Re: [Qemu-devel] [PATCH 5/7] tests: virtio-9p: add WRITE operation test

[Greg Kurz]

On Mon, 29 Jan 2018 21:14:31 +
Stefan Hajnoczi  wrote:

> On Wed, Jan 24, 2018 at 12:39:23AM +0100, Greg Kurz wrote:
> > +/* size[4] Twrite tag[2] fid[4] offset[8] count[4] data[count] */
> > +static P9Req *v9fs_twrite(QVirtIO9P *v9p, uint32_t fid, uint64_t offset,
> > +  uint32_t count, const void *data, uint16_t tag)
> > +{
> > +P9Req *req;
> > +
> > +req = v9fs_req_init(v9p,  4 + 8 + 4 + count, P9_TWRITE, tag);  
> 
> (uint32_t)(4 + 8 + 4 + (uint32_t)count) can overflow.  I didn't look
> closely at the code and it's just a test case, but it seems safer to use
> types that avoid overflows or to handle them explicitly.
> 
> It may not be an issue in a test case, but if someone copy pastes this
> code it could become a security issue.

You're right. I'll add something like:

uint32_t body_size = 4 + 8 + 4;

g_assert_cmpint(body_size, <=, UINT32_MAX - count);

and I now realize that several other places in this file need
a similar change.


pgpLZKL0akhzX.pgp
Description: OpenPGP digital signature

[Qemu-devel] [PATCH] tests/virtio-9p: explicitely handle potential integer overflows

[Greg Kurz]

Signed-off-by: Greg Kurz 
---
 tests/virtio-9p-test.c |   31 +--
 1 file changed, 21 insertions(+), 10 deletions(-)

This is based on SHA1 2eab02aa260ac5405e1e51c9cc1b4c3aa23fc45a from my
9p-next branch:

https://github.com/gkurz/qemu/commits/9p-next

diff --git a/tests/virtio-9p-test.c b/tests/virtio-9p-test.c
index 41fa492cb778..f4824fa33b87 100644
--- a/tests/virtio-9p-test.c
+++ b/tests/virtio-9p-test.c
@@ -168,7 +168,7 @@ static uint16_t v9fs_string_size(const char *string)
 {
 size_t len = strlen(string);
 
-g_assert_cmpint(len, <=, UINT16_MAX);
+g_assert_cmpint(len, <=, UINT16_MAX - 2);
 
 return 2 + len;
 }
@@ -209,17 +209,20 @@ static P9Req *v9fs_req_init(QVirtIO9P *v9p, uint32_t 
size, uint8_t id,
 uint16_t tag)
 {
 P9Req *req = g_new0(P9Req, 1);
-uint32_t t_size = 7 + size; /* 9P header has well-known size of 7 bytes */
+uint32_t total_size = 7; /* 9P header has well-known size of 7 bytes */
 P9Hdr hdr = {
-.size = cpu_to_le32(t_size),
 .id = id,
 .tag = cpu_to_le16(tag)
 };
 
-g_assert_cmpint(t_size, <=, P9_MAX_SIZE);
+g_assert_cmpint(total_size, <=, UINT32_MAX - size);
+total_size += size;
+hdr.size = cpu_to_le32(total_size);
+
+g_assert_cmpint(total_size, <=, P9_MAX_SIZE);
 
 req->v9p = v9p;
-req->t_size = t_size;
+req->t_size = total_size;
 req->t_msg = guest_alloc(v9p->qs->alloc, req->t_size);
 v9fs_memwrite(req, &hdr, 7);
 req->tag = tag;
@@ -305,8 +308,13 @@ static void v9fs_rlerror(P9Req *req, uint32_t *err)
 static P9Req *v9fs_tversion(QVirtIO9P *v9p, uint32_t msize, const char 
*version,
 uint16_t tag)
 {
-P9Req *req = v9fs_req_init(v9p, 4 + v9fs_string_size(version), P9_TVERSION,
-   tag);
+P9Req *req;
+uint32_t body_size = 4;
+uint16_t string_size = v9fs_string_size(version);
+
+g_assert_cmpint(body_size, <=, UINT32_MAX - string_size);
+body_size += string_size;
+req = v9fs_req_init(v9p, body_size, P9_TVERSION, tag);
 
 v9fs_uint32_write(req, msize);
 v9fs_string_write(req, version);
@@ -366,12 +374,15 @@ static P9Req *v9fs_twalk(QVirtIO9P *v9p, uint32_t fid, 
uint32_t newfid,
 {
 P9Req *req;
 int i;
-uint32_t size = 4 + 4 + 2;
+uint32_t body_size = 4 + 4 + 2;
 
 for (i = 0; i < nwname; i++) {
-size += v9fs_string_size(wnames[i]);
+uint16_t wname_size = v9fs_string_size(wnames[i]);
+
+g_assert_cmpint(body_size, <=, UINT32_MAX - wname_size);
+body_size += wname_size;
 }
-req = v9fs_req_init(v9p,  size, P9_TWALK, tag);
+req = v9fs_req_init(v9p,  body_size, P9_TWALK, tag);
 v9fs_uint32_write(req, fid);
 v9fs_uint32_write(req, newfid);
 v9fs_uint16_write(req, nwname);

Re: [Qemu-devel] [PATCH v3 0/2] virtio: improve virtio devices initialization time

[Gal Hammer]

Hi Greg,

On Mon, Jan 29, 2018 at 7:47 PM, Greg Kurz  wrote:
> On Mon, 29 Jan 2018 16:20:55 +0200
> Gal Hammer  wrote:
>
>> Using a cleanup callback function (Version 2 of this patches) in order to
>> support transactions fails when the same event notifier fd was used by more
>> than one Memory Region.
>>
>> This time I ask the caller to do the event notifier cleanup by himself.
>>
>
> Much better ! QEMU no longer aborts. Also I could observe a speed-up when
> booting a fedora27 guest with 5 virtio-serial devices (max_ports=511), from
> 1m40s down to 1m10s. Impressive. :)

Thanks for the quick review, testing, and the kudos ;-).

After spending some time trying to understand why the previous patch
fails I was able to figure it out. I was using
"disable-legacy=on,disable-modern=off", so I missed the fact that a
"transition" device registers two different memory regions with the
same event fd.

> For all the patches in this series:
>
> Reviewed-by: Greg Kurz 
>
> and
>
> Tested-by: Greg Kurz 
>
>> Gal Hammer (2):
>>   virtio: remove event notifier cleanup call on de-assign
>>   virtio: improve virtio devices initialization time
>>
>>  hw/block/dataplane/virtio-blk.c |  2 ++
>>  hw/scsi/virtio-scsi-dataplane.c |  2 ++
>>  hw/virtio/vhost.c   |  2 ++
>>  hw/virtio/virtio-bus.c  | 14 ++
>>  hw/virtio/virtio.c  | 22 +-
>>  include/hw/virtio/virtio-bus.h  |  2 ++
>>  6 files changed, 39 insertions(+), 5 deletions(-)
>>
>

BTW: There is a pending patch for kvm that will trim few more seconds
from the boot time...

Gal.

Re: [Qemu-devel] [PATCH v3] tpm: add CRB device

[Igor Mammedov]

On Mon, 29 Jan 2018 11:50:04 -0500
Stefan Berger  wrote:

> On 01/29/2018 11:24 AM, Igor Mammedov wrote:
> > On Fri, 26 Jan 2018 13:03:06 +0100
> > Marc-André Lureau  wrote:
> >  
> >> tpm_crb is a device for TPM 2.0 Command Response Buffer (CRB)
> >> Interface as defined in TCG PC Client Platform TPM Profile (PTP)
> >> Specification Family “2.0” Level 00 Revision 01.03 v22.
> >>
> >> The PTP allows device implementation to switch between TIS and CRB
> >> model at run time, but given that CRB is a simpler device to
> >> implement, I chose to implement it as a different device.
> >>
> >> The device doesn't implement other locality than 0 for now (my laptop
> >> TPM doesn't either, so I assume this isn't so bad)
> >>
> >> Tested with some success with Linux upstream and Windows 10, seabios &
> >> modified ovmf. The device is recognized and correctly transmit
> >> command/response with passthrough & emu. However, we are missing PPI
> >> ACPI part atm.
> >>
> >> Signed-off-by: Marc-André Lureau 
> >> ---
> >>
> >> The patch is based on stefanb/tpm-next git branch.
> >>  
> > [...]
> >  
> >> diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
> >> index dc4b2b9ffe..ed78c4ed9f 100644
> >> --- a/hw/i386/acpi-build.c
> >> +++ b/hw/i386/acpi-build.c
> >> @@ -2224,6 +2224,22 @@ build_dsdt(GArray *table_data, BIOSLinker *linker,
> >>   aml_append(sb_scope, scope);
> >>   }
> >>   }
> >> +
> >> +if (TPM_IS_CRB(tpm_find())) {
> >> +dev = aml_device("TPM");
> >> +aml_append(dev, aml_name_decl("_HID", aml_string("MSFT0101")));
> >> +crs = aml_resource_template();
> >> +aml_append(crs, aml_memory32_fixed(TPM_CRB_ADDR_BASE,
> >> +   TPM_CRB_ADDR_SIZE, 
> >> AML_READ_WRITE));
> >> +aml_append(dev, aml_name_decl("_CRS", crs));
> >> +  
> > [...]  
> >> +method = aml_method("_STA", 0, AML_NOTSERIALIZED);
> >> +aml_append(method, aml_return(aml_int(0x0f)));
> >> +aml_append(dev, method);  
> > this is not needed as 0x0f is assumed default value if _STA is missing  
> 
> Well, it seems to be in good neighborhood with other devices created 
> that do the same thing: build_kbd_device_aml(), 
> build_mouse_device_aml(), part of \_SB.PCI0.ISA...
I'm in process of getting rid of that, so please don't add
new ones. 

PS:
(in case there won't be respin, a fixup patch that
maintainer could squash in would do)

[...]

[Qemu-devel] [PATCH] block/mirror: change the semantic of 'force' of block-job-cancel

[Liang Li]

When doing drive mirror to a low speed shared storage, if there was heavy
BLK IO write workload in VM after the 'ready' event, drive mirror block job
can't be canceled immediately, it would keep running until the heavy BLK IO
workload stopped in the VM.

Because libvirt depends on block-job-cancel for block live migration, the
current block-job-cancel has the semantic to make sure data is in sync after
the 'ready' event.  This semantic can't meet some requirement, for example,
people may use drive mirror for realtime backup while need the ability of
block live migration. If drive mirror can't not be cancelled immediately,
it means block live migration need to wait, because libvirt make use drive
mirror to implement block live migration and only one drive mirror block
job is allowed at the same time for a give block dev.

We need a new interface for 'force cancel', which could quit block job
immediately if don't care about whether data is in sync or not.

'force' is not used by libvirt currently, to make things simple, change
it's semantic slightly, hope it will not break some use case which need its
original semantic.

Cc: Paolo Bonzini 
Cc: Jeff Cody 
Cc: Kevin Wolf 
Cc: Max Reitz 
Cc: Eric Blake 
Cc: John Snow 
Reported-by: Huaitong Han 
Signed-off-by: Huaitong Han 
Signed-off-by: Liang Li 
---
 block/mirror.c|  9 +++--
 blockdev.c|  4 ++--
 blockjob.c| 11 ++-
 hmp-commands.hx   |  3 ++-
 include/block/blockjob.h  |  9 -
 qapi/block-core.json  |  6 --
 tests/test-blockjob-txn.c |  8 
 7 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/block/mirror.c b/block/mirror.c
index c9badc1..c22dff9 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -869,11 +869,8 @@ static void coroutine_fn mirror_run(void *opaque)
 
 ret = 0;
 trace_mirror_before_sleep(s, cnt, s->synced, delay_ns);
-if (!s->synced) {
-block_job_sleep_ns(&s->common, delay_ns);
-if (block_job_is_cancelled(&s->common)) {
-break;
-}
+if (block_job_is_cancelled(&s->common) && s->common.force) {
+break;
 } else if (!should_complete) {
 delay_ns = (s->in_flight == 0 && cnt == 0 ? SLICE_TIME : 0);
 block_job_sleep_ns(&s->common, delay_ns);
@@ -887,7 +884,7 @@ immediate_exit:
  * or it was cancelled prematurely so that we do not guarantee that
  * the target is a copy of the source.
  */
-assert(ret < 0 || (!s->synced && block_job_is_cancelled(&s->common)));
+assert(ret < 0 || block_job_is_cancelled(&s->common));
 assert(need_drain);
 mirror_wait_for_all_io(s);
 }
diff --git a/blockdev.c b/blockdev.c
index 8e977ee..039f156 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -145,7 +145,7 @@ void blockdev_mark_auto_del(BlockBackend *blk)
 aio_context_acquire(aio_context);
 
 if (bs->job) {
-block_job_cancel(bs->job);
+block_job_cancel(bs->job, false);
 }
 
 aio_context_release(aio_context);
@@ -3802,7 +3802,7 @@ void qmp_block_job_cancel(const char *device,
 }
 
 trace_qmp_block_job_cancel(job);
-block_job_cancel(job);
+block_job_cancel(job, force);
 out:
 aio_context_release(aio_context);
 }
diff --git a/blockjob.c b/blockjob.c
index f5cea84..0aacb50 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -365,7 +365,7 @@ static void block_job_completed_single(BlockJob *job)
 block_job_unref(job);
 }
 
-static void block_job_cancel_async(BlockJob *job)
+static void block_job_cancel_async(BlockJob *job, bool force)
 {
 if (job->iostatus != BLOCK_DEVICE_IO_STATUS_OK) {
 block_job_iostatus_reset(job);
@@ -376,6 +376,7 @@ static void block_job_cancel_async(BlockJob *job)
 job->pause_count--;
 }
 job->cancelled = true;
+job->force = force;
 }
 
 static int block_job_finish_sync(BlockJob *job,
@@ -437,7 +438,7 @@ static void block_job_completed_txn_abort(BlockJob *job)
  * on the caller, so leave it. */
 QLIST_FOREACH(other_job, &txn->jobs, txn_list) {
 if (other_job != job) {
-block_job_cancel_async(other_job);
+block_job_cancel_async(other_job, true);
 }
 }
 while (!QLIST_EMPTY(&txn->jobs)) {
@@ -542,10 +543,10 @@ void block_job_user_resume(BlockJob *job)
 }
 }
 
-void block_job_cancel(BlockJob *job)
+void block_job_cancel(BlockJob *job, bool force)
 {
 if (block_job_started(job)) {
-block_job_cancel_async(job);
+block_job_cancel_async(job, force);
 block_job_enter(job);
 } else {
 block_job_completed(job, -ECANCELED);
@@ -557,7 +558,7 @@ void block_job_cancel(BlockJob *job)
  * function pointer casts there. */
 static void block_job_cancel_err(BlockJob *job, Error **errp)
 {
-block_job_cancel(job);
+block_job_cancel(job, false);
 }
 
 int block_job_cancel_sync(BlockJob *job)
d

Re: [Qemu-devel] SDL2 UI behavior of switching views

[Gerd Hoffmann]

On Mon, Jan 29, 2018 at 07:21:02PM +0100, BALATON Zoltan wrote:
> On Mon, 29 Jan 2018, Gerd Hoffmann wrote:
> > On Sun, Jan 28, 2018 at 06:43:44PM +0300, Anatoly Trosinenko wrote:
> > > When QEMU is run with GTK UI, it changes what is drawn on its single 
> > > window
> > > when I press Ctrl-Alt-{1,2,3,4}. But when I use SDL2 UI, it opens multiple
> > > windows: a separate window per each view (display, monitor, serial,
> > > parallel). Is it by design or is it a bug?
> > 
> > It's intentional.  With gtk you can have separate windows too (try 
> > "View/Detach Tab").
> 
> Is there an option also to get back the old SDL1 behaviour with SDL2? Could
> that be made the default to make the transition easier?

Well, that kind of flexibility is alot harder to do with SDL as it
doesn't offer widgets to manage views ...

In contrast gtk has one widget per virtual console, and I can easily
shuffle around them: Just reparent from notebook to standalone window
("detach tab") and visa-versa (when closing the detached window).

How about using gtk instead?

cheers,
  Gerd

[Qemu-devel] [PATCH] qemu-options.hx: Remove confusing spaces in parameter listings

[Thomas Huth]

The spaces between the parameters in the chardev and tpmdev sections
are rather confusing than helpful, and prevent that the lists can be
copy-n-pasted easily for real usage. We also don't use such spaces
in other sections in the documentation, e.g. with the -netdev option,
so let's be consistent and remove the spaces in the chardev and tpmdev
sections, too.

Signed-off-by: Thomas Huth 
---
 qemu-options.hx | 48 
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/qemu-options.hx b/qemu-options.hx
index 8ce427d..08a73fa 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2522,7 +2522,7 @@ STEXI
 
 The general form of a character device option is:
 @table @option
-@item -chardev @var{backend} ,id=@var{id} [,mux=on|off] [,@var{options}]
+@item -chardev @var{backend},id=@var{id}[,mux=on|off][,@var{options}]
 @findex -chardev
 Backend is one of:
 @option{null},
@@ -2541,7 +2541,7 @@ Backend is one of:
 @option{tty},
 @option{parallel},
 @option{parport},
-@option{spicevmc}.
+@option{spicevmc},
 @option{spiceport}.
 The specific backend will determine the applicable options.
 
@@ -2605,11 +2605,11 @@ opened.
 The available backends are:
 
 @table @option
-@item -chardev null ,id=@var{id}
+@item -chardev null,id=@var{id}
 A void device. This device will not emit any data, and will drop any data it
 receives. The null backend does not take any options.
 
-@item -chardev socket ,id=@var{id} [@var{TCP options} or @var{unix options}] 
[,server] [,nowait] [,telnet] [,reconnect=@var{seconds}] [,tls-creds=@var{id}]
+@item -chardev socket,id=@var{id}[,@var{TCP options} or @var{unix 
options}][,server][,nowait][,telnet][,reconnect=@var{seconds}][,tls-creds=@var{id}]
 
 Create a two-way stream socket, which can be either a TCP or a unix socket. A
 unix socket will be created if @option{path} is specified. Behaviour is
@@ -2636,7 +2636,7 @@ TCP and unix socket options are given below:
 
 @table @option
 
-@item TCP options: port=@var{port} [,host=@var{host}] [,to=@var{to}] [,ipv4] 
[,ipv6] [,nodelay]
+@item TCP options: 
port=@var{port}[,host=@var{host}][,to=@var{to}][,ipv4][,ipv6][,nodelay]
 
 @option{host} for a listening socket specifies the local address to be bound.
 For a connecting socket species the remote host to connect to. @option{host} is
@@ -2664,7 +2664,7 @@ required.
 
 @end table
 
-@item -chardev udp ,id=@var{id} [,host=@var{host}] ,port=@var{port} 
[,localaddr=@var{localaddr}] [,localport=@var{localport}] [,ipv4] [,ipv6]
+@item -chardev 
udp,id=@var{id}[,host=@var{host}],port=@var{port}[,localaddr=@var{localaddr}][,localport=@var{localport}][,ipv4][,ipv6]
 
 Sends all traffic from the guest to a remote host over UDP.
 
@@ -2683,12 +2683,12 @@ available local port will be used.
 @option{ipv4} and @option{ipv6} specify that either IPv4 or IPv6 must be used.
 If neither is specified the device may use either protocol.
 
-@item -chardev msmouse ,id=@var{id}
+@item -chardev msmouse,id=@var{id}
 
 Forward QEMU's emulated msmouse events to the guest. @option{msmouse} does not
 take any options.
 
-@item -chardev vc ,id=@var{id} [[,width=@var{width}] [,height=@var{height}]] 
[[,cols=@var{cols}] [,rows=@var{rows}]]
+@item -chardev 
vc,id=@var{id}[[,width=@var{width}][,height=@var{height}]][[,cols=@var{cols}][,rows=@var{rows}]]
 
 Connect to a QEMU text console. @option{vc} may optionally be given a specific
 size.
@@ -2699,12 +2699,12 @@ the console, in pixels.
 @option{cols} and @option{rows} specify that the console be sized to fit a text
 console with the given dimensions.
 
-@item -chardev ringbuf ,id=@var{id} [,size=@var{size}]
+@item -chardev ringbuf,id=@var{id}[,size=@var{size}]
 
 Create a ring buffer with fixed size @option{size}.
 @var{size} must be a power of two and defaults to @code{64K}.
 
-@item -chardev file ,id=@var{id} ,path=@var{path}
+@item -chardev file,id=@var{id},path=@var{path}
 
 Log all traffic received from the guest to a file.
 
@@ -2712,7 +2712,7 @@ Log all traffic received from the guest to a file.
 created if it does not already exist, and overwritten if it does. @option{path}
 is required.
 
-@item -chardev pipe ,id=@var{id} ,path=@var{path}
+@item -chardev pipe,id=@var{id},path=@var{path}
 
 Create a two-way connection to the guest. The behaviour differs slightly 
between
 Windows hosts and other hosts:
@@ -2729,14 +2729,14 @@ be present.
 @option{path} forms part of the pipe path as described above. @option{path} is
 required.
 
-@item -chardev console ,id=@var{id}
+@item -chardev console,id=@var{id}
 
 Send traffic from the guest to QEMU's standard output. @option{console} does 
not
 take any options.
 
 @option{console} is only available on Windows hosts.
 
-@item -chardev serial ,id=@var{id} ,path=@option{path}
+@item -chardev serial,id=@var{id},path=@option{path}
 
 Send traffic from the guest to a serial device on the host.
 
@@ -2745,33 +2745,33 @@ not only serial lines.
 
 @option{path} specifies the name of th

Re: [Qemu-devel] [PATCH] hw/audio/sb16.c: Convert file to new logging API

[Gerd Hoffmann]

> @@ -148,15 +142,16 @@ static int irq_of_magic (int magic)
>  #if 0
>  static void log_dsp (SB16State *dsp)
>  {
> -ldebug ("%s:%s:%d:%s:dmasize=%d:freq=%d:const=%d:speaker=%d\n",
> -dsp->fmt_stereo ? "Stereo" : "Mono",
> -dsp->fmt_signed ? "Signed" : "Unsigned",
> -dsp->fmt_bits,
> -dsp->dma_auto ? "Auto" : "Single",
> -dsp->block_size,
> -dsp->freq,
> -dsp->time_const,
> -dsp->speaker);
> +qemu_log_mask(LOG_UNIMP, "%s:%s:%d:%s:dmasize=%d:freq=%d:const=%d:"
> +  "speaker=%d\n",
> +  dsp->fmt_stereo ? "Stereo" : "Mono",
> +  dsp->fmt_signed ? "Signed" : "Unsigned",
> +  dsp->fmt_bits,
> +  dsp->dma_auto ? "Auto" : "Single",
> +  dsp->block_size,
> +  dsp->freq,
> +  dsp->time_const,
> +  dsp->speaker);
>  }
>  #endif

Hmm, dead code.  Any places which call log_dsp() ?

>  case 0x42:  /* FT2 sets output freq with this, go figure 
> */
>  #if 0
> -dolog ("cmd 0x42 might not do what it think it should\n");
> +qemu_log_mask(LOG_UNIMP, "cmd 0x42 might not do what it think it"
> +  " should\n");
>  #endif

More dead code.

>  case 0xe2:
>  #ifdef DEBUG
>  d0 = dsp_get_data (s);
> -dolog ("E2 = %#x\n", d0);
> +qemu_log_mask(LOG_UNIMP, "E2 = %#x\n", d0);
>  #endif

Conditional code.  Enable this unconditionally, now that we can switch
the logging at runtime?

>  #ifndef DEBUG_SB16_MOST
>  if (s->mixer_nreg != 0x82) {
> -ldebug ("mixer_read[%#x] -> %#x\n",
> -s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
> +qemu_log_mask(LOG_UNIMP, "mixer_read[%#x] -> %#x\n", s->mixer_nreg,
> +  s->mixer_regs[s->mixer_nreg]);
>  }
>  #else
> -ldebug ("mixer_read[%#x] -> %#x\n",
> -s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
> +qemu_log_mask(LOG_UNIMP, "mixer_read[%#x] -> %#x\n",
> +  s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
>  #endif

Same question here.

>  #ifdef DEBUG_SB16_MOST
> -dolog ("pos:%06d %d till:%d len:%d\n",
> -   dma_pos, free, till, dma_len);
> +qemu_log_mask(LOG_UNIMP, "pos:%06d %d till:%d len:%d\n", dma_pos, free,
> +  till, dma_len);
>  #endif

And here.

>  #ifdef DEBUG_SB16_MOST
> -ldebug ("pos %5d free %5d size %5d till % 5d copy %5d written %5d size 
> %5d\n",
> -dma_pos, free, dma_len, s->left_till_irq, copy, written,
> -s->block_size);
> +qemu_log_mask(LOG_UNIMP, "pos %5d free %5d size %5d till % 5d copy %5d"
> +  " written %5d size %5d\n", dma_pos, free, dma_len,
> +  s->left_till_irq, copy, written, s->block_size);
>  #endif

Again.

cheers,
  Gerd

[Qemu-devel] [PATCH 2/3] s390x/pci: fixup global refresh

[Yi Min Zhao]

The VFIO common code doesn't provide the possibility to modify a
previous mapping entry in another way than unmapping and mapping again
with new properties.

To avoid -EEXIST DMA mapping error, this we introduce a GHashTable to
store S390IOTLBEntry instances in order to cache the mapped entries.
When intercepting rpcit instruction, ignore the identical mapped
entries to avoid doing map operations multiple times and do unmap and
re-map operations for the case of updating the valid entries. To
achieve that goal, we also export the DMA walking function and
optimize the code handling errors in rpcit handler.

Acked-by: Pierre Morel 
Signed-off-by: Yi Min Zhao 
---
 hw/s390x/s390-pci-bus.c  | 28 +-
 hw/s390x/s390-pci-bus.h  |  3 ++
 hw/s390x/s390-pci-inst.c | 95 ++--
 3 files changed, 90 insertions(+), 36 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index e349d73abe..b75af26db7 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -461,8 +461,8 @@ out:
 return nto;
 }
 
-static uint16_t s390_guest_io_table_walk(uint64_t g_iota, hwaddr addr,
- S390IOTLBEntry *entry)
+uint16_t s390_guest_io_table_walk(uint64_t g_iota, hwaddr addr,
+  S390IOTLBEntry *entry)
 {
 uint64_t to = s390_pci_get_table_origin(g_iota);
 int8_t ett = 1;
@@ -487,7 +487,8 @@ static IOMMUTLBEntry s390_translate_iommu(IOMMUMemoryRegion 
*mr, hwaddr addr,
   IOMMUAccessFlags flag)
 {
 S390PCIIOMMU *iommu = container_of(mr, S390PCIIOMMU, iommu_mr);
-S390IOTLBEntry entry;
+S390IOTLBEntry *entry;
+uint64_t iova = addr & PAGE_MASK;
 uint16_t error = 0;
 IOMMUTLBEntry ret = {
 .target_as = &address_space_memory,
@@ -515,12 +516,17 @@ static IOMMUTLBEntry 
s390_translate_iommu(IOMMUMemoryRegion *mr, hwaddr addr,
 goto err;
 }
 
-error = s390_guest_io_table_walk(iommu->g_iota, addr, &entry);
-
-ret.iova = entry.iova;
-ret.translated_addr = entry.translated_addr;
-ret.addr_mask = entry.len - 1;
-ret.perm = entry.perm;
+entry = g_hash_table_lookup(iommu->iotlb, &iova);
+if (entry) {
+ret.iova = entry->iova;
+ret.translated_addr = entry->translated_addr;
+ret.addr_mask = entry->len - 1;
+ret.perm = entry->perm;
+} else {
+ret.iova = iova;
+ret.addr_mask = ~PAGE_MASK;
+ret.perm = IOMMU_NONE;
+}
 
 if ((flag != IOMMU_NONE) && !(flag & ret.perm)) {
 error = ERR_EVENT_TPROTE;
@@ -572,6 +578,8 @@ static S390PCIIOMMU *s390_pci_get_iommu(S390pciState *s, 
PCIBus *bus,
 PCI_FUNC(devfn));
 memory_region_init(&iommu->mr, OBJECT(iommu), mr_name, UINT64_MAX);
 address_space_init(&iommu->as, &iommu->mr, as_name);
+iommu->iotlb = g_hash_table_new_full(g_int64_hash, g_int64_equal,
+ NULL, g_free);
 table->iommu[PCI_SLOT(devfn)] = iommu;
 
 g_free(mr_name);
@@ -661,6 +669,7 @@ void s390_pci_iommu_enable(S390PCIIOMMU *iommu)
 void s390_pci_iommu_disable(S390PCIIOMMU *iommu)
 {
 iommu->enabled = false;
+g_hash_table_remove_all(iommu->iotlb);
 memory_region_del_subregion(&iommu->mr, MEMORY_REGION(&iommu->iommu_mr));
 object_unparent(OBJECT(&iommu->iommu_mr));
 }
@@ -676,6 +685,7 @@ static void s390_pci_iommu_free(S390pciState *s, PCIBus 
*bus, int32_t devfn)
 }
 
 table->iommu[PCI_SLOT(devfn)] = NULL;
+g_hash_table_destroy(iommu->iotlb);
 address_space_destroy(&iommu->as);
 object_unparent(OBJECT(&iommu->mr));
 object_unparent(OBJECT(iommu));
diff --git a/hw/s390x/s390-pci-bus.h b/hw/s390x/s390-pci-bus.h
index ca22ef393b..395bbf0e13 100644
--- a/hw/s390x/s390-pci-bus.h
+++ b/hw/s390x/s390-pci-bus.h
@@ -274,6 +274,7 @@ typedef struct S390PCIIOMMU {
 uint64_t g_iota;
 uint64_t pba;
 uint64_t pal;
+GHashTable *iotlb;
 } S390PCIIOMMU;
 
 typedef struct S390PCIIOMMUTable {
@@ -330,6 +331,8 @@ void s390_pci_iommu_enable(S390PCIIOMMU *iommu);
 void s390_pci_iommu_disable(S390PCIIOMMU *iommu);
 void s390_pci_generate_error_event(uint16_t pec, uint32_t fh, uint32_t fid,
uint64_t faddr, uint32_t e);
+uint16_t s390_guest_io_table_walk(uint64_t g_iota, hwaddr addr,
+  S390IOTLBEntry *entry);
 S390PCIBusDevice *s390_pci_find_dev_by_idx(S390pciState *s, uint32_t idx);
 S390PCIBusDevice *s390_pci_find_dev_by_fh(S390pciState *s, uint32_t fh);
 S390PCIBusDevice *s390_pci_find_dev_by_fid(S390pciState *s, uint32_t fid);
diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index 63fa06fb97..997a9cc2e9 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -571,27 +571,65 @@ int pcistg_service_call(S390CPU *cpu, uint8_t r1, uint8_t 
r2, uintptr_t ra)

[Qemu-devel] [PATCH 3/3] s390x/pci: use the right pal and pba in reg_ioat()

[Yi Min Zhao]

When registering ioat, pba should be comprised of leftmost 52 bits and
rightmost 12 binary zeros, and pal should be comprised of leftmost 52
bits and right most 12 binary ones. Let's fixup this.

Reviewed-by: Pierre Morel 
Signed-off-by: Yi Min Zhao 
---
 hw/s390x/s390-pci-inst.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c
index 997a9cc2e9..3fcc330fe3 100644
--- a/hw/s390x/s390-pci-inst.c
+++ b/hw/s390x/s390-pci-inst.c
@@ -865,6 +865,8 @@ static int reg_ioat(CPUS390XState *env, S390PCIIOMMU 
*iommu, ZpciFib fib,
 uint8_t dt = (g_iota >> 2) & 0x7;
 uint8_t t = (g_iota >> 11) & 0x1;
 
+pba &= ~0xfff;
+pal |= 0xfff;
 if (pba > pal || pba < ZPCI_SDMA_ADDR || pal > ZPCI_EDMA_ADDR) {
 s390_program_interrupt(env, PGM_OPERAND, 6, ra);
 return -EINVAL;
-- 
2.14.3 (Apple Git-98)

[Qemu-devel] [PATCH 1/3] s390x/pci: fixup the code walking IOMMU tables

[Yi Min Zhao]

Current s390x PCI IOMMU code is lack of flags' checking, including:
1) protection bit
2) table length
3) table offset
4) intermediate tables' invalid bit
5) format control bit

This patch introduces a new struct named S390IOTLBEntry, and makes up
these missed checkings. At the same time, inform the guest with the
corresponding error number when the check fails.

Reviewed-by: Pierre Morel 
Signed-off-by: Yi Min Zhao 
---
 hw/s390x/s390-pci-bus.c  | 223 ++-
 hw/s390x/s390-pci-bus.h  |  10 +++
 hw/s390x/s390-pci-inst.c |  10 ---
 3 files changed, 190 insertions(+), 53 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index 2b1e1409bf..e349d73abe 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -309,49 +309,186 @@ static uint64_t get_st_pto(uint64_t entry)
 : 0;
 }
 
-static uint64_t s390_guest_io_table_walk(uint64_t guest_iota,
-  uint64_t guest_dma_address)
+static bool rt_entry_isvalid(uint64_t entry)
 {
-uint64_t sto_a, pto_a, px_a;
-uint64_t sto, pto, pte;
-uint32_t rtx, sx, px;
-
-rtx = calc_rtx(guest_dma_address);
-sx = calc_sx(guest_dma_address);
-px = calc_px(guest_dma_address);
-
-sto_a = guest_iota + rtx * sizeof(uint64_t);
-sto = address_space_ldq(&address_space_memory, sto_a,
-MEMTXATTRS_UNSPECIFIED, NULL);
-sto = get_rt_sto(sto);
-if (!sto) {
-pte = 0;
+return (entry & ZPCI_TABLE_VALID_MASK) == ZPCI_TABLE_VALID;
+}
+
+static bool pt_entry_isvalid(uint64_t entry)
+{
+return (entry & ZPCI_PTE_VALID_MASK) == ZPCI_PTE_VALID;
+}
+
+static bool entry_isprotected(uint64_t entry)
+{
+return (entry & ZPCI_TABLE_PROT_MASK) == ZPCI_TABLE_PROTECTED;
+}
+
+/* ett is expected table type, -1 page table, 0 segment table, 1 region table 
*/
+static uint64_t get_table_index(uint64_t iova, int8_t ett)
+{
+switch (ett) {
+case -1:
+return calc_px(iova);
+case 0:
+return calc_sx(iova);
+case 1:
+return calc_rtx(iova);
+}
+
+return -1;
+}
+
+static bool entry_isvalid(uint64_t entry, int8_t ett)
+{
+switch (ett) {
+case -1:
+return pt_entry_isvalid(entry);
+case 0:
+case 1:
+return rt_entry_isvalid(entry);
+}
+
+return false;
+}
+
+/* Return true if address translation is done */
+static bool translate_iscomplete(uint64_t entry, int8_t ett)
+{
+switch (ett) {
+case 0:
+return (entry & ZPCI_TABLE_FC) ? true : false;
+case 1:
+return false;
+}
+
+return true;
+}
+
+static uint64_t get_frame_size(int8_t ett)
+{
+switch (ett) {
+case -1:
+return 1ULL << 12;
+case 0:
+return 1ULL << 20;
+case 1:
+return 1ULL << 31;
+}
+
+return 0;
+}
+
+static uint64_t get_next_table_origin(uint64_t entry, int8_t ett)
+{
+switch (ett) {
+case -1:
+return entry & ZPCI_PTE_ADDR_MASK;
+case 0:
+return get_st_pto(entry);
+case 1:
+return get_rt_sto(entry);
+}
+
+return 0;
+}
+
+/**
+ * table_translate: do translation within one table and return the following
+ *  table origin
+ *
+ * @entry: the entry being traslated, the result is stored in this.
+ * @to: the address of table origin.
+ * @ett: expected table type, 1 region table, 0 segment table and -1 page 
table.
+ * @error: error code
+ */
+static uint64_t table_translate(S390IOTLBEntry *entry, uint64_t to, int8_t ett,
+uint16_t *error)
+{
+uint64_t tx, te, nto = 0;
+uint16_t err = 0;
+
+tx = get_table_index(entry->iova, ett);
+te = address_space_ldq(&address_space_memory, to + tx * sizeof(uint64_t),
+   MEMTXATTRS_UNSPECIFIED, NULL);
+
+if (!te) {
+err = ERR_EVENT_INVALTE;
 goto out;
 }
 
-pto_a = sto + sx * sizeof(uint64_t);
-pto = address_space_ldq(&address_space_memory, pto_a,
-MEMTXATTRS_UNSPECIFIED, NULL);
-pto = get_st_pto(pto);
-if (!pto) {
-pte = 0;
+if (!entry_isvalid(te, ett)) {
+entry->perm &= IOMMU_NONE;
 goto out;
 }
 
-px_a = pto + px * sizeof(uint64_t);
-pte = address_space_ldq(&address_space_memory, px_a,
-MEMTXATTRS_UNSPECIFIED, NULL);
+if (ett == 1 && ((te & ZPCI_TABLE_LEN_RTX) != ZPCI_TABLE_LEN_RTX ||
+ te & ZPCI_TABLE_OFFSET_MASK)) {
+err = ERR_EVENT_INVALTL;
+goto out;
+}
 
+nto = get_next_table_origin(te, ett);
+if (!nto) {
+err = ERR_EVENT_TT;
+goto out;
+}
+
+if (entry_isprotected(te)) {
+entry->perm &= IOMMU_RO;
+} else {
+entry->perm &= IOMMU_RW;
+}
+
+if (translate_iscomplete(te, ett)) {
+switch (ett) {
+case -1:
+entry->translated_addr = te & ZPCI_PTE_ADDR_MASK;
+br

[Qemu-devel] [PATCH 0/3] s390x/pci: fixup and optimize IOTLB code

[Yi Min Zhao]

This series contains three patches,
1) optimizes the code including walking DMA tables and rpcit handler
2) fixes the issue caused by IOTLB global refresh 
3) uses the right pal and pba when registering ioat

The issue mentioned above was found when we tested SMC-r tools. This
behavior has been introduced when linux guest started using a global
refresh to purge the whole IOTLB of invalid entries in a lazy fashion
instead of flushing each entry when invalidating table entries.

The previous QEMU implementation didn't keep track of the mapping,
didn't handle correctly the global flush demand from the guest and a
major part of the IOTLB entries were not flushed.

Consequently linux kernel on the host keeping the previous mapping
reports, as it should, -EEXIST DMA mapping error on the next mapping
with the same IOVA. The second patch fixes this issue.

During the investigation, we noticed that the current code walking
PCI IOMMU page tables didn't check important flags of table entries,
including:
1) protection bit
2) table length
3) table offset
4) intermediate tables' invalid bit
5) format control bit

We implement the checking in the first patch before handling the
IOTLB global refresh issue. To keep track of the mapped IOTLB entries
and be able to check if the host IOTLB entries need to be refreshed
we implement a IOTLB cache in QEMU, and introduce some helper
functions to check these bits. All S390IOTLBEntry instances are stored
in a new hashtable which are indexed by IOVA. Each PCI device has its
own IOMMU. Therefore each IOMMU also has its own hashtable caching
corresponding PCI device's DMA entries. Finally, we split 1M
contiguous DMA range into 4K pages to do DMA map, and the code about
error notification is also optimized.

Yi Min Zhao (3):
  s390x/pci: fixup the code walking IOMMU tables
  s390x/pci: fixup global refresh
  s390x/pci: use the right pal and pba in reg_ioat()

 hw/s390x/s390-pci-bus.c  | 233 ++-
 hw/s390x/s390-pci-bus.h  |  13 +++
 hw/s390x/s390-pci-inst.c | 103 ++---
 3 files changed, 271 insertions(+), 78 deletions(-)

-- 
2.14.3 (Apple Git-98)

[Qemu-devel] [PATCH 10/18] Include qapi/qmp/qlist.h exactly where needed

[Markus Armbruster]

This cleanup makes the number of objects depending on qapi/qmp/qlist.h
drop from 4548 (out of 4739) to 16 in my "build everything" tree.

Signed-off-by: Markus Armbruster 
---
 block/qapi.c| 1 +
 block/rbd.c | 1 +
 blockdev.c  | 1 +
 include/qapi/qmp/json-parser.h  | 1 -
 include/qapi/qmp/qdict.h| 1 -
 qapi/qobject-input-visitor.c| 1 +
 qapi/qobject-output-visitor.c   | 1 +
 qobject/json-parser.c   | 1 +
 qobject/qdict.c | 1 +
 qobject/qjson.c | 1 +
 qobject/qlit.c  | 1 +
 qobject/qobject.c   | 1 +
 tests/check-qdict.c | 2 ++
 tests/check-qlit.c  | 1 +
 tests/check-qobject.c   | 2 ++
 tests/device-introspect-test.c  | 1 +
 tests/libqtest.c| 2 ++
 tests/numa-test.c   | 1 +
 tests/qmp-test.c| 1 +
 tests/qom-test.c| 1 +
 tests/test-keyval.c | 1 +
 tests/test-qga.c| 1 +
 tests/test-qobject-output-visitor.c | 1 +
 tests/test-x86-cpuid-compat.c   | 1 +
 ui/vnc-palette.h| 1 -
 util/keyval.c   | 1 +
 util/qemu-config.c  | 1 +
 27 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 1e0cb2743d..12a8cb5a82 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -32,6 +32,7 @@
 #include "qapi/error.h"
 #include "qapi/qobject-output-visitor.h"
 #include "qapi/qmp/qbool.h"
+#include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qstring.h"
 #include "sysemu/block-backend.h"
diff --git a/block/rbd.c b/block/rbd.c
index a76a5e8755..76b9e83cea 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -21,6 +21,7 @@
 #include "qemu/cutils.h"
 #include "qapi/qmp/qstring.h"
 #include "qapi/qmp/qjson.h"
+#include "qapi/qmp/qlist.h"
 
 /*
  * When specifying the image filename use:
diff --git a/blockdev.c b/blockdev.c
index c487cf0e4b..90ef3166de 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -45,6 +45,7 @@
 #include "qapi-visit.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
+#include "qapi/qmp/qlist.h"
 #include "qapi/qobject-output-visitor.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/iothread.h"
diff --git a/include/qapi/qmp/json-parser.h b/include/qapi/qmp/json-parser.h
index 9987f8ca85..102f5c0068 100644
--- a/include/qapi/qmp/json-parser.h
+++ b/include/qapi/qmp/json-parser.h
@@ -15,7 +15,6 @@
 #define QEMU_JSON_PARSER_H
 
 #include "qemu-common.h"
-#include "qapi/qmp/qlist.h"
 
 QObject *json_parser_parse(GQueue *tokens, va_list *ap);
 QObject *json_parser_parse_err(GQueue *tokens, va_list *ap, Error **errp);
diff --git a/include/qapi/qmp/qdict.h b/include/qapi/qmp/qdict.h
index 3c1def00f7..ff6f7842c3 100644
--- a/include/qapi/qmp/qdict.h
+++ b/include/qapi/qmp/qdict.h
@@ -14,7 +14,6 @@
 #define QDICT_H
 
 #include "qapi/qmp/qobject.h"
-#include "qapi/qmp/qlist.h"
 #include "qemu/queue.h"
 
 #define QDICT_BUCKET_MAX 512
diff --git a/qapi/qobject-input-visitor.c b/qapi/qobject-input-visitor.c
index 31183dcb62..3e235a1eee 100644
--- a/qapi/qobject-input-visitor.c
+++ b/qapi/qobject-input-visitor.c
@@ -22,6 +22,7 @@
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qerror.h"
+#include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
 #include "qemu/cutils.h"
diff --git a/qapi/qobject-output-visitor.c b/qapi/qobject-output-visitor.c
index f0cc46b3cf..52634b9725 100644
--- a/qapi/qobject-output-visitor.c
+++ b/qapi/qobject-output-visitor.c
@@ -18,6 +18,7 @@
 #include "qemu/queue.h"
 #include "qemu-common.h"
 #include "qapi/qmp/qbool.h"
+#include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qstring.h"
diff --git a/qobject/json-parser.c b/qobject/json-parser.c
index 8f4badc6d9..ee0cbba6a5 100644
--- a/qobject/json-parser.c
+++ b/qobject/json-parser.c
@@ -16,6 +16,7 @@
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "qapi/qmp/qbool.h"
+#include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qstring.h"
diff --git a/qobject/qdict.c b/qobject/qdict.c
index 88f87d2527..23df84f9cd 100644
--- a/qobject/qdict.c
+++ b/qobject/qdict.c
@@ -14,6 +14,7 @@
 #include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qbool.h"
+#include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qstring.h"
 #include "qapi/error.h"
diff --git a/qobject/qjson.c b/qobject/qjson.c
index 7fbb68b6ba..527b5bb571 100644
--- a/qobject/qjson.c
+++ b/qobject/qjson.c
@@ -18,6 +18,7 @@
 #include "qapi/qmp/json-streamer.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qbool.h"
+#include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnum.h"
 #include "qemu/unicode.h"
 
diff --git a/qobject/qlit.c b/qobject/qlit.c
index 

[Qemu-devel] [PATCH 05/18] Include qmp-commands.h exactly where needed

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 block.c| 1 -
 blockjob.c | 1 -
 hw/acpi/acpi-stub.c| 1 -
 hw/ppc/spapr.c | 1 -
 hw/s390x/s390-stattrib.c   | 1 -
 hw/smbios/smbios-stub.c| 1 -
 hw/xen/xen-common.c| 1 -
 include/sysemu/arch_init.h | 1 -
 qga/guest-agent-core.h | 2 +-
 qga/main.c | 1 +
 stubs/dump.c   | 1 -
 ui/cocoa.m | 1 -
 12 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/block.c b/block.c
index 2a8bc276c7..a97f709252 100644
--- a/block.c
+++ b/block.c
@@ -39,7 +39,6 @@
 #include "qemu/notify.h"
 #include "qemu/coroutine.h"
 #include "block/qapi.h"
-#include "qmp-commands.h"
 #include "qemu/timer.h"
 #include "qapi-event.h"
 #include "qemu/cutils.h"
diff --git a/blockjob.c b/blockjob.c
index d766fdc4ce..081f1d2b91 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -34,7 +34,6 @@
 #include "qapi/qmp/qjson.h"
 #include "qemu/coroutine.h"
 #include "qemu/id.h"
-#include "qmp-commands.h"
 #include "qemu/timer.h"
 #include "qapi-event.h"
 
diff --git a/hw/acpi/acpi-stub.c b/hw/acpi/acpi-stub.c
index 7dfc8af316..4c9d081ed4 100644
--- a/hw/acpi/acpi-stub.c
+++ b/hw/acpi/acpi-stub.c
@@ -21,7 +21,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
-#include "qmp-commands.h"
 #include "hw/acpi/acpi.h"
 
 void acpi_table_add(const QemuOpts *opts, Error **errp)
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
index 88a78d31eb..7474d6eeeb 100644
--- a/hw/ppc/spapr.c
+++ b/hw/ppc/spapr.c
@@ -74,7 +74,6 @@
 #include "hw/compat.h"
 #include "qemu/cutils.h"
 #include "hw/ppc/spapr_cpu_core.h"
-#include "qmp-commands.h"
 
 #include 
 
diff --git a/hw/s390x/s390-stattrib.c b/hw/s390x/s390-stattrib.c
index 2902f54f11..c6c06b2780 100644
--- a/hw/s390x/s390-stattrib.c
+++ b/hw/s390x/s390-stattrib.c
@@ -12,7 +12,6 @@
 #include "qemu/osdep.h"
 #include "hw/boards.h"
 #include "cpu.h"
-#include "qmp-commands.h"
 #include "migration/qemu-file.h"
 #include "migration/register.h"
 #include "hw/s390x/storage-attributes.h"
diff --git a/hw/smbios/smbios-stub.c b/hw/smbios/smbios-stub.c
index 61becef4ae..d3a385441a 100644
--- a/hw/smbios/smbios-stub.c
+++ b/hw/smbios/smbios-stub.c
@@ -23,7 +23,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
-#include "qmp-commands.h"
 #include "hw/smbios/smbios.h"
 
 void smbios_entry_add(QemuOpts *opts, Error **errp)
diff --git a/hw/xen/xen-common.c b/hw/xen/xen-common.c
index 632a938dcc..78c18f34a7 100644
--- a/hw/xen/xen-common.c
+++ b/hw/xen/xen-common.c
@@ -10,7 +10,6 @@
 
 #include "qemu/osdep.h"
 #include "hw/xen/xen_backend.h"
-#include "qmp-commands.h"
 #include "chardev/char.h"
 #include "sysemu/accel.h"
 #include "migration/misc.h"
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 8751c468ed..90b38aecdd 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -1,7 +1,6 @@
 #ifndef QEMU_ARCH_INIT_H
 #define QEMU_ARCH_INIT_H
 
-#include "qmp-commands.h"
 #include "qemu/option.h"
 
 enum {
diff --git a/qga/guest-agent-core.h b/qga/guest-agent-core.h
index 3e8a4acff2..6f4d214cb9 100644
--- a/qga/guest-agent-core.h
+++ b/qga/guest-agent-core.h
@@ -12,7 +12,7 @@
  */
 #include "qapi/qmp/dispatch.h"
 #include "qemu-common.h"
-#include "qga-qmp-commands.h"
+#include "qga-qapi-types.h"
 
 #define QGA_READ_COUNT_DEFAULT 4096
 
diff --git a/qga/main.c b/qga/main.c
index 57083ca10c..804cc4c1a0 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -23,6 +23,7 @@
 #include "qapi/qmp/qjson.h"
 #include "qga/guest-agent-core.h"
 #include "qemu/module.h"
+#include "qga-qmp-commands.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/error.h"
 #include "qapi/qmp/dispatch.h"
diff --git a/stubs/dump.c b/stubs/dump.c
index d9ee23f1eb..8e5032c3af 100644
--- a/stubs/dump.c
+++ b/stubs/dump.c
@@ -14,7 +14,6 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "sysemu/dump-arch.h"
-#include "qmp-commands.h"
 
 int cpu_get_dump_info(ArchDumpInfo *info,
   const struct GuestPhysBlockList *guest_phys_blocks)
diff --git a/ui/cocoa.m b/ui/cocoa.m
index 6be9848391..19e1e827d2 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -31,7 +31,6 @@
 #include "ui/console.h"
 #include "ui/input.h"
 #include "sysemu/sysemu.h"
-#include "qmp-commands.h"
 #include "sysemu/blockdev.h"
 #include "qemu-version.h"
 #include 
-- 
2.13.6

[Qemu-devel] [PATCH 12/18] Include qapi/qmp/qstring.h exactly where needed

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 block.c | 1 +
 include/qapi/qmp/qjson.h| 2 --
 monitor.c   | 1 +
 qapi/qobject-input-visitor.c| 1 +
 qemu-img.c  | 1 +
 qga/main.c  | 1 +
 qobject/qjson.c | 1 +
 tests/check-qjson.c | 1 +
 tests/libqtest.c| 1 +
 tests/test-qobject-input-visitor.c  | 1 +
 tests/test-qobject-output-visitor.c | 1 +
 tests/test-visitor-serialization.c  | 1 +
 ui/spice-core.c | 1 -
 13 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/block.c b/block.c
index a97f709252..71d2dfb55e 100644
--- a/block.c
+++ b/block.c
@@ -34,6 +34,7 @@
 #include "qapi/qmp/qerror.h"
 #include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qjson.h"
+#include "qapi/qmp/qstring.h"
 #include "sysemu/block-backend.h"
 #include "sysemu/sysemu.h"
 #include "qemu/notify.h"
diff --git a/include/qapi/qmp/qjson.h b/include/qapi/qmp/qjson.h
index 6b38b0f074..b274ac3a86 100644
--- a/include/qapi/qmp/qjson.h
+++ b/include/qapi/qmp/qjson.h
@@ -14,8 +14,6 @@
 #ifndef QJSON_H
 #define QJSON_H
 
-#include "qapi/qmp/qstring.h"
-
 QObject *qobject_from_json(const char *string, Error **errp);
 QObject *qobject_from_jsonf(const char *string, ...) GCC_FMT_ATTR(1, 2);
 QObject *qobject_from_jsonv(const char *string, va_list *ap, Error **errp)
diff --git a/monitor.c b/monitor.c
index 20f7b159b3..69737f2d9a 100644
--- a/monitor.c
+++ b/monitor.c
@@ -55,6 +55,7 @@
 #include "qapi/qmp/qerror.h"
 #include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qnum.h"
+#include "qapi/qmp/qstring.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/json-streamer.h"
 #include "qapi/qmp/json-parser.h"
diff --git a/qapi/qobject-input-visitor.c b/qapi/qobject-input-visitor.c
index 3566eed365..023317b05f 100644
--- a/qapi/qobject-input-visitor.c
+++ b/qapi/qobject-input-visitor.c
@@ -26,6 +26,7 @@
 #include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
+#include "qapi/qmp/qstring.h"
 #include "qemu/cutils.h"
 #include "qemu/option.h"
 
diff --git a/qemu-img.c b/qemu-img.c
index fc6b4ffc00..6ead3b7c3d 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -32,6 +32,7 @@
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qstring.h"
 #include "qemu/cutils.h"
 #include "qemu/config-file.h"
 #include "qemu/option.h"
diff --git a/qga/main.c b/qga/main.c
index 804cc4c1a0..64e0776bf2 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -21,6 +21,7 @@
 #include "qapi/qmp/json-streamer.h"
 #include "qapi/qmp/json-parser.h"
 #include "qapi/qmp/qjson.h"
+#include "qapi/qmp/qstring.h"
 #include "qga/guest-agent-core.h"
 #include "qemu/module.h"
 #include "qga-qmp-commands.h"
diff --git a/qobject/qjson.c b/qobject/qjson.c
index 77f796bbee..e1ce75651c 100644
--- a/qobject/qjson.c
+++ b/qobject/qjson.c
@@ -21,6 +21,7 @@
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnum.h"
+#include "qapi/qmp/qstring.h"
 #include "qemu/unicode.h"
 
 typedef struct JSONParsingState
diff --git a/tests/check-qjson.c b/tests/check-qjson.c
index 26f5d4401e..a18ea47cb7 100644
--- a/tests/check-qjson.c
+++ b/tests/check-qjson.c
@@ -19,6 +19,7 @@
 #include "qapi/qmp/qlit.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
+#include "qapi/qmp/qstring.h"
 #include "qemu-common.h"
 
 static void escaped_string(void)
diff --git a/tests/libqtest.c b/tests/libqtest.c
index 78f2226fc6..a193ba224c 100644
--- a/tests/libqtest.c
+++ b/tests/libqtest.c
@@ -28,6 +28,7 @@
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qlist.h"
+#include "qapi/qmp/qstring.h"
 
 #define MAX_IRQ 256
 #define SOCKET_TIMEOUT 50
diff --git a/tests/test-qobject-input-visitor.c 
b/tests/test-qobject-input-visitor.c
index 2e6f7f422f..3900be2610 100644
--- a/tests/test-qobject-input-visitor.c
+++ b/tests/test-qobject-input-visitor.c
@@ -21,6 +21,7 @@
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
+#include "qapi/qmp/qstring.h"
 #include "qapi/qmp/qjson.h"
 #include "test-qmp-introspect.h"
 #include "qmp-introspect.h"
diff --git a/tests/test-qobject-output-visitor.c 
b/tests/test-qobject-output-visitor.c
index 09a56d2d06..1b8a9ee372 100644
--- a/tests/test-qobject-output-visitor.c
+++ b/tests/test-qobject-output-visitor.c
@@ -21,6 +21,7 @@
 #include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
+#include "qapi/qmp/qstring.h"
 #include "qapi/qmp/qjson.h"
 
 typedef struct TestOutputVisitorData {
diff --git a/tests/test-visitor-serialization.c 
b/tests/test-visitor-serialization.c
index 928a82b2e6..dd7e51d4f5 100644
--- a/tests/test-visitor-serialization.c
+++ b/tests/test-visitor-serialization.c
@@ -18,6 +18,7 @@
 #include "test-qapi-visit.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qjson.h"
+#include "qapi/qmp/qstring.h"
 #include "qapi/qob

[Qemu-devel] [PATCH 01/18] Clean up includes

[Markus Armbruster]

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes, with the change
to target/s390x/gen-features.c manually reverted, and blank lines
around deletions collapsed.

Signed-off-by: Markus Armbruster 
---
 block/parallels.h |  1 -
 hw/block/vhost-user-blk.c |  1 -
 hw/ide/sii3112.c  |  1 +
 hw/nvram/eeprom_at24c.c   |  3 +--
 hw/tpm/tpm_emulator.c |  4 
 hw/tpm/tpm_int.h  |  2 --
 hw/tpm/tpm_ioctl.h|  2 --
 hw/xtensa/xtensa_memory.h |  1 -
 include/exec/tb-lookup.h  |  2 --
 include/hw/intc/xlnx-pmu-iomod-intc.h |  1 -
 include/hw/intc/xlnx-zynqmp-ipi.h |  1 -
 include/hw/nvram/fw_cfg.h |  1 -
 include/hw/pci-bridge/simba.h |  1 -
 include/hw/xtensa/xtensa-isa.h|  2 --
 include/qapi/clone-visitor.h  |  1 -
 include/sysemu/hvf.h  |  2 --
 include/ui/console.h  |  1 -
 io/channel-websock.c  |  3 ---
 linux-user/syscall.c  |  1 -
 scsi/pr-helper.h  |  2 --
 target/i386/hvf/vmx.h |  1 -
 target/i386/hvf/x86hvf.c  |  3 ---
 target/xtensa/core-dc232b/xtensa-modules.c|  1 +
 target/xtensa/core-dc233c/xtensa-modules.c|  1 +
 target/xtensa/core-de212/xtensa-modules.c |  1 +
 target/xtensa/core-fsf/xtensa-modules.c   |  1 +
 target/xtensa/core-sample_controller/xtensa-modules.c |  1 +
 target/xtensa/xtensa-isa.c|  4 +---
 tests/migration/stress.c  | 10 +-
 tests/ptimer-test.c   |  4 ++--
 trace/control-internal.h  |  2 --
 31 files changed, 11 insertions(+), 51 deletions(-)

diff --git a/block/parallels.h b/block/parallels.h
index 4b044079ef..5aa101cfc8 100644
--- a/block/parallels.h
+++ b/block/parallels.h
@@ -32,7 +32,6 @@
 #ifndef BLOCK_PARALLELS_H
 #define BLOCK_PARALLELS_H
 #include "qemu/coroutine.h"
-#include "qemu/typedefs.h"
 
 #define HEADS_NUMBER 16
 #define SEC_IN_CYL 32
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index b53b4c9c57..f840f07dfe 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -19,7 +19,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu/error-report.h"
-#include "qemu/typedefs.h"
 #include "qemu/cutils.h"
 #include "qom/object.h"
 #include "hw/qdev-core.h"
diff --git a/hw/ide/sii3112.c b/hw/ide/sii3112.c
index 17aa930e39..a5d1776756 100644
--- a/hw/ide/sii3112.c
+++ b/hw/ide/sii3112.c
@@ -12,6 +12,7 @@
  * http://wiki.osdev.org/User:Quok/Silicon_Image_Datasheets
  */
 
+#include "qemu/osdep.h"
 #include 
 #include 
 #include "trace.h"
diff --git a/hw/nvram/eeprom_at24c.c b/hw/nvram/eeprom_at24c.c
index efa3621ac6..22183f5360 100644
--- a/hw/nvram/eeprom_at24c.c
+++ b/hw/nvram/eeprom_at24c.c
@@ -7,9 +7,8 @@
  * the LICENSE file in the top-level directory.
  */
 
-#include 
-
 #include "qemu/osdep.h"
+
 #include "qapi/error.h"
 #include "hw/hw.h"
 #include "hw/i2c/i2c.h"
diff --git a/hw/tpm/tpm_emulator.c b/hw/tpm/tpm_emulator.c
index 35c78de5a9..7be79e7296 100644
--- a/hw/tpm/tpm_emulator.c
+++ b/hw/tpm/tpm_emulator.c
@@ -40,10 +40,6 @@
 #include "qapi/clone-visitor.h"
 #include "chardev/char-fe.h"
 
-#include 
-#include 
-#include 
-#include 
 
 #define DEBUG_TPM 0
 
diff --git a/hw/tpm/tpm_int.h b/hw/tpm/tpm_int.h
index abbca5191a..a4c77fbd7e 100644
--- a/hw/tpm/tpm_int.h
+++ b/hw/tpm/tpm_int.h
@@ -12,8 +12,6 @@
 #ifndef TPM_TPM_INT_H
 #define TPM_TPM_INT_H
 
-#include "qemu/osdep.h"
-
 #define TPM_STANDARD_CMDLINE_OPTS \
 { \
 .name = "type", \
diff --git a/hw/tpm/tpm_ioctl.h b/hw/tpm/tpm_ioctl.h
index 54c8d345ad..59a0b0595d 100644
--- a/hw/tpm/tpm_ioctl.h
+++ b/hw/tpm/tpm_ioctl.h
@@ -8,9 +8,7 @@
 #ifndef _TPM_IOCTL_H_
 #define _TPM_IOCTL_H_
 
-#include 
 #include 
-#include 
 #include 
 
 /*
diff --git a/hw/xtensa/xtensa_memory.h b/hw/xtensa/xtensa_memory.h
index cab4d172d4..e9aa08749d 100644
--- a/hw/xtensa/xtensa_memory.h
+++ b/hw/xtensa/xtensa_memory.h
@@ -28,7 +28,6 @@
 #ifndef _XTENSA_MEMORY_H
 #define _XTENSA_MEMORY_H
 
-#include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "cpu.h"
 #include "exec/memory.h"
diff --git a/include/exec/tb-lookup.h b/include/exec/tb-lookup.h
index 296138591a..492cb68289 100644
--- a/include/exec/tb-lookup.h
+++ b/include/exec/tb-lookup.h
@@ -7,8 +7,6 @@
 #

[Qemu-devel] [PATCH 04/18] Drop superfluous includes of qapi/qmp/qerror.h

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 backends/tpm.c | 1 -
 block/qcow.c   | 1 -
 block/qed.c| 1 -
 blockdev-nbd.c | 1 -
 hw/s390x/s390-virtio-ccw.c | 1 -
 net/colo-compare.c | 1 -
 net/filter-mirror.c| 1 -
 net/filter-rewriter.c  | 1 -
 qapi/qmp-dispatch.c| 1 -
 qemu-img.c | 1 -
 ui/vnc.c   | 1 -
 11 files changed, 11 deletions(-)

diff --git a/backends/tpm.c b/backends/tpm.c
index 91222c5164..0d129ee9e3 100644
--- a/backends/tpm.c
+++ b/backends/tpm.c
@@ -15,7 +15,6 @@
 #include "qemu/osdep.h"
 #include "sysemu/tpm_backend.h"
 #include "qapi/error.h"
-#include "qapi/qmp/qerror.h"
 #include "sysemu/tpm.h"
 #include "qemu/thread.h"
 #include "qemu/main-loop.h"
diff --git a/block/qcow.c b/block/qcow.c
index d552a6eba8..369241aae8 100644
--- a/block/qcow.c
+++ b/block/qcow.c
@@ -30,7 +30,6 @@
 #include "qemu/module.h"
 #include "qemu/bswap.h"
 #include 
-#include "qapi/qmp/qerror.h"
 #include "qapi/qmp/qstring.h"
 #include "crypto/block.h"
 #include "migration/blocker.h"
diff --git a/block/qed.c b/block/qed.c
index 821dcaa055..7e2b34c3a7 100644
--- a/block/qed.c
+++ b/block/qed.c
@@ -18,7 +18,6 @@
 #include "qemu/bswap.h"
 #include "trace.h"
 #include "qed.h"
-#include "qapi/qmp/qerror.h"
 #include "sysemu/block-backend.h"
 
 static int bdrv_qed_probe(const uint8_t *buf, int buf_size,
diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index f3c3400e52..a3dabf2dd2 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -14,7 +14,6 @@
 #include "sysemu/block-backend.h"
 #include "hw/block/block.h"
 #include "qapi/error.h"
-#include "qapi/qmp/qerror.h"
 #include "sysemu/sysemu.h"
 #include "qmp-commands.h"
 #include "block/nbd.h"
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index 3807dcb097..7d922ad732 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -33,7 +33,6 @@
 #include "hw/s390x/css-bridge.h"
 #include "migration/register.h"
 #include "cpu_models.h"
-#include "qapi/qmp/qerror.h"
 #include "hw/nmi.h"
 
 S390CPU *s390_cpu_addr2state(uint16_t cpu_addr)
diff --git a/net/colo-compare.c b/net/colo-compare.c
index 0ebdec936c..3b955f3ec5 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -16,7 +16,6 @@
 #include "qemu/error-report.h"
 #include "trace.h"
 #include "qemu-common.h"
-#include "qapi/qmp/qerror.h"
 #include "qapi/error.h"
 #include "net/net.h"
 #include "net/eth.h"
diff --git a/net/filter-mirror.c b/net/filter-mirror.c
index ce0dc23c2a..bd78e25d12 100644
--- a/net/filter-mirror.c
+++ b/net/filter-mirror.c
@@ -14,7 +14,6 @@
 #include "net/net.h"
 #include "qemu-common.h"
 #include "qapi/error.h"
-#include "qapi/qmp/qerror.h"
 #include "qapi-visit.h"
 #include "qom/object.h"
 #include "qemu/main-loop.h"
diff --git a/net/filter-rewriter.c b/net/filter-rewriter.c
index 3ea3798276..6201494ceb 100644
--- a/net/filter-rewriter.c
+++ b/net/filter-rewriter.c
@@ -15,7 +15,6 @@
 #include "net/filter.h"
 #include "net/net.h"
 #include "qemu-common.h"
-#include "qapi/qmp/qerror.h"
 #include "qemu/error-report.h"
 #include "qapi-visit.h"
 #include "qom/object.h"
diff --git a/qapi/qmp-dispatch.c b/qapi/qmp-dispatch.c
index 7d18524f3c..8829c4a45a 100644
--- a/qapi/qmp-dispatch.c
+++ b/qapi/qmp-dispatch.c
@@ -17,7 +17,6 @@
 #include "qapi/qmp/dispatch.h"
 #include "qapi/qmp/json-parser.h"
 #include "qapi/qmp/qjson.h"
-#include "qapi/qmp/qerror.h"
 
 static QDict *qmp_dispatch_check_obj(const QObject *request, Error **errp)
 {
diff --git a/qemu-img.c b/qemu-img.c
index 68b375f998..cf8db3d7b7 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -28,7 +28,6 @@
 #include "qapi/error.h"
 #include "qapi-visit.h"
 #include "qapi/qobject-output-visitor.h"
-#include "qapi/qmp/qerror.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qbool.h"
 #include "qemu/cutils.h"
diff --git a/ui/vnc.c b/ui/vnc.c
index 8768691db8..9bcc2c0db9 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -35,7 +35,6 @@
 #include "qemu/acl.h"
 #include "qemu/config-file.h"
 #include "qapi/error.h"
-#include "qapi/qmp/qerror.h"
 #include "qapi/qmp/types.h"
 #include "qmp-commands.h"
 #include "ui/input.h"
-- 
2.13.6

[Qemu-devel] [PATCH 15/18] Include qapi/qmp/qnull.h exactly where needed

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 target/ppc/translate.c  | 1 -
 target/ppc/translate_init.c | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/ppc/translate.c b/target/ppc/translate.c
index eeaad9e91f..4132f67bb1 100644
--- a/target/ppc/translate.c
+++ b/target/ppc/translate.c
@@ -24,7 +24,6 @@
 #include "disas/disas.h"
 #include "exec/exec-all.h"
 #include "tcg-op.h"
-#include "qapi/qmp/qnull.h"
 #include "qemu/host-utils.h"
 #include "exec/cpu_ldst.h"
 
diff --git a/target/ppc/translate_init.c b/target/ppc/translate_init.c
index 2913af912a..434c42731d 100644
--- a/target/ppc/translate_init.c
+++ b/target/ppc/translate_init.c
@@ -30,6 +30,7 @@
 #include "mmu-hash64.h"
 #include "qemu/error-report.h"
 #include "qapi/error.h"
+#include "qapi/qmp/qnull.h"
 #include "qapi/visitor.h"
 #include "hw/qdev-properties.h"
 #include "hw/ppc/ppc.h"
-- 
2.13.6

[Qemu-devel] [PATCH 17/18] Drop superfluous includes of qapi/qmp/qjson.h

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 balloon.c   | 1 -
 block/nbd.c | 1 -
 block/quorum.c  | 1 -
 blockjob.c  | 1 -
 hw/core/qdev.c  | 1 -
 hw/net/virtio-net.c | 1 -
 hw/pci/pcie_aer.c   | 1 -
 target/s390x/kvm.c  | 1 -
 tests/test-qobject-output-visitor.c | 1 -
 ui/spice-core.c | 1 -
 vl.c| 1 -
 11 files changed, 11 deletions(-)

diff --git a/balloon.c b/balloon.c
index f8b5ca9870..d8dd6fe773 100644
--- a/balloon.c
+++ b/balloon.c
@@ -33,7 +33,6 @@
 #include "qmp-commands.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/qmp/qjson.h"
 
 static QEMUBalloonEvent *balloon_event_fn;
 static QEMUBalloonStatus *balloon_stat_fn;
diff --git a/block/nbd.c b/block/nbd.c
index 8b8ba56cdd..fbec4ae320 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -36,7 +36,6 @@
 #include "qapi/qobject-input-visitor.h"
 #include "qapi/qobject-output-visitor.h"
 #include "qapi/qmp/qdict.h"
-#include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qstring.h"
 #include "qemu/cutils.h"
 
diff --git a/block/quorum.c b/block/quorum.c
index 980403f63e..2dc79bf7e2 100644
--- a/block/quorum.c
+++ b/block/quorum.c
@@ -19,7 +19,6 @@
 #include "qapi/error.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qstring.h"
 #include "qapi-event.h"
diff --git a/blockjob.c b/blockjob.c
index 081f1d2b91..3f52f29f75 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -31,7 +31,6 @@
 #include "sysemu/block-backend.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/qmp/qjson.h"
 #include "qemu/coroutine.h"
 #include "qemu/id.h"
 #include "qemu/timer.h"
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index f93f7d9388..e1143ad542 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -31,7 +31,6 @@
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/visitor.h"
-#include "qapi/qmp/qjson.h"
 #include "qemu/error-report.h"
 #include "hw/hotplug.h"
 #include "hw/boards.h"
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 0dd3cb8de4..369d40b378 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -23,7 +23,6 @@
 #include "net/vhost_net.h"
 #include "hw/virtio/virtio-bus.h"
 #include "qapi/error.h"
-#include "qapi/qmp/qjson.h"
 #include "qapi-event.h"
 #include "hw/virtio/virtio-access.h"
 #include "migration/misc.h"
diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
index 0b55392fe7..939da0b778 100644
--- a/hw/pci/pcie_aer.c
+++ b/hw/pci/pcie_aer.c
@@ -21,7 +21,6 @@
 #include "qemu/osdep.h"
 #include "sysemu/sysemu.h"
 #include "qapi/qmp/qdict.h"
-#include "qapi/qmp/qjson.h"
 #include "monitor/monitor.h"
 #include "hw/pci/pci_bridge.h"
 #include "hw/pci/pcie.h"
diff --git a/target/s390x/kvm.c b/target/s390x/kvm.c
index 8736001156..bfff1fc88a 100644
--- a/target/s390x/kvm.c
+++ b/target/s390x/kvm.c
@@ -37,7 +37,6 @@
 #include "sysemu/hw_accel.h"
 #include "hw/hw.h"
 #include "sysemu/device_tree.h"
-#include "qapi/qmp/qjson.h"
 #include "exec/gdbstub.h"
 #include "exec/address-spaces.h"
 #include "trace.h"
diff --git a/tests/test-qobject-output-visitor.c 
b/tests/test-qobject-output-visitor.c
index 1b8a9ee372..3cf942414c 100644
--- a/tests/test-qobject-output-visitor.c
+++ b/tests/test-qobject-output-visitor.c
@@ -22,7 +22,6 @@
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qstring.h"
-#include "qapi/qmp/qjson.h"
 
 typedef struct TestOutputVisitorData {
 Visitor *ov;
diff --git a/ui/spice-core.c b/ui/spice-core.c
index 03f9e83456..64ed759be5 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -31,7 +31,6 @@
 #include "qemu/sockets.h"
 #include "qmp-commands.h"
 #include "qapi/error.h"
-#include "qapi/qmp/qjson.h"
 #include "qemu/notify.h"
 #include "migration/misc.h"
 #include "hw/hw.h"
diff --git a/vl.c b/vl.c
index 717625122f..581a54c323 100644
--- a/vl.c
+++ b/vl.c
@@ -98,7 +98,6 @@ int main(int argc, char **argv)
 #include "sysemu/hax.h"
 #include "qapi/qobject-input-visitor.h"
 #include "qapi-visit.h"
-#include "qapi/qmp/qjson.h"
 #include "qemu/option.h"
 #include "qemu/config-file.h"
 #include "qemu-options.h"
-- 
2.13.6

[Qemu-devel] [PATCH 13/18] Include qapi/qmp/qbool.h exactly where needed

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 block.c| 1 -
 block/blkdebug.c   | 1 -
 block/curl.c   | 1 -
 block/qcow2.c  | 1 -
 block/quorum.c | 1 -
 block/vvfat.c  | 1 -
 hw/usb/xen-usb.c   | 1 -
 monitor.c  | 1 -
 qemu-img.c | 1 -
 qemu-io.c  | 1 -
 target/s390x/cpu_models.c  | 1 -
 tests/check-qlit.c | 1 -
 tests/device-introspect-test.c | 1 -
 ui/spice-core.c| 1 -
 14 files changed, 14 deletions(-)

diff --git a/block.c b/block.c
index 71d2dfb55e..924b084436 100644
--- a/block.c
+++ b/block.c
@@ -32,7 +32,6 @@
 #include "qemu/module.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/qstring.h"
 #include "sysemu/block-backend.h"
diff --git a/block/blkdebug.c b/block/blkdebug.c
index e21669979d..356538482d 100644
--- a/block/blkdebug.c
+++ b/block/blkdebug.c
@@ -29,7 +29,6 @@
 #include "qemu/config-file.h"
 #include "block/block_int.h"
 #include "qemu/module.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 #include "sysemu/qtest.h"
diff --git a/block/curl.c b/block/curl.c
index e0eb8ebb78..fbd62b3864 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -27,7 +27,6 @@
 #include "qemu-common.h"
 #include "qemu/error-report.h"
 #include "block/block_int.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 #include "crypto/secret.h"
diff --git a/block/qcow2.c b/block/qcow2.c
index 700c06245b..a64a572785 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -31,7 +31,6 @@
 #include "qemu/error-report.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 #include "qapi-event.h"
diff --git a/block/quorum.c b/block/quorum.c
index ec427c39e7..980403f63e 100644
--- a/block/quorum.c
+++ b/block/quorum.c
@@ -17,7 +17,6 @@
 #include "qemu/cutils.h"
 #include "block/block_int.h"
 #include "qapi/error.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/qmp/qjson.h"
diff --git a/block/vvfat.c b/block/vvfat.c
index 93e76580b0..5dca227311 100644
--- a/block/vvfat.c
+++ b/block/vvfat.c
@@ -30,7 +30,6 @@
 #include "qemu/module.h"
 #include "qemu/bswap.h"
 #include "migration/blocker.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 #include "qemu/cutils.h"
diff --git a/hw/usb/xen-usb.c b/hw/usb/xen-usb.c
index 3b678685e1..e9eb1e902f 100644
--- a/hw/usb/xen-usb.c
+++ b/hw/usb/xen-usb.c
@@ -29,7 +29,6 @@
 #include "hw/usb.h"
 #include "hw/xen/xen_backend.h"
 #include "monitor/qdev.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 
diff --git a/monitor.c b/monitor.c
index 69737f2d9a..02d9dd8708 100644
--- a/monitor.c
+++ b/monitor.c
@@ -53,7 +53,6 @@
 #include "qemu/acl.h"
 #include "sysemu/tpm.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qstring.h"
 #include "qapi/qmp/qjson.h"
diff --git a/qemu-img.c b/qemu-img.c
index 6ead3b7c3d..778fab9979 100644
--- a/qemu-img.c
+++ b/qemu-img.c
@@ -30,7 +30,6 @@
 #include "qapi-visit.h"
 #include "qapi/qobject-output-visitor.h"
 #include "qapi/qmp/qjson.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 #include "qemu/cutils.h"
diff --git a/qemu-io.c b/qemu-io.c
index 2e5737ce9c..f554ab614b 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -21,7 +21,6 @@
 #include "qemu/readline.h"
 #include "qemu/log.h"
 #include "qapi/qmp/qstring.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qom/object_interfaces.h"
 #include "sysemu/block-backend.h"
diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 27201c4f91..584c409a19 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -20,7 +20,6 @@
 #include "qemu/error-report.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/qobject-input-visitor.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #ifndef CONFIG_USER_ONLY
 #include "sysemu/arch_init.h"
diff --git a/tests/check-qlit.c b/tests/check-qlit.c
index b8b5016af7..f012885534 100644
--- a/tests/check-qlit.c
+++ b/tests/check-qlit.c
@@ -9,7 +9,6 @@
 
 #include "qemu/osdep.h"
 
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qlit.h"
diff --git a/tests/device-introspect-test.c b/tests/device-introspect-test.c
index 2b3d01174d..b80058fe98 100644
--- a/tests/device-introspect-test.c
+++ b/tests/device-introspect-test.c
@@ -20,7 +20,6 @@
 #include "qemu/osdep.h"
 #include "qemu-common.h"
 #include "qapi/qmp/qstring.h"
-#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/q

[Qemu-devel] [PATCH 07/18] Eliminate qapi/qmp/types.h

[Markus Armbruster]

qapi/qmp/types.h is a convenience header to include a number of
qapi/qmp/ headers.  Since we rarely need all of the headers
qapi/qmp/types.h includes, we bypass it most of the time.  Most of the
places that use it don't need all the headers, either.

Include the necessary headers directly, and drop qapi/qmp/types.h.

Signed-off-by: Markus Armbruster 
---
 block/qapi.c|  3 ++-
 block/qcow2.c   |  3 ++-
 blockdev.c  |  2 +-
 hw/pci/pcie_aer.c   |  1 -
 hw/watchdog/watchdog.c  |  1 -
 include/qapi/qmp/types.h| 24 
 monitor.c   |  2 +-
 qapi/qapi-dealloc-visitor.c |  1 -
 qapi/qmp-dispatch.c |  1 -
 qapi/qobject-input-visitor.c|  2 +-
 qapi/qobject-output-visitor.c   |  3 ++-
 qobject/json-parser.c   |  3 ++-
 qobject/qjson.c |  2 +-
 qobject/qlit.c  |  4 +++-
 qobject/qobject.c   |  4 +++-
 scripts/qapi-commands.py|  1 -
 target/i386/cpu.c   |  1 -
 tests/check-qjson.c |  2 +-
 tests/check-qobject.c   |  3 ++-
 tests/cpu-plug-test.c   |  1 -
 tests/qom-test.c|  1 -
 tests/test-clone-visitor.c  |  1 -
 tests/test-qmp-commands.c   |  3 ++-
 tests/test-qmp-event.c  |  3 ++-
 tests/test-qobject-input-visitor.c  |  2 +-
 tests/test-qobject-output-visitor.c |  2 +-
 tests/test-string-input-visitor.c   |  1 -
 tests/test-string-output-visitor.c  |  1 -
 tests/test-visitor-serialization.c  |  1 -
 ui/vnc.c|  1 -
 util/qemu-option.c  |  4 +++-
 31 files changed, 30 insertions(+), 54 deletions(-)
 delete mode 100644 include/qapi/qmp/types.h

diff --git a/block/qapi.c b/block/qapi.c
index 4fc9fd8082..1ab4372519 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -31,7 +31,8 @@
 #include "qapi-visit.h"
 #include "qapi/error.h"
 #include "qapi/qobject-output-visitor.h"
-#include "qapi/qmp/types.h"
+#include "qapi/qmp/qbool.h"
+#include "qapi/qmp/qstring.h"
 #include "sysemu/block-backend.h"
 #include "qemu/cutils.h"
 
diff --git a/block/qcow2.c b/block/qcow2.c
index 7645b3c6ae..700c06245b 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -32,7 +32,8 @@
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/qmp/qbool.h"
-#include "qapi/qmp/types.h"
+#include "qapi/qmp/qdict.h"
+#include "qapi/qmp/qstring.h"
 #include "qapi-event.h"
 #include "trace.h"
 #include "qemu/option_int.h"
diff --git a/blockdev.c b/blockdev.c
index ad82dbbeee..8a47459937 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -40,7 +40,7 @@
 #include "qemu/error-report.h"
 #include "qemu/option.h"
 #include "qemu/config-file.h"
-#include "qapi/qmp/types.h"
+#include "qapi/qmp/qstring.h"
 #include "qapi-visit.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
index b009be7f17..071e5e9bbb 100644
--- a/hw/pci/pcie_aer.c
+++ b/hw/pci/pcie_aer.c
@@ -20,7 +20,6 @@
 
 #include "qemu/osdep.h"
 #include "sysemu/sysemu.h"
-#include "qapi/qmp/types.h"
 #include "qapi/qmp/qjson.h"
 #include "monitor/monitor.h"
 #include "hw/pci/pci_bridge.h"
diff --git a/hw/watchdog/watchdog.c b/hw/watchdog/watchdog.c
index 25dcb25ff1..98a5dd6689 100644
--- a/hw/watchdog/watchdog.c
+++ b/hw/watchdog/watchdog.c
@@ -24,7 +24,6 @@
 #include "qemu/config-file.h"
 #include "qemu/queue.h"
 #include "qapi/error.h"
-#include "qapi/qmp/types.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/watchdog.h"
 #include "qapi-event.h"
diff --git a/include/qapi/qmp/types.h b/include/qapi/qmp/types.h
deleted file mode 100644
index 749ac44dcb..00
--- a/include/qapi/qmp/types.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Include all QEMU objects.
- *
- * Copyright (C) 2009 Red Hat Inc.
- *
- * Authors:
- *  Luiz Capitulino 
- *
- * This work is licensed under the terms of the GNU LGPL, version 2.1 or later.
- * See the COPYING.LIB file in the top-level directory.
- */
-
-#ifndef QAPI_QMP_TYPES_H
-#define QAPI_QMP_TYPES_H
-
-#include "qapi/qmp/qobject.h"
-#include "qapi/qmp/qnum.h"
-#include "qapi/qmp/qbool.h"
-#include "qapi/qmp/qstring.h"
-#include "qapi/qmp/qdict.h"
-#include "qapi/qmp/qlist.h"
-#include "qapi/qmp/qnull.h"
-
-#endif /* QAPI_QMP_TYPES_H */
diff --git a/monitor.c b/monitor.c
index 2de69f648f..f38640c1e4 100644
--- a/monitor.c
+++ b/monitor.c
@@ -53,7 +53,7 @@
 #include "qemu/acl.h"
 #include "sysemu/tpm.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/qmp/types.h"
+#include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qjson.h"
 #include "qapi/qmp/json-streamer.h"
 #include "qapi/qmp/json-parser.h"
diff --git a/qapi/qapi-dealloc-visitor.c b/qapi/qapi-dealloc-visitor.c
index ed70a0158b..c7d5f80302 100644
--- a/qapi/qapi-dealloc-visitor.c
+++ b/qapi/qapi-dealloc-visitor.c
@@ -16,7 +16,6 @@
 #include "qapi/dealloc-visit

[Qemu-devel] [PATCH 00/18] Clean up includes to reduce compile time

[Markus Armbruster]

We have awfully many "touch it, recompile the world" headers.  Right
now, I count about fifty that are prerequisites of more than half the
objects in my "build everything" tree.

Some of them are that way by necessity.  Many of them are not.  This
series takes care of six I happen to touch, because serve as their
maintainer:

include/qapi/qmp/qdict.h
include/qapi/qmp/qlist.h
include/qapi/qmp/qnull.h
include/qapi/qmp/qnum.h
include/qapi/qmp/qobject.h
include/qemu/option.h

Before this series, touching any of these recompiles more than 95% of
my objects.  That's more than 4500 compiler runs.  After this series,
only 0.3% - 8% of my objects get recompiled.

Markus Armbruster (18):
  Clean up includes
  Drop superfluous includes of qapi-types.h
  Include qapi/error.h exactly where needed
  Drop superfluous includes of qapi/qmp/qerror.h
  Include qmp-commands.h exactly where needed
  Typedef the subtypes of QObject in qemu/typedefs.h, too
  Eliminate qapi/qmp/types.h
  qdict qlist: Make most helper macros functions
  Include qapi/qmp/qobject.h exactly where needed
  Include qapi/qmp/qlist.h exactly where needed
  Include qapi/qmp/qdict.h exactly where needed
  Include qapi/qmp/qstring.h exactly where needed
  Include qapi/qmp/qbool.h exactly where needed
  Include qapi/qmp/qnum.h exactly where needed
  Include qapi/qmp/qnull.h exactly where needed
  Drop superfluous includes of qapi/qmp/dispatch.h
  Drop superfluous includes of qapi/qmp/qjson.h
  Move include qemu/option.h from qemu-common.h to actual users

 accel/accel.c  |  2 +-
 arch_init.c|  1 +
 audio/wavcapture.c |  1 +
 backends/cryptodev.c   |  1 -
 backends/hostmem.c |  1 -
 backends/tpm.c |  1 -
 balloon.c  |  2 +-
 block.c|  6 --
 block/blkdebug.c   |  2 +-
 block/blkverify.c  |  1 +
 block/block-backend.c  |  2 ++
 block/crypto.c |  2 ++
 block/curl.c   |  5 +++--
 block/file-posix.c |  2 ++
 block/file-win32.c |  3 +++
 block/gluster.c|  3 +++
 block/iscsi-opts.c |  1 +
 block/iscsi.c  |  3 ++-
 block/nbd.c|  2 +-
 block/nfs.c|  2 +-
 block/null.c   |  1 +
 block/parallels.c  |  3 ++-
 block/parallels.h  |  1 -
 block/qapi.c   |  6 +-
 block/qcow.c   |  5 +++--
 block/qcow2-cluster.c  |  1 -
 block/qcow2.c  |  6 --
 block/qed.c|  2 +-
 block/quorum.c |  4 ++--
 block/rbd.c|  3 +++
 block/replication.c|  2 +-
 block/sheepdog.c   |  1 +
 block/snapshot.c   |  2 ++
 block/ssh.c|  2 ++
 block/throttle.c   |  1 +
 block/vdi.c|  1 +
 block/vhdx.c   |  2 +-
 block/vmdk.c   |  1 +
 block/vpc.c|  3 ++-
 block/vvfat.c  |  4 +++-
 block/write-threshold.c|  1 +
 blockdev-nbd.c |  2 +-
 blockdev.c |  5 -
 blockjob.c |  3 +--
 chardev/char-file.c|  3 ++-
 chardev/char-mux.c |  3 ++-
 chardev/char-parallel.c|  2 ++
 chardev/char-pipe.c|  2 ++
 chardev/char-ringbuf.c |  3 +++
 chardev/char-serial.c  |  2 ++
 chardev/char-socket.c  |  2 ++
 chardev/char-stdio.c   |  3 ++-
 chardev/char-udp.c |  2 ++
 chardev/char.c |  3 +++
 chardev/spice.c|  2 ++
 contrib/ivshmem-server/main.c  |  2 +-
 cpus.c |  4 +++-
 c

[Qemu-devel] [PATCH 08/18] qdict qlist: Make most helper macros functions

[Markus Armbruster]

The macro expansions of qdict_put_TYPE() and qlist_append_TYPE() need
qbool.h, qnull.h, qnum.h and qstring.h to compile.  We include qnull.h
and qnum.h in the headers, but not qbool.h and qstring.h.  Works,
because we include those wherever the macros get used.

Open-coding these helpers is of dubious value.  Turn them into
functions and drop the includes from the headers.

This cleanup makes the number of objects depending on qapi/qmp/qnum.h
from 4548 (out of 4739) to 46 in my "build everything" tree.  For
qapi/qmp/qnull.h, the number drops from 4549 to 21.

Signed-off-by: Markus Armbruster 
---
 block/qapi.c|  1 +
 blockdev.c  |  1 +
 hw/i386/acpi-build.c|  1 +
 hw/ppc/spapr_drc.c  |  1 +
 include/qapi/qmp/qdict.h| 16 
 include/qapi/qmp/qlist.h| 15 ---
 migration/migration.c   |  1 +
 monitor.c   |  1 +
 qapi/qapi-dealloc-visitor.c |  1 +
 qapi/qobject-input-visitor.c|  2 ++
 qapi/qobject-output-visitor.c   |  2 ++
 qobject/json-parser.c   |  2 ++
 qobject/qdict.c | 21 +
 qobject/qjson.c |  1 +
 qobject/qlist.c | 24 
 qobject/qlit.c  |  1 +
 qobject/qobject.c   |  2 ++
 qom/object.c|  1 +
 target/ppc/translate.c  |  1 +
 tests/check-qdict.c |  1 +
 tests/check-qjson.c |  2 ++
 tests/check-qobject.c   |  2 ++
 tests/test-qmp-commands.c   |  1 +
 tests/test-qmp-event.c  |  1 +
 tests/test-qobject-input-visitor.c  |  2 ++
 tests/test-qobject-output-visitor.c |  2 ++
 util/qemu-option.c  |  1 +
 27 files changed, 84 insertions(+), 23 deletions(-)

diff --git a/block/qapi.c b/block/qapi.c
index 1ab4372519..1e0cb2743d 100644
--- a/block/qapi.c
+++ b/block/qapi.c
@@ -32,6 +32,7 @@
 #include "qapi/error.h"
 #include "qapi/qobject-output-visitor.h"
 #include "qapi/qmp/qbool.h"
+#include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qstring.h"
 #include "sysemu/block-backend.h"
 #include "qemu/cutils.h"
diff --git a/blockdev.c b/blockdev.c
index 8a47459937..c487cf0e4b 100644
--- a/blockdev.c
+++ b/blockdev.c
@@ -40,6 +40,7 @@
 #include "qemu/error-report.h"
 #include "qemu/option.h"
 #include "qemu/config-file.h"
+#include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qstring.h"
 #include "qapi-visit.h"
 #include "qapi/error.h"
diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index dc4b2b9ffe..7ff62de52f 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -22,6 +22,7 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qapi/qmp/qnum.h"
 #include "acpi-build.h"
 #include "qemu-common.h"
 #include "qemu/bitmap.h"
diff --git a/hw/ppc/spapr_drc.c b/hw/ppc/spapr_drc.c
index e3b122968e..aa251133de 100644
--- a/hw/ppc/spapr_drc.c
+++ b/hw/ppc/spapr_drc.c
@@ -12,6 +12,7 @@
 
 #include "qemu/osdep.h"
 #include "qapi/error.h"
+#include "qapi/qmp/qnull.h"
 #include "cpu.h"
 #include "qemu/cutils.h"
 #include "hw/ppc/spapr_drc.h"
diff --git a/include/qapi/qmp/qdict.h b/include/qapi/qmp/qdict.h
index d0c298114e..3c1def00f7 100644
--- a/include/qapi/qmp/qdict.h
+++ b/include/qapi/qmp/qdict.h
@@ -15,8 +15,6 @@
 
 #include "qapi/qmp/qobject.h"
 #include "qapi/qmp/qlist.h"
-#include "qapi/qmp/qnull.h"
-#include "qapi/qmp/qnum.h"
 #include "qemu/queue.h"
 
 #define QDICT_BUCKET_MAX 512
@@ -55,17 +53,11 @@ void qdict_destroy_obj(QObject *obj);
 #define qdict_put(qdict, key, obj) \
 qdict_put_obj(qdict, key, QOBJECT(obj))
 
-/* Helpers for int, bool, null, and string */
-#define qdict_put_int(qdict, key, value) \
-qdict_put(qdict, key, qnum_from_int(value))
-#define qdict_put_bool(qdict, key, value) \
-qdict_put(qdict, key, qbool_from_bool(value))
-#define qdict_put_str(qdict, key, value) \
-qdict_put(qdict, key, qstring_from_str(value))
-#define qdict_put_null(qdict, key) \
-qdict_put(qdict, key, qnull())
+void qdict_put_bool(QDict *qdict, const char *key, bool value);
+void qdict_put_int(QDict *qdict, const char *key, int64_t value);
+void qdict_put_null(QDict *qdict, const char *key);
+void qdict_put_str(QDict *qdict, const char *key, const char *value);
 
-/* High level helpers */
 double qdict_get_double(const QDict *qdict, const char *key);
 int64_t qdict_get_int(const QDict *qdict, const char *key);
 bool qdict_get_bool(const QDict *qdict, const char *key);
diff --git a/include/qapi/qmp/qlist.h b/include/qapi/qmp/qlist.h
index 632b7ef2c1..5fd976a398 100644
--- a/include/qapi/qmp/qlist.h
+++ b/include/qapi/qmp/qlist.h
@@ -14,8 +14,6 @@
 #define QLIST_H
 
 #include "qapi/qmp/qobject.h"
-#include "qapi/qmp/qnum.h"
-#include "qapi/qmp/qnull.h"
 #include "qemu/queue.h"
 
 typedef struct QListEntry {
@@ -31,15 +29,10 @@ struct QL

[Qemu-devel] [PATCH 14/18] Include qapi/qmp/qnum.h exactly where needed

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 tests/check-qlit.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/check-qlit.c b/tests/check-qlit.c
index f012885534..5d0f65b9c7 100644
--- a/tests/check-qlit.c
+++ b/tests/check-qlit.c
@@ -12,7 +12,6 @@
 #include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qlit.h"
-#include "qapi/qmp/qnum.h"
 #include "qapi/qmp/qstring.h"
 
 static QLitObject qlit = QLIT_QDICT(((QLitDictEntry[]) {
-- 
2.13.6

[Qemu-devel] [PATCH 06/18] Typedef the subtypes of QObject in qemu/typedefs.h, too

[Markus Armbruster]

This renders many inclusions of qapi/qmp/q*.h superfluous.  They'll be
dropped in the next few commits.

Signed-off-by: Markus Armbruster 
---
 include/qapi/qmp/qbool.h   | 4 ++--
 include/qapi/qmp/qdict.h   | 4 ++--
 include/qapi/qmp/qlist.h   | 4 ++--
 include/qapi/qmp/qnum.h| 4 ++--
 include/qapi/qmp/qstring.h | 4 ++--
 include/qemu/typedefs.h| 7 ++-
 6 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/include/qapi/qmp/qbool.h b/include/qapi/qmp/qbool.h
index f77ea86c4e..629c508d34 100644
--- a/include/qapi/qmp/qbool.h
+++ b/include/qapi/qmp/qbool.h
@@ -16,10 +16,10 @@
 
 #include "qapi/qmp/qobject.h"
 
-typedef struct QBool {
+struct QBool {
 QObject base;
 bool value;
-} QBool;
+};
 
 QBool *qbool_from_bool(bool value);
 bool qbool_get_bool(const QBool *qb);
diff --git a/include/qapi/qmp/qdict.h b/include/qapi/qmp/qdict.h
index fc218e7be6..d0c298114e 100644
--- a/include/qapi/qmp/qdict.h
+++ b/include/qapi/qmp/qdict.h
@@ -27,11 +27,11 @@ typedef struct QDictEntry {
 QLIST_ENTRY(QDictEntry) next;
 } QDictEntry;
 
-typedef struct QDict {
+struct QDict {
 QObject base;
 size_t size;
 QLIST_HEAD(,QDictEntry) table[QDICT_BUCKET_MAX];
-} QDict;
+};
 
 /* Object API */
 QDict *qdict_new(void);
diff --git a/include/qapi/qmp/qlist.h b/include/qapi/qmp/qlist.h
index ec3fcc1a4c..632b7ef2c1 100644
--- a/include/qapi/qmp/qlist.h
+++ b/include/qapi/qmp/qlist.h
@@ -23,10 +23,10 @@ typedef struct QListEntry {
 QTAILQ_ENTRY(QListEntry) next;
 } QListEntry;
 
-typedef struct QList {
+struct QList {
 QObject base;
 QTAILQ_HEAD(,QListEntry) head;
-} QList;
+};
 
 #define qlist_append(qlist, obj) \
 qlist_append_obj(qlist, QOBJECT(obj))
diff --git a/include/qapi/qmp/qnum.h b/include/qapi/qmp/qnum.h
index c3d86794bb..15e3971c7f 100644
--- a/include/qapi/qmp/qnum.h
+++ b/include/qapi/qmp/qnum.h
@@ -44,7 +44,7 @@ typedef enum {
  * in range: qnum_get_try_int() / qnum_get_try_uint() check range and
  * convert under the hood.
  */
-typedef struct QNum {
+struct QNum {
 QObject base;
 QNumKind kind;
 union {
@@ -52,7 +52,7 @@ typedef struct QNum {
 uint64_t u64;
 double dbl;
 } u;
-} QNum;
+};
 
 QNum *qnum_from_int(int64_t value);
 QNum *qnum_from_uint(uint64_t value);
diff --git a/include/qapi/qmp/qstring.h b/include/qapi/qmp/qstring.h
index 65c05a9be5..98070ef3d6 100644
--- a/include/qapi/qmp/qstring.h
+++ b/include/qapi/qmp/qstring.h
@@ -15,12 +15,12 @@
 
 #include "qapi/qmp/qobject.h"
 
-typedef struct QString {
+struct QString {
 QObject base;
 char *string;
 size_t length;
 size_t capacity;
-} QString;
+};
 
 QString *qstring_new(void);
 QString *qstring_from_str(const char *str);
diff --git a/include/qemu/typedefs.h b/include/qemu/typedefs.h
index 9bd7a834ba..78e2f08c0b 100644
--- a/include/qemu/typedefs.h
+++ b/include/qemu/typedefs.h
@@ -92,8 +92,13 @@ typedef struct QemuOptsList QemuOptsList;
 typedef struct QEMUSGList QEMUSGList;
 typedef struct QEMUTimer QEMUTimer;
 typedef struct QEMUTimerListGroup QEMUTimerListGroup;
-typedef struct QObject QObject;
+typedef struct QBool QBool;
+typedef struct QDict QDict;
+typedef struct QList QList;
 typedef struct QNull QNull;
+typedef struct QNum QNum;
+typedef struct QObject QObject;
+typedef struct QString QString;
 typedef struct RAMBlock RAMBlock;
 typedef struct Range Range;
 typedef struct SerialState SerialState;
-- 
2.13.6

[Qemu-devel] [PATCH 18/18] Move include qemu/option.h from qemu-common.h to actual users

[Markus Armbruster]

qemu-common.h includes qemu/option.h, but most places that include the
former don't actually need the latter.  Drop the include, and add it
to the places that actually need it.

While there, drop superfluous includes of both headers.

This cleanup makes the number of objects depending on qemu/option.h
drop from 4542 (out of 4739) to 284 in my "build everything" tree.

Signed-off-by: Markus Armbruster 
---
 accel/accel.c | 2 +-
 block.c   | 1 +
 block/blkdebug.c  | 1 +
 block/blkverify.c | 1 +
 block/block-backend.c | 1 +
 block/crypto.c| 1 +
 block/curl.c  | 2 +-
 block/file-posix.c| 2 ++
 block/file-win32.c| 2 ++
 block/gluster.c   | 2 ++
 block/iscsi-opts.c| 1 +
 block/iscsi.c | 2 +-
 block/nbd.c   | 1 +
 block/nfs.c   | 2 +-
 block/null.c  | 1 +
 block/parallels.c | 3 ++-
 block/qcow.c  | 2 +-
 block/qed.c   | 1 +
 block/quorum.c| 1 +
 block/rbd.c   | 1 +
 block/replication.c   | 2 +-
 block/sheepdog.c  | 1 +
 block/snapshot.c  | 1 +
 block/ssh.c   | 1 +
 block/throttle.c  | 1 +
 block/vdi.c   | 1 +
 block/vhdx.c  | 2 +-
 block/vmdk.c  | 1 +
 block/vpc.c   | 3 ++-
 block/vvfat.c | 1 +
 chardev/char-file.c   | 3 ++-
 chardev/char-mux.c| 3 ++-
 chardev/char-parallel.c   | 2 ++
 chardev/char-pipe.c   | 2 ++
 chardev/char-ringbuf.c| 1 +
 chardev/char-serial.c | 2 ++
 chardev/char-socket.c | 2 ++
 chardev/char-stdio.c  | 3 ++-
 chardev/char-udp.c| 2 ++
 chardev/char.c| 1 +
 chardev/spice.c   | 1 +
 contrib/ivshmem-server/main.c | 2 +-
 cpus.c| 2 +-
 device-hotplug.c  | 1 +
 device_tree.c | 2 +-
 fsdev/qemu-fsdev-throttle.c   | 1 +
 fsdev/qemu-fsdev.c| 2 +-
 fsdev/qemu-fsdev.h| 1 -
 hw/9pfs/9p-handle.c   | 1 +
 hw/9pfs/9p-local.c| 1 +
 hw/9pfs/9p-proxy.c| 1 +
 hw/9pfs/xen-9p-backend.c  | 1 +
 hw/acpi/core.c| 1 +
 hw/arm/boot.c | 1 +
 hw/core/qdev.c| 1 +
 hw/i386/multiboot.c   | 2 +-
 hw/i386/pc.c  | 1 +
 hw/i386/pc_sysfw.c| 1 +
 hw/nvram/fw_cfg.c | 2 ++
 hw/ppc/e500.c | 2 +-
 hw/ppc/virtex_ml507.c | 1 +
 hw/s390x/s390-virtio-ccw.c| 2 +-
 hw/scsi/scsi-bus.c| 1 +
 hw/smbios/smbios.c| 1 +
 hw/usb/xen-usb.c  | 2 +-
 hw/vfio/pci.c | 1 +
 hw/xen/xen_devconfig.c| 1 +
 hw/xtensa/xtfpga.c| 2 +-
 include/block/block.h | 1 -
 include/block/block_int.h | 1 -
 include/block/nbd.h   | 2 --
 include/block/snapshot.h  | 2 --
 include/chardev/char.h| 2 --
 include/hw/acpi/acpi.h| 1 -
 include/hw/qdev-core.h| 1 -
 include/hw/smbios/smbios.h| 1 -
 include/net/net.h | 2 --
 include/net/slirp.h   | 2 --
 include/qapi/opts-visitor.h   | 1 -
 include/qemu-common.h | 2 --
 include/qemu/config-file.h| 1 -
 include/sysemu/arch_init.h| 1 -
 include/sysemu/hostmem.h  | 1 -
 include/sysemu/numa.h | 1 -
 include/sysemu/sysemu.h   | 1 -
 include/ui/qemu-spice.h   | 1 -
 monitor.c | 2 +-
 net/net.c | 2 +-
 net/vhost-user.c  | 1 +
 qdev-monitor.c| 1 +
 qemu-io-cmds.c| 1 +
 qemu-nbd.c| 2 +-
 qmp.c | 1 +
 qom/object_interfaces.c   | 1 +
 replay/replay.c   | 2 +-
 tests/test-char.c | 2 +-
 tests/test-qemu-opts.c| 1 +
 tests/test-replication.c  | 1 +
 trace/control.c   | 1 +
 ui/console.c  | 2 +-
 ui/spice-core.c   | 2 +-
 ui/spice-display.c| 2 +-
 ui/vnc.c  | 1 +
 103 files changed, 98 insertions(+), 54 deletions(-)

diff --git a/accel/accel.c b/accel/accel.c
index 8ae40e1e13..93e2434c87 100644
--- a/accel/accel.c
+++ b/accel/accel.c
@@ -26,7 +26,6 @@
 #include "qemu/osdep.h"
 #include "sysemu/accel.h"
 #include "hw/boards.h"
-#include "qemu-common.h"
 #include "sysemu/arch_init.h"
 #include "sysemu/sysemu.h"
 #include "sysemu/kvm.h"
@@ -34,6 +33,7 @@
 #include "hw/xen/xen.h"
 #include "qom/object.h"
 #include "qemu/error-report.h"
+#include "qemu/option.h"
 
 static const TypeInfo accel_type = {
 .name = TYPE_ACCEL,
diff --git a/block.c b/block.c
index 924b084436..7269481050 100644
--- a/block.c
+++ b/block.c
@@ -37,6 +37,7 @@
 #include "sysemu/block-backend.h"
 #include "sy

[Qemu-devel] [PATCH 16/18] Drop superfluous includes of qapi/qmp/dispatch.h

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 monitor.c | 1 -
 qga/main.c| 1 -
 tests/test-qmp-commands.c | 1 -
 3 files changed, 3 deletions(-)

diff --git a/monitor.c b/monitor.c
index 02d9dd8708..6f70c8db9a 100644
--- a/monitor.c
+++ b/monitor.c
@@ -79,7 +79,6 @@
 #include "sysemu/qtest.h"
 #include "sysemu/cpus.h"
 #include "qemu/cutils.h"
-#include "qapi/qmp/dispatch.h"
 
 #if defined(TARGET_S390X)
 #include "hw/s390x/storage-keys.h"
diff --git a/qga/main.c b/qga/main.c
index 64e0776bf2..30aa7f92f7 100644
--- a/qga/main.c
+++ b/qga/main.c
@@ -27,7 +27,6 @@
 #include "qga-qmp-commands.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/error.h"
-#include "qapi/qmp/dispatch.h"
 #include "qga/channel.h"
 #include "qemu/bswap.h"
 #include "qemu/help_option.h"
diff --git a/tests/test-qmp-commands.c b/tests/test-qmp-commands.c
index b5a3d88775..24660d0868 100644
--- a/tests/test-qmp-commands.c
+++ b/tests/test-qmp-commands.c
@@ -5,7 +5,6 @@
 #include "qapi/qmp/qstring.h"
 #include "test-qmp-commands.h"
 #include "qapi/error.h"
-#include "qapi/qmp/dispatch.h"
 #include "qemu/module.h"
 #include "qapi/qobject-input-visitor.h"
 #include "tests/test-qapi-types.h"
-- 
2.13.6

[Qemu-devel] [PATCH 09/18] Include qapi/qmp/qobject.h exactly where needed

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 include/block/block.h | 1 -
 include/qapi/qmp/dispatch.h   | 1 -
 include/qapi/qmp/qjson.h  | 1 -
 include/qapi/qobject-input-visitor.h  | 1 -
 include/qapi/qobject-output-visitor.h | 1 -
 include/qapi/visitor.h| 2 +-
 qapi/qapi-visit-core.c| 1 -
 qmp.c | 1 -
 qobject/qbool.c   | 1 -
 qobject/qdict.c   | 1 -
 qobject/qlist.c   | 1 -
 qobject/qnum.c| 1 -
 qobject/qstring.c | 1 -
 qom/object.c  | 1 -
 tests/test-qmp-event.c| 1 -
 15 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index 0608834396..62ba19d78d 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -8,7 +8,6 @@
 #include "block/accounting.h"
 #include "block/dirty-bitmap.h"
 #include "block/blockjob.h"
-#include "qapi/qmp/qobject.h"
 #include "qemu/hbitmap.h"
 
 /* block.c */
diff --git a/include/qapi/qmp/dispatch.h b/include/qapi/qmp/dispatch.h
index 20578dcd48..47a0ff348b 100644
--- a/include/qapi/qmp/dispatch.h
+++ b/include/qapi/qmp/dispatch.h
@@ -14,7 +14,6 @@
 #ifndef QAPI_QMP_DISPATCH_H
 #define QAPI_QMP_DISPATCH_H
 
-#include "qapi/qmp/qobject.h"
 #include "qapi/qmp/qdict.h"
 
 typedef void (QmpCommandFunc)(QDict *, QObject **, Error **);
diff --git a/include/qapi/qmp/qjson.h b/include/qapi/qmp/qjson.h
index 6e84082d5f..6b38b0f074 100644
--- a/include/qapi/qmp/qjson.h
+++ b/include/qapi/qmp/qjson.h
@@ -14,7 +14,6 @@
 #ifndef QJSON_H
 #define QJSON_H
 
-#include "qapi/qmp/qobject.h"
 #include "qapi/qmp/qstring.h"
 
 QObject *qobject_from_json(const char *string, Error **errp);
diff --git a/include/qapi/qobject-input-visitor.h 
b/include/qapi/qobject-input-visitor.h
index daee18c6ac..95985e25e5 100644
--- a/include/qapi/qobject-input-visitor.h
+++ b/include/qapi/qobject-input-visitor.h
@@ -16,7 +16,6 @@
 #define QOBJECT_INPUT_VISITOR_H
 
 #include "qapi/visitor.h"
-#include "qapi/qmp/qobject.h"
 
 typedef struct QObjectInputVisitor QObjectInputVisitor;
 
diff --git a/include/qapi/qobject-output-visitor.h 
b/include/qapi/qobject-output-visitor.h
index e5a3490812..2b1726baf5 100644
--- a/include/qapi/qobject-output-visitor.h
+++ b/include/qapi/qobject-output-visitor.h
@@ -15,7 +15,6 @@
 #define QOBJECT_OUTPUT_VISITOR_H
 
 #include "qapi/visitor.h"
-#include "qapi/qmp/qobject.h"
 
 typedef struct QObjectOutputVisitor QObjectOutputVisitor;
 
diff --git a/include/qapi/visitor.h b/include/qapi/visitor.h
index 62a51a54cb..ecff296c11 100644
--- a/include/qapi/visitor.h
+++ b/include/qapi/visitor.h
@@ -15,7 +15,7 @@
 #ifndef QAPI_VISITOR_H
 #define QAPI_VISITOR_H
 
-#include "qapi/qmp/qobject.h"
+#include "qapi-types.h"
 
 /*
  * The QAPI schema defines both a set of C data types, and a QMP wire
diff --git a/qapi/qapi-visit-core.c b/qapi/qapi-visit-core.c
index 3dcb968867..d9a113726f 100644
--- a/qapi/qapi-visit-core.c
+++ b/qapi/qapi-visit-core.c
@@ -15,7 +15,6 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
-#include "qapi/qmp/qobject.h"
 #include "qapi/qmp/qerror.h"
 #include "qapi/visitor.h"
 #include "qapi/visitor-impl.h"
diff --git a/qmp.c b/qmp.c
index a56faf1b9a..f87de2bc26 100644
--- a/qmp.c
+++ b/qmp.c
@@ -32,7 +32,6 @@
 #include "qom/qom-qobject.h"
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
-#include "qapi/qmp/qobject.h"
 #include "qapi/qobject-input-visitor.h"
 #include "hw/boards.h"
 #include "qom/object_interfaces.h"
diff --git a/qobject/qbool.c b/qobject/qbool.c
index ac825fc5a2..e5a7a53879 100644
--- a/qobject/qbool.c
+++ b/qobject/qbool.c
@@ -13,7 +13,6 @@
 
 #include "qemu/osdep.h"
 #include "qapi/qmp/qbool.h"
-#include "qapi/qmp/qobject.h"
 #include "qemu-common.h"
 
 /**
diff --git a/qobject/qdict.c b/qobject/qdict.c
index 7e7ac24cf7..88f87d2527 100644
--- a/qobject/qdict.c
+++ b/qobject/qdict.c
@@ -16,7 +16,6 @@
 #include "qapi/qmp/qbool.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qstring.h"
-#include "qapi/qmp/qobject.h"
 #include "qapi/error.h"
 #include "qemu/queue.h"
 #include "qemu-common.h"
diff --git a/qobject/qlist.c b/qobject/qlist.c
index 268e46c8f0..613a95c12b 100644
--- a/qobject/qlist.c
+++ b/qobject/qlist.c
@@ -15,7 +15,6 @@
 #include "qapi/qmp/qlist.h"
 #include "qapi/qmp/qnull.h"
 #include "qapi/qmp/qnum.h"
-#include "qapi/qmp/qobject.h"
 #include "qapi/qmp/qstring.h"
 #include "qemu/queue.h"
 #include "qemu-common.h"
diff --git a/qobject/qnum.c b/qobject/qnum.c
index 517610d9da..60c395c1bc 100644
--- a/qobject/qnum.c
+++ b/qobject/qnum.c
@@ -14,7 +14,6 @@
 
 #include "qemu/osdep.h"
 #include "qapi/qmp/qnum.h"
-#include "qapi/qmp/qobject.h"
 #include "qemu-common.h"
 
 /**
diff --git a/qobject/qstring.c b/qobject/qstring.c
index 74182a1c02..05b4bbc2d6 100644
--- a/qobject/qstring.c
+++ b/qobject/qstring.c
@@ -11,7 

[Qemu-devel] [PATCH 02/18] Drop superfluous includes of qapi-types.h

[Markus Armbruster]

Signed-off-by: Markus Armbruster 
---
 backends/cryptodev.c | 1 -
 backends/hostmem.c   | 1 -
 hmp.h| 1 -
 include/block/block.h| 1 -
 include/block/block_int.h| 1 -
 include/block/qapi.h | 1 -
 include/hw/acpi/acpi_dev_interface.h | 1 -
 include/migration/failover.h | 1 -
 include/net/net.h| 1 -
 include/net/slirp.h  | 1 -
 include/net/tap.h| 1 -
 include/qapi/qmp/qlit.h  | 1 -
 include/sysemu/dump.h| 1 -
 include/sysemu/replay.h  | 1 -
 include/sysemu/sysemu.h  | 1 -
 include/sysemu/tpm.h | 1 -
 include/sysemu/tpm_backend.h | 1 -
 include/ui/console.h | 1 -
 migration/migration.h| 1 -
 net/clients.h| 1 -
 net/tap_int.h| 1 -
 qapi/qmp-dispatch.c  | 1 -
 qemu-keymap.c| 1 -
 target/i386/cpu.c| 1 -
 tests/test-clone-visitor.c   | 1 -
 tests/test-qapi-util.c   | 1 -
 tests/test-qmp-event.c   | 1 -
 tests/test-qobject-input-visitor.c   | 1 -
 tests/test-qobject-output-visitor.c  | 1 -
 tests/test-string-input-visitor.c| 1 -
 tests/test-string-output-visitor.c   | 1 -
 tests/test-visitor-serialization.c   | 2 --
 ui/input-legacy.c| 1 -
 ui/input.c   | 1 -
 ui/vnc.h | 1 -
 35 files changed, 36 deletions(-)

diff --git a/backends/cryptodev.c b/backends/cryptodev.c
index 67edfa5328..d0dff1a463 100644
--- a/backends/cryptodev.c
+++ b/backends/cryptodev.c
@@ -26,7 +26,6 @@
 #include "hw/boards.h"
 #include "qapi/error.h"
 #include "qapi/visitor.h"
-#include "qapi-types.h"
 #include "qapi-visit.h"
 #include "qemu/config-file.h"
 #include "qom/object_interfaces.h"
diff --git a/backends/hostmem.c b/backends/hostmem.c
index ee2c2d5bfd..81d14554a7 100644
--- a/backends/hostmem.c
+++ b/backends/hostmem.c
@@ -14,7 +14,6 @@
 #include "hw/boards.h"
 #include "qapi/error.h"
 #include "qapi/visitor.h"
-#include "qapi-types.h"
 #include "qapi-visit.h"
 #include "qemu/config-file.h"
 #include "qom/object_interfaces.h"
diff --git a/hmp.h b/hmp.h
index a6f56b1f29..dbb40ebbfa 100644
--- a/hmp.h
+++ b/hmp.h
@@ -16,7 +16,6 @@
 
 #include "qemu-common.h"
 #include "qemu/readline.h"
-#include "qapi-types.h"
 #include "qapi/qmp/qdict.h"
 
 void hmp_info_name(Monitor *mon, const QDict *qdict);
diff --git a/include/block/block.h b/include/block/block.h
index 9b12774ddf..0608834396 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -9,7 +9,6 @@
 #include "block/dirty-bitmap.h"
 #include "block/blockjob.h"
 #include "qapi/qmp/qobject.h"
-#include "qapi-types.h"
 #include "qemu/hbitmap.h"
 
 /* block.c */
diff --git a/include/block/block_int.h b/include/block/block_int.h
index 29cafa4236..6499f7c16a 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -31,7 +31,6 @@
 #include "qemu/coroutine.h"
 #include "qemu/stats64.h"
 #include "qemu/timer.h"
-#include "qapi-types.h"
 #include "qemu/hbitmap.h"
 #include "block/snapshot.h"
 #include "qemu/main-loop.h"
diff --git a/include/block/qapi.h b/include/block/qapi.h
index 82ba4b63a0..83bdb098bd 100644
--- a/include/block/qapi.h
+++ b/include/block/qapi.h
@@ -25,7 +25,6 @@
 #ifndef BLOCK_QAPI_H
 #define BLOCK_QAPI_H
 
-#include "qapi-types.h"
 #include "block/block.h"
 #include "block/snapshot.h"
 
diff --git a/include/hw/acpi/acpi_dev_interface.h 
b/include/hw/acpi/acpi_dev_interface.h
index 3c2e4e95a5..dabf4c4fc9 100644
--- a/include/hw/acpi/acpi_dev_interface.h
+++ b/include/hw/acpi/acpi_dev_interface.h
@@ -2,7 +2,6 @@
 #define ACPI_DEV_INTERFACE_H
 
 #include "qom/object.h"
-#include "qapi-types.h"
 #include "hw/boards.h"
 
 /* These values are part of guest ABI, and can not be changed */
diff --git a/include/migration/failover.h b/include/migration/failover.h
index ad91ef2381..9283d602e6 100644
--- a/include/migration/failover.h
+++ b/include/migration/failover.h
@@ -14,7 +14,6 @@
 #define QEMU_FAILOVER_H
 
 #include "qemu-common.h"
-#include "qapi-types.h"
 
 void failover_init_state(void);
 FailoverStatus failover_set_state(FailoverStatus old_state,
diff --git a/include/net/net.h b/include/net/net.h
index 4afac1a9dd..eefb259e0a 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -7,7 +7,6 @@
 #include "qemu/option.h"
 #include "net/queue.h"
 #include "migration/vmstate.h"
-#include "qapi-types.h"
 
 #define MAC_FMT "%02X:%02X:%02X:%02X:%02X:%02X"
 #define MAC_ARG(x) ((uint8_t *)(x))[0], ((uint8_t *)(x))[1], \
diff --git a/include/net/slirp.h b/include/net/slirp.h
index 0c98e463db..865d2fca36 100644
--- a/include/net/slirp.h
+++ b/include/net/slirp.h
@@ -27,7 +27,6 @@
 #include "qemu-common.h"
 #include "qapi/qmp/qdict.h"
 #include "qemu/option.h"
-#include "qapi-ty

[Qemu-devel] [PATCH 11/18] Include qapi/qmp/qdict.h exactly where needed

[Markus Armbruster]

This cleanup makes the number of objects depending on qapi/qmp/qdict.h
drop from 4547 (out of 4739) to 368 in my "build everything" tree.
For qapi/qmp/qobject.h, the number drops from 4549 to 390.

Signed-off-by: Markus Armbruster 
---
 block/crypto.c  | 1 +
 block/curl.c| 2 ++
 block/file-win32.c  | 1 +
 block/gluster.c | 1 +
 block/qcow.c| 2 ++
 block/rbd.c | 1 +
 block/snapshot.c| 1 +
 block/ssh.c | 1 +
 block/vvfat.c   | 2 ++
 device-hotplug.c| 1 +
 hmp.h   | 1 -
 hw/pci/pcie_aer.c   | 1 +
 hw/s390x/s390-stattrib.c| 1 +
 hw/usb/xen-usb.c| 1 +
 include/block/block.h   | 1 +
 include/block/dirty-bitmap.h| 1 +
 include/hw/block/block.h| 1 +
 include/hw/block/fdc.h  | 1 +
 include/hw/loader.h | 1 -
 include/migration/colo.h| 1 +
 include/migration/failover.h| 1 +
 include/monitor/monitor.h   | 1 -
 include/net/net.h   | 2 +-
 include/net/slirp.h | 1 -
 include/qapi/qmp-event.h| 1 -
 include/qapi/qmp/dispatch.h | 2 +-
 include/qemu/config-file.h  | 1 -
 include/qemu/option.h   | 1 -
 include/qemu/throttle.h | 1 +
 include/qom/object_interfaces.h | 1 -
 include/scsi/pr-manager.h   | 1 -
 include/sysemu/arch_init.h  | 1 +
 include/ui/console.h| 1 -
 migration/ram.h | 1 +
 net/slirp.c | 2 ++
 net/tap_int.h   | 1 +
 qapi/qmp-dispatch.c | 1 +
 qapi/qmp-event.c| 1 +
 qapi/qobject-input-visitor.c| 1 +
 qapi/qobject-output-visitor.c   | 1 +
 qemu-img.c  | 2 ++
 qemu-io.c   | 2 ++
 qemu-nbd.c  | 1 +
 qobject/json-parser.c   | 1 +
 qobject/qjson.c | 1 +
 qom/object_interfaces.c | 1 +
 target/i386/cpu.c   | 1 +
 target/i386/monitor.c   | 2 ++
 target/s390x/cpu_models.c   | 1 +
 tests/ahci-test.c   | 1 +
 tests/check-qobject.c   | 1 +
 tests/cpu-plug-test.c   | 1 +
 tests/drive_del-test.c  | 1 +
 tests/libqos/libqos.c   | 1 +
 tests/libqos/pci-pc.c   | 2 +-
 tests/libqtest.c| 1 +
 tests/libqtest.h| 2 --
 tests/migration-test.c  | 1 +
 tests/numa-test.c   | 1 +
 tests/pvpanic-test.c| 1 +
 tests/q35-test.c| 1 +
 tests/qmp-test.c| 1 +
 tests/qom-test.c| 1 +
 tests/tco-test.c| 2 ++
 tests/test-keyval.c | 1 +
 tests/test-netfilter.c  | 1 +
 tests/test-qemu-opts.c  | 1 +
 tests/test-qga.c| 1 +
 tests/test-qmp-event.c  | 1 +
 tests/test-qobject-input-visitor.c  | 1 +
 tests/test-qobject-output-visitor.c | 1 +
 tests/test-replication.c| 1 +
 tests/tmp105-test.c | 1 +
 tests/vhost-user-test.c | 1 +
 tests/virtio-net-test.c | 1 +
 tests/vmgenid-test.c| 1 +
 tests/wdt_ib700-test.c  | 1 +
 util/keyval.c   | 1 +
 78 files changed, 75 insertions(+), 15 deletions(-)

diff --git a/block/crypto.c b/block/crypto.c
index 60ddf8623e..2626f8ae3a 100644
--- a/block/crypto.c
+++ b/block/crypto.c
@@ -24,6 +24,7 @@
 #include "sysemu/block-backend.h"
 #include "crypto/block.h"
 #include "qapi/opts-visitor.h"
+#include "qapi/qmp/qdict.h"
 #include "qapi/qobject-input-visitor.h"
 #include "qapi-visit.h"
 #include "qapi/error.h"
diff --git a/block/curl.c b/block/curl.c
index 35cf417f59..e0eb8ebb78 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -21,12 +21,14 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "qemu-common.h"
 #include "qemu/error-report.h"
 #include "block/block_int.h"
 #include "qapi/qmp/qbool.h"
+#include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 #include "crypto/secret.h"
 #include 
diff --git a/block/file-win32.c b/block/file-win32.c
index 9e02214a69..2f1da48e71 100644
--- a/block/file-win32.c
+++ b/block/file-win32.c
@@ -30,6 +30,7 @@
 #include "trace.h"
 #include "block/thread-pool.h"
 #include "qemu/iov.h"
+#include "qapi/qmp/qdict.h"
 #include "qapi/qmp/qstring.h"
 #include 
 #include 
diff --git a/block/gluster.c b/block/gluster.c
index 0f4265a3a4..097b6930a5 100644
--- a/block/gluster.c
+++ b/block/gluster.c
@@ -11,6 +11,7 @@
 #include 
 #include "blo

[Qemu-devel] [PATCH 03/18] Include qapi/error.h exactly where needed

[Markus Armbruster]

This cleanup makes the number of objects depending on qapi/error.h
drop from 1910 (out of 4739) to 1612 in my "build everything" tree.

Signed-off-by: Markus Armbruster 
---
 arch_init.c | 1 +
 audio/wavcapture.c  | 1 +
 balloon.c   | 1 +
 block.c | 2 ++
 block/block-backend.c   | 1 +
 block/iscsi.c   | 1 +
 block/qapi.c| 1 +
 block/qcow2-cluster.c   | 1 -
 block/qcow2.c   | 2 ++
 block/quorum.c  | 1 +
 block/write-threshold.c | 1 +
 blockdev-nbd.c  | 1 +
 blockdev.c  | 1 +
 blockjob.c  | 1 +
 chardev/char-ringbuf.c  | 2 ++
 chardev/char.c  | 2 ++
 chardev/spice.c | 1 +
 cpus.c  | 2 ++
 crypto/hash.c   | 1 -
 crypto/hmac.c   | 1 -
 crypto/ivgen-essiv.c| 1 -
 crypto/ivgen-plain.c| 1 -
 crypto/ivgen-plain64.c  | 1 -
 crypto/random-gnutls.c  | 1 +
 crypto/random-platform.c| 1 +
 docs/devel/qapi-code-gen.txt| 2 --
 dump.c  | 1 +
 fsdev/qemu-fsdev-throttle.h | 1 -
 fsdev/qemu-fsdev.c  | 2 ++
 hmp.c   | 1 +
 hw/9pfs/9p-local.c  | 1 +
 hw/9pfs/9p-proxy.c  | 2 ++
 hw/acpi/acpi-stub.c | 1 +
 hw/acpi/core.c  | 2 ++
 hw/acpi/memory_hotplug.c| 1 +
 hw/acpi/vmgenid.c   | 1 +
 hw/adc/stm32f2xx_adc.c  | 1 -
 hw/char/mcf_uart.c  | 1 -
 hw/char/virtio-console.c| 1 +
 hw/core/qdev.c  | 1 +
 hw/display/milkymist-tmu2.c | 1 +
 hw/display/qxl.c| 1 +
 hw/display/virtio-gpu-3d.c  | 1 -
 hw/display/xlnx_dp.c| 1 +
 hw/i2c/ppc4xx_i2c.c | 1 -
 hw/i386/pc.c| 2 ++
 hw/i386/pc_piix.c   | 1 +
 hw/i386/pc_q35.c| 2 ++
 hw/i386/xen/xen-hvm.c   | 2 +-
 hw/ide/core.c   | 2 ++
 hw/intc/xics_pnv.c  | 1 -
 hw/intc/xics_spapr.c| 1 -
 hw/ipmi/ipmi.c  | 1 +
 hw/mips/mips_jazz.c | 1 +
 hw/mips/mips_malta.c| 1 +
 hw/misc/exynos4210_rng.c| 1 +
 hw/misc/mips_cmgcr.c| 1 -
 hw/misc/mps2-scc.c  | 1 -
 hw/net/rocker/qmp-norocker.c| 1 +
 hw/net/rocker/rocker.c  | 1 +
 hw/net/rocker/rocker_of_dpa.c   | 1 +
 hw/net/virtio-net.c | 1 +
 hw/nios2/cpu_pic.c  | 1 -
 hw/pci-bridge/i82801b11.c   | 1 -
 hw/pci-bridge/ioh3420.c | 1 -
 hw/pci-bridge/xio3130_upstream.c| 1 -
 hw/pci-host/sabre.c | 1 -
 hw/pci/pci-stub.c   | 1 +
 hw/pci/pci.c| 2 ++
 hw/ppc/fdt.c| 1 -
 hw/ppc/pnv_bmc.c| 1 -
 hw/ppc/pnv_xscom.c  | 1 -
 hw/ppc/ppc.c| 1 -
 hw/ppc/spapr_pci_vfio.c | 1 -
 hw/ppc/spapr_rtas.c | 1 +
 hw/ppc/spapr_rtc.c  | 2 ++
 hw/s390x/s390-skeys.c   | 1 +
 hw/scsi/esp.c   | 1 -
 hw/scsi/vhost-scsi-common.c | 1 -
 hw/sd/sdhci.c   | 1 -
 hw/smbios/smbios-stub.c | 1 +
 hw/sparc64/niagara.c| 1 -
 hw/sparc64/sun4u_iommu.c| 1 -
 hw/ssi/stm32f2xx_spi.c  | 1 -
 hw/timer/m48t59.c   | 1 -
 hw/timer/mc146818rtc.c  | 2 ++
 hw/usb/ccid-card-passthru.c | 1 -
 hw/virtio/virtio-balloon.c  | 1 +
 hw/watchdog/watchdog.c  | 1 +
 include/crypto/random.h | 1 -
 include/crypto/xts.h| 1 -
 include/hw/ide/internal.h   | 1 -
 include/ui/console.h| 1 -
 iothread.c  | 1 +
 migration/colo-failover.c   | 1 +
 migration/colo.c| 1 +
 migration/exec.c| 1 -
 migration/fd.c  | 1 -
 migration/migration.c   | 1 +
 migration/ram.c | 2 ++
 migration/savevm.c  | 1 +
 monitor.c   | 2 ++
 nbd/common.c

[Qemu-devel] Savevm and loadvm not working

[sridhar kulkarni via Qemu-devel]

Hi,
I am new bee to snapshot feature and how to use it correctly. My requirement is 
simple, in that I want to snapshot the running VM and save the snapshot file. 
Using the snapshot file, I want to boot the VM directly to snapshot state.I 
came across the qemu monitors "savevm" and "loadvm" commands. The following are 
the steps I follow to create snapshot and load the snapshot,Step 1: Launch VM 
using below command, 
qemu-system-arm -M arm-machine -m 512M -name my_name -kernel main.rbx -serial 
pty -serial vc -serial vc -serial vc -drive 
if=none,format=qcow2,file=/home/sridhar/qemu_disk_image/dummy.qcow2 

Step 2: Save the snapshot (issue savevm from qemu monitor)
    --> savevm my_snapshot

Step 3 Launch the VM using snapshot image saved in step 2,
qemu-system-arm -M arm-machine -m 512M -name my_name -kernel main.rbx -serial 
pty -serial vc -serial vc -serial vc -drive 
if=none,format=qcow2,file=/home/sridhar/qemu_disk_image/dummy.qcow2 -loadvm 
my_snapshot
With this approach, I am seeing that RAM contents are not getting saved when I 
issue "savevm" command. I have copied the part of the file, when the function 
"ram_control_save_page" returns "RAM_SAVE_CONTROL_NOT_SUPP" and hence the page 
is not getting saved.

size_t ram_control_save_page(QEMUFile *f, ram_addr_t block_offset,
 ram_addr_t offset, size_t size,
 uint64_t *bytes_sent)
{
    if (f->hooks && f->hooks->save_page) {
    int ret = f->hooks->save_page(f, f->opaque, block_offset,
  offset, size, bytes_sent);

    if (ret != RAM_SAVE_CONTROL_DELAYED) {
    if (bytes_sent && *bytes_sent > 0) {
    qemu_update_position(f, *bytes_sent);
    } else if (ret < 0) {
    qemu_file_set_error(f, ret);
    }
    }

    return ret;
    }

    return RAM_SAVE_CONTROL_NOT_SUPP;
}

Is there anything that I am missing here in the understanding "savevm" and 
"loadvm" commands? 

Thanks

Re: [Qemu-devel] [PULL 0/3] Tracing patches

[Peter Maydell]

On 29 January 2018 at 16:07, Stefan Hajnoczi  wrote:
> The following changes since commit 6233b4a8c2a32ef6955a921246fa08705bbb3676:
>
>   Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2018-01-26' into 
> staging (2018-01-26 17:29:14 +)
>
> are available in the Git repository at:
>
>   git://github.com/stefanha/qemu.git tags/tracing-pull-request
>
> for you to fetch changes up to 24f4d3d3aeabf83445839099d6d66cbb3089c37a:
>
>   tracetool: report error on foo() instead of foo(void) (2018-01-29 10:34:55 
> +)
>
> 
>
> 
>
> Stefan Hajnoczi (3):
>   tracetool: prefix parse errors with line numbers
>   tracetool: clarify that "formats" means "format strings"
>   tracetool: report error on foo() instead of foo(void)
>
>  scripts/tracetool/__init__.py | 19 +--
>  1 file changed, 13 insertions(+), 6 deletions(-)

Applied, thanks.

-- PMM

[Qemu-devel] [PATCH V2] target-arm:Add a dynamic XML-description of the cp-registers to GDB

[Abdallah Bouassida]

[PATCH V2] target-arm:Add a dynamic XML-description of the cp-registers 
to GDB


This patch offers to GDB the ability to read/write all the coprocessor
registers for ARM and ARM64 by generating dynamically an XML-description for
these registers.

Signed-off-by: Abdallah Bouassida 
---

Hello Peter,

Thanks for reviewing the previous version of this patch!
    http://patchwork.ozlabs.org/patch/861374/

*For the ARM64, should I differentiate the registers that have two views (32
and 64)
Maybe by adding in the XML description a "32" tag for the registers name for
the
32bit view and a "64" for the 64bit view.
*How to properly handle the secure and the non secure views?

I think it might be useful to approach it from the other end -- what
are we trying to achieve?

For 32 vs 64 bit, it depends on what interface we're showing to the
debugger. If we're saying "this is a 64 bit CPU" then we should just
present the 64-bit sysregs, in the same way we only present the 64-bit
GPRs. If a 32-bit CPU, present the coprocessor regs only. (It's not
currently possible to have gdb switch between 32 and 64 bit views
as a 64-bit CPU changes from aarch32 to aarch64, though upstream gdb
are working on it.)

For secure vs non-secure, follow how the architecture does it:
  * for a 64-bit CPU, there are no banked sysregs like this, so you
just expose 1 register
  * for a 32-bit CPU, maybe banked registers should be exposed as 2 registers

...but this depends on what you're trying to do, and whether there's
existing practice in for instance how JTAG debugging presents these
sysregs to gdb.

So, in this new patch I have did the following:
- If the CPU is on the AARCH64 state (when connecting to GDB stub), I 
only take the 64bit

view of cpregs.
- If we are on the AARCH32, I only take the 32bit view of cpregs and in 
the XML description
I add the tag "_S" to the cpreg's name if it is the secure view of that 
register.

I'm pretty hesitant about allowing the user to modify system registers
in the debugger, that is unlikely to work in quite a lot of cases.
I'd rather we just made these registers all readonly.
Some of our customers need to connect to Qemu using our tool TRACE32® 
via GDB,
and for some use case they need to have write access to some particular 
cpregs.

So, it will be nice to have this capability!
Usually, a user won't modify these registers unless he knows what he is 
doing!



What does the UI in gdb look like? What gdb commands display
the list of and values of system registers now? (Are there any
commands that used to be useful and are now swamped by lists of
hundreds of system registers?)

To read a given register:
   (gdb)  print/x $
To write on a given register
   (gdb) set $=
To get the list of all registers:
   (gdb) info registers all
    with this command the user get all the registers including the 
cpregs that has been

    described dynamically.
    This command shows the registers page by page (depending on the 
terminal window size)
    and the cpregs goes at the end of the list so if user is really 
interested on these cpregs he
    should continue to read the register list or he simply type "q" to 
quit.


In the previous patch, the command "info registers" (without the option 
"all") was swamped
by the new big list. So, I fixed that by assigning these registers (in 
the XML ) to a special
group (group="cp_regs") and with that the cpregs won't appear with this 
command.


Otherwise, I don't think that there is another GDB command that could be 
affected by

this patch.

Don't we run into problems where this XML exceeds our gdbstub
MAX_PACKET_LENGTH (which is only 4K) ?

This is a pre-existing bug (https://bugs.launchpad.net/qemu/+bug/1703147)
but I would expect that if we start autogenerating xml for all the
coprocessor registers we're going to hit the packet limit pretty
quickly.

No, indeed I don't think that (https://bugs.launchpad.net/qemu/+bug/1703147)
is a bug!
However, when the gdb request to get an XML description, it sends the 
packet:

qXfer:features:read::,
for the first packet, the offset=0 and the length in our case is 0xFFB
(= MAX_PACKET_LENGTH - 5)

When the GDB stub gets this packet, it will send the corresponding XML 
description and:
- if the size of the XML is bigger than the length requested by qXfer, 
GDB stub will
add 'm' at the beginning of the response to inform GDB  that there is 
still more data to be sent.

- else, it will add 'l' which mean there is no more data.

    if (len < total_len - addr) {
    buf[0] = 'm';
    len = memtox(buf + 1, xml + addr, len);
    } else {
    buf[0] = 'l';
    len = memtox(buf + 1, xml + addr, total_len - addr);
    }

When GBD gets an answer with the header "m" it will send another qXfer 
and this time
the  will be equal to (old_offset + the size of the data read 
previously)


With this, the XML description won't be truncated even if it is longer 
than 2045.

  /**
+ * XMLDynamicDescription:
+ * @desc: Contains the XML des

Re: [Qemu-devel] Savevm and loadvm not working

[Peter Xu]

On Tue, Jan 30, 2018 at 10:34:31AM +, sridhar kulkarni via Qemu-devel wrote:
> Hi,
> I am new bee to snapshot feature and how to use it correctly. My requirement 
> is simple, in that I want to snapshot the running VM and save the snapshot 
> file. Using the snapshot file, I want to boot the VM directly to snapshot 
> state.I came across the qemu monitors "savevm" and "loadvm" commands. The 
> following are the steps I follow to create snapshot and load the 
> snapshot,Step 1: Launch VM using below command, 
> qemu-system-arm -M arm-machine -m 512M -name my_name -kernel main.rbx -serial 
> pty -serial vc -serial vc -serial vc -drive 
> if=none,format=qcow2,file=/home/sridhar/qemu_disk_image/dummy.qcow2 
> 
> Step 2: Save the snapshot (issue savevm from qemu monitor)
>     --> savevm my_snapshot
> 
> Step 3 Launch the VM using snapshot image saved in step 2,
> qemu-system-arm -M arm-machine -m 512M -name my_name -kernel main.rbx -serial 
> pty -serial vc -serial vc -serial vc -drive 
> if=none,format=qcow2,file=/home/sridhar/qemu_disk_image/dummy.qcow2 -loadvm 
> my_snapshot
> With this approach, I am seeing that RAM contents are not getting saved when 
> I issue "savevm" command.

Could I ask how do you know that RAM contents are not saved?  Is there
any error happened after your loadvm operation?

> I have copied the part of the file, when the function "ram_control_save_page" 
> returns "RAM_SAVE_CONTROL_NOT_SUPP" and hence the page is not getting saved.
> 
> size_t ram_control_save_page(QEMUFile *f, ram_addr_t block_offset,
>  ram_addr_t offset, size_t size,
>  uint64_t *bytes_sent)
> {
>     if (f->hooks && f->hooks->save_page) {
>     int ret = f->hooks->save_page(f, f->opaque, block_offset,
>   offset, size, bytes_sent);
> 
>     if (ret != RAM_SAVE_CONTROL_DELAYED) {
>     if (bytes_sent && *bytes_sent > 0) {
>     qemu_update_position(f, *bytes_sent);
>     } else if (ret < 0) {
>     qemu_file_set_error(f, ret);
>     }
>     }
> 
>     return ret;
>     }
> 
>     return RAM_SAVE_CONTROL_NOT_SUPP;

Here IMHO as long as you are not using RDMA, this function should
always return with RAM_SAVE_CONTROL_NOT_SUPP.

And I do think the name is slightly misleading.

> }
> 
> Is there anything that I am missing here in the understanding "savevm" and 
> "loadvm" commands? 
> 
> Thanks

-- 
Peter Xu

Re: [Qemu-devel] [PATCH qemu v5 0/2] vfio-pci: Allow mmap of MSIX BAR

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180130035527.47336-1-...@ozlabs.ru
Subject: [Qemu-devel] [PATCH qemu v5 0/2] vfio-pci: Allow mmap of MSIX BAR

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
Switched to a new branch 'test'
261b4a1327 RFC: vfio-pci: Allow mmap of MSIX BAR
efd447736c vfio/common: Add 'p2p' property to enable DMA mapping of MMIO regions

=== OUTPUT BEGIN ===
Checking PATCH 1/2: vfio/common: Add 'p2p' property to enable DMA mapping of 
MMIO regions...
ERROR: line over 90 characters
#59: FILE: hw/vfio/common.c:523:
+error_report("Region %"HWADDR_PRIx"..%"HWADDR_PRIx" is not aligned 
to %"HWADDR_PRIx" and cannot be mapped for DMA",

total: 1 errors, 0 warnings, 105 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 2/2: RFC: vfio-pci: Allow mmap of MSIX BAR...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [Bug 1636217] Re: qemu-kvm 2.7 does not boot kvm VMs with virtio on top of VMware ESX

[Adrien]

Hi,

I have exactly the same problem.

My stack:
- macOS Sierra 10.12.6
- VMware Fusion 10.1.1 (tried with 10.0.1 too)
- Linux 4.9.78 (tried with 4.9.65 too)
- Qemu 2.11.0 (tried with 2.10.1 too)

All is working great with i440fx (or q35) <= 2.6 but it doesn't boot on
>= 2.7 and QEMU takes all the CPU.

It doesn't boot with the disk in virtio and scsci-virtio mode but boot
in scsi.

Exactly the same configuration on a baremetal (so no macOS and VMware)
works great.

So I assume it's a bug with VMware and virtio.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1636217

Title:
  qemu-kvm 2.7 does not boot kvm VMs with virtio on top of VMware ESX

Status in QEMU:
  New

Bug description:
  After todays Proxmox update all my Linux VMs stopped booting.

  # How to reproduce
  - Have KVM on top of VMware ESX (I use VMware ESX 6)
  - Boot Linux VM with virtio Disk drive.

  
  # Result
  virtio based VMs do not boot anymore:

  root@demotuxdc:/etc/pve/nodes/demotuxdc/qemu-server# grep virtio0 100.conf 
  bootdisk: virtio0
  virtio0: pvestorage:100/vm-100-disk-1.raw,discard=on,size=20G

  (initially with cache=writethrough, but that doesn´t matter)

  What happens instead is:

  - BIOS displays "Booting from harddisk..."
  - kvm process of VM loops at about 140% of Intel(R) Core(TM) i5-6260U CPU @ 
1.80GHz Skylake dual core CPU

  Disk of course has valid bootsector:

  root@demotuxdc:/srv/pvestorage/images/100# file -sk vm-100-disk-1.raw 
  vm-100-disk-1.raw: DOS/MBR boot sector DOS/MBR boot sector DOS executable 
(COM), boot code
  root@demotuxdc:/srv/pvestorage/images/100# head -c 2048 vm-100-disk-1.raw | 
hd | grep GRUB
  0170  be 94 7d e8 2e 00 cd 18  eb fe 47 52 55 42 20 00  |..}...GRUB .|

  
  # Workaround 1
  - Change disk from virtio0 to scsi0
  - Debian boots out of the box after this change
  - SLES 12 needs a rebuilt initrd
  - CentOS 7 too, but it seems that is not even enough and it still fails (even 
in hostonly="no" mode for dracut)

  
  # Workaround 2
  Downgrade pve-qemu-kvm 2.7.0-3 to 2.6.2-2.

  
  # Expected results
  Disk boots just fine via virtio like it did before.

  
  # Downstream bug report
  Downstream suggests an issue with upstream qemu-kvm:

  https://bugzilla.proxmox.com/show_bug.cgi?id=1181

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1636217/+subscriptions

Re: [Qemu-devel] [RFC 0/2] virtio-vhost-user: add virtio-vhost-user device

[Wei Wang]

On 01/26/2018 10:44 PM, Stefan Hajnoczi wrote:

On Thu, Jan 25, 2018 at 06:19:13PM +0800, Wei Wang wrote:

On 01/24/2018 07:40 PM, Stefan Hajnoczi wrote:

On Tue, Jan 23, 2018 at 09:06:49PM +0800, Wei Wang wrote:

On 01/23/2018 07:12 PM, Stefan Hajnoczi wrote:

On Mon, Jan 22, 2018 at 07:09:06PM +0800, Wei Wang wrote:

On 01/19/2018 09:06 PM, Stefan Hajnoczi wrote:


- Suppose in the future there is also a kernel virtio-vhost-user driver as
other PCI devices, can we unbind the kernel driver first, and then bind the
device to the dpdk driver? A normal PCI device should be able to smoothly
switch between the kernel driver and dpdk driver.

It depends what you mean by "smoothly switch".

If you mean whether it's possible to go from a kernel driver to
vfio-pci, then the answer is yes.

But if the kernel driver has an established vhost-user connection then
it will be closed.  This is the same as reconnecting with AF_UNIX
vhost-user.


Actually not only the case of switching to testpmd after kernel establishes
the connection, but also for several runs of testpmd. That is, if we run
testpmd, then exit testpmd. I think the second run of testpmd won't work.

The vhost-user master must reconnect and initialize again (SET_FEATURES,
SET_MEM_TABLE, etc).  Is your master reconnecting after the AF_UNIX
connection is closed?

Is this an explicit qmp operation to make the master re-connect?

I haven't tested it myself but I'm aware of two modes of operation:

1. -chardev socket,id=chardev0,...,server
-netdev vhost-user,chardev=chardev0

When the vhost-user socket is disconnected the peer needs to
reconnect.  In this case no special commands are necessary.

Here we're relying on DPDK librte_vhost's reconnection behavior.

Or

2. -chardev socket,id=chardev0,...,reconnect=3
-netdev vhost-user,chardev=chardev0

When the vhost-user socket is disconnected a new connection attempt
will be made after 3 seconds.

In both cases vhost-user negotiation will resume when the new connection
is established.

Stefan


I've been thinking about the issues, and it looks vhost-pci outperforms 
in this aspect.
Vhost-pci is like using a mail box. messages are just dropped into the 
box, and whenever vhost-pci pmd gets booted, it can always get the 
messages from the box, the negotiation between vhost-pci pmd and 
virtio-net is asynchronous.
Virtio-vhost-user is like a phone call, which is a synchronous 
communication. If one side is absent, then the other side will hang on 
without knowing when it could get connected or hang up with messages not 
passed (lost).


I also think the above solutions won't help. Please see below:

Background:
The vhost-user negotiation is split into 2 phases currently. The 1st 
phase happens when the connection is established, and we can find what's 
done in the 1st phase in vhost_user_init(). The 2nd phase happens when 
the master driver is loaded (e.g. run of virtio-net pmd) and set status 
to the device, and we can find what's done in the 2nd phase in 
vhost_dev_start(), which includes sending the memory info and virtqueue 
info. The socket is connected, till one of the QEMU devices exits, so 
pmd exiting won't end the QEMU side socket connection.


Issues:
Suppose we have both the vhost and virtio-net set up, and vhost pmd <-> 
virtio-net pmd communication works well. Now, vhost pmd exits 
(virtio-net pmd is still there). Some time later, we re-run vhost pmd, 
the vhost pmd doesn't know the virtqueue addresses of the virtio-net 
pmd, unless the virtio-net pmd reloads to start the 2nd phase of the 
vhost-user protocol. So the second run of the vhost pmd won't work.


Any thoughts?

Best,
Wei

Re: [Qemu-devel] [PATCH v7 1/9] mirror: inherit supported write/zero flags

[Anton Nefedov]

On 29/1/2018 10:26 PM, Eric Blake wrote:

On 01/29/2018 01:21 PM, Max Reitz wrote:

On 2018-01-18 18:48, Anton Nefedov wrote:

Signed-off-by: Anton Nefedov 
Reviewed-by: Eric Blake 
Reviewed-by: Alberto Garcia 
---
  block/mirror.c | 5 +
  1 file changed, 5 insertions(+)

diff --git a/block/mirror.c b/block/mirror.c
index c9badc1..d18ec65 100644
--- a/block/mirror.c
+++ b/block/mirror.c
@@ -1064,6 +1064,11 @@ static void 
bdrv_mirror_top_refresh_filename(BlockDriverState *bs, QDict *opts)
  bdrv_refresh_filename(bs->backing->bs);
  pstrcpy(bs->exact_filename, sizeof(bs->exact_filename),
  bs->backing->bs->filename);
+bs->supported_write_flags = BDRV_REQ_FUA &
+bs->backing->bs->supported_write_flags;
+bs->supported_zero_flags =
+(BDRV_REQ_FUA | BDRV_REQ_MAY_UNMAP) &
+bs->backing->bs->supported_zero_flags;
  }
  
  static void bdrv_mirror_top_close(BlockDriverState *bs)


Fundamentally OK, but why is this in *_refresh_filename()?


Indeed, I missed that (or maybe it got moved during a botched rebase?).
For comparison, blkdebug sets it during blkdebug_open(), and nbd sets it
during nbd_client_init() (called during nbd_open()).



We need a backing bs here and I believe it's not generally set at the 
time of .bdrv_open()

Re: [Qemu-devel] [PATCH v5] cocoa.m: Add ability for user to specify mouse ungrab key

[Gerd Hoffmann]

On Fri, Jan 26, 2018 at 04:47:31PM -0500, John Arbuckle wrote:
> Currently the ungrab keys for the Cocoa and GTK interface are Control-Alt-g.

SDL is the same now, for consistency.

> This combination may not be very fun for the user to have to enter, so we
> now enable the user to specify their own key(s) as the ungrab key(s).

What about the other hotkeys?

There is fullscreen.  Ctrl-Alt-F for SDL and GTK.  Cmd-F for cocoa, but
it works only if the grab is not active.

Console select (Ctrl-Alt-), works for SDL and GTK.  When I read the
code correctly it should work for cocoa the same way, but it doesn't
work for me.  Dunno why.

Quit. Ctrl-Alt-Q on gtk.  Cmd-Q on cocoa, again only working without
keyboard grab.  Nothing on SDL.  Just closing the window to quit works
on GTK and SDL, both have a switch to turn it off.

[ ... list of hotkeys is incomplete, there is more, most of them working
  in some of the user interfaces only ... ]

There is the -ctrl-grab switch.  Changes all hotkeys from Ctrl-Alt-
to Ctrl-.  SDL only.  I want deprecate it.

There is the -alt-grab switch.  Changes all hotkeys from Ctrl-Alt-
to Ctrl-Alt-Shift-.  SDL only.  I want deprecate it too.


When touching this mess I want move to something more consistent.


> Syntax: -ungrab 

As mentioned earlier: New toplevel switch isn't going to fly.  Should be
a suboption of -display.

> Example usage:  -ungrab home
>   -ungrab shift-ctrl

Modifier-only hotkeys are tricky with gtk (doable, but no support for
that in the toolkit).

>   -ungrab ctrl-x
>   -ungrab pgup-pgdn

Really?  Two non-modifier keys?  How is that implemented?  Do you queue
up the pgup keypress, waiting to see whenever pgdn is pressed too, then
only in case that didn't happen forward the queued pgup key to the guest?

Making this work properly without unpleasent surprises in corner cases
doesn't look easy to me.  Needless to say that the gtk toolkit doesn't
support this either.


I think we should limit ourself to key combinations which have one
non-modifier key and optionally one or more modifier keys.  That should
be supportable in all user interfaces we have.  Except curses, modifier
key handling in unix terminals is a completely different world ...

When it comes to defining hotkeys I see basically two possible
ways to do it:

  (1) Have a fixed (set of) modifier keys for all hot keys,
  i.e. something like this:

 -display 
gtk,hotkey-modifiers=ctrl+shift,hotkey-grab=f12,hotkey-fullscreen=f11

  (2) Allow complete freedom when defining hotkeys, i.e.

 -display gtk,hotkey-grab=shift+f12,hotkey-fullscreen=ctrl+f11

Variant (1) provides a simple way to use other modifiers for all
hotkeys, simliar to the existing -alt-grab switch.  I also expect
it is easier to implement.

Another question is whenever we want allow defining different hotkeys
for the same thing.  So fullscreen could have both F11 (which is a
common hotkey in various apps, for example firefox) and Ctrl-Alt-F.
Might be useful, but also makes the implementation more complex.

I think we should clarify those questions before working on patches.

cheers,
  Gerd

Re: [Qemu-devel] [PATCH v7 3/9] block: introduce BDRV_REQ_ALLOCATE flag

[Anton Nefedov]

On 29/1/2018 10:37 PM, Max Reitz wrote:

On 2018-01-18 18:49, Anton Nefedov wrote:

The flag is supposed to indicate that the region of the disk image has
to be sufficiently allocated so it reads as zeroes.

The call with the flag set must return -ENOTSUP if allocation cannot
be done efficiently.
This has to be made sure of by both
   - the drivers that support the flag
   - and the common block layer (so it will not fall back to any slowpath
 (like writing zero buffers) in case the driver does not support
 the flag).

Signed-off-by: Anton Nefedov 
Reviewed-by: Eric Blake 
Reviewed-by: Alberto Garcia 
---
  include/block/block.h |  6 +-
  include/block/block_int.h |  2 +-
  block/io.c| 20 +---
  3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/include/block/block.h b/include/block/block.h
index 9b12774..3e31b89 100644
--- a/include/block/block.h
+++ b/include/block/block.h
@@ -65,9 +65,13 @@ typedef enum {
  BDRV_REQ_NO_SERIALISING = 0x8,
  BDRV_REQ_FUA= 0x10,
  BDRV_REQ_WRITE_COMPRESSED   = 0x20,
+/* The BDRV_REQ_ALLOCATE flag is used to indicate that the driver has to
+ * efficiently allocate the space so it reads as zeroes, or return an 
error.


What happens if you specify this for a normal write operation that does
not write zeroes?

(I suppose the answer is "don't do that", but that would need to be
documented more clearly here.)



I can't quite come up with what a regular write with ALLOCATE flag can
suppose to mean.

Will document that.


+ */
+BDRV_REQ_ALLOCATE   = 0x40,
  
  /* Mask of valid flags */

-BDRV_REQ_MASK   = 0x3f,
+BDRV_REQ_MASK   = 0x7f,
  } BdrvRequestFlags;
  
  typedef struct BlockSizes {

diff --git a/include/block/block_int.h b/include/block/block_int.h
index 29cafa4..b141710 100644
--- a/include/block/block_int.h
+++ b/include/block/block_int.h
@@ -632,7 +632,7 @@ struct BlockDriverState {
  /* Flags honored during pwrite (so far: BDRV_REQ_FUA) */
  unsigned int supported_write_flags;
  /* Flags honored during pwrite_zeroes (so far: BDRV_REQ_FUA,
- * BDRV_REQ_MAY_UNMAP) */
+ * BDRV_REQ_MAY_UNMAP, BDRV_REQ_ALLOCATE) */
  unsigned int supported_zero_flags;
  
  /* the following member gives a name to every node on the bs graph. */

diff --git a/block/io.c b/block/io.c
index 7ea4023..cf2f84c 100644
--- a/block/io.c
+++ b/block/io.c
@@ -1424,7 +1424,7 @@ static int coroutine_fn 
bdrv_co_do_pwrite_zeroes(BlockDriverState *bs,
  assert(!bs->supported_zero_flags);
  }
  
-if (ret == -ENOTSUP) {

+if (ret == -ENOTSUP && !(flags & BDRV_REQ_ALLOCATE)) {
  /* Fall back to bounce buffer if write zeroes is unsupported */
  BdrvRequestFlags write_flags = flags & ~BDRV_REQ_ZERO_WRITE;
  
@@ -1514,8 +1514,8 @@ static int coroutine_fn bdrv_aligned_pwritev(BdrvChild *child,

  ret = notifier_with_return_list_notify(&bs->before_write_notifiers, req);
  
  if (!ret && bs->detect_zeroes != BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF &&

-!(flags & BDRV_REQ_ZERO_WRITE) && drv->bdrv_co_pwrite_zeroes &&
-qemu_iovec_is_zero(qiov)) {
+!(flags & BDRV_REQ_ZERO_WRITE) && !(flags & BDRV_REQ_ALLOCATE) &&
+drv->bdrv_co_pwrite_zeroes && qemu_iovec_is_zero(qiov)) {


Do we really need to add the BDRV_REQ_ALLOCATE check here?  If the
caller specifies that flag, then we won't invalidate it by adding the
BDRV_REQ_ZERO_WRITE flag (as long as we don't add BDRV_REQ_MAY_UNMAP).



Now !(flags & BDRV_REQ_ALLOCATE) is always true here, as REQ_ALLOCATE
implies REQ_ZERO_WRITE.
But conceptually yes I think the check should only forbid setting
MAY_UNMAP.

Offtop: does REQ_ZERO_WRITE override REQ_WRITE_COMPRESSED in this
function? at least with !REQ_MAY_UNMAP it looks wrong


  flags |= BDRV_REQ_ZERO_WRITE;
  if (bs->detect_zeroes == BLOCKDEV_DETECT_ZEROES_OPTIONS_UNMAP) {
  flags |= BDRV_REQ_MAY_UNMAP;
@@ -1593,6 +1593,9 @@ static int coroutine_fn bdrv_co_do_zero_pwritev(BdrvChild 
*child,
  
  assert(flags & BDRV_REQ_ZERO_WRITE);

  if (head_padding_bytes || tail_padding_bytes) {
+if (flags & BDRV_REQ_ALLOCATE) {
+return -ENOTSUP;
+}
  buf = qemu_blockalign(bs, align);
  iov = (struct iovec) {
  .iov_base   = buf,
@@ -1693,6 +1696,9 @@ int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
  return ret;
  }
  
+/* allocation request with qiov provided doesn't make much sense */

+assert(!(qiov && (flags & BDRV_REQ_ALLOCATE)));
+


So I suppose the use of BDRV_REQ_ALLOCATE necessitates the use of
BDRV_REQ_ZERO_WRITE?  That should be documented, then.

Max



Yes, will document.


  bdrv_inc_in_flight(bs);
  /*
   * Align write if necessary by performing a read-modify-write cycle.
@@ -1822,6 +1828,14 @@ int coroutine_fn bdrv_co_pwrite

Re: [Qemu-devel] [PATCH v7 4/9] block: treat BDRV_REQ_ALLOCATE as serialising

[Anton Nefedov]

On 29/1/2018 10:48 PM, Max Reitz wrote:

On 2018-01-18 18:49, Anton Nefedov wrote:

The idea is that ALLOCATE requests may overlap with other requests.
Reuse the existing block layer infrastructure for serialising requests.
Use the following approach:
   - mark ALLOCATE serialising, so subsequent requests to the area wait
   - ALLOCATE request itself must never wait if another request is in flight
 already. Return EAGAIN, let the caller reconsider.

Signed-off-by: Anton Nefedov 
Reviewed-by: Eric Blake 
---
  block/io.c | 27 +++
  1 file changed, 19 insertions(+), 8 deletions(-)


The basic principle looks good to me.


diff --git a/block/io.c b/block/io.c
index cf2f84c..4b0d34f 100644
--- a/block/io.c
+++ b/block/io.c


[...]


@@ -1717,7 +1728,7 @@ int coroutine_fn bdrv_co_pwritev(BdrvChild *child,
  struct iovec head_iov;
  
  mark_request_serialising(&req, align);

-wait_serialising_requests(&req);
+wait_serialising_requests(&req, false);


What if someone calls bdrv_co_pwritev() with BDRV_REQ_ZERO_WRITE |
BDRV_REQ_ALLOCATE?  


Either

assert(!(qiov && (flags & BDRV_REQ_ALLOCATE)));

will fail or bdrv_co_do_zero_pwritev() will be used.


.. Then this should do exactly the same as
bdrv_co_do_zero_pwritev(), which it currently does not -- besides this
serialization, this includes returning -ENOTSUP if there is a head or
tail to write.



Another question is if that assertion is ok.
In other words: should (qiov!=NULL && REQ_ALLOCATE) be a valid case?
e.g. with qiov filled with zeroes?

I'd rather document that not supported (and leave the assertion).

Actually, even (qiov!=NULL && REQ_ZERO_WRITE) looks kind of
unsupported/broken? Alignment code in bdrv_co_pwritev() zeroes out the
head and tail by passing the flag down bdrv_aligned_pwritev()

Re: [Qemu-devel] [PATCH v2] tests: acpi: fix FADT not being compared to reference table

[Igor Mammedov]

On Tue, 16 Jan 2018 16:30:26 +0100
Igor Mammedov  wrote:

> It turns out that FADT isn't actually tested for changes
> against reference table, since it happens to be the 1st
> table in RSDT which is currently ignored.
> Fix it by making sure that all tables from RSDT are added
> to test list.
> 
> NOTE: FADT contains guest allocated pointers to FACS/DSDT,
> zero them out so that possible FACS/DSDT address change
> won't affect test results.
> 
> Signed-off-by: Igor Mammedov 
> ---
> v2:
>   - fixup FACS/DSDT pointers in FADT to avoid false test
> failure if pointers change ("Michael S. Tsirkin" )
ping

[...]

Re: [Qemu-devel] [PATCH RFC 1/2] s390x/tcg: wire up pci instructions

[David Hildenbrand]

On 29.01.2018 17:52, Cornelia Huck wrote:
> On s390x, pci support is implemented via a set of instructions
> (no mmio). Unfortunately, none of them are documented in the
> PoP; the code is based upon the existing implementation for KVM
> and the Linux zpci driver.
> 
> Signed-off-by: Cornelia Huck 
> ---
>  target/s390x/helper.h  |   9 
>  target/s390x/insn-data.def |  13 +
>  target/s390x/misc_helper.c | 123 
> +
>  target/s390x/translate.c   | 123 
> +
>  4 files changed, 268 insertions(+)
> 
> diff --git a/target/s390x/helper.h b/target/s390x/helper.h
> index 59a1d9869b..9887efbb3a 100644
> --- a/target/s390x/helper.h
> +++ b/target/s390x/helper.h
> @@ -172,4 +172,13 @@ DEF_HELPER_2(stcrw, void, env, i64)
>  DEF_HELPER_3(stsch, void, env, i64, i64)
>  DEF_HELPER_3(tsch, void, env, i64, i64)
>  DEF_HELPER_2(chsc, void, env, i64)
> +
> +DEF_HELPER_2(clp, void, env, i32)
> +DEF_HELPER_3(pcilg, void, env, i32, i32)
> +DEF_HELPER_3(pcistg, void, env, i32, i32)
> +DEF_HELPER_4(stpcifc, void, env, i32, i64, i32)
> +DEF_HELPER_3(sic, void, env, i64, i64)
> +DEF_HELPER_3(rpcit, void, env, i32, i32)
> +DEF_HELPER_5(pcistb, void, env, i32, i32, i64, i32)
> +DEF_HELPER_4(mpcifc, void, env, i32, i64, i32)
>  #endif
> diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
> index 11ee43dcbc..2ffc051072 100644
> --- a/target/s390x/insn-data.def
> +++ b/target/s390x/insn-data.def
> @@ -1067,4 +1067,17 @@
>  /* ??? Not listed in PoO ninth edition, but there's a linux driver that
> uses it: "A CHSC subchannel is usually present on LPAR only."  */
>  C(0xb25f, CHSC,  RRE, Z,   0, insn, 0, 0, chsc, 0)
> +
> +/* zPCI Instructions */
> +/* None of these instructions are documented in the PoP, so this is all
> +   based upon target/s390x/kvm.c and Linux code and likely incomplete */
> +C(0xebd0, PCISTB, RSY_a, PCI, 0, 0, 0, 0, pcistb, 0)
> +C(0xebd1, SIC, RSY_a, PCI, 0, 0, 0, 0, sic, 0)
> +C(0xb9a0, CLP, RRF_c, PCI, 0, 0, 0, 0, clp, 0)
> +C(0xb9d0, PCISTG, RRE, PCI, 0, 0, 0, 0, pcistg, 0)
> +C(0xb9d2, PCILG, RRE, PCI, 0, 0, 0, 0, pcilg, 0)
> +C(0xb9d3, RPCIT, RRE, PCI, 0, 0, 0, 0, rpcit, 0)
> +C(0xe3d0, MPCIFC, RXY_a, PCI, 0, 0, 0, 0, mpcifc, 0)
> +C(0xe3d4, STPCIFC, RXY_a, PCI, 0, 0, 0, 0, stpcifc, 0)
> +
>  #endif /* CONFIG_USER_ONLY */
> diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
> index 86da6aab7e..1271106628 100644
> --- a/target/s390x/misc_helper.c
> +++ b/target/s390x/misc_helper.c
> @@ -36,6 +36,7 @@
>  #include "hw/s390x/ebcdic.h"
>  #include "hw/s390x/s390-virtio-hcall.h"
>  #include "hw/s390x/sclp.h"
> +#include "hw/s390x/s390-pci-inst.h"
>  #endif
>  
>  /* #define DEBUG_HELPER */
> @@ -560,3 +561,125 @@ uint32_t HELPER(stfle)(CPUS390XState *env, uint64_t 
> addr)
>  env->regs[0] = deposit64(env->regs[0], 0, 8, (max_bytes / 8) - 1);
>  return count_bytes >= max_bytes ? 0 : 3;
>  }
> +
> +#ifndef CONFIG_USER_ONLY
> +void HELPER(clp)(CPUS390XState *env, uint32_t r2)
> +{
> +S390CPU *cpu = s390_env_get_cpu(env);
> +int r = -1;
> +
> +if (s390_has_feat(S390_FEAT_ZPCI)) {
> +qemu_mutex_lock_iothread();
> +r = clp_service_call(cpu, r2, GETPC());
> +qemu_mutex_unlock_iothread();
> +}
> +if (r) {
> +s390_program_interrupt(env, PGM_OPERATION, 4, GETPC());
> +}

Hmmm, this handling should not be necessary for TCG. All we should need is:

qemu_mutex_lock_iothread();
r = clp_service_call(cpu, r2, GETPC());
qemu_mutex_unlock_iothread();

We will handle

a) pci not configured in patch nr2 via the CPU model (will propose
something there).

b) we will handle !s390_has_feat(S390_FEAT_ZPCI) although available
later just as other instructions via the "PCI" flag you attached to the
instructions (Richard once posted a patch to do that).

> +}
> +
> +void HELPER(pcilg)(CPUS390XState *env, uint32_t r1, uint32_t r2)
> +{
> +S390CPU *cpu = s390_env_get_cpu(env);
> +int r = -1;
> +
> +if (s390_has_feat(S390_FEAT_ZPCI)) {
> +qemu_mutex_lock_iothread();
> +r = pcilg_service_call(cpu, r1, r2, GETPC());
> +qemu_mutex_unlock_iothread();
> +}
> +if (r) {
> +s390_program_interrupt(env, PGM_OPERATION, 4, GETPC());
> +}
> +}
> +
> +void HELPER(pcistg)(CPUS390XState *env, uint32_t r1, uint32_t r2)
> +{
> +S390CPU *cpu = s390_env_get_cpu(env);
> +int r = -1;
> +
> +if (s390_has_feat(S390_FEAT_ZPCI)) {
> +qemu_mutex_lock_iothread();
> +r = pcistg_service_call(cpu, r1, r2, GETPC());
> +qemu_mutex_unlock_iothread();
> +}
> +if (r) {
> +s390_program_interrupt(env, PGM_OPERATION, 4, GETPC());
> +}
> +}
> +
> +void HELPER(stpcifc)(CPUS390XState *env, uint32_t r1, uint64_t fiba,
> + uint32_t ar)
> +{
> +S390CPU *cpu = s390_env_get_cpu(env);
> +int r = -1;
> +
>

Re: [Qemu-devel] [PATCH v7 9/9] iotest 134: test cluster-misaligned encrypted write

[Alberto Garcia]

On Thu 18 Jan 2018 06:49:07 PM CET, Anton Nefedov wrote:
> COW (even empty/zero) areas require encryption too
>
> Signed-off-by: Anton Nefedov 
> Reviewed-by: Eric Blake 

Reviewed-by: Alberto Garcia 

Berto

Re: [Qemu-devel] [PATCH RFC 2/2] s390x/cpumodel: allow zpci features in qemu model

[David Hildenbrand]

On 29.01.2018 17:52, Cornelia Huck wrote:
> AEN can be provided unconditionally, ZPCI has to be turned on
> manually (it should really depend on CONFIG_PCI).
> 
> With -cpu qemu,zpci=on, a 4.15 guest kernel can now successfully
> detect virtio-pci devices under tcg.
> 
> Signed-off-by: Cornelia Huck 
> ---
>  target/s390x/gen-features.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/target/s390x/gen-features.c b/target/s390x/gen-features.c
> index 0570f597ec..db7ac965a0 100644
> --- a/target/s390x/gen-features.c
> +++ b/target/s390x/gen-features.c
> @@ -574,6 +574,7 @@ static uint16_t qemu_LATEST[] = {
>  S390_FEAT_INTERLOCKED_ACCESS_2,
>  S390_FEAT_MSA_EXT_4,
>  S390_FEAT_MSA_EXT_3,
> +S390_FEAT_ADAPTER_EVENT_NOTIFICATION,
>  };
>  
>  /* add all new definitions before this point */
> @@ -582,6 +583,8 @@ static uint16_t qemu_MAX[] = {
>  S390_FEAT_STFLE_53,
>  /* generates a dependency warning, leave it out for now */
>  S390_FEAT_MSA_EXT_5,
> +/* should be conditional on CONFIG_PCI */
> +S390_FEAT_ZPCI,
>  };
>  

What about something in addition like that, should work for now

diff --git a/target/s390x/cpu_models.c b/target/s390x/cpu_models.c
index 212a5f0697..62fc8d538d 100644
--- a/target/s390x/cpu_models.c
+++ b/target/s390x/cpu_models.c
@@ -23,6 +23,7 @@
 #include "qapi/qmp/qbool.h"
 #ifndef CONFIG_USER_ONLY
 #include "sysemu/arch_init.h"
+#include "hw/pci/pci.h"
 #endif

 #define CPUDEF_INIT(_type, _gen, _ec_ga, _mha_pow, _hmfai, _name, _desc) \
@@ -1271,6 +1272,12 @@ static void register_types(void)

 /* init all bitmaps from gnerated data initially */
 s390_init_feat_bitmap(qemu_max_cpu_feat_init, qemu_max_cpu_feat);
+#ifndef CONFIG_USER_ONLY
+if (!pci_available) {
+clear_bit(S390_FEAT_ZPCI, qemu_max_cpu_feat);
+}
+#endif
+
 for (i = 0; i < ARRAY_SIZE(s390_cpu_defs); i++) {
 s390_init_feat_bitmap(s390_cpu_defs[i].base_init,
   s390_cpu_defs[i].base_feat);



>  /** END FEATURE DEFS **/
> 


-- 

Thanks,

David / dhildenb

[Qemu-devel] [PATCH] sii3112: Change angle brackets to quotes in #include lines

[BALATON Zoltan]

This matches what other files do for qemu includes

Signed-off-by: BALATON Zoltan 
---
 hw/ide/sii3112.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/ide/sii3112.c b/hw/ide/sii3112.c
index 17aa930..e3896c6 100644
--- a/hw/ide/sii3112.c
+++ b/hw/ide/sii3112.c
@@ -12,8 +12,8 @@
  * http://wiki.osdev.org/User:Quok/Silicon_Image_Datasheets
  */
 
-#include 
-#include 
+#include "qemu/osdep.h"
+#include "hw/ide/pci.h"
 #include "trace.h"
 
 #define TYPE_SII3112_PCI "sii3112"
-- 
2.7.6

[Qemu-devel] [PATCH] linux-user/signal.c: Rename MC_* defines

[Peter Maydell]

The SPARC code in linux-user/signal.c defines a set of
MC_* constants. On some SPARC hosts these are also defined
by sys/ucontext.h, resulting in build failures:

linux-user/signal.c:2786:0: error: "MC_NGREG" redefined [-Werror]
 #define MC_NGREG 19

In file included from /usr/include/signal.h:302:0,
 from include/qemu/osdep.h:86,
 from linux-user/signal.c:19:
/usr/include/sparc64-linux-gnu/sys/ucontext.h:59:0: note: this is the location 
of the previous definition
 # define MC_NGREG __MC_NGREG

Rename all these constants to SPARC_MC_* to avoid the clash.

Signed-off-by: Peter Maydell 
---
This has just started causing failures on the SPARC build
box I use for merge tests (presumably due to a system
header update), so I'm planning to apply this to master as
a buildfix.
---
 linux-user/signal.c | 118 ++--
 1 file changed, 59 insertions(+), 59 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index 5321f9e..2db4507 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -2764,29 +2764,29 @@ long do_rt_sigreturn(CPUSPARCState *env)
 }
 
 #if defined(TARGET_SPARC64) && !defined(TARGET_ABI32)
-#define MC_TSTATE 0
-#define MC_PC 1
-#define MC_NPC 2
-#define MC_Y 3
-#define MC_G1 4
-#define MC_G2 5
-#define MC_G3 6
-#define MC_G4 7
-#define MC_G5 8
-#define MC_G6 9
-#define MC_G7 10
-#define MC_O0 11
-#define MC_O1 12
-#define MC_O2 13
-#define MC_O3 14
-#define MC_O4 15
-#define MC_O5 16
-#define MC_O6 17
-#define MC_O7 18
-#define MC_NGREG 19
+#define SPARC_MC_TSTATE 0
+#define SPARC_MC_PC 1
+#define SPARC_MC_NPC 2
+#define SPARC_MC_Y 3
+#define SPARC_MC_G1 4
+#define SPARC_MC_G2 5
+#define SPARC_MC_G3 6
+#define SPARC_MC_G4 7
+#define SPARC_MC_G5 8
+#define SPARC_MC_G6 9
+#define SPARC_MC_G7 10
+#define SPARC_MC_O0 11
+#define SPARC_MC_O1 12
+#define SPARC_MC_O2 13
+#define SPARC_MC_O3 14
+#define SPARC_MC_O4 15
+#define SPARC_MC_O5 16
+#define SPARC_MC_O6 17
+#define SPARC_MC_O7 18
+#define SPARC_MC_NGREG 19
 
 typedef abi_ulong target_mc_greg_t;
-typedef target_mc_greg_t target_mc_gregset_t[MC_NGREG];
+typedef target_mc_greg_t target_mc_gregset_t[SPARC_MC_NGREG];
 
 struct target_mc_fq {
 abi_ulong *mcfq_addr;
@@ -2846,8 +2846,8 @@ void sparc64_set_context(CPUSPARCState *env)
 goto do_sigsegv;
 }
 grp  = &ucp->tuc_mcontext.mc_gregs;
-__get_user(pc, &((*grp)[MC_PC]));
-__get_user(npc, &((*grp)[MC_NPC]));
+__get_user(pc, &((*grp)[SPARC_MC_PC]));
+__get_user(npc, &((*grp)[SPARC_MC_NPC]));
 if ((pc | npc) & 3) {
 goto do_sigsegv;
 }
@@ -2870,26 +2870,26 @@ void sparc64_set_context(CPUSPARCState *env)
 }
 env->pc = pc;
 env->npc = npc;
-__get_user(env->y, &((*grp)[MC_Y]));
-__get_user(tstate, &((*grp)[MC_TSTATE]));
+__get_user(env->y, &((*grp)[SPARC_MC_Y]));
+__get_user(tstate, &((*grp)[SPARC_MC_TSTATE]));
 env->asi = (tstate >> 24) & 0xff;
 cpu_put_ccr(env, tstate >> 32);
 cpu_put_cwp64(env, tstate & 0x1f);
-__get_user(env->gregs[1], (&(*grp)[MC_G1]));
-__get_user(env->gregs[2], (&(*grp)[MC_G2]));
-__get_user(env->gregs[3], (&(*grp)[MC_G3]));
-__get_user(env->gregs[4], (&(*grp)[MC_G4]));
-__get_user(env->gregs[5], (&(*grp)[MC_G5]));
-__get_user(env->gregs[6], (&(*grp)[MC_G6]));
-__get_user(env->gregs[7], (&(*grp)[MC_G7]));
-__get_user(env->regwptr[UREG_I0], (&(*grp)[MC_O0]));
-__get_user(env->regwptr[UREG_I1], (&(*grp)[MC_O1]));
-__get_user(env->regwptr[UREG_I2], (&(*grp)[MC_O2]));
-__get_user(env->regwptr[UREG_I3], (&(*grp)[MC_O3]));
-__get_user(env->regwptr[UREG_I4], (&(*grp)[MC_O4]));
-__get_user(env->regwptr[UREG_I5], (&(*grp)[MC_O5]));
-__get_user(env->regwptr[UREG_I6], (&(*grp)[MC_O6]));
-__get_user(env->regwptr[UREG_I7], (&(*grp)[MC_O7]));
+__get_user(env->gregs[1], (&(*grp)[SPARC_MC_G1]));
+__get_user(env->gregs[2], (&(*grp)[SPARC_MC_G2]));
+__get_user(env->gregs[3], (&(*grp)[SPARC_MC_G3]));
+__get_user(env->gregs[4], (&(*grp)[SPARC_MC_G4]));
+__get_user(env->gregs[5], (&(*grp)[SPARC_MC_G5]));
+__get_user(env->gregs[6], (&(*grp)[SPARC_MC_G6]));
+__get_user(env->gregs[7], (&(*grp)[SPARC_MC_G7]));
+__get_user(env->regwptr[UREG_I0], (&(*grp)[SPARC_MC_O0]));
+__get_user(env->regwptr[UREG_I1], (&(*grp)[SPARC_MC_O1]));
+__get_user(env->regwptr[UREG_I2], (&(*grp)[SPARC_MC_O2]));
+__get_user(env->regwptr[UREG_I3], (&(*grp)[SPARC_MC_O3]));
+__get_user(env->regwptr[UREG_I4], (&(*grp)[SPARC_MC_O4]));
+__get_user(env->regwptr[UREG_I5], (&(*grp)[SPARC_MC_O5]));
+__get_user(env->regwptr[UREG_I6], (&(*grp)[SPARC_MC_O6]));
+__get_user(env->regwptr[UREG_I7], (&(*grp)[SPARC_MC_O7]));
 
 __get_user(fp, &(ucp->tuc_mcontext.mc_fp));
 __get_user(i7, &(ucp->tuc_mcontext.mc_i7));
@@ -2977,25 +2977,25 @@ void sparc64_get_context(CPUSPARCState *env)
 }
 
 /* XXX: tstate must be saved properly */
-//

Re: [Qemu-devel] [PATCH v4 09/14] pci: Add support for Designware IP block

[Marcel Apfelbaum]

Hi Andrei,

Sorry for letting you wait,
I have some comments/questions below.

On 16/01/2018 3:37, Andrey Smirnov wrote:

Add code needed to get a functional PCI subsytem when using in
conjunction with upstream Linux guest (4.13+). Tested to work against
"e1000e" (network adapter, using MSI interrupts) as well as
"usb-ehci" (USB controller, using legacy PCI interrupts).

Cc: Peter Maydell 
Cc: Jason Wang 
Cc: Philippe Mathieu-Daudé 
Cc: qemu-devel@nongnu.org
Cc: qemu-...@nongnu.org
Cc: yurov...@gmail.com
Signed-off-by: Andrey Smirnov 
---
  default-configs/arm-softmmu.mak  |   2 +
  hw/pci-host/Makefile.objs|   2 +
  hw/pci-host/designware.c | 618 +++
  include/hw/pci-host/designware.h |  93 ++
  include/hw/pci/pci_ids.h |   2 +
  5 files changed, 717 insertions(+)
  create mode 100644 hw/pci-host/designware.c
  create mode 100644 include/hw/pci-host/designware.h

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index b0d6e65038..0c5ae914ed 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -132,3 +132,5 @@ CONFIG_GPIO_KEY=y
  CONFIG_MSF2=y
  CONFIG_FW_CFG_DMA=y
  CONFIG_XILINX_AXI=y
+CONFIG_PCI_DESIGNWARE=y
+
diff --git a/hw/pci-host/Makefile.objs b/hw/pci-host/Makefile.objs
index 9c7909cf44..0e2c0a123b 100644
--- a/hw/pci-host/Makefile.objs
+++ b/hw/pci-host/Makefile.objs
@@ -17,3 +17,5 @@ common-obj-$(CONFIG_PCI_PIIX) += piix.o
  common-obj-$(CONFIG_PCI_Q35) += q35.o
  common-obj-$(CONFIG_PCI_GENERIC) += gpex.o
  common-obj-$(CONFIG_PCI_XILINX) += xilinx-pcie.o
+
+common-obj-$(CONFIG_PCI_DESIGNWARE) += designware.o
diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c
new file mode 100644
index 00..98fff5e5f3
--- /dev/null
+++ b/hw/pci-host/designware.c
@@ -0,0 +1,618 @@
+/*
+ * Copyright (c) 2017, Impinj, Inc.

2018 :)

+ *
+ * Designware PCIe IP block emulation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see
+ * .
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/pci/msi.h"
+#include "hw/pci/pci_bridge.h"
+#include "hw/pci/pci_host.h"
+#include "hw/pci/pcie_port.h"
+#include "hw/pci-host/designware.h"
+
+#define PCIE_PORT_LINK_CONTROL  0x710
+
+#define PCIE_PHY_DEBUG_R1   0x72C
+#define PCIE_PHY_DEBUG_R1_XMLH_LINK_UP  BIT(4)
+
+#define PCIE_LINK_WIDTH_SPEED_CONTROL   0x80C
+
+#define PCIE_MSI_ADDR_LO0x820
+#define PCIE_MSI_ADDR_HI0x824
+#define PCIE_MSI_INTR0_ENABLE   0x828
+#define PCIE_MSI_INTR0_MASK 0x82C
+#define PCIE_MSI_INTR0_STATUS   0x830
+
+#define PCIE_ATU_VIEWPORT   0x900
+#define PCIE_ATU_REGION_INBOUND (0x1 << 31)
+#define PCIE_ATU_REGION_OUTBOUND(0x0 << 31)
+#define PCIE_ATU_REGION_INDEX2  (0x2 << 0)
+#define PCIE_ATU_REGION_INDEX1  (0x1 << 0)
+#define PCIE_ATU_REGION_INDEX0  (0x0 << 0)
+#define PCIE_ATU_CR10x904
+#define PCIE_ATU_TYPE_MEM   (0x0 << 0)
+#define PCIE_ATU_TYPE_IO(0x2 << 0)
+#define PCIE_ATU_TYPE_CFG0  (0x4 << 0)
+#define PCIE_ATU_TYPE_CFG1  (0x5 << 0)
+#define PCIE_ATU_CR20x908
+#define PCIE_ATU_ENABLE (0x1 << 31)
+#define PCIE_ATU_BAR_MODE_ENABLE(0x1 << 30)
+#define PCIE_ATU_LOWER_BASE 0x90C
+#define PCIE_ATU_UPPER_BASE 0x910
+#define PCIE_ATU_LIMIT  0x914
+#define PCIE_ATU_LOWER_TARGET   0x918
+#define PCIE_ATU_BUS(x) (((x) >> 24) & 0xff)
+#define PCIE_ATU_DEVFN(x)   (((x) >> 16) & 0xff)
+#define PCIE_ATU_UPPER_TARGET   0x91C
+
+static DesignwarePCIEHost *
+designware_pcie_root_to_host(DesignwarePCIERoot *root)
+{
+BusState *bus = qdev_get_parent_bus(DEVICE(root));
+return DESIGNWARE_PCIE_HOST(bus->parent);
+}
+
+static void designware_pcie_root_msi_write(void *opaque, hwaddr addr,
+   uint64_t val, unsigned len)
+{
+DesignwarePCIERoot *root = DESIGNWARE_PCIE_ROOT(opaque);
+DesignwarePCIEHost *host = designware_pcie_root_to_host(root);
+
+root->msi.intr[0].status |= (1 << val) & root->msi.intr[0].enable;
+
+if (root->msi.intr[0].status & ~root->msi.intr[0].mask) {
+qemu_set_irq(host->pci.

Re: [Qemu-devel] [PATCH] sii3112: Change angle brackets to quotes in #include lines

[Peter Maydell]

On 30 January 2018 at 13:10, BALATON Zoltan  wrote:
> This matches what other files do for qemu includes
>
> Signed-off-by: BALATON Zoltan 

Reviewed-by: Peter Maydell 

thanks
-- PMM

Re: [Qemu-devel] [PATCH 01/18] Clean up includes

[BALATON Zoltan]

On Tue, 30 Jan 2018, Markus Armbruster wrote:

Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.

This commit was created with scripts/clean-includes, with the change
to target/s390x/gen-features.c manually reverted, and blank lines
around deletions collapsed.

Signed-off-by: Markus Armbruster 
---
block/parallels.h |  1 -
hw/block/vhost-user-blk.c |  1 -
hw/ide/sii3112.c  |  1 +
hw/nvram/eeprom_at24c.c   |  3 +--
hw/tpm/tpm_emulator.c |  4 
hw/tpm/tpm_int.h  |  2 --
hw/tpm/tpm_ioctl.h|  2 --
hw/xtensa/xtensa_memory.h |  1 -
include/exec/tb-lookup.h  |  2 --
include/hw/intc/xlnx-pmu-iomod-intc.h |  1 -
include/hw/intc/xlnx-zynqmp-ipi.h |  1 -
include/hw/nvram/fw_cfg.h |  1 -
include/hw/pci-bridge/simba.h |  1 -
include/hw/xtensa/xtensa-isa.h|  2 --
include/qapi/clone-visitor.h  |  1 -
include/sysemu/hvf.h  |  2 --
include/ui/console.h  |  1 -
io/channel-websock.c  |  3 ---
linux-user/syscall.c  |  1 -
scsi/pr-helper.h  |  2 --
target/i386/hvf/vmx.h |  1 -
target/i386/hvf/x86hvf.c  |  3 ---
target/xtensa/core-dc232b/xtensa-modules.c|  1 +
target/xtensa/core-dc233c/xtensa-modules.c|  1 +
target/xtensa/core-de212/xtensa-modules.c |  1 +
target/xtensa/core-fsf/xtensa-modules.c   |  1 +
target/xtensa/core-sample_controller/xtensa-modules.c |  1 +
target/xtensa/xtensa-isa.c|  4 +---
tests/migration/stress.c  | 10 +-
tests/ptimer-test.c   |  4 ++--
trace/control-internal.h  |  2 --
31 files changed, 11 insertions(+), 51 deletions(-)

diff --git a/block/parallels.h b/block/parallels.h
index 4b044079ef..5aa101cfc8 100644
--- a/block/parallels.h
+++ b/block/parallels.h
@@ -32,7 +32,6 @@
#ifndef BLOCK_PARALLELS_H
#define BLOCK_PARALLELS_H
#include "qemu/coroutine.h"
-#include "qemu/typedefs.h"

#define HEADS_NUMBER 16
#define SEC_IN_CYL 32
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index b53b4c9c57..f840f07dfe 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -19,7 +19,6 @@
#include "qemu/osdep.h"
#include "qapi/error.h"
#include "qemu/error-report.h"
-#include "qemu/typedefs.h"
#include "qemu/cutils.h"
#include "qom/object.h"
#include "hw/qdev-core.h"
diff --git a/hw/ide/sii3112.c b/hw/ide/sii3112.c
index 17aa930e39..a5d1776756 100644
--- a/hw/ide/sii3112.c
+++ b/hw/ide/sii3112.c
@@ -12,6 +12,7 @@
 * http://wiki.osdev.org/User:Quok/Silicon_Image_Datasheets
 */

+#include "qemu/osdep.h"
#include 
#include 
#include "trace.h"


This is wrong. I've sent a patch instead to change angle brackets to 
quotes for these two includes. This wasn't catched either by checkpatch 
nor review though so maybe it could be added to checkpatch if quotes are 
the preferred style for these includes.


Regards,
BALATON Zoltan

Re: [Qemu-devel] SDL2 UI behavior of switching views

[BALATON Zoltan]

On Tue, 30 Jan 2018, Gerd Hoffmann wrote:

On Mon, Jan 29, 2018 at 07:21:02PM +0100, BALATON Zoltan wrote:

Is there an option also to get back the old SDL1 behaviour with SDL2? Could
that be made the default to make the transition easier?


Well, that kind of flexibility is alot harder to do with SDL as it
doesn't offer widgets to manage views ...


How did it work with SDL1 and what prevents it from working the same way 
with SDL2?



How about using gtk instead?


That's not a solution to the problem. Why do we have other backends than 
gtk if they aren't meant to be used? (Others already gave reasons to 
prefer SDL over gtk such as leaner, simpler interface which is also faster 
to start up, also useful if one dosen't need any of the frills the gtk 
interface provides or uses QEMU on a low-end system or platform where gtk 
is not supported.)


Regards,
BALATON Zoltan

Re: [Qemu-devel] [PATCH] linux-user/signal.c: Rename MC_* defines

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 1517318239-15764-1-git-send-email-peter.mayd...@linaro.org
Subject: [Qemu-devel] [PATCH] linux-user/signal.c: Rename MC_* defines

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/1517318239-15764-1-git-send-email-peter.mayd...@linaro.org -> 
patchew/1517318239-15764-1-git-send-email-peter.mayd...@linaro.org
 * [new tag]   patchew/20180130131716.5899d745...@zero.eik.bme.hu 
-> patchew/20180130131716.5899d745...@zero.eik.bme.hu
Switched to a new branch 'test'
06d9bfbde9 linux-user/signal.c: Rename MC_* defines

=== OUTPUT BEGIN ===
Checking PATCH 1/1: linux-user/signal.c: Rename MC_* defines...
ERROR: do not use C99 // comments
#157: FILE: linux-user/signal.c:2980:
+//__put_user(env->tstate, &((*grp)[SPARC_MC_TSTATE]));

total: 1 errors, 0 warnings, 147 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@freelists.org

[Qemu-devel] [PATCH v2 1/1] Fix configure for s390 qemu on alpine and other busybox environments

[Christian Borntraeger]

From: Alice Frosi 

In alpine docker image the qemu-system-s390x build is broken and
it throws this error:
qemu-system-s390x: Initialization of device s390-ipl failed: could not
load bootloader 's390-ccw.img'

The grep command of busybox uses regex. This fails on binary data
(e.g. stops on every \0), so it does not identify the string
BiGeNdIaN in the test case big/little. Therefore, it assumes
that the architecture is little endian.

This fix solves the grep problem by printing the content of
TMPO with strings

Signed-off-by: Alice Frosi 
Signed-off-by: Christian Borntraeger 
[some changes to patch description, add -a option to strings]
---
v1->v2:
- Fix email address of Alice
- Fix patch prefix

 configure | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure b/configure
index 6d8c996c62..383b14e991 100755
--- a/configure
+++ b/configure
@@ -1906,9 +1906,9 @@ int main(int argc, char *argv[]) {
 EOF
 
 if compile_object ; then
-if grep -q BiGeNdIaN $TMPO ; then
+if strings -a $TMPO | grep -q BiGeNdIaN ; then
 bigendian="yes"
-elif grep -q LiTtLeEnDiAn $TMPO ; then
+elif strings -a $TMPO | grep -q LiTtLeEnDiAn ; then
 bigendian="no"
 else
 echo big/little test failed
-- 
2.13.4

[Qemu-devel] [PATCH v2 0/1] Fix binary build of qemu-system-s390x on alpine

[Christian Borntraeger]

Peter, Paolo,

sending this to you as you have the most commits on configure.
If you are ok with it, we can also carry that via the s390 tree.

Alice Frosi (1):
  Fix configure for s390 qemu on alpine and other busybox environments

 configure | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.13.4

Re: [Qemu-devel] [PATCH] iotests: Fix CID for VMDK afl image

[Eric Blake]

On 01/30/2018 12:25 AM, Fam Zheng wrote:
> This reverts commit 76bf133c4 which updated the reference output, and
> fixed the reference image, because the code path we want to exercise is
> actually the invalid image size.
> 
> The descriptor block in the image, which includes the CID to verify, has been
> invalid since the reference image was added. Since commit 9877860e7bd we 
> report
> this error earlier than the "file too large", so 059.out mismatches.
> 
> The binary change is generated along the operations of:
> 
>   $ bunzip2 afl9.vmdk.bz2
>   $ qemu-img create -f vmdk fix.vmdk 1G
>   $ dd if=afl9.vmdk.bz2 of=fix.vmdk bs=512 count=1 conv=notrunc

Is the .bz2 suffix spurious here?

>   $ mv fix.vmdk afl9.vmdk
>   $ bzip2 afl9.vmdk
> 
> Signed-off-by: Fam Zheng 
> 
> ---
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v6 1/2] qemu-img.texi: Clean up parameter list

[Eric Blake]

On 01/30/2018 12:34 AM, Fam Zheng wrote:
> Split options out of the "@table @var" section and create a "@table
> @option", then use whitespaces and blank lines consistently.
> 
> Suggested-by: Kevin Wolf 
> Signed-off-by: Fam Zheng 
> ---
>  qemu-img.texi | 66 
> +++
>  1 file changed, 39 insertions(+), 27 deletions(-)

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v6 2/2] qemu-img: Document --force-share / -U

[Eric Blake]

On 01/30/2018 12:34 AM, Fam Zheng wrote:
> Signed-off-by: Fam Zheng 
> Signed-off-by: Kevin Wolf 
> ---
>  qemu-img.texi | 7 +++
>  1 file changed, 7 insertions(+)
> 

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] tests/virtio-9p: explicitely handle potential integer overflows

[Eric Blake]

On 01/30/2018 02:32 AM, Greg Kurz wrote:
> Signed-off-by: Greg Kurz 

In the subject: s/explicitely/explicitly/

> ---
>  tests/virtio-9p-test.c |   31 +--
>  1 file changed, 21 insertions(+), 10 deletions(-)
> 
> This is based on SHA1 2eab02aa260ac5405e1e51c9cc1b4c3aa23fc45a from my
> 9p-next branch:
> 
> https://github.com/gkurz/qemu/commits/9p-next

I don't think patchew recognizes those sorts of references yet; better
might be:

Based-on: <151675071042.29381.16225631028845063799.st...@bahia.lan>
([PATCH 0/7] tests: virtio-9p: test request cancellation)

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] iotests: Fix CID for VMDK afl image

[Fam Zheng]

On Tue, Jan 30, 2018 at 9:48 PM, Eric Blake  wrote:
> On 01/30/2018 12:25 AM, Fam Zheng wrote:
>> This reverts commit 76bf133c4 which updated the reference output, and
>> fixed the reference image, because the code path we want to exercise is
>> actually the invalid image size.
>>
>> The descriptor block in the image, which includes the CID to verify, has been
>> invalid since the reference image was added. Since commit 9877860e7bd we 
>> report
>> this error earlier than the "file too large", so 059.out mismatches.
>>
>> The binary change is generated along the operations of:
>>
>>   $ bunzip2 afl9.vmdk.bz2
>>   $ qemu-img create -f vmdk fix.vmdk 1G
>>   $ dd if=afl9.vmdk.bz2 of=fix.vmdk bs=512 count=1 conv=notrunc
>
> Is the .bz2 suffix spurious here?

Hmm, yes. I have no idea why it is here. :-/

Fam

>
>>   $ mv fix.vmdk afl9.vmdk
>>   $ bzip2 afl9.vmdk
>>
>> Signed-off-by: Fam Zheng 
>>
>> ---
>>
>
> Reviewed-by: Eric Blake 
>
> --
> Eric Blake, Principal Software Engineer
> Red Hat, Inc.   +1-919-301-3266
> Virtualization:  qemu.org | libvirt.org
>

Re: [Qemu-devel] [PATCH V4 0/7] CAN bus support for QEMU (SJA1000 PCI so far)

[Paolo Bonzini]

On 25/01/2018 22:33, Pavel Pisa wrote:
> Hello Paolo,
> 
> thanks for suggestions. I understand and fully agree with your
> request to switch to QOM. I have succeed with that for CAN devices
> some time ago. It worth to be done for the rest of the objects
> but I fear that I do not find time to complete QOMification
> in reasonable future. Contributions/suggestions from other
> are welcomed. I can look for students for GSoC at our university
> or under other funding.

Please take a look at branch can-pci-qom of github.com/bonzini/qemu.git.
 Apart from QOMification of the backend include, I simplified the IRQ
handling in can_kvaser_pci (fixing bugs too I think), and removed an
unnecessary mutex.  I also moved the files to net/can and hw/net/can so
that in the future Jason (networking maintainer) can take care of pull
requests.

I might have broken something, and the top commit in particular is
completely untested.

Paolo

Re: [Qemu-devel] [PATCH] block/mirror: change the semantic of 'force' of block-job-cancel

[Eric Blake]

On 01/30/2018 02:38 AM, Liang Li wrote:
> When doing drive mirror to a low speed shared storage, if there was heavy
> BLK IO write workload in VM after the 'ready' event, drive mirror block job
> can't be canceled immediately, it would keep running until the heavy BLK IO
> workload stopped in the VM.

So far so good.   But the grammar and explanation in the rest of the
commit is a bit hard to read; let me give a shot at an alternative wording:

Libvirt depends on the current block-job-cancel semantics, which is that
when used without a flag after the 'ready' event, the command blocks
until data is in sync.  However, these semantics are awkward in other
situations, for example, people may use drive mirror for realtime
backups while still wanting to use block live migration.  Libvirt cannot
start a block live migration while another drive mirror is in progress,
but the user would rather abandon the backup attempt as broken and
proceed with the live migration than be stuck waiting for the current
drive mirror backup to finish.

The drive-mirror command already includes a 'force' flag, which libvirt
does not use, although it documented the flag as only being useful to
quit a job which is paused.  However, since quitting a paused job has
the same effect as abandoning a backup in a non-paused job (namely, the
destination file is not in sync, and the command completes immediately),
we can just improve the documentation to make the force flag obviously
useful.

> 
> Cc: Paolo Bonzini 
> Cc: Jeff Cody 
> Cc: Kevin Wolf 
> Cc: Max Reitz 
> Cc: Eric Blake 
> Cc: John Snow 
> Reported-by: Huaitong Han 
> Signed-off-by: Huaitong Han 
> Signed-off-by: Liang Li 
> ---


> +++ b/hmp-commands.hx
> @@ -106,7 +106,8 @@ ETEXI
>  .args_type  = "force:-f,device:B",
>  .params = "[-f] device",
>  .help   = "stop an active background block operation (use -f"
> -  "\n\t\t\t if the operation is currently paused)",
> +  "\n\t\t\t if you want to abort the operation 
> immediately"
> +  "\n\t\t\t instead of keep running until data is in 
> sync )",

s/sync )/sync)/

>  .cmd= hmp_block_job_cancel,
>  },
>  
> diff --git a/include/block/blockjob.h b/include/block/blockjob.h
> index 00403d9..4a96c42 100644
> --- a/include/block/blockjob.h
> +++ b/include/block/blockjob.h
> @@ -63,6 +63,12 @@ typedef struct BlockJob {
>  bool cancelled;
>  
>  /**
> + * Set to true if the job should be abort immediately without waiting

s/be //

> + * for data is in sync.

s/is/to be/

> + */
> +bool force;
> +
> +/**
>   * Counter for pause request. If non-zero, the block job is either 
> paused,
>   * or if busy == true will pause itself as soon as possible.
>   */
> @@ -218,10 +224,11 @@ void block_job_start(BlockJob *job);
>  /**
>   * block_job_cancel:
>   * @job: The job to be canceled.
> + * @force: Quit a job without waiting data is in sync.

s/data is/for data to be/

> +++ b/qapi/block-core.json
> @@ -2098,8 +2098,10 @@
>  #  the name of the parameter), but since QEMU 2.7 it can have
>  #  other values.
>  #
> -# @force: whether to allow cancellation of a paused job (default
> -# false).  Since 1.3.
> +# @force: #optional whether to allow cancellation a job without waiting data 
> is

The '#optional' tag should no longer be added.

> +# in sync, please not that since 2.12 it's semantic is not exactly 
> the
> +# same as before, from 1.3 to 2.11 it means whether to allow 
> cancellation
> +# of a paused job (default false).  Since 1.3.

Reads awkwardly.  I suggest:

@force: If true, and the job has already emitted the event
BLOCK_JOB_READY, abandon the job immediately (even if it is paused)
instead of waiting for the destination to complete its final
synchronization (since 1.3)


> +++ b/tests/test-blockjob-txn.c
> @@ -125,7 +125,7 @@ static void test_single_job(int expected)
>  block_job_start(job);
>  
>  if (expected == -ECANCELED) {
> -block_job_cancel(job);
> +block_job_cancel(job, false);
>  }
>  
>  while (result == -EINPROGRESS) {
> @@ -173,10 +173,10 @@ static void test_pair_jobs(int expected1, int expected2)
>  block_job_txn_unref(txn);
>  
>  if (expected1 == -ECANCELED) {
> -block_job_cancel(job1);
> +block_job_cancel(job1, false);
>  }
>  if (expected2 == -ECANCELED) {
> -block_job_cancel(job2);
> +block_job_cancel(job2, false);
>  }
>  
>  while (result1 == -EINPROGRESS || result2 == -EINPROGRESS) {
> @@ -231,7 +231,7 @@ static void test_pair_jobs_fail_cancel_race(void)
>  block_job_start(job1);
>  block_job_start(job2);
>  
> -block_job_cancel(job1);
> +block_job_cancel(job1, false);
>  
>  /* Now make job2 finish before the main loop kicks jobs.  This simulates
>   * the race between a pending kick and another job completing

Re: [Qemu-devel] [PATCH v7 8/9] qcow2: skip writing zero buffers to empty COW areas

[Anton Nefedov]

On 29/1/2018 11:28 PM, Max Reitz wrote:

On 2018-01-18 18:49, Anton Nefedov wrote:

If COW areas of the newly allocated clusters are zeroes on the backing image,
efficient bdrv_write_zeroes(flags=BDRV_REQ_ALLOCATE) can be used on the whole
cluster instead of writing explicit zero buffers later in perform_cow().

iotest 060:
write to the discarded cluster does not trigger COW anymore.
Use a backing image instead.

iotest 066:
cluster-alignment areas that were not really COWed are now detected
as zeroes, hence the initial write has to be exactly the same size for
the maps to match

Signed-off-by: Anton Nefedov 
---
  qapi/block-core.json   |  4 ++-
  block/qcow2.h  |  6 +
  block/qcow2-cluster.c  |  2 +-
  block/qcow2.c  | 66 --
  block/trace-events |  1 +
  tests/qemu-iotests/060 | 26 +++---
  tests/qemu-iotests/060.out |  5 +++-
  tests/qemu-iotests/066 |  2 +-
  tests/qemu-iotests/066.out |  4 +--
  9 files changed, 98 insertions(+), 18 deletions(-)


[...]


@@ -1875,6 +1880,52 @@ static bool is_zero(BlockDriverState *bs, int64_t 
offset, int64_t bytes)
  return res >= 0 && (res & BDRV_BLOCK_ZERO) && nr == bytes;
  }
  
+static bool is_zero_cow(BlockDriverState *bs, QCowL2Meta *m)

+{
+return is_zero(bs, m->offset + m->cow_start.offset,
+   m->cow_start.nb_bytes) &&
+   is_zero(bs, m->offset + m->cow_end.offset, m->cow_end.nb_bytes);
+}
+
+static int handle_alloc_space(BlockDriverState *bs, QCowL2Meta *l2meta)
+{
+BDRVQcow2State *s = bs->opaque;
+QCowL2Meta *m;
+
+for (m = l2meta; m != NULL; m = m->next) {
+int ret;
+
+if (!m->cow_start.nb_bytes && !m->cow_end.nb_bytes) {
+continue;
+}
+
+if (bs->encrypted) {
+continue;
+}


Not sure if the compiler optimizes this anyway, but I'd pull this out of
the loop.



An imprint of the following patches (which were dropped from this
series) - preallocation ahead of image EOF, which takes action
regardless of image encryption.

But I'll leave the check outside the loop until it's needed
there.



Maybe you could put all of the conditions under which this function can
actually do something at its beginning: That is, we can't do anything if
the BDS is encrypted or if bs->file does not support BDRV_REQ_ALLOCATE
(and then you just call this function unconditionally in
qcow2_co_pwritev()).



Done.


+if (!is_zero_cow(bs, m)) {
+continue;
+}


Is this really efficient?  I remember someone complaining about
bdrv_co_block_status() being kind of slow on some filesystems, so
there'd be a tradeoff depending on how it compares to just reading up to
two clusters from the backing file -- especially considering that the OS
can query the same information just as quickly, and thus the only
overhead the read should have is a memset() (assuming the OS is clever).

So basically my question is whether it would be better to just skip this
if we have any backing file at all and only do this optimization if
there is none.



So what we trade between is
(read+write) vs (lseek+fallocate or lseek+read+write).

Indeed if it comes to lseek the profit is smaller, and we're probably
unlikely to find a hole anyway.

Maybe it's good enough to cover these cases:
 1. no backing
 2. beyond bdrv_getlength() in backing
 3. unallocated in backing qcow2 (covers 'beyond bdrv_getlength()
  in backing->file')

1 & 2 are easy to check;
3: if that's not too hacky maybe we can do the bdrv_is_allocated() check
for qcow2 exclusively and if there is raw (or any other format) backing
image - do the COW


+
+BLKDBG_EVENT(bs->file, BLKDBG_CLUSTER_ALLOC_SPACE);
+/* instead of writing zero COW buffers,
+   efficiently zero out the whole clusters */
+ret = bdrv_co_pwrite_zeroes(bs->file, m->alloc_offset,
+m->nb_clusters * s->cluster_size,
+BDRV_REQ_ALLOCATE);
+if (ret < 0) {
+if (ret != -ENOTSUP && ret != -EAGAIN) {
+return ret;
+}
+continue;
+}
+
+trace_qcow2_skip_cow(qemu_coroutine_self(), m->offset, m->nb_clusters);
+m->skip_cow = true;
+}
+return 0;
+}
+
  static coroutine_fn int qcow2_co_pwritev(BlockDriverState *bs, uint64_t 
offset,
   uint64_t bytes, QEMUIOVector *qiov,
   int flags)


[...]


diff --git a/block/trace-events b/block/trace-events
index 11c8d5f..c9fa596 100644
--- a/block/trace-events
+++ b/block/trace-events
@@ -61,6 +61,7 @@ qcow2_writev_done_part(void *co, int cur_bytes) "co %p cur_bytes 
%d"
  qcow2_writev_data(void *co, uint64_t offset) "co %p offset 0x%" PRIx64
  qcow2_pwrite_zeroes_start_req(void *co, int64_t offset, int count) "co %p 

Re: [Qemu-devel] [PATCH v6 2/2] qemu-img: Document --force-share / -U

[Eric Blake]

On 01/30/2018 12:34 AM, Fam Zheng wrote:
> Signed-off-by: Fam Zheng 
> Signed-off-by: Kevin Wolf 
> ---
>  qemu-img.texi | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/qemu-img.texi b/qemu-img.texi
> index 60a0e080c6..ec7e2f5d1e 100644
> --- a/qemu-img.texi
> +++ b/qemu-img.texi
> @@ -86,6 +86,13 @@ exclusive with the @var{-O} parameters. It is currently 
> required to also use
>  the @var{-n} parameter to skip image creation. This restriction may be 
> relaxed
>  in a future release.
>  
> +@item --force-share (-U)
> +If specified, @code{qemu-img} will open the image in shared mode, allowing
> +concurrent writers. For example, this can be used to get the image 
> information

Actually, we only permit one writer at a time.  Would it be better to
say "allowing a concurrent writer"?

> +(with 'info' subcommand) when the image is used by a running guest.  Note 
> that
> +this could produce inconsistent results because of concurrent metadata 
> changes,
> +etc. This option is only allowed when opening images in read-only mode.

After all, we are stating that this process (which must be read-only,
because we can't have two writers at once) is permitting some other
process to be the concurrent writer (but not multiple processes to be
concurrent writers)


-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH v6 2/2] qemu-img: Document --force-share / -U

[Kashyap Chamarthy]

On Tue, Jan 30, 2018 at 08:23:50AM -0600, Eric Blake wrote:
> On 01/30/2018 12:34 AM, Fam Zheng wrote:

[...]

> > +If specified, @code{qemu-img} will open the image in shared mode, allowing
> > +concurrent writers. For example, this can be used to get the image 
> > information
> 
> Actually, we only permit one writer at a time.  Would it be better to
> say "allowing a concurrent writer"?

Definitely worth rewording.  Otherwise the two sentences:

"If specified, @code{qemu-img} will open the image in shared mode,
 allowing concurrent writers."

"This option is only allowed when opening images in read-only mode."

are at odds with each other --- it says "concurrent writers" are
allowed, BUT "allowed only when opening images in 'read-only' mode".

> > +(with 'info' subcommand) when the image is used by a running guest.  Note 
> > that
> > +this could produce inconsistent results because of concurrent metadata 
> > changes,
> > +etc. This option is only allowed when opening images in read-only mode.
> 
> After all, we are stating that this process (which must be read-only,
> because we can't have two writers at once) is permitting some other
> process to be the concurrent writer (but not multiple processes to be
> concurrent writers)

Precisely.  So it's worth being clearer.

With the rewording suggested by Eric:

Reviewed-by: Kashyap Chamarthy 

-- 
/kashyap

Re: [Qemu-devel] [RFC 0/2] Use SDL to create an OpenGL ES context for virglrenderer.

[Elie Tournier]

On Mon, Jan 29, 2018 at 07:08:30PM +0100, Gerd Hoffmann wrote:
Hello,

First, thanks for your reply.
I added some comments and questions below.

Cheers,
Elie

>   Hi,
> 
> > > In order to use this feature, we need to create a gles context.
> > > This series add an option (`-display sdl,gles=on`) in the SDL display to 
> > > create that context.
> > 
> > Humble ping.
> > I didn't get any comment on this series.
> 
> Well, display configuration is going to be rewritten, and while that is
> in flight adding new config options isn't a good idea b/c things will
> conflict ...
I'm wondering how extensive this rewrite is going to be. Did you plan to modify 
the qemu interface?
If someone already start working on this task, can you send me the link to the 
repository?
I will be happy to help if needed.
> 
> Beside that:  Is a new config option actually needed in the first place?
> 
> Ideally qemu (or sdl) would figure on its own that a full core context
> isn't available and try fallback to gles then.
I'm fine with this idea.
However, I think we still need to add a way to the user to choose the backend 
he want.
> 
> cheers,
>   Gerd
> 

Re: [Qemu-devel] SDL2 UI behavior of switching views

[Gerd Hoffmann]

On Tue, Jan 30, 2018 at 02:35:02PM +0100, BALATON Zoltan wrote:
> On Tue, 30 Jan 2018, Gerd Hoffmann wrote:
> > On Mon, Jan 29, 2018 at 07:21:02PM +0100, BALATON Zoltan wrote:
> > > Is there an option also to get back the old SDL1 behaviour with SDL2? 
> > > Could
> > > that be made the default to make the transition easier?
> > 
> > Well, that kind of flexibility is alot harder to do with SDL as it
> > doesn't offer widgets to manage views ...
> 
> How did it work with SDL1 and what prevents it from working the same way
> with SDL2?

SDL1 has a single window for all consoles.
SDL2 has one window for each console.

Fixed.  Not switchable, neither for SDL1 nor for SDL2.

It sure is possible to make it runtime switchable, but I expect it is
more much difficuilt to code up when compared to gtk due to the lack of
widgets.  gtk has one widget per console, I can hook the console widgets
into my widget/window tree as I like and gtk handles alot of the
management for me.

But feel free to try and send patches.

> > How about using gtk instead?
> 
> That's not a solution to the problem. Why do we have other backends than gtk
> if they aren't meant to be used?

Well, I personally prefer the gtk ui, so my personal focus is there.
I basically run SDL only when testing patches or when touching qemu
console interfaces and coding up the SDL part of it.

BTW: Is anyone who uses SDL more regularely than I do willing to (co-)
maintain the SDL interface?

> (Others already gave reasons to prefer SDL
> over gtk such as leaner, simpler interface

Can't see much of a difference here.  gtk has a menu bar, sdl hasn't,
otherwise the two look the same and most hotkeys are the same too.

Adding an option to hide the gtk menu bar shouldn't be much of an issue,
some code for that is already there as gtk hides the menu bar in
fullscreen mode.

> which is also faster to start up,

qemu startup is instant for me no matter which UI (maybe because I run
gnome so all the shared libs are already in memory).

> also useful if one dosen't need any of the frills the gtk interface provides

You can just ignore the stuff you don't need, it doesn't hurt ...

> or uses QEMU on a low-end system or

Seriously?  Running virtual machines on a system that low-end that gtk
overhead is is an issue?

> platform where gtk is not supported.)

Do we have any?

I think at the end of the day it boils down to personal preference.
Which is perfectly fine.  But it needs someone who finds sdl important
enough to step up and care about it.

cheers,
  Gerd

[Qemu-devel] [PATCH 0/7] target/arm: Implement M profile derived exceptions

[Peter Maydell]

In the Arm M-profile architecture, the process of taking or
returning from an exception can itself cause an exception
(for instance if there is an MPU permissions fault when
writing or reading the exception stack frame). This is called
a derived exception. Currently we don't implement this at
all in QEMU, instead just doing direct physical address
loads and stores which bypass MPU/SAU checks.

This patchset changes all the loads and stores we do on
exception entry and exit so that they do the MPU and SAU checks
and handle failures in the architecturally required way.

A note for reviewers: the way I've structured handling of
derived exceptions on exception entry diverges a bit from the
structure of the v8M Arm ARM pseudocode. In the pseudocode,
derived exceptions cause the attempt to process the original
exception to be abandoned (either without calling TakeException,
or bailing out of TakeException partway through). Then at the top
level the pseudocode calls DerivedLateArrival to prioritize the
derived exception and call TakeException from there.
For the QEMU implementation, I chose to let the NVIC do the
prioritization and continue forward, so that the call to
v7m_exception_taken() will then take either the original or the
erived exception. The effect is the same, but this structure works
better for QEMU, because we don't have a convenient top level place
to do the abandon-and-retry logic.

(The motivation for filling in this missing bit of functionality
is that the Zephyr RTOS would like to implement stack-overrun
checking on v7M cores using the MPU, so noticing permissions
failures when exceptions frames are written to the stack is
important.)

Peter Maydell (7):
  target/arm: Add armv7m_nvic_set_pending_derived()
  target/arm: Split "get pending exception info" from "acknowledge it"
  target/arm: Add ignore_stackfaults argument to v7m_exception_taken()
  target/arm: Make v7M exception entry stack push check MPU
  target/arm: Make v7m_push_callee_stack() honour MPU
  target/arm: Make exception vector loads honour the SAU
  target/arm: Handle exceptions during exception stack pop

 target/arm/cpu.h  |  32 -
 hw/intc/armv7m_nvic.c |  98 +++--
 target/arm/helper.c   | 392 --
 hw/intc/trace-events  |   5 +-
 4 files changed, 435 insertions(+), 92 deletions(-)

-- 
2.7.4

[Qemu-devel] [PATCH 3/7] target/arm: Add ignore_stackfaults argument to v7m_exception_taken()

[Peter Maydell]

In the v8M architecture, if the process of taking an exception
results in a further exception this is called a derived exception
(for example, an MPU exception when writing the exception frame to
memory). If the derived exception happens while pushing the initial
stack frame, we must ignore any subsequent possible exception
pushing the callee-saves registers.

In preparation for making the stack writes check for exceptions,
add a return value from v7m_push_stack() and a new parameter to
v7m_exception_taken(), so that the former can tell the latter that
it needs to ignore failures to write to the stack. We also plumb
the argument through to v7m_push_callee_stack(), which is where
the code to ignore the failures will be.

(Note that the v8M ARM pseudocode structures this slightly differently:
derived exceptions cause the attempt to process the original
exception to be abandoned; then at the top level it calls
DerivedLateArrival to prioritize the derived exception and call
TakeException from there. We choose to let the NVIC do the prioritization
and continue forward with a call to TakeException which will then
take either the original or the derived exception. The effect is
the same, but this structure works better for QEMU because we don't
have a convenient top level place to do the abandon-and-retry logic.)

Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 35 +++
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6062f38..c713eea 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6419,7 +6419,8 @@ static uint32_t arm_v7m_load_vector(ARMCPU *cpu, int exc, 
bool targets_secure)
 return addr;
 }
 
-static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain)
+static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
+  bool ignore_faults)
 {
 /* For v8M, push the callee-saves register part of the stack frame.
  * Compare the v8M pseudocode PushCalleeStack().
@@ -6453,7 +6454,8 @@ static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t 
lr, bool dotailchain)
 *frame_sp_p = frameptr;
 }
 
-static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain)
+static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
+bool ignore_stackfaults)
 {
 /* Do the "take the exception" parts of exception entry,
  * but not the pushing of state to the stack. This is
@@ -6490,7 +6492,8 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, 
bool dotailchain)
  */
 if (lr & R_V7M_EXCRET_DCRS_MASK &&
 !(dotailchain && (lr & R_V7M_EXCRET_ES_MASK))) {
-v7m_push_callee_stack(cpu, lr, dotailchain);
+v7m_push_callee_stack(cpu, lr, dotailchain,
+  ignore_stackfaults);
 }
 lr |= R_V7M_EXCRET_DCRS_MASK;
 }
@@ -6551,10 +6554,13 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t 
lr, bool dotailchain)
 env->thumb = addr & 1;
 }
 
-static void v7m_push_stack(ARMCPU *cpu)
+static bool v7m_push_stack(ARMCPU *cpu)
 {
 /* Do the "set up stack frame" part of exception entry,
  * similar to pseudocode PushStack().
+ * Return true if we generate a derived exception (and so
+ * should ignore further stack faults trying to process
+ * that derived exception.)
  */
 CPUARMState *env = &cpu->env;
 uint32_t xpsr = xpsr_read(env);
@@ -6574,6 +6580,8 @@ static void v7m_push_stack(ARMCPU *cpu)
 v7m_push(env, env->regs[2]);
 v7m_push(env, env->regs[1]);
 v7m_push(env, env->regs[0]);
+
+return false;
 }
 
 static void do_v7m_exception_exit(ARMCPU *cpu)
@@ -6719,7 +6727,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 if (sfault) {
 env->v7m.sfsr |= R_V7M_SFSR_INVER_MASK;
 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_SECURE, false);
-v7m_exception_taken(cpu, excret, true);
+v7m_exception_taken(cpu, excret, true, false);
 qemu_log_mask(CPU_LOG_INT, "...taking SecureFault on existing "
   "stackframe: failed EXC_RETURN.ES validity check\n");
 return;
@@ -6731,7 +6739,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
  */
 env->v7m.cfsr[env->v7m.secure] |= R_V7M_CFSR_INVPC_MASK;
 armv7m_nvic_set_pending(env->nvic, ARMV7M_EXCP_USAGE, env->v7m.secure);
-v7m_exception_taken(cpu, excret, true);
+v7m_exception_taken(cpu, excret, true, false);
 qemu_log_mask(CPU_LOG_INT, "...taking UsageFault on existing "
   "stackframe: failed exception return integrity check\n");
 return;
@@ -6779,7 +6787,7 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 /* Take a SecureFault on the current stack */

[Qemu-devel] [PATCH 2/7] target/arm: Split "get pending exception info" from "acknowledge it"

[Peter Maydell]

Currently armv7m_nvic_acknowledge_irq() does three things:
 * make the current highest priority pending interrupt active
 * return a bool indicating whether that interrupt is targeting
   Secure or NonSecure state
 * implicitly tell the caller which is the highest priority
   pending interrupt by setting env->v7m.exception

We need to split these jobs, because v7m_exception_taken()
needs to know whether the pending interrupt targets Secure so
it can choose to stack callee-saves registers or not, but it
must not make the interrupt active until after it has done
that stacking, in case the stacking causes a derived exception.
Similarly, it needs to know the number of the pending interrupt
so it can read the correct vector table entry before the
interrupt is made active, because vector table reads might
also cause a derived exception.

Create a new armv7m_nvic_get_pending_irq_info() function which simply
returns information about the highest priority pending interrupt, and
use it to rearrange the v7m_exception_taken() code so we don't
acknowledge the exception until we've done all the things which could
possibly cause a derived exception.

Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h  | 19 ---
 hw/intc/armv7m_nvic.c | 30 +++---
 target/arm/helper.c   | 16 
 hw/intc/trace-events  |  3 ++-
 4 files changed, 53 insertions(+), 15 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index 9ed03e6..f21f68e 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1519,16 +1519,29 @@ void armv7m_nvic_set_pending(void *opaque, int irq, 
bool secure);
  */
 void armv7m_nvic_set_pending_derived(void *opaque, int irq, bool secure);
 /**
+ * armv7m_nvic_get_pending_irq_info: return highest priority pending
+ *exception, and whether it targets Secure state
+ * @opaque: the NVIC
+ * @pirq: set to pending exception number
+ * @ptargets_secure: set to whether pending exception targets Secure
+ *
+ * This function writes the number of the highest priority pending
+ * exception (the one which would be made active by
+ * armv7m_nvic_acknowledge_irq()) to @pirq, and sets @ptargets_secure
+ * to true if the current highest priority pending exception should
+ * be taken to Secure state, false for NS.
+ */
+void armv7m_nvic_get_pending_irq_info(void *opaque, int *pirq,
+  bool *ptargets_secure);
+/**
  * armv7m_nvic_acknowledge_irq: make highest priority pending exception active
  * @opaque: the NVIC
  *
  * Move the current highest priority pending exception from the pending
  * state to the active state, and update v7m.exception to indicate that
  * it is the exception currently being handled.
- *
- * Returns: true if exception should be taken to Secure state, false for NS
  */
-bool armv7m_nvic_acknowledge_irq(void *opaque);
+void armv7m_nvic_acknowledge_irq(void *opaque);
 /**
  * armv7m_nvic_complete_irq: complete specified interrupt or exception
  * @opaque: the NVIC
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index b4a6e7c..360889d 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -650,24 +650,20 @@ void armv7m_nvic_set_pending_derived(void *opaque, int 
irq, bool secure)
 }
 
 /* Make pending IRQ active.  */
-bool armv7m_nvic_acknowledge_irq(void *opaque)
+void armv7m_nvic_acknowledge_irq(void *opaque)
 {
 NVICState *s = (NVICState *)opaque;
 CPUARMState *env = &s->cpu->env;
 const int pending = s->vectpending;
 const int running = nvic_exec_prio(s);
 VecInfo *vec;
-bool targets_secure;
 
 assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
 
 if (s->vectpending_is_s_banked) {
 vec = &s->sec_vectors[pending];
-targets_secure = true;
 } else {
 vec = &s->vectors[pending];
-targets_secure = !exc_is_banked(s->vectpending) &&
-exc_targets_secure(s, s->vectpending);
 }
 
 assert(vec->enabled);
@@ -675,7 +671,7 @@ bool armv7m_nvic_acknowledge_irq(void *opaque)
 
 assert(s->vectpending_prio < running);
 
-trace_nvic_acknowledge_irq(pending, s->vectpending_prio, targets_secure);
+trace_nvic_acknowledge_irq(pending, s->vectpending_prio);
 
 vec->active = 1;
 vec->pending = 0;
@@ -683,8 +679,28 @@ bool armv7m_nvic_acknowledge_irq(void *opaque)
 write_v7m_exception(env, s->vectpending);
 
 nvic_irq_update(s);
+}
+
+void armv7m_nvic_get_pending_irq_info(void *opaque,
+  int *pirq, bool *ptargets_secure)
+{
+NVICState *s = (NVICState *)opaque;
+const int pending = s->vectpending;
+bool targets_secure;
+
+assert(pending > ARMV7M_EXCP_RESET && pending < s->num_irq);
+
+if (s->vectpending_is_s_banked) {
+targets_secure = true;
+} else {
+targets_secure = !exc_is_banked(pending) &&
+exc_targets_secure(s, pending);
+}
+
+trace_nvic_get_pending_irq_info(pending, targets_secure);
 
-

[Qemu-devel] [PATCH 7/7] target/arm: Handle exceptions during exception stack pop

[Peter Maydell]

Handle possible MPU faults, SAU faults or bus errors when
popping register state off the stack during exception return.

Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 115 ++--
 1 file changed, 94 insertions(+), 21 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 6931a9d..3332565 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6223,6 +6223,67 @@ pend_fault:
 return false;
 }
 
+static bool v7m_stack_read(ARMCPU *cpu, uint32_t *dest, uint32_t addr,
+   ARMMMUIdx mmu_idx)
+{
+CPUState *cs = CPU(cpu);
+CPUARMState *env = &cpu->env;
+MemTxAttrs attrs = {};
+MemTxResult txres;
+target_ulong page_size;
+hwaddr physaddr;
+int prot;
+ARMMMUFaultInfo fi;
+bool secure = mmu_idx & ARM_MMU_IDX_M_S;
+int exc;
+bool exc_secure;
+uint32_t value;
+
+if (get_phys_addr(env, addr, MMU_DATA_LOAD, mmu_idx, &physaddr,
+  &attrs, &prot, &page_size, &fi, NULL)) {
+/* MPU/SAU lookup failed */
+if (fi.type == ARMFault_QEMU_SFault) {
+qemu_log_mask(CPU_LOG_INT,
+  "...SecureFault with SFSR.AUVIOL during unstack\n");
+env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK | 
R_V7M_SFSR_SFARVALID_MASK;
+env->v7m.sfar = addr;
+exc = ARMV7M_EXCP_SECURE;
+exc_secure = true;
+} else {
+qemu_log_mask(CPU_LOG_INT,
+  "...MemManageFault with CFSR.MUNSTKERR\n");
+env->v7m.cfsr[secure] |= R_V7M_CFSR_MUNSTKERR_MASK;
+exc = ARMV7M_EXCP_MEM;
+exc_secure = secure;
+}
+goto pend_fault;
+}
+
+value = address_space_ldl(arm_addressspace(cs, attrs), physaddr,
+  attrs, &txres);
+if (txres != MEMTX_OK) {
+/* BusFault trying to read the data */
+qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.UNSTKERR\n");
+env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_UNSTKERR_MASK;
+exc = ARMV7M_EXCP_BUS;
+exc_secure = false;
+goto pend_fault;
+}
+
+*dest = value;
+return true;
+
+pend_fault:
+/* By pending the exception at this point we are making
+ * the IMPDEF choice "overridden exceptions pended" (see the
+ * MergeExcInfo() pseudocode). The other choice would be to not
+ * pend them now and then make a choice about which to throw away
+ * later if we have two derived exceptions.
+ */
+armv7m_nvic_set_pending(env->nvic, exc, exc_secure);
+return false;
+}
+
 /* Return true if we're using the process stack pointer (not the MSP) */
 static bool v7m_using_psp(CPUARMState *env)
 {
@@ -6912,6 +6973,11 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
   !return_to_handler,
   return_to_sp_process);
 uint32_t frameptr = *frame_sp_p;
+bool pop_ok = true;
+ARMMMUIdx mmu_idx;
+
+mmu_idx = arm_v7m_mmu_idx_for_secstate_and_priv(env, return_to_secure,
+!return_to_handler);
 
 if (!QEMU_IS_ALIGNED(frameptr, 8) &&
 arm_feature(env, ARM_FEATURE_V8)) {
@@ -6938,29 +7004,38 @@ static void do_v7m_exception_exit(ARMCPU *cpu)
 return;
 }
 
-env->regs[4] = ldl_phys(cs->as, frameptr + 0x8);
-env->regs[5] = ldl_phys(cs->as, frameptr + 0xc);
-env->regs[6] = ldl_phys(cs->as, frameptr + 0x10);
-env->regs[7] = ldl_phys(cs->as, frameptr + 0x14);
-env->regs[8] = ldl_phys(cs->as, frameptr + 0x18);
-env->regs[9] = ldl_phys(cs->as, frameptr + 0x1c);
-env->regs[10] = ldl_phys(cs->as, frameptr + 0x20);
-env->regs[11] = ldl_phys(cs->as, frameptr + 0x24);
+pop_ok =
+v7m_stack_read(cpu, &env->regs[4], frameptr + 0x8, mmu_idx) &&
+v7m_stack_read(cpu, &env->regs[4], frameptr + 0x8, mmu_idx) &&
+v7m_stack_read(cpu, &env->regs[5], frameptr + 0xc, mmu_idx) &&
+v7m_stack_read(cpu, &env->regs[6], frameptr + 0x10, mmu_idx) &&
+v7m_stack_read(cpu, &env->regs[7], frameptr + 0x14, mmu_idx) &&
+v7m_stack_read(cpu, &env->regs[8], frameptr + 0x18, mmu_idx) &&
+v7m_stack_read(cpu, &env->regs[9], frameptr + 0x1c, mmu_idx) &&
+v7m_stack_read(cpu, &env->regs[10], frameptr + 0x20, mmu_idx) 
&&
+v7m_stack_read(cpu, &env->regs[11], frameptr + 0x24, mmu_idx);
 
 frameptr += 0x28;
 }
 
-/* Pop registers. TODO: make these accesses use the correct
- * attributes and address space (S/NS, priv/unpriv) and handle
- * memory transaction failures.
- */
-env->regs[0] = ldl_phys(cs->as, frameptr);
-env->

[Qemu-devel] [PATCH 1/7] target/arm: Add armv7m_nvic_set_pending_derived()

[Peter Maydell]

In order to support derived exceptions (exceptions generated in
the course of trying to take an exception), we need to be able
to handle prioritizing whether to take the original exception
or the derived exception.

We do this by introducing a new function
armv7m_nvic_set_pending_derived() which the exception-taking code in
helper.c will call when a derived exception occurs.  Derived
exceptions are dealt with mostly like normal pending exceptions, so
we share the implementation with the armv7m_nvic_set_pending()
function.

Note that the way we structure this is significantly different
from the v8M Arm ARM pseudocode: that does all the prioritization
logic in the DerivedLateArrival() function, whereas we choose to
let the existing "identify highest priority exception" logic
do the prioritization for us. The effect is the same, though.

Signed-off-by: Peter Maydell 
---
 target/arm/cpu.h  | 13 ++
 hw/intc/armv7m_nvic.c | 68 +--
 hw/intc/trace-events  |  2 +-
 3 files changed, 80 insertions(+), 3 deletions(-)

diff --git a/target/arm/cpu.h b/target/arm/cpu.h
index d2bb59e..9ed03e6 100644
--- a/target/arm/cpu.h
+++ b/target/arm/cpu.h
@@ -1506,6 +1506,19 @@ static inline bool 
armv7m_nvic_can_take_pending_exception(void *opaque)
  */
 void armv7m_nvic_set_pending(void *opaque, int irq, bool secure);
 /**
+ * armv7m_nvic_set_pending_derived: mark this derived exception as pending
+ * @opaque: the NVIC
+ * @irq: the exception number to mark pending
+ * @secure: false for non-banked exceptions or for the nonsecure
+ * version of a banked exception, true for the secure version of a banked
+ * exception.
+ *
+ * Similar to armv7m_nvic_set_pending(), but specifically for derived
+ * exceptions (exceptions generated in the course of trying to take
+ * a different exception).
+ */
+void armv7m_nvic_set_pending_derived(void *opaque, int irq, bool secure);
+/**
  * armv7m_nvic_acknowledge_irq: make highest priority pending exception active
  * @opaque: the NVIC
  *
diff --git a/hw/intc/armv7m_nvic.c b/hw/intc/armv7m_nvic.c
index 8ca6cee..b4a6e7c 100644
--- a/hw/intc/armv7m_nvic.c
+++ b/hw/intc/armv7m_nvic.c
@@ -503,8 +503,25 @@ static void armv7m_nvic_clear_pending(void *opaque, int 
irq, bool secure)
 }
 }
 
-void armv7m_nvic_set_pending(void *opaque, int irq, bool secure)
+static void do_armv7m_nvic_set_pending(void *opaque, int irq, bool secure,
+   bool derived)
 {
+/* Pend an exception, including possibly escalating it to HardFault.
+ *
+ * This function handles both "normal" pending of interrupts and
+ * exceptions, and also derived exceptions (ones which occur as
+ * a result of trying to take some other exception).
+ *
+ * If derived == true, the caller guarantees that we are part way through
+ * trying to take an exception (but have not yet called
+ * armv7m_nvic_acknowledge_irq() to make it active), and so:
+ *  - s->vectpending is the "original exception" we were trying to take
+ *  - irq is the "derived exception"
+ *  - nvic_exec_prio(s) gives the priority before exception entry
+ * Here we handle the prioritization logic which the pseudocode puts
+ * in the DerivedLateArrival() function.
+ */
+
 NVICState *s = (NVICState *)opaque;
 bool banked = exc_is_banked(irq);
 VecInfo *vec;
@@ -514,7 +531,44 @@ void armv7m_nvic_set_pending(void *opaque, int irq, bool 
secure)
 
 vec = (banked && secure) ? &s->sec_vectors[irq] : &s->vectors[irq];
 
-trace_nvic_set_pending(irq, secure, vec->enabled, vec->prio);
+trace_nvic_set_pending(irq, secure, derived, vec->enabled, vec->prio);
+
+if (derived) {
+/* Derived exceptions are always synchronous. */
+assert(irq >= ARMV7M_EXCP_HARD && irq < ARMV7M_EXCP_PENDSV);
+
+if (irq == ARMV7M_EXCP_DEBUG &&
+exc_group_prio(s, vec->prio, secure) >= nvic_exec_prio(s)) {
+/* DebugMonitorFault, but its priority is lower than the
+ * preempted exception priority: just ignore it.
+ */
+return;
+}
+
+if (irq == ARMV7M_EXCP_HARD && vec->prio >= s->vectpending_prio) {
+/* If this is a terminal exception (one which means we cannot
+ * take the original exception, like a failure to read its
+ * vector table entry), then we must take the derived exception.
+ * If the derived exception can't take priority over the
+ * original exception, then we go into Lockup.
+ *
+ * For QEMU, we rely on the fact that a derived exception is
+ * terminal if and only if it's reported to us as HardFault,
+ * which saves having to have an extra argument is_terminal
+ * that we'd only use in one place.
+ */
+cpu_abort(&s->cpu->parent_obj,
+  "Lockup: can't take terminal de

[Qemu-devel] [PATCH 5/7] target/arm: Make v7m_push_callee_stack() honour MPU

[Peter Maydell]

Make v7m_push_callee_stack() honour the MPU by using the
new v7m_stack_write() function. We return a flag to indicate
whether the pushes failed, which we can then use in
v7m_exception_taken() to cause us to handle the derived
exception correctly.

Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 64 -
 1 file changed, 49 insertions(+), 15 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index 007e760..de0031b 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6473,7 +6473,7 @@ static uint32_t arm_v7m_load_vector(ARMCPU *cpu, int exc, 
bool targets_secure)
 return addr;
 }
 
-static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
+static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
   bool ignore_faults)
 {
 /* For v8M, push the callee-saves register part of the stack frame.
@@ -6481,31 +6481,55 @@ static void v7m_push_callee_stack(ARMCPU *cpu, uint32_t 
lr, bool dotailchain,
  * In the tailchaining case this may not be the current stack.
  */
 CPUARMState *env = &cpu->env;
-CPUState *cs = CPU(cpu);
 uint32_t *frame_sp_p;
 uint32_t frameptr;
+ARMMMUIdx mmu_idx;
+bool stacked_ok;
 
 if (dotailchain) {
-frame_sp_p = get_v7m_sp_ptr(env, true,
-lr & R_V7M_EXCRET_MODE_MASK,
+bool mode = lr & R_V7M_EXCRET_MODE_MASK;
+bool priv = !(env->v7m.control[M_REG_S] & R_V7M_CONTROL_NPRIV_MASK) ||
+!mode;
+
+mmu_idx = arm_v7m_mmu_idx_for_secstate_and_priv(env, M_REG_S, priv);
+frame_sp_p = get_v7m_sp_ptr(env, M_REG_S, mode,
 lr & R_V7M_EXCRET_SPSEL_MASK);
 } else {
+mmu_idx = core_to_arm_mmu_idx(env, cpu_mmu_index(env, false));
 frame_sp_p = &env->regs[13];
 }
 
 frameptr = *frame_sp_p - 0x28;
 
-stl_phys(cs->as, frameptr, 0xfefa125b);
-stl_phys(cs->as, frameptr + 0x8, env->regs[4]);
-stl_phys(cs->as, frameptr + 0xc, env->regs[5]);
-stl_phys(cs->as, frameptr + 0x10, env->regs[6]);
-stl_phys(cs->as, frameptr + 0x14, env->regs[7]);
-stl_phys(cs->as, frameptr + 0x18, env->regs[8]);
-stl_phys(cs->as, frameptr + 0x1c, env->regs[9]);
-stl_phys(cs->as, frameptr + 0x20, env->regs[10]);
-stl_phys(cs->as, frameptr + 0x24, env->regs[11]);
+/* Write as much of the stack frame as we can. A write failure may
+ * cause us to pend a derived exception.
+ */
+stacked_ok =
+v7m_stack_write(cpu, frameptr, 0xfefa125b, mmu_idx, ignore_faults) &&
+v7m_stack_write(cpu, frameptr + 0x8, env->regs[4], mmu_idx,
+ignore_faults) &&
+v7m_stack_write(cpu, frameptr + 0xc, env->regs[5], mmu_idx,
+ignore_faults) &&
+v7m_stack_write(cpu, frameptr + 0x10, env->regs[6], mmu_idx,
+ignore_faults) &&
+v7m_stack_write(cpu, frameptr + 0x14, env->regs[7], mmu_idx,
+ignore_faults) &&
+v7m_stack_write(cpu, frameptr + 0x18, env->regs[8], mmu_idx,
+ignore_faults) &&
+v7m_stack_write(cpu, frameptr + 0x1c, env->regs[9], mmu_idx,
+ignore_faults) &&
+v7m_stack_write(cpu, frameptr + 0x20, env->regs[10], mmu_idx,
+ignore_faults) &&
+v7m_stack_write(cpu, frameptr + 0x24, env->regs[11], mmu_idx,
+ignore_faults);
 
+/* Update SP regardless of whether any of the stack accesses failed.
+ * When we implement v8M stack limit checking then this attempt to
+ * update SP might also fail and result in a derived exception.
+ */
 *frame_sp_p = frameptr;
+
+return !stacked_ok;
 }
 
 static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, bool dotailchain,
@@ -6519,6 +6543,7 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, 
bool dotailchain,
 uint32_t addr;
 bool targets_secure;
 int exc;
+bool push_failed = false;
 
 armv7m_nvic_get_pending_irq_info(env->nvic, &exc, &targets_secure);
 
@@ -6546,8 +6571,8 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t lr, 
bool dotailchain,
  */
 if (lr & R_V7M_EXCRET_DCRS_MASK &&
 !(dotailchain && (lr & R_V7M_EXCRET_ES_MASK))) {
-v7m_push_callee_stack(cpu, lr, dotailchain,
-  ignore_stackfaults);
+push_failed = v7m_push_callee_stack(cpu, lr, dotailchain,
+ignore_stackfaults);
 }
 lr |= R_V7M_EXCRET_DCRS_MASK;
 }
@@ -6589,6 +6614,15 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t 
lr, bool dotailchain,
 }
 }
 
+if (push_failed && !ignore_stackfaults) {
+/* Deri

[Qemu-devel] [PATCH 6/7] target/arm: Make exception vector loads honour the SAU

[Peter Maydell]

Make the load of the exception vector from the vector table honour
the SAU and any bus error on the load (possibly provoking a derived
exception), rather than simply aborting if the load fails.

Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 71 +
 1 file changed, 55 insertions(+), 16 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index de0031b..6931a9d 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6449,28 +6449,63 @@ static uint32_t *get_v7m_sp_ptr(CPUARMState *env, bool 
secure, bool threadmode,
 }
 }
 
-static uint32_t arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure)
+static bool arm_v7m_load_vector(ARMCPU *cpu, int exc, bool targets_secure,
+uint32_t *pvec)
 {
 CPUState *cs = CPU(cpu);
 CPUARMState *env = &cpu->env;
 MemTxResult result;
-hwaddr vec = env->v7m.vecbase[targets_secure] + exc * 4;
-uint32_t addr;
+uint32_t addr = env->v7m.vecbase[targets_secure] + exc * 4;
+uint32_t vector_entry;
+MemTxAttrs attrs = {};
+ARMMMUIdx mmu_idx;
+bool exc_secure;
+
+mmu_idx = arm_v7m_mmu_idx_for_secstate_and_priv(env, targets_secure, true);
 
-addr = address_space_ldl(cs->as, vec,
- MEMTXATTRS_UNSPECIFIED, &result);
+/* We don't do a get_phys_addr() here because the rules for vector
+ * loads are special: they always use the default memory map, and
+ * the default memory map permits reads from all addresses.
+ * Since there's no easy way to pass through to pmsav8_mpu_lookup()
+ * that we want this special case which would always say "yes",
+ * we just do the SAU lookup here followed by a direct physical load.
+ */
+attrs.secure = targets_secure;
+attrs.user = false;
+
+if (arm_feature(env, ARM_FEATURE_M_SECURITY)) {
+V8M_SAttributes sattrs = {};
+
+v8m_security_lookup(env, addr, MMU_DATA_LOAD, mmu_idx, &sattrs);
+if (sattrs.ns) {
+attrs.secure = false;
+} else if (!targets_secure) {
+/* NS access to S memory */
+goto load_fail;
+}
+}
+
+vector_entry = address_space_ldl(arm_addressspace(cs, attrs), addr,
+ attrs, &result);
 if (result != MEMTX_OK) {
-/* Architecturally this should cause a HardFault setting HSFR.VECTTBL,
- * which would then be immediately followed by our failing to load
- * the entry vector for that HardFault, which is a Lockup case.
- * Since we don't model Lockup, we just report this guest error
- * via cpu_abort().
- */
-cpu_abort(cs, "Failed to read from %s exception vector table "
-  "entry %08x\n", targets_secure ? "secure" : "nonsecure",
-  (unsigned)vec);
+goto load_fail;
 }
-return addr;
+*pvec = vector_entry;
+return true;
+
+load_fail:
+/* All vector table fetch fails are reported as HardFault, with
+ * HFSR.VECTTBL and .FORCED set. (FORCED is set because
+ * technically the underlying exception is a MemManage or BusFault
+ * that is escalated to HardFault.) This is a terminal exception,
+ * so we will either take the HardFault immediately or else enter
+ * lockup (the latter case is handled in 
armv7m_nvic_set_pending_derived()).
+ */
+exc_secure = targets_secure ||
+!(cpu->env.v7m.aircr & R_V7M_AIRCR_BFHFNMINS_MASK);
+env->v7m.hfsr |= R_V7M_HFSR_VECTTBL_MASK | R_V7M_HFSR_FORCED_MASK;
+armv7m_nvic_set_pending_derived(env->nvic, ARMV7M_EXCP_HARD, exc_secure);
+return false;
 }
 
 static bool v7m_push_callee_stack(ARMCPU *cpu, uint32_t lr, bool dotailchain,
@@ -6623,7 +6658,11 @@ static void v7m_exception_taken(ARMCPU *cpu, uint32_t 
lr, bool dotailchain,
 return;
 }
 
-addr = arm_v7m_load_vector(cpu, exc, targets_secure);
+if (!arm_v7m_load_vector(cpu, exc, targets_secure, &addr)) {
+/* Vector load failed: derived exception */
+v7m_exception_taken(cpu, lr, true, true);
+return;
+}
 
 /* Now we've done everything that might cause a derived exception
  * we can go ahead and activate whichever exception we're going to
-- 
2.7.4

[Qemu-devel] [PATCH 4/7] target/arm: Make v7M exception entry stack push check MPU

[Peter Maydell]

The memory writes done to push registers on the stack
on exception entry in M profile CPUs are supposed to
go via MPU permissions checks, which may cause us to
take a derived exception instead of the original one of
the MPU lookup fails. We were implementing these as
always-succeeds direct writes to physical memory.
Rewrite v7m_push_stack() to do the necessary checks.

Signed-off-by: Peter Maydell 
---
 target/arm/helper.c | 103 
 1 file changed, 87 insertions(+), 16 deletions(-)

diff --git a/target/arm/helper.c b/target/arm/helper.c
index c713eea..007e760 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -6161,12 +6161,66 @@ uint32_t arm_phys_excp_target_el(CPUState *cs, uint32_t 
excp_idx,
 return target_el;
 }
 
-static void v7m_push(CPUARMState *env, uint32_t val)
+static bool v7m_stack_write(ARMCPU *cpu, uint32_t addr, uint32_t value,
+ARMMMUIdx mmu_idx, bool ignfault)
 {
-CPUState *cs = CPU(arm_env_get_cpu(env));
+CPUState *cs = CPU(cpu);
+CPUARMState *env = &cpu->env;
+MemTxAttrs attrs = {};
+MemTxResult txres;
+target_ulong page_size;
+hwaddr physaddr;
+int prot;
+ARMMMUFaultInfo fi;
+bool secure = mmu_idx & ARM_MMU_IDX_M_S;
+int exc;
+bool exc_secure;
 
-env->regs[13] -= 4;
-stl_phys(cs->as, env->regs[13], val);
+if (get_phys_addr(env, addr, MMU_DATA_STORE, mmu_idx, &physaddr,
+  &attrs, &prot, &page_size, &fi, NULL)) {
+/* MPU/SAU lookup failed */
+if (fi.type == ARMFault_QEMU_SFault) {
+qemu_log_mask(CPU_LOG_INT,
+  "...SecureFault with SFSR.AUVIOL during stacking\n");
+env->v7m.sfsr |= R_V7M_SFSR_AUVIOL_MASK | 
R_V7M_SFSR_SFARVALID_MASK;
+env->v7m.sfar = addr;
+exc = ARMV7M_EXCP_SECURE;
+exc_secure = true;
+} else {
+qemu_log_mask(CPU_LOG_INT, "...MemManageFault with 
CFSR.MSTKERR\n");
+env->v7m.cfsr[secure] |= R_V7M_CFSR_MSTKERR_MASK;
+exc = ARMV7M_EXCP_MEM;
+exc_secure = secure;
+}
+goto pend_fault;
+}
+address_space_stl_le(arm_addressspace(cs, attrs), physaddr, value,
+ attrs, &txres);
+if (txres != MEMTX_OK) {
+/* BusFault trying to write the data */
+qemu_log_mask(CPU_LOG_INT, "...BusFault with BFSR.STKERR\n");
+env->v7m.cfsr[M_REG_NS] |= R_V7M_CFSR_STKERR_MASK;
+exc = ARMV7M_EXCP_BUS;
+exc_secure = false;
+goto pend_fault;
+}
+return true;
+
+pend_fault:
+/* By pending the exception at this point we are making
+ * the IMPDEF choice "overridden exceptions pended" (see the
+ * MergeExcInfo() pseudocode). The other choice would be to not
+ * pend them now and then make a choice about which to throw away
+ * later if we have two derived exceptions.
+ * The only case when we must not pend the exception but instead
+ * throw it away is if we are doing the push of the callee registers
+ * and we've already generated a derived exception. Even in this
+ * case we will still update the fault status registers.
+ */
+if (!ignfault) {
+armv7m_nvic_set_pending_derived(env->nvic, exc, exc_secure);
+}
+return false;
 }
 
 /* Return true if we're using the process stack pointer (not the MSP) */
@@ -6562,26 +6616,43 @@ static bool v7m_push_stack(ARMCPU *cpu)
  * should ignore further stack faults trying to process
  * that derived exception.)
  */
+bool stacked_ok;
 CPUARMState *env = &cpu->env;
 uint32_t xpsr = xpsr_read(env);
+uint32_t frameptr = env->regs[13];
+ARMMMUIdx mmu_idx = core_to_arm_mmu_idx(env, cpu_mmu_index(env, false));
 
 /* Align stack pointer if the guest wants that */
-if ((env->regs[13] & 4) &&
+if ((frameptr & 4) &&
 (env->v7m.ccr[env->v7m.secure] & R_V7M_CCR_STKALIGN_MASK)) {
-env->regs[13] -= 4;
+frameptr -= 4;
 xpsr |= XPSR_SPREALIGN;
 }
-/* Switch to the handler mode.  */
-v7m_push(env, xpsr);
-v7m_push(env, env->regs[15]);
-v7m_push(env, env->regs[14]);
-v7m_push(env, env->regs[12]);
-v7m_push(env, env->regs[3]);
-v7m_push(env, env->regs[2]);
-v7m_push(env, env->regs[1]);
-v7m_push(env, env->regs[0]);
 
-return false;
+frameptr -= 0x20;
+
+/* Write as much of the stack frame as we can. If we fail a stack
+ * write this will result in a derived exception being pended
+ * (which may be taken in preference to the one we started with
+ * if it has higher priority).
+ */
+stacked_ok =
+v7m_stack_write(cpu, frameptr, env->regs[0], mmu_idx, false) &&
+v7m_stack_write(cpu, frameptr + 4, env->regs[1], mmu_idx, false) &&
+v7m_stack_write(cpu, frameptr + 8, env->regs[2], mmu_idx, false) &&
+v7m_stack_write(cpu, frameptr + 

[Qemu-devel] [PATCH] qcow2: Replace align_offset() with ROUND_UP()

[Alberto Garcia]

The align_offset() function is equivalent to the ROUND_UP() macro so
there's no need to use the former. The ROUND_UP() name is also a bit
more explicit.

This patch uses ROUND_UP() instead of the slower QEMU_ALIGN_UP()
because align_offset() already requires that the second parameter is a
power of two.

Signed-off-by: Alberto Garcia 
---
 block/qcow2-bitmap.c   |  2 +-
 block/qcow2-cluster.c  |  4 ++--
 block/qcow2-refcount.c |  4 ++--
 block/qcow2-snapshot.c | 10 +-
 block/qcow2.c  | 12 ++--
 block/qcow2.h  |  6 --
 6 files changed, 16 insertions(+), 22 deletions(-)

diff --git a/block/qcow2-bitmap.c b/block/qcow2-bitmap.c
index efa10c6663..1cf99ca51e 100644
--- a/block/qcow2-bitmap.c
+++ b/block/qcow2-bitmap.c
@@ -413,7 +413,7 @@ static inline void 
bitmap_dir_entry_to_be(Qcow2BitmapDirEntry *entry)
 
 static inline int calc_dir_entry_size(size_t name_size, size_t extra_data_size)
 {
-return align_offset(sizeof(Qcow2BitmapDirEntry) +
+return ROUND_UP(sizeof(Qcow2BitmapDirEntry) +
 name_size + extra_data_size, 8);
 }
 
diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
index a3fec27bf9..29d70e1f3e 100644
--- a/block/qcow2-cluster.c
+++ b/block/qcow2-cluster.c
@@ -127,11 +127,11 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t 
min_size,
 
 new_l1_size2 = sizeof(uint64_t) * new_l1_size;
 new_l1_table = qemu_try_blockalign(bs->file->bs,
-   align_offset(new_l1_size2, 512));
+   ROUND_UP(new_l1_size2, 512));
 if (new_l1_table == NULL) {
 return -ENOMEM;
 }
-memset(new_l1_table, 0, align_offset(new_l1_size2, 512));
+memset(new_l1_table, 0, ROUND_UP(new_l1_size2, 512));
 
 if (s->l1_size) {
 memcpy(new_l1_table, s->l1_table, s->l1_size * sizeof(uint64_t));
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 92701ab7af..1d520615a8 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -1202,7 +1202,7 @@ int qcow2_update_snapshot_refcount(BlockDriverState *bs,
  * l1_table_offset when it is the current s->l1_table_offset! Be careful
  * when changing this! */
 if (l1_table_offset != s->l1_table_offset) {
-l1_table = g_try_malloc0(align_offset(l1_size2, 512));
+l1_table = g_try_malloc0(ROUND_UP(l1_size2, 512));
 if (l1_size2 && l1_table == NULL) {
 ret = -ENOMEM;
 goto fail;
@@ -2545,7 +2545,7 @@ int qcow2_check_metadata_overlap(BlockDriverState *bs, 
int ign, int64_t offset,
 }
 
 /* align range to test to cluster boundaries */
-size = align_offset(offset_into_cluster(s, offset) + size, 
s->cluster_size);
+size = ROUND_UP(offset_into_cluster(s, offset) + size, s->cluster_size);
 offset = start_of_cluster(s, offset);
 
 if ((chk & QCOW2_OL_ACTIVE_L1) && s->l1_size) {
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 44243e0e95..cee25f582b 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -66,7 +66,7 @@ int qcow2_read_snapshots(BlockDriverState *bs)
 
 for(i = 0; i < s->nb_snapshots; i++) {
 /* Read statically sized part of the snapshot header */
-offset = align_offset(offset, 8);
+offset = ROUND_UP(offset, 8);
 ret = bdrv_pread(bs->file, offset, &h, sizeof(h));
 if (ret < 0) {
 goto fail;
@@ -155,7 +155,7 @@ static int qcow2_write_snapshots(BlockDriverState *bs)
 offset = 0;
 for(i = 0; i < s->nb_snapshots; i++) {
 sn = s->snapshots + i;
-offset = align_offset(offset, 8);
+offset = ROUND_UP(offset, 8);
 offset += sizeof(h);
 offset += sizeof(extra);
 offset += strlen(sn->id_str);
@@ -215,7 +215,7 @@ static int qcow2_write_snapshots(BlockDriverState *bs)
 assert(id_str_size <= UINT16_MAX && name_size <= UINT16_MAX);
 h.id_str_size = cpu_to_be16(id_str_size);
 h.name_size = cpu_to_be16(name_size);
-offset = align_offset(offset, 8);
+offset = ROUND_UP(offset, 8);
 
 ret = bdrv_pwrite(bs->file, offset, &h, sizeof(h));
 if (ret < 0) {
@@ -441,7 +441,7 @@ int qcow2_snapshot_create(BlockDriverState *bs, 
QEMUSnapshotInfo *sn_info)
 /* The VM state isn't needed any more in the active L1 table; in fact, it
  * hurts by causing expensive COW for the next snapshot. */
 qcow2_cluster_discard(bs, qcow2_vm_state_offset(s),
-  align_offset(sn->vm_state_size, s->cluster_size),
+  ROUND_UP(sn->vm_state_size, s->cluster_size),
   QCOW2_DISCARD_NEVER, false);
 
 #ifdef DEBUG_ALLOC
@@ -710,7 +710,7 @@ int qcow2_snapshot_load_tmp(BlockDriverState *bs,
 }
 new_l1_bytes = sn->l1_size * sizeof(uint64_t);
 new_l1_table = qemu_try_blockalign(bs->file->bs,
-   align_offset(new_l1_bytes, 512));
+ 

Re: [Qemu-devel] [PATCH] linux-user/signal.c: Rename MC_* defines

[Peter Maydell]

On 30 January 2018 at 13:17, Peter Maydell  wrote:
> The SPARC code in linux-user/signal.c defines a set of
> MC_* constants. On some SPARC hosts these are also defined
> by sys/ucontext.h, resulting in build failures:
>
> linux-user/signal.c:2786:0: error: "MC_NGREG" redefined [-Werror]
>  #define MC_NGREG 19
>
> In file included from /usr/include/signal.h:302:0,
>  from include/qemu/osdep.h:86,
>  from linux-user/signal.c:19:
> /usr/include/sparc64-linux-gnu/sys/ucontext.h:59:0: note: this is the 
> location of the previous definition
>  # define MC_NGREG __MC_NGREG
>
> Rename all these constants to SPARC_MC_* to avoid the clash.
>
> Signed-off-by: Peter Maydell 
> ---
> This has just started causing failures on the SPARC build
> box I use for merge tests (presumably due to a system
> header update), so I'm planning to apply this to master as
> a buildfix.

Now applied, thanks. I threw in a cc of qemu-stable too,
since otherwise stable point releases won't build on these hosts.

-- PMM

Re: [Qemu-devel] [RFC 0/2] Use SDL to create an OpenGL ES context for virglrenderer.

[Gerd Hoffmann]

  Hi,

> > Well, display configuration is going to be rewritten, and while that is
> > in flight adding new config options isn't a good idea b/c things will
> > conflict ...
> I'm wondering how extensive this rewrite is going to be. Did you plan to 
> modify the qemu interface?
> If someone already start working on this task, can you send me the link to 
> the repository?
> I will be happy to help if needed.

https://www.kraxel.org/cgit/qemu/log/?h=sirius/display-cmdline

> > Beside that:  Is a new config option actually needed in the first place?
> > 
> > Ideally qemu (or sdl) would figure on its own that a full core context
> > isn't available and try fallback to gles then.
> I'm fine with this idea.
> However, I think we still need to add a way to the user to choose the backend 
> he want.

Changing gl from bool to multiple choice looks more useful to me then,
i.e. have "gl={on,core,gles,off}", where "on" automatically picks "core"
or "gles" depending on what is available.

What is the status of the virglrenderer patches btw?

cheers,
  Gerd

Re: [Qemu-devel] [PATCH 01/18] Clean up includes

[Eric Blake]

On 01/30/2018 04:21 AM, Markus Armbruster wrote:
> Clean up includes so that osdep.h is included first and headers
> which it implies are not included manually.
> 
> This commit was created with scripts/clean-includes, with the change
> to target/s390x/gen-features.c manually reverted, and blank lines
> around deletions collapsed.
> 
> Signed-off-by: Markus Armbruster 
> ---
>  block/parallels.h |  1 -
>  hw/block/vhost-user-blk.c |  1 -
>  hw/ide/sii3112.c  |  1 +

Modulo the bogus change here,

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 0/3] Sanitizers configuration

[Marc-André Lureau]

ping

On Tue, Jan 16, 2018 at 4:11 PM, Marc-André Lureau
 wrote:
> Hi,
>
> This is a few reworked patches from "[PATCH v3 00/18] Various
> build-sys and sanitizer related fixes" series.
>
> It enables sanitizers by default with --enable-debug. But sanitizers
> can be also enabled/disabled independently with a configure option.
>
> If ASAN is detected but coroutine annotations are not available, then
> a simple message is printed during configure.
>
> Marc-André Lureau (3):
>   exynos4210: workaround UBSAN compilation error
>   build-sys: add --enable-sanitizers
>   ucontext: annotate coroutine stack for ASAN
>
>  include/qemu/compiler.h  |  4 +++
>  hw/display/exynos4210_fimd.c |  2 +-
>  util/coroutine-ucontext.c| 48 
>  .travis.yml  |  3 +-
>  configure| 65 
> 
>  5 files changed, 120 insertions(+), 2 deletions(-)
>
> --
> 2.16.0.rc1.1.gef27df75a1
>
>



-- 
Marc-André Lureau

Re: [Qemu-devel] [PATCH] hw/audio/sb16.c: Convert file to new logging API

[Programmingkid]

> On Jan 30, 2018, at 4:41 AM, Gerd Hoffmann  wrote:
> 
>> @@ -148,15 +142,16 @@ static int irq_of_magic (int magic)
>> #if 0
>> static void log_dsp (SB16State *dsp)
>> {
>> -ldebug ("%s:%s:%d:%s:dmasize=%d:freq=%d:const=%d:speaker=%d\n",
>> -dsp->fmt_stereo ? "Stereo" : "Mono",
>> -dsp->fmt_signed ? "Signed" : "Unsigned",
>> -dsp->fmt_bits,
>> -dsp->dma_auto ? "Auto" : "Single",
>> -dsp->block_size,
>> -dsp->freq,
>> -dsp->time_const,
>> -dsp->speaker);
>> +qemu_log_mask(LOG_UNIMP, "%s:%s:%d:%s:dmasize=%d:freq=%d:const=%d:"
>> +  "speaker=%d\n",
>> +  dsp->fmt_stereo ? "Stereo" : "Mono",
>> +  dsp->fmt_signed ? "Signed" : "Unsigned",
>> +  dsp->fmt_bits,
>> +  dsp->dma_auto ? "Auto" : "Single",
>> +  dsp->block_size,
>> +  dsp->freq,
>> +  dsp->time_const,
>> +  dsp->speaker);
>> }
>> #endif
> 
> Hmm, dead code.  Any places which call log_dsp() ?

There are several places but they are all dead code. Do you want this removed?

> 
>> case 0x42:  /* FT2 sets output freq with this, go figure 
>> */
>> #if 0
>> -dolog ("cmd 0x42 might not do what it think it should\n");
>> +qemu_log_mask(LOG_UNIMP, "cmd 0x42 might not do what it think 
>> it"
>> +  " should\n");
>> #endif
> 
> More dead code.

Would you like this enabled or removed?

> 
>> case 0xe2:
>> #ifdef DEBUG
>> d0 = dsp_get_data (s);
>> -dolog ("E2 = %#x\n", d0);
>> +qemu_log_mask(LOG_UNIMP, "E2 = %#x\n", d0);
>> #endif
> 
> Conditional code.  Enable this unconditionally, now that we can switch
> the logging at runtime?
> 
>> #ifndef DEBUG_SB16_MOST
>> if (s->mixer_nreg != 0x82) {
>> -ldebug ("mixer_read[%#x] -> %#x\n",
>> -s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
>> +qemu_log_mask(LOG_UNIMP, "mixer_read[%#x] -> %#x\n", s->mixer_nreg,
>> +  s->mixer_regs[s->mixer_nreg]);
>> }
>> #else
>> -ldebug ("mixer_read[%#x] -> %#x\n",
>> -s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
>> +qemu_log_mask(LOG_UNIMP, "mixer_read[%#x] -> %#x\n",
>> +  s->mixer_nreg, s->mixer_regs[s->mixer_nreg]);
>> #endif
> 
> Same question here.

You want all of this enabled?

> 
>> #ifdef DEBUG_SB16_MOST
>> -dolog ("pos:%06d %d till:%d len:%d\n",
>> -   dma_pos, free, till, dma_len);
>> +qemu_log_mask(LOG_UNIMP, "pos:%06d %d till:%d len:%d\n", dma_pos, free,
>> +  till, dma_len);
>> #endif
> 
> And here.
> 
>> #ifdef DEBUG_SB16_MOST
>> -ldebug ("pos %5d free %5d size %5d till % 5d copy %5d written %5d size 
>> %5d\n",
>> -dma_pos, free, dma_len, s->left_till_irq, copy, written,
>> -s->block_size);
>> +qemu_log_mask(LOG_UNIMP, "pos %5d free %5d size %5d till % 5d copy %5d"
>> +  " written %5d size %5d\n", dma_pos, free, dma_len,
>> +  s->left_till_irq, copy, written, s->block_size);
>> #endif
> 
> Again.
> 
> cheers,
>  Gerd

Thank you. 

Re: [Qemu-devel] [PULL 0/3] Tracing patches

[Stefan Hajnoczi]

On Mon, Jan 29, 2018 at 08:14:46AM -0800, no-re...@patchew.org wrote:
> === OUTPUT BEGIN ===
> Checking PATCH 1/3: tracetool: prefix parse errors with line numbers...
> Checking PATCH 2/3: tracetool: clarify that "formats" means "format 
> strings"...
> ERROR: line over 90 characters
> #39: FILE: scripts/tracetool/__init__.py:240:
> +raise ValueError("Only events with 'tcg' property can have two 
> format strings")
> 
> WARNING: line over 80 characters
> #42: FILE: scripts/tracetool/__init__.py:242:
> +raise ValueError("Events with 'tcg' property must have two 
> format strings")
> 
> total: 1 errors, 1 warnings, 27 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> Checking PATCH 3/3: tracetool: report error on foo() instead of foo(void)...
> WARNING: line over 80 characters
> #26: FILE: scripts/tracetool/__init__.py:79:
> +raise ValueError("Empty argument (did you forget to use 
> 'void'?)")
> 
> total: 0 errors, 1 warnings, 8 lines checked
> 
> Your patch has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> === OUTPUT END ===

For the record, I didn't wrap these error messages so that grep(1)
works.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH] tests/virtio-9p: explicitely handle potential integer overflows

[Stefan Hajnoczi]

On Tue, Jan 30, 2018 at 09:32:48AM +0100, Greg Kurz wrote:
> Signed-off-by: Greg Kurz 
> ---
>  tests/virtio-9p-test.c |   31 +--
>  1 file changed, 21 insertions(+), 10 deletions(-)
> 
> This is based on SHA1 2eab02aa260ac5405e1e51c9cc1b4c3aa23fc45a from my
> 9p-next branch:
> 
> https://github.com/gkurz/qemu/commits/9p-next

Reviewed-by: Stefan Hajnoczi 


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v6 2/2] qemu-img: Document --force-share / -U

[Stefan Hajnoczi]

On Tue, Jan 30, 2018 at 02:34:33PM +0800, Fam Zheng wrote:
> Signed-off-by: Fam Zheng 
> Signed-off-by: Kevin Wolf 
> ---
>  qemu-img.texi | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/qemu-img.texi b/qemu-img.texi
> index 60a0e080c6..ec7e2f5d1e 100644
> --- a/qemu-img.texi
> +++ b/qemu-img.texi
> @@ -86,6 +86,13 @@ exclusive with the @var{-O} parameters. It is currently 
> required to also use
>  the @var{-n} parameter to skip image creation. This restriction may be 
> relaxed
>  in a future release.
>  
> +@item --force-share (-U)
> +If specified, @code{qemu-img} will open the image in shared mode, allowing
> +concurrent writers.

This wording confuses me.  It makes me think of multiple processes
writing to the image at the same time...

> This option is only allowed when opening images in read-only mode.

...but later it turns out "concurrent writers" means there can be at
most 1 writing process and multiple reading processes.

How about merging the two statements?

"If specified, allows @code{qemu-img} to open the image in read-only
mode even if another process already has it open for writing."


signature.asc
Description: PGP signature

Re: [Qemu-devel] [Qemu-block] [PATCH] virtio-blk: check for NULL BlockDriverState

[Stefan Hajnoczi]

On Mon, Jan 29, 2018 at 04:41:07PM +0100, Kevin Wolf wrote:
> Am 24.01.2018 um 12:31 hat Stefan Hajnoczi geschrieben:
> > On Mon, Jan 22, 2018 at 09:01:49AM -0600, Mark Kanda wrote:
> > > Add a BlockDriverState NULL check to virtio_blk_handle_request()
> > > to prevent a segfault if the drive is forcibly removed using HMP
> > > 'drive_del' (without performing a hotplug 'device_del' first).
> > > 
> > > Signed-off-by: Mark Kanda 
> > > Reviewed-by: Karl Heubaum 
> > > Reviewed-by: Ameya More 
> > > ---
> > >  hw/block/virtio-blk.c | 7 +++
> > >  1 file changed, 7 insertions(+)
> > > 
> > > diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
> > > index b1532e4..76ddbbf 100644
> > > --- a/hw/block/virtio-blk.c
> > > +++ b/hw/block/virtio-blk.c
> > > @@ -507,6 +507,13 @@ static int virtio_blk_handle_request(VirtIOBlockReq 
> > > *req, MultiReqBuffer *mrb)
> > >  return -1;
> > >  }
> > >  
> > > +/* If the drive was forcibly removed (e.g. HMP 'drive_del'), the 
> > > block
> > > + * driver state may be NULL and there is nothing left to do. */
> > > +if (!blk_bs(req->dev->blk)) {
> > 
> > Adding Markus Armbruster to check my understanding of drive_del:
> > 
> > 1. If id is a node name (e.g. created via blockdev-add) then attempting
> >to remove the root node produces the "Node %s is in use" error.  In
> >that case this patch isn't needed.
> > 
> > 2. If id is a BlockBackend (e.g. created via -drive) then removing the
> >root node is allowed.  The BlockBackend stays in place but blk->root
> >becomes NULL, hence this patch is needed.
> > 
> > Markus: What are the valid use cases for #2?  If blk->bs becomes NULL I
> > would think a lot more code beyond virtio-blk can segfault.
> 
> blk->root = NULL is completely normal, it is what happens with removable
> media when the drive is empty.
> 
> The problem, which was first reported during the 2.10 RC phase and was
> worked around in IDE code then, is that Paolo's commit 99723548561 added
> unconditional bdrv_inc/dec_in_flight() calls. I am pretty sure that any
> segfaults that Mark is seeing have the same cause.
> 
> We do need an in-flight counter even for those requests so that
> blk_drain() works correctly, so just making the calls condition wouldn't
> be right. However, this needs to become a separate counter in
> BlockBackend, and the drain functions must be changed to make use of it.
> 
> I did post rough patches back then, but they weren't quite ready, and
> since then they have fallen through the cracks.

Will you send a new version of that patch series?

Stefan


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH] vl: pause vcpus before stopping iothreads

[Stefan Hajnoczi]

Commit dce8921b2baaf95974af8176406881872067adfa ("iothread: Stop threads
before main() quits") introduced iothread_stop_all() to avoid the
following virtio-scsi assertion failure:

  assert(blk_get_aio_context(d->conf.blk) == s->ctx);

Back then the assertion failed because when bdrv_close_all() made
d->conf.blk NULL, blk_get_aio_context() returned the global AioContext
instead of s->ctx.

The same assertion can still fail today when vcpus submit new I/O
requests after iothread_stop_all() has moved the BDS to the global
AioContext.

This patch hardens the iothread_stop_all() approach by pausing vcpus
before calling iothread_stop_all().

Note that the assertion failure is a race condition.  It is not possible
to reproduce it reliably.

Signed-off-by: Stefan Hajnoczi 
---
 vl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vl.c b/vl.c
index e517a8d995..011f22ae20 100644
--- a/vl.c
+++ b/vl.c
@@ -4765,10 +4765,10 @@ int main(int argc, char **argv, char **envp)
 os_setup_post();
 
 main_loop();
+
 replay_disable_events();
+pause_all_vcpus();
 iothread_stop_all();
-
-pause_all_vcpus();
 bdrv_close_all();
 res_free();
 
-- 
2.14.3

Re: [Qemu-devel] [PATCH v2 1/1] Fix configure for s390 qemu on alpine and other busybox environments

[Eric Blake]

On 01/30/2018 07:38 AM, Christian Borntraeger wrote:
> From: Alice Frosi 
> 
> In alpine docker image the qemu-system-s390x build is broken and
> it throws this error:
> qemu-system-s390x: Initialization of device s390-ipl failed: could not
> load bootloader 's390-ccw.img'
> 
> The grep command of busybox uses regex. This fails on binary data
> (e.g. stops on every \0), so it does not identify the string
> BiGeNdIaN in the test case big/little. Therefore, it assumes
> that the architecture is little endian.
> 
> This fix solves the grep problem by printing the content of
> TMPO with strings
> 
> Signed-off-by: Alice Frosi 
> Signed-off-by: Christian Borntraeger 
> [some changes to patch description, add -a option to strings]
> ---
> v1->v2:
> - Fix email address of Alice
> - Fix patch prefix

Oh, that reminds me I still have an old patch to qobject_from_jsonf that
probed $TMPO using strings [1].  It does look like 'strings -a' is
portable, so I'll have to update my patch when I dig it back out of storage.

[1] https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg07963.html

> +++ b/configure
> @@ -1906,9 +1906,9 @@ int main(int argc, char *argv[]) {
>  EOF
>  
>  if compile_object ; then
> -if grep -q BiGeNdIaN $TMPO ; then
> +if strings -a $TMPO | grep -q BiGeNdIaN ; then
>  bigendian="yes"
> -elif grep -q LiTtLeEnDiAn $TMPO ; then
> +elif strings -a $TMPO | grep -q LiTtLeEnDiAn ; then

Yes, this is indeed a more portable way to grep binary files (it's also
possible to do:

tr -d '\0' < $TMPO | grep -q ...

if we're worried about the availability of strings, but I don't see that
being a problem if no one reports it actually failing).

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 02/18] Drop superfluous includes of qapi-types.h

[Eric Blake]

On 01/30/2018 04:21 AM, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster 
> ---

> +++ b/tests/test-clone-visitor.c
> @@ -11,7 +11,6 @@
>  
>  #include "qemu-common.h"
>  #include "qapi/clone-visitor.h"
> -#include "test-qapi-types.h"

Overactive sed pattern?  This is a different header.  While the tests
still pass after deleting this include, removal of the test-qapi-types.h
line here and in other tests/ files should be a separate patch, or else
the commit message updated to mention it.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [Qemu-block] [PATCH] virtio-blk: check for NULL BlockDriverState

[Kevin Wolf]

Am 30.01.2018 um 13:38 hat Stefan Hajnoczi geschrieben:
> On Mon, Jan 29, 2018 at 04:41:07PM +0100, Kevin Wolf wrote:
> > Am 24.01.2018 um 12:31 hat Stefan Hajnoczi geschrieben:
> > > On Mon, Jan 22, 2018 at 09:01:49AM -0600, Mark Kanda wrote:
> > > > Add a BlockDriverState NULL check to virtio_blk_handle_request()
> > > > to prevent a segfault if the drive is forcibly removed using HMP
> > > > 'drive_del' (without performing a hotplug 'device_del' first).
> > > > 
> > > > Signed-off-by: Mark Kanda 
> > > > Reviewed-by: Karl Heubaum 
> > > > Reviewed-by: Ameya More 
> > > > ---
> > > >  hw/block/virtio-blk.c | 7 +++
> > > >  1 file changed, 7 insertions(+)
> > > > 
> > > > diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
> > > > index b1532e4..76ddbbf 100644
> > > > --- a/hw/block/virtio-blk.c
> > > > +++ b/hw/block/virtio-blk.c
> > > > @@ -507,6 +507,13 @@ static int 
> > > > virtio_blk_handle_request(VirtIOBlockReq *req, MultiReqBuffer *mrb)
> > > >  return -1;
> > > >  }
> > > >  
> > > > +/* If the drive was forcibly removed (e.g. HMP 'drive_del'), the 
> > > > block
> > > > + * driver state may be NULL and there is nothing left to do. */
> > > > +if (!blk_bs(req->dev->blk)) {
> > > 
> > > Adding Markus Armbruster to check my understanding of drive_del:
> > > 
> > > 1. If id is a node name (e.g. created via blockdev-add) then attempting
> > >to remove the root node produces the "Node %s is in use" error.  In
> > >that case this patch isn't needed.
> > > 
> > > 2. If id is a BlockBackend (e.g. created via -drive) then removing the
> > >root node is allowed.  The BlockBackend stays in place but blk->root
> > >becomes NULL, hence this patch is needed.
> > > 
> > > Markus: What are the valid use cases for #2?  If blk->bs becomes NULL I
> > > would think a lot more code beyond virtio-blk can segfault.
> > 
> > blk->root = NULL is completely normal, it is what happens with removable
> > media when the drive is empty.
> > 
> > The problem, which was first reported during the 2.10 RC phase and was
> > worked around in IDE code then, is that Paolo's commit 99723548561 added
> > unconditional bdrv_inc/dec_in_flight() calls. I am pretty sure that any
> > segfaults that Mark is seeing have the same cause.
> > 
> > We do need an in-flight counter even for those requests so that
> > blk_drain() works correctly, so just making the calls condition wouldn't
> > be right. However, this needs to become a separate counter in
> > BlockBackend, and the drain functions must be changed to make use of it.
> > 
> > I did post rough patches back then, but they weren't quite ready, and
> > since then they have fallen through the cracks.
> 
> Will you send a new version of that patch series?

I would like to continue my work on the drain functions (which this
would be a part of) sooner or later, but the work to enable libvirt to
use blockdev-add is at a higher priority at the moment.

So if you can wait, I'll get to it eventually. If not, feel free to pick
up the patches.

Kevin


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v7 1/9] mirror: inherit supported write/zero flags

[Eric Blake]

On 01/30/2018 06:15 AM, Anton Nefedov wrote:

 @@ -1064,6 +1064,11 @@ static void
 bdrv_mirror_top_refresh_filename(BlockDriverState *bs, QDict *opts)
   bdrv_refresh_filename(bs->backing->bs);
   pstrcpy(bs->exact_filename, sizeof(bs->exact_filename),
   bs->backing->bs->filename);
 +    bs->supported_write_flags = BDRV_REQ_FUA &
 +    bs->backing->bs->supported_write_flags;

>>> Fundamentally OK, but why is this in *_refresh_filename()?
>>
>> Indeed, I missed that (or maybe it got moved during a botched rebase?).
>> For comparison, blkdebug sets it during blkdebug_open(), and nbd sets it
>> during nbd_client_init() (called during nbd_open()).
>>
> 
> We need a backing bs here and I believe it's not generally set at the
> time of .bdrv_open()

Then is mirror_start_job() a better location, right after we call
bdrv_new_open_driver()?  (Maybe this just goes to show I haven't fully
traced the lifecycle of the mirror driver, and it may all be changing
anyways as we try to fix the BDS graph modifications related with mirrors).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] qcow2: Replace align_offset() with ROUND_UP()

[Eric Blake]

On 01/30/2018 09:04 AM, Alberto Garcia wrote:
> The align_offset() function is equivalent to the ROUND_UP() macro so
> there's no need to use the former. The ROUND_UP() name is also a bit
> more explicit.
> 
> This patch uses ROUND_UP() instead of the slower QEMU_ALIGN_UP()
> because align_offset() already requires that the second parameter is a
> power of two.

(Presumably, for the cases where the second argument is a compile-time
constant, the compiler emits the same code for either macro - but I
agree that QEMU_ALIGN_UP can be slower where the compiler can't see it
is a power of 2)

> 
> Signed-off-by: Alberto Garcia 
> ---
> +++ b/block/qcow2-bitmap.c
> @@ -413,7 +413,7 @@ static inline void 
> bitmap_dir_entry_to_be(Qcow2BitmapDirEntry *entry)
>  
>  static inline int calc_dir_entry_size(size_t name_size, size_t 
> extra_data_size)
>  {
> -return align_offset(sizeof(Qcow2BitmapDirEntry) +
> +return ROUND_UP(sizeof(Qcow2BitmapDirEntry) +
>  name_size + extra_data_size, 8);

Indentation alignment is now off.


> +++ b/block/qcow2.c

> @@ -3681,7 +3681,7 @@ static BlockMeasureInfo *qcow2_measure(QemuOpts *opts, 
> BlockDriverState *in_bs,
>  has_backing_file = !!optstr;
>  g_free(optstr);
>  
> -virtual_size = align_offset(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 
> 0),
> +virtual_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
>  cluster_size);

and again.

With the whitespace fixed,
Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] qcow2: Replace align_offset() with ROUND_UP()

[Alberto Garcia]

On Tue 30 Jan 2018 05:03:16 PM CET, Eric Blake wrote:

>> -virtual_size = align_offset(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 
>> 0),
>> +virtual_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
>>  cluster_size);

I just realized that the first parameter here is a function call with
side effects, it it safe to use ROUND_UP() in this case?

#define ROUND_UP(n, d) (((n) + (d) - 1) & -(0 ? (n) : (d)))

Berto

Re: [Qemu-devel] [PATCH 03/18] Include qapi/error.h exactly where needed

[Eric Blake]

On 01/30/2018 04:21 AM, Markus Armbruster wrote:
> This cleanup makes the number of objects depending on qapi/error.h
> drop from 1910 (out of 4739) to 1612 in my "build everything" tree.
> 
> Signed-off-by: Markus Armbruster 
> ---
>  arch_init.c | 1 +
>  audio/wavcapture.c  | 1 +
>  balloon.c   | 1 +
>  block.c | 2 ++
>  block/block-backend.c   | 1 +
>  block/iscsi.c   | 1 +
>  block/qapi.c| 1 +

So several .c files have to use it explicitly,

>  fsdev/qemu-fsdev-throttle.h | 1 -

>  include/crypto/random.h | 1 -
>  include/crypto/xts.h| 1 -
>  include/hw/ide/internal.h   | 1 -
>  include/ui/console.h| 1 -

because they were previously getting it from .h files that don't
directly emit an error.  Makes sense.

Patches like this are easy to test - if it still compiles, you did it
right ;)  Out of curiousity, how are you counting how many files got
compiled per run?  Touch the .h, then pass 'make' output to 'grep -c "^
CC "'?

But just to make sure nothing weird is happening, I also read through
it, and found:

> 
> diff --git a/arch_init.c b/arch_init.c
> index a0b8ed6167..0fb8093f92 100644
> --- a/arch_init.c
> +++ b/arch_init.c
> @@ -21,6 +21,7 @@
>   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>   * THE SOFTWARE.
>   */
> +
>  #include "qemu/osdep.h"
>  #include "qemu-common.h"
>  #include "cpu.h"

Spurious whitespace change.  Should this belong in 1/18, even though
arch_init.c didn't need cleanup there?  Or...

> +++ b/block.c
> @@ -21,6 +21,7 @@
>   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>   * THE SOFTWARE.
>   */
> +
>  #include "qemu/osdep.h"
>  #include "block/trace.h"
>  #include "block/block_int.h"

...since you did it again, do you need a separate patch for ALL of these
types of whitespace cleanups near osdep.h?

> +++ b/block/qcow2.c
> @@ -21,6 +21,7 @@
>   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>   * THE SOFTWARE.
>   */
> +
>  #include "qemu/osdep.h"
>  #include "block/block_int.h"
>  #include "sysemu/block-backend.h"

and again

> +++ b/chardev/char-ringbuf.c
> @@ -21,9 +21,11 @@
>   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
>   * THE SOFTWARE.
>   */
> +
>  #include "qemu/osdep.h"
>  #include "chardev/char.h"
>  #include "qmp-commands.h"
> +#include "qapi/error.h"
>  #include "qemu/base64.h"
>  
>  /* Ring buffer chardev */

Here, it's in the same hunk, so a bit more forgivable.  But there's
definitely enough of them that a separate commit might be in order.

At any rate, whether done as one patch (with a better commit message) or
as two, I see nothing semantically wrong with the cleanups done here, so

Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

[Qemu-devel] [Bug 1703506] Re: SMT not supported by QEMU on AMD Ryzen CPU

[Babu Moger]

Posted few patches to support this feature on AMD EPYC processors. Feel free to 
test and review.
1. Kernel kvm patch
   https://patchwork.kernel.org/patch/10190107/
2. qemu patches
   https://patchwork.kernel.org/project/qemu-devel/list/?submitter=178527
Thanks

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1703506

Title:
  SMT not supported by QEMU on AMD Ryzen CPU

Status in QEMU:
  New

Bug description:
  HyperThreading/SMT is supported by AMD Ryzen CPUs but results in this
  message when setting the topology to threads=2:

  qemu-system-x86_64: AMD CPU doesn't support hyperthreading. Please
  configure -smp options properly.

  Checking in a Windows 10 guest reveals that SMT is not enabled, and
  from what I understand, QEMU converts the topology from threads to
  cores internally on AMD CPUs. This appears to cause performance
  problems in the guest perhaps because programs are assuming that these
  threads are actual cores.

  Software: Linux 4.12, qemu 2.9.0 host with KVM enabled, Windows 10 pro
  guest

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1703506/+subscriptions

Re: [Qemu-devel] [PATCH] qcow2: Replace align_offset() with ROUND_UP()

[Eric Blake]

On 01/30/2018 10:08 AM, Alberto Garcia wrote:
> On Tue 30 Jan 2018 05:03:16 PM CET, Eric Blake wrote:
> 
>>> -virtual_size = align_offset(qemu_opt_get_size_del(opts, 
>>> BLOCK_OPT_SIZE, 0),
>>> +virtual_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
>>>  cluster_size);
> 
> I just realized that the first parameter here is a function call with
> side effects, it it safe to use ROUND_UP() in this case?
> 
> #define ROUND_UP(n, d) (((n) + (d) - 1) & -(0 ? (n) : (d)))

Oh, good catch.  No, we need a temporary variable to hold the result of
the function call (or we could rewrite ROUND_UP to have evaluate-once
semantics using gcc/clang extensions).

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH 04/18] Drop superfluous includes of qapi/qmp/qerror.h

[Eric Blake]

On 01/30/2018 04:21 AM, Markus Armbruster wrote:
> Signed-off-by: Markus Armbruster 
> ---
>  backends/tpm.c | 1 -
>  block/qcow.c   | 1 -
>  block/qed.c| 1 -
>  blockdev-nbd.c | 1 -
>  hw/s390x/s390-virtio-ccw.c | 1 -
>  net/colo-compare.c | 1 -
>  net/filter-mirror.c| 1 -
>  net/filter-rewriter.c  | 1 -
>  qapi/qmp-dispatch.c| 1 -
>  qemu-img.c | 1 -
>  ui/vnc.c   | 1 -
>  11 files changed, 11 deletions(-)
> 
> diff --git a/backends/tpm.c b/backends/tpm.c
Reviewed-by: Eric Blake 

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org



signature.asc
Description: OpenPGP digital signature

Re: [Qemu-devel] [PATCH] qcow2: Replace align_offset() with ROUND_UP()

[Alberto Garcia]

On Tue 30 Jan 2018 05:17:47 PM CET, Eric Blake wrote:
> On 01/30/2018 10:08 AM, Alberto Garcia wrote:
>> On Tue 30 Jan 2018 05:03:16 PM CET, Eric Blake wrote:
>> 
 -virtual_size = align_offset(qemu_opt_get_size_del(opts, 
 BLOCK_OPT_SIZE, 0),
 +virtual_size = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 
 0),
  cluster_size);
>> 
>> I just realized that the first parameter here is a function call with
>> side effects, it it safe to use ROUND_UP() in this case?
>> 
>> #define ROUND_UP(n, d) (((n) + (d) - 1) & -(0 ? (n) : (d)))
>
> Oh, good catch.  No, we need a temporary variable to hold the result
> of the function call

...which is what align_offset() was doing in the first place. I can
still modify that function to use the macro internally.

Berto

[Qemu-devel] [Bug 1703506] Re: SMT not supported by QEMU on AMD Ryzen CPU

[Babu Moger]

just to be clear.. The kernel kvm patch is rebased on linux-next. If you
are on older kernel then try this kernel patch.
https://patchwork.kernel.org/patch/10031775/  plus qemu patch.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1703506

Title:
  SMT not supported by QEMU on AMD Ryzen CPU

Status in QEMU:
  New

Bug description:
  HyperThreading/SMT is supported by AMD Ryzen CPUs but results in this
  message when setting the topology to threads=2:

  qemu-system-x86_64: AMD CPU doesn't support hyperthreading. Please
  configure -smp options properly.

  Checking in a Windows 10 guest reveals that SMT is not enabled, and
  from what I understand, QEMU converts the topology from threads to
  cores internally on AMD CPUs. This appears to cause performance
  problems in the guest perhaps because programs are assuming that these
  threads are actual cores.

  Software: Linux 4.12, qemu 2.9.0 host with KVM enabled, Windows 10 pro
  guest

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1703506/+subscriptions

Re: [Qemu-devel] [PATCH] iotests: Fix CID for VMDK afl image

[Kevin Wolf]

Am 30.01.2018 um 07:25 hat Fam Zheng geschrieben:
> This reverts commit 76bf133c4 which updated the reference output, and
> fixed the reference image, because the code path we want to exercise is
> actually the invalid image size.
> 
> The descriptor block in the image, which includes the CID to verify, has been
> invalid since the reference image was added. Since commit 9877860e7bd we 
> report
> this error earlier than the "file too large", so 059.out mismatches.
> 
> The binary change is generated along the operations of:
> 
>   $ bunzip2 afl9.vmdk.bz2
>   $ qemu-img create -f vmdk fix.vmdk 1G
>   $ dd if=afl9.vmdk.bz2 of=fix.vmdk bs=512 count=1 conv=notrunc
>   $ mv fix.vmdk afl9.vmdk
>   $ bzip2 afl9.vmdk
> 
> Signed-off-by: Fam Zheng 

Thanks, applied to the block branch.

Kevin

[Qemu-devel] proposed release schedule for QEMU 2.12

[Peter Maydell]

It seems like it's about time we settled on the dates for the
2.12 release. I've sketched in a suggestion at:
  https://wiki.qemu.org/Planning/2.12

which puts softfreeze on the 13th March, hardfreeze a
week later on the 20th, and final release on the 17th April.

(I basically just took last year's spring release
schedule; suggestions for adjustments welcome.
Easter is the weekend of the 1st April so will fall
between rc1 and rc2.)

thanks
-- PMM