Re: [Qemu-devel] [PATCH 3/6] ast2400: use machine cpu_model to initialize the soc cpu

[Cédric Le Goater]

On 07/28/2016 04:37 AM, Andrew Jeffery wrote:
> I did a similar thing in the series introducing the AST2400 SoC, and
> Peter had a comment on the approach[1]:
> 
> What we do now is not let the user override the cpu model at all;
> presumably this SoC only ever has an ARM926 and it doesn't make
> any sense to have some frankenstein "this SoC but with a different
> CPU in it" config.
> 
> Given this is the ast2400_init() it looks to me like we should be
> hardwiring the CPU rather than leaving it to the machine to define.

ok. so if we consider that the platform did the setting, we can reduce 
the patch to :

-s->cpu = cpu_arm_init("arm926");
+s->cpu = cpu_arm_init(current_machine->cpu_model);

Cheers,

C.

[Qemu-devel] [PATCH v1 8/8] target-ppc: add extswsli[.] instruction

[Nikunj A Dadhania]

extswsli : Extend Sign Word & Shift Left Immediate

Signed-off-by: Nikunj A Dadhania 
Reviewed-by: David Gibson 
---
 target-ppc/translate.c | 30 ++
 1 file changed, 30 insertions(+)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 82349ed..8d25121 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -2328,6 +2328,32 @@ static void gen_sradi1(DisasContext *ctx)
 gen_sradi(ctx, 1);
 }
 
+/* extswsli & extswsli. */
+static inline void gen_extswsli(DisasContext *ctx, int n)
+{
+int sh = SH(ctx->opcode) + (n << 5);
+TCGv dst = cpu_gpr[rA(ctx->opcode)];
+TCGv src = cpu_gpr[rS(ctx->opcode)];
+
+tcg_gen_ext32s_tl(dst, src);
+if (sh != 0) {
+tcg_gen_shli_tl(dst, dst, sh);
+}
+if (unlikely(Rc(ctx->opcode) != 0)) {
+gen_set_Rc0(ctx, dst);
+}
+}
+
+static void gen_extswsli0(DisasContext *ctx)
+{
+gen_extswsli(ctx, 0);
+}
+
+static void gen_extswsli1(DisasContext *ctx)
+{
+gen_extswsli(ctx, 1);
+}
+
 /* srd & srd. */
 static void gen_srd(DisasContext *ctx)
 {
@@ -6227,6 +6253,10 @@ GEN_HANDLER(srad, 0x1F, 0x1A, 0x18, 0x, PPC_64B),
 GEN_HANDLER2(sradi0, "sradi", 0x1F, 0x1A, 0x19, 0x, PPC_64B),
 GEN_HANDLER2(sradi1, "sradi", 0x1F, 0x1B, 0x19, 0x, PPC_64B),
 GEN_HANDLER(srd, 0x1F, 0x1B, 0x10, 0x, PPC_64B),
+GEN_HANDLER2_E(extswsli0, "extswsli", 0x1F, 0x1A, 0x1B, 0x,
+   PPC_NONE, PPC2_ISA300),
+GEN_HANDLER2_E(extswsli1, "extswsli", 0x1F, 0x1B, 0x1B, 0x,
+   PPC_NONE, PPC2_ISA300),
 #endif
 #if defined(TARGET_PPC64)
 GEN_HANDLER(ld, 0x3A, 0xFF, 0xFF, 0x, PPC_64B),
-- 
2.7.4

[Qemu-devel] [PATCH v1 1/8] target-ppc: implement branch-less divw[o][.]

[Nikunj A Dadhania]

While implementing modulo instructions figured out that the
implementation uses many branches. Change the logic to achieve the
branch-less code. Undefined value is set to dividend in case of invalid
input.

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate.c | 48 +++-
 1 file changed, 23 insertions(+), 25 deletions(-)

diff --git a/target-ppc/translate.c b/target-ppc/translate.c
index 3dd9a48..2a5ce3f 100644
--- a/target-ppc/translate.c
+++ b/target-ppc/translate.c
@@ -1096,41 +1096,39 @@ static void gen_addpcis(DisasContext *ctx)
 static inline void gen_op_arith_divw(DisasContext *ctx, TCGv ret, TCGv arg1,
  TCGv arg2, int sign, int compute_ov)
 {
-TCGLabel *l1 = gen_new_label();
-TCGLabel *l2 = gen_new_label();
-TCGv_i32 t0 = tcg_temp_local_new_i32();
-TCGv_i32 t1 = tcg_temp_local_new_i32();
+TCGv_i32 t0 = tcg_temp_new_i32();
+TCGv_i32 t1 = tcg_temp_new_i32();
+TCGv_i32 t2 = tcg_temp_new_i32();
+TCGv_i32 t3 = tcg_temp_new_i32();
 
 tcg_gen_trunc_tl_i32(t0, arg1);
 tcg_gen_trunc_tl_i32(t1, arg2);
-tcg_gen_brcondi_i32(TCG_COND_EQ, t1, 0, l1);
-if (sign) {
-TCGLabel *l3 = gen_new_label();
-tcg_gen_brcondi_i32(TCG_COND_NE, t1, -1, l3);
-tcg_gen_brcondi_i32(TCG_COND_EQ, t0, INT32_MIN, l1);
-gen_set_label(l3);
-tcg_gen_div_i32(t0, t0, t1);
-} else {
-tcg_gen_divu_i32(t0, t0, t1);
-}
-if (compute_ov) {
-tcg_gen_movi_tl(cpu_ov, 0);
-}
-tcg_gen_br(l2);
-gen_set_label(l1);
 if (sign) {
-tcg_gen_sari_i32(t0, t0, 31);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t2, t0, INT_MIN);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t3, t1, -1);
+tcg_gen_and_i32(t2, t2, t3);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t3, t1, 0);
+tcg_gen_or_i32(t2, t2, t3);
+tcg_gen_movi_i32(t3, 0);
+tcg_gen_movcond_i32(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_div_i32(t3, t0, t1);
+tcg_gen_extu_i32_tl(ret, t3);
 } else {
-tcg_gen_movi_i32(t0, 0);
+tcg_gen_setcondi_i32(TCG_COND_EQ, t2, t1, 0);
+tcg_gen_movi_i32(t3, 0);
+tcg_gen_movcond_i32(TCG_COND_NE, t1, t2, t3, t2, t1);
+tcg_gen_divu_i32(t3, t0, t1);
+tcg_gen_extu_i32_tl(ret, t3);
 }
 if (compute_ov) {
-tcg_gen_movi_tl(cpu_ov, 1);
-tcg_gen_movi_tl(cpu_so, 1);
+tcg_gen_extu_i32_tl(cpu_ov, t2);
+tcg_gen_or_tl(cpu_so, cpu_so, cpu_ov);
 }
-gen_set_label(l2);
-tcg_gen_extu_i32_tl(ret, t0);
 tcg_temp_free_i32(t0);
 tcg_temp_free_i32(t1);
+tcg_temp_free_i32(t2);
+tcg_temp_free_i32(t3);
+
 if (unlikely(Rc(ctx->opcode) != 0))
 gen_set_Rc0(ctx, ret);
 }
-- 
2.7.4

Re: [Qemu-devel] [PATCH 4/6] palmetto-bmc: add board specific configuration

[Cédric Le Goater]

On 07/28/2016 04:45 AM, Andrew Jeffery wrote:
> On Wed, 2016-07-27 at 18:46 +0200, Cédric Le Goater wrote:
>> aspeed_init() now uses a board identifier to customize some values
>> specific to the board, ram base, board revision number, etc.
>>
>> Signed-off-by: Cédric Le Goater 
> 
> Looks okay to me, some minor comments below:
> 
>> ---
>>  hw/arm/palmetto-bmc.c | 34 ++
>>  1 file changed, 26 insertions(+), 8 deletions(-)
>>
>> diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
>> index 8a3ff5568575..cd8aa59756b9 100644
>> --- a/hw/arm/palmetto-bmc.c
>> +++ b/hw/arm/palmetto-bmc.c
>> @@ -22,8 +22,6 @@
>>  #include "sysemu/blockdev.h"
>>  
>>  static struct arm_boot_info aspeed_binfo = {
>> -.loader_start = AST2400_SDRAM_BASE,
>> -.board_id = 0,
>>  .nb_cpus = 1,
>>  };
>>  
>> @@ -32,6 +30,21 @@ typedef struct AspeedBoardState {
>>  MemoryRegion ram;
>>  } AspeedBoardState;
>>  
>> +typedef struct AspeedBoardConfig {
>> +uint32_t hw_strap1;
>> +uint32_t silicon_rev;
>> +hwaddr sdram_base;
>> +} AspeedBoardConfig;
>> +
>> +enum {
>> +PALMETTO_BMC
>> +};
>> +
>> +static const AspeedBoardConfig aspeed_boards[] = {
>> +[ PALMETTO_BMC ] = { 0x120CE416, AST2400_A0_SILICON_REV,
>> + AST2400_SDRAM_BASE },
> 
> I was playing around before and my test scripts noticed checkpatch
> complained about the spacing with the array indexing: "[PALMETTO_BMC]"
> fixed the error.

sigh. I am not sure I checkpatched this one.

>> +};
>> +
>>  static void aspeed_init_flashes(AspeedSMCState *s, const char *flashtype,
>>  Error **errp)
>>  {
>> @@ -58,7 +71,7 @@ static void aspeed_init_flashes(AspeedSMCState *s, const 
>> char *flashtype,
>>  }
>>  }
>>  
>> -static void aspeed_init(MachineState *machine)
>> +static void aspeed_init(MachineState *machine, int board_model)
> 
> I feel like we should pass a "struct AspeedBoardConfig *" rather than
> the "int board_model", cleaning up the repeated indexing into
> aspeed_boards the body. Thoughts? 

yep. I agree. Will change that.

Thanks,

C. 


> Andrew
> 
>>  {
>>  AspeedBoardState *bmc;
>>  
>> @@ -68,13 +81,16 @@ static void aspeed_init(MachineState *machine)
>>&error_abort);
>>  
>>  memory_region_allocate_system_memory(&bmc->ram, NULL, "ram", ram_size);
>> -memory_region_add_subregion(get_system_memory(), AST2400_SDRAM_BASE,
>> +memory_region_add_subregion(get_system_memory(),
>> +aspeed_boards[board_model].sdram_base,
>>  &bmc->ram);
>>  object_property_add_const_link(OBJECT(&bmc->soc), "ram", 
>> OBJECT(&bmc->ram),
>> &error_abort);
>> -object_property_set_int(OBJECT(&bmc->soc), 0x120CE416, "hw-strap1",
>> -&error_abort);
>> -object_property_set_int(OBJECT(&bmc->soc), AST2400_A0_SILICON_REV,
>> +object_property_set_int(OBJECT(&bmc->soc),
>> +aspeed_boards[board_model].hw_strap1,
>> +"hw-strap1", &error_abort);
>> +object_property_set_int(OBJECT(&bmc->soc),
>> +aspeed_boards[board_model].silicon_rev,
>>  "silicon-rev", &error_abort);
>>  object_property_set_bool(OBJECT(&bmc->soc), true, "realized",
>>   &error_abort);
>> @@ -86,13 +102,15 @@ static void aspeed_init(MachineState *machine)
>>  aspeed_binfo.initrd_filename = machine->initrd_filename;
>>  aspeed_binfo.kernel_cmdline = machine->kernel_cmdline;
>>  aspeed_binfo.ram_size = ram_size;
>> +aspeed_binfo.loader_start = aspeed_boards[board_model].sdram_base,
>> +aspeed_binfo.board_id = aspeed_boards[board_model].silicon_rev,
>>  arm_load_kernel(ARM_CPU(first_cpu), &aspeed_binfo);
>>  }
>>  
>>  static void palmetto_bmc_init(MachineState *machine)
>>  {
>>  machine->cpu_model = "arm926";
>> -aspeed_init(machine);
>> +aspeed_init(machine, PALMETTO_BMC);
>>  }
>>  
>>  static void palmetto_bmc_class_init(ObjectClass *oc, void *data)

Re: [Qemu-devel] [PATCH] ppc: Add MacOS VGA driver ROM

[Alexander Graf]

On 07/28/2016 07:51 AM, David Gibson wrote:

On Wed, Jul 27, 2016 at 06:27:33PM +1000, Benjamin Herrenschmidt wrote:

The project is at https://github.com/ozbenh/QemuMacDrivers

This adds a native MacOS driver in ROM (which can be picked up
by MacOS once OpenBIOS has been updated if Mark accepts
the patches I sent him) which allows MacOS classic
(tested 9.2.1) and MacOS X (tested 10.1.4 and 10.4)
to properly use QEMU std VGA (10.1.x doesn't work at all
without it, the others get the ability to change resolution
and color depth).

Building the ROM is tricky and requires CodeWarrior for MacOS
so I include a pre-built binary.

So, I believe qemu convention is to include the ROM source via a
submodule - even though it won't typically be built from there and the
prebuilt blob will be used instead.

Not sure who the right person to talk to about that would be.


I think Stefan handles the logistics there now. CC'ed him.


The reason for the submodule is so that on tar releases, the source gets 
included automatically. That way we can ensure that we always include 
all GPL sources that we deliver binaries for.



Alex

Re: [Qemu-devel] [PATCH 2/6] palmetto-bmc: replace palmetto_bmc with aspeed

[Cédric Le Goater]

On 07/28/2016 06:48 AM, Andrew Jeffery wrote:
> On Wed, 2016-07-27 at 18:46 +0200, Cédric Le Goater wrote:
>> This is mostly a name replacement to prepare ground for other socs
>> specificities. It also adds a specific TypeInfo struct for the
>> palmetto_bmc board with a custom initialization for the same reason.
> 
> I think we should rename the file, it feels a bit confusing having the
> ast2500 machine glue (added later in the series) in palmetto-bmc.c. You
> mentioned in the cover letter that moving it would break history but it
> isn't necessarily so, you can follow renames in the logs with `git log
> --follow`. It's a git switch that feels like it should be a default but
> isn't :/

Ah. nice option indeed :) I was not aware of it.

> Maybe create a commit that renames the file, then add these changes
> after?

yes. rename then add changes, I will do that in v2.

Thanks,

C. 

> Andrew
> 
>>
>> Signed-off-by: Cédric Le Goater 
>> ---
>>
>>  Should we change the name of the file to aspeed.c ? I am not found of
>>  such renames as it is then difficult to track code changes.
>>
>>  hw/arm/palmetto-bmc.c | 54 
>> ++-
>>  1 file changed, 36 insertions(+), 18 deletions(-)
>>
>> diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
>> index 1ee13d578899..f80a15733864 100644
>> --- a/hw/arm/palmetto-bmc.c
>> +++ b/hw/arm/palmetto-bmc.c
>> @@ -21,19 +21,19 @@
>>  #include "sysemu/block-backend.h"
>>  #include "sysemu/blockdev.h"
>>  
>> -static struct arm_boot_info palmetto_bmc_binfo = {
>> +static struct arm_boot_info aspeed_binfo = {
>>  .loader_start = AST2400_SDRAM_BASE,
>>  .board_id = 0,
>>  .nb_cpus = 1,
>>  };
>>  
>> -typedef struct PalmettoBMCState {
>> +typedef struct AspeedBoardState {
>>  AST2400State soc;
>>  MemoryRegion ram;
>> -} PalmettoBMCState;
>> +} AspeedBoardState;
>>  
>> -static void palmetto_bmc_init_flashes(AspeedSMCState *s, const char 
>> *flashtype,
>> -  Error **errp)
>> +static void aspeed_init_flashes(AspeedSMCState *s, const char *flashtype,
>> +Error **errp)
>>  {
>>  int i ;
>>  
>> @@ -58,11 +58,11 @@ static void palmetto_bmc_init_flashes(AspeedSMCState *s, 
>> const char *flashtype,
>>  }
>>  }
>>  
>> -static void palmetto_bmc_init(MachineState *machine)
>> +static void aspeed_init(MachineState *machine)
>>  {
>> -PalmettoBMCState *bmc;
>> +AspeedBoardState *bmc;
>>  
>> -bmc = g_new0(PalmettoBMCState, 1);
>> +bmc = g_new0(AspeedBoardState, 1);
>>  object_initialize(&bmc->soc, (sizeof(bmc->soc)), TYPE_AST2400);
>>  object_property_add_child(OBJECT(machine), "soc", OBJECT(&bmc->soc),
>>&error_abort);
>> @@ -79,19 +79,26 @@ static void palmetto_bmc_init(MachineState *machine)
>>  object_property_set_bool(OBJECT(&bmc->soc), true, "realized",
>>   &error_abort);
>>  
>> -palmetto_bmc_init_flashes(&bmc->soc.smc, "n25q256a", &error_abort);
>> -palmetto_bmc_init_flashes(&bmc->soc.spi, "mx25l25635e", &error_abort);
>> +aspeed_init_flashes(&bmc->soc.smc, "n25q256a", &error_abort);
>> +aspeed_init_flashes(&bmc->soc.spi, "mx25l25635e", &error_abort);
>> +
>> +aspeed_binfo.kernel_filename = machine->kernel_filename;
>> +aspeed_binfo.initrd_filename = machine->initrd_filename;
>> +aspeed_binfo.kernel_cmdline = machine->kernel_cmdline;
>> +aspeed_binfo.ram_size = ram_size;
>> +arm_load_kernel(ARM_CPU(first_cpu), &aspeed_binfo);
>> +}
>>  
>> -palmetto_bmc_binfo.kernel_filename = machine->kernel_filename;
>> -palmetto_bmc_binfo.initrd_filename = machine->initrd_filename;
>> -palmetto_bmc_binfo.kernel_cmdline = machine->kernel_cmdline;
>> -palmetto_bmc_binfo.ram_size = ram_size;
>> -arm_load_kernel(ARM_CPU(first_cpu), &palmetto_bmc_binfo);
>> +static void palmetto_bmc_init(MachineState *machine)
>> +{
>> +aspeed_init(machine);
>>  }
>>  
>> -static void palmetto_bmc_machine_init(MachineClass *mc)
>> +static void palmetto_bmc_class_init(ObjectClass *oc, void *data)
>>  {
>> -mc->desc = "OpenPOWER Palmetto BMC";
>> +MachineClass *mc = MACHINE_CLASS(oc);
>> +
>> +mc->desc = "OpenPOWER Palmetto BMC (ARM926EJ-S)";
>>  mc->init = palmetto_bmc_init;
>>  mc->max_cpus = 1;
>>  mc->no_sdcard = 1;
>> @@ -101,4 +108,15 @@ static void palmetto_bmc_machine_init(MachineClass *mc)
>>  mc->no_parallel = 1;
>>  }
>>  
>> -DEFINE_MACHINE("palmetto-bmc", palmetto_bmc_machine_init);
>> +static const TypeInfo palmetto_bmc_type = {
>> +.name = MACHINE_TYPE_NAME("palmetto-bmc"),
>> +.parent = TYPE_MACHINE,
>> +.class_init = palmetto_bmc_class_init,
>> +};
>> +
>> +static void aspeed_machine_init(void)
>> +{
>> +type_register_static(&palmetto_bmc_type);
>> +}
>> +
>> +type_init(aspeed_machine_init)

[Qemu-devel] [PATCH for-2.7 v5.1 1/2] vhost-user: Introduce a new protocol feature REPLY_ACK.

[Prerna Saxena]

From: Prerna Saxena 

This introduces the VHOST_USER_PROTOCOL_F_REPLY_ACK.

If negotiated, client applications should send a u64 payload in
response to any message that contains the "need_reply" bit set
on the message flags. Setting the payload to "zero" indicates the
command finished successfully. Likewise, setting it to "non-zero"
indicates an error.

Currently implemented only for SET_MEM_TABLE.

Signed-off-by: Prerna Saxena 
---
 docs/specs/vhost-user.txt | 26 ++
 hw/virtio/vhost-user.c| 32 
 2 files changed, 58 insertions(+)

diff --git a/docs/specs/vhost-user.txt b/docs/specs/vhost-user.txt
index 777c49c..54b5c8f 100644
--- a/docs/specs/vhost-user.txt
+++ b/docs/specs/vhost-user.txt
@@ -37,6 +37,8 @@ consists of 3 header fields and a payload:
  * Flags: 32-bit bit field:
- Lower 2 bits are the version (currently 0x01)
- Bit 2 is the reply flag - needs to be sent on each reply from the slave
+   - Bit 3 is the need_reply flag - see VHOST_USER_PROTOCOL_F_REPLY_ACK for
+ details.
  * Size - 32-bit size of the payload
 
 
@@ -126,6 +128,8 @@ the ones that do:
  * VHOST_GET_VRING_BASE
  * VHOST_SET_LOG_BASE (if VHOST_USER_PROTOCOL_F_LOG_SHMFD)
 
+[ Also see the section on REPLY_ACK protocol extension. ]
+
 There are several messages that the master sends with file descriptors passed
 in the ancillary data:
 
@@ -254,6 +258,7 @@ Protocol features
 #define VHOST_USER_PROTOCOL_F_MQ 0
 #define VHOST_USER_PROTOCOL_F_LOG_SHMFD  1
 #define VHOST_USER_PROTOCOL_F_RARP   2
+#define VHOST_USER_PROTOCOL_F_REPLY_ACK  3
 
 Message types
 -
@@ -464,3 +469,24 @@ Message types
   is present in VHOST_USER_GET_PROTOCOL_FEATURES.
   The first 6 bytes of the payload contain the mac address of the guest to
   allow the vhost user backend to construct and broadcast the fake RARP.
+
+VHOST_USER_PROTOCOL_F_REPLY_ACK:
+---
+The original vhost-user specification only demands replies for certain
+commands. This differs from the vhost protocol implementation where commands
+are sent over an ioctl() call and block until the client has completed.
+
+With this protocol extension negotiated, the sender (QEMU) can set the
+"need_reply" [Bit 3] flag to any command. This indicates that
+the client MUST respond with a Payload VhostUserMsg indicating success or
+failure. The payload should be set to zero on success or non-zero on failure.
+(Unless the message already has an explicit reply body)
+
+This indicates to QEMU that the requested operation has deterministically
+been met or not. Today, QEMU is expected to terminate the main vhost-user
+loop upon receiving such errors. In future, qemu could be taught to be more
+resilient for selective requests.
+
+For the message types that already solicit a reply from the client, the
+presence of VHOST_USER_PROTOCOL_F_REPLY_ACK or need_reply bit being set brings
+no behaviourial change. (See the 'Communication' section for details.)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 495e09f..86e7ae0 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -31,6 +31,7 @@ enum VhostUserProtocolFeature {
 VHOST_USER_PROTOCOL_F_MQ = 0,
 VHOST_USER_PROTOCOL_F_LOG_SHMFD = 1,
 VHOST_USER_PROTOCOL_F_RARP = 2,
+VHOST_USER_PROTOCOL_F_REPLY_ACK = 3,
 
 VHOST_USER_PROTOCOL_F_MAX
 };
@@ -84,6 +85,7 @@ typedef struct VhostUserMsg {
 
 #define VHOST_USER_VERSION_MASK (0x3)
 #define VHOST_USER_REPLY_MASK   (0x1<<2)
+#define VHOST_USER_NEED_REPLY_MASK   (0x1 << 3)
 uint32_t flags;
 uint32_t size; /* the following payload size */
 union {
@@ -158,6 +160,25 @@ fail:
 return -1;
 }
 
+static int process_message_reply(struct vhost_dev *dev,
+VhostUserRequest request)
+{
+VhostUserMsg msg;
+
+if (vhost_user_read(dev, &msg) < 0) {
+return 0;
+}
+
+if (msg.request != request) {
+error_report("Received unexpected msg type."
+"Expected %d received %d",
+request, msg.request);
+return -1;
+}
+
+return msg.payload.u64 ? -1 : 0;
+}
+
 static bool vhost_user_one_time_request(VhostUserRequest request)
 {
 switch (request) {
@@ -239,11 +260,18 @@ static int vhost_user_set_mem_table(struct vhost_dev *dev,
 int fds[VHOST_MEMORY_MAX_NREGIONS];
 int i, fd;
 size_t fd_num = 0;
+bool reply_supported = virtio_has_feature(dev->protocol_features,
+VHOST_USER_PROTOCOL_F_REPLY_ACK);
+
 VhostUserMsg msg = {
 .request = VHOST_USER_SET_MEM_TABLE,
 .flags = VHOST_USER_VERSION,
 };
 
+if (reply_supported) {
+msg.flags |= VHOST_USER_NEED_REPLY_MASK;
+}
+
 for (i = 0; i < dev->mem->nregions; ++i) {
 struct vhost_memory_region *reg = dev->mem->regions + i;
 ram_addr_t offset;
@@ -277,6 +305,

[Qemu-devel] [PATCH for-2.7 v5.1 0/2] vhost-user: Extend protocol to receive replies on any command.

[Prerna Saxena]

From: Prerna Saxena 

vhost-user: Extend protocol to receive replies on any command.

The current vhost-user protocol requires the client to send reply to only a
few commands. For the remaining commands, it is impossible for QEMU to know the
status of the requested operation -- ie, did it succeed? If so, by what time?

This is inconvenient, and can also lead to races. As an example:

(1) Qemu sends a SET_MEM_TABLE to the backend (eg, a vhost-user net 
application).Note that SET_MEM_TABLE does not require a reply according to the 
spec.
(2) Qemu commits the memory to the guest.
(3) Guest issues an I/O operation over a new memory region which was configured 
on (1).
(4) The application hasn't yet remapped the memory, but it sees the I/O request.
(5) The application cannot satisfy the request because it does not know about 
those GPAs.

Note that the kernel implementation does not suffer from this limitation since 
messages are sent via an ioctl(). The ioctl() blocks until the backend (eg. 
vhost-net) completes the command and returns (with an error code).

Changing the behaviour of current vhost-user commands would break existing 
applications.
Patch 1 introduces a protocol extension, VHOST_USER_PROTOCOL_F_REPLY_ACK. This
feature, if negotiated, allows QEMU to request a reply to any message by setting
the newly introduced "need_reply" flag. The application must then respond to 
qemu
by providing a status about the requested operation.

Patch 2 adds a workaround for the race described above for clients that do not 
support REPLY_ACK
feature. It introduces  a get_features command to be sent before returning from 
set_mem_table. While this is not a complete fix, it will help client 
applications that strictly process messagesin order.

Changelog:
--
Changes v5->v5.1 :
1) Patch 1 : no change
2) Patch 2 : fixes a tiny typo I'd accidentally introduced while creating v5 
from v4. The code itself is unchanged from v4.

Changes v4->v5:
1) Patch 1 :
* Reword 'response' to 'reply' on public demand.
* Documentation is more concise.
Patch 2 : unchanged

Changes v3->v4:
1) Rearranged code in PATCH 1 to offset compiler warnings about missing 
declaration of vhost_user_read(). Fixed by moving process_message_reply() after 
definition of vhost_user_read()
2) Fixed minor suggestions in writeup for this protocol extension.

Changes v2->v3:
1) Swapped the patch numbers 1 & 2 from the previous series.
2) Patch 1 (previously patch 2 in v2): addresses MarcAndre's review comments 
and renames function 'process_message_response' to 'process_message_reply'
3) Patch 2 (ie patch 1 in v2) : Unchanged from v2.

Changes v1->v2:
1) Patch 1 : Ask for get_features before returning from set_mem_table(new).
2) Patch 2 : * Improve documentation.
  * Abstract out commonly used operations in the form of a function, 
process_message_response(). Also implement this only for SET_MEM_TABLE.

References:
v1 : https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg07152.html
v2 : https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg00048.html
v3 : https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg01598.html
v4 : https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06173.html

Prerna Saxena (2):
  vhost-user: Introduce a new protocol feature REPLY_ACK.
  vhost-user: Attempt to fix a race with set_mem_table.

 docs/specs/vhost-user.txt |  44 +++
 hw/virtio/vhost-user.c| 133 ++
 2 files changed, 130 insertions(+), 47 deletions(-)

-- 
1.8.1.2

[Qemu-devel] [PATCH for-2.7 v5.1 2/2] vhost-user: Attempt to fix a race with set_mem_table.

[Prerna Saxena]

From: Prerna Saxena 

The set_mem_table command currently does not seek a reply. Hence, there is
no easy way for a remote application to notify to QEMU when it finished
setting up memory, or if there were errors doing so.

As an example:
(1) Qemu sends a SET_MEM_TABLE to the backend (eg, a vhost-user net
application). SET_MEM_TABLE does not require a reply according to the spec.
(2) Qemu commits the memory to the guest.
(3) Guest issues an I/O operation over a new memory region which was configured 
on (1).
(4) The application has not yet remapped the memory, but it sees the I/O 
request.
(5) The application cannot satisfy the request because it does not know about 
those GPAs.

While a guaranteed fix would require a protocol extension (committed 
separately),
a best-effort workaround for existing applications is to send a GET_FEATURES
message before completing the vhost_user_set_mem_table() call.
Since GET_FEATURES requires a reply, an application that processes vhost-user
messages synchronously would probably have completed the SET_MEM_TABLE before 
replying.

Signed-off-by: Prerna Saxena 
---
 hw/virtio/vhost-user.c | 123 ++---
 1 file changed, 65 insertions(+), 58 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 86e7ae0..d0dafa0 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -254,64 +254,6 @@ static int vhost_user_set_log_base(struct vhost_dev *dev, 
uint64_t base,
 return 0;
 }
 
-static int vhost_user_set_mem_table(struct vhost_dev *dev,
-struct vhost_memory *mem)
-{
-int fds[VHOST_MEMORY_MAX_NREGIONS];
-int i, fd;
-size_t fd_num = 0;
-bool reply_supported = virtio_has_feature(dev->protocol_features,
-VHOST_USER_PROTOCOL_F_REPLY_ACK);
-
-VhostUserMsg msg = {
-.request = VHOST_USER_SET_MEM_TABLE,
-.flags = VHOST_USER_VERSION,
-};
-
-if (reply_supported) {
-msg.flags |= VHOST_USER_NEED_REPLY_MASK;
-}
-
-for (i = 0; i < dev->mem->nregions; ++i) {
-struct vhost_memory_region *reg = dev->mem->regions + i;
-ram_addr_t offset;
-MemoryRegion *mr;
-
-assert((uintptr_t)reg->userspace_addr == reg->userspace_addr);
-mr = memory_region_from_host((void *)(uintptr_t)reg->userspace_addr,
- &offset);
-fd = memory_region_get_fd(mr);
-if (fd > 0) {
-msg.payload.memory.regions[fd_num].userspace_addr = 
reg->userspace_addr;
-msg.payload.memory.regions[fd_num].memory_size  = reg->memory_size;
-msg.payload.memory.regions[fd_num].guest_phys_addr = 
reg->guest_phys_addr;
-msg.payload.memory.regions[fd_num].mmap_offset = offset;
-assert(fd_num < VHOST_MEMORY_MAX_NREGIONS);
-fds[fd_num++] = fd;
-}
-}
-
-msg.payload.memory.nregions = fd_num;
-
-if (!fd_num) {
-error_report("Failed initializing vhost-user memory map, "
- "consider using -object memory-backend-file share=on");
-return -1;
-}
-
-msg.size = sizeof(msg.payload.memory.nregions);
-msg.size += sizeof(msg.payload.memory.padding);
-msg.size += fd_num * sizeof(VhostUserMemoryRegion);
-
-vhost_user_write(dev, &msg, fds, fd_num);
-
-if (reply_supported) {
-return process_message_reply(dev, msg.request);
-}
-
-return 0;
-}
-
 static int vhost_user_set_vring_addr(struct vhost_dev *dev,
  struct vhost_vring_addr *addr)
 {
@@ -514,6 +456,71 @@ static int vhost_user_get_features(struct vhost_dev *dev, 
uint64_t *features)
 return vhost_user_get_u64(dev, VHOST_USER_GET_FEATURES, features);
 }
 
+static int vhost_user_set_mem_table(struct vhost_dev *dev,
+struct vhost_memory *mem)
+{
+int fds[VHOST_MEMORY_MAX_NREGIONS];
+int i, fd;
+size_t fd_num = 0;
+uint64_t features;
+bool reply_supported = virtio_has_feature(dev->protocol_features,
+VHOST_USER_PROTOCOL_F_REPLY_ACK);
+
+VhostUserMsg msg = {
+.request = VHOST_USER_SET_MEM_TABLE,
+.flags = VHOST_USER_VERSION,
+};
+
+if (reply_supported) {
+msg.flags |= VHOST_USER_NEED_REPLY_MASK;
+}
+
+for (i = 0; i < dev->mem->nregions; ++i) {
+struct vhost_memory_region *reg = dev->mem->regions + i;
+ram_addr_t offset;
+MemoryRegion *mr;
+
+assert((uintptr_t)reg->userspace_addr == reg->userspace_addr);
+mr = memory_region_from_host((void *)(uintptr_t)reg->userspace_addr,
+ &offset);
+fd = memory_region_get_fd(mr);
+if (fd > 0) {
+msg.payload.memory.regions[fd_num].userspace_addr = 
reg->userspace_addr;
+msg.payload.memory.regions[fd_num].memory_size  = reg->memory_size;
+msg.pa

Re: [Qemu-devel] [PATCH v4 2/2] vhost-user: Attempt to fix a race with set_mem_table.

[Prerna Saxena]

On 27/07/16 7:00 pm, "Michael S. Tsirkin"  wrote:



>On Wed, Jul 27, 2016 at 02:52:37AM -0700, Prerna Saxena wrote:
>> From: Prerna Saxena 
>> 
>> The set_mem_table command currently does not seek a reply. Hence, there is
>> no easy way for a remote application to notify to QEMU when it finished
>> setting up memory, or if there were errors doing so.
>> 
>> As an example:
>> (1) Qemu sends a SET_MEM_TABLE to the backend (eg, a vhost-user net
>> application). SET_MEM_TABLE does not require a reply according to the spec.
>> (2) Qemu commits the memory to the guest.
>> (3) Guest issues an I/O operation over a new memory region which was 
>> configured on (1).
>> (4) The application has not yet remapped the memory, but it sees the I/O 
>> request.
>> (5) The application cannot satisfy the request because it does not know 
>> about those GPAs.
>> 
>> While a guaranteed fix would require a protocol extension (committed 
>> separately),
>> a best-effort workaround for existing applications is to send a GET_FEATURES
>> message before completing the vhost_user_set_mem_table() call.
>> Since GET_FEATURES requires a reply, an application that processes vhost-user
>> messages synchronously would probably have completed the SET_MEM_TABLE 
>> before replying.
>> 
>> Signed-off-by: Prerna Saxena 
>
>Could you pls reorder patchset so this is 1/2?
>1/1 is still under review but I'd like to make sure
>we have some kind of fix in place for 2.7.

Hi Michael,
The review comments for patch 1 were around documentation and the choice of 
name of flag.
There has been no recommendation/comment on the code itself.
I have fixed all of that and posted a new patch series. (Version v5.1)
Hope both the patches make it in time for 2.7.

Thanks, once again, for reviewing this.

Regards,
Prerna

Re: [Qemu-devel] [PATCH 6/6] arm: add support for an ast2500 evaluation board

[Cédric Le Goater]

On 07/28/2016 07:11 AM, Andrew Jeffery wrote:
> On Wed, 2016-07-27 at 18:46 +0200, Cédric Le Goater wrote:
>> Signed-off-by: Cédric Le Goater 
>> ---
>>  hw/arm/palmetto-bmc.c| 32 +++-
>>  include/hw/arm/ast2400.h |  5 +
>>  2 files changed, 36 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
>> index cd8aa59756b9..8d8bfeb571e2 100644
>> --- a/hw/arm/palmetto-bmc.c
>> +++ b/hw/arm/palmetto-bmc.c
>> @@ -37,12 +37,15 @@ typedef struct AspeedBoardConfig {
>>  } AspeedBoardConfig;
>>  
>>  enum {
>> -PALMETTO_BMC
>> +PALMETTO_BMC,
>> +AST2500_EDK
> 
> It was called 'ast2500-edk' in the out-of-tree patches, but can we
> rename it 'ast2500-evb'? This would make it consistent with patches we
> have in our Linux trees.

yes. I feel the same also.

> 
>>  };
>>  
>>  static const AspeedBoardConfig aspeed_boards[] = {
>>  [ PALMETTO_BMC ] = { 0x120CE416, AST2400_A0_SILICON_REV,
>>   AST2400_SDRAM_BASE },
>> +[ AST2500_EDK ]  = { 0x0200, AST2500_A1_SILICON_REV,
>> + AST2500_SDRAM_BASE },
> 
> Can we include the strap value from the board for completeness?
> 
> Also, the meaning of the bits have changed from the AST2400 - they
> probably should be documented somewhere?

So you want me send to an updated version of :

http://lists.nongnu.org/archive/html/qemu-arm/2016-06/msg00698.html

as a prereq ? 

Now that we have done the cleanups in U-Boot, we can pull from :

https://github.com/openbmc/u-boot/blob/v2016.07-aspeed-openbmc/arch/arm/include/asm/arch-aspeed/regs-scu.h

to get the definitions. I will add that.
 
> Finally, checkpatch complained here too regarding the whitespace, I ran
> into the issue replacing the strap value.

ok.

>>  };
>>  
>>  static void aspeed_init_flashes(AspeedSMCState *s, const char *flashtype,
>> @@ -133,9 +136,36 @@ static const TypeInfo palmetto_bmc_type = {
>>  .class_init = palmetto_bmc_class_init,
>>  };
>>  
>> +static void ast2500_edk_init(MachineState *machine)
>> +{
>> +machine->cpu_model = "arm1176";
>> +aspeed_init(machine, AST2500_EDK);
>> +}
>> +
>> +static void ast2500_edk_class_init(ObjectClass *oc, void *data)
>> +{
>> +MachineClass *mc = MACHINE_CLASS(oc);
>> +
>> +mc->desc = "Aspeed AST2500 EDK (ARM1176)";
>> +mc->init = ast2500_edk_init;
>> +mc->max_cpus = 1;
>> +mc->no_sdcard = 1;
>> +mc->no_floppy = 1;
>> +mc->no_cdrom = 1;
>> +mc->no_sdcard = 1;
> 
> mc->no_sdcard is already assigned a couple of lines up. I think this
> may be the case for palmetto config as well...

That was a blind copy paste. I will remove the extra sdcard.

Thanks,

C. 

> Cheers,
> 
> Andrew
> 
>> +mc->no_parallel = 1;
>> +}
>> +
>> +static const TypeInfo ast2500_edk_type = {
>> +.name = MACHINE_TYPE_NAME("ast2500-edk"),
>> +.parent = TYPE_MACHINE,
>> +.class_init = ast2500_edk_class_init,
>> +};
>> +
>>  static void aspeed_machine_init(void)
>>  {
>>  type_register_static(&palmetto_bmc_type);
>> +type_register_static(&ast2500_edk_type);
>>  }
>>  
>>  type_init(aspeed_machine_init)
>> diff --git a/include/hw/arm/ast2400.h b/include/hw/arm/ast2400.h
>> index e68807d475b7..2e6864f88790 100644
>> --- a/include/hw/arm/ast2400.h
>> +++ b/include/hw/arm/ast2400.h
>> @@ -41,4 +41,9 @@ typedef struct AST2400State {
>>  
>>  #define AST2400_SDRAM_BASE   0x4000
>>  
>> +/*
>> + * for Aspeed AST2500 SOC and higher
>> + */
>> +#define AST2500_SDRAM_BASE   0x8000
>> +
>>  #endif /* AST2400_H */

[Qemu-devel] [PATCH 0/3] Remove obsolete non-blocking connect

[Cao jin]

Remove it as Daniel suggest, the other two are trivial.

Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 

Cao jin (3):
  util: remove the obsolete non-blocking connect
  util: fix some coding style issue
  migration/socket: fix typo in file header

 include/qemu/sockets.h |   7 +-
 io/channel-socket.c|   2 +-
 migration/socket.c |   4 +-
 net/socket.c   |   2 +-
 util/qemu-sockets.c| 179 -
 5 files changed, 33 insertions(+), 161 deletions(-)

-- 
2.1.0

[Qemu-devel] [PATCH 2/3] util: fix some coding style issue

[Cao jin]

Fix some coding style issues found in removing NonBlockingConnectHandler.

Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 
Signed-off-by: Cao jin 
---
 util/qemu-sockets.c | 16 +++-
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index cd4ed55..b2ef066 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -389,7 +389,7 @@ static int inet_dgram_saddr(InetSocketAddress *sraddr,
 if (0 != (rc = getaddrinfo(addr, port, &ai, &peer))) {
 error_setg(errp, "address resolution failed for %s:%s: %s", addr, port,
gai_strerror(rc));
-   goto err;
+goto err;
 }
 
 /* lookup local addr */
@@ -443,12 +443,16 @@ static int inet_dgram_saddr(InetSocketAddress *sraddr,
 return sock;
 
 err:
-if (-1 != sock)
+if (-1 != sock) {
 closesocket(sock);
-if (local)
+}
+if (local) {
 freeaddrinfo(local);
-if (peer)
+}
+if (peer) {
 freeaddrinfo(peer);
+}
+
 return -1;
 }
 
@@ -690,8 +694,10 @@ int unix_listen(const char *str, char *ostr, int olen, 
Error **errp)
 
 sock = unix_listen_saddr(saddr, true, errp);
 
-if (sock != -1 && ostr)
+if (sock != -1 && ostr) {
 snprintf(ostr, olen, "%s%s", saddr->path, optstr ? optstr : "");
+}
+
 qapi_free_UnixSocketAddress(saddr);
 return sock;
 }
-- 
2.1.0

[Qemu-devel] [PATCH 1/3] util: remove the obsolete non-blocking connect

[Cao jin]

The non-blocking connect mechanism is obsolete, and it doesn't work well
in inet connection, because it will call getaddrinfo first and getaddrinfo
will blocks on DNS lookups. Since commit e65c67e4 & d984464e, the non-blocking
connect of migration goes through QIOChannel in a different manner(using a
thread), and nobody use this old non-blocking connect anymore.

Any newly written code which needs a non-blocking connect should use the
QIOChannel code, so we can just rip out NonBlockingConnectHandler as a
concept entirely.

Suggested-by: Daniel P. Berrange 
Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 
Signed-off-by: Cao jin 
---
 include/qemu/sockets.h |   7 +--
 io/channel-socket.c|   2 +-
 net/socket.c   |   2 +-
 util/qemu-sockets.c| 163 +
 4 files changed, 19 insertions(+), 155 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 9eb2470..9e7c322 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -27,10 +27,6 @@ int socket_set_fast_reuse(int fd);
 #define SHUT_RDWR 2
 #endif
 
-/* callback function for nonblocking connect
- * valid fd on success, negative error code on failure
- */
-typedef void NonBlockingConnectHandler(int fd, Error *err, void *opaque);
 
 InetSocketAddress *inet_parse(const char *str, Error **errp);
 int inet_connect(const char *str, Error **errp);
@@ -41,8 +37,7 @@ int unix_listen(const char *path, char *ostr, int olen, Error 
**errp);
 int unix_connect(const char *path, Error **errp);
 
 SocketAddress *socket_parse(const char *str, Error **errp);
-int socket_connect(SocketAddress *addr, Error **errp,
-   NonBlockingConnectHandler *callback, void *opaque);
+int socket_connect(SocketAddress *addr, Error **errp);
 int socket_listen(SocketAddress *addr, Error **errp);
 void socket_listen_cleanup(int fd, Error **errp);
 int socket_dgram(SocketAddress *remote, SocketAddress *local, Error **errp);
diff --git a/io/channel-socket.c b/io/channel-socket.c
index 196a4f1..6aa0ad2 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -147,7 +147,7 @@ int qio_channel_socket_connect_sync(QIOChannelSocket *ioc,
 int fd;
 
 trace_qio_channel_socket_connect_sync(ioc, addr);
-fd = socket_connect(addr, errp, NULL, NULL);
+fd = socket_connect(addr, errp);
 if (fd < 0) {
 trace_qio_channel_socket_connect_fail(ioc);
 return -1;
diff --git a/net/socket.c b/net/socket.c
index ae6f921..8037b3c 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -541,7 +541,7 @@ static int net_socket_connect_init(NetClientState *peer,
 qemu_set_nonblock(fd);
 connected = 0;
 for(;;) {
-ret = socket_connect(saddr, &local_error, NULL, NULL);
+ret = socket_connect(saddr, &local_error);
 if (ret < 0) {
 if (errno == EINTR || errno == EWOULDBLOCK) {
 /* continue */
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index b4314ca..cd4ed55 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -239,96 +239,18 @@ listen:
 return slisten;
 }
 
-#ifdef _WIN32
-#define QEMU_SOCKET_RC_INPROGRESS(rc) \
-((rc) == -EINPROGRESS || (rc) == -EWOULDBLOCK || (rc) == -WSAEALREADY)
-#else
-#define QEMU_SOCKET_RC_INPROGRESS(rc) \
-((rc) == -EINPROGRESS)
-#endif
-
-/* Struct to store connect state for non blocking connect */
-typedef struct ConnectState {
-int fd;
-struct addrinfo *addr_list;
-struct addrinfo *current_addr;
-NonBlockingConnectHandler *callback;
-void *opaque;
-} ConnectState;
-
-static int inet_connect_addr(struct addrinfo *addr, bool *in_progress,
- ConnectState *connect_state, Error **errp);
-
-static void wait_for_connect(void *opaque)
-{
-ConnectState *s = opaque;
-int val = 0, rc = 0;
-socklen_t valsize = sizeof(val);
-bool in_progress;
-Error *err = NULL;
-
-qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
-
-do {
-rc = qemu_getsockopt(s->fd, SOL_SOCKET, SO_ERROR, &val, &valsize);
-} while (rc == -1 && errno == EINTR);
-
-/* update rc to contain error */
-if (!rc && val) {
-rc = -1;
-errno = val;
-}
-
-/* connect error */
-if (rc < 0) {
-error_setg_errno(&err, errno, "Error connecting to socket");
-closesocket(s->fd);
-s->fd = rc;
-}
-
-/* try to connect to the next address on the list */
-if (s->current_addr) {
-while (s->current_addr->ai_next != NULL && s->fd < 0) {
-s->current_addr = s->current_addr->ai_next;
-s->fd = inet_connect_addr(s->current_addr, &in_progress, s, NULL);
-if (s->fd < 0) {
-error_free(err);
-err = NULL;
-error_setg_errno(&err, errno, "Unable to start socket 
connect");
-}
-/* connect in progress */
-if (in_progress) {
-goto out;
-}

[Qemu-devel] [PATCH 3/3] migration/socket: fix typo in file header

[Cao jin]

Code of inet socket & unix socket is merged together.
Also add some newlines, make code block well separated.

Cc: Daniel P. Berrange 
Cc: Juan Quintela  (maintainer:Migration)
Cc: Amit Shah  (maintainer:Migration)
Signed-off-by: Cao jin 
---
 migration/socket.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/migration/socket.c b/migration/socket.c
index 5c0a38f..00de1fe 100644
--- a/migration/socket.c
+++ b/migration/socket.c
@@ -1,5 +1,5 @@
 /*
- * QEMU live migration via Unix Domain Sockets
+ * QEMU live migration via socket
  *
  * Copyright Red Hat, Inc. 2009-2016
  *
@@ -94,10 +94,12 @@ static void socket_start_outgoing_migration(MigrationState 
*s,
 {
 QIOChannelSocket *sioc = qio_channel_socket_new();
 struct SocketConnectData *data = g_new0(struct SocketConnectData, 1);
+
 data->s = s;
 if (saddr->type == SOCKET_ADDRESS_KIND_INET) {
 data->hostname = g_strdup(saddr->u.inet.data->host);
 }
+
 qio_channel_socket_connect_async(sioc,
  saddr,
  socket_outgoing_migration,
-- 
2.1.0

Re: [Qemu-devel] [PATCH for 2.8 3/3] sdl: Modularize

[Fam Zheng]

On Thu, 07/28 13:17, Fam Zheng wrote:
> > Maybe I'm doing something wrong, but when I apply this third patch
> > (along with the first two) to master it doesn't seem to build when
> > modules are enabled in the configuration:
> > 
> >   LINK  x86_64-softmmu/qemu-system-x86_64
> > ../backends/baum.o: In function `chr_baum_init':
> > /home/bos/clord/Documents/qemu/backends/baum.c:616: undefined reference
> > to `SDL_GetWMInfo'
> > collect2: error: ld returned 1 exit status
> > Makefile:197: recipe for target 'qemu-system-x86_64' failed
> > make[1]: *** [qemu-system-x86_64] Error 1
> > Makefile:204: recipe for target 'subdir-x86_64-softmmu' failed
> > make: *** [subdir-x86_64-softmmu] Error 2
> 
> You are right, looks like audio and baum both want SDL library. I need to take
> another look.

We need to modularize backends/baum.c and add appropriate loading code
somewhere (probably when it is specifically selected).

In addition, audio/sdl.o should probably to be bundled together with ui/sdl.mo.

I'll leave this series for now and you can pick up patch 1 into your series if
it helps. Also feel free to pick up modularizing SDL and baum, if you want.
Otherwise, I'll revisit these when your "load on demand" work settles down.

Fam

Re: [Qemu-devel] [PATCH v2 repost 7/7] virtio-balloon: tell host vm's free page info

[Li, Liang Z]

> >  }
> >
> > +static void update_free_pages_stats(struct virtio_balloon *vb,
> 
> why _stats?

Will change.

> > +   max_pfn = get_max_pfn();
> > +   mutex_lock(&vb->balloon_lock);
> > +   while (pfn < max_pfn) {
> > +   memset(vb->page_bitmap, 0, vb->bmap_len);
> > +   ret = get_free_pages(pfn, pfn + vb->pfn_limit,
> > +   vb->page_bitmap, vb->bmap_len * BITS_PER_BYTE);
> > +   hdr->cmd = cpu_to_virtio16(vb->vdev,
> BALLOON_GET_FREE_PAGES);
> > +   hdr->page_shift = cpu_to_virtio16(vb->vdev, PAGE_SHIFT);
> > +   hdr->req_id = cpu_to_virtio64(vb->vdev, req_id);
> > +   hdr->start_pfn = cpu_to_virtio64(vb->vdev, pfn);
> > +   bmap_len = vb->pfn_limit / BITS_PER_BYTE;
> > +   if (!ret) {
> > +   hdr->flag = cpu_to_virtio16(vb->vdev,
> > +
>   BALLOON_FLAG_DONE);
> > +   if (pfn + vb->pfn_limit > max_pfn)
> > +   bmap_len = (max_pfn - pfn) /
> BITS_PER_BYTE;
> > +   } else
> > +   hdr->flag = cpu_to_virtio16(vb->vdev,
> > +
>   BALLOON_FLAG_CONT);
> > +   hdr->bmap_len = cpu_to_virtio64(vb->vdev, bmap_len);
> > +   sg_init_one(&sg_out, hdr,
> > +sizeof(struct balloon_bmap_hdr) + bmap_len);
> 
> Wait a second. This adds the same buffer multiple times in a loop.
> We will overwrite the buffer without waiting for hypervisor to process it.
> What did I miss?

I am no quite sure about this part, I though the virtqueue_kick(vq) will prevent
the buffer from overwrite, I realized it's wrong.

> > +
> > +   virtqueue_add_outbuf(vq, &sg_out, 1, vb, GFP_KERNEL);
> 
> this can fail. you want to maybe make sure vq has enough space before you
> use it or check error and wait.
> 
> > +   virtqueue_kick(vq);
> 
> why kick here within loop? wait until done. in fact kick outside lock is 
> better
> for smp.

I will change this part in v3.

> 
> > +   pfn += vb->pfn_limit;
> > +   static const char * const names[] = { "inflate", "deflate", "stats",
> > +"misc" };
> > int err, nvqs;
> >
> > /*
> >  * We expect two virtqueues: inflate and deflate, and
> >  * optionally stat.
> >  */
> > -   nvqs = virtio_has_feature(vb->vdev,
> VIRTIO_BALLOON_F_STATS_VQ) ? 3 : 2;
> > +   if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_MISC_VQ))
> > +   nvqs = 4;
> 
> Does misc vq depend on stats vq feature then? if yes please validate that.

Yes, what's you mean by 'validate' that?

> 
> 
> > +   else
> > +   nvqs = virtio_has_feature(vb->vdev,
> > + VIRTIO_BALLOON_F_STATS_VQ) ? 3 :
> 2;
> 
> Replace that ? with else too pls.

Will change.

Thanks!
Liang

Re: [Qemu-devel] [PATCH 1/6] palmetto-bmc: add a "silicon-rev" property at the soc level

[Cédric Le Goater]

On 07/28/2016 04:14 AM, Andrew Jeffery wrote:
> On Wed, 2016-07-27 at 18:46 +0200, Cédric Le Goater wrote:
>> The SCU controler holds the board revision number in its 0x7C
>> register. Let's use an alias to link a "silicon-rev" property of the
>> soc to the "silicon-rev" property of the SCU controler.
>>
>> The SDMC controler "silicon-rev" property is derived from the SCU one
>> at realize time. I did not find a better way to handle this part.
>> Links and aliases being a one-to-one relation, I could not use one of
>> them. I might wrong though.
> 
> Are we trying to over-use the silicon-rev value (it would seem so at
> least in the face of the link/alias constraints)? We know which SDMC
> revision we need for each SoC and we'll be modelling an explicit SoC
> revision, so should we instead set a separate property on the SDMC in
> the SoCs' respective initialise functions (and leave silicon-rev to the
> SCU)? 

This is the case. no ? 

SCU holds the silicon-rev value. The patch adds a property alias to the 
SCU 'silicon-rev' property at the soc level. This is convenient for the
platform to initialize the soc. This is similar to what the rpi2 does,
which goes one level in the aliasing.

Then, at initialize time, the SCU 'silicon-rev' property value is read
to initialize the SDMC controller. If we have more controllers in the 
future needing 'silicon-rev,  we could follow the same pattern. Not 
saying this is perfect. 

What I would have liked to do, is to link all the 'silicon-rev' do
the SCU one. I did not find a way.

> My thought was the silicon-rev value is reflective of the SoC
> design rather than the other way around - but maybe that's splitting
> hairs. 

ah. is your concern about which object is holding the value ? If so,
I thought that keeping it where it belongs on real HW was the better 
option, that is in SCU, and then build from there.

> It would also be trading off a bit of ugliness in this patch for
> potential bugs if the properties get out of sync.

This is the exact the purpose of the patch ! I failed to make it feel
that way :) 

Thanks,

C. 

>> Signed-off-by: Cédric Le Goater 
>> ---
>>  hw/arm/ast2400.c  | 18 +-
>>  hw/arm/palmetto-bmc.c |  2 ++
>>  2 files changed, 15 insertions(+), 5 deletions(-)
>>
>> diff --git a/hw/arm/ast2400.c b/hw/arm/ast2400.c
>> index 136bf6464e1d..fa535065f765 100644
>> --- a/hw/arm/ast2400.c
>> +++ b/hw/arm/ast2400.c
>> @@ -84,8 +84,8 @@ static void ast2400_init(Object *obj)
>>  object_initialize(&s->scu, sizeof(s->scu), TYPE_ASPEED_SCU);
>>  object_property_add_child(obj, "scu", OBJECT(&s->scu), NULL);
>>  qdev_set_parent_bus(DEVICE(&s->scu), sysbus_get_default());
>> -qdev_prop_set_uint32(DEVICE(&s->scu), "silicon-rev",
>> - AST2400_A0_SILICON_REV);
>> +object_property_add_alias(obj, "silicon-rev", OBJECT(&s->scu),
>> +  "silicon-rev", &error_abort);
>>  object_property_add_alias(obj, "hw-strap1", OBJECT(&s->scu),
>>"hw-strap1", &error_abort);
>>  object_property_add_alias(obj, "hw-strap2", OBJECT(&s->scu),
>> @@ -102,8 +102,6 @@ static void ast2400_init(Object *obj)
>>  object_initialize(&s->sdmc, sizeof(s->sdmc), TYPE_ASPEED_SDMC);
>>  object_property_add_child(obj, "sdmc", OBJECT(&s->sdmc), NULL);
>>  qdev_set_parent_bus(DEVICE(&s->sdmc), sysbus_get_default());
>> -qdev_prop_set_uint32(DEVICE(&s->sdmc), "silicon-rev",
>> - AST2400_A0_SILICON_REV);
>>  }
>>  
>>  static void ast2400_realize(DeviceState *dev, Error **errp)
>> @@ -111,6 +109,7 @@ static void ast2400_realize(DeviceState *dev, Error 
>> **errp)
>>  int i;
>>  AST2400State *s = AST2400(dev);
>>  Error *err = NULL, *local_err = NULL;
>> +uint32_t silicon_rev;
>>  
>>  /* IO space */
>>  memory_region_init_io(&s->iomem, NULL, &ast2400_io_ops, NULL,
>> @@ -192,7 +191,16 @@ static void ast2400_realize(DeviceState *dev, Error 
>> **errp)
>>  sysbus_mmio_map(SYS_BUS_DEVICE(&s->spi), 1, AST2400_SPI_FLASH_BASE);
>>  
>>  /* SDMC - SDRAM Memory Controller */
>> -object_property_set_bool(OBJECT(&s->sdmc), true, "realized", &err);
>> +silicon_rev = (uint32_t)
>> +object_property_get_int(OBJECT(&s->scu), "silicon-rev", &err);
>> +if (err) {
>> +error_propagate(errp, err);
>> +return;
>> +}
>> +
>> +object_property_set_int(OBJECT(&s->sdmc), silicon_rev, "silicon-rev", 
>> &err);
>> +object_property_set_bool(OBJECT(&s->sdmc), true, "realized", 
>> &local_err);
>> +error_propagate(&err, local_err);
>>  if (err) {
>>  error_propagate(errp, err);
>>  return;
>> diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
>> index 54e29a865d88..1ee13d578899 100644
>> --- a/hw/arm/palmetto-bmc.c
>> +++ b/hw/arm/palmetto-bmc.c
>> @@ -74,6 +74,8 @@ static void palmetto_bmc_init(MachineState *machine)
>> &er

Re: [Qemu-devel] [PATCH 6/6] arm: add support for an ast2500 evaluation board

[Andrew Jeffery]

On Thu, 2016-07-28 at 09:15 +0200, Cédric Le Goater wrote:
> > 
> > Also, the meaning of the bits have changed from the AST2400 - they
> > probably should be documented somewhere?
> 
> So you want me send to an updated version of :
> 
> http://lists.nongnu.org/archive/html/qemu-arm/2016-06/msg00698.html
> 
> as a prereq ? 

I mentioned this in passing due to the discussion on my original patch.
I think we discussed this separately and concluded the macros were
pretty verbose given they are sort-of single-use given the value
doesn't change. Maybe just comments as Peter was requesting? You have
the patch below but some of the macros will be different for the
AST2500.

I'm probably leaning towards comments over macros, but don't feel
strongly either way.

Andrew

> 
> Now that we have done the cleanups in U-Boot, we can pull from :
> 
> https://github.com/openbmc/u-boot/blob/v2016.07-aspeed-openbmc/arch/arm/include/asm/arch-aspeed/regs-scu.h
> 
> to get the definitions. I will add that.

signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH 6/6] arm: add support for an ast2500 evaluation board

[Cédric Le Goater]

On 07/28/2016 09:58 AM, Andrew Jeffery wrote:
> On Thu, 2016-07-28 at 09:15 +0200, Cédric Le Goater wrote:
>>>  
>>> Also, the meaning of the bits have changed from the AST2400 - they
>>> probably should be documented somewhere?
>>
>> So you want me send to an updated version of :
>>
>> http://lists.nongnu.org/archive/html/qemu-arm/2016-06/msg00698.html
>>
>> as a prereq ? 
> 
> I mentioned this in passing due to the discussion on my original patch.
> I think we discussed this separately and concluded the macros were
> pretty verbose given they are sort-of single-use given the value
> doesn't change. Maybe just comments as Peter was requesting? You have
> the patch below but some of the macros will be different for the
> AST2500.

yes.

> I'm probably leaning towards comments over macros, but don't feel
> strongly either way.

ok. having a correct value is a minimum and this is not the case 
in this patch. I think I will go for the comments for now as We 
have not merged anything in mainline uboot yet.

Thanks,

C.

Re: [Qemu-devel] [PATCH 1/3] util: remove the obsolete non-blocking connect

[Daniel P. Berrange]

On Thu, Jul 28, 2016 at 03:39:29PM +0800, Cao jin wrote:
> The non-blocking connect mechanism is obsolete, and it doesn't work well
> in inet connection, because it will call getaddrinfo first and getaddrinfo
> will blocks on DNS lookups. Since commit e65c67e4 & d984464e, the non-blocking
> connect of migration goes through QIOChannel in a different manner(using a
> thread), and nobody use this old non-blocking connect anymore.
> 
> Any newly written code which needs a non-blocking connect should use the
> QIOChannel code, so we can just rip out NonBlockingConnectHandler as a
> concept entirely.
> 
> Suggested-by: Daniel P. Berrange 
> Cc: Daniel P. Berrange 
> Cc: Gerd Hoffmann 
> Cc: Paolo Bonzini 
> Signed-off-by: Cao jin 

Reviewed-by: Daniel P. Berrange 


Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH 2/3] util: fix some coding style issue

[Daniel P. Berrange]

On Thu, Jul 28, 2016 at 03:39:30PM +0800, Cao jin wrote:
> Fix some coding style issues found in removing NonBlockingConnectHandler.
> 
> Cc: Daniel P. Berrange 
> Cc: Gerd Hoffmann 
> Cc: Paolo Bonzini 
> Signed-off-by: Cao jin 
> ---
>  util/qemu-sockets.c | 16 +++-
>  1 file changed, 11 insertions(+), 5 deletions(-)

Reviwed-by: Daniel P. Berrange 


> @@ -443,12 +443,16 @@ static int inet_dgram_saddr(InetSocketAddress *sraddr,
>  return sock;
>  
>  err:
> -if (-1 != sock)
> +if (-1 != sock) {

I'd probably fix the yoda-conditional here too. ie sock != -1 instead.

>  closesocket(sock);
> -if (local)
> +}
> +if (local) {
>  freeaddrinfo(local);
> -if (peer)
> +}
> +if (peer) {
>  freeaddrinfo(peer);
> +}
> +
>  return -1;
>  }

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH 3/3] migration/socket: fix typo in file header

[Daniel P. Berrange]

On Thu, Jul 28, 2016 at 03:39:31PM +0800, Cao jin wrote:
> Code of inet socket & unix socket is merged together.
> Also add some newlines, make code block well separated.
> 
> Cc: Daniel P. Berrange 
> Cc: Juan Quintela  (maintainer:Migration)
> Cc: Amit Shah  (maintainer:Migration)
> Signed-off-by: Cao jin 
> ---
>  migration/socket.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

Reviewed-by: Daniel P. Berrange 


Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

[Qemu-devel] [PATCH for-2.7 v2 0/2] Don't allow burst limits to be lower than the normal limits

[Alberto Garcia]

Hello,

Gu Nini found this problem and reported it in

https://bugzilla.redhat.com/show_bug.cgi?id=1355665

When setting the throttling configuration, the burst limits can be
lower than the normal limits. This does not making any sense and
behaves oddly, so let's forbid it.

Berto

v2:
- Simplify error message [Eric]

Alberto Garcia (2):
  throttle: Don't allow burst limits to be lower than the normal limits
  throttle: Test burst limits lower than the normal limits

 tests/test-throttle.c | 8 
 util/throttle.c   | 5 +
 2 files changed, 13 insertions(+)

-- 
2.8.1

[Qemu-devel] [PATCH for-2.7 v2 1/2] throttle: Don't allow burst limits to be lower than the normal limits

[Alberto Garcia]

Setting FOO_max to a value that is lower than FOO does not make
sense, and it produces odd results depending on the value of
FOO_max_length. Although the user should not set that configuration
in the first place it's better to reject it explicitly.

https://bugzilla.redhat.com/show_bug.cgi?id=1355665

Signed-off-by: Alberto Garcia 
Reported-by: Gu Nini 
---
 util/throttle.c | 5 +
 1 file changed, 5 insertions(+)

diff --git a/util/throttle.c b/util/throttle.c
index 654f95c..3817d9b 100644
--- a/util/throttle.c
+++ b/util/throttle.c
@@ -348,6 +348,11 @@ bool throttle_is_valid(ThrottleConfig *cfg, Error **errp)
" bps/iops values");
 return false;
 }
+
+if (cfg->buckets[i].max && cfg->buckets[i].max < cfg->buckets[i].avg) {
+error_setg(errp, "bps_max/iops_max cannot be lower than bps/iops");
+return false;
+}
 }
 
 return true;
-- 
2.8.1

[Qemu-devel] [PATCH for-2.7 v2 2/2] throttle: Test burst limits lower than the normal limits

[Alberto Garcia]

This checks that making FOO_max lower than FOO is not allowed.

We could also forbid having FOO_max == FOO, but that doesn't have
any odd side effects and it would require us to update several other
tests, so let's keep it simple.

Signed-off-by: Alberto Garcia 
---
 tests/test-throttle.c | 8 
 1 file changed, 8 insertions(+)

diff --git a/tests/test-throttle.c b/tests/test-throttle.c
index afe094b..363b59a 100644
--- a/tests/test-throttle.c
+++ b/tests/test-throttle.c
@@ -394,6 +394,14 @@ static void test_max_is_missing_limit(void)
 cfg.buckets[i].max = 0;
 cfg.buckets[i].avg = 100;
 g_assert(throttle_is_valid(&cfg, NULL));
+
+cfg.buckets[i].max = 30;
+cfg.buckets[i].avg = 100;
+g_assert(!throttle_is_valid(&cfg, NULL));
+
+cfg.buckets[i].max = 100;
+cfg.buckets[i].avg = 100;
+g_assert(throttle_is_valid(&cfg, NULL));
 }
 }
 
-- 
2.8.1

Re: [Qemu-devel] [PATCH] ppc: Add MacOS VGA driver ROM

[Stefan Hajnoczi]

On Thu, Jul 28, 2016 at 09:04:25AM +0200, Alexander Graf wrote:
> On 07/28/2016 07:51 AM, David Gibson wrote:
> > On Wed, Jul 27, 2016 at 06:27:33PM +1000, Benjamin Herrenschmidt wrote:
> > > The project is at https://github.com/ozbenh/QemuMacDrivers
> > > 
> > > This adds a native MacOS driver in ROM (which can be picked up
> > > by MacOS once OpenBIOS has been updated if Mark accepts
> > > the patches I sent him) which allows MacOS classic
> > > (tested 9.2.1) and MacOS X (tested 10.1.4 and 10.4)
> > > to properly use QEMU std VGA (10.1.x doesn't work at all
> > > without it, the others get the ability to change resolution
> > > and color depth).
> > > 
> > > Building the ROM is tricky and requires CodeWarrior for MacOS
> > > so I include a pre-built binary.
> > So, I believe qemu convention is to include the ROM source via a
> > submodule - even though it won't typically be built from there and the
> > prebuilt blob will be used instead.
> > 
> > Not sure who the right person to talk to about that would be.
> 
> I think Stefan handles the logistics there now. CC'ed him.
> 
> 
> The reason for the submodule is so that on tar releases, the source gets
> included automatically. That way we can ensure that we always include all
> GPL sources that we deliver binaries for.

Jeff Cody now admins the qemu-project.org server, including the git
repos.

Jeff, please create a mirror git repo for
https://github.com/ozbenh/QemuMacDrivers at
git://git.qemu-project.org/QemuMacDrivers.git with nightly mirroring.

Once Jeff has set up the mirror repo, please send a new revision of this
patch that makes roms/QemuMacDrivers a git-submodule(1) pointing to
git://git.qemu-project.org/QemuMacDrivers.git.

Please double-check that the binary ROM included in the patch
corresponds to the QemuMacDrivers commit referenced by the
git-submodule(1) before sending the patch.

Thanks,
Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] virtio: check vring descriptor buffer length

[Stefan Hajnoczi]

On Wed, Jul 27, 2016 at 09:07:56PM +0530, P J P wrote:
> From: Prasad J Pandit 
> 
> virtio back end uses set of buffers to facilitate I/O operations.
> An infinite loop unfolds in virtqueue_pop() if a buffer was
> of zero size. Add check to avoid it.
> 
> Reported-by: Li Qiang 
> Signed-off-by: Prasad J Pandit 
> ---
>  hw/virtio/virtio.c | 5 +
>  1 file changed, 5 insertions(+)

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 2/3] util: fix some coding style issue

[Cao jin]

On 07/28/2016 04:08 PM, Daniel P. Berrange wrote:

On Thu, Jul 28, 2016 at 03:39:30PM +0800, Cao jin wrote:

Fix some coding style issues found in removing NonBlockingConnectHandler.

Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 
Signed-off-by: Cao jin 
---
  util/qemu-sockets.c | 16 +++-
  1 file changed, 11 insertions(+), 5 deletions(-)


Reviwed-by: Daniel P. Berrange 



@@ -443,12 +443,16 @@ static int inet_dgram_saddr(InetSocketAddress *sraddr,
  return sock;

  err:
-if (-1 != sock)
+if (-1 != sock) {


I'd probably fix the yoda-conditional here too. ie sock != -1 instead.


Just find this file mixes yoda-condition and non-yoda-condition.
ok, I can do it, v2 on the way.

--
Yours Sincerely,

Cao jin

Re: [Qemu-devel] [PATCH] block/iscsi: Adding iser support in Libiscsi-QEMU

[Peter Lieven]

Am 27.07.2016 um 12:02 schrieb Roy Shterman:

iSER is a new transport layer supported in Libiscsi,
iSER provides a zero-copy RDMA capable interface that can
improve performance.

New API is introduced in abstracion of the Libiscsi transport layer.
In order to use the new iSER transport, one need to add the ?iser option
at the end of Libiscsi URI.

For now iSER memory buffers are pre-allocated and pre-registered,
hence in order to work with iSER from QEMU, one need to enable MEMLOCK
attribute in the VM to be large enough for all iSER buffers and RDMA
resources.

A new functionallity is also introduced in this commit, a new API
to deploy zero-copy command submission. iSER is differing from TCP in
data-path, hence IO vectors must be transferred already when queueing
the PDU.

Signed-off-by: Roy Shterman 
---
  block/iscsi.c |   45 +
  1 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/block/iscsi.c b/block/iscsi.c
index 7e78ade..6b95636 100644
--- a/block/iscsi.c
+++ b/block/iscsi.c
@@ -41,6 +41,7 @@
  #include "qapi/qmp/qstring.h"
  #include "crypto/secret.h"
  
+#include "qemu/uri.h"

  #include 
  #include 
  
@@ -484,6 +485,18 @@ iscsi_co_writev_flags(BlockDriverState *bs, int64_t sector_num, int nb_sectors,

  iscsi_co_init_iscsitask(iscsilun, &iTask);
  retry:
  if (iscsilun->use_16_for_rw) {
+#if LIBISCSI_API_VERSION >= (20160603)
+iTask.task = iscsi_write16_iov_task(iscsilun->iscsi, iscsilun->lun, 
lba,
+NULL, num_sectors * 
iscsilun->block_size,
+iscsilun->block_size, 0, 0, fua, 
0, 0,
+iscsi_co_generic_cb, &iTask, (struct 
scsi_iovec *)iov->iov, iov->niov);
+} else {
+iTask.task = iscsi_write10_iov_task(iscsilun->iscsi, iscsilun->lun, 
lba,
+NULL, num_sectors * 
iscsilun->block_size,
+iscsilun->block_size, 0, 0, fua, 
0, 0,
+iscsi_co_generic_cb, &iTask, (struct 
scsi_iovec *)iov->iov, iov->niov);
+}
+#else
  iTask.task = iscsi_write16_task(iscsilun->iscsi, iscsilun->lun, lba,
  NULL, num_sectors * 
iscsilun->block_size,
  iscsilun->block_size, 0, 0, fua, 0, 0,
@@ -494,11 +507,14 @@ retry:
  iscsilun->block_size, 0, 0, fua, 0, 0,
  iscsi_co_generic_cb, &iTask);
  }
+#endif
  if (iTask.task == NULL) {
  return -ENOMEM;
  }
+#if LIBISCSI_API_VERSION < (20160603)
  scsi_task_set_iov_out(iTask.task, (struct scsi_iovec *) iov->iov,
iov->niov);
+#endif
  while (!iTask.complete) {
  iscsi_set_events(iscsilun);
  qemu_coroutine_yield();
@@ -677,6 +693,19 @@ static int coroutine_fn iscsi_co_readv(BlockDriverState 
*bs,
  iscsi_co_init_iscsitask(iscsilun, &iTask);
  retry:
  if (iscsilun->use_16_for_rw) {
+#if LIBISCSI_API_VERSION >= (20160603)
+iTask.task = iscsi_read16_iov_task(iscsilun->iscsi, iscsilun->lun, lba,
+   num_sectors * iscsilun->block_size,
+   iscsilun->block_size, 0, 0, 0, 0, 0,
+   iscsi_co_generic_cb, &iTask, (struct 
scsi_iovec *)iov->iov, iov->niov);
+} else {
+iTask.task = iscsi_read10_iov_task(iscsilun->iscsi, iscsilun->lun, lba,
+   num_sectors * iscsilun->block_size,
+   iscsilun->block_size,
+   0, 0, 0, 0, 0,
+   iscsi_co_generic_cb, &iTask, (struct 
scsi_iovec *)iov->iov, iov->niov);
+}
+#else
  iTask.task = iscsi_read16_task(iscsilun->iscsi, iscsilun->lun, lba,
 num_sectors * iscsilun->block_size,
 iscsilun->block_size, 0, 0, 0, 0, 0,
@@ -688,11 +717,13 @@ retry:
 0, 0, 0, 0, 0,
 iscsi_co_generic_cb, &iTask);
  }
+#endif
  if (iTask.task == NULL) {
  return -ENOMEM;
  }
+#if LIBISCSI_API_VERSION < (20160603)
  scsi_task_set_iov_in(iTask.task, (struct scsi_iovec *) iov->iov, 
iov->niov);
-
+#endif
  while (!iTask.complete) {
  iscsi_set_events(iscsilun);
  qemu_coroutine_yield();
@@ -1477,9 +1508,9 @@ static int iscsi_open(BlockDriverState *bs, QDict 
*options, int flags,
  
  filename = qemu_opt_get(opts, "filename");
  
-iscsi_url = iscsi_parse_full_url(iscsi, filename);

+iscsi_url = iscsi_parse_full_url(iscsi, uri_string_unescape(filename, -1, 
NULL));
  if (iscsi_ur

[Qemu-devel] [PATCH v2 3/3] migration/socket: fix typo in file header

[Cao jin]

Code of inet socket & unix socket is merged together.
Also add some newlines, make code block well separated.

Cc: Daniel P. Berrange 
Cc: Juan Quintela 
Cc: Amit Shah 

Reviewed-by: Daniel P. Berrange 
Signed-off-by: Cao jin 
---
 migration/socket.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/migration/socket.c b/migration/socket.c
index 5c0a38f..00de1fe 100644
--- a/migration/socket.c
+++ b/migration/socket.c
@@ -1,5 +1,5 @@
 /*
- * QEMU live migration via Unix Domain Sockets
+ * QEMU live migration via socket
  *
  * Copyright Red Hat, Inc. 2009-2016
  *
@@ -94,10 +94,12 @@ static void socket_start_outgoing_migration(MigrationState 
*s,
 {
 QIOChannelSocket *sioc = qio_channel_socket_new();
 struct SocketConnectData *data = g_new0(struct SocketConnectData, 1);
+
 data->s = s;
 if (saddr->type == SOCKET_ADDRESS_KIND_INET) {
 data->hostname = g_strdup(saddr->u.inet.data->host);
 }
+
 qio_channel_socket_connect_async(sioc,
  saddr,
  socket_outgoing_migration,
-- 
2.1.0

[Qemu-devel] [PATCH v2 2/3] util: fix some coding style issue

[Cao jin]

Fix some coding style issues found in removing NonBlockingConnectHandler.

Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 

Reviwed-by: Daniel P. Berrange 
Signed-off-by: Cao jin 
---
 util/qemu-sockets.c | 16 +++-
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index cd4ed55..5e08723 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -389,7 +389,7 @@ static int inet_dgram_saddr(InetSocketAddress *sraddr,
 if (0 != (rc = getaddrinfo(addr, port, &ai, &peer))) {
 error_setg(errp, "address resolution failed for %s:%s: %s", addr, port,
gai_strerror(rc));
-   goto err;
+goto err;
 }
 
 /* lookup local addr */
@@ -443,12 +443,16 @@ static int inet_dgram_saddr(InetSocketAddress *sraddr,
 return sock;
 
 err:
-if (-1 != sock)
+if (sock != -1) {
 closesocket(sock);
-if (local)
+}
+if (local) {
 freeaddrinfo(local);
-if (peer)
+}
+if (peer) {
 freeaddrinfo(peer);
+}
+
 return -1;
 }
 
@@ -690,8 +694,10 @@ int unix_listen(const char *str, char *ostr, int olen, 
Error **errp)
 
 sock = unix_listen_saddr(saddr, true, errp);
 
-if (sock != -1 && ostr)
+if (sock != -1 && ostr) {
 snprintf(ostr, olen, "%s%s", saddr->path, optstr ? optstr : "");
+}
+
 qapi_free_UnixSocketAddress(saddr);
 return sock;
 }
-- 
2.1.0

[Qemu-devel] [PATCH v2 0/3] Remove the obsolete non-blocking connect

[Cao jin]

v2 changelog:
1. revert the yoda-condition in patch 2 (Daniel)

Cao jin (3):
  util: remove the obsolete non-blocking connect
  util: fix some coding style issue
  migration/socket: fix typo in file header

 include/qemu/sockets.h |   7 +-
 io/channel-socket.c|   2 +-
 migration/socket.c |   4 +-
 net/socket.c   |   2 +-
 util/qemu-sockets.c| 179 -
 5 files changed, 33 insertions(+), 161 deletions(-)

-- 
2.1.0

[Qemu-devel] [PATCH v2 1/3] util: remove the obsolete non-blocking connect

[Cao jin]

The non-blocking connect mechanism is obsolete, and it doesn't work well
in inet connection, because it will call getaddrinfo first and getaddrinfo
will blocks on DNS lookups. Since commit e65c67e4 & d984464e, the non-blocking
connect of migration goes through QIOChannel in a different manner(using a
thread), and nobody use this old non-blocking connect anymore.

Any newly written code which needs a non-blocking connect should use the
QIOChannel code, so we can just rip out NonBlockingConnectHandler as a
concept entirely.

Suggested-by: Daniel P. Berrange 
Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 

Reviewed-by: Daniel P. Berrange 
Signed-off-by: Cao jin 
---
 include/qemu/sockets.h |   7 +--
 io/channel-socket.c|   2 +-
 net/socket.c   |   2 +-
 util/qemu-sockets.c| 163 +
 4 files changed, 19 insertions(+), 155 deletions(-)

diff --git a/include/qemu/sockets.h b/include/qemu/sockets.h
index 9eb2470..9e7c322 100644
--- a/include/qemu/sockets.h
+++ b/include/qemu/sockets.h
@@ -27,10 +27,6 @@ int socket_set_fast_reuse(int fd);
 #define SHUT_RDWR 2
 #endif
 
-/* callback function for nonblocking connect
- * valid fd on success, negative error code on failure
- */
-typedef void NonBlockingConnectHandler(int fd, Error *err, void *opaque);
 
 InetSocketAddress *inet_parse(const char *str, Error **errp);
 int inet_connect(const char *str, Error **errp);
@@ -41,8 +37,7 @@ int unix_listen(const char *path, char *ostr, int olen, Error 
**errp);
 int unix_connect(const char *path, Error **errp);
 
 SocketAddress *socket_parse(const char *str, Error **errp);
-int socket_connect(SocketAddress *addr, Error **errp,
-   NonBlockingConnectHandler *callback, void *opaque);
+int socket_connect(SocketAddress *addr, Error **errp);
 int socket_listen(SocketAddress *addr, Error **errp);
 void socket_listen_cleanup(int fd, Error **errp);
 int socket_dgram(SocketAddress *remote, SocketAddress *local, Error **errp);
diff --git a/io/channel-socket.c b/io/channel-socket.c
index 196a4f1..6aa0ad2 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -147,7 +147,7 @@ int qio_channel_socket_connect_sync(QIOChannelSocket *ioc,
 int fd;
 
 trace_qio_channel_socket_connect_sync(ioc, addr);
-fd = socket_connect(addr, errp, NULL, NULL);
+fd = socket_connect(addr, errp);
 if (fd < 0) {
 trace_qio_channel_socket_connect_fail(ioc);
 return -1;
diff --git a/net/socket.c b/net/socket.c
index ae6f921..8037b3c 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -541,7 +541,7 @@ static int net_socket_connect_init(NetClientState *peer,
 qemu_set_nonblock(fd);
 connected = 0;
 for(;;) {
-ret = socket_connect(saddr, &local_error, NULL, NULL);
+ret = socket_connect(saddr, &local_error);
 if (ret < 0) {
 if (errno == EINTR || errno == EWOULDBLOCK) {
 /* continue */
diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index b4314ca..cd4ed55 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -239,96 +239,18 @@ listen:
 return slisten;
 }
 
-#ifdef _WIN32
-#define QEMU_SOCKET_RC_INPROGRESS(rc) \
-((rc) == -EINPROGRESS || (rc) == -EWOULDBLOCK || (rc) == -WSAEALREADY)
-#else
-#define QEMU_SOCKET_RC_INPROGRESS(rc) \
-((rc) == -EINPROGRESS)
-#endif
-
-/* Struct to store connect state for non blocking connect */
-typedef struct ConnectState {
-int fd;
-struct addrinfo *addr_list;
-struct addrinfo *current_addr;
-NonBlockingConnectHandler *callback;
-void *opaque;
-} ConnectState;
-
-static int inet_connect_addr(struct addrinfo *addr, bool *in_progress,
- ConnectState *connect_state, Error **errp);
-
-static void wait_for_connect(void *opaque)
-{
-ConnectState *s = opaque;
-int val = 0, rc = 0;
-socklen_t valsize = sizeof(val);
-bool in_progress;
-Error *err = NULL;
-
-qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
-
-do {
-rc = qemu_getsockopt(s->fd, SOL_SOCKET, SO_ERROR, &val, &valsize);
-} while (rc == -1 && errno == EINTR);
-
-/* update rc to contain error */
-if (!rc && val) {
-rc = -1;
-errno = val;
-}
-
-/* connect error */
-if (rc < 0) {
-error_setg_errno(&err, errno, "Error connecting to socket");
-closesocket(s->fd);
-s->fd = rc;
-}
-
-/* try to connect to the next address on the list */
-if (s->current_addr) {
-while (s->current_addr->ai_next != NULL && s->fd < 0) {
-s->current_addr = s->current_addr->ai_next;
-s->fd = inet_connect_addr(s->current_addr, &in_progress, s, NULL);
-if (s->fd < 0) {
-error_free(err);
-err = NULL;
-error_setg_errno(&err, errno, "Unable to start socket 
connect");
-}
-/* connect in progress */
-if (in_progress) {
-   

Re: [Qemu-devel] [PATCH v2 0/3] Remove the obsolete non-blocking connect

[Cao jin]

forget to cc maintainers in cover-letter..

On 07/28/2016 04:54 PM, Cao jin wrote:

v2 changelog:
1. revert the yoda-condition in patch 2 (Daniel)

Cao jin (3):
   util: remove the obsolete non-blocking connect
   util: fix some coding style issue
   migration/socket: fix typo in file header

  include/qemu/sockets.h |   7 +-
  io/channel-socket.c|   2 +-
  migration/socket.c |   4 +-
  net/socket.c   |   2 +-
  util/qemu-sockets.c| 179 -
  5 files changed, 33 insertions(+), 161 deletions(-)



--
Yours Sincerely,

Cao jin

[Qemu-devel] [Bug 1606899] Re: virtio-vga does not let guest poweroff properly

[Frediano Ziglio]

Removed the parameters, now the command line is

/usr/bin/qemu-system-x86_64 -machine accel=kvm -name rawhide -machine
pc-i440fx-2.3,accel=kvm,usb=off -cpu Haswell-noTSX -m 2048 -realtime
mlock=off -smp 2,sockets=2,cores=1,threads=1 -uuid
64216421-aec4-4ce4-aa52-aed9e4e31a1c -no-user-config -nodefaults
-chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/rawhide.monitor,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc
base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet
-no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1
-boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7
-device ich9-usb-
uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6
-device ich9-usb-
uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1 -device ich9
-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2 -device
virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive
file=/home/rawhide.qcow2,if=none,id=drive-virtio-disk0,format=qcow2
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-
disk0,id=virtio-disk0,bootindex=1 -drive if=none,id=drive-
ide0-0-0,readonly=on -device ide-cd,bus=ide.0,unit=0,drive=drive-
ide0-0-0,id=ide0-0-0 -netdev user,id=hostnet0 -device virtio-net-
pci,netdev=hostnet0,id=net0,mac=52:54:00:fc:11:43,bus=pci.0,addr=0x3
-chardev pty,id=charserial0 -device isa-
serial,chardev=charserial0,id=serial0 -chardev
socket,id=charchannel0,path=/var/lib/libvirt/qemu/channel/target/rawhide.org.qemu.guest_agent.0,server,nowait
-device virtserialport,bus=virtio-
serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0
-chardev spicevmc,id=charchannel1,name=vdagent -device
virtserialport,bus=virtio-
serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0
-device usb-tablet,id=input0 -spice ipv4,addr=0.0.0.0,port=5900,disable-
ticketing,image-compression=lz,seamless-migration=on,streaming-
video=filter -device virtio-vga,bus=pci.0,addr=0x2 -chardev
spicevmc,id=charredir0,name=usbredir -device usb-
redir,chardev=charredir0,id=redir0 -chardev
spicevmc,id=charredir1,name=usbredir -device usb-
redir,chardev=charredir1,id=redir1 -device virtio-balloon-
pci,id=balloon0,bus=pci.0,addr=0x8 -msg timestamp=on


Shutdown stops again.

(gdb) thread apply all bt full

Thread 5 (Thread 0x7fab8f1ff700 (LWP 3152)):
#0  0x7fac23b7d32d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x7fac27913a46 in g_main_context_iterate (priority=, 
n_fds=2, fds=0x5643798d6f00, timeout=, context=0x5643785d7760) 
at gmain.c:4135
poll_func = 0x7fac27922330 
max_priority = 2147483647
timeout = 2147483647
some_ready = 
nfds = 2
allocated_nfds = 4
fds = 0x5643798d6f00
#2  0x7fac27913a46 in g_main_context_iterate (context=0x5643785d7760, 
block=block@entry=1, dispatch=dispatch@entry=1, self=) at 
gmain.c:3835
max_priority = 2147483647
timeout = 2147483647
some_ready = 
nfds = 2
allocated_nfds = 4
fds = 0x5643798d6f00
#3  0x7fac27913dd2 in g_main_loop_run (loop=0x564378645560) at gmain.c:4034
__func__ = "g_main_loop_run"
#4  0x7fac25820e70 in red_worker_main (arg=) at 
red-worker.c:1570
worker = 
__FUNCTION__ = "red_worker_main"
loop = 0x564378645560
#5  0x7fac23e4f5ca in start_thread (arg=0x7fab8f1ff700) at 
pthread_create.c:333
__res = 
pd = 0x7fab8f1ff700
now = 
unwind_buf = 
  {cancel_jmp_buf = {{jmp_buf = {140374817371904, 
1634185351380305518, 140727220814255, 4096, 140374817371904, 140374817372608, 
-1586721908543748498, -1588208112698816914}, mask_was_saved = 0}}, priv = {pad 
= {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = 
pagesize_m1 = 
sp = 
freesize = 
#6  0x7fac23b88ead in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 4 (Thread 0x7fac10d2c700 (LWP 3150)):
#0  0x7fac23e54bd0 in pthread_cond_wait@@GLIBC_2.3.2 () at 
../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x564376e71d09 in qemu_cond_wait (cond=, 
mutex=)
at /usr/src/debug/qemu-2.6.0/util/qemu-thread-posix.c:123
err = 
__func__ = "qemu_cond_wait"
#2  0x564376b762df in qemu_kvm_cpu_thread_fn (arg=) at 
/usr/src/debug/qemu-2.6.0/cpus.c:1030
cpu = 
r = 
#3  0x7fac23e4f5ca in start_thread (arg=0x7fac10d2c700) at 
pthread_create.c:333
__res = 
pd = 0x7fac10d2c700
now = 
unwind_buf = 
  {cancel_jmp_buf = {{jmp_buf = {140376993351424, 
1634185351380305518, 140727220813631, 4096, 140376993351424, 140376993352128, 
-1588104572869835154, -1588208112698816914}, mask_was_saved = 0}}, priv = {pad 
= {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = 
pagesize_m1 = 
  

[Qemu-devel] [PATCH] target-mips: fix EntryHi.EHINV being cleared on TLB exception

[Leon Alrae]

While implementing TLB invalidation feature we forgot to modify
part of code responsible for updating EntryHi during TLB exception.
Consequently EntryHi.EHINV is unexpectedly cleared on the exception.

Signed-off-by: Leon Alrae 
---
 target-mips/helper.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/target-mips/helper.c b/target-mips/helper.c
index 9fbca26..c864b15 100644
--- a/target-mips/helper.c
+++ b/target-mips/helper.c
@@ -396,6 +396,7 @@ static void raise_mmu_exception(CPUMIPSState *env, 
target_ulong address,
 env->CP0_Context = (env->CP0_Context & ~0x007f) |
((address >> 9) & 0x0070);
 env->CP0_EntryHi = (env->CP0_EntryHi & env->CP0_EntryHi_ASID_mask) |
+   (env->CP0_EntryHi & (1 << CP0EnHi_EHINV)) |
(address & (TARGET_PAGE_MASK << 1));
 #if defined(TARGET_MIPS64)
 env->CP0_EntryHi &= env->SEGMask;
-- 
1.7.1

Re: [Qemu-devel] [PATCH v3] qemu-img: add skip option to dd

[Fam Zheng]

On Wed, 07/27 16:51, Reda Sallahi wrote:
> +for skip in $TEST_SKIP_BLOCKS; do
> +echo
> +echo "== Creating image =="
> +
> +size=1M
> +_make_test_img $size
> +_check_test_img
> +$QEMU_IO -c "write -P 0xa 0 $size" "$TEST_IMG" | _filter_qemu_io

I think the data pattern could to be made less plain (i.e. add some variantion
based on the offset), to catch any misplacement bug in qemu-img dd (for example
off by one errors).

Fam

> +
> +echo
> +echo "== Converting the image with dd with skip=$skip =="
> +
> +$QEMU_IMG dd if="$TEST_IMG" of="$TEST_IMG.out" skip="$skip" -O "$IMGFMT" 
> \
> +2> /dev/null
> +$QEMU_IMG check "$TEST_IMG.out" -f "$IMGFMT" 2>&1  | _filter_testdir | \
> +_filter_qemu_img_check
> +dd if="$TEST_IMG" of="$TEST_IMG.out.dd" skip="$skip" status=none
> +echo
> +echo "== Compare the images with qemu-img compare =="
> +
> +$QEMU_IMG compare "$TEST_IMG.out.dd" "$TEST_IMG.out"
> +done

Re: [Qemu-devel] [PULL 0/9] x86 and machine queue, 2016-07-27

[Peter Maydell]

On 27 July 2016 at 15:29, Eduardo Habkost  wrote:
> The following changes since commit f49ee630d73729ecaeecf4b38a8df11bc613914d:
>
>   Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-2.7-20160726' 
> into staging (2016-07-26 11:53:47 +0100)
>
> are available in the git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/x86-pull-request
>
> for you to fetch changes up to 03f28efbbb0ee521611e0eb28b45096b3598fb34:
>
>   vl: exit if a bad property value is passed to -global (2016-07-27 11:25:06 
> -0300)
>
> 
> x86 and machine queue, 2016-07-27
>
> Highlights:
> * Fixes to allow CPU hotplug/unplug in any order;
> * Exit QEMU on invalid global properties.
>
> 

Applied, thanks.

-- PMM

Re: [Qemu-devel] [Qemu-block] [PATCH v3] qemu-img: add skip option to dd

[Stefan Hajnoczi]

On Wed, Jul 27, 2016 at 3:51 PM, Reda Sallahi  wrote:
> -qemu_opt_set_number(opts, BLOCK_OPT_SIZE, size, &error_abort);
> +if (dd.flags & C_SKIP && size < in.bsz * in.offset) {
> +error_report("%s: cannot skip to specified offset", in.filename);
> +qemu_opt_set_number(opts, BLOCK_OPT_SIZE, 0, &error_abort);

This looks odd.  What is supposed to happen in this case?  Do you have
a test case for it?

[Qemu-devel] [PATCH V3] qemu-char: Add qemu_chr_add_handlers_full() for GMaincontext

[Zhang Chen]

Add qemu_chr_add_handlers_full() API, we can use
this API pass in a GMainContext,make handler run
in the context rather than main_loop.
This comments from Daniel P . Berrange.

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 include/sysemu/char.h |  11 -
 qemu-char.c   | 117 +++---
 2 files changed, 83 insertions(+), 45 deletions(-)

diff --git a/include/sysemu/char.h b/include/sysemu/char.h
index 307fd8f..86888bc 100644
--- a/include/sysemu/char.h
+++ b/include/sysemu/char.h
@@ -65,7 +65,8 @@ struct CharDriverState {
 int (*chr_sync_read)(struct CharDriverState *s,
  const uint8_t *buf, int len);
 GSource *(*chr_add_watch)(struct CharDriverState *s, GIOCondition cond);
-void (*chr_update_read_handler)(struct CharDriverState *s);
+void (*chr_update_read_handler_full)(struct CharDriverState *s,
+ GMainContext *context);
 int (*chr_ioctl)(struct CharDriverState *s, int cmd, void *arg);
 int (*get_msgfds)(struct CharDriverState *s, int* fds, int num);
 int (*set_msgfds)(struct CharDriverState *s, int *fds, int num);
@@ -388,6 +389,14 @@ void qemu_chr_add_handlers(CharDriverState *s,
IOEventHandler *fd_event,
void *opaque);
 
+/* This API can make handler run in the context what you pass to. */
+void qemu_chr_add_handlers_full(CharDriverState *s,
+IOCanReadHandler *fd_can_read,
+IOReadHandler *fd_read,
+IOEventHandler *fd_event,
+void *opaque,
+GMainContext *context);
+
 void qemu_chr_be_generic_open(CharDriverState *s);
 void qemu_chr_accept_input(CharDriverState *s);
 int qemu_chr_add_client(CharDriverState *s, int fd);
diff --git a/qemu-char.c b/qemu-char.c
index b597ee1..c544427 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -448,11 +448,12 @@ void qemu_chr_fe_printf(CharDriverState *s, const char 
*fmt, ...)
 
 static void remove_fd_in_watch(CharDriverState *chr);
 
-void qemu_chr_add_handlers(CharDriverState *s,
-   IOCanReadHandler *fd_can_read,
-   IOReadHandler *fd_read,
-   IOEventHandler *fd_event,
-   void *opaque)
+void qemu_chr_add_handlers_full(CharDriverState *s,
+IOCanReadHandler *fd_can_read,
+IOReadHandler *fd_read,
+IOEventHandler *fd_event,
+void *opaque,
+GMainContext *context)
 {
 int fe_open;
 
@@ -466,8 +467,9 @@ void qemu_chr_add_handlers(CharDriverState *s,
 s->chr_read = fd_read;
 s->chr_event = fd_event;
 s->handler_opaque = opaque;
-if (fe_open && s->chr_update_read_handler)
-s->chr_update_read_handler(s);
+if (fe_open && s->chr_update_read_handler_full) {
+s->chr_update_read_handler_full(s, context);
+}
 
 if (!s->explicit_fe_open) {
 qemu_chr_fe_set_open(s, fe_open);
@@ -480,6 +482,16 @@ void qemu_chr_add_handlers(CharDriverState *s,
 }
 }
 
+void qemu_chr_add_handlers(CharDriverState *s,
+   IOCanReadHandler *fd_can_read,
+   IOReadHandler *fd_read,
+   IOEventHandler *fd_event,
+   void *opaque)
+{
+qemu_chr_add_handlers_full(s, fd_can_read, fd_read,
+   fd_event, opaque, NULL);
+}
+
 static int null_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
 {
 return len;
@@ -717,7 +729,8 @@ static void mux_chr_event(void *opaque, int event)
 mux_chr_send_event(d, i, event);
 }
 
-static void mux_chr_update_read_handler(CharDriverState *chr)
+static void mux_chr_update_read_handler_full(CharDriverState *chr,
+ GMainContext *context)
 {
 MuxDriver *d = chr->opaque;
 
@@ -731,8 +744,10 @@ static void mux_chr_update_read_handler(CharDriverState 
*chr)
 d->chr_event[d->mux_cnt] = chr->chr_event;
 /* Fix up the real driver with mux routines */
 if (d->mux_cnt == 0) {
-qemu_chr_add_handlers(d->drv, mux_chr_can_read, mux_chr_read,
-  mux_chr_event, chr);
+qemu_chr_add_handlers_full(d->drv, mux_chr_can_read,
+   mux_chr_read,
+   mux_chr_event,
+   chr, context);
 }
 if (d->focus != -1) {
 mux_chr_send_event(d, d->focus, CHR_EVENT_MUX_OUT);
@@ -813,7 +828,7 @@ static CharDriverState *qemu_chr_open_mux(const char *id,
 d->drv = drv;
 d->focus = -1;
 chr->chr_write = mux_chr_write;
-chr->chr_update_read_handler =

Re: [Qemu-devel] [Qemu-block] [PATCH v6] qemu-img: add the 'dd' subcommand

[Stefan Hajnoczi]

On Mon, Jul 25, 2016 at 6:58 AM, Reda Sallahi  wrote:
> This patch adds a basic dd subcommand analogous to dd(1) to qemu-img.
>
> For the start, this implements the bs, if, of and count options and requires
> both if and of to be specified (no stdin/stdout if not specified) and doesn't
> support tty, pipes, etc.
>
> The image format must be specified with -O for the output if the raw format
> is not the intended one.
>
> Two tests are added to test qemu-img dd.
>
> Signed-off-by: Reda Sallahi 
> ---
> Changes from v5:
> * Add dd sections on qemu-img.texi.
> Changes from v4:
> * Fix the exit status.
> Changes from v3:
> * Delete an unused (so far) field in DdIo.
> Changes from v2:
> * Add copyright headers to new files.
> Changes from v1:
> * Removal of dead code.
> * Fix a memory leak.
> * Complete the cleanup function in the test cases.
>
>  qemu-img-cmds.hx |   6 +
>  qemu-img.c   | 363 
> ++-
>  qemu-img.texi|  25 +++
>  tests/qemu-iotests/158   |  68 
>  tests/qemu-iotests/158.out   |  15 ++
>  tests/qemu-iotests/159   |  70 
>  tests/qemu-iotests/159.out   |  87 ++
>  tests/qemu-iotests/common.filter |   9 +
>  tests/qemu-iotests/group |   2 +
>  9 files changed, 644 insertions(+), 1 deletion(-)
>  create mode 100755 tests/qemu-iotests/158
>  create mode 100644 tests/qemu-iotests/158.out
>  create mode 100755 tests/qemu-iotests/159
>  create mode 100644 tests/qemu-iotests/159.out

Reviewed-by: Stefan Hajnoczi 

Re: [Qemu-devel] [PATCH v3 3/6] cadence_gem: Add support for screening

[Peter Maydell]

On 26 July 2016 at 19:25, Alistair Francis  wrote:
> The Cadence GEM hardware allows incoming data to be 'screened' based on some
> register values. Add support for these screens.
>
> We also need to increase the max regs to avoid compilation failures. These new
> registers are implemented in the next patch.
>
> Signed-off-by: Alistair Francis 
> ---

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH v3 4/6] cadence_gem: Add queue support

[Peter Maydell]

On 26 July 2016 at 19:25, Alistair Francis  wrote:
> Signed-off-by: Alistair Francis 
> ---
>
> There is a indentation error in this patch in the gem_transmit function.
> I have written it like that to make it easier to see the changes. It is
> fixed in the next patch.

> @@ -1417,8 +1500,8 @@ static void gem_init(Object *obj)
>
>  static const VMStateDescription vmstate_cadence_gem = {
>  .name = "cadence_gem",
> -.version_id = 3,
> -.minimum_version_id = 3,
> +.version_id = 4,
> +.minimum_version_id = 4,
>  .fields = (VMStateField[]) {
>  VMSTATE_UINT32_ARRAY(regs, CadenceGEMState, CADENCE_GEM_MAXREG),
>  VMSTATE_UINT16_ARRAY(phy_regs, CadenceGEMState, 32),

This bit should have moved into the other patch with the change of
the CADENCE_GEM_MAXREG define, right?

Otherwise
Reviewed-by: Peter Maydell 

thanks
-- PMM

[Qemu-devel] [PATCH V11 7/9] filter-rewriter: introduce filter-rewriter initialization

[Zhang Chen]

Filter-rewriter is a part of COLO project.
It will rewrite some of secondary packet to make
secondary guest's tcp connection established successfully.
In this module we will rewrite tcp packet's ack to the secondary
from primary,and rewrite tcp packet's seq to the primary from
secondary.

usage:

colo secondary:
-object filter-redirector,id=f1,netdev=hn0,queue=tx,indev=red0
-object filter-redirector,id=f2,netdev=hn0,queue=rx,outdev=red1
-object filter-rewriter,id=rew0,netdev=hn0,queue=all

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 net/Makefile.objs |   1 +
 net/filter-rewriter.c | 114 ++
 qemu-options.hx   |  13 ++
 vl.c  |   3 +-
 4 files changed, 130 insertions(+), 1 deletion(-)
 create mode 100644 net/filter-rewriter.c

diff --git a/net/Makefile.objs b/net/Makefile.objs
index 119589f..645bd10 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -18,3 +18,4 @@ common-obj-y += filter-buffer.o
 common-obj-y += filter-mirror.o
 common-obj-y += colo-compare.o
 common-obj-y += colo-base.o
+common-obj-y += filter-rewriter.o
diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
new file mode 100644
index 000..3a39f52
--- /dev/null
+++ b/net/filter-rewriter.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * Author: Zhang Chen 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "net/colo-base.h"
+#include "net/filter.h"
+#include "net/net.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "qapi/qmp/qerror.h"
+#include "qapi-visit.h"
+#include "qom/object.h"
+#include "qemu/main-loop.h"
+#include "qemu/iov.h"
+#include "net/checksum.h"
+
+#define FILTER_COLO_REWRITER(obj) \
+OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
+
+#define TYPE_FILTER_REWRITER "filter-rewriter"
+
+enum {
+PRIMARY = 0,
+SECONDARY,
+};
+
+typedef struct RewriterState {
+NetFilterState parent_obj;
+NetQueue *incoming_queue;
+/* hashtable to save connection */
+GHashTable *connection_track_table;
+/* current hash size */
+uint32_t hashtable_size;
+} RewriterState;
+
+static void filter_rewriter_flush(NetFilterState *nf)
+{
+RewriterState *s = FILTER_COLO_REWRITER(nf);
+
+if (!qemu_net_queue_flush(s->incoming_queue)) {
+/* Unable to empty the queue, purge remaining packets */
+qemu_net_queue_purge(s->incoming_queue, nf->netdev);
+}
+}
+
+static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
+ NetClientState *sender,
+ unsigned flags,
+ const struct iovec *iov,
+ int iovcnt,
+ NetPacketSent *sent_cb)
+{
+/*
+ * if we get tcp packet
+ * we will rewrite it to make secondary guest's
+ * connection established successfully
+ */
+return 0;
+}
+
+static void colo_rewriter_cleanup(NetFilterState *nf)
+{
+RewriterState *s = FILTER_COLO_REWRITER(nf);
+
+/* flush packets */
+if (s->incoming_queue) {
+filter_rewriter_flush(nf);
+g_free(s->incoming_queue);
+}
+}
+
+static void colo_rewriter_setup(NetFilterState *nf, Error **errp)
+{
+RewriterState *s = FILTER_COLO_REWRITER(nf);
+
+s->hashtable_size = 0;
+
+s->connection_track_table = g_hash_table_new_full(connection_key_hash,
+  connection_key_equal,
+  g_free,
+  connection_destroy);
+s->incoming_queue = qemu_new_net_queue(qemu_netfilter_pass_to_next, nf);
+}
+
+static void colo_rewriter_class_init(ObjectClass *oc, void *data)
+{
+NetFilterClass *nfc = NETFILTER_CLASS(oc);
+
+nfc->setup = colo_rewriter_setup;
+nfc->cleanup = colo_rewriter_cleanup;
+nfc->receive_iov = colo_rewriter_receive_iov;
+}
+
+static const TypeInfo colo_rewriter_info = {
+.name = TYPE_FILTER_REWRITER,
+.parent = TYPE_NETFILTER,
+.class_init = colo_rewriter_class_init,
+.instance_size = sizeof(RewriterState),
+};
+
+static void register_types(void)
+{
+type_register_static(&colo_rewriter_info);
+}
+
+type_init(register_types);
diff --git a/qemu-options.hx b/qemu-options.hx
index 79e5896..67413f4 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -3859,6 +3859,19 @@ Create a filter-redirector we need to differ outdev id 
from indev id, id can not
 be the same. we can just use indev or outdev, but at least one of indev or 
outdev
 need to be specified.
 
+@item -object 
filter-rewriter,id=@var{id},netdev=@var{netdev

[Qemu-devel] [PATCH V11 0/9] Introduce COLO-compare and filter-rewriter

[Zhang Chen]

COLO-compare is a part of COLO project. It is used
to compare the network package to help COLO decide
whether to do checkpoint.

Filter-rewriter is a part of COLO project too.
It will rewrite some of secondary packet to make
secondary guest's connection established successfully.
In this module we will rewrite tcp packet's ack to the secondary
from primary,and rewrite tcp packet's seq to the primary from
secondary.

This series depend on
[PATCH V3] qemu-char: Add qemu_chr_add_handlers_full() for GMaincontext

The full version in this github:
https://github.com/zhangckid/qemu/tree/colo-v2.7-proxy-mode-compare-and-rewriter-jul28

v11:
  - Make patch 5 to a independent patch series.
[PATCH V3] qemu-char: Add qemu_chr_add_handlers_full() for GMaincontext
  - For Jason's comments, merge filter-rewriter to this series.
(patch 7,8,9)
  - Add reverse_connection_key()
  - remove conn_list in filter-rewriter
  - remove unprocessed_connections
  - add some comments

v10:
  - fix typo
  - Should we make patch 5 independent with this series?
This patch just add a API for qemu-char.

v9:
 p5:
  - use chr_update_read_handler_full() replace
the chr_update_read_handler()
  - use io_watch_poll_prepare_full() replace
the io_watch_poll_prepare()
  - use io_watch_poll_funcs_full replace
the io_watch_poll_funcs
  - avoid code duplication

v8:
 p5:
  - add new patch:
qemu-char: Add qemu_chr_add_handlers_full() for GMaincontext

v7:
 p5:
   - add [PATCH]qemu-char: Fix context for g_source_attach()
 in this patch series.

v6: 
 p6:
   - add more commit log.
   - fix icmp comparison to compare all packet.

 p5:
   - add more cpmments in commit log.
   - change REGULAR_CHECK_MS to REGULAR_PACKET_CHECK_MS
   - make check old packet independent to compare thread
   - remove thread_status

 p4:
   - change this patch only about
 Connection and ConnectionKey.
   - add some comments in commit log.
   - remove mode in fill_connection_key().
   - fix some comments and bug.
   - move colo_conn_state to patch of
 "work with colo-frame"
   - remove conn_list_lock.
   - add MAX_QUEUE_SIZE, if primary_list or
 secondary_list biger than MAX_QUEUE_SIZE
 we will drop packet. 

 p3:
   - add new independent kernel jhash patch.

 p2:
   - add new independent colo-base patch.

 p1:
   - add a ascii figure and some comments to explain it
   - move trace.h to p2
   - move QTAILQ_HEAD(, CompareState) net_compares to
 patch of "work with colo-frame"
   - add some comments in qemu-option.hx


v5:
 p3:
- comments from Jason
  we poll and handle chardev in comapre thread,
  Through this way, there's no need for extra 
  synchronization with main loop
  this depend on another patch:
  qemu-char: Fix context for g_source_attach()
- remove QemuEvent
 p2:
- remove conn->list_lock
 p1:
- move compare_pri/sec_chr_in to p3
- move compare_chr_send to p2

v4:
 p4:
- add some comments
- fix some trace-events
- fix tcp compare error
 p3:
- add rcu_read_lock().
- fix trace name
- fix jason's other comments
- rebase some Dave's branch function
 p2:
- colo_compare_connection() change g_queue_push_head() to
- g_queue_push_tail() match to sorted order.
- remove pkt->s
- move data structure to colo-base.h
- add colo-base.c reuse codes for filter-rewriter
- add some filter-rewriter needs struct
- depends on previous SocketReadState patch
 p1:
- except move qemu_chr_add_handlers()
  to colo thread
- remove class_finalize
- remove secondary arp codes
- depends on previous SocketReadState patch

v3:
  - rebase colo-compare to colo-frame v2.7
  - fix most of Dave's comments
(except RCU)
  - add TCP,UDP,ICMP and other packet comparison
  - add trace-event
  - add some comments
  - other bug fix
  - add RFC index
  - add usage in patch 1/4

v2:
  - add jhash.h

v1:
  - initial patch


Zhang Chen (9):
  colo-compare: introduce colo compare initialization
  colo-base: add colo-base to define and handle packet
  Jhash: add linux kernel jhashtable in qemu
  colo-compare: track connection and enqueue packet
  colo-compare: introduce packet comparison thread
  colo-compare: add TCP,UDP,ICMP packet comparison
  filter-rewriter: introduce filter-rewriter initialization
  filter-rewriter: track connection and parse packet
  filter-rewriter: rewrite tcp packet to keep secondary connection

 include/qemu/jhash.h  |  61 
 net/Makefile.objs |   3 +
 net/colo-base.c   | 199 +
 net/colo-base.h   |  76 +
 net/colo-compare.c| 763 ++
 net/filter-rewriter.c | 272 ++
 qemu-options.hx   |  51 
 trace-events  |  14 +
 vl.c  |   4 +-
 9 files changed, 1442 insertions(+), 1 deletion(-)
 create mode 100644 include/qemu/jhash.h
 create mode 100644 net/colo-base.c
 create mode 100644 net/colo-base.h
 create mo

[Qemu-devel] [PATCH V11 8/9] filter-rewriter: track connection and parse packet

[Zhang Chen]

We use colo-base.h to track connection and parse packet

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 net/colo-base.c   | 14 ++
 net/colo-base.h   |  1 +
 net/filter-rewriter.c | 50 ++
 3 files changed, 65 insertions(+)

diff --git a/net/colo-base.c b/net/colo-base.c
index eb1b631..20797b5 100644
--- a/net/colo-base.c
+++ b/net/colo-base.c
@@ -103,6 +103,20 @@ void fill_connection_key(Packet *pkt, ConnectionKey *key)
 }
 }
 
+void reverse_connection_key(ConnectionKey *key)
+{
+struct in_addr tmp_ip;
+uint16_t tmp_port;
+
+tmp_ip = key->src;
+key->src = key->dst;
+key->dst = tmp_ip;
+
+tmp_port = key->src_port;
+key->src_port = key->dst_port;
+key->dst_port = tmp_port;
+}
+
 Connection *connection_new(ConnectionKey *key)
 {
 Connection *conn = g_slice_new(Connection);
diff --git a/net/colo-base.h b/net/colo-base.h
index 860a148..8d402a3 100644
--- a/net/colo-base.h
+++ b/net/colo-base.h
@@ -56,6 +56,7 @@ uint32_t connection_key_hash(const void *opaque);
 int connection_key_equal(const void *opaque1, const void *opaque2);
 int parse_packet_early(Packet *pkt);
 void fill_connection_key(Packet *pkt, ConnectionKey *key);
+void reverse_connection_key(ConnectionKey *key);
 Connection *connection_new(ConnectionKey *key);
 void connection_destroy(void *opaque);
 Connection *connection_get(GHashTable *connection_track_table,
diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
index 3a39f52..6350080 100644
--- a/net/filter-rewriter.c
+++ b/net/filter-rewriter.c
@@ -51,6 +51,20 @@ static void filter_rewriter_flush(NetFilterState *nf)
 }
 }
 
+/*
+ * Return 1 on success, if return 0 means the pkt
+ * is not TCP packet
+ */
+static int is_tcp_packet(Packet *pkt)
+{
+if (!parse_packet_early(pkt) &&
+pkt->ip->ip_p == IPPROTO_TCP) {
+return 1;
+} else {
+return 0;
+}
+}
+
 static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
  NetClientState *sender,
  unsigned flags,
@@ -58,11 +72,47 @@ static ssize_t colo_rewriter_receive_iov(NetFilterState *nf,
  int iovcnt,
  NetPacketSent *sent_cb)
 {
+RewriterState *s = FILTER_COLO_REWRITER(nf);
+Connection *conn;
+ConnectionKey key = {{ 0 } };
+Packet *pkt;
+ssize_t size = iov_size(iov, iovcnt);
+char *buf = g_malloc0(size);
+
+iov_to_buf(iov, iovcnt, 0, buf, size);
+pkt = packet_new(buf, size);
+
 /*
  * if we get tcp packet
  * we will rewrite it to make secondary guest's
  * connection established successfully
  */
+if (is_tcp_packet(pkt)) {
+
+fill_connection_key(pkt, &key);
+
+if (sender == nf->netdev) {
+/*
+ * We need make tcp TX and RX packet
+ * into one connection.
+ */
+reverse_connection_key(&key);
+}
+conn = connection_get(s->connection_track_table,
+  &key,
+  &s->hashtable_size);
+
+if (sender == nf->netdev) {
+/* NET_FILTER_DIRECTION_TX */
+/* handle_primary_tcp_pkt */
+} else {
+/* NET_FILTER_DIRECTION_RX */
+/* handle_secondary_tcp_pkt */
+}
+}
+
+packet_destroy(pkt, NULL);
+pkt = NULL;
 return 0;
 }
 
-- 
2.7.4

[Qemu-devel] VFIO mdev with vIOMMU

[Tian, Kevin]

Hi, Alex,

Along with recent enhancement on virtual IOMMU (vIOMMU) in Qemu, I'm 
thinking whether there is any issue for mdev to cope with vIOMMU. I
know today VFIO device only works with PowerPC IOMMU (note someone
is enabling VFIO device with virtual VT-d but looks not complete yet), but
it's always good to do architecture discussion earlier. :-)

VFIO mdev framework maintains a GPA->HPA mapping, which are queried
by vendor specific mdev device model for emulation purpose. For example,
guest GPU PTEs may need be translated into shadow GPU PTEs, where 
GPA->HPA conversion is required.

When a virtual IOMMU is exposed to the guest, IOVA may be used as DMA 
address by the guest, which means guest PTE now contains IOVA instead 
of GPA then device model would like to know IOVA->HPA mapping. After 
checking current vIOMMU logic within Qemu, looks it's not a problem. 
vIOMMU is expected to notify any IOVA change to VFIO and kernel VFIO 
driver does receive map requests for IOVA regions. Thus the mapping 
structure that VFIO maintains does be IOVA->HPA mapping as required 
by device model. 

In this manner looks no further change is required on proposed mdev
framework to support vIOMMU. The only thing that I'm unsure is how
Qemu guarantees to map IOVA vs. GPA exclusively. I checked that
vfio_listener_region_add initiates map request for normal memory 
regions (which is GPA), and then vfio_iommu_map_notify will send
map request for IOVA region which is notified through IOMMU notifier.
I don't think VFIO can cope both GPA/IOVA map requests simultaneously,
since VFIO doesn't maintain multiple address spaces on one device. It's
not a mdev specific question, but I definitely missed some key points 
here since it's assumed to be working for PowerPC already...

Thanks
Kevin

[Qemu-devel] [PATCH V11 1/9] colo-compare: introduce colo compare initialization

[Zhang Chen]

This a COLO net ascii figure:

 Primary qemu   
Secondary qemu
+--+   
++
| +-+  |   |  
+---+ |
| | |  |   |  | 
  | |
| |guest|  |   |  | 
   guest  | |
| | |  |   |  | 
  | |
| +---^--+--+  |   |  
+-+++ |
| |  | |   |
^|  |
| |  | |   |
||  |
| |  +--+  |
||  |
|netfilter|  |   | ||  |   
netfilter||  |
| +--+ ---+||  |  
+---+ |
| |   |  |   ||||  |  | 
||  filter excute order   | |
| |   |  |   ||||  |  | 
|| +--->  | |
| |   |  |   ||||  |  | 
||   TCP  | |
| | +-+--+--+ +--v-+  | ++ ||  |  | 
++  +---++---v+rewriter++  ++ | |
| | |   | ||  | || ||  |  | |   
 |  ||  |  || | |
| | |  filter   | |   filter   +>   colo <+ +>  
filter   +--> adjust |   adjust +-->   filter   | | |
| | |  mirror   | | redirector |  | |  compare   | |  ||  | | 
redirector |  | ack|   seq|  | redirector | | |
| | |   | ||  | || |  ||  | |   
 |  ||  |  || | |
| | +^--+ ++  | +-+--+ |  ||  | 
++  ++--+  +---++ | |
| |  | tx rx  |   ||  ||  | 
   txall   |  rx  | |
| |  ||   ||  ||  
+---+ |
| |  ||   ||  ||
   ||
| |  |   filter excute order  |   ||  ||
   ||
| |  |  +---> |   ||  
++|
| +---+   ||   |
|
||||   |
|
+--+   
++
 |guest receive   |guest send
 ||
++v+
|  |
  NOTE: filter direction is rx/tx/all
| tap  |
  rx:receive packets sent to the netdev
|  |
  tx:receive packets sent by the netdev
+--+

In COLO-compare.
Packets coming from the primary char indev will be sent to outdev
Packets coming from the secondary char dev will be dropped
colo-comapre need two input chardev and one output chardev:
primary_in=chardev1-id
secondary_in=chardev2-id
outdev=chardev3-id

usage:

primary:
-netdev tap,id=hn0,vhost=off,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown
-device 

[Qemu-devel] [PATCH V11 2/9] colo-base: add colo-base to define and handle packet

[Zhang Chen]

COLO-base used by colo-compare and filter-rewriter.
this can share common data structure like:net packet,
and share other functions.

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 net/Makefile.objs  |   1 +
 net/colo-base.c|  74 +
 net/colo-base.h|  38 +
 net/colo-compare.c | 117 -
 trace-events   |   3 ++
 5 files changed, 231 insertions(+), 2 deletions(-)
 create mode 100644 net/colo-base.c
 create mode 100644 net/colo-base.h

diff --git a/net/Makefile.objs b/net/Makefile.objs
index ba92f73..119589f 100644
--- a/net/Makefile.objs
+++ b/net/Makefile.objs
@@ -17,3 +17,4 @@ common-obj-y += filter.o
 common-obj-y += filter-buffer.o
 common-obj-y += filter-mirror.o
 common-obj-y += colo-compare.o
+common-obj-y += colo-base.o
diff --git a/net/colo-base.c b/net/colo-base.c
new file mode 100644
index 000..f5d5de9
--- /dev/null
+++ b/net/colo-base.c
@@ -0,0 +1,74 @@
+/*
+ * COarse-grain LOck-stepping Virtual Machines for Non-stop Service (COLO)
+ * (a.k.a. Fault Tolerance or Continuous Replication)
+ *
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * Author: Zhang Chen 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu/error-report.h"
+#include "net/colo-base.h"
+
+int parse_packet_early(Packet *pkt)
+{
+int network_length;
+uint8_t *data = pkt->data;
+uint16_t l3_proto;
+ssize_t l2hdr_len = eth_get_l2_hdr_length(data);
+
+if (pkt->size < ETH_HLEN) {
+error_report("pkt->size < ETH_HLEN");
+return 1;
+}
+pkt->network_layer = data + ETH_HLEN;
+l3_proto = eth_get_l3_proto(data, l2hdr_len);
+if (l3_proto != ETH_P_IP) {
+return 1;
+}
+
+network_length = pkt->ip->ip_hl * 4;
+if (pkt->size < ETH_HLEN + network_length) {
+error_report("pkt->size < network_layer + network_length");
+return 1;
+}
+pkt->transport_layer = pkt->network_layer + network_length;
+if (!pkt->transport_layer) {
+error_report("pkt->transport_layer is valid");
+return 1;
+}
+
+return 0;
+}
+
+Packet *packet_new(const void *data, int size)
+{
+Packet *pkt = g_slice_new(Packet);
+
+pkt->data = g_memdup(data, size);
+pkt->size = size;
+
+return pkt;
+}
+
+void packet_destroy(void *opaque, void *user_data)
+{
+Packet *pkt = opaque;
+
+g_free(pkt->data);
+g_slice_free(Packet, pkt);
+}
+
+/*
+ * Clear hashtable, stop this hash growing really huge
+ */
+void connection_hashtable_reset(GHashTable *connection_track_table)
+{
+g_hash_table_remove_all(connection_track_table);
+}
diff --git a/net/colo-base.h b/net/colo-base.h
new file mode 100644
index 000..48835e7
--- /dev/null
+++ b/net/colo-base.h
@@ -0,0 +1,38 @@
+/*
+ * COarse-grain LOck-stepping Virtual Machines for Non-stop Service (COLO)
+ * (a.k.a. Fault Tolerance or Continuous Replication)
+ *
+ * Copyright (c) 2016 HUAWEI TECHNOLOGIES CO., LTD.
+ * Copyright (c) 2016 FUJITSU LIMITED
+ * Copyright (c) 2016 Intel Corporation
+ *
+ * Author: Zhang Chen 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or
+ * later.  See the COPYING file in the top-level directory.
+ */
+
+#ifndef QEMU_COLO_BASE_H
+#define QEMU_COLO_BASE_H
+
+#include "slirp/slirp.h"
+#include "qemu/jhash.h"
+
+#define HASHTABLE_MAX_SIZE 16384
+
+typedef struct Packet {
+void *data;
+union {
+uint8_t *network_layer;
+struct ip *ip;
+};
+uint8_t *transport_layer;
+int size;
+} Packet;
+
+int parse_packet_early(Packet *pkt);
+void connection_hashtable_reset(GHashTable *connection_track_table);
+Packet *packet_new(const void *data, int size);
+void packet_destroy(void *opaque, void *user_data);
+
+#endif /* QEMU_COLO_BASE_H */
diff --git a/net/colo-compare.c b/net/colo-compare.c
index 0402958..32357f7 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -27,13 +27,38 @@
 #include "sysemu/char.h"
 #include "qemu/sockets.h"
 #include "qapi-visit.h"
+#include "net/colo-base.h"
+#include "trace.h"
 
 #define TYPE_COLO_COMPARE "colo-compare"
 #define COLO_COMPARE(obj) \
 OBJECT_CHECK(CompareState, (obj), TYPE_COLO_COMPARE)
 
 #define COMPARE_READ_LEN_MAX NET_BUFSIZE
+#define MAX_QUEUE_SIZE 1024
 
+/*
+  + CompareState ++
+  |   |
+  +---+   +---+ +---+
+  |conn list  +--->conn   +->conn   |
+  +---+   +---+ +---+
+  |   | |   | |  |
+  +---+ +---v+  +---v++---v+ +---v+
+|primary |  |secondary|primary | |secondary
+  

[Qemu-devel] [PATCH V11 4/9] colo-compare: track connection and enqueue packet

[Zhang Chen]

In this patch we use kernel jhash table to track
connection, and then enqueue net packet like this:

+ CompareState ++
|   |
+---+   +---+ +---+
|conn list  +--->conn   +->conn   |
+---+   +---+ +---+
|   | |   | |  |
+---+ +---v+  +---v++---v+ +---v+
  |primary |  |secondary|primary | |secondary
  |packet  |  |packet  +|packet  | |packet  +
  ++  ++++ ++
  |   | |  |
  +---v+  +---v++---v+ +---v+
  |primary |  |secondary|primary | |secondary
  |packet  |  |packet  +|packet  | |packet  +
  ++  ++++ ++
  |   | |  |
  +---v+  +---v++---v+ +---v+
  |primary |  |secondary|primary | |secondary
  |packet  |  |packet  +|packet  | |packet  +
  ++  ++++ ++

We use conn_list to record connection info.
When we want to enqueue a packet, firstly get the
connection from connection_track_table. then push
the packet to g_queue(pri/sec) in it's own conn.

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 net/colo-base.c| 108 +
 net/colo-base.h|  27 ++
 net/colo-compare.c |  70 +-
 3 files changed, 195 insertions(+), 10 deletions(-)

diff --git a/net/colo-base.c b/net/colo-base.c
index f5d5de9..7e91dec 100644
--- a/net/colo-base.c
+++ b/net/colo-base.c
@@ -16,6 +16,29 @@
 #include "qemu/error-report.h"
 #include "net/colo-base.h"
 
+uint32_t connection_key_hash(const void *opaque)
+{
+const ConnectionKey *key = opaque;
+uint32_t a, b, c;
+
+/* Jenkins hash */
+a = b = c = JHASH_INITVAL + sizeof(*key);
+a += key->src.s_addr;
+b += key->dst.s_addr;
+c += (key->src_port | key->dst_port << 16);
+__jhash_mix(a, b, c);
+
+a += key->ip_proto;
+__jhash_final(a, b, c);
+
+return c;
+}
+
+int connection_key_equal(const void *key1, const void *key2)
+{
+return memcmp(key1, key2, sizeof(ConnectionKey)) == 0;
+}
+
 int parse_packet_early(Packet *pkt)
 {
 int network_length;
@@ -47,6 +70,62 @@ int parse_packet_early(Packet *pkt)
 return 0;
 }
 
+void fill_connection_key(Packet *pkt, ConnectionKey *key)
+{
+uint32_t tmp_ports;
+
+key->ip_proto = pkt->ip->ip_p;
+
+switch (key->ip_proto) {
+case IPPROTO_TCP:
+case IPPROTO_UDP:
+case IPPROTO_DCCP:
+case IPPROTO_ESP:
+case IPPROTO_SCTP:
+case IPPROTO_UDPLITE:
+tmp_ports = *(uint32_t *)(pkt->transport_layer);
+key->src = pkt->ip->ip_src;
+key->dst = pkt->ip->ip_dst;
+key->src_port = ntohs(tmp_ports & 0x);
+key->dst_port = ntohs(tmp_ports >> 16);
+break;
+case IPPROTO_AH:
+tmp_ports = *(uint32_t *)(pkt->transport_layer + 4);
+key->src = pkt->ip->ip_src;
+key->dst = pkt->ip->ip_dst;
+key->src_port = ntohs(tmp_ports & 0x);
+key->dst_port = ntohs(tmp_ports >> 16);
+break;
+default:
+key->src_port = 0;
+key->dst_port = 0;
+break;
+}
+}
+
+Connection *connection_new(ConnectionKey *key)
+{
+Connection *conn = g_slice_new(Connection);
+
+conn->ip_proto = key->ip_proto;
+conn->processing = false;
+g_queue_init(&conn->primary_list);
+g_queue_init(&conn->secondary_list);
+
+return conn;
+}
+
+void connection_destroy(void *opaque)
+{
+Connection *conn = opaque;
+
+g_queue_foreach(&conn->primary_list, packet_destroy, NULL);
+g_queue_free(&conn->primary_list);
+g_queue_foreach(&conn->secondary_list, packet_destroy, NULL);
+g_queue_free(&conn->secondary_list);
+g_slice_free(Connection, conn);
+}
+
 Packet *packet_new(const void *data, int size)
 {
 Packet *pkt = g_slice_new(Packet);
@@ -72,3 +151,32 @@ void connection_hashtable_reset(GHashTable 
*connection_track_table)
 {
 g_hash_table_remove_all(connection_track_table);
 }
+
+/* if not found, create a new connection and add to hash table */
+Connection *connection_get(GHashTable *connection_track_table,
+   ConnectionKey *key,
+   uint32_t *hashtable_size)
+{
+Connection *conn = g_hash_table_lookup(connection_track_table, key);
+
+if (conn == NULL) {
+ConnectionKey *new_key = g_memdup(key, sizeof(*key));
+
+conn = connection_new(key);
+
+(*hashtable_size) += 1;
+if (*hashtable_size > HASHTABLE_MAX_SIZE) {
+  

[Qemu-devel] [PATCH V11 3/9] Jhash: add linux kernel jhashtable in qemu

[Zhang Chen]

Jhash used by colo-compare and filter-rewriter
to save and lookup net connection info

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 include/qemu/jhash.h | 61 
 1 file changed, 61 insertions(+)
 create mode 100644 include/qemu/jhash.h

diff --git a/include/qemu/jhash.h b/include/qemu/jhash.h
new file mode 100644
index 000..0fcd875
--- /dev/null
+++ b/include/qemu/jhash.h
@@ -0,0 +1,61 @@
+/* jhash.h: Jenkins hash support.
+  *
+  * Copyright (C) 2006. Bob Jenkins (bob_jenk...@burtleburtle.net)
+  *
+  * http://burtleburtle.net/bob/hash/
+  *
+  * These are the credits from Bob's sources:
+  *
+  * lookup3.c, by Bob Jenkins, May 2006, Public Domain.
+  *
+  * These are functions for producing 32-bit hashes for hash table lookup.
+  * hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
+  * are externally useful functions.  Routines to test the hash are
+included
+  * if SELF_TEST is defined.  You can use this free for any purpose.
+It's in
+  * the public domain.  It has no warranty.
+  *
+  * Copyright (C) 2009-2010 Jozsef Kadlecsik (kad...@blackhole.kfki.hu)
+  *
+  * I've modified Bob's hash to be useful in the Linux kernel, and
+  * any bugs present are my fault.
+  * Jozsef
+  */
+
+#ifndef QEMU_JHASH_H__
+#define QEMU_JHASH_H__
+
+#include "qemu/bitops.h"
+
+/*
+ * hashtable relation copy from linux kernel jhash
+ */
+
+/* __jhash_mix -- mix 3 32-bit values reversibly. */
+#define __jhash_mix(a, b, c)\
+{   \
+a -= c;  a ^= rol32(c, 4);  c += b; \
+b -= a;  b ^= rol32(a, 6);  a += c; \
+c -= b;  c ^= rol32(b, 8);  b += a; \
+a -= c;  a ^= rol32(c, 16); c += b; \
+b -= a;  b ^= rol32(a, 19); a += c; \
+c -= b;  c ^= rol32(b, 4);  b += a; \
+}
+
+/* __jhash_final - final mixing of 3 32-bit values (a,b,c) into c */
+#define __jhash_final(a, b, c)  \
+{   \
+c ^= b; c -= rol32(b, 14);  \
+a ^= c; a -= rol32(c, 11);  \
+b ^= a; b -= rol32(a, 25);  \
+c ^= b; c -= rol32(b, 16);  \
+a ^= c; a -= rol32(c, 4);   \
+b ^= a; b -= rol32(a, 14);  \
+c ^= b; c -= rol32(b, 24);  \
+}
+
+/* An arbitrary initial parameter */
+#define JHASH_INITVAL   0xdeadbeef
+
+#endif /* QEMU_JHASH_H__ */
-- 
2.7.4

[Qemu-devel] [PATCH V11 5/9] colo-compare: introduce packet comparison thread

[Zhang Chen]

If primary packet is same with secondary packet,
we will send primary packet and drop secondary
packet, otherwise notify COLO frame to do checkpoint.
If primary packet comes and secondary packet not,
after REGULAR_PACKET_CHECK_MS milliseconds we set
the primary packet as old_packet,then do a checkpoint.

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 net/colo-base.c|   1 +
 net/colo-base.h|   3 +
 net/colo-compare.c | 212 +
 trace-events   |   2 +
 4 files changed, 218 insertions(+)

diff --git a/net/colo-base.c b/net/colo-base.c
index 7e91dec..eb1b631 100644
--- a/net/colo-base.c
+++ b/net/colo-base.c
@@ -132,6 +132,7 @@ Packet *packet_new(const void *data, int size)
 
 pkt->data = g_memdup(data, size);
 pkt->size = size;
+pkt->creation_ms = qemu_clock_get_ms(QEMU_CLOCK_HOST);
 
 return pkt;
 }
diff --git a/net/colo-base.h b/net/colo-base.h
index cc60405..860a148 100644
--- a/net/colo-base.h
+++ b/net/colo-base.h
@@ -17,6 +17,7 @@
 
 #include "slirp/slirp.h"
 #include "qemu/jhash.h"
+#include "qemu/timer.h"
 
 #define HASHTABLE_MAX_SIZE 16384
 
@@ -28,6 +29,8 @@ typedef struct Packet {
 };
 uint8_t *transport_layer;
 int size;
+/* Time of packet creation, in wall clock ms */
+int64_t creation_ms;
 } Packet;
 
 typedef struct ConnectionKey {
diff --git a/net/colo-compare.c b/net/colo-compare.c
index 4807f55..cf63c6b 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -36,6 +36,8 @@
 
 #define COMPARE_READ_LEN_MAX NET_BUFSIZE
 #define MAX_QUEUE_SIZE 1024
+/* TODO: Should be configurable */
+#define REGULAR_PACKET_CHECK_MS 3000
 
 /*
   + CompareState ++
@@ -81,6 +83,10 @@ typedef struct CompareState {
 GHashTable *connection_track_table;
 /* proxy current hash size */
 uint32_t hashtable_size;
+/* compare thread, a thread for each NIC */
+QemuThread thread;
+/* Timer used on the primary to find packets that are never matched */
+QEMUTimer *timer;
 } CompareState;
 
 typedef struct CompareClass {
@@ -168,6 +174,112 @@ static int packet_enqueue(CompareState *s, int mode)
 return 0;
 }
 
+/*
+ * The IP packets sent by primary and secondary
+ * will be compared in here
+ * TODO support ip fragment, Out-Of-Order
+ * return:0  means packet same
+ *> 0 || < 0 means packet different
+ */
+static int colo_packet_compare(Packet *ppkt, Packet *spkt)
+{
+trace_colo_compare_ip_info(ppkt->size, inet_ntoa(ppkt->ip->ip_src),
+   inet_ntoa(ppkt->ip->ip_dst), spkt->size,
+   inet_ntoa(spkt->ip->ip_src),
+   inet_ntoa(spkt->ip->ip_dst));
+
+if (ppkt->size == spkt->size) {
+return memcmp(ppkt->data, spkt->data, spkt->size);
+} else {
+return -1;
+}
+}
+
+static int colo_packet_compare_all(Packet *spkt, Packet *ppkt)
+{
+trace_colo_compare_main("compare all");
+return colo_packet_compare(ppkt, spkt);
+}
+
+static void colo_old_packet_check_one(void *opaque_packet,
+  void *opaque_found)
+{
+int64_t now;
+bool *found_old = (bool *)opaque_found;
+Packet *ppkt = (Packet *)opaque_packet;
+
+if (*found_old) {
+/* Someone found an old packet earlier in the queue */
+return;
+}
+
+now = qemu_clock_get_ms(QEMU_CLOCK_HOST);
+if ((now - ppkt->creation_ms) > REGULAR_PACKET_CHECK_MS) {
+trace_colo_old_packet_check_found(ppkt->creation_ms);
+*found_old = true;
+}
+}
+
+static void colo_old_packet_check_one_conn(void *opaque,
+   void *user_data)
+{
+bool found_old = false;
+Connection *conn = opaque;
+
+g_queue_foreach(&conn->primary_list, colo_old_packet_check_one,
+&found_old);
+if (found_old) {
+/* do checkpoint will flush old packet */
+/* TODO: colo_notify_checkpoint();*/
+}
+}
+
+/*
+ * Look for old packets that the secondary hasn't matched,
+ * if we have some then we have to checkpoint to wake
+ * the secondary up.
+ */
+static void colo_old_packet_check(void *opaque)
+{
+CompareState *s = opaque;
+
+g_queue_foreach(&s->conn_list, colo_old_packet_check_one_conn, NULL);
+}
+
+/*
+ * called from the compare thread on the primary
+ * for compare connection
+ */
+static void colo_compare_connection(void *opaque, void *user_data)
+{
+CompareState *s = user_data;
+Connection *conn = opaque;
+Packet *pkt = NULL;
+GList *result = NULL;
+int ret;
+
+while (!g_queue_is_empty(&conn->primary_list) &&
+   !g_queue_is_empty(&conn->secondary_list)) {
+pkt = g_queue_pop_tail(&conn->primary_list);
+result = g_queue_find_custom(&conn->secondary_list,
+  pkt, (GCompareFunc)colo_packet_compare_all);
+
+if (result) {
+ret = compare_chr_send(s->

Re: [Qemu-devel] invalid runstate transition: 'prelaunch' -> 'prelaunch'

[Markus Armbruster]

Liviu Ionescu  writes:

> Hi,
>
> I just upgraded GNU ARM Eclipse QEMU to 2.6.0 and ran into a problem.
>
> The console reads:
>
> ```
> GNU ARM Eclipse 64-bits QEMU v2.6.0 (qemu-system-gnuarmeclipse).
> Board: 'STM32F4-Discovery' (ST Discovery kit for STM32F407/417 lines).
> Device: 'STM32F407VG' (Cortex-M4 r0p0, MPU), Flash: 1024 kB, RAM: 128 kB.
> Command line: 'test' (4 bytes).
> Cortex-M4 r0p0 core initialised.
> GDB Server listening on: 'tcp::1234'...
> Cortex-M4 r0p0 core reset.
> ... connection accepted from 127.0.0.1.
>
> Execute 'mon system_reset'.
>
> Cortex-M4 r0p0 core reset.
> qemu-system-gnuarmeclipse: invalid runstate transition: 'prelaunch' -> 
> 'prelaunch'
[...]

Looks like you need this one:

commit e92a2d9cb3d8f589c9fe5d2eacc83d8dddea0e16
Author: Li Zhijian 
Date:   Thu Apr 14 11:25:52 2016 +0800

vl: change runstate only if new state is different from current state

Previously, qemu will abort at following scenario:
(qemu) stop
(qemu) system_reset
(qemu) system_reset
(qemu) 2016-04-13T20:54:38.979158Z qemu-system-x86_64: invalid runstate 
transition: 'prelaunch' -> 'prelaunch'

Signed-off-by: Li Zhijian 
Acked-by: Paolo Bonzini 
Message-Id: <1460604352-18630-1-git-send-email-lizhij...@cn.fujitsu.com>
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini 

[Qemu-devel] [PATCH V11 6/9] colo-compare: add TCP, UDP, ICMP packet comparison

[Zhang Chen]

We add TCP,UDP,ICMP packet comparison to replace
IP packet comparison. This can increase the
accuracy of the package comparison.
less checkpoint more efficiency.

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 net/colo-compare.c | 174 +++--
 trace-events   |   4 ++
 2 files changed, 174 insertions(+), 4 deletions(-)

diff --git a/net/colo-compare.c b/net/colo-compare.c
index cf63c6b..982c241 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -18,6 +18,7 @@
 #include "qapi/qmp/qerror.h"
 #include "qapi/error.h"
 #include "net/net.h"
+#include "net/eth.h"
 #include "net/vhost_net.h"
 #include "qom/object_interfaces.h"
 #include "qemu/iov.h"
@@ -195,9 +196,158 @@ static int colo_packet_compare(Packet *ppkt, Packet *spkt)
 }
 }
 
-static int colo_packet_compare_all(Packet *spkt, Packet *ppkt)
+/*
+ * called from the compare thread on the primary
+ * for compare tcp packet
+ * compare_tcp copied from Dr. David Alan Gilbert's branch
+ */
+static int colo_packet_compare_tcp(Packet *spkt, Packet *ppkt)
+{
+struct tcphdr *ptcp, *stcp;
+int res;
+char *sdebug, *ddebug;
+
+trace_colo_compare_main("compare tcp");
+if (ppkt->size != spkt->size) {
+if (trace_event_get_state(TRACE_COLO_COMPARE_MISCOMPARE)) {
+trace_colo_compare_main("pkt size not same");
+}
+return -1;
+}
+
+ptcp = (struct tcphdr *)ppkt->transport_layer;
+stcp = (struct tcphdr *)spkt->transport_layer;
+
+if (ptcp->th_seq != stcp->th_seq) {
+if (trace_event_get_state(TRACE_COLO_COMPARE_MISCOMPARE)) {
+trace_colo_compare_main("pkt tcp seq not same");
+}
+return -1;
+}
+
+/*
+ * The 'identification' field in the IP header is *very* random
+ * it almost never matches.  Fudge this by ignoring differences in
+ * unfragmented packets; they'll normally sort themselves out if different
+ * anyway, and it should recover at the TCP level.
+ * An alternative would be to get both the primary and secondary to rewrite
+ * somehow; but that would need some sync traffic to sync the state
+ */
+if (ntohs(ppkt->ip->ip_off) & IP_DF) {
+spkt->ip->ip_id = ppkt->ip->ip_id;
+/* and the sum will be different if the IDs were different */
+spkt->ip->ip_sum = ppkt->ip->ip_sum;
+}
+
+res = memcmp(ppkt->data + ETH_HLEN, spkt->data + ETH_HLEN,
+(spkt->size - ETH_HLEN));
+
+if (res != 0 && trace_event_get_state(TRACE_COLO_COMPARE_MISCOMPARE)) {
+sdebug = strdup(inet_ntoa(ppkt->ip->ip_src));
+ddebug = strdup(inet_ntoa(ppkt->ip->ip_dst));
+fprintf(stderr, "%s: src/dst: %s/%s p: seq/ack=%u/%u"
+" s: seq/ack=%u/%u res=%d flags=%x/%x\n", __func__,
+   sdebug, ddebug,
+   ntohl(ptcp->th_seq), ntohl(ptcp->th_ack),
+   ntohl(stcp->th_seq), ntohl(stcp->th_ack),
+   res, ptcp->th_flags, stcp->th_flags);
+
+trace_colo_compare_tcp_miscompare("Primary len", ppkt->size);
+qemu_hexdump((char *)ppkt->data, stderr, "colo-compare", ppkt->size);
+trace_colo_compare_tcp_miscompare("Secondary len", spkt->size);
+qemu_hexdump((char *)spkt->data, stderr, "colo-compare", spkt->size);
+
+g_free(sdebug);
+g_free(ddebug);
+}
+
+return res;
+}
+
+/*
+ * called from the compare thread on the primary
+ * for compare udp packet
+ */
+static int colo_packet_compare_udp(Packet *spkt, Packet *ppkt)
+{
+int ret;
+
+trace_colo_compare_main("compare udp");
+ret = colo_packet_compare(ppkt, spkt);
+
+if (ret) {
+trace_colo_compare_udp_miscompare("primary pkt size", ppkt->size);
+qemu_hexdump((char *)ppkt->data, stderr, "colo-compare", ppkt->size);
+trace_colo_compare_udp_miscompare("Secondary pkt size", spkt->size);
+qemu_hexdump((char *)spkt->data, stderr, "colo-compare", spkt->size);
+}
+
+return ret;
+}
+
+/*
+ * called from the compare thread on the primary
+ * for compare icmp packet
+ */
+static int colo_packet_compare_icmp(Packet *spkt, Packet *ppkt)
 {
-trace_colo_compare_main("compare all");
+int network_length;
+struct icmp *icmp_ppkt, *icmp_spkt;
+
+trace_colo_compare_main("compare icmp");
+network_length = ppkt->ip->ip_hl * 4;
+if (ppkt->size != spkt->size ||
+ppkt->size < network_length + ETH_HLEN) {
+return -1;
+}
+icmp_ppkt = (struct icmp *)(ppkt->data + network_length + ETH_HLEN);
+icmp_spkt = (struct icmp *)(spkt->data + network_length + ETH_HLEN);
+
+if ((icmp_ppkt->icmp_type == icmp_spkt->icmp_type) &&
+(icmp_ppkt->icmp_code == icmp_spkt->icmp_code)) {
+if (icmp_ppkt->icmp_type == ICMP_REDIRECT) {
+if (icmp_ppkt->icmp_gwaddr.s_addr !=
+icmp_spkt->icmp_gwaddr.s_addr) {
+trace_colo_compare

Re: [Qemu-devel] [Qemu-trivial] [PATCH 0/2] convert device initialization functions

[Marcel Apfelbaum]

On 07/13/2016 10:14 AM, Wei, Jiangang wrote:

cc qemu-trivial

The following patches had been reviewed one month ago,
But so far, It haven't been merged.
May I trouble any maintainer give me some feedback?

hw/pci-bridge: Convert pxb initialization functions to Error
apb: convert init to realize

Thanks,
wei
On Thu, 2016-07-07 at 01:39 +, Wei, Jiangang wrote:

Ping again ...
May I ask for some attention for these two patches？



Hi Wei,

We are very sorry we didn't take your patches yet, we are now in hard freeze,
I am not sure we can have them for 2.7 .

We are going to make sure they get in for 2.8, no further action is requested
from your side.

Thanks,
Marcel


Thanks
wei
On Thu, 2016-06-30 at 03:36 +, Wei, Jiangang wrote:

Ping
These two patches seem to be forgotten ...

On Tue, 2016-05-17 at 18:18 +0800, Wei Jiangang wrote:

The first had been reviewed.
The second had been posted last month, but no feedback.
They're similar, so resend them together.

Wei Jiangang (2):
  hw/pci-bridge: Convert pxb initialization functions to Error
  apb: convert init to realize

 hw/pci-bridge/pci_expander_bridge.c | 52 ++---
 hw/pci-host/apb.c   |  5 ++--
 2 files changed, 27 insertions(+), 30 deletions(-)

Re: [Qemu-devel] [PATCH] error: error_setg_errno(): errno gets preserved

[Markus Armbruster]

Eric Blake  writes:

> On 07/27/2016 03:24 AM, Sascha Silbe wrote:
>> C11 allows errno to be clobbered by pretty much any library function
>> call, so in general callers need to take care to save errno before
>> calling other functions.
>> 
>> However, for error reporting functions this is rather awkward and can
>> make the code on the caller side more complicated than
>> necessary. error_setg_errno() already takes care of preserving errno
>> and some functions rely on that, so just promise that we continue to
>> do so in the future.
>> 
>> Signed-off-by: Sascha Silbe 
>> ---
>> 
>> Alternative approach to "error: error_setg_errno(): errno may be
>> clobbered" [1].
>
> I like this alternative better.
>
>
>> +++ b/include/qapi/error.h
>> @@ -170,6 +170,9 @@ void error_setg_internal(Error **errp,
>>   * Just like error_setg(), with @os_error info added to the message.
>>   * If @os_error is non-zero, ": " + strerror(os_error) is appended to
>>   * the human-readable error message.
>> + *
>> + * The value of errno (which usually can get clobbered by almost any
>> + * function call) will be preserved.
>>   */
>>  #define error_setg_errno(errp, os_error, fmt, ...)  \
>>  error_setg_errno_internal((errp), __FILE__, __LINE__, __func__, \
>
> Do we need/want to make the guarantee of preserving errno across any of
> the other functions and macros declared in error.h?

I guess we should for the ones that preserve errno, to make that
preservation actually useful.  These are: error_setv(),
error_setg_errno_internal(), error_append_hint().  Indirectly:
error_set_internal(), error_set(), error_setg_internal(), error_setg(),
error_setg_file_open_internal(), error_setg_file_open(), possibly
error_setg_win32_internal() and error_setg_win32().

[Qemu-devel] [PATCH V11 9/9] filter-rewriter: rewrite tcp packet to keep secondary connection

[Zhang Chen]

We will rewrite tcp packet secondary received and sent.
When colo guest is a tcp server.

Firstly, client start a tcp handshake. the packet's seq=client_seq,
ack=0,flag=SYN. COLO primary guest get this pkt and mirror(filter-mirror)
to secondary guest, secondary get it use filter-redirector.
Then,primary guest response pkt
(seq=primary_seq,ack=client_seq+1,flag=ACK|SYN).
secondary guest response pkt
(seq=secondary_seq,ack=client_seq+1,flag=ACK|SYN).
In here,we use filter-rewriter save the secondary_seq to it's tcp connection.
Finally handshake,client send pkt
(seq=client_seq+1,ack=primary_seq+1,flag=ACK).
Here,filter-rewriter can get primary_seq, and rewrite ack from primary_seq+1
to secondary_seq+1, recalculate checksum. So the secondary tcp connection
kept good.

When we send/recv packet.
client send pkt(seq=client_seq+1+data_len,ack=primary_seq+1,flag=ACK|PSH).
filter-rewriter rewrite ack and send to secondary guest.

primary guest response pkt
(seq=primary_seq+1,ack=client_seq+1+data_len,flag=ACK)
secondary guest response pkt
(seq=secondary_seq+1,ack=client_seq+1+data_len,flag=ACK)
we rewrite secondary guest seq from secondary_seq+1 to primary_seq+1.
So tcp connection kept good.

In code We use offset( = secondary_seq - primary_seq )
to rewrite seq or ack.
handle_primary_tcp_pkt: tcp_pkt->th_ack += offset;
handle_secondary_tcp_pkt: tcp_pkt->th_seq -= offset;

Signed-off-by: Zhang Chen 
Signed-off-by: Li Zhijian 
Signed-off-by: Wen Congyang 
---
 net/colo-base.c   |   2 +
 net/colo-base.h   |   7 
 net/filter-rewriter.c | 112 +-
 trace-events  |   5 +++
 4 files changed, 124 insertions(+), 2 deletions(-)

diff --git a/net/colo-base.c b/net/colo-base.c
index 20797b5..88811a9 100644
--- a/net/colo-base.c
+++ b/net/colo-base.c
@@ -123,6 +123,8 @@ Connection *connection_new(ConnectionKey *key)
 
 conn->ip_proto = key->ip_proto;
 conn->processing = false;
+conn->offset = 0;
+conn->syn_flag = 0;
 g_queue_init(&conn->primary_list);
 g_queue_init(&conn->secondary_list);
 
diff --git a/net/colo-base.h b/net/colo-base.h
index 8d402a3..e4288cb 100644
--- a/net/colo-base.h
+++ b/net/colo-base.h
@@ -50,6 +50,13 @@ typedef struct Connection {
 /* flag to enqueue unprocessed_connections */
 bool processing;
 uint8_t ip_proto;
+/* offset = secondary_seq - primary_seq */
+tcp_seq  offset;
+/*
+ * we use this flag update offset func
+ * run once in independent tcp connection
+ */
+int syn_flag;
 } Connection;
 
 uint32_t connection_key_hash(const void *opaque);
diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
index 6350080..6a4294d 100644
--- a/net/filter-rewriter.c
+++ b/net/filter-rewriter.c
@@ -21,6 +21,7 @@
 #include "qemu/main-loop.h"
 #include "qemu/iov.h"
 #include "net/checksum.h"
+#include "trace.h"
 
 #define FILTER_COLO_REWRITER(obj) \
 OBJECT_CHECK(RewriterState, (obj), TYPE_FILTER_REWRITER)
@@ -65,6 +66,93 @@ static int is_tcp_packet(Packet *pkt)
 }
 }
 
+/* handle tcp packet from primary guest */
+static int handle_primary_tcp_pkt(NetFilterState *nf,
+  Connection *conn,
+  Packet *pkt)
+{
+struct tcphdr *tcp_pkt;
+
+tcp_pkt = (struct tcphdr *)pkt->transport_layer;
+if (trace_event_get_state(TRACE_COLO_FILTER_REWRITER_DEBUG)) {
+char *sdebug, *ddebug;
+sdebug = strdup(inet_ntoa(pkt->ip->ip_src));
+ddebug = strdup(inet_ntoa(pkt->ip->ip_dst));
+trace_colo_filter_rewriter_pkt_info(__func__, sdebug, ddebug,
+ntohl(tcp_pkt->th_seq), ntohl(tcp_pkt->th_ack),
+tcp_pkt->th_flags);
+trace_colo_filter_rewriter_conn_offset(conn->offset);
+g_free(sdebug);
+g_free(ddebug);
+}
+
+if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_SYN)) {
+/*
+ * we use this flag update offset func
+ * run once in independent tcp connection
+ */
+conn->syn_flag = 1;
+}
+
+if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_ACK)) {
+if (conn->syn_flag) {
+/*
+ * offset = secondary_seq - primary seq
+ * ack packet sent by guest from primary node,
+ * so we use th_ack - 1 get primary_seq
+ */
+conn->offset -= (ntohl(tcp_pkt->th_ack) - 1);
+conn->syn_flag = 0;
+}
+/* handle packets to the secondary from the primary */
+tcp_pkt->th_ack = htonl(ntohl(tcp_pkt->th_ack) + conn->offset);
+
+net_checksum_calculate((uint8_t *)pkt->data, pkt->size);
+}
+
+return 0;
+}
+
+/* handle tcp packet from secondary guest */
+static int handle_secondary_tcp_pkt(NetFilterState *nf,
+Connection *conn,
+Packet *pkt)
+{
+struct tcphdr *tcp_pkt;
+
+tcp_pkt = (struct tcphdr *)pkt->transport_

Re: [Qemu-devel] [PATCH] error: error_setg_errno(): errno gets preserved

[Sascha Silbe]

Dear Eric,

Eric Blake  writes:

>> +++ b/include/qapi/error.h
>> @@ -170,6 +170,9 @@ void error_setg_internal(Error **errp,
>>   * Just like error_setg(), with @os_error info added to the message.
>>   * If @os_error is non-zero, ": " + strerror(os_error) is appended to
>>   * the human-readable error message.
>> + *
>> + * The value of errno (which usually can get clobbered by almost any
>> + * function call) will be preserved.
>>   */
>>  #define error_setg_errno(errp, os_error, fmt, ...)  \
>>  error_setg_errno_internal((errp), __FILE__, __LINE__, __func__, \
>
> Do we need/want to make the guarantee of preserving errno across any of
> the other functions and macros declared in error.h?

It would be more consistent to have all error reporting functions
promise this, even if they do not get passed the errno. In some cases
the errno might not matter to the user (so error_setg_errno() isn't
used), but still be passed on to the caller to signal an error (so
clobbering it could be problematic).

Can prepare a follow-up patch that makes sure error_setg(),
error_propagate(), error_setg_file_open(), error_set() preserve
errno. Optionally also the other functions listed in
include/qapi/error.h and include/qemu/error-report.h.

Sascha
-- 
Softwareentwicklung Sascha Silbe, Niederhofenstraße 5/1, 71229 Leonberg
https://se-silbe.de/
USt-IdNr. DE281696641

[Qemu-devel] [PATCH] util/qemu-sockets: revert Yoda Conditions to normal

[Cao jin]

Follow CODING_STYLE

Cc: Daniel P. Berrange 
Cc: Gerd Hoffmann 
Cc: Paolo Bonzini 

Signed-off-by: Cao jin 
---
 util/qemu-sockets.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

Daniel P. Berrange make me realized there is Yoda Conditions in this file,
this file is mixed with both style, since I just touched this file, so,
reverting it is handy to me.

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index 5e08723..a07acc5 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -386,7 +386,7 @@ static int inet_dgram_saddr(InetSocketAddress *sraddr,
 goto err;
 }
 
-if (0 != (rc = getaddrinfo(addr, port, &ai, &peer))) {
+if ((rc = getaddrinfo(addr, port, &ai, &peer)) != 0) {
 error_setg(errp, "address resolution failed for %s:%s: %s", addr, port,
gai_strerror(rc));
 goto err;
@@ -412,7 +412,7 @@ static int inet_dgram_saddr(InetSocketAddress *sraddr,
 port = "0";
 }
 
-if (0 != (rc = getaddrinfo(addr, port, &ai, &local))) {
+if ((rc = getaddrinfo(addr, port, &ai, &local)) != 0) {
 error_setg(errp, "address resolution failed for %s:%s: %s", addr, port,
gai_strerror(rc));
 goto err;
@@ -472,20 +472,20 @@ InetSocketAddress *inet_parse(const char *str, Error 
**errp)
 if (str[0] == ':') {
 /* no host given */
 host[0] = '\0';
-if (1 != sscanf(str, ":%32[^,]%n", port, &pos)) {
+if (sscanf(str, ":%32[^,]%n", port, &pos) != 1) {
 error_setg(errp, "error parsing port in address '%s'", str);
 goto fail;
 }
 } else if (str[0] == '[') {
 /* IPv6 addr */
-if (2 != sscanf(str, "[%64[^]]]:%32[^,]%n", host, port, &pos)) {
+if (sscanf(str, "[%64[^]]]:%32[^,]%n", host, port, &pos) != 2) {
 error_setg(errp, "error parsing IPv6 address '%s'", str);
 goto fail;
 }
 addr->ipv6 = addr->has_ipv6 = true;
 } else {
 /* hostname or IPv4 addr */
-if (2 != sscanf(str, "%64[^:]:%32[^,]%n", host, port, &pos)) {
+if (sscanf(str, "%64[^:]:%32[^,]%n", host, port, &pos) != 2) {
 error_setg(errp, "error parsing address '%s'", str);
 goto fail;
 }
-- 
2.1.0

Re: [Qemu-devel] [PATCH] error: error_setg_errno(): errno gets preserved

[Halil Pasic]

On 07/28/2016 12:19 PM, Markus Armbruster wrote:
> Eric Blake  writes:
> 
>> On 07/27/2016 03:24 AM, Sascha Silbe wrote:
>>> C11 allows errno to be clobbered by pretty much any library function
>>> call, so in general callers need to take care to save errno before
>>> calling other functions.
>>>
>>> However, for error reporting functions this is rather awkward and can
>>> make the code on the caller side more complicated than
>>> necessary. error_setg_errno() already takes care of preserving errno
>>> and some functions rely on that, so just promise that we continue to
>>> do so in the future.
>>>
>>> Signed-off-by: Sascha Silbe 
>>> ---
>>>
>>> Alternative approach to "error: error_setg_errno(): errno may be
>>> clobbered" [1].
>>
>> I like this alternative better.
>>
>>
>>> +++ b/include/qapi/error.h
>>> @@ -170,6 +170,9 @@ void error_setg_internal(Error **errp,
>>>   * Just like error_setg(), with @os_error info added to the message.
>>>   * If @os_error is non-zero, ": " + strerror(os_error) is appended to
>>>   * the human-readable error message.
>>> + *
>>> + * The value of errno (which usually can get clobbered by almost any
>>> + * function call) will be preserved.
>>>   */
>>>  #define error_setg_errno(errp, os_error, fmt, ...)  \
>>>  error_setg_errno_internal((errp), __FILE__, __LINE__, __func__, \
>>
>> Do we need/want to make the guarantee of preserving errno across any of
>> the other functions and macros declared in error.h?
> 
> I guess we should for the ones that preserve errno, to make that
> preservation actually useful.  These are: error_setv(),
> error_setg_errno_internal(), error_append_hint().  Indirectly:
> error_set_internal(), error_set(), error_setg_internal(), error_setg(),
> error_setg_file_open_internal(), error_setg_file_open(), possibly
> error_setg_win32_internal() and error_setg_win32().
> 

The implementation of preserve errno seems inconsistent to me.  The
function error_setv is static, and I guess it is supposed to provide
this indirect errno preservation and is used for both error_setg und
error_setg_errno, yet error_setg_ errno_internal does extra save-restore
itself while error_setg_iternal relies on 'indirect', what is not OK in
my opinion.

As Sascha pointed out, in C11 any library functions may change errno
unless explicitly told otherwise for the particular function.  Since
start_va and end_va has nothing on preserving errno it is guaranteed by
the standard that they persevere errno, and we should assume they don't.

I could prepare a patch for this. Should I?

Halil

Re: [Qemu-devel] invalid runstate transition: 'prelaunch' -> 'prelaunch'

[Liviu Ionescu]

Peter,

Can you confirm that adding a new transition definition is ok for the context 
I'm using it?

I had no problems so far, just wanted to be sure.


Thank you,

Liviu


> On 27 Jul 2016, at 22:40, Liviu Ionescu  wrote:
> 
> Hi,
> 
> I just upgraded GNU ARM Eclipse QEMU to 2.6.0 and ran into a problem.
> 
> The console reads:
> 
> ```
> GNU ARM Eclipse 64-bits QEMU v2.6.0 (qemu-system-gnuarmeclipse).
> Board: 'STM32F4-Discovery' (ST Discovery kit for STM32F407/417 lines).
> Device: 'STM32F407VG' (Cortex-M4 r0p0, MPU), Flash: 1024 kB, RAM: 128 kB.
> Command line: 'test' (4 bytes).
> Cortex-M4 r0p0 core initialised.
> GDB Server listening on: 'tcp::1234'...
> Cortex-M4 r0p0 core reset.
> ... connection accepted from 127.0.0.1.
> 
> Execute 'mon system_reset'.
> 
> Cortex-M4 r0p0 core reset.
> qemu-system-gnuarmeclipse: invalid runstate transition: 'prelaunch' -> 
> 'prelaunch'
> ```
> 
> QEMU is started as a GDB server, and when the GDB client connects (from an 
> Eclipse session), it issues a 'system_reset' command.
> 
> The problem occurs in:
> 
> ```
> void runstate_set(RunState new_state)
> {
>assert(new_state < RUN_STATE__MAX);
> 
>if (!runstate_valid_transitions[current_run_state][new_state]) {
>error_report("invalid runstate transition: '%s' -> '%s'",
> RunState_lookup[current_run_state],
> RunState_lookup[new_state]);
>abort();
>}
>trace_runstate_set(new_state);
>current_run_state = new_state;
> }
> ```
> 
> when called from `main_loop_should_exit(void)`:
> 
> ```
>if (qemu_reset_requested()) {
>pause_all_vcpus();
>qemu_system_reset(VMRESET_REPORT);
>resume_all_vcpus();
>if (!runstate_check(RUN_STATE_RUNNING) &&
>!runstate_check(RUN_STATE_INMIGRATE)) {
>runstate_set(RUN_STATE_PRELAUNCH);
>}
>}
> ```
> 
> I fixed the problem by adding a new transition in the 
> `runstate_transitions_def[]` array:
> 
> ```
> #if defined(CONFIG_GNU_ARM_ECLIPSE)
>{ RUN_STATE_PRELAUNCH, RUN_STATE_PRELAUNCH },
> #endif /* defined(CONFIG_GNU_ARM_ECLIPSE) */
> ```
> 
> I don't know what these transition states are, but the above missing line 
> might affect other users too.
> 
> 
> For completeness, I'm referring to the source files tagged with v2.6.0.
> 
> 
> Regards,
> 
> Liviu
> 
> 
> 
> 

[Qemu-devel] [PATCH] RFC: pci-bus: add property ownership on bsel

[marcandre . lureau]

From: Marc-André Lureau 

The property should own the allocated and unreferenced pointer. In case
of error, it should also be freed.

RFC, because this patch triggers:
/x86_64/qom/pc-i440fx-1.7:
qemu-system-x86_64: attempt to add duplicate property 'acpi-pcihp-bsel' to 
object (type 'PCI')

Signed-off-by: Marc-André Lureau 
---
 hw/i386/acpi-build.c | 15 +--
 include/qom/object.h |  4 
 qom/object.c |  9 +
 3 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 017bb51..2012007 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -425,6 +425,11 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
PCMachineState *pcms)
  table_data->len - madt_start, 1, NULL, NULL);
 }
 
+static void bsel_release(Object *obj, const char *name, void *opaque)
+{
+g_free(opaque);
+}
+
 /* Assign BSEL property to all buses.  In the future, this can be changed
  * to only assign to buses that support hotplug.
  */
@@ -432,13 +437,19 @@ static void *acpi_set_bsel(PCIBus *bus, void *opaque)
 {
 unsigned *bsel_alloc = opaque;
 unsigned *bus_bsel;
+Error *err = NULL;
 
 if (qbus_is_hotpluggable(BUS(bus))) {
 bus_bsel = g_malloc(sizeof *bus_bsel);
 
 *bus_bsel = (*bsel_alloc)++;
-object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
-   bus_bsel, NULL);
+object_property_add_uint32_ptr_release(OBJECT(bus),
+   ACPI_PCIHP_PROP_BSEL,
+   bus_bsel, bsel_release, &err);
+if (err) {
+g_free(bus_bsel);
+error_report_err(err);
+}
 }
 
 return bsel_alloc;
diff --git a/include/qom/object.h b/include/qom/object.h
index 5ecc2d1..41c1051 100644
--- a/include/qom/object.h
+++ b/include/qom/object.h
@@ -1488,6 +1488,10 @@ void object_class_property_add_uint16_ptr(ObjectClass 
*klass, const char *name,
  */
 void object_property_add_uint32_ptr(Object *obj, const char *name,
 const uint32_t *v, Error **errp);
+void object_property_add_uint32_ptr_release(Object *obj, const char *name,
+uint32_t *v,
+ObjectPropertyRelease *release,
+Error **errp);
 void object_class_property_add_uint32_ptr(ObjectClass *klass, const char *name,
   const uint32_t *v, Error **errp);
 
diff --git a/qom/object.c b/qom/object.c
index 8166b7d..1635f57 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -2157,6 +2157,15 @@ void object_property_add_uint32_ptr(Object *obj, const 
char *name,
 NULL, NULL, (void *)v, errp);
 }
 
+void object_property_add_uint32_ptr_release(Object *obj, const char *name,
+uint32_t *v,
+ObjectPropertyRelease *release,
+Error **errp)
+{
+object_property_add(obj, name, "uint32", property_get_uint32_ptr,
+NULL, release, (void *)v, errp);
+}
+
 void object_class_property_add_uint32_ptr(ObjectClass *klass, const char *name,
   const uint32_t *v, Error **errp)
 {
-- 
2.9.0

Re: [Qemu-devel] [PATCH] RFC: pci-bus: add property ownership on bsel

[Igor Mammedov]

On Thu, 28 Jul 2016 15:13:57 +0400
marcandre.lur...@redhat.com wrote:

> From: Marc-André Lureau 
> 
> The property should own the allocated and unreferenced pointer. In case
> of error, it should also be freed.
I wonder, what use case triggers above error


> 
> RFC, because this patch triggers:
> /x86_64/qom/pc-i440fx-1.7:
> qemu-system-x86_64: attempt to add duplicate property 'acpi-pcihp-bsel' to 
> object (type 'PCI')
> 
> Signed-off-by: Marc-André Lureau 
> ---
>  hw/i386/acpi-build.c | 15 +--
>  include/qom/object.h |  4 
>  qom/object.c |  9 +
>  3 files changed, 26 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> index 017bb51..2012007 100644
> --- a/hw/i386/acpi-build.c
> +++ b/hw/i386/acpi-build.c
> @@ -425,6 +425,11 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
> PCMachineState *pcms)
>   table_data->len - madt_start, 1, NULL, NULL);
>  }
>  
> +static void bsel_release(Object *obj, const char *name, void *opaque)
> +{
> +g_free(opaque);
> +}
> +
>  /* Assign BSEL property to all buses.  In the future, this can be changed
>   * to only assign to buses that support hotplug.
>   */
> @@ -432,13 +437,19 @@ static void *acpi_set_bsel(PCIBus *bus, void *opaque)
>  {
>  unsigned *bsel_alloc = opaque;
>  unsigned *bus_bsel;
> +Error *err = NULL;
>  
>  if (qbus_is_hotpluggable(BUS(bus))) {
>  bus_bsel = g_malloc(sizeof *bus_bsel);
>  
>  *bus_bsel = (*bsel_alloc)++;
> -object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
> -   bus_bsel, NULL);
> +object_property_add_uint32_ptr_release(OBJECT(bus),
> +   ACPI_PCIHP_PROP_BSEL,
> +   bus_bsel, bsel_release, &err);
> +if (err) {
> +g_free(bus_bsel);
> +error_report_err(err);
> +}
>  }
>  
>  return bsel_alloc;
> diff --git a/include/qom/object.h b/include/qom/object.h
> index 5ecc2d1..41c1051 100644
> --- a/include/qom/object.h
> +++ b/include/qom/object.h
> @@ -1488,6 +1488,10 @@ void object_class_property_add_uint16_ptr(ObjectClass 
> *klass, const char *name,
>   */
>  void object_property_add_uint32_ptr(Object *obj, const char *name,
>  const uint32_t *v, Error **errp);
> +void object_property_add_uint32_ptr_release(Object *obj, const char *name,
> +uint32_t *v,
> +ObjectPropertyRelease *release,
> +Error **errp);
>  void object_class_property_add_uint32_ptr(ObjectClass *klass, const char 
> *name,
>const uint32_t *v, Error **errp);
>  
> diff --git a/qom/object.c b/qom/object.c
> index 8166b7d..1635f57 100644
> --- a/qom/object.c
> +++ b/qom/object.c
> @@ -2157,6 +2157,15 @@ void object_property_add_uint32_ptr(Object *obj, const 
> char *name,
>  NULL, NULL, (void *)v, errp);
>  }
>  
> +void object_property_add_uint32_ptr_release(Object *obj, const char *name,
> +uint32_t *v,
> +ObjectPropertyRelease *release,
> +Error **errp)
> +{
> +object_property_add(obj, name, "uint32", property_get_uint32_ptr,
> +NULL, release, (void *)v, errp);
> +}
> +
>  void object_class_property_add_uint32_ptr(ObjectClass *klass, const char 
> *name,
>const uint32_t *v, Error **errp)
>  {

Re: [Qemu-devel] [PATCH 22/37] pc: free i8259

[Marcel Apfelbaum]

On 07/19/2016 11:54 AM, marcandre.lur...@redhat.com wrote:

From: Marc-André Lureau 

Simiarly to 2ba154cf4eb8636cdd3aa90f392ca9e77206ca39

Signed-off-by: Marc-André Lureau 
---
 hw/i386/pc_q35.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/i386/pc_q35.c b/hw/i386/pc_q35.c
index c0b9961..c5e8367 100644
--- a/hw/i386/pc_q35.c
+++ b/hw/i386/pc_q35.c
@@ -213,6 +213,8 @@ static void pc_q35_init(MachineState *machine)
 for (i = 0; i < ISA_NUM_IRQS; i++) {
 gsi_state->i8259_irq[i] = i8259[i];
 }
+g_free(i8259);
+
 if (pcmc->pci_enabled) {
 ioapic_init_gsi(gsi_state, "q35");
 }



Hi,
It seems  my previous reply didn't make it to the mailing list.

Reviewed-by: Marcel Apfelbaum 

Thanks,
Marcel

[Qemu-devel] [PATCH] linux-user: Use correct alignment for long long on i386 guests

[Peter Maydell]

For i386, the ABI specifies that 'long long' (8 byte values)
need only be 4 aligned, but we were requiring them to be
8-aligned. This meant we were laying out the target_epoll_event
structure wrongly. Add a suitable ifdef to abitypes.h to
specify the i386-specific alignment requirement.

Reported-by: Icenowy Zheng 
Signed-off-by: Peter Maydell 
---
 include/exec/user/abitypes.h | 4 
 1 file changed, 4 insertions(+)

diff --git a/include/exec/user/abitypes.h b/include/exec/user/abitypes.h
index a09d6c6..ba18860 100644
--- a/include/exec/user/abitypes.h
+++ b/include/exec/user/abitypes.h
@@ -15,6 +15,10 @@
 #define ABI_LLONG_ALIGNMENT 2
 #endif
 
+#if defined(TARGET_I386) && !defined(TARGET_X86_64)
+#define ABI_LLONG_ALIGNMENT 4
+#endif
+
 #ifndef ABI_SHORT_ALIGNMENT
 #define ABI_SHORT_ALIGNMENT 2
 #endif
-- 
1.9.1

[Qemu-devel] [PATCH 4/7] nios2: Add IIC interrupt controller emulation

[Marek Vasut]

From: Chris Wulff 

Add the Altera Nios2 internal interrupt controller model.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 hw/intc/Makefile.objs |   1 +
 hw/intc/nios2_iic.c   | 103 ++
 2 files changed, 104 insertions(+)
 create mode 100644 hw/intc/nios2_iic.c

diff --git a/hw/intc/Makefile.objs b/hw/intc/Makefile.objs
index 05ec21b..3c29fe7 100644
--- a/hw/intc/Makefile.objs
+++ b/hw/intc/Makefile.objs
@@ -38,3 +38,4 @@ obj-$(CONFIG_S390_FLIC_KVM) += s390_flic_kvm.o
 obj-$(CONFIG_ASPEED_SOC) += aspeed_vic.o
 obj-$(CONFIG_ARM_GIC) += arm_gicv3_cpuif.o
 obj-$(CONFIG_MIPS_CPS) += mips_gic.o
+obj-$(CONFIG_NIOS2) += nios2_iic.o
diff --git a/hw/intc/nios2_iic.c b/hw/intc/nios2_iic.c
new file mode 100644
index 000..6da2cce
--- /dev/null
+++ b/hw/intc/nios2_iic.c
@@ -0,0 +1,103 @@
+/*
+ * QEMU Altera Internal Interrupt Controller.
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+
+#include "hw/sysbus.h"
+#include "cpu.h"
+
+#define TYPE_ALTERA_IIC "altera,iic"
+#define ALTERA_IIC(obj) \
+OBJECT_CHECK(AlteraIIC, (obj), TYPE_ALTERA_IIC)
+
+typedef struct AlteraIIC {
+SysBusDevice  parent_obj;
+void *cpu;
+qemu_irq  parent_irq;
+} AlteraIIC;
+
+static void update_irq(AlteraIIC *pv)
+{
+CPUNios2State *env = &((Nios2CPU*)(pv->cpu))->env;
+
+qemu_set_irq(pv->parent_irq,
+ env->regs[CR_IPENDING] & env->regs[CR_IENABLE]);
+}
+
+static void irq_handler(void *opaque, int irq, int level)
+{
+AlteraIIC *pv = opaque;
+CPUNios2State *env = &((Nios2CPU*)(pv->cpu))->env;
+
+env->regs[CR_IPENDING] &= ~(1 << irq);
+env->regs[CR_IPENDING] |= !!level << irq;
+
+update_irq(pv);
+}
+
+static void altera_iic_init(Object *obj)
+{
+AlteraIIC *pv = ALTERA_IIC(obj);
+
+qdev_init_gpio_in(DEVICE(pv), irq_handler, 32);
+sysbus_init_irq(SYS_BUS_DEVICE(obj), &pv->parent_irq);
+}
+
+static Property altera_iic_properties[] = {
+DEFINE_PROP_PTR("cpu", AlteraIIC, cpu),
+DEFINE_PROP_END_OF_LIST(),
+};
+
+static void altera_iic_realize(DeviceState *dev, Error **errp)
+{
+struct AlteraIIC *pv = ALTERA_IIC(dev);
+
+if (!pv->cpu) {
+error_setg(errp, "altera,iic: CPU not connected");
+return;
+}
+}
+
+static void altera_iic_class_init(ObjectClass *klass, void *data)
+{
+DeviceClass *dc = DEVICE_CLASS(klass);
+
+dc->props = altera_iic_properties;
+/* Reason: pointer property "cpu" */
+dc->cannot_instantiate_with_device_add_yet = true;
+dc->realize = altera_iic_realize;
+}
+
+static TypeInfo altera_iic_info = {
+.name  = "altera,iic",
+.parent= TYPE_SYS_BUS_DEVICE,
+.instance_size = sizeof(AlteraIIC),
+.instance_init = altera_iic_init,
+.class_init= altera_iic_class_init,
+};
+
+static void altera_iic_register(void)
+{
+type_register_static(&altera_iic_info);
+}
+
+type_init(altera_iic_register)
-- 
2.8.1

[Qemu-devel] [PATCH 5/7] nios2: Add periodic timer emulation

[Marek Vasut]

From: Chris Wulff 

Add the Altera timer model.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 hw/timer/Makefile.objs  |   1 +
 hw/timer/altera_timer.c | 225 
 2 files changed, 226 insertions(+)
 create mode 100644 hw/timer/altera_timer.c

diff --git a/hw/timer/Makefile.objs b/hw/timer/Makefile.objs
index 7ba8c23..0867a64 100644
--- a/hw/timer/Makefile.objs
+++ b/hw/timer/Makefile.objs
@@ -18,6 +18,7 @@ common-obj-$(CONFIG_IMX) += imx_gpt.o
 common-obj-$(CONFIG_LM32) += lm32_timer.o
 common-obj-$(CONFIG_MILKYMIST) += milkymist-sysctl.o
 
+obj-$(CONFIG_ALTERA_TIMER) += altera_timer.o
 obj-$(CONFIG_EXYNOS4) += exynos4210_mct.o
 obj-$(CONFIG_EXYNOS4) += exynos4210_pwm.o
 obj-$(CONFIG_EXYNOS4) += exynos4210_rtc.o
diff --git a/hw/timer/altera_timer.c b/hw/timer/altera_timer.c
new file mode 100644
index 000..3daa093
--- /dev/null
+++ b/hw/timer/altera_timer.c
@@ -0,0 +1,225 @@
+/*
+ * QEMU model of the Altera timer.
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+
+#include "hw/sysbus.h"
+#include "sysemu/sysemu.h"
+#include "hw/ptimer.h"
+
+#define R_STATUS  0
+#define R_CONTROL 1
+#define R_PERIODL 2
+#define R_PERIODH 3
+#define R_SNAPL   4
+#define R_SNAPH   5
+#define R_MAX 6
+
+#define STATUS_TO 0x0001
+#define STATUS_RUN0x0002
+
+#define CONTROL_ITO   0x0001
+#define CONTROL_CONT  0x0002
+#define CONTROL_START 0x0004
+#define CONTROL_STOP  0x0008
+
+#define TYPE_ALTERA_TIMER "ALTR.timer"
+#define ALTERA_TIMER(obj) \
+OBJECT_CHECK(AlteraTimer, (obj), TYPE_ALTERA_TIMER)
+
+typedef struct AlteraTimer {
+SysBusDevice  busdev;
+MemoryRegion  mmio;
+qemu_irq  irq;
+uint32_t  freq_hz;
+QEMUBH   *bh;
+ptimer_state *ptimer;
+uint32_t  regs[R_MAX];
+} AlteraTimer;
+
+static inline int timer_irq_state(AlteraTimer *t)
+{
+return (t->regs[R_STATUS] & STATUS_TO) &&
+   (t->regs[R_CONTROL] & CONTROL_ITO);
+}
+
+static uint64_t timer_read(void *opaque, hwaddr addr,
+   unsigned int size)
+{
+AlteraTimer *t = opaque;
+uint64_t r = 0;
+
+addr >>= 2;
+addr &= 0x7;
+switch (addr) {
+case R_CONTROL:
+r = t->regs[R_CONTROL] & (CONTROL_ITO | CONTROL_CONT);
+break;
+
+default:
+if (addr < ARRAY_SIZE(t->regs)) {
+r = t->regs[addr];
+}
+break;
+}
+
+return r;
+}
+
+static void timer_write(void *opaque, hwaddr addr,
+uint64_t val64, unsigned int size)
+{
+AlteraTimer *t = opaque;
+uint64_t tvalue;
+uint32_t value = val64;
+uint32_t count = 0;
+int irqState = timer_irq_state(t);
+
+addr >>= 2;
+addr &= 0x7;
+switch (addr) {
+case R_STATUS:
+/* Writing zero clears the timeout */
+t->regs[R_STATUS] &= ~STATUS_TO;
+break;
+
+case R_CONTROL:
+t->regs[R_CONTROL] = value & (CONTROL_ITO | CONTROL_CONT);
+if ((value & CONTROL_START) &&
+!(t->regs[R_STATUS] & STATUS_RUN)) {
+ptimer_run(t->ptimer, 1);
+t->regs[R_STATUS] |= STATUS_RUN;
+}
+if ((value & CONTROL_STOP) && (t->regs[R_STATUS] & STATUS_RUN)) {
+ptimer_stop(t->ptimer);
+t->regs[R_STATUS] &= ~STATUS_RUN;
+}
+break;
+
+case R_PERIODL:
+case R_PERIODH:
+t->regs[addr] = value & 0x;
+if (t->regs[R_STATUS] & STATUS_RUN) {
+ptimer_stop(t->ptimer);
+t->regs[R_STATUS] &= ~STATUS_RUN;
+}
+tvalue = (t->regs[R_PERIODH] << 16) | t->regs[R_PERIODL];
+ptimer_set_limit(t->ptimer, tvalue + 1, 1);
+break;
+
+case R_SNAPL:
+case R_SNAPH:
+count = ptimer_get_count(t->ptimer);
+t->regs[R_SNAPL] = count & 0x;
+t->regs[R_SNAPH] = (count >> 16) & 0x;
+break;
+
+default:
+break;
+}
+
+if (irqState != timer_irq_state(t)) {
+qemu_set_irq(t->irq, timer_irq_state(t));
+}
+}
+
+static const MemoryRegionOps timer_ops = {
+.read = timer_read,
+.write

[Qemu-devel] [PATCH 3/7] nios2: Add usermode binaries emulation

[Marek Vasut]

Add missing bits for qemu-user required for emulating Altera Nios2
userspace binaries.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 include/elf.h |   2 +
 linux-user/elfload.c  |  58 +++
 linux-user/main.c | 136 +++-
 linux-user/nios2/syscall_nr.h | 330 ++
 linux-user/nios2/target_cpu.h |  38 +
 linux-user/nios2/target_signal.h  |  26 +++
 linux-user/nios2/target_structs.h |  58 +++
 linux-user/nios2/target_syscall.h |  37 +
 linux-user/nios2/termbits.h   | 220 +
 linux-user/signal.c   | 238 ++-
 linux-user/syscall_defs.h |   7 +-
 11 files changed, 1143 insertions(+), 7 deletions(-)
 create mode 100644 linux-user/nios2/syscall_nr.h
 create mode 100644 linux-user/nios2/target_cpu.h
 create mode 100644 linux-user/nios2/target_signal.h
 create mode 100644 linux-user/nios2/target_structs.h
 create mode 100644 linux-user/nios2/target_syscall.h
 create mode 100644 linux-user/nios2/termbits.h

diff --git a/include/elf.h b/include/elf.h
index 1c2975d..0dbd3e9 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -126,6 +126,8 @@ typedef int64_t  Elf64_Sxword;
  */
 #define EM_S390_OLD 0xA390
 
+#define EM_ALTERA_NIOS2 113 /* Altera Nios II soft-core processor */
+
 #define EM_MICROBLAZE  189
 #define EM_MICROBLAZE_OLD  0xBAAB
 
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index f807baf..19930cd 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -963,6 +963,64 @@ static void elf_core_copy_regs(target_elf_gregset_t *regs, 
const CPUMBState *env
 
 #endif /* TARGET_MICROBLAZE */
 
+#ifdef TARGET_NIOS2
+
+#define ELF_START_MMAP 0x8000
+
+#define elf_check_arch(x) ((x) == EM_ALTERA_NIOS2)
+
+#define ELF_CLASS   ELFCLASS32
+#define ELF_ARCHEM_ALTERA_NIOS2
+
+static inline void init_thread(struct target_pt_regs *regs,
+   struct image_info *infop)
+{
+regs->ea = infop->entry;
+regs->sp = infop->start_stack;
+regs->estatus = 0x3;
+}
+
+#define ELF_EXEC_PAGESIZE4096
+
+#define USE_ELF_CORE_DUMP
+#define ELF_NREG 49
+typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
+
+/* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
+static void elf_core_copy_regs(target_elf_gregset_t *regs,
+  const CPUNios2State *env)
+{
+int i;
+
+(*regs)[0] = -1;
+for (i = 1; i < 8; i++)/* r0-r7 */
+(*regs)[i] = tswapreg(env->regs[i + 7]);
+
+for (i = 8; i < 16; i++)   /* r8-r15 */
+(*regs)[i] = tswapreg(env->regs[i - 8]);
+
+for (i = 16; i < 24; i++)  /* r16-r23 */
+(*regs)[i] = tswapreg(env->regs[i + 7]);
+(*regs)[24] = -1;  /* R_ET */
+(*regs)[25] = -1;  /* R_BT */
+(*regs)[26] = tswapreg(env->regs[R_GP]);
+(*regs)[27] = tswapreg(env->regs[R_SP]);
+(*regs)[28] = tswapreg(env->regs[R_FP]);
+(*regs)[29] = tswapreg(env->regs[R_EA]);
+(*regs)[30] = -1;  /* R_SSTATUS */
+(*regs)[31] = tswapreg(env->regs[R_RA]);
+
+(*regs)[32] = tswapreg(env->regs[R_PC]);
+
+(*regs)[33] = -1; /* R_STATUS */
+(*regs)[34] = tswapreg(env->regs[CR_ESTATUS]);
+
+for (i = 35; i < 49; i++)  /* ... */
+   (*regs)[i] = -1;
+}
+
+#endif /* TARGET_NIOS2 */
+
 #ifdef TARGET_OPENRISC
 
 #define ELF_START_MMAP 0x0800
diff --git a/linux-user/main.c b/linux-user/main.c
index 462e820..a0b9f929 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -68,8 +68,11 @@ do { 
   \
  * This way we will never overlap with our own libraries or binaries or stack
  * or anything else that QEMU maps.
  */
-# ifdef TARGET_MIPS
-/* MIPS only supports 31 bits of virtual address space for user space */
+# if defined(TARGET_MIPS) || defined(TARGET_NIOS2)
+/*
+ * MIPS only supports 31 bits of virtual address space for user space.
+ * Nios2 also only supports 31 bits.
+ */
 unsigned long reserved_va = 0x7700;
 # else
 unsigned long reserved_va = 0xf700;
@@ -2723,6 +2726,105 @@ error:
 }
 #endif
 
+#ifdef TARGET_NIOS2
+
+void cpu_loop(CPUNios2State *env)
+{
+CPUState *cs = ENV_GET_CPU(env);
+target_siginfo_t info;
+int trapnr, gdbsig, ret;
+
+for (;;) {
+cpu_exec_start(cs);
+trapnr = cpu_exec(cs);
+cpu_exec_end(cs);
+gdbsig = 0;
+
+switch (trapnr) {
+case EXCP_INTERRUPT:
+/* just indicate that signals should be handled asap */
+break;
+case EXCP_TRAP:
+if (env->regs[R_AT] == 0) {
+abi_long ret;
+qemu_log_mask(CPU_LOG_INT, "\nSyscall\n");
+
+ret = do_syscall(env, env->regs[2],
+ env->regs[4], env->regs[5], env->regs[6],
+ 

[Qemu-devel] [PATCH V2 1/7] nios2: Add disas entries

[Marek Vasut]

Add nios2 disassembler support. This patch is composed from binutils files
from commit "Opcodes and assembler support for Nios II R2". The files from
binutils used in this patch are:

include/opcode/nios2.h
include/opcode/nios2r1.h
include/opcode/nios2r2.h
opcodes/nios2-opc.c
opcodes/nios2-dis.c

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
V2: Replace the nios2.c with GPL2 licensed version
---
 disas/Makefile.objs |1 +
 disas/nios2.c   | 3534 +++
 include/disas/bfd.h |6 +
 3 files changed, 3541 insertions(+)
 create mode 100644 disas/nios2.c

diff --git a/disas/Makefile.objs b/disas/Makefile.objs
index abeba84..62632ef 100644
--- a/disas/Makefile.objs
+++ b/disas/Makefile.objs
@@ -15,6 +15,7 @@ common-obj-$(CONFIG_IA64_DIS) += ia64.o
 common-obj-$(CONFIG_M68K_DIS) += m68k.o
 common-obj-$(CONFIG_MICROBLAZE_DIS) += microblaze.o
 common-obj-$(CONFIG_MIPS_DIS) += mips.o
+common-obj-$(CONFIG_NIOS2_DIS) += nios2.o
 common-obj-$(CONFIG_MOXIE_DIS) += moxie.o
 common-obj-$(CONFIG_PPC_DIS) += ppc.o
 common-obj-$(CONFIG_S390_DIS) += s390.o
diff --git a/disas/nios2.c b/disas/nios2.c
new file mode 100644
index 000..b342936
--- /dev/null
+++ b/disas/nios2.c
@@ -0,0 +1,3534 @@
+/* Nios II opcode library for QEMU.
+   Copyright (C) 2012-2016 Free Software Foundation, Inc.
+   Contributed by Nigel Gray (ng...@altera.com).
+   Contributed by Mentor Graphics, Inc.
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public License
+   as published by the Free Software Foundation; either version 2
+   of the License, or (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor,
+   Boston, MA  02110-1301, USA.  */
+
+/* This file resembles a concatenation of the following files from
+   binutils:
+
+   include/opcode/nios2.h
+   include/opcode/nios2r1.h
+   include/opcode/nios2r2.h
+   opcodes/nios2-opc.c
+   opcodes/nios2-dis.c
+
+   It has been derived from the original patches which have been
+   relicensed by the contributors as GPL version 2 for inclusion
+   in QEMU.  */
+
+#ifndef _NIOS2_H_
+#define _NIOS2_H_
+
+/*#include "bfd.h"*/
+#include "qemu/osdep.h"
+#include "disas/bfd.h"
+
+
+/
+ * This file contains structures, bit masks and shift counts used
+ * by the GNU toolchain to define the Nios II instruction set and
+ * access various opcode fields.
+ /
+
+/* Instruction encoding formats.  */
+enum iw_format_type {
+  /* R1 formats.  */
+  iw_i_type,
+  iw_r_type,
+  iw_j_type,
+  iw_custom_type,
+
+  /* 32-bit R2 formats.  */
+  iw_L26_type,
+  iw_F2I16_type,
+  iw_F2X4I12_type,
+  iw_F1X4I12_type,
+  iw_F1X4L17_type,
+  iw_F3X6L5_type,
+  iw_F2X6L10_type,
+  iw_F3X6_type,
+  iw_F3X8_type,
+
+  /* 16-bit R2 formats.  */
+  iw_I10_type,
+  iw_T1I7_type,
+  iw_T2I4_type,
+  iw_T1X1I6_type,
+  iw_X1I7_type,
+  iw_L5I4X1_type,
+  iw_T2X1L3_type,
+  iw_T2X1I3_type,
+  iw_T3X1_type,
+  iw_T2X3_type,
+  iw_F1X1_type,
+  iw_X2L5_type,
+  iw_F1I5_type,
+  iw_F2_type
+};
+
+/* Identify different overflow situations for error messages.  */
+enum overflow_type
+{
+  call_target_overflow = 0,
+  branch_target_overflow,
+  address_offset_overflow,
+  signed_immed16_overflow,
+  unsigned_immed16_overflow,
+  unsigned_immed5_overflow,
+  signed_immed12_overflow,
+  custom_opcode_overflow,
+  enumeration_overflow,
+  no_overflow
+};
+
+/* This structure holds information for a particular instruction. 
+
+   The args field is a string describing the operands.  The following
+   letters can appear in the args:
+ c - a 5-bit control register index
+ d - a 5-bit destination register index
+ s - a 5-bit left source register index
+ t - a 5-bit right source register index
+ D - a 3-bit encoded destination register
+ S - a 3-bit encoded left source register
+ T - a 3-bit encoded right source register
+ i - a 16-bit signed immediate
+ j - a 5-bit unsigned immediate
+ k - a (second) 5-bit unsigned immediate
+ l - a 8-bit custom instruction constant
+ m - a 26-bit unsigned immediate
+ o - a 16-bit signed pc-relative offset
+ u - a 16-bit unsigned immediate
+ I - a 12-bit signed immediate
+ M - a 6-bit unsigned immediate
+ N - a 6-bit unsigned immediate with 2-bit shift
+ O - a 10

[Qemu-devel] [PATCH 2/7] nios2: Add architecture emulation support

[Marek Vasut]

From: Chris Wulff 

Add support for emulating Altera NiosII R1 architecture into qemu.
This patch is based on previous work by Chris Wulff from 2012 and
updated to latest mainline QEMU.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 target-nios2/Makefile.objs |4 +
 target-nios2/cpu.c |  229 +++
 target-nios2/cpu.h |  265 
 target-nios2/helper.c  |  304 ++
 target-nios2/helper.h  |   41 ++
 target-nios2/instruction.c | 1427 
 target-nios2/instruction.h |  279 +
 target-nios2/machine.c |   38 ++
 target-nios2/mmu.c |  292 +
 target-nios2/mmu.h |   54 ++
 target-nios2/monitor.c |   35 ++
 target-nios2/op_helper.c   |   86 +++
 target-nios2/translate.c   |  242 
 13 files changed, 3296 insertions(+)
 create mode 100644 target-nios2/Makefile.objs
 create mode 100644 target-nios2/cpu.c
 create mode 100644 target-nios2/cpu.h
 create mode 100644 target-nios2/helper.c
 create mode 100644 target-nios2/helper.h
 create mode 100644 target-nios2/instruction.c
 create mode 100644 target-nios2/instruction.h
 create mode 100644 target-nios2/machine.c
 create mode 100644 target-nios2/mmu.c
 create mode 100644 target-nios2/mmu.h
 create mode 100644 target-nios2/monitor.c
 create mode 100644 target-nios2/op_helper.c
 create mode 100644 target-nios2/translate.c

diff --git a/target-nios2/Makefile.objs b/target-nios2/Makefile.objs
new file mode 100644
index 000..ea6a528
--- /dev/null
+++ b/target-nios2/Makefile.objs
@@ -0,0 +1,4 @@
+obj-y += translate.o op_helper.o helper.o cpu.o mmu.o instruction.o
+obj-$(CONFIG_SOFTMMU) += monitor.o
+
+$(obj)/op_helper.o: QEMU_CFLAGS += $(HELPER_CFLAGS)
diff --git a/target-nios2/cpu.c b/target-nios2/cpu.c
new file mode 100644
index 000..5b4a2f6
--- /dev/null
+++ b/target-nios2/cpu.c
@@ -0,0 +1,229 @@
+/*
+ * QEMU Nios II CPU
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "qapi/error.h"
+#include "cpu.h"
+#include "exec/log.h"
+#include "exec/gdbstub.h"
+#include "hw/qdev-properties.h"
+
+static void nios2_cpu_set_pc(CPUState *cs, vaddr value)
+{
+Nios2CPU *cpu = NIOS2_CPU(cs);
+CPUNios2State *env = &cpu->env;
+
+env->regs[R_PC] = value;
+}
+
+static bool nios2_cpu_has_work(CPUState *cs)
+{
+return cs->interrupt_request & (CPU_INTERRUPT_HARD | CPU_INTERRUPT_NMI);
+}
+
+/* CPUClass::reset() */
+static void nios2_cpu_reset(CPUState *cs)
+{
+Nios2CPU *cpu = NIOS2_CPU(cs);
+Nios2CPUClass *ncc = NIOS2_CPU_GET_CLASS(cpu);
+CPUNios2State *env = &cpu->env;
+
+if (qemu_loglevel_mask(CPU_LOG_RESET)) {
+qemu_log("CPU Reset (CPU %d)\n", cs->cpu_index);
+log_cpu_state(cs, 0);
+}
+
+ncc->parent_reset(cs);
+
+tlb_flush(cs, 1);
+
+memset(env->regs, 0, sizeof(uint32_t) * NUM_CORE_REGS);
+env->regs[R_PC] = env->reset_addr;
+
+#if defined(CONFIG_USER_ONLY)
+/* Start in user mode with interrupts enabled. */
+env->regs[CR_STATUS] = CR_STATUS_U | CR_STATUS_PIE;
+#endif
+}
+
+static void nios2_cpu_initfn(Object *obj)
+{
+CPUState *cs = CPU(obj);
+Nios2CPU *cpu = NIOS2_CPU(obj);
+CPUNios2State *env = &cpu->env;
+static bool tcg_initialized;
+
+cpu->mmu_present = true;
+cs->env_ptr = env;
+cpu_exec_init(cs, &error_abort);
+
+#if !defined(CONFIG_USER_ONLY)
+mmu_init(&env->mmu);
+#endif
+
+if (tcg_enabled() && !tcg_initialized) {
+tcg_initialized = true;
+nios2_tcg_init();
+}
+}
+
+Nios2CPU *cpu_nios2_init(const char *cpu_model)
+{
+Nios2CPU *cpu = NIOS2_CPU(object_new(TYPE_NIOS2_CPU));
+
+object_property_set_bool(OBJECT(cpu), true, "realized", NULL);
+
+return cpu;
+}
+
+static void nios2_cpu_realizefn(DeviceState *dev, Error **errp)
+{
+CPUState *cs = CPU(dev);
+Nios2CPUClass *ncc = NIOS2_CPU_GET_CLASS(dev);
+
+qemu_init_vcpu(cs);
+cpu_reset(cs);
+
+ncc->parent_realize(dev, errp);
+}
+
+static bool nios2_cpu_exec_interrupt(CPUState *cs, int interrupt_request)
+{
+Nios2CPU *cpu = NIOS2_CPU(cs);
+CPUNios2State *env = &cpu->env;
+
+if ((interrupt_request & CPU_INTERRUPT_H

[Qemu-devel] [PATCH 7/7] nios2: Add support for Nios-II R1

[Marek Vasut]

Add remaining bits of the Altera NiosII R1 support into qemu, which
is documentation, MAINTAINERS file entry, configure bits, arch_init
and configuration files for both linux-user (userland binaries) and
softmmu (hardware emulation).

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 MAINTAINERS  | 8 
 arch_init.c  | 2 ++
 configure| 5 +
 default-configs/nios2-linux-user.mak | 1 +
 default-configs/nios2-softmmu.mak| 6 ++
 include/sysemu/arch_init.h   | 1 +
 qemu-doc.texi| 3 +++
 7 files changed, 26 insertions(+)
 create mode 100644 default-configs/nios2-linux-user.mak
 create mode 100644 default-configs/nios2-softmmu.mak

diff --git a/MAINTAINERS b/MAINTAINERS
index d1439a8..f7aa2ae 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -157,6 +157,14 @@ S: Maintained
 F: target-moxie/
 F: disas/moxie.c
 
+NiosII
+M: Chris Wulff 
+M: Marek Vasut 
+S: Maintained
+F: target-nios2/
+F: hw/nios2/
+F: disas/nios2.c
+
 OpenRISC
 M: Jia Liu 
 S: Maintained
diff --git a/arch_init.c b/arch_init.c
index fa05973..f63661c 100644
--- a/arch_init.c
+++ b/arch_init.c
@@ -64,6 +64,8 @@ int graphic_depth = 32;
 #define QEMU_ARCH QEMU_ARCH_MIPS
 #elif defined(TARGET_MOXIE)
 #define QEMU_ARCH QEMU_ARCH_MOXIE
+#elif defined(TARGET_NIOS2)
+#define QEMU_ARCH QEMU_ARCH_NIOS2
 #elif defined(TARGET_OPENRISC)
 #define QEMU_ARCH QEMU_ARCH_OPENRISC
 #elif defined(TARGET_PPC)
diff --git a/configure b/configure
index 879324b..d46ae63 100755
--- a/configure
+++ b/configure
@@ -5679,6 +5679,8 @@ case "$target_name" in
   ;;
   moxie)
   ;;
+  nios2)
+  ;;
   or32)
 TARGET_ARCH=openrisc
 TARGET_BASE_ARCH=openrisc
@@ -5875,6 +5877,9 @@ for i in $ARCH $TARGET_BASE_ARCH ; do
   moxie*)
 disas_config "MOXIE"
   ;;
+  nios2)
+disas_config "NIOS2"
+  ;;
   or32)
 disas_config "OPENRISC"
   ;;
diff --git a/default-configs/nios2-linux-user.mak 
b/default-configs/nios2-linux-user.mak
new file mode 100644
index 000..5be3eb7
--- /dev/null
+++ b/default-configs/nios2-linux-user.mak
@@ -0,0 +1 @@
+# Default configuration for nios2-linux-user
diff --git a/default-configs/nios2-softmmu.mak 
b/default-configs/nios2-softmmu.mak
new file mode 100644
index 000..74dc70c
--- /dev/null
+++ b/default-configs/nios2-softmmu.mak
@@ -0,0 +1,6 @@
+# Default configuration for nios2-softmmu
+
+CONFIG_NIOS2=y
+CONFIG_SERIAL=y
+CONFIG_PTIMER=y
+CONFIG_ALTERA_TIMER=y
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index d690dfa..cf70976 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -23,6 +23,7 @@ enum {
 QEMU_ARCH_UNICORE32 = (1 << 14),
 QEMU_ARCH_MOXIE = (1 << 15),
 QEMU_ARCH_TRICORE = (1 << 16),
+QEMU_ARCH_NIOS2 = (1 << 17),
 };
 
 extern const uint32_t arch_type;
diff --git a/qemu-doc.texi b/qemu-doc.texi
index f37fd31..1e40d09 100644
--- a/qemu-doc.texi
+++ b/qemu-doc.texi
@@ -2856,6 +2856,9 @@ The binary format is detected automatically.
 @command{qemu-mips} TODO.
 @command{qemu-mipsel} TODO.
 
+@cindex user mode (NiosII)
+@command{qemu-nios2} TODO.
+
 @cindex user mode (PowerPC)
 @command{qemu-ppc64abi32} TODO.
 @command{qemu-ppc64} TODO.
-- 
2.8.1

[Qemu-devel] [PATCH 6/7] nios2: Add Altera 10M50 GHRD emulation

[Marek Vasut]

Add the Altera 10M50 Nios2 GHRD model. This allows emulating the
10M50 development kit with the Nios2 GHRD loaded in the FPGA. It
is possible to boot Linux kernel and run userspace, thus far only
from initrd as storage support is not yet implemented.

Signed-off-by: Marek Vasut 
Cc: Chris Wulff 
Cc: Jeff Da Silva 
Cc: Ley Foon Tan 
Cc: Sandra Loosemore 
Cc: Yves Vandervennet 
---
 hw/nios2/10m50_devboard.c | 125 ++
 hw/nios2/Makefile.objs|   1 +
 hw/nios2/boot.c   | 223 ++
 hw/nios2/boot.h   |  11 +++
 hw/nios2/cpu_pic.c|  74 +++
 5 files changed, 434 insertions(+)
 create mode 100644 hw/nios2/10m50_devboard.c
 create mode 100644 hw/nios2/Makefile.objs
 create mode 100644 hw/nios2/boot.c
 create mode 100644 hw/nios2/boot.h
 create mode 100644 hw/nios2/cpu_pic.c

diff --git a/hw/nios2/10m50_devboard.c b/hw/nios2/10m50_devboard.c
new file mode 100644
index 000..8312fd9
--- /dev/null
+++ b/hw/nios2/10m50_devboard.c
@@ -0,0 +1,125 @@
+/*
+ * Altera 10M50 Nios2 GHRD
+ *
+ * Copyright (c) 2016 Marek Vasut 
+ *
+ * Based on LabX device code
+ *
+ * Copyright (c) 2012 Chris Wulff 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * 
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+
+#include "hw/sysbus.h"
+#include "hw/hw.h"
+#include "hw/char/serial.h"
+#include "sysemu/sysemu.h"
+#include "hw/boards.h"
+#include "exec/memory.h"
+#include "exec/address-spaces.h"
+#include "qemu/config-file.h"
+
+#include "boot.h"
+
+#define BINARY_DEVICE_TREE_FILE"10m50-devboard.dtb"
+
+static void nios2_10m50_ghrd_init(MachineState *machine)
+{
+Nios2CPU *cpu;
+DeviceState *dev;
+MemoryRegion *address_space_mem = get_system_memory();
+MemoryRegion *phys_tcm = g_new(MemoryRegion, 1);
+MemoryRegion *phys_tcm_alias = g_new(MemoryRegion, 1);
+MemoryRegion *phys_ram = g_new(MemoryRegion, 1);
+MemoryRegion *phys_ram_alias = g_new(MemoryRegion, 1);
+ram_addr_t tcm_base = 0x0;
+ram_addr_t tcm_size = 0x1000;/* 1 kiB, but QEMU limit is 4 kiB */
+ram_addr_t ram_base = 0x0800;
+ram_addr_t ram_size = 0x0800;
+qemu_irq *cpu_irq, irq[32];
+int i;
+
+/* Physical TCM (tb_ram_1k) with alias at 0xc000 */
+memory_region_init_ram(phys_tcm, NULL, "nios2.tcm", tcm_size, 
&error_abort);
+memory_region_init_alias(phys_tcm_alias, NULL, "nios2.tcm.alias",
+ phys_tcm, 0, tcm_size);
+vmstate_register_ram_global(phys_tcm);
+memory_region_add_subregion(address_space_mem, tcm_base, phys_tcm);
+memory_region_add_subregion(address_space_mem, 0xc000 + tcm_base,
+phys_tcm_alias);
+
+/* Physical DRAM with alias at 0xc000 */
+memory_region_init_ram(phys_ram, NULL, "nios2.ram", ram_size, 
&error_abort);
+memory_region_init_alias(phys_ram_alias, NULL, "nios2.ram.alias",
+ phys_ram, 0, ram_size);
+vmstate_register_ram_global(phys_ram);
+memory_region_add_subregion(address_space_mem, ram_base, phys_ram);
+memory_region_add_subregion(address_space_mem, 0xc000 + ram_base,
+phys_ram_alias);
+
+/* Create CPU -- FIXME */
+cpu = cpu_nios2_init("nios2");
+
+/* Register: CPU interrupt controller (PIC) */
+cpu_irq = nios2_cpu_pic_init(cpu);
+
+/* Register: Internal Interrupt Controller (IIC) */
+dev = qdev_create(NULL, "altera,iic");
+qdev_prop_set_ptr(dev, "cpu", cpu);
+qdev_init_nofail(dev);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, cpu_irq[0]);
+for (i = 0; i < 32; i++)
+irq[i] = qdev_get_gpio_in(dev, i);
+
+/* Register: Altera 16550 UART */
+serial_mm_init(address_space_mem, 0xf8001600, 2, irq[1], 115200,
+   serial_hds[0], DEVICE_NATIVE_ENDIAN);
+
+/* Register: Timer sys_clk_timer  */
+dev = qdev_create(NULL, "ALTR.timer");
+qdev_prop_set_uint32(dev, "clock-frequency", 75 * 100);
+qdev_init_nofail(dev);
+sysbus_mmio_map(SYS_BUS_DEVICE(dev), 0, 0xf8001440);
+sysbus_connect_irq(SYS_BUS_DEVICE(dev), 0, irq[0]);
+
+/* Register: Timer sys_clk_timer_1  */
+dev = qdev_create(NULL, "ALTR.timer");
+qdev_prop_set_uin

Re: [Qemu-devel] [PATCH] ppc: Add MacOS VGA driver ROM

[Benjamin Herrenschmidt]

On Thu, 2016-07-28 at 15:51 +1000, David Gibson wrote:
> So, I believe qemu convention is to include the ROM source via a
> submodule - even though it won't typically be built from there and the
> prebuilt blob will be used instead.
> 
> Not sure who the right person to talk to about that would be.

Probably Peter, and that git repo will eventually grow more ROMs as I
add virtio drivers for MacOS :-)

But for now, let's first agree (or not) with Mark how we deal with
this on the openbios side.

My preference is to rework the PCI stack there and add proper f-code
support, so I can package the drivers using f-code. But that will
probably take a while, in the meantime, the raw PEF which is what I
added here is I think a reasonable compromise.

In fact I wouldn't be completely against doing the virtio driers in
forth ;-)

But he might have other ideas.

Cheers
,Ben.


signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH v1 1/8] target-ppc: implement branch-less divw[o][.]

[Richard Henderson]

On 07/28/2016 12:19 PM, Nikunj A Dadhania wrote:

While implementing modulo instructions figured out that the
implementation uses many branches. Change the logic to achieve the
branch-less code. Undefined value is set to dividend in case of invalid
input.

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate.c | 48 +++-
 1 file changed, 23 insertions(+), 25 deletions(-)


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH] ppc: Add MacOS VGA driver ROM

[Benjamin Herrenschmidt]

On Thu, 2016-07-28 at 09:28 +0100, Stefan Hajnoczi wrote:
> 
> Jeff, please create a mirror git repo for
> https://github.com/ozbenh/QemuMacDrivers at
> git://git.qemu-project.org/QemuMacDrivers.git with nightly mirroring.
> 
> Once Jeff has set up the mirror repo, please send a new revision of
> this
> patch that makes roms/QemuMacDrivers a git-submodule(1) pointing to
> git://git.qemu-project.org/QemuMacDrivers.git.
> 
> Please double-check that the binary ROM included in the patch
> corresponds to the QemuMacDrivers commit referenced by the
> git-submodule(1) before sending the patch.

Ok, we don't yet need to do all of this though as there are still
some open questions about how we expose the ROM to MacOS via
OpenBIOS as a consequence the format of the ROM file.

You can still mirror the git repo, any change will be done there,
but let's not include the submodule and/or apply the patch before
Mark and I have sorted the OpenBIOS side.

Cheers,
Ben.


signature.asc
Description: This is a digitally signed message part

Re: [Qemu-devel] [PATCH v1 2/8] target-ppc: implement branch-less divd[o][.]

[Richard Henderson]

On 07/28/2016 12:19 PM, Nikunj A Dadhania wrote:

Similar to divw, implement branch-less divd.

Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/translate.c | 48 ++--
 1 file changed, 26 insertions(+), 22 deletions(-)


Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [Bug 1591724] Re: Windows 7 installation DVD can't boot in qemu 2.6.0/OVMF

[tkr]

*** This bug is a duplicate of bug 1581936 ***
https://bugs.launchpad.net/bugs/1581936

** This bug has been marked a duplicate of bug 1581936
   Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1591724

Title:
  Windows 7 installation DVD can't boot in qemu 2.6.0/OVMF

Status in QEMU:
  Fix Committed

Bug description:
  With Qemu 2.5.50 (compiled from git some time ago) I can boot Windows 7 x64 
installation DVD as follows:
  ~/code/qemu-v2/bin/slic-v2/native/x86_64-softmmu/qemu-system-x86_64 \
  -machine type=pc,accel=kvm \
  -enable-kvm \
  -cpu host \
  -m 2048 \
  -vga cirrus \
  -boot d \
  -drive if=pflash,file=/vms/ovmf_x64_firstrun.bin,format=raw \
  -cdrom /vms/win7_sp1.iso \
  -monitor stdio

  This bug suggests different vga options
  https://bugs.launchpad.net/qemu/+bug/1581936. Here's the behaviours
  I'm getting with 2.6.0:

  std - "Starting Windows" with wavering flag hangs indefinitely
  cirrus - at "Starting Windows" wasps of light freeze before assembling into a 
flag
  qxl - "Starting Windows" with wavering flag hangs indefinitely
  virtio - "Starting Windows" with wavering flag hangs indefinitely

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1591724/+subscriptions

[Qemu-devel] [Bug 1585008] Re: Windows 7 guests hang on bootup when qxl video is used

[tkr]

*** This bug is a duplicate of bug 1581936 ***
https://bugs.launchpad.net/bugs/1581936

** This bug is no longer a duplicate of bug 1591724
   Windows 7 installation DVD can't boot in qemu 2.6.0/OVMF
** This bug has been marked a duplicate of bug 1581936
   Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1585008

Title:
  Windows 7 guests hang on bootup when qxl video is used

Status in QEMU:
  New
Status in qemu package in Ubuntu:
  Fix Released

Bug description:
  I installed libvirt-bin and virt-manager on Ubuntu 16.04.  I created a
  new VM for Windows 7, basically with default settings, which includes
  qxl video..  The Windows boot process hangs with the "Starting
  Windows" animation.  CPU and disk I/O drop to zero, and it continues
  animating forever and ever...  It never finishes booting.  But it
  doesn't fully "hang" either: the animation continues to animate.

  As a workaround, I set the video mode to "Cirrus" and then Windows
  boots but it is slow and limited.  And also apparently to be avoided:

  https://www.kraxel.org/blog/2014/10/qemu-using-cirrus-considered-
  harmful/

  I can confirm it's only when qxl is enabled, because if I switch from
  Cirrus back to qxl, it hangs again - and going back to Cirrus again
  "fixes" the problem.

  This issue is also reported elsewhere:

  http://serverfault.com/questions/776406/windows-7-setup-hangs-at-
  starting-windows-using-proxmox-4-2

  https://forum.proxmox.com/threads/win7-setup-hangs-in-proxmox-
  ve-4-2.27388/

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1585008/+subscriptions

Re: [Qemu-devel] [PATCH v1 4/8] target-ppc: add vabsdu[b, h, w] instructions

[Richard Henderson]

On 07/28/2016 12:19 PM, Nikunj A Dadhania wrote:

+r->element[i] = abs(a->element[i] - b->element[i]); \
+}   \
+}
+
+/* VABSDU - Vector absolute difference unsigned
+ *   name- instruction mnemonic suffix (b: byte, h: halfword, w: word)
+ *   element - element type to access from vector
+ */
+#define VABSDU(type, element)   \
+VABSDU_DO(absdu##type, element)
+VABSDU(b, u8)
+VABSDU(h, u16)
+VABSDU(w, u32)


From whence are you receiving this abs definition, and how do you expect it to 
work with an unsigned input?


I can only imagine you're getting abs(3), aka int abs(int), from stdlib.h. 
Which technically does work post-arithmetic promotion for u8 and u16, but it 
does not for u32.


I think we'd prefer an explicit (a > b ? a - b : b - a).


r~

Re: [Qemu-devel] [PATCH 6/7] qemu: Implement virtio-pstore device

[Stefan Hajnoczi]

On Thu, Jul 28, 2016 at 02:39:53PM +0900, Namhyung Kim wrote:
> On Thu, Jul 28, 2016 at 03:02:54AM +0300, Michael S. Tsirkin wrote:
> > On Thu, Jul 28, 2016 at 12:08:30AM +0900, Namhyung Kim wrote:
> > > +static ssize_t virtio_pstore_do_write(VirtIOPstore *s, struct iovec 
> > > *out_sg,
> > > +  unsigned int out_num,
> > > +  struct virtio_pstore_req *req)
> > > +{
> > > +char path[PATH_MAX];
> > > +int fd;
> > > +ssize_t len;
> > > +unsigned short type;
> > > +int flags = O_WRONLY | O_CREAT;
> > > +
> > > +/* we already consume the req */
> > > +iov_discard_front(&out_sg, &out_num, sizeof(*req));
> > > +
> > > +virtio_pstore_to_filename(s, path, sizeof(path), req);
> > > +
> > > +type = le16_to_cpu(req->type);
> > > +
> > > +if (type == VIRTIO_PSTORE_TYPE_DMESG) {
> > > +flags |= O_TRUNC;
> > > +} else if (type == VIRTIO_PSTORE_TYPE_CONSOLE) {
> > > +flags |= O_APPEND;
> > > +}
> > > +
> > > +fd = open(path, flags, 0644);
> > > +if (fd < 0) {
> > > +error_report("cannot open %s", path);
> > > +return -1;
> > > +}
> > > +len = writev(fd, out_sg, out_num);
> > > +close(fd);
> > > +
> > > +return len;
> > 
> > All this is blocking VM until host io completes.
> 
> Hmm.. I don't know about the internals of qemu.  So does it make guest
> stop?  If so, that's what I want to do for _DMESG. :)  As it's called
> only on kernel oops I think it's admittable.  But for _CONSOLE, it
> needs to do asynchronously.  Maybe I can add a thread to do the work.

Please look at include/io/channel.h.  QEMU is event-driven and tends to
use asynchronous I/O instead of spawning threads.  The include/io/ APIs
allow you to do asynchronous I/O in the event loop.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v1 5/8] target-ppc: add vcmpnez[b, h, w][.] instructions

[Richard Henderson]

On 07/28/2016 12:19 PM, Nikunj A Dadhania wrote:

+#define VCMPNEZ_DO(suffix, element, record) \
+void helper_vcmpnez##suffix(CPUPPCState *env, ppc_avr_t *r, \
+ppc_avr_t *a, ppc_avr_t *b) \
+{   \
+uint64_t ones = (uint64_t)-1;   \
+uint64_t all = ones;\
+uint64_t none = 0;  \
+int i;  \
+\
+for (i = 0; i < ARRAY_SIZE(r->element); i++) {  \
+uint64_t result = ((a->element[i] == 0) \
+   || (b->element[i] == 0)  \
+   || (a->element[i] != b->element[i]) ?\
+   ones : 0x0); \


Don't you have the proper type to use, as opposed to widening everything to 
uint64_t?  I would guess element##_t would do the job.



r~

[Qemu-devel] [Bug 1589153] Re: qemu-system-x86_64 version 2.5.0 freezes during windows 7 installation in lubuntu 16.04

[tkr]

*** This bug is a duplicate of bug 1581936 ***
https://bugs.launchpad.net/bugs/1581936

** This bug has been marked a duplicate of bug 1581936
   Frozen Windows 7 VMs with VGA CVE-2016-3712 fix (2.6.0 and 2.5.1.1)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1589153

Title:
  qemu-system-x86_64 version 2.5.0 freezes during windows 7 installation
  in lubuntu 16.04

Status in QEMU:
  New

Bug description:
  Hi!

  I have been using qemu - kvm for several years in different versions
  of ubuntu (lubuntu). I am trying to migrate from 15.04 to 16.04 and am
  having a problem. In particular, on my machine (a samsung series 9
  with dual core i7 processor and 8gb ram) the following commands worked
  in 15.04 but do not work in 15.10 and 16.04. FYI, I tested them on a
  clean machine, where I have created a 60GB image file in its own
  partition.. In particular, I am using the command to start installing
  windows 7 and it works in a clean install of 15.04 (yesterday) but not
  in 15.10 (yesterday) or 16.04 (the day before). I do not get any error
  messages in my xterminal when running this and do not know how to
  check for windows error messages. By not working I mean that after
  loading files it gets to a windows screen and then stays there
  forever.

  The command lines used to invoke qemu is:
  echo "*** Installing windows 7 virtual machine - Step 2"

  
  echo "*** Try command for slow mouse"
  export SDL_VIDEO_X11_DGAMOUSE=0

  sudo qemu-system-x86_64 \
-enable-kvm \
-machine pc,accel=kvm \
-cdrom  
/home/Archives/Software/OperatingSystems.Windows7HP.64/Windows7HP64_Install.iso 
\
-boot d \
-net nic,macaddr=56:44:45:30:31:34 \
-net user \
-cpu host \
-vga qxl \
-spice port=5900,disable-ticketing \
-uuid 8373c3d6-1e6c-f022-38e2-b94e6e14e170 \
-smp cpus=2,maxcpus=3 \
-m 6144 \
-name DrPhilSS9AWin7VM \
-hda /mnt/Windows7Image/Windows7Guest.img \
-localtime \
-k en-us \
-usb \
-usbdevice tablet&
  sleep 10
  spicy --host 127.0.0.1 --port 5900

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1589153/+subscriptions

Re: [Qemu-devel] [PATCH v1 6/8] target-ppc: add vslv instruction

[Richard Henderson]

On 07/28/2016 12:19 PM, Nikunj A Dadhania wrote:

From: Vivek Andrew Sha 

vslv: Vector Shift Left Variable

Signed-off-by: Vivek Andrew Sha 
Signed-off-by: Nikunj A Dadhania 
Reviewed-by: David Gibson 
---
 target-ppc/helper.h |  1 +
 target-ppc/int_helper.c | 14 ++
 target-ppc/translate/vmx-impl.c |  1 +
 target-ppc/translate/vmx-ops.c  |  4 
 4 files changed, 20 insertions(+)


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v1 7/8] target-ppc: add vsrv instruction

[Richard Henderson]

On 07/28/2016 12:19 PM, Nikunj A Dadhania wrote:

From: Vivek Andrew Sha 

Adds Vector Shift Right Variable instruction.

Signed-off-by: Vivek Andrew Sha 
[ reverse the order of computation to avoid temporary array ]
Signed-off-by: Nikunj A Dadhania 
---
 target-ppc/helper.h |  1 +
 target-ppc/int_helper.c | 17 +
 target-ppc/translate/vmx-impl.c |  1 +
 target-ppc/translate/vmx-ops.c  |  1 +
 4 files changed, 20 inserti


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH v1 8/8] target-ppc: add extswsli[.] instruction

[Richard Henderson]

On 07/28/2016 12:19 PM, Nikunj A Dadhania wrote:

+tcg_gen_ext32s_tl(dst, src);
+if (sh != 0) {
+tcg_gen_shli_tl(dst, dst, sh);
+}


You need not test for sh != 0, since that will be done in tcg_gen_shli_tl. 
Otherwise,


Reviewed-by: Richard Henderson 


r~

Re: [Qemu-devel] [PATCH 6/7] qemu: Implement virtio-pstore device

[Daniel P. Berrange]

On Thu, Jul 28, 2016 at 01:56:07PM +0100, Stefan Hajnoczi wrote:
> On Thu, Jul 28, 2016 at 02:39:53PM +0900, Namhyung Kim wrote:
> > On Thu, Jul 28, 2016 at 03:02:54AM +0300, Michael S. Tsirkin wrote:
> > > On Thu, Jul 28, 2016 at 12:08:30AM +0900, Namhyung Kim wrote:
> > > > +static ssize_t virtio_pstore_do_write(VirtIOPstore *s, struct iovec 
> > > > *out_sg,
> > > > +  unsigned int out_num,
> > > > +  struct virtio_pstore_req *req)
> > > > +{
> > > > +char path[PATH_MAX];
> > > > +int fd;
> > > > +ssize_t len;
> > > > +unsigned short type;
> > > > +int flags = O_WRONLY | O_CREAT;
> > > > +
> > > > +/* we already consume the req */
> > > > +iov_discard_front(&out_sg, &out_num, sizeof(*req));
> > > > +
> > > > +virtio_pstore_to_filename(s, path, sizeof(path), req);
> > > > +
> > > > +type = le16_to_cpu(req->type);
> > > > +
> > > > +if (type == VIRTIO_PSTORE_TYPE_DMESG) {
> > > > +flags |= O_TRUNC;
> > > > +} else if (type == VIRTIO_PSTORE_TYPE_CONSOLE) {
> > > > +flags |= O_APPEND;
> > > > +}
> > > > +
> > > > +fd = open(path, flags, 0644);
> > > > +if (fd < 0) {
> > > > +error_report("cannot open %s", path);
> > > > +return -1;
> > > > +}
> > > > +len = writev(fd, out_sg, out_num);
> > > > +close(fd);
> > > > +
> > > > +return len;
> > > 
> > > All this is blocking VM until host io completes.
> > 
> > Hmm.. I don't know about the internals of qemu.  So does it make guest
> > stop?  If so, that's what I want to do for _DMESG. :)  As it's called
> > only on kernel oops I think it's admittable.  But for _CONSOLE, it
> > needs to do asynchronously.  Maybe I can add a thread to do the work.
> 
> Please look at include/io/channel.h.  QEMU is event-driven and tends to
> use asynchronous I/O instead of spawning threads.  The include/io/ APIs
> allow you to do asynchronous I/O in the event loop.

That is true, except for I/O to/from plain files - the QIOChannelFile
impl doesn't do anything special (yet) to make that work correctly in
non-blocking mode. Of course that could be fixed...

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

Re: [Qemu-devel] [PATCH 6/7] qemu: Implement virtio-pstore device

[Daniel P. Berrange]

On Thu, Jul 28, 2016 at 12:08:30AM +0900, Namhyung Kim wrote:
> Add virtio pstore device to allow kernel log files saved on the host.
> It will save the log files on the directory given by pstore device
> option.
> 
>   $ qemu-system-x86_64 -device virtio-pstore,directory=dir-xx ...
> 
>   (guest) # echo c > /proc/sysrq-trigger
> 
>   $ ls dir-xx
>   dmesg-1.enc.z  dmesg-2.enc.z
> 
> The log files are usually compressed using zlib.  Users can see the log
> messages directly on the host or on the guest (using pstore filesystem).
> 
> The 'directory' property is required for virtio-pstore device to work.
> It also adds 'bufsize' and 'console' (boolean) properties.
> 
> Cc: Paolo Bonzini 
> Cc: Radim Krčmář 
> Cc: "Michael S. Tsirkin" 
> Cc: Anthony Liguori 
> Cc: Anton Vorontsov 
> Cc: Colin Cross 
> Cc: Kees Cook 
> Cc: Tony Luck 
> Cc: Steven Rostedt 
> Cc: Ingo Molnar 
> Cc: Minchan Kim 
> Cc: k...@vger.kernel.org
> Cc: qemu-devel@nongnu.org
> Cc: virtualizat...@lists.linux-foundation.org
> Signed-off-by: Namhyung Kim 
> ---
>  hw/virtio/Makefile.objs|   2 +-
>  hw/virtio/virtio-pci.c |  54 +++
>  hw/virtio/virtio-pci.h |  14 +
>  hw/virtio/virtio-pstore.c  | 477 
> +
>  include/hw/pci/pci.h   |   1 +
>  include/hw/virtio/virtio-pstore.h  |  34 ++
>  include/standard-headers/linux/virtio_ids.h|   1 +
>  include/standard-headers/linux/virtio_pstore.h |  80 +
>  qdev-monitor.c |   1 +
>  9 files changed, 663 insertions(+), 1 deletion(-)
>  create mode 100644 hw/virtio/virtio-pstore.c
>  create mode 100644 include/hw/virtio/virtio-pstore.h
>  create mode 100644 include/standard-headers/linux/virtio_pstore.h
> 
> diff --git a/hw/virtio/Makefile.objs b/hw/virtio/Makefile.objs
> index 3e2b175..aae7082 100644
> --- a/hw/virtio/Makefile.objs
> +++ b/hw/virtio/Makefile.objs
> @@ -4,4 +4,4 @@ common-obj-y += virtio-bus.o
>  common-obj-y += virtio-mmio.o
>  
>  obj-y += virtio.o virtio-balloon.o 
> -obj-$(CONFIG_LINUX) += vhost.o vhost-backend.o vhost-user.o
> +obj-$(CONFIG_LINUX) += vhost.o vhost-backend.o vhost-user.o virtio-pstore.o
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index f0677b7..d99a405 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -2414,6 +2414,59 @@ static const TypeInfo virtio_host_pci_info = {
>  };
>  #endif
>  
> +/* virtio-pstore-pci */
> +
> +static void virtio_pstore_pci_realize(VirtIOPCIProxy *vpci_dev, Error **errp)
> +{
> +VirtIOPstorePCI *vps = VIRTIO_PSTORE_PCI(vpci_dev);
> +DeviceState *vdev = DEVICE(&vps->vdev);
> +Error *err = NULL;
> +
> +qdev_set_parent_bus(vdev, BUS(&vpci_dev->bus));
> +object_property_set_bool(OBJECT(vdev), true, "realized", &err);
> +if (err) {
> +error_propagate(errp, err);
> +return;
> +}
> +}
> +
> +static void virtio_pstore_pci_class_init(ObjectClass *klass, void *data)
> +{
> +DeviceClass *dc = DEVICE_CLASS(klass);
> +VirtioPCIClass *k = VIRTIO_PCI_CLASS(klass);
> +PCIDeviceClass *pcidev_k = PCI_DEVICE_CLASS(klass);
> +
> +k->realize = virtio_pstore_pci_realize;
> +set_bit(DEVICE_CATEGORY_MISC, dc->categories);
> +
> +pcidev_k->vendor_id = PCI_VENDOR_ID_REDHAT_QUMRANET;
> +pcidev_k->device_id = PCI_DEVICE_ID_VIRTIO_PSTORE;
> +pcidev_k->revision = VIRTIO_PCI_ABI_VERSION;
> +pcidev_k->class_id = PCI_CLASS_OTHERS;
> +}
> +
> +static void virtio_pstore_pci_instance_init(Object *obj)
> +{
> +VirtIOPstorePCI *dev = VIRTIO_PSTORE_PCI(obj);
> +
> +virtio_instance_init_common(obj, &dev->vdev, sizeof(dev->vdev),
> +TYPE_VIRTIO_PSTORE);
> +object_property_add_alias(obj, "directory", OBJECT(&dev->vdev),
> +  "directory", &error_abort);
> +object_property_add_alias(obj, "bufsize", OBJECT(&dev->vdev),
> +  "bufsize", &error_abort);
> +object_property_add_alias(obj, "console", OBJECT(&dev->vdev),
> +  "console", &error_abort);
> +}
> +
> +static const TypeInfo virtio_pstore_pci_info = {
> +.name  = TYPE_VIRTIO_PSTORE_PCI,
> +.parent= TYPE_VIRTIO_PCI,
> +.instance_size = sizeof(VirtIOPstorePCI),
> +.instance_init = virtio_pstore_pci_instance_init,
> +.class_init= virtio_pstore_pci_class_init,
> +};
> +
>  /* virtio-pci-bus */
>  
>  static void virtio_pci_bus_new(VirtioBusState *bus, size_t bus_size,
> @@ -2483,6 +2536,7 @@ static void virtio_pci_register_types(void)
>  #ifdef CONFIG_VHOST_SCSI
>  type_register_static(&vhost_scsi_pci_info);
>  #endif
> +type_register_static(&virtio_pstore_pci_info);
>  }
>  
>  type_init(virtio_pci_register_types)
> diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h
> index e4548c2..b4c039f 100644
> --- a/hw/virtio/virtio-pci.h
> +++ b

Re: [Qemu-devel] [PATCH] RFC: pci-bus: add property ownership on bsel

[Marc-André Lureau]

Hi

On Thu, Jul 28, 2016 at 3:29 PM, Igor Mammedov  wrote:
> On Thu, 28 Jul 2016 15:13:57 +0400
> marcandre.lur...@redhat.com wrote:
>
>> From: Marc-André Lureau 
>>
>> The property should own the allocated and unreferenced pointer. In case
>> of error, it should also be freed.
> I wonder, what use case triggers above error
>
>

See right below in commit message:

/x86_64/qom/pc-i440fx-1.7: qemu-system-x86_64: attempt to add
duplicate property 'acpi-pcihp-bsel' to object (type 'PCI')


>>
>> RFC, because this patch triggers:
>> /x86_64/qom/pc-i440fx-1.7:
>> qemu-system-x86_64: attempt to add duplicate property 'acpi-pcihp-bsel' to 
>> object (type 'PCI')
>>
>> Signed-off-by: Marc-André Lureau 
>> ---
>>  hw/i386/acpi-build.c | 15 +--
>>  include/qom/object.h |  4 
>>  qom/object.c |  9 +
>>  3 files changed, 26 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
>> index 017bb51..2012007 100644
>> --- a/hw/i386/acpi-build.c
>> +++ b/hw/i386/acpi-build.c
>> @@ -425,6 +425,11 @@ build_madt(GArray *table_data, BIOSLinker *linker, 
>> PCMachineState *pcms)
>>   table_data->len - madt_start, 1, NULL, NULL);
>>  }
>>
>> +static void bsel_release(Object *obj, const char *name, void *opaque)
>> +{
>> +g_free(opaque);
>> +}
>> +
>>  /* Assign BSEL property to all buses.  In the future, this can be changed
>>   * to only assign to buses that support hotplug.
>>   */
>> @@ -432,13 +437,19 @@ static void *acpi_set_bsel(PCIBus *bus, void *opaque)
>>  {
>>  unsigned *bsel_alloc = opaque;
>>  unsigned *bus_bsel;
>> +Error *err = NULL;
>>
>>  if (qbus_is_hotpluggable(BUS(bus))) {
>>  bus_bsel = g_malloc(sizeof *bus_bsel);
>>
>>  *bus_bsel = (*bsel_alloc)++;
>> -object_property_add_uint32_ptr(OBJECT(bus), ACPI_PCIHP_PROP_BSEL,
>> -   bus_bsel, NULL);
>> +object_property_add_uint32_ptr_release(OBJECT(bus),
>> +   ACPI_PCIHP_PROP_BSEL,
>> +   bus_bsel, bsel_release, 
>> &err);
>> +if (err) {
>> +g_free(bus_bsel);
>> +error_report_err(err);
>> +}
>>  }
>>
>>  return bsel_alloc;
>> diff --git a/include/qom/object.h b/include/qom/object.h
>> index 5ecc2d1..41c1051 100644
>> --- a/include/qom/object.h
>> +++ b/include/qom/object.h
>> @@ -1488,6 +1488,10 @@ void object_class_property_add_uint16_ptr(ObjectClass 
>> *klass, const char *name,
>>   */
>>  void object_property_add_uint32_ptr(Object *obj, const char *name,
>>  const uint32_t *v, Error **errp);
>> +void object_property_add_uint32_ptr_release(Object *obj, const char *name,
>> +uint32_t *v,
>> +ObjectPropertyRelease *release,
>> +Error **errp);
>>  void object_class_property_add_uint32_ptr(ObjectClass *klass, const char 
>> *name,
>>const uint32_t *v, Error **errp);
>>
>> diff --git a/qom/object.c b/qom/object.c
>> index 8166b7d..1635f57 100644
>> --- a/qom/object.c
>> +++ b/qom/object.c
>> @@ -2157,6 +2157,15 @@ void object_property_add_uint32_ptr(Object *obj, 
>> const char *name,
>>  NULL, NULL, (void *)v, errp);
>>  }
>>
>> +void object_property_add_uint32_ptr_release(Object *obj, const char *name,
>> +uint32_t *v,
>> +ObjectPropertyRelease *release,
>> +Error **errp)
>> +{
>> +object_property_add(obj, name, "uint32", property_get_uint32_ptr,
>> +NULL, release, (void *)v, errp);
>> +}
>> +
>>  void object_class_property_add_uint32_ptr(ObjectClass *klass, const char 
>> *name,
>>const uint32_t *v, Error **errp)
>>  {
>
>



-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH 6/6] arm: add support for an ast2500 evaluation board

[Cédric Le Goater]

On 07/28/2016 10:03 AM, Cédric Le Goater wrote:
> On 07/28/2016 09:58 AM, Andrew Jeffery wrote:
>> On Thu, 2016-07-28 at 09:15 +0200, Cédric Le Goater wrote:
  
 Also, the meaning of the bits have changed from the AST2400 - they
 probably should be documented somewhere?
>>>
>>> So you want me send to an updated version of :
>>>
>>> http://lists.nongnu.org/archive/html/qemu-arm/2016-06/msg00698.html
>>>
>>> as a prereq ? 
>>
>> I mentioned this in passing due to the discussion on my original patch.
>> I think we discussed this separately and concluded the macros were
>> pretty verbose given they are sort-of single-use given the value
>> doesn't change. Maybe just comments as Peter was requesting? You have
>> the patch below but some of the macros will be different for the
>> AST2500.
> 
> yes.
> 
>> I'm probably leaning towards comments over macros, but don't feel
>> strongly either way.
> 
> ok. having a correct value is a minimum and this is not the case 
> in this patch. I think I will go for the comments for now as We 
> have not merged anything in mainline uboot yet.

I gave comments a try and honestly, macros are cleaner to check 
which bits you are setting. less prone to errors. So I will send
a v2 with macros. 

Cheers,

C. 

[Qemu-devel] [PATCH v2 0/9] arm: add ast2500 support

[Cédric Le Goater]

The ast2500 soc being very close to the ast2400 soc, the goal of the
changes below is to modify the existing platform 'palmetto-bmc' and
existing soc 'ast2400' to take into account the small differences and
avoid code duplication. This is mostly inspired by the realview
platform.

First patches rework the 'palmetto-bmc' platform and the 'ast2400' soc
models to provide room to other platforms and socs which have a common
design. Being able to set the 'silicon-rev' and the cpu model are the
primary motivation.

The last patches add support for the new ast2500 soc in the required
controller (sdmc and scu) and define a new platform for an Aspeed
evaluation board.

On the ast2500, I am still having a little issue under uboot which
sets the vbar doing :

mcr p15, 0, r0, c12, c0, 0  /* Set VBAR */

and this is trapped as an undefined instruction by qemu.

Looking at hw/arm/helper.c, the VBAR register seems to be defined only
for feature ARM_FEATURE_V7 (v7_cp_reginfo). The ast2500 soc uses a
arm1176 which defines ARM_FEATURE_EL3 which gives us a VBAR_EL3.
According to th specs, the arm1176jzf-s has a Vector Base Address
Register. So am I missing something in the board definition or is
uboot being too optimistic on the cpu features ? This is confusing for
me, some direction would be welcomed :)

A part from that, the soc behaves fine.

Thanks,

Most notable changes in v2 are :

  - palmetto_bmc.c file rename
  - SCU macros to define the hardware strapping register 

Cédric Le Goater (9):
  palmetto-bmc: rename file to aspeed.c
  palmetto-bmc: add a "silicon-rev" property at the soc level
  palmetto-bmc: replace palmetto_bmc with aspeed
  ast2400: use machine cpu_model to initialize the soc cpu
  palmetto-bmc: add board specific configuration
  hw/misc: use macros to define hw-strap1 register on Aspeed SOC
  aspeed: add ast2500 support to scu and sdmc controllers
  arm: add support for an ast2500 evaluation board
  palmetto-bmc: remove extra no_sdcard assignement

 hw/arm/Makefile.objs |   2 +-
 hw/arm/aspeed.c  | 166 +++
 hw/arm/ast2400.c |  21 --
 hw/arm/palmetto-bmc.c| 102 --
 hw/misc/aspeed_scu.c |  45 +++-
 hw/misc/aspeed_sdmc.c|   1 +
 include/hw/arm/ast2400.h |   5 ++
 include/hw/misc/aspeed_scu.h | 165 ++
 8 files changed, 397 insertions(+), 110 deletions(-)
 create mode 100644 hw/arm/aspeed.c
 delete mode 100644 hw/arm/palmetto-bmc.c

-- 
2.1.4

[Qemu-devel] [PATCH v2 1/9] palmetto-bmc: rename file to aspeed.c

[Cédric Le Goater]

We plan to add more Aspeed platform to this file. Let's rename it to a
more generic name. There are no changes in the code.

Signed-off-by: Cédric Le Goater 
---
 hw/arm/Makefile.objs  |   2 +-
 hw/arm/aspeed.c   | 102 ++
 hw/arm/palmetto-bmc.c | 102 --
 3 files changed, 103 insertions(+), 103 deletions(-)
 create mode 100644 hw/arm/aspeed.c
 delete mode 100644 hw/arm/palmetto-bmc.c

diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 12764ef2b719..8cc700231b30 100644
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -17,4 +17,4 @@ obj-$(CONFIG_XLNX_ZYNQMP) += xlnx-zynqmp.o xlnx-ep108.o
 obj-$(CONFIG_FSL_IMX25) += fsl-imx25.o imx25_pdk.o
 obj-$(CONFIG_FSL_IMX31) += fsl-imx31.o kzm.o
 obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
-obj-$(CONFIG_ASPEED_SOC) += ast2400.o palmetto-bmc.o
+obj-$(CONFIG_ASPEED_SOC) += ast2400.o aspeed.o
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
new file mode 100644
index ..54e29a865d88
--- /dev/null
+++ b/hw/arm/aspeed.c
@@ -0,0 +1,102 @@
+/*
+ * OpenPOWER Palmetto BMC
+ *
+ * Andrew Jeffery 
+ *
+ * Copyright 2016 IBM Corp.
+ *
+ * This code is licensed under the GPL version 2 or later.  See
+ * the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "qemu-common.h"
+#include "cpu.h"
+#include "exec/address-spaces.h"
+#include "hw/arm/arm.h"
+#include "hw/arm/ast2400.h"
+#include "hw/boards.h"
+#include "qemu/log.h"
+#include "sysemu/block-backend.h"
+#include "sysemu/blockdev.h"
+
+static struct arm_boot_info palmetto_bmc_binfo = {
+.loader_start = AST2400_SDRAM_BASE,
+.board_id = 0,
+.nb_cpus = 1,
+};
+
+typedef struct PalmettoBMCState {
+AST2400State soc;
+MemoryRegion ram;
+} PalmettoBMCState;
+
+static void palmetto_bmc_init_flashes(AspeedSMCState *s, const char *flashtype,
+  Error **errp)
+{
+int i ;
+
+for (i = 0; i < s->num_cs; ++i) {
+AspeedSMCFlash *fl = &s->flashes[i];
+DriveInfo *dinfo = drive_get_next(IF_MTD);
+qemu_irq cs_line;
+
+/*
+ * FIXME: check that we are not using a flash module exceeding
+ * the controller segment size
+ */
+fl->flash = ssi_create_slave_no_init(s->spi, flashtype);
+if (dinfo) {
+qdev_prop_set_drive(fl->flash, "drive", blk_by_legacy_dinfo(dinfo),
+errp);
+}
+qdev_init_nofail(fl->flash);
+
+cs_line = qdev_get_gpio_in_named(fl->flash, SSI_GPIO_CS, 0);
+sysbus_connect_irq(SYS_BUS_DEVICE(s), i + 1, cs_line);
+}
+}
+
+static void palmetto_bmc_init(MachineState *machine)
+{
+PalmettoBMCState *bmc;
+
+bmc = g_new0(PalmettoBMCState, 1);
+object_initialize(&bmc->soc, (sizeof(bmc->soc)), TYPE_AST2400);
+object_property_add_child(OBJECT(machine), "soc", OBJECT(&bmc->soc),
+  &error_abort);
+
+memory_region_allocate_system_memory(&bmc->ram, NULL, "ram", ram_size);
+memory_region_add_subregion(get_system_memory(), AST2400_SDRAM_BASE,
+&bmc->ram);
+object_property_add_const_link(OBJECT(&bmc->soc), "ram", OBJECT(&bmc->ram),
+   &error_abort);
+object_property_set_int(OBJECT(&bmc->soc), 0x120CE416, "hw-strap1",
+&error_abort);
+object_property_set_bool(OBJECT(&bmc->soc), true, "realized",
+ &error_abort);
+
+palmetto_bmc_init_flashes(&bmc->soc.smc, "n25q256a", &error_abort);
+palmetto_bmc_init_flashes(&bmc->soc.spi, "mx25l25635e", &error_abort);
+
+palmetto_bmc_binfo.kernel_filename = machine->kernel_filename;
+palmetto_bmc_binfo.initrd_filename = machine->initrd_filename;
+palmetto_bmc_binfo.kernel_cmdline = machine->kernel_cmdline;
+palmetto_bmc_binfo.ram_size = ram_size;
+arm_load_kernel(ARM_CPU(first_cpu), &palmetto_bmc_binfo);
+}
+
+static void palmetto_bmc_machine_init(MachineClass *mc)
+{
+mc->desc = "OpenPOWER Palmetto BMC";
+mc->init = palmetto_bmc_init;
+mc->max_cpus = 1;
+mc->no_sdcard = 1;
+mc->no_floppy = 1;
+mc->no_cdrom = 1;
+mc->no_sdcard = 1;
+mc->no_parallel = 1;
+}
+
+DEFINE_MACHINE("palmetto-bmc", palmetto_bmc_machine_init);
diff --git a/hw/arm/palmetto-bmc.c b/hw/arm/palmetto-bmc.c
deleted file mode 100644
index 54e29a865d88..
--- a/hw/arm/palmetto-bmc.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * OpenPOWER Palmetto BMC
- *
- * Andrew Jeffery 
- *
- * Copyright 2016 IBM Corp.
- *
- * This code is licensed under the GPL version 2 or later.  See
- * the COPYING file in the top-level directory.
- */
-
-#include "qemu/osdep.h"
-#include "qapi/error.h"
-#include "qemu-common.h"
-#include "cpu.h"
-#include "exec/address-spaces.h"
-#include "hw/arm/arm.h"
-#include "hw/arm/ast2400.h"
-#include

[Qemu-devel] [PATCH v2 5/9] palmetto-bmc: add board specific configuration

[Cédric Le Goater]

aspeed_init() now uses a board identifier to customize some values
specific to the board, ram base, board revision number, etc.

Signed-off-by: Cédric Le Goater 
---

 Changes since v1:

 - changed aspeed_init() prototype to use a 'const AspeedBoardConfig *'
 - fixed white space issues
 
 hw/arm/aspeed.c | 31 +++
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 8a3ff5568575..80be55ab293f 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -22,8 +22,6 @@
 #include "sysemu/blockdev.h"
 
 static struct arm_boot_info aspeed_binfo = {
-.loader_start = AST2400_SDRAM_BASE,
-.board_id = 0,
 .nb_cpus = 1,
 };
 
@@ -32,6 +30,21 @@ typedef struct AspeedBoardState {
 MemoryRegion ram;
 } AspeedBoardState;
 
+typedef struct AspeedBoardConfig {
+uint32_t hw_strap1;
+uint32_t silicon_rev;
+hwaddr sdram_base;
+} AspeedBoardConfig;
+
+enum {
+PALMETTO_BMC
+};
+
+static const AspeedBoardConfig aspeed_boards[] = {
+[PALMETTO_BMC] = { 0x120CE416, AST2400_A0_SILICON_REV,
+   AST2400_SDRAM_BASE },
+};
+
 static void aspeed_init_flashes(AspeedSMCState *s, const char *flashtype,
 Error **errp)
 {
@@ -58,7 +71,7 @@ static void aspeed_init_flashes(AspeedSMCState *s, const char 
*flashtype,
 }
 }
 
-static void aspeed_init(MachineState *machine)
+static void aspeed_init(MachineState *machine, const AspeedBoardConfig *cfg)
 {
 AspeedBoardState *bmc;
 
@@ -68,13 +81,13 @@ static void aspeed_init(MachineState *machine)
   &error_abort);
 
 memory_region_allocate_system_memory(&bmc->ram, NULL, "ram", ram_size);
-memory_region_add_subregion(get_system_memory(), AST2400_SDRAM_BASE,
+memory_region_add_subregion(get_system_memory(), cfg->sdram_base,
 &bmc->ram);
 object_property_add_const_link(OBJECT(&bmc->soc), "ram", OBJECT(&bmc->ram),
&error_abort);
-object_property_set_int(OBJECT(&bmc->soc), 0x120CE416, "hw-strap1",
-&error_abort);
-object_property_set_int(OBJECT(&bmc->soc), AST2400_A0_SILICON_REV,
+object_property_set_int(OBJECT(&bmc->soc), cfg->hw_strap1,
+"hw-strap1", &error_abort);
+object_property_set_int(OBJECT(&bmc->soc), cfg->silicon_rev,
 "silicon-rev", &error_abort);
 object_property_set_bool(OBJECT(&bmc->soc), true, "realized",
  &error_abort);
@@ -86,13 +99,15 @@ static void aspeed_init(MachineState *machine)
 aspeed_binfo.initrd_filename = machine->initrd_filename;
 aspeed_binfo.kernel_cmdline = machine->kernel_cmdline;
 aspeed_binfo.ram_size = ram_size;
+aspeed_binfo.loader_start = cfg->sdram_base,
+aspeed_binfo.board_id = cfg->silicon_rev,
 arm_load_kernel(ARM_CPU(first_cpu), &aspeed_binfo);
 }
 
 static void palmetto_bmc_init(MachineState *machine)
 {
 machine->cpu_model = "arm926";
-aspeed_init(machine);
+aspeed_init(machine, &aspeed_boards[PALMETTO_BMC]);
 }
 
 static void palmetto_bmc_class_init(ObjectClass *oc, void *data)
-- 
2.1.4

[Qemu-devel] [PATCH v2 4/9] ast2400: use machine cpu_model to initialize the soc cpu

[Cédric Le Goater]

It will be easier to specify a different cpu for other soc derived
from the ast2400 soc.

Signed-off-by: Cédric Le Goater 
---

 Change since v1:

 - remove check on cpu_model. 

 hw/arm/aspeed.c  | 1 +
 hw/arm/ast2400.c | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index f80a15733864..8a3ff5568575 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -91,6 +91,7 @@ static void aspeed_init(MachineState *machine)
 
 static void palmetto_bmc_init(MachineState *machine)
 {
+machine->cpu_model = "arm926";
 aspeed_init(machine);
 }
 
diff --git a/hw/arm/ast2400.c b/hw/arm/ast2400.c
index fa535065f765..84f3b444db09 100644
--- a/hw/arm/ast2400.c
+++ b/hw/arm/ast2400.c
@@ -15,6 +15,7 @@
 #include "qemu-common.h"
 #include "cpu.h"
 #include "exec/address-spaces.h"
+#include "hw/boards.h"
 #include "hw/arm/ast2400.h"
 #include "hw/char/serial.h"
 #include "qemu/log.h"
@@ -67,7 +68,7 @@ static void ast2400_init(Object *obj)
 {
 AST2400State *s = AST2400(obj);
 
-s->cpu = cpu_arm_init("arm926");
+s->cpu = cpu_arm_init(current_machine->cpu_model);
 
 object_initialize(&s->vic, sizeof(s->vic), TYPE_ASPEED_VIC);
 object_property_add_child(obj, "vic", OBJECT(&s->vic), NULL);
-- 
2.1.4

[Qemu-devel] [PATCH v2 2/9] palmetto-bmc: add a "silicon-rev" property at the soc level

[Cédric Le Goater]

The SCU controler holds the board revision number in its 0x7C
register. Let's use an alias to link a "silicon-rev" property of the
soc to the "silicon-rev" property of the SCU controler.

The SDMC controler "silicon-rev" property is derived from the SCU one
at realize time. I did not find a better way to handle this part.
Links and aliases being a one-to-one relation, I could not use one of
them. I might wrong though.

Signed-off-by: Cédric Le Goater 
---
 hw/arm/aspeed.c  |  2 ++
 hw/arm/ast2400.c | 18 +-
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 54e29a865d88..1ee13d578899 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -74,6 +74,8 @@ static void palmetto_bmc_init(MachineState *machine)
&error_abort);
 object_property_set_int(OBJECT(&bmc->soc), 0x120CE416, "hw-strap1",
 &error_abort);
+object_property_set_int(OBJECT(&bmc->soc), AST2400_A0_SILICON_REV,
+"silicon-rev", &error_abort);
 object_property_set_bool(OBJECT(&bmc->soc), true, "realized",
  &error_abort);
 
diff --git a/hw/arm/ast2400.c b/hw/arm/ast2400.c
index 136bf6464e1d..fa535065f765 100644
--- a/hw/arm/ast2400.c
+++ b/hw/arm/ast2400.c
@@ -84,8 +84,8 @@ static void ast2400_init(Object *obj)
 object_initialize(&s->scu, sizeof(s->scu), TYPE_ASPEED_SCU);
 object_property_add_child(obj, "scu", OBJECT(&s->scu), NULL);
 qdev_set_parent_bus(DEVICE(&s->scu), sysbus_get_default());
-qdev_prop_set_uint32(DEVICE(&s->scu), "silicon-rev",
- AST2400_A0_SILICON_REV);
+object_property_add_alias(obj, "silicon-rev", OBJECT(&s->scu),
+  "silicon-rev", &error_abort);
 object_property_add_alias(obj, "hw-strap1", OBJECT(&s->scu),
   "hw-strap1", &error_abort);
 object_property_add_alias(obj, "hw-strap2", OBJECT(&s->scu),
@@ -102,8 +102,6 @@ static void ast2400_init(Object *obj)
 object_initialize(&s->sdmc, sizeof(s->sdmc), TYPE_ASPEED_SDMC);
 object_property_add_child(obj, "sdmc", OBJECT(&s->sdmc), NULL);
 qdev_set_parent_bus(DEVICE(&s->sdmc), sysbus_get_default());
-qdev_prop_set_uint32(DEVICE(&s->sdmc), "silicon-rev",
- AST2400_A0_SILICON_REV);
 }
 
 static void ast2400_realize(DeviceState *dev, Error **errp)
@@ -111,6 +109,7 @@ static void ast2400_realize(DeviceState *dev, Error **errp)
 int i;
 AST2400State *s = AST2400(dev);
 Error *err = NULL, *local_err = NULL;
+uint32_t silicon_rev;
 
 /* IO space */
 memory_region_init_io(&s->iomem, NULL, &ast2400_io_ops, NULL,
@@ -192,7 +191,16 @@ static void ast2400_realize(DeviceState *dev, Error **errp)
 sysbus_mmio_map(SYS_BUS_DEVICE(&s->spi), 1, AST2400_SPI_FLASH_BASE);
 
 /* SDMC - SDRAM Memory Controller */
-object_property_set_bool(OBJECT(&s->sdmc), true, "realized", &err);
+silicon_rev = (uint32_t)
+object_property_get_int(OBJECT(&s->scu), "silicon-rev", &err);
+if (err) {
+error_propagate(errp, err);
+return;
+}
+
+object_property_set_int(OBJECT(&s->sdmc), silicon_rev, "silicon-rev", 
&err);
+object_property_set_bool(OBJECT(&s->sdmc), true, "realized", &local_err);
+error_propagate(&err, local_err);
 if (err) {
 error_propagate(errp, err);
 return;
-- 
2.1.4

[Qemu-devel] [PATCH v2 7/9] aspeed: add ast2500 support to scu and sdmc controllers

[Cédric Le Goater]

Based on previous work done by Andrew Jeffery .

The ast2500 eval board has a hardware strapping register value of
0xF100C2E6 which we use for a definition of AST2500_HW_STRAP1 below.

Signed-off-by: Cédric Le Goater 
---

 Andrew,
 
 I did not add your 'Reviewed-by' because of the changes below.

 Changes since v1:

 - added Hardware strapping register definition for soc AST2500

 hw/misc/aspeed_scu.c | 45 ++-
 hw/misc/aspeed_sdmc.c|  1 +
 include/hw/misc/aspeed_scu.h | 56 
 3 files changed, 101 insertions(+), 1 deletion(-)

diff --git a/hw/misc/aspeed_scu.c b/hw/misc/aspeed_scu.c
index c7e2c8263f55..6dd7e1085420 100644
--- a/hw/misc/aspeed_scu.c
+++ b/hw/misc/aspeed_scu.c
@@ -120,6 +120,41 @@ static const uint32_t 
ast2400_a0_resets[ASPEED_SCU_NR_REGS] = {
  [BMC_DEV_ID]  = 0x2402U
 };
 
+/* SCU70 bit 23: 0 24Mhz. bit 11:9: 0b001 AXI:ABH ratio 2:1 */
+/* AST2500 revision A1 */
+
+static const uint32_t ast2500_a1_resets[ASPEED_SCU_NR_REGS] = {
+ [SYS_RST_CTRL]= 0xFFCFFEDCU,
+ [CLK_SEL] = 0xF3F4U,
+ [CLK_STOP_CTRL]   = 0x19FC3E8BU,
+ [D2PLL_PARAM] = 0x00026108U,
+ [MPLL_PARAM]  = 0x00030291U,
+ [HPLL_PARAM]  = 0x93000400U,
+ [MISC_CTRL1]  = 0x0010U,
+ [PCI_CTRL1]   = 0x20001A03U,
+ [PCI_CTRL2]   = 0x20001A03U,
+ [PCI_CTRL3]   = 0x0430U,
+ [SYS_RST_STATUS]  = 0x0001U,
+ [SOC_SCRATCH1]= 0x00C0U, /* SoC completed DRAM init */
+ [MISC_CTRL2]  = 0x0023U,
+ [RNG_CTRL]= 0x000EU,
+ [PINMUX_CTRL2]= 0xF000U,
+ [PINMUX_CTRL3]= 0x0300U,
+ [PINMUX_CTRL4]= 0xU,
+ [PINMUX_CTRL5]= 0xA000U,
+ [WDT_RST_CTRL]= 0x0233U,
+ [PINMUX_CTRL8]= 0xU,
+ [PINMUX_CTRL9]= 0x000FU,
+ [FREE_CNTR4]  = 0x00FFU,
+ [FREE_CNTR4_EXT]  = 0x00FFU,
+ [CPU2_BASE_SEG1]  = 0x8000U,
+ [CPU2_BASE_SEG4]  = 0x1E60U,
+ [CPU2_BASE_SEG5]  = 0xC000U,
+ [UART_HPLL_CLK]   = 0x1903U,
+ [PCIE_CTRL]   = 0x007BU,
+ [BMC_DEV_ID]  = 0x2402U
+};
+
 static uint64_t aspeed_scu_read(void *opaque, hwaddr offset, unsigned size)
 {
 AspeedSCUState *s = ASPEED_SCU(opaque);
@@ -198,6 +233,10 @@ static void aspeed_scu_reset(DeviceState *dev)
 case AST2400_A0_SILICON_REV:
 reset = ast2400_a0_resets;
 break;
+case AST2500_A0_SILICON_REV:
+case AST2500_A1_SILICON_REV:
+reset = ast2500_a1_resets;
+break;
 default:
 g_assert_not_reached();
 }
@@ -208,7 +247,11 @@ static void aspeed_scu_reset(DeviceState *dev)
 s->regs[HW_STRAP2] = s->hw_strap2;
 }
 
-static uint32_t aspeed_silicon_revs[] = { AST2400_A0_SILICON_REV, };
+static uint32_t aspeed_silicon_revs[] = {
+AST2400_A0_SILICON_REV,
+AST2500_A0_SILICON_REV,
+AST2500_A1_SILICON_REV
+};
 
 bool is_supported_silicon_rev(uint32_t silicon_rev)
 {
diff --git a/hw/misc/aspeed_sdmc.c b/hw/misc/aspeed_sdmc.c
index 6cc0301a6331..621d166890fa 100644
--- a/hw/misc/aspeed_sdmc.c
+++ b/hw/misc/aspeed_sdmc.c
@@ -196,6 +196,7 @@ static void aspeed_sdmc_reset(DeviceState *dev)
 break;
 
 case AST2500_A0_SILICON_REV:
+case AST2500_A1_SILICON_REV:
 s->regs[R_CONF] |=
 ASPEED_SDMC_HW_VERSION(1) |
 ASPEED_SDMC_VGA_APERTURE(ASPEED_SDMC_VGA_64MB) |
diff --git a/include/hw/misc/aspeed_scu.h b/include/hw/misc/aspeed_scu.h
index dfc3e023f3ba..d79e2214457d 100644
--- a/include/hw/misc/aspeed_scu.h
+++ b/include/hw/misc/aspeed_scu.h
@@ -33,6 +33,7 @@ typedef struct AspeedSCUState {
 
 #define AST2400_A0_SILICON_REV   0x02000303U
 #define AST2500_A0_SILICON_REV   0x04000303U
+#define AST2500_A1_SILICON_REV   0x04010303U
 
 extern bool is_supported_silicon_rev(uint32_t silicon_rev);
 
@@ -145,4 +146,59 @@ extern bool is_supported_silicon_rev(uint32_t silicon_rev);
 SCU_HW_STRAP_VGA_SIZE_SET(VGA_16M_DRAM) |   \
 SCU_HW_STRAP_BOOT_MODE(SPI_BOOT))
 
+/*
+ * Hardware strapping register definition (for Aspeed AST2500 SOC and
+ * higher)
+ */
+#define SCU_AST2500_HW_STRAP_SPI_AUTOFETCH_ENABLE  (0x1 << 31)
+#define SCU_AST2500_HW_STRAP_GPIO_STRAP_ENABLE (0x1 << 30)
+#define SCU_AST2500_HW_STRAP_UART_DEBUG(0x1 << 29)
+#define UART_DEBUG_UART1   0
+#define UART_DEBUG_UART5   1
+#define SCU_AST2500_HW_STRAP_RESERVED28(0x1 << 28)
+
+#define SCU_AST2500_HW_STRAP_FAST_RESET_DBG(0x1 << 27)
+#define SCU_AST2500_HW_STRAP_ESPI_FLASH_ENABLE (0x1 << 26)
+#define SCU_AST2500_HW_STRAP_ESPI_ENABLE   (0x1 << 25)
+#define SCU_AST2500_HW_STRAP_DDR4_ENABLE   (0x1 << 24)
+
+#define SCU_AST2500_HW_STRAP_ACPI_ENABLE   (0x1 << 19)
+#define SCU_AST2500_HW_STRAP_USBCKI_FREQ   (0x1 << 18)
+#define

[Qemu-devel] [PATCH v2 03/37] qga: free the whole blacklist

[marcandre . lureau]

From: Marc-André Lureau 

Free the list, not just the elements.

Signed-off-by: Marc-André Lureau 
---
 qga/main.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/qga/main.c b/qga/main.c
index 4c3b2c7..67be90b 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -1175,6 +1175,8 @@ static void config_free(GAConfig *config)
 #ifdef CONFIG_FSFREEZE
 g_free(config->fsfreeze_hook);
 #endif
+g_list_foreach(config->blacklist, (GFunc)g_free, NULL);
+g_list_free(config->blacklist);
 g_free(config);
 }
 
@@ -1310,11 +1312,6 @@ static int run_agent(GAState *s, GAConfig *config)
 return EXIT_SUCCESS;
 }
 
-static void free_blacklist_entry(gpointer entry, gpointer unused)
-{
-g_free(entry);
-}
-
 int main(int argc, char **argv)
 {
 int ret = EXIT_SUCCESS;
@@ -1379,7 +1376,6 @@ end:
 if (s->channel) {
 ga_channel_free(s->channel);
 }
-g_list_foreach(config->blacklist, free_blacklist_entry, NULL);
 g_free(s->pstate_filepath);
 g_free(s->state_filepath_isfrozen);
 
-- 
2.9.0

[Qemu-devel] [PATCH v2 01/37] build-sys: use an override for CFLAGS filter

[marcandre . lureau]

From: Marc-André Lureau 

Even if the user gave CFLAGS=... argument on make command line to
override the configure value, make sure the filter is applied.

Signed-off-by: Marc-André Lureau 
---
 pc-bios/optionrom/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index d88ce11..fc9be45 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -24,8 +24,8 @@ QEMU_CFLAGS += $(call cc-option, $(QEMU_CFLAGS), 
-no-integrated-as)
 QEMU_CFLAGS += -m32 -include $(SRC_PATH)/pc-bios/optionrom/code16gcc.h
 endif
 
-# Drop gcov and glib flags
-CFLAGS := $(filter -O% -g%, $(CFLAGS))
+# Drop gcov, asan, and glib flags
+override CFLAGS := $(filter -O% -g%, $(CFLAGS))
 QEMU_INCLUDES += -I$(SRC_PATH)
 
 Wa = -Wa,
-- 
2.9.0

[Qemu-devel] [PATCH v2 8/9] arm: add support for an ast2500 evaluation board

[Cédric Le Goater]

Signed-off-by: Cédric Le Goater 
---

 Changes since v1:

 - changed AST2500_EDK to AST2500_EVB
 - fixed white space issues
 - added AST2500_HW_STRAP1 

 hw/arm/aspeed.c  | 31 ++-
 include/hw/arm/ast2400.h |  5 +
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index b5d34a3a0367..c8812cc358bb 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -37,12 +37,15 @@ typedef struct AspeedBoardConfig {
 } AspeedBoardConfig;
 
 enum {
-PALMETTO_BMC
+PALMETTO_BMC,
+AST2500_EVB
 };
 
 static const AspeedBoardConfig aspeed_boards[] = {
 [PALMETTO_BMC] = { AST2400_HW_STRAP1, AST2400_A0_SILICON_REV,
AST2400_SDRAM_BASE },
+[AST2500_EVB]  = { AST2500_HW_STRAP1, AST2500_A1_SILICON_REV,
+   AST2500_SDRAM_BASE },
 };
 
 static void aspeed_init_flashes(AspeedSMCState *s, const char *flashtype,
@@ -130,9 +133,35 @@ static const TypeInfo palmetto_bmc_type = {
 .class_init = palmetto_bmc_class_init,
 };
 
+static void ast2500_evb_init(MachineState *machine)
+{
+machine->cpu_model = "arm1176";
+aspeed_init(machine, &aspeed_boards[AST2500_EVB]);
+}
+
+static void ast2500_evb_class_init(ObjectClass *oc, void *data)
+{
+MachineClass *mc = MACHINE_CLASS(oc);
+
+mc->desc = "Aspeed AST2500 EVB (ARM1176)";
+mc->init = ast2500_evb_init;
+mc->max_cpus = 1;
+mc->no_sdcard = 1;
+mc->no_floppy = 1;
+mc->no_cdrom = 1;
+mc->no_parallel = 1;
+}
+
+static const TypeInfo ast2500_evb_type = {
+.name = MACHINE_TYPE_NAME("ast2500-evb"),
+.parent = TYPE_MACHINE,
+.class_init = ast2500_evb_class_init,
+};
+
 static void aspeed_machine_init(void)
 {
 type_register_static(&palmetto_bmc_type);
+type_register_static(&ast2500_evb_type);
 }
 
 type_init(aspeed_machine_init)
diff --git a/include/hw/arm/ast2400.h b/include/hw/arm/ast2400.h
index e68807d475b7..2e6864f88790 100644
--- a/include/hw/arm/ast2400.h
+++ b/include/hw/arm/ast2400.h
@@ -41,4 +41,9 @@ typedef struct AST2400State {
 
 #define AST2400_SDRAM_BASE   0x4000
 
+/*
+ * for Aspeed AST2500 SOC and higher
+ */
+#define AST2500_SDRAM_BASE   0x8000
+
 #endif /* AST2400_H */
-- 
2.1.4

[Qemu-devel] [PATCH v2 3/9] palmetto-bmc: replace palmetto_bmc with aspeed

[Cédric Le Goater]

This is mostly a name replacement to prepare ground for other socs
specificities. It also adds a specific TypeInfo struct for the
palmetto_bmc board with a custom initialization for the same reason.

Signed-off-by: Cédric Le Goater 
---
 hw/arm/aspeed.c | 54 --
 1 file changed, 36 insertions(+), 18 deletions(-)

diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 1ee13d578899..f80a15733864 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -21,19 +21,19 @@
 #include "sysemu/block-backend.h"
 #include "sysemu/blockdev.h"
 
-static struct arm_boot_info palmetto_bmc_binfo = {
+static struct arm_boot_info aspeed_binfo = {
 .loader_start = AST2400_SDRAM_BASE,
 .board_id = 0,
 .nb_cpus = 1,
 };
 
-typedef struct PalmettoBMCState {
+typedef struct AspeedBoardState {
 AST2400State soc;
 MemoryRegion ram;
-} PalmettoBMCState;
+} AspeedBoardState;
 
-static void palmetto_bmc_init_flashes(AspeedSMCState *s, const char *flashtype,
-  Error **errp)
+static void aspeed_init_flashes(AspeedSMCState *s, const char *flashtype,
+Error **errp)
 {
 int i ;
 
@@ -58,11 +58,11 @@ static void palmetto_bmc_init_flashes(AspeedSMCState *s, 
const char *flashtype,
 }
 }
 
-static void palmetto_bmc_init(MachineState *machine)
+static void aspeed_init(MachineState *machine)
 {
-PalmettoBMCState *bmc;
+AspeedBoardState *bmc;
 
-bmc = g_new0(PalmettoBMCState, 1);
+bmc = g_new0(AspeedBoardState, 1);
 object_initialize(&bmc->soc, (sizeof(bmc->soc)), TYPE_AST2400);
 object_property_add_child(OBJECT(machine), "soc", OBJECT(&bmc->soc),
   &error_abort);
@@ -79,19 +79,26 @@ static void palmetto_bmc_init(MachineState *machine)
 object_property_set_bool(OBJECT(&bmc->soc), true, "realized",
  &error_abort);
 
-palmetto_bmc_init_flashes(&bmc->soc.smc, "n25q256a", &error_abort);
-palmetto_bmc_init_flashes(&bmc->soc.spi, "mx25l25635e", &error_abort);
+aspeed_init_flashes(&bmc->soc.smc, "n25q256a", &error_abort);
+aspeed_init_flashes(&bmc->soc.spi, "mx25l25635e", &error_abort);
+
+aspeed_binfo.kernel_filename = machine->kernel_filename;
+aspeed_binfo.initrd_filename = machine->initrd_filename;
+aspeed_binfo.kernel_cmdline = machine->kernel_cmdline;
+aspeed_binfo.ram_size = ram_size;
+arm_load_kernel(ARM_CPU(first_cpu), &aspeed_binfo);
+}
 
-palmetto_bmc_binfo.kernel_filename = machine->kernel_filename;
-palmetto_bmc_binfo.initrd_filename = machine->initrd_filename;
-palmetto_bmc_binfo.kernel_cmdline = machine->kernel_cmdline;
-palmetto_bmc_binfo.ram_size = ram_size;
-arm_load_kernel(ARM_CPU(first_cpu), &palmetto_bmc_binfo);
+static void palmetto_bmc_init(MachineState *machine)
+{
+aspeed_init(machine);
 }
 
-static void palmetto_bmc_machine_init(MachineClass *mc)
+static void palmetto_bmc_class_init(ObjectClass *oc, void *data)
 {
-mc->desc = "OpenPOWER Palmetto BMC";
+MachineClass *mc = MACHINE_CLASS(oc);
+
+mc->desc = "OpenPOWER Palmetto BMC (ARM926EJ-S)";
 mc->init = palmetto_bmc_init;
 mc->max_cpus = 1;
 mc->no_sdcard = 1;
@@ -101,4 +108,15 @@ static void palmetto_bmc_machine_init(MachineClass *mc)
 mc->no_parallel = 1;
 }
 
-DEFINE_MACHINE("palmetto-bmc", palmetto_bmc_machine_init);
+static const TypeInfo palmetto_bmc_type = {
+.name = MACHINE_TYPE_NAME("palmetto-bmc"),
+.parent = TYPE_MACHINE,
+.class_init = palmetto_bmc_class_init,
+};
+
+static void aspeed_machine_init(void)
+{
+type_register_static(&palmetto_bmc_type);
+}
+
+type_init(aspeed_machine_init)
-- 
2.1.4