[Qemu-devel] [PATCH v4 10/10] i386/cpu: add instance finalize callback

[Zhu Guihua]

From: Gu Zheng 

Add a func to finalize a cpu's instance. When cpu's device_add failed,
and cpu's device_del executed, this func would be invoked.

Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 include/qom/cpu.h | 1 +
 target-i386/cpu.c | 8 
 2 files changed, 9 insertions(+)

diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index d0a50e2..518f234 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -308,6 +308,7 @@ struct CPUState {
 QTAILQ_HEAD(CPUTailQ, CPUState);
 extern struct CPUTailQ cpus;
 #define CPU_NEXT(cpu) QTAILQ_NEXT(cpu, node)
+#define CPU_REMOVE(cpu) QTAILQ_REMOVE(&cpus, cpu, node)
 #define CPU_FOREACH(cpu) QTAILQ_FOREACH(cpu, &cpus, node)
 #define CPU_FOREACH_SAFE(cpu, next_cpu) \
 QTAILQ_FOREACH_SAFE(cpu, &cpus, node, next_cpu)
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 68a6aa4..6df948f 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2973,6 +2973,13 @@ static void x86_cpu_initfn(Object *obj)
 }
 }
 
+static void x86_cpu_finalizefn(Object *obj)
+{
+CPUState *cs = CPU(obj);
+
+CPU_REMOVE(cs);
+}
+
 static int64_t x86_cpu_get_arch_id(CPUState *cs)
 {
 X86CPU *cpu = X86_CPU(cs);
@@ -3094,6 +3101,7 @@ static const TypeInfo x86_cpu_type_info = {
 .parent = TYPE_CPU,
 .instance_size = sizeof(X86CPU),
 .instance_init = x86_cpu_initfn,
+.instance_finalize = x86_cpu_finalizefn,
 .abstract = true,
 .class_size = sizeof(X86CPUClass),
 .class_init = x86_cpu_common_class_init,
-- 
1.9.3

[Qemu-devel] [PATCH v4 09/10] cpu: add device_add foo-x86_64-cpu support

[Zhu Guihua]

From: Chen Fan 

Add support to device_add foo-x86_64-cpu, and additional checks of
apic id are added into x86_cpuid_set_apic_id() to avoid duplicate.
Besides, in order to support "device/device_add foo-x86_64-cpu"
which without specified apic id, we assign cpuid_apic_id with a
default broadcast value (0x) in initfn, and a new function
get_free_apic_id() to provide a free apid id to cpuid_apic_id if
it still has the default at realize time (e.g. hot add foo-cpu without
a specified apic id) to avoid apic id duplicates.

Thanks very much for Igor's suggestion.

Signed-off-by: Chen Fan 
Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 hw/acpi/cpu_hotplug.c |  6 --
 hw/i386/pc.c  |  6 --
 target-i386/cpu.c | 48 +---
 3 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
index b8ebfad..8e4ed6e 100644
--- a/hw/acpi/cpu_hotplug.c
+++ b/hw/acpi/cpu_hotplug.c
@@ -59,8 +59,10 @@ void acpi_cpu_plug_cb(ACPIREGS *ar, qemu_irq irq,
 return;
 }
 
-ar->gpe.sts[0] |= ACPI_CPU_HOTPLUG_STATUS;
-acpi_update_sci(ar, irq);
+/* Only trigger sci if cpu is hotplugged */
+if (dev->hotplugged) {
+acpi_send_gpe_event(ar, irq, ACPI_CPU_HOTPLUG_STATUS);
+}
 }
 
 void acpi_cpu_hotplug_init(MemoryRegion *parent, Object *owner,
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 500d369..1187e12 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1637,13 +1637,7 @@ static void pc_cpu_plug(HotplugHandler *hotplug_dev,
 Error *local_err = NULL;
 PCMachineState *pcms = PC_MACHINE(hotplug_dev);
 
-if (!dev->hotplugged) {
-goto out;
-}
-
 if (!pcms->acpi_dev) {
-error_setg(&local_err,
-   "cpu hotplug is not enabled: missing acpi device");
 goto out;
 }
 
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 028063c..68a6aa4 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -1703,6 +1703,7 @@ static void x86_cpuid_set_apic_id(Object *obj, Visitor 
*v, void *opaque,
 const int64_t max = UINT32_MAX;
 Error *error = NULL;
 int64_t value;
+X86CPUTopoInfo topo;
 
 if (dev->realized) {
 error_setg(errp, "Attempt to set property '%s' on '%s' after "
@@ -1722,6 +1723,19 @@ static void x86_cpuid_set_apic_id(Object *obj, Visitor 
*v, void *opaque,
 return;
 }
 
+if (value > x86_cpu_apic_id_from_index(max_cpus - 1)) {
+error_setg(errp, "CPU with APIC ID %" PRIi64
+   " is more than MAX APIC ID limits", value);
+return;
+}
+
+x86_topo_ids_from_apic_id(smp_cores, smp_threads, value, &topo);
+if (topo.smt_id >= smp_threads || topo.core_id >= smp_cores) {
+error_setg(errp, "CPU with APIC ID %" PRIi64 " does not match "
+   "topology configuration.", value);
+return;
+}
+
 if ((value != cpu->env.cpuid_apic_id) && cpu_exists(value)) {
 error_setg(errp, "CPU with APIC ID %" PRIi64 " exists", value);
 return;
@@ -2166,8 +2180,10 @@ static void x86_cpu_cpudef_class_init(ObjectClass *oc, 
void *data)
 {
 X86CPUDefinition *cpudef = data;
 X86CPUClass *xcc = X86_CPU_CLASS(oc);
+DeviceClass *dc = DEVICE_CLASS(oc);
 
 xcc->cpu_def = cpudef;
+dc->cannot_instantiate_with_device_add_yet = false;
 }
 
 static void x86_register_cpudef_type(X86CPUDefinition *def)
@@ -2176,6 +2192,7 @@ static void x86_register_cpudef_type(X86CPUDefinition 
*def)
 TypeInfo ti = {
 .name = typename,
 .parent = TYPE_X86_CPU,
+.instance_size = sizeof(X86CPU),
 .class_init = x86_cpu_cpudef_class_init,
 .class_data = def,
 };
@@ -2709,11 +2726,28 @@ static void mce_init(X86CPU *cpu)
 }
 
 #ifndef CONFIG_USER_ONLY
+static uint32_t get_free_apic_id(void)
+{
+int i;
+
+for (i = 0; i < max_cpus; i++) {
+uint32_t id = x86_cpu_apic_id_from_index(i);
+
+if (!cpu_exists(id)) {
+return id;
+}
+}
+
+return x86_cpu_apic_id_from_index(max_cpus);
+}
+
+#define APIC_ID_NOT_SET (~0U)
+
 static void x86_cpu_apic_create(X86CPU *cpu, Error **errp)
 {
-CPUX86State *env = &cpu->env;
 APICCommonState *apic;
 const char *apic_type = "apic";
+uint32_t apic_id;
 
 if (kvm_irqchip_in_kernel()) {
 apic_type = "kvm-apic";
@@ -2729,7 +2763,15 @@ static void x86_cpu_apic_create(X86CPU *cpu, Error 
**errp)
 
 object_property_add_child(OBJECT(cpu), "apic",
   OBJECT(cpu->apic_state), NULL);
-qdev_prop_set_uint8(cpu->apic_state, "id", env->cpuid_apic_id);
+
+apic_id = object_property_get_int(OBJECT(cpu), "apic-id", NULL);
+if (apic_id == APIC_ID_NOT_SET) {
+apic_id = get_free_apic_id();
+object_property_set_int(OBJECT(cpu), apic_id, "apic-id", errp);
+}
+
+qdev_prop_set_uint8(cpu->apic_state, "id", apic_id);
+
 /* TODO: convert to l

Re: [Qemu-devel] [PATCH 3/3] virtio-scsi-dataplane: Use main thread BH to set BDS' aio context

[Fam Zheng]

On Fri, 02/13 10:38, Paolo Bonzini wrote:
> 
> 
> On 13/02/2015 02:21, Fam Zheng wrote:
> >> Could you just do set_aio_context for all devices when starting
> >> dataplane?  For example with a new scsi_device_set_aio_context function
> >> (and a new method in SCSIDeviceClass).
> >>
> >> Maybe I'm missing the obvious. :)
> > 
> > Per VQ IOThread stills needs it, in the case that guest switches the VQ of a
> > disk on the fly.
> 
> Per VQ iothread is far away though.  Multiqueue aims at parallelizing
> accesses *to the same disk from different CPUs*, not at parallelizing
> accesses to different disks.  As long as bdrv_set_aio_context does
> bdrv_drain_all, something has to change for multiqueue dataplane: either
> stop using bdrv_set_aio_context, or stop doing bdrv_drain_all.
> 
> In either case, the changes are large enough that we shouldn't code for
> a case that doesn't exist yet.
> 
> In addition, making the code more similar for virtio-blk and virtio-scsi
> dataplane is good, because the same changes can apply to both in the future.

I think we should avoid duplicate everything on both virtio-blk and
virtio-scsi, so they will have differences.

Why do you think Per VQ iothread is far away? Limiting to 1 thread for the
whole scsi bus doesn't sound ultimate solution for me. I think it's not harder
than the MMIO safety work we have, and also somehow independent to it.

But yes, stop using bdrv_set_aio_context will be the other way to make it
right, just harder to do.

Fam

Re: [Qemu-devel] [PATCH 3/3] virtio-scsi-dataplane: Use main thread BH to set BDS' aio context

[Paolo Bonzini]

On 13/02/2015 11:29, Fam Zheng wrote:
> I think we should avoid duplicate everything on both virtio-blk and
> virtio-scsi, so they will have differences.

True, but there are also similarities.  virtio-blk can also do per-VQ
iothreads

> Why do you think Per VQ iothread is far away?

Because per-VQ iothread needs to use either fine-grained locks or,
especially in the format and protocol driver, no locks at all.  No locks
at all applies especially to the raw case, where we can more easily
leverage kernel-side locks and thread-local storage.

Right now the lock is per-AioContext, but even if you made it
BlockBackend-grained lock, the iothreads will just contend on it and
each device won't get better performance than a single iothread.  Making
a single backend faster is unfortunately an extremely important case; if
you have multiple backends you can already move them to separate
virtio-scsi controllers or virtio-blk devices.

We haven't even started thinking how the design should look like, so I
think it's far away.

> Limiting to 1 thread for the
> whole scsi bus doesn't sound ultimate solution for me. I think it's not harder
> than the MMIO safety work we have, and also somehow independent to it.

I'm not sure it's independent.  While the MMIO safety work does not
imply using fine-grained locks, it probably(*) implies using
fine-grained critical sections.  Fine-grained critical sections are
probably(**) a subset of the work needed for fine-grained locks or also
for lockless operation.

(*) probably = couldn't think of a better way

(**) probably = I haven't even thought about it

Paolo

> But yes, stop using bdrv_set_aio_context will be the other way to make it
> right, just harder to do.

[Qemu-devel] [PATCH v3 0/7] cpu: add i386 cpu hot remove support

[Zhu Guihua]

This series is based on chen fan's previous i386 cpu hot remove patchset:
https://lists.nongnu.org/archive/html/qemu-devel/2013-12/msg04266.html

Via implementing ACPI standard methods _EJ0 in ACPI table, after Guest
OS remove one vCPU online, the fireware will store removed bitmap to
QEMU, then QEMU could know to notify the assigned vCPU of exiting.
Meanwhile, intruduce the QOM command 'device_del' to remove vCPU from
QEMU itself.

The whole work is based on the new hot plug/unplug framework, ,the unplug 
request
callback does the pre-check and send the request, unplug callback does the
removal handling.

This series depends on tangchen's common hot plug/unplug enhance patchset.
[PATCH v2 0/5] Common unplug and unplug request cb for memory and CPU hot-unplug
https://lists.nongnu.org/archive/html/qemu-devel/2015-01/msg03929.html

The is the second half of the previous series:  

[RFC V2 00/10] cpu: add device_add foo-x86_64-cpu and i386 cpu hot remove 
support
https://lists.nongnu.org/archive/html/qemu-devel/2014-08/msg04779.html  
   

If you want to test the series, you need to apply the 'device_add 
foo-x86_64-cpu'
patchset first:
[PATCH v4 00/10] cpu: add device_add foo-x86_64-cpu support
https://lists.nongnu.org/archive/html/qemu-devel/2015-02/msg02584.html

---
Changelog since v2:
 -drop ICC bus impl
 -fix delete cpu exceed 32 issue
 -fix bug about deleting the last cpu

Changelog since v1:
 -rebase on the latest version.
 -delete patch i386/cpu: add instance finalize callback, and put it into 
patchset
  [PATCH v3 0/6] cpu: add device_add foo-x86_64-cpu support.

Changelog since RFC:
 -splited the i386 cpu hot remove into single thread.
 -replaced apic_no with apic_id, so does the related stuff to make it
  work with arbitrary CPU hotadd.
 -add the icc_device_unrealize callback to handle apic unrealize.
 -rework on the new hot plug/unplug platform.
---

Chen Fan (2):
  x86: add x86_cpu_unrealizefn() for cpu apic remove
  cpu hotplug: implement function cpu_status_write() for vcpu ejection

Gu Zheng (3):
  acpi/cpu: add cpu hot unplug request callback function
  acpi, pc: add cpu hot unplug callback support
  cpus: reclaim allocated vCPU objects

Zhu Guihua (2):
  acpi, pc: add cpu hot unplug request callback support
  acpi/cpu: add cpu hot unplug callback function

 cpus.c| 44 
 hw/acpi/cpu_hotplug.c | 87 ---
 hw/acpi/ich9.c| 17 ++--
 hw/acpi/piix4.c   | 12 +-
 hw/core/qdev.c|  2 +-
 hw/i386/acpi-dsdt-cpu-hotplug.dsl | 16 ++-
 hw/i386/kvm/apic.c|  5 +++
 hw/i386/pc.c  | 68 --
 hw/intc/apic.c|  9 
 hw/intc/apic_common.c | 21 ++
 include/hw/acpi/cpu_hotplug.h |  8 
 include/hw/i386/apic_internal.h   |  1 +
 include/hw/qdev-core.h|  1 +
 include/qom/cpu.h |  9 
 include/sysemu/kvm.h  |  1 +
 kvm-all.c | 57 -
 target-i386/cpu.c | 46 +
 17 files changed, 377 insertions(+), 27 deletions(-)

-- 
1.9.3

[Qemu-devel] [PATCH v3 2/7] acpi/cpu: add cpu hot unplug request callback function

[Zhu Guihua]

From: Gu Zheng 

Signed-off-by: Chen Fan 
Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 hw/acpi/cpu_hotplug.c | 37 -
 include/hw/acpi/cpu_hotplug.h |  4 
 2 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
index 8e4ed6e..42109cd 100644
--- a/hw/acpi/cpu_hotplug.c
+++ b/hw/acpi/cpu_hotplug.c
@@ -12,6 +12,11 @@
 #include "hw/hw.h"
 #include "hw/acpi/cpu_hotplug.h"
 
+typedef enum STS_OPT {
+SET,
+CLEAR,
+} STS_OPT;
+
 static uint64_t cpu_status_read(void *opaque, hwaddr addr, unsigned int size)
 {
 AcpiCpuHotplug *cpus = opaque;
@@ -36,8 +41,8 @@ static const MemoryRegionOps AcpiCpuHotplug_ops = {
 },
 };
 
-static void acpi_set_cpu_present_bit(AcpiCpuHotplug *g, CPUState *cpu,
- Error **errp)
+static void acpi_update_cpu_present_bit(AcpiCpuHotplug *g, CPUState *cpu,
+STS_OPT opt, Error **errp)
 {
 CPUClass *k = CPU_GET_CLASS(cpu);
 int64_t cpu_id;
@@ -48,13 +53,23 @@ static void acpi_set_cpu_present_bit(AcpiCpuHotplug *g, 
CPUState *cpu,
 return;
 }
 
-g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
+switch (opt) {
+case SET:
+g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
+break;
+case CLEAR:
+g->sts[cpu_id / 8] &= ~(1 << (cpu_id % 8));
+break;
+default:
+g_assert(0);
+break;
+}
 }
 
 void acpi_cpu_plug_cb(ACPIREGS *ar, qemu_irq irq,
   AcpiCpuHotplug *g, DeviceState *dev, Error **errp)
 {
-acpi_set_cpu_present_bit(g, CPU(dev), errp);
+acpi_update_cpu_present_bit(g, CPU(dev), SET, errp);
 if (*errp != NULL) {
 return;
 }
@@ -65,13 +80,25 @@ void acpi_cpu_plug_cb(ACPIREGS *ar, qemu_irq irq,
 }
 }
 
+void acpi_cpu_unplug_request_cb(ACPIREGS *ar, qemu_irq irq,
+AcpiCpuHotplug *g, DeviceState *dev,
+Error **errp)
+{
+acpi_update_cpu_present_bit(g, CPU(dev), CLEAR, errp);
+if (*errp != NULL) {
+return;
+}
+
+acpi_send_gpe_event(ar, irq, ACPI_CPU_HOTPLUG_STATUS);
+}
+
 void acpi_cpu_hotplug_init(MemoryRegion *parent, Object *owner,
AcpiCpuHotplug *gpe_cpu, uint16_t base)
 {
 CPUState *cpu;
 
 CPU_FOREACH(cpu) {
-acpi_set_cpu_present_bit(gpe_cpu, cpu, &error_abort);
+acpi_update_cpu_present_bit(gpe_cpu, cpu, SET, &error_abort);
 }
 memory_region_init_io(&gpe_cpu->io, owner, &AcpiCpuHotplug_ops,
   gpe_cpu, "acpi-cpu-hotplug", ACPI_GPE_PROC_LEN);
diff --git a/include/hw/acpi/cpu_hotplug.h b/include/hw/acpi/cpu_hotplug.h
index f6d358d..8b15a3d 100644
--- a/include/hw/acpi/cpu_hotplug.h
+++ b/include/hw/acpi/cpu_hotplug.h
@@ -23,6 +23,10 @@ typedef struct AcpiCpuHotplug {
 void acpi_cpu_plug_cb(ACPIREGS *ar, qemu_irq irq,
   AcpiCpuHotplug *g, DeviceState *dev, Error **errp);
 
+void acpi_cpu_unplug_request_cb(ACPIREGS *ar, qemu_irq irq,
+AcpiCpuHotplug *g, DeviceState *dev,
+Error **errp);
+
 void acpi_cpu_hotplug_init(MemoryRegion *parent, Object *owner,
AcpiCpuHotplug *gpe_cpu, uint16_t base);
 #endif
-- 
1.9.3

[Qemu-devel] [PATCH v3 4/7] acpi/cpu: add cpu hot unplug callback function

[Zhu Guihua]

Signed-off-by: Zhu Guihua 
Signed-off-by: Gu Zheng 
---
 cpus.c| 7 +++
 hw/acpi/cpu_hotplug.c | 8 
 include/hw/acpi/cpu_hotplug.h | 3 +++
 include/qom/cpu.h | 9 +
 4 files changed, 27 insertions(+)

diff --git a/cpus.c b/cpus.c
index 67d10a7..d6e5a5f 100644
--- a/cpus.c
+++ b/cpus.c
@@ -1188,6 +1188,13 @@ void resume_all_vcpus(void)
 }
 }
 
+void cpu_remove(CPUState *cpu)
+{
+cpu->stop = true;
+cpu->exit = true;
+qemu_cpu_kick(cpu);
+}
+
 /* For temporary buffers for forming a name */
 #define VCPU_THREAD_NAME_SIZE 16
 
diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
index 42109cd..c47909c 100644
--- a/hw/acpi/cpu_hotplug.c
+++ b/hw/acpi/cpu_hotplug.c
@@ -92,6 +92,14 @@ void acpi_cpu_unplug_request_cb(ACPIREGS *ar, qemu_irq irq,
 acpi_send_gpe_event(ar, irq, ACPI_CPU_HOTPLUG_STATUS);
 }
 
+void acpi_cpu_unplug_cb(ACPIREGS *ar, qemu_irq irq, AcpiCpuHotplug *g,
+DeviceState *dev, Error **errp)
+{
+CPUState *cpu = CPU(dev);
+
+cpu_remove(cpu);
+}
+
 void acpi_cpu_hotplug_init(MemoryRegion *parent, Object *owner,
AcpiCpuHotplug *gpe_cpu, uint16_t base)
 {
diff --git a/include/hw/acpi/cpu_hotplug.h b/include/hw/acpi/cpu_hotplug.h
index 8b15a3d..0f84adb 100644
--- a/include/hw/acpi/cpu_hotplug.h
+++ b/include/hw/acpi/cpu_hotplug.h
@@ -27,6 +27,9 @@ void acpi_cpu_unplug_request_cb(ACPIREGS *ar, qemu_irq irq,
 AcpiCpuHotplug *g, DeviceState *dev,
 Error **errp);
 
+void acpi_cpu_unplug_cb(ACPIREGS *ar, qemu_irq irq,
+AcpiCpuHotplug *g, DeviceState *dev, Error **errp);
+
 void acpi_cpu_hotplug_init(MemoryRegion *parent, Object *owner,
AcpiCpuHotplug *gpe_cpu, uint16_t base);
 #endif
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index a7d601b..e5e0f2c 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -250,6 +250,7 @@ struct CPUState {
 bool created;
 bool stop;
 bool stopped;
+bool exit;
 volatile sig_atomic_t exit_request;
 uint32_t interrupt_request;
 int singlestep_enabled;
@@ -614,6 +615,14 @@ void cpu_exit(CPUState *cpu);
 void cpu_resume(CPUState *cpu);
 
 /**
+ * cpu_remove:
+ * @cpu: The vCPU to remove.
+ *
+ * Requests the CPU @cpu to be removed.
+ */
+void cpu_remove(CPUState *cpu);
+
+/**
  * qemu_init_vcpu:
  * @cpu: The vCPU to initialize.
  *
-- 
1.9.3

[Qemu-devel] [PATCH v3 5/7] acpi, pc: add cpu hot unplug callback support

[Zhu Guihua]

From: Gu Zheng 

Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 hw/acpi/ich9.c  |  8 ++--
 hw/acpi/piix4.c | 10 --
 hw/i386/pc.c| 26 --
 3 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 7600e88..f095999 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -412,8 +412,12 @@ void ich9_pm_device_unplug_request_cb(ICH9LPCPMRegs *pm, 
DeviceState *dev,
 void ich9_pm_device_unplug_cb(ICH9LPCPMRegs *pm, DeviceState *dev,
   Error **errp)
 {
-error_setg(errp, "acpi: device unplug for not supported device"
-   " type: %s", object_get_typename(OBJECT(dev)));
+if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+acpi_cpu_unplug_cb(&pm->acpi_regs, pm->irq, &pm->gpe_cpu, dev, errp);
+} else {
+error_setg(errp, "acpi: device unplug for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
+}
 }
 
 void ich9_pm_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 23595b6..4ca9153 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -375,8 +375,14 @@ static void piix4_device_unplug_request_cb(HotplugHandler 
*hotplug_dev,
 static void piix4_device_unplug_cb(HotplugHandler *hotplug_dev,
DeviceState *dev, Error **errp)
 {
-error_setg(errp, "acpi: device unplug for not supported device"
-   " type: %s", object_get_typename(OBJECT(dev)));
+PIIX4PMState *s = PIIX4_PM(hotplug_dev);
+
+if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+acpi_cpu_unplug_cb(&s->ar, s->irq, &s->gpe_cpu, dev, errp);
+} else {
+error_setg(errp, "acpi: device unplug for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
+}
 }
 
 static void piix4_update_bus_hotplug(PCIBus *pci_bus, void *opaque)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index 80dac20..d0d289b 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1687,6 +1687,24 @@ out:
 error_propagate(errp, local_err);
 }
 
+static void pc_cpu_unplug(HotplugHandler *hotplug_dev,
+  DeviceState *dev, Error **errp)
+{
+HotplugHandlerClass *hhc;
+Error *local_err = NULL;
+PCMachineState *pcms = PC_MACHINE(hotplug_dev);
+
+hhc = HOTPLUG_HANDLER_GET_CLASS(pcms->acpi_dev);
+hhc->unplug(HOTPLUG_HANDLER(pcms->acpi_dev), dev, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+return;
+}
+
+/* decrement the number of CPUs */
+rtc_set_memory(pcms->rtc, 0x5f, rtc_get_memory(pcms->rtc, 0x5f) - 1);
+}
+
 static void pc_machine_device_plug_cb(HotplugHandler *hotplug_dev,
   DeviceState *dev, Error **errp)
 {
@@ -1711,8 +1729,12 @@ static void 
pc_machine_device_unplug_request_cb(HotplugHandler *hotplug_dev,
 static void pc_machine_device_unplug_cb(HotplugHandler *hotplug_dev,
 DeviceState *dev, Error **errp)
 {
-error_setg(errp, "acpi: device unplug for not supported device"
-   " type: %s", object_get_typename(OBJECT(dev)));
+if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+pc_cpu_unplug(hotplug_dev, dev, errp);
+} else {
+error_setg(errp, "acpi: device unplug for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
+}
 }
 
 static HotplugHandler *pc_get_hotpug_handler(MachineState *machine,
-- 
1.9.3

[Qemu-devel] [PATCH v3 3/7] acpi, pc: add cpu hot unplug request callback support

[Zhu Guihua]

Signed-off-by: Zhu Guihua 
Signed-off-by: Gu Zheng 
---
 hw/acpi/ich9.c  |  9 +++--
 hw/acpi/piix4.c |  2 ++
 hw/i386/pc.c| 42 --
 3 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/hw/acpi/ich9.c b/hw/acpi/ich9.c
index 5352e19..7600e88 100644
--- a/hw/acpi/ich9.c
+++ b/hw/acpi/ich9.c
@@ -400,8 +400,13 @@ void ich9_pm_device_plug_cb(ICH9LPCPMRegs *pm, DeviceState 
*dev, Error **errp)
 void ich9_pm_device_unplug_request_cb(ICH9LPCPMRegs *pm, DeviceState *dev,
   Error **errp)
 {
-error_setg(errp, "acpi: device unplug request for not supported device"
-   " type: %s", object_get_typename(OBJECT(dev)));
+if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+acpi_cpu_unplug_request_cb(&pm->acpi_regs, pm->irq,
+   &pm->gpe_cpu, dev, errp);
+} else {
+error_setg(errp, "acpi: device unplug request for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
+}
 }
 
 void ich9_pm_device_unplug_cb(ICH9LPCPMRegs *pm, DeviceState *dev,
diff --git a/hw/acpi/piix4.c b/hw/acpi/piix4.c
index 14d40a0..23595b6 100644
--- a/hw/acpi/piix4.c
+++ b/hw/acpi/piix4.c
@@ -364,6 +364,8 @@ static void piix4_device_unplug_request_cb(HotplugHandler 
*hotplug_dev,
 if (object_dynamic_cast(OBJECT(dev), TYPE_PCI_DEVICE)) {
 acpi_pcihp_device_unplug_cb(&s->ar, s->irq, &s->acpi_pci_hotplug, dev,
 errp);
+} else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+acpi_cpu_unplug_request_cb(&s->ar, s->irq, &s->gpe_cpu, dev, errp);
 } else {
 error_setg(errp, "acpi: device unplug request for not supported device"
" type: %s", object_get_typename(OBJECT(dev)));
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index c1ecf08..80dac20 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1653,6 +1653,40 @@ out:
 error_propagate(errp, local_err);
 }
 
+static void pc_cpu_unplug_request(HotplugHandler *hotplug_dev,
+  DeviceState *dev, Error **errp)
+{
+HotplugHandlerClass *hhc;
+Error *local_err = NULL;
+PCMachineState *pcms;
+CPUState *cpu;
+int current_cpus = 0;
+
+CPU_FOREACH(cpu) {
+current_cpus++;
+}
+
+if (current_cpus == 1) {
+error_setg(&local_err,
+   "remove the last cpu is not allowed");
+goto out;
+}
+
+pcms = PC_MACHINE(hotplug_dev);
+if (!pcms->acpi_dev) {
+if (dev->hotplugged) {
+error_setg(&local_err,
+   "cpu hot unplug is not enabled: missing acpi device");
+}
+goto out;
+}
+
+hhc = HOTPLUG_HANDLER_GET_CLASS(pcms->acpi_dev);
+hhc->unplug_request(HOTPLUG_HANDLER(pcms->acpi_dev), dev, &local_err);
+out:
+error_propagate(errp, local_err);
+}
+
 static void pc_machine_device_plug_cb(HotplugHandler *hotplug_dev,
   DeviceState *dev, Error **errp)
 {
@@ -1666,8 +1700,12 @@ static void pc_machine_device_plug_cb(HotplugHandler 
*hotplug_dev,
 static void pc_machine_device_unplug_request_cb(HotplugHandler *hotplug_dev,
 DeviceState *dev, Error **errp)
 {
-error_setg(errp, "acpi: device unplug request for not supported device"
-   " type: %s", object_get_typename(OBJECT(dev)));
+if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+pc_cpu_unplug_request(hotplug_dev, dev, errp);
+} else {
+error_setg(errp, "acpi: device unplug request for not supported device"
+   " type: %s", object_get_typename(OBJECT(dev)));
+}
 }
 
 static void pc_machine_device_unplug_cb(HotplugHandler *hotplug_dev,
-- 
1.9.3

[Qemu-devel] [PATCH v3 1/7] x86: add x86_cpu_unrealizefn() for cpu apic remove

[Zhu Guihua]

From: Chen Fan 

Implement x86_cpu_unrealizefn() for corresponding x86_cpu_realizefn(),
which is mostly used to clean the apic related allocation and vmstates
at here.

Signed-off-by: Chen Fan 
Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 hw/i386/kvm/apic.c  |  5 +
 hw/intc/apic.c  |  9 
 hw/intc/apic_common.c   | 21 ---
 include/hw/i386/apic_internal.h |  1 +
 target-i386/cpu.c   | 46 +
 5 files changed, 74 insertions(+), 8 deletions(-)

diff --git a/hw/i386/kvm/apic.c b/hw/i386/kvm/apic.c
index 4b7ce57..45abfe9 100644
--- a/hw/i386/kvm/apic.c
+++ b/hw/i386/kvm/apic.c
@@ -195,11 +195,16 @@ static void kvm_apic_realize(DeviceState *dev, Error 
**errp)
 }
 }
 
+static void kvm_apic_unrealize(DeviceState *dev, Error **errp)
+{
+}
+
 static void kvm_apic_class_init(ObjectClass *klass, void *data)
 {
 APICCommonClass *k = APIC_COMMON_CLASS(klass);
 
 k->realize = kvm_apic_realize;
+k->unrealize = kvm_apic_unrealize;
 k->reset = kvm_apic_reset;
 k->set_base = kvm_apic_set_base;
 k->set_tpr = kvm_apic_set_tpr;
diff --git a/hw/intc/apic.c b/hw/intc/apic.c
index e48974f..f260cdf 100644
--- a/hw/intc/apic.c
+++ b/hw/intc/apic.c
@@ -895,11 +895,20 @@ static void apic_realize(DeviceState *dev, Error **errp)
 msi_supported = true;
 }
 
+static void apic_unrealize(DeviceState *dev, Error **errp)
+{
+APICCommonState *s = APIC_COMMON(dev);
+
+timer_free(s->timer);
+local_apics[s->idx] = NULL;
+}
+
 static void apic_class_init(ObjectClass *klass, void *data)
 {
 APICCommonClass *k = APIC_COMMON_CLASS(klass);
 
 k->realize = apic_realize;
+k->unrealize = apic_unrealize;
 k->set_base = apic_set_base;
 k->set_tpr = apic_set_tpr;
 k->get_tpr = apic_get_tpr;
diff --git a/hw/intc/apic_common.c b/hw/intc/apic_common.c
index 52b933d..657ffa0 100644
--- a/hw/intc/apic_common.c
+++ b/hw/intc/apic_common.c
@@ -302,17 +302,9 @@ static void apic_common_realize(DeviceState *dev, Error 
**errp)
 APICCommonState *s = APIC_COMMON(dev);
 APICCommonClass *info;
 static DeviceState *vapic;
-static int apic_no;
 PCMachineState *pcms = PC_MACHINE(qdev_get_machine());
 static bool mmio_registered;
 
-if (apic_no >= MAX_APICS) {
-error_setg(errp, "%s initialization failed.",
-   object_get_typename(OBJECT(dev)));
-return;
-}
-s->idx = apic_no++;
-
 info = APIC_COMMON_GET_CLASS(s);
 info->realize(dev, errp);
 
@@ -335,6 +327,18 @@ static void apic_common_realize(DeviceState *dev, Error 
**errp)
 
 }
 
+static void apic_common_unrealize(DeviceState *dev, Error **errp)
+{
+APICCommonState *s = APIC_COMMON(dev);
+APICCommonClass *info = APIC_COMMON_GET_CLASS(s);
+
+info->unrealize(dev, errp);
+
+if (apic_report_tpr_access && info->enable_tpr_reporting) {
+info->enable_tpr_reporting(s, false);
+}
+}
+
 static int apic_pre_load(void *opaque)
 {
 APICCommonState *s = APIC_COMMON(opaque);
@@ -442,6 +446,7 @@ static void apic_common_class_init(ObjectClass *klass, void 
*data)
 dc->reset = apic_reset_common;
 dc->props = apic_properties_common;
 dc->realize = apic_common_realize;
+dc->unrealize = apic_common_unrealize;
 /*
  * Reason: APIC and CPU need to be wired up by
  * x86_cpu_apic_create()
diff --git a/include/hw/i386/apic_internal.h b/include/hw/i386/apic_internal.h
index 578a616..3432a78 100644
--- a/include/hw/i386/apic_internal.h
+++ b/include/hw/i386/apic_internal.h
@@ -81,6 +81,7 @@ typedef struct APICCommonClass
 DeviceClass parent_class;
 
 DeviceRealize realize;
+DeviceUnrealize unrealize;
 void (*set_base)(APICCommonState *s, uint64_t val);
 void (*set_tpr)(APICCommonState *s, uint8_t val);
 uint8_t (*get_tpr)(APICCommonState *s);
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index fc0e4a6..84c88fe 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2775,6 +2775,8 @@ static void x86_cpu_apic_create(X86CPU *cpu, Error **errp)
 
 /* TODO: convert to link<> */
 apic = APIC_COMMON(cpu->apic_state);
+g_assert(apic_id < MAX_APICS);
+apic->idx = apic_id;
 apic->cpu = cpu;
 }
 
@@ -2798,10 +2800,32 @@ static void x86_cpu_apic_realize(X86CPU *cpu, Error 
**errp)
 return;
 }
 }
+
+static void x86_cpu_apic_unrealize(X86CPU *cpu, Error **errp)
+{
+Error *local_err = NULL;
+
+if (cpu->apic_state == NULL) {
+return;
+}
+
+object_property_set_bool(OBJECT(cpu->apic_state),
+ false, "realized", &local_err);
+if (local_err != NULL) {
+error_propagate(errp, local_err);
+return;
+}
+
+vmstate_unregister(NULL, &vmstate_apic_common, cpu->apic_state);
+object_unparent(OBJECT(cpu->apic_state));
+}
 #else
 static void x86_cpu_apic_realize(X86CPU *cpu, Error **errp)
 {
 }
+static void x86_c

[Qemu-devel] [PATCH v3 7/7] cpus: reclaim allocated vCPU objects

[Zhu Guihua]

From: Gu Zheng 

After ACPI get a signal to eject a vCPU, the vCPU must be
removed from CPU list，before the vCPU really removed,  then
release the all related vCPU objects.

In order to deal well with the kvm vcpus (which can not be removed without any
protection), we do not close KVM vcpu fd, just record and mark it as stopped
into a list, so that we can reuse it for the appending cpu hot-add request if
possible. It is also the approach that kvm guys suggested:
https://www.mail-archive.com/kvm@vger.kernel.org/msg102839.html

Signed-off-by: Chen Fan 
Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 cpus.c   | 37 ++
 include/sysemu/kvm.h |  1 +
 kvm-all.c| 57 +++-
 3 files changed, 94 insertions(+), 1 deletion(-)

diff --git a/cpus.c b/cpus.c
index d6e5a5f..a11941f 100644
--- a/cpus.c
+++ b/cpus.c
@@ -854,6 +854,24 @@ void async_run_on_cpu(CPUState *cpu, void (*func)(void 
*data), void *data)
 qemu_cpu_kick(cpu);
 }
 
+static void qemu_kvm_destroy_vcpu(CPUState *cpu)
+{
+CPU_REMOVE(cpu);
+
+if (kvm_destroy_vcpu(cpu) < 0) {
+error_report("kvm_destroy_vcpu failed.\n");
+exit(EXIT_FAILURE);
+}
+
+object_unparent(OBJECT(cpu));
+}
+
+static void qemu_tcg_destroy_vcpu(CPUState *cpu)
+{
+CPU_REMOVE(cpu);
+object_unparent(OBJECT(cpu));
+}
+
 static void flush_queued_work(CPUState *cpu)
 {
 struct qemu_work_item *wi;
@@ -946,6 +964,11 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
 }
 }
 qemu_kvm_wait_io_event(cpu);
+if (cpu->exit && !cpu_can_run(cpu)) {
+qemu_kvm_destroy_vcpu(cpu);
+qemu_mutex_unlock(&qemu_global_mutex);
+return NULL;
+}
 }
 
 return NULL;
@@ -999,6 +1022,7 @@ static void tcg_exec_all(void);
 static void *qemu_tcg_cpu_thread_fn(void *arg)
 {
 CPUState *cpu = arg;
+CPUState *remove_cpu = NULL;
 
 qemu_tcg_init_cpu_signals();
 qemu_thread_get_self(cpu->thread);
@@ -1032,6 +1056,16 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
 }
 }
 qemu_tcg_wait_io_event();
+CPU_FOREACH(cpu) {
+if (cpu->exit && !cpu_can_run(cpu)) {
+remove_cpu = cpu;
+break;
+}
+}
+if (remove_cpu) {
+qemu_tcg_destroy_vcpu(remove_cpu);
+remove_cpu = NULL;
+}
 }
 
 return NULL;
@@ -1389,6 +1423,9 @@ static void tcg_exec_all(void)
 break;
 }
 } else if (cpu->stop || cpu->stopped) {
+if (cpu->exit) {
+next_cpu = CPU_NEXT(cpu);
+}
 break;
 }
 }
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 30cb84d..560caef 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -188,6 +188,7 @@ int kvm_has_intx_set_mask(void);
 
 int kvm_init_vcpu(CPUState *cpu);
 int kvm_cpu_exec(CPUState *cpu);
+int kvm_destroy_vcpu(CPUState *cpu);
 
 #ifdef NEED_CPU_H
 
diff --git a/kvm-all.c b/kvm-all.c
index 05a79c2..46e7853 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -71,6 +71,12 @@ typedef struct KVMSlot
 
 typedef struct kvm_dirty_log KVMDirtyLog;
 
+struct KVMParkedVcpu {
+unsigned long vcpu_id;
+int kvm_fd;
+QLIST_ENTRY(KVMParkedVcpu) node;
+};
+
 struct KVMState
 {
 AccelState parent_obj;
@@ -107,6 +113,7 @@ struct KVMState
 QTAILQ_HEAD(msi_hashtab, KVMMSIRoute) msi_hashtab[KVM_MSI_HASHTAB_SIZE];
 bool direct_msi;
 #endif
+QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus;
 };
 
 #define TYPE_KVM_ACCEL ACCEL_CLASS_NAME("kvm")
@@ -247,6 +254,53 @@ static int kvm_set_user_memory_region(KVMState *s, KVMSlot 
*slot)
 return kvm_vm_ioctl(s, KVM_SET_USER_MEMORY_REGION, &mem);
 }
 
+int kvm_destroy_vcpu(CPUState *cpu)
+{
+KVMState *s = kvm_state;
+long mmap_size;
+struct KVMParkedVcpu *vcpu = NULL;
+int ret = 0;
+
+DPRINTF("kvm_destroy_vcpu\n");
+
+mmap_size = kvm_ioctl(s, KVM_GET_VCPU_MMAP_SIZE, 0);
+if (mmap_size < 0) {
+ret = mmap_size;
+DPRINTF("KVM_GET_VCPU_MMAP_SIZE failed\n");
+goto err;
+}
+
+ret = munmap(cpu->kvm_run, mmap_size);
+if (ret < 0) {
+goto err;
+}
+
+vcpu = g_malloc0(sizeof(*vcpu));
+vcpu->vcpu_id = kvm_arch_vcpu_id(cpu);
+vcpu->kvm_fd = cpu->kvm_fd;
+QLIST_INSERT_HEAD(&kvm_state->kvm_parked_vcpus, vcpu, node);
+err:
+return ret;
+}
+
+static int kvm_get_vcpu(KVMState *s, unsigned long vcpu_id)
+{
+struct KVMParkedVcpu *cpu;
+
+QLIST_FOREACH(cpu, &s->kvm_parked_vcpus, node) {
+if (cpu->vcpu_id == vcpu_id) {
+int kvm_fd;
+
+QLIST_REMOVE(cpu, node);
+kvm_fd = cpu->kvm_fd;
+g_free(cpu);
+return kvm_fd;
+}
+}
+
+return kvm_vm_ioctl(s, KVM_CREATE_VCPU, (void *)vcpu_id);
+}
+
 int kvm_init_vcpu(CPUState *cpu)

[Qemu-devel] [PATCH v3 6/7] cpu hotplug: implement function cpu_status_write() for vcpu ejection

[Zhu Guihua]

From: Chen Fan 

When OS ejected a vcpu (like: echo 1 > /sys/bus/acpi/devices/LNXCPUXX/eject),
it would call acpi EJ0 method, the firmware need to write the new cpumap, QEMU
would know which vcpu need to be ejected.

Signed-off-by: Chen Fan 
Signed-off-by: Gu Zheng 
Signed-off-by: Zhu Guihua 
---
 hw/acpi/cpu_hotplug.c | 42 ++-
 hw/core/qdev.c|  2 +-
 hw/i386/acpi-dsdt-cpu-hotplug.dsl | 16 ++-
 include/hw/acpi/cpu_hotplug.h |  1 +
 include/hw/qdev-core.h|  1 +
 5 files changed, 59 insertions(+), 3 deletions(-)

diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c
index c47909c..1874ee0 100644
--- a/hw/acpi/cpu_hotplug.c
+++ b/hw/acpi/cpu_hotplug.c
@@ -17,6 +17,26 @@ typedef enum STS_OPT {
 CLEAR,
 } STS_OPT;
 
+static void acpi_eject_vcpu(AcpiCpuHotplug *cpus_status, int64_t cpu_id)
+{
+CPUState *cpu;
+
+CPU_FOREACH(cpu) {
+CPUClass *cc = CPU_GET_CLASS(cpu);
+int64_t id = cc->get_arch_id(cpu);
+HotplugHandler *hotplug_ctrl;
+
+if (cpu_id == id) {
+cpus_status->old_sts[cpu_id / 8] &= ~(1 << (cpu_id % 8));
+cpus_status->sts[cpu_id / 8] &= ~(1 << (cpu_id % 8));
+
+hotplug_ctrl = qdev_get_hotplug_handler(DEVICE(cpu));
+hotplug_handler_unplug(hotplug_ctrl, DEVICE(cpu), NULL);
+break;
+}
+}
+}
+
 static uint64_t cpu_status_read(void *opaque, hwaddr addr, unsigned int size)
 {
 AcpiCpuHotplug *cpus = opaque;
@@ -28,7 +48,26 @@ static uint64_t cpu_status_read(void *opaque, hwaddr addr, 
unsigned int size)
 static void cpu_status_write(void *opaque, hwaddr addr, uint64_t data,
  unsigned int size)
 {
-/* TODO: implement VCPU removal on guest signal that CPU can be removed */
+AcpiCpuHotplug *cpus = opaque;
+uint8_t val;
+int i;
+int64_t cpu_id = -1;
+
+val = cpus->old_sts[addr] ^ data;
+
+if (val == 0) {
+return;
+}
+
+for (i = 0; i < 8; i++) {
+if (val & 1 << i) {
+cpu_id = 8 * addr + i;
+}
+}
+
+if (cpu_id != -1) {
+acpi_eject_vcpu(cpus, cpu_id);
+}
 }
 
 static const MemoryRegionOps AcpiCpuHotplug_ops = {
@@ -56,6 +95,7 @@ static void acpi_update_cpu_present_bit(AcpiCpuHotplug *g, 
CPUState *cpu,
 switch (opt) {
 case SET:
 g->sts[cpu_id / 8] |= (1 << (cpu_id % 8));
+g->old_sts[cpu_id / 8] |= (1 << (cpu_id % 8));
 break;
 case CLEAR:
 g->sts[cpu_id / 8] &= ~(1 << (cpu_id % 8));
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 2eacac0..2f3d1df 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -273,7 +273,7 @@ void qdev_set_legacy_instance_id(DeviceState *dev, int 
alias_id,
 dev->alias_required_for_version = required_for_version;
 }
 
-static HotplugHandler *qdev_get_hotplug_handler(DeviceState *dev)
+HotplugHandler *qdev_get_hotplug_handler(DeviceState *dev)
 {
 HotplugHandler *hotplug_ctrl = NULL;
 
diff --git a/hw/i386/acpi-dsdt-cpu-hotplug.dsl 
b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
index 268d870..e03517f 100644
--- a/hw/i386/acpi-dsdt-cpu-hotplug.dsl
+++ b/hw/i386/acpi-dsdt-cpu-hotplug.dsl
@@ -50,7 +50,21 @@ Scope(\_SB) {
 }
 Method(CPEJ, 2, NotSerialized) {
 // _EJ0 method - eject callback
-Sleep(200)
+Store(Zero, Index(CPON, ToInteger(Arg0)))
+Store(PRS, Local5)
+// Local0 = the index of cpu bitmap
+Store(ShiftRight(ToInteger(Arg0), 3), Local0)
+// Local1 = the subobject of PRS with dereferece
+Store(DerefOf(Index(PRS, Local0)), Local1)
+// Local2 = the bit index in cpu bitmap
+And(ToInteger(Arg0), 0x7, Local2)
+Store(One, Local3)
+ShiftLeft(Local3, Local2, Local3)
+Not(Local3, Local3)
+// discard the bit index in cpu bitmap
+And(Local1, Local3, Local1)
+Store(Local1, Index(Local5, Local0))
+Store(Local5, PRS)
 }
 
 #define CPU_STATUS_LEN ACPI_GPE_PROC_LEN
diff --git a/include/hw/acpi/cpu_hotplug.h b/include/hw/acpi/cpu_hotplug.h
index 0f84adb..abbb29e 100644
--- a/include/hw/acpi/cpu_hotplug.h
+++ b/include/hw/acpi/cpu_hotplug.h
@@ -18,6 +18,7 @@
 typedef struct AcpiCpuHotplug {
 MemoryRegion io;
 uint8_t sts[ACPI_GPE_PROC_LEN];
+uint8_t old_sts[ACPI_GPE_PROC_LEN];
 } AcpiCpuHotplug;
 
 void acpi_cpu_plug_cb(ACPIREGS *ar, qemu_irq irq,
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index 15a226f..de42e78 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -269,6 +269,7 @@ void qdev_set_legacy_instance_id(DeviceState *dev, int 
alias_id,
 void qdev_unplug(DeviceState *dev, Error **errp);
 void qdev_simple_device_unplug_cb(HotplugHandler *hotplug_dev,
   DeviceState *dev, Error **errp);
+HotplugHandler *qdev_get_hotplug_handler(DeviceState *dev);
 void qdev_machine_creation_done(void);
 bool qdev_machi

Re: [Qemu-devel] [virtio] virtqueue request size

[Vasile Catalin-B50542]

I found what was the problem.
virtqueue_get_avail_bytes() must be called before  virtqueue_pop().


On 12.02.2015 15:52, Vasile Catalin-B50542 wrote:

I'm trying to work out virtqueue from the virtio API.
I've been able to send a message from guest to qemu, but there is 
something

strange that I don't understand.
virtqueue_get_avail_bytes() returns 0 number of "in" bytes, but if I 
hard code

iov_to_buf() to get 5 bytes, it actually gets my message.
What am I missing out?

Here is the essential code so far:
Guest:
probe function:
vq = virtio_find_single_vq(vdev, recv_done, "input");
triggered send function:
sg_init_one(&sg, buf, size);
if (virtqueue_add_inbuf(vq, &sg, 1, buf, GFP_KERNEL) < 0)
BUG();
virtqueue_kick(vq);

Qemu:
realize function:
vcrypto->vq = virtio_add_queue(vdev, 8, handle_input);
handle_input:
virtqueue_pop(vcrypto->vq, &elem);
eprintf("request size is %u", get_request_size(vcrypto->vq, 
100)); // prints size 0
iov_to_buf(elem.in_sg, elem.in_num, 0, buffer, 5); // 
hardcoded to 5 bytes for now

get_request_size:
virtqueue_get_avail_bytes(vq, &in, &out, quota, quota); // 
quota = 100

return in;

Re: [Qemu-devel] [virtio] virtqueue request size

[Vasile Catalin-B50542]

I found out what was the problem.
I was calling virtqueue_get_avail_bytes() after virtqueue_pop().

On 12.02.2015 15:52, Vasile Catalin-B50542 wrote:

I'm trying to work out virtqueue from the virtio API.
I've been able to send a message from guest to qemu, but there is 
something

strange that I don't understand.
virtqueue_get_avail_bytes() returns 0 number of "in" bytes, but if I 
hard code

iov_to_buf() to get 5 bytes, it actually gets my message.
What am I missing out?

Here is the essential code so far:
Guest:
probe function:
vq = virtio_find_single_vq(vdev, recv_done, "input");
triggered send function:
sg_init_one(&sg, buf, size);
if (virtqueue_add_inbuf(vq, &sg, 1, buf, GFP_KERNEL) < 0)
BUG();
virtqueue_kick(vq);

Qemu:
realize function:
vcrypto->vq = virtio_add_queue(vdev, 8, handle_input);
handle_input:
virtqueue_pop(vcrypto->vq, &elem);
eprintf("request size is %u", get_request_size(vcrypto->vq, 
100)); // prints size 0
iov_to_buf(elem.in_sg, elem.in_num, 0, buffer, 5); // 
hardcoded to 5 bytes for now

get_request_size:
virtqueue_get_avail_bytes(vq, &in, &out, quota, quota); // 
quota = 100

return in;

Re: [Qemu-devel] [PULL 00/12] target-arm queue

[Peter Maydell]

On 13 February 2015 at 05:54, Peter Maydell  wrote:
> The following changes since commit 449008f86418583a1f0fb946cf91ee7b4797317d:
>
>   Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150210.0' 
> into staging (2015-02-11 05:14:41 +)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20150213
>
> for you to fetch changes up to c2ebd862a54b7e12175d65c03ba259926cb2237a:
>
>   target-arm: A64: Avoid signed shifts in disas_ldst_pair() (2015-02-13 
> 05:46:09 +)
>
> 
> target-arm queue:
>  * PCIe support in virt board
>  * Support 32-bit guests on 64-bit KVM hosts in virt board
>  * Fixes to avoid C undefined behaviour
>
> 

NB: if following this merge you find 'make check' fails, this is
likely because your build tree is old and is missing the correct
dependency files (the .d files which would tell it to rebuild the
config-devices.mak files don't exist, and the .d files only get
built when the config-devices.mak files are rebuilt.) This can
be fixed by:
 rm /*/config-devices.mak*

(or by blowing away the whole builddir, of course).

-- PMM

Re: [Qemu-devel] HEAD is failing virt-test on migration tests

[Lucas Meneghel Rodrigues]

Alex, Dave:

Virt-Test fd migration starts by sending a fd to the source vm

22:20:40 DEBUG| Send file descriptor migfd_28_1423786840 to source VM.
22:20:40 DEBUG| (monitor hmp1) Sending command 'getfd 
migfd_28_1423786840'


later on...

22:20:42 INFO | Migrating to fd:migfd_28_1423786840
22:20:42 DEBUG| (monitor hmp1) Sending command 'migrate -d 
fd:migfd_28_1423786840'

22:20:42 DEBUG| Send command: migrate -d fd:migfd_28_1423786840

Attached to this message you can find a .tar.bz2 file (~36Kb) with 
virt-test results. It contains extra information, such as a a record of 
vm registers taken periodically during the testing process.


Cheers,

Lucas

On Thu, Feb 12, 2015 at 10:36 PM, Alexander Graf  wrote:



On 13.02.15 01:29, Lucas Meneghel Rodrigues wrote:

 Copying Alex.

 OK, after bisecting, this is what I've got:

 8118f0950fc77cce7873002a5021172dd6e040b5 is the first bad commit
 commit 8118f0950fc77cce7873002a5021172dd6e040b5
 Author: Alexander Graf mailto:ag...@suse.de>>
 Date:   Thu Jan 22 15:01:39 2015 +0100

 migration: Append JSON description of migration stream

 One of the annoyances of the current migration format is the 
fact that
 it's not self-describing. In fact, it's not properly describing 
at all.
 Some code randomly scattered throughout QEMU elaborates roughly 
how to

 read and write a stream of bytes.

 We discussed an idea during KVM Forum 2013 to add a JSON 
description of
 the migration protocol itself to the migration stream. This 
patch
 adds a section after the VM_END migration end marker that 
contains

 description data on what the device sections of the stream are
 composed of.

 This approach is backwards compatible with any QEMU version 
reading the
 stream, because QEMU just stops reading after the VM_END marker 
and

 ignores
 any data following it.

 With an additional external program this allows us to decipher 
the
 contents of any migration stream and hopefully make migration 
bugs

 easier
 to track down.

 Signed-off-by: Alexander Graf >

 Signed-off-by: Amit Shah mailto:amit.s...@redhat.com>>
 Signed-off-by: Juan Quintela mailto:quint...@redhat.com>>

 :04 04 e9aac242a61fbd05bbb0daa3e8877970e738
 61df81f831bc86b29f65883523ea95abb36f1ec5 Mhw
 :04 04 fe0659bed17d86c43657c26622d64fd44a1af037
 7092a6b6515a3d0077f68ff2d80dbd74597a244f Minclude
 :04 04 d90d6f1fe839abf21a45eaba5829d5a6a22abeb1
 c2b1dcda197d96657458d699c185e39ae45f3c6c Mmigration
 :100644 100644 98895fee81edfbc659fc42d467e930d06b1afa7d
 80407662ad3ed860d33a9d35f5c44b1d19c4612b Msavevm.c
 :04 04 cf218bc2b841cd51ebe3972635be2cfbb1de9dfa
 7aaf3d10ef7f73413b228e854fe6f04317151e46 Mtests

 So there you go. I'm going to sleep, if you need any extra help let 
me know.


So the major difference with this patch applied is that the sender 
could

send more data than the receive wants to read. I can't see the actual
migrate command you used down there.

I haven't seen this actually being a problem so far, as the receiver
just close()s its file descriptor once it hits VM_EOF. This should 
only

break senders if they expect they can send more. That said, I think I
only tested offline migration (via exec:), so maybe QEMU is behaving
badly and actually wants to send all data and just fails the migration
without?


Alex



run-2015-02-12-22.20.21.tar.bz2
Description: application/bzip-compressed-tar

Re: [Qemu-devel] [PATCH v2 00/11] cpu: add i386 cpu hot remove support

[Zhu Guihua]

On Thu, 2015-02-12 at 19:49 +0800, Zhu Guihua wrote:
> On Tue, 2015-02-10 at 20:38 +0800, Zhi Yong Wu wrote:
> > On Fri, Feb 6, 2015 at 3:54 PM, Zhu Guihua  
> > wrote:
> > > On Tue, 2015-02-03 at 16:41 +0800, Zhi Yong Wu wrote:
> > >> HI,
> > >>
> > >> Can you push the patchset to a branch on github? It will be convenient
> > >> for other guys to do some tests.
> > >
> > > sorry for late reply.
> > > I had pushed into https://github.com/zhugh/qemu.git
> > > The patchset is on branch cpu-hotplug.
> > >
> > > Welcome to test, Thanks.
> > HI,
> > 
> > Can you let me know why device_add can't support the vCPU with 'host' model?
> > 
> > >
> 
> I have not noticed this before, thanks for your mentioning.
> 
> host_x86_cpu does not support hotplug by default, we will fix this in
> next version.

I underestimated the complexity of this issue, and expect to handle this
in v5 for x86_64-cpu device_add. Thanks.

Regards,
Zhu

> Regards,
> Zhu
> 
> > > Regards,
> > > Zhu
> > >
> > >>
> > >> On Wed, Jan 14, 2015 at 3:44 PM, Zhu Guihua  
> > >> wrote:
> > >> > This series is based on chen fan's previous i386 cpu hot remove 
> > >> > patchset:
> > >> > https://lists.nongnu.org/archive/html/qemu-devel/2013-12/msg04266.html
> > >> >
> > >> > Via implementing ACPI standard methods _EJ0 in ACPI table, after Guest
> > >> > OS remove one vCPU online, the fireware will store removed bitmap to
> > >> > QEMU, then QEMU could know to notify the assigned vCPU of exiting.
> > >> > Meanwhile, intruduce the QOM command 'device_del' to remove vCPU from
> > >> > QEMU itself.
> > >> >
> > >> > The whole work is based on the new hot plug/unplug framework, ,the 
> > >> > unplug request
> > >> > callback does the pre-check and send the request, unplug callback does 
> > >> > the
> > >> > removal handling.
> > >> >
> > >> > This series depends on tangchen's common hot plug/unplug enhance 
> > >> > patchset.
> > >> > [RESEND PATCH v1 0/5] Common unplug and unplug request cb for memory 
> > >> > and CPU hot-unplug
> > >> > https://lists.nongnu.org/archive/html/qemu-devel/2015-01/msg00429.html
> > >> >
> > >> > The is the second half of the previous series:
> > >> > [RFC V2 00/10] cpu: add device_add foo-x86_64-cpu and i386 cpu hot 
> > >> > remove support
> > >> > https://lists.nongnu.org/archive/html/qemu-devel/2014-08/msg04779.html
> > >> >
> > >> > If you want to test the series, you need to apply the 'device_add 
> > >> > foo-x86_64-cpu'
> > >> > patchset first:
> > >> > [PATCH v3 0/7] cpu: add device_add foo-x86_64-cpu support
> > >> > https://lists.nongnu.org/archive/html/qemu-devel/2015-01/msg01552.html
> > >> >
> > >> > ---
> > >> > Changelog since v1:
> > >> >  -rebase on the latest version.
> > >> >  -delete patch i386/cpu: add instance finalize callback, and put it 
> > >> > into patchset
> > >> >   [PATCH v3 0/6] cpu: add device_add foo-x86_64-cpu support.
> > >> >
> > >> > Changelog since RFC:
> > >> >  -splited the i386 cpu hot remove into single thread.
> > >> >  -replaced apic_no with apic_id, so does the related stuff to make it
> > >> >   work with arbitrary CPU hotadd.
> > >> >  -add the icc_device_unrealize callback to handle apic unrealize.
> > >> >  -rework on the new hot plug/unplug platform.
> > >> > ---
> > >> >
> > >> > Chen Fan (2):
> > >> >   x86: add x86_cpu_unrealizefn() for cpu apic remove
> > >> >   cpu hotplug: implement function cpu_status_write() for vcpu ejection
> > >> >
> > >> > Gu Zheng (5):
> > >> >   acpi/cpu: add cpu hot unplug request callback function
> > >> >   acpi/piix4: add cpu hot unplug callback support
> > >> >   acpi/ich9: add cpu hot unplug support
> > >> >   pc: add cpu hot unplug callback support
> > >> >   cpus: reclaim allocated vCPU objects
> > >> >
> > >> > Zhu Guihua (4):
> > >> >   acpi/piix4: add cpu hot unplug request callback support
> > >> >   acpi/ich9: add cpu hot unplug request callback support
> > >> >   pc: add cpu hot unplug request callback support
> > >> >   acpi/cpu: add cpu hot unplug callback function
> > >> >
> > >> >  cpus.c| 44 
> > >> >  hw/acpi/cpu_hotplug.c | 88 
> > >> > ---
> > >> >  hw/acpi/ich9.c| 17 ++--
> > >> >  hw/acpi/piix4.c   | 12 +-
> > >> >  hw/core/qdev.c|  2 +-
> > >> >  hw/cpu/icc_bus.c  | 11 +
> > >> >  hw/i386/acpi-dsdt-cpu-hotplug.dsl |  6 ++-
> > >> >  hw/i386/kvm/apic.c|  8 
> > >> >  hw/i386/pc.c  | 62 +--
> > >> >  hw/intc/apic.c| 10 +
> > >> >  hw/intc/apic_common.c | 21 ++
> > >> >  include/hw/acpi/cpu_hotplug.h |  8 
> > >> >  include/hw/cpu/icc_bus.h  |  1 +
> > >> >  include/hw/i386/apic_internal.h   |  1 +
> > >> >  include/hw/qdev-core.h|  1 +
> > >> >  include/qom/cpu.h |  9 
> > >> >  include/sysemu/k

Re: [Qemu-devel] [PATCH 0/2] qemu-img: Fix qemu-img convert -n

[Stefan Hajnoczi]

On Wed, Feb 11, 2015 at 09:58:45AM -0500, Max Reitz wrote:
> Even when specifying -n to suppress image creation with qemu-img
> convert, that function tried to verify that the target protocol and
> driver are suited for image creation. This verification should be
> suppressed, too (which is what the first patch in this series does, the
> second one adds a test for it).
> 
> 
> Max Reitz (2):
>   qemu-img: Fix qemu-img convert -n
>   iotests: Add test for qemu-img convert to NBD
> 
>  qemu-img.c | 50 +++--
>  tests/qemu-iotests/123 | 62 
> ++
>  tests/qemu-iotests/123.out |  9 +++
>  tests/qemu-iotests/group   |  1 +
>  4 files changed, 98 insertions(+), 24 deletions(-)
>  create mode 100755 tests/qemu-iotests/123
>  create mode 100644 tests/qemu-iotests/123.out
> 
> -- 
> 2.1.0
> 
> 

Thanks, applied to my block tree:
https://github.com/stefanha/qemu/commits/block

Stefan


pgpz8SNiYGKND.pgp
Description: PGP signature

Re: [Qemu-devel] HEAD is failing virt-test on migration tests

[Alexander Graf]

On 13.02.15 10:04, Dr. David Alan Gilbert wrote:
> * Alexander Graf (ag...@suse.de) wrote:
>>
>>
>> On 13.02.15 01:29, Lucas Meneghel Rodrigues wrote:
>>> Copying Alex.
>>>
>>> OK, after bisecting, this is what I've got:
>>>
>>> 8118f0950fc77cce7873002a5021172dd6e040b5 is the first bad commit
>>> commit 8118f0950fc77cce7873002a5021172dd6e040b5
>>> Author: Alexander Graf mailto:ag...@suse.de>>
>>> Date:   Thu Jan 22 15:01:39 2015 +0100
>>>
>>> migration: Append JSON description of migration stream
>>> 
>>> One of the annoyances of the current migration format is the fact that
>>> it's not self-describing. In fact, it's not properly describing at all.
>>> Some code randomly scattered throughout QEMU elaborates roughly how to
>>> read and write a stream of bytes.
>>> 
>>> We discussed an idea during KVM Forum 2013 to add a JSON description of
>>> the migration protocol itself to the migration stream. This patch
>>> adds a section after the VM_END migration end marker that contains
>>> description data on what the device sections of the stream are
>>> composed of.
>>> 
>>> This approach is backwards compatible with any QEMU version reading the
>>> stream, because QEMU just stops reading after the VM_END marker and
>>> ignores
>>> any data following it.
>>> 
>>> With an additional external program this allows us to decipher the
>>> contents of any migration stream and hopefully make migration bugs
>>> easier
>>> to track down.
>>> 
>>> Signed-off-by: Alexander Graf mailto:ag...@suse.de>>
>>> Signed-off-by: Amit Shah >> >
>>> Signed-off-by: Juan Quintela >> >
>>>
>>> :04 04 e9aac242a61fbd05bbb0daa3e8877970e738
>>> 61df81f831bc86b29f65883523ea95abb36f1ec5 Mhw
>>> :04 04 fe0659bed17d86c43657c26622d64fd44a1af037
>>> 7092a6b6515a3d0077f68ff2d80dbd74597a244f Minclude
>>> :04 04 d90d6f1fe839abf21a45eaba5829d5a6a22abeb1
>>> c2b1dcda197d96657458d699c185e39ae45f3c6c Mmigration
>>> :100644 100644 98895fee81edfbc659fc42d467e930d06b1afa7d
>>> 80407662ad3ed860d33a9d35f5c44b1d19c4612b Msavevm.c
>>> :04 04 cf218bc2b841cd51ebe3972635be2cfbb1de9dfa
>>> 7aaf3d10ef7f73413b228e854fe6f04317151e46 Mtests
>>>
>>> So there you go. I'm going to sleep, if you need any extra help let me know.
>>
>> So the major difference with this patch applied is that the sender could
>> send more data than the receive wants to read. I can't see the actual
>> migrate command you used down there.
>>
>> I haven't seen this actually being a problem so far, as the receiver
>> just close()s its file descriptor once it hits VM_EOF. This should only
>> break senders if they expect they can send more. That said, I think I
>> only tested offline migration (via exec:), so maybe QEMU is behaving
>> badly and actually wants to send all data and just fails the migration
>> without?
> 
> Hmm, for such an odd change to the migration stream it's a surprise you
> didn't test it live.

Well, let's say I don't remember explicitly testing it live - I probably
did at one point.

I just verified that migrating with tcp:... works fine in master.


Alex

Re: [Qemu-devel] HEAD is failing virt-test on migration tests

[Dr. David Alan Gilbert]

* Alexander Graf (ag...@suse.de) wrote:
> 
> 
> On 13.02.15 10:04, Dr. David Alan Gilbert wrote:
> > * Alexander Graf (ag...@suse.de) wrote:
> >>
> >>
> >> On 13.02.15 01:29, Lucas Meneghel Rodrigues wrote:
> >>> Copying Alex.
> >>>
> >>> OK, after bisecting, this is what I've got:
> >>>
> >>> 8118f0950fc77cce7873002a5021172dd6e040b5 is the first bad commit
> >>> commit 8118f0950fc77cce7873002a5021172dd6e040b5
> >>> Author: Alexander Graf mailto:ag...@suse.de>>
> >>> Date:   Thu Jan 22 15:01:39 2015 +0100
> >>>
> >>> migration: Append JSON description of migration stream
> >>> 
> >>> One of the annoyances of the current migration format is the fact that
> >>> it's not self-describing. In fact, it's not properly describing at 
> >>> all.
> >>> Some code randomly scattered throughout QEMU elaborates roughly how to
> >>> read and write a stream of bytes.
> >>> 
> >>> We discussed an idea during KVM Forum 2013 to add a JSON description 
> >>> of
> >>> the migration protocol itself to the migration stream. This patch
> >>> adds a section after the VM_END migration end marker that contains
> >>> description data on what the device sections of the stream are
> >>> composed of.
> >>> 
> >>> This approach is backwards compatible with any QEMU version reading 
> >>> the
> >>> stream, because QEMU just stops reading after the VM_END marker and
> >>> ignores
> >>> any data following it.
> >>> 
> >>> With an additional external program this allows us to decipher the
> >>> contents of any migration stream and hopefully make migration bugs
> >>> easier
> >>> to track down.
> >>> 
> >>> Signed-off-by: Alexander Graf mailto:ag...@suse.de>>
> >>> Signed-off-by: Amit Shah  >>> >
> >>> Signed-off-by: Juan Quintela  >>> >
> >>>
> >>> :04 04 e9aac242a61fbd05bbb0daa3e8877970e738
> >>> 61df81f831bc86b29f65883523ea95abb36f1ec5 Mhw
> >>> :04 04 fe0659bed17d86c43657c26622d64fd44a1af037
> >>> 7092a6b6515a3d0077f68ff2d80dbd74597a244f Minclude
> >>> :04 04 d90d6f1fe839abf21a45eaba5829d5a6a22abeb1
> >>> c2b1dcda197d96657458d699c185e39ae45f3c6c Mmigration
> >>> :100644 100644 98895fee81edfbc659fc42d467e930d06b1afa7d
> >>> 80407662ad3ed860d33a9d35f5c44b1d19c4612b Msavevm.c
> >>> :04 04 cf218bc2b841cd51ebe3972635be2cfbb1de9dfa
> >>> 7aaf3d10ef7f73413b228e854fe6f04317151e46 Mtests
> >>>
> >>> So there you go. I'm going to sleep, if you need any extra help let me 
> >>> know.
> >>
> >> So the major difference with this patch applied is that the sender could
> >> send more data than the receive wants to read. I can't see the actual
> >> migrate command you used down there.
> >>
> >> I haven't seen this actually being a problem so far, as the receiver
> >> just close()s its file descriptor once it hits VM_EOF. This should only
> >> break senders if they expect they can send more. That said, I think I
> >> only tested offline migration (via exec:), so maybe QEMU is behaving
> >> badly and actually wants to send all data and just fails the migration
> >> without?
> > 
> > Hmm, for such an odd change to the migration stream it's a surprise you
> > didn't test it live.
> 
> Well, let's say I don't remember explicitly testing it live - I probably
> did at one point.
> 
> I just verified that migrating with tcp:... works fine in master.

Yes, that's fair.

My suspicion (for which I have no proof) is that it might depend on the
amount of buffer in the connection; if there's enough buffer to hold
your JSON description it'll work, because you'll have sent the JSON
before the destination has spotted the terminator; if you've
not got much buffering (e.g. on a local fd) then the source might
get stuck trying to write the json or error because the destination
has closed the fd.

Dave

> 
> 
> Alex
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] HEAD is failing virt-test on migration tests

[Lucas Meneghel Rodrigues]

On Fri, Feb 13, 2015 at 9:18 AM, Alexander Graf  wrote:



On 13.02.15 10:04, Dr. David Alan Gilbert wrote:

 * Alexander Graf (ag...@suse.de) wrote:



 On 13.02.15 01:29, Lucas Meneghel Rodrigues wrote:

 Copying Alex.

 OK, after bisecting, this is what I've got:

 8118f0950fc77cce7873002a5021172dd6e040b5 is the first bad commit
 commit 8118f0950fc77cce7873002a5021172dd6e040b5
 Author: Alexander Graf mailto:ag...@suse.de>>
 Date:   Thu Jan 22 15:01:39 2015 +0100

 migration: Append JSON description of migration stream

 One of the annoyances of the current migration format is the 
fact that
 it's not self-describing. In fact, it's not properly 
describing at all.
 Some code randomly scattered throughout QEMU elaborates 
roughly how to

 read and write a stream of bytes.

 We discussed an idea during KVM Forum 2013 to add a JSON 
description of
 the migration protocol itself to the migration stream. This 
patch
 adds a section after the VM_END migration end marker that 
contains

 description data on what the device sections of the stream are
 composed of.

 This approach is backwards compatible with any QEMU version 
reading the
 stream, because QEMU just stops reading after the VM_END 
marker and

 ignores
 any data following it.

 With an additional external program this allows us to 
decipher the
 contents of any migration stream and hopefully make migration 
bugs

 easier
 to track down.

 Signed-off-by: Alexander Graf >

 Signed-off-by: Amit Shah mailto:amit.s...@redhat.com>>
 Signed-off-by: Juan Quintela mailto:quint...@redhat.com>>

 :04 04 e9aac242a61fbd05bbb0daa3e8877970e738
 61df81f831bc86b29f65883523ea95abb36f1ec5 Mhw
 :04 04 fe0659bed17d86c43657c26622d64fd44a1af037
 7092a6b6515a3d0077f68ff2d80dbd74597a244f Minclude
 :04 04 d90d6f1fe839abf21a45eaba5829d5a6a22abeb1
 c2b1dcda197d96657458d699c185e39ae45f3c6c Mmigration
 :100644 100644 98895fee81edfbc659fc42d467e930d06b1afa7d
 80407662ad3ed860d33a9d35f5c44b1d19c4612b Msavevm.c
 :04 04 cf218bc2b841cd51ebe3972635be2cfbb1de9dfa
 7aaf3d10ef7f73413b228e854fe6f04317151e46 Mtests

 So there you go. I'm going to sleep, if you need any extra help 
let me know.


 So the major difference with this patch applied is that the sender 
could
 send more data than the receive wants to read. I can't see the 
actual

 migrate command you used down there.

 I haven't seen this actually being a problem so far, as the 
receiver
 just close()s its file descriptor once it hits VM_EOF. This should 
only
 break senders if they expect they can send more. That said, I 
think I
 only tested offline migration (via exec:), so maybe QEMU is 
behaving
 badly and actually wants to send all data and just fails the 
migration

 without?


 Hmm, for such an odd change to the migration stream it's a surprise 
you

 didn't test it live.


Well, let's say I don't remember explicitly testing it live - I 
probably

did at one point.

I just verified that migrating with tcp:... works fine in master.


It is working fine with tcp migration in master indeed. The thing is, 
virt-test tests a bunch of variants, among them fd. fd is the only one 
failing from the list of things we do test (which also happen to be the 
virt-test default test set).




Alex

Re: [Qemu-devel] [PATCH v4 01/16] block: Lift some BDS functions to the BlockBackend

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:10PM -0500, Max Reitz wrote:
> Create the blk_* counterparts for the following bdrv_* functions (which
> make sense to call on the BlockBackend level):
> - bdrv_co_write_zeroes()
> - bdrv_write_compressed()
> - bdrv_truncate()
> - bdrv_nb_sectors()
> - bdrv_discard()
> - bdrv_load_vmstate()
> - bdrv_save_vmstate()
> 
> Signed-off-by: Max Reitz 
> ---
>  block/block-backend.c  | 38 ++
>  include/sysemu/block-backend.h | 10 ++
>  2 files changed, 48 insertions(+)

Reviewed-by: Stefan Hajnoczi 


pgpLrY3fHOjag.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 02/16] block: Add blk_new_open()

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:11PM -0500, Max Reitz wrote:
> blk_new_with_bs() creates a BlockBackend with an empty BlockDriverState
> attached to it. Empty BDSs are not nice, therefore add an alternative
> function which combines blk_new_with_bs() with bdrv_open().
> 
> Note: In contrast to bdrv_open() which takes a BlockDriver parameter,
> blk_new_open() does not take such a parameter. This is because
> bdrv_open() opens a BlockDriverState, therefore it is natural to be able
> to set the BlockDriver for that BDS. The fact that bdrv_open() can open
> more than a single BDS is merely some form of a byproduct.
> 
> blk_new_open() on the other hand is intended to be used to create a
> whole tree of BlockDriverStates. Therefore, setting a single BlockDriver
> does not make much sense. Instead, the drivers to be used for each of
> the nodes must be configured through the "options" QDict; including the
> driver of the root BDS.
> 
> Signed-off-by: Max Reitz 
> Reviewed-by: Eric Blake 
> Reviewed-by: Kevin Wolf 
> ---
>  block/block-backend.c  | 34 ++
>  include/sysemu/block-backend.h |  3 +++
>  2 files changed, 37 insertions(+)

Reviewed-by: Stefan Hajnoczi 


pgpx63KMyv7eT.pgp
Description: PGP signature

Re: [Qemu-devel] [PULL 00/12] target-arm queue

[Peter Maydell]

On 13 February 2015 at 05:54, Peter Maydell  wrote:
> The following changes since commit 449008f86418583a1f0fb946cf91ee7b4797317d:
>
>   Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150210.0' 
> into staging (2015-02-11 05:14:41 +)
>
> are available in the git repository at:
>
>
>   git://git.linaro.org/people/pmaydell/qemu-arm.git 
> tags/pull-target-arm-20150213
>
> for you to fetch changes up to c2ebd862a54b7e12175d65c03ba259926cb2237a:
>
>   target-arm: A64: Avoid signed shifts in disas_ldst_pair() (2015-02-13 
> 05:46:09 +)
>
> 
> target-arm queue:
>  * PCIe support in virt board
>  * Support 32-bit guests on 64-bit KVM hosts in virt board
>  * Fixes to avoid C undefined behaviour
>

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH v1 0/3] vhost-user: support safe protocol

[linhaifeng]

From: Linhaifeng 

Mostly the same as ioctl master need the return value to
decided going on or not.So we add these patches for more
safe communication.

Linhaifeng (3):
  vhost-user: add reply let the portocol more safe.
  vhost-user:update the version to 0x6
  vhost-user:add reply for other messages

 docs/specs/vhost-user.txt | 19 --
 hw/virtio/vhost-user.c| 64 ++-
 2 files changed, 69 insertions(+), 14 deletions(-)

-- 
1.7.12.4

[Qemu-devel] [PATCH v1 2/3] vhost-user:update the version to 0x6

[linhaifeng]

From: Linhaifeng 

We not need the VHOST_USER_REPLY_MASK so the base version now is 0x5.
  - update the version to 0x6.
  - change the name form flag to version.

Signed-off-by: Linhaifeng 
---
 hw/virtio/vhost-user.c | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index aefe0bb..d56115a 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -59,10 +59,7 @@ typedef struct VhostUserMemory {
 
 typedef struct VhostUserMsg {
 VhostUserRequest request;
-
-#define VHOST_USER_VERSION_MASK (0x3)
-#define VHOST_USER_REPLY_MASK   (0x1<<2)
-uint32_t flags;
+uint32_t version;
 uint32_t size; /* the following payload size */
 union {
 #define VHOST_USER_VRING_IDX_MASK   (0xff)
@@ -74,15 +71,18 @@ typedef struct VhostUserMsg {
 };
 } QEMU_PACKED VhostUserMsg;
 
+static uint32_t slave_version;
 static VhostUserMsg m __attribute__ ((unused));
 #define VHOST_USER_HDR_SIZE (sizeof(m.request) \
-+ sizeof(m.flags) \
++ sizeof(m.version) \
 + sizeof(m.size))
 
 #define VHOST_USER_PAYLOAD_SIZE (sizeof(m) - VHOST_USER_HDR_SIZE)
 
-/* The version of the protocol we support */
-#define VHOST_USER_VERSION(0x1)
+/* The version of the protocol we support.
+ * Slaves' version should maller than  VHOST_USER_VERSION.
+ */
+#define VHOST_USER_VERSION(0x6)
 
 static bool ioeventfd_enabled(void)
 {
@@ -134,12 +134,12 @@ static int vhost_user_read(struct vhost_dev *dev, 
VhostUserMsg *msg)
 }
 
 /* validate received flags */
-if (msg->flags != (VHOST_USER_REPLY_MASK | VHOST_USER_VERSION)) {
-error_report("Failed to read msg header."
-" Flags 0x%x instead of 0x%x.\n", msg->flags,
-VHOST_USER_REPLY_MASK | VHOST_USER_VERSION);
+if (msg->version > VHOST_USER_VERSION) {
+error_report("Invalid version 0x%x.\n"
+"Vhost user version is 0x%x", msg->version, 
VHOST_USER_VERSION);
 goto fail;
 }
+slave_version = msg->version;
 
 /* validate message size is sane */
 if (msg->size > VHOST_USER_PAYLOAD_SIZE) {
@@ -195,7 +195,7 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 
 msg_request = vhost_user_request_translate(request);
 msg.request = msg_request;
-msg.flags = VHOST_USER_VERSION;
+msg.version = VHOST_USER_VERSION;
 msg.size = 0;
 
 switch (request) {
-- 
1.7.12.4

[Qemu-devel] [PATCH v1 3/3] vhost-user:add reply for other messages

[linhaifeng]

From: Linhaifeng 

If slave's version bigger than 0x5 we will wait for reply.

Signed-off-by: Linhaifeng 
---
 hw/virtio/vhost-user.c | 40 
 1 file changed, 40 insertions(+)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index d56115a..fdfd14b 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -82,8 +82,15 @@ static VhostUserMsg m __attribute__ ((unused));
 /* The version of the protocol we support.
  * Slaves' version should maller than  VHOST_USER_VERSION.
  */
+#define VHOST_USER_BASE   (0x5)
 #define VHOST_USER_VERSION(0x6)
 
+#define VHOST_NEED_REPLY \
+{\
+if (slave_version > VHOST_USER_BASE) \
+need_reply = 1;\
+}
+
 static bool ioeventfd_enabled(void)
 {
 return kvm_enabled() && kvm_eventfds_enabled();
@@ -207,6 +214,8 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 case VHOST_SET_LOG_BASE:
 msg.u64 = *((__u64 *) arg);
 msg.size = sizeof(m.u64);
+
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_SET_OWNER:
@@ -244,16 +253,21 @@ static int vhost_user_call(struct vhost_dev *dev, 
unsigned long int request,
 msg.size += sizeof(m.memory.padding);
 msg.size += fd_num * sizeof(VhostUserMemoryRegion);
 
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_SET_LOG_FD:
 fds[fd_num++] = *((int *) arg);
+
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_SET_VRING_NUM:
 case VHOST_SET_VRING_BASE:
 memcpy(&msg.state, arg, sizeof(struct vhost_vring_state));
 msg.size = sizeof(m.state);
+
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_GET_VRING_BASE:
@@ -265,6 +279,8 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 case VHOST_SET_VRING_ADDR:
 memcpy(&msg.addr, arg, sizeof(struct vhost_vring_addr));
 msg.size = sizeof(m.addr);
+
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_SET_VRING_KICK:
@@ -278,6 +294,8 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 } else {
 msg.u64 |= VHOST_USER_VRING_NOFD_MASK;
 }
+
+VHOST_NEED_REPLY;
 break;
 default:
 error_report("vhost-user trying to send unhandled ioctl\n");
@@ -315,6 +333,28 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 }
 memcpy(arg, &msg.state, sizeof(struct vhost_vring_state));
 break;
+case VHOST_USER_SET_FEATURES:
+case VHOST_USER_SET_LOG_BASE:
+case VHOST_USER_SET_OWNER:
+case VHOST_USER_RESET_OWNER:
+case VHOST_USER_SET_MEM_TABLE:
+case VHOST_USER_SET_LOG_FD:
+case VHOST_USER_SET_VRING_NUM:
+case VHOST_USER_SET_VRING_BASE:
+case VHOST_USER_SET_VRING_ADDR:
+case VHOST_USER_SET_VRING_KICK:
+case VHOST_USER_SET_VRING_CALL:
+case VHOST_USER_SET_VRING_ERR:
+if (msg.size != sizeof(m.u64)) {
+error_report("Received bad msg size.");
+return -1;
+} else {
+if (m.u64) {
+error_report("Failed to handle request %d.", msg_request);
+return -1;
+}
+}
+break;
 default:
 error_report("Received unexpected msg type.\n");
 return -1;
-- 
1.7.12.4

[Qemu-devel] [PATCH v1 1/3] vhost-user: add reply let the portocol more safe.

[linhaifeng]

From: Linhaifeng 

Every messages need reply.

Signed-off-by: Linhaifeng 
---
 docs/specs/vhost-user.txt | 19 +--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/docs/specs/vhost-user.txt b/docs/specs/vhost-user.txt
index 650bb18..4a14e63 100644
--- a/docs/specs/vhost-user.txt
+++ b/docs/specs/vhost-user.txt
@@ -23,6 +23,10 @@ be a software Ethernet switch running in user space, such as 
Snabbswitch.
 Master and slave can be either a client (i.e. connecting) or server (listening)
 in the socket communication.
 
+version 0x1: Supply base communication between master and slave.
+version 0x6: Add reply for more robust.
+
+
 Message Specification
 -
 
@@ -35,7 +39,7 @@ consists of 3 header fields and a payload:
 
  * Request: 32-bit type of the request
  * Flags: 32-bit bit field:
-   - Lower 2 bits are the version (currently 0x01)
+   - Lower 2 bits are the version (currently 0x06)
- Bit 2 is the reply flag - needs to be sent on each reply from the slave
  * Size - 32-bit size of the payload
 
@@ -144,6 +148,7 @@ Message types
   Id: 2
   Ioctl: VHOST_SET_FEATURES
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Enable features in the underlying vhost implementation using a bitmask.
 
@@ -152,6 +157,7 @@ Message types
   Id: 3
   Equivalent ioctl: VHOST_SET_OWNER
   Master payload: N/A
+  Slave payload: u64 0:success else:fail
 
   Issued when a new connection is established. It sets the current Master
   as an owner of the session. This can be used on the Slave as a
@@ -162,6 +168,7 @@ Message types
   Id: 4
   Equivalent ioctl: VHOST_RESET_OWNER
   Master payload: N/A
+  Slave payload: u64 0:success else:fail
 
   Issued when a new connection is about to be closed. The Master will no
   longer own this connection (and will usually close it).
@@ -171,6 +178,7 @@ Message types
   Id: 5
   Equivalent ioctl: VHOST_SET_MEM_TABLE
   Master payload: memory regions description
+  Slave payload: u64 0:success else:fail
 
   Sets the memory map regions on the slave so it can translate the vring
   addresses. In the ancillary data there is an array of file descriptors
@@ -182,6 +190,7 @@ Message types
   Id: 6
   Equivalent ioctl: VHOST_SET_LOG_BASE
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Sets the logging base address.
 
@@ -190,6 +199,7 @@ Message types
   Id: 7
   Equivalent ioctl: VHOST_SET_LOG_FD
   Master payload: N/A
+  Slave payload: u64 0:success else:fail
 
   Sets the logging file descriptor, which is passed as ancillary data.
 
@@ -198,6 +208,7 @@ Message types
   Id: 8
   Equivalent ioctl: VHOST_SET_VRING_NUM
   Master payload: vring state description
+  Slave payload: u64 0:success else:fail
 
   Sets the number of vrings for this owner.
 
@@ -206,7 +217,7 @@ Message types
   Id: 9
   Equivalent ioctl: VHOST_SET_VRING_ADDR
   Master payload: vring address description
-  Slave payload: N/A
+  Slave payload: u64 0:success else:fail
 
   Sets the addresses of the different aspects of the vring.
 
@@ -215,6 +226,7 @@ Message types
   Id: 10
   Equivalent ioctl: VHOST_SET_VRING_BASE
   Master payload: vring state description
+  Slave payload: u64 0:success else:fail
 
   Sets the base offset in the available vring.
 
@@ -232,6 +244,7 @@ Message types
   Id: 12
   Equivalent ioctl: VHOST_SET_VRING_KICK
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Set the event file descriptor for adding buffers to the vring. It
   is passed in the ancillary data.
@@ -245,6 +258,7 @@ Message types
   Id: 13
   Equivalent ioctl: VHOST_SET_VRING_CALL
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Set the event file descriptor to signal when buffers are used. It
   is passed in the ancillary data.
@@ -258,6 +272,7 @@ Message types
   Id: 14
   Equivalent ioctl: VHOST_SET_VRING_ERR
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Set the event file descriptor to signal when error occurs. It
   is passed in the ancillary data.
-- 
1.7.12.4

Re: [Qemu-devel] [PATCH v6 5/5] BlockConf: Call backend functions to detect geometry and blocksizes

[Christian Borntraeger]

Am 19.01.2015 um 15:35 schrieb Ekaterina Tumanova:
> geometry: hd_geometry_guess function autodetects the drive geometry.
> This patch adds a block backend call, that probes the backing device
> geometry. If the inner driver method is implemented and succeeds
> (currently only for DASDs), the blkconf_geometry will pass-through
> the backing device geometry. Otherwise will fallback to old logic.
> 
> blocksize: This patch initializes blocksize properties to 0.
> In order to set the properly a blkconf_blocksizes was introduced.
> If user didn't set physical or logical blocksize, it will
> retrieve its value from a driver (which will return a default 512 for
> any backend but DASD).
> 
> The blkconf_blocksizes call was added to all users of BlkConf.
> 
> Signed-off-by: Ekaterina Tumanova 
> Reviewed-by: Markus Armbruster 
> ---
>  hw/block/block.c | 20 
>  hw/block/hd-geometry.c   | 10 +-
>  hw/block/nvme.c  |  1 +
>  hw/block/virtio-blk.c|  1 +
>  hw/core/qdev-properties.c|  3 ++-
>  hw/ide/qdev.c|  1 +
>  hw/scsi/scsi-disk.c  |  1 +
>  hw/usb/dev-storage.c |  1 +
>  include/hw/block/block.h |  5 +++--
>  include/hw/qdev-properties.h |  4 ++--
>  10 files changed, 41 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/block/block.c b/hw/block/block.c
> index a625773..09dd5f1 100644
> --- a/hw/block/block.c
> +++ b/hw/block/block.c
> @@ -25,6 +25,26 @@ void blkconf_serial(BlockConf *conf, char **serial)
>  }
>  }
> 
> +void blkconf_blocksizes(BlockConf *conf)
> +{
> +BlockBackend *blk = conf->blk;
> +BlockSizes blocksizes;
> +int backend_ret;
> +
> +backend_ret = blk_probe_blocksizes(blk, &blocksizes);
> +/* fill in detected values if they are not defined via qemu command line 
> */
> +if (!conf->physical_block_size && !backend_ret) {
> +conf->physical_block_size = blocksizes.phys;
> +} else {
> +conf->physical_block_size = BDRV_SECTOR_SIZE;
> +}
> +if (!conf->logical_block_size && !backend_ret) {
> +conf->logical_block_size = blocksizes.log;
> +} else {
> +conf->logical_block_size = BDRV_SECTOR_SIZE;
> +}

When we are going to fix this, I found another bug:

This code will fail when logical_block_size and physical_block_size are given 
at the command line AND detection (backend_ret != 0) did not work. It will use 
BDRV_SECTOR_SIZE instead of the command line value.
With something like 

--- a/hw/block/block.c
+++ b/hw/block/block.c
@@ -33,15 +33,19 @@ void blkconf_blocksizes(BlockConf *conf)
 
 backend_ret = blk_probe_blocksizes(blk, &blocksizes);
 /* fill in detected values if they are not defined via qemu command line */
-if (!conf->physical_block_size && !backend_ret) {
-conf->physical_block_size = blocksizes.phys;
-} else {
-conf->physical_block_size = BDRV_SECTOR_SIZE;
+if (!conf->physical_block_size) {
+if (!backend_ret) {
+conf->physical_block_size = blocksizes.phys;
+} else {
+conf->physical_block_size = BDRV_SECTOR_SIZE;
+}
 }
-if (!conf->logical_block_size && !backend_ret) {
-conf->logical_block_size = blocksizes.log;
-} else {
-conf->logical_block_size = BDRV_SECTOR_SIZE;
+if (!conf->logical_block_size) {
+   if (!backend_ret) {
+   conf->logical_block_size = blocksizes.log;
+   } else {
+   conf->logical_block_size = BDRV_SECTOR_SIZE;
+   }
 }
 }
 

No?

Re: [Qemu-devel] [PATCH v6 5/5] BlockConf: Call backend functions to detect geometry and blocksizes

[Ekaterina Tumanova]

On 02/13/2015 03:23 PM, Christian Borntraeger wrote:

Am 19.01.2015 um 15:35 schrieb Ekaterina Tumanova:

geometry: hd_geometry_guess function autodetects the drive geometry.
This patch adds a block backend call, that probes the backing device
geometry. If the inner driver method is implemented and succeeds
(currently only for DASDs), the blkconf_geometry will pass-through
the backing device geometry. Otherwise will fallback to old logic.

blocksize: This patch initializes blocksize properties to 0.
In order to set the properly a blkconf_blocksizes was introduced.
If user didn't set physical or logical blocksize, it will
retrieve its value from a driver (which will return a default 512 for
any backend but DASD).

The blkconf_blocksizes call was added to all users of BlkConf.

Signed-off-by: Ekaterina Tumanova 
Reviewed-by: Markus Armbruster 
---
  hw/block/block.c | 20 
  hw/block/hd-geometry.c   | 10 +-
  hw/block/nvme.c  |  1 +
  hw/block/virtio-blk.c|  1 +
  hw/core/qdev-properties.c|  3 ++-
  hw/ide/qdev.c|  1 +
  hw/scsi/scsi-disk.c  |  1 +
  hw/usb/dev-storage.c |  1 +
  include/hw/block/block.h |  5 +++--
  include/hw/qdev-properties.h |  4 ++--
  10 files changed, 41 insertions(+), 6 deletions(-)

diff --git a/hw/block/block.c b/hw/block/block.c
index a625773..09dd5f1 100644
--- a/hw/block/block.c
+++ b/hw/block/block.c
@@ -25,6 +25,26 @@ void blkconf_serial(BlockConf *conf, char **serial)
  }
  }

+void blkconf_blocksizes(BlockConf *conf)
+{
+BlockBackend *blk = conf->blk;
+BlockSizes blocksizes;
+int backend_ret;
+
+backend_ret = blk_probe_blocksizes(blk, &blocksizes);
+/* fill in detected values if they are not defined via qemu command line */
+if (!conf->physical_block_size && !backend_ret) {
+conf->physical_block_size = blocksizes.phys;
+} else {
+conf->physical_block_size = BDRV_SECTOR_SIZE;
+}
+if (!conf->logical_block_size && !backend_ret) {
+conf->logical_block_size = blocksizes.log;
+} else {
+conf->logical_block_size = BDRV_SECTOR_SIZE;
+}


When we are going to fix this, I found another bug:

This code will fail when logical_block_size and physical_block_size are given 
at the command line AND detection (backend_ret != 0) did not work. It will use 
BDRV_SECTOR_SIZE instead of the command line value.
With something like

--- a/hw/block/block.c
+++ b/hw/block/block.c
@@ -33,15 +33,19 @@ void blkconf_blocksizes(BlockConf *conf)

  backend_ret = blk_probe_blocksizes(blk, &blocksizes);
  /* fill in detected values if they are not defined via qemu command line 
*/
-if (!conf->physical_block_size && !backend_ret) {
-conf->physical_block_size = blocksizes.phys;
-} else {
-conf->physical_block_size = BDRV_SECTOR_SIZE;
+if (!conf->physical_block_size) {
+if (!backend_ret) {
+conf->physical_block_size = blocksizes.phys;
+} else {
+conf->physical_block_size = BDRV_SECTOR_SIZE;
+}
  }
-if (!conf->logical_block_size && !backend_ret) {
-conf->logical_block_size = blocksizes.log;
-} else {
-conf->logical_block_size = BDRV_SECTOR_SIZE;
+if (!conf->logical_block_size) {
+   if (!backend_ret) {
+   conf->logical_block_size = blocksizes.log;
+   } else {
+   conf->logical_block_size = BDRV_SECTOR_SIZE;
+   }
  }
  }


No?



yes.
will be fix in v7.

Re: [Qemu-devel] [PATCH v3] qga: add guest-set-user-password command

[Olga Krishtal]

On 11/02/15 14:26, Daniel P. Berrange wrote:

Add a new 'guest-set-user-password' command for changing the password
of guest OS user accounts. This command is needed to enable OpenStack
to support its API for changing the admin password of guests running
on KVM/QEMU. It is not practical to provide a command at the QEMU
level explicitly targetting administrator account password change
only, since different guest OS have different names for the admin
account. While UNIX systems use 'root', Windows systems typically
use 'Administrator' and even that can be renamed. Higher level apps
like OpenStack have the ability to figure out the correct admin
account name since they have info that QEMU/libvirt do not.

The command accepts either the clear text password string, encoded
in base64 to make it 8-bit safe in JSON:

$ echo -n "123456" | base64
MTIzNDU2
$ virsh -c qemu:///system  qemu-agent-command f21x86_64 \
'{ "execute": "guest-set-user-password",
   "arguments": { "crypted": false,
  "username": "root",
  "password": "MTIzNDU2" } }'
   {"return":{}}

Or a password that has already been run though a crypt(3) like
algorithm appropriate for the guest, again then base64 encoded:

$ echo -n '$6$n01A2Tau$e...snip...DfMOP7of9AJ1I8q0' | base64
JDYkb...snip...YT2Ey
$ virsh -c qemu:///system  qemu-agent-command f21x86_64 \
'{ "execute": "guest-set-user-password",
   "arguments": { "crypted": true,
  "username": "root",
  "password": "JDYkb...snip...YT2Ey" } }'

NB windows support is desirable, but not implemented in this
patch.

Signed-off-by: Daniel P. Berrange 
---
  qga/commands-posix.c | 110 +++
  qga/commands-win32.c |   9 +
  qga/qapi-schema.json |  27 +
  3 files changed, 146 insertions(+)

In v3:

  - Renamed from guest-set-admin-password to guest-set-user-password
  - Added 'username' argument
  - Require 'password' to be base64 encoded

diff --git a/qga/commands-posix.c b/qga/commands-posix.c
index f6f3e3c..57409d0 100644
--- a/qga/commands-posix.c
+++ b/qga/commands-posix.c
@@ -1875,6 +1875,108 @@ int64_t qmp_guest_set_vcpus(GuestLogicalProcessorList 
*vcpus, Error **errp)
  return processed;
  }
  
+void qmp_guest_set_user_password(const char *username,

+ const char *password,
+ bool crypted,
+ Error **errp)
+{
+Error *local_err = NULL;
+char *passwd_path = NULL;
+pid_t pid;
+int status;
+int datafd[2] = { -1, -1 };
+char *rawpasswddata = NULL;
+size_t rawpasswdlen;
+char *chpasswddata = NULL;
+size_t chpasswdlen;
+
+rawpasswddata = (char *)g_base64_decode(password, &rawpasswdlen);
+rawpasswddata = g_renew(char, rawpasswddata, rawpasswdlen + 1);
+rawpasswddata[rawpasswdlen] = '\0';
+
+if (strchr(rawpasswddata, '\n')) {
+error_setg(errp, "forbidden characters in raw password");
+goto out;
+}
+
+if (strchr(username, '\n') ||
+strchr(username, ':')) {
+error_setg(errp, "forbidden characters in username");
+goto out;
+}
+
+chpasswddata = g_strdup_printf("%s:%s\n", username, rawpasswddata);
+chpasswdlen = strlen(chpasswddata);
+
+passwd_path = g_find_program_in_path("chpasswd");
+
+if (!passwd_path) {
+error_setg(errp, "cannot find 'passwd' program in PATH");
+goto out;
+}
+
+if (pipe(datafd) < 0) {
+error_setg(errp, "cannot create pipe FDs");
+goto out;
+}
+
+pid = fork();
+if (pid == 0) {
+close(datafd[1]);
+/* child */
+setsid();
+dup2(datafd[0], 0);
+reopen_fd_to_null(1);
+reopen_fd_to_null(2);
+
+if (crypted) {
+execle(passwd_path, "chpasswd", "-e", NULL, environ);
+} else {
+execle(passwd_path, "chpasswd", NULL, environ);
+}
+_exit(EXIT_FAILURE);
+} else if (pid < 0) {
+error_setg_errno(errp, errno, "failed to create child process");
+goto out;
+}
+close(datafd[0]);
+datafd[0] = -1;
+
+if (qemu_write_full(datafd[1], chpasswddata, chpasswdlen) != chpasswdlen) {
+error_setg_errno(errp, errno, "cannot write new account password");
+goto out;
+}
+close(datafd[1]);
+datafd[1] = -1;
+
+ga_wait_child(pid, &status, &local_err);
+if (local_err) {
+error_propagate(errp, local_err);
+goto out;
+}
+
+if (!WIFEXITED(status)) {
+error_setg(errp, "child process has terminated abnormally");
+goto out;
+}
+
+if (WEXITSTATUS(status)) {
+error_setg(errp, "child process has failed to set user password");
+goto out;
+}
+
+out:
+g_free(chpasswddata);
+g_free(rawpasswddata);
+g_free(passwd_path);
+if (datafd[0] != -1) {
+close(datafd[0]);
+ 

Re: [Qemu-devel] [PATCH 3/3] virtio-scsi-dataplane: Use main thread BH to set BDS' aio context

[Fam Zheng]

On Fri, 02/13 11:38, Paolo Bonzini wrote:
> 
> 
> On 13/02/2015 11:29, Fam Zheng wrote:
> > I think we should avoid duplicate everything on both virtio-blk and
> > virtio-scsi, so they will have differences.
> 
> True, but there are also similarities.  virtio-blk can also do per-VQ
> iothreads
> 
> > Why do you think Per VQ iothread is far away?
> 
> Because per-VQ iothread needs to use either fine-grained locks or,
> especially in the format and protocol driver, no locks at all.  No locks
> at all applies especially to the raw case, where we can more easily
> leverage kernel-side locks and thread-local storage.
> 
> Right now the lock is per-AioContext, but even if you made it
> BlockBackend-grained lock, the iothreads will just contend on it and
> each device won't get better performance than a single iothread.  Making
> a single backend faster is unfortunately an extremely important case; if
> you have multiple backends you can already move them to separate
> virtio-scsi controllers or virtio-blk devices.
> 
> We haven't even started thinking how the design should look like, so I
> think it's far away.
> 
> > Limiting to 1 thread for the
> > whole scsi bus doesn't sound ultimate solution for me. I think it's not 
> > harder
> > than the MMIO safety work we have, and also somehow independent to it.
> 
> I'm not sure it's independent.  While the MMIO safety work does not
> imply using fine-grained locks, it probably(*) implies using
> fine-grained critical sections.  Fine-grained critical sections are
> probably(**) a subset of the work needed for fine-grained locks or also
> for lockless operation.
> 
>   (*) probably = couldn't think of a better way
> 
>   (**) probably = I haven't even thought about it
> 
> Paolo
> 

OK, thanks for elaborating. I think for the sake of single IO thread support we
already started, the best option now is to go as you suggested - move
bdrv_set_aio_context to virtio_scsi_dataplane_start and hotplug callbacks.

Could you review patch 1? (And do we want patch 2?)

Thanks,
Fam

Re: [Qemu-devel] [PULL 0/8] Linked list for tcg ops

[Peter Maydell]

On 13 February 2015 at 05:43, Richard Henderson  wrote:
> Currently tcg ops are simply placed in a buffer in order.  Which is
> fine until we want to actually do something with the opcode stream,
> such as optimize them.  Note the horrible things like call opcodes
> needing their argument count both prefixed and postfixed so that we
> can iterate across the call either forward or backward.
>
> While I'm changing this, I also move quite a lot of tcg-op.h out of
> line.  There is very little benefit to having most of them be inline,
> since their arguments are extracted from the guest instructions being
> translated, and thus their values are not really predictable.
>
> I chose a cutoff of one function call.  If a tcg-op.h function consists
> of a single function call, inline it, otherwise move it out of line.
>
> This also removes a bit of boilerplate from each target.
>
> I haven't been able to measure a performance difference with this
> patch set.  I wouldn't really expect any, as the complexity level
> remains the same.  I simply find the link list significantly more
> maintainable.
>
> Thanks to Bastian for the reviews.
>
>
> r~
>
>
> The following changes since commit 449008f86418583a1f0fb946cf91ee7b4797317d:
>
>   Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150210.0' 
> into staging (2015-02-11 05:14:41 +)
>
> are available in the git repository at:
>
>   git://github.com/rth7680/qemu.git tags/pull-tcg-20150212
>
> for you to fetch changes up to 15fc7daa770764cc795158cbb525569f156f3659:
>
>   tcg: Remove unused opcodes (2015-02-12 21:21:38 -0800)

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH v4 03/16] block: Add Error parameter to bdrv_find_protocol()

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:12PM -0500, Max Reitz wrote:
> The argument given to bdrv_find_protocol() is just a file name, which
> makes it difficult for the caller to reconstruct what protocol
> bdrv_find_protocol() was hoping to find. This patch adds an Error
> parameter to that function to solve this issue.
> 
> Suggested-by: Eric Blake 
> Signed-off-by: Max Reitz 
> ---
>  block.c| 14 +++---
>  block/sheepdog.c   |  2 +-
>  include/block/block.h  |  3 ++-
>  qemu-img.c | 11 +++
>  tests/qemu-iotests/051.out |  4 ++--
>  5 files changed, 19 insertions(+), 15 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpNuYZrUATWU.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 04/16] iotests: Add test for driver=qcow2, format=qcow2

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:13PM -0500, Max Reitz wrote:
> While specifying a different driver and format is obviously invalid,
> specifying the same driver once through driver and once through format
> is invalid as well. Add a test for it.
> 
> Signed-off-by: Max Reitz 
> ---
>  tests/qemu-iotests/051 | 1 +
>  tests/qemu-iotests/051.out | 3 +++
>  2 files changed, 4 insertions(+)

Reviewed-by: Stefan Hajnoczi 


pgpMs40oFNWMn.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 05/16] blockdev: Use blk_new_open() in blockdev_init()

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:14PM -0500, Max Reitz wrote:
> Due to different error propagation, this breaks tests 051 and 087; fix
> their output.
> 
> Signed-off-by: Max Reitz 
> ---
>  blockdev.c | 92 
> +-
>  tests/qemu-iotests/051.out | 62 +++
>  tests/qemu-iotests/087.out |  8 ++--
>  3 files changed, 77 insertions(+), 85 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpMGVCdz_KWq.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 06/16] block/xen: Use blk_new_open() in blk_connect()

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:15PM -0500, Max Reitz wrote:
> As part of the required changes, this fixes a bug where specifying an
> invalid driver would result in the block layer probing the image format;
> now it will result in an error, unless "" is specified as the
> driver name. Fixing this would require further work on the xen_disk code
> which does not seem worth it (at this point and for this patch).
> 
> Signed-off-by: Max Reitz 
> ---
>  hw/block/xen_disk.c | 27 +++
>  1 file changed, 11 insertions(+), 16 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpdibjenCnAW.pgp
Description: PGP signature

Re: [Qemu-devel] [PULL 00/14] target-mips queue

[Peter Maydell]

On 13 February 2015 at 10:01, Leon Alrae  wrote:
> Hi,
>
> My current mips-next patch queue, mainly bug fixes and cleanups.
>
> Thanks,
> Leon
>
> Cc: Peter Maydell 
> Cc: Aurelien Jarno 
>
> The following changes since commit 449008f86418583a1f0fb946cf91ee7b4797317d:
>
>   Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20150210.0' 
> into staging (2015-02-11 05:14:41 +)
>
> are available in the git repository at:
>
>   git://github.com/lalrae/qemu.git tags/mips-20150213
>
> for you to fetch changes up to a6081232704fa32d16ad1dca3f34abff4bb6435e:
>
>   linux-user: correct stat structure in MIPS N32 (2015-02-12 16:11:16 +)

Hi; I'm afraid that this conflicts with RTH's patchset that I've
applied in a way that's probably not too hard to sort out but
which I don't have time to try to fix up as part of the merge.
Can I ask you to rebase, retest and resend, please?

PS: this pullreq appears to be an unsigned tag. You should
move to sending me signed pullrequests as soon as it's
convenient for you to do so, please.

thanks
-- PMM

Re: [Qemu-devel] [PATCH 1/3] block: Forbid bdrv_set_aio_context outside BQL

[Paolo Bonzini]

On 12/02/2015 06:21, Fam Zheng wrote:
> Even if the caller has the old #AioContext, there can be a deadlock, due
> to the leading bdrv_drain_all:
> 
> Suppose there are three io threads (a, b, c) with each owning a BDS
> (bds_a, bds_b, bds_c), and a and b want to move their own BDS to c at
> the same time:
> 
>   iothread a   iothread b
> --
>   bdrv_set_aio_context(bds_a, c)   bdrv_set_aio_context(bds_b, c)
>   -> bdrv_drain_all()  -> bdrv_drain_all()
>  -> acquire a (OK, already has)   -> acquire a (blocked)
>  -> acquire b (blocked)   -> acquire b
>  -> acquire c -> acquire c
> 
> Current caller of bdrv_set_aio_context outside BQL is
> virtio-scsi-dataplane, which will be fixed in the next patches.
> 
> Signed-off-by: Fam Zheng 
> ---
>  include/block/block.h | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/include/block/block.h b/include/block/block.h
> index 321295e..4fce25d 100644
> --- a/include/block/block.h
> +++ b/include/block/block.h
> @@ -546,8 +546,7 @@ AioContext *bdrv_get_aio_context(BlockDriverState *bs);
>   * Changes the #AioContext used for fd handlers, timers, and BHs by this
>   * BlockDriverState and all its children.
>   *
> - * This function must be called from the old #AioContext or with a lock held 
> so
> - * the old #AioContext is not executing.
> + * This function must be called with iothread lock held.
>   */
>  void bdrv_set_aio_context(BlockDriverState *bs, AioContext *new_context);
>  
> 

Reviewed-by: Paolo Bonzini 

Re: [Qemu-devel] [PATCH 3/3] virtio-scsi-dataplane: Use main thread BH to set BDS' aio context

[Paolo Bonzini]

On 13/02/2015 13:42, Fam Zheng wrote:
> OK, thanks for elaborating. I think for the sake of single IO thread support 
> we
> already started, the best option now is to go as you suggested - move
> bdrv_set_aio_context to virtio_scsi_dataplane_start and hotplug callbacks.

Yes, no doubt the bug has to be fixed.

> Could you review patch 1? (And do we want patch 2?)

I don't know.  Theoretically yes, in practice the aim is to get rid of
vring so the benefit is limited in time...

Patch 1 is okay of course.  I prefer to document things only once the
code actually does what the documentation says, but Kevin and Stefan are
free to pick it up if they want to.

Paolo

Re: [Qemu-devel] [PATCH v4 07/16] qemu-img: Use blk_new_open() in img_open()

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:16PM -0500, Max Reitz wrote:
> Signed-off-by: Max Reitz 
> ---
>  qemu-img.c | 20 ++--
>  1 file changed, 6 insertions(+), 14 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpIRJm6HuSOY.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 08/16] qemu-img: Use blk_new_open() in img_rebase()

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:17PM -0500, Max Reitz wrote:
> Signed-off-by: Max Reitz 
> ---
>  qemu-img.c | 49 +++--
>  1 file changed, 23 insertions(+), 26 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpSvEClQxqWo.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 09/16] qemu-img: Use BlockBackend as far as possible

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:18PM -0500, Max Reitz wrote:
> Although qemu-img already creates BlockBackends, it does not do accesses
> to the images through them. This patch converts all of the bdrv_* calls
> for which this is currently possible to blk_* calls. Most of the
> remaining calls will probably stay bdrv_* calls because they really do
> operate on the BDS level instead of the BB level.
> 
> Signed-off-by: Max Reitz 
> ---
>  qemu-img.c | 82 
> ++
>  1 file changed, 39 insertions(+), 43 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpfP0uYnLXsb.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 10/16] qemu-nbd: Use blk_new_open() in main()

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:19PM -0500, Max Reitz wrote:
> Signed-off-by: Max Reitz 
> Reviewed-by: Kevin Wolf 
> ---
>  qemu-nbd.c | 25 +
>  1 file changed, 9 insertions(+), 16 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgp2aNr8qjHFg.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 11/16] qemu-io: Use blk_new_open() in openfile()

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:20PM -0500, Max Reitz wrote:
> Signed-off-by: Max Reitz 
> ---
>  qemu-io.c | 30 --
>  1 file changed, 12 insertions(+), 18 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgppsGtrhEu6u.pgp
Description: PGP signature

Re: [Qemu-devel] Help on TLB Flush

[Lluís Vilanova]

Mark Burton writes:

>> On 13 Feb 2015, at 08:24, Peter Maydell  wrote:
>> 
>> On 13 February 2015 at 07:16, Mark Burton  wrote:
>>> If the kernel is doing this - then effectively - for X86, each CPU only
>>> flush’s it’s own TLB (from the perspective of Qemu) - correct?
>>> (in which case, for Qemu itself - for x86) - we dont need to implement
>>> a global flush, and hence we dont need to build the mechanism to sync ?

>> The semantics you need are "flush the QEMU TLB for CPU X" (where
>> X may not be the CPU you're running on). This is what tlb_flush()
>> does: it takes a CPU argument to act on. (Ditto tlb_flush_page, etc.)
>> We then use that to implement the target's required semantics
>> (eg in ARM the tlbiall_is_write() function is handled by iterating
>> through all CPUs and calling tlb_flush on them).

> What Lluis implied seemed to be that the kernel arranged to signal the CPU 
> that would flush. Hence, (for X86), we would only ever flush our own TLB.

That's correct.

[...]
> For our immediate concern, in the interests of getting the thing working and
> making sure we’ve turned over all the stones, on ARM - it MAY help us to check
> that the flush has happened ‘in the next memory barrier’….
>   - I dont know if that will help us or not, and - even if it does, I 
> agree with you, it would be more messy than it need be.
> However, in the interests of making sure that there are no other issues - we 
> may ‘hack’ something before we put in place a more elegant solution…. 
> (right now, we have some mutex issues, shifting the sync to the barrier MAY 
> help us avoid that…. To Be Seen…. and anyway - it would only be a temporary 
> fix).

But you shouldn't assume that everyone either uses x86's semantics (aka, each
CPU gets an IPI), or the ARM semantics you described where the global TLB flush
instruction has asynchronous effects. First, in ARM you still have to ensure
other CPUs did what you asked them to (whenever the arch manual says you must do
so). Second, it seems like ARM does not always behave in the way you described:

  http://lxr.free-electrons.com/source/arch/arm/kernel/smp.c?v=2.6.32#L630

Granted, this is just the same behaviour as x86, but noone guarantees you that
some other operation in any of the multiple architectures supported by QEMU will
never need a synchronous instruction with global effects.

I understand the pressure of getting something running and work from that, but I
think that having a framework for asynchronous cross-CPU messaging would be
rather useful in the future. That can be then complemented with a mechanism to
wait for these asynchronous messages. You can achieve any desired behaviour by
composing these two.


Cheers,
  Lluis

-- 
 "And it's much the same thing with knowledge, for whenever you learn
 something new, the whole world becomes that much richer."
 -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
 Tollbooth

Re: [Qemu-devel] Help on TLB Flush

[Mark Burton]

Agreed
Cheers
Mark.

> On 13 Feb 2015, at 14:30, Lluís Vilanova  wrote:
> 
> Mark Burton writes:
> 
>>> On 13 Feb 2015, at 08:24, Peter Maydell  wrote:
>>> 
>>> On 13 February 2015 at 07:16, Mark Burton  wrote:
 If the kernel is doing this - then effectively - for X86, each CPU only
 flush’s it’s own TLB (from the perspective of Qemu) - correct?
 (in which case, for Qemu itself - for x86) - we dont need to implement
 a global flush, and hence we dont need to build the mechanism to sync ?
> 
>>> The semantics you need are "flush the QEMU TLB for CPU X" (where
>>> X may not be the CPU you're running on). This is what tlb_flush()
>>> does: it takes a CPU argument to act on. (Ditto tlb_flush_page, etc.)
>>> We then use that to implement the target's required semantics
>>> (eg in ARM the tlbiall_is_write() function is handled by iterating
>>> through all CPUs and calling tlb_flush on them).
> 
>> What Lluis implied seemed to be that the kernel arranged to signal the CPU 
>> that would flush. Hence, (for X86), we would only ever flush our own TLB.
> 
> That's correct.
> 
> [...]
>> For our immediate concern, in the interests of getting the thing working and
>> making sure we’ve turned over all the stones, on ARM - it MAY help us to 
>> check
>> that the flush has happened ‘in the next memory barrier’….
>>  - I dont know if that will help us or not, and - even if it does, I 
>> agree with you, it would be more messy than it need be.
>> However, in the interests of making sure that there are no other issues - we 
>> may ‘hack’ something before we put in place a more elegant solution…. 
>> (right now, we have some mutex issues, shifting the sync to the barrier MAY 
>> help us avoid that…. To Be Seen…. and anyway - it would only be a temporary 
>> fix).
> 
> But you shouldn't assume that everyone either uses x86's semantics (aka, each
> CPU gets an IPI), or the ARM semantics you described where the global TLB 
> flush
> instruction has asynchronous effects. First, in ARM you still have to ensure
> other CPUs did what you asked them to (whenever the arch manual says you must 
> do
> so). Second, it seems like ARM does not always behave in the way you 
> described:
> 
>  http://lxr.free-electrons.com/source/arch/arm/kernel/smp.c?v=2.6.32#L630
> 
> Granted, this is just the same behaviour as x86, but noone guarantees you that
> some other operation in any of the multiple architectures supported by QEMU 
> will
> never need a synchronous instruction with global effects.
> 
> I understand the pressure of getting something running and work from that, 
> but I
> think that having a framework for asynchronous cross-CPU messaging would be
> rather useful in the future. That can be then complemented with a mechanism to
> wait for these asynchronous messages. You can achieve any desired behaviour by
> composing these two.
> 
> 
> Cheers,
>  Lluis
> 
> -- 
> "And it's much the same thing with knowledge, for whenever you learn
> something new, the whole world becomes that much richer."
> -- The Princess of Pure Reason, as told by Norton Juster in The Phantom
> Tollbooth


 +44 (0)20 7100 3485 x 210
 +33 (0)5 33 52 01 77x 210

+33 (0)603762104
mark.burton

[Qemu-devel] [PATCH v2 2/3] vhost-user:update the version to 0x6

[linhaifeng]

From: Linhaifeng 

We not need the VHOST_USER_REPLY_MASK so the base version now is 0x5.
  - update the version to 0x6.
  - change the name form flag to version.

Signed-off-by: Linhaifeng 
---
 hw/virtio/vhost-user.c | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index aefe0bb..d56115a 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -59,10 +59,7 @@ typedef struct VhostUserMemory {
 
 typedef struct VhostUserMsg {
 VhostUserRequest request;
-
-#define VHOST_USER_VERSION_MASK (0x3)
-#define VHOST_USER_REPLY_MASK   (0x1<<2)
-uint32_t flags;
+uint32_t version;
 uint32_t size; /* the following payload size */
 union {
 #define VHOST_USER_VRING_IDX_MASK   (0xff)
@@ -74,15 +71,18 @@ typedef struct VhostUserMsg {
 };
 } QEMU_PACKED VhostUserMsg;
 
+static uint32_t slave_version;
 static VhostUserMsg m __attribute__ ((unused));
 #define VHOST_USER_HDR_SIZE (sizeof(m.request) \
-+ sizeof(m.flags) \
++ sizeof(m.version) \
 + sizeof(m.size))
 
 #define VHOST_USER_PAYLOAD_SIZE (sizeof(m) - VHOST_USER_HDR_SIZE)
 
-/* The version of the protocol we support */
-#define VHOST_USER_VERSION(0x1)
+/* The version of the protocol we support.
+ * Slaves' version should maller than  VHOST_USER_VERSION.
+ */
+#define VHOST_USER_VERSION(0x6)
 
 static bool ioeventfd_enabled(void)
 {
@@ -134,12 +134,12 @@ static int vhost_user_read(struct vhost_dev *dev, 
VhostUserMsg *msg)
 }
 
 /* validate received flags */
-if (msg->flags != (VHOST_USER_REPLY_MASK | VHOST_USER_VERSION)) {
-error_report("Failed to read msg header."
-" Flags 0x%x instead of 0x%x.\n", msg->flags,
-VHOST_USER_REPLY_MASK | VHOST_USER_VERSION);
+if (msg->version > VHOST_USER_VERSION) {
+error_report("Invalid version 0x%x.\n"
+"Vhost user version is 0x%x", msg->version, 
VHOST_USER_VERSION);
 goto fail;
 }
+slave_version = msg->version;
 
 /* validate message size is sane */
 if (msg->size > VHOST_USER_PAYLOAD_SIZE) {
@@ -195,7 +195,7 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 
 msg_request = vhost_user_request_translate(request);
 msg.request = msg_request;
-msg.flags = VHOST_USER_VERSION;
+msg.version = VHOST_USER_VERSION;
 msg.size = 0;
 
 switch (request) {
-- 
1.7.12.4

Re: [Qemu-devel] [PULL 00/14] target-mips queue

[Leon Alrae]

On 13/02/2015 13:07, Peter Maydell wrote:
> On 13 February 2015 at 10:01, Leon Alrae  wrote:
>> Hi,
>>
>> My current mips-next patch queue, mainly bug fixes and cleanups.
>>
>> Thanks,
>> Leon
>>
>> Cc: Peter Maydell 
>> Cc: Aurelien Jarno 
>>
>> The following changes since commit 449008f86418583a1f0fb946cf91ee7b4797317d:
>>
>>   Merge remote-tracking branch 
>> 'remotes/awilliam/tags/vfio-update-20150210.0' into staging (2015-02-11 
>> 05:14:41 +)
>>
>> are available in the git repository at:
>>
>>   git://github.com/lalrae/qemu.git tags/mips-20150213
>>
>> for you to fetch changes up to a6081232704fa32d16ad1dca3f34abff4bb6435e:
>>
>>   linux-user: correct stat structure in MIPS N32 (2015-02-12 16:11:16 +)
> 
> Hi; I'm afraid that this conflicts with RTH's patchset that I've
> applied in a way that's probably not too hard to sort out but
> which I don't have time to try to fix up as part of the merge.
> Can I ask you to rebase, retest and resend, please?

Sure, no problem.

> 
> PS: this pullreq appears to be an unsigned tag. You should
> move to sending me signed pullrequests as soon as it's
> convenient for you to do so, please.

I wasn't aware that pullreqs should be gpg signed (I've just found an
email about this in archives). Will do.

Thanks,
Leon

[Qemu-devel] [PATCH v2 0/3] vhost-user: support safe protocol

[linhaifeng]

From: Linhaifeng 

Mostly the same as ioctl master need the return value to
decided going on or not.So we add these patches for more
safe communication.

change log:
v1->v2: modify the annotate about slave's version.

Linhaifeng (3):
  vhost-user: update the protocol.
  vhost-user:update the version to 0x6
  vhost-user:add reply for other messages

 docs/specs/vhost-user.txt | 17 +++--
 hw/virtio/vhost-user.c| 64 ++-
 2 files changed, 67 insertions(+), 14 deletions(-)

-- 
1.7.12.4

[Qemu-devel] [PATCH v2 3/3] vhost-user:add reply for other messages

[linhaifeng]

From: Linhaifeng 

If slave's version bigger than 0x5 we will wait for reply.

Signed-off-by: Linhaifeng 
---
 hw/virtio/vhost-user.c | 42 +-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index d56115a..ae684b6 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -80,10 +80,17 @@ static VhostUserMsg m __attribute__ ((unused));
 #define VHOST_USER_PAYLOAD_SIZE (sizeof(m) - VHOST_USER_HDR_SIZE)
 
 /* The version of the protocol we support.
- * Slaves' version should maller than  VHOST_USER_VERSION.
+ * Slaves' version must not bigger than  VHOST_USER_VERSION.
  */
+#define VHOST_USER_BASE   (0x5)
 #define VHOST_USER_VERSION(0x6)
 
+#define VHOST_NEED_REPLY \
+{\
+if (slave_version > VHOST_USER_BASE) \
+need_reply = 1;\
+}
+
 static bool ioeventfd_enabled(void)
 {
 return kvm_enabled() && kvm_eventfds_enabled();
@@ -207,6 +214,8 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 case VHOST_SET_LOG_BASE:
 msg.u64 = *((__u64 *) arg);
 msg.size = sizeof(m.u64);
+
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_SET_OWNER:
@@ -244,16 +253,21 @@ static int vhost_user_call(struct vhost_dev *dev, 
unsigned long int request,
 msg.size += sizeof(m.memory.padding);
 msg.size += fd_num * sizeof(VhostUserMemoryRegion);
 
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_SET_LOG_FD:
 fds[fd_num++] = *((int *) arg);
+
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_SET_VRING_NUM:
 case VHOST_SET_VRING_BASE:
 memcpy(&msg.state, arg, sizeof(struct vhost_vring_state));
 msg.size = sizeof(m.state);
+
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_GET_VRING_BASE:
@@ -265,6 +279,8 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 case VHOST_SET_VRING_ADDR:
 memcpy(&msg.addr, arg, sizeof(struct vhost_vring_addr));
 msg.size = sizeof(m.addr);
+
+VHOST_NEED_REPLY;
 break;
 
 case VHOST_SET_VRING_KICK:
@@ -278,6 +294,8 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 } else {
 msg.u64 |= VHOST_USER_VRING_NOFD_MASK;
 }
+
+VHOST_NEED_REPLY;
 break;
 default:
 error_report("vhost-user trying to send unhandled ioctl\n");
@@ -315,6 +333,28 @@ static int vhost_user_call(struct vhost_dev *dev, unsigned 
long int request,
 }
 memcpy(arg, &msg.state, sizeof(struct vhost_vring_state));
 break;
+case VHOST_USER_SET_FEATURES:
+case VHOST_USER_SET_LOG_BASE:
+case VHOST_USER_SET_OWNER:
+case VHOST_USER_RESET_OWNER:
+case VHOST_USER_SET_MEM_TABLE:
+case VHOST_USER_SET_LOG_FD:
+case VHOST_USER_SET_VRING_NUM:
+case VHOST_USER_SET_VRING_BASE:
+case VHOST_USER_SET_VRING_ADDR:
+case VHOST_USER_SET_VRING_KICK:
+case VHOST_USER_SET_VRING_CALL:
+case VHOST_USER_SET_VRING_ERR:
+if (msg.size != sizeof(m.u64)) {
+error_report("Received bad msg size.");
+return -1;
+} else {
+if (m.u64) {
+error_report("Failed to handle request %d.", msg_request);
+return -1;
+}
+}
+break;
 default:
 error_report("Received unexpected msg type.\n");
 return -1;
-- 
1.7.12.4

[Qemu-devel] [PATCH v2 1/3] vhost-user: update the protocol.

[linhaifeng]

From: Linhaifeng 

Every messages need reply.
This path just update the vhost-user.txt to version 0x6.

Signed-off-by: Linhaifeng 
---
 docs/specs/vhost-user.txt | 17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/docs/specs/vhost-user.txt b/docs/specs/vhost-user.txt
index 650bb18..448babc 100644
--- a/docs/specs/vhost-user.txt
+++ b/docs/specs/vhost-user.txt
@@ -23,6 +23,10 @@ be a software Ethernet switch running in user space, such as 
Snabbswitch.
 Master and slave can be either a client (i.e. connecting) or server (listening)
 in the socket communication.
 
+version 0x1: Supply base communication between master and slave.
+version 0x6: Add reply for more robust.
+
+
 Message Specification
 -
 
@@ -35,7 +39,7 @@ consists of 3 header fields and a payload:
 
  * Request: 32-bit type of the request
  * Flags: 32-bit bit field:
-   - Lower 2 bits are the version (currently 0x01)
+   - Lower 2 bits are the version (currently 0x06)
- Bit 2 is the reply flag - needs to be sent on each reply from the slave
  * Size - 32-bit size of the payload
 
@@ -144,6 +148,7 @@ Message types
   Id: 2
   Ioctl: VHOST_SET_FEATURES
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Enable features in the underlying vhost implementation using a bitmask.
 
@@ -171,6 +176,7 @@ Message types
   Id: 5
   Equivalent ioctl: VHOST_SET_MEM_TABLE
   Master payload: memory regions description
+  Slave payload: u64 0:success else:fail
 
   Sets the memory map regions on the slave so it can translate the vring
   addresses. In the ancillary data there is an array of file descriptors
@@ -182,6 +188,7 @@ Message types
   Id: 6
   Equivalent ioctl: VHOST_SET_LOG_BASE
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Sets the logging base address.
 
@@ -190,6 +197,7 @@ Message types
   Id: 7
   Equivalent ioctl: VHOST_SET_LOG_FD
   Master payload: N/A
+  Slave payload: u64 0:success else:fail
 
   Sets the logging file descriptor, which is passed as ancillary data.
 
@@ -198,6 +206,7 @@ Message types
   Id: 8
   Equivalent ioctl: VHOST_SET_VRING_NUM
   Master payload: vring state description
+  Slave payload: u64 0:success else:fail
 
   Sets the number of vrings for this owner.
 
@@ -206,7 +215,7 @@ Message types
   Id: 9
   Equivalent ioctl: VHOST_SET_VRING_ADDR
   Master payload: vring address description
-  Slave payload: N/A
+  Slave payload: u64 0:success else:fail
 
   Sets the addresses of the different aspects of the vring.
 
@@ -215,6 +224,7 @@ Message types
   Id: 10
   Equivalent ioctl: VHOST_SET_VRING_BASE
   Master payload: vring state description
+  Slave payload: u64 0:success else:fail
 
   Sets the base offset in the available vring.
 
@@ -232,6 +242,7 @@ Message types
   Id: 12
   Equivalent ioctl: VHOST_SET_VRING_KICK
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Set the event file descriptor for adding buffers to the vring. It
   is passed in the ancillary data.
@@ -245,6 +256,7 @@ Message types
   Id: 13
   Equivalent ioctl: VHOST_SET_VRING_CALL
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Set the event file descriptor to signal when buffers are used. It
   is passed in the ancillary data.
@@ -258,6 +270,7 @@ Message types
   Id: 14
   Equivalent ioctl: VHOST_SET_VRING_ERR
   Master payload: u64
+  Slave payload: u64 0:success else:fail
 
   Set the event file descriptor to signal when error occurs. It
   is passed in the ancillary data.
-- 
1.7.12.4

Re: [Qemu-devel] [PATCH v4 14/16] block: Clamp BlockBackend requests

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:23PM -0500, Max Reitz wrote:
> BlockBackend is used as the interface between the block layer and guest
> devices. It should therefore assure that all requests are clamped to the
> image size.
> 
> Signed-off-by: Max Reitz 
> Reviewed-by: Eric Blake 
> Reviewed-by: Kevin Wolf 
> ---
>  block/block-backend.c | 152 
> ++
>  1 file changed, 152 insertions(+)

Reviewed-by: Stefan Hajnoczi 


pgpVDIOzijmNG.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 15/16] block: Remove "growable" from BDS

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:24PM -0500, Max Reitz wrote:
> Now that request clamping is done in the BlockBackend, the "growable"
> field can be removed from the BlockDriverState. All BDSs are now treated
> as being "growable" (that is, they are allowed to grow; they are not
> necessarily actually able to).
> 
> Signed-off-by: Max Reitz 
> ---
>  block.c   | 24 +++-
>  block/qcow2.c |  6 --
>  block/raw-posix.c |  2 +-
>  block/raw-win32.c |  2 +-
>  block/sheepdog.c  |  2 +-
>  include/block/block_int.h |  3 ---
>  6 files changed, 10 insertions(+), 29 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpRvQkEW_jyu.pgp
Description: PGP signature

Re: [Qemu-devel] [PATCH v4 16/16] block: Keep bdrv_check*_request()'s return value

[Stefan Hajnoczi]

On Thu, Feb 05, 2015 at 01:58:25PM -0500, Max Reitz wrote:
> Do not throw away the value returned by bdrv_check_request() and
> bdrv_check_byte_request().
> 
> Fix up some coding style issues in the proximity of the affected hunks.
> 
> Signed-off-by: Max Reitz 
> Reviewed-by: Eric Blake 
> Reviewed-by: Kevin Wolf 
> ---
>  block.c | 35 ---
>  1 file changed, 24 insertions(+), 11 deletions(-)

Reviewed-by: Stefan Hajnoczi 


pgpOVhiYpceXS.pgp
Description: PGP signature

Re: [Qemu-devel] [PULL 06/37] target-ppc: VXSQRT Should Not Be Set for NaNs

[Tom Musta]

I agree that the comment is incorrect and should say "sNaN square root".

On Thu, Feb 12, 2015 at 4:21 PM, Maciej W. Rozycki 
wrote:

> On Wed, 7 Jan 2015, Alexander Graf wrote:
>
> > diff --git a/target-ppc/fpu_helper.c b/target-ppc/fpu_helper.c
> > index 7f74466..81db60f 100644
> > --- a/target-ppc/fpu_helper.c
> > +++ b/target-ppc/fpu_helper.c
> > @@ -920,14 +923,16 @@ uint64_t helper_fsqrt(CPUPPCState *env, uint64_t
> arg)
> >
> >  farg.ll = arg;
> >
> > -if (unlikely(float64_is_neg(farg.d) && !float64_is_zero(farg.d))) {
> > -/* Square root of a negative nonzero number */
> > -farg.ll = fload_invalid_op_excp(env, POWERPC_EXCP_FP_VXSQRT, 1);
> > -} else {
> > +if (unlikely(float64_is_any_nan(farg.d))) {
> >  if (unlikely(float64_is_signaling_nan(farg.d))) {
> > -/* sNaN square root */
> > +/* sNaN reciprocal square root */
>
>  This change to the comment looks accidental, compare the changes below.
> Should it be reverted?  [Found this while resolving merge conflicts.]
>
> >  fload_invalid_op_excp(env, POWERPC_EXCP_FP_VXSNAN, 1);
> > +farg.ll = float64_snan_to_qnan(farg.ll);
> >  }
> > +} else if (unlikely(float64_is_neg(farg.d) &&
> !float64_is_zero(farg.d))) {
> > +/* Square root of a negative nonzero number */
> > +farg.ll = fload_invalid_op_excp(env, POWERPC_EXCP_FP_VXSQRT, 1);
> > +} else {
> >  farg.d = float64_sqrt(farg.d, &env->fp_status);
> >  }
> >  return farg.ll;
> > @@ -974,17 +979,20 @@ uint64_t helper_frsqrte(CPUPPCState *env, uint64_t
> arg)
> >
> >  farg.ll = arg;
> >
> > -if (unlikely(float64_is_neg(farg.d) && !float64_is_zero(farg.d))) {
> > -/* Reciprocal square root of a negative nonzero number */
> > -farg.ll = fload_invalid_op_excp(env, POWERPC_EXCP_FP_VXSQRT, 1);
> > -} else {
> > +if (unlikely(float64_is_any_nan(farg.d))) {
> >  if (unlikely(float64_is_signaling_nan(farg.d))) {
> >  /* sNaN reciprocal square root */
> >  fload_invalid_op_excp(env, POWERPC_EXCP_FP_VXSNAN, 1);
> > +farg.ll = float64_snan_to_qnan(farg.ll);
> >  }
> > +} else if (unlikely(float64_is_neg(farg.d) &&
> !float64_is_zero(farg.d))) {
> > +/* Reciprocal square root of a negative nonzero number */
> > +farg.ll = fload_invalid_op_excp(env, POWERPC_EXCP_FP_VXSQRT, 1);
> > +} else {
> >  farg.d = float64_sqrt(farg.d, &env->fp_status);
> >  farg.d = float64_div(float64_one, farg.d, &env->fp_status);
> >  }
> > +
> >  return farg.ll;
> >  }
> >
>
>   Maciej
>

[Qemu-devel] [PATCH 0/3] pci: fix memory region lifecycle issues, document the rules

[Paolo Bonzini]

While these patches were originally in "part 3" of the RCU patches,
it turns out that the semantics they enforce are already important now
(reported by Alex Williamson and Matthew Rosato), so here they are!

Patch 1 fixes a MemoryRegion leak (and fixes it the right way, so that
the new lifecycle rules are respected!).

Patch 2 fixes a case where a memory region could be referenced (in
an RCU callback) when it had no parent, similar to the s390 case.

Patch 3 documents the MemoryRegion lifecycle rules now that (except for
s390, which Matthew is going to fix soon) QEMU actually follows them.

Please review and ACK.  Michael, okay to apply the first two through the
RCU tree?

Paolo

Paolo Bonzini (3):
  pcie: remove mmconfig memory leak and wrap mmconfig update with transaction
  pci: split shpc_cleanup and shpc_free
  docs: clarify memory region lifecycle

 docs/memory.txt| 74 +-
 hw/pci-bridge/pci_bridge_dev.c | 14 +---
 hw/pci/pcie_host.c |  7 ++--
 hw/pci/shpc.c  |  5 +++
 include/hw/pci/shpc.h  |  1 +
 5 files changed, 79 insertions(+), 22 deletions(-)

-- 
1.8.3.1

[Qemu-devel] [PATCH 2/3] pci: split shpc_cleanup and shpc_free

[Paolo Bonzini]

object_unparent should not be called until the parent device is going to be
destroyed.  Only remove the capability and do memory_region_del_subregion
at unrealize time.  Freeing the data structures is left in shpc_free, to
be called from the instance_finalize callback.

shpc_free follows the same coding style that Alex suggested for VFIO
(i.e. since a test for NULL is requested, clear the field at end).

Signed-off-by: Paolo Bonzini 
---
 hw/pci-bridge/pci_bridge_dev.c | 14 ++
 hw/pci/shpc.c  | 11 ++-
 include/hw/pci/shpc.h  |  1 +
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/hw/pci-bridge/pci_bridge_dev.c b/hw/pci-bridge/pci_bridge_dev.c
index 252ea5e..36f73e1 100644
--- a/hw/pci-bridge/pci_bridge_dev.c
+++ b/hw/pci-bridge/pci_bridge_dev.c
@@ -97,6 +97,11 @@ static void pci_bridge_dev_exitfn(PCIDevice *dev)
 pci_bridge_exitfn(dev);
 }
 
+static void pci_bridge_dev_instance_finalize(Object *obj)
+{
+shpc_free(PCI_DEVICE(obj));
+}
+
 static void pci_bridge_dev_write_config(PCIDevice *d,
 uint32_t address, uint32_t val, int 
len)
 {
@@ -154,10 +159,11 @@ static void pci_bridge_dev_class_init(ObjectClass *klass, 
void *data)
 }
 
 static const TypeInfo pci_bridge_dev_info = {
-.name  = TYPE_PCI_BRIDGE_DEV,
-.parent= TYPE_PCI_BRIDGE,
-.instance_size = sizeof(PCIBridgeDev),
-.class_init = pci_bridge_dev_class_init,
+.name  = TYPE_PCI_BRIDGE_DEV,
+.parent= TYPE_PCI_BRIDGE,
+.instance_size = sizeof(PCIBridgeDev),
+.class_init= pci_bridge_dev_class_init,
+.instance_finalize = pci_bridge_dev_instance_finalize,
 .interfaces = (InterfaceInfo[]) {
 { TYPE_HOTPLUG_HANDLER },
 { }
diff --git a/hw/pci/shpc.c b/hw/pci/shpc.c
index 27c496e..5fd7f4b 100644
--- a/hw/pci/shpc.c
+++ b/hw/pci/shpc.c
@@ -663,13 +663,22 @@ void shpc_cleanup(PCIDevice *d, MemoryRegion *bar)
 SHPCDevice *shpc = d->shpc;
 d->cap_present &= ~QEMU_PCI_CAP_SHPC;
 memory_region_del_subregion(bar, &shpc->mmio);
-object_unparent(OBJECT(&shpc->mmio));
 /* TODO: cleanup config space changes? */
+}
+
+void shpc_free(PCIDevice *d)
+{
+SHPCDevice *shpc = d->shpc;
+if (!shpc) {
+return;
+}
+object_unparent(OBJECT(&shpc->mmio));
 g_free(shpc->config);
 g_free(shpc->cmask);
 g_free(shpc->wmask);
 g_free(shpc->w1cmask);
 g_free(shpc);
+d->shpc = NULL;
 }
 
 void shpc_cap_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int l)
diff --git a/include/hw/pci/shpc.h b/include/hw/pci/shpc.h
index 025bc5b..9bbea39 100644
--- a/include/hw/pci/shpc.h
+++ b/include/hw/pci/shpc.h
@@ -41,6 +41,7 @@ void shpc_reset(PCIDevice *d);
 int shpc_bar_size(PCIDevice *dev);
 int shpc_init(PCIDevice *dev, PCIBus *sec_bus, MemoryRegion *bar, unsigned 
off);
 void shpc_cleanup(PCIDevice *dev, MemoryRegion *bar);
+void shpc_free(PCIDevice *dev);
 void shpc_cap_write_config(PCIDevice *d, uint32_t addr, uint32_t val, int len);
 
 
-- 
1.8.3.1

[Qemu-devel] [PATCH 3/3] docs: clarify memory region lifecycle

[Paolo Bonzini]

Now that objects actually obey the rules, document them.

Signed-off-by: Paolo Bonzini 
---
 docs/memory.txt | 74 -
 1 file changed, 58 insertions(+), 16 deletions(-)

diff --git a/docs/memory.txt b/docs/memory.txt
index b12f1f0..2ceb348 100644
--- a/docs/memory.txt
+++ b/docs/memory.txt
@@ -73,17 +73,66 @@ stability.
 Region lifecycle
 
 
-A region is created by one of the constructor functions (memory_region_init*())
-and attached to an object.  It is then destroyed by object_unparent() or simply
-when the parent object dies.
+A region is created by one of the memory_region_init*() functions and
+attached to an object, which acts as its owner or parent.  QEMU ensures
+that the owner object remains alive as long as the region is visible to
+the guest, or as long as the region is in use by a virtual CPU or another
+device.  For example, the owner object will not die between an
+address_space_map operation and the corresponding address_space_unmap.
 
-In between, a region can be added to an address space
-by using memory_region_add_subregion() and removed using
-memory_region_del_subregion().  Destroying the region implicitly
-removes the region from the address space.
+After creation, a region can be added to an address space or a
+container with memory_region_add_subregion(), and removed using
+memory_region_del_subregion().
 
-Region attributes may be changed at any point; they take effect once
-the region becomes exposed to the guest.
+Various region attributes (read-only, dirty logging, coalesced mmio,
+ioeventfd) can be changed during the region lifecycle.  They take effect
+as soon as the region is made visible.  This can be immediately, later,
+or never.
+
+Destruction of a memory region happens automatically when the owner
+object dies.
+
+If however the memory region is part of a dynamically allocated data
+structure, you should call object_unparent() to destroy the memory region
+before the data structure is freed.  For an example see VFIOMSIXInfo
+and VFIOQuirk in hw/vfio/pci.c.
+
+You must not destroy a memory region as long as it may be in use by a
+device or CPU.  In order to do this, as a general rule do not create or
+destroy memory regions dynamically during a device's lifetime, and only
+call object_unparent() in the memory region owner's instance_finalize
+callback.  The dynamically allocated data structure that contains the
+memory region then should obviously be freed in the instance_finalize
+callback as well.
+
+If you break this rule, the following situation can happen:
+
+- the memory region's owner had a reference taken via memory_region_ref
+  (for example by address_space_map)
+
+- the region is unparented, and has no owner anymore
+
+- when address_space_unmap is called, the reference to the memory region's
+  owner is leaked.
+
+
+There is an exception to the above rule: it is okay to call
+object_unparent at any time for an alias or a container region.  It is
+therefore also okay to create or destroy alias and container regions
+dynamically during a device's lifetime.
+
+This exceptional usage is valid because aliases and containers only help
+QEMU building the guest's memory map; they are never accessed directly.
+memory_region_ref and memory_region_unref are never called on aliases
+or containers, and the above situation then cannot happen.  Exploiting
+this exception is rarely necessary, and therefore it is discouraged,
+but nevertheless it is used in a few places.
+
+For regions that "have no owner" (NULL is passed at creation time), the
+machine object is actually used as the owner.  Since instance_finalize is
+never called for the machine object, you must never call object_unparent
+on regions that have no owner, unless they are aliases or containers.
+
 
 Overlapping regions and priority
 
@@ -215,13 +264,6 @@ BAR containing MMIO registers is mapped after it.
 Note that if the guest maps a BAR outside the PCI hole, it would not be
 visible as the pci-hole alias clips it to a 0.5GB range.
 
-Attributes
---
-
-Various region attributes (read-only, dirty logging, coalesced mmio, ioeventfd)
-can be changed during the region lifecycle.  They take effect once the region
-is made visible (which can be immediately, later, or never).
-
 MMIO Operations
 ---
 
-- 
1.8.3.1

[Qemu-devel] [PATCH 1/3] pcie: remove mmconfig memory leak and wrap mmconfig update with transaction

[Paolo Bonzini]

This memory leak was introduced inadvertently by omitting object_unparent.
A better fix is to use the new memory_region_set_size instead of destroying
and recreating the MMIO region on the fly.

Also, ensure that unmapping and remapping the region is done atomically.

Signed-off-by: Paolo Bonzini 
---
 hw/pci/pcie_host.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hw/pci/pcie_host.c b/hw/pci/pcie_host.c
index dfb4a2b..d8afba8 100644
--- a/hw/pci/pcie_host.c
+++ b/hw/pci/pcie_host.c
@@ -88,6 +88,8 @@ static void pcie_host_init(Object *obj)
 PCIExpressHost *e = PCIE_HOST_BRIDGE(obj);
 
 e->base_addr = PCIE_BASE_ADDR_UNMAPPED;
+memory_region_init_io(&e->mmio, OBJECT(e), &pcie_mmcfg_ops, e, 
"pcie-mmcfg-mmio",
+  PCIE_MMCFG_SIZE_MAX);
 }
 
 void pcie_host_mmcfg_unmap(PCIExpressHost *e)
@@ -104,8 +106,7 @@ void pcie_host_mmcfg_init(PCIExpressHost *e, uint32_t size)
 assert(size >= PCIE_MMCFG_SIZE_MIN);
 assert(size <= PCIE_MMCFG_SIZE_MAX);
 e->size = size;
-memory_region_init_io(&e->mmio, OBJECT(e), &pcie_mmcfg_ops, e,
-  "pcie-mmcfg", e->size);
+memory_region_set_size(&e->mmio, e->size);
 }
 
 void pcie_host_mmcfg_map(PCIExpressHost *e, hwaddr addr,
@@ -121,10 +122,12 @@ void pcie_host_mmcfg_update(PCIExpressHost *e,
 hwaddr addr,
 uint32_t size)
 {
+memory_region_transaction_begin();
 pcie_host_mmcfg_unmap(e);
 if (enable) {
 pcie_host_mmcfg_map(e, addr, size);
 }
+memory_region_transaction_commit();
 }
 
 static const TypeInfo pcie_host_type_info = {
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH] cocoa.m: Adds console items to the view menu

[Programmingkid]

On Feb 13, 2015, at 2:45 AM, Gerd Hoffmann wrote:

>  Hi,
> 
>> We're going to need to automatically create and update
>> the menu entries based on which consoles get created
>> if we want this to work properly, I think. Gerd, any
>> suggestions?  Is there a hook for "list of active
>> consoles has changed"?
> 
> No.  consoles are not hotpluggable.
> 
>> What's the right way to get
>> the printable name of a console?
> 
> gd_vc_gfx_init() has code for gfx consoles (qemu_console_is_graphic() ==
> true).
> 
> There is nothing for text consoles.
> 
> Guess we should create a qemu_console_get_label() helper function in
> ui/console.c, then move the code from gd_vc_gfx_init() to that place,
> and for text consoles use QemuConsole->chr->label.
> 
> cheers,
>  Gerd
Thank you Gerd for your suggestion. 

Here is my suggestion:
int get_Graphics_Console_Index()
int get_Serial_Console_Index()
int get_Parallel_Console_Index()
int get_Monitor_Console_Index()

Then I would be able to do this:
console_select(get_Serial_Console_Index());

The is simple and to the point. No having to have to search for a console.
If the console does not exist, the function could return -1. Then the code
would something like this:

if(get_Serial_Console_Index() != -1)
console_select(get_Serial_Console_Index());
else
printf("Sorry but Serial console does not exist\n\a");

[Qemu-devel] [vhost] link new devices

[Vasile Catalin-B50542]

How does the vhost API links with vhost devices?
I don't see any "*-net" or "*_net" or even "*net" references in vhost 
API files,

nor do I see any registering macros inside vhost-net device code.

[Qemu-devel] [PATCH 8/9] throttle: Update throttle infrastructure copyright

[Alberto Garcia]

From: Benoît Canet 

Signed-off-by: Benoit Canet 
Signed-off-by: Alberto Garcia 
---
 include/qemu/throttle.h | 4 ++--
 tests/test-throttle.c   | 4 ++--
 util/throttle.c | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/qemu/throttle.h b/include/qemu/throttle.h
index f846e5a..6174332 100644
--- a/include/qemu/throttle.h
+++ b/include/qemu/throttle.h
@@ -1,10 +1,10 @@
 /*
  * QEMU throttling infrastructure
  *
- * Copyright (C) Nodalink, SARL. 2013
+ * Copyright (C) Nodalink, EURL. 2013-2014
  *
  * Author:
- *   Benoît Canet 
+ *   Benoît Canet 
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as
diff --git a/tests/test-throttle.c b/tests/test-throttle.c
index 0b649b1..cf58e0e 100644
--- a/tests/test-throttle.c
+++ b/tests/test-throttle.c
@@ -1,10 +1,10 @@
 /*
  * Throttle infrastructure tests
  *
- * Copyright Nodalink, SARL. 2013
+ * Copyright Nodalink, EURL. 2013-2014
  *
  * Authors:
- *  Benoît Canet 
+ *  Benoît Canet 
  *
  * This work is licensed under the terms of the GNU LGPL, version 2 or later.
  * See the COPYING.LIB file in the top-level directory.
diff --git a/util/throttle.c b/util/throttle.c
index 4219ace..aa0ea65 100644
--- a/util/throttle.c
+++ b/util/throttle.c
@@ -1,10 +1,10 @@
 /*
  * QEMU throttling infrastructure
  *
- * Copyright (C) Nodalink, SARL. 2013
+ * Copyright (C) Nodalink, EURL. 2013-2014
  *
  * Author:
- *   Benoît Canet 
+ *   Benoît Canet 
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as
-- 
2.1.4