Re: [Qemu-devel] [PATCH v1 27/30] elf: Add RISC-V PSABI ELF header defines

[Michael Clark]

On Wed, May 23, 2018 at 6:44 PM, Laurent Vivier  wrote:

> Le 23/05/2018 à 02:15, Michael Clark a écrit :
> > Refer to the RISC-V PSABI specification for details:
> >
> > - https://github.com/riscv/riscv-elf-psabi-doc/blob/master/riscv-elf.md
> >
> > Cc: Michael Tokarev 
> > Cc: Laurent Vivier 
> > Cc: Richard Henderson 
> > Cc: Alistair Francis 
> > Signed-off-by: Michael Clark 
> > ---
> >  include/elf.h | 8 
> >  1 file changed, 8 insertions(+)
> >
> > diff --git a/include/elf.h b/include/elf.h
> > index 934dbbd6b3ae..d363ba85a688 100644
> > --- a/include/elf.h
> > +++ b/include/elf.h
> > @@ -1285,6 +1285,14 @@ typedef struct {
> >  #define R_IA64_DTPREL64LSB   0xb7/* @dtprel(sym + add), data8 LSB */
> >  #define R_IA64_LTOFF_DTPREL220xba/* @ltoff(@dtprel(s+a)),
> imm22 */
> >
> > +/* RISC-V specific definitions.  */
> > +#define EF_RISCV_RVC 0x0001
> > +#define EF_RISCV_FLOAT_ABI_SINGLE 0x0002
> > +#define EF_RISCV_FLOAT_ABI_DOUBLE 0x0004
> > +#define EF_RISCV_FLOAT_ABI_QUAD (0x0006
>^
> Typo here -|
>

Thanks! My mistake.

The original patch had only EF_RISCV_RVE, which is the define we need for a
subsequent patch, however I decided to add the remaining flags from the
spec and indeed there was a paren in the spec.

I'll respin this as a separate patch.

[Qemu-devel] [PATCH v2] elf: Add RISC-V PSABI ELF header defines

[Michael Clark]

Refer to the RISC-V PSABI specification for details:

- https://github.com/riscv/riscv-elf-psabi-doc/blob/master/riscv-elf.md

Cc: Michael Tokarev 
Cc: Laurent Vivier 
Cc: Richard Henderson 
Cc: Alistair Francis 
Signed-off-by: Michael Clark 
---
 include/elf.h | 8 
 1 file changed, 8 insertions(+)

diff --git a/include/elf.h b/include/elf.h
index 934dbbd6b3ae..bd0493f43d19 100644
--- a/include/elf.h
+++ b/include/elf.h
@@ -1285,6 +1285,14 @@ typedef struct {
 #define R_IA64_DTPREL64LSB 0xb7/* @dtprel(sym + add), data8 LSB */
 #define R_IA64_LTOFF_DTPREL22  0xba/* @ltoff(@dtprel(s+a)), imm22 */
 
+/* RISC-V specific definitions.  */
+#define EF_RISCV_RVC 0x0001
+#define EF_RISCV_FLOAT_ABI_SINGLE 0x0002
+#define EF_RISCV_FLOAT_ABI_DOUBLE 0x0004
+#define EF_RISCV_FLOAT_ABI_QUAD 0x0006
+#define EF_RISCV_RVE 0x0008
+#define EF_RISCV_TSO 0x0010
+
 typedef struct elf32_rel {
   Elf32_Addr   r_offset;
   Elf32_Word   r_info;
-- 
2.7.0

Re: [Qemu-devel] [PATCH] nvme: Make nvme_init error handling code more readable

[Markus Armbruster]

Fam Zheng  writes:

> On Fri, 05/25 07:47, Markus Armbruster wrote:
>> Fam Zheng  writes:
>> 
>> > On Thu, 05/24 19:16, Paolo Bonzini wrote:
>> >> On 21/05/2018 08:35, Fam Zheng wrote:
>> >> > Coverity doesn't like the tests under fail label (report CID 1385847).
>> >> > Reset the fields so the clean up order is more apparent.
>> >> > 
>> >> > Signed-off-by: Fam Zheng 
>> >> > ---
>> >> >  block/nvme.c | 7 +++
>> >> >  1 file changed, 7 insertions(+)
>> >> > 
>> >> > diff --git a/block/nvme.c b/block/nvme.c
>> >> > index 6f71122bf5..8239b920c8 100644
>> >> > --- a/block/nvme.c
>> >> > +++ b/block/nvme.c
>> >> > @@ -560,6 +560,13 @@ static int nvme_init(BlockDriverState *bs, const 
>> >> > char *device, int namespace,
>> >> >  qemu_co_queue_init(&s->dma_flush_queue);
>> >> >  s->nsid = namespace;
>> >> >  s->aio_context = bdrv_get_aio_context(bs);
>> >> > +
>> >> > +/* Fields we've not touched should be zero-initialized by block 
>> >> > layer
>> >> > + * already, but reset them anyway to make the error handling code 
>> >> > easier to
>> >> > + * reason. */
>> >> > +s->regs = NULL;
>> >> > +s->vfio = NULL;
>> >> > +
>> >> >  ret = event_notifier_init(&s->irq_notifier, 0);
>> >> >  if (ret) {
>> >> >  error_setg(errp, "Failed to init event notifier");
>> >> > 
>> >> 
>> >> I think we should just mark it as a false positive or do something like
>> >> 
>> >> fail_regs:
>> >> qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, 
>> >> NVME_BAR_SIZE);
>> >> fail_vfio:
>> >> qemu_vfio_close(s->vfio);
>> >> fail:
>> >> g_free(s->queues);
>> >> event_notifier_cleanup(&s->irq_notifier);
>> >> return ret;
>> >> 
>> >> even though it's a larger patch.
>> >
>> > And that makes five labels in total, I'm not sure I like it:
>> >
>> > fail_handler:
>> > aio_set_event_notifier(bdrv_get_aio_context(bs), &s->irq_notifier,
>> >false, NULL, NULL);
>> > fail_queue:
>> > nvme_free_queue_pair(bs, s->queues[0]);
>> > fail_regs:
>> > qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, NVME_BAR_SIZE);
>> > fail_vfio:
>> > qemu_vfio_close(s->vfio);
>> > fail:
>> > g_free(s->queues);
>> > event_notifier_cleanup(&s->irq_notifier);
>> > return ret;
>> 
>> Doesn't look materially worse to me :)
>
> The labels themselves are not ugly or bad, but the goto statements above will 
> be
> harder to manage.

Slightly.  The difference between three and five feels smaller than say
the one between one and three.  Admittedly subjective.

>> With nice cleanup functions that detect "hasn't been set up" and do
>> nothing then, like free(NULL), you can use just one label.  Sadly,
>> cleanup functions are often not nice that way.
>
> nvme_free_queue_pair and qemu_vfio_close are cleanup functions and we can
> improve them, but to make qemu_vfio_pci_unmap_bar behave similarly is just 
> odd:
> it's not a clean up function, at least not for s->vfio.

The technique isn't "all or nothing".  Reducing the number of labels is
nice even when you can't reduce them to one.

Re: [Qemu-devel] [PATCH v2] elf: Add RISC-V PSABI ELF header defines

[Laurent Vivier]

Le 25/05/2018 à 09:22, Michael Clark a écrit :
> Refer to the RISC-V PSABI specification for details:
> 
> - https://github.com/riscv/riscv-elf-psabi-doc/blob/master/riscv-elf.md
> 
> Cc: Michael Tokarev 
> Cc: Laurent Vivier 
> Cc: Richard Henderson 
> Cc: Alistair Francis 
> Signed-off-by: Michael Clark 
> ---
>  include/elf.h | 8 
>  1 file changed, 8 insertions(+)
> 
> diff --git a/include/elf.h b/include/elf.h
> index 934dbbd6b3ae..bd0493f43d19 100644
> --- a/include/elf.h
> +++ b/include/elf.h
> @@ -1285,6 +1285,14 @@ typedef struct {
>  #define R_IA64_DTPREL64LSB   0xb7/* @dtprel(sym + add), data8 LSB */
>  #define R_IA64_LTOFF_DTPREL220xba/* @ltoff(@dtprel(s+a)), imm22 
> */
>  
> +/* RISC-V specific definitions.  */
> +#define EF_RISCV_RVC 0x0001
> +#define EF_RISCV_FLOAT_ABI_SINGLE 0x0002
> +#define EF_RISCV_FLOAT_ABI_DOUBLE 0x0004
> +#define EF_RISCV_FLOAT_ABI_QUAD 0x0006
> +#define EF_RISCV_RVE 0x0008
> +#define EF_RISCV_TSO 0x0010
> +
>  typedef struct elf32_rel {
>Elf32_Addr r_offset;
>Elf32_Word r_info;
> 

from glibc (and binutils), I have:

  /* RISC-V ELF Flags */
  #define EF_RISCV_RVC0x0001
  #define EF_RISCV_FLOAT_ABI  0x0006
  #define EF_RISCV_FLOAT_ABI_SOFT 0x
  #define EF_RISCV_FLOAT_ABI_SINGLE   0x0002
  #define EF_RISCV_FLOAT_ABI_DOUBLE   0x0004
  #define EF_RISCV_FLOAT_ABI_QUAD 0x0006

Perhaps you can also define EF_RISCV_FLOAT_ABI_SOFT and EF_RISCV_FLOAT_ABI?

Anyway:

Reviewed-by: Laurent Vivier 

Re: [Qemu-devel] [PATCH v2 21/40] job: Convert block_job_cancel_async() to Job

[Kevin Wolf]

Am 24.05.2018 um 19:42 hat John Snow geschrieben:
> 
> 
> On 05/24/2018 04:24 AM, Kevin Wolf wrote:
> > Am 24.05.2018 um 01:18 hat John Snow geschrieben:
> >>> diff --git a/include/qemu/job.h b/include/qemu/job.h
> >>> index 3e817beee9..2648c74281 100644
> >>> --- a/include/qemu/job.h
> >>> +++ b/include/qemu/job.h
> >>> @@ -97,6 +97,12 @@ typedef struct Job {
> >>>   */
> >>>  bool cancelled;
> >>>  
> >>> +/**
> >>> + * Set to true if the job should abort immediately without waiting
> >>> + * for data to be in sync.
> >>> + */
> >>> +bool force_cancel;
> >>> +
> >>
> >> Does this comment need an update now, though?
> >>
> >> Actually, in terms of "new jobs" API, it'd be really nice if cancel
> >> *always meant cancel*.
> >>
> >> I think "cancel" should never be used to mean "successful completion,
> >> but different from the one we'd get if we used job_complete."
> >>
> >> i.e., either we need a job setting:
> >>
> >> job-set completion-mode=[pivot|no-pivot]
> >>
> >> or optional parameters to pass to job-complete:
> >>
> >> job-complete mode=[understood-by-job-type]
> >>
> >> or some other mechanism that accomplishes the same type of behavior. It
> >> would be nice if it did not have to be determined at job creation time
> >> but instead could be determined later.
> > 
> > I agree. We already made sure that job-cancel really means cancel on the
> > QAPI level, so we're free to do that. We just need to keep supporting
> > block-job-cancel with the old semantics, so what I have is the easy
> > conversion. We can change the internal implementation when we actually
> > implement the selection of a completion mode.
> > 
> > Kevin
> > 
> 
> We need this before 3.0 though, yeah? unless we make job-cancel
> x-job-cancel or some other warning that the way it works might change, yeah?
> 
> Or do I misunderstand our leeway to change this at a later point in time?
> 
> (can job-cancel apply to block jobs created with the legacy
> infrastructure? My reading was "yes.")

It can, and it already has its final semantics, so nothing has to change
before 3.0. job-cancel is equivalent to block-job-cancel with fixed
force=true. If you want the complete-by-cancel behaviour of mirror, you
have to use block-job-cancel for now, because job-cancel doesn't provide
that functionality.

So what we can change later is adding a way to initiate this secondary
completion mode with a job-* command (probably with a new option for
job-complete). But we wouldn't change the semantics of exisiting
commands.

Kevin

Re: [Qemu-devel] [PATCH v2 31/40] job: Add job_is_ready()

[Kevin Wolf]

Am 24.05.2018 um 19:25 hat John Snow geschrieben:
> >>> diff --git a/job.c b/job.c
> >>> index af31de4669..66ee26f2a0 100644
> >>> --- a/job.c
> >>> +++ b/job.c
> >>> @@ -199,6 +199,28 @@ bool job_is_cancelled(Job *job)
> >>>  return job->cancelled;
> >>>  }
> >>>  
> >>> +bool job_is_ready(Job *job)
> >>> +{
> >>> +switch (job->status) {
> >>> +case JOB_STATUS_UNDEFINED:
> >>> +case JOB_STATUS_CREATED:
> >>> +case JOB_STATUS_RUNNING:
> >>> +case JOB_STATUS_PAUSED:
> >>> +case JOB_STATUS_WAITING:
> >>> +case JOB_STATUS_PENDING:
> >>> +case JOB_STATUS_ABORTING:
> >>> +case JOB_STATUS_CONCLUDED:
> >>> +case JOB_STATUS_NULL:
> >>> +return false;
> >>> +case JOB_STATUS_READY:
> >>> +case JOB_STATUS_STANDBY:
> >>> +return true;
> >>> +default:
> >>> +g_assert_not_reached();
> >>> +}
> >>> +return false;
> >>> +}
> >>> +
> >>
> >> What's the benefit to a switch statement with a default clause here,
> >> over the shorter:
> >>
> >> if (job->status == READY || job->status == STANDBY) {
> >>   return true;
> >> }
> >> return false;
> >>
> >> (Yes, I realize you already merged this code, but I'm still curious and
> >> I need to read the series anyway to see what's changed...)
> > 
> > That it's easy to copy and paste from job_is_completed()? :-P
> > 
> 
> Haha! Sure!
> 
> > I guess you could argue that the switch ensures that we don't forget to
> > explicitly handle every state if we ever add a new one, but the real
> > reason is more like, job_is_completed() was already there and I didn't
> > see a reason to do something different here.
> > 
> 
> I think the "default" case removes that benefit somewhat; it's nicer
> when the compiler yelps at you for forgetting. The cases that might
> cause an assertion could be harder to hit.

Good point. I'm not sure which compilers would actually warn here, while
asserting makes sure to crash some tests, but in this context I think we
could actually have both: All enum values that are handled return inside
the switch statement. So if we move the g_assert_not_reached() just
after the switch block, we should get both the compiler warning and the
crash.

Would you like to send a patch?

Kevin

[Qemu-devel] [PULL 10/13] linux-user: update ARCH_HAS_SOCKET_TYPES use

[Laurent Vivier]

to be like in the kernel and rename it TARGET_ARCH_HAS_SOCKET_TYPES

Signed-off-by: Laurent Vivier 
Reviewed-by: Peter Maydell 
Message-Id: <20180519092956.15134-7-laur...@vivier.eu>
---
 linux-user/alpha/sockbits.h | 36 +++---
 linux-user/hppa/sockbits.h  | 33 +++-
 linux-user/mips/sockbits.h  |  9 ---
 linux-user/socket.h | 62 +++--
 linux-user/sparc/sockbits.h | 36 --
 5 files changed, 44 insertions(+), 132 deletions(-)

diff --git a/linux-user/alpha/sockbits.h b/linux-user/alpha/sockbits.h
index 4db3e52b67..f5397dd875 100644
--- a/linux-user/alpha/sockbits.h
+++ b/linux-user/alpha/sockbits.h
@@ -75,39 +75,9 @@
 /* Instruct lower device to use last 4-bytes of skb data as FCS */
 #define TARGET_SO_NOFCS 43
 
-/** sock_type - Socket types
- *
- * Please notice that for binary compat reasons ALPHA has to
- * override the enum sock_type in include/linux/net.h, so
- * we define ARCH_HAS_SOCKET_TYPES here.
- *
- * @SOCK_DGRAM - datagram (conn.less) socket
- * @SOCK_STREAM - stream (connection) socket
- * @SOCK_RAW - raw socket
- * @SOCK_RDM - reliably-delivered message
- * @SOCK_SEQPACKET - sequential packet socket
- * @SOCK_DCCP - Datagram Congestion Control Protocol socket
- * @SOCK_PACKET - linux specific way of getting packets at the dev level.
- *For writing rarp and other similar things on the user
- *level.
- * @SOCK_CLOEXEC - sets the close-on-exec (FD_CLOEXEC) flag.
- * @SOCK_NONBLOCK - sets the O_NONBLOCK file status flag.
+/* TARGET_O_NONBLOCK clashes with the bits used for socket types.  Therefore we
+ * have to define SOCK_NONBLOCK to a different value here.
  */
+#define TARGET_SOCK_NONBLOCK   0x4000
 
-#define ARCH_HAS_SOCKET_TYPES  1
-
-enum sock_type {
-   TARGET_SOCK_STREAM  = 1,
-   TARGET_SOCK_DGRAM   = 2,
-   TARGET_SOCK_RAW = 3,
-   TARGET_SOCK_RDM = 4,
-   TARGET_SOCK_SEQPACKET   = 5,
-   TARGET_SOCK_DCCP= 6,
-   TARGET_SOCK_PACKET  = 10,
-   TARGET_SOCK_CLOEXEC = 01000,
-   TARGET_SOCK_NONBLOCK= 0100,
-};
-
-#define TARGET_SOCK_MAX (TARGET_SOCK_PACKET + 1)
-#define TARGET_SOCK_TYPE_MASK0xf  /* Covers up to TARGET_SOCK_MAX-1. */
 #endif
diff --git a/linux-user/hppa/sockbits.h b/linux-user/hppa/sockbits.h
index 5044619e16..2641aea859 100644
--- a/linux-user/hppa/sockbits.h
+++ b/linux-user/hppa/sockbits.h
@@ -64,34 +64,7 @@
 
 #define TARGET_SO_CNX_ADVICE   0x402E
 
-/** sock_type - Socket types - default values
- *
- *
- * @SOCK_STREAM - stream (connection) socket
- * @SOCK_DGRAM - datagram (conn.less) socket
- * @SOCK_RAW - raw socket
- * @SOCK_RDM - reliably-delivered message
- * @SOCK_SEQPACKET - sequential packet socket
- * @SOCK_DCCP - Datagram Congestion Control Protocol socket
- * @SOCK_PACKET - linux specific way of getting packets at the dev level.
- *For writing rarp and other similar things on the user
- *level.
- * @SOCK_CLOEXEC - sets the close-on-exec (FD_CLOEXEC) flag.
- * @SOCK_NONBLOCK - sets the O_NONBLOCK file status flag.
+/* TARGET_O_NONBLOCK clashes with the bits used for socket types.  Therefore we
+ * have to define SOCK_NONBLOCK to a different value here.
  */
-enum sock_type {
-   TARGET_SOCK_STREAM  = 1,
-   TARGET_SOCK_DGRAM   = 2,
-   TARGET_SOCK_RAW = 3,
-   TARGET_SOCK_RDM = 4,
-   TARGET_SOCK_SEQPACKET   = 5,
-   TARGET_SOCK_DCCP= 6,
-   TARGET_SOCK_PACKET  = 10,
-   TARGET_SOCK_CLOEXEC = 01000,
-   TARGET_SOCK_NONBLOCK= 0x4000,
-};
-
-#define TARGET_SOCK_MAX (TARGET_SOCK_PACKET + 1)
-#define TARGET_SOCK_TYPE_MASK0xf  /* Covers up to TARGET_SOCK_MAX-1. */
-
-#define ARCH_HAS_SOCKET_TYPES 1
+#define TARGET_SOCK_NONBLOCK   0x4000
diff --git a/linux-user/mips/sockbits.h b/linux-user/mips/sockbits.h
index 3fe5ac88e7..370d13ed86 100644
--- a/linux-user/mips/sockbits.h
+++ b/linux-user/mips/sockbits.h
@@ -91,7 +91,7 @@
  * @SOCK_NONBLOCK - sets the O_NONBLOCK file status flag.
  */
 
-#define ARCH_HAS_SOCKET_TYPES  1
+#define TARGET_ARCH_HAS_SOCKET_TYPES  1
 
 enum sock_type {
TARGET_SOCK_DGRAM   = 1,
@@ -101,10 +101,13 @@ enum sock_type {
TARGET_SOCK_SEQPACKET   = 5,
TARGET_SOCK_DCCP= 6,
TARGET_SOCK_PACKET  = 10,
-   TARGET_SOCK_CLOEXEC = 0200,
-   TARGET_SOCK_NONBLOCK= 0200,
 };
 
 #define TARGET_SOCK_MAX (TARGET_SOCK_PACKET + 1)
 #define TARGET_SOCK_TYPE_MASK0xf  /* Covers up to TARGET_SOCK_MAX-1. */
+
+/* Flags for socket, socketpair, paccept */
+#define TARGET_SOCK_CLOEXECTARGET_O_CLOEXEC
+#define TARGET_SOCK_NONBLOCK   TARGET_O_NONBLOCK
+
 #endif
diff --git a/linux-user/socket.h b/linux-user/socket.h
index 135f438bdf..4c0b5c2dfa 100644
--- a/linux-user/socket.h
+++ b/linux-user/socket.h
@@ -1,35 +1,37 @@
-
 #inc

[Qemu-devel] [PULL 09/13] linux-user: move ppc socket.h definitions to ppc/sockbits.h

[Laurent Vivier]

Change conditional #ifdef part by #undef of the symbols
redefined for PPC relative to generic/socket.h

Signed-off-by: Laurent Vivier 
Reviewed-by: Peter Maydell 
Message-Id: <20180519092956.15134-6-laur...@vivier.eu>
---
 linux-user/generic/sockbits.h |  9 -
 linux-user/ppc/sockbits.h | 25 +
 2 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/linux-user/generic/sockbits.h b/linux-user/generic/sockbits.h
index 093faf0a48..99505f1f85 100644
--- a/linux-user/generic/sockbits.h
+++ b/linux-user/generic/sockbits.h
@@ -30,21 +30,12 @@
 #define TARGET_SO_LINGER   13
 #define TARGET_SO_BSDCOMPAT14
 /* To add :#define TARGET_SO_REUSEPORT 15 */
-#if defined(TARGET_PPC)
-#define TARGET_SO_RCVLOWAT 16
-#define TARGET_SO_SNDLOWAT 17
-#define TARGET_SO_RCVTIMEO 18
-#define TARGET_SO_SNDTIMEO 19
-#define TARGET_SO_PASSCRED 20
-#define TARGET_SO_PEERCRED 21
-#else
 #define TARGET_SO_PASSCRED 16
 #define TARGET_SO_PEERCRED 17
 #define TARGET_SO_RCVLOWAT 18
 #define TARGET_SO_SNDLOWAT 19
 #define TARGET_SO_RCVTIMEO 20
 #define TARGET_SO_SNDTIMEO 21
-#endif
 
 /* Security levels - as per NRL IPv6 - don't actually do anything */
 #define TARGET_SO_SECURITY_AUTHENTICATION  22
diff --git a/linux-user/ppc/sockbits.h b/linux-user/ppc/sockbits.h
index 0e4c8f012d..ee453347a3 100644
--- a/linux-user/ppc/sockbits.h
+++ b/linux-user/ppc/sockbits.h
@@ -1 +1,26 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or (at your option) any
+ * later version. See the COPYING file in the top-level directory.
+ */
+
+#ifndef PPC_SOCKBITS_H
+#define PPC_SOCKBITS_H
+
 #include "../generic/sockbits.h"
+
+#undef  TARGET_SO_RCVLOWAT
+#define TARGET_SO_RCVLOWAT 16
+#undef  TARGET_SO_SNDLOWAT
+#define TARGET_SO_SNDLOWAT 17
+#undef  TARGET_SO_RCVTIMEO
+#define TARGET_SO_RCVTIMEO 18
+#undef  TARGET_SO_SNDTIMEO
+#define TARGET_SO_SNDTIMEO 19
+#undef  TARGET_SO_PASSCRED
+#define TARGET_SO_PASSCRED 20
+#undef  TARGET_SO_PEERCRED
+#define TARGET_SO_PEERCRED 21
+
+#endif
-- 
2.14.3

[Qemu-devel] [PULL 13/13] gdbstub: Clarify what gdb_handlesig() is doing

[Laurent Vivier]

From: Peter Maydell 

gdb_handlesig()'s behaviour is not entirely obvious at first
glance. Add a doc comment for it, and also add a comment
explaining why it's ok for gdb_do_syscallv() to ignore
gdb_handlesig()'s return value. (Coverity complains about
this: CID 1390850.)

Signed-off-by: Peter Maydell 
Message-Id: <20180515181958.25837-1-peter.mayd...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 gdbstub.c  |  6 ++
 include/exec/gdbstub.h | 15 +++
 2 files changed, 21 insertions(+)

diff --git a/gdbstub.c b/gdbstub.c
index e4ece2f5bc..6081e719c5 100644
--- a/gdbstub.c
+++ b/gdbstub.c
@@ -1558,6 +1558,12 @@ void gdb_do_syscallv(gdb_syscall_complete_cb cb, const 
char *fmt, va_list va)
 *p = 0;
 #ifdef CONFIG_USER_ONLY
 put_packet(s, s->syscall_buf);
+/* Return control to gdb for it to process the syscall request.
+ * Since the protocol requires that gdb hands control back to us
+ * using a "here are the results" F packet, we don't need to check
+ * gdb_handlesig's return value (which is the signal to deliver if
+ * execution was resumed via a continue packet).
+ */
 gdb_handlesig(s->c_cpu, 0);
 #else
 /* In this case wait to send the syscall packet until notification that
diff --git a/include/exec/gdbstub.h b/include/exec/gdbstub.h
index 2e8a4b83b9..08363969c1 100644
--- a/include/exec/gdbstub.h
+++ b/include/exec/gdbstub.h
@@ -48,6 +48,21 @@ int use_gdb_syscalls(void);
 void gdb_set_stop_cpu(CPUState *cpu);
 void gdb_exit(CPUArchState *, int);
 #ifdef CONFIG_USER_ONLY
+/**
+ * gdb_handlesig: yield control to gdb
+ * @cpu: CPU
+ * @sig: if non-zero, the signal number which caused us to stop
+ *
+ * This function yields control to gdb, when a user-mode-only target
+ * needs to stop execution. If @sig is non-zero, then we will send a
+ * stop packet to tell gdb that we have stopped because of this signal.
+ *
+ * This function will block (handling protocol requests from gdb)
+ * until gdb tells us to continue target execution. When it does
+ * return, the return value is a signal to deliver to the target,
+ * or 0 if no signal should be delivered, ie the signal that caused
+ * us to stop should be ignored.
+ */
 int gdb_handlesig(CPUState *, int);
 void gdb_signalled(CPUArchState *, int);
 void gdbserver_fork(CPUState *);
-- 
2.14.3

[Qemu-devel] [PULL 04/13] linux-user: Fix payload size logic in host_to_target_cmsg()

[Laurent Vivier]

From: Peter Maydell 

Coverity points out that there's a missing break in the switch in
host_to_target_cmsg() where we update tgt_len for
cmsg_level/cmsg_type combinations which require a different length
for host and target (CID 1385425).  To avoid duplicating the default
case (target length same as host) in both switches, set that before
the switch so that only the cases which want to override it need any
code.

This fixes a bug where we would have used the wrong length
for SOL_SOCKET/SO_TIMESTAMP messages where the target and
host have differently sized 'struct timeval' (ie one is 32
bit and the other is 64 bit).

Signed-off-by: Peter Maydell 
Reviewed-by: Laurent Vivier 
Message-Id: <20180518184715.29833-1-peter.mayd...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 linux-user/syscall.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dd77f86ea2..d02c16bbc6 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1848,6 +1848,7 @@ static inline abi_long host_to_target_cmsg(struct 
target_msghdr *target_msgh,
 /* Payload types which need a different size of payload on
  * the target must adjust tgt_len here.
  */
+tgt_len = len;
 switch (cmsg->cmsg_level) {
 case SOL_SOCKET:
 switch (cmsg->cmsg_type) {
@@ -1857,8 +1858,8 @@ static inline abi_long host_to_target_cmsg(struct 
target_msghdr *target_msgh,
 default:
 break;
 }
+break;
 default:
-tgt_len = len;
 break;
 }
 
-- 
2.14.3

[Qemu-devel] [PULL 06/13] linux-user: move alpha socket.h definitions to alpha/sockbits.h

[Laurent Vivier]

No code change.

Signed-off-by: Laurent Vivier 
Reviewed-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20180519092956.15134-3-laur...@vivier.eu>
---
 linux-user/alpha/sockbits.h | 113 
 linux-user/socket.h | 106 +
 2 files changed, 114 insertions(+), 105 deletions(-)
 create mode 100644 linux-user/alpha/sockbits.h

diff --git a/linux-user/alpha/sockbits.h b/linux-user/alpha/sockbits.h
new file mode 100644
index 00..4db3e52b67
--- /dev/null
+++ b/linux-user/alpha/sockbits.h
@@ -0,0 +1,113 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or (at your option) any
+ * later version. See the COPYING file in the top-level directory.
+ */
+
+#ifndef ALPHA_SOCKBITS_H
+#define ALPHA_SOCKBITS_H
+
+/* For setsockopt(2) */
+#define TARGET_SOL_SOCKET   0x
+
+#define TARGET_SO_DEBUG 0x0001
+#define TARGET_SO_REUSEADDR 0x0004
+#define TARGET_SO_KEEPALIVE 0x0008
+#define TARGET_SO_DONTROUTE 0x0010
+#define TARGET_SO_BROADCAST 0x0020
+#define TARGET_SO_LINGER0x0080
+#define TARGET_SO_OOBINLINE 0x0100
+/* To add :#define TARGET_SO_REUSEPORT 0x0200 */
+
+#define TARGET_SO_TYPE  0x1008
+#define TARGET_SO_ERROR 0x1007
+#define TARGET_SO_SNDBUF0x1001
+#define TARGET_SO_RCVBUF0x1002
+#define TARGET_SO_SNDBUFFORCE   0x100a
+#define TARGET_SO_RCVBUFFORCE   0x100b
+#define TARGET_SO_RCVLOWAT  0x1010
+#define TARGET_SO_SNDLOWAT  0x1011
+#define TARGET_SO_RCVTIMEO  0x1012
+#define TARGET_SO_SNDTIMEO  0x1013
+#define TARGET_SO_ACCEPTCONN0x1014
+#define TARGET_SO_PROTOCOL  0x1028
+#define TARGET_SO_DOMAIN0x1029
+
+/* linux-specific, might as well be the same as on i386 */
+#define TARGET_SO_NO_CHECK  11
+#define TARGET_SO_PRIORITY  12
+#define TARGET_SO_BSDCOMPAT 14
+
+#define TARGET_SO_PASSCRED  17
+#define TARGET_SO_PEERCRED  18
+#define TARGET_SO_BINDTODEVICE 25
+
+/* Socket filtering */
+#define TARGET_SO_ATTACH_FILTER26
+#define TARGET_SO_DETACH_FILTER27
+
+#define TARGET_SO_PEERNAME  28
+#define TARGET_SO_TIMESTAMP 29
+#define TARGET_SCM_TIMESTAMPTARGET_SO_TIMESTAMP
+
+#define TARGET_SO_PEERSEC   30
+#define TARGET_SO_PASSSEC   34
+#define TARGET_SO_TIMESTAMPNS   35
+#define TARGET_SCM_TIMESTAMPNS  TARGET_SO_TIMESTAMPNS
+
+/* Security levels - as per NRL IPv6 - don't actually do anything */
+#define TARGET_SO_SECURITY_AUTHENTICATION   19
+#define TARGET_SO_SECURITY_ENCRYPTION_TRANSPORT 20
+#define TARGET_SO_SECURITY_ENCRYPTION_NETWORK   21
+
+#define TARGET_SO_MARK  36
+
+#define TARGET_SO_TIMESTAMPING  37
+#define TARGET_SCM_TIMESTAMPING TARGET_SO_TIMESTAMPING
+
+#define TARGET_SO_RXQ_OVFL 40
+
+#define TARGET_SO_WIFI_STATUS   41
+#define TARGET_SCM_WIFI_STATUS  TARGET_SO_WIFI_STATUS
+#define TARGET_SO_PEEK_OFF  42
+
+/* Instruct lower device to use last 4-bytes of skb data as FCS */
+#define TARGET_SO_NOFCS 43
+
+/** sock_type - Socket types
+ *
+ * Please notice that for binary compat reasons ALPHA has to
+ * override the enum sock_type in include/linux/net.h, so
+ * we define ARCH_HAS_SOCKET_TYPES here.
+ *
+ * @SOCK_DGRAM - datagram (conn.less) socket
+ * @SOCK_STREAM - stream (connection) socket
+ * @SOCK_RAW - raw socket
+ * @SOCK_RDM - reliably-delivered message
+ * @SOCK_SEQPACKET - sequential packet socket
+ * @SOCK_DCCP - Datagram Congestion Control Protocol socket
+ * @SOCK_PACKET - linux specific way of getting packets at the dev level.
+ *For writing rarp and other similar things on the user
+ *level.
+ * @SOCK_CLOEXEC - sets the close-on-exec (FD_CLOEXEC) flag.
+ * @SOCK_NONBLOCK - sets the O_NONBLOCK file status flag.
+ */
+
+#define ARCH_HAS_SOCKET_TYPES  1
+
+enum sock_type {
+   TARGET_SOCK_STREAM  = 1,
+   TARGET_SOCK_DGRAM   = 2,
+   TARGET_SOCK_RAW = 3,
+   TARGET_SOCK_RDM = 4,
+   TARGET_SOCK_SEQPACKET   = 5,
+   TARGET_SOCK_DCCP= 6,
+   TARGET_SOCK_PACKET  = 10,
+   TARGET_SOCK_CLOEXEC = 01000,
+   TARGET_SOCK_NONBLOCK= 0100,
+};
+
+#define TARGET_SOCK_MAX (TARGET_SOCK_PACKET + 1)
+#define TARGET_SOCK_TYPE_MASK0xf  /* Covers up to TARGET_SOCK_MAX-1. */
+#endif
diff --git a/linux-user/socket.h b/linux-user/socket.h
index 9c57da7a61..1328906205 100644
--- a/linux-user/socket.h
+++ b/linux-user/socket.h
@@ -1,110 +1,6 @@
 
-#if defined(TARGET_MIPS) || defined(TARGET_HPPA)
+#if defined(TARGET_MIPS) || defined(TARGET_HPPA) || defined(TARGET_ALPHA)
 #include "sockbits.h"
-#elif defined(TARGET_ALPHA)
-
-/* For setsockopt(2) */
-#define TARGET_SOL_SOCKET   0x
-
-#define TARGET_SO_DEBUG 0x0001
-#define TARGET_SO_REUSEADDR 0x0004
-#define TARGET_SO_KEEPALIVE 0x0008
-#d

[Qemu-devel] [PULL 01/13] linux-user: Assert on bad type in thunk_type_align() and thunk_type_size()

[Laurent Vivier]

From: Peter Maydell 

In thunk_type_align() and thunk_type_size() we currently return
-1 if the value at the type_ptr isn't one of the TYPE_* values
we understand. However, this should never happen, and if it does
then the calling code will go confusingly wrong because none
of the callsites try to handle an error return. Switch to an
assertion instead, so that if this does somehow happen we'll have
a nice clear backtrace of what happened rather than a weird crash
or misbehaviour.

This also silences various Coverity complaints about not handling
the negative return value (CID 1005735, 1005736, 1005738, 1390582).

Signed-off-by: Peter Maydell 
Reviewed-by: Laurent Vivier 
Message-Id: <20180514174616.19601-1-peter.mayd...@linaro.org>
Signed-off-by: Laurent Vivier 
---
 include/exec/user/thunk.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/exec/user/thunk.h b/include/exec/user/thunk.h
index 8f55b233b3..8d3af5a3be 100644
--- a/include/exec/user/thunk.h
+++ b/include/exec/user/thunk.h
@@ -135,7 +135,7 @@ static inline int thunk_type_size(const argtype *type_ptr, 
int is_host)
 se = struct_entries + type_ptr[1];
 return se->size[is_host];
 default:
-return -1;
+g_assert_not_reached();
 }
 }
 
@@ -185,7 +185,7 @@ static inline int thunk_type_align(const argtype *type_ptr, 
int is_host)
 se = struct_entries + type_ptr[1];
 return se->align[is_host];
 default:
-return -1;
+g_assert_not_reached();
 }
 }
 
-- 
2.14.3

[Qemu-devel] [PULL 00/13] Linux user for 2.13 patches

[Laurent Vivier]

The following changes since commit 62b9b076d9d37117696ec64f0b3544c1205ff7f9:

  Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180524-pull-request' 
into staging (2018-05-24 17:48:01 +0100)

are available in the Git repository at:

  git://github.com/vivier/qemu.git tags/linux-user-for-2.13-pull-request

for you to fetch changes up to 4f71086665360eb15cb0cc3392bd5063f26ee934:

  gdbstub: Clarify what gdb_handlesig() is doing (2018-05-25 10:10:55 +0200)


This pull request includes:
- fixes for some comments
- netlink update and fix
- rework/cleanup fo socket.h,
  including fixes for SPARC part.



Igor Mammedov (1):
  linux-user: update comments to point to tcg_exec_init()

Laurent Vivier (9):
  linux-user: update netlink emulation
  linux-user: move mips socket.h definitions to mips/sockbits.h
  linux-user: move alpha socket.h definitions to alpha/sockbits.h
  linux-user: move sparc/sparc64 socket.h definitions to
sparc/sockbits.h
  linux-user: move socket.h generic definitions to generic/sockbits.h
  linux-user: move ppc socket.h definitions to ppc/sockbits.h
  linux-user: update ARCH_HAS_SOCKET_TYPES use
  linux-user: copy sparc/sockbits.h definitions from linux
  linux-user: define TARGET_SO_REUSEPORT

Peter Maydell (3):
  linux-user: Assert on bad type in thunk_type_align() and
thunk_type_size()
  linux-user: Fix payload size logic in host_to_target_cmsg()
  gdbstub: Clarify what gdb_handlesig() is doing

 bsd-user/main.c  |   7 +-
 gdbstub.c|   6 +
 include/exec/gdbstub.h   |  15 ++
 include/exec/user/thunk.h|   4 +-
 linux-user/aarch64/sockbits.h|   1 +
 linux-user/alpha/sockbits.h  |  83 +
 linux-user/arm/sockbits.h|   1 +
 linux-user/cris/sockbits.h   |   1 +
 linux-user/generic/sockbits.h|  58 ++
 linux-user/hppa/sockbits.h   |  33 +---
 linux-user/i386/sockbits.h   |   1 +
 linux-user/m68k/sockbits.h   |   1 +
 linux-user/main.c|   5 +-
 linux-user/microblaze/sockbits.h |   1 +
 linux-user/mips/sockbits.h   | 110 
 linux-user/mips64/sockbits.h |   1 +
 linux-user/nios2/sockbits.h  |   1 +
 linux-user/openrisc/sockbits.h   |   1 +
 linux-user/ppc/sockbits.h|  26 +++
 linux-user/riscv/sockbits.h  |   1 +
 linux-user/s390x/sockbits.h  |   1 +
 linux-user/sh4/sockbits.h|   1 +
 linux-user/socket.h  | 377 ---
 linux-user/sparc/sockbits.h  | 111 
 linux-user/sparc64/sockbits.h|   1 +
 linux-user/syscall.c |  61 ++-
 linux-user/tilegx/sockbits.h |   1 +
 linux-user/x86_64/sockbits.h |   1 +
 linux-user/xtensa/sockbits.h |   1 +
 29 files changed, 532 insertions(+), 380 deletions(-)
 create mode 100644 linux-user/aarch64/sockbits.h
 create mode 100644 linux-user/alpha/sockbits.h
 create mode 100644 linux-user/arm/sockbits.h
 create mode 100644 linux-user/cris/sockbits.h
 create mode 100644 linux-user/generic/sockbits.h
 create mode 100644 linux-user/i386/sockbits.h
 create mode 100644 linux-user/m68k/sockbits.h
 create mode 100644 linux-user/microblaze/sockbits.h
 create mode 100644 linux-user/mips/sockbits.h
 create mode 100644 linux-user/mips64/sockbits.h
 create mode 100644 linux-user/nios2/sockbits.h
 create mode 100644 linux-user/openrisc/sockbits.h
 create mode 100644 linux-user/ppc/sockbits.h
 create mode 100644 linux-user/riscv/sockbits.h
 create mode 100644 linux-user/s390x/sockbits.h
 create mode 100644 linux-user/sh4/sockbits.h
 create mode 100644 linux-user/sparc/sockbits.h
 create mode 100644 linux-user/sparc64/sockbits.h
 create mode 100644 linux-user/tilegx/sockbits.h
 create mode 100644 linux-user/x86_64/sockbits.h
 create mode 100644 linux-user/xtensa/sockbits.h

-- 
2.14.3

[Qemu-devel] [PULL 07/13] linux-user: move sparc/sparc64 socket.h definitions to sparc/sockbits.h

[Laurent Vivier]

No code change.

Signed-off-by: Laurent Vivier 
Reviewed-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20180519092956.15134-4-laur...@vivier.eu>
---
 linux-user/socket.h   | 44 +---
 linux-user/sparc/sockbits.h   | 94 +++
 linux-user/sparc64/sockbits.h |  1 +
 3 files changed, 97 insertions(+), 42 deletions(-)
 create mode 100644 linux-user/sparc/sockbits.h
 create mode 100644 linux-user/sparc64/sockbits.h

diff --git a/linux-user/socket.h b/linux-user/socket.h
index 1328906205..8eb62ea3f2 100644
--- a/linux-user/socket.h
+++ b/linux-user/socket.h
@@ -1,49 +1,9 @@
 
-#if defined(TARGET_MIPS) || defined(TARGET_HPPA) || defined(TARGET_ALPHA)
+#if defined(TARGET_MIPS) || defined(TARGET_HPPA) || defined(TARGET_ALPHA) || \
+defined(TARGET_SPARC)
 #include "sockbits.h"
-#else
-
-#if defined(TARGET_SPARC)
-/** sock_type - Socket types
- *
- * Please notice that for binary compat reasons SPARC has to
- * override the enum sock_type in include/linux/net.h, so
- * we define ARCH_HAS_SOCKET_TYPES here.
- *
- * @SOCK_DGRAM - datagram (conn.less) socket
- * @SOCK_STREAM - stream (connection) socket
- * @SOCK_RAW - raw socket
- * @SOCK_RDM - reliably-delivered message
- * @SOCK_SEQPACKET - sequential packet socket
- * @SOCK_DCCP - Datagram Congestion Control Protocol socket
- * @SOCK_PACKET - linux specific way of getting packets at the dev level.
- *For writing rarp and other similar things on the user
- *level.
- * @SOCK_CLOEXEC - sets the close-on-exec (FD_CLOEXEC) flag.
- * @SOCK_NONBLOCK - sets the O_NONBLOCK file status flag.
- */
-
-#define ARCH_HAS_SOCKET_TYPES  1
-
-enum sock_type {
-   TARGET_SOCK_STREAM  = 1,
-   TARGET_SOCK_DGRAM   = 2,
-   TARGET_SOCK_RAW = 3,
-   TARGET_SOCK_RDM = 4,
-   TARGET_SOCK_SEQPACKET   = 5,
-   TARGET_SOCK_DCCP= 6,
-   TARGET_SOCK_PACKET  = 10,
-   TARGET_SOCK_CLOEXEC = 02000,
-   TARGET_SOCK_NONBLOCK= 04,
-};
-
-#define TARGET_SOCK_MAX (TARGET_SOCK_PACKET + 1)
-#define TARGET_SOCK_TYPE_MASK0xf  /* Covers up to TARGET_SOCK_MAX-1. */
-
-#define TARGET_SO_PASSSEC31
 #else
 #define TARGET_SO_PASSSEC34
-#endif
 
 /* For setsockopt(2) */
 #define TARGET_SOL_SOCKET  1
diff --git a/linux-user/sparc/sockbits.h b/linux-user/sparc/sockbits.h
new file mode 100644
index 00..385061c8b0
--- /dev/null
+++ b/linux-user/sparc/sockbits.h
@@ -0,0 +1,94 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or (at your option) any
+ * later version. See the COPYING file in the top-level directory.
+ */
+
+#ifndef SPARC_SOCKBITS_H
+#define SPARC_SOCKBITS_H
+
+/** sock_type - Socket types
+ *
+ * Please notice that for binary compat reasons SPARC has to
+ * override the enum sock_type in include/linux/net.h, so
+ * we define ARCH_HAS_SOCKET_TYPES here.
+ *
+ * @SOCK_DGRAM - datagram (conn.less) socket
+ * @SOCK_STREAM - stream (connection) socket
+ * @SOCK_RAW - raw socket
+ * @SOCK_RDM - reliably-delivered message
+ * @SOCK_SEQPACKET - sequential packet socket
+ * @SOCK_DCCP - Datagram Congestion Control Protocol socket
+ * @SOCK_PACKET - linux specific way of getting packets at the dev level.
+ *For writing rarp and other similar things on the user
+ *level.
+ * @SOCK_CLOEXEC - sets the close-on-exec (FD_CLOEXEC) flag.
+ * @SOCK_NONBLOCK - sets the O_NONBLOCK file status flag.
+ */
+
+#define ARCH_HAS_SOCKET_TYPES  1
+
+enum sock_type {
+   TARGET_SOCK_STREAM  = 1,
+   TARGET_SOCK_DGRAM   = 2,
+   TARGET_SOCK_RAW = 3,
+   TARGET_SOCK_RDM = 4,
+   TARGET_SOCK_SEQPACKET   = 5,
+   TARGET_SOCK_DCCP= 6,
+   TARGET_SOCK_PACKET  = 10,
+   TARGET_SOCK_CLOEXEC = 02000,
+   TARGET_SOCK_NONBLOCK= 04,
+};
+
+#define TARGET_SOCK_MAX (TARGET_SOCK_PACKET + 1)
+#define TARGET_SOCK_TYPE_MASK0xf  /* Covers up to TARGET_SOCK_MAX-1. */
+
+#define TARGET_SO_PASSSEC31
+
+/* For setsockopt(2) */
+#define TARGET_SOL_SOCKET  1
+
+#define TARGET_SO_DEBUG1
+#define TARGET_SO_REUSEADDR2
+#define TARGET_SO_TYPE 3
+#define TARGET_SO_ERROR4
+#define TARGET_SO_DONTROUTE5
+#define TARGET_SO_BROADCAST6
+#define TARGET_SO_SNDBUF   7
+#define TARGET_SO_RCVBUF   8
+#define TARGET_SO_SNDBUFFORCE  32
+#define TARGET_SO_RCVBUFFORCE  33
+#define TARGET_SO_KEEPALIVE9
+#define TARGET_SO_OOBINLINE10
+#define TARGET_SO_NO_CHECK 11
+#define TARGET_SO_PRIORITY 12
+#define TARGET_SO_LINGER   13
+#define TARGET_SO_BS

[Qemu-devel] [PULL 12/13] linux-user: define TARGET_SO_REUSEPORT

[Laurent Vivier]

Signed-off-by: Laurent Vivier 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20180519092956.15134-9-laur...@vivier.eu>
---
 linux-user/alpha/sockbits.h   | 2 +-
 linux-user/generic/sockbits.h | 2 +-
 linux-user/mips/sockbits.h| 3 ---
 3 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/linux-user/alpha/sockbits.h b/linux-user/alpha/sockbits.h
index f5397dd875..d54dc98c09 100644
--- a/linux-user/alpha/sockbits.h
+++ b/linux-user/alpha/sockbits.h
@@ -18,7 +18,7 @@
 #define TARGET_SO_BROADCAST 0x0020
 #define TARGET_SO_LINGER0x0080
 #define TARGET_SO_OOBINLINE 0x0100
-/* To add :#define TARGET_SO_REUSEPORT 0x0200 */
+#define TARGET_SO_REUSEPORT 0x0200
 
 #define TARGET_SO_TYPE  0x1008
 #define TARGET_SO_ERROR 0x1007
diff --git a/linux-user/generic/sockbits.h b/linux-user/generic/sockbits.h
index 99505f1f85..e44733c601 100644
--- a/linux-user/generic/sockbits.h
+++ b/linux-user/generic/sockbits.h
@@ -29,7 +29,7 @@
 #define TARGET_SO_PRIORITY 12
 #define TARGET_SO_LINGER   13
 #define TARGET_SO_BSDCOMPAT14
-/* To add :#define TARGET_SO_REUSEPORT 15 */
+#define TARGET_SO_REUSEPORT15
 #define TARGET_SO_PASSCRED 16
 #define TARGET_SO_PEERCRED 17
 #define TARGET_SO_RCVLOWAT 18
diff --git a/linux-user/mips/sockbits.h b/linux-user/mips/sockbits.h
index 370d13ed86..0f022cd598 100644
--- a/linux-user/mips/sockbits.h
+++ b/linux-user/mips/sockbits.h
@@ -28,10 +28,7 @@
 */
 #define TARGET_SO_OOBINLINE 0x0100 /* Receive out-of-band data in-band.
 */
-#if 0
-/* To add: Allow local address and port reuse. */
 #define TARGET_SO_REUSEPORT 0x0200
-#endif
 
 #define TARGET_SO_TYPE 0x1008  /* Compatible name for SO_STYLE. */
 #define TARGET_SO_STYLESO_TYPE /* Synonym */
-- 
2.14.3

[Qemu-devel] [PULL 02/13] linux-user: update netlink emulation

[Laurent Vivier]

Update enums with entries from linux 4.17

Translate entries that generate logs with iproute2 4.9.0 and
host kernel 4.15:

  # ip address show
  Unknown host QEMU_IFLA type: 43
  Unknown host QEMU_IFLA type: 43
  Unknown host QEMU_IFLA type: 43
  Unknown QEMU_IFLA_BR type 41
  Unknown QEMU_IFLA_BR type 42
  Unknown QEMU_IFLA_BR type 43
  Unknown QEMU_IFLA_BR type 44
  Unknown host QEMU_IFLA type: 43
  Unknown QEMU_IFLA_BR type 41
  Unknown QEMU_IFLA_BR type 42
  Unknown QEMU_IFLA_BR type 43
  Unknown QEMU_IFLA_BR type 44
  Unknown host QEMU_IFLA type: 43

Signed-off-by: Laurent Vivier 
Message-Id: <20180516221213.1-1-laur...@vivier.eu>
---
 linux-user/syscall.c | 58 
 1 file changed, 58 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index af8603f1b7..dd77f86ea2 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -405,6 +405,8 @@ enum {
 QEMU_IFLA_BR_PAD,
 QEMU_IFLA_BR_VLAN_STATS_ENABLED,
 QEMU_IFLA_BR_MCAST_STATS_ENABLED,
+QEMU_IFLA_BR_MCAST_IGMP_VERSION,
+QEMU_IFLA_BR_MCAST_MLD_VERSION,
 QEMU___IFLA_BR_MAX,
 };
 
@@ -453,6 +455,12 @@ enum {
 QEMU_IFLA_GSO_MAX_SIZE,
 QEMU_IFLA_PAD,
 QEMU_IFLA_XDP,
+QEMU_IFLA_EVENT,
+QEMU_IFLA_NEW_NETNSID,
+QEMU_IFLA_IF_NETNSID,
+QEMU_IFLA_CARRIER_UP_COUNT,
+QEMU_IFLA_CARRIER_DOWN_COUNT,
+QEMU_IFLA_NEW_IFINDEX,
 QEMU___IFLA_MAX
 };
 
@@ -484,6 +492,12 @@ enum {
 QEMU_IFLA_BRPORT_FLUSH,
 QEMU_IFLA_BRPORT_MULTICAST_ROUTER,
 QEMU_IFLA_BRPORT_PAD,
+QEMU_IFLA_BRPORT_MCAST_FLOOD,
+QEMU_IFLA_BRPORT_MCAST_TO_UCAST,
+QEMU_IFLA_BRPORT_VLAN_TUNNEL,
+QEMU_IFLA_BRPORT_BCAST_FLOOD,
+QEMU_IFLA_BRPORT_GROUP_FWD_MASK,
+QEMU_IFLA_BRPORT_NEIGH_SUPPRESS,
 QEMU___IFLA_BRPORT_MAX
 };
 
@@ -516,6 +530,15 @@ enum {
 QEMU___IFLA_INET6_MAX
 };
 
+enum {
+QEMU_IFLA_XDP_UNSPEC,
+QEMU_IFLA_XDP_FD,
+QEMU_IFLA_XDP_ATTACHED,
+QEMU_IFLA_XDP_FLAGS,
+QEMU_IFLA_XDP_PROG_ID,
+QEMU___IFLA_XDP_MAX,
+};
+
 typedef abi_long (*TargetFdDataFunc)(void *, size_t);
 typedef abi_long (*TargetFdAddrFunc)(void *, abi_ulong, socklen_t);
 typedef struct TargetFdTrans {
@@ -2182,6 +2205,10 @@ static abi_long host_to_target_data_bridge_nlattr(struct 
nlattr *nlattr,
 case QEMU_IFLA_BR_NF_CALL_IPTABLES:
 case QEMU_IFLA_BR_NF_CALL_IP6TABLES:
 case QEMU_IFLA_BR_NF_CALL_ARPTABLES:
+case QEMU_IFLA_BR_VLAN_STATS_ENABLED:
+case QEMU_IFLA_BR_MCAST_STATS_ENABLED:
+case QEMU_IFLA_BR_MCAST_IGMP_VERSION:
+case QEMU_IFLA_BR_MCAST_MLD_VERSION:
 break;
 /* uint16_t */
 case QEMU_IFLA_BR_PRIORITY:
@@ -2253,6 +2280,11 @@ static abi_long 
host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
 case QEMU_IFLA_BRPORT_TOPOLOGY_CHANGE_ACK:
 case QEMU_IFLA_BRPORT_CONFIG_PENDING:
 case QEMU_IFLA_BRPORT_MULTICAST_ROUTER:
+case QEMU_IFLA_BRPORT_MCAST_FLOOD:
+case QEMU_IFLA_BRPORT_MCAST_TO_UCAST:
+case QEMU_IFLA_BRPORT_VLAN_TUNNEL:
+case QEMU_IFLA_BRPORT_BCAST_FLOOD:
+case QEMU_IFLA_BRPORT_NEIGH_SUPPRESS:
 break;
 /* uint16_t */
 case QEMU_IFLA_BRPORT_PRIORITY:
@@ -2260,6 +2292,7 @@ static abi_long 
host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
 case QEMU_IFLA_BRPORT_DESIGNATED_COST:
 case QEMU_IFLA_BRPORT_ID:
 case QEMU_IFLA_BRPORT_NO:
+case QEMU_IFLA_BRPORT_GROUP_FWD_MASK:
 u16 = NLA_DATA(nlattr);
 *u16 = tswap16(*u16);
 break;
@@ -2434,6 +2467,27 @@ static abi_long host_to_target_data_spec_nlattr(struct 
nlattr *nlattr,
 return 0;
 }
 
+static abi_long host_to_target_data_xdp_nlattr(struct nlattr *nlattr,
+   void *context)
+{
+uint32_t *u32;
+
+switch (nlattr->nla_type) {
+/* uint8_t */
+case QEMU_IFLA_XDP_ATTACHED:
+break;
+/* uint32_t */
+case QEMU_IFLA_XDP_PROG_ID:
+u32 = NLA_DATA(nlattr);
+*u32 = tswap32(*u32);
+break;
+default:
+gemu_log("Unknown host XDP type: %d\n", nlattr->nla_type);
+break;
+}
+return 0;
+}
+
 static abi_long host_to_target_data_link_rtattr(struct rtattr *rtattr)
 {
 uint32_t *u32;
@@ -2559,6 +2613,10 @@ static abi_long host_to_target_data_link_rtattr(struct 
rtattr *rtattr)
 return host_to_target_for_each_nlattr(RTA_DATA(rtattr), 
rtattr->rta_len,
   NULL,
  host_to_target_data_spec_nlattr);
+case QEMU_IFLA_XDP:
+return host_to_target_for_each_nlattr(RTA_DATA(rtattr), 
rtattr->rta_len,
+  NULL,
+
host_to_target_data_xdp_nlattr);
 default:
 gemu_log("Unknown host QEMU_IFLA type: %d\n", rtattr->rta_type);
 break;
-- 
2.14.3

[Qemu-devel] [PULL 03/13] linux-user: update comments to point to tcg_exec_init()

[Laurent Vivier]

From: Igor Mammedov 

cpu_init() was replaced by cpu_create() since 2.12 but comments
weren't updated. So update stale comments to point that page
sizes arei actually initialized by tcg_exec_init(). Also move
another qemu_host_page_size related comment before tcg_exec_init()
where it belongs.

Signed-off-by: Igor Mammedov 
Reviewed-by: Laurent Vivier 
Message-Id: <1526557877-293151-1-git-send-email-imamm...@redhat.com>
Signed-off-by: Laurent Vivier 
---
 bsd-user/main.c   | 7 ---
 linux-user/main.c | 5 ++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/bsd-user/main.c b/bsd-user/main.c
index 283dc6fd25..da3b833975 100644
--- a/bsd-user/main.c
+++ b/bsd-user/main.c
@@ -898,9 +898,10 @@ int main(int argc, char **argv)
 cpu_model = "any";
 #endif
 }
+
+/* init tcg before creating CPUs and to get qemu_host_page_size */
 tcg_exec_init(0);
-/* NOTE: we need to init the CPU at this stage to get
-   qemu_host_page_size */
+
 cpu_type = parse_cpu_model(cpu_model);
 cpu = cpu_create(cpu_type);
 env = cpu->env_ptr;
@@ -917,7 +918,7 @@ int main(int argc, char **argv)
 envlist_free(envlist);
 
 /*
- * Now that page sizes are configured in cpu_init() we can do
+ * Now that page sizes are configured in tcg_exec_init() we can do
  * proper page alignment for guest_base.
  */
 guest_base = HOST_PAGE_ALIGN(guest_base);
diff --git a/linux-user/main.c b/linux-user/main.c
index 32347545c9..78d6d3e7eb 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -671,9 +671,8 @@ int main(int argc, char **argv, char **envp)
 }
 cpu_type = parse_cpu_model(cpu_model);
 
+/* init tcg before creating CPUs and to get qemu_host_page_size */
 tcg_exec_init(0);
-/* NOTE: we need to init the CPU at this stage to get
-   qemu_host_page_size */
 
 cpu = cpu_create(cpu_type);
 env = cpu->env_ptr;
@@ -693,7 +692,7 @@ int main(int argc, char **argv, char **envp)
 envlist_free(envlist);
 
 /*
- * Now that page sizes are configured in cpu_init() we can do
+ * Now that page sizes are configured in tcg_exec_init() we can do
  * proper page alignment for guest_base.
  */
 guest_base = HOST_PAGE_ALIGN(guest_base);
-- 
2.14.3

[Qemu-devel] [PULL 05/13] linux-user: move mips socket.h definitions to mips/sockbits.h

[Laurent Vivier]

No code change.

Signed-off-by: Laurent Vivier 
Reviewed-by: Peter Maydell 
Reviewed-by: Philippe Mathieu-Daudé 
Message-Id: <20180519092956.15134-2-laur...@vivier.eu>
---
 linux-user/mips/sockbits.h   | 110 +++
 linux-user/mips64/sockbits.h |   1 +
 linux-user/socket.h  | 106 +
 3 files changed, 113 insertions(+), 104 deletions(-)
 create mode 100644 linux-user/mips/sockbits.h
 create mode 100644 linux-user/mips64/sockbits.h

diff --git a/linux-user/mips/sockbits.h b/linux-user/mips/sockbits.h
new file mode 100644
index 00..3fe5ac88e7
--- /dev/null
+++ b/linux-user/mips/sockbits.h
@@ -0,0 +1,110 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or (at your option) any
+ * later version. See the COPYING file in the top-level directory.
+ */
+
+#ifndef MIPS_SOCKBITS_H
+#define MIPS_SOCKBITS_H
+/* MIPS special values for constants */
+
+/*
+ * For setsockopt(2)
+ *
+ * This defines are ABI conformant as far as Linux supports these ...
+ */
+#define TARGET_SOL_SOCKET  0x
+
+#define TARGET_SO_DEBUG0x0001  /* Record debugging information. */
+#define TARGET_SO_REUSEADDR0x0004  /* Allow reuse of local addresses. */
+#define TARGET_SO_KEEPALIVE0x0008  /* Keep connections alive and send
+  SIGPIPE when they die. */
+#define TARGET_SO_DONTROUTE0x0010  /* Don't do local routing. */
+#define TARGET_SO_BROADCAST0x0020  /* Allow transmission of
+  broadcast messages. */
+#define TARGET_SO_LINGER   0x0080  /* Block on close of a reliable
+* socket to transmit pending data.
+*/
+#define TARGET_SO_OOBINLINE 0x0100 /* Receive out-of-band data in-band.
+*/
+#if 0
+/* To add: Allow local address and port reuse. */
+#define TARGET_SO_REUSEPORT 0x0200
+#endif
+
+#define TARGET_SO_TYPE 0x1008  /* Compatible name for SO_STYLE. */
+#define TARGET_SO_STYLESO_TYPE /* Synonym */
+#define TARGET_SO_ERROR0x1007  /* get error status and clear */
+#define TARGET_SO_SNDBUF   0x1001  /* Send buffer size. */
+#define TARGET_SO_RCVBUF   0x1002  /* Receive buffer. */
+#define TARGET_SO_SNDLOWAT 0x1003  /* send low-water mark */
+#define TARGET_SO_RCVLOWAT 0x1004  /* receive low-water mark */
+#define TARGET_SO_SNDTIMEO 0x1005  /* send timeout */
+#define TARGET_SO_RCVTIMEO 0x1006  /* receive timeout */
+#define TARGET_SO_ACCEPTCONN   0x1009
+
+/* linux-specific, might as well be the same as on i386 */
+#define TARGET_SO_NO_CHECK 11
+#define TARGET_SO_PRIORITY 12
+#define TARGET_SO_BSDCOMPAT14
+
+#define TARGET_SO_PASSCRED 17
+#define TARGET_SO_PEERCRED 18
+
+/* Security levels - as per NRL IPv6 - don't actually do anything */
+#define TARGET_SO_SECURITY_AUTHENTICATION  22
+#define TARGET_SO_SECURITY_ENCRYPTION_TRANSPORT23
+#define TARGET_SO_SECURITY_ENCRYPTION_NETWORK  24
+
+#define TARGET_SO_BINDTODEVICE 25
+
+/* Socket filtering */
+#define TARGET_SO_ATTACH_FILTER26
+#define TARGET_SO_DETACH_FILTER27
+
+#define TARGET_SO_PEERNAME 28
+#define TARGET_SO_TIMESTAMP29
+#define SCM_TIMESTAMP  SO_TIMESTAMP
+
+#define TARGET_SO_PEERSEC  30
+#define TARGET_SO_SNDBUFFORCE  31
+#define TARGET_SO_RCVBUFFORCE  33
+#define TARGET_SO_PASSSEC  34
+
+/** sock_type - Socket types
+ *
+ * Please notice that for binary compat reasons MIPS has to
+ * override the enum sock_type in include/linux/net.h, so
+ * we define ARCH_HAS_SOCKET_TYPES here.
+ *
+ * @SOCK_DGRAM - datagram (conn.less) socket
+ * @SOCK_STREAM - stream (connection) socket
+ * @SOCK_RAW - raw socket
+ * @SOCK_RDM - reliably-delivered message
+ * @SOCK_SEQPACKET - sequential packet socket
+ * @SOCK_DCCP - Datagram Congestion Control Protocol socket
+ * @SOCK_PACKET - linux specific way of getting packets at the dev level.
+ *For writing rarp and other similar things on the user
+ *level.
+ * @SOCK_CLOEXEC - sets the close-on-exec (FD_CLOEXEC) flag.
+ * @SOCK_NONBLOCK - sets the O_NONBLOCK file status flag.
+ */
+
+#define ARCH_HAS_SOCKET_TYPES  1
+
+enum sock_type {
+   TARGET_SOCK_DGRAM   = 1,
+   TARGET_SOCK_STREAM  = 2,
+   TARGET_SOCK_RAW = 3,
+   TARGET_SOCK_RDM = 4,
+   TARGET_SOCK_SEQPACKET   = 5,
+   TARGET_SOCK_DCCP= 6,
+   TARGET_SOCK_PACKET  = 10,
+   TARGET_SOCK_CLOEXEC = 0200,
+   TARGET_SOCK_NONBLOCK= 0200,
+};
+
+#define TARGET_SOCK_MAX (TARGET_SOCK_PACKET + 1)
+#define TARGET_SOCK_TYPE_MASK0

[Qemu-devel] [PULL 08/13] linux-user: move socket.h generic definitions to generic/sockbits.h

[Laurent Vivier]

and include the file from architectures without specific definitions

Signed-off-by: Laurent Vivier 
Reviewed-by: Peter Maydell 
Message-Id: <20180519092956.15134-5-laur...@vivier.eu>
---
 linux-user/aarch64/sockbits.h|  1 +
 linux-user/arm/sockbits.h|  1 +
 linux-user/cris/sockbits.h   |  1 +
 linux-user/generic/sockbits.h| 67 
 linux-user/i386/sockbits.h   |  1 +
 linux-user/m68k/sockbits.h   |  1 +
 linux-user/microblaze/sockbits.h |  1 +
 linux-user/nios2/sockbits.h  |  1 +
 linux-user/openrisc/sockbits.h   |  1 +
 linux-user/ppc/sockbits.h|  1 +
 linux-user/riscv/sockbits.h  |  1 +
 linux-user/s390x/sockbits.h  |  1 +
 linux-user/sh4/sockbits.h|  1 +
 linux-user/socket.h  | 61 
 linux-user/tilegx/sockbits.h |  1 +
 linux-user/x86_64/sockbits.h |  1 +
 linux-user/xtensa/sockbits.h |  1 +
 17 files changed, 82 insertions(+), 61 deletions(-)
 create mode 100644 linux-user/aarch64/sockbits.h
 create mode 100644 linux-user/arm/sockbits.h
 create mode 100644 linux-user/cris/sockbits.h
 create mode 100644 linux-user/generic/sockbits.h
 create mode 100644 linux-user/i386/sockbits.h
 create mode 100644 linux-user/m68k/sockbits.h
 create mode 100644 linux-user/microblaze/sockbits.h
 create mode 100644 linux-user/nios2/sockbits.h
 create mode 100644 linux-user/openrisc/sockbits.h
 create mode 100644 linux-user/ppc/sockbits.h
 create mode 100644 linux-user/riscv/sockbits.h
 create mode 100644 linux-user/s390x/sockbits.h
 create mode 100644 linux-user/sh4/sockbits.h
 create mode 100644 linux-user/tilegx/sockbits.h
 create mode 100644 linux-user/x86_64/sockbits.h
 create mode 100644 linux-user/xtensa/sockbits.h

diff --git a/linux-user/aarch64/sockbits.h b/linux-user/aarch64/sockbits.h
new file mode 100644
index 00..0e4c8f012d
--- /dev/null
+++ b/linux-user/aarch64/sockbits.h
@@ -0,0 +1 @@
+#include "../generic/sockbits.h"
diff --git a/linux-user/arm/sockbits.h b/linux-user/arm/sockbits.h
new file mode 100644
index 00..0e4c8f012d
--- /dev/null
+++ b/linux-user/arm/sockbits.h
@@ -0,0 +1 @@
+#include "../generic/sockbits.h"
diff --git a/linux-user/cris/sockbits.h b/linux-user/cris/sockbits.h
new file mode 100644
index 00..0e4c8f012d
--- /dev/null
+++ b/linux-user/cris/sockbits.h
@@ -0,0 +1 @@
+#include "../generic/sockbits.h"
diff --git a/linux-user/generic/sockbits.h b/linux-user/generic/sockbits.h
new file mode 100644
index 00..093faf0a48
--- /dev/null
+++ b/linux-user/generic/sockbits.h
@@ -0,0 +1,67 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation, or (at your option) any
+ * later version. See the COPYING file in the top-level directory.
+ */
+
+#ifndef GENERIC_SOCKBITS_H
+#define GENERIC_SOCKBITS_H
+
+#define TARGET_SO_PASSSEC34
+
+/* For setsockopt(2) */
+#define TARGET_SOL_SOCKET  1
+
+#define TARGET_SO_DEBUG1
+#define TARGET_SO_REUSEADDR2
+#define TARGET_SO_TYPE 3
+#define TARGET_SO_ERROR4
+#define TARGET_SO_DONTROUTE5
+#define TARGET_SO_BROADCAST6
+#define TARGET_SO_SNDBUF   7
+#define TARGET_SO_RCVBUF   8
+#define TARGET_SO_SNDBUFFORCE  32
+#define TARGET_SO_RCVBUFFORCE  33
+#define TARGET_SO_KEEPALIVE9
+#define TARGET_SO_OOBINLINE10
+#define TARGET_SO_NO_CHECK 11
+#define TARGET_SO_PRIORITY 12
+#define TARGET_SO_LINGER   13
+#define TARGET_SO_BSDCOMPAT14
+/* To add :#define TARGET_SO_REUSEPORT 15 */
+#if defined(TARGET_PPC)
+#define TARGET_SO_RCVLOWAT 16
+#define TARGET_SO_SNDLOWAT 17
+#define TARGET_SO_RCVTIMEO 18
+#define TARGET_SO_SNDTIMEO 19
+#define TARGET_SO_PASSCRED 20
+#define TARGET_SO_PEERCRED 21
+#else
+#define TARGET_SO_PASSCRED 16
+#define TARGET_SO_PEERCRED 17
+#define TARGET_SO_RCVLOWAT 18
+#define TARGET_SO_SNDLOWAT 19
+#define TARGET_SO_RCVTIMEO 20
+#define TARGET_SO_SNDTIMEO 21
+#endif
+
+/* Security levels - as per NRL IPv6 - don't actually do anything */
+#define TARGET_SO_SECURITY_AUTHENTICATION  22
+#define TARGET_SO_SECURITY_ENCRYPTION_TRANSPORT23
+#define TARGET_SO_SECURITY_ENCRYPTION_NETWORK  24
+
+#define TARGET_SO_BINDTODEVICE 25
+
+/* Socket filtering */
+#define TARGET_SO_ATTACH_FILTER26
+#define TARGET_SO_DETACH_FILTER27
+
+#define TARGET_SO_PEERNAME 28
+#define TARGET_SO_TIMESTAMP29
+#define TARGET_SCM_TIMESTAMP   TARGET_SO_TIMESTAMP
+
+#define TARGET_SO_ACCEPTCONN   30
+
+#define TARGET_SO_PEERSEC  31
+#endif
diff --git a/linux-user/i386/sockbits.h b/linux-user/i386/sockbits.h
new file mode 100644
index 00..0e4c8f012d
--- /dev/null
+++ b/linux-user/i386/sockbits.h
@@ -0,0 +1 @@
+#include "../generic/sockbits.h"
diff -

[Qemu-devel] [PULL 11/13] linux-user: copy sparc/sockbits.h definitions from linux

[Laurent Vivier]

Values defined for sparc are not correct.
Copy the content of "arch/sparc/include/uapi/asm/socket.h"
to fix them.

Signed-off-by: Laurent Vivier 
Reviewed-by: Peter Maydell 
Message-Id: <20180519092956.15134-8-laur...@vivier.eu>
---
 linux-user/sparc/sockbits.h | 131 +++-
 1 file changed, 92 insertions(+), 39 deletions(-)

diff --git a/linux-user/sparc/sockbits.h b/linux-user/sparc/sockbits.h
index 6434b07033..0a822e3e1f 100644
--- a/linux-user/sparc/sockbits.h
+++ b/linux-user/sparc/sockbits.h
@@ -8,51 +8,104 @@
 #ifndef SPARC_SOCKBITS_H
 #define SPARC_SOCKBITS_H
 
-#define TARGET_SO_PASSSEC31
-
 /* For setsockopt(2) */
-#define TARGET_SOL_SOCKET  1
-
-#define TARGET_SO_DEBUG1
-#define TARGET_SO_REUSEADDR2
-#define TARGET_SO_TYPE 3
-#define TARGET_SO_ERROR4
-#define TARGET_SO_DONTROUTE5
-#define TARGET_SO_BROADCAST6
-#define TARGET_SO_SNDBUF   7
-#define TARGET_SO_RCVBUF   8
-#define TARGET_SO_SNDBUFFORCE  32
-#define TARGET_SO_RCVBUFFORCE  33
-#define TARGET_SO_KEEPALIVE9
-#define TARGET_SO_OOBINLINE10
-#define TARGET_SO_NO_CHECK 11
-#define TARGET_SO_PRIORITY 12
-#define TARGET_SO_LINGER   13
-#define TARGET_SO_BSDCOMPAT14
-/* To add :#define TARGET_SO_REUSEPORT 15 */
-#define TARGET_SO_PASSCRED 16
-#define TARGET_SO_PEERCRED 17
-#define TARGET_SO_RCVLOWAT 18
-#define TARGET_SO_SNDLOWAT 19
-#define TARGET_SO_RCVTIMEO 20
-#define TARGET_SO_SNDTIMEO 21
+#define TARGET_SOL_SOCKET  0x
 
-/* Security levels - as per NRL IPv6 - don't actually do anything */
-#define TARGET_SO_SECURITY_AUTHENTICATION  22
-#define TARGET_SO_SECURITY_ENCRYPTION_TRANSPORT23
-#define TARGET_SO_SECURITY_ENCRYPTION_NETWORK  24
+#define TARGET_SO_DEBUG0x0001
+#define TARGET_SO_PASSCRED 0x0002
+#define TARGET_SO_REUSEADDR0x0004
+#define TARGET_SO_KEEPALIVE0x0008
+#define TARGET_SO_DONTROUTE0x0010
+#define TARGET_SO_BROADCAST0x0020
+#define TARGET_SO_PEERCRED 0x0040
+#define TARGET_SO_LINGER   0x0080
+#define TARGET_SO_OOBINLINE0x0100
+#define TARGET_SO_REUSEPORT0x0200
+#define TARGET_SO_BSDCOMPAT0x0400
+#define TARGET_SO_RCVLOWAT 0x0800
+#define TARGET_SO_SNDLOWAT 0x1000
+#define TARGET_SO_RCVTIMEO 0x2000
+#define TARGET_SO_SNDTIMEO 0x4000
+#define TARGET_SO_ACCEPTCONN   0x8000
+
+#define TARGET_SO_SNDBUF   0x1001
+#define TARGET_SO_RCVBUF   0x1002
+#define TARGET_SO_SNDBUFFORCE  0x100a
+#define TARGET_SO_RCVBUFFORCE  0x100b
+#define TARGET_SO_ERROR0x1007
+#define TARGET_SO_TYPE 0x1008
+#define TARGET_SO_PROTOCOL 0x1028
+#define TARGET_SO_DOMAIN   0x1029
+
+/* Linux specific, keep the same. */
+#define TARGET_SO_NO_CHECK 0x000b
+#define TARGET_SO_PRIORITY 0x000c
 
-#define TARGET_SO_BINDTODEVICE 25
+#define TARGET_SO_BINDTODEVICE 0x000d
 
-/* Socket filtering */
-#define TARGET_SO_ATTACH_FILTER26
-#define TARGET_SO_DETACH_FILTER27
+#define TARGET_SO_ATTACH_FILTER0x001a
+#define TARGET_SO_DETACH_FILTER0x001b
+#define TARGET_SO_GET_FILTER   TARGET_SO_ATTACH_FILTER
 
-#define TARGET_SO_PEERNAME 28
-#define TARGET_SO_TIMESTAMP29
+#define TARGET_SO_PEERNAME 0x001c
+#define TARGET_SO_TIMESTAMP0x001d
 #define TARGET_SCM_TIMESTAMP   TARGET_SO_TIMESTAMP
 
-#define TARGET_SO_ACCEPTCONN   30
+#define TARGET_SO_PEERSEC  0x001e
+#define TARGET_SO_PASSSEC  0x001f
+#define TARGET_SO_TIMESTAMPNS  0x0021
+#define TARGET_SCM_TIMESTAMPNS TARGET_SO_TIMESTAMPNS
+
+#define TARGET_SO_MARK 0x0022
+
+#define TARGET_SO_TIMESTAMPING 0x0023
+#define TARGET_SCM_TIMESTAMPINGTARGET_SO_TIMESTAMPING
+
+#define TARGET_SO_RXQ_OVFL 0x0024
+
+#define TARGET_SO_WIFI_STATUS  0x0025
+#define TARGET_SCM_WIFI_STATUS TARGET_SO_WIFI_STATUS
+#define TARGET_SO_PEEK_OFF 0x0026
+
+/* Instruct lower device to use last 4-bytes of skb data as FCS */
+#define TARGET_SO_NOFCS0x0027
+
+#define TARGET_SO_LOCK_FILTER  0x0028
+
+#define TARGET_SO_SELECT_ERR_QUEUE 0x0029
+
+#define TARGET_SO_BUSY_POLL0x0030
+
+#define TARGET_SO_MAX_PACING_RATE  0x0031
 
-#define TARGET_SO_PEERSEC  31
+#define TARGET_SO_BPF_EXTENSIONS   0x0032
+
+#define TARGET_SO_INCOMING_CPU 0x0033
+
+#define TARGET_SO_ATTACH_BPF   0x0034
+#define TARGET_SO_DETACH_BPF   TARGET_SO_DETACH_FILTER
+
+#define TARGET_SO_ATTACH_REUSEPORT_CBPF0x0035
+#define TARGET_SO_ATTACH_REUSEPORT_EBPF0x0036
+
+#define TARGET_SO_CNX_ADVICE   0x0037
+
+#define TARGET_SCM_TIMESTAMPING_OPT_STATS  0x0038
+
+#define TARGET_SO_MEMINFO  0x0039
+
+#define TARGET_SO_INCOMING_NAPI_ID 0x003a
+
+#define TARGET_SO_COOKIE   0x003b

Re: [Qemu-devel] [PULL 00/13] Linux user for 2.13 patches

[no-reply]

Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20180525081754.29506-1-laur...@vivier.eu
Subject: [Qemu-devel] [PULL 00/13] Linux user for 2.13 patches

=== TEST SCRIPT BEGIN ===
#!/bin/bash

BASE=base
n=1
total=$(git log --oneline $BASE.. | wc -l)
failed=0

git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram

commits="$(git log --format=%H --reverse $BASE..)"
for c in $commits; do
echo "Checking PATCH $n/$total: $(git log -n 1 --format=%s $c)..."
if ! git show $c --format=email | ./scripts/checkpatch.pl --mailback -; then
failed=1
echo
fi
n=$((n+1))
done

exit $failed
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]
patchew/1527232960-51123-1-git-send-email-...@sifive.com -> 
patchew/1527232960-51123-1-git-send-email-...@sifive.com
 * [new tag]   patchew/20180525081754.29506-1-laur...@vivier.eu -> 
patchew/20180525081754.29506-1-laur...@vivier.eu
Switched to a new branch 'test'
24c7b0ddb2 gdbstub: Clarify what gdb_handlesig() is doing
61f5c7fadc linux-user: define TARGET_SO_REUSEPORT
30cf3523d7 linux-user: copy sparc/sockbits.h definitions from linux
32ab86798f linux-user: update ARCH_HAS_SOCKET_TYPES use
3c1e115f6e linux-user: move ppc socket.h definitions to ppc/sockbits.h
32a8b19493 linux-user: move socket.h generic definitions to generic/sockbits.h
c6a3d6b023 linux-user: move sparc/sparc64 socket.h definitions to 
sparc/sockbits.h
527209a2a1 linux-user: move alpha socket.h definitions to alpha/sockbits.h
612daca98f linux-user: move mips socket.h definitions to mips/sockbits.h
e4528ca200 linux-user: Fix payload size logic in host_to_target_cmsg()
576a0f83f2 linux-user: update comments to point to tcg_exec_init()
d7cf851bfe linux-user: update netlink emulation
d02fe9b4f1 linux-user: Assert on bad type in thunk_type_align() and 
thunk_type_size()

=== OUTPUT BEGIN ===
Checking PATCH 1/13: linux-user: Assert on bad type in thunk_type_align() and 
thunk_type_size()...
Checking PATCH 2/13: linux-user: update netlink emulation...
Checking PATCH 3/13: linux-user: update comments to point to tcg_exec_init()...
Checking PATCH 4/13: linux-user: Fix payload size logic in 
host_to_target_cmsg()...
Checking PATCH 5/13: linux-user: move mips socket.h definitions to 
mips/sockbits.h...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#18: 
new file mode 100644

ERROR: if this code is redundant consider removing it
#53: FILE: linux-user/mips/sockbits.h:31:
+#if 0

total: 1 errors, 1 warnings, 227 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

Checking PATCH 6/13: linux-user: move alpha socket.h definitions to 
alpha/sockbits.h...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#19: 
new file mode 100644

total: 0 errors, 1 warnings, 224 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 7/13: linux-user: move sparc/sparc64 socket.h definitions to 
sparc/sockbits.h...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#75: 
new file mode 100644

total: 0 errors, 1 warnings, 146 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 8/13: linux-user: move socket.h generic definitions to 
generic/sockbits.h...
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#15: 
new file mode 100644

total: 0 errors, 1 warnings, 148 lines checked

Your patch has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
Checking PATCH 9/13: linux-user: move ppc socket.h definitions to 
ppc/sockbits.h...
Checking PATCH 10/13: linux-user: update ARCH_HAS_SOCKET_TYPES use...
Checking PATCH 11/13: linux-user: copy sparc/sockbits.h definitions from 
linux...
Checking PATCH 12/13: linux-user: define TARGET_SO_REUSEPORT...
Checking PATCH 13/13: gdbstub: Clarify what gdb_handlesig() is doing...
=== OUTPUT END ===

Test command exited with code: 1


---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-de...@redhat.com

Re: [Qemu-devel] [PATCH v3] block: fix QEMU crash with scsi-hd and drive_del

[Kevin Wolf]

Am 25.05.2018 um 00:53 hat Greg Kurz geschrieben:
> Removing a drive with drive_del while it is being used to run an I/O
> intensive workload can cause QEMU to crash.
> 
> An AIO flush can yield at some point:
> 
> blk_aio_flush_entry()
>  blk_co_flush(blk)
>   bdrv_co_flush(blk->root->bs)
>...
> qemu_coroutine_yield()
> 
> and let the HMP command to run, free blk->root and give control
> back to the AIO flush:
> 
> hmp_drive_del()
>  blk_remove_bs()
>   bdrv_root_unref_child(blk->root)
>child_bs = blk->root->bs
>bdrv_detach_child(blk->root)
> bdrv_replace_child(blk->root, NULL)
>  blk->root->bs = NULL
> g_free(blk->root) <== blk->root becomes stale
>bdrv_unref(child_bs)
> bdrv_delete(child_bs)
>  bdrv_close()
>   bdrv_drained_begin()
>bdrv_do_drained_begin()
> bdrv_drain_recurse()
>  aio_poll()
>   ...
>   qemu_coroutine_switch()
> 
> and the AIO flush completion ends up dereferencing blk->root:
> 
>   blk_aio_complete()
>scsi_aio_complete()
> blk_get_aio_context(blk)
>  bs = blk_bs(blk)
>  ie, bs = blk->root ? blk->root->bs : NULL
> ^
> stale
> 
> The problem is that we should avoid making block driver graph
> changes while we have in-flight requests. This patch hence adds
> a drained section to bdrv_detach_child(), so that we're sure
> all requests have been drained before blk->root becomes stale.
> 
> Signed-off-by: Greg Kurz 
> ---
> v3: - start drained section before modifying the graph (Stefan)
> 
> v2: - drain I/O requests when detaching the BDS (Stefan, Paolo)
> ---
>  block.c |4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/block.c b/block.c
> index 501b64c8193f..715c1b56c1e2 100644
> --- a/block.c
> +++ b/block.c
> @@ -2127,12 +2127,16 @@ BdrvChild *bdrv_attach_child(BlockDriverState 
> *parent_bs,
>  
>  static void bdrv_detach_child(BdrvChild *child)
>  {
> +BlockDriverState *child_bs = child->bs;
> +
> +bdrv_drained_begin(child_bs);
>  if (child->next.le_prev) {
>  QLIST_REMOVE(child, next);
>  child->next.le_prev = NULL;
>  }
>  
>  bdrv_replace_child(child, NULL);
> +bdrv_drained_end(child_bs);
>  
>  g_free(child->name);
>  g_free(child);

I wonder if the better fix would be calling blk_drain() in
blk_remove_bs() (which would also better be blk_drained_begin/end...).

Doing the proposed change in bdrv_detach_child() should fix the problem
that you're seeing, but at first sight it promises that callers don't
have to care about shutting down their activity on the child node first.
This isn't necessarily correct if the parent may still issue a new
request (e.g. in response to the completion of an old one). What really
needs to be drained is the parent's use of the child, not the activity
of the child.

Another minor problem with your approach: If a child node is used by
more than one parent, this patch would unnecessarily quiesce those other
parents and wait for the completion of their requests.

Kevin

Re: [Qemu-devel] [PATCH V3 2/2] arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR

[Shannon Zhao]

On 2018/5/24 22:56, Peter Maydell wrote:
> On 24 May 2018 at 15:40, Auger Eric  wrote:
>> > Hi Peter,
>> >
>> > On 05/24/2018 04:16 PM, Peter Maydell wrote:
>>> >> Only for KVM, not for TCG, and it's the other way round: we
>>> >> end up with two lots of PPI/SGI space in the data structure
>>> >> by mistake. Let me fish out the comment I made on the v2 of this
>>> >> series:
>>> >>
>>> >> In the code in master, we have QEMU data structures
>>> >> (bitmaps, etc) which have one entry for each of GICV3_MAXIRQ
>>> >> irqs. That includes the RAZ/WI unused space for the SPIs/PPIs, so
>>> >> for a 1-bit-per-irq bitmap:
>>> >>  [0x, irq 32, irq 33,  ]
>>> >>
>>> >> When we fill in the values from KVM into these data structures,
>>> >> we start after the unused space, because the for_each_dist_irq_reg()
>>> >> macro starts with _irq = GIC_INTERNAL. But we forgot to adjust
>>> >> the offset value we use for the KVM access, so we start by
>>> >> reading the RAZ/WI values from KVM, and the data structure
>>> >> contents end up with:
>>> >>  [0x, 0x, irq 32, irq 33, ... ]
>>> >> (and the last irqs wouldn't get transferred).
>> > In kvm_dist_get_priority (new code), the offset is where we read and
>> > field is where we write, correct? Offset was shifted so we effectively
>> > read in KVM regs the num_irq-32 SPI states now but don't we start
>> > writing at the beginning of bmp, (ie s->gicd_ipriority), at PPI/SGI
>> > offset? What am I missing?
> Oops, yes, you're right. My explanation applies to the
> various other bitmaps, where we are accessing the
> fields in the data structure using gic_bmp_ptr32(bmp, irq),
> but not to gicd_ipriority[], which we are directly accessing
> starting with the first word, not by indexing via bmp[irq].
> 
> So we need to handle these two cases differently.
> You're correct that for gicd_ipriority[], the code in
> master reads and writes to that data structure as:
>  [0, 0, ..., 0, irq 32, irq 33, ..., 0, 0, ... 0]
> so all the values are in the right place but we:
>  (a) unnecessarily read/write zeroes for the PPI/SGI fields
>  (b) fail to transfer the last 32 interrupts
> 
> We can fix the gicd_ipriority[] case simply by adding
>bmp = GIC_INTERNAL;
> before the assignment to 'field' in both kvm_dist_get_priority()
> and kvm_dist_put_priority(). This doesn't affect migration
> compatibility. We should do this separately from fixing the
> other bitmaps, because it's simpler.
> 
If we do bmp += GIC_INTERNAL, we should also add this to offset,
otherwise we will put the SGI/PPIs data to SPIs, right?

Thanks,
-- 
Shannon

Re: [Qemu-devel] [PATCH 17/27] exec.c: Handle IOMMUs in address_space_translate_for_iotlb()

[Peter Maydell]

On 24 May 2018 at 20:54, Auger Eric  wrote:
> Hi Peter,
>
> On 05/23/2018 11:51 AM, Alex Bennée wrote:
>>
>> Peter Maydell  writes:
>>
>>> Currently we don't support board configurations that put an IOMMU
>>> in the path of the CPU's memory transactions, and instead just
>>> assert() if the memory region fonud in address_space_translate_for_iotlb()
> found
>>> is an IOMMUMemoryRegion.
>>>
>>> Remove this limitation by having the function handle IOMMUs.
>>> This is mostly straightforward, but we must make sure we have
>>> a notifier registered for every IOMMU that a transaction has
>>> passed through, so that we can flush the TLB appropriately
> Can you elaborate on what (TCG) TLB we are talking about?

The TCG TLB, as implemented in accel/tcg/cputlb.c. Basically
the thing that caches the results it gets back from the memory
system so it can fast path device and memory accesses.

> The concept of IOMMUs downstream to a CPU is not obvious to me. Maybe an
> example may be documented in the commit message?

The MPC implemented in this patchset is an example.



>>> +static void tcg_iommu_unmap_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
>>> +{
>>> +TCGIOMMUNotifier *notifier = container_of(n, TCGIOMMUNotifier, n);
>>> +
>>> +if (!notifier->active) {
>>> +return;
>>> +}
>>> +tlb_flush(notifier->cpu);
>>> +notifier->active = false;
>>> +/* We leave the notifier struct on the list to avoid reallocating it 
>>> later.
>>> + * Generally the number of IOMMUs a CPU deals with will be small.
>>> + * In any case we can't unregister the iommu notifier from a notify
>>> + * callback.
>>> + */
> I don't get the life cycle of the notifier and why it becomes inactive
> after the invalidate. Could you detail the specificity of this one?

Once we've flushed the TLB it is empty and will have no cached
information from the IOMMU. So there's no point in flushing the
TLB again (which is expensive) until the next time a transaction
goes through the IOMMU and we're caching something from it.

So the cycle goes:
 * CPU makes transaction that goes through an IOMMU
 * in tcg_register_iommu_notifier() we register the notifier
   if we haven't already, and make sure it's got active = true
 * in the unmap notify, we flush the whole TLB for the CPU, and
   set active = false
 * repeat...


>>> +static void tcg_iommu_notifier_destroy(gpointer data)
>>> +{
>>> +TCGIOMMUNotifier *notifier = data;
>>> +
>>> +if (notifier->active) {
>>> +memory_region_unregister_iommu_notifier(notifier->mr, 
>>> ¬ifier->n);
>>> +}
> Is it safe to leave the notifier registered to an IOMMU whereas it gets
> freed?

Oh, this is a bug, left over from my first idea (which was to
unregister the IOMMU notifier in the notifier unmap callback,
in which case active == true would be the only case when we
had a registered notifier).

We should unconditionally unregister the notifier here.


>>>  /* Called from RCU critical section */
>>>  MemoryRegionSection *
>>>  address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
>>> -  hwaddr *xlat, hwaddr *plen)
>>> +  hwaddr *xlat, hwaddr *plen,
>>> +  MemTxAttrs attrs, int *prot)
>>>  {
>>>  MemoryRegionSection *section;
>>> +IOMMUMemoryRegion *iommu_mr;
>>> +IOMMUMemoryRegionClass *imrc;
>>> +IOMMUTLBEntry iotlb;
>>> +int iommu_idx;
>>>  AddressSpaceDispatch *d = 
>>> atomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);
>>>
>>> -section = address_space_translate_internal(d, addr, xlat, plen, false);
>>> +for (;;) {
>>> +section = address_space_translate_internal(d, addr, &addr, plen, 
>>> false);
>>> +
>>> +iommu_mr = memory_region_get_iommu(section->mr);
>>> +if (!iommu_mr) {
>>> +break;
>>> +}
>>> +
>>> +imrc = memory_region_get_iommu_class_nocheck(iommu_mr);
>>> +
>>> +iommu_idx = imrc->attrs_to_index(iommu_mr, attrs);
>>> +tcg_register_iommu_notifier(cpu, iommu_mr, iommu_idx);
>>> +/* We need all the permissions, so pass IOMMU_NONE so the IOMMU
>>> + * doesn't short-cut its translation table walk.
> it is not clear to me why you don't use the access flag as you seem to
> handle the perm fault after the translate() call.

We need to know all the permissions (because we'll cache the result
in the TCG TLB and later use them for future read and write accesses),
so we pass IOMMU_NONE.

My understanding from previous discussion is that the only
reason to pass in some other access flag value is if you
only care about one of read or write and want to allow the
IOMMU to stop walking the page table early as soon as it decides
it doesn't have permissions.

thanks
-- PMM

Re: [Qemu-devel] [RISC-V] Coverity 1390849, Logically dead code

[Peter Maydell]

On 25 May 2018 at 07:18, Michael Clark  wrote:
> On Fri, May 25, 2018 at 9:54 AM, Richard Henderson  wrote:
>
>> In the latest Coverity scan, it reports

>> I believe the condition at op_helper.c:409 should be testing
>> CSR_MHPMCOUNTER3H
>> and CSR_MHPMCOUNTER31H.  Must run now, otherwise I'd also send the trivial
>> patch.
>
>
> Thanks! Yes indeed they should be the H versions.
>
> I will send the trivial patch...

You might like to sign up to our Coverity Scan project if
you aren't already:
https://scan.coverity.com/projects/qemu?tab=overview

It reports a couple of other riscv coverity nits (minor memory leaks).

thanks
-- PMM

Re: [Qemu-devel] [PATCH V3 2/2] arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR

[Peter Maydell]

On 25 May 2018 at 09:42, Shannon Zhao  wrote:
> On 2018/5/24 22:56, Peter Maydell wrote:
>> We can fix the gicd_ipriority[] case simply by adding
>>bmp = GIC_INTERNAL;
>> before the assignment to 'field' in both kvm_dist_get_priority()
>> and kvm_dist_put_priority(). This doesn't affect migration
>> compatibility. We should do this separately from fixing the
>> other bitmaps, because it's simpler.
>>
> If we do bmp += GIC_INTERNAL, we should also add this to offset,
> otherwise we will put the SGI/PPIs data to SPIs, right?

Yes. This code seems remarkably hard to get right, I think
because we effectively have three different things indexing
through the loop -- irq, field, offset -- and they're all
independently set to starting values in different places.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v7 4/4] monitor: add lock to protect mon_fdsets

[Stefan Hajnoczi]

On Fri, May 25, 2018 at 11:30:22AM +0800, Peter Xu wrote:
> On Thu, May 24, 2018 at 10:28:37AM +0100, Stefan Hajnoczi wrote:
> > On Thu, May 24, 2018 at 12:39:52PM +0800, Peter Xu wrote:
> > >  int monitor_fdset_get_fd(int64_t fdset_id, int flags)
> > >  {
> > > -#ifndef _WIN32
> > > +#ifdef _WIN32
> > > +return -ENOENT;
> > 
> > stubs/fdset.c:monitor_fdset_get_fd() should return -ENOENT instead of -1
> > now.
> 
> Yes that's intended.  That's actually a suggestion from Markus since
> changing the return code will simplify the code.

No, I understand that part.  I'm pointing out that
stubs/fdset.c:monitor_fdset_get_fd() still returns -1 because it was not
updated by this patch.

Since this patch changes the return value to -errno, the stub function
should be updated to return a sensible -errno value too.

Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PULL v3 0/4] Merge tpm 2018/05/23

[Peter Maydell]

On 24 May 2018 at 17:48, Stefan Berger  wrote:
> This series of patches adds TPM emulator state migration support and a
> test case for testing (local) migration.
>
>Stefan
>
>
> The following changes since commit 4f50c1673a89b07f376ce5c42d22d79a79cd466d:
>
>   Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' 
> into staging (2018-05-22 09:43:58 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/stefanberger/qemu-tpm.git tags/pull-tpm-2018-05-23-3
>
> for you to fetch changes up to 37fa382f327405b6516e9983c1aa1ca32c726892:
>
>   test: Add test cases that use the external swtpm with CRB interface 
> (2018-05-24 12:07:04 -0400)
>
> 
> Merge tpm 2018/05/23 v3
>
> 
> Stefan Berger (4):
>   tpm: extend TPM emulator with state migration support
>   tpm: extend TPM TIS with state migration support
>   docs: tpm: add VM save/restore example and troubleshooting guide
>   test: Add test cases that use the external swtpm with CRB interface

I still see compile failures on OpenBSD, I'm afraid:

In file included from /home/qemu/include/qemu/osdep.h:68:0,
 from /home/qemu/tests/tpm-util.c:15:
/home/qemu/tests/tpm-util.c: In function 'tpm_util_swtpm_has_tpm2':
/home/qemu/tests/tpm-util.c:101:10: error: expected identifier or '('
before '&' token
 gint stdout;
  ^
/home/qemu/tests/tpm-util.c:112:43: error: lvalue required as unary '&' operand
 NULL, &stdout, NULL, NULL);
   ^
/home/qemu/tests/tpm-util.c:117:14: warning: passing argument 1 of
'read' makes integer from pointer without a cast
 n = read(stdout, buffer, sizeof(buffer) - 1);
  ^
In file included from /home/qemu/include/qemu/osdep.h:75:0,
 from /home/qemu/tests/tpm-util.c:15:
/usr/include/unistd.h:372:10: note: expected 'int' but argument is of
type 'struct FILE *'
 ssize_t  read(int, void *, size_t)
  ^
gmake: *** [/home/qemu/rules.mak:66: tests/tpm-util.o] Error 1
gmake: Leaving directory '/home/qemu/build/all'


"stdout" is a FILE* global provided by the system headers -- you can't
reuse it for a local variable name.

thanks
-- PMM

Re: [Qemu-devel] [PATCH V3 2/2] arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR

[Shannon Zhao]

On 2018/5/24 21:11, Peter Maydell wrote:
> On 23 May 2018 at 04:53, Shannon Zhao  wrote:
>> While we skip the GIC_INTERNAL irqs, we don't change the register offset
>> accordingly. This will overlap the GICR registers value and leave the
>> last GIC_INTERNAL irq's registers out of update.
>>
>> Fix this by skipping the registers banked by GICR.
>>
>> Also for migration compatibility if the migration source (old version
>> qemu) doesn't send gicd_no_shift_bug = 1 to destination, then we shift
>> the data of PPI to get the right data for SPI.
>>
>> Fixes: 367b9f527becdd20ddf116e17a3c0c2bbc486920
>> Cc: qemu-sta...@nongnu.org
>> Signed-off-by: Shannon Zhao 
>> ---
>> Changes in V3: add migration compatibility and fix code style
>> ---
>>  hw/intc/arm_gicv3_common.c | 36 
>>  hw/intc/arm_gicv3_kvm.c| 56 
>> +-
>>  include/hw/intc/arm_gicv3_common.h |  1 +
>>  3 files changed, 92 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
>> index 7b54d52..f93e5d2 100644
>> --- a/hw/intc/arm_gicv3_common.c
>> +++ b/hw/intc/arm_gicv3_common.c
>> @@ -141,6 +141,38 @@ static const VMStateDescription vmstate_gicv3_cpu = {
>>  }
>>  };
>>
>> +static int gicv3_gicd_no_shift_bug_pre_load(void *opaque)
>> +{
>> +GICv3State *cs = opaque;
>> +
>> +   /*
>> +* If the gicd_no_shift_bug subsection is not transferred this
>> +* means gicd_no_shift_bug is 0x0 (which might not be the same as
>> +* our reset value).
>> +*/
> 
> This comment seems to have been copied from a similar one about
> SRE_EL1, and I think it's a bit misleading here. For icc_sre_el1,
> that is a guest-visible struct value which we set to something in the
> device's reset function. This gicd_no_shift_bug field is
> only for the benefit of migration.
> 
> This comment is the ideal place to explain the semantics of gicd_no_shift_bug
> and why we have to use it.
> 
> You should also only set this if KVM is enabled, because the TCG
> GIC gets the semantics of the data structure right.
> 
ok

>> +cs->gicd_no_shift_bug = 0x0;
>> +return 0;
>> +}
>> +
>> +static bool gicv3_gicd_no_shift_bug_needed(void *opaque)
>> +{
>> +GICv3State *cs = opaque;
>> +
>> +return cs->gicd_no_shift_bug;
>> +}
>> +
>> +const VMStateDescription vmstate_gicv3_gicd_no_shift_bug = {
>> +.name = "arm_gicv3/gicd_no_shift_bug",
>> +.version_id = 1,
>> +.minimum_version_id = 1,
>> +.pre_load = gicv3_gicd_no_shift_bug_pre_load,
>> +.needed = gicv3_gicd_no_shift_bug_needed,
>> +.fields = (VMStateField[]) {
>> +VMSTATE_BOOL(gicd_no_shift_bug, GICv3State),
>> +VMSTATE_END_OF_LIST()
>> +}
>> +};
> 
> You also need a post-load function, because that is where you want
> to fix up the incoming data (by memcpy'ing it into the right place).
> 
Ok.

>> +
>>  static const VMStateDescription vmstate_gicv3 = {
>>  .name = "arm_gicv3",
>>  .version_id = 1,
>> @@ -165,6 +197,10 @@ static const VMStateDescription vmstate_gicv3 = {
>>  VMSTATE_STRUCT_VARRAY_POINTER_UINT32(cpu, GICv3State, num_cpu,
>>   vmstate_gicv3_cpu, 
>> GICv3CPUState),
>>  VMSTATE_END_OF_LIST()
>> +},
>> +.subsections = (const VMStateDescription * []) {
>> +&vmstate_gicv3_gicd_no_shift_bug,
>> +NULL
>>  }
>>  };
>>
>> diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
>> index 3536795..bd961f1 100644
>> --- a/hw/intc/arm_gicv3_kvm.c
>> +++ b/hw/intc/arm_gicv3_kvm.c
>> @@ -136,6 +136,12 @@ static void kvm_dist_get_priority(GICv3State *s, 
>> uint32_t offset, uint8_t *bmp)
>>  int irq;
>>
>>  field = (uint32_t *)bmp;
>> +/* For the KVM GICv3, affinity routing is always enabled, and the first 
>> 8
>> + * GICD_IPRIORITYR registers are always RAZ/WI. The corresponding
>> + * functionality is replaced by GICR_IPRIORITYR. So it doesn't need 
>> to
>> + * sync them.
>> + */
> 
> This is true, but not why we need to add to the offset. We need
> to add to the offset because for_each_dist_irq_reg()'s loop
> handles irq numbers starting from GIC_INTERNAL, but the offset
> we have is for the start of the GICD_IPRIORITYR register range,
> which includes space for the irqs 0..GIC_INTERNAL-1.
> 
>> +offset += (8 * sizeof(uint32_t));
> 
> Possibly these offset changes would be clearer written as
> 
>  offset += (GIC_INTERNAL * bits-per-irq) / 8;
> 
> where bits-per-irq is the same as the last argument to 
> for_each_dist_irq_reg()?
> 
>>  for_each_dist_irq_reg(irq, s->num_irq, 8) {
>>  kvm_gicd_access(s, offset, ®, false);
>>  *field = reg;
>> @@ -149,7 +155,18 @@ static void kvm_dist_put_priority(GICv3State *s, 
>> uint32_t offset, uint8_t *bmp)
>>  uint32_t reg, *field;
>>  int irq;
>>
>> -field = (uint32_t *)bmp;
>> +if (!s->gicd_no_shift_bug) {
>> +field = (

Re: [Qemu-devel] [PATCH] migration: use g_free for ram load bitmap

[Juan Quintela]

Peter Xu  wrote:
> Buffers allocated with bitmap_new() should be freed with g_free().
>
> Both reported by Coverity:
>
> *** CID 1391300:  API usage errors  (ALLOC_FREE_MISMATCH)
> /migration/ram.c: 3517 in ram_dirty_bitmap_reload()
> 3511  * the last one to sync, we need to notify the main send thread.
> 3512  */
> 3513 ram_dirty_bitmap_reload_notify(s);
> 3514
> 3515 ret = 0;
> 3516 out:
 CID 1391300:  API usage errors  (ALLOC_FREE_MISMATCH)
 Calling "free" frees "le_bitmap" using "free" but it should
 have been freed using "g_free".
> 3517 free(le_bitmap);
> 3518 return ret;
> 3519 }
> 3520
> 3521 static int ram_resume_prepare(MigrationState *s, void *opaque)
> 3522 {
>
> *** CID 1391292:  API usage errors  (ALLOC_FREE_MISMATCH)
> /migration/ram.c: 249 in ramblock_recv_bitmap_send()
> 243  * Mark as an end, in case the middle part is screwed up due to
> 244  * some "misterious" reason.
> 245  */
> 246 qemu_put_be64(file, RAMBLOCK_RECV_BITMAP_ENDING);
> 247 qemu_fflush(file);
> 248
 CID 1391292:  API usage errors  (ALLOC_FREE_MISMATCH)
 Calling "free" frees "le_bitmap" using "free" but it should
 have been freed using "g_free".
> 249 free(le_bitmap);
> 250
> 251 if (qemu_file_get_error(file)) {
> 252 return qemu_file_get_error(file);
> 253 }
> 254
>
> Signed-off-by: Peter Xu 
> ---
>  migration/ram.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/migration/ram.c b/migration/ram.c
> index 5bcbf7a9f9..c53e8369a3 100644
> --- a/migration/ram.c
> +++ b/migration/ram.c
> @@ -246,7 +246,7 @@ int64_t ramblock_recv_bitmap_send(QEMUFile *file,
>  qemu_put_be64(file, RAMBLOCK_RECV_BITMAP_ENDING);
>  qemu_fflush(file);
>  
> -free(le_bitmap);
> +g_free(le_bitmap);
>  
>  if (qemu_file_get_error(file)) {
>  return qemu_file_get_error(file);
> @@ -3514,7 +3514,7 @@ int ram_dirty_bitmap_reload(MigrationState *s, RAMBlock 
> *block)
>  
>  ret = 0;
>  out:
> -free(le_bitmap);
> +g_free(le_bitmap);
>  return ret;
>  }

Reviewed-by: Juan Quintela 

Queued

Re: [Qemu-devel] [RFC PATCH 2/2] tests/Makefile: comment out flakey tests

[Stefan Hajnoczi]

On Fri, May 18, 2018 at 04:08:47PM +0100, Alex Bennée wrote:
> 
> Stefan Hajnoczi  writes:
> 
> > On Fri, May 18, 2018 at 10:14:40AM +0100, Alex Bennée wrote:
> >> The following tests keep showing up in failed Travis runs:
> >>
> >>   - test-aio
> >
> > What is the issue?
> 
> GTESTER tests/test-thread-pool
> **
> ERROR:tests/test-aio.c:501:test_timer_schedule: assertion failed: 
> (aio_poll(ctx, true))
> GTester: last random seed: R02S66126aca97f9606b33e5d7be7fc9b625
> make: *** [check-tests/test-aio] Error 1
> make: *** Waiting for unfinished jobs

The test_timer_schedule test case relies on timing and is
non-deterministic.

I couldn't figure out how it managed to fail that specific assertion.
aio_poll(ctx, true) == false happens when aio_notify() was called but I
don't understand why it happened here.

However, I do see that this test case will fail if the machine is very
heavily loaded.  The test simply won't reach the places where it should
wait for the timer.  The timer may expire too early.

Maybe a steppable clock should be used (vmclock), but then the test
would have to be simplified because the aio_poll(ctx, true) part relies
on ppoll(2)'s timeout.

Any thoughts, Paolo?

Stefan


signature.asc
Description: PGP signature

[Qemu-devel] [PATCH] usb: update docs

[Gerd Hoffmann]

xhci is rock solid meanwhile.  So move it up in the docs and feature it
as prefered usb host adapter, instead of the old shy version saying "you
might want try ...".

Also a minor text update for the companion controller setup.

Signed-off-by: Gerd Hoffmann 
---
 docs/usb2.txt | 44 +---
 1 file changed, 25 insertions(+), 19 deletions(-)

diff --git a/docs/usb2.txt b/docs/usb2.txt
index 09df45b5b1..1b0e62d187 100644
--- a/docs/usb2.txt
+++ b/docs/usb2.txt
@@ -1,6 +1,26 @@
 
-USB 2.0 Quick Start
-===
+USB Quick Start
+===
+
+xhci controller support
+---
+
+Qemu has xhci host adapter support.  The xhci hardware design is much
+more virtualization-friendly when compared to ehci and uhci, thus xhci
+emulation uses less resources (especially cpu).  So if your guest
+supports xhci (which should be the case for any operating system
+released in recent years) I recommend using it:
+
+qemu -device qemu-xhci
+
+xhci supports USB 1.1, USB 2.0 and USB 3.0 devices, so this is the
+only controller you need.  With only a single usb controller (and
+therefore only a single usb bus) being present in the system there is
+no need to use the bus= parameter when adding usb devices.
+
+
+ehci controller support
+---
 
 The QEMU EHCI Adapter can be used with and without companion
 controllers.  See below for the companion controller mode.
@@ -47,29 +67,15 @@ specifies the first port the controller should attach to, 
which is
 needed as usually one ehci controller with six ports has three uhci
 companion controllers with two ports each.
 
-There is a config file in docs which will do all this for you, just
-try ...
+Result is a single usb bus which supports both USB 1.1 and USB 2.0
+devices.  There is a config file in docs which will do all this for
+you, just try ...
 
 qemu -readconfig docs/config/ich9-ehci-uhci.cfg
 
 ... then use "bus=ehci.0" to assign your usb devices to that bus.
 
 
-xhci controller support

-
-There is also xhci host controller support available.  It got a lot
-less testing than ehci and there are a bunch of known limitations, so
-ehci may work better for you.  On the other hand the xhci hardware
-design is much more virtualization-friendly, thus xhci emulation uses
-less resources (especially cpu).  If you want to give xhci a try
-use this to add the host controller ...
-
-qemu -device nec-usb-xhci,id=xhci
-
-... then use "bus=xhci.0" when assigning usb devices.
-
-
 More USB tips & tricks
 ==
 
-- 
2.9.3

Re: [Qemu-devel] [PATCH v2] elf: Add RISC-V PSABI ELF header defines

[Michael Clark]

On Fri, May 25, 2018 at 7:53 PM, Laurent Vivier  wrote:

> Le 25/05/2018 à 09:22, Michael Clark a écrit :
> > Refer to the RISC-V PSABI specification for details:
> >
> > - https://github.com/riscv/riscv-elf-psabi-doc/blob/master/riscv-elf.md
> >
> > Cc: Michael Tokarev 
> > Cc: Laurent Vivier 
> > Cc: Richard Henderson 
> > Cc: Alistair Francis 
> > Signed-off-by: Michael Clark 
> > ---
> >  include/elf.h | 8 
> >  1 file changed, 8 insertions(+)
> >
> > diff --git a/include/elf.h b/include/elf.h
> > index 934dbbd6b3ae..bd0493f43d19 100644
> > --- a/include/elf.h
> > +++ b/include/elf.h
> > @@ -1285,6 +1285,14 @@ typedef struct {
> >  #define R_IA64_DTPREL64LSB   0xb7/* @dtprel(sym + add), data8 LSB */
> >  #define R_IA64_LTOFF_DTPREL220xba/* @ltoff(@dtprel(s+a)),
> imm22 */
> >
> > +/* RISC-V specific definitions.  */
> > +#define EF_RISCV_RVC 0x0001
> > +#define EF_RISCV_FLOAT_ABI_SINGLE 0x0002
> > +#define EF_RISCV_FLOAT_ABI_DOUBLE 0x0004
> > +#define EF_RISCV_FLOAT_ABI_QUAD 0x0006
> > +#define EF_RISCV_RVE 0x0008
> > +#define EF_RISCV_TSO 0x0010
> > +
> >  typedef struct elf32_rel {
> >Elf32_Addr r_offset;
> >Elf32_Word r_info;
> >
>
> from glibc (and binutils), I have:
>
>   /* RISC-V ELF Flags */
>   #define EF_RISCV_RVC0x0001
>   #define EF_RISCV_FLOAT_ABI  0x0006
>   #define EF_RISCV_FLOAT_ABI_SOFT 0x
>   #define EF_RISCV_FLOAT_ABI_SINGLE   0x0002
>   #define EF_RISCV_FLOAT_ABI_DOUBLE   0x0004
>   #define EF_RISCV_FLOAT_ABI_QUAD 0x0006
>
> Perhaps you can also define EF_RISCV_FLOAT_ABI_SOFT and EF_RISCV_FLOAT_ABI?
>

Will do. I'll align them also.

Anyway:
>
> Reviewed-by: Laurent Vivier 
>
>
Thanks for checking glibc and binutils. I'll update to add the extra
definitions before I make a PR. Thanks!

Michael.

Re: [Qemu-devel] [PATCH 14/27] iommu: Add IOMMU index concept to IOMMU API

[Auger Eric]

Hi Peter,

On 05/24/2018 12:54 PM, Peter Maydell wrote:
> On 24 May 2018 at 07:23, Peter Xu  wrote:
>> On Wed, May 23, 2018 at 12:47:16PM +0100, Peter Maydell wrote:
>>> On 23 May 2018 at 02:06, Peter Xu  wrote:
 Could you elaborate a bit more on why IOMMU notifier failed to
 corporate when passing in MemTxAttrs?  I am not sure I caught the idea
 here, but can we copy the MemTxAttrs into IOMMUTLBEntry when
 translating, then in IOMMU notifiers we can know the attrs (if that is
 what MPC wants)?
>>>
>>> (1) The notifier API lets you register a notifier before you've
>>> called the translate API
>>
>> Yes.
>>
>>> (2) An IOMMUTLBEntry can be valid for more than just the txattrs
>>> that it was passed in (for instance, if an IOMMU doesn't care
>>> about txattrs at all, then the resulting TLB entry is valid for
>>> any txattrs; or if the IOMMU only cares about attrs.secure the
>>> resulting TLB entries are valid for both attrs.user=0 and
>>> attrs.user=1).
>>
>> [1]
>>
>> Yes exactly, that's why I thought copying the txattrs into IOTLB
>> should work.
> 
> I'm a bit confused about why the IOMMUTLBEntry is relevant here.
> That's the thing returned from the translate method, so there's
> no point in copying txattrs into it, because the caller by definition
> already had them. At the point where the IOMMU notices a guest
> changed the config, it doesn't have an IOMMUTLBEntry or a set of
> tx attrs.
> 
>>> (3) when the IOMMU calls the notifier because the guest config
>>> changed it doesn't have tx attributes, so it would have to
>>> fabricate some; and the guest config will invalidate transactions
>>> with some combinations of tx attributes and not others.
>>
>> IMHO it doesn't directly matter with what we are discussing now.  That
>> IOMMU_NOTIFIER_[UN]MAP flag tells what kind of message would the
>> notifier be interested in from "what kind of mapping it is".  IMHO
>> it's not really related to some other attributes when translation
>> happens - in our case, it does not directly related to what txattrs
>> value is.  Here as mentioned at [1] above IMHO we can still check this
>> against txattrs in the notifier handler, then we ignore messages that
>> we don't care about.  Actually the IOMMU_NOTIFIER_[UN]MAP flags can be
>> removed and we can just do similar things (e.g., we can skip MAP
>> messages if we only care about UNMAP messages), but since it's a
>> general concept and easy to be generalized, so we provided these
>> MAP/UNMAP flags to ease the notifier hooks.
>>
>> In other words, I think we can also add more flags for SECURE or not.
>> However I still don't see a reason (from above three points) on why we
>> can't pass in txattrs directly into translate(), and at the same time
>> we copy the txattrs into IOTLB so that IOMMUTLBEntry can contain some
>> context information. [2]
> 
> I'm afraid I really don't understand the design you're proposing
> here. But overall I think the point of divergence is that
> the mapping from "transaction attributes" to "translation contexts"
> (ie, effectively different page tables) is not 1:1. So for instance:
> 
> Our current IOMMUs which don't care about txattrs:
> 
>   [any txattr at all] -> the one and only translation context
> 
> An IOMMU which cares about attrs.secure, and also treats
> attrs.unspecified like secure:
>   [any txattr with attrs.secure = 1]  \-> 'secure' context'
>   MEMATTRS_UNSPECIFIED/
> 
>   [txattrs with secure = 1] -> 'nonsecure' context
> 
> An IOMMU which cares about attrs.secure and attrs.user:
>   [secure=1,user=1]   -> 'secure user' context
>   [secure=0,user=1]   -> 'ns user' context
>   [secure=1,user=0]   -> 's priv' context
>   [secure=0,user=0]   -> 'ns priv' context

I fail to understand the PRIV attribute usage in SMMUv3.
My understanding is the STRW (ie. stream world, kind of indication of
the exception level the SID is used along) in the STE is used to
determine the correct TTB*. Isn't PRIV checked against the page table
attributes only?

So would be expose 4 indexes for SMMUv3 or only 2 (S and NS)?

Thanks

Eric
> 
> The IOMMU index captures this idea that there is not a 1:1
> mapping, so we have a way to think about and refer to the
> actual set of translation contexts that the IOMMU has.
> 
>>> As Paolo pointed out you could also implement this by rather
>>> of having an iommu_index concept, instead having some kind
>>> of "here is a mask of which txattrs fields matter, and here's
>>> another parameter with which txattrs fields are affected".
>>> That makes it awkward though to implement "txattrs.unspecified
>>> acts like txattrs.secure == 1" type behaviour, though, which is
>>> easy with an index abstraction layer. It also would be harder
>>> to implement the default 'replay' method, I think.
>>
>> Please refer to my above comment at [2] - I am still confused on why
>> we must use this iommu_idx concept.  How about we just introduce
>> IOMMU_NOTIFIER_SECURE (or something similar) and let TCG 

Re: [Qemu-devel] [PATCH 14/27] iommu: Add IOMMU index concept to IOMMU API

[Peter Maydell]

On 25 May 2018 at 10:27, Auger Eric  wrote:
> I fail to understand the PRIV attribute usage in SMMUv3.
> My understanding is the STRW (ie. stream world, kind of indication of
> the exception level the SID is used along) in the STE is used to
> determine the correct TTB*. Isn't PRIV checked against the page table
> attributes only?

I haven't looked too closely at the details for the SMMUv3.
But basically if you can return different results for
"transaction is priv" vs "transaction is user" then you need
separate iommu indexes, even if the only difference might
be in the permissions. (This is because an IOMMUTLBEntry
can only specify one set of r/w permissions; it can't
tell you the permissions separately for priv vs user.) If the
SMMUv3 always reports the same permissions and address regardless
of the transaction's priv attribute, then it doesn't need
to use separate indexes for them.

thanks
-- PMM

Re: [Qemu-devel] [PATCH v2 1/1] sandbox: disable -sandbox if CONFIG_SECCOMP undefined

[Eduardo Otubo]

On 05/25/2018 06:23 AM, Yi Min Zhao wrote:



在 2018/5/24 下午9:40, Paolo Bonzini 写道:

On 24/05/2018 09:53, Eduardo Otubo wrote:

Thanks! But I have not got response from Paolo.  I have added him to
CC list.


  I'll just wait one more ACK and will send a pull request on the
seccomp queue. Thanks for the contribution.



So... what I should do is wait?


Yes, even though I think we're safe to proceed without his explicit ack.

The patch is okay; however, as a follow-up, you could consider moving
all the CONFIG_SECCOMP code to qemu-seccomp.c.

This way, the only #ifdef remains the one around qemu_opts_foreach.

Paolo


Thanks for your comment! Indeed, moving to the single C file is much 
more clear.

I will do this after this patch.

@Otubo, what about next step?


If you're willing to send v3 with the changes Paolo suggested, I can 
wait to send the pull request. No worries.

Re: [Qemu-devel] [PATCH v3 1/2] vfio-ccw: add force unlimited prefetch property

[Cornelia Huck]

On Thu, 24 May 2018 19:58:27 +0200
Halil Pasic  wrote:

> There is at least one guest (OS) such that although it does not rely on
> the guarantees provided by ORB 1 word 9 bit (aka unlimited prefetch, aka
> P bit) not being set, it fails to tell this to the machine.
> 
> Usually this ain't a big deal, as the original purpose of the P bit is to
> allow for performance optimizations. vfio-ccw however can not provide the
> guarantees required if the bit is not set.
> 
> It is not possible to implement support for the P bit not set without
> transitioning to lower level protocols for vfio-ccw.  So let's give the
> user the opportunity to force setting the P bit, if the user knows this
> is safe.  For self modifying channel programs forcing the P bit is not
> safe.  If the P bit is forced for a self modifying channel program things
> are expected to break in strange ways.
> 
> Let's also avoid warning multiple about P bit not set in the ORB in case
> P bit is not told to be forced, and designate the affected vfio-ccw
> device.
> 
> Signed-off-by: Halil Pasic 
> Suggested-by: Dong Jia Shi 
> Acked-by: Jason J. Herne 
> Tested-by: Jason J. Herne 

> +static inline void warn_once(bool *warned, const char *fmt, ...)
> +{
> +va_list ap;
> +
> +if (!warned || *warned) {
> +return;
> +}
> +*warned = true;
> +va_start(ap, fmt);
> +warn_vreport(fmt, ap);
> +va_end(ap);
> +}
> +
> +static inline void warn_once_pfch(VFIOCCWDevice *vcdev, SubchDev *sch,
> +  const char *msg)
> +{
> +warn_once(&vcdev->warned_orb_pfch, "vfio-ccw (devno %x.%x.%04x): %s",
> +  sch->cssid, sch->ssid, sch->devno, msg);
> +}
> +

While I still think we want warn_once() in common error handling code,
this looks reasonable enough. We can still move it later.

>  static void vfio_ccw_compute_needs_reset(VFIODevice *vdev)
>  {
>  vdev->needs_reset = false;
> @@ -54,6 +76,18 @@ static IOInstEnding vfio_ccw_handle_request(SubchDev *sch)
>  struct ccw_io_region *region = vcdev->io_region;
>  int ret;
>  
> +if (!(sch->orb.ctrl0 & ORB_CTRL0_MASK_PFCH)) {
> +if (!(vcdev->force_orb_pfch)) {
> +warn_once_pfch(vcdev, sch, "requires PFCH flag set");
> +sch_gen_unit_exception(sch);
> +css_inject_io_interrupt(sch);
> +return IOINST_CC_EXPECTED;
> +} else {
> +sch->orb.ctrl0 |= ORB_CTRL0_MASK_PFCH;
> +warn_once_pfch(vcdev, sch, "PFCH flag forced");
> +}
> +}
> +

Looks good to me. I plan to queue this (and the other patch) to
s390-next, but (as always) further tags are still welcome :)

Re: [Qemu-devel] [PATCH 17/27] exec.c: Handle IOMMUs in address_space_translate_for_iotlb()

[Auger Eric]

Hi Peter,

On 05/25/2018 10:52 AM, Peter Maydell wrote:
> On 24 May 2018 at 20:54, Auger Eric  wrote:
>> Hi Peter,
>>
>> On 05/23/2018 11:51 AM, Alex Bennée wrote:
>>>
>>> Peter Maydell  writes:
>>>
 Currently we don't support board configurations that put an IOMMU
 in the path of the CPU's memory transactions, and instead just
 assert() if the memory region fonud in address_space_translate_for_iotlb()
>> found
 is an IOMMUMemoryRegion.

 Remove this limitation by having the function handle IOMMUs.
 This is mostly straightforward, but we must make sure we have
 a notifier registered for every IOMMU that a transaction has
 passed through, so that we can flush the TLB appropriately
>> Can you elaborate on what (TCG) TLB we are talking about?
> 
> The TCG TLB, as implemented in accel/tcg/cputlb.c. Basically
> the thing that caches the results it gets back from the memory
> system so it can fast path device and memory accesses.
> 
>> The concept of IOMMUs downstream to a CPU is not obvious to me. Maybe an
>> example may be documented in the commit message?
> 
> The MPC implemented in this patchset is an example.
> 
> 
> 
 +static void tcg_iommu_unmap_notify(IOMMUNotifier *n, IOMMUTLBEntry *iotlb)
 +{
 +TCGIOMMUNotifier *notifier = container_of(n, TCGIOMMUNotifier, n);
 +
 +if (!notifier->active) {
 +return;
 +}
 +tlb_flush(notifier->cpu);
 +notifier->active = false;
 +/* We leave the notifier struct on the list to avoid reallocating it 
 later.
 + * Generally the number of IOMMUs a CPU deals with will be small.
 + * In any case we can't unregister the iommu notifier from a notify
 + * callback.
 + */
>> I don't get the life cycle of the notifier and why it becomes inactive
>> after the invalidate. Could you detail the specificity of this one?
> 
> Once we've flushed the TLB it is empty and will have no cached
> information from the IOMMU. So there's no point in flushing the
> TLB again (which is expensive) until the next time a transaction
> goes through the IOMMU and we're caching something from it.
Ak OK. there is no finer granularity for TLB flush?

> 
> So the cycle goes:
>  * CPU makes transaction that goes through an IOMMU
>  * in tcg_register_iommu_notifier() we register the notifier
>if we haven't already, and make sure it's got active = true
>  * in the unmap notify, we flush the whole TLB for the CPU, and
>set active = false
>  * repeat...
OK thank you for the explanation
> 
> 
 +static void tcg_iommu_notifier_destroy(gpointer data)
 +{
 +TCGIOMMUNotifier *notifier = data;
 +
 +if (notifier->active) {
 +memory_region_unregister_iommu_notifier(notifier->mr, 
 ¬ifier->n);
 +}
>> Is it safe to leave the notifier registered to an IOMMU whereas it gets
>> freed?
> 
> Oh, this is a bug, left over from my first idea (which was to
> unregister the IOMMU notifier in the notifier unmap callback,
> in which case active == true would be the only case when we
> had a registered notifier).
> 
> We should unconditionally unregister the notifier here.
> 
> 
  /* Called from RCU critical section */
  MemoryRegionSection *
  address_space_translate_for_iotlb(CPUState *cpu, int asidx, hwaddr addr,
 -  hwaddr *xlat, hwaddr *plen)
 +  hwaddr *xlat, hwaddr *plen,
 +  MemTxAttrs attrs, int *prot)
  {
  MemoryRegionSection *section;
 +IOMMUMemoryRegion *iommu_mr;
 +IOMMUMemoryRegionClass *imrc;
 +IOMMUTLBEntry iotlb;
 +int iommu_idx;
  AddressSpaceDispatch *d = 
 atomic_rcu_read(&cpu->cpu_ases[asidx].memory_dispatch);

 -section = address_space_translate_internal(d, addr, xlat, plen, 
 false);
 +for (;;) {
 +section = address_space_translate_internal(d, addr, &addr, plen, 
 false);
 +
 +iommu_mr = memory_region_get_iommu(section->mr);
 +if (!iommu_mr) {
 +break;
 +}
 +
 +imrc = memory_region_get_iommu_class_nocheck(iommu_mr);
 +
 +iommu_idx = imrc->attrs_to_index(iommu_mr, attrs);
 +tcg_register_iommu_notifier(cpu, iommu_mr, iommu_idx);
 +/* We need all the permissions, so pass IOMMU_NONE so the IOMMU
 + * doesn't short-cut its translation table walk.
>> it is not clear to me why you don't use the access flag as you seem to
>> handle the perm fault after the translate() call.
> 
> We need to know all the permissions (because we'll cache the result
> in the TCG TLB and later use them for future read and write accesses),
> so we pass IOMMU_NONE.
> 
> My understanding from previous discussion is that the only
> reason to pass in some other access flag value is if you
> only care about one of r

Re: [Qemu-devel] [PULL 00/13] Linux user for 2.13 patches

[Peter Maydell]

On 25 May 2018 at 09:17, Laurent Vivier  wrote:
> The following changes since commit 62b9b076d9d37117696ec64f0b3544c1205ff7f9:
>
>   Merge remote-tracking branch 
> 'remotes/kraxel/tags/vga-20180524-pull-request' into staging (2018-05-24 
> 17:48:01 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu.git tags/linux-user-for-2.13-pull-request
>
> for you to fetch changes up to 4f71086665360eb15cb0cc3392bd5063f26ee934:
>
>   gdbstub: Clarify what gdb_handlesig() is doing (2018-05-25 10:10:55 +0200)
>
> 
> This pull request includes:
> - fixes for some comments
> - netlink update and fix
> - rework/cleanup fo socket.h,
>   including fixes for SPARC part.
>

Applied, thanks.

-- PMM

Re: [Qemu-devel] [PATCH 17/27] exec.c: Handle IOMMUs in address_space_translate_for_iotlb()

[Peter Maydell]

On 25 May 2018 at 10:50, Auger Eric  wrote:
> On 05/25/2018 10:52 AM, Peter Maydell wrote:
>> Once we've flushed the TLB it is empty and will have no cached
>> information from the IOMMU. So there's no point in flushing the
>> TLB again (which is expensive) until the next time a transaction
>> goes through the IOMMU and we're caching something from it.
> Ak OK. there is no finer granularity for TLB flush?

Yes, there is -- you can flush by (input) address; but I
opted to do a global flush, because it doesn't require
complicated tracking of which parts of the IOMMU's address
range we care about, and in general I expect IOMMU config
changes to be fairly rare:

+/* Rather than trying to register interest in the specific part
+ * of the iommu's address space that we've accessed and then
+ * expand it later as subsequent accesses touch more of it, we
+ * just register interest in the whole thing, on the assumption
+ * that iommu reconfiguration will be rare.
+ */

We can always come back and revisit that if there turns
out to be a performance problem here in practice.

>> We need to know all the permissions (because we'll cache the result
>> in the TCG TLB and later use them for future read and write accesses),
>> so we pass IOMMU_NONE.
>>
>> My understanding from previous discussion is that the only
>> reason to pass in some other access flag value is if you
>> only care about one of read or write and want to allow the
>> IOMMU to stop walking the page table early as soon as it decides
>> it doesn't have permissions.
>
> agreed. So you need to fetch the whole set of table permissions to
> update the TLB. By the way where is the TLB updated?

tlb_set_page_with_attrs() calls address_space_translate_for_iotlb(),
which looks up what's at that address, including doing IOMMU
translations. Then tlb_set_page_with_attrs() fills in the TLB
data structure with the results.

thanks
-- PMM

Re: [Qemu-devel] [PATCH] vhost-blk: turn on pre-defined RO feature bit

[Stefan Hajnoczi]

On Tue, May 22, 2018 at 02:39:28PM +, Liu, Changpeng wrote:
> 
> 
> > -Original Message-
> > From: Stefan Hajnoczi [mailto:stefa...@redhat.com]
> > Sent: Tuesday, May 22, 2018 6:11 AM
> > To: Liu, Changpeng 
> > Cc: qemu-devel@nongnu.org; m...@redhat.com
> > Subject: Re: [PATCH] vhost-blk: turn on pre-defined RO feature bit
> > 
> > On Sat, May 19, 2018 at 06:20:16AM +0800, Changpeng Liu wrote:
> > > Read only feature shouldn't be negotiable, because if the
> > > backend device reported Read only feature supported, QEMU
> > > host driver shouldn't change backend's RO attribute.
> > 
> > I don't understand this patch.
> > 
> > Does it make *all* virtio-blk devices read-only?
> If the slave target reported RO feature, the disk in OS should be RO, 
> currently
> users should specify in QEMU command to enable RO.
> > 
> > Or is the idea that the vhost-user slave has to clear the read-only bit
> > if it is a writable device?
> Exactly.

Thanks for explaining!

Please implement the read-only bit in contrib/vhost-user-blk we it can
be tested.

Thanks,
Stefan


signature.asc
Description: PGP signature

Re: [Qemu-devel] [PATCH v1 10/24] tests/tcg/multiarch: Build fix for linux-test

[Alex Bennée]

Philippe Mathieu-Daudé  writes:

> On 04/15/2018 09:07 PM, Philippe Mathieu-Daudé wrote:
>> Hi Fam, Alex,
>>
>> On 04/10/2018 04:39 PM, Alex Bennée wrote:
>>> From: Fam Zheng 
>>>
>>> To keep the compiler happy, and to fit in our buildsys flags:
>>>
>>> - Make local functions "static"
>>> - #ifdef out unused functions
>>> - drop cutils/osdep dependencies
>>>
>>> Signed-off-by: Fam Zheng 
>>> [AJB: drop cutils/osdep dependencies]
>>> Signed-off-by: Alex Bennée 
>>> ---
>>>  tests/tcg/multiarch/linux-test.c | 68 
>>> +---
>>>  1 file changed, 21 insertions(+), 47 deletions(-)
>>>
>>> diff --git a/tests/tcg/multiarch/linux-test.c 
>>> b/tests/tcg/multiarch/linux-test.c
>>> index 5070d31446..4457bd04ba 100644
>>> --- a/tests/tcg/multiarch/linux-test.c
>>> +++ b/tests/tcg/multiarch/linux-test.c
>>> @@ -16,7 +16,6 @@
>>>   *  You should have received a copy of the GNU General Public License
>>>   *  along with this program; if not, see .
>>>   */
>>> -#define _GNU_SOURCE
>>>  #include 
>>>  #include 
>>>  #include 
>>> @@ -31,6 +30,7 @@
>>>  #include 
>>>  #include 
>>>  #include 
>>> +#include 
>>>  #include 
>>>  #include 
>>>  #include 
>>> @@ -39,13 +39,12 @@
>>>  #include 
>>>  #include 
>>>  #include 
>>> -#include "qemu/cutils.h"
>>>
>>>  #define TESTPATH "/tmp/linux-test.tmp"
>>>  #define TESTPORT 7654
>>>  #define STACK_SIZE 16384
>>>
>>> -void error1(const char *filename, int line, const char *fmt, ...)
>>> +static void error1(const char *filename, int line, const char *fmt, ...)
>>>  {
>>>  va_list ap;
>>>  va_start(ap, fmt);
>>> @@ -56,7 +55,7 @@ void error1(const char *filename, int line, const char 
>>> *fmt, ...)
>>>  exit(1);
>>>  }
>>>
>>> -int __chk_error(const char *filename, int line, int ret)
>>> +static int __chk_error(const char *filename, int line, int ret)
>>>  {
>>>  if (ret < 0) {
>>>  error1(filename, line, "%m (ret=%d, errno=%d)",
>>> @@ -73,7 +72,7 @@ int __chk_error(const char *filename, int line, int ret)
>>>
>>>  #define FILE_BUF_SIZE 300
>>>
>>> -void test_file(void)
>>> +static void test_file(void)
>>>  {
>>>  int fd, i, len, ret;
>>>  uint8_t buf[FILE_BUF_SIZE];
>>> @@ -210,7 +209,7 @@ void test_file(void)
>>>  chk_error(rmdir(TESTPATH));
>>>  }
>>>
>>> -void test_fork(void)
>>> +static void test_fork(void)
>>>  {
>>>  int pid, status;
>>>
>>> @@ -224,7 +223,7 @@ void test_fork(void)
>>>  error("waitpid status=0x%x", status);
>>>  }
>>>
>>> -void test_time(void)
>>> +static void test_time(void)
>>>  {
>>>  struct timeval tv, tv2;
>>>  struct timespec ts, rem;
>>> @@ -251,34 +250,7 @@ void test_time(void)
>>>  error("getrusage");
>>>  }
>>>
>>> -void pstrcpy(char *buf, int buf_size, const char *str)
>>> -{
>>> -int c;
>>> -char *q = buf;
>>> -
>>> -if (buf_size <= 0)
>>> -return;
>>> -
>>> -for(;;) {
>>> -c = *str++;
>>> -if (c == 0 || q >= buf + buf_size - 1)
>>> -break;
>>> -*q++ = c;
>>> -}
>>> -*q = '\0';
>>> -}
>>> -
>>> -/* strcat and truncate. */
>>> -char *pstrcat(char *buf, int buf_size, const char *s)
>>> -{
>>> -int len;
>>> -len = strlen(buf);
>>> -if (len < buf_size)
>>> -pstrcpy(buf + len, buf_size - len, s);
>>> -return buf;
>>> -}
>>> -
>>> -int server_socket(void)
>>> +static int server_socket(void)
>>>  {
>>>  int val, fd;
>>>  struct sockaddr_in sockaddr;
>>> @@ -298,7 +270,7 @@ int server_socket(void)
>>>
>>>  }
>>>
>>> -int client_socket(void)
>>> +static int client_socket(void)
>>>  {
>>>  int fd;
>>>  struct sockaddr_in sockaddr;
>>> @@ -312,9 +284,9 @@ int client_socket(void)
>>>  return fd;
>>>  }
>>>
>>> -const char socket_msg[] = "hello socket\n";
>>> +static const char socket_msg[] = "hello socket\n";
>>>
>>> -void test_socket(void)
>>> +static void test_socket(void)
>>>  {
>>>  int server_fd, client_fd, fd, pid, ret, val;
>>>  struct sockaddr_in sockaddr;
>>> @@ -348,9 +320,10 @@ void test_socket(void)
>>>  chk_error(close(server_fd));
>>>  }
>>>
>>> +#if 0
>>
>> Why keep this now dead code?
>
> You can use: #ifdef LINUX_TEST_CLONE
>
> But this my be even better to move this chunk as a stand-alone test in a
> new file, linux-clone-test.c and add a make rule to only include it in
> the TEST_SRCS var when the host is able to run it.

More of it gets un-#if 0'd in the follow-up patch. There is certainly
more clean-up to be done but for now I've just left it disabled. I think
splitting out a specific test-clone patch is a good follow-up candidate
though.

>
>>
>>>  #define WCOUNT_MAX 512
>>>
>>> -void test_pipe(void)
>>> +static void test_pipe(void)
>>>  {
>>>  fd_set rfds, wfds;
>>>  int fds[2], fd_max, ret;
>>> @@ -391,10 +364,10 @@ void test_pipe(void)
>>>  chk_error(close(fds[1]));
>>>  }
>>>
>>> -int thread1_res;
>>> -int thread2_res;
>>> +static int thread1_res;
>>> +static int thread2

[Qemu-devel] [PATCH] ui/cocoa: Suppress NSFileHandlingPanelOKButton deprecation warning

[Peter Maydell]

OSX 10.13 deprecates the NSFileHandlingPanelOKButton constant, and
would rather you use NSModalResponseOK, which was introduced in OS 10.9.
Use the recommended new constant name, with a backward compatibility
define if we're building on an older OSX.

Signed-off-by: Peter Maydell 
---
Tested on 10.13; I don't hvae anything older to test on.

 ui/cocoa.m | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ui/cocoa.m b/ui/cocoa.m
index 110b393e4e..f5ecd66fd3 100644
--- a/ui/cocoa.m
+++ b/ui/cocoa.m
@@ -79,6 +79,13 @@
 #define NSWindowStyleMaskMiniaturizable NSMiniaturizableWindowMask
 #define NSWindowStyleMaskTitled NSTitledWindowMask
 #endif
+/* 10.13 deprecates NSFileHandlingPanelOKButton in favour of
+ * NSModalResponseOK, which was introduced in 10.9. Define
+ * it for older versions.
+ */
+#if MAC_OS_X_VERSION_MAX_ALLOWED < MAC_OS_X_VERSION_10_9
+#define NSModalResponseOK NSFileHandlingPanelOKButton
+#endif
 
 //#define DEBUG
 
@@ -1218,7 +1225,7 @@ QemuCocoaView *cocoaView;
 [openPanel setCanChooseFiles: YES];
 [openPanel setAllowsMultipleSelection: NO];
 [openPanel setAllowedFileTypes: supportedImageFileTypes];
-if([openPanel runModal] == NSFileHandlingPanelOKButton) {
+if([openPanel runModal] == NSModalResponseOK) {
 NSString * file = [[[openPanel URLs] objectAtIndex: 0] path];
 if(file == nil) {
 NSBeep();
-- 
2.17.0

[Qemu-devel] [PATCH v2 4/5] libvhost-user: support host notifier

[Tiwei Bie]

This patch introduces the host notifier support in
libvhost-user. A new API is added to support setting
host notifier for each queue.

Signed-off-by: Tiwei Bie 
---
 contrib/libvhost-user/libvhost-user.c | 80 ---
 contrib/libvhost-user/libvhost-user.h | 31 +++
 2 files changed, 103 insertions(+), 8 deletions(-)

diff --git a/contrib/libvhost-user/libvhost-user.c 
b/contrib/libvhost-user/libvhost-user.c
index 54e643d871..6b0cdfbe8e 100644
--- a/contrib/libvhost-user/libvhost-user.c
+++ b/contrib/libvhost-user/libvhost-user.c
@@ -314,11 +314,6 @@ vu_message_write(VuDev *dev, int conn_fd, VhostUserMsg 
*vmsg)
 msg.msg_controllen = 0;
 }
 
-/* Set the version in the flags when sending the reply */
-vmsg->flags &= ~VHOST_USER_VERSION_MASK;
-vmsg->flags |= VHOST_USER_VERSION;
-vmsg->flags |= VHOST_USER_REPLY_MASK;
-
 do {
 rc = sendmsg(conn_fd, &msg, 0);
 } while (rc < 0 && (errno == EINTR || errno == EAGAIN));
@@ -341,6 +336,39 @@ vu_message_write(VuDev *dev, int conn_fd, VhostUserMsg 
*vmsg)
 return true;
 }
 
+static bool
+vu_send_reply(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
+{
+/* Set the version in the flags when sending the reply */
+vmsg->flags &= ~VHOST_USER_VERSION_MASK;
+vmsg->flags |= VHOST_USER_VERSION;
+vmsg->flags |= VHOST_USER_REPLY_MASK;
+
+return vu_message_write(dev, conn_fd, vmsg);
+}
+
+static bool
+vu_process_message_reply(VuDev *dev, const VhostUserMsg *vmsg)
+{
+VhostUserMsg msg_reply;
+
+if ((vmsg->flags & VHOST_USER_NEED_REPLY_MASK) == 0) {
+return true;
+}
+
+if (!vu_message_read(dev, dev->slave_fd, &msg_reply)) {
+return false;
+}
+
+if (msg_reply.request != vmsg->request) {
+DPRINT("Received unexpected msg type. Expected %d received %d",
+   vmsg->request, msg_reply.request);
+return false;
+}
+
+return msg_reply.payload.u64 == 0;
+}
+
 /* Kick the log_call_fd if required. */
 static void
 vu_log_kick(VuDev *dev)
@@ -536,7 +564,7 @@ vu_set_mem_table_exec_postcopy(VuDev *dev, VhostUserMsg 
*vmsg)
 
 /* Send the message back to qemu with the addresses filled in */
 vmsg->fd_num = 0;
-if (!vu_message_write(dev, dev->sock, vmsg)) {
+if (!vu_send_reply(dev, dev->sock, vmsg)) {
 vu_panic(dev, "failed to respond to set-mem-table for postcopy");
 return false;
 }
@@ -916,6 +944,41 @@ void vu_set_queue_handler(VuDev *dev, VuVirtq *vq,
 }
 }
 
+bool vu_set_queue_host_notifier(VuDev *dev, VuVirtq *vq, int fd,
+int size, int offset)
+{
+int qidx = vq - dev->vq;
+int fd_num = 0;
+VhostUserMsg vmsg = {
+.request = VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG,
+.flags = VHOST_USER_VERSION | VHOST_USER_NEED_REPLY_MASK,
+.size = sizeof(vmsg.payload.area),
+.payload.area = {
+.u64 = qidx & VHOST_USER_VRING_IDX_MASK,
+.size = size,
+.offset = offset,
+},
+};
+
+if ((dev->protocol_features & VHOST_USER_PROTOCOL_F_HOST_NOTIFIER) == 0) {
+return false;
+}
+
+if (fd == -1) {
+vmsg.payload.area.u64 |= VHOST_USER_VRING_NOFD_MASK;
+} else {
+vmsg.fds[fd_num++] = fd;
+}
+
+vmsg.fd_num = fd_num;
+
+if (!vu_message_write(dev, dev->slave_fd, &vmsg)) {
+return false;
+}
+
+return vu_process_message_reply(dev, &vmsg);
+}
+
 static bool
 vu_set_vring_call_exec(VuDev *dev, VhostUserMsg *vmsg)
 {
@@ -968,7 +1031,8 @@ static bool
 vu_get_protocol_features_exec(VuDev *dev, VhostUserMsg *vmsg)
 {
 uint64_t features = 1ULL << VHOST_USER_PROTOCOL_F_LOG_SHMFD |
-1ULL << VHOST_USER_PROTOCOL_F_SLAVE_REQ;
+1ULL << VHOST_USER_PROTOCOL_F_SLAVE_REQ |
+1ULL << VHOST_USER_PROTOCOL_F_HOST_NOTIFIER;
 
 if (have_userfault()) {
 features |= 1ULL << VHOST_USER_PROTOCOL_F_PAGEFAULT;
@@ -1252,7 +1316,7 @@ vu_dispatch(VuDev *dev)
 goto end;
 }
 
-if (!vu_message_write(dev, dev->sock, &vmsg)) {
+if (!vu_send_reply(dev, dev->sock, &vmsg)) {
 goto end;
 }
 
diff --git a/contrib/libvhost-user/libvhost-user.h 
b/contrib/libvhost-user/libvhost-user.h
index b27075ea3b..90806a25f9 100644
--- a/contrib/libvhost-user/libvhost-user.h
+++ b/contrib/libvhost-user/libvhost-user.h
@@ -51,6 +51,7 @@ enum VhostUserProtocolFeature {
 VHOST_USER_PROTOCOL_F_CRYPTO_SESSION = 7,
 VHOST_USER_PROTOCOL_F_PAGEFAULT = 8,
 VHOST_USER_PROTOCOL_F_CONFIG = 9,
+VHOST_USER_PROTOCOL_F_HOST_NOTIFIER = 10,
 
 VHOST_USER_PROTOCOL_F_MAX
 };
@@ -92,6 +93,14 @@ typedef enum VhostUserRequest {
 VHOST_USER_MAX
 } VhostUserRequest;
 
+typedef enum VhostUserSlaveRequest {
+VHOST_USER_SLAVE_NONE = 0,
+VHOST_USER_SLAVE_IOTLB_MSG = 1,
+VHOST_USER_SLAVE_CONFIG_CHANGE_MSG = 2,
+VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG = 3,
+V

[Qemu-devel] [PATCH v2 5/5] vhost-user-bridge: support host notifier

[Tiwei Bie]

This patch introduces the host notifier support in
vhost-user-bridge. A new option (-H) is added to use
the host notifier. This is mainly used to test the
host notifier implementation in vhost user.

Signed-off-by: Tiwei Bie 
---
 tests/vhost-user-bridge.c | 98 +--
 1 file changed, 95 insertions(+), 3 deletions(-)

diff --git a/tests/vhost-user-bridge.c b/tests/vhost-user-bridge.c
index e0605a529e..0884294141 100644
--- a/tests/vhost-user-bridge.c
+++ b/tests/vhost-user-bridge.c
@@ -29,6 +29,7 @@
 
 #define _FILE_OFFSET_BITS 64
 
+#include "qemu/atomic.h"
 #include "qemu/osdep.h"
 #include "qemu/iov.h"
 #include "standard-headers/linux/virtio_net.h"
@@ -65,6 +66,11 @@ typedef struct VubrDev {
 int sock;
 int ready;
 int quit;
+struct {
+int fd;
+void *addr;
+pthread_t thread;
+} notifier;
 } VubrDev;
 
 static void
@@ -445,14 +451,22 @@ static uint64_t
 vubr_get_features(VuDev *dev)
 {
 return 1ULL << VIRTIO_NET_F_GUEST_ANNOUNCE |
-1ULL << VIRTIO_NET_F_MRG_RXBUF;
+1ULL << VIRTIO_NET_F_MRG_RXBUF |
+1ULL << VIRTIO_F_VERSION_1;
 }
 
 static void
 vubr_queue_set_started(VuDev *dev, int qidx, bool started)
 {
+VubrDev *vubr = container_of(dev, VubrDev, vudev);
 VuVirtq *vq = vu_get_queue(dev, qidx);
 
+if (started && vubr->notifier.fd >= 0) {
+vu_set_queue_host_notifier(dev, vq, vubr->notifier.fd,
+   getpagesize(),
+   qidx * getpagesize());
+}
+
 if (qidx % 2 == 1) {
 vu_set_queue_handler(dev, vq, started ? vubr_handle_tx : NULL);
 }
@@ -522,6 +536,8 @@ vubr_new(const char *path, bool client)
 vubr_die("socket");
 }
 
+dev->notifier.fd = -1;
+
 un.sun_family = AF_UNIX;
 strcpy(un.sun_path, path);
 len = sizeof(un.sun_family) + strlen(path);
@@ -559,6 +575,73 @@ vubr_new(const char *path, bool client)
 return dev;
 }
 
+static void *notifier_thread(void *arg)
+{
+VuDev *dev = (VuDev *)arg;
+VubrDev *vubr = container_of(dev, VubrDev, vudev);
+int pagesize = getpagesize();
+int qidx;
+
+while (true) {
+for (qidx = 0; qidx < VHOST_MAX_NR_VIRTQUEUE; qidx++) {
+uint16_t *n = vubr->notifier.addr + pagesize * qidx;
+
+if (*n == qidx) {
+*n = 0x;
+/* We won't miss notifications if we reset
+ * the memory first. */
+smp_mb();
+
+DPRINT("Got a notification for queue%d via host notifier.\n",
+   qidx);
+
+if (qidx % 2 == 1) {
+vubr_handle_tx(dev, qidx);
+}
+}
+usleep(1000);
+}
+}
+
+return NULL;
+}
+
+static void
+vubr_host_notifier_setup(VubrDev *dev)
+{
+char template[] = "/tmp/vubr-XX";
+pthread_t thread;
+size_t length;
+void *addr;
+int fd;
+
+length = getpagesize() * VHOST_MAX_NR_VIRTQUEUE;
+
+fd = mkstemp(template);
+if (fd < 0) {
+vubr_die("mkstemp()");
+}
+
+if (posix_fallocate(fd, 0, length) != 0) {
+vubr_die("posix_fallocate()");
+}
+
+addr = mmap(NULL, length, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+if (addr == MAP_FAILED) {
+vubr_die("mmap()");
+}
+
+memset(addr, 0xff, length);
+
+if (pthread_create(&thread, NULL, notifier_thread, &dev->vudev) != 0) {
+vubr_die("pthread_create()");
+}
+
+dev->notifier.fd = fd;
+dev->notifier.addr = addr;
+dev->notifier.thread = thread;
+}
+
 static void
 vubr_set_host(struct sockaddr_in *saddr, const char *host)
 {
@@ -673,8 +756,9 @@ main(int argc, char *argv[])
 VubrDev *dev;
 int opt;
 bool client = false;
+bool host_notifier = false;
 
-while ((opt = getopt(argc, argv, "l:r:u:c")) != -1) {
+while ((opt = getopt(argc, argv, "l:r:u:cH")) != -1) {
 
 switch (opt) {
 case 'l':
@@ -693,6 +777,9 @@ main(int argc, char *argv[])
 case 'c':
 client = true;
 break;
+case 'H':
+host_notifier = true;
+break;
 default:
 goto out;
 }
@@ -708,6 +795,10 @@ main(int argc, char *argv[])
 return 1;
 }
 
+if (host_notifier) {
+vubr_host_notifier_setup(dev);
+}
+
 vubr_backend_udp_setup(dev, lhost, lport, rhost, rport);
 vubr_run(dev);
 
@@ -717,7 +808,7 @@ main(int argc, char *argv[])
 
 out:
 fprintf(stderr, "Usage: %s ", argv[0]);
-fprintf(stderr, "[-c] [-u ud_socket_path] [-l lhost:lport] [-r 
rhost:rport]\n");
+fprintf(stderr, "[-c] [-H] [-u ud_socket_path] [-l lhost:lport] [-r 
rhost:rport]\n");
 fprintf(stderr, "\t-u path to unix doman socket. default: %s\n",
 DEFAULT_UD_SOCKET);
 fprintf(stderr, "\t-l local host and port. default: %s:%s\n",
@@ -725,6 +816,7 @@ out:
 fprintf(stderr, 

[Qemu-devel] [PATCH v2 0/5] Support host notifiers in vhost-user

[Tiwei Bie]

More details about this patch set can be found from:

http://lists.gnu.org/archive/html/qemu-devel/2018-04/msg01779.html
http://lists.gnu.org/archive/html/qemu-devel/2018-04/msg04626.html

v1 -> v2:
- Drop the VHOST_USER_PROTOCOL_F_SLAVE_SEND_FD patch; (MST)
- In PATCH 2/5, for net/vhost-user, only save VhostUserState
  in queue index 0, i.e. where `chr` is saved;
- In PATCH 4/5, check VHOST_USER_PROTOCOL_F_HOST_NOTIFIER
  before sending msg (including fd) to master; (MST)

Tiwei Bie (5):
  vhost: allow backends to filter memory sections
  vhost-user: introduce shared vhost-user state
  vhost-user: support registering external host notifiers
  libvhost-user: support host notifier
  vhost-user-bridge: support host notifier

 backends/cryptodev-vhost-user.c   |  20 +++-
 contrib/libvhost-user/libvhost-user.c |  80 +++--
 contrib/libvhost-user/libvhost-user.h |  31 +
 docs/interop/vhost-user.txt   |  33 ++
 hw/block/vhost-user-blk.c |  22 +++-
 hw/scsi/vhost-user-scsi.c |  20 +++-
 hw/virtio/Makefile.objs   |   2 +-
 hw/virtio/vhost-stub.c|  10 ++
 hw/virtio/vhost-user.c| 165 --
 hw/virtio/vhost.c |   9 +-
 include/hw/virtio/vhost-backend.h |   4 +
 include/hw/virtio/vhost-user-blk.h|   2 +
 include/hw/virtio/vhost-user-scsi.h   |   2 +
 include/hw/virtio/vhost-user.h|  28 +
 net/vhost-user.c  |  57 ++---
 tests/vhost-user-bridge.c |  98 ++-
 16 files changed, 542 insertions(+), 41 deletions(-)
 create mode 100644 include/hw/virtio/vhost-user.h

-- 
2.17.0

[Qemu-devel] [PATCH v2 2/5] vhost-user: introduce shared vhost-user state

[Tiwei Bie]

When multi queue is enabled e.g. for a virtio-net device,
each queue pair will have a vhost_dev, and the only thing
shared between vhost devs currently is the chardev. This
patch introduces a vhost-user state structure which will
be shared by all vhost devs of the same virtio device.

Signed-off-by: Tiwei Bie 
Signed-off-by: Michael S. Tsirkin 
---
 backends/cryptodev-vhost-user.c | 20 +-
 hw/block/vhost-user-blk.c   | 22 ++-
 hw/scsi/vhost-user-scsi.c   | 20 +-
 hw/virtio/Makefile.objs |  2 +-
 hw/virtio/vhost-stub.c  | 10 +
 hw/virtio/vhost-user.c  | 31 +++-
 include/hw/virtio/vhost-user-blk.h  |  2 +
 include/hw/virtio/vhost-user-scsi.h |  2 +
 include/hw/virtio/vhost-user.h  | 20 ++
 net/vhost-user.c| 57 +
 10 files changed, 158 insertions(+), 28 deletions(-)
 create mode 100644 include/hw/virtio/vhost-user.h

diff --git a/backends/cryptodev-vhost-user.c b/backends/cryptodev-vhost-user.c
index 862d4f2580..d52daccfcd 100644
--- a/backends/cryptodev-vhost-user.c
+++ b/backends/cryptodev-vhost-user.c
@@ -26,6 +26,7 @@
 #include "qapi/error.h"
 #include "qapi/qmp/qerror.h"
 #include "qemu/error-report.h"
+#include "hw/virtio/vhost-user.h"
 #include "standard-headers/linux/virtio_crypto.h"
 #include "sysemu/cryptodev-vhost.h"
 #include "chardev/char-fe.h"
@@ -46,6 +47,7 @@
 typedef struct CryptoDevBackendVhostUser {
 CryptoDevBackend parent_obj;
 
+VhostUserState *vhost_user;
 CharBackend chr;
 char *chr_name;
 bool opened;
@@ -102,7 +104,7 @@ cryptodev_vhost_user_start(int queues,
 continue;
 }
 
-options.opaque = &s->chr;
+options.opaque = s->vhost_user;
 options.backend_type = VHOST_BACKEND_TYPE_USER;
 options.cc = b->conf.peers.ccs[i];
 s->vhost_crypto[i] = cryptodev_vhost_init(&options);
@@ -185,6 +187,7 @@ static void cryptodev_vhost_user_init(
 size_t i;
 Error *local_err = NULL;
 Chardev *chr;
+VhostUserState *user;
 CryptoDevBackendClient *cc;
 CryptoDevBackendVhostUser *s =
   CRYPTODEV_BACKEND_VHOST_USER(backend);
@@ -215,6 +218,15 @@ static void cryptodev_vhost_user_init(
 }
 }
 
+user = vhost_user_init();
+if (!user) {
+error_setg(errp, "Failed to init vhost_user");
+return;
+}
+
+user->chr = &s->chr;
+s->vhost_user = user;
+
 qemu_chr_fe_set_handlers(&s->chr, NULL, NULL,
  cryptodev_vhost_user_event, NULL, s, NULL, true);
 
@@ -299,6 +311,12 @@ static void cryptodev_vhost_user_cleanup(
 backend->conf.peers.ccs[i] = NULL;
 }
 }
+
+if (s->vhost_user) {
+vhost_user_cleanup(s->vhost_user);
+g_free(s->vhost_user);
+s->vhost_user = NULL;
+}
 }
 
 static void cryptodev_vhost_user_set_chardev(Object *obj,
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 975eae6211..7c3fa8bb1c 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -226,6 +226,7 @@ static void vhost_user_blk_device_realize(DeviceState *dev, 
Error **errp)
 {
 VirtIODevice *vdev = VIRTIO_DEVICE(dev);
 VHostUserBlk *s = VHOST_USER_BLK(vdev);
+VhostUserState *user;
 int i, ret;
 
 if (!s->chardev.chr) {
@@ -243,6 +244,15 @@ static void vhost_user_blk_device_realize(DeviceState 
*dev, Error **errp)
 return;
 }
 
+user = vhost_user_init();
+if (!user) {
+error_setg(errp, "vhost-user-blk: failed to init vhost_user");
+return;
+}
+
+user->chr = &s->chardev;
+s->vhost_user = user;
+
 virtio_init(vdev, "virtio-blk", VIRTIO_ID_BLOCK,
 sizeof(struct virtio_blk_config));
 
@@ -258,7 +268,7 @@ static void vhost_user_blk_device_realize(DeviceState *dev, 
Error **errp)
 
 vhost_dev_set_config_notifier(&s->dev, &blk_ops);
 
-ret = vhost_dev_init(&s->dev, &s->chardev, VHOST_BACKEND_TYPE_USER, 0);
+ret = vhost_dev_init(&s->dev, s->vhost_user, VHOST_BACKEND_TYPE_USER, 0);
 if (ret < 0) {
 error_setg(errp, "vhost-user-blk: vhost initialization failed: %s",
strerror(-ret));
@@ -283,6 +293,10 @@ vhost_err:
 virtio_err:
 g_free(s->dev.vqs);
 virtio_cleanup(vdev);
+
+vhost_user_cleanup(user);
+g_free(user);
+s->vhost_user = NULL;
 }
 
 static void vhost_user_blk_device_unrealize(DeviceState *dev, Error **errp)
@@ -294,6 +308,12 @@ static void vhost_user_blk_device_unrealize(DeviceState 
*dev, Error **errp)
 vhost_dev_cleanup(&s->dev);
 g_free(s->dev.vqs);
 virtio_cleanup(vdev);
+
+if (s->vhost_user) {
+vhost_user_cleanup(s->vhost_user);
+g_free(s->vhost_user);
+s->vhost_user = NULL;
+}
 }
 
 static void vhost_user_blk_instance_init(Object *obj)
diff --git a/hw/scsi/vhost-user-scsi.c b/hw/scsi/vhost-user-scsi.c
index 9389ed48e

[Qemu-devel] [PATCH v2 3/5] vhost-user: support registering external host notifiers

[Tiwei Bie]

This patch introduces VHOST_USER_PROTOCOL_F_HOST_NOTIFIER.
With this feature negotiated, vhost-user backend can register
memory region based host notifiers. And it will allow the guest
driver in the VM to notify the hardware accelerator at the
vhost-user backend directly.

Signed-off-by: Tiwei Bie 
---
 docs/interop/vhost-user.txt|  33 +
 hw/virtio/vhost-user.c | 123 +
 include/hw/virtio/vhost-user.h |   8 +++
 3 files changed, 164 insertions(+)

diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
index 534caab18a..9e57b36b20 100644
--- a/docs/interop/vhost-user.txt
+++ b/docs/interop/vhost-user.txt
@@ -132,6 +132,16 @@ Depending on the request type, payload can be:
Payload: Size bytes array holding the contents of the virtio
device's configuration space
 
+ * Vring area description
+   ---
+   | u64 | size | offset |
+   ---
+
+   u64: a 64-bit integer contains vring index and flags
+   Size: a 64-bit size of this area
+   Offset: a 64-bit offset of this area from the start of the
+   supplied file descriptor
+
 In QEMU the vhost-user message is implemented with the following struct:
 
 typedef struct VhostUserMsg {
@@ -146,6 +156,7 @@ typedef struct VhostUserMsg {
 VhostUserLog log;
 struct vhost_iotlb_msg iotlb;
 VhostUserConfig config;
+VhostUserVringArea area;
 };
 } QEMU_PACKED VhostUserMsg;
 
@@ -380,6 +391,7 @@ Protocol features
 #define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7
 #define VHOST_USER_PROTOCOL_F_PAGEFAULT  8
 #define VHOST_USER_PROTOCOL_F_CONFIG 9
+#define VHOST_USER_PROTOCOL_F_HOST_NOTIFIER  10
 
 Master message types
 
@@ -777,6 +789,27 @@ Slave message types
  the VHOST_USER_NEED_REPLY flag, master must respond with zero when
  operation is successfully completed, or non-zero otherwise.
 
+ * VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG
+
+  Id: 3
+  Equivalent ioctl: N/A
+  Slave payload: vring area description
+  Master payload: N/A
+
+  Sets host notifier for a specified queue. The queue index is contained
+  in the u64 field of the vring area description. The host notifier is
+  described by the file descriptor (typically it's a VFIO device fd) which
+  is passed as ancillary data and the size (which is mmap size and should
+  be the same as host page size) and offset (which is mmap offset) carried
+  in the vring area description. QEMU can mmap the file descriptor based
+  on the size and offset to get a memory range. Registering a host notifier
+  means mapping this memory range to the VM as the specified queue's notify
+  MMIO region. Slave sends this request to tell QEMU to de-register the
+  existing notifier if any and register the new notifier if the request is
+  sent with a file descriptor.
+  This request should be sent only when VHOST_USER_PROTOCOL_F_HOST_NOTIFIER
+  protocol feature has been successfully negotiated.
+
 VHOST_USER_PROTOCOL_F_REPLY_ACK:
 ---
 The original vhost-user specification only demands replies for certain
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 5f72ed68da..259a841af9 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -13,6 +13,7 @@
 #include "hw/virtio/vhost.h"
 #include "hw/virtio/vhost-user.h"
 #include "hw/virtio/vhost-backend.h"
+#include "hw/virtio/virtio.h"
 #include "hw/virtio/virtio-net.h"
 #include "chardev/char-fe.h"
 #include "sysemu/kvm.h"
@@ -48,6 +49,7 @@ enum VhostUserProtocolFeature {
 VHOST_USER_PROTOCOL_F_CRYPTO_SESSION = 7,
 VHOST_USER_PROTOCOL_F_PAGEFAULT = 8,
 VHOST_USER_PROTOCOL_F_CONFIG = 9,
+VHOST_USER_PROTOCOL_F_HOST_NOTIFIER = 10,
 VHOST_USER_PROTOCOL_F_MAX
 };
 
@@ -92,6 +94,7 @@ typedef enum VhostUserSlaveRequest {
 VHOST_USER_SLAVE_NONE = 0,
 VHOST_USER_SLAVE_IOTLB_MSG = 1,
 VHOST_USER_SLAVE_CONFIG_CHANGE_MSG = 2,
+VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG = 3,
 VHOST_USER_SLAVE_MAX
 }  VhostUserSlaveRequest;
 
@@ -136,6 +139,12 @@ static VhostUserConfig c __attribute__ ((unused));
+ sizeof(c.size) \
+ sizeof(c.flags))
 
+typedef struct VhostUserVringArea {
+uint64_t u64;
+uint64_t size;
+uint64_t offset;
+} VhostUserVringArea;
+
 typedef struct {
 VhostUserRequest request;
 
@@ -157,6 +166,7 @@ typedef union {
 struct vhost_iotlb_msg iotlb;
 VhostUserConfig config;
 VhostUserCryptoSession session;
+VhostUserVringArea area;
 } VhostUserPayload;
 
 typedef struct VhostUserMsg {
@@ -638,9 +648,37 @@ static int vhost_user_set_vring_num(struct vhost_dev *dev,
 return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);
 }
 
+static void vhost_user_host_notifier_restore(struct vhost_dev *dev,
+ 

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Peter Maydell]

On 23 May 2018 at 15:43, Michael S. Tsirkin  wrote:
> Switch to the header we imported from Linux,
> this allows us to drop a hack in kvm_i386.h.
> More code will be dropped in the next patch.
>
> Signed-off-by: Michael S. Tsirkin 

> --- a/target/i386/cpu.h
> +++ b/target/i386/cpu.h
> @@ -688,8 +688,6 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
>  #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
>  #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store Bypass 
> Disable */
>
> -#define KVM_HINTS_DEDICATED (1U << 0)
> -
>  #define CPUID_8000_0008_EBX_IBPB(1U << 12) /* Indirect Branch Prediction 
> Barrier */
>
>  #define CPUID_XSAVE_XSAVEOPT   (1U << 0)

Hi -- this seems like it will break compilation when we next
update our copy of the Linux kernel headers, because (as of
4.17-rc6, at least), asm-x86/kvm_para.h doesn't define
KVM_HINTS_DEDICATED. Here's the diff I get as part of
my attempt to run update-linux-headers:

--- a/include/standard-headers/asm-x86/kvm_para.h
+++ b/include/standard-headers/asm-x86/kvm_para.h
@@ -29,7 +29,7 @@
 #define KVM_FEATURE_PV_TLB_FLUSH   9
 #define KVM_FEATURE_ASYNC_PF_VMEXIT10

-#define KVM_HINTS_DEDICATED  0
+#define KVM_HINTS_REALTIME  0

 /* The last 8 bits are used to indicate how to interpret the flags field
  * in pvclock structure. If no bits are set, all flags are ignored.

I'm not sure what's going on here -- commit 633711e8287 in
the kernel just renames the constant, but doesn't that
break userspace API ?

thanks
-- PMM

[Qemu-devel] [PATCH v2 1/5] vhost: allow backends to filter memory sections

[Tiwei Bie]

This patch introduces a vhost op for vhost backends to allow
them to filter the memory sections that they can handle.

Signed-off-by: Tiwei Bie 
---
 hw/virtio/vhost-user.c| 11 +++
 hw/virtio/vhost.c |  9 +++--
 include/hw/virtio/vhost-backend.h |  4 
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index ca554d4ff1..da0756effe 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -1620,6 +1620,16 @@ vhost_user_crypto_close_session(struct vhost_dev *dev, 
uint64_t session_id)
 return 0;
 }
 
+static bool vhost_user_mem_section_filter(struct vhost_dev *dev,
+  MemoryRegionSection *section)
+{
+bool result;
+
+result = memory_region_get_fd(section->mr) >= 0;
+
+return result;
+}
+
 const VhostOps user_ops = {
 .backend_type = VHOST_BACKEND_TYPE_USER,
 .vhost_backend_init = vhost_user_init,
@@ -1650,4 +1660,5 @@ const VhostOps user_ops = {
 .vhost_set_config = vhost_user_set_config,
 .vhost_crypto_create_session = vhost_user_crypto_create_session,
 .vhost_crypto_close_session = vhost_user_crypto_close_session,
+.vhost_backend_mem_section_filter = vhost_user_mem_section_filter,
 };
diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c
index b08290036d..624ade9682 100644
--- a/hw/virtio/vhost.c
+++ b/hw/virtio/vhost.c
@@ -386,7 +386,7 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev,
 return r;
 }
 
-static bool vhost_section(MemoryRegionSection *section)
+static bool vhost_section(struct vhost_dev *dev, MemoryRegionSection *section)
 {
 bool result;
 bool log_dirty = memory_region_get_dirty_log_mask(section->mr) &
@@ -399,6 +399,11 @@ static bool vhost_section(MemoryRegionSection *section)
  */
 result &= !log_dirty;
 
+if (result && dev->vhost_ops->vhost_backend_mem_section_filter) {
+result &=
+dev->vhost_ops->vhost_backend_mem_section_filter(dev, section);
+}
+
 trace_vhost_section(section->mr->name, result);
 return result;
 }
@@ -632,7 +637,7 @@ static void vhost_region_addnop(MemoryListener *listener,
 struct vhost_dev *dev = container_of(listener, struct vhost_dev,
  memory_listener);
 
-if (!vhost_section(section)) {
+if (!vhost_section(dev, section)) {
 return;
 }
 vhost_region_add_section(dev, section);
diff --git a/include/hw/virtio/vhost-backend.h 
b/include/hw/virtio/vhost-backend.h
index 5dac61f9ea..81283ec50f 100644
--- a/include/hw/virtio/vhost-backend.h
+++ b/include/hw/virtio/vhost-backend.h
@@ -101,6 +101,9 @@ typedef int (*vhost_crypto_create_session_op)(struct 
vhost_dev *dev,
 typedef int (*vhost_crypto_close_session_op)(struct vhost_dev *dev,
  uint64_t session_id);
 
+typedef bool (*vhost_backend_mem_section_filter_op)(struct vhost_dev *dev,
+MemoryRegionSection *section);
+
 typedef struct VhostOps {
 VhostBackendType backend_type;
 vhost_backend_init vhost_backend_init;
@@ -138,6 +141,7 @@ typedef struct VhostOps {
 vhost_set_config_op vhost_set_config;
 vhost_crypto_create_session_op vhost_crypto_create_session;
 vhost_crypto_close_session_op vhost_crypto_close_session;
+vhost_backend_mem_section_filter_op vhost_backend_mem_section_filter;
 } VhostOps;
 
 extern const VhostOps user_ops;
-- 
2.17.0

[Qemu-devel] [PATCH] scripts/update-linux-headers: Handle __aligned_u64

[Peter Maydell]

We'll currently replace any 'u64' with a 'uint64_t' including when
it's embedded in an '__aligned_u64', creating a '__aligned_uint64_t'
which doesn't exist. We need to instead expand out the kernel's
definition of __aligned_u64:
   #define __aligned_u64 __u64 __attribute__((aligned(8)))
before we convert the __u64 to uint64_t.

Signed-off-by: Peter Maydell 
---
Alex's "scripts/update-linux-headers: Update handling of __aligned_u64"
patch also addresses this problem, but I think we need to take this
approach, because the resulting header is supposed to be host-OS-portable.

 scripts/update-linux-headers.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 947dec2852..1fe54f8ab1 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update-linux-headers.sh
@@ -51,7 +51,8 @@ cp_portable() {
 fi
 
 header=$(basename "$f");
-sed -e 's/__u\([0-9][0-9]*\)/uint\1_t/g' \
+sed -e 's/__aligned_u64/__u64 __attribute__((aligned(8)))/g' \
+-e 's/__u\([0-9][0-9]*\)/uint\1_t/g' \
 -e 's/u\([0-9][0-9]*\)/uint\1_t/g' \
 -e 's/__s\([0-9][0-9]*\)/int\1_t/g' \
 -e 's/__le\([0-9][0-9]*\)/uint\1_t/g' \
-- 
2.17.0

Re: [Qemu-devel] [PATCH] usb: update docs

[Markus Armbruster]

Gerd Hoffmann  writes:

> xhci is rock solid meanwhile.  So move it up in the docs and feature it
> as prefered usb host adapter, instead of the old shy version saying "you
> might want try ...".
>
> Also a minor text update for the companion controller setup.
>
> Signed-off-by: Gerd Hoffmann 
> ---
>  docs/usb2.txt | 44 +---
>  1 file changed, 25 insertions(+), 19 deletions(-)
>
> diff --git a/docs/usb2.txt b/docs/usb2.txt
> index 09df45b5b1..1b0e62d187 100644
> --- a/docs/usb2.txt
> +++ b/docs/usb2.txt
> @@ -1,6 +1,26 @@
>  
> -USB 2.0 Quick Start
> -===
> +USB Quick Start

Would you like to renamed the file from usb2.txt to usb.txt, too?

> +===
> +
> +xhci controller support
> +---
> +
> +Qemu has xhci host adapter support.  The xhci hardware design is much
> +more virtualization-friendly when compared to ehci and uhci, thus xhci
> +emulation uses less resources (especially cpu).  So if your guest
> +supports xhci (which should be the case for any operating system
> +released in recent years) I recommend using it:

I'm afraid "recent years" won't age gracefully.  Perhaps "after 2011 or
so"?

> +
> +qemu -device qemu-xhci
> +
> +xhci supports USB 1.1, USB 2.0 and USB 3.0 devices, so this is the
> +only controller you need.  With only a single usb controller (and
> +therefore only a single usb bus) being present in the system there is
> +no need to use the bus= parameter when adding usb devices.
> +
> +
> +ehci controller support
> +---
>  
>  The QEMU EHCI Adapter can be used with and without companion
>  controllers.  See below for the companion controller mode.



> @@ -47,29 +67,15 @@ specifies the first port the controller should attach to, 
> which is
   Companion controller support
   

   Companion controller support has been added recently.  The operational

For a value of "recently" :)  Rephrase the first sentence?

   model described above with two completely separate busses still works
   fine.  Additionally the UHCI and OHCI controllers got the ability to
   attach to a usb bus created by EHCI as companion controllers.  This is
   done by specifying the masterbus and firstport properties.  masterbus
   specifies the bus name the controller should attach to.  firstport
   specifies the first port the controller should attach to, which is
>  needed as usually one ehci controller with six ports has three uhci
>  companion controllers with two ports each.
>  
> -There is a config file in docs which will do all this for you, just
> -try ...
> +Result is a single usb bus which supports both USB 1.1 and USB 2.0
> +devices.  There is a config file in docs which will do all this for
> +you, just try ...
>  
>  qemu -readconfig docs/config/ich9-ehci-uhci.cfg
>  
>  ... then use "bus=ehci.0" to assign your usb devices to that bus.
>  
>  
> -xhci controller support
> 
> -
> -There is also xhci host controller support available.  It got a lot
> -less testing than ehci and there are a bunch of known limitations, so
> -ehci may work better for you.  On the other hand the xhci hardware
> -design is much more virtualization-friendly, thus xhci emulation uses
> -less resources (especially cpu).  If you want to give xhci a try
> -use this to add the host controller ...
> -
> -qemu -device nec-usb-xhci,id=xhci
> -
> -... then use "bus=xhci.0" when assigning usb devices.
> -
> -
>  More USB tips & tricks
>  ==

Even without additional improvements:
Reviewed-by: Markus Armbruster 

Re: [Qemu-devel] [PATCH v4 2/3] libqtest: fail if child coredumps

[Thomas Huth]

On 25.05.2018 08:10, Thomas Huth wrote:
> On 24.05.2018 20:25, Michael S. Tsirkin wrote:
>> Right now tests report OK status if QEMU crashes during cleanup.
>> Let's catch that case and fail the test.
>>
>> Signed-off-by: Michael S. Tsirkin 
>> ---
>>  tests/libqtest.c | 9 -
>>  1 file changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/tests/libqtest.c b/tests/libqtest.c
>> index 43fb97e..f869854 100644
>> --- a/tests/libqtest.c
>> +++ b/tests/libqtest.c
>> @@ -103,8 +103,15 @@ static int socket_accept(int sock)
>>  static void kill_qemu(QTestState *s)
>>  {
>>  if (s->qemu_pid != -1) {
>> +int wstatus = 0;
>> +pid_t pid;
>> +
>>  kill(s->qemu_pid, SIGTERM);
>> -waitpid(s->qemu_pid, NULL, 0);
>> +pid = waitpid(s->qemu_pid, &wstatus, 0);
>> +
>> +if (pid == s->qemu_pid && WIFSIGNALED(wstatus)) {
>> +assert(!WCOREDUMP(wstatus));
> 
> Another ugliness that I just discovered: kill_qemu is also called from
> the SIGABRT handler. So if a qtest assert() triggers an abort(), the
> abort handler runs kill_qemu which now could trigger another assert()
> and thus abort(). It's likely not a real problem since the abort handler
> has been installed with SA_RESETHAND, but it's still quite confusing code.
> 
> Please let's clean up this ugliness properly: I think kill_qemu should
> *only* be used by the abort handler, and then kill QEMU with SIGKILL for
> good, to make sure that there are no stuck QEMU processes hanging around
> anymore.
> 
> qtest_quit() should simply try to quit QEMU via QMP instead, and then
> check for WIFEXITED(wstatus) && !WEXITSTATUS(wstatus) instead of using
> the kill_qemu() function.

I just did some experiments with that, and using QMP 'quit' to exit QEMU
is also not working very reliable - some tests apparently mess up QMP
quite badly, so the 'quit' does not work during qtest_quit anymore.
Looks like we have to continue to send SIGTERM during qtest_quit(). But
I still think we should separate the logic from the abort handler (which
should use SIGKILL in case SIGTERM does not work as expected).

 Thomas

[Qemu-devel] [PATCH v4 2/2] arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR

[Shannon Zhao]

While we skip the GIC_INTERNAL irqs, we don't change the register offset
accordingly. This will overlap the GICR registers value and leave the
last GIC_INTERNAL irq's registers out of update.

Fix this by skipping the registers banked by GICR.

Also for migration compatibility if the migration source (old version
qemu) doesn't send gicd_no_migration_shift_bug = 1 to destination, then
we shift the data of PPI to get the right data for SPI.

Fixes: 367b9f527becdd20ddf116e17a3c0c2bbc486920
Cc: qemu-sta...@nongnu.org
Signed-off-by: Shannon Zhao 
---
 hw/intc/arm_gicv3_common.c | 66 ++
 hw/intc/arm_gicv3_kvm.c| 30 +
 include/hw/intc/arm_gicv3_common.h |  1 +
 3 files changed, 97 insertions(+)

diff --git a/hw/intc/arm_gicv3_common.c b/hw/intc/arm_gicv3_common.c
index 7b54d52..f72a6f7 100644
--- a/hw/intc/arm_gicv3_common.c
+++ b/hw/intc/arm_gicv3_common.c
@@ -27,6 +27,7 @@
 #include "hw/intc/arm_gicv3_common.h"
 #include "gicv3_internal.h"
 #include "hw/arm/linux-boot-if.h"
+#include "sysemu/kvm.h"
 
 static int gicv3_pre_save(void *opaque)
 {
@@ -141,6 +142,66 @@ static const VMStateDescription vmstate_gicv3_cpu = {
 }
 };
 
+static int gicv3_gicd_no_migration_shift_bug_pre_load(void *opaque)
+{
+GICv3State *cs = opaque;
+
+   /*
+* The gicd_no_migration_shift_bug flag is used for migration compatibilty
+* for old version QEMU which may have the GICD bmp shift bug under KVM 
mode.
+*/
+if (kvm_enabled()) {
+cs->gicd_no_migration_shift_bug = false;
+}
+
+return 0;
+}
+
+static int gicv3_gicd_no_migration_shift_bug_post_load(void *opaque,
+   int version_id)
+{
+GICv3State *cs = opaque;
+
+if (gicd_no_migration_shift_bug) {
+return 0;
+}
+
+memcpy(cs->group, (uint8_t *)cs->group + GIC_INTERNAL / 8,
+   sizeof(cs->group) - GIC_INTERNAL / 8);
+memcpy(cs->grpmod, (uint8_t *)cs->grpmod + GIC_INTERNAL / 8,
+   sizeof(cs->grpmod) - GIC_INTERNAL / 8);
+memcpy(cs->enabled, (uint8_t *)cs->enabled + GIC_INTERNAL / 8,
+   sizeof(cs->enabled) - GIC_INTERNAL / 8);
+memcpy(cs->pending, (uint8_t *)cs->pending + GIC_INTERNAL / 8,
+   sizeof(cs->pending) - GIC_INTERNAL / 8);
+memcpy(cs->active, (uint8_t *)cs->active + GIC_INTERNAL / 8,
+   sizeof(cs->active) - GIC_INTERNAL / 8);
+memcpy(cs->edge_trigger, (uint8_t *)cs->edge_trigger + GIC_INTERNAL / 8,
+   sizeof(cs->edge_trigger) - GIC_INTERNAL / 8);
+
+return 0;
+}
+
+static bool gicv3_gicd_no_migration_shift_bug_needed(void *opaque)
+{
+GICv3State *cs = opaque;
+
+return cs->gicd_no_migration_shift_bug;
+}
+
+const VMStateDescription vmstate_gicv3_gicd_no_migration_shift_bug = {
+.name = "arm_gicv3/gicd_no_migration_shift_bug",
+.version_id = 1,
+.minimum_version_id = 1,
+.pre_load = gicv3_gicd_no_migration_shift_bug_pre_load,
+.post_load = gicv3_gicd_no_migration_shift_bug_post_load,
+.needed = gicv3_gicd_no_migration_shift_bug_needed,
+.fields = (VMStateField[]) {
+VMSTATE_BOOL(gicd_no_migration_shift_bug, GICv3State),
+VMSTATE_END_OF_LIST()
+}
+};
+
 static const VMStateDescription vmstate_gicv3 = {
 .name = "arm_gicv3",
 .version_id = 1,
@@ -165,6 +226,10 @@ static const VMStateDescription vmstate_gicv3 = {
 VMSTATE_STRUCT_VARRAY_POINTER_UINT32(cpu, GICv3State, num_cpu,
  vmstate_gicv3_cpu, GICv3CPUState),
 VMSTATE_END_OF_LIST()
+},
+.subsections = (const VMStateDescription * []) {
+&vmstate_gicv3_gicd_no_migration_shift_bug,
+NULL
 }
 };
 
@@ -364,6 +429,7 @@ static void arm_gicv3_common_reset(DeviceState *dev)
 gicv3_gicd_group_set(s, i);
 }
 }
+s->gicd_no_migration_shift_bug = true;
 }
 
 static void arm_gic_common_linux_init(ARMLinuxBootIf *obj,
diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index 147e691..1068444 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -178,6 +178,12 @@ static void kvm_dist_get_edge_trigger(GICv3State *s, 
uint32_t offset,
 uint32_t reg;
 int irq;
 
+/* For the KVM GICv3, affinity routing is always enabled, and the first 2
+ * GICD_ICFGR registers are always RAZ/WI. The corresponding
+ * functionality is replaced by GICR_ICFGR. It doesn't need to sync
+ * them. So it should increase the offset to skip GIC_INTERNAL irqs.
+ */
+offset += (GIC_INTERNAL * 2) / 8;
 for_each_dist_irq_reg(irq, s->num_irq, 2) {
 kvm_gicd_access(s, offset, ®, false);
 reg = half_unshuffle32(reg >> 1);
@@ -195,6 +201,12 @@ static void kvm_dist_put_edge_trigger(GICv3State *s, 
uint32_t offset,
 uint32_t reg;
 int irq;
 
+/* For the KVM GICv3, affinity routing is always enabled, and the first 2
+ * GICD_ICFGR registers are always RAZ/WI

[Qemu-devel] [PATCH v4 1/2] arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked by GICR_IPRIORITYR

[Shannon Zhao]

While for_each_dist_irq_reg loop starts from GIC_INTERNAL, it forgot to
offset the date array and index. This will overlap the GICR registers
value and leave the last GIC_INTERNAL irq's registers out of update.

Fixes: 367b9f527becdd20ddf116e17a3c0c2bbc486920
Cc: qemu-sta...@nongnu.org
Signed-off-by: Shannon Zhao 
---
 hw/intc/arm_gicv3_kvm.c | 18 --
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c
index 3536795..147e691 100644
--- a/hw/intc/arm_gicv3_kvm.c
+++ b/hw/intc/arm_gicv3_kvm.c
@@ -135,7 +135,14 @@ static void kvm_dist_get_priority(GICv3State *s, uint32_t 
offset, uint8_t *bmp)
 uint32_t reg, *field;
 int irq;
 
-field = (uint32_t *)bmp;
+/* For the KVM GICv3, affinity routing is always enabled, and the first 8
+ * GICD_IPRIORITYR registers are always RAZ/WI. The corresponding
+ * functionality is replaced by GICR_IPRIORITYR. It doesn't need to
+ * sync them. So it needs to skip the field of GIC_INTERNAL irqs in bmp and
+ * offset.
+ */
+field = (uint32_t *)(bmp + GIC_INTERNAL);
+offset += (GIC_INTERNAL * 8) / 8;
 for_each_dist_irq_reg(irq, s->num_irq, 8) {
 kvm_gicd_access(s, offset, ®, false);
 *field = reg;
@@ -149,7 +156,14 @@ static void kvm_dist_put_priority(GICv3State *s, uint32_t 
offset, uint8_t *bmp)
 uint32_t reg, *field;
 int irq;
 
-field = (uint32_t *)bmp;
+/* For the KVM GICv3, affinity routing is always enabled, and the first 8
+ * GICD_IPRIORITYR registers are always RAZ/WI. The corresponding
+ * functionality is replaced by GICR_IPRIORITYR. It doesn't need to
+ * sync them. So it needs to skip the field of GIC_INTERNAL irqs in bmp and
+ * offset.
+ */
+field = (uint32_t *)(bmp + GIC_INTERNAL);
+offset += (GIC_INTERNAL * 8) / 8;
 for_each_dist_irq_reg(irq, s->num_irq, 8) {
 reg = *field;
 kvm_gicd_access(s, offset, ®, true);
-- 
2.0.4

[Qemu-devel] [PATCH v4 0/2] Fix ARM KVM GICv3 get/put data shift bug

[Shannon Zhao]

These two patches fix ARM KVM GICv3 get/put data shift bug and add
compatibility fro migration from old qemu to new one.

Major Changes in V4: 
* Fix the kvm_dist_get/put_priority in a separate patch since it doesn't
need migration compatibility.
* Fix the data within post-load function

Shannon Zhao (2):
  arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked by
GICR_IPRIORITYR
  arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR

 hw/intc/arm_gicv3_common.c | 66 ++
 hw/intc/arm_gicv3_kvm.c| 48 +--
 include/hw/intc/arm_gicv3_common.h |  1 +
 3 files changed, 113 insertions(+), 2 deletions(-)

-- 
2.0.4

Re: [Qemu-devel] [PATCH v2 3/5] vhost-user: support registering external host notifiers

[Jason Wang]

On 2018年05月25日 19:04, Tiwei Bie wrote:

This patch introduces VHOST_USER_PROTOCOL_F_HOST_NOTIFIER.
With this feature negotiated, vhost-user backend can register
memory region based host notifiers. And it will allow the guest
driver in the VM to notify the hardware accelerator at the
vhost-user backend directly.

Signed-off-by: Tiwei Bie 
---
  docs/interop/vhost-user.txt|  33 +
  hw/virtio/vhost-user.c | 123 +
  include/hw/virtio/vhost-user.h |   8 +++
  3 files changed, 164 insertions(+)

diff --git a/docs/interop/vhost-user.txt b/docs/interop/vhost-user.txt
index 534caab18a..9e57b36b20 100644
--- a/docs/interop/vhost-user.txt
+++ b/docs/interop/vhost-user.txt
@@ -132,6 +132,16 @@ Depending on the request type, payload can be:
 Payload: Size bytes array holding the contents of the virtio
 device's configuration space
  
+ * Vring area description

+   ---
+   | u64 | size | offset |
+   ---
+
+   u64: a 64-bit integer contains vring index and flags
+   Size: a 64-bit size of this area
+   Offset: a 64-bit offset of this area from the start of the
+   supplied file descriptor
+
  In QEMU the vhost-user message is implemented with the following struct:
  
  typedef struct VhostUserMsg {

@@ -146,6 +156,7 @@ typedef struct VhostUserMsg {
  VhostUserLog log;
  struct vhost_iotlb_msg iotlb;
  VhostUserConfig config;
+VhostUserVringArea area;
  };
  } QEMU_PACKED VhostUserMsg;
  
@@ -380,6 +391,7 @@ Protocol features

  #define VHOST_USER_PROTOCOL_F_CRYPTO_SESSION 7
  #define VHOST_USER_PROTOCOL_F_PAGEFAULT  8
  #define VHOST_USER_PROTOCOL_F_CONFIG 9
+#define VHOST_USER_PROTOCOL_F_HOST_NOTIFIER  10
  
  Master message types

  
@@ -777,6 +789,27 @@ Slave message types
   the VHOST_USER_NEED_REPLY flag, master must respond with zero when
   operation is successfully completed, or non-zero otherwise.
  
+ * VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG

+
+  Id: 3
+  Equivalent ioctl: N/A
+  Slave payload: vring area description
+  Master payload: N/A
+
+  Sets host notifier for a specified queue. The queue index is contained
+  in the u64 field of the vring area description. The host notifier is
+  described by the file descriptor (typically it's a VFIO device fd) which
+  is passed as ancillary data and the size (which is mmap size and should
+  be the same as host page size) and offset (which is mmap offset) carried
+  in the vring area description. QEMU can mmap the file descriptor based
+  on the size and offset to get a memory range. Registering a host notifier
+  means mapping this memory range to the VM as the specified queue's notify
+  MMIO region. Slave sends this request to tell QEMU to de-register the
+  existing notifier if any and register the new notifier if the request is
+  sent with a file descriptor.
+  This request should be sent only when VHOST_USER_PROTOCOL_F_HOST_NOTIFIER
+  protocol feature has been successfully negotiated.
+
  VHOST_USER_PROTOCOL_F_REPLY_ACK:
  ---
  The original vhost-user specification only demands replies for certain
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 5f72ed68da..259a841af9 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -13,6 +13,7 @@
  #include "hw/virtio/vhost.h"
  #include "hw/virtio/vhost-user.h"
  #include "hw/virtio/vhost-backend.h"
+#include "hw/virtio/virtio.h"
  #include "hw/virtio/virtio-net.h"
  #include "chardev/char-fe.h"
  #include "sysemu/kvm.h"
@@ -48,6 +49,7 @@ enum VhostUserProtocolFeature {
  VHOST_USER_PROTOCOL_F_CRYPTO_SESSION = 7,
  VHOST_USER_PROTOCOL_F_PAGEFAULT = 8,
  VHOST_USER_PROTOCOL_F_CONFIG = 9,
+VHOST_USER_PROTOCOL_F_HOST_NOTIFIER = 10,
  VHOST_USER_PROTOCOL_F_MAX
  };
  
@@ -92,6 +94,7 @@ typedef enum VhostUserSlaveRequest {

  VHOST_USER_SLAVE_NONE = 0,
  VHOST_USER_SLAVE_IOTLB_MSG = 1,
  VHOST_USER_SLAVE_CONFIG_CHANGE_MSG = 2,
+VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG = 3,
  VHOST_USER_SLAVE_MAX
  }  VhostUserSlaveRequest;
  
@@ -136,6 +139,12 @@ static VhostUserConfig c __attribute__ ((unused));

 + sizeof(c.size) \
 + sizeof(c.flags))
  
+typedef struct VhostUserVringArea {

+uint64_t u64;
+uint64_t size;
+uint64_t offset;
+} VhostUserVringArea;
+
  typedef struct {
  VhostUserRequest request;
  
@@ -157,6 +166,7 @@ typedef union {

  struct vhost_iotlb_msg iotlb;
  VhostUserConfig config;
  VhostUserCryptoSession session;
+VhostUserVringArea area;
  } VhostUserPayload;
  
  typedef struct VhostUserMsg {

@@ -638,9 +648,37 @@ static int vhost_user_set_vring_num(struct vhost_dev *dev,
  return vhost_set_vring(dev, VHOST_USER_SET_VRING_NUM, ring);

Re: [Qemu-devel] [PATCH v2 3/5] vhost-user: support registering external host notifiers

[Tiwei Bie]

On Fri, May 25, 2018 at 07:26:05PM +0800, Jason Wang wrote:
> On 2018年05月25日 19:04, Tiwei Bie wrote:
[...]
> > +static int vhost_user_slave_handle_vring_host_notifier(struct vhost_dev 
> > *dev,
> > +   VhostUserVringArea 
> > *area,
> > +   int fd)
> > +{
> > +int queue_idx = area->u64 & VHOST_USER_VRING_IDX_MASK;
> > +size_t page_size = qemu_real_host_page_size;
> > +struct vhost_user *u = dev->opaque;
> > +VhostUserState *user = u->user;
> > +VirtIODevice *vdev = dev->vdev;
> > +VhostUserHostNotifier *n;
> > +int ret = 0;
> > +void *addr;
> > +char *name;
> > +
> > +if (!virtio_has_feature(dev->protocol_features,
> > +VHOST_USER_PROTOCOL_F_HOST_NOTIFIER) ||
> > +vdev == NULL || queue_idx >= virtio_get_num_queues(vdev)) {
> > +ret = -1;
> > +goto out;
> > +}
> > +
> > +n = &user->notifier[queue_idx];
> > +
> > +if (n->addr) {
> > +virtio_queue_set_host_notifier_mr(vdev, queue_idx, &n->mr, false);
> > +object_unparent(OBJECT(&n->mr));
> > +munmap(n->addr, page_size);
> > +n->addr = NULL;
> > +}
> > +
> > +if (area->u64 & VHOST_USER_VRING_NOFD_MASK) {
> > +goto out;
> > +}
> > +
> > +/* Sanity check. */
> > +if (area->size != page_size) {
> > +ret = -1;
> > +goto out;
> > +}
> > +
> > +addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_SHARED,
> 
> It looks to me that PROT_WRITE is sufficient here?
> 
> Thanks
> 

I think it's safer to add PROT_READ. And there's
no harm to do that.

Best regards,
Tiwei Bie

[Qemu-devel] [PATCH v1 1/7] s390x/tod: factor out TOD into separate device

[David Hildenbrand]

Let's treat this like a separate device. TCG will have to store the
actual state/time later on.

Include cpu-qom.h in kvm_s390x.h (due to S390CPU) to compile tod-kvm.c.

Signed-off-by: David Hildenbrand 
---
 hw/s390x/Makefile.objs |   3 +
 hw/s390x/s390-virtio-ccw.c |  57 +-
 hw/s390x/tod-kvm.c |  64 
 hw/s390x/tod-qemu.c|  47 +++
 hw/s390x/tod.c | 120 +
 include/hw/s390x/tod.h |  46 ++
 target/s390x/cpu.c |  32 --
 target/s390x/cpu.h |   2 -
 target/s390x/kvm_s390x.h   |   2 +
 9 files changed, 285 insertions(+), 88 deletions(-)
 create mode 100644 hw/s390x/tod-kvm.c
 create mode 100644 hw/s390x/tod-qemu.c
 create mode 100644 hw/s390x/tod.c
 create mode 100644 include/hw/s390x/tod.h

diff --git a/hw/s390x/Makefile.objs b/hw/s390x/Makefile.objs
index dc704b57d6..93282f7c59 100644
--- a/hw/s390x/Makefile.objs
+++ b/hw/s390x/Makefile.objs
@@ -14,6 +14,9 @@ obj-$(CONFIG_PCI) += s390-pci-bus.o s390-pci-inst.o
 obj-$(call lnot,$(CONFIG_PCI)) += s390-pci-stub.o
 obj-y += s390-skeys.o
 obj-y += s390-stattrib.o
+obj-y += tod.o
+obj-$(CONFIG_KVM) += tod-kvm.o
+obj-$(CONFIG_TCG) += tod-qemu.o
 obj-$(CONFIG_KVM) += s390-skeys-kvm.o
 obj-$(CONFIG_KVM) += s390-stattrib-kvm.o
 obj-y += s390-ccw.o
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index e548d341a0..390f021107 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -35,6 +35,7 @@
 #include "migration/register.h"
 #include "cpu_models.h"
 #include "hw/nmi.h"
+#include "hw/s390x/tod.h"
 
 S390CPU *s390_cpu_addr2state(uint16_t cpu_addr)
 {
@@ -187,58 +188,6 @@ static void s390_memory_init(ram_addr_t mem_size)
 s390_stattrib_init();
 }
 
-#define S390_TOD_CLOCK_VALUE_MISSING0x00
-#define S390_TOD_CLOCK_VALUE_PRESENT0x01
-
-static void gtod_save(QEMUFile *f, void *opaque)
-{
-uint64_t tod_low;
-uint8_t tod_high;
-int r;
-
-r = s390_get_clock(&tod_high, &tod_low);
-if (r) {
-warn_report("Unable to get guest clock for migration: %s",
-strerror(-r));
-error_printf("Guest clock will not be migrated "
- "which could cause the guest to hang.");
-qemu_put_byte(f, S390_TOD_CLOCK_VALUE_MISSING);
-return;
-}
-
-qemu_put_byte(f, S390_TOD_CLOCK_VALUE_PRESENT);
-qemu_put_byte(f, tod_high);
-qemu_put_be64(f, tod_low);
-}
-
-static int gtod_load(QEMUFile *f, void *opaque, int version_id)
-{
-uint64_t tod_low;
-uint8_t tod_high;
-int r;
-
-if (qemu_get_byte(f) == S390_TOD_CLOCK_VALUE_MISSING) {
-warn_report("Guest clock was not migrated. This could "
-"cause the guest to hang.");
-return 0;
-}
-
-tod_high = qemu_get_byte(f);
-tod_low = qemu_get_be64(f);
-
-r = s390_set_clock(&tod_high, &tod_low);
-if (r) {
-error_report("Unable to set KVM guest TOD clock: %s", strerror(-r));
-}
-
-return r;
-}
-
-static SaveVMHandlers savevm_gtod = {
-.save_state = gtod_save,
-.load_state = gtod_load,
-};
-
 static void s390_init_ipl_dev(const char *kernel_filename,
   const char *kernel_cmdline,
   const char *initrd_filename, const char 
*firmware,
@@ -363,8 +312,8 @@ static void ccw_init(MachineState *machine)
 s390_create_sclpconsole("sclplmconsole", serial_hd(1));
 }
 
-/* Register savevm handler for guest TOD clock */
-register_savevm_live(NULL, "todclock", 0, 1, &savevm_gtod, NULL);
+/* init the TOD clock */
+s390_init_tod();
 }
 
 static void s390_cpu_plug(HotplugHandler *hotplug_dev,
diff --git a/hw/s390x/tod-kvm.c b/hw/s390x/tod-kvm.c
new file mode 100644
index 00..3fe43fc114
--- /dev/null
+++ b/hw/s390x/tod-kvm.c
@@ -0,0 +1,64 @@
+/*
+ * TOD (Time Of Day) clock - KVM implementation
+ *
+ * Copyright 2018 Red Hat, Inc.
+ * Author(s): David Hildenbrand 
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "hw/s390x/tod.h"
+#include "kvm_s390x.h"
+
+static void kvm_s390_tod_get(S390TODState *td, S390TOD *tod, Error **errp)
+{
+int r;
+
+r = kvm_s390_get_clock_ext(&tod->high, &tod->low);
+if (r == -ENXIO) {
+r = kvm_s390_get_clock(&tod->high, &tod->low);
+}
+if (r) {
+error_setg(errp, "Unable to get KVM guest TOD clock: %s",
+   strerror(-r));
+}
+}
+
+static void kvm_s390_tod_set(S390TODState *td, S390TOD *tod, Error **errp)
+{
+int r;
+
+r = kvm_s390_set_clock_ext(&tod->high, &tod->low);
+if (r == -ENXIO) {
+r = kvm_s390_set_clock(&tod->high, &tod->low);
+}
+if (r) {
+error_setg(errp, "Unable to set KVM guest TOD clock: %s",
+   strerror(

[Qemu-devel] [PATCH v1 0/7] s390x: TOD refactoring + TCG CPU hotplug support

[David Hildenbrand]

The TOD in TCG is not handled correctly:
- each CPU has its own TOD based on CPU creation time vs. a system TOD
- TOD is not migrated
- TOD timer is not restarted during migration
- CKC interrupts/TOD timer is not cleared when resetting the CKC

This (and a cpu creation problem for single threaded TCG) currently made
CPU hotplug under TCG not work. Now it's working :)

The fist patch also refactors TOD handling for KVM (moved into a new
TOD device).

The cpu timer is in a similar bad shape, but this will require more work :(

David Hildenbrand (7):
  s390x/tod: factor out TOD into separate device
  s390x/tcg: drop tod_basetime
  s390x/tcg: properly implement the TOD
  s390x/tcg: SET CLOCK COMPARATOR can clear CKC interrupts
  s390x/tcg: implement SET CLOCK
  s390x/tcg: rearm the CKC timer during migration
  s390x/tcg: fix CPU hotplug with single-threaded TCG

 hw/s390x/Makefile.objs |   3 +
 hw/s390x/s390-virtio-ccw.c |  57 +---
 hw/s390x/tod-kvm.c |  64 ++
 hw/s390x/tod-qemu.c|  84 
 hw/s390x/tod.c | 131 +
 include/hw/s390x/tod.h |  65 ++
 target/s390x/cpu.c |  52 ++-
 target/s390x/cpu.h |   9 +--
 target/s390x/helper.h  |   1 +
 target/s390x/insn-data.def |   3 +-
 target/s390x/internal.h|  15 -
 target/s390x/kvm_s390x.h   |   2 +
 target/s390x/machine.c |   7 ++
 target/s390x/misc_helper.c |  59 +++--
 target/s390x/translate.c   |   9 +++
 15 files changed, 434 insertions(+), 127 deletions(-)
 create mode 100644 hw/s390x/tod-kvm.c
 create mode 100644 hw/s390x/tod-qemu.c
 create mode 100644 hw/s390x/tod.c
 create mode 100644 include/hw/s390x/tod.h

-- 
2.17.0

[Qemu-devel] [PATCH v1 2/7] s390x/tcg: drop tod_basetime

[David Hildenbrand]

Never set to anything but 0.

Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.c | 1 -
 target/s390x/cpu.h | 1 -
 target/s390x/misc_helper.c | 4 ++--
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 167d089722..557074165a 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -290,7 +290,6 @@ static void s390_cpu_initfn(Object *obj)
 qemu_get_timedate(&tm, 0);
 env->tod_offset = TOD_UNIX_EPOCH +
   (time2tod(mktimegm(&tm)) * 10ULL);
-env->tod_basetime = 0;
 env->tod_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, s390x_tod_timer, cpu);
 env->cpu_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, s390x_cpu_timer, cpu);
 s390_cpu_set_state(S390_CPU_STATE_STOPPED, cpu);
diff --git a/target/s390x/cpu.h b/target/s390x/cpu.h
index ac51c17fb4..4abfe88a3d 100644
--- a/target/s390x/cpu.h
+++ b/target/s390x/cpu.h
@@ -131,7 +131,6 @@ struct CPUS390XState {
 #endif
 
 uint64_t tod_offset;
-uint64_t tod_basetime;
 QEMUTimer *tod_timer;
 
 QEMUTimer *cpu_timer;
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 1f834f35ef..044ffc64c4 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -142,7 +142,7 @@ uint64_t HELPER(stck)(CPUS390XState *env)
 uint64_t time;
 
 time = env->tod_offset +
-time2tod(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) - env->tod_basetime);
+time2tod(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
 
 return time;
 }
@@ -162,7 +162,7 @@ void HELPER(sckc)(CPUS390XState *env, uint64_t time)
 /* nanoseconds */
 time = tod2time(time);
 
-timer_mod(env->tod_timer, env->tod_basetime + time);
+timer_mod(env->tod_timer, time);
 }
 
 /* Set Tod Programmable Field */
-- 
2.17.0

[Qemu-devel] [PATCH v1 4/7] s390x/tcg: SET CLOCK COMPARATOR can clear CKC interrupts

[David Hildenbrand]

Let's stop the timer and delete any pending CKC IRQ before doing
anything else.

Signed-off-by: David Hildenbrand 
---
 target/s390x/misc_helper.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 418326e551..2ef9de1cca 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -158,6 +158,12 @@ void HELPER(sckc)(CPUS390XState *env, uint64_t time)
 Error *err = NULL;
 S390TOD tod_base;
 
+/* stop the timer and remove pending CKC IRQs */
+timer_del(env->tod_timer);
+qemu_mutex_lock_iothread();
+env->pending_int &= ~INTERRUPT_EXT_CLOCK_COMPARATOR;
+qemu_mutex_unlock_iothread();
+
 if (time == -1ULL) {
 return;
 }
-- 
2.17.0

[Qemu-devel] [PATCH v1 7/7] s390x/tcg: fix CPU hotplug with single-threaded TCG

[David Hildenbrand]

run_on_cpu() doesn't seem to work reliably until the CPU has been fully
created if the single-threaded TCG main loop is already running.

Therefore, let's use run_on_cpu() for KVM only - KVM requires it due to
the initial CPU reset ioctl.

Signed-off-by: David Hildenbrand 
---
 target/s390x/cpu.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index e4d7e82a23..5fceed7948 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -220,11 +220,12 @@ static void s390_cpu_realizefn(DeviceState *dev, Error 
**errp)
 #endif
 s390_cpu_gdb_init(cs);
 qemu_init_vcpu(cs);
-#if !defined(CONFIG_USER_ONLY)
-run_on_cpu(cs, s390_do_cpu_full_reset, RUN_ON_CPU_NULL);
-#else
-cpu_reset(cs);
-#endif
+
+if (kvm_enabled()) {
+run_on_cpu(cs, s390_do_cpu_full_reset, RUN_ON_CPU_NULL);
+} else {
+cpu_reset(cs);
+}
 
 scc->parent_realize(dev, &err);
 out:
-- 
2.17.0

[Qemu-devel] [PATCH v1 3/7] s390x/tcg: properly implement the TOD

[David Hildenbrand]

Right now, each CPU has its own TOD. Especially, the TOD will differ
based on creation time of a CPU - e.g. when hotplugging a CPU the times
will differ quite a lot, resulting in stall warnings in the guest.

Let's use a single TOD by implementing our new TOD device. Prepare it
for TOD-clock epoch extension.

Most importantly, whenever we set the TOD, we have to update the CKC
timer.

Signed-off-by: David Hildenbrand 
---
 hw/s390x/tod-qemu.c| 45 ++
 hw/s390x/tod.c | 11 ++
 include/hw/s390x/tod.h | 19 
 target/s390x/cpu.c |  8 +--
 target/s390x/cpu.h |  6 -
 target/s390x/internal.h| 15 -
 target/s390x/misc_helper.c | 32 ++-
 7 files changed, 103 insertions(+), 33 deletions(-)

diff --git a/hw/s390x/tod-qemu.c b/hw/s390x/tod-qemu.c
index 7997ba2b1a..41388f4c7d 100644
--- a/hw/s390x/tod-qemu.c
+++ b/hw/s390x/tod-qemu.c
@@ -11,17 +11,40 @@
 #include "qemu/osdep.h"
 #include "qapi/error.h"
 #include "hw/s390x/tod.h"
+#include "qemu/timer.h"
+#include "qemu/cutils.h"
+#include "cpu.h"
 
 static void qemu_s390_tod_get(S390TODState *td, S390TOD *tod, Error **errp)
 {
-/* FIXME */
-tod->high = 0;
-tod->low = 0;
+*tod = td->base;
+
+tod->low += time2tod(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
+if (tod->low < td->base.low) {
+tod->high++;
+}
 }
 
 static void qemu_s390_tod_set(S390TODState *td, S390TOD *tod, Error **errp)
 {
-/* FIXME */
+CPUState *cpu;
+
+td->base = *tod;
+
+td->base.low -= time2tod(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL));
+if (tod->low < td->base.low) {
+td->base.high--;
+}
+
+/*
+ * The TOD has been changed and we have to recalculate the CKC values
+ * for all CPUs. We do this asynchronously, as "SET CLOCK should be
+ * issued only while all other activity on all CPUs .. has been
+ * suspended".
+ */
+CPU_FOREACH(cpu) {
+async_run_on_cpu(cpu, tcg_s390_tod_updated, RUN_ON_CPU_NULL);
+}
 }
 
 static void qemu_s390_tod_class_init(ObjectClass *oc, void *data)
@@ -32,10 +55,24 @@ static void qemu_s390_tod_class_init(ObjectClass *oc, void 
*data)
 tdc->set = qemu_s390_tod_set;
 }
 
+static void qemu_s390_tod_init(Object *obj)
+{
+S390TODState *td = S390_TOD(obj);
+struct tm tm;
+
+qemu_get_timedate(&tm, 0);
+td->base.high = 0;
+td->base.low = TOD_UNIX_EPOCH + (time2tod(mktimegm(&tm)) * 10ULL);
+if (td->base.low < TOD_UNIX_EPOCH) {
+td->base.high += 1;
+}
+}
+
 static TypeInfo qemu_s390_tod_info = {
 .name = TYPE_QEMU_S390_TOD,
 .parent = TYPE_S390_TOD,
 .instance_size = sizeof(S390TODState),
+.instance_init = qemu_s390_tod_init,
 .class_init = qemu_s390_tod_class_init,
 .class_size = sizeof(S390TODClass),
 };
diff --git a/hw/s390x/tod.c b/hw/s390x/tod.c
index c1b3438452..7495d8c057 100644
--- a/hw/s390x/tod.c
+++ b/hw/s390x/tod.c
@@ -30,6 +30,17 @@ void s390_init_tod(void)
 qdev_init_nofail(DEVICE(obj));
 }
 
+S390TODState *s390_get_tod(void)
+{
+static S390TODState *ts;
+
+if (!ts) {
+ts = S390_TOD(object_resolve_path_type("", TYPE_S390_TOD, NULL));
+}
+
+return ts;
+}
+
 #define S390_TOD_CLOCK_VALUE_MISSING0x00
 #define S390_TOD_CLOCK_VALUE_PRESENT0x01
 
diff --git a/include/hw/s390x/tod.h b/include/hw/s390x/tod.h
index 43ed71600f..5491245b86 100644
--- a/include/hw/s390x/tod.h
+++ b/include/hw/s390x/tod.h
@@ -30,6 +30,9 @@ typedef struct S390TOD {
 typedef struct S390TODState {
 /* private */
 DeviceState parent_obj;
+
+/* unused by KVM implementation */
+S390TOD base;
 } S390TODState;
 
 typedef struct S390TODClass {
@@ -41,6 +44,22 @@ typedef struct S390TODClass {
 void (*set)(S390TODState *td, S390TOD *tod, Error **errp);
 } S390TODClass;
 
+/* The value of the TOD clock for 1.1.1970. */
+#define TOD_UNIX_EPOCH 0x7d91048bca00ULL
+
+/* Converts ns to s390's clock format */
+static inline uint64_t time2tod(uint64_t ns)
+{
+return (ns << 9) / 125;
+}
+
+/* Converts s390's clock format to ns */
+static inline uint64_t tod2time(uint64_t t)
+{
+return (t * 125) >> 9;
+}
+
 void s390_init_tod(void);
+S390TODState *s390_get_tod(void);
 
 #endif
diff --git a/target/s390x/cpu.c b/target/s390x/cpu.c
index 557074165a..e4d7e82a23 100644
--- a/target/s390x/cpu.c
+++ b/target/s390x/cpu.c
@@ -30,7 +30,6 @@
 #include "kvm_s390x.h"
 #include "sysemu/kvm.h"
 #include "qemu-common.h"
-#include "qemu/cutils.h"
 #include "qemu/timer.h"
 #include "qemu/error-report.h"
 #include "trace.h"
@@ -44,6 +43,7 @@
 #include "hw/hw.h"
 #include "sysemu/arch_init.h"
 #include "sysemu/sysemu.h"
+#include "hw/s390x/s390-virtio-ccw.h"
 #endif
 #include "fpu/softfloat.h"
 
@@ -276,9 +276,6 @@ static void s390_cpu_initfn(Object *obj)
 CPUState *cs = CPU(obj);
 S390CPU *cpu = S390_CPU(obj);
 CPUS390XState *env = &cpu->env;
-#if !defined

[Qemu-devel] [PATCH v1 6/7] s390x/tcg: rearm the CKC timer during migration

[David Hildenbrand]

If the CPU data is migrated after the TOD clock, the CKC timer of a CPU
is not rearmed. Let's rearm it when loading the CPU state.

Signed-off-by: David Hildenbrand 
---
 target/s390x/machine.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/target/s390x/machine.c b/target/s390x/machine.c
index 84b4928755..53d226ff48 100644
--- a/target/s390x/machine.c
+++ b/target/s390x/machine.c
@@ -34,6 +34,13 @@ static int cpu_post_load(void *opaque, int version_id)
 return kvm_s390_vcpu_interrupt_post_load(cpu);
 }
 
+#ifdef CONFIG_TCG
+if (tcg_enabled()) {
+/* Rearm the CKC timer if necessary */
+tcg_s390_tod_updated(CPU(cpu), RUN_ON_CPU_NULL);
+}
+#endif
+
 return 0;
 }
 
-- 
2.17.0

[Qemu-devel] [PATCH v1 5/7] s390x/tcg: implement SET CLOCK

[David Hildenbrand]

This allows a guest to change its TOD. We already take care of updating
all CKC timers from within S390TODClass.

Use MO_ALIGN to load the operand manually - this will properly trigger a
SPECIFICATION exception.

Signed-off-by: David Hildenbrand 
---
 target/s390x/helper.h  |  1 +
 target/s390x/insn-data.def |  3 +--
 target/s390x/misc_helper.c | 19 +++
 target/s390x/translate.c   |  9 +
 4 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/target/s390x/helper.h b/target/s390x/helper.h
index 59cba86a27..97c60ca7bc 100644
--- a/target/s390x/helper.h
+++ b/target/s390x/helper.h
@@ -127,6 +127,7 @@ DEF_HELPER_4(diag, void, env, i32, i32, i32)
 DEF_HELPER_3(load_psw, noreturn, env, i64, i64)
 DEF_HELPER_FLAGS_2(spx, TCG_CALL_NO_RWG, void, env, i64)
 DEF_HELPER_FLAGS_1(stck, TCG_CALL_NO_RWG_SE, i64, env)
+DEF_HELPER_FLAGS_2(sck, TCG_CALL_NO_RWG, i32, env, i64)
 DEF_HELPER_FLAGS_2(sckc, TCG_CALL_NO_RWG, void, env, i64)
 DEF_HELPER_FLAGS_2(sckpf, TCG_CALL_NO_RWG, void, env, i64)
 DEF_HELPER_FLAGS_1(stckc, TCG_CALL_NO_RWG, i64, env)
diff --git a/target/s390x/insn-data.def b/target/s390x/insn-data.def
index 157619403d..5c6f33ed9c 100644
--- a/target/s390x/insn-data.def
+++ b/target/s390x/insn-data.def
@@ -997,8 +997,7 @@
 /* SET ADDRESS SPACE CONTROL FAST */
 C(0xb279, SACF,S, Z,   0, a2, 0, 0, sacf, 0)
 /* SET CLOCK */
-/* ??? Not implemented - is it necessary? */
-C(0xb204, SCK, S, Z,   0, 0, 0, 0, 0, 0)
+C(0xb204, SCK, S, Z,   la2, 0, 0, 0, sck, 0)
 /* SET CLOCK COMPARATOR */
 C(0xb206, SCKC,S, Z,   0, m2_64a, 0, 0, sckc, 0)
 /* SET CLOCK PROGRAMMABLE FIELD */
diff --git a/target/s390x/misc_helper.c b/target/s390x/misc_helper.c
index 2ef9de1cca..2f5cd6d22a 100644
--- a/target/s390x/misc_helper.c
+++ b/target/s390x/misc_helper.c
@@ -191,6 +191,25 @@ void tcg_s390_tod_updated(CPUState *cs, run_on_cpu_data 
opaque)
 helper_sckc(env, env->ckc);
 }
 
+/* Set Clock */
+uint32_t HELPER(sck)(CPUS390XState *env, uint64_t tod_low)
+{
+S390TODState *td = s390_get_tod();
+S390TODClass *tdc = S390_TOD_GET_CLASS(td);
+S390TOD tod = {
+.high = 0,
+.low = tod_low,
+};
+Error *err = NULL;
+
+qemu_mutex_lock_iothread();
+tdc->set(td, &tod, &err);
+qemu_mutex_unlock_iothread();
+g_assert(!err);
+
+return 0;
+}
+
 /* Set Tod Programmable Field */
 void HELPER(sckpf)(CPUS390XState *env, uint64_t r0)
 {
diff --git a/target/s390x/translate.c b/target/s390x/translate.c
index 82309faa11..c6ed9507de 100644
--- a/target/s390x/translate.c
+++ b/target/s390x/translate.c
@@ -4016,6 +4016,15 @@ static DisasJumpType op_stcke(DisasContext *s, DisasOps 
*o)
 return DISAS_NEXT;
 }
 
+static DisasJumpType op_sck(DisasContext *s, DisasOps *o)
+{
+check_privileged(s);
+tcg_gen_qemu_ld_i64(o->in1, o->addr1, get_mem_index(s), MO_TEQ | MO_ALIGN);
+gen_helper_sck(cc_op, cpu_env, o->in1);
+set_cc_static(s);
+return DISAS_NEXT;
+}
+
 static DisasJumpType op_sckc(DisasContext *s, DisasOps *o)
 {
 check_privileged(s);
-- 
2.17.0

Re: [Qemu-devel] [PATCH v3] block: fix QEMU crash with scsi-hd and drive_del

[Greg Kurz]

On Fri, 25 May 2018 10:37:15 +0200
Kevin Wolf  wrote:

> Am 25.05.2018 um 00:53 hat Greg Kurz geschrieben:
> > Removing a drive with drive_del while it is being used to run an I/O
> > intensive workload can cause QEMU to crash.
> > 
> > An AIO flush can yield at some point:
> > 
> > blk_aio_flush_entry()
> >  blk_co_flush(blk)
> >   bdrv_co_flush(blk->root->bs)
> >...
> > qemu_coroutine_yield()
> > 
> > and let the HMP command to run, free blk->root and give control
> > back to the AIO flush:
> > 
> > hmp_drive_del()
> >  blk_remove_bs()
> >   bdrv_root_unref_child(blk->root)
> >child_bs = blk->root->bs
> >bdrv_detach_child(blk->root)
> > bdrv_replace_child(blk->root, NULL)
> >  blk->root->bs = NULL
> > g_free(blk->root) <== blk->root becomes stale
> >bdrv_unref(child_bs)
> > bdrv_delete(child_bs)
> >  bdrv_close()
> >   bdrv_drained_begin()
> >bdrv_do_drained_begin()
> > bdrv_drain_recurse()
> >  aio_poll()
> >   ...
> >   qemu_coroutine_switch()
> > 
> > and the AIO flush completion ends up dereferencing blk->root:
> > 
> >   blk_aio_complete()
> >scsi_aio_complete()
> > blk_get_aio_context(blk)
> >  bs = blk_bs(blk)
> >  ie, bs = blk->root ? blk->root->bs : NULL
> > ^
> > stale
> > 
> > The problem is that we should avoid making block driver graph
> > changes while we have in-flight requests. This patch hence adds
> > a drained section to bdrv_detach_child(), so that we're sure
> > all requests have been drained before blk->root becomes stale.
> > 
> > Signed-off-by: Greg Kurz 
> > ---
> > v3: - start drained section before modifying the graph (Stefan)
> > 
> > v2: - drain I/O requests when detaching the BDS (Stefan, Paolo)
> > ---
> >  block.c |4 
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/block.c b/block.c
> > index 501b64c8193f..715c1b56c1e2 100644
> > --- a/block.c
> > +++ b/block.c
> > @@ -2127,12 +2127,16 @@ BdrvChild *bdrv_attach_child(BlockDriverState 
> > *parent_bs,
> >  
> >  static void bdrv_detach_child(BdrvChild *child)
> >  {
> > +BlockDriverState *child_bs = child->bs;
> > +
> > +bdrv_drained_begin(child_bs);
> >  if (child->next.le_prev) {
> >  QLIST_REMOVE(child, next);
> >  child->next.le_prev = NULL;
> >  }
> >  
> >  bdrv_replace_child(child, NULL);
> > +bdrv_drained_end(child_bs);
> >  
> >  g_free(child->name);
> >  g_free(child);  
> 
> I wonder if the better fix would be calling blk_drain() in
> blk_remove_bs() (which would also better be blk_drained_begin/end...).
> 

Hmm... would blk_drain() in blk_remove_bs() ensure we don't have
any new activity until the BDS and BB are actually dissociated ?

ie, something like the following ?

+blk_drain(blk);
 bdrv_root_unref_child(blk->root);
 blk->root = NULL;

because we can't do anything like:

+bdrv_drained_begin(blk_bs(blk));
 bdrv_root_unref_child(blk->root);
+bdrv_drained_begin(blk_bs(blk));
 blk->root = NULL;

since g_free(blk->root) gets called from under bdrv_root_unref_child()
at some point.

> Doing the proposed change in bdrv_detach_child() should fix the problem
> that you're seeing, but at first sight it promises that callers don't
> have to care about shutting down their activity on the child node first.
> This isn't necessarily correct if the parent may still issue a new
> request (e.g. in response to the completion of an old one). What really
> needs to be drained is the parent's use of the child, not the activity
> of the child.
> 

I was thinking of:

 void bdrv_root_unref_child(BdrvChild *child)
 {
 BlockDriverState *child_bs;
 
 child_bs = child->bs;
+bdrv_drained_begin(child_bs);
 bdrv_detach_child(child);
+bdrv_drained_end(child_bs);
 bdrv_unref(child_bs);
 }

but both Paolo and Stefan suggested to move it to bdrv_detach_child().

Is this what you're suggesting ?

> Another minor problem with your approach: If a child node is used by
> more than one parent, this patch would unnecessarily quiesce those other
> parents and wait for the completion of their requests.
> 

Oh... I hadn't realized. Blame my limited knowledge of the block layer :)

> Kevin

Cheers,

--
Greg

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Peter Maydell]

On 25 May 2018 at 12:06, Peter Maydell  wrote:
> On 23 May 2018 at 15:43, Michael S. Tsirkin  wrote:
>> Switch to the header we imported from Linux,
>> this allows us to drop a hack in kvm_i386.h.
>> More code will be dropped in the next patch.
>>
>> Signed-off-by: Michael S. Tsirkin 
>
>> --- a/target/i386/cpu.h
>> +++ b/target/i386/cpu.h
>> @@ -688,8 +688,6 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
>>  #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
>>  #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store 
>> Bypass Disable */
>>
>> -#define KVM_HINTS_DEDICATED (1U << 0)
>> -
>>  #define CPUID_8000_0008_EBX_IBPB(1U << 12) /* Indirect Branch 
>> Prediction Barrier */
>>
>>  #define CPUID_XSAVE_XSAVEOPT   (1U << 0)
>
> Hi -- this seems like it will break compilation when we next
> update our copy of the Linux kernel headers, because (as of
> 4.17-rc6, at least), asm-x86/kvm_para.h doesn't define
> KVM_HINTS_DEDICATED.

For the moment I'm using this workaround (I wanted to do a header
update for something else I'm working on):

--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -48,6 +48,11 @@
 #include "exec/memattrs.h"
 #include "trace.h"

+/* Work around this kernel header constant changing its name */
+#ifndef KVM_HINTS_REALTIME
+#define KVM_HINTS_REALTIME KVM_HINTS_DEDICATED
+#endif
+
 //#define DEBUG_KVM

 #ifdef DEBUG_KVM
@@ -387,7 +392,7 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s,
uint32_t function,
 ret &= ~(1U << KVM_FEATURE_PV_UNHALT);
 }
 } else if (function == KVM_CPUID_FEATURES && reg == R_EDX) {
-ret |= 1U << KVM_HINTS_DEDICATED;
+ret |= 1U << KVM_HINTS_REALTIME;
 found = 1;
 }

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 2/3] libqtest: fail if child coredumps

[Michael S. Tsirkin]

On Fri, May 25, 2018 at 08:10:48AM +0200, Thomas Huth wrote:
> On 24.05.2018 20:25, Michael S. Tsirkin wrote:
> > Right now tests report OK status if QEMU crashes during cleanup.
> > Let's catch that case and fail the test.
> > 
> > Signed-off-by: Michael S. Tsirkin 
> > ---
> >  tests/libqtest.c | 9 -
> >  1 file changed, 8 insertions(+), 1 deletion(-)
> > 
> > diff --git a/tests/libqtest.c b/tests/libqtest.c
> > index 43fb97e..f869854 100644
> > --- a/tests/libqtest.c
> > +++ b/tests/libqtest.c
> > @@ -103,8 +103,15 @@ static int socket_accept(int sock)
> >  static void kill_qemu(QTestState *s)
> >  {
> >  if (s->qemu_pid != -1) {
> > +int wstatus = 0;
> > +pid_t pid;
> > +
> >  kill(s->qemu_pid, SIGTERM);
> > -waitpid(s->qemu_pid, NULL, 0);
> > +pid = waitpid(s->qemu_pid, &wstatus, 0);
> > +
> > +if (pid == s->qemu_pid && WIFSIGNALED(wstatus)) {
> > +assert(!WCOREDUMP(wstatus));
> 
> Another ugliness that I just discovered: kill_qemu is also called from
> the SIGABRT handler. So if a qtest assert() triggers an abort(), the
> abort handler runs kill_qemu which now could trigger another assert()
> and thus abort().

But only the first one will cause a coredump.

> It's likely not a real problem since the abort handler
> has been installed with SA_RESETHAND, but it's still quite confusing code.
> 
> Please let's clean up this ugliness properly: I think kill_qemu should
> *only* be used by the abort handler, and then kill QEMU with SIGKILL for
> good, to make sure that there are no stuck QEMU processes hanging around
> anymore.
> 
> qtest_quit() should simply try to quit QEMU via QMP instead, and then
> check for WIFEXITED(wstatus) && !WEXITSTATUS(wstatus) instead of using
> the kill_qemu() function.
> 
>  Thomas

I think I'll drop the second patch for now. failing test on coredump
is clearly correct. The rest can wait until someone has the energy
to look into all the intricacies of signal handling.

-- 
MST

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Michael S. Tsirkin]

On Fri, May 25, 2018 at 12:53:44PM +0100, Peter Maydell wrote:
> On 25 May 2018 at 12:06, Peter Maydell  wrote:
> > On 23 May 2018 at 15:43, Michael S. Tsirkin  wrote:
> >> Switch to the header we imported from Linux,
> >> this allows us to drop a hack in kvm_i386.h.
> >> More code will be dropped in the next patch.
> >>
> >> Signed-off-by: Michael S. Tsirkin 
> >
> >> --- a/target/i386/cpu.h
> >> +++ b/target/i386/cpu.h
> >> @@ -688,8 +688,6 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
> >>  #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
> >>  #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store 
> >> Bypass Disable */
> >>
> >> -#define KVM_HINTS_DEDICATED (1U << 0)
> >> -
> >>  #define CPUID_8000_0008_EBX_IBPB(1U << 12) /* Indirect Branch 
> >> Prediction Barrier */
> >>
> >>  #define CPUID_XSAVE_XSAVEOPT   (1U << 0)
> >
> > Hi -- this seems like it will break compilation when we next
> > update our copy of the Linux kernel headers, because (as of
> > 4.17-rc6, at least), asm-x86/kvm_para.h doesn't define
> > KVM_HINTS_DEDICATED.
> 
> For the moment I'm using this workaround (I wanted to do a header
> update for something else I'm working on):
> 
> --- a/target/i386/kvm.c
> +++ b/target/i386/kvm.c
> @@ -48,6 +48,11 @@
>  #include "exec/memattrs.h"
>  #include "trace.h"
> 
> +/* Work around this kernel header constant changing its name */
> +#ifndef KVM_HINTS_REALTIME
> +#define KVM_HINTS_REALTIME KVM_HINTS_DEDICATED
> +#endif
> +
>  //#define DEBUG_KVM
> 
>  #ifdef DEBUG_KVM

I don't think we need this chunk.

> @@ -387,7 +392,7 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s,
> uint32_t function,
>  ret &= ~(1U << KVM_FEATURE_PV_UNHALT);
>  }
>  } else if (function == KVM_CPUID_FEATURES && reg == R_EDX) {
> -ret |= 1U << KVM_HINTS_DEDICATED;
> +ret |= 1U << KVM_HINTS_REALTIME;
>  found = 1;
>  }

That's the right change when we update this header.

> thanks
> -- PMM

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Michael S. Tsirkin]

On Fri, May 25, 2018 at 12:06:17PM +0100, Peter Maydell wrote:
> On 23 May 2018 at 15:43, Michael S. Tsirkin  wrote:
> > Switch to the header we imported from Linux,
> > this allows us to drop a hack in kvm_i386.h.
> > More code will be dropped in the next patch.
> >
> > Signed-off-by: Michael S. Tsirkin 
> 
> > --- a/target/i386/cpu.h
> > +++ b/target/i386/cpu.h
> > @@ -688,8 +688,6 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];
> >  #define CPUID_7_0_EDX_SPEC_CTRL (1U << 26) /* Speculation Control */
> >  #define CPUID_7_0_EDX_SPEC_CTRL_SSBD  (1U << 31) /* Speculative Store 
> > Bypass Disable */
> >
> > -#define KVM_HINTS_DEDICATED (1U << 0)
> > -
> >  #define CPUID_8000_0008_EBX_IBPB(1U << 12) /* Indirect Branch 
> > Prediction Barrier */
> >
> >  #define CPUID_XSAVE_XSAVEOPT   (1U << 0)
> 
> Hi -- this seems like it will break compilation when we next
> update our copy of the Linux kernel headers,

That just means we'll need to update kvm.c when we do it.

> because (as of
> 4.17-rc6, at least), asm-x86/kvm_para.h doesn't define
> KVM_HINTS_DEDICATED. Here's the diff I get as part of
> my attempt to run update-linux-headers:
> 
> --- a/include/standard-headers/asm-x86/kvm_para.h
> +++ b/include/standard-headers/asm-x86/kvm_para.h
> @@ -29,7 +29,7 @@
>  #define KVM_FEATURE_PV_TLB_FLUSH   9
>  #define KVM_FEATURE_ASYNC_PF_VMEXIT10
> 
> -#define KVM_HINTS_DEDICATED  0
> +#define KVM_HINTS_REALTIME  0
> 
>  /* The last 8 bits are used to indicate how to interpret the flags field
>   * in pvclock structure. If no bits are set, all flags are ignored.
> 
> I'm not sure what's going on here -- commit 633711e8287 in
> the kernel just renames the constant, but doesn't that
> break userspace API ?
> 
> thanks
> -- PMM

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Peter Maydell]

On 25 May 2018 at 13:18, Michael S. Tsirkin  wrote:
> On Fri, May 25, 2018 at 12:53:44PM +0100, Peter Maydell wrote:
>> For the moment I'm using this workaround (I wanted to do a header
>> update for something else I'm working on):
>>
>> --- a/target/i386/kvm.c
>> +++ b/target/i386/kvm.c
>> @@ -48,6 +48,11 @@
>>  #include "exec/memattrs.h"
>>  #include "trace.h"
>>
>> +/* Work around this kernel header constant changing its name */
>> +#ifndef KVM_HINTS_REALTIME
>> +#define KVM_HINTS_REALTIME KVM_HINTS_DEDICATED
>> +#endif
>> +
>>  //#define DEBUG_KVM
>>
>>  #ifdef DEBUG_KVM
>
> I don't think we need this chunk.

My view is that header update commits should be exactly and only
the result of running update-linux-headers, no manual tweaking.
If you don't add this chunk before the update, compilation with the
update will fail. You can remove the chunk after the update, of course...

thanks
-- PMM

Re: [Qemu-devel] [PATCH v4 0/2] Fix ARM KVM GICv3 get/put data shift bug

[no-reply]

Hi,

This series failed build test on s390x host. Please find the details below.

Type: series
Message-id: 1527247371-10592-1-git-send-email-zhaoshengl...@huawei.com
Subject: [Qemu-devel] [PATCH v4 0/2] Fix ARM KVM GICv3 get/put data shift bug

=== TEST SCRIPT BEGIN ===
#!/bin/bash
# Testing script will be invoked under the git checkout with
# HEAD pointing to a commit that has the patches applied on top of "base"
# branch
set -e
echo "=== ENV ==="
env
echo "=== PACKAGES ==="
rpm -qa
echo "=== TEST BEGIN ==="
CC=$HOME/bin/cc
INSTALL=$PWD/install
BUILD=$PWD/build
echo -n "Using CC: "
realpath $CC
mkdir -p $BUILD $INSTALL
SRC=$PWD
cd $BUILD
$SRC/configure --cc=$CC --prefix=$INSTALL
make -j4
# XXX: we need reliable clean up
# make check -j4 V=1
make install
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]   
patchew/1527247371-10592-1-git-send-email-zhaoshengl...@huawei.com -> 
patchew/1527247371-10592-1-git-send-email-zhaoshengl...@huawei.com
 t [tag update]patchew/20180525092004.13241-1-kra...@redhat.com -> 
patchew/20180525092004.13241-1-kra...@redhat.com
 * [new tag]   
patchew/20180525110914.22348-1-peter.mayd...@linaro.org -> 
patchew/20180525110914.22348-1-peter.mayd...@linaro.org
Switched to a new branch 'test'
fa3b995a88 arm_gicv3_kvm: kvm_dist_get/put: skip the registers banked by GICR
c1c1a2241f arm_gicv3_kvm: kvm_dist_get/put_priority: skip the registers banked 
by GICR_IPRIORITYR

=== OUTPUT BEGIN ===
=== ENV ===
LANG=en_US.UTF-8
XDG_SESSION_ID=202073
USER=fam
PWD=/var/tmp/patchew-tester-tmp-re1kdhm3/src
HOME=/home/fam
SHELL=/bin/sh
SHLVL=2
PATCHEW=/home/fam/patchew/patchew-cli -s http://patchew.org --nodebug
LOGNAME=fam
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1012/bus
XDG_RUNTIME_DIR=/run/user/1012
PATH=/usr/bin:/bin
_=/usr/bin/env
=== PACKAGES ===
gpg-pubkey-873529b8-54e386ff
glibc-debuginfo-common-2.24-10.fc25.s390x
fedora-release-26-1.noarch
dejavu-sans-mono-fonts-2.35-4.fc26.noarch
xemacs-filesystem-21.5.34-22.20170124hgf412e9f093d4.fc26.noarch
bash-4.4.12-7.fc26.s390x
libSM-1.2.2-5.fc26.s390x
libmpc-1.0.2-6.fc26.s390x
libaio-0.3.110-7.fc26.s390x
libverto-0.2.6-7.fc26.s390x
perl-Scalar-List-Utils-1.48-1.fc26.s390x
iptables-libs-1.6.1-2.fc26.s390x
tcl-8.6.6-2.fc26.s390x
libxshmfence-1.2-4.fc26.s390x
expect-5.45-23.fc26.s390x
perl-Thread-Queue-3.12-1.fc26.noarch
perl-encoding-2.19-6.fc26.s390x
keyutils-1.5.10-1.fc26.s390x
gmp-devel-6.1.2-4.fc26.s390x
enchant-1.6.0-16.fc26.s390x
python-gobject-base-3.24.1-1.fc26.s390x
python3-enchant-1.6.10-1.fc26.noarch
python-lockfile-0.11.0-6.fc26.noarch
python2-pyparsing-2.1.10-3.fc26.noarch
python2-lxml-4.1.1-1.fc26.s390x
librados2-10.2.7-2.fc26.s390x
trousers-lib-0.3.13-7.fc26.s390x
libdatrie-0.2.9-4.fc26.s390x
libsoup-2.58.2-1.fc26.s390x
passwd-0.79-9.fc26.s390x
bind99-libs-9.9.10-3.P3.fc26.s390x
python3-rpm-4.13.0.2-1.fc26.s390x
systemd-233-7.fc26.s390x
virglrenderer-0.6.0-1.20170210git76b3da97b.fc26.s390x
s390utils-ziomon-1.36.1-3.fc26.s390x
s390utils-osasnmpd-1.36.1-3.fc26.s390x
libXrandr-1.5.1-2.fc26.s390x
libglvnd-glx-1.0.0-1.fc26.s390x
texlive-ifxetex-svn19685.0.5-33.fc26.2.noarch
texlive-psnfss-svn33946.9.2a-33.fc26.2.noarch
texlive-dvipdfmx-def-svn40328-33.fc26.2.noarch
texlive-natbib-svn20668.8.31b-33.fc26.2.noarch
texlive-xdvi-bin-svn40750-33.20160520.fc26.2.s390x
texlive-cm-svn32865.0-33.fc26.2.noarch
texlive-beton-svn15878.0-33.fc26.2.noarch
texlive-fpl-svn15878.1.002-33.fc26.2.noarch
texlive-mflogo-svn38628-33.fc26.2.noarch
texlive-texlive-docindex-svn41430-33.fc26.2.noarch
texlive-luaotfload-bin-svn34647.0-33.20160520.fc26.2.noarch
texlive-koma-script-svn41508-33.fc26.2.noarch
texlive-pst-tree-svn24142.1.12-33.fc26.2.noarch
texlive-breqn-svn38099.0.98d-33.fc26.2.noarch
texlive-xetex-svn41438-33.fc26.2.noarch
gstreamer1-plugins-bad-free-1.12.3-1.fc26.s390x
xorg-x11-font-utils-7.5-33.fc26.s390x
ghostscript-fonts-5.50-36.fc26.noarch
libXext-devel-1.3.3-5.fc26.s390x
libusbx-devel-1.0.21-2.fc26.s390x
libglvnd-devel-1.0.0-1.fc26.s390x
emacs-25.3-3.fc26.s390x
alsa-lib-devel-1.1.4.1-1.fc26.s390x
kbd-2.0.4-2.fc26.s390x
dconf-0.26.0-2.fc26.s390x
mc-4.8.19-5.fc26.s390x
doxygen-1.8.13-9.fc26.s390x
dpkg-1.18.24-1.fc26.s390x
libtdb-1.3.13-1.fc26.s390x
python2-pynacl-1.1.1-1.fc26.s390x
perl-Filter-1.58-1.fc26.s390x
python2-pip-9.0.1-11.fc26.noarch
dnf-2.7.5-2.fc26.noarch
bind-license-9.11.2-1.P1.fc26.noarch
libtasn1-4.13-1.fc26.s390x
cpp-7.3.1-2.fc26.s390x
pkgconf-1.3.12-2.fc26.s390x
python2-fedora-0.10.0-1.fc26.noarch
cmake-filesystem-3.10.1-11.fc26.s390x
python3-requests-kerberos-0.12.0-1.fc26.noarch
libmicrohttpd-0.9.59-1.fc26.s390x
GeoIP-GeoLite-data-2018.01-1.fc26.noarch
python2-libs-2.7.14-7.fc26.s390x
libidn2-2.0.4-3.fc26.s390x
p11-kit-devel-0.23.10-1.fc26.s390x
perl-Errno-1.25-396.fc26.s390x
libdrm-2.4.90-2.fc26.s390x
sssd-common-1.16.1-1.fc26.s390x
boost-random-1.63.0-11.fc26.s390x
urw-fonts-2.4-24.fc26.noarch
ccache-3.3.6-

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Michael S. Tsirkin]

On Fri, May 25, 2018 at 01:21:24PM +0100, Peter Maydell wrote:
> On 25 May 2018 at 13:18, Michael S. Tsirkin  wrote:
> > On Fri, May 25, 2018 at 12:53:44PM +0100, Peter Maydell wrote:
> >> For the moment I'm using this workaround (I wanted to do a header
> >> update for something else I'm working on):
> >>
> >> --- a/target/i386/kvm.c
> >> +++ b/target/i386/kvm.c
> >> @@ -48,6 +48,11 @@
> >>  #include "exec/memattrs.h"
> >>  #include "trace.h"
> >>
> >> +/* Work around this kernel header constant changing its name */
> >> +#ifndef KVM_HINTS_REALTIME
> >> +#define KVM_HINTS_REALTIME KVM_HINTS_DEDICATED
> >> +#endif
> >> +
> >>  //#define DEBUG_KVM
> >>
> >>  #ifdef DEBUG_KVM
> >
> > I don't think we need this chunk.
> 
> My view is that header update commits should be exactly and only
> the result of running update-linux-headers, no manual tweaking.
> If you don't add this chunk before the update, compilation with the
> update will fail. You can remove the chunk after the update, of course...
> 
> thanks
> -- PMM

I see.  I guess you did all the work already, do you still need help
or will you just go ahead and post it? Or even commit directly,
it's a trivial enough patch.

-- 
MST

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Peter Maydell]

On 25 May 2018 at 13:27, Michael S. Tsirkin  wrote:
> I see.  I guess you did all the work already, do you still need help
> or will you just go ahead and post it? Or even commit directly,
> it's a trivial enough patch.

I'll send a series later this afternoon that does an update
to 4.17-rc6; it has a couple of other prerequisites in it,
to handle __aligned_u64 in the update script (patch already
posted this morning, but I'll put it in the series), and to deal
with the kernel headers not yet defining VIRTIO_GPU_CAPSET_VIRGL2.

thanks
-- PMM

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Michael S. Tsirkin]

On Fri, May 25, 2018 at 01:30:00PM +0100, Peter Maydell wrote:
> On 25 May 2018 at 13:27, Michael S. Tsirkin  wrote:
> > I see.  I guess you did all the work already, do you still need help
> > or will you just go ahead and post it? Or even commit directly,
> > it's a trivial enough patch.
> 
> I'll send a series later this afternoon that does an update
> to 4.17-rc6; it has a couple of other prerequisites in it,
> to handle __aligned_u64 in the update script (patch already
> posted this morning, but I'll put it in the series), and to deal
> with the kernel headers not yet defining VIRTIO_GPU_CAPSET_VIRGL2.


You mean like this:
http://patchwork.ozlabs.org/patch/907121/

?

> thanks
> -- PMM

Re: [Qemu-devel] [PULL 07/28] x86/cpu: use standard-headers/asm-x86.kvm_para.h

[Peter Maydell]

On 25 May 2018 at 13:35, Michael S. Tsirkin  wrote:
> On Fri, May 25, 2018 at 01:30:00PM +0100, Peter Maydell wrote:
>> On 25 May 2018 at 13:27, Michael S. Tsirkin  wrote:
>> > I see.  I guess you did all the work already, do you still need help
>> > or will you just go ahead and post it? Or even commit directly,
>> > it's a trivial enough patch.
>>
>> I'll send a series later this afternoon that does an update
>> to 4.17-rc6; it has a couple of other prerequisites in it,
>> to handle __aligned_u64 in the update script (patch already
>> posted this morning, but I'll put it in the series), and to deal
>> with the kernel headers not yet defining VIRTIO_GPU_CAPSET_VIRGL2.
>
>
> You mean like this:
> http://patchwork.ozlabs.org/patch/907121/
>
> ?

Yes; I missed that (found a mail thread pointing out the problem
but not the patch with the fix); I'll pick it up for the series.

thanks
-- PMM

Re: [Qemu-devel] [qemu-s390x] [PATCH v4 00/14] MemoryDevice: use multi stage hotplug handlers

[David Hildenbrand]

On 17.05.2018 10:15, David Hildenbrand wrote:
> We can have devices that need certain other resources that are e.g.
> system resources managed by the machine. We need a clean way to assign
> these resources (without violating layers as brought up by Igor).
> 
> One example is virtio-mem/virtio-pmem. Both device types need to be
> assigned some region in guest physical address space. This device memory
> belongs to the machine and is managed by it. However, virito devices are
> hotplugged using the hotplug handler their proxy device implements. So we
> could trigger e.g. a PCI hotplug handler for virtio-pci or a CSS/CCW
> hotplug handler for virtio-ccw. But definetly not the machine.
> 
> Now, we can route other devices through the machine hotplug handler, to
> properly assign/unassign resources - like a portion in guest physical
> address space.
> 
> v3 -> v4:
> - Removed the s390x bits, will send that out separately (was just a proof
>   that it works just fine with s390x)
> - Fixed a typo and reworded a comment
> 
> v2 -> v3:
> - Added "memory-device: introduce separate config option"
> - Dropped "parent_bus" check from hotplug handler lookup functions
> - "Handly" -> "Handle" in patch description.
> 
> v1 -> v2:
> - Use multi stage hotplug handler instead of resource handler
> - MemoryDevices only compiled if necessary (CONFIG_MEM_HOTPLUG)
> - Prepare PC/SPAPR machines properly for multi stage hotplug handlers
> - Route SPAPR unplug code via the hotunplug handler
> - Directly include s390x support. But there are no usable memory devices
>   yet (well, only my virtio-mem prototype)
> - Included "memory-device: drop assert related to align and start of address
>   space"
> 
> David Hildenbrand (13):
>   memory-device: drop assert related to align and start of address space
>   memory-device: introduce separate config option
>   pc: prepare for multi stage hotplug handlers
>   pc: route all memory devices through the machine hotplug handler
>   spapr: prepare for multi stage hotplug handlers
>   spapr: route all memory devices through the machine hotplug handler
>   spapr: handle pc-dimm unplug via hotplug handler chain
>   spapr: handle cpu core unplug via hotplug handler chain
>   memory-device: new functions to handle plug/unplug
>   pc-dimm: implement new memory device functions
>   memory-device: factor out pre-plug into hotplug handler
>   memory-device: factor out unplug into hotplug handler
>   memory-device: factor out plug into hotplug handler
> 
> Igor Mammedov (1):
>   qdev: let machine hotplug handler to override bus hotplug handler
> 
>  default-configs/i386-softmmu.mak   |   3 +-
>  default-configs/ppc64-softmmu.mak  |   3 +-
>  default-configs/x86_64-softmmu.mak |   3 +-
>  hw/Makefile.objs   |   2 +-
>  hw/core/qdev.c |   6 +-
>  hw/i386/pc.c   | 102 ++---
>  hw/mem/Makefile.objs   |   4 +-
>  hw/mem/memory-device.c | 129 
> +++--
>  hw/mem/pc-dimm.c   |  48 ++
>  hw/mem/trace-events|   4 +-
>  hw/ppc/spapr.c | 129 
> +++--
>  include/hw/mem/memory-device.h |  21 --
>  include/hw/mem/pc-dimm.h   |   3 +-
>  include/hw/qdev-core.h |  11 
>  qapi/misc.json |   2 +-
>  15 files changed, 330 insertions(+), 140 deletions(-)
> 

As there was no negative feedback so far, I will go ahead and assume
that this approach is the right thing to do.

-- 

Thanks,

David / dhildenb

[Qemu-devel] [PATCH] spapr: don't call KVM_PPC_CONFIGURE_V3_MMU if HPT is in userspace

[Greg Kurz]

Since the kernel commit "dbfcf3cb9c68 powerpc/64: Call H_REGISTER_PROC_TBL
when running as a HPT guest on POWER9", a nested guest running with PR KVM
hangs at boot:

Preparing to boot Linux version 4.16.0-kvm-pr-hang-gku+ 
(greg@qemu.boston16) (gcc version 8.1.1 20180502 (Red Hat 8.1.1-1) (GCC)) 
#19 SMP Fri May 25 08:41:55 CEST 2018
Detected machine type: 0101
command line: root=UUID=22128c5c-30b1-4e0a-ac16-95853df31131 ro rhgb 
console=hvc0 early_printk disable-radix=on
Max number of cores passed to firmware: 1024 (NR_CPUS = 1024)
Calling ibm,client-architecture-support... done
memory layout at init:
  memory_limit :  (16 MB aligned)
  alloc_bottom : 01b8
  alloc_top: 3000
  alloc_top_hi : 0001
  rmo_top  : 3000
  ram_top  : 0001
instantiating rtas at 0x2fff... done
prom_hold_cpus: skipped
copying OF device tree...
Building dt strings...
Building dt structure...
Device tree strings 0x03d9 -> 0x03d90abb
Device tree struct  0x03da -> 0x03db
Quiescing Open Firmware ...
Booting Linux via __start() @ 0x0040 ...

This happens because the H_REGISTER_PROC_TBL implementation in QEMU
always call KVM_PPC_CONFIGURE_V3_MMU when KVM is present. This fails
in the case of PR KVM, which doesn't implement it, and QEMU returns
H_PARAMETER to the guest, which is a BUG() condition in linux.

In the case of PR, the HPT is allocated in userspace by QEMU, so it
doesn't make sense to call KVM_PPC_CONFIGURE_V3_MMU in the first
place. So, skip it in this case and let the guest boot.

Signed-off-by: Greg Kurz 
---

Note that PR KVM requires this patch from Paul to work on POWER9:

https://patchwork.ozlabs.org/patch/916766/

The original request was coming from people who want to run openQA in
fedora28 under PowerVM on a POWER9 system. This requires PR KVM, which
will be running in HPT-mode since pHyp doesn't do radix.

Cc'ing stable because fedora28 ships QEMU 2.11.x.
---
 hw/ppc/spapr_hcall.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index 022f6d810182..12cbb317e5e8 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1420,7 +1420,7 @@ static target_ulong h_register_process_table(PowerPCCPU 
*cpu,
   ((flags & FLAG_GTSE) ? LPCR_GTSE : 0),
   LPCR_UPRT | LPCR_GTSE);
 
-if (kvm_enabled()) {
+if (kvm_enabled() && !spapr->htab) {
 return kvmppc_configure_v3_mmu(cpu, flags & FLAG_RADIX,
flags & FLAG_GTSE, cproc);
 }

Re: [Qemu-devel] [PATCH] nvme: Make nvme_init error handling code more readable

[Eric Blake]

On 05/25/2018 01:25 AM, Fam Zheng wrote:


And that makes five labels in total, I'm not sure I like it:

fail_handler:
 aio_set_event_notifier(bdrv_get_aio_context(bs), &s->irq_notifier,
false, NULL, NULL);
fail_queue:
 nvme_free_queue_pair(bs, s->queues[0]);
fail_regs:
 qemu_vfio_pci_unmap_bar(s->vfio, 0, (void *)s->regs, 0, NVME_BAR_SIZE);
fail_vfio:
 qemu_vfio_close(s->vfio);
fail:
 g_free(s->queues);
 event_notifier_cleanup(&s->irq_notifier);
 return ret;


Doesn't look materially worse to me :)


The labels themselves are not ugly or bad, but the goto statements above will be
harder to manage.



With nice cleanup functions that detect "hasn't been set up" and do
nothing then, like free(NULL), you can use just one label.  Sadly,
cleanup functions are often not nice that way.


nvme_free_queue_pair and qemu_vfio_close are cleanup functions and we can
improve them, but to make qemu_vfio_pci_unmap_bar behave similarly is just odd:
it's not a clean up function, at least not for s->vfio.


But even then, you can do:

fail:
if (s->vfio) {
qemu_vfio_close(s->vfio);
}

That is, there are ways to make a single cleanup path more applicable, 
regardless of where you decided you needed an early cleanup.


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.   +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Qemu-devel] [Bug 1769189] Re: Issue with qemu 2.12.0 + SATA

[Bruce Rogers]

I can confirm that for me commit d759c951 does cause / expose the issue.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1769189

Title:
  Issue with qemu 2.12.0 + SATA

Status in QEMU:
  New

Bug description:
  [EDIT: I first thought that OVMF was the issue, but it turns out to be
  SATA]

  I had a Windows 10 VM running perfectly fine with a SATA drive, since
  I upgraded to qemu 2.12, the guests hangs for a couple of minutes,
  works for a few seconds, and hangs again, etc. By "hang" I mean it
  doesn't freeze, but it looks like it's waiting on IO or something, I
  can move the mouse but everything needing disk access is unresponsive.

  What doesn't work: qemu 2.12 with SATA
  What works: using VirIO-SCSI with qemu 2.12 or downgrading qemu to 2.11.1 and 
keep using SATA.

  Platform is arch linux 4.16.7 on skylake and Haswell, I have attached
  the vm xml file.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1769189/+subscriptions

[Qemu-devel] [PATCH] vga: cleanup surface handling

[Gerd Hoffmann]

Just set the full_update flag if we need a new DisplaySurface.  Create
a new surface when the flag is set instead of having two places where
qemu_create_displaysurface_from() is called.

Signed-off-by: Gerd Hoffmann 
---
 hw/display/vga.c | 36 +++-
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/hw/display/vga.c b/hw/display/vga.c
index a7794f6d1f..ed476e4e80 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -1548,12 +1548,31 @@ static void vga_draw_graphic(VGACommonState *s, int 
full_update)
 } else {
 share_surface = false;
 }
+
 if (s->line_offset != s->last_line_offset ||
 disp_width != s->last_width ||
 height != s->last_height ||
 s->last_depth != depth ||
 s->last_byteswap != byteswap ||
 share_surface != is_buffer_shared(surface)) {
+/* display parameters changed -> need new display surface */
+s->last_scr_width = disp_width;
+s->last_scr_height = height;
+s->last_width = disp_width;
+s->last_height = height;
+s->last_line_offset = s->line_offset;
+s->last_depth = depth;
+s->last_byteswap = byteswap;
+full_update = 1;
+}
+if (surface_data(surface) != s->vram_ptr + (s->start_addr * 4)
+&& is_buffer_shared(surface)) {
+/* base address changed (page flip) -> shared display surfaces
+ * must be updated with the new base address */
+full_update = 1;
+}
+
+if (full_update) {
 if (share_surface) {
 surface = qemu_create_displaysurface_from(disp_width,
 height, format, s->line_offset,
@@ -1563,23 +1582,6 @@ static void vga_draw_graphic(VGACommonState *s, int 
full_update)
 qemu_console_resize(s->con, disp_width, height);
 surface = qemu_console_surface(s->con);
 }
-s->last_scr_width = disp_width;
-s->last_scr_height = height;
-s->last_width = disp_width;
-s->last_height = height;
-s->last_line_offset = s->line_offset;
-s->last_depth = depth;
-s->last_byteswap = byteswap;
-full_update = 1;
-} else if (is_buffer_shared(surface) &&
-   (full_update || surface_data(surface) != s->vram_ptr
-+ (s->start_addr * 4))) {
-pixman_format_code_t format =
-qemu_default_pixman_format(depth, !byteswap);
-surface = qemu_create_displaysurface_from(disp_width,
-height, format, s->line_offset,
-s->vram_ptr + (s->start_addr * 4));
-dpy_gfx_replace_surface(s->con, surface);
 }
 
 if (shift_control == 0) {
-- 
2.9.3

Re: [Qemu-devel] [PATCH] RISC-V: Correct typo in RV32 perf counters

[Richard Henderson]

On 05/24/2018 11:24 PM, Michael Clark wrote:
> This patch enables mhpmcounter3h through mhpmcounter31h on RV32.
> Previously the RV32 h versions (high 32-bits of 64-bit counters)
> of these counters would trap with an illegal instruction instead
> of returning 0 as intended.
> 
> Reported-by: Richard Henderson 
> Signed-off-by: Michael Clark 
> ---
>  target/riscv/op_helper.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Fixes: Coverity CID 1390849
Reviewed-by: Richard Henderson 


r~

[Qemu-devel] [PATCH 0/6] Update Linux headers to 4.17-rc6

[Peter Maydell]

This series updates our copy of the Linux kernel headers to 4.17-rc6.
To do that we have to fix up some issues:
 * we had a hand-hacked definition of VIRTIO_GPU_CAPSET_VIRGL2
   in our old header copy that needs to be moved to a header
   that isn't auto-updated
 * we need to turn __aligned_u64 into a portable type
 * KVM_HINTS_DEDICATED was renamed to KVM_HINTS_REALTIME
 * the kernel's licensing info is no longer solely in the COPYING file

thanks
-- PMM

Alex Williamson (1):
  virtio-gpu-3d: Define VIRTIO_GPU_CAPSET_VIRGL2 elsewhere

Peter Maydell (5):
  scripts/update-linux-headers: Handle __aligned_u64
  scripts/update-linux-headers: Handle kernel license no longer being
one file
  target/i386/kvm.c: Handle renaming of KVM_HINTS_DEDICATED
  Update Linux headers to 4.17-rc6
  target/i386/kvm.c: Remove compatibility shim for KVM_HINTS_REALTIME

 include/hw/virtio/virtio-gpu.h|   6 +
 include/standard-headers/asm-x86/hyperv.h |   1 -
 include/standard-headers/asm-x86/kvm_para.h   |   2 +-
 include/standard-headers/linux/ethtool.h  |  36 +-
 include/standard-headers/linux/input.h|   4 +-
 include/standard-headers/linux/pci_regs.h |   7 +-
 .../standard-headers/linux/virtio_balloon.h   |  15 +
 include/standard-headers/linux/virtio_gpu.h   |   1 -
 .../standard-headers/rdma/vmw_pvrdma-abi.h|  49 +--
 linux-headers/asm-arm/kvm.h   |  15 +
 linux-headers/asm-arm64/kvm.h |   6 +
 linux-headers/asm-x86/hyperv.h|   1 -
 linux-headers/asm-x86/kvm.h   |  19 +-
 linux-headers/linux/kvm.h |  30 +-
 linux-headers/linux/vfio.h|  27 ++
 target/i386/kvm.c |   2 +-
 linux-headers/COPYING | 358 +-
 .../LICENSES/exceptions/Linux-syscall-note|  25 ++
 linux-headers/LICENSES/preferred/BSD-2-Clause |  32 ++
 linux-headers/LICENSES/preferred/BSD-3-Clause |  36 ++
 .../{COPYING => LICENSES/preferred/GPL-2.0}   |  27 +-
 scripts/update-linux-headers.sh   |  17 +-
 22 files changed, 310 insertions(+), 406 deletions(-)
 delete mode 100644 include/standard-headers/asm-x86/hyperv.h
 delete mode 100644 linux-headers/asm-x86/hyperv.h
 create mode 100644 linux-headers/LICENSES/exceptions/Linux-syscall-note
 create mode 100644 linux-headers/LICENSES/preferred/BSD-2-Clause
 create mode 100644 linux-headers/LICENSES/preferred/BSD-3-Clause
 copy linux-headers/{COPYING => LICENSES/preferred/GPL-2.0} (96%)

-- 
2.17.0

[Qemu-devel] [PATCH 2/6] scripts/update-linux-headers: Handle __aligned_u64

[Peter Maydell]

We'll currently replace any 'u64' with a 'uint64_t' including when
it's embedded in an '__aligned_u64', creating a '__aligned_uint64_t'
which doesn't exist. We need to instead expand out the kernel's
definition of __aligned_u64:
   #define __aligned_u64 __u64 __attribute__((aligned(8)))
before we convert the __u64 to uint64_t.

Signed-off-by: Peter Maydell 
---
 scripts/update-linux-headers.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 947dec2852..1fe54f8ab1 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update-linux-headers.sh
@@ -51,7 +51,8 @@ cp_portable() {
 fi
 
 header=$(basename "$f");
-sed -e 's/__u\([0-9][0-9]*\)/uint\1_t/g' \
+sed -e 's/__aligned_u64/__u64 __attribute__((aligned(8)))/g' \
+-e 's/__u\([0-9][0-9]*\)/uint\1_t/g' \
 -e 's/u\([0-9][0-9]*\)/uint\1_t/g' \
 -e 's/__s\([0-9][0-9]*\)/int\1_t/g' \
 -e 's/__le\([0-9][0-9]*\)/uint\1_t/g' \
-- 
2.17.0

[Qemu-devel] [PATCH 1/6] virtio-gpu-3d: Define VIRTIO_GPU_CAPSET_VIRGL2 elsewhere

[Peter Maydell]

From: Alex Williamson 

Commit 5643cc94ac1c ("virtio-gpu-3d: add support for second capability
set (v4)") updated virtio_gpu.h with a define that does not yet(?)
exist upstream resulting in build breakage every time Linux headers
are updated via the standard update script.  Conditionally define this
within QEMU code instead to avoid future breakage.

Cc: Dave Airlie 
Cc: Gerd Hoffmann 
Fixes: 5643cc94ac1c ("virtio-gpu-3d: add support for second capability set 
(v4)")
Signed-off-by: Alex Williamson 
Reviewed-by: Peter Maydell 
Signed-off-by: Peter Maydell 
---
 include/hw/virtio/virtio-gpu.h | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/include/hw/virtio/virtio-gpu.h b/include/hw/virtio/virtio-gpu.h
index 79bb3fb3dd..d6ba61f2f1 100644
--- a/include/hw/virtio/virtio-gpu.h
+++ b/include/hw/virtio/virtio-gpu.h
@@ -21,6 +21,12 @@
 #include "qemu/log.h"
 
 #include "standard-headers/linux/virtio_gpu.h"
+
+/* Not yet(?) defined in standard-headers, remove when possible */
+#ifndef VIRTIO_GPU_CAPSET_VIRGL2
+#define VIRTIO_GPU_CAPSET_VIRGL2 2
+#endif
+
 #define TYPE_VIRTIO_GPU "virtio-gpu-device"
 #define VIRTIO_GPU(obj)\
 OBJECT_CHECK(VirtIOGPU, (obj), TYPE_VIRTIO_GPU)
-- 
2.17.0

[Qemu-devel] [PATCH 4/6] target/i386/kvm.c: Handle renaming of KVM_HINTS_DEDICATED

[Peter Maydell]

In kernel header commit 633711e8287, the define KVM_HINTS_DEDICATED
was renamed to KVM_HINTS_REALTIME. Work around this compatibility
break by (a) using the new constant name, and (b) defining it
if the headers don't.

Part (b) can be removed once we've updated our copy of the kernel
headers to a version that defines KVM_HINTS_REALTIME.

Signed-off-by: Peter Maydell 
---
 target/i386/kvm.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 6511329d11..c2699f2f44 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -48,6 +48,11 @@
 #include "exec/memattrs.h"
 #include "trace.h"
 
+/* Work around this kernel header constant changing its name */
+#ifndef KVM_HINTS_REALTIME
+#define KVM_HINTS_REALTIME KVM_HINTS_DEDICATED
+#endif
+
 //#define DEBUG_KVM
 
 #ifdef DEBUG_KVM
@@ -387,7 +392,7 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t 
function,
 ret &= ~(1U << KVM_FEATURE_PV_UNHALT);
 }
 } else if (function == KVM_CPUID_FEATURES && reg == R_EDX) {
-ret |= 1U << KVM_HINTS_DEDICATED;
+ret |= 1U << KVM_HINTS_REALTIME;
 found = 1;
 }
 
-- 
2.17.0

[Qemu-devel] [PATCH 3/6] scripts/update-linux-headers: Handle kernel license no longer being one file

[Peter Maydell]

The kernel has changed its license documentation, so instead of COPYING
being a stand-alone file that defines the license, it refers to various
other files under LICENSES/. This means we need to copy not just COPYING
but also these other files to our copy of the kernel headers.

Signed-off-by: Peter Maydell 
---
We could copy the whole of LICENSES/ but that seems like overkill.
---
 scripts/update-linux-headers.sh | 14 ++
 1 file changed, 14 insertions(+)

diff --git a/scripts/update-linux-headers.sh b/scripts/update-linux-headers.sh
index 1fe54f8ab1..feb75390aa 100755
--- a/scripts/update-linux-headers.sh
+++ b/scripts/update-linux-headers.sh
@@ -142,6 +142,20 @@ else
 cp "$linux/COPYING" "$output/linux-headers"
 fi
 
+# Recent kernel sources split the copyright/license info into multiple
+# files, which we need to copy. This set of licenses is the set that
+# are referred to by SPDX lines in the headers we currently copy.
+# We don't copy the Documentation/process/license-rules.rst which
+# is also referred to by COPYING, since it's explanatory rather than license.
+if [ -d "$linux/LICENSES" ]; then
+mkdir -p "$output/linux-headers/LICENSES/preferred" \
+ "$output/linux-headers/LICENSES/exceptions"
+for l in preferred/GPL-2.0 preferred/BSD-2-Clause preferred/BSD-3-Clause \
+ exceptions/Linux-syscall-note; do
+cp "$linux/LICENSES/$l" "$output/linux-headers/LICENSES/$l"
+done
+fi
+
 cat <$output/linux-headers/linux/virtio_config.h
 #include "standard-headers/linux/virtio_config.h"
 EOF
-- 
2.17.0

[Qemu-devel] [PATCH 6/6] target/i386/kvm.c: Remove compatibility shim for KVM_HINTS_REALTIME

[Peter Maydell]

Now we've updated our copy of the kernel headers we can remove the
compatibility shim that handled KVM_HINTS_REALTIME not being defined.

Signed-off-by: Peter Maydell 
---
 target/i386/kvm.c | 5 -
 1 file changed, 5 deletions(-)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index c2699f2f44..a36d986522 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -48,11 +48,6 @@
 #include "exec/memattrs.h"
 #include "trace.h"
 
-/* Work around this kernel header constant changing its name */
-#ifndef KVM_HINTS_REALTIME
-#define KVM_HINTS_REALTIME KVM_HINTS_DEDICATED
-#endif
-
 //#define DEBUG_KVM
 
 #ifdef DEBUG_KVM
-- 
2.17.0

[Qemu-devel] [PATCH 5/6] Update Linux headers to 4.17-rc6

[Peter Maydell]

Update our copy of the Linux headers to upstream 4.17-rc6
(kernel commit 771c577c23bac90597c68).

Signed-off-by: Peter Maydell 
---
 include/standard-headers/asm-x86/hyperv.h |   1 -
 include/standard-headers/asm-x86/kvm_para.h   |   2 +-
 include/standard-headers/linux/ethtool.h  |  36 +-
 include/standard-headers/linux/input.h|   4 +-
 include/standard-headers/linux/pci_regs.h |   7 +-
 .../standard-headers/linux/virtio_balloon.h   |  15 +
 include/standard-headers/linux/virtio_gpu.h   |   1 -
 .../standard-headers/rdma/vmw_pvrdma-abi.h|  49 +--
 linux-headers/asm-arm/kvm.h   |  15 +
 linux-headers/asm-arm64/kvm.h |   6 +
 linux-headers/asm-x86/hyperv.h|   1 -
 linux-headers/asm-x86/kvm.h   |  19 +-
 linux-headers/linux/kvm.h |  30 +-
 linux-headers/linux/vfio.h|  27 ++
 linux-headers/COPYING | 358 +-
 .../LICENSES/exceptions/Linux-syscall-note|  25 ++
 linux-headers/LICENSES/preferred/BSD-2-Clause |  32 ++
 linux-headers/LICENSES/preferred/BSD-3-Clause |  36 ++
 .../{COPYING => LICENSES/preferred/GPL-2.0}   |  27 +-
 19 files changed, 287 insertions(+), 404 deletions(-)
 delete mode 100644 include/standard-headers/asm-x86/hyperv.h
 delete mode 100644 linux-headers/asm-x86/hyperv.h
 create mode 100644 linux-headers/LICENSES/exceptions/Linux-syscall-note
 create mode 100644 linux-headers/LICENSES/preferred/BSD-2-Clause
 create mode 100644 linux-headers/LICENSES/preferred/BSD-3-Clause
 copy linux-headers/{COPYING => LICENSES/preferred/GPL-2.0} (96%)

diff --git a/include/standard-headers/asm-x86/hyperv.h 
b/include/standard-headers/asm-x86/hyperv.h
deleted file mode 100644
index ce87d0c344..00
--- a/include/standard-headers/asm-x86/hyperv.h
+++ /dev/null
@@ -1 +0,0 @@
-/* this is a temporary placeholder until kvm_para.h stops including it 
*/
diff --git a/include/standard-headers/asm-x86/kvm_para.h 
b/include/standard-headers/asm-x86/kvm_para.h
index 53a85ae3ed..1617c84b0d 100644
--- a/include/standard-headers/asm-x86/kvm_para.h
+++ b/include/standard-headers/asm-x86/kvm_para.h
@@ -29,7 +29,7 @@
 #define KVM_FEATURE_PV_TLB_FLUSH   9
 #define KVM_FEATURE_ASYNC_PF_VMEXIT10
 
-#define KVM_HINTS_DEDICATED  0
+#define KVM_HINTS_REALTIME  0
 
 /* The last 8 bits are used to indicate how to interpret the flags field
  * in pvclock structure. If no bits are set, all flags are ignored.
diff --git a/include/standard-headers/linux/ethtool.h 
b/include/standard-headers/linux/ethtool.h
index 94aacb7adf..eb10c075e4 100644
--- a/include/standard-headers/linux/ethtool.h
+++ b/include/standard-headers/linux/ethtool.h
@@ -217,10 +217,14 @@ struct ethtool_value {
uint32_tdata;
 };
 
+#define PFC_STORM_PREVENTION_AUTO  0x
+#define PFC_STORM_PREVENTION_DISABLE   0
+
 enum tunable_id {
ETHTOOL_ID_UNSPEC,
ETHTOOL_RX_COPYBREAK,
ETHTOOL_TX_COPYBREAK,
+   ETHTOOL_PFC_PREVENTION_TOUT, /* timeout in msecs */
/*
 * Add your fresh new tubale attribute above and remember to update
 * tunable_strings[] in net/core/ethtool.c
@@ -914,12 +918,15 @@ static inline uint64_t 
ethtool_get_flow_spec_ring_vf(uint64_t ring_cookie)
  * @flow_type: Type of flow to be affected, e.g. %TCP_V4_FLOW
  * @data: Command-dependent value
  * @fs: Flow classification rule
+ * @rss_context: RSS context to be affected
  * @rule_cnt: Number of rules to be affected
  * @rule_locs: Array of used rule locations
  *
  * For %ETHTOOL_GRXFH and %ETHTOOL_SRXFH, @data is a bitmask indicating
  * the fields included in the flow hash, e.g. %RXH_IP_SRC.  The following
- * structure fields must not be used.
+ * structure fields must not be used, except that if @flow_type includes
+ * the %FLOW_RSS flag, then @rss_context determines which RSS context to
+ * act on.
  *
  * For %ETHTOOL_GRXRINGS, @data is set to the number of RX rings/queues
  * on return.
@@ -931,7 +938,9 @@ static inline uint64_t 
ethtool_get_flow_spec_ring_vf(uint64_t ring_cookie)
  * set in @data then special location values should not be used.
  *
  * For %ETHTOOL_GRXCLSRULE, @fs.@location specifies the location of an
- * existing rule on entry and @fs contains the rule on return.
+ * existing rule on entry and @fs contains the rule on return; if
+ * @fs.@flow_type includes the %FLOW_RSS flag, then @rss_context is
+ * filled with the RSS context ID associated with the rule.
  *
  * For %ETHTOOL_GRXCLSRLALL, @rule_cnt specifies the array size of the
  * user buffer for @rule_locs on entry.  On return, @data is the size
@@ -942,7 +951,11 @@ static inline uint64_t 
ethtool_get_flow_spec_ring_vf(uint64_t ring_cookie)
  * For %ETHTOOL_SRXCLSRLINS, @fs specifies the rule to add or update.
  * @fs.@location either specifies the location to use or is a special
  * location value with %RX_CLS_LOC_SPECIAL flag set.  On return,
- * @fs.@loca

[Qemu-devel] [PULL 2/2] migration: use g_free for ram load bitmap

[Juan Quintela]

From: Peter Xu 

Buffers allocated with bitmap_new() should be freed with g_free().

Both reported by Coverity:

*** CID 1391300:  API usage errors  (ALLOC_FREE_MISMATCH)
/migration/ram.c: 3517 in ram_dirty_bitmap_reload()
3511  * the last one to sync, we need to notify the main send thread.
3512  */
3513 ram_dirty_bitmap_reload_notify(s);
3514
3515 ret = 0;
3516 out:
>>> CID 1391300:  API usage errors  (ALLOC_FREE_MISMATCH)
>>> Calling "free" frees "le_bitmap" using "free" but it should have been 
>>> freed using "g_free".
3517 free(le_bitmap);
3518 return ret;
3519 }
3520
3521 static int ram_resume_prepare(MigrationState *s, void *opaque)
3522 {

*** CID 1391292:  API usage errors  (ALLOC_FREE_MISMATCH)
/migration/ram.c: 249 in ramblock_recv_bitmap_send()
243  * Mark as an end, in case the middle part is screwed up due to
244  * some "misterious" reason.
245  */
246 qemu_put_be64(file, RAMBLOCK_RECV_BITMAP_ENDING);
247 qemu_fflush(file);
248
>>> CID 1391292:  API usage errors  (ALLOC_FREE_MISMATCH)
>>> Calling "free" frees "le_bitmap" using "free" but it should have been 
>>> freed using "g_free".
249 free(le_bitmap);
250
251 if (qemu_file_get_error(file)) {
252 return qemu_file_get_error(file);
253 }
254

Signed-off-by: Peter Xu 
Reviewed-by: Juan Quintela 
Message-Id: <20180525015042.31778-1-pet...@redhat.com>
Signed-off-by: Juan Quintela 
---
 migration/ram.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/migration/ram.c b/migration/ram.c
index 5bcbf7a9f9..c53e8369a3 100644
--- a/migration/ram.c
+++ b/migration/ram.c
@@ -246,7 +246,7 @@ int64_t ramblock_recv_bitmap_send(QEMUFile *file,
 qemu_put_be64(file, RAMBLOCK_RECV_BITMAP_ENDING);
 qemu_fflush(file);
 
-free(le_bitmap);
+g_free(le_bitmap);
 
 if (qemu_file_get_error(file)) {
 return qemu_file_get_error(file);
@@ -3514,7 +3514,7 @@ int ram_dirty_bitmap_reload(MigrationState *s, RAMBlock 
*block)
 
 ret = 0;
 out:
-free(le_bitmap);
+g_free(le_bitmap);
 return ret;
 }
 
-- 
2.17.0

[Qemu-devel] [PULL 1/2] migration: fix exec/fd migrations

[Juan Quintela]

Commit:

commit 36c2f8be2c4eb0003ac77a14910842b7ddd7337e
Author: Juan Quintela 
Date:   Wed Mar 7 08:40:52 2018 +0100

migration: Delay start of migration main routines

Missed tcp and fd transports.  This fix its.

Reported-by: Kevin Wolf 
Signed-off-by: Juan Quintela 
Tested-by: Kevin Wolf 
Message-Id: <20180523091411.1073-1-quint...@redhat.com>
Signed-off-by: Juan Quintela 
---
 migration/exec.c | 4 
 migration/fd.c   | 4 
 2 files changed, 8 insertions(+)

diff --git a/migration/exec.c b/migration/exec.c
index 9d0f82f1f0..0bbeb63c97 100644
--- a/migration/exec.c
+++ b/migration/exec.c
@@ -20,6 +20,7 @@
 #include "qemu/osdep.h"
 #include "channel.h"
 #include "exec.h"
+#include "migration.h"
 #include "io/channel-command.h"
 #include "trace.h"
 
@@ -48,6 +49,9 @@ static gboolean exec_accept_incoming_migration(QIOChannel 
*ioc,
 {
 migration_channel_process_incoming(ioc);
 object_unref(OBJECT(ioc));
+if (!migrate_use_multifd()) {
+migration_incoming_process();
+}
 return G_SOURCE_REMOVE;
 }
 
diff --git a/migration/fd.c b/migration/fd.c
index 9a380bbbc4..fee34ffdc0 100644
--- a/migration/fd.c
+++ b/migration/fd.c
@@ -17,6 +17,7 @@
 #include "qemu/osdep.h"
 #include "channel.h"
 #include "fd.h"
+#include "migration.h"
 #include "monitor/monitor.h"
 #include "io/channel-util.h"
 #include "trace.h"
@@ -48,6 +49,9 @@ static gboolean fd_accept_incoming_migration(QIOChannel *ioc,
 {
 migration_channel_process_incoming(ioc);
 object_unref(OBJECT(ioc));
+if (!migrate_use_multifd()) {
+migration_incoming_process();
+}
 return G_SOURCE_REMOVE;
 }
 
-- 
2.17.0

[Qemu-devel] [PULL 0/2] Migration pull

[Juan Quintela]

Hi

this pull:
- fix iotests problems
- add a fix for coverity.

Apply, please.

The following changes since commit 5a5c383b1373aeb6c87a0d6060f6c3dc7c53082b:

  Merge remote-tracking branch 
'remotes/vivier2/tags/linux-user-for-2.13-pull-request' into staging 
(2018-05-25 10:04:36 +0100)

are available in the Git repository at:

  git://github.com/juanquintela/qemu.git tags/migration/20180525

for you to fetch changes up to bf269906f5b225a04825b2bce4364bfe1d50:

  migration: use g_free for ram load bitmap (2018-05-25 15:29:48 +0200)


migration/next for 20180525


Juan Quintela (1):
  migration: fix exec/fd migrations

Peter Xu (1):
  migration: use g_free for ram load bitmap

 migration/exec.c | 4 
 migration/fd.c   | 4 
 migration/ram.c  | 4 ++--
 3 files changed, 10 insertions(+), 2 deletions(-)

[Qemu-devel] [PATCH v5 05/49] configure: allow user to specify --cross-cc-cflags-foo=

[Alex Bennée]

As an individual compiler may be able to support several targets with
the appropriate flags we need to expose this to the user as well.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
v3
  - fix up the cross-cc
v4
  - add --help text
  - sort cross_cc_foo lines
---
 configure | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/configure b/configure
index e51033d680..48a3675a6b 100755
--- a/configure
+++ b/configure
@@ -459,10 +459,14 @@ docker="no"
 
 # cross compilers defaults, can be overridden with --cross-cc-ARCH
 cross_cc_aarch64="aarch64-linux-gnu-gcc"
+cross_cc_aarch64_be="$cross_cc_aarch64"
+cross_cc_cflags_aarch64_be="-mbig-endian"
 cross_cc_arm="arm-linux-gnueabihf-gcc"
+cross_cc_cflags_armeb="-mbig-endian"
 cross_cc_i386="i386-pc-linux-gnu-gcc"
 cross_cc_cflags_i386=""
 cross_cc_powerpc="powerpc-linux-gnu-gcc"
+cross_cc_powerpc="powerpc-linux-gnu-gcc"
 
 enabled_cross_compilers=""
 
@@ -498,6 +502,9 @@ for opt do
   ;;
   --cross-cc-*[!a-zA-Z0-9_-]*=*) error_exit "Passed bad --cross-cc-FOO option"
   ;;
+  --cross-cc-cflags-*) cc_arch=${opt#--cross-cc-flags-}; cc_arch=${cc_arch%%=*}
+  eval "cross_cc_cflags_${cc_arch}=\$optarg"
+  ;;
   --cross-cc-*) cc_arch=${opt#--cross-cc-}; cc_arch=${cc_arch%%=*}
 eval "cross_cc_${cc_arch}=\$optarg"
   ;;
@@ -1527,6 +1534,7 @@ Advanced options (experts only):
   --extra-cxxflags=CXXFLAGS append extra C++ compiler flags QEMU_CXXFLAGS
   --extra-ldflags=LDFLAGS  append extra linker flags LDFLAGS
   --cross-cc-ARCH=CC   use compiler when building ARCH guest test cases
+  --cross-cc-flags-ARCH=   use compiler flags when building ARCH guest tests
   --make=MAKE  use specified make [$make]
   --install=INSTALLuse specified install [$install]
   --python=PYTHON  use specified python [$python]
@@ -6873,6 +6881,7 @@ case "$target_name" in
 mttcg="yes"
 gdb_xml_files="arm-core.xml arm-vfp.xml arm-vfp3.xml arm-neon.xml"
 target_compiler=$cross_cc_arm
+eval "target_compiler_cflags=\$cross_cc_cflags_${target_name}"
   ;;
   aarch64|aarch64_be)
 TARGET_ARCH=aarch64
@@ -6881,6 +6890,7 @@ case "$target_name" in
 mttcg="yes"
 gdb_xml_files="aarch64-core.xml aarch64-fpu.xml arm-core.xml arm-vfp.xml 
arm-vfp3.xml arm-neon.xml"
 target_compiler=$cross_cc_aarch64
+eval "target_compiler_cflags=\$cross_cc_cflags_${target_name}"
   ;;
   cris)
 target_compiler=$cross_cc_cris
-- 
2.17.0

[Qemu-devel] [PATCH v5 06/49] configure: set cross_cc_FOO for host compiler

[Alex Bennée]

We can build tests for the host system with the compiler that we have
selected.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 configure | 14 +-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/configure b/configure
index 48a3675a6b..cc375abe15 100755
--- a/configure
+++ b/configure
@@ -1431,26 +1431,38 @@ case "$cpu" in
 ppc)
CPU_CFLAGS="-m32"
LDFLAGS="-m32 $LDFLAGS"
+   cross_cc_powerpc=$cc
+   cross_cc_cflags_powerpc=$CPU_CFLAGS
;;
 ppc64)
CPU_CFLAGS="-m64"
LDFLAGS="-m64 $LDFLAGS"
+   cross_cc_ppc64=$cc
+   cross_cc_cflags_ppc64=$CPU_CFLAGS
;;
 sparc)
CPU_CFLAGS="-m32 -mv8plus -mcpu=ultrasparc"
LDFLAGS="-m32 -mv8plus $LDFLAGS"
+   cross_cc_sparc=$cc
+   cross_cc_cflags_sparc=$CPU_CFLAGS
;;
 sparc64)
CPU_CFLAGS="-m64 -mcpu=ultrasparc"
LDFLAGS="-m64 $LDFLAGS"
+   cross_cc_sparc64=$cc
+   cross_cc_cflags_sparc64=$CPU_CFLAGS
;;
 s390)
CPU_CFLAGS="-m31"
LDFLAGS="-m31 $LDFLAGS"
+   cross_cc_s390=$cc
+   cross_cc_cflags_s390=$CPU_CFLAGS
;;
 s390x)
CPU_CFLAGS="-m64"
LDFLAGS="-m64 $LDFLAGS"
+   cross_cc_s390x=$cc
+   cross_cc_cflags_s390x=$CPU_CFLAGS
;;
 i386)
CPU_CFLAGS="-m32"
@@ -1471,7 +1483,7 @@ case "$cpu" in
CPU_CFLAGS="-mx32"
LDFLAGS="-mx32 $LDFLAGS"
cross_cc_i386=$cc
-   cross_cc_cflags_i386="-m32"
+   cross_cc_cflags_i386=$CPU_CFLAGS
;;
 # No special flags required for other host CPUs
 esac
-- 
2.17.0

[Qemu-devel] [PATCH v5 01/49] docker: add "probe" command for configure

[Alex Bennée]

This is a helper function for the configure script. It replies yes,
sudo or no to inform the user if non-interactive docker support is
available. We trap the Exception to fail gracefully.

Signed-off-by: Alex Bennée 
Reviewed-by: Fam Zheng 
---
 tests/docker/docker.py | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index 1246ba9578..f8267586eb 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -390,6 +390,24 @@ class ImagesCommand(SubCommand):
 def run(self, args, argv):
 return Docker().command("images", argv, args.quiet)
 
+
+class ProbeCommand(SubCommand):
+"""Probe if we can run docker automatically"""
+name = "probe"
+
+def run(self, args, argv):
+try:
+docker = Docker()
+if docker._command[0] == "docker":
+print "yes"
+elif docker._command[0] == "sudo":
+print "sudo"
+except Exception:
+print "no"
+
+return
+
+
 def main():
 parser = argparse.ArgumentParser(description="A Docker helper",
 usage="%s  ..." % os.path.basename(sys.argv[0]))
-- 
2.17.0

[Qemu-devel] [PATCH v5 03/49] configure: add support for --cross-cc-FOO

[Alex Bennée]

This allows us to specify cross compilers for our guests. This is
useful for building test images/programs. Currently we re-run the
compile test for each target. I couldn't think of a way to cache the
value for a given arch without getting messier configure code.

The cross compiler for the guest is visible to each target as
CROSS_CC_GUEST in config-target.mak.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
v3
  - --cross-cc-*[!a-zA-Z0-9_-]*=*) error_exit...
  - --cross-cc-*) cc_arch=${opt#--cross-cc-}; cc_arch=${cc_arch%%=*}
  - add remaining target_compiler definitions
v4
  - also set cross_cc_$cpu=$host_cc
  - try a non-static build if static fails
  - use write_c_skeleton
  - add doc string in help
---
 configure | 92 +++
 1 file changed, 92 insertions(+)

diff --git a/configure b/configure
index 2e10956cfc..931725d870 100755
--- a/configure
+++ b/configure
@@ -458,6 +458,13 @@ vxhs=""
 libxml2=""
 docker="no"
 
+# cross compilers defaults, can be overridden with --cross-cc-ARCH
+cross_cc_aarch64="aarch64-linux-gnu-gcc"
+cross_cc_arm="arm-linux-gnueabihf-gcc"
+cross_cc_powerpc="powerpc-linux-gnu-gcc"
+
+enabled_cross_compilers=""
+
 supported_cpu="no"
 supported_os="no"
 bogus_os="no"
@@ -488,6 +495,11 @@ for opt do
   ;;
   --disable-debug-info) debug_info="no"
   ;;
+  --cross-cc-*[!a-zA-Z0-9_-]*=*) error_exit "Passed bad --cross-cc-FOO option"
+  ;;
+  --cross-cc-*) cc_arch=${opt#--cross-cc-}; cc_arch=${cc_arch%%=*}
+eval "cross_cc_${cc_arch}=\$optarg"
+  ;;
   esac
 done
 # OS specific
@@ -676,30 +688,37 @@ case "$cpu" in
   ppc|ppc64|s390|s390x|sparc64|x32)
 cpu="$cpu"
 supported_cpu="yes"
+eval "cross_cc_${cpu}=\$host_cc"
   ;;
   i386|i486|i586|i686|i86pc|BePC)
 cpu="i386"
 supported_cpu="yes"
+cross_cc_i386=$host_cc
   ;;
   x86_64|amd64)
 cpu="x86_64"
 supported_cpu="yes"
+cross_cc_x86_64=$host_cc
   ;;
   armv*b|armv*l|arm)
 cpu="arm"
 supported_cpu="yes"
+cross_cc_arm=$host_cc
   ;;
   aarch64)
 cpu="aarch64"
 supported_cpu="yes"
+cross_cc_aarch64=$host_cc
   ;;
   mips*)
 cpu="mips"
 supported_cpu="yes"
+cross_cc_mips=$host_cc
   ;;
   sparc|sun4[cdmuv])
 cpu="sparc"
 supported_cpu="yes"
+cross_cc_sparc=$host_cc
   ;;
   *)
 # This will result in either an error or falling back to TCI later
@@ -917,6 +936,8 @@ for opt do
   ;;
   --disable-debug-info)
   ;;
+  --cross-cc-*)
+  ;;
   --enable-modules)
   modules="yes"
   ;;
@@ -1501,6 +1522,7 @@ Advanced options (experts only):
   --extra-cflags=CFLAGSappend extra C compiler flags QEMU_CFLAGS
   --extra-cxxflags=CXXFLAGS append extra C++ compiler flags QEMU_CXXFLAGS
   --extra-ldflags=LDFLAGS  append extra linker flags LDFLAGS
+  --cross-cc-ARCH=CC   use compiler when building ARCH guest test cases
   --make=MAKE  use specified make [$make]
   --install=INSTALLuse specified install [$install]
   --python=PYTHON  use specified python [$python]
@@ -6811,6 +6833,9 @@ case "$target" in
 ;;
 esac
 
+target_compiler=""
+target_compiler_static=""
+
 mkdir -p $target_dir
 echo "# Automatically generated by configure - do not modify" > 
$config_target_mak
 
@@ -6826,19 +6851,23 @@ TARGET_ABI_DIR=""
 case "$target_name" in
   i386)
 gdb_xml_files="i386-32bit.xml i386-32bit-core.xml i386-32bit-sse.xml"
+target_compiler=$cross_cc_i386
   ;;
   x86_64)
 TARGET_BASE_ARCH=i386
 gdb_xml_files="i386-64bit.xml i386-64bit-core.xml i386-64bit-sse.xml"
+target_compiler=$cross_cc_x86_64
   ;;
   alpha)
 mttcg="yes"
+target_compiler=$cross_cc_alpha
   ;;
   arm|armeb)
 TARGET_ARCH=arm
 bflt="yes"
 mttcg="yes"
 gdb_xml_files="arm-core.xml arm-vfp.xml arm-vfp3.xml arm-neon.xml"
+target_compiler=$cross_cc_arm
   ;;
   aarch64|aarch64_be)
 TARGET_ARCH=aarch64
@@ -6846,58 +6875,73 @@ case "$target_name" in
 bflt="yes"
 mttcg="yes"
 gdb_xml_files="aarch64-core.xml aarch64-fpu.xml arm-core.xml arm-vfp.xml 
arm-vfp3.xml arm-neon.xml"
+target_compiler=$cross_cc_aarch64
   ;;
   cris)
+target_compiler=$cross_cc_cris
   ;;
   hppa)
 mttcg="yes"
+target_compiler=$cross_cc_hppa
   ;;
   lm32)
+target_compiler=$cross_cc_lm32
   ;;
   m68k)
 bflt="yes"
 gdb_xml_files="cf-core.xml cf-fp.xml m68k-fp.xml"
+target_compiler=$cross_cc_m68k
   ;;
   microblaze|microblazeel)
 TARGET_ARCH=microblaze
 bflt="yes"
+target_compiler=$cross_cc_microblaze
   ;;
   mips|mipsel)
 TARGET_ARCH=mips
+target_compiler=$cross_cc_mips
 echo "TARGET_ABI_MIPSO32=y" >> $config_target_mak
   ;;
   mipsn32|mipsn32el)
 TARGET_ARCH=mips64
 TARGET_BASE_ARCH=mips
+target_compiler=$cross_cc_mipsn32
 echo "TARGET_ABI_MIPSN32=y" >> $config_target_mak
 echo "TARGET_ABI32=y" >> $config_target_mak
   ;;
   mips64|mips64el)
 TARGET_ARCH=mips64
 TARGET_BASE_ARC

[Qemu-devel] [PATCH v5 04/49] configure: move i386_cc to cross_cc_i386

[Alex Bennée]

Also dont assume x86_64 compiler can build i386 binaries.

Signed-off-by: Alex Bennée 
Tested-by: Philippe Mathieu-Daudé 
Reviewed-by: Richard Henderson 
---
v2
  - drop using system x86_64 compiler for i386 compiles
v3
  - fix cross_cc_i386 when on i386
v4
  - fix merge conflicts
  - sort cross_cc defines
---
 configure | 24 +---
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/configure b/configure
index 931725d870..e51033d680 100755
--- a/configure
+++ b/configure
@@ -289,7 +289,6 @@ libs_softmmu=""
 libs_tools=""
 audio_pt_int=""
 audio_win_int=""
-cc_i386=i386-pc-linux-gnu-gcc
 libs_qga=""
 debug_info="yes"
 stack_protector=""
@@ -461,6 +460,8 @@ docker="no"
 # cross compilers defaults, can be overridden with --cross-cc-ARCH
 cross_cc_aarch64="aarch64-linux-gnu-gcc"
 cross_cc_arm="arm-linux-gnueabihf-gcc"
+cross_cc_i386="i386-pc-linux-gnu-gcc"
+cross_cc_cflags_i386=""
 cross_cc_powerpc="powerpc-linux-gnu-gcc"
 
 enabled_cross_compilers=""
@@ -1447,7 +1448,8 @@ case "$cpu" in
 i386)
CPU_CFLAGS="-m32"
LDFLAGS="-m32 $LDFLAGS"
-   cc_i386='$(CC) -m32'
+   cross_cc_i386=$cc
+   cross_cc_cflags_i386=$CPU_CFLAGS
;;
 x86_64)
# ??? Only extremely old AMD cpus do not have cmpxchg16b.
@@ -1455,12 +1457,14 @@ case "$cpu" in
# runtime and generate the fallback to serial emulation.
CPU_CFLAGS="-m64 -mcx16"
LDFLAGS="-m64 $LDFLAGS"
-   cc_i386='$(CC) -m32'
+   cross_cc_x86_64=$cc
+   cross_cc_cflags_x86_64=$CPU_CFLAGS
;;
 x32)
CPU_CFLAGS="-mx32"
LDFLAGS="-mx32 $LDFLAGS"
-   cc_i386='$(CC) -m32'
+   cross_cc_i386=$cc
+   cross_cc_cflags_i386="-m32"
;;
 # No special flags required for other host CPUs
 esac
@@ -6714,7 +6718,6 @@ echo "CC=$cc" >> $config_host_mak
 if $iasl -h > /dev/null 2>&1; then
   echo "IASL=$iasl" >> $config_host_mak
 fi
-echo "CC_I386=$cc_i386" >> $config_host_mak
 echo "HOST_CC=$host_cc" >> $config_host_mak
 echo "CXX=$cxx" >> $config_host_mak
 echo "OBJCC=$objcc" >> $config_host_mak
@@ -6835,6 +6838,7 @@ esac
 
 target_compiler=""
 target_compiler_static=""
+target_compiler_cflags=""
 
 mkdir -p $target_dir
 echo "# Automatically generated by configure - do not modify" > 
$config_target_mak
@@ -6852,6 +6856,7 @@ case "$target_name" in
   i386)
 gdb_xml_files="i386-32bit.xml i386-32bit-core.xml i386-32bit-sse.xml"
 target_compiler=$cross_cc_i386
+target_compiler_cflags=$cross_cc_ccflags_i386
   ;;
   x86_64)
 TARGET_BASE_ARCH=i386
@@ -7023,9 +7028,9 @@ if has $target_compiler; then
 
 write_c_skeleton
 
-if ! do_compiler $target_compiler -o $TMPE $TMPC -static ; then
+if ! do_compiler $target_compiler $target_compiler_cflags -o $TMPE $TMPC 
-static ; then
 # For host systems we might get away with building without -static
-if ! do_compiler $target_compiler -o $TMPE $TMPC ; then
+if ! do_compiler $target_compiler $target_compiler_cflags -o $TMPE 
$TMPC ; then
 target_compiler=""
 else
 enabled_cross_compilers="${enabled_cross_compilers} 
${target_compiler}"
@@ -7118,8 +7123,13 @@ if test -n "$target_compiler"; then
   if test -n "$target_compiler_static"; then
   echo "CROSS_CC_GUEST_STATIC=$target_compiler_static" >> 
$config_target_mak
   fi
+
+  if test -n "$target_compiler_cflags"; then
+  echo "CROSS_CC_GUEST_CFLAGS=$target_compiler_cflags" >> 
$config_target_mak
+  fi
 fi
 
+
 # generate QEMU_CFLAGS/LDFLAGS for targets
 
 cflags=""
-- 
2.17.0

[Qemu-devel] [PATCH v5 02/49] configure: add test for docker availability

[Alex Bennée]

This tests for a working docker installation without sudo and sets up
config-host.mak accordingly. This will be useful from cross compiling
things in the future.

Signed-off-by: Alex Bennée 
Reviewed-by: Richard Henderson 
---
 configure | 17 +
 1 file changed, 17 insertions(+)

diff --git a/configure b/configure
index a8498ab393..2e10956cfc 100755
--- a/configure
+++ b/configure
@@ -456,6 +456,7 @@ jemalloc="no"
 replication="yes"
 vxhs=""
 libxml2=""
+docker="no"
 
 supported_cpu="no"
 supported_os="no"
@@ -5444,6 +5445,17 @@ EOF
   fi
 fi
 
+##
+# Docker and cross-compiler support
+#
+# This is specifically for building test
+# cases for foreign architectures, not
+# cross-compiling QEMU itself.
+
+if has "docker"; then
+docker=$($python $source_path/tests/docker/docker.py probe)
+fi
+
 ##
 # End of CC checks
 # After here, no more $cc or $ld runs
@@ -5907,6 +5919,7 @@ echo "avx2 optimization $avx2_opt"
 echo "replication support $replication"
 echo "VxHS block device $vxhs"
 echo "capstone  $capstone"
+echo "docker$docker"
 
 if test "$sdl_too_old" = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -6731,6 +6744,10 @@ if test "$gcov" = "yes" ; then
   echo "GCOV=$gcov_tool" >> $config_host_mak
 fi
 
+if test "$docker" != "no"; then
+echo "HAVE_USER_DOCKER=y" >> $config_host_mak
+fi
+
 # use included Linux headers
 if test "$linux" = "yes" ; then
   mkdir -p linux-headers
-- 
2.17.0

[Qemu-devel] [PATCH v5 11/49] docker: Makefile.include introduce DOCKER_SCRIPT

[Alex Bennée]

Define this in one place to make it easy to re-use.

Signed-off-by: Alex Bennée 
Reviewed-by: Philippe Mathieu-Daudé 
---
 tests/docker/Makefile.include | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index ef1a3e62eb..b56386f49e 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -14,6 +14,8 @@ DOCKER_TESTS := $(notdir $(shell \
 
 DOCKER_TOOLS := travis
 
+DOCKER_SCRIPT=$(SRC_PATH)/tests/docker/docker.py
+
 TESTS ?= %
 IMAGES ?= %
 
@@ -37,7 +39,7 @@ docker-image-%: $(DOCKER_FILES_DIR)/%.docker
echo WARNING: EXECUTABLE is not set, debootstrap may fail. 2>&1 
; \
fi
$(call quiet-command,\
-   $(SRC_PATH)/tests/docker/docker.py build qemu:$* $< \
+   $(DOCKER_SCRIPT) build qemu:$* $< \
$(if $V,,--quiet) $(if $(NOCACHE),--no-cache) \
$(if $(NOUSER),,--add-current-user) \
$(if $(EXTRA_FILES),--extra-files $(EXTRA_FILES))\
@@ -129,11 +131,11 @@ docker-run: docker-qemu-src
fi
$(if $(EXECUTABLE), \
$(call quiet-command,   \
-   $(SRC_PATH)/tests/docker/docker.py update   \
+   $(DOCKER_SCRIPT) update \
$(IMAGE) $(EXECUTABLE), \
"  COPYING $(EXECUTABLE) to $(IMAGE)"))
$(call quiet-command,   \
-   $(SRC_PATH)/tests/docker/docker.py run  \
+   $(DOCKER_SCRIPT) run\
$(if $(NOUSER),,-u $(shell id -u))  \
--security-opt seccomp=unconfined   \
$(if $V,,--rm)  \
@@ -163,4 +165,4 @@ docker-run-%:
@$(MAKE) docker-run TEST=$(CMD) IMAGE=qemu:$(IMAGE)
 
 docker-clean:
-   $(call quiet-command, $(SRC_PATH)/tests/docker/docker.py clean)
+   $(call quiet-command, $(DOCKER_SCRIPT) clean)
-- 
2.17.0