[Qemu-devel] [PATCH v3 0/3] Support more than 8 MMU modes, speedup PPC by 10%
Patches 1 and 2 enable support from more than 8 MMU modes in TCG (patch 1 is in the targets, patch 2 is in cpu-defs.h). The TLB size is reduced proportionally on targets where that is necessary. Patch 3 uses the new support in the PPC target. Paolo v2->v3: - change i386 TCG_TARGET_TLB_DISPLACEMENT_BITS to 31 [rth] - tweak comment in patch 2 to account for offsetof(CPUArchState, tlb_table[mem_index][0].addend) [rth] Paolo Bonzini (3): tcg: add TCG_TARGET_TLB_DISPLACEMENT_BITS softmmu: support up to 12 MMU modes target-ppc: use separate indices for various translation modes include/exec/cpu-defs.h | 34 +++- include/exec/cpu_ldst.h | 104 --- target-ppc/cpu.h | 12 +++--- target-ppc/excp_helper.c | 3 -- target-ppc/helper_regs.h | 15 --- tcg/aarch64/tcg-target.h | 1 + tcg/arm/tcg-target.h | 1 + tcg/i386/tcg-target.h| 1 + tcg/ia64/tcg-target.h| 2 + tcg/mips/tcg-target.h| 1 + tcg/ppc/tcg-target.h | 1 + tcg/s390/tcg-target.h| 1 + tcg/sparc/tcg-target.h | 1 + tcg/tci/tcg-target.h | 1 + 14 files changed, 156 insertions(+), 22 deletions(-) -- 2.3.5
[Qemu-devel] [PATCH v2 1/3] tcg: add TCG_TARGET_TLB_DISPLACEMENT_BITS
This will be used to size the TLB when more than 8 MMU modes are
used by the target. Limitations come from the limited size of
the immediate fields (which sometimes, as in the case of Aarch64,
extend to instructions that shift the immediate).
Signed-off-by: Paolo Bonzini
Message-Id: <1424436345-37924-2-git-send-email-pbonz...@redhat.com>
---
tcg/aarch64/tcg-target.h | 1 +
tcg/arm/tcg-target.h | 1 +
tcg/i386/tcg-target.h| 1 +
tcg/ia64/tcg-target.h| 2 ++
tcg/mips/tcg-target.h| 1 +
tcg/ppc/tcg-target.h | 1 +
tcg/s390/tcg-target.h| 1 +
tcg/sparc/tcg-target.h | 1 +
tcg/tci/tcg-target.h | 1 +
9 files changed, 10 insertions(+)
diff --git a/tcg/aarch64/tcg-target.h b/tcg/aarch64/tcg-target.h
index 60c7493..8aec04d 100644
--- a/tcg/aarch64/tcg-target.h
+++ b/tcg/aarch64/tcg-target.h
@@ -14,6 +14,7 @@
#define TCG_TARGET_AARCH64 1
#define TCG_TARGET_INSN_UNIT_SIZE 4
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 24
#undef TCG_TARGET_STACK_GROWSUP
typedef enum {
diff --git a/tcg/arm/tcg-target.h b/tcg/arm/tcg-target.h
index 1c719e2..6559f80 100644
--- a/tcg/arm/tcg-target.h
+++ b/tcg/arm/tcg-target.h
@@ -27,6 +27,7 @@
#undef TCG_TARGET_STACK_GROWSUP
#define TCG_TARGET_INSN_UNIT_SIZE 4
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 16
typedef enum {
TCG_REG_R0 = 0,
diff --git a/tcg/i386/tcg-target.h b/tcg/i386/tcg-target.h
index 7a9980e..25b5133 100644
--- a/tcg/i386/tcg-target.h
+++ b/tcg/i386/tcg-target.h
@@ -25,6 +25,7 @@
#define TCG_TARGET_I386 1
#define TCG_TARGET_INSN_UNIT_SIZE 1
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 31
#ifdef __x86_64__
# define TCG_TARGET_REG_BITS 64
diff --git a/tcg/ia64/tcg-target.h b/tcg/ia64/tcg-target.h
index d675589..a04ed81 100644
--- a/tcg/ia64/tcg-target.h
+++ b/tcg/ia64/tcg-target.h
@@ -26,6 +26,8 @@
#define TCG_TARGET_IA64 1
#define TCG_TARGET_INSN_UNIT_SIZE 16
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 21
+
typedef struct {
uint64_t lo __attribute__((aligned(16)));
uint64_t hi;
diff --git a/tcg/mips/tcg-target.h b/tcg/mips/tcg-target.h
index c88a1c9..f5ba52c 100644
--- a/tcg/mips/tcg-target.h
+++ b/tcg/mips/tcg-target.h
@@ -27,6 +27,7 @@
#define TCG_TARGET_MIPS 1
#define TCG_TARGET_INSN_UNIT_SIZE 4
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 16
#define TCG_TARGET_NB_REGS 32
typedef enum {
diff --git a/tcg/ppc/tcg-target.h b/tcg/ppc/tcg-target.h
index 32ac442..7ce7048 100644
--- a/tcg/ppc/tcg-target.h
+++ b/tcg/ppc/tcg-target.h
@@ -32,6 +32,7 @@
#define TCG_TARGET_NB_REGS 32
#define TCG_TARGET_INSN_UNIT_SIZE 4
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 16
typedef enum {
TCG_REG_R0, TCG_REG_R1, TCG_REG_R2, TCG_REG_R3,
diff --git a/tcg/s390/tcg-target.h b/tcg/s390/tcg-target.h
index 5acc28c..91576d5 100644
--- a/tcg/s390/tcg-target.h
+++ b/tcg/s390/tcg-target.h
@@ -25,6 +25,7 @@
#define TCG_TARGET_S390 1
#define TCG_TARGET_INSN_UNIT_SIZE 2
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 19
typedef enum TCGReg {
TCG_REG_R0 = 0,
diff --git a/tcg/sparc/tcg-target.h b/tcg/sparc/tcg-target.h
index 0c4c8af..f584de4 100644
--- a/tcg/sparc/tcg-target.h
+++ b/tcg/sparc/tcg-target.h
@@ -27,6 +27,7 @@
#define TCG_TARGET_REG_BITS 64
#define TCG_TARGET_INSN_UNIT_SIZE 4
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 32
#define TCG_TARGET_NB_REGS 32
typedef enum {
diff --git a/tcg/tci/tcg-target.h b/tcg/tci/tcg-target.h
index bd1e974..4c41305 100644
--- a/tcg/tci/tcg-target.h
+++ b/tcg/tci/tcg-target.h
@@ -44,6 +44,7 @@
#define TCG_TARGET_INTERPRETER 1
#define TCG_TARGET_INSN_UNIT_SIZE 1
+#define TCG_TARGET_TLB_DISPLACEMENT_BITS 32
#if UINTPTR_MAX == UINT32_MAX
# define TCG_TARGET_REG_BITS 32
--
2.3.5
[Qemu-devel] [PATCH v2 2/3] softmmu: support up to 12 MMU modes
At 8k per TLB (for 64-bit host or target), 8 or more modes
make the TLBs bigger than 64k, and some RISC TCG backends do
not like that. On the affected hosts, cut the TLB size in
half---there is still a measurable speedup on PPC with the
next patch.
Signed-off-by: Paolo Bonzini
Message-Id: <1424436345-37924-3-git-send-email-pbonz...@redhat.com>
---
include/exec/cpu-defs.h | 34 +++-
include/exec/cpu_ldst.h | 104 +---
2 files changed, 130 insertions(+), 8 deletions(-)
diff --git a/include/exec/cpu-defs.h b/include/exec/cpu-defs.h
index 3f56546..c667570 100644
--- a/include/exec/cpu-defs.h
+++ b/include/exec/cpu-defs.h
@@ -27,6 +27,7 @@
#include
#include "qemu/osdep.h"
#include "qemu/queue.h"
+#include "tcg-target.h"
#ifndef CONFIG_USER_ONLY
#include "exec/hwaddr.h"
#endif
@@ -70,8 +71,6 @@ typedef uint64_t target_ulong;
#define TB_JMP_PAGE_MASK (TB_JMP_CACHE_SIZE - TB_JMP_PAGE_SIZE)
#if !defined(CONFIG_USER_ONLY)
-#define CPU_TLB_BITS 8
-#define CPU_TLB_SIZE (1 << CPU_TLB_BITS)
/* use a fully associative victim tlb of 8 entries */
#define CPU_VTLB_SIZE 8
@@ -81,6 +80,38 @@ typedef uint64_t target_ulong;
#define CPU_TLB_ENTRY_BITS 5
#endif
+/* TCG_TARGET_TLB_DISPLACEMENT_BITS is used in CPU_TLB_BITS to ensure that
+ * the TLB is not unnecessarily small, but still small enough for the
+ * TLB lookup instruction sequence used by the TCG target.
+ *
+ * TCG will have to generate an operand as large as the distance between
+ * env and the tlb_table[NB_MMU_MODES - 1][0].addend. For simplicity,
+ * the TCG targets just round everything up to the next power of two, and
+ * count bits. This works because: 1) the size of each TLB is a largish
+ * power of two, 2) and because the limit of the displacement is really close
+ * to a power of two, 3) the offset of tlb_table[0][0] inside env is smaller
+ * than the size of a TLB.
+ *
+ * For example, the maximum displacement 0xFFF0 on PPC and MIPS, but TCG
+ * just says "the displacement is 16 bits". TCG_TARGET_TLB_DISPLACEMENT_BITS
+ * then ensures that tlb_table at least 0x8000 bytes large ("not unnecessarily
+ * small": 2^15). The operand then will come up smaller than 0xFFF0 without
+ * any particular care, because the TLB for a single MMU mode is larger than
+ * 0x1-0xFFF0=16 bytes. In the end, the maximum value of the operand
+ * could be something like 0xC000 (the offset of the last TLB table) plus
+ * 0x18 (the offset of the addend field in each TLB entry) plus the offset
+ * of tlb_table inside env (which is non-trivial but not huge).
+ */
+#define CPU_TLB_BITS \
+MIN(8, \
+TCG_TARGET_TLB_DISPLACEMENT_BITS - CPU_TLB_ENTRY_BITS - \
+(NB_MMU_MODES <= 1 ? 0 : \
+ NB_MMU_MODES <= 2 ? 1 : \
+ NB_MMU_MODES <= 4 ? 2 : \
+ NB_MMU_MODES <= 8 ? 3 : 4))
+
+#define CPU_TLB_SIZE (1 << CPU_TLB_BITS)
+
typedef struct CPUTLBEntry {
/* bit TARGET_LONG_BITS to TARGET_PAGE_BITS : virtual address
bit TARGET_PAGE_BITS-1..4 : Nonzero for accesses that should not
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 1673287..0ec398c 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -263,12 +263,104 @@ uint64_t helper_ldq_cmmu(CPUArchState *env, target_ulong
addr, int mmu_idx);
#undef MEMSUFFIX
#endif /* (NB_MMU_MODES >= 7) */
-#if (NB_MMU_MODES > 7)
-/* Note that supporting NB_MMU_MODES == 9 would require
- * changes to at least the ARM TCG backend.
- */
-#error "NB_MMU_MODES > 7 is not supported for now"
-#endif /* (NB_MMU_MODES > 7) */
+#if (NB_MMU_MODES >= 8) && defined(MMU_MODE7_SUFFIX)
+
+#define CPU_MMU_INDEX 7
+#define MEMSUFFIX MMU_MODE7_SUFFIX
+#define DATA_SIZE 1
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 2
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 4
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 8
+#include "exec/cpu_ldst_template.h"
+#undef CPU_MMU_INDEX
+#undef MEMSUFFIX
+#endif /* (NB_MMU_MODES >= 8) */
+
+#if (NB_MMU_MODES >= 9) && defined(MMU_MODE8_SUFFIX)
+
+#define CPU_MMU_INDEX 8
+#define MEMSUFFIX MMU_MODE8_SUFFIX
+#define DATA_SIZE 1
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 2
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 4
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 8
+#include "exec/cpu_ldst_template.h"
+#undef CPU_MMU_INDEX
+#undef MEMSUFFIX
+#endif /* (NB_MMU_MODES >= 9) */
+
+#if (NB_MMU_MODES >= 10) && defined(MMU_MODE9_SUFFIX)
+
+#define CPU_MMU_INDEX 9
+#define MEMSUFFIX MMU_MODE9_SUFFIX
+#define DATA_SIZE 1
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 2
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 4
+#include "exec/cpu_ldst_template.h"
+
+#define DATA_SIZE 8
+#include "exe
[Qemu-devel] [PATCH v2 3/3] target-ppc: use separate indices for various translation modes
PowerPC TCG flushes the TLB on every IR/DR change, which basically
means on every user<->kernel context switch. Encode IR/DR in the
MMU index.
This brings the number of TLB flushes down from ~90 to ~5
for starting up the Debian installer, which is in line with x86
and gives a ~10% performance improvement.
Signed-off-by: Paolo Bonzini
Message-Id: <1424436345-37924-4-git-send-email-pbonz...@redhat.com>
---
target-ppc/cpu.h | 12 +++-
target-ppc/excp_helper.c | 3 ---
target-ppc/helper_regs.h | 15 +--
3 files changed, 16 insertions(+), 14 deletions(-)
diff --git a/target-ppc/cpu.h b/target-ppc/cpu.h
index c05c503..2c41d49 100644
--- a/target-ppc/cpu.h
+++ b/target-ppc/cpu.h
@@ -944,7 +944,13 @@ struct ppc_segment_page_sizes {
/*/
/* The whole PowerPC CPU context */
-#define NB_MMU_MODES 3
+#define NB_MMU_MODES 12
+#define MMU_IDX_IR 1
+#define MMU_IDX_DR 2
+#define MMU_IDX_PR 0
+#define MMU_IDX_SUP 4
+#define MMU_IDX_HV 8
+#define MMU_USER_IDX (MMU_IDX_PR|MMU_IDX_IR|MMU_IDX_DR)
#define PPC_CPU_OPCODES_LEN 0x40
#define PPC_CPU_INDIRECT_OPCODES_LEN 0x20
@@ -1246,10 +1252,6 @@ int ppc_dcr_write (ppc_dcr_t *dcr_env, int dcrn,
uint32_t val);
#define cpu_list ppc_cpu_list
/* MMU modes definitions */
-#define MMU_MODE0_SUFFIX _user
-#define MMU_MODE1_SUFFIX _kernel
-#define MMU_MODE2_SUFFIX _hypv
-#define MMU_USER_IDX 0
static inline int cpu_mmu_index (CPUPPCState *env)
{
return env->mmu_idx;
diff --git a/target-ppc/excp_helper.c b/target-ppc/excp_helper.c
index b803475..f608701 100644
--- a/target-ppc/excp_helper.c
+++ b/target-ppc/excp_helper.c
@@ -623,9 +623,6 @@ static inline void powerpc_excp(PowerPCCPU *cpu, int
excp_model, int excp)
if (env->spr[SPR_LPCR] & LPCR_AIL) {
new_msr |= (1 << MSR_IR) | (1 << MSR_DR);
-} else if (msr & ((1 << MSR_IR) | (1 << MSR_DR))) {
-/* If we disactivated any translation, flush TLBs */
-tlb_flush(cs, 1);
}
#ifdef TARGET_PPC64
diff --git a/target-ppc/helper_regs.h b/target-ppc/helper_regs.h
index 271fddf..5dfc54f 100644
--- a/target-ppc/helper_regs.h
+++ b/target-ppc/helper_regs.h
@@ -41,12 +41,17 @@ static inline void hreg_swap_gpr_tgpr(CPUPPCState *env)
static inline void hreg_compute_mem_idx(CPUPPCState *env)
{
+int mmu_idx;
+
/* Precompute MMU index */
-if (msr_pr == 0 && msr_hv != 0) {
-env->mmu_idx = 2;
+if (msr_pr == 1) {
+mmu_idx = MMU_IDX_PR;
} else {
-env->mmu_idx = 1 - msr_pr;
+mmu_idx = msr_hv ? MMU_IDX_HV : MMU_IDX_SUP;
}
+mmu_idx |= msr_ir ? MMU_IDX_IR : 0;
+mmu_idx |= msr_dr ? MMU_IDX_DR : 0;
+env->mmu_idx = mmu_idx;
}
static inline void hreg_compute_hflags(CPUPPCState *env)
@@ -56,7 +61,7 @@ static inline void hreg_compute_hflags(CPUPPCState *env)
/* We 'forget' FE0 & FE1: we'll never generate imprecise exceptions */
hflags_mask = (1 << MSR_VR) | (1 << MSR_AP) | (1 << MSR_SA) |
(1 << MSR_PR) | (1 << MSR_FP) | (1 << MSR_SE) | (1 << MSR_BE) |
-(1 << MSR_LE) | (1 << MSR_VSX);
+(1 << MSR_LE) | (1 << MSR_VSX) | (1 << MSR_IR) | (1 << MSR_DR);
hflags_mask |= (1ULL << MSR_CM) | (1ULL << MSR_SF) | MSR_HVB;
hreg_compute_mem_idx(env);
env->hflags = env->msr & hflags_mask;
@@ -82,8 +87,6 @@ static inline int hreg_store_msr(CPUPPCState *env,
target_ulong value,
}
if (((value >> MSR_IR) & 1) != msr_ir ||
((value >> MSR_DR) & 1) != msr_dr) {
-/* Flush all tlb when changing translation mode */
-tlb_flush(cs, 1);
excp = POWERPC_EXCP_NONE;
cs->interrupt_request |= CPU_INTERRUPT_EXITTB;
}
--
2.3.5
Re: [Qemu-devel] [PATCH] sheepdog: fix resource leak with sd_snapshot_create
zhanghailiang writes:
> Signed-off-by: zhanghailiang
> ---
> block/sheepdog.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/block/sheepdog.c b/block/sheepdog.c
> index 2d5f06a..bd7cbed 100644
> --- a/block/sheepdog.c
> +++ b/block/sheepdog.c
> @@ -2341,6 +2341,7 @@ static int sd_snapshot_create(BlockDriverState *bs,
> QEMUSnapshotInfo *sn_info)
> if (ret < 0) {
> error_report("failed to create inode for snapshot: %s",
> error_get_pretty(local_err));
> +error_free(local_err);
> goto cleanup;
> }
Reviewed-by: Markus Armbruster
Re: [Qemu-devel] Fwd: qemu drive mirror assert fault
On Thu, 04/30 17:50, Paolo Bonzini wrote: > John, Fam, > > I got this report offlist. This happens if a bit in the hbitmap is > cleared and the HBitmap has _not_ yet reached the bit. See this comment > in include/qemu/hbitmap.h: > > * Resetting bits before the current > * position of the iterator is also okay. However, concurrent > * resetting of bits can lead to unexpected behavior if the iterator > * has not yet reached those bits. > > Can you please take a look? Since the gdb output is suggesting 1.5.3, it's worth to trying 2.3 which has this: commit c4237dfa635900e4d1cdc6038d5efe3507f45f0c Author: Vladimir Sementsov-Ogievskiy Date: Thu Nov 27 12:40:46 2014 +0300 block: fix spoiling all dirty bitmaps by mirror and migration Mirror and migration use dirty bitmaps for their purposes, and since commit [block: per caller dirty bitmap] they use their own bitmaps, not the global one. But they use old functions bdrv_set_dirty and bdrv_reset_dirty, which change all dirty bitmaps. Named dirty bitmaps series by Fam and Snow are affected: mirroring and migration will spoil all (not related to this mirroring or migration) named dirty bitmaps. This patch fixes this by adding bdrv_set_dirty_bitmap and bdrv_reset_dirty_bitmap, which change concrete bitmap. Also, to prevent such mistakes in future, old functions bdrv_(set,reset)_dirty are made static, for internal block usage. Signed-off-by: Vladimir Sementsov-Ogievskiy CC: John Snow CC: Fam Zheng CC: Denis V. Lunev CC: Stefan Hajnoczi CC: Kevin Wolf Reviewed-by: John Snow Reviewed-by: Fam Zheng Message-id: 1417081246-3593-1-git-send-email-vsement...@parallels.com Signed-off-by: Max Reitz Fam > > Thanks, > > Paolo > > Forwarded Message > Subject: qemu drive mirror assert fault > Date: Wed, 29 Apr 2015 10:50:28 +0800 > From: wangxiaolong > To: pbonzini > > hello, > > I used drive mirror to do live migration, and I run into such an assert > fault: > > (gdb) bt > > #0 0x7fd2c6e678a5 in raise (sig=6) at > ../nptl/sysdeps/unix/sysv/linux/raise.c:64 > > #1 0x7fd2c6e69085 in abort () at abort.c:92 > > #2 0x7fd2c6e60a1e in __assert_fail_base (fmt=, > assertion=0x7fd2ca215aa0 "cur", file=0x7fd2ca215a78 "util/hbitmap.c", > line=, > > function=) at assert.c:96 > > #3 0x7fd2c6e60ae0 in __assert_fail (assertion=0x7fd2ca215aa0 "cur", > file=0x7fd2ca215a78 "util/hbitmap.c", line=129, function=0x7fd2ca215bf0 > "hbitmap_iter_skip_words") > > at assert.c:105 > > #4 0x7fd2ca1b3bb8 in hbitmap_iter_skip_words (hbi= out>) at util/hbitmap.c:129 > > #5 0x7fd2c9f8f8e0 in hbitmap_iter_next (opaque=0x7fd2cc59c730) at > /usr/src/debug/qemu-kvm-1.5.3/include/qemu/hbitmap.h:166 > > #6 mirror_iteration (opaque=0x7fd2cc59c730) at block/mirror.c:163 > > #7 mirror_run (opaque=0x7fd2cc59c730) at block/mirror.c:407 > > #8 0x7fd2c9fc45bb in coroutine_trampoline (i0= out>, i1=) at coroutine-ucontext.c:118 > > #9 0x7fd2c6e78b70 in ?? () from /lib64/libc-2.12.so > > #10 0x7fff53eede80 in ?? () > > #11 0x in ?? () > > > and I just can’t figure out what is the cause of this situation, > could you help me figure it out, thanks! > > > >
Re: [Qemu-devel] [RFC PATCH v3 16/24] qom: Introduce object_has_no_children() API
On Fri, Apr 24, 2015 at 12:17:38PM +0530, Bharata B Rao wrote: > This QOM API can be used to check of an object has any child objects > associated with it. > > Needed by PowerPC CPU hotplug code to release parent CPU core and > socket objects only after ascertaining that they don't have any child > objects. > > Signed-off-by: Bharata B Rao Reviewed-by: David Gibson Another one which might be worth posting independently of the powerpc hotplug series. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgpe2dCpKwJ0S.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 11/24] ppc: Create sockets and cores for CPUs
On Fri, Apr 24, 2015 at 12:17:33PM +0530, Bharata B Rao wrote: > ppc machine init functions create individual CPU threads. Change this > for sPAPR by switching to socket creation. CPUs are created recursively > by socket and core instance init routines. > > TODO: Switching to socket level CPU creation is done only for sPAPR > target now. > > Signed-off-by: Bharata B Rao Reviewed-by: David Gibson Though it obviously may need rework depending on what other changes happen with the core/socket structure. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgpFcW53_njPm.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 08/24] ppc: Prepare CPU socket/core abstraction
On Fri, Apr 24, 2015 at 12:17:30PM +0530, Bharata B Rao wrote:
As Thomas says, this really needs a commit message.
I also think building this infrastructure is a bit premature when the
discussion is ongoing about how to do this geerically.
What I'd suggest is just have the minimal set you need, which can be
reworked into the new generic scheme once it solidifies.
So, I'd suggest just implement a specific POWER8 core device, which
instantiates up to 8 POWER8 vcpu threads. We know we'll need some
kind of handle for that, regardless of where it fits in the eventual
overall scheme of sockets and cores and whatever.
> Signed-off-by: Bharata B Rao
> Signed-off-by: Andreas Färber
> ---
> hw/ppc/Makefile.objs| 1 +
> hw/ppc/cpu-core.c | 46
> hw/ppc/cpu-socket.c | 47
> +
> include/hw/ppc/cpu-core.h | 32 ++
> include/hw/ppc/cpu-socket.h | 32 ++
> 5 files changed, 158 insertions(+)
> create mode 100644 hw/ppc/cpu-core.c
> create mode 100644 hw/ppc/cpu-socket.c
> create mode 100644 include/hw/ppc/cpu-core.h
> create mode 100644 include/hw/ppc/cpu-socket.h
>
> diff --git a/hw/ppc/Makefile.objs b/hw/ppc/Makefile.objs
> index c8ab06e..a35cac5 100644
> --- a/hw/ppc/Makefile.objs
> +++ b/hw/ppc/Makefile.objs
> @@ -1,5 +1,6 @@
> # shared objects
> obj-y += ppc.o ppc_booke.o
> +obj-y += cpu-socket.o cpu-core.o
> # IBM pSeries (sPAPR)
> obj-$(CONFIG_PSERIES) += spapr.o spapr_vio.o spapr_events.o
> obj-$(CONFIG_PSERIES) += spapr_hcall.o spapr_iommu.o spapr_rtas.o
> diff --git a/hw/ppc/cpu-core.c b/hw/ppc/cpu-core.c
> new file mode 100644
> index 000..ed0481f
> --- /dev/null
> +++ b/hw/ppc/cpu-core.c
> @@ -0,0 +1,46 @@
> +/*
> + * ppc CPU core abstraction
> + *
> + * Copyright (c) 2015 SUSE Linux GmbH
> + * Copyright (C) 2015 Bharata B Rao
> + */
> +
> +#include "hw/qdev.h"
> +#include "hw/ppc/cpu-core.h"
> +
> +static int ppc_cpu_core_realize_child(Object *child, void *opaque)
> +{
> +Error **errp = opaque;
> +
> +object_property_set_bool(child, true, "realized", errp);
> +if (*errp) {
> +return 1;
> +}
> +
> +return 0;
> +}
> +
> +static void ppc_cpu_core_realize(DeviceState *dev, Error **errp)
> +{
> +object_child_foreach(OBJECT(dev), ppc_cpu_core_realize_child, errp);
> +}
> +
> +static void ppc_cpu_core_class_init(ObjectClass *oc, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(oc);
> +
> +dc->realize = ppc_cpu_core_realize;
> +}
> +
> +static const TypeInfo ppc_cpu_core_type_info = {
> +.name = TYPE_POWERPC_CPU_CORE,
> +.parent = TYPE_DEVICE,
> +.class_init = ppc_cpu_core_class_init,
> +};
> +
> +static void ppc_cpu_core_register_types(void)
> +{
> +type_register_static(&ppc_cpu_core_type_info);
> +}
> +
> +type_init(ppc_cpu_core_register_types)
> diff --git a/hw/ppc/cpu-socket.c b/hw/ppc/cpu-socket.c
> new file mode 100644
> index 000..602a060
> --- /dev/null
> +++ b/hw/ppc/cpu-socket.c
> @@ -0,0 +1,47 @@
> +/*
> + * PPC CPU socket abstraction
> + *
> + * Copyright (c) 2015 SUSE Linux GmbH
> + * Copyright (C) 2015 Bharata B Rao
> + */
> +
> +#include "hw/qdev.h"
> +#include "hw/ppc/cpu-socket.h"
> +#include "sysemu/cpus.h"
> +
> +static int ppc_cpu_socket_realize_child(Object *child, void *opaque)
> +{
> +Error **errp = opaque;
> +
> +object_property_set_bool(child, true, "realized", errp);
> +if (*errp) {
> +return 1;
> +} else {
> +return 0;
> +}
> +}
> +
> +static void ppc_cpu_socket_realize(DeviceState *dev, Error **errp)
> +{
> +object_child_foreach(OBJECT(dev), ppc_cpu_socket_realize_child, errp);
> +}
> +
> +static void ppc_cpu_socket_class_init(ObjectClass *oc, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(oc);
> +
> +dc->realize = ppc_cpu_socket_realize;
> +}
> +
> +static const TypeInfo ppc_cpu_socket_type_info = {
> +.name = TYPE_POWERPC_CPU_SOCKET,
> +.parent = TYPE_CPU_SOCKET,
> +.class_init = ppc_cpu_socket_class_init,
> +};
> +
> +static void ppc_cpu_socket_register_types(void)
> +{
> +type_register_static(&ppc_cpu_socket_type_info);
> +}
> +
> +type_init(ppc_cpu_socket_register_types)
> diff --git a/include/hw/ppc/cpu-core.h b/include/hw/ppc/cpu-core.h
> new file mode 100644
> index 000..95f1c28
> --- /dev/null
> +++ b/include/hw/ppc/cpu-core.h
> @@ -0,0 +1,32 @@
> +/*
> + * PowerPC CPU core abstraction
> + *
> + * Copyright (c) 2015 SUSE Linux GmbH
> + * Copyright (C) 2015 Bharata B Rao
> + */
> +#ifndef HW_PPC_CPU_CORE_H
> +#define HW_PPC_CPU_CORE_H
> +
> +#include "hw/qdev.h"
> +#include "cpu.h"
> +
> +#ifdef TARGET_PPC64
> +#define TYPE_POWERPC_CPU_CORE "powerpc64-cpu-core"
> +#elif defined(TARGET_PPCEMB)
> +#define TYPE_POWERPC_CPU_CORE "embedded-powerpc-cpu-core"
> +#else
> +#define TYPE_POWERPC_CPU_CORE "powerpc-cpu-core"
> +#endif
> +
> +#define POWERPC_CPU_CORE(
Re: [Qemu-devel] [RFC PATCH v3 13/24] cpus: Add Error argument to cpu_exec_init()
On Fri, Apr 24, 2015 at 12:17:35PM +0530, Bharata B Rao wrote: > Add an Error argument to cpu_exec_init() to let users collect the > error. Change all callers to currently pass NULL error argument. This change > is needed for the following reasons: > > - A subsequent commit changes the CPU enumeration logic in cpu_exec_init() > resulting in cpu_exec_init() to fail if cpu_index values corresponding > to max_cpus have already been handed out. > - There is a thinking that cpu_exec_init() should be called from realize > rather than instance_init. With this change, those architectures > that can move this call into realize function can do so in a phased > manner. > > Signed-off-by: Bharata B Rao > Reviewed-by: David Gibson Again, looks good to me, but I'm not sure whose tree it needs to go through. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgp9BOh5GrLYr.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 15/24] ppc: Move cpu_exec_init() call to realize function
On Fri, Apr 24, 2015 at 12:17:37PM +0530, Bharata B Rao wrote: > Move cpu_exec_init() call from instance_init to realize. This allows > any failures from cpu_exec_init() to be handled appropriately. > Correspondingly move cpu_exec_exit() call from instance_finalize > to unrealize. > > Signed-off-by: Bharata B Rao Reviewed-by: David Gibson -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgpQRPtzBY43b.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 18/24] xics_kvm: Don't enable KVM_CAP_IRQ_XICS if already enabled
On Fri, Apr 24, 2015 at 12:17:40PM +0530, Bharata B Rao wrote:
> When supporting CPU hot removal by parking the vCPU fd and reusing
> it during hotplug again, there can be cases where we try to reenable
> KVM_CAP_IRQ_XICS CAP for the vCPU for which it was already enabled.
> Introduce a boolean member in ICPState to track this and don't
> reenable the CAP if it was already enabled earlier.
>
> This change allows CPU hot removal to work for sPAPR.
>
> Signed-off-by: Bharata B Rao
Do you actually need this? Is there any harm in setting the
capability multiple times, or could you just ignore the "already set"
error?
> ---
> hw/intc/xics_kvm.c| 10 ++
> include/hw/ppc/xics.h | 1 +
> 2 files changed, 11 insertions(+)
>
> diff --git a/hw/intc/xics_kvm.c b/hw/intc/xics_kvm.c
> index c15453f..5b27bf8 100644
> --- a/hw/intc/xics_kvm.c
> +++ b/hw/intc/xics_kvm.c
> @@ -331,6 +331,15 @@ static void xics_kvm_cpu_setup(XICSState *icp,
> PowerPCCPU *cpu)
> abort();
> }
>
> +/*
> + * If we are reusing a parked vCPU fd corresponding to the CPU
> + * which was hot-removed earlier we don't have to renable
> + * KVM_CAP_IRQ_XICS capability again.
> + */
> +if (ss->cap_irq_xics_enabled) {
> +return;
> +}
> +
> if (icpkvm->kernel_xics_fd != -1) {
> int ret;
>
> @@ -343,6 +352,7 @@ static void xics_kvm_cpu_setup(XICSState *icp, PowerPCCPU
> *cpu)
> kvm_arch_vcpu_id(cs), strerror(errno));
> exit(1);
> }
> +ss->cap_irq_xics_enabled = true;
> }
> }
>
> diff --git a/include/hw/ppc/xics.h b/include/hw/ppc/xics.h
> index a214dd7..355a966 100644
> --- a/include/hw/ppc/xics.h
> +++ b/include/hw/ppc/xics.h
> @@ -109,6 +109,7 @@ struct ICPState {
> uint8_t pending_priority;
> uint8_t mfrr;
> qemu_irq output;
> +bool cap_irq_xics_enabled;
> };
>
> #define TYPE_ICS "ics"
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
pgp0HpLu0v7zn.pgp
Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 12/24] spapr: CPU hotplug support
On Fri, Apr 24, 2015 at 12:17:34PM +0530, Bharata B Rao wrote:
> Support CPU hotplug via device-add command. Set up device tree
> entries for the hotplugged CPU core and use the exising EPOW event
> infrastructure to send CPU hotplug notification to the guest.
>
> Also support cold plugged CPUs that are specified by -device option
> on cmdline.
>
> Signed-off-by: Bharata B Rao
> ---
> hw/ppc/spapr.c| 129
> ++
> hw/ppc/spapr_events.c | 8 ++--
> hw/ppc/spapr_rtas.c | 11 +
> 3 files changed, 145 insertions(+), 3 deletions(-)
>
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index b526b7d..9b0701c 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -33,6 +33,7 @@
> #include "sysemu/block-backend.h"
> #include "sysemu/cpus.h"
> #include "sysemu/kvm.h"
> +#include "sysemu/device_tree.h"
> #include "kvm_ppc.h"
> #include "mmu-hash64.h"
> #include "qom/cpu.h"
> @@ -662,6 +663,17 @@ static void spapr_populate_cpu_dt(CPUState *cs, void
> *fdt, int offset)
> unsigned sockets = opts ? qemu_opt_get_number(opts, "sockets", 0) : 0;
> uint32_t cpus_per_socket = sockets ? (smp_cpus / sockets) : 1;
> uint32_t pft_size_prop[] = {0, cpu_to_be32(spapr->htab_shift)};
> +sPAPRDRConnector *drc;
> +sPAPRDRConnectorClass *drck;
> +int drc_index;
> +
> +if (spapr->dr_cpu_enabled) {
> +drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, index);
> +g_assert(drc);
> +drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
> +drc_index = drck->get_index(drc);
> +_FDT((fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index)));
> +}
>
> _FDT((fdt_setprop_cell(fdt, offset, "reg", index)));
> _FDT((fdt_setprop_string(fdt, offset, "device_type", "cpu")));
> @@ -1850,6 +1862,114 @@ static void spapr_nmi(NMIState *n, int cpu_index,
> Error **errp)
> }
> }
>
> +static void *spapr_populate_hotplug_cpu_dt(DeviceState *dev, CPUState *cs,
> +int *fdt_offset)
> +{
> +PowerPCCPU *cpu = POWERPC_CPU(cs);
> +DeviceClass *dc = DEVICE_GET_CLASS(cs);
> +int id = ppc_get_vcpu_dt_id(cpu);
> +void *fdt;
> +int offset, fdt_size;
> +char *nodename;
> +
> +fdt = create_device_tree(&fdt_size);
> +nodename = g_strdup_printf("%s@%x", dc->fw_name, id);
> +offset = fdt_add_subnode(fdt, 0, nodename);
> +
> +spapr_populate_cpu_dt(cs, fdt, offset);
> +g_free(nodename);
> +
> +*fdt_offset = offset;
> +return fdt;
> +}
> +
> +static void spapr_cpu_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
> +Error **errp)
> +{
> +CPUState *cs = CPU(dev);
> +PowerPCCPU *cpu = POWERPC_CPU(cs);
> +int id = ppc_get_vcpu_dt_id(cpu);
> +sPAPRDRConnector *drc =
> +spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, id);
> +sPAPRDRConnectorClass *drck;
> +int smt = kvmppc_smt_threads();
> +Error *local_err = NULL;
> +void *fdt = NULL;
> +int i, fdt_offset = 0;
> +
> +/* Set NUMA node for the added CPUs */
> +for (i = 0; i < nb_numa_nodes; i++) {
> +if (test_bit(cs->cpu_index, numa_info[i].node_cpu)) {
> +cs->numa_node = i;
> +break;
> +}
> +}
> +
> +/*
> + * SMT threads return from here, only main thread (core) will
> + * continue and signal hotplug event to the guest.
> + */
> +if ((id % smt) != 0) {
> +return;
> +}
Couldn't you avoid this by attaching this call to the core device,
rather than the individual vcpu thread objects?
> +if (!spapr->dr_cpu_enabled) {
> +/*
> + * This is a cold plugged CPU but the machine doesn't support
> + * DR. So skip the hotplug path ensuring that the CPU is brought
> + * up online with out an associated DR connector.
> + */
> +return;
> +}
> +
> +g_assert(drc);
> +
> +/*
> + * Setup CPU DT entries only for hotplugged CPUs. For boot time or
> + * coldplugged CPUs DT entries are setup in spapr_finalize_fdt().
> + */
> +if (dev->hotplugged) {
> +fdt = spapr_populate_hotplug_cpu_dt(dev, cs, &fdt_offset);
> +}
> +
> +drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
> +drck->attach(drc, dev, fdt, fdt_offset, !dev->hotplugged, &local_err);
> +if (local_err) {
> +g_free(fdt);
> +error_propagate(errp, local_err);
> +return;
> +}
> +
> +/*
> + * We send hotplug notification interrupt to the guest only in case
> + * of hotplugged CPUs.
> + */
> +if (dev->hotplugged) {
> +spapr_hotplug_req_add_event(drc);
> +} else {
> +/*
> + * HACK to support removal of hotplugged CPU after VM migration:
> + *
> + * Since we want to be able to hot-remove those coldplugged CPUs
> + * started at boot time using -device option at the target VM, we set
> +
Re: [Qemu-devel] [RFC PATCH v3 24/24] spapr: Memory hotplug support
On Fri, Apr 24, 2015 at 12:17:46PM +0530, Bharata B Rao wrote: > Make use of pc-dimm infrastructure to support memory hotplug > for PowerPC. > > Modelled on i386 memory hotplug. Can the previous patch actually do anything without this one? If not, might as well fold them together. > > Signed-off-by: Bharata B Rao Reviewed-by: David Gibson -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgp8HIs7eaH6T.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 10/24] ppc: Update cpu_model in MachineState
On Fri, Apr 24, 2015 at 12:17:32PM +0530, Bharata B Rao wrote:
> Keep cpu_model field in MachineState uptodate so that it can be used
> from the CPU hotplug path.
>
> Signed-off-by: Bharata B Rao
> Reviewed-by: David Gibson
As before, this looks fine to me, but I'm not sure which tree it
should go through.
Alex, do you want to take it directly, or send an Acked-by and I'll
take it through spapr-next?
> ---
> hw/ppc/mac_newworld.c | 10 +-
> hw/ppc/mac_oldworld.c | 7 +++
> hw/ppc/ppc440_bamboo.c | 7 +++
> hw/ppc/prep.c | 7 +++
> hw/ppc/spapr.c | 7 +++
> hw/ppc/virtex_ml507.c | 7 +++
> 6 files changed, 20 insertions(+), 25 deletions(-)
>
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 624b4ab..fe18bce 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -145,7 +145,6 @@ static void ppc_core99_reset(void *opaque)
> static void ppc_core99_init(MachineState *machine)
> {
> ram_addr_t ram_size = machine->ram_size;
> -const char *cpu_model = machine->cpu_model;
> const char *kernel_filename = machine->kernel_filename;
> const char *kernel_cmdline = machine->kernel_cmdline;
> const char *initrd_filename = machine->initrd_filename;
> @@ -182,14 +181,15 @@ static void ppc_core99_init(MachineState *machine)
> linux_boot = (kernel_filename != NULL);
>
> /* init CPUs */
> -if (cpu_model == NULL)
> +if (machine->cpu_model == NULL) {
> #ifdef TARGET_PPC64
> -cpu_model = "970fx";
> +machine->cpu_model = "970fx";
> #else
> -cpu_model = "G4";
> +machine->cpu_model = "G4";
> #endif
> +}
> for (i = 0; i < smp_cpus; i++) {
> -cpu = cpu_ppc_init(cpu_model);
> +cpu = cpu_ppc_init(machine->cpu_model);
> if (cpu == NULL) {
> fprintf(stderr, "Unable to find PowerPC CPU definition\n");
> exit(1);
> diff --git a/hw/ppc/mac_oldworld.c b/hw/ppc/mac_oldworld.c
> index 3079510..2732319 100644
> --- a/hw/ppc/mac_oldworld.c
> +++ b/hw/ppc/mac_oldworld.c
> @@ -75,7 +75,6 @@ static void ppc_heathrow_reset(void *opaque)
> static void ppc_heathrow_init(MachineState *machine)
> {
> ram_addr_t ram_size = machine->ram_size;
> -const char *cpu_model = machine->cpu_model;
> const char *kernel_filename = machine->kernel_filename;
> const char *kernel_cmdline = machine->kernel_cmdline;
> const char *initrd_filename = machine->initrd_filename;
> @@ -107,10 +106,10 @@ static void ppc_heathrow_init(MachineState *machine)
> linux_boot = (kernel_filename != NULL);
>
> /* init CPUs */
> -if (cpu_model == NULL)
> -cpu_model = "G3";
> +if (machine->cpu_model == NULL)
> +machine->cpu_model = "G3";
> for (i = 0; i < smp_cpus; i++) {
> -cpu = cpu_ppc_init(cpu_model);
> +cpu = cpu_ppc_init(machine->cpu_model);
> if (cpu == NULL) {
> fprintf(stderr, "Unable to find PowerPC CPU definition\n");
> exit(1);
> diff --git a/hw/ppc/ppc440_bamboo.c b/hw/ppc/ppc440_bamboo.c
> index 778970a..032fa80 100644
> --- a/hw/ppc/ppc440_bamboo.c
> +++ b/hw/ppc/ppc440_bamboo.c
> @@ -159,7 +159,6 @@ static void main_cpu_reset(void *opaque)
> static void bamboo_init(MachineState *machine)
> {
> ram_addr_t ram_size = machine->ram_size;
> -const char *cpu_model = machine->cpu_model;
> const char *kernel_filename = machine->kernel_filename;
> const char *kernel_cmdline = machine->kernel_cmdline;
> const char *initrd_filename = machine->initrd_filename;
> @@ -184,10 +183,10 @@ static void bamboo_init(MachineState *machine)
> int i;
>
> /* Setup CPU. */
> -if (cpu_model == NULL) {
> -cpu_model = "440EP";
> +if (machine->cpu_model == NULL) {
> +machine->cpu_model = "440EP";
> }
> -cpu = cpu_ppc_init(cpu_model);
> +cpu = cpu_ppc_init(machine->cpu_model);
> if (cpu == NULL) {
> fprintf(stderr, "Unable to initialize CPU!\n");
> exit(1);
> diff --git a/hw/ppc/prep.c b/hw/ppc/prep.c
> index 15df7f3..55e9643 100644
> --- a/hw/ppc/prep.c
> +++ b/hw/ppc/prep.c
> @@ -364,7 +364,6 @@ static PortioList prep_port_list;
> static void ppc_prep_init(MachineState *machine)
> {
> ram_addr_t ram_size = machine->ram_size;
> -const char *cpu_model = machine->cpu_model;
> const char *kernel_filename = machine->kernel_filename;
> const char *kernel_cmdline = machine->kernel_cmdline;
> const char *initrd_filename = machine->initrd_filename;
> @@ -396,10 +395,10 @@ static void ppc_prep_init(MachineState *machine)
> linux_boot = (kernel_filename != NULL);
>
> /* init CPUs */
> -if (cpu_model == NULL)
> -cpu_model = "602";
> +if (machine->cpu_model == NULL)
> +machine->cpu_model = "602";
> for (i = 0; i < smp_cpus; i++) {
> -cpu = cpu_ppc_init(cpu_model);
> +cpu = cpu_ppc_init(mac
Re: [Qemu-devel] [RFC PATCH v3 21/24] spapr: Initialize hotplug memory address space
On Fri, Apr 24, 2015 at 12:17:43PM +0530, Bharata B Rao wrote:
> Initialize a hotplug memory region under which all the hotplugged
> memory is accommodated. Also enable memory hotplug by setting
> CONFIG_MEM_HOTPLUG.
>
> Modelled on i386 memory hotplug.
>
> Signed-off-by: Bharata B Rao
So, the cpu hotplug stuff has been caught up in these generic level
design discussions. Could you split out the memory hotplug part of
this series so that we might be able to move forwards with that while
the cpu hotplug discussion continues?
> ---
> default-configs/ppc64-softmmu.mak | 1 +
> hw/ppc/spapr.c| 38 ++
> include/hw/ppc/spapr.h| 12
> 3 files changed, 51 insertions(+)
>
> diff --git a/default-configs/ppc64-softmmu.mak
> b/default-configs/ppc64-softmmu.mak
> index 22ef132..16b3011 100644
> --- a/default-configs/ppc64-softmmu.mak
> +++ b/default-configs/ppc64-softmmu.mak
> @@ -51,3 +51,4 @@ CONFIG_XICS_KVM=$(and $(CONFIG_PSERIES),$(CONFIG_KVM))
> # For PReP
> CONFIG_MC146818RTC=y
> CONFIG_ISA_TESTDEV=y
> +CONFIG_MEM_HOTPLUG=y
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 910a50f..9dc4c36 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -125,6 +125,9 @@ struct sPAPRMachineState {
>
> /*< public >*/
> char *kvm_type;
> +ram_addr_t hotplug_memory_base;
> +MemoryRegion hotplug_memory;
> +bool enforce_aligned_dimm;
As mentioned on the earlier version, on ppc we don't have
compatibility reasons we need to have a mode for unaligned dimms. Get
rid of this bool and treat it as always on instead.
> };
>
> sPAPREnvironment *spapr;
> @@ -1514,6 +1517,7 @@ static void ppc_spapr_init(MachineState *machine)
> QemuOpts *opts = qemu_opts_find(qemu_find_opts("smp-opts"), NULL);
> int sockets = opts ? qemu_opt_get_number(opts, "sockets", 0) : 0;
> int cores = (smp_cpus/smp_threads) ? smp_cpus/smp_threads : 1;
> +sPAPRMachineState *ms = SPAPR_MACHINE(machine);
>
> sockets = sockets ? sockets : cores;
> msi_supported = true;
> @@ -1613,6 +1617,36 @@ static void ppc_spapr_init(MachineState *machine)
> memory_region_add_subregion(sysmem, 0, rma_region);
> }
>
> +/* initialize hotplug memory address space */
> +if (machine->ram_size < machine->maxram_size) {
> +ram_addr_t hotplug_mem_size =
> +machine->maxram_size - machine->ram_size;
> +
> +if (machine->ram_slots > SPAPR_MAX_RAM_SLOTS) {
> +error_report("unsupported amount of memory slots: %"PRIu64,
> + machine->ram_slots);
> +exit(EXIT_FAILURE);
> +}
> +
> +ms->hotplug_memory_base = ROUND_UP(machine->ram_size,
> +SPAPR_HOTPLUG_MEM_ALIGN);
> +
> +if (ms->enforce_aligned_dimm) {
> +hotplug_mem_size += SPAPR_HOTPLUG_MEM_ALIGN * machine->ram_slots;
> +}
> +
> +if ((ms->hotplug_memory_base + hotplug_mem_size) < hotplug_mem_size)
> {
> +error_report("unsupported amount of maximum memory: "
> RAM_ADDR_FMT,
> + machine->maxram_size);
> +exit(EXIT_FAILURE);
> +}
> +
> +memory_region_init(&ms->hotplug_memory, OBJECT(ms),
> + "hotplug-memory", hotplug_mem_size);
> +memory_region_add_subregion(sysmem, ms->hotplug_memory_base,
> +&ms->hotplug_memory);
> +}
> +
> filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, "spapr-rtas.bin");
> spapr->rtas_size = get_image_size(filename);
> spapr->rtas_blob = g_malloc(spapr->rtas_size);
> @@ -1844,11 +1878,15 @@ static void spapr_set_kvm_type(Object *obj, const
> char *value, Error **errp)
>
> static void spapr_machine_initfn(Object *obj)
> {
> +sPAPRMachineState *ms = SPAPR_MACHINE(obj);
> +
> object_property_add_str(obj, "kvm-type",
> spapr_get_kvm_type, spapr_set_kvm_type, NULL);
> object_property_set_description(obj, "kvm-type",
> "Specifies the KVM virtualization mode
> (HV, PR)",
> NULL);
> +
> +ms->enforce_aligned_dimm = true;
> }
>
> static void ppc_cpu_do_nmi_on_cpu(void *arg)
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index ecac6e3..53560e9 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -542,6 +542,18 @@ struct sPAPREventLogEntry {
>
> #define SPAPR_MEMORY_BLOCK_SIZE (1 << 28) /* 256MB */
>
> +/*
> + * This defines the maximum number of DIMM slots we can have for sPAPR
> + * guest. This is not defined by sPAPR but we are defining it to 4096 slots
> + * here. With the worst case addition of SPAPR_MEMORY_BLOCK_SIZE
> + * (256MB) memory per slot, we should be able to support 1TB of guest
> + * hotpluggable memory.
> + */
> +#define SPAPR_MAX_RAM_SLOTS (1ULL << 12)
>
Re: [Qemu-devel] [RFC PATCH v3 23/24] spapr: Support ibm, dynamic-reconfiguration-memory
On Fri, Apr 24, 2015 at 12:17:45PM +0530, Bharata B Rao wrote: > Parse ibm,architecture.vec table obtained from the guest and enable > memory node configuration via ibm,dynamic-reconfiguration-memory if guest > supports it. This is in preparation to support memory hotplug for > sPAPR guests. > > This changes the way memory node configuration is done. Currently all > memory nodes are built upfront. But after this patch, only memory@0 node > for RMA is built upfront. Guest kernel boots with just that and rest of > the memory nodes (via memory@XXX or ibm,dynamic-reconfiguration-memory) > are built when guest does ibm,client-architecture-support call. > > Note: This patch needs a SLOF enhancement which is already part of > upstream SLOF. Is it in the SLOF included in the qemu submodule though? If not you should have a patch to update the submodule first. > Signed-off-by: Bharata B Rao Apart from that, Reviewed-by: David Gibson -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgpxb0yLLBKP2.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 22/24] numa: API to lookup NUMA node by address
On Fri, Apr 24, 2015 at 12:17:44PM +0530, Bharata B Rao wrote: > Keep track of start and end address of each NUMA node in numa_info > structure so that lookup of node by address becomes easier. Add > an API get_numa_node() to lookup a node by address. > > This is needed by PowerPC memory hotplug implementation. > > Signed-off-by: Bharata B Rao > Cc: Paolo Bonzini Reviewed-by: David Gibson Another candidate for sending separately from the papr hotplug series. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgpnMd4oGIUuW.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 20/24] spapr: CPU hot unplug support
On Fri, Apr 24, 2015 at 12:17:42PM +0530, Bharata B Rao wrote:
> Support hot removal of CPU for sPAPR guests by sending the hot unplug
> notification to the guest via EPOW interrupt. Release the vCPU object
> after CPU hot unplug so that vCPU fd can be parked and reused.
>
> Signed-off-by: Bharata B Rao
> ---
> hw/ppc/spapr.c | 101
> +++-
> target-ppc/translate_init.c | 10 +
> 2 files changed, 110 insertions(+), 1 deletion(-)
>
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 9b0701c..910a50f 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -1481,6 +1481,12 @@ static void spapr_cpu_init(PowerPCCPU *cpu)
> qemu_register_reset(spapr_cpu_reset, cpu);
> }
>
> +static void spapr_cpu_destroy(PowerPCCPU *cpu)
> +{
> +xics_cpu_destroy(spapr->icp, cpu);
> +qemu_unregister_reset(spapr_cpu_reset, cpu);
> +}
> +
> /* pSeries LPAR / sPAPR hardware init */
> static void ppc_spapr_init(MachineState *machine)
> {
> @@ -1883,6 +1889,24 @@ static void *spapr_populate_hotplug_cpu_dt(DeviceState
> *dev, CPUState *cs,
> return fdt;
> }
>
> +static void spapr_cpu_release(DeviceState *dev, void *opaque)
> +{
> +CPUState *cs;
> +int i;
> +int id = ppc_get_vcpu_dt_id(POWERPC_CPU(CPU(dev)));
> +
> +for (i = id; i < id + smp_threads; i++) {
> +CPU_FOREACH(cs) {
> +PowerPCCPU *cpu = POWERPC_CPU(cs);
> +
> +if (i == ppc_get_vcpu_dt_id(cpu)) {
> +spapr_cpu_destroy(cpu);
> +cpu_remove(cs);
> +}
> +}
> +}
> +}
> +
> static void spapr_cpu_plug(HotplugHandler *hotplug_dev, DeviceState *dev,
> Error **errp)
> {
> @@ -1970,6 +1994,59 @@ static void spapr_cpu_plug(HotplugHandler
> *hotplug_dev, DeviceState *dev,
> return;
> }
>
> +static int spapr_cpu_unplug(Object *obj, void *opaque)
> +{
> +Error **errp = opaque;
> +DeviceState *dev = DEVICE(obj);
> +CPUState *cs = CPU(dev);
> +PowerPCCPU *cpu = POWERPC_CPU(cs);
> +int id = ppc_get_vcpu_dt_id(cpu);
> +int smt = kvmppc_smt_threads();
> +sPAPRDRConnector *drc =
> +spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, id);
> +sPAPRDRConnectorClass *drck;
> +Error *local_err = NULL;
> +
> +/*
> + * SMT threads return from here, only main thread (core) will
> + * continue and signal hot unplug event to the guest.
> + */
> +if ((id % smt) != 0) {
> +return 0;
> +}
As with the in-plug side couldn't this be done more naturally by
attaching this function to the cpu core object rather than the thread?
> +g_assert(drc);
> +
> +drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
> +drck->detach(drc, dev, spapr_cpu_release, NULL, &local_err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +return -1;
> +}
> +
> +/*
> + * In addition to hotplugged CPUs, send the hot-unplug notification
> + * interrupt to the guest for coldplugged CPUs started via -device
> + * option too.
> + */
> +spapr_hotplug_req_remove_event(drc);
Um.. doesn't the remove notification need to go *before* the
"physical" unplug? Along with a wait for acknowledgement from the
guest?
> +return 0;
> +}
> +
> +static int spapr_cpu_core_unplug(Object *obj, void *opaque)
> +{
> +Error **errp = opaque;
> +
> +object_child_foreach(obj, spapr_cpu_unplug, errp);
> +return 0;
> +}
> +
> +static void spapr_cpu_socket_unplug(HotplugHandler *hotplug_dev,
> +DeviceState *dev, Error **errp)
> +{
> +object_child_foreach(OBJECT(dev), spapr_cpu_core_unplug, errp);
> +}
> +
> static void spapr_machine_device_plug(HotplugHandler *hotplug_dev,
>DeviceState *dev, Error **errp)
> {
> @@ -1984,16 +2061,36 @@ static void spapr_machine_device_plug(HotplugHandler
> *hotplug_dev,
> * Fail hotplug on machines where CPU DR isn't enabled.
> */
> if (!spapr->dr_cpu_enabled && dev->hotplugged) {
> +/*
> + * FIXME: Ideally should fail hotplug here by doing an
> error_setg,
> + * but failing hotplug here doesn't work well with the vCPU
> object
> + * removal code. Hence silently refusing to add CPUs here.
> + */
> +spapr_cpu_destroy(cpu);
> +cpu_remove(cs);
> return;
> }
> spapr_cpu_plug(hotplug_dev, dev, errp);
> }
> }
>
> +static void spapr_machine_device_unplug(HotplugHandler *hotplug_dev,
> + DeviceState *dev, Error **errp)
> +{
> +if (object_dynamic_cast(OBJECT(dev), TYPE_CPU_SOCKET)) {
> +if (!spapr->dr_cpu_enabled) {
> +error_setg(errp, "CPU hot unplug not supported on this machine");
> +return;
> +}
> +spapr_cpu_socket_unplug(hotplug_dev, dev, errp)
Re: [Qemu-devel] [RFC PATCH v3 14/24] cpus: Convert cpu_index into a bitmap
On Fri, Apr 24, 2015 at 12:17:36PM +0530, Bharata B Rao wrote:
> Currently CPUState.cpu_index is monotonically increasing and a newly
> created CPU always gets the next higher index. The next available
> index is calculated by counting the existing number of CPUs. This is
> fine as long as we only add CPUs, but there are architectures which
> are starting to support CPU removal too. For an architecture like PowerPC
> which derives its CPU identifier (device tree ID) from cpu_index, the
> existing logic of generating cpu_index values causes problems.
>
> With the currently proposed method of handling vCPU removal by parking
> the vCPU fd in QEMU
> (Ref: http://lists.gnu.org/archive/html/qemu-devel/2015-02/msg02604.html),
> generating cpu_index this way will not work for PowerPC.
>
> This patch changes the way cpu_index is handed out by maintaining
> a bit map of the CPUs that tracks both addition and removal of CPUs.
>
> The CPU bitmap allocation logic is part of cpu_exec_init() which is
> called by instance_init routines of various CPU targets. This patch
> also adds corresponding instance_finalize routine if needed for these
> CPU targets so that CPU can be marked free when it is removed.
>
> Signed-off-by: Bharata B Rao
Looks good in concept, though there are a couple of implementation
nits noted below.
I thin kit might be worth posting this patch and the previous one
separately from your spapr hotplug series. They're generic patches
which can't go through my tree, and they also look sound to me
regardless of how the remaining details of cpu hotplug work out.
> ---
> exec.c | 37 ++---
> include/qom/cpu.h | 8
> target-alpha/cpu.c | 6 ++
> target-arm/cpu.c| 1 +
> target-cris/cpu.c | 6 ++
> target-i386/cpu.c | 6 ++
> target-lm32/cpu.c | 6 ++
> target-m68k/cpu.c | 6 ++
> target-microblaze/cpu.c | 6 ++
> target-mips/cpu.c | 6 ++
> target-moxie/cpu.c | 6 ++
> target-openrisc/cpu.c | 6 ++
> target-ppc/translate_init.c | 6 ++
> target-s390x/cpu.c | 1 +
> target-sh4/cpu.c| 6 ++
> target-sparc/cpu.c | 1 +
> target-tricore/cpu.c| 5 +
> target-unicore32/cpu.c | 6 ++
> target-xtensa/cpu.c | 6 ++
> 19 files changed, 128 insertions(+), 3 deletions(-)
>
> diff --git a/exec.c b/exec.c
> index e1ff6b0..9bbab02 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -527,21 +527,52 @@ void tcg_cpu_address_space_init(CPUState *cpu,
> AddressSpace *as)
> }
> #endif
>
> +#ifndef CONFIG_USER_ONLY
Having different methods of handling the cpu infox for USER_ONLY and
softmmu mode seems a bit ugly. There's no need for the bitmap in user
only mode, but there's no harm to it either.
> +static DECLARE_BITMAP(cpu_index_map, MAX_CPUMASK_BITS);
> +
> +static int cpu_get_free_index(Error **errp)
> +{
> +int cpu = find_first_zero_bit(cpu_index_map, max_cpus);
> +
> +if (cpu == max_cpus) {
Might be safer to have cpu >= max_cpus here, just in case something
changes.
> +error_setg(errp, "Trying to use more CPUs than allowed max of %d\n",
> +max_cpus);
> +return max_cpus;
> +} else {
> +bitmap_set(cpu_index_map, cpu, 1);
> +return cpu;
> +}
> +}
> +
> +void cpu_exec_exit(CPUState *cpu)
> +{
> +bitmap_clear(cpu_index_map, cpu->cpu_index, 1);
> +}
> +#endif
> +
> void cpu_exec_init(CPUArchState *env, Error **errp)
> {
> CPUState *cpu = ENV_GET_CPU(env);
> CPUClass *cc = CPU_GET_CLASS(cpu);
> -CPUState *some_cpu;
> int cpu_index;
> -
> #if defined(CONFIG_USER_ONLY)
> +CPUState *some_cpu;
> +
> cpu_list_lock();
> -#endif
> cpu_index = 0;
> CPU_FOREACH(some_cpu) {
> cpu_index++;
> }
> cpu->cpu_index = cpu_index;
> +#else
> +Error *local_err = NULL;
> +
> +cpu_index = cpu->cpu_index = cpu_get_free_index(&local_err);
> +if (local_err) {
> +error_propagate(errp, local_err);
> +return;
> +}
> +#endif
> cpu->numa_node = 0;
> QTAILQ_INIT(&cpu->breakpoints);
> QTAILQ_INIT(&cpu->watchpoints);
> diff --git a/include/qom/cpu.h b/include/qom/cpu.h
> index 48fd6fb..5241cf4 100644
> --- a/include/qom/cpu.h
> +++ b/include/qom/cpu.h
> @@ -659,6 +659,14 @@ void cpu_watchpoint_remove_all(CPUState *cpu, int mask);
> void QEMU_NORETURN cpu_abort(CPUState *cpu, const char *fmt, ...)
> GCC_FMT_ATTR(2, 3);
>
> +#ifndef CONFIG_USER_ONLY
> +void cpu_exec_exit(CPUState *cpu);
> +#else
> +static inline void cpu_exec_exit(CPUState *cpu)
> +{
> +}
> +#endif
> +
> #ifdef CONFIG_SOFTMMU
> extern const struct VMStateDescription vmstate_cpu_common;
> #else
> diff --git a/target-alpha/cpu.c b/target-alpha/cpu.c
> index 0a0c21e..259a04c 100644
> --- a/target-alpha/cpu.c
> +++ b/target-a
Re: [Qemu-devel] [PATCH] qmp: Add qom-path field to query-cpus command
On Mon, May 04, 2015 at 04:09:58PM -0300, Eduardo Habkost wrote:
> This will allow clients to query additional information directly using
> qom-get on the CPU objects.
>
> Signed-off-by: Eduardo Habkost
I'm not sure if it's the only way to accomplish what we need in these
new schemes, but it seems like a reasonable thing to have regardless.
Reviewed-by: David Gibson
> ---
> Reference to previous discussion:
>
> Date: Mon, 4 May 2015 15:37:40 -0300
> From: Eduardo Habkost
> Message-ID: <20150504183740.gm17...@thinpad.lan.raisama.net>
> Subject: Re: [Qemu-devel] [PATCH] cpu: Register QOM links at
> /machine/cpus/
>
> The summary is: even if we provide predictable QOM paths for the CPU
> objects, the qom-path field will be useful to allow the QOM objects and
> query-cpu data to be matched correctly.
> ---
> cpus.c | 1 +
> qapi-schema.json | 7 +--
> qmp-commands.hx | 1 +
> 3 files changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/cpus.c b/cpus.c
> index 62d157a..de6469f 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -1435,6 +1435,7 @@ CpuInfoList *qmp_query_cpus(Error **errp)
> info->value->CPU = cpu->cpu_index;
> info->value->current = (cpu == first_cpu);
> info->value->halted = cpu->halted;
> +info->value->qom_path = object_get_canonical_path(OBJECT(cpu));
> info->value->thread_id = cpu->thread_id;
> #if defined(TARGET_I386)
> info->value->has_pc = true;
> diff --git a/qapi-schema.json b/qapi-schema.json
> index ac9594d..7a52a78 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -602,6 +602,8 @@
> # @halted: true if the virtual CPU is in the halt state. Halt usually refers
> # to a processor specific low power mode.
> #
> +# @qom-path: path to the CPU object in the QOM tree.
> +#
> # @pc: #optional If the target is i386 or x86_64, this is the 64-bit
> instruction
> #pointer.
> #If the target is Sparc, this is the PC component of the
> @@ -622,8 +624,9 @@
> #data is sent to the client, the guest may no longer be halted.
> ##
> { 'type': 'CpuInfo',
> - 'data': {'CPU': 'int', 'current': 'bool', 'halted': 'bool', '*pc': 'int',
> - '*nip': 'int', '*npc': 'int', '*PC': 'int', 'thread_id': 'int'} }
> + 'data': {'CPU': 'int', 'current': 'bool', 'halted': 'bool', 'qom-path':
> 'str',
> + '*pc': 'int', '*nip': 'int', '*npc': 'int', '*PC': 'int',
> + 'thread_id': 'int'} }
>
> ##
> # @query-cpus:
> diff --git a/qmp-commands.hx b/qmp-commands.hx
> index d4a837c..5c92162 100644
> --- a/qmp-commands.hx
> +++ b/qmp-commands.hx
> @@ -2569,6 +2569,7 @@ Return a json-array. Each CPU is represented by a
> json-object, which contains:
> - "CPU": CPU index (json-int)
> - "current": true if this is the current CPU, false otherwise (json-bool)
> - "halted": true if the cpu is halted, false otherwise (json-bool)
> +- "qom-path": path to the CPU object in the QOM tree (json-str)
> - Current program counter. The key's name depends on the architecture:
> "pc": i386/x86_64 (json-int)
> "nip": PPC (json-int)
--
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
pgpGxa7fzxVZz.pgp
Description: PGP signature
Re: [Qemu-devel] [RFC PATCH v3 17/24] cpus: Reclaim vCPU objects
On Fri, Apr 24, 2015 at 12:17:39PM +0530, Bharata B Rao wrote:
> From: Gu Zheng
>
> In order to deal well with the kvm vcpus (which can not be removed without any
> protection), we do not close KVM vcpu fd, just record and mark it as stopped
> into a list, so that we can reuse it for the appending cpu hot-add request if
> possible. It is also the approach that kvm guys suggested:
> https://www.mail-archive.com/kvm@vger.kernel.org/msg102839.html
>
> This patch also adds a QOM API object_has_no_children(Object *obj)
> that checks whether a given object has any child objects. This API
> is needed to release CPU core and socket objects when a vCPU is destroyed.
I'm guessing this commit message needs updating, since you seem to
have split this out into the previous patch.
> Signed-off-by: Chen Fan
> Signed-off-by: Gu Zheng
> Signed-off-by: Zhu Guihua
> Signed-off-by: Bharata B Rao
>[Added core and socket removal bits]
> ---
> cpus.c | 67
>
> include/qom/cpu.h| 11 +
> include/sysemu/kvm.h | 1 +
> kvm-all.c| 57 +++-
> kvm-stub.c | 5
> 5 files changed, 140 insertions(+), 1 deletion(-)
>
> diff --git a/cpus.c b/cpus.c
> index 0fac143..325f8a6 100644
> --- a/cpus.c
> +++ b/cpus.c
> @@ -858,6 +858,47 @@ void async_run_on_cpu(CPUState *cpu, void (*func)(void
> *data), void *data)
> qemu_cpu_kick(cpu);
> }
>
> +static void qemu_destroy_cpu_core(Object *core)
> +{
> +Object *socket = core->parent;
> +
> +object_unparent(core);
> +if (socket && object_has_no_children(socket)) {
> +object_unparent(socket);
> +}
This seems a bit odd to me. I thought the general idea of the new
approaches to cpu hotplug meant that the hotplug sequence started from
the top (the socket or core) and worked down to the threads. Rather
than starting at the thread, and working up to the core and socket
level.
> +}
> +
> +static void qemu_kvm_destroy_vcpu(CPUState *cpu)
> +{
> +Object *thread = OBJECT(cpu);
> +Object *core = thread->parent;
> +
> +CPU_REMOVE(cpu);
> +
> +if (kvm_destroy_vcpu(cpu) < 0) {
> +error_report("kvm_destroy_vcpu failed.\n");
> +exit(EXIT_FAILURE);
> +}
> +
> +object_unparent(thread);
> +if (core && object_has_no_children(core)) {
> +qemu_destroy_cpu_core(core);
> +}
> +}
> +
> +static void qemu_tcg_destroy_vcpu(CPUState *cpu)
> +{
> +Object *thread = OBJECT(cpu);
> +Object *core = thread->parent;
> +
> +CPU_REMOVE(cpu);
> +object_unparent(OBJECT(cpu));
> +
> +if (core && object_has_no_children(core)) {
> +qemu_destroy_cpu_core(core);
> +}
> +}
> +
> static void flush_queued_work(CPUState *cpu)
> {
> struct qemu_work_item *wi;
> @@ -950,6 +991,11 @@ static void *qemu_kvm_cpu_thread_fn(void *arg)
> }
> }
> qemu_kvm_wait_io_event(cpu);
> +if (cpu->exit && !cpu_can_run(cpu)) {
> +qemu_kvm_destroy_vcpu(cpu);
> +qemu_mutex_unlock(&qemu_global_mutex);
> +return NULL;
> +}
> }
>
> return NULL;
> @@ -1003,6 +1049,7 @@ static void tcg_exec_all(void);
> static void *qemu_tcg_cpu_thread_fn(void *arg)
> {
> CPUState *cpu = arg;
> +CPUState *remove_cpu = NULL;
>
> qemu_tcg_init_cpu_signals();
> qemu_thread_get_self(cpu->thread);
> @@ -1039,6 +1086,16 @@ static void *qemu_tcg_cpu_thread_fn(void *arg)
> }
> }
> qemu_tcg_wait_io_event();
> +CPU_FOREACH(cpu) {
> +if (cpu->exit && !cpu_can_run(cpu)) {
> +remove_cpu = cpu;
> +break;
> +}
> +}
> +if (remove_cpu) {
> +qemu_tcg_destroy_vcpu(remove_cpu);
> +remove_cpu = NULL;
> +}
> }
>
> return NULL;
> @@ -1196,6 +1253,13 @@ void resume_all_vcpus(void)
> }
> }
>
> +void cpu_remove(CPUState *cpu)
> +{
> +cpu->stop = true;
> +cpu->exit = true;
> +qemu_cpu_kick(cpu);
> +}
> +
> /* For temporary buffers for forming a name */
> #define VCPU_THREAD_NAME_SIZE 16
>
> @@ -1390,6 +1454,9 @@ static void tcg_exec_all(void)
> break;
> }
> } else if (cpu->stop || cpu->stopped) {
> +if (cpu->exit) {
> +next_cpu = CPU_NEXT(cpu);
> +}
> break;
> }
> }
> diff --git a/include/qom/cpu.h b/include/qom/cpu.h
> index 5241cf4..1bfc3d4 100644
> --- a/include/qom/cpu.h
> +++ b/include/qom/cpu.h
> @@ -206,6 +206,7 @@ struct kvm_run;
> * @halted: Nonzero if the CPU is in suspended state.
> * @stop: Indicates a pending stop request.
> * @stopped: Indicates the CPU has been artificially stopped.
> + * @exit: Indicates the CPU has exited due to an unplug operation.
> * @tcg_exit_req: Set to force TCG to stop executi
Re: [Qemu-devel] [PATCH] pseries: Enable in-kernel H_LOGICAL_CI_{LOAD, STORE} implementations
On Tue, May 05, 2015 at 08:42:36AM +0200, Thomas Huth wrote:
> On Tue, 5 May 2015 11:00:01 +1000
> David Gibson wrote:
>
> > qemu currently implements the hypercalls H_LOGICAL_CI_LOAD and
> > H_LOGICAL_CI_STORE as PAPR extensions. These are used by the SLOF firmware
> > for IO, because performing cache inhibited MMIO accesses with the MMU off
> > (real mode) is very awkward on POWER.
> >
> > This approach breaks when SLOF needs to access IO devices implemented
> > within KVM instead of in qemu. The simplest example would be virtio-blk
> > using an iothread, because the iothread / dataplane mechanism relies on
> > an in-kernel implementation of the virtio queue notification MMIO.
> >
> > To fix this, an in-kernel implementation of these hypercalls has been made,
> > (kernel commit 99342cf "kvmppc: Implement H_LOGICAL_CI_{LOAD,STORE} in KVM"
> > however, the hypercalls still need to be enabled from qemu. This performs
> > the necessary calls to do so.
> >
> > It would be nice to provide some warning if we encounter a problematic
> > device with a kernel which doesn't support the new calls. Unfortunately,
> > I can't see a way to detect this case which won't either warn in far too
> > many cases that will probably work, or which is horribly invasive.
>
> Hmm, is there a function that returns you a list to a given type?
> Something like object_resolve_path(TYPE_VIRTIO_BLK, NULL) but not only
> returning one matching object but all? ... then you could step through
> all the possibly affected devices and check whether they need this
> kernel feature.
I'm not sure if there's such a function, but even with it, I can't see
a way to do this that isn't really fragile. virtio-blk is only
affected if using iothread / dataplane - not if fully handled in
qemu. There may be other devices which will be affected if using
dataplane for the same reasons, and if there aren't now there may well
be in future.
Likewise any future devices which could have a KVM implementation
would be affected, and there's no obvious way to enumerate what those
are.
>
> > Signed-off-by: David Gibson
> > ---
> > hw/ppc/spapr.c | 5 +
> > target-ppc/kvm.c | 18 ++
> > target-ppc/kvm_ppc.h | 5 +
> > 3 files changed, 28 insertions(+)
> >
> > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > index 644689a..3b5768b 100644
> > --- a/hw/ppc/spapr.c
> > +++ b/hw/ppc/spapr.c
> > @@ -1504,6 +1504,11 @@ static void ppc_spapr_init(MachineState *machine)
> > qemu_register_reset(spapr_cpu_reset, cpu);
> > }
> >
> > +if (kvm_enabled()) {
> > +/* Enable H_LOGICAL_CI_* so SLOF can talk to in-kernel devices */
> > +kvmppc_enable_logical_ci_hcalls();
> > +}
> > +
> > /* allocate RAM */
> > spapr->ram_limit = ram_size;
> > memory_region_allocate_system_memory(ram, NULL, "ppc_spapr.ram",
> > diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
> > index 12328a4..fde26d0 100644
> > --- a/target-ppc/kvm.c
> > +++ b/target-ppc/kvm.c
> > @@ -1882,6 +1882,24 @@ int kvmppc_get_hypercall(CPUPPCState *env, uint8_t
> > *buf, int buf_len)
> > return 0;
> > }
> >
> > +static inline int kvmppc_enable_hcall(KVMState *s, target_ulong hcall)
> > +{
> > +return kvm_vm_enable_cap(s, KVM_CAP_PPC_ENABLE_HCALL, 0, hcall, 1);
> > +}
> > +
> > +void kvmppc_enable_logical_ci_hcalls(void)
> > +{
> > +/*
> > + * FIXME: it would be nice if we could detect the cases where
> > + * we're using a device which requires the in kernel
> > + * implementation of these hcalls, but the kernel lacks them and
> > + * produce a warning. So far I haven't seen a practical way to do
> > + * that
> > + */
>
> I'd maybe drop or shorten this comment (at least the last sentence).
>
> > +kvmppc_enable_hcall(kvm_state, H_LOGICAL_CI_LOAD);
> > +kvmppc_enable_hcall(kvm_state, H_LOGICAL_CI_STORE);
> > +}
> > +
> > void kvmppc_set_papr(PowerPCCPU *cpu)
> > {
> > CPUState *cs = CPU(cpu);
> > diff --git a/target-ppc/kvm_ppc.h b/target-ppc/kvm_ppc.h
> > index 2e0224c..4d30e27 100644
> > --- a/target-ppc/kvm_ppc.h
> > +++ b/target-ppc/kvm_ppc.h
> > @@ -24,6 +24,7 @@ bool kvmppc_get_host_serial(char **buf);
> > int kvmppc_get_hasidle(CPUPPCState *env);
> > int kvmppc_get_hypercall(CPUPPCState *env, uint8_t *buf, int buf_len);
> > int kvmppc_set_interrupt(PowerPCCPU *cpu, int irq, int level);
> > +void kvmppc_enable_logical_ci_hcalls(void);
> > void kvmppc_set_papr(PowerPCCPU *cpu);
> > int kvmppc_set_compat(PowerPCCPU *cpu, uint32_t cpu_version);
> > void kvmppc_set_mpic_proxy(PowerPCCPU *cpu, int mpic_proxy);
> > @@ -107,6 +108,10 @@ static inline int kvmppc_set_interrupt(PowerPCCPU
> > *cpu, int irq, int level)
> > return -1;
> > }
> >
> > +static inline void kvmppc_enable_logical_ci_hcalls(void)
> > +{
> > +}
> > +
> > static inline void kvmppc_set_papr(PowerPCCPU *cpu)
> > {
> > }
>
> Reviewed-by: Thomas Huth
>
--
David Gibson
Re: [Qemu-devel] [PATCH v5 15/20] hw/acpi/aml-build: Add aml_not() term
On Tue, 5 May 2015 10:45:06 +0800
Shannon Zhao wrote:
> On 2015/4/15 21:25, Shannon Zhao wrote:
> > From: Shannon Zhao
> >
> > Signed-off-by: Shannon Zhao
> > Signed-off-by: Shannon Zhao
> > Reviewed-by: Alex Bennée
> > ---
> > hw/acpi/aml-build.c | 9 +
> > include/hw/acpi/aml-build.h | 1 +
> > 2 files changed, 10 insertions(+)
> >
> > diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c
> > index cd4ffe2..139099f 100644
> > --- a/hw/acpi/aml-build.c
> > +++ b/hw/acpi/aml-build.c
> > @@ -608,6 +608,15 @@ Aml *aml_irq_no_flags(uint8_t irq)
> > return var;
> > }
> >
> > +/* ACPI 1.0: 16.2.3 Operators: DefLNot */
> > +Aml *aml_not(Aml *arg)
> > +{
> > +Aml *var = aml_opcode(0x92 /* LNotOp */);
> > +aml_append(var, arg);
> > +build_append_int(var->buf, 0x00); /* NullNameOp */
>
> This is not necessary to append 0, will remove it at next version.
also make it aml_lnot()
>
> > +return var;
> > +}
> > +
> > /* ACPI 1.0b: 16.2.5.4 Type 2 Opcodes Encoding: DefLEqual */
> > Aml *aml_equal(Aml *arg1, Aml *arg2)
> > {
> > diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h
> > index 61c1a03..08b3fbd 100644
> > --- a/include/hw/acpi/aml-build.h
> > +++ b/include/hw/acpi/aml-build.h
> > @@ -224,6 +224,7 @@ Aml *aml_named_field(const char *name, unsigned length);
> > Aml *aml_reserved_field(unsigned length);
> > Aml *aml_local(int num);
> > Aml *aml_string(const char *name_format, ...) GCC_FMT_ATTR(1, 2);
> > +Aml *aml_not(Aml *arg);
> > Aml *aml_equal(Aml *arg1, Aml *arg2);
> > Aml *aml_processor(uint8_t proc_id, uint32_t pblk_addr, uint8_t pblk_len,
> > const char *name_format, ...) GCC_FMT_ATTR(4, 5);
> >
>
>
Re: [Qemu-devel] [RFC PATCH v11 00/23] Deterministic replay core
> From: Paolo Bonzini [mailto:pbonz...@redhat.com] > On 27/04/2015 09:32, Pavel Dovgalyuk wrote: > > This set of patches is related to the reverse execution and deterministic > > replay of qemu execution. This implementation of deterministic replay can > > be used for deterministic debugging of guest code through gdb remote > > interface. > > > > These patches include only core function of the replay, > > excluding the support for replaying serial, audio, network, and USB devices' > > operations. Reverse debugging and monitor commands were also excluded to > > be submitted later as separate patches. > > > > Execution recording writes non-deterministic events log, which can be later > > used for replaying the execution anywhere and for unlimited number of times. > > It also supports checkpointing for faster rewinding during reverse > > debugging. > > Execution replaying reads the log and replays all non-deterministic events > > including external input, hardware clocks, and interrupts. > > > > Deterministic replay has the following features: > > * Deterministically replays whole system execution and all contents of the > > memory, > >state of the hadrware devices, clocks, and screen of the VM. > > * Writes execution log into the file for latter replaying for multiple > > times > >on different machines. > > * Supports i386, x86_64, and ARM hardware platforms. > > * Performs deterministic replay of all operations with keyboard and mouse > >input devices. > > * Supports auto-checkpointing for convenient reverse debugging. > > > > Usage of the record/replay: > > * First, record the execution, by adding the following string to the > > command line: > >'-icount shift=7,rr=record,rrfile=replay.bin -net none'. > >Block devices' images are not actually changed in the recording mode, > >because all of the changes are written to the temporary overlay file. > > * Then you can replay it for the multiple times by using another command > >line option: '-icount shift=7,rr=replay,rrfile=replay.bin -net none' > > * '-net none' option should also be specified if network replay patches > >are not applied. > > > > Paper with short description of deterministic replay implementation: > > http://www.computer.org/csdl/proceedings/csmr/2012/4666/00/4666a553-abs.html > > > > Modifications of qemu include: > > * wrappers for clock and time functions to save their return values in the > > log > > * saving different asynchronous events (e.g. system shutdown) into the log > > * synchronization of the bottom halves execution > > * synchronization of the threads from thread pool > > * recording/replaying user input (mouse and keyboard) > > * adding internal events for cpu and io synchronization > > > > v11 changes: > > * Fixed instructions event processing. > > * Added some mutex protection calls for replay. > > * Fixed replaying read operations for qcow2. > > * Fixed rtc reads on initializations stage. > > * Eliminated some warnings in replay module. > > * Fixed misprints in documentation for replay (as suggested by Eric Blake) > > This has the same problem as before, namely that the block changes are > too intrusive and, likely, no one is going to review them. > > I strongly suggest dropping them and only supporting synchronous I/O > devices for now. Ok, I'll remove them in the next iteration. > Instead, I would like to see patches for the other > sources of non-determinism, especially character devices. I'll release these patches after applying the core, because they need reworking for the newest versions of QEMU and replay. Pavel Dovgalyuk
Re: [Qemu-devel] [RFC PATCH v3 21/24] spapr: Initialize hotplug memory address space
On Fri, 24 Apr 2015 12:17:43 +0530
Bharata B Rao wrote:
> Initialize a hotplug memory region under which all the hotplugged
> memory is accommodated. Also enable memory hotplug by setting
> CONFIG_MEM_HOTPLUG.
>
> Modelled on i386 memory hotplug.
>
> Signed-off-by: Bharata B Rao
> ---
> default-configs/ppc64-softmmu.mak | 1 +
> hw/ppc/spapr.c| 38 ++
> include/hw/ppc/spapr.h| 12
> 3 files changed, 51 insertions(+)
>
> diff --git a/default-configs/ppc64-softmmu.mak
> b/default-configs/ppc64-softmmu.mak
> index 22ef132..16b3011 100644
> --- a/default-configs/ppc64-softmmu.mak
> +++ b/default-configs/ppc64-softmmu.mak
> @@ -51,3 +51,4 @@ CONFIG_XICS_KVM=$(and $(CONFIG_PSERIES),$(CONFIG_KVM))
> # For PReP
> CONFIG_MC146818RTC=y
> CONFIG_ISA_TESTDEV=y
> +CONFIG_MEM_HOTPLUG=y
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 910a50f..9dc4c36 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -125,6 +125,9 @@ struct sPAPRMachineState {
>
> /*< public >*/
> char *kvm_type;
> +ram_addr_t hotplug_memory_base;
> +MemoryRegion hotplug_memory;
> +bool enforce_aligned_dimm;
> };
>
> sPAPREnvironment *spapr;
> @@ -1514,6 +1517,7 @@ static void ppc_spapr_init(MachineState *machine)
> QemuOpts *opts = qemu_opts_find(qemu_find_opts("smp-opts"), NULL);
> int sockets = opts ? qemu_opt_get_number(opts, "sockets", 0) : 0;
> int cores = (smp_cpus/smp_threads) ? smp_cpus/smp_threads : 1;
> +sPAPRMachineState *ms = SPAPR_MACHINE(machine);
>
> sockets = sockets ? sockets : cores;
> msi_supported = true;
> @@ -1613,6 +1617,36 @@ static void ppc_spapr_init(MachineState *machine)
> memory_region_add_subregion(sysmem, 0, rma_region);
> }
>
> +/* initialize hotplug memory address space */
> +if (machine->ram_size < machine->maxram_size) {
> +ram_addr_t hotplug_mem_size =
> +machine->maxram_size - machine->ram_size;
> +
> +if (machine->ram_slots > SPAPR_MAX_RAM_SLOTS) {
> +error_report("unsupported amount of memory slots: %"PRIu64,
> + machine->ram_slots);
> +exit(EXIT_FAILURE);
> +}
> +
> +ms->hotplug_memory_base = ROUND_UP(machine->ram_size,
> +SPAPR_HOTPLUG_MEM_ALIGN);
> +
> +if (ms->enforce_aligned_dimm) {
> +hotplug_mem_size += SPAPR_HOTPLUG_MEM_ALIGN * machine->ram_slots;
> +}
> +
> +if ((ms->hotplug_memory_base + hotplug_mem_size) < hotplug_mem_size)
> {
> +error_report("unsupported amount of maximum memory: "
> RAM_ADDR_FMT,
> + machine->maxram_size);
> +exit(EXIT_FAILURE);
> +}
> +
> +memory_region_init(&ms->hotplug_memory, OBJECT(ms),
> + "hotplug-memory", hotplug_mem_size);
> +memory_region_add_subregion(sysmem, ms->hotplug_memory_base,
> +&ms->hotplug_memory);
> +}
> +
> filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, "spapr-rtas.bin");
> spapr->rtas_size = get_image_size(filename);
> spapr->rtas_blob = g_malloc(spapr->rtas_size);
> @@ -1844,11 +1878,15 @@ static void spapr_set_kvm_type(Object *obj, const
> char *value, Error **errp)
>
> static void spapr_machine_initfn(Object *obj)
> {
> +sPAPRMachineState *ms = SPAPR_MACHINE(obj);
> +
> object_property_add_str(obj, "kvm-type",
> spapr_get_kvm_type, spapr_set_kvm_type, NULL);
> object_property_set_description(obj, "kvm-type",
> "Specifies the KVM virtualization mode
> (HV, PR)",
> NULL);
> +
> +ms->enforce_aligned_dimm = true;
> }
>
> static void ppc_cpu_do_nmi_on_cpu(void *arg)
> diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
> index ecac6e3..53560e9 100644
> --- a/include/hw/ppc/spapr.h
> +++ b/include/hw/ppc/spapr.h
> @@ -542,6 +542,18 @@ struct sPAPREventLogEntry {
>
> #define SPAPR_MEMORY_BLOCK_SIZE (1 << 28) /* 256MB */
>
> +/*
> + * This defines the maximum number of DIMM slots we can have for sPAPR
> + * guest. This is not defined by sPAPR but we are defining it to 4096 slots
> + * here. With the worst case addition of SPAPR_MEMORY_BLOCK_SIZE
> + * (256MB) memory per slot, we should be able to support 1TB of guest
> + * hotpluggable memory.
> + */
> +#define SPAPR_MAX_RAM_SLOTS (1ULL << 12)
why not write 4096 instead of (1ULL << 12), much easier to read.
BTW:
KVM supports upto 509 memory slots including slots consumed by
initial memory.
> +
> +/* 1GB alignment for hotplug memory region */
> +#define SPAPR_HOTPLUG_MEM_ALIGN (1ULL << 30)
> +
> void spapr_events_init(sPAPREnvironment *spapr);
> void spapr_events_fdt_skel(void *fdt, uint32_t epow_irq);
> int spapr_h_cas_compose_response(target_ulong addr, target_ulon
[Qemu-devel] [PULL 0/1] coverity: fix address_space_rw model
The following changes since commit 5bccbb04a4abba7af4398de992bf06d585fd1333: Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2015-04-30 20:34:54 +0100) are available in the git repository at: git://repo.or.cz/qemu/armbru.git tags/pull-cov-model-2015-05-05 for you to fetch changes up to 2e1c92daff752c056ae10087e6b1702b0460af88: coverity: fix address_space_rw model (2015-05-05 10:42:11 +0200) coverity: fix address_space_rw model Paolo Bonzini (1): coverity: fix address_space_rw model scripts/coverity-model.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 1.9.3
Re: [Qemu-devel] [PATCH v3 0/6] spapr_pci: DT field fixes and PCI DT node creation in QEMU
Nikunj A Dadhania writes: > The patch series creates PCI device tree(DT) nodes in QEMU. The new > hotplug code needs the device node creation in QEMU. While during > boot, nodes were created in SLOF. It makes more sense to consolidate > the code to one place for better maintainability. > > Based on David's spapr-next > https://github.com/dgibson/qemu/tree/spapr-next > > Also, patches for populating ibm,loc-code was getting very complicated > with use of RTAS/HCALL > Something went wrong in my git-send email, will repost correcting the duplication of patches. > Changelog V2: > * Fix device tree for 64-bit encoding > * Fix the class code, was failing xhci > * Remove macro duplication > * Fix DT fields generation for boot time device (Michael Roth) > > Changelog v1: > * Correct indent problems reported by checkpatch(David Gibson) > * Declare sPAPRFDT structure as local (David Gibson) > * Re-arrange code to avoid multiple indentation (Alexey Kardashevskiy) > > Michael Roth (1): > spapr_pci: fix boot-time device tree fields for pci hotplug > > Nikunj A Dadhania (5): > spapr_pci: remove duplicate macros > spapr_pci: encode missing 64-bit memory address space > spapr_pci: encode class code including Prog IF register > spapr_pci: enumerate and add PCI device tree > spapr_pci: populate ibm,loc-code > > hw/ppc/spapr_pci.c | 221 > +++-- > 1 file changed, 198 insertions(+), 23 deletions(-) > > -- > 1.8.3.1 Regards, Nikunj
[Qemu-devel] [PULL 1/1] coverity: fix address_space_rw model
From: Paolo Bonzini
If the is_write argument is true, address_space_rw writes to memory
and thus reads from the buffer. The opposite holds if is_write is
false. Fix the model.
Cc: Markus Armbruster
Signed-off-by: Paolo Bonzini
Signed-off-by: Markus Armbruster
---
scripts/coverity-model.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/scripts/coverity-model.c b/scripts/coverity-model.c
index 224d2d1..617f67d 100644
--- a/scripts/coverity-model.c
+++ b/scripts/coverity-model.c
@@ -49,7 +49,7 @@ typedef uint64_t hwaddr;
typedef uint32_t MemTxResult;
typedef uint64_t MemTxAttrs;
-static void __write(uint8_t *buf, ssize_t len)
+static void __bufwrite(uint8_t *buf, ssize_t len)
{
int first, last;
__coverity_negative_sink__(len);
@@ -59,7 +59,7 @@ static void __write(uint8_t *buf, ssize_t len)
__coverity_writeall__(buf);
}
-static void __read(uint8_t *buf, ssize_t len)
+static void __bufread(uint8_t *buf, ssize_t len)
{
__coverity_negative_sink__(len);
if (len == 0) return;
@@ -74,7 +74,7 @@ MemTxResult address_space_rw(AddressSpace *as, hwaddr addr,
MemTxAttrs attrs,
// TODO: investigate impact of treating reads as producing
// tainted data, with __coverity_tainted_data_argument__(buf).
-if (is_write) __write(buf, len); else __read(buf, len);
+if (is_write) __bufread(buf, len); else __bufwrite(buf, len);
return result;
}
--
1.9.3
[Qemu-devel] [PATCH v3 0/6] spapr_pci: DT field fixes and PCI DT node creation in QEMU
The patch series creates PCI device tree(DT) nodes in QEMU. The new hotplug code needs the device node creation in QEMU. While during boot, nodes were created in SLOF. It makes more sense to consolidate the code to one place for better maintainability. Based on David's spapr-next https://github.com/dgibson/qemu/tree/spapr-next Also, patches for populating ibm,loc-code was getting very complicated with use of RTAS/HCALL Changelog V2: * Fix device tree for 64-bit encoding * Fix the class code, was failing xhci * Remove macro duplication * Fix DT fields generation for boot time device (Michael Roth) Changelog v1: * Correct indent problems reported by checkpatch(David Gibson) * Declare sPAPRFDT structure as local (David Gibson) * Re-arrange code to avoid multiple indentation (Alexey Kardashevskiy) Michael Roth (1): spapr_pci: fix boot-time device tree fields for pci hotplug Nikunj A Dadhania (5): spapr_pci: remove duplicate macros spapr_pci: encode missing 64-bit memory address space spapr_pci: encode class code including Prog IF register spapr_pci: enumerate and add PCI device tree spapr_pci: populate ibm,loc-code hw/ppc/spapr_pci.c | 221 +++-- 1 file changed, 198 insertions(+), 23 deletions(-) -- 1.8.3.1
[Qemu-devel] [PATCH v3 1/6] spapr_pci: remove duplicate macros
Signed-off-by: Nikunj A Dadhania --- hw/ppc/spapr_pci.c | 11 --- 1 file changed, 11 deletions(-) diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c index 2e7590c..4df3a33 100644 --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -1475,17 +1475,6 @@ PCIHostState *spapr_create_phb(sPAPREnvironment *spapr, int index) return PCI_HOST_BRIDGE(dev); } -/* Macros to operate with address in OF binding to PCI */ -#define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p)) -#define b_n(x) b_x((x), 31, 1) /* 0 if relocatable */ -#define b_p(x) b_x((x), 30, 1) /* 1 if prefetchable */ -#define b_t(x) b_x((x), 29, 1) /* 1 if the address is aliased */ -#define b_ss(x) b_x((x), 24, 2) /* the space code */ -#define b_(x) b_x((x), 16, 8) /* bus number */ -#define b_d(x) b_x((x), 11, 5) /* device number */ -#define b_fff(x)b_x((x), 8, 3) /* function number */ -#define b_(x) b_x((x), 0, 8) /* register number */ - int spapr_populate_pci_dt(sPAPRPHBState *phb, uint32_t xics_phandle, void *fdt) -- 1.8.3.1
[Qemu-devel] [PATCH v3 2/6] spapr_pci: encode missing 64-bit memory address space
The properties reg/assigned-resources need to encode 64-bit memory
address space as part of phys.hi dword.
00 if configuration space
01 if IO region,
10 if 32-bit MEM region
11 if 64-bit MEM region
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 4df3a33..ea1a092 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -786,7 +786,13 @@ typedef struct ResourceProps {
* phys.hi = 0xYYZZ, where:
* 0xYY = npt000ss
* ||| |
- * ||| +-- space code: 1 if IO region, 2 if MEM region
+ * ||| +-- space code
+ * ||| |
+ * ||| + 00 if configuration space
+ * ||| + 01 if IO region,
+ * ||| + 10 if 32-bit MEM region
+ * ||| + 11 if 64-bit MEM region
+ * |||
* ||+-- for non-relocatable IO: 1 if aliased
* ||for relocatable IO: 1 if below 64KB
* ||for MEM: 1 if below 1MB
@@ -846,6 +852,8 @@ static void populate_resource_props(PCIDevice *d,
ResourceProps *rp)
reg->phys_hi = cpu_to_be32(dev_id | b_(pci_bar(d, i)));
if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) {
reg->phys_hi |= cpu_to_be32(b_ss(1));
+} else if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
+reg->phys_hi |= cpu_to_be32(b_ss(3));
} else {
reg->phys_hi |= cpu_to_be32(b_ss(2));
}
--
1.8.3.1
[Qemu-devel] [PATCH v3 4/6] spapr_pci: enumerate and add PCI device tree
All the PCI enumeration and device node creation was off-loaded to
SLOF. With PCI hotplug support, code needed to be added to add device
node. This creates multiple copy of the code one in SLOF and other in
hotplug code. To unify this, the patch adds the pci device node
creation in Qemu. For backward compatibility, a flag
"qemu,phb-enumerated" is added to the phb, suggesting to SLOF to not
do device node creation.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 108 ++---
1 file changed, 103 insertions(+), 5 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 8b02a3e..103284a 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -23,6 +23,7 @@
* THE SOFTWARE.
*/
#include "hw/hw.h"
+#include "hw/sysbus.h"
#include "hw/pci/pci.h"
#include "hw/pci/msi.h"
#include "hw/pci/msix.h"
@@ -35,6 +36,7 @@
#include "qemu/error-report.h"
#include "qapi/qmp/qerror.h"
+#include "hw/pci/pci_bridge.h"
#include "hw/pci/pci_bus.h"
#include "hw/ppc/spapr_drc.h"
#include "sysemu/device_tree.h"
@@ -945,7 +947,10 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev,
void *fdt, int offset,
* processed by OF beforehand
*/
_FDT(fdt_setprop_string(fdt, offset, "name", "pci"));
-_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name, strlen(drc_name)));
+if (drc_name) {
+_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
+ strlen(drc_name)));
+}
_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
_FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
@@ -1001,10 +1006,6 @@ static void spapr_phb_add_pci_device(sPAPRDRConnector
*drc,
void *fdt = NULL;
int fdt_start_offset = 0;
-/* boot-time devices get their device tree node created by SLOF, but for
- * hotplugged devices we need QEMU to generate it so the guest can fetch
- * it via RTAS
- */
if (dev->hotplugged) {
fdt = spapr_create_pci_child_dt(phb, pdev, drc_index, drc_name,
&fdt_start_offset);
@@ -1482,6 +1483,89 @@ PCIHostState *spapr_create_phb(sPAPREnvironment *spapr,
int index)
return PCI_HOST_BRIDGE(dev);
}
+typedef struct sPAPRFDT {
+void *fdt;
+int node_off;
+uint32_t index;
+} sPAPRFDT;
+
+static void spapr_populate_pci_devices_dt(PCIBus *bus, PCIDevice *pdev,
+ void *opaque)
+{
+PCIBus *sec_bus;
+sPAPRFDT *p = opaque;
+int ret, offset;
+int slot = PCI_SLOT(pdev->devfn);
+int func = PCI_FUNC(pdev->devfn);
+char nodename[512];
+sPAPRFDT s_fdt;
+
+if (func) {
+sprintf(nodename, "pci@%d,%d", slot, func);
+} else {
+sprintf(nodename, "pci@%d", slot);
+}
+offset = fdt_add_subnode(p->fdt, p->node_off, nodename);
+ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index, 0, NULL);
+g_assert(!ret);
+
+if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
+ PCI_HEADER_TYPE_BRIDGE)) {
+return;
+}
+
+sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
+if (!sec_bus) {
+return;
+}
+
+s_fdt.fdt = p->fdt;
+s_fdt.node_off = offset;
+s_fdt.index = p->index;
+pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
+spapr_populate_pci_devices_dt,
+&s_fdt);
+}
+
+static void spapr_phb_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
+ void *opaque)
+{
+unsigned short *bus_no = (unsigned short *) opaque;
+unsigned short primary = *bus_no;
+unsigned short secondary;
+unsigned short subordinate = 0xff;
+
+if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) ==
+ PCI_HEADER_TYPE_BRIDGE)) {
+PCIBus *sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
+secondary = *bus_no + 1;
+pci_default_write_config(pdev, PCI_PRIMARY_BUS, primary, 1);
+pci_default_write_config(pdev, PCI_SECONDARY_BUS, secondary, 1);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, secondary, 1);
+*bus_no = *bus_no + 1;
+if (sec_bus) {
+pci_default_write_config(pdev, PCI_PRIMARY_BUS, primary, 1);
+pci_default_write_config(pdev, PCI_SECONDARY_BUS, secondary, 1);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, subordinate,
1);
+pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
+spapr_phb_pci_enumerate_bridge,
+bus_no);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
+}
+}
+}
+
+static void spapr_phb_pci_enumerate(sPAPRPHBState *phb)
+{
+PCIBus *bus = PCI_HOST_BRIDGE(phb)->bus;
+unsigned short bus_no = 0;
+
+pci_for_each_device(bus, pci_bus_num(bus),
+spapr_phb_pci_enumerate_bridge,
+
[Qemu-devel] [PATCH v3 3/6] spapr_pci: encode class code including Prog IF register
Current code missed the Prog IF register. All Class Code, Subclass,
and Prog IF registers are needed to identify the accurate device type.
For example: USB controllers use the PROG IF for denoting: USB
FullSpeed, HighSpeed or SuperSpeed.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index ea1a092..8b02a3e 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -899,8 +899,7 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, void
*fdt, int offset,
_FDT(fdt_setprop_cell(fdt, offset, "revision-id",
pci_default_read_config(dev, PCI_REVISION_ID, 1)));
_FDT(fdt_setprop_cell(fdt, offset, "class-code",
- pci_default_read_config(dev, PCI_CLASS_DEVICE, 2)
-<< 8));
+ pci_default_read_config(dev, PCI_CLASS_PROG, 3)));
if (pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1)) {
_FDT(fdt_setprop_cell(fdt, offset, "interrupts",
pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1)));
--
1.8.3.1
[Qemu-devel] [PATCH v3 3/4] spapr: enumerate and add PCI device tree
All the PCI enumeration and device node creation was off-loaded to
SLOF. With PCI hotplug support, code needed to be added to add device
node. This creates multiple copy of the code one in SLOF and other in
hotplug code. To unify this, the patch adds the pci device node
creation in Qemu. For backward compatibility, a flag
"qemu,phb-enumerated" is added to the phb, suggesting to SLOF to not
do device node creation.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 108 ++---
1 file changed, 103 insertions(+), 5 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 821f82e..829c3ef 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -23,6 +23,7 @@
* THE SOFTWARE.
*/
#include "hw/hw.h"
+#include "hw/sysbus.h"
#include "hw/pci/pci.h"
#include "hw/pci/msi.h"
#include "hw/pci/msix.h"
@@ -35,6 +36,7 @@
#include "qemu/error-report.h"
#include "qapi/qmp/qerror.h"
+#include "hw/pci/pci_bridge.h"
#include "hw/pci/pci_bus.h"
#include "hw/ppc/spapr_drc.h"
#include "sysemu/device_tree.h"
@@ -946,7 +948,10 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev,
void *fdt, int offset,
* processed by OF beforehand
*/
_FDT(fdt_setprop_string(fdt, offset, "name", "pci"));
-_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name, strlen(drc_name)));
+if (drc_name) {
+_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
+ strlen(drc_name)));
+}
_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
_FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
@@ -1002,10 +1007,6 @@ static void spapr_phb_add_pci_device(sPAPRDRConnector
*drc,
void *fdt = NULL;
int fdt_start_offset = 0;
-/* boot-time devices get their device tree node created by SLOF, but for
- * hotplugged devices we need QEMU to generate it so the guest can fetch
- * it via RTAS
- */
if (dev->hotplugged) {
fdt = spapr_create_pci_child_dt(phb, pdev, drc_index, drc_name,
&fdt_start_offset);
@@ -1495,6 +1496,89 @@ PCIHostState *spapr_create_phb(sPAPRMachineState *sm,
int index)
#define b_fff(x)b_x((x), 8, 3) /* function number */
#define b_(x) b_x((x), 0, 8) /* register number */
+typedef struct sPAPRFDT {
+void *fdt;
+int node_off;
+uint32_t index;
+} sPAPRFDT;
+
+static void spapr_populate_pci_devices_dt(PCIBus *bus, PCIDevice *pdev,
+ void *opaque)
+{
+PCIBus *sec_bus;
+sPAPRFDT *p = opaque;
+int ret, offset;
+int slot = PCI_SLOT(pdev->devfn);
+int func = PCI_FUNC(pdev->devfn);
+char nodename[512];
+sPAPRFDT s_fdt;
+
+if (func) {
+sprintf(nodename, "pci@%d,%d", slot, func);
+} else {
+sprintf(nodename, "pci@%d", slot);
+}
+offset = fdt_add_subnode(p->fdt, p->node_off, nodename);
+ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index, 0, NULL);
+g_assert(!ret);
+
+if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
+ PCI_HEADER_TYPE_BRIDGE)) {
+return;
+}
+
+sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
+if (!sec_bus) {
+return;
+}
+
+s_fdt.fdt = p->fdt;
+s_fdt.node_off = offset;
+s_fdt.index = p->index;
+pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
+spapr_populate_pci_devices_dt,
+&s_fdt);
+}
+
+static void spapr_phb_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
+ void *opaque)
+{
+unsigned short *bus_no = (unsigned short *) opaque;
+unsigned short primary = *bus_no;
+unsigned short secondary;
+unsigned short subordinate = 0xff;
+
+if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) ==
+ PCI_HEADER_TYPE_BRIDGE)) {
+PCIBus *sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
+secondary = *bus_no + 1;
+pci_default_write_config(pdev, PCI_PRIMARY_BUS, primary, 1);
+pci_default_write_config(pdev, PCI_SECONDARY_BUS, secondary, 1);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, secondary, 1);
+*bus_no = *bus_no + 1;
+if (sec_bus) {
+pci_default_write_config(pdev, PCI_PRIMARY_BUS, primary, 1);
+pci_default_write_config(pdev, PCI_SECONDARY_BUS, secondary, 1);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, subordinate,
1);
+pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
+spapr_phb_pci_enumerate_bridge,
+bus_no);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
+}
+}
+}
+
+static void spapr_phb_pci_enumerate(sPAPRPHBState *phb)
+{
+PCIBus *bus = PCI_HOST_BRIDGE(phb)->bus;
+unsigned short bus_no = 0;
+
+pci_for_each_device(
[Qemu-devel] [PATCH v3 6/6] spapr_pci: populate ibm,loc-code
Each hardware instance has a platform unique location code. The OF
device tree that describes a part of a hardware entity must include
the “ibm,loc-code” property with a value that represents the location
code for that hardware entity.
Populate ibm,loc-code.
1) PCI passthru devices need to identify with its own ibm,loc-code
available on the host.
2) Emulated devices encode as following:
qemu_::.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 86 +++---
1 file changed, 75 insertions(+), 11 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index cbd5661..eacf0bd 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -744,6 +744,70 @@ static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void
*opaque, int devfn)
return &phb->iommu_as;
}
+static bool spapr_phb_vfio_get_devspec_value(PCIDevice *pdev, char **value)
+{
+char *host;
+char path[PATH_MAX];
+
+host = object_property_get_str(OBJECT(pdev), "host", NULL);
+if (!host) {
+return false;
+}
+
+snprintf(path, sizeof(path), "/sys/bus/pci/devices/%s/devspec", host);
+g_free(host);
+
+return g_file_get_contents(path, value, NULL, NULL);
+}
+
+static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+char path[PATH_MAX], *buf = NULL;
+
+/* We have a vfio host bridge lets get the path. */
+if (!spapr_phb_vfio_get_devspec_value(pdev, &buf)) {
+return NULL;
+}
+
+snprintf(path, sizeof(path), "/proc/device-tree%s/ibm,loc-code", buf);
+g_free(buf);
+
+if (g_file_get_contents(path, &buf, NULL, NULL)) {
+return buf;
+} else {
+return NULL;
+}
+}
+
+static char *spapr_phb_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+char *path = g_malloc(PATH_MAX);
+
+if (!path) {
+return NULL;
+}
+
+/*
+ * For non-vfio devices and failures make up the location code out
+ * of the name, slot and function.
+ *
+ * qemu_::.
+ */
+snprintf(path, PATH_MAX, "qemu_%s:%02d:%02d.%1d", pdev->name,
+ sphb->index, PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));
+return path;
+}
+
+
+static char *spapr_ibm_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+if (object_dynamic_cast(OBJECT(pdev), "vfio-pci") != NULL) {
+return spapr_phb_vfio_get_loc_code(sphb, pdev);
+} else {
+return spapr_phb_get_loc_code(sphb, pdev);
+}
+}
+
/* Macros to operate with address in OF binding to PCI */
#define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
#define b_n(x) b_x((x), 31, 1) /* 0 if relocatable */
@@ -881,12 +945,12 @@ static void populate_resource_props(PCIDevice *d,
ResourceProps *rp)
}
static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset,
- int phb_index, int drc_index,
- const char *drc_name)
+ sPAPRPHBState *phb, int drc_index)
{
ResourceProps rp;
bool is_bridge = false;
int pci_status;
+char *buf = NULL;
if (pci_default_read_config(dev, PCI_HEADER_TYPE, 1) ==
PCI_HEADER_TYPE_BRIDGE) {
@@ -947,9 +1011,10 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev,
void *fdt, int offset,
* processed by OF beforehand
*/
_FDT(fdt_setprop_string(fdt, offset, "name", "pci"));
-if (drc_name) {
-_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
- strlen(drc_name)));
+buf = spapr_ibm_get_loc_code(phb, dev);
+if (buf) {
+_FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", buf));
+g_free(buf);
}
if (drc_index) {
_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
@@ -988,8 +1053,7 @@ static void *spapr_create_pci_child_dt(sPAPRPHBState *phb,
PCIDevice *dev,
sprintf(nodename, "pci@%d", slot);
}
offset = fdt_add_subnode(fdt, 0, nodename);
-ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb->index, drc_index,
- drc_name);
+ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb, drc_index);
g_assert(!ret);
*dt_offset = offset;
@@ -1502,7 +1566,7 @@ static uint32_t spapr_phb_get_pci_drc_index(sPAPRPHBState
*phb,
typedef struct sPAPRFDT {
void *fdt;
int node_off;
-uint32_t index;
+sPAPRPHBState *sphb;
} sPAPRFDT;
static void spapr_populate_pci_devices_dt(PCIBus *bus, PCIDevice *pdev,
@@ -1523,7 +1587,7 @@ static void spapr_populate_pci_devices_dt(PCIBus *bus,
PCIDevice *pdev,
sprintf(nodename, "pci@%d", slot);
}
offset = fdt_add_subnode(p->fdt, p->node_off, nodename);
-ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index,
drc_index, NULL);
+ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->sphb,
drc_index);
g_assert(!ret);
[Qemu-devel] [PATCH v3 5/6] spapr_pci: fix boot-time device tree fields for pci hotplug
From: Michael Roth
We need to set the proper drc_index values in ibm,my-drc-index
fields in order to allow a PCI device that was present at
boot-time to be unplugged.
Previously SLOF handles this, but with QEMU handling the DT we
need to do it there as well.
This patch slightly changes how SLOF handled it in the past,
which was to allows add an ibm,my-drc-index value based on
PCI slot/devices topology. Now we only add it when the slot
supports hotplug and has a DR connector, which is more inline
with PAPR.
Signed-off-by: Michael Roth
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 21 +++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 103284a..cbd5661 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -951,7 +951,9 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, void
*fdt, int offset,
_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
strlen(drc_name)));
}
-_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
+if (drc_index) {
+_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
+}
_FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
RESOURCE_CELLS_ADDRESS));
@@ -1483,6 +1485,20 @@ PCIHostState *spapr_create_phb(sPAPREnvironment *spapr,
int index)
return PCI_HOST_BRIDGE(dev);
}
+static uint32_t spapr_phb_get_pci_drc_index(sPAPRPHBState *phb,
+PCIDevice *pdev)
+{
+sPAPRDRConnector *drc = spapr_phb_get_pci_drc(phb, pdev);
+sPAPRDRConnectorClass *drck;
+
+if (!drc) {
+return 0;
+}
+
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+return drck->get_index(drc);
+}
+
typedef struct sPAPRFDT {
void *fdt;
int node_off;
@@ -1499,6 +1515,7 @@ static void spapr_populate_pci_devices_dt(PCIBus *bus,
PCIDevice *pdev,
int func = PCI_FUNC(pdev->devfn);
char nodename[512];
sPAPRFDT s_fdt;
+uint32_t drc_index = spapr_phb_get_pci_drc_index(p->sphb, pdev);
if (func) {
sprintf(nodename, "pci@%d,%d", slot, func);
@@ -1506,7 +1523,7 @@ static void spapr_populate_pci_devices_dt(PCIBus *bus,
PCIDevice *pdev,
sprintf(nodename, "pci@%d", slot);
}
offset = fdt_add_subnode(p->fdt, p->node_off, nodename);
-ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index, 0, NULL);
+ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index,
drc_index, NULL);
g_assert(!ret);
if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
--
1.8.3.1
[Qemu-devel] [PATCH v3 3/6] spapr_pci: encode class code including Prog IF register
Current code missed the Prog IF register. All Class Code, Subclass,
and Prog IF registers are needed to identify the accurate device type.
For example: USB controllers use the PROG IF for denoting: USB
FullSpeed, HighSpeed or SuperSpeed.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index ea1a092..8b02a3e 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -899,8 +899,7 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, void
*fdt, int offset,
_FDT(fdt_setprop_cell(fdt, offset, "revision-id",
pci_default_read_config(dev, PCI_REVISION_ID, 1)));
_FDT(fdt_setprop_cell(fdt, offset, "class-code",
- pci_default_read_config(dev, PCI_CLASS_DEVICE, 2)
-<< 8));
+ pci_default_read_config(dev, PCI_CLASS_PROG, 3)));
if (pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1)) {
_FDT(fdt_setprop_cell(fdt, offset, "interrupts",
pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1)));
--
1.8.3.1
[Qemu-devel] [PATCH v3 1/6] spapr_pci: remove duplicate macros
Signed-off-by: Nikunj A Dadhania --- hw/ppc/spapr_pci.c | 11 --- 1 file changed, 11 deletions(-) diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c index 2e7590c..4df3a33 100644 --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -1475,17 +1475,6 @@ PCIHostState *spapr_create_phb(sPAPREnvironment *spapr, int index) return PCI_HOST_BRIDGE(dev); } -/* Macros to operate with address in OF binding to PCI */ -#define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p)) -#define b_n(x) b_x((x), 31, 1) /* 0 if relocatable */ -#define b_p(x) b_x((x), 30, 1) /* 1 if prefetchable */ -#define b_t(x) b_x((x), 29, 1) /* 1 if the address is aliased */ -#define b_ss(x) b_x((x), 24, 2) /* the space code */ -#define b_(x) b_x((x), 16, 8) /* bus number */ -#define b_d(x) b_x((x), 11, 5) /* device number */ -#define b_fff(x)b_x((x), 8, 3) /* function number */ -#define b_(x) b_x((x), 0, 8) /* register number */ - int spapr_populate_pci_dt(sPAPRPHBState *phb, uint32_t xics_phandle, void *fdt) -- 1.8.3.1
[Qemu-devel] [PATCH v3 2/6] spapr_pci: encode missing 64-bit memory address space
The properties reg/assigned-resources need to encode 64-bit memory
address space as part of phys.hi dword.
00 if configuration space
01 if IO region,
10 if 32-bit MEM region
11 if 64-bit MEM region
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 4df3a33..ea1a092 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -786,7 +786,13 @@ typedef struct ResourceProps {
* phys.hi = 0xYYZZ, where:
* 0xYY = npt000ss
* ||| |
- * ||| +-- space code: 1 if IO region, 2 if MEM region
+ * ||| +-- space code
+ * ||| |
+ * ||| + 00 if configuration space
+ * ||| + 01 if IO region,
+ * ||| + 10 if 32-bit MEM region
+ * ||| + 11 if 64-bit MEM region
+ * |||
* ||+-- for non-relocatable IO: 1 if aliased
* ||for relocatable IO: 1 if below 64KB
* ||for MEM: 1 if below 1MB
@@ -846,6 +852,8 @@ static void populate_resource_props(PCIDevice *d,
ResourceProps *rp)
reg->phys_hi = cpu_to_be32(dev_id | b_(pci_bar(d, i)));
if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) {
reg->phys_hi |= cpu_to_be32(b_ss(1));
+} else if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
+reg->phys_hi |= cpu_to_be32(b_ss(3));
} else {
reg->phys_hi |= cpu_to_be32(b_ss(2));
}
--
1.8.3.1
[Qemu-devel] [PATCH v3 0/6] spapr_pci: DT field fixes and PCI DT node creation in QEMU
The patch series creates PCI device tree(DT) nodes in QEMU. The new hotplug code needs the device node creation in QEMU. While during boot, nodes were created in SLOF. It makes more sense to consolidate the code to one place for better maintainability. Based on David's spapr-next https://github.com/dgibson/qemu/tree/spapr-next Also, patches for populating ibm,loc-code was getting very complicated with use of RTAS/HCALL Changelog V2: * Fix device tree for 64-bit encoding * Fix the class code, was failing xhci * Remove macro duplication * Fix DT fields generation for boot time device (Michael Roth) Changelog v1: * Correct indent problems reported by checkpatch(David Gibson) * Declare sPAPRFDT structure as local (David Gibson) * Re-arrange code to avoid multiple indentation (Alexey Kardashevskiy) Michael Roth (1): spapr_pci: fix boot-time device tree fields for pci hotplug Nikunj A Dadhania (5): spapr_pci: remove duplicate macros spapr_pci: encode missing 64-bit memory address space spapr_pci: encode class code including Prog IF register spapr_pci: enumerate and add PCI device tree spapr_pci: populate ibm,loc-code hw/ppc/spapr_pci.c | 221 +++-- 1 file changed, 198 insertions(+), 23 deletions(-) -- 1.8.3.1
[Qemu-devel] [PATCH v3 6/6] spapr_pci: populate ibm,loc-code
Each hardware instance has a platform unique location code. The OF
device tree that describes a part of a hardware entity must include
the “ibm,loc-code” property with a value that represents the location
code for that hardware entity.
Populate ibm,loc-code.
1) PCI passthru devices need to identify with its own ibm,loc-code
available on the host.
2) Emulated devices encode as following:
qemu_::.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 86 +++---
1 file changed, 75 insertions(+), 11 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index cbd5661..eacf0bd 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -744,6 +744,70 @@ static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void
*opaque, int devfn)
return &phb->iommu_as;
}
+static bool spapr_phb_vfio_get_devspec_value(PCIDevice *pdev, char **value)
+{
+char *host;
+char path[PATH_MAX];
+
+host = object_property_get_str(OBJECT(pdev), "host", NULL);
+if (!host) {
+return false;
+}
+
+snprintf(path, sizeof(path), "/sys/bus/pci/devices/%s/devspec", host);
+g_free(host);
+
+return g_file_get_contents(path, value, NULL, NULL);
+}
+
+static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+char path[PATH_MAX], *buf = NULL;
+
+/* We have a vfio host bridge lets get the path. */
+if (!spapr_phb_vfio_get_devspec_value(pdev, &buf)) {
+return NULL;
+}
+
+snprintf(path, sizeof(path), "/proc/device-tree%s/ibm,loc-code", buf);
+g_free(buf);
+
+if (g_file_get_contents(path, &buf, NULL, NULL)) {
+return buf;
+} else {
+return NULL;
+}
+}
+
+static char *spapr_phb_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+char *path = g_malloc(PATH_MAX);
+
+if (!path) {
+return NULL;
+}
+
+/*
+ * For non-vfio devices and failures make up the location code out
+ * of the name, slot and function.
+ *
+ * qemu_::.
+ */
+snprintf(path, PATH_MAX, "qemu_%s:%02d:%02d.%1d", pdev->name,
+ sphb->index, PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));
+return path;
+}
+
+
+static char *spapr_ibm_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+if (object_dynamic_cast(OBJECT(pdev), "vfio-pci") != NULL) {
+return spapr_phb_vfio_get_loc_code(sphb, pdev);
+} else {
+return spapr_phb_get_loc_code(sphb, pdev);
+}
+}
+
/* Macros to operate with address in OF binding to PCI */
#define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
#define b_n(x) b_x((x), 31, 1) /* 0 if relocatable */
@@ -881,12 +945,12 @@ static void populate_resource_props(PCIDevice *d,
ResourceProps *rp)
}
static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset,
- int phb_index, int drc_index,
- const char *drc_name)
+ sPAPRPHBState *phb, int drc_index)
{
ResourceProps rp;
bool is_bridge = false;
int pci_status;
+char *buf = NULL;
if (pci_default_read_config(dev, PCI_HEADER_TYPE, 1) ==
PCI_HEADER_TYPE_BRIDGE) {
@@ -947,9 +1011,10 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev,
void *fdt, int offset,
* processed by OF beforehand
*/
_FDT(fdt_setprop_string(fdt, offset, "name", "pci"));
-if (drc_name) {
-_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
- strlen(drc_name)));
+buf = spapr_ibm_get_loc_code(phb, dev);
+if (buf) {
+_FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", buf));
+g_free(buf);
}
if (drc_index) {
_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
@@ -988,8 +1053,7 @@ static void *spapr_create_pci_child_dt(sPAPRPHBState *phb,
PCIDevice *dev,
sprintf(nodename, "pci@%d", slot);
}
offset = fdt_add_subnode(fdt, 0, nodename);
-ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb->index, drc_index,
- drc_name);
+ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb, drc_index);
g_assert(!ret);
*dt_offset = offset;
@@ -1502,7 +1566,7 @@ static uint32_t spapr_phb_get_pci_drc_index(sPAPRPHBState
*phb,
typedef struct sPAPRFDT {
void *fdt;
int node_off;
-uint32_t index;
+sPAPRPHBState *sphb;
} sPAPRFDT;
static void spapr_populate_pci_devices_dt(PCIBus *bus, PCIDevice *pdev,
@@ -1523,7 +1587,7 @@ static void spapr_populate_pci_devices_dt(PCIBus *bus,
PCIDevice *pdev,
sprintf(nodename, "pci@%d", slot);
}
offset = fdt_add_subnode(p->fdt, p->node_off, nodename);
-ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index,
drc_index, NULL);
+ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->sphb,
drc_index);
g_assert(!ret);
[Qemu-devel] [virtio-vhost] virtqueue, async vq push from vhost
Can virtqueues be used asynchronous from the vhost end? >From what I've seen there are some primitives with "*add_used_and_signal*" which update some indexes behind the scene. Could marking and signaling used buffers (in another order other than the way they were received) mess up cleaning and/or other functionalities?
[Qemu-devel] [PATCH v3 1/4] spapr_pci: encode missing 64-bit memory address space
The properties reg/assigned-resources need to encode 64-bit memory
address space as part of phys.hi dword.
00 if configuration space
01 if IO region,
10 if 32-bit MEM region
11 if 64-bit MEM region
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 4d18f2d..b4f4242 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -787,7 +787,13 @@ typedef struct ResourceProps {
* phys.hi = 0xYYZZ, where:
* 0xYY = npt000ss
* ||| |
- * ||| +-- space code: 1 if IO region, 2 if MEM region
+ * ||| +-- space code
+ * ||| |
+ * ||| + 00 if configuration space
+ * ||| + 01 if IO region,
+ * ||| + 10 if 32-bit MEM region
+ * ||| + 11 if 64-bit MEM region
+ * |||
* ||+-- for non-relocatable IO: 1 if aliased
* ||for relocatable IO: 1 if below 64KB
* ||for MEM: 1 if below 1MB
@@ -847,6 +853,8 @@ static void populate_resource_props(PCIDevice *d,
ResourceProps *rp)
reg->phys_hi = cpu_to_be32(dev_id | b_(pci_bar(d, i)));
if (d->io_regions[i].type & PCI_BASE_ADDRESS_SPACE_IO) {
reg->phys_hi |= cpu_to_be32(b_ss(1));
+} else if (d->io_regions[i].type & PCI_BASE_ADDRESS_MEM_TYPE_64) {
+reg->phys_hi |= cpu_to_be32(b_ss(3));
} else {
reg->phys_hi |= cpu_to_be32(b_ss(2));
}
--
1.8.3.1
[Qemu-devel] [PATCH v3 2/4] spapr_pci: encode class code including Prog IF register
Current code missed the Prog IF register. All Class Code, Subclass,
and Prog IF registers are needed to identify the accurate device type.
For example: USB controllers use the PROG IF for denoting: USB
FullSpeed, HighSpeed or SuperSpeed.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index b4f4242..821f82e 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -900,8 +900,7 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, void
*fdt, int offset,
_FDT(fdt_setprop_cell(fdt, offset, "revision-id",
pci_default_read_config(dev, PCI_REVISION_ID, 1)));
_FDT(fdt_setprop_cell(fdt, offset, "class-code",
- pci_default_read_config(dev, PCI_CLASS_DEVICE, 2)
-<< 8));
+ pci_default_read_config(dev, PCI_CLASS_PROG, 3)));
if (pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1)) {
_FDT(fdt_setprop_cell(fdt, offset, "interrupts",
pci_default_read_config(dev, PCI_INTERRUPT_PIN, 1)));
--
1.8.3.1
[Qemu-devel] [PATCH v3 4/6] spapr_pci: enumerate and add PCI device tree
All the PCI enumeration and device node creation was off-loaded to
SLOF. With PCI hotplug support, code needed to be added to add device
node. This creates multiple copy of the code one in SLOF and other in
hotplug code. To unify this, the patch adds the pci device node
creation in Qemu. For backward compatibility, a flag
"qemu,phb-enumerated" is added to the phb, suggesting to SLOF to not
do device node creation.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 108 ++---
1 file changed, 103 insertions(+), 5 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 8b02a3e..103284a 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -23,6 +23,7 @@
* THE SOFTWARE.
*/
#include "hw/hw.h"
+#include "hw/sysbus.h"
#include "hw/pci/pci.h"
#include "hw/pci/msi.h"
#include "hw/pci/msix.h"
@@ -35,6 +36,7 @@
#include "qemu/error-report.h"
#include "qapi/qmp/qerror.h"
+#include "hw/pci/pci_bridge.h"
#include "hw/pci/pci_bus.h"
#include "hw/ppc/spapr_drc.h"
#include "sysemu/device_tree.h"
@@ -945,7 +947,10 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev,
void *fdt, int offset,
* processed by OF beforehand
*/
_FDT(fdt_setprop_string(fdt, offset, "name", "pci"));
-_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name, strlen(drc_name)));
+if (drc_name) {
+_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
+ strlen(drc_name)));
+}
_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
_FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
@@ -1001,10 +1006,6 @@ static void spapr_phb_add_pci_device(sPAPRDRConnector
*drc,
void *fdt = NULL;
int fdt_start_offset = 0;
-/* boot-time devices get their device tree node created by SLOF, but for
- * hotplugged devices we need QEMU to generate it so the guest can fetch
- * it via RTAS
- */
if (dev->hotplugged) {
fdt = spapr_create_pci_child_dt(phb, pdev, drc_index, drc_name,
&fdt_start_offset);
@@ -1482,6 +1483,89 @@ PCIHostState *spapr_create_phb(sPAPREnvironment *spapr,
int index)
return PCI_HOST_BRIDGE(dev);
}
+typedef struct sPAPRFDT {
+void *fdt;
+int node_off;
+uint32_t index;
+} sPAPRFDT;
+
+static void spapr_populate_pci_devices_dt(PCIBus *bus, PCIDevice *pdev,
+ void *opaque)
+{
+PCIBus *sec_bus;
+sPAPRFDT *p = opaque;
+int ret, offset;
+int slot = PCI_SLOT(pdev->devfn);
+int func = PCI_FUNC(pdev->devfn);
+char nodename[512];
+sPAPRFDT s_fdt;
+
+if (func) {
+sprintf(nodename, "pci@%d,%d", slot, func);
+} else {
+sprintf(nodename, "pci@%d", slot);
+}
+offset = fdt_add_subnode(p->fdt, p->node_off, nodename);
+ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index, 0, NULL);
+g_assert(!ret);
+
+if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
+ PCI_HEADER_TYPE_BRIDGE)) {
+return;
+}
+
+sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
+if (!sec_bus) {
+return;
+}
+
+s_fdt.fdt = p->fdt;
+s_fdt.node_off = offset;
+s_fdt.index = p->index;
+pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
+spapr_populate_pci_devices_dt,
+&s_fdt);
+}
+
+static void spapr_phb_pci_enumerate_bridge(PCIBus *bus, PCIDevice *pdev,
+ void *opaque)
+{
+unsigned short *bus_no = (unsigned short *) opaque;
+unsigned short primary = *bus_no;
+unsigned short secondary;
+unsigned short subordinate = 0xff;
+
+if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) ==
+ PCI_HEADER_TYPE_BRIDGE)) {
+PCIBus *sec_bus = pci_bridge_get_sec_bus(PCI_BRIDGE(pdev));
+secondary = *bus_no + 1;
+pci_default_write_config(pdev, PCI_PRIMARY_BUS, primary, 1);
+pci_default_write_config(pdev, PCI_SECONDARY_BUS, secondary, 1);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, secondary, 1);
+*bus_no = *bus_no + 1;
+if (sec_bus) {
+pci_default_write_config(pdev, PCI_PRIMARY_BUS, primary, 1);
+pci_default_write_config(pdev, PCI_SECONDARY_BUS, secondary, 1);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, subordinate,
1);
+pci_for_each_device(sec_bus, pci_bus_num(sec_bus),
+spapr_phb_pci_enumerate_bridge,
+bus_no);
+pci_default_write_config(pdev, PCI_SUBORDINATE_BUS, *bus_no, 1);
+}
+}
+}
+
+static void spapr_phb_pci_enumerate(sPAPRPHBState *phb)
+{
+PCIBus *bus = PCI_HOST_BRIDGE(phb)->bus;
+unsigned short bus_no = 0;
+
+pci_for_each_device(bus, pci_bus_num(bus),
+spapr_phb_pci_enumerate_bridge,
+
[Qemu-devel] [PATCH v3 5/6] spapr_pci: fix boot-time device tree fields for pci hotplug
From: Michael Roth
We need to set the proper drc_index values in ibm,my-drc-index
fields in order to allow a PCI device that was present at
boot-time to be unplugged.
Previously SLOF handles this, but with QEMU handling the DT we
need to do it there as well.
This patch slightly changes how SLOF handled it in the past,
which was to allows add an ibm,my-drc-index value based on
PCI slot/devices topology. Now we only add it when the slot
supports hotplug and has a DR connector, which is more inline
with PAPR.
Signed-off-by: Michael Roth
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 21 +++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 103284a..cbd5661 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -951,7 +951,9 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev, void
*fdt, int offset,
_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
strlen(drc_name)));
}
-_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
+if (drc_index) {
+_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
+}
_FDT(fdt_setprop_cell(fdt, offset, "#address-cells",
RESOURCE_CELLS_ADDRESS));
@@ -1483,6 +1485,20 @@ PCIHostState *spapr_create_phb(sPAPREnvironment *spapr,
int index)
return PCI_HOST_BRIDGE(dev);
}
+static uint32_t spapr_phb_get_pci_drc_index(sPAPRPHBState *phb,
+PCIDevice *pdev)
+{
+sPAPRDRConnector *drc = spapr_phb_get_pci_drc(phb, pdev);
+sPAPRDRConnectorClass *drck;
+
+if (!drc) {
+return 0;
+}
+
+drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
+return drck->get_index(drc);
+}
+
typedef struct sPAPRFDT {
void *fdt;
int node_off;
@@ -1499,6 +1515,7 @@ static void spapr_populate_pci_devices_dt(PCIBus *bus,
PCIDevice *pdev,
int func = PCI_FUNC(pdev->devfn);
char nodename[512];
sPAPRFDT s_fdt;
+uint32_t drc_index = spapr_phb_get_pci_drc_index(p->sphb, pdev);
if (func) {
sprintf(nodename, "pci@%d,%d", slot, func);
@@ -1506,7 +1523,7 @@ static void spapr_populate_pci_devices_dt(PCIBus *bus,
PCIDevice *pdev,
sprintf(nodename, "pci@%d", slot);
}
offset = fdt_add_subnode(p->fdt, p->node_off, nodename);
-ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index, 0, NULL);
+ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index,
drc_index, NULL);
g_assert(!ret);
if ((pci_default_read_config(pdev, PCI_HEADER_TYPE, 1) !=
--
1.8.3.1
[Qemu-devel] [PATCH v3 4/4] spapr: populate ibm,loc-code
Each hardware instance has a platform unique location code. The OF
device tree that describes a part of a hardware entity must include
the “ibm,loc-code” property with a value that represents the location
code for that hardware entity.
Populate ibm,loc-code.
1) PCI passthru devices need to identify with its own ibm,loc-code
available on the host.
2) Emulated devices encode as following:
qemu_::.
Signed-off-by: Nikunj A Dadhania
---
hw/ppc/spapr_pci.c | 86 +++---
1 file changed, 75 insertions(+), 11 deletions(-)
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
index 829c3ef..67b5cc0 100644
--- a/hw/ppc/spapr_pci.c
+++ b/hw/ppc/spapr_pci.c
@@ -745,6 +745,70 @@ static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void
*opaque, int devfn)
return &phb->iommu_as;
}
+static bool spapr_phb_vfio_get_devspec_value(PCIDevice *pdev, char **value)
+{
+char *host;
+char path[PATH_MAX];
+
+host = object_property_get_str(OBJECT(pdev), "host", NULL);
+if (!host) {
+return false;
+}
+
+snprintf(path, sizeof(path), "/sys/bus/pci/devices/%s/devspec", host);
+g_free(host);
+
+return g_file_get_contents(path, value, NULL, NULL);
+}
+
+static char *spapr_phb_vfio_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+char path[PATH_MAX], *buf = NULL;
+
+/* We have a vfio host bridge lets get the path. */
+if (!spapr_phb_vfio_get_devspec_value(pdev, &buf)) {
+return NULL;
+}
+
+snprintf(path, sizeof(path), "/proc/device-tree%s/ibm,loc-code", buf);
+g_free(buf);
+
+if (g_file_get_contents(path, &buf, NULL, NULL)) {
+return buf;
+} else {
+return NULL;
+}
+}
+
+static char *spapr_phb_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+char *path = g_malloc(PATH_MAX);
+
+if (!path) {
+return NULL;
+}
+
+/*
+ * For non-vfio devices and failures make up the location code out
+ * of the name, slot and function.
+ *
+ * qemu_::.
+ */
+snprintf(path, PATH_MAX, "qemu_%s:%02d:%02d.%1d", pdev->name,
+ sphb->index, PCI_SLOT(pdev->devfn), PCI_FUNC(pdev->devfn));
+return path;
+}
+
+
+static char *spapr_ibm_get_loc_code(sPAPRPHBState *sphb, PCIDevice *pdev)
+{
+if (object_dynamic_cast(OBJECT(pdev), "vfio-pci") != NULL) {
+return spapr_phb_vfio_get_loc_code(sphb, pdev);
+} else {
+return spapr_phb_get_loc_code(sphb, pdev);
+}
+}
+
/* Macros to operate with address in OF binding to PCI */
#define b_x(x, p, l)(((x) & ((1<<(l))-1)) << (p))
#define b_n(x) b_x((x), 31, 1) /* 0 if relocatable */
@@ -882,12 +946,12 @@ static void populate_resource_props(PCIDevice *d,
ResourceProps *rp)
}
static int spapr_populate_pci_child_dt(PCIDevice *dev, void *fdt, int offset,
- int phb_index, int drc_index,
- const char *drc_name)
+ sPAPRPHBState *phb, int drc_index)
{
ResourceProps rp;
bool is_bridge = false;
int pci_status;
+char *buf = NULL;
if (pci_default_read_config(dev, PCI_HEADER_TYPE, 1) ==
PCI_HEADER_TYPE_BRIDGE) {
@@ -948,9 +1012,10 @@ static int spapr_populate_pci_child_dt(PCIDevice *dev,
void *fdt, int offset,
* processed by OF beforehand
*/
_FDT(fdt_setprop_string(fdt, offset, "name", "pci"));
-if (drc_name) {
-_FDT(fdt_setprop(fdt, offset, "ibm,loc-code", drc_name,
- strlen(drc_name)));
+buf = spapr_ibm_get_loc_code(phb, dev);
+if (buf) {
+_FDT(fdt_setprop_string(fdt, offset, "ibm,loc-code", buf));
+g_free(buf);
}
_FDT(fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index));
@@ -987,8 +1052,7 @@ static void *spapr_create_pci_child_dt(sPAPRPHBState *phb,
PCIDevice *dev,
sprintf(nodename, "pci@%d", slot);
}
offset = fdt_add_subnode(fdt, 0, nodename);
-ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb->index, drc_index,
- drc_name);
+ret = spapr_populate_pci_child_dt(dev, fdt, offset, phb, drc_index);
g_assert(!ret);
*dt_offset = offset;
@@ -1499,7 +1563,7 @@ PCIHostState *spapr_create_phb(sPAPRMachineState *sm, int
index)
typedef struct sPAPRFDT {
void *fdt;
int node_off;
-uint32_t index;
+sPAPRPHBState *sphb;
} sPAPRFDT;
static void spapr_populate_pci_devices_dt(PCIBus *bus, PCIDevice *pdev,
@@ -1519,7 +1583,7 @@ static void spapr_populate_pci_devices_dt(PCIBus *bus,
PCIDevice *pdev,
sprintf(nodename, "pci@%d", slot);
}
offset = fdt_add_subnode(p->fdt, p->node_off, nodename);
-ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->index, 0, NULL);
+ret = spapr_populate_pci_child_dt(pdev, p->fdt, offset, p->sphb, 0);
g_assert(!ret);
if ((pci_default_read_config(pdev,
Re: [Qemu-devel] [PATCH v8 20/40] qapi: Better error messages for duplicated expressions
Eric Blake writes: > The previous commit demonstrated that the generator overlooked > duplicate expressions: > - a complex type or command reusing a built-in type name > - redeclaration of a type name, whether by the same or different > metatype > - redeclaration of a command or event > - collision of a type with implicit 'Kind' enum for a union > - collision with an implicit MAX enum constant > > Since the c_type() function in the generator treats all names > as being in the same namespace, this patch adds a global array > to track all known names and their source, to prevent collisions > before it can cause further problems. While valid .json files > won't trigger any of these cases, we might as well be nicer to > developers that make a typo while trying to add new QAPI code. > > Signed-off-by: Eric Blake > Reviewed-by: Markus Armbruster [...] > diff --git a/scripts/qapi.py b/scripts/qapi.py > index 868f08b..eea0976 100644 > --- a/scripts/qapi.py > +++ b/scripts/qapi.py [...] > @@ -567,12 +589,22 @@ def type_name(name): > return c_list_type(name[0]) > return name > > -enum_types = [] > -struct_types = [] > -union_types = [] > +def add_name(name, info, meta, implicit = False): > +global all_names > +if name in all_names: > +raise QAPIExprError(info, > +"%s '%s' is already defined" > +%(all_names[name], name)) Let's put a space between binary operator % and its right operand. > +if not implicit and name[-4:] == 'Kind': > +raise QAPIExprError(info, > +"%s '%s' should not end in 'Kind'" > +%(meta, name)) Likewise. Can fix up on commit. > +all_names[name] = meta > > -def add_struct(definition): > +def add_struct(definition, info): > global struct_types > +name = definition['type'] > +add_name(name, info, 'struct') > struct_types.append(definition) > > def find_struct(name): [...]
[Qemu-devel] [RFC] ARM/ARM64: KVM: Implement KVM_FLUSH_DCACHE_GPA ioctl
To maintain cache coherency on ARM, we may need a mechanism to flush
the data cache.
This patch implements KVM_FLUSH_DCACHE_GPA vm ioctl which flushes the
data cache at a specified address range. The input argument is a
struct kvm_mem_addr containing the guest physical address and the
length.
Signed-off-by: Jérémy Fanguède
---
arch/arm/kvm/arm.c | 13 +
include/uapi/linux/kvm.h | 6 ++
2 files changed, 19 insertions(+)
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
index d9631ec..8638fd2 100644
--- a/arch/arm/kvm/arm.c
+++ b/arch/arm/kvm/arm.c
@@ -886,6 +886,19 @@ long kvm_arch_vm_ioctl(struct file *filp,
return 0;
}
+ case KVM_FLUSH_DCACHE_GPA: {
+ struct kvm_mem_addr mem_addr;
+ hva_t hva;
+ gpa_t gpa;
+
+ if (copy_from_user(&mem_addr, argp, sizeof(mem_addr)))
+ return -EFAULT;
+
+ gpa = mem_addr.addr;
+ hva = gfn_to_hva(kvm, gpa_to_gfn(gpa)) | (gpa & ~PAGE_MASK);
+ kvm_flush_dcache_to_poc((void *)hva, mem_addr.len);
+ return 0;
+ }
default:
return -EINVAL;
}
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 4b60056..3bc599e 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -978,6 +978,11 @@ struct kvm_arm_device_addr {
__u64 addr;
};
+struct kvm_mem_addr {
+ __u64 addr;
+ __u32 len;
+};
+
/*
* Device control API, available with KVM_CAP_DEVICE_CTRL
*/
@@ -1199,6 +1204,7 @@ struct kvm_s390_ucas_mapping {
/* Available with KVM_CAP_S390_IRQ_STATE */
#define KVM_S390_SET_IRQ_STATE _IOW(KVMIO, 0xb5, struct kvm_s390_irq_state)
#define KVM_S390_GET_IRQ_STATE _IOW(KVMIO, 0xb6, struct kvm_s390_irq_state)
+#define KVM_FLUSH_DCACHE_GPA _IOW(KVMIO, 0xb7, struct kvm_mem_addr)
#define KVM_DEV_ASSIGN_ENABLE_IOMMU(1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
--
1.9.1
[Qemu-devel] [RFC 1/4] linux-headers update
Add KVM_FLUSH_DCACHE_GPA ioctl.
Signed-off-by: Jérémy Fanguède
---
linux-headers/linux/kvm.h | 6 ++
1 file changed, 6 insertions(+)
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index b96d978..81d2f64 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -978,6 +978,11 @@ struct kvm_arm_device_addr {
__u64 addr;
};
+struct kvm_mem_addr {
+ __u64 addr;
+ __u32 len;
+};
+
/*
* Device control API, available with KVM_CAP_DEVICE_CTRL
*/
@@ -1199,6 +1204,7 @@ struct kvm_s390_ucas_mapping {
/* Available with KVM_CAP_S390_IRQ_STATE */
#define KVM_S390_SET_IRQ_STATE _IOW(KVMIO, 0xb5, struct kvm_s390_irq_state)
#define KVM_S390_GET_IRQ_STATE _IOW(KVMIO, 0xb6, struct kvm_s390_irq_state)
+#define KVM_FLUSH_DCACHE_GPA _IOW(KVMIO, 0xb7, struct kvm_mem_addr)
#define KVM_DEV_ASSIGN_ENABLE_IOMMU(1 << 0)
#define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
--
1.9.1
[Qemu-devel] [RFC 2/4] target-arm/kvm: Flush data cache support
Implement data cache maintenance coherency functions, by using
FLUSH_DCACHE_GPA ioctl. Introduce kvm_arm_maintain_cache_coherency()
for flushing the data cache if necessary, a very simple logic is
implemented to reduce number of flushes due to reads. Two wrapping
functions are exposed, for easier usage.
Signed-off-by: Jérémy Fanguède
---
include/sysemu/kvm.h | 3 +++
stubs/kvm.c | 9 +
target-arm/kvm.c | 51 +++
3 files changed, 63 insertions(+)
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 197e6c0..986f365 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -451,4 +451,7 @@ int kvm_set_one_reg(CPUState *cs, uint64_t id, void
*source);
* Returns: 0 on success, or a negative errno on failure.
*/
int kvm_get_one_reg(CPUState *cs, uint64_t id, void *target);
+
+void kvm_arch_cache_flush_needed(hwaddr addr, int len, bool is_write);
+void kvm_arch_cache_coherency_pre_run(void);
#endif
diff --git a/stubs/kvm.c b/stubs/kvm.c
index e7c60b6..8ed5380 100644
--- a/stubs/kvm.c
+++ b/stubs/kvm.c
@@ -5,3 +5,12 @@ int kvm_arch_irqchip_create(KVMState *s)
{
return 0;
}
+
+
+void kvm_arch_cache_flush_needed(hwaddr addr, int len, bool is_write)
+{
+}
+
+void kvm_arch_cache_coherency_pre_run(void)
+{
+}
diff --git a/target-arm/kvm.c b/target-arm/kvm.c
index fdd9ba3..548dae2 100644
--- a/target-arm/kvm.c
+++ b/target-arm/kvm.c
@@ -598,3 +598,54 @@ int kvm_arch_fixup_msi_route(struct kvm_irq_routing_entry
*route,
{
return 0;
}
+
+static void kvm_arm_flush_cache_addr(hwaddr addr, int len)
+{
+int ret;
+struct kvm_mem_addr mem_addr;
+mem_addr.addr = addr;
+mem_addr.len = len;
+ret = kvm_vm_ioctl(kvm_state, KVM_FLUSH_DCACHE_GPA, &mem_addr);
+if (ret) {
+fprintf(stderr, "error: Failed to flush CPU caches %d\n", ret);
+}
+}
+
+static void kvm_arm_maintain_cache_coherency(hwaddr addr, int len,
+ bool enter_guest, bool is_write)
+{
+static hwaddr prev_addr;
+static int prev_len;
+hwaddr end_line, prev_end_line;
+
+if (enter_guest) {
+/* We will return to the guest after that, restore the default
+ configuration */
+prev_addr = 0x0;
+return;
+}
+
+/* Assume the minimal CPU cache line is 32 B */
+end_line = (addr + len) & ~0x1f;
+prev_end_line = (prev_addr + prev_len) & ~0x1f;
+
+/* Don't flush two times in a row the same line"
+ Always flush on a write */
+if ((prev_addr & ~0x1f) != (addr & ~0x1f)
+|| (prev_end_line < end_line)
+|| is_write) {
+kvm_arm_flush_cache_addr(addr, len);
+prev_addr = addr;
+prev_len = len;
+}
+}
+
+void kvm_arch_cache_flush_needed(hwaddr addr, int len, bool is_write)
+{
+kvm_arm_maintain_cache_coherency(addr, len, false, is_write);
+}
+
+void kvm_arch_cache_coherency_pre_run(void)
+{
+kvm_arm_maintain_cache_coherency(0, 0, true, false);
+}
--
1.9.1
[Qemu-devel] [RFC 0/4] arm/arm64: KVM: Get around cache incoherency
This RFC series shows how we can solve cache incohenrency issues on ARM/ARM64. This implementation uses an ioctl that flushes the data cache for a given range of the guest physical memory, this possible solution was already broached in the previous discussion [1][2]. Each access (read or write) to the guest memory that could lead to inconsistency is flushed if needed. A light optimization is done to minimize the ioctl call. Currently tested with the following devices: e1000, megasas, lsi53c895a, nec-usb-xhci, usb-ehci (with usb-host, usb-tablet, usb-kbd and usb-mouse), which were failling with KVM and now work fine with this patch. The kernel needs this patch: [RFC] ARM/ARM64: KVM: Implement KVM_FLUSH_DCACHE_GPA ioctl [1] https://lists.cs.columbia.edu/pipermail/kvmarm/2015-February/013593.html [2] https://lists.nongnu.org/archive/html/qemu-devel/2015-03/msg01254.html Jérémy Fanguède (4): linux-headers update target-arm/kvm: Flush data cache support kvm-all: Pre-run cache coherency maintenance exec: Flush data cache when needed exec.c| 19 ++ include/sysemu/kvm.h | 3 +++ kvm-all.c | 1 + linux-headers/linux/kvm.h | 6 ++ stubs/kvm.c | 9 + target-arm/kvm.c | 51 +++ 6 files changed, 89 insertions(+) -- 1.9.1
[Qemu-devel] [RFC 3/4] kvm-all: Pre-run cache coherency maintenance
Inform the cache coherency maintenance of an exit from userspace.
Signed-off-by: Jérémy Fanguède
---
kvm-all.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kvm-all.c b/kvm-all.c
index 28f4589..c4b15b0 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1802,6 +1802,7 @@ int kvm_cpu_exec(CPUState *cpu)
}
kvm_arch_pre_run(cpu, run);
+kvm_arch_cache_coherency_pre_run();
if (cpu->exit_request) {
DPRINTF("interrupt exit requested\n");
/*
--
1.9.1
[Qemu-devel] [RFC 4/4] exec: Flush data cache when needed
Flush the data cache when accesses occur in the guest ram memory.
Signed-off-by: Jérémy Fanguède
---
exec.c | 19 +++
1 file changed, 19 insertions(+)
diff --git a/exec.c b/exec.c
index ae37b98..0f859a3 100644
--- a/exec.c
+++ b/exec.c
@@ -2372,6 +2372,9 @@ MemTxResult address_space_rw(AddressSpace *as, hwaddr
addr, MemTxAttrs attrs,
ptr = qemu_get_ram_ptr(addr1);
memcpy(ptr, buf, l);
invalidate_and_set_dirty(addr1, l);
+if (kvm_enabled()) {
+kvm_arch_cache_flush_needed(addr, l, is_write);
+}
}
} else {
if (!memory_access_is_direct(mr, is_write)) {
@@ -2408,6 +2411,9 @@ MemTxResult address_space_rw(AddressSpace *as, hwaddr
addr, MemTxAttrs attrs,
} else {
/* RAM case */
ptr = qemu_get_ram_ptr(mr->ram_addr + addr1);
+if (kvm_enabled()) {
+kvm_arch_cache_flush_needed(addr, l, is_write);
+}
memcpy(buf, ptr, l);
}
}
@@ -2646,6 +2652,14 @@ void *address_space_map(AddressSpace *as,
return bounce.buffer;
}
+/* Need to be flushed only if we are reading */
+if (!is_write) {
+/* Don't flush if it's a cpu_physical_memory_map call */
+if (kvm_enabled() && as != &address_space_memory) {
+kvm_arch_cache_flush_needed(addr, l, is_write);
+}
+}
+
base = xlat;
raddr = memory_region_get_ram_addr(mr);
@@ -2679,6 +2693,7 @@ void address_space_unmap(AddressSpace *as, void *buffer,
hwaddr len,
if (buffer != bounce.buffer) {
MemoryRegion *mr;
ram_addr_t addr1;
+hwaddr base;
mr = qemu_ram_addr_from_host(buffer, &addr1);
assert(mr != NULL);
@@ -2688,6 +2703,10 @@ void address_space_unmap(AddressSpace *as, void *buffer,
hwaddr len,
if (xen_enabled()) {
xen_invalidate_map_cache_entry(buffer);
}
+if (kvm_enabled() && as != &address_space_memory) {
+base = object_property_get_int(OBJECT(mr), "addr", NULL);
+kvm_arch_cache_flush_needed(addr1 + base, access_len, is_write);
+}
memory_region_unref(mr);
return;
}
--
1.9.1
Re: [Qemu-devel] [PATCH v4 00/17] arm_gic: Add security and grouping support
On 5 May 2015 at 03:08, Edgar E. Iglesias wrote: > On Fri, May 01, 2015 at 06:50:26PM +0100, Peter Maydell wrote: >> This patch series adds support for GICv1 and GICv2 security >> extensions, as well as support for GIC interrupt grouping on GICv2. > > A question. Once we enable the the security extensions on the GICs, > do you have any suggestions on howto best handle direct boots into > NS EL2/1 (Linux)? > > The GIC resets to all interrupts configured for Group0 and Linux running > in NS mode cannot change that so we need some kind of boot-loader > code or magic to do what firmware would have been expected to do > at boot time (switch some irqs to NS). This is what I had in mind with the bit about: >> * if boot.c is starting the CPUs directly in NonSecure >>mode (because we're booting a kernel directly rather than >>starting firmware, and arm_boot_info::secure_boot is false) >>then it must also manually configure the GIC distributor >>to put all interrupts into Group1. This is boot.c having >>to do a firmware configuration job since it's effectively >>acting as lightweight builtin firmware. I hadn't made up my mind whether this was easier to do via boot.c writing a bunch of values to GICD registers or by having the GIC provide a function/method to call to do the job. -- PMM
[Qemu-devel] [PATCH] vmdk: Fix overflow if l1_size is 0x20000000
Richard Jones caught this bug with afl fuzzer.
In fact, that's the only possible value to overflow (extent->l1_size =
0x2000) l1_size:
l1_size = extent->l1_size * sizeof(long) => 0x8000;
g_try_malloc returns NULL because l1_size is interpreted as negative
during type casting from 'int' to 'gsize', which yields a enormous
value. Hence, by coincidence, we get a "not too bad" behavior:
qemu-img: Could not open '/tmp/afl6.img': Could not open
'/tmp/afl6.img': Cannot allocate memory
Values larger than 0x2000 will be refused by the validation in
vmdk_add_extent.
Values smaller than 0x2000 will not overflow l1_size.
Reported-by: Richard W.M. Jones
Signed-off-by: Fam Zheng
---
block/vmdk.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/block/vmdk.c b/block/vmdk.c
index 1c5e2ef..e095156 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -451,7 +451,8 @@ static int vmdk_init_tables(BlockDriverState *bs,
VmdkExtent *extent,
Error **errp)
{
int ret;
-int l1_size, i;
+size_t l1_size;
+int i;
/* read the L1 table */
l1_size = extent->l1_size * sizeof(uint32_t);
--
1.9.3
Re: [Qemu-devel] [PATCH qemu v7 00/14] spapr: vfio: Enable Dynamic DMA windows (DDW)
On 04/25/2015 10:24 PM, Alexey Kardashevskiy wrote: (cut-n-paste from kernel patchset) Anyone, ping? :) Each Partitionable Endpoint (IOMMU group) has an address range on a PCI bus where devices are allowed to do DMA. These ranges are called DMA windows. By default, there is a single DMA window, 1 or 2GB big, mapped at zero on a PCI bus. PAPR defines a DDW RTAS API which allows pseries guests querying the hypervisor about DDW support and capabilities (page size mask for now). A pseries guest may request an additional (to the default) DMA windows using this RTAS API. The existing pseries Linux guests request an additional window as big as the guest RAM and map the entire guest window which effectively creates direct mapping of the guest memory to a PCI bus. This patchset reworks PPC64 IOMMU code and adds necessary structures to support big windows. Once a Linux guest discovers the presence of DDW, it does: 1. query hypervisor about number of available windows and page size masks; 2. create a window with the biggest possible page size (today 4K/64K/16M); 3. map the entire guest RAM via H_PUT_TCE* hypercalls; 4. switche dma_ops to direct_dma_ops on the selected PE. Once this is done, H_PUT_TCE is not called anymore for 64bit devices and the guest does not waste time on DMA map/unmap operations. Note that 32bit devices won't use DDW and will keep using the default DMA window so KVM optimizations will be required (to be posted later). This patchset adds DDW support for pseries. The host kernel changes are required, posted as: [PATCH kernel v9 00/32] powerpc/iommu/vfio: Enable Dynamic DMA windows This patchset is based on git://github.com/dgibson/qemu.git spapr-next branch. This is also pushed to g...@github.com:aik/qemu.git + a64ff6f...64ac9a4 64ac9a4 -> vfio-for-github (forced update) Please comment. Thanks! Changes: v7: * bunch of cleanups, renames after David+Thomas+Michael review * patches are reorganized and those which do not need the host kernel headers update are put first and can be pulled if these are good enough :) v6: * spapr-pci-vfio-host-bridge is now a synonim of spapr-pci-host-bridge - same PHB can host emulated and VFIO devices * changed patches order * lot of small changes v5: * TCE tables got "enabled" state and are persistent, i.e. not recreated every reboot * added v2 of SPAPR_TCE_IOMMU * fixed migration for emulated PHB with enabled DDW * huge pile of other changes v4: * reimplemented the whole thing * machine reset and ddw-reset RTAS call both remove all TCE tables and create the default one * IOMMU group id is not needed to use VFIO PHB anymore, multiple groups are supported on the same VFIO container and virtual PHB v3: * removed "reset" from API now * reworked machine versions * applied multiple comments * includes David's machine QOM rework as this patchset adds a new machine type v2: * tested on emulated PHB * removed "ddw" machine property, now it is PHB property * disabled by default * defined "pseries-2.2" machine which enables DDW by default * fixed reset() and reference counting Alexey Kardashevskiy (14): spapr_pci: Finish making find_phb()/find_dev() public vmstate: Define VARRAY with VMS_ALLOC vfio: spapr: Move SPAPR-related code to a separate file spapr_pci_vfio: Enable multiple groups per container spapr_pci: Convert finish_realize() to dma_capabilities_update()+dma_init_window() spapr_iommu: Introduce "enabled" state for TCE table spapr_iommu: Add root memory region spapr_pci: Do complete reset of DMA config when resetting PHB spapr_vfio_pci: Remove redundant spapr-pci-vfio-host-bridge linux headers update for DDW on SPAPR vfio: spapr: Add SPAPR IOMMU v2 support (DMA memory preregistering) spapr: Add pseries-2.4 machine spapr_pci/spapr_pci_vfio: Support Dynamic DMA Windows (DDW) vfio: Enable DDW ioctls to VFIO IOMMU driver hw/ppc/Makefile.objs | 3 + hw/ppc/spapr.c| 32 - hw/ppc/spapr_iommu.c | 144 +-- hw/ppc/spapr_pci.c| 208 ++-- hw/ppc/spapr_pci_vfio.c | 147 hw/ppc/spapr_rtas_ddw.c | 300 hw/ppc/spapr_vio.c| 9 +- hw/vfio/Makefile.objs | 1 + hw/vfio/common.c | 180 +--- hw/vfio/spapr.c | 312 ++ include/hw/pci-host/spapr.h | 49 +-- include/hw/ppc/spapr.h| 30 +++- include/hw/vfio/vfio-common.h | 16 +++ include/hw/vfio/vfio.h| 2 +- include/migration/vmstate.h | 10 ++ linux-headers/linux/vfio.h| 88 +++- trace-events | 5 + 17 files changed, 1188 insertions(+), 348 deletions(-) create mode 100644 hw/ppc/spapr_rtas_ddw.c create mode 100644 hw/vfio/spapr.c -- Alexey
[Qemu-devel] [PATCH] parallel: Allow to disable CONFIG_PARALLEL
From: Miroslav Rezanina
Disabling CONFIG_PARALLEL cause build failure as commit 07dc788 factored
out initialization to parallel_hds_isa_init that is not build.
Make calling parallel_hds_isa_init depending on CONFIG_PARALLEL so it can
be correctly disabled.
Signed-off-by: Miroslav Rezanina
---
hw/i386/pc.c| 2 ++
hw/mips/mips_fulong2e.c | 2 ++
hw/mips/mips_malta.c| 2 ++
hw/sparc64/sun4u.c | 2 ++
4 files changed, 8 insertions(+)
diff --git a/hw/i386/pc.c b/hw/i386/pc.c
index a8e6be1..560464e 100644
--- a/hw/i386/pc.c
+++ b/hw/i386/pc.c
@@ -1465,7 +1465,9 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq *gsi,
}
serial_hds_isa_init(isa_bus, MAX_SERIAL_PORTS);
+#ifdef CONFIG_PARALLEL
parallel_hds_isa_init(isa_bus, MAX_PARALLEL_PORTS);
+#endif
a20_line = qemu_allocate_irqs(handle_a20_line_change, first_cpu, 2);
i8042 = isa_create_simple(isa_bus, "i8042");
diff --git a/hw/mips/mips_fulong2e.c b/hw/mips/mips_fulong2e.c
index dea941a..bd73fa6 100644
--- a/hw/mips/mips_fulong2e.c
+++ b/hw/mips/mips_fulong2e.c
@@ -384,7 +384,9 @@ static void mips_fulong2e_init(MachineState *machine)
rtc_init(isa_bus, 2000, NULL);
serial_hds_isa_init(isa_bus, MAX_SERIAL_PORTS);
+#ifdef CONFIG_PARALLEL
parallel_hds_isa_init(isa_bus, 1);
+#endif
/* Sound card */
audio_init(pci_bus);
diff --git a/hw/mips/mips_malta.c b/hw/mips/mips_malta.c
index 482250d..f2246fb 100644
--- a/hw/mips/mips_malta.c
+++ b/hw/mips/mips_malta.c
@@ -1173,7 +1173,9 @@ void mips_malta_init(MachineState *machine)
rtc_init(isa_bus, 2000, NULL);
serial_hds_isa_init(isa_bus, 2);
+#ifdef CONFIG_PARALLEL
parallel_hds_isa_init(isa_bus, 1);
+#endif
for(i = 0; i < MAX_FD; i++) {
fd[i] = drive_get(IF_FLOPPY, 0, i);
diff --git a/hw/sparc64/sun4u.c b/hw/sparc64/sun4u.c
index 6f34e87..6b88558 100644
--- a/hw/sparc64/sun4u.c
+++ b/hw/sparc64/sun4u.c
@@ -855,7 +855,9 @@ static void sun4uv_init(MemoryRegion *address_space_mem,
}
serial_hds_isa_init(isa_bus, MAX_SERIAL_PORTS);
+#ifdef CONFIG_PARALLEL
parallel_hds_isa_init(isa_bus, MAX_PARALLEL_PORTS);
+#endif
for(i = 0; i < nb_nics; i++)
pci_nic_init_nofail(&nd_table[i], pci_bus, "ne2k_pci", NULL);
--
2.1.0
[Qemu-devel] [PULL 1/6] opengl: add shader build infrastructure
perl script to transform shader programs into c include files with
static string constands containing the shader programs, so we can
easily embed them into qemu. Also some Makefile logic for them.
Signed-off-by: Gerd Hoffmann
Reviewed-by: Max Reitz
---
Makefile | 14 ++
scripts/shaderinclude.pl | 16
2 files changed, 30 insertions(+)
create mode 100644 scripts/shaderinclude.pl
diff --git a/Makefile b/Makefile
index 93af871..49e4567 100644
--- a/Makefile
+++ b/Makefile
@@ -296,6 +296,7 @@ clean:
rm -f fsdev/*.pod
rm -rf .libs */.libs
rm -f qemu-img-cmds.h
+ rm -f ui/shader/*-vert.h ui/shader/*-frag.h
@# May not be present in GENERATED_HEADERS
rm -f trace/generated-tracers-dtrace.dtrace*
rm -f trace/generated-tracers-dtrace.h*
@@ -441,6 +442,19 @@ cscope:
find "$(SRC_PATH)" -name "*.[chsS]" -print | sed 's,^\./,,' >
./cscope.files
cscope -b
+# opengl shader programs
+ui/shader/%-vert.h: $(SRC_PATH)/ui/shader/%.vert
$(SRC_PATH)/scripts/shaderinclude.pl
+ @mkdir -p $(dir $@)
+ $(call quiet-command,\
+ perl $(SRC_PATH)/scripts/shaderinclude.pl $< > $@,\
+ " VERT $@")
+
+ui/shader/%-frag.h: $(SRC_PATH)/ui/shader/%.frag
$(SRC_PATH)/scripts/shaderinclude.pl
+ @mkdir -p $(dir $@)
+ $(call quiet-command,\
+ perl $(SRC_PATH)/scripts/shaderinclude.pl $< > $@,\
+ " FRAG $@")
+
# documentation
MAKEINFO=makeinfo
MAKEINFOFLAGS=--no-headers --no-split --number-sections
diff --git a/scripts/shaderinclude.pl b/scripts/shaderinclude.pl
new file mode 100644
index 000..81b5146
--- /dev/null
+++ b/scripts/shaderinclude.pl
@@ -0,0 +1,16 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+
+my $file = shift;
+open FILE, "<", $file or die "open $file: $!";
+my $name = $file;
+$name =~ s|.*/||;
+$name =~ s/[-.]/_/g;
+print "static GLchar ${name}_src[] =\n";
+while () {
+chomp;
+printf "\"%s\\n\"\n", $_;
+}
+print "\"\\n\";\n";
+close FILE;
--
1.8.3.1
[Qemu-devel] [PULL 0/6] sdl2: add opengl rendering support.
Hi, Now finally the pull request for the first opengl rendering bits. We'll start with sdl2. gtk is in the pipeline already, stay tuned. please pull, Gerd The following changes since commit 5bccbb04a4abba7af4398de992bf06d585fd1333: Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2015-04-30 20:34:54 +0100) are available in the git repository at: git://git.kraxel.org/qemu tags/pull-sdl-20150505-1 for you to fetch changes up to e444ea34f8ec27acfa9ead7eaa9904238c831e69: sdl2: Fix RGB555 (2015-05-05 10:48:26 +0200) sdl2: add opengl support Gerd Hoffmann (5): opengl: add shader build infrastructure opengl: add shader helper functions. console-gl: add opengl rendering helper functions sdl2: move SDL_* includes to sdl2.h sdl2: add support for display rendering using opengl. Max Reitz (1): sdl2: Fix RGB555 Makefile| 17 + configure | 2 +- include/ui/console.h| 37 ++ include/ui/sdl2.h | 17 + include/ui/shader.h | 11 +++ scripts/shaderinclude.pl| 16 + ui/Makefile.objs| 13 ui/console-gl.c | 168 ui/sdl.c| 10 +++ ui/sdl2-2d.c| 28 +--- ui/sdl2-gl.c| 112 + ui/sdl2-input.c | 6 -- ui/sdl2.c | 71 +++ ui/shader.c | 114 ++ ui/shader/texture-blit.frag | 10 +++ ui/shader/texture-blit.vert | 10 +++ vl.c| 23 ++ 17 files changed, 637 insertions(+), 28 deletions(-) create mode 100644 include/ui/shader.h create mode 100644 scripts/shaderinclude.pl create mode 100644 ui/console-gl.c create mode 100644 ui/sdl2-gl.c create mode 100644 ui/shader.c create mode 100644 ui/shader/texture-blit.frag create mode 100644 ui/shader/texture-blit.vert
[Qemu-devel] [PULL 4/6] sdl2: move SDL_* includes to sdl2.h
Signed-off-by: Gerd Hoffmann
Reviewed-by: Max Reitz
---
include/ui/sdl2.h | 6 ++
ui/sdl2-2d.c | 6 --
ui/sdl2-input.c | 6 --
ui/sdl2.c | 6 --
4 files changed, 6 insertions(+), 18 deletions(-)
diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index 51fff2e..e21783a 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -1,6 +1,12 @@
#ifndef SDL2_H
#define SDL2_H
+/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
+#undef WIN32_LEAN_AND_MEAN
+
+#include
+#include
+
struct sdl2_console {
DisplayChangeListener dcl;
DisplaySurface *surface;
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
index f907c21..46ef5f7 100644
--- a/ui/sdl2-2d.c
+++ b/ui/sdl2-2d.c
@@ -23,12 +23,6 @@
*/
/* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
-/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
-#undef WIN32_LEAN_AND_MEAN
-
-#include
-#include
-
#include "qemu-common.h"
#include "ui/console.h"
#include "ui/input.h"
diff --git a/ui/sdl2-input.c b/ui/sdl2-input.c
index a1973fc..ac5dc94 100644
--- a/ui/sdl2-input.c
+++ b/ui/sdl2-input.c
@@ -23,12 +23,6 @@
*/
/* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
-/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
-#undef WIN32_LEAN_AND_MEAN
-
-#include
-#include
-
#include "qemu-common.h"
#include "ui/console.h"
#include "ui/input.h"
diff --git a/ui/sdl2.c b/ui/sdl2.c
index 60e3c3b..610ddb0 100644
--- a/ui/sdl2.c
+++ b/ui/sdl2.c
@@ -23,12 +23,6 @@
*/
/* Ported SDL 1.2 code to 2.0 by Dave Airlie. */
-/* Avoid compiler warning because macro is redefined in SDL_syswm.h. */
-#undef WIN32_LEAN_AND_MEAN
-
-#include
-#include
-
#include "qemu-common.h"
#include "ui/console.h"
#include "ui/input.h"
--
1.8.3.1
[Qemu-devel] [PULL 2/6] opengl: add shader helper functions.
Helper functions to compile, link and run opengl shader programs.
Signed-off-by: Gerd Hoffmann
---
include/ui/shader.h | 9 +
ui/Makefile.objs| 7
ui/shader.c | 95 +
3 files changed, 111 insertions(+)
create mode 100644 include/ui/shader.h
create mode 100644 ui/shader.c
diff --git a/include/ui/shader.h b/include/ui/shader.h
new file mode 100644
index 000..e1b0caf
--- /dev/null
+++ b/include/ui/shader.h
@@ -0,0 +1,9 @@
+#ifdef CONFIG_OPENGL
+# include
+# include
+#endif
+
+GLuint qemu_gl_create_compile_shader(GLenum type, const GLchar *src);
+GLuint qemu_gl_create_link_program(GLuint vert, GLuint frag);
+GLuint qemu_gl_create_compile_link_program(const GLchar *vert_src,
+ const GLchar *frag_src);
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 13b5cfb..7a76df5 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -24,4 +24,11 @@ sdl.mo-objs := sdl2.o sdl2-input.o sdl2-2d.o
endif
sdl.mo-cflags := $(SDL_CFLAGS)
+ifeq ($(CONFIG_OPENGL),y)
+common-obj-y += shader.o
+endif
+
gtk.o-cflags := $(GTK_CFLAGS) $(VTE_CFLAGS)
+shader.o-cflags += $(OPENGL_CFLAGS)
+
+shader.o-libs += $(OPENGL_LIBS)
diff --git a/ui/shader.c b/ui/shader.c
new file mode 100644
index 000..c3272d6
--- /dev/null
+++ b/ui/shader.c
@@ -0,0 +1,95 @@
+/*
+ * QEMU opengl shader helper functions
+ *
+ * Copyright (c) 2014 Red Hat
+ *
+ * Authors:
+ *Gerd Hoffmann
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu-common.h"
+#include "ui/shader.h"
+
+/* -- */
+
+GLuint qemu_gl_create_compile_shader(GLenum type, const GLchar *src)
+{
+GLuint shader;
+GLint status, length;
+char *errmsg;
+
+shader = glCreateShader(type);
+glShaderSource(shader, 1, &src, 0);
+glCompileShader(shader);
+
+glGetShaderiv(shader, GL_COMPILE_STATUS, &status);
+if (!status) {
+glGetShaderiv(shader, GL_INFO_LOG_LENGTH, &length);
+errmsg = malloc(length);
+glGetShaderInfoLog(shader, length, &length, errmsg);
+fprintf(stderr, "%s: compile %s error\n%s\n", __func__,
+(type == GL_VERTEX_SHADER) ? "vertex" : "fragment",
+errmsg);
+free(errmsg);
+return 0;
+}
+return shader;
+}
+
+GLuint qemu_gl_create_link_program(GLuint vert, GLuint frag)
+{
+GLuint program;
+GLint status, length;
+char *errmsg;
+
+program = glCreateProgram();
+glAttachShader(program, vert);
+glAttachShader(program, frag);
+glLinkProgram(program);
+
+glGetProgramiv(program, GL_LINK_STATUS, &status);
+if (!status) {
+glGetProgramiv(program, GL_INFO_LOG_LENGTH, &length);
+errmsg = malloc(length);
+glGetProgramInfoLog(program, length, &length, errmsg);
+fprintf(stderr, "%s: link program: %s\n", __func__, errmsg);
+free(errmsg);
+return 0;
+}
+return program;
+}
+
+GLuint qemu_gl_create_compile_link_program(const GLchar *vert_src,
+ const GLchar *frag_src)
+{
+GLuint vert_shader, frag_shader, program;
+
+vert_shader = qemu_gl_create_compile_shader(GL_VERTEX_SHADER, vert_src);
+frag_shader = qemu_gl_create_compile_shader(GL_FRAGMENT_SHADER, frag_src);
+if (!vert_shader || !frag_shader) {
+return 0;
+}
+
+program = qemu_gl_create_link_program(vert_shader, frag_shader);
+glDeleteShader(vert_shader);
+glDeleteShader(frag_shader);
+
+return program;
+}
--
1.8.3.1
[Qemu-devel] [PULL 6/6] sdl2: Fix RGB555
From: Max Reitz
Reproducable with:
$ x86_64-softmmu/qemu-system-x86_64 \
-kernel $vmlinuz_of_your_choice \
-append vga=0x313 -sdl
Signed-off-by: Max Reitz
Signed-off-by: Gerd Hoffmann
---
include/ui/console.h | 5 +
ui/sdl2-2d.c | 15 +--
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/include/ui/console.h b/include/ui/console.h
index d211692..0b75896 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -280,6 +280,11 @@ static inline int surface_bytes_per_pixel(DisplaySurface
*s)
return (bits + 7) / 8;
}
+static inline pixman_format_code_t surface_format(DisplaySurface *s)
+{
+return s->format;
+}
+
#ifdef CONFIG_CURSES
#include
typedef chtype console_ch_t;
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
index bb56747..d0b340f 100644
--- a/ui/sdl2-2d.c
+++ b/ui/sdl2-2d.c
@@ -89,10 +89,21 @@ void sdl2_2d_switch(DisplayChangeListener *dcl,
surface_width(new_surface),
surface_height(new_surface));
-if (surface_bits_per_pixel(scon->surface) == 16) {
+switch (surface_format(scon->surface)) {
+case PIXMAN_x1r5g5b5:
+format = SDL_PIXELFORMAT_ARGB1555;
+break;
+case PIXMAN_r5g6b5:
format = SDL_PIXELFORMAT_RGB565;
-} else if (surface_bits_per_pixel(scon->surface) == 32) {
+break;
+case PIXMAN_x8r8g8b8:
format = SDL_PIXELFORMAT_ARGB;
+break;
+case PIXMAN_r8g8b8x8:
+format = SDL_PIXELFORMAT_RGBA;
+break;
+default:
+g_assert_not_reached();
}
scon->texture = SDL_CreateTexture(scon->real_renderer, format,
SDL_TEXTUREACCESS_STREAMING,
--
1.8.3.1
[Qemu-devel] [PULL 3/6] console-gl: add opengl rendering helper functions
Signed-off-by: Gerd Hoffmann
Reviewed-by: Max Reitz
---
Makefile| 3 +
configure | 2 +-
include/ui/console.h| 31
include/ui/shader.h | 2 +
ui/Makefile.objs| 3 +
ui/console-gl.c | 168
ui/shader.c | 19 +
ui/shader/texture-blit.frag | 10 +++
ui/shader/texture-blit.vert | 10 +++
9 files changed, 247 insertions(+), 1 deletion(-)
create mode 100644 ui/console-gl.c
create mode 100644 ui/shader/texture-blit.frag
create mode 100644 ui/shader/texture-blit.vert
diff --git a/Makefile b/Makefile
index 49e4567..f032158 100644
--- a/Makefile
+++ b/Makefile
@@ -455,6 +455,9 @@ ui/shader/%-frag.h: $(SRC_PATH)/ui/shader/%.frag
$(SRC_PATH)/scripts/shaderinclu
perl $(SRC_PATH)/scripts/shaderinclude.pl $< > $@,\
" FRAG $@")
+ui/console-gl.o: $(SRC_PATH)/ui/console-gl.c \
+ ui/shader/texture-blit-vert.h ui/shader/texture-blit-frag.h
+
# documentation
MAKEINFO=makeinfo
MAKEINFOFLAGS=--no-headers --no-split --number-sections
diff --git a/configure b/configure
index 255d85b..b18aa9e 100755
--- a/configure
+++ b/configure
@@ -3142,7 +3142,7 @@ else
fi
if test "$opengl" != "no" ; then
- opengl_pkgs="gl"
+ opengl_pkgs="gl glesv2"
if $pkg_config $opengl_pkgs x11 && test "$have_glx" = "yes"; then
opengl_cflags="$($pkg_config --cflags $opengl_pkgs) $x11_cflags"
opengl_libs="$($pkg_config --libs $opengl_pkgs) $x11_libs"
diff --git a/include/ui/console.h b/include/ui/console.h
index 03cd665..ee00fc5 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -9,6 +9,11 @@
#include "qapi-types.h"
#include "qapi/error.h"
+#ifdef CONFIG_OPENGL
+# include
+# include
+#endif
+
/* keyboard/mouse support */
#define MOUSE_EVENT_LBUTTON 0x01
@@ -117,6 +122,11 @@ struct DisplaySurface {
pixman_format_code_t format;
pixman_image_t *image;
uint8_t flags;
+#ifdef CONFIG_OPENGL
+GLenum glformat;
+GLenum gltype;
+GLuint texture;
+#endif
};
typedef struct QemuUIInfo {
@@ -322,6 +332,27 @@ void qemu_console_copy(QemuConsole *con, int src_x, int
src_y,
int dst_x, int dst_y, int w, int h);
DisplaySurface *qemu_console_surface(QemuConsole *con);
+/* console-gl.c */
+typedef struct ConsoleGLState ConsoleGLState;
+#ifdef CONFIG_OPENGL
+ConsoleGLState *console_gl_init_context(void);
+void console_gl_fini_context(ConsoleGLState *gls);
+bool console_gl_check_format(DisplayChangeListener *dcl,
+ pixman_format_code_t format);
+void surface_gl_create_texture(ConsoleGLState *gls,
+ DisplaySurface *surface);
+void surface_gl_update_texture(ConsoleGLState *gls,
+ DisplaySurface *surface,
+ int x, int y, int w, int h);
+void surface_gl_render_texture(ConsoleGLState *gls,
+ DisplaySurface *surface);
+void surface_gl_destroy_texture(ConsoleGLState *gls,
+ DisplaySurface *surface);
+void surface_gl_setup_viewport(ConsoleGLState *gls,
+ DisplaySurface *surface,
+ int ww, int wh);
+#endif
+
/* sdl.c */
void sdl_display_init(DisplayState *ds, int full_screen, int no_frame);
diff --git a/include/ui/shader.h b/include/ui/shader.h
index e1b0caf..1ff926c 100644
--- a/include/ui/shader.h
+++ b/include/ui/shader.h
@@ -3,6 +3,8 @@
# include
#endif
+void qemu_gl_run_texture_blit(GLint texture_blit_prog);
+
GLuint qemu_gl_create_compile_shader(GLenum type, const GLchar *src);
GLuint qemu_gl_create_link_program(GLuint vert, GLuint frag);
GLuint qemu_gl_create_compile_link_program(const GLchar *vert_src,
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 7a76df5..67fe278 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -26,9 +26,12 @@ sdl.mo-cflags := $(SDL_CFLAGS)
ifeq ($(CONFIG_OPENGL),y)
common-obj-y += shader.o
+common-obj-y += console-gl.o
endif
gtk.o-cflags := $(GTK_CFLAGS) $(VTE_CFLAGS)
shader.o-cflags += $(OPENGL_CFLAGS)
+console-gl.o-cflags += $(OPENGL_CFLAGS)
shader.o-libs += $(OPENGL_LIBS)
+console-gl.o-libs += $(OPENGL_LIBS)
diff --git a/ui/console-gl.c b/ui/console-gl.c
new file mode 100644
index 000..cb45cf8
--- /dev/null
+++ b/ui/console-gl.c
@@ -0,0 +1,168 @@
+/*
+ * QEMU graphical console -- opengl helper bits
+ *
+ * Copyright (c) 2014 Red Hat
+ *
+ * Authors:
+ *Gerd Hoffmann
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnish
[Qemu-devel] [PULL 5/6] sdl2: add support for display rendering using opengl.
Add new sdl2-gl.c file, with display
rendering functions using opengl.
Signed-off-by: Gerd Hoffmann
Reviewed-by: Max Reitz
---
include/ui/console.h | 1 +
include/ui/sdl2.h| 11 +
ui/Makefile.objs | 3 ++
ui/sdl.c | 10 +
ui/sdl2-2d.c | 7
ui/sdl2-gl.c | 112 +++
ui/sdl2.c| 65 ++
vl.c | 23 +++
8 files changed, 225 insertions(+), 7 deletions(-)
create mode 100644 ui/sdl2-gl.c
diff --git a/include/ui/console.h b/include/ui/console.h
index ee00fc5..d211692 100644
--- a/include/ui/console.h
+++ b/include/ui/console.h
@@ -354,6 +354,7 @@ void surface_gl_setup_viewport(ConsoleGLState *gls,
#endif
/* sdl.c */
+void sdl_display_early_init(int opengl);
void sdl_display_init(DisplayState *ds, int full_screen, int no_frame);
/* cocoa.m */
diff --git a/include/ui/sdl2.h b/include/ui/sdl2.h
index e21783a..2fdad8f 100644
--- a/include/ui/sdl2.h
+++ b/include/ui/sdl2.h
@@ -17,6 +17,10 @@ struct sdl2_console {
int last_vm_running; /* per console for caption reasons */
int x, y;
int hidden;
+int opengl;
+int updates;
+SDL_GLContext winctx;
+ConsoleGLState *gls;
};
void sdl2_window_create(struct sdl2_console *scon);
@@ -37,4 +41,11 @@ void sdl2_2d_redraw(struct sdl2_console *scon);
bool sdl2_2d_check_format(DisplayChangeListener *dcl,
pixman_format_code_t format);
+void sdl2_gl_update(DisplayChangeListener *dcl,
+int x, int y, int w, int h);
+void sdl2_gl_switch(DisplayChangeListener *dcl,
+DisplaySurface *new_surface);
+void sdl2_gl_refresh(DisplayChangeListener *dcl);
+void sdl2_gl_redraw(struct sdl2_console *scon);
+
#endif /* SDL2_H */
diff --git a/ui/Makefile.objs b/ui/Makefile.objs
index 67fe278..029a42a 100644
--- a/ui/Makefile.objs
+++ b/ui/Makefile.objs
@@ -21,6 +21,9 @@ sdl.mo-objs := sdl.o sdl_zoom.o
endif
ifeq ($(CONFIG_SDLABI),2.0)
sdl.mo-objs := sdl2.o sdl2-input.o sdl2-2d.o
+ifeq ($(CONFIG_OPENGL),y)
+sdl.mo-objs += sdl2-gl.o
+endif
endif
sdl.mo-cflags := $(SDL_CFLAGS)
diff --git a/ui/sdl.c b/ui/sdl.c
index 8bdbf52..3be2910 100644
--- a/ui/sdl.c
+++ b/ui/sdl.c
@@ -908,6 +908,16 @@ static const DisplayChangeListenerOps dcl_ops = {
.dpy_cursor_define= sdl_mouse_define,
};
+void sdl_display_early_init(int opengl)
+{
+if (opengl == 1 /* on */) {
+fprintf(stderr,
+"SDL1 display code has no opengl support.\n"
+"Please recompile qemu with SDL2, using\n"
+"./configure --enable-sdl --with-sdlabi=2.0\n");
+}
+}
+
void sdl_display_init(DisplayState *ds, int full_screen, int no_frame)
{
int flags;
diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c
index 46ef5f7..bb56747 100644
--- a/ui/sdl2-2d.c
+++ b/ui/sdl2-2d.c
@@ -36,6 +36,8 @@ void sdl2_2d_update(DisplayChangeListener *dcl,
DisplaySurface *surf = qemu_console_surface(dcl->con);
SDL_Rect rect;
+assert(!scon->opengl);
+
if (!surf) {
return;
}
@@ -61,6 +63,8 @@ void sdl2_2d_switch(DisplayChangeListener *dcl,
DisplaySurface *old_surface = scon->surface;
int format = 0;
+assert(!scon->opengl);
+
scon->surface = new_surface;
if (scon->texture) {
@@ -101,12 +105,15 @@ void sdl2_2d_refresh(DisplayChangeListener *dcl)
{
struct sdl2_console *scon = container_of(dcl, struct sdl2_console, dcl);
+assert(!scon->opengl);
graphic_hw_update(dcl->con);
sdl2_poll_events(scon);
}
void sdl2_2d_redraw(struct sdl2_console *scon)
{
+assert(!scon->opengl);
+
if (!scon->surface) {
return;
}
diff --git a/ui/sdl2-gl.c b/ui/sdl2-gl.c
new file mode 100644
index 000..b604c06
--- /dev/null
+++ b/ui/sdl2-gl.c
@@ -0,0 +1,112 @@
+/*
+ * QEMU SDL display driver -- opengl support
+ *
+ * Copyright (c) 2014 Red Hat
+ *
+ * Authors:
+ * Gerd Hoffmann
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARI
Re: [Qemu-devel] [PATCH] ui: remove check for failure of qemu_acl_init()
On Fr, 2015-05-01 at 11:44 +0100, Daniel P. Berrange wrote: > The qemu_acl_init() function has long since stopped being able > to return NULL, since g_malloc will abort on OOM. As such the > checks for NULL were unreachable code. added to vnc queue. thanks, Gerd
Re: [Qemu-devel] [PATCH 2/2] spice-char: notify the server when chardev is writable
Hi, > > Ok then. Added to spice queue. Fails to build, but that looks like > > just being the dependency on amits patch and should go away once that > > one is upstream. > > The dependency patch is now in tree, please pick this series up. Hmm, not in my queue any more, probably dropped at some point due to the build failure. Can you resend please? thanks, Gerd
Re: [Qemu-devel] PCI on ARM virt machine - status ?
Hello! > You can help with the merge by indicating you have tested it with a > formal tested-by: tag from yourself to the cover letters of the series. > This helps the maintainers know that someone has tested it. How to do it correctly ? I've never done that before. Do i need to reply to the original message in which the patch was published, with comments and tested-by: tag ? In this case, how can i, if i don't have this message in my email client (subscribed after that) ? Kind regards, Pavel Fedin Expert Engineer Samsung Electronics Research center Russia
Re: [Qemu-devel] [PATCH 1/3] vnc: Don't assert if opening unix socket fails
On Mi, 2015-04-29 at 12:37 -0400, Cole Robinson wrote: > +if (vs->lsock < 0) > +goto fail; fails checkpatch.pl
Re: [Qemu-devel] [PATCH v2 0/3] block: Warn about usage of growing formats over non-growable protocols
On Thu, Mar 19, 2015 at 03:03:18PM -0400, Max Reitz wrote: > Some image formats (e.g. qcow2) require the underlying file to grow on > write accesses, but this is in fact not supported by all protocols (e.g. > nbd does not). If such a format requiring file growth is used > non-read-only over a protocol which does not support this, a warning > should be issued. > > This warning is issued for example whenever one tries to export a qcow2 > image over nbd-server and use the export from qemu. The warning implies that the user should switch to read-only or a different protocol, but this configuration is perfectly normal. For example, oVirt uses qcow2 on LVM volumes. Introducing a warning for a normal QEMU invocation is a bit weird. What is the point of this series? Were users confused that they hit ENOSPC? Stefan pgprwua_5CZcI.pgp Description: PGP signature
Re: [Qemu-devel] [PATCH] usb: fix usb-net segfault
On Mi, 2015-04-29 at 11:34 +, Michal Kazior wrote: > The dev->config pointer isn't set until guest > system initializes usb devices (via > usb_desc_set_config). However qemu networking can > go through some motions prior to that, e.g.: > > #0 is_rndis (s=0x57261970) at hw/usb/dev-network.c:653 > #1 0x5585f723 in usbnet_can_receive (nc=0x5641e820) at > hw/usb/dev-network.c:1315 > #2 0x5587635e in qemu_can_send_packet (sender=0x572660a0) at > net/net.c:470 > #3 0x55878e34 in net_hub_port_can_receive (nc=0x562d7800) at > net/hub.c:101 > #4 0x5587635e in qemu_can_send_packet (sender=0x562d7980) at > net/net.c:470 > #5 0x5587dbca in tap_can_send (opaque=0x562d7980) at > net/tap.c:172 > > The command to reproduce most reliably was: > > qemu-system-i386 -usb -device usb-net,vlan=0 -net tap,vlan=0 > > This wasn't strictly a problem with tap. Other > networking endpoints (vde, user) could trigger > this problem as well. added to usb queue. thanks, Gerd
Re: [Qemu-devel] [PATCH] vmdk: Fix overflow if l1_size is 0x20000000
On Tue, May 05, 2015 at 05:28:13PM +0800, Fam Zheng wrote:
> Richard Jones caught this bug with afl fuzzer.
>
> In fact, that's the only possible value to overflow (extent->l1_size =
> 0x2000) l1_size:
>
> l1_size = extent->l1_size * sizeof(long) => 0x8000;
>
> g_try_malloc returns NULL because l1_size is interpreted as negative
> during type casting from 'int' to 'gsize', which yields a enormous
> value. Hence, by coincidence, we get a "not too bad" behavior:
>
> qemu-img: Could not open '/tmp/afl6.img': Could not open
> '/tmp/afl6.img': Cannot allocate memory
>
> Values larger than 0x2000 will be refused by the validation in
> vmdk_add_extent.
>
> Values smaller than 0x2000 will not overflow l1_size.
>
> Reported-by: Richard W.M. Jones
> Signed-off-by: Fam Zheng
ACK, and:
Tested-by: Richard W.M. Jones
Rich.
> block/vmdk.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/block/vmdk.c b/block/vmdk.c
> index 1c5e2ef..e095156 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -451,7 +451,8 @@ static int vmdk_init_tables(BlockDriverState *bs,
> VmdkExtent *extent,
> Error **errp)
> {
> int ret;
> -int l1_size, i;
> +size_t l1_size;
> +int i;
>
> /* read the L1 table */
> l1_size = extent->l1_size * sizeof(uint32_t);
> --
> 1.9.3
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
[Qemu-devel] [PATCH 1/2] Revert "xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set"
This makes xhci generate multiple short packet events in case of
multi-trb transfers. Which is wrong. We need to fix this in a
different way.
This reverts commit aa6857891df614c620e6e9fc4bc4af6e0e49cafd.
---
hw/usb/hcd-xhci.c | 15 +++
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 2af3dd6..39aacf7 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1767,18 +1767,9 @@ static void xhci_xfer_report(XHCITransfer *xfer)
break;
}
-/*
- * XHCI 1.1, 4.11.3.1 Transfer Event TRB -- "each Transfer TRB
- * encountered with its IOC flag set to '1' shall generate a Transfer
- * Event."
- *
- * Otherwise, longer transfers can have multiple data TRBs (for scatter
- * gather). Short transfers and errors should be reported once per
- * transfer only.
- */
-if ((trb->control & TRB_TR_IOC) ||
-(!reported && ((shortpkt && (trb->control & TRB_TR_ISP)) ||
- (xfer->status != CC_SUCCESS && left == 0 {
+if (!reported && ((trb->control & TRB_TR_IOC) ||
+ (shortpkt && (trb->control & TRB_TR_ISP)) ||
+ (xfer->status != CC_SUCCESS && left == 0))) {
event.slotid = xfer->slotid;
event.epid = xfer->epid;
event.length = (trb->status & 0x1) - chunk;
--
1.8.3.1
[Qemu-devel] [PATCH 0/2] xhci: fix control transfer event reporting
Hi, Laszlos fix unfortunaly had unwanted side effects, so we have to take a different approach to fix the issue at hand. please review, Gerd Gerd Hoffmann (2): Revert "xhci: generate a Transfer Event for each Transfer TRB with the IOC bit set" xhci: fix events for setup trb. hw/usb/hcd-xhci.c | 23 +++ 1 file changed, 11 insertions(+), 12 deletions(-) -- 1.8.3.1
Re: [Qemu-devel] [PATCH] parallel: Allow to disable CONFIG_PARALLEL
On Tue, 5 May 2015 11:30:49 +0200 mreza...@redhat.com wrote: > From: Miroslav Rezanina > > Disabling CONFIG_PARALLEL cause build failure as commit 07dc788 factored > out initialization to parallel_hds_isa_init that is not build. > > Make calling parallel_hds_isa_init depending on CONFIG_PARALLEL so it can > be correctly disabled. > > Signed-off-by: Miroslav Rezanina > --- > hw/i386/pc.c| 2 ++ > hw/mips/mips_fulong2e.c | 2 ++ > hw/mips/mips_malta.c| 2 ++ > hw/sparc64/sun4u.c | 2 ++ > 4 files changed, 8 insertions(+) > > diff --git a/hw/i386/pc.c b/hw/i386/pc.c > index a8e6be1..560464e 100644 > --- a/hw/i386/pc.c > +++ b/hw/i386/pc.c > @@ -1465,7 +1465,9 @@ void pc_basic_device_init(ISABus *isa_bus, qemu_irq > *gsi, > } > > serial_hds_isa_init(isa_bus, MAX_SERIAL_PORTS); > +#ifdef CONFIG_PARALLEL > parallel_hds_isa_init(isa_bus, MAX_PARALLEL_PORTS); > +#endif Not sure, but is this pre-processor macro really defined if CONFIG_PARALLEL has been set in the makefile? I've hit some similar problem in the past and I had to discover that only the CONFIG_* options from config-host.mak get translated into #defines, all the others don't get translated. I might be wrong, but just to be sure, could you please double-check that CONFIG_PARALLEL is #defined if it's enabled in the .mak file? If not: Where does the build break exactly? Does it fail for all three types, i386, mips and sun? Thomas
[Qemu-devel] [PATCH 2/2] xhci: fix events for setup trb.
When we find a IOC bit set on a setup trb and therefore queue an event,
that should not stop events being generated for following data trbs.
So clear the 'reported' flag.
Signed-off-by: Gerd Hoffmann
---
hw/usb/hcd-xhci.c | 8
1 file changed, 8 insertions(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 39aacf7..927dc36 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1793,6 +1793,14 @@ static void xhci_xfer_report(XHCITransfer *xfer)
return;
}
}
+
+switch (TRB_TYPE(*trb)) {
+case TR_SETUP:
+reported = 0;
+shortpkt = 0;
+break;
+}
+
}
}
--
1.8.3.1
Re: [Qemu-devel] [PATCH 2/6] input: remove unused mouse_handlers list
On Mo, 2015-04-27 at 12:45 -0400, Emilio G. Cota wrote: > Signed-off-by: Emilio G. Cota Reviewed-by: Gerd Hoffmann
Re: [Qemu-devel] [PATCH 2/3] xhci: remove unused code
Hi, > > So, I think if we were to drop this assignment, we should > > remove the initializer too. But before doing this, I think > > we should try to remember _why_ this assignment is here in > > the first place. The code looks like after the loop, this > > ep variable was supposed to be used for something. Or is > > it just a leftover from 518ad5f2a075 (Cc'ing the author)? > > > I can't agree with you more. :) Yes, certainly looks like a 518ad5f2a075 leftover. Should be ok to cleanup. cheers, Gerd
Re: [Qemu-devel] [RFC PATCH 01/15] pci: allow cleanup/unregistration of PCI buses
On Wed, Apr 29, 2015 at 02:20:10PM -0500, Michael Roth wrote: > This adds cleanup counterparts to pci_register_bus(), > pci_bus_new(), and pci_bus_irqs(). > > These cleanup routines are needed in the case of hotpluggable > PCIHostBridge implementations. Currently we can rely on the > object_unparent()'ing of the PCIHostState recursively unparenting > and cleaning up it's child buses, but we need explicit calls > to also: > > 1) remove the PCIHostState from pci_host_bridges global list. > otherwise, we risk accessing freed memory when we access > the list later > 2) clean up memory allocated in pci_bus_irqs() > > Both are handled outside the context of any particular bus or > host bridge's init/realize functions, making it difficult to > avoid the need for explicit cleanup functions without remodeling > how PCIHostBridges are created. So keep it simple and just add > them for now. > > Cc: Michael S. Tsirkin > Cc: Paolo Bonzini > Signed-off-by: Michael Roth Reviewed-by: David Gibson As with Bharata's cpu and memory hotplug series, you may want to split out those patches which are reasonable cleanups regardless of exactly what happens with the hotplug code itself. -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgpAjgcHZFqMz.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH 04/15] spapr_iommu: pass object ownership to parent/owner
On Wed, Apr 29, 2015 at 02:20:13PM -0500, Michael Roth wrote: > DRC objects attach themselves to an owner as a child ^^^ Copy and paste error in the commit message. > property. unref afterward to allow them to be finalized > when their owner is finalized. > > Signed-off-by: Michael Roth But otherwise, Reviewed-by: David Gibson > --- > hw/ppc/spapr_iommu.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/hw/ppc/spapr_iommu.c b/hw/ppc/spapr_iommu.c > index a14cdc4..79e998b 100644 > --- a/hw/ppc/spapr_iommu.c > +++ b/hw/ppc/spapr_iommu.c > @@ -182,6 +182,7 @@ sPAPRTCETable *spapr_tce_new_table(DeviceState *owner, > uint32_t liobn, > > snprintf(tmp, sizeof(tmp), "tce-table-%x", liobn); > object_property_add_child(OBJECT(owner), tmp, OBJECT(tcet), NULL); > +object_unref(OBJECT(tcet)); > > object_property_set_bool(OBJECT(tcet), true, "realized", NULL); > -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgpaO4okJgcgX.pgp Description: PGP signature
Re: [Qemu-devel] [RFC PATCH 03/15] spapr_drc: pass object ownership to parent/owner
On Wed, Apr 29, 2015 at 02:20:12PM -0500, Michael Roth wrote: > DRC objects attach themselves to an owner as a child > property. unref afterward to allow them to be finalized > when their owner is finalized. > > Signed-off-by: Michael Roth Reviewed-by: David Gibson > --- > hw/ppc/spapr_drc.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c > index 48bf193..396a03b 100644 > --- a/hw/ppc/spapr_drc.c > +++ b/hw/ppc/spapr_drc.c > @@ -456,6 +456,7 @@ sPAPRDRConnector *spapr_dr_connector_new(Object *owner, > drc->id = id; > drc->owner = owner; > object_property_add_child(owner, "dr-connector[*]", OBJECT(drc), NULL); > +object_unref(OBJECT(drc)); > object_property_set_bool(OBJECT(drc), true, "realized", NULL); > > /* human-readable name for a DRC to encode into the DT -- David Gibson| I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson pgpm2yhgJFxuE.pgp Description: PGP signature
Re: [Qemu-devel] [PATCH v5 0/4] configure: clang 3.5.0 build fixes
On Wed, Mar 25, 2015 at 06:57:35PM -0400, John Snow wrote: > QEMU does not compile cleanly under clang 3.5.0. These patches eliminate the > avalanche of warnings and make the build usable. > > The result is that you *should* be able to use clang 3.5.0 *with* ccache and > -Werror and produce all targets. > > Regrettably, this is v5 because I overlooked deleting "--keep-tmpc" in the > previous version. Sorry mom, I let the homestead down. We'll be eating dirt > this winter. I can always go to the city for work, please don't cry. > > v4: > - Enable ccache workaround for configurations without -Werror, > to suppress warnings as well. > - Removed optimization from cc_has_warning_flag() > - Renamed ccache variable to ccache_cpp2 > > John Snow (3): > configure: factor out supported flag check > configure: silence glib unknown attribute __alloc_size__ > configure: Add workaround for ccache and clang > > Stefan Hajnoczi (1): > configure: handle clang -nopie argument warning > > configure | 81 > ++- > 1 file changed, 65 insertions(+), 16 deletions(-) Thanks, applied to my block tree: https://github.com/stefanha/qemu/commits/block Stefan pgpS0XhRPYS0W.pgp Description: PGP signature
Re: [Qemu-devel] Fwd: qemu drive mirror assert fault
On 05/05/2015 09:36, Fam Zheng wrote: > Since the gdb output is suggesting 1.5.3, it's worth to trying 2.3 which has > this: > > commit c4237dfa635900e4d1cdc6038d5efe3507f45f0c > Author: Vladimir Sementsov-Ogievskiy > Date: Thu Nov 27 12:40:46 2014 +0300 > > block: fix spoiling all dirty bitmaps by mirror and migration > > Mirror and migration use dirty bitmaps for their purposes, and since > commit [block: per caller dirty bitmap] they use their own bitmaps, > not > the global one. But they use old functions bdrv_set_dirty and > bdrv_reset_dirty, which change all dirty bitmaps. > > Named dirty bitmaps series by Fam and Snow are affected: mirroring and > migration will spoil all (not related to this mirroring or migration) > named dirty bitmaps. > > This patch fixes this by adding bdrv_set_dirty_bitmap and > bdrv_reset_dirty_bitmap, which change concrete bitmap. Also, to > prevent > such mistakes in future, old functions bdrv_(set,reset)_dirty are made > static, for internal block usage. > > Signed-off-by: Vladimir Sementsov-Ogievskiy > CC: John Snow > CC: Fam Zheng > CC: Denis V. Lunev > CC: Stefan Hajnoczi > CC: Kevin Wolf > Reviewed-by: John Snow > Reviewed-by: Fam Zheng > Message-id: 1417081246-3593-1-git-send-email-vsement...@parallels.com > Signed-off-by: Max Reitz I don't think this commit is relevant. The bug is caused by bdrv_co_discard clearing the bitmap (which is not supported during iteration, and is caught by the assertion). That bdrv_reset_dirty is not removed by the commit you pointed out. Paolo
[Qemu-devel] [RFC PATCH v12 00/21] Deterministic replay core
This set of patches is related to the reverse execution and deterministic replay of qemu execution. This implementation of deterministic replay can be used for deterministic debugging of guest code through gdb remote interface. Core set of patches does not include support for reverse debugging commands of gdb, block devices' operations, USB replay support. These patches include only core function of the replay, excluding the support for replaying serial, audio, network, and USB devices' operations. Reverse debugging and monitor commands were also excluded to be submitted later as separate patches. Execution recording writes non-deterministic events log, which can be later used for replaying the execution anywhere and for unlimited number of times. It also supports checkpointing for faster rewinding during reverse debugging. Execution replaying reads the log and replays all non-deterministic events including external input, hardware clocks, and interrupts. Full version of deterministic replay has the following features: * Deterministically replays whole system execution and all contents of the memory, state of the hadrware devices, clocks, and screen of the VM. * Writes execution log into the file for latter replaying for multiple times on different machines. * Supports i386, x86_64, and ARM hardware platforms. * Performs deterministic replay of all operations with keyboard and mouse input devices. * Supports auto-checkpointing for convenient reverse debugging. Usage of the record/replay core: * First, record the execution, by adding the following string to the command line: '-icount shift=7,rr=record,rrfile=replay.bin -net none'. Block devices' images are not actually changed in the recording mode, because all of the changes are written to the temporary overlay file. * Then you can replay it for the multiple times by using another command line option: '-icount shift=7,rr=replay,rrfile=replay.bin -net none' * '-net none' option should also be specified if network replay patches are not applied. * Do not add any disk images to VM, because they are not supported by the core patches. Paper with short description of deterministic replay implementation: http://www.computer.org/csdl/proceedings/csmr/2012/4666/00/4666a553-abs.html Modifications of qemu include: * wrappers for clock and time functions to save their return values in the log * saving different asynchronous events (e.g. system shutdown) into the log * synchronization of the threads from thread pool * recording/replaying user input (mouse and keyboard) * adding internal events for cpu and io synchronization v12 changes: * Removed block patches from the core patches set. v11 changes: * Fixed instructions event processing. * Added some mutex protection calls for replay. * Fixed replaying read operations for qcow2. * Fixed rtc reads on initializations stage. * Eliminated some warnings in replay module. * Fixed misprints in documentation for replay (as suggested by Eric Blake) v10 changes: * Fixed queue processing for bottom halves (as suggested by Paolo Bonzini) * Rewritten several replay functions (as suggested by Paolo Bonzini) * Some minor fixes. v9 changes: * Replaced fwrite/fread with putc/getc (as suggested by Paolo Bonzini) * Stopping virtual machine in case of replay file end (as suggested by Paolo Bonzini) * Removed one of the replay mutexes (as suggested by Paolo Bonzini) * Fixed RCU queue for bottom halves (as suggested by Paolo Bonzini) * Updated command line options' names (as suggested by Paolo Bonzini) * Added design document for record/replay (as suggested by Paolo Bonzini) * Simplified checkpoints for the timers * Added cloning InputEvent objects for replay (as suggested by Paolo Bonzini) * Added replay blockers instead of checking the command line (as suggested by Paolo Bonzini) * Some functions renaming and extracting. v8 changes: * Simplified processing of the shutdown event (as suggested by Paolo Bonzini) * Replaced stack of bottom halves in AIO context with QSIMPLEQ (as suggested by Paolo Bonzini) * Moved replay_submode out of the series (as suggested by Paolo Bonzini) * Moved suffix option out of the series * Converted some of the defines into enums (as suggested by Paolo Bonzini) * Encapsulated save_tm/read_tm calls into the single function (as suggested by Paolo Bonzini) * Moved record/replay options to icount group (as suggested by Paolo Bonzini) * Updated mutex protection for the events queue (as suggested by Paolo Bonzini) * Added mutex to protect replay log file (as suggested by Paolo Bonzini) * Minor cleanups v7 changes: * Removed patches that were applied to upstream. v6 changes: * Fixed replay stub return value (as suggested by Eric Blake) * Fixed icount warping. * Virtual rt clock now uses cpu_get_clock() (as suggested by Paolo Bonzini) * Replated get_clock_realtime and get_clock calls with qemu clock requests (as sugg
[Qemu-devel] [RFC PATCH v12 05/21] replay: introduce mutex to protect the replay log
This mutex will protect read/write operations for replay log.
Using mutex is necessary because most of the events consist of
several fields stored in the log. The mutex will help to avoid races.
Reviewed-by: Paolo Bonzini
Signed-off-by: Pavel Dovgalyuk
---
replay/replay-internal.c | 27 +++
replay/replay-internal.h |7 +++
2 files changed, 34 insertions(+), 0 deletions(-)
diff --git a/replay/replay-internal.c b/replay/replay-internal.c
index c2bbf5f..f7c03bc 100755
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@@ -15,6 +15,13 @@
unsigned int replay_data_kind = -1;
static unsigned int replay_has_unread_data;
+/* Mutex to protect reading and writing events to the log.
+ replay_data_kind and replay_has_unread_data are also protected
+ by this mutex.
+ It also protects replay events queue which stores events to be
+ written or read to the log. */
+static QemuMutex lock;
+
/* File for replay writing */
FILE *replay_file;
@@ -147,3 +154,23 @@ void replay_finish_event(void)
replay_has_unread_data = 0;
replay_fetch_data_kind();
}
+
+void replay_mutex_init(void)
+{
+qemu_mutex_init(&lock);
+}
+
+void replay_mutex_destroy(void)
+{
+qemu_mutex_destroy(&lock);
+}
+
+void replay_mutex_lock(void)
+{
+qemu_mutex_lock(&lock);
+}
+
+void replay_mutex_unlock(void)
+{
+qemu_mutex_unlock(&lock);
+}
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index 17600de..8a0de0d 100755
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -33,6 +33,13 @@ int64_t replay_get_qword(void);
void replay_get_array(uint8_t *buf, size_t *size);
void replay_get_array_alloc(uint8_t **buf, size_t *size);
+/* Mutex functions for protecting replay log file */
+
+void replay_mutex_init(void);
+void replay_mutex_destroy(void);
+void replay_mutex_lock(void);
+void replay_mutex_unlock(void);
+
/*! Checks error status of the file. */
void replay_check_error(void);
[Qemu-devel] [RFC PATCH v12 01/21] i386: partial revert of interrupt poll fix
Processing CPU_INTERRUPT_POLL requests in cpu_has_work functions
break the determinism of cpu_exec. This patch is required to make
interrupts processing deterministic.
Signed-off-by: Paolo Bonzini
Signed-off-by: Pavel Dovgalyuk
---
cpu-exec.c|6 ++
target-i386/cpu.c | 10 ++
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/cpu-exec.c b/cpu-exec.c
index 2ffeb6e..8f93df7 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -365,6 +365,12 @@ int cpu_exec(CPUArchState *env)
volatile bool have_tb_lock = false;
if (cpu->halted) {
+#ifdef TARGET_I386
+if (cpu->interrupt_request & CPU_INTERRUPT_POLL) {
+apic_poll_irq(x86_cpu->apic_state);
+cpu_reset_interrupt(cpu, CPU_INTERRUPT_POLL);
+}
+#endif
if (!cpu_has_work(cpu)) {
return EXCP_HALTED;
}
diff --git a/target-i386/cpu.c b/target-i386/cpu.c
index 03b33cf..cc69693 100644
--- a/target-i386/cpu.c
+++ b/target-i386/cpu.c
@@ -2974,14 +2974,8 @@ static bool x86_cpu_has_work(CPUState *cs)
X86CPU *cpu = X86_CPU(cs);
CPUX86State *env = &cpu->env;
-#if !defined(CONFIG_USER_ONLY)
-if (cs->interrupt_request & CPU_INTERRUPT_POLL) {
-apic_poll_irq(cpu->apic_state);
-cpu_reset_interrupt(cs, CPU_INTERRUPT_POLL);
-}
-#endif
-
-return ((cs->interrupt_request & CPU_INTERRUPT_HARD) &&
+return ((cs->interrupt_request & (CPU_INTERRUPT_HARD |
+ CPU_INTERRUPT_POLL)) &&
(env->eflags & IF_MASK)) ||
(cs->interrupt_request & (CPU_INTERRUPT_NMI |
CPU_INTERRUPT_INIT |
[Qemu-devel] [RFC PATCH v12 06/21] replay: introduce icount event
This patch adds icount event to the replay subsystem. This event corresponds
to execution of several instructions and used to synchronize input events
in the replay phase.
Reviewed-by: Paolo Bonzini
Signed-off-by: Pavel Dovgalyuk
---
replay/replay-internal.c | 24
replay/replay-internal.h | 21 +
replay/replay.c | 34 ++
replay/replay.h |7 +++
4 files changed, 86 insertions(+), 0 deletions(-)
diff --git a/replay/replay-internal.c b/replay/replay-internal.c
index f7c03bc..064ddf9 100755
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@@ -10,6 +10,7 @@
*/
#include "qemu-common.h"
+#include "replay.h"
#include "replay-internal.h"
unsigned int replay_data_kind = -1;
@@ -34,6 +35,7 @@ void replay_put_byte(uint8_t byte)
void replay_put_event(uint8_t event)
{
+assert(event < EVENT_COUNT);
replay_put_byte(event);
}
@@ -143,8 +145,15 @@ void replay_fetch_data_kind(void)
if (replay_file) {
if (!replay_has_unread_data) {
replay_data_kind = replay_get_byte();
+if (replay_data_kind == EVENT_INSTRUCTION) {
+replay_state.instructions_count = replay_get_dword();
+}
replay_check_error();
replay_has_unread_data = 1;
+if (replay_data_kind >= EVENT_COUNT) {
+error_report("Replay: unknown event kind %d",
replay_data_kind);
+exit(1);
+}
}
}
}
@@ -174,3 +183,18 @@ void replay_mutex_unlock(void)
{
qemu_mutex_unlock(&lock);
}
+
+/*! Saves cached instructions. */
+void replay_save_instructions(void)
+{
+if (replay_file && replay_mode == REPLAY_MODE_RECORD) {
+replay_mutex_lock();
+int diff = (int)(replay_get_current_step() -
replay_state.current_step);
+if (first_cpu != NULL && diff > 0) {
+replay_put_event(EVENT_INSTRUCTION);
+replay_put_dword(diff);
+replay_state.current_step += diff;
+}
+replay_mutex_unlock();
+}
+}
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index 8a0de0d..acae7ac 100755
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -14,6 +14,20 @@
#include
+enum ReplayEvents {
+/* for instruction event */
+EVENT_INSTRUCTION,
+EVENT_COUNT
+};
+
+typedef struct ReplayState {
+/*! Current step - number of processed instructions and timer events. */
+uint64_t current_step;
+/*! Number of instructions to be executed before other events happen. */
+int instructions_count;
+} ReplayState;
+extern ReplayState replay_state;
+
extern unsigned int replay_data_kind;
/* File for replay writing */
@@ -50,4 +64,11 @@ void replay_finish_event(void);
replay_data_kind variable. */
void replay_fetch_data_kind(void);
+/*! Saves queued events (like instructions and sound). */
+void replay_save_instructions(void);
+
+/*! Skips async events until some sync event will be found.
+\return true, if event was found */
+bool replay_next_event_is(int event);
+
#endif
diff --git a/replay/replay.c b/replay/replay.c
index 5ce066f..43798e1 100755
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -9,6 +9,40 @@
*
*/
+#include "qemu-common.h"
#include "replay.h"
+#include "replay-internal.h"
+#include "qemu/timer.h"
ReplayMode replay_mode = REPLAY_MODE_NONE;
+
+ReplayState replay_state;
+
+bool replay_next_event_is(int event)
+{
+bool res = false;
+
+/* nothing to skip - not all instructions used */
+if (replay_state.instructions_count != 0) {
+assert(replay_data_kind == EVENT_INSTRUCTION);
+return event == EVENT_INSTRUCTION;
+}
+
+while (true) {
+replay_fetch_data_kind();
+if (event == replay_data_kind) {
+res = true;
+}
+switch (replay_data_kind) {
+default:
+/* clock, time_t, checkpoint and other events */
+return res;
+}
+}
+return res;
+}
+
+uint64_t replay_get_current_step(void)
+{
+return cpu_get_icount_raw();
+}
diff --git a/replay/replay.h b/replay/replay.h
index d6b73c3..a03c748 100755
--- a/replay/replay.h
+++ b/replay/replay.h
@@ -12,8 +12,15 @@
*
*/
+#include
+#include
#include "qapi-types.h"
extern ReplayMode replay_mode;
+/* Processing the instructions */
+
+/*! Returns number of executed instructions. */
+uint64_t replay_get_current_step(void);
+
#endif
[Qemu-devel] [RFC PATCH v12 02/21] replay: global variables and function stubs
This patch adds global variables, defines, function declarations, and function stubs for deterministic VM replay used by external modules. Reviewed-by: Paolo Bonzini Reviewed-by: Eric Blake Signed-off-by: Pavel Dovgalyuk --- Makefile.target |1 docs/replay.txt | 167 ++ qapi-schema.json | 18 + replay/Makefile.objs |1 replay/replay.c | 14 replay/replay.h | 19 ++ stubs/Makefile.objs |1 stubs/replay.c |3 + 8 files changed, 224 insertions(+), 0 deletions(-) create mode 100755 docs/replay.txt create mode 100755 replay/Makefile.objs create mode 100755 replay/replay.c create mode 100755 replay/replay.h create mode 100755 stubs/replay.c diff --git a/Makefile.target b/Makefile.target index 2262d89..d7e922a 100644 --- a/Makefile.target +++ b/Makefile.target @@ -84,6 +84,7 @@ all: $(PROGS) stap # cpu emulator library obj-y = exec.o translate-all.o cpu-exec.o obj-y += tcg/tcg.o tcg/tcg-op.o tcg/optimize.o +obj-y += replay/ obj-$(CONFIG_TCG_INTERPRETER) += tci.o obj-$(CONFIG_TCG_INTERPRETER) += disas/tci.o obj-y += fpu/softfloat.o diff --git a/docs/replay.txt b/docs/replay.txt new file mode 100755 index 000..faaade5 --- /dev/null +++ b/docs/replay.txt @@ -0,0 +1,167 @@ +Copyright (c) 2010-2015 Institute for System Programming +of the Russian Academy of Sciences. + +This work is licensed under the terms of the GNU GPL, version 2 or later. +See the COPYING file in the top-level directory. + +Record/replay +- + +Record/replay functions are used for the reverse execution and deterministic +replay of qemu execution. This implementation of deterministic replay can +be used for deterministic debugging of guest code through a gdb remote +interface. + +Execution recording writes a non-deterministic events log, which can be later +used for replaying the execution anywhere and for unlimited number of times. +It also supports checkpointing for faster rewinding during reverse debugging. +Execution replaying reads the log and replays all non-deterministic events +including external input, hardware clocks, and interrupts. + +Deterministic replay has the following features: + * Deterministically replays whole system execution and all contents of + the memory, state of the hardware devices, clocks, and screen of the VM. + * Writes execution log into the file for later replaying for multiple times + on different machines. + * Supports i386, x86_64, and ARM hardware platforms. + * Performs deterministic replay of all operations with keyboard and mouse + input devices. + +Usage of the record/replay: + * First, record the execution, by adding the following arguments to the command line: + '-icount shift=7,rr=record,rrfile=replay.bin -net none'. + Block devices' images are not actually changed in the recording mode, + because all of the changes are written to the temporary overlay file. + * Then you can replay it by using another command + line option: '-icount shift=7,rr=replay,rrfile=replay.bin -net none' + * '-net none' option should also be specified if network replay patches + are not applied. + +Paper with short description of deterministic replay implementation: +http://www.computer.org/csdl/proceedings/csmr/2012/4666/00/4666a553-abs.html + +Modifications of qemu include: + * wrappers for clock and time functions to save their return values in the log + * saving different asynchronous events (e.g. system shutdown) into the log + * synchronization of the bottom halves execution + * synchronization of the threads from thread pool + * recording/replaying user input (mouse and keyboard) + * adding internal checkpoints for cpu and io synchronization + +Non-deterministic events + + +Our record/replay system is based on saving and replaying non-deterministic +events (e.g. keyboard input) and simulating deterministic ones (e.g. reading +from HDD or memory of the VM). Saving only non-deterministic events makes +log file smaller, simulation faster, and allows using reverse debugging even +for realtime applications. + +The following non-deterministic data from peripheral devices is saved into +the log: mouse and keyboard input, network packets, audio controller input, +USB packets, serial port input, and hardware clocks (they are non-deterministic +too, because their values are taken from the host machine). Inputs from +simulated hardware, memory of VM, software interrupts, and execution of +instructions are not saved into the log, because they are deterministic and +can be replayed by simulating the behavior of virtual machine starting from +initial state. + +We had to solve three tasks to implement deterministic replay: recording +non-deterministic events, replaying non-deterministic events, and checking +that there is no divergence between record and replay modes. + +We changed several parts of QEM
[Qemu-devel] [RFC PATCH v12 03/21] sysemu: system functions for replay
This patch removes "static" specifier from several qemu function to make
them visible to the replay module. It also invents several system functions
that will be used by replay.
Reviewed-by: Paolo Bonzini
Signed-off-by: Pavel Dovgalyuk
---
cpus.c |2 +-
include/exec/exec-all.h |1 +
include/qom/cpu.h | 10 ++
include/sysemu/cpus.h |1 +
translate-all.c |8
5 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/cpus.c b/cpus.c
index e6dcae3..d566f66 100644
--- a/cpus.c
+++ b/cpus.c
@@ -88,7 +88,7 @@ static bool cpu_thread_is_idle(CPUState *cpu)
return true;
}
-static bool all_cpu_threads_idle(void)
+bool all_cpu_threads_idle(void)
{
CPUState *cpu;
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index 054a42c..e7c3328 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -216,6 +216,7 @@ static inline unsigned int tb_phys_hash_func(tb_page_addr_t
pc)
void tb_free(TranslationBlock *tb);
void tb_flush(CPUArchState *env);
+void tb_flush_all(void);
void tb_phys_invalidate(TranslationBlock *tb, tb_page_addr_t page_addr);
#if defined(USE_DIRECT_JUMP)
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index f342654..fff2e0a 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -493,6 +493,16 @@ static inline bool cpu_has_work(CPUState *cpu)
bool qemu_cpu_is_self(CPUState *cpu);
/**
+ * qemu_in_vcpu_thread:
+ *
+ * Checks whether the caller is executing on the vCPU thread
+ * of the current vCPU.
+ *
+ * Returns: %true if called from vCPU's thread, %false otherwise.
+ */
+bool qemu_in_vcpu_thread(void);
+
+/**
* qemu_cpu_kick:
* @cpu: The vCPU to kick.
*
diff --git a/include/sysemu/cpus.h b/include/sysemu/cpus.h
index 3f162a9..86ae556 100644
--- a/include/sysemu/cpus.h
+++ b/include/sysemu/cpus.h
@@ -6,6 +6,7 @@ void qemu_init_cpu_loop(void);
void resume_all_vcpus(void);
void pause_all_vcpus(void);
void cpu_stop_current(void);
+bool all_cpu_threads_idle(void);
void cpu_synchronize_all_states(void);
void cpu_synchronize_all_post_reset(void);
diff --git a/translate-all.c b/translate-all.c
index 11763c6..1e02ae5 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -812,6 +812,14 @@ void tb_flush(CPUArchState *env1)
tcg_ctx.tb_ctx.tb_flush_count++;
}
+void tb_flush_all(void)
+{
+CPUState *cpu;
+for (cpu = first_cpu ; cpu != NULL ; cpu = CPU_NEXT(cpu)) {
+tb_flush(cpu->env_ptr);
+}
+}
+
#ifdef DEBUG_TB_CHECK
static void tb_invalidate_check(target_ulong address)
[Qemu-devel] [RFC PATCH v12 14/21] replay: checkpoints
This patch introduces checkpoints that synchronize cpu thread and iothread.
When checkpoint is met in the code all asynchronous events from the queue
are executed.
Signed-off-by: Pavel Dovgalyuk
---
cpus.c |5 +
main-loop.c |6 ++
qemu-timer.c | 38 ++
replay/replay-internal.h |4
replay/replay.c | 34 ++
replay/replay.h | 19 +++
stubs/replay.c | 11 +++
vl.c | 13 -
8 files changed, 125 insertions(+), 5 deletions(-)
diff --git a/cpus.c b/cpus.c
index 3f33e0c..f6e0c44 100644
--- a/cpus.c
+++ b/cpus.c
@@ -395,6 +395,11 @@ void qemu_clock_warp(QEMUClockType type)
return;
}
+/* warp clock deterministically in record/replay mode */
+if (!replay_checkpoint(CHECKPOINT_CLOCK_WARP)) {
+return;
+}
+
/*
* If the CPUs have been sleeping, advance QEMU_CLOCK_VIRTUAL timer now.
* This ensures that the deadline for the timer is computed correctly
below.
diff --git a/main-loop.c b/main-loop.c
index 981bcb5..06aad06 100644
--- a/main-loop.c
+++ b/main-loop.c
@@ -29,6 +29,7 @@
#include "slirp/libslirp.h"
#include "qemu/main-loop.h"
#include "block/aio.h"
+#include "replay/replay.h"
#ifndef _WIN32
@@ -497,6 +498,11 @@ int main_loop_wait(int nonblocking)
slirp_pollfds_poll(gpollfds, (ret < 0));
#endif
+/* CPU thread can infinitely wait for event after
+ missing the warp */
+if (replay_mode == REPLAY_MODE_PLAY) {
+qemu_clock_warp(QEMU_CLOCK_VIRTUAL);
+}
qemu_clock_run_all_timers();
return ret;
diff --git a/qemu-timer.c b/qemu-timer.c
index d605afd..37d9098 100644
--- a/qemu-timer.c
+++ b/qemu-timer.c
@@ -478,10 +478,33 @@ bool timerlist_run_timers(QEMUTimerList *timer_list)
void *opaque;
qemu_event_reset(&timer_list->timers_done_ev);
-if (!timer_list->clock->enabled) {
+if (!timer_list->clock->enabled || !timer_list->active_timers) {
goto out;
}
+switch (timer_list->clock->type) {
+case QEMU_CLOCK_REALTIME:
+break;
+default:
+case QEMU_CLOCK_VIRTUAL:
+if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
+|| !replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL)) {
+goto out;
+}
+break;
+case QEMU_CLOCK_HOST:
+if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
+|| !replay_checkpoint(CHECKPOINT_CLOCK_HOST)) {
+goto out;
+}
+case QEMU_CLOCK_VIRTUAL_RT:
+if ((replay_mode != REPLAY_MODE_NONE && !runstate_is_running())
+|| !replay_checkpoint(CHECKPOINT_CLOCK_VIRTUAL_RT)) {
+goto out;
+}
+break;
+}
+
current_time = qemu_clock_get_ns(timer_list->clock->type);
for(;;) {
qemu_mutex_lock(&timer_list->active_timers_lock);
@@ -545,11 +568,18 @@ int64_t timerlistgroup_deadline_ns(QEMUTimerListGroup
*tlg)
{
int64_t deadline = -1;
QEMUClockType type;
+bool play = replay_mode == REPLAY_MODE_PLAY;
for (type = 0; type < QEMU_CLOCK_MAX; type++) {
if (qemu_clock_use_for_deadline(tlg->tl[type]->clock->type)) {
-deadline = qemu_soonest_timeout(deadline,
-timerlist_deadline_ns(
-tlg->tl[type]));
+if (!play || tlg->tl[type]->clock->type == QEMU_CLOCK_REALTIME) {
+deadline = qemu_soonest_timeout(deadline,
+timerlist_deadline_ns(
+tlg->tl[type]));
+} else {
+/* Read clock from the replay file and
+ do not calculate the deadline, based on virtual clock. */
+qemu_clock_get_ns(tlg->tl[type]->clock->type);
+}
}
}
return deadline;
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index 92d4749..f758371 100755
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -29,6 +29,10 @@ enum ReplayEvents {
/* some of grteater codes are reserved for clocks */
EVENT_CLOCK,
EVENT_CLOCK_LAST = EVENT_CLOCK + REPLAY_CLOCK_COUNT - 1,
+/* for checkpoint event */
+/* some of grteater codes are reserved for checkpoints */
+EVENT_CHECKPOINT,
+EVENT_CHECKPOINT_LAST = EVENT_CHECKPOINT + CHECKPOINT_COUNT - 1,
EVENT_COUNT
};
diff --git a/replay/replay.c b/replay/replay.c
index 5c3a8c9..e5c61c4 100755
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -158,3 +158,37 @@ void replay_shutdown_request(void)
replay_mutex_unlock();
}
}
+
+bool replay_checkpoint(ReplayCheckpoint checkpoint)
+{
+bool res = false;
+assert(EVENT_CHECKPOINT + checkpoint <= EVENT_CHECKPOINT_LAST);
+repla
[Qemu-devel] [RFC PATCH v12 09/21] i386: interrupt poll processing
This patch updates x86_cpu_exec_interrupt function.
It can process two interrupt request at a time (poll and another one).
This makes its execution non-deterministic. Determinism is requred
for recorded icount execution.
Signed-off-by: Pavel Dovgalyuk
---
target-i386/seg_helper.c |3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/target-i386/seg_helper.c b/target-i386/seg_helper.c
index 2bc757a..92a49b3 100644
--- a/target-i386/seg_helper.c
+++ b/target-i386/seg_helper.c
@@ -1294,6 +1294,9 @@ bool x86_cpu_exec_interrupt(CPUState *cs, int
interrupt_request)
if (interrupt_request & CPU_INTERRUPT_POLL) {
cs->interrupt_request &= ~CPU_INTERRUPT_POLL;
apic_poll_irq(cpu->apic_state);
+/* Don't process multiple interrupt requests in a single call.
+ This is required to make icount-driven execution deterministic. */
+return true;
}
#endif
if (interrupt_request & CPU_INTERRUPT_SIPI) {
[Qemu-devel] [RFC PATCH v12 07/21] cpu-exec: allow temporary disabling icount
This patch is required for deterministic replay to generate an exception
by trying executing an instruction without changing icount.
It adds new flag to TB for disabling icount while translating it.
Signed-off-by: Paolo Bonzini
Signed-off-by: Pavel Dovgalyuk
---
cpu-exec.c |7 ---
include/exec/exec-all.h |1 +
translate-all.c |2 +-
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/cpu-exec.c b/cpu-exec.c
index 8f93df7..f728b4c 100644
--- a/cpu-exec.c
+++ b/cpu-exec.c
@@ -227,7 +227,7 @@ static inline tcg_target_ulong cpu_tb_exec(CPUState *cpu,
uint8_t *tb_ptr)
/* Execute the code without caching the generated code. An interpreter
could be used if available. */
static void cpu_exec_nocache(CPUArchState *env, int max_cycles,
- TranslationBlock *orig_tb)
+ TranslationBlock *orig_tb, bool ignore_icount)
{
CPUState *cpu = ENV_GET_CPU(env);
TranslationBlock *tb;
@@ -243,7 +243,8 @@ static void cpu_exec_nocache(CPUArchState *env, int
max_cycles,
/* tb_gen_code can flush our orig_tb, invalidate it now */
tb_phys_invalidate(orig_tb, -1);
tb = tb_gen_code(cpu, pc, cs_base, flags,
- max_cycles | CF_NOCACHE);
+ max_cycles | CF_NOCACHE
+ | (ignore_icount ? CF_IGNORE_ICOUNT : 0));
cpu->current_tb = tb;
/* execute the generated code */
trace_exec_tb_nocache(tb, tb->pc);
@@ -548,7 +549,7 @@ int cpu_exec(CPUArchState *env)
if (insns_left > 0) {
/* Execute remaining instructions. */
tb = (TranslationBlock *)(next_tb &
~TB_EXIT_MASK);
-cpu_exec_nocache(env, insns_left, tb);
+cpu_exec_nocache(env, insns_left, tb, false);
align_clocks(&sc, cpu);
}
cpu->exception_index = EXCP_INTERRUPT;
diff --git a/include/exec/exec-all.h b/include/exec/exec-all.h
index e7c3328..e771762 100644
--- a/include/exec/exec-all.h
+++ b/include/exec/exec-all.h
@@ -150,6 +150,7 @@ struct TranslationBlock {
#define CF_LAST_IO 0x8000 /* Last insn may be an IO access. */
#define CF_NOCACHE 0x1 /* To be freed after execution */
#define CF_USE_ICOUNT 0x2
+#define CF_IGNORE_ICOUNT 0x4 /* Do not generate icount code */
void *tc_ptr;/* pointer to the translated code */
/* next matching tb for physical address. */
diff --git a/translate-all.c b/translate-all.c
index 1e02ae5..0957ce1 100644
--- a/translate-all.c
+++ b/translate-all.c
@@ -1053,7 +1053,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu,
int code_gen_size;
phys_pc = get_page_addr_code(env, pc);
-if (use_icount) {
+if (use_icount && !(cflags & CF_IGNORE_ICOUNT)) {
cflags |= CF_USE_ICOUNT;
}
tb = tb_alloc(pc);
[Qemu-devel] [RFC PATCH v12 04/21] replay: internal functions for replay log
This patch adds functions to perform read and write operations
with replay log.
Reviewed-by: Paolo Bonzini
Signed-off-by: Pavel Dovgalyuk
---
replay/Makefile.objs |1
replay/replay-internal.c | 149 ++
replay/replay-internal.h | 46 ++
3 files changed, 196 insertions(+), 0 deletions(-)
create mode 100755 replay/replay-internal.c
create mode 100755 replay/replay-internal.h
diff --git a/replay/Makefile.objs b/replay/Makefile.objs
index 7ea860f..1148f45 100755
--- a/replay/Makefile.objs
+++ b/replay/Makefile.objs
@@ -1 +1,2 @@
obj-y += replay.o
+obj-y += replay-internal.o
diff --git a/replay/replay-internal.c b/replay/replay-internal.c
new file mode 100755
index 000..c2bbf5f
--- /dev/null
+++ b/replay/replay-internal.c
@@ -0,0 +1,149 @@
+/*
+ * replay-internal.c
+ *
+ * Copyright (c) 2010-2015 Institute for System Programming
+ * of the Russian Academy of Sciences.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu-common.h"
+#include "replay-internal.h"
+
+unsigned int replay_data_kind = -1;
+static unsigned int replay_has_unread_data;
+
+/* File for replay writing */
+FILE *replay_file;
+
+void replay_put_byte(uint8_t byte)
+{
+if (replay_file) {
+putc(byte, replay_file);
+}
+}
+
+void replay_put_event(uint8_t event)
+{
+replay_put_byte(event);
+}
+
+
+void replay_put_word(uint16_t word)
+{
+replay_put_byte(word >> 8);
+replay_put_byte(word);
+}
+
+void replay_put_dword(uint32_t dword)
+{
+replay_put_word(dword >> 16);
+replay_put_word(dword);
+}
+
+void replay_put_qword(int64_t qword)
+{
+replay_put_dword(qword >> 32);
+replay_put_dword(qword);
+}
+
+void replay_put_array(const uint8_t *buf, size_t size)
+{
+if (replay_file) {
+replay_put_dword(size);
+fwrite(buf, 1, size, replay_file);
+}
+}
+
+uint8_t replay_get_byte(void)
+{
+uint8_t byte = 0;
+if (replay_file) {
+byte = getc(replay_file);
+}
+return byte;
+}
+
+uint16_t replay_get_word(void)
+{
+uint16_t word = 0;
+if (replay_file) {
+word = replay_get_byte();
+word = (word << 8) + replay_get_byte();
+}
+
+return word;
+}
+
+uint32_t replay_get_dword(void)
+{
+uint32_t dword = 0;
+if (replay_file) {
+dword = replay_get_word();
+dword = (dword << 16) + replay_get_word();
+}
+
+return dword;
+}
+
+int64_t replay_get_qword(void)
+{
+int64_t qword = 0;
+if (replay_file) {
+qword = replay_get_dword();
+qword = (qword << 32) + replay_get_dword();
+}
+
+return qword;
+}
+
+void replay_get_array(uint8_t *buf, size_t *size)
+{
+if (replay_file) {
+*size = replay_get_dword();
+fread(buf, 1, *size, replay_file);
+}
+}
+
+void replay_get_array_alloc(uint8_t **buf, size_t *size)
+{
+if (replay_file) {
+*size = replay_get_dword();
+*buf = g_malloc(*size);
+fread(*buf, 1, *size, replay_file);
+}
+}
+
+void replay_check_error(void)
+{
+if (replay_file) {
+if (feof(replay_file)) {
+error_report("replay file is over");
+qemu_system_vmstop_request_prepare();
+qemu_system_vmstop_request(RUN_STATE_PAUSED);
+} else if (ferror(replay_file)) {
+error_report("replay file is over or something goes wrong");
+qemu_system_vmstop_request_prepare();
+qemu_system_vmstop_request(RUN_STATE_INTERNAL_ERROR);
+}
+}
+}
+
+void replay_fetch_data_kind(void)
+{
+if (replay_file) {
+if (!replay_has_unread_data) {
+replay_data_kind = replay_get_byte();
+replay_check_error();
+replay_has_unread_data = 1;
+}
+}
+}
+
+void replay_finish_event(void)
+{
+replay_has_unread_data = 0;
+replay_fetch_data_kind();
+}
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
new file mode 100755
index 000..17600de
--- /dev/null
+++ b/replay/replay-internal.h
@@ -0,0 +1,46 @@
+#ifndef REPLAY_INTERNAL_H
+#define REPLAY_INTERNAL_H
+
+/*
+ * replay-internal.h
+ *
+ * Copyright (c) 2010-2015 Institute for System Programming
+ * of the Russian Academy of Sciences.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include
+
+extern unsigned int replay_data_kind;
+
+/* File for replay writing */
+extern FILE *replay_file;
+
+void replay_put_byte(uint8_t byte);
+void replay_put_event(uint8_t event);
+void replay_put_word(uint16_t word);
+void replay_put_dword(uint32_t dword);
+void replay_put_qword(int64_t qword);
+void replay_put_array(const uint8_t *buf, size_t size);
+
+uint8_t replay_get_byte(void);
+uint16_t replay_get_word(void);
+uint32_t replay_get_dword(v
[Qemu-devel] [RFC PATCH v12 15/21] aio: replace stack of bottom halves with queue
Bottom halves in AIO context are stored and removes
in LIFO order. It makes their execution non-deterministic.
This patch replaces the stack with queue to preserve the
order of bottom halves processing.
Signed-off-by: Pavel Dovgalyuk
---
async.c | 26 +++---
include/block/aio.h |4 ++--
include/qemu/queue.h | 18 ++
3 files changed, 31 insertions(+), 17 deletions(-)
diff --git a/async.c b/async.c
index 2b51e87..bd975c9 100644
--- a/async.c
+++ b/async.c
@@ -35,7 +35,7 @@ struct QEMUBH {
AioContext *ctx;
QEMUBHFunc *cb;
void *opaque;
-QEMUBH *next;
+QSIMPLEQ_ENTRY(QEMUBH) next;
bool scheduled;
bool idle;
bool deleted;
@@ -51,10 +51,7 @@ QEMUBH *aio_bh_new(AioContext *ctx, QEMUBHFunc *cb, void
*opaque)
.opaque = opaque,
};
qemu_mutex_lock(&ctx->bh_lock);
-bh->next = ctx->first_bh;
-/* Make sure that the members are ready before putting bh into list */
-smp_wmb();
-ctx->first_bh = bh;
+QSIMPLEQ_INSERT_TAIL_RCU(&ctx->bh_queue, bh, next);
qemu_mutex_unlock(&ctx->bh_lock);
return bh;
}
@@ -62,16 +59,15 @@ QEMUBH *aio_bh_new(AioContext *ctx, QEMUBHFunc *cb, void
*opaque)
/* Multiple occurrences of aio_bh_poll cannot be called concurrently */
int aio_bh_poll(AioContext *ctx)
{
-QEMUBH *bh, **bhp, *next;
+QEMUBH *bh, *next, *prev;
int ret;
ctx->walking_bh++;
ret = 0;
-for (bh = ctx->first_bh; bh; bh = next) {
+QSIMPLEQ_FOREACH(bh, &ctx->bh_queue, next) {
/* Make sure that fetching bh happens before accessing its members */
smp_read_barrier_depends();
-next = bh->next;
/* The atomic_xchg is paired with the one in qemu_bh_schedule. The
* implicit memory barrier ensures that the callback sees all writes
* done by the scheduling thread. It also ensures that the scheduling
@@ -91,14 +87,13 @@ int aio_bh_poll(AioContext *ctx)
/* remove deleted bhs */
if (!ctx->walking_bh) {
qemu_mutex_lock(&ctx->bh_lock);
-bhp = &ctx->first_bh;
-while (*bhp) {
-bh = *bhp;
+prev = NULL;
+QSIMPLEQ_FOREACH_SAFE(bh, &ctx->bh_queue, next, next) {
if (bh->deleted) {
-*bhp = bh->next;
+QSIMPLEQ_REMOVE_AFTER(&ctx->bh_queue, prev, QEMUBH, next);
g_free(bh);
} else {
-bhp = &bh->next;
+prev = bh;
}
}
qemu_mutex_unlock(&ctx->bh_lock);
@@ -157,7 +152,7 @@ aio_compute_timeout(AioContext *ctx)
int timeout = -1;
QEMUBH *bh;
-for (bh = ctx->first_bh; bh; bh = bh->next) {
+QSIMPLEQ_FOREACH(bh, &ctx->bh_queue, next) {
if (!bh->deleted && bh->scheduled) {
if (bh->idle) {
/* idle bottom halves will be polled at least
@@ -200,7 +195,7 @@ aio_ctx_check(GSource *source)
AioContext *ctx = (AioContext *) source;
QEMUBH *bh;
-for (bh = ctx->first_bh; bh; bh = bh->next) {
+QSIMPLEQ_FOREACH(bh, &ctx->bh_queue, next) {
if (!bh->deleted && bh->scheduled) {
return true;
}
@@ -307,6 +302,7 @@ AioContext *aio_context_new(Error **errp)
qemu_mutex_init(&ctx->bh_lock);
rfifolock_init(&ctx->lock, aio_rfifolock_cb, ctx);
timerlistgroup_init(&ctx->tlg, aio_timerlist_notify, ctx);
+QSIMPLEQ_INIT(&ctx->bh_queue);
return ctx;
}
diff --git a/include/block/aio.h b/include/block/aio.h
index 7d1e26b..82cdf78 100644
--- a/include/block/aio.h
+++ b/include/block/aio.h
@@ -71,8 +71,8 @@ struct AioContext {
/* lock to protect between bh's adders and deleter */
QemuMutex bh_lock;
-/* Anchor of the list of Bottom Halves belonging to the context */
-struct QEMUBH *first_bh;
+/* List of Bottom Halves belonging to the context */
+QSIMPLEQ_HEAD(, QEMUBH) bh_queue;
/* A simple lock used to protect the first_bh list, and ensure that
* no callbacks are removed while we're walking and dispatching callbacks.
diff --git a/include/qemu/queue.h b/include/qemu/queue.h
index f781aa2..99564bc 100644
--- a/include/qemu/queue.h
+++ b/include/qemu/queue.h
@@ -271,6 +271,13 @@ struct {
\
(head)->sqh_last = &(elm)->field.sqe_next; \
} while (/*CONSTCOND*/0)
+#define QSIMPLEQ_INSERT_TAIL_RCU(head, elm, field) do { \
+(elm)->field.sqe_next = NULL; \
+smp_wmb(); \
+atomic_rcu_set((head)->sqh_last, (elm));\
+(head)->sqh_last = &(elm)->field.sqe_next; \
+} while (/*CONSTCOND*/0)
+
#define QSIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \
if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\
[Qemu-devel] [RFC PATCH v12 21/21] replay: recording of the user input
This records user input (keyboard and mouse events) in record mode and replays
these input events in replay mode.
Signed-off-by: Pavel Dovgalyuk
---
include/ui/input.h |2 +
replay/Makefile.objs |1
replay/replay-events.c | 31 +
replay/replay-input.c| 159 ++
replay/replay-internal.h | 13
replay/replay.h |4 +
ui/input.c | 27 +---
7 files changed, 229 insertions(+), 8 deletions(-)
create mode 100755 replay/replay-input.c
diff --git a/include/ui/input.h b/include/ui/input.h
index 5d5ac00..d06a12d 100644
--- a/include/ui/input.h
+++ b/include/ui/input.h
@@ -33,7 +33,9 @@ void qemu_input_handler_bind(QemuInputHandlerState *s,
const char *device_id, int head,
Error **errp);
void qemu_input_event_send(QemuConsole *src, InputEvent *evt);
+void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt);
void qemu_input_event_sync(void);
+void qemu_input_event_sync_impl(void);
InputEvent *qemu_input_event_new_key(KeyValue *key, bool down);
void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down);
diff --git a/replay/Makefile.objs b/replay/Makefile.objs
index 257c320..3936296 100755
--- a/replay/Makefile.objs
+++ b/replay/Makefile.objs
@@ -2,3 +2,4 @@ obj-y += replay.o
obj-y += replay-internal.o
obj-y += replay-events.o
obj-y += replay-time.o
+obj-y += replay-input.o
diff --git a/replay/replay-events.c b/replay/replay-events.c
index ec15683..c2750ff 100755
--- a/replay/replay-events.c
+++ b/replay/replay-events.c
@@ -13,6 +13,7 @@
#include "qemu/error-report.h"
#include "replay.h"
#include "replay-internal.h"
+#include "ui/input.h"
typedef struct Event {
ReplayAsyncEventKind event_kind;
@@ -38,6 +39,13 @@ static void replay_run_event(Event *event)
case REPLAY_ASYNC_EVENT_BH:
aio_bh_call(event->opaque);
break;
+case REPLAY_ASYNC_EVENT_INPUT:
+qemu_input_event_send_impl(NULL, (InputEvent *)event->opaque);
+qapi_free_InputEvent((InputEvent *)event->opaque);
+break;
+case REPLAY_ASYNC_EVENT_INPUT_SYNC:
+qemu_input_event_sync_impl();
+break;
default:
error_report("Replay: invalid async event ID (%d) in the queue",
event->event_kind);
@@ -139,6 +147,9 @@ static void replay_save_event(Event *event, int checkpoint)
case REPLAY_ASYNC_EVENT_BH:
replay_put_qword(event->id);
break;
+case REPLAY_ASYNC_EVENT_INPUT:
+replay_save_input_event(event->opaque);
+break;
}
}
}
@@ -148,6 +159,16 @@ void replay_add_bh_event(void *bh, uint64_t id)
replay_add_event_internal(REPLAY_ASYNC_EVENT_BH, bh, NULL, id);
}
+void replay_add_input_event(struct InputEvent *event)
+{
+replay_add_event_internal(REPLAY_ASYNC_EVENT_INPUT, event, NULL, 0);
+}
+
+void replay_add_input_sync_event(void)
+{
+replay_add_event_internal(REPLAY_ASYNC_EVENT_INPUT_SYNC, NULL, NULL, 0);
+}
+
/* Called with replay mutex locked */
void replay_save_events(int checkpoint)
{
@@ -184,6 +205,16 @@ static Event *replay_read_event(int checkpoint)
read_id = replay_get_qword();
}
break;
+case REPLAY_ASYNC_EVENT_INPUT:
+event = g_malloc0(sizeof(Event));
+event->event_kind = read_event_kind;
+event->opaque = replay_read_input_event();
+return event;
+case REPLAY_ASYNC_EVENT_INPUT_SYNC:
+event = g_malloc0(sizeof(Event));
+event->event_kind = read_event_kind;
+event->opaque = 0;
+return event;
default:
error_report("Unknown ID %d of replay event", read_event_kind);
exit(1);
diff --git a/replay/replay-input.c b/replay/replay-input.c
new file mode 100755
index 000..54923b9
--- /dev/null
+++ b/replay/replay-input.c
@@ -0,0 +1,159 @@
+/*
+ * replay-input.c
+ *
+ * Copyright (c) 2010-2015 Institute for System Programming
+ * of the Russian Academy of Sciences.
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ *
+ */
+
+#include "qemu-common.h"
+#include "replay.h"
+#include "replay-internal.h"
+#include "ui/input.h"
+#include "qapi/qmp-output-visitor.h"
+#include "qapi/qmp-input-visitor.h"
+#include "qapi-visit.h"
+
+static InputEvent *qapi_clone_InputEvent(InputEvent *src)
+{
+QmpOutputVisitor *qov;
+QmpInputVisitor *qiv;
+Visitor *ov, *iv;
+QObject *obj;
+InputEvent *dst = NULL;
+
+qov = qmp_output_visitor_new();
+ov = qmp_output_get_visitor(qov);
+visit_type_InputEvent(ov, &src, NULL, &error_abort);
+obj = qmp_output_get_qobject(qov);
+qmp_output_visitor_cleanup(qov);
+if (!obj) {
+return NULL;
+}
+
+qiv = qmp_input_visitor_new(obj);
+iv = qmp_input_get_visit
Re: [Qemu-devel] [PATCH 2/3] xhci: remove unused code
Applied to -trivial, thanks! /mjt
[Qemu-devel] [RFC PATCH v12 18/21] replay: initialization and deinitialization
This patch introduces the functions for enabling the record/replay and for
freeing the resources when simulator closes.
Reviewed-by: Paolo Bonzini
Signed-off-by: Pavel Dovgalyuk
---
exec.c |1
replay/replay-internal.h |2 +
replay/replay.c | 134 ++
replay/replay.h | 10 +++
stubs/replay.c | 10 +++
vl.c |4 +
6 files changed, 161 insertions(+), 0 deletions(-)
diff --git a/exec.c b/exec.c
index 874ecfc..06f57c1 100644
--- a/exec.c
+++ b/exec.c
@@ -801,6 +801,7 @@ void cpu_abort(CPUState *cpu, const char *fmt, ...)
}
va_end(ap2);
va_end(ap);
+replay_finish();
#if defined(CONFIG_USER_ONLY)
{
struct sigaction act;
diff --git a/replay/replay-internal.h b/replay/replay-internal.h
index 29722cf..1fb8df2 100755
--- a/replay/replay-internal.h
+++ b/replay/replay-internal.h
@@ -33,6 +33,8 @@ enum ReplayEvents {
/* some of grteater codes are reserved for checkpoints */
EVENT_CHECKPOINT,
EVENT_CHECKPOINT_LAST = EVENT_CHECKPOINT + CHECKPOINT_COUNT - 1,
+/* end of log event */
+EVENT_END,
EVENT_COUNT
};
diff --git a/replay/replay.c b/replay/replay.c
index e5c61c4..776dc77 100755
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -15,8 +15,16 @@
#include "qemu/timer.h"
#include "sysemu/sysemu.h"
+/* Current version of the replay mechanism.
+ Increase it when file format changes. */
+#define REPLAY_VERSION 0xe02002
+/* Size of replay log header */
+#define HEADER_SIZE (sizeof(uint32_t) + sizeof(uint64_t))
+
ReplayMode replay_mode = REPLAY_MODE_NONE;
+/* Name of replay file */
+static char *replay_filename;
ReplayState replay_state;
bool replay_next_event_is(int event)
@@ -192,3 +200,129 @@ out:
replay_mutex_unlock();
return res;
}
+
+static void replay_enable(const char *fname, int mode)
+{
+const char *fmode = NULL;
+assert(!replay_file);
+
+switch (mode) {
+case REPLAY_MODE_RECORD:
+fmode = "wb";
+break;
+case REPLAY_MODE_PLAY:
+fmode = "rb";
+break;
+default:
+fprintf(stderr, "Replay: internal error: invalid replay mode\n");
+exit(1);
+}
+
+atexit(replay_finish);
+
+replay_mutex_init();
+
+replay_file = fopen(fname, fmode);
+if (replay_file == NULL) {
+fprintf(stderr, "Replay: open %s: %s\n", fname, strerror(errno));
+exit(1);
+}
+
+replay_filename = g_strdup(fname);
+
+replay_mode = mode;
+replay_data_kind = -1;
+replay_state.instructions_count = 0;
+replay_state.current_step = 0;
+
+/* skip file header for RECORD and check it for PLAY */
+if (replay_mode == REPLAY_MODE_RECORD) {
+fseek(replay_file, HEADER_SIZE, SEEK_SET);
+} else if (replay_mode == REPLAY_MODE_PLAY) {
+unsigned int version = replay_get_dword();
+uint64_t offset = replay_get_qword();
+if (version != REPLAY_VERSION) {
+fprintf(stderr, "Replay: invalid input log file version\n");
+exit(1);
+}
+/* go to the beginning */
+fseek(replay_file, 12, SEEK_SET);
+replay_fetch_data_kind();
+}
+
+replay_init_events();
+}
+
+void replay_configure(QemuOpts *opts)
+{
+const char *fname;
+const char *rr;
+ReplayMode mode = REPLAY_MODE_NONE;
+
+rr = qemu_opt_get(opts, "rr");
+if (!rr) {
+/* Just enabling icount */
+return;
+} else if (!strcmp(rr, "record")) {
+mode = REPLAY_MODE_RECORD;
+} else if (!strcmp(rr, "replay")) {
+mode = REPLAY_MODE_PLAY;
+} else {
+error_report("Invalid icount rr option: %s", rr);
+exit(1);
+}
+
+fname = qemu_opt_get(opts, "rrfile");
+if (!fname) {
+error_report("File name not specified for replay");
+exit(1);
+}
+
+replay_enable(fname, mode);
+}
+
+void replay_start(void)
+{
+if (replay_mode == REPLAY_MODE_NONE) {
+return;
+}
+
+/* Timer for snapshotting will be set up here. */
+
+replay_enable_events();
+}
+
+void replay_finish(void)
+{
+if (replay_mode == REPLAY_MODE_NONE) {
+return;
+}
+
+replay_save_instructions();
+
+/* finalize the file */
+if (replay_file) {
+if (replay_mode == REPLAY_MODE_RECORD) {
+uint64_t offset = 0;
+/* write end event */
+replay_put_event(EVENT_END);
+
+/* write header */
+fseek(replay_file, 0, SEEK_SET);
+replay_put_dword(REPLAY_VERSION);
+/* Just zero in this version.
+ But will be used later for snapshots table. */
+replay_put_qword(offset);
+}
+
+fclose(replay_file);
+replay_file = NULL;
+}
+if (replay_filename) {
+g_free(replay_filename);
+replay_filename = NULL;
+}
+
+replay_finish_events(
[Qemu-devel] [RFC PATCH v12 08/21] cpu: replay instructions sequence
This patch adds calls to replay functions into the icount setup block.
In record mode number of executed instructions is written to the log.
In replay mode number of istructions to execute is taken from the replay log.
When replayed instructions counter is expired qemu_notify_event()
function is called to wake up the iothread.
Reviewed-by: Paolo Bonzini
Signed-off-by: Pavel Dovgalyuk
---
cpus.c | 38 +-
replay/replay.c | 33 -
replay/replay.h |4
3 files changed, 61 insertions(+), 14 deletions(-)
diff --git a/cpus.c b/cpus.c
index d566f66..a7aff77 100644
--- a/cpus.c
+++ b/cpus.c
@@ -41,6 +41,7 @@
#include "qemu/seqlock.h"
#include "qapi-event.h"
#include "hw/nmi.h"
+#include "replay/replay.h"
#ifndef _WIN32
#include "qemu/compatfd.h"
@@ -1314,6 +1315,28 @@ int vm_stop_force_state(RunState state)
}
}
+static int64_t tcg_get_icount_limit(void)
+{
+int64_t deadline;
+
+if (replay_mode != REPLAY_MODE_PLAY) {
+deadline = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL);
+
+/* Maintain prior (possibly buggy) behaviour where if no deadline
+ * was set (as there is no QEMU_CLOCK_VIRTUAL timer) or it is more than
+ * INT32_MAX nanoseconds ahead, we still use INT32_MAX
+ * nanoseconds.
+ */
+if ((deadline < 0) || (deadline > INT32_MAX)) {
+deadline = INT32_MAX;
+}
+
+return qemu_icount_round(deadline);
+} else {
+return replay_get_instructions();
+}
+}
+
static int tcg_cpu_exec(CPUArchState *env)
{
CPUState *cpu = ENV_GET_CPU(env);
@@ -1327,24 +1350,12 @@ static int tcg_cpu_exec(CPUArchState *env)
#endif
if (use_icount) {
int64_t count;
-int64_t deadline;
int decr;
timers_state.qemu_icount -= (cpu->icount_decr.u16.low
+ cpu->icount_extra);
cpu->icount_decr.u16.low = 0;
cpu->icount_extra = 0;
-deadline = qemu_clock_deadline_ns_all(QEMU_CLOCK_VIRTUAL);
-
-/* Maintain prior (possibly buggy) behaviour where if no deadline
- * was set (as there is no QEMU_CLOCK_VIRTUAL timer) or it is more than
- * INT32_MAX nanoseconds ahead, we still use INT32_MAX
- * nanoseconds.
- */
-if ((deadline < 0) || (deadline > INT32_MAX)) {
-deadline = INT32_MAX;
-}
-
-count = qemu_icount_round(deadline);
+count = tcg_get_icount_limit();
timers_state.qemu_icount += count;
decr = (count > 0x) ? 0x : count;
count -= decr;
@@ -1362,6 +1373,7 @@ static int tcg_cpu_exec(CPUArchState *env)
+ cpu->icount_extra);
cpu->icount_decr.u32 = 0;
cpu->icount_extra = 0;
+replay_account_executed_instructions();
}
return ret;
}
diff --git a/replay/replay.c b/replay/replay.c
index 43798e1..cfef7e9 100755
--- a/replay/replay.c
+++ b/replay/replay.c
@@ -29,7 +29,6 @@ bool replay_next_event_is(int event)
}
while (true) {
-replay_fetch_data_kind();
if (event == replay_data_kind) {
res = true;
}
@@ -46,3 +45,35 @@ uint64_t replay_get_current_step(void)
{
return cpu_get_icount_raw();
}
+
+int replay_get_instructions(void)
+{
+int res = 0;
+replay_mutex_lock();
+if (replay_next_event_is(EVENT_INSTRUCTION)) {
+res = replay_state.instructions_count;
+}
+replay_mutex_unlock();
+return res;
+}
+
+void replay_account_executed_instructions(void)
+{
+replay_mutex_lock();
+if (replay_mode == REPLAY_MODE_PLAY
+&& replay_state.instructions_count > 0) {
+int count = (int)(replay_get_current_step()
+ - replay_state.current_step);
+replay_state.instructions_count -= count;
+replay_state.current_step += count;
+if (replay_state.instructions_count == 0) {
+assert(replay_data_kind == EVENT_INSTRUCTION);
+replay_finish_event();
+/* Wake up iothread. This is required because
+ timers will not expire until clock counters
+ will be read from the log. */
+qemu_notify_event();
+}
+}
+replay_mutex_unlock();
+}
diff --git a/replay/replay.h b/replay/replay.h
index a03c748..d19715f 100755
--- a/replay/replay.h
+++ b/replay/replay.h
@@ -22,5 +22,9 @@ extern ReplayMode replay_mode;
/*! Returns number of executed instructions. */
uint64_t replay_get_current_step(void);
+/*! Returns number of instructions to execute in replay mode. */
+int replay_get_instructions(void);
+/*! Updates instructions counter in replay mode. */
+void replay_account_executed_instructions(void);
#endif
Re: [Qemu-devel] [PATCH 2/6] input: remove unused mouse_handlers list
05.05.2015 13:00, Gerd Hoffmann wrote: > On Mo, 2015-04-27 at 12:45 -0400, Emilio G. Cota wrote: >> Signed-off-by: Emilio G. Cota > > Reviewed-by: Gerd Hoffmann Too late, it has already been applied to master… /mjt
