Re: [Qemu-devel] [PATCH v5] target-i386: Register QOM properties for feature flags

[Igor Mammedov]

On Tue, 14 Apr 2015 12:28:24 -0300
Eduardo Habkost  wrote:

> This uses the feature name arrays to register QOM properties for feature
> flags. This simply adds properties that can be configured using -global,
> but doesn't change x86_cpu_parse_featurestr() to use them yet.
> 
> Signed-off-by: Eduardo Habkost 
> ---
> Changes v1 -> v2:
> * Use "cpuid-" prefix instead of "feat-"
> * Register release function for property
> * Convert '_' to '-' on feature name before registering property
> * Add dev->realized check to property setter
> 
> Changes v2 -> v3:
> * Register alias properties for feature name aliases
> * Patch is based on x86 tree, at:
>   https://github.com/ehabkost/qemu.git x86
> 
> Changes v3 -> v4:
> * Remove "cpuid-" prefix altogether
> 
> Changes v4 -> v5:
> * Coding style changes (mostly blank lines after variable declarations)
> * Change feature property registration to be a generic "bit property"
>   registration function
> * Check for visitor errors on bit property setter
> * Rename "bit" variables to "bitnr"
> * Get bitnr as argument to bit property registration function, instead
>   of mask
> ---
>  target-i386/cpu.c | 121 
> ++
>  1 file changed, 121 insertions(+)
> 
> diff --git a/target-i386/cpu.c b/target-i386/cpu.c
> index 3305e09..9b11208 100644
> --- a/target-i386/cpu.c
> +++ b/target-i386/cpu.c
> @@ -2841,12 +2841,125 @@ out:
>  }
>  }
>  
> +typedef struct BitProperty {
> +uint32_t *ptr;
> +uint32_t mask;
> +} BitProperty;
> +
> +static void x86_cpu_get_bit_prop(Object *obj,
> + struct Visitor *v,
> + void *opaque,
> + const char *name,
> + Error **errp)
> +{
> +BitProperty *fp = opaque;
> +bool value = (*fp->ptr & fp->mask) == fp->mask;
> +visit_type_bool(v, &value, name, errp);
> +}
> +
> +static void x86_cpu_set_bit_prop(Object *obj,
> + struct Visitor *v,
> + void *opaque,
> + const char *name,
> + Error **errp)
> +{
> +DeviceState *dev = DEVICE(obj);
> +BitProperty *fp = opaque;
> +Error *local_err = NULL;
> +bool value;
> +
> +if (dev->realized) {
> +qdev_prop_set_after_realize(dev, name, errp);
> +return;
> +}
> +
> +visit_type_bool(v, &value, name, &local_err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +
> +if (value) {
> +*fp->ptr |= fp->mask;
> +} else {
> +*fp->ptr &= ~fp->mask;
> +}
> +}
> +
> +static void x86_cpu_release_bit_prop(Object *obj, const char *name,
> + void *opaque)
indent went astray ^^^

> +{
> +BitProperty *prop = opaque;
> +g_free(prop);
> +}
> +
> +/* Register a boolean property to get/set a single bit in a uint32_t field.
> + *
> + * The same property name can be registered multiple times to make it affect
> + * multiple bits in the same FeatureWord. In that case, the getter will 
> return
> + * true only if all bits are set.
> + */
> +static void x86_cpu_register_bit_prop(X86CPU *cpu,
> +  const char *prop_name,
> +  uint32_t *field,
> +  int bitnr)
> +{
> +BitProperty *fp;
> +ObjectProperty *op;
> +uint32_t mask = (1UL << bitnr);
> +
> +op = object_property_find(OBJECT(cpu), prop_name, NULL);
> +if (op) {
> +fp = op->opaque;
> +assert(fp->ptr == field);
> +fp->mask |= mask;
> +} else {
> +fp = g_new0(BitProperty, 1);
> +fp->ptr = field;
> +fp->mask = mask;
> +object_property_add(OBJECT(cpu), prop_name, "bool",
> +x86_cpu_get_bit_prop,
> +x86_cpu_set_bit_prop,
> +x86_cpu_release_bit_prop, fp, &error_abort);
> +}
> +}
> +
> +static void x86_cpu_register_feature_bit_props(X86CPU *cpu,
> +   FeatureWord w,
> +   int bitnr)
> +{
> +Object *obj = OBJECT(cpu);
> +int i;
> +char **names;
> +FeatureWordInfo *fi = &feature_word_info[w];
> +
> +if (!fi->feat_names) {
> +return;
> +}
> +if (!fi->feat_names[bitnr]) {
> +return;
> +}
> +
> +names = g_strsplit(fi->feat_names[bitnr], "|", 0);
> +
> +feat2prop(names[0]);
> +x86_cpu_register_bit_prop(cpu, names[0], &cpu->env.features[w], bitnr);
> +
> +for (i = 1; names[i]; i++) {
> +feat2prop(names[i]);
> +object_property_add_alias(obj, names[i], obj, names[0], 
> &error_abort);
> +}
> +
> +g_strfreev(names);
> +}
> +
>  static void x86_cpu_initfn(Object *obj)
>  {
>   

Re: [Qemu-devel] [PATCH v2 1/4] qapi: Fix C identifiers generated for names containing '.'

[Alberto Garcia]

On Sáb 11 Abr 2015 20:09:40 CEST, Eric Blake  wrote:
> From: Markus Armbruster 
>
> c_fun() maps '.' to '_', c_var() doesn't.  Nothing prevents '.' in
> QAPI names that get passed to c_var().
>
> Which QAPI names get passed to c_fun(), to c_var(), or to both is not
> obvious.  Names of command parameters and struct type members get
> passed to c_var().
>
> c_var() strips a leading '*', but this cannot happen.  c_fun()
> doesn't.
>
> Fix c_var() to work exactly like c_fun().
>
> Perhaps they should be replaced by a single mapping function.
>
> Signed-off-by: Markus Armbruster 
> [add 'import string']
> Signed-off-by: Eric Blake 

Reviewed-by: Alberto Garcia 

Berto

Re: [Qemu-devel] [PATCH v2 2/4] qapi: Drop duplicate c_fun() in favor of c_var()

[Alberto Garcia]

On Sáb 11 Abr 2015 20:09:41 CEST, Eric Blake wrote:
> Now that the two functions are identical, we only need one of them.
>
> Signed-off-by: Eric Blake 
> ---
>  scripts/qapi-commands.py | 15 ---
>  scripts/qapi-event.py|  2 +-
>  scripts/qapi-types.py|  4 ++--
>  scripts/qapi-visit.py|  4 ++--
>  scripts/qapi.py  |  5 +
>  5 files changed, 14 insertions(+), 16 deletions(-)

Reviewed-by: Alberto Garcia 

Berto

[Qemu-devel] [PATCH v1 0/1] s390 pci infrastucture modeling

[Hong Bo Li]

This patch extends the current s390 pci implementation to
provide more flexibility in configuration of s390 specific
device handling. For this we had to introduce a new facility
(and bus) to hold devices representing information actually
provided by s390 firmware and I/O configuration.

For each vfio pci device, I create a zpci device to store s390
specific informations. And attach all of these special zpci devices
to the s390 facility bus. A zpci device references the corresponding
PCI device via device id. 

Compare to the old implementation, I moved the actual hotplug/unplug 
codes to s390 pci device hot plug function. Then in the pcihost 
hotplug function, we don't need to do anything special. In the pcihost
unplug function, we need to unplug the corresponding zpci device.

The new design allows to define multiple host bridges, each host bridge
could hold 32 zpci devices at most.

The topology for this implementation could be:

  dev: s390-pcihost, id ""
bus: pci.0
  type PCI
  dev: vfio-pci, id "vpci1"
host = ":00:00.0"
..
  dev: vfio-pci, id "vpci2"
host = "0001:00:00.0"
..
  dev: s390-pci-facility, id ""
bus: s390-pci-fac-bus.0
  type s390-pci-fac-bus
  dev: zpci, id "zpci1"
fid = 1 (0x1)
uid = 2 (0x2)
pci_id = "vpci1"
  dev: zpci, id "zpci2"
fid = 6 (0x6)
uid = 7 (0x7)
pci_id = "vpci2"

To make the review easier, I keep all of the old names, such as 
S390PCIBusDevice to name a zpci device. I will make a cleanup 
patch later to change these names to a more suitable name.

Hong Bo Li (1):
  S390 pci infrastructure modeling

 hw/s390x/s390-pci-bus.c| 317 +
 hw/s390x/s390-pci-bus.h|  48 ++-
 hw/s390x/s390-pci-inst.c   |   4 +-
 hw/s390x/s390-virtio-ccw.c |   4 +-
 4 files changed, 285 insertions(+), 88 deletions(-)

-- 
1.9.3

[Qemu-devel] [PATCH v1 1/1] S390 pci infrastructure modeling

[Hong Bo Li]

This patch contains the actual interesting changes.
usage example:
-device s390-pcihost
-device vfio-pci,host=:00:00.0,id=vpci1
-device zpci,fid=2,uid=5,pci_id=vpci1,id=zpci1

The first line will create a s390 pci host bridge
and init the root bus. The second line will create
a standard vfio pci device, and attach it to the
root bus. These are similiar to the standard process
to define a pci device on other platform.

The third line will create a s390 pci device to
store s390 specific information, and references
the corresponding vfio pci device via device id.
We create a s390 pci facility bus to hold all the
zpci devices.

Signed-off-by: Hong Bo Li 
---
 hw/s390x/s390-pci-bus.c| 317 +
 hw/s390x/s390-pci-bus.h|  48 ++-
 hw/s390x/s390-pci-inst.c   |   4 +-
 hw/s390x/s390-virtio-ccw.c |   4 +-
 4 files changed, 285 insertions(+), 88 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 3c086f6..c81093e 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -32,8 +32,8 @@ int chsc_sei_nt2_get_event(void *res)
 PciCcdfErr *eccdf;
 int rc = 1;
 SeiContainer *sei_cont;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
 
 if (!s) {
 return rc;
@@ -72,8 +72,8 @@ int chsc_sei_nt2_get_event(void *res)
 
 int chsc_sei_nt2_have_event(void)
 {
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
 
 if (!s) {
 return 0;
@@ -82,20 +82,32 @@ int chsc_sei_nt2_have_event(void)
 return !QTAILQ_EMPTY(&s->pending_sei);
 }
 
+void s390_pci_device_enable(S390PCIBusDevice *zpci)
+{
+zpci->fh = zpci->fh | 1 << ENABLE_BIT_OFFSET;
+}
+
+void s390_pci_device_disable(S390PCIBusDevice *zpci)
+{
+zpci->fh = zpci->fh & ~(1 << ENABLE_BIT_OFFSET);
+if (zpci->is_unplugged)
+object_unparent(OBJECT(zpci));
+}
+
 S390PCIBusDevice *s390_pci_find_dev_by_fid(uint32_t fid)
 {
 S390PCIBusDevice *pbdev;
-int i;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+BusChild *kid;
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
 
 if (!s) {
 return NULL;
 }
 
-for (i = 0; i < PCI_SLOT_MAX; i++) {
-pbdev = &s->pbdev[i];
-if ((pbdev->fh != 0) && (pbdev->fid == fid)) {
+QTAILQ_FOREACH(kid, &s->fbus->qbus.children, sibling) {
+pbdev = (S390PCIBusDevice *)kid->child;
+if (pbdev->fid == fid) {
 return pbdev;
 }
 }
@@ -126,39 +138,24 @@ void s390_pci_sclp_configure(int configure, SCCB *sccb)
 return;
 }
 
-static uint32_t s390_pci_get_pfid(PCIDevice *pdev)
-{
-return PCI_SLOT(pdev->devfn);
-}
-
-static uint32_t s390_pci_get_pfh(PCIDevice *pdev)
-{
-return PCI_SLOT(pdev->devfn) | FH_VIRT;
-}
-
 S390PCIBusDevice *s390_pci_find_dev_by_idx(uint32_t idx)
 {
 S390PCIBusDevice *pbdev;
-int i;
-int j = 0;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+BusChild *kid;
+int i = 0;
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
 
 if (!s) {
 return NULL;
 }
 
-for (i = 0; i < PCI_SLOT_MAX; i++) {
-pbdev = &s->pbdev[i];
-
-if (pbdev->fh == 0) {
-continue;
-}
-
-if (j == idx) {
+QTAILQ_FOREACH(kid, &s->fbus->qbus.children, sibling) {
+pbdev = (S390PCIBusDevice *)kid->child;
+if (i == idx) {
 return pbdev;
 }
-j++;
+i++;
 }
 
 return NULL;
@@ -167,16 +164,17 @@ S390PCIBusDevice *s390_pci_find_dev_by_idx(uint32_t idx)
 S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh)
 {
 S390PCIBusDevice *pbdev;
-int i;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+BusChild *kid;
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
+
 
 if (!s || !fh) {
 return NULL;
 }
 
-for (i = 0; i < PCI_SLOT_MAX; i++) {
-pbdev = &s->pbdev[i];
+QTAILQ_FOREACH(kid, &s->fbus->qbus.children, sibling) {
+pbdev = (S390PCIBusDevice *)kid->child;
 if (pbdev->fh == fh) {
 return pbdev;
 }
@@ -185,12 +183,33 @@ S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh)
 return NULL;
 }
 
+static S390PCIBusDevice *s390_pci_find_dev_by_pdev(PCIDevice *pdev)
+{
+S390PCIBusDevice *pbdev;
+BusChild *kid;
+S390PCIFacility *s = S390_PCI_FACILITY(

Re: [Qemu-devel] [v7 12/14] migration: Use an array instead of 3 parameters

[Juan Quintela]

Eric Blake  wrote:
> On 04/08/2015 12:20 AM, Liang Li wrote:
>> Put the three parameters related to multiple thread (de)compression
>> into an int array, and use an enum type to index the parameter.
>> 
>> Signed-off-by: Liang Li 
>> Signed-off-by: Yang Zhang 
>> ---
>>  include/migration/migration.h |  4 +---
>>  migration/migration.c | 31 +++
>>  qapi-schema.json  | 23 +++
>>  3 files changed, 43 insertions(+), 15 deletions(-)
>> 
>
>> +++ b/qapi-schema.json
>> @@ -569,6 +569,29 @@
>>  ##
>>  { 'command': 'query-migrate-capabilities', 'returns':   
>> ['MigrationCapabilityStatus']}
>>  
>> +# @MigrationParameter
>> +#
>> +# Migration parameters enumeration
>> +#
>> +# @compress-level: Set the compression level to be used in live migration,
>> +#  the compression level is an integer between 0 and 9, where 0 
>> means
>> +#  no compression, 1 means the best compression speed, and 9 means 
>> best
>> +#  compression ratio which will consume more CPU.
>> +#
>> +# @compress-threads: Set compression thread count to be used in live 
>> migration,
>> +#  the compression thread count is an integer between 1 and 255.
>> +#
>> +# @decompress-threads: Set decompression thread count to be used in live
>> +#  migration, the decompression thread count is an integer between 1
>> +#  and 255. Usually, decompression is at least 4 times as fast as
>> +#  compression, so set the decompress-threads to the number about 
>> 1/4
>> +#  of compress-threads is adequate.
>
> s/so set/so setting/
>
>> +#
>> +# Since: 2.3
>
> 2.4
>
> Maintainer can fix if a respin is not needed.

Liang, I will fix the s/2.3/2.4/ while merging, no need of respin for
this.

Later, Juan.

[Qemu-devel] [PATCH v1 1/1] S390 pci infrastructure modeling

[Hong Bo Li]

This patch contains the actual interesting changes.
usage example:
-device s390-pcihost
-device vfio-pci,host=:00:00.0,id=vpci1
-device zpci,fid=2,uid=5,pci_id=vpci1,id=zpci1

The first line will create a s390 pci host bridge
and init the root bus. The second line will create
a standard vfio pci device, and attach it to the
root bus. These are similiar to the standard process
to define a pci device on other platform.

The third line will create a s390 pci device to
store s390 specific information, and references
the corresponding vfio pci device via device id.
We create a s390 pci facility bus to hold all the
zpci devices.

Signed-off-by: Hong Bo Li
---
 hw/s390x/s390-pci-bus.c| 317 +
 hw/s390x/s390-pci-bus.h|  48 ++-
 hw/s390x/s390-pci-inst.c   |   4 +-
 hw/s390x/s390-virtio-ccw.c |   4 +-
 4 files changed, 285 insertions(+), 88 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 3c086f6..c81093e 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -32,8 +32,8 @@ int chsc_sei_nt2_get_event(void *res)
 PciCcdfErr *eccdf;
 int rc = 1;
 SeiContainer *sei_cont;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));

 if (!s) {
 return rc;
@@ -72,8 +72,8 @@ int chsc_sei_nt2_get_event(void *res)

 int chsc_sei_nt2_have_event(void)
 {
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));

 if (!s) {
 return 0;
@@ -82,20 +82,32 @@ int chsc_sei_nt2_have_event(void)
 return !QTAILQ_EMPTY(&s->pending_sei);
 }

+void s390_pci_device_enable(S390PCIBusDevice *zpci)
+{
+zpci->fh = zpci->fh | 1 << ENABLE_BIT_OFFSET;
+}
+
+void s390_pci_device_disable(S390PCIBusDevice *zpci)
+{
+zpci->fh = zpci->fh & ~(1 << ENABLE_BIT_OFFSET);
+if (zpci->is_unplugged)
+object_unparent(OBJECT(zpci));
+}
+
 S390PCIBusDevice *s390_pci_find_dev_by_fid(uint32_t fid)
 {
 S390PCIBusDevice *pbdev;
-int i;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+BusChild *kid;
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));

 if (!s) {
 return NULL;
 }

-for (i = 0; i < PCI_SLOT_MAX; i++) {
-pbdev = &s->pbdev[i];
-if ((pbdev->fh != 0) && (pbdev->fid == fid)) {
+QTAILQ_FOREACH(kid, &s->fbus->qbus.children, sibling) {
+pbdev = (S390PCIBusDevice *)kid->child;
+if (pbdev->fid == fid) {
 return pbdev;
 }
 }
@@ -126,39 +138,24 @@ void s390_pci_sclp_configure(int configure, SCCB *sccb)
 return;
 }

-static uint32_t s390_pci_get_pfid(PCIDevice *pdev)
-{
-return PCI_SLOT(pdev->devfn);
-}
-
-static uint32_t s390_pci_get_pfh(PCIDevice *pdev)
-{
-return PCI_SLOT(pdev->devfn) | FH_VIRT;
-}
-
 S390PCIBusDevice *s390_pci_find_dev_by_idx(uint32_t idx)
 {
 S390PCIBusDevice *pbdev;
-int i;
-int j = 0;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+BusChild *kid;
+int i = 0;
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));

 if (!s) {
 return NULL;
 }

-for (i = 0; i < PCI_SLOT_MAX; i++) {
-pbdev = &s->pbdev[i];
-
-if (pbdev->fh == 0) {
-continue;
-}
-
-if (j == idx) {
+QTAILQ_FOREACH(kid, &s->fbus->qbus.children, sibling) {
+pbdev = (S390PCIBusDevice *)kid->child;
+if (i == idx) {
 return pbdev;
 }
-j++;
+i++;
 }

 return NULL;
@@ -167,16 +164,17 @@ S390PCIBusDevice *s390_pci_find_dev_by_idx(uint32_t idx)
 S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh)
 {
 S390PCIBusDevice *pbdev;
-int i;
-S390pciState *s = S390_PCI_HOST_BRIDGE(
-object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
+BusChild *kid;
+S390PCIFacility *s = S390_PCI_FACILITY(
+object_resolve_path(TYPE_S390_PCI_FACILITY, NULL));
+

 if (!s || !fh) {
 return NULL;
 }

-for (i = 0; i < PCI_SLOT_MAX; i++) {
-pbdev = &s->pbdev[i];
+QTAILQ_FOREACH(kid, &s->fbus->qbus.children, sibling) {
+pbdev = (S390PCIBusDevice *)kid->child;
 if (pbdev->fh == fh) {
 return pbdev;
 }
@@ -185,12 +183,33 @@ S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh)
 return NULL;
 }

+static S390PCIBusDevice *s390_pci_find_dev_by_pdev(PCIDevice *pdev)
+{
+S390PCIBusDevice *pbdev;
+BusChild *kid;
+S390PCIFacility *s = S390_PCI_FACILITY(
+obje

Re: [Qemu-devel] [v7 12/14] migration: Use an array instead of 3 parameters

[Li, Liang Z]

> Eric Blake  wrote:
> > On 04/08/2015 12:20 AM, Liang Li wrote:
> >> Put the three parameters related to multiple thread (de)compression
> >> into an int array, and use an enum type to index the parameter.
> >>
> >> Signed-off-by: Liang Li 
> >> Signed-off-by: Yang Zhang 
> >> ---
> >>  include/migration/migration.h |  4 +---
> >>  migration/migration.c | 31 +++
> >>  qapi-schema.json  | 23 +++
> >>  3 files changed, 43 insertions(+), 15 deletions(-)
> >>
> >
> >> +++ b/qapi-schema.json
> >> @@ -569,6 +569,29 @@
> >>  ##
> >>  { 'command': 'query-migrate-capabilities', 'returns':
> ['MigrationCapabilityStatus']}
> >>
> >> +# @MigrationParameter
> >> +#
> >> +# Migration parameters enumeration
> >> +#
> >> +# @compress-level: Set the compression level to be used in live
> migration,
> >> +#  the compression level is an integer between 0 and 9, where 0
> means
> >> +#  no compression, 1 means the best compression speed, and 9
> means best
> >> +#  compression ratio which will consume more CPU.
> >> +#
> >> +# @compress-threads: Set compression thread count to be used in live
> migration,
> >> +#  the compression thread count is an integer between 1 and 255.
> >> +#
> >> +# @decompress-threads: Set decompression thread count to be used in
> live
> >> +#  migration, the decompression thread count is an integer between
> 1
> >> +#  and 255. Usually, decompression is at least 4 times as fast as
> >> +#  compression, so set the decompress-threads to the number
> about 1/4
> >> +#  of compress-threads is adequate.
> >
> > s/so set/so setting/
> >
> >> +#
> >> +# Since: 2.3
> >
> > 2.4
> >
> > Maintainer can fix if a respin is not needed.
> 
> Liang, I will fix the s/2.3/2.4/ while merging, no need of respin for this.
> 
> Later, Juan.

OK, the v8 is very soon.

Liang

Re: [Qemu-devel] [RFC PATCH] vl.c: add -semihosting-config "arg" sub-argument

[Liviu Ionescu]

Peter/Leon,

I'm planning for my future releases, and, to avoid incompatible versions, I 
would like to help with the semihosting configuration issue, to speed up 
things. is there any chance to close this issue in the near future?

we currently have two solutions:

- multiple: --semihosting-config arg="..." 
- a single option, placed at the end, and followed by any number of arguments: 
--semihosting-cmdline $@ \n

both can generate the array of args required by UHI and both can pass args with 
spaces.

the second one is more scripting friendly, and is somehow in the spirit of 
other unix programs that need to pass such arguments.

please let me know how can I be of any help.


regards,

Liviu



> On 14 Apr 2015, at 20:42, Liviu Ionescu  wrote:
> 
> 
>> On 08 Apr 2015, at 19:20, Leon Alrae  wrote:
>> 
>> ... I do understand
>> however that in your particular case cmdline is more convenient, thus I
>> personally don’t mind having both options: the user-friendly cmdline and
>> more flexible arg.
> 
> I was a bit optimistic with the first implementation of 
> "--semihosting-cmdline string", since this approach complicates things when 
> calling the emulator from a script.
> 
> a normal script might do something like
> 
> ~~~
> # identify own args and use shift to 'eat' them
> exec qemu ... --semihosting-cmdline $@
> ~~~
> 
> the first thought was to transform the $@ array into a single string with 
> quotes, like "$@", but this does not work properly if the arguments already 
> include spaces.
> 
> so, after long considerations, I had to revert to the very first idea, to use 
> a variable number args option, which, obviously, cannot be placed anywhere 
> else but at the end.
> 
> the new implementation is available from:
> 
>  https://sourceforge.net/p/gnuarmeclipse/qemu/ci/gnuarmeclipse-dev/tree/vl.c
> 
> the option is identified in the first parsing loop, args are stored and argc 
> is diminished accordingly, for the second pass to work without any changes.
> 
> one more thing to note is the concatenate_semihosting_cmdline() function, 
> which is not as simple as Leon suggested in the original post, since it has 
> to add quotes to arguments containing spaces.
> 
> I updated the Eclipse plug-in to use this mechanism and there were no 
> problems. passing the args from a script is also pretty easy, so to me this 
> looks like the right solution.
> 
> 
> any comments?
> 
> 
> Livius
> 
> 
> 
> 
> 

Re: [Qemu-devel] [PATCH] PING - add 1394 support

[Thomas Huth]

Am Tue, 7 Apr 2015 11:18:41 +0300
schrieb Itamar Tal :

> Hi,
> 
> Haven't got any response to this patch and couldn't find relevant
> maintainer as well. Can anyone direct me to the right guy?
> 
> Thanks,
> 
> Itamar Tal,
> Guardicore
> 
> On Mon, Mar 23, 2015 at 6:07 PM, Itamar Tal  wrote:
> 
> > From 9c4425d4145ac6b0a2d19a6fdf5803dd13f1fa93 Mon Sep 17 00:00:00 2001
> > From: Itamar Tal 
> > Date: Mon, 23 Mar 2015 14:26:47 +0200
> > Subject: [PATCH] add 1394 support
> >
> > This patch add 1394 (firewire) support to x86_64 and i386 qemu
> > softmmu. It allows one virtual machine to be the server side and the
> > other to be the client side, connected by TCP stream socket (same
> > thing is possible using serial port). This is very useful in for
> > allowing legacy devices to communicate over the firewire channel, but
> > doesn't support USB communication. Especially, it's useful for remote
> > Windows kernel debugging over qemu for malware analysis and so on...
> > The patch was tested on major stable version 2.0.0, 2.2.1 and current
> > master (2.3.0rc?).
> >
> > Itamar Tal,
> > Guardicore
> >
> > ---
> >  hw/1394/Makefile.objs |7 +
> >  hw/1394/hcd-ohci.c| 1645
> > +
> >  hw/1394/hcd-ohci.h|  147 +
> >  hw/Makefile.objs  |1 +
> >  4 files changed, 1800 insertions(+)
> >  create mode 100644 hw/1394/Makefile.objs
> >  create mode 100644 hw/1394/hcd-ohci.c
> >  create mode 100644 hw/1394/hcd-ohci.h
> >
> > diff --git a/hw/1394/Makefile.objs b/hw/1394/Makefile.objs
> > new file mode 100644
> > index 000..6c039e6
> > --- /dev/null
> > +++ b/hw/1394/Makefile.objs
> > @@ -0,0 +1,7 @@
> > +ifeq ($(TARGET_X86_64),y)
> > +common-obj-y += hcd-ohci.o
> > +else
> > +ifeq ($(TARGET_I386),y)
> > +common-obj-y += hcd-ohci.o
> > +endif
> > +endif

That's quite a cumbersome way of adding a new bus controller -
especially since firewire could be useful for other architectures, too.
Could you maybe rather add a proper CONFIG_1394_OHCI (or something
similar) option to default-configs/x86_64-softmmu.mak and
i386-softmmu.mak instead and then simply do a
 common-obj-$(CONFIG_1394_OHCI) += hcd-ohci.o
here?

 Thomas

Re: [Qemu-devel] [PATCH RFC 19/19] qapi: New QMP command query-schema for QMP schema introspection

[Alberto Garcia]

On Sat 11 Apr 2015 01:06:58 AM CEST, Eric Blake  wrote:

>> +{ 'type': 'SchemaInfoEnum',
>> +  'data': { 'values': ['str'] } }
>
> At one point, one thread suggested that we might want to allow QAPI to
> support enums with fixed values, as in:
>
> 'data': [ {'one': 1}, {'three': 3} ]

Out of curiosity, what's the use case for that?

Berto

Re: [Qemu-devel] [Question]Support of China loogson processor

[Andreas Färber]

Am 15.04.2015 um 03:08 schrieb Rob Landley:
> On Mon, Apr 13, 2015 at 6:29 AM, vt  wrote:
>> I saw the architecture code about mips in the qemu and kvm modules, so it is
>> no doubt that mips cpu can be supported.
> 
> It looks like the 32 bit one should work fine. I haven't played with
> 64 bit yet but there's some support for it in the tree, give it a try?
[...]
>> But I wonder if anyone have used qemu/kvm virtualization with China loongson
>> processor (MIPS architecture) without modification of qemu/kvm code.
>> All the infomation I have searched in the Internet can't answer my question.
> 
> I have a mips r4k system emulation working fine at:
[...]
> I haven't tried 64 bit yet but:
> 
> $ qemu-system-mips64 -cpu ? | grep Loongson
> MIPS 'Loongson-2E'
> MIPS 'Loongson-2F'
> 
> It's apparently there...

Note that the question was about KVM virtualization, not emulation
(unless it was misphrased). CC'ing Leon as MIPS maintainer.

Regards,
Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu,
Graham Norton; HRB 21284 (AG Nürnberg)

Re: [Qemu-devel] Failing iotests in v2.3.0-rc2 / master

[Kevin Wolf]

Am 15.04.2015 um 06:53 hat Jeff Cody geschrieben:
> On Tue, Apr 14, 2015 at 11:57:35AM +0200, Kevin Wolf wrote:
> > Am 11.04.2015 um 05:41 hat Andreas Färber geschrieben:
> > > Hi,
> > > 
> > > 001 seems to hang for -qcow (or is not reasonably "quick": >5 min).
> > > 
> > > 033 is failing for -vhdx.
> > > 
> > > (Note that `make check-block` only tests -qcow2, so didn't uncover
> > > either of them.)
> > > 
> > > Given a failing test, am I seeing correctly that there is no command
> > > line option to skip this one failing test? -x seems to be for groups only.
> > > 
> > > Regards,
> > > Andreas
> > > 
> > > $ ./check -v -T -qcow -g quick
> > > [...]
> > > 001 6s ...[05:12:39]
> > 
> > qcow1 is just really slow. 001 passes for me, after 202 seconds (that's
> > on my SSD, YMMV).
> > 
> > > $ ./check -v -T -vhdx -g quick
> > > [...]
> > > 033 1s ...[04:06:09] [04:06:11] - output mismatch (see 
> > > 033.out.bad)
> > 
> > This seems to be because blkdebug doesn't implement .bdrv_truncate.
> > Currently the test case isn't suitable for VHDX, which uses explicit
> > bdrv_truncate() calls to grow the image file. I'll send a patch for
> > blkdebug to allow this.
> > 
> > However, it seems that there is another problem which causes assertion
> > failures when using VHDX over blkdebug. Jeff, does the following fix
> > make sense to you? (I think it does, but I don't understand yet why the
> > assertion failure is only triggered with blkdebug - or in other words:
> > "how could this ever work?")
> > 
> > Kevin
> 
> Kevin,
> 
> Yes, looking at that fix it makes sense - we are wanting to pad the
> back part of the block after the actual data with zeros. That back
> length should be (block size - (bytes avail + block offset)), which is
> iov2.iov_len.
> 
> There are two reasons I think we haven't seen this issue (it has been
> hidden):
> 
> 1.) If bs->file supports zero init, we don't do any of this

I see. file does and blkdebug doesn't, so that's the crucial difference.

> 2.) This is done for the case when the existing BAT state is
> PAYLOAD_BLOCK_ZERO.  Until recently (commit 30af51c), we didn't
> create VHDX files with blocks in the PAYLOAD_BLOCK_ZERO state.

Right, I wasn't aware of this either any more.

> So it has been a latent bug in a hitherto rarely (if ever) exercised
> path.

Thanks for your explanation, it's clear to me now what's going on. I'll
send out the patches (for both blkdebug and vhdx) right away. You can
either pick up the vhdx one, or just give your Acked-by and then I'll
merge it through my block tree.

Kevin

[Qemu-devel] [PATCH 1/2] blkdebug: Add bdrv_truncate()

[Kevin Wolf]

This is, amongst others, required for qemu-iotests 033 to run as
intended on VHDX, which uses explicit bdrv_truncate() calls to bs->file
when allocating new blocks.

Signed-off-by: Kevin Wolf 
---
 block/blkdebug.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index 63611e0..3c30edb 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -721,6 +721,11 @@ static int64_t blkdebug_getlength(BlockDriverState *bs)
 return bdrv_getlength(bs->file);
 }
 
+static int blkdebug_truncate(BlockDriverState *bs, int64_t offset)
+{
+return bdrv_truncate(bs->file, offset);
+}
+
 static void blkdebug_refresh_filename(BlockDriverState *bs)
 {
 QDict *opts;
@@ -779,6 +784,7 @@ static BlockDriver bdrv_blkdebug = {
 .bdrv_file_open = blkdebug_open,
 .bdrv_close = blkdebug_close,
 .bdrv_getlength = blkdebug_getlength,
+.bdrv_truncate  = blkdebug_truncate,
 .bdrv_refresh_filename  = blkdebug_refresh_filename,
 
 .bdrv_aio_readv = blkdebug_aio_readv,
-- 
1.8.3.1

[Qemu-devel] [PATCH 2/2] vhdx: Fix zero-fill iov length

[Kevin Wolf]

Fix the length of the zero-fill for the back, which was accidentally
using the same value as for the front. This is caught by qemu-iotests
033.

For consistency, change the code for the front as well to use the length
stored in the iov (it is the same value, copied four lines above).

Signed-off-by: Kevin Wolf 
---
 block/vhdx.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block/vhdx.c b/block/vhdx.c
index bb3ed45..e24062f 100644
--- a/block/vhdx.c
+++ b/block/vhdx.c
@@ -1269,7 +1269,7 @@ static coroutine_fn int vhdx_co_writev(BlockDriverState 
*bs, int64_t sector_num,
 iov1.iov_base = qemu_blockalign(bs, iov1.iov_len);
 memset(iov1.iov_base, 0, iov1.iov_len);
 qemu_iovec_concat_iov(&hd_qiov, &iov1, 1, 0,
-  sinfo.block_offset);
+  iov1.iov_len);
 sectors_to_write += iov1.iov_len >> BDRV_SECTOR_BITS;
 }
 
@@ -1285,7 +1285,7 @@ static coroutine_fn int vhdx_co_writev(BlockDriverState 
*bs, int64_t sector_num,
 iov2.iov_base = qemu_blockalign(bs, iov2.iov_len);
 memset(iov2.iov_base, 0, iov2.iov_len);
 qemu_iovec_concat_iov(&hd_qiov, &iov2, 1, 0,
-  sinfo.block_offset);
+  iov2.iov_len);
 sectors_to_write += iov2.iov_len >> BDRV_SECTOR_BITS;
 }
 }
-- 
1.8.3.1

[Qemu-devel] [PATCH 0/2] Fix VHDX qemu-iotests 033 failure

[Kevin Wolf]

Kevin Wolf (2):
  blkdebug: Add bdrv_truncate()
  vhdx: Fix zero-fill iov length

 block/blkdebug.c | 6 ++
 block/vhdx.c | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)

-- 
1.8.3.1

Re: [Qemu-devel] Failing iotests in v2.3.0-rc2 / master

[Andreas Färber]

Am 15.04.2015 um 11:26 schrieb Kevin Wolf:
> Am 15.04.2015 um 06:53 hat Jeff Cody geschrieben:
>> On Tue, Apr 14, 2015 at 11:57:35AM +0200, Kevin Wolf wrote:
>>> Am 11.04.2015 um 05:41 hat Andreas Färber geschrieben:
 Hi,

 001 seems to hang for -qcow (or is not reasonably "quick": >5 min).

 033 is failing for -vhdx.

 (Note that `make check-block` only tests -qcow2, so didn't uncover
 either of them.)

 Given a failing test, am I seeing correctly that there is no command
 line option to skip this one failing test? -x seems to be for groups only.

 Regards,
 Andreas

 $ ./check -v -T -qcow -g quick
 [...]
 001 6s ...[05:12:39]
>>>
>>> qcow1 is just really slow. 001 passes for me, after 202 seconds (that's
>>> on my SSD, YMMV).
>>>
 $ ./check -v -T -vhdx -g quick
 [...]
 033 1s ...[04:06:09] [04:06:11] - output mismatch (see 033.out.bad)
>>>
>>> This seems to be because blkdebug doesn't implement .bdrv_truncate.
>>> Currently the test case isn't suitable for VHDX, which uses explicit
>>> bdrv_truncate() calls to grow the image file. I'll send a patch for
>>> blkdebug to allow this.
>>>
>>> However, it seems that there is another problem which causes assertion
>>> failures when using VHDX over blkdebug. Jeff, does the following fix
>>> make sense to you? (I think it does, but I don't understand yet why the
>>> assertion failure is only triggered with blkdebug - or in other words:
>>> "how could this ever work?")
>>>
>>> Kevin
>>
>> Kevin,
>>
>> Yes, looking at that fix it makes sense - we are wanting to pad the
>> back part of the block after the actual data with zeros. That back
>> length should be (block size - (bytes avail + block offset)), which is
>> iov2.iov_len.
>>
>> There are two reasons I think we haven't seen this issue (it has been
>> hidden):
>>
>> 1.) If bs->file supports zero init, we don't do any of this
> 
> I see. file does and blkdebug doesn't, so that's the crucial difference.
> 
>> 2.) This is done for the case when the existing BAT state is
>> PAYLOAD_BLOCK_ZERO.  Until recently (commit 30af51c), we didn't
>> create VHDX files with blocks in the PAYLOAD_BLOCK_ZERO state.
> 
> Right, I wasn't aware of this either any more.
> 
>> So it has been a latent bug in a hitherto rarely (if ever) exercised
>> path.
> 
> Thanks for your explanation, it's clear to me now what's going on. I'll
> send out the patches (for both blkdebug and vhdx) right away. You can
> either pick up the vhdx one, or just give your Acked-by and then I'll
> merge it through my block tree.

Might 059 (?) failure for -vmdk be another symptom of the same issue?

Thanks,
Andreas

-- 
SUSE Linux GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu,
Graham Norton; HRB 21284 (AG Nürnberg)

Re: [Qemu-devel] [Question]Support of China loogson processor

[James Hogan]

On 13/04/15 12:29, vt wrote:
> Hi, guys
>  
> I saw the architecture code about mips in the qemu and kvm modules, so it is 
> no doubt that mips cpu can be supported.
> But I wonder if anyone have used qemu/kvm virtualization with China loongson 
> processor (MIPS architecture) without modification of qemu/kvm code.
> All the infomation I have searched in the Internet can't answer my question. 
>  
> If anyone have done that before, let me know it will not  be a dead end.
>  
> Thanks
> Sangfor VT

I haven't attempted it on Loongson yet, but it'd be interesting to see
whether it works. You'd still have to emulate a Malta guest at the
moment. Getting it to work on the Ingenic XBurst cores required a little
effort in the kernel due to slight incompatibilities with the MIPS32r2
spec, so its possible there'll be problems with Loongson too.

I presume Loongson may use highmem, if so you'll want to disable it. I
still need to get those patches sorted out.

Let us know how it goes or if you hit problems!

Cheers
James



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [v8 04/14] qemu-file: Add compression functions to QEMUFile

[Liang Li]

qemu_put_compression_data() compress the data and put it to QEMUFile.
qemu_put_qemu_file() put the data in the buffer of source QEMUFile to
destination QEMUFile.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Juan Quintela 
---
 include/migration/qemu-file.h |  3 +++
 migration/qemu-file.c | 39 +++
 2 files changed, 42 insertions(+)

diff --git a/include/migration/qemu-file.h b/include/migration/qemu-file.h
index 745a850..a01c5b8 100644
--- a/include/migration/qemu-file.h
+++ b/include/migration/qemu-file.h
@@ -159,6 +159,9 @@ void qemu_put_be32(QEMUFile *f, unsigned int v);
 void qemu_put_be64(QEMUFile *f, uint64_t v);
 int qemu_peek_buffer(QEMUFile *f, uint8_t *buf, int size, size_t offset);
 int qemu_get_buffer(QEMUFile *f, uint8_t *buf, int size);
+ssize_t qemu_put_compression_data(QEMUFile *f, const uint8_t *p, size_t size,
+  int level);
+int qemu_put_qemu_file(QEMUFile *f_des, QEMUFile *f_src);
 /*
  * Note that you can only peek continuous bytes from where the current pointer
  * is; you aren't guaranteed to be able to peak to +n bytes unless you've
diff --git a/migration/qemu-file.c b/migration/qemu-file.c
index 1a4f986..2750365 100644
--- a/migration/qemu-file.c
+++ b/migration/qemu-file.c
@@ -21,6 +21,7 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+#include 
 #include "qemu-common.h"
 #include "qemu/iov.h"
 #include "qemu/sockets.h"
@@ -546,3 +547,41 @@ uint64_t qemu_get_be64(QEMUFile *f)
 v |= qemu_get_be32(f);
 return v;
 }
+
+/* compress size bytes of data start at p with specific compression
+ * level and store the compressed data to the buffer of f.
+ */
+
+ssize_t qemu_put_compression_data(QEMUFile *f, const uint8_t *p, size_t size,
+  int level)
+{
+ssize_t blen = IO_BUF_SIZE - f->buf_index - sizeof(int32_t);
+
+if (blen < compressBound(size)) {
+return 0;
+}
+if (compress2(f->buf + f->buf_index + sizeof(int32_t), (uLongf *)&blen,
+  (Bytef *)p, size, level) != Z_OK) {
+error_report("Compress Failed!");
+return 0;
+}
+qemu_put_be32(f, blen);
+f->buf_index += blen;
+return blen + sizeof(int32_t);
+}
+
+/* Put the data in the buffer of f_src to the buffer of f_des, and
+ * then reset the buf_index of f_src to 0.
+ */
+
+int qemu_put_qemu_file(QEMUFile *f_des, QEMUFile *f_src)
+{
+int len = 0;
+
+if (f_src->buf_index > 0) {
+len = f_src->buf_index;
+qemu_put_buffer(f_des, f_src->buf, f_src->buf_index);
+f_src->buf_index = 0;
+}
+return len;
+}
-- 
1.9.1

[Qemu-devel] [v8 02/14] migration: Add the framework of multi-thread compression

[Liang Li]

Add the code to create and destroy the multiple threads those will
be used to do data compression. Left some functions empty to keep
clearness, and the code will be added later.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Dr.David Alan Gilbert 
Reviewed-by: Juan Quintela 
---
 arch_init.c   | 90 ++-
 include/migration/migration.h |  8 
 migration/migration.c | 37 ++
 3 files changed, 133 insertions(+), 2 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 4c8fcee..c4e985e 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -316,6 +316,65 @@ static uint64_t migration_dirty_pages;
 static uint32_t last_version;
 static bool ram_bulk_stage;
 
+struct CompressParam {
+/* To be done */
+};
+typedef struct CompressParam CompressParam;
+
+static CompressParam *comp_param;
+static QemuThread *compress_threads;
+
+static void *do_data_compress(void *opaque)
+{
+while (true) {
+
+/* To be done */
+
+}
+
+return NULL;
+}
+
+static inline void terminate_compression_threads(void)
+{
+/* To be done */
+}
+
+void migrate_compress_threads_join(void)
+{
+int i, thread_count;
+
+if (!migrate_use_compression()) {
+return;
+}
+terminate_compression_threads();
+thread_count = migrate_compress_threads();
+for (i = 0; i < thread_count; i++) {
+qemu_thread_join(compress_threads + i);
+}
+g_free(compress_threads);
+g_free(comp_param);
+compress_threads = NULL;
+comp_param = NULL;
+}
+
+void migrate_compress_threads_create(void)
+{
+int i, thread_count;
+
+if (!migrate_use_compression()) {
+return;
+}
+thread_count = migrate_compress_threads();
+compress_threads = g_new0(QemuThread, thread_count);
+comp_param = g_new0(CompressParam, thread_count);
+for (i = 0; i < thread_count; i++) {
+qemu_thread_create(compress_threads + i, "compress",
+   do_data_compress, comp_param + i,
+   QEMU_THREAD_JOINABLE);
+}
+}
+
 /**
  * save_page_header: Write page header to wire
  *
@@ -693,6 +752,28 @@ static int ram_save_page(QEMUFile *f, RAMBlock* block, 
ram_addr_t offset,
 }
 
 /**
+ * ram_save_compressed_page: compress the given page and send it to the stream
+ *
+ * Returns: Number of pages written.
+ *
+ * @f: QEMUFile where to send the data
+ * @block: block that contains the page we want to send
+ * @offset: offset inside the block for the page
+ * @last_stage: if we are at the completion stage
+ * @bytes_transferred: increase it with the number of transferred bytes
+ */
+static int ram_save_compressed_page(QEMUFile *f, RAMBlock *block,
+ram_addr_t offset, bool last_stage,
+uint64_t *bytes_transferred)
+{
+int pages = -1;
+
+/* To be done*/
+
+return pages;
+}
+
+/**
  * ram_find_and_save_block: Finds a dirty page and sends it to f
  *
  * Called within an RCU critical section.
@@ -733,8 +814,13 @@ static int ram_find_and_save_block(QEMUFile *f, bool 
last_stage,
 ram_bulk_stage = false;
 }
 } else {
-pages = ram_save_page(f, block, offset, last_stage,
-  bytes_transferred);
+if (migrate_use_compression()) {
+pages = ram_save_compressed_page(f, block, offset, last_stage,
+ bytes_transferred);
+} else {
+pages = ram_save_page(f, block, offset, last_stage,
+  bytes_transferred);
+}
 
 /* if page is unmodified, continue to the next */
 if (pages > 0) {
diff --git a/include/migration/migration.h b/include/migration/migration.h
index bf09968..a3ebbf6 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -50,6 +50,8 @@ struct MigrationState
 QemuThread thread;
 QEMUBH *cleanup_bh;
 QEMUFile *file;
+int compress_thread_count;
+int compress_level;
 
 int state;
 MigrationParams params;
@@ -104,6 +106,8 @@ bool migration_has_finished(MigrationState *);
 bool migration_has_failed(MigrationState *);
 MigrationState *migrate_get_current(void);
 
+void migrate_compress_threads_create(void);
+void migrate_compress_threads_join(void);
 uint64_t ram_bytes_remaining(void);
 uint64_t ram_bytes_transferred(void);
 uint64_t ram_bytes_total(void);
@@ -152,6 +156,10 @@ int64_t migrate_xbzrle_cache_size(void);
 
 int64_t xbzrle_cache_resize(int64_t new_size);
 
+bool migrate_use_compression(void);
+int migrate_compress_level(void);
+int migrate_compress_threads(void);
+
 void ram_control_before_iterate(QEMUFile *f, uint64_t flags);
 void ram_control_after_iterate(QEMUFile *f, uint64_t flags);
 void ram_control_load_hook(QEMUFile *f, uint64_t flags);
diff --git a/migration/migration.c b/migrat

[Qemu-devel] [PATCH v8 0/14] migration: Add a new feature to do live migration

[Liang Li]

This feature can help to reduce the data transferred about 60%, and the
migration time can also be reduced about 70%.

Summary of changed from v7->v8

-Fixed a bug when terminating the decompression thread
-Fixed some indentation issues 
-Fixed the bogus qmp error message when setting an invalid parameter 
---
 arch_init.c   | 502 --
 hmp-commands.hx   |  17 ++
 hmp.c |  65 ++
 hmp.h |   4 +
 include/migration/migration.h |  10 +
 include/migration/qemu-file.h |   3 +
 migration/migration.c | 122 ++
 migration/qemu-file.c |  39 
 monitor.c |  25 +++
 qapi-schema.json  |  79 ++-
 qmp-commands.hx   |  57 +
 11 files changed, 900 insertions(+), 23 deletions(-)
-- 
1.9.1

[Qemu-devel] [v8 01/14] docs: Add a doc about multiple thread compression

[Liang Li]

Give some details about the multiple thread (de)compression and
how to use it in live migration.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Dr.David Alan Gilbert 
Reviewed-by: Juan Quintela 
---
 docs/multi-thread-compression.txt | 149 ++
 1 file changed, 149 insertions(+)
 create mode 100644 docs/multi-thread-compression.txt

diff --git a/docs/multi-thread-compression.txt 
b/docs/multi-thread-compression.txt
new file mode 100644
index 000..3d477c3
--- /dev/null
+++ b/docs/multi-thread-compression.txt
@@ -0,0 +1,149 @@
+Use multiple thread (de)compression in live migration
+=
+Copyright (C) 2015 Intel Corporation
+Author: Liang Li 
+
+This work is licensed under the terms of the GNU GPLv2 or later. See
+the COPYING file in the top-level directory.
+
+Contents:
+=
+* Introduction
+* When to use
+* Performance
+* Usage
+* TODO
+
+Introduction
+
+Instead of sending the guest memory directly, this solution will
+compress the RAM page before sending; after receiving, the data will
+be decompressed. Using compression in live migration can help
+to reduce the data transferred about 60%, this is very useful when the
+bandwidth is limited, and the total migration time can also be reduced
+about 70% in a typical case. In addition to this, the VM downtime can be
+reduced about 50%. The benefit depends on data's compressibility in VM.
+
+The process of compression will consume additional CPU cycles, and the
+extra CPU cycles will increase the migration time. On the other hand,
+the amount of data transferred will decrease; this factor can reduce
+the total migration time. If the process of the compression is quick
+enough, then the total migration time can be reduced, and multiple
+thread compression can be used to accelerate the compression process.
+
+The decompression speed of Zlib is at least 4 times as quick as
+compression, if the source and destination CPU have equal speed,
+keeping the compression thread count 4 times the decompression
+thread count can avoid resource waste.
+
+Compression level can be used to control the compression speed and the
+compression ratio. High compression ratio will take more time, level 0
+stands for no compression, level 1 stands for the best compression
+speed, and level 9 stands for the best compression ratio. Users can
+select a level number between 0 and 9.
+
+
+When to use the multiple thread compression in live migration
+=
+Compression of data will consume extra CPU cycles; so in a system with
+high overhead of CPU, avoid using this feature. When the network
+bandwidth is very limited and the CPU resource is adequate, use of
+multiple thread compression will be very helpful. If both the CPU and
+the network bandwidth are adequate, use of multiple thread compression
+can still help to reduce the migration time.
+
+Performance
+===
+Test environment:
+
+CPU: Intel(R) Xeon(R) CPU E5-2680 0 @ 2.70GHz
+Socket Count: 2
+RAM: 128G
+NIC: Intel I350 (10/100/1000Mbps)
+Host OS: CentOS 7 64-bit
+Guest OS: RHEL 6.5 64-bit
+Parameter: qemu-system-x86_64 -enable-kvm -smp 4 -m 4096
+ /share/ia32e_rhel6u5.qcow -monitor stdio
+
+There is no additional application is running on the guest when doing
+the test.
+
+
+Speed limit: 1000Gb/s
+---
+| original  | compress thread: 8
+|   way | decompress thread: 2
+|   | compression level: 1
+---
+total time(msec):   |   |  1833
+---
+downtime(msec): |100|   27
+---
+transferred ram(kB):|  363536   | 107819
+---
+throughput(mbps):   |  893.73   | 482.22
+---
+total ram(kB):  |  4211524  | 4211524
+---
+
+There is an application running on the guest which write random numbers
+to RAM block areas periodically.
+
+Speed limit: 1000Gb/s
+---
+| original  | compress thread: 8
+|   way | decompress thread: 2
+|   | compression level: 1
+---
+total time(msec):   |   37369   | 15989
+---
+downtime(msec): |337|  173
+---
+transferred ram(kB):|  4274143  | 1699824
+---
+through

[Qemu-devel] [v8 05/14] arch_init: Alloc and free data struct for compression

[Liang Li]

Define the data structure and variables used to do multiple thread
compression, and add the code to initialize and free them.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Dr.David Alan Gilbert 
Reviewed-by: Juan Quintela 
---
 arch_init.c | 37 -
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/arch_init.c b/arch_init.c
index 0c9f693..00d3a18 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -319,7 +319,14 @@ static uint32_t last_version;
 static bool ram_bulk_stage;
 
 struct CompressParam {
-/* To be done */
+bool start;
+bool done;
+bool quit;
+QEMUFile *file;
+QemuMutex mutex;
+QemuCond cond;
+RAMBlock *block;
+ram_addr_t offset;
 };
 typedef struct CompressParam CompressParam;
 
@@ -330,6 +337,14 @@ typedef struct DecompressParam DecompressParam;
 
 static CompressParam *comp_param;
 static QemuThread *compress_threads;
+/* comp_done_cond is used to wake up the migration thread when
+ * one of the compression threads has finished the compression.
+ * comp_done_lock is used to co-work with comp_done_cond.
+ */
+static QemuMutex *comp_done_lock;
+static QemuCond *comp_done_cond;
+/* The empty QEMUFileOps will be used by file in CompressParam */
+static const QEMUFileOps empty_ops = { };
 static DecompressParam *decomp_param;
 static QemuThread *decompress_threads;
 static uint8_t *compressed_data_buf;
@@ -361,11 +376,20 @@ void migrate_compress_threads_join(void)
 thread_count = migrate_compress_threads();
 for (i = 0; i < thread_count; i++) {
 qemu_thread_join(compress_threads + i);
+qemu_fclose(comp_param[i].file);
+qemu_mutex_destroy(&comp_param[i].mutex);
+qemu_cond_destroy(&comp_param[i].cond);
 }
+qemu_mutex_destroy(comp_done_lock);
+qemu_cond_destroy(comp_done_cond);
 g_free(compress_threads);
 g_free(comp_param);
+g_free(comp_done_cond);
+g_free(comp_done_lock);
 compress_threads = NULL;
 comp_param = NULL;
+comp_done_cond = NULL;
+comp_done_lock = NULL;
 }
 
 void migrate_compress_threads_create(void)
@@ -378,7 +402,18 @@ void migrate_compress_threads_create(void)
 thread_count = migrate_compress_threads();
 compress_threads = g_new0(QemuThread, thread_count);
 comp_param = g_new0(CompressParam, thread_count);
+comp_done_cond = g_new0(QemuCond, 1);
+comp_done_lock = g_new0(QemuMutex, 1);
+qemu_cond_init(comp_done_cond);
+qemu_mutex_init(comp_done_lock);
 for (i = 0; i < thread_count; i++) {
+/* com_param[i].file is just used as a dummy buffer to save data, set
+ * it's ops to empty.
+ */
+comp_param[i].file = qemu_fopen_ops(NULL, &empty_ops);
+comp_param[i].done = true;
+qemu_mutex_init(&comp_param[i].mutex);
+qemu_cond_init(&comp_param[i].cond);
 qemu_thread_create(compress_threads + i, "compress",
do_data_compress, comp_param + i,
QEMU_THREAD_JOINABLE);
-- 
1.9.1

[Qemu-devel] [v8 03/14] migration: Add the framework of multi-thread decompression

[Liang Li]

Add the code to create and destroy the multiple threads those will be
used to do data decompression. Left some functions empty just to keep
clearness, and the code will be added later.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Dr.David Alan Gilbert 
Reviewed-by: Juan Quintela 
---
 arch_init.c   | 74 +++
 include/migration/migration.h |  4 +++
 migration/migration.c | 19 +++
 3 files changed, 97 insertions(+)

diff --git a/arch_init.c b/arch_init.c
index c4e985e..0c9f693 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -24,6 +24,7 @@
 #include 
 #include 
 #include 
+#include 
 #ifndef _WIN32
 #include 
 #include 
@@ -127,6 +128,7 @@ static uint64_t bitmap_sync_count;
 #define RAM_SAVE_FLAG_CONTINUE 0x20
 #define RAM_SAVE_FLAG_XBZRLE   0x40
 /* 0x80 is reserved in migration.h start with 0x100 next */
+#define RAM_SAVE_FLAG_COMPRESS_PAGE0x100
 
 static struct defconfig_file {
 const char *filename;
@@ -321,8 +323,16 @@ struct CompressParam {
 };
 typedef struct CompressParam CompressParam;
 
+struct DecompressParam {
+/* To be done */
+};
+typedef struct DecompressParam DecompressParam;
+
 static CompressParam *comp_param;
 static QemuThread *compress_threads;
+static DecompressParam *decomp_param;
+static QemuThread *decompress_threads;
+static uint8_t *compressed_data_buf;
 
 static void *do_data_compress(void *opaque)
 {
@@ -1199,10 +1209,57 @@ void ram_handle_compressed(void *host, uint8_t ch, 
uint64_t size)
 }
 }
 
+static void *do_data_decompress(void *opaque)
+{
+while (true) {
+/* To be done */
+}
+
+return NULL;
+}
+
+void migrate_decompress_threads_create(void)
+{
+int i, thread_count;
+
+thread_count = migrate_decompress_threads();
+decompress_threads = g_new0(QemuThread, thread_count);
+decomp_param = g_new0(DecompressParam, thread_count);
+compressed_data_buf = g_malloc0(compressBound(TARGET_PAGE_SIZE));
+for (i = 0; i < thread_count; i++) {
+qemu_thread_create(decompress_threads + i, "decompress",
+   do_data_decompress, decomp_param + i,
+   QEMU_THREAD_JOINABLE);
+}
+}
+
+void migrate_decompress_threads_join(void)
+{
+int i, thread_count;
+
+thread_count = migrate_decompress_threads();
+for (i = 0; i < thread_count; i++) {
+qemu_thread_join(decompress_threads + i);
+}
+g_free(decompress_threads);
+g_free(decomp_param);
+g_free(compressed_data_buf);
+decompress_threads = NULL;
+decomp_param = NULL;
+compressed_data_buf = NULL;
+}
+
+static void decompress_data_with_multi_threads(uint8_t *compbuf,
+   void *host, int len)
+{
+/* To be done */
+}
+
 static int ram_load(QEMUFile *f, void *opaque, int version_id)
 {
 int flags = 0, ret = 0;
 static uint64_t seq_iter;
+int len = 0;
 
 seq_iter++;
 
@@ -1282,6 +1339,23 @@ static int ram_load(QEMUFile *f, void *opaque, int 
version_id)
 }
 qemu_get_buffer(f, host, TARGET_PAGE_SIZE);
 break;
+case RAM_SAVE_FLAG_COMPRESS_PAGE:
+host = host_from_stream_offset(f, addr, flags);
+if (!host) {
+error_report("Invalid RAM offset " RAM_ADDR_FMT, addr);
+ret = -EINVAL;
+break;
+}
+
+len = qemu_get_be32(f);
+if (len < 0 || len > compressBound(TARGET_PAGE_SIZE)) {
+error_report("Invalid compressed data length: %d", len);
+ret = -EINVAL;
+break;
+}
+qemu_get_buffer(f, compressed_data_buf, len);
+decompress_data_with_multi_threads(compressed_data_buf, host, len);
+break;
 case RAM_SAVE_FLAG_XBZRLE:
 host = host_from_stream_offset(f, addr, flags);
 if (!host) {
diff --git a/include/migration/migration.h b/include/migration/migration.h
index a3ebbf6..d4a1062 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -51,6 +51,7 @@ struct MigrationState
 QEMUBH *cleanup_bh;
 QEMUFile *file;
 int compress_thread_count;
+int decompress_thread_count;
 int compress_level;
 
 int state;
@@ -108,6 +109,8 @@ MigrationState *migrate_get_current(void);
 
 void migrate_compress_threads_create(void);
 void migrate_compress_threads_join(void);
+void migrate_decompress_threads_create(void);
+void migrate_decompress_threads_join(void);
 uint64_t ram_bytes_remaining(void);
 uint64_t ram_bytes_transferred(void);
 uint64_t ram_bytes_total(void);
@@ -159,6 +162,7 @@ int64_t xbzrle_cache_resize(int64_t new_size);
 bool migrate_use_compression(void);
 int migrate_compress_level(void);
 int migrate_compress_threads(void);
+int migrate_decompress_threads(void);
 
 void ram_control_before_iterate(QEMUFile *f, uint64_t flags);
 void ram_control_after

[Qemu-devel] [v8 08/14] migration: Add the core code of multi-thread compression

[Liang Li]

Implement the core logic of the multiple thread compression. At this
point, multiple thread compression can't co-work with xbzrle yet.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Juan Quintela 
---
 arch_init.c | 183 ++--
 1 file changed, 177 insertions(+), 6 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 44ac002..d657a6c 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -355,12 +355,35 @@ static DecompressParam *decomp_param;
 static QemuThread *decompress_threads;
 static uint8_t *compressed_data_buf;
 
+static int do_compress_ram_page(CompressParam *param);
+
+static inline void notify_compression_done(CompressParam *param)
+{
+qemu_mutex_lock(comp_done_lock);
+param->done = true;
+qemu_cond_signal(comp_done_cond);
+qemu_mutex_unlock(comp_done_lock);
+}
+
 static void *do_data_compress(void *opaque)
 {
-while (true) {
+CompressParam *param = opaque;
 
-/* To be done */
+while (true) {
+qemu_mutex_lock(¶m->mutex);
+while (!param->start && !param->quit) {
+qemu_cond_wait(¶m->cond, ¶m->mutex);
+}
+if (param->quit) {
+qemu_mutex_unlock(¶m->mutex);
+notify_compression_done(param);
+break;
+}
+do_compress_ram_page(param);
+param->start = false;
+qemu_mutex_unlock(¶m->mutex);
 
+notify_compression_done(param);
 }
 
 return NULL;
@@ -368,7 +391,15 @@ static void *do_data_compress(void *opaque)
 
 static inline void terminate_compression_threads(void)
 {
-/* To be done */
+int idx, thread_count;
+
+thread_count = migrate_compress_threads();
+for (idx = 0; idx < thread_count; idx++) {
+qemu_mutex_lock(&comp_param[idx].mutex);
+comp_param[idx].quit = true;
+qemu_cond_signal(&comp_param[idx].cond);
+qemu_mutex_unlock(&comp_param[idx].mutex);
+}
 }
 
 void migrate_compress_threads_join(void)
@@ -827,6 +858,95 @@ static int ram_save_page(QEMUFile *f, RAMBlock* block, 
ram_addr_t offset,
 return pages;
 }
 
+static int do_compress_ram_page(CompressParam *param)
+{
+int bytes_sent, blen;
+uint8_t *p;
+RAMBlock *block = param->block;
+ram_addr_t offset = param->offset;
+
+p = memory_region_get_ram_ptr(block->mr) + (offset & TARGET_PAGE_MASK);
+
+bytes_sent = save_page_header(param->file, block, offset |
+  RAM_SAVE_FLAG_COMPRESS_PAGE);
+blen = qemu_put_compression_data(param->file, p, TARGET_PAGE_SIZE,
+ migrate_compress_level());
+bytes_sent += blen;
+atomic_inc(&acct_info.norm_pages);
+
+return bytes_sent;
+}
+
+static inline void start_compression(CompressParam *param)
+{
+param->done = false;
+qemu_mutex_lock(¶m->mutex);
+param->start = true;
+qemu_cond_signal(¶m->cond);
+qemu_mutex_unlock(¶m->mutex);
+}
+
+
+static uint64_t bytes_transferred;
+
+static void flush_compressed_data(QEMUFile *f)
+{
+int idx, len, thread_count;
+
+if (!migrate_use_compression()) {
+return;
+}
+thread_count = migrate_compress_threads();
+for (idx = 0; idx < thread_count; idx++) {
+qemu_mutex_lock(comp_done_lock);
+while (!comp_param[idx].done && !comp_param[idx].quit) {
+qemu_cond_wait(comp_done_cond, comp_done_lock);
+}
+qemu_mutex_unlock(comp_done_lock);
+if (!comp_param[idx].quit) {
+len = qemu_put_qemu_file(f, comp_param[idx].file);
+bytes_transferred += len;
+}
+}
+}
+
+static inline void set_compress_params(CompressParam *param, RAMBlock *block,
+   ram_addr_t offset)
+{
+param->block = block;
+param->offset = offset;
+}
+
+static int compress_page_with_multi_thread(QEMUFile *f, RAMBlock *block,
+   ram_addr_t offset,
+   uint64_t *bytes_transferred)
+{
+int idx, thread_count, bytes_xmit = -1, pages = -1;
+
+thread_count = migrate_compress_threads();
+qemu_mutex_lock(comp_done_lock);
+while (true) {
+for (idx = 0; idx < thread_count; idx++) {
+if (comp_param[idx].done) {
+bytes_xmit = qemu_put_qemu_file(f, comp_param[idx].file);
+set_compress_params(&comp_param[idx], block, offset);
+start_compression(&comp_param[idx]);
+pages = 1;
+*bytes_transferred += bytes_xmit;
+break;
+}
+}
+if (pages > 0) {
+break;
+} else {
+qemu_cond_wait(comp_done_cond, comp_done_lock);
+}
+}
+qemu_mutex_unlock(comp_done_lock);
+
+return pages;
+}
+
 /**
  * ram_save_compressed_page: compress the given page and send it to the stream
  *
@@ -843,8 +963,59 @@ static int ram_save_compressed_pa

Re: [Qemu-devel] [PATCH] vhost: pass corrent log base to kernel

[Michael S. Tsirkin]

On Wed, Apr 15, 2015 at 12:06:42PM +0800, Wen Congyang wrote:
> Signed-off-by: Wen Congyang 
> ---
>  hw/virtio/vhost.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> index 5a12861..4e334ca 100644
> --- a/hw/virtio/vhost.c
> +++ b/hw/virtio/vhost.c
> @@ -1060,7 +1060,7 @@ int vhost_dev_start(struct vhost_dev *hdev, 
> VirtIODevice *vdev)
>  hdev->log_size = vhost_get_log_size(hdev);
>  hdev->log = hdev->log_size ?
>  g_malloc0(hdev->log_size * sizeof *hdev->log) : NULL;
> -r = hdev->vhost_ops->vhost_call(hdev, VHOST_SET_LOG_BASE, hdev->log);
> +r = hdev->vhost_ops->vhost_call(hdev, VHOST_SET_LOG_BASE, 
> &hdev->log);
>  if (r < 0) {
>  r = -errno;
>  goto fail_log;

Wow that's a serious bug.
But your patch won't work correctly on 32 bit systems.
I'll send a fixed patch.
Thanks!

> -- 
> 2.1.0

[Qemu-devel] [v8 14/14] migration: Add hmp interface to set and query parameters

[Liang Li]

Add the hmp interface to tune and query the parameters used in
live migration.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Eric Blake 
---
 hmp-commands.hx | 17 +++
 hmp.c   | 65 +
 hmp.h   |  4 
 monitor.c   | 25 ++
 4 files changed, 111 insertions(+)

diff --git a/hmp-commands.hx b/hmp-commands.hx
index 3089533..61ab0ab 100644
--- a/hmp-commands.hx
+++ b/hmp-commands.hx
@@ -993,6 +993,21 @@ Enable/Disable the usage of a capability @var{capability} 
for migration.
 ETEXI
 
 {
+.name   = "migrate_set_parameter",
+.args_type  = "parameter:s,value:i",
+.params = "parameter value",
+.help   = "Set the parameter for migration",
+.mhandler.cmd = hmp_migrate_set_parameter,
+.command_completion = migrate_set_parameter_completion,
+},
+
+STEXI
+@item migrate_set_parameter @var{parameter} @var{value}
+@findex migrate_set_parameter
+Set the parameter @var{parameter} for migration.
+ETEXI
+
+{
 .name   = "client_migrate_info",
 .args_type  = 
"protocol:s,hostname:s,port:i?,tls-port:i?,cert-subject:s?",
 .params = "protocol hostname port tls-port cert-subject",
@@ -1762,6 +1777,8 @@ show user network stack connection states
 show migration status
 @item info migrate_capabilities
 show current migration capabilities
+@item info migrate_parameters
+show current migration parameters
 @item info migrate_cache_size
 show current migration XBZRLE cache size
 @item info balloon
diff --git a/hmp.c b/hmp.c
index f31ae27..dcb3940 100644
--- a/hmp.c
+++ b/hmp.c
@@ -252,6 +252,29 @@ void hmp_info_migrate_capabilities(Monitor *mon, const 
QDict *qdict)
 qapi_free_MigrationCapabilityStatusList(caps);
 }
 
+void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict)
+{
+MigrationParameters *params;
+
+params = qmp_query_migrate_parameters(NULL);
+
+if (params) {
+monitor_printf(mon, "parameters:");
+monitor_printf(mon, " %s: %" PRId64,
+MigrationParameter_lookup[MIGRATION_PARAMETER_COMPRESS_LEVEL],
+params->compress_level);
+monitor_printf(mon, " %s: %" PRId64,
+MigrationParameter_lookup[MIGRATION_PARAMETER_COMPRESS_THREADS],
+params->compress_threads);
+monitor_printf(mon, " %s: %" PRId64,
+MigrationParameter_lookup[MIGRATION_PARAMETER_DECOMPRESS_THREADS],
+params->decompress_threads);
+monitor_printf(mon, "\n");
+}
+
+qapi_free_MigrationParameters(params);
+}
+
 void hmp_info_migrate_cache_size(Monitor *mon, const QDict *qdict)
 {
 monitor_printf(mon, "xbzrel cache size: %" PRId64 " kbytes\n",
@@ -1184,6 +1207,48 @@ void hmp_migrate_set_capability(Monitor *mon, const 
QDict *qdict)
 }
 }
 
+void hmp_migrate_set_parameter(Monitor *mon, const QDict *qdict)
+{
+const char *param = qdict_get_str(qdict, "parameter");
+int value = qdict_get_int(qdict, "value");
+Error *err = NULL;
+bool has_compress_level = false;
+bool has_compress_threads = false;
+bool has_decompress_threads = false;
+int i;
+
+for (i = 0; i < MIGRATION_PARAMETER_MAX; i++) {
+if (strcmp(param, MigrationParameter_lookup[i]) == 0) {
+switch (i) {
+case MIGRATION_PARAMETER_COMPRESS_LEVEL:
+has_compress_level = true;
+break;
+case MIGRATION_PARAMETER_COMPRESS_THREADS:
+has_compress_threads = true;
+break;
+case MIGRATION_PARAMETER_DECOMPRESS_THREADS:
+has_decompress_threads = true;
+break;
+}
+qmp_migrate_set_parameters(has_compress_level, value,
+   has_compress_threads, value,
+   has_decompress_threads, value,
+   &err);
+break;
+}
+}
+
+if (i == MIGRATION_PARAMETER_MAX) {
+error_set(&err, QERR_INVALID_PARAMETER, param);
+}
+
+if (err) {
+monitor_printf(mon, "migrate_set_parameter: %s\n",
+   error_get_pretty(err));
+error_free(err);
+}
+}
+
 void hmp_set_password(Monitor *mon, const QDict *qdict)
 {
 const char *protocol  = qdict_get_str(qdict, "protocol");
diff --git a/hmp.h b/hmp.h
index 2b9308b..bb7c1e8 100644
--- a/hmp.h
+++ b/hmp.h
@@ -28,6 +28,7 @@ void hmp_info_chardev(Monitor *mon, const QDict *qdict);
 void hmp_info_mice(Monitor *mon, const QDict *qdict);
 void hmp_info_migrate(Monitor *mon, const QDict *qdict);
 void hmp_info_migrate_capabilities(Monitor *mon, const QDict *qdict);
+void hmp_info_migrate_parameters(Monitor *mon, const QDict *qdict);
 void hmp_info_migrate_cache_size(Monitor *mon, const QDict *qdict);
 void hmp_info_cpus(Monitor *mon, const QDict *qdict);
 void hmp

[Qemu-devel] [v8 06/14] arch_init: Add and free data struct for decompression

[Liang Li]

Define the data structure and variables used to do multiple thread
decompression, and add the code to initialize and free them.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Dr.David Alan Gilbert 
Reviewed-by: Juan Quintela 
---
 arch_init.c | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch_init.c b/arch_init.c
index 00d3a18..67f5a24 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -331,7 +331,13 @@ struct CompressParam {
 typedef struct CompressParam CompressParam;
 
 struct DecompressParam {
-/* To be done */
+bool start;
+bool quit;
+QemuMutex mutex;
+QemuCond cond;
+void *des;
+uint8 *compbuf;
+int len;
 };
 typedef struct DecompressParam DecompressParam;
 
@@ -1262,6 +1268,9 @@ void migrate_decompress_threads_create(void)
 decomp_param = g_new0(DecompressParam, thread_count);
 compressed_data_buf = g_malloc0(compressBound(TARGET_PAGE_SIZE));
 for (i = 0; i < thread_count; i++) {
+qemu_mutex_init(&decomp_param[i].mutex);
+qemu_cond_init(&decomp_param[i].cond);
+decomp_param[i].compbuf = g_malloc0(compressBound(TARGET_PAGE_SIZE));
 qemu_thread_create(decompress_threads + i, "decompress",
do_data_decompress, decomp_param + i,
QEMU_THREAD_JOINABLE);
@@ -1275,6 +1284,9 @@ void migrate_decompress_threads_join(void)
 thread_count = migrate_decompress_threads();
 for (i = 0; i < thread_count; i++) {
 qemu_thread_join(decompress_threads + i);
+qemu_mutex_destroy(&decomp_param[i].mutex);
+qemu_cond_destroy(&decomp_param[i].cond);
+g_free(decomp_param[i].compbuf);
 }
 g_free(decompress_threads);
 g_free(decomp_param);
-- 
1.9.1

[Qemu-devel] [v8 07/14] migration: Split save_zero_page from ram_save_page

[Liang Li]

Split the function save_zero_page from ram_save_page so that we can
reuse it later.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Juan Quintela 
---
 arch_init.c | 61 +++--
 1 file changed, 43 insertions(+), 18 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 67f5a24..44ac002 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -714,6 +714,34 @@ static void migration_bitmap_sync(void)
 }
 
 /**
+ * save_zero_page: Send the zero page to the stream
+ *
+ * Returns: Number of pages written.
+ *
+ * @f: QEMUFile where to send the data
+ * @block: block that contains the page we want to send
+ * @offset: offset inside the block for the page
+ * @p: pointer to the page
+ * @bytes_transferred: increase it with the number of transferred bytes
+ */
+static int save_zero_page(QEMUFile *f, RAMBlock *block, ram_addr_t offset,
+  uint8_t *p, uint64_t *bytes_transferred)
+{
+int pages = -1;
+
+if (is_zero_range(p, TARGET_PAGE_SIZE)) {
+acct_info.dup_pages++;
+*bytes_transferred += save_page_header(f, block,
+   offset | 
RAM_SAVE_FLAG_COMPRESS);
+qemu_put_byte(f, 0);
+*bytes_transferred += 1;
+pages = 1;
+}
+
+return pages;
+}
+
+/**
  * ram_save_page: Send the given page to the stream
  *
  * Returns: Number of pages written.
@@ -761,25 +789,22 @@ static int ram_save_page(QEMUFile *f, RAMBlock* block, 
ram_addr_t offset,
 acct_info.dup_pages++;
 }
 }
-} else if (is_zero_range(p, TARGET_PAGE_SIZE)) {
-acct_info.dup_pages++;
-*bytes_transferred += save_page_header(f, block,
-   offset | 
RAM_SAVE_FLAG_COMPRESS);
-qemu_put_byte(f, 0);
-*bytes_transferred += 1;
-pages = 1;
-/* Must let xbzrle know, otherwise a previous (now 0'd) cached
- * page would be stale
- */
-xbzrle_cache_zero_page(current_addr);
-} else if (!ram_bulk_stage && migrate_use_xbzrle()) {
-pages = save_xbzrle_page(f, &p, current_addr, block,
- offset, last_stage, bytes_transferred);
-if (!last_stage) {
-/* Can't send this cached data async, since the cache page
- * might get updated before it gets to the wire
+} else {
+pages = save_zero_page(f, block, offset, p, bytes_transferred);
+if (pages > 0) {
+/* Must let xbzrle know, otherwise a previous (now 0'd) cached
+ * page would be stale
  */
-send_async = false;
+xbzrle_cache_zero_page(current_addr);
+} else if (!ram_bulk_stage && migrate_use_xbzrle()) {
+pages = save_xbzrle_page(f, &p, current_addr, block,
+ offset, last_stage, bytes_transferred);
+if (!last_stage) {
+/* Can't send this cached data async, since the cache page
+ * might get updated before it gets to the wire
+ */
+send_async = false;
+}
 }
 }
 
-- 
1.9.1

[Qemu-devel] [v8 10/14] migration: Add the core code for decompression

[Liang Li]

Implement the core logic of multiple thread decompression,
the decompression can work now.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
---
 arch_init.c | 51 ---
 1 file changed, 48 insertions(+), 3 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 8fb2ea4..a4020d5 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -889,7 +889,6 @@ static inline void start_compression(CompressParam *param)
 qemu_mutex_unlock(¶m->mutex);
 }
 
-
 static uint64_t bytes_transferred;
 
 static void flush_compressed_data(QEMUFile *f)
@@ -1458,8 +1457,28 @@ void ram_handle_compressed(void *host, uint8_t ch, 
uint64_t size)
 
 static void *do_data_decompress(void *opaque)
 {
+DecompressParam *param = opaque;
+size_t pagesize;
+
 while (true) {
-/* To be done */
+qemu_mutex_lock(¶m->mutex);
+while (!param->start && !param->quit) {
+qemu_cond_wait(¶m->cond, ¶m->mutex);
+}
+if (param->quit) {
+qemu_mutex_unlock(¶m->mutex);
+break;
+}
+pagesize = TARGET_PAGE_SIZE;
+/* uncompress() will return failed in some case, especially
+ * when the page is dirted when doing the compression, it's
+ * not a problem because the dirty page will be retransferred
+ * and uncompress() won't break the data in other pages.
+ */
+uncompress((Bytef *)param->des, &pagesize,
+   (const Bytef *)param->compbuf, param->len);
+param->start = false;
+qemu_mutex_unlock(¶m->mutex);
 }
 
 return NULL;
@@ -1489,6 +1508,12 @@ void migrate_decompress_threads_join(void)
 
 thread_count = migrate_decompress_threads();
 for (i = 0; i < thread_count; i++) {
+qemu_mutex_lock(&decomp_param[i].mutex);
+decomp_param[i].quit = true;
+qemu_cond_signal(&decomp_param[i].cond);
+qemu_mutex_unlock(&decomp_param[i].mutex);
+}
+for (i = 0; i < thread_count; i++) {
 qemu_thread_join(decompress_threads + i);
 qemu_mutex_destroy(&decomp_param[i].mutex);
 qemu_cond_destroy(&decomp_param[i].cond);
@@ -1505,7 +1530,27 @@ void migrate_decompress_threads_join(void)
 static void decompress_data_with_multi_threads(uint8_t *compbuf,
void *host, int len)
 {
-/* To be done */
+int idx, thread_count;
+
+thread_count = migrate_decompress_threads();
+while (true) {
+for (idx = 0; idx < thread_count; idx++) {
+qemu_mutex_lock(&decomp_param[idx].mutex);
+if (!decomp_param[idx].start) {
+memcpy(decomp_param[idx].compbuf, compbuf, len);
+decomp_param[idx].des = host;
+decomp_param[idx].len = len;
+decomp_param[idx].start = true;
+qemu_cond_signal(&decomp_param[idx].cond);
+qemu_mutex_unlock(&decomp_param[idx].mutex);
+break;
+}
+qemu_mutex_unlock(&decomp_param[idx].mutex);
+}
+if (idx < thread_count) {
+break;
+}
+}
 }
 
 static int ram_load(QEMUFile *f, void *opaque, int version_id)
-- 
1.9.1

[Qemu-devel] [v8 09/14] migration: Make compression co-work with xbzrle

[Liang Li]

Now, multiple thread compression can co-work with xbzrle. when
xbzrle is on, multiple thread compression will only work at the
first round of RAM data sync.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Dr.David Alan Gilbert 
Reviewed-by: Juan Quintela 
---
 arch_init.c | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/arch_init.c b/arch_init.c
index d657a6c..8fb2ea4 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -351,6 +351,8 @@ static QemuMutex *comp_done_lock;
 static QemuCond *comp_done_cond;
 /* The empty QEMUFileOps will be used by file in CompressParam */
 static const QEMUFileOps empty_ops = { };
+static bool compression_switch;
+
 static DecompressParam *decomp_param;
 static QemuThread *decompress_threads;
 static uint8_t *compressed_data_buf;
@@ -436,6 +438,7 @@ void migrate_compress_threads_create(void)
 if (!migrate_use_compression()) {
 return;
 }
+compression_switch = true;
 thread_count = migrate_compress_threads();
 compress_threads = g_new0(QemuThread, thread_count);
 comp_param = g_new0(CompressParam, thread_count);
@@ -1059,9 +1062,16 @@ static int ram_find_and_save_block(QEMUFile *f, bool 
last_stage,
 block = QLIST_FIRST_RCU(&ram_list.blocks);
 complete_round = true;
 ram_bulk_stage = false;
+if (migrate_use_xbzrle()) {
+/* If xbzrle is on, stop using the data compression at this
+ * point. In theory, xbzrle can do better than compression.
+ */
+flush_compressed_data(f);
+compression_switch = false;
+}
 }
 } else {
-if (migrate_use_compression()) {
+if (compression_switch && migrate_use_compression()) {
 pages = ram_save_compressed_page(f, block, offset, last_stage,
  bytes_transferred);
 } else {
-- 
1.9.1

[Qemu-devel] [PATCH] vhost: fix log base address

[Michael S. Tsirkin]

VHOST_SET_LOG_BASE got an incorrect address, causing
migration errors and potentially even memory corruption.

Cc: Peter Maydell 
Reported-by: Wen Congyang 
Signed-off-by: Michael S. Tsirkin 
---

Could you please confirm this fixes the problem for you?

 hw/virtio/vhost.c | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 8dd2f59..02c5604 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1016,10 +1016,13 @@ int vhost_dev_start(struct vhost_dev *hdev, 
VirtIODevice *vdev)
 }
 
 if (hdev->log_enabled) {
+uint64_t log_base;
+
 hdev->log_size = vhost_get_log_size(hdev);
 hdev->log = hdev->log_size ?
 g_malloc0(hdev->log_size * sizeof *hdev->log) : NULL;
-r = hdev->vhost_ops->vhost_call(hdev, VHOST_SET_LOG_BASE, hdev->log);
+log_base = (uint64_t)(unsigned long)log_base;
+r = hdev->vhost_ops->vhost_call(hdev, VHOST_SET_LOG_BASE, &log_base);
 if (r < 0) {
 r = -errno;
 goto fail_log;
-- 
MST

[Qemu-devel] [PATCH for-2.4] m25p80: fix s->blk usage before assignment

[Stefan Hajnoczi]

Delay the call to blk_blockalign() until s->blk has been assigned.

This never caused a crash because blk_blockalign(NULL, size) defaults to
4096 alignment but it's technically incorrect.

Signed-off-by: Stefan Hajnoczi 
---
 hw/block/m25p80.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
index afe243b..d6a37a5 100644
--- a/hw/block/m25p80.c
+++ b/hw/block/m25p80.c
@@ -621,7 +621,6 @@ static int m25p80_init(SSISlave *ss)
 
 s->size = s->pi->sector_size * s->pi->n_sectors;
 s->dirty_page = -1;
-s->storage = blk_blockalign(s->blk, s->size);
 
 /* FIXME use a qdev drive property instead of drive_get_next() */
 dinfo = drive_get_next(IF_MTD);
@@ -629,6 +628,7 @@ static int m25p80_init(SSISlave *ss)
 if (dinfo) {
 DB_PRINT_L(0, "Binding to IF_MTD drive\n");
 s->blk = blk_by_legacy_dinfo(dinfo);
+s->storage = blk_blockalign(s->blk, s->size);
 
 /* FIXME: Move to late init */
 if (blk_read(s->blk, 0, s->storage,
@@ -638,6 +638,7 @@ static int m25p80_init(SSISlave *ss)
 }
 } else {
 DB_PRINT_L(0, "No BDRV - binding to RAM\n");
+s->storage = blk_blockalign(NULL, s->size);
 memset(s->storage, 0xFF, s->size);
 }
 
-- 
2.1.0

[Qemu-devel] [v8 12/14] migration: Use an array instead of 3 parameters

[Liang Li]

Put the three parameters related to multiple thread (de)compression
into an int array, and use an enum type to index the parameter.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Juan Quintela 
---
 include/migration/migration.h |  4 +---
 migration/migration.c | 31 +++
 qapi-schema.json  | 23 +++
 3 files changed, 43 insertions(+), 15 deletions(-)

diff --git a/include/migration/migration.h b/include/migration/migration.h
index d4a1062..a6e025a 100644
--- a/include/migration/migration.h
+++ b/include/migration/migration.h
@@ -50,9 +50,7 @@ struct MigrationState
 QemuThread thread;
 QEMUBH *cleanup_bh;
 QEMUFile *file;
-int compress_thread_count;
-int decompress_thread_count;
-int compress_level;
+int parameters[MIGRATION_PARAMETER_MAX];
 
 int state;
 MigrationParams params;
diff --git a/migration/migration.c b/migration/migration.c
index dc7db87..533717c 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -60,9 +60,12 @@ MigrationState *migrate_get_current(void)
 .bandwidth_limit = MAX_THROTTLE,
 .xbzrle_cache_size = DEFAULT_MIGRATE_CACHE_SIZE,
 .mbps = -1,
-.compress_thread_count = DEFAULT_MIGRATE_COMPRESS_THREAD_COUNT,
-.decompress_thread_count = DEFAULT_MIGRATE_DECOMPRESS_THREAD_COUNT,
-.compress_level = DEFAULT_MIGRATE_COMPRESS_LEVEL,
+.parameters[MIGRATION_PARAMETER_COMPRESS_LEVEL] =
+DEFAULT_MIGRATE_COMPRESS_LEVEL,
+.parameters[MIGRATION_PARAMETER_COMPRESS_THREADS] =
+DEFAULT_MIGRATE_COMPRESS_THREAD_COUNT,
+.parameters[MIGRATION_PARAMETER_DECOMPRESS_THREADS] =
+DEFAULT_MIGRATE_DECOMPRESS_THREAD_COUNT,
 };
 
 return ¤t_migration;
@@ -406,9 +409,11 @@ static MigrationState *migrate_init(const MigrationParams 
*params)
 int64_t bandwidth_limit = s->bandwidth_limit;
 bool enabled_capabilities[MIGRATION_CAPABILITY_MAX];
 int64_t xbzrle_cache_size = s->xbzrle_cache_size;
-int compress_level = s->compress_level;
-int compress_thread_count = s->compress_thread_count;
-int decompress_thread_count = s->decompress_thread_count;
+int compress_level = s->parameters[MIGRATION_PARAMETER_COMPRESS_LEVEL];
+int compress_thread_count =
+s->parameters[MIGRATION_PARAMETER_COMPRESS_THREADS];
+int decompress_thread_count =
+s->parameters[MIGRATION_PARAMETER_DECOMPRESS_THREADS];
 
 memcpy(enabled_capabilities, s->enabled_capabilities,
sizeof(enabled_capabilities));
@@ -419,9 +424,11 @@ static MigrationState *migrate_init(const MigrationParams 
*params)
sizeof(enabled_capabilities));
 s->xbzrle_cache_size = xbzrle_cache_size;
 
-s->compress_level = compress_level;
-s->compress_thread_count = compress_thread_count;
-s->decompress_thread_count = decompress_thread_count;
+s->parameters[MIGRATION_PARAMETER_COMPRESS_LEVEL] = compress_level;
+s->parameters[MIGRATION_PARAMETER_COMPRESS_THREADS] =
+   compress_thread_count;
+s->parameters[MIGRATION_PARAMETER_DECOMPRESS_THREADS] =
+   decompress_thread_count;
 s->bandwidth_limit = bandwidth_limit;
 s->state = MIGRATION_STATUS_SETUP;
 trace_migrate_set_state(MIGRATION_STATUS_SETUP);
@@ -624,7 +631,7 @@ int migrate_compress_level(void)
 
 s = migrate_get_current();
 
-return s->compress_level;
+return s->parameters[MIGRATION_PARAMETER_COMPRESS_LEVEL];
 }
 
 int migrate_compress_threads(void)
@@ -633,7 +640,7 @@ int migrate_compress_threads(void)
 
 s = migrate_get_current();
 
-return s->compress_thread_count;
+return s->parameters[MIGRATION_PARAMETER_COMPRESS_THREADS];
 }
 
 int migrate_decompress_threads(void)
@@ -642,7 +649,7 @@ int migrate_decompress_threads(void)
 
 s = migrate_get_current();
 
-return s->decompress_thread_count;
+return s->parameters[MIGRATION_PARAMETER_DECOMPRESS_THREADS];
 }
 
 int migrate_use_xbzrle(void)
diff --git a/qapi-schema.json b/qapi-schema.json
index b117008..121fcc7 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -569,6 +569,29 @@
 ##
 { 'command': 'query-migrate-capabilities', 'returns':   
['MigrationCapabilityStatus']}
 
+# @MigrationParameter
+#
+# Migration parameters enumeration
+#
+# @compress-level: Set the compression level to be used in live migration,
+#  the compression level is an integer between 0 and 9, where 0 means
+#  no compression, 1 means the best compression speed, and 9 means best
+#  compression ratio which will consume more CPU.
+#
+# @compress-threads: Set compression thread count to be used in live migration,
+#  the compression thread count is an integer between 1 and 255.
+#
+# @decompress-threads: Set decompression thread count to be used in live
+#  migration, the decompression thread count is an integer between 1
+#  

[Qemu-devel] [v8 11/14] migration: Add interface to control compression

[Liang Li]

The multiple compression threads can be turned on/off through
qmp and hmp interface before doing live migration.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
Reviewed-by: Dr.David Alan Gilbert 
Reviewed-by: Juan Quintela 
Reviewed-by: Eric Blake 
---
 migration/migration.c |  7 +--
 qapi-schema.json  | 11 ++-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index 19409e6..dc7db87 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -611,8 +611,11 @@ bool migrate_zero_blocks(void)
 
 bool migrate_use_compression(void)
 {
-/* Disable compression before the patch series are applied */
-return false;
+MigrationState *s;
+
+s = migrate_get_current();
+
+return s->enabled_capabilities[MIGRATION_CAPABILITY_COMPRESS];
 }
 
 int migrate_compress_level(void)
diff --git a/qapi-schema.json b/qapi-schema.json
index ac9594d..b117008 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -515,13 +515,22 @@
 #  to enable the capability on the source VM. The feature is disabled 
by
 #  default. (since 1.6)
 #
+# @compress: Use multiple compression threads to accelerate live migration.
+#  This feature can help to reduce the migration traffic, by sending
+#  compressed pages. Please note that if compress and xbzrle are both
+#  on, compress only takes effect in the ram bulk stage, after that,
+#  it will be disabled and only xbzrle takes effect, this can help to
+#  minimize migration traffic. The feature is disabled by default.
+#  (since 2.3)
+#
 # @auto-converge: If enabled, QEMU will automatically throttle down the guest
 #  to speed up convergence of RAM migration. (since 1.6)
 #
 # Since: 1.2
 ##
 { 'enum': 'MigrationCapability',
-  'data': ['xbzrle', 'rdma-pin-all', 'auto-converge', 'zero-blocks'] }
+  'data': ['xbzrle', 'rdma-pin-all', 'auto-converge', 'zero-blocks',
+   'compress'] }
 
 ##
 # @MigrationCapabilityStatus
-- 
1.9.1

[Qemu-devel] [v8 13/14] migration: Add qmp commands to set and query parameters

[Liang Li]

Add the qmp commands to tune and query the parameters used in live
migration.

Signed-off-by: Liang Li 
Signed-off-by: Yang Zhang 
---
 migration/migration.c | 56 ++
 qapi-schema.json  | 45 
 qmp-commands.hx   | 57 +++
 3 files changed, 158 insertions(+)

diff --git a/migration/migration.c b/migration/migration.c
index 533717c..8732803 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -188,6 +188,21 @@ MigrationCapabilityStatusList 
*qmp_query_migrate_capabilities(Error **errp)
 return head;
 }
 
+MigrationParameters *qmp_query_migrate_parameters(Error **errp)
+{
+MigrationParameters *params;
+MigrationState *s = migrate_get_current();
+
+params = g_malloc0(sizeof(*params));
+params->compress_level = s->parameters[MIGRATION_PARAMETER_COMPRESS_LEVEL];
+params->compress_threads =
+s->parameters[MIGRATION_PARAMETER_COMPRESS_THREADS];
+params->decompress_threads =
+s->parameters[MIGRATION_PARAMETER_DECOMPRESS_THREADS];
+
+return params;
+}
+
 static void get_xbzrle_cache_stats(MigrationInfo *info)
 {
 if (migrate_use_xbzrle()) {
@@ -301,6 +316,47 @@ void 
qmp_migrate_set_capabilities(MigrationCapabilityStatusList *params,
 }
 }
 
+void qmp_migrate_set_parameters(bool has_compress_level,
+int64_t compress_level,
+bool has_compress_threads,
+int64_t compress_threads,
+bool has_decompress_threads,
+int64_t decompress_threads, Error **errp)
+{
+MigrationState *s = migrate_get_current();
+
+if (has_compress_level && (compress_level < 0 || compress_level > 9)) {
+error_set(errp, QERR_INVALID_PARAMETER_VALUE, "compress_level",
+  "a value in range [0, 9]");
+return;
+}
+if (has_compress_threads &&
+(compress_threads < 1 || compress_threads > 255)) {
+error_set(errp, QERR_INVALID_PARAMETER_VALUE,
+  "compress_threads",
+  "a value in range [1, 255]");
+return;
+}
+if (has_decompress_threads &&
+(decompress_threads < 1 || decompress_threads > 255)) {
+error_set(errp, QERR_INVALID_PARAMETER_VALUE,
+  "decompress_threads",
+  "a value in range [1, 255]");
+return;
+}
+
+if (has_compress_level) {
+s->parameters[MIGRATION_PARAMETER_COMPRESS_LEVEL] = compress_level;
+}
+if (has_compress_threads) {
+s->parameters[MIGRATION_PARAMETER_COMPRESS_THREADS] = compress_threads;
+}
+if (has_decompress_threads) {
+s->parameters[MIGRATION_PARAMETER_DECOMPRESS_THREADS] =
+decompress_threads;
+}
+}
+
 /* shared migration helpers */
 
 static void migrate_set_state(MigrationState *s, int old_state, int new_state)
diff --git a/qapi-schema.json b/qapi-schema.json
index 121fcc7..579801b 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -592,6 +592,51 @@
 { 'enum': 'MigrationParameter',
   'data': ['compress-level', 'compress-threads', 'decompress-threads'] }
 
+#
+# @migrate-set-parameters
+#
+# Set the following migration parameters
+#
+# @compress-level: compression level
+#
+# @compress-threads: compression thread count
+#
+# @decompress-threads: decompression thread count
+#
+# Since: 2.3
+##
+{ 'command': 'migrate-set-parameters',
+  'data': { '*compress-level': 'int',
+'*compress-threads': 'int',
+'*decompress-threads': 'int'} }
+
+#
+# @MigrationParameters
+#
+# @compress-level: compression level
+#
+# @compress-threads: compression thread count
+#
+# @decompress-threads: decompression thread count
+#
+# Since: 2.3
+##
+{ 'type': 'MigrationParameters',
+  'data': { 'compress-level': 'int',
+'compress-threads': 'int',
+'decompress-threads': 'int'} }
+##
+# @query-migrate-parameters
+#
+# Returns information about the current migration parameters
+#
+# Returns: @MigrationParameters
+#
+# Since: 2.3
+##
+{ 'command': 'query-migrate-parameters',
+  'returns': 'MigrationParameters' }
+
 ##
 # @MouseInfo:
 #
diff --git a/qmp-commands.hx b/qmp-commands.hx
index 3a42ad0..8fcf5a8 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -3320,6 +3320,63 @@ EQMP
 },
 
 SQMP
+migrate-set-parameters
+--
+
+Set migration parameters
+
+- "compress-level": set compression level during migration (json-int)
+- "compress-threads": set compression thread count for migration (json-int)
+- "decompress-threads": set decompression thread count for migration (json-int)
+
+Arguments:
+
+Example:
+
+-> { "execute": "migrate-set-parameters" , "arguments":
+  { "compress-level": 1 } }
+
+EQMP
+
+{
+.name   = "migrate-set-param

Re: [Qemu-devel] Failing iotests in v2.3.0-rc2 / master

[Kevin Wolf]

Am 15.04.2015 um 11:34 hat Andreas Färber geschrieben:
> Am 15.04.2015 um 11:26 schrieb Kevin Wolf:
> > Am 15.04.2015 um 06:53 hat Jeff Cody geschrieben:
> >> On Tue, Apr 14, 2015 at 11:57:35AM +0200, Kevin Wolf wrote:
> >>> Am 11.04.2015 um 05:41 hat Andreas Färber geschrieben:
>  Hi,
> 
>  001 seems to hang for -qcow (or is not reasonably "quick": >5 min).
> 
>  033 is failing for -vhdx.
> 
>  (Note that `make check-block` only tests -qcow2, so didn't uncover
>  either of them.)
> 
>  Given a failing test, am I seeing correctly that there is no command
>  line option to skip this one failing test? -x seems to be for groups 
>  only.
> 
>  Regards,
>  Andreas
> 
>  $ ./check -v -T -qcow -g quick
>  [...]
>  001 6s ...[05:12:39]
> >>>
> >>> qcow1 is just really slow. 001 passes for me, after 202 seconds (that's
> >>> on my SSD, YMMV).
> >>>
>  $ ./check -v -T -vhdx -g quick
>  [...]
>  033 1s ...[04:06:09] [04:06:11] - output mismatch (see 
>  033.out.bad)
> >>>
> >>> This seems to be because blkdebug doesn't implement .bdrv_truncate.
> >>> Currently the test case isn't suitable for VHDX, which uses explicit
> >>> bdrv_truncate() calls to grow the image file. I'll send a patch for
> >>> blkdebug to allow this.
> >>>
> >>> However, it seems that there is another problem which causes assertion
> >>> failures when using VHDX over blkdebug. Jeff, does the following fix
> >>> make sense to you? (I think it does, but I don't understand yet why the
> >>> assertion failure is only triggered with blkdebug - or in other words:
> >>> "how could this ever work?")
> >>>
> >>> Kevin
> >>
> >> Kevin,
> >>
> >> Yes, looking at that fix it makes sense - we are wanting to pad the
> >> back part of the block after the actual data with zeros. That back
> >> length should be (block size - (bytes avail + block offset)), which is
> >> iov2.iov_len.
> >>
> >> There are two reasons I think we haven't seen this issue (it has been
> >> hidden):
> >>
> >> 1.) If bs->file supports zero init, we don't do any of this
> > 
> > I see. file does and blkdebug doesn't, so that's the crucial difference.
> > 
> >> 2.) This is done for the case when the existing BAT state is
> >> PAYLOAD_BLOCK_ZERO.  Until recently (commit 30af51c), we didn't
> >> create VHDX files with blocks in the PAYLOAD_BLOCK_ZERO state.
> > 
> > Right, I wasn't aware of this either any more.
> > 
> >> So it has been a latent bug in a hitherto rarely (if ever) exercised
> >> path.
> > 
> > Thanks for your explanation, it's clear to me now what's going on. I'll
> > send out the patches (for both blkdebug and vhdx) right away. You can
> > either pick up the vhdx one, or just give your Acked-by and then I'll
> > merge it through my block tree.
> 
> Might 059 (?) failure for -vmdk be another symptom of the same issue?

059 passes for me with vmdk. If it fails for you, can you please paste
the output diff?

Kevin

Re: [Qemu-devel] [PATCH for-2.4] m25p80: fix s->blk usage before assignment

[Paolo Bonzini]

On 15/04/2015 11:43, Stefan Hajnoczi wrote:
> Delay the call to blk_blockalign() until s->blk has been assigned.
> 
> This never caused a crash because blk_blockalign(NULL, size) defaults to
> 4096 alignment but it's technically incorrect.
> 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  hw/block/m25p80.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
> index afe243b..d6a37a5 100644
> --- a/hw/block/m25p80.c
> +++ b/hw/block/m25p80.c
> @@ -621,7 +621,6 @@ static int m25p80_init(SSISlave *ss)
>  
>  s->size = s->pi->sector_size * s->pi->n_sectors;
>  s->dirty_page = -1;
> -s->storage = blk_blockalign(s->blk, s->size);
>  
>  /* FIXME use a qdev drive property instead of drive_get_next() */
>  dinfo = drive_get_next(IF_MTD);
> @@ -629,6 +628,7 @@ static int m25p80_init(SSISlave *ss)
>  if (dinfo) {
>  DB_PRINT_L(0, "Binding to IF_MTD drive\n");
>  s->blk = blk_by_legacy_dinfo(dinfo);
> +s->storage = blk_blockalign(s->blk, s->size);
>  
>  /* FIXME: Move to late init */
>  if (blk_read(s->blk, 0, s->storage,
> @@ -638,6 +638,7 @@ static int m25p80_init(SSISlave *ss)
>  }
>  } else {
>  DB_PRINT_L(0, "No BDRV - binding to RAM\n");
> +s->storage = blk_blockalign(NULL, s->size);
>  memset(s->storage, 0xFF, s->size);
>  }
>  
> 

Reviewed-by: Paolo Bonzini 

Re: [Qemu-devel] feature proposal: checkpoint-assisted migration

[Stefan Hajnoczi]

On Tue, Apr 14, 2015 at 01:20:33PM +0200, Thomas Knauth wrote:
> In the course of our research we implemented a prototype of this
> feature within kvm/qemu. We would like to contribute it to mainline,
> but it needs cleanup and proper testing. As is the nature with
> research prototypes, the code is ugly and not well integrated with the
> existing kvm/qemu codebase. To avoid confusion and irritation, I want
> to mention that I have little experience in contributing to large
> open-source projects. So if I violate some unwritten protocol or best
> practises, please be patient.

Guidelines for contributing patches are here:
http://qemu-project.org/Contribute/SubmitAPatch

Regarding the idea, it sounds like it could be beneficial for some
migration use cases.  I've thought about an rsync approach for disk
images, and that is similar to your idea for RAM.  There are image file
formats that keep generation counts for regions of the disk image,
making it quick to find out which regions have changed between two
images.

Stefan


pgpbRcsiAFPCw.pgp
Description: PGP signature

Re: [Qemu-devel] Failing iotests in v2.3.0-rc2 / master

[Andreas Färber]

Am 15.04.2015 um 11:47 schrieb Kevin Wolf:
> Am 15.04.2015 um 11:34 hat Andreas Färber geschrieben:
>> Am 15.04.2015 um 11:26 schrieb Kevin Wolf:
>>> Am 15.04.2015 um 06:53 hat Jeff Cody geschrieben:
 On Tue, Apr 14, 2015 at 11:57:35AM +0200, Kevin Wolf wrote:
> Am 11.04.2015 um 05:41 hat Andreas Färber geschrieben:
>> Hi,
>>
>> 001 seems to hang for -qcow (or is not reasonably "quick": >5 min).
>>
>> 033 is failing for -vhdx.
>>
>> (Note that `make check-block` only tests -qcow2, so didn't uncover
>> either of them.)
>>
>> Given a failing test, am I seeing correctly that there is no command
>> line option to skip this one failing test? -x seems to be for groups 
>> only.
>>
>> Regards,
>> Andreas
>>
>> $ ./check -v -T -qcow -g quick
>> [...]
>> 001 6s ...[05:12:39]
>
> qcow1 is just really slow. 001 passes for me, after 202 seconds (that's
> on my SSD, YMMV).
>
>> $ ./check -v -T -vhdx -g quick
>> [...]
>> 033 1s ...[04:06:09] [04:06:11] - output mismatch (see 
>> 033.out.bad)
>
> This seems to be because blkdebug doesn't implement .bdrv_truncate.
> Currently the test case isn't suitable for VHDX, which uses explicit
> bdrv_truncate() calls to grow the image file. I'll send a patch for
> blkdebug to allow this.
>
> However, it seems that there is another problem which causes assertion
> failures when using VHDX over blkdebug. Jeff, does the following fix
> make sense to you? (I think it does, but I don't understand yet why the
> assertion failure is only triggered with blkdebug - or in other words:
> "how could this ever work?")
>
> Kevin

 Kevin,

 Yes, looking at that fix it makes sense - we are wanting to pad the
 back part of the block after the actual data with zeros. That back
 length should be (block size - (bytes avail + block offset)), which is
 iov2.iov_len.

 There are two reasons I think we haven't seen this issue (it has been
 hidden):

 1.) If bs->file supports zero init, we don't do any of this
>>>
>>> I see. file does and blkdebug doesn't, so that's the crucial difference.
>>>
 2.) This is done for the case when the existing BAT state is
 PAYLOAD_BLOCK_ZERO.  Until recently (commit 30af51c), we didn't
 create VHDX files with blocks in the PAYLOAD_BLOCK_ZERO state.
>>>
>>> Right, I wasn't aware of this either any more.
>>>
 So it has been a latent bug in a hitherto rarely (if ever) exercised
 path.
>>>
>>> Thanks for your explanation, it's clear to me now what's going on. I'll
>>> send out the patches (for both blkdebug and vhdx) right away. You can
>>> either pick up the vhdx one, or just give your Acked-by and then I'll
>>> merge it through my block tree.
>>
>> Might 059 (?) failure for -vmdk be another symptom of the same issue?
> 
> 059 passes for me with vmdk. If it fails for you, can you please paste
> the output diff?

With v2.3.0-rc3:

-raw:

[ 1714s] 005[02:45:31] [02:45:31] - output mismatch (see
005.out.bad)
[ 1714s] ---
/home/abuild/rpmbuild/BUILD/qemu-2.3.0-rc3/tests/qemu-iotests/005.out
2015-04-13 18:34:01.0 +
[ 1714s] +++ 005.out.bad2015-04-15 02:45:31.54000 +
[ 1714s] @@ -1,13 +1,12 @@
[ 1714s]  QA output created by 005
[ 1714s]
[ 1714s]  creating large image
[ 1714s] +qemu-img: TEST_DIR/t.IMGFMT: The image size is too large for
file format 'IMGFMT'
[ 1714s]  Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=536870912
[ 1714s]
[ 1714s]  small read
[ 1714s] -read 4096/4096 bytes at offset 1024
[ 1714s] -4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
[ 1714s] +read failed: Input/output error
[ 1714s]
[ 1714s]  small write
[ 1714s] -wrote 4096/4096 bytes at offset 8192
[ 1714s] -4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
[ 1714s] +write failed: Input/output error
[ 1714s]  *** done

-qcow2:

[ 1867s] 028[02:47:55] [02:48:04] - output mismatch (see
028.out.bad)
[ 1867s] ---
/home/abuild/rpmbuild/BUILD/qemu-2.3.0-rc3/tests/qemu-iotests/028.out
2015-04-13 18:34:01.0 +
[ 1867s] +++ 028.out.bad2015-04-15 02:48:04.90800 +
[ 1867s] @@ -473,6 +473,14 @@
[ 1867s]  (qemu)
iininfinfoinfo
info binfo
blinfo
bloinfo blocinfo 
blockinfo
block-info
block-jinfo 
block-joinfo
block-jobinfo block-jobs
[ 1867s]  Type backup, device disk: Completed 0 of 4294968832 bytes,
speed limit 0 bytes/s
[ 1867s]
iininfinfoinfo
info b

Re: [Qemu-devel] [PATCH] vhost: fix log base address

[zhanghailiang]

On 2015/4/15 17:37, Michael S. Tsirkin wrote:

VHOST_SET_LOG_BASE got an incorrect address, causing
migration errors and potentially even memory corruption.

Cc: Peter Maydell 
Reported-by: Wen Congyang 
Signed-off-by: Michael S. Tsirkin 
---

Could you please confirm this fixes the problem for you?

  hw/virtio/vhost.c | 5 -
  1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index 8dd2f59..02c5604 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -1016,10 +1016,13 @@ int vhost_dev_start(struct vhost_dev *hdev, 
VirtIODevice *vdev)
  }

  if (hdev->log_enabled) {
+uint64_t log_base;
+
  hdev->log_size = vhost_get_log_size(hdev);
  hdev->log = hdev->log_size ?
  g_malloc0(hdev->log_size * sizeof *hdev->log) : NULL;
-r = hdev->vhost_ops->vhost_call(hdev, VHOST_SET_LOG_BASE, hdev->log);
+log_base = (uint64_t)(unsigned long)log_base;

   

s/log_base/hdev->log ?


+r = hdev->vhost_ops->vhost_call(hdev, VHOST_SET_LOG_BASE, &log_base);
  if (r < 0) {
  r = -errno;
  goto fail_log;

Re: [Qemu-devel] [PATCH v4 00/20] Generate ACPI v5.1 tables and expose it to guest over fw_cfg on ARM

[Michael S. Tsirkin]

On Fri, Apr 03, 2015 at 06:03:32PM +0800, Shannon Zhao wrote:
> From: Shannon Zhao 
> 
> This patch series generate six ACPI v5.1 tables for machine virt on ARM.
> The set of generated tables are:
> - RSDP
> - RSDT
> - MADT
> - GTDT
> - FADT
> - DSDT
> - MCFG (For PCIe host bridge)
> 
> These tables are created dynamically using the function of aml-build.c,
> taking into account the needed information passed from the virt machine model.
> When the generation is finalized, it use fw_cfg to expose the tables to guest.

Patches 1 and 2 are good to go.
In fact, I'll happily merge them through my tree.
Thanks!

Re: [Qemu-devel] [PATCH v5 5/7] vfio-pci: pass the aer error to guest

[Chen Fan]

On 04/08/2015 11:36 PM, Alex Williamson wrote:

On Wed, 2015-04-08 at 16:59 +0800, Chen Fan wrote:

On 04/01/2015 11:46 PM, Alex Williamson wrote:

On Wed, 2015-04-01 at 12:12 +0800, Chen Fan wrote:

On 03/25/2015 10:41 AM, Alex Williamson wrote:

On Wed, 2015-03-25 at 09:53 +0800, Chen Fan wrote:

On 03/16/2015 10:09 PM, Alex Williamson wrote:

On Mon, 2015-03-16 at 15:35 +0800, Chen Fan wrote:

On 03/16/2015 11:52 AM, Alex Williamson wrote:

On Mon, 2015-03-16 at 11:05 +0800, Chen Fan wrote:

On 03/14/2015 06:34 AM, Alex Williamson wrote:

On Thu, 2015-03-12 at 18:23 +0800, Chen Fan wrote:

when the vfio device encounters an uncorrectable error in host,
the vfio_pci driver will signal the eventfd registered by this
vfio device, the results in the qemu eventfd handler getting
invoked.

this patch is to pass the error to guest and have the guest driver
recover from the error.

What is going to be the typical recovery mechanism for the guest?  I'm
concerned that the topology of the device in the guest doesn't
necessarily match the topology of the device in the host, so if the
guest were to attempt a bus reset to recover a device, for instance,
what happens?

the recovery mechanism is that when guest got an aer error from a device,
guest will clean the corresponding status bit in device register. and for
need reset device, the guest aer driver would reset all devices under bus.

Sorry, I'm still confused, how does the guest aer driver reset all
devices under a bus?  Are we talking about function-level, device
specific reset mechanisms or secondary bus resets?  If the guest is
performing secondary bus resets, what guarantee do they have that it
will translate to a physical secondary bus reset?  vfio may only do an
FLR when the bus is reset or it may not be able to do anything depending
on the available function-level resets and physical and virtual topology
of the device.  Thanks,

in general, functions depends on the corresponding device driver behaviors
to do the recovery. e.g: implemented the error_detect, slot_reset callbacks.
and for link reset, it usually do secondary bus reset.

and do we must require to the physical secondary bus reset for vfio device
as bus reset?

That depends on how the guest driver attempts recovery, doesn't it?
There are only a very limited number of cases where a secondary bus
reset initiated by the guest will translate to a secondary bus reset of
the physical device (iirc, single function device without FLR).  In most
cases, it will at best be translated to an FLR.  VFIO really only does
bus resets on VM reset because that's the only time we know that it's ok
to reset multiple devices.  If the guest driver is depending on a
secondary bus reset to put the device into a recoverable state and we're
not able to provide that, then we're actually reducing containment of
the error by exposing AER to the guest and allowing it to attempt
recovery.  So in practice, I'm afraid we're risking the integrity of the
VM by exposing AER to the guest and making it think that it can perform
recovery operations that are not effective.  Thanks,

I also have seen that if device without FLR, it seems can do hot reset
by ioctl VFIO_DEVICE_PCI_HOT_RESET to reset the physical slot or bus
in vfio_pci_reset. does it satisfy the recovery issues that you said?

The hot reset interface can only be used when a) the user (QEMU) owns
all of the devices on the bus and b) we know we're resetting all of the
devices.  That mostly limits its use to VM reset.  I think that on a
secondary bus reset, we don't know the scope of the reset at the QEMU
vfio driver, so we only make use of reset methods with a function-level
scope.  That would only result in a secondary bus reset if that's the
reset mechanism used by the host kernel's PCI code (pci_reset_function),
which is limited to single function devices on a secondary bus, with no
other reset mechanisms.  The host reset is also only available in some
configurations, for instance if we have a dual-port NIC where each
function is a separate IOMMU group, then we clearly cannot do a hot
reset unless both functions are assigned to the same VM _and_ appear to
the guest on the same virtual bus.  So even if we could know the scope
of the reset in the QEMU vfio driver, we can only make use of it under
very strict guest configurations.  Thanks,

Hi Alex,

  have you some idea or scenario to fix/escape this issue?

Hi Chen,

I expect there are two major components to this.  The first is that
QEMU/vfio-pci needs to enforce that a bus reset is possible for the host
and guest topology when guest AER handling is specified for a device.
That means that everything affected by the bus reset needs to be exposed
to the guest in a compatible way.  For instance, if a bus reset affects
devices from multiple groups, the guest needs to not only own all of
those groups, but they also need to be exposed to the guest such that
the virtual bus layout reflects the extent of the reset for the ph

Re: [Qemu-devel] [PATCH V14 0/3] Virtual Machine Generation ID

[Michael S. Tsirkin]

On Tue, Mar 03, 2015 at 05:18:12PM +0100, Igor Mammedov wrote:
> Changes since v13:
>  * fix comment style to /*... */ in testcase
>  * make BAR TARGET_PAGE_SIZE as required by spec
>  * make BAR prefetchable, spec also says that it shouldn't be
>marked as non cached
>  * ACPI part
> * merge separate VGID device with PCI device description
> * mark device as not shown in UI,
>   it hides "VM Generation ID" device from device manager
>   and leaves only "PCI Standard RAM Controller" device there

In an offline chat, Yan (Cc) mentioned that with windows guests,
PCI rebalancing can move BAR values around.
Yan, could you comment on-list please?
Is there a way to force this, for testing?

ACPI spec mentions this:
If a platform uses a PCI BAR Target operation region, an ACPI OS will
not load a native device driver for the associated PCI function. For
example, if any of the BARs in a PCI function are associated with a PCI
BAR Target operation region, then the OS will assume that the PCI
function is to be entirely under the control of the ACPI BIOS. No driver
will be loaded. Thus, a PCI function can be used as a platform
controller for some task (hot-plug PCI, and so on) that the ACPI BIOS
performs.

This might also avoid driver prompt from windows?

-- 
MST

[Qemu-devel] [PATCH] block: document block-stream in qmp-commands.hx

[Stefan Hajnoczi]

The 'block-stream' QMP command is documented in block-core.json but not
qmp-commands.hx.  Add a summary of the command to qmp-commands.hx
(similar to the documentation for 'block-commit').

Reported-by: Kashyap Chamarthy 
Signed-off-by: Stefan Hajnoczi 
---
 qmp-commands.hx | 37 +
 1 file changed, 37 insertions(+)

diff --git a/qmp-commands.hx b/qmp-commands.hx
index 3a42ad0..7a745ed 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1008,6 +1008,43 @@ EQMP
 .mhandler.cmd_new = qmp_marshal_input_block_stream,
 },
 
+SQMP
+block-stream
+
+
+Copy data from a backing file into a block device.
+
+Arguments:
+
+- "device": The device's ID, must be unique (json-string)
+- "base": The file name of the backing image above which copying starts
+  (json-string, optional)
+- "backing-file": The backing file string to write into the active layer. This
+  filename is not validated.
+
+  If a pathname string is such that it cannot be resolved by
+  QEMU, that means that subsequent QMP or HMP commands must use
+  node-names for the image in question, as filename lookup
+  methods will fail.
+
+  If not specified, QEMU will automatically determine the
+  backing file string to use, or error out if there is no
+  obvious choice.  Care should be taken when specifying the
+  string, to specify a valid filename or protocol.
+  (json-string, optional) (Since 2.1)
+- "speed":  the maximum speed, in bytes per second (json-int, optional)
+- "on-error": the action to take on an error (default 'report').  'stop' and
+  'enospc' can only be used if the block device supports io-status.
+  (json-string, optional) (Since 2.1)
+
+Example:
+
+-> { "execute": "block-stream", "arguments": { "device": "virtio0",
+   "base": "/tmp/master.qcow2" } }
+<- { "return": {} }
+
+EQMP
+
 {
 .name   = "block-commit",
 .args_type  = "device:B,base:s?,top:s?,backing-file:s?,speed:o?",
-- 
2.1.0

Re: [Qemu-devel] [PATCH v4 00/20] Generate ACPI v5.1 tables and expose it to guest over fw_cfg on ARM

[Shannon Zhao]

On 2015/4/15 18:10, Michael S. Tsirkin wrote:
> On Fri, Apr 03, 2015 at 06:03:32PM +0800, Shannon Zhao wrote:
>> From: Shannon Zhao 
>>
>> This patch series generate six ACPI v5.1 tables for machine virt on ARM.
>> The set of generated tables are:
>> - RSDP
>> - RSDT
>> - MADT
>> - GTDT
>> - FADT
>> - DSDT
>> - MCFG (For PCIe host bridge)
>>
>> These tables are created dynamically using the function of aml-build.c,
>> taking into account the needed information passed from the virt machine 
>> model.
>> When the generation is finalized, it use fw_cfg to expose the tables to 
>> guest.
> 
> Patches 1 and 2 are good to go.
> In fact, I'll happily merge them through my tree.
> Thanks!
> 

Cool! Thanks, Michael. Then I will prepare for next version.

-- 
Thanks,
Shannon

Re: [Qemu-devel] [PATCH] vhost: fix log base address

[Wen Congyang]

On 04/15/2015 05:56 PM, zhanghailiang wrote:
> On 2015/4/15 17:37, Michael S. Tsirkin wrote:
>> VHOST_SET_LOG_BASE got an incorrect address, causing
>> migration errors and potentially even memory corruption.
>>
>> Cc: Peter Maydell 
>> Reported-by: Wen Congyang 
>> Signed-off-by: Michael S. Tsirkin 
>> ---
>>
>> Could you please confirm this fixes the problem for you?
>>
>>   hw/virtio/vhost.c | 5 -
>>   1 file changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
>> index 8dd2f59..02c5604 100644
>> --- a/hw/virtio/vhost.c
>> +++ b/hw/virtio/vhost.c
>> @@ -1016,10 +1016,13 @@ int vhost_dev_start(struct vhost_dev *hdev, 
>> VirtIODevice *vdev)
>>   }
>>
>>   if (hdev->log_enabled) {
>> +uint64_t log_base;
>> +
>>   hdev->log_size = vhost_get_log_size(hdev);
>>   hdev->log = hdev->log_size ?
>>   g_malloc0(hdev->log_size * sizeof *hdev->log) : NULL;
>> -r = hdev->vhost_ops->vhost_call(hdev, VHOST_SET_LOG_BASE, 
>> hdev->log);
>> +log_base = (uint64_t)(unsigned long)log_base;
>
> 
> s/log_base/hdev->log ?

I test the patch with this modification. It works for me.

Thanks
Wen Congyang

> 
>> +r = hdev->vhost_ops->vhost_call(hdev, VHOST_SET_LOG_BASE, 
>> &log_base);
>>   if (r < 0) {
>>   r = -errno;
>>   goto fail_log;
>>
> 
> 
> .
> 

Re: [Qemu-devel] Failing iotests in v2.3.0-rc2 / master

[Jeff Cody]

On Tue, Apr 14, 2015 at 11:57:35AM +0200, Kevin Wolf wrote:

[snip]

> --- a/block/vhdx.c
> +++ b/block/vhdx.c
> @@ -1285,7 +1285,7 @@ static coroutine_fn int vhdx_co_writev(BlockDriverState 
> *bs, int64_t sector_num,
>  iov2.iov_base = qemu_blockalign(bs, iov2.iov_len);
>  memset(iov2.iov_base, 0, iov2.iov_len);
>  qemu_iovec_concat_iov(&hd_qiov, &iov2, 1, 0,
> -  sinfo.block_offset);
> +  iov2.iov_len);
>  sectors_to_write += iov2.iov_len >> BDRV_SECTOR_BITS;
>  }
>  }

acked-by: Jeff Cody 

Re: [Qemu-devel] [V9fs-developer] [Bug 1336794] Re: 9pfs does not honor open file handles on unlinked files

[Dominique Martinet]

Eric Van Hensbergen wrote on Mon, Apr 13, 2015 at 04:05:28PM +:
> Well, technically fid 3 isn't 'open', only fid 2 is open - at least
> according to the protocol.  fid 3 and fid 2 are both clones of fid 1.

Right, they're clone fids, but nothing in the protocol says what should
happen to non-open fids when you unlink the file either - I guess both
behaviours are OK as long as the client can handle it, so it would make
sense to at least call fstat() on the fid matching the fd, but while
I think this is how the kernel currently behaves the kernel doesn't HAVE
to make one open, separate fid per open file descriptor either.

> However, thanks for the alternative workaround.  If you get a chance, can
> you check that my change to the client to partially fix this for the other
> servers doesn't break nfs-ganesha:
> 
> https://github.com/ericvh/linux/commit/fddc7721d6d19e4e6be4905f37ade5b0521f4ed5

I'm afraid I haven't had much time lately, but while fstat-after-unlink
still works I'm getting some Oops with my basic test suite (create empty
files and rm -rf, kernel compilation, etc - nothing fancy) to the point
of locking myself out of my test box pretty quickly.

I'll try to debug patches a bit more individually (trying everything at
once isn't helping), but at the very least something is fishy

-- 
Dominique Martinet

[Qemu-devel] [PATCH] qmp-commands: fix incorrect uses of ":O" specifier

[Paolo Bonzini]

As far as the QMP parser is concerned, neither the 'O' nor the 'q' format 
specifiers
put any constraint on the command.  However, there are two differences:

1) from a documentation point of view 'O' says that this command takes
a dictionary.  The dictionary will be converted to QemuOpts in the
handler to match the corresponding HMP command.

2) 'O' sets QMP_ACCEPT_UNKNOWNS, resulting in the command accepting invalid
extra arguments.  For example the following is accepted:

   { "execute": "send-key",
"arguments": { "keys": [ { "type": "qcode", "data": "ctrl" },
 { "type": "qcode", "data": "alt" },
 { "type": "qcode", "data": "delete" } ], 
"foo": "bar" } }

Neither send-key nor migrate-set-capabilities take a QemuOpts-like
dictionary; they take an array of dictionaries.  And neither command
really wants to have extra unknown arguments.  Thus, the right
specifier to use in this case is 'q'; with this patch the above
command fails with

   {"error": {"class": "GenericError", "desc": "Invalid parameter 'foo'"}}

as intended.

Reported-by: Alberto Garcia 
Signed-off-by: Paolo Bonzini 
---
 qmp-commands.hx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/qmp-commands.hx b/qmp-commands.hx
index 3a42ad0..09f48ba 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -332,7 +332,7 @@ EQMP
 
 {
 .name   = "send-key",
-.args_type  = "keys:O,hold-time:i?",
+.args_type  = "keys:q,hold-time:i?",
 .mhandler.cmd_new = qmp_marshal_input_send_key,
 },
 
@@ -3288,7 +3288,7 @@ EQMP
 
 {
 .name   = "migrate-set-capabilities",
-.args_type  = "capabilities:O",
+.args_type  = "capabilities:q",
 .params = "capability:s,state:b",
.mhandler.cmd_new = qmp_marshal_input_migrate_set_capabilities,
 },
-- 
2.3.5

Re: [Qemu-devel] [PATCH 2/2] vhdx: Fix zero-fill iov length

[Jeff Cody]

On Wed, Apr 15, 2015 at 11:27:26AM +0200, Kevin Wolf wrote:
> Fix the length of the zero-fill for the back, which was accidentally
> using the same value as for the front. This is caught by qemu-iotests
> 033.
> 
> For consistency, change the code for the front as well to use the length
> stored in the iov (it is the same value, copied four lines above).
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/vhdx.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/block/vhdx.c b/block/vhdx.c
> index bb3ed45..e24062f 100644
> --- a/block/vhdx.c
> +++ b/block/vhdx.c
> @@ -1269,7 +1269,7 @@ static coroutine_fn int vhdx_co_writev(BlockDriverState 
> *bs, int64_t sector_num,
>  iov1.iov_base = qemu_blockalign(bs, iov1.iov_len);
>  memset(iov1.iov_base, 0, iov1.iov_len);
>  qemu_iovec_concat_iov(&hd_qiov, &iov1, 1, 0,
> -  sinfo.block_offset);
> +  iov1.iov_len);

Better form here, although should be identical

>  sectors_to_write += iov1.iov_len >> BDRV_SECTOR_BITS;
>  }
>  
> @@ -1285,7 +1285,7 @@ static coroutine_fn int vhdx_co_writev(BlockDriverState 
> *bs, int64_t sector_num,
>  iov2.iov_base = qemu_blockalign(bs, iov2.iov_len);
>  memset(iov2.iov_base, 0, iov2.iov_len);
>  qemu_iovec_concat_iov(&hd_qiov, &iov2, 1, 0,
> -  sinfo.block_offset);
> +  iov2.iov_len);

Definite bug fix here

>  sectors_to_write += iov2.iov_len >> BDRV_SECTOR_BITS;
>  }
>  }
> -- 
> 1.8.3.1
>

Acked-by: Jeff Cody 

Re: [Qemu-devel] [PATCH 1/2] blkdebug: Add bdrv_truncate()

[Jeff Cody]

On Wed, Apr 15, 2015 at 11:27:25AM +0200, Kevin Wolf wrote:
> This is, amongst others, required for qemu-iotests 033 to run as
> intended on VHDX, which uses explicit bdrv_truncate() calls to bs->file
> when allocating new blocks.
> 
> Signed-off-by: Kevin Wolf 
> ---
>  block/blkdebug.c | 6 ++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/block/blkdebug.c b/block/blkdebug.c
> index 63611e0..3c30edb 100644
> --- a/block/blkdebug.c
> +++ b/block/blkdebug.c
> @@ -721,6 +721,11 @@ static int64_t blkdebug_getlength(BlockDriverState *bs)
>  return bdrv_getlength(bs->file);
>  }
>  
> +static int blkdebug_truncate(BlockDriverState *bs, int64_t offset)
> +{
> +return bdrv_truncate(bs->file, offset);
> +}
> +
>  static void blkdebug_refresh_filename(BlockDriverState *bs)
>  {
>  QDict *opts;
> @@ -779,6 +784,7 @@ static BlockDriver bdrv_blkdebug = {
>  .bdrv_file_open = blkdebug_open,
>  .bdrv_close = blkdebug_close,
>  .bdrv_getlength = blkdebug_getlength,
> +.bdrv_truncate  = blkdebug_truncate,
>  .bdrv_refresh_filename  = blkdebug_refresh_filename,
>  
>  .bdrv_aio_readv = blkdebug_aio_readv,
> -- 
> 1.8.3.1
>

Reviewed-by: Jeff Cody 

Re: [Qemu-devel] [RFC PATCH] vl.c: add -semihosting-config "arg" sub-argument

[Leon Alrae]

On 15/04/2015 10:09, Liviu Ionescu wrote:
> Peter/Leon,
> 
> I'm planning for my future releases, and, to avoid incompatible versions, I 
> would like to help with the semihosting configuration issue, to speed up 
> things. is there any chance to close this issue in the near future?

I'm hoping so :) I'm holding up UHI patches respin until we resolve this.

> 
> we currently have two solutions:
> 
> - multiple: --semihosting-config arg="..." 
> - a single option, placed at the end, and followed by any number of 
> arguments: --semihosting-cmdline $@ \n
> 
> both can generate the array of args required by UHI and both can pass args 
> with spaces.
> 
> the second one is more scripting friendly, and is somehow in the spirit of 
> other unix programs that need to pass such arguments.

I don't have a strong preference here, but I think I would be leaning
towards the second one as it just looks better. On the other hand it
reserves the last position in the QEMU command line, which I'm not sure
if can become a problem at some point?

Leon

[Qemu-devel] [PATCH v2] qemu-config: Accept empty option values

[Eduardo Habkost]

Currently it is impossible to set an option in a config file to an empty
string, because the parser matches only lines containing non-empty
strings between double-quotes.

As sscanf() "[" conversion specifier only matches non-empty strings, add
a special case for empty strings.

Signed-off-by: Eduardo Habkost 
---
Changes v1 -> v2:
* Move value[0]='\0' assignment outside if condition. Nobody seemed
  to like the comma operator usage in v1 (including myself), and then I
  noticed that it was also making checkpatch.pl sad.
---
 util/qemu-config.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/util/qemu-config.c b/util/qemu-config.c
index 2d32ce7..a393a3d 100644
--- a/util/qemu-config.c
+++ b/util/qemu-config.c
@@ -413,7 +413,9 @@ int qemu_config_parse(FILE *fp, QemuOptsList **lists, const 
char *fname)
 opts = qemu_opts_create(list, NULL, 0, &error_abort);
 continue;
 }
-if (sscanf(line, " %63s = \"%1023[^\"]\"", arg, value) == 2) {
+value[0] = '\0';
+if (sscanf(line, " %63s = \"%1023[^\"]\"", arg, value) == 2 ||
+sscanf(line, " %63s = \"\"", arg) == 1) {
 /* arg = value */
 if (opts == NULL) {
 error_report("no group defined");
-- 
2.1.0

Re: [Qemu-devel] [RFC PATCH] vl.c: add -semihosting-config "arg" sub-argument

[Matthew Fortune]

Leon Alrae  writes:
> On 15/04/2015 10:09, Liviu Ionescu wrote:
> > Peter/Leon,
> >
> > I'm planning for my future releases, and, to avoid incompatible
> versions, I would like to help with the semihosting configuration issue,
> to speed up things. is there any chance to close this issue in the near
> future?
> 
> I'm hoping so :) I'm holding up UHI patches respin until we resolve
> this.
> 
> >
> > we currently have two solutions:
> >
> > - multiple: --semihosting-config arg="..."
> > - a single option, placed at the end, and followed by any number of
> > arguments: --semihosting-cmdline $@ \n
> >
> > both can generate the array of args required by UHI and both can pass
> args with spaces.
> >
> > the second one is more scripting friendly, and is somehow in the
> spirit of other unix programs that need to pass such arguments.
> 
> I don't have a strong preference here, but I think I would be leaning
> towards the second one as it just looks better. On the other hand it
> reserves the last position in the QEMU command line, which I'm not sure
> if can become a problem at some point?

For what it's worth, I like the idea of using the end of the command line
for this as it makes a qemu wrapper really simple. Isn't this also how the
user-mode simulator works for qemu, consistency between these wouldn't
be a bad thing.

Thanks,
Matthew

Re: [Qemu-devel] [Spice-devel] [PATCH] spice: fix simple display on bigendian hosts

[Gerd Hoffmann]

On Di, 2015-04-14 at 17:47 +0300, Denis Kirjanov wrote:
> On 4/14/15, Denis Kirjanov  wrote:
> > On 4/14/15, Denis Kirjanov  wrote:
> >> On 4/14/15, Gerd Hoffmann  wrote:
> >>> Denis Kirjanov is busy getting spice run on ppc64 and trapped into this
> >>> one.  Spice wire format is little endian, so we have to explicitly say
> >>> we want little endian when letting pixman convert the data for us.
> >>>
> >>> Reported-by: Denis Kirjanov 
> >>> Signed-off-by: Gerd Hoffmann 
> >>> ---
> >> Yeah, that fixes the issue. Thanks Gerd!
> >
> > Looks like that the patch fixes the half of the problem: the inverted
> > colors appear on client reconnect to vm
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x74e10258 in ?? () from /usr/lib/x86_64-linux-gnu/libpixman-1.so.0
> (gdb) bt
> #0  0x74e10258 in ?? () from 
> /usr/lib/x86_64-linux-gnu/libpixman-1.so.0
> #1  0x74e10239 in pixman_image_unref () from
> /usr/lib/x86_64-linux-gnu/libpixman-1.so.0
> #2  0x778e4117 in canvas_get_quic
> (canvas=canvas@entry=0x7ceb80, image=image@entry=0xae2720,
> want_original=want_original@entry=0) at
> ../spice-common/common/canvas_base.c:390

spice client crash?
is this spice client running on big endian or little endian machine?

cheers,
  Gerd

Re: [Qemu-devel] [RFC PATCH] vl.c: add -semihosting-config "arg" sub-argument

[Liviu Ionescu]

> On 15 Apr 2015, at 14:53, Leon Alrae  wrote:
> 
> On 15/04/2015 10:09, Liviu Ionescu wrote:
>> Peter/Leon,
>> 
>> I'm planning for my future releases, and, to avoid incompatible versions, I 
>> would like to help with the semihosting configuration issue, to speed up 
>> things. is there any chance to close this issue in the near future?
> 
> I'm hoping so :) I'm holding up UHI patches respin until we resolve this.

how do you suggest we should proceed?

>> we currently have two solutions:
>> 
>> - multiple: --semihosting-config arg="..." 
>> - a single option, placed at the end, and followed by any number of 
>> arguments: --semihosting-cmdline $@ \n
>> 
>> both can generate the array of args required by UHI and both can pass args 
>> with spaces.
>> 
>> the second one is more scripting friendly, and is somehow in the spirit of 
>> other unix programs that need to pass such arguments.
> 
> I don't have a strong preference here, but I think I would be leaning
> towards the second one as it just looks better. On the other hand it
> reserves the last position in the QEMU command line, which I'm not sure
> if can become a problem at some point?

do you have anything specific in mind? I don't know qemu very well, but apart 
from setting semihosting and kernel args, I doubt there are other use cases to 
require variable number of arguments. 


regards,

Liviu

Re: [Qemu-devel] [PATCH] qmp-commands: fix incorrect uses of ":O" specifier

[Alberto Garcia]

On Wed 15 Apr 2015 01:30:04 PM CEST, Paolo Bonzini wrote:

> As far as the QMP parser is concerned, neither the 'O' nor the 'q'
> format specifiers put any constraint on the command.  However, there
> are two differences:
>
> 1) from a documentation point of view 'O' says that this command takes
> a dictionary.  The dictionary will be converted to QemuOpts in the
> handler to match the corresponding HMP command.

Is that documentation the comments in monitor.c? It could also be a good
moment to document there 'q' as well.

Otherwise the patch looks good to me,

Reviewed-by: Alberto Garcia 

Berto

Re: [Qemu-devel] [PATCH] qmp-commands: fix incorrect uses of ":O" specifier

[Paolo Bonzini]

On 15/04/2015 14:18, Alberto Garcia wrote:
> On Wed 15 Apr 2015 01:30:04 PM CEST, Paolo Bonzini wrote:
> 
>> As far as the QMP parser is concerned, neither the 'O' nor the 'q'
>> format specifiers put any constraint on the command.  However, there
>> are two differences:
>>
>> 1) from a documentation point of view 'O' says that this command takes
>> a dictionary.  The dictionary will be converted to QemuOpts in the
>> handler to match the corresponding HMP command.
> 
> Is that documentation the comments in monitor.c? It could also be a good
> moment to document there 'q' as well.

No, I mean what you can learn by parsing the .args_type line.

'foo:O' means there will typically be no argument named foo, and the
dictionary will be treated as a series of key/value pairs.

'foo:q' means there will be an argument named foo, which is a JSON
object of some kind.

Paolo

> Otherwise the patch looks good to me,
> 
> Reviewed-by: Alberto Garcia 
> 
> Berto
> 

Re: [Qemu-devel] [RFC PATCH] vl.c: add -semihosting-config "arg" sub-argument

[Leon Alrae]

On 15/04/2015 13:06, Liviu Ionescu wrote:
> 
>> On 15 Apr 2015, at 14:53, Leon Alrae  wrote:
>>
>> On 15/04/2015 10:09, Liviu Ionescu wrote:
>>> Peter/Leon,
>>>
>>> I'm planning for my future releases, and, to avoid incompatible versions, I 
>>> would like to help with the semihosting configuration issue, to speed up 
>>> things. is there any chance to close this issue in the near future?
>>
>> I'm hoping so :) I'm holding up UHI patches respin until we resolve this.
> 
> how do you suggest we should proceed?

If there aren't any objections for the proposed solution, then let's
just cook up the patch. It would be nice to get ACK/NACK from Peter as
initially it was suggested to avoid adding top level arguments.
But I think there were reasonable enough arguments for having top level
--semihosting-cmdline placed at the end of command line.

> 
>>> we currently have two solutions:
>>>
>>> - multiple: --semihosting-config arg="..." 
>>> - a single option, placed at the end, and followed by any number of 
>>> arguments: --semihosting-cmdline $@ \n
>>>
>>> both can generate the array of args required by UHI and both can pass args 
>>> with spaces.
>>>
>>> the second one is more scripting friendly, and is somehow in the spirit of 
>>> other unix programs that need to pass such arguments.
>>
>> I don't have a strong preference here, but I think I would be leaning
>> towards the second one as it just looks better. On the other hand it
>> reserves the last position in the QEMU command line, which I'm not sure
>> if can become a problem at some point?
> 
> do you have anything specific in mind? I don't know qemu very well, but apart 
> from setting semihosting and kernel args, I doubt there are other use cases 
> to require variable number of arguments. 

No, I don't.

Leon

Re: [Qemu-devel] [PULL 1/1] fw_cfg: add documentation file (docs/specs/fw_cfg.txt)

[Gabriel L. Somlo]

Hi Eric,

On Tue, Apr 14, 2015 at 06:29:45AM -0600, Eric Blake wrote:
> On 04/14/2015 05:27 AM, Gerd Hoffmann wrote:
> > From: "Gabriel L. Somlo" 
> > 
> > This document covers the guest-side hardware interface, as
> > well as the host-side programming API of QEMU's firmware
> > configuration (fw_cfg) device.
> > 
> > Signed-off-by: Jordan Justen 
> > Signed-off-by: Gabriel Somlo 
> > Reviewed-by: Laszlo Ersek 
> > Signed-off-by: Gerd Hoffmann 
> > ---
> 
> No explicit copyright, so it inherits the default GPLv2+ from the top
> level.  I've been encouraging new documents to include explicit
> copyright/license for the avoidance of doubt, where it makes sense.

This started out with Jordan's 2011 patch:

http://lists.gnu.org/archive/html/qemu-devel/2011-04/msg00238.html

which I picked up and re-submitted with some moderate editing to
bring it in line with the current state of fw_cfg, work in lots of
good suggestions from Laszlo, add documentation for the host-side
API, etc.

The original patch didn't have a copyright line either, so at this
point I believe the default is preferable (path of least resistance).

Alternatively, if Jordan would like to add a copyright line to the
top of the file (as the original author), I have no problem with that
whatsoever.

Thanks much,
--Gabriel

Re: [Qemu-devel] [Spice-devel] [PATCH] spice: fix simple display on bigendian hosts

[Denis Kirjanov]

On 4/15/15, Gerd Hoffmann  wrote:
> On Di, 2015-04-14 at 17:47 +0300, Denis Kirjanov wrote:
>> On 4/14/15, Denis Kirjanov  wrote:
>> > On 4/14/15, Denis Kirjanov  wrote:
>> >> On 4/14/15, Gerd Hoffmann  wrote:
>> >>> Denis Kirjanov is busy getting spice run on ppc64 and trapped into
>> >>> this
>> >>> one.  Spice wire format is little endian, so we have to explicitly
>> >>> say
>> >>> we want little endian when letting pixman convert the data for us.
>> >>>
>> >>> Reported-by: Denis Kirjanov 
>> >>> Signed-off-by: Gerd Hoffmann 
>> >>> ---
>> >> Yeah, that fixes the issue. Thanks Gerd!
>> >
>> > Looks like that the patch fixes the half of the problem: the inverted
>> > colors appear on client reconnect to vm
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x74e10258 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libpixman-1.so.0
>> (gdb) bt
>> #0  0x74e10258 in ?? () from
>> /usr/lib/x86_64-linux-gnu/libpixman-1.so.0
>> #1  0x74e10239 in pixman_image_unref () from
>> /usr/lib/x86_64-linux-gnu/libpixman-1.so.0
>> #2  0x778e4117 in canvas_get_quic
>> (canvas=canvas@entry=0x7ceb80, image=image@entry=0xae2720,
>> want_original=want_original@entry=0) at
>> ../spice-common/common/canvas_base.c:390
>
> spice client crash?
> is this spice client running on big endian or little endian machine?

it's running on x86_64 as shown in the stack trace.

> cheers,
>   Gerd
>
>
>


-- 
Regards,
Denis

Re: [Qemu-devel] [PATCH RFC 19/19] qapi: New QMP command query-schema for QMP schema introspection

[Eric Blake]

On 04/15/2015 03:16 AM, Alberto Garcia wrote:
> On Sat 11 Apr 2015 01:06:58 AM CEST, Eric Blake  wrote:
> 
>>> +{ 'type': 'SchemaInfoEnum',
>>> +  'data': { 'values': ['str'] } }
>>
>> At one point, one thread suggested that we might want to allow QAPI to
>> support enums with fixed values, as in:
>>
>> 'data': [ {'one': 1}, {'three': 3} ]
> 
> Out of curiosity, what's the use case for that?

If we add that extension, it will allow the creation of C enums with
specific values, rather than defaulting to consecutive initialization
from 0.

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org

[Qemu-devel] virtio-blk and virtio-scsi performance comparison

[Konstantin Krotov]

Hello list!

I performed tests with fio and obtained results:

*** virtio-scsi with cache=none, io=threads, blok device is md-device 
from mdadm raid1, random r/w, 32 thread from guest (debian, kernel 3.16):


fio fio1
readtest: (g=0): rw=randrw, bs=4K-4K/4K-4K/4K-4K, ioengine=libaio, 
iodepth=32

fio-2.1.11
Starting 1 process
Jobs: 1 (f=1): [m(1)] [100.0% done] [126.2MB/125.1MB/0KB /s] 
[32.3K/32.3K/0 iops] [eta 00m:00s]

readtest: (groupid=0, jobs=1): err= 0: pid=707: Wed Apr  8 07:35:01 2015
  read : io=5117.4MB, bw=125830KB/s, iops=31457, runt= 41645msec
slat (usec): min=4, max=343, avg=11.45, stdev=10.24
clat (usec): min=104, max=16667, avg=484.09, stdev=121.96
 lat (usec): min=112, max=16672, avg=495.90, stdev=123.67
clat percentiles (usec):
 |  1.00th=[  302],  5.00th=[  346], 10.00th=[  374], 20.00th=[  406],
 | 30.00th=[  426], 40.00th=[  446], 50.00th=[  462], 60.00th=[  482],
 | 70.00th=[  506], 80.00th=[  540], 90.00th=[  596], 95.00th=[  732],
 | 99.00th=[  948], 99.50th=[  996], 99.90th=[ 1176], 99.95th=[ 1240],
 | 99.99th=[ 1384]
bw (KB  /s): min=67392, max=135216, per=99.99%, avg=125813.01, 
stdev=12524.05

  write: io=5114.7MB, bw=125763KB/s, iops=31440, runt= 41645msec
slat (usec): min=4, max=388, avg=11.85, stdev=10.47
clat (usec): min=147, max=8968, avg=505.23, stdev=127.40
 lat (usec): min=155, max=8973, avg=517.45, stdev=128.97
clat percentiles (usec):
 |  1.00th=[  334],  5.00th=[  370], 10.00th=[  394], 20.00th=[  426],
 | 30.00th=[  446], 40.00th=[  462], 50.00th=[  478], 60.00th=[  498],
 | 70.00th=[  524], 80.00th=[  556], 90.00th=[  628], 95.00th=[  756],
 | 99.00th=[  988], 99.50th=[ 1064], 99.90th=[ 1288], 99.95th=[ 1368],
 | 99.99th=[ 2224]
bw (KB  /s): min=67904, max=136384, per=99.99%, avg=125746.89, 
stdev=12449.56

lat (usec) : 250=0.05%, 500=64.27%, 750=30.80%, 1000=4.20%
lat (msec) : 2=0.67%, 4=0.01%, 10=0.01%, 20=0.01%
  cpu  : usr=18.03%, sys=76.42%, ctx=26617, majf=0, minf=7
  IO depths: 1=0.1%, 2=0.1%, 4=0.1%, 8=0.1%, 16=0.1%, 32=100.0%, 
>=64=0.0%
 submit: 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, 
>=64=0.0%
 complete  : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.1%, 64=0.0%, 
>=64=0.0%

 issued: total=r=1310044/w=1309348/d=0, short=r=0/w=0/d=0
 latency   : target=0, window=0, percentile=100.00%, depth=32

Run status group 0 (all jobs):
   READ: io=5117.4MB, aggrb=125829KB/s, minb=125829KB/s, 
maxb=125829KB/s, mint=41645msec, maxt=41645msec
  WRITE: io=5114.7MB, aggrb=125762KB/s, minb=125762KB/s, 
maxb=125762KB/s, mint=41645msec, maxt=41645msec


Disk stats (read/write):
  sda: ios=1302885/1302192, merge=55/0, ticks=281040/321660, 
in_queue=601264, util=99.29%



same guest,
*** virtio-blk with cache=none, io=threads, blok device is md-device 
from mdadm raid1, random r/w, 32 thread from guest (debian, kernel 3.16):


 fio fio1
readtest: (g=0): rw=randrw, bs=4K-4K/4K-4K/4K-4K, ioengine=libaio, 
iodepth=32

fio-2.1.11
Starting 1 process
Jobs: 1 (f=1): [m(1)] [100.0% done] [123.7MB/123.3MB/0KB /s] 
[31.7K/31.6K/0 iops] [eta 00m:00s]

readtest: (groupid=0, jobs=1): err= 0: pid=810: Wed Apr  8 07:26:37 2015
  read : io=5117.4MB, bw=148208KB/s, iops=37051, runt= 35357msec
slat (usec): min=2, max=2513, avg= 7.27, stdev=10.28
clat (usec): min=104, max=10716, avg=382.30, stdev=113.38
 lat (usec): min=108, max=10719, avg=389.94, stdev=115.48
clat percentiles (usec):
 |  1.00th=[  215],  5.00th=[  249], 10.00th=[  270], 20.00th=[  298],
 | 30.00th=[  318], 40.00th=[  338], 50.00th=[  358], 60.00th=[  386],
 | 70.00th=[  418], 80.00th=[  462], 90.00th=[  516], 95.00th=[  572],
 | 99.00th=[  756], 99.50th=[  820], 99.90th=[  996], 99.95th=[ 1176],
 | 99.99th=[ 2256]
bw (KB  /s): min=119296, max=165456, per=99.94%, avg=148124.33, 
stdev=11834.17

  write: io=5114.7MB, bw=148129KB/s, iops=37032, runt= 35357msec
slat (usec): min=2, max=2851, avg= 7.55, stdev=10.53
clat (usec): min=172, max=11080, avg=461.92, stdev=137.02
 lat (usec): min=178, max=11086, avg=469.86, stdev=138.05
clat percentiles (usec):
 |  1.00th=[  278],  5.00th=[  318], 10.00th=[  338], 20.00th=[  366],
 | 30.00th=[  390], 40.00th=[  414], 50.00th=[  438], 60.00th=[  466],
 | 70.00th=[  494], 80.00th=[  532], 90.00th=[  604], 95.00th=[  716],
 | 99.00th=[  900], 99.50th=[  980], 99.90th=[ 1336], 99.95th=[ 1704],
 | 99.99th=[ 3408]
bw (KB  /s): min=119656, max=166680, per=99.93%, avg=148029.21, 
stdev=11824.30

lat (usec) : 250=2.71%, 500=77.22%, 750=17.60%, 1000=2.21%
lat (msec) : 2=0.24%, 4=0.02%, 10=0.01%, 20=0.01%
  cpu  : usr=27.92%, sys=55.44%, ctx=91283, majf=0, minf=7
  IO depths: 1=0.1%, 2=0.1%, 4=0.1%, 8=0.1%, 16=0.1%, 32=100.0%, 
>=64=0.0%
 submit: 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32=0.0%, 64=0.0%, 
>=64=0.0%
 complete  : 0=0.0%, 4=100.0%, 8=0.0%, 16=0.0%, 32

[Qemu-devel] [PATCH] migration: avoid divide by zero in xbzrle cache miss rate

[Michael Chapman]

This bug manifested itself as a VM that could not be resumed by libvirt
following a migration:

  # virsh resume example
  error: Failed to resume domain example
  error: internal error: cannot parse json {"return":
{"xbzrle-cache":
  {..., "cache-miss-rate": -nan, ...},
  ...
}
  }: lexical error: malformed number, a digit is required after the minus sign.

This patch also ensures xbzrle_cache_miss_prev and iterations_prev are
cleared at the start of the migration.

Signed-off-by: Michael Chapman 
---
 arch_init.c | 8 +---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch_init.c b/arch_init.c
index 4c8fcee..ca45c7a 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -520,12 +520,16 @@ static void migration_bitmap_sync_range(ram_addr_t start, 
ram_addr_t length)
 static int64_t start_time;
 static int64_t bytes_xfer_prev;
 static int64_t num_dirty_pages_period;
+static uint64_t xbzrle_cache_miss_prev;
+static uint64_t iterations_prev;
 
 static void migration_bitmap_sync_init(void)
 {
 start_time = 0;
 bytes_xfer_prev = 0;
 num_dirty_pages_period = 0;
+xbzrle_cache_miss_prev = 0;
+iterations_prev = 0;
 }
 
 /* Called with iothread lock held, to protect ram_list.dirty_memory[] */
@@ -536,8 +540,6 @@ static void migration_bitmap_sync(void)
 MigrationState *s = migrate_get_current();
 int64_t end_time;
 int64_t bytes_xfer_now;
-static uint64_t xbzrle_cache_miss_prev;
-static uint64_t iterations_prev;
 
 bitmap_sync_count++;
 
@@ -585,7 +587,7 @@ static void migration_bitmap_sync(void)
  mig_throttle_on = false;
 }
 if (migrate_use_xbzrle()) {
-if (iterations_prev != 0) {
+if (iterations_prev != acct_info.iterations) {
 acct_info.xbzrle_cache_miss_rate =
(double)(acct_info.xbzrle_cache_miss -
 xbzrle_cache_miss_prev) /
-- 
2.1.0

[Qemu-devel] Inter-guest communication using VirtIO

[Mauricio Vásquez]

Hi all,

I'm trying to realize if there is an implementation of direct
Inter-guest network communication using VirtIO for QEMU/KVM. I found
that there is an implementation for lguest
http://lists.ozlabs.org/pipermail/lguest/2008-March/001064.html and
somebody already discussed something similar here
https://lists.nongnu.org/archive/html/qemu-devel/2014-06/msg02534.html
but I can not understand if finally somebody implemented it or not.

Thank you very much.

Re: [Qemu-devel] glusterfs-api.pc versioning breaks QEMU

[Niels de Vos]

On Thu, Apr 09, 2015 at 06:12:38PM +0200, Andreas Färber wrote:
> Hello,

Hi!

Sorry for the late response, I'm travelling and have a rather full
agenda.

> Testing QEMU v2.3.0-rc2, I have run into QEMU's glusterfs support being
> broken on openSUSE Tumbleweed, resulting in its configure complaining:
> 
> [   76s] ERROR: User requested feature GlusterFS backend support
> [   76s]configure was not able to find it.
> [   76s]Install glusterfs-api devel >= 3
> 
> What our configure is doing is
>  pkg-config --atleast-version=3 glusterfs-api
> on success followed by
>  pkg-config --atleast-version=5 glusterfs-api
> and
>  pkg-config --atleast-version=6 glusterfs-api
> 
> Here's a short overview of the glusterfs-api.pc versions:
> 
> release-3.4: "Version: 4"
> 
> v3.5.0..v3.5.3: "Version: 6"
> v3.5.4beta1 and release-3.5: "Version: 4.${PACKAGE_VERSION}"
> 
> v3.6.0: "Version: 7.0.0"
> v3.6.1: "Version: 0.0.0"
> v3.6.2..v3.6.3beta2 and release-3.6: "Version: 4.${PACKAGE_VERSION}"
> 
> So, both 3.5 and 3.6 series have gone backwards in their version
> compared to released versions and are thus not backwards-compatible,
> unlike what the commit message claims.

Oh, wow, that is a major mistake we made. I suspect that the original
solution was proposed for 3.4 and we incorrectly forwarde ported it :-/

Our tests were done with Samba, and they did not hit this problem.
Obviously they do not use any newer functions (yet). I was not aware
that QEMU did update their support for Gluster with newer releases.

> openSUSE 13.1 and 13.2 and reportedly Fedora 21 are still at versions
> with "Version: 6", so not yet affected. openSUSE Tumbleweed is still at
> v3.6.1 (with 3 > 0.0.0), but even once I get it updated to v3.6.2 the
> checks for versions 5 and 6 would still fail, disabling features.
> 
> Naively I would consider versions jumping backwards a bug in glusterfs,
> so I wonder why you chose 4.* and not 6.* and 7.* respectively.

This definitely is a bug on our side, I've just filed them in our
Bugzilla and will send patches later today. You can follow progress
here:

https://bugzilla.redhat.com/showdependencytree.cgi?id=1211836

> How do you expect this to be handled by packages such as QEMU?

glusterfs-3.5.x should have glusterfs-api version 5.3.5.x
glusterfs-3.6.x should have glusterfs-api version 6.3.6.x
glusterfs-3.7.x should have glusterfs-api version 7.3.7.x
glusterfs/master should have glusterfs-api version 7.x.y.z

libgfapi provides versioned symbols, the .so will always stay at version
0 so that applications using libgfapi do not need a recompile when we
add more functionlity.

I'm sorry for the breakage, and hope to have it rectified in the next
updates that come out for the different versions. For now, you should be
able to either patch the QEMU dependency, or your glusterfs-api.pc
according to the above scheme.

Let me know if you spot any issues with this approach, I'm open for
suggestions.

Thanks,
Niels

Re: [Qemu-devel] [v7][PATCH 03/10] piix: create host bridge to passthrough

[eraul_cn]

Chen, Tiejun wrote
> +/* Here we just expose minimal host bridge offset subset. */
> +static const IGDHostInfo igd_host_bridge_infos[] = {
> +{0x08, 2},  /* revision id */
> +{0x2c, 2},  /* sybsystem vendor id */
> +{0x2e, 2},  /* sybsystem id */
> +{0x50, 2},  /* SNB: processor graphics control register */
> +{0x52, 2},  /* processor graphics control register */
> +{0xa4, 4},  /* SNB: graphics base of stolen memory */
> +{0xa8, 4},  /* SNB: base of GTT stolen memory */
> +};
> +

I tested this patch and found that the registers 0xa0(top of memory) and
0xb0(ILK: BSM) were necessary for Win XP. Both of them are 4 bytes.



Chen, Tiejun wrote
> +static int igd_pt_i440fx_initfn(struct PCIDevice *pci_dev)
> +{
> +uint32_t val = 0;
> +int rc, i, num;
> +int pos, len;
> +
> +num = ARRAY_SIZE(igd_host_bridge_infos);
> +for (i = 0; i < num; i++) {
> +pos = igd_host_bridge_infos[i].offset;
> +len = igd_host_bridge_infos[i].len;
> +rc = host_pci_config_read(pos, len, val);

Here, when we call function host_pci_config_read, the parameter val is
passed by value not address, so the value of val will not be changed after
call host_pci_config_read. So I think host_pci_config_read need update and
the third parameter should be an address.

Thanks



--
View this message in context: 
http://qemu.11.n7.nabble.com/v7-PATCH-00-10-xen-add-Intel-IGD-passthrough-support-tp319698p323854.html
Sent from the Developer mailing list archive at Nabble.com.

Re: [Qemu-devel] [PATCH v2] qemu-config: Accept empty option values

[Eric Blake]

On 04/15/2015 05:59 AM, Eduardo Habkost wrote:
> Currently it is impossible to set an option in a config file to an empty
> string, because the parser matches only lines containing non-empty
> strings between double-quotes.
> 
> As sscanf() "[" conversion specifier only matches non-empty strings, add
> a special case for empty strings.
> 
> Signed-off-by: Eduardo Habkost 
> ---
> Changes v1 -> v2:
> * Move value[0]='\0' assignment outside if condition. Nobody seemed
>   to like the comma operator usage in v1 (including myself), and then I
>   noticed that it was also making checkpatch.pl sad.
> ---
>  util/qemu-config.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Reviewed-by: Eric Blake 

> 
> diff --git a/util/qemu-config.c b/util/qemu-config.c
> index 2d32ce7..a393a3d 100644
> --- a/util/qemu-config.c
> +++ b/util/qemu-config.c
> @@ -413,7 +413,9 @@ int qemu_config_parse(FILE *fp, QemuOptsList **lists, 
> const char *fname)
>  opts = qemu_opts_create(list, NULL, 0, &error_abort);
>  continue;
>  }
> -if (sscanf(line, " %63s = \"%1023[^\"]\"", arg, value) == 2) {
> +value[0] = '\0';
> +if (sscanf(line, " %63s = \"%1023[^\"]\"", arg, value) == 2 ||
> +sscanf(line, " %63s = \"\"", arg) == 1) {
>  /* arg = value */
>  if (opts == NULL) {
>  error_report("no group defined");
> 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] block: document block-stream in qmp-commands.hx

[Eric Blake]

On 04/15/2015 04:43 AM, Stefan Hajnoczi wrote:
> The 'block-stream' QMP command is documented in block-core.json but not
> qmp-commands.hx.  Add a summary of the command to qmp-commands.hx
> (similar to the documentation for 'block-commit').
> 
> Reported-by: Kashyap Chamarthy 
> Signed-off-by: Stefan Hajnoczi 
> ---
>  qmp-commands.hx | 37 +
>  1 file changed, 37 insertions(+)

Reviewed-by: Eric Blake 

-- 
Eric Blake   eblake redhat com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] block: document block-stream in qmp-commands.hx

[Max Reitz]

On 15.04.2015 12:43, Stefan Hajnoczi wrote:

The 'block-stream' QMP command is documented in block-core.json but not
qmp-commands.hx.  Add a summary of the command to qmp-commands.hx
(similar to the documentation for 'block-commit').

Reported-by: Kashyap Chamarthy 
Signed-off-by: Stefan Hajnoczi 
---
  qmp-commands.hx | 37 +
  1 file changed, 37 insertions(+)

diff --git a/qmp-commands.hx b/qmp-commands.hx
index 3a42ad0..7a745ed 100644
--- a/qmp-commands.hx
+++ b/qmp-commands.hx
@@ -1008,6 +1008,43 @@ EQMP
  .mhandler.cmd_new = qmp_marshal_input_block_stream,
  },
  
+SQMP

+block-stream
+
+
+Copy data from a backing file into a block device.


It looks like you stopped just copy-pasting the information from 
block-core.json here...



+
+Arguments:
+
+- "device": The device's ID, must be unique (json-string)


...instead sometimes copying it from block-commit...


+- "base": The file name of the backing image above which copying starts
+  (json-string, optional)


...or creating new descriptions...


+- "backing-file": The backing file string to write into the active layer. This
+  filename is not validated.


...and then you are continuing copying the block-core.json entry.

Is there a reason why you didn't just take all of the block-core.json 
comment and put it here? (just curious)


Reviewed-by: Max Reitz 


+
+  If a pathname string is such that it cannot be resolved by
+  QEMU, that means that subsequent QMP or HMP commands must use
+  node-names for the image in question, as filename lookup
+  methods will fail.
+
+  If not specified, QEMU will automatically determine the
+  backing file string to use, or error out if there is no
+  obvious choice.  Care should be taken when specifying the
+  string, to specify a valid filename or protocol.
+  (json-string, optional) (Since 2.1)
+- "speed":  the maximum speed, in bytes per second (json-int, optional)
+- "on-error": the action to take on an error (default 'report').  'stop' and
+  'enospc' can only be used if the block device supports io-status.
+  (json-string, optional) (Since 2.1)
+
+Example:
+
+-> { "execute": "block-stream", "arguments": { "device": "virtio0",
+   "base": "/tmp/master.qcow2" } }
+<- { "return": {} }
+
+EQMP
+
  {
  .name   = "block-commit",
  .args_type  = "device:B,base:s?,top:s?,backing-file:s?,speed:o?",

Re: [Qemu-devel] [PATCH 3/3] block: add 'node-name' field to BLOCK_IMAGE_CORRUPTED

[Max Reitz]

On 08.04.2015 11:29, Alberto Garcia wrote:

Since this event can occur in nodes that cannot have a device name
associated, include also a field with the node name.

Signed-off-by: Alberto Garcia 
---
  block/qcow2.c   |  8 ++--
  docs/qmp/qmp-events.txt | 21 +
  qapi/block-core.json| 17 +++--
  3 files changed, 30 insertions(+), 16 deletions(-)


Reviewed-by: Max Reitz 

[Qemu-devel] [PATCH v5 09/20] hw/arm/virt-acpi-build: Generate GTDT table

[Shannon Zhao]

From: Shannon Zhao 

ACPI v5.1 defines GTDT for ARM devices as a place to describe timer
related information in the system. The Arch Timer interrupts must
be provided for GTDT.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt-acpi-build.c| 30 ++
 include/hw/acpi/acpi-defs.h | 37 +
 2 files changed, 67 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 94cced0..7d37357 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -160,6 +160,33 @@ static void acpi_dsdt_add_virtio(Aml *scope, const MemMap 
*virtio_mmio_memmap,
 }
 }
 
+/* GTDT */
+static void
+build_gtdt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
+{
+int gtdt_start = table_data->len;
+const struct AcpiGtdtInfo *info = guest_info->gtdt_info;
+AcpiGenericTimerTable *gtdt;
+
+gtdt = acpi_data_push(table_data, sizeof *gtdt);
+/* The interrupt values are the same with the device tree when adding 16 */
+gtdt->secure_el1_interrupt = info->timer_s_el1;
+gtdt->secure_el1_flags = ACPI_EDGE_SENSITIVE;
+
+gtdt->non_secure_el1_interrupt = info->timer_ns_el1;
+gtdt->non_secure_el1_flags = ACPI_EDGE_SENSITIVE;
+
+gtdt->virtual_timer_interrupt = info->timer_virt;
+gtdt->virtual_timer_flags = ACPI_EDGE_SENSITIVE;
+
+gtdt->non_secure_el2_interrupt = info->timer_ns_el2;
+gtdt->non_secure_el2_flags = ACPI_EDGE_SENSITIVE;
+
+build_header(linker, table_data,
+ (void *)(table_data->data + gtdt_start), "GTDT",
+ table_data->len - gtdt_start, 1);
+}
+
 /* MADT */
 static void
 build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
@@ -302,6 +329,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_madt(tables_blob, tables->linker, guest_info, &cpuinfo);
 
+acpi_add_table(table_offsets, tables_blob);
+build_gtdt(tables_blob, tables->linker, guest_info);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index 4092dc3..7fc0870 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -321,6 +321,43 @@ struct AcpiMadtGenericDistributor {
 typedef struct AcpiMadtGenericDistributor AcpiMadtGenericDistributor;
 
 /*
+ * Generic Timer Description Table (GTDT)
+ */
+
+#define ACPI_GTDT_INTERRUPT_MODE(1 << 0)
+#define ACPI_GTDT_INTERRUPT_POLARITY(1 << 1)
+#define ACPI_GTDT_ALWAYS_ON (1 << 2)
+
+/* Triggering */
+
+#define ACPI_LEVEL_SENSITIVE((uint8_t) 0x00)
+#define ACPI_EDGE_SENSITIVE ((uint8_t) 0x01)
+
+/* Polarity */
+
+#define ACPI_ACTIVE_HIGH((uint8_t) 0x00)
+#define ACPI_ACTIVE_LOW ((uint8_t) 0x01)
+#define ACPI_ACTIVE_BOTH((uint8_t) 0x02)
+
+struct AcpiGenericTimerTable {
+ACPI_TABLE_HEADER_DEF
+uint64_t counter_block_addresss;
+uint32_t reserved;
+uint32_t secure_el1_interrupt;
+uint32_t secure_el1_flags;
+uint32_t non_secure_el1_interrupt;
+uint32_t non_secure_el1_flags;
+uint32_t virtual_timer_interrupt;
+uint32_t virtual_timer_flags;
+uint32_t non_secure_el2_interrupt;
+uint32_t non_secure_el2_flags;
+uint64_t counter_read_block_address;
+uint32_t platform_timer_count;
+uint32_t platform_timer_offset;
+} QEMU_PACKED;
+typedef struct AcpiGenericTimerTable AcpiGenericTimerTable;
+
+/*
  * HPET Description Table
  */
 struct Acpi20Hpet {
-- 
2.0.4

[Qemu-devel] [PATCH v5 10/20] hw/arm/virt-acpi-build: Generate RSDT table

[Shannon Zhao]

From: Shannon Zhao 

RSDT points to other tables FADT, MADT, GTDT. This code is shared with x86.

Here we still use RSDT as UEFI puts ACPI tables below 4G address space,
and UEFI ignore the RSDT or XSDT.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/acpi/aml-build.c | 24 
 hw/arm/virt-acpi-build.c|  3 +++
 hw/i386/acpi-build.c| 24 
 include/hw/acpi/aml-build.h |  2 ++
 4 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index babe4d6..b99bb13 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -1004,3 +1004,27 @@ void acpi_build_tables_cleanup(AcpiBuildTables *tables, 
bool mfre)
 g_array_free(tables->table_data, true);
 g_array_free(tables->tcpalog, mfre);
 }
+
+/* Build rsdt table */
+void
+build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets)
+{
+AcpiRsdtDescriptorRev1 *rsdt;
+size_t rsdt_len;
+int i;
+const int table_data_len = (sizeof(uint32_t) * table_offsets->len);
+
+rsdt_len = sizeof(*rsdt) + table_data_len;
+rsdt = acpi_data_push(table_data, rsdt_len);
+memcpy(rsdt->table_offset_entry, table_offsets->data, table_data_len);
+for (i = 0; i < table_offsets->len; ++i) {
+/* rsdt->table_offset_entry to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker,
+   ACPI_BUILD_TABLE_FILE,
+   ACPI_BUILD_TABLE_FILE,
+   table_data, 
&rsdt->table_offset_entry[i],
+   sizeof(uint32_t));
+}
+build_header(linker, table_data,
+ (void *)rsdt, "RSDT", rsdt_len, 1);
+}
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 7d37357..abe2abf 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -332,6 +332,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_gtdt(tables_blob, tables->linker, guest_info);
 
+/* RSDT is pointed to by RSDP */
+build_rsdt(tables_blob, tables->linker, table_offsets);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 7b5210e..a04bbe7 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1195,30 +1195,6 @@ build_dsdt(GArray *table_data, GArray *linker, 
AcpiMiscInfo *misc)
  misc->dsdt_size, 1);
 }
 
-/* Build final rsdt table */
-static void
-build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets)
-{
-AcpiRsdtDescriptorRev1 *rsdt;
-size_t rsdt_len;
-int i;
-
-rsdt_len = sizeof(*rsdt) + sizeof(uint32_t) * table_offsets->len;
-rsdt = acpi_data_push(table_data, rsdt_len);
-memcpy(rsdt->table_offset_entry, table_offsets->data,
-   sizeof(uint32_t) * table_offsets->len);
-for (i = 0; i < table_offsets->len; ++i) {
-/* rsdt->table_offset_entry to be filled by Guest linker */
-bios_linker_loader_add_pointer(linker,
-   ACPI_BUILD_TABLE_FILE,
-   ACPI_BUILD_TABLE_FILE,
-   table_data, 
&rsdt->table_offset_entry[i],
-   sizeof(uint32_t));
-}
-build_header(linker, table_data,
- (void *)rsdt, "RSDT", rsdt_len, 1);
-}
-
 static GArray *
 build_rsdp(GArray *rsdp_table, GArray *linker, unsigned rsdt)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 5b60744..d1b9fe7 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -268,5 +268,7 @@ unsigned acpi_data_len(GArray *table);
 void acpi_add_table(GArray *table_offsets, GArray *table_data);
 void acpi_build_tables_init(AcpiBuildTables *tables);
 void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre);
+void
+build_rsdt(GArray *table_data, GArray *linker, GArray *table_offsets);
 
 #endif
-- 
2.0.4

[Qemu-devel] [PATCH v5 11/20] hw/arm/virt-acpi-build: Generate RSDP table

[Shannon Zhao]

From: Shannon Zhao 

RSDP points to RSDT which in turn points to other tables.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/arm/virt-acpi-build.c | 35 ++-
 1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index abe2abf..aa4acc6 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -160,6 +160,35 @@ static void acpi_dsdt_add_virtio(Aml *scope, const MemMap 
*virtio_mmio_memmap,
 }
 }
 
+/* RSDP */
+static GArray *
+build_rsdp(GArray *rsdp_table, GArray *linker, unsigned rsdt)
+{
+AcpiRsdpDescriptor *rsdp = acpi_data_push(rsdp_table, sizeof *rsdp);
+
+bios_linker_loader_alloc(linker, ACPI_BUILD_RSDP_FILE, 16,
+ true /* fseg memory */);
+
+memcpy(&rsdp->signature, "RSD PTR ", sizeof(rsdp->signature));
+memcpy(rsdp->oem_id, ACPI_BUILD_APPNAME6, sizeof(rsdp->oem_id));
+rsdp->length = cpu_to_le32(sizeof(*rsdp));
+rsdp->revision = 0x02;
+
+/* Point to RSDT */
+rsdp->rsdt_physical_address = cpu_to_le32(rsdt);
+/* Address to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker, ACPI_BUILD_RSDP_FILE,
+   ACPI_BUILD_TABLE_FILE,
+   rsdp_table, &rsdp->rsdt_physical_address,
+   sizeof rsdp->rsdt_physical_address);
+rsdp->checksum = 0;
+/* Checksum to be filled by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_RSDP_FILE,
+rsdp, rsdp, sizeof *rsdp, &rsdp->checksum);
+
+return rsdp_table;
+}
+
 /* GTDT */
 static void
 build_gtdt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
@@ -296,7 +325,7 @@ static
 void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
 {
 GArray *table_offsets;
-unsigned dsdt;
+unsigned dsdt, rsdt;
 VirtAcpiCpuInfo cpuinfo;
 GArray *tables_blob = tables->table_data;
 
@@ -333,8 +362,12 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 build_gtdt(tables_blob, tables->linker, guest_info);
 
 /* RSDT is pointed to by RSDP */
+rsdt = tables_blob->len;
 build_rsdt(tables_blob, tables->linker, table_offsets);
 
+/* RSDP is in FSEG memory, so allocate it separately */
+build_rsdp(tables->rsdp, tables->linker, rsdt);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
-- 
2.0.4

[Qemu-devel] [PATCH v5 12/20] hw/arm/virt-acpi-build: Add PCIe info and generate MCFG table

[Shannon Zhao]

From: Shannon Zhao 

Add PCIe info struct, prepare for building PCIe table.
And generate MCFG table.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt-acpi-build.c | 21 +
 include/hw/arm/virt-acpi-build.h |  9 +
 2 files changed, 30 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index aa4acc6..85e8242 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -189,6 +189,24 @@ build_rsdp(GArray *rsdp_table, GArray *linker, unsigned 
rsdt)
 return rsdp_table;
 }
 
+static void
+build_mcfg(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
+{
+AcpiTableMcfg *mcfg;
+AcpiPcieInfo *info = guest_info->pcie_info;
+int len = sizeof(*mcfg) + sizeof(mcfg->allocation[0]);
+
+mcfg = acpi_data_push(table_data, len);
+mcfg->allocation[0].address = cpu_to_le64(info->pcie_ecam.addr);
+
+/* Only a single allocation so no need to play with segments */
+mcfg->allocation[0].pci_segment = cpu_to_le16(0);
+mcfg->allocation[0].start_bus_number = 0;
+mcfg->allocation[0].end_bus_number = info->nr_pcie_buses - 1;
+
+build_header(linker, table_data, (void *)mcfg, "MCFG", len, 1);
+}
+
 /* GTDT */
 static void
 build_gtdt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
@@ -361,6 +379,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_gtdt(tables_blob, tables->linker, guest_info);
 
+acpi_add_table(table_offsets, tables_blob);
+build_mcfg(tables_blob, tables->linker, guest_info);
+
 /* RSDT is pointed to by RSDP */
 rsdt = tables_blob->len;
 build_rsdt(tables_blob, tables->linker, table_offsets);
diff --git a/include/hw/arm/virt-acpi-build.h b/include/hw/arm/virt-acpi-build.h
index 8f0b4a7..572864a 100644
--- a/include/hw/arm/virt-acpi-build.h
+++ b/include/hw/arm/virt-acpi-build.h
@@ -52,6 +52,14 @@ typedef struct AcpiDsdtInfo {
 const MemMap *flash_memmap;
 } AcpiDsdtInfo;
 
+typedef struct AcpiPcieInfo {
+const int *pcie_irq;
+MemMap pcie_mmio;
+MemMap pcie_ioport;
+MemMap pcie_ecam;
+int nr_pcie_buses;
+} AcpiPcieInfo;
+
 typedef struct VirtGuestInfo {
 int smp_cpus;
 int max_cpus;
@@ -59,6 +67,7 @@ typedef struct VirtGuestInfo {
 AcpiMadtInfo *madt_info;
 AcpiDsdtInfo *dsdt_info;
 AcpiGtdtInfo *gtdt_info;
+AcpiPcieInfo *pcie_info;
 } VirtGuestInfo;
 
 
-- 
2.0.4

[Qemu-devel] [PATCH v5 13/20] hw/acpi/aml-build: Add ToUUID macro

[Shannon Zhao]

From: Shannon Zhao 

Add ToUUID macro, this is useful for generating PCIe ACPI table.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/acpi/aml-build.c | 40 
 include/hw/acpi/aml-build.h |  1 +
 2 files changed, 41 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index b99bb13..316d5a5 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -25,6 +25,7 @@
 #include 
 #include 
 #include "hw/acpi/aml-build.h"
+#include "qemu-common.h"
 #include "qemu/bswap.h"
 #include "qemu/bitops.h"
 #include "hw/acpi/bios-linker-loader.h"
@@ -948,6 +949,45 @@ Aml *aml_qword_memory(AmlDecode dec, AmlMinFixed min_fixed,
  addr_trans, len, flags);
 }
 
+/*
+ * ACPI 3.0: 17.5.124 ToUUID (Convert String to UUID Macro)
+ * e.g. UUID: E5C937D0-3553-4d7a-9117-EA4D19C3434D
+ * call aml_touuid("E5C937D0-3553-4d7a-9117-EA4D19C3434D");
+ */
+Aml *aml_touuid(const char *uuid)
+{
+int i;
+long int val;
+char *end;
+const char *start = uuid;
+Aml *UUID = aml_buffer();
+
+val = strtol(start, &end, 16);
+g_assert((end - start) == 8);
+build_append_int_noprefix(UUID->buf, val, 4);
+start = end + 1;
+val = strtol(start, &end, 16);
+g_assert((end - start) == 4);
+build_append_int_noprefix(UUID->buf, val, 2);
+start = end + 1;
+val = strtol(start, &end, 16);
+g_assert((end - start) == 4);
+build_append_int_noprefix(UUID->buf, val, 2);
+start = end + 1;
+val = strtol(start, &end, 16);
+g_assert((end - start) == 4);
+build_append_int_noprefix(UUID->buf, (val >> 8) & 0xFF, 1);
+build_append_int_noprefix(UUID->buf, val & 0xFF, 1);
+start = end + 1;
+val = strtol(start, &end, 16);
+g_assert((end - start) == 12);
+for (i = 40; i >= 0; i -= 8) {
+build_append_int_noprefix(UUID->buf, (val >> i) & 0xFF, 1);
+}
+
+return UUID;
+}
+
 void
 build_header(GArray *linker, GArray *table_data,
  AcpiTableHeader *h, const char *sig, int len, uint8_t rev)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index d1b9fe7..b41fd0c 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -259,6 +259,7 @@ Aml *aml_buffer(void);
 Aml *aml_resource_template(void);
 Aml *aml_field(const char *name, AmlFieldFlags flags);
 Aml *aml_varpackage(uint32_t num_elements);
+Aml *aml_touuid(const char *uuid);
 
 void
 build_header(GArray *linker, GArray *table_data,
-- 
2.0.4

[Qemu-devel] [PATCH v5 14/20] hw/acpi/aml-build: Add aml_or() term

[Shannon Zhao]

From: Shannon Zhao 

Add aml_or() term and expose build_append_int_noprefix
as it wiil be used by creating a buffer.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/acpi/aml-build.c | 12 +++-
 include/hw/acpi/aml-build.h |  2 ++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 316d5a5..cd4ffe2 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -242,7 +242,7 @@ static void build_extop_package(GArray *package, uint8_t op)
 build_prepend_byte(package, 0x5B); /* ExtOpPrefix */
 }
 
-static void build_append_int_noprefix(GArray *table, uint64_t value, int size)
+void build_append_int_noprefix(GArray *table, uint64_t value, int size)
 {
 int i;
 
@@ -456,6 +456,16 @@ Aml *aml_and(Aml *arg1, Aml *arg2)
 return var;
 }
 
+/* ACPI 1.0b: 16.2.5.4 Type 2 Opcodes Encoding: DefOr */
+Aml *aml_or(Aml *arg1, Aml *arg2)
+{
+Aml *var = aml_opcode(0x7D /* OrOp */);
+aml_append(var, arg1);
+aml_append(var, arg2);
+build_append_byte(var->buf, 0x00 /* NullNameOp */);
+return var;
+}
+
 /* ACPI 1.0b: 16.2.5.3 Type 1 Opcodes Encoding: DefNotify */
 Aml *aml_notify(Aml *arg1, Aml *arg2)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index b41fd0c..61c1a03 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -202,6 +202,7 @@ Aml *aml_int(const uint64_t val);
 Aml *aml_arg(int pos);
 Aml *aml_store(Aml *val, Aml *target);
 Aml *aml_and(Aml *arg1, Aml *arg2);
+Aml *aml_or(Aml *arg1, Aml *arg2);
 Aml *aml_notify(Aml *arg1, Aml *arg2);
 Aml *aml_call1(const char *method, Aml *arg1);
 Aml *aml_call2(const char *method, Aml *arg1, Aml *arg2);
@@ -260,6 +261,7 @@ Aml *aml_resource_template(void);
 Aml *aml_field(const char *name, AmlFieldFlags flags);
 Aml *aml_varpackage(uint32_t num_elements);
 Aml *aml_touuid(const char *uuid);
+void build_append_int_noprefix(GArray *table, uint64_t value, int size);
 
 void
 build_header(GArray *linker, GArray *table_data,
-- 
2.0.4

[Qemu-devel] [PATCH v5 16/20] hw/acpi/aml-build: Add aml_else() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/acpi/aml-build.c | 7 +++
 include/hw/acpi/aml-build.h | 1 +
 2 files changed, 8 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 139099f..179acda 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -634,6 +634,13 @@ Aml *aml_if(Aml *predicate)
 return var;
 }
 
+/* ACPI 1.0: 16.2.3 Operators: DefElse */
+Aml *aml_else(void)
+{
+Aml *var = aml_bundle(0xA1 /* ElseOp */, AML_PACKAGE);
+return var;
+}
+
 /* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: DefMethod */
 Aml *aml_method(const char *name, int arg_count)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 08b3fbd..c322d17 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -256,6 +256,7 @@ Aml *aml_scope(const char *name_format, ...) 
GCC_FMT_ATTR(1, 2);
 Aml *aml_device(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
 Aml *aml_method(const char *name, int arg_count);
 Aml *aml_if(Aml *predicate);
+Aml *aml_else(void);
 Aml *aml_package(uint8_t num_elements);
 Aml *aml_buffer(void);
 Aml *aml_resource_template(void);
-- 
2.0.4

[Qemu-devel] [PATCH v5 20/20] hw/arm/virt: Enable dynamic generation of ACPI v5.1 tables

[Shannon Zhao]

From: Shannon Zhao 

Expose the needed device information to the table generation
insfrastructure and register a machine_init_done notify to
call virt_acpi_build().

Add CONFIG_ACPI to arm-softmmu.mak.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 default-configs/arm-softmmu.mak  |  1 +
 default-configs/i386-softmmu.mak |  3 ++
 default-configs/mips-softmmu.mak |  3 ++
 default-configs/mips64-softmmu.mak   |  3 ++
 default-configs/mips64el-softmmu.mak |  3 ++
 default-configs/mipsel-softmmu.mak   |  3 ++
 default-configs/x86_64-softmmu.mak   |  3 ++
 hw/acpi/Makefile.objs|  5 ++-
 hw/arm/virt.c| 78 
 hw/i2c/Makefile.objs |  2 +-
 10 files changed, 94 insertions(+), 10 deletions(-)

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index a767e4b..74f1db3 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -101,3 +101,4 @@ CONFIG_ALLWINNER_A10=y
 CONFIG_XIO3130=y
 CONFIG_IOH3420=y
 CONFIG_I82801B11=y
+CONFIG_ACPI=y
diff --git a/default-configs/i386-softmmu.mak b/default-configs/i386-softmmu.mak
index 6a74e00..d2de500 100644
--- a/default-configs/i386-softmmu.mak
+++ b/default-configs/i386-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_CORE=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_IDE_ISA=y
diff --git a/default-configs/mips-softmmu.mak b/default-configs/mips-softmmu.mak
index cce2c81..c96d42d 100644
--- a/default-configs/mips-softmmu.mak
+++ b/default-configs/mips-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_CORE=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
diff --git a/default-configs/mips64-softmmu.mak 
b/default-configs/mips64-softmmu.mak
index 7a88a08..d229f9e 100644
--- a/default-configs/mips64-softmmu.mak
+++ b/default-configs/mips64-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_CORE=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
diff --git a/default-configs/mips64el-softmmu.mak 
b/default-configs/mips64el-softmmu.mak
index 095de43..ea31b8b 100644
--- a/default-configs/mips64el-softmmu.mak
+++ b/default-configs/mips64el-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_CORE=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
diff --git a/default-configs/mipsel-softmmu.mak 
b/default-configs/mipsel-softmmu.mak
index 0e25108..9a4462e 100644
--- a/default-configs/mipsel-softmmu.mak
+++ b/default-configs/mipsel-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_CORE=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_PIIX4=y
diff --git a/default-configs/x86_64-softmmu.mak 
b/default-configs/x86_64-softmmu.mak
index 46b87dd..11019b6 100644
--- a/default-configs/x86_64-softmmu.mak
+++ b/default-configs/x86_64-softmmu.mak
@@ -15,6 +15,9 @@ CONFIG_PCSPK=y
 CONFIG_PCKBD=y
 CONFIG_FDC=y
 CONFIG_ACPI=y
+CONFIG_ACPI_CORE=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_CPU_HOTPLUG=y
 CONFIG_APM=y
 CONFIG_I8257=y
 CONFIG_IDE_ISA=y
diff --git a/hw/acpi/Makefile.objs b/hw/acpi/Makefile.objs
index b9fefa7..511771a 100644
--- a/hw/acpi/Makefile.objs
+++ b/hw/acpi/Makefile.objs
@@ -1,5 +1,6 @@
-common-obj-$(CONFIG_ACPI) += core.o piix4.o ich9.o pcihp.o cpu_hotplug.o
-common-obj-$(CONFIG_ACPI) += memory_hotplug.o
+common-obj-$(CONFIG_ACPI_CORE) += core.o piix4.o ich9.o pcihp.o
+common-obj-$(CONFIG_ACPI_CPU_HOTPLUG) += cpu_hotplug.o
+common-obj-$(CONFIG_ACPI_MEMORY_HOTPLUG) += memory_hotplug.o
 common-obj-$(CONFIG_ACPI) += acpi_interface.o
 common-obj-$(CONFIG_ACPI) += bios-linker-loader.o
 common-obj-$(CONFIG_ACPI) += aml-build.o
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index b652b07..e968ad5 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -43,6 +43,7 @@
 #include "qemu/bitops.h"
 #include "qemu/error-report.h"
 #include "hw/pci-host/gpex.h"
+#include "hw/arm/virt-acpi-build.h"
 
 #define NUM_VIRTIO_TRANSPORTS 32
 
@@ -60,6 +61,11 @@
 #define GIC_FDT_IRQ_PPI_CPU_START 8
 #define GIC_FDT_IRQ_PPI_CPU_WIDTH 8
 
+#define ARCH_TIMER_VIRT_IRQ   11
+#define ARCH_TIMER_S_EL1_IRQ  13
+#define ARCH_TIMER_NS_EL1_IRQ 14
+#define ARCH_TIMER_NS_EL2_IRQ 10
+
 enum {
 VIRT_FLASH,
 VIRT_MEM,
@@ -149,6 +155,29 @@ static const int a15irqmap[] = {
 [VIRT_MMIO] = 16, /* ...to 16 + NUM_VIRTIO_TRANSPORTS - 1 */
 };
 
+static AcpiMadtInfo madt_info = {
+(MemMap *)&a15memmap[VIRT_GIC_CPU],
+(MemMap *)&a15memmap[VIRT_GIC_DIST]
+};
+
+static AcpiDsdtInfo dsdt_info = {
+(MemMap *)&a15memmap[VIRT_UART],
+   

[Qemu-devel] [PATCH v5 08/20] hw/arm/virt-acpi-build: Generate MADT table

[Shannon Zhao]

From: Shannon Zhao 

MADT describes GIC enabled ARM platforms. The GICC and GICD
subtables are used to define the GIC regions.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/arm/virt-acpi-build.c | 61 
 include/hw/acpi/acpi-defs.h  | 38 -
 include/hw/arm/virt-acpi-build.h |  2 ++
 3 files changed, 100 insertions(+), 1 deletion(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index c72a9c8..94cced0 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -50,6 +50,20 @@
 #include "qom/qom-qobject.h"
 #include "exec/ram_addr.h"
 
+typedef struct VirtAcpiCpuInfo {
+DECLARE_BITMAP(found_cpus, VIRT_ACPI_CPU_ID_LIMIT);
+} VirtAcpiCpuInfo;
+
+static void virt_acpi_get_cpu_info(VirtAcpiCpuInfo *cpuinfo)
+{
+CPUState *cpu;
+
+memset(cpuinfo->found_cpus, 0, sizeof cpuinfo->found_cpus);
+CPU_FOREACH(cpu) {
+set_bit(cpu->cpu_index, cpuinfo->found_cpus);
+}
+}
+
 static void acpi_dsdt_add_cpus(Aml *scope, int max_cpus)
 {
 uint16_t i;
@@ -146,6 +160,47 @@ static void acpi_dsdt_add_virtio(Aml *scope, const MemMap 
*virtio_mmio_memmap,
 }
 }
 
+/* MADT */
+static void
+build_madt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info,
+   VirtAcpiCpuInfo *cpuinfo)
+{
+int madt_start = table_data->len;
+const struct AcpiMadtInfo *info = guest_info->madt_info;
+AcpiMultipleApicTable *madt;
+AcpiMadtGenericDistributor *gicd;
+int i;
+
+madt = acpi_data_push(table_data, sizeof *madt);
+madt->local_apic_address = info->gic_cpu_memmap->addr;
+madt->flags = cpu_to_le32(1);
+
+for (i = 0; i < guest_info->max_cpus; i++) {
+AcpiMadtGenericInterrupt *gicc = acpi_data_push(table_data,
+ sizeof *gicc);
+gicc->type = ACPI_APIC_GENERIC_INTERRUPT;
+gicc->length = sizeof(*gicc);
+gicc->base_address = info->gic_cpu_memmap->addr;
+gicc->cpu_interface_number = i;
+gicc->arm_mpidr = i;
+gicc->uid = i;
+if (test_bit(i, cpuinfo->found_cpus)) {
+gicc->flags = cpu_to_le32(1);
+} else {
+gicc->flags = cpu_to_le32(0);
+}
+}
+
+gicd = acpi_data_push(table_data, sizeof *gicd);
+gicd->type = ACPI_APIC_GENERIC_DISTRIBUTOR;
+gicd->length = sizeof(*gicd);
+gicd->base_address = info->gic_dist_memmap->addr;
+
+build_header(linker, table_data,
+ (void *)(table_data->data + madt_start), "APIC",
+ table_data->len - madt_start, 1);
+}
+
 /* FADT */
 static void
 build_fadt(GArray *table_data, GArray *linker, unsigned dsdt)
@@ -215,8 +270,11 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 {
 GArray *table_offsets;
 unsigned dsdt;
+VirtAcpiCpuInfo cpuinfo;
 GArray *tables_blob = tables->table_data;
 
+virt_acpi_get_cpu_info(&cpuinfo);
+
 table_offsets = g_array_new(false, true /* clear */,
 sizeof(uint32_t));
 
@@ -241,6 +299,9 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
 acpi_add_table(table_offsets, tables_blob);
 build_fadt(tables_blob, tables->linker, dsdt);
 
+acpi_add_table(table_offsets, tables_blob);
+build_madt(tables_blob, tables->linker, guest_info, &cpuinfo);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index bac981d..4092dc3 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -236,7 +236,13 @@ typedef struct AcpiMultipleApicTable AcpiMultipleApicTable;
 #define ACPI_APIC_IO_SAPIC   6
 #define ACPI_APIC_LOCAL_SAPIC7
 #define ACPI_APIC_XRUPT_SOURCE   8
-#define ACPI_APIC_RESERVED   9   /* 9 and greater are reserved 
*/
+#define ACPI_APIC_LOCAL_X2APIC   9
+#define ACPI_APIC_LOCAL_X2APIC_NMI  10
+#define ACPI_APIC_GENERIC_INTERRUPT 11
+#define ACPI_APIC_GENERIC_DISTRIBUTOR   12
+#define ACPI_APIC_GENERIC_MSI_FRAME 13
+#define ACPI_APIC_GENERIC_REDISTRIBUTOR 14
+#define ACPI_APIC_RESERVED  15   /* 15 and greater are reserved */
 
 /*
  * MADT sub-structures (Follow MULTIPLE_APIC_DESCRIPTION_TABLE)
@@ -284,6 +290,36 @@ struct AcpiMadtLocalNmi {
 } QEMU_PACKED;
 typedef struct AcpiMadtLocalNmi AcpiMadtLocalNmi;
 
+struct AcpiMadtGenericInterrupt {
+ACPI_SUB_HEADER_DEF
+uint16_t reserved;
+uint32_t cpu_interface_number;
+uint32_t uid;
+uint32_t flags;
+uint32_t parking_version;
+uint32_t performance_interrupt;
+uint64_t parked_address;
+uint64_t base_address;
+uint64_t gicv_base_address;
+uint64_t gich_base_address;
+uint32_t vgic_interrupt;
+uint64_t gicr_base_address;
+uint64_t arm_mpidr;
+} QEMU_PACKED;
+

[Qemu-devel] [PATCH v5 15/20] hw/acpi/aml-build: Add aml_not() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/acpi/aml-build.c | 9 +
 include/hw/acpi/aml-build.h | 1 +
 2 files changed, 10 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index cd4ffe2..139099f 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -608,6 +608,15 @@ Aml *aml_irq_no_flags(uint8_t irq)
 return var;
 }
 
+/* ACPI 1.0: 16.2.3 Operators: DefLNot */
+Aml *aml_not(Aml *arg)
+{
+Aml *var = aml_opcode(0x92 /* LNotOp */);
+aml_append(var, arg);
+build_append_int(var->buf, 0x00); /* NullNameOp */
+return var;
+}
+
 /* ACPI 1.0b: 16.2.5.4 Type 2 Opcodes Encoding: DefLEqual */
 Aml *aml_equal(Aml *arg1, Aml *arg2)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 61c1a03..08b3fbd 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -224,6 +224,7 @@ Aml *aml_named_field(const char *name, unsigned length);
 Aml *aml_reserved_field(unsigned length);
 Aml *aml_local(int num);
 Aml *aml_string(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
+Aml *aml_not(Aml *arg);
 Aml *aml_equal(Aml *arg1, Aml *arg2);
 Aml *aml_processor(uint8_t proc_id, uint32_t pblk_addr, uint8_t pblk_len,
const char *name_format, ...) GCC_FMT_ATTR(4, 5);
-- 
2.0.4

[Qemu-devel] [PATCH v5 07/20] hw/arm/virt-acpi-build: Generate FADT table and update ACPI headers

[Shannon Zhao]

From: Shannon Zhao 

In the case of mach virt, it is used to set the Hardware Reduced bit
and enable PSCI SMP booting through HVC. So ignore FACS and FADT
points to DSDT.

Update the header definitions for FADT taking into account the new
additions of ACPI v5.1 in `include/hw/acpi/acpi-defs.h`

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt-acpi-build.c|  31 
 include/hw/acpi/acpi-defs.h | 115 ++--
 2 files changed, 109 insertions(+), 37 deletions(-)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index d044880..c72a9c8 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -146,6 +146,31 @@ static void acpi_dsdt_add_virtio(Aml *scope, const MemMap 
*virtio_mmio_memmap,
 }
 }
 
+/* FADT */
+static void
+build_fadt(GArray *table_data, GArray *linker, unsigned dsdt)
+{
+AcpiFadtDescriptorRev5_1 *fadt = acpi_data_push(table_data, sizeof(*fadt));
+
+/* Hardware Reduced = 1 and use PSCI 0.2+ and with HVC */
+fadt->flags = cpu_to_le32(1 << ACPI_FADT_F_HW_REDUCED_ACPI);
+fadt->arm_boot_flags = cpu_to_le16((1 << ACPI_FADT_ARM_USE_PSCI_G_0_2) |
+   (1 << ACPI_FADT_ARM_PSCI_USE_HVC));
+
+/* ACPI v5.1 (fadt->revision.fadt->minor_revision) */
+fadt->minor_revision = 0x1;
+
+fadt->dsdt = cpu_to_le32(dsdt);
+/* DSDT address to be filled by Guest linker */
+bios_linker_loader_add_pointer(linker, ACPI_BUILD_TABLE_FILE,
+   ACPI_BUILD_TABLE_FILE,
+   table_data, &fadt->dsdt,
+   sizeof fadt->dsdt);
+
+build_header(linker, table_data,
+ (void *)fadt, "FACP", sizeof(*fadt), 5);
+}
+
 /* DSDT */
 static void
 build_dsdt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
@@ -189,6 +214,7 @@ static
 void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
 {
 GArray *table_offsets;
+unsigned dsdt;
 GArray *tables_blob = tables->table_data;
 
 table_offsets = g_array_new(false, true /* clear */,
@@ -208,8 +234,13 @@ void virt_acpi_build(VirtGuestInfo *guest_info, 
AcpiBuildTables *tables)
  */
 
 /* DSDT is pointed to by FADT */
+dsdt = tables_blob->len;
 build_dsdt(tables_blob, tables->linker, guest_info);
 
+/* FADT MADT GTDT pointed to by RSDT */
+acpi_add_table(table_offsets, tables_blob);
+build_fadt(tables_blob, tables->linker, dsdt);
+
 /* Cleanup memory that's no longer used. */
 g_array_free(table_offsets, true);
 }
diff --git a/include/hw/acpi/acpi-defs.h b/include/hw/acpi/acpi-defs.h
index c4468f8..bac981d 100644
--- a/include/hw/acpi/acpi-defs.h
+++ b/include/hw/acpi/acpi-defs.h
@@ -88,46 +88,49 @@ struct AcpiTableHeader /* ACPI common table header 
*/
 typedef struct AcpiTableHeader AcpiTableHeader;
 
 /*
- * ACPI 1.0 Fixed ACPI Description Table (FADT)
+ * ACPI Fixed ACPI Description Table (FADT)
  */
+#define ACPI_FADT_COMMON_DEF /* FADT common definition */ \
+ACPI_TABLE_HEADER_DEF/* ACPI common table header */ \
+uint32_t firmware_ctrl;  /* Physical address of FACS */ \
+uint32_t dsdt;   /* Physical address of DSDT */ \
+uint8_t  model;  /* System Interrupt Model */ \
+uint8_t  reserved1;  /* Reserved */ \
+uint16_t sci_int;/* System vector of SCI interrupt */ \
+uint32_t smi_cmd;/* Port address of SMI command port */ \
+uint8_t  acpi_enable;/* Value to write to smi_cmd to enable 
ACPI */ \
+uint8_t  acpi_disable;   /* Value to write to smi_cmd to disable 
ACPI */ \
+uint8_t  S4bios_req; /* Value to write to SMI CMD to enter 
S4BIOS state */ \
+uint8_t  reserved2;  /* Reserved - must be zero */ \
+uint32_t pm1a_evt_blk;   /* Port address of Power Mgt 1a 
acpi_event Reg Blk */ \
+uint32_t pm1b_evt_blk;   /* Port address of Power Mgt 1b 
acpi_event Reg Blk */ \
+uint32_t pm1a_cnt_blk;   /* Port address of Power Mgt 1a Control 
Reg Blk */ \
+uint32_t pm1b_cnt_blk;   /* Port address of Power Mgt 1b Control 
Reg Blk */ \
+uint32_t pm2_cnt_blk;/* Port address of Power Mgt 2 Control 
Reg Blk */ \
+uint32_t pm_tmr_blk; /* Port address of Power Mgt Timer Ctrl 
Reg Blk */ \
+uint32_t gpe0_blk;   /* Port addr of General Purpose 
acpi_event 0 Reg Blk */ \
+uint32_t gpe1_blk;   /* Port addr of General Purpose 
acpi_event 1 Reg Blk */ \
+uint8_t  pm1_evt_len;/* Byte length of ports at pm1_x_evt_blk 
*/ \
+uint8_t  pm1_cnt_len;/* Byte length of ports at pm1_x_cnt_blk 
*/ \
+uint8_t  pm2_cnt_len;/* Byte Length of ports at pm2_cnt_blk */ 
\
+uint8_t  pm_tmr_len; /* Byte Length

[Qemu-devel] [PATCH v5 00/20] Generate ACPI v5.1 tables and expose them to guest over fw_cfg on ARM

[Shannon Zhao]

From: Shannon Zhao 

This patch series generate seven ACPI tables for machine virt on ARM.
The set of generated tables are:
- RSDP
- RSDT
- MADT
- GTDT
- FADT
- DSDT
- MCFG (For PCIe host bridge)

These tables are created dynamically using the function of aml-build.c,
taking into account the needed information passed from the virt machine model.
When the generation is finalized, it use fw_cfg to expose the tables to guest.

You can fetch this from following repo:
http://git.linaro.org/people/shannon.zhao/qemu.git  ACPI_ARM_v5

And this patchset refers to Alexander Spyridakis's patches which are sent to
qemu-devel mailing list before.
http://lists.gnu.org/archive/html/qemu-devel/2014-10/msg03987.html

Thanks to Laszlo's work on UEFI (ArmVirtualizationQemu) supporting downloading
ACPI tables over fw_cfg, we now can use ACPI in VM. I have done following vm
startup test and attach virtio-net-pci, e1000:

xp, windows2008, sles11 on X86
Fedora Linux kernel on ARM64

Note:
As upstream kernel doesn't support ACPI PCI host bridge on ARM64, so I use the
Fedora Linux kernel from following address:
https://git.fedorahosted.org/cgit/kernel-arm64.git/log/?h=devel

changes since v4:
  * use trace_* instead of DPRINTF (Igor & Alex)
  * use standard QEMU style for structs (Michael)
  * add "-no-acpi" option support for arm
  * use extractNN for bits operation (Alex)
  * use AmlReadAndWrite enum for rw flags (Igor)
  * s/uint64_t/uint32_t/ (Igor)
  * use enum for interrupt flag (Igor)
  * simplify aml_device use in DSDT (Alex)
  * share RSDT table generating code with x86 (Igor)
  * remove unnecessary 1 in MCFG table generating code (Alex & Peter)
  * use string for ToUUID macro (Igor)
  * aml_or and aml_and use two args (Igor)
  * add comments on UUID (Michael)
  * change PCI MMIO region non-cacheable (Peter)
  * fix wrong io map (Peter)
  * add several reviewed-by's from Alex, thanks

changes since v3:
  * rebase on upstream qemu
  * fix _HID of CPU (Heyi Guo)
  * Add PCIe host bridge

changes since v2:
  * rebase on Igor Mammedov's new branch ASL_API_v3
  * use rsdt instead of xsdt according to Igor Mammedov's suggestion

changes since v1:
  * fix bug found by Laszlo
  * move common helpers into dedictated file and change generating
table order according to Igor's comments
  * fix copyright and function name according to Michael's comments

Shannon Zhao (20):
  hw/i386: Move ACPI header definitions in an arch-independent location
  hw/i386/acpi-build: move generic acpi building helpers into dedictated
file
  hw/arm/virt-acpi-build: Basic framework for building ACPI tables on
ARM
  hw/acpi/aml-build: Add aml_memory32_fixed() term
  hw/acpi/aml-build: Add aml_interrupt() term
  hw/arm/virt-acpi-build: Generation of DSDT table for virt devices
  hw/arm/virt-acpi-build: Generate FADT table and update ACPI headers
  hw/arm/virt-acpi-build: Generate MADT table
  hw/arm/virt-acpi-build: Generate GTDT table
  hw/arm/virt-acpi-build: Generate RSDT table
  hw/arm/virt-acpi-build: Generate RSDP table
  hw/arm/virt-acpi-build: Add PCIe info and generate MCFG table
  hw/acpi/aml-build: Add ToUUID macro
  hw/acpi/aml-build: Add aml_or() term
  hw/acpi/aml-build: Add aml_not() term
  hw/acpi/aml-build: Add aml_else() term
  hw/acpi/aml-build: Add aml_create_dword_field() term
  hw/acpi/aml-build: Add aml_dword_io() term
  hw/arm/virt-acpi-build: Add PCIe controller in ACPI DSDT table
  hw/arm/virt: Enable dynamic generation of ACPI v5.1 tables

 default-configs/arm-softmmu.mak  |   1 +
 default-configs/i386-softmmu.mak |   3 +
 default-configs/mips-softmmu.mak |   3 +
 default-configs/mips64-softmmu.mak   |   3 +
 default-configs/mips64el-softmmu.mak |   3 +
 default-configs/mipsel-softmmu.mak   |   3 +
 default-configs/x86_64-softmmu.mak   |   3 +
 hw/acpi/Makefile.objs|   5 +-
 hw/acpi/aml-build.c  | 234 -
 hw/arm/Makefile.objs |   1 +
 hw/arm/virt-acpi-build.c | 650 +++
 hw/arm/virt.c|  78 -
 hw/i2c/Makefile.objs |   2 +-
 hw/i386/acpi-build.c | 103 +-
 hw/i386/acpi-defs.h  | 368 
 include/hw/acpi/acpi-defs.h  | 482 ++
 include/hw/acpi/aml-build.h  |  94 +
 include/hw/arm/virt-acpi-build.h |  81 +
 qemu-options.hx  |   2 +-
 tests/bios-tables-test.c |   2 +-
 trace-events |   3 +
 21 files changed, 1641 insertions(+), 483 deletions(-)
 create mode 100644 hw/arm/virt-acpi-build.c
 delete mode 100644 hw/i386/acpi-defs.h
 create mode 100644 include/hw/acpi/acpi-defs.h
 create mode 100644 include/hw/arm/virt-acpi-build.h

-- 
2.0.4

[Qemu-devel] [PATCH v5 19/20] hw/arm/virt-acpi-build: Add PCIe controller in ACPI DSDT table

[Shannon Zhao]

From: Shannon Zhao 

Add PCIe controller in ACPI DSDT table, so the guest can detect
the PCIe.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt-acpi-build.c | 152 +++
 1 file changed, 152 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index 85e8242..ceec405 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -49,6 +49,8 @@
 #include "qapi/qmp/qint.h"
 #include "qom/qom-qobject.h"
 #include "exec/ram_addr.h"
+#include "hw/pci/pcie_host.h"
+#include "hw/pci/pci.h"
 
 typedef struct VirtAcpiCpuInfo {
 DECLARE_BITMAP(found_cpus, VIRT_ACPI_CPU_ID_LIMIT);
@@ -160,6 +162,154 @@ static void acpi_dsdt_add_virtio(Aml *scope, const MemMap 
*virtio_mmio_memmap,
 }
 }
 
+static void acpi_dsdt_add_pci(Aml *scope, AcpiPcieInfo *info)
+{
+Aml *method, *crs, *ifctx, *UUID, *ifctx1, *elsectx, *buf;
+int i, bus_no;
+int irq = *info->pcie_irq + 32;
+
+Aml *dev = aml_device("%s", "PCI0");
+aml_append(dev, aml_name_decl("_HID", aml_string("PNP0A08")));
+aml_append(dev, aml_name_decl("_CID", aml_string("PNP0A03")));
+aml_append(dev, aml_name_decl("_SEG", aml_int(0)));
+aml_append(dev, aml_name_decl("_BBN", aml_int(0)));
+aml_append(dev, aml_name_decl("_ADR", aml_int(0)));
+aml_append(dev, aml_name_decl("_UID", aml_string("PCI0")));
+aml_append(dev, aml_name_decl("_STR", aml_string("PCIe 0 Device")));
+
+/* Declare the PCI Routing Table. */
+Aml *rt_pkg = aml_package(info->nr_pcie_buses * PCI_NUM_PINS);
+for (bus_no = 0; bus_no < info->nr_pcie_buses; bus_no++) {
+for (i = 0; i < PCI_NUM_PINS; i++) {
+int gsi = (i + bus_no) % PCI_NUM_PINS;
+Aml *pkg = aml_package(4);
+aml_append(pkg, aml_int((bus_no << 16) | 0x));
+aml_append(pkg, aml_int(i));
+aml_append(pkg, aml_name("GSI%d", gsi));
+aml_append(pkg, aml_int(0));
+aml_append(rt_pkg, pkg);
+}
+}
+aml_append(dev, aml_name_decl("_PRT", rt_pkg));
+
+/* Create GSI link device */
+for (i = 0; i < PCI_NUM_PINS; i++) {
+Aml *dev_gsi = aml_device("GSI%d", i);
+aml_append(dev_gsi, aml_name_decl("_HID", aml_string("PNP0C0F")));
+aml_append(dev_gsi, aml_name_decl("_UID", aml_int(0)));
+crs = aml_resource_template();
+aml_append(crs,
+   aml_interrupt(aml_consumer, aml_level, aml_active_high,
+   aml_exclusive, aml_not_wake_capable, irq + i));
+aml_append(dev_gsi, aml_name_decl("_PRS", crs));
+crs = aml_resource_template();
+aml_append(crs,
+   aml_interrupt(aml_consumer, aml_level, aml_active_high,
+   aml_exclusive, aml_not_wake_capable, irq + i));
+aml_append(dev_gsi, aml_name_decl("_CRS", crs));
+method = aml_method("_SRS", 1);
+aml_append(dev_gsi, method);
+aml_append(dev, dev_gsi);
+}
+
+method = aml_method("_CBA", 0);
+aml_append(method, aml_return(aml_int(info->pcie_ecam.addr)));
+aml_append(dev, method);
+
+method = aml_method("_CRS", 0);
+Aml *rbuf = aml_resource_template();
+aml_append(rbuf,
+aml_word_bus_number(aml_min_fixed, aml_max_fixed, aml_pos_decode,
+0x, 0x, info->nr_pcie_buses - 1,
+0x, info->nr_pcie_buses));
+aml_append(rbuf,
+aml_dword_memory(aml_pos_decode, aml_min_fixed, aml_max_fixed,
+ aml_non_cacheable, aml_ReadWrite,
+ 0x, info->pcie_mmio.addr,
+ info->pcie_mmio.addr + info->pcie_mmio.size - 1,
+ 0x, info->pcie_mmio.size));
+aml_append(rbuf,
+aml_dword_io(aml_min_fixed, aml_max_fixed,
+ aml_pos_decode, aml_entire_range,
+ 0x, 0x, info->pcie_ioport.size - 1,
+ info->pcie_ioport.addr, info->pcie_ioport.size));
+
+aml_append(method, aml_name_decl("RBUF", rbuf));
+aml_append(method, aml_return(rbuf));
+aml_append(dev, method);
+
+/* Declare an _OSC (OS Control Handoff) method */
+aml_append(dev, aml_name_decl("SUPP", aml_int(0)));
+aml_append(dev, aml_name_decl("CTRL", aml_int(0)));
+method = aml_method("_OSC", 4);
+aml_append(method,
+aml_create_dword_field(aml_arg(3), aml_int(0), "CDW1"));
+
+/* PCI Firmware Specification 3.0
+ * 4.5.1. _OSC Interface for PCI Host Bridge Devices
+ * The _OSC interface for a PCI/PCI-X/PCI Express hierarchy is
+ * identified by the Universal Unique IDentifier (UUID)
+ * 33db4d5b-1ff7-401c-9657-7441c03dd766
+ */
+UUID = aml_touuid("33DB4D5B-1FF7-401C-9657-7441C03DD766");
+ifctx = aml_if(aml_equal(aml_arg(0), UUID));
+aml_append(ifctx,
+aml_create_dword_field(aml_arg(3), aml_int(4), "CDW2"));
+aml_

[Qemu-devel] [PATCH v5 18/20] hw/acpi/aml-build: Add aml_dword_io() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/acpi/aml-build.c | 18 ++
 include/hw/acpi/aml-build.h |  5 +
 2 files changed, 23 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index eb5b44f..fe8fd17 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -947,6 +947,24 @@ Aml *aml_word_io(AmlMinFixed min_fixed, AmlMaxFixed 
max_fixed,
 }
 
 /*
+ * ACPI 1.0b: 6.4.3.5.4 ASL Macros for DWORD Address Descriptor
+ *
+ * More verbose description at:
+ * ACPI 5.0: 19.5.33 DWordIO (DWord IO Resource Descriptor Macro)
+ */
+Aml *aml_dword_io(AmlMinFixed min_fixed, AmlMaxFixed max_fixed,
+ AmlDecode dec, AmlISARanges isa_ranges,
+ uint32_t addr_gran, uint32_t addr_min,
+ uint32_t addr_max, uint32_t addr_trans,
+ uint32_t len)
+
+{
+return aml_dword_as_desc(aml_io_range, min_fixed, max_fixed, dec,
+addr_gran, addr_min, addr_max, addr_trans, len,
+isa_ranges);
+}
+
+/*
  * ACPI 1.0b: 6.4.3.5.4 ASL Macros for DWORD Address Space Descriptor
  *
  * More verbose description at:
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 72c2396..ec38fc1 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -238,6 +238,11 @@ Aml *aml_word_io(AmlMinFixed min_fixed, AmlMaxFixed 
max_fixed,
  uint16_t addr_gran, uint16_t addr_min,
  uint16_t addr_max, uint16_t addr_trans,
  uint16_t len);
+Aml *aml_dword_io(AmlMinFixed min_fixed, AmlMaxFixed max_fixed,
+ AmlDecode dec, AmlISARanges isa_ranges,
+ uint32_t addr_gran, uint32_t addr_min,
+ uint32_t addr_max, uint32_t addr_trans,
+ uint32_t len);
 Aml *aml_dword_memory(AmlDecode dec, AmlMinFixed min_fixed,
   AmlMaxFixed max_fixed, AmlCacheble cacheable,
   AmlReadAndWrite read_and_write,
-- 
2.0.4

[Qemu-devel] [PATCH v5 05/20] hw/acpi/aml-build: Add aml_interrupt() term

[Shannon Zhao]

From: Shannon Zhao 

Add aml_interrupt() for describing device interrupt in resource template.
These can be used to generating DSDT table for ACPI on ARM.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/acpi/aml-build.c | 28 +
 include/hw/acpi/aml-build.h | 50 +
 2 files changed, 78 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 61407b7..babe4d6 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -532,6 +532,34 @@ Aml *aml_memory32_fixed(uint32_t addr, uint32_t size,
 return var;
 }
 
+/*
+ * ACPI 1.0: 6.4.3.6 Interrupt (Interrupt Resource Descriptor Macro)
+ */
+Aml *aml_interrupt(AmlConsumerAndProducer con_and_pro,
+   AmlLevelAndEdge level_and_edge,
+   AmlActiveHighAndLow high_and_low,
+   AmlExclusiveAndShared exclusive_and_shared,
+   AmlWakeCap wake_capable, uint32_t irq)
+{
+Aml *var = aml_alloc();
+uint8_t irq_flags = con_and_pro | (level_and_edge << 1)
+| (high_and_low << 2) | (exclusive_and_shared << 3)
+| (wake_capable << 4);
+
+build_append_byte(var->buf, 0x89); /* Extended irq descriptor */
+build_append_byte(var->buf, 6); /* Length, bits[7:0] minimum value = 6 */
+build_append_byte(var->buf, 0); /* Length, bits[15:8] minimum value = 0 */
+build_append_byte(var->buf, irq_flags); /* Interrupt Vector Information. */
+build_append_byte(var->buf, 0x01); /* Interrupt table length = 1 */
+
+/* Interrupt Number */
+build_append_byte(var->buf, extract32(irq, 0, 8)); /* bits[7:0] */
+build_append_byte(var->buf, extract32(irq, 8, 8)); /* bits[15:8] */
+build_append_byte(var->buf, extract32(irq, 16, 8)); /* bits[23:16] */
+build_append_byte(var->buf, extract32(irq, 24, 8)); /* bits[31:24] */
+return var;
+}
+
 /* ACPI 1.0b: 6.4.2.5 I/O Port Descriptor */
 Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
 uint8_t aln, uint8_t len)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 154823b..5b60744 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -105,6 +105,51 @@ typedef enum {
 aml_ReadWrite = 1,
 } AmlReadAndWrite;
 
+/*
+ * ACPI 1.0b: Table 6-28 Extended Interrupt Descriptor Definition
+ * Interrupt Vector Flags Bits[0] Consumer/Producer
+ */
+typedef enum {
+aml_consumer_producer = 0,
+aml_consumer = 1,
+} AmlConsumerAndProducer;
+
+/*
+ * ACPI 1.0b: Table 6-28 Extended Interrupt Descriptor Definition
+ * _HE field definition
+ */
+typedef enum {
+aml_level = 0,
+aml_edge = 1,
+} AmlLevelAndEdge;
+
+/*
+ * ACPI 1.0b: Table 6-28 Extended Interrupt Descriptor Definition
+ * _LL field definition
+ */
+typedef enum {
+aml_active_high = 0,
+aml_active_low = 1,
+} AmlActiveHighAndLow;
+
+/*
+ * ACPI 1.0b: Table 6-28 Extended Interrupt Descriptor Definition
+ * _SHR field definition
+ */
+typedef enum {
+aml_exclusive = 0,
+aml_shared = 1,
+} AmlExclusiveAndShared;
+
+/*
+ * ACPI 5.1: Table 6-203 Extended Interrupt Descriptor Definition
+ * _WKC field definition
+ */
+typedef enum {
+aml_not_wake_capable = 0,
+aml_wake_capable = 1,
+} AmlWakeCap;
+
 typedef
 struct AcpiBuildTables {
 GArray *table_data;
@@ -164,6 +209,11 @@ Aml *aml_call3(const char *method, Aml *arg1, Aml *arg2, 
Aml *arg3);
 Aml *aml_call4(const char *method, Aml *arg1, Aml *arg2, Aml *arg3, Aml *arg4);
 Aml *aml_memory32_fixed(uint32_t addr, uint32_t size,
 AmlReadAndWrite read_and_write);
+Aml *aml_interrupt(AmlConsumerAndProducer con_and_pro,
+   AmlLevelAndEdge level_and_edge,
+   AmlActiveHighAndLow high_and_low,
+   AmlExclusiveAndShared exclusive_and_shared,
+   AmlWakeCap wake_capable, uint32_t irq);
 Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
 uint8_t aln, uint8_t len);
 Aml *aml_operation_region(const char *name, AmlRegionSpace rs,
-- 
2.0.4

[Qemu-devel] [PATCH v5 01/20] hw/i386: Move ACPI header definitions in an arch-independent location

[Shannon Zhao]

From: Shannon Zhao 

The ACPI related header file acpi-defs.h, includes definitions that
apply on other architectures as well. Move it in `include/hw/acpi/`
to sanely include it from other architectures.

Signed-off-by: Alvise Rigo 
Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/i386/acpi-build.c|   2 +-
 hw/i386/acpi-defs.h | 368 
 include/hw/acpi/acpi-defs.h | 368 
 tests/bios-tables-test.c|   2 +-
 4 files changed, 370 insertions(+), 370 deletions(-)
 delete mode 100644 hw/i386/acpi-defs.h
 create mode 100644 include/hw/acpi/acpi-defs.h

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index d0a5c85..83644e4 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -33,7 +33,7 @@
 #include "hw/i386/pc.h"
 #include "target-i386/cpu.h"
 #include "hw/timer/hpet.h"
-#include "hw/i386/acpi-defs.h"
+#include "hw/acpi/acpi-defs.h"
 #include "hw/acpi/acpi.h"
 #include "hw/nvram/fw_cfg.h"
 #include "hw/acpi/bios-linker-loader.h"
diff --git a/hw/i386/acpi-defs.h b/hw/i386/acpi-defs.h
deleted file mode 100644
index c4468f8..000
--- a/hw/i386/acpi-defs.h
+++ /dev/null
@@ -1,368 +0,0 @@
-/*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
-
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
-
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, see .
- */
-#ifndef QEMU_ACPI_DEFS_H
-#define QEMU_ACPI_DEFS_H
-
-enum {
-ACPI_FADT_F_WBINVD,
-ACPI_FADT_F_WBINVD_FLUSH,
-ACPI_FADT_F_PROC_C1,
-ACPI_FADT_F_P_LVL2_UP,
-ACPI_FADT_F_PWR_BUTTON,
-ACPI_FADT_F_SLP_BUTTON,
-ACPI_FADT_F_FIX_RTC,
-ACPI_FADT_F_RTC_S4,
-ACPI_FADT_F_TMR_VAL_EXT,
-ACPI_FADT_F_DCK_CAP,
-ACPI_FADT_F_RESET_REG_SUP,
-ACPI_FADT_F_SEALED_CASE,
-ACPI_FADT_F_HEADLESS,
-ACPI_FADT_F_CPU_SW_SLP,
-ACPI_FADT_F_PCI_EXP_WAK,
-ACPI_FADT_F_USE_PLATFORM_CLOCK,
-ACPI_FADT_F_S4_RTC_STS_VALID,
-ACPI_FADT_F_REMOTE_POWER_ON_CAPABLE,
-ACPI_FADT_F_FORCE_APIC_CLUSTER_MODEL,
-ACPI_FADT_F_FORCE_APIC_PHYSICAL_DESTINATION_MODE,
-ACPI_FADT_F_HW_REDUCED_ACPI,
-ACPI_FADT_F_LOW_POWER_S0_IDLE_CAPABLE,
-};
-
-/*
- * ACPI 2.0 Generic Address Space definition.
- */
-struct Acpi20GenericAddress {
-uint8_t  address_space_id;
-uint8_t  register_bit_width;
-uint8_t  register_bit_offset;
-uint8_t  reserved;
-uint64_t address;
-} QEMU_PACKED;
-typedef struct Acpi20GenericAddress Acpi20GenericAddress;
-
-struct AcpiRsdpDescriptor {/* Root System Descriptor Pointer */
-uint64_t signature;  /* ACPI signature, contains "RSD PTR " */
-uint8_t  checksum;   /* To make sum of struct == 0 */
-uint8_t  oem_id [6]; /* OEM identification */
-uint8_t  revision;   /* Must be 0 for 1.0, 2 for 2.0 */
-uint32_t rsdt_physical_address;  /* 32-bit physical address of RSDT */
-uint32_t length; /* XSDT Length in bytes including hdr */
-uint64_t xsdt_physical_address;  /* 64-bit physical address of XSDT */
-uint8_t  extended_checksum;  /* Checksum of entire table */
-uint8_t  reserved [3];   /* Reserved field must be 0 */
-} QEMU_PACKED;
-typedef struct AcpiRsdpDescriptor AcpiRsdpDescriptor;
-
-/* Table structure from Linux kernel (the ACPI tables are under the
-   BSD license) */
-
-
-#define ACPI_TABLE_HEADER_DEF   /* ACPI common table header */ \
-uint32_t signature;  /* ACPI signature (4 ASCII characters) */ \
-uint32_t length; /* Length of table, in bytes, including 
header */ \
-uint8_t  revision;   /* ACPI Specification minor version # */ \
-uint8_t  checksum;   /* To make sum of entire table == 0 */ \
-uint8_t  oem_id [6]; /* OEM identification */ \
-uint8_t  oem_table_id [8];   /* OEM table identification */ \
-uint32_t oem_revision;   /* OEM revision number */ \
-uint8_t  asl_compiler_id [4];/* ASL compiler vendor ID */ \
-uint32_t asl_compiler_revision;  /* ASL compiler revision number */
-
-
-struct AcpiTableHeader /* ACPI common table header */
-{
-ACPI_TABLE_HEADER_DEF
-} QEMU_PACKED;
-typedef struct AcpiTableHeader AcpiTableHeader;
-
-/*
- * ACPI 1.0 Fixed ACPI Description Table (FADT)
- */
-struct AcpiFadtDescriptorRev1
-{
-ACPI_TABLE_HEADER_DEF /* ACPI common table header */
-uint32_t firmware_ctrl;  /* Physical add

[Qemu-devel] [PATCH v5 04/20] hw/acpi/aml-build: Add aml_memory32_fixed() term

[Shannon Zhao]

From: Shannon Zhao 

Add aml_memory32_fixed() for describing device mmio region in resource template.
These can be used to generating DSDT table for ACPI on ARM.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/acpi/aml-build.c | 27 +++
 include/hw/acpi/aml-build.h |  2 ++
 2 files changed, 29 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 8d01959..61407b7 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -26,6 +26,7 @@
 #include 
 #include "hw/acpi/aml-build.h"
 #include "qemu/bswap.h"
+#include "qemu/bitops.h"
 #include "hw/acpi/bios-linker-loader.h"
 
 static GArray *build_alloc_array(void)
@@ -505,6 +506,32 @@ Aml *aml_call4(const char *method, Aml *arg1, Aml *arg2, 
Aml *arg3, Aml *arg4)
 return var;
 }
 
+/*
+ * ACPI 1.0: 6.4.3.4 Memory32Fixed (Memory Resource Descriptor Macro)
+ */
+Aml *aml_memory32_fixed(uint32_t addr, uint32_t size,
+AmlReadAndWrite read_and_write)
+{
+Aml *var = aml_alloc();
+build_append_byte(var->buf, 0x86); /* Memory32Fixed Resource Descriptor */
+build_append_byte(var->buf, 9); /* Length, bits[7:0] value = 9 */
+build_append_byte(var->buf, 0); /* Length, bits[15:8] value = 0 */
+build_append_byte(var->buf, read_and_write); /* Write status, 1 rw 0 ro */
+
+/* Range base address */
+build_append_byte(var->buf, extract32(addr, 0, 8)); /* bits[7:0] */
+build_append_byte(var->buf, extract32(addr, 8, 8)); /* bits[15:8] */
+build_append_byte(var->buf, extract32(addr, 16, 8)); /* bits[23:16] */
+build_append_byte(var->buf, extract32(addr, 24, 8)); /* bits[31:24] */
+
+/* Range length */
+build_append_byte(var->buf, extract32(size, 0, 8)); /* bits[7:0] */
+build_append_byte(var->buf, extract32(size, 8, 8)); /* bits[15:8] */
+build_append_byte(var->buf, extract32(size, 16, 8)); /* bits[23:16] */
+build_append_byte(var->buf, extract32(size, 24, 8)); /* bits[31:24] */
+return var;
+}
+
 /* ACPI 1.0b: 6.4.2.5 I/O Port Descriptor */
 Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
 uint8_t aln, uint8_t len)
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index 1705001..154823b 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -162,6 +162,8 @@ Aml *aml_call1(const char *method, Aml *arg1);
 Aml *aml_call2(const char *method, Aml *arg1, Aml *arg2);
 Aml *aml_call3(const char *method, Aml *arg1, Aml *arg2, Aml *arg3);
 Aml *aml_call4(const char *method, Aml *arg1, Aml *arg2, Aml *arg3, Aml *arg4);
+Aml *aml_memory32_fixed(uint32_t addr, uint32_t size,
+AmlReadAndWrite read_and_write);
 Aml *aml_io(AmlIODecode dec, uint16_t min_base, uint16_t max_base,
 uint8_t aln, uint8_t len);
 Aml *aml_operation_region(const char *name, AmlRegionSpace rs,
-- 
2.0.4

[Qemu-devel] [PATCH v5 17/20] hw/acpi/aml-build: Add aml_create_dword_field() term

[Shannon Zhao]

From: Shannon Zhao 

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
Reviewed-by: Alex Bennée 
---
 hw/acpi/aml-build.c | 11 +++
 include/hw/acpi/aml-build.h |  1 +
 2 files changed, 12 insertions(+)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index 179acda..eb5b44f 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -726,6 +726,17 @@ Aml *aml_field(const char *name, AmlFieldFlags flags)
 return var;
 }
 
+/* ACPI 1.0b: 16.2.5.2 Named Objects Encoding: DefCreateDWordField */
+Aml *aml_create_dword_field(Aml *srcbuf, Aml *index, const char *name)
+{
+Aml *var = aml_alloc();
+build_append_byte(var->buf, 0x8A); /* CreateDWordFieldOp */
+aml_append(var, srcbuf);
+aml_append(var, index);
+build_append_namestring(var->buf, "%s", name);
+return var;
+}
+
 /* ACPI 1.0b: 16.2.3 Data Objects Encoding: String */
 Aml *aml_string(const char *name_format, ...)
 {
diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
index c322d17..72c2396 100644
--- a/include/hw/acpi/aml-build.h
+++ b/include/hw/acpi/aml-build.h
@@ -261,6 +261,7 @@ Aml *aml_package(uint8_t num_elements);
 Aml *aml_buffer(void);
 Aml *aml_resource_template(void);
 Aml *aml_field(const char *name, AmlFieldFlags flags);
+Aml *aml_create_dword_field(Aml *srcbuf, Aml *index, const char *name);
 Aml *aml_varpackage(uint32_t num_elements);
 Aml *aml_touuid(const char *uuid);
 void build_append_int_noprefix(GArray *table, uint64_t value, int size);
-- 
2.0.4

[Qemu-devel] [PATCH v5 02/20] hw/i386/acpi-build: move generic acpi building helpers into dedictated file

[Shannon Zhao]

From: Shannon Zhao 

Move generic acpi building helpers into dedictated file and this
can be shared with other machines.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/acpi/aml-build.c | 58 ++
 hw/i386/acpi-build.c| 77 -
 include/hw/acpi/aml-build.h | 29 +
 3 files changed, 87 insertions(+), 77 deletions(-)

diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
index d7945f6..8d01959 100644
--- a/hw/acpi/aml-build.c
+++ b/hw/acpi/aml-build.c
@@ -26,6 +26,7 @@
 #include 
 #include "hw/acpi/aml-build.h"
 #include "qemu/bswap.h"
+#include "hw/acpi/bios-linker-loader.h"
 
 static GArray *build_alloc_array(void)
 {
@@ -891,3 +892,60 @@ Aml *aml_qword_memory(AmlDecode dec, AmlMinFixed min_fixed,
  dec, addr_gran, addr_min, addr_max,
  addr_trans, len, flags);
 }
+
+void
+build_header(GArray *linker, GArray *table_data,
+ AcpiTableHeader *h, const char *sig, int len, uint8_t rev)
+{
+memcpy(&h->signature, sig, 4);
+h->length = cpu_to_le32(len);
+h->revision = rev;
+memcpy(h->oem_id, ACPI_BUILD_APPNAME6, 6);
+memcpy(h->oem_table_id, ACPI_BUILD_APPNAME4, 4);
+memcpy(h->oem_table_id + 4, sig, 4);
+h->oem_revision = cpu_to_le32(1);
+memcpy(h->asl_compiler_id, ACPI_BUILD_APPNAME4, 4);
+h->asl_compiler_revision = cpu_to_le32(1);
+h->checksum = 0;
+/* Checksum to be filled in by Guest linker */
+bios_linker_loader_add_checksum(linker, ACPI_BUILD_TABLE_FILE,
+table_data->data, h, len, &h->checksum);
+}
+
+void *acpi_data_push(GArray *table_data, unsigned size)
+{
+unsigned off = table_data->len;
+g_array_set_size(table_data, off + size);
+return table_data->data + off;
+}
+
+unsigned acpi_data_len(GArray *table)
+{
+#if GLIB_CHECK_VERSION(2, 22, 0)
+assert(g_array_get_element_size(table) == 1);
+#endif
+return table->len;
+}
+
+void acpi_add_table(GArray *table_offsets, GArray *table_data)
+{
+uint32_t offset = cpu_to_le32(table_data->len);
+g_array_append_val(table_offsets, offset);
+}
+
+void acpi_build_tables_init(AcpiBuildTables *tables)
+{
+tables->rsdp = g_array_new(false, true /* clear */, 1);
+tables->table_data = g_array_new(false, true /* clear */, 1);
+tables->tcpalog = g_array_new(false, true /* clear */, 1);
+tables->linker = bios_linker_loader_init();
+}
+
+void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre)
+{
+void *linker_data = bios_linker_loader_cleanup(tables->linker);
+g_free(linker_data);
+g_array_free(tables->rsdp, true);
+g_array_free(tables->table_data, true);
+g_array_free(tables->tcpalog, mfre);
+}
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 83644e4..7b5210e 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -70,9 +70,6 @@
 
 #define ACPI_BUILD_TABLE_SIZE 0x2
 
-/* Reserve RAM space for tables: add another order of magnitude. */
-#define ACPI_BUILD_TABLE_MAX_SIZE 0x20
-
 /* #define DEBUG_ACPI_BUILD */
 #ifdef DEBUG_ACPI_BUILD
 #define ACPI_BUILD_DPRINTF(fmt, ...)\
@@ -267,51 +264,8 @@ static void acpi_get_pci_info(PcPciInfo *info)
 NULL);
 }
 
-#define ACPI_BUILD_APPNAME  "Bochs"
-#define ACPI_BUILD_APPNAME6 "BOCHS "
-#define ACPI_BUILD_APPNAME4 "BXPC"
-
-#define ACPI_BUILD_TABLE_FILE "etc/acpi/tables"
-#define ACPI_BUILD_RSDP_FILE "etc/acpi/rsdp"
-#define ACPI_BUILD_TPMLOG_FILE "etc/tpm/log"
-
-static void
-build_header(GArray *linker, GArray *table_data,
- AcpiTableHeader *h, const char *sig, int len, uint8_t rev)
-{
-memcpy(&h->signature, sig, 4);
-h->length = cpu_to_le32(len);
-h->revision = rev;
-memcpy(h->oem_id, ACPI_BUILD_APPNAME6, 6);
-memcpy(h->oem_table_id, ACPI_BUILD_APPNAME4, 4);
-memcpy(h->oem_table_id + 4, sig, 4);
-h->oem_revision = cpu_to_le32(1);
-memcpy(h->asl_compiler_id, ACPI_BUILD_APPNAME4, 4);
-h->asl_compiler_revision = cpu_to_le32(1);
-h->checksum = 0;
-/* Checksum to be filled in by Guest linker */
-bios_linker_loader_add_checksum(linker, ACPI_BUILD_TABLE_FILE,
-table_data->data, h, len, &h->checksum);
-}
-
-/* End here */
 #define ACPI_PORT_SMI_CMD   0x00b2 /* TODO: this is APM_CNT_IOPORT */
 
-static inline void *acpi_data_push(GArray *table_data, unsigned size)
-{
-unsigned off = table_data->len;
-g_array_set_size(table_data, off + size);
-return table_data->data + off;
-}
-
-static unsigned acpi_data_len(GArray *table)
-{
-#if GLIB_CHECK_VERSION(2, 22, 0)
-assert(g_array_get_element_size(table) == 1);
-#endif
-return table->len;
-}
-
 static void acpi_align_size(GArray *blob, unsigned align)
 {
 /* Align size to multiple of given size. This reduces the chance
@@ -320,12 +274,6

[Qemu-devel] [PATCH v5 03/20] hw/arm/virt-acpi-build: Basic framework for building ACPI tables on ARM

[Shannon Zhao]

From: Shannon Zhao 

Introduce a preliminary framework in virt-acpi-build.c with the main
ACPI build functions. It exposes the generated ACPI contents to
guest over fw_cfg.

The required ACPI v5.1 tables for ARM are:
- RSDP: Initial table that points to XSDT
- RSDT: Points to FADT GTDT MADT tables
- FADT: Generic information about the machine
- GTDT: Generic timer description table
- MADT: Multiple APIC description table
- DSDT: Holds all information about system devices/peripherals, pointed by FADT

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/Makefile.objs |   1 +
 hw/arm/virt-acpi-build.c | 191 +++
 include/hw/arm/virt-acpi-build.h |  70 ++
 qemu-options.hx  |   2 +-
 trace-events |   3 +
 5 files changed, 266 insertions(+), 1 deletion(-)
 create mode 100644 hw/arm/virt-acpi-build.c
 create mode 100644 include/hw/arm/virt-acpi-build.h

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 2577f68..a1bfb19 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -3,6 +3,7 @@ obj-$(CONFIG_DIGIC) += digic_boards.o
 obj-y += integratorcp.o kzm.o mainstone.o musicpal.o nseries.o
 obj-y += omap_sx1.o palm.o realview.o spitz.o stellaris.o
 obj-y += tosa.o versatilepb.o vexpress.o virt.o xilinx_zynq.o z2.o
+obj-$(CONFIG_ACPI) += virt-acpi-build.o
 obj-y += netduino2.o
 
 obj-y += armv7m.o exynos4210.o pxa2xx.o pxa2xx_gpio.o pxa2xx_pic.o
diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
new file mode 100644
index 000..c5a3cf9
--- /dev/null
+++ b/hw/arm/virt-acpi-build.c
@@ -0,0 +1,191 @@
+/* Support for generating ACPI tables and passing them to Guests
+ *
+ * ARM virt ACPI generation
+ *
+ * Copyright (C) 2008-2010  Kevin O'Connor 
+ * Copyright (C) 2006 Fabrice Bellard
+ * Copyright (C) 2013 Red Hat Inc
+ *
+ * Author: Michael S. Tsirkin 
+ *
+ * Copyright (c) 2015 HUAWEI TECHNOLOGIES CO.,LTD.
+ *
+ * Author: Shannon Zhao 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see .
+ */
+
+#include "hw/arm/virt-acpi-build.h"
+#include 
+#include 
+#include "qemu-common.h"
+#include "qemu/bitmap.h"
+#include "qemu/osdep.h"
+#include "qemu/range.h"
+#include "qemu/error-report.h"
+#include "trace.h"
+#include "qom/cpu.h"
+#include "target-arm/cpu.h"
+#include "hw/acpi/acpi-defs.h"
+#include "hw/acpi/acpi.h"
+#include "hw/nvram/fw_cfg.h"
+#include "hw/acpi/bios-linker-loader.h"
+#include "hw/loader.h"
+#include "hw/hw.h"
+
+#include "hw/acpi/aml-build.h"
+
+#include "qapi/qmp/qint.h"
+#include "qom/qom-qobject.h"
+#include "exec/ram_addr.h"
+
+typedef
+struct AcpiBuildState {
+/* Copy of table in RAM (for patching). */
+ram_addr_t table_ram;
+ram_addr_t rsdp_ram;
+ram_addr_t linker_ram;
+/* Is table patched? */
+uint8_t patched;
+VirtGuestInfo *guest_info;
+} AcpiBuildState;
+
+static
+void virt_acpi_build(VirtGuestInfo *guest_info, AcpiBuildTables *tables)
+{
+GArray *table_offsets;
+
+table_offsets = g_array_new(false, true /* clear */,
+sizeof(uint32_t));
+
+bios_linker_loader_alloc(tables->linker, ACPI_BUILD_TABLE_FILE,
+ 64, false /* high memory */);
+
+/*
+ * The ACPI v5.1 tables for Hardware-reduced ACPI platform are:
+ * RSDP
+ * RSDT
+ * FADT
+ * GTDT
+ * MADT
+ * DSDT
+ */
+
+/* Cleanup memory that's no longer used. */
+g_array_free(table_offsets, true);
+}
+
+static void acpi_ram_update(ram_addr_t ram, GArray *data)
+{
+uint32_t size = acpi_data_len(data);
+
+/* Make sure RAM size is correct - in case it got changed
+ * e.g. by migration */
+qemu_ram_resize(ram, size, &error_abort);
+
+memcpy(qemu_get_ram_ptr(ram), data->data, size);
+cpu_physical_memory_set_dirty_range_nocode(ram, size);
+}
+
+static void virt_acpi_build_update(void *build_opaque, uint32_t offset)
+{
+AcpiBuildState *build_state = build_opaque;
+AcpiBuildTables tables;
+
+/* No state to update or already patched? Nothing to do. */
+if (!build_state || build_state->patched) {
+return;
+}
+build_state->patched = 1;
+
+acpi_build_tables_init(&tables);
+
+virt_acpi_build(build_state->guest_info, &tables);
+
+acpi_ram_update(build_state->table_ram, tables.table_data);
+acpi

[Qemu-devel] [PATCH v5 06/20] hw/arm/virt-acpi-build: Generation of DSDT table for virt devices

[Shannon Zhao]

From: Shannon Zhao 

DSDT consists of the usual common table header plus a definition
block in AML encoding which describes all devices in the platform.

After initializing DSDT with header information the namespace is
created which is followed by the device encodings. The devices are
described using the Resource Template for the 32-Bit Fixed Memory
Range and the Extended Interrupt Descriptors.

Signed-off-by: Shannon Zhao 
Signed-off-by: Shannon Zhao 
---
 hw/arm/virt-acpi-build.c | 128 +++
 1 file changed, 128 insertions(+)

diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c
index c5a3cf9..d044880 100644
--- a/hw/arm/virt-acpi-build.c
+++ b/hw/arm/virt-acpi-build.c
@@ -50,6 +50,130 @@
 #include "qom/qom-qobject.h"
 #include "exec/ram_addr.h"
 
+static void acpi_dsdt_add_cpus(Aml *scope, int max_cpus)
+{
+uint16_t i;
+
+for (i = 0; i < max_cpus; i++) {
+Aml *dev = aml_device("C%03x", i);
+aml_append(dev, aml_name_decl("_HID", aml_string("ACPI0007")));
+aml_append(dev, aml_name_decl("_UID", aml_int(i)));
+Aml *crs = aml_resource_template();
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+}
+}
+
+static void acpi_dsdt_add_uart(Aml *scope, const MemMap *uart_memmap,
+   const int *uart_irq)
+{
+Aml *dev = aml_device("COM0");
+aml_append(dev, aml_name_decl("_HID", aml_string("ARMH0011")));
+aml_append(dev, aml_name_decl("_UID", aml_int(0)));
+
+Aml *crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(uart_memmap->addr,
+   uart_memmap->size, aml_ReadWrite));
+aml_append(crs,
+   aml_interrupt(aml_consumer, aml_level, aml_active_high,
+   aml_exclusive, aml_not_wake_capable, *uart_irq + 32));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+}
+
+static void acpi_dsdt_add_rtc(Aml *scope, const MemMap *rtc_memmap,
+  const int *rtc_irq)
+{
+Aml *dev = aml_device("RTC0");
+aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0013")));
+aml_append(dev, aml_name_decl("_UID", aml_int(0)));
+
+Aml *crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(rtc_memmap->addr,
+   rtc_memmap->size, aml_ReadWrite));
+aml_append(crs,
+   aml_interrupt(aml_consumer, aml_level, aml_active_high,
+   aml_exclusive, aml_not_wake_capable, *rtc_irq + 32));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+}
+
+static void acpi_dsdt_add_flash(Aml *scope, const MemMap *flash_memmap)
+{
+Aml *dev, *crs;
+hwaddr base = flash_memmap->addr;
+hwaddr size = flash_memmap->size;
+
+dev = aml_device("FLS0");
+aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0015")));
+aml_append(dev, aml_name_decl("_UID", aml_int(0)));
+
+crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(base, size, aml_ReadWrite));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+
+dev = aml_device("FLS1");
+aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0015")));
+aml_append(dev, aml_name_decl("_UID", aml_int(1)));
+crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(base + size, size, aml_ReadWrite));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+}
+
+static void acpi_dsdt_add_virtio(Aml *scope, const MemMap *virtio_mmio_memmap,
+ const int *mmio_irq, int num)
+{
+hwaddr base = virtio_mmio_memmap->addr;
+hwaddr size = virtio_mmio_memmap->size;
+int irq = *mmio_irq + 32;
+int i;
+
+for (i = 0; i < num; i++) {
+Aml *dev = aml_device("VR%02u", i);
+aml_append(dev, aml_name_decl("_HID", aml_string("LNRO0005")));
+aml_append(dev, aml_name_decl("_UID", aml_int(i)));
+
+Aml *crs = aml_resource_template();
+aml_append(crs, aml_memory32_fixed(base, size, aml_ReadWrite));
+aml_append(crs,
+   aml_interrupt(aml_consumer, aml_level, aml_active_high,
+   aml_exclusive, aml_not_wake_capable, irq + i));
+aml_append(dev, aml_name_decl("_CRS", crs));
+aml_append(scope, dev);
+base += size;
+}
+}
+
+/* DSDT */
+static void
+build_dsdt(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)
+{
+Aml *scope, *dsdt;
+AcpiDsdtInfo *info = guest_info->dsdt_info;
+
+dsdt = init_aml_allocator();
+/* Reserve space for header */
+acpi_data_push(dsdt->buf, sizeof(AcpiTableHeader));
+
+scope = aml_scope("\\_SB");
+acpi_dsdt_add_cpus(scope, guest_info->max_cpus);
+acpi_dsdt_add_uart(scope, info->uart_memmap, info->uart_irq);
+acpi_dsdt_add_rtc(scope, info->rtc_memma

Re: [Qemu-devel] [PATCH 1/2] q35: implement SMRAM.D_LCK

[Gerd Hoffmann]

On Di, 2015-04-14 at 16:35 +0200, Paolo Bonzini wrote:
> 
> On 14/04/2015 15:12, Gerd Hoffmann wrote:
> > Signed-off-by: Gerd Hoffmann 
> > ---
> >  hw/pci-host/q35.c | 17 -
> >  1 file changed, 16 insertions(+), 1 deletion(-)
> > 
> > diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c
> > index 79bab15..9227489 100644
> > --- a/hw/pci-host/q35.c
> > +++ b/hw/pci-host/q35.c
> > @@ -268,6 +268,20 @@ static void mch_update_smram(MCHPCIState *mch)
> >  PCIDevice *pd = PCI_DEVICE(mch);
> >  bool h_smrame = (pd->config[MCH_HOST_BRIDGE_ESMRAMC] & 
> > MCH_HOST_BRIDGE_ESMRAMC_H_SMRAME);
> >  
> > +/* implement SMRAM.D_LCK */
> > +if (pd->config[MCH_HOST_BRIDGE_SMRAM] & MCH_HOST_BRIDGE_SMRAM_D_LCK) {
> > +pd->config[MCH_HOST_BRIDGE_SMRAM] &= ~MCH_HOST_BRIDGE_SMRAM_D_OPEN;
> > +
> > +pd->wmask[MCH_HOST_BRIDGE_SMRAM] &= ~MCH_HOST_BRIDGE_SMRAM_D_OPEN;
> > +pd->wmask[MCH_HOST_BRIDGE_SMRAM] &= ~MCH_HOST_BRIDGE_SMRAM_D_LCK;
> > +pd->wmask[MCH_HOST_BRIDGE_SMRAM] &= 
> > ~MCH_HOST_BRIDGE_SMRAM_G_SMRAME;
> > +pd->wmask[MCH_HOST_BRIDGE_SMRAM] &= 
> > ~MCH_HOST_BRIDGE_SMRAM_C_BASE_SEG_MASK;
> > +
> > +pd->wmask[MCH_HOST_BRIDGE_ESMRAMC] &= 
> > ~MCH_HOST_BRIDGE_ESMRAMC_H_SMRAME;
> > +pd->wmask[MCH_HOST_BRIDGE_ESMRAMC] &= 
> > ~MCH_HOST_BRIDGE_ESMRAMC_TSEG_SZ_MASK;
> > +pd->wmask[MCH_HOST_BRIDGE_ESMRAMC] &= 
> > ~MCH_HOST_BRIDGE_ESMRAMC_T_EN;
> > +}
> > +
> >  memory_region_transaction_begin();
> >  
> >  if (pd->config[MCH_HOST_BRIDGE_SMRAM] & SMRAM_D_OPEN) {
> > @@ -297,7 +311,6 @@ static void mch_write_config(PCIDevice *d,
> >  {
> >  MCHPCIState *mch = MCH_PCI_DEVICE(d);
> >  
> > -/* XXX: implement SMRAM.D_LOCK */
> >  pci_default_write_config(d, address, val, len);
> >  
> >  if (ranges_overlap(address, len, MCH_HOST_BRIDGE_PAM0,
> > @@ -351,6 +364,8 @@ static void mch_reset(DeviceState *qdev)
> >   MCH_HOST_BRIDGE_PCIEXBAR_DEFAULT);
> >  
> >  d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
> > +d->wmask[MCH_HOST_BRIDGE_SMRAM] = 0xff;
> > +d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = 0xff;
> 
> S3, if I remember correctly, should not be able to reset D_LCK.

The "A Tour Beyond BIOS Implementing S3 Resume with EDKII" white paper
lists "Lock SMM. This must be done to maintain SMM integrity." as todo
list item for the edk2 resume code path (page 18).

So it seems to me it is the job of the firmware to re-lock smm after S3
(and before handing control back to the OS, obviously).

> Does
> this do the right thing?

I think so ...

cheers,
  Gerd

Re: [Qemu-devel] [PATCH V14 0/3] Virtual Machine Generation ID

[Igor Mammedov]

On Wed, 15 Apr 2015 12:38:57 +0200
"Michael S. Tsirkin"  wrote:

> On Tue, Mar 03, 2015 at 05:18:12PM +0100, Igor Mammedov wrote:
> > Changes since v13:
> >  * fix comment style to /*... */ in testcase
> >  * make BAR TARGET_PAGE_SIZE as required by spec
> >  * make BAR prefetchable, spec also says that it shouldn't be
> >marked as non cached
> >  * ACPI part
> > * merge separate VGID device with PCI device description
> > * mark device as not shown in UI,
> >   it hides "VM Generation ID" device from device manager
> >   and leaves only "PCI Standard RAM Controller" device there
> 
> In an offline chat, Yan (Cc) mentioned that with windows guests,
> PCI rebalancing can move BAR values around.
> Yan, could you comment on-list please?
> Is there a way to force this, for testing?
> 
> ACPI spec mentions this:
> If a platform uses a PCI BAR Target operation region, an ACPI OS will
> not load a native device driver for the associated PCI function. For
> example, if any of the BARs in a PCI function are associated with a PCI
> BAR Target operation region, then the OS will assume that the PCI
> function is to be entirely under the control of the ACPI BIOS. No driver
> will be loaded. Thus, a PCI function can be used as a platform
> controller for some task (hot-plug PCI, and so on) that the ACPI BIOS
> performs.
It seems that WS2012R2 doesn't honor this part of spec,
it still tries to find matching driver and load it.

> 
> This might also avoid driver prompt from windows?
it isn't.

Re: [Qemu-devel] [PATCH 1/2] q35: implement SMRAM.D_LCK

[Gerd Hoffmann]

  Hi,

> >  d->config[MCH_HOST_BRIDGE_SMRAM] = MCH_HOST_BRIDGE_SMRAM_DEFAULT;
> > +d->wmask[MCH_HOST_BRIDGE_SMRAM] = 0xff;
> 
> Is this right? I see a bunch of reserved bits etc there.

Restores the state we had before the guest flipped the lock bit.

Entriely possible that we should have a non-0xff wmask in the first
place, I'll look into that, but it's unrelated to lock bit handling and
thus something for another patch.

> > +d->wmask[MCH_HOST_BRIDGE_ESMRAMC] = 0xff;
> 
> Doesn't this mean we need to reset this register now?

Again, this is something not related to the lock bit implementation,
probably the patch adding esramc support should have added this too.

I'll have a look, probably will cook up a incremental fix paolo can
squash in then.

> >  
> >  mch_update(mch);
> >  }
> 
> Don't you also need to clear D_LCK?

Setting MCH_HOST_BRIDGE_SMRAM to MCH_HOST_BRIDGE_SMRAM_DEFAULT does
that.

Also see 2/2 with the test case which shows lock+unlock works correctly.

cheers,
  Gerd

Re: [Qemu-devel] [PULL for-2.3 0/1] fw_cfg: add documentation file (docs/specs/fw_cfg.txt)

[Michael S. Tsirkin]

On Tue, Apr 14, 2015 at 12:34:02PM +0100, Peter Maydell wrote:
> On 14 April 2015 at 12:27, Gerd Hoffmann  wrote:
> >   Hi,
> >
> > Damn, wanted to sent this out last week, then forgot, so it missed -rc3.
> > But it is a documentation-only change, so it should still be fine for
> > 2.3, right?
> 
> My inclination is to only put this in if something else turns
> up that we must fix in rc3. Otherwise I would want to just release
> 2.3 with our current tree.
> 
> thanks
> -- PMM

Looks like there's a vhost bug that might justify making
code changes :( I posted the patch fixing this, and Cc'd you -
patch is under test.

-- 
MST

Re: [Qemu-devel] [PATCH] xen-pt: Fix bug cause PCI devices re-attach failed

[Li, Liang Z]

> On 13/04/2015 16:12, Liang Li wrote:
> > 2. Do the attach and detach operation with a time interval. eg. 10s.
> >
> > The error message will not  disappear if retry, in this case, it's
> > a bug.
> >
> > In the 'xen_pt_region_add' and 'xen_pt_region_del', we should only
> > care about the 'xen-pci-pt-*' memory region, this can avoid the
> > region's reference count is not equal with the dereference count when
> > the device is detached and prevent the device's related QemuOpts
> > object from being released properly, and then trigger the bug when the
> > device is re-attached.
> 
> This doesn't explain _which_ region is causing the bug and how.

Please ignore this patch, because I have some new findings and this patch is 
not correct, 
I will send a new patch later.

> 
> Assuming this is the right fix, should you instead move the
> memory_region_ref/unref pair from xen_pt_region_add/del after this
> conditional:
> 
> if (bar == -1 && (!s->msix || &s->msix->mmio != mr)) {
> return;
> }
> 
> in xen_pt_region_update?
>
> Paolo

Yes,  it's the right place. Put aside the bug fix,  I think the 
memory_region_ref/unref pair
 should be move to xen_pt_region_update after the conditional as you point out.
 Do you think so?

Liang

Re: [Qemu-devel] [PATCH] xen-pt: Fix bug cause PCI devices re-attach failed

[Paolo Bonzini]

On 15/04/2015 16:14, Li, Liang Z wrote:
> Yes,  it's the right place. Put aside the bug fix,  I think the 
> memory_region_ref/unref pair
>  should be move to xen_pt_region_update after the conditional as you point 
> out.
>  Do you think so?

It would make sense, but I was just guessing... I'm still not sure
whether that causes any difference, also because I'm not familiar with
the Xen PCI passthrough code.

Paolo

Re: [Qemu-devel] [V9fs-developer] [Bug 1336794] Re: 9pfs does not honor open file handles on unlinked files

[Eric Van Hensbergen]

good to know, thanks dominique.  I gave it a sniff test with FSX and a few
other benchmarks, but I need to hit it with some multithreaded
regressions.  Any pointers to reproducible failure cases would be
beneficial.

On Wed, Apr 15, 2015 at 6:28 AM Dominique Martinet <
dominique.marti...@cea.fr> wrote:

> Eric Van Hensbergen wrote on Mon, Apr 13, 2015 at 04:05:28PM +:
> > Well, technically fid 3 isn't 'open', only fid 2 is open - at least
> > according to the protocol.  fid 3 and fid 2 are both clones of fid 1.
>
> Right, they're clone fids, but nothing in the protocol says what should
> happen to non-open fids when you unlink the file either - I guess both
> behaviours are OK as long as the client can handle it, so it would make
> sense to at least call fstat() on the fid matching the fd, but while
> I think this is how the kernel currently behaves the kernel doesn't HAVE
> to make one open, separate fid per open file descriptor either.
>
> > However, thanks for the alternative workaround.  If you get a chance, can
> > you check that my change to the client to partially fix this for the
> other
> > servers doesn't break nfs-ganesha:
> >
> >
> https://github.com/ericvh/linux/commit/fddc7721d6d19e4e6be4905f37ade5b0521f4ed5
>
> I'm afraid I haven't had much time lately, but while fstat-after-unlink
> still works I'm getting some Oops with my basic test suite (create empty
> files and rm -rf, kernel compilation, etc - nothing fancy) to the point
> of locking myself out of my test box pretty quickly.
>
> I'll try to debug patches a bit more individually (trying everything at
> once isn't helping), but at the very least something is fishy
>
> --
> Dominique Martinet
>