Re: [Qemu-devel] [PATCH] tcg: Avoid setting tcg_initialize if !CONFIG_TCG

[Peter Maydell]

On 26 October 2017 at 14:58, Richard Henderson
 wrote:
> Fix the build for --disable-tcg.
>
> Fixes: 55c3ceef61fcf06fc98ddc752b7cce788ce7680b
> Signed-off-by: Richard Henderson 
> ---
>  target/arm/cpu.c| 2 ++
>  target/i386/cpu.c   | 2 ++
>  target/mips/cpu.c   | 2 ++
>  target/ppc/translate_init.c | 2 ++
>  target/s390x/cpu.c  | 2 ++
>  5 files changed, 10 insertions(+)
>

Applied to master as a buildfix, thanks.

-- PMM

Re: [Qemu-devel] Qemu start VM in huge page without '-mem-prealloc' will get memory leak?

[Daniel P. Berrange]

On Fri, Oct 27, 2017 at 11:28:33AM +0800, Sam wrote:
> After restart ovs-dpdk(which is openvswitch with dpdk lib), memory is
> released.
> 
> But problem is in product environment, I could not restart ovs-dpdk..

This is a clear bug in ovs-dpdk then - it is failing to release memory
when QEMU exits.


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH] build: allow automatic git submodule updates to be disabled

[Daniel P. Berrange]

On Fri, Oct 27, 2017 at 03:10:17PM +1100, Alexey Kardashevskiy wrote:
> On 27/10/17 00:33, Philippe Mathieu-Daudé wrote:
> > On 10/26/2017 10:04 AM, Daniel P. Berrange wrote:
> >> Some people building QEMU use VPATH builds where the source directory is 
> >> on a
> >> read-only volume. In such a case 'scripts/git-submodules.sh update' will 
> >> always
> >> fail and users are required to run it manually themselves on their original
> >> writable source directory.
> >>
> >> While this is already supported, it is nice to give users a command line 
> >> flag
> >> to configure to permanently disable automatic submodule updates, as it 
> >> means
> >> they won't get hard to diagnose failures from git-submodules.sh at an 
> >> arbitrary
> >> later date.
> >>
> >> This patch thus introduces a flag '--disable-git-update' which will prevent
> >> 'make' from ever running 'scripts/git-submodules.sh update'. It will still 
> >> run
> >> the 'status' command to determine if a submodule update is needed, but 
> >> when it
> >> does this it'll simply stop and print a message instructing the developer 
> >> what
> >> todo. eg
> >>
> >> $ ./configure  --target-list=x86_64-softmmu --disable-git-update
> >> ...snip...
> >>
> >> $ make
> >>   GEN config-host.h
> >>   GEN trace/generated-tcg-tracers.h
> >>   GEN trace/generated-helpers-wrappers.h
> >>   GEN trace/generated-helpers.h
> >>   GEN trace/generated-helpers.c
> >>   GEN module_block.h
> >>
> >> GIT submodule checkout is out of date. Please run
> >>   scripts/git-submodule.sh update ui/keycodemapdb
> >> from the source directory checkout /home/berrange/src/virt/qemu
> > 
> > Clean :)
> > 
> >>
> >> make: *** [Makefile:31: git-submodule-update] Error 1
> >>
> >> Signed-off-by: Daniel P. Berrange 
> > 
> > Reviewed-by: Philippe Mathieu-Daudé 
> 
> 
> What tree did you apply on top of? Does not apply for me :-/

Oh sorry, I forgot that it was on-top of my previously sent patch:

https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg05054.html

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] iotest 194 fails on vhdx

[Jeff Cody]

On Wed, Oct 25, 2017 at 05:06:37PM +1100, Alexey Kardashevskiy wrote:
> On 25/10/17 15:29, Alexey Kardashevskiy wrote:
> > Hi!
> > 
> > The latest QEMU fails on:
> > tests/qemu-iotests/check -vhdx 194
> 
> 
> Bit more details:
> 
> 1. the assert started appearing from
> https://git.qemu.org/?p=qemu.git;a=commit;h=09e0c771e47 - this one just
> added the assert;
> 
> 2. if removed, then another assert alerts:
> qemu-system-ppc64: /home/aik/p/qemu/block/io.c:1423: bdrv_aligned_pwritev:
> Assertion `child->perm & BLK_PERM_WRITE' failed.
> 
> child->perm == 1 when this happens.
> 
> Any clues?
> 

Yes - what is happening is that if the VHDX image file is open RDWR, we
update the VHDX header.  However, since we are INMIGRATE, the
underlying file bs is marked as INACTIVE, and we are caught by the assert.


However, per the spec the header file and data guids only need to be updated
before the first modification is made.  We already have a latching call to
update the headers on the first write to the VHDX image (in vhdx_co_writev),
so the call to vhdx_update_headers() in vhdx_open() is a bug, and can be
removed.

Once that is fixed, 194 still fails for VHDX, but it doesn't crash.  The
failure is expected, because VHDX does not support migration (VMDK fails the
same way).  So test 194 should also be updated to exclude image formats that
set migration blockers.

(Patches sent)

-Jeff

> > 
> > 
> > /home/aik/pbuild/qemu-aikhostos2-ppc64-softmmu-debug-build/ppc64-softmmu/qemu-system-ppc64
> > \
> >  -chardev socket,id=mon,path=/home/aik/qemudest-monitor.sock \
> >  -mon chardev=mon,mode=control \
> >  -display none \
> >  -vga none \
> >  -machine accel=qtest \
> >  -nodefaults \
> >  -incoming unix:/home/aik/qemu-migration.sock \
> >  -drive 
> > if=virtio,id=drive0,file=/home/aik/dest.img,format=vhdx,cache=writeback
> > 
> > 
> > GDB says it is assert(!(bs->open_flags & BDRV_O_INACTIVE)). The very same
> > test passes with a qcow2 image. Does it look any familiar to anyone? Where
> > to start digging from? Thanks.
> > 
> > 
> > 
> > (gdb) r
> > Starting program:
> > /home/aik/pbuild/qemu-aikhostos2-ppc64-softmmu-debug-build/ppc64-softmmu/qemu-system-ppc64
> > -chardev socket,id=mon,path=/home/a
> > ik/qemudest-monitor.sock -mon chardev=mon,mode=control -display none -vga
> > none -machine accel=qtest -nodefaults -incoming unix:/home/aik/qemu-mi
> > gration.sock -drive
> > if=virtio,id=drive0,file=/home/aik/dest.img,format=vhdx,cache=writeback
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib64/libthread_db.so.1".
> > [New Thread 0x7698eb80 (LWP 70705)]
> > [New Thread 0x7607eb80 (LWP 70706)]
> > qemu-system-ppc64: /home/aik/p/qemu/block/io.c:1601: bdrv_co_pwritev:
> > Assertion `!(bs->open_flags & 0x0800)' failed.
> > 
> > Program received signal SIGABRT, Aborted.
> > 0x777deff0 in raise () from /lib64/libc.so.6
> > (gdb) bt
> > #0  0x777deff0 in raise () from /lib64/libc.so.6
> > #1  0x777e136c in abort () from /lib64/libc.so.6
> > #2  0x777d4c44 in __assert_fail_base () from /lib64/libc.so.6
> > #3  0x777d4d34 in __assert_fail () from /lib64/libc.so.6
> > #4  0x1074ce44 in bdrv_co_pwritev (child=0x111c6160, offset=65536,
> > bytes=80, qiov=0x7fffe090, flags=0)
> > at /home/aik/p/qemu/block/io.c:1601
> > #5  0x10749408 in bdrv_rw_co_entry (opaque=0x7fffdfa0) at
> > /home/aik/p/qemu/block/io.c:620
> > #6  0x10857188 in coroutine_trampoline (i0=287156048, i1=0) at
> > /home/aik/p/qemu/util/coroutine-ucontext.c:79
> > #7  0x777f2b9c in makecontext () from /lib64/libc.so.6
> > #8  0x in ?? ()
> > (gdb) p bs->open_flags
> > No symbol "bs" in current context.
> > (gdb) up
> > #1  0x777e136c in abort () from /lib64/libc.so.6
> > (gdb)
> > #2  0x777d4c44 in __assert_fail_base () from /lib64/libc.so.6
> > (gdb)
> > #3  0x777d4d34 in __assert_fail () from /lib64/libc.so.6
> > (gdb)
> > #4  0x1074ce44 in bdrv_co_pwritev (child=0x111c6160, offset=65536,
> > bytes=80, qiov=0x7fffe090, flags=0)
> > at /home/aik/p/qemu/block/io.c:1601
> > 1601assert(!(bs->open_flags & BDRV_O_INACTIVE));
> > (gdb) p/x bs->open_flags
> > $2 = 0xe802
> > (gdb)
> > 
> > 
> 
> 
> -- 
> Alexey
> 

Re: [Qemu-devel] [PATCH] replication: Fix replication open fail

[Kevin Wolf]

Am 25.10.2017 um 08:51 hat Wang Guang geschrieben:
> replication_child_perm request write
> permissions for all child which will lead bdrv_check_perm fail.
> replication_child_perm() should request write
> permissions only if it is writable itself.
> 
> Signed-off-by: Wang Guang 
> Signed-off-by: Wang Yong 

Thanks, applied to the block branch.

Kevin

[Qemu-devel] [Bug 586175] Re: Windows XP/2003 doesn't boot

[Bug Watch Updater]

** Changed in: fedora
   Status: Unknown => Won't Fix

** Changed in: fedora
   Importance: Unknown => High

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/586175

Title:
  Windows XP/2003 doesn't boot

Status in QEMU:
  Fix Released
Status in qemu-kvm package in Ubuntu:
  Fix Released
Status in Debian:
  Fix Released
Status in Fedora:
  Won't Fix

Bug description:
  Hello everyone,

  my qemu doesn't boot any Windows XP/2003 installations if I try to boot the 
image.
  If I boot the install cd first, it's boot manager counts down and triggers 
the boot on it's own. That's kinda stupid.

  I'm using libvirt, but even by a simple
  > qemu-kvm -drive file=image.img,media=disk,if=ide,boot=on
  it won't boot. Qemu hangs at the message "Booting from Hard Disk..."

  I'm using qemu-kvm-0.12.4 with SeaBIOS 0.5.1 on Gentoo (No-Multilib
  and AMD64). It's a server, that means I'm using VNC as the primary
  graphic output but i don't think it should be an issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/586175/+subscriptions

Re: [Qemu-devel] [PULL 4/9] ps2: fix scancodes sent for Alt-Print key combination (aka SysRq)

[Daniel P. Berrange]

On Mon, Oct 23, 2017 at 11:19:42AM +0200, Gerd Hoffmann wrote:
> From: "Daniel P. Berrange" 
> 
> The 'Print' key is special in the AT set 1 / set 2 scancode definitions.
> 
> An unmodified 'Print' key is supposed to send
> 
>  AT Set 1:  e0 2a e0 37 (Down)  e0 b7 e0 aa (Up)
>  AT Set 2:  e0 12 e0 7c (Down)  e0 f0 7c e0 f0 12 (Up)
> 
> which QEMU gets right. When pressed in combination with the 'Alt_L' or 'Alt_R'
> keys (which signify SysRq), the scancodes are required to follow a different
> scheme. With Alt_L, the expected sequences are
> 
>  AT set 1:  38, 54 (Down) d4, b8 (Up)
>  AT set 2:  11, 84 (Down) f0 84, f0 11 (Up)
> 
> And with Alt_R
> 
>  AT set 1:  e0 38, 54 (Down) d4, e0 b8 (Up)
>  AT set 2:  e0 11, 84 (Down) f0 84, f0 e0 11 (Up)
> 
> It is actually slightly more complicated than that, because (according results
> of 'showkey -s', keyboards will in fact first release the currently pressed
> modifier before sending the sequence above (which effectively re-presses &
> then releases the modifier) and finally re-press the original modifier
> afterwards. IOW, with Alt_L we need to send
> 
>  AT set 1:  b8, 38, 54 (Down) d4, b8, 38 (Up)
>  AT set 2:  f0 11, 11, 84 (Down) f0 84, f0 11, 11 (Up)
> 
> And with Alt_R
> 
>  AT set 1:  e0 b8, e0 38, 54 (Down) d4, e0 b8, e0 38 (Up)
>  AT set 2:  e0 f0 11, e0 11, 84 (Down) f0 84, e0 f0 11, e0 11 (Up)
> 
> The AT set 3 scancodes have no special handling for Alt-Print.
> 
> Rather than fixing the handling of the 'print' key in the ps2 driver to 
> consider
> the Alt modifiers, way back, a patch was commited that defined an extra 
> 'sysrq'
> key name:
> 
>   commit f2289cb6924afc97b2a75d21bfc9217024d11741
>   Author: balrog 
>   Date:   Wed Jun 4 10:14:16 2008 +
> 
> Add sysrq to key names known by "sendkey".
> 
> Adding sysrq keycode to the table enabling running sysrq debugging in
> the guest via the monitor sendkey command, like:
> 
> (qemu) sendkey alt-sysrq-t
> 
> Tested on x86-64 target and Linux guest.
> 
> Signed-off-by: Ryan Harper 
> 
> With this patch QEMU would send
> 
>  AT set 1:  38, 54 (Down) d4, b8 (Up)
>  AT set 2:  11, 84 (Down) f0 84, f0 11 (Up)
> 
> but this doesn't match what actual real keyboards send, as it is not releasing
> the original modifier & pressing it again afterwards. In addition the original
> problem remains, and a new problem was added:
> 
>   - The sequence 'alt-print-t' is still broken, acting as if 'print-t' was
> requested
>   - The sequence 'sysrq-t' is broken, injecting an undefine scancode sequence
> tot he guest os (bare 0x54)
> 
> To deal with this mess we make these changes to the ps2 code, so that we track
> the state of modifier keys (Alt, Shift, Ctrl - both left & right). Then we can
> vary what scancodes are sent for Q_KEY_CODE_PRINT according to the Alt key
> modifier state
> 
> Interestingly, it appears that of operating systems I've checked (Linux, 
> FreeBSD
> and OpenSolaris), none of them actually bother to validate the full sequences
> for a unmodified 'Print' key. They all just ignore the leading "e0 2a" and
> trigger based off "e0 37" alone. The latter two byte sequence is what 
> keyboards
> send with 'Print' is combined with 'Shift' or 'Ctrl' modifiers.
> 
> Signed-off-by: Daniel P. Berrange 
> Message-id: 20171019142848.572-5-berra...@redhat.com
> Signed-off-by: Gerd Hoffmann 
> ---
>  hw/input/ps2.c| 137 
> ++
>  hw/input/trace-events |   1 +
>  2 files changed, 118 insertions(+), 20 deletions(-)
> 
> diff --git a/hw/input/ps2.c b/hw/input/ps2.c
> index dff3f1e024..1e6f6ae9b6 100644
> --- a/hw/input/ps2.c
> +++ b/hw/input/ps2.c
> @@ -78,6 +78,14 @@
>  
>  #define PS2_QUEUE_SIZE 16  /* Buffer size required by PS/2 protocol */
>  
> +/* Bits for 'modifiers' field in PS2KbdState */
> +#define MOD_CTRL_L  (1 << 0)
> +#define MOD_SHIFT_L (1 << 1)
> +#define MOD_ALT_L   (1 << 2)
> +#define MOD_CTRL_R  (1 << 3)
> +#define MOD_SHIFT_R (1 << 4)
> +#define MOD_ALT_R   (1 << 5)
> +
>  typedef struct {
>  /* Keep the data array 256 bytes long, which compatibility
>   with older qemu versions. */
> @@ -99,6 +107,7 @@ typedef struct {
>  int scancode_set; /* 1=XT, 2=AT, 3=PS/2 */
>  int ledstate;
>  bool need_high_bit;
> +unsigned int modifiers; /* bitmask of MOD_* constants above */
>  } PS2KbdState;

No one confirmed whether or not this new field needs to be added to the
VMSTATE sections, and if so, how todo this in a back compatible manner


Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH 0/3]

[Sameeh Jubran]

On Fri, Oct 27, 2017 at 2:51 AM, Michael Roth 
wrote:

> Quoting Sameeh Jubran (2017-08-13 10:58:46)
> > From: Sameeh Jubran 
> >
> > This series fixes qemu-ga's behaviour upon facing a missing serial/serial
> > driver by listening to the serial device's events.
> >
> > For more info on why this series is needed checkout the commit message
> > of the third patch and the following bugzilla:
> https://bugzilla.redhat.com/show_bug.cgi?id=990629.
> >
> > Sameeh Jubran (3):
> >   qga: Channel: Add functions for checking serial status
> >   qga: main: make qga config and socket activation global
> >   qga: Prevent qemu-ga exit if serial doesn't exist
>
> Hi Sameeh,
>
> The event handling stuff is spiffy and could be useful for other use-cases
> (e.g. cpu/mem hotplug events that can be consumed by management), but since
> the actual bug here is somewhat of an edge case (we *could* just tell
> people that installing the agent before virtio-serial drivers is a bug,
> or that unplugging the agent's communication channel is a bad idea),
> I'm not too comfortable with adding this much complexity unless there's
> a stronger argument for it.
>
I can relate to your concerns, it is somehow an edge case but I think that
this
is the elegant way to handle it instead of just polling forever. This patch
series
is more related to Windows than Linux as this edge case is much more common
on Windows since when the virtio-serial driver is installed sometimes
usually
it requires a post-installation reboot and when the system is up, qemu-ga
runs before
the virtio-serial driver is fully configured and it fails to load and then
another reboot is needed.


>
> There's also a couple issues I had with this series as it stands, namely
> the lack of a ./configure check for udev (which could cause build
> breakage in some environments), and a lot of spillage of GAConfig into
> qga/channel-*, which I think could be avoided.
>
I think we can use the --retry with linux clients and use the device
notifications
API provided by Windows as it is supported since xp.

>
> I've sent an alternative series that I think we should consider as it
> uses a much simpler mechanism to implement this support (basically
> just periodically retrying the channel if it doesn't exist, or if it
> disappears for whatever reason). I've tested it on Windows, but would
> be good to confirm that it adequately addresses the use-case you were
> looking at. Thanks!
>
I haven't tested it yet, but I think it might solve the issue. Your series
is much
simpler and less intrusive to the code but I don't think this is the right
approach.

>
> >
> >  Makefile|   4 +
> >  qga/channel-posix.c |  54 ++
> >  qga/channel-win32.c |  60 +++
> >  qga/channel.h   |   9 ++
> >  qga/main.c  | 284 ++
> --
> >  qga/service-win32.h |   4 +
> >  6 files changed, 385 insertions(+), 30 deletions(-)
> >
> > --
> > 2.9.4
> >
>
>


-- 
Respectfully,
*Sameeh Jubran*
*Linkedin *
*Software Engineer @ Daynix .*

Re: [Qemu-devel] [PATCH v2] s390-ccw: print carriage return with new lines

[Cornelia Huck]

On Thu, 26 Oct 2017 14:52:45 -0400
"Collin L. Walling"  wrote:

> The sclp console in the s390 bios writes raw data,
> leading console emulators (such as virsh console) to
> treat a new line ('\n') as just a new line instead
> of as a Unix line feed. Because of this, output
> appears in a "stair case" pattern.
> 
> Let's print \r\n on every occurrence of a new line
> in the string passed to write to amend this issue.
> 
> This is in sync with the guest Linux code in
> drivers/s390/char/sclp_vt220.c which also does a line feed
> conversion  in the console part of the driver. 
> 
> This fixes the s390-ccw and s390-netboot output like
> $ virsh start test --console
> Domain test started
> Connected to domain test
> Escape character is ^]
> Network boot starting...
>   Using MAC address: 02:01:02:03:04:05
> Requesting 
> information via DHCP:  010
> 
> Signed-off-by: Collin L. Walling 
> Signed-off-by: Christian Borntraeger 

I'm a bit confused about that s-o-b chain... where does Christian come
in here?

[Nothing further from me about the actual code change.]

> ---
>  pc-bios/s390-ccw/sclp.c | 16 +---
>  1 file changed, 13 insertions(+), 3 deletions(-)

Re: [Qemu-devel] [PULL v2 00/11] Disassembler patches

[Peter Maydell]

On 26 October 2017 at 11:00, Richard Henderson
 wrote:
> Support for Capstone, plus an arm32 fix.
>
> Changes since v1:
>   * Fixed mingw32 build in patch 11/11.
> (Not re-sending patches 01-10.)
>
> r~
>
>
> The following changes since commit 3d7196d43bfe12efe98568cb60057e273652b99b:
>
>   Merge remote-tracking branch 
> 'remotes/kraxel/tags/usb-20171023-pull-request' into staging (2017-10-24 
> 16:05:57 +0100)
>
> are available in the git repository at:
>
>   git://github.com/rth7680/qemu.git tags/pull-dis-20171026
>
> for you to fetch changes up to e219c499e9f5d4fa0e25dc07682f75531ee84d86:
>
>   disas: Add capstone as submodule (2017-10-26 11:56:20 +0200)
>
> 
> Capstone disassembler
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH v4 01/13] m25p80: Add support for continuous read out of RDSR and READ_FSR

[Alistair Francis]

On Fri, Oct 27, 2017 at 7:56 AM, Francisco Iglesias
 wrote:
> Add support for continuous read out of the RDSR and READ_FSR status
> registers until the chip select is deasserted. This feature is supported
> by amongst others 1 or more flashtypes manufactured by Numonyx (Micron),
> Windbond, SST, Gigadevice, Eon and Macronix.
>
> Signed-off-by: Francisco Iglesias 
> Acked-by: Marcin Krzemiński 

Acked-by: Alistair Francis 

Alistair

> ---
>  hw/block/m25p80.c | 8 +++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
> index a2438b9..2971519 100644
> --- a/hw/block/m25p80.c
> +++ b/hw/block/m25p80.c
> @@ -423,6 +423,7 @@ typedef struct Flash {
>  uint8_t data[M25P80_INTERNAL_DATA_BUFFER_SZ];
>  uint32_t len;
>  uint32_t pos;
> +bool data_read_loop;
>  uint8_t needed_bytes;
>  uint8_t cmd_in_progress;
>  uint32_t cur_addr;
> @@ -983,6 +984,7 @@ static void decode_new_cmd(Flash *s, uint32_t value)
>  }
>  s->pos = 0;
>  s->len = 1;
> +s->data_read_loop = true;
>  s->state = STATE_READING_DATA;
>  break;
>
> @@ -993,6 +995,7 @@ static void decode_new_cmd(Flash *s, uint32_t value)
>  }
>  s->pos = 0;
>  s->len = 1;
> +s->data_read_loop = true;
>  s->state = STATE_READING_DATA;
>  break;
>
> @@ -1133,6 +1136,7 @@ static int m25p80_cs(SSISlave *ss, bool select)
>  s->pos = 0;
>  s->state = STATE_IDLE;
>  flash_sync_dirty(s, -1);
> +s->data_read_loop = false;
>  }
>
>  DB_PRINT_L(0, "%sselect\n", select ? "de" : "");
> @@ -1198,7 +1202,9 @@ static uint32_t m25p80_transfer8(SSISlave *ss, uint32_t 
> tx)
>  s->pos++;
>  if (s->pos == s->len) {
>  s->pos = 0;
> -s->state = STATE_IDLE;
> +if (!s->data_read_loop) {
> +s->state = STATE_IDLE;
> +}
>  }
>  break;
>
> --
> 2.9.3
>
>

Re: [Qemu-devel] [PATCH v4 02/13] m25p80: Add support for SST READ ID 0x90/0xAB commands

[Alistair Francis]

On Fri, Oct 27, 2017 at 7:56 AM, Francisco Iglesias
 wrote:
> Add support for SST READ ID 0x90/0xAB commands for reading out the flash
> manufacuter ID and device ID.
>
> Signed-off-by: Francisco Iglesias 

Acked-by: Alistair Francis 

Alistair

> ---
>  hw/block/m25p80.c | 23 +++
>  1 file changed, 23 insertions(+)
>
> diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
> index 2971519..7a5c137 100644
> --- a/hw/block/m25p80.c
> +++ b/hw/block/m25p80.c
> @@ -355,6 +355,8 @@ typedef enum {
>  DPP = 0xa2,
>  QPP = 0x32,
>  QPP_4 = 0x34,
> +RDID_90 = 0x90,
> +RDID_AB = 0xab,
>
>  ERASE_4K = 0x20,
>  ERASE4_4K = 0x21,
> @@ -405,6 +407,7 @@ typedef enum {
>  MAN_MACRONIX,
>  MAN_NUMONYX,
>  MAN_WINBOND,
> +MAN_SST,
>  MAN_GENERIC,
>  } Manufacturer;
>
> @@ -476,6 +479,8 @@ static inline Manufacturer get_man(Flash *s)
>  return MAN_SPANSION;
>  case 0xC2:
>  return MAN_MACRONIX;
> +case 0xBF:
> +return MAN_SST;
>  default:
>  return MAN_GENERIC;
>  }
> @@ -711,6 +716,22 @@ static void complete_collecting_data(Flash *s)
>  case WEVCR:
>  s->enh_volatile_cfg = s->data[0];
>  break;
> +case RDID_90:
> +case RDID_AB:
> +if (get_man(s) == MAN_SST && s->cur_addr <= 1) {
> +if (s->cur_addr) {
> +s->data[0] = s->pi->id[2];
> +s->data[1] = s->pi->id[0];
> +} else {
> +s->data[0] = s->pi->id[0];
> +s->data[1] = s->pi->id[2];
> +}
> +s->pos = 0;
> +s->len = 2;
> +s->data_read_loop = true;
> +s->state = STATE_READING_DATA;
> +}
> +break;
>  default:
>  break;
>  }
> @@ -926,6 +947,8 @@ static void decode_new_cmd(Flash *s, uint32_t value)
>  case PP4:
>  case PP4_4:
>  case DIE_ERASE:
> +case RDID_90:
> +case RDID_AB:
>  s->needed_bytes = get_addr_length(s);
>  s->pos = 0;
>  s->len = 0;
> --
> 2.9.3
>
>

Re: [Qemu-devel] [PATCH v4 04/13] m25p80: Add support for n25q512a11 and n25q512a13

[Alistair Francis]

On Fri, Oct 27, 2017 at 7:56 AM, Francisco Iglesias
 wrote:
> Add support for Micron (Numonyx) n25q512a11 and n25q512a13 flashes.
>
> Signed-off-by: Francisco Iglesias 
> Acked-by: Marcin Krzemiński 

Reviewed-by: Alistair Francis 

Alistair

> ---
>  hw/block/m25p80.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/hw/block/m25p80.c b/hw/block/m25p80.c
> index cf39e36..054dc6f 100644
> --- a/hw/block/m25p80.c
> +++ b/hw/block/m25p80.c
> @@ -240,6 +240,8 @@ static const FlashPartInfo known_devices[] = {
>  { INFO("n25q128a13",  0x20ba18,  0,  64 << 10, 256, ER_4K) },
>  { INFO("n25q256a11",  0x20bb19,  0,  64 << 10, 512, ER_4K) },
>  { INFO("n25q256a13",  0x20ba19,  0,  64 << 10, 512, ER_4K) },
> +{ INFO("n25q512a11",  0x20bb20,  0,  64 << 10, 1024, ER_4K) },
> +{ INFO("n25q512a13",  0x20ba20,  0,  64 << 10, 1024, ER_4K) },
>  { INFO("n25q128", 0x20ba18,  0,  64 << 10, 256, 0) },
>  { INFO("n25q256a",0x20ba19,  0,  64 << 10, 512, ER_4K) },
>  { INFO("n25q512a",0x20ba20,  0,  64 << 10, 1024, ER_4K) },
> --
> 2.9.3
>
>

Re: [Qemu-devel] [PATCH v4 13/13] xlnx-zcu102: Add support for the ZynqMP QSPI

[Alistair Francis]

On Fri, Oct 27, 2017 at 7:56 AM, Francisco Iglesias
 wrote:
> Add support for the ZynqMP QSPI (consisting of the Generic QSPI and Legacy
> QSPI) and connect Numonyx n25q512a11 flashes to it.
>
> Signed-off-by: Francisco Iglesias 
> ---
>  hw/arm/xlnx-zcu102.c | 23 +++
>  hw/arm/xlnx-zynqmp.c | 24 
>  include/hw/arm/xlnx-zynqmp.h |  5 +
>  3 files changed, 52 insertions(+)
>
> diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c
> index 519a16e..7d61972 100644
> --- a/hw/arm/xlnx-zcu102.c
> +++ b/hw/arm/xlnx-zcu102.c
> @@ -150,6 +150,29 @@ static void xlnx_zynqmp_init(XlnxZCU102 *s, MachineState 
> *machine)
>  sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.spi[i]), 1, cs_line);
>  }
>
> +for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_FLASH; i++) {
> +SSIBus *spi_bus;
> +DeviceState *flash_dev;
> +qemu_irq cs_line;
> +DriveInfo *dinfo = drive_get_next(IF_MTD);
> +int bus = i / XLNX_ZYNQMP_NUM_QSPI_BUS_CS;
> +gchar *bus_name = g_strdup_printf("qspi%d", bus);
> +
> +spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(&s->soc), bus_name);
> +g_free(bus_name);
> +
> +flash_dev = ssi_create_slave_no_init(spi_bus, "n25q512a11");
> +if (dinfo) {
> +qdev_prop_set_drive(flash_dev, "drive", 
> blk_by_legacy_dinfo(dinfo),
> +&error_fatal);
> +}
> +qdev_init_nofail(flash_dev);
> +
> +cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0);
> +
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.qspi), i + 1, cs_line);
> +}
> +
>  /* TODO create and connect IDE devices for ide_drive_get() */
>
>  xlnx_zcu102_binfo.ram_size = ram_size;
> diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
> index d4b6560..f7c8b4b 100644
> --- a/hw/arm/xlnx-zynqmp.c
> +++ b/hw/arm/xlnx-zynqmp.c
> @@ -40,6 +40,10 @@
>  #define SATA_ADDR   0xFD0C
>  #define SATA_NUM_PORTS  2
>
> +#define QSPI_ADDR   0xff0f
> +#define LQSPI_ADDR  0xc000
> +#define QSPI_IRQ15
> +
>  #define DP_ADDR 0xfd4a
>  #define DP_IRQ  113
>
> @@ -169,6 +173,9 @@ static void xlnx_zynqmp_init(Object *obj)
>  qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default());
>  }
>
> +object_initialize(&s->qspi, sizeof(s->qspi), TYPE_XLNX_ZYNQMP_QSPIPS);
> +qdev_set_parent_bus(DEVICE(&s->qspi), sysbus_get_default());
> +
>  object_initialize(&s->dp, sizeof(s->dp), TYPE_XLNX_DP);
>  qdev_set_parent_bus(DEVICE(&s->dp), sysbus_get_default());
>
> @@ -405,6 +412,23 @@ static void xlnx_zynqmp_realize(DeviceState *dev, Error 
> **errp)
>  g_free(bus_name);
>  }
>
> +object_property_set_bool(OBJECT(&s->qspi), true, "realized", &err);
> +sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 0, QSPI_ADDR);
> +sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 1, LQSPI_ADDR);
> +sysbus_connect_irq(SYS_BUS_DEVICE(&s->qspi), 0, gic_spi[QSPI_IRQ]);

New line here

> +for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_BUS; i++) {
> +gchar *bus_name;
> +gchar *target_bus;

New line here

> +/* Alias controller SPI bus to the SoC itself */
> +bus_name = g_strdup_printf("qspi%d", i);
> +target_bus = g_strdup_printf("spi%d", i);
> +object_property_add_alias(OBJECT(s), bus_name,
> +  OBJECT(&s->qspi), target_bus,

Why do we alias qspi to spi?

Alistair

> +  &error_abort);
> +g_free(bus_name);
> +g_free(target_bus);
> +}
> +
>  object_property_set_bool(OBJECT(&s->dp), true, "realized", &err);
>  if (err) {
>  error_propagate(errp, err);
> diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
> index 6eff81a..3e6fb9b 100644
> --- a/include/hw/arm/xlnx-zynqmp.h
> +++ b/include/hw/arm/xlnx-zynqmp.h
> @@ -40,6 +40,10 @@
>  #define XLNX_ZYNQMP_NUM_SDHCI 2
>  #define XLNX_ZYNQMP_NUM_SPIS 2
>
> +#define XLNX_ZYNQMP_NUM_QSPI_BUS 2
> +#define XLNX_ZYNQMP_NUM_QSPI_BUS_CS 2
> +#define XLNX_ZYNQMP_NUM_QSPI_FLASH 4
> +
>  #define XLNX_ZYNQMP_NUM_OCM_BANKS 4
>  #define XLNX_ZYNQMP_OCM_RAM_0_ADDRESS 0xFFFC
>  #define XLNX_ZYNQMP_OCM_RAM_SIZE 0x1
> @@ -83,6 +87,7 @@ typedef struct XlnxZynqMPState {
>  SysbusAHCIState sata;
>  SDHCIState sdhci[XLNX_ZYNQMP_NUM_SDHCI];
>  XilinxSPIPS spi[XLNX_ZYNQMP_NUM_SPIS];
> +XlnxZynqMPQSPIPS qspi;
>  XlnxDPState dp;
>  XlnxDPDMAState dpdma;
>
> --
> 2.9.3
>
>

[Qemu-devel] [PATCH] net: detect errors from probing vnet hdr flag for TAP devices

[Daniel P. Berrange]

When QEMU sets up a tap based network device backend, it mostly ignores errors
reported from various ioctl() calls it makes, assuming the TAP file descriptor
is valid. This assumption can easily be violated when the user is passing in a
pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but if
the user passes in a bogus FD number that happens to clash with a FD number that
QEMU has opened internally for another reason, a wide variety of errnos may
result, as the TUNGETIFF ioctl number may map to a completely different command
on a different type of file.

By ignoring all these errors, QEMU sets up a zombie network backend that will
never pass any data. Even worse, when QEMU shuts down, or that network backend
is hot-removed, it will close this bogus file descriptor, which could belong to
another QEMU device backend.

There's no obvious guaranteed reliable way to detect that a FD genuinely is a
TAP device, as opposed to a UNIX socket, or pipe, or something else. Checking
the errno from probing vnet hdr flag though, does catch the big common cases.
ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when FD is
a UNIX socket, or pipe which catches accidental collisions with FDs used for
stdio, or monitor socket.

Previously the example below where bogus fd 9 collides with the FD used for the
chardev saw:

$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
  -chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
  -monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: 
Inappropriate ioctl for device
TUNSETOFFLOAD ioctl() failed: Bad address
QEMU 2.9.1 monitor - type 'help' for more information
(qemu) Warning: netdev hostnet0 has no peer

which gives a running QEMU with a zombie network backend.

With this change applied we get an error message and QEMU immediately exits
before carrying on and making a bigger disaster:

$ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
  -chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
  -monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=9: Unable to query 
TUNGETIFF on FD 9: Inappropriate ioctl for device

Reported-by: Dr. David Alan Gilbert 
Signed-off-by: Daniel P. Berrange 
---
 net/tap-bsd.c |  2 +-
 net/tap-linux.c   | 12 +---
 net/tap-solaris.c |  2 +-
 net/tap-stub.c|  2 +-
 net/tap.c | 25 -
 net/tap_int.h |  2 +-
 6 files changed, 33 insertions(+), 12 deletions(-)

diff --git a/net/tap-bsd.c b/net/tap-bsd.c
index 6c9692263d..4f1d633b08 100644
--- a/net/tap-bsd.c
+++ b/net/tap-bsd.c
@@ -211,7 +211,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, 
Error **errp)
 {
 }
 
-int tap_probe_vnet_hdr(int fd)
+int tap_probe_vnet_hdr(int fd, Error **errp)
 {
 return 0;
 }
diff --git a/net/tap-linux.c b/net/tap-linux.c
index 535b1ddb61..de74928407 100644
--- a/net/tap-linux.c
+++ b/net/tap-linux.c
@@ -147,13 +147,19 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, 
Error **errp)
 }
 }
 
-int tap_probe_vnet_hdr(int fd)
+int tap_probe_vnet_hdr(int fd, Error **errp)
 {
 struct ifreq ifr;
 
 if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
-error_report("TUNGETIFF ioctl() failed: %s", strerror(errno));
-return 0;
+/* Kernel pre-dates TUNGETIFF support */
+if (errno == -EINVAL) {
+return 0;
+} else {
+error_setg_errno(errp, errno,
+ "Unable to query TUNGETIFF on FD %d", fd);
+return -1;
+}
 }
 
 return ifr.ifr_flags & IFF_VNET_HDR;
diff --git a/net/tap-solaris.c b/net/tap-solaris.c
index a2a92356c1..3437838a92 100644
--- a/net/tap-solaris.c
+++ b/net/tap-solaris.c
@@ -206,7 +206,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, 
Error **errp)
 {
 }
 
-int tap_probe_vnet_hdr(int fd)
+int tap_probe_vnet_hdr(int fd, Error **errp)
 {
 return 0;
 }
diff --git a/net/tap-stub.c b/net/tap-stub.c
index a9ab8f8293..de525a2e69 100644
--- a/net/tap-stub.c
+++ b/net/tap-stub.c
@@ -37,7 +37,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, 
Error **errp)
 {
 }
 
-int tap_probe_vnet_hdr(int fd)
+int tap_probe_vnet_hdr(int fd, Error **errp)
 {
 return 0;
 }
diff --git a/net/tap.c b/net/tap.c
index 979e622e60..763fd2d9b2 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -592,7 +592,11 @@ int net_init_bridge(const Netdev *netdev, const char *name,
 }
 
 fcntl(fd, F_SETFL, O_NONBLOCK);
-vnet_hdr = tap_probe_vnet_hdr(fd);
+vnet_hdr = tap_probe_vnet_hdr(fd, errp);
+if (vnet_hdr < 0) {
+close(fd);
+return -1;
+}
 s = net_tap_fd_init(peer, "bridge", name, fd, vnet_hdr);
 
 snprintf(s->nc.info_str, sizeof(s->nc.info_str), "helper=%s,br=%s", helper,
@@ -779,7 +783,11 @@ int net_init_tap(const Netdev *netdev, const char *name,
 
 fcntl(fd, F_SETFL, O_NONBLOCK);
 
-   

[Qemu-devel] [PATCH] sockets: avoid crash when cleaning up sockets for an invalid FD

[Daniel P. Berrange]

If socket_listen_cleanup is passed an invalid FD, then querying the socket
local address will fail. We must thus be prepared for the returned addr to
be NULL

Reported-by: Dr. David Alan Gilbert 
Signed-off-by: Daniel P. Berrange 
---
 util/qemu-sockets.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
index b47fb45885..c7fdaa63fb 100644
--- a/util/qemu-sockets.c
+++ b/util/qemu-sockets.c
@@ -1073,6 +1073,9 @@ void socket_listen_cleanup(int fd, Error **errp)
 SocketAddress *addr;
 
 addr = socket_local_address(fd, errp);
+if (!addr) {
+return;
+}
 
 if (addr->type == SOCKET_ADDRESS_TYPE_UNIX
 && addr->u.q_unix.path) {
-- 
2.13.6

[Qemu-devel] [PATCH 0/4] Don't write headers if BDS is INACTIVE

[Jeff Cody]

VHDX and Parallels both blindly write headers to the image file
if the images are opened R/W.  This causes an assert if the QEMU run
state is INMIGRATE.  Rather than blindly write on open, latch the first
write to the image, and update the header then.

Jeff Cody (4):
  block/vhdx.c: Don't blindly update the header
  block/parallels: code movement
  block/parallels: Don't update header until the first actual write
  qemu-iotests: update unsupported image formats in 194

 block/parallels.c  | 49 -
 block/vhdx.c   |  7 ---
 tests/qemu-iotests/194 |  2 +-
 3 files changed, 33 insertions(+), 25 deletions(-)

-- 
2.13.6

[Qemu-devel] [PATCH 2/4] block/parallels: code movement

[Jeff Cody]

Code movement, to make subsequent patches simpler.

Signed-off-by: Jeff Cody 
---
 block/parallels.c | 24 
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/block/parallels.c b/block/parallels.c
index 2b6c6e5709..fed199eccd 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -159,6 +159,18 @@ static int cluster_remainder(BDRVParallelsState *s, 
int64_t sector_num,
 return MIN(nb_sectors, ret);
 }
 
+static int parallels_update_header(BlockDriverState *bs)
+{
+BDRVParallelsState *s = bs->opaque;
+unsigned size = MAX(bdrv_opt_mem_align(bs->file->bs),
+sizeof(ParallelsHeader));
+
+if (size > s->header_size) {
+size = s->header_size;
+}
+return bdrv_pwrite_sync(bs->file, 0, s->header, size);
+}
+
 static int64_t block_status(BDRVParallelsState *s, int64_t sector_num,
 int nb_sectors, int *pnum)
 {
@@ -575,18 +587,6 @@ static int parallels_probe(const uint8_t *buf, int 
buf_size,
 return 0;
 }
 
-static int parallels_update_header(BlockDriverState *bs)
-{
-BDRVParallelsState *s = bs->opaque;
-unsigned size = MAX(bdrv_opt_mem_align(bs->file->bs),
-sizeof(ParallelsHeader));
-
-if (size > s->header_size) {
-size = s->header_size;
-}
-return bdrv_pwrite_sync(bs->file, 0, s->header, size);
-}
-
 static int parallels_open(BlockDriverState *bs, QDict *options, int flags,
   Error **errp)
 {
-- 
2.13.6

[Qemu-devel] [PATCH 1/4] block/vhdx.c: Don't blindly update the header

[Jeff Cody]

The VHDX specification requires that before user data modification of
the vhdx image, the VHDX header file and data GUIDs need to be updated.
In vhdx_open(), if the image is set to RDWR, we go ahead and update the
header.

However, just because the image is set to RDWR does not mean we can go
ahead and write at this point - specifically, if the QEMU run state is
INMIGRATE, the underlying file BS may be set to inactive via the BDS
open flag of BDRV_O_INACTIVE.  Attempting to write under this condition
will cause an assert in bdrv_co_pwritev().

We can alternatively latch the first time the image is written.  And lo
and behold, we do just that, via vhdx_user_visible_write() in
vhdx_co_writev().  This means the call to vhdx_update_headers() in
vhdx_open() is likely just vestigial, and can be removed.

Reported-by: Alexey Kardashevskiy 
Signed-off-by: Jeff Cody 
---
 block/vhdx.c | 7 ---
 1 file changed, 7 deletions(-)

diff --git a/block/vhdx.c b/block/vhdx.c
index 7ae4589879..9956933da6 100644
--- a/block/vhdx.c
+++ b/block/vhdx.c
@@ -1008,13 +1008,6 @@ static int vhdx_open(BlockDriverState *bs, QDict 
*options, int flags,
 goto fail;
 }
 
-if (flags & BDRV_O_RDWR) {
-ret = vhdx_update_headers(bs, s, false, NULL);
-if (ret < 0) {
-goto fail;
-}
-}
-
 /* TODO: differencing files */
 
 return 0;
-- 
2.13.6

[Qemu-devel] [PATCH 3/4] block/parallels: Don't update header until the first actual write

[Jeff Cody]

The on disk image format 'inuse' header field is updated blindly if the
image is opened RDWR.  This can cause problems if the QEMU runstate is
set to INMIGRATE, at which point the underlying file is set to INACTIVE.
This causes an assert in bdrv_co_pwritev().

Do something similar to what is done in VHDX; latch the first write, and
update the header the first time we modify the file.

Signed-off-by: Jeff Cody 
---
 block/parallels.c | 25 -
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/block/parallels.c b/block/parallels.c
index fed199eccd..c560e2fcf2 100644
--- a/block/parallels.c
+++ b/block/parallels.c
@@ -100,6 +100,8 @@ typedef struct BDRVParallelsState {
 unsigned int tracks;
 
 unsigned int off_multiplier;
+
+bool first_write_latch;
 } BDRVParallelsState;
 
 
@@ -317,6 +319,16 @@ static coroutine_fn int 
parallels_co_writev(BlockDriverState *bs,
 QEMUIOVector hd_qiov;
 int ret = 0;
 
+if (s->first_write_latch) {
+s->first_write_latch = false;
+qemu_co_mutex_lock(&s->lock);
+ret = parallels_update_header(bs);
+qemu_co_mutex_unlock(&s->lock);
+}
+if (ret < 0) {
+return ret;
+}
+
 qemu_iovec_init(&hd_qiov, qiov->niov);
 
 while (nb_sectors > 0) {
@@ -416,6 +428,9 @@ static int parallels_check(BlockDriverState *bs, 
BdrvCheckResult *res,
 /* parallels_close will do the job right */
 res->corruptions_fixed++;
 s->header_unclean = false;
+/* set that a write has occurred, so that parallels_close() will
+ * update the inuse field in the header */
+s->first_write_latch = false;
 }
 }
 
@@ -597,6 +612,8 @@ static int parallels_open(BlockDriverState *bs, QDict 
*options, int flags,
 Error *local_err = NULL;
 char *buf;
 
+s->first_write_latch = true;
+
 bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
false, errp);
 if (!bs->file) {
@@ -710,10 +727,6 @@ static int parallels_open(BlockDriverState *bs, QDict 
*options, int flags,
 
 if (flags & BDRV_O_RDWR) {
 s->header->inuse = cpu_to_le32(HEADER_INUSE_MAGIC);
-ret = parallels_update_header(bs);
-if (ret < 0) {
-goto fail;
-}
 }
 
 s->bat_dirty_block = 4 * getpagesize();
@@ -741,7 +754,9 @@ static void parallels_close(BlockDriverState *bs)
 {
 BDRVParallelsState *s = bs->opaque;
 
-if (bs->open_flags & BDRV_O_RDWR) {
+/* Only need to update the header, if we ever actually wrote to the
+ * image at all */
+if ((bs->open_flags & BDRV_O_RDWR) && !s->first_write_latch) {
 s->header->inuse = 0;
 parallels_update_header(bs);
 }
-- 
2.13.6

[Qemu-devel] [PATCH 4/4] qemu-iotests: update unsupported image formats in 194

[Jeff Cody]

Test 194 checks for 'luks' to exclude as an unsupported format,
However, most formats are unsupported, due to migration blockers.

Rather than specifying a blacklist of unsupported formats, whitelist
supported formats (specifically, qcow2, qed, raw, dmg).

Signed-off-by: Jeff Cody 
---
 tests/qemu-iotests/194 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/qemu-iotests/194 b/tests/qemu-iotests/194
index 8d973b440f..1d4214aca3 100755
--- a/tests/qemu-iotests/194
+++ b/tests/qemu-iotests/194
@@ -21,7 +21,7 @@
 
 import iotests
 
-iotests.verify_image_format(unsupported_fmts=['luks'])
+iotests.verify_image_format(supported_fmts=['qcow2', 'qed', 'raw', 'dmg'])
 iotests.verify_platform(['linux'])
 
 with iotests.FilePath('source.img') as source_img_path, \
-- 
2.13.6

Re: [Qemu-devel] [PATCH 3/4] block/parallels: Don't update header until the first actual write

[Kevin Wolf]

Am 27.10.2017 um 10:57 hat Jeff Cody geschrieben:
> The on disk image format 'inuse' header field is updated blindly if the
> image is opened RDWR.  This can cause problems if the QEMU runstate is
> set to INMIGRATE, at which point the underlying file is set to INACTIVE.
> This causes an assert in bdrv_co_pwritev().
> 
> Do something similar to what is done in VHDX; latch the first write, and
> update the header the first time we modify the file.
> 
> Signed-off-by: Jeff Cody 

For VHDX, it seems that we have to have the header update in the write
path anyway, so it might be justifiable, but I think for parallels, it's
just ugly.

The conservative approach to this would be doing the header write in
.bdrv_open() only if BDRV_O_INACTIVE is cleared, and otherwise do it
during .bdrv_invalidate_cache().

By the way, random design thought: It might make sense to change
.bdrv_open() so that it always opens inactive images and then call
.bdrv_invalidate_cache() (possibly renamed to .bdrv_activate())
unconditionally even without migration.

Kevin

Re: [Qemu-devel] [PATCH v4 13/13] xlnx-zcu102: Add support for the ZynqMP QSPI

[francisco iglesias]

Dear alistair,

Thank you for the review comments! I will update according them in the next
version of the patch series! About your question, I might have
misunderstod, but isn't the alias "qspi"? (s/"qspi{0,1}"  ->
s->qspi/"spi{0,1}")

Best regards,
Francisco Iglesias

On 27 Oct 2017 10:49, "Alistair Francis"  wrote:

> On Fri, Oct 27, 2017 at 7:56 AM, Francisco Iglesias
>  wrote:
> > Add support for the ZynqMP QSPI (consisting of the Generic QSPI and
> Legacy
> > QSPI) and connect Numonyx n25q512a11 flashes to it.
> >
> > Signed-off-by: Francisco Iglesias 
> > ---
> >  hw/arm/xlnx-zcu102.c | 23 +++
> >  hw/arm/xlnx-zynqmp.c | 24 
> >  include/hw/arm/xlnx-zynqmp.h |  5 +
> >  3 files changed, 52 insertions(+)
> >
> > diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c
> > index 519a16e..7d61972 100644
> > --- a/hw/arm/xlnx-zcu102.c
> > +++ b/hw/arm/xlnx-zcu102.c
> > @@ -150,6 +150,29 @@ static void xlnx_zynqmp_init(XlnxZCU102 *s,
> MachineState *machine)
> >  sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.spi[i]), 1, cs_line);
> >  }
> >
> > +for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_FLASH; i++) {
> > +SSIBus *spi_bus;
> > +DeviceState *flash_dev;
> > +qemu_irq cs_line;
> > +DriveInfo *dinfo = drive_get_next(IF_MTD);
> > +int bus = i / XLNX_ZYNQMP_NUM_QSPI_BUS_CS;
> > +gchar *bus_name = g_strdup_printf("qspi%d", bus);
> > +
> > +spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(&s->soc),
> bus_name);
> > +g_free(bus_name);
> > +
> > +flash_dev = ssi_create_slave_no_init(spi_bus, "n25q512a11");
> > +if (dinfo) {
> > +qdev_prop_set_drive(flash_dev, "drive",
> blk_by_legacy_dinfo(dinfo),
> > +&error_fatal);
> > +}
> > +qdev_init_nofail(flash_dev);
> > +
> > +cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0);
> > +
> > +sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.qspi), i + 1,
> cs_line);
> > +}
> > +
> >  /* TODO create and connect IDE devices for ide_drive_get() */
> >
> >  xlnx_zcu102_binfo.ram_size = ram_size;
> > diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
> > index d4b6560..f7c8b4b 100644
> > --- a/hw/arm/xlnx-zynqmp.c
> > +++ b/hw/arm/xlnx-zynqmp.c
> > @@ -40,6 +40,10 @@
> >  #define SATA_ADDR   0xFD0C
> >  #define SATA_NUM_PORTS  2
> >
> > +#define QSPI_ADDR   0xff0f
> > +#define LQSPI_ADDR  0xc000
> > +#define QSPI_IRQ15
> > +
> >  #define DP_ADDR 0xfd4a
> >  #define DP_IRQ  113
> >
> > @@ -169,6 +173,9 @@ static void xlnx_zynqmp_init(Object *obj)
> >  qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default());
> >  }
> >
> > +object_initialize(&s->qspi, sizeof(s->qspi),
> TYPE_XLNX_ZYNQMP_QSPIPS);
> > +qdev_set_parent_bus(DEVICE(&s->qspi), sysbus_get_default());
> > +
> >  object_initialize(&s->dp, sizeof(s->dp), TYPE_XLNX_DP);
> >  qdev_set_parent_bus(DEVICE(&s->dp), sysbus_get_default());
> >
> > @@ -405,6 +412,23 @@ static void xlnx_zynqmp_realize(DeviceState *dev,
> Error **errp)
> >  g_free(bus_name);
> >  }
> >
> > +object_property_set_bool(OBJECT(&s->qspi), true, "realized", &err);
> > +sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 0, QSPI_ADDR);
> > +sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 1, LQSPI_ADDR);
> > +sysbus_connect_irq(SYS_BUS_DEVICE(&s->qspi), 0, gic_spi[QSPI_IRQ]);
>
> New line here
>
> > +for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_BUS; i++) {
> > +gchar *bus_name;
> > +gchar *target_bus;
>
> New line here
>
> > +/* Alias controller SPI bus to the SoC itself */
> > +bus_name = g_strdup_printf("qspi%d", i);
> > +target_bus = g_strdup_printf("spi%d", i);
> > +object_property_add_alias(OBJECT(s), bus_name,
> > +  OBJECT(&s->qspi), target_bus,
>
> Why do we alias qspi to spi?
>
> Alistair
>
> > +  &error_abort);
> > +g_free(bus_name);
> > +g_free(target_bus);
> > +}
> > +
> >  object_property_set_bool(OBJECT(&s->dp), true, "realized", &err);
> >  if (err) {
> >  error_propagate(errp, err);
> > diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
> > index 6eff81a..3e6fb9b 100644
> > --- a/include/hw/arm/xlnx-zynqmp.h
> > +++ b/include/hw/arm/xlnx-zynqmp.h
> > @@ -40,6 +40,10 @@
> >  #define XLNX_ZYNQMP_NUM_SDHCI 2
> >  #define XLNX_ZYNQMP_NUM_SPIS 2
> >
> > +#define XLNX_ZYNQMP_NUM_QSPI_BUS 2
> > +#define XLNX_ZYNQMP_NUM_QSPI_BUS_CS 2
> > +#define XLNX_ZYNQMP_NUM_QSPI_FLASH 4
> > +
> >  #define XLNX_ZYNQMP_NUM_OCM_BANKS 4
> >  #define XLNX_ZYNQMP_OCM_RAM_0_ADDRESS 0xFFFC
> >  #define XLNX_ZYNQMP_OCM_RAM_SIZE 0x1
> > @@ -83,6 +87,7 @@ typedef struct XlnxZynqMPState {
> >  SysbusAHCIState sata;
> >  SDHCIState sdhci[X

Re: [Qemu-devel] [PATCH v2] linux-user: fix is_proc_myself to check the paths via realpath

[Riku Voipio]

On Thu, Oct 26, 2017 at 04:06:22PM -0500, Zach Riggle wrote:
> Friendly ping :)
> 
> I've updated the patch with v2 which addresses the style issue

I'll have a look at it soon.
 
> 
> *Zach Riggle*
> 
> On Tue, Oct 24, 2017 at 10:34 PM, Zach Riggle  wrote:
> 
> > Previously, it was possible to get a handle to the "real" /proc/self/mem
> > by creating a symlink to it and opening the symlink, or opening e.g.
> > "./mem" after chdir'ing to "/proc/self"

When is this a problem? Symlinking to /proc/self seems to be a quite weird 
usecase.

> >
> > $ ln -s /proc/self self
> > $ cat self/maps
> > 6000-602bc000 r-xp  fc:01 270375
> >/usr/bin/qemu-arm-static
> > 604bc000-6050f000 rw-p 002bc000 fc:01 270375
> >/usr/bin/qemu-arm-static
> > ...
> >
> > Signed-off-by: Zach Riggle 
> > ---
> >  linux-user/syscall.c | 47 ---
> >  1 file changed, 28 insertions(+), 19 deletions(-)
> >
> > diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> > index 9bf901fa11..6c1f28a1f7 100644
> > --- a/linux-user/syscall.c
> > +++ b/linux-user/syscall.c
> > @@ -7496,26 +7496,35 @@ static int open_self_auxv(void *cpu_env, int fd)
> >
> >  static int is_proc_myself(const char *filename, const char *entry)
> >  {
> > -if (!strncmp(filename, "/proc/", strlen("/proc/"))) {
> > -filename += strlen("/proc/");
> > -if (!strncmp(filename, "self/", strlen("self/"))) {
> > -filename += strlen("self/");
> > -} else if (*filename >= '1' && *filename <= '9') {
> > -char myself[80];
> > -snprintf(myself, sizeof(myself), "%d/", getpid());
> > -if (!strncmp(filename, myself, strlen(myself))) {
> > -filename += strlen(myself);
> > -} else {
> > -return 0;
> > -}
> > -} else {
> > -return 0;
> > -}
> > -if (!strcmp(filename, entry)) {
> > -return 1;
> > -}
> > +char proc_self_entry[PATH_MAX + 1];
> > +char proc_self_entry_realpath[PATH_MAX + 1];
> > +char filename_realpath[PATH_MAX + 1];
> > +
> > +if (PATH_MAX < snprintf(proc_self_entry,
> > +sizeof(proc_self_entry),
> > +"/proc/self/%s",
> > +entry)) {
> > +/* Full path to "entry" is too long to fit in the buffer */
> > +return 0;
> >  }
> > -return 0;
> > +
> > +if (!realpath(filename, filename_realpath)) {
> > +/* File does not exist, or can't be canonicalized */
> > +return 0;
> > +}
> > +
> > +if (!realpath(proc_self_entry, proc_self_entry_realpath)) {
> > +/* Procfs entry does not exist */
> > +return 0;
> > +}
> > +
> > +if (strcmp(filename_realpath, proc_self_entry_realpath) != 0) {
> > +/* Paths are different */
> > +return 0;
> > +}
> > +
> > +/* filename refers to /proc/self/ */
> > +return 1;
> >  }
> >
> >  #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
> > --
> > 2.14.3
> >
> >

Re: [Qemu-devel] [v3 2/2] tests/pxe-test: add testcase using vhost-user-bridge

[Jens Freimann]

On Thu, Oct 26, 2017 at 02:53:12PM +, Michael S. Tsirkin wrote:

On Thu, Oct 26, 2017 at 02:44:25PM +0200, Jens Freimann wrote:

From: Jens Freimann 

Add a PXE testcase tunneling traffic through vhost-user-bridge process.
Create a vhost-user-bridge process and connect it to qemu via a socket.

Signed-off-by: Jens Freimann 
---
 tests/Makefile.include |   4 +-
 tests/pxe-test.c   | 111 +
 2 files changed, 114 insertions(+), 1 deletion(-)

diff --git a/tests/Makefile.include b/tests/Makefile.include
index 70dc711bca..6cdb783753 100644
--- a/tests/Makefile.include
+++ b/tests/Makefile.include
@@ -740,7 +740,8 @@ tests/boot-order-test$(EXESUF): tests/boot-order-test.o 
$(libqos-obj-y)
 tests/boot-serial-test$(EXESUF): tests/boot-serial-test.o $(libqos-obj-y)
 tests/bios-tables-test$(EXESUF): tests/bios-tables-test.o \
tests/boot-sector.o tests/acpi-utils.o $(libqos-obj-y)
-tests/pxe-test$(EXESUF): tests/pxe-test.o tests/boot-sector.o $(libqos-obj-y)
+tests/pxe-test$(EXESUF): tests/pxe-test.o tests/boot-sector.o \
+tests/vhost-user-bridge$(EXESUF) $(libqos-obj-y)
 tests/tmp105-test$(EXESUF): tests/tmp105-test.o $(libqos-omap-obj-y)
 tests/ds1338-test$(EXESUF): tests/ds1338-test.o $(libqos-imx-obj-y)
 tests/m25p80-test$(EXESUF): tests/m25p80-test.o
@@ -849,6 +850,7 @@ $(patsubst %, check-qtest-%, $(QTEST_TARGETS)): 
check-qtest-%: subdir-%-softmmu
$(if $(CONFIG_GCOV),@rm -f *.gcda */*.gcda */*/*.gcda */*/*/*.gcda,)
$(call quiet-command,QTEST_QEMU_BINARY=$*-softmmu/qemu-system-$* \
QTEST_QEMU_IMG=qemu-img$(EXESUF) \
+   QTEST_VUBR_BINARY=./tests/vhost-user-bridge$(EXESUF) \
MALLOC_PERTURB_=$${MALLOC_PERTURB_:-$$(( $${RANDOM:-0} % 255 + 
1))} \
gtester $(GTESTER_OPTIONS) -m=$(SPEED) $(check-qtest-$*-y) 
$(check-qtest-generic-y),"GTESTER","$@")
$(if $(CONFIG_GCOV),@for f in $(gcov-files-$*-y) 
$(gcov-files-generic-y); do \
diff --git a/tests/pxe-test.c b/tests/pxe-test.c
index 937f29e631..d2646ee86d 100644
--- a/tests/pxe-test.c
+++ b/tests/pxe-test.c
@@ -7,6 +7,7 @@
  *  Michael S. Tsirkin ,
  *  Victor Kaplansky 
  *  Thomas Huth 
+ *  Jens Freimann 
  *
  * This work is licensed under the terms of the GNU GPL, version 2 or later.
  * See the COPYING file in the top-level directory.
@@ -14,14 +15,123 @@

 #include "qemu/osdep.h"
 #include 
+#include 
 #include "qemu-common.h"
 #include "libqtest.h"
 #include "boot-sector.h"

+#define LPORT 


Is this used anywhere?


+#define RPORT 


Using a known port is problematic as you can't run
many instances of the test then. I think you want an option
to bind in the parent.


ok 


 #define NETNAME "net0"
+#define QEMU_CMD_MEM"--enable-kvm -m %d "\


enable-kvm won't work on boxes without kvm.
Pls use same technique as other tests to only use kvm
when available.


ok


+"-object memory-backend-file,id=mem,size=%dM,"\
+"mem-path=%s,share=on -numa node,memdev=mem -mem-prealloc 
"


Do we really need prealloc? And why?


We don't need it, I'll remove it.


+#define QEMU_CMD_CHR" -chardev socket,id=%s,path=%s"
+#define QEMU_CMD_NETDEV " -device virtio-net-pci,netdev=net0 "\
+" -netdev vhost-user,id=net0,chardev=%s,vhostforce "\
+" -netdev user,id=n0,tftp=./,bootfile=%s "\
+" -netdev socket,id=n1,fd=%d"
+#define QEMU_CMD_NET" -device virtio-net-pci,netdev=n0 "\
+" -device virtio-net-pci,netdev=n1 "
+
+#define QEMU_CMDQEMU_CMD_MEM QEMU_CMD_CHR \
+QEMU_CMD_NETDEV QEMU_CMD_NET
+
+#define VUBR_SOCK "vubr.sock"
+#define MEMSZ 1024

 static char disk[] = "tests/pxe-test-disk-XX";

+static int vubr_create_socket(struct sockaddr_in *si_remote, int rport)
+{
+int sock;
+
+si_remote->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+if (sock == -1) {
+g_test_message("socket creation failed\n");
+return -1;
+}
+if (connect(sock, (struct sockaddr *) si_remote, sizeof(*si_remote))) {
+g_test_message("connect failed: %s", strerror(errno));
+return -1;
+}
+
+return sock;
+}
+
+static void vubr_watch(GPid pid, gint status, gpointer data)
+{
+g_assert_cmpint(status, ==, 0);
+g_spawn_close_pid(pid);
+}
+
+static void abrt_handler(void *data)
+{
+int *pid = data;
+
+g_spawn_close_pid(*pid);
+kill(*pid, SIGTERM);
+waitpid(*pid, NULL, 0);
+}
+
+static void test_pxe_vhost_user(void)
+{
+char template[] = "/tmp/vhost-user-bridge-XX";
+gchar * vubr_args[] = {NULL, NULL, NULL, NULL};
+struct sockaddr_in si_remote = {
+.sin_family = AF_INET,
+.sin_port = htons(RPORT),
+};
+const char *hugefs = NULL;
+const char *tmpfs = NULL;
+GError *error = NULL;
+char *vubr_binary;
+c

[Qemu-devel] [Bug 1719196] Re: [arm64 ocata] newly created instances are unable to raise network interfaces

[ChristianEhrhardt]

As assumed s390x passed now (so a flaky test), and as outlined before armhf we 
just have to give up.
Looking at the history an override might be the right thing to do.

Other than that all looks good, waiting for the verify by Sean/Andrew
now.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1719196

Title:
  [arm64 ocata] newly created instances are unable to raise network
  interfaces

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Triaged
Status in libvirt:
  New
Status in QEMU:
  Fix Released
Status in libvirt package in Ubuntu:
  Invalid
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Zesty:
  Fix Committed

Bug description:
  [Impact]

   * A change in qemu 2.8 (83d768b virtio: set ISR on dataplane 
 notifications) broke virtio handling on platforms without a 
 controller. Those encounter flaky networking due to missed IRQs

   * Fix is a backport of the upstream fix b4b9862b: virtio: Fix no 
 interrupt when not creating msi controller

  [Test Case]

   * On Arm with Zesty (or Ocata) run a guest without PCI based devices

   * Example in e.g. c#23

   * Without the fix the networking does not work reliably (as it losses 
 IRQs), with the fix it works fine.

  [Regression Potential]

   * Changing the IRQ handling of virtio could affect virtio in general.
 But when reviwing the patch you'll see that it is small and actually 
 only changes to enable IRQ on one more place. That could cause more 
 IRQs than needed in the worst case, but those are usually not 
 breaking but only slowing things down. Also this fix is upstream 
 quite a while, increasing confidence.

  [Other Info]
   
   * There is currently 1720397 in flight in the SRU queue, so acceptance 
 of this upload has to wait until that completes.

  ---

  arm64 Ocata ,

  I'm testing to see I can get Ocata running on arm64 and using the
  openstack-base bundle to deploy it.  I have added the bundle to the
  log file attached to this bug.

  When I create a new instance via nova, the VM comes up and runs,
  however fails to raise its eth0 interface. This occurs on both
  internal and external networks.

  ubuntu@openstackaw:~$ nova list
  
+--+-+++-++
  | ID   | Name| Status | Task State | 
Power State | Networks   |
  
+--+-+++-++
  | dcaf6d51-f81e-4cbd-ac77-0c5d21bde57c | sfeole1 | ACTIVE | -  | 
Running | internal=10.5.5.3  |
  | aa0b8aee-5650-41f4-8fa0-aeccdc763425 | sfeole2 | ACTIVE | -  | 
Running | internal=10.5.5.13 |
  
+--+-+++-++
  ubuntu@openstackaw:~$ nova show aa0b8aee-5650-41f4-8fa0-aeccdc763425
  
+--+--+
  | Property | Value
|
  
+--+--+
  | OS-DCF:diskConfig| MANUAL   
|
  | OS-EXT-AZ:availability_zone  | nova 
|
  | OS-EXT-SRV-ATTR:host | awrep3   
|
  | OS-EXT-SRV-ATTR:hypervisor_hostname  | awrep3.maas  
|
  | OS-EXT-SRV-ATTR:instance_name| instance-0003
|
  | OS-EXT-STS:power_state   | 1
|
  | OS-EXT-STS:task_state| -
|
  | OS-EXT-STS:vm_state  | active   
|
  | OS-SRV-USG:launched_at   | 2017-09-24T14:23:08.00   
|
  | OS-SRV-USG:terminated_at | -
|
  | accessIPv4   |  
|
  | accessIPv6   |  
|
  | config_drive |  
|
  | created  | 2017-09-24T14:22:41Z 
|
  | flavor   | m1.small 
(717660ae-0440-4b19-a762-ffeb32a0575c)  |
  | hostId   | 
5612a00671

Re: [Qemu-devel] [PATCH v5.1 1/8] xen: link against xentoolcore

[Ian Jackson]

Stefano Stabellini writes ("Re: [PATCH v5.1 1/8] xen: link against 
xentoolcore"):
> On Fri, 20 Oct 2017, Ian Jackson wrote:
> >then
> > -  xen_stable_libs="-lxendevicemodel $xen_stable_libs"
> > +  xen_stable_libs="-lxendevicemodel $xen_stable_libs -lxentoolcore"
> 
> Is it on purpose that -lxentoolcore is at the end of this string rather
> than before $xen_stable_libs?

Yes.  xentoolcore is required by the other libraries, and this is
therefore the correct ordering for situations where the link order
matters.

> In any case
> 
> Acked-by: Stefano Stabellini 

Thanks,
Ian.

Re: [Qemu-devel] [PULL 00/35] Block layer patches

[Peter Maydell]

On 26 October 2017 at 14:17, Kevin Wolf  wrote:
> The following changes since commit ae49fbbcd8e4e9d8bf7131add34773f579e1aff7:
>
>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20171025' into 
> staging (2017-10-25 16:38:57 +0100)
>
> are available in the git repository at:
>
>   git://repo.or.cz/qemu/kevin.git tags/for-upstream
>
> for you to fetch changes up to 4254d01ce4eec9a3ccf320d14e2da132b8ad4a51:
>
>   Merge remote-tracking branch 'mreitz/tags/pull-block-2017-10-26' into 
> queue-block (2017-10-26 15:02:40 +0200)
>
> 
> Block layer patches

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Jiri Denemark]

On Thu, Oct 26, 2017 at 10:09:46 +0200, David Hildenbrand wrote:
> On 25.10.2017 18:45, Marc Hartmayer wrote:
> > On Wed, Oct 25, 2017 at 05:50 PM +0200, David Hildenbrand 
> >  wrote:
> >> On 25.10.2017 17:09, Boris Fiuczynski wrote:
> >>> David, I disagree if your proposal is to generally tolerate new cpu
> >>> features in old machine types. This *might* work for gs but how do you
> >>> guaranty that guests do not behave differently/wrong when suddenly new
> >>> cpu features are made available to guest when (re-)starting them.
> >>> That is my feedback for the qemu side of this mater.
> >>
> >> Just re-reading this section, so what you mean is:
> >>
> >> a) guest is started, host model is copied and used. guest works.
> >> b) guest is stopped.
> >> c) QEMU/KVM/HW is updated.
> >> d) guest is started, new host model is copied. guest no longer works.
> >>
> >> d) could be because there are now some additional features with e.g.
> >> broken guest implementation or now missing features.
> >>
> >>
> >> What you propose (if I am not wrong) is a to bind features somehow to a
> >> QEMU machine. I think that should never be done. You could not catch now
> >> missing features.
> > 
> > What exactly do you mean by the last sentence?
> 
> In general, up/downgrading QEMU/KVM/HW can lead to the removal of features.
> 
> Another example is the "nested" flag for KVM. toggling that can lead to
> the host feature looking differently (+/- SIE features).
> 
> So if you really want to make sure that a VM XML that once ran perfectly
> fine on a host will still run after any QEMU/KVM/HW changes on that host:
> 
> a) specify an explicit CPU model, not the host model (e.g. "z13")
> b) copy the host model to the XML persistently.
> 
> Linking any of that to the machine types is in my opinion the very wrong
> approach.

I agree, we should do that only if it's really impossible to even create
a machine with a given machine type in combination with some CPU models.
And I believe this is not the case.

The host-model CPU guarantees guest ABI only while a domain is running.
Once it stops and a user starts it again, the ABI seen by the guest OS
may be different and this may sometimes cause the guest OS won't start.
It's pretty similar to what can happen when you change the machine type.
Of course, machine type doesn't change automatically while host-model
CPUs do change. But that's just how host-model is defined. If you don't
want this to happen, you should use a specific CPU model; you can copy
it from domain capabilities XML to make a persistent version of a
host-model CPU.

BTW, using host-model CPU may actually break migration to host with
older QEMU even though an old machine type is used. This is OK since
host-model may bring features which are not supported on the older host
and backward migration is only supported when no new features are used.
However, if a domain with a host-model CPU was started on the old host
and migrated to the new one, migrating it back to the old one is
supported and it will work.

Jirka

Re: [Qemu-devel] [PATCH v5.1 6/8] xen: destroy_hvm_domain: Try xendevicemodel_shutdown

[Ian Jackson]

Stefano Stabellini writes ("Re: [PATCH v5.1 6/8] xen: destroy_hvm_domain: Try 
xendevicemodel_shutdown"):
> On Fri, 20 Oct 2017, Ian Jackson wrote:
> > xc_interface_open etc. is not going to work if we have dropped
> > privilege, but xendevicemodel_shutdown will if everything is new
> > enough.
> > 
> > xendevicemodel_shutdown is only availabe in Xen 4.10 and later, so
> > provide a stub for earlier versions.
...
> > +if (xen_dmod) {
> > +rc = xendevicemodel_shutdown(xen_dmod, xen_domid, reason);
> > +if (!rc) {
> > +return;
> > +}
> > +perror("xendevicemodel_shutdown failed");
> 
> I don't think is a good idea to print an error because this is actually
> a normal condition when QEMU is build and run against an older Xen.
> Users might get confused when looking at the logs.

Oh.  Yes.  I wrote this before I provided the fallback stub in
xen_common.h, and therefore before I properly understood the approach
taken to fallbacks.  The fallback logic here is not correct.

> But it would be correct to print an error if errno != ENOTTY.

Indeed.

I have changed it to read like this:

if (xen_dmod) {
rc = xendevicemodel_shutdown(xen_dmod, xen_domid, reason);
if (!rc) {
return;
}
if (errno != ENOTTY /* old Xen */)
perror("xendevicemodel_shutdown failed");
/* well, try the old thing then */
}

Thanks,
Ian.

Re: [Qemu-devel] [PATCH 3/4] block/parallels: Don't update header until the first actual write

[Jeff Cody]

On Fri, Oct 27, 2017 at 11:09:19AM +0200, Kevin Wolf wrote:
> Am 27.10.2017 um 10:57 hat Jeff Cody geschrieben:
> > The on disk image format 'inuse' header field is updated blindly if the
> > image is opened RDWR.  This can cause problems if the QEMU runstate is
> > set to INMIGRATE, at which point the underlying file is set to INACTIVE.
> > This causes an assert in bdrv_co_pwritev().
> > 
> > Do something similar to what is done in VHDX; latch the first write, and
> > update the header the first time we modify the file.
> > 
> > Signed-off-by: Jeff Cody 
> 
> For VHDX, it seems that we have to have the header update in the write
> path anyway, so it might be justifiable, but I think for parallels, it's
> just ugly.
> 

A bit ugly.  I think we could get around VHDX needing to do it as well; it
does it in the write path for two scenarios:

* First normal write, or
* Journal log replay, if dirty, on open (if r/w)

The log check happens early in vhdx_open().  If it does not write anything,
then we can just write the headers during the open like normal, if we are
R/W (and !BDRV_O_INACTIVE, of course).

> The conservative approach to this would be doing the header write in
> .bdrv_open() only if BDRV_O_INACTIVE is cleared, and otherwise do it
> during .bdrv_invalidate_cache().

What scenarios cause BDRV_O_INACTIVE to not be set on bs, but set on
bs->file-bs?

> By the way, random design thought: It might make sense to change
> .bdrv_open() so that it always opens inactive images and then call
> .bdrv_invalidate_cache() (possibly renamed to .bdrv_activate())
> unconditionally even without migration.
> 
> Kevin

Re: [Qemu-devel] [PATCH v5.1 2/8] xen: restrict: use xentoolcore_restrict_all

[Ian Jackson]

Stefano Stabellini writes ("Re: [PATCH v5.1 2/8] xen: restrict: use 
xentoolcore_restrict_all"):
> On Fri, 20 Oct 2017, Ian Jackson wrote:
...
> > Drop individual use of xendevicemodel_restrict and
> > xenforeignmemory_restrict.  These are not actually effective in this
> > version of qemu, because qemu has a large number of fds open onto
> > various Xen control devices.
...
> Wait, if the compat stub returns error, and this patch removed the code
> to check for ENOTTY, doesn't it prevent any QEMU compiled against older
> Xen from working?
> 
> Or am I missing something?

You are right, but this is intended.  The paragraph I quote in the
commit message above is intended to explain.

That is: without xentoolcore_restrict_all, -xen-domid-restrict is a
booby-trap.  It does not actually prevent a compromised qemu from
doing anything.  So there is no reason to pass it in such a
configuration.  If you do pass it it is better for the domain startup
to fail, than for it to carry on without the restriction.

The only reason I am not saying someone should be issuing an advisory
is that this feature was never supported by any of the Xen toolstacks.

Thanks,
Ian.

Re: [Qemu-devel] Crash with odd chardev setup

[Dr. David Alan Gilbert]

* Dr. David Alan Gilbert (dgilb...@redhat.com) wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > On Wed, Oct 25, 2017 at 07:00:14PM +0100, Dr. David Alan Gilbert wrote:
> > > Hi Dan,
> > >   I've got a crash in head (and 2.10) which is a bit of a heisenbug;
> > > I can trigger it with:
> > > 
> > > ./qemu-system-x86_64 -netdev tap,id=hostnet0,vhost=on,fd=10   -chardev 
> > > socket,id=charchannel0,path=/tmp/org.qemu.guest_agent.0,server,nowait  
> > > -monitor stdio -vnc :0
> > > 
> > > and then 'q' to quit.
> > 
> > Hmm, that doesn't trigger for me on git master at least.
> 
> Hmm.
> 
> > > Note I'm not doing a redirect in of fd 10.
> > 
> > So it's trying & failing to setup the tap dev, right ?
> > 
> > eg you see this:
> > 
> > #  ./x86_64-softmmu/qemu-system-x86_64 -netdev 
> > tap,id=hostnet0,vhost=on,fd=10   -chardev 
> > socket,id=charchannel0,path=/tmp/org.qemu.guest_agent.0,server,nowait  
> > -monitor stdio -vnc :0
> > qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=10: TUNGETIFF 
> > ioctl() failed: Invalid argument
> > QEMU 2.10.50 monitor - type 'help' for more information
> > (qemu) qemu-system-x86_64: warning: netdev hostnet0 has no peer
> > 
> > (qemu) q
> > 
> > 
> > Except it crashes at the end ?
> 
> Right.
> 
> > 
> > 
> > > It goes away if I remove either the -netdev or the -chardev option.
> > > 
> > > It doesn't trigger under gdb, but fortunately we get a core:
> > > 
> > > #0  0x55a226d94a2e in socket_listen_cleanup (fd=, 
> > > errp=errp@entry=0x7fff3585e8c0)
> > > at /root/qemu/util/qemu-sockets.c:1077
> > > 1077  if (addr->type == SOCKET_ADDRESS_TYPE_UNIX
> > > 1078  && addr->u.q_unix.path) {
> > > 1079  if (unlink(addr->u.q_unix.path) < 0 && errno != ENOENT) 
> > > {
> > 
> > Can you see from the core whether one of those pointers is NULL, or is there
> > a complete garbage pointer ?
> 
> Gdb showed all the pointers as optimised out I think.
> 
> > I wonder if it triggers if you run QEMU under valgrind ? 
> 
> It does, but it shows: 
> ==29930== Thread 1:
> ==29930== Invalid read of size 4
> ==29930==at 0x6F3A2E: socket_listen_cleanup (qemu-sockets.c:1077)
> ==29930==by 0x6A142A: qio_channel_socket_finalize (channel-socket.c:388)
> ==29930==by 0x61BA91: object_deinit (object.c:462)
> ==29930==by 0x61BA91: object_finalize (object.c:476)
> ==29930==by 0x61BA91: object_unref (object.c:911)
> ==29930==by 0x6924C8: char_socket_finalize (char-socket.c:805)
> ==29930==by 0x61BA91: object_deinit (object.c:462)
> ==29930==by 0x61BA91: object_finalize (object.c:476)
> ==29930==by 0x61BA91: object_unref (object.c:911)
> ==29930==by 0x61BACB: object_property_del_all (object.c:413)
> ==29930==by 0x61BACB: object_finalize (object.c:475)
> ==29930==by 0x61BACB: object_unref (object.c:911)
> ==29930==by 0x61AA86: object_property_del_child.isra.7 (object.c:436)
> ==29930==by 0x3263FE: main (vl.c:4914)
> ==29930==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
> 
> so I guess one of the pointers is NULL;   I guess I need a few printf's.

I can get rid of the actual crash by changing socket_listen_cleanup;

@@ -1074,7 +1074,7 @@ void socket_listen_cleanup(int fd, Error **errp)

 addr = socket_local_address(fd, errp);

-if (addr->type == SOCKET_ADDRESS_TYPE_UNIX
+if (addr && addr->type == SOCKET_ADDRESS_TYPE_UNIX
 && addr->u.q_unix.path) {

socket_local_address is failing with :
socket_listen_cleanup: fd=10 addr=(nil)
qemu-system-x86_64: Unable to query local socket address: Bad file descriptor

The difference under gdb seems to be the fd in cleanup is fd=14 so isn't
the same one as the bad fd passed in (I don't really understand why).

Dave
> Dave
> 
> > 
> > Regards,
> > Daniel
> > -- 
> > |: https://berrange.com  -o-https://www.flickr.com/photos/dberrange 
> > :|
> > |: https://libvirt.org -o-https://fstop138.berrange.com 
> > :|
> > |: https://entangle-photo.org-o-https://www.instagram.com/dberrange 
> > :|
> --
> Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH v5.1 7/8] os-posix: Provide new -runas : facility

[Ian Jackson]

Stefano Stabellini writes ("Re: [PATCH v5.1 7/8] os-posix: Provide new -runas 
: facility"):
> CC'ing the maintainers (scripts/get_maintainer.pl is your friend)

I don't know what your scripts/get_maintainer.pl does, but mine
says:

  get_maintainer.pl: No maintainers found, printing recent contributors.
  get_maintainer.pl: Do not blindly cc: them on patches!  Use common sense.

  Anthony PERARD  (commit_signer:1/2=50%)
  Paolo Bonzini  
(commit_signer:1/2=50%,commit_signer:11/57=19%)
  Ian Jackson  (commit_signer:1/2=50%)
  Michael Tokarev  (commit_signer:12/57=21%)
  Eric Blake  (commit_signer:10/57=18%)
  Thomas Huth  (commit_signer:8/57=14%)
  Markus Armbruster  (commit_signer:8/57=14%)
  qemu-devel@nongnu.org (open list:POSIX)

I have added Paolo, Markus and Daniel Berrange to the CCs of my patch
on the basis that they have commented already...

Thanks,
Ian.

[Qemu-devel] [PATCH v6 05/12] nbd/server: Simplify nbd_negotiate_options loop

[Eric Blake]

Instead of making each caller check whether a transmission error
occurred, we can sink a common error check to the end of the loop.

Signed-off-by: Eric Blake 

---
v6: split from length validation [Vladimir]
---
 nbd/server.c | 18 +++---
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index 05ff7470d5..6af708662d 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -698,9 +698,6 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
  "Option 0x%" PRIx32
  "not permitted before TLS",
  option);
-if (ret < 0) {
-return ret;
-}
 /* Let the client keep trying, unless they asked to
  * quit. In this mode, we've already sent an error, so
  * we can't ack the abort.  */
@@ -713,9 +710,6 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
 switch (option) {
 case NBD_OPT_LIST:
 ret = nbd_negotiate_handle_list(client, length, errp);
-if (ret < 0) {
-return ret;
-}
 break;

 case NBD_OPT_ABORT:
@@ -738,9 +732,6 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
 assert(option == NBD_OPT_GO);
 return 0;
 }
-if (ret) {
-return ret;
-}
 break;

 case NBD_OPT_STARTTLS:
@@ -758,9 +749,6 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
  option, errp,
  "TLS not configured");
 }
-if (ret < 0) {
-return ret;
-}
 break;
 default:
 if (nbd_drop(client->ioc, length, errp) < 0) {
@@ -772,9 +760,6 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
  "Unsupported option 0x%"
  PRIx32 " (%s)", option,
  nbd_opt_lookup(option));
-if (ret < 0) {
-return ret;
-}
 break;
 }
 } else {
@@ -794,6 +779,9 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
 return -EINVAL;
 }
 }
+if (ret < 0) {
+return ret;
+}
 }
 }

-- 
2.13.6

[Qemu-devel] [PATCH v6 02/12] nbd: Move nbd_errno_to_system_errno() to public header

[Eric Blake]

This is needed in preparation for structured reply handling,
as we will be performing the translation from NBD error to
system errno value higher in the stack at block/nbd-client.c.

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/nbd.h | 13 +
 nbd/nbd-internal.h  | 12 
 nbd/client.c| 32 
 nbd/common.c| 34 ++
 nbd/trace-events|  4 +++-
 5 files changed, 50 insertions(+), 45 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index a6df5ce8b5..dc62b5cd19 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -149,6 +149,18 @@ enum {
  * aren't overflowing some other buffer. */
 #define NBD_MAX_NAME_SIZE 256

+/* NBD errors are based on errno numbers, so there is a 1:1 mapping,
+ * but only a limited set of errno values is specified in the protocol.
+ * Everything else is squashed to EINVAL.
+ */
+#define NBD_SUCCESS0
+#define NBD_EPERM  1
+#define NBD_EIO5
+#define NBD_ENOMEM 12
+#define NBD_EINVAL 22
+#define NBD_ENOSPC 28
+#define NBD_ESHUTDOWN  108
+
 /* Details collected by NBD_OPT_EXPORT_NAME and NBD_OPT_GO */
 struct NBDExportInfo {
 /* Set by client before nbd_receive_negotiate() */
@@ -172,6 +184,7 @@ int nbd_send_request(QIOChannel *ioc, NBDRequest *request);
 int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, Error **errp);
 int nbd_client(int fd);
 int nbd_disconnect(int fd);
+int nbd_errno_to_system_errno(int err);

 typedef struct NBDExport NBDExport;
 typedef struct NBDClient NBDClient;
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 4bfe5be884..df6c8b2f24 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -64,18 +64,6 @@
 #define NBD_SET_TIMEOUT _IO(0xab, 9)
 #define NBD_SET_FLAGS   _IO(0xab, 10)

-/* NBD errors are based on errno numbers, so there is a 1:1 mapping,
- * but only a limited set of errno values is specified in the protocol.
- * Everything else is squashed to EINVAL.
- */
-#define NBD_SUCCESS0
-#define NBD_EPERM  1
-#define NBD_EIO5
-#define NBD_ENOMEM 12
-#define NBD_EINVAL 22
-#define NBD_ENOSPC 28
-#define NBD_ESHUTDOWN  108
-
 /* nbd_read_eof
  * Tries to read @size bytes from @ioc.
  * Returns 1 on success
diff --git a/nbd/client.c b/nbd/client.c
index 59d7c9d49f..50f36b511e 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -22,38 +22,6 @@
 #include "trace.h"
 #include "nbd-internal.h"

-static int nbd_errno_to_system_errno(int err)
-{
-int ret;
-switch (err) {
-case NBD_SUCCESS:
-ret = 0;
-break;
-case NBD_EPERM:
-ret = EPERM;
-break;
-case NBD_EIO:
-ret = EIO;
-break;
-case NBD_ENOMEM:
-ret = ENOMEM;
-break;
-case NBD_ENOSPC:
-ret = ENOSPC;
-break;
-case NBD_ESHUTDOWN:
-ret = ESHUTDOWN;
-break;
-default:
-trace_nbd_unknown_error(err);
-/* fallthrough */
-case NBD_EINVAL:
-ret = EINVAL;
-break;
-}
-return ret;
-}
-
 /* Definitions for opaque data types */

 static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
diff --git a/nbd/common.c b/nbd/common.c
index 7456021f7e..593904f148 100644
--- a/nbd/common.c
+++ b/nbd/common.c
@@ -18,6 +18,7 @@

 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "trace.h"
 #include "nbd-internal.h"

 /* Discard length bytes from channel.  Return -errno on failure and 0 on
@@ -171,3 +172,36 @@ const char *nbd_err_lookup(int err)
 return "";
 }
 }
+
+
+int nbd_errno_to_system_errno(int err)
+{
+int ret;
+switch (err) {
+case NBD_SUCCESS:
+ret = 0;
+break;
+case NBD_EPERM:
+ret = EPERM;
+break;
+case NBD_EIO:
+ret = EIO;
+break;
+case NBD_ENOMEM:
+ret = ENOMEM;
+break;
+case NBD_ENOSPC:
+ret = ENOSPC;
+break;
+case NBD_ESHUTDOWN:
+ret = ESHUTDOWN;
+break;
+default:
+trace_nbd_unknown_error(err);
+/* fallthrough */
+case NBD_EINVAL:
+ret = EINVAL;
+break;
+}
+return ret;
+}
diff --git a/nbd/trace-events b/nbd/trace-events
index 920c8a0e5e..ab3d7dad4f 100644
--- a/nbd/trace-events
+++ b/nbd/trace-events
@@ -1,5 +1,4 @@
 # nbd/client.c
-nbd_unknown_error(int err) "Squashing unexpected error %d to EINVAL"
 nbd_send_option_request(uint32_t opt, const char *name, uint32_t len) "Sending 
option request %" PRIu32" (%s), len %" PRIu32
 nbd_receive_option_reply(uint32_t option, const char *optname, uint32_t type, 
const char *typename, uint32_t length) "Received option reply 0x%" PRIx32" 
(%s), type 0x%" PRIx32" (%s), len %" PRIu32
 nbd_reply_err_unsup(uint32_t option, const char *name) "server doesn't 
understand request 0x%" PRIx32 " (%s), attempting fallback"
@@ -31,6 +30,9 @@ nbd_client_clea

Re: [Qemu-devel] [PATCH v5.1 8/8] configure: do_compiler: Dump some extra info under bash

[Ian Jackson]

Stefano Stabellini writes ("Re: [PATCH v5.1 8/8] configure: do_compiler: Dump 
some extra info under bash"):
> CC'ing the maintainers for this.

Thanks, but scripts/get_maintainer.pl seems to print different
information for me... (see my other mail)

Ian.

[Qemu-devel] [PATCH v6 00/12] nbd minimal structured read

[Eric Blake]

I've incorporated a few more tweaks since v5, addressing the various
bugs I pointed out there:
https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg04817.html
- make sure iotests pass
- split a large patch
- consistently use absolute offsets
- clean up awkward logic in handling option requests

I plan to send a pull request before Tuesday's freeze deadline; with a
plan to do lots of interoperability testing (including validation of
behavior against a server that sends more than one chunk for a read),
and with any resulting bug fixes trying to land as soon as possible
during the freeze.

I'm also a bit disappointed that iotest 83 is more verbose. I'll post a
follow RFC that undoes the verbosity regression, as evidence that we
should probably be tracing things instead; such a cleanup would count
as a bug fix, even if my pull request includes this series as-is.

001/12:[] [--] 'nbd: Include error names in trace messages'
002/12:[] [--] 'nbd: Move nbd_errno_to_system_errno() to public header'
003/12:[] [--] 'nbd: Expose constants and structs for structured read'
004/12:[] [--] 'nbd/server: Report error for write to read-only export'
005/12:[down] 'nbd/server: Simplify nbd_negotiate_options loop'
006/12:[0066] [FC] 'nbd/server: Refactor zero-length option check'
007/12:[0007] [FC] 'nbd: Minimal structured read for server'
008/12:[] [--] 'nbd/server: Include human-readable message in structured 
errors'
009/12:[0004] [FC] 'nbd/client: refactor nbd_receive_starttls'
010/12:[] [--] 'nbd/client: prepare nbd_receive_reply for structured reply'
011/12:[] [--] 'nbd: Move nbd_read() to common header'
012/12:[0055] [FC] 'nbd: Minimal structured read for client'

Eric Blake (8):
  nbd: Include error names in trace messages
  nbd: Move nbd_errno_to_system_errno() to public header
  nbd: Expose constants and structs for structured read
  nbd/server: Report error for write to read-only export
  nbd/server: Simplify nbd_negotiate_options loop
  nbd/server: Refactor zero-length option check
  nbd/server: Include human-readable message in structured errors
  nbd: Move nbd_read() to common header

Vladimir Sementsov-Ogievskiy (4):
  nbd: Minimal structured read for server
  nbd/client: refactor nbd_receive_starttls
  nbd/client: prepare nbd_receive_reply for structured reply
  nbd: Minimal structured read for client

 block/nbd-client.h |   1 +
 include/block/nbd.h| 106 +-
 nbd/nbd-internal.h |  23 +--
 block/nbd-client.c | 492 ++---
 nbd/client.c   | 217 +---
 nbd/common.c   |  84 
 nbd/server.c   | 209 ++-
 nbd/trace-events   |  15 +-
 tests/qemu-iotests/083.out |  15 ++
 9 files changed, 968 insertions(+), 194 deletions(-)

-- 
2.13.6

[Qemu-devel] [PATCH v6 03/12] nbd: Expose constants and structs for structured read

[Eric Blake]

Upcoming patches will implement the NBD structured reply
extension [1] for both client and server roles.  Declare the
constants, structs, and lookup routines that will be valuable
whether the server or client code is backported in isolation.

This includes moving one constant from an internal header to
the public header, as part of the structured read processing
will be done in block/nbd-client.c rather than nbd/client.c.

[1]https://github.com/NetworkBlockDevice/nbd/blob/extension-structured-reply/doc/proto.md

Based on patches from Vladimir Sementsov-Ogievskiy.

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 

---
v6: add R-b
---
 include/block/nbd.h | 41 +
 nbd/nbd-internal.h  |  2 +-
 nbd/common.c| 27 +++
 nbd/server.c|  2 ++
 4 files changed, 71 insertions(+), 1 deletion(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index dc62b5cd19..225e9575e4 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -69,6 +69,28 @@ typedef struct NBDSimpleReply {
 uint64_t handle;
 } QEMU_PACKED NBDSimpleReply;

+/* Header of all structured replies */
+typedef struct NBDStructuredReplyChunk {
+uint32_t magic;  /* NBD_STRUCTURED_REPLY_MAGIC */
+uint16_t flags;  /* combination of NBD_REPLY_FLAG_* */
+uint16_t type;   /* NBD_REPLY_TYPE_* */
+uint64_t handle; /* request handle */
+uint32_t length; /* length of payload */
+} QEMU_PACKED NBDStructuredReplyChunk;
+
+/* Header of NBD_REPLY_TYPE_OFFSET_DATA, complete NBD_REPLY_TYPE_OFFSET_HOLE */
+typedef struct NBDStructuredRead {
+NBDStructuredReplyChunk h;
+uint64_t offset;
+} QEMU_PACKED NBDStructuredRead;
+
+/* Header of all NBD_REPLY_TYPE_ERROR* errors */
+typedef struct NBDStructuredError {
+NBDStructuredReplyChunk h;
+uint32_t error;
+uint16_t message_length;
+} QEMU_PACKED NBDStructuredError;
+
 /* Transmission (export) flags: sent from server to client during handshake,
but describe what will happen during transmission */
 #define NBD_FLAG_HAS_FLAGS (1 << 0) /* Flags are there */
@@ -79,6 +101,7 @@ typedef struct NBDSimpleReply {
rotational media */
 #define NBD_FLAG_SEND_TRIM (1 << 5) /* Send TRIM (discard) */
 #define NBD_FLAG_SEND_WRITE_ZEROES (1 << 6) /* Send WRITE_ZEROES */
+#define NBD_FLAG_SEND_DF   (1 << 7) /* Send DF (Do not Fragment) */

 /* New-style handshake (global) flags, sent from server to client, and
control what will happen during handshake phase. */
@@ -125,6 +148,7 @@ typedef struct NBDSimpleReply {
 /* Request flags, sent from client to server during transmission phase */
 #define NBD_CMD_FLAG_FUA(1 << 0) /* 'force unit access' during write */
 #define NBD_CMD_FLAG_NO_HOLE(1 << 1) /* don't punch hole on zero run */
+#define NBD_CMD_FLAG_DF (1 << 2) /* don't fragment structured read */

 /* Supported request types */
 enum {
@@ -149,6 +173,22 @@ enum {
  * aren't overflowing some other buffer. */
 #define NBD_MAX_NAME_SIZE 256

+/* Two types of reply structures */
+#define NBD_SIMPLE_REPLY_MAGIC  0x67446698
+#define NBD_STRUCTURED_REPLY_MAGIC  0x668e33ef
+
+/* Structured reply flags */
+#define NBD_REPLY_FLAG_DONE  (1 << 0) /* This reply-chunk is last */
+
+/* Structured reply types */
+#define NBD_REPLY_ERR(value) ((1 << 15) | (value))
+
+#define NBD_REPLY_TYPE_NONE  0
+#define NBD_REPLY_TYPE_OFFSET_DATA   1
+#define NBD_REPLY_TYPE_OFFSET_HOLE   2
+#define NBD_REPLY_TYPE_ERROR NBD_REPLY_ERR(1)
+#define NBD_REPLY_TYPE_ERROR_OFFSET  NBD_REPLY_ERR(2)
+
 /* NBD errors are based on errno numbers, so there is a 1:1 mapping,
  * but only a limited set of errno values is specified in the protocol.
  * Everything else is squashed to EINVAL.
@@ -159,6 +199,7 @@ enum {
 #define NBD_ENOMEM 12
 #define NBD_EINVAL 22
 #define NBD_ENOSPC 28
+#define NBD_EOVERFLOW  75
 #define NBD_ESHUTDOWN  108

 /* Details collected by NBD_OPT_EXPORT_NAME and NBD_OPT_GO */
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index df6c8b2f24..4f24d6e57d 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -47,7 +47,6 @@
 #define NBD_OLDSTYLE_NEGOTIATE_SIZE (8 + 8 + 8 + 4 + 124)

 #define NBD_REQUEST_MAGIC   0x25609513
-#define NBD_SIMPLE_REPLY_MAGIC  0x67446698
 #define NBD_OPTS_MAGIC  0x49484156454F5054LL
 #define NBD_CLIENT_MAGIC0x420281861253LL
 #define NBD_REP_MAGIC   0x0003e889045565a9LL
@@ -114,6 +113,7 @@ const char *nbd_opt_lookup(uint32_t opt);
 const char *nbd_rep_lookup(uint32_t rep);
 const char *nbd_info_lookup(uint16_t info);
 const char *nbd_cmd_lookup(uint16_t info);
+const char *nbd_reply_type_lookup(uint16_t type);
 const char *nbd_err_lookup(int err);

 int nbd_drop(QIOChannel *ioc, size_t size, Error **errp);
diff --git a/nbd/common.c b/nbd/common.c
index 593904f148..6047d71748 100644
--- a/

[Qemu-devel] [PATCH v6 06/12] nbd/server: Refactor zero-length option check

[Eric Blake]

Consolidate the response for a non-zero-length option payload
into a new function, nbd_reject_length().  This check will
also be used when introducing support for structured replies.

Note that STARTTLS response differs based on time: if the connection
is still unencrypted, we set fatal to true (a client that can't
request TLS correctly may still think that we are ready to start
the TLS handshake, so we must disconnect); while if the connection
is already encrypted, the client is sending a bogus request but
is no longer at risk of being confused by continuing the connection.

Signed-off-by: Eric Blake 

---
v6: split, rework logic to avoid subtle regression on starttls [Vladimir]
v5: new patch
---
 nbd/server.c | 74 +---
 1 file changed, 46 insertions(+), 28 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index 6af708662d..a98f5622c9 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -253,21 +253,10 @@ static int nbd_negotiate_send_rep_list(QIOChannel *ioc, 
NBDExport *exp,

 /* Process the NBD_OPT_LIST command, with a potential series of replies.
  * Return -errno on error, 0 on success. */
-static int nbd_negotiate_handle_list(NBDClient *client, uint32_t length,
- Error **errp)
+static int nbd_negotiate_handle_list(NBDClient *client, Error **errp)
 {
 NBDExport *exp;

-if (length) {
-if (nbd_drop(client->ioc, length, errp) < 0) {
-return -EIO;
-}
-return nbd_negotiate_send_rep_err(client->ioc,
-  NBD_REP_ERR_INVALID, NBD_OPT_LIST,
-  errp,
-  "OPT_LIST should not have length");
-}
-
 /* For each export, send a NBD_REP_SERVER reply. */
 QTAILQ_FOREACH(exp, &exports, next) {
 if (nbd_negotiate_send_rep_list(client->ioc, exp, errp)) {
@@ -531,7 +520,6 @@ static int nbd_negotiate_handle_info(NBDClient *client, 
uint32_t length,
 /* Handle NBD_OPT_STARTTLS. Return NULL to drop connection, or else the
  * new channel for all further (now-encrypted) communication. */
 static QIOChannel *nbd_negotiate_handle_starttls(NBDClient *client,
- uint32_t length,
  Error **errp)
 {
 QIOChannel *ioc;
@@ -540,15 +528,6 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient 
*client,

 trace_nbd_negotiate_handle_starttls();
 ioc = client->ioc;
-if (length) {
-if (nbd_drop(ioc, length, errp) < 0) {
-return NULL;
-}
-nbd_negotiate_send_rep_err(ioc, NBD_REP_ERR_INVALID, NBD_OPT_STARTTLS,
-   errp,
-   "OPT_STARTTLS should not have length");
-return NULL;
-}

 if (nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK,
NBD_OPT_STARTTLS, errp) < 0) {
@@ -584,6 +563,34 @@ static QIOChannel *nbd_negotiate_handle_starttls(NBDClient 
*client,
 return QIO_CHANNEL(tioc);
 }

+/* nbd_reject_length: Handle any unexpected payload.
+ * @fatal requests that we quit talking to the client, even if we are able
+ * to successfully send an error to the guest.
+ * Return:
+ * -errno  transmission error occurred or @fatal was requested, errp is set
+ * 0   error message successfully sent to client, errp is not set
+ */
+static int nbd_reject_length(NBDClient *client, uint32_t length,
+ uint32_t option, bool fatal, Error **errp)
+{
+int ret;
+
+assert(length);
+if (nbd_drop(client->ioc, length, errp) < 0) {
+return -EIO;
+}
+ret = nbd_negotiate_send_rep_err(client->ioc, NBD_REP_ERR_INVALID,
+ option, errp,
+ "option '%s' should have zero length",
+ nbd_opt_lookup(option));
+if (fatal && !ret) {
+error_setg(errp, "option '%s' should have zero length",
+   nbd_opt_lookup(option));
+return -EINVAL;
+}
+return ret;
+}
+
 /* nbd_negotiate_options
  * Process all NBD_OPT_* client option commands, during fixed newstyle
  * negotiation.
@@ -674,7 +681,13 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
 }
 switch (option) {
 case NBD_OPT_STARTTLS:
-tioc = nbd_negotiate_handle_starttls(client, length, errp);
+if (length) {
+/* Unconditionally drop the connection if the client
+ * can't start a TLS negotiation correctly */
+nbd_reject_length(client, length, option, true, errp);
+return -EINVAL;
+}
+tioc = nbd_negotiate_handle_starttls(client, errp);
 if (!tioc) {
 return -EIO;
  

[Qemu-devel] [PATCH v6 01/12] nbd: Include error names in trace messages

[Eric Blake]

NBD errors were originally sent over the wire based on Linux errno
values; but not all the world is Linux, and not all platforms share
the same values.  Since a number isn't very easy to decipher on all
platforms, update the trace messages to include the name of NBD
errors being sent/received over the wire.  Tweak the trace messages
to be at the point where we are using the NBD error, not the
translation to the host errno values.

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 

---
v5: trivial whitespace tweak
---
 nbd/nbd-internal.h |  1 +
 nbd/client.c   |  3 ++-
 nbd/common.c   | 23 +++
 nbd/server.c   |  3 ++-
 nbd/trace-events   |  4 ++--
 5 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 11a130d050..4bfe5be884 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -126,6 +126,7 @@ const char *nbd_opt_lookup(uint32_t opt);
 const char *nbd_rep_lookup(uint32_t rep);
 const char *nbd_info_lookup(uint16_t info);
 const char *nbd_cmd_lookup(uint16_t info);
+const char *nbd_err_lookup(int err);

 int nbd_drop(QIOChannel *ioc, size_t size, Error **errp);

diff --git a/nbd/client.c b/nbd/client.c
index cd5a2c80ac..59d7c9d49f 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -940,6 +940,8 @@ int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, 
Error **errp)
 reply->error  = ldl_be_p(buf + 4);
 reply->handle = ldq_be_p(buf + 8);

+trace_nbd_receive_reply(magic, reply->error, nbd_err_lookup(reply->error),
+reply->handle);
 reply->error = nbd_errno_to_system_errno(reply->error);

 if (reply->error == ESHUTDOWN) {
@@ -947,7 +949,6 @@ int nbd_receive_reply(QIOChannel *ioc, NBDReply *reply, 
Error **errp)
 error_setg(errp, "server shutting down");
 return -EINVAL;
 }
-trace_nbd_receive_reply(magic, reply->error, reply->handle);

 if (magic != NBD_SIMPLE_REPLY_MAGIC) {
 error_setg(errp, "invalid magic (got 0x%" PRIx32 ")", magic);
diff --git a/nbd/common.c b/nbd/common.c
index 59a5316be9..7456021f7e 100644
--- a/nbd/common.c
+++ b/nbd/common.c
@@ -148,3 +148,26 @@ const char *nbd_cmd_lookup(uint16_t cmd)
 return "";
 }
 }
+
+
+const char *nbd_err_lookup(int err)
+{
+switch (err) {
+case NBD_SUCCESS:
+return "success";
+case NBD_EPERM:
+return "EPERM";
+case NBD_EIO:
+return "EIO";
+case NBD_ENOMEM:
+return "ENOMEM";
+case NBD_EINVAL:
+return "EINVAL";
+case NBD_ENOSPC:
+return "ENOSPC";
+case NBD_ESHUTDOWN:
+return "ESHUTDOWN";
+default:
+return "";
+}
+}
diff --git a/nbd/server.c b/nbd/server.c
index 3df3548d6d..459e00c553 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1227,7 +1227,8 @@ static int nbd_co_send_simple_reply(NBDClient *client,
 {.iov_base = data, .iov_len = len}
 };

-trace_nbd_co_send_simple_reply(handle, nbd_err, len);
+trace_nbd_co_send_simple_reply(handle, nbd_err, nbd_err_lookup(nbd_err),
+   len);
 set_be_simple_reply(&reply, nbd_err, handle);

 return nbd_co_send_iov(client, iov, len ? 2 : 1, errp);
diff --git a/nbd/trace-events b/nbd/trace-events
index e27614f050..920c8a0e5e 100644
--- a/nbd/trace-events
+++ b/nbd/trace-events
@@ -29,7 +29,7 @@ nbd_client_loop_ret(int ret, const char *error) "NBD loop 
returned %d: %s"
 nbd_client_clear_queue(void) "Clearing NBD queue"
 nbd_client_clear_socket(void) "Clearing NBD socket"
 nbd_send_request(uint64_t from, uint32_t len, uint64_t handle, uint16_t flags, 
uint16_t type, const char *name) "Sending request to server: { .from = %" 
PRIu64", .len = %" PRIu32 ", .handle = %" PRIu64 ", .flags = 0x%" PRIx16 ", 
.type = %" PRIu16 " (%s) }"
-nbd_receive_reply(uint32_t magic, int32_t error, uint64_t handle) "Got reply: 
{ magic = 0x%" PRIx32 ", .error = % " PRId32 ", handle = %" PRIu64" }"
+nbd_receive_reply(uint32_t magic, int32_t error, const char *errname, uint64_t 
handle) "Got reply: { magic = 0x%" PRIx32 ", .error = %" PRId32 " (%s), handle 
= %" PRIu64" }"

 # nbd/server.c
 nbd_negotiate_send_rep_len(uint32_t opt, const char *optname, uint32_t type, 
const char *typename, uint32_t len) "Reply opt=0x%" PRIx32 " (%s), type=0x%" 
PRIx32 " (%s), len=%" PRIu32
@@ -53,7 +53,7 @@ nbd_negotiate_success(void) "Negotiation succeeded"
 nbd_receive_request(uint32_t magic, uint16_t flags, uint16_t type, uint64_t 
from, uint32_t len) "Got request: { magic = 0x%" PRIx32 ", .flags = 0x%" PRIx16 
", .type = 0x%" PRIx16 ", from = %" PRIu64 ", len = %" PRIu32 " }"
 nbd_blk_aio_attached(const char *name, void *ctx) "Export %s: Attaching 
clients to AIO context %p\n"
 nbd_blk_aio_detach(const char *name, void *ctx) "Export %s: Detaching clients 
from AIO context %p\n"
-nbd_co_send_simple_reply(uint64_t handle, uint32_t error, int len) "Send 
simple reply: handle = %" PRIu64 ", error = %" PRIu32 

[Qemu-devel] [PATCH v6 07/12] nbd: Minimal structured read for server

[Eric Blake]

From: Vladimir Sementsov-Ogievskiy 

Minimal implementation of structured read: one structured reply chunk,
no segmentation.
Minimal structured error implementation: no text message.
Support DF flag, but just ignore it, as there is no segmentation any
way.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 

---
v6: only set structured_reply when replying with ack [Vladimir]
v5: correct DF flag spelling, include errname in trace, handle any bogus
payload from option
v4: better _DF flag handling, convert errno to wire format, add
comments and tracing, rework structured error for less churn when adding
text message later, don't kill connection on redundant client option
---
 nbd/server.c | 107 +--
 nbd/trace-events |   2 ++
 2 files changed, 99 insertions(+), 10 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index a98f5622c9..5d6d9a2ddd 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -100,6 +100,8 @@ struct NBDClient {
 QTAILQ_ENTRY(NBDClient) next;
 int nb_requests;
 bool closing;
+
+bool structured_reply;
 };

 /* That's all folks */
@@ -768,6 +770,23 @@ static int nbd_negotiate_options(NBDClient *client, 
uint16_t myflags,
  "TLS not configured");
 }
 break;
+
+case NBD_OPT_STRUCTURED_REPLY:
+if (length) {
+ret = nbd_reject_length(client, length, option, false,
+errp);
+} else if (client->structured_reply) {
+ret = nbd_negotiate_send_rep_err(
+client->ioc, NBD_REP_ERR_INVALID, option, errp,
+"structured reply already negotiated");
+} else {
+ret = nbd_negotiate_send_rep(client->ioc, NBD_REP_ACK,
+ option, errp);
+client->structured_reply = true;
+myflags |= NBD_FLAG_SEND_DF;
+}
+break;
+
 default:
 if (nbd_drop(client->ioc, length, errp) < 0) {
 return -EIO;
@@ -1242,6 +1261,60 @@ static int nbd_co_send_simple_reply(NBDClient *client,
 return nbd_co_send_iov(client, iov, len ? 2 : 1, errp);
 }

+static inline void set_be_chunk(NBDStructuredReplyChunk *chunk, uint16_t flags,
+uint16_t type, uint64_t handle, uint32_t 
length)
+{
+stl_be_p(&chunk->magic, NBD_STRUCTURED_REPLY_MAGIC);
+stw_be_p(&chunk->flags, flags);
+stw_be_p(&chunk->type, type);
+stq_be_p(&chunk->handle, handle);
+stl_be_p(&chunk->length, length);
+}
+
+static int coroutine_fn nbd_co_send_structured_read(NBDClient *client,
+uint64_t handle,
+uint64_t offset,
+void *data,
+size_t size,
+Error **errp)
+{
+NBDStructuredRead chunk;
+struct iovec iov[] = {
+{.iov_base = &chunk, .iov_len = sizeof(chunk)},
+{.iov_base = data, .iov_len = size}
+};
+
+trace_nbd_co_send_structured_read(handle, offset, data, size);
+set_be_chunk(&chunk.h, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_OFFSET_DATA,
+ handle, sizeof(chunk) - sizeof(chunk.h) + size);
+stq_be_p(&chunk.offset, offset);
+
+return nbd_co_send_iov(client, iov, 2, errp);
+}
+
+static int coroutine_fn nbd_co_send_structured_error(NBDClient *client,
+ uint64_t handle,
+ uint32_t error,
+ Error **errp)
+{
+NBDStructuredError chunk;
+int nbd_err = system_errno_to_nbd_errno(error);
+struct iovec iov[] = {
+{.iov_base = &chunk, .iov_len = sizeof(chunk)},
+/* FIXME: Support human-readable error message */
+};
+
+assert(nbd_err);
+trace_nbd_co_send_structured_error(handle, nbd_err,
+   nbd_err_lookup(nbd_err));
+set_be_chunk(&chunk.h, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_ERROR, handle,
+ sizeof(chunk) - sizeof(chunk.h));
+stl_be_p(&chunk.error, nbd_err);
+stw_be_p(&chunk.message_length, 0);
+
+return nbd_co_send_iov(client, iov, 1, errp);
+}
+
 /* nbd_co_receive_request
  * Collect a client request. Return 0 if request looks valid, -EIO to drop
  * connection right away, and any other negative value to report an error to
@@ -1252,6 +1325,7 @@ static int nbd_co_receive_request(NBDRequestData *req, 
NBDRequest *request,
   Error **errp)
 {
 NBDClient *client = req->client;
+int valid_flags;

   

[Qemu-devel] [PATCH v6 04/12] nbd/server: Report error for write to read-only export

[Eric Blake]

When the server is read-only, we were already reporting an error
message for NBD_CMD_WRITE_ZEROES, but failed to set errp for a
similar NBD_CMD_WRITE.  This will matter more once structured
replies allow the server to propagate the errp information back
to the client.  While at it, use an error message that makes a
bit more sense if viewed on the client side.

Note that when using qemu-io to test qemu-nbd behavior, it is
rather difficult to convince qemu-io to send protocol violations
(such as a read beyond bounds), because we have a lot of active
checking on the client side that a qemu-io request makes sense
before it ever goes over the wire to the server.  The case of a
client attempting a write when the server is started as
'qemu-nbd -r' is one of the few places where we can easily test
error path handling, without having to resort to hacking in known
temporary bugs to either the server or client.  [Maybe we want a
future patch to the client to do up-front checking on writes to a
read-only export, the way it does up-front bounds checking; but I
don't see anything in the NBD spec that points to a protocol
violation in our current behavior.]

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 

---
v6: add R-b
v5: new patch
---
 nbd/server.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nbd/server.c b/nbd/server.c
index efb6003364..05ff7470d5 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1381,6 +1381,7 @@ static coroutine_fn void nbd_trip(void *opaque)
 break;
 case NBD_CMD_WRITE:
 if (exp->nbdflags & NBD_FLAG_READ_ONLY) {
+error_setg(&local_err, "Export is read-only");
 ret = -EROFS;
 break;
 }
@@ -1398,7 +1399,7 @@ static coroutine_fn void nbd_trip(void *opaque)
 break;
 case NBD_CMD_WRITE_ZEROES:
 if (exp->nbdflags & NBD_FLAG_READ_ONLY) {
-error_setg(&local_err, "Server is read-only, return error");
+error_setg(&local_err, "Export is read-only");
 ret = -EROFS;
 break;
 }
-- 
2.13.6

[Qemu-devel] [PATCH v6 08/12] nbd/server: Include human-readable message in structured errors

[Eric Blake]

The NBD spec permits including a human-readable error string if
structured replies are in force, so we might as well send the
client the message that we logged on any error.

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 

---
v6: add R-b
v5: allow NULL msg, cast away const for ease of use [Vladimir]; send
correct length over the wire
---
 nbd/server.c | 20 +---
 nbd/trace-events |  2 +-
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/nbd/server.c b/nbd/server.c
index 5d6d9a2ddd..ea9fe9970f 100644
--- a/nbd/server.c
+++ b/nbd/server.c
@@ -1295,24 +1295,25 @@ static int coroutine_fn 
nbd_co_send_structured_read(NBDClient *client,
 static int coroutine_fn nbd_co_send_structured_error(NBDClient *client,
  uint64_t handle,
  uint32_t error,
+ const char *msg,
  Error **errp)
 {
 NBDStructuredError chunk;
 int nbd_err = system_errno_to_nbd_errno(error);
 struct iovec iov[] = {
 {.iov_base = &chunk, .iov_len = sizeof(chunk)},
-/* FIXME: Support human-readable error message */
+{.iov_base = (char *)msg, .iov_len = msg ? strlen(msg) : 0},
 };

 assert(nbd_err);
 trace_nbd_co_send_structured_error(handle, nbd_err,
-   nbd_err_lookup(nbd_err));
+   nbd_err_lookup(nbd_err), msg ? msg : 
"");
 set_be_chunk(&chunk.h, NBD_REPLY_FLAG_DONE, NBD_REPLY_TYPE_ERROR, handle,
- sizeof(chunk) - sizeof(chunk.h));
+ sizeof(chunk) - sizeof(chunk.h) + iov[1].iov_len);
 stl_be_p(&chunk.error, nbd_err);
-stw_be_p(&chunk.message_length, 0);
+stw_be_p(&chunk.message_length, iov[1].iov_len);

-return nbd_co_send_iov(client, iov, 1, errp);
+return nbd_co_send_iov(client, iov, 1 + !!iov[1].iov_len, errp);
 }

 /* nbd_co_receive_request
@@ -1413,6 +1414,7 @@ static coroutine_fn void nbd_trip(void *opaque)
 int flags;
 int reply_data_len = 0;
 Error *local_err = NULL;
+char *msg = NULL;

 trace_nbd_trip();
 if (client->closing) {
@@ -1529,14 +1531,17 @@ reply:
 if (local_err) {
 /* If we get here, local_err was not a fatal error, and should be sent
  * to the client. */
+assert(ret < 0);
+msg = g_strdup(error_get_pretty(local_err));
 error_report_err(local_err);
 local_err = NULL;
 }

-if (client->structured_reply && request.type == NBD_CMD_READ) {
+if (client->structured_reply &&
+(ret < 0 || request.type == NBD_CMD_READ)) {
 if (ret < 0) {
 ret = nbd_co_send_structured_error(req->client, request.handle,
-   -ret, &local_err);
+   -ret, msg, &local_err);
 } else {
 ret = nbd_co_send_structured_read(req->client, request.handle,
   request.from, req->data,
@@ -1547,6 +1552,7 @@ reply:
ret < 0 ? -ret : 0,
req->data, reply_data_len, &local_err);
 }
+g_free(msg);
 if (ret < 0) {
 error_prepend(&local_err, "Failed to send reply: ");
 goto disconnect;
diff --git a/nbd/trace-events b/nbd/trace-events
index 6894f8bbb4..52150bd738 100644
--- a/nbd/trace-events
+++ b/nbd/trace-events
@@ -57,7 +57,7 @@ nbd_blk_aio_attached(const char *name, void *ctx) "Export %s: 
Attaching clients
 nbd_blk_aio_detach(const char *name, void *ctx) "Export %s: Detaching clients 
from AIO context %p\n"
 nbd_co_send_simple_reply(uint64_t handle, uint32_t error, const char *errname, 
int len) "Send simple reply: handle = %" PRIu64 ", error = %" PRIu32 " (%s), 
len = %d"
 nbd_co_send_structured_read(uint64_t handle, uint64_t offset, void *data, 
size_t size) "Send structured read data reply: handle = %" PRIu64 ", offset = 
%" PRIu64 ", data = %p, len = %zu"
-nbd_co_send_structured_error(uint64_t handle, int err, const char *errname) 
"Send structured error reply: handle = %" PRIu64 ", error = %d (%s)"
+nbd_co_send_structured_error(uint64_t handle, int err, const char *errname, 
const char *msg) "Send structured error reply: handle = %" PRIu64 ", error = %d 
(%s), msg = '%s'"
 nbd_co_receive_request_decode_type(uint64_t handle, uint16_t type, const char 
*name) "Decoding type: handle = %" PRIu64 ", type = %" PRIu16 " (%s)"
 nbd_co_receive_request_payload_received(uint64_t handle, uint32_t len) 
"Payload received: handle = %" PRIu64 ", len = %" PRIu32
 nbd_co_receive_request_cmd_write(uint32_t len) "Reading %" PRIu32 " byte(s)"
-- 
2.13.6

[Qemu-devel] [PATCH v6 09/12] nbd/client: refactor nbd_receive_starttls

[Eric Blake]

From: Vladimir Sementsov-Ogievskiy 

Split out nbd_request_simple_option to be reused for structured reply
option.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 

---
v6: error message tweak [Vladimir]
v5: only check length for ACK responses
v4: reduce redundant traces, typo fix in commit message
---
 nbd/client.c | 70 ++--
 nbd/trace-events |  4 +---
 2 files changed, 49 insertions(+), 25 deletions(-)

diff --git a/nbd/client.c b/nbd/client.c
index 50f36b511e..9acf745b79 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -508,35 +508,61 @@ static int nbd_receive_query_exports(QIOChannel *ioc,
 }
 }

+/* nbd_request_simple_option: Send an option request, and parse the reply
+ * return 1 for successful negotiation,
+ *0 if operation is unsupported,
+ *-1 with errp set for any other error
+ */
+static int nbd_request_simple_option(QIOChannel *ioc, int opt, Error **errp)
+{
+nbd_opt_reply reply;
+int error;
+
+if (nbd_send_option_request(ioc, opt, 0, NULL, errp) < 0) {
+return -1;
+}
+
+if (nbd_receive_option_reply(ioc, opt, &reply, errp) < 0) {
+return -1;
+}
+error = nbd_handle_reply_err(ioc, &reply, errp);
+if (error <= 0) {
+return error;
+}
+
+if (reply.type != NBD_REP_ACK) {
+error_setg(errp, "Server answered option %d (%s) with unexpected "
+   "reply %" PRIx32 " (%s)", opt, nbd_opt_lookup(opt),
+   reply.type, nbd_rep_lookup(reply.type));
+nbd_send_opt_abort(ioc);
+return -1;
+}
+
+if (reply.length != 0) {
+error_setg(errp, "Option %d ('%s') response length is %" PRIu32
+   " (it should be zero)", opt, nbd_opt_lookup(opt),
+   reply.length);
+nbd_send_opt_abort(ioc);
+return -1;
+}
+
+return 1;
+}
+
 static QIOChannel *nbd_receive_starttls(QIOChannel *ioc,
 QCryptoTLSCreds *tlscreds,
 const char *hostname, Error **errp)
 {
-nbd_opt_reply reply;
+int ret;
 QIOChannelTLS *tioc;
 struct NBDTLSHandshakeData data = { 0 };

-trace_nbd_receive_starttls_request();
-if (nbd_send_option_request(ioc, NBD_OPT_STARTTLS, 0, NULL, errp) < 0) {
-return NULL;
-}
-
-trace_nbd_receive_starttls_reply();
-if (nbd_receive_option_reply(ioc, NBD_OPT_STARTTLS, &reply, errp) < 0) {
-return NULL;
-}
-
-if (reply.type != NBD_REP_ACK) {
-error_setg(errp, "Server rejected request to start TLS %" PRIx32,
-   reply.type);
-nbd_send_opt_abort(ioc);
-return NULL;
-}
-
-if (reply.length != 0) {
-error_setg(errp, "Start TLS response was not zero %" PRIu32,
-   reply.length);
-nbd_send_opt_abort(ioc);
+ret = nbd_request_simple_option(ioc, NBD_OPT_STARTTLS, errp);
+if (ret <= 0) {
+if (ret == 0) {
+error_setg(errp, "Server don't support STARTTLS option");
+nbd_send_opt_abort(ioc);
+}
 return NULL;
 }

diff --git a/nbd/trace-events b/nbd/trace-events
index 52150bd738..596df96575 100644
--- a/nbd/trace-events
+++ b/nbd/trace-events
@@ -8,9 +8,7 @@ nbd_opt_go_info_unknown(int info, const char *name) "Ignoring 
unknown info %d (%
 nbd_opt_go_info_block_size(uint32_t minimum, uint32_t preferred, uint32_t 
maximum) "Block sizes are 0x%" PRIx32 ", 0x%" PRIx32 ", 0x%" PRIx32
 nbd_receive_query_exports_start(const char *wantname) "Querying export list 
for '%s'"
 nbd_receive_query_exports_success(const char *wantname) "Found desired export 
name '%s'"
-nbd_receive_starttls_request(void) "Requesting TLS from server"
-nbd_receive_starttls_reply(void) "Getting TLS reply from server"
-nbd_receive_starttls_new_client(void) "TLS request approved, setting up TLS"
+nbd_receive_starttls_new_client(void) "Setting up TLS"
 nbd_receive_starttls_tls_handshake(void) "Starting TLS handshake"
 nbd_receive_negotiate(void *tlscreds, const char *hostname) "Receiving 
negotiation tlscreds=%p hostname=%s"
 nbd_receive_negotiate_magic(uint64_t magic) "Magic is 0x%" PRIx64
-- 
2.13.6

[Qemu-devel] [PATCH v6 10/12] nbd/client: prepare nbd_receive_reply for structured reply

[Eric Blake]

From: Vladimir Sementsov-Ogievskiy 

In following patch nbd_receive_reply will be used both for simple
and structured reply header receiving.
NBDReply is altered into union of simple reply header and structured
reply chunk header, simple error translation moved to block/nbd-client
to be consistent with further structured reply error translation.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 

---
v5: minor whitespace tweak
---
 include/block/nbd.h |  30 ---
 block/nbd-client.c  |   8 ++--
 nbd/client.c| 104 +---
 nbd/trace-events|   3 +-
 4 files changed, 113 insertions(+), 32 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index 225e9575e4..2ee1578420 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -57,12 +57,6 @@ struct NBDRequest {
 };
 typedef struct NBDRequest NBDRequest;

-struct NBDReply {
-uint64_t handle;
-uint32_t error;
-};
-typedef struct NBDReply NBDReply;
-
 typedef struct NBDSimpleReply {
 uint32_t magic;  /* NBD_SIMPLE_REPLY_MAGIC */
 uint32_t error;
@@ -78,6 +72,20 @@ typedef struct NBDStructuredReplyChunk {
 uint32_t length; /* length of payload */
 } QEMU_PACKED NBDStructuredReplyChunk;

+typedef union NBDReply {
+NBDSimpleReply simple;
+NBDStructuredReplyChunk structured;
+struct {
+/* @magic and @handle fields have the same offset and size both in
+ * simple reply and structured reply chunk, so let them be accessible
+ * without ".simple." or ".structured." specification
+ */
+uint32_t magic;
+uint32_t _skip;
+uint64_t handle;
+} QEMU_PACKED;
+} NBDReply;
+
 /* Header of NBD_REPLY_TYPE_OFFSET_DATA, complete NBD_REPLY_TYPE_OFFSET_HOLE */
 typedef struct NBDStructuredRead {
 NBDStructuredReplyChunk h;
@@ -256,4 +264,14 @@ void nbd_client_put(NBDClient *client);
 void nbd_server_start(SocketAddress *addr, const char *tls_creds,
   Error **errp);

+static inline bool nbd_reply_is_simple(NBDReply *reply)
+{
+return reply->magic == NBD_SIMPLE_REPLY_MAGIC;
+}
+
+static inline bool nbd_reply_is_structured(NBDReply *reply)
+{
+return reply->magic == NBD_STRUCTURED_REPLY_MAGIC;
+}
+
 #endif
diff --git a/block/nbd-client.c b/block/nbd-client.c
index c0683c3c83..58493b7ac4 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -92,7 +92,9 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
 i = HANDLE_TO_INDEX(s, s->reply.handle);
 if (i >= MAX_NBD_REQUESTS ||
 !s->requests[i].coroutine ||
-!s->requests[i].receiving) {
+!s->requests[i].receiving ||
+nbd_reply_is_structured(&s->reply))
+{
 break;
 }

@@ -194,8 +196,8 @@ static int nbd_co_receive_reply(NBDClientSession *s,
 ret = -EIO;
 } else {
 assert(s->reply.handle == handle);
-ret = -s->reply.error;
-if (qiov && s->reply.error == 0) {
+ret = -nbd_errno_to_system_errno(s->reply.simple.error);
+if (qiov && ret == 0) {
 if (qio_channel_readv_all(s->ioc, qiov->iov, qiov->niov,
   NULL) < 0) {
 ret = -EIO;
diff --git a/nbd/client.c b/nbd/client.c
index 9acf745b79..4f0745f601 100644
--- a/nbd/client.c
+++ b/nbd/client.c
@@ -908,6 +908,57 @@ int nbd_send_request(QIOChannel *ioc, NBDRequest *request)
 return nbd_write(ioc, buf, sizeof(buf), NULL);
 }

+/* nbd_receive_simple_reply
+ * Read simple reply except magic field (which should be already read).
+ * Payload is not read (payload is possible for CMD_READ, but here we even
+ * don't know whether it take place or not).
+ */
+static int nbd_receive_simple_reply(QIOChannel *ioc, NBDSimpleReply *reply,
+Error **errp)
+{
+int ret;
+
+assert(reply->magic == NBD_SIMPLE_REPLY_MAGIC);
+
+ret = nbd_read(ioc, (uint8_t *)reply + sizeof(reply->magic),
+   sizeof(*reply) - sizeof(reply->magic), errp);
+if (ret < 0) {
+return ret;
+}
+
+be32_to_cpus(&reply->error);
+be64_to_cpus(&reply->handle);
+
+return 0;
+}
+
+/* nbd_receive_structured_reply_chunk
+ * Read structured reply chunk except magic field (which should be already
+ * read).
+ * Payload is not read.
+ */
+static int nbd_receive_structured_reply_chunk(QIOChannel *ioc,
+  NBDStructuredReplyChunk *chunk,
+  Error **errp)
+{
+int ret;
+
+assert(chunk->magic == NBD_STRUCTURED_REPLY_MAGIC);
+
+ret = nbd_read(ioc, (uint8_t *)chunk + sizeof(chunk->magic),
+   sizeof(*chunk) - sizeof(chunk->magic), errp);
+if (ret < 0) {
+return ret;
+}
+
+be16_to_cpus(&chunk->flags);
+be16_to_cpus(&chunk->type);
+be64_to_cpus(&chunk->handle);
+be32_to_cpus(&chunk->l

[Qemu-devel] [PATCH v6 11/12] nbd: Move nbd_read() to common header

[Eric Blake]

An upcoming change to block/nbd-client.c will want to read the
tail of a structured reply chunk directly from the wire.  Move
this function to make it easier.

Based on a patch from Vladimir Sementsov-Ogievskiy.

Signed-off-by: Eric Blake 
Reviewed-by: Vladimir Sementsov-Ogievskiy 
---
 include/block/nbd.h | 10 ++
 nbd/nbd-internal.h  |  9 -
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/include/block/nbd.h b/include/block/nbd.h
index 2ee1578420..da6e305dd5 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -264,6 +264,16 @@ void nbd_client_put(NBDClient *client);
 void nbd_server_start(SocketAddress *addr, const char *tls_creds,
   Error **errp);

+
+/* nbd_read
+ * Reads @size bytes from @ioc. Returns 0 on success.
+ */
+static inline int nbd_read(QIOChannel *ioc, void *buffer, size_t size,
+   Error **errp)
+{
+return qio_channel_read_all(ioc, buffer, size, errp) < 0 ? -EIO : 0;
+}
+
 static inline bool nbd_reply_is_simple(NBDReply *reply)
 {
 return reply->magic == NBD_SIMPLE_REPLY_MAGIC;
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index 4f24d6e57d..b64eb1cc9b 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -82,15 +82,6 @@ static inline int nbd_read_eof(QIOChannel *ioc, void 
*buffer, size_t size,
 return ret;
 }

-/* nbd_read
- * Reads @size bytes from @ioc. Returns 0 on success.
- */
-static inline int nbd_read(QIOChannel *ioc, void *buffer, size_t size,
-   Error **errp)
-{
-return qio_channel_read_all(ioc, buffer, size, errp) < 0 ? -EIO : 0;
-}
-
 /* nbd_write
  * Writes @size bytes to @ioc. Returns 0 on success.
  */
-- 
2.13.6

[Qemu-devel] [PATCH v6 12/12] nbd: Minimal structured read for client

[Eric Blake]

From: Vladimir Sementsov-Ogievskiy 

Minimal implementation: for structured error only error_report error
message.

Note that test 83 is now more verbose, because the implementation
prints more warnings about unexpected communication errors; perhaps
future patches should tone things down by using trace messages
instead of traces, but the common case of successful communication
is no noisier than before.

Signed-off-by: Vladimir Sementsov-Ogievskiy 
Signed-off-by: Eric Blake 

---
v6: tweak overflow check [Vladimir], fix reads to use absolute offset
from server by tracking original offset, fix talking to old-style server,
tweak iotest 83 output to account for new verbosity
v5: fix payload_advance[32,64], return correct negative error on
structured error, rearrange size checks to not be vulnerable to
overflow, simplify payload to use g_new instead of qemu_memalign,
don't set errp when returning 0, validate that error message
length is sane
---
 block/nbd-client.h |   1 +
 include/block/nbd.h|  12 ++
 nbd/nbd-internal.h |   1 -
 block/nbd-client.c | 490 ++---
 nbd/client.c   |  12 ++
 tests/qemu-iotests/083.out |  15 ++
 6 files changed, 498 insertions(+), 33 deletions(-)

diff --git a/block/nbd-client.h b/block/nbd-client.h
index b435754b82..612c4c21a0 100644
--- a/block/nbd-client.h
+++ b/block/nbd-client.h
@@ -19,6 +19,7 @@

 typedef struct {
 Coroutine *coroutine;
+uint64_t offset;/* original offset of the request */
 bool receiving; /* waiting for read_reply_co? */
 } NBDClientRequest;

diff --git a/include/block/nbd.h b/include/block/nbd.h
index da6e305dd5..92d1723d7c 100644
--- a/include/block/nbd.h
+++ b/include/block/nbd.h
@@ -197,6 +197,11 @@ enum {
 #define NBD_REPLY_TYPE_ERROR NBD_REPLY_ERR(1)
 #define NBD_REPLY_TYPE_ERROR_OFFSET  NBD_REPLY_ERR(2)

+static inline bool nbd_reply_type_is_error(int type)
+{
+return type & (1 << 15);
+}
+
 /* NBD errors are based on errno numbers, so there is a 1:1 mapping,
  * but only a limited set of errno values is specified in the protocol.
  * Everything else is squashed to EINVAL.
@@ -214,6 +219,11 @@ enum {
 struct NBDExportInfo {
 /* Set by client before nbd_receive_negotiate() */
 bool request_sizes;
+
+/* In-out fields, set by client before nbd_receive_negotiate() and
+ * updated by server results during nbd_receive_negotiate() */
+bool structured_reply;
+
 /* Set by server results during nbd_receive_negotiate() */
 uint64_t size;
 uint16_t flags;
@@ -284,4 +294,6 @@ static inline bool nbd_reply_is_structured(NBDReply *reply)
 return reply->magic == NBD_STRUCTURED_REPLY_MAGIC;
 }

+const char *nbd_reply_type_lookup(uint16_t type);
+
 #endif
diff --git a/nbd/nbd-internal.h b/nbd/nbd-internal.h
index b64eb1cc9b..eeff78d3c9 100644
--- a/nbd/nbd-internal.h
+++ b/nbd/nbd-internal.h
@@ -104,7 +104,6 @@ const char *nbd_opt_lookup(uint32_t opt);
 const char *nbd_rep_lookup(uint32_t rep);
 const char *nbd_info_lookup(uint16_t info);
 const char *nbd_cmd_lookup(uint16_t info);
-const char *nbd_reply_type_lookup(uint16_t type);
 const char *nbd_err_lookup(int err);

 int nbd_drop(QIOChannel *ioc, size_t size, Error **errp);
diff --git a/block/nbd-client.c b/block/nbd-client.c
index 58493b7ac4..b44d4d4a01 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -93,7 +93,7 @@ static coroutine_fn void nbd_read_reply_entry(void *opaque)
 if (i >= MAX_NBD_REQUESTS ||
 !s->requests[i].coroutine ||
 !s->requests[i].receiving ||
-nbd_reply_is_structured(&s->reply))
+(nbd_reply_is_structured(&s->reply) && !s->info.structured_reply))
 {
 break;
 }
@@ -141,6 +141,7 @@ static int nbd_co_send_request(BlockDriverState *bs,
 assert(i < MAX_NBD_REQUESTS);

 s->requests[i].coroutine = qemu_coroutine_self();
+s->requests[i].offset = request->from;
 s->requests[i].receiving = false;

 request->handle = INDEX_TO_HANDLE(s, i);
@@ -181,75 +182,489 @@ err:
 return rc;
 }

-static int nbd_co_receive_reply(NBDClientSession *s,
-uint64_t handle,
-QEMUIOVector *qiov)
+static inline uint16_t payload_advance16(uint8_t **payload)
+{
+*payload += 2;
+return lduw_be_p(*payload - 2);
+}
+
+static inline uint32_t payload_advance32(uint8_t **payload)
+{
+*payload += 4;
+return ldl_be_p(*payload - 4);
+}
+
+static inline uint64_t payload_advance64(uint8_t **payload)
+{
+*payload += 8;
+return ldq_be_p(*payload - 8);
+}
+
+static int nbd_parse_offset_hole_payload(NBDStructuredReplyChunk *chunk,
+ uint8_t *payload, uint64_t 
orig_offset,
+ QEMUIOVector *qiov, Error **errp)
+{
+uint64_t offset;
+uint32_t hole_size;
+
+if (chunk->length != sizeof(offset) + sizeof(

[Qemu-devel] [RFC PATCH v6 13/12] tweak test 83 verbosity

[Eric Blake]

Commenting these two lines is enough to avoid the change to 083.out
in 12/12.  That is evidence that we may want these two lines to be
trace points rather than error messages; or maybe we really do like
the extra verbosity in the case of an unexpected communication break.

This patch does not meet coding guidelines, and I'm not proud enough
of it to give S-o-b, but I'm posting it for conversation.

---
 block/nbd-client.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/block/nbd-client.c b/block/nbd-client.c
index b44d4d4a01..e063b3fbc0 100644
--- a/block/nbd-client.c
+++ b/block/nbd-client.c
@@ -654,7 +654,8 @@ static int nbd_co_request(BlockDriverState *bs, NBDRequest 
*request,

 ret = nbd_co_receive_return_code(client, request->handle, &local_err);
 if (local_err) {
-error_report_err(local_err);
+assert(ret < 0);
+//error_report_err(local_err);
 }
 return ret;
 }
@@ -682,7 +683,7 @@ int nbd_client_co_preadv(BlockDriverState *bs, uint64_t 
offset,
 ret = nbd_co_receive_cmdread_reply(client, request.handle, offset, qiov,
&local_err);
 if (ret < 0) {
-error_report_err(local_err);
+//error_report_err(local_err);
 }
 return ret;
 }
-- 
2.13.6

Re: [Qemu-devel] [PATCH v6 00/12] nbd minimal structured read

[no-reply]

Hi,

This series failed build test on ppc host. Please find the details below.

Subject: [Qemu-devel] [PATCH v6 00/12] nbd minimal structured read
Message-id: 20171027104037.8319-1-ebl...@redhat.com
Type: series

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
INSTALL=$PWD/install
BUILD=$PWD/build
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --prefix=$INSTALL
make -j100
# XXX: we need reliable clean up
# make check -j100 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag] patchew/20171027104037.8319-1-ebl...@redhat.com -> 
patchew/20171027104037.8319-1-ebl...@redhat.com
Submodule 'dtc' (git://git.qemu-project.org/dtc.git) registered for path 'dtc'
Submodule 'pixman' (git://anongit.freedesktop.org/pixman) registered for path 
'pixman'
Submodule 'roms/SLOF' (git://git.qemu-project.org/SLOF.git) registered for path 
'roms/SLOF'
Submodule 'roms/ipxe' (git://git.qemu-project.org/ipxe.git) registered for path 
'roms/ipxe'
Submodule 'roms/openbios' (git://git.qemu-project.org/openbios.git) registered 
for path 'roms/openbios'
Submodule 'roms/openhackware' (git://git.qemu-project.org/openhackware.git) 
registered for path 'roms/openhackware'
Submodule 'roms/qemu-palcode' (git://github.com/rth7680/qemu-palcode.git) 
registered for path 'roms/qemu-palcode'
Submodule 'roms/seabios' (git://git.qemu-project.org/seabios.git/) registered 
for path 'roms/seabios'
Submodule 'roms/sgabios' (git://git.qemu-project.org/sgabios.git) registered 
for path 'roms/sgabios'
Submodule 'roms/u-boot' (git://git.qemu-project.org/u-boot.git) registered for 
path 'roms/u-boot'
Submodule 'roms/vgabios' (git://git.qemu-project.org/vgabios.git/) registered 
for path 'roms/vgabios'
Cloning into 'dtc'...
Submodule path 'dtc': checked out '65cc4d2748a2c2e6f27f1cf39e07a5dbabd80ebf'
Cloning into 'pixman'...
Submodule path 'pixman': checked out '87eea99e443b389c978cf37efc52788bf03a0ee0'
Cloning into 'roms/SLOF'...
Submodule path 'roms/SLOF': checked out 
'e3d05727a074619fc12d0a67f05cf2c42c875cce'
Cloning into 'roms/ipxe'...
Submodule path 'roms/ipxe': checked out 
'04186319181298083ef28695a8309028b26fe83c'
Cloning into 'roms/openbios'...
Submodule path 'roms/openbios': checked out 
'e79bca64838c96ec44fd7acd508879c5284233dd'
Cloning into 'roms/openhackware'...
Submodule path 'roms/openhackware': checked out 
'c559da7c8eec5e45ef1f67978827af6f0b9546f5'
Cloning into 'roms/qemu-palcode'...
Submodule path 'roms/qemu-palcode': checked out 
'c87a92639b28ac42bc8f6c67443543b405dc479b'
Cloning into 'roms/seabios'...
Submodule path 'roms/seabios': checked out 
'e2fc41e24ee0ada60fc511d60b15a41b294538be'
Cloning into 'roms/sgabios'...
Submodule path 'roms/sgabios': checked out 
'23d474943dcd55d0550a3d20b3d30e9040a4f15b'
Cloning into 'roms/u-boot'...
Submodule path 'roms/u-boot': checked out 
'2072e7262965bb48d7fffb1e283101e6ed8b21a8'
Cloning into 'roms/vgabios'...
Submodule path 'roms/vgabios': checked out 
'19ea12c230ded95928ecaef0db47a82231c2e485'
warning: unable to rmdir pixman: Directory not empty
Switched to a new branch 'test'
M   dtc
M   roms/SLOF
M   roms/ipxe
M   roms/openbios
M   roms/qemu-palcode
M   roms/seabios
M   roms/sgabios
M   roms/u-boot
2db5103 nbd: Minimal structured read for client
b4b60f2 nbd: Move nbd_read() to common header
144e91a nbd/client: prepare nbd_receive_reply for structured reply
cc49fd9 nbd/client: refactor nbd_receive_starttls
8393b4d nbd/server: Include human-readable message in structured errors
3580480 nbd: Minimal structured read for server
95a6582 nbd/server: Refactor zero-length option check
dec3784 nbd/server: Simplify nbd_negotiate_options loop
e0373ae nbd/server: Report error for write to read-only export
471cbd8 nbd: Expose constants and structs for structured read
3e9642e nbd: Move nbd_errno_to_system_errno() to public header
7b85388 nbd: Include error names in trace messages

=== OUTPUT BEGIN ===
=== ENV ===
XDG_SESSION_ID=1757
SHELL=/bin/sh
USER=patchew
PATCHEW=/home/patchew/patchew/patchew-cli -s http://patchew.org --nodebug
PATH=/usr/bin:/bin
PWD=/var/tmp/patchew-tester-tmp-xb4sc6ly/src
LANG=en_US.UTF-8
HOME=/home/patchew
SHLVL=2
LOGNAME=patchew
XDG_RUNTIME_DIR=/run/user/1000
_=/usr/bin/env
=== PACKAGES ===
plymouth-core-libs-0.8.9-0.28.20140113.el7.centos.ppc64le
vim-common-7.4.160-2.el7.ppc64le
perl-Test-Simple-0.98-243.el7.noarch
hplip-common-3.15.9-3.el7.ppc64le
valgrind-3.12.0-8.el7.ppc64le
gamin-0.1.10-16.el7.ppc64le
libpeas-loader-python-1.20.0-1.el7.ppc64le
telepathy-filesystem-0.0.2-6.el7.noarch
colord-libs-1.3.4-1.el7.ppc64le
kbd-legacy-1.15.5-13.el7.noarch
perl-CPAN-Meta-YAML-0.008-14.el7.noarch
libvirt-daemon-driver-nwfilter-3.2.0-

[Qemu-devel] [Bug 568445] Re: LVM backed drives should default to cache='none'

[Bug Watch Updater]

Launchpad has imported 5 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=623188.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2010-08-11T14:43:39+00:00 Jamin wrote:

Description of problem:
Defaults to using cache with an LVM backed storage.  The use of caching with 
raw partitions (LVM) results in significantly lower performance than no cache 
at all.

How reproducible:
Always

Steps to Reproduce:
1. Create a new VM using LVM backed storage
  
Actual results:
Cache is enabled for the VM's disks residing within LVM.

Expected results:
Cache should be disabled for disks residing within LVM.

Additional info:
http://www.linux-kvm.org/page/Tuning_KVM

Specifically:

QEMU also supports a wide variety of caching modes. Writeback is useful
for testing but does not offer storage guarantees. Writethrough (the
default) is safer, and relies on the host cache. If you're using raw
volumes or partitions, it is best to avoid the cache completely, which
reduces data copies and bus traffic:

 qemu -drive file=/dev/mapper/ImagesVolumeGroup-
Guest1,cache=none,if=virtio

This has also been reported with Ubuntu at:
https://bugs.launchpad.net/ubuntu/+source/virt-manager/+bug/568445

Reply at: https://bugs.launchpad.net/ubuntu/+source/virt-
manager/+bug/568445/comments/12


On 2010-08-11T16:12:46+00:00 Daniel wrote:

Choice of caching mode is a policy decision. These belong in virt-
manager or other apps using libvirt.

Reply at: https://bugs.launchpad.net/ubuntu/+source/virt-
manager/+bug/568445/comments/13


On 2010-08-11T17:01:21+00:00 Jamin wrote:

AFAIK, this is the place to post feature requests for virt-manager, at
least this is where their website directed me.  Intentionally selecting
a default mode that results in very poor performance (about 1/5 less)
when the upstream for the virtualization engine (qemu/kvm) clearly
indicates that another mode is preferable is (IMHO) a bad choice.
Furthermore, from what I can tell, virt-manager doesn't appear to
provide any means of changing or overriding the default.  A user must
instead manually edit the server's XML definition of the VM in question.

Reply at: https://bugs.launchpad.net/ubuntu/+source/virt-
manager/+bug/568445/comments/14


On 2010-08-16T15:38:49+00:00 Jamin wrote:

Reopening against virt-manager as recommended on mailing list.

Reply at: https://bugs.launchpad.net/ubuntu/+source/virt-
manager/+bug/568445/comments/18


On 2013-10-02T20:12:51+00:00 Cole wrote:

Fixed upstream now

Reply at: https://bugs.launchpad.net/ubuntu/+source/virt-
manager/+bug/568445/comments/20


** Changed in: virt-manager
   Status: Unknown => Won't Fix

** Changed in: virt-manager
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/568445

Title:
  LVM backed drives should default to cache='none'

Status in QEMU:
  Invalid
Status in virt-manager:
  Won't Fix
Status in virt-manager package in Ubuntu:
  Triaged

Bug description:
  Binary package hint: virt-manager

  KVM guests using LVM backed drives appear to experience fairly high
  iowait times on the host system if the guest has even a moderate
  amount of disk I/O.  This translates to poor performance for the host
  and all guests running on the host, and appears to be due to caching
  as KVM defaults to using writethrough caching when nothing is
  specified.  Explicitly disabling KVM's caching appears to result in
  significantly better host and guest performance.

  This is recommended in at least a few places:
  http://www.mail-archive.com/libvir-list@redhat.com/msg17492.html
  http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/48471
  http://www.mail-archive.com/kvm@vger.kernel.org/msg30425.html
  http://virt.kernelnewbies.org/XenVsKVM

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/568445/+subscriptions

[Qemu-devel] [Bug 1719196] Re: [arm64 ocata] newly created instances are unable to raise network interfaces

[ChristianEhrhardt]

Ok, Zesty actually had an override for the arm test (had to learn the placement 
of those for SRUs).
So only up to the verification now.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1719196

Title:
  [arm64 ocata] newly created instances are unable to raise network
  interfaces

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Triaged
Status in libvirt:
  New
Status in QEMU:
  Fix Released
Status in libvirt package in Ubuntu:
  Invalid
Status in qemu package in Ubuntu:
  Fix Released
Status in qemu source package in Zesty:
  Fix Committed

Bug description:
  [Impact]

   * A change in qemu 2.8 (83d768b virtio: set ISR on dataplane 
 notifications) broke virtio handling on platforms without a 
 controller. Those encounter flaky networking due to missed IRQs

   * Fix is a backport of the upstream fix b4b9862b: virtio: Fix no 
 interrupt when not creating msi controller

  [Test Case]

   * On Arm with Zesty (or Ocata) run a guest without PCI based devices

   * Example in e.g. c#23

   * Without the fix the networking does not work reliably (as it losses 
 IRQs), with the fix it works fine.

  [Regression Potential]

   * Changing the IRQ handling of virtio could affect virtio in general.
 But when reviwing the patch you'll see that it is small and actually 
 only changes to enable IRQ on one more place. That could cause more 
 IRQs than needed in the worst case, but those are usually not 
 breaking but only slowing things down. Also this fix is upstream 
 quite a while, increasing confidence.

  [Other Info]
   
   * There is currently 1720397 in flight in the SRU queue, so acceptance 
 of this upload has to wait until that completes.

  ---

  arm64 Ocata ,

  I'm testing to see I can get Ocata running on arm64 and using the
  openstack-base bundle to deploy it.  I have added the bundle to the
  log file attached to this bug.

  When I create a new instance via nova, the VM comes up and runs,
  however fails to raise its eth0 interface. This occurs on both
  internal and external networks.

  ubuntu@openstackaw:~$ nova list
  
+--+-+++-++
  | ID   | Name| Status | Task State | 
Power State | Networks   |
  
+--+-+++-++
  | dcaf6d51-f81e-4cbd-ac77-0c5d21bde57c | sfeole1 | ACTIVE | -  | 
Running | internal=10.5.5.3  |
  | aa0b8aee-5650-41f4-8fa0-aeccdc763425 | sfeole2 | ACTIVE | -  | 
Running | internal=10.5.5.13 |
  
+--+-+++-++
  ubuntu@openstackaw:~$ nova show aa0b8aee-5650-41f4-8fa0-aeccdc763425
  
+--+--+
  | Property | Value
|
  
+--+--+
  | OS-DCF:diskConfig| MANUAL   
|
  | OS-EXT-AZ:availability_zone  | nova 
|
  | OS-EXT-SRV-ATTR:host | awrep3   
|
  | OS-EXT-SRV-ATTR:hypervisor_hostname  | awrep3.maas  
|
  | OS-EXT-SRV-ATTR:instance_name| instance-0003
|
  | OS-EXT-STS:power_state   | 1
|
  | OS-EXT-STS:task_state| -
|
  | OS-EXT-STS:vm_state  | active   
|
  | OS-SRV-USG:launched_at   | 2017-09-24T14:23:08.00   
|
  | OS-SRV-USG:terminated_at | -
|
  | accessIPv4   |  
|
  | accessIPv6   |  
|
  | config_drive |  
|
  | created  | 2017-09-24T14:22:41Z 
|
  | flavor   | m1.small 
(717660ae-0440-4b19-a762-ffeb32a0575c)  |
  | hostId   | 
5612a00671c47255d2ebd6737a64ec9bd3a5866d1233ecf3e988b025 |
  | id   | aa0b8aee-5650-41

Re: [Qemu-devel] [PATCH v4 13/13] xlnx-zcu102: Add support for the ZynqMP QSPI

[Alistair Francis]

On Fri, Oct 27, 2017 at 11:17 AM, francisco iglesias
 wrote:
> Dear alistair,
>
> Thank you for the review comments! I will update according them in the next
> version of the patch series! About your question, I might have misunderstod,
> but isn't the alias "qspi"? (s/"qspi{0,1}"  ->  s->qspi/"spi{0,1}")

Ah! Now I think I understand. The buses on the QSPI device are still
labeled "spi", is that correct?

Alistair

>
> Best regards,
> Francisco Iglesias
>
> On 27 Oct 2017 10:49, "Alistair Francis"  wrote:
>>
>> On Fri, Oct 27, 2017 at 7:56 AM, Francisco Iglesias
>>  wrote:
>> > Add support for the ZynqMP QSPI (consisting of the Generic QSPI and
>> > Legacy
>> > QSPI) and connect Numonyx n25q512a11 flashes to it.
>> >
>> > Signed-off-by: Francisco Iglesias 
>> > ---
>> >  hw/arm/xlnx-zcu102.c | 23 +++
>> >  hw/arm/xlnx-zynqmp.c | 24 
>> >  include/hw/arm/xlnx-zynqmp.h |  5 +
>> >  3 files changed, 52 insertions(+)
>> >
>> > diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c
>> > index 519a16e..7d61972 100644
>> > --- a/hw/arm/xlnx-zcu102.c
>> > +++ b/hw/arm/xlnx-zcu102.c
>> > @@ -150,6 +150,29 @@ static void xlnx_zynqmp_init(XlnxZCU102 *s,
>> > MachineState *machine)
>> >  sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.spi[i]), 1, cs_line);
>> >  }
>> >
>> > +for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_FLASH; i++) {
>> > +SSIBus *spi_bus;
>> > +DeviceState *flash_dev;
>> > +qemu_irq cs_line;
>> > +DriveInfo *dinfo = drive_get_next(IF_MTD);
>> > +int bus = i / XLNX_ZYNQMP_NUM_QSPI_BUS_CS;
>> > +gchar *bus_name = g_strdup_printf("qspi%d", bus);
>> > +
>> > +spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(&s->soc),
>> > bus_name);
>> > +g_free(bus_name);
>> > +
>> > +flash_dev = ssi_create_slave_no_init(spi_bus, "n25q512a11");
>> > +if (dinfo) {
>> > +qdev_prop_set_drive(flash_dev, "drive",
>> > blk_by_legacy_dinfo(dinfo),
>> > +&error_fatal);
>> > +}
>> > +qdev_init_nofail(flash_dev);
>> > +
>> > +cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0);
>> > +
>> > +sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.qspi), i + 1,
>> > cs_line);
>> > +}
>> > +
>> >  /* TODO create and connect IDE devices for ide_drive_get() */
>> >
>> >  xlnx_zcu102_binfo.ram_size = ram_size;
>> > diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
>> > index d4b6560..f7c8b4b 100644
>> > --- a/hw/arm/xlnx-zynqmp.c
>> > +++ b/hw/arm/xlnx-zynqmp.c
>> > @@ -40,6 +40,10 @@
>> >  #define SATA_ADDR   0xFD0C
>> >  #define SATA_NUM_PORTS  2
>> >
>> > +#define QSPI_ADDR   0xff0f
>> > +#define LQSPI_ADDR  0xc000
>> > +#define QSPI_IRQ15
>> > +
>> >  #define DP_ADDR 0xfd4a
>> >  #define DP_IRQ  113
>> >
>> > @@ -169,6 +173,9 @@ static void xlnx_zynqmp_init(Object *obj)
>> >  qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default());
>> >  }
>> >
>> > +object_initialize(&s->qspi, sizeof(s->qspi),
>> > TYPE_XLNX_ZYNQMP_QSPIPS);
>> > +qdev_set_parent_bus(DEVICE(&s->qspi), sysbus_get_default());
>> > +
>> >  object_initialize(&s->dp, sizeof(s->dp), TYPE_XLNX_DP);
>> >  qdev_set_parent_bus(DEVICE(&s->dp), sysbus_get_default());
>> >
>> > @@ -405,6 +412,23 @@ static void xlnx_zynqmp_realize(DeviceState *dev,
>> > Error **errp)
>> >  g_free(bus_name);
>> >  }
>> >
>> > +object_property_set_bool(OBJECT(&s->qspi), true, "realized", &err);
>> > +sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 0, QSPI_ADDR);
>> > +sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 1, LQSPI_ADDR);
>> > +sysbus_connect_irq(SYS_BUS_DEVICE(&s->qspi), 0, gic_spi[QSPI_IRQ]);
>>
>> New line here
>>
>> > +for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_BUS; i++) {
>> > +gchar *bus_name;
>> > +gchar *target_bus;
>>
>> New line here
>>
>> > +/* Alias controller SPI bus to the SoC itself */
>> > +bus_name = g_strdup_printf("qspi%d", i);
>> > +target_bus = g_strdup_printf("spi%d", i);
>> > +object_property_add_alias(OBJECT(s), bus_name,
>> > +  OBJECT(&s->qspi), target_bus,
>>
>> Why do we alias qspi to spi?
>>
>> Alistair
>>
>> > +  &error_abort);
>> > +g_free(bus_name);
>> > +g_free(target_bus);
>> > +}
>> > +
>> >  object_property_set_bool(OBJECT(&s->dp), true, "realized", &err);
>> >  if (err) {
>> >  error_propagate(errp, err);
>> > diff --git a/include/hw/arm/xlnx-zynqmp.h b/include/hw/arm/xlnx-zynqmp.h
>> > index 6eff81a..3e6fb9b 100644
>> > --- a/include/hw/arm/xlnx-zynqmp.h
>> > +++ b/include/hw/arm/xlnx-zynqmp.h
>> > @@ -40,6 +40,10 @@
>> >  #define XLNX_ZYNQMP_NUM_SDHCI 2
>> >  #define XLNX_ZYNQMP_NUM_SPIS 2
>> >
>> > +#define XLNX_ZYNQMP_NUM_QSPI_BUS 2
>> > +#define X

Re: [Qemu-devel] [PATCH 3/4] block/parallels: Don't update header until the first actual write

[Denis V. Lunev]

On 10/27/2017 10:57 AM, Jeff Cody wrote:
> The on disk image format 'inuse' header field is updated blindly if the
> image is opened RDWR.  This can cause problems if the QEMU runstate is
> set to INMIGRATE, at which point the underlying file is set to INACTIVE.
> This causes an assert in bdrv_co_pwritev().
>
> Do something similar to what is done in VHDX; latch the first write, and
> update the header the first time we modify the file.
>
> Signed-off-by: Jeff Cody 
> ---
>  block/parallels.c | 25 -
>  1 file changed, 20 insertions(+), 5 deletions(-)
>
> diff --git a/block/parallels.c b/block/parallels.c
> index fed199eccd..c560e2fcf2 100644
> --- a/block/parallels.c
> +++ b/block/parallels.c
> @@ -100,6 +100,8 @@ typedef struct BDRVParallelsState {
>  unsigned int tracks;
>  
>  unsigned int off_multiplier;
> +
> +bool first_write_latch;
>  } BDRVParallelsState;
>  
>  
> @@ -317,6 +319,16 @@ static coroutine_fn int 
> parallels_co_writev(BlockDriverState *bs,
>  QEMUIOVector hd_qiov;
>  int ret = 0;
>  
> +if (s->first_write_latch) {
> +s->first_write_latch = false;
> +qemu_co_mutex_lock(&s->lock);
> +ret = parallels_update_header(bs);
> +qemu_co_mutex_unlock(&s->lock);
> +}
> +if (ret < 0) {
> +return ret;
> +}
> +
>  qemu_iovec_init(&hd_qiov, qiov->niov);
>  
>  while (nb_sectors > 0) {
> @@ -416,6 +428,9 @@ static int parallels_check(BlockDriverState *bs, 
> BdrvCheckResult *res,
>  /* parallels_close will do the job right */
>  res->corruptions_fixed++;
>  s->header_unclean = false;
> +/* set that a write has occurred, so that parallels_close() will
> + * update the inuse field in the header */
> +s->first_write_latch = false;
>  }
>  }
>  
> @@ -597,6 +612,8 @@ static int parallels_open(BlockDriverState *bs, QDict 
> *options, int flags,
>  Error *local_err = NULL;
>  char *buf;
>  
> +s->first_write_latch = true;
> +
>  bs->file = bdrv_open_child(NULL, options, "file", bs, &child_file,
> false, errp);
>  if (!bs->file) {
> @@ -710,10 +727,6 @@ static int parallels_open(BlockDriverState *bs, QDict 
> *options, int flags,
>  
>  if (flags & BDRV_O_RDWR) {
>  s->header->inuse = cpu_to_le32(HEADER_INUSE_MAGIC);
> -ret = parallels_update_header(bs);
> -if (ret < 0) {
> -goto fail;
> -}
>  }
>  
>  s->bat_dirty_block = 4 * getpagesize();
> @@ -741,7 +754,9 @@ static void parallels_close(BlockDriverState *bs)
>  {
>  BDRVParallelsState *s = bs->opaque;
>  
> -if (bs->open_flags & BDRV_O_RDWR) {
> +/* Only need to update the header, if we ever actually wrote to the
> + * image at all */
> +if ((bs->open_flags & BDRV_O_RDWR) && !s->first_write_latch) {
>  s->header->inuse = 0;
>  parallels_update_header(bs);
>  }
Reviewed-by: Denis V. Lunev 

[Qemu-devel] [PATCHv2 2/4] sparc32_dma: switch over to using IOMMU memory region and DMA API

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
---
 hw/dma/sparc32_dma.c |   17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/hw/dma/sparc32_dma.c b/hw/dma/sparc32_dma.c
index 7d00f1a..01afb75 100644
--- a/hw/dma/sparc32_dma.c
+++ b/hw/dma/sparc32_dma.c
@@ -30,6 +30,7 @@
 #include "hw/sparc/sparc32_dma.h"
 #include "hw/sparc/sun4m.h"
 #include "hw/sysbus.h"
+#include "sysemu/dma.h"
 #include "qapi/error.h"
 #include "trace.h"
 
@@ -71,16 +72,17 @@ void ledma_memory_read(void *opaque, hwaddr addr,
uint8_t *buf, int len, int do_bswap)
 {
 DMADeviceState *s = opaque;
+IOMMUState *is = (IOMMUState *)s->iommu;
 int i;
 
 addr |= s->dmaregs[3];
 trace_ledma_memory_read(addr, len);
 if (do_bswap) {
-sparc_iommu_memory_read(s->iommu, addr, buf, len);
+dma_memory_read(&is->iommu_as, addr, buf, len);
 } else {
 addr &= ~1;
 len &= ~1;
-sparc_iommu_memory_read(s->iommu, addr, buf, len);
+dma_memory_read(&is->iommu_as, addr, buf, len);
 for(i = 0; i < len; i += 2) {
 bswap16s((uint16_t *)(buf + i));
 }
@@ -91,13 +93,14 @@ void ledma_memory_write(void *opaque, hwaddr addr,
 uint8_t *buf, int len, int do_bswap)
 {
 DMADeviceState *s = opaque;
+IOMMUState *is = (IOMMUState *)s->iommu;
 int l, i;
 uint16_t tmp_buf[32];
 
 addr |= s->dmaregs[3];
 trace_ledma_memory_write(addr, len);
 if (do_bswap) {
-sparc_iommu_memory_write(s->iommu, addr, buf, len);
+dma_memory_write(&is->iommu_as, addr, buf, len);
 } else {
 addr &= ~1;
 len &= ~1;
@@ -108,7 +111,7 @@ void ledma_memory_write(void *opaque, hwaddr addr,
 for(i = 0; i < l; i += 2) {
 tmp_buf[i >> 1] = bswap16(*(uint16_t *)(buf + i));
 }
-sparc_iommu_memory_write(s->iommu, addr, (uint8_t *)tmp_buf, l);
+dma_memory_write(&is->iommu_as, addr, tmp_buf, l);
 len -= l;
 buf += l;
 addr += l;
@@ -139,18 +142,20 @@ static void dma_set_irq(void *opaque, int irq, int level)
 void espdma_memory_read(void *opaque, uint8_t *buf, int len)
 {
 DMADeviceState *s = opaque;
+IOMMUState *is = (IOMMUState *)s->iommu;
 
 trace_espdma_memory_read(s->dmaregs[1], len);
-sparc_iommu_memory_read(s->iommu, s->dmaregs[1], buf, len);
+dma_memory_read(&is->iommu_as, s->dmaregs[1], buf, len);
 s->dmaregs[1] += len;
 }
 
 void espdma_memory_write(void *opaque, uint8_t *buf, int len)
 {
 DMADeviceState *s = opaque;
+IOMMUState *is = (IOMMUState *)s->iommu;
 
 trace_espdma_memory_write(s->dmaregs[1], len);
-sparc_iommu_memory_write(s->iommu, s->dmaregs[1], buf, len);
+dma_memory_write(&is->iommu_as, s->dmaregs[1], buf, len);
 s->dmaregs[1] += len;
 }
 
-- 
1.7.10.4

[Qemu-devel] [PATCHv2 1/4] sun4m: implement IOMMU translation using IOMMU memory region

[Mark Cave-Ayland]

Signed-off-by: Mark Cave-Ayland 
---
 hw/dma/sun4m_iommu.c |   62 ++
 include/hw/sparc/sun4m.h |5 
 2 files changed, 67 insertions(+)

diff --git a/hw/dma/sun4m_iommu.c b/hw/dma/sun4m_iommu.c
index 840064b..ce21a22 100644
--- a/hw/dma/sun4m_iommu.c
+++ b/hw/dma/sun4m_iommu.c
@@ -278,6 +278,49 @@ static void iommu_bad_addr(IOMMUState *s, hwaddr addr,
 qemu_irq_raise(s->irq);
 }
 
+/* Called from RCU critical section */
+static IOMMUTLBEntry sun4m_translate_iommu(IOMMUMemoryRegion *iommu,
+   hwaddr addr,
+   IOMMUAccessFlags flags)
+{
+IOMMUState *is = container_of(iommu, IOMMUState, iommu);
+hwaddr page, pa;
+int is_write = (flags & IOMMU_WO) ? 1 : 0;
+uint32_t pte;
+IOMMUTLBEntry ret = {
+.target_as = &address_space_memory,
+.iova = 0,
+.translated_addr = 0,
+.addr_mask = ~(hwaddr)0,
+.perm = IOMMU_NONE,
+};
+
+page = addr & IOMMU_PAGE_MASK;
+pte = iommu_page_get_flags(is, page);
+if (!(pte & IOPTE_VALID)) {
+iommu_bad_addr(is, page, is_write);
+return ret;
+}
+
+pa = iommu_translate_pa(addr, pte);
+if (is_write && !(pte & IOPTE_WRITE)) {
+iommu_bad_addr(is, page, is_write);
+return ret;
+}
+
+if (pte & IOPTE_WRITE) {
+ret.perm = IOMMU_RW;
+} else {
+ret.perm = IOMMU_RO;
+}
+
+ret.iova = page;
+ret.translated_addr = pa;
+ret.addr_mask = ~IOMMU_PAGE_MASK;
+
+return ret;
+}
+
 void sparc_iommu_memory_rw(void *opaque, hwaddr addr,
uint8_t *buf, int len, int is_write)
 {
@@ -340,6 +383,11 @@ static void iommu_init(Object *obj)
 IOMMUState *s = SUN4M_IOMMU(obj);
 SysBusDevice *dev = SYS_BUS_DEVICE(obj);
 
+memory_region_init_iommu(&s->iommu, sizeof(s->iommu),
+ TYPE_SUN4M_IOMMU_MEMORY_REGION, OBJECT(dev),
+ "iommu-sun4m", UINT64_MAX);
+address_space_init(&s->iommu_as, MEMORY_REGION(&s->iommu), "iommu-as");
+
 sysbus_init_irq(dev, &s->irq);
 
 memory_region_init_io(&s->iomem, obj, &iommu_mem_ops, s, "iommu",
@@ -369,9 +417,23 @@ static const TypeInfo iommu_info = {
 .class_init= iommu_class_init,
 };
 
+static void sun4m_iommu_memory_region_class_init(ObjectClass *klass, void 
*data)
+{
+IOMMUMemoryRegionClass *imrc = IOMMU_MEMORY_REGION_CLASS(klass);
+
+imrc->translate = sun4m_translate_iommu;
+}
+
+static const TypeInfo sun4m_iommu_memory_region_info = {
+.parent = TYPE_IOMMU_MEMORY_REGION,
+.name = TYPE_SUN4M_IOMMU_MEMORY_REGION,
+.class_init = sun4m_iommu_memory_region_class_init,
+};
+
 static void iommu_register_types(void)
 {
 type_register_static(&iommu_info);
+type_register_static(&sun4m_iommu_memory_region_info);
 }
 
 type_init(iommu_register_types)
diff --git a/include/hw/sparc/sun4m.h b/include/hw/sparc/sun4m.h
index 1f1cf91..6e21e10 100644
--- a/include/hw/sparc/sun4m.h
+++ b/include/hw/sparc/sun4m.h
@@ -12,11 +12,16 @@
 #define TYPE_SUN4M_IOMMU "iommu"
 #define SUN4M_IOMMU(obj) OBJECT_CHECK(IOMMUState, (obj), TYPE_SUN4M_IOMMU)
 
+#define TYPE_SUN4M_IOMMU_MEMORY_REGION "sun4m-iommu-memory-region"
+
 #define IOMMU_NREGS (4 * 4096 / 4)
 
 typedef struct IOMMUState {
 SysBusDevice parent_obj;
 
+AddressSpace iommu_as;
+IOMMUMemoryRegion iommu;
+
 MemoryRegion iomem;
 uint32_t regs[IOMMU_NREGS];
 hwaddr iostart;
-- 
1.7.10.4

[Qemu-devel] [PATCHv2 0/4] sun4m: implement memory region IOMMU translation and DMA API

[Mark Cave-Ayland]

The original sun4m IOMMU/DMA code dates from before the introduction of the QEMU
memory region API (in particular IOMMU memory regions) and the DMA API.

This patchset removes these sun4m-specific implementations and replaces them 
with
the more up-to-date QEMU APIs instead.

Signed-off-by: Mark Cave-Ayland 
Based-on: 1508947167-5304-1-git-send-email-mark.cave-ayl...@ilande.co.uk 
([PATCHv4 00/13] sun4m: sparc32_dma tidy-ups)

v2:
- Rebase onto v4 sparc32_dma tidy-up patchset
- Change TYPE_SUN4M_IOMMU macro from "iommu" to "sun4m-iommu" as suggested by 
Philippe


Mark Cave-Ayland (4):
  sun4m: implement IOMMU translation using IOMMU memory region
  sparc32_dma: switch over to using IOMMU memory region and DMA API
  sun4m_iommu: remove legacy sparc_iommu_memory_rw() function
  sun4m: change TYPE_SUN4M_IOMMU macro from "iommu" to "sun4m-iommu"

 hw/dma/sparc32_dma.c |   17 +
 hw/dma/sun4m_iommu.c |   87 ++
 include/hw/sparc/sun4m.h |   23 
 3 files changed, 75 insertions(+), 52 deletions(-)

-- 
1.7.10.4

[Qemu-devel] [PATCHv2 4/4] sun4m: change TYPE_SUN4M_IOMMU macro from "iommu" to "sun4m-iommu"

[Mark Cave-Ayland]

This is a legacy artifact from when the sun4m IOMMU implementation was
the only IOMMU available within QEMU.

Signed-off-by: Mark Cave-Ayland 
---
 include/hw/sparc/sun4m.h |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/hw/sparc/sun4m.h b/include/hw/sparc/sun4m.h
index c2d0448..c557b0d 100644
--- a/include/hw/sparc/sun4m.h
+++ b/include/hw/sparc/sun4m.h
@@ -9,7 +9,7 @@
 /* Devices used by sparc32 system.  */
 
 /* iommu.c */
-#define TYPE_SUN4M_IOMMU "iommu"
+#define TYPE_SUN4M_IOMMU "sun4m-iommu"
 #define SUN4M_IOMMU(obj) OBJECT_CHECK(IOMMUState, (obj), TYPE_SUN4M_IOMMU)
 
 #define TYPE_SUN4M_IOMMU_MEMORY_REGION "sun4m-iommu-memory-region"
-- 
1.7.10.4

[Qemu-devel] [PATCHv2 3/4] sun4m_iommu: remove legacy sparc_iommu_memory_rw() function

[Mark Cave-Ayland]

With the switch to the IOMMU memory region and DMA API, this is no longer
required.

Signed-off-by: Mark Cave-Ayland 
---
 hw/dma/sun4m_iommu.c |   33 -
 include/hw/sparc/sun4m.h |   16 
 2 files changed, 49 deletions(-)

diff --git a/hw/dma/sun4m_iommu.c b/hw/dma/sun4m_iommu.c
index ce21a22..30a05e8 100644
--- a/hw/dma/sun4m_iommu.c
+++ b/hw/dma/sun4m_iommu.c
@@ -321,39 +321,6 @@ static IOMMUTLBEntry 
sun4m_translate_iommu(IOMMUMemoryRegion *iommu,
 return ret;
 }
 
-void sparc_iommu_memory_rw(void *opaque, hwaddr addr,
-   uint8_t *buf, int len, int is_write)
-{
-int l;
-uint32_t flags;
-hwaddr page, phys_addr;
-
-while (len > 0) {
-page = addr & IOMMU_PAGE_MASK;
-l = (page + IOMMU_PAGE_SIZE) - addr;
-if (l > len)
-l = len;
-flags = iommu_page_get_flags(opaque, page);
-if (!(flags & IOPTE_VALID)) {
-iommu_bad_addr(opaque, page, is_write);
-return;
-}
-phys_addr = iommu_translate_pa(addr, flags);
-if (is_write) {
-if (!(flags & IOPTE_WRITE)) {
-iommu_bad_addr(opaque, page, is_write);
-return;
-}
-cpu_physical_memory_write(phys_addr, buf, l);
-} else {
-cpu_physical_memory_read(phys_addr, buf, l);
-}
-len -= l;
-buf += l;
-addr += l;
-}
-}
-
 static const VMStateDescription vmstate_iommu = {
 .name ="iommu",
 .version_id = 2,
diff --git a/include/hw/sparc/sun4m.h b/include/hw/sparc/sun4m.h
index 6e21e10..c2d0448 100644
--- a/include/hw/sparc/sun4m.h
+++ b/include/hw/sparc/sun4m.h
@@ -29,22 +29,6 @@ typedef struct IOMMUState {
 uint32_t version;
 } IOMMUState;
 
-void sparc_iommu_memory_rw(void *opaque, hwaddr addr,
- uint8_t *buf, int len, int is_write);
-static inline void sparc_iommu_memory_read(void *opaque,
-   hwaddr addr,
-   uint8_t *buf, int len)
-{
-sparc_iommu_memory_rw(opaque, addr, buf, len, 0);
-}
-
-static inline void sparc_iommu_memory_write(void *opaque,
-hwaddr addr,
-uint8_t *buf, int len)
-{
-sparc_iommu_memory_rw(opaque, addr, buf, len, 1);
-}
-
 /* sparc32_dma.c */
 #include "hw/sparc/sparc32_dma.h"
 
-- 
1.7.10.4

Re: [Qemu-devel] [PATCH] sockets: avoid crash when cleaning up sockets for an invalid FD

[Dr. David Alan Gilbert]

* Daniel P. Berrange (berra...@redhat.com) wrote:
> If socket_listen_cleanup is passed an invalid FD, then querying the socket
> local address will fail. We must thus be prepared for the returned addr to
> be NULL
> 
> Reported-by: Dr. David Alan Gilbert 
> Signed-off-by: Daniel P. Berrange 

Reviewed-by: Dr. David Alan Gilbert 

> ---
>  util/qemu-sockets.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
> index b47fb45885..c7fdaa63fb 100644
> --- a/util/qemu-sockets.c
> +++ b/util/qemu-sockets.c
> @@ -1073,6 +1073,9 @@ void socket_listen_cleanup(int fd, Error **errp)
>  SocketAddress *addr;
>  
>  addr = socket_local_address(fd, errp);
> +if (!addr) {
> +return;
> +}
>  
>  if (addr->type == SOCKET_ADDRESS_TYPE_UNIX
>  && addr->u.q_unix.path) {
> -- 
> 2.13.6
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

Re: [Qemu-devel] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Halil Pasic]

On 10/25/2017 08:13 PM, Jason J. Herne wrote:
> On 10/20/2017 10:54 AM, Christian Borntraeger wrote:
>> Starting a guest with
>>     
>>  hvm
>>    
>>    
>>
>> on an IBM z14 results in
>>
>> "qemu-system-s390x: Some features requested in the CPU model are not
>> available in the configuration: gs"
>>
>> This is because guarded storage is fenced for compat machines that did not 
>> have
>> guarded storage support, but libvirt expands the cpu model according to the
>> latest available machine.
>>
>> While this prevents future migration abort (by not starting the guest at 
>> all),
>> not being able to start a "host-model" guest is very much unexpected.  As it
>> turns out, even if we would modify libvirt to not expand the cpu model to
>> contain "gs" for compat machines, it cannot guarantee that a migration will
>> succeed. For example if the kernel changes its features (or the user has
>> nested=1 on one host but not on the other) the migration will fail
>> nevertheless.  So instead of fencing "gs" for machines <= 2.9 lets allow it 
>> for
>> all machine types that support the CPU model. This will make "host-model"
>> runnable all the time, while relying on the CPU model to reject invalid
>> migration attempts.
> ...
>> -    if (gs_allowed()) {
>> +    if (cpu_model_allowed()) {
>>   if (kvm_vm_enable_cap(s, KVM_CAP_S390_GS, 0) == 0) {
>>   cap_gs = 1;


@Jason

Hi Jason,

I don't have access to a z14 at the moment, and since you do, I would
like to try out something.

I will first describe my concern, and then the test scenario.

The last line above, cap_gs = 1, has the side effect of returning
true ever after.

int kvm_s390_get_gs(void)   
{   
return cap_gs;  
}  

Now considering
static bool gscb_needed(void *opaque)
{
return kvm_s390_get_gs();
}

const VMStateDescription vmstate_gscb = {
.name = "cpu/gscb",
.version_id = 1,
.minimum_version_id = 1,
.needed = gscb_needed,
.fields = (VMStateField[]) {
VMSTATE_UINT64_ARRAY(env.gscb, S390CPU, 4),
VMSTATE_END_OF_LIST()
}
};

const VMStateDescription vmstate_s390_cpu = {
.name = "cpu",
.post_load = cpu_post_load,
.pre_save = cpu_pre_save,
.version_id = 4,
.minimum_version_id = 3,
.fields  = (VMStateField[]) {
VMSTATE_UINT64_ARRAY(env.regs, S390CPU, 16),
VMSTATE_UINT64(env.psw.mask, S390CPU),
VMSTATE_UINT64(env.psw.addr, S390CPU),
VMSTATE_UINT64(env.psa, S390CPU),
VMSTATE_UINT32(env.todpr, S390CPU),
VMSTATE_UINT64(env.pfault_token, S390CPU),
VMSTATE_UINT64(env.pfault_compare, S390CPU),
VMSTATE_UINT64(env.pfault_select, S390CPU),
VMSTATE_UINT64(env.cputm, S390CPU),
VMSTATE_UINT64(env.ckc, S390CPU),
VMSTATE_UINT64(env.gbea, S390CPU),
VMSTATE_UINT64(env.pp, S390CPU),
VMSTATE_UINT32_ARRAY(env.aregs, S390CPU, 16),
VMSTATE_UINT64_ARRAY(env.cregs, S390CPU, 16),
VMSTATE_UINT8(env.cpu_state, S390CPU),
VMSTATE_UINT8(env.sigp_order, S390CPU),
VMSTATE_UINT32_V(irqstate_saved_size, S390CPU, 4),
VMSTATE_VBUFFER_UINT32(irqstate, S390CPU, 4, NULL,
   irqstate_saved_size),
VMSTATE_END_OF_LIST()
},
.subsections = (const VMStateDescription*[]) {
&vmstate_fpu,
&vmstate_vregs,
&vmstate_riccb,
&vmstate_exval,
&vmstate_gscb,
NULL
},
};

I would expect the vmstate_gscb subsection being sent, even if gs is disabled
via cpu-model if kernel and possibly machine has gs support (and qemu
has cpu-models).

So the test scenario I want you to play trough is the following. Take
the latest-greatest qemu with this patch applied. Make sure gs works
(is provided to the guest) with a 2.9 machine version, and a fully
specified cpu-model. Now disable gs explicitly.

Try to migrate this to another machine having a 2.9 binary. I expect
the migration failing because, the subsection is going to be sent by
the latest-greatest binary, but is unknown to the 2.9 binary.

Notice this is despite the fact that gs is explicitly disabled.

Now that I think about it, maybe the 2.9 binary is going to reject
the explicit gs flag altogether, because it's unknown.

Isn't this a problem? I'm afraid like this the only migration-safe
variant is -base, but that would essentially make adding features
incrementally impossible. 

But I hypothesize trying to migrate with z13 or even z13-base
would also trigger the unknown subsection problem.

Unfortunately I can't test this because my kernel never
makes kvm_vm_enable_cap(s, KVM_CAP_S390_GS, 0) return 0, because
I lack HW support in the host.

Regards,
Halil


> 
> Ok, honestly, I dislike this idea because it means we are effectively lying 
> now. W

Re: [Qemu-devel] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Christian Borntraeger]

On 10/27/2017 02:31 PM, Halil Pasic wrote:
> 
> 
> On 10/25/2017 08:13 PM, Jason J. Herne wrote:
>> On 10/20/2017 10:54 AM, Christian Borntraeger wrote:
>>> Starting a guest with
>>>     
>>>  hvm
>>>    
>>>    
>>>
>>> on an IBM z14 results in
>>>
>>> "qemu-system-s390x: Some features requested in the CPU model are not
>>> available in the configuration: gs"
>>>
>>> This is because guarded storage is fenced for compat machines that did not 
>>> have
>>> guarded storage support, but libvirt expands the cpu model according to the
>>> latest available machine.
>>>
>>> While this prevents future migration abort (by not starting the guest at 
>>> all),
>>> not being able to start a "host-model" guest is very much unexpected.  As it
>>> turns out, even if we would modify libvirt to not expand the cpu model to
>>> contain "gs" for compat machines, it cannot guarantee that a migration will
>>> succeed. For example if the kernel changes its features (or the user has
>>> nested=1 on one host but not on the other) the migration will fail
>>> nevertheless.  So instead of fencing "gs" for machines <= 2.9 lets allow it 
>>> for
>>> all machine types that support the CPU model. This will make "host-model"
>>> runnable all the time, while relying on the CPU model to reject invalid
>>> migration attempts.
>> ...
>>> -    if (gs_allowed()) {
>>> +    if (cpu_model_allowed()) {
>>>   if (kvm_vm_enable_cap(s, KVM_CAP_S390_GS, 0) == 0) {
>>>   cap_gs = 1;
> 
> 
> @Jason
> 
> Hi Jason,
> 
> I don't have access to a z14 at the moment, and since you do, I would
> like to try out something.
> 
> I will first describe my concern, and then the test scenario.
> 
> The last line above, cap_gs = 1, has the side effect of returning
> true ever after.
> 
> int kvm_s390_get_gs(void) 
>   
> { 
>   
> return cap_gs;
>   
> }  
> 
> Now considering
> static bool gscb_needed(void *opaque)
> {
> return kvm_s390_get_gs();
> }

Yes, we should also replace that with

 return s390_has_feat(S390_FEAT_GUARDED_STORAGE)

I can fixup my patch or provide a 2nd one.

Re: [Qemu-devel] [libvirt] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Christian Borntraeger]

On 10/27/2017 02:31 PM, Halil Pasic wrote:
gs is explicitly disabled.
> 
> Now that I think about it, maybe the 2.9 binary is going to reject
> the explicit gs flag altogether, because it's unknown.
> 
> Isn't this a problem? 

No. This is exactly the _solution_ and not the problem. The target will reject
unknown cpu features and migration will be aborted. This is exactly what the CPU
model is for.

Re: [Qemu-devel] [PATCH v4 13/13] xlnx-zcu102: Add support for the ZynqMP QSPI

[francisco iglesias]

Good day Alistair,

Yes exactly! The qspi aliases on the soc (named "qspi%d") targets the spi
busses on the qspi dev (named "spi%d"). I did it this way in hope that the
code resembles how we connect the SST flashes to the standard spi devices.
Would you like me to do this in an other way or do you possibly think the
approach is ok?

Best regards,
Francisco Iglesias


On 27 Oct 2017 14:03, "Alistair Francis"  wrote:

On Fri, Oct 27, 2017 at 11:17 AM, francisco iglesias
 wrote:
> Dear alistair,
>
> Thank you for the review comments! I will update according them in the
next
> version of the patch series! About your question, I might have
misunderstod,
> but isn't the alias "qspi"? (s/"qspi{0,1}"  ->  s->qspi/"spi{0,1}")

Ah! Now I think I understand. The buses on the QSPI device are still
labeled "spi", is that correct?

Alistair

>
> Best regards,
> Francisco Iglesias
>
> On 27 Oct 2017 10:49, "Alistair Francis"  wrote:
>>
>> On Fri, Oct 27, 2017 at 7:56 AM, Francisco Iglesias
>>  wrote:
>> > Add support for the ZynqMP QSPI (consisting of the Generic QSPI and
>> > Legacy
>> > QSPI) and connect Numonyx n25q512a11 flashes to it.
>> >
>> > Signed-off-by: Francisco Iglesias 
>> > ---
>> >  hw/arm/xlnx-zcu102.c | 23 +++
>> >  hw/arm/xlnx-zynqmp.c | 24 
>> >  include/hw/arm/xlnx-zynqmp.h |  5 +
>> >  3 files changed, 52 insertions(+)
>> >
>> > diff --git a/hw/arm/xlnx-zcu102.c b/hw/arm/xlnx-zcu102.c
>> > index 519a16e..7d61972 100644
>> > --- a/hw/arm/xlnx-zcu102.c
>> > +++ b/hw/arm/xlnx-zcu102.c
>> > @@ -150,6 +150,29 @@ static void xlnx_zynqmp_init(XlnxZCU102 *s,
>> > MachineState *machine)
>> >  sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.spi[i]), 1,
cs_line);
>> >  }
>> >
>> > +for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_FLASH; i++) {
>> > +SSIBus *spi_bus;
>> > +DeviceState *flash_dev;
>> > +qemu_irq cs_line;
>> > +DriveInfo *dinfo = drive_get_next(IF_MTD);
>> > +int bus = i / XLNX_ZYNQMP_NUM_QSPI_BUS_CS;
>> > +gchar *bus_name = g_strdup_printf("qspi%d", bus);
>> > +
>> > +spi_bus = (SSIBus *)qdev_get_child_bus(DEVICE(&s->soc),
>> > bus_name);
>> > +g_free(bus_name);
>> > +
>> > +flash_dev = ssi_create_slave_no_init(spi_bus, "n25q512a11");
>> > +if (dinfo) {
>> > +qdev_prop_set_drive(flash_dev, "drive",
>> > blk_by_legacy_dinfo(dinfo),
>> > +&error_fatal);
>> > +}
>> > +qdev_init_nofail(flash_dev);
>> > +
>> > +cs_line = qdev_get_gpio_in_named(flash_dev, SSI_GPIO_CS, 0);
>> > +
>> > +sysbus_connect_irq(SYS_BUS_DEVICE(&s->soc.qspi), i + 1,
>> > cs_line);
>> > +}
>> > +
>> >  /* TODO create and connect IDE devices for ide_drive_get() */
>> >
>> >  xlnx_zcu102_binfo.ram_size = ram_size;
>> > diff --git a/hw/arm/xlnx-zynqmp.c b/hw/arm/xlnx-zynqmp.c
>> > index d4b6560..f7c8b4b 100644
>> > --- a/hw/arm/xlnx-zynqmp.c
>> > +++ b/hw/arm/xlnx-zynqmp.c
>> > @@ -40,6 +40,10 @@
>> >  #define SATA_ADDR   0xFD0C
>> >  #define SATA_NUM_PORTS  2
>> >
>> > +#define QSPI_ADDR   0xff0f
>> > +#define LQSPI_ADDR  0xc000
>> > +#define QSPI_IRQ15
>> > +
>> >  #define DP_ADDR 0xfd4a
>> >  #define DP_IRQ  113
>> >
>> > @@ -169,6 +173,9 @@ static void xlnx_zynqmp_init(Object *obj)
>> >  qdev_set_parent_bus(DEVICE(&s->spi[i]), sysbus_get_default());
>> >  }
>> >
>> > +object_initialize(&s->qspi, sizeof(s->qspi),
>> > TYPE_XLNX_ZYNQMP_QSPIPS);
>> > +qdev_set_parent_bus(DEVICE(&s->qspi), sysbus_get_default());
>> > +
>> >  object_initialize(&s->dp, sizeof(s->dp), TYPE_XLNX_DP);
>> >  qdev_set_parent_bus(DEVICE(&s->dp), sysbus_get_default());
>> >
>> > @@ -405,6 +412,23 @@ static void xlnx_zynqmp_realize(DeviceState *dev,
>> > Error **errp)
>> >  g_free(bus_name);
>> >  }
>> >
>> > +object_property_set_bool(OBJECT(&s->qspi), true, "realized",
&err);
>> > +sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 0, QSPI_ADDR);
>> > +sysbus_mmio_map(SYS_BUS_DEVICE(&s->qspi), 1, LQSPI_ADDR);
>> > +sysbus_connect_irq(SYS_BUS_DEVICE(&s->qspi), 0,
gic_spi[QSPI_IRQ]);
>>
>> New line here
>>
>> > +for (i = 0; i < XLNX_ZYNQMP_NUM_QSPI_BUS; i++) {
>> > +gchar *bus_name;
>> > +gchar *target_bus;
>>
>> New line here
>>
>> > +/* Alias controller SPI bus to the SoC itself */
>> > +bus_name = g_strdup_printf("qspi%d", i);
>> > +target_bus = g_strdup_printf("spi%d", i);
>> > +object_property_add_alias(OBJECT(s), bus_name,
>> > +  OBJECT(&s->qspi), target_bus,
>>
>> Why do we alias qspi to spi?
>>
>> Alistair
>>
>> > +  &error_abort);
>> > +g_free(bus_name);
>> > +g_free(target_bus);
>> > +}
>> > +
>> >  object_property_set_bool(OBJECT(&s->dp), true, "realized", &er

Re: [Qemu-devel] [libvirt] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Christian Borntraeger]

On 10/27/2017 02:45 PM, Christian Borntraeger wrote:
> 
> 
> On 10/27/2017 02:31 PM, Halil Pasic wrote:
> gs is explicitly disabled.
>>
>> Now that I think about it, maybe the 2.9 binary is going to reject
>> the explicit gs flag altogether, because it's unknown.
>>
>> Isn't this a problem? 
> 
> No. This is exactly the _solution_ and not the problem. The target will reject
> unknown cpu features and migration will be aborted. This is exactly what the 
> CPU
> model is for.
FWIW, I think in your particular case the QEMU will reject the z14 cpu and not 
even come
to checking the gs. 

Re: [Qemu-devel] [PATCH] net: detect errors from probing vnet hdr flag for TAP devices

[Dr. David Alan Gilbert]

* Daniel P. Berrange (berra...@redhat.com) wrote:
> When QEMU sets up a tap based network device backend, it mostly ignores errors
> reported from various ioctl() calls it makes, assuming the TAP file descriptor
> is valid. This assumption can easily be violated when the user is passing in a
> pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but if
> the user passes in a bogus FD number that happens to clash with a FD number 
> that
> QEMU has opened internally for another reason, a wide variety of errnos may
> result, as the TUNGETIFF ioctl number may map to a completely different 
> command
> on a different type of file.
> 
> By ignoring all these errors, QEMU sets up a zombie network backend that will
> never pass any data. Even worse, when QEMU shuts down, or that network backend
> is hot-removed, it will close this bogus file descriptor, which could belong 
> to
> another QEMU device backend.
> 
> There's no obvious guaranteed reliable way to detect that a FD genuinely is a
> TAP device, as opposed to a UNIX socket, or pipe, or something else. Checking
> the errno from probing vnet hdr flag though, does catch the big common cases.
> ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when FD 
> is
> a UNIX socket, or pipe which catches accidental collisions with FDs used for
> stdio, or monitor socket.
> 
> Previously the example below where bogus fd 9 collides with the FD used for 
> the
> chardev saw:
> 
> $ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
>   -chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
>   -monitor stdio -vnc :0
> qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: 
> Inappropriate ioctl for device
> TUNSETOFFLOAD ioctl() failed: Bad address
> QEMU 2.9.1 monitor - type 'help' for more information
> (qemu) Warning: netdev hostnet0 has no peer
> 
> which gives a running QEMU with a zombie network backend.
> 
> With this change applied we get an error message and QEMU immediately exits
> before carrying on and making a bigger disaster:

Right, that does make a better error so;

Tested-by: Dr. David Alan Gilbert 

Is there anyway we could get that error before the -chardev goes and
allocates the fd 9?

Dave


> 
> $ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
>   -chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
>   -monitor stdio -vnc :0
> qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=9: Unable to query 
> TUNGETIFF on FD 9: Inappropriate ioctl for device
> 
> Reported-by: Dr. David Alan Gilbert 
> Signed-off-by: Daniel P. Berrange 
> ---
>  net/tap-bsd.c |  2 +-
>  net/tap-linux.c   | 12 +---
>  net/tap-solaris.c |  2 +-
>  net/tap-stub.c|  2 +-
>  net/tap.c | 25 -
>  net/tap_int.h |  2 +-
>  6 files changed, 33 insertions(+), 12 deletions(-)
> 
> diff --git a/net/tap-bsd.c b/net/tap-bsd.c
> index 6c9692263d..4f1d633b08 100644
> --- a/net/tap-bsd.c
> +++ b/net/tap-bsd.c
> @@ -211,7 +211,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, 
> Error **errp)
>  {
>  }
>  
> -int tap_probe_vnet_hdr(int fd)
> +int tap_probe_vnet_hdr(int fd, Error **errp)
>  {
>  return 0;
>  }
> diff --git a/net/tap-linux.c b/net/tap-linux.c
> index 535b1ddb61..de74928407 100644
> --- a/net/tap-linux.c
> +++ b/net/tap-linux.c
> @@ -147,13 +147,19 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions 
> *tap, Error **errp)
>  }
>  }
>  
> -int tap_probe_vnet_hdr(int fd)
> +int tap_probe_vnet_hdr(int fd, Error **errp)
>  {
>  struct ifreq ifr;
>  
>  if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
> -error_report("TUNGETIFF ioctl() failed: %s", strerror(errno));
> -return 0;
> +/* Kernel pre-dates TUNGETIFF support */
> +if (errno == -EINVAL) {
> +return 0;
> +} else {
> +error_setg_errno(errp, errno,
> + "Unable to query TUNGETIFF on FD %d", fd);
> +return -1;
> +}
>  }
>  
>  return ifr.ifr_flags & IFF_VNET_HDR;
> diff --git a/net/tap-solaris.c b/net/tap-solaris.c
> index a2a92356c1..3437838a92 100644
> --- a/net/tap-solaris.c
> +++ b/net/tap-solaris.c
> @@ -206,7 +206,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, 
> Error **errp)
>  {
>  }
>  
> -int tap_probe_vnet_hdr(int fd)
> +int tap_probe_vnet_hdr(int fd, Error **errp)
>  {
>  return 0;
>  }
> diff --git a/net/tap-stub.c b/net/tap-stub.c
> index a9ab8f8293..de525a2e69 100644
> --- a/net/tap-stub.c
> +++ b/net/tap-stub.c
> @@ -37,7 +37,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, 
> Error **errp)
>  {
>  }
>  
> -int tap_probe_vnet_hdr(int fd)
> +int tap_probe_vnet_hdr(int fd, Error **errp)
>  {
>  return 0;
>  }
> diff --git a/net/tap.c b/net/tap.c
> index 979e622e60..763fd2d9b2 100644
> --- a/net/tap.c
> +++ b/net/tap.c
> @@ -592,7 +592,11 @@ int net_init_bridge(const Netdev *netde

Re: [Qemu-devel] [PATCH] net: detect errors from probing vnet hdr flag for TAP devices

[Daniel P. Berrange]

On Fri, Oct 27, 2017 at 01:59:22PM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berra...@redhat.com) wrote:
> > When QEMU sets up a tap based network device backend, it mostly ignores 
> > errors
> > reported from various ioctl() calls it makes, assuming the TAP file 
> > descriptor
> > is valid. This assumption can easily be violated when the user is passing 
> > in a
> > pre-opened file descriptor. At best, the ioctls may fail with a -EBADF, but 
> > if
> > the user passes in a bogus FD number that happens to clash with a FD number 
> > that
> > QEMU has opened internally for another reason, a wide variety of errnos may
> > result, as the TUNGETIFF ioctl number may map to a completely different 
> > command
> > on a different type of file.
> > 
> > By ignoring all these errors, QEMU sets up a zombie network backend that 
> > will
> > never pass any data. Even worse, when QEMU shuts down, or that network 
> > backend
> > is hot-removed, it will close this bogus file descriptor, which could 
> > belong to
> > another QEMU device backend.
> > 
> > There's no obvious guaranteed reliable way to detect that a FD genuinely is 
> > a
> > TAP device, as opposed to a UNIX socket, or pipe, or something else. 
> > Checking
> > the errno from probing vnet hdr flag though, does catch the big common 
> > cases.
> > ie calling TUNGETIFF will return EBADF for an invalid FD, and ENOTTY when 
> > FD is
> > a UNIX socket, or pipe which catches accidental collisions with FDs used for
> > stdio, or monitor socket.
> > 
> > Previously the example below where bogus fd 9 collides with the FD used for 
> > the
> > chardev saw:
> > 
> > $ ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,fd=9 \
> >   -chardev socket,id=charchannel0,path=/tmp/qga,server,nowait \
> >   -monitor stdio -vnc :0
> > qemu-system-x86_64: -netdev tap,id=hostnet0,fd=9: TUNGETIFF ioctl() failed: 
> > Inappropriate ioctl for device
> > TUNSETOFFLOAD ioctl() failed: Bad address
> > QEMU 2.9.1 monitor - type 'help' for more information
> > (qemu) Warning: netdev hostnet0 has no peer
> > 
> > which gives a running QEMU with a zombie network backend.
> > 
> > With this change applied we get an error message and QEMU immediately exits
> > before carrying on and making a bigger disaster:
> 
> Right, that does make a better error so;
> 
> Tested-by: Dr. David Alan Gilbert 
> 
> Is there anyway we could get that error before the -chardev goes and
> allocates the fd 9?

That is unfortunately determined by the order in which the QEMU command line
args are parsed, and chardevs are procssed before netdevs.

Regards,
Daniel
-- 
|: https://berrange.com  -o-https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o-https://fstop138.berrange.com :|
|: https://entangle-photo.org-o-https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH v6]arm: Makefiles to kinetis k64 platform

[KONRAD Frederic]

Hi,

Why does this patch has a v6 prefix? And it seems some patches
are missing.
To send your patches I suggest you use git send-email.

About this patch:
Each Makefile modification should go in the patch which
introduces the new model.
eg:
hw/char/Makefile.objs must be modified in 4/5 kinetis_k64_uart.

Fred

On 10/26/2017 12:34 PM, Gabriel Costa wrote:

From: Gabriel Augusto Costa 

This file change the Makefiles to compile the mk64fn1m0 machine.

Signed-off-by: Gabriel Augusto Costa 
---
  default-configs/arm-softmmu.mak | 1 +
  hw/arm/Makefile.objs| 1 +
  hw/char/Makefile.objs   | 1 +
  hw/misc/Makefile.objs   | 3 +++
  4 files changed, 6 insertions(+)

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 5059d13..a835d4f
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -130,3 +130,4 @@ CONFIG_SMBIOS=y
  CONFIG_ASPEED_SOC=y
  CONFIG_GPIO_KEY=y
  CONFIG_MSF2=y
+CONFIG_KINETIS_K64=y
diff --git a/hw/arm/Makefile.objs b/hw/arm/Makefile.objs
index 2794e08..874a38a
--- a/hw/arm/Makefile.objs
+++ b/hw/arm/Makefile.objs
@@ -20,3 +20,4 @@ obj-$(CONFIG_FSL_IMX6) += fsl-imx6.o sabrelite.o
  obj-$(CONFIG_ASPEED_SOC) += aspeed_soc.o aspeed.o
  obj-$(CONFIG_MPS2) += mps2.o
  obj-$(CONFIG_MSF2) += msf2-soc.o msf2-som.o
+obj-$(CONFIG_KINETIS_K64) += mk64fn1m0.o
diff --git a/hw/char/Makefile.objs b/hw/char/Makefile.objs
index 1bcd37e..75b194c
--- a/hw/char/Makefile.objs
+++ b/hw/char/Makefile.objs
@@ -31,3 +31,4 @@ common-obj-$(CONFIG_SCLPCONSOLE) += sclpconsole.o 
sclpconsole-lm.o
  
  obj-$(CONFIG_VIRTIO) += virtio-serial-bus.o

  obj-$(CONFIG_TERMINAL3270) += terminal3270.o
+obj-$(CONFIG_KINETIS_K64) += kinetis_k64_uart.o
diff --git a/hw/misc/Makefile.objs b/hw/misc/Makefile.objs
index 19202d9..c5c8589
--- a/hw/misc/Makefile.objs
+++ b/hw/misc/Makefile.objs
@@ -61,3 +61,6 @@ obj-$(CONFIG_AUX) += auxbus.o
  obj-$(CONFIG_ASPEED_SOC) += aspeed_scu.o aspeed_sdmc.o
  obj-y += mmio_interface.o
  obj-$(CONFIG_MSF2) += msf2-sysreg.o
+obj-$(CONFIG_KINETIS_K64) += kinetis_k64_mcg.o
+obj-$(CONFIG_KINETIS_K64) += kinetis_k64_pmux.o
+obj-$(CONFIG_KINETIS_K64) += kinetis_k64_system.o

Re: [Qemu-devel] [PATCH v5 1/5]arm: kinetis_k64_mcg

[KONRAD Frederic]

On 10/26/2017 12:34 PM, Gabriel Costa wrote:

From: Gabriel Augusto Costa 

This Patch include kinetis_k64_mcg.c and .h
mcg means Multipurpose Clock Generator (MCG)
More information about this peripheral can be found at:
pag 579, K64P144M120SF5RM.pdf.

Signed-off-by: Gabriel Augusto Costa 
---
  hw/misc/kinetis_k64_mcg.c | 208 ++
  include/hw/misc/kinetis_k64_mcg.h |  43 
  2 files changed, 251 insertions(+)
  create mode 100644 hw/misc/kinetis_k64_mcg.c
  create mode 100644 include/hw/misc/kinetis_k64_mcg.h

diff --git a/hw/misc/kinetis_k64_mcg.c b/hw/misc/kinetis_k64_mcg.c
new file mode 100644
index 000..654f96b
--- /dev/null
+++ b/hw/misc/kinetis_k64_mcg.c
@@ -0,0 +1,208 @@
+/*
+ * Kinetis K64 peripheral microcontroller emulation.
+ *
+ * Copyright (c) 2017 Advantech Wireless
+ * Written by Gabriel Costa 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 or
+ *  (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "qemu/log.h"
+#include "hw/misc/kinetis_k64_mcg.h"
+
+static const VMStateDescription vmstate_kinetis_k64_mcg = {
+.name = TYPE_KINETIS_K64_MCG,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(C1, kinetis_k64_mcg_state),
+VMSTATE_UINT8(C2, kinetis_k64_mcg_state),
+VMSTATE_UINT8(C3, kinetis_k64_mcg_state),
+VMSTATE_UINT8(C4, kinetis_k64_mcg_state),
+VMSTATE_UINT8(C5, kinetis_k64_mcg_state),
+VMSTATE_UINT8(C6, kinetis_k64_mcg_state),
+VMSTATE_UINT8(S, kinetis_k64_mcg_state),
+VMSTATE_UINT8(SC, kinetis_k64_mcg_state),
+VMSTATE_UINT8(ATCVH, kinetis_k64_mcg_state),
+VMSTATE_UINT8(ATCVL, kinetis_k64_mcg_state),
+VMSTATE_UINT8(C7, kinetis_k64_mcg_state),
+VMSTATE_UINT8(C8, kinetis_k64_mcg_state),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void kinetis_k64_mcg_reset(DeviceState *dev)
+{
+kinetis_k64_mcg_state *s = KINETIS_K64_MCG(dev);
+
+s->C1 = 0x04;
+s->C2 = 0x80;
+s->C3 = 0x00;
+s->C4 = 0x00;
+s->C5 = 0x00;
+s->C6 = 0x00;
+s->S = 0x10;
+s->SC = 0x02;
+s->ATCVH = 0x00;
+s->ATCVL = 0x00;
+s->C7 = 0x00;
+s->C8 = 0x80;
+}
+
+static void kinetis_k64_mcg_write(void *opaque, hwaddr offset, uint64_t value,
+unsigned size)
+{
+kinetis_k64_mcg_state *s = (kinetis_k64_mcg_state *)opaque;
+
+value &= 0xFF;
+
+switch (offset) {
+case 0x00:
+if (value & 1 << 2) { /*IREFS*/
+s->S = 0;
+s->S |= 1 << 3; /*10 Enconding 2 - External ref clk is selected*/
+}
+if ((s->C1 & 0x80) && (value >> 6 == 0)) {
+s->S |= 1 << 2; /*11 Enconding 3 - Output of the PLL is selected*/
+}
+s->C1 = value;
+break;
+case 0x01:
+s->C2 = value;
+break;
+case 0x02:
+s->C3 = value;
+break;
+case 0x03:
+s->C4 = value;
+break;
+case 0x04:
+s->C5 = value;
+if (s->C5 & 1 << 6) { /*PLLCLKEN0*/
+s->S |= 1 << 6;  /*LOCK0*/
+}
+break;
+case 0x05:
+s->C6 = value;
+if (s->C6 & 1 << 6) { /*PLLS*/
+s->S |= 1 << 5;  /*PLLST*/
+}
+break;
+case 0x06:
+s->S = value;
+break;
+case 0x08:
+s->SC = value;
+break;
+case 0x0A:
+s->ATCVH = value;
+break;
+case 0x0B:
+s->ATCVL = value;
+break;
+case 0x0C:
+s->C7 = value;
+break;
+case 0x0D:
+s->C8 = value;
+break;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+"kinetis_k64_mcg: write at bad offset 0x%x\n", (int)offset);


I'd use HWADDR_PRIX here instead of %x.


+}
+}
+
+static uint64_t kinetis_k64_mcg_read(void *opaque, hwaddr offset, unsigned 
size)
+{
+kinetis_k64_mcg_state *s = (kinetis_k64_mcg_state *)opaque;
+uint8_t value;
+
+switch (offset) {
+case 0x00:
+value = s->C1;
+break;
+case 0x01:
+value = s->C2;
+break;
+case 0x02:
+value = s->C3;
+break;
+case 0x03:
+value = s->C4;
+break;
+case 0x04:
+value = s->C5;
+break;
+case 0x05:
+value = s->C6;
+break;
+case 0x06:
+value = s->S;
+break;
+case 0x08:
+value = s->SC;
+break;
+case 0x0A:
+value = s->ATCVH;
+break;
+case 0x0B:
+value = s->ATCVL;
+break;
+case 0x0C:
+value = s->C7;
+break;
+case 0x0D:
+value = s->C8;
+break;
+default:
+qemu_log_mask(LOG_GUEST_ERROR,
+"kinetis_k64_mcg: read at bad offset 0x%x\n", (int)offset);


The same.


+return 0;
+}
+re

[Qemu-devel] [PATCH v2 1/4] build: allow setting a custom GIT binary for transparent proxying

[Daniel P. Berrange]

Some users can't run a bare 'git' command, due to need for a transparent
proxying solution such as 'tsocks'. This adds an argument to configure to
let users specify such a thing:

  ./configure --with-git="tsocks git"

The submodule script is also updated to give the user a hint about using this
flag, if we fail to checkout modules.

Signed-off-by: Daniel P. Berrange 
---
 Makefile |  4 ++--
 configure|  5 +
 scripts/git-submodule.sh | 30 +-
 3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 9372742f86..4c9d0eaef2 100644
--- a/Makefile
+++ b/Makefile
@@ -21,14 +21,14 @@ git-submodule-update:
 ifeq (0,$(MAKELEVEL))
   git_module_status := $(shell \
 cd '$(SRC_PATH)' && \
-./scripts/git-submodule.sh status $(GIT_SUBMODULES); \
+GIT="$(GIT)" ./scripts/git-submodule.sh status $(GIT_SUBMODULES); \
 echo $$?; \
   )
 
 ifeq (1,$(git_module_status))
 git-submodule-update:
$(call quiet-command, \
-  (cd $(SRC_PATH) && ./scripts/git-submodule.sh update 
$(GIT_SUBMODULES)), \
+  (cd $(SRC_PATH) && GIT="$(GIT)" ./scripts/git-submodule.sh update 
$(GIT_SUBMODULES)), \
   "GIT","$(GIT_SUBMODULES)")
 endif
 endif
diff --git a/configure b/configure
index 03547cea6a..65765968f3 100755
--- a/configure
+++ b/configure
@@ -271,6 +271,7 @@ then
 else
 git_submodules=""
 fi
+git="git"
 
 # Don't accept a target_list environment variable.
 unset target_list
@@ -1294,6 +1295,8 @@ for opt do
   error_exit "vhost-user isn't available on win32"
   fi
   ;;
+  --with-git=*) git="$optarg"
+  ;;
   *)
   echo "ERROR: unknown option $opt"
   echo "Try '$0 --help' for more information"
@@ -5338,6 +5341,7 @@ echo "local state directory   queried at runtime"
 echo "Windows SDK   $win_sdk"
 fi
 echo "Source path   $source_path"
+echo "GIT binary$git"
 echo "GIT submodules$git_submodules"
 echo "C compiler$cc"
 echo "Host C compiler   $host_cc"
@@ -5528,6 +5532,7 @@ echo "extra_cxxflags=$EXTRA_CXXFLAGS" >> $config_host_mak
 echo "extra_ldflags=$EXTRA_LDFLAGS" >> $config_host_mak
 echo "qemu_localedir=$qemu_localedir" >> $config_host_mak
 echo "libs_softmmu=$libs_softmmu" >> $config_host_mak
+echo "GIT=$git" >> $config_host_mak
 echo "GIT_SUBMODULES=$git_submodules" >> $config_host_mak
 
 echo "ARCH=$ARCH" >> $config_host_mak
diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh
index 08932a35f0..c66567d409 100755
--- a/scripts/git-submodule.sh
+++ b/scripts/git-submodule.sh
@@ -3,14 +3,19 @@
 # This code is licensed under the GPL version 2 or later.  See
 # the COPYING file in the top-level directory.
 
-set -e
-
 substat=".git-submodule-status"
 
 command=$1
 shift
 modules="$@"
 
+test -z "$GIT" && GIT=git
+
+error() {
+printf "$0: %s\n" "$*" >&2
+exit 1
+}
+
 if test -z "$modules"
 then
 test -e $substat || touch $substat
@@ -27,12 +32,27 @@ case "$command" in
 status)
 test -f "$substat" || exit 1
 trap "rm -f ${substat}.tmp" EXIT
-git submodule status $modules > "${substat}.tmp"
+$GIT submodule status $modules > "${substat}.tmp"
+test $? -ne 0 && error "failed to query git submodule status"
 diff "${substat}" "${substat}.tmp" >/dev/null
 exit $?
 ;;
 update)
-git submodule update --init $modules 1>/dev/null
-git submodule status $modules > "${substat}"
+$GIT submodule update --init $modules 1>/dev/null
+if test $? -ne 0 ; then
+echo
+echo "Unable to automatically checkout GIT submodules '$modules'."
+echo "If you require use of an alternative GIT binary (for example to"
+echo "enable use of a transparent proxy), then please specify it by"
+echo "running configure by with the '--with-git' argument. e.g."
+echo
+echo " $ ./configure --with-git='tsocks git'"
+echo
+exit 1
+fi
+$GIT submodule status $modules > "${substat}"
+test $? -ne 0 && error "failed to save git submodule status"
 ;;
 esac
+
+exit 0
-- 
2.13.6

[Qemu-devel] [PATCH v2 4/4] build: don't fail if given a git submodule which does not exist

[Daniel P. Berrange]

If going back in time in git history, across a commit that introduces a new
submodule, the 'git-submodule.sh' script will fail, causing rebuild to fail.

This is because config-host.mak contains a GIT_SUBMODULES variable that lists
a submodule that only exists in the later commit. config-host.mak won't get
repopulated until config.status is invoked, but make won't get this far due to
the submodule error.

This change makes 'git-submodule.sh' check whether each module is known to git
and drops any which are not present. A warning message will be printed when any
submodule is dropped in this manner.

Signed-off-by: Daniel P. Berrange 
---
 scripts/git-submodule.sh | 16 ++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh
index 30fd83db55..60b3b9bdeb 100755
--- a/scripts/git-submodule.sh
+++ b/scripts/git-submodule.sh
@@ -7,7 +7,7 @@ substat=".git-submodule-status"
 
 command=$1
 shift
-modules="$@"
+maybe_modules="$@"
 
 test -z "$GIT" && GIT=git
 
@@ -16,12 +16,24 @@ error() {
 exit 1
 }
 
-if test -z "$modules"
+if test -z "$maybe_modules"
 then
 test -e $substat || touch $substat
 exit 0
 fi
 
+modules=""
+for m in $maybe_modules
+do
+$GIT submodule status $m 1> /dev/null 2>&1
+if test $? == 0
+then
+modules="$modules $m"
+else
+echo "warn: ignoring non-existant submodule $m"
+fi
+done
+
 if ! test -e ".git"
 then
 echo "$0: unexpectedly called with submodules but no git checkout exists"
-- 
2.13.6

[Qemu-devel] [PATCH v2 0/4] Various improvements to submodule handling

[Daniel P. Berrange]

I've sent a variety of improvements to submodule handling as separate patches
and its getting slightly confusing. So here is a series with all patches added
together. I've also included a fix that helps us go backwards in time across
the introduction of a submodule.

Daniel P. Berrange (4):
  build: allow setting a custom GIT binary for transparent proxying
  build: don't create temporary files in source dir
  build: allow automatic git submodule updates to be disabled
  build: don't fail if given a git submodule which does not exist

 Makefile | 15 ++--
 configure| 14 +++-
 scripts/git-submodule.sh | 59 
 3 files changed, 76 insertions(+), 12 deletions(-)

-- 
2.13.6

[Qemu-devel] [Bug 546458] Re: kernel NULL pointer in -virtual (-server) kernel

[Bug Watch Updater]

Launchpad has imported 11 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=560114.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2010-01-29T21:39:02+00:00 James wrote:

Description of problem:

During an VNC installation on a virt guest, the installer appeared to
hang while installing the bootloader.  Closer inspection on the console
shows a kernel NULL pointer dereference.

Version-Release number of selected component (if applicable):

 * anaconda-13.23
 * kernel-2.6.33-0.23.rc5.git1.fc13.x86_64

How reproducible:
 * This is the first time out of 8 or more installs

Steps to Reproduce:
1. Perform an installation against 
http://alt.fedoraproject.org/pub/alt/stage/rawhide-testing/
  
Actual results:

Running anaconda 13.23, the Fedora system installer - please wait. 
21:09:16 Starting VNC...
21:09:17 The VNC server is now running.
21:09:17 

WARNING!!! VNC server running with NO PASSWORD!
You can use the vncpassword= boot option
if you would like to secure the server.


21:09:17 Please manually connect your vnc client to test1200.test.redhat.com:1 
(10.10.10.200) to begin the install.
Press  for a shell
21:09:18 Starting graphical installation.

sh-4.1# BUG: unable to handle kernel NULL pointer dereference at 
0358
IP: [] sym_int_sir+0x646/0x1549 [sym53c8xx]
PGD 2b2ef067 PUD 3eea2067 PMD 0 
Oops:  [#1] SMP 
last sysfs file: 
/sys/devices/pci:00/:00:04.0/host2/target2:0:0/2:0:0:0/block/sda/removable
CPU 0 
Pid: 0, comm: swapper Not tainted 2.6.33-0.23.rc5.git1.fc13.x86_64 #1 /
RIP: 0010:[]  [] sym_int_sir+0x646/0x1549 
[sym53c8xx]
RSP: 0018:880003c039b0  EFLAGS: 00010087
RAX: 000a RBX: 88003e41c000 RCX: 0070
RDX:  RSI: a0103c22 RDI: c9a5a006
RBP: 880003c03a30 R08: 81a4b830 R09: 0001
R10:  R11:  R12: 
R13: 88003e41c090 R14: 88003e6a800b R15: 0084
FS:  () GS:880003c0() knlGS:
CS:  0010 DS:  ES:  CR0: 8005003b
CR2: 0358 CR3: 2b2ec000 CR4: 06f0
DR0:  DR1:  DR2: 
DR3:  DR6: 0ff0 DR7: 0400
Process swapper (pid: 0, threadinfo 81a0, task 81a4b020)
Stack:
  0002 81a4b020 
<0>    0046
<0>   880003c03a60 88003e41c000
Call Trace:
  
 [] sym_interrupt+0x49e/0x6d2 [sym53c8xx]
 [] sym53c8xx_intr+0x4d/0x7b [sym53c8xx]
 [] handle_IRQ_event+0x53/0x119
 [] handle_fasteoi_irq+0x90/0xd0
 [] handle_irq+0x88/0x91
 [] do_IRQ+0x5c/0xc3
 [] ret_from_intr+0x0/0x16
 [] ? _raw_spin_unlock_irqrestore+0x4c/0x56
 [] ? spin_unlock_irqrestore+0xe/0x10
 [] ? scsi_dispatch_cmd+0x1c1/0x234
 [] ? scsi_request_fn+0x476/0x4a3
 [] ? __blk_run_queue+0x45/0x74
 [] ? blk_run_queue+0x26/0x3a
 [] ? scsi_run_queue+0x300/0x3ac
 [] ? put_device+0x17/0x19
 [] ? scsi_next_command+0x3b/0x4b
 [] ? scsi_io_completion+0x1f7/0x448
 [] ? spin_unlock_irqrestore+0xe/0x10
 [] ? scsi_finish_command+0xf5/0xfe
 [] ? scsi_softirq_done+0x111/0x11a
 [] ? blk_done_softirq+0x82/0x92
 [] ? __do_softirq+0xf8/0x1cd
 [] ? call_softirq+0x1c/0x30
 [] ? do_softirq+0x4b/0xa3
 [] ? irq_exit+0x4a/0x8c
 [] ? do_IRQ+0xac/0xc3
 [] ? ret_from_intr+0x0/0x16
  
 [] ? native_safe_halt+0xb/0xd
 [] ? trace_hardirqs_on+0xd/0xf
 [] ? default_idle+0x3b/0x5d
 [] ? cpu_idle+0xaf/0xe9
 [] ? rest_init+0x7e/0x80
 [] ? start_kernel+0x440/0x44b
 [] ? x86_64_start_reservations+0xa7/0xab
 [] ? x86_64_start_kernel+0xf8/0x107
Code: b2 d5 10 a0 48 89 da eb 65 48 8b 9f b0 01 00 00 48 81 c7 a0 01 00 00 e8 
68 02 1e e1 48 c7 c7 ec d5 10 a0 48 89 c6 48 89 da eb 6f <49> 8b 84 24 58 03 00 
00 48 8b 90 80 00 00 00 48 8b 38 4c 8b a2 
RIP  [] sym_int_sir+0x646/0x1549 [sym53c8xx]
 RSP 
CR2: 0358
---[ end trace f535af648735afc9 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Pid: 0, comm: swapper Tainted: G  D2.6.33-0.23.rc5.git1.fc13.x86_64 #1
Call Trace:
   [] panic+0x7a/0x142
 [] oops_end+0xb7/0xc7
 [] no_context+0x1fc/0x20b
 [] ? pvclock_clocksource_read+0x47/0x83
 [] __bad_area_nosemaphore+0x192/0x1b5
 [] ? kvm_clock_read+0x21/0x23
 [] bad_area_nosemaphore+0x13/0x15
 [] do_page_fault+0x16f/0x2df
 [] page_fault+0x25/0x30
 [] ? sym53c8xx_intr+0x45/0x7b [sym53c8xx]
 [] ? sym_int_sir+0x646/0x1549 [sym53c8xx]
 [] sym_interrupt+0x49e/0x6d2 [sym53c8xx]
 [] sym53c8xx_intr+0x4d/0x7b [sym53c8xx]
 [] handle_IRQ_event+0x53/0x119
 [] handle_fasteoi_irq+0x90/0xd0
 [] handle_irq+0x

[Qemu-devel] [PATCH v2 2/4] build: don't create temporary files in source dir

[Daniel P. Berrange]

There are cases where users do VPATH builds with the source directory being on
a read-only volume. In such a case they have to manually run the command
'git-submodule.sh ...modules...'  manually ahead of time. When checking for
status we should not then write into the source dir.

Signed-off-by: Daniel P. Berrange 
---
 scripts/git-submodule.sh | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh
index c66567d409..586ff32293 100755
--- a/scripts/git-submodule.sh
+++ b/scripts/git-submodule.sh
@@ -31,10 +31,10 @@ fi
 case "$command" in
 status)
 test -f "$substat" || exit 1
-trap "rm -f ${substat}.tmp" EXIT
-$GIT submodule status $modules > "${substat}.tmp"
-test $? -ne 0 && error "failed to query git submodule status"
-diff "${substat}" "${substat}.tmp" >/dev/null
+substat_tmp=$(mktemp)
+trap "rm -f ${substat_tmp}" EXIT
+$GIT submodule status $modules > "${substat_tmp}"
+diff "${substat}" "${substat_tmp}" >/dev/null
 exit $?
 ;;
 update)
-- 
2.13.6

[Qemu-devel] [PATCH v2 3/4] build: allow automatic git submodule updates to be disabled

[Daniel P. Berrange]

Some people building QEMU use VPATH builds where the source directory is on a
read-only volume. In such a case 'scripts/git-submodules.sh update' will always
fail and users are required to run it manually themselves on their original
writable source directory.

While this is already supported, it is nice to give users a command line flag
to configure to permanently disable automatic submodule updates, as it means
they won't get hard to diagnose failures from git-submodules.sh at an arbitrary
later date.

This patch thus introduces a flag '--disable-git-update' which will prevent
'make' from ever running 'scripts/git-submodules.sh update'. It will still run
the 'status' command to determine if a submodule update is needed, but when it
does this it'll simply stop and print a message instructing the developer what
todo. eg

$ ./configure  --target-list=x86_64-softmmu --disable-git-update
...snip...

$ make
  GEN config-host.h
  GEN trace/generated-tcg-tracers.h
  GEN trace/generated-helpers-wrappers.h
  GEN trace/generated-helpers.h
  GEN trace/generated-helpers.c
  GEN module_block.h

GIT submodule checkout is out of date. Please run
  scripts/git-submodule.sh update ui/keycodemapdb
from the source directory checkout /home/berrange/src/virt/qemu

make: *** [Makefile:31: git-submodule-update] Error 1

Signed-off-by: Daniel P. Berrange 
---
 Makefile | 11 +++
 configure|  9 -
 scripts/git-submodule.sh |  9 +
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 4c9d0eaef2..cefb75dc8d 100644
--- a/Makefile
+++ b/Makefile
@@ -26,12 +26,23 @@ ifeq (0,$(MAKELEVEL))
   )
 
 ifeq (1,$(git_module_status))
+ifeq (no,$(GIT_UPDATE))
+git-submodule-update:
+   $(call quiet-command, \
+echo && \
+echo "GIT submodule checkout is out of date. Please run" && \
+echo "  scripts/git-submodule.sh update $(GIT_SUBMODULES)" && \
+echo "from the source directory checkout $(SRC_PATH)" && \
+echo && \
+exit 1)
+else
 git-submodule-update:
$(call quiet-command, \
   (cd $(SRC_PATH) && GIT="$(GIT)" ./scripts/git-submodule.sh update 
$(GIT_SUBMODULES)), \
   "GIT","$(GIT_SUBMODULES)")
 endif
 endif
+endif
 
 .git-submodule-status: git-submodule-update config-host.mak
 
diff --git a/configure b/configure
index 65765968f3..8a569e1770 100755
--- a/configure
+++ b/configure
@@ -267,8 +267,10 @@ stack_protector=""
 
 if test -e "$source_path/.git"
 then
+git_update=yes
 git_submodules="ui/keycodemapdb"
 else
+git_update=no
 git_submodules=""
 fi
 git="git"
@@ -1297,11 +1299,15 @@ for opt do
   ;;
   --with-git=*) git="$optarg"
   ;;
+  --enable-git-update) git_update=yes
+  ;;
+  --disable-git-update) git_update=no
+  ;;
   *)
   echo "ERROR: unknown option $opt"
   echo "Try '$0 --help' for more information"
   exit 1
-  ;;
+  ;;
   esac
 done
 
@@ -5534,6 +5540,7 @@ echo "qemu_localedir=$qemu_localedir" >> $config_host_mak
 echo "libs_softmmu=$libs_softmmu" >> $config_host_mak
 echo "GIT=$git" >> $config_host_mak
 echo "GIT_SUBMODULES=$git_submodules" >> $config_host_mak
+echo "GIT_UPDATE=$git_update" >> $config_host_mak
 
 echo "ARCH=$ARCH" >> $config_host_mak
 
diff --git a/scripts/git-submodule.sh b/scripts/git-submodule.sh
index 586ff32293..30fd83db55 100755
--- a/scripts/git-submodule.sh
+++ b/scripts/git-submodule.sh
@@ -48,6 +48,15 @@ update)
 echo
 echo " $ ./configure --with-git='tsocks git'"
 echo
+echo "Alternatively you may disable automatic GIT submodule checkout"
+echo "with:"
+echo
+echo " $ ./configure --disable-git-update'"
+echo
+echo "and then manually update submodules prior to running make, with:"
+echo
+echo " $ scripts/git-sbumodule.sh update $modules"
+echo
 exit 1
 fi
 $GIT submodule status $modules > "${substat}"
-- 
2.13.6

Re: [Qemu-devel] [PATCH v5 3/5]arm: kinetis_k64_system

[KONRAD Frederic]

On 10/26/2017 12:34 PM, Gabriel Costa wrote:

From: Gabriel Augusto Costa 

This Patch include kinetis_k64_system.c and .h
sim means System Integration Module (SIM)
More information about this peripheral can be found at:
pag 291, K64P144M120SF5RM.pdf.

Signed-off-by: Gabriel Augusto Costa 
---
  hw/misc/kinetis_k64_system.c | 274 +++
  include/hw/misc/kinetis_k64_system.h |  52 +++
  2 files changed, 326 insertions(+)
  create mode 100644 hw/misc/kinetis_k64_system.c
  create mode 100644 include/hw/misc/kinetis_k64_system.h

diff --git a/hw/misc/kinetis_k64_system.c b/hw/misc/kinetis_k64_system.c
new file mode 100644
index 000..6421153
--- /dev/null
+++ b/hw/misc/kinetis_k64_system.c
@@ -0,0 +1,274 @@
+/*
+ * Kinetis K64 peripheral microcontroller emulation.
+ *
+ * Copyright (c) 2017 Advantech Wireless
+ * Written by Gabriel Costa 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 or
+ *  (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "qemu/log.h"
+#include "hw/misc/kinetis_k64_system.h"
+
+static const VMStateDescription vmstate_kinetis_k64_sim = {
+.name = TYPE_KINETIS_K64_SIM,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT32(SOPT1, kinetis_k64_sim_state),
+VMSTATE_UINT32(SOPT1CFG, kinetis_k64_sim_state),
+VMSTATE_UINT32(SOPT2, kinetis_k64_sim_state),
+VMSTATE_UINT32(SOPT4, kinetis_k64_sim_state),
+VMSTATE_UINT32(SOPT5, kinetis_k64_sim_state),
+VMSTATE_UINT32(SOPT7, kinetis_k64_sim_state),
+VMSTATE_UINT32(SDID, kinetis_k64_sim_state),
+VMSTATE_UINT32(SCGC1, kinetis_k64_sim_state),
+VMSTATE_UINT32(SCGC2, kinetis_k64_sim_state),
+VMSTATE_UINT32(SCGC3, kinetis_k64_sim_state),
+VMSTATE_UINT32(SCGC4, kinetis_k64_sim_state),
+VMSTATE_UINT32(SCGC5, kinetis_k64_sim_state),
+VMSTATE_UINT32(SCGC6, kinetis_k64_sim_state),
+VMSTATE_UINT32(SCGC7, kinetis_k64_sim_state),
+VMSTATE_UINT32(CLKDIV1, kinetis_k64_sim_state),
+VMSTATE_UINT32(CLKDIV2, kinetis_k64_sim_state),
+VMSTATE_UINT32(FCFG1, kinetis_k64_sim_state),
+VMSTATE_UINT32(FCFG2, kinetis_k64_sim_state),
+VMSTATE_UINT32(UIDH, kinetis_k64_sim_state),
+VMSTATE_UINT32(UIDMH, kinetis_k64_sim_state),
+VMSTATE_UINT32(UIDML, kinetis_k64_sim_state),
+VMSTATE_UINT32(UIDL, kinetis_k64_sim_state),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void kinetis_k64_sim_reset(DeviceState *dev)
+{
+kinetis_k64_sim_state *s = KINETIS_K64_SIM(dev);
+
+s->SOPT1 = 0x8000;
+s->SOPT1CFG = 0x;
+s->SOPT2 = 0x1000;
+s->SOPT4 = 0x;
+s->SOPT5 = 0x;
+s->SOPT7 = 0x;
+s->SDID = 0x;
+s->SCGC1 = 0x;
+s->SCGC2 = 0x;
+s->SCGC3 = 0x;
+s->SCGC4 = 0xF0100030;
+s->SCGC5 = 0x00040182;
+s->SCGC6 = 0x4001;
+s->SCGC7 = 0x0006;
+s->CLKDIV1 = 0x;
+s->CLKDIV2 = 0x;
+s->FCFG1 = 0xFF00;
+s->FCFG2 = 0x;
+s->UIDH = 0x;
+s->UIDMH = 0x;
+s->UIDML = 0x;
+s->UIDL = 0x;
+}
+
+static void kinetis_k64_sim_write(void *opaque, hwaddr offset, uint64_t value,
+unsigned size)
+{
+kinetis_k64_sim_state *s = (kinetis_k64_sim_state *)opaque;
+
+value &= 0x;
+
+switch (offset) {
+case 0x:
+s->SOPT1 = value;
+break;
+case 0x0004:
+s->SOPT1CFG = value;
+break;
+case 0x1004:
+s->SOPT2 = value;
+break;
+case 0x100C:
+s->SOPT4 = value;
+break;
+case 0x1010:
+s->SOPT5 = value;
+break;
+case 0x1018:
+s->SOPT7 = value;
+break;
+case 0x1024:
+s->SDID = value;
+break;
+case 0x1028:
+s->SCGC1 = value;
+break;
+case 0x102C:
+s->SCGC2 = value;
+break;
+case 0x1030:
+s->SCGC3 = value;
+break;
+case 0x1034:
+s->SCGC4 = value;
+break;
+case 0x1013:
+s->SCGC5 = value;
+break;
+case 0x103C:
+s->SCGC6 = value;
+break;
+case 0x1040:
+s->SCGC7 = value;
+break;
+case 0x1044:
+s->CLKDIV1 = value;
+break;
+case 0x1048:
+s->CLKDIV2 = value;
+break;
+case 0x104C:
+s->FCFG1 = value;
+break;
+case 0x1050:
+s->FCFG2 = value;
+break;
+case 0x1054:
+s->UIDH = value;
+break;
+case 0x1058:
+s->UIDMH = value;
+break;
+case 0x105C:
+s->UIDML = value;
+break;
+case 0x1060:
+s->UIDL = value;
+break;


I suggest you do create one or two arrays

Re: [Qemu-devel] [PATCH v5 4/5]arm: kinetis_k64_uart

[KONRAD Frederic]

On 10/26/2017 12:34 PM, Gabriel Costa wrote:

From: Gabriel Augusto Costa 

This Patch include kinetis_k64_uart.c and .h
uart means Universal Asynchronous Receiver/Transmitter (UART)
More information about this peripheral can be found at:
pag 1529, K64P144M120SF5RM.pdf.

Signed-off-by: Gabriel Augusto Costa 
---
  hw/char/kinetis_k64_uart.c | 342 +
  include/hw/char/kinetis_k64_uart.h |  79 +
  2 files changed, 421 insertions(+)
  create mode 100644 hw/char/kinetis_k64_uart.c
  create mode 100644 include/hw/char/kinetis_k64_uart.h

diff --git a/hw/char/kinetis_k64_uart.c b/hw/char/kinetis_k64_uart.c
new file mode 100644
index 000..fc9327d
--- /dev/null
+++ b/hw/char/kinetis_k64_uart.c
@@ -0,0 +1,342 @@
+/*
+ * Kinetis K64 peripheral microcontroller emulation.
+ *
+ * Copyright (c) 2017 Advantech Wireless
+ * Written by Gabriel Costa 
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 or
+ *  (at your option) any later version.
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "qemu/log.h"
+#include "hw/char/kinetis_k64_uart.h"
+
+static const VMStateDescription vmstate_kinetis_k64_uart = {
+.name = TYPE_KINETIS_K64_UART,
+.version_id = 1,
+.minimum_version_id = 1,
+.fields = (VMStateField[]) {
+VMSTATE_UINT8(BDH, kinetis_k64_uart_state),
+VMSTATE_UINT8(BDL, kinetis_k64_uart_state),
+VMSTATE_UINT8(C1, kinetis_k64_uart_state),
+VMSTATE_UINT8(C2, kinetis_k64_uart_state),
+VMSTATE_UINT8(S1, kinetis_k64_uart_state),
+VMSTATE_UINT8(S2, kinetis_k64_uart_state),
+VMSTATE_UINT8(C3, kinetis_k64_uart_state),
+VMSTATE_UINT8(D, kinetis_k64_uart_state),
+VMSTATE_UINT8(MA1, kinetis_k64_uart_state),
+VMSTATE_UINT8(MA2, kinetis_k64_uart_state),
+VMSTATE_UINT8(C4, kinetis_k64_uart_state),
+VMSTATE_UINT8(C5, kinetis_k64_uart_state),
+VMSTATE_UINT8(ED, kinetis_k64_uart_state),
+VMSTATE_UINT8(MODEM, kinetis_k64_uart_state),
+VMSTATE_UINT8(IR, kinetis_k64_uart_state),
+VMSTATE_UINT8(PFIFO, kinetis_k64_uart_state),
+VMSTATE_UINT8(CFIFO, kinetis_k64_uart_state),
+VMSTATE_UINT8(SFIFO, kinetis_k64_uart_state),
+VMSTATE_UINT8(TWFIFO, kinetis_k64_uart_state),
+VMSTATE_UINT8(TCFIFO, kinetis_k64_uart_state),
+VMSTATE_UINT8(RWFIFO, kinetis_k64_uart_state),
+VMSTATE_UINT8(RCFIFO, kinetis_k64_uart_state),
+VMSTATE_UINT8(C7816, kinetis_k64_uart_state),
+VMSTATE_UINT8(IE7816, kinetis_k64_uart_state),
+VMSTATE_UINT8(IS7816, kinetis_k64_uart_state),
+VMSTATE_UINT8(WP7816Tx, kinetis_k64_uart_state),
+VMSTATE_UINT8(WN7816, kinetis_k64_uart_state),
+VMSTATE_UINT8(WF7816, kinetis_k64_uart_state),
+VMSTATE_UINT8(ET7816, kinetis_k64_uart_state),
+VMSTATE_UINT8(TL7816, kinetis_k64_uart_state),
+VMSTATE_END_OF_LIST()
+}
+};
+
+static void kinetis_k64_uart_reset(DeviceState *dev)
+{
+kinetis_k64_uart_state *s = KINETIS_K64_UART(dev);
+
+s->BDH = 0x00;
+s->BDL = 0x04;
+s->C1 = 0x00;
+s->C2 = 0x00;
+s->S1 = 0xC0;
+s->S2 = 0x00;
+s->C3 = 0x00;
+s->D = 0x00;
+s->MA1 = 0x00;
+s->MA2 = 0x00;
+s->C4 = 0x00;
+s->C5 = 0x00;
+s->ED = 0x00;
+s->MODEM = 0x00;
+s->IR = 0x00;
+s->PFIFO = 0x00;
+s->CFIFO = 0x00;
+s->SFIFO = 0xC0;
+s->TWFIFO = 0x00;
+s->TCFIFO = 0x00;
+s->RWFIFO = 0x01;
+s->RCFIFO = 0x00;
+s->C7816 = 0x00;
+s->IE7816 = 0x00;
+s->IS7816 = 0x00;
+s->WP7816Tx = 0x0A;
+s->WN7816 = 0x00;
+s->WF7816 = 0x01;
+s->ET7816 = 0x00;
+s->TL7816 = 0x00;


Same as previous patch. One array + offset defined will simplify
all of that in a memset and five affectations.


+
+qemu_set_irq(s->irq, 0);
+}
+
+static void kinetis_k64_uart_write(void *opaque, hwaddr offset, uint64_t value,
+unsigned size)
+{
+kinetis_k64_uart_state *s = (kinetis_k64_uart_state *)opaque;
+
+value &= 0xFF;
+
+switch (offset) {
+case 0x00:
+s->BDH = value;
+break;
+case 0x01:
+s->BDL = value;
+break;
+case 0x02:
+s->C1 = value;
+break;
+case 0x03:
+s->C2 = value;
+break;
+case 0x05:
+s->S2 = value;
+break;
+case 0x06:
+s->C3 = value;
+break;
+case 0x07:
+s->D = value;
+qemu_chr_fe_write_all(&s->chr, &s->D, 1);
+break;
+case 0x08:
+s->MA1 = value;
+break;
+case 0x09:
+s->MA2 = value;
+break;
+case 0x0A:
+s->C4 = value;
+break;
+case 0x0B:
+s->C5 = value;
+break;
+case 0x0D:
+s->MODEM = value;
+break;
+case 0x0E:
+s->IR = value;
+break;
+case 0x10:
+  

Re: [Qemu-devel] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Cornelia Huck]

On Fri, 27 Oct 2017 14:42:57 +0200
Christian Borntraeger  wrote:

> Yes, we should also replace that with
> 
>  return s390_has_feat(S390_FEAT_GUARDED_STORAGE)
> 
> I can fixup my patch or provide a 2nd one.
> 

Consider a fixed up patch acked by me.

Re: [Qemu-devel] [libvirt] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Halil Pasic]

On 10/27/2017 02:57 PM, Christian Borntraeger wrote:
> 
> 
> On 10/27/2017 02:45 PM, Christian Borntraeger wrote:
>>
>>
>> On 10/27/2017 02:31 PM, Halil Pasic wrote:
>> gs is explicitly disabled.
>>>
>>> Now that I think about it, maybe the 2.9 binary is going to reject
>>> the explicit gs flag altogether, because it's unknown.
>>>
>>> Isn't this a problem? 
>>
>> No. This is exactly the _solution_ and not the problem. The target will 
>> reject
>> unknown cpu features and migration will be aborted. This is exactly what the 
>> CPU
>> model is for.

I'm not sure we talk abut the same thing. I'm talking about the following. I
want to disable a cpu-model feature for the sake of migration (because I know
that binary version X does not support the feature, because it does not know
about it). Now if I do it via let's say -cpu z13,gs=off on let's say 2.11,
and start with the exact same command line (-cpu z13,gs=off) on lets say 2.9
my migration will explode because of the unknown feature I'm specifying
not to be used.

Well I'm not sure what I describe is relevant. My thinking is along the lines
some features are added incrementally. How do use those of the features not 
included
in -base model which both of my environments support and disable those that
are unsupported by one of the environments.

I will think about it some more. I've asked Boris about this situation,
and he did not put my mind at ease (to be more precise he seemed to
see this as a potential problem too), so I've decided to mention it.
Sorry if I've generated some unnecessary noise.

I think the root of the problem is that I don't understand the difference 
between
z13-base and z13, and the associated rules and expected/intended usages. 

> FWIW, I think in your particular case the QEMU will reject the z14 cpu and 
> not even come
> to checking the gs. 
> 

I had a z13 cpu model in mind. I don't mention a z14 cpu-model (QEMU, not hw) in
my whole email.

Regards,
Halil

Re: [Qemu-devel] [PULL 00/39] x86/cpu/numa queue, 2017-10-26

[Peter Maydell]

On 26 October 2017 at 15:03, Eduardo Habkost  wrote:
> (Note that master is currently broken with --disable-tcg, but I
> don't want to hold the queue until this is fixed.)
>
> The following changes since commit ae49fbbcd8e4e9d8bf7131add34773f579e1aff7:
>
>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20171025' into 
> staging (2017-10-25 16:38:57 +0100)
>
> are available in the git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/x86-and-machine-pull-request
>
> for you to fetch changes up to ba2975aa134fdb0208f0a54c544402fed1890217:
>
>   x86: Skip check apic_id_limit for Xen (2017-10-26 15:29:38 +0200)
>
> 
> x86/machine/numa queue, 2017-10-26

Hi. I'm afraid this breaks the sh4 linux-user code:

/home/petmay01/linaro/qemu-for-merges/build/all-linux-static/sh4-linux-user/qemu-sh4
-L ./gnemul/qemu-sh4 sh4/ls -l dummyfile
unable to find CPU model 'sh7785-superh-cpu'


thanks
-- PMM

Re: [Qemu-devel] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Halil Pasic]

On 10/27/2017 03:31 PM, Cornelia Huck wrote:
> On Fri, 27 Oct 2017 14:42:57 +0200
> Christian Borntraeger  wrote:
> 
>> Yes, we should also replace that with
>>
>>  return s390_has_feat(S390_FEAT_GUARDED_STORAGE)
>>
>> I can fixup my patch or provide a 2nd one.
>>
> 
> Consider a fixed up patch acked by me.
> 

+1 You can keep my ack too. I will try to find some time and read
the v2 though.

Re: [Qemu-devel] [Qemu-ppc] [PATCH] target/ppc: Use tcg_gen_lookup_and_goto_ptr

[David Gibson]

On Thu, Oct 26, 2017 at 11:12:00PM +0200, David Gibson wrote:
> On Thu, Oct 26, 2017 at 02:22:57PM +0200, Thomas Huth wrote:
> > On 30.06.2017 20:37, Richard Henderson wrote:
> > > Cc: qemu-...@nongnu.org
> > > Signed-off-by: Richard Henderson 
> > > ---
> > >  target/ppc/translate.c | 23 ---
> > >  1 file changed, 8 insertions(+), 15 deletions(-)
> > 
> > *ping*
> > 
> > Richard, David, any chance that we can still get this in for 2.11? I
> > think this would be quite a nice performance improvement for PPC TCG...
> 
> Uh.. sorry, I don't even remember this patch.

Managed to dig it out of my archives.  Looks like the problem was it
was just sent to the lists, not CCed to me.  I'm not generally able to
keep up with the lists, and I must have missed it on my periodic scans
through the list.  I've applied it now.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-ppc] [PATCH] target/ppc: Use tcg_gen_lookup_and_goto_ptr

[David Gibson]

On Fri, Oct 27, 2017 at 03:44:22PM +0200, David Gibson wrote:
> On Thu, Oct 26, 2017 at 11:12:00PM +0200, David Gibson wrote:
> > On Thu, Oct 26, 2017 at 02:22:57PM +0200, Thomas Huth wrote:
> > > On 30.06.2017 20:37, Richard Henderson wrote:
> > > > Cc: qemu-...@nongnu.org
> > > > Signed-off-by: Richard Henderson 
> > > > ---
> > > >  target/ppc/translate.c | 23 ---
> > > >  1 file changed, 8 insertions(+), 15 deletions(-)
> > > 
> > > *ping*
> > > 
> > > Richard, David, any chance that we can still get this in for 2.11? I
> > > think this would be quite a nice performance improvement for PPC TCG...
> > 
> > Uh.. sorry, I don't even remember this patch.
> 
> Managed to dig it out of my archives.  Looks like the problem was it
> was just sent to the lists, not CCed to me.  I'm not generally able to
> keep up with the lists, and I must have missed it on my periodic scans
> through the list.  I've applied it now.

.. and now I've unapplied it, because it doesn't compile.  Richard,
can you resend a current version?

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] hw/display/sm501: Fix comment in sm501_sysbus_class_init()

[David Gibson]

On Mon, Oct 23, 2017 at 10:49:15AM +0200, Gerd Hoffmann wrote:
> On Fri, 2017-10-20 at 11:53 +0200, Thomas Huth wrote:
> > The "cannot_instantiate_with_device_add_yet" flag has been renamed
> > to "user_creatable" a while ago.
> > 
> > Signed-off-by: Thomas Huth 
> > ---
> >  hw/display/sm501.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/hw/display/sm501.c b/hw/display/sm501.c
> > index 6eddac9..7f18224 100644
> > --- a/hw/display/sm501.c
> > +++ b/hw/display/sm501.c
> > @@ -1758,7 +1758,7 @@ static void sm501_sysbus_class_init(ObjectClass
> > *klass, void *data)
> >  dc->reset = sm501_reset_sysbus;
> >  dc->vmsd = &vmstate_sm501_sysbus;
> >  /* Note: pointer property "chr-state" may remain null, thus
> > - * no need for dc->cannot_instantiate_with_device_add_yet =
> > true;
> > + * no need for dc->user_creatable = false;
> >   */
> >  }
> >  
> 
> Reviewed-by: Gerd Hoffmann 

Applied to ppc-for-2.11, thanks.

-- 
David Gibson| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson


signature.asc
Description: PGP signature

Re: [Qemu-devel] [libvirt] [PATCH/QEMU] s390x/kvm: use cpu_model_available for guarded storage on compat machines

[Christian Borntraeger]

On 10/27/2017 03:40 PM, Halil Pasic wrote:
> 
> 
> On 10/27/2017 02:57 PM, Christian Borntraeger wrote:
>>
>>
>> On 10/27/2017 02:45 PM, Christian Borntraeger wrote:
>>>
>>>
>>> On 10/27/2017 02:31 PM, Halil Pasic wrote:
>>> gs is explicitly disabled.

 Now that I think about it, maybe the 2.9 binary is going to reject
 the explicit gs flag altogether, because it's unknown.

 Isn't this a problem? 
>>>
>>> No. This is exactly the _solution_ and not the problem. The target will 
>>> reject
>>> unknown cpu features and migration will be aborted. This is exactly what 
>>> the CPU
>>> model is for.
> 
> I'm not sure we talk abut the same thing. I'm talking about the following. I
> want to disable a cpu-model feature for the sake of migration (because I know
> that binary version X does not support the feature, because it does not know
> about it). Now if I do it via let's say -cpu z13,gs=off on let's say 2.11,
> and start with the exact same command line (-cpu z13,gs=off) on lets say 2.9
> my migration will explode because of the unknown feature I'm specifying
> not to be used.

The migration will be rejected because the target qemu will not startup.
You can easily simulate that, e.g. by doing

qemu-system-s390x -cpu z13,notyetknown=off
qemu-system-s390x: can't apply global z13-s390x-cpu.notyetknown=off: Property 
'.notyetknown' not found

But libvirt will not use a full model (and the disable things) instead it will
use the base model and add things. (So libvirt should never use xxx=off)


I think this is really not an issue. If you specify a feature that is not known 
then
QEMU will not start on the target and migration is rejected. The guest 
continues to run
on the source. So if you specify a "too new" facility yourself its really a 
user error.
Everything that uses an explicit model (e.g. -cpu z13 or -cpu,sief2=on) will 
work, but only
as long as the conditions are met. If you specify -cpu z14, it does not matter 
if it fails
if the kernel or QEMU is too old, or if you just happen to run on a z13.

The  only question is/was:  what is about "host-model".
With my patch (+ the gs fixup) the following things will work:
- host-model will work on z13
- host-model will work on z14 (any machine version)
- host model on z13 and then migrating to z14 will work (any machine version)
- host model on z13 and then migrating to z14 and then migrating back will work 
(any version)
- qemu with fixup + host model on z14 with machine version 2.10 can be migrated

The only thing that does not work is
- qemu with fixup + host model on z14 with machine 2.9 can not be migrated to 
qemu 2.9 on z14.

Now: this would have not worked anyway, because qemu 2.9 does not know z14. So 
in theory 
QEMU must forbit z14 for compat machines (which we do not know).

I talked to several people and it seems that on x86 the host model will also 
enable new features
that are not known by older QEMUs and its considered works as designed. (see 
also Jiris mail)


> 
> Well I'm not sure what I describe is relevant. My thinking is along the lines
> some features are added incrementally. How do use those of the features not 
> included
> in -base model which both of my environments support and disable those that
> are unsupported by one of the environments.
> 
> I will think about it some more. I've asked Boris about this situation,
> and he did not put my mind at ease (to be more precise he seemed to
> see this as a potential problem too), so I've decided to mention it.
> Sorry if I've generated some unnecessary noise.
> 
> I think the root of the problem is that I don't understand the difference 
> between
> z13-base and z13, and the associated rules and expected/intended usages. 

z13-base contains only those features that a guaranteed to be there (there is
the list of non-hypervisor managed features). z13 is z13-base + all features 
that
will be available in a reasonably recent kernel+qemu combination and make sense
to be there a default. So it might happen that you cannot start -cpu z14, e.g. 
if you run on a kernel < 4.12.

 
>> FWIW, I think in your particular case the QEMU will reject the z14 cpu and 
>> not even come
>> to checking the gs. 
>>
> 
> I had a z13 cpu model in mind. I don't mention a z14 cpu-model (QEMU, not hw) 
> in
> my whole email.
> 
> Regards,
> Halil
> 

Re: [Qemu-devel] [PULL 00/39] x86/cpu/numa queue, 2017-10-26

[Eduardo Habkost]

On Fri, Oct 27, 2017 at 02:42:11PM +0100, Peter Maydell wrote:
> On 26 October 2017 at 15:03, Eduardo Habkost  wrote:
> > (Note that master is currently broken with --disable-tcg, but I
> > don't want to hold the queue until this is fixed.)
> >
> > The following changes since commit ae49fbbcd8e4e9d8bf7131add34773f579e1aff7:
> >
> >   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20171025' into 
> > staging (2017-10-25 16:38:57 +0100)
> >
> > are available in the git repository at:
> >
> >   git://github.com/ehabkost/qemu.git tags/x86-and-machine-pull-request
> >
> > for you to fetch changes up to ba2975aa134fdb0208f0a54c544402fed1890217:
> >
> >   x86: Skip check apic_id_limit for Xen (2017-10-26 15:29:38 +0200)
> >
> > 
> > x86/machine/numa queue, 2017-10-26
> 
> Hi. I'm afraid this breaks the sh4 linux-user code:
> 
> /home/petmay01/linaro/qemu-for-merges/build/all-linux-static/sh4-linux-user/qemu-sh4
> -L ./gnemul/qemu-sh4 sh4/ls -l dummyfile
> unable to find CPU model 'sh7785-superh-cpu'

A fixup patch from Igor was missing, sorry.  v2 will be sent
soon.

BTW, is there a way we can include linux-user tests on travis-ci?

-- 
Eduardo

Re: [Qemu-devel] [PATCH v2] s390-ccw: print carriage return with new lines

[Christian Borntraeger]

On 10/26/2017 10:54 PM, Collin L. Walling wrote:
> On 10/26/2017 04:48 PM, Alexander Graf wrote:
>>
>> On 26.10.17 22:37, Collin L. Walling wrote:
>>> On 10/26/2017 04:25 PM, Alexander Graf wrote:
 On 26.10.17 20:52, Collin L. Walling wrote:
> The sclp console in the s390 bios writes raw data,
> leading console emulators (such as virsh console) to
> treat a new line ('\n') as just a new line instead
> of as a Unix line feed. Because of this, output
> appears in a "stair case" pattern.
>
> Let's print \r\n on every occurrence of a new line
> in the string passed to write to amend this issue.
>
> This is in sync with the guest Linux code in
> drivers/s390/char/sclp_vt220.c which also does a line feed
> conversion  in the console part of the driver.
>
> This fixes the s390-ccw and s390-netboot output like
> $ virsh start test --console
> Domain test started
> Connected to domain test
> Escape character is ^]
> Network boot starting...
>     Using MAC address: 02:01:02:03:04:05
>  
> Requesting information via DHCP:  010
>
> Signed-off-by: Collin L. Walling 
> Signed-off-by: Christian Borntraeger 
> ---
>    pc-bios/s390-ccw/sclp.c | 16 +---
>    1 file changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/pc-bios/s390-ccw/sclp.c b/pc-bios/s390-ccw/sclp.c
> index 486fce1..f8ad5ae 100644
> --- a/pc-bios/s390-ccw/sclp.c
> +++ b/pc-bios/s390-ccw/sclp.c
> @@ -68,17 +68,27 @@ void sclp_setup(void)
>    long write(int fd, const void *str, size_t len)
>    {
>    WriteEventData *sccb = (void *)_sccb;
> +    const char *p = str;
> +    size_t data_len = 0;
> +    size_t i;
>      if (fd != 1 && fd != 2) {
>    return -EIO;
>    }
>    -    sccb->h.length = sizeof(WriteEventData) + len;
> +    for (i = len; i > 0; i--) {
 Where did the bounds check go? If you write(max) before, you were
 writing max bytes. If you do it now, you end up writing max + n bytes
 and potentially overflow the array, no?


 Alex
>>> I wasn't a fan of the code aesthetics and being that the SCCB write buffer
>>> allows about 4k bytes of data to be written to it, I felt it was safe to
>>> remove it.  It's unlikely we'd be writing that much data in the bios, plus
>>> that check did not exist prior to this fixup.
>>>
>>> Though, reading that out loud, it probably isn't the best idea to sacrifice
>>> code robustness for code aesthetics.
>>>
>>> for (i = len; i > 0; i--) {
>>>  if (data_len > SCCB_DATA_LEN - 1) {
>>>      return -SOME_ERROR
>>>  }
>>>  if (*p == '\n') {
>>>      sccb->data[data_len++] = '\r';
>>>  }
>>>  sccb->data[data_len++] = *p;
>>>  p++;
>>> }
>>>
>>> What do you think?
>> Normally write() would just write less bytes than it was requested to
>> write and tell you that in the return value. So how about
>>
>> for (i = 0; i < len; i++) {
>>  if ((data_len + 1) >= SCCB_DATA_LEN) {
>>  /* We would overflow the sccb buffer, abort early */
>>  len = i;
>>  break;
>>  }
>>
>>  if (*p == '\n') {
>>  /* Terminal emulators might need \r\n, so generate it */
>>  sccb->data[data_len++] = '\r';
>>  }
>>
>>  sccb->data[data_len++] = *p;
>>  p++;
>> }
>>
>>
>> Alex
>>
> Makes sense to me.  I'll let this patch sit on the list for a little
> while longer before fixing up for v3 in case Imight have missed
> something else :)

Alex version looks sane. Can you post the patch today? soft freeze is 
approaching soon.

Re: [Qemu-devel] [PATCH 1/6] CAN bus simple SJA1000 PCI card emulation for QEMU

[KONRAD Frederic]

Hi Pavel,

On 10/25/2017 01:12 AM, p...@cmp.felk.cvut.cz wrote:

From: Pavel Pisa 

The work is based on Jin Yang GSoC 2013 work funded
by Google and mentored in frame of RTEMS project GSoC
slot donated to QEMU.

Rewritten for QEMU-2.0+ versions and architecture cleanup
by Pavel Pisa (Czech Technical University in Prague).

The core SJA1000 support is independent of provided
PCI board. The simple core CAN bus infrastructure
is independent as well.

Connection to the real host CAN bus network through
SocketCAN network interface is available for Linux
host system as well.

Signed-off-by: Pavel Pisa 
---
  default-configs/pci.mak |   2 +
  hw/Makefile.objs|   1 +
  hw/can/Makefile.objs|   5 +
  hw/can/can_core.c   | 374 +++


Correct me if I'm wrong but this file above doesn't introduce
SJA1000 PCI board? If not it should be in a separate patch.


  hw/can/can_pci.c| 246 +
  hw/can/can_sja1000.c| 962 
  hw/can/can_sja1000.h| 173 +
  include/can/can_emu.h   | 133 +++
  8 files changed, 1896 insertions(+)
  create mode 100644 hw/can/Makefile.objs
  create mode 100644 hw/can/can_core.c
  create mode 100644 hw/can/can_pci.c
  create mode 100644 hw/can/can_sja1000.c
  create mode 100644 hw/can/can_sja1000.h
  create mode 100644 include/can/can_emu.h

diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index e514bdef42..0e18ce3263 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -31,6 +31,8 @@ CONFIG_ESP_PCI=y
  CONFIG_SERIAL=y
  CONFIG_SERIAL_ISA=y
  CONFIG_SERIAL_PCI=y
+CONFIG_CAN_SJA1000=y
+CONFIG_CAN_PCI=y
  CONFIG_IPACK=y
  CONFIG_WDT_IB6300ESB=y
  CONFIG_PCI_TESTDEV=y
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index cf4cb2010b..9d84b8faaa 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -6,6 +6,7 @@ devices-dirs-$(CONFIG_SOFTMMU) += block/
  devices-dirs-$(CONFIG_SOFTMMU) += bt/
  devices-dirs-$(CONFIG_SOFTMMU) += char/
  devices-dirs-$(CONFIG_SOFTMMU) += cpu/
+devices-dirs-$(CONFIG_SOFTMMU) += can/
  devices-dirs-$(CONFIG_SOFTMMU) += display/
  devices-dirs-$(CONFIG_SOFTMMU) += dma/
  devices-dirs-$(CONFIG_SOFTMMU) += gpio/
diff --git a/hw/can/Makefile.objs b/hw/can/Makefile.objs
new file mode 100644
index 00..98ff1e32db
--- /dev/null
+++ b/hw/can/Makefile.objs
@@ -0,0 +1,5 @@
+# CAN bus interfaces emulation and infrastructure
+
+common-obj-$(CONFIG_CAN_SJA1000) += can_core.o
+common-obj-$(CONFIG_CAN_SJA1000) += can_sja1000.o
+common-obj-$(CONFIG_CAN_PCI) += can_pci.o
diff --git a/hw/can/can_core.c b/hw/can/can_core.c
new file mode 100644
index 00..b6a43a2e9b
--- /dev/null
+++ b/hw/can/can_core.c
@@ -0,0 +1,374 @@
+/*
+ * CAN common CAN bus emulation support
+ *
+ * Copyright (c) 2013-2014 Jin Yang
+ * Copyright (c) 2014 Pavel Pisa
+ *
+ * Initial development supported by Google GSoC 2013 from RTEMS project slot
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to 
deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 
FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+#include "qemu/osdep.h"
+#include "chardev/char.h"
+#include "qemu/sockets.h"
+#include "qemu/error-report.h"
+#include "hw/hw.h"
+#include "can/can_emu.h"
+
+/*
+ * The option to connect individual CAN busses
+ * to the host CAN interface is operating system
+ * and CAN drivers infrastructure specific.
+ *
+ * Linux SocketCAN support is implemented for now.
+ * If more otions are added later, then they can be
+ * moved to separate files.
+ */
+#ifdef __linux__
+#include 
+#include 
+#include 
+#include 
+
+#define NUM_FILTER4
+#define CAN_READ_BUF_LEN  5
+typedef struct {
+CanBusClientState  bus_client;
+qemu_can_filterrfilter[NUM_FILTER];
+can_err_mask_t err_mask;
+
+qemu_can_frame buf[CAN_READ_BUF_LEN];
+intbufcnt;
+intbufptr;
+
+intfd;
+} CanBusHostConnectState;
+
+#endif /*__linux__*/ > +
+static QTAILQ_HEAD(, CanBusState) can_buses =
+QTA

[Qemu-devel] [PULL v2 00/39] x86/cpu/numa queue, 2017-10-27

[Eduardo Habkost]

Change in v2:
* Include sh4-linux-user fixup sent by Igor
  (at: "sh4: simplify superh_cpu_class_by_name()")

The following changes since commit 74d7fc7f6385158b8a5c524c61baaef1b66f3dac:

  tcg: Avoid setting tcg_initialize if !CONFIG_TCG (2017-10-26 17:47:36 +0100)

are available in the git repository at:

  git://github.com/ehabkost/qemu.git tags/x86-and-machine-pull-request

for you to fetch changes up to 1a26f46692320f1981c95967e0d5af4443b5f0b1:

  x86: Skip check apic_id_limit for Xen (2017-10-27 16:04:28 +0200)


x86/cpu/numa queue, 2017-10-27



Igor Mammedov (38):
  alpha: cleanup cpu type name composition
  alpha: use generic cpu_model parsing
  cris: cleanup cpu type name composition
  cris: use generic cpu_model parsing
  lm32: cleanup cpu type name composition
  lm32: milkymist: use generic cpu_model parsing
  lm32: lm32_boards: use generic cpu_model parsing
  m68k: cleanup cpu type name composition
  m68k: an5206: use generic cpu_model parsing
  m68k: mcf5208: use generic cpu_model parsing
  moxie: fix qemu-system-moxie failing to start with CLI "-cpu
MoxieLite"
  moxie: cleanup cpu type name composition
  moxie: use generic cpu_model parsing
  openrisc: cleanup cpu type name composition
  openrisc: use generic cpu_model parsing
  sh4: r2d: use generic cpu_model parsing
  sh4: shix: use generic cpu_model parsing
  sh4: cleanup cpu type name composition
  sh4: simplify superh_cpu_class_by_name()
  sh4: remove SuperHCPUClass::name field
  xtensa: cleanup cpu type name composition
  xtensa: sim: use generic cpu_model parsing
  xtensa: lx60/lx200/ml605/kc705: use generic cpu_model parsing
  unicore32: cleanup cpu type name composition
  unicore32: use generic cpu_model parsing
  tricore: cleanup cpu type name composition
  tricore: use generic cpu_model parsing
  sparc: cleanup cpu type name composition
  sparc: sun4u/sun4v/niagara: use generic cpu_model parsing
  sparc: sparc: use generic cpu_model parsing
  sparc: leon3: use generic cpu_model parsing
  mips: use object_new() instead of gnew()+object_initialize()
  mips: malta/boston: replace cpu_model with cpu_type
  mips: fulong2e: replace cpu_model with cpu_type
  mips: Magnum/Acer Pica 61: replace cpu_model with cpu_type
  mips: mipssim: replace cpu_model with cpu_type
  mips: r4k: replace cpu_model with cpu_type
  numa: fixup parsed NumaNodeOptions earlier

Lan Tianyu (1):
  x86: Skip check apic_id_limit for Xen

 include/hw/mips/cps.h  |   2 +-
 include/hw/sparc/sparc64.h |   3 +-
 target/alpha/cpu.h |   3 ++
 target/cris/cpu.h  |   3 ++
 target/lm32/cpu.h  |   3 ++
 target/m68k/cpu.h  |   3 ++
 target/mips/cpu.h  |   8 ++-
 target/moxie/cpu.h |   3 ++
 target/openrisc/cpu.h  |   3 ++
 target/sh4/cpu-qom.h   |   8 ++-
 target/sh4/cpu.h   |   3 ++
 target/sparc/cpu.h |   3 ++
 target/tricore/cpu.h   |   2 +
 target/unicore32/cpu.h |   3 ++
 target/xtensa/cpu.h|   4 ++
 hw/alpha/dp264.c   |   4 +-
 hw/cris/axis_dev88.c   |   7 +--
 hw/i386/pc.c   |   2 +-
 hw/lm32/lm32_boards.c  |  14 ++
 hw/lm32/milkymist.c|   7 +--
 hw/m68k/an5206.c   |   7 +--
 hw/m68k/mcf5208.c  |   7 +--
 hw/mips/boston.c   |  14 +++---
 hw/mips/cps.c  |   4 +-
 hw/mips/mips_fulong2e.c|   7 +--
 hw/mips/mips_jazz.c|   8 ++-
 hw/mips/mips_malta.c   |  36 ++
 hw/mips/mips_mipssim.c |  15 +++---
 hw/mips/mips_r4k.c |  16 +++---
 hw/moxie/moxiesim.c|   7 +--
 hw/openrisc/openrisc_sim.c |   8 +--
 hw/sh4/r2d.c   |   8 +--
 hw/sh4/shix.c  |   7 +--
 hw/sparc/leon3.c   |   8 +--
 hw/sparc/sun4m.c   |  29 +--
 hw/sparc64/niagara.c   |   4 +-
 hw/sparc64/sparc64.c   |   8 +--
 hw/sparc64/sun4u.c |   8 ++-
 hw/tricore/tricore_testboard.c |   6 +--
 hw/unicore32/puv3.c|   8 +--
 hw/xtensa/sim.c|   8 +--
 hw/xtensa/xtfpga.c |  11 ++---
 linux-user/main.c  |   2 +-
 numa.c |  19 
 target/alpha/cpu.c | 107 +
 target/cris/cpu.c  |  81 +++
 target/lm32/cpu.c  |  74 +---
 target/m68k/cpu.c  |  75 +++--
 target/mips/cpu.c  |   2 +-
 target/mips/translate.c|  20 +++-
 target/mips/translate_init.c   |  12 -
 target/moxie/cpu.c |  61 +--
 target/openrisc/cpu.c  |  69 +-
 target/sh4/cpu.c   | 1

[Qemu-devel] [PULL v2 05/39] lm32: cleanup cpu type name composition

[Eduardo Habkost]

From: Igor Mammedov 

introduce LM32_CPU_TYPE_NAME macro and consistently use it
to construct cpu type names. While at it replace dynamic
cpu type name composition with static data.

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: Michael Walle 
Message-Id: <1507211474-188400-9-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 target/lm32/cpu.h |  3 +++
 target/lm32/cpu.c | 74 +--
 2 files changed, 25 insertions(+), 52 deletions(-)

diff --git a/target/lm32/cpu.h b/target/lm32/cpu.h
index de265b50d1..2279594f40 100644
--- a/target/lm32/cpu.h
+++ b/target/lm32/cpu.h
@@ -257,6 +257,9 @@ bool lm32_cpu_do_semihosting(CPUState *cs);
 
 #define cpu_init(cpu_model) cpu_generic_init(TYPE_LM32_CPU, cpu_model)
 
+#define LM32_CPU_TYPE_SUFFIX "-" TYPE_LM32_CPU
+#define LM32_CPU_TYPE_NAME(model) model LM32_CPU_TYPE_SUFFIX
+
 #define cpu_list lm32_cpu_list
 #define cpu_signal_handler cpu_lm32_signal_handler
 
diff --git a/target/lm32/cpu.c b/target/lm32/cpu.c
index 7f3a292f2b..6f5c14767b 100644
--- a/target/lm32/cpu.c
+++ b/target/lm32/cpu.c
@@ -51,7 +51,7 @@ static void lm32_cpu_list_entry(gpointer data, gpointer 
user_data)
 const char *typename = object_class_get_name(oc);
 char *name;
 
-name = g_strndup(typename, strlen(typename) - strlen("-" TYPE_LM32_CPU));
+name = g_strndup(typename, strlen(typename) - 
strlen(LM32_CPU_TYPE_SUFFIX));
 (*s->cpu_fprintf)(s->file, "  %s\n", name);
 g_free(name);
 }
@@ -215,32 +215,12 @@ static void lm32_full_cpu_initfn(Object *obj)
   | LM32_FEATURE_CYCLE_COUNT;
 }
 
-typedef struct LM32CPUInfo {
-const char *name;
-void (*initfn)(Object *obj);
-} LM32CPUInfo;
-
-static const LM32CPUInfo lm32_cpus[] = {
-{
-.name = "lm32-basic",
-.initfn = lm32_basic_cpu_initfn,
-},
-{
-.name = "lm32-standard",
-.initfn = lm32_standard_cpu_initfn,
-},
-{
-.name = "lm32-full",
-.initfn = lm32_full_cpu_initfn,
-},
-};
-
 static ObjectClass *lm32_cpu_class_by_name(const char *cpu_model)
 {
 ObjectClass *oc;
 char *typename;
 
-typename = g_strdup_printf("%s-" TYPE_LM32_CPU, cpu_model);
+typename = g_strdup_printf(LM32_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
 g_free(typename);
 if (oc != NULL && (!object_class_dynamic_cast(oc, TYPE_LM32_CPU) ||
@@ -283,36 +263,26 @@ static void lm32_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->tcg_initialize = lm32_translate_init;
 }
 
-static void lm32_register_cpu_type(const LM32CPUInfo *info)
-{
-TypeInfo type_info = {
-.parent = TYPE_LM32_CPU,
-.instance_init = info->initfn,
-};
-
-type_info.name = g_strdup_printf("%s-" TYPE_LM32_CPU, info->name);
-type_register(&type_info);
-g_free((void *)type_info.name);
-}
+#define DEFINE_LM32_CPU_TYPE(cpu_model, initfn) \
+{ \
+.parent = TYPE_LM32_CPU, \
+.name = LM32_CPU_TYPE_NAME(cpu_model), \
+.instance_init = initfn, \
+}
 
-static const TypeInfo lm32_cpu_type_info = {
-.name = TYPE_LM32_CPU,
-.parent = TYPE_CPU,
-.instance_size = sizeof(LM32CPU),
-.instance_init = lm32_cpu_initfn,
-.abstract = true,
-.class_size = sizeof(LM32CPUClass),
-.class_init = lm32_cpu_class_init,
+static const TypeInfo lm32_cpus_type_infos[] = {
+{ /* base class should be registered first */
+ .name = TYPE_LM32_CPU,
+ .parent = TYPE_CPU,
+ .instance_size = sizeof(LM32CPU),
+ .instance_init = lm32_cpu_initfn,
+ .abstract = true,
+ .class_size = sizeof(LM32CPUClass),
+ .class_init = lm32_cpu_class_init,
+},
+DEFINE_LM32_CPU_TYPE("lm32-basic", lm32_basic_cpu_initfn),
+DEFINE_LM32_CPU_TYPE("lm32-standard", lm32_standard_cpu_initfn),
+DEFINE_LM32_CPU_TYPE("lm32-full", lm32_full_cpu_initfn),
 };
 
-static void lm32_cpu_register_types(void)
-{
-int i;
-
-type_register_static(&lm32_cpu_type_info);
-for (i = 0; i < ARRAY_SIZE(lm32_cpus); i++) {
-lm32_register_cpu_type(&lm32_cpus[i]);
-}
-}
-
-type_init(lm32_cpu_register_types)
+DEFINE_TYPES(lm32_cpus_type_infos)
-- 
2.13.6

[Qemu-devel] [PULL v2 03/39] cris: cleanup cpu type name composition

[Eduardo Habkost]

From: Igor Mammedov 

replace ambiguous TYPE macro with a new CRIS_CPU_TYPE_NAME
and use it consistently in the code.

Signed-off-by: Igor Mammedov 
Message-Id: <1507211474-188400-7-git-send-email-imamm...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé 
Signed-off-by: Eduardo Habkost 
---
 target/cris/cpu.h |  3 +++
 target/cris/cpu.c | 81 +++
 2 files changed, 30 insertions(+), 54 deletions(-)

diff --git a/target/cris/cpu.h b/target/cris/cpu.h
index 5d822dee16..b64fa3542c 100644
--- a/target/cris/cpu.h
+++ b/target/cris/cpu.h
@@ -269,6 +269,9 @@ enum {
 
 #define cpu_init(cpu_model) cpu_generic_init(TYPE_CRIS_CPU, cpu_model)
 
+#define CRIS_CPU_TYPE_SUFFIX "-" TYPE_CRIS_CPU
+#define CRIS_CPU_TYPE_NAME(name) (name CRIS_CPU_TYPE_SUFFIX)
+
 #define cpu_signal_handler cpu_cris_signal_handler
 
 /* MMU modes definitions */
diff --git a/target/cris/cpu.c b/target/cris/cpu.c
index 527a3448bf..949c7a6e25 100644
--- a/target/cris/cpu.c
+++ b/target/cris/cpu.c
@@ -71,11 +71,11 @@ static ObjectClass *cris_cpu_class_by_name(const char 
*cpu_model)
 
 #if defined(CONFIG_USER_ONLY)
 if (strcasecmp(cpu_model, "any") == 0) {
-return object_class_by_name("crisv32-" TYPE_CRIS_CPU);
+return object_class_by_name(CRIS_CPU_TYPE_NAME("crisv32"));
 }
 #endif
 
-typename = g_strdup_printf("%s-" TYPE_CRIS_CPU, cpu_model);
+typename = g_strdup_printf(CRIS_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
 g_free(typename);
 if (oc != NULL && (!object_class_dynamic_cast(oc, TYPE_CRIS_CPU) ||
@@ -108,7 +108,7 @@ static void cris_cpu_list_entry(gpointer data, gpointer 
user_data)
 const char *typename = object_class_get_name(oc);
 char *name;
 
-name = g_strndup(typename, strlen(typename) - strlen("-" TYPE_CRIS_CPU));
+name = g_strndup(typename, strlen(typename) - 
strlen(CRIS_CPU_TYPE_SUFFIX));
 (*s->cpu_fprintf)(s->file, "  %s\n", name);
 g_free(name);
 }
@@ -254,38 +254,6 @@ static void crisv32_cpu_class_init(ObjectClass *oc, void 
*data)
 ccc->vr = 32;
 }
 
-#define TYPE(model) model "-" TYPE_CRIS_CPU
-
-static const TypeInfo cris_cpu_model_type_infos[] = {
-{
-.name = TYPE("crisv8"),
-.parent = TYPE_CRIS_CPU,
-.class_init = crisv8_cpu_class_init,
-}, {
-.name = TYPE("crisv9"),
-.parent = TYPE_CRIS_CPU,
-.class_init = crisv9_cpu_class_init,
-}, {
-.name = TYPE("crisv10"),
-.parent = TYPE_CRIS_CPU,
-.class_init = crisv10_cpu_class_init,
-}, {
-.name = TYPE("crisv11"),
-.parent = TYPE_CRIS_CPU,
-.class_init = crisv11_cpu_class_init,
-}, {
-.name = TYPE("crisv17"),
-.parent = TYPE_CRIS_CPU,
-.class_init = crisv17_cpu_class_init,
-}, {
-.name = TYPE("crisv32"),
-.parent = TYPE_CRIS_CPU,
-.class_init = crisv32_cpu_class_init,
-}
-};
-
-#undef TYPE
-
 static void cris_cpu_class_init(ObjectClass *oc, void *data)
 {
 DeviceClass *dc = DEVICE_CLASS(oc);
@@ -320,24 +288,29 @@ static void cris_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->tcg_initialize = cris_initialize_tcg;
 }
 
-static const TypeInfo cris_cpu_type_info = {
-.name = TYPE_CRIS_CPU,
-.parent = TYPE_CPU,
-.instance_size = sizeof(CRISCPU),
-.instance_init = cris_cpu_initfn,
-.abstract = true,
-.class_size = sizeof(CRISCPUClass),
-.class_init = cris_cpu_class_init,
-};
+#define DEFINE_CRIS_CPU_TYPE(cpu_model, initfn) \
+ {  \
+ .parent = TYPE_CRIS_CPU,   \
+ .class_init = initfn,  \
+ .name = CRIS_CPU_TYPE_NAME(cpu_model), \
+ }
 
-static void cris_cpu_register_types(void)
-{
-int i;
-
-type_register_static(&cris_cpu_type_info);
-for (i = 0; i < ARRAY_SIZE(cris_cpu_model_type_infos); i++) {
-type_register_static(&cris_cpu_model_type_infos[i]);
-}
-}
+static const TypeInfo cris_cpu_model_type_infos[] = {
+{
+.name = TYPE_CRIS_CPU,
+.parent = TYPE_CPU,
+.instance_size = sizeof(CRISCPU),
+.instance_init = cris_cpu_initfn,
+.abstract = true,
+.class_size = sizeof(CRISCPUClass),
+.class_init = cris_cpu_class_init,
+},
+DEFINE_CRIS_CPU_TYPE("crisv8", crisv8_cpu_class_init),
+DEFINE_CRIS_CPU_TYPE("crisv9", crisv9_cpu_class_init),
+DEFINE_CRIS_CPU_TYPE("crisv10", crisv10_cpu_class_init),
+DEFINE_CRIS_CPU_TYPE("crisv11", crisv11_cpu_class_init),
+DEFINE_CRIS_CPU_TYPE("crisv17", crisv17_cpu_class_init),
+DEFINE_CRIS_CPU_TYPE("crisv32", crisv32_cpu_class_init),
+};
 
-type_init(cris_cpu_register_types)
+DEFINE_TYPES(cris_cpu_model_type_infos)
-- 
2.13.6

[Qemu-devel] [PULL v2 15/39] openrisc: use generic cpu_model parsing

[Eduardo Habkost]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1507211474-188400-19-git-send-email-imamm...@redhat.com>
Acked-by: Stafford Horne 
Signed-off-by: Eduardo Habkost 
---
 hw/openrisc/openrisc_sim.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/openrisc/openrisc_sim.c b/hw/openrisc/openrisc_sim.c
index 58638c6ecd..e9558f1ca4 100644
--- a/hw/openrisc/openrisc_sim.c
+++ b/hw/openrisc/openrisc_sim.c
@@ -125,7 +125,6 @@ static void openrisc_load_kernel(ram_addr_t ram_size,
 static void openrisc_sim_init(MachineState *machine)
 {
 ram_addr_t ram_size = machine->ram_size;
-const char *cpu_model = machine->cpu_model;
 const char *kernel_filename = machine->kernel_filename;
 OpenRISCCPU *cpu = NULL;
 MemoryRegion *ram;
@@ -133,12 +132,8 @@ static void openrisc_sim_init(MachineState *machine)
 qemu_irq serial_irq;
 int n;
 
-if (!cpu_model) {
-cpu_model = "or1200";
-}
-
 for (n = 0; n < smp_cpus; n++) {
-cpu = OPENRISC_CPU(cpu_generic_init(TYPE_OPENRISC_CPU, cpu_model));
+cpu = OPENRISC_CPU(cpu_create(machine->cpu_type));
 if (cpu == NULL) {
 fprintf(stderr, "Unable to find CPU definition!\n");
 exit(1);
@@ -180,6 +175,7 @@ static void openrisc_sim_machine_init(MachineClass *mc)
 mc->init = openrisc_sim_init;
 mc->max_cpus = 2;
 mc->is_default = 1;
+mc->default_cpu_type = OPENRISC_CPU_TYPE_NAME("or1200");
 }
 
 DEFINE_MACHINE("or1k-sim", openrisc_sim_machine_init)
-- 
2.13.6

[Qemu-devel] [PULL v2 01/39] alpha: cleanup cpu type name composition

[Eduardo Habkost]

From: Igor Mammedov 

Introduce ALPHA_CPU_TYPE_NAME macro to replace rather ununique
TYPE macro that alpha uses. With new macro it will follow
the same naming convention as other targets.

While at it put scattered TypeInfo into one array which places
type desriptions at one place and reduces code a bit.

Signed-off-by: Igor Mammedov 
Acked-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1507211474-188400-5-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 target/alpha/cpu.h |   3 ++
 target/alpha/cpu.c | 107 +
 2 files changed, 37 insertions(+), 73 deletions(-)

diff --git a/target/alpha/cpu.h b/target/alpha/cpu.h
index 6ae240969b..0a9ad35f06 100644
--- a/target/alpha/cpu.h
+++ b/target/alpha/cpu.h
@@ -470,6 +470,9 @@ void alpha_translate_init(void);
 
 #define cpu_init(cpu_model) cpu_generic_init(TYPE_ALPHA_CPU, cpu_model)
 
+#define ALPHA_CPU_TYPE_SUFFIX "-" TYPE_ALPHA_CPU
+#define ALPHA_CPU_TYPE_NAME(model) model ALPHA_CPU_TYPE_SUFFIX
+
 void alpha_cpu_list(FILE *f, fprintf_function cpu_fprintf);
 /* you can call this signal handler from your SIGBUS and SIGSEGV
signal handlers to inform the virtual CPU of exceptions. non zero
diff --git a/target/alpha/cpu.c b/target/alpha/cpu.c
index bc9520535b..7d6366bae9 100644
--- a/target/alpha/cpu.c
+++ b/target/alpha/cpu.c
@@ -108,21 +108,18 @@ void alpha_cpu_list(FILE *f, fprintf_function cpu_fprintf)
 }
 
 /* Models */
-
-#define TYPE(model) model "-" TYPE_ALPHA_CPU
-
 typedef struct AlphaCPUAlias {
 const char *alias;
 const char *typename;
 } AlphaCPUAlias;
 
 static const AlphaCPUAlias alpha_cpu_aliases[] = {
-{ "21064",   TYPE("ev4") },
-{ "21164",   TYPE("ev5") },
-{ "21164a",  TYPE("ev56") },
-{ "21164pc", TYPE("pca56") },
-{ "21264",   TYPE("ev6") },
-{ "21264a",  TYPE("ev67") },
+{ "21064",   ALPHA_CPU_TYPE_NAME("ev4") },
+{ "21164",   ALPHA_CPU_TYPE_NAME("ev5") },
+{ "21164a",  ALPHA_CPU_TYPE_NAME("ev56") },
+{ "21164pc", ALPHA_CPU_TYPE_NAME("pca56") },
+{ "21264",   ALPHA_CPU_TYPE_NAME("ev6") },
+{ "21264a",  ALPHA_CPU_TYPE_NAME("ev67") },
 };
 
 static ObjectClass *alpha_cpu_class_by_name(const char *cpu_model)
@@ -145,7 +142,7 @@ static ObjectClass *alpha_cpu_class_by_name(const char 
*cpu_model)
 }
 }
 
-typename = g_strdup_printf("%s-" TYPE_ALPHA_CPU, cpu_model);
+typename = g_strdup_printf(ALPHA_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
 g_free(typename);
 if (oc != NULL && object_class_is_abstract(oc)) {
@@ -155,7 +152,7 @@ static ObjectClass *alpha_cpu_class_by_name(const char 
*cpu_model)
 /* TODO: remove match everything nonsense */
 /* Default to ev67; no reason not to emulate insns by default. */
 if (!oc) {
-oc = object_class_by_name(TYPE("ev67"));
+oc = object_class_by_name(ALPHA_CPU_TYPE_NAME("ev67"));
 }
 
 return oc;
@@ -169,12 +166,6 @@ static void ev4_cpu_initfn(Object *obj)
 env->implver = IMPLVER_2106x;
 }
 
-static const TypeInfo ev4_cpu_type_info = {
-.name = TYPE("ev4"),
-.parent = TYPE_ALPHA_CPU,
-.instance_init = ev4_cpu_initfn,
-};
-
 static void ev5_cpu_initfn(Object *obj)
 {
 AlphaCPU *cpu = ALPHA_CPU(obj);
@@ -183,12 +174,6 @@ static void ev5_cpu_initfn(Object *obj)
 env->implver = IMPLVER_21164;
 }
 
-static const TypeInfo ev5_cpu_type_info = {
-.name = TYPE("ev5"),
-.parent = TYPE_ALPHA_CPU,
-.instance_init = ev5_cpu_initfn,
-};
-
 static void ev56_cpu_initfn(Object *obj)
 {
 AlphaCPU *cpu = ALPHA_CPU(obj);
@@ -197,12 +182,6 @@ static void ev56_cpu_initfn(Object *obj)
 env->amask |= AMASK_BWX;
 }
 
-static const TypeInfo ev56_cpu_type_info = {
-.name = TYPE("ev56"),
-.parent = TYPE("ev5"),
-.instance_init = ev56_cpu_initfn,
-};
-
 static void pca56_cpu_initfn(Object *obj)
 {
 AlphaCPU *cpu = ALPHA_CPU(obj);
@@ -211,12 +190,6 @@ static void pca56_cpu_initfn(Object *obj)
 env->amask |= AMASK_MVI;
 }
 
-static const TypeInfo pca56_cpu_type_info = {
-.name = TYPE("pca56"),
-.parent = TYPE("ev56"),
-.instance_init = pca56_cpu_initfn,
-};
-
 static void ev6_cpu_initfn(Object *obj)
 {
 AlphaCPU *cpu = ALPHA_CPU(obj);
@@ -226,12 +199,6 @@ static void ev6_cpu_initfn(Object *obj)
 env->amask = AMASK_BWX | AMASK_FIX | AMASK_MVI | AMASK_TRAP;
 }
 
-static const TypeInfo ev6_cpu_type_info = {
-.name = TYPE("ev6"),
-.parent = TYPE_ALPHA_CPU,
-.instance_init = ev6_cpu_initfn,
-};
-
 static void ev67_cpu_initfn(Object *obj)
 {
 AlphaCPU *cpu = ALPHA_CPU(obj);
@@ -240,17 +207,6 @@ static void ev67_cpu_initfn(Object *obj)
 env->amask |= AMASK_CIX | AMASK_PREFETCH;
 }
 
-static const TypeInfo ev67_cpu_type_info = {
-.name = TYPE("ev67"),
-.parent = TYPE("ev6"),
-.instance_init = ev67_cpu_initfn,
-};
-
-static const TypeInfo ev68_cpu_type_info = {
-.name = TYPE("ev68"),

[Qemu-devel] [PULL v2 06/39] lm32: milkymist: use generic cpu_model parsing

[Eduardo Habkost]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: Michael Walle 
Message-Id: <1507211474-188400-10-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/lm32/milkymist.c | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/lm32/milkymist.c b/hw/lm32/milkymist.c
index 4db4d2d533..d4e765f2eb 100644
--- a/hw/lm32/milkymist.c
+++ b/hw/lm32/milkymist.c
@@ -80,7 +80,6 @@ static void main_cpu_reset(void *opaque)
 static void
 milkymist_init(MachineState *machine)
 {
-const char *cpu_model = machine->cpu_model;
 const char *kernel_filename = machine->kernel_filename;
 const char *kernel_cmdline = machine->kernel_cmdline;
 const char *initrd_filename = machine->initrd_filename;
@@ -108,10 +107,7 @@ milkymist_init(MachineState *machine)
 
 reset_info = g_malloc0(sizeof(ResetInfo));
 
-if (cpu_model == NULL) {
-cpu_model = "lm32-full";
-}
-cpu = LM32_CPU(cpu_generic_init(TYPE_LM32_CPU, cpu_model));
+cpu = LM32_CPU(cpu_create(machine->cpu_type));
 
 env = &cpu->env;
 reset_info->cpu = cpu;
@@ -216,6 +212,7 @@ static void milkymist_machine_init(MachineClass *mc)
 mc->desc = "Milkymist One";
 mc->init = milkymist_init;
 mc->is_default = 0;
+mc->default_cpu_type = LM32_CPU_TYPE_NAME("lm32-full");
 }
 
 DEFINE_MACHINE("milkymist", milkymist_machine_init)
-- 
2.13.6

[Qemu-devel] [PULL v2 07/39] lm32: lm32_boards: use generic cpu_model parsing

[Eduardo Habkost]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: Michael Walle 
Message-Id: <1507211474-188400-11-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/lm32/lm32_boards.c | 14 --
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/hw/lm32/lm32_boards.c b/hw/lm32/lm32_boards.c
index b0bb3ef58a..002d638edd 100644
--- a/hw/lm32/lm32_boards.c
+++ b/hw/lm32/lm32_boards.c
@@ -75,7 +75,6 @@ static void main_cpu_reset(void *opaque)
 
 static void lm32_evr_init(MachineState *machine)
 {
-const char *cpu_model = machine->cpu_model;
 const char *kernel_filename = machine->kernel_filename;
 LM32CPU *cpu;
 CPULM32State *env;
@@ -101,10 +100,7 @@ static void lm32_evr_init(MachineState *machine)
 
 reset_info = g_malloc0(sizeof(ResetInfo));
 
-if (cpu_model == NULL) {
-cpu_model = "lm32-full";
-}
-cpu = LM32_CPU(cpu_generic_init(TYPE_LM32_CPU, cpu_model));
+cpu = LM32_CPU(cpu_create(machine->cpu_type));
 
 env = &cpu->env;
 reset_info->cpu = cpu;
@@ -163,7 +159,6 @@ static void lm32_evr_init(MachineState *machine)
 
 static void lm32_uclinux_init(MachineState *machine)
 {
-const char *cpu_model = machine->cpu_model;
 const char *kernel_filename = machine->kernel_filename;
 const char *kernel_cmdline = machine->kernel_cmdline;
 const char *initrd_filename = machine->initrd_filename;
@@ -198,10 +193,7 @@ static void lm32_uclinux_init(MachineState *machine)
 
 reset_info = g_malloc0(sizeof(ResetInfo));
 
-if (cpu_model == NULL) {
-cpu_model = "lm32-full";
-}
-cpu = LM32_CPU(cpu_generic_init(TYPE_LM32_CPU, cpu_model));
+cpu = LM32_CPU(cpu_create(machine->cpu_type));
 
 env = &cpu->env;
 reset_info->cpu = cpu;
@@ -295,6 +287,7 @@ static void lm32_evr_class_init(ObjectClass *oc, void *data)
 mc->desc = "LatticeMico32 EVR32 eval system";
 mc->init = lm32_evr_init;
 mc->is_default = 1;
+mc->default_cpu_type = LM32_CPU_TYPE_NAME("lm32-full");
 }
 
 static const TypeInfo lm32_evr_type = {
@@ -310,6 +303,7 @@ static void lm32_uclinux_class_init(ObjectClass *oc, void 
*data)
 mc->desc = "lm32 platform for uClinux and u-boot by Theobroma Systems";
 mc->init = lm32_uclinux_init;
 mc->is_default = 0;
+mc->default_cpu_type = LM32_CPU_TYPE_NAME("lm32-full");
 }
 
 static const TypeInfo lm32_uclinux_type = {
-- 
2.13.6

[Qemu-devel] [PULL v2 22/39] xtensa: sim: use generic cpu_model parsing

[Eduardo Habkost]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1507211474-188400-26-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/xtensa/sim.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/hw/xtensa/sim.c b/hw/xtensa/sim.c
index b3580b11fa..2bb883b664 100644
--- a/hw/xtensa/sim.c
+++ b/hw/xtensa/sim.c
@@ -75,16 +75,11 @@ static void xtensa_sim_init(MachineState *machine)
 XtensaCPU *cpu = NULL;
 CPUXtensaState *env = NULL;
 ram_addr_t ram_size = machine->ram_size;
-const char *cpu_model = machine->cpu_model;
 const char *kernel_filename = machine->kernel_filename;
 int n;
 
-if (!cpu_model) {
-cpu_model = XTENSA_DEFAULT_CPU_MODEL;
-}
-
 for (n = 0; n < smp_cpus; n++) {
-cpu = XTENSA_CPU(cpu_generic_init(TYPE_XTENSA_CPU, cpu_model));
+cpu = XTENSA_CPU(cpu_create(machine->cpu_type));
 env = &cpu->env;
 
 env->sregs[PRID] = n;
@@ -133,6 +128,7 @@ static void xtensa_sim_machine_init(MachineClass *mc)
 mc->init = xtensa_sim_init;
 mc->max_cpus = 4;
 mc->no_serial = 1;
+mc->default_cpu_type = XTENSA_DEFAULT_CPU_TYPE;
 }
 
 DEFINE_MACHINE("sim", xtensa_sim_machine_init)
-- 
2.13.6

[Qemu-devel] [PULL v2 02/39] alpha: use generic cpu_model parsing

[Eduardo Habkost]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Acked-by: Richard Henderson 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1507211474-188400-6-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/alpha/dp264.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/alpha/dp264.c b/hw/alpha/dp264.c
index 1b121306c2..babd6ea514 100644
--- a/hw/alpha/dp264.c
+++ b/hw/alpha/dp264.c
@@ -51,7 +51,6 @@ static int clipper_pci_map_irq(PCIDevice *d, int irq_num)
 static void clipper_init(MachineState *machine)
 {
 ram_addr_t ram_size = machine->ram_size;
-const char *cpu_model = machine->cpu_model ? machine->cpu_model : "ev67";
 const char *kernel_filename = machine->kernel_filename;
 const char *kernel_cmdline = machine->kernel_cmdline;
 const char *initrd_filename = machine->initrd_filename;
@@ -67,7 +66,7 @@ static void clipper_init(MachineState *machine)
 /* Create up to 4 cpus.  */
 memset(cpus, 0, sizeof(cpus));
 for (i = 0; i < smp_cpus; ++i) {
-cpus[i] = ALPHA_CPU(cpu_generic_init(TYPE_ALPHA_CPU, cpu_model));
+cpus[i] = ALPHA_CPU(cpu_create(machine->cpu_type));
 }
 
 cpus[0]->env.trap_arg0 = ram_size;
@@ -179,6 +178,7 @@ static void clipper_machine_init(MachineClass *mc)
 mc->block_default_type = IF_IDE;
 mc->max_cpus = 4;
 mc->is_default = 1;
+mc->default_cpu_type = ALPHA_CPU_TYPE_NAME("ev67");
 }
 
 DEFINE_MACHINE("clipper", clipper_machine_init)
-- 
2.13.6

[Qemu-devel] [PULL v2 08/39] m68k: cleanup cpu type name composition

[Eduardo Habkost]

From: Igor Mammedov 

use new M68K_CPU_TYPE_NAME to compose CPU type names
and get rid of intermediate M68kCPUInfo/register_cpu_type()
which is replaced by static TypeInfo array.

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Acked-by: Laurent Vivier 
Message-Id: <1507211474-188400-12-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 target/m68k/cpu.h |  3 +++
 target/m68k/cpu.c | 75 ---
 2 files changed, 30 insertions(+), 48 deletions(-)

diff --git a/target/m68k/cpu.h b/target/m68k/cpu.h
index d9365476e5..afae5f68ac 100644
--- a/target/m68k/cpu.h
+++ b/target/m68k/cpu.h
@@ -323,6 +323,9 @@ void register_m68k_insns (CPUM68KState *env);
 
 #define cpu_init(cpu_model) cpu_generic_init(TYPE_M68K_CPU, cpu_model)
 
+#define M68K_CPU_TYPE_SUFFIX "-" TYPE_M68K_CPU
+#define M68K_CPU_TYPE_NAME(model) model M68K_CPU_TYPE_SUFFIX
+
 #define cpu_signal_handler cpu_m68k_signal_handler
 #define cpu_list m68k_cpu_list
 
diff --git a/target/m68k/cpu.c b/target/m68k/cpu.c
index 5da19e570b..0a3dd83548 100644
--- a/target/m68k/cpu.c
+++ b/target/m68k/cpu.c
@@ -87,7 +87,7 @@ static ObjectClass *m68k_cpu_class_by_name(const char 
*cpu_model)
 ObjectClass *oc;
 char *typename;
 
-typename = g_strdup_printf("%s-" TYPE_M68K_CPU, cpu_model);
+typename = g_strdup_printf(M68K_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
 g_free(typename);
 if (oc != NULL && (object_class_dynamic_cast(oc, TYPE_M68K_CPU) == NULL ||
@@ -202,23 +202,6 @@ static void any_cpu_initfn(Object *obj)
 m68k_set_feature(env, M68K_FEATURE_WORD_INDEX);
 }
 
-typedef struct M68kCPUInfo {
-const char *name;
-void (*instance_init)(Object *obj);
-} M68kCPUInfo;
-
-static const M68kCPUInfo m68k_cpus[] = {
-{ .name = "m68000", .instance_init = m68000_cpu_initfn },
-{ .name = "m68020", .instance_init = m68020_cpu_initfn },
-{ .name = "m68030", .instance_init = m68030_cpu_initfn },
-{ .name = "m68040", .instance_init = m68040_cpu_initfn },
-{ .name = "m68060", .instance_init = m68060_cpu_initfn },
-{ .name = "m5206", .instance_init = m5206_cpu_initfn },
-{ .name = "m5208", .instance_init = m5208_cpu_initfn },
-{ .name = "cfv4e", .instance_init = cfv4e_cpu_initfn },
-{ .name = "any",   .instance_init = any_cpu_initfn },
-};
-
 static void m68k_cpu_realizefn(DeviceState *dev, Error **errp)
 {
 CPUState *cs = CPU(dev);
@@ -290,36 +273,32 @@ static void m68k_cpu_class_init(ObjectClass *c, void 
*data)
 dc->vmsd = &vmstate_m68k_cpu;
 }
 
-static void register_cpu_type(const M68kCPUInfo *info)
-{
-TypeInfo type_info = {
-.parent = TYPE_M68K_CPU,
-.instance_init = info->instance_init,
-};
-
-type_info.name = g_strdup_printf("%s-" TYPE_M68K_CPU, info->name);
-type_register(&type_info);
-g_free((void *)type_info.name);
-}
+#define DEFINE_M68K_CPU_TYPE(cpu_model, initfn) \
+{   \
+.name = M68K_CPU_TYPE_NAME(cpu_model),  \
+.instance_init = initfn,\
+.parent = TYPE_M68K_CPU,\
+}
 
-static const TypeInfo m68k_cpu_type_info = {
-.name = TYPE_M68K_CPU,
-.parent = TYPE_CPU,
-.instance_size = sizeof(M68kCPU),
-.instance_init = m68k_cpu_initfn,
-.abstract = true,
-.class_size = sizeof(M68kCPUClass),
-.class_init = m68k_cpu_class_init,
+static const TypeInfo m68k_cpus_type_infos[] = {
+{ /* base class should be registered first */
+.name = TYPE_M68K_CPU,
+.parent = TYPE_CPU,
+.instance_size = sizeof(M68kCPU),
+.instance_init = m68k_cpu_initfn,
+.abstract = true,
+.class_size = sizeof(M68kCPUClass),
+.class_init = m68k_cpu_class_init,
+},
+DEFINE_M68K_CPU_TYPE("m68000", m68000_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("m68020", m68020_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("m68030", m68030_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("m68040", m68040_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("m68060", m68060_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("m5206", m5206_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("m5208", m5208_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("cfv4e", cfv4e_cpu_initfn),
+DEFINE_M68K_CPU_TYPE("any", any_cpu_initfn),
 };
 
-static void m68k_cpu_register_types(void)
-{
-int i;
-
-type_register_static(&m68k_cpu_type_info);
-for (i = 0; i < ARRAY_SIZE(m68k_cpus); i++) {
-register_cpu_type(&m68k_cpus[i]);
-}
-}
-
-type_init(m68k_cpu_register_types)
+DEFINE_TYPES(m68k_cpus_type_infos)
-- 
2.13.6

[Qemu-devel] [PULL v2 14/39] openrisc: cleanup cpu type name composition

[Eduardo Habkost]

From: Igor Mammedov 

use new OPENRISC_CPU_TYPE_NAME to compose CPU type name and get
rid of intermediate OpenRISCCPUInfo/openrisc_cpu_register_types()
which is replaced by static TypeInfo array.

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1507211474-188400-18-git-send-email-imamm...@redhat.com>
Acked-by: Stafford Horne 
Signed-off-by: Eduardo Habkost 
---
 target/openrisc/cpu.h |  3 +++
 target/openrisc/cpu.c | 69 +--
 2 files changed, 26 insertions(+), 46 deletions(-)

diff --git a/target/openrisc/cpu.h b/target/openrisc/cpu.h
index 892dc4210f..cc22dc8871 100644
--- a/target/openrisc/cpu.h
+++ b/target/openrisc/cpu.h
@@ -392,6 +392,9 @@ int cpu_openrisc_get_phys_data(OpenRISCCPU *cpu,
 
 #define cpu_init(cpu_model) cpu_generic_init(TYPE_OPENRISC_CPU, cpu_model)
 
+#define OPENRISC_CPU_TYPE_SUFFIX "-" TYPE_OPENRISC_CPU
+#define OPENRISC_CPU_TYPE_NAME(model) model OPENRISC_CPU_TYPE_SUFFIX
+
 #include "exec/cpu-all.h"
 
 #define TB_FLAGS_DFLAG 1
diff --git a/target/openrisc/cpu.c b/target/openrisc/cpu.c
index a8db869e50..e0394b8b06 100644
--- a/target/openrisc/cpu.c
+++ b/target/openrisc/cpu.c
@@ -101,7 +101,7 @@ static ObjectClass *openrisc_cpu_class_by_name(const char 
*cpu_model)
 ObjectClass *oc;
 char *typename;
 
-typename = g_strdup_printf("%s-" TYPE_OPENRISC_CPU, cpu_model);
+typename = g_strdup_printf(OPENRISC_CPU_TYPE_NAME("%s"), cpu_model);
 oc = object_class_by_name(typename);
 g_free(typename);
 if (oc != NULL && (!object_class_dynamic_cast(oc, TYPE_OPENRISC_CPU) ||
@@ -126,16 +126,6 @@ static void openrisc_any_initfn(Object *obj)
 cpu->env.cpucfgr = CPUCFGR_NSGF | CPUCFGR_OB32S | CPUCFGR_EVBARP;
 }
 
-typedef struct OpenRISCCPUInfo {
-const char *name;
-void (*initfn)(Object *obj);
-} OpenRISCCPUInfo;
-
-static const OpenRISCCPUInfo openrisc_cpus[] = {
-{ .name = "or1200",  .initfn = or1200_initfn },
-{ .name = "any", .initfn = openrisc_any_initfn },
-};
-
 static void openrisc_cpu_class_init(ObjectClass *oc, void *data)
 {
 OpenRISCCPUClass *occ = OPENRISC_CPU_CLASS(oc);
@@ -166,40 +156,6 @@ static void openrisc_cpu_class_init(ObjectClass *oc, void 
*data)
 cc->tcg_initialize = openrisc_translate_init;
 }
 
-static void cpu_register(const OpenRISCCPUInfo *info)
-{
-TypeInfo type_info = {
-.parent = TYPE_OPENRISC_CPU,
-.instance_size = sizeof(OpenRISCCPU),
-.instance_init = info->initfn,
-.class_size = sizeof(OpenRISCCPUClass),
-};
-
-type_info.name = g_strdup_printf("%s-" TYPE_OPENRISC_CPU, info->name);
-type_register(&type_info);
-g_free((void *)type_info.name);
-}
-
-static const TypeInfo openrisc_cpu_type_info = {
-.name = TYPE_OPENRISC_CPU,
-.parent = TYPE_CPU,
-.instance_size = sizeof(OpenRISCCPU),
-.instance_init = openrisc_cpu_initfn,
-.abstract = true,
-.class_size = sizeof(OpenRISCCPUClass),
-.class_init = openrisc_cpu_class_init,
-};
-
-static void openrisc_cpu_register_types(void)
-{
-int i;
-
-type_register_static(&openrisc_cpu_type_info);
-for (i = 0; i < ARRAY_SIZE(openrisc_cpus); i++) {
-cpu_register(&openrisc_cpus[i]);
-}
-}
-
 /* Sort alphabetically by type name, except for "any". */
 static gint openrisc_cpu_list_compare(gconstpointer a, gconstpointer b)
 {
@@ -248,4 +204,25 @@ void cpu_openrisc_list(FILE *f, fprintf_function 
cpu_fprintf)
 g_slist_free(list);
 }
 
-type_init(openrisc_cpu_register_types)
+#define DEFINE_OPENRISC_CPU_TYPE(cpu_model, initfn) \
+{   \
+.parent = TYPE_OPENRISC_CPU,\
+.instance_init = initfn,\
+.name = OPENRISC_CPU_TYPE_NAME(cpu_model),  \
+}
+
+static const TypeInfo openrisc_cpus_type_infos[] = {
+{ /* base class should be registered first */
+.name = TYPE_OPENRISC_CPU,
+.parent = TYPE_CPU,
+.instance_size = sizeof(OpenRISCCPU),
+.instance_init = openrisc_cpu_initfn,
+.abstract = true,
+.class_size = sizeof(OpenRISCCPUClass),
+.class_init = openrisc_cpu_class_init,
+},
+DEFINE_OPENRISC_CPU_TYPE("or1200", or1200_initfn),
+DEFINE_OPENRISC_CPU_TYPE("any", openrisc_any_initfn),
+};
+
+DEFINE_TYPES(openrisc_cpus_type_infos)
-- 
2.13.6

[Qemu-devel] [PULL v2 04/39] cris: use generic cpu_model parsing

[Eduardo Habkost]

From: Igor Mammedov 

Signed-off-by: Igor Mammedov 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <1507211474-188400-8-git-send-email-imamm...@redhat.com>
Signed-off-by: Eduardo Habkost 
---
 hw/cris/axis_dev88.c | 7 ++-
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/hw/cris/axis_dev88.c b/hw/cris/axis_dev88.c
index 5eb552bce2..9ccc4350a5 100644
--- a/hw/cris/axis_dev88.c
+++ b/hw/cris/axis_dev88.c
@@ -251,7 +251,6 @@ static
 void axisdev88_init(MachineState *machine)
 {
 ram_addr_t ram_size = machine->ram_size;
-const char *cpu_model = machine->cpu_model;
 const char *kernel_filename = machine->kernel_filename;
 const char *kernel_cmdline = machine->kernel_cmdline;
 CRISCPU *cpu;
@@ -268,10 +267,7 @@ void axisdev88_init(MachineState *machine)
 MemoryRegion *phys_intmem = g_new(MemoryRegion, 1);
 
 /* init CPUs */
-if (cpu_model == NULL) {
-cpu_model = "crisv32";
-}
-cpu = CRIS_CPU(cpu_generic_init(TYPE_CRIS_CPU, cpu_model));
+cpu = CRIS_CPU(cpu_create(machine->cpu_type));
 env = &cpu->env;
 
 /* allocate RAM */
@@ -359,6 +355,7 @@ static void axisdev88_machine_init(MachineClass *mc)
 mc->desc = "AXIS devboard 88";
 mc->init = axisdev88_init;
 mc->is_default = 1;
+mc->default_cpu_type = CRIS_CPU_TYPE_NAME("crisv32");
 }
 
 DEFINE_MACHINE("axis-dev88", axisdev88_machine_init)
-- 
2.13.6