[Qemu-devel] [PULL 28/33] edu: fix memory leak on msi_broken platforms

[Paolo Bonzini]

If msi_init fails, the thread has already been created and the
mutex/condvar are not destroyed.  Initialize everything only
after the point where pci_edu_realize cannot fail.

Reported-by: Markus Armbruster 
Cc: Peter Xu 
Signed-off-by: Paolo Bonzini 
---
 hw/misc/edu.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/hw/misc/edu.c b/hw/misc/edu.c
index 401039c..01acacf 100644
--- a/hw/misc/edu.c
+++ b/hw/misc/edu.c
@@ -343,6 +343,12 @@ static void pci_edu_realize(PCIDevice *pdev, Error **errp)
 EduState *edu = DO_UPCAST(EduState, pdev, pdev);
 uint8_t *pci_conf = pdev->config;
 
+pci_config_set_interrupt_pin(pci_conf, 1);
+
+if (msi_init(pdev, 0, 1, true, false, errp)) {
+return;
+}
+
 timer_init_ms(&edu->dma_timer, QEMU_CLOCK_VIRTUAL, edu_dma_timer, edu);
 
 qemu_mutex_init(&edu->thr_mutex);
@@ -350,12 +356,6 @@ static void pci_edu_realize(PCIDevice *pdev, Error **errp)
 qemu_thread_create(&edu->thread, "edu", edu_fact_thread,
edu, QEMU_THREAD_JOINABLE);
 
-pci_config_set_interrupt_pin(pci_conf, 1);
-
-if (msi_init(pdev, 0, 1, true, false, errp)) {
-return;
-}
-
 memory_region_init_io(&edu->mmio, OBJECT(edu), &edu_mmio_ops, edu,
 "edu-mmio", 1 << 20);
 pci_register_bar(pdev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &edu->mmio);
-- 
1.8.3.1

[Qemu-devel] [PULL 31/33] hw/core: nmi.c can be compiled as common-obj nowadays

[Paolo Bonzini]

From: Thomas Huth 

The target-specific code in nmi.c has been removed with this commit:

commit f7e981f29548fe4af7812f5920304fe607e5bf0d
nmi: remove x86 specific nmi handling

Signed-off-by: Thomas Huth 
Message-Id: <1496310843-28771-1-git-send-email-th...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 hw/core/Makefile.objs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/core/Makefile.objs b/hw/core/Makefile.objs
index 91450b2..f8d7a4a 100644
--- a/hw/core/Makefile.objs
+++ b/hw/core/Makefile.objs
@@ -5,7 +5,7 @@ common-obj-y += fw-path-provider.o
 # irq.o needed for qdev GPIO handling:
 common-obj-y += irq.o
 common-obj-y += hotplug.o
-obj-y += nmi.o
+common-obj-y += nmi.o
 
 common-obj-$(CONFIG_EMPTY_SLOT) += empty_slot.o
 common-obj-$(CONFIG_XILINX_AXI) += stream.o
-- 
1.8.3.1

[Qemu-devel] [PULL 20/33] target/i386: use multiple CPU AddressSpaces

[Paolo Bonzini]

This speeds up SMM switches.  Later on it may remove the need to take
the BQL, and it may also allow to reuse code between TCG and KVM.

Signed-off-by: Paolo Bonzini 
---
 target/i386/cpu.c| 15 +-
 target/i386/cpu.h| 11 +-
 target/i386/helper.c | 54 
 target/i386/machine.c|  4 
 target/i386/smm_helper.c | 18 
 5 files changed, 47 insertions(+), 55 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index a41d595..a638832 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -3239,7 +3239,7 @@ static void x86_cpu_machine_done(Notifier *n, void 
*unused)
 cpu->smram = g_new(MemoryRegion, 1);
 memory_region_init_alias(cpu->smram, OBJECT(cpu), "smram",
  smram, 0, 1ull << 32);
-memory_region_set_enabled(cpu->smram, false);
+memory_region_set_enabled(cpu->smram, true);
 memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, cpu->smram, 
1);
 }
 }
@@ -3619,7 +3619,9 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
 
 #ifndef CONFIG_USER_ONLY
 if (tcg_enabled()) {
-AddressSpace *newas = g_new(AddressSpace, 1);
+AddressSpace *as_normal = address_space_init_shareable(cs->memory,
+   "cpu-memory");
+AddressSpace *as_smm = g_new(AddressSpace, 1);
 
 cpu->cpu_as_mem = g_new(MemoryRegion, 1);
 cpu->cpu_as_root = g_new(MemoryRegion, 1);
@@ -3635,9 +3637,11 @@ static void x86_cpu_realizefn(DeviceState *dev, Error 
**errp)
  get_system_memory(), 0, ~0ull);
 memory_region_add_subregion_overlap(cpu->cpu_as_root, 0, 
cpu->cpu_as_mem, 0);
 memory_region_set_enabled(cpu->cpu_as_mem, true);
-address_space_init(newas, cpu->cpu_as_root, "CPU");
-cs->num_ases = 1;
-cpu_address_space_init(cs, newas, 0);
+address_space_init(as_smm, cpu->cpu_as_root, "CPU");
+
+cs->num_ases = 2;
+cpu_address_space_init(cs, as_normal, 0);
+cpu_address_space_init(cs, as_smm, 1);
 
 /* ... SMRAM with higher priority, linked from /machine/smram.  */
 cpu->machine_done.notify = x86_cpu_machine_done;
@@ -4053,6 +4057,7 @@ static void x86_cpu_common_class_init(ObjectClass *oc, 
void *data)
 #ifdef CONFIG_USER_ONLY
 cc->handle_mmu_fault = x86_cpu_handle_mmu_fault;
 #else
+cc->asidx_from_attrs = x86_asidx_from_attrs;
 cc->get_memory_mapping = x86_cpu_get_memory_mapping;
 cc->get_phys_page_debug = x86_cpu_get_phys_page_debug;
 cc->write_elf64_note = x86_cpu_write_elf64_note;
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 32a3a0c..c2e081c 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1450,6 +1450,16 @@ int x86_cpu_handle_mmu_fault(CPUState *cpu, vaddr addr,
 void x86_cpu_set_a20(X86CPU *cpu, int a20_state);
 
 #ifndef CONFIG_USER_ONLY
+static inline int x86_asidx_from_attrs(CPUState *cs, MemTxAttrs attrs)
+{
+return !!attrs.secure;
+}
+
+static inline AddressSpace *cpu_addressspace(CPUState *cs, MemTxAttrs attrs)
+{
+return cpu_get_address_space(cs, cpu_asidx_from_attrs(cs, attrs));
+}
+
 uint8_t x86_ldub_phys(CPUState *cs, hwaddr addr);
 uint32_t x86_lduw_phys(CPUState *cs, hwaddr addr);
 uint32_t x86_ldl_phys(CPUState *cs, hwaddr addr);
@@ -1652,7 +1662,6 @@ void do_interrupt_x86_hardirq(CPUX86State *env, int 
intno, int is_hw);
 
 /* smm_helper.c */
 void do_smm_enter(X86CPU *cpu);
-void cpu_smm_update(X86CPU *cpu);
 
 /* apic.c */
 void cpu_report_tpr_access(CPUX86State *env, TPRAccess access);
diff --git a/target/i386/helper.c b/target/i386/helper.c
index 6c16e7c..d0daa1f 100644
--- a/target/i386/helper.c
+++ b/target/i386/helper.c
@@ -1403,89 +1403,89 @@ uint8_t x86_ldub_phys(CPUState *cs, hwaddr addr)
 {
 X86CPU *cpu = X86_CPU(cs);
 CPUX86State *env = &cpu->env;
+MemTxAttrs attrs = cpu_get_mem_attrs(env);
+AddressSpace *as = cpu_addressspace(cs, attrs);
 
-return address_space_ldub(cs->as, addr,
-  cpu_get_mem_attrs(env),
-  NULL);
+return address_space_ldub(as, addr, attrs, NULL);
 }
 
 uint32_t x86_lduw_phys(CPUState *cs, hwaddr addr)
 {
 X86CPU *cpu = X86_CPU(cs);
 CPUX86State *env = &cpu->env;
+MemTxAttrs attrs = cpu_get_mem_attrs(env);
+AddressSpace *as = cpu_addressspace(cs, attrs);
 
-return address_space_lduw(cs->as, addr,
-  cpu_get_mem_attrs(env),
-  NULL);
+return address_space_lduw(as, addr, attrs, NULL);
 }
 
 uint32_t x86_ldl_phys(CPUState *cs, hwaddr addr)
 {
 X86CPU *cpu = X86_CPU(cs);
 CPUX86State *env = &cpu->env;
+MemTxAttrs attrs = cpu_get_mem_attrs(env);
+AddressSpace *as = cpu_addressspace(cs, attrs);
 
-return address_space_ldl(cs->as, addr,
-   

[Qemu-devel] [PULL 23/33] exec: fix address_space_get_iotlb_entry page mask

[Paolo Bonzini]

From: Peter Xu 

The IOTLB that it returned didn't guarantee that page_mask is indeed a
so-called page mask. That won't affect current usage since now only
vhost is using it (vhost API allows arbitary IOTLB range). However we
have IOTLB scemantic and we should best follow it. This patch fixes this
issue to make sure the page_mask is always a valid page mask.

Fixes: a764040 ("exec: abstract address_space_do_translate()")
Signed-off-by: Peter Xu 
Message-Id: <1496212378-22605-1-git-send-email-pet...@redhat.com>
Signed-off-by: Paolo Bonzini 
---
 exec.c | 14 ++
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/exec.c b/exec.c
index 29633cd..22b8f0c 100644
--- a/exec.c
+++ b/exec.c
@@ -528,16 +528,14 @@ IOMMUTLBEntry address_space_get_iotlb_entry(AddressSpace 
*as, hwaddr addr,
 section.offset_within_region;
 
 if (plen == (hwaddr)-1) {
-/*
- * We use default page size here. Logically it only happens
- * for identity mappings.
- */
-plen = TARGET_PAGE_SIZE;
+/* If not specified during translation, use default mask */
+plen = TARGET_PAGE_MASK;
+} else {
+/* Make it a valid page mask */
+assert(plen);
+plen = pow2floor(plen) - 1;
 }
 
-/* Convert to address mask */
-plen -= 1;
-
 return (IOMMUTLBEntry) {
 .target_as = section.address_space,
 .iova = addr & ~plen,
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v2 08/10] migration: Create include for migration snapshots

[Dr. David Alan Gilbert]

* Juan Quintela (quint...@redhat.com) wrote:
> Start removing migration code from sysemu/sysemu.h.
> 
> Signed-off-by: Juan Quintela 

Yes, the names always confused me.


Reviewed-by: Dr. David Alan Gilbert 

> ---
>  hmp.c|  5 +++--
>  include/block/block_int.h|  4 ++--
>  include/migration/snapshot.h | 21 +
>  include/sysemu/sysemu.h  |  3 ---
>  migration/savevm.c   |  5 +++--
>  replay/replay-snapshot.c |  5 +++--
>  vl.c |  3 ++-
>  7 files changed, 34 insertions(+), 12 deletions(-)
>  create mode 100644 include/migration/snapshot.h
> 
> diff --git a/hmp.c b/hmp.c
> index 20f5dab..ad72390 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -42,6 +42,7 @@
>  #include "qemu/error-report.h"
>  #include "exec/ramlist.h"
>  #include "hw/intc/intc.h"
> +#include "migration/snapshot.h"
>  
>  #ifdef CONFIG_SPICE
>  #include 
> @@ -1284,7 +1285,7 @@ void hmp_loadvm(Monitor *mon, const QDict *qdict)
>  
>  vm_stop(RUN_STATE_RESTORE_VM);
>  
> -if (load_vmstate(name, &err) == 0 && saved_vm_running) {
> +if (load_snapshot(name, &err) == 0 && saved_vm_running) {
>  vm_start();
>  }
>  hmp_handle_error(mon, &err);
> @@ -1294,7 +1295,7 @@ void hmp_savevm(Monitor *mon, const QDict *qdict)
>  {
>  Error *err = NULL;
>  
> -save_vmstate(qdict_get_try_str(qdict, "name"), &err);
> +save_snapshot(qdict_get_try_str(qdict, "name"), &err);
>  hmp_handle_error(mon, &err);
>  }
>  
> diff --git a/include/block/block_int.h b/include/block/block_int.h
> index e5eb473..cb78c4f 100644
> --- a/include/block/block_int.h
> +++ b/include/block/block_int.h
> @@ -601,8 +601,8 @@ struct BlockDriverState {
>  int copy_on_read;
>  
>  /* If we are reading a disk image, give its size in sectors.
> - * Generally read-only; it is written to by load_vmstate and 
> save_vmstate,
> - * but the block layer is quiescent during those.
> + * Generally read-only; it is written to by load_snapshot and
> + * save_snaphost, but the block layer is quiescent during those.
>   */
>  int64_t total_sectors;
>  
> diff --git a/include/migration/snapshot.h b/include/migration/snapshot.h
> new file mode 100644
> index 000..c85b6ec
> --- /dev/null
> +++ b/include/migration/snapshot.h
> @@ -0,0 +1,21 @@
> +/*
> + * QEMU snapshots
> + *
> + * Copyright (c) 2004-2008 Fabrice Bellard
> + * Copyright (c) 2009-2015 Red Hat Inc
> + *
> + * Authors:
> + *  Juan Quintela 
> + *
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or later.
> + * See the COPYING file in the top-level directory.
> + */
> +
> +#ifndef QEMU_MIGRATION_SNAPSHOT_H
> +#define QEMU_MIGRATION_SNAPSHOT_H
> +
> +int save_snapshot(const char *name, Error **errp);
> +int load_snapshot(const char *name, Error **errp);
> +
> +#endif
> diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
> index 723c8dc..9841a52 100644
> --- a/include/sysemu/sysemu.h
> +++ b/include/sysemu/sysemu.h
> @@ -92,9 +92,6 @@ void qemu_remove_exit_notifier(Notifier *notify);
>  void qemu_add_machine_init_done_notifier(Notifier *notify);
>  void qemu_remove_machine_init_done_notifier(Notifier *notify);
>  
> -int save_vmstate(const char *name, Error **errp);
> -int load_vmstate(const char *name, Error **errp);
> -
>  void qemu_announce_self(void);
>  
>  extern int autostart;
> diff --git a/migration/savevm.c b/migration/savevm.c
> index bb3f9ec..f2664f3 100644
> --- a/migration/savevm.c
> +++ b/migration/savevm.c
> @@ -35,6 +35,7 @@
>  #include "sysemu/sysemu.h"
>  #include "qemu/timer.h"
>  #include "migration/migration.h"
> +#include "migration/snapshot.h"
>  #include "qemu-file-channel.h"
>  #include "qemu-file.h"
>  #include "savevm.h"
> @@ -2067,7 +2068,7 @@ int qemu_loadvm_state(QEMUFile *f)
>  return ret;
>  }
>  
> -int save_vmstate(const char *name, Error **errp)
> +int save_snapshot(const char *name, Error **errp)
>  {
>  BlockDriverState *bs, *bs1;
>  QEMUSnapshotInfo sn1, *sn = &sn1, old_sn1, *old_sn = &old_sn1;
> @@ -2224,7 +2225,7 @@ void qmp_xen_load_devices_state(const char *filename, 
> Error **errp)
>  migration_incoming_state_destroy();
>  }
>  
> -int load_vmstate(const char *name, Error **errp)
> +int load_snapshot(const char *name, Error **errp)
>  {
>  BlockDriverState *bs, *bs_vm_state;
>  QEMUSnapshotInfo sn;
> diff --git a/replay/replay-snapshot.c b/replay/replay-snapshot.c
> index c75cd38..a4ded29 100644
> --- a/replay/replay-snapshot.c
> +++ b/replay/replay-snapshot.c
> @@ -19,6 +19,7 @@
>  #include "qapi/qmp/qstring.h"
>  #include "qemu/error-report.h"
>  #include "migration/vmstate.h"
> +#include "migration/snapshot.h"
>  
>  static void replay_pre_save(void *opaque)
>  {
> @@ -66,13 +67,13 @@ void replay_vmstate_init(void)
>  
>  if (replay_snapshot) {
>  if (replay_mode == REPLAY_MODE_RECORD) {
> -if (save_vmstate(replay_snapshot, &err) != 0) {
> +if 

[Qemu-devel] [PULL 29/33] i386/kvm: do not zero out segment flags if segment is unusable or not present

[Paolo Bonzini]

From: Roman Pen 

This is a fix for the problem [1], where VMCB.CPL was set to 0 and interrupt
was taken on userspace stack.  The root cause lies in the specific AMD CPU
behaviour which manifests itself as unusable segment attributes on SYSRET[2].

Here in this patch flags are not touched even segment is unusable or is not
present, therefore CPL (which is stored in DPL field) should not be lost and
will be successfully restored on kvm/svm kernel side.

Also current patch should not break desired behavior described in this commit:

4cae9c97967a ("target-i386: kvm: clear unusable segments' flags in migration")

since present bit will be dropped if segment is unusable or is not present.

This is the second part of the whole fix of the corresponding problem [1],
first part is related to kvm/svm kernel side and does exactly the same:
segment attributes are not zeroed out.

[1] Message id: 
CAJrWOzD6Xq==b-zYCDdFLgSRMPM-NkNuTSDFEtX=7mret45...@mail.gmail.com
[2] Message id: 
5d120f358612d73fc909f5bfa47e7bd082db0af0.1429841474.git.l...@kernel.org

Signed-off-by: Roman Pen 
Signed-off-by: Mikhail Sennikovskii 
Cc: Paolo Bonzini 
Cc: Radim Krčmář 
Cc: Michael Chapman 
Cc: qemu-devel@nongnu.org
Message-Id: <20170601085604.12980-1-roman.peny...@profitbricks.com>
Signed-off-by: Paolo Bonzini 
---
 target/i386/kvm.c | 20 
 1 file changed, 8 insertions(+), 12 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 82c72d2..6e7c197 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1301,18 +1301,14 @@ static void get_seg(SegmentCache *lhs, const struct 
kvm_segment *rhs)
 lhs->selector = rhs->selector;
 lhs->base = rhs->base;
 lhs->limit = rhs->limit;
-if (rhs->unusable) {
-lhs->flags = 0;
-} else {
-lhs->flags = (rhs->type << DESC_TYPE_SHIFT) |
- (rhs->present * DESC_P_MASK) |
- (rhs->dpl << DESC_DPL_SHIFT) |
- (rhs->db << DESC_B_SHIFT) |
- (rhs->s * DESC_S_MASK) |
- (rhs->l << DESC_L_SHIFT) |
- (rhs->g * DESC_G_MASK) |
- (rhs->avl * DESC_AVL_MASK);
-}
+lhs->flags = (rhs->type << DESC_TYPE_SHIFT) |
+ ((rhs->present && !rhs->unusable) * DESC_P_MASK) |
+ (rhs->dpl << DESC_DPL_SHIFT) |
+ (rhs->db << DESC_B_SHIFT) |
+ (rhs->s * DESC_S_MASK) |
+ (rhs->l << DESC_L_SHIFT) |
+ (rhs->g * DESC_G_MASK) |
+ (rhs->avl * DESC_AVL_MASK);
 }
 
 static void kvm_getput_reg(__u64 *kvm_reg, target_ulong *qemu_reg, int set)
-- 
1.8.3.1

[Qemu-devel] [PULL 33/33] kvm: don't register smram_listener when smm is off

[Paolo Bonzini]

From: Gonglei 

If the user set disable smm by '-machine smm=off', we
should not register smram_listener so that we can
avoid waster memory in kvm since the added sencond
address space.

Meanwhile we should assign value of the global kvm_state
before invoking the kvm_arch_init(), because
pc_machine_is_smm_enabled() may use it by kvm_has_mm().

Signed-off-by: Gonglei 
Message-Id: <1496316915-121196-1-git-send-email-arei.gong...@huawei.com>
Signed-off-by: Paolo Bonzini 
---
 kvm-all.c | 4 ++--
 target/i386/kvm.c | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/kvm-all.c b/kvm-all.c
index 2598b1f..fb87bdc 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1748,6 +1748,8 @@ static int kvm_init(MachineState *ms)
 kvm_ioeventfd_any_length_allowed =
 (kvm_check_extension(s, KVM_CAP_IOEVENTFD_ANY_LENGTH) > 0);
 
+kvm_state = s;
+
 ret = kvm_arch_init(ms, s);
 if (ret < 0) {
 goto err;
@@ -1757,8 +1759,6 @@ static int kvm_init(MachineState *ms)
 kvm_irqchip_create(ms, s);
 }
 
-kvm_state = s;
-
 if (kvm_eventfds_allowed) {
 s->memory_listener.listener.eventfd_add = kvm_mem_ioeventfd_add;
 s->memory_listener.listener.eventfd_del = kvm_mem_ioeventfd_del;
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 6e7c197..8e3bbc5 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -1255,7 +1255,9 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
 }
 }
 
-if (kvm_check_extension(s, KVM_CAP_X86_SMM)) {
+if (kvm_check_extension(s, KVM_CAP_X86_SMM) &&
+object_dynamic_cast(OBJECT(ms), TYPE_PC_MACHINE) &&
+pc_machine_is_smm_enabled(PC_MACHINE(ms))) {
 smram_machine_done.notify = register_smram_listener;
 qemu_add_machine_init_done_notifier(&smram_machine_done);
 }
-- 
1.8.3.1

[Qemu-devel] [PULL 27/33] linuxboot_dma: compile for i486

[Paolo Bonzini]

The ROM uses the cmovne instruction, which is new in Pentium Pro and does not
work when running QEMU with "-cpu 486".  Avoid producing that instruction.

Suggested-by: Richard W.M. Jones 
Suggested-by: Thomas Huth 
Reported-by: Rob Landley 
Cc: qemu-sta...@nongnu.org
Signed-off-by: Paolo Bonzini 
---
 pc-bios/linuxboot_dma.bin  | Bin 1536 -> 1536 bytes
 pc-bios/optionrom/Makefile |   1 +
 2 files changed, 1 insertion(+)

diff --git a/pc-bios/linuxboot_dma.bin b/pc-bios/linuxboot_dma.bin
index 
218d3ab4a29bfb5ab7125ec7a4d29dad1860c673..d176f62797813e4b926dca9dfce7ce554dc1a4d6
 100644
GIT binary patch
literal 1536
zcmeHFL2J`s82-{_T52KL%w~}udiW-YBE*9t=s~ClrIm^s9^6H6Pf%onr07*+kWd=L
zpW)d<4G1ZESU1FyUDSCf^YYaxioy<}t?!rmu^#*f?mHxJo;-Qp_kHp#Je^o$|2##;
zYs)n)qh6k7XI07O)9TW>>H@3WSgzkI-MW44`qG_Jxhgq7fAt@+rpuZy7{g_FpG^eo
zuoD<7Fjn!zK~Uydy3X@Fj1CnQuA}{tXz$^z=7>a?#S!%6CsARNbiO)h=v+Q~y@5O1
ze8y7!akTy&-YXMV@p3Es`0q*km+)Mtxe(3DE2)a5;c%$H0|Yu~mbnR0C7dKHR7Zsr
zmrccq5lm%U=wXc39gV6@%Jl!9^%vQ9V0A-7aUkNnpxu8npp2ruY0}SsKn=BiGN9Y;
L*>&K*abWuoMsO(*

literal 1536
zcmeHF&ubGw6rN4Dn#RCxYN|nUh%gpJFME=L9)#^}1F5!ps0f07iy|#(O1W^nf~VP8b!3b3v@l;?V$SuIwL6uYt5>dGyH&BPBIn1?(K>6@S?eidI1hgSZ^wky
zNA%Hz@f^krJcQTH!Ptb+b>Z7QOZy_v)9!Gc_A*CUnxyOgP~7<9qN#In@`mGjfw=z$
z*1p4gW?~r|cz_FdqLT)y8y*s0Z-)z#_;!*cE?PD>cN4CX-n&AUsLGXj9UuS(2NP%(`OENoGw|EGqnf#7ASHq-k?KrExJ~
z^CHnSr*VvZO%mMQmY+taei4m+{T$|c^(w4)XlpT*^|#=^eK`aF_0%gE_5j9w)aV=c
zk7$UtO_Fkt>S!)b5N*mx5@orPY(na#Hj4MfwIDj65ohT<|dXkK7E?qHJ9XdoKqMjysh
NXm9N~@Si)N{RVuA8xQ~h

diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile
index fa53d9e..a9a9e5e 100644
--- a/pc-bios/optionrom/Makefile
+++ b/pc-bios/optionrom/Makefile
@@ -13,6 +13,7 @@ $(call set-vpath, $(SRC_PATH)/pc-bios/optionrom)
 ifeq ($(lastword $(filter -O%, -O0 $(CFLAGS))),-O0)
 override CFLAGS += -O2
 endif
+override CFLAGS += -march=i486
 
 # Drop -fstack-protector and the like
 QEMU_CFLAGS := $(filter -W%, $(QEMU_CFLAGS)) $(CFLAGS_NOPIE) -ffreestanding
-- 
1.8.3.1

[Qemu-devel] [RFC 1/1] qemu-ga: add missing libpcre to MSI build

[Thomas Lamprecht]

glib depends on libpcre which was not shipped with the MSI, thus
starting of the qemu-ga.exe failed with the respective error message.

Tell WIXL to ship this library with the MSI to avoid this problem.

Signed-off-by: Thomas Lamprecht 
CC: Stefan Weil 
CC: Michael Roth 
---

I haven't done much with the qga or WIXL, so I send this as a RFC.
I hope that I guessed the right people to get CC'ed from MAINTAINERS.

This fixes a current qemu-ga MSI build, I tested it successfully with Windows 7
and Windows 10 as guest OS.

I cross built from a Fedora 25 LXC container.

The Guid for the libpcre was generated by https://www.guidgen.com/ as suggested
by:
http://wixtoolset.org/documentation/manual/v3/howtos/general/generate_guids.html

 qga/installer/qemu-ga.wxs | 4 
 1 file changed, 4 insertions(+)

diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
index fa2260cafa..5af11627f8 100644
--- a/qga/installer/qemu-ga.wxs
+++ b/qga/installer/qemu-ga.wxs
@@ -125,6 +125,9 @@
   
 
   
+  
+
+  
   
 
@@ -173,6 +176,7 @@
   
   
   
+  
 
 
 
-- 
2.11.0

Re: [Qemu-devel] [PATCH v2 07/10] migration: Export rdma.c functions in its own file

[Dr. David Alan Gilbert]

* Juan Quintela (quint...@redhat.com) wrote:
> Signed-off-by: Juan Quintela 
> ---
>  include/migration/migration.h |  4 
>  migration/migration.c |  1 +
>  migration/rdma.c  |  1 +
>  migration/rdma.h  | 25 +
>  4 files changed, 27 insertions(+), 4 deletions(-)
>  create mode 100644 migration/rdma.h
> 
> diff --git a/include/migration/migration.h b/include/migration/migration.h
> index 29fda5b..8d29bc9 100644
> --- a/include/migration/migration.h
> +++ b/include/migration/migration.h
> @@ -153,10 +153,6 @@ void qemu_start_incoming_migration(const char *uri, 
> Error **errp);
>  
>  uint64_t migrate_max_downtime(void);
>  
> -void rdma_start_outgoing_migration(void *opaque, const char *host_port, 
> Error **errp);
> -
> -void rdma_start_incoming_migration(const char *host_port, Error **errp);
> -
>  void migrate_fd_error(MigrationState *s, const Error *error);
>  
>  void migrate_fd_connect(MigrationState *s);
> diff --git a/migration/migration.c b/migration/migration.c
> index 6e11db2..3face58 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -21,6 +21,7 @@
>  #include "exec.h"
>  #include "fd.h"
>  #include "socket.h"
> +#include "rdma.h"
>  #include "migration/migration.h"
>  #include "savevm.h"
>  #include "qemu-file-channel.h"
> diff --git a/migration/rdma.c b/migration/rdma.c
> index 4cb5bf8..fab30ea 100644
> --- a/migration/rdma.c
> +++ b/migration/rdma.c
> @@ -17,6 +17,7 @@
>  #include "qapi/error.h"
>  #include "qemu-common.h"
>  #include "qemu/cutils.h"
> +#include "rdma.h"
>  #include "migration/migration.h"
>  #include "qemu-file.h"
>  #include "exec/cpu-common.h"
> diff --git a/migration/rdma.h b/migration/rdma.h
> new file mode 100644
> index 000..de2ba09
> --- /dev/null
> +++ b/migration/rdma.h
> @@ -0,0 +1,25 @@
> +/*
> + * RDMA protocol and interfaces
> + *
> + * Copyright IBM, Corp. 2010-2013
> + * Copyright Red Hat, Inc. 2015-2016
> + *
> + * Authors:
> + *  Michael R. Hines 
> + *  Jiuxing Liu 
> + *  Daniel P. Berrange 
> + *
> + * This work is licensed under the terms of the GNU GPL, version 2 or
> + * later.  See the COPYING file in the top-level directory.
> + *
> + */

Hmm, are we allowed to v2-or-later that?  migration.h is v2

Dave

> +#ifndef QEMU_MIGRATION_RDMA_H
> +#define QEMU_MIGRATION_RDMA_H
> +
> +void rdma_start_outgoing_migration(void *opaque, const char *host_port,
> +   Error **errp);
> +
> +void rdma_start_incoming_migration(const char *host_port, Error **errp);
> +
> +#endif
> -- 
> 2.9.4
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v4 4/8] vmdk: Factor out metadata loading code out of vmdk_get_cluster_offset()

[Fam Zheng]

On Sat, 04/22 10:43, Ashijeet Acharya wrote:
> Move the cluster tables loading code out of the existing
> vmdk_get_cluster_offset() function and implement it in separate
> get_cluster_table() and vmdk_L2load() functions. This patch will help

Now vmdk_L2load is in lower case, "vmdk_l2load".

> us avoid code duplication in future patches of this series.

Bikeshedding: "of this series" is meaningful now, but not quite so once this
patch becomes a commit in qemu.git - the series information will be missing.

> 
> Signed-off-by: Ashijeet Acharya 
> ---
>  block/vmdk.c | 153 
> ---
>  1 file changed, 105 insertions(+), 48 deletions(-)
> 
> diff --git a/block/vmdk.c b/block/vmdk.c
> index f403981..4cee868 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -1143,6 +1143,105 @@ static int vmdk_L2update(VmdkExtent *extent, 
> VmdkMetaData *m_data,
>  return VMDK_OK;
>  }
>  
> +/*
> + * vmdk_l2load
> + *
> + * Load a new L2 table into memory. If the table is in the cache, the cache
> + * is used; otherwise the L2 table is loaded from the image file.
> + *
> + * Returns:
> + *   VMDK_OK:   on success
> + *   VMDK_ERROR:in error cases
> + */
> +static int vmdk_l2load(VmdkExtent *extent, uint64_t offset, int l2_offset,
> +   uint32_t **new_l2_table, int *new_l2_index)
> +{
> +int min_index, i, j;
> +uint32_t *l2_table;
> +uint32_t min_count;
> +
> +for (i = 0; i < L2_CACHE_SIZE; i++) {
> +if (l2_offset == extent->l2_cache_offsets[i]) {
> +/* increment the hit count */
> +if (++extent->l2_cache_counts[i] == UINT32_MAX) {
> +for (j = 0; j < L2_CACHE_SIZE; j++) {
> +extent->l2_cache_counts[j] >>= 1;
> +}
> +}
> +l2_table = extent->l2_cache + (i * extent->l2_size);
> +goto found;
> +}
> +}
> +/* not found: load a new entry in the least used one */
> +min_index = 0;
> +min_count = UINT32_MAX;
> +for (i = 0; i < L2_CACHE_SIZE; i++) {
> +if (extent->l2_cache_counts[i] < min_count) {
> +min_count = extent->l2_cache_counts[i];
> +min_index = i;
> +}
> +}
> +l2_table = extent->l2_cache + (min_index * extent->l2_size);
> +if (bdrv_pread(extent->file,
> +(int64_t)l2_offset * 512,
> +l2_table,
> +extent->l2_size * sizeof(uint32_t)
> +) != extent->l2_size * sizeof(uint32_t)) {
> +return VMDK_ERROR;
> +}
> +
> +extent->l2_cache_offsets[min_index] = l2_offset;
> +extent->l2_cache_counts[min_index] = 1;
> +found:
> +*new_l2_index = ((offset >> 9) / extent->cluster_sectors) % 
> extent->l2_size;
> +*new_l2_table = l2_table;
> +
> +return VMDK_OK;
> +}
> +
> +/*
> + * get_cluster_table
> + *
> + * for a given offset, load (and allocate if needed) the l2 table.

More consistent if you capitalize the first letter "For".

> + *
> + * Returns:
> + *   VMDK_OK:on success
> + *
> + *   VMDK_UNALLOC:   if cluster is not mapped
> + *
> + *   VMDK_ERROR: in error cases
> + */
> +static int get_cluster_table(VmdkExtent *extent, uint64_t offset,
> + int *new_l1_index, int *new_l2_offset,
> + int *new_l2_index, uint32_t **new_l2_table)
> +{
> +int l1_index, l2_offset, l2_index;
> +uint32_t *l2_table;
> +int ret;
> +
> +offset -= (extent->end_sector - extent->sectors) * SECTOR_SIZE;
> +l1_index = (offset >> 9) / extent->l1_entry_sectors;
> +if (l1_index >= extent->l1_size) {
> +return VMDK_ERROR;
> +}
> +l2_offset = extent->l1_table[l1_index];
> +if (!l2_offset) {
> +return VMDK_UNALLOC;
> +}
> +
> +ret = vmdk_l2load(extent, offset, l2_offset, &l2_table, &l2_index);
> +if (ret < 0) {
> +return ret;
> +}
> +
> +*new_l1_index = l1_index;
> +*new_l2_offset = l2_offset;
> +*new_l2_index = l2_index;
> +*new_l2_table = l2_table;
> +
> +return VMDK_OK;
> +}
> +
>  /**
>   * vmdk_get_cluster_offset
>   *
> @@ -1172,66 +1271,24 @@ static int vmdk_get_cluster_offset(BlockDriverState 
> *bs,
> uint64_t skip_start_bytes,
> uint64_t skip_end_bytes)
>  {
> -unsigned int l1_index, l2_offset, l2_index;
> -int min_index, i, j;
> -uint32_t min_count, *l2_table;
> +int l1_index, l2_offset, l2_index;
> +uint32_t *l2_table;
>  bool zeroed = false;
>  int64_t ret;
>  int64_t cluster_sector;
>  
> -if (m_data) {
> -m_data->valid = 0;
> -}
>  if (extent->flat) {
>  *cluster_offset = extent->flat_start_offset;
>  return VMDK_OK;
>  }
>  
> -offset -= (extent->end_sector - extent->sectors) * SECTOR_SIZE;
> -l1_index = (offset >> 9) / extent->l1_entry_sectors;
> -if (l1_

[Qemu-devel] [PULL 32/33] nbd: make it thread-safe, fix qcow2 over nbd

[Paolo Bonzini]

NBD is not thread safe, because it accesses s->in_flight without
a CoMutex.  Fixing this will be required for multiqueue.
CoQueue doesn't have spurious wakeups but, when another coroutine can
run between qemu_co_queue_next's wakeup and qemu_co_queue_wait's
re-locking of the mutex, the wait condition can become false and
a loop is necessary.

In fact, it turns out that the loop is necessary even without this
multi-threaded scenario.  A particular sequence of coroutine wakeups
is happening ~80% of the time when starting a guest with qcow2 image
served over NBD (i.e. qemu-nbd --format=raw, and QEMU's -drive option
has -format=qcow2).  This patch fixes that issue too.

Signed-off-by: Paolo Bonzini 
---
 block/nbd-client.c | 30 +-
 1 file changed, 9 insertions(+), 21 deletions(-)

diff --git a/block/nbd-client.c b/block/nbd-client.c
index 09d955b..87d19c7 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -119,6 +119,10 @@ static int nbd_co_send_request(BlockDriverState *bs,
 int rc, ret, i;
 
 qemu_co_mutex_lock(&s->send_mutex);
+while (s->in_flight == MAX_NBD_REQUESTS) {
+qemu_co_queue_wait(&s->free_sema, &s->send_mutex);
+}
+s->in_flight++;
 
 for (i = 0; i < MAX_NBD_REQUESTS; i++) {
 if (s->recv_coroutine[i] == NULL) {
@@ -181,20 +185,6 @@ static void nbd_co_receive_reply(NBDClientSession *s,
 }
 }
 
-static void nbd_coroutine_start(NBDClientSession *s,
-NBDRequest *request)
-{
-/* Poor man semaphore.  The free_sema is locked when no other request
- * can be accepted, and unlocked after receiving one reply.  */
-if (s->in_flight == MAX_NBD_REQUESTS) {
-qemu_co_queue_wait(&s->free_sema, NULL);
-assert(s->in_flight < MAX_NBD_REQUESTS);
-}
-s->in_flight++;
-
-/* s->recv_coroutine[i] is set as soon as we get the send_lock.  */
-}
-
 static void nbd_coroutine_end(BlockDriverState *bs,
   NBDRequest *request)
 {
@@ -202,13 +192,16 @@ static void nbd_coroutine_end(BlockDriverState *bs,
 int i = HANDLE_TO_INDEX(s, request->handle);
 
 s->recv_coroutine[i] = NULL;
-s->in_flight--;
-qemu_co_queue_next(&s->free_sema);
 
 /* Kick the read_reply_co to get the next reply.  */
 if (s->read_reply_co) {
 aio_co_wake(s->read_reply_co);
 }
+
+qemu_co_mutex_lock(&s->send_mutex);
+s->in_flight--;
+qemu_co_queue_next(&s->free_sema);
+qemu_co_mutex_unlock(&s->send_mutex);
 }
 
 int nbd_client_co_preadv(BlockDriverState *bs, uint64_t offset,
@@ -226,7 +219,6 @@ int nbd_client_co_preadv(BlockDriverState *bs, uint64_t 
offset,
 assert(bytes <= NBD_MAX_BUFFER_SIZE);
 assert(!flags);
 
-nbd_coroutine_start(client, &request);
 ret = nbd_co_send_request(bs, &request, NULL);
 if (ret < 0) {
 reply.error = -ret;
@@ -256,7 +248,6 @@ int nbd_client_co_pwritev(BlockDriverState *bs, uint64_t 
offset,
 
 assert(bytes <= NBD_MAX_BUFFER_SIZE);
 
-nbd_coroutine_start(client, &request);
 ret = nbd_co_send_request(bs, &request, qiov);
 if (ret < 0) {
 reply.error = -ret;
@@ -291,7 +282,6 @@ int nbd_client_co_pwrite_zeroes(BlockDriverState *bs, 
int64_t offset,
 request.flags |= NBD_CMD_FLAG_NO_HOLE;
 }
 
-nbd_coroutine_start(client, &request);
 ret = nbd_co_send_request(bs, &request, NULL);
 if (ret < 0) {
 reply.error = -ret;
@@ -316,7 +306,6 @@ int nbd_client_co_flush(BlockDriverState *bs)
 request.from = 0;
 request.len = 0;
 
-nbd_coroutine_start(client, &request);
 ret = nbd_co_send_request(bs, &request, NULL);
 if (ret < 0) {
 reply.error = -ret;
@@ -342,7 +331,6 @@ int nbd_client_co_pdiscard(BlockDriverState *bs, int64_t 
offset, int count)
 return 0;
 }
 
-nbd_coroutine_start(client, &request);
 ret = nbd_co_send_request(bs, &request, NULL);
 if (ret < 0) {
 reply.error = -ret;
-- 
1.8.3.1

[Qemu-devel] [PATCH v2 3/4] kdump: add vmcoreinfo

[Marc-André Lureau]

kdump header provides offset and size of the vmcoreinfo note, append it
if available.

Signed-off-by: Marc-André Lureau 
---
 dump.c | 48 
 1 file changed, 44 insertions(+), 4 deletions(-)

diff --git a/dump.c b/dump.c
index 6911ffad8b..ba7676a514 100644
--- a/dump.c
+++ b/dump.c
@@ -791,8 +791,9 @@ static void create_header32(DumpState *s, Error **errp)
 uint32_t sub_hdr_size;
 uint32_t bitmap_blocks;
 uint32_t status = 0;
-uint64_t offset_note;
+uint64_t offset_note, offset_vmcoreinfo, size_vmcoreinfo = 0;
 Error *local_err = NULL;
+uint8_t *vmcoreinfo = NULL;
 
 /* write common header, the version of kdump-compressed format is 6th */
 size = sizeof(DiskDumpHeader32);
@@ -841,7 +842,18 @@ static void create_header32(DumpState *s, Error **errp)
 kh->phys_base = cpu_to_dump32(s, s->dump_info.phys_base);
 kh->dump_level = cpu_to_dump32(s, DUMP_LEVEL);
 
-offset_note = DISKDUMP_HEADER_BLOCKS * block_size + size;
+offset_vmcoreinfo = DISKDUMP_HEADER_BLOCKS * block_size + size;
+if (s->vmcoreinfo) {
+uint64_t hsize, name_size;
+
+get_note_sizes(s, s->vmcoreinfo, &hsize, &name_size, &size_vmcoreinfo);
+vmcoreinfo =
+s->vmcoreinfo + ((hsize + 3) / 4 + (name_size + 3) / 4) * 4;
+kh->offset_vmcoreinfo = cpu_to_dump64(s, offset_vmcoreinfo);
+kh->size_vmcoreinfo = cpu_to_dump32(s, size_vmcoreinfo);
+}
+
+offset_note = offset_vmcoreinfo + size_vmcoreinfo;
 kh->offset_note = cpu_to_dump64(s, offset_note);
 kh->note_size = cpu_to_dump32(s, s->note_size);
 
@@ -851,6 +863,14 @@ static void create_header32(DumpState *s, Error **errp)
 goto out;
 }
 
+if (vmcoreinfo) {
+if (write_buffer(s->fd, offset_vmcoreinfo, vmcoreinfo,
+ size_vmcoreinfo) < 0) {
+error_setg(errp, "dump: failed to vmcoreinfo");
+goto out;
+}
+}
+
 /* write note */
 s->note_buf = g_malloc0(s->note_size);
 s->note_buf_offset = 0;
@@ -891,8 +911,9 @@ static void create_header64(DumpState *s, Error **errp)
 uint32_t sub_hdr_size;
 uint32_t bitmap_blocks;
 uint32_t status = 0;
-uint64_t offset_note;
+uint64_t offset_note, offset_vmcoreinfo, size_vmcoreinfo = 0;
 Error *local_err = NULL;
+uint8_t *vmcoreinfo = NULL;
 
 /* write common header, the version of kdump-compressed format is 6th */
 size = sizeof(DiskDumpHeader64);
@@ -941,7 +962,18 @@ static void create_header64(DumpState *s, Error **errp)
 kh->phys_base = cpu_to_dump64(s, s->dump_info.phys_base);
 kh->dump_level = cpu_to_dump32(s, DUMP_LEVEL);
 
-offset_note = DISKDUMP_HEADER_BLOCKS * block_size + size;
+offset_vmcoreinfo = DISKDUMP_HEADER_BLOCKS * block_size + size;
+if (s->vmcoreinfo) {
+uint64_t hsize, name_size;
+
+get_note_sizes(s, s->vmcoreinfo, &hsize, &name_size, &size_vmcoreinfo);
+vmcoreinfo =
+s->vmcoreinfo + ((hsize + 3) / 4 + (name_size + 3) / 4) * 4;
+kh->offset_vmcoreinfo = cpu_to_dump64(s, offset_vmcoreinfo);
+kh->size_vmcoreinfo = cpu_to_dump64(s, size_vmcoreinfo);
+}
+
+offset_note = offset_vmcoreinfo + size_vmcoreinfo;
 kh->offset_note = cpu_to_dump64(s, offset_note);
 kh->note_size = cpu_to_dump64(s, s->note_size);
 
@@ -951,6 +983,14 @@ static void create_header64(DumpState *s, Error **errp)
 goto out;
 }
 
+if (vmcoreinfo) {
+if (write_buffer(s->fd, offset_vmcoreinfo, vmcoreinfo,
+ size_vmcoreinfo) < 0) {
+error_setg(errp, "dump: failed to vmcoreinfo");
+goto out;
+}
+}
+
 /* write note */
 s->note_buf = g_malloc0(s->note_size);
 s->note_buf_offset = 0;
-- 
2.13.0.91.g00982b8dd

[Qemu-devel] [PATCH v2 1/4] dump: add DumpInfo structure

[Marc-André Lureau]

One way or another, the guest could communicate various dump info (via
guest agent or vmcoreinfo device) and populate that structure. It can
then be used to augment the dump with various details, as done in the
following patch.

Signed-off-by: Marc-André Lureau 
---
 include/sysemu/dump-info.h | 18 ++
 dump.c |  3 +++
 2 files changed, 21 insertions(+)
 create mode 100644 include/sysemu/dump-info.h

diff --git a/include/sysemu/dump-info.h b/include/sysemu/dump-info.h
new file mode 100644
index 00..d2378e15e2
--- /dev/null
+++ b/include/sysemu/dump-info.h
@@ -0,0 +1,18 @@
+#ifndef DUMP_INFO_H
+#define DUMP_INFO_H
+
+typedef struct DumpInfo {
+bool received;
+/* kernel base address */
+bool has_phys_base;
+uint64_t phys_base;
+/* "_text" symbol location */
+bool has_text;
+uint64_t text;
+/* the content of /sys/kernel/vmcoreinfo on Linux */
+char *vmcoreinfo;
+} DumpInfo;
+
+extern DumpInfo dump_info;
+
+#endif /* DUMP_INFO_H */
diff --git a/dump.c b/dump.c
index d9090a24cc..bdf3270f02 100644
--- a/dump.c
+++ b/dump.c
@@ -20,6 +20,7 @@
 #include "monitor/monitor.h"
 #include "sysemu/kvm.h"
 #include "sysemu/dump.h"
+#include "sysemu/dump-info.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/memory_mapping.h"
 #include "sysemu/cpus.h"
@@ -38,6 +39,8 @@
 #define ELF_MACHINE_UNAME "Unknown"
 #endif
 
+DumpInfo dump_info = { 0, };
+
 uint16_t cpu_to_dump16(DumpState *s, uint16_t val)
 {
 if (s->dump_info.d_endian == ELFDATA2LSB) {
-- 
2.13.0.91.g00982b8dd

Re: [Qemu-devel] [PATCH v2 10/10] migration: Move include/migration/block.h into migration/

[Dr. David Alan Gilbert]

* Juan Quintela (quint...@redhat.com) wrote:
> All functions were internal, except blk_mig_init() that is exported in
> misc.h now.
> 
> Signed-off-by: Juan Quintela 

Reviewed-by: Dr. David Alan Gilbert 

> ---
>  include/migration/misc.h | 8 
>  migration/block.c| 3 ++-
>  {include/migration => migration}/block.h | 2 --
>  migration/colo.c | 2 +-
>  migration/migration.c| 2 +-
>  vl.c | 1 -
>  6 files changed, 12 insertions(+), 6 deletions(-)
>  rename {include/migration => migration}/block.h (93%)
> 
> diff --git a/include/migration/misc.h b/include/migration/misc.h
> index 0b37714..d7892b7 100644
> --- a/include/migration/misc.h
> +++ b/include/migration/misc.h
> @@ -18,4 +18,12 @@
>  
>  void ram_mig_init(void);
>  
> +/* migration/block.c */
> +
> +#ifdef CONFIG_LIVE_BLOCK_MIGRATION
> +void blk_mig_init(void);
> +#else
> +static inline void blk_mig_init(void) {}
> +#endif
> +
>  #endif
> diff --git a/migration/block.c b/migration/block.c
> index 3e27499..4d8c2e9 100644
> --- a/migration/block.c
> +++ b/migration/block.c
> @@ -23,7 +23,8 @@
>  #include "qemu/cutils.h"
>  #include "qemu/queue.h"
>  #include "qemu/timer.h"
> -#include "migration/block.h"
> +#include "block.h"
> +#include "migration/misc.h"
>  #include "migration/migration.h"
>  #include "sysemu/blockdev.h"
>  #include "qemu-file.h"
> diff --git a/include/migration/block.h b/migration/block.h
> similarity index 93%
> rename from include/migration/block.h
> rename to migration/block.h
> index 28cff53..22ebe94 100644
> --- a/include/migration/block.h
> +++ b/migration/block.h
> @@ -15,14 +15,12 @@
>  #define MIGRATION_BLOCK_H
>  
>  #ifdef CONFIG_LIVE_BLOCK_MIGRATION
> -void blk_mig_init(void);
>  int blk_mig_active(void);
>  uint64_t blk_mig_bytes_transferred(void);
>  uint64_t blk_mig_bytes_remaining(void);
>  uint64_t blk_mig_bytes_total(void);
>  
>  #else
> -static inline void blk_mig_init(void) { }
>  static inline int blk_mig_active(void)
>  {
>  return false;
> diff --git a/migration/colo.c b/migration/colo.c
> index 4f1f3b8..111b715 100644
> --- a/migration/colo.c
> +++ b/migration/colo.c
> @@ -18,7 +18,7 @@
>  #include "qemu-file.h"
>  #include "savevm.h"
>  #include "migration/colo.h"
> -#include "migration/block.h"
> +#include "block.h"
>  #include "io/channel-buffer.h"
>  #include "trace.h"
>  #include "qemu/error-report.h"
> diff --git a/migration/migration.c b/migration/migration.c
> index 1399c4b..bdd3f16 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -34,7 +34,7 @@
>  #include "qapi/util.h"
>  #include "qemu/sockets.h"
>  #include "qemu/rcu.h"
> -#include "migration/block.h"
> +#include "block.h"
>  #include "postcopy-ram.h"
>  #include "qemu/thread.h"
>  #include "qmp-commands.h"
> diff --git a/vl.c b/vl.c
> index 13deeba..80b86c0 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -86,7 +86,6 @@ int main(int argc, char **argv)
>  #include "qemu/log.h"
>  #include "sysemu/blockdev.h"
>  #include "hw/block/block.h"
> -#include "migration/block.h"
>  #include "migration/misc.h"
>  #include "migration/snapshot.h"
>  #include "sysemu/tpm.h"
> -- 
> 2.9.4
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH v2 0/4] dump: add vmcoreinfo note

[Marc-André Lureau]

Hi,

In previously sent series "[PATCH 00/21] WIP: dump: add kaslr support
(for after 2.9)", I proposed a qemu-ga change to provide kaslr-related
details to qemu, and other patches to append the vmcoreinfo note to
the various dump format and tools.

Although it remains still undecided how to pass the guest details to
qemu (the latest proposal is a vmcoreinfo ACPI device), we can still
review the rest of the series dealing with the dump and vmcoreinfo
note manipulation.

cheers

Marc-André Lureau (4):
  dump: add DumpInfo structure
  dump: add vmcoreinfo ELF note
  kdump: add vmcoreinfo
  scripts/dump-guest-memory.py: add vmcoreinfo

 scripts/dump-guest-memory.py |  52 
 include/sysemu/dump-info.h   |  18 +
 include/sysemu/dump.h|   2 +
 dump.c   | 184 ++-
 4 files changed, 252 insertions(+), 4 deletions(-)
 create mode 100644 include/sysemu/dump-info.h

-- 
2.13.0.91.g00982b8dd

[Qemu-devel] [PATCH v2 4/4] scripts/dump-guest-memory.py: add vmcoreinfo

[Marc-André Lureau]

Add vmcoreinfo ELF note if qemu dump_info has been populated.

Also modify it with NUMBER(phys_base)=.. if the guest doesn't provide
it (on older kernel).

Signed-off-by: Marc-André Lureau 
---
 scripts/dump-guest-memory.py | 52 
 1 file changed, 52 insertions(+)

diff --git a/scripts/dump-guest-memory.py b/scripts/dump-guest-memory.py
index f7c6635f15..a13f5d8b24 100644
--- a/scripts/dump-guest-memory.py
+++ b/scripts/dump-guest-memory.py
@@ -120,6 +120,33 @@ class ELF(object):
 self.segments[0].p_filesz += ctypes.sizeof(note)
 self.segments[0].p_memsz += ctypes.sizeof(note)
 
+
+def add_vmcoreinfo_note(self, vmcoreinfo, phys_base=None):
+"""Adds a vmcoreinfo note to the ELF."""
+chead = type(get_arch_note(self.endianness, 0, 0))
+header = chead.from_buffer_copy(vmcoreinfo[0:ctypes.sizeof(chead)])
+note = get_arch_note(self.endianness,
+ header.n_namesz - 1, header.n_descsz)
+ctypes.memmove(ctypes.pointer(note), vmcoreinfo, ctypes.sizeof(note))
+header_size = ctypes.sizeof(note) - header.n_descsz
+
+if phys_base:
+desc = bytearray(note.n_desc).decode().split()
+if not next((v for v in desc if 
v.startswith('NUMBER(phys_base)=')),
+False):
+desc.append('NUMBER(phys_base)=%ld' % phys_base)
+desc = "\n".join(desc) + '\n'
+descsz = (len(desc) + 3) // 4 * 4
+desc += '\0' * (descsz - len(desc))
+note = get_arch_note(self.endianness, header.n_namesz - 1, descsz)
+ctypes.memmove(ctypes.pointer(note), vmcoreinfo, header_size)
+note.n_descsz = descsz
+ctypes.memmove(note.n_desc, desc.encode(), descsz)
+
+self.notes.append(note)
+self.segments[0].p_filesz += ctypes.sizeof(note)
+self.segments[0].p_memsz += ctypes.sizeof(note)
+
 def add_segment(self, p_type, p_paddr, p_size):
 """Adds a segment to the elf."""
 
@@ -505,6 +532,30 @@ shape and this command should mostly work."""
 cur += chunk_size
 left -= chunk_size
 
+def add_vmcoreinfo(self):
+qemu_core = gdb.inferiors()[0]
+
+try:
+coreinfo = gdb.parse_and_eval("dump_info.vmcoreinfo")
+except gdb.error:
+return
+
+if coreinfo == 0:
+return
+
+phys_base = None
+has_phys_base = gdb.parse_and_eval("dump_info.has_phys_base")
+if has_phys_base:
+phys_base = int(gdb.parse_and_eval("dump_info.phys_base"))
+
+addr, size = [int(val, 16) for val in coreinfo.string().split()]
+for block in self.guest_phys_blocks:
+if block["target_start"] <= addr < block["target_end"]:
+haddr = block["host_addr"] + (addr - block["target_start"])
+vmcoreinfo = qemu_core.read_memory(haddr, size)
+self.elf.add_vmcoreinfo_note(vmcoreinfo.tobytes(), phys_base)
+return
+
 def invoke(self, args, from_tty):
 """Handles command invocation from gdb."""
 
@@ -518,6 +569,7 @@ shape and this command should mostly work."""
 
 self.elf = ELF(argv[1])
 self.guest_phys_blocks = get_guest_phys_blocks()
+self.add_vmcoreinfo()
 
 with open(argv[0], "wb") as vmcore:
 self.dump_init(vmcore)
-- 
2.13.0.91.g00982b8dd

Re: [Qemu-devel] [PATCH v4 3/8] vmdk: Rename get_cluster_offset() to vmdk_get_cluster_offset()

[Fam Zheng]

On Sat, 04/22 10:43, Ashijeet Acharya wrote:
> Rename the existing get_cluster_offset() to vmdk_get_cluster_offset()
> and update name in all the callers accordingly.
> 
> Signed-off-by: Ashijeet Acharya 

Reviewed-by: Fam Zheng 

[Qemu-devel] [PATCH v2 2/4] dump: add vmcoreinfo ELF note

[Marc-André Lureau]

Read vmcoreinfo note from guest memory when dump_info provides the
address, and write it as an ELF note in the dump.

NUMBER(phys_base) in vmcoreinfo has only been recently introduced in
Linux 4.10 ("kexec: export the value of phys_base instead of symbol
address"). To accomadate for older kernels, modify the vmcoreinfo to add
the new fields and help newer crash that will use it.

Signed-off-by: Marc-André Lureau 
---
 include/sysemu/dump.h |   2 +
 dump.c| 133 ++
 2 files changed, 135 insertions(+)

diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h
index 2672a15f8b..b8a7a1e41d 100644
--- a/include/sysemu/dump.h
+++ b/include/sysemu/dump.h
@@ -192,6 +192,8 @@ typedef struct DumpState {
   * this could be used to calculate
   * how much work we have
   * finished. */
+uint8_t *vmcoreinfo;
+size_t vmcoreinfo_size;
 } DumpState;
 
 uint16_t cpu_to_dump16(DumpState *s, uint16_t val);
diff --git a/dump.c b/dump.c
index bdf3270f02..6911ffad8b 100644
--- a/dump.c
+++ b/dump.c
@@ -27,6 +27,7 @@
 #include "qapi/qmp/qerror.h"
 #include "qmp-commands.h"
 #include "qapi-event.h"
+#include "qemu/error-report.h"
 
 #include 
 #ifdef CONFIG_LZO
@@ -88,6 +89,8 @@ static int dump_cleanup(DumpState *s)
 qemu_mutex_unlock_iothread();
 }
 }
+g_free(s->vmcoreinfo);
+s->vmcoreinfo = NULL;
 
 return 0;
 }
@@ -238,6 +241,19 @@ static inline int cpu_index(CPUState *cpu)
 return cpu->cpu_index + 1;
 }
 
+static void write_vmcoreinfo_note(WriteCoreDumpFunction f, DumpState *s,
+  Error **errp)
+{
+int ret;
+
+if (s->vmcoreinfo) {
+ret = f(s->vmcoreinfo, s->vmcoreinfo_size, s);
+if (ret < 0) {
+error_setg(errp, "dump: failed to write vmcoreinfo");
+}
+}
+}
+
 static void write_elf64_notes(WriteCoreDumpFunction f, DumpState *s,
   Error **errp)
 {
@@ -261,6 +277,8 @@ static void write_elf64_notes(WriteCoreDumpFunction f, 
DumpState *s,
 return;
 }
 }
+
+write_vmcoreinfo_note(f, s, errp);
 }
 
 static void write_elf32_note(DumpState *s, Error **errp)
@@ -306,6 +324,8 @@ static void write_elf32_notes(WriteCoreDumpFunction f, 
DumpState *s,
 return;
 }
 }
+
+write_vmcoreinfo_note(f, s, errp);
 }
 
 static void write_elf_section(DumpState *s, int type, Error **errp)
@@ -717,6 +737,50 @@ static int buf_write_note(const void *buf, size_t size, 
void *opaque)
 return 0;
 }
 
+static void get_note_sizes(DumpState *s, const void *note,
+   uint64_t *note_head_size,
+   uint64_t *name_size,
+   uint64_t *desc_size)
+{
+uint64_t note_head_sz;
+uint64_t name_sz;
+uint64_t desc_sz;
+
+if (s->dump_info.d_class == ELFCLASS64) {
+const Elf64_Nhdr *hdr = note;
+note_head_sz = sizeof(Elf64_Nhdr);
+name_sz = hdr->n_namesz;
+desc_sz = hdr->n_descsz;
+} else {
+const Elf32_Nhdr *hdr = note;
+note_head_sz = sizeof(Elf32_Nhdr);
+name_sz = hdr->n_namesz;
+desc_sz = hdr->n_descsz;
+}
+
+if (note_head_size) {
+*note_head_size = note_head_sz;
+}
+if (name_size) {
+*name_size = name_sz;
+}
+if (desc_size) {
+*desc_size = desc_sz;
+}
+}
+
+static void set_note_desc_size(DumpState *s, void *note,
+   uint64_t desc_size)
+{
+if (s->dump_info.d_class == ELFCLASS64) {
+Elf64_Nhdr *hdr = note;
+hdr->n_descsz = desc_size;
+} else {
+Elf32_Nhdr *hdr = note;
+hdr->n_descsz = desc_size;
+}
+}
+
 /* write common header, sub header and elf note to vmcore */
 static void create_header32(DumpState *s, Error **errp)
 {
@@ -1491,6 +1555,42 @@ static int64_t dump_calculate_size(DumpState *s)
 return total;
 }
 
+static void vmcoreinfo_add_phys_base(DumpState *s)
+{
+uint64_t size, note_head_size, name_size;
+char **lines, *physbase = NULL;
+uint8_t *newvmci, *vmci;
+size_t i;
+
+get_note_sizes(s, s->vmcoreinfo, ¬e_head_size, &name_size, &size);
+note_head_size = ((note_head_size + 3) / 4) * 4;
+name_size = ((name_size + 3) / 4) * 4;
+vmci = s->vmcoreinfo + note_head_size + name_size;
+*(vmci + size) = '\0';
+lines = g_strsplit((char *)vmci, "\n", -1);
+for (i = 0; lines[i]; i++) {
+if (g_str_has_prefix(lines[i], "NUMBER(phys_base)=")) {
+goto end;
+}
+}
+
+physbase = g_strdup_printf("\nNUMBER(phys_base)=%ld",
+   s->dump_info.phys_base);
+s->vmcoreinfo_size =
+((note_head_size + name_size + size + strlen(physbase) + 3) / 4) * 4;
+
+newvmci = g_malloc(s->vmcoreinfo_size);
+memcpy(newvmci, s->vmcorei

Re: [Qemu-devel] [PATCH v4 5/8] vmdk: Set maximum bytes allocated in one cycle

[Fam Zheng]

On Sat, 04/22 10:43, Ashijeet Acharya wrote:
> Set the maximum bytes allowed to get allocated at once to be not more
> than the extent size boundary to handle writes at two separate extents
> appropriately.
> 
> Signed-off-by: Ashijeet Acharya 
> ---
>  block/vmdk.c | 13 +++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/block/vmdk.c b/block/vmdk.c
> index 4cee868..7862791 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -1624,6 +1624,7 @@ static int vmdk_pwritev(BlockDriverState *bs, uint64_t 
> offset,
>  uint64_t cluster_offset;
>  uint64_t bytes_done = 0;
>  VmdkMetaData m_data;
> +uint64_t extent_end;
>  
>  if (DIV_ROUND_UP(offset, BDRV_SECTOR_SIZE) > bs->total_sectors) {
>  error_report("Wrong offset: offset=0x%" PRIx64
> @@ -1637,9 +1638,17 @@ static int vmdk_pwritev(BlockDriverState *bs, uint64_t 
> offset,
>  if (!extent) {
>  return -EIO;
>  }
> +extent_end = extent->end_sector * BDRV_SECTOR_SIZE;
> +
>  offset_in_cluster = vmdk_find_offset_in_cluster(extent, offset);
> -n_bytes = MIN(bytes, extent->cluster_sectors * BDRV_SECTOR_SIZE
> - - offset_in_cluster);
> +
> +/* truncate n_bytes to first cluster because we need to perform COW 
> */
> +if (offset_in_cluster > 0) {
> +n_bytes = MIN(bytes, extent->cluster_sectors * BDRV_SECTOR_SIZE
> + - offset_in_cluster);
> +} else {
> +n_bytes = MIN(bytes, extent_end - offset);
> +}
>  
>  ret = vmdk_get_cluster_offset(bs, extent, &m_data, offset,
>!(extent->compressed || zeroed),
> -- 
> 2.6.2
> 

Reviewed-by: Fam Zheng 

Re: [Qemu-devel] [PATCHv4 0/5] Clean up compatibility mode handling

[Greg Kurz]

On Thu, 1 Jun 2017 13:59:14 +0200
Cédric Le Goater  wrote:

> On 06/01/2017 08:52 AM, David Gibson wrote:
> > On Wed, May 31, 2017 at 10:58:57AM +0200, Greg Kurz wrote:  
> >> On Wed, 31 May 2017 12:57:48 +1000
> >> David Gibson  wrote:  
> >>> [...]  
>  All old non-pseries machine types already complain when started with
>  a POWER7 or newer CPU. Providing the extra error message looks weird:
> 
>  qemu-system-ppc64 -machine ppce500 \
>    -cpu POWER7,compat=power6
>  qemu-system-ppc64: CPU 'compat' property is deprecated and has no effect;
>   use max-cpu-compat machine property instead
>  MMU model 983043 not supported by this machine.
> 
>  but I guess it's better than crashing. :)
> >>>
> >>> Well, sure POWER7 doesn't make sense for an e500 machine for other
> >>> reasons.  But POWER7 or POWER8 _would_ make sense for powernv, where
> >>> compat= doesn't.
> >>>  
> >>
> >> The powernv machine type doesn't even support CPU features at all:
> >>
> >> chip_typename = g_strdup_printf(TYPE_PNV_CHIP "-%s", 
> >> machine->cpu_model);
> >> if (!object_class_by_name(chip_typename)) {
> >> error_report("invalid CPU model '%s' for %s machine",
> >>  machine->cpu_model, MACHINE_GET_CLASS(machine)->name);
> >> exit(1);
> >> }  
> > 
> > Ah, well, that's another bug, but not one that's in scope for this
> > series.  
> 
> PowerNV is still work in progress. I would not worry about it too much.
> 

Of course and this isn't the purpose of the discussion actually. We were
talking about CPU features being relevant or not depending on the machine
type.

But I'm not even sure that CPU features are useful at all for ppc, not to
say very confusing (otherwise this series wouldn't be needed for example).

Speaking of PowerNV, just as an example, I guess the fix would be to
forbid machine->cpu_model if it contains features. And probably the same
for all other machine types, except pseries for backward compatibility
reasons.

> C. 
> 



pgpVnLtR7uUVW.pgp
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 1/1] coroutine-lock: do not touch coroutine after another one has been entered

[Stefan Hajnoczi]

On Wed, May 31, 2017 at 03:23:25PM +0200, Roman Penyaev wrote:
> On Wed, May 31, 2017 at 3:06 PM, Stefan Hajnoczi  wrote:
> > On Tue, May 30, 2017 at 12:07:36PM +0200, Roman Pen wrote:
> >> diff --git a/util/qemu-coroutine-lock.c b/util/qemu-coroutine-lock.c
> >> index 6328eed26bc6..d589d8c66d5e 100644
> >> --- a/util/qemu-coroutine-lock.c
> >> +++ b/util/qemu-coroutine-lock.c
> >> @@ -77,10 +77,20 @@ void coroutine_fn qemu_co_queue_wait(CoQueue *queue, 
> >> CoMutex *mutex)
> >>  void qemu_co_queue_run_restart(Coroutine *co)
> >>  {
> >>  Coroutine *next;
> >> +QSIMPLEQ_HEAD(, Coroutine) tmp_queue_wakeup =
> >> +QSIMPLEQ_HEAD_INITIALIZER(tmp_queue_wakeup);
> >>
> >>  trace_qemu_co_queue_run_restart(co);
> >> -while ((next = QSIMPLEQ_FIRST(&co->co_queue_wakeup))) {
> >> -QSIMPLEQ_REMOVE_HEAD(&co->co_queue_wakeup, co_queue_next);
> >> +
> >> +/* Because "co" has yielded, any coroutine that we wakeup can resume 
> >> it.
> >> + * If this happens and "co" terminates, co->co_queue_wakeup becomes
> >> + * invalid memory.  Therefore, use a temporary queue and do not touch
> >> + * the "co" coroutine as soon as you enter another one.
> >> + */
> >> +QSIMPLEQ_CONCAT(&tmp_queue_wakeup, &co->co_queue_wakeup);
> >> +
> >> +while ((next = QSIMPLEQ_FIRST(&tmp_queue_wakeup))) {
> >> +QSIMPLEQ_REMOVE_HEAD(&tmp_queue_wakeup, co_queue_next);
> >>  qemu_coroutine_enter(next);
> >>  }
> >>  }
> >
> > What happens if co remains alive and qemu_coroutine_enter(next) causes
> > additional coroutines to add themselves to co->co_queue_wakeup?
> 
> Yeah, I thought about it.  But according to my understanding the only
> path where you add something to the tail of a queue is:
> 
> void aio_co_enter(AioContext *ctx, struct Coroutine *co)
> {
> ...
>if (qemu_in_coroutine()) {
> Coroutine *self = qemu_coroutine_self();
> assert(self != co);
> QSIMPLEQ_INSERT_TAIL(&self->co_queue_wakeup, co,
> co_queue_next);  HERE
> 
> So you should be in *that* coroutine to chain other coroutines.
> That means that caller of your 'co' will be responsible to complete
> what it has in the list.  Something like that:
> 
> 
> co1 YIELDED,
> foreach co in co1.queue{co2}
>enter(co) -->  co2 does something and
>   eventually enter(co1):  -> co1 does
> something and
>  add co4
> to the queue
>  terminates
>   <-
>   co2 iterates over the queue of co1 and
>foreach co in co1.queue{co4}
> 
> 
> Sorry, the explanation is totally crap, but the key is:
> caller is responsible for cleaning the queue no matter what
> happens.  Sounds sane?

Yes, that makes sense.  A comment in the code would be helpful.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-block] [PATCH v2 06/16] backup: Request BLK_PERM_AIO_CONTEXT_CHANGE on target

[Stefan Hajnoczi]

On Wed, May 31, 2017 at 05:57:46PM +0800, Fam Zheng wrote:
> On Wed, 05/31 10:39, Stefan Hajnoczi wrote:
> > On Wed, May 24, 2017 at 10:18:44AM +0800, Fam Zheng wrote:
> > > On Thu, 05/11 15:41, Stefan Hajnoczi wrote:
> > > > On Wed, Apr 19, 2017 at 05:43:46PM +0800, Fam Zheng wrote:
> > > > > What's done in the source's context change notifier is moving the
> > > > > target's context to follow the new one, so we request this permission
> > > > > here.
> > > > 
> > > > It's true that the backup block job must be able to set target's
> > > > AioContext, but does this change also allow other users to set target's
> > > > AioContext while the backup job is running?  If yes, then we need to
> > > > handle that.
> > > 
> > > If through job->target, yes, but I don't think there is any user of 
> > > job->target.
> > > Otherwise, it's not allowed, because the second parameter of blk_new 
> > > doesn't
> > > have BLK_PERM_AIO_CONTEXT_CHANGE.
> > > 
> > > So it's okay.
> > 
> > What about blockdev-backup?  It allows the user to specify 'target'.
> > Therefore the user can also run other monitor commands on target.  Some
> > of them could change the AioContext and the backup job wouldn't know!
> 
> That will be rejected.
> 
> The contract is that any code that wants to change the AioContext of a BDS, in
> this case the "target BDS", must do this:
> 
> 1) create its own BB with perm.BLK_PERM_AIO_CONTEXT_CHANGE
> 
> 2) attach BDS to this BB
> 
> 3) call blk_set_aio_context and change the AioContext
> 
> This is basically how all users of a BDS coordinate through Kevin's new op
> blocker API, and in your concerned case, when a user runs a second monitor
> command that changes AioContext, step 2 will fail, because as in this patch, 
> the
> first job->target BB didn't set shared_perm.BLK_PERM_AIO_CONTEXT_CHANGE.

I was wondering how that works since do_blockdev_backup() does not use
BB to access target, but it does check whether a BB is already attached:

target_bs = bdrv_lookup_bs(backup->target, backup->target, errp);
if (!target_bs) {
goto out;
}

if (bdrv_get_aio_context(target_bs) != aio_context) {
if (!bdrv_has_blk(target_bs)) {   <- fails when job is running
/* The target BDS is not attached, we can safely move it to another
 * AioContext. */
bdrv_set_aio_context(target_bs, aio_context);
} else {
error_setg(errp, "Target is attached to a different thread from "
 "source.");
goto out;
}
}

Thanks!


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH 1/4] spapr: Move DRC RTAS calls into spapr_drc.c

[Laurent Vivier]

On 01/06/2017 03:52, David Gibson wrote:
> Currently implementations of the RTAS calls related to DRCs are in
> spapr_rtas.c.  They belong better in spapr_drc.c - that way they're closer
> to related code, and we'll be able to make some more things local.
> 
> spapr_rtas.c was intended to contain the RTAS infrastructure and core calls
> that don't belong anywhere else, not every RTAS implementation.
> 
> Code motion only.
> 
> Signed-off-by: David Gibson 
> ---
>  hw/ppc/spapr_drc.c  | 322 
> ++--
>  hw/ppc/spapr_rtas.c | 304 -
>  2 files changed, 315 insertions(+), 311 deletions(-)
> 
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index cc2400b..ae8800d 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -27,6 +27,34 @@
>  #define DRC_INDEX_TYPE_SHIFT 28
>  #define DRC_INDEX_ID_MASK ((1ULL << DRC_INDEX_TYPE_SHIFT) - 1)
>  
> +static sPAPRConfigureConnectorState *spapr_ccs_find(sPAPRMachineState *spapr,
> +uint32_t drc_index)
> +{
> +sPAPRConfigureConnectorState *ccs = NULL;
> +
> +QTAILQ_FOREACH(ccs, &spapr->ccs_list, next) {
> +if (ccs->drc_index == drc_index) {
> +break;
> +}
> +}
> +
> +return ccs;
> +}
> +
> +static void spapr_ccs_add(sPAPRMachineState *spapr,
> +  sPAPRConfigureConnectorState *ccs)
> +{
> +g_assert(!spapr_ccs_find(spapr, ccs->drc_index));
> +QTAILQ_INSERT_HEAD(&spapr->ccs_list, ccs, next);
> +}
> +
> +static void spapr_ccs_remove(sPAPRMachineState *spapr,
> + sPAPRConfigureConnectorState *ccs)
> +{
> +QTAILQ_REMOVE(&spapr->ccs_list, ccs, next);
> +g_free(ccs);
> +}
> +
>  static sPAPRDRConnectorTypeShift get_type_shift(sPAPRDRConnectorType type)
>  {
>  uint32_t shift = 0;
> @@ -747,13 +775,6 @@ static const TypeInfo spapr_dr_connector_info = {
>  .class_init= spapr_dr_connector_class_init,
>  };
>  
> -static void spapr_drc_register_types(void)
> -{
> -type_register_static(&spapr_dr_connector_info);
> -}
> -
> -type_init(spapr_drc_register_types)
> -
>  /* helper functions for external users */
>  
>  sPAPRDRConnector *spapr_dr_connector_by_index(uint32_t index)
> @@ -932,3 +953,290 @@ out:
>  
>  return ret;
>  }
> +
> +/*
> + * RTAS calls
> + */
> +
> +static bool sensor_type_is_dr(uint32_t sensor_type)
> +{
> +switch (sensor_type) {
> +case RTAS_SENSOR_TYPE_ISOLATION_STATE:
> +case RTAS_SENSOR_TYPE_DR:
> +case RTAS_SENSOR_TYPE_ALLOCATION_STATE:
> +return true;
> +}
> +
> +return false;
> +}
> +
> +static void rtas_set_indicator(PowerPCCPU *cpu, sPAPRMachineState *spapr,
> +   uint32_t token, uint32_t nargs,
> +   target_ulong args, uint32_t nret,
> +   target_ulong rets)
> +{
> +uint32_t sensor_type;
> +uint32_t sensor_index;
> +uint32_t sensor_state;
> +uint32_t ret = RTAS_OUT_SUCCESS;
> +sPAPRDRConnector *drc;
> +sPAPRDRConnectorClass *drck;
> +
> +if (nargs != 3 || nret != 1) {
> +ret = RTAS_OUT_PARAM_ERROR;
> +goto out;
> +}
> +
> +sensor_type = rtas_ld(args, 0);
> +sensor_index = rtas_ld(args, 1);
> +sensor_state = rtas_ld(args, 2);
> +
> +if (!sensor_type_is_dr(sensor_type)) {
> +goto out_unimplemented;
> +}
> +
> +/* if this is a DR sensor we can assume sensor_index == drc_index */
> +drc = spapr_dr_connector_by_index(sensor_index);
> +if (!drc) {
> +trace_spapr_rtas_set_indicator_invalid(sensor_index);
> +ret = RTAS_OUT_PARAM_ERROR;
> +goto out;
> +}
> +drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
> +
> +switch (sensor_type) {
> +case RTAS_SENSOR_TYPE_ISOLATION_STATE:
> +/* if the guest is configuring a device attached to this
> + * DRC, we should reset the configuration state at this
> + * point since it may no longer be reliable (guest released
> + * device and needs to start over, or unplug occurred so
> + * the FDT is no longer valid)
> + */
> +if (sensor_state == SPAPR_DR_ISOLATION_STATE_ISOLATED) {
> +sPAPRConfigureConnectorState *ccs = spapr_ccs_find(spapr,
> +   sensor_index);
> +if (ccs) {
> +spapr_ccs_remove(spapr, ccs);
> +}
> +}
> +ret = drck->set_isolation_state(drc, sensor_state);
> +break;
> +case RTAS_SENSOR_TYPE_DR:
> +ret = drck->set_indicator_state(drc, sensor_state);
> +break;
> +case RTAS_SENSOR_TYPE_ALLOCATION_STATE:
> +ret = drck->set_allocation_state(drc, sensor_state);
> +break;
> +default:
> +goto out_unimplemented;
> +}
> +
> +out:
> +rtas_st(rets, 0, ret);
> +   

Re: [Qemu-devel] [Qemu-ppc] [PATCH 0/4] spapr:DRC cleanups (part I)

[Daniel Henrique Barboza]

On 05/31/2017 10:52 PM, David Gibson wrote:

The code managing DRCs[0] has quite a few things that are more
complicated than they need to be.  In particular the object
representing a DRC has a bunch of method pointers, despite the fact
that there are currently no subclasses, and even if there were the
method implementations would be unlikely to differ.

This appears to be a misguided attempt to "abstract" or hide things in
a way which is bureaucraticl, rather than meaningful.  We may have an
object model, but we don't have to adopt Java's kingdom-of-nouns
nonsense[1].

This series makes a start on simplifying things.  There's still plenty
more, but you have to start somewhere.

[0] "Dynamic Reconfiguration Connectors" a firmware abstraction used
 in hotplug operations
[1] 
https://steve-yegge.blogspot.com.au/2006/03/execution-in-kingdom-of-nouns.html

David Gibson (4):
   spapr: Move DRC RTAS calls into spapr_drc.c
   spapr: Abolish DRC get_fdt method
   spapr: Abolish DRC set_configured method
   spapr: Make DRC get_index and get_type methods into plain functions

  hw/ppc/spapr.c |  13 +-
  hw/ppc/spapr_drc.c | 404 ++---
  hw/ppc/spapr_events.c  |  10 +-
  hw/ppc/spapr_pci.c |   4 +-
  hw/ppc/spapr_rtas.c| 304 --
  hw/ppc/trace-events|   2 -
  include/hw/ppc/spapr_drc.h |   9 +-
  7 files changed, 355 insertions(+), 391 deletions(-)


Tested-by: Daniel Barboza 

Re: [Qemu-devel] [PATCH 01/12] migration: Introduce announce parameters

[Vlad Yasevich]

On 06/01/2017 03:02 AM, Jason Wang wrote:
> 
> 
> On 2017年05月31日 02:57, Dr. David Alan Gilbert wrote:
>> * Vlad Yasevich (vyase...@redhat.com) wrote:
>>> On 05/26/2017 12:03 AM, Jason Wang wrote:
 On 2017年05月25日 02:05, Vladislav Yasevich wrote:
> Add parameters that control RARP/GARP announcement timeouts.
> The parameters structure is added to the QAPI and a qmp command
> is added to set/get the parameter data.
>
> Based on work by "Dr. David Alan Gilbert"
>
> Signed-off-by: Vladislav Yasevich
 I think it's better to explain e.g under which condition do we need to 
 tweak such
 parameters.

 Thanks

>>> OK.  I'll rip off what dgilbert wrote in his original series for the 
>>> description.
>>>
>>> Dave, if you have any text to add as to why migration might need to tweak 
>>> this, I'd
>>> appreciate it.
>> Pretty much what I originally said;  that the existing values
>> are arbitrary and fixed, and for systems with complex/sluggish
>> network reconfiguration systems they can be too slow.
>>
>> Dave
>>
> 
> I agree, but I'm not sure how much it can help in fact unless management can 
> set
> configuration specific parameters. And what we did here is best effort, 
> there's no
> guarantee that G(R)ARP packet can reach the destination.
> 

So, that's what the series allows.  If management knows something new, it can 
set
appropriate parameter values.  Additionally, the management is also free to 
trigger
additional announcements through the new commands.

I am starting to think that just for the sake of migration, exposing 
announce_self
interface to management might be sufficient.  Management, when it deems 
migration
complete, may use the interface to trigger announcements in addition to whatever
best effort QEMU may attempt itself.

Dave, would that be enough, or do the parameters still make sense?

Thanks
-vlad

Re: [Qemu-devel] [RESEND PATCH 1/2] nvdimm: warn if the backend is not a DAX device

[Dan Williams]

[ adding linux-fsdevel ]

On Thu, Jun 1, 2017 at 5:00 AM, Xiao Guangrong  wrote:
>
>
> On 05/26/2017 10:32 AM, Haozhong Zhang wrote:
>
>> +static void nvdimm_check_dax(HostMemoryBackend *hostmem)
>> +{
>> +char *mem_path =
>> +object_property_get_str(OBJECT(hostmem), "mem-path", NULL);
>> +char *dev_name = NULL, *sysfs_path = NULL;
>> +bool is_dax = false;
>> +
>> +if (!mem_path) {
>> +goto out;
>> +}
>> +
>> +if (!g_str_has_prefix(mem_path, "/dev/dax")) {
>> +goto out;
>> +}
>> +
>> +dev_name = mem_path + strlen("/dev/");
>> +sysfs_path = g_strdup_printf("/sys/class/dax/%s", dev_name);
>> +if (access(sysfs_path, F_OK)) {
>> +goto out;
>> +}
>> +
>> +is_dax = true;
>> +
>
>
> So only dax raw disk has write-persistence guaranty， a pre-allocated
> file which locates on a DAX-enabled filesystem can not?

Correct, it is not guaranteed by any existing filesystem. It may work
by accident today on ext4 with a pre-allocated file, but a filesystem
is otherwise permitted to drop any writes that have not been synced.
Until we get an explicit MMAP_SYNC or METADATA_IMMUTABLE feature into
a filesystem the only interface that we can use to reliably pass
persistent memory through to a guest is device-dax.

[Qemu-devel] [PATCH] virtio: add virtqueue_alloc_element tracepoint

[Paolo Bonzini]

This tracepoint can help diagnosing failures due to memory
fragmentation in the guest.

Signed-off-by: Paolo Bonzini 
---
 hw/virtio/trace-events | 1 +
 hw/virtio/virtio.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/hw/virtio/trace-events b/hw/virtio/trace-events
index 1f7a7c1ae1..e24d8fa997 100644
--- a/hw/virtio/trace-events
+++ b/hw/virtio/trace-events
@@ -1,6 +1,7 @@
 # See docs/tracing.txt for syntax documentation.
 
 # hw/virtio/virtio.c
+virtqueue_alloc_element(void *elem, size_t sz, unsigned in_num, unsigned 
out_num) "elem %p size %zd in_num %u out_num %u"
 virtqueue_fill(void *vq, const void *elem, unsigned int len, unsigned int idx) 
"vq %p elem %p len %u idx %u"
 virtqueue_flush(void *vq, unsigned int count) "vq %p count %u"
 virtqueue_pop(void *vq, void *elem, unsigned int in_num, unsigned int out_num) 
"vq %p elem %p in_num %u out_num %u"
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 890b4d7eb7..286446b261 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -816,6 +816,7 @@ static void *virtqueue_alloc_element(size_t sz, unsigned 
out_num, unsigned in_nu
 
 assert(sz >= sizeof(VirtQueueElement));
 elem = g_malloc(out_sg_end);
+trace_virtqueue_alloc_element(elem, sz, in_num, out_num);
 elem->out_num = out_num;
 elem->in_num = in_num;
 elem->in_addr = (void *)elem + in_addr_ofs;
-- 
2.13.0

Re: [Qemu-devel] [PATCH v2 3/6] vhost: extend ring information update for IOTLB to all rings

[Michael S. Tsirkin]

On Tue, May 30, 2017 at 11:06:54PM +0200, Maxime Coquelin wrote:
> Hi Michael,
> 
> On 05/30/2017 08:12 PM, Michael S. Tsirkin wrote:
> > On Fri, May 26, 2017 at 04:28:55PM +0200, Maxime Coquelin wrote:
> > > Vhost-kernel backend need
> > 
> > needs
> > 
> > > to receive IOTLB entry for used ring
> > > information early, which is done by triggering a miss event on
> > > its address.
> > > 
> > > This patch extends this behaviour to all rings information, to be
> > > compatible with vhost-user backend design.
> > 
> > Why does vhost-user need it though?
> 
> For vhost-user, this simplifies the backend design because generally,
> the backend sends IOTLB miss requests from processing threads through
> the slave channel, and receives resulting IOTLB updates in vhost-user
> protocol thread.
> 
> The only exception is for these rings info, where IOTLB miss requests
> are sent from vhost-user protocol thread (in the SET_VRING_ENABLE
> request handler), so the resulting IOTLB update is only handled by
> the backend when the rings are enabled, which is too late.
> 
> It could be possible to overcome this issue, but I think it would
> make the design more complex or less efficient. I see several options:
> 
> 1. Change the IOTLB miss request so that the master sends the IOTLB
> update as reply, instead of the reply-ack. It would mean that IOTLB
> updates/invalidations would be sent either via the master channel or
> the slave channel. On QEMU side, it means diverging from kernel backend
> implementation. On backend side, it means having possibly multiple
> threads writing to the IOTLB cache.
> 
> 2. In vhost-user protocol thread, when handling SET_VRING_ENABLE, send
> IOTLB miss request without setting the reply-ack flag, and poll the
> vhost-user socket to read the resulting IOTLB update. The problem is
> that other requests could be pending in the socket's buffer, and so it
> would end-up nesting multiple requests handling.
> 
> 3. Don't interpret rings info in the vhost-user protocol thread, but
> only in the processing threads. The advantage is that it would address
> the remark you made on patch 6 that invalidates are not affecting ring
> info. The downside being the overhead induced by checking whether the
> ring info are valid every time it is being used. I haven't prototyped
> this solution, but I expected the performance regression to be a
> blocker.
> 
> 4. In SET_VRING_ENABLE, don't enable the ring if needed entries are not in
> IOTLB cache. Just send the IOTLB misses without reply-ack flag and postpone
> enable when handling IOTLB updates. It will be a little more complex
> solution than current one, but it may be the less impacting compared to the
> other 3 options.
> 
> 
> Thinking again, maybe trying solution would be worth the effort, and could
> be extended also to disable the rings when receiving invalidates
> that affect rings info.
> 
> What do you think?

I'm fine with 3 or 4 generally. But pls note that if the ring crosses a
page boundary (e.g. ring size > page size) and when not using
hugetlbfs, there is no guarantee a single DMA address covers the
whole ring.

> > 
> > > 
> > > Signed-off-by: Maxime Coquelin 
> > > ---
> > > v2:
> > >   - Revert back to existing behaviour, i.e. only send IOTLB updates
> > > at ring enablement time, not at ring address setting time (mst).
> > >   - Extend IOTLB misses to all ring addresses, not only used ring.
> > > 
> > >   hw/virtio/vhost.c | 8 ++--
> > >   1 file changed, 6 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
> > > index 6eddb09..7867034 100644
> > > --- a/hw/virtio/vhost.c
> > > +++ b/hw/virtio/vhost.c
> > > @@ -1552,11 +1552,15 @@ int vhost_dev_start(struct vhost_dev *hdev, 
> > > VirtIODevice *vdev)
> > >   if (vhost_dev_has_iommu(hdev)) {
> > >   hdev->vhost_ops->vhost_set_iotlb_callback(hdev, true);
> > > -/* Update used ring information for IOTLB to work correctly,
> > > - * vhost-kernel code requires for this.*/
> > > +/*
> > > + * Update rings information for IOTLB to work correctly,
> > > + * vhost-kernel and vhost-user codes require for this.
> > 
> > Better just say "Update ring info for vhost iotlb."
> > 
> > The rest isn't really informative.
> 
> Ok.
> 
> > 
> > 
> > 
> > > + */
> > >   for (i = 0; i < hdev->nvqs; ++i) {
> > >   struct vhost_virtqueue *vq = hdev->vqs + i;
> > >   vhost_device_iotlb_miss(hdev, vq->used_phys, true);
> > > +vhost_device_iotlb_miss(hdev, vq->desc_phys, true);
> > > +vhost_device_iotlb_miss(hdev, vq->avail_phys, true);
> > 
> > So I don't remember why does vhost in kernel want miss on used
> > at start time.
> > 
> > Jason, could you comment on this please?
> > 
> > 
> > 
> > >   }
> > >   }
> > >   return 0;
> > > -- 
> > > 2.9.4
> 
> Thanks,
> Maxime

Re: [Qemu-devel] [PATCH v2 3/6] vhost: extend ring information update for IOTLB to all rings

[Michael S. Tsirkin]

On Wed, May 31, 2017 at 05:20:21PM +0200, Maxime Coquelin wrote:
> Hi Michael,
> 
> On 05/30/2017 11:11 PM, Maxime Coquelin wrote:
> > 
> > 
> > On 05/30/2017 11:06 PM, Maxime Coquelin wrote:
> > > Hi Michael,
> > > 
> > > On 05/30/2017 08:12 PM, Michael S. Tsirkin wrote:
> > > > On Fri, May 26, 2017 at 04:28:55PM +0200, Maxime Coquelin wrote:
> > > > > Vhost-kernel backend need
> > > > 
> > > > needs
> > > > 
> > > > > to receive IOTLB entry for used ring
> > > > > information early, which is done by triggering a miss event on
> > > > > its address.
> > > > > 
> > > > > This patch extends this behaviour to all rings information, to be
> > > > > compatible with vhost-user backend design.
> > > > 
> > > > Why does vhost-user need it though?
> > > 
> > > For vhost-user, this simplifies the backend design because generally,
> > > the backend sends IOTLB miss requests from processing threads through
> > > the slave channel, and receives resulting IOTLB updates in vhost-user
> > > protocol thread.
> > > 
> > > The only exception is for these rings info, where IOTLB miss requests
> > > are sent from vhost-user protocol thread (in the SET_VRING_ENABLE
> > > request handler), so the resulting IOTLB update is only handled by
> > > the backend when the rings are enabled, which is too late.
> > > 
> > > It could be possible to overcome this issue, but I think it would
> > > make the design more complex or less efficient. I see several options:
> > > 
> > > 1. Change the IOTLB miss request so that the master sends the IOTLB
> > > update as reply, instead of the reply-ack. It would mean that IOTLB
> > > updates/invalidations would be sent either via the master channel or
> > > the slave channel. On QEMU side, it means diverging from kernel backend
> > > implementation. On backend side, it means having possibly multiple
> > > threads writing to the IOTLB cache.
> > > 
> > > 2. In vhost-user protocol thread, when handling SET_VRING_ENABLE, send
> > > IOTLB miss request without setting the reply-ack flag, and poll the
> > > vhost-user socket to read the resulting IOTLB update. The problem is
> > > that other requests could be pending in the socket's buffer, and so it
> > > would end-up nesting multiple requests handling.
> > > 
> > > 3. Don't interpret rings info in the vhost-user protocol thread, but
> > > only in the processing threads. The advantage is that it would address
> > > the remark you made on patch 6 that invalidates are not affecting ring
> > > info. The downside being the overhead induced by checking whether the
> > > ring info are valid every time it is being used. I haven't prototyped
> > > this solution, but I expected the performance regression to be a
> > > blocker.
> > > 
> > > 4. In SET_VRING_ENABLE, don't enable the ring if needed entries are
> > > not in IOTLB cache. Just send the IOTLB misses without reply-ack
> > > flag and postpone enable when handling IOTLB updates. It will be a
> > > little more complex solution than current one, but it may be the
> > > less impacting compared to the other 3 options.
> > > 
> > > 
> > > Thinking again, maybe trying solution would be worth the effort, and
> > 
> > s/solution/solution 4/
> > 
> > > could be extended also to disable the rings when receiving invalidates
> > > that affect rings info.
> > > 
> > > What do you think?
> 
> I have made some tests to see if solution 4 would work, and while it
> could work most of the times, it is really fragile as deadlock would
> happen if either slave or master sockets buffers are full. This is issue
> also impact solution 1 above.
> 
> Regards,
> Maxime

Pls try 3 above. I don't see why would a single conditional
branch be so expensive.

Re: [Qemu-devel] [PATCH v4 6/8] vmdk: New functions to assist allocating multiple clusters

[Fam Zheng]

On Sat, 04/22 10:43, Ashijeet Acharya wrote:
> Introduce two new helper functions handle_alloc() and
> vmdk_alloc_cluster_offset(). handle_alloc() helps to allocate multiple
> clusters at once starting from a given offset on disk and performs COW
> if necessary for first and last allocated clusters.
> vmdk_alloc_cluster_offset() helps to return the offset of the first of
> the many newly allocated clusters. Also, provide proper documentation
> for both.
> 
> Signed-off-by: Ashijeet Acharya 
> ---
>  block/vmdk.c | 192 
> +++
>  1 file changed, 182 insertions(+), 10 deletions(-)
> 
> diff --git a/block/vmdk.c b/block/vmdk.c
> index 7862791..8d34cd9 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -136,6 +136,7 @@ typedef struct VmdkMetaData {
>  unsigned int l2_offset;
>  int valid;
>  uint32_t *l2_cache_entry;
> +uint32_t nb_clusters;
>  } VmdkMetaData;
>  
>  typedef struct VmdkGrainMarker {
> @@ -1242,6 +1243,174 @@ static int get_cluster_table(VmdkExtent *extent, 
> uint64_t offset,
>  return VMDK_OK;
>  }
>  
> +/*
> + * handle_alloc
> + *
> + * Allocate new clusters for an area that either is yet unallocated or needs 
> a
> + * copy on write. If *cluster_offset is non_zero, clusters are only 
> allocated if
> + * the new allocation can match the specified host offset.
> + *
> + * Returns:
> + *   VMDK_OK:   if new clusters were allocated, *bytes may be decreased 
> if
> + *  the new allocation doesn't cover all of the requested 
> area.
> + *  *cluster_offset is updated to contain the offset of the
> + *  first newly allocated cluster.
> + *
> + *   VMDK_UNALLOC:  if no clusters could be allocated. *cluster_offset is 
> left
> + *  unchanged.
> + *
> + *   VMDK_ERROR:in error cases
> + */
> +static int handle_alloc(BlockDriverState *bs, VmdkExtent *extent,
> +uint64_t offset, uint64_t *cluster_offset,
> +int64_t *bytes, VmdkMetaData *m_data,
> +bool allocate, uint32_t *total_alloc_clusters)

Not super important but personally I always prefer to stick to a "vmdk_" prefix
when naming local identifiers, so that ctags and git grep can take it easy.

> +{
> +int l1_index, l2_offset, l2_index;
> +uint32_t *l2_table;
> +uint32_t cluster_sector;
> +uint32_t nb_clusters;
> +bool zeroed = false;
> +uint64_t skip_start_bytes, skip_end_bytes;
> +int ret;
> +
> +ret = get_cluster_table(extent, offset, &l1_index, &l2_offset,
> +&l2_index, &l2_table);
> +if (ret < 0) {
> +return ret;
> +}
> +
> +cluster_sector = le32_to_cpu(l2_table[l2_index]);
> +
> +skip_start_bytes = vmdk_find_offset_in_cluster(extent, offset);
> +/* Calculate the number of clusters to look for. Here we truncate the 
> last
> + * cluster, i.e. 1 less than the actual value calculated as we may need 
> to
> + * perform COW for the last one. */
> +nb_clusters = DIV_ROUND_UP(skip_start_bytes + *bytes,
> +extent->cluster_sectors << BDRV_SECTOR_BITS) - 1;

Alignment could be improved: here ^

> +
> +nb_clusters = MIN(nb_clusters, extent->l2_size - l2_index);
> +assert(nb_clusters <= INT_MAX);
> +
> +/* update bytes according to final nb_clusters value */
> +if (nb_clusters != 0) {
> +*bytes = ((nb_clusters * extent->cluster_sectors) << 9)

Better use BDRV_SECTOR_BITS instead of 9.

> +- skip_start_bytes;
> +} else {
> +nb_clusters = 1;
> +}
> +*total_alloc_clusters += nb_clusters;

It is weird that you increment *total_alloc_clusters instead of simply assigning
to it, because it's not clear why before reading the caller code.

It's better if you just return nb_clusters from this function (either as a
return value, or assign to *total_alloc_clusters), then do the accumulation in
vmdk_pwritev by adding m_data->nb_clusters, which is simpler.

> +skip_end_bytes = skip_start_bytes + MIN(*bytes,
> + extent->cluster_sectors * BDRV_SECTOR_SIZE
> +- skip_start_bytes);
> +
> +if (extent->has_zero_grain && cluster_sector == VMDK_GTE_ZEROED) {
> +zeroed = true;
> +}
> +
> +if (!cluster_sector || zeroed) {
> +if (!allocate) {
> +return zeroed ? VMDK_ZEROED : VMDK_UNALLOC;
> +}
> +
> +cluster_sector = extent->next_cluster_sector;
> +extent->next_cluster_sector += extent->cluster_sectors
> +* nb_clusters;
> +
> +ret = vmdk_perform_cow(bs, extent, cluster_sector * BDRV_SECTOR_SIZE,
> +   offset, skip_start_bytes,
> +   skip_end_bytes);
> +if (ret < 0) {
> +return ret;
> +}
> +

Re: [Qemu-devel] [PATCH v2 0/6] vhost-user: Specify and implement device IOTLB support

[Michael S. Tsirkin]

On Wed, May 31, 2017 at 04:33:33PM +0800, Jason Wang wrote:
> 
> 
> On 2017年05月31日 02:20, Michael S. Tsirkin wrote:
> > On Fri, May 26, 2017 at 04:28:52PM +0200, Maxime Coquelin wrote:
> > > This series aims at specifying ans implementing the protocol update
> > > required to support device IOTLB with user backends.
> > > 
> > > In this second non-RFC version, main changes are:
> > >   - spec fixes and clarification
> > >   - rings information update has been restored back to ring enablement 
> > > time
> > >   - Work around GCC 4.4.7 limitation wrt assignment in unnamed union at
> > > declaration time.
> > > 
> > > The series can be tested with vhost_iotlb_proto_v2 branch on my gitlab
> > > account[0].
> > > 
> > > The slave requests channel part is re-used from Marc-André's series 
> > > submitted
> > > last year[1], with main changes from original version being 
> > > request/feature
> > > names renaming and addition of the REPLY_ACK feature support.
> > > 
> > > Regarding IOTLB protocol, one noticeable change is the IOTLB miss request
> > > reply made optionnal (i.e. only if slave requests it by setting the
> > > VHOST_USER_NEED_REPLY flag in the message header). This change provides
> > > more flexibility in the backend implementation of the feature.
> > > 
> > > The protocol is very close to kernel backends, except that a new
> > > communication channel is introduced to enable the slave to send
> > > requests to the master.
> > > 
> > > [0]:https://gitlab.com/mcoquelin/dpdk-next-virtio/commits/vhost_iotlb_proto_v2
> > > [1]:https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg00095.html
> > Overall, this looks good to me. I do think patch 3 isn't a good idea
> > though, if slave wants something let it request it.
> > 
> > Need to find out why does vhost in kernel want the used ring iotlb at
> > start time - especially considering we aren't even guaranteed one entry
> > covers the whole ring, and invalidates should affect all addresses at
> > least in theory.
> > 
> > 
> 
> The reason is probably we want to verify whether or not we could correctly
> access used ring in vhost_vq_init_access(). It was there since vhost_net is
> introduced. We can think to remove this limitation maybe.
> 
> Thanks


Well that's only called if iotlb is disabled:

if (!vq->iotlb &&
!access_ok(VERIFY_READ, &vq->used->idx, sizeof vq->used->idx)) {
r = -EFAULT;
goto err;
}

Could you try removing that and see what breaks?

-- 
MST

Re: [Qemu-devel] [PATCH 2/4] spapr: Abolish DRC get_fdt method

[Laurent Vivier]

On 01/06/2017 03:52, David Gibson wrote:
> The DRConnectorClass includes a get_fdt method.  However
>   * There's only one implementation, and there's only likely to ever be one
>   * Both callers are local to spapr_drc
>   * Each caller only uses one half of the actual implementation
> 
> So abolish get_fdt() entirely, and just open-code what we need.
> 
> Signed-off-by: David Gibson 

Reviewed-by: Laurent Vivier 

> ---
>  hw/ppc/spapr_drc.c | 23 ++-
>  include/hw/ppc/spapr_drc.h |  1 -
>  2 files changed, 6 insertions(+), 18 deletions(-)
> 
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index ae8800d..f5b7b68 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -199,14 +199,6 @@ static const char *get_name(sPAPRDRConnector *drc)
>  return drc->name;
>  }
>  
> -static const void *get_fdt(sPAPRDRConnector *drc, int *fdt_start_offset)
> -{
> -if (fdt_start_offset) {
> -*fdt_start_offset = drc->fdt_start_offset;
> -}
> -return drc->fdt;
> -}
> -
>  static void set_configured(sPAPRDRConnector *drc)
>  {
>  trace_spapr_drc_set_configured(get_index(drc));
> @@ -753,7 +745,6 @@ static void spapr_dr_connector_class_init(ObjectClass *k, 
> void *data)
>  drck->get_index = get_index;
>  drck->get_type = get_type;
>  drck->get_name = get_name;
> -drck->get_fdt = get_fdt;
>  drck->set_configured = set_configured;
>  drck->entity_sense = entity_sense;
>  drck->attach = attach;
> @@ -1126,7 +1117,6 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  sPAPRConfigureConnectorState *ccs;
>  sPAPRDRCCResponse resp = SPAPR_DR_CC_RESPONSE_CONTINUE;
>  int rc;
> -const void *fdt;
>  
>  if (nargs != 2 || nret != 1) {
>  rtas_st(rets, 0, RTAS_OUT_PARAM_ERROR);
> @@ -1144,8 +1134,7 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  }
>  
>  drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
> -fdt = drck->get_fdt(drc, NULL);
> -if (!fdt) {
> +if (!drc->fdt) {
>  trace_spapr_rtas_ibm_configure_connector_missing_fdt(drc_index);
>  rc = SPAPR_DR_CC_RESPONSE_NOT_CONFIGURABLE;
>  goto out;
> @@ -1154,7 +1143,7 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  ccs = spapr_ccs_find(spapr, drc_index);
>  if (!ccs) {
>  ccs = g_new0(sPAPRConfigureConnectorState, 1);
> -(void)drck->get_fdt(drc, &ccs->fdt_offset);
> +ccs->fdt_offset = drc->fdt_start_offset;
>  ccs->drc_index = drc_index;
>  spapr_ccs_add(spapr, ccs);
>  }
> @@ -1165,12 +1154,12 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  const struct fdt_property *prop;
>  int fdt_offset_next, prop_len;
>  
> -tag = fdt_next_tag(fdt, ccs->fdt_offset, &fdt_offset_next);
> +tag = fdt_next_tag(drc->fdt, ccs->fdt_offset, &fdt_offset_next);
>  
>  switch (tag) {
>  case FDT_BEGIN_NODE:
>  ccs->fdt_depth++;
> -name = fdt_get_name(fdt, ccs->fdt_offset, NULL);
> +name = fdt_get_name(drc->fdt, ccs->fdt_offset, NULL);
>  
>  /* provide the name of the next OF node */
>  wa_offset = CC_VAL_DATA_OFFSET;
> @@ -1193,9 +1182,9 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  }
>  break;
>  case FDT_PROP:
> -prop = fdt_get_property_by_offset(fdt, ccs->fdt_offset,
> +prop = fdt_get_property_by_offset(drc->fdt, ccs->fdt_offset,
>&prop_len);
> -name = fdt_string(fdt, fdt32_to_cpu(prop->nameoff));
> +name = fdt_string(drc->fdt, fdt32_to_cpu(prop->nameoff));
>  
>  /* provide the name of the next OF property */
>  wa_offset = CC_VAL_DATA_OFFSET;
> diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
> index 813b9ff..80db955 100644
> --- a/include/hw/ppc/spapr_drc.h
> +++ b/include/hw/ppc/spapr_drc.h
> @@ -178,7 +178,6 @@ typedef struct sPAPRDRConnectorClass {
>  uint32_t (*entity_sense)(sPAPRDRConnector *drc, sPAPRDREntitySense 
> *state);
>  
>  /* QEMU interfaces for managing FDT/configure-connector */
> -const void *(*get_fdt)(sPAPRDRConnector *drc, int *fdt_start_offset);
>  void (*set_configured)(sPAPRDRConnector *drc);
>  
>  /* QEMU interfaces for managing hotplug operations */
> 

Re: [Qemu-devel] [PULL v2 0/5] Queued target/sh4 patches

[Peter Maydell]

On 30 May 2017 at 20:15, Aurelien Jarno  wrote:
> The following changes since commit 0748b3526e8cb78b9cd64208426bfc3d54a72b04:
>
>   Merge remote-tracking branch 'kwolf/tags/for-upstream' into staging 
> (2017-05-30 14:15:15 +0100)
>
> are available in the git repository at:
>
>   git://git.aurel32.net/qemu.git tags/pull-target-sh4-20170530
>
> for you to fetch changes up to be53081a619443dc4512039d89345475ef7d9a46:
>
>   target/sh4: fix RTE instruction delay slot (2017-05-30 21:00:56 +0200)
>
> 
> Queued target/sh4 patches
>
> 
> Aurelien Jarno (5):
>   target/sh4: log unauthorized accesses using qemu_log_mask
>   target/sh4: fix reset when using a kernel and an initrd
>   target/sh4: introduce DELAY_SLOT_MASK
>   target/sh4: ignore interrupts in a delay slot
>   target/sh4: fix RTE instruction delay slot

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 01/12] migration: Introduce announce parameters

[Dr. David Alan Gilbert]

* Vlad Yasevich (vyase...@redhat.com) wrote:
> On 06/01/2017 03:02 AM, Jason Wang wrote:
> > 
> > 
> > On 2017年05月31日 02:57, Dr. David Alan Gilbert wrote:
> >> * Vlad Yasevich (vyase...@redhat.com) wrote:
> >>> On 05/26/2017 12:03 AM, Jason Wang wrote:
>  On 2017年05月25日 02:05, Vladislav Yasevich wrote:
> > Add parameters that control RARP/GARP announcement timeouts.
> > The parameters structure is added to the QAPI and a qmp command
> > is added to set/get the parameter data.
> >
> > Based on work by "Dr. David Alan Gilbert"
> >
> > Signed-off-by: Vladislav Yasevich
>  I think it's better to explain e.g under which condition do we need to 
>  tweak such
>  parameters.
> 
>  Thanks
> 
> >>> OK.  I'll rip off what dgilbert wrote in his original series for the 
> >>> description.
> >>>
> >>> Dave, if you have any text to add as to why migration might need to tweak 
> >>> this, I'd
> >>> appreciate it.
> >> Pretty much what I originally said;  that the existing values
> >> are arbitrary and fixed, and for systems with complex/sluggish
> >> network reconfiguration systems they can be too slow.
> >>
> >> Dave
> >>
> > 
> > I agree, but I'm not sure how much it can help in fact unless management 
> > can set
> > configuration specific parameters. And what we did here is best effort, 
> > there's no
> > guarantee that G(R)ARP packet can reach the destination.
> > 
> 
> So, that's what the series allows.  If management knows something new, it can 
> set
> appropriate parameter values.  Additionally, the management is also free to 
> trigger
> additional announcements through the new commands.
> 
> I am starting to think that just for the sake of migration, exposing 
> announce_self
> interface to management might be sufficient.  Management, when it deems 
> migration
> complete, may use the interface to trigger announcements in addition to 
> whatever
> best effort QEMU may attempt itself.
> 
> Dave, would that be enough, or do the parameters still make sense?

I'd still like to be able to set the parameters to be able to work
around the very broken setups that are out there.
The way I got to this point was a hack for a user where I just
increased it so it was doing about 10 seconds of announce which was long
enough for the network to get it's act together.

Dave

> Thanks
> -vlad
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [RFC] Making 'block-stream', and 'block-commit' accept node-name

[Kashyap Chamarthy]

On Wed, May 31, 2017 at 04:57:20PM +0200, Kashyap Chamarthy wrote:
> On Tue, May 30, 2017 at 04:53:23PM +0200, Alberto Garcia wrote:
> > On Mon 29 May 2017 09:03:22 PM CEST, Kashyap Chamarthy wrote:

[...]

> > > While we have `blockdev-{mirror, backup}` as 'node-name'-alternatives
> > > for `drive-{mirror, backup}`, as the eagle-eyed will, the
> > > `block-stream` and `block-commit` commands still operate on file names
> > > for parameters 'base' and 'top'.
> > 
> > block-stream does accept a node name for the top and base images (see
> > 554b614765090f47d and 312fe09cc8af86c).

Indeed it does.  The key here is the 'base-node' parameter.  Thanks!

Test


To turn this:

[A] <-- [B] <-- [C] <-- [D]

Into:

[A] <-- [C] <-- [D]

#--
Check the backing file depth of image [D]:

$ qemu-img info --backing-chain d.qcow2  | grep "backing file:"
backing file: c.qcow2
backing file: b.qcow2
backing file: ./a.qcow2
#--

Perform intermediate streaming:

(QEMU) block-stream device=node-C base-node=node-A job-id=job0  

   
{
"execute": "block-stream", 
"arguments": {
"device": "node-D", 
"job-id": "job0", 
"base-node": "node-A"
}
}
{
"return": {}
}
(QEMU) 
{u'timestamp': {u'seconds': 1496325065, u'microseconds': 808768}, u'data': 
{u'device': u'job0', u'type': u'stream', u'speed': 0, u'len': 41126400, 
u'offset': 41126400}, u'event': u'BLOCK_JOB_COMPLETED'}
#--

Check the backing file depth, it is now: A <- C <- D:

$ qemu-img info --backing-chain d.qcow2  | grep "backing file:"
backing file: c.qcow2
backing file: ./a.qcow2
#--

[...]

-- 
/kashyap

Re: [Qemu-devel] [PATCH v2 08/45] tests: add more int/number ranges checks

[Markus Armbruster]

Marc-André Lureau  writes:

> Suggested by Markus Armbruster:
>
> We should systematically cover the integers, in particular the
> boundaries (because that's where bugs like to hide):
>
> * Integers in [-2^63,0) can be visited with visit_type_int() and
>   visit_type_number().
>
> * Integers in [0,2^63) can be visited with visit_type_int(),
>   visit_type_uint64() and visit_type_number().
>
> * Integers in [2^63,2^64) can be visited with visit_type_uint64() and
>   visit_type_number().
>
> * Integers outside [-2^63,2^53) can be visited with visit_type_number().
>
> In any case, visit_type_number() loses precision beyond 53 bits.
>
> Signed-off-by: Marc-André Lureau 
> ---
>  tests/test-qobject-input-visitor.c | 38 
> --
>  1 file changed, 36 insertions(+), 2 deletions(-)
>
> diff --git a/tests/test-qobject-input-visitor.c 
> b/tests/test-qobject-input-visitor.c
> index 83d663d11d..f2ed3161af 100644
> --- a/tests/test-qobject-input-visitor.c
> +++ b/tests/test-qobject-input-visitor.c
> @@ -102,11 +102,11 @@ static Visitor 
> *visitor_input_test_init_raw(TestInputVisitorData *data,
>  {
>  return visitor_input_test_init_internal(data, false, json_string, NULL);
>  }
> -

Whoops.

>  static void test_visitor_in_int(TestInputVisitorData *data,
>  const void *unused)
>  {
>  int64_t res = 0;
> +double dbl;
>  int value = -42;
>  Visitor *v;
>  
> @@ -114,6 +114,9 @@ static void test_visitor_in_int(TestInputVisitorData 
> *data,
>  
>  visit_type_int(v, NULL, &res, &error_abort);
>  g_assert_cmpint(res, ==, value);
> +
> +visit_type_number(v, NULL, &dbl, &error_abort);
> +g_assert_cmpfloat(dbl, ==, -42.0);
>  }
>  
>  static void test_visitor_in_uint(TestInputVisitorData *data,
> @@ -121,6 +124,8 @@ static void test_visitor_in_uint(TestInputVisitorData 
> *data,
>  {
>  Error *err = NULL;
>  uint64_t res = 0;
> +int64_t i64;
> +double dbl;
>  int value = 42;
>  Visitor *v;
>  
> @@ -129,8 +134,13 @@ static void test_visitor_in_uint(TestInputVisitorData 
> *data,
>  visit_type_uint64(v, NULL, &res, &error_abort);
>  g_assert_cmpuint(res, ==, (uint64_t)value);
>  
> -/* BUG: value between INT64_MIN and -1 accepted modulo 2^64 */
> +visit_type_int(v, NULL, &i64, &error_abort);
> +g_assert_cmpint(i64, ==, value);
>  
> +visit_type_number(v, NULL, &dbl, &error_abort);
> +g_assert_cmpfloat(dbl, ==, value);
> +
> +/* BUG: value between INT64_MIN and -1 accepted modulo 2^64 */
>  v = visitor_input_test_init(data, "%d", -value);
>  
>  visit_type_uint64(v, NULL, &res, &error_abort);
> @@ -142,6 +152,8 @@ static void test_visitor_in_uint(TestInputVisitorData 
> *data,
>  
>  visit_type_uint64(v, NULL, &res, &err);
>  error_free_or_abort(&err);
> +
> +visit_type_number(v, NULL, &dbl, &error_abort);
>  }
>  
>  static void test_visitor_in_int_overflow(TestInputVisitorData *data,
> @@ -260,6 +272,26 @@ static void test_visitor_in_number(TestInputVisitorData 
> *data,
>  g_assert_cmpfloat(res, ==, value);
>  }
>  
> +static void test_visitor_in_large_number(TestInputVisitorData *data,
> + const void *unused)
> +{
> +Error *err = NULL;
> +double res = 0;
> +int64_t i64;
> +uint64_t u64;
> +Visitor *v;
> +
> +v = visitor_input_test_init(data, "-18446744073709551616"); /* -2^64 */
> +
> +visit_type_number(v, NULL, &res, &error_abort);

Shouldn't we check res has the expected value?

> +
> +visit_type_int(v, NULL, &i64, &err);
> +error_free_or_abort(&err);
> +
> +visit_type_uint64(v, NULL, &u64, &err);
> +error_free_or_abort(&err);
> +}

Not sure this is worth its own test.  But then I'm never sure whether to
write heaps of small tests, or few larger ones.  You decide.

> +
>  static void test_visitor_in_number_keyval(TestInputVisitorData *data,
>const void *unused)
>  {
> @@ -1253,6 +1285,8 @@ int main(int argc, char **argv)
> NULL, test_visitor_in_bool_str_fail);
>  input_visitor_test_add("/visitor/input/number",
> NULL, test_visitor_in_number);
> +input_visitor_test_add("/visitor/input/large_number",
> +   NULL, test_visitor_in_large_number);
>  input_visitor_test_add("/visitor/input/number_keyval",
> NULL, test_visitor_in_number_keyval);
>  input_visitor_test_add("/visitor/input/number_str_keyval",

The new tests are welcome, but they don't "systematically cover the
integers".  The easiest fix is to adjust the commit message's claims
down:

tests: Add more int/number ranges checks

Signed-off-by: Marc-André Lureau 

Re: [Qemu-devel] [PATCH V5 6/9] net/colo-compare.c: Make colo-compare support vnet_hdr_len

[Zhang Chen]

On 05/26/2017 01:36 PM, Jason Wang wrote:



On 2017年05月26日 13:35, Jason Wang wrote:



On 2017年05月25日 21:18, Zhang Chen wrote:
@@ -472,7 +474,10 @@ static void colo_compare_connection(void 
*opaque, void *user_data)

  }
if (result) {
-ret = compare_chr_send(&s->chr_out, pkt->data, 
pkt->size);

+ret = compare_chr_send(s,
+   pkt->data,
+   pkt->size,
+   pkt->vnet_hdr_len);


Why not check vnet_hdr support here?  And don't we need strip 
vnet_hdr here? (Since the redirector on destination does not do this)


If we create a normal qemu guest that use virtio-net-pci driver, the 
guest's send packet have the vnet_hdr,
qemu virtio-net-pci driver will strip vnet_hdr then send to external 
network. In COLO we just redirect
or mirror the packet, finally the packet will back to primary qemu 
virtio-net-pci driver, So we just send

the packet.

Thanks
Zhang Chen 


But you send vnet_hdr_len unconditionally, which mean colo-compare 
can not work for redirector with vnet_hdr off now?


No, we input vnet_hdr_len unconditionally but in compare_chr_send() use 
s->vnet_hdr to
decide whether send the vnet_hdr_len field. so colo-compare can work for 
all redirector.




Thanks



Btw, you may consider to update the COLO example in docs for the case 
that needs vnet hdr.


Yes, thanks to remind me.
I will add it in next version.

Thanks
Zhang Chen




Thanks



.



--
Thanks
Zhang Chen

Re: [Qemu-devel] [PATCH v2 1/2] scripts: use build_ prefix for string not piped through cgen()

[Eric Blake]

On 06/01/2017 07:41 AM, Marc-André Lureau wrote:

No 0/2 cover letter?

> Suggested by Markus Armbruster:
> 
> The gen_ prefix is awkward.  Generated C should go through cgen()
> exactly once (see commit 1f9a7a1).  The common way to get this wrong is
> passing a foo=gen_foo() keyword argument to mcgen().  I'd like us to
> adopt a naming convention where gen_ means "something that's been piped
> through cgen(), and thus must not be passed to cgen() or mcgen()".
> Requires renaming gen_params(), gen_marshal_proto() and
> gen_event_send_proto().
> 
> Signed-off-by: Marc-André Lureau 
> ---
>  scripts/qapi.py  |  2 +-
>  scripts/qapi-commands.py |  8 
>  scripts/qapi-event.py| 12 ++--
>  3 files changed, 11 insertions(+), 11 deletions(-)
> 
Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 2/2] qapi: add location comment for generated types

[Eric Blake]

On 06/01/2017 07:41 AM, Marc-André Lureau wrote:
> This may help to find where the origin of the type was declared in the
> json (when greping isn't easy enough).
> 
> Generates the following kind of C comment before types:
> 
>   /* /home/elmarco/src/qemu/qapi/introspect.json:94 */
>   typedef struct SchemaInfo SchemaInfo;

Makes the generated code larger, but for a good cause.  No real impact
to the binary size (well, debug information may be slightly larger based
on line numbers getting higher, but that's in the noise).

> 
> Signed-off-by: Marc-André Lureau 
> ---
>  scripts/qapi.py   | 12 +---
>  scripts/qapi-event.py |  2 +-
>  scripts/qapi-types.py | 18 +-
>  3 files changed, 19 insertions(+), 13 deletions(-)

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PULL 00/22] Docker and block patches

[Fam Zheng]

On Fri, 05/26 15:52, Fam Zheng wrote:
> The following changes since commit 9964e96dccf7f7c936ee854a795415d19b60:
> 
>   Merge remote-tracking branch 'jasowang/tags/net-pull-request' into staging 
> (2017-05-23 15:01:31 +0100)
> 
> are available in the git repository at:
> 
>   git://github.com/famz/qemu.git tags/docker-and-block-pull-request
> 
> for you to fetch changes up to 77269bba94ef97de99ae61fdc98629a8704ae2ed:
> 
>   block: make accounting thread-safe (2017-05-26 09:25:30 +0800)
> 
> 
> 
> For Paolo's block layer thread safety part I and my docker testing
> enhancements.

Just in case this falls through the cracks - the checkpatch.pl error is false
positive and this pull request is ready to go.

Fam

Re: [Qemu-devel] [PATCH v4 7/8] vmdk: Update metadata for multiple clusters

[Fam Zheng]

On Sat, 04/22 10:43, Ashijeet Acharya wrote:
> Include a next pointer in VmdkMetaData struct to point to the previous
> allocated L2 table. Modify vmdk_L2update to start updating metadata for
> allocation of multiple clusters at once.
> 
> Signed-off-by: Ashijeet Acharya 
> ---
>  block/vmdk.c | 129 
> ++-
>  1 file changed, 102 insertions(+), 27 deletions(-)
> 
> diff --git a/block/vmdk.c b/block/vmdk.c
> index 8d34cd9..e52c373 100644
> --- a/block/vmdk.c
> +++ b/block/vmdk.c
> @@ -137,6 +137,8 @@ typedef struct VmdkMetaData {
>  int valid;
>  uint32_t *l2_cache_entry;
>  uint32_t nb_clusters;
> +uint32_t offset;
> +struct VmdkMetaData *next;
>  } VmdkMetaData;
>  
>  typedef struct VmdkGrainMarker {
> @@ -1116,34 +1118,89 @@ exit:
>  return ret;
>  }
>  
> -static int vmdk_L2update(VmdkExtent *extent, VmdkMetaData *m_data,
> - uint32_t offset)
> +static int vmdk_alloc_cluster_link_l2(VmdkExtent *extent,
> +  VmdkMetaData *m_data, bool zeroed)
>  {
> -offset = cpu_to_le32(offset);
> +int i;
> +uint32_t offset, temp_offset;
> +int *l2_table_array;
> +int l2_array_size;
> +
> +if (zeroed) {
> +temp_offset = VMDK_GTE_ZEROED;
> +} else {
> +temp_offset = m_data->offset;
> +}
> +
> +temp_offset = cpu_to_le32(temp_offset);
> +
> +l2_array_size = sizeof(uint32_t) * m_data->nb_clusters;
> +l2_table_array = qemu_try_blockalign(extent->file->bs,
> + QEMU_ALIGN_UP(l2_array_size,
> +   BDRV_SECTOR_SIZE));
> +if (l2_table_array == NULL) {
> +return VMDK_ERROR;
> +}
> +memset(l2_table_array, 0, QEMU_ALIGN_UP(l2_array_size, 
> BDRV_SECTOR_SIZE));
>  /* update L2 table */
> +offset = temp_offset;
> +for (i = 0; i < m_data->nb_clusters; i++) {
> +l2_table_array[i] = offset;
> +if (!zeroed) {
> +offset += 128;

Wrong calculation. offset is in le32 since it was assigned from temp_offset,
which was in turn converted away from cpu endianness a few lines above.

> +}
> +}
>  if (bdrv_pwrite_sync(extent->file,
> -((int64_t)m_data->l2_offset * 512)
> -+ (m_data->l2_index * sizeof(offset)),
> -&offset, sizeof(offset)) < 0) {
> + ((int64_t)m_data->l2_offset * 512)
> + + ((m_data->l2_index) * sizeof(offset)),
> + l2_table_array, l2_array_size) < 0) {
>  return VMDK_ERROR;
>  }
>  /* update backup L2 table */
>  if (extent->l1_backup_table_offset != 0) {
>  m_data->l2_offset = extent->l1_backup_table[m_data->l1_index];
>  if (bdrv_pwrite_sync(extent->file,
> -((int64_t)m_data->l2_offset * 512)
> -+ (m_data->l2_index * sizeof(offset)),
> -&offset, sizeof(offset)) < 0) {
> + ((int64_t)m_data->l2_offset * 512)
> + + ((m_data->l2_index) * sizeof(offset)),
> + l2_table_array, l2_array_size) < 0) {
>  return VMDK_ERROR;
>  }
>  }
> +
> +offset = temp_offset;
>  if (m_data->l2_cache_entry) {
> -*m_data->l2_cache_entry = offset;
> +for (i = 0; i < m_data->nb_clusters; i++) {
> +*m_data->l2_cache_entry = offset;
> +m_data->l2_cache_entry++;
> +
> +if (!zeroed) {
> +offset += 128;

Ditto.

> +}
> +}
>  }
>  
> +qemu_vfree(l2_table_array);
>  return VMDK_OK;
>  }
>  
> +static int vmdk_L2update(VmdkExtent *extent, VmdkMetaData *m_data,
> + bool zeroed)
> +{
> +int ret;
> +
> +while (m_data->next != NULL) {
> +
> +ret = vmdk_alloc_cluster_link_l2(extent, m_data, zeroed);
> +if (ret < 0) {
> +return ret;
> +}
> +
> +m_data = m_data->next;
> + }
> +
> + return VMDK_OK;
> +}
> +
>  /*
>   * vmdk_l2load
>   *
> @@ -1263,7 +1320,7 @@ static int get_cluster_table(VmdkExtent *extent, 
> uint64_t offset,
>   */
>  static int handle_alloc(BlockDriverState *bs, VmdkExtent *extent,
>  uint64_t offset, uint64_t *cluster_offset,
> -int64_t *bytes, VmdkMetaData *m_data,
> +int64_t *bytes, VmdkMetaData **m_data,
>  bool allocate, uint32_t *total_alloc_clusters)
>  {
>  int l1_index, l2_offset, l2_index;
> @@ -1272,6 +1329,7 @@ static int handle_alloc(BlockDriverState *bs, 
> VmdkExtent *extent,
>  uint32_t nb_clusters;
>  bool zeroed = false;
>  uint64_t skip_start_bytes, skip_end_bytes;
> +VmdkMetaData *old_m_data;
>  int ret;
>  
>  ret = get_cluster_table(exte

Re: [Qemu-devel] [PATCH] tests: Add unit tests for the VM Generation ID feature

[Michael S. Tsirkin]

On Thu, Jun 01, 2017 at 08:10:27AM +, Marc-André Lureau wrote:
> Hi
> 
> On Mon, May 29, 2017 at 7:18 PM Ben Warren via Qemu-devel <
> qemu-devel@nongnu.org> wrote:
> 
> From: Ben Warren 
> 
> The following tests are implemented:
> * test that a GUID passed in by command line is propagated to the guest.
>   Read the GUID from guest memory
> * test that the "auto" argument to the GUID generates a valid GUID, as
>   seen by the guest.
> * test that a GUID passed in can be queried from the monitor
> 
>   This patch is loosely based on a previous patch from:
>   Gal Hammer   and Igor Mammedov 
> 
> Signed-off-by: Ben Warren 
> Reviewed-by: Igor Mammedov 
> ---

What happened to indentation here?

> +             * in order to implement the "OVMF SDT Header probe
> suppressor"
> +             * see docs/specs/vmgenid.txt for more details
> +             */
> +            return vgid_table.vgia_val + VMGENID_GUID_OFFSET;
> +        }
> 
> 
> It leaks tables
>  
> Other than that:
> Reviewed-by: Marc-André Lureau 

Ben, are you going to post a version that doesn't leak?

[Qemu-devel] [Bug 1694998] [NEW] PPC: msgsnd instruction leads to assertion

[Kurban Mallachiev]

Public bug reported:

I tried to send doorbells (using msgsnd) between cores in guest OS. On QEMU 
v2.9.0 usage of msgsnd instruction leads to error:
ERROR: <...>/qemu-new/translate-common.c:34:tcg_handle_interrupt: assertion 
failed: (qemu_mutex_iothread_locked())


QEMU v2.8.0 works fine.

QEMU run options: qemu-system-ppc -serial stdio -M ppce500 -cpu e500mc
-smp 2 -m 512M -kernel pok.elf

pok.elf attached

** Affects: qemu
 Importance: Undecided
 Status: New

** Attachment added: "os image"
   https://bugs.launchpad.net/bugs/1694998/+attachment/4887363/+files/pok.elf

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1694998

Title:
  PPC: msgsnd instruction leads to assertion

Status in QEMU:
  New

Bug description:
  I tried to send doorbells (using msgsnd) between cores in guest OS. On QEMU 
v2.9.0 usage of msgsnd instruction leads to error:
  ERROR: <...>/qemu-new/translate-common.c:34:tcg_handle_interrupt: assertion 
failed: (qemu_mutex_iothread_locked())

  
  QEMU v2.8.0 works fine.

  QEMU run options: qemu-system-ppc -serial stdio -M ppce500 -cpu e500mc
  -smp 2 -m 512M -kernel pok.elf

  pok.elf attached

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1694998/+subscriptions

Re: [Qemu-devel] [Qemu-ppc] [PATCHv4 3/5] pseries: Move CPU compatibility property to machine

[David Gibson]

On Thu, Jun 01, 2017 at 09:29:08AM +0200, Greg Kurz wrote:
> On Thu, 01 Jun 2017 15:44:40 +1000
> Suraj Jitindar Singh  wrote:
> 
> > On Fri, 2017-05-26 at 15:23 +1000, David Gibson wrote:
> > > Server class POWER CPUs have a "compat" property, which is used to
> > > set the
> > > backwards compatibility mode for the processor.  However, this only
> > > makes
> > > sense for machine types which don't give the guest access to
> > > hypervisor
> > > privilege - otherwise the compatibility level is under the guest's
> > > control.
> > > 
> > > To reflect this, this removes the CPU 'compat' property and instead
> > > creates a 'max-cpu-compat' property on the pseries machine.  Strictly
> > > speaking this breaks compatibility, but AFAIK the 'compat' option was
> > > never (directly) used with -device or device_add.
> > > 
> > > The option was used with -cpu.  So, to maintain compatibility, this
> > > patch adds a hack to the cpu option parsing to strip out any compat
> > > options supplied with -cpu and set them on the machine property
> > > instead of the now deprecated cpu property.  
> > 
> > Generally looks good, a couple of comments below.
> > 
> > Suraj
> > 
> > > 
> > > Signed-off-by: David Gibson 
> > > ---
> > >  hw/ppc/spapr.c  |   6 ++-
> > >  hw/ppc/spapr_cpu_core.c |  56 +++-
> > >  hw/ppc/spapr_hcall.c|   8 ++--
> > >  include/hw/ppc/spapr.h  |  12 --
> > >  target/ppc/compat.c | 102
> > > 
> > >  target/ppc/cpu.h|   5 ++-
> > >  target/ppc/translate_init.c |  86 +++---
> > > ---
> > >  7 files changed, 202 insertions(+), 73 deletions(-)
> > > 
> > > diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> > > index ab3aab1..3c4e88f 100644
> > > --- a/hw/ppc/spapr.c
> > > +++ b/hw/ppc/spapr.c
> > > @@ -2134,7 +2134,7 @@ static void ppc_spapr_init(MachineState
> > > *machine)
> > >  machine->cpu_model = kvm_enabled() ? "host" : smc-  
> > > >tcg_default_cpu;  
> > >  }
> > >  
> > > -ppc_cpu_parse_features(machine->cpu_model);
> > > +spapr_cpu_parse_features(spapr);
> > >  
> > >  spapr_init_cpus(spapr);
> > >  
> > > @@ -2497,6 +2497,10 @@ static void spapr_machine_initfn(Object *obj)
> > >  " place of standard EPOW events
> > > when possible"
> > >  " (required for memory hot-
> > > unplug support)",
> > >  NULL);
> > > +
> > > +ppc_compat_add_property(obj, "max-cpu-compat", &spapr-  
> > > >max_compat_pvr,  
> > > +"Maximum permitted CPU compatibility
> > > mode",
> > > +&error_fatal);
> > >  }
> > >  
> > >  static void spapr_machine_finalizefn(Object *obj)
> > > diff --git a/hw/ppc/spapr_cpu_core.c b/hw/ppc/spapr_cpu_core.c
> > > index ff7058e..ab4102b 100644
> > > --- a/hw/ppc/spapr_cpu_core.c
> > > +++ b/hw/ppc/spapr_cpu_core.c
> > > @@ -20,6 +20,58 @@
> > >  #include "sysemu/numa.h"
> > >  #include "qemu/error-report.h"
> > >  
> > > +void spapr_cpu_parse_features(sPAPRMachineState *spapr)
> > > +{
> > > +/*
> > > + * Backwards compatibility hack:
> > > + *
> > > + *   CPUs had a "compat=" property which didn't make sense for
> > > + *   anything except pseries.  It was replaced by "max-cpu-
> > > compat"
> > > + *   machine option.  This supports old command lines like
> > > + *   -cpu POWER8,compat=power7
> > > + *   By stripping the compat option and applying it to the
> > > machine
> > > + *   before passing it on to the cpu level parser.
> > > + */
> > > +gchar **inpieces;
> > > +int i, j;
> > > +gchar *compat_str = NULL;
> > > +
> > > +inpieces = g_strsplit(MACHINE(spapr)->cpu_model, ",", 0);
> > > +
> > > +/* inpieces[0] is the actual model string */
> > > +i = 1;
> > > +j = 1;
> > > +while (inpieces[i]) {
> > > +if (g_str_has_prefix(inpieces[i], "compat=")) {
> > > +/* in case of multiple compat= optipons */  
> > 
> > s/optipons/options?
> > 
> > > +g_free(compat_str);
> > > +compat_str = inpieces[i];
> > > +} else {
> > > +j++;
> > > +}
> > > +
> > > +/* Excise compat options from list */
> > > +inpieces[j] = inpieces[i];  
> > 
> > it's worth noting that where previously when specifying an invalid
> > option you got:
> > 
> > qemu-system-ppc64: Expected key=value format, found *blah*
> > 
> > You now get a segfault here.
> > 
> 
> Yeah. This basically does:
> 
> inpieces[i + 1] = inpieces[i];
> 
> and we end up overwriting the terminal NULL pointer with a non-NULL
> pointer.
> 
> What about simplifying the loop to:
> 
> /* inpieces[0] is the actual model string */
> i = 1;
> while (inpieces[i]) {
> if (g_str_has_prefix(inpieces[i], "compat=")) {
> /* in case of m

Re: [Qemu-devel] [PATCH] msi: remove return code for msi_init()

[Paolo Bonzini]

On 01/06/2017 10:27, Marcel Apfelbaum wrote:
> On 31/05/2017 11:28, Paolo Bonzini wrote:
>> No, for now I'd rather just go and remove msi_nonbroken.  When someone
>> reports a bug, we can add back "msi_broken".
> 
> Hi,
> I agree with the direction, but I am concerned msi_nonbroken is there
> for a reason.
> We might break some (obscure/not in use) machine.
> Maybe we should CC all arch machine maintainers/contributors to give
> them a chance to object...

Yeah, Alpha, MIPS and SH are those that support PCI.  Adding Richard and
Aurelien, do your platforms support MSI on real hardware but not in QEMU?

Thanks,

Paolo

Re: [Qemu-devel] [PULL 00/33] Misc patches for 2017-06-01

[no-reply]

Hi,

This series failed automatic build test. Please find the testing commands and
their output below. If you have docker installed, you can probably reproduce it
locally.

Message-id: 1496320911-51305-1-git-send-email-pbonz...@redhat.com
Type: series
Subject: [Qemu-devel] [PULL 00/33] Misc patches for 2017-06-01

=== TEST SCRIPT BEGIN ===
#!/bin/bash
set -e
git submodule update --init dtc
# Let docker tests dump environment info
export SHOW_ENV=1
export J=8
time make docker-test-quick@centos6
time make docker-test-mingw@fedora
time make docker-test-build@min-glib
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Auto packing the repository in background for optimum performance.
See "git help gc" for manual housekeeping.
Switched to a new branch 'test'
1ebbf04 kvm: don't register smram_listener when smm is off
f4b3f7c nbd: make it thread-safe, fix qcow2 over nbd
d4a18e8 hw/core: nmi.c can be compiled as common-obj nowadays
c06c4af target/i386: Add GDB XML description for SSE registers
4344a48 i386/kvm: do not zero out segment flags if segment is unusable or not 
present
e86883d edu: fix memory leak on msi_broken platforms
be6d7fd linuxboot_dma: compile for i486
14947d1 kvmclock: update system_time_msr address forcibly
5001e27 qtest: add rtc periodic timer test
97bb2fa nbd: Fully initialize client in case of failed negotiation
5d9ae3d exec: fix address_space_get_iotlb_entry page mask
f778d29 sockets: improve error reporting if UNIX socket path is too long
d7a4856 i386: fix read/write cr with icount option
188dc83 target/i386: use multiple CPU AddressSpaces
8efdf10 target/i386: enable A20 automatically in system management mode
cc48f9a vhost-user-scsi: Introduce a vhost-user-scsi sample application
f2e2614 vhost-user-scsi: Introduce vhost-user-scsi host device
8b2ecdf virtio-scsi: Unset hotplug handler when unrealize
7d172d8 exec: simplify phys_page_find() params
cc24c0d nbd/client.c: use errp instead of LOG
8581947 nbd: add errp to read_sync, write_sync and drop_sync
049fa7e nbd: add errp parameter to nbd_wr_syncv()
6715ff30 nbd: read_sync and friends: return 0 on success
7ebb76e nbd: strict nbd_wr_syncv
3e8b635 Check the return value of fcntl in qemu_set_cloexec
cb9ada7 kvm: irqchip: skip update msi when disabled
302dc31 msix: trace control bit write op
fb29a24 kvm: irqchip: trace changes on msi add/remove
e6cd374 mc146818rtc: embrace all x86 specific code
88f77c2 mc146818rtc: drop unnecessary '#ifdef TARGET_I386'
546abbc mc146818rtc: ensure LOST_TICK_POLICY_SLEW is only enabled on TARGET_I386
1b2152e mc146818rtc: precisely count the clock for periodic timer
472d959 mc146818rtc: update periodic timer only if it is needed

=== OUTPUT BEGIN ===
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Cloning into '/var/tmp/patchew-tester-tmp-aqow9c0d/src/dtc'...
Submodule path 'dtc': checked out '558cd81bdd432769b59bff01240c44f82cfb1a9d'
  BUILD   centos6
make[1]: Entering directory '/var/tmp/patchew-tester-tmp-aqow9c0d/src'
  ARCHIVE qemu.tgz
  ARCHIVE dtc.tgz
  COPYRUNNER
RUN test-quick in qemu:centos6 
Packages installed:
SDL-devel-1.2.14-7.el6_7.1.x86_64
ccache-3.1.6-2.el6.x86_64
epel-release-6-8.noarch
gcc-4.4.7-17.el6.x86_64
git-1.7.1-4.el6_7.1.x86_64
glib2-devel-2.28.8-5.el6.x86_64
libfdt-devel-1.4.0-1.el6.x86_64
make-3.81-23.el6.x86_64
package g++ is not installed
pixman-devel-0.32.8-1.el6.x86_64
tar-1.23-15.el6_8.x86_64
zlib-devel-1.2.3-29.el6.x86_64

Environment variables:
PACKAGES=libfdt-devel ccache tar git make gcc g++ zlib-devel 
glib2-devel SDL-devel pixman-devel epel-release
HOSTNAME=6936da52fa5d
TERM=xterm
MAKEFLAGS= -j8
HISTSIZE=1000
J=8
USER=root
CCACHE_DIR=/var/tmp/ccache
EXTRA_CONFIGURE_OPTS=
V=
SHOW_ENV=1
MAIL=/var/spool/mail/root
PATH=/usr/lib/ccache:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
LANG=en_US.UTF-8
TARGET_LIST=
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
TEST_DIR=/tmp/qemu-test
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
FEATURES= dtc
DEBUG=
G_BROKEN_FILENAMES=1
CCACHE_HASHDIR=
_=/usr/bin/env

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu 
--prefix=/var/tmp/qemu-build/install
No C++ compiler available; disabling C++ specific optional code
Install prefix/var/tmp/qemu-build/install
BIOS directory/var/tmp/qemu-build/install/share/qemu
binary directory  /var/tmp/qemu-build/install/bin
library directory /var/tmp/qemu-build/install/lib
module directory  /var/tmp/qemu-build/install/lib/qemu
libexec directory /var/tmp/qemu-build/install/libexec
include directory /var/tmp/qemu-build/install/include
config directory  /var/tmp/qemu-build/install/etc
local state directory   /var/tmp/qemu-build/install/var
Manual directory  /var/tmp/qemu-build/install/share/man
ELF interp prefix /usr/gnemul/qemu-%M
Source path   /tmp/qemu-test/src
C compilercc
Host C compiler   cc
C++ compiler  
Objective-C compiler cc
ARFLAGS   r

Re: [Qemu-devel] [PATCH] cpus: reset throttle_thread_scheduled after sleep

[Dr. David Alan Gilbert]

* Jason J. Herne (jjhe...@linux.vnet.ibm.com) wrote:
> On 05/19/2017 05:29 PM, Felipe Franciosi wrote:
> > Currently, the throttle_thread_scheduled flag is reset back to 0 before
> > sleeping (as part of the throttling logic). Given that throttle_timer
> > (well, any timer) may tick with a slight delay, it so happens that under
> > heavy throttling (ie. close or on CPU_THROTTLE_PCT_MAX) the tick may
> > schedule a further cpu_throttle_thread() work item after the flag reset,
> > but before the previous sleep completed. This results on the vCPU thread
> > sleeping continuously for potentially several seconds in a row.
> > 
> > The chances of that happening can be drastically minimised by resetting
> > the flag after the sleep.
> > 
> > Signed-off-by: Felipe Franciosi 
> > Signed-off-by: Malcolm Crossley 
> > ---
> >  cpus.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/cpus.c b/cpus.c
> > index 516e5cb..f42eebd 100644
> > --- a/cpus.c
> > +++ b/cpus.c
> > @@ -677,9 +677,9 @@ static void cpu_throttle_thread(CPUState *cpu, 
> > run_on_cpu_data opaque)
> >  sleeptime_ns = (long)(throttle_ratio * CPU_THROTTLE_TIMESLICE_NS);
> > 
> >  qemu_mutex_unlock_iothread();
> > -atomic_set(&cpu->throttle_thread_scheduled, 0);
> >  g_usleep(sleeptime_ns / 1000); /* Convert ns to us for usleep call */
> >  qemu_mutex_lock_iothread();
> > +atomic_set(&cpu->throttle_thread_scheduled, 0);
> >  }
> > 
> >  static void cpu_throttle_timer_tick(void *opaque)
> > 
> 
> This seems to make sense to me.
> 
> Acked-by: Jason J. Herne 
> 
> I'm CC'ing Juan, Amit and David as they are all active in the migration area
> and may have
> opinions on this. Juan and David were also reviewers for the original
> series.

The description is interesting and sounds reasonable; it'll be
interesting to see what difference it makes to the autoconverge
behaviour for those workloads that need this level of throttle.

Dave

> -- 
> -- Jason J. Herne (jjhe...@linux.vnet.ibm.com)
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH 1/2] qcow2: add reduce image support

[Kevin Wolf]

Am 31.05.2017 um 16:43 hat Pavel Butsykin geschrieben:
> This patch adds the reduction of the image file for qcow2. As a result, this
> allows us to reduce the virtual image size and free up space on the disk 
> without
> copying the image. Image can be fragmented and reduction is done by punching
> holes in the image file.
> 
> Signed-off-by: Pavel Butsykin 
> ---
>  block/qcow2-cache.c|  8 +
>  block/qcow2-cluster.c  | 83 
> ++
>  block/qcow2-refcount.c | 65 +++
>  block/qcow2.c  | 40 ++--
>  block/qcow2.h  |  4 +++
>  qapi/block-core.json   |  4 ++-
>  6 files changed, 193 insertions(+), 11 deletions(-)
> 
> diff --git a/block/qcow2-cache.c b/block/qcow2-cache.c
> index 1d25147392..da55118ca7 100644
> --- a/block/qcow2-cache.c
> +++ b/block/qcow2-cache.c
> @@ -411,3 +411,11 @@ void qcow2_cache_entry_mark_dirty(BlockDriverState *bs, 
> Qcow2Cache *c,
>  assert(c->entries[i].offset != 0);
>  c->entries[i].dirty = true;
>  }
> +
> +void qcow2_cache_entry_mark_clean(BlockDriverState *bs, Qcow2Cache *c,
> + void *table)
> +{
> +int i = qcow2_cache_get_table_idx(bs, c, table);
> +assert(c->entries[i].offset != 0);
> +c->entries[i].dirty = false;
> +}

This is an interesting function. We can use it whenever we're not
interested in the content of the table any more. However, we still keep
that data in the cache and may even evict other tables before this one.
The data in the cache also becomes inconsistent with the data in the
file, which should not be a problem in theory (because nobody should be
using it), but it surely could be confusing when debugging something in
the cache.

We can easily improve this a little: Make it qcow2_cache_discard(), a
function that gets a cluster offset, asserts that a table at this
offset isn't in use (not cached or ref == 0), and then just directly
drops it from the cache. This can be called from update_refcount()
whenever a refcount goes to 0, immediately before or after calling
update_refcount_discard() - those two are closely related. Then this
would automatically also be used for L2 tables.

Adding this mechanism could be a patch of its own.

> diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
> index 347d94b0d2..47e04d7317 100644
> --- a/block/qcow2-cluster.c
> +++ b/block/qcow2-cluster.c
> @@ -32,6 +32,89 @@
>  #include "qemu/bswap.h"
>  #include "trace.h"
>  
> +int qcow2_reduce_l1_table(BlockDriverState *bs, uint64_t max_size)

Let's call this shrink, it's easier to understand and consistent with
qcow2_reftable_shrink() that this patch adds, too.

> +{
> +BDRVQcow2State *s = bs->opaque;
> +int64_t new_l1_size_bytes, free_l1_clusters;
> +uint64_t *new_l1_table;
> +int new_l1_size, i, ret;
> +
> +if (max_size >= s->l1_size) {
> +return 0;
> +}
> +
> +new_l1_size = max_size;
> +
> +#ifdef DEBUG_ALLOC2
> +fprintf(stderr, "reduce l1_table from %d to %" PRId64 "\n",
> +s->l1_size, new_l1_size);
> +#endif
> +
> +ret = qcow2_cache_flush(bs, s->l2_table_cache);
> +if (ret < 0) {
> +return ret;
> +}
> +
> +BLKDBG_EVENT(bs->file, BLKDBG_L1_REDUCE_FREE_L2_CLUSTERS);
> +for (i = s->l1_size - 1; i > new_l1_size - 1; i--) {
> +if ((s->l1_table[i] & L1E_OFFSET_MASK) == 0) {
> +continue;
> +}
> +qcow2_free_clusters(bs, s->l1_table[i] & L1E_OFFSET_MASK,
> +s->l2_size * sizeof(uint64_t),
> +QCOW2_DISCARD_ALWAYS);
> +}
> +
> +new_l1_size_bytes = sizeof(uint64_t) * new_l1_size;

On 32 bit hosts, this does a 32 bit calculation and assigns it to a 64
bit value. I think this is still correct because new_l1_size_bytes is
limited by QCOW_MAX_L1_SIZE (0x200).

If this is the intention, maybe it would be more obvious to use a
normal int for new_l1_size_bytes, or to assert(new_l1_size <=
QCOW_MAX_L1_SIZE / sizeof(uint64_t)) before this line.

> +BLKDBG_EVENT(bs->file, BLKDBG_L1_REDUCE_WRITE_TABLE);
> +ret = bdrv_pwrite_zeroes(bs->file, s->l1_table_offset + 
> new_l1_size_bytes,
> + s->l1_size * sizeof(uint64_t) - 
> new_l1_size_bytes,
> + 0);

s->l1_table and the on-disk content are out of sync now. Error paths
must bring them back into sync from now on.

This is easier with the approach of qcow2_grow_l1_table(), which creates
a completely new L1 table and then atomically switches from old to new
with a header update.

> +if (ret < 0) {
> +return ret;
> +}
> +
> +ret = bdrv_flush(bs->file->bs);
> +if (ret < 0) {
> +return ret;
> +}

In both of these error cases, we don't know the actual state of the L1
table on disk.

> +/* set new table size */
> +BLKDBG_EVENT(bs->file, BLKDBG_L1_REDUCE_ACTIVATE_TABLE);
> +new_l1_size = cpu_to_be32(new_l1_size);
> + 

Re: [Qemu-devel] [PATCH] tests: Add unit tests for the VM Generation ID feature

[Ben Warren via Qemu-devel]

> On Jun 1, 2017, at 7:21 AM, Michael S. Tsirkin  wrote:
> 
> On Thu, Jun 01, 2017 at 08:10:27AM +, Marc-André Lureau wrote:
>> Hi
>> 
>> On Mon, May 29, 2017 at 7:18 PM Ben Warren via Qemu-devel <
>> qemu-devel@nongnu.org> wrote:
>> 
>>From: Ben Warren 
>> 
>>The following tests are implemented:
>>* test that a GUID passed in by command line is propagated to the guest.
>>  Read the GUID from guest memory
>>* test that the "auto" argument to the GUID generates a valid GUID, as
>>  seen by the guest.
>>* test that a GUID passed in can be queried from the monitor
>> 
>>  This patch is loosely based on a previous patch from:
>>  Gal Hammer   and Igor Mammedov 
>> 
>>Signed-off-by: Ben Warren 
>>Reviewed-by: Igor Mammedov 
>>---
> 
> What happened to indentation here?
> 
I don’t know, this is unchanged from the patch that passed through the gauntlet 
earlier this year, other than rebasing.  If you can please clarify exactly what 
you see that is wrong, that’ll be helpful.

>>+ * in order to implement the "OVMF SDT Header probe
>>suppressor"
>>+ * see docs/specs/vmgenid.txt for more details
>>+ */
>>+return vgid_table.vgia_val + VMGENID_GUID_OFFSET;
>>+}
>> 
>> 
>> It leaks tables
>>  
>> Other than that:
>> Reviewed-by: Marc-André Lureau 
> 
> Ben, are you going to post a version that doesn't leak?
Yes, I’ll try to get to it today.

—Ben

Re: [Qemu-devel] [PATCH v4 0/8] Optimize VMDK I/O by allocating multiple clusters

[Fam Zheng]

On Sat, 04/22 10:43, Ashijeet Acharya wrote:
> Changes in v4:
> - fix commit message in patch 1 (fam)
> - drop size_to_clusters() function (fam)
> - fix grammatical errors in function documentations (fam)
> - factor out metadata loading coding in a separate patch (patch 4) (fam)
> - rename vmdk_alloc_cluster_offset() to vmdk_alloc_clusters() (fam)
> - break patch 4(in v3) into separate patches (patch 3 and 8) (fam)
> - rename extent_size to extent_end (fam)
> - use QEMU_ALIGN_UP instead of vmdk_align_offset. (fam)
> - drop next and simply do m_data = m_data->next (fam)

I still don't like the m_data linked list but as this is a huge performance
improvement, I think we can merge this once the few bugs are addressed, then
clean up things on top.

Thanks,

Fam

[Qemu-devel] [PATCH v2 0/4] some gdbstub fixes for debug and vcont

[Alex Bennée]

Hi,

This is a follow up v2 of the patches I posted yesterday. There are
two new patches. The first is a simple name change to make the purpose
of the function clearer. The second new patch now fixes the bug by
making the thread-id consistent when reporting it via the gdbstub. It
also reduces the size of CPUState by avoiding duplication of
information already available in TaskStruct. The original fix is still
in the series although its theoretical (but still correct) for my test
case which now uses the correct thread-id.

Alex Bennée (4):
  gdbstub: modernise DEBUG_GDB
  gdbstub: rename cpu_index -> cpu_gdb_index
  qom/cpu: remove host_tid field
  gdbstub: don't fail on vCont;C04:0;c packets

 gdbstub.c  | 117 -
 include/exec/gdbstub.h |   9 
 include/qom/cpu.h  |   2 -
 linux-user/syscall.c   |   1 -
 4 files changed, 57 insertions(+), 72 deletions(-)

-- 
2.13.0

[Qemu-devel] [PATCH v2 4/4] gdbstub: don't fail on vCont; C04:0; c packets

[Alex Bennée]

The thread-id of 0 means any CPU but we then ignore the fact we find
the first_cpu in this case who can have an index of 0. Instead of
bailing out just test if we have managed to match up thread-id to a
CPU.

Otherwise you get:
  gdb_handle_packet: command='vCont;C04:0;c'
  put_packet: reply='E22'

The actual reason for gdb sending vCont;C04:0;c was fixed in a
previous commit where we ensure the first_cpu's tid is correctly
reported to gdb however we should still behave correctly next time it
does send 0.

Signed-off-by: Alex Bennée 
Reviewed-by: Greg Kurz 

---
v2
  - used Greg's less convoluted suggestion
  - expand commit message
---
 gdbstub.c | 15 ---
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index 45a3a0b16b..6b1e72e9f7 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -937,23 +937,16 @@ static int gdb_handle_vcont(GDBState *s, const char *p)
 if (res) {
 goto out;
 }
-idx = tmp;
+
 /* 0 means any thread, so we pick the first valid CPU */
-if (!idx) {
-idx = cpu_gdb_index(first_cpu);
-}
+cpu = tmp ? find_cpu(tmp) : first_cpu;
 
-/*
- * If we are in user mode, the thread specified is actually a
- * thread id, and not an index. We need to find the actual
- * CPU first, and only then we can use its index.
- */
-cpu = find_cpu(idx);
 /* invalid CPU/thread specified */
-if (!idx || !cpu) {
+if (!cpu) {
 res = -EINVAL;
 goto out;
 }
+
 /* only use if no previous match occourred */
 if (newstates[cpu->cpu_index] == 1) {
 newstates[cpu->cpu_index] = cur_action;
-- 
2.13.0

[Qemu-devel] [PATCH v2 3/4] qom/cpu: remove host_tid field

[Alex Bennée]

This was only used by the gdbstub and even then was only being set for
subsequent threads. Rather the continue duplicating the number just
make the gdbstub get the information from TaskState structure.

Now the tid is correctly reported for all threads the bug I was seeing
with "vCont;C04:0;c" packets is fixed as the correct tid is reported
to gdb.

I moved cpu_gdb_index into the gdbstub to facilitate easy access to
the TaskState which is used elsewhere in gdbstub.

Signed-off-by: Alex Bennée 
---
 gdbstub.c  | 15 +++
 include/exec/gdbstub.h | 14 --
 include/qom/cpu.h  |  2 --
 linux-user/syscall.c   |  1 -
 4 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index 026d1fe6bb..45a3a0b16b 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -55,6 +55,21 @@ static inline int target_memory_rw_debug(CPUState *cpu, 
target_ulong addr,
 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
 }
 
+/* Return the GDB index for a given vCPU state.
+ *
+ * For user mode this is simply the thread id. In system mode GDB
+ * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
+ */
+static inline int cpu_gdb_index(CPUState *cpu)
+{
+#if defined(CONFIG_USER_ONLY)
+TaskState *ts = (TaskState *) cpu->opaque;
+return ts->ts_tid;
+#else
+return cpu->cpu_index + 1;
+#endif
+}
+
 enum {
 GDB_SIGNAL_0 = 0,
 GDB_SIGNAL_INT = 2,
diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index c4fe567600..9aa7756d92 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -58,20 +58,6 @@ void gdb_register_coprocessor(CPUState *cpu,
   gdb_reg_cb get_reg, gdb_reg_cb set_reg,
   int num_regs, const char *xml, int g_pos);
 
-/* Return the GDB index for a given vCPU state.
- *
- * For user mode this is simply the thread id. In system mode GDB
- * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
- */
-static inline int cpu_gdb_index(CPUState *cpu)
-{
-#if defined(CONFIG_USER_ONLY)
-return cpu->host_tid;
-#else
-return cpu->cpu_index + 1;
-#endif
-}
-
 /* The GDB remote protocol transfers values in target byte order.  This means
  * we can use the raw memory access routines to access the value buffer.
  * Conveniently, these also handle the case where the buffer is mis-aligned.
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 55214ce131..909e7ae994 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -266,7 +266,6 @@ struct qemu_work_item;
  * @nr_cores: Number of cores within this CPU package.
  * @nr_threads: Number of threads within this CPU.
  * @numa_node: NUMA node this CPU is belonging to.
- * @host_tid: Host thread ID.
  * @running: #true if CPU is currently running (lockless).
  * @has_waiter: #true if a CPU is currently waiting for the cpu_exec_end;
  * valid under cpu_list_lock.
@@ -321,7 +320,6 @@ struct CPUState {
 HANDLE hThread;
 #endif
 int thread_id;
-uint32_t host_tid;
 bool running, has_waiter;
 struct QemuCond *halt_cond;
 bool thread_kicked;
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index cec8428589..cada188e58 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6216,7 +6216,6 @@ static void *clone_func(void *arg)
 thread_cpu = cpu;
 ts = (TaskState *)cpu->opaque;
 info->tid = gettid();
-cpu->host_tid = info->tid;
 task_settid(ts);
 if (info->child_tidptr)
 put_user_u32(info->tid, info->child_tidptr);
-- 
2.13.0

[Qemu-devel] [PATCH v2 2/4] gdbstub: rename cpu_index -> cpu_gdb_index

[Alex Bennée]

This is to make it clear the index is purely a gdbstub function and
should not be confused with the value of cpu->cpu_index.

Signed-off-by: Alex Bennée 
---
 gdbstub.c  | 12 ++--
 include/exec/gdbstub.h |  7 ++-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index a249846954..026d1fe6bb 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -837,7 +837,7 @@ static CPUState *find_cpu(uint32_t thread_id)
 CPUState *cpu;
 
 CPU_FOREACH(cpu) {
-if (cpu_index(cpu) == thread_id) {
+if (cpu_gdb_index(cpu) == thread_id) {
 return cpu;
 }
 }
@@ -925,7 +925,7 @@ static int gdb_handle_vcont(GDBState *s, const char *p)
 idx = tmp;
 /* 0 means any thread, so we pick the first valid CPU */
 if (!idx) {
-idx = cpu_index(first_cpu);
+idx = cpu_gdb_index(first_cpu);
 }
 
 /*
@@ -975,7 +975,7 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 case '?':
 /* TODO: Make this return the correct value for user-mode.  */
 snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
- cpu_index(s->c_cpu));
+ cpu_gdb_index(s->c_cpu));
 put_packet(s, buf);
 /* Remove all the breakpoints when this query is issued,
  * because gdb is doing and initial connect and the state
@@ -1243,7 +1243,7 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 } else if (strcmp(p,"sThreadInfo") == 0) {
 report_cpuinfo:
 if (s->query_cpu) {
-snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
+snprintf(buf, sizeof(buf), "m%x", cpu_gdb_index(s->query_cpu));
 put_packet(s, buf);
 s->query_cpu = CPU_NEXT(s->query_cpu);
 } else
@@ -1400,7 +1400,7 @@ static void gdb_vm_state_change(void *opaque, int 
running, RunState state)
 }
 snprintf(buf, sizeof(buf),
  "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
- GDB_SIGNAL_TRAP, cpu_index(cpu), type,
+ GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
  (target_ulong)cpu->watchpoint_hit->vaddr);
 cpu->watchpoint_hit = NULL;
 goto send_packet;
@@ -1434,7 +1434,7 @@ static void gdb_vm_state_change(void *opaque, int 
running, RunState state)
 break;
 }
 gdb_set_stop_cpu(cpu);
-snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
+snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_gdb_index(cpu));
 
 send_packet:
 put_packet(s, buf);
diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index f9708bbcd6..c4fe567600 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -58,7 +58,12 @@ void gdb_register_coprocessor(CPUState *cpu,
   gdb_reg_cb get_reg, gdb_reg_cb set_reg,
   int num_regs, const char *xml, int g_pos);
 
-static inline int cpu_index(CPUState *cpu)
+/* Return the GDB index for a given vCPU state.
+ *
+ * For user mode this is simply the thread id. In system mode GDB
+ * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
+ */
+static inline int cpu_gdb_index(CPUState *cpu)
 {
 #if defined(CONFIG_USER_ONLY)
 return cpu->host_tid;
-- 
2.13.0

[Qemu-devel] [PATCH v2 1/4] gdbstub: modernise DEBUG_GDB

[Alex Bennée]

Convert the a gdb_debug helper which compiles away to nothing when not
used but still ensures the format strings are checked. There is some
minor code motion for the incorrect checksum message to report it
before we attempt to send the reply.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
Reviewed-by: Greg Kurz 
---
 gdbstub.c | 77 +++
 1 file changed, 33 insertions(+), 44 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index 86eed4f97c..a249846954 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -271,7 +271,20 @@ static int gdb_signal_to_target (int sig)
 return -1;
 }
 
-//#define DEBUG_GDB
+/* #define DEBUG_GDB */
+
+#ifdef DEBUG_GDB
+# define DEBUG_GDB_GATE 1
+#else
+# define DEBUG_GDB_GATE 0
+#endif
+
+#define gdb_debug(fmt, ...) do { \
+if (DEBUG_GDB_GATE) { \
+fprintf(stderr, "%s: " fmt, __func__, ## __VA_ARGS__); \
+} \
+} while (0)
+
 
 typedef struct GDBRegisterState {
 int base_reg;
@@ -547,9 +560,7 @@ static int put_packet_binary(GDBState *s, const char *buf, 
int len)
 /* return -1 if error, 0 if OK */
 static int put_packet(GDBState *s, const char *buf)
 {
-#ifdef DEBUG_GDB
-printf("reply='%s'\n", buf);
-#endif
+gdb_debug("reply='%s'\n", buf);
 
 return put_packet_binary(s, buf, strlen(buf));
 }
@@ -955,9 +966,9 @@ static int gdb_handle_packet(GDBState *s, const char 
*line_buf)
 uint8_t *registers;
 target_ulong addr, len;
 
-#ifdef DEBUG_GDB
-printf("command='%s'\n", line_buf);
-#endif
+
+gdb_debug("command='%s'\n", line_buf);
+
 p = line_buf;
 ch = *p++;
 switch(ch) {
@@ -1518,17 +1529,14 @@ static void gdb_read_byte(GDBState *s, int ch)
 /* Waiting for a response to the last packet.  If we see the start
of a new command then abandon the previous response.  */
 if (ch == '-') {
-#ifdef DEBUG_GDB
-printf("Got NACK, retransmitting\n");
-#endif
+gdb_debug("Got NACK, retransmitting\n");
 put_buffer(s, (uint8_t *)s->last_packet, s->last_packet_len);
+} else if (ch == '+') {
+gdb_debug("Got ACK\n");
+} else {
+gdb_debug("Got '%c' when expecting ACK/NACK\n", ch);
 }
-#ifdef DEBUG_GDB
-else if (ch == '+')
-printf("Got ACK\n");
-else
-printf("Got '%c' when expecting ACK/NACK\n", ch);
-#endif
+
 if (ch == '+' || ch == '$')
 s->last_packet_len = 0;
 if (ch != '$')
@@ -1549,9 +1557,7 @@ static void gdb_read_byte(GDBState *s, int ch)
 s->line_sum = 0;
 s->state = RS_GETLINE;
 } else {
-#ifdef DEBUG_GDB
-printf("gdbstub received garbage between packets: 0x%x\n", ch);
-#endif
+gdb_debug("received garbage between packets: 0x%x\n", ch);
 }
 break;
 case RS_GETLINE:
@@ -1567,9 +1573,7 @@ static void gdb_read_byte(GDBState *s, int ch)
 /* end of command, start of checksum*/
 s->state = RS_CHKSUM1;
 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
-#ifdef DEBUG_GDB
-printf("gdbstub command buffer overrun, dropping command\n");
-#endif
+gdb_debug("command buffer overrun, dropping command\n");
 s->state = RS_IDLE;
 } else {
 /* unescaped command character */
@@ -1583,9 +1587,7 @@ static void gdb_read_byte(GDBState *s, int ch)
 s->state = RS_CHKSUM1;
 } else if (s->line_buf_index >= sizeof(s->line_buf) - 1) {
 /* command buffer overrun */
-#ifdef DEBUG_GDB
-printf("gdbstub command buffer overrun, dropping command\n");
-#endif
+gdb_debug("command buffer overrun, dropping command\n");
 s->state = RS_IDLE;
 } else {
 /* parse escaped character and leave escape state */
@@ -1597,25 +1599,18 @@ static void gdb_read_byte(GDBState *s, int ch)
 case RS_GETLINE_RLE:
 if (ch < ' ') {
 /* invalid RLE count encoding */
-#ifdef DEBUG_GDB
-printf("gdbstub got invalid RLE count: 0x%x\n", ch);
-#endif
+gdb_debug("got invalid RLE count: 0x%x\n", ch);
 s->state = RS_GETLINE;
 } else {
 /* decode repeat length */
 int repeat = (unsigned char)ch - ' ' + 3;
 if (s->line_buf_index + repeat >= sizeof(s->line_buf) - 1) {
 /* that many repeats would overrun the command buffer */
-#ifdef DEBUG_GDB
-printf("gdbstub command buffer overrun,"
-   " dropping command\n");
-#endif
+gdb_debug("command buffer overrun, dropping command\n");
 s->state = RS_IDLE;
 } else if (s->line_buf_index < 1) {
 /* g

Re: [Qemu-devel] [PULL 0/5] Migration pull request

[Peter Maydell]

On 31 May 2017 at 10:15, Juan Quintela  wrote:
> Hi
>
> This are the migration patches ready for inclusion:
> - autoconverge improvements: (felipe franciosi)
> - create savem.h
>
> Please, Apply.
>
> The following changes since commit 0748b3526e8cb78b9cd64208426bfc3d54a72b04:
>
>   Merge remote-tracking branch 'kwolf/tags/for-upstream' into staging 
> (2017-05-30 14:15:15 +0100)
>
> are available in the git repository at:
>
>   git://github.com/juanquintela/qemu.git tags/migration/20170531
>
> for you to fetch changes up to b4a3c64b16856a018869bfd4a9ed3b2a74554541:
>
>   migration: use dirty_rate_high_cnt more aggressively (2017-05-31 09:39:20 
> +0200)
>
> 
> migration/next for 20170531
>
> 
> Felipe Franciosi (4):
>   migration: keep bytes_xfer_prev init'd to zero
>   migration: set dirty_pages_rate before autoconverge logic
>   migration: set bytes_xfer_* outside of autoconverge logic
>   migration: use dirty_rate_high_cnt more aggressively
>
> Juan Quintela (1):
>   migration: Create savevm.h for functions exported from savevm.c

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH] tests: Add unit tests for the VM Generation ID feature

[Michael S. Tsirkin]

On Thu, Jun 01, 2017 at 07:46:24AM -0700, Ben Warren wrote:
> 
> > On Jun 1, 2017, at 7:21 AM, Michael S. Tsirkin  wrote:
> > 
> > On Thu, Jun 01, 2017 at 08:10:27AM +, Marc-André Lureau wrote:
> >> Hi
> >> 
> >> On Mon, May 29, 2017 at 7:18 PM Ben Warren via Qemu-devel <
> >> qemu-devel@nongnu.org> wrote:
> >> 
> >>From: Ben Warren 
> >> 
> >>The following tests are implemented:
> >>* test that a GUID passed in by command line is propagated to the guest.
> >>  Read the GUID from guest memory
> >>* test that the "auto" argument to the GUID generates a valid GUID, as
> >>  seen by the guest.
> >>* test that a GUID passed in can be queried from the monitor
> >> 
> >>  This patch is loosely based on a previous patch from:
> >>  Gal Hammer   and Igor Mammedov 
> >> 
> >> 
> >>Signed-off-by: Ben Warren 
> >>Reviewed-by: Igor Mammedov 
> >>---
> > 
> > What happened to indentation here?
> > 
> I don’t know, this is unchanged from the patch that passed through the 
> gauntlet earlier this year, other than rebasing.  If you can please clarify 
> exactly what you see that is wrong, that’ll be helpful.

That question is directed to Marc-André - when he replied to your patch
he has corrupted the indentation.

> >>+ * in order to implement the "OVMF SDT Header probe
> >>suppressor"
> >>+ * see docs/specs/vmgenid.txt for more details
> >>+ */
> >>+return vgid_table.vgia_val + VMGENID_GUID_OFFSET;
> >>+}
> >> 
> >> 
> >> It leaks tables
> >>  
> >> Other than that:
> >> Reviewed-by: Marc-André Lureau 
> > 
> > Ben, are you going to post a version that doesn't leak?
> Yes, I’ll try to get to it today.
> 
> —Ben

Re: [Qemu-devel] [PATCH v3 10/13] hmp: add hmp analogue for qmp-chardev-change

[Dr. David Alan Gilbert]

* Anton Nefedov (anton.nefe...@virtuozzo.com) wrote:
> Signed-off-by: Anton Nefedov 
> Reviewed-by: Vladimir Sementsov-Ogievskiy 
> CC: Dr. David Alan Gilbert 

Thanks, with Marc-Andre's comments, this looks fine from the HMP point.

If you can find a way to add a test to tests/test-hmp.c  it would be
great.

Dave

> ---
>  chardev/char.c|  2 +-
>  hmp-commands.hx   | 16 
>  hmp.c | 34 ++
>  hmp.h |  1 +
>  include/sysemu/char.h | 12 
>  5 files changed, 64 insertions(+), 1 deletion(-)
> 
> diff --git a/chardev/char.c b/chardev/char.c
> index 2d6e204..1e2a2dd 100644
> --- a/chardev/char.c
> +++ b/chardev/char.c
> @@ -888,7 +888,7 @@ help_string_append(const char *name, void *opaque)
>  g_string_append_printf(str, "\n%s", name);
>  }
>  
> -static ChardevBackend *qemu_chr_parse_opts(QemuOpts *opts, Error **errp)
> +ChardevBackend *qemu_chr_parse_opts(QemuOpts *opts, Error **errp)
>  {
>  Error *local_err = NULL;
>  const ChardevClass *cc;
> diff --git a/hmp-commands.hx b/hmp-commands.hx
> index baeac47..19bfddd 100644
> --- a/hmp-commands.hx
> +++ b/hmp-commands.hx
> @@ -1727,6 +1727,22 @@ chardev_add accepts the same parameters as the 
> -chardev command line switch.
>  ETEXI
>  
>  {
> +.name   = "chardev-change",
> +.args_type  = "id:s,args:s",
> +.params = "id args",
> +.help   = "change chardev",
> +.cmd= hmp_chardev_change,
> +},
> +
> +STEXI
> +@item chardev-change args
> +@findex chardev-change
> +chardev_change accepts existing chardev @var{id} and then the same arguments
> +as the -chardev command line switch (except for "id").
> +
> +ETEXI
> +
> +{
>  .name   = "chardev-remove",
>  .args_type  = "id:s",
>  .params = "id",
> diff --git a/hmp.c b/hmp.c
> index 20f5dab..7660495 100644
> --- a/hmp.c
> +++ b/hmp.c
> @@ -2224,6 +2224,40 @@ void hmp_chardev_add(Monitor *mon, const QDict *qdict)
>  hmp_handle_error(mon, &err);
>  }
>  
> +void hmp_chardev_change(Monitor *mon, const QDict *qdict)
> +{
> +const char *args = qdict_get_str(qdict, "args");
> +const char *id;
> +Error *err = NULL;
> +ChardevBackend *backend = NULL;
> +ChardevReturn *ret = NULL;
> +QemuOpts *opts = qemu_opts_parse_noisily(qemu_find_opts("chardev"), args,
> + true);
> +if (!opts) {
> +error_setg(&err, "Parsing chardev args failed");
> +goto end;
> +}
> +
> +id = qdict_get_str(qdict, "id");
> +if (qemu_opts_id(opts)) {
> +error_setg(&err, "Unexpected 'id' parameter");
> +goto end;
> +}
> +
> +backend = qemu_chr_parse_opts(opts, &err);
> +if (!backend) {
> +goto end;
> +}
> +
> +ret = qmp_chardev_change(id, backend, &err);
> +
> +end:
> +qapi_free_ChardevReturn(ret);
> +qapi_free_ChardevBackend(backend);
> +qemu_opts_del(opts);
> +hmp_handle_error(mon, &err);
> +}
> +
>  void hmp_chardev_remove(Monitor *mon, const QDict *qdict)
>  {
>  Error *local_err = NULL;
> diff --git a/hmp.h b/hmp.h
> index d8b94ce..23e035c 100644
> --- a/hmp.h
> +++ b/hmp.h
> @@ -102,6 +102,7 @@ void hmp_nbd_server_start(Monitor *mon, const QDict 
> *qdict);
>  void hmp_nbd_server_add(Monitor *mon, const QDict *qdict);
>  void hmp_nbd_server_stop(Monitor *mon, const QDict *qdict);
>  void hmp_chardev_add(Monitor *mon, const QDict *qdict);
> +void hmp_chardev_change(Monitor *mon, const QDict *qdict);
>  void hmp_chardev_remove(Monitor *mon, const QDict *qdict);
>  void hmp_qemu_io(Monitor *mon, const QDict *qdict);
>  void hmp_cpu_add(Monitor *mon, const QDict *qdict);
> diff --git a/include/sysemu/char.h b/include/sysemu/char.h
> index 342f531..18fcd26 100644
> --- a/include/sysemu/char.h
> +++ b/include/sysemu/char.h
> @@ -131,6 +131,18 @@ Chardev *qemu_chr_new_from_opts(QemuOpts *opts,
>  void qemu_chr_parse_common(QemuOpts *opts, ChardevCommon *backend);
>  
>  /**
> + * @qemu_chr_parse_opts:
> + *
> + * Parse the options to the ChardevBackend struct.
> + *
> + * @opts
> + *
> + * Returns: a new backend
> + */
> +ChardevBackend *qemu_chr_parse_opts(QemuOpts *opts,
> +Error **errp);
> +
> +/**
>   * @qemu_chr_new:
>   *
>   * Create a new character backend from a URI.
> -- 
> 2.7.4
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH] cpus: reset throttle_thread_scheduled after sleep

[Felipe Franciosi]

> On 1 Jun 2017, at 15:36, Dr. David Alan Gilbert  wrote:
> 
> * Jason J. Herne (jjhe...@linux.vnet.ibm.com) wrote:
>> On 05/19/2017 05:29 PM, Felipe Franciosi wrote:
>>> Currently, the throttle_thread_scheduled flag is reset back to 0 before
>>> sleeping (as part of the throttling logic). Given that throttle_timer
>>> (well, any timer) may tick with a slight delay, it so happens that under
>>> heavy throttling (ie. close or on CPU_THROTTLE_PCT_MAX) the tick may
>>> schedule a further cpu_throttle_thread() work item after the flag reset,
>>> but before the previous sleep completed. This results on the vCPU thread
>>> sleeping continuously for potentially several seconds in a row.
>>> 
>>> The chances of that happening can be drastically minimised by resetting
>>> the flag after the sleep.
>>> 
>>> Signed-off-by: Felipe Franciosi 
>>> Signed-off-by: Malcolm Crossley 
>>> ---
>>> cpus.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>> 
>>> diff --git a/cpus.c b/cpus.c
>>> index 516e5cb..f42eebd 100644
>>> --- a/cpus.c
>>> +++ b/cpus.c
>>> @@ -677,9 +677,9 @@ static void cpu_throttle_thread(CPUState *cpu, 
>>> run_on_cpu_data opaque)
>>> sleeptime_ns = (long)(throttle_ratio * CPU_THROTTLE_TIMESLICE_NS);
>>> 
>>> qemu_mutex_unlock_iothread();
>>> -atomic_set(&cpu->throttle_thread_scheduled, 0);
>>> g_usleep(sleeptime_ns / 1000); /* Convert ns to us for usleep call */
>>> qemu_mutex_lock_iothread();
>>> +atomic_set(&cpu->throttle_thread_scheduled, 0);
>>> }
>>> 
>>> static void cpu_throttle_timer_tick(void *opaque)
>>> 
>> 
>> This seems to make sense to me.
>> 
>> Acked-by: Jason J. Herne 
>> 
>> I'm CC'ing Juan, Amit and David as they are all active in the migration area
>> and may have
>> opinions on this. Juan and David were also reviewers for the original
>> series.
> 
> The description is interesting and sounds reasonable; it'll be
> interesting to see what difference it makes to the autoconverge
> behaviour for those workloads that need this level of throttle.

To get some hard data, we wrote a little application that:
1) spawns multiple threads (one per vCPU)
2) each thread mmap()s+mlock()s a certain workset (eg. 30GB/#threads for a 32GB 
VM)
3) each thread writes a word to the beginning of every page in a tight loop
4) the parent thread periodically reports the number of dirtied pages

Even on a dedicated 10G link, that is pretty much guaranteed to require 99% 
throttle to converge.

Before the patch, Qemu migrates the VM (depicted above) fairly quickly (~40s) 
after reaching 99% throttle. The application reported a few seconds at a time 
with lockups which we initially thought was just that thread not running 
between Qemu-induced vCPU sleeps (and later attributed it to the reported bug).

Then we used a 1G link. This time, the migration had to run for a lot longer 
even at 99%. That made the bug more likely to happen and we observed soft 
lockups (reported by the guest's kernel on the console) of 70+ seconds.

Using the patch, and back on a 10G link, the migration completes after a few 
more iterations than before (took just under 2mins after reaching 99%). If you 
want further validation of the bug, instrumenting 
cpus-common.c:process_queued_cpu_work() could be done to show that 
cpu_throttle_thread() is running back-to-back under these cases.

In summary we believe this patch is immediately required to prevent the 
lockups. A more elaborate throttling solution should be considered as future 
work. Perhaps a per-vCPU timer which throttles more precisely or a new 
convergence design altogether.

Thanks,
Felipe

> 
> Dave
> 
>> -- 
>> -- Jason J. Herne (jjhe...@linux.vnet.ibm.com)
>> 
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH] cpus: reset throttle_thread_scheduled after sleep

[Dr. David Alan Gilbert]

* Felipe Franciosi (fel...@nutanix.com) wrote:
> 
> > On 1 Jun 2017, at 15:36, Dr. David Alan Gilbert  wrote:
> > 
> > * Jason J. Herne (jjhe...@linux.vnet.ibm.com) wrote:
> >> On 05/19/2017 05:29 PM, Felipe Franciosi wrote:
> >>> Currently, the throttle_thread_scheduled flag is reset back to 0 before
> >>> sleeping (as part of the throttling logic). Given that throttle_timer
> >>> (well, any timer) may tick with a slight delay, it so happens that under
> >>> heavy throttling (ie. close or on CPU_THROTTLE_PCT_MAX) the tick may
> >>> schedule a further cpu_throttle_thread() work item after the flag reset,
> >>> but before the previous sleep completed. This results on the vCPU thread
> >>> sleeping continuously for potentially several seconds in a row.
> >>> 
> >>> The chances of that happening can be drastically minimised by resetting
> >>> the flag after the sleep.
> >>> 
> >>> Signed-off-by: Felipe Franciosi 
> >>> Signed-off-by: Malcolm Crossley 
> >>> ---
> >>> cpus.c | 2 +-
> >>> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>> 
> >>> diff --git a/cpus.c b/cpus.c
> >>> index 516e5cb..f42eebd 100644
> >>> --- a/cpus.c
> >>> +++ b/cpus.c
> >>> @@ -677,9 +677,9 @@ static void cpu_throttle_thread(CPUState *cpu, 
> >>> run_on_cpu_data opaque)
> >>> sleeptime_ns = (long)(throttle_ratio * CPU_THROTTLE_TIMESLICE_NS);
> >>> 
> >>> qemu_mutex_unlock_iothread();
> >>> -atomic_set(&cpu->throttle_thread_scheduled, 0);
> >>> g_usleep(sleeptime_ns / 1000); /* Convert ns to us for usleep call */
> >>> qemu_mutex_lock_iothread();
> >>> +atomic_set(&cpu->throttle_thread_scheduled, 0);
> >>> }
> >>> 
> >>> static void cpu_throttle_timer_tick(void *opaque)
> >>> 
> >> 
> >> This seems to make sense to me.
> >> 
> >> Acked-by: Jason J. Herne 
> >> 
> >> I'm CC'ing Juan, Amit and David as they are all active in the migration 
> >> area
> >> and may have
> >> opinions on this. Juan and David were also reviewers for the original
> >> series.
> > 
> > The description is interesting and sounds reasonable; it'll be
> > interesting to see what difference it makes to the autoconverge
> > behaviour for those workloads that need this level of throttle.
> 
> To get some hard data, we wrote a little application that:
> 1) spawns multiple threads (one per vCPU)
> 2) each thread mmap()s+mlock()s a certain workset (eg. 30GB/#threads for a 
> 32GB VM)
> 3) each thread writes a word to the beginning of every page in a tight loop
> 4) the parent thread periodically reports the number of dirtied pages
> 
> Even on a dedicated 10G link, that is pretty much guaranteed to require 99% 
> throttle to converge.
> 
> Before the patch, Qemu migrates the VM (depicted above) fairly quickly (~40s) 
> after reaching 99% throttle. The application reported a few seconds at a time 
> with lockups which we initially thought was just that thread not running 
> between Qemu-induced vCPU sleeps (and later attributed it to the reported 
> bug).
> 
> Then we used a 1G link. This time, the migration had to run for a lot longer 
> even at 99%. That made the bug more likely to happen and we observed soft 
> lockups (reported by the guest's kernel on the console) of 70+ seconds.
> 
> Using the patch, and back on a 10G link, the migration completes after a few 
> more iterations than before (took just under 2mins after reaching 99%). If 
> you want further validation of the bug, instrumenting 
> cpus-common.c:process_queued_cpu_work() could be done to show that 
> cpu_throttle_thread() is running back-to-back under these cases.

OK, that's reasonable.

> In summary we believe this patch is immediately required to prevent the 
> lockups.

Yes, agreed.

> A more elaborate throttling solution should be considered as future work. 
> Perhaps a per-vCPU timer which throttles more precisely or a new convergence 
> design altogether.

Dave

> 
> Thanks,
> Felipe
> 
> > 
> > Dave
> > 
> >> -- 
> >> -- Jason J. Herne (jjhe...@linux.vnet.ibm.com)
> >> 
> > --
> > Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PULL 00/33] Misc patches for 2017-06-01

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1496320911-51305-1-git-send-email-pbonz...@redhat.com
Subject: [Qemu-devel] [PULL 00/33] Misc patches for 2017-06-01

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20170601144915.20778-1-alex.ben...@linaro.org -> 
patchew/20170601144915.20778-1-alex.ben...@linaro.org
Switched to a new branch 'test'
1ebbf04 kvm: don't register smram_listener when smm is off
f4b3f7c nbd: make it thread-safe, fix qcow2 over nbd
d4a18e8 hw/core: nmi.c can be compiled as common-obj nowadays
c06c4af target/i386: Add GDB XML description for SSE registers
4344a48 i386/kvm: do not zero out segment flags if segment is unusable or not 
present
e86883d edu: fix memory leak on msi_broken platforms
be6d7fd linuxboot_dma: compile for i486
14947d1 kvmclock: update system_time_msr address forcibly
5001e27 qtest: add rtc periodic timer test
97bb2fa nbd: Fully initialize client in case of failed negotiation
5d9ae3d exec: fix address_space_get_iotlb_entry page mask
f778d29 sockets: improve error reporting if UNIX socket path is too long
d7a4856 i386: fix read/write cr with icount option
188dc83 target/i386: use multiple CPU AddressSpaces
8efdf10 target/i386: enable A20 automatically in system management mode
cc48f9a vhost-user-scsi: Introduce a vhost-user-scsi sample application
f2e2614 vhost-user-scsi: Introduce vhost-user-scsi host device
8b2ecdf virtio-scsi: Unset hotplug handler when unrealize
7d172d8 exec: simplify phys_page_find() params
cc24c0d nbd/client.c: use errp instead of LOG
8581947 nbd: add errp to read_sync, write_sync and drop_sync
049fa7e nbd: add errp parameter to nbd_wr_syncv()
6715ff30 nbd: read_sync and friends: return 0 on success
7ebb76e nbd: strict nbd_wr_syncv
3e8b635 Check the return value of fcntl in qemu_set_cloexec
cb9ada7 kvm: irqchip: skip update msi when disabled
302dc31 msix: trace control bit write op
fb29a24 kvm: irqchip: trace changes on msi add/remove
e6cd374 mc146818rtc: embrace all x86 specific code
88f77c2 mc146818rtc: drop unnecessary '#ifdef TARGET_I386'
546abbc mc146818rtc: ensure LOST_TICK_POLICY_SLEW is only enabled on TARGET_I386
1b2152e mc146818rtc: precisely count the clock for periodic timer
472d959 mc146818rtc: update periodic timer only if it is needed

=== OUTPUT BEGIN ===
Checking PATCH 1/33: mc146818rtc: update periodic timer only if it is needed...
Checking PATCH 2/33: mc146818rtc: precisely count the clock for periodic 
timer...
ERROR: braces {} are necessary for all arms of this statement
#129: FILE: hw/timer/mc146818rtc.c:216:
+if (s->lost_tick_policy == LOST_TICK_POLICY_SLEW) {
[...]
+} else
[...]

total: 1 errors, 0 warnings, 181 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 3/33: mc146818rtc: ensure LOST_TICK_POLICY_SLEW is only enabled 
on TARGET_I386...
Checking PATCH 4/33: mc146818rtc: drop unnecessary '#ifdef TARGET_I386'...
Checking PATCH 5/33: mc146818rtc: embrace all x86 specific code...
Checking PATCH 6/33: kvm: irqchip: trace changes on msi add/remove...
Checking PATCH 7/33: msix: trace control bit write op...
Checking PATCH 8/33: kvm: irqchip: skip update msi when disabled...
Checking PATCH 9/33: Check the return value of fcntl in qemu_set_cloexec...
Checking PATCH 10/33: nbd: strict nbd_wr_syncv...
Checking PATCH 11/33: nbd: read_sync and friends: return 0 on success...
Checking PATCH 12/33: nbd: add errp parameter to nbd_wr_syncv()...
Checking PATCH 13/33: nbd: add errp to read_sync, write_sync and drop_sync...
Checking PATCH 14/33: nbd/client.c: use errp instead of LOG...
ERROR: code indent should never use tabs
#126: FILE: nbd/client.c:729:
+^I Error **errp)$

total: 1 errors, 0 warnings, 158 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 15/33: exec: simplify phys_page_find() params...
Checking PATCH 16/33: virtio-scsi: Unset hotplug handler when unrealize...
Checking PATCH 17/33: vhost-user-scsi: Introduce vhost-user-scsi host device...
Checking PATCH 18/33: vhost-user-scsi: Introduce a vhost-user-scsi sample 
application...
Checking PATCH 19/33: target/i386: enable A20 automatically in 

Re: [Qemu-devel] [PATCH 3/4] spapr: Abolish DRC set_configured method

[Laurent Vivier]

On 01/06/2017 03:52, David Gibson wrote:
> DRConnectorClass has a set_configured method, however:
>   * There is only one implementation, and only ever likely to be one
>   * There's exactly one caller, and that's (now) local
>   * The implementation is very straightforward
> 
> So abolish the method entirely, and just open-code what we need.  We also
> remove the tracepoints associated with it, since they don't look to be
> terribly useful.
> 
> Signed-off-by: David Gibson 

Reviewed-by: Laurent Vivier 

> ---
>  hw/ppc/spapr_drc.c | 20 
>  hw/ppc/trace-events|  2 --
>  include/hw/ppc/spapr_drc.h |  3 ---
>  3 files changed, 4 insertions(+), 21 deletions(-)
> 
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index f5b7b68..025453b 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -199,18 +199,6 @@ static const char *get_name(sPAPRDRConnector *drc)
>  return drc->name;
>  }
>  
> -static void set_configured(sPAPRDRConnector *drc)
> -{
> -trace_spapr_drc_set_configured(get_index(drc));
> -
> -if (drc->isolation_state != SPAPR_DR_ISOLATION_STATE_UNISOLATED) {
> -/* guest should be not configuring an isolated device */
> -trace_spapr_drc_set_configured_skipping(get_index(drc));
> -return;
> -}
> -drc->configured = true;
> -}
> -
>  /* has the guest been notified of device attachment? */
>  static void set_signalled(sPAPRDRConnector *drc)
>  {
> @@ -745,7 +733,6 @@ static void spapr_dr_connector_class_init(ObjectClass *k, 
> void *data)
>  drck->get_index = get_index;
>  drck->get_type = get_type;
>  drck->get_name = get_name;
> -drck->set_configured = set_configured;
>  drck->entity_sense = entity_sense;
>  drck->attach = attach;
>  drck->detach = detach;
> @@ -1113,7 +1100,6 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  uint64_t wa_offset;
>  uint32_t drc_index;
>  sPAPRDRConnector *drc;
> -sPAPRDRConnectorClass *drck;
>  sPAPRConfigureConnectorState *ccs;
>  sPAPRDRCCResponse resp = SPAPR_DR_CC_RESPONSE_CONTINUE;
>  int rc;
> @@ -1133,7 +1119,6 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  goto out;
>  }
>  
> -drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
>  if (!drc->fdt) {
>  trace_spapr_rtas_ibm_configure_connector_missing_fdt(drc_index);
>  rc = SPAPR_DR_CC_RESPONSE_NOT_CONFIGURABLE;
> @@ -1170,10 +1155,13 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  case FDT_END_NODE:
>  ccs->fdt_depth--;
>  if (ccs->fdt_depth == 0) {
> +sPAPRDRIsolationState state = drc->isolation_state;
>  /* done sending the device tree, don't need to track
>   * the state anymore
>   */
> -drck->set_configured(drc);
> +if (state == SPAPR_DR_ISOLATION_STATE_UNISOLATED) {
> +drc->configured = true;
> +}
>  spapr_ccs_remove(spapr, ccs);
>  ccs = NULL;
>  resp = SPAPR_DR_CC_RESPONSE_SUCCESS;
> diff --git a/hw/ppc/trace-events b/hw/ppc/trace-events
> index 43d265f..96ffc02 100644
> --- a/hw/ppc/trace-events
> +++ b/hw/ppc/trace-events
> @@ -42,8 +42,6 @@ spapr_drc_set_isolation_state_deferring(uint32_t index) 
> "drc: 0x%"PRIx32
>  spapr_drc_set_indicator_state(uint32_t index, int state) "drc: 0x%"PRIx32", 
> state: 0x%x"
>  spapr_drc_set_allocation_state(uint32_t index, int state) "drc: 0x%"PRIx32", 
> state: 0x%x"
>  spapr_drc_set_allocation_state_finalizing(uint32_t index) "drc: 0x%"PRIx32
> -spapr_drc_set_configured(uint32_t index) "drc: 0x%"PRIx32
> -spapr_drc_set_configured_skipping(uint32_t index) "drc: 0x%"PRIx32", 
> isolated device"
>  spapr_drc_entity_sense(uint32_t index, int state) "drc: 0x%"PRIx32", state: 
> 0x%x"
>  spapr_drc_attach(uint32_t index) "drc: 0x%"PRIx32
>  spapr_drc_detach(uint32_t index) "drc: 0x%"PRIx32
> diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
> index 80db955..90f4953 100644
> --- a/include/hw/ppc/spapr_drc.h
> +++ b/include/hw/ppc/spapr_drc.h
> @@ -177,9 +177,6 @@ typedef struct sPAPRDRConnectorClass {
>  
>  uint32_t (*entity_sense)(sPAPRDRConnector *drc, sPAPRDREntitySense 
> *state);
>  
> -/* QEMU interfaces for managing FDT/configure-connector */
> -void (*set_configured)(sPAPRDRConnector *drc);
> -
>  /* QEMU interfaces for managing hotplug operations */
>  void (*attach)(sPAPRDRConnector *drc, DeviceState *d, void *fdt,
> int fdt_start_offset, bool coldplug, Error **errp);
> 

Re: [Qemu-devel] [PATCH v2 2/4] gdbstub: rename cpu_index -> cpu_gdb_index

[Greg Kurz]

On Thu,  1 Jun 2017 15:49:13 +0100
Alex Bennée  wrote:

> This is to make it clear the index is purely a gdbstub function and
> should not be confused with the value of cpu->cpu_index.
> 
> Signed-off-by: Alex Bennée 
> ---

Reviewed-by: Greg Kurz 

>  gdbstub.c  | 12 ++--
>  include/exec/gdbstub.h |  7 ++-
>  2 files changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/gdbstub.c b/gdbstub.c
> index a249846954..026d1fe6bb 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -837,7 +837,7 @@ static CPUState *find_cpu(uint32_t thread_id)
>  CPUState *cpu;
>  
>  CPU_FOREACH(cpu) {
> -if (cpu_index(cpu) == thread_id) {
> +if (cpu_gdb_index(cpu) == thread_id) {
>  return cpu;
>  }
>  }
> @@ -925,7 +925,7 @@ static int gdb_handle_vcont(GDBState *s, const char *p)
>  idx = tmp;
>  /* 0 means any thread, so we pick the first valid CPU */
>  if (!idx) {
> -idx = cpu_index(first_cpu);
> +idx = cpu_gdb_index(first_cpu);
>  }
>  
>  /*
> @@ -975,7 +975,7 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  case '?':
>  /* TODO: Make this return the correct value for user-mode.  */
>  snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
> - cpu_index(s->c_cpu));
> + cpu_gdb_index(s->c_cpu));
>  put_packet(s, buf);
>  /* Remove all the breakpoints when this query is issued,
>   * because gdb is doing and initial connect and the state
> @@ -1243,7 +1243,7 @@ static int gdb_handle_packet(GDBState *s, const char 
> *line_buf)
>  } else if (strcmp(p,"sThreadInfo") == 0) {
>  report_cpuinfo:
>  if (s->query_cpu) {
> -snprintf(buf, sizeof(buf), "m%x", cpu_index(s->query_cpu));
> +snprintf(buf, sizeof(buf), "m%x", 
> cpu_gdb_index(s->query_cpu));
>  put_packet(s, buf);
>  s->query_cpu = CPU_NEXT(s->query_cpu);
>  } else
> @@ -1400,7 +1400,7 @@ static void gdb_vm_state_change(void *opaque, int 
> running, RunState state)
>  }
>  snprintf(buf, sizeof(buf),
>   "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
> - GDB_SIGNAL_TRAP, cpu_index(cpu), type,
> + GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
>   (target_ulong)cpu->watchpoint_hit->vaddr);
>  cpu->watchpoint_hit = NULL;
>  goto send_packet;
> @@ -1434,7 +1434,7 @@ static void gdb_vm_state_change(void *opaque, int 
> running, RunState state)
>  break;
>  }
>  gdb_set_stop_cpu(cpu);
> -snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_index(cpu));
> +snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret, cpu_gdb_index(cpu));
>  
>  send_packet:
>  put_packet(s, buf);
> diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
> index f9708bbcd6..c4fe567600 100644
> --- a/include/exec/gdbstub.h
> +++ b/include/exec/gdbstub.h
> @@ -58,7 +58,12 @@ void gdb_register_coprocessor(CPUState *cpu,
>gdb_reg_cb get_reg, gdb_reg_cb set_reg,
>int num_regs, const char *xml, int g_pos);
>  
> -static inline int cpu_index(CPUState *cpu)
> +/* Return the GDB index for a given vCPU state.
> + *
> + * For user mode this is simply the thread id. In system mode GDB
> + * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
> + */
> +static inline int cpu_gdb_index(CPUState *cpu)
>  {
>  #if defined(CONFIG_USER_ONLY)
>  return cpu->host_tid;



pgpJsALHrSl8q.pgp
Description: OpenPGP digital signature

[Qemu-devel] [PATCH v2 04/15] qcow2: alloc space for COW in one chunk

[Anton Nefedov]

From: "Denis V. Lunev" 

Currently each single write operation can result in 3 write operations
if guest offsets are not cluster aligned. One write is performed for the
real payload and two for COW-ed areas. Thus the data possibly lays
non-contiguously on the host filesystem. This will reduce further
sequential read performance significantly.

The patch allocates the space in the file with cluster granularity,
ensuring
  1. better host offset locality
  2. less space allocation operations
 (which can be expensive on distributed storage)

Signed-off-by: Denis V. Lunev 
Signed-off-by: Anton Nefedov 
---
 block/qcow2.c | 24 +++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index b3ba5da..cd5efba 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1575,6 +1575,24 @@ fail:
 return ret;
 }
 
+static void handle_alloc_space(BlockDriverState *bs, QCowL2Meta *l2meta)
+{
+BDRVQcow2State *s = bs->opaque;
+QCowL2Meta *m;
+
+for (m = l2meta; m != NULL; m = m->next) {
+uint64_t bytes = m->nb_clusters << s->cluster_bits;
+
+if (m->cow_start.nb_bytes == 0 && m->cow_end.nb_bytes == 0) {
+continue;
+}
+
+/* try to alloc host space in one chunk for better locality */
+bdrv_co_pwrite_zeroes(bs->file, m->alloc_offset, bytes,
+  BDRV_REQ_ALLOCATE);
+}
+}
+
 static coroutine_fn int qcow2_co_pwritev(BlockDriverState *bs, uint64_t offset,
  uint64_t bytes, QEMUIOVector *qiov,
  int flags)
@@ -1656,8 +1674,12 @@ static coroutine_fn int 
qcow2_co_pwritev(BlockDriverState *bs, uint64_t offset,
 if (ret < 0) {
 goto fail;
 }
-
 qemu_co_mutex_unlock(&s->lock);
+
+if (bs->file->bs->supported_zero_flags & BDRV_REQ_ALLOCATE) {
+handle_alloc_space(bs, l2meta);
+}
+
 BLKDBG_EVENT(bs->file, BLKDBG_WRITE_AIO);
 trace_qcow2_writev_data(qemu_coroutine_self(),
 cluster_offset + offset_in_cluster);
-- 
2.7.4

[Qemu-devel] [PATCH v2 10/15] qcow2: handle_prealloc(): find out if area zeroed by earlier preallocation

[Anton Nefedov]

Signed-off-by: Anton Nefedov 
Signed-off-by: Denis V. Lunev 
---
 block/qcow2-cluster.c | 2 ++
 block/qcow2.c | 8 +++-
 block/qcow2.h | 4 
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index c39e825..ed65961 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -1143,6 +1143,7 @@ static int handle_alloc(BlockDriverState *bs, uint64_t 
guest_offset,
 uint64_t *host_offset, uint64_t *bytes, QCowL2Meta **m)
 {
 BDRVQcow2State *s = bs->opaque;
+const uint64_t old_data_end = s->data_end;
 int l2_index;
 uint64_t *l2_table;
 uint64_t entry;
@@ -1264,6 +1265,7 @@ static int handle_alloc(BlockDriverState *bs, uint64_t 
guest_offset,
 .alloc_offset   = alloc_cluster_offset,
 .offset = start_of_cluster(s, guest_offset),
 .nb_clusters= nb_clusters,
+.clusters_are_trailing = alloc_cluster_offset >= old_data_end,
 
 .keep_old_clusters  = keep_old_clusters,
 
diff --git a/block/qcow2.c b/block/qcow2.c
index 809102a..92d0af6 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1686,7 +1686,13 @@ restart:
 
 if (end <= bdrv_getlength(file)) {
 /* No need to care, file size will not be changed */
-return false;
+
+/* We're safe to assume that the area is zeroes if the area
+ * was allocated at the end of data (s->data_end).
+ * In this case, the only way for file length to be bigger is that
+ * the area was preallocated by another request.
+ */
+return m->clusters_are_trailing;
 }
 
 meta = g_alloca(sizeof(*meta));
diff --git a/block/qcow2.h b/block/qcow2.h
index e28c54a..2fd8510 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -333,6 +333,10 @@ typedef struct QCowL2Meta
 /** Do not free the old clusters */
 bool keep_old_clusters;
 
+/** True if the area is allocated after the end of data area
+ *  (i.e. >= s->data_end), which means that it is zeroed */
+bool clusters_are_trailing;
+
 /**
  * Requests that overlap with this allocation and wait to be restarted
  * when the allocating request has completed.
-- 
2.7.4

[Qemu-devel] [PATCH v2 01/15] block: introduce BDRV_REQ_ALLOCATE flag

[Anton Nefedov]

The flag is supposed to indicate that the region of the disk image has
to be sufficiently allocated so it reads as zeroes. The call with the flag
set has to return -ENOTSUP if allocation cannot be done efficiently
(i.e. without falling back to writing actual buffers)

Signed-off-by: Anton Nefedov 
---
 block/io.c| 19 ---
 block/trace-events|  1 +
 include/block/block.h |  6 +-
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/block/io.c b/block/io.c
index ed31810..d47efa9 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1272,7 +1272,7 @@ static int coroutine_fn 
bdrv_co_do_pwrite_zeroes(BlockDriverState *bs,
 assert(!bs->supported_zero_flags);
 }
 
-if (ret == -ENOTSUP) {
+if (ret == -ENOTSUP && !(flags & BDRV_REQ_ALLOCATE)) {
 /* Fall back to bounce buffer if write zeroes is unsupported */
 BdrvRequestFlags write_flags = flags & ~BDRV_REQ_ZERO_WRITE;
 
@@ -1355,8 +1355,8 @@ static int coroutine_fn bdrv_aligned_pwritev(BdrvChild 
*child,
 ret = notifier_with_return_list_notify(&bs->before_write_notifiers, req);
 
 if (!ret && bs->detect_zeroes != BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF &&
-!(flags & BDRV_REQ_ZERO_WRITE) && drv->bdrv_co_pwrite_zeroes &&
-qemu_iovec_is_zero(qiov)) {
+!(flags & BDRV_REQ_ZERO_WRITE) && !(flags & BDRV_REQ_ALLOCATE) &&
+drv->bdrv_co_pwrite_zeroes && qemu_iovec_is_zero(qiov)) {
 flags |= BDRV_REQ_ZERO_WRITE;
 if (bs->detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP) {
 flags |= BDRV_REQ_MAY_UNMAP;
@@ -1436,6 +1436,9 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BdrvChild 
*child,
 
 assert(flags & BDRV_REQ_ZERO_WRITE);
 if (head_padding_bytes || tail_padding_bytes) {
+if (flags & BDRV_REQ_ALLOCATE) {
+return -ENOTSUP;
+}
 buf = qemu_blockalign(bs, align);
 iov = (struct iovec) {
 .iov_base   = buf,
@@ -1534,6 +1537,11 @@ int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
 return ret;
 }
 
+if (qiov && flags & BDRV_REQ_ALLOCATE) {
+/* allocation request with qiov provided doesn't make much sense */
+return -ENOTSUP;
+}
+
 bdrv_inc_in_flight(bs);
 /*
  * Align write if necessary by performing a read-modify-write cycle.
@@ -1665,6 +1673,11 @@ int coroutine_fn bdrv_co_pwrite_zeroes(BdrvChild *child, 
int64_t offset,
 {
 trace_bdrv_co_pwrite_zeroes(child->bs, offset, count, flags);
 
+if (flags & BDRV_REQ_MAY_UNMAP && flags & BDRV_REQ_ALLOCATE) {
+/* nonsense */
+return -ENOTSUP;
+}
+
 if (!(child->bs->open_flags & BDRV_O_UNMAP)) {
 flags &= ~BDRV_REQ_MAY_UNMAP;
 }
diff --git a/block/trace-events b/block/trace-events
index 9a71c7f..a15c2cc 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -15,6 +15,7 @@ bdrv_aio_writev(void *bs, int64_t sector_num, int nb_sectors, 
void *opaque) "bs
 bdrv_co_readv(void *bs, int64_t sector_num, int nb_sector) "bs %p sector_num 
%"PRId64" nb_sectors %d"
 bdrv_co_writev(void *bs, int64_t sector_num, int nb_sector) "bs %p sector_num 
%"PRId64" nb_sectors %d"
 bdrv_co_pwrite_zeroes(void *bs, int64_t offset, int count, int flags) "bs %p 
offset %"PRId64" count %d flags %#x"
+bdrv_co_allocate(void *bs, int64_t offset, int count) "bs %p offset %"PRId64" 
count %d"
 bdrv_co_do_copy_on_readv(void *bs, int64_t offset, unsigned int bytes, int64_t 
cluster_offset, unsigned int cluster_bytes) "bs %p offset %"PRId64" bytes %u 
cluster_offset %"PRId64" cluster_bytes %u"
 
 # block/stream.c
diff --git a/include/block/block.h b/include/block/block.h
index 9b355e9..53a357c 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -65,9 +65,13 @@ typedef enum {
 BDRV_REQ_NO_SERIALISING = 0x8,
 BDRV_REQ_FUA= 0x10,
 BDRV_REQ_WRITE_COMPRESSED   = 0x20,
+/* BDRV_REQ_ALLOCATE is used to indicate that the driver is to
+ * efficiently allocate the space so it reads as zeroes or return an error
+ */
+BDRV_REQ_ALLOCATE   = 0x40,
 
 /* Mask of valid flags */
-BDRV_REQ_MASK   = 0x3f,
+BDRV_REQ_MASK   = 0x7f,
 } BdrvRequestFlags;
 
 typedef struct BlockSizes {
-- 
2.7.4

[Qemu-devel] [PATCH v2 02/15] file-posix: support BDRV_REQ_ALLOCATE

[Anton Nefedov]

Current write_zeroes implementation is good enough to satisfy this flag too

Signed-off-by: Anton Nefedov 
---
 block/file-posix.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/block/file-posix.c b/block/file-posix.c
index de2d3a2..117bbee 100644
--- a/block/file-posix.c
+++ b/block/file-posix.c
@@ -527,7 +527,6 @@ static int raw_open_common(BlockDriverState *bs, QDict 
*options,
 
 s->has_discard = true;
 s->has_write_zeroes = true;
-bs->supported_zero_flags = BDRV_REQ_MAY_UNMAP;
 if ((bs->open_flags & BDRV_O_NOCACHE) != 0) {
 s->needs_alignment = true;
 }
@@ -577,6 +576,11 @@ static int raw_open_common(BlockDriverState *bs, QDict 
*options,
 }
 #endif
 
+bs->supported_zero_flags = BDRV_REQ_MAY_UNMAP;
+if (s->has_write_zeroes || s->has_fallocate) {
+bs->supported_zero_flags |= BDRV_REQ_ALLOCATE;
+}
+
 ret = 0;
 fail:
 if (filename && (bdrv_flags & BDRV_O_TEMPORARY)) {
@@ -1390,6 +1394,9 @@ static ssize_t handle_aiocb_write_zeroes(RawPosixAIOData 
*aiocb)
 }
 #endif
 
+if (!s->has_fallocate) {
+aiocb->bs->supported_zero_flags &= ~BDRV_REQ_ALLOCATE;
+}
 return -ENOTSUP;
 }
 
-- 
2.7.4

[Qemu-devel] [PATCH v2 03/15] blkdebug: support BDRV_REQ_ALLOCATE

[Anton Nefedov]

Support the flag if the underlying BDS supports it

Signed-off-by: Anton Nefedov 
---
 block/blkdebug.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/block/blkdebug.c b/block/blkdebug.c
index a5196e8..8b1401b 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -415,7 +415,8 @@ static int blkdebug_open(BlockDriverState *bs, QDict 
*options, int flags,
 
 bs->supported_write_flags = BDRV_REQ_FUA &
 bs->file->bs->supported_write_flags;
-bs->supported_zero_flags = (BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP) &
+bs->supported_zero_flags =
+(BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP | BDRV_REQ_ALLOCATE) &
 bs->file->bs->supported_zero_flags;
 ret = -EINVAL;
 
-- 
2.7.4

[Qemu-devel] [PATCH v2 09/15] qcow2: check space leak at the end of the image

[Anton Nefedov]

From: Pavel Butsykin 

Preallocating memory in the image may remain unused after the fall, for
the qcow2_check adds the ability to identify and fix it, so as not to
store extra memory on the host.

Signed-off-by: Pavel Butsykin 
Signed-off-by: Denis V. Lunev 
Signed-off-by: Anton Nefedov 
---
 block/qcow2.c  |  31 +++
 tests/qemu-iotests/026.out | 104 -
 tests/qemu-iotests/026.out.nocache | 104 -
 tests/qemu-iotests/029.out |   5 +-
 tests/qemu-iotests/060.out |  10 +++-
 tests/qemu-iotests/061.out |   5 +-
 tests/qemu-iotests/066.out |   5 +-
 tests/qemu-iotests/098.out |   7 ++-
 tests/qemu-iotests/108.out |   5 +-
 tests/qemu-iotests/112.out |   5 +-
 10 files changed, 225 insertions(+), 56 deletions(-)

diff --git a/block/qcow2.c b/block/qcow2.c
index 33e5455..809102a 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -322,6 +322,32 @@ int qcow2_mark_consistent(BlockDriverState *bs)
 return 0;
 }
 
+static int qcow2_check_extra_preallocation(BlockDriverState *bs,
+BdrvCheckResult *res, BdrvCheckMode fix)
+{
+BDRVQcow2State *s = bs->opaque;
+uint64_t img_size = bdrv_getlength(bs->file->bs);
+
+if (res->image_end_offset < img_size) {
+uint64_t count =
+DIV_ROUND_UP(img_size - res->image_end_offset, s->cluster_size);
+fprintf(stderr, "%s space leaked at the end of the image %jd\n",
+fix & BDRV_FIX_LEAKS ? "Repairing" : "ERROR",
+img_size - res->image_end_offset);
+res->leaks += count;
+if (fix & BDRV_FIX_LEAKS) {
+int ret = bdrv_truncate(bs->file, res->image_end_offset, NULL);
+if (ret < 0) {
+res->check_errors++;
+return ret;
+}
+res->leaks_fixed += count;
+}
+}
+
+return 0;
+}
+
 static int qcow2_check(BlockDriverState *bs, BdrvCheckResult *result,
BdrvCheckMode fix)
 {
@@ -330,6 +356,11 @@ static int qcow2_check(BlockDriverState *bs, 
BdrvCheckResult *result,
 return ret;
 }
 
+ret = qcow2_check_extra_preallocation(bs, result, fix);
+if (ret < 0) {
+return ret;
+}
+
 if (fix && result->check_errors == 0 && result->corruptions == 0) {
 ret = qcow2_mark_clean(bs);
 if (ret < 0) {
diff --git a/tests/qemu-iotests/026.out b/tests/qemu-iotests/026.out
index 86a50a2..e8cf348 100644
--- a/tests/qemu-iotests/026.out
+++ b/tests/qemu-iotests/026.out
@@ -5,7 +5,10 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: l1_update; errno: 5; imm: off; once: on; write
 write failed: Input/output error
-No errors were found on the image.
+ERROR space leaked at the end of the image 1024
+
+1 leaked clusters were found on the image.
+This means waste of disk space, but no harm to data.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: l1_update; errno: 5; imm: off; once: on; write -b
@@ -33,7 +36,10 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: l1_update; errno: 28; imm: off; once: on; write
 write failed: No space left on device
-No errors were found on the image.
+ERROR space leaked at the end of the image 1024
+
+1 leaked clusters were found on the image.
+This means waste of disk space, but no harm to data.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: l1_update; errno: 28; imm: off; once: on; write -b
@@ -181,7 +187,10 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: l2_alloc_write; errno: 5; imm: off; once: on; write
 write failed: Input/output error
-No errors were found on the image.
+ERROR space leaked at the end of the image 1024
+
+1 leaked clusters were found on the image.
+This means waste of disk space, but no harm to data.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: l2_alloc_write; errno: 5; imm: off; once: on; write -b
@@ -207,7 +216,10 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: l2_alloc_write; errno: 28; imm: off; once: on; write
 write failed: No space left on device
-No errors were found on the image.
+ERROR space leaked at the end of the image 1024
+
+1 leaked clusters were found on the image.
+This means waste of disk space, but no harm to data.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: l2_alloc_write; errno: 28; imm: off; once: on; write -b
@@ -468,20 +480,27 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: refblock_alloc_hookup; errno: 28; imm: off; once: on; write
 write failed: No space left on device
-No errors were found on the image.
+ERROR space leaked at the end of the image 33280
+
+65 leaked clusters were found on the image.
+This means waste of disk space, but no harm to data.
 Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824
 
 Event: refbloc

[Qemu-devel] [PATCH v2 06/15] qcow2: preallocation at image expand

[Anton Nefedov]

From: "Denis V. Lunev" 

This patch adds image preallocation at expand to provide better locality
of QCOW2 image file and optimize this procedure for some distributed
storages where this procedure is slow.

Image expand requests have to be suspended until the allocation is
performed which is done via special QCowL2Meta.
This meta is invisible to handle_dependencies() code.
This is the main reason for also calling preallocation before metadata
write: it might intersect with preallocation triggered by another IO,
and has to yield

Signed-off-by: Denis V. Lunev 
Signed-off-by: Anton Nefedov 
---
 block/qcow2-cache.c|   3 +
 block/qcow2-cluster.c  |   5 ++
 block/qcow2-refcount.c |  14 +
 block/qcow2.c  | 147 +
 block/qcow2.h  |   5 ++
 5 files changed, 174 insertions(+)

diff --git a/block/qcow2-cache.c b/block/qcow2-cache.c
index 1d25147..aa9da5f 100644
--- a/block/qcow2-cache.c
+++ b/block/qcow2-cache.c
@@ -204,6 +204,9 @@ static int qcow2_cache_entry_flush(BlockDriverState *bs, 
Qcow2Cache *c, int i)
 return ret;
 }
 
+/* check and preallocate extra space if touching a fresh metadata cluster 
*/
+qcow2_handle_prealloc(bs, c->entries[i].offset, s->cluster_size);
+
 if (c == s->refcount_block_cache) {
 BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_UPDATE_PART);
 } else if (c == s->l2_table_cache) {
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index ba8ce76..88dd555 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -108,6 +108,9 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t 
min_size,
 goto fail;
 }
 
+qcow2_handle_prealloc(bs, new_l1_table_offset,
+  QEMU_ALIGN_UP(new_l1_size2, s->cluster_size));
+
 BLKDBG_EVENT(bs->file, BLKDBG_L1_GROW_WRITE_TABLE);
 for(i = 0; i < s->l1_size; i++)
 new_l1_table[i] = cpu_to_be64(new_l1_table[i]);
@@ -1821,6 +1824,8 @@ static int expand_zero_clusters_in_l1(BlockDriverState 
*bs, uint64_t *l1_table,
 goto fail;
 }
 
+qcow2_handle_prealloc(bs, offset, s->cluster_size);
+
 ret = bdrv_pwrite_zeroes(bs->file, offset, s->cluster_size, 0);
 if (ret < 0) {
 if (cluster_type == QCOW2_CLUSTER_ZERO_PLAIN) {
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 7c06061..873a1d2 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -547,6 +547,8 @@ static int alloc_refcount_block(BlockDriverState *bs,
 }
 
 /* Write refcount blocks to disk */
+qcow2_handle_prealloc(bs, meta_offset, blocks_clusters * s->cluster_size);
+
 BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_ALLOC_WRITE_BLOCKS);
 ret = bdrv_pwrite_sync(bs->file, meta_offset, new_blocks,
 blocks_clusters * s->cluster_size);
@@ -561,6 +563,10 @@ static int alloc_refcount_block(BlockDriverState *bs,
 cpu_to_be64s(&new_table[i]);
 }
 
+qcow2_handle_prealloc(bs, table_offset,
+  QEMU_ALIGN_UP(table_size * sizeof(uint64_t),
+s->cluster_size));
+
 BLKDBG_EVENT(bs->file, BLKDBG_REFBLOCK_ALLOC_WRITE_TABLE);
 ret = bdrv_pwrite_sync(bs->file, table_offset, new_table,
 table_size * sizeof(uint64_t));
@@ -2104,6 +2110,8 @@ write_refblocks:
 goto fail;
 }
 
+qcow2_handle_prealloc(bs, refblock_offset, s->cluster_size);
+
 /* The size of *refcount_table is always cluster-aligned, therefore the
  * write operation will not overflow */
 on_disk_refblock = (void *)((char *) *refcount_table +
@@ -2158,6 +2166,8 @@ write_refblocks:
 }
 
 assert(reftable_size < INT_MAX / sizeof(uint64_t));
+qcow2_handle_prealloc(bs, reftable_offset,
+  reftable_size * sizeof(uint64_t));
 ret = bdrv_pwrite(bs->file, reftable_offset, on_disk_reftable,
   reftable_size * sizeof(uint64_t));
 if (ret < 0) {
@@ -2845,6 +2855,10 @@ int qcow2_change_refcount_order(BlockDriverState *bs, 
int refcount_order,
 cpu_to_be64s(&new_reftable[i]);
 }
 
+qcow2_handle_prealloc(bs, new_reftable_offset,
+  QEMU_ALIGN_UP(new_reftable_size * sizeof(uint64_t),
+s->cluster_size));
+
 ret = bdrv_pwrite(bs->file, new_reftable_offset, new_reftable,
   new_reftable_size * sizeof(uint64_t));
 
diff --git a/block/qcow2.c b/block/qcow2.c
index 067bb87..c6fb714 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -464,6 +464,11 @@ static QemuOptsList qcow2_runtime_opts = {
 .type = QEMU_OPT_NUMBER,
 .help = "Clean unused cache entries after this time (in seconds)",
 },
+{
+.name = QCOW2_OPT_PREALLOC_SIZE,
+.type = QEMU_OPT_SIZE,
+.help = "Preallocation amount at image expand",
+},
 {

[Qemu-devel] [PATCH v2 00/15] qcow2: space preallocation and COW improvements

[Anton Nefedov]

Changes in v2:
  - introduce new BDRV flag for write_zeroes()
  instead of using driver callback directly.
Skipped introducing new functions like bdrv_co_pallocate() for now:
  1. it seems ok to keep calling this write_zeroes() as zeroes
  are expected;
  2. most of the code can be reused now anyway, so changes to
  write_zeroes() path are not significant
  3. write_zeroes() alignment and max-request limits can also be reused

As a possible alternative we can have bdrv_co_pallocate() which can
switch to pwrite_zeroes(,flags|=BDRV_REQ_ALLOCATE) early.



This pull request is to address a few performance problems of qcow2 format:

  1. non cluster-aligned write requests (to unallocated clusters) explicitly
pad data with zeroes if there is no backing data. This can be avoided
and the whole clusters are preallocated and zeroed in a single
efficient write_zeroes() operation, also providing better host file
continuity

  2. moreover, efficient write_zeroes() operation can be used to preallocate
space megabytes ahead which gives noticeable improvement on some storage
types (e.g. distributed storages where space allocation operation is
expensive)

  3. preallocating/zeroing the clusters in advance makes possible to enable
simultaneous writes to the same unallocated cluster, which is beneficial
for parallel sequential write operations which are not cluster-aligned

Performance test results are added to commit messages (see patch 3, 12)

Anton Nefedov (11):
  block: introduce BDRV_REQ_ALLOCATE flag
  file-posix: support BDRV_REQ_ALLOCATE
  blkdebug: support BDRV_REQ_ALLOCATE
  qcow2: do not COW the empty areas
  qcow2: set inactive flag
  qcow2: handle_prealloc(): find out if area zeroed by earlier
preallocation
  qcow2: fix misleading comment about L2 linking
  qcow2-cluster: slightly refactor handle_dependencies()
  qcow2-cluster: make handle_dependencies() logic easier to follow
  qcow2: allow concurrent unaligned writes to the same clusters
  iotest 046: test simultaneous cluster write error case

Denis V. Lunev (3):
  qcow2: alloc space for COW in one chunk
  qcow2: preallocation at image expand
  qcow2: truncate preallocated space

Pavel Butsykin (1):
  qcow2: check space leak at the end of the image

 block/blkdebug.c   |   3 +-
 block/file-posix.c |   9 +-
 block/io.c |  19 ++-
 block/qcow2-cache.c|   3 +
 block/qcow2-cluster.c  | 218 +++--
 block/qcow2-refcount.c |  21 +++
 block/qcow2.c  | 273 -
 block/qcow2.h  |  26 
 block/trace-events |   1 +
 include/block/block.h  |   6 +-
 tests/qemu-iotests/026.out | 104 ++
 tests/qemu-iotests/026.out.nocache | 104 ++
 tests/qemu-iotests/029.out |   5 +-
 tests/qemu-iotests/046 |  38 +-
 tests/qemu-iotests/046.out |  23 
 tests/qemu-iotests/060 |   2 +-
 tests/qemu-iotests/060.out |  13 +-
 tests/qemu-iotests/061.out |   5 +-
 tests/qemu-iotests/066 |   2 +-
 tests/qemu-iotests/066.out |   9 +-
 tests/qemu-iotests/098.out |   7 +-
 tests/qemu-iotests/108.out |   5 +-
 tests/qemu-iotests/112.out |   5 +-
 23 files changed, 789 insertions(+), 112 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH v2 07/15] qcow2: set inactive flag

[Anton Nefedov]

Qcow2State and BlockDriverState flags have to be in sync

Signed-off-by: Anton Nefedov 
---
 block/qcow2.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/qcow2.c b/block/qcow2.c
index c6fb714..b090833 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1932,6 +1932,7 @@ static int qcow2_inactivate(BlockDriverState *bs)
 
 if (result == 0) {
 qcow2_mark_clean(bs);
+s->flags |= BDRV_O_INACTIVE;
 }
 
 return result;
-- 
2.7.4

[Qemu-devel] [PATCH v2 11/15] qcow2: fix misleading comment about L2 linking

[Anton Nefedov]

Signed-off-by: Anton Nefedov 
Signed-off-by: Denis V. Lunev 
---
 block/qcow2-cluster.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index ed65961..3dafd19 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -827,12 +827,10 @@ int qcow2_alloc_cluster_link_l2(BlockDriverState *bs, 
QCowL2Meta *m)
 
 assert(l2_index + m->nb_clusters <= s->l2_size);
 for (i = 0; i < m->nb_clusters; i++) {
-/* if two concurrent writes happen to the same unallocated cluster
- * each write allocates separate cluster and writes data concurrently.
- * The first one to complete updates l2 table with pointer to its
- * cluster the second one has to do RMW (which is done above by
- * perform_cow()), update l2 table with its cluster pointer and free
- * old cluster. This is what this loop does */
+/* handle_dependencies() protects from normal cluster allocation
+ * collision; still L2 entry might be !0 in case of zero or compressed
+ * cluster reusage or writing over the snapshot
+ */
 if (l2_table[l2_index + i] != 0) {
 old_cluster[j++] = l2_table[l2_index + i];
 }
-- 
2.7.4

[Qemu-devel] [PATCH v2 05/15] qcow2: do not COW the empty areas

[Anton Nefedov]

If COW area of the newly allocated cluster is zeroes, there is no reason
to write zero sectors in perform_cow() again now as whole clusters are
zeroed out in single chunks by handle_alloc_space().

Introduce QCowL2Meta field "reduced", since the existing fields
(offset and nb_bytes) still has to keep other write requests from
simultaneous writing in the area

iotest 060:
write to the discarded cluster does not trigger COW anymore.
so, break on write_aio event instead, will work for the test
(but write won't fail anymore, so update reference output)

iotest 066:
cluster-alignment areas that were not really COWed are now detected
as zeroes, hence the initial write has to be exactly the same size for
the maps to match

performance tests: ===

qemu-io,
  results in seconds to complete (less is better)
  random write 4k to empty image, no backing
HDD
  64k cluster
128M over 128M image:   160 -> 160 ( x1  )
128M over   2G image:86 ->  84 ( x1  )
128M over   8G image:40 ->  29 ( x1.4 )
  1M cluster
 32M over   8G image:58 ->  23 ( x2.5 )

SSD
  64k cluster
  2G over   2G image:71 ->  38 (  x1.9 )
512M over   8G image:85 ->   8 ( x10.6 )
  1M cluster
128M over  32G image:   314 ->   2 ( x157  )

  - improvement grows bigger the bigger the cluster size,
  - first data portions to the fresh image benefit the most
  (more chance to hit an unallocated cluster)
  - SSD improvement is close to the IO length reduction rate
  (e.g. writing only 4k instead of 64k) gives theoretical x16
  and practical x10 improvement)

fio tests over xfs, empty image (cluster 64k), no backing,

  first megabytes of random writes:
randwrite 4k, size=8g:

  HDD (io_size=128m) :  730 ->  1050 IOPS ( x1.45)
  SSD (io_size=512m) : 1500 ->  7000 IOPS ( x4.7 )

  random writes io_size==image_size:
randwrite 4k, size=2g io_size=2g:
   HDD   : 200 IOPS (no difference)
   SSD   : 7500 ->  9500 IOPS ( x1.3 )

  sequential write:
seqwrite 4k, size=4g, iodepth=4
   SSD   : 7000 -> 18000 IOPS ( x2.6 )

  - numbers are similar to qemu-io tests, slightly less improvement
  (damped by fs?)

Signed-off-by: Anton Nefedov 
Signed-off-by: Denis V. Lunev 
---
 block/qcow2-cluster.c  |  4 +++-
 block/qcow2.c  | 32 ++--
 block/qcow2.h  |  4 
 tests/qemu-iotests/060 |  2 +-
 tests/qemu-iotests/060.out |  3 ++-
 tests/qemu-iotests/066 |  2 +-
 tests/qemu-iotests/066.out |  4 ++--
 7 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index d779ea1..ba8ce76 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -758,7 +758,7 @@ static int perform_cow(BlockDriverState *bs, QCowL2Meta *m, 
Qcow2COWRegion *r)
 BDRVQcow2State *s = bs->opaque;
 int ret;
 
-if (r->nb_bytes == 0) {
+if (r->nb_bytes == 0 || r->reduced) {
 return 0;
 }
 
@@ -1267,10 +1267,12 @@ static int handle_alloc(BlockDriverState *bs, uint64_t 
guest_offset,
 .cow_start = {
 .offset = 0,
 .nb_bytes   = offset_into_cluster(s, guest_offset),
+.reduced= false,
 },
 .cow_end = {
 .offset = nb_bytes,
 .nb_bytes   = avail_bytes - nb_bytes,
+.reduced= false,
 },
 };
 qemu_co_queue_init(&(*m)->dependent_requests);
diff --git a/block/qcow2.c b/block/qcow2.c
index cd5efba..067bb87 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -64,6 +64,9 @@ typedef struct {
 #define  QCOW2_EXT_MAGIC_BACKING_FORMAT 0xE2792ACA
 #define  QCOW2_EXT_MAGIC_FEATURE_TABLE 0x6803f857
 
+static bool is_zero_sectors(BlockDriverState *bs, int64_t start,
+uint32_t count);
+
 static int qcow2_probe(const uint8_t *buf, int buf_size, const char *filename)
 {
 const QCowHeader *cow_header = (const void *)buf;
@@ -1575,10 +1578,30 @@ fail:
 return ret;
 }
 
+static void handle_cow_reduce(BlockDriverState *bs, QCowL2Meta *m)
+{
+if (bs->encrypted) {
+return;
+}
+if (!m->cow_start.reduced && m->cow_start.nb_bytes != 0 &&
+is_zero_sectors(bs,
+(m->offset + m->cow_start.offset) >> BDRV_SECTOR_BITS,
+m->cow_start.nb_bytes >> BDRV_SECTOR_BITS)) {
+m->cow_start.reduced = true;
+}
+if (!m->cow_end.reduced && m->cow_end.nb_bytes != 0 &&
+is_zero_sectors(bs,
+(m->offset + m->cow_end.offset) >> BDRV_SECTOR_BITS,
+m->cow_end.nb_bytes >> BDRV_SECTOR_BITS)) {
+m->cow_end.reduced = true;
+}
+}
+
 static void handle_alloc_space(BlockDriverState *bs, QCowL2Meta *l2meta)
 {
 BDRVQcow2State *s = bs->opaque;
 QCowL2Meta *m;
+int ret;
 
 for (m = l2meta; m != NULL; m = m->next) {
 uint64_t bytes = 

[Qemu-devel] [PATCH v2 13/15] qcow2-cluster: make handle_dependencies() logic easier to follow

[Anton Nefedov]

Avoid complicated nested conditions; return or continue asap instead.
The logic is not changed.

Signed-off-by: Anton Nefedov 
Signed-off-by: Denis V. Lunev 
---
 block/qcow2-cluster.c | 45 ++---
 1 file changed, 22 insertions(+), 23 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 95e8862..2fa549d 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -926,32 +926,31 @@ static int handle_dependencies(BlockDriverState *bs, 
uint64_t guest_offset,
 
 if (end <= old_start || start >= old_end) {
 /* No intersection */
-} else {
-if (start < old_start) {
-/* Stop at the start of a running allocation */
-bytes = old_start - start;
-} else {
-bytes = 0;
-}
+continue;
+}
 
-/* Stop if already an l2meta exists. After yielding, it wouldn't
- * be valid any more, so we'd have to clean up the old L2Metas
- * and deal with requests depending on them before starting to
- * gather new ones. Not worth the trouble. */
-if (bytes == 0 && *m) {
-/* start must be cluster aligned at this point */
-assert(start == start_of_cluster(s, start));
-*cur_bytes = 0;
-return 0;
-}
+if (start < old_start) {
+/* Stop at the start of a running allocation */
+bytes = old_start - start;
+/* ..if there is no other conflict, keep checking */
+continue;
+}
 
-if (bytes == 0) {
-/* Wait for the dependency to complete. We need to recheck
- * the free/allocated clusters when we continue. */
-qemu_co_queue_wait(&old_alloc->dependent_requests, &s->lock);
-return -EAGAIN;
-}
+/* Stop if an l2meta already exists. After yielding, it wouldn't
+ * be valid any more, so we'd have to clean up the old L2Metas
+ * and deal with requests depending on them before starting to
+ * gather new ones. Not worth the trouble. */
+if (*m) {
+/* start must be cluster aligned at this point */
+assert(start == start_of_cluster(s, start));
+*cur_bytes = 0;
+return 0;
 }
+
+/* Wait for the dependency to complete. We need to recheck
+ * the free/allocated clusters when we continue. */
+qemu_co_queue_wait(&old_alloc->dependent_requests, &s->lock);
+return -EAGAIN;
 }
 
 /* Make sure that existing clusters and new allocations are only used up to
-- 
2.7.4

[Qemu-devel] [PATCH v2 08/15] qcow2: truncate preallocated space

[Anton Nefedov]

From: "Denis V. Lunev" 

This could be done after calculation of the end of data and metadata in
the qcow2 image.

Signed-off-by: Denis V. Lunev 
Signed-off-by: Anton Nefedov 
---
 block/qcow2-cluster.c  | 9 +
 block/qcow2-refcount.c | 7 +++
 block/qcow2.c  | 8 
 block/qcow2.h  | 3 +++
 4 files changed, 27 insertions(+)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 88dd555..c39e825 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -1958,3 +1958,12 @@ fail:
 g_free(l1_table);
 return ret;
 }
+
+void qcow2_update_data_end(BlockDriverState *bs, uint64_t off)
+{
+BDRVQcow2State *s = bs->opaque;
+
+if (s->data_end < off) {
+s->data_end = off;
+}
+}
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 873a1d2..8156466 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -744,6 +744,9 @@ static int QEMU_WARN_UNUSED_RESULT 
update_refcount(BlockDriverState *bs,
 ret = alloc_refcount_block(bs, cluster_index, &refcount_block);
 if (ret < 0) {
 goto fail;
+} else {
+qcow2_update_data_end(bs, s->refcount_table_offset +
+s->refcount_table_size * sizeof(uint64_t));
 }
 }
 old_table_index = table_index;
@@ -865,6 +868,8 @@ retry:
 s->free_cluster_index - 1 > (INT64_MAX >> s->cluster_bits))
 {
 return -EFBIG;
+} else {
+qcow2_update_data_end(bs, s->free_cluster_index << s->cluster_bits);
 }
 
 #ifdef DEBUG_ALLOC2
@@ -929,6 +934,8 @@ int64_t qcow2_alloc_clusters_at(BlockDriverState *bs, 
uint64_t offset,
 
 if (ret < 0) {
 return ret;
+} else {
+qcow2_update_data_end(bs, offset + (nb_clusters << s->cluster_bits));
 }
 
 return i;
diff --git a/block/qcow2.c b/block/qcow2.c
index b090833..33e5455 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -1194,6 +1194,8 @@ static int qcow2_do_open(BlockDriverState *bs, QDict 
*options, int flags,
 }
 }
 
+s->data_end = bdrv_getlength(bs->file->bs);
+
 #ifdef DEBUG_ALLOC
 {
 BdrvCheckResult result = {0};
@@ -1941,12 +1943,18 @@ static int qcow2_inactivate(BlockDriverState *bs)
 static void qcow2_close(BlockDriverState *bs)
 {
 BDRVQcow2State *s = bs->opaque;
+
 qemu_vfree(s->l1_table);
 /* else pre-write overlap checks in cache_destroy may crash */
 s->l1_table = NULL;
 
 if (!(s->flags & BDRV_O_INACTIVE)) {
 qcow2_inactivate(bs);
+
+/* truncate preallocated space */
+if (!bs->read_only && s->data_end < bdrv_getlength(bs->file->bs)) {
+bdrv_truncate(bs->file, s->data_end, NULL);
+}
 }
 
 cache_clean_timer_del(bs);
diff --git a/block/qcow2.h b/block/qcow2.h
index a0d222d..e28c54a 100644
--- a/block/qcow2.h
+++ b/block/qcow2.h
@@ -297,6 +297,7 @@ typedef struct BDRVQcow2State {
 char *image_backing_format;
 
 uint64_t prealloc_size;
+uint64_t data_end;
 } BDRVQcow2State;
 
 typedef struct Qcow2COWRegion {
@@ -607,4 +608,6 @@ int qcow2_cache_get_empty(BlockDriverState *bs, Qcow2Cache 
*c, uint64_t offset,
 void **table);
 void qcow2_cache_put(BlockDriverState *bs, Qcow2Cache *c, void **table);
 
+void qcow2_update_data_end(BlockDriverState *bs, uint64_t off);
+
 #endif
-- 
2.7.4

[Qemu-devel] [PATCH v2 12/15] qcow2-cluster: slightly refactor handle_dependencies()

[Anton Nefedov]

  - assert the alignment on return if the allocation has to stop
(at the start of a running allocation)
  - make use of const specifiers for local variables

Signed-off-by: Anton Nefedov 
Signed-off-by: Denis V. Lunev 
---
 block/qcow2-cluster.c | 20 +++-
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 3dafd19..95e8862 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -900,15 +900,15 @@ out:
  * Check if there already is an AIO write request in flight which allocates
  * the same cluster. In this case we need to wait until the previous
  * request has completed and updated the L2 table accordingly.
- *
  * Returns:
  *   0   if there was no dependency. *cur_bytes indicates the number of
  *   bytes from guest_offset that can be read before the next
- *   dependency must be processed (or the request is complete)
+ *   dependency must be processed (or the request is complete).
+ *   *m is not modified
  *
- *   -EAGAIN if we had to wait for another request, previously gathered
- *   information on cluster allocation may be invalid now. The caller
- *   must start over anyway, so consider *cur_bytes undefined.
+ *   -EAGAIN if we had to wait for another request. The caller
+ *   must start over, so consider *cur_bytes undefined.
+ *   *m is not modified
  */
 static int handle_dependencies(BlockDriverState *bs, uint64_t guest_offset,
 uint64_t *cur_bytes, QCowL2Meta **m)
@@ -919,10 +919,10 @@ static int handle_dependencies(BlockDriverState *bs, 
uint64_t guest_offset,
 
 QLIST_FOREACH(old_alloc, &s->cluster_allocs, next_in_flight) {
 
-uint64_t start = guest_offset;
-uint64_t end = start + bytes;
-uint64_t old_start = l2meta_cow_start(old_alloc);
-uint64_t old_end = l2meta_cow_end(old_alloc);
+const uint64_t start = guest_offset;
+const uint64_t end = start + bytes;
+const uint64_t old_start = l2meta_cow_start(old_alloc);
+const uint64_t old_end = l2meta_cow_end(old_alloc);
 
 if (end <= old_start || start >= old_end) {
 /* No intersection */
@@ -939,6 +939,8 @@ static int handle_dependencies(BlockDriverState *bs, 
uint64_t guest_offset,
  * and deal with requests depending on them before starting to
  * gather new ones. Not worth the trouble. */
 if (bytes == 0 && *m) {
+/* start must be cluster aligned at this point */
+assert(start == start_of_cluster(s, start));
 *cur_bytes = 0;
 return 0;
 }
-- 
2.7.4

Re: [Qemu-devel] [PULL 24/33] nbd: Fully initialize client in case of failed negotiation

[Eric Blake]

On 06/01/2017 07:41 AM, Paolo Bonzini wrote:
> From: Eric Blake 
> 
> If a non-NBD client connects to qemu-nbd, we would end up with
> a SIGSEGV in nbd_cilent_put() because we were trying to

Since it looks like you have to respin this pull request for other
reasons, you could s/cilent/client/ while touching things up.

> unregister the client's association to the export, even though
> we skipped inserting the client into that list.  Easy trigger
> in two terminals:
> 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [RFC PATCH] OvmfPkg/AcpiPlatformDxe: lift 4 GB alloc limit for modern ACPI systems

[Igor Mammedov]

On Thu, 1 Jun 2017 14:25:48 +0200
Laszlo Ersek  wrote:

> On 06/01/17 13:22, Ard Biesheuvel wrote:
> > ACPI supports architectures such as arm64, which did not exist when the
> > original 32-bit ACPI 1.0 was introduced. These days, ACPI tables can all
> > support 64-bit memory addresses, and so QEMU has been updated to emit
> > 64-bit table and entry point types on arm64/mach-virt.  
> 
> Do you have commit cb51ac2ffe36 ("hw/arm/virt: generate 64-bit
> addressable ACPI objects", 2017-04-10) in mind?
My understanding was that OVMF discards RSDP/[RX]SDT so that commit
probably irrelevant.

Now about FADT or any other blob, do we really need to extend
loader protocol? Couldn't firmware decide where to allocate
table based on size in add_pointer commands?

That might be a bit complicated but on the bright side is that
it is firmware only change and it should work both on old and
new qemu without breaking anything.

> 
> > 
> > For the UEFI side, this means we no longer have to serve allocation
> > requests from the 32-bit addressable region. So lift this restriction
> > when the platform has been configured without ACPI 1.0b support.
> > 
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Ard Biesheuvel 
> > ---
> > 
> > This is an RFC because this change breaks compatibility with older versions
> > of QEMU. At the least, this means I should sit on this patch for another
> > while, but perhaps it also means we need some runtime logic to detect which
> > QEMU we are dealing with? Comments welcome.
> > 
> >  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf  |  3 +++
> >  OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c  | 13 +++--
> >  OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpiPlatformDxe.inf |  3 +++
> >  3 files changed, 17 insertions(+), 2 deletions(-)  
> 
> I guess by compat breakage, you mean the case when new ArmVirtQemu (with
> this patch) is booted on old QEMU (which lacks commit cb51ac2ffe36) --
> the 64-bit allocation addresses might not fit into the 4-byte fields
> generated by QEMU.
> 
> Since your QEMU patch (which I did ACK), I've given more thought to the
> QEMU_LOADER_ALLOCATE linker/loader command. See bullet (68) in:
> 
> 
> accf8880-f4b0-85f1-9f33-4103c8c26d7a@redhat.com">http://mid.mail-archive.com/accf8880-f4b0-85f1-9f33-4103c8c26d7a@redhat.com
> 
> There are now two reasons to extend the Zone field's meaning:
> 
> - The first reason is that the most significant bit in Zone could be
> repurposed to suppress the SDT header probing implemented in
> OvmfPkg/AcpiPlatformDxe, in the Process2ndPassCmdAddPointer() function.
> 
> - The second reason is that a new value in Zone (with the msb masked
> off), say QemuLoaderAlloc64Bit=3, could be used to lift the 32-bit
> allocation limit explicitly.
> 
> In QEMU, we could tie both of these extensions to new machine types.
> 
> The result would be:
> 
>   firmware  QEMU  QEMU machine type  result
>       -  ---
>   old   new   oldallocate blobs under 4GB
>   old   new   newbreakage, but that's OK, we can
>require refreshed firmware for
>new machine types
>   new   old   oldallocate blobs under 4GB
>   new   new   oldallocate blobs under 4GB
>   new   new   newallocate blobs from 64-bit space
> 
> ... I guess my proposal might be a bit unpolished (and certainly
> diverges from your original QEMU commit cb51ac2ffe36), but at this
> point, the need for further *explicit* hints in the ALLOC command is
> just too obvious to pass them up.
> 
> Again, the first extension would be setting aside bit 7, to signify
> "this blob contains no ACPI tables", and the second extension would be a
> new zone value (3) to mean "allocate from 64-bit address space".
> 
> The first extension would be used by both x86 and arm machine types
> (2.10+ only), and the second extension would only be used by 2.10+ arm
> machine types.
> 
> What do you think? Can we discuss both of these Zone extensions on
> qemu-devel as well? Adding qemu-devel, Shannon, Michael, Igor, Drew, and
> Dongjiu Geng.
>
> Thanks
> Laszlo
> 
> > diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf 
> > b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> > index 9a9b2e6bb2e5..9b883871bc23 100644
> > --- a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> > +++ b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
> > @@ -73,5 +73,8 @@ [Pcd]
> >gPcAtChipsetPkgTokenSpaceGuid.Pcd8259LegacyModeEdgeLevel
> >gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFdBaseAddress
> >  
> > +[FixedPcd]
> > +  gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiExposedTableVersions
> > +
> >  [Depex]
> >gEfiAcpiTableProtocolGuid
> > diff --git a/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c 
> > b/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
> > index 1bc5fe297a96..97632bc636c0 100644
> > --- a/

[Qemu-devel] [PATCH v2 14/15] qcow2: allow concurrent unaligned writes to the same clusters

[Anton Nefedov]

If COW area of a write request to unallocated cluster is empty,
concurrent write requests can be allowed with a little bit of
extra synchronization; so they don't have to wait until L2 is filled.

Let qcow2_cluster.c::handle_dependencies() do the most of the job:
  if there is an in-flight request to the same cluster,
  and the current request wants to write in its COW area,
  and its COW area is marked empty,
  - steal the allocated offset and write concurrently. Let the original
request update L2 later when it likes.

This gives an improvement for parallel misaligned writes to
unallocated clusters with no backing data:

HDD fio over xfs iodepth=4:
  seqwrite 4k:   18400 -> 22800 IOPS ( x1.24 )
  seqwrite 68k:   1600 ->  2300 IOPS ( x1.44 )

Signed-off-by: Anton Nefedov 
Signed-off-by: Denis V. Lunev 
---
 block/qcow2-cluster.c | 169 +++---
 block/qcow2.c |  28 -
 block/qcow2.h |  12 +++-
 3 files changed, 181 insertions(+), 28 deletions(-)

diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index 2fa549d..03b2e6c 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -898,20 +898,32 @@ out:
 
 /*
  * Check if there already is an AIO write request in flight which allocates
- * the same cluster. In this case we need to wait until the previous
- * request has completed and updated the L2 table accordingly.
+ * the same cluster.
+ * In this case, check if that request has explicitly allowed to write
+ * in its COW area(s).
+ *   If yes - fill the meta to point to the same cluster.
+ *   If no  - we need to wait until the previous request has completed and
+ *updated the L2 table accordingly or
+ *has allowed writing in its COW area(s).
  * Returns:
  *   0   if there was no dependency. *cur_bytes indicates the number of
  *   bytes from guest_offset that can be read before the next
  *   dependency must be processed (or the request is complete).
- *   *m is not modified
+ *   *m, *host_offset are not modified
+ *
+ *   1   if there is a dependency but it is possible to write concurrently
+ *   *m is filled accordingly,
+ *   *cur_bytes may have decreased and describes
+ * the length of the area that can be written to,
+ *   *host_offset contains the starting host image offset to write to
  *
  *   -EAGAIN if we had to wait for another request. The caller
- *   must start over, so consider *cur_bytes undefined.
+ *   must start over, so consider *cur_bytes and *host_offset 
undefined.
  *   *m is not modified
  */
 static int handle_dependencies(BlockDriverState *bs, uint64_t guest_offset,
-uint64_t *cur_bytes, QCowL2Meta **m)
+   uint64_t *host_offset, uint64_t *cur_bytes,
+   QCowL2Meta **m)
 {
 BDRVQcow2State *s = bs->opaque;
 QCowL2Meta *old_alloc;
@@ -924,7 +936,7 @@ static int handle_dependencies(BlockDriverState *bs, 
uint64_t guest_offset,
 const uint64_t old_start = l2meta_cow_start(old_alloc);
 const uint64_t old_end = l2meta_cow_end(old_alloc);
 
-if (end <= old_start || start >= old_end) {
+if (end <= old_start || start >= old_end || old_alloc->piggybacked) {
 /* No intersection */
 continue;
 }
@@ -936,21 +948,95 @@ static int handle_dependencies(BlockDriverState *bs, 
uint64_t guest_offset,
 continue;
 }
 
-/* Stop if an l2meta already exists. After yielding, it wouldn't
- * be valid any more, so we'd have to clean up the old L2Metas
- * and deal with requests depending on them before starting to
- * gather new ones. Not worth the trouble. */
-if (*m) {
+/* offsets of the cluster we're intersecting in */
+const uint64_t cluster_start = start_of_cluster(s, start);
+const uint64_t cluster_end = cluster_start + s->cluster_size;
+
+const uint64_t old_data_start = old_start
++ old_alloc->cow_start.nb_bytes;
+const uint64_t old_data_end = old_alloc->offset
++ old_alloc->cow_end.offset;
+
+const bool conflict_in_data_area =
+end > old_data_start && start < old_data_end;
+const bool conflict_in_old_cow_start =
+/* 1). new write request area is before the old */
+start < old_data_start
+&& /* 2). old request did not allow writing in its cow area */
+!old_alloc->cow_start.reduced;
+const bool conflict_in_old_cow_end =
+/* 1). new write request area is after the old */
+start > old_data_start
+&& /* 2). old request did not allow writing in its cow area */
+!old_alloc->cow_end.reduced;
+
+if (conflict_in_data_area ||
+conflict_in_old_cow_start || conflict_in_old_cow_end) {
+
+/* Stop 

[Qemu-devel] [PATCH v2 15/15] iotest 046: test simultaneous cluster write error case

[Anton Nefedov]

Signed-off-by: Anton Nefedov 
---
 tests/qemu-iotests/046 | 38 +-
 tests/qemu-iotests/046.out | 23 +++
 2 files changed, 60 insertions(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/046 b/tests/qemu-iotests/046
index f2ebecf..c210b55 100755
--- a/tests/qemu-iotests/046
+++ b/tests/qemu-iotests/046
@@ -29,7 +29,8 @@ status=1  # failure is the default!
 
 _cleanup()
 {
-   _cleanup_test_img
+_cleanup_test_img
+rm "$TEST_DIR/blkdebug.conf"
 }
 trap "_cleanup; exit \$status" 0 1 2 3 15
 
@@ -188,6 +189,37 @@ overlay_io | $QEMU_IO blkdebug::"$TEST_IMG" | 
_filter_qemu_io |\
sed -e 's/bytes at offset [0-9]*/bytes at offset XXX/g'
 
 echo
+echo "== Concurrency error case =="
+
+# 1. 1st request allocated the cluster, stop before it writes and updates L2
+# 2. 2nd request starts at the same cluster must complete write and start
+#waiting for the 1st to update L2
+# 3. Resume the 1st request to make it fail (injected error)
+# 4. 2nd request must wake and fail as well
+#1 cluster will end up leaked
+cat > "$TEST_DIR/blkdebug.conf" <

Re: [Qemu-devel] [PATCH v2 07/10] migration: Export rdma.c functions in its own file

[Juan Quintela]

"Dr. David Alan Gilbert"  wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> Signed-off-by: Juan Quintela 
>> ---
>>  include/migration/migration.h |  4 
>>  migration/migration.c |  1 +
>>  migration/rdma.c  |  1 +
>>  migration/rdma.h  | 25 +
>>  4 files changed, 27 insertions(+), 4 deletions(-)
>>  create mode 100644 migration/rdma.h
>> 
>> diff --git a/include/migration/migration.h b/include/migration/migration.h
>> index 29fda5b..8d29bc9 100644
>> --- a/include/migration/migration.h
>> +++ b/include/migration/migration.h
>> @@ -153,10 +153,6 @@ void qemu_start_incoming_migration(const char
>> *uri, Error **errp);
>>  
>>  uint64_t migrate_max_downtime(void);
>>  
>> -void rdma_start_outgoing_migration(void *opaque, const char
>> *host_port, Error **errp);
>> -
>> -void rdma_start_incoming_migration(const char *host_port, Error **errp);
>> -
>>  void migrate_fd_error(MigrationState *s, const Error *error);
>>  
>>  void migrate_fd_connect(MigrationState *s);
>> diff --git a/migration/migration.c b/migration/migration.c
>> index 6e11db2..3face58 100644
>> --- a/migration/migration.c
>> +++ b/migration/migration.c
>> @@ -21,6 +21,7 @@
>>  #include "exec.h"
>>  #include "fd.h"
>>  #include "socket.h"
>> +#include "rdma.h"
>>  #include "migration/migration.h"
>>  #include "savevm.h"
>>  #include "qemu-file-channel.h"
>> diff --git a/migration/rdma.c b/migration/rdma.c
>> index 4cb5bf8..fab30ea 100644
>> --- a/migration/rdma.c
>> +++ b/migration/rdma.c
>> @@ -17,6 +17,7 @@
>>  #include "qapi/error.h"
>>  #include "qemu-common.h"
>>  #include "qemu/cutils.h"
>> +#include "rdma.h"
>>  #include "migration/migration.h"
>>  #include "qemu-file.h"
>>  #include "exec/cpu-common.h"
>> diff --git a/migration/rdma.h b/migration/rdma.h
>> new file mode 100644
>> index 000..de2ba09
>> --- /dev/null
>> +++ b/migration/rdma.h
>> @@ -0,0 +1,25 @@
>> +/*
>> + * RDMA protocol and interfaces
>> + *
>> + * Copyright IBM, Corp. 2010-2013
>> + * Copyright Red Hat, Inc. 2015-2016
>> + *
>> + * Authors:
>> + *  Michael R. Hines 
>> + *  Jiuxing Liu 
>> + *  Daniel P. Berrange 
>> + *
>> + * This work is licensed under the terms of the GNU GPL, version 2 or
>> + * later.  See the COPYING file in the top-level directory.
>> + *
>> + */
>
> Hmm, are we allowed to v2-or-later that?  migration.h is v2

That is the header file of rdma.c

And we only have two functions exported from that file, so I think that
it is a safe assumption that they are covered by that copyright.

Later, Juan.

Re: [Qemu-devel] [PATCH v2 06/10] migration: Export tls.c functions in its own file

[Juan Quintela]

"Dr. David Alan Gilbert"  wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> Just for the functions exported from tls.c.  Notice that we can't
>> remove the migration/migration.h include from tls.c because it access
>> directly MigrationState for the tls params.

>> +++ b/migration/tls.h
>> @@ -0,0 +1,34 @@
>> +/*
>> + * QEMU migration TLS support
>> + *
>> + * Copyright (c) 2015 Red Hat, Inc.
>> + *
>> + * This library is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU Lesser General Public
>> + * License as published by the Free Software Foundation; either
>> + * version 2 of the License, or (at your option) any later version.
>> + *
>> + * This library is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> + * Lesser General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU Lesser General Public
>> + * License along with this library; if not, see 
>> .
>> + *
>> + */
>
> Can you clarify why this is LGPLv2 or later please?
> Is this to follow the io/* rather than the migration/migration.h it came
> out of.

THis is the license of tls.c

And this are only the two functions that are exported from that file, so


And anyways, this code is posterior to the cut-off when everything new
is GPL2 or later.

Or I am missing something?

Later, Juan.


>
> Anyway, I did see Dan's post saying it was OK to update licenses, but
> it's worth a comment in the commit message as to why.
>
> Reviewed-by: Dr. David Alan Gilbert 
>
>
> Dave
>
>> +
>> +#ifndef QEMU_MIGRATION_TLS_H
>> +#define QEMU_MIGRATION_TLS_H
>> +
>> +#include "io/channel.h"
>> +
>> +void migration_tls_channel_process_incoming(MigrationState *s,
>> +QIOChannel *ioc,
>> +Error **errp);
>> +
>> +void migration_tls_channel_connect(MigrationState *s,
>> +   QIOChannel *ioc,
>> +   const char *hostname,
>> +   Error **errp);
>> +#endif
>> -- 
>> 2.9.4
>> 
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH] vhost_dev:qemu will quit when vhost_dev is null

[Michael S. Tsirkin]

On Thu, Jun 01, 2017 at 10:51:27AM -0400, indiff...@126.com wrote:
> From: "yin.zuowei" 
> 
> Signed-off-by: yin.zuowei 
> 
> when ovdk socket is not ok, this vhost_dev is null ,then qemu will be quit.
> We think ovdk is just a network devices, should not cause an exit .


It is called like this:
if (vhost_ops && vhost_ops->vhost_set_vring_enable) {
return vhost_ops->vhost_set_vring_enable(&net->dev, enable);
}

so how can it be NULL?


> ---
>  hw/virtio/vhost-user.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> index dde094a..3a9fdf4 100644
> --- a/hw/virtio/vhost-user.c
> +++ b/hw/virtio/vhost-user.c
> @@ -387,6 +387,9 @@ static int vhost_user_set_vring_base(struct vhost_dev 
> *dev,
>  static int vhost_user_set_vring_enable(struct vhost_dev *dev, int enable)
>  {
>  int i;
> +if (!dev) {
> +return -1;
> +}
>  
>  if (!virtio_has_feature(dev->features, VHOST_USER_F_PROTOCOL_FEATURES)) {
>  return -1;
> -- 
> 1.8.3.1
> 

[Qemu-devel] [PATCH] vhost_dev:qemu will quit when vhost_dev is null

[indiffPig]

From: "yin.zuowei" 

Signed-off-by: yin.zuowei 

when ovdk socket is not ok, this vhost_dev is null ,then qemu will be quit.
We think ovdk is just a network devices, should not cause an exit .
---
 hw/virtio/vhost-user.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index dde094a..3a9fdf4 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -387,6 +387,9 @@ static int vhost_user_set_vring_base(struct vhost_dev *dev,
 static int vhost_user_set_vring_enable(struct vhost_dev *dev, int enable)
 {
 int i;
+if (!dev) {
+return -1;
+}
 
 if (!virtio_has_feature(dev->features, VHOST_USER_F_PROTOCOL_FEATURES)) {
 return -1;
-- 
1.8.3.1

Re: [Qemu-devel] [PATCH v2 3/4] qom/cpu: remove host_tid field

[Greg Kurz]

On Thu,  1 Jun 2017 15:49:14 +0100
Alex Bennée  wrote:

> This was only used by the gdbstub and even then was only being set for
> subsequent threads. Rather the continue duplicating the number just
> make the gdbstub get the information from TaskState structure.
> 
> Now the tid is correctly reported for all threads the bug I was seeing
> with "vCont;C04:0;c" packets is fixed as the correct tid is reported
> to gdb.
> 
> I moved cpu_gdb_index into the gdbstub to facilitate easy access to
> the TaskState which is used elsewhere in gdbstub.
> 

FWIW, this change would make more sense in patch 2 since all users
are in gdbstub.c and it would avoid to change things twice. No big
deal compared to the benefit of dropping the broken @host_tid :)

> Signed-off-by: Alex Bennée 
> ---

In any case.

Reviewed-by: Greg Kurz 

>  gdbstub.c  | 15 +++
>  include/exec/gdbstub.h | 14 --
>  include/qom/cpu.h  |  2 --
>  linux-user/syscall.c   |  1 -
>  4 files changed, 15 insertions(+), 17 deletions(-)
> 
> diff --git a/gdbstub.c b/gdbstub.c
> index 026d1fe6bb..45a3a0b16b 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -55,6 +55,21 @@ static inline int target_memory_rw_debug(CPUState *cpu, 
> target_ulong addr,
>  return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
>  }
>  
> +/* Return the GDB index for a given vCPU state.
> + *
> + * For user mode this is simply the thread id. In system mode GDB
> + * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
> + */
> +static inline int cpu_gdb_index(CPUState *cpu)
> +{
> +#if defined(CONFIG_USER_ONLY)
> +TaskState *ts = (TaskState *) cpu->opaque;
> +return ts->ts_tid;
> +#else
> +return cpu->cpu_index + 1;
> +#endif
> +}
> +
>  enum {
>  GDB_SIGNAL_0 = 0,
>  GDB_SIGNAL_INT = 2,
> diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
> index c4fe567600..9aa7756d92 100644
> --- a/include/exec/gdbstub.h
> +++ b/include/exec/gdbstub.h
> @@ -58,20 +58,6 @@ void gdb_register_coprocessor(CPUState *cpu,
>gdb_reg_cb get_reg, gdb_reg_cb set_reg,
>int num_regs, const char *xml, int g_pos);
>  
> -/* Return the GDB index for a given vCPU state.
> - *
> - * For user mode this is simply the thread id. In system mode GDB
> - * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
> - */
> -static inline int cpu_gdb_index(CPUState *cpu)
> -{
> -#if defined(CONFIG_USER_ONLY)
> -return cpu->host_tid;
> -#else
> -return cpu->cpu_index + 1;
> -#endif
> -}
> -
>  /* The GDB remote protocol transfers values in target byte order.  This means
>   * we can use the raw memory access routines to access the value buffer.
>   * Conveniently, these also handle the case where the buffer is mis-aligned.
> diff --git a/include/qom/cpu.h b/include/qom/cpu.h
> index 55214ce131..909e7ae994 100644
> --- a/include/qom/cpu.h
> +++ b/include/qom/cpu.h
> @@ -266,7 +266,6 @@ struct qemu_work_item;
>   * @nr_cores: Number of cores within this CPU package.
>   * @nr_threads: Number of threads within this CPU.
>   * @numa_node: NUMA node this CPU is belonging to.
> - * @host_tid: Host thread ID.
>   * @running: #true if CPU is currently running (lockless).
>   * @has_waiter: #true if a CPU is currently waiting for the cpu_exec_end;
>   * valid under cpu_list_lock.
> @@ -321,7 +320,6 @@ struct CPUState {
>  HANDLE hThread;
>  #endif
>  int thread_id;
> -uint32_t host_tid;
>  bool running, has_waiter;
>  struct QemuCond *halt_cond;
>  bool thread_kicked;
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index cec8428589..cada188e58 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -6216,7 +6216,6 @@ static void *clone_func(void *arg)
>  thread_cpu = cpu;
>  ts = (TaskState *)cpu->opaque;
>  info->tid = gettid();
> -cpu->host_tid = info->tid;
>  task_settid(ts);
>  if (info->child_tidptr)
>  put_user_u32(info->tid, info->child_tidptr);



pgpW5r3fBBGsJ.pgp
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 02/10] migration: Split qemu-file.h

[Juan Quintela]

"Dr. David Alan Gilbert"  wrote:
> * Juan Quintela (quint...@redhat.com) wrote:
>> Split the file into public and internal interfaces.  I have to rename
>> the external one because we can't have two include files with the same
>> name in the same directory.  Build system gets confused.  The only
>> exported functions are the ones that handle basic types.
>> 
>> Signed-off-by: Juan Quintela 
>
> Hmm, ok, but I'd like to make qemu-file-types.h private eventually;
> we're down to 193 qemu_put_b*'s outside of migration - of those 72 will
> go when Halil's set goes in.


Be my guest O:-)

I was just trying to make sure that the other stuff is not used outside.

Later, Juan.

Re: [Qemu-devel] [PATCH 4/4] spapr: Make DRC get_index and get_type methods into plain functions

[Laurent Vivier]

On 01/06/2017 03:52, David Gibson wrote:
> These two methods only have one implementation, and the spec they're
> implementing means any other implementation is unlikely, verging on
> impossible.
> 
> So replace them with simple functions.
> 
> Signed-off-by: David Gibson 

Reviewed-by: Laurent Vivier 

> ---
>  hw/ppc/spapr.c | 13 +++---
>  hw/ppc/spapr_drc.c | 61 
> ++
>  hw/ppc/spapr_events.c  | 10 +++-
>  hw/ppc/spapr_pci.c |  4 +--
>  include/hw/ppc/spapr_drc.h |  5 ++--
>  5 files changed, 41 insertions(+), 52 deletions(-)
> 
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index ab3aab1..5d10366 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -456,15 +456,13 @@ static void spapr_populate_cpu_dt(CPUState *cs, void 
> *fdt, int offset,
>  uint32_t pft_size_prop[] = {0, cpu_to_be32(spapr->htab_shift)};
>  int compat_smt = MIN(smp_threads, ppc_compat_max_threads(cpu));
>  sPAPRDRConnector *drc;
> -sPAPRDRConnectorClass *drck;
>  int drc_index;
>  uint32_t radix_AP_encodings[PPC_PAGE_SIZES_MAX_SZ];
>  int i;
>  
>  drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_CPU, index);
>  if (drc) {
> -drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
> -drc_index = drck->get_index(drc);
> +drc_index = spapr_drc_index(drc);
>  _FDT((fdt_setprop_cell(fdt, offset, "ibm,my-drc-index", drc_index)));
>  }
>  
> @@ -654,15 +652,13 @@ static int 
> spapr_populate_drconf_memory(sPAPRMachineState *spapr, void *fdt)
>  
>  if (i >= hotplug_lmb_start) {
>  sPAPRDRConnector *drc;
> -sPAPRDRConnectorClass *drck;
>  
>  drc = spapr_dr_connector_by_id(SPAPR_DR_CONNECTOR_TYPE_LMB, i);
>  g_assert(drc);
> -drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
>  
>  dynamic_memory[0] = cpu_to_be32(addr >> 32);
>  dynamic_memory[1] = cpu_to_be32(addr & 0x);
> -dynamic_memory[2] = cpu_to_be32(drck->get_index(drc));
> +dynamic_memory[2] = cpu_to_be32(spapr_drc_index(drc));
>  dynamic_memory[3] = cpu_to_be32(0); /* reserved */
>  dynamic_memory[4] = cpu_to_be32(numa_get_node(addr, NULL));
>  if (memory_region_present(get_system_memory(), addr)) {
> @@ -2560,7 +2556,7 @@ static void spapr_add_lmbs(DeviceState *dev, uint64_t 
> addr_start, uint64_t size,
>  drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
>  
> spapr_hotplug_req_add_by_count_indexed(SPAPR_DR_CONNECTOR_TYPE_LMB,
> nr_lmbs,
> -   drck->get_index(drc));
> +   spapr_drc_index(drc));
>  } else {
>  spapr_hotplug_req_add_by_count(SPAPR_DR_CONNECTOR_TYPE_LMB,
> nr_lmbs);
> @@ -2770,8 +2766,7 @@ static void spapr_memory_unplug_request(HotplugHandler 
> *hotplug_dev,
> addr_start / SPAPR_MEMORY_BLOCK_SIZE);
>  drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
>  spapr_hotplug_req_remove_by_count_indexed(SPAPR_DR_CONNECTOR_TYPE_LMB,
> -  nr_lmbs,
> -  drck->get_index(drc));
> +  nr_lmbs, spapr_drc_index(drc));
>  out:
>  error_propagate(errp, local_err);
>  }
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index 025453b..0c9a60d 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -70,7 +70,7 @@ static sPAPRDRConnectorTypeShift 
> get_type_shift(sPAPRDRConnectorType type)
>  return shift;
>  }
>  
> -static uint32_t get_index(sPAPRDRConnector *drc)
> +uint32_t spapr_drc_index(sPAPRDRConnector *drc)
>  {
>  /* no set format for a drc index: it only needs to be globally
>   * unique. this is how we encode the DRC type on bare-metal
> @@ -85,7 +85,7 @@ static uint32_t set_isolation_state(sPAPRDRConnector *drc,
>  {
>  sPAPRDRConnectorClass *drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
>  
> -trace_spapr_drc_set_isolation_state(get_index(drc), state);
> +trace_spapr_drc_set_isolation_state(spapr_drc_index(drc), state);
>  
>  if (state == SPAPR_DR_ISOLATION_STATE_UNISOLATED) {
>  /* cannot unisolate a non-existent resource, and, or resources
> @@ -126,11 +126,12 @@ static uint32_t set_isolation_state(sPAPRDRConnector 
> *drc,
>   * PAPR+ 2.7, 13.4
>   */
>  if (drc->awaiting_release) {
> +uint32_t drc_index = spapr_drc_index(drc);
>  if (drc->configured) {
> -
> trace_spapr_drc_set_isolation_state_finalizing(get_index(drc));
> +trace_spapr_drc_set_isolation_state_finalizing(drc_index);
>  drck->detach(drc, DEVICE(drc->dev), NULL);
>

Re: [Qemu-devel] [PATCH 3/4] spapr: Abolish DRC set_configured method

[Michael Roth]

Quoting David Gibson (2017-05-31 20:52:17)
> DRConnectorClass has a set_configured method, however:
>   * There is only one implementation, and only ever likely to be one
>   * There's exactly one caller, and that's (now) local
>   * The implementation is very straightforward
> 
> So abolish the method entirely, and just open-code what we need.  We also
> remove the tracepoints associated with it, since they don't look to be
> terribly useful.

Dropping the method makes sense, but the 'configured' state affects a
lot of the state-transitions throughout the code so I think it may
be useful to keep the traces.

> 
> Signed-off-by: David Gibson 
> ---
>  hw/ppc/spapr_drc.c | 20 
>  hw/ppc/trace-events|  2 --
>  include/hw/ppc/spapr_drc.h |  3 ---
>  3 files changed, 4 insertions(+), 21 deletions(-)
> 
> diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
> index f5b7b68..025453b 100644
> --- a/hw/ppc/spapr_drc.c
> +++ b/hw/ppc/spapr_drc.c
> @@ -199,18 +199,6 @@ static const char *get_name(sPAPRDRConnector *drc)
>  return drc->name;
>  }
> 
> -static void set_configured(sPAPRDRConnector *drc)
> -{
> -trace_spapr_drc_set_configured(get_index(drc));
> -
> -if (drc->isolation_state != SPAPR_DR_ISOLATION_STATE_UNISOLATED) {
> -/* guest should be not configuring an isolated device */
> -trace_spapr_drc_set_configured_skipping(get_index(drc));
> -return;
> -}
> -drc->configured = true;
> -}
> -
>  /* has the guest been notified of device attachment? */
>  static void set_signalled(sPAPRDRConnector *drc)
>  {
> @@ -745,7 +733,6 @@ static void spapr_dr_connector_class_init(ObjectClass *k, 
> void *data)
>  drck->get_index = get_index;
>  drck->get_type = get_type;
>  drck->get_name = get_name;
> -drck->set_configured = set_configured;
>  drck->entity_sense = entity_sense;
>  drck->attach = attach;
>  drck->detach = detach;
> @@ -1113,7 +1100,6 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  uint64_t wa_offset;
>  uint32_t drc_index;
>  sPAPRDRConnector *drc;
> -sPAPRDRConnectorClass *drck;
>  sPAPRConfigureConnectorState *ccs;
>  sPAPRDRCCResponse resp = SPAPR_DR_CC_RESPONSE_CONTINUE;
>  int rc;
> @@ -1133,7 +1119,6 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  goto out;
>  }
> 
> -drck = SPAPR_DR_CONNECTOR_GET_CLASS(drc);
>  if (!drc->fdt) {
>  trace_spapr_rtas_ibm_configure_connector_missing_fdt(drc_index);
>  rc = SPAPR_DR_CC_RESPONSE_NOT_CONFIGURABLE;
> @@ -1170,10 +1155,13 @@ static void rtas_ibm_configure_connector(PowerPCCPU 
> *cpu,
>  case FDT_END_NODE:
>  ccs->fdt_depth--;
>  if (ccs->fdt_depth == 0) {
> +sPAPRDRIsolationState state = drc->isolation_state;
>  /* done sending the device tree, don't need to track
>   * the state anymore
>   */
> -drck->set_configured(drc);
> +if (state == SPAPR_DR_ISOLATION_STATE_UNISOLATED) {
> +drc->configured = true;
> +}
>  spapr_ccs_remove(spapr, ccs);
>  ccs = NULL;
>  resp = SPAPR_DR_CC_RESPONSE_SUCCESS;
> diff --git a/hw/ppc/trace-events b/hw/ppc/trace-events
> index 43d265f..96ffc02 100644
> --- a/hw/ppc/trace-events
> +++ b/hw/ppc/trace-events
> @@ -42,8 +42,6 @@ spapr_drc_set_isolation_state_deferring(uint32_t index) 
> "drc: 0x%"PRIx32
>  spapr_drc_set_indicator_state(uint32_t index, int state) "drc: 0x%"PRIx32", 
> state: 0x%x"
>  spapr_drc_set_allocation_state(uint32_t index, int state) "drc: 0x%"PRIx32", 
> state: 0x%x"
>  spapr_drc_set_allocation_state_finalizing(uint32_t index) "drc: 0x%"PRIx32
> -spapr_drc_set_configured(uint32_t index) "drc: 0x%"PRIx32
> -spapr_drc_set_configured_skipping(uint32_t index) "drc: 0x%"PRIx32", 
> isolated device"
>  spapr_drc_entity_sense(uint32_t index, int state) "drc: 0x%"PRIx32", state: 
> 0x%x"
>  spapr_drc_attach(uint32_t index) "drc: 0x%"PRIx32
>  spapr_drc_detach(uint32_t index) "drc: 0x%"PRIx32
> diff --git a/include/hw/ppc/spapr_drc.h b/include/hw/ppc/spapr_drc.h
> index 80db955..90f4953 100644
> --- a/include/hw/ppc/spapr_drc.h
> +++ b/include/hw/ppc/spapr_drc.h
> @@ -177,9 +177,6 @@ typedef struct sPAPRDRConnectorClass {
> 
>  uint32_t (*entity_sense)(sPAPRDRConnector *drc, sPAPRDREntitySense 
> *state);
> 
> -/* QEMU interfaces for managing FDT/configure-connector */
> -void (*set_configured)(sPAPRDRConnector *drc);
> -
>  /* QEMU interfaces for managing hotplug operations */
>  void (*attach)(sPAPRDRConnector *drc, DeviceState *d, void *fdt,
> int fdt_start_offset, bool coldplug, Error **errp);
> -- 
> 2.9.4
> 
> 

Re: [Qemu-devel] [PULL 00/15] Misc linux-user updates

[Peter Maydell]

On 31 May 2017 at 14:08,   wrote:
> From: Riku Voipio 
>
> The following changes since commit 9964e96dccf7f7c936ee854a795415d19b60:
>
>   Merge remote-tracking branch 'jasowang/tags/net-pull-request' into staging 
> (2017-05-23 15:01:31 +0100)
>
> are available in the git repository at:
>
>   git://git.linaro.org/people/riku.voipio/qemu.git 
> tags/pull-linux-user-20170531
>
> for you to fetch changes up to ba9fcea1cb6d80536f780760d870416fe5b85863:
>
>   linux-user: add strace support for uinfo structure of rt_sigqueueinfo() and 
> rt_tgsigqueueinfo() (2017-05-29 14:56:09 +0300)
>
> 
> Misc linux-user updates
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [Qemu-ppc] [PATCH 0/4] spapr:DRC cleanups (part I)

[Daniel Henrique Barboza]

On 06/01/2017 02:30 AM, David Gibson wrote:

On Wed, May 31, 2017 at 11:25:41PM -0500, Michael Roth wrote:

Quoting Bharata B Rao (2017-05-31 23:06:46)

On Thu, Jun 01, 2017 at 11:52:14AM +1000, David Gibson wrote:

The code managing DRCs[0] has quite a few things that are more
complicated than they need to be.  In particular the object
representing a DRC has a bunch of method pointers, despite the fact
that there are currently no subclasses, and even if there were the
method implementations would be unlikely to differ.

So you are getting rid of a few methods. How about other methods ?
Specially attach and detach which have incorporated all the logic needed
to handle logical and physical DRs into their implementations ?

I would avoid any methods that incorporate special-casing for
physical vs. logical DRCs, since that seems like a good logical
starting point for moving to 'physical'/'logical' DRC
sub-classes to help simplify the increasingly complicated
state-tracking.

Right, I'm looking at making subclasses for each of the DRC types.
Possibly with intermediate subclasses for physical vs. logical, we'll
see how it works out.


Back in the DRC migration patch series I talked with Mike about refactoring
the DRC code in such fashion (physical DRC and logical DRC). But first I 
would

implement some kind of unit testing in this code to avoid breaking too much
stuff during this refactoring.

I am not sure about the effort to implementing unit test in the current 
DRC code.
This series is simplifying the DRC code, making it more minimalist and 
possibly
easier to be tested. In the end it would be a first step towards unit 
testing.


However, there is the issue of backward compatibility. I fear this DRC 
refactoring

of Logical/Physical DRC would be too drastic to maintain such compatibility
(assuming that it is not already broken). If this refactor goes live 
only in 2.11 then

we will have a hard time to migrate from 2.11 to 2.10.

All that said, I believe we can live without unit testing for a little 
longer and if
we're going for this Physical/DRC refactoring, we need to push it for 
2.10. We can
think about unit test later with the refactored code. Feel free to send 
to me any

unfinished/beta DRC refactoring code you might be working on and want
tested. I can help in the refactoring too, just let me know.


Daniel





I also don't think we should expose DRC internal fields to
outside callers (which attach/detach would involve).

Well.. just changing attach/detach to plain functions instead of
methods wouldn't break that.


This
series does that to some extent with the RTAS calls, but
since those are now moved to spapr_drc.c it makes more sense.

Right - the semantics of the RTAS calls are tied closely to the DRC
semantics, so I don't think there's any point considering the RTAS
calls to be "outside" the DRC code itself.

Re: [Qemu-devel] [Qemu-ppc] [PATCHv4 3/5] pseries: Move CPU compatibility property to machine

[Greg Kurz]

On Thu, 1 Jun 2017 22:24:47 +1000
David Gibson  wrote:
[...]
> > 
> > Yeah. This basically does:
> > 
> > inpieces[i + 1] = inpieces[i];
> > 
> > and we end up overwriting the terminal NULL pointer with a non-NULL
> > pointer.
> > 
> > What about simplifying the loop to:
> > 
> > /* inpieces[0] is the actual model string */
> > i = 1;
> > while (inpieces[i]) {
> > if (g_str_has_prefix(inpieces[i], "compat=")) {
> > /* in case of multiple compat= optipons */
> > g_free(compat_str);
> > compat_str = inpieces[i];
> > /* Excise compat options from list */
> > inpieces[i] = inpieces[i + 1];
> > }
> > i++;
> > }  
> 
> No.. that would duplicate the entry after the compat=, instead of
> properly excising it.  I've already fixed this for my next draft.
> 

D'oh you're right... sorry for the noise :)


pgpIjpbwBS20Z.pgp
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v2 2/4] gdbstub: rename cpu_index -> cpu_gdb_index

[Claudio Imbrenda]

On Thu,  1 Jun 2017 15:49:13 +0100
Alex Bennée  wrote:

> This is to make it clear the index is purely a gdbstub function and
> should not be confused with the value of cpu->cpu_index.
> 
> Signed-off-by: Alex Bennée 
> ---
>  gdbstub.c  | 12 ++--
>  include/exec/gdbstub.h |  7 ++-
>  2 files changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/gdbstub.c b/gdbstub.c
> index a249846954..026d1fe6bb 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -837,7 +837,7 @@ static CPUState *find_cpu(uint32_t thread_id)
>  CPUState *cpu;
> 
>  CPU_FOREACH(cpu) {
> -if (cpu_index(cpu) == thread_id) {
> +if (cpu_gdb_index(cpu) == thread_id) {
>  return cpu;
>  }
>  }
> @@ -925,7 +925,7 @@ static int gdb_handle_vcont(GDBState *s, const
> char *p) idx = tmp;
>  /* 0 means any thread, so we pick the first valid CPU */
>  if (!idx) {
> -idx = cpu_index(first_cpu);
> +idx = cpu_gdb_index(first_cpu);
>  }
> 
>  /*
> @@ -975,7 +975,7 @@ static int gdb_handle_packet(GDBState *s, const
> char *line_buf) case '?':
>  /* TODO: Make this return the correct value for user-mode.
> */ snprintf(buf, sizeof(buf), "T%02xthread:%02x;", GDB_SIGNAL_TRAP,
> - cpu_index(s->c_cpu));
> + cpu_gdb_index(s->c_cpu));
>  put_packet(s, buf);
>  /* Remove all the breakpoints when this query is issued,
>   * because gdb is doing and initial connect and the state
> @@ -1243,7 +1243,7 @@ static int gdb_handle_packet(GDBState *s, const
> char *line_buf) } else if (strcmp(p,"sThreadInfo") == 0) {
>  report_cpuinfo:
>  if (s->query_cpu) {
> -snprintf(buf, sizeof(buf), "m%x",
> cpu_index(s->query_cpu));
> +snprintf(buf, sizeof(buf), "m%x",
> cpu_gdb_index(s->query_cpu)); put_packet(s, buf);
>  s->query_cpu = CPU_NEXT(s->query_cpu);
>  } else
> @@ -1400,7 +1400,7 @@ static void gdb_vm_state_change(void *opaque,
> int running, RunState state) }
>  snprintf(buf, sizeof(buf),
>   "T%02xthread:%02x;%swatch:" TARGET_FMT_lx ";",
> - GDB_SIGNAL_TRAP, cpu_index(cpu), type,
> + GDB_SIGNAL_TRAP, cpu_gdb_index(cpu), type,
>   (target_ulong)cpu->watchpoint_hit->vaddr);
>  cpu->watchpoint_hit = NULL;
>  goto send_packet;
> @@ -1434,7 +1434,7 @@ static void gdb_vm_state_change(void *opaque,
> int running, RunState state) break;
>  }
>  gdb_set_stop_cpu(cpu);
> -snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret,
> cpu_index(cpu));
> +snprintf(buf, sizeof(buf), "T%02xthread:%02x;", ret,
> cpu_gdb_index(cpu));
> 
>  send_packet:
>  put_packet(s, buf);
> diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
> index f9708bbcd6..c4fe567600 100644
> --- a/include/exec/gdbstub.h
> +++ b/include/exec/gdbstub.h
> @@ -58,7 +58,12 @@ void gdb_register_coprocessor(CPUState *cpu,
>gdb_reg_cb get_reg, gdb_reg_cb set_reg,
>int num_regs, const char *xml, int
> g_pos);
> 
> -static inline int cpu_index(CPUState *cpu)
> +/* Return the GDB index for a given vCPU state.
> + *
> + * For user mode this is simply the thread id. In system mode GDB
> + * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
> + */
> +static inline int cpu_gdb_index(CPUState *cpu)
>  {
>  #if defined(CONFIG_USER_ONLY)
>  return cpu->host_tid;

I like this solution

Reviewed-by: Claudio Imbrenda 

Re: [Qemu-devel] [PATCH v2 07/10] migration: Export rdma.c functions in its own file

[Dr. David Alan Gilbert]

* Juan Quintela (quint...@redhat.com) wrote:
> "Dr. David Alan Gilbert"  wrote:
> > * Juan Quintela (quint...@redhat.com) wrote:
> >> Signed-off-by: Juan Quintela 
> >> ---
> >>  include/migration/migration.h |  4 
> >>  migration/migration.c |  1 +
> >>  migration/rdma.c  |  1 +
> >>  migration/rdma.h  | 25 +
> >>  4 files changed, 27 insertions(+), 4 deletions(-)
> >>  create mode 100644 migration/rdma.h
> >> 
> >> diff --git a/include/migration/migration.h b/include/migration/migration.h
> >> index 29fda5b..8d29bc9 100644
> >> --- a/include/migration/migration.h
> >> +++ b/include/migration/migration.h
> >> @@ -153,10 +153,6 @@ void qemu_start_incoming_migration(const char
> >> *uri, Error **errp);
> >>  
> >>  uint64_t migrate_max_downtime(void);
> >>  
> >> -void rdma_start_outgoing_migration(void *opaque, const char
> >> *host_port, Error **errp);
> >> -
> >> -void rdma_start_incoming_migration(const char *host_port, Error **errp);
> >> -
> >>  void migrate_fd_error(MigrationState *s, const Error *error);
> >>  
> >>  void migrate_fd_connect(MigrationState *s);
> >> diff --git a/migration/migration.c b/migration/migration.c
> >> index 6e11db2..3face58 100644
> >> --- a/migration/migration.c
> >> +++ b/migration/migration.c
> >> @@ -21,6 +21,7 @@
> >>  #include "exec.h"
> >>  #include "fd.h"
> >>  #include "socket.h"
> >> +#include "rdma.h"
> >>  #include "migration/migration.h"
> >>  #include "savevm.h"
> >>  #include "qemu-file-channel.h"
> >> diff --git a/migration/rdma.c b/migration/rdma.c
> >> index 4cb5bf8..fab30ea 100644
> >> --- a/migration/rdma.c
> >> +++ b/migration/rdma.c
> >> @@ -17,6 +17,7 @@
> >>  #include "qapi/error.h"
> >>  #include "qemu-common.h"
> >>  #include "qemu/cutils.h"
> >> +#include "rdma.h"
> >>  #include "migration/migration.h"
> >>  #include "qemu-file.h"
> >>  #include "exec/cpu-common.h"
> >> diff --git a/migration/rdma.h b/migration/rdma.h
> >> new file mode 100644
> >> index 000..de2ba09
> >> --- /dev/null
> >> +++ b/migration/rdma.h
> >> @@ -0,0 +1,25 @@
> >> +/*
> >> + * RDMA protocol and interfaces
> >> + *
> >> + * Copyright IBM, Corp. 2010-2013
> >> + * Copyright Red Hat, Inc. 2015-2016
> >> + *
> >> + * Authors:
> >> + *  Michael R. Hines 
> >> + *  Jiuxing Liu 
> >> + *  Daniel P. Berrange 
> >> + *
> >> + * This work is licensed under the terms of the GNU GPL, version 2 or
> >> + * later.  See the COPYING file in the top-level directory.
> >> + *
> >> + */
> >
> > Hmm, are we allowed to v2-or-later that?  migration.h is v2
> 
> That is the header file of rdma.c
> 
> And we only have two functions exported from that file, so I think that
> it is a safe assumption that they are covered by that copyright.

OK, that's fair:



Reviewed-by: Dr. David Alan Gilbert 

> Later, Juan.
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v2 3/4] qom/cpu: remove host_tid field

[Philippe Mathieu-Daudé]

On 06/01/2017 11:49 AM, Alex Bennée wrote:

This was only used by the gdbstub and even then was only being set for
subsequent threads. Rather the continue duplicating the number just
make the gdbstub get the information from TaskState structure.

Now the tid is correctly reported for all threads the bug I was seeing
with "vCont;C04:0;c" packets is fixed as the correct tid is reported
to gdb.

I moved cpu_gdb_index into the gdbstub to facilitate easy access to
the TaskState which is used elsewhere in gdbstub.

Signed-off-by: Alex Bennée 


Reviewed-by: Philippe Mathieu-Daudé 


---
 gdbstub.c  | 15 +++
 include/exec/gdbstub.h | 14 --
 include/qom/cpu.h  |  2 --
 linux-user/syscall.c   |  1 -
 4 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index 026d1fe6bb..45a3a0b16b 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -55,6 +55,21 @@ static inline int target_memory_rw_debug(CPUState *cpu, 
target_ulong addr,
 return cpu_memory_rw_debug(cpu, addr, buf, len, is_write);
 }

+/* Return the GDB index for a given vCPU state.
+ *
+ * For user mode this is simply the thread id. In system mode GDB
+ * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
+ */
+static inline int cpu_gdb_index(CPUState *cpu)
+{
+#if defined(CONFIG_USER_ONLY)
+TaskState *ts = (TaskState *) cpu->opaque;
+return ts->ts_tid;
+#else
+return cpu->cpu_index + 1;
+#endif
+}
+
 enum {
 GDB_SIGNAL_0 = 0,
 GDB_SIGNAL_INT = 2,
diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index c4fe567600..9aa7756d92 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -58,20 +58,6 @@ void gdb_register_coprocessor(CPUState *cpu,
   gdb_reg_cb get_reg, gdb_reg_cb set_reg,
   int num_regs, const char *xml, int g_pos);

-/* Return the GDB index for a given vCPU state.
- *
- * For user mode this is simply the thread id. In system mode GDB
- * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
- */
-static inline int cpu_gdb_index(CPUState *cpu)
-{
-#if defined(CONFIG_USER_ONLY)
-return cpu->host_tid;
-#else
-return cpu->cpu_index + 1;
-#endif
-}
-
 /* The GDB remote protocol transfers values in target byte order.  This means
  * we can use the raw memory access routines to access the value buffer.
  * Conveniently, these also handle the case where the buffer is mis-aligned.
diff --git a/include/qom/cpu.h b/include/qom/cpu.h
index 55214ce131..909e7ae994 100644
--- a/include/qom/cpu.h
+++ b/include/qom/cpu.h
@@ -266,7 +266,6 @@ struct qemu_work_item;
  * @nr_cores: Number of cores within this CPU package.
  * @nr_threads: Number of threads within this CPU.
  * @numa_node: NUMA node this CPU is belonging to.
- * @host_tid: Host thread ID.
  * @running: #true if CPU is currently running (lockless).
  * @has_waiter: #true if a CPU is currently waiting for the cpu_exec_end;
  * valid under cpu_list_lock.
@@ -321,7 +320,6 @@ struct CPUState {
 HANDLE hThread;
 #endif
 int thread_id;
-uint32_t host_tid;
 bool running, has_waiter;
 struct QemuCond *halt_cond;
 bool thread_kicked;
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index cec8428589..cada188e58 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6216,7 +6216,6 @@ static void *clone_func(void *arg)
 thread_cpu = cpu;
 ts = (TaskState *)cpu->opaque;
 info->tid = gettid();
-cpu->host_tid = info->tid;
 task_settid(ts);
 if (info->child_tidptr)
 put_user_u32(info->tid, info->child_tidptr);

Re: [Qemu-devel] [PATCH v2 4/4] gdbstub: don't fail on vCont; C04:0; c packets

[Philippe Mathieu-Daudé]

On 06/01/2017 11:49 AM, Alex Bennée wrote:

The thread-id of 0 means any CPU but we then ignore the fact we find
the first_cpu in this case who can have an index of 0. Instead of
bailing out just test if we have managed to match up thread-id to a
CPU.

Otherwise you get:
  gdb_handle_packet: command='vCont;C04:0;c'
  put_packet: reply='E22'

The actual reason for gdb sending vCont;C04:0;c was fixed in a
previous commit where we ensure the first_cpu's tid is correctly
reported to gdb however we should still behave correctly next time it
does send 0.

Signed-off-by: Alex Bennée 
Reviewed-by: Greg Kurz 


Reviewed-by: Philippe Mathieu-Daudé 



---
v2
  - used Greg's less convoluted suggestion
  - expand commit message
---
 gdbstub.c | 15 ---
 1 file changed, 4 insertions(+), 11 deletions(-)

diff --git a/gdbstub.c b/gdbstub.c
index 45a3a0b16b..6b1e72e9f7 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -937,23 +937,16 @@ static int gdb_handle_vcont(GDBState *s, const char *p)
 if (res) {
 goto out;
 }
-idx = tmp;
+
 /* 0 means any thread, so we pick the first valid CPU */
-if (!idx) {
-idx = cpu_gdb_index(first_cpu);
-}
+cpu = tmp ? find_cpu(tmp) : first_cpu;

-/*
- * If we are in user mode, the thread specified is actually a
- * thread id, and not an index. We need to find the actual
- * CPU first, and only then we can use its index.
- */
-cpu = find_cpu(idx);
 /* invalid CPU/thread specified */
-if (!idx || !cpu) {
+if (!cpu) {
 res = -EINVAL;
 goto out;
 }
+
 /* only use if no previous match occourred */
 if (newstates[cpu->cpu_index] == 1) {
 newstates[cpu->cpu_index] = cur_action;

Re: [Qemu-devel] [PATCH v2 3/4] qom/cpu: remove host_tid field

[Claudio Imbrenda]

On Thu, 1 Jun 2017 17:32:13 +0200
Greg Kurz  wrote:

> On Thu,  1 Jun 2017 15:49:14 +0100
> Alex Bennée  wrote:
> 
> > This was only used by the gdbstub and even then was only being set
> > for subsequent threads. Rather the continue duplicating the number
> > just make the gdbstub get the information from TaskState structure.
> > 
> > Now the tid is correctly reported for all threads the bug I was
> > seeing with "vCont;C04:0;c" packets is fixed as the correct tid is
> > reported to gdb.
> > 
> > I moved cpu_gdb_index into the gdbstub to facilitate easy access to
> > the TaskState which is used elsewhere in gdbstub.
> >   
> 
> FWIW, this change would make more sense in patch 2 since all users
> are in gdbstub.c and it would avoid to change things twice. No big
> deal compared to the benefit of dropping the broken @host_tid :)

I agree with this

> > Signed-off-by: Alex Bennée 
> > ---  
> 
> In any case.
> 
> Reviewed-by: Greg Kurz 

and me too

Reviewed-by: Claudio Imbrenda 
 
> >  gdbstub.c  | 15 +++
> >  include/exec/gdbstub.h | 14 --
> >  include/qom/cpu.h  |  2 --
> >  linux-user/syscall.c   |  1 -
> >  4 files changed, 15 insertions(+), 17 deletions(-)
> > 
> > diff --git a/gdbstub.c b/gdbstub.c
> > index 026d1fe6bb..45a3a0b16b 100644
> > --- a/gdbstub.c
> > +++ b/gdbstub.c
> > @@ -55,6 +55,21 @@ static inline int
> > target_memory_rw_debug(CPUState *cpu, target_ulong addr, return
> > cpu_memory_rw_debug(cpu, addr, buf, len, is_write); }
> >  
> > +/* Return the GDB index for a given vCPU state.
> > + *
> > + * For user mode this is simply the thread id. In system mode GDB
> > + * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
> > + */
> > +static inline int cpu_gdb_index(CPUState *cpu)
> > +{
> > +#if defined(CONFIG_USER_ONLY)
> > +TaskState *ts = (TaskState *) cpu->opaque;
> > +return ts->ts_tid;
> > +#else
> > +return cpu->cpu_index + 1;
> > +#endif
> > +}
> > +
> >  enum {
> >  GDB_SIGNAL_0 = 0,
> >  GDB_SIGNAL_INT = 2,
> > diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
> > index c4fe567600..9aa7756d92 100644
> > --- a/include/exec/gdbstub.h
> > +++ b/include/exec/gdbstub.h
> > @@ -58,20 +58,6 @@ void gdb_register_coprocessor(CPUState *cpu,
> >gdb_reg_cb get_reg, gdb_reg_cb
> > set_reg, int num_regs, const char *xml, int g_pos);
> >  
> > -/* Return the GDB index for a given vCPU state.
> > - *
> > - * For user mode this is simply the thread id. In system mode GDB
> > - * numbers CPUs from 1 as 0 is reserved as an "any cpu" index.
> > - */
> > -static inline int cpu_gdb_index(CPUState *cpu)
> > -{
> > -#if defined(CONFIG_USER_ONLY)
> > -return cpu->host_tid;
> > -#else
> > -return cpu->cpu_index + 1;
> > -#endif
> > -}
> > -
> >  /* The GDB remote protocol transfers values in target byte order.
> > This means
> >   * we can use the raw memory access routines to access the value
> > buffer.
> >   * Conveniently, these also handle the case where the buffer is
> > mis-aligned. diff --git a/include/qom/cpu.h b/include/qom/cpu.h
> > index 55214ce131..909e7ae994 100644
> > --- a/include/qom/cpu.h
> > +++ b/include/qom/cpu.h
> > @@ -266,7 +266,6 @@ struct qemu_work_item;
> >   * @nr_cores: Number of cores within this CPU package.
> >   * @nr_threads: Number of threads within this CPU.
> >   * @numa_node: NUMA node this CPU is belonging to.
> > - * @host_tid: Host thread ID.
> >   * @running: #true if CPU is currently running (lockless).
> >   * @has_waiter: #true if a CPU is currently waiting for the
> > cpu_exec_end;
> >   * valid under cpu_list_lock.
> > @@ -321,7 +320,6 @@ struct CPUState {
> >  HANDLE hThread;
> >  #endif
> >  int thread_id;
> > -uint32_t host_tid;
> >  bool running, has_waiter;
> >  struct QemuCond *halt_cond;
> >  bool thread_kicked;
> > diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> > index cec8428589..cada188e58 100644
> > --- a/linux-user/syscall.c
> > +++ b/linux-user/syscall.c
> > @@ -6216,7 +6216,6 @@ static void *clone_func(void *arg)
> >  thread_cpu = cpu;
> >  ts = (TaskState *)cpu->opaque;
> >  info->tid = gettid();
> > -cpu->host_tid = info->tid;
> >  task_settid(ts);
> >  if (info->child_tidptr)
> >  put_user_u32(info->tid, info->child_tidptr);  
> 

Re: [Qemu-devel] [PATCH v2 4/4] gdbstub: don't fail on vCont; C04:0; c packets

[Claudio Imbrenda]

On Thu,  1 Jun 2017 15:49:15 +0100
Alex Bennée  wrote:

> The thread-id of 0 means any CPU but we then ignore the fact we find
> the first_cpu in this case who can have an index of 0. Instead of
> bailing out just test if we have managed to match up thread-id to a
> CPU.
> 
> Otherwise you get:
>   gdb_handle_packet: command='vCont;C04:0;c'
>   put_packet: reply='E22'
> 
> The actual reason for gdb sending vCont;C04:0;c was fixed in a
> previous commit where we ensure the first_cpu's tid is correctly
> reported to gdb however we should still behave correctly next time it
> does send 0.
> 
> Signed-off-by: Alex Bennée 
> Reviewed-by: Greg Kurz 
> 
> ---
> v2
>   - used Greg's less convoluted suggestion
>   - expand commit message
> ---
>  gdbstub.c | 15 ---
>  1 file changed, 4 insertions(+), 11 deletions(-)
> 
> diff --git a/gdbstub.c b/gdbstub.c
> index 45a3a0b16b..6b1e72e9f7 100644
> --- a/gdbstub.c
> +++ b/gdbstub.c
> @@ -937,23 +937,16 @@ static int gdb_handle_vcont(GDBState *s, const
> char *p) if (res) {
>  goto out;
>  }
> -idx = tmp;
> +
>  /* 0 means any thread, so we pick the first valid CPU */
> -if (!idx) {
> -idx = cpu_gdb_index(first_cpu);
> -}
> +cpu = tmp ? find_cpu(tmp) : first_cpu;
> 
> -/*
> - * If we are in user mode, the thread specified is
> actually a
> - * thread id, and not an index. We need to find the
> actual
> - * CPU first, and only then we can use its index.
> - */
> -cpu = find_cpu(idx);
>  /* invalid CPU/thread specified */
> -if (!idx || !cpu) {
> +if (!cpu) {
>  res = -EINVAL;
>  goto out;
>  }
> +
>  /* only use if no previous match occourred */
>  if (newstates[cpu->cpu_index] == 1) {
>  newstates[cpu->cpu_index] = cur_action;


Reviewed-by: Claudio Imbrenda 

Re: [Qemu-devel] [PATCH v2 06/10] migration: Export tls.c functions in its own file

[Dr. David Alan Gilbert]

* Juan Quintela (quint...@redhat.com) wrote:
> "Dr. David Alan Gilbert"  wrote:
> > * Juan Quintela (quint...@redhat.com) wrote:
> >> Just for the functions exported from tls.c.  Notice that we can't
> >> remove the migration/migration.h include from tls.c because it access
> >> directly MigrationState for the tls params.
> 
> >> +++ b/migration/tls.h
> >> @@ -0,0 +1,34 @@
> >> +/*
> >> + * QEMU migration TLS support
> >> + *
> >> + * Copyright (c) 2015 Red Hat, Inc.
> >> + *
> >> + * This library is free software; you can redistribute it and/or
> >> + * modify it under the terms of the GNU Lesser General Public
> >> + * License as published by the Free Software Foundation; either
> >> + * version 2 of the License, or (at your option) any later version.
> >> + *
> >> + * This library is distributed in the hope that it will be useful,
> >> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> >> + * Lesser General Public License for more details.
> >> + *
> >> + * You should have received a copy of the GNU Lesser General Public
> >> + * License along with this library; if not, see 
> >> .
> >> + *
> >> + */
> >
> > Can you clarify why this is LGPLv2 or later please?
> > Is this to follow the io/* rather than the migration/migration.h it came
> > out of.
> 
> THis is the license of tls.c
> 
> And this are only the two functions that are exported from that file, so
> 
> 
> And anyways, this code is posterior to the cut-off when everything new
> is GPL2 or later.
> 
> Or I am missing something?

No, that's fair, I was following migration.h rather than the .c, but
that's OK.

Dave

> Later, Juan.
> 
> 
> >
> > Anyway, I did see Dan's post saying it was OK to update licenses, but
> > it's worth a comment in the commit message as to why.
> >
> > Reviewed-by: Dr. David Alan Gilbert 
> >
> >
> > Dave
> >
> >> +
> >> +#ifndef QEMU_MIGRATION_TLS_H
> >> +#define QEMU_MIGRATION_TLS_H
> >> +
> >> +#include "io/channel.h"
> >> +
> >> +void migration_tls_channel_process_incoming(MigrationState *s,
> >> +QIOChannel *ioc,
> >> +Error **errp);
> >> +
> >> +void migration_tls_channel_connect(MigrationState *s,
> >> +   QIOChannel *ioc,
> >> +   const char *hostname,
> >> +   Error **errp);
> >> +#endif
> >> -- 
> >> 2.9.4
> >> 
> > --
> > Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK